1 /* 2 * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in 13 * the documentation and/or other materials provided with the 14 * distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 19 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 20 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 21 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 22 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 24 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 25 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 26 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 #include <sys/types.h> 30 #include <sys/param.h> 31 #include <inttypes.h> 32 33 #include <fcntl.h> 34 #include <unistd.h> 35 #include <errno.h> 36 #include <string.h> 37 #include <stdio.h> 38 39 #include "crc32.h" 40 #include "tcplay.h" 41 42 int 43 tc_cipher_chain_populate_keys(struct tc_cipher_chain *cipher_chain, 44 unsigned char *key) 45 { 46 int total_key_bytes, used_key_bytes; 47 struct tc_cipher_chain *dummy_chain; 48 49 /* 50 * We need to determine the total key bytes as the key locations 51 * depend on it. 52 */ 53 total_key_bytes = tc_cipher_chain_klen(cipher_chain); 54 55 /* 56 * Now we need to get prepare the keys, as the keys are in 57 * forward order with respect to the cipher cascade, but 58 * the actual decryption is in reverse cipher cascade order. 59 */ 60 used_key_bytes = 0; 61 for (dummy_chain = cipher_chain; 62 dummy_chain != NULL; 63 dummy_chain = dummy_chain->next) { 64 dummy_chain->key = alloc_safe_mem(dummy_chain->cipher->klen); 65 if (dummy_chain->key == NULL) { 66 tc_log(1, "tc_decrypt: Could not allocate key " 67 "memory\n"); 68 return ENOMEM; 69 } 70 71 /* XXX: here we assume XTS operation! */ 72 memcpy(dummy_chain->key, 73 key + used_key_bytes/2, 74 dummy_chain->cipher->klen/2); 75 memcpy(dummy_chain->key + dummy_chain->cipher->klen/2, 76 key + (total_key_bytes/2) + used_key_bytes/2, 77 dummy_chain->cipher->klen/2); 78 79 /* Remember how many key bytes we've seen */ 80 used_key_bytes += dummy_chain->cipher->klen; 81 } 82 83 return 0; 84 } 85 86 int 87 tc_cipher_chain_free_keys(struct tc_cipher_chain *cipher_chain) 88 { 89 for (; cipher_chain != NULL; cipher_chain = cipher_chain->next) { 90 if (cipher_chain->key != NULL) { 91 free_safe_mem(cipher_chain->key); 92 cipher_chain->key = NULL; 93 } 94 } 95 96 return 0; 97 } 98 99 int 100 tc_encrypt(struct tc_cipher_chain *cipher_chain, unsigned char *key, 101 unsigned char *iv, 102 unsigned char *in, int in_len, unsigned char *out) 103 { 104 struct tc_cipher_chain *chain_start; 105 int err; 106 107 chain_start = cipher_chain; 108 109 if ((err = tc_cipher_chain_populate_keys(cipher_chain, key))) 110 return err; 111 112 #ifdef DEBUG 113 printf("tc_encrypt: starting chain\n"); 114 #endif 115 116 /* 117 * Now process the actual decryption, in forward cascade order. 