2 * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
19 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
22 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
26 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #if defined(__linux__)
31 #define _GNU_SOURCE /* for asprintf */
34 #include <sys/types.h>
36 #if defined(__DragonFly__)
37 #include <sys/param.h>
49 #if defined(__linux__)
50 #include <libdevmapper.h>
51 #include <uuid/uuid.h>
52 #elif defined(__DragonFly__)
63 * - LRW-benbi support? needs further work in dm-crypt and even opencrypto
64 * - secure buffer review (i.e: is everything that needs it using secure mem?)
65 * - mlockall? (at least MCL_FUTURE, which is the only one we support)
68 summary_fn_t summary_fn = NULL;
69 int tc_internal_verbose = 1;
70 char tc_internal_log_buffer[LOG_BUFFER_SZ];
73 tc_log(int is_err, const char *fmt, ...)
85 vsnprintf(tc_internal_log_buffer, LOG_BUFFER_SZ, fmt, ap);
89 if (tc_internal_verbose)
90 fprintf(fp, "%s", tc_internal_log_buffer);
93 /* Supported algorithms */
94 struct pbkdf_prf_algo pbkdf_prf_algos[] = {
95 { "RIPEMD160", 2000 }, /* needs to come before the other RIPEMD160 */
96 { "RIPEMD160", 1000 },
98 { "whirlpool", 1000 },
102 struct tc_crypto_algo tc_crypto_algos[] = {
104 /* XXX: turns out TC doesn't support AES-128-XTS */
105 { "AES-128-XTS", "aes-xts-plain", 32, 8 },
106 { "TWOFISH-128-XTS", "twofish-xts-plain", 32, 8 },
107 { "SERPENT-128-XTS", "serpent-xts-plain", 32, 8 },
109 { "AES-256-XTS", "aes-xts-plain", 64, 8 },
110 { "TWOFISH-256-XTS", "twofish-xts-plain", 64, 8 },
111 { "SERPENT-256-XTS", "serpent-xts-plain", 64, 8 },
115 const char *valid_cipher_chains[][MAX_CIPHER_CHAINS] = {
116 { "AES-256-XTS", NULL },
117 { "TWOFISH-256-XTS", NULL },
118 { "SERPENT-256-XTS", NULL },
119 { "AES-256-XTS", "TWOFISH-256-XTS", "SERPENT-256-XTS", NULL },
120 { "SERPENT-256-XTS", "TWOFISH-256-XTS", "AES-256-XTS", NULL },
122 /* It seems that all the two-way cascades are the other way round... */
123 { "AES-256-XTS", "TWOFISH-256-XTS", NULL },
124 { "SERPENT-256-XTS", "AES-256-XTS", NULL },
125 { "TWOFISH-256-XTS", "SERPENT-256-XTS", NULL },
128 { "TWOFISH-256-XTS", "AES-256-XTS", NULL },
129 { "AES-256-XTS", "SERPENT-256-XTS", NULL },
130 { "SERPENT-256-XTS", "TWOFISH-256-XTS", NULL },
134 struct tc_cipher_chain *tc_cipher_chains[MAX_CIPHER_CHAINS];
138 tc_build_cipher_chains(void)
140 struct tc_cipher_chain *chain, *elem, *prev;
144 while (valid_cipher_chains[i][0] != NULL) {
149 while (valid_cipher_chains[i][k] != NULL) {
150 if ((elem = alloc_safe_mem(sizeof(*elem))) == NULL) {
151 tc_log(1, "Error allocating memory for "
156 /* Initialize first element of chain */
162 /* Populate previous element */
168 /* Assume we are the last element in the chain */
171 /* Initialize other fields */
172 elem->cipher = check_cipher(valid_cipher_chains[i][k], 0);
173 if (elem->cipher == NULL)
182 /* Store cipher chain */
183 tc_cipher_chains[i++] = chain;
185 /* Integrity check */
186 if (i >= MAX_CIPHER_CHAINS) {
