2 * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
19 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
22 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
26 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <machine/inttypes.h>
30 #include <sys/types.h>
31 #include <sys/param.h>
47 * - LRW-benbi support? needs further work in dm-crypt and even opencrypto
48 * - secure buffer review (i.e: is everything that needs it using secure mem?)
49 * - mlockall? (at least MCL_FUTURE, which is the only one we support)
52 summary_fn_t summary_fn = NULL;
53 int tc_internal_verbose = 1;
54 char tc_internal_log_buffer[LOG_BUFFER_SZ];
57 tc_log(int is_err, const char *fmt, ...)
69 vsnprintf(tc_internal_log_buffer, LOG_BUFFER_SZ, fmt, ap);
71 if (tc_internal_verbose)
72 vfprintf(fp, fmt, ap);
77 /* Supported algorithms */
78 struct pbkdf_prf_algo pbkdf_prf_algos[] = {
79 { "RIPEMD160", 2000 }, /* needs to come before the other RIPEMD160 */
80 { "RIPEMD160", 1000 },
82 { "whirlpool", 1000 },
86 struct tc_crypto_algo tc_crypto_algos[] = {
88 /* XXX: turns out TC doesn't support AES-128-XTS */
89 { "AES-128-XTS", "aes-xts-plain", 32, 8 },
90 { "TWOFISH-128-XTS", "twofish-xts-plain", 32, 8 },
91 { "SERPENT-128-XTS", "serpent-xts-plain", 32, 8 },
93 { "AES-256-XTS", "aes-xts-plain", 64, 8 },
94 { "TWOFISH-256-XTS", "twofish-xts-plain", 64, 8 },
95 { "SERPENT-256-XTS", "serpent-xts-plain", 64, 8 },
99 const char *valid_cipher_chains[][MAX_CIPHER_CHAINS] = {
100 { "AES-256-XTS", NULL },
101 { "TWOFISH-256-XTS", NULL },
102 { "SERPENT-256-XTS", NULL },
103 { "AES-256-XTS", "TWOFISH-256-XTS", "SERPENT-256-XTS", NULL },
104 { "SERPENT-256-XTS", "TWOFISH-256-XTS", "AES-256-XTS", NULL },
106 /* It seems that all the two-way cascades are the other way round... */
107 { "AES-256-XTS", "TWOFISH-256-XTS", NULL },
108 { "SERPENT-256-XTS", "AES-256-XTS", NULL },
109 { "TWOFISH-256-XTS", "SERPENT-256-XTS", NULL },
112 { "TWOFISH-256-XTS", "AES-256-XTS", NULL },
113 { "AES-256-XTS", "SERPENT-256-XTS", NULL },
114 { "SERPENT-256-XTS", "TWOFISH-256-XTS", NULL },
118 struct tc_cipher_chain *tc_cipher_chains[MAX_CIPHER_CHAINS];
122 tc_build_cipher_chains(void)
124 struct tc_cipher_chain *chain, *elem, *prev;
128 while (valid_cipher_chains[i][0] != NULL) {
133 while (valid_cipher_chains[i][k] != NULL) {
134 if ((elem = alloc_safe_mem(sizeof(*elem))) == NULL) {
135 tc_log(1, "Error allocating memory for "
140 /* Initialize first element of chain */
146 /* Populate previous element */
152 /* Assume we are the last element in the chain */
155 /* Initialize other fields */
156 elem->cipher = check_cipher(valid_cipher_chains[i][k], 0);
157 if (elem->cipher == NULL)
166 /* Store cipher chain */
167 tc_cipher_chains[i++] = chain;
169 /* Integrity check */
170 if (i >= MAX_CIPHER_CHAINS) {
171 tc_log(1, "FATAL: tc_cipher_chains is full!!\n");
175 /* Make sure array is NULL terminated */
176 tc_cipher_chains[i] = NULL;
