search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bridge(4): document net.link.bridge.pfil_onlyip
[dragonfly.git] / lib / libtcplay / tcplay.h
blob272361555cae78a9f652df90b06aca947a180ce3
1 /*
2 * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
19 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
22 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
26 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 */
29
30 /* Version of tcplay specified during build (CMakeLists.txt, Makefile.classic) */
31
32 #ifndef _TCPLAY_H
33 #define _TCPLAY_H
34
35 #define MAX_BLKSZ 4096
36 #define MAX_KEYSZ 192
37 #define HDRSZ 512
38 #define HDR_OFFSET_SYS 31744 /* 512 * (63 -1) */
39 #define TC_SIG "TRUE"
40 #define VC_SIG "VERA"
41 #define MAX_PASSSZ 64
42 #define PASS_BUFSZ 256
43 #define KPOOL_SZ 64
44 #define MAX_KFILE_SZ 1048576 /* 1 MB */
45 #define MAX_KEYFILES 256
46 #define HDR_OFFSET_HIDDEN 65536
47 #define BACKUP_HDR_HIDDEN_OFFSET_END 65536
48 #define BACKUP_HDR_OFFSET_END 131072
49 #define SALT_LEN 64
50 #define VOL_RSVD_BYTES_START (256*512) /* Reserved bytes at vol. start */
51 #define VOL_RSVD_BYTES_END (256*512) /* Reserved bytes at vol. end */
52 #define MIN_VOL_BYTES (VOL_RSVD_BYTES_START + VOL_RSVD_BYTES_END)
53
54 #define MAX_CIPHER_CHAINS 64
55 #define DEFAULT_RETRIES 3
56 #define ERASE_BUFFER_SIZE 4*1024*1024 /* 4 MB */
57
58 /* TrueCrypt Volume flags */
59 #define TC_VOLFLAG_SYSTEM 0x01 /* system encryption */
60 #define TC_VOLFLAG_INPLACE 0x02 /* non-system in-place-encrypted volume */
61
62 #define TC_VOLFLAG_SET(f, x) ((f & TC_VOLFLAG_##x) == TC_VOLFLAG_##x)
63
64 #define LOG_BUFFER_SZ 1024
65 #if 0
66 #define DEBUG 1
67 #endif
68
69 #define TC_FLAG_SYS 0x0001
70 #define TC_FLAG_FDE 0x0002
71 #define TC_FLAG_BACKUP 0x0004
72 #define TC_FLAG_ONLY_RESTORE 0x0008
73 #define TC_FLAG_ALLOW_TRIM 0x0010
74 #define TC_FLAG_SAVE_TO_FILE 0x0020
75 #define TC_FLAG_HDR_FROM_FILE 0x0040
76 #define TC_FLAG_H_HDR_FROM_FILE 0x0080
77
78 #define TC_FLAG_SET(f, x) ((f & TC_FLAG_##x) == TC_FLAG_##x)
79
80 #include <limits.h>
81 #include <inttypes.h>
82
83 #if defined(__DragonFly__)
84 #include <uuid.h>
85 #elif defined(__linux__)
86 #include <uuid/uuid.h>
87 #endif
88
89
90 typedef uint64_t disksz_t;
91 #define DISKSZ_FMT PRIu64
92
93
94 struct pbkdf_prf_algo {
95 const char *name;
96 const char *algo;
97 int iteration_count;
98 const char *sig;
99 int sys;
100 };
101
102 #define DEFAULT_PRF_ALGO_IDX 6
103
104 struct tc_crypto_algo {
105 const char *name;
106 const char *dm_crypt_str;
107 int klen;
108 int ivlen;
109 };
110
111 struct tc_cipher_chain {
112 struct tc_crypto_algo *cipher;
113 unsigned char *key;
114 char dm_key[MAX_KEYSZ*2 + 1];
115
116 struct tc_cipher_chain *prev;
117 struct tc_cipher_chain *next;
118 };
119
120 struct tchdr_enc {
121 unsigned char salt[SALT_LEN]; /* Salt for PBKDF */
122 unsigned char enc[448]; /* Encrypted part of the header */
123 } __attribute__((__packed__));
124
125 struct tchdr_dec {
126 char tc_str[4]; /* ASCII string "TRUE" */
127 uint16_t tc_ver; /* Volume header format version */
128 uint16_t tc_min_ver;
129 uint32_t crc_keys; /* CRC32 of the key section */
130 uint64_t vol_ctime; /* Volume creation time */
131 uint64_t hdr_ctime; /* Header creation time */
132 uint64_t sz_hidvol; /* Size of hidden volume (set to zero
133 in non-hidden volumes) */
134 uint64_t sz_vol; /* Size of volume */
135 uint64_t off_mk_scope; /* Byte offset of the start of the
136 master key scope */
137 uint64_t sz_mk_scope; /* Size of the encrypted area within
138 the master key scope */
139 uint32_t flags; /* Flag bits
140 (bit 0: system encryption;
141 bit 1: non-system in-place-encrypted volume;
142 bits 2–31 are reserved) */
143 uint32_t sec_sz; /* Sector size (in bytes) */
144 unsigned char unused3[120];
145 uint32_t crc_dhdr; /* CRC32 of dec. header (except keys) */