187 tc_log(1, "FATAL: tc_cipher_chains is full!!\n");
191 /* Make sure array is NULL terminated */
192 tc_cipher_chains[i] = NULL;
200 print_hex(unsigned char *buf, off_t start, size_t len)
204 for (i = start; i < start+len; i++)
205 printf("%02x", buf[i]);
212 print_info(struct tcplay_info *info)
214 struct tc_cipher_chain *cipher_chain;
217 printf("PBKDF2 PRF:\t\t%s\n", info->pbkdf_prf->name);
218 printf("PBKDF2 iterations:\t%d\n", info->pbkdf_prf->iteration_count);
220 printf("Cipher:\t\t\t");
221 for (cipher_chain = info->cipher_chain;
222 cipher_chain != NULL;
223 cipher_chain = cipher_chain->next) {
224 printf("%s%c", cipher_chain->cipher->name,
225 (cipher_chain->next != NULL) ? ',' : '\n');
226 klen += cipher_chain->cipher->klen;
229 printf("Key Length:\t\t%d bits\n", klen*8);
230 printf("CRC Key Data:\t\t%#x\n", info->hdr->crc_keys);
231 printf("Sector size:\t\t%d\n", info->hdr->sec_sz);
232 printf("Volume size:\t\t%zu sectors\n", info->size);
234 /* Don't print this; it's always 0 and is rather confusing */
235 printf("Volume offset:\t\t%"PRIu64"\n", (uint64_t)info->start);
237 printf("IV offset:\t\t%"PRIu64"\n", (uint64_t)info->skip);
238 printf("Block offset:\t\t%"PRIu64"\n", (uint64_t)info->offset);
243 new_info(const char *dev, struct tc_cipher_chain *cipher_chain,
244 struct pbkdf_prf_algo *prf, struct tchdr_dec *hdr, off_t start)
246 struct tc_cipher_chain *chain_start;
247 struct tcplay_info *info;
251 chain_start = cipher_chain;
253 if ((info = (struct tcplay_info *)alloc_safe_mem(sizeof(*info))) == NULL) {
254 tc_log(1, "could not allocate safe info memory\n");
259 info->cipher_chain = cipher_chain;
260 info->pbkdf_prf = prf;
263 info->size = hdr->sz_mk_scope / hdr->sec_sz; /* volume size */
264 info->skip = hdr->off_mk_scope / hdr->sec_sz; /* iv skip */
265 info->offset = hdr->off_mk_scope / hdr->sec_sz; /* block offset */
267 /* Associate a key out of the key pool with each cipher in the chain */
268 error = tc_cipher_chain_populate_keys(cipher_chain, hdr->keys);
270 tc_log(1, "could not populate keys in cipher chain\n");
274 for (; cipher_chain != NULL; cipher_chain = cipher_chain->next) {
275 for (i = 0; i < cipher_chain->cipher->klen; i++)
276 sprintf(&cipher_chain->dm_key[i*2], "%02x",
277 cipher_chain->key[i]);
280 tc_cipher_chain_free_keys(chain_start);
286 adjust_info(struct tcplay_info *info, struct tcplay_info *hinfo)
288 if (hinfo->hdr->sz_hidvol == 0)
291 info->size -= hinfo->hdr->sz_hidvol / hinfo->hdr->sec_sz;
296 process_hdr(const char *dev, unsigned char *pass, int passlen,
297 struct tchdr_enc *ehdr, struct tcplay_info **pinfo)
299 struct tchdr_dec *dhdr;
300 struct tcplay_info *info;
302 int i, j, found, error;
306 if ((key = alloc_safe_mem(MAX_KEYSZ)) == NULL) {
307 tc_log(1, "could not allocate safe key memory\n");
311 /* Start search for correct algorithm combination */
313 for (i = 0; !found && pbkdf_prf_algos[i].name != NULL; i++) {
315 printf("\nTrying PRF algo %s (%d)\n", pbkdf_prf_algos[i].name,
