Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 222 lines (192 sloc) 8.157 kb
fff72185 »
2011-05-13 Initial commit of current state
1 /*
dedd95ca »
2011-05-17 major refactoring, bugfixes
2 * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>.
3 * All rights reserved.
fff72185 »
2011-05-13 Initial commit of current state
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
19 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
22 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
26 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 */
adacd75b »
2011-07-03 shuffle things around, cleanup
29
1af29c17 »
2011-07-03 rename tc-play => tcplay
30 /* Version of tcplay */
adacd75b »
2011-07-03 shuffle things around, cleanup
31 #define MAJ_VER 0
92f96b88 »
2011-07-22 make blksz agnostic, fix volume size
32 #define MIN_VER 9
adacd75b »
2011-07-03 shuffle things around, cleanup
33
34
fa29c842 »
2011-05-13 refactoring in preparation for hidden vol support
35 #define MAX_BLKSZ 4096
2dc9cd0b »
2011-05-16 WIP! - support for creating TC volumes
36 #define MAX_KEYSZ 192
fa29c842 »
2011-05-13 refactoring in preparation for hidden vol support
37 #define HDRSZ 512
38 #define HDR_OFFSET_SYS 31744 /* 512 * (63 -1) */
39 #define TC_SIG "TRUE"
40 #define MAX_PASSSZ 64
41 #define KPOOL_SZ 64
42 #define MAX_KFILE_SZ 1048576 /* 1 MB */
43 #define MAX_KEYFILES 256
44 #define HDR_OFFSET_HIDDEN 65536
2dc9cd0b »
2011-05-16 WIP! - support for creating TC volumes
45 #define SALT_LEN 64
92f96b88 »
2011-07-22 make blksz agnostic, fix volume size
46 #define VOL_RSVD_BYTES_START (256*512) /* Reserved bytes at vol. start */
47 #define VOL_RSVD_BYTES_END (256*512) /* Reserved bytes at vol. end */
48 #define MIN_VOL_BYTES (VOL_RSVD_BYTES_START + VOL_RSVD_BYTES_END)
49
6ee09f35 »
2011-07-02 half-baked cascaded cipher support
50 #define MAX_CIPHER_CHAINS 64
94d9e910 »
2011-07-03 major refactoring (move out info & map)
51 #define DEFAULT_RETRIES 3
69686eb7 »
2011-07-03 improve secure_erase speed; add SIGINFO support
52 #define ERASE_BUFFER_SIZE 4*1024*1024 /* 4 MB */
fa29c842 »
2011-05-13 refactoring in preparation for hidden vol support
53
54 /* TrueCrypt Volume flags */
55 #define TC_VOLFLAG_SYSTEM 0x01 /* system encryption */
56 #define TC_VOLFLAG_INPLACE 0x02 /* non-system in-place-encrypted volume */
57
05bf0a1b »
2011-07-03 Start C API work
58 #define LOG_BUFFER_SZ 1024
b66934b1 »
2011-07-02 restore default of debug off
59 #if 0
a250434c »
2011-07-02 almost-baked cascaded cipher support
60 #define DEBUG 1
61 #endif
6ee09f35 »
2011-07-02 half-baked cascaded cipher support
62
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
63 #include <inttypes.h>
64
65 #if defined(__DragonFly__)
dedd95ca »
2011-05-17 major refactoring, bugfixes
66 #include <uuid.h>
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
67 #elif defined(__linux__)
68 #include <uuid/uuid.h>
69 #endif
fff72185 »
2011-05-13 Initial commit of current state
70
71 struct pbkdf_prf_algo {
0c6d6a0b »
2011-07-03 big warning cleanup
72 const char *name;
fff72185 »
2011-05-13 Initial commit of current state
73 int iteration_count;
74 };
75
76 struct tc_crypto_algo {
0c6d6a0b »
2011-07-03 big warning cleanup
77 const char *name;
78 const char *dm_crypt_str;
fff72185 »
2011-05-13 Initial commit of current state
79 int klen;
80 int ivlen;
81 };
82
6ee09f35 »
2011-07-02 half-baked cascaded cipher support
83 struct tc_cipher_chain {
84 struct tc_crypto_algo *cipher;
85 unsigned char *key;
a250434c »
2011-07-02 almost-baked cascaded cipher support
86 char dm_key[MAX_KEYSZ*2 + 1];
6ee09f35 »
2011-07-02 half-baked cascaded cipher support
87
88 struct tc_cipher_chain *prev;
89 struct tc_cipher_chain *next;
90 };
91
fff72185 »
2011-05-13 Initial commit of current state
92 struct tchdr_enc {
2dc9cd0b »
2011-05-16 WIP! - support for creating TC volumes
93 unsigned char salt[SALT_LEN]; /* Salt for PBKDF */
fff72185 »
2011-05-13 Initial commit of current state
94 unsigned char enc[448]; /* Encrypted part of the header */
95 } __attribute__((__packed__));
96
97 struct tchdr_dec {
98 char tc_str[4]; /* ASCII string "TRUE" */
99 uint16_t tc_ver; /* Volume header format version */
