2 * tfcrypt -- high security Threefish encryption tool.
4 * tfcrypt is copyrighted:
5 * Copyright (C) 2012-2018 Andrey Rys. All rights reserved.
7 * tfcrypt is licensed to you under the terms of std. MIT/X11 license:
9 * Permission is hereby granted, free of charge, to any person obtaining
10 * a copy of this software and associated documentation files (the
11 * "Software"), to deal in the Software without restriction, including
12 * without limitation the rights to use, copy, modify, merge, publish,
13 * distribute, sublicense, and/or sell copies of the Software, and to
14 * permit persons to whom the Software is furnished to do so, subject to
15 * the following conditions:
17 * The above copyright notice and this permission notice shall be
18 * included in all copies or substantial portions of the Software.
20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
23 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
24 * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
25 * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
26 * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
31 static int getps_filter(struct getpasswd_state *getps, char chr, size_t pos)
34 getps->retn = ((size_t)-2);
40 static int getps_hex_filter(struct getpasswd_state *getps, char chr, size_t pos)
43 getps->retn = ((size_t)-2);
46 if (chr >= '0' && chr <= '9') return 1;
47 if (chr >= 'a' && chr <= 'f') return 1;
48 if (chr >= 'A' && chr <= 'F') return 1;
49 if (chr == '\x7f' || chr == '\x08'
50 || chr == '\x15' || chr == '\x17') return 1;
54 static inline int isctrlchr(int c)
57 if (c >= 0 && c <= 31) return 1;
58 if (c == 127) return 1;
62 static int getps_plain_filter(struct getpasswd_state *getps, char chr, size_t pos)
66 x = getps_filter(getps, chr, pos);
69 if (pos < getps->pwlen && !isctrlchr(chr))
70 write(getps->efd, &chr, sizeof(char));
74 static int getps_plain_hex_filter(struct getpasswd_state *getps, char chr, size_t pos)
78 x = getps_hex_filter(getps, chr, pos);
81 if (pos < getps->pwlen && !isctrlchr(chr))
82 write(getps->efd, &chr, sizeof(char));
86 int main(int argc, char **argv)
90 char *s, *d, *t, *stoi;
93 progname = basename(argv[0]);
95 if (!isatty(2)) do_statline_dynamic = NO;
100 n = PATH_MAX > sizeof(srcblk) ? sizeof(srcblk) : PATH_MAX;
101 if (xstrlcpy(s, d, n) >= n) goto _baddfname;
102 if (xstrlcat(s, "/.tfcrypt.defs", n) >= n) goto _baddfname;
103 read_defaults(s, YES);
108 while ((c = getopt(argc, argv, "L:s:aU:C:r:K:t:Pkzxc:l:qedn:vV:pwE:O:S:AmM:R:Z:WHD:")) != -1) {
111 read_defaults(optarg, NO);
120 if (!strcasecmp(optarg, "show"))
121 counter_opt = TFC_CTR_SHOW;
122 else if (!strcasecmp(optarg, "head"))
123 counter_opt = TFC_CTR_HEAD;
124 else if (!strcasecmp(optarg, "rand"))
125 counter_opt = TFC_CTR_RAND;
126 else if (!strcasecmp(optarg, "zero"))
127 counter_opt = TFC_CTR_ZERO;
128 else counter_file = sksum_hashlist_file = optarg;
131 if (!strcasecmp(optarg, "ctr"))
132 ctr_mode = TFC_MODE_CTR;
133 else if (!strcasecmp(optarg, "stream"))
134 ctr_mode = TFC_MODE_STREAM;
135 else if (!strcasecmp(optarg, "cbc"))
136 ctr_mode = TFC_MODE_CBC;
137 else if (!strcasecmp(optarg, "ecb"))
138 ctr_mode = TFC_MODE_ECB;
139 else if (!strcasecmp(optarg, "xts"))
140 ctr_mode = TFC_MODE_XTS;
141 else if (!strcasecmp(optarg, "ocb"))
142 ctr_mode = TFC_MODE_OCB;
143 else xerror(NO, YES, YES, "%s: invalid mode of operation", optarg);
146 do_edcrypt = TFC_DO_PLAIN;
148 ctr_mode = TFC_MODE_PLAIN;
151 do_edcrypt = TFC_DO_ENCRYPT;
154 do_edcrypt = TFC_DO_DECRYPT;
157 macbits = strtoul(optarg, &stoi, 10);
158 if (macbits == 0 || !str_empty(stoi) || macbits < 8
159 || macbits > TF_MAX_BITS || macbits % 8)
160 xerror(NO, YES, YES, "%s: invalid MAC bits setting", optarg);
163 nr_turns = sksum_turns = strtoul(optarg, &stoi, 10);
164 if (!str_empty(stoi)) xerror(NO, YES, YES, "%s: invalid number of turns", optarg);
167 if (!strcasecmp(optarg, "key"))
168 mackey_opt = TFC_MACKEY_RAWKEY;
169 else if (!strcasecmp(optarg, "pwd"))
170 mackey_opt = TFC_MACKEY_PASSWORD;
172 mackey_opt = TFC_MACKEY_FILE;
180 rawkey = TFC_RAWKEY_KEYFILE;
183 rawkey = TFC_RAWKEY_ASKSTR;
186 rawkey = TFC_RAWKEY_ASKHEX;
197 if (maxlen != NOFSIZE) break;
199 maxlen = tfc_humanfsize(optarg, &stoi);
200 if (!str_empty(stoi)) {
201 maxlen = tfc_fnamesize(optarg, YES);
202 maxlen = tfc_modifysize(maxlen, strchr(optarg, ':'));
203 if (maxlen == NOFSIZE) xerror(NO, YES, YES,
204 "%s: invalid count value", optarg);
206 else maxlen = tfc_modifysize(maxlen, strchr(optarg, ':'));
207 if (counter_opt == TFC_CTR_HEAD)
208 maxlen += TF_BLOCK_SIZE;