316 pbkdf_prf_algos[i].iteration_count);
318 print_hex(ehdr->salt, 0, sizeof(ehdr->salt));
320 error = pbkdf2(&pbkdf_prf_algos[i], (char *)pass, passlen,
321 ehdr->salt, sizeof(ehdr->salt),
325 tc_log(1, "pbkdf failed for algorithm %s\n",
326 pbkdf_prf_algos[i].name);
332 printf("Derived Key: ");
333 print_hex(key, 0, MAX_KEYSZ);
336 for (j = 0; !found && tc_cipher_chains[j] != NULL; j++) {
338 printf("\nTrying cipher chain %d\n", j);
341 dhdr = decrypt_hdr(ehdr, tc_cipher_chains[j], key);
343 tc_log(1, "hdr decryption failed for cipher "
349 if (verify_hdr(dhdr)) {
351 printf("tc_str: %.4s, tc_ver: %d, tc_min_ver: %d, "
352 "crc_keys: %d, sz_vol: %"PRIu64", "
353 "off_mk_scope: %"PRIu64", sz_mk_scope: %"PRIu64", "
354 "flags: %d, sec_sz: %d crc_dhdr: %d\n",
355 dhdr->tc_str, dhdr->tc_ver, dhdr->tc_min_ver,
356 dhdr->crc_keys, dhdr->sz_vol, dhdr->off_mk_scope,
357 dhdr->sz_mk_scope, dhdr->flags, dhdr->sec_sz,
372 if ((info = new_info(dev, tc_cipher_chains[j-1], &pbkdf_prf_algos[i-1],
384 create_volume(const char *dev, int hidden, const char *keyfiles[], int nkeyfiles,
385 const char *h_keyfiles[], int n_hkeyfiles, struct pbkdf_prf_algo *prf_algo,
386 struct tc_cipher_chain *cipher_chain, struct pbkdf_prf_algo *h_prf_algo,
387 struct tc_cipher_chain *h_cipher_chain, char *passphrase,
388 char *h_passphrase, size_t size_hidden_bytes_in, int interactive)
390 char *pass, *pass_again;
393 size_t blocks, blksz, hidden_blocks = 0;
394 struct tchdr_enc *ehdr, *hehdr;
395 struct tchdr_enc *ehdr_backup, *hehdr_backup;
399 pass = h_pass = pass_again = NULL;
401 ehdr_backup = hehdr_backup = NULL;
402 ret = -1; /* Default to returning error */
404 if (cipher_chain == NULL)
405 cipher_chain = tc_cipher_chains[0];
406 if (prf_algo == NULL)
407 prf_algo = &pbkdf_prf_algos[0];
408 if (h_cipher_chain == NULL)
409 h_cipher_chain = cipher_chain;
410 if (h_prf_algo == NULL)
411 h_prf_algo = prf_algo;
413 if ((error = get_disk_info(dev, &blocks, &blksz)) != 0) {
414 tc_log(1, "could not get disk info\n");
418 if ((blocks*blksz) <= MIN_VOL_BYTES) {
419 tc_log(1, "Cannot create volumes on devices with less "
420 "than %d bytes\n", MIN_VOL_BYTES);
425 if (((pass = alloc_safe_mem(MAX_PASSSZ)) == NULL) ||
426 ((pass_again = alloc_safe_mem(MAX_PASSSZ)) == NULL)) {
427 tc_log(1, "could not allocate safe passphrase memory\n");
431 if ((error = read_passphrase("Passphrase: ", pass, MAX_PASSSZ, 0) ||
432 (read_passphrase("Repeat passphrase: ", pass_again,
434 tc_log(1, "could not read passphrase\n");
438 if (strcmp(pass, pass_again) != 0) {
439 tc_log(1, "Passphrases don't match\n");
443 free_safe_mem(pass_again);
446 /* In batch mode, use provided passphrase */
447 if ((pass = alloc_safe_mem(MAX_PASSSZ)) == NULL) {
448 tc_log(1, "could not allocate safe "
449 "passphrase memory");
453 if (passphrase != NULL)
454 strcpy(pass, passphrase);
458 /* Apply keyfiles to 'pass' */
459 if ((error = apply_keyfiles((unsigned char *)pass, MAX_PASSSZ,
460 keyfiles, nkeyfiles))) {
461 tc_log(1, "could not apply keyfiles\n");
