diff --git a/README.md b/README.md index eb89e9d..270b1e8 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ _Shufflecake_ is a plausible deniability (hidden storage) layer for Linux. You can consider Shufflecake a spiritual successor of tools like TrueCrypt and VeraCrypt, but vastly improved, both in terms of security and functionality. Official website: . -This repository contains source code and installation instructions to correctly manage the creation, opening, and closing of Shufflecake volumes. +This repository contains C source code and documentation to use and manage Shufflecake volumes. __WARNING__: Shufflecake is still experimental software, please do not rely on its security or stability. @@ -26,6 +26,9 @@ __WARNING__: Shufflecake is still experimental software, please do not rely on i - [Initializing Device](#init) - [Opening Volumes](#open) - [Closing Volumes](#close) + - [Other Commands](#other) + - [Changing A Password](#changepwd) + - [Check If A Password Is Correct](#testpwd) - [Advanced Usage](#advanced) - [Volume Corruption Mitigation](#mitigcorr) - [Providing Passwords Non-Interactively](#passwordnonint) @@ -40,16 +43,19 @@ __WARNING__: Shufflecake is still experimental software, please do not rely on i ## Overview -In the context of Shufflecake, a _device_, or _cake_, is the underlying raw block device (e.g., a disk) that is formatted to contain hidden data, while a _volume_, or _layer_, is the logical, encrypted and hidden "partition" within a device. The device can be a whole USB stick (or disk), a partition, a file-backed loop device, etc. (you likely find it under `/dev`). +In the context of Shufflecake, a _device_, or _cake_, is the underlying raw block device (e.g., a disk) that is formatted to contain hidden data, while a _volume_, or _layer_, is the logical, encrypted and hidden "partition" within a device. The device can be a whole USB stick (or disk), a physical or logical partition, a file-backed loop device, etc. (you likely find it under `/dev`). -The two operating principles of Shufflecake are: +The three operating principles of Shufflecake are: - 1 device = multiple volumes - 1 volume = 1 password = 1 "secrecy level" +- unlocking a volume also unlocks all those of lesser secrecy level -Volumes are password-protected, and embedded in the underlying device as data _slices_ which are indistinguishable from random noise without the proper password. Headers are also indistinguishable from random when not decrypted. +Volumes are password-protected, and embedded in the underlying device as data _slices_ which are indistinguishable from random noise without the proper password. Headers are also indistinguishable from random when not decrypted. A Shufflecake-initialized device does not have cleartext headers, and is indistinguishable from random noise when not decrypted. Up to 15 _ordered_ Shufflecake volumes can be created on a single device, with the implicit assumption that "lower-order" volumes (e.g. layer 0) are _less_ _secret_ than "higher-order" ones (e.g. layer 3). The Shufflecake header is designed in such a way that it _chains_ volumes in a backwards-linked list: volume __i__ "points to" (contains the key of) volume __i-1__. This way, providing the key of volume __M__ allows this tool to traverse the list and also automatically open volumes __0__ through __M-1__ (besides volume __M__). +[![Scheme of Shufflecake device layout](doc/headers.png)] + Opened volumes appear as block devices of the form `sflc_N_M` in `/dev/mapper`. It is up to the user to format them with an appropriate filesystem and mounting them before use. It is recommended to always unlock the most sensitive