211 overwrite_source = YES;
214 if (!strcmp(optarg, "xall")) {
215 catch_all_errors = YES;
218 if (!strcmp(optarg, "xseek")) {
219 ignore_seek_errors = YES;
222 if (!strcmp(optarg, "exit"))
223 error_action = TFC_ERRACT_EXIT;
224 else if (!strncmp(optarg, "cont", 4))
225 error_action = TFC_ERRACT_CONT;
226 else if (!strcmp(optarg, "sync"))
227 error_action = TFC_ERRACT_SYNC;
228 else if (!strcmp(optarg, "lsync"))
229 error_action = TFC_ERRACT_LSYNC;
230 else xerror(NO, YES, YES, "invalid error action %s specified", optarg);
233 s = d = optarg; t = NULL;
234 while ((s = strtok_r(d, ",", &t))) {
236 if (!strcmp(s, "sync"))
237 write_flags |= O_SYNC;
238 else if (!strcmp(s, "trunc"))
239 write_flags |= O_TRUNC;
240 else if (!strcmp(s, "fsync"))
242 else if (!strcmp(s, "pad"))
244 else if (!strcmp(s, "xtime"))
245 do_preserve_time = YES;
246 else if (!strcmp(s, "gibsize"))
247 do_stats_in_gibs = YES;
248 else if (!strcmp(s, "plainstats"))
249 do_statline_dynamic = NO;
250 else if (!strcmp(s, "statless"))
252 else if (!strcmp(s, "norepeat"))
254 else if (!strncmp(s, "prompt", 6) && *(s+6) == '=')
256 else if (!strncmp(s, "macprompt", 9) && *(s+9) == '=')
257 mac_pw_prompt = s+10;
258 else if (!strcmp(s, "shorthex"))
259 do_full_hexdump = NO;
260 else if (!strcmp(s, "fullkey"))
262 else if (!strcmp(s, "showsecrets"))
264 else if (!strncmp(s, "iobs", 4) && *(s+4) == '=') {
266 blksize = (size_t)tfc_humanfsize(s, &stoi);
267 if (!str_empty(stoi)) {
268 blksize = (size_t)tfc_fnamesize(s, YES);
269 blksize = (size_t)tfc_modifysize((tfc_fsize)blksize, strchr(s, ':'));
270 if (blksize == NOSIZE) xerror(NO, YES, YES,
271 "%s: invalid block size value", s);
273 else blksize = (size_t)tfc_modifysize((tfc_fsize)blksize, strchr(s, ':'));
274 if (blksize < TF_BLOCK_SIZE) xerror(NO, YES, YES,
275 "%s: block size is lesser than TF_BLOCK_SIZE (%u bytes)", s, TFC_U(TF_BLOCK_SIZE));
276 if (blksize > TFC_BLKSIZE) xerror(NO, YES, YES,
277 "%s: block size exceeds %u bytes",
278 s, TFC_U(TFC_BLKSIZE));
280 else if (!strncmp(s, "xtsblocks", 9) && *(s+9) == '=') {
282 xtsblocks = (size_t)tfc_humanfsize(s, &stoi);
283 if (!str_empty(stoi)) {
284 xtsblocks = (size_t)tfc_fnamesize(s, YES);
285 xtsblocks = (size_t)tfc_modifysize((tfc_fsize)xtsblocks, strchr(s, ':'));
286 if (xtsblocks == NOSIZE) xerror(NO, YES, YES,
287 "%s: invalid blocks per xts block value", s);
289 else xtsblocks = (size_t)tfc_modifysize((tfc_fsize)xtsblocks, strchr(s, ':'));
290 if (TFC_BLKSIZE % xtsblocks) xerror(NO, YES, YES,
291 "%s: nr of blocks per xts block is not round to %u bytes",
292 s, TFC_U(TFC_BLKSIZE));
293 if ((xtsblocks * TF_BLOCK_SIZE) > TFC_BLKSIZE) xerror(NO, YES, YES,
294 "%s: nr of blocks per xts block exceeds %u bytes",
295 s, TFC_U(TFC_BLKSIZE));
297 else if (!strncmp(s, "iseek", 5) && *(s+5) == '=') {
299 iseek = tfc_humanfsize(s, &stoi);
300 if (!str_empty(stoi)) {
301 iseek = tfc_fnamesize(s, YES);
302 iseek = tfc_modifysize(iseek, strchr(s, ':'));
303 if (iseek == NOFSIZE) xerror(NO, YES, YES,
304 "%s: invalid iseek value", s);
306 else iseek = tfc_modifysize(iseek, strchr(s, ':'));
307 if (ctr_mode != TFC_MODE_PLAIN && iseek % TF_BLOCK_SIZE)
309 "%s: not round to TF block size "
311 s, TFC_U(TF_BLOCK_SIZE));
312 iseek_blocks = iseek / TF_BLOCK_SIZE;
314 else if (!strncmp(s, "ixseek", 6) && *(s+6) == '=') {
316 iseek = tfc_humanfsize(s, &stoi);
317 if (!str_empty(stoi)) {
318 iseek = tfc_fnamesize(s, YES);
319 iseek = tfc_modifysize(iseek, strchr(s, ':'));
320 if (iseek == NOFSIZE) xerror(NO, YES, YES,
321 "%s: invalid ixseek value", s);
323 else iseek = tfc_modifysize(iseek, strchr(s, ':'));
325 else if (!strncmp(s, "ictr", 4) && *(s+4) == '=') {
327 iseek_blocks = tfc_humanfsize(s, &stoi);
328 if (!str_empty(stoi)) {
329 iseek_blocks = tfc_fnamesize(s, YES);
330 if (iseek_blocks == NOFSIZE)
332 "%s: invalid ictr value", s);
333 iseek_blocks /= TF_BLOCK_SIZE;
334 iseek_blocks = tfc_modifysize(iseek_blocks, strchr(s, ':'));
336 else iseek_blocks = tfc_modifysize(iseek_blocks, strchr(s, ':'));
338 else if (!strncmp(s, "ixctr", 5) && *(s+5) == '=') {
340 iseek_blocks = tfc_humanfsize(s, &stoi);
341 if (!str_empty(stoi)) {
342 iseek_blocks = tfc_fnamesize(s, YES);
343 iseek_blocks = tfc_modifysize(iseek_blocks, strchr(s, ':'));
344 if (iseek_blocks == NOFSIZE)
346 "%s: invalid ixctr value", s);
348 else iseek_blocks = tfc_modifysize(iseek_blocks, strchr(s, ':'));
349 if (iseek_blocks % TF_BLOCK_SIZE)
351 "%s: not round to TF block size "
352 "of %u bytes", s, TFC_U(TF_BLOCK_SIZE));
353 iseek_blocks /= TF_BLOCK_SIZE;