468 if (((h_pass = alloc_safe_mem(MAX_PASSSZ)) == NULL) ||
469 ((pass_again = alloc_safe_mem(MAX_PASSSZ)) == NULL)) {
470 tc_log(1, "could not allocate safe "
471 "passphrase memory\n");
475 if ((error = read_passphrase("Passphrase for hidden volume: ",
476 h_pass, MAX_PASSSZ, 0) ||
477 (read_passphrase("Repeat passphrase: ", pass_again,
479 tc_log(1, "could not read passphrase\n");
483 if (strcmp(h_pass, pass_again) != 0) {
484 tc_log(1, "Passphrases for hidden volume don't "
489 free_safe_mem(pass_again);
492 /* In batch mode, use provided passphrase */
493 if ((h_pass = alloc_safe_mem(MAX_PASSSZ)) == NULL) {
494 tc_log(1, "could not allocate safe "
495 "passphrase memory");
499 if (h_passphrase != NULL)
500 strcpy(h_pass, h_passphrase);
503 if (n_hkeyfiles > 0) {
504 /* Apply keyfiles to 'h_pass' */
505 if ((error = apply_keyfiles((unsigned char *)h_pass,
506 MAX_PASSSZ, h_keyfiles, n_hkeyfiles))) {
507 tc_log(1, "could not apply keyfiles\n");
515 hidden_blocks = size_hidden_bytes_in/blksz;
516 if (hidden_blocks == 0) {
517 tc_log(1, "hidden_blocks to create volume "
518 "cannot be zero!\n");
522 if (size_hidden_bytes_in >=
523 (blocks*blksz) - MIN_VOL_BYTES) {
524 tc_log(1, "Hidden volume needs to be "
525 "smaller than the outer volume\n");
530 /* This only happens in interactive mode */
531 while (hidden_blocks == 0) {
532 if ((r = _humanize_number(buf, sizeof(buf),
533 (uint64_t)(blocks * blksz))) < 0) {
534 sprintf(buf, "%zu bytes", (blocks * blksz));
537 printf("The total volume size of %s is %s (bytes)\n", dev, buf);
538 memset(buf, 0, sizeof(buf));
539 printf("Size of hidden volume (e.g. 127M): ");
542 if ((fgets(buf, sizeof(buf), stdin)) == NULL) {
543 tc_log(1, "Could not read from stdin\n");
547 /* get rid of trailing newline */
548 buf[strlen(buf)-1] = '\0';
549 if ((error = _dehumanize_number(buf,
551 tc_log(1, "Could not interpret input: %s\n", buf);
555 if (tmp >= (blocks*blksz) - MIN_VOL_BYTES) {
556 tc_log(1, "Hidden volume needs to be "
557 "smaller than the outer volume\n");
562 hidden_blocks = (size_t)tmp;
563 hidden_blocks /= blksz;
568 /* Show summary and ask for confirmation */
569 printf("Summary of actions:\n");
570 printf(" - Completely erase *EVERYTHING* on %s\n", dev);
571 printf(" - Create %svolume on %s\n", hidden?("outer "):"", dev);
573 printf(" - Create hidden volume of %zu bytes at end of "
575 hidden_blocks * blksz);
578 printf("\n Are you sure you want to proceed? (y/n) ");
580 if ((fgets(buf, sizeof(buf), stdin)) == NULL) {
581 tc_log(1, "Could not read from stdin\n");
585 if ((buf[0] != 'y') && (buf[0] != 'Y')) {
586 tc_log(1, "User cancelled action(s)\n");
591 tc_log(0, "Securely erasing the volume...\nThis process may take "
592 "some time depending on the size of the volume\n");
595 if ((error = secure_erase(dev, blocks * blksz, blksz)) != 0) {
596 tc_log(1, "could not securely erase device %s\n", dev);
600 tc_log(0, "Creating volume headers...\nDepending on your system, this "
