NVbit : Accessing Bitlocker volumes from linux.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

451 lines
13KB

  1. /*
  2. nvbit Bitlocker for linux
  3. ------------------------------
  4. Nitin Kumar nitin at nvlabs.in
  5. Vipin Kumar vipin at nvlabs.in
  6. web: http://www.nvlabs.in
  7. Licensed under GPL Version 3
  8. -------------------
  9. Copyright (c) 2008
  10. Released under the GPL Version 3
  11. http://www.gnu.org/licenses/gpl-3.0.txt
  12. */
  13. /* This file contains sector decrytion releated functions.This file also contains diffuser implementation (one sided)
  14. */
  15. #include <stdio.h>
  16. #include <stdlib.h> // for _lrotr function
  17. #include <malloc.h>
  18. #include <time.h>
  19. #include "common.h"
  20. #include "header.h"
  21. #include "interface.h"
  22. #include "aes/aes.h"
  23. #define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
  24. /* Only first and last sectors need to be patched */
  25. void fix_sector( options_structure *options,
  26. int8 *buffer) // the buffer which needs to be fixed
  27. {
  28. /* only changes that are made to a ntfs boot sector after enabling bitlocker are
  29. the MFT mirror paramter is chaged to point to FVE meta data
  30. the volume identifier is changed from "NTFS " to "-FVE-FS-"
  31. then changed MFT mirror value is stored in the FVE-metadata
  32. */
  33. FVE_META_DATA *meta_data;
  34. meta_data = (FVE_META_DATA *)buffer;
  35. meta_data->MetaDataLCN = options->more_fve_data.MFT_Mirror ;
  36. // now update the the partion id
  37. memcpy( meta_data->Signature,NTFS_SIGNATURE,8);
  38. // successful patching done so return
  39. }
  40. void init_keys(options_structure *options)
  41. {
  42. // volume keys are always 256 bit whatevr the condition
  43. aes_setkey_enc( &options->context.VMK_E_ctx, options->VMK_key+12,256);
  44. aes_setkey_dec( &options->context.VMK_D_ctx, options->VMK_key+12,256);
  45. //FVEK keys depend on algorithm
  46. if ( options->Encryption_Type == AES128 || options->Encryption_Type == AES128_diffuser ) {
  47. aes_setkey_enc( &options->context.FVEK_E_ctx, options->FVEK_key+12,128);
  48. aes_setkey_dec( &options->context.FVEK_D_ctx, options->FVEK_key+12,128);
  49. }
  50. if ( options->Encryption_Type == AES256 || options->Encryption_Type == AES256_diffuser ) {
  51. aes_setkey_enc( &options->context.FVEK_E_ctx, options->FVEK_key+12,256);
  52. aes_setkey_dec( &options->context.FVEK_D_ctx, options->FVEK_key+12,256);
  53. }
  54. // TWEAK keys also depend on algorithm
  55. if ( options->Encryption_Type == AES128_diffuser ) {
  56. aes_setkey_enc( &options->context.TWEAK_E_ctx, options->Tweak_Key+12,128);
  57. aes_setkey_dec( &options->context.TWEAK_D_ctx, options->Tweak_Key+12,128);
  58. }
  59. if ( options->Encryption_Type == AES256_diffuser ) {
  60. aes_setkey_enc( &options->context.TWEAK_E_ctx, options->Tweak_Key+12,256);
  61. aes_setkey_dec( &options->context.TWEAK_D_ctx, options->Tweak_Key+12,256);
  62. }
  63. // all key contexts have been set
  64. }
  65. void decrypt_diffused_sector( options_structure *options, // the usual keys
  66. int8 *sector_data, // actual encrypted data after decrypted data is also available here
  67. int32 sector_size, // size of sector which is being decoded
  68. int64 sector );
  69. // this means a sector encrypted with pure AES 128 or AES 256
