lib/libtcplay/hdr.c

   1 /*
   2  * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>.
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  * 2. Redistributions in binary form must reproduce the above copyright
  12  *    notice, this list of conditions and the following disclaimer in
  13  *    the documentation and/or other materials provided with the
  14  *    distribution.
  15  *
  16  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  17  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  18  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  19  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
  20  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
  21  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
  22  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  23  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
  24  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  25  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  26  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  27  * SUCH DAMAGE.
  28  */
  29
  30 #include <sys/types.h>
  31
  32 #if defined(__DragonFly__)
  33 #include <sys/endian.h>
  34 #elif defined(__linux__)
  35 #include <endian.h>
  36 #endif
  37 #include <errno.h>
  38 #include <stdio.h>
  39 #include <stdlib.h>
  40 #include <inttypes.h>
  41 #include <string.h>
  42
  43 #include "crc32.h"
  44 #include "tcplay.h"
  45
  46 /* Endianess macros */
  47 #define BE_TO_HOST(n, v) v = be ## n ## toh(v)
  48 #define LE_TO_HOST(n, v) v = le ## n ## toh(v)
  49 #define HOST_TO_BE(n, v) v = htobe ## n (v)
  50 #define HOST_TO_LE(n, v) v = htole ## n (v)
  51
  52 struct tchdr_dec *
  53 decrypt_hdr(struct tchdr_enc *ehdr, struct tc_cipher_chain *cipher_chain,
  54     unsigned char *key)
  55 {
  56         struct tchdr_dec *dhdr;
  57         unsigned char iv[128];
  58         int error;
  59
  60         if ((dhdr = alloc_safe_mem(sizeof(struct tchdr_dec))) == NULL) {
  61                 tc_log(1, "Error allocating safe tchdr_dec memory\n");
  62                 return NULL;
  63         }
  64
  65         memset(iv, 0, sizeof(iv));
  66
  67         error = tc_decrypt(cipher_chain, key, iv, ehdr->enc,
  68             sizeof(struct tchdr_dec), (unsigned char *)dhdr);
  69         if (error) {
  70                 tc_log(1, "Header decryption failed\n");
  71                 free_safe_mem(dhdr);
  72                 return NULL;
  73         }
  74
  75         BE_TO_HOST(16, dhdr->tc_ver);
  76         LE_TO_HOST(16, dhdr->tc_min_ver);
  77         BE_TO_HOST(32, dhdr->crc_keys);
  78         BE_TO_HOST(64, dhdr->vol_ctime);
  79         BE_TO_HOST(64, dhdr->hdr_ctime);
  80         BE_TO_HOST(64, dhdr->sz_hidvol);
  81         BE_TO_HOST(64, dhdr->sz_vol);
  82         BE_TO_HOST(64, dhdr->off_mk_scope);
  83         BE_TO_HOST(64, dhdr->sz_mk_scope);
  84         BE_TO_HOST(32, dhdr->flags);
  85         BE_TO_HOST(32, dhdr->sec_sz);
  86         BE_TO_HOST(32, dhdr->crc_dhdr);
  87
  88         return dhdr;
  89 }
  90
  91 int
  92 verify_hdr(struct tchdr_dec *hdr)
  93 {
  94         uint32_t crc;
  95
  96         if (memcmp(hdr->tc_str, TC_SIG, sizeof(hdr->tc_str)) != 0) {
  97 #ifdef DEBUG
  98                 fprintf(stderr, "Signature mismatch\n");
  99 #endif
 100                 return 0;
 101         }
 102
 103         crc = crc32((void *)&hdr->keys, 256);
 104         if (crc != hdr->crc_keys) {