184 print_hex(unsigned char *buf, off_t start, size_t len)
188 for (i = start; i < start+len; i++)
189 printf("%02x", buf[i]);
196 print_info(struct tcplay_info *info)
198 struct tc_cipher_chain *cipher_chain;
201 printf("PBKDF2 PRF:\t\t%s\n", info->pbkdf_prf->name);
202 printf("PBKDF2 iterations:\t%d\n", info->pbkdf_prf->iteration_count);
204 printf("Cipher:\t\t\t");
205 for (cipher_chain = info->cipher_chain;
206 cipher_chain != NULL;
207 cipher_chain = cipher_chain->next) {
208 printf("%s%c", cipher_chain->cipher->name,
209 (cipher_chain->next != NULL) ? ',' : '\n');
210 klen += cipher_chain->cipher->klen;
213 printf("Key Length:\t\t%d bits\n", klen*8);
214 printf("CRC Key Data:\t\t%#x\n", info->hdr->crc_keys);
215 printf("Sector size:\t\t%d\n", info->hdr->sec_sz);
216 printf("Volume size:\t\t%zu sectors\n", info->size);
221 new_info(const char *dev, struct tc_cipher_chain *cipher_chain,
222 struct pbkdf_prf_algo *prf, struct tchdr_dec *hdr, off_t start)
224 struct tcplay_info *info;
228 if ((info = (struct tcplay_info *)alloc_safe_mem(sizeof(*info))) == NULL) {
229 tc_log(1, "could not allocate safe info memory\n");
234 info->cipher_chain = cipher_chain;
235 info->pbkdf_prf = prf;
238 info->size = hdr->sz_mk_scope / hdr->sec_sz; /* volume size */
239 info->skip = hdr->off_mk_scope / hdr->sec_sz; /* iv skip */
240 info->offset = hdr->off_mk_scope / hdr->sec_sz; /* block offset */
242 /* Associate a key out of the key pool with each cipher in the chain */
243 error = tc_cipher_chain_populate_keys(cipher_chain, hdr->keys);
245 tc_log(1, "could not populate keys in cipher chain\n");
249 for (; cipher_chain != NULL; cipher_chain = cipher_chain->next) {
250 for (i = 0; i < cipher_chain->cipher->klen; i++)
251 sprintf(&cipher_chain->dm_key[i*2], "%02x",
252 cipher_chain->key[i]);
259 adjust_info(struct tcplay_info *info, struct tcplay_info *hinfo)
261 if (hinfo->hdr->sz_hidvol == 0)
264 info->size -= hinfo->hdr->sz_hidvol / hinfo->hdr->sec_sz;
269 process_hdr(const char *dev, unsigned char *pass, int passlen,
270 struct tchdr_enc *ehdr, struct tcplay_info **pinfo)
272 struct tchdr_dec *dhdr;
273 struct tcplay_info *info;
275 int i, j, found, error;
279 if ((key = alloc_safe_mem(MAX_KEYSZ)) == NULL) {
280 tc_log(1, "could not allocate safe key memory\n");
284 /* Start search for correct algorithm combination */
286 for (i = 0; !found && pbkdf_prf_algos[i].name != NULL; i++) {
288 printf("\nTrying PRF algo %s (%d)\n", pbkdf_prf_algos[i].name,
289 pbkdf_prf_algos[i].iteration_count);
291 print_hex(ehdr->salt, 0, sizeof(ehdr->salt));
293 error = pbkdf2(pass, passlen,
294 ehdr->salt, sizeof(ehdr->salt),
295 pbkdf_prf_algos[i].iteration_count,
296 pbkdf_prf_algos[i].name, MAX_KEYSZ, key);
299 tc_log(1, "pbkdf failed for algorithm %s\n",
300 pbkdf_prf_algos[i].name);
305 printf("Derived Key: ");
306 print_hex(key, 0, MAX_KEYSZ);
309 for (j = 0; !found && tc_cipher_chains[j] != NULL; j++) {