601 "process may take a few minutes as it uses true random data which "
602 "might take a while to refill\n");
604 /* create encrypted headers */
605 ehdr = create_hdr((unsigned char *)pass,
606 (nkeyfiles > 0)?MAX_PASSSZ:strlen(pass),
607 prf_algo, cipher_chain, blksz, blocks, VOL_RSVD_BYTES_START/blksz,
608 blocks - (MIN_VOL_BYTES/blksz), 0, &ehdr_backup);
610 tc_log(1, "Could not create header\n");
615 hehdr = create_hdr((unsigned char *)h_pass,
616 (n_hkeyfiles > 0)?MAX_PASSSZ:strlen(h_pass), h_prf_algo,
619 blocks - (VOL_RSVD_BYTES_END/blksz) - hidden_blocks,
620 hidden_blocks, 1, &hehdr_backup);
622 tc_log(1, "Could not create hidden volume header\n");
627 tc_log(0, "Writing volume headers to disk...\n");
629 if ((error = write_to_disk(dev, 0, blksz, ehdr, sizeof(*ehdr))) != 0) {
630 tc_log(1, "Could not write volume header to device\n");
634 /* Write backup header; it's offset is relative to the end */
635 if ((error = write_to_disk(dev, (blocks*blksz - BACKUP_HDR_OFFSET_END),
636 blksz, ehdr_backup, sizeof(*ehdr_backup))) != 0) {
637 tc_log(1, "Could not write backup volume header to device\n");
642 if ((error = write_to_disk(dev, HDR_OFFSET_HIDDEN, blksz, hehdr,
643 sizeof(*hehdr))) != 0) {
644 tc_log(1, "Could not write hidden volume header to "
649 /* Write backup hidden header; offset is relative to end */
650 if ((error = write_to_disk(dev,
651 (blocks*blksz - BACKUP_HDR_HIDDEN_OFFSET_END), blksz,
652 hehdr_backup, sizeof(*hehdr_backup))) != 0) {
653 tc_log(1, "Could not write backup hidden volume "
654 "header to device\n");
659 /* Everything went ok */
660 tc_log(0, "All done!\n");
668 free_safe_mem(h_pass);
670 free_safe_mem(pass_again);
674 free_safe_mem(hehdr);
676 free_safe_mem(ehdr_backup);
678 free_safe_mem(hehdr_backup);
685 info_map_common(const char *dev, int sflag, const char *sys_dev,
686 int protect_hidden, const char *keyfiles[], int nkeyfiles,
687 const char *h_keyfiles[], int n_hkeyfiles, char *passphrase,
688 char *passphrase_hidden, int interactive, int retries, time_t timeout)
690 struct tchdr_enc *ehdr, *hehdr = NULL;
691 struct tcplay_info *info, *hinfo = NULL;
694 int error, error2 = 0;
696 size_t blocks, blksz;
698 if ((error = get_disk_info(dev, &blocks, &blksz)) != 0) {
699 tc_log(1, "could not get disk information\n");
709 pass = h_pass = NULL;
711 while ((info == NULL) && retries-- > 0)
713 pass = h_pass = NULL;
717 if ((pass = alloc_safe_mem(MAX_PASSSZ)) == NULL) {
718 tc_log(1, "could not allocate safe passphrase memory\n");
723 if ((error = read_passphrase("Passphrase: ", pass,
724 MAX_PASSSZ, timeout))) {
725 tc_log(1, "could not read passphrase\n");
726 /* XXX: handle timeout differently? */
730 /* In batch mode, use provided passphrase */
731 if (passphrase != NULL)
732 strcpy(pass, passphrase);
736 /* Apply keyfiles to 'pass' */
737 if ((error = apply_keyfiles((unsigned char *)pass, MAX_PASSSZ,
738 keyfiles, nkeyfiles))) {
739 tc_log(1, "could not apply keyfiles");
744 if (protect_hidden) {
745 if ((h_pass = alloc_safe_mem(MAX_PASSSZ)) == NULL) {
