From owner-svn-soc-all@FreeBSD.ORG Mon Jun 18 17:31:47 2012 Return-Path: Delivered-To: svn-soc-all@FreeBSD.org Received: from socsvn.FreeBSD.org (unknown [IPv6:2001:4f8:fff6::2f]) by hub.freebsd.org (Postfix) with SMTP id 246741065672 for ; Mon, 18 Jun 2012 17:31:45 +0000 (UTC) (envelope-from vchan@FreeBSD.org) Received: by socsvn.FreeBSD.org (sSMTP sendmail emulation); Mon, 18 Jun 2012 17:31:45 +0000 Date: Mon, 18 Jun 2012 17:31:45 +0000 From: vchan@FreeBSD.org To: svn-soc-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <20120618173145.246741065672@hub.freebsd.org> Cc: Subject: socsvn commit: r237896 - in soc2012/vchan/gtcp: . bwalex-tc-play X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2012 17:31:47 -0000 Author: vchan Date: Mon Jun 18 17:31:44 2012 New Revision: 237896 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=237896 Log: initial commit Added: soc2012/vchan/gtcp/ soc2012/vchan/gtcp/bwalex-tc-play/ soc2012/vchan/gtcp/bwalex-tc-play/LICENSE soc2012/vchan/gtcp/bwalex-tc-play/Makefile soc2012/vchan/gtcp/bwalex-tc-play/README.md soc2012/vchan/gtcp/bwalex-tc-play/crc32.c soc2012/vchan/gtcp/bwalex-tc-play/crc32.h soc2012/vchan/gtcp/bwalex-tc-play/crypto-dev.c soc2012/vchan/gtcp/bwalex-tc-play/crypto-gcrypt.c soc2012/vchan/gtcp/bwalex-tc-play/crypto.c soc2012/vchan/gtcp/bwalex-tc-play/generic_xts.c soc2012/vchan/gtcp/bwalex-tc-play/generic_xts.h soc2012/vchan/gtcp/bwalex-tc-play/hdr.c soc2012/vchan/gtcp/bwalex-tc-play/humanize.c soc2012/vchan/gtcp/bwalex-tc-play/humanize.h soc2012/vchan/gtcp/bwalex-tc-play/io.c soc2012/vchan/gtcp/bwalex-tc-play/main.c soc2012/vchan/gtcp/bwalex-tc-play/pbkdf2-gcrypt.c soc2012/vchan/gtcp/bwalex-tc-play/pbkdf2-openssl.c soc2012/vchan/gtcp/bwalex-tc-play/safe_mem.c soc2012/vchan/gtcp/bwalex-tc-play/tcplay.3 soc2012/vchan/gtcp/bwalex-tc-play/tcplay.8 soc2012/vchan/gtcp/bwalex-tc-play/tcplay.c soc2012/vchan/gtcp/bwalex-tc-play/tcplay.h soc2012/vchan/gtcp/bwalex-tc-play/tcplay.map soc2012/vchan/gtcp/bwalex-tc-play/tcplay_api.c soc2012/vchan/gtcp/bwalex-tc-play/tcplay_api.h soc2012/vchan/gtcp/bwalex-tc-play/tcplay_api_test.c Added: soc2012/vchan/gtcp/bwalex-tc-play/LICENSE ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2012/vchan/gtcp/bwalex-tc-play/LICENSE Mon Jun 18 17:31:44 2012 (r237896) @@ -0,0 +1,26 @@ +Copyright (c) 2011 Alex Hornung . +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. Added: soc2012/vchan/gtcp/bwalex-tc-play/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2012/vchan/gtcp/bwalex-tc-play/Makefile Mon Jun 18 17:31:44 2012 (r237896) @@ -0,0 +1,66 @@ +# either linux or dragonfly +SYSTEM?=linux + +# either openssl or gcrypt +PBKDF_BACKEND?=openssl + +# system compiler, normally gcc +CC?=gcc + +# whether to enable debugging or not +DEBUG?=no + +WARNFLAGS= -Wsystem-headers -Werror -Wall -W -Wno-unused-parameter \ + -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith \ + -Wold-style-definition -Wreturn-type -Wcast-qual -Wwrite-strings \ + -Wswitch -Wshadow -Wcast-align -Wunused-parameter -Wchar-subscripts \ + -Winline -Wnested-externs + +SRCS= tcplay.c crc32.c safe_mem.c io.c hdr.c humanize.c +SRCS+= crypto.c generic_xts.c +OBJS= tcplay.o crc32.o safe_mem.o io.o hdr.o humanize.o +OBJS+= crypto.o generic_xts.o + +CFLAGS+= $(WARNFLAGS) + +ifeq (${DEBUG}, yes) + CFLAGS+= -O0 -g -DDEBUG +else + CFLAGS+= -O3 +endif + +ifeq (${SYSTEM}, linux) + CFLAGS+= -D_GNU_SOURCE + LIBS+= -lgcrypt -ldevmapper -luuid + SRCS+= crypto-gcrypt.c + OBJS+= crypto-gcrypt.o + ifeq (${PBKDF_BACKEND}, gcrypt) + SRCS+= pbkdf2-gcrypt.c + OBJS+= pbkdf2-gcrypt.o + endif + ifeq (${PBKDF_BACKEND}, openssl) + SRCS+= pbkdf2-openssl.c + OBJS+= pbkdf2-openssl.o + LIBS+= -lcrypto + endif +endif + +ifeq (${SYSTEM}, dragonfly) + LIBS+= -lcrypto -ldm -lprop + SRCS+= crypto-dev.c + OBJS+= crypto-dev.o + SRCS+= pbkdf2-openssl.c + OBJS+= pbkdf2-openssl.o +endif + +program: + $(CC) $(CFLAGS) -o tcplay main.c $(SRCS) $(LIBS) +lib: + $(CC) $(CFLAGS) -c -fPIC tcplay_api.c $(SRCS) + $(CC) -shared -Wl,-version-script=tcplay.map -o libtcplay.so tcplay_api.o $(OBJS) + +test: + gcc -O0 -g -L. -I. tcplay_api_test.c -ltcplay -lcrypto -ldm -lprop +clean: + rm -f tcplay libtcplay.so tcplay.core *.o ktrace.out + Added: soc2012/vchan/gtcp/bwalex-tc-play/README.md ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2012/vchan/gtcp/bwalex-tc-play/README.md Mon Jun 18 17:31:44 2012 (r237896) @@ -0,0 +1,98 @@ +About +========== +tcplay is a free (BSD-licensed), pretty much fully featured (including multiple +keyfiles, cipher cascades, etc) and stable TrueCrypt implementation. + +This implementation supports mapping (opening) both system and normal TrueCrypt +volumes, as well as opening hidden volumes and opening an outer volume while +protecting a hidden volume. There is also support to create volumes, including +hidden volumes, etc. + +Since tcplay uses dm-crypt (or dm_target_crypt on DragonFly) it makes full use +of any available hardware encryption/decryption support once the volume has been +mapped. + +It is based solely on the documentation available on the TrueCrypt website, +many hours of trial and error and the output of the Linux' TrueCrypt client. +As it turns out, most technical documents on TrueCrypt contains mistakes, hence +the trial and error approach. + + + +Implementation notes +========== +DragonFly BSD uses the hybrid OpenSSL + cryptodev(9) approach that can be +found in crypto-dev.c. OpenSSL is only used for the hash/pbkdf2. The +encryption/decryption is performed via cryptodev(9) with enabled cryptosoft. + +On Linux gcrypt is used for the encryption and decryption. For the hash/pbkdf2 +either gcrypt or OpenSSL can be used. gcrypt only supports pbkdf2 since its +July 2011 release (1.5.0), while OpenSSL has had pbkdf2 since around December +2010, so its easier to find in most distros. + +The crypto options can be chosen with make/Makefile parameters. Building on Linux +is as easy as doing + + make SYSTEM=linux + +you can even skip the SYSTEM=linux, since that's the default. To choose the +PBKDF backend, you can use either, + + make PBKDF_BACKEND=openssl + +or + + make PBKDF_BACKEND=gcrypt + +The interface to device mapper is libdevmapper on Linux and libdm on DragonFly. +libdm is a BSD-licensed version of libdevmapper that I hacked together in a few +hours. + + + +OS Support +========== +tcplay is now available for both DragonFly BSD and Linux. It is a core part of +the DragonFly BSD operating system and is available in a number of linux +distros. + + + +Licensing +========== +The project is under a two-clause BSD license. I would consider dual-licensing +it if required. Drop me an email to discuss the options. + + + +Development +========== +tcplay is pretty much stable, but if you find a bug, please report it. +If anyone wants to add new features or port it to another OS, I'll gladly merge +your changes into this repository so that there is a single point of contact. + +I've noticed that sometimes bugs are only reported downstream (e.g. in the +distro's bugtracker). Please make sure those bugs are also reported upstream on +github, otherwise odds are they will never reach me. + +Coming features: + - restoring header from backup header + + + +Bugs in the TrueCrypt documentation +========== +The TrueCrypt documentation is pretty bad and does not really represent the +actual on-disk format nor the encryption/decryption process. + +Some notable differences between actual implementation and documentation: + - PBKDF using RIPEMD160 only uses 2000 iterations if the volume isn't a system + volume. + - The keyfile pool is not XOR'ed with the passphrase but modulo-8 summed. + - Every field *except* the minimum version field of the volume header are in + big endian. + - Some volume header fields (creation time of volume and header) are missing + in the documentation. + - All two-way cipher cascades are the wrong way round in the documentation, + but all three-way cipher cascades are correct. + Added: soc2012/vchan/gtcp/bwalex-tc-play/crc32.