xref: /dragonfly/lib/libtcplay/tcplay.h (revision 7b1e1c8e1e00f6479eba04708b37a13383f7e197)
1 /*
2  * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in
13  *    the documentation and/or other materials provided with the
14  *    distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
19  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
20  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
22  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
26  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 /* Version of tcplay specified during build (CMakeLists.txt, Makefile.classic) */
31 
32 #ifndef _TCPLAY_H
33 #define _TCPLAY_H
34 
35 #define MAX_BLKSZ             4096
36 #define MAX_KEYSZ             192
37 #define HDRSZ                           512
38 #define HDR_OFFSET_SYS                  31744     /* 512 * (63 -1) */
39 #define TC_SIG                          "TRUE"
40 #define VC_SIG                          "VERA"
41 #define MAX_PASSSZ            64
42 #define PASS_BUFSZ            256
43 #define KPOOL_SZ              64
44 #define MAX_KFILE_SZ                    1048576   /* 1 MB */
45 #define MAX_KEYFILES                    256
46 #define HDR_OFFSET_HIDDEN     65536
47 #define BACKUP_HDR_HIDDEN_OFFSET_END    65536
48 #define BACKUP_HDR_OFFSET_END 131072
49 #define SALT_LEN              64
50 #define VOL_RSVD_BYTES_START  (256*512) /* Reserved bytes at vol. start */
51 #define VOL_RSVD_BYTES_END    (256*512) /* Reserved bytes at vol. end */
52 #define MIN_VOL_BYTES                   (VOL_RSVD_BYTES_START + VOL_RSVD_BYTES_END)
53 
54 #define MAX_CIPHER_CHAINS     64
55 #define DEFAULT_RETRIES                 3
56 #define ERASE_BUFFER_SIZE     4*1024*1024 /* 4 MB */
57 
58 /* TrueCrypt Volume flags */
59 #define TC_VOLFLAG_SYSTEM     0x01      /* system encryption */
60 #define TC_VOLFLAG_INPLACE    0x02      /* non-system in-place-encrypted volume */
61 
62 #define TC_VOLFLAG_SET(f, x)  ((f & TC_VOLFLAG_##x) == TC_VOLFLAG_##x)
63 
64 #define LOG_BUFFER_SZ                   1024
65 #if 0
66 #define DEBUG 1
67 #endif
68 
69 #define TC_FLAG_SYS           0x0001
70 #define TC_FLAG_FDE           0x0002
71 #define TC_FLAG_BACKUP                  0x0004
72 #define TC_FLAG_ONLY_RESTORE  0x0008
73 #define TC_FLAG_ALLOW_TRIM    0x0010
74 #define TC_FLAG_SAVE_TO_FILE  0x0020
75 #define TC_FLAG_HDR_FROM_FILE 0x0040
76 #define TC_FLAG_H_HDR_FROM_FILE         0x0080
77 
78 #define TC_FLAG_SET(f, x)     ((f & TC_FLAG_##x) == TC_FLAG_##x)
79 
80 #include <limits.h>
81 #include <inttypes.h>
82 
83 #if defined(__DragonFly__)
84 #include <uuid.h>
85 #elif defined(__linux__)
86 #include <uuid/uuid.h>
87 #endif
88 
89 
90 typedef uint64_t disksz_t;
91 #define DISKSZ_FMT PRIu64
92 
93 
94 struct pbkdf_prf_algo {
95           const char *name;
96           const char *algo;
97           int iteration_count;
98           const char *sig;
99           int sys;
100 };
101 
102 #define DEFAULT_PRF_ALGO_IDX  6
103 
104 struct tc_crypto_algo {
105           const char *name;
106           const char *dm_crypt_str;
107           int klen;
108           int ivlen;
109 };
110 
111 struct tc_cipher_chain {
112           struct tc_crypto_algo *cipher;
113           unsigned char *key;
114           char dm_key[MAX_KEYSZ*2 + 1];
115 
116           struct tc_cipher_chain *prev;
117           struct tc_cipher_chain *next;
118 };
119 
120 struct tchdr_enc {
121           unsigned char salt[SALT_LEN]; /* Salt for PBKDF */
122           unsigned char enc[448];                 /* Encrypted part of the header */
123 } __attribute__((__packed__));
124 
125 struct tchdr_dec {
126           char                tc_str[4];          /* ASCII string "TRUE" */
127           uint16_t  tc_ver;             /* Volume header format version */
128           uint16_t  tc_min_ver;
129           uint32_t  crc_keys; /* CRC32 of the key section */
130           uint64_t  vol_ctime;          /* Volume creation time */
131           uint64_t  hdr_ctime;          /* Header creation time */
132           uint64_t  sz_hidvol;          /* Size of hidden volume (set to zero
133                                                      in non-hidden volumes) */
134           uint64_t  sz_vol;             /* Size of volume */
135           uint64_t  off_mk_scope;       /* Byte offset of the start of the
136                                                      master key scope */
137           uint64_t  sz_mk_scope;        /* Size of the encrypted area within
138                                                      the master key scope */
139           uint32_t  flags;              /* Flag bits
140                                                      (bit 0: system encryption;
