2 * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
19 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
22 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
26 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 #include "tcplay_api.h"
39 #include "tcplay_api_internal.h"
43 tc_api_init(int verbose)
47 tc_internal_verbose = verbose;
49 if ((error = tc_play_init()) != 0)
58 check_and_purge_safe_mem();
63 static const char *_caps[] = {
69 tc_api_has(const char *feature)
74 for (cap = _caps[0], i = 0; cap != NULL; cap = _caps[++i]) {
75 if ((strcmp(cap, feature)) == 0)
83 tc_api_cipher_iterate(tc_api_cipher_iterator_fn fn, void *priv)
86 struct tc_cipher_chain *chain;
96 for (i = 0, chain = tc_cipher_chains[0]; chain != NULL;
97 chain = tc_cipher_chains[++i]) {
98 tc_cipher_chain_sprint(buf, sizeof(buf), chain);
99 klen = tc_cipher_chain_klen(chain);
100 length = tc_cipher_chain_length(chain);
101 if ((fn(priv, buf, klen, length)) < 0)
109 tc_api_prf_iterate(tc_api_prf_iterator_fn fn, void *priv)
118 for (i = 0; pbkdf_prf_algos[i].name != NULL; i++) {
119 /* Skip over sys PRFs */
120 if (pbkdf_prf_algos[i].sys)
123 if ((fn(priv, pbkdf_prf_algos[i].name)) < 0)
132 tc_api_task_get_error(tc_api_task task __unused)
134 return tc_internal_log_buffer;
138 #define _match(k, v) (strcmp(k, v) == 0)
141 tc_api_task_init(const char *op)
143 tc_api_task task = NULL;
146 if ((task = alloc_safe_mem(sizeof(*task))) == NULL) {
151 if ((task->opts = opts_init()) == NULL) {
156 if (_match(op, "create")) {
157 task->op = TC_OP_CREATE;
158 } else if (_match(op, "map")) {
159 task->op = TC_OP_MAP;
160 } else if (_match(op, "unmap")) {
161 task->op = TC_OP_UNMAP;
162 } else if (_match(op, "info")) {
163 task->op = TC_OP_INFO;
164 } else if (_match(op, "info_mapped")) {
165 task->op = TC_OP_INFO_MAPPED;
166 } else if (_match(op, "modify")) {
167 task->op = TC_OP_MODIFY;
168 } else if (_match(op, "restore")) {
169 task->op = TC_OP_RESTORE;
178 if (fail && task != NULL) {
179 if (task->opts != NULL)
180 opts_free(task->opts);
184 return fail ? NULL : task;
188 tc_api_task_uninit(tc_api_task task)
190 if (task->last_info != NULL)
191 free_info(task->last_info);
192 opts_free(task->opts);
199 #define _set_str(k) \
201 if ((opts->k = strdup_safe_mem(s)) == NULL) { \
208 #define _clr_str(k) \
211 free_safe_mem(opts->k); \
216 tc_api_task_set(tc_api_task task, const char *key, ...)
218 struct tcplay_opts *opts;
223 tc_api_state_change_fn sc_fn;
227 if (task == NULL || key == NULL || ((opts = task->opts) == NULL)) {
234 if (_match(key, "interactive")) {
236 opts->interactive = i;
237 } else if (_match(key, "weak_keys_and_salt")) {
239 opts->weak_keys_and_salt = i;
240 } else if (_match(key, "secure_erase")) {
242 opts->secure_erase = i;
243 } else if (_match(key, "protect_hidden")) {
245 opts->protect_hidden = i;
246 } else if (_match(key, "fde")) {
249 opts->flags |= TC_FLAG_FDE;
251 opts->flags &= ~TC_FLAG_FDE;
252 } else if (_match(key, "use_backup_header")) {
255 opts->flags |= TC_FLAG_BACKUP;
257 opts->flags &= ~TC_FLAG_BACKUP;
258 } else if (_match(key, "allow_trim")) {
261 opts->flags |= TC_FLAG_ALLOW_TRIM;
263 opts->flags &= ~TC_FLAG_ALLOW_TRIM;
264 } else if (_match(key, "hidden_size_bytes")) {
265 i64 = va_arg(ap, int64_t);
266 opts->hidden_size_bytes = (disksz_t)i64;
267 opts->hidden = (i64 > 0);
268 } else if (_match(key, "retries")) {
271 } else if (_match(key, "timeout")) {
273 opts->timeout = (time_t)i;
274 } else if (_match(key, "save_header_to_file")) {
275 s = va_arg(ap, const char *);