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2012/vchan/gtcp/bwalex-tc-play/crc32.c Mon Jun 18 17:31:44 2012 (r237896) @@ -0,0 +1,109 @@ +/*- + * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or + * code or tables extracted from it, as desired without restriction. + * + * First, the polynomial itself and its table of feedback terms. The + * polynomial is + * X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 + * + * Note that we take it "backwards" and put the highest-order term in + * the lowest-order bit. The X^32 term is "implied"; the LSB is the + * X^31 term, etc. The X^0 term (usually shown as "+1") results in + * the MSB being 1 + * + * Note that the usual hardware shift register implementation, which + * is what we're using (we're merely optimizing it by doing eight-bit + * chunks at a time) shifts bits into the lowest-order term. In our + * implementation, that means shifting towards the right. Why do we + * do it this way? Because the calculated CRC must be transmitted in + * order from highest-order term to lowest-order term. UARTs transmit + * characters in order from LSB to MSB. By storing the CRC this way + * we hand it to the UART in the order low-byte to high-byte; the UART + * sends each low-bit to hight-bit; and the result is transmission bit + * by bit from highest- to lowest-order term without requiring any bit + * shuffling on our part. Reception works similarly + * + * The feedback terms table consists of 256, 32-bit entries. Notes + * + * The table can be generated at runtime if desired; code to do so + * is shown later. It might not be obvious, but the feedback + * terms simply represent the results of eight shift/xor opera + * tions for all combinations of data and CRC register values + * + * The values must be right-shifted by eight bits by the "updcrc + * logic; the shift must be unsigned (bring in zeroes). On some + * hardware you could probably optimize the shift in assembler by + * using byte-swap instructions + * polynomial $edb88320 + */ + +#include +#include +#include "crc32.h" + +uint32_t crc32_tab[] = { + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, + 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, + 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, + 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, + 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, + 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, + 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, + 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, + 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, + 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, + 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, + 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, + 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, + 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, + 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, + 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, + 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, + 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, + 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, + 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, + 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, + 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, + 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, + 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, + 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, + 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, + 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, + 