Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 346 lines (286 sloc) 11.456 kb
fff7218 @bwalex Initial commit of current state
authored
1 /*
dedd95c @bwalex major refactoring, bugfixes
authored
2 * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>.
3 * All rights reserved.
fff7218 @bwalex Initial commit of current state
authored
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
19 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
22 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
26 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 */
adacd75 @bwalex shuffle things around, cleanup
authored
29
d89e6c3 @bwalex Makefile cleanup, CHANGELOG update
authored
30 /* Version of tcplay specified during build (CMakeLists.txt, Makefile.classic) */
adacd75 @bwalex shuffle things around, cleanup
authored
31
e9be54f @bwalex second pass API changes, first tests
authored
32 #ifndef _TCPLAY_H
33 #define _TCPLAY_H
adacd75 @bwalex shuffle things around, cleanup
authored
34
fa29c84 @bwalex refactoring in preparation for hidden vol support
authored
35 #define MAX_BLKSZ 4096
2dc9cd0 @bwalex WIP! - support for creating TC volumes
authored
36 #define MAX_KEYSZ 192
fa29c84 @bwalex refactoring in preparation for hidden vol support
authored
37 #define HDRSZ 512
38 #define HDR_OFFSET_SYS 31744 /* 512 * (63 -1) */
39 #define TC_SIG "TRUE"
40 #define MAX_PASSSZ 64
43b054a @bwalex handle 64-character limitation on passphrase correctly
authored
41 #define PASS_BUFSZ 256
fa29c84 @bwalex refactoring in preparation for hidden vol support
authored
42 #define KPOOL_SZ 64
43 #define MAX_KFILE_SZ 1048576 /* 1 MB */
44 #define MAX_KEYFILES 256
45 #define HDR_OFFSET_HIDDEN 65536
e6ed339 @bwalex write backup headers; add some user feedback
authored
46 #define BACKUP_HDR_HIDDEN_OFFSET_END 65536
47 #define BACKUP_HDR_OFFSET_END 131072
2dc9cd0 @bwalex WIP! - support for creating TC volumes
authored
48 #define SALT_LEN 64
92f96b8 @bwalex make blksz agnostic, fix volume size
authored
49 #define VOL_RSVD_BYTES_START (256*512) /* Reserved bytes at vol. start */
50 #define VOL_RSVD_BYTES_END (256*512) /* Reserved bytes at vol. end */
51 #define MIN_VOL_BYTES (VOL_RSVD_BYTES_START + VOL_RSVD_BYTES_END)
52
6ee09f3 @bwalex half-baked cascaded cipher support
authored
53 #define MAX_CIPHER_CHAINS 64
94d9e91 @bwalex major refactoring (move out info & map)
authored
54 #define DEFAULT_RETRIES 3
69686eb @bwalex improve secure_erase speed; add SIGINFO support
authored
55 #define ERASE_BUFFER_SIZE 4*1024*1024 /* 4 MB */
fa29c84 @bwalex refactoring in preparation for hidden vol support
authored
56
57 /* TrueCrypt Volume flags */
58 #define TC_VOLFLAG_SYSTEM 0x01 /* system encryption */
59 #define TC_VOLFLAG_INPLACE 0x02 /* non-system in-place-encrypted volume */
60
d06f599 @bwalex Implement FDE support
authored
61 #define TC_VOLFLAG_SET(f, x) ((f & TC_VOLFLAG_##x) == TC_VOLFLAG_##x)
62
05bf0a1 @bwalex Start C API work
authored
63 #define LOG_BUFFER_SZ 1024
b66934b @bwalex restore default of debug off
authored
64 #if 0
a250434 @bwalex almost-baked cascaded cipher support
authored
65 #define DEBUG 1
66 #endif
6ee09f3 @bwalex half-baked cascaded cipher support
authored
67
d06f599 @bwalex Implement FDE support
authored
68 #define TC_FLAG_SYS 0x0001
69 #define TC_FLAG_FDE 0x0002
96b0d9d @bwalex add support to info/map vols using backup hdrs
authored
70 #define TC_FLAG_BACKUP 0x0004
b573746 @bwalex "modify" command, part 1/2
authored
71 #define TC_FLAG_ONLY_RESTORE 0x0008
8afa0ba @bwalex Enable trim/discards support
authored
72 #define TC_FLAG_ALLOW_TRIM 0x0010
52539bf @bwalex First-pass implementation of header *files* (cmdline only!)
