* tfcrypt -- high security Threefish encryption tool.
*
* tfcrypt is copyrighted:
- * Copyright (C) 2012-2018 Andrey Rys. All rights reserved.
+ * Copyright (C) 2012-2019 Andrey Rys. All rights reserved.
*
* tfcrypt is licensed to you under the terms of std. MIT/X11 license:
*
return 0;
}
+static inline int isctrlchr(int c)
+{
+ if (c == 9) return 0;
+ if (c >= 0 && c <= 31) return 1;
+ if (c == 127) return 1;
+ return 0;
+}
+
+static int getps_plain_filter(struct getpasswd_state *getps, char chr, size_t pos)
+{
+ int x;
+
+ x = getps_filter(getps, chr, pos);
+ if (x != 1) return x;
+
+ if (pos < getps->pwlen && !isctrlchr(chr))
+ write(getps->efd, &chr, sizeof(char));
+ return 1;
+}
+
+static int getps_plain_hex_filter(struct getpasswd_state *getps, char chr, size_t pos)
+{
+ int x;
+
+ x = getps_hex_filter(getps, chr, pos);
+ if (x != 1) return x;
+
+ if (pos < getps->pwlen && !isctrlchr(chr))
+ write(getps->efd, &chr, sizeof(char));
+ return 1;
+}
+
+static void make_hint(void *hint, size_t szhint, const void *data, size_t szdata)
+{
+ char t[TF_FROM_BITS(TF_MAX_BITS)];
+
+ skein(t, TF_MAX_BITS, NULL, data, szdata);
+ xor_shrink(hint, szhint, t, sizeof(t));
+ memset(t, 0, sizeof(t));
+}
+
+static void raw_say_hint(void *hint, size_t szhint, const void *data, size_t szdata, const char *prompt)
+{
+ make_hint(hint, szhint, data, szdata);
+ if (prompt) tfc_nfsay(stderr, "%s: ", prompt);
+ mehexdump(hint, szhint, szhint, 1);
+ memset(hint, 0, szhint);
+}
+
+static void say_hint(const void *data, size_t szdata, const char *prompt)
+{
+ char t[TF_SIZE_UNIT];
+ raw_say_hint(t, TF_SIZE_UNIT, data, szdata, prompt);
+ /* t[] is erased (automatically) */
+}
+
int main(int argc, char **argv)
{
int c;
_baddfname:
memset(s, 0, n);
+ if (!strcmp(progname, "iotool")) {
+ do_edcrypt = TFC_DO_PLAIN;
+ password = YES;
+ ctr_mode = TFC_MODE_PLAIN;
+ }
+
opterr = 0;
- while ((c = getopt(argc, argv, "L:s:aU:C:r:K:t:TPkzxc:l:qedn:vV:pwE:O:S:AmM:R:Z:WHD:")) != -1) {
+ while ((c = getopt(argc, argv, "L:s:aU:C:r:K:t:Pkzxc:l:qedn:vV:pwE:O:S:AmM:R:Z:WHD:")) != -1) {
switch (c) {
case 'L':
read_defaults(optarg, NO);
counter_opt = TFC_CTR_RAND;
else if (!strcasecmp(optarg, "zero"))
counter_opt = TFC_CTR_ZERO;
+ else if (strchr(optarg, ':')) {
+ char *ss, chr;
+
+ counter_opt = TFC_CTR_SSET;
+ n = sizeof(ctr);
+
+ s = d = optarg; t = NULL;
+ while ((s = strtok_r(d, ",", &t))) {
+ if (d) d = NULL;
+
+ if (n == 0) break;
+ ss = strchr(s, ':');
+ if (!ss) continue;
+ *ss = 0; ss++;
+ chr = (char)strtoul(s, &stoi, 16);
+ if (!str_empty(stoi)) continue;
+ x = (size_t)strtoul(ss, &stoi, 10);
+ if (!str_empty(stoi)) continue;
+ if (x > n) x = n;
+ memset(ctr+(sizeof(ctr)-n), (int)chr, x);
+ n -= x;
+ }
+ }
else counter_file = sksum_hashlist_file = optarg;