  70. unsigned long decrypt_normal_sector( options_structure *options, // the usual keys
  71. int8 *sector_data, // actual encrypted data after decrypted data is also available here
  72. int32 sector_size, // size of sector which is being decoded
  73. int64 sector ) // this means if a 4 th sector sector is being decoded
  74. {
  75. aes_context fvek_d_ctxt;
  76. int8 IV[20] ; // initilization vector
  77. /*
  78. // if algorithm is not AES 128 or AES 256 return -1
  79. if ( options->Encryption_Type == AES128_diffuser ||
  80. options->Encryption_Type == AES256_diffuser )
  81. return -1;
  82. // setup key schedule according to the algorithm
  83. if ( options->Encryption_Type == AES128 )
  84. aes_setkey_dec( &fvek_d_ctxt, options->FVEK_key + 12, 128); // 128 bit encryption
  85. else if (options->Encryption_Type == AES256)
  86. aes_setkey_dec( &fvek_d_ctxt, options->FVEK_key + 12, 256); // select 256 bit encryption
  87. else
  88. return -1;
  89. */
  90. memset(IV,0,sizeof(IV)); // init initialization vector
  91. aes_crypt_cbc(&options->context.FVEK_D_ctx,AES_DECRYPT,sector_size,IV,sector_data,sector_data);
  92. return 0;
  93. }
  94. // this will select a decryptor based on the algorithm selected in the FVEK
  95. // and return result
  96. void decrypt_sector(options_structure *options,
  97. int8 *sector_data,
  98. int64 sector )
  99. {
  100. // select a function based on algorithm
  101. if ( options->Encryption_Type == AES128 || options->Encryption_Type == AES256 )
  102. return decrypt_normal_sector(options,sector_data,options->fve_meta_data.BytesPerSector,sector);
  103. if ( options->Encryption_Type == AES128_diffuser || options->Encryption_Type == AES256_diffuser )
  104. return decrypt_diffused_sector(options,sector_data,options->fve_meta_data.BytesPerSector,sector);
  105. // we are here means unknown algorithm
  106. return -1;
  107. }
  108. // this function does the actual decryption of data
  109. void decrypt_data(Interface* input_interface, options_structure *options) {
  110. unsigned char encrypted_buffer[ 8192];
  111. unsigned char decrypted_buffer[8192];
  112. FILE *stream;
  113. unsigned long loop_var;
  114. if( (stream = fopen( "decrypted", "w+b" )) == NULL ) {
  115. printf("Output file could not be opned");
  116. return ;
  117. }
  118. // process first sector and write it
  119. Read_Sector( input_interface,0 ,1, encrypted_buffer);
  120. fix_sector(options,encrypted_buffer);
  121. fwrite(encrypted_buffer,1,512,stream);
  122. loop_var =0; // start decrypting from the 9 sector
  123. #define DECRYPTED_SECTORS 10
  124. for ( loop_var =1 ;loop_var < DECRYPTED_SECTORS;loop_var++)
  125. {
  126. Read_Sector( input_interface,loop_var ,1, encrypted_buffer);
  127. fwrite(encrypted_buffer,1,512,stream);
  128. }
  129. loop_var = DECRYPTED_SECTORS ;
  130. //for(loop_var = 0; loop_var < 100000 ;loop_var++)
  131. while( 1)//!feof(input_interface->stream ))
  132. {
  133. loop_var++;
  134. // read one sector at a time and decrypt it
  135. //if (! feof( input_interface->stream)) {
  136. Read_Sector( input_interface,loop_var ,1, encrypted_buffer);
  137. //}
  138. // if eof break;
  139. if ( feof(input_interface->stream ))
  140. break;
  141. // sector has been read now decrypt it
  142. decrypt_sector(options,encrypted_buffer,loop_var);
  143. fwrite(encrypted_buffer,1,512,stream);
