二、dm-crypt分析
dm-crypt是dm构架中用于块设备加密的模块。dm-crypt通过dm虚拟一个块设备,并在bio转发的时候将数据加密后存储来实现块设备的加密,而这些对于应用层是透明的。dm-crypt的target_type定义如下:
staticstructtarget_type crypt_target = {
.name ="crypt",
.version = {1, 7, 0},
.module = THIS_MODULE,
.ctr = crypt_ctr,
.dtr = crypt_dtr,
.map = crypt_map,
.status = crypt_status,
.postsuspend = crypt_postsuspend,
.preresume = crypt_preresume,
.resume = crypt_resume,
.message = crypt_message,
.merge = crypt_merge,
.iterate_devices = crypt_iterate_devices,
};
这里重点分析ctr和map函数。ctr决定了设备的创建过程、也决定了与密码算法的关联过程;map决定了bio转发,也决定了对密码算法调用的步骤。设备创建和bio转发在前文中已经讲过。这里重点分析与密码算法的关联。
2.1 创建密码算法实例
crypt_ctr函数的代码很长,我贴在这里,一般情况下就没必要展开了。
staticintcrypt_ctr(structdm_target *ti, unsignedintargc,char**argv)
{
structcrypt_config *cc;
structcrypto_ablkcipher *tfm;
char*tmp;
char*cipher;
char*chainmode;
char*ivmode;
char*ivopts;
unsignedintkey_size;
unsignedlonglongtmpll;
if(argc != 5) {
ti->error ="Not enough arguments";
return-EINVAL;
}
tmp = argv[0];
cipher = strsep(&tmp,"-");
chainmode = strsep(&tmp,"-");
ivopts = strsep(&tmp,"-");
ivmode = strsep(&ivopts,":");
if(tmp)
DMWARN("Unexpected additional cipher options");
key_size = strlen(argv[1]) >> 1;
cc = kzalloc(sizeof(*cc) + key_size *sizeof(u8), GFP_KERNEL);
if(cc ==