2 * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
19 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
22 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
26 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 #include <sys/types.h>
34 #if defined(__DragonFly__)
35 #include <sys/param.h>
47 #if defined(__linux__)
48 #include <libdevmapper.h>
49 #include <uuid/uuid.h>
50 #include <sys/sysmacros.h>
51 #elif defined(__DragonFly__)
64 * - LRW-benbi support? needs further work in dm-crypt and even opencrypto
65 * - secure buffer review (i.e: is everything that needs it using secure mem?)
66 * - mlockall? (at least MCL_FUTURE, which is the only one we support)
69 summary_fn_t summary_fn = NULL;
70 int tc_internal_verbose = 1;
71 char tc_internal_log_buffer[LOG_BUFFER_SZ];
72 int tc_internal_state = STATE_UNKNOWN;
75 tc_log(int is_err, const char *fmt, ...)
87 vsnprintf(tc_internal_log_buffer, LOG_BUFFER_SZ, fmt, ap);
91 if (tc_internal_verbose)
92 fprintf(fp, "%s", tc_internal_log_buffer);
95 /* Supported algorithms */
96 struct pbkdf_prf_algo pbkdf_prf_algos[] = {
97 { "RIPEMD160", "RIPEMD160", 2000, TC_SIG, 0},
98 { "RIPEMD160", "RIPEMD160", 1000, TC_SIG, 1},
99 { "SHA512", "SHA512", 1000, TC_SIG, 0},
100 { "whirlpool", "whirlpool", 1000, TC_SIG, 0},
101 { "RIPEMD160-VC", "RIPEMD160", 655331, VC_SIG, 0},
102 { "RIPEMD160-VC", "RIPEMD160", 327661, VC_SIG, 1},
103 { "SHA512-VC", "SHA512", 500000, VC_SIG, 0},
104 { "whirlpool-VC", "whirlpool", 500000, VC_SIG, 0},
105 { "SHA256-VC", "SHA256", 500000, VC_SIG, 0},
106 { "SHA256-VC", "SHA256", 200000, VC_SIG, 1},
107 { NULL, NULL, 0, NULL, 0}
110 struct tc_crypto_algo tc_crypto_algos[] = {
112 /* XXX: turns out TC doesn't support AES-128-XTS */
113 { "AES-128-XTS", "aes-xts-plain", 32, 8 },
114 { "TWOFISH-128-XTS", "twofish-xts-plain", 32, 8 },
115 { "SERPENT-128-XTS", "serpent-xts-plain", 32, 8 },
117 { "AES-256-XTS", "aes-xts-plain64", 64, 8 },
118 { "TWOFISH-256-XTS", "twofish-xts-plain64", 64, 8 },
119 { "SERPENT-256-XTS", "serpent-xts-plain64", 64, 8 },
123 const char *valid_cipher_chains[][MAX_CIPHER_CHAINS] = {
124 { "AES-256-XTS", NULL },
125 { "TWOFISH-256-XTS", NULL },
126 { "SERPENT-256-XTS", NULL },
127 { "AES-256-XTS", "TWOFISH-256-XTS", "SERPENT-256-XTS", NULL },
128 { "SERPENT-256-XTS", "TWOFISH-256-XTS", "AES-256-XTS", NULL },
130 /* It seems that all the two-way cascades are the other way round... */
131 { "AES-256-XTS", "TWOFISH-256-XTS", NULL },
132 { "SERPENT-256-XTS", "AES-256-XTS", NULL },
133 { "TWOFISH-256-XTS", "SERPENT-256-XTS", NULL },
136 { "TWOFISH-256-XTS", "AES-256-XTS", NULL },
137 { "AES-256-XTS", "SERPENT-256-XTS", NULL },
138 { "SERPENT-256-XTS", "TWOFISH-256-XTS", NULL },
142 struct tc_cipher_chain *tc_cipher_chains[MAX_CIPHER_CHAINS];
146 tc_build_cipher_chains(void)
148 struct tc_cipher_chain *chain, *elem, *prev;
152 while (valid_cipher_chains[i][0] != NULL) {
157 while (valid_cipher_chains[i][k] != NULL) {
158 if ((elem = alloc_safe_mem(sizeof(*elem))) == NULL) {
159 tc_log(1, "Error allocating memory for "
164 /* Initialize first element of chain */
170 /* Populate previous element */
176 /* Assume we are the last element in the chain */
179 /* Initialize other fields */
180 elem->cipher = check_cipher(valid_cipher_chains[i][k], 0);
181 if (elem->cipher == NULL)
190 /* Store cipher chain */
191 tc_cipher_chains[i++] = chain;
193 /* Integrity check */
194 if (i >= MAX_CIPHER_CHAINS) {
195 tc_log(1, "FATAL: tc_cipher_chains is full!!\n");
199 /* Make sure array is NULL terminated */
200 tc_cipher_chains[i] = NULL;
207 struct tc_cipher_chain *
208 tc_dup_cipher_chain(struct tc_cipher_chain *src)
210 struct tc_cipher_chain *first = NULL, *prev = NULL, *elem;
212 for (; src != NULL; src = src->next) {
213 if ((elem = alloc_safe_mem(sizeof(*elem))) == NULL) {
214 tc_log(1, "Error allocating memory for "
215 "duplicate cipher chain\n");
219 memcpy(elem, src, sizeof(*elem));
221 if (src->key != NULL) {
222 if ((elem->key = alloc_safe_mem(src->cipher->klen)) == NULL) {
223 tc_log(1, "Error allocating memory for "
224 "duplicate key in cipher chain\n");
228 memcpy(elem->key, src->key, src->cipher->klen);
248 tc_free_cipher_chain(struct tc_cipher_chain *chain)
250 struct tc_cipher_chain *next = chain;
252 while ((chain = next) != NULL) {
255 if (chain->key != NULL)
256 free_safe_mem(chain->key);
257 free_safe_mem(chain);
264 tc_cipher_chain_length(struct tc_cipher_chain *chain)
268 for (; chain != NULL; chain = chain->next)
275 tc_cipher_chain_klen(struct tc_cipher_chain *chain)
279 for (; chain != NULL; chain = chain->next) {
280 klen_bytes += chain->cipher->klen;
287 tc_cipher_chain_sprint(char *buf, size_t bufsz, struct tc_cipher_chain *chain)
289 static char sbuf[256];
294 bufsz = sizeof(sbuf);
297 for (; chain != NULL; chain = chain->next) {
298 n += snprintf(buf+n, bufsz-n, "%s%s", chain->cipher->name,
299 (chain->next != NULL) ? "," : "\0");
307 print_hex(unsigned char *buf, off_t start, size_t len)