311 printf("\nTrying cipher chain %d\n", j);
314 dhdr = decrypt_hdr(ehdr, tc_cipher_chains[j], key);
316 tc_log(1, "hdr decryption failed for cipher "
321 if (verify_hdr(dhdr)) {
323 printf("tc_str: %.4s, tc_ver: %zd, tc_min_ver: %zd, "
324 "crc_keys: %d, sz_vol: %"PRIu64", "
325 "off_mk_scope: %"PRIu64", sz_mk_scope: %"PRIu64", "
326 "flags: %d, sec_sz: %d crc_dhdr: %d\n",
327 dhdr->tc_str, dhdr->tc_ver, dhdr->tc_min_ver,
328 dhdr->crc_keys, dhdr->sz_vol, dhdr->off_mk_scope,
329 dhdr->sz_mk_scope, dhdr->flags, dhdr->sec_sz,
344 if ((info = new_info(dev, tc_cipher_chains[j-1], &pbkdf_prf_algos[i-1],
354 create_volume(const char *dev, int hidden, const char *keyfiles[], int nkeyfiles,
355 const char *h_keyfiles[], int n_hkeyfiles, struct pbkdf_prf_algo *prf_algo,
356 struct tc_cipher_chain *cipher_chain, struct pbkdf_prf_algo *h_prf_algo,
357 struct tc_cipher_chain *h_cipher_chain, char *passphrase,
358 char *h_passphrase, size_t hidden_blocks_in, int interactive)
360 char *pass, *pass_again;
363 size_t blocks, blksz, hidden_blocks = 0;
364 struct tchdr_enc *ehdr, *hehdr = NULL;
368 if (cipher_chain == NULL)
369 cipher_chain = tc_cipher_chains[0];
370 if (prf_algo == NULL)
371 prf_algo = &pbkdf_prf_algos[0];
372 if (h_cipher_chain == NULL)
373 h_cipher_chain = cipher_chain;
374 if (h_prf_algo == NULL)
375 h_prf_algo = prf_algo;
377 if ((error = get_disk_info(dev, &blocks, &blksz)) != 0) {
378 tc_log(1, "could not get disk info\n");
382 if (blocks <= MIN_VOL_BLOCKS) {
383 tc_log(1, "Cannot create volumes on devices with less "
384 "than %d blocks/sectors\n", MIN_VOL_BLOCKS);
389 if (((pass = alloc_safe_mem(MAX_PASSSZ)) == NULL) ||
390 ((pass_again = alloc_safe_mem(MAX_PASSSZ)) == NULL)) {
391 tc_log(1, "could not allocate safe passphrase memory\n");
395 if ((error = read_passphrase("Passphrase: ", pass, MAX_PASSSZ, 0) ||
396 (read_passphrase("Repeat passphrase: ", pass_again,
398 tc_log(1, "could not read passphrase\n");
402 if (strcmp(pass, pass_again) != 0) {
403 tc_log(1, "Passphrases don't match\n");
407 free_safe_mem(pass_again);
409 /* In batch mode, use provided passphrase */
410 if ((pass = alloc_safe_mem(MAX_PASSSZ)) == NULL) {
411 tc_log(1, "could not allocate safe "
412 "passphrase memory");
416 if (passphrase != NULL)
417 strcpy(pass, passphrase);
421 /* Apply keyfiles to 'pass' */
422 if ((error = apply_keyfiles(pass, MAX_PASSSZ, keyfiles,
424 tc_log(1, "could not apply keyfiles\n");
430 if (((h_pass = alloc_safe_mem(MAX_PASSSZ)) == NULL) ||
431 ((pass_again = alloc_safe_mem(MAX_PASSSZ)) == NULL)) {
432 tc_log(1, "could not allocate safe "
433 "passphrase memory\n");
437 if ((error = read_passphrase("Passphrase for hidden volume: ",
438 h_pass, MAX_PASSSZ, 0) ||
439 (read_passphrase("Repeat passphrase: ", pass_again,
441 tc_log(1, "could not read passphrase\n");
445 if (strcmp(h_pass, pass_again) != 0) {
446 tc_log(1, "Passphrases for hidden volume don't "
451 free_safe_mem(pass_again);