277 _set_str(hdr_file_out);
278 opts->flags |= TC_FLAG_SAVE_TO_FILE;
280 _clr_str(hdr_file_out);
281 opts->flags &= ~TC_FLAG_SAVE_TO_FILE;
283 } else if (_match(key, "header_from_file")) {
284 s = va_arg(ap, const char *);
286 _set_str(hdr_file_in);
287 opts->flags |= TC_FLAG_HDR_FROM_FILE;
289 _clr_str(hdr_file_in);
290 opts->flags &= ~TC_FLAG_HDR_FROM_FILE;
292 } else if (_match(key, "hidden_header_from_file")) {
293 s = va_arg(ap, const char *);
295 _set_str(h_hdr_file_in);
296 opts->flags |= TC_FLAG_H_HDR_FROM_FILE;
298 _clr_str(h_hdr_file_in);
299 opts->flags &= ~TC_FLAG_H_HDR_FROM_FILE;
301 } else if (_match(key, "sys")) {
302 s = va_arg(ap, const char *);
305 opts->flags |= TC_FLAG_SYS;
308 opts->flags &= ~TC_FLAG_SYS;
310 } else if (_match(key, "passphrase")) {
311 s = va_arg(ap, const char *);
313 _set_str(passphrase);
315 _clr_str(passphrase);
317 } else if (_match(key, "h_passphrase")) {
318 s = va_arg(ap, const char *);
320 _set_str(h_passphrase);
322 _clr_str(h_passphrase);
324 } else if (_match(key, "new_passphrase")) {
325 s = va_arg(ap, const char *);
327 _set_str(new_passphrase);
329 _clr_str(new_passphrase);
331 } else if (_match(key, "dev")) {
332 s = va_arg(ap, const char *);
338 } else if (_match(key, "map_name")) {
339 s = va_arg(ap, const char *);
345 } else if (_match(key, "keyfiles")) {
346 s = va_arg(ap, const char *);
348 opts_add_keyfile(opts, s);
350 opts_clear_keyfile(opts);
352 } else if (_match(key, "h_keyfiles")) {
353 s = va_arg(ap, const char *);
355 opts_add_keyfile_hidden(opts, s);
357 opts_clear_keyfile_hidden(opts);
359 } else if (_match(key, "new_keyfiles")) {
360 s = va_arg(ap, const char *);
362 opts_add_keyfile_new(opts, s);
364 opts_clear_keyfile_new(opts);
366 } else if (_match(key, "prf_algo")) {
367 s = va_arg(ap, const char *);
369 if ((opts->prf_algo = check_prf_algo(s, 0, 1)) == NULL) {
375 opts->prf_algo = NULL;
377 } else if (_match(key, "h_prf_algo")) {
378 s = va_arg(ap, const char *);
380 if ((opts->h_prf_algo = check_prf_algo(s, 0, 1)) == NULL) {
386 opts->h_prf_algo = NULL;
388 } else if (_match(key, "new_prf_algo")) {
389 s = va_arg(ap, const char *);
391 if ((opts->new_prf_algo = check_prf_algo(s, 0, 1)) == NULL) {
397 opts->new_prf_algo = NULL;
399 } else if (_match(key, "cipher_chain")) {
400 s = va_arg(ap, const char *);
402 if ((opts->cipher_chain = check_cipher_chain(s, 1)) == NULL) {
408 opts->cipher_chain = NULL;
410 } else if (_match(key, "h_cipher_chain")) {
411 s = va_arg(ap, const char *);
413 if ((opts->h_cipher_chain = check_cipher_chain(s, 1)) == NULL) {
419 opts->h_cipher_chain = NULL;
421 } else if (_match(key, "state_change_fn")) {
422 sc_fn = va_arg(ap, tc_api_state_change_fn);
423 opts->state_change_fn = sc_fn;
424 vp = va_arg(ap, void *);
436 #define _not_null(x) \
437 if (opts->x == NULL) { \
442 if (opts->x != NULL) { \
447 if (opts->x != 0) { \
451 #define _not_set(x) \
452 if (TC_FLAG_SET(opts->flags, x)) { \
458 _opts_check_create(struct tcplay_opts *opts)
464 _not_set(ONLY_RESTORE);
465 _not_set(ALLOW_TRIM);
466 _not_set(SAVE_TO_FILE);
467 _not_set(HDR_FROM_FILE);
468 _not_set(H_HDR_FROM_FILE);
471 _zero(protect_hidden);
472 _null(new_passphrase);
474 _zero(n_newkeyfiles);
476 if (opts->hidden_size_bytes && !opts->hidden) {
485 _opts_check_map(struct tcplay_opts *opts)
489 _not_set(ONLY_RESTORE);
490 _not_set(SAVE_TO_FILE);
492 _zero(hidden_size_bytes);
493 _null(new_passphrase);
495 _zero(n_newkeyfiles);
499 _null(h_cipher_chain);
501 if (!opts->protect_hidden) {
503 //_null(h_passphrase);
511 _opts_check_unmap(struct tcplay_opts *opts)