100 uint16_t tc_min_ver;
101 uint32_t crc_keys; /* CRC32 of the key section */
102 uint64_t vol_ctime; /* Volume creation time */
103 uint64_t hdr_ctime; /* Header creation time */
104 uint64_t sz_hidvol; /* Size of hidden volume (set to zero
105 in non-hidden volumes) */
106 uint64_t sz_vol; /* Size of volume */
107 uint64_t off_mk_scope; /* Byte offset of the start of the
108 master key scope */
109 uint64_t sz_mk_scope; /* Size of the encrypted area within
110 the master key scope */
111 uint32_t flags; /* Flag bits
112 (bit 0: system encryption;
113 bit 1: non-system in-place-encrypted volume;
114 bits 2–31 are reserved) */
115 uint32_t sec_sz; /* Sector size (in bytes) */
116 unsigned char unused3[120];
117 uint32_t crc_dhdr; /* CRC32 of dec. header (except keys) */
118 unsigned char keys[256];
119 } __attribute__((__packed__));
120
121 struct tcplay_info {
122 const char *dev;
123 struct tchdr_dec *hdr;
6ee09f35 »
2011-07-02 half-baked cascaded cipher support
124 struct tc_cipher_chain *cipher_chain;
fff72185 »
2011-05-13 Initial commit of current state
125 struct pbkdf_prf_algo *pbkdf_prf;
a250434c »
2011-07-02 almost-baked cascaded cipher support
126 char key[MAX_KEYSZ*2 + 1];
fff72185 »
2011-05-13 Initial commit of current state
127 off_t start; /* Logical volume offset in table */
128 size_t size; /* Volume size */
129
130 off_t skip; /* IV offset */
131 off_t offset; /* Block offset */
132
133 /* Populated by dm_setup */
134 uuid_t uuid;
135 };
136
dedd95ca »
2011-05-17 major refactoring, bugfixes
137 void *read_to_safe_mem(const char *file, off_t offset, size_t *sz);
138 int get_random(unsigned char *buf, size_t len);
139 int secure_erase(const char *dev, size_t bytes, size_t blksz);
140 int get_disk_info(const char *dev, size_t *blocks, size_t *bsize);
92f96b88 »
2011-07-22 make blksz agnostic, fix volume size
141 int write_to_disk(const char *dev, off_t offset, size_t blksz, void *mem,
142 size_t bytes);
46f7fdbe »
2011-07-11 add prompt timeout support
143 int read_passphrase(const char *prompt, char *pass, size_t passlen,
144 time_t timeout);
fff72185 »
2011-05-13 Initial commit of current state
145
dedd95ca »
2011-05-17 major refactoring, bugfixes
146 int tc_crypto_init(void);
a250434c »
2011-07-02 almost-baked cascaded cipher support
147 int tc_cipher_chain_populate_keys(struct tc_cipher_chain *cipher_chain,
148 unsigned char *key);
8e1782ad »
2011-07-22 make memory deallocation less lazy; ...
149 int tc_cipher_chain_free_keys(struct tc_cipher_chain *cipher_chain);
6ee09f35 »
2011-07-02 half-baked cascaded cipher support
150 int tc_encrypt(struct tc_cipher_chain *cipher_chain, unsigned char *key,
31d65e4e »
2011-07-02 Improve support for different cipher methods
151 unsigned char *iv,
dedd95ca »
2011-05-17 major refactoring, bugfixes
152 unsigned char *in, int in_len, unsigned char *out);
6ee09f35 »
2011-07-02 half-baked cascaded cipher support
153 int tc_decrypt(struct tc_cipher_chain *cipher_chain, unsigned char *key,
31d65e4e »
2011-07-02 Improve support for different cipher methods
154 unsigned char *iv,
dedd95ca »
2011-05-17 major refactoring, bugfixes
155 unsigned char *in, int in_len, unsigned char *out);
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
156
157 /* The following two are platform dependent */
158 int syscrypt(struct tc_crypto_algo *cipher, unsigned char *key, size_t klen,
159 unsigned char *iv, unsigned char *in, unsigned char *out, size_t len,
160 int do_encrypt);
161 int pbkdf2(struct pbkdf_prf_algo *hash, const char *pass, int passlen,
162 const unsigned char *salt, int saltlen,
163 int keylen, unsigned char *out);
164
dedd95ca »
2011-05-17 major refactoring, bugfixes
165 int apply_keyfiles(unsigned char *pass, size_t pass_memsz, const char *keyfiles[],
166 int nkeyfiles);
167
168 struct tchdr_enc *create_hdr(unsigned char *pass, int passlen,
6ee09f35 »
2011-07-02 half-baked cascaded cipher support
169 struct pbkdf_prf_algo *prf_algo, struct tc_cipher_chain *cipher_chain,
dedd95ca »
2011-05-17 major refactoring, bugfixes
170 size_t sec_sz, size_t total_blocks,
8e1782ad »
2011-07-22 make memory deallocation less lazy; ...