746 tc_log(1, "could not allocate safe passphrase memory\n");
751 if ((error = read_passphrase(
752 "Passphrase for hidden volume: ", h_pass,
753 MAX_PASSSZ, timeout))) {
754 tc_log(1, "could not read passphrase\n");
758 /* In batch mode, use provided passphrase */
759 if (passphrase_hidden != NULL)
760 strcpy(h_pass, passphrase_hidden);
763 if (n_hkeyfiles > 0) {
764 /* Apply keyfiles to 'pass' */
765 if ((error = apply_keyfiles((unsigned char *)h_pass, MAX_PASSSZ,
766 h_keyfiles, n_hkeyfiles))) {
767 tc_log(1, "could not apply keyfiles");
773 /* Always read blksz-sized chunks */
776 ehdr = (struct tchdr_enc *)read_to_safe_mem((sflag) ? sys_dev : dev,
777 (sflag) ? HDR_OFFSET_SYS : 0, &sz);
779 tc_log(1, "error read hdr_enc: %s", dev);
784 /* Always read blksz-sized chunks */
787 hehdr = (struct tchdr_enc *)read_to_safe_mem(dev,
788 HDR_OFFSET_HIDDEN, &sz);
790 tc_log(1, "error read hdr_enc: %s", dev);
797 error = process_hdr(dev, (unsigned char *)pass,
798 (nkeyfiles > 0)?MAX_PASSSZ:strlen(pass),
802 * Try to process hidden header if we have to protect the hidden
803 * volume, or the decryption/verification of the main header
806 if (hehdr && (error || protect_hidden)) {
808 error2 = process_hdr(dev, (unsigned char *)pass,
809 (nkeyfiles > 0)?MAX_PASSSZ:strlen(pass), hehdr,
811 } else if (protect_hidden) {
812 error2 = process_hdr(dev, (unsigned char *)h_pass,
813 (n_hkeyfiles > 0)?MAX_PASSSZ:strlen(h_pass), hehdr,
818 /* We need both to protect a hidden volume */
819 if ((protect_hidden && (error || error2)) ||
821 tc_log(1, "Incorrect password or not a TrueCrypt volume\n");
825 free_safe_mem(info->hdr);
831 free_safe_mem(hinfo->hdr);
832 free_safe_mem(hinfo);
836 /* Try again (or finish) */
841 free_safe_mem(h_pass);
849 free_safe_mem(hehdr);
855 if (protect_hidden) {
856 if (adjust_info(info, hinfo) != 0) {
857 tc_log(1, "Could not protect hidden volume\n");
860 free_safe_mem(info->hdr);
866 free_safe_mem(hinfo->hdr);
867 free_safe_mem(hinfo);
873 free_safe_mem(hinfo->hdr);
874 free_safe_mem(hinfo);
881 free_safe_mem(hinfo);
885 free_safe_mem(h_pass);
889 free_safe_mem(hehdr);
895 info_volume(const char *device, int sflag, const char *sys_dev,
896 int protect_hidden, const char *keyfiles[], int nkeyfiles,
897 const char *h_keyfiles[], int n_hkeyfiles,
898 char *passphrase, char *passphrase_hidden, int interactive, int retries,
901 struct tcplay_info *info;
903 info = info_map_common(device, sflag, sys_dev, protect_hidden,
904 keyfiles, nkeyfiles, h_keyfiles, n_hkeyfiles,
905 passphrase, passphrase_hidden, interactive, retries, timeout);
911 free_safe_mem(info->hdr);
922 map_volume(const char *map_name, const char *device, int sflag,
923 const char *sys_dev, int protect_hidden, const char *keyfiles[],
924 int nkeyfiles, const char *h_keyfiles[], int n_hkeyfiles,
925 char *passphrase, char *passphrase_hidden, int interactive, int retries,
929 struct tcplay_info *info;
932 info = info_map_common(device, sflag, sys_dev, protect_hidden,