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, + 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, + 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, + 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, + 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, + 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, + 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, + 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, + 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, + 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, + 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, + 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, + 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, + 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, + 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d +}; + +uint32_t +crc32(const void *buf, size_t size) +{ + const uint8_t *p; + uint32_t crc; + + p = buf; + crc = ~0U; + + while (size--) + crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8); + + return crc ^ ~0U; +} + +uint32_t +crc32_intermediate(uint32_t crc, uint8_t d) +{ + return crc32_tab[(crc ^ d) & 0xFF] ^ (crc >> 8); +} Added: soc2012/vchan/gtcp/bwalex-tc-play/crc32.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2012/vchan/gtcp/bwalex-tc-play/crc32.h Mon Jun 18 17:31:44 2012 (r237896) @@ -0,0 +1,2 @@ +uint32_t crc32(const void *buf, size_t size); +uint32_t crc32_intermediate(uint32_t crc, uint8_t d); Added: soc2012/vchan/gtcp/bwalex-tc-play/crypto-dev.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2012/vchan/gtcp/bwalex-tc-play/crypto-dev.c Mon Jun 18 17:31:44 2012 (r237896) @@ -0,0 +1,165 @@ +/* + * Copyright (c) 2011 Alex Hornung . + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "tcplay.h" + +static +int +getallowsoft(void) +{ + int old; + size_t olen; + + olen = sizeof(old); + + if (sysctlbyname("kern.cryptodevallowsoft", &old, &olen, NULL, 0) < 0) { + perror("accessing sysctl kern.cryptodevallowsoft failed"); + } + + return old; +} + +static +void +setallowsoft(int new) +{ + int old; + size_t olen, nlen; + + olen = nlen = sizeof(new); + + if (sysctlbyname("kern.cryptodevallowsoft", &old, &olen, &new, nlen) < 0) { + perror("accessing sysctl kern.cryptodevallowsoft failed"); + } +} + +static +int +get_cryptodev_cipher_id(struct tc_crypto_algo *cipher) +{ + if (strcmp(cipher->name, "AES-128-XTS") == 0) + return CRYPTO_AES_XTS; + else if (strcmp(cipher->name, "AES-256-XTS") == 0) + return CRYPTO_AES_XTS; + else if (strcmp(cipher->name, "TWOFISH-128-XTS") == 0) + return CRYPTO_TWOFISH_XTS; + else if (strcmp(cipher->name, "TWOFISH-256-XTS") == 0) + return CRYPTO_TWOFISH_XTS; + else if (strcmp(cipher->name, "SERPENT-128-XTS") == 0) + return CRYPTO_SERPENT_XTS; + else if (strcmp(cipher->name, "SERPENT-256-XTS") == 0) + return CRYPTO_SERPENT_XTS; + else + return -1; +} + +int +syscrypt(struct tc_crypto_algo *cipher, unsigned char *key, size_t klen, unsigned char *iv, + unsigned char *in, unsigned char *out, size_t len, int do_encrypt) +{ + struct session_op session; + struct crypt_op cryp; + int cipher_id; + int cryptodev_fd = -1, fd = -1; + + cipher_id = get_cryptodev_cipher_id(cipher); + if (cipher_id < 0) { + tc_log(1, "Cipher %s not found\n", + cipher->name); + return ENOENT; + } + + if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) { + perror("Could not open /dev/crypto"); + goto err; + } + if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) { + perror("CRIOGET failed"); + goto err; + } + memset(&session, 0, sizeof(session)); + session.cipher = cipher_id; + session.key = (caddr_t) key; + session.keylen = klen; + if (ioctl(fd, CIOCGSESSION, &session) == -1) { + perror("CIOCGSESSION failed"); + goto err; + } + memset(&cryp, 0, sizeof(cryp)); + cryp.ses = session.ses; + cryp.op = do_encrypt ? COP_ENCRYPT : COP_DECRYPT; + cryp.flags = 0; + cryp.len = len; + cryp.src = (caddr_t) in; + cryp.dst = (caddr_t) out; + cryp.iv = (caddr_t) iv; + cryp.mac = 0; + if (ioctl(fd, CIOCCRYPT, &cryp) == -1) { + perror("CIOCCRYPT failed"); + goto err; + } + if (ioctl(fd, CIOCFSESSION, &session.ses) == -1) { + perror("CIOCFSESSION failed"); + goto err; + } + close(fd); + close(cryptodev_fd); + return (0); + +err: + if (fd != -1) + close(fd); + if (cryptodev_fd != -1) + close(cryptodev_fd); + return (-1); +} + +int +tc_crypto_init(void) +{ + int allowed; + + allowed = getallowsoft(); + if (allowed == 0) + setallowsoft(1); + + return 0; +} + Added: soc2012/vchan/gtcp/bwalex-tc-play/crypto-gcrypt.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2012/vchan/gtcp/bwalex-tc-play/crypto-gcrypt.c Mon Jun 18 17:31:44 2012 (r237896) @@ -0,0 +1,203 @@ +/* + * Copyright (c) 2011 Alex Hornung . + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +//#include +#include +#include +#include + +/* + * Yey for gcrypt and its broken includes... + * see http://lists.gnupg.org/pipermail/gcrypt-devel/2011-July/001830.html + * and http://seclists.org/wireshark/2011/Jul/208 + * for more details... + */ +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#include +#pragma GCC diagnostic warning "-Wdeprecated-declarations" + +#include "generic_xts.h" +#include "tcplay.h" + + +static int +gcrypt_encrypt(void *ctx, size_t blk_len, const uint8_t *src, uint8_t *dst) +{ + gcry_cipher_hd_t cipher_hd = (gcry_cipher_hd_t)ctx; + gcry_error_t gcry_err; + + gcry_err = gcry_cipher_encrypt( + cipher_hd, + dst, + blk_len, /* gcry_cipher_get_algo_blklen(GCRY_CIPHER_AES256) */ + src, + blk_len); + + return (gcry_err != 0); +} + +static int +gcrypt_decrypt(void *ctx, size_t blk_len, const uint8_t *src, uint8_t *dst) +{ + gcry_cipher_hd_t cipher_hd = (gcry_cipher_hd_t)ctx; + gcry_error_t gcry_err; + + gcry_err = gcry_cipher_decrypt( + cipher_hd, + dst, + blk_len /* gcry_cipher_get_algo_blklen(GCRY_CIPHER_AES256) */, + src, + blk_len); + + return (gcry_err != 0); +} + +static int +gcrypt_set_key(void **ctx, void *arg1, void *arg2 __unused, const u_int8_t *key, + int keybits __unused) +{ + gcry_cipher_hd_t *cipher_hd = (gcry_cipher_hd_t *)ctx; + int cipher = *((int *)arg1); + gcry_error_t gcry_err; + + gcry_err = gcry_cipher_open( + cipher_hd, + cipher, + GCRY_CIPHER_MODE_ECB, + 0); + + if (gcry_err) + return -1; + + gcry_err = gcry_cipher_setkey( + *cipher_hd, + key, + gcry_cipher_get_algo_keylen(cipher)); + + if (gcry_err) { + gcry_cipher_close(*cipher_hd); + *ctx = NULL; + return -1; + } + + return 0; +} + +static int +gcrypt_zero_key(void **ctx) +{ + gcry_cipher_hd_t *cipher_hd = (gcry_cipher_hd_t *)ctx; + + if (*cipher_hd == NULL) + return 0; + + gcry_cipher_close(*cipher_hd); + return 0; +} + +static +int +get_gcrypt_cipher_id(struct tc_crypto_algo *cipher) +{ + if (strcmp(cipher->name, "AES-128-XTS") == 0) + return GCRY_CIPHER_AES128; + else if (strcmp(cipher->name, "AES-256-XTS") == 0) + return GCRY_CIPHER_AES256; + else if (strcmp(cipher->name, "TWOFISH-128-XTS") == 0) + return GCRY_CIPHER_TWOFISH128; + else if (strcmp(cipher->name, "TWOFISH-256-XTS") == 0) + return GCRY_CIPHER_TWOFISH; /* XXX: really 256? */ + else if (strcmp(cipher->name, "SERPENT-128-XTS") == 0) + return GCRY_CIPHER_SERPENT128; + else if (strcmp(cipher->name, "SERPENT-256-XTS") == 0) + return GCRY_CIPHER_SERPENT256; + else + return -1; +} + +int +syscrypt(struct tc_crypto_algo *cipher, unsigned char *key, size_t klen, unsigned char *iv, + unsigned char *in, unsigned char *out, size_t len, int do_encrypt) +{ + struct xts_ctx *ctx; + int cipher_id; + int err; + + cipher_id = get_gcrypt_cipher_id(cipher); + if (cipher_id < 0) { + tc_log(1, "Cipher %s not found\n", + cipher->name); + return ENOENT; + } + + if ((ctx = (struct xts_ctx *)alloc_safe_mem(sizeof(struct xts_ctx))) == + NULL) { + tc_log(1, "Could