171 off_t offset, size_t blocks, int hidden,
172 struct tchdr_enc **backup_hdr);
6ee09f35 »
2011-07-02 half-baked cascaded cipher support
173 struct tchdr_dec *decrypt_hdr(struct tchdr_enc *ehdr,
174 struct tc_cipher_chain *cipher_chain, unsigned char *key);
dedd95ca »
2011-05-17 major refactoring, bugfixes
175 int verify_hdr(struct tchdr_dec *hdr);
176
177 void *_alloc_safe_mem(size_t req_sz, const char *file, int line);
178 void _free_safe_mem(void *mem, const char *file, int line);
179 void check_and_purge_safe_mem(void);
180
0c6d6a0b »
2011-07-03 big warning cleanup
181 struct tc_crypto_algo *check_cipher(const char *cipher, int quiet);
05bf0a1b »
2011-07-03 Start C API work
182 struct tc_cipher_chain *check_cipher_chain(char *cipher_chain, int quiet);
183 struct pbkdf_prf_algo *check_prf_algo(char *algo, int quiet);
adacd75b »
2011-07-03 shuffle things around, cleanup
184
2e3a80cc »
2011-07-08 several minor fixes/cleanups
185 int tc_play_init(void);
0c6d6a0b »
2011-07-03 big warning cleanup
186 void tc_log(int err, const char *fmt, ...);
adacd75b »
2011-07-03 shuffle things around, cleanup
187 void print_info(struct tcplay_info *info);
188 int adjust_info(struct tcplay_info *info, struct tcplay_info *hinfo);
189 int process_hdr(const char *dev, unsigned char *pass, int passlen,
190 struct tchdr_enc *ehdr, struct tcplay_info **pinfo);
191 int create_volume(const char *dev, int hidden, const char *keyfiles[],
192 int nkeyfiles, const char *h_keyfiles[], int n_hkeyfiles,
05bf0a1b »
2011-07-03 Start C API work
193 struct pbkdf_prf_algo *prf_algo, struct tc_cipher_chain *cipher_chain,
c4608da1 »
2011-07-10 bugfix, support for different cipher for hidden vol
194 struct pbkdf_prf_algo *h_prf_algo, struct tc_cipher_chain *h_cipher_chain,
92f96b88 »
2011-07-22 make blksz agnostic, fix volume size
195 char *passphrase, char *h_passphrase, size_t hidden_bytes_in,
05bf0a1b »
2011-07-03 Start C API work
196 int interactive);
94d9e910 »
2011-07-03 major refactoring (move out info & map)
197 int info_volume(const char *device, int sflag, const char *sys_dev,
198 int protect_hidden, const char *keyfiles[], int nkeyfiles,
199 const char *h_keyfiles[], int n_hkeyfiles,
46f7fdbe »
2011-07-11 add prompt timeout support
200 char *passphrase, char *passphrase_hidden, int interactive, int retries,
201 time_t timeout);
94d9e910 »
2011-07-03 major refactoring (move out info & map)
202 int map_volume(const char *map_name, const char *device, int sflag,
203 const char *sys_dev, int protect_hidden, const char *keyfiles[],
204 int nkeyfiles, const char *h_keyfiles[], int n_hkeyfiles,
46f7fdbe »
2011-07-11 add prompt timeout support
205 char *passphrase, char *passphrase_hidden, int interactive, int retries,
206 time_t timeout);
adacd75b »
2011-07-03 shuffle things around, cleanup
207 int dm_setup(const char *mapname, struct tcplay_info *info);
1c225dfa »
2011-07-12 proper support for unmapping
208 int dm_teardown(const char *mapname, const char *device);
adacd75b »
2011-07-03 shuffle things around, cleanup
209
69686eb7 »
2011-07-03 improve secure_erase speed; add SIGINFO support
210 typedef void(*summary_fn_t)(void);
211
05bf0a1b »
2011-07-03 Start C API work
212 extern int tc_internal_verbose;
213 extern char tc_internal_log_buffer[];
69686eb7 »
2011-07-03 improve secure_erase speed; add SIGINFO support
214 extern summary_fn_t summary_fn;
05bf0a1b »
2011-07-03 Start C API work
215
dedd95ca »
2011-05-17 major refactoring, bugfixes
216 #define alloc_safe_mem(x) \
217 _alloc_safe_mem(x, __FILE__, __LINE__)
218
219 #define free_safe_mem(x) \
220 _free_safe_mem(x, __FILE__, __LINE__)
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
221
222 #define __unused __attribute__((__unused__))
Something went wrong with that request. Please try again.