X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=tfcrypt.c;h=6b9055f346b7def9984a34863a86cc15cff6f577;hb=f98c367a4cf1ed9f0c6d7620e3f1988596945495;hp=c8664cca99aad14cbc4cb9e84c4bb964483f5b4a;hpb=26668913a55e867900ae7f80615640d814494e29;p=tfcrypt.git diff --git a/tfcrypt.c b/tfcrypt.c index c8664cc..6b9055f 100644 --- a/tfcrypt.c +++ b/tfcrypt.c @@ -2,7 +2,7 @@ * tfcrypt -- high security Threefish encryption tool. * * tfcrypt is copyrighted: - * Copyright (C) 2012-2018 Andrey Rys. All rights reserved. + * Copyright (C) 2012-2019 Andrey Rys. All rights reserved. * * tfcrypt is licensed to you under the terms of std. MIT/X11 license: * @@ -28,6 +28,20 @@ #include "tfcrypt.h" +static tfc_byte svctr[TF_BLOCK_SIZE]; + +static void open_log(const char *logfile) +{ + int fd; + + fd = open(logfile, O_WRONLY | O_CREAT | O_LARGEFILE | O_TRUNC, 0666); + if (fd == -1) xerror(NO, NO, YES, "%s", logfile); + xclose(2); + if (dup2(fd, 2) == -1) xexit(2); + xclose(fd); + do_statline_dynamic = NO; +} + static int getps_filter(struct getpasswd_state *getps, char chr, size_t pos) { if (chr == '\x03') { @@ -51,12 +65,69 @@ static int getps_hex_filter(struct getpasswd_state *getps, char chr, size_t pos) return 0; } +static inline int isctrlchr(int c) +{ + if (c == 9) return 0; + if (c >= 0 && c <= 31) return 1; + if (c == 127) return 1; + return 0; +} + +static int getps_plain_filter(struct getpasswd_state *getps, char chr, size_t pos) +{ + int x; + + x = getps_filter(getps, chr, pos); + if (x != 1) return x; + + if (pos < getps->pwlen && !isctrlchr(chr)) + write(getps->efd, &chr, sizeof(char)); + return 1; +} + +static int getps_plain_hex_filter(struct getpasswd_state *getps, char chr, size_t pos) +{ + int x; + + x = getps_hex_filter(getps, chr, pos); + if (x != 1) return x; + + if (pos < getps->pwlen && !isctrlchr(chr)) + write(getps->efd, &chr, sizeof(char)); + return 1; +} + +static void make_hint(void *hint, size_t szhint, const void *data, size_t szdata) +{ + char t[TF_FROM_BITS(TF_MAX_BITS)]; + + skein(t, TF_MAX_BITS, NULL, data, szdata); + xor_shrink(hint, szhint, t, sizeof(t)); + memset(t, 0, sizeof(t)); +} + +static void raw_say_hint(void *hint, size_t szhint, const void *data, size_t szdata, const char *prompt) +{ + make_hint(hint, szhint, data, szdata); + if (prompt) tfc_nfsay(stderr, "%s: ", prompt); + mehexdump(hint, szhint, szhint, 1); + memset(hint, 0, szhint); +} + +static void say_hint(const void *data, size_t szdata, const char *prompt) +{ + char t[TF_SIZE_UNIT]; + raw_say_hint(t, TF_SIZE_UNIT, data, szdata, prompt); + /* t[] is erased (automatically) */ +} + int main(int argc, char **argv) { int c; double td; char *s, *d, *t, *stoi; size_t x, n; + tfc_fsize