311 for (i = start; i < start+len; i++)
312 printf("%02x", buf[i]);
319 print_info(struct tcplay_info *info)
321 printf("Device:\t\t\t%s\n", info->dev);
323 if (info->pbkdf_prf != NULL) {
324 printf("PBKDF2 PRF:\t\t%s\n", info->pbkdf_prf->name);
325 printf("PBKDF2 iterations:\t%d\n",
326 info->pbkdf_prf->iteration_count);
329 printf("Cipher:\t\t\t%s\n",
330 tc_cipher_chain_sprint(NULL, 0, info->cipher_chain));
332 printf("Key Length:\t\t%d bits\n",
333 8*tc_cipher_chain_klen(info->cipher_chain));
335 if (info->hdr != NULL) {
336 printf("CRC Key Data:\t\t%#x\n", info->hdr->crc_keys);
337 printf("Sector size:\t\t%d\n", info->hdr->sec_sz);
338 printf("Signature:\t\t%c%c%c%c\n", info->hdr->tc_str[0],
339 info->hdr->tc_str[1], info->hdr->tc_str[2],
340 info->hdr->tc_str[3]);
342 printf("Sector size:\t\t512\n");
344 printf("Volume size:\t\t%"DISKSZ_FMT" sectors\n", info->size);
346 /* Don't print this; it's always 0 and is rather confusing */
347 printf("Volume offset:\t\t%"PRIu64"\n", (uint64_t)info->start);
351 printf("Vol Flags:\t\t%d\n", info->volflags);
354 printf("IV offset:\t\t%"PRIu64" sectors\n",
355 (uint64_t)info->skip);
356 printf("Block offset:\t\t%"PRIu64" sectors\n",
357 (uint64_t)info->offset);
362 new_info(const char *dev, int flags, struct tc_cipher_chain *cipher_chain,
363 struct pbkdf_prf_algo *prf, struct tchdr_dec *hdr, off_t start)
365 struct tc_cipher_chain *chain_start;
366 struct tcplay_info *info;
370 chain_start = cipher_chain;
372 if ((info = (struct tcplay_info *)alloc_safe_mem(sizeof(*info))) == NULL) {
373 tc_log(1, "could not allocate safe info memory\n");
377 strncpy(info->dev, dev, sizeof(info->dev));
378 info->cipher_chain = cipher_chain;
379 info->pbkdf_prf = prf;
382 info->blk_sz = hdr->sec_sz;
383 info->size = hdr->sz_mk_scope / hdr->sec_sz; /* volume size */
384 info->skip = hdr->off_mk_scope / hdr->sec_sz; /* iv skip */
386 info->volflags = hdr->flags;
389 if (TC_FLAG_SET(flags, SYS))
390 info->offset = 0; /* offset is 0 for system volumes */
392 info->offset = hdr->off_mk_scope / hdr->sec_sz; /* block offset */
394 /* Associate a key out of the key pool with each cipher in the chain */
395 error = tc_cipher_chain_populate_keys(cipher_chain, hdr->keys);
397 tc_log(1, "could not populate keys in cipher chain\n");
401 for (; cipher_chain != NULL; cipher_chain = cipher_chain->next) {
402 for (i = 0; i < cipher_chain->cipher->klen; i++)
403 sprintf(&cipher_chain->dm_key[i*2], "%02x",
404 cipher_chain->key[i]);
407 tc_cipher_chain_free_keys(chain_start);
413 free_info(struct tcplay_info *info)
415 if (info->cipher_chain)
416 tc_free_cipher_chain(info->cipher_chain);
418 free_safe_mem(info->hdr);
426 adjust_info(struct tcplay_info *info, struct tcplay_info *hinfo)
428 if (hinfo->hdr->sz_hidvol == 0)
431 info->size -= hinfo->hdr->sz_hidvol / hinfo->hdr->sec_sz;
436 process_hdr(const char *dev, int flags, unsigned char *pass, int passlen,
437 struct tchdr_enc *ehdr, struct tcplay_info **pinfo)
439 struct tchdr_dec *dhdr;
440 struct tcplay_info *info;
441 struct tc_cipher_chain *cipher_chain = NULL;
443 int i, j, found, error;
447 if ((key = alloc_safe_mem(MAX_KEYSZ)) == NULL) {
448 tc_log(1, "could not allocate safe key memory\n");
452 /* Start search for correct algorithm combination */
454 for (i = 0; !found && pbkdf_prf_algos[i].name != NULL; i++) {
456 printf("\nTrying PRF algo %s (%d)\n", pbkdf_prf_algos[i].name,
457 pbkdf_prf_algos[i].iteration_count);
459 print_hex(ehdr->salt, 0, sizeof(ehdr->salt));
461 error = pbkdf2(&pbkdf_prf_algos[i], (char *)pass, passlen,
462 ehdr->salt, sizeof(ehdr->salt),
466 tc_log(1, "pbkdf failed for algorithm %s\n",
467 pbkdf_prf_algos[i].name);
473 printf("Derived Key: ");
474 print_hex(key, 0, MAX_KEYSZ);
477 for (j = 0; !found && tc_cipher_chains[j] != NULL; j++) {
478 cipher_chain = tc_dup_cipher_chain(tc_cipher_chains[j]);
480 printf("\nTrying cipher chain %d\n", j);
483 dhdr = decrypt_hdr(ehdr, cipher_chain, key);
485 tc_log(1, "hdr decryption failed for cipher "
491 if (verify_hdr(dhdr, &pbkdf_prf_algos[i])) {
493 printf("tc_str: %.4s, tc_ver: %d, tc_min_ver: %d, "
494 "crc_keys: %d, sz_vol: %"PRIu64", "
495 "off_mk_scope: %"PRIu64", sz_mk_scope: %"PRIu64", "
496 "flags: %d, sec_sz: %d crc_dhdr: %d\n",
497 dhdr->tc_str, dhdr->tc_ver, dhdr->tc_min_ver,
498 dhdr->crc_keys, dhdr->sz_vol, dhdr->off_mk_scope,
499 dhdr->sz_mk_scope, dhdr->flags, dhdr->sec_sz,
505 tc_free_cipher_chain(cipher_chain);
515 if ((info = new_info(dev, flags, cipher_chain,
516 &pbkdf_prf_algos[i-1], dhdr, 0)) == NULL) {
527 create_volume(struct tcplay_opts *opts)
529 char *pass, *pass_again;
532 disksz_t blocks, hidden_blocks = 0;
534 struct tchdr_enc *ehdr, *hehdr;
535 struct tchdr_enc *ehdr_backup, *hehdr_backup;
539 pass = h_pass = pass_again = NULL;
541 ehdr_backup = hehdr_backup = NULL;
542 ret = -1; /* Default to returning error */
544 if (opts->cipher_chain == NULL)
545 opts->cipher_chain = tc_cipher_chains[0];