355 else if (!strncmp(s, "oseek", 5) && *(s+5) == '=') {
357 oseek = tfc_humanfsize(s, &stoi);
358 if (!str_empty(stoi)) {
359 oseek = tfc_fnamesize(s, YES);
360 oseek = tfc_modifysize(oseek, strchr(s, ':'));
361 if (oseek == NOFSIZE) xerror(NO, YES, YES,
362 "%s: invalid oseek value", s);
364 else oseek = tfc_modifysize(oseek, strchr(s, ':'));
366 else if (!strncmp(s, "count", 5) && *(s+5) == '=') {
368 maxlen = tfc_humanfsize(s, &stoi);
369 if (!str_empty(stoi)) {
370 maxlen = tfc_fnamesize(s, YES);
371 maxlen = tfc_modifysize(maxlen, strchr(s, ':'));
372 if (maxlen == NOFSIZE) xerror(NO, YES, YES,
373 "%s: invalid count value", s);
375 else maxlen = tfc_modifysize(maxlen, strchr(s, ':'));
376 if (counter_opt == TFC_CTR_HEAD)
377 maxlen += TF_BLOCK_SIZE;
379 else if (!strncmp(s, "xkey", 4) && *(s+4) == '=') {
381 maxkeylen = tfc_humanfsize(s, &stoi);
382 if (!str_empty(stoi)) {
383 maxkeylen = tfc_fnamesize(s, YES);
384 maxkeylen = tfc_modifysize(maxkeylen, strchr(s, ':'));
385 if (maxkeylen == NOSIZE)
387 "%s: invalid key length value", s);
389 else maxkeylen = tfc_modifysize(maxkeylen, strchr(s, ':'));
391 else if (!strncmp(s, "okey", 4) && *(s+4) == '=') {
393 keyoffset = tfc_humanfsize(s, &stoi);
394 if (!str_empty(stoi)) {
395 keyoffset = tfc_fnamesize(s, YES);
396 keyoffset = tfc_modifysize(keyoffset, strchr(s, ':'));
397 if (keyoffset == NOFSIZE)
399 "%s: invalid key offset value", s);
401 else keyoffset = tfc_modifysize(keyoffset, strchr(s, ':'));
403 else if (!strncmp(s, "xctr", 4) && *(s+4) == '=') {
405 ctrsz = tfc_humanfsize(s, &stoi);
406 if (!str_empty(stoi)) {
407 ctrsz = (size_t)tfc_fnamesize(s, YES);
408 ctrsz = (size_t)tfc_modifysize((tfc_fsize)ctrsz, strchr(s, ':'));
411 "%s: invalid counter length value", s);
413 else ctrsz = (size_t)tfc_modifysize((tfc_fsize)ctrsz, strchr(s, ':'));
414 if (ctrsz > TF_BLOCK_SIZE)
415 xerror(NO, YES, YES, "%s: counter size cannot exceed TF block size", s);
417 else xerror(NO, YES, YES, "invalid option %s", s);
421 do_mac = TFC_MAC_SIGN;
422 if (strcasecmp(optarg, "mac") != 0)
423 do_mac_file = optarg;
426 do_mac = TFC_MAC_VRFY;
427 if (!strcasecmp(optarg, "drop"))
428 do_mac = TFC_MAC_DROP;
429 else if (strcasecmp(optarg, "mac") != 0)
430 do_mac_file = optarg;
433 if (do_mac != TFC_MAC_VRFY)
434 xerror(NO, YES, YES, "signature source was not specified");
435 do_mac = TFC_MAC_JUST_VRFY;
439 if (maxlen != NOFSIZE) {
440 if (c == 'Z') genzero_nr_bytes = maxlen;
441 else genrandom_nr_bytes = maxlen;
445 if (!strcasecmp(optarg, "cbs"))
447 else if (!strcasecmp(optarg, "ks"))
448 t = TF_FROM_BITS(TFC_KEY_BITS);
449 else if (!strcasecmp(optarg, "xks"))
450 t = TF_FROM_BITS(TFC_KEY_BITS) * 2;
451 else if (!strcasecmp(optarg, "iobs"))
454 t = tfc_humanfsize(optarg, &stoi);
455 if (!str_empty(stoi)) {
456 t = tfc_fnamesize(optarg, NO);
457 t = tfc_modifysize(t, strchr(optarg, ':'));
459 else t = tfc_modifysize(t, strchr(optarg, ':'));
461 if (c == 'Z') genzero_nr_bytes = maxlen = t;
462 else genrandom_nr_bytes = maxlen = t;
466 do_preserve_time = YES;
469 do_outfmt = TFC_OUTFMT_B64;
472 do_outfmt = TFC_OUTFMT_RAW;
475 do_outfmt = TFC_OUTFMT_HEX;
486 td = strtod(optarg, &stoi);
487 status_timer = TFC_DTOUSECS(td);
488 if (status_timer <= TFC_DTOUSECS(0) || !str_empty(stoi)) status_timer = 0;
496 if (!strcmp(progname, "tfbench")) {
497 if (!*(argv+optind)) usage();
499 td = strtod(*(argv+optind), &stoi);
500 if (td <= TFC_DTOUSECS(0) || !str_empty(stoi))
502 "%s: invalid benchmark time in seconds", *(argv+optind));
503 bench_timer = TFC_DTOUSECS(td);
504 do_benchmark(bench_timer, td);
506 if (genrandom_nr_bytes) {
507 ctr_mode = TFC_MODE_STREAM;
508 do_edcrypt = TFC_DO_ENCRYPT;
509 gen_write_bytes(*(argv+optind), oseek, genrandom_nr_bytes);
511 if (genzero_nr_bytes) {
512 ctr_mode = TFC_MODE_PLAIN;
513 do_edcrypt = TFC_DO_PLAIN;
514 gen_write_bytes(*(argv+optind), oseek, genzero_nr_bytes);
517 if (rawkey && password)
518 xerror(NO, YES, YES, "Cannot use rawkey and hashing password!");
519 if (do_edcrypt == TFC_DO_ENCRYPT && do_mac >= TFC_MAC_VRFY)
520 xerror(NO, YES, YES, "Cannot encrypt and verify signature!");
521 if (do_edcrypt == TFC_DO_DECRYPT && do_mac == TFC_MAC_SIGN)
522 xerror(NO, YES, YES, "Cannot decrypt and calculate signature!");
523 if (do_edcrypt == TFC_DO_DECRYPT && counter_opt == TFC_CTR_RAND)
524 xerror(NO, YES, YES, "Cannot decrypt and embed a generated CTR into file!");
525 if (do_edcrypt == TFC_DO_ENCRYPT && counter_opt == TFC_CTR_HEAD)
526 xerror(NO, YES, YES, "Cannot encrypt and read CTR from source!");
