projects / tfcrypt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
-O showsecrets: display passwords in plaintext.
[tfcrypt.git] / tfcrypt.c
diff --git a/tfcrypt.c b/tfcrypt.c
index 2390516a2ae9b35d7b3715f82e8deb596d7d1c8b..125e5c9c3743e56c0ad01b6ef15a6bf931070730 100644 (file)
--- a/tfcrypt.c
+++ b/tfcrypt.c
@@ -51,6 +51,38 @@ static int getps_hex_filter(struct getpasswd_state *getps, char chr, size_t pos)
        return 0;
 }
 
+static inline int isctrlchr(int c)
+{
+       if (c == 9) return 0;
+       if (c >= 0 && c <= 31) return 1;
+       if (c == 127) return 1;
+       return 0;
+}
+
+static int getps_plain_filter(struct getpasswd_state *getps, char chr, size_t pos)
+{
+       int x;
+
+       x = getps_filter(getps, chr, pos);
+       if (x != 1) return x;
+
+       if (pos < getps->pwlen && !isctrlchr(chr))
+               write(getps->efd, &chr, sizeof(char));
+       return 1;
+}
+
+static int getps_plain_hex_filter(struct getpasswd_state *getps, char chr, size_t pos)
+{
+       int x;
+
+       x = getps_hex_filter(getps, chr, pos);
+       if (x != 1) return x;
+
+       if (pos < getps->pwlen && !isctrlchr(chr))
+               write(getps->efd, &chr, sizeof(char));
+       return 1;
+}
+
 int main(int argc, char **argv)
 {
        int c;
@@ -65,13 +97,15 @@ int main(int argc, char **argv)
        s = (char *)srcblk;
        d = getenv("HOME");
        if (!d) d = "";
-       xstrlcat(s, d, PATH_MAX > sizeof(srcblk) ? sizeof(srcblk) : PATH_MAX);
-       xstrlcat(s, "/.tfcrypt.defs", PATH_MAX > sizeof(srcblk) ? sizeof(srcblk) : PATH_MAX);
+       n = PATH_MAX > sizeof(srcblk) ? sizeof(srcblk) : PATH_MAX;
+       if (xstrlcpy(s, d, n) >= n) goto _baddfname;
+       if (xstrlcat(s, "/.tfcrypt.defs", n) >= n) goto _baddfname;
        read_defaults(s, YES);
-       memset(s, 0, PATH_MAX > sizeof(srcblk) ? sizeof(srcblk) : PATH_MAX);
+_baddfname:
+       memset(s, 0, n);
 
        opterr = 0;
-       while ((c = getopt(argc, argv, "L:s:aU:C:r:K:t:TPkzxc:l:qedn:vV:pwE:O:S:AmM:R:Z:WHD:")) != -1) {
+       while ((c = getopt(argc, argv, "L:s:aU:C:r:K:t:Pkzxc:l:qedn:vV:pwE:O:S:AmM:R:Z:WHD:")) != -1) {
                switch (c) {
                        case 'L':
                                read_defaults(optarg, NO);
@@ -89,6 +123,8 @@ int main(int argc, char **argv)
                                        counter_opt = TFC_CTR_HEAD;
                                else if (!strcasecmp(optarg, "rand"))
                                        counter_opt = TFC_CTR_RAND;
+                               else if (!strcasecmp(optarg, "zero"))
+                                       counter_opt = TFC_CTR_ZERO;
                                else counter_file = sksum_hashlist_file = optarg;
                                break;
                        case 'C':
@@ -155,10 +191,7 @@ int main(int argc, char **argv)
                                break;
                        case 't':
                                tweakf = optarg;
-                               break;
-                       case 'T':
-                               tfc_saltsz = 0;
-                               do_tfcrypt1 = YES;
+                               do_full_key = NO;
                                break;
                        case 'l':
                                if (maxlen != NOFSIZE) break;
@@ -224,6 +257,10 @@ int main(int argc, char **argv)
                                                mac_pw_prompt = s+10;
                                        else if (!strcmp(s, "shorthex"))
                                                do_full_hexdump = NO;
+                                       else if (!strcmp(s, "fullkey"))
+                                               do_full_key = YES;
+                                       else if (!strcmp(s, "showsecrets"))
+                                               show_secrets = YES;
                                        else if (!strncmp(s, "iobs", 4) && *(s+4) == '=') {
                                                s += 5;
                                                blksize = (size_t)tfc_humanfsize(s, &stoi);
@@ -489,8 +526,6 @@ int main(int argc, char **argv)
                xerror(NO, YES, YES, "Cannot encrypt and read CTR from source!");
        if (overwrite_source && counter_opt == TFC_CTR_RAND)
                xerror(NO, YES, YES, "Cannot embed a CTR into file when overwriting it!");
-       if (tweakf && do_tfcrypt1 == NO)
-               xerror(NO, YES, YES, "Use -T with -t tweakfile to enable old tfcrypt mode!");
        if (ctr_mode == TFC_MODE_PLAIN
        && (do_edcrypt || do_mac || rawkey
        || mackey_opt || counter_opt || counter_file))
@@ -571,8 +606,8 @@ _mkragain:          lio = xread(mkfd, pblk, lrem);
                getps.passwd = pwdask;
                getps.pwlen = sizeof(pwdask)-1;
                getps.echo = mac_pw_prompt ? mac_pw_prompt : "Enter MAC password: ";
-               getps.charfilter = getps_filter;
-               getps.maskchar = 'x';
+               getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter;
+               getps.maskchar = (show_secrets == YES) ? 0 : 'x';
                getps.flags = GETP_WAITFILL;
                n = xgetpasswd(&getps);
                if (n == NOSIZE) xerror(NO, NO, YES, "getting MAC password");
@@ -614,16 +649,16 @@ _mkragain:                lio = xread(mkfd, pblk, lrem);
        else password = YES;
 