546 if (opts->prf_algo == NULL)
547 opts->prf_algo = &pbkdf_prf_algos[DEFAULT_PRF_ALGO_IDX];
548 if (opts->h_cipher_chain == NULL)
549 opts->h_cipher_chain = opts->cipher_chain;
550 if (opts->h_prf_algo == NULL)
551 opts->h_prf_algo = opts->prf_algo;
553 if ((error = get_disk_info(opts->dev, &blocks, &blksz)) != 0) {
554 tc_log(1, "could not get disk info\n");
558 if ((blocks*blksz) <= MIN_VOL_BYTES) {
559 tc_log(1, "Cannot create volumes on devices with less "
560 "than %d bytes\n", MIN_VOL_BYTES);
564 if (opts->interactive) {
565 if (((pass = alloc_safe_mem(PASS_BUFSZ)) == NULL) ||
566 ((pass_again = alloc_safe_mem(PASS_BUFSZ)) == NULL)) {
567 tc_log(1, "could not allocate safe passphrase memory\n");
571 if ((error = read_passphrase("Passphrase: ", pass, MAX_PASSSZ,
573 (read_passphrase("Repeat passphrase: ", pass_again,
574 MAX_PASSSZ, PASS_BUFSZ, 0)))) {
575 tc_log(1, "could not read passphrase\n");
579 if (strcmp(pass, pass_again) != 0) {
580 tc_log(1, "Passphrases don't match\n");
584 free_safe_mem(pass_again);
587 /* In batch mode, use provided passphrase */
588 if ((pass = alloc_safe_mem(PASS_BUFSZ)) == NULL) {
589 tc_log(1, "could not allocate safe "
590 "passphrase memory");
594 if (opts->passphrase != NULL) {
595 strncpy(pass, opts->passphrase, MAX_PASSSZ);
596 pass[MAX_PASSSZ] = '\0';
600 if (opts->nkeyfiles > 0) {
601 /* Apply keyfiles to 'pass' */
602 if ((error = apply_keyfiles((unsigned char *)pass, PASS_BUFSZ,
603 opts->keyfiles, opts->nkeyfiles))) {
604 tc_log(1, "could not apply keyfiles\n");
610 if (opts->interactive) {
611 if (((h_pass = alloc_safe_mem(PASS_BUFSZ)) == NULL) ||
612 ((pass_again = alloc_safe_mem(PASS_BUFSZ)) == NULL)) {
613 tc_log(1, "could not allocate safe "
614 "passphrase memory\n");
618 if ((error = read_passphrase("Passphrase for hidden volume: ",
619 h_pass, MAX_PASSSZ, PASS_BUFSZ, 0) ||
620 (read_passphrase("Repeat passphrase: ", pass_again,
621 MAX_PASSSZ, PASS_BUFSZ, 0)))) {
622 tc_log(1, "could not read passphrase\n");
626 if (strcmp(h_pass, pass_again) != 0) {
627 tc_log(1, "Passphrases for hidden volume don't "
632 free_safe_mem(pass_again);
635 /* In batch mode, use provided passphrase */
636 if ((h_pass = alloc_safe_mem(PASS_BUFSZ)) == NULL) {
637 tc_log(1, "could not allocate safe "
638 "passphrase memory");
642 if (opts->h_passphrase != NULL) {
643 strncpy(h_pass, opts->h_passphrase, MAX_PASSSZ);
644 h_pass[MAX_PASSSZ] = '\0';
648 if (opts->n_hkeyfiles > 0) {
649 /* Apply keyfiles to 'h_pass' */
650 if ((error = apply_keyfiles((unsigned char *)h_pass,
651 PASS_BUFSZ, opts->h_keyfiles, opts->n_hkeyfiles))) {
652 tc_log(1, "could not apply keyfiles\n");
657 if (opts->interactive) {
660 hidden_blocks = opts->hidden_size_bytes/blksz;
661 if (hidden_blocks == 0) {
662 tc_log(1, "hidden_blocks to create volume "
663 "cannot be zero!\n");
667 if (opts->hidden_size_bytes >=
668 (blocks*blksz) - MIN_VOL_BYTES) {
669 tc_log(1, "Hidden volume needs to be "
670 "smaller than the outer volume\n");
675 /* This only happens in interactive mode */
676 while (hidden_blocks == 0) {
677 if ((r = _humanize_number(buf, sizeof(buf),
678 (uint64_t)(blocks * blksz))) < 0) {
679 sprintf(buf, "%"DISKSZ_FMT" bytes", (blocks * blksz));
682 printf("The total volume size of %s is %s (bytes)\n", opts->dev, buf);
683 memset(buf, 0, sizeof(buf));
684 printf("Size of hidden volume (e.g. 127M): ");
687 if ((fgets(buf, sizeof(buf), stdin)) == NULL) {
688 tc_log(1, "Could not read from stdin\n");
692 /* get rid of trailing newline */
693 buf[strlen(buf)-1] = '\0';
694 if ((error = _dehumanize_number(buf,
696 tc_log(1, "Could not interpret input: %s\n", buf);
700 if (tmp >= (blocks*blksz) - MIN_VOL_BYTES) {
701 tc_log(1, "Hidden volume needs to be "
702 "smaller than the outer volume\n");
707 hidden_blocks = (size_t)tmp;
708 hidden_blocks /= blksz;
712 if (opts->interactive) {
713 /* Show summary and ask for confirmation */
714 printf("Summary of actions:\n");
715 if (opts->secure_erase)
716 printf(" - Completely erase *EVERYTHING* on %s\n", opts->dev);
717 printf(" - Create %svolume on %s\n", opts->hidden?("outer "):"", opts->dev);
719 printf(" - Create hidden volume of %"DISKSZ_FMT" bytes at end of "
721 hidden_blocks * blksz);
724 printf("\n Are you sure you want to proceed? (y/n) ");
726 if ((fgets(buf, sizeof(buf), stdin)) == NULL) {
727 tc_log(1, "Could not read from stdin\n");
731 if ((buf[0] != 'y') && (buf[0] != 'Y')) {
732 tc_log(1, "User cancelled action(s)\n");
738 if (opts->secure_erase) {
739 tc_log(0, "Securely erasing the volume...\nThis process may take "
740 "some time depending on the size of the volume\n");
742 if (opts->state_change_fn)
743 opts->state_change_fn(opts->api_ctx, "secure_erase", 1);
745 if ((error = secure_erase(opts->dev, blocks * blksz, blksz)) != 0) {
746 tc_log(1, "could not securely erase device %s\n", opts->dev);
750 if (opts->state_change_fn)
751 opts->state_change_fn(opts->api_ctx, "secure_erase", 0);