527 if (overwrite_source && counter_opt == TFC_CTR_RAND)
528 xerror(NO, YES, YES, "Cannot embed a CTR into file when overwriting it!");
529 if (ctr_mode == TFC_MODE_PLAIN
530 && (do_edcrypt || do_mac || rawkey
531 || mackey_opt || counter_opt || counter_file))
532 xerror(NO, YES, YES, "Encryption facility is disabled when in plain IO mode.");
540 memset(tfc_salt, 0, TFC_MAX_SALT);
542 if (!strcasecmp(saltf, "disable")) goto _nosalt;
544 if (!strcmp(saltf, "-")) saltfd = 0;
545 else saltfd = open(saltf, O_RDONLY | O_LARGEFILE);
546 if (saltfd == -1) xerror(NO, NO, YES, "%s", saltf);
547 lio = xread(saltfd, tfc_salt, TFC_MAX_SALT - TF_FROM_BITS(TFC_KEY_BITS));
548 if (lio == NOSIZE) xerror(NO, NO, YES, "%s", saltf);
554 if (mackey_opt == TFC_MACKEY_FILE && mackeyf) {
558 if (!strcmp(mackeyf, "-")) mkfd = 0;
559 else mkfd = open(mackeyf, O_RDONLY | O_LARGEFILE);
560 if (mkfd == -1) xerror(NO, NO, YES, "%s", mackeyf);
562 skein_init(&sk, TFC_KEY_BITS);
569 lrem = lblock = sizeof(tmpdata);
570 if (error_action == TFC_ERRACT_SYNC) rdpos = tfc_fdgetpos(mkfd);
571 _mkragain: lio = xread(mkfd, pblk, lrem);
572 if (lio == 0) do_stop = YES;
573 if (lio != NOSIZE) ldone += lio;
575 if (errno != EIO && catch_all_errors != YES)
576 xerror(NO, NO, NO, "%s", mackeyf);
577 switch (error_action) {
578 case TFC_ERRACT_CONT: xerror(YES, NO, NO, "%s", mackeyf); goto _mkragain; break;
579 case TFC_ERRACT_SYNC:
580 case TFC_ERRACT_LSYNC:
581 xerror(YES, NO, NO, "%s", mackeyf);
582 lio = ldone = lrem = lblock;
583 memset(tmpdata, 0, lio);
584 if (rdpos == NOFSIZE) lseek(mkfd, lio, SEEK_CUR);
585 else lseek(mkfd, rdpos + lio, SEEK_SET);
587 default: xerror(NO, NO, NO, "%s", mackeyf); break;
590 if (lio && lio < lrem) {
596 skein_update(&sk, tmpdata, ldone);
599 skein_final(mackey, &sk);
603 else if (mackey_opt == TFC_MACKEY_PASSWORD) {
604 memset(&getps, 0, sizeof(struct getpasswd_state));
605 getps.fd = getps.efd = -1;
606 getps.passwd = pwdask;
607 getps.pwlen = sizeof(pwdask)-1;
608 getps.echo = mac_pw_prompt ? mac_pw_prompt : "Enter MAC password: ";
609 getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter;
610 getps.maskchar = (show_secrets == YES) ? 0 : 'x';
611 getps.flags = GETP_WAITFILL;
612 n = xgetpasswd(&getps);
613 if (n == NOSIZE) xerror(NO, NO, YES, "getting MAC password");
614 if (n == ((size_t)-2)) xexit(1);
615 skein(mackey, TF_MAX_BITS, NULL, pwdask, n);
617 skein(tmpdata, TF_MAX_BITS, NULL, mackey, TF_FROM_BITS(TF_MAX_BITS));
618 xor_shrink(tmpdata+TF_FROM_BITS(TF_MAX_BITS), TF_SIZE_UNIT, tmpdata, TF_FROM_BITS(TF_MAX_BITS));
619 tfc_nfsay(stderr, "MAC password hint: ");
620 mehexdump(tmpdata+TF_FROM_BITS(TF_MAX_BITS), TF_SIZE_UNIT, TF_SIZE_UNIT, 1);
621 memset(tmpdata, 0, sizeof(tmpdata));
626 if ((strlen(progname) <= 9)
627 && ((!strcmp(progname, "sksum"))
628 || ((!memcmp(progname, "sk", 2))
629 && (!memcmp(progname+3, "sum", 3)
630 || !memcmp(progname+4, "sum", 3)
631 || !memcmp(progname+5, "sum", 3)
632 || !memcmp(progname+6, "sum", 3)))))
633 do_sksum(progname, argv+optind);
634 if (!strcmp(progname, "tfbase64")) do_edbase64(argv+optind);
639 if (password || rawkey > TFC_RAWKEY_KEYFILE) goto _nokeyfd;
640 if (!strcmp(argv[idx], "-")) kfd = 0;
641 else kfd = open(argv[idx], O_RDONLY | O_LARGEFILE);
642 if (kfd == -1) xerror(NO, NO, YES, "%s", argv[idx]);
644 lio = strnlen(argv[idx], PATH_MAX);
645 memset(argv[idx], '*', lio);
652 if (do_full_key == NO && tweakf) {
655 if (!strcmp(tweakf, "-")) twfd = 0;
656 else twfd = open(tweakf, O_RDONLY | O_LARGEFILE);
657 if (twfd == -1) xerror(NO, NO, YES, "%s", tweakf);
658 lio = ldone = xread(twfd, tweak, TF_TWEAK_SIZE);
659 if (lio == NOSIZE) xerror(NO, NO, YES, "%s", tweakf);
660 if (ldone < TF_TWEAK_SIZE)
661 xerror(NO, NO, YES, "%s: %zu bytes tweak required", tweakf, TF_TWEAK_SIZE);
668 if (!strcmp(argv[idx], "-") && kfd) sfd = 0;
670 sfd = open(argv[idx], O_RDONLY | O_LARGEFILE);
671 if (do_preserve_time) if (fstat(sfd, &s_stat) == -1)
672 xerror(YES, NO, YES, "stat(%s)", argv[idx]);
674 if (sfd == -1) xerror(NO, NO, YES, "%s", argv[idx]);
676 if (do_edcrypt == TFC_DO_DECRYPT && do_mac != NO && maxlen != NOFSIZE) {
677 if (verbose) tfc_esay("%s: disabling signature verification on "
678 "requested partial decryption.", progname);
682 if ((do_mac >= TFC_MAC_VRFY || do_mac == TFC_MAC_DROP) && !do_mac_file) {
683 maxlen = tfc_fdsize(sfd);
684 if (maxlen == NOFSIZE)
686 "Cannot verify embedded MAC with non-seekable source!");
687 maxlen -= TF_FROM_BITS(macbits);
689 srcfname = argv[idx];
693 if (!do_mac_file && (do_mac >= TFC_MAC_VRFY && sfd == 0))