 105 #ifdef DEBUG
 106                 fprintf(stderr, "CRC32 mismatch (crc_keys)\n");
 107 #endif
 108                 return 0;
 109         }
 110
 111         switch(hdr->tc_ver) {
 112         case 1:
 113         case 2:
 114                 /* Unsupported header version */
 115                 tc_log(1, "Header version %d unsupported\n", hdr->tc_ver);
 116                 return 0;
 117
 118         case 3:
 119         case 4:
 120                 hdr->sec_sz = 512;
 121                 break;
 122         }
 123
 124         return 1;
 125 }
 126
 127 struct tchdr_enc *
 128 create_hdr(unsigned char *pass, int passlen, struct pbkdf_prf_algo *prf_algo,
 129     struct tc_cipher_chain *cipher_chain, size_t sec_sz,
 130     disksz_t total_blocks __unused,
 131     off_t offset, disksz_t blocks, int hidden, int weak, struct tchdr_enc **backup_hdr)
 132 {
 133         struct tchdr_enc *ehdr, *ehdr_backup;
 134         struct tchdr_dec *dhdr;
 135         unsigned char *key, *key_backup;
 136         unsigned char iv[128];
 137         int error;
 138
 139         key = key_backup = NULL;
 140         dhdr = NULL;
 141         ehdr = ehdr_backup = NULL;
 142
 143         if (backup_hdr != NULL)
 144                 *backup_hdr = NULL;
 145
 146         if ((dhdr = (struct tchdr_dec *)alloc_safe_mem(sizeof(*dhdr))) == NULL) {
 147                 tc_log(1, "could not allocate safe dhdr memory\n");
 148                 goto error;
 149         }
 150
 151         if ((ehdr = (struct tchdr_enc *)alloc_safe_mem(sizeof(*ehdr))) == NULL) {
 152                 tc_log(1, "could not allocate safe ehdr memory\n");
 153                 goto error;
 154         }
 155
 156         if ((ehdr_backup = (struct tchdr_enc *)alloc_safe_mem
 157             (sizeof(*ehdr_backup))) == NULL) {
 158                 tc_log(1, "could not allocate safe ehdr_backup memory\n");
 159                 goto error;
 160         }
 161
 162         if ((key = alloc_safe_mem(MAX_KEYSZ)) == NULL) {
 163                 tc_log(1, "could not allocate safe key memory\n");
 164                 goto error;
 165         }
 166
 167         if ((key_backup = alloc_safe_mem(MAX_KEYSZ)) == NULL) {
 168                 tc_log(1, "could not allocate safe backup key memory\n");
 169                 goto error;
 170         }
 171
 172         if ((error = get_random(ehdr->salt, sizeof(ehdr->salt), weak)) != 0) {
 173                 tc_log(1, "could not get salt\n");
 174                 goto error;
 175         }
 176
 177         if ((error = get_random(ehdr_backup->salt, sizeof(ehdr_backup->salt), weak))
 178             != 0) {
 179                 tc_log(1, "could not get salt for backup header\n");
 180                 goto error;
 181         }
 182
 183         error = pbkdf2(prf_algo, (char *)pass, passlen,
 184             ehdr->salt, sizeof(ehdr->salt),
 185             MAX_KEYSZ, key);
 186         if (error) {
 187                 tc_log(1, "could not derive key\n");
 188                 goto error;
 189         }
 190
 191         error = pbkdf2(prf_algo, (char *)pass, passlen,
 192             ehdr_backup->salt, sizeof(ehdr_backup->salt),
 193             MAX_KEYSZ, key_backup);
 194         if (error) {
 195                 tc_log(1, "could not derive backup key\n");
 196                 goto error;
 197         }
 198
 199         memset(dhdr, 0, sizeof(*dhdr));
 200
 201         if ((error = get_random(dhdr->keys, sizeof(dhdr->keys), weak)) != 0) {