141                                                      bit 1: non-system in-place-encrypted volume;
142                                                      bits 2–31 are reserved) */
143           uint32_t  sec_sz;             /* Sector size (in bytes) */
144           unsigned char       unused3[120];
145           uint32_t  crc_dhdr; /* CRC32 of dec. header (except keys) */
146           unsigned char       keys[256];
147 } __attribute__((__packed__));
148 
149 struct tcplay_info {
150           char dev[PATH_MAX];
151           struct tchdr_dec *hdr;
152           struct tc_cipher_chain *cipher_chain;
153           struct pbkdf_prf_algo *pbkdf_prf;
154           char key[MAX_KEYSZ*2 + 1];
155 
156           int flags;
157           int volflags;
158 
159           uint32_t blk_sz;
160 
161           off_t start;        /* Logical volume offset in table (in blk_sz blocks) */
162           disksz_t size;      /* Volume size (in blk_sz blocks) */
163 
164           off_t skip;         /* IV offset (in blk_sz blocks) */
165           off_t offset;       /* Block offset (in blk_sz blocks) */
166 
167           /* Populated by dm_setup */
168           uuid_t uuid;
169 
170           int hidden;
171 };
172 
173 #define INFO_TO_DM_BLOCKS(info, memb) \
174     (((info)->memb * (uint64_t)((info)->blk_sz))/512)
175 
176 struct tcplay_dm_table {
177           char device[PATH_MAX];        /* Underlying device */
178           char target[256];   /* DM Target type */
179           off_t start;                  /* Logical volume offset in table */
180           disksz_t size;                /* Volume size */
181 
182           char cipher[256];   /* Cipher */
183           off_t skip;                   /* IV offset */
184           off_t offset;                 /* Block offset */
185 };
186 
187 
188 typedef int (*tc_state_change_fn)(void *, const char *, int);
189 
190 struct tcplay_opts {
191           /* (Mostly) common options */
192           const char          *dev;
193           const char          *keyfiles[MAX_KEYFILES];
194           int                 nkeyfiles;
195           const char          *h_keyfiles[MAX_KEYFILES];
196           int                 n_hkeyfiles;
197           struct pbkdf_prf_algo         *prf_algo;
198           struct tc_cipher_chain        *cipher_chain;
199           struct pbkdf_prf_algo         *h_prf_algo;
200           struct tc_cipher_chain        *h_cipher_chain;
201           const char          *passphrase;
202           const char          *h_passphrase;
203           int                 interactive;
204           int                 weak_keys_and_salt;
205 
206           /* Options for create */
207           int                 hidden;
208           disksz_t  hidden_size_bytes;
209           int                 secure_erase; /* XXX: default to 1! */
210 
211           /* Options for map, info_mapped */
212           const char          *map_name;
213 
214           /* Options for info, map, modify */
215           int                 flags;
216           const char          *sys_dev;
217           int                 protect_hidden;
218           int                 retries;  /* XXX: default to DEFAULT_RETRIES */
219           time_t              timeout;
220           int                 prompt_passphrase;
221 
222           const char          *hdr_file_in;
223           const char          *h_hdr_file_in;
224 
225           /* Options for modify only */
226           struct pbkdf_prf_algo         *new_prf_algo;
227           const char          *new_passphrase;
228           const char          *hdr_file_out;
229           const char          *new_keyfiles[MAX_KEYFILES];
230           int                 n_newkeyfiles;
231 
232           void                *api_ctx;
233           tc_state_change_fn  state_change_fn;
234 };
235 
236 
237 struct tcplay_opts *opts_init(void);
238 int opts_add_keyfile(struct tcplay_opts *opts, const char *keyfile);
239 int opts_add_keyfile_hidden(struct tcplay_opts *opts, const char *keyfile);
240 int opts_add_keyfile_new(struct tcplay_opts *opts, const char *keyfile);
241 void opts_free(struct tcplay_opts *opts);
242 void opts_clear_keyfile(struct tcplay_opts *opts);
243 void opts_clear_keyfile_hidden(struct tcplay_opts *opts);
244 void opts_clear_keyfile_new(struct tcplay_opts *opts);
245 
246 void *read_to_safe_mem(const char *file, off_t offset, size_t *sz);
247 int get_random(unsigned char *buf, size_t len, int weak);
248 int secure_erase(const char *dev, disksz_t bytes, size_t blksz);
249 int get_disk_info(const char *dev, disksz_t *blocks, size_t *bsize);