authored
73 #define TC_FLAG_SAVE_TO_FILE 0x0020
74 #define TC_FLAG_HDR_FROM_FILE 0x0040
75 #define TC_FLAG_H_HDR_FROM_FILE 0x0080
d06f599 @bwalex Implement FDE support
authored
76
77 #define TC_FLAG_SET(f, x) ((f & TC_FLAG_##x) == TC_FLAG_##x)
78
4e3b831 @bwalex Implement cmdline --info-mapped
authored
79 #include <limits.h>
34165ed @bwalex first step to porting to linux; can be broken :)
authored
80 #include <inttypes.h>
81
82 #if defined(__DragonFly__)
dedd95c @bwalex major refactoring, bugfixes
authored
83 #include <uuid.h>
34165ed @bwalex first step to porting to linux; can be broken :)
authored
84 #elif defined(__linux__)
85 #include <uuid/uuid.h>
86 #endif
fff7218 @bwalex Initial commit of current state
authored
87
7446a5e @bwalex use internal disksz_t instead of size_t for large block/byte sizes
authored
88
89 typedef uint64_t disksz_t;
90 #define DISKSZ_FMT PRIu64
91
92
fff7218 @bwalex Initial commit of current state
authored
93 struct pbkdf_prf_algo {
0c6d6a0 @bwalex big warning cleanup
authored
94 const char *name;
fff7218 @bwalex Initial commit of current state
authored
95 int iteration_count;
96 };
97
98 struct tc_crypto_algo {
0c6d6a0 @bwalex big warning cleanup
authored
99 const char *name;
100 const char *dm_crypt_str;
fff7218 @bwalex Initial commit of current state
authored
101 int klen;
102 int ivlen;
103 };
104
6ee09f3 @bwalex half-baked cascaded cipher support
authored
105 struct tc_cipher_chain {
106 struct tc_crypto_algo *cipher;
107 unsigned char *key;
a250434 @bwalex almost-baked cascaded cipher support
authored
108 char dm_key[MAX_KEYSZ*2 + 1];
6ee09f3 @bwalex half-baked cascaded cipher support
authored
109
110 struct tc_cipher_chain *prev;
111 struct tc_cipher_chain *next;
112 };
113
fff7218 @bwalex Initial commit of current state
authored
114 struct tchdr_enc {
2dc9cd0 @bwalex WIP! - support for creating TC volumes
authored
115 unsigned char salt[SALT_LEN]; /* Salt for PBKDF */
fff7218 @bwalex Initial commit of current state
authored
116 unsigned char enc[448]; /* Encrypted part of the header */
117 } __attribute__((__packed__));
118
119 struct tchdr_dec {
120 char tc_str[4]; /* ASCII string "TRUE" */
121 uint16_t tc_ver; /* Volume header format version */
122 uint16_t tc_min_ver;
123 uint32_t crc_keys; /* CRC32 of the key section */
124 uint64_t vol_ctime; /* Volume creation time */
125 uint64_t hdr_ctime; /* Header creation time */
d06f599 @bwalex Implement FDE support
authored
126 uint64_t sz_hidvol; /* Size of hidden volume (set to zero
127 in non-hidden volumes) */
128 uint64_t sz_vol; /* Size of volume */
129 uint64_t off_mk_scope; /* Byte offset of the start of the
130 master key scope */
131 uint64_t sz_mk_scope; /* Size of the encrypted area within
132 the master key scope */
133 uint32_t flags; /* Flag bits
134 (bit 0: system encryption;
135 bit 1: non-system in-place-encrypted volume;
136 bits 2–31 are reserved) */
137 uint32_t sec_sz; /* Sector size (in bytes) */
fff7218 @bwalex Initial commit of current state
authored
138 unsigned char unused3[120];
139 uint32_t crc_dhdr; /* CRC32 of dec. header (except keys) */
140 unsigned char keys[256];
141 } __attribute__((__packed__));
142
143 struct tcplay_info {
4e3b831 @bwalex Implement cmdline --info-mapped
authored
144 char dev[PATH_MAX];
fff7218 @bwalex Initial commit of current state
authored
145 struct tchdr_dec *hdr;
6ee09f3 @bwalex half-baked cascaded cipher support
authored
146 struct tc_cipher_chain *cipher_chain;
fff7218 @bwalex Initial commit of current state
authored
147 struct pbkdf_prf_algo *pbkdf_prf;
a250434 @bwalex almost-baked cascaded cipher support
authored
148 char key[MAX_KEYSZ*2 + 1];
d06f599 @bwalex Implement FDE support
authored
149
150 int flags;
151 int volflags;
152
cf654c2 @bwalex (hopefully) fix mapping for 4k sector size disks and volumes
authored
153 uint32_t blk_sz;
fff7218 @bwalex Initial commit of current state
authored
154
cf654c2 @bwalex (hopefully) fix mapping for 4k sector size disks and volumes
authored
155 off_t start; /* Logical volume offset in table (in blk_sz blocks) */
