* tfcrypt -- high security Threefish encryption tool.
*
* tfcrypt is copyrighted:
- * Copyright (C) 2012-2018 Andrey Rys. All rights reserved.
+ * Copyright (C) 2012-2019 Andrey Rys. All rights reserved.
*
* tfcrypt is licensed to you under the terms of std. MIT/X11 license:
*
va_list ap;
char *s;
- if (quiet) goto _ex;
+ if (quiet) goto _do_sil_exit;
va_start(ap, fmt);
- if (statline_was_shown == YES && do_statline_dynamic == YES) tfc_esay("\n");
+ if (noexit == YES && (statline_was_shown == YES && do_statline_dynamic == YES)) tfc_esay("\n");
- tfc_nfsay(stderr, "%s: ", progname);
+ tfc_nfsay(stderr, "%s: ", tfc_format_pid(progname));
tfc_vfsay(stderr, NO, fmt, ap);
if (errno && noerrno == NO) {
s = strerror(errno);
va_end(ap);
- if (nostats == NO) print_crypt_status(-1);
+ if (nostats == NO) {
+ print_crypt_status(TFC_SIGERR);
+ }
-_ex:
+_do_sil_exit:
if (noexit == YES) {
errno = 0;
return;
void xexit(int status)
{
+ if (status > 1) goto _do_clean_and_exit;
+
+ if (do_ftrunc > TFC_NO_FTRUNC) {
+ if (do_ftrunc == TFC_FTRUNC_TAIL) ftrunc_dfd = total_processed_dst;
+ if (ftruncate(dfd, (off_t)ftrunc_dfd) == -1) xerror(YES, NO, YES, "ftruncate(%d)", dfd);
+ }
+ if (do_preserve_time) fcopy_matime(dfd, &s_stat);
+
+_do_clean_and_exit:
+ xclose(sfd);
+ xclose(dfd);
+
memset(srcblk, 0, sizeof(srcblk));
memset(dstblk, 0, sizeof(dstblk));
if (optopt == 'V') {
tfc_say("tfcrypt toolkit, version %s.", _TFCRYPT_VERSION);
+ if (do_edcrypt != TFC_DO_PLAIN) {
+ char shash[64];
+
+ hash_defaults(shash, sizeof(shash));
+ tfc_say("Defaults hash: %s", shash);
+ memset(shash, 0, sizeof(shash));
+ }
xexit(0);
}
- if ((strlen(progname) <= 9)
+ if (!strcmp(progname, "iotool")) {
+ is_embedded_prog = YES;
+ tfc_say("usage: %s [-E how] [-l length] [-O opts] [-aqvw] [-V secs] [source] [output]", progname);
+ tfc_say("\n");
+ tfc_say("%s: do dd-like input/output, writing source to output whole or partially.", progname);
+ tfc_say(" -E how: how to behave on I/O errors (both src or dst):");
+ tfc_say(" exit: print error if not quiet, then exit,");
+ tfc_say(" cont: print error if not quiet, then continue,");
+ tfc_say(" no action to pad missing data is attempted.");
+ tfc_say(" may be dangerous when working with block devices.");
+ tfc_say(" sync: print error if not quiet, then continue,");
+ tfc_say(" pad missing data block with zeroes.");
+ tfc_say(" lsync: same as sync, but does not use SEEK_SET logic,");
+ tfc_say(" lsync uses only relative seek operations, and does not prequery");
+ tfc_say(" the current file position for exact offsets, which maybe unsafe.");
+ tfc_say(" For this reason, it is HIGHLY recommended to use sync instead!");
+ tfc_say(" Note that both sync and lsync work only with read errors!");
+ tfc_say(" default error action is exit with printing status if not quiet.");
+ tfc_say(" -E xall: turn on error actions above for all errors, not just EIO errors.");
+ tfc_say(" -E xseek: ignore positioning and other seek related errors.");
+ tfc_say(" Multiple -E specifiers may be given in separate options.");
+ tfc_say(" -a: shortcut of -O xtime.");
+ tfc_say(" -l length: read only these first bytes of source.");
+ tfc_say(" -O opts: set options (comma separated list):");
+ tfc_say(" ro: open all files only for reading, even those intended for writing,");
+ tfc_say(" sync: request a synchronous I/O for a output,");
+ tfc_say(" fsync: on each write() call a corresponding fsync(fd),");
+ tfc_say(" trunc: open(O_WRONLY) will truncate output file to zero size.");
+ tfc_say(" append: open(O_APPEND) will append data to output file.");
+ tfc_say(" pad: pad incomplete (l.t. %u bytes) block with zeroes.", TFC_U(TF_BLOCK_SIZE));
+ tfc_say(" xtime: copy timestamps from source to destination files.");
+ tfc_say(" gibsize: use SI units of size: 1k = 1000. Applies only to size prefixes.");
+ tfc_say(" Computers convention is to use 1024, whereas SI/hdd measure in 1000.");
+ tfc_say(" plainstats: force status line to be plain: no fancy dynamic stuff.");
+ tfc_say(" Dynamic line works well only on VT100 compatible ttys, and");
+ tfc_say(" when the whole status line width is smaller than tty width.");
+ tfc_say(" statless: emit less information in status line (only processed data).");
+ tfc_say(" iobs=val: set IO block size value. Must not exceed %u bytes.", TFC_U(TFC_BLKSIZE));
+ tfc_say(" nobuf: disable IO buffering, write as soon as data received (only for stream ciphers!)");