250 int write_to_disk(const char *dev, off_t offset, size_t blksz, void *mem,
251     size_t bytes);
252 int write_to_file(const char *file, void *mem, size_t bytes);
253 int read_passphrase(const char *prompt, char *pass, size_t passlen,
254     size_t bufsz, time_t timeout);
255 float get_random_read_progress(void);
256 float get_secure_erase_progress(void);
257 
258 
259 int tc_crypto_init(void);
260 int tc_cipher_chain_populate_keys(struct tc_cipher_chain *cipher_chain,
261     unsigned char *key);
262 int tc_cipher_chain_free_keys(struct tc_cipher_chain *cipher_chain);
263 int tc_encrypt(struct tc_cipher_chain *cipher_chain, unsigned char *key,
264     unsigned char *iv,
265     unsigned char *in, int in_len, unsigned char *out);
266 int tc_decrypt(struct tc_cipher_chain *cipher_chain, unsigned char *key,
267     unsigned char *iv,
268     unsigned char *in, int in_len, unsigned char *out);
269 
270 /* The following two are platform dependent */
271 int syscrypt(struct tc_crypto_algo *cipher, unsigned char *key, size_t klen,
272     unsigned char *iv, unsigned char *in, unsigned char *out, size_t len,
273     int do_encrypt);
274 int pbkdf2(struct pbkdf_prf_algo *hash, const char *pass, int passlen,
275     const unsigned char *salt, int saltlen,
276     int keylen, unsigned char *out);
277 
278 int apply_keyfiles(unsigned char *pass, size_t pass_memsz, const char *keyfiles[],
279     int nkeyfiles);
280 
281 struct tchdr_enc *create_hdr(unsigned char *pass, int passlen,
282     struct pbkdf_prf_algo *prf_algo, struct tc_cipher_chain *cipher_chain,
283     size_t sec_sz, disksz_t total_blocks,
284     off_t offset, disksz_t blocks, int hidden, int weak,
285     struct tchdr_enc **backup_hdr);
286 struct tchdr_dec *decrypt_hdr(struct tchdr_enc *ehdr,
287     struct tc_cipher_chain *cipher_chain, unsigned char *key);
288 int verify_hdr(struct tchdr_dec *hdr, struct pbkdf_prf_algo *prf_algo);
289 struct tchdr_enc *copy_reencrypt_hdr(unsigned char *pass, int passlen,
290     struct pbkdf_prf_algo *prf_algo, int weak, struct tcplay_info *info,
291     struct tchdr_enc **backup_hdr);
292 
293 void *_alloc_safe_mem(size_t req_sz, const char *file, int line);
294 void *_strdup_safe_mem(const char *in, const char *file, int line);
295 void _free_safe_mem(void *mem, const char *file, int line);
296 void check_and_purge_safe_mem(void);
297 
298 struct tc_crypto_algo *check_cipher(const char *cipher, int quiet);
299 struct tc_cipher_chain *check_cipher_chain(const char *cipher_chain, int quiet);
300 struct pbkdf_prf_algo *check_prf_algo(const char *algo, int sys, int quiet);
301 
302 int tc_play_init(void);
303 void tc_log(int err, const char *fmt, ...);
304 int tc_cipher_chain_klen(struct tc_cipher_chain *chain);
305 int tc_cipher_chain_length(struct tc_cipher_chain *chain);
306 char *tc_cipher_chain_sprint(char *buf, size_t bufsz,
307     struct tc_cipher_chain *chain);
308 int free_info(struct tcplay_info *info);
309 void print_info(struct tcplay_info *info);
310 int adjust_info(struct tcplay_info *info, struct tcplay_info *hinfo);
311 int process_hdr(const char *dev, int flags, unsigned char *pass, int passlen,
312     struct tchdr_enc *ehdr, struct tcplay_info **pinfo);
313 int create_volume(struct tcplay_opts *opts);
314 struct tcplay_info *info_map_common(struct tcplay_opts *opts,
315     char *passphrase_out);
316 int info_mapped_volume(struct tcplay_opts *opts);
317 int info_volume(struct tcplay_opts *opts);
318 int map_volume(struct tcplay_opts *opts);
319 int modify_volume(struct tcplay_opts *opts);
320 int dm_setup(const char *mapname, struct tcplay_info *info);
321 int dm_teardown(const char *mapname, const char *device);
322 struct tcplay_info *dm_info_map(const char *map_name);
323 
324 typedef void(*summary_fn_t)(void);
325 
326 extern int tc_internal_verbose;
327 extern char tc_internal_log_buffer[];
328 extern summary_fn_t summary_fn;
329 extern struct pbkdf_prf_algo pbkdf_prf_algos[];
330 extern struct tc_cipher_chain *tc_cipher_chains[MAX_CIPHER_CHAINS];
331 
332 #define STATE_UNKNOWN                   0
333 #define STATE_GET_RANDOM      1
334 #define STATE_ERASE           2
335 
336 extern int tc_internal_state;
337 #ifndef   __DECONST
338 #define   __DECONST(type, var)          ((type)(uintptr_t)(const void *)(var))
339 #endif
340 
341 #define alloc_safe_mem(x) \
342           _alloc_safe_mem(x, __FILE__, __LINE__)
343 
344 #define strdup_safe_mem(x) \
345           _strdup_safe_mem(x, __FILE__, __LINE__)
346 
347 #define free_safe_mem(x) \
348           _free_safe_mem(__DECONST(void *, x), __FILE__, __LINE__)
349 
350 #define __unused       __attribute__((__unused__))
351 
352 #endif
353