694 xerror(NO, YES, YES, "Cannot verify embedded MAC with non-seekable source!");
696 if (ctrsz == NOSIZE) ctrsz = TF_BLOCK_SIZE;
697 if (ctrsz > TF_BLOCK_SIZE) ctrsz = TF_BLOCK_SIZE;
699 if (ctr_mode == TFC_MODE_ECB) goto _ctrskip1;
704 if (!strcmp(counter_file, "-")) ctrfd = 0;
705 else ctrfd = open(counter_file, O_RDONLY | O_LARGEFILE);
706 if (ctrfd == -1) xerror(NO, NO, YES, "%s", counter_file);
707 lio = xread(ctrfd, ctr, ctrsz);
708 if (lio == NOSIZE) xerror(NO, NO, YES, "%s", counter_file);
709 if (lio < ctrsz) xerror(NO, YES, YES, "counter file is too small (%zu)!", lio);
712 else if (counter_opt == TFC_CTR_HEAD) {
715 lrem = lblock = ctrsz;
716 if (error_action == TFC_ERRACT_SYNC) rdpos = tfc_fdgetpos(sfd);
717 _ctrragain: lio = xread(sfd, pblk, lrem);
718 if (lio != NOSIZE) ldone += lio;
720 if (errno != EIO && catch_all_errors != YES)
721 xerror(NO, NO, NO, "%s", srcfname);
722 switch (error_action) {
723 case TFC_ERRACT_CONT: xerror(YES, NO, NO, "%s", srcfname); goto _ctrragain; break;
724 case TFC_ERRACT_SYNC:
725 case TFC_ERRACT_LSYNC:
726 xerror(YES, NO, NO, "%s", srcfname);
727 lio = ldone = lrem = lblock;
729 if (rdpos == NOFSIZE) lseek(sfd, lio, SEEK_CUR);
730 else lseek(sfd, rdpos + lio, SEEK_SET);
732 default: xerror(NO, NO, NO, "%s", srcfname); break;
735 if (lio && lio < lrem) {
740 total_processed_src += ldone;
745 if (counter_opt == TFC_CTR_HEAD && ctr_mode != TFC_MODE_ECB)
747 if (lseek(sfd, iseek, SEEK_SET) == -1)
748 xerror(ignore_seek_errors, NO, NO, "%s: seek failed", srcfname);
751 if (ctr_mode == TFC_MODE_PLAIN) goto _plain;
753 if (verbose) tfc_esay("%s: hashing password", progname);
755 if (rawkey == TFC_RAWKEY_KEYFILE) {
756 tfc_yesno xtskeyset = NO;
760 lrem = lblock = TF_FROM_BITS(TFC_KEY_BITS);
761 if (error_action == TFC_ERRACT_SYNC) rdpos = tfc_fdgetpos(kfd);
762 _keyragain: lio = xread(kfd, pblk, lrem);
763 if (lio != NOSIZE) ldone += lio;
765 if (errno != EIO && catch_all_errors != YES)
766 xerror(NO, NO, NO, "reading key");
767 switch (error_action) {
768 case TFC_ERRACT_CONT: xerror(YES, NO, NO, "reading key"); goto _keyragain; break;
769 case TFC_ERRACT_SYNC:
770 case TFC_ERRACT_LSYNC:
771 xerror(YES, NO, NO, "reading key");
772 lio = ldone = lrem = lblock;
774 if (rdpos == NOFSIZE) lseek(kfd, lio, SEEK_CUR);
775 else lseek(kfd, rdpos + lio, SEEK_SET);
777 default: xerror(NO, NO, NO, "reading key"); break;
780 if (lio && lio < lrem) {
785 if (ldone < lblock) xerror(NO, YES, YES, "rawkey too small! (%zu)", ldone);
787 if (ctr_mode == TFC_MODE_XTS) {
788 if (xtskeyset == NO) {
795 else if (rawkey == TFC_RAWKEY_ASKSTR) {
796 tfc_yesno xtskeyset = NO;
798 pblk = key; n = sizeof(key);
799 _xts2keyaskstr: memset(&getps, 0, sizeof(struct getpasswd_state));
800 getps.fd = getps.efd = -1;
801 getps.passwd = (char *)pblk;
803 getps.echo = pw_prompt ? pw_prompt : "Enter rawkey (str): ";
804 getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter;
805 getps.maskchar = (show_secrets == YES) ? 0 : 'x';
806 getps.flags = GETP_WAITFILL;
807 n = xgetpasswd(&getps);
808 if (n == NOSIZE) xerror(NO, NO, YES, "getting string rawkey");
809 if (n == ((size_t)-2)) xexit(1);
810 if (ctr_mode == TFC_MODE_XTS) {
811 if (xtskeyset == NO) {
812 pblk = xtskey; n = sizeof(xtskey);
818 else if (rawkey == TFC_RAWKEY_ASKHEX) {
819 tfc_yesno xtskeyset = NO;
823 memset(&getps, 0, sizeof(struct getpasswd_state));
824 getps.fd = getps.efd = -1;
825 getps.passwd = pwdask;
826 getps.pwlen = (TF_FROM_BITS(TFC_KEY_BITS)*2);
827 getps.echo = pw_prompt ? pw_prompt : "Enter rawkey (hex): ";
828 getps.charfilter = (show_secrets == YES) ? getps_plain_hex_filter : getps_hex_filter;
829 getps.maskchar = (show_secrets == YES) ? 0 : 'x';
830 getps.flags = GETP_WAITFILL;
831 n = xgetpasswd(&getps);
832 if (n == NOSIZE) xerror(NO, NO, YES, "getting hex rawkey");
833 if (n == ((size_t)-2)) xexit(1);
835 tfc_esay("Please input even number of hex digits!");
836 goto _rawkey_hex_again;
838 hex2bin(pblk, pwdask);
839 memset(pwdask, 0, sizeof(pwdask));
840 if (ctr_mode == TFC_MODE_XTS) {
841 if (xtskeyset == NO) {
844 goto _rawkey_hex_again;
849 _pwdagain: memset(&getps, 0, sizeof(struct getpasswd_state));
850 getps.fd = getps.efd = -1;
851 getps.passwd = pwdask;
852 getps.pwlen = sizeof(pwdask)-1;
853 getps.echo = pw_prompt ? pw_prompt : "Enter password: ";
854 getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter;
855 getps.maskchar = (show_secrets == YES) ? 0 : 'x';
856 getps.flags = GETP_WAITFILL;
857 n = xgetpasswd(&getps);
858 if (n == NOSIZE) xerror(NO, NO, YES, "getting password");