not allocate safe xts_xts memory\n"); + return ENOMEM; + } + + err = xts_init(ctx, &cipher_id, NULL, gcrypt_set_key, gcrypt_zero_key, + gcrypt_encrypt, gcrypt_decrypt, + gcry_cipher_get_algo_blklen(cipher_id), + key, klen); + if (err) { + tc_log(1, "Error initializing generic XTS\n"); + return EINVAL; + } + + memcpy(out, in, len); + if (do_encrypt) + err = xts_encrypt(ctx, out, len, iv); + else + err = xts_decrypt(ctx, out, len, iv); + + if (err) { + tc_log(1, "Error encrypting/decrypting\n"); + xts_uninit(ctx); + return EINVAL; + } + + xts_uninit(ctx); + free_safe_mem(ctx); + + return 0; +} + +int +tc_crypto_init(void) +{ + gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN); + gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0); + gcry_control(GCRYCTL_RESUME_SECMEM_WARN); + + gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + + return 0; +} + Added: soc2012/vchan/gtcp/bwalex-tc-play/crypto.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2012/vchan/gtcp/bwalex-tc-play/crypto.c Mon Jun 18 17:31:44 2012 (r237896) @@ -0,0 +1,272 @@ +/* + * Copyright (c) 2011 Alex Hornung . + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "crc32.h" +#include "tcplay.h" + +int +tc_cipher_chain_populate_keys(struct tc_cipher_chain *cipher_chain, + unsigned char *key) +{ + int total_key_bytes, used_key_bytes; + struct tc_cipher_chain *dummy_chain; + + /* + * We need to determine the total key bytes as the key locations + * depend on it. + */ + total_key_bytes = 0; + for (dummy_chain = cipher_chain; + dummy_chain != NULL; + dummy_chain = dummy_chain->next) { + total_key_bytes += dummy_chain->cipher->klen; + } + + /* + * Now we need to get prepare the keys, as the keys are in + * forward order with respect to the cipher cascade, but + * the actual decryption is in reverse cipher cascade order. + */ + used_key_bytes = 0; + for (dummy_chain = cipher_chain; + dummy_chain != NULL; + dummy_chain = dummy_chain->next) { + dummy_chain->key = alloc_safe_mem(dummy_chain->cipher->klen); + if (dummy_chain->key == NULL) { + tc_log(1, "tc_decrypt: Could not allocate key " + "memory\n"); + return ENOMEM; + } + + /* XXX: here we assume XTS operation! */ + memcpy(dummy_chain->key, + key + used_key_bytes/2, + dummy_chain->cipher->klen/2); + memcpy(dummy_chain->key + dummy_chain->cipher->klen/2, + key + (total_key_bytes/2) + used_key_bytes/2, + dummy_chain->cipher->klen/2); + + /* Remember how many key bytes we've seen */ + used_key_bytes += dummy_chain->cipher->klen; + } + + return 0; +} + +int +tc_cipher_chain_free_keys(struct tc_cipher_chain *cipher_chain) +{ + for (; cipher_chain != NULL; cipher_chain = cipher_chain->next) { + if (cipher_chain->key != NULL) { + free_safe_mem(cipher_chain->key); + cipher_chain->key = NULL; + } + } + + return 0; +} + +int +tc_encrypt(struct tc_cipher_chain *cipher_chain, unsigned char *key, + unsigned char *iv, + unsigned char *in, int in_len, unsigned char *out) +{ + struct tc_cipher_chain *chain_start; + int err; + + chain_start = cipher_chain; + + if ((err = tc_cipher_chain_populate_keys(cipher_chain, key))) + return err; + +#ifdef DEBUG + printf("tc_encrypt: starting chain\n"); +#endif + + /* + * Now process the actual decryption, in forward cascade order. + */ + for (; + cipher_chain != NULL; + cipher_chain = cipher_chain->next) { +#ifdef DEBUG + printf("tc_encrypt: Currently using cipher %s\n", + cipher_chain->cipher->name); +#endif + + err = syscrypt(cipher_chain->cipher, cipher_chain->key, + cipher_chain->cipher->klen, iv, in, out, in_len, 1); + + /* Deallocate this key, since we won't need it anymore */ + free_safe_mem(cipher_chain->key); + cipher_chain->key = NULL; + + if (err != 0) { + tc_cipher_chain_free_keys(chain_start); + return err; + } + + /* Set next input buffer as current output buffer */ + in = out; + } + + tc_cipher_chain_free_keys(chain_start); + + return 0; +} + +int +tc_decrypt(struct tc_cipher_chain *cipher_chain, unsigned char *key, + unsigned char *iv, + unsigned char *in, int in_len, unsigned char *out) +{ + struct tc_cipher_chain *chain_start; + int err; + + chain_start = cipher_chain; + + if ((err = tc_cipher_chain_populate_keys(cipher_chain, key))) + return err; + +#ifdef DEBUG + printf("tc_decrypt: starting chain!