453 /* In batch mode, use provided passphrase */
454 if ((h_pass = alloc_safe_mem(MAX_PASSSZ)) == NULL) {
455 tc_log(1, "could not allocate safe "
456 "passphrase memory");
460 if (h_passphrase != NULL)
461 strcpy(h_pass, h_passphrase);
464 if (n_hkeyfiles > 0) {
465 /* Apply keyfiles to 'h_pass' */
466 if ((error = apply_keyfiles(h_pass, MAX_PASSSZ, h_keyfiles,
468 tc_log(1, "could not apply keyfiles\n");
476 hidden_blocks = hidden_blocks_in;
477 if (hidden_blocks == 0) {
478 tc_log(1, "hidden_blocks to create volume "
479 "cannot be zero!\n");
484 /* This only happens in interactive mode */
485 while (hidden_blocks == 0) {
486 if ((r = humanize_number(buf, strlen("XXX MB"),
487 (int64_t)(blocks * blksz), "B", 0, 0)) < 0) {
488 sprintf(buf, "%zu bytes", (blocks * blksz));
491 printf("The total volume size of %s is %s (bytes)\n", dev, buf);
492 memset(buf, 0, sizeof(buf));
493 printf("Size of hidden volume (e.g. 127M): ");
496 if ((fgets(buf, sizeof(buf), stdin)) == NULL) {
497 tc_log(1, "Could not read from stdin\n");
501 /* get rid of trailing newline */
502 buf[strlen(buf)-1] = '\0';
503 if ((error = dehumanize_number(buf,
505 tc_log(1, "Could not interpret input: %s\n", buf);
509 hidden_blocks = (size_t)tmp;
510 hidden_blocks /= blksz;
511 if (hidden_blocks >= blocks - MIN_VOL_BLOCKS) {
512 tc_log(1, "Hidden volume needs to be "
513 "smaller than the outer volume\n");
521 /* Show summary and ask for confirmation */
522 printf("Summary of actions:\n");
523 printf(" - Completely erase *EVERYTHING* on %s\n", dev);
524 printf(" - Create %svolume on %s\n", hidden?("outer "):"", dev);
526 printf(" - Create hidden volume of %zu bytes at end of "
528 hidden_blocks * blksz);
531 printf("\n Are you sure you want to proceed? (y/n) ");
533 if ((fgets(buf, sizeof(buf), stdin)) == NULL) {
534 tc_log(1, "Could not read from stdin\n");
538 if ((buf[0] != 'y') && (buf[0] != 'Y')) {
539 tc_log(1, "User cancelled action(s)\n");
545 if ((error = secure_erase(dev, blocks * blksz, blksz)) != 0) {
546 tc_log(1, "could not securely erase device %s\n", dev);
550 /* create encrypted headers */
551 ehdr = create_hdr(pass, (nkeyfiles > 0)?MAX_PASSSZ:strlen(pass),
552 prf_algo, cipher_chain, blksz, blocks, MIN_VOL_BLOCKS,
553 blocks-MIN_VOL_BLOCKS, 0);
555 tc_log(1, "Could not create header\n");
560 hehdr = create_hdr(h_pass,
561 (n_hkeyfiles > 0)?MAX_PASSSZ:strlen(h_pass), h_prf_algo,
563 blksz, blocks, blocks - hidden_blocks, hidden_blocks, 1);
565 tc_log(1, "Could not create hidden volume header\n");
570 if ((error = write_mem(dev, 0, blksz, ehdr, sizeof(*ehdr))) != 0) {
571 tc_log(1, "Could not write volume header to device\n");
576 if ((error = write_mem(dev, HDR_OFFSET_HIDDEN, blksz, hehdr,
577 sizeof(*hehdr))) != 0) {
578 tc_log(1, "Could not write hidden volume header to "
589 info_map_common(const char *dev, int sflag, const char *sys_dev,
590 int protect_hidden, const char *keyfiles[], int nkeyfiles,