754 tc_log(0, "Creating volume headers...\nDepending on your system, this "
755 "process may take a few minutes as it uses true random data which "
756 "might take a while to refill\n");
758 if (opts->weak_keys_and_salt) {
759 tc_log(0, "WARNING: Using a weak random generator to get "
760 "entropy for the key material. Odds are this is NOT "
764 if (opts->state_change_fn)
765 opts->state_change_fn(opts->api_ctx, "create_header", 1);
767 /* create encrypted headers */
768 ehdr = create_hdr((unsigned char *)pass,
769 (opts->nkeyfiles > 0)?MAX_PASSSZ:strlen(pass),
770 opts->prf_algo, opts->cipher_chain, blksz, blocks, VOL_RSVD_BYTES_START/blksz,
771 blocks - (MIN_VOL_BYTES/blksz), 0, opts->weak_keys_and_salt, &ehdr_backup);
773 tc_log(1, "Could not create header\n");
778 hehdr = create_hdr((unsigned char *)h_pass,
779 (opts->n_hkeyfiles > 0)?MAX_PASSSZ:strlen(h_pass), opts->h_prf_algo,
780 opts->h_cipher_chain,
782 blocks - (VOL_RSVD_BYTES_END/blksz) - hidden_blocks,
783 hidden_blocks, 1, opts->weak_keys_and_salt, &hehdr_backup);
785 tc_log(1, "Could not create hidden volume header\n");
790 if (opts->state_change_fn)
791 opts->state_change_fn(opts->api_ctx, "create_header", 0);
793 tc_log(0, "Writing volume headers to disk...\n");
795 if ((error = write_to_disk(opts->dev, 0, blksz, ehdr, sizeof(*ehdr))) != 0) {
796 tc_log(1, "Could not write volume header to device\n");
800 /* Write backup header; it's offset is relative to the end */
801 if ((error = write_to_disk(opts->dev, (blocks*blksz - BACKUP_HDR_OFFSET_END),
802 blksz, ehdr_backup, sizeof(*ehdr_backup))) != 0) {
803 tc_log(1, "Could not write backup volume header to device\n");
808 if ((error = write_to_disk(opts->dev, HDR_OFFSET_HIDDEN, blksz, hehdr,
809 sizeof(*hehdr))) != 0) {
810 tc_log(1, "Could not write hidden volume header to "
815 /* Write backup hidden header; offset is relative to end */
816 if ((error = write_to_disk(opts->dev,
817 (blocks*blksz - BACKUP_HDR_HIDDEN_OFFSET_END), blksz,
818 hehdr_backup, sizeof(*hehdr_backup))) != 0) {
819 tc_log(1, "Could not write backup hidden volume "
820 "header to device\n");
825 /* Everything went ok */
826 tc_log(0, "All done!\n");
834 free_safe_mem(h_pass);
836 free_safe_mem(pass_again);
840 free_safe_mem(hehdr);
842 free_safe_mem(ehdr_backup);
844 free_safe_mem(hehdr_backup);
850 info_map_common(struct tcplay_opts *opts, char *passphrase_out)
852 struct tchdr_enc *ehdr, *hehdr = NULL;
853 struct tcplay_info *info, *hinfo = NULL;
856 int error, error2 = 0;
864 if ((error = get_disk_info(opts->dev, &blocks, &blksz)) != 0) {
865 tc_log(1, "could not get disk information\n");
869 if (opts->retries < 1)
872 retries = opts->retries;
875 * Add one retry so we can do a first try without asking for
876 * a password if keyfiles are passed in.
878 if (opts->interactive &&
879 !opts->prompt_passphrase &&
880 (opts->nkeyfiles > 0)) {
888 pass = h_pass = NULL;
890 while ((info == NULL) && retries-- > 0)
892 pass = h_pass = NULL;
896 if ((pass = alloc_safe_mem(PASS_BUFSZ)) == NULL) {
897 tc_log(1, "could not allocate safe passphrase memory\n");
903 } else if (opts->interactive) {
904 if ((error = read_passphrase("Passphrase: ", pass,
905 MAX_PASSSZ, PASS_BUFSZ, opts->timeout))) {
906 tc_log(1, "could not read passphrase\n");
907 /* XXX: handle timeout differently? */
910 pass[MAX_PASSSZ] = '\0';
912 /* In batch mode, use provided passphrase */
913 if (opts->passphrase != NULL) {
914 strncpy(pass, opts->passphrase, MAX_PASSSZ);
915 pass[MAX_PASSSZ] = '\0';
919 if (passphrase_out != NULL) {
920 strcpy(passphrase_out, pass);
923 if (opts->nkeyfiles > 0) {
924 /* Apply keyfiles to 'pass' */
925 if ((error = apply_keyfiles((unsigned char *)pass, PASS_BUFSZ,
926 opts->keyfiles, opts->nkeyfiles))) {
927 tc_log(1, "could not apply keyfiles");
932 if (opts->protect_hidden) {
933 if ((h_pass = alloc_safe_mem(PASS_BUFSZ)) == NULL) {
934 tc_log(1, "could not allocate safe passphrase memory\n");
938 if (opts->interactive) {
939 if ((error = read_passphrase(
940 "Passphrase for hidden volume: ", h_pass,
941 MAX_PASSSZ, PASS_BUFSZ, opts->timeout))) {
942 tc_log(1, "could not read passphrase\n");
945 h_pass[MAX_PASSSZ] = '\0';
947 /* In batch mode, use provided passphrase */
948 if (opts->h_passphrase != NULL) {
949 strncpy(h_pass, opts->h_passphrase, MAX_PASSSZ);
950 h_pass[MAX_PASSSZ] = '\0';
954 if (opts->n_hkeyfiles > 0) {
955 /* Apply keyfiles to 'pass' */
956 if ((error = apply_keyfiles((unsigned char *)h_pass, PASS_BUFSZ,
957 opts->h_keyfiles, opts->n_hkeyfiles))) {
958 tc_log(1, "could not apply keyfiles");
964 /* Always read blksz-sized chunks */
967 if (TC_FLAG_SET(opts->flags, HDR_FROM_FILE)) {
968 ehdr = (struct tchdr_enc *)read_to_safe_mem(
969 opts->hdr_file_in, 0, &sz);
971 tc_log(1, "error read hdr_enc: %s", opts->hdr_file_in);
975 ehdr = (struct tchdr_enc *)read_to_safe_mem(
976 (TC_FLAG_SET(opts->flags, SYS)) ? opts->sys_dev : opts->dev,
977 (TC_FLAG_SET(opts->flags, SYS) || TC_FLAG_SET(opts->flags, FDE)) ?