rwd; progname = basename(argv[0]); @@ -72,8 +143,14 @@ int main(int argc, char **argv) _baddfname: memset(s, 0, n); + if (!strcmp(progname, "iotool")) { + do_edcrypt = TFC_DO_PLAIN; + password = YES; + ctr_mode = TFC_MODE_PLAIN; + } + opterr = 0; - while ((c = getopt(argc, argv, "L:s:aU:C:r:K:t:TPkzxc:l:qedn:vV:pwE:O:S:AmM:R:Z:WHD:")) != -1) { + while ((c = getopt(argc, argv, "L:s:aU:C:r:K:t:Pkzxc:l:qedn:vV:pwE:o:O:S:AmuM:R:Z:WHD:")) != -1) { switch (c) { case 'L': read_defaults(optarg, NO); @@ -91,6 +168,31 @@ _baddfname: counter_opt = TFC_CTR_HEAD; else if (!strcasecmp(optarg, "rand")) counter_opt = TFC_CTR_RAND; + else if (!strcasecmp(optarg, "zero")) + counter_opt = TFC_CTR_ZERO; + else if (strchr(optarg, ':')) { + char *ss, chr; + + counter_opt = TFC_CTR_SSET; + n = sizeof(ctr); + + s = d = optarg; t = NULL; + while ((s = strtok_r(d, ",", &t))) { + if (d) d = NULL; + + if (n == 0) break; + ss = strchr(s, ':'); + if (!ss) continue; + *ss = 0; ss++; + chr = (char)strtoul(s, &stoi, 16); + if (!str_empty(stoi)) continue; + x = (size_t)strtoul(ss, &stoi, 10); + if (!str_empty(stoi)) continue; + if (x > n) x = n; + memset(ctr+(sizeof(ctr)-n), (int)chr, x); + n -= x; + } + } else counter_file = sksum_hashlist_file = optarg; break; case 'C': @@ -114,10 +216,10 @@ _baddfname: ctr_mode = TFC_MODE_PLAIN; break; case 'e': - do_edcrypt = TFC_DO_ENCRYPT; + if (do_edcrypt != TFC_DO_PLAIN) do_edcrypt = TFC_DO_ENCRYPT; break; case 'd': - do_edcrypt = TFC_DO_DECRYPT; + if (do_edcrypt != TFC_DO_PLAIN) do_edcrypt = TFC_DO_DECRYPT; break; case 'D': macbits = strtoul(optarg, &stoi, 10); @@ -157,10 +259,7 @@ _baddfname: break; case 't': tweakf = optarg; - break; - case 'T': - tfc_saltsz = 0; - do_tfcrypt1 = YES; + do_full_key = NO; break; case 'l': if (maxlen != NOFSIZE) break; @@ -198,6 +297,9 @@ _baddfname: error_action = TFC_ERRACT_LSYNC; else xerror(NO, YES, YES, "invalid error action %s specified", optarg); break; + case 'o': + open_log(optarg); + break; case 'O': s = d = optarg; t = NULL; while ((s = strtok_r(d, ",", &t))) { @@ -226,6 +328,12 @@ _baddfname: mac_pw_prompt = s+10; else if (!strcmp(s, "shorthex")) do_full_hexdump = NO; + else if (!strcmp(s, "fullkey")) + do_full_key = YES; + else if (!strcmp(s, "showsecrets")) + show_secrets = YES; + else if (!strncmp(s, "logfile", 7) && *(s+7) == '=') + open_log(s+8); else if (!strncmp(s, "iobs", 4) && *(s+4) == '=') { s += 5; blksize = (size_t)tfc_humanfsize(s, &stoi); @@ -341,6 +449,24 @@ _baddfname: if (counter_opt == TFC_CTR_HEAD) maxlen += TF_BLOCK_SIZE; } + else if (!strncmp(s, "ftrunc", 6) && *(s+6) == '=') { + s += 7; + if (!strcmp(s, "tail")) { + do_ftrunc = TFC_FTRUNC_TAIL; + ftrunc_dfd = NOFSIZE; + } + else { + do_ftrunc = TFC_DO_FTRUNC; + ftrunc_dfd = tfc_humanfsize(s, &stoi); + if (!str_empty(stoi)) { + ftrunc_dfd = tfc_fnamesize(s, YES); + ftrunc_dfd = tfc_modifysize(ftrunc_dfd, strchr(s, ':')); + if (ftrunc_dfd == NOFSIZE) xerror(NO, YES, YES, + "%s: invalid ftrunc value", s); + } + else ftrunc_dfd = tfc_modifysize(ftrunc_dfd, strchr(s, ':')); + } + } else if (!strncmp(s, "xkey", 4) && *(s+4) == '=') { s += 5; maxkeylen = tfc_humanfsize(s, &stoi); @@ -395,9 +521,11 @@ _baddfname: do_mac_file = optarg; break; case 'm': + case 'u': if (do_mac != TFC_MAC_VRFY) xerror(NO, YES, YES, "signature source was not specified"); do_mac = TFC_MAC_JUST_VRFY; + if (c == 'u') do_mac = TFC_MAC_JUST_VRFY2; break; case 'R': case 'Z': @@ -442,6 +570,7 @@ _baddfname: case 'q': quiet = YES; verbose = NO; + do_full_hexdump = NO; status_timer = 0; break; case 'v': @@ -491,8 +620,6 @@ _baddfname: xerror(NO, YES, YES, "Cannot encrypt and read CTR from source!"); if (overwrite_source && counter_opt == TFC_CTR_RAND) xerror(NO, YES, YES, "Cannot embed a CTR into file when overwriting it!"); - if (tweakf && do_tfcrypt1 == NO) - xerror(NO, YES, YES, "Use -T with -t tweakfile to enable old tfcrypt mode!"); if (ctr_mode == TFC_MODE_PLAIN && (do_edcrypt || do_mac || rawkey || mackey_opt || counter_opt || counter_file)) @@ -536,7 +663,7 @@ _nosalt: lrem = lblock = sizeof(tmpdata); if (error_action == TFC_ERRACT_SYNC) rdpos = tfc_fdgetpos(mkfd); _mkragain: lio = xread(mkfd, pblk, lrem); - if (lio == 0) do_stop = YES; + if (lio == 0 && do_stop == NO) do_stop = YES; if (lio != NOSIZE) ldone += lio; else { if (errno != EIO && catch_all_errors != YES) @@ -573,20 +700,14 @@ _mkragain: lio = xread(mkfd, pblk, lrem); getps.passwd = pwdask; getps.pwlen = sizeof(pwdask)-1; getps.echo = mac_pw_prompt ? mac_pw_prompt : "Enter MAC password: "; - getps.charfilter = getps_filter; - getps.maskchar = 'x'; + getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter; + getps.maskchar = (show_secrets == YES) ? 0 : 'x'; getps.flags = GETP_WAITFILL; n = xgetpasswd(&getps); if (n == NOSIZE) xerror(NO, NO, YES, "getting MAC password"); if (n == ((size_t)-2)) xexit(1); + if (verbose) say_hint(pwdask, n, "MAC password hint"); skein(mackey, TF_MAX_BITS, NULL, pwdask, n); - if (verbose) { - skein(tmpdata, TF_MAX_BITS, NULL, mackey, TF_FROM_BITS(TF_MAX_BITS)); - xor_shrink(tmpdata+TF_FROM_BITS(TF_MAX_BITS), TF_SIZE_UNIT, tmpdata, TF_FROM_BITS(TF_MAX_BITS)); - tfc_nfsay(stderr, "MAC password hint: "); - mehexdump(tmpdata+TF_FROM_BITS(TF_MAX_BITS), TF_SIZE_UNIT, TF_SIZE_UNIT, 1); - memset(tmpdata, 0, sizeof(tmpdata)); - } } @@ -616,16 +737,16 @@ _mkragain: lio = xread(mkfd, pblk, lrem); else password = YES; errno = 0; - if (do_tfcrypt1 == YES && tweakf) { + if (do_full_key == NO && tweakf) { int twfd; if (!strcmp(tweakf, "-")) twfd = 0; else twfd = open(tweakf, O_RDONLY | O_LARGEFILE); if (twfd == -1) xerror(NO, NO, YES, "%s", tweakf); - lio = ldone = xread(twfd, key+TF_FROM_BITS(TF_MAX_BITS)+TF_SIZE_UNIT, 2*TF_SIZE_UNIT); + lio = ldone = xread(twfd, tweak, TF_TWEAK_SIZE); if (lio == NOSIZE) xerror(NO, NO, YES, "%s", tweakf); - if (ldone < 2*TF_SIZE_UNIT) - xerror(NO, NO, YES, "%s: %zu bytes tweak required", tweakf, 2*TF_SIZE_UNIT); + if (ldone < TF_TWEAK_SIZE) + xerror(NO, NO, YES, "%s: %zu bytes tweak required", tweakf, TF_TWEAK_SIZE); xclose(twfd); } @@ -768,12 +889,13 @@ _xts2keyaskstr: memset(&getps, 0, sizeof(struct getpasswd_state)); getps.passwd = (char *)pblk; getps.pwlen = n; getps.echo = pw_prompt ? pw_prompt : "Enter rawkey (str): "; - getps.charfilter = getps_filter; - getps.maskchar = 'x'; + getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter; + getps.maskchar = (show_secrets == YES) ? 0 : 'x'; getps.flags = GETP_WAITFILL; n = xgetpasswd(&getps); if (n == NOSIZE) xerror(NO, NO, YES, "getting string rawkey"); if (n == ((size_t)-2)) xexit(1); + if (verbose) say_hint(pblk, n, "Raw string key hint"); if (ctr_mode == TFC_MODE_XTS) { if (xtskeyset == NO) { pblk = xtskey; n = sizeof(xtskey); @@ -792,8 +914,8 @@ _rawkey_hex_again: getps.passwd = pwdask; getps.pwlen = (TF_FROM_BITS(TFC_KEY_BITS)*2); getps.echo = pw_prompt ? pw_prompt : "Enter rawkey (hex): "; - getps.charfilter = getps_hex_filter; - getps.maskchar = 'x'; + getps.charfilter = (show_secrets == YES) ? getps_plain_hex_filter : getps_hex_filter; + getps.maskchar = (show_secrets == YES) ? 0 : 'x'; getps.flags = GETP_WAITFILL; n = xgetpasswd(&getps); if (n == NOSIZE) xerror(NO, NO, YES, "getting hex rawkey"); @@ -804,6 +926,7 @@ _rawkey_hex_again: } hex2bin(pblk, pwdask); memset(pwdask, 0, sizeof(pwdask)); + if (verbose) say_hint(pblk, n/2, "Raw hex key hint"); if (ctr_mode == TFC_MODE_XTS) { if (xtskeyset == NO) { pblk = xtskey; @@ -818,8 +941,8 @@ _pwdagain: memset(&getps, 0, sizeof(struct getpasswd_state)); getps.passwd = pwdask; getps.pwlen = sizeof(pwdask)-1; getps.echo = pw_prompt ? pw_prompt : "Enter password: "; - getps.charfilter = getps_filter; - getps.maskchar = 'x'; + getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter; + getps.maskchar = (show_secrets == YES) ? 