 202                 tc_log(1, "could not get key random bits\n");
 203                 goto error;
 204         }
 205
 206         memcpy(dhdr->tc_str, "TRUE", 4);
 207         dhdr->tc_ver = 5;
 208         dhdr->tc_min_ver = 7;
 209         dhdr->crc_keys = crc32((void *)&dhdr->keys, 256);
 210         dhdr->sz_vol = blocks * sec_sz;
 211         if (hidden)
 212                 dhdr->sz_hidvol = dhdr->sz_vol;
 213         dhdr->off_mk_scope = offset * sec_sz;
 214         dhdr->sz_mk_scope = blocks * sec_sz;
 215         dhdr->sec_sz = sec_sz;
 216         dhdr->flags = 0;
 217
 218         HOST_TO_BE(16, dhdr->tc_ver);
 219         HOST_TO_LE(16, dhdr->tc_min_ver);
 220         HOST_TO_BE(32, dhdr->crc_keys);
 221         HOST_TO_BE(64, dhdr->sz_vol);
 222         HOST_TO_BE(64, dhdr->sz_hidvol);
 223         HOST_TO_BE(64, dhdr->off_mk_scope);
 224         HOST_TO_BE(64, dhdr->sz_mk_scope);
 225         HOST_TO_BE(32, dhdr->sec_sz);
 226         HOST_TO_BE(32, dhdr->flags);
 227
 228         dhdr->crc_dhdr = crc32((void *)dhdr, 188);
 229         HOST_TO_BE(32, dhdr->crc_dhdr);
 230
 231         memset(iv, 0, sizeof(iv));
 232         error = tc_encrypt(cipher_chain, key, iv, (unsigned char *)dhdr,
 233             sizeof(struct tchdr_dec), ehdr->enc);
 234         if (error) {
 235                 tc_log(1, "Header encryption failed\n");
 236                 goto error;
 237         }
 238
 239         memset(iv, 0, sizeof(iv));
 240         error = tc_encrypt(cipher_chain, key_backup, iv,
 241             (unsigned char *)dhdr,
 242             sizeof(struct tchdr_dec), ehdr_backup->enc);
 243         if (error) {
 244                 tc_log(1, "Backup header encryption failed\n");
 245                 goto error;
 246         }
 247
 248         free_safe_mem(key);
 249         free_safe_mem(key_backup);
 250         free_safe_mem(dhdr);
 251
 252         if (backup_hdr != NULL)
 253                 *backup_hdr = ehdr_backup;
 254         else
 255                 free_safe_mem(ehdr_backup);
 256
 257         return ehdr;
 258         /* NOT REACHED */
 259
 260 error:
 261         if (key)
 262                 free_safe_mem(key);
 263         if (key_backup)
 264                 free_safe_mem(key_backup);
 265         if (dhdr)
 266                 free_safe_mem(dhdr);
 267         if (ehdr)
 268                 free_safe_mem(ehdr);
 269         if (ehdr_backup)
 270                 free_safe_mem(ehdr_backup);
 271
 272         return NULL;
 273 }
 274
 275 struct tchdr_enc *copy_reencrypt_hdr(unsigned char *pass, int passlen,
 276     struct pbkdf_prf_algo *prf_algo, int weak, struct tcplay_info *info,
 277     struct tchdr_enc **backup_hdr)
 278 {
 279         struct tchdr_enc *ehdr, *ehdr_backup;
 280         unsigned char *key, *key_backup;
 281         unsigned char iv[128];
 282         int error;
 283
 284         key = key_backup = NULL;
 285         ehdr = ehdr_backup = NULL;
 286
 287         /* By default stick to current PRF algo */
 288         if (prf_algo == NULL)
 289                 prf_algo = info->pbkdf_prf;
 290
 291         if ((ehdr = (struct tchdr_enc *)alloc_safe_mem(sizeof(*ehdr))) == NULL) {
 292                 tc_log(1, "could not allocate safe ehdr memory\n");
 293                 goto error;
 294         }
 295
 296         if ((ehdr_backup = (struct tchdr_enc *)alloc_safe_mem
 297             (sizeof(*ehdr_backup))) == NULL) {