118 */ 119 for (; 120 cipher_chain != NULL; 121 cipher_chain = cipher_chain->next) { 122 #ifdef DEBUG 123 printf("tc_encrypt: Currently using cipher %s\n", 124 cipher_chain->cipher->name); 125 #endif 126 127 err = syscrypt(cipher_chain->cipher, cipher_chain->key, 128 cipher_chain->cipher->klen, iv, in, out, in_len, 1); 129 130 /* Deallocate this key, since we won't need it anymore */ 131 free_safe_mem(cipher_chain->key); 132 cipher_chain->key = NULL; 133 134 if (err != 0) { 135 tc_cipher_chain_free_keys(chain_start); 136 return err; 137 } 138 139 /* Set next input buffer as current output buffer */ 140 in = out; 141 } 142 143 tc_cipher_chain_free_keys(chain_start); 144 145 return 0; 146 } 147 148 int 149 tc_decrypt(struct tc_cipher_chain *cipher_chain, unsigned char *key, 150 unsigned char *iv, 151 unsigned char *in, int in_len, unsigned char *out) 152 { 153 struct tc_cipher_chain *chain_start; 154 int err; 155 156 chain_start = cipher_chain; 157 158 if ((err = tc_cipher_chain_populate_keys(cipher_chain, key))) 159 return err; 160 161 #ifdef DEBUG 162 printf("tc_decrypt: starting chain!\n"); 163 #endif 164 165 /* 166 * Now process the actual decryption, in reverse cascade order; so 167 * first find the last element in the chain. 168 */ 169 for (; cipher_chain->next != NULL; cipher_chain = cipher_chain->next) 170 ; 171 for (; 172 cipher_chain != NULL; 173 cipher_chain = cipher_chain->prev) { 174 #ifdef DEBUG 175 printf("tc_decrypt: Currently using cipher %s\n", 176 cipher_chain->cipher->name); 177 #endif 178 179 err = syscrypt(cipher_chain->cipher, cipher_chain->key, 180 cipher_chain->cipher->klen, iv, in, out, in_len, 0); 181 182 /* Deallocate this key, since we won't need it anymore */ 183 free_safe_mem(cipher_chain->key); 184 cipher_chain->key = NULL; 185 186 if (err != 0) { 187 tc_cipher_chain_free_keys(chain_start); 188 return err; 189 } 190 191 /* Set next input buffer as current output buffer */ 192 in = out; 193 } 194 195 tc_cipher_chain_free_keys(chain_start); 196 197 return 0; 198 } 199 200 int 201 apply_keyfiles(unsigned char *pass, size_t pass_memsz, const char *keyfiles[], 202 int nkeyfiles) 203 { 204 int pl, k; 205 unsigned char *kpool; 206 unsigned char *kdata; 207 int kpool_idx; 208 size_t i, kdata_sz; 209 uint32_t crc; 210 211 if (pass_memsz < MAX_PASSSZ) { 212 tc_log(1, "Not enough memory for password manipluation\n"); 213 return ENOMEM; 214 } 215 216 pl = strlen((char *)pass); 217 memset(pass+pl, 0, MAX_PASSSZ-pl); 218 219 if ((kpool = alloc_safe_mem(KPOOL_SZ)) == NULL) { 220 tc_log(1, "Error allocating memory for keyfile pool\n"); 221 return ENOMEM; 222 } 223 224 memset(kpool, 0, KPOOL_SZ); 225 226 for (k = 0; k < nkeyfiles; k++) { 227 #ifdef DEBUG 228 printf("Loading keyfile %s into kpool\n", keyfiles[k]); 229 #endif 230 kpool_idx = 0; 231 crc = ~0U; 232 kdata_sz = MAX_KFILE_SZ; 233 234 if ((kdata = read_to_safe_mem(keyfiles[k], 0, &kdata_sz)) == NULL) { 235 tc_log(1, "Error reading keyfile %s content\n", 236 keyfiles[k]); 237 free_safe_mem(kpool); 238 return EIO; 239 } 240 241 for (i = 0; i < kdata_sz; i++) { 242 crc = crc32_intermediate(crc, kdata[i]); 243 244 kpool[kpool_idx++] += (unsigned char)(crc >> 24); 245 kpool[kpool_idx++] += (unsigned char)(crc >> 16); 246 kpool[kpool_idx++] += (unsigned char)(crc >> 8); 247 kpool[kpool_idx++] += (unsigned char)(crc); 248 249 /* Wrap around */ 250 if (kpool_idx == KPOOL_SZ) 251 kpool_idx = 0; 252 } 253 254 free_safe_mem(kdata); 255 } 256 257 #ifdef DEBUG 258 printf("Applying kpool to passphrase\n"); 259 #endif 260 /* Apply keyfile pool to passphrase */ 261 for (i = 0; i < KPOOL_SZ; i++) 262 pass[i] += kpool[i]; 263 264 free_safe_mem(kpool); 265 266 return 0; 267 } 268