Fetching latest commit…
Cannot retrieve the latest commit at this time
|Failed to load latest commit information.|
*NOTE* This code is *EXPERIMENTAL*, use it at your own risk! This is a free (BSD-licensed) TrueCrypt implementation. It is based solely on the documentation available on the TrueCrypt website, many hours of trial and error and the output of the Linux' TrueCrypt client. As it turns out, most technical documents on TrueCrypt contains mistakes, hence the trial and error approach :) Some notable differences between actual implementation and documentation: - PBKDF using RIPEMD160 only uses 2000 iterations if the volume isn't a system volume. - The keyfile pool is not XOR'ed with the passphrase but modulo-8 summed. - Every field *except* the minimum version field of the volume header are in big endian. - Some volume header fields (creation time of volume and header) are missing in the documentation. - All two-way cipher cascades are the wrong way round in the documentation, but all three-way cipher cascades are correct. It is designed for DragonFly BSD, but would work, with minor changes, on any OS with device mapper and dm-crypt. This is also the reason for the dependency on libprop, since the DragonFly libdevmapper uses libprop. One of the main bits that would need porting is the crypto.c or crypto-dev.c implementation; for Linux a reasonable approach would be to create a crypto-gcrypt.c that uses libgcrypt instead of a mix of OpenSSL and cryptodev(9). Another thing requiring porting are bits and pieces in io.c; mainly the get_disk_info function needs to be adapted to the system. Depending on whether your system has urandom, random and tty in /dev or not, other changes may be required, too. Some of the endianess macros in hdr.c might need to be changed if you don't have be32toh, htobe32, etc. The implementation in crypto.c is not very useful right now; it's just a proof of concept of how to use OpenSSL to do the crypto and hashing, but since the current OpenSSL version doesn't support XTS mode, and the coming versions will only support AES-XTS, it is not for real use. DragonFly BSD uses the hybrid OpenSSL + cryptodev(9) approach that can be found in crypto-dev.c. OpenSSL is only used for the hash/pbkdf2. The encryption/decryption is performed via cryptodev(9) with enabled cryptosoft. This implementation supports mapping (opening) both system and normal TrueCrypt volumes, as well as opening hidden volumes and opening an outer volume while protecting a hidden volume. Support for creating volume was only recently added and has not been tested yet. It is highly experimental.