From: Andrey Rys Date: Sat, 23 Mar 2019 11:07:02 +0000 (+0700) Subject: Switch to old tfcrypt1 mode by default. X-Git-Url: https://jxself.org/git/?p=tfcrypt.git;a=commitdiff_plain;h=d2e7d8aede7d69caffd59e4b0fa60e0c4b245201 Switch to old tfcrypt1 mode by default. --- diff --git a/README b/README index 486307e..6c510c7 100644 --- a/README +++ b/README @@ -10,19 +10,19 @@ Blowfish and Twofish ciphers, which are in use still up to today. tfcrypt is actually a frontend for Threefish with (by default) XTS mode of operation. As a key it uses either password or keyfile, which is then hashed many times -with Skein hash function. Default key length is 1280 bits (160 bytes). +with Skein hash function. This program is incompatible with older, "tf1024" tfcrypt version. This version aims to provide a portable encryption tool to encrypt fixed media such as disks and archive files, -as well as to provide decades long privacy for encrypted data. That's why it uses 1024 bit -encryption and, unlike older version, virtually extends key size to 1280 bits by -removing tweak feature from Threefish and uses either XTS (by default) or OCB modes of -operation instead, to encrypt fixed media in a secure undetectable way. - +as well as to provide decades long privacy for encrypted data. Supported modes of operation: CTR, ECB, CBC, XTS, OCB and arbitrary long keystream. OCB mode does not use Skein hash function to hash and verify message, instead, it does a single pass crypt and verify, thus, it is faster than other modes when both crypt and verify. +Additionally, this version provides a way to virtually "extend" key size to 1280 bits, +by enabling "full_key" option or changing "do_full_key" default setting in tfcrypt_defs.h. +In this mode, tweak is ignored, and filled with extended key material. + THREEFISH NOTES Please note that this encryption software includes Threefish cipher, which is terribly diff --git a/VERSION b/VERSION index 209e3ef..aabe6ec 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -20 +21 diff --git a/tfc_conf.c b/tfc_conf.c index bd2b112..441d60c 100644 --- a/tfc_conf.c +++ b/tfc_conf.c @@ -94,6 +94,10 @@ _nspc: || macbits > TF_MAX_BITS || macbits % 8) xerror(NO, YES, YES, "[%s] macbits=%s: invalid MAC bits setting", path, d); } + else if (!strcmp(s, "do_full_key")) { + if (!strcasecmp(d, "yes")) do_full_key = YES; + else if (!strcasecmp(d, "no")) do_full_key = NO; + } else xerror(NO, YES, YES, "[%s] %s: unknown keyword", path, s); } diff --git a/tfc_vars.c b/tfc_vars.c index e7e7f54..933ef7b 100644 --- a/tfc_vars.c +++ b/tfc_vars.c @@ -62,7 +62,7 @@ size_t sksum_turns; int do_edcrypt = TFC_DO_ENCRYPT, do_stop, quiet, error_action; int counter_opt, mackey_opt, do_mac, do_outfmt = TFC_OUTFMT_B64, rawkey; int idx, write_flags; -tfc_yesno catch_all_errors, ignore_seek_errors, password, overwrite_source, do_fsync, do_pad, do_tfcrypt1; +tfc_yesno catch_all_errors, ignore_seek_errors, password, overwrite_source, do_fsync, do_pad; tfc_yesno do_preserve_time, do_stats_in_gibs, do_statline_dynamic = YES, do_less_stats; tfc_yesno no_repeat, do_full_hexdump = YES, verbose, statline_was_shown; char *srcfname = TFC_STDIN_NAME, *dstfname = TFC_STDOUT_NAME, *do_mac_file, *counter_file, *sksum_hashlist_file; diff --git a/tfcrypt.c b/tfcrypt.c index aeedd02..3fdf9c6 100644 --- a/tfcrypt.c +++ b/tfcrypt.c @@ -159,10 +159,11 @@ _baddfname: break; case 't': tweakf = optarg; + do_full_key = NO; break; case 'T': tfc_saltsz = 0; - do_tfcrypt1 = YES; + do_full_key = NO; break; case 'l': if (maxlen != NOFSIZE) break; @@ -493,8 +494,6 @@ _baddfname: xerror(NO, YES, YES, "Cannot encrypt and read CTR from source!"); if (overwrite_source && counter_opt == TFC_CTR_RAND) xerror(NO, YES, YES, "Cannot embed a CTR into file when overwriting it!"); - if (tweakf && do_tfcrypt1 == NO) - xerror(NO, YES, YES, "Use -T with -t tweakfile to enable old tfcrypt mode!"); if (ctr_mode == TFC_MODE_PLAIN && (do_edcrypt || do_mac || rawkey || mackey_opt || counter_opt || counter_file)) @@ -618,7 +617,7 @@ _mkragain: lio = xread(mkfd, pblk, lrem); else password = YES; errno = 0; - if (do_tfcrypt1 == YES && tweakf) { + if (do_full_key == NO && tweakf) { int twfd; if (!strcmp(tweakf, "-")) twfd = 0; @@ -914,7 +913,7 @@ _xts2genkey: if (xwrite(krfd, pblk, TF_FROM_BITS(TFC_KEY_BITS)) == NOSIZE) xerro tf_convkey(key); if (ctr_mode == TFC_MODE_XTS) tf_convkey(xtskey); - if (do_tfcrypt1 == YES) { + if (do_full_key == NO) { if (!tweakf) skein(tweak, TF_NR_TWEAK_BITS, NULL, key, TF_FROM_BITS(TFC_KEY_BITS)); tf_tweak_set(key, tweak); } diff --git a/tfcrypt.h b/tfcrypt.h index a36cc16..acb1c42 100644 --- a/tfcrypt.h +++ b/tfcrypt.h @@ -100,7 +100,7 @@ typedef unsigned long long tfc_useconds; #define NOFSIZE ((tfc_fsize)-1) #define TFC_ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0])) -#define TFC_KEY_BITS (do_tfcrypt1 == YES ? TF_MAX_BITS : TF_NR_KEY_BITS) +#define TFC_KEY_BITS (do_full_key == NO ? TF_MAX_BITS : TF_NR_KEY_BITS) #define TFC_ASCII_TFC_MAC_FOURCC "%TF" #define TFC_ASCII_TFC_MAC_FOURCC_LEN (sizeof(TFC_ASCII_TFC_MAC_FOURCC)-1) @@ -127,6 +127,7 @@ extern int ctr_mode; extern size_t macbits; extern size_t tfc_saltsz; extern tfc_byte tfc_salt[TFC_MAX_SALT]; +extern tfc_yesno do_full_key; extern char *progname; extern int exitcode; @@ -154,7 +155,7 @@ extern size_t sksum_turns; extern int do_edcrypt, do_stop, quiet, error_action; extern int counter_opt, mackey_opt, do_mac, do_outfmt, rawkey; extern int idx, write_flags; -extern tfc_yesno catch_all_errors, ignore_seek_errors, password, overwrite_source, do_fsync, do_pad, do_tfcrypt1; +extern tfc_yesno catch_all_errors, ignore_seek_errors, password, overwrite_source, do_fsync, do_pad; extern tfc_yesno do_preserve_time, do_stats_in_gibs, do_statline_dynamic, do_less_stats; extern tfc_yesno no_repeat, do_full_hexdump, verbose, statline_was_shown; extern char *srcfname, *dstfname, *do_mac_file, *counter_file, *sksum_hashlist_file; diff --git a/tfcrypt_defs.h b/tfcrypt_defs.h index 28db479..c7b3ae7 100644 --- a/tfcrypt_defs.h +++ b/tfcrypt_defs.h @@ -11,5 +11,6 @@ tfc_byte tfc_salt[TFC_MAX_SALT] = { 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, }; +tfc_yesno do_full_key = NO; #endif