591 const char *h_keyfiles[], int n_hkeyfiles, char *passphrase,
592 char *passphrase_hidden, int interactive, int retries, time_t timeout)
594 struct tchdr_enc *ehdr, *hehdr = NULL;
595 struct tcplay_info *info, *hinfo = NULL;
598 int error, error2 = 0;
605 while ((info == NULL) && retries-- > 0)
611 if ((pass = alloc_safe_mem(MAX_PASSSZ)) == NULL) {
612 tc_log(1, "could not allocate safe passphrase memory\n");
617 if ((error = read_passphrase("Passphrase: ", pass,
618 MAX_PASSSZ, timeout))) {
619 tc_log(1, "could not read passphrase\n");
623 /* In batch mode, use provided passphrase */
624 if (passphrase != NULL)
625 strcpy(pass, passphrase);
629 /* Apply keyfiles to 'pass' */
630 if ((error = apply_keyfiles(pass, MAX_PASSSZ, keyfiles,
632 tc_log(1, "could not apply keyfiles");
637 if (protect_hidden) {
638 if ((h_pass = alloc_safe_mem(MAX_PASSSZ)) == NULL) {
639 tc_log(1, "could not allocate safe passphrase memory\n");
644 if ((error = read_passphrase(
645 "Passphrase for hidden volume: ", h_pass,
646 MAX_PASSSZ, timeout))) {
647 tc_log(1, "could not read passphrase\n");
651 /* In batch mode, use provided passphrase */
652 if (passphrase_hidden != NULL)
653 strcpy(h_pass, passphrase_hidden);
656 if (n_hkeyfiles > 0) {
657 /* Apply keyfiles to 'pass' */
658 if ((error = apply_keyfiles(h_pass, MAX_PASSSZ, h_keyfiles,
660 tc_log(1, "could not apply keyfiles");
667 ehdr = (struct tchdr_enc *)read_to_safe_mem((sflag) ? sys_dev : dev,
668 (sflag) ? HDR_OFFSET_SYS : 0, &sz);
670 tc_log(1, "error read hdr_enc: %s", dev);
676 hehdr = (struct tchdr_enc *)read_to_safe_mem(dev,
677 HDR_OFFSET_HIDDEN, &sz);
679 tc_log(1, "error read hdr_enc: %s", dev);
686 error = process_hdr(dev, pass, (nkeyfiles > 0)?MAX_PASSSZ:strlen(pass),
690 * Try to process hidden header if we have to protect the hidden
691 * volume, or the decryption/verification of the main header
694 if (hehdr && (error || protect_hidden)) {
696 error2 = process_hdr(dev, pass,
697 (nkeyfiles > 0)?MAX_PASSSZ:strlen(pass), hehdr,
699 } else if (protect_hidden) {
700 error2 = process_hdr(dev, h_pass,
701 (n_hkeyfiles > 0)?MAX_PASSSZ:strlen(h_pass), hehdr,
706 /* We need both to protect a hidden volume */
707 if ((protect_hidden && (error || error2)) ||
709 tc_log(1, "Incorrect password or not a TrueCrypt volume\n");
713 /* Try again (or finish) */
716 free_safe_mem(h_pass);
720 free_safe_mem(hehdr);
724 if (protect_hidden) {
725 if (adjust_info(info, hinfo) != 0) {
726 tc_log(1, "Could not protect hidden volume\n");
736 info_volume(const char *device, int sflag, const char *sys_dev,
737 int protect_hidden, const char *keyfiles[], int nkeyfiles,
738 const char *h_keyfiles[], int n_hkeyfiles,
739 char *passphrase, char *passphrase_hidden, int interactive, int retries,
742 struct tcplay_info *info;
744 info = info_map_common(device, sflag, sys_dev, protect_hidden,
745 keyfiles, nkeyfiles, h_keyfiles, n_hkeyfiles,
