tfcrypt is actually a frontend for Threefish with (by default) XTS mode of operation.
As a key it uses either password or keyfile, which is then hashed many times
-with Skein hash function. Default key length is 1280 bits (160 bytes).
+with Skein hash function.
This program is incompatible with older, "tf1024" tfcrypt version. This version aims to
provide a portable encryption tool to encrypt fixed media such as disks and archive files,
-as well as to provide decades long privacy for encrypted data. That's why it uses 1024 bit
-encryption and, unlike older version, virtually extends key size to 1280 bits by
-removing tweak feature from Threefish and uses either XTS (by default) or OCB modes of
-operation instead, to encrypt fixed media in a secure undetectable way.
-
+as well as to provide decades long privacy for encrypted data.
Supported modes of operation: CTR, ECB, CBC, XTS, OCB and arbitrary long keystream.
OCB mode does not use Skein hash function to hash and verify message, instead, it does
a single pass crypt and verify, thus, it is faster than other modes when both crypt and verify.
+Additionally, this version provides a way to virtually "extend" key size to 1280 bits,
+by enabling "full_key" option or changing "do_full_key" default setting in tfcrypt_defs.h.
+In this mode, tweak is ignored, and filled with extended key material.
+
THREEFISH NOTES
Please note that this encryption software includes Threefish cipher, which is terribly
|| macbits > TF_MAX_BITS || macbits % 8)
xerror(NO, YES, YES, "[%s] macbits=%s: invalid MAC bits setting", path, d);
}
+ else if (!strcmp(s, "do_full_key")) {
+ if (!strcasecmp(d, "yes")) do_full_key = YES;
+ else if (!strcasecmp(d, "no")) do_full_key = NO;
+ }
else xerror(NO, YES, YES, "[%s] %s: unknown keyword", path, s);
}
int do_edcrypt = TFC_DO_ENCRYPT, do_stop, quiet, error_action;
int counter_opt, mackey_opt, do_mac, do_outfmt = TFC_OUTFMT_B64, rawkey;
int idx, write_flags;
-tfc_yesno catch_all_errors, ignore_seek_errors, password, overwrite_source, do_fsync, do_pad, do_tfcrypt1;
+tfc_yesno catch_all_errors, ignore_seek_errors, password, overwrite_source, do_fsync, do_pad;
tfc_yesno do_preserve_time, do_stats_in_gibs, do_statline_dynamic = YES, do_less_stats;
tfc_yesno no_repeat, do_full_hexdump = YES, verbose, statline_was_shown;
char *srcfname = TFC_STDIN_NAME, *dstfname = TFC_STDOUT_NAME, *do_mac_file, *counter_file, *sksum_hashlist_file;
break;
case 't':
tweakf = optarg;
+ do_full_key = NO;
break;
case 'T':
tfc_saltsz = 0;
- do_tfcrypt1 = YES;
+ do_full_key = NO;
break;
case 'l':
if (maxlen != NOFSIZE) break;
xerror(NO, YES, YES, "Cannot encrypt and read CTR from source!");
if (overwrite_source && counter_opt == TFC_CTR_RAND)
xerror(NO, YES, YES, "Cannot embed a CTR into file when overwriting it!");
- if (tweakf && do_tfcrypt1 == NO)
- xerror(NO, YES, YES, "Use -T with -t tweakfile to enable old tfcrypt mode!");
if (ctr_mode == TFC_MODE_PLAIN
&& (do_edcrypt || do_mac || rawkey
|| mackey_opt || counter_opt || counter_file))
else password = YES;
errno = 0;
- if (do_tfcrypt1 == YES && tweakf) {
+ if (do_full_key == NO && tweakf) {
int twfd;
if (!strcmp(tweakf, "-")) twfd = 0;
tf_convkey(key);
if (ctr_mode == TFC_MODE_XTS) tf_convkey(xtskey);
- if (do_tfcrypt1 == YES) {
+ if (do_full_key == NO) {
if (!tweakf) skein(tweak, TF_NR_TWEAK_BITS, NULL, key, TF_FROM_BITS(TFC_KEY_BITS));
tf_tweak_set(key, tweak);
}
#define NOFSIZE ((tfc_fsize)-1)
#define TFC_ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0]))
-#define TFC_KEY_BITS (do_tfcrypt1 == YES ? TF_MAX_BITS : TF_NR_KEY_BITS)
+#define TFC_KEY_BITS (do_full_key == NO ? TF_MAX_BITS : TF_NR_KEY_BITS)
#define TFC_ASCII_TFC_MAC_FOURCC "%TF"
#define TFC_ASCII_TFC_MAC_FOURCC_LEN (sizeof(TFC_ASCII_TFC_MAC_FOURCC)-1)
extern size_t macbits;
extern size_t tfc_saltsz;
extern tfc_byte tfc_salt[TFC_MAX_SALT];
+extern tfc_yesno do_full_key;
extern char *progname;
extern int exitcode;
extern int do_edcrypt, do_stop, quiet, error_action;
extern int counter_opt, mackey_opt, do_mac, do_outfmt, rawkey;
extern int idx, write_flags;
-extern tfc_yesno catch_all_errors, ignore_seek_errors, password, overwrite_source, do_fsync, do_pad, do_tfcrypt1;
+extern tfc_yesno catch_all_errors, ignore_seek_errors, password, overwrite_source, do_fsync, do_pad;
extern tfc_yesno do_preserve_time, do_stats_in_gibs, do_statline_dynamic, do_less_stats;
extern tfc_yesno no_repeat, do_full_hexdump, verbose, statline_was_shown;
extern char *srcfname, *dstfname, *do_mac_file, *counter_file, *sksum_hashlist_file;
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
};
+tfc_yesno do_full_key = NO;
#endif
projects / tfcrypt.git / commitdiff