 298                 tc_log(1, "could not allocate safe ehdr_backup memory\n");
 299                 goto error;
 300         }
 301
 302         if ((key = alloc_safe_mem(MAX_KEYSZ)) == NULL) {
 303                 tc_log(1, "could not allocate safe key memory\n");
 304                 goto error;
 305         }
 306
 307         if ((key_backup = alloc_safe_mem(MAX_KEYSZ)) == NULL) {
 308                 tc_log(1, "could not allocate safe backup key memory\n");
 309                 goto error;
 310         }
 311
 312         if ((error = get_random(ehdr->salt, sizeof(ehdr->salt), weak)) != 0) {
 313                 tc_log(1, "could not get salt\n");
 314                 goto error;
 315         }
 316
 317         if ((error = get_random(ehdr_backup->salt, sizeof(ehdr_backup->salt), weak))
 318             != 0) {
 319                 tc_log(1, "could not get salt for backup header\n");
 320                 goto error;
 321         }
 322
 323         error = pbkdf2(prf_algo, (char *)pass, passlen,
 324             ehdr->salt, sizeof(ehdr->salt),
 325             MAX_KEYSZ, key);
 326         if (error) {
 327                 tc_log(1, "could not derive key\n");
 328                 goto error;
 329         }
 330
 331         error = pbkdf2(prf_algo, (char *)pass, passlen,
 332             ehdr_backup->salt, sizeof(ehdr_backup->salt),
 333             MAX_KEYSZ, key_backup);
 334         if (error) {
 335                 tc_log(1, "could not derive backup key\n");
 336                 goto error;
 337         }
 338
 339         HOST_TO_BE(16, info->hdr->tc_ver);
 340         HOST_TO_LE(16, info->hdr->tc_min_ver);
 341         HOST_TO_BE(32, info->hdr->crc_keys);
 342         HOST_TO_BE(64, info->hdr->vol_ctime);
 343         HOST_TO_BE(64, info->hdr->hdr_ctime);
 344         HOST_TO_BE(64, info->hdr->sz_vol);
 345         HOST_TO_BE(64, info->hdr->sz_hidvol);
 346         HOST_TO_BE(64, info->hdr->off_mk_scope);
 347         HOST_TO_BE(64, info->hdr->sz_mk_scope);
 348         HOST_TO_BE(32, info->hdr->sec_sz);
 349         HOST_TO_BE(32, info->hdr->flags);
 350         HOST_TO_BE(32, info->hdr->crc_dhdr);
 351
 352         memset(iv, 0, sizeof(iv));
 353         error = tc_encrypt(info->cipher_chain, key, iv,
 354             (unsigned char *)info->hdr, sizeof(struct tchdr_dec), ehdr->enc);
 355         if (error) {
 356                 tc_log(1, "Header encryption failed\n");
 357                 goto error;
 358         }
 359
 360         memset(iv, 0, sizeof(iv));
 361         error = tc_encrypt(info->cipher_chain, key_backup, iv,
 362             (unsigned char *)info->hdr,
 363             sizeof(struct tchdr_dec), ehdr_backup->enc);
 364         if (error) {
 365                 tc_log(1, "Backup header encryption failed\n");
 366                 goto error;
 367         }
 368
 369         free_safe_mem(key);
 370         free_safe_mem(key_backup);
 371
 372         if (backup_hdr != NULL)
 373                 *backup_hdr = ehdr_backup;
 374         else
 375                 free_safe_mem(ehdr_backup);
 376
 377         return ehdr;
 378         /* NOT REACHED */
 379
 380 error:
 381         if (key)
 382                 free_safe_mem(key);
 383         if (key_backup)
 384                 free_safe_mem(key_backup);
 385         if (ehdr)
 386                 free_safe_mem(ehdr);
 387         if (ehdr_backup)
 388                 free_safe_mem(ehdr_backup);
 389
 390         return NULL;
 391 }