514 /* XXX: _not_null(dev); ? */
520 _null(h_cipher_chain);
524 _zero(protect_hidden);
526 _null(new_passphrase);
527 _zero(n_newkeyfiles);
531 _not_set(ONLY_RESTORE);
532 _not_set(ALLOW_TRIM);
533 _not_set(SAVE_TO_FILE);
534 _not_set(HDR_FROM_FILE);
535 _not_set(H_HDR_FROM_FILE);
542 _opts_check_info(struct tcplay_opts *opts)
546 _not_set(ONLY_RESTORE);
547 _not_set(SAVE_TO_FILE);
549 _zero(hidden_size_bytes);
550 _null(new_passphrase);
552 _zero(n_newkeyfiles);
556 _null(h_cipher_chain);
558 if (!opts->protect_hidden) {
560 //_null(h_passphrase);
568 _opts_check_info_mapped(struct tcplay_opts *opts)
571 /* XXX: _not_null(dev); ? */
577 _null(h_cipher_chain);
581 _zero(protect_hidden);
583 _null(new_passphrase);
584 _zero(n_newkeyfiles);
588 _not_set(ONLY_RESTORE);
589 _not_set(ALLOW_TRIM);
590 _not_set(SAVE_TO_FILE);
591 _not_set(HDR_FROM_FILE);
592 _not_set(H_HDR_FROM_FILE);
599 _opts_check_modify(struct tcplay_opts *opts)
604 _zero(hidden_size_bytes);
608 _null(h_cipher_chain);
610 if (!opts->protect_hidden) {
621 _opts_check_restore(struct tcplay_opts *opts)
623 if ((_opts_check_modify(opts)) < 0)
627 _zero(n_newkeyfiles);
628 _null(new_passphrase);
634 tc_api_task_do(tc_api_task task)
636 struct tcplay_opts *opts;
639 if (task == NULL || ((opts = task->opts) == NULL)) {
644 if (task->last_info != NULL) {
645 free_info(task->last_info);
650 if ((r = _opts_check_create(task->opts)) != 0) {
654 r = create_volume(opts);
658 if ((r = _opts_check_map(task->opts)) != 0) {
662 r = map_volume(opts);
666 if ((r = _opts_check_unmap(task->opts)) != 0) {
670 r = dm_teardown(opts->map_name, opts->dev);
674 if ((r = _opts_check_info(task->opts)) != 0) {
678 if ((task->last_info = info_map_common(opts, NULL)) == NULL) {
683 case TC_OP_INFO_MAPPED:
684 if ((r = _opts_check_info_mapped(task->opts)) != 0) {
688 if ((task->last_info = dm_info_map(opts->map_name)) == NULL) {
694 if ((r = _opts_check_modify(task->opts)) != 0) {
698 r = modify_volume(opts);
702 if ((r = _opts_check_restore(task->opts)) != 0) {
706 opts->flags |= TC_FLAG_ONLY_RESTORE;
707 r = modify_volume(opts);
708 opts->flags &= ~TC_FLAG_ONLY_RESTORE;
717 tc_api_task_info_get(tc_api_task task, const char *key, ...)
721 struct tcplay_info *info;
728 if (task == NULL || ((info = task->last_info) == NULL)) {
734 sz = va_arg(ap, size_t);
741 if (_match(key, "device")) {
742 s = va_arg(ap, char *);
743 strncpy(s, info->dev, sz);
745 } else if (_match(key, "cipher")) {
746 s = va_arg(ap, char *);
747 tc_cipher_chain_sprint(buf, sizeof(buf), info->cipher_chain);
750 } else if (_match(key, "prf")) {
751 s = va_arg(ap, char *);
753 strncpy(s, info->pbkdf_prf->name, sz);
755 strncpy(s, "(unknown)", sz);
757 } else if (_match(key, "key_bits")) {
758 if (sz != sizeof(int)) {
763 ip = va_arg(ap, int *);
764 *ip = 8*tc_cipher_chain_klen(info->cipher_chain);
765 } else if (_match(key, "size")) {
766 if (sz != sizeof(int64_t)) {
771 i64p = va_arg(ap, int64_t *);
773 *i64p = (int64_t)info->size * (int64_t)info->hdr->sec_sz;
775 *i64p = (int64_t)info->size * (int64_t)info->blk_sz;
776 } else if (_match(key, "iv_offset")) {
777 if (sz != sizeof(int64_t)) {
782 i64p = va_arg(ap, int64_t *);
784 *i64p = (int64_t)info->skip * (int64_t)info->hdr->sec_sz;
786 *i64p = (int64_t)info->skip * (int64_t)info->blk_sz;
787 } else if (_match(key, "block_offset")) {
788 if (sz != sizeof(int64_t)) {
793 i64p = va_arg(ap, int64_t *);
795 *i64p = (int64_t)info->offset * (int64_t)info->hdr->sec_sz;
797 *i64p = (int64_t)info->offset * (int64_t)info->blk_sz;