146 unsigned char keys[256];
147 } __attribute__((__packed__));
148
149 struct tcplay_info {
150 char dev[PATH_MAX];
151 struct tchdr_dec *hdr;
152 struct tc_cipher_chain *cipher_chain;
153 struct pbkdf_prf_algo *pbkdf_prf;
154 char key[MAX_KEYSZ*2 + 1];
155
156 int flags;
157 int volflags;
158
159 uint32_t blk_sz;
160
161 off_t start; /* Logical volume offset in table (in blk_sz blocks) */
162 disksz_t size; /* Volume size (in blk_sz blocks) */
163
164 off_t skip; /* IV offset (in blk_sz blocks) */
165 off_t offset; /* Block offset (in blk_sz blocks) */
166
167 /* Populated by dm_setup */
168 uuid_t uuid;
169
170 int hidden;
171 };
172
173 #define INFO_TO_DM_BLOCKS(info, memb) \
174 (((info)->memb * (uint64_t)((info)->blk_sz))/512)
175
176 struct tcplay_dm_table {
177 char device[PATH_MAX]; /* Underlying device */
178 char target[256]; /* DM Target type */
179 off_t start; /* Logical volume offset in table */
180 disksz_t size; /* Volume size */
181
182 char cipher[256]; /* Cipher */
183 off_t skip; /* IV offset */
184 off_t offset; /* Block offset */
185 };
186
187
188 typedef int (*tc_state_change_fn)(void *, const char *, int);
189
190 struct tcplay_opts {
191 /* (Mostly) common options */
192 const char *dev;
193 const char *keyfiles[MAX_KEYFILES];
194 int nkeyfiles;
195 const char *h_keyfiles[MAX_KEYFILES];
196 int n_hkeyfiles;
197 struct pbkdf_prf_algo *prf_algo;
198 struct tc_cipher_chain *cipher_chain;
199 struct pbkdf_prf_algo *h_prf_algo;
200 struct tc_cipher_chain *h_cipher_chain;
201 const char *passphrase;
202 const char *h_passphrase;
203 int interactive;
204 int weak_keys_and_salt;
205
206 /* Options for create */
207 int hidden;
208 disksz_t hidden_size_bytes;
209 int secure_erase; /* XXX: default to 1! */
210
211 /* Options for map, info_mapped */
212 const char *map_name;
213
214 /* Options for info, map, modify */
215 int flags;
216 const char *sys_dev;
217 int protect_hidden;
218 int retries; /* XXX: default to DEFAULT_RETRIES */
219 time_t timeout;
220 int prompt_passphrase;
221
222 const char *hdr_file_in;
223 const char *h_hdr_file_in;
224
225 /* Options for modify only */
226 struct pbkdf_prf_algo *new_prf_algo;
227 const char *new_passphrase;
228 const char *hdr_file_out;
229 const char *new_keyfiles[MAX_KEYFILES];
230 int n_newkeyfiles;
231
232 void *api_ctx;
233 tc_state_change_fn state_change_fn;
234 };
235
236
237 struct tcplay_opts *opts_init(void);
238 int opts_add_keyfile(struct tcplay_opts *opts, const char *keyfile);
239 int opts_add_keyfile_hidden(struct tcplay_opts *opts, const char *keyfile);
240 int opts_add_keyfile_new(struct tcplay_opts *opts, const char *keyfile);
241 void opts_free(struct tcplay_opts *opts);
242 void opts_clear_keyfile(struct tcplay_opts *opts);
243 void opts_clear_keyfile_hidden(struct tcplay_opts *opts);
244 void opts_clear_keyfile_new(struct tcplay_opts *opts);
245
246 void *read_to_safe_mem(const char *file, off_t offset, size_t *sz);
247 int get_random(unsigned char *buf, size_t len, int weak);
248 int secure_erase(const char *dev, disksz_t bytes, size_t blksz);
249 int get_disk_info(const char *dev, disksz_t *blocks, size_t *bsize);
250 int write_to_disk(const char *dev, off_t offset, size_t blksz, void *mem,
251 size_t bytes);
252 int write_to_file(const char *file, void *mem, size_t bytes);
253 int read_passphrase(const char *prompt, char *pass, size_t passlen,
254 size_t bufsz, time_t timeout);
255 float get_random_read_progress(void);
256 float get_secure_erase_progress(void);
257
258
259 int tc_crypto_init(void);
260 int tc_cipher_chain_populate_keys(struct tc_cipher_chain *cipher_chain,
261 unsigned char *key);
262 int tc_cipher_chain_free_keys(struct tc_cipher_chain *cipher_chain);
263 int tc_encrypt(struct tc_cipher_chain *cipher_chain, unsigned char *key,
264 unsigned char *iv,