\n"); +#endif + + /* + * Now process the actual decryption, in reverse cascade order; so + * first find the last element in the chain. + */ + for (; cipher_chain->next != NULL; cipher_chain = cipher_chain->next) + ; + for (; + cipher_chain != NULL; + cipher_chain = cipher_chain->prev) { +#ifdef DEBUG + printf("tc_decrypt: Currently using cipher %s\n", + cipher_chain->cipher->name); +#endif + + err = syscrypt(cipher_chain->cipher, cipher_chain->key, + cipher_chain->cipher->klen, iv, in, out, in_len, 0); + + /* Deallocate this key, since we won't need it anymore */ + free_safe_mem(cipher_chain->key); + cipher_chain->key = NULL; + + if (err != 0) { + tc_cipher_chain_free_keys(chain_start); + return err; + } + + /* Set next input buffer as current output buffer */ + in = out; + } + + tc_cipher_chain_free_keys(chain_start); + + return 0; +} + +int +apply_keyfiles(unsigned char *pass, size_t pass_memsz, const char *keyfiles[], + int nkeyfiles) +{ + int pl, k; + unsigned char *kpool; + unsigned char *kdata; + int kpool_idx; + size_t i, kdata_sz; + uint32_t crc; + + if (pass_memsz < MAX_PASSSZ) { + tc_log(1, "Not enough memory for password manipluation\n"); + return ENOMEM; + } + + pl = strlen((char *)pass); + memset(pass+pl, 0, MAX_PASSSZ-pl); + + if ((kpool = alloc_safe_mem(KPOOL_SZ)) == NULL) { + tc_log(1, "Error allocating memory for keyfile pool\n"); + return ENOMEM; + } + + memset(kpool, 0, KPOOL_SZ); + + for (k = 0; k < nkeyfiles; k++) { +#ifdef DEBUG + printf("Loading keyfile %s into kpool\n", keyfiles[k]); +#endif + kpool_idx = 0; + crc = ~0U; + kdata_sz = MAX_KFILE_SZ; + + if ((kdata = read_to_safe_mem(keyfiles[k], 0, &kdata_sz)) == NULL) { + tc_log(1, "Error reading keyfile %s content\n", + keyfiles[k]); + free_safe_mem(kpool); + return EIO; + } + + for (i = 0; i < kdata_sz; i++) { + crc = crc32_intermediate(crc, kdata[i]); + + kpool[kpool_idx++] += (unsigned char)(crc >> 24); + kpool[kpool_idx++] += (unsigned char)(crc >> 16); + kpool[kpool_idx++] += (unsigned char)(crc >> 8); + kpool[kpool_idx++] += (unsigned char)(crc); + + /* Wrap around */ + if (kpool_idx == KPOOL_SZ) + kpool_idx = 0; + } + + free_safe_mem(kdata); + } + +#ifdef DEBUG + printf("Applying kpool to passphrase\n"); +#endif + /* Apply keyfile pool to passphrase */ + for (i = 0; i < KPOOL_SZ; i++) + pass[i] += kpool[i]; + + free_safe_mem(kpool); + + return 0; +} Added: soc2012/vchan/gtcp/bwalex-tc-play/generic_xts.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ soc2012/vchan/gtcp/bwalex-tc-play/generic_xts.c Mon Jun 18 17:31:44 2012 (r237896) @@ -0,0 +1,175 @@ +/* + * Copyright (C) 2008, Damien Miller + * Copyright (C) 2011, Alex Hornung + * + * Permission to use, copy, and modify this software with or without fee + * is hereby granted, provided that this entire notice is included in + * all copies of any software which is or includes a copy or + * modification of this software. + * You may use this code under the GNU public license if you so wish. Please + * contribute changes back to the authors under this freer than GPL license + * so that we may further the use of strong encryption without limitations to + * all. + * + * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY + * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE + * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR + * PURPOSE. + */ + +#include +#include +#include +#include +#include + +#include "tcplay.h" +#include "generic_xts.h" + + + +static int *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***