156 disksz_t size; /* Volume size (in blk_sz blocks) */
157
158 off_t skip; /* IV offset (in blk_sz blocks) */
159 off_t offset; /* Block offset (in blk_sz blocks) */
fff7218 @bwalex Initial commit of current state
authored
160
161 /* Populated by dm_setup */
162 uuid_t uuid;
b573746 @bwalex "modify" command, part 1/2
authored
163
164 int hidden;
fff7218 @bwalex Initial commit of current state
authored
165 };
166
cf654c2 @bwalex (hopefully) fix mapping for 4k sector size disks and volumes
authored
167 #define INFO_TO_DM_BLOCKS(info, memb) \
168 (((info)->memb * (uint64_t)((info)->blk_sz))/512)
169
4e3b831 @bwalex Implement cmdline --info-mapped
authored
170 struct tcplay_dm_table {
171 char device[PATH_MAX]; /* Underlying device */
172 char target[256]; /* DM Target type */
173 off_t start; /* Logical volume offset in table */
7446a5e @bwalex use internal disksz_t instead of size_t for large block/byte sizes
authored
174 disksz_t size; /* Volume size */
4e3b831 @bwalex Implement cmdline --info-mapped
authored
175
176 char cipher[256]; /* Cipher */
177 off_t skip; /* IV offset */
178 off_t offset; /* Block offset */
179 };
180
75dfea0 @bwalex first pass refactoring
authored
181
e989614 @bwalex new API - add back error function; throw in new state change callback
authored
182 typedef int (*tc_state_change_fn)(void *, const char *, int);
75dfea0 @bwalex first pass refactoring
authored
183
184 struct tcplay_opts {
185 /* (Mostly) common options */
186 const char *dev;
187 const char *keyfiles[MAX_KEYFILES];
188 int nkeyfiles;
189 const char *h_keyfiles[MAX_KEYFILES];
190 int n_hkeyfiles;
191 struct pbkdf_prf_algo *prf_algo;
192 struct tc_cipher_chain *cipher_chain;
193 struct pbkdf_prf_algo *h_prf_algo;
194 struct tc_cipher_chain *h_cipher_chain;
195 const char *passphrase;
196 const char *h_passphrase;
197 int interactive;
198 int weak_keys_and_salt;
199
200 /* Options for create */
201 int hidden;
202 disksz_t hidden_size_bytes;
203 int secure_erase; /* XXX: default to 1! */
204
205 /* Options for map, info_mapped */
206 const char *map_name;
207
208 /* Options for info, map, modify */
209 int flags;
210 const char *sys_dev;
211 int protect_hidden;
212 int retries; /* XXX: default to DEFAULT_RETRIES */
213 time_t timeout;
214
215 const char *hdr_file_in;
216 const char *h_hdr_file_in;
217
218 /* Options for modify only */
219 struct pbkdf_prf_algo *new_prf_algo;
220 const char *new_passphrase;
221 const char *hdr_file_out;
222 const char *new_keyfiles[MAX_KEYFILES];
223 int n_newkeyfiles;
e989614 @bwalex new API - add back error function; throw in new state change callback
authored
224
225 void *api_ctx;
226 tc_state_change_fn state_change_fn;
75dfea0 @bwalex first pass refactoring
authored
227 };
228
229
230 struct tcplay_opts *opts_init(void);
231 int opts_add_keyfile(struct tcplay_opts *opts, const char *keyfile);
232 int opts_add_keyfile_hidden(struct tcplay_opts *opts, const char *keyfile);
233 int opts_add_keyfile_new(struct tcplay_opts *opts, const char *keyfile);
234 void opts_free(struct tcplay_opts *opts);
e9be54f @bwalex second pass API changes, first tests
authored
235 void opts_clear_keyfile(struct tcplay_opts *opts);
236 void opts_clear_keyfile_hidden(struct tcplay_opts *opts);
237 void opts_clear_keyfile_new(struct tcplay_opts *opts);
75dfea0 @bwalex first pass refactoring
authored
238
dedd95c @bwalex major refactoring, bugfixes
authored
239 void *read_to_safe_mem(const char *file, off_t offset, size_t *sz);
f58f194 @bwalex Add option to use urandom for key material
authored
240 int get_random(unsigned char *buf, size_t len, int weak);
7446a5e @bwalex use internal disksz_t instead of size_t for large block/byte sizes
authored
241 int secure_erase(const char *dev, disksz_t bytes, size_t blksz);
242 int get_disk_info(const char *dev, disksz_t *blocks, size_t *bsize);
92f96b8 @bwalex make blksz agnostic, fix volume size
authored
243 int write_to_disk(const char *dev, off_t offset, size_t blksz, void *mem,
244 size_t bytes);
52539bf @bwalex First-pass implementation of header *files* (cmdline only!)