933 keyfiles, nkeyfiles, h_keyfiles, n_hkeyfiles,
934 passphrase, passphrase_hidden, interactive, retries, timeout);
939 if ((error = dm_setup(map_name, info)) != 0) {
940 tc_log(1, "Could not set up mapping %s\n", map_name);
942 free_safe_mem(info->hdr);
957 dm_remove_device(const char *name)
959 struct dm_task *dmt = NULL;
962 if ((dmt = dm_task_create(DM_DEVICE_REMOVE)) == NULL)
965 if ((dm_task_set_name(dmt, name)) == 0)
968 if ((dm_task_run(dmt)) == 0)
974 dm_task_destroy(dmt);
980 dm_setup(const char *mapname, struct tcplay_info *info)
982 struct tc_cipher_chain *cipher_chain;
983 struct dm_task *dmt = NULL;
989 #if defined(__DragonFly__)
999 dm_udev_set_sync_support(1);
1001 if ((params = alloc_safe_mem(512)) == NULL) {
1002 tc_log(1, "could not allocate safe parameters memory");
1006 strcpy(dev, info->dev);
1007 start = info->start;
1008 offset = info->offset;
1011 /* Get to the end of the chain */
1012 for (cipher_chain = info->cipher_chain; cipher_chain->next != NULL;
1013 cipher_chain = cipher_chain->next)
1016 for (j= 0; cipher_chain != NULL;
1017 cipher_chain = cipher_chain->prev, j++) {
1021 /* aes-cbc-essiv:sha256 7997f8af... 0 /dev/ad0s0a 8 */
1022 /* iv off---^ block off--^ */
1023 snprintf(params, 512, "%s %s %"PRIu64 " %s %"PRIu64,
1024 cipher_chain->cipher->dm_crypt_str, cipher_chain->dm_key,
1025 (uint64_t)info->skip, dev, (uint64_t)offset);
1027 printf("Params: %s\n", params);
1030 if ((dmt = dm_task_create(DM_DEVICE_CREATE)) == NULL) {
1031 tc_log(1, "dm_task_create failed\n");
1037 * If this is the last element in the cipher chain, use the
1038 * final map name. Otherwise pick a secondary name...
1040 if (cipher_chain->prev == NULL)
1041 strcpy(map, mapname);
1043 sprintf(map, "%s.%d", mapname, j);
1045 if ((dm_task_set_name(dmt, map)) == 0) {
1046 tc_log(1, "dm_task_set_name failed\n");
1051 #if defined(__linux__)
1052 uuid_generate(info->uuid);
1053 if ((uu = malloc(1024)) == NULL) {
1054 tc_log(1, "uuid_unparse memory failed\n");
1058 uuid_unparse(info->uuid, uu);
1059 #elif defined(__DragonFly__)
1060 uuid_create(&info->uuid, &status);
1061 if (status != uuid_s_ok) {
1062 tc_log(1, "uuid_create failed\n");
1067 uuid_to_string(&info->uuid, &uu, &status);
1069 tc_log(1, "uuid_to_string failed\n");
1075 if ((dm_task_set_uuid(dmt, uu)) == 0) {
1077 tc_log(1, "dm_task_set_uuid failed\n");
1084 if ((dm_task_add_target(dmt, start, info->size, "crypt", params)) == 0) {
1085 tc_log(1, "dm_task_add_target failed\n");
1090 if ((dm_task_set_cookie(dmt, &cookie, 0)) == 0) {
1091 tc_log(1, "dm_task_set_cookie failed\n");
1096 if ((dm_task_run(dmt)) == 0) {
1097 dm_udev_wait(cookie);
1098 tc_log(1, "dm_task_task_run failed\n");
1103 if ((dm_task_get_info(dmt, &dmi)) == 0) {
1104 dm_udev_wait(cookie);
1105 tc_log(1, "dm_task_get info failed\n");
1110 dm_udev_wait(cookie);
1112 asprintf(&uu_stack[uu_stack_idx++], "%s", map);
1116 sprintf(dev, "/dev/mapper/%s.%d", mapname, j);
1118 dm_task_destroy(dmt);
1119 dm_task_update_nodes();
