2 * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
19 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
22 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
26 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 /* Version of tcplay specified during build (CMakeLists.txt, Makefile.classic) */
35 #define MAX_BLKSZ 4096
38 #define HDR_OFFSET_SYS 31744 /* 512 * (63 -1) */
42 #define PASS_BUFSZ 256
44 #define MAX_KFILE_SZ 1048576 /* 1 MB */
45 #define MAX_KEYFILES 256
46 #define HDR_OFFSET_HIDDEN 65536
47 #define BACKUP_HDR_HIDDEN_OFFSET_END 65536
48 #define BACKUP_HDR_OFFSET_END 131072
50 #define VOL_RSVD_BYTES_START (256*512) /* Reserved bytes at vol. start */
51 #define VOL_RSVD_BYTES_END (256*512) /* Reserved bytes at vol. end */
52 #define MIN_VOL_BYTES (VOL_RSVD_BYTES_START + VOL_RSVD_BYTES_END)
54 #define MAX_CIPHER_CHAINS 64
55 #define DEFAULT_RETRIES 3
56 #define ERASE_BUFFER_SIZE 4*1024*1024 /* 4 MB */
58 /* TrueCrypt Volume flags */
59 #define TC_VOLFLAG_SYSTEM 0x01 /* system encryption */
60 #define TC_VOLFLAG_INPLACE 0x02 /* non-system in-place-encrypted volume */
62 #define TC_VOLFLAG_SET(f, x) ((f & TC_VOLFLAG_##x) == TC_VOLFLAG_##x)
64 #define LOG_BUFFER_SZ 1024
69 #define TC_FLAG_SYS 0x0001
70 #define TC_FLAG_FDE 0x0002
71 #define TC_FLAG_BACKUP 0x0004
72 #define TC_FLAG_ONLY_RESTORE 0x0008
73 #define TC_FLAG_ALLOW_TRIM 0x0010
74 #define TC_FLAG_SAVE_TO_FILE 0x0020
75 #define TC_FLAG_HDR_FROM_FILE 0x0040
76 #define TC_FLAG_H_HDR_FROM_FILE 0x0080
78 #define TC_FLAG_SET(f, x) ((f & TC_FLAG_##x) == TC_FLAG_##x)
83 #if defined(__DragonFly__)
85 #elif defined(__linux__)
86 #include <uuid/uuid.h>
90 typedef uint64_t disksz_t
;
91 #define DISKSZ_FMT PRIu64
94 struct pbkdf_prf_algo
{
102 #define DEFAULT_PRF_ALGO_IDX 6
104 struct tc_crypto_algo
{
106 const char *dm_crypt_str
;
111 struct tc_cipher_chain
{
112 struct tc_crypto_algo
*cipher
;
114 char dm_key
[MAX_KEYSZ
*2 + 1];
116 struct tc_cipher_chain
*prev
;
117 struct tc_cipher_chain
*next
;
121 unsigned char salt
[SALT_LEN
]; /* Salt for PBKDF */
122 unsigned char enc
[448]; /* Encrypted part of the header */
123 } __attribute__((__packed__
));
126 char tc_str
[4]; /* ASCII string "TRUE" */
127 uint16_t tc_ver
; /* Volume header format version */
129 uint32_t crc_keys
; /* CRC32 of the key section */
130 uint64_t vol_ctime
; /* Volume creation time */
131 uint64_t hdr_ctime
; /* Header creation time */
132 uint64_t sz_hidvol
; /* Size of hidden volume (set to zero
133 in non-hidden volumes) */
134 uint64_t sz_vol
; /* Size of volume */
135 uint64_t off_mk_scope
; /* Byte offset of the start of the
137 uint64_t sz_mk_scope
; /* Size of the encrypted area within
138 the master key scope */
139 uint32_t flags
; /* Flag bits
140 (bit 0: system encryption;
141 bit 1: non-system in-place-encrypted volume;
142 bits 2–31 are reserved) */
143 uint32_t sec_sz
; /* Sector size (in bytes) */
144 unsigned char unused3
[120];
145 uint32_t crc_dhdr
; /* CRC32 of dec. header (except keys) */
146 unsigned char keys
[256];
147 } __attribute__((__packed__
));
151 struct tchdr_dec
*hdr
;
152 struct tc_cipher_chain
*cipher_chain
;
153 struct pbkdf_prf_algo
*pbkdf_prf
;
154 char key
[MAX_KEYSZ
*2 + 1];
161 off_t start
; /* Logical volume offset in table (in blk_sz blocks) */
162 disksz_t size
; /* Volume size (in blk_sz blocks) */
164 off_t skip