authored
245 int write_to_file(const char *file, void *mem, size_t bytes);
46f7fdb @bwalex add prompt timeout support
authored
246 int read_passphrase(const char *prompt, char *pass, size_t passlen,
43b054a @bwalex handle 64-character limitation on passphrase correctly
authored
247 size_t bufsz, time_t timeout);
5889d4d @bwalex misc fixup
authored
248 float get_random_read_progress(void);
249 float get_secure_erase_progress(void);
250
fff7218 @bwalex Initial commit of current state
authored
251
dedd95c @bwalex major refactoring, bugfixes
authored
252 int tc_crypto_init(void);
a250434 @bwalex almost-baked cascaded cipher support
authored
253 int tc_cipher_chain_populate_keys(struct tc_cipher_chain *cipher_chain,
254 unsigned char *key);
8e1782a @bwalex make memory deallocation less lazy; ...
authored
255 int tc_cipher_chain_free_keys(struct tc_cipher_chain *cipher_chain);
6ee09f3 @bwalex half-baked cascaded cipher support
authored
256 int tc_encrypt(struct tc_cipher_chain *cipher_chain, unsigned char *key,
31d65e4 @bwalex Improve support for different cipher methods
authored
257 unsigned char *iv,
dedd95c @bwalex major refactoring, bugfixes
authored
258 unsigned char *in, int in_len, unsigned char *out);
6ee09f3 @bwalex half-baked cascaded cipher support
authored
259 int tc_decrypt(struct tc_cipher_chain *cipher_chain, unsigned char *key,
31d65e4 @bwalex Improve support for different cipher methods
authored
260 unsigned char *iv,
dedd95c @bwalex major refactoring, bugfixes
authored
261 unsigned char *in, int in_len, unsigned char *out);
65808bd @bwalex separate out bits; implement gcrypt backend
authored
262
263 /* The following two are platform dependent */
264 int syscrypt(struct tc_crypto_algo *cipher, unsigned char *key, size_t klen,
265 unsigned char *iv, unsigned char *in, unsigned char *out, size_t len,
266 int do_encrypt);
267 int pbkdf2(struct pbkdf_prf_algo *hash, const char *pass, int passlen,
268 const unsigned char *salt, int saltlen,
269 int keylen, unsigned char *out);
270
dedd95c @bwalex major refactoring, bugfixes
authored
271 int apply_keyfiles(unsigned char *pass, size_t pass_memsz, const char *keyfiles[],
272 int nkeyfiles);
273
274 struct tchdr_enc *create_hdr(unsigned char *pass, int passlen,
6ee09f3 @bwalex half-baked cascaded cipher support
authored
275 struct pbkdf_prf_algo *prf_algo, struct tc_cipher_chain *cipher_chain,
7446a5e @bwalex use internal disksz_t instead of size_t for large block/byte sizes
authored
276 size_t sec_sz, disksz_t total_blocks,
277 off_t offset, disksz_t blocks, int hidden, int weak,
8e1782a @bwalex make memory deallocation less lazy; ...