1124 * If an error occured, try to unroll changes made before it
1131 printf("Unrolling dm changes! j = %d (%s)\n", j-1,
1134 if ((r = dm_remove_device(uu_stack[--j])) != 0) {
1135 tc_log(1, "Tried to unroll dm changes, "
1142 while (uu_stack_idx > 0)
1143 free(uu_stack[--uu_stack_idx]);
1145 free_safe_mem(params);
1151 dm_teardown(const char *mapname, const char *device __unused)
1154 struct dm_task *dmt = NULL;
1160 if ((error = dm_remove_device(mapname)) != 0) {
1161 tc_log(1, "Could not remove mapping %s\n", mapname);
1165 /* Try to remove other cascade devices */
1166 for (i = 2; i >= 0; i--) {
1167 sprintf(map, "%s.%d", mapname, i);
1168 dm_remove_device(map);
1174 struct tc_crypto_algo *
1175 check_cipher(const char *cipher, int quiet)
1179 for (i = 0; tc_crypto_algos[i].name != NULL; i++) {
1180 if (strcmp(cipher, tc_crypto_algos[i].name) == 0) {
1186 if (!found && !quiet) {
1187 fprintf(stderr, "Valid ciphers are: ");
1188 for (i = 0; tc_crypto_algos[i].name != NULL; i++)
1189 fprintf(stderr, "%s ", tc_crypto_algos[i].name);
1190 fprintf(stderr, "\n");
1194 return &tc_crypto_algos[i];
1197 struct tc_cipher_chain *
1198 check_cipher_chain(char *cipher_chain, int quiet)
1200 struct tc_cipher_chain *cipher = NULL;
1201 int i,k, nciphers = 0, mismatch = 0;
1203 char *tmp_chain, *tmp_chain_free;
1206 if ((tmp_chain = strdup(cipher_chain)) == NULL) {
1207 tc_log(1, "Could not allocate strdup memory\n");
1211 tmp_chain_free = tmp_chain;
1213 while ((token = strsep(&tmp_chain, ",")) != NULL)
1214 ciphers[nciphers++] = token;
1218 for (i = 0; valid_cipher_chains[i][0] != NULL; i++) {
1221 for (k = 0; (valid_cipher_chains[i][k] != NULL); k++) {
1223 * If there are more ciphers in the chain than in the
1224 * ciphers[] variable this is not the right chain.
1226 if (k == nciphers) {
1231 if (strcmp(ciphers[k], valid_cipher_chains[i][k]) != 0)
1236 * If all ciphers matched and there are exactly nciphers,
1237 * then we found the right cipher chain.
1239 if ((k == nciphers) && !mismatch) {
1240 cipher = tc_cipher_chains[i];
1245 if (cipher == NULL) {
1246 tc_log(1, "Invalid cipher: %s\n", cipher_chain);
1248 fprintf(stderr, "Valid cipher chains are:\n");
1249 for (i = 0; valid_cipher_chains[i][0] != NULL; i++) {
1250 for (k = 0; valid_cipher_chains[i][k] != NULL;
1252 fprintf(stderr, "%s%c",
1253 valid_cipher_chains[i][k],
1254 (valid_cipher_chains[i][k+1] != NULL) ?
1257 fprintf(stderr, "\n");
1262 free(tmp_chain_free);
1266 struct pbkdf_prf_algo *
1267 check_prf_algo(char *algo, int quiet)
1271 for (i = 0; pbkdf_prf_algos[i].name != NULL; i++) {
1272 if (strcmp(algo, pbkdf_prf_algos[i].name) == 0) {
1278 if (!found && !quiet) {
1279 fprintf(stderr, "Valid PBKDF PRF algorithms are: ");
1280 for (i = 0; pbkdf_prf_algos[i].name != NULL; i++)
1281 fprintf(stderr, "%s ", pbkdf_prf_algos[i].name);
1282 fprintf(stderr, "\n");
1286 return &pbkdf_prf_algos[i];
1294 if ((error = tc_build_cipher_chains()) != 0)
1297 if ((error = tc_crypto_init()) != 0)
tuxillo's projects / dragonfly.git / blob