; /* IV offset (in blk_sz blocks) */
165 off_t offset
; /* Block offset (in blk_sz blocks) */
167 /* Populated by dm_setup */
173 #define INFO_TO_DM_BLOCKS(info, memb) \
174 (((info)->memb * (uint64_t)((info)->blk_sz))/512)
176 struct tcplay_dm_table
{
177 char device
[PATH_MAX
]; /* Underlying device */
178 char target
[256]; /* DM Target type */
179 off_t start
; /* Logical volume offset in table */
180 disksz_t size
; /* Volume size */
182 char cipher
[256]; /* Cipher */
183 off_t skip
; /* IV offset */
184 off_t offset
; /* Block offset */
188 typedef int (*tc_state_change_fn
)(void *, const char *, int);
191 /* (Mostly) common options */
193 const char *keyfiles
[MAX_KEYFILES
];
195 const char *h_keyfiles
[MAX_KEYFILES
];
197 struct pbkdf_prf_algo
*prf_algo
;
198 struct tc_cipher_chain
*cipher_chain
;
199 struct pbkdf_prf_algo
*h_prf_algo
;
200 struct tc_cipher_chain
*h_cipher_chain
;
201 const char *passphrase
;
202 const char *h_passphrase
;
204 int weak_keys_and_salt
;
206 /* Options for create */
208 disksz_t hidden_size_bytes
;
209 int secure_erase
; /* XXX: default to 1! */
211 /* Options for map, info_mapped */
212 const char *map_name
;
214 /* Options for info, map, modify */
218 int retries
; /* XXX: default to DEFAULT_RETRIES */
220 int prompt_passphrase
;
222 const char *hdr_file_in
;
223 const char *h_hdr_file_in
;
225 /* Options for modify only */
226 struct pbkdf_prf_algo
*new_prf_algo
;
227 const char *new_passphrase
;
228 const char *hdr_file_out
;
229 const char *new_keyfiles
[MAX_KEYFILES
];
233 tc_state_change_fn state_change_fn
;
237 struct tcplay_opts
*opts_init(void);
238 int opts_add_keyfile(struct tcplay_opts
*opts
, const char *keyfile
);
239 int opts_add_keyfile_hidden(struct tcplay_opts
*opts
, const char *keyfile
);
240 int opts_add_keyfile_new(struct tcplay_opts
*opts
, const char *keyfile
);
241 void opts_free(struct tcplay_opts
*opts
);
242 void opts_clear_keyfile(struct tcplay_opts
*opts
);
243 void opts_clear_keyfile_hidden(struct tcplay_opts
*opts
);
244 void opts_clear_keyfile_new(struct tcplay_opts
*opts
);
246 void *read_to_safe_mem(const char *file
, off_t offset
, size_t *sz
);
247 int get_random(unsigned char *buf
, size_t len
, int weak
);
248 int secure_erase(const char *dev
, disksz_t bytes
, size_t blksz
);
249 int get_disk_info(const char *dev
, disksz_t
*blocks
, size_t *bsize
);
250 int write_to_disk(const char *dev
, off_t offset
, size_t blksz
, void *mem
,
252 int write_to_file(const char *file
, void *mem
, size_t bytes
);
253 int read_passphrase(const char *prompt
, char *pass
, size_t passlen
,
254 size_t bufsz
, time_t timeout
);
255 float get_random_read_progress(void);
256 float get_secure_erase_progress(void);
259 int tc_crypto_init(void);
260 int tc_cipher_chain_populate_keys(struct tc_cipher_chain
*cipher_chain
,
262 int tc_cipher_chain_free_keys(struct tc_cipher_chain
*cipher_chain
);
263 int tc_encrypt(struct tc_cipher_chain
*cipher_chain
, unsigned char *key
,
265 unsigned char *in
, int in_len
, unsigned char *out
);
266 int tc_decrypt(struct tc_cipher_chain
*cipher_chain
, unsigned char *key
,
268 unsigned char *in
, int in_len
, unsigned char *out
);
270 /* The following two are platform dependent */
271 int syscrypt(struct tc_crypto_algo
*cipher
, unsigned char *key
, size_t klen
,
272 unsigned char *iv
, unsigned char *in
, unsigned char *out