979 (!TC_FLAG_SET(opts->flags, BACKUP)) ? 0 : -BACKUP_HDR_OFFSET_END,
982 tc_log(1, "error read hdr_enc: %s", opts->dev);
987 if (!TC_FLAG_SET(opts->flags, SYS)) {
988 /* Always read blksz-sized chunks */
991 if (TC_FLAG_SET(opts->flags, H_HDR_FROM_FILE)) {
992 hehdr = (struct tchdr_enc *)read_to_safe_mem(
993 opts->h_hdr_file_in, 0, &sz);
995 tc_log(1, "error read hdr_enc: %s", opts->h_hdr_file_in);
999 hehdr = (struct tchdr_enc *)read_to_safe_mem(opts->dev,
1000 (!TC_FLAG_SET(opts->flags, BACKUP)) ? HDR_OFFSET_HIDDEN :
1001 -BACKUP_HDR_HIDDEN_OFFSET_END, &sz);
1002 if (hehdr == NULL) {
1003 tc_log(1, "error read hdr_enc: %s", opts->dev);
1011 error = process_hdr(opts->dev, opts->flags, (unsigned char *)pass,
1012 (opts->nkeyfiles > 0)?MAX_PASSSZ:strlen(pass),
1016 * Try to process hidden header if we have to protect the hidden
1017 * volume, or the decryption/verification of the main header
1020 if (hehdr && (error || opts->protect_hidden)) {
1022 error2 = process_hdr(opts->dev, opts->flags, (unsigned char *)pass,
1023 (opts->nkeyfiles > 0)?MAX_PASSSZ:strlen(pass), hehdr,
1025 is_hidden = !error2;
1026 } else if (opts->protect_hidden) {
1027 error2 = process_hdr(opts->dev, opts->flags, (unsigned char *)h_pass,
1028 (opts->n_hkeyfiles > 0)?MAX_PASSSZ:strlen(h_pass), hehdr,
1033 /* We need both to protect a hidden volume */
1034 if ((opts->protect_hidden && (error || error2)) ||
1035 (error && error2)) {
1037 tc_log(1, "Incorrect password or not a TrueCrypt volume\n");
1048 /* Try again (or finish) */
1049 free_safe_mem(pass);
1053 free_safe_mem(h_pass);
1057 free_safe_mem(ehdr);
1061 free_safe_mem(hehdr);
1069 if (opts->protect_hidden) {
1070 if (adjust_info(info, hinfo) != 0) {
1071 tc_log(1, "Could not protect hidden volume\n");
1095 free_safe_mem(pass);
1097 free_safe_mem(h_pass);
1099 free_safe_mem(ehdr);
1101 free_safe_mem(hehdr);
1104 info->hidden = is_hidden;
1110 info_mapped_volume(struct tcplay_opts *opts)
1112 struct tcplay_info *info;
1114 info = dm_info_map(opts->map_name);
1116 if (opts->interactive)
1123 } else if (opts->interactive) {
1124 tc_log(1, "Could not retrieve information about mapped "
1125 "volume %s. Does it exist?\n", opts->map_name);
1132 info_volume(struct tcplay_opts *opts)
1134 struct tcplay_info *info;
1136 info = info_map_common(opts, NULL);
1139 if (opts->interactive)
1152 map_volume(struct tcplay_opts *opts)
1154 struct tcplay_info *info;
1157 info = info_map_common(opts, NULL);
1162 if ((error = dm_setup(opts->map_name, info)) != 0) {
1163 tc_log(1, "Could not set up mapping %s\n", opts->map_name);
1168 if (opts->interactive)
1169 printf("All ok!\n");
1177 modify_volume(struct tcplay_opts *opts)
1179 struct tcplay_info *info;
1180 struct tchdr_enc *ehdr, *ehdr_backup;
1181 const char *new_passphrase = opts->new_passphrase;
1182 const char **new_keyfiles = opts->new_keyfiles;
1183 struct pbkdf_prf_algo *new_prf_algo = opts->new_prf_algo;
1184 int n_newkeyfiles = opts->n_newkeyfiles;
1185 char *pass, *pass_again;
1187 off_t offset, offset_backup = 0;
1193 ehdr = ehdr_backup = NULL;
1194 pass = pass_again = NULL;
1197 if (TC_FLAG_SET(opts->flags, ONLY_RESTORE)) {
1198 if (opts->interactive) {
1199 if ((pass = alloc_safe_mem(PASS_BUFSZ)) == NULL) {
1200 tc_log(1, "could not allocate safe "
1201 "passphrase memory");
1205 new_passphrase = opts->passphrase;
1207 new_keyfiles = opts->keyfiles;
1208 n_newkeyfiles = opts->nkeyfiles;
1209 new_prf_algo = NULL;
1212 info = info_map_common(opts, pass);
1216 if (opts->interactive && !TC_FLAG_SET(opts->flags, ONLY_RESTORE)) {
1217 if (((pass = alloc_safe_mem(PASS_BUFSZ)) == NULL) ||
1218 ((pass_again = alloc_safe_mem(PASS_BUFSZ)) == NULL)) {
1219 tc_log(1, "could not allocate safe passphrase memory\n");
1223 if ((error = read_passphrase("New passphrase: ", pass, MAX_PASSSZ,
1225 (read_passphrase("Repeat passphrase: ", pass_again,
1226 MAX_PASSSZ, PASS_BUFSZ, 0)))) {
1227 tc_log(1, "could not read passphrase\n");
1231 if (strcmp(pass, pass_again) != 0) {
1232 tc_log(1, "Passphrases don't match\n");
1236 free_safe_mem(pass_again);
1238 } else if (!opts->interactive) {
1239 /* In batch mode, use provided passphrase */
1240 if ((pass = alloc_safe_mem(PASS_BUFSZ)) == NULL) {
1241 tc_log(1, "could not allocate safe "
1242 "passphrase memory");
1246 if (new_passphrase != NULL) {
1247 strncpy(pass, new_passphrase, MAX_PASSSZ);
1248 pass[MAX_PASSSZ] = '\0';
1252 if (n_newkeyfiles > 0) {
1253 /* Apply keyfiles to 'pass' */
1254 if ((error = apply_keyfiles((unsigned char *)pass, PASS_BUFSZ,
1255 new_keyfiles, n_newkeyfiles))) {
1256 tc_log(1, "could not apply keyfiles\n");
1261 ehdr = copy_reencrypt_hdr((unsigned char *)pass,
1262 (opts->n_newkeyfiles > 0)?MAX_PASSSZ:strlen(pass),
1263 new_prf_algo, opts->weak_keys_and_salt, info, &ehdr_backup);
1265 tc_log(1, "Could not create header\n");
1269 dev = (TC_FLAG_SET(opts->flags, SYS)) ? opts->sys_dev : opts->dev;
1270 if (TC_FLAG_SET(opts->flags, SYS) || TC_FLAG_SET(opts->flags, FDE)) {
1271 /* SYS and FDE don't have backup headers (as far as I understand) */
1273 offset = HDR_OFFSET_HIDDEN;
1275 offset = HDR_OFFSET_SYS;
1279 offset = HDR_OFFSET_HIDDEN;
1280 offset_backup = -BACKUP_HDR_HIDDEN_OFFSET_END;
1283 offset_backup = -BACKUP_HDR_OFFSET_END;
1287 if ((error = get_disk_info(dev, &blocks, &blksz)) != 0) {
1288 tc_log(1, "could not get disk information\n");
1292 tc_log(0, "Writing new volume headers to disk/file...\n");
1294 if (TC_FLAG_SET(opts->flags, SAVE_TO_FILE)) {
1295 if ((error = write_to_file(opts->hdr_file_out, ehdr, sizeof(*ehdr))) != 0) {
1296 tc_log(1, "Could not write volume header to file\n");
1300 if ((error = write_to_disk(dev, offset, blksz, ehdr,
1301 sizeof(*ehdr))) != 0) {
1302 tc_log(1, "Could not write volume header to device\n");
1306 if (!TC_FLAG_SET(opts->flags, SYS) && !TC_FLAG_SET(opts->flags, FDE)) {
1307 if ((error = write_to_disk(dev, offset_backup, blksz,
1308 ehdr_backup, sizeof(*ehdr_backup))) != 0) {
1309 tc_log(1, "Could not write backup volume header to device\n");
1315 /* Everything went ok */
1316 tc_log(0, "All done!\n");
1322 free_safe_mem(pass);
1324 free_safe_mem(pass_again);
1326 free_safe_mem(ehdr);
1328 free_safe_mem(ehdr_backup);
1330 free_safe_mem(info);
1337 dm_get_info(const char *name, struct dm_info *dmi)
1339 struct dm_task *dmt = NULL;
1342 if ((dmt = dm_task_create(DM_DEVICE_INFO)) == NULL)
1345 if ((dm_task_set_name(dmt, name)) == 0)
1348 if ((dm_task_run(dmt)) == 0)
1351 if ((dm_task_get_info(dmt, dmi)) == 0)
1358 dm_task_destroy(dmt);
1363 #if defined(__DragonFly__)
1366 xlate_maj_min(const char *start_path __unused, int max_depth __unused,
1367 char *buf, size_t bufsz, uint32_t maj, uint32_t min)
1369 dev_t dev = makedev(maj, min);
1371 snprintf(buf, bufsz, "/dev/%s", devname(dev, S_IFCHR));
1377 xlate_maj_min(const char *start_path, int max_depth, char *buf, size_t bufsz,
1378 uint32_t maj, uint32_t min)
1380 dev_t dev = makedev(maj, min);
1381 char path[PATH_MAX];
1390 if ((dirp = opendir(start_path)) == NULL)
1393 while ((ent = readdir(dirp)) != NULL) {
1394 /* d_name, d_type, DT_BLK, DT_CHR, DT_DIR, DT_LNK */
1395 if (ent->d_name[0] == '.')