746 passphrase, passphrase_hidden, interactive, retries, timeout);
753 return (info != NULL) ? 0 : -1;
757 map_volume(const char *map_name, const char *device, int sflag,
758 const char *sys_dev, int protect_hidden, const char *keyfiles[],
759 int nkeyfiles, const char *h_keyfiles[], int n_hkeyfiles,
760 char *passphrase, char *passphrase_hidden, int interactive, int retries,
764 struct tcplay_info *info;
767 info = info_map_common(device, sflag, sys_dev, protect_hidden,
768 keyfiles, nkeyfiles, h_keyfiles, n_hkeyfiles,
769 passphrase, passphrase_hidden, interactive, retries, timeout);
774 if ((error = dm_setup(map_name, info)) != 0) {
775 tc_log(1, "Could not set up mapping %s\n", map_name);
787 dm_remove_device(const char *name)
789 struct dm_task *dmt = NULL;
792 if ((dmt = dm_task_create(DM_DEVICE_REMOVE)) == NULL)
795 if ((dm_task_set_name(dmt, name)) == 0)
798 if ((dm_task_run(dmt)) == 0)
804 dm_task_destroy(dmt);
810 dm_setup(const char *mapname, struct tcplay_info *info)
812 struct tc_cipher_chain *cipher_chain;
813 struct dm_task *dmt = NULL;
826 if ((params = alloc_safe_mem(512)) == NULL) {
827 tc_log(1, "could not allocate safe parameters memory");
831 strcpy(dev, info->dev);
833 offset = info->offset;
836 /* Get to the end of the chain */
837 for (cipher_chain = info->cipher_chain; cipher_chain->next != NULL;
838 cipher_chain = cipher_chain->next)
841 for (j= 0; cipher_chain != NULL;
842 cipher_chain = cipher_chain->prev, j++) {
843 /* aes-cbc-essiv:sha256 7997f8af... 0 /dev/ad0s0a 8 */
844 /* iv off---^ block off--^ */
845 snprintf(params, 512, "%s %s %"PRIu64 " %s %"PRIu64,
846 cipher_chain->cipher->dm_crypt_str, cipher_chain->dm_key,
847 info->skip, dev, offset);
849 printf("Params: %s\n", params);
852 if ((dmt = dm_task_create(DM_DEVICE_CREATE)) == NULL) {
853 tc_log(1, "dm_task_create failed\n");
859 * If this is the last element in the cipher chain, use the
860 * final map name. Otherwise pick a secondary name...
862 if (cipher_chain->prev == NULL)
863 strcpy(map, mapname);
865 sprintf(map, "%s.%d", mapname, j);
867 if ((dm_task_set_name(dmt, map)) == 0) {
868 tc_log(1, "dm_task_set_name failed\n");
873 uuid_create(&info->uuid, &status);
874 if (status != uuid_s_ok) {
875 tc_log(1, "uuid_create failed\n");
880 uuid_to_string(&info->uuid, &uu, &status);
882 tc_log(1, "uuid_to_string failed\n");
887 if ((dm_task_set_uuid(dmt, uu)) == 0) {
889 tc_log(1, "dm_task_set_uuid failed\n");
896 if ((dm_task_add_target(dmt, start, info->size, "crypt", params)) == 0) {
897 tc_log(1, "dm_task_add_target failed\n");
902 if ((dm_task_run(dmt)) == 0) {
903 tc_log(1, "dm_task_task_run failed\n");
908 if ((dm_task_get_info(dmt, &dmi)) == 0) {
909 tc_log(1, "dm_task_get info failed\n");
910 /* XXX: probably do more than just erroring out... */
915 asprintf(&uu_stack[uu_stack_idx++], "%s", map);
919 sprintf(dev, "/dev/mapper/%s.%d", mapname, j);
921 dm_task_destroy(dmt);