+ tfc_say(" iseek=val: seek source file/device by these val bytes.");
+ tfc_say(" oseek=val: seek destination file/device by these val bytes.");
+ tfc_say(" ioseek=val: seek both source and destination.");
+ tfc_say(" ioseek is equal to iseek and oseek.");
+ tfc_say(" count=val: process only these val bytes, both input and output.");
+ tfc_say(" ftrunc=val: truncate output file to these val bytes before closing it.");
+ tfc_say(" ftrunc=tail: truncate output's tail, leaving only processed data.");
+ tfc_say(" -w: overwrite source file. If not file, ignored.");
+ tfc_say(" -q: always be quiet, never tell anything (except when signaled).");
+ tfc_say(" -v: print number of read and written encrypted bytes, and explain stages.");
+ tfc_say(" -V seconds: activate timer that will repeatedly print statistics to stderr.");
+ tfc_say("\n");
+ }
+ else if ((strlen(progname) <= 9)
&& ((!strcmp(progname, "sksum"))
|| ((!memcmp(progname, "sk", 2))
&& (!memcmp(progname+3, "sum", 3)
tfc_say("no error checking is performed.");
tfc_say("\n");
}
+ else if (!strcmp(progname, "xor")) {
+ is_embedded_prog = YES;
+ tfc_say("usage: %s [sourceX] [sourceY] [output]", progname);
+ tfc_say("\n");
+ tfc_say("tfcrypt embedded high performance XOR tool.");
+ tfc_say("It does XOR (multiply modulo 2) of each byte from sourceX");
+ tfc_say("each byte of sourceY and writes output.");
+ tfc_say("If filenames omitted, it is assumed to operate over");
+ tfc_say("standard in to standard out.");
+ tfc_say("If any of source files is shorter than another,");
+ tfc_say("then output is truncated to length of the shortest one.");
+ tfc_say("\n");
+ tfc_say("No error checking is performed.");
+ tfc_say("Please use iotool options there.");
+ tfc_say("\n");
+ }
else if (!strcmp(progname, "tfbench")) {
is_embedded_prog = YES;
tfc_say("usage: %s seconds", progname);
tfc_say(" -z: ask for key in plain C string form through password asker.");
tfc_say(" -x: ask for key in hex string form through password asker.");
tfc_say(" -K <file>: generate key from keyfile or password and write it to file.");
- tfc_say(" -T: enable tfcrypt1 old mode (useful only for old encryptions).");
- tfc_say(" -t <file>: use tweak from file (useful only for old encryptions).");
+ tfc_say(" -t <file>: use (raw) tweak from file.");
tfc_say(" -w: overwrite source file. If not file, ignored.");
tfc_say(" -n TURNS: number of turns to perform in Skein function.");
tfc_say(" Default is always defined when building tfcrypt.");
- tfc_say(" -C mode: mode of operation: CTR, STREAM, XTS, ECB, CBC, OCB.");
+ tfc_say(" -C mode: mode of operation: CTR, STREAM, XTS, ECB, CBC.");
tfc_say(" Default encryption mode can be changed when building tfcrypt.");
tfc_say(" -c opt: initial CTR value initialisation mode:");
tfc_say(" show: do default action, then dump CTR value to stderr,");
tfc_say(" head: when decrypting, read CTR from beginning of stream,");
tfc_say(" rand: generate random CTR and write it to beginning of stream,");
tfc_say(" zero: assume zero CTR is used, do not read from and write it to stream,");
+ tfc_say(" hexc:nr[,hexc:nr,...]: construct counter from given pattern.");
+ tfc_say(" Example: \"ff:124,08:2,80:2\" will fill counter first with 124 0xff bytes,");
+ tfc_say(" then with 2 0x08 bytes, then 2 0x80 bytes. To fill with zeroes, it is");
+ tfc_say(" simple to specify just a \"0:128\" as a pattern. Note that bytes that");
+ tfc_say(" exceed CTR space will be just dropped, and any unused bytes are set to zeroes.");
tfc_say(" <file>: read CTR from given file (both when encrypting/decrypting).");
tfc_say(" default is to derive CTR from user provided password or keyfile with");
tfc_say(" a single Skein function turn over derived, %u byte raw key", TFC_U(TF_KEY_SIZE));
tfc_say(" -v: print number of read and written encrypted bytes, and explain stages.");
tfc_say(" -V seconds: activate timer that will repeatedly print statistics to stderr.");
tfc_say(" -a: shortcut of -O xtime.");
+ tfc_say(" -g: same as '-e -C stream -c rand' or '-d -C stream -c head', depending on mode.");
+ tfc_say(" -j: same as '-e -C ctr -c rand' or '-d -C ctr -c head', depending on mode.");
+ tfc_say(" -l length: read only these first bytes of source.");
tfc_say(" -r <file>: specify random source instead of /dev/urandom.");
tfc_say(" -R nr_bytes: generate nr_bytes of random bytes suitable for use as key data.");
tfc_say(" -R also supports these aliases specified instead of nr_bytes:");