1398 /* Linux' /dev is littered with junk, so skip over it */
1400 * The dm-<number> devices seem to be the raw DM devices
1401 * things in mapper/ link to.
1403 if (((strcmp(ent->d_name, "block")) == 0) ||
1404 ((strcmp(ent->d_name, "fd")) == 0) ||
1405 (((strncmp(ent->d_name, "dm-", 3) == 0) && strlen(ent->d_name) <= 5)))
1408 snprintf(path, PATH_MAX, "%s/%s", start_path, ent->d_name);
1410 if ((stat(path, &sb)) < 0)
1413 if (S_ISDIR(sb.st_mode)) {
1414 found = !xlate_maj_min(path, max_depth-1, buf, bufsz, maj, min);
1419 if (!S_ISBLK(sb.st_mode))
1422 if (sb.st_rdev != dev)
1425 snprintf(buf, bufsz, "%s", path);
1433 return found ? 0 : -ENOENT;
1438 struct tcplay_dm_table *
1439 dm_get_table(const char *name)
1441 struct tcplay_dm_table *tc_table;
1442 struct dm_task *dmt = NULL;
1444 uint64_t start, length;
1451 if ((tc_table = (struct tcplay_dm_table *)alloc_safe_mem(sizeof(*tc_table))) == NULL) {
1452 tc_log(1, "could not allocate safe tc_table memory\n");
1456 if ((dmt = dm_task_create(DM_DEVICE_TABLE)) == NULL)
1459 if ((dm_task_set_name(dmt, name)) == 0)
1462 if ((dm_task_run(dmt)) == 0)
1465 tc_table->start = (off_t)0;
1466 tc_table->size = (size_t)0;
1469 next = dm_get_next_target(dmt, next, &start, &length,
1470 &target_type, ¶ms);
1472 tc_table->size += (size_t)length;
1473 strncpy(tc_table->target, target_type,
1474 sizeof(tc_table->target));
1476 /* Skip any leading whitespace */
1477 while (params && *params == ' ')
1480 if (strcmp(target_type, "crypt") == 0) {
1481 while ((p1 = strsep(¶ms, " ")) != NULL) {
1482 /* Skip any whitespace before the next strsep */
1483 while (params && *params == ' ')
1489 strncpy(tc_table->cipher, p1,
1490 sizeof(tc_table->cipher));
1491 } else if (c == 2) {
1493 tc_table->skip = (off_t)strtoll(p1, NULL, 10);
1494 } else if (c == 3) {
1496 maj = strtoul(p1, NULL, 10);
1497 while (*p1 != ':' && *p1 != '\0')
1499 min = strtoul(++p1, NULL, 10);
1500 if ((xlate_maj_min("/dev", 2, tc_table->device,
1501 sizeof(tc_table->device), maj, min)) != 0)
1502 snprintf(tc_table->device,
1503 sizeof(tc_table->device),
1505 } else if (c == 4) {
1507 tc_table->offset = (off_t)strtoll(p1,
1514 tc_log(1, "could not get all the info required from "
1519 } while (next != NULL);
1522 dm_task_destroy(dmt);
1525 printf("device: %s\n", tc_table->device);
1526 printf("target: %s\n", tc_table->target);
1527 printf("cipher: %s\n", tc_table->cipher);
1528 printf("size: %ju\n", tc_table->size);
1529 printf("offset: %"PRId64"\n", tc_table->offset);
1530 printf("skip: %"PRId64"\n", tc_table->skip);
1537 dm_task_destroy(dmt);
1539 free_safe_mem(tc_table);
1544 struct tcplay_info *
1545 dm_info_map(const char *map_name)
1547 struct dm_task *dmt = NULL;
1548 struct dm_info dmi[3];
1549 struct tcplay_dm_table *dm_table[3];
1550 struct tc_crypto_algo *crypto_algo;
1551 struct tcplay_info *info;
1554 int i, outermost = -1;
1556 memset(dm_table, 0, sizeof(dm_table));
1558 if ((info = (struct tcplay_info *)alloc_safe_mem(sizeof(*info))) == NULL) {
1559 tc_log(1, "could not allocate safe info memory\n");
1563 strncpy(map, map_name, PATH_MAX);
1564 for (i = 0; i < 3; i++) {
1565 if ((dm_get_info(map, &dmi[i])) != 0)
1569 dm_table[i] = dm_get_table(map);
1571 snprintf(map, PATH_MAX, "%s.%d", map_name, i);
1575 dm_task_destroy(dmt);
1577 if (dm_table[0] == NULL)
1581 * Process our dmi, dm_table fun into the info structure.