  144. }
  145. // we are here means whole file has been decrypte including the last sector
  146. // so fix it up
  147. // it is done by seeking back 512 bytes
  148. // reading 0 sector , fixing it up
  149. // and then writing it again
  150. custom_fseek(stream, (int64)0 - (int64)input_interface->SectorSize ,SEEK_CUR);
  151. Read_Sector( input_interface,0 ,1, encrypted_buffer);
  152. fix_sector(options,encrypted_buffer);
  153. fwrite(encrypted_buffer,1,512,stream);
  154. fclose(stream);
  155. }
  156. unsigned long Diffuser_B_Decrypt(unsigned char *input, int32 input_size);
  157. unsigned long Diffuser_A_Decrypt(unsigned char *input, int32 input_size);
  158. void decrypt_diffused_sector( options_structure *options, // the usual keys
  159. unsigned char *sector_data, // actual encrypted data after decrypted data is also available here
  160. int32 sector_size, // size of sector which is being decoded
  161. int64 sector ) // this means if a 4 th sector sector is being decoded
  162. {
  163. unsigned char IV[20]; // used to stor IV which is sector specific
  164. unsigned char e[20] ; // used to store sector byte offset
  165. unsigned char sector_key_buffer[40]; // it's actuall a 512 bit value which is xored into the plain text
  166. int64 temp_var_e;
  167. unsigned long loop_var;
  168. /*aes_context fvek_e_ctxt,fvek_d_ctxt;
  169. aes_context tweak_e_ctxt,tweak_d_ctxt;
  170. // initialise contexts
  171. aes_setkey_dec( &fvek_d_ctxt, options->FVEK_key + 12, 128);
  172. aes_setkey_enc( &fvek_e_ctxt, options->FVEK_key + 12, 128);
  173. aes_setkey_dec (&tweak_d_ctxt, options->Tweak_Key + 12 , 128);
  174. aes_setkey_enc (&tweak_e_ctxt, options->Tweak_Key + 12 , 128); // this key is used to get sector key
  175. */
  176. // let us compute e and other data which is necessary for decryption
  177. /*first e is computed
  178. e is nothing byt byte offset of that sector from start of volume
  179. */
  180. temp_var_e = sector * options->fve_meta_data.BytesPerSector ;
  181. memset(e,0,sizeof(e));
  182. memcpy(e, &temp_var_e , sizeof(temp_var_e)); // copy this number into a buffer in least byte first encoding
  183. // now let us fill in IV for this sector
  184. aes_crypt_ecb(&options->context.FVEK_E_ctx,AES_ENCRYPT,e , IV);
  185. // this block will fill the sector key
  186. {
  187. // now let us compuet sector_key_buffer
  188. aes_crypt_ecb(&options->context.TWEAK_E_ctx,AES_ENCRYPT,e,sector_key_buffer) ;
  189. //now put 128 in the 16th byte of e
  190. e[15] = 128; // now e represent's e'
  191. aes_crypt_ecb(&options->context.TWEAK_E_ctx,AES_ENCRYPT,e,sector_key_buffer+ 16) ;
  192. }
  193. // now decrypt the buffer usinf AESCBC using the fvek key decryption context
  194. // we use the same buffer as both input and output
  195. aes_crypt_cbc(&options->context.FVEK_D_ctx,AES_DECRYPT,options->fve_meta_data.BytesPerSector,IV,sector_data,sector_data);
  196. // now let us call the diffuser B decryptor
  197. Diffuser_B_Decrypt(sector_data,options->fve_meta_data.BytesPerSector);
  198. // now let us call the diffuser B decryptor
  199. Diffuser_A_Decrypt(sector_data,options->fve_meta_data.BytesPerSector);
  200. // apply sector XOR wit sector key
  201. for( loop_var = 0 ; loop_var < options->fve_meta_data.BytesPerSector ;loop_var++)
  202. sector_data[loop_var] = sector_data[loop_var] ^ sector_key_buffer[ loop_var % 32] ;