tfc_say(" -: read a detached MAC signature from stdin,");
tfc_say(" drop: do not verify attached MAC, if any, and drop it from output.");
tfc_say(" -m: just verify MAC provided with -M. Do not write output file.");
- tfc_say(" This option must be specified after -M.");
+ tfc_say(" -u: almost same as -m, but turns on MAC pre-test mode, when verified");
+ tfc_say(" signature enables writing output file. It is useful when decrypting small texts.");
+ tfc_say(" The source must be a seekable file, otherwise this mode will be disabled.");
+ tfc_say(" In this mode, decryption is done twice and verification done once.");
+ tfc_say(" Both -m and -u options must be specified after -M.");
tfc_say(" -E how: how to behave on I/O errors (both src or dst):");
tfc_say(" exit: print error if not quiet, then exit,");
tfc_say(" cont: print error if not quiet, then continue,");
tfc_say(" -E xall: turn on error actions above for all errors, not just EIO errors.");
tfc_say(" -E xseek: ignore positioning and other seek related errors.");
tfc_say(" Multiple -E specifiers may be given in separate options.");
+ tfc_say(" -o logfile: redirect all messages to logfile instead of stderr.");
tfc_say(" -O opts: set options (comma separated list):");
+ tfc_say(" ro: open all files only for reading, even those intended for writing,");
tfc_say(" sync: request a synchronous I/O for a output,");
tfc_say(" fsync: on each write() call a corresponding fsync(fd),");
tfc_say(" trunc: open(O_WRONLY) will truncate output file to zero size.");
+ tfc_say(" append: open(O_APPEND) will append data to output file.");
tfc_say(" pad: pad incomplete (l.t. %u bytes) block with zeroes.", TFC_U(TF_BLOCK_SIZE));
tfc_say(" xtime: copy timestamps from source to destination files.");
tfc_say(" gibsize: use SI units of size: 1k = 1000. Applies only to size prefixes.");
tfc_say(" when the whole status line width is smaller than tty width.");
tfc_say(" statless: emit less information in status line (only processed data).");
tfc_say(" norepeat: do not ask for any possible password confirmations.");
+ tfc_say(" showsecrets: show passwords in plaintext instead of masking them.");
+ tfc_say(" finished: add \"finished\" word before status line when work is finished.");
+ tfc_say(" pid: show %s's process id near it's name in error messages, logs etc.", progname);
+ tfc_say(" readloops=val: when seekable source ends, reading continues from it's beginning again.");
tfc_say(" prompt=str: set main password prompts to this string.");
tfc_say(" macprompt=str: set MAC password prompts to this string.");
tfc_say(" shorthex: with -H, do not print printable characters, dump only hex string.");
+ tfc_say(" logfile: (same as -o) redirect all messages to logfile instead of stderr.");
tfc_say(" iobs=val: set IO block size value. Must not exceed %u bytes.", TFC_U(TFC_BLKSIZE));
+ tfc_say(" nobuf: disable IO buffering, write as soon as data received (only for stream ciphers!)");
tfc_say(" xtsblocks=val: use these nr of TF blocks per XTS block. Default is %u.", TFC_U(TFC_XTSBLOCKS));
tfc_say(" iseek=val: seek source file/device by these val bytes.");
tfc_say(" Initial counter is adjusted automatically.");
tfc_say(" ixctr=val: Increment initial counter by this val bytes.");
tfc_say(" Internally this number is translated into number of %u byte blocks.", TFC_U(TF_BLOCK_SIZE));
tfc_say(" oseek=val: seek destination file/device by these val bytes.");
+ tfc_say(" ioseek=val: seek both source and destination.");
+ tfc_say(" ioseek is equal to iseek and oseek.");
tfc_say(" count=val: process only these val bytes, both input and output.");
+ tfc_say(" ftrunc=val: truncate output file to these val bytes before closing it.");
+ tfc_say(" ftrunc=tail: truncate output's tail, leaving only processed data.");
tfc_say(" xkey=val: take only val bytes from user keyfile.");
tfc_say(" okey=val: seek the key before reading it (usually a device).");
tfc_say(" xctr=val: specify size in bytes of initial counter prepended or read.");
+ tfc_say(" fullkey: occupy tweak space by key space, extending key size by 256 bits.");
tfc_say(" -P: plain IO mode: disable encryption/decryption code at all.");
+ tfc_say(" -X: XOR IO mode: same as -P but do XOR of two streams.");
tfc_say("\n");
tfc_say("Default is to ask for password, then encrypt stdin into stdout.");
tfc_say("Some cmdline parameters may be mutually exclusive, or they can");
projects / tfcrypt.git / blobdiff