authored
278 struct tchdr_enc **backup_hdr);
6ee09f3 @bwalex half-baked cascaded cipher support
authored
279 struct tchdr_dec *decrypt_hdr(struct tchdr_enc *ehdr,
280 struct tc_cipher_chain *cipher_chain, unsigned char *key);
dedd95c @bwalex major refactoring, bugfixes
authored
281 int verify_hdr(struct tchdr_dec *hdr);
b573746 @bwalex "modify" command, part 1/2
authored
282 struct tchdr_enc *copy_reencrypt_hdr(unsigned char *pass, int passlen,
283 struct pbkdf_prf_algo *prf_algo, int weak, struct tcplay_info *info,
284 struct tchdr_enc **backup_hdr);
dedd95c @bwalex major refactoring, bugfixes
authored
285
286 void *_alloc_safe_mem(size_t req_sz, const char *file, int line);
75dfea0 @bwalex first pass refactoring
authored
287 void *_strdup_safe_mem(const char *in, const char *file, int line);
dedd95c @bwalex major refactoring, bugfixes
authored
288 void _free_safe_mem(void *mem, const char *file, int line);
289 void check_and_purge_safe_mem(void);
290
0c6d6a0 @bwalex big warning cleanup
authored
291 struct tc_crypto_algo *check_cipher(const char *cipher, int quiet);
5172ce6 @bwalex sprinkle some const as appropriate, add include guard
authored
292 struct tc_cipher_chain *check_cipher_chain(const char *cipher_chain, int quiet);
293 struct pbkdf_prf_algo *check_prf_algo(const char *algo, int quiet);
adacd75 @bwalex shuffle things around, cleanup
authored
294
2e3a80c @bwalex several minor fixes/cleanups
authored
295 int tc_play_init(void);
0c6d6a0 @bwalex big warning cleanup
authored
296 void tc_log(int err, const char *fmt, ...);
4e3b831 @bwalex Implement cmdline --info-mapped
authored
297 int tc_cipher_chain_klen(struct tc_cipher_chain *chain);
4c121ce @bwalex tests & fixes for cipher/prf iterators
authored
298 int tc_cipher_chain_length(struct tc_cipher_chain *chain);
4e3b831 @bwalex Implement cmdline --info-mapped
authored
299 char *tc_cipher_chain_sprint(char *buf, size_t bufsz,
300 struct tc_cipher_chain *chain);
e9be54f @bwalex second pass API changes, first tests
authored
301 int free_info(struct tcplay_info *info);
adacd75 @bwalex shuffle things around, cleanup
authored
302 void print_info(struct tcplay_info *info);
303 int adjust_info(struct tcplay_info *info, struct tcplay_info *hinfo);
d06f599 @bwalex Implement FDE support
authored
304 int process_hdr(const char *dev, int flags, unsigned char *pass, int passlen,
adacd75 @bwalex shuffle things around, cleanup
authored
305 struct tchdr_enc *ehdr, struct tcplay_info **pinfo);
75dfea0 @bwalex first pass refactoring
authored
306 int create_volume(struct tcplay_opts *opts);
307 struct tcplay_info *info_map_common(struct tcplay_opts *opts,
308 char *passphrase_out);
309 int info_mapped_volume(struct tcplay_opts *opts);
310 int info_volume(struct tcplay_opts *opts);
311 int map_volume(struct tcplay_opts *opts);
312 int modify_volume(struct tcplay_opts *opts);
adacd75 @bwalex shuffle things around, cleanup
authored
313 int dm_setup(const char *mapname, struct tcplay_info *info);
1c225df @bwalex proper support for unmapping
authored
314 int dm_teardown(const char *mapname, const char *device);
4e3b831 @bwalex Implement cmdline --info-mapped
authored
315 struct tcplay_info *dm_info_map(const char *map_name);
adacd75 @bwalex shuffle things around, cleanup
authored
316
69686eb @bwalex improve secure_erase speed; add SIGINFO support
authored
317 typedef void(*summary_fn_t)(void);
318
05bf0a1 @bwalex Start C API work
authored
319 extern int tc_internal_verbose;
320 extern char tc_internal_log_buffer[];
69686eb @bwalex improve secure_erase speed; add SIGINFO support
authored
321 extern summary_fn_t summary_fn;
4c121ce @bwalex tests & fixes for cipher/prf iterators
authored
322 extern struct pbkdf_prf_algo pbkdf_prf_algos[];
323 extern struct tc_cipher_chain *tc_cipher_chains[MAX_CIPHER_CHAINS];
05bf0a1 @bwalex Start C API work
authored
324
5889d4d @bwalex misc fixup
authored
325 #define STATE_UNKNOWN 0
326 #define STATE_GET_RANDOM 1
327 #define STATE_ERASE 2
328
329 extern int tc_internal_state;
e9be54f @bwalex second pass API changes, first tests
authored
330 #ifndef __DECONST
331 #define __DECONST(type, var) ((type)(uintptr_t)(const void *)(var))
332 #endif
5889d4d @bwalex misc fixup
authored
333
dedd95c @bwalex major refactoring, bugfixes
authored
334 #define alloc_safe_mem(x) \
335 _alloc_safe_mem(x, __FILE__, __LINE__)
336
75dfea0 @bwalex first pass refactoring
authored
337 #define strdup_safe_mem(x) \
338 _strdup_safe_mem(x, __FILE__, __LINE__)
339
dedd95c @bwalex major refactoring, bugfixes
authored
340 #define free_safe_mem(x) \
e9be54f @bwalex second pass API changes, first tests
authored
341 _free_safe_mem(__DECONST(void *, x), __FILE__, __LINE__)
34165ed @bwalex first step to porting to linux; can be broken :)
authored
342
343 #define __unused __attribute__((__unused__))
e9be54f @bwalex second pass API changes, first tests
authored
344
345 #endif
Something went wrong with that request. Please try again.