859 if (n == ((size_t)-2)) xexit(1);
860 if (do_edcrypt == TFC_DO_ENCRYPT && no_repeat == NO) {
861 getps.fd = getps.efd = -1;
862 getps.passwd = pwdagain;
863 getps.pwlen = sizeof(pwdagain)-1;
864 getps.echo = "Enter it again: ";
865 getps.flags = GETP_WAITFILL;
866 n = xgetpasswd(&getps);
867 if (n == NOSIZE) xerror(NO, NO, YES, "getting password again");
868 if (n == ((size_t)-2)) xexit(1);
869 if (strncmp(pwdask, pwdagain, sizeof(pwdagain)-1) != 0) {
870 tfc_esay("Passwords are different, try again");
874 skein(key, TFC_KEY_BITS, mackey_opt ? mackey : NULL, pwdask, n);
875 memset(pwdask, 0, sizeof(pwdask));
876 memset(pwdagain, 0, sizeof(pwdagain));
879 if (skeinfd(key, TFC_KEY_BITS, mackey_opt ? mackey : NULL, kfd, keyoffset, maxkeylen) != YES)
880 xerror(NO, NO, YES, "hashing key");
884 if (tfc_saltsz > 0) {
885 memcpy(tfc_salt+tfc_saltsz, key, TF_FROM_BITS(TFC_KEY_BITS));
886 skein(key, TFC_KEY_BITS, mackey_opt ? mackey : NULL, tfc_salt, tfc_saltsz+TF_FROM_BITS(TFC_KEY_BITS));
888 if (nr_turns > 1) for (x = 0; x < nr_turns; x++)
889 skein(key, TFC_KEY_BITS, mackey_opt ? mackey : NULL, key, TF_FROM_BITS(TFC_KEY_BITS));
890 memset(tfc_salt, 0, TFC_MAX_SALT);
893 if (ctr_mode == TFC_MODE_XTS && rawkey == NO) {
894 skein(xtskey, TF_NR_KEY_BITS, mackey_opt ? mackey : NULL, key, TF_FROM_BITS(TFC_KEY_BITS));
899 tfc_yesno xtskeyset = NO;
902 if (!strcmp(genkeyf, "-")) krfd = 1;
903 else krfd = open(genkeyf, O_WRONLY | O_CREAT | O_LARGEFILE | write_flags, 0666);
904 if (krfd == -1) xerror(NO, NO, YES, "%s", genkeyf);
905 _xts2genkey: if (xwrite(krfd, pblk, TF_FROM_BITS(TFC_KEY_BITS)) == NOSIZE) xerror(NO, NO, YES, "%s", genkeyf);
906 if (do_fsync && fsync(krfd) == -1) xerror(NO, NO, YES, "%s", genkeyf);
907 if (verbose && xtskeyset == NO) {
908 tfc_esay("%s: password hashing done", progname);
909 tfc_esay("%s: rawkey written to %s.", progname, genkeyf);
910 tfc_esay("%s: Have a nice day!", progname);
913 if (ctr_mode == TFC_MODE_XTS) {
914 if (xtskeyset == NO) {
926 if (iseek_blocks && (do_edcrypt == TFC_DO_DECRYPT && do_mac != NO)) {
927 if (verbose) tfc_esay("%s: disabling signature verification on "
928 "requested partial decryption.", progname);
933 if (mackey_opt == TFC_MACKEY_RAWKEY) skein(mackey, TF_MAX_BITS, key, key, TF_FROM_BITS(TFC_KEY_BITS));
934 if (ctr_mode < TFC_MODE_OCB) {
935 if (verbose) tfc_esay("%s: doing MAC calculation, processing speed "
936 "will be slower.", progname);
937 if (mackey_opt) skein_init_key(&sk, mackey, macbits);
938 else skein_init(&sk, macbits);
942 if (!counter_file && counter_opt <= TFC_CTR_SHOW && ctr_mode != TFC_MODE_ECB) {
943 skein(ctr, TF_TO_BITS(ctrsz), mackey_opt ? mackey : NULL, key, TF_FROM_BITS(TFC_KEY_BITS));
947 if (ctr_mode == TFC_MODE_XTS) tf_convkey(xtskey);
948 if (do_full_key == NO) {
949 if (!tweakf) skein(tweak, TF_NR_TWEAK_BITS, NULL, key, TF_FROM_BITS(TFC_KEY_BITS));
950 tf_tweak_set(key, tweak);
952 if (ctr_mode == TFC_MODE_ECB) goto _ctrskip2;
954 if (counter_opt == TFC_CTR_ZERO) memset(ctr, 0, ctrsz);
956 tfc_data_to_words64(&iseek_blocks, sizeof(iseek_blocks));
957 tf_ctr_set(ctr, &iseek_blocks, sizeof(iseek_blocks));
959 if (counter_opt == TFC_CTR_SHOW) {
961 case TFC_OUTFMT_B64: tfc_printbase64(stderr, ctr, ctrsz, YES); break;
962 case TFC_OUTFMT_RAW: xwrite(2, ctr, ctrsz); break;
963 case TFC_OUTFMT_HEX: mehexdump(ctr, ctrsz, ctrsz, YES); break;
966 else if (counter_opt == TFC_CTR_RAND) tfc_getrandom(ctr, ctrsz);
973 if (verbose) tfc_esay("%s: password hashing done", progname);
975 if (overwrite_source && srcfname) argv[idx] = srcfname;
979 if (!strcmp(argv[idx], "-")) dfd = 1;
980 else dfd = open(argv[idx], O_RDWR | O_LARGEFILE | write_flags, 0666);
982 dfd = open(argv[idx], O_WRONLY | O_CREAT | O_LARGEFILE | write_flags, 0666);
983 if (dfd == -1) xerror(NO, NO, YES, "%s", argv[idx]);
985 dstfname = argv[idx];
990 if (lseek(dfd, oseek, SEEK_SET) == -1)
991 xerror(ignore_seek_errors, NO, NO, "%s: seek failed", dstfname);
994 for (x = 1; x < NSIG; x++) signal(x, SIG_IGN);
995 memset(&sigact, 0, sizeof(sigact));
996 sigact.sa_flags = SA_RESTART;
997 sigact.sa_handler = print_crypt_status;
998 sigaction(SIGUSR1, &sigact, NULL);
999 sigaction(SIGTSTP, &sigact, NULL);
1000 sigaction(SIGALRM, &sigact, NULL);
1001 if (status_timer) setup_next_alarm(status_timer);
1002 sigact.sa_handler = change_status_width;
1003 sigaction(SIGQUIT, &sigact, NULL);
1004 sigact.sa_handler = change_status_timer;
1005 sigaction(SIGUSR2, &sigact, NULL);
1007 sigact.sa_handler = print_crypt_status;