1583 /* First find which cipher chain we are using */
1585 for (i = 0; i < 3; i++) {
1586 if (dm_table[i] == NULL)
1592 crypto_algo = &tc_crypto_algos[0];
1593 while ((crypto_algo != NULL) &&
1594 (strcmp(dm_table[i]->cipher, crypto_algo->dm_crypt_str) != 0))
1596 if (crypto_algo == NULL) {
1597 tc_log(1, "could not find corresponding cipher\n");
1600 strcat(ciphers, crypto_algo->name);
1601 strcat(ciphers, ",");
1603 ciphers[strlen(ciphers)-1] = '\0';
1605 info->cipher_chain = check_cipher_chain(ciphers, 1);
1606 if (info->cipher_chain == NULL) {
1607 tc_log(1, "could not find cipher chain\n");
1611 info->cipher_chain = tc_dup_cipher_chain(info->cipher_chain);
1612 if (info->cipher_chain == NULL) {
1613 tc_log(1, "could not dup cipher chain\n");
1617 /* Copy over the name */
1618 strncpy(info->dev, dm_table[outermost]->device, sizeof(info->dev));
1622 info->pbkdf_prf = NULL;
1623 info->start = dm_table[outermost]->start;
1624 info->size = dm_table[0]->size;
1625 info->skip = dm_table[outermost]->skip;
1626 info->offset = dm_table[outermost]->offset;
1629 for (i = 0; i < 3; i++)
1630 if (dm_table[i] != NULL)
1631 free_safe_mem(dm_table[i]);
1637 dm_task_destroy(dmt);
1639 free_safe_mem(info);
1640 for (i = 0; i < 3; i++)
1641 if (dm_table[i] != NULL)
1642 free_safe_mem(dm_table[i]);
1649 dm_exists_device(const char *name)
1654 if (dm_get_info(name, &dmi) != 0)
1657 exists = dmi.exists;
1665 dm_remove_device(const char *name)
1667 struct dm_task *dmt = NULL;
1670 if ((dmt = dm_task_create(DM_DEVICE_REMOVE)) == NULL)
1673 if ((dm_task_set_name(dmt, name)) == 0)
1676 if ((dm_task_run(dmt)) == 0)
1682 dm_task_destroy(dmt);
1688 dm_setup(const char *mapname, struct tcplay_info *info)
1690 struct tc_cipher_chain *cipher_chain;
1691 struct dm_task *dmt = NULL;
1693 char *params = NULL;
1697 #if defined(__DragonFly__)
1702 off_t start, offset;
1707 dm_udev_set_sync_support(1);
1709 if ((params = alloc_safe_mem(512)) == NULL) {
1710 tc_log(1, "could not allocate safe parameters memory");
1714 strcpy(dev, info->dev);
1717 * Device Mapper blocks are always 512-byte blocks, so convert
1718 * from the "native" block size to the dm block size here.
1720 start = INFO_TO_DM_BLOCKS(info, start);
1721 offset = INFO_TO_DM_BLOCKS(info, offset);
1725 * Find length of cipher chain. Could use the for below, but doesn't
1728 len = tc_cipher_chain_length(info->cipher_chain);
1730 /* Get to the end of the chain */
1731 for (cipher_chain = info->cipher_chain; cipher_chain->next != NULL;
1732 cipher_chain = cipher_chain->next)
1736 * Start j at len-2, as we want to use .0, and the final one has no
1739 for (j = len-2; cipher_chain != NULL;
1740 cipher_chain = cipher_chain->prev, j--) {
1744 if ((dmt = dm_task_create(DM_DEVICE_CREATE)) == NULL) {
1745 tc_log(1, "dm_task_create failed\n");
1751 * If this is the last element in the cipher chain, use the
1752 * final map name. Otherwise pick a secondary name...
1754 if (cipher_chain->prev == NULL)
1755 strcpy(map, mapname);
1757 sprintf(map, "%s.%d", mapname, j);
1759 if ((dm_task_set_name(dmt, map)) == 0) {
1760 tc_log(1, "dm_task_set_name failed\n");
1765 #if defined(__linux__)
1766 uuid_generate(info->uuid);
1767 if ((uu_temp = malloc(1024)) == NULL) {
1768 tc_log(1, "uuid_unparse memory failed\n");
1772 uuid_unparse(info->uuid, uu_temp);
1773 #elif defined(__DragonFly__)
1774 uuid_create(&info->uuid, &status);
1775 if (status != uuid_s_ok) {
1776 tc_log(1, "uuid_create failed\n");
1781 uuid_to_string(&info->uuid, &uu_temp, &status);
1782 if (uu_temp == NULL) {
1783 tc_log(1, "uuid_to_string failed\n");
1789 if ((uu = malloc(1024)) == NULL) {
1791 tc_log(1, "uuid second malloc failed\n");
1796 snprintf(uu, 1024, "CRYPT-TCPLAY-%s", uu_temp);
1799 if ((dm_task_set_uuid(dmt, uu)) == 0) {
1801 tc_log(1, "dm_task_set_uuid failed\n");
1808 if (TC_FLAG_SET(info->flags, FDE)) {
1810 * When the full disk encryption (FDE) flag is set,
1811 * we map the first N sectors using a linear target
1812 * as they aren't encrypted.
1816 /* dev---^ block off --^ */
1817 snprintf(params, 512, "%s 0", dev);
1819 if ((dm_task_add_target(dmt, 0,
1820 INFO_TO_DM_BLOCKS(info, offset),
1821 "linear", params)) == 0) {
1822 tc_log(1, "dm_task_add_target failed\n");
1827 start = INFO_TO_DM_BLOCKS(info, offset);
1830 /* aes-cbc-essiv:sha256 7997f8af... 0 /dev/ad0s0a 8 <opts> */
1831 /* iv off---^ block off--^ <opts> */
1832 snprintf(params, 512, "%s %s %"PRIu64 " %s %"PRIu64 " %s",
1833 cipher_chain->cipher->dm_crypt_str, cipher_chain->dm_key,
1834 (uint64_t)INFO_TO_DM_BLOCKS(info, skip), dev,
1836 TC_FLAG_SET(info->flags, ALLOW_TRIM) ? "1 allow_discards" : "");
1838 printf("Params: %s\n", params);
1841 if ((dm_task_add_target(dmt, start,
1842 INFO_TO_DM_BLOCKS(info, size), "crypt", params)) == 0) {
1843 tc_log(1, "dm_task_add_target failed\n");
1848 if ((dm_task_set_cookie(dmt, &cookie, 0)) == 0) {
1849 tc_log(1, "dm_task_set_cookie failed\n");
1854 if ((dm_task_run(dmt)) == 0) {
1855 dm_udev_wait(cookie);
1856 tc_log(1, "dm_task_run failed\n");
1861 if ((dm_task_get_info(dmt, &dmi)) == 0) {
1862 dm_udev_wait(cookie);
1863 tc_log(1, "dm_task_get info failed\n");
1868 dm_udev_wait(cookie);
1870 if ((r = asprintf(&uu_stack[uu_stack_idx++], "%s", map)) < 0)
1871 tc_log(1, "warning, asprintf failed. won't be able to "
1872 "unroll changes\n");
1877 sprintf(dev, "/dev/mapper/%s.%d", mapname, j);
1879 dm_task_destroy(dmt);
1880 dm_task_update_nodes();
1885 * If an error occured, try to unroll changes made before it
1892 printf("Unrolling dm changes! j = %d (%s)\n", j-1,
1895 if ((uu_stack[j-1] == NULL) ||
1896 ((r = dm_remove_device(uu_stack[--j])) != 0)) {
1897 tc_log(1, "Tried to unroll dm changes, "
1904 while (uu_stack_idx > 0)
1905 free(uu_stack[--uu_stack_idx]);
1907 free_safe_mem(params);
1913 dm_teardown(const char *mapname, const char *device __unused)
1916 struct dm_task *dmt = NULL;
1922 if ((error = dm_remove_device(mapname)) != 0) {
1923 tc_log(1, "Could not remove mapping %s\n", mapname);
1927 /* Try to remove other cascade devices */
1928 for (i = 0; i < 2; i++) {
1929 sprintf(map, "%s.%d", mapname, i);
1930 if (dm_exists_device(map))
1931 dm_remove_device(map);
1937 struct tc_crypto_algo *
1938 check_cipher(const char *cipher, int quiet)
1942 for (i = 0; tc_crypto_algos[i].name != NULL; i++) {
1943 if (strcmp(cipher, tc_crypto_algos[i].name) == 0) {
1949 if (!found && !quiet) {
1950 fprintf(stderr, "Valid ciphers are: ");
1951 for (i = 0; tc_crypto_algos[i].name != NULL; i++)
1952 fprintf(stderr, "%s ", tc_crypto_algos[i].name);
1953 fprintf(stderr, "\n");
1957 return &tc_crypto_algos[i];
1960 struct tc_cipher_chain *
1961 check_cipher_chain(const char *cipher_chain, int quiet)
1963 struct tc_cipher_chain *cipher = NULL;
1964 int i,k, nciphers = 0, mismatch = 0;
1966 char *tmp_chain, *tmp_chain_free;
1969 if ((tmp_chain = strdup(cipher_chain)) == NULL) {
1970 tc_log(1, "Could not allocate strdup memory\n");
1974 tmp_chain_free = tmp_chain;
1976 while ((token = strsep(&tmp_chain, ",")) != NULL)
1977 ciphers[nciphers++] = token;
1981 for (i = 0; valid_cipher_chains[i][0] != NULL; i++) {
1984 for (k = 0; (valid_cipher_chains[i][k] != NULL); k++) {
1986 * If there are more ciphers in the chain than in the
1987 * ciphers[] variable this is not the right chain.
