[131] in The Cryptographic File System users list
Re: Deleted .pvect files!
daemon@ATHENA.MIT.EDU (Matt Blaze)
Thu Apr 29 10:06:04 1999
From owner-cfs-users@nsa.research.att.com Thu Apr 29 14:06:03 1999
Return-Path: <owner-cfs-users@nsa.research.att.com>
Delivered-To: cfs-mtg@bloom-picayune.mit.edu
Received: (qmail 11863 invoked from network); 29 Apr 1999 14:06:02 -0000
Received: from unknown (HELO mail-blue.research.att.com) (135.207.30.102)
by bloom-picayune.mit.edu with SMTP; 29 Apr 1999 14:06:02 -0000
Received: from amontillado.research.att.com (amontillado.research.att.com [135.207.24.32])
by mail-blue.research.att.com (Postfix) with ESMTP
id A289F4CE2D; Thu, 29 Apr 1999 10:06:02 -0400 (EDT)
Received: from nsa.research.att.com (majordomo@nsa.research.att.com [135.207.24.155])
by amontillado.research.att.com (8.8.7/8.8.7) with ESMTP id KAA16281;
Thu, 29 Apr 1999 10:06:00 -0400 (EDT)
Received: (from majordomo@localhost) by nsa.research.att.com (8.7.3/8.7.3) id KAA06523 for cfs-users-list; Thu, 29 Apr 1999 10:06:32 -0400 (EDT)
X-Authentication-Warning: nsa.research.att.com: majordomo set sender to owner-cfs-users@nsa.research.att.com using -f
Received: from nsa.research.att.com (mab@localhost.research.att.com [127.0.0.1]) by nsa.research.att.com (8.7.3/8.7.3) with ESMTP id KAA06517; Thu, 29 Apr 1999 10:06:30 -0400 (EDT)
Message-Id: <199904291406.KAA06517@nsa.research.att.com>
To: heckers@mail.suntrix.com
Cc: cfs-users@nsa.research.att.com
Subject: Re: Deleted .pvect files!
In-reply-to: Your message of "Thu, 29 Apr 1999 09:24:16 EDT."
<19990429132420.2750D4CE25@mail-blue.research.att.com>
Date: Thu, 29 Apr 1999 10:06:30 -0400
From: Matt Blaze <mab@research.att.com>
Sender: owner-cfs-users@research.att.com
Precedence: bulk
Return-Path: <owner-cfs-users@nsa.research.att.com>
>I ran a program to delete all the dangling symlinks on my system but I
>forgot all about the .pvect files is the CFS directory. Now I can't
>access the data stored on my encrypted filesystem! The file names are
>there, but their contents are garbage. Is there any way I can restore
>the .pvect files?
>
Well, this isn't as much of a disaster as you might think it is, if
you still have all the files on the original filesystem that they were
created under (if the original inode numbers and ctimes are still in place.
The .pvect* files basically have a "whitening" string that is xored with
each cipherblock before encryption, to make different files that have the
same data encrypt to different ciphertexts, like an IV for each block.
Fortunately for your situation, there is nothing secret about the
.pvect IV; it is based entirely on a simple DES hash of the inode number
and ctime of the file at the time it was originally created. This
information is probably still preserved in the underlying filesystem,
unless you've restored from backup or gotten a new disk since you've
created the files (the .pvect file is a separate file to allow you do
do this).
Anyway, the code that creates the .pvect link is found in cfs_fh.c:
sprintf(linkname,"%s/.pvect_%s",p->name,comp);
if (!rs) {
...
buf.i[0]=(u_long)sb.st_ino;
buf.i[1]=(u_long)sb.st_ctime;
q_block_cipher("fixedkey",&buf,1);
/* des is just used here as a hash fn to spread the bits */
/* since we only use 32 bits of the result, its a nonperfect */
/* hash. but this doesn't really matter since collisions */
/* are rare. we could save all 64 bits, but the encoding */
/* of the link would get messy and large */
sprintf(vect,"%02x%02x%02x%02x",
buf.ch[0],buf.ch[1],buf.ch[2],buf.ch[3]);
if (symlink(vect,linkname) != 0) {
strcpy(linkname,"/NOWHERE/null");
bcopy((char *)zerovect,(char *)vect,8);
}
...
The .pvect data is stored as a symlink, which is an efficiency hack.
It would be fairly easy to write a program to restore .pvects, although
I don't have the time to do this any time soon.
Hope this is of some help...
-matt