265 unsigned char *in, int in_len, unsigned char *out);
266 int tc_decrypt(struct tc_cipher_chain *cipher_chain, unsigned char *key,
267 unsigned char *iv,
268 unsigned char *in, int in_len, unsigned char *out);
269
270 /* The following two are platform dependent */
271 int syscrypt(struct tc_crypto_algo *cipher, unsigned char *key, size_t klen,
272 unsigned char *iv, unsigned char *in, unsigned char *out, size_t len,
273 int do_encrypt);
274 int pbkdf2(struct pbkdf_prf_algo *hash, const char *pass, int passlen,
275 const unsigned char *salt, int saltlen,
276 int keylen, unsigned char *out);
277
278 int apply_keyfiles(unsigned char *pass, size_t pass_memsz, const char *keyfiles[],
279 int nkeyfiles);
280
281 struct tchdr_enc *create_hdr(unsigned char *pass, int passlen,
282 struct pbkdf_prf_algo *prf_algo, struct tc_cipher_chain *cipher_chain,
283 size_t sec_sz, disksz_t total_blocks,
284 off_t offset, disksz_t blocks, int hidden, int weak,
285 struct tchdr_enc **backup_hdr);
286 struct tchdr_dec *decrypt_hdr(struct tchdr_enc *ehdr,
287 struct tc_cipher_chain *cipher_chain, unsigned char *key);
288 int verify_hdr(struct tchdr_dec *hdr, struct pbkdf_prf_algo *prf_algo);
289 struct tchdr_enc *copy_reencrypt_hdr(unsigned char *pass, int passlen,
290 struct pbkdf_prf_algo *prf_algo, int weak, struct tcplay_info *info,
291 struct tchdr_enc **backup_hdr);
292
293 void *_alloc_safe_mem(size_t req_sz, const char *file, int line);
294 void *_strdup_safe_mem(const char *in, const char *file, int line);
295 void _free_safe_mem(void *mem, const char *file, int line);
296 void check_and_purge_safe_mem(void);
297
298 struct tc_crypto_algo *check_cipher(const char *cipher, int quiet);
299 struct tc_cipher_chain *check_cipher_chain(const char *cipher_chain, int quiet);
300 struct pbkdf_prf_algo *check_prf_algo(const char *algo, int sys, int quiet);
301
302 int tc_play_init(void);
303 void tc_log(int err, const char *fmt, ...);
304 int tc_cipher_chain_klen(struct tc_cipher_chain *chain);
305 int tc_cipher_chain_length(struct tc_cipher_chain *chain);
306 char *tc_cipher_chain_sprint(char *buf, size_t bufsz,
307 struct tc_cipher_chain *chain);
308 int free_info(struct tcplay_info *info);
309 void print_info(struct tcplay_info *info);
310 int adjust_info(struct tcplay_info *info, struct tcplay_info *hinfo);
311 int process_hdr(const char *dev, int flags, unsigned char *pass, int passlen,
312 struct tchdr_enc *ehdr, struct tcplay_info **pinfo);
313 int create_volume(struct tcplay_opts *opts);
314 struct tcplay_info *info_map_common(struct tcplay_opts *opts,
315 char *passphrase_out);
316 int info_mapped_volume(struct tcplay_opts *opts);
317 int info_volume(struct tcplay_opts *opts);
318 int map_volume(struct tcplay_opts *opts);
319 int modify_volume(struct tcplay_opts *opts);
320 int dm_setup(const char *mapname, struct tcplay_info *info);
321 int dm_teardown(const char *mapname, const char *device);
322 struct tcplay_info *dm_info_map(const char *map_name);
323
324 typedef void(*summary_fn_t)(void);
325
326 extern int tc_internal_verbose;
327 extern char tc_internal_log_buffer[];
328 extern summary_fn_t summary_fn;
329 extern struct pbkdf_prf_algo pbkdf_prf_algos[];
330 extern struct tc_cipher_chain *tc_cipher_chains[MAX_CIPHER_CHAINS];
331
332 #define STATE_UNKNOWN 0
333 #define STATE_GET_RANDOM 1
334 #define STATE_ERASE 2
335
336 extern int tc_internal_state;
337 #ifndef __DECONST
338 #define __DECONST(type, var) ((type)(uintptr_t)(const void *)(var))
339 #endif
340
341 #define alloc_safe_mem(x) \
342 _alloc_safe_mem(x, __FILE__, __LINE__)
343
344 #define strdup_safe_mem(x) \
345 _strdup_safe_mem(x, __FILE__, __LINE__)
346
347 #define free_safe_mem(x) \
348 _free_safe_mem(__DECONST(void *, x), __FILE__, __LINE__)
349
350 #define __unused __attribute__((__unused__))
351
352 #endif
DragonFly BSD