1989 if (k == nciphers) {
1994 if (strcmp(ciphers[k], valid_cipher_chains[i][k]) != 0)
1999 * If all ciphers matched and there are exactly nciphers,
2000 * then we found the right cipher chain.
2002 if ((k == nciphers) && !mismatch) {
2003 cipher = tc_cipher_chains[i];
2008 if (cipher == NULL) {
2009 tc_log(1, "Invalid cipher: %s\n", cipher_chain);
2011 fprintf(stderr, "Valid cipher chains are:\n");
2012 for (i = 0; valid_cipher_chains[i][0] != NULL; i++) {
2013 for (k = 0; valid_cipher_chains[i][k] != NULL;
2015 fprintf(stderr, "%s%c",
2016 valid_cipher_chains[i][k],
2017 (valid_cipher_chains[i][k+1] != NULL) ?
2020 fprintf(stderr, "\n");
2025 free(tmp_chain_free);
2029 struct pbkdf_prf_algo *
2030 check_prf_algo(const char *algo, int sys, int quiet)
2034 for (i = 0; pbkdf_prf_algos[i].name != NULL; i++) {
2035 if (sys != pbkdf_prf_algos[i].sys)
2038 if (strcmp(algo, pbkdf_prf_algos[i].name) == 0) {
2044 if (!found && !quiet) {
2045 fprintf(stderr, "Valid PBKDF PRF algorithms are: ");
2046 for (i = 0; pbkdf_prf_algos[i].name != NULL; i++) {
2047 if (sys != pbkdf_prf_algos[i].sys)
2049 fprintf(stderr, "%s ", pbkdf_prf_algos[i].name);
2051 fprintf(stderr, "\n");
2055 return &pbkdf_prf_algos[i];
2063 if ((error = tc_build_cipher_chains()) != 0)
2066 if ((error = tc_crypto_init()) != 0)
2072 struct tcplay_opts *opts_init(void)
2074 struct tcplay_opts *opts;
2076 if ((opts = (struct tcplay_opts *)alloc_safe_mem(sizeof(*opts))) == NULL) {
2077 tc_log(1, "could not allocate safe opts memory\n");
2081 memset(opts, 0, sizeof(*opts));
2083 opts->retries = DEFAULT_RETRIES;
2084 opts->secure_erase = 1;
2090 opts_add_keyfile(struct tcplay_opts *opts, const char *keyfile)
2094 if (opts->nkeyfiles == MAX_KEYFILES)
2097 if ((keyf = strdup_safe_mem(keyfile)) == NULL) {
2101 opts->keyfiles[opts->nkeyfiles++] = keyf;
2107 opts_add_keyfile_hidden(struct tcplay_opts *opts, const char *keyfile)
2111 if (opts->n_hkeyfiles == MAX_KEYFILES)
2114 if ((keyf = strdup_safe_mem(keyfile)) == NULL) {
2118 opts->h_keyfiles[opts->n_hkeyfiles++] = keyf;
2124 opts_add_keyfile_new(struct tcplay_opts *opts, const char *keyfile)
2128 if (opts->n_newkeyfiles == MAX_KEYFILES)
2131 if ((keyf = strdup_safe_mem(keyfile)) == NULL) {
2135 opts->new_keyfiles[opts->n_newkeyfiles++] = keyf;
2141 opts_clear_keyfile(struct tcplay_opts *opts)
2145 for (i = 0; i < opts->nkeyfiles; i++) {
2146 free_safe_mem(opts->keyfiles[i]);
2149 opts->nkeyfiles = 0;
2153 opts_clear_keyfile_hidden(struct tcplay_opts *opts)
2157 for (i = 0; i < opts->n_hkeyfiles; i++) {
2158 free_safe_mem(opts->h_keyfiles[i]);
2161 opts->n_hkeyfiles = 0;
2166 opts_clear_keyfile_new(struct tcplay_opts *opts)
2170 for (i = 0; i < opts->n_newkeyfiles; i++) {
2171 free_safe_mem(opts->new_keyfiles[i]);
2174 opts->n_newkeyfiles = 0;
2179 opts_free(struct tcplay_opts *opts)
2183 for (i = 0; i < opts->nkeyfiles; i++) {
2184 free_safe_mem(opts->keyfiles[i]);
2187 for (i = 0; i < opts->n_hkeyfiles; i++) {
2188 free_safe_mem(opts->h_keyfiles[i]);
2191 for (i = 0; i < opts->n_newkeyfiles; i++) {
2192 free_safe_mem(opts->new_keyfiles[i]);
2196 free_safe_mem(opts->dev);
2197 if (opts->passphrase)
2198 free_safe_mem(opts->passphrase);
2199 if (opts->h_passphrase)
2200 free_safe_mem(opts->h_passphrase);
2201 if (opts->new_passphrase)
2202 free_safe_mem(opts->new_passphrase);
2204 free_safe_mem(opts->map_name);
2206 free_safe_mem(opts->sys_dev);
2207 if (opts->hdr_file_in)
2208 free_safe_mem(opts->hdr_file_in);
2209 if (opts->h_hdr_file_in)
2210 free_safe_mem(opts->h_hdr_file_in);
2211 if (opts->hdr_file_out)
2212 free_safe_mem(opts->hdr_file_out);
2214 free_safe_mem(opts);