1008 sigaction(SIGINT, &sigact, NULL);
1009 sigaction(SIGTERM, &sigact, NULL);
1012 sigact.sa_handler = exit_sigterm;
1013 sigaction(SIGINT, &sigact, NULL);
1014 sigaction(SIGTERM, &sigact, NULL);
1016 memset(&sigact, 0, sizeof(struct sigaction));
1018 tfc_getcurtime(&delta_time);
1021 if (counter_opt == TFC_CTR_RAND && ctr_mode != TFC_MODE_ECB) {
1025 _ctrwagain: lio = xwrite(dfd, pblk, lrem);
1026 if (lio != NOSIZE) ldone += lio;
1027 else xerror(NO, NO, NO, "%s", dstfname);
1028 if (do_fsync && fsync(dfd) == -1) xerror(NO, NO, NO, "%s", dstfname);
1034 total_processed_dst += ldone;
1035 delta_processed += ldone;
1038 if (ctr_mode == TFC_MODE_STREAM) tfe_init_iv(&tfe, key, ctr);
1046 lrem = lblock = blk_len_adj(maxlen, total_processed_src, blksize);
1047 if (error_action == TFC_ERRACT_SYNC) rdpos = tfc_fdgetpos(sfd);
1048 _ragain: lio = xread(sfd, pblk, lrem);
1049 if (lio == 0) do_stop = TFC_STOP_BEGAN;
1050 if (lio != NOSIZE) ldone += lio;
1052 if (errno != EIO && catch_all_errors != YES)
1053 xerror(NO, NO, NO, "%s", srcfname);
1054 switch (error_action) {
1055 case TFC_ERRACT_CONT: xerror(YES, NO, NO, "%s", srcfname); goto _ragain; break;
1056 case TFC_ERRACT_SYNC:
1057 case TFC_ERRACT_LSYNC:
1058 xerror(YES, NO, NO, "%s", srcfname);
1059 lio = ldone = lrem = lblock;
1060 memset(srcblk, 0, lio);
1061 if (rdpos == NOFSIZE) lseek(sfd, lio, SEEK_CUR);
1062 else lseek(sfd, rdpos + lio, SEEK_SET);
1064 default: xerror(NO, NO, NO, "%s", srcfname); break;
1067 if (lio && lio < lrem) {
1072 total_processed_src += ldone;
1074 if (do_pad && (ldone % TF_BLOCK_SIZE)) {
1075 size_t orig = ldone;
1076 ldone += (TF_BLOCK_SIZE - (ldone % TF_BLOCK_SIZE));
1077 if (ldone > blksize) ldone = blksize;
1078 memset(srcblk+orig, 0, sizeof(srcblk)-orig);
1081 if (do_mac == TFC_MAC_SIGN && ctr_mode < TFC_MODE_OCB)
1082 skein_update(&sk, srcblk, ldone);
1084 if (ctr_mode == TFC_MODE_CTR) tf_ctr_crypt(key, ctr, dstblk, srcblk, ldone);
1085 else if (ctr_mode == TFC_MODE_STREAM) tf_stream_crypt(&tfe, dstblk, srcblk, ldone);
1086 else if (ctr_mode == TFC_MODE_XTS && do_edcrypt == TFC_DO_ENCRYPT)
1087 tf_xts_encrypt(key, xtskey, ctr, dstblk, srcblk, ldone, xtsblocks);
1088 else if (ctr_mode == TFC_MODE_XTS && do_edcrypt == TFC_DO_DECRYPT)
1089 tf_xts_decrypt(key, xtskey, ctr, dstblk, srcblk, ldone, xtsblocks);
1090 else if (ctr_mode == TFC_MODE_ECB && do_edcrypt == TFC_DO_ENCRYPT)
1091 tf_ecb_encrypt(key, dstblk, srcblk, ldone);
1092 else if (ctr_mode == TFC_MODE_ECB && do_edcrypt == TFC_DO_DECRYPT)
1093 tf_ecb_decrypt(key, dstblk, srcblk, ldone);
1094 else if (ctr_mode == TFC_MODE_CBC && do_edcrypt == TFC_DO_ENCRYPT)
1095 tf_cbc_encrypt(key, ctr, dstblk, srcblk, ldone);
1096 else if (ctr_mode == TFC_MODE_CBC && do_edcrypt == TFC_DO_DECRYPT)
1097 tf_cbc_decrypt(key, ctr, dstblk, srcblk, ldone);
1099 else if (ctr_mode == TFC_MODE_OCB && do_edcrypt == TFC_DO_ENCRYPT)
1100 tf_ocb_encrypt(key, ctr, dstblk, do_mac == TFC_MAC_SIGN ? macresult : NULL, srcblk, ldone, xtsblocks);
1101 else if (ctr_mode == TFC_MODE_OCB && do_edcrypt == TFC_DO_DECRYPT)
1102 tf_ocb_decrypt(key, ctr, dstblk, do_mac >= TFC_MAC_VRFY ? macresult : NULL, srcblk, ldone, xtsblocks);
1104 else if (ctr_mode == TFC_MODE_PLAIN)
1105 memcpy(dstblk, srcblk, ldone);
1107 if (do_mac >= TFC_MAC_VRFY && ctr_mode < TFC_MODE_OCB)
1108 skein_update(&sk, dstblk, ldone);
1109 if (do_mac == TFC_MAC_JUST_VRFY) goto _nowrite;
1114 _wagain: lio = xwrite(dfd, pblk, lrem);
1115 if (lio != NOSIZE) ldone += lio;
1116 else xerror(NO, NO, NO, "%s", dstfname);
1117 if (do_fsync && fsync(dfd) == -1) xerror(NO, NO, NO, "%s", dstfname);
1123 _nowrite: total_processed_dst += ldone;
1124 delta_processed += ldone;
1126 if (maxlen != NOFSIZE && total_processed_src >= maxlen) break;
1129 if (do_stop == TFC_STOP_FULL) goto _nomac;
1132 if (do_mac >= TFC_MAC_VRFY) {
1136 lrem = lblock = TF_FROM_BITS(macbits);
1137 if (error_action == TFC_ERRACT_SYNC) rdpos = tfc_fdgetpos(sfd);
1138 _macragain: lio = xread(sfd, pblk, lrem);
1139 if (lio != NOSIZE) ldone += lio;
1141 if (errno != EIO && catch_all_errors != YES)
1142 xerror(NO, NO, NO, "%s", srcfname);
1143 switch (error_action) {
1144 case TFC_ERRACT_CONT: xerror(YES, NO, NO, "%s", srcfname); goto _macragain; break;
1145 case TFC_ERRACT_SYNC:
1146 case TFC_ERRACT_LSYNC:
1147 xerror(YES, NO, NO, "%s", srcfname);
1148 lio = ldone = lrem = lblock;
1149 memset(macvrfy, 0, lio);
1150 if (rdpos == NOFSIZE) lseek(sfd, lio, SEEK_CUR);
1151 else lseek(sfd, rdpos + lio, SEEK_SET);
1153 default: xerror(NO, NO, NO, "%s", srcfname); break;
1156 if (lio && lio < lrem) {