926 * If an error occured, try to unroll changes made before it
933 printf("Unrolling dm changes! j = %d (%s)\n", j-1,
936 if ((ret = dm_remove_device(uu_stack[--j])) != 0) {
937 tc_log(1, "Tried to unroll dm changes, "
944 while (uu_stack_idx > 0)
945 free(uu_stack[--uu_stack_idx]);
947 free_safe_mem(params);
953 dm_teardown(const char *mapname, const char *device __unused)
956 struct dm_task *dmt = NULL;
962 if ((error = dm_remove_device(mapname)) != 0) {
963 tc_log(1, "Could not remove mapping %s\n", mapname);
967 /* Try to remove other cascade devices */
968 for (i = 2; i >= 0; i--) {
969 sprintf(map, "%s.%d", mapname, i);
970 dm_remove_device(map);
976 struct tc_crypto_algo *
977 check_cipher(const char *cipher, int quiet)
981 for (i = 0; tc_crypto_algos[i].name != NULL; i++) {
982 if (strcmp(cipher, tc_crypto_algos[i].name) == 0) {
988 if (!found && !quiet) {
989 fprintf(stderr, "Valid ciphers are: ");
990 for (i = 0; tc_crypto_algos[i].name != NULL; i++)
991 fprintf(stderr, "%s ", tc_crypto_algos[i].name);
992 fprintf(stderr, "\n");
996 return &tc_crypto_algos[i];
999 struct tc_cipher_chain *
1000 check_cipher_chain(char *cipher_chain, int quiet)
1002 struct tc_cipher_chain *cipher = NULL;
1003 int i,k, nciphers = 0, mismatch = 0;
1005 char *tmp_chain, *tmp_chain_free;
1008 if ((tmp_chain = strdup(cipher_chain)) == NULL) {
1009 tc_log(1, "Could not allocate strdup memory\n");
1013 tmp_chain_free = tmp_chain;
1015 while ((token = strsep(&tmp_chain, ",")) != NULL)
1016 ciphers[nciphers++] = token;
1020 for (i = 0; valid_cipher_chains[i][0] != NULL; i++) {
1023 for (k = 0; (valid_cipher_chains[i][k] != NULL); k++) {
1025 * If there are more ciphers in the chain than in the
1026 * ciphers[] variable this is not the right chain.
1028 if (k == nciphers) {
1033 if (strcmp(ciphers[k], valid_cipher_chains[i][k]) != 0)
1038 * If all ciphers matched and there are exactly nciphers,
1039 * then we found the right cipher chain.
1041 if ((k == nciphers) && !mismatch) {
1042 cipher = tc_cipher_chains[i];
1047 if (cipher == NULL) {
1048 tc_log(1, "Invalid cipher: %s\n", cipher_chain);
1050 fprintf(stderr, "Valid cipher chains are:\n");
1051 for (i = 0; valid_cipher_chains[i][0] != NULL; i++) {
1052 for (k = 0; valid_cipher_chains[i][k] != NULL;
1054 fprintf(stderr, "%s%c",
1055 valid_cipher_chains[i][k],
1056 (valid_cipher_chains[i][k+1] != NULL) ?
1059 fprintf(stderr, "\n");
1064 free(tmp_chain_free);
1068 struct pbkdf_prf_algo *
1069 check_prf_algo(char *algo, int quiet)
1073 for (i = 0; pbkdf_prf_algos[i].name != NULL; i++) {
1074 if (strcmp(algo, pbkdf_prf_algos[i].name) == 0) {
1080 if (!found && !quiet) {
1081 fprintf(stderr, "Valid PBKDF PRF algorithms are: ");
1082 for (i = 0; pbkdf_prf_algos[i].name != NULL; i++)
1083 fprintf(stderr, "%s ", pbkdf_prf_algos[i].name);
1084 fprintf(stderr, "\n");
1088 return &pbkdf_prf_algos[i];
1096 if ((error = tc_build_cipher_chains()) != 0)
1099 if ((error = tc_crypto_init()) != 0)