, size_t len
,
274 int pbkdf2(struct pbkdf_prf_algo
*hash
, const char *pass
, int passlen
,
275 const unsigned char *salt
, int saltlen
,
276 int keylen
, unsigned char *out
);
278 int apply_keyfiles(unsigned char *pass
, size_t pass_memsz
, const char *keyfiles
[],
281 struct tchdr_enc
*create_hdr(unsigned char *pass
, int passlen
,
282 struct pbkdf_prf_algo
*prf_algo
, struct tc_cipher_chain
*cipher_chain
,
283 size_t sec_sz
, disksz_t total_blocks
,
284 off_t offset
, disksz_t blocks
, int hidden
, int weak
,
285 struct tchdr_enc
**backup_hdr
);
286 struct tchdr_dec
*decrypt_hdr(struct tchdr_enc
*ehdr
,
287 struct tc_cipher_chain
*cipher_chain
, unsigned char *key
);
288 int verify_hdr(struct tchdr_dec
*hdr
, struct pbkdf_prf_algo
*prf_algo
);
289 struct tchdr_enc
*copy_reencrypt_hdr(unsigned char *pass
, int passlen
,
290 struct pbkdf_prf_algo
*prf_algo
, int weak
, struct tcplay_info
*info
,
291 struct tchdr_enc
**backup_hdr
);
293 void *_alloc_safe_mem(size_t req_sz
, const char *file
, int line
);
294 void *_strdup_safe_mem(const char *in
, const char *file
, int line
);
295 void _free_safe_mem(void *mem
, const char *file
, int line
);
296 void check_and_purge_safe_mem(void);
298 struct tc_crypto_algo
*check_cipher(const char *cipher
, int quiet
);
299 struct tc_cipher_chain
*check_cipher_chain(const char *cipher_chain
, int quiet
);
300 struct pbkdf_prf_algo
*check_prf_algo(const char *algo
, int sys
, int quiet
);
302 int tc_play_init(void);
303 void tc_log(int err
, const char *fmt
, ...);
304 int tc_cipher_chain_klen(struct tc_cipher_chain
*chain
);
305 int tc_cipher_chain_length(struct tc_cipher_chain
*chain
);
306 char *tc_cipher_chain_sprint(char *buf
, size_t bufsz
,
307 struct tc_cipher_chain
*chain
);
308 int free_info(struct tcplay_info
*info
);
309 void print_info(struct tcplay_info
*info
);
310 int adjust_info(struct tcplay_info
*info
, struct tcplay_info
*hinfo
);
311 int process_hdr(const char *dev
, int flags
, unsigned char *pass
, int passlen
,
312 struct tchdr_enc
*ehdr
, struct tcplay_info
**pinfo
);
313 int create_volume(struct tcplay_opts
*opts
);
314 struct tcplay_info
*info_map_common(struct tcplay_opts
*opts
,
315 char *passphrase_out
);
316 int info_mapped_volume(struct tcplay_opts
*opts
);
317 int info_volume(struct tcplay_opts
*opts
);
318 int map_volume(struct tcplay_opts
*opts
);
319 int modify_volume(struct tcplay_opts
*opts
);
320 int dm_setup(const char *mapname
, struct tcplay_info
*info
);
321 int dm_teardown(const char *mapname
, const char *device
);
322 struct tcplay_info
*dm_info_map(const char *map_name
);
324 typedef void(*summary_fn_t
)(void);
326 extern int tc_internal_verbose
;
327 extern char tc_internal_log_buffer
[];
328 extern summary_fn_t summary_fn
;
329 extern struct pbkdf_prf_algo pbkdf_prf_algos
[];
330 extern struct tc_cipher_chain
*tc_cipher_chains
[MAX_CIPHER_CHAINS
];
332 #define STATE_UNKNOWN 0
333 #define STATE_GET_RANDOM 1
334 #define STATE_ERASE 2
336 extern int tc_internal_state
;
338 #define __DECONST(type, var) ((type)(uintptr_t)(const void *)(var))
341 #define alloc_safe_mem(x) \
342 _alloc_safe_mem(x, __FILE__, __LINE__)
344 #define strdup_safe_mem(x) \
345 _strdup_safe_mem(x, __FILE__, __LINE__)
347 #define free_safe_mem(x) \
348 _free_safe_mem(__DECONST(void *, x), __FILE__, __LINE__)
350 #define __unused __attribute__((__unused__))