1161 total_processed_src += ldone;
1166 if (!strcmp(do_mac_file, "-")) mfd = 0;
1167 else mfd = open(do_mac_file, O_RDONLY | O_LARGEFILE);
1168 if (mfd == -1) xerror(YES, NO, NO, "%s", do_mac_file);
1169 lio = ldone = xread(mfd, tmpdata, sizeof(tmpdata));
1170 if (lio == NOSIZE) xerror(NO, NO, YES, "%s", do_mac_file);
1171 if (!memcmp(tmpdata, TFC_ASCII_TFC_MAC_FOURCC, TFC_ASCII_TFC_MAC_FOURCC_LEN)) {
1172 memmove(tmpdata, tmpdata+TFC_ASCII_TFC_MAC_FOURCC_LEN,
1173 sizeof(tmpdata)-TFC_ASCII_TFC_MAC_FOURCC_LEN);
1174 lio = TF_FROM_BITS(macbits);
1175 base64_decode((char *)macvrfy, lio, (char *)tmpdata, sizeof(tmpdata));
1177 else memcpy(macvrfy, tmpdata, TF_FROM_BITS(macbits));
1181 if (ldone < TF_FROM_BITS(macbits)) {
1182 if (quiet == NO) tfc_esay("%s: short signature (%zu), "
1183 "not verifying", progname, ldone);
1188 if (ctr_mode < TFC_MODE_OCB) skein_final(macresult, &sk);
1189 else skein(macresult, macbits, mackey, macresult, TF_FROM_BITS(macbits));
1191 if (ctr_mode == TFC_MODE_CTR) tf_ctr_crypt(key, ctr, tmpdata, macvrfy, TF_FROM_BITS(macbits));
1192 else if (ctr_mode == TFC_MODE_STREAM) tf_stream_crypt(&tfe, tmpdata, macvrfy, TF_FROM_BITS(macbits));
1193 else if (ctr_mode == TFC_MODE_XTS) tf_xts_decrypt(key, xtskey, ctr, tmpdata, macvrfy, TF_FROM_BITS(macbits), xtsblocks);
1194 else if (ctr_mode == TFC_MODE_ECB) tf_ecb_decrypt(key, tmpdata, macvrfy, TF_FROM_BITS(macbits));
1195 else if (ctr_mode == TFC_MODE_CBC) tf_cbc_decrypt(key, ctr, tmpdata, macvrfy, TF_FROM_BITS(macbits));
1196 else if (ctr_mode == TFC_MODE_OCB) tf_ocb_decrypt(key, ctr, tmpdata, NULL, macvrfy, TF_FROM_BITS(macbits), xtsblocks);
1198 if (!memcmp(tmpdata, macresult, TF_FROM_BITS(macbits))) {
1200 tfc_esay("%s: signature is good", progname);
1202 if (do_outfmt == TFC_OUTFMT_B64) tfc_printbase64(stderr, macresult, TF_FROM_BITS(macbits), YES);
1203 else mehexdump(macresult, TF_FROM_BITS(macbits), TF_FROM_BITS(macbits), YES);
1208 if (quiet == NO) tfc_esay("%s: signature is BAD: "
1209 "wrong password, key, mode, or file is not signed", progname);
1213 _shortmac: memset(macvrfy, 0, sizeof(macvrfy));
1214 memset(macresult, 0, sizeof(macresult));
1215 memset(tmpdata, 0, sizeof(tmpdata));
1218 else if (do_mac == TFC_MAC_SIGN) {
1219 if (ctr_mode < TFC_MODE_OCB) skein_final(macresult, &sk);
1220 else skein(macresult, macbits, mackey, macresult, TF_FROM_BITS(macbits));
1222 if (ctr_mode == TFC_MODE_CTR) tf_ctr_crypt(key, ctr, tmpdata, macresult, TF_FROM_BITS(macbits));
1223 else if (ctr_mode == TFC_MODE_STREAM) tf_stream_crypt(&tfe, tmpdata, macresult, TF_FROM_BITS(macbits));
1224 else if (ctr_mode == TFC_MODE_XTS) tf_xts_encrypt(key, xtskey, ctr, tmpdata, macresult, TF_FROM_BITS(macbits), xtsblocks);
1225 else if (ctr_mode == TFC_MODE_ECB) tf_ecb_encrypt(key, tmpdata, macresult, TF_FROM_BITS(macbits));
1226 else if (ctr_mode == TFC_MODE_CBC) tf_cbc_encrypt(key, ctr, tmpdata, macresult, TF_FROM_BITS(macbits));
1227 else if (ctr_mode == TFC_MODE_OCB) tf_ocb_encrypt(key, ctr, tmpdata, NULL, macresult, TF_FROM_BITS(macbits), xtsblocks);
1228 memset(macresult, 0, sizeof(macresult));
1232 lio = lrem = TF_FROM_BITS(macbits);
1234 _macwagain: lio = xwrite(dfd, pblk, lrem);
1235 if (lio != NOSIZE) ldone += lio;
1236 else xerror(NO, NO, NO, "%s", dstfname);
1237 if (do_fsync && fsync(dfd) == -1) xerror(NO, NO, NO, "%s", dstfname);
1243 total_processed_dst += ldone;
1244 delta_processed += ldone;
1249 if (!strcmp(do_mac_file, "-")) mfd = 1;
1250 else mfd = open(do_mac_file, O_WRONLY | O_CREAT | O_LARGEFILE | write_flags, 0666);
1251 if (mfd == -1) xerror(YES, NO, NO, "%s", do_mac_file);
1252 if (do_outfmt == TFC_OUTFMT_B64) {
1253 memcpy(macvrfy, tmpdata, TF_FROM_BITS(macbits));
1254 memset(tmpdata, 0, TFC_TMPSIZE);
1255 memcpy(tmpdata, TFC_ASCII_TFC_MAC_FOURCC, TFC_ASCII_TFC_MAC_FOURCC_LEN);
1256 base64_encode((char *)tmpdata+TFC_ASCII_TFC_MAC_FOURCC_LEN, (char *)macvrfy, TF_FROM_BITS(macbits));
1257 lrem = strnlen((char *)tmpdata, sizeof(tmpdata));
1259 tmpdata[lrem] = '\n';
1262 lio = xwrite(mfd, tmpdata, lrem);
1264 else lio = xwrite(mfd, tmpdata, TF_FROM_BITS(macbits));
1265 if (lio == NOSIZE) xerror(NO, NO, YES, "%s", do_mac_file);
1266 if (do_fsync && fsync(mfd) == -1) xerror(NO, NO, YES, "%s", do_mac_file);
1270 memset(macvrfy, 0, sizeof(macvrfy));
1271 memset(macresult, 0, sizeof(macresult));
1272 memset(tmpdata, 0, sizeof(tmpdata));
1276 if (verbose || status_timer || do_stop == TFC_STOP_FULL) print_crypt_status(0);
1278 if (do_preserve_time) fcopy_matime(dfd, &s_stat);
projects / tfcrypt.git / blob