break;
case 'C':
ctr_mode = TFC_MODE_PLAIN;
break;
case 'e':
- do_edcrypt = TFC_DO_ENCRYPT;
+ if (do_edcrypt != TFC_DO_PLAIN) do_edcrypt = TFC_DO_ENCRYPT;
break;
case 'd':
- do_edcrypt = TFC_DO_DECRYPT;
+ if (do_edcrypt != TFC_DO_PLAIN) do_edcrypt = TFC_DO_DECRYPT;
break;
case 'D':
macbits = strtoul(optarg, &stoi, 10);
tweakf = optarg;
do_full_key = NO;
break;
- case 'T':
- tfc_saltsz = 0;
- do_full_key = NO;
- break;
case 'l':
if (maxlen != NOFSIZE) break;
mac_pw_prompt = s+10;
else if (!strcmp(s, "shorthex"))
do_full_hexdump = NO;
+ else if (!strcmp(s, "fullkey"))
+ do_full_key = YES;
+ else if (!strcmp(s, "showsecrets"))
+ show_secrets = YES;
else if (!strncmp(s, "iobs", 4) && *(s+4) == '=') {
s += 5;
blksize = (size_t)tfc_humanfsize(s, &stoi);
if (counter_opt == TFC_CTR_HEAD)
maxlen += TF_BLOCK_SIZE;
}
+ else if (!strncmp(s, "ftrunc", 6) && *(s+6) == '=') {
+ s += 7;
+ if (!strcmp(s, "tail")) {
+ do_ftrunc = TFC_FTRUNC_TAIL;
+ ftrunc_dfd = NOFSIZE;
+ }
+ else {
+ do_ftrunc = TFC_DO_FTRUNC;
+ ftrunc_dfd = tfc_humanfsize(s, &stoi);
+ if (!str_empty(stoi)) {
+ ftrunc_dfd = tfc_fnamesize(s, YES);
+ ftrunc_dfd = tfc_modifysize(ftrunc_dfd, strchr(s, ':'));
+ if (ftrunc_dfd == NOFSIZE) xerror(NO, YES, YES,
+ "%s: invalid ftrunc value", s);
+ }
+ else ftrunc_dfd = tfc_modifysize(ftrunc_dfd, strchr(s, ':'));
+ }
+ }
else if (!strncmp(s, "xkey", 4) && *(s+4) == '=') {
s += 5;
maxkeylen = tfc_humanfsize(s, &stoi);
case 'q':
quiet = YES;
verbose = NO;
+ do_full_hexdump = NO;
status_timer = 0;
break;
case 'v':
getps.passwd = pwdask;
getps.pwlen = sizeof(pwdask)-1;
getps.echo = mac_pw_prompt ? mac_pw_prompt : "Enter MAC password: ";
- getps.charfilter = getps_filter;
- getps.maskchar = 'x';
+ getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter;
+ getps.maskchar = (show_secrets == YES) ? 0 : 'x';
getps.flags = GETP_WAITFILL;
n = xgetpasswd(&getps);
if (n == NOSIZE) xerror(NO, NO, YES, "getting MAC password");
if (n == ((size_t)-2)) xexit(1);
+ if (verbose) say_hint(pwdask, n, "MAC password hint");
skein(mackey, TF_MAX_BITS, NULL, pwdask, n);
- if (verbose) {
- skein(tmpdata, TF_MAX_BITS, NULL, mackey, TF_FROM_BITS(TF_MAX_BITS));
- xor_shrink(tmpdata+TF_FROM_BITS(TF_MAX_BITS), TF_SIZE_UNIT, tmpdata, TF_FROM_BITS(TF_MAX_BITS));
- tfc_nfsay(stderr, "MAC password hint: ");
- mehexdump(tmpdata+TF_FROM_BITS(TF_MAX_BITS), TF_SIZE_UNIT, TF_SIZE_UNIT, 1);
- memset(tmpdata, 0, sizeof(tmpdata));
- }
}
getps.passwd = (char *)pblk;
getps.pwlen = n;
getps.echo = pw_prompt ? pw_prompt : "Enter rawkey (str): ";
- getps.charfilter = getps_filter;
- getps.maskchar = 'x';
+ getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter;
+ getps.maskchar = (show_secrets == YES) ? 0 : 'x';
getps.flags = GETP_WAITFILL;
n = xgetpasswd(&getps);