  203. // at this stage the buffer is already decrypted succesfully, if everything went right
  204. return ;
  205. }
  206. // TODO write an ecryption function just convertting first plus into minus will make an encryption function
  207. //this applies to both Diffuser A and Diffuser B , thus we can have write support
  208. // this will apply an in place diffuser B decryption function
  209. int32 Diffuser_B_Decrypt(unsigned char *input, unsigned long input_size)
  210. {
  211. int32 temp_array[512];
  212. int32 loop_var;
  213. int32 max_loop;
  214. int32 total_loop; // no . of times diffuser is applied to whole block
  215. //init array with supplied data
  216. memcpy(temp_array,input, input_size);
  217. max_loop = input_size / 4;
  218. total_loop = 3; // the diffuser function is applied a total of 3 times
  219. while ( total_loop) {
  220. // the below loop should be executed
  221. for ( loop_var = 0 ; loop_var < (max_loop-1) ;) {
  222. temp_array[loop_var] = temp_array[loop_var] + ( temp_array [ (loop_var +2 ) % max_loop] ^ ROTATE( (temp_array [ ( loop_var + 5) % max_loop]),0));
  223. loop_var++;
  224. temp_array[loop_var] = temp_array[loop_var] + ( temp_array [ (loop_var +2 ) % max_loop] ^ ROTATE( (temp_array [ ( loop_var + 5) % max_loop]),10));
  225. loop_var++;
  226. temp_array[loop_var] = temp_array[loop_var] + ( temp_array [ (loop_var +2 ) % max_loop] ^ ROTATE( (temp_array [ ( loop_var + 5) % max_loop]),0));
  227. loop_var++;
  228. temp_array[loop_var] = temp_array[loop_var] + ( temp_array [ (loop_var +2 ) % max_loop] ^ ROTATE( (temp_array [ ( loop_var + 5) % max_loop]),25));
  229. loop_var++;
  230. }
  231. total_loop-- ;
  232. } // end total_loop
  233. // now copy the output onto to the input
  234. memcpy(input, temp_array, input_size);
  235. return 0;
  236. }
  237. // this will apply an in place diffuser A decryption function
  238. int32 Diffuser_A_Decrypt(unsigned char *input, int32 input_size)
  239. {
  240. unsigned long temp_array[512];
  241. unsigned long loop_var;
  242. unsigned long max_loop;
  243. unsigned long total_loop; // no . of times diffuser is applied to whole block
  244. //init array with supplied data
  245. memcpy(temp_array,input, input_size);
  246. max_loop = input_size / 4;
  247. total_loop = 5; // the diffuser function is applied a total of 3 times
  248. while ( total_loop) {
  249. // the below loop should be executed
  250. for ( loop_var = 0 ; loop_var < (max_loop-1) ;) {
  251. temp_array[loop_var] = temp_array[loop_var] + ( temp_array [ (loop_var -2 ) % max_loop] ^ ROTATE( (temp_array [ ( loop_var - 5) % max_loop]),9));
  252. loop_var++;
  253. temp_array[loop_var] = temp_array[loop_var] + ( temp_array [ (loop_var -2 ) % max_loop] ^ ROTATE( (temp_array [ ( loop_var - 5) % max_loop]),0));
  254. loop_var++;
  255. temp_array[loop_var] = temp_array[loop_var] + ( temp_array [ (loop_var -2 ) % max_loop] ^ ROTATE( (temp_array [ ( loop_var - 5) % max_loop]),13));
  256. loop_var++;
  257. temp_array[loop_var] = temp_array[loop_var] + ( temp_array [ (loop_var -2 ) % max_loop] ^ ROTATE( (temp_array [ ( loop_var - 5) % max_loop]),0));
  258. loop_var++;
  259. }
  260. total_loop-- ;
  261. } // end total_loop
  262. // now copy the output onto to the input
  263. memcpy(input, temp_array, input_size);
  264. return 0;
  265. }