        errno = 0;
-       if (do_tfcrypt1 == YES && tweakf) {
+       if (do_full_key == NO && tweakf) {
                int twfd;
 
                if (!strcmp(tweakf, "-")) twfd = 0;
                else twfd = open(tweakf, O_RDONLY | O_LARGEFILE);
                if (twfd == -1) xerror(NO, NO, YES, "%s", tweakf);
-               lio = ldone = xread(twfd, key+TF_FROM_BITS(TF_MAX_BITS)+TF_SIZE_UNIT, 2*TF_SIZE_UNIT);
+               lio = ldone = xread(twfd, tweak, TF_TWEAK_SIZE);
                if (lio == NOSIZE) xerror(NO, NO, YES, "%s", tweakf);
-               if (ldone < 2*TF_SIZE_UNIT)
-                       xerror(NO, NO, YES, "%s: %zu bytes tweak required", tweakf, 2*TF_SIZE_UNIT);
+               if (ldone < TF_TWEAK_SIZE)
+                       xerror(NO, NO, YES, "%s: %zu bytes tweak required", tweakf, TF_TWEAK_SIZE);
                xclose(twfd);
        }
 
@@ -766,8 +801,8 @@ _xts2keyaskstr:     memset(&getps, 0, sizeof(struct getpasswd_state));
                getps.passwd = (char *)pblk;
                getps.pwlen = n;
                getps.echo = pw_prompt ? pw_prompt : "Enter rawkey (str): ";
-               getps.charfilter = getps_filter;
-               getps.maskchar = 'x';
+               getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter;
+               getps.maskchar = (show_secrets == YES) ? 0 : 'x';
                getps.flags = GETP_WAITFILL;
                n = xgetpasswd(&getps);
                if (n == NOSIZE) xerror(NO, NO, YES, "getting string rawkey");
@@ -790,8 +825,8 @@ _rawkey_hex_again:
                getps.passwd = pwdask;
                getps.pwlen = (TF_FROM_BITS(TFC_KEY_BITS)*2);
                getps.echo = pw_prompt ? pw_prompt : "Enter rawkey (hex): ";
-               getps.charfilter = getps_hex_filter;
-               getps.maskchar = 'x';
+               getps.charfilter = (show_secrets == YES) ? getps_plain_hex_filter : getps_hex_filter;
+               getps.maskchar = (show_secrets == YES) ? 0 : 'x';
                getps.flags = GETP_WAITFILL;
                n = xgetpasswd(&getps);
                if (n == NOSIZE) xerror(NO, NO, YES, "getting hex rawkey");
@@ -816,8 +851,8 @@ _pwdagain:  memset(&getps, 0, sizeof(struct getpasswd_state));
                getps.passwd = pwdask;
                getps.pwlen = sizeof(pwdask)-1;
                getps.echo = pw_prompt ? pw_prompt : "Enter password: ";
-               getps.charfilter = getps_filter;
-               getps.maskchar = 'x';
+               getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter;
+               getps.maskchar = (show_secrets == YES) ? 0 : 'x';
                getps.flags = GETP_WAITFILL;
                n = xgetpasswd(&getps);
                if (n == NOSIZE) xerror(NO, NO, YES, "getting password");
@@ -910,16 +945,14 @@ _xts2genkey:      if (xwrite(krfd, pblk, TF_FROM_BITS(TFC_KEY_BITS)) == NOSIZE) xerro
 
        tf_convkey(key);
        if (ctr_mode == TFC_MODE_XTS) tf_convkey(xtskey);
-       if (do_tfcrypt1 == YES) {
-               if (!tweakf) skein(key+TF_FROM_BITS(TF_MAX_BITS)+TF_SIZE_UNIT, 2*TF_UNIT_BITS, NULL, key, TF_FROM_BITS(TFC_KEY_BITS));
-               tf_key_tweak_compat(key);
+       if (do_full_key == NO) {
+               if (!tweakf) skein(tweak, TF_NR_TWEAK_BITS, NULL, key, TF_FROM_BITS(TFC_KEY_BITS));
+               tf_tweak_set(key, tweak);
        }
        if (ctr_mode == TFC_MODE_ECB) goto _ctrskip2;
        tfc_data_to_words64(&iseek_blocks, sizeof(iseek_blocks));
        tf_ctr_set(ctr, &iseek_blocks, sizeof(iseek_blocks));
 
-       if (ctr_mode == TFC_MODE_STREAM) tfe_init_iv(&tfe, key, ctr);
-
        switch (counter_opt) {
                case TFC_CTR_SHOW:
                        switch (do_outfmt) {
@@ -929,6 +962,7 @@ _xts2genkey:        if (xwrite(krfd, pblk, TF_FROM_BITS(TFC_KEY_BITS)) == NOSIZE) xerro
                        }
                        break;
                case TFC_CTR_RAND: tfc_getrandom(ctr, ctrsz); break;
+               case TFC_CTR_ZERO: memset(ctr, 0, ctrsz); break;
        }
 
 _ctrskip2:
@@ -1001,6 +1035,8 @@ _ctrwagain:       lio = xwrite(dfd, pblk, lrem);
                delta_processed += ldone;
        }
 
+       if (ctr_mode == TFC_MODE_STREAM) tfe_init_iv(&tfe, key, ctr);
+
        errno = 0;
        do_stop = NO;
        while (1) {
tfcrypt -- high security Threefish encryption tool