0 : 'x'; getps.flags = GETP_WAITFILL; n = xgetpasswd(&getps); if (n == NOSIZE) xerror(NO, NO, YES, "getting password"); @@ -838,6 +961,7 @@ _pwdagain: memset(&getps, 0, sizeof(struct getpasswd_state)); goto _pwdagain; } } + if (verbose) say_hint(pwdask, n, "Password hint"); skein(key, TFC_KEY_BITS, mackey_opt ? mackey : NULL, pwdask, n); memset(pwdask, 0, sizeof(pwdask)); memset(pwdagain, 0, sizeof(pwdagain)); @@ -912,26 +1036,26 @@ _xts2genkey: if (xwrite(krfd, pblk, TF_FROM_BITS(TFC_KEY_BITS)) == NOSIZE) xerro tf_convkey(key); if (ctr_mode == TFC_MODE_XTS) tf_convkey(xtskey); - if (do_tfcrypt1 == YES) { - if (!tweakf) skein(key+TF_FROM_BITS(TF_MAX_BITS)+TF_SIZE_UNIT, 2*TF_UNIT_BITS, NULL, key, TF_FROM_BITS(TFC_KEY_BITS)); - tf_key_tweak_compat(key); + if (do_full_key == NO) { + if (!tweakf) skein(tweak, TF_NR_TWEAK_BITS, NULL, key, TF_FROM_BITS(TFC_KEY_BITS)); + tf_tweak_set(key, tweak); } if (ctr_mode == TFC_MODE_ECB) goto _ctrskip2; + + if (counter_opt == TFC_CTR_ZERO) memset(ctr, 0, ctrsz); + tfc_data_to_words64(&iseek_blocks, sizeof(iseek_blocks)); tf_ctr_set(ctr, &iseek_blocks, sizeof(iseek_blocks)); + if (do_mac == TFC_MAC_JUST_VRFY2) memcpy(svctr, ctr, TF_BLOCK_SIZE); - if (ctr_mode == TFC_MODE_STREAM) tfe_init_iv(&tfe, key, ctr); - - switch (counter_opt) { - case TFC_CTR_SHOW: - switch (do_outfmt) { - case TFC_OUTFMT_B64: tfc_printbase64(stderr, ctr, ctrsz, YES); break; - case TFC_OUTFMT_RAW: xwrite(2, ctr, ctrsz); break; - case TFC_OUTFMT_HEX: mehexdump(ctr, ctrsz, ctrsz, YES); break; - } - break; - case TFC_CTR_RAND: tfc_getrandom(ctr, ctrsz); break; + if (counter_opt == TFC_CTR_SHOW) { + switch (do_outfmt) { + case TFC_OUTFMT_B64: tfc_printbase64(stderr, ctr, ctrsz, YES); break; + case TFC_OUTFMT_RAW: xwrite(2, ctr, ctrsz); break; + case TFC_OUTFMT_HEX: mehexdump(ctr, ctrsz, ctrsz, YES); break; + } } + else if (counter_opt == TFC_CTR_RAND) tfc_getrandom(ctr, ctrsz); _ctrskip2: if (kfd != -1) { @@ -964,9 +1088,8 @@ _plain: sigact.sa_flags = SA_RESTART; sigact.sa_handler = print_crypt_status; sigaction(SIGUSR1, &sigact, NULL); - sigaction(SIGTSTP, &sigact, NULL); sigaction(SIGALRM, &sigact, NULL); - if (status_timer) setup_next_alarm(status_timer); + if (status_timer) setup_next_alarm(status_timer > 1000000 ? 1000000 : status_timer); sigact.sa_handler = change_status_width; sigaction(SIGQUIT, &sigact, NULL); sigact.sa_handler = change_status_timer; @@ -975,11 +1098,14 @@ _plain: sigact.sa_handler = print_crypt_status; sigaction(SIGINT, &sigact, NULL); sigaction(SIGTERM, &sigact, NULL); + sigaction(SIGTSTP, &sigact, NULL); } else { sigact.sa_handler = exit_sigterm; sigaction(SIGINT, &sigact, NULL); sigaction(SIGTERM, &sigact, NULL); + sigact.sa_handler = handle_sigtstp; + sigaction(SIGTSTP, &sigact, NULL); } memset(&sigact, 0, sizeof(struct sigaction)); @@ -1003,6 +1129,26 @@ _ctrwagain: lio = xwrite(dfd, pblk, lrem); delta_processed += ldone; } + if (ctr_mode == TFC_MODE_STREAM) tfe_init_iv(&tfe, key, ctr); + + if (do_mac == TFC_MAC_JUST_VRFY2) { + rwd = tfc_fdgetpos(sfd); + if (rwd == NOFSIZE) { + tfc_esay("%s: WARNING: input is not seekable, disabling MAC testing mode", progname); + do_mac = TFC_MAC_VRFY; + } + goto _nodecrypt_again_vrfy2; + +_decrypt_again_vrfy2: + if (lseek(sfd, (off_t)rwd, SEEK_SET) == ((off_t)-1)) { + xerror(ignore_seek_errors, NO, YES, "MAC testing seek failed"); + } + total_processed_src = rwd; + memcpy(ctr, svctr, TF_BLOCK_SIZE); + memset(svctr, 0, TF_BLOCK_SIZE); + } + +_nodecrypt_again_vrfy2: errno = 0; do_stop = NO; while (1) { @@ -1012,7 +1158,7 @@ _ctrwagain: lio = xwrite(dfd, pblk, lrem); lrem = lblock = blk_len_adj(maxlen, total_processed_src, blksize); if (error_action == TFC_ERRACT_SYNC) rdpos = tfc_fdgetpos(sfd); _ragain: lio = xread(sfd, pblk, lrem); - if (lio == 0) do_stop = TFC_STOP_BEGAN; + if (lio == 0) do_stop = YES; if (lio != NOSIZE) ldone += lio; else { if (errno != EIO && catch_all_errors != YES) @@ -1072,7 +1218,7 @@ _ragain: lio = xread(sfd, pblk, lrem); if (do_mac >= TFC_MAC_VRFY && ctr_mode < TFC_MODE_OCB) skein_update(&sk, dstblk, ldone); - if (do_mac == TFC_MAC_JUST_VRFY) goto _nowrite; + if (do_mac >= TFC_MAC_JUST_VRFY) goto _nowrite; pblk = dstblk; lrem = ldone; @@ -1086,14 +1232,16 @@ _wagain: lio = xwrite(dfd, pblk, lrem); lrem -= lio; goto _wagain; } + total_written_dst += ldone; _nowrite: total_processed_dst += ldone; delta_processed += ldone; - if (maxlen != NOFSIZE && total_processed_src >= maxlen) break; + if (maxlen != NOFSIZE && total_processed_src >= maxlen) { + do_stop = YES; + break; + } } - if (do_stop == TFC_STOP_FULL) goto _nomac; - errno = 0; if (do_mac >= TFC_MAC_VRFY) { if (!do_mac_file) { @@ -1169,10 +1317,18 @@ _macragain: lio = xread(sfd, pblk, lrem); else mehexdump(macresult, TF_FROM_BITS(macbits), TF_FROM_BITS(macbits), YES); } } + if (do_mac == TFC_MAC_JUST_VRFY2) { + if (verbose) tfc_esay("%s: -u: MAC signature is valid, proceeding with decrypting it again", progname); + do_mac = TFC_MAC_DROP; + goto _decrypt_again_vrfy2; + } } else { - if (quiet == NO) tfc_esay("%s: signature is BAD: " + if (quiet == NO) { + tfc_esay("%s: signature is BAD: " "wrong password, key, mode, or file is not signed", progname); + if (do_mac == TFC_MAC_JUST_VRFY2) tfc_esay("%s: -u: MAC signature is invalid, not decrypting it again", progname); + } exitcode = 1; } @@ -1238,12 +1394,7 @@ _macwagain: lio = xwrite(dfd, pblk, lrem); memset(tmpdata, 0, sizeof(tmpdata)); } -_nomac: - if (verbose || status_timer || do_stop == TFC_STOP_FULL) print_crypt_status(0); - - if (do_preserve_time) fcopy_matime(dfd, &s_stat); - xclose(sfd); - xclose(dfd); + if (verbose || status_timer || (do_stop == YES && quiet == NO)) print_crypt_status(0); xexit(exitcode); return -1;