if (n == NOSIZE) xerror(NO, NO, YES, "getting string rawkey");
if (n == ((size_t)-2)) xexit(1);
+ if (verbose) say_hint(pblk, n, "Raw string key hint");
if (ctr_mode == TFC_MODE_XTS) {
if (xtskeyset == NO) {
pblk = xtskey; n = sizeof(xtskey);
getps.passwd = pwdask;
getps.pwlen = (TF_FROM_BITS(TFC_KEY_BITS)*2);
getps.echo = pw_prompt ? pw_prompt : "Enter rawkey (hex): ";
- getps.charfilter = getps_hex_filter;
- getps.maskchar = 'x';
+ getps.charfilter = (show_secrets == YES) ? getps_plain_hex_filter : getps_hex_filter;
+ getps.maskchar = (show_secrets == YES) ? 0 : 'x';
getps.flags = GETP_WAITFILL;
n = xgetpasswd(&getps);
if (n == NOSIZE) xerror(NO, NO, YES, "getting hex rawkey");
}
hex2bin(pblk, pwdask);
memset(pwdask, 0, sizeof(pwdask));
+ if (verbose) say_hint(pblk, n/2, "Raw hex key hint");
if (ctr_mode == TFC_MODE_XTS) {
if (xtskeyset == NO) {
pblk = xtskey;
getps.passwd = pwdask;
getps.pwlen = sizeof(pwdask)-1;
getps.echo = pw_prompt ? pw_prompt : "Enter password: ";
- getps.charfilter = getps_filter;
- getps.maskchar = 'x';
+ getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter;
+ getps.maskchar = (show_secrets == YES) ? 0 : 'x';
getps.flags = GETP_WAITFILL;
n = xgetpasswd(&getps);
if (n == NOSIZE) xerror(NO, NO, YES, "getting password");
goto _pwdagain;
}
}
+ if (verbose) say_hint(pwdask, n, "Password hint");
skein(key, TFC_KEY_BITS, mackey_opt ? mackey : NULL, pwdask, n);
memset(pwdask, 0, sizeof(pwdask));
memset(pwdagain, 0, sizeof(pwdagain));
tf_tweak_set(key, tweak);
}
if (ctr_mode == TFC_MODE_ECB) goto _ctrskip2;
+
+ if (counter_opt == TFC_CTR_ZERO) memset(ctr, 0, ctrsz);
+
tfc_data_to_words64(&iseek_blocks, sizeof(iseek_blocks));
tf_ctr_set(ctr, &iseek_blocks, sizeof(iseek_blocks));
- switch (counter_opt) {
- case TFC_CTR_SHOW:
- switch (do_outfmt) {
- case TFC_OUTFMT_B64: tfc_printbase64(stderr, ctr, ctrsz, YES); break;
- case TFC_OUTFMT_RAW: xwrite(2, ctr, ctrsz); break;
- case TFC_OUTFMT_HEX: mehexdump(ctr, ctrsz, ctrsz, YES); break;
- }
- break;
- case TFC_CTR_RAND: tfc_getrandom(ctr, ctrsz); break;
- case TFC_CTR_ZERO: memset(ctr, 0, ctrsz); break;
+ if (counter_opt == TFC_CTR_SHOW) {
+ switch (do_outfmt) {
+ case TFC_OUTFMT_B64: tfc_printbase64(stderr, ctr, ctrsz, YES); break;
+ case TFC_OUTFMT_RAW: xwrite(2, ctr, ctrsz); break;
+ case TFC_OUTFMT_HEX: mehexdump(ctr, ctrsz, ctrsz, YES); break;
+ }
}
+ else if (counter_opt == TFC_CTR_RAND) tfc_getrandom(ctr, ctrsz);
_ctrskip2:
if (kfd != -1) {
if (do_preserve_time) fcopy_matime(dfd, &s_stat);
xclose(sfd);
+ if (do_ftrunc > TFC_NO_FTRUNC) {
+ if (do_ftrunc == TFC_FTRUNC_TAIL) ftrunc_dfd = total_processed_dst;
+ if (ftruncate(dfd, (off_t)ftrunc_dfd) == -1) xerror(YES, NO, YES, "ftruncate(%d)", dfd);
+ }
xclose(dfd);
xexit(exitcode);