volume for daily use ("home alone" scenario), even if that volume is not being used or even mounted. Only open a subset of volumes (with a "decoy password") if under coercion. This is due to the high possibility of corrupting hidden volumes otherwise. For security and consistency reasons, you cannot init/open/close nested volumes within the same device one at a time; the tool only allows to perform these operations on a _chain_ of volumes in a device. @@ -145,6 +151,28 @@ Closes all the volumes currently open on a device, removing them from `/dev/mapp The command only asks for the block device name, i.e., it will close _all_ volumes provided by that device at once, by first forcing a write on disk of any pending changes. However, in order to avoid any risk of data loss, it is always advisable to first `umount` any mounted open volume. + +### Other Commands + +The following commands implement additional useful features. + +#### Changing A Password + +``` +sudo shufflecake changepwd +``` + +A password will be required. If this is the correct password for a volume within that device, then the user will be prompted to enter a new password for that volume. Shufflecake will only modify a single ciphertext field in the header of that volume, without need of re-encrypting the volume itself. + +#### Check If A Password Is Correct + +``` +sudo shufflecake testpwd +``` + +A password will be required. If this is the correct password for volume __M__, then this information will be returned to the user, without actually opening the volume. This can be useful if a user wants to be sure that a password unlocks a certain volume without risk of the OS logging the access to that volume and without the risk of corrupting the content of other, unlocked, hidden volumes. + + ### Advanced Usage Certain features of Shufflecake are not yet implemented, but sometimes a workaround is possible. Consider all the instructions in this sections as experimental, use them at your own risk. diff --git a/dm-sflc/sflc_constants.h b/dm-sflc/sflc_constants.h index 0789e7a..399711b 100644 --- a/dm-sflc/sflc_constants.h +++ b/dm-sflc/sflc_constants.h @@ -30,8 +30,8 @@ #define SFLC_VER_MAJOR 0 #define SFLC_VER_MINOR 4 -#define SFLC_VER_REVISION 1 -#define SFLC_VER_SPECIAL "" +#define SFLC_VER_REVISION 2 +#define SFLC_VER_SPECIAL "rc1" #define STRINGIFY0(s) # s #define STRINGIFY(s) STRINGIFY0(s) diff --git a/doc/headers.png b/doc/headers.png index 4440afd..8e52c20 100644 Binary files a/doc/headers.png and b/doc/headers.png differ diff --git a/doc/headers.svg b/doc/headers.svg index 235fec0..5df79a1 100644 --- a/doc/headers.svg +++ b/doc/headers.svg @@ -28,8 +28,8 @@ inkscape:document-units="mm" showgrid="false" inkscape:zoom="1.3719136" - inkscape:cx="356.07199" - inkscape:cy="309.05736" + inkscape:cx="500.39594" + inkscape:cy="231.06411" inkscape:window-width="1920" inkscape:window-height="979" inkscape:window-x="0" @@ -38,6 +38,16 @@ inkscape:current-layer="layer1" /> + + @@ -262,33 +272,40 @@ id="rect5442" width="9.1584034" height="2.6533794" - x="57.834915" - y="96.752327" /> + x="60.252365" + y="84.670128" /> + x="106.3613" + y="90.178604" /> + DMB + x="96.896637" + y="56.663788">DMB Header + x="75.936829" + y="56.89447">Header Device / Cake + x="76.067703" + y="45.590813">Device / Cake + x="95.331909" + y="43.00024" /> Header + x="96.257652" + y="45.311543">Header + x="106.79696" + y="43.00024" /> Encrypted Slices + IVs + x="120.8512" + y="45.311543">Encrypted Slices + IVs + x="111.59203" + y="54.352486" /> VMB + x="112.34634" + y="56.663788">VMB 1 + x="118.1378" + y="56.927811">1 + x="119.75126" + y="54.352486" /> EncryptedEncryptedPosMap 1 + x="125.50976" + y="56.927811">1 . . . + x="142.99081" + y="56.666679">. . . + x="126.89843" + y="54.352486" /> VMB + x="127.65276" + y="56.663788">VMB 2 + x="133.44423" + y="56.927811">2 + x="135.05768" + y="54.352486" /> EncryptedEncryptedPosMap 2 + x="140.81618" + y="56.927811">2 + x="147.4637" + y="54.352486" /> VMB + x="147.79478" + y="56.663788">VMB 15 + x="153.58623" + y="56.927811">15 + x="155.62294" + y="54.352486" /> EncryptedEncryptedPosMap 15 + x="160.90143" + y="56.927811">15 DMB + x="29.745928" + y="69.352219">DMB + x="55.791725" + y="66.839821" /> IV + x="56.656868" + y="69.151115">IV 1 + x="59.015289" + y="69.415131">1 . . . + x="68.59182" + y="69.037674">. . . + x="60.753952" + y="66.839821" /> ctxt + x="61.619095" + y="69.151115">ctxt 1 + x="66.513161" + y="69.415131">1 + x="72.362732" + y="66.839821" /> IV + x="72.766991" + y="69.151115">IV 15 + x="75.125397" + y="69.415131">15 + x="77.324966" + y="66.839821" /> ctxt + x="77.616356" + y="69.151115">ctxt 15 - - HMAC - 1 - - HMAC - 15 + x="82.510414" + y="69.415131">15 Password + x="32.268608" + y="87.890495">Password Argon2 + x="37.165604" + y="77.830643">Argon2 KEK + x="50.433163" + y="77.834076">KEK AES-GCM + x="60.114517" + y="77.830643">AES-GCM VMBkey + x="61.3498" + y="86.326752">VMBkey 2 + x="67.830742" + y="86.697533">2 VMB - + x="98.389771" + y="80.960571">VMB + x="106.69687" + y="78.350655" /> IV + x="107.10113" + y="80.661957">IV VMB + x="109.60075" + y="79.314568">VMB + x="111.6591" + y="78.350655" /> ctxt + x="121.06014" + y="80.661957">ctxt AES-CTR + x="119.14496" + y="86.1856">AES-CTR - 2 + x="53.774185" + y="78.100777">2 2 + x="48.133003" + y="88.452538">2 VEK + x="107.40108" + y="92.950294">VEK VMBkey + x="113.53406" + y="92.950294">VMBkey 1 + x="120.27604" + y="93.41362">1 NumSlices + x="123.37743" + y="92.950294">NumSlices Metadata + x="133.80531" + y="92.950294">Metadata | + x="111.88241" + y="93.040558">| | + x="112.26961" + y="93.040558">| | + x="121.6461" + y="93.040558">| | + x="122.03333" + y="93.040558">| | + x="132.24149" + y="93.040558">| | + x="132.62868" + y="93.040558">| AES-CTR + x="167.9277" + y="50.840267">AES-CTR Data I/O + x="169.36992" + y="57.440353">Data I/O + width="170.6443" + height="71.961319" + x="23.69591" + y="28.181168" /> 2 + x="104.21696" + y="81.268738">2 2 + x="109.59264" + y="81.023582">2 2 + x="125.83566" + y="81.023582">2 2 + x="110.81011" + y="93.41362">2 2 - 2 + x="141.30383" + y="93.41362">2 VMB + x="125.84725" + y="79.314568">VMB + x="139.89609" + y="66.839821" /> IV + x="140.30035" + y="69.151123">IV POS + x="142.79997" + y="67.803741">POS + x="144.85834" + y="66.839821" /> ctxt + x="150.73778" + y="69.151123">ctxt 2 + x="142.79185" + y="69.512749">2 2 + x="155.51334" + y="69.512749">2 POS + x="155.52492" + y="67.803741">POS AES-CTR + x="153.06346" + y="75.678764">AES-CTR + x="143.86957" + y="79.817894" /> - PSI + x="144.79286" + y="82.347374">PSI 1 + x="147.63687" + y="82.810692">1 PSI + x="151.11177" + y="82.347374">PSI 2 + x="153.96996" + y="82.810692">2 | + x="161.29852" + y="82.575485">| | + x="161.68571" + y="82.575485">| PSI + x="163.34464" + y="82.347374">PSI NumSlices - 2 + x="166.20279" + y="82.810692">NumSlices . . . + x="157.9792" + y="82.347374">. . . | + x="155.84448" + y="82.575485">| | + x="156.23169" + y="82.575485">| | + x="149.17064" + y="82.575485">| | + x="149.55785" + y="82.575485">| EncryptedEncryptedPosition Map 2 + x="178.92204" + y="71.868858">2 + x="55.791725" + y="66.839821" /> IV + x="56.656868" + y="69.151115">IV 2 + x="59.015289" + y="69.415131">2 + x="60.753952" + y="66.839821" /> ctxt + x="61.619095" + y="69.151115">ctxt 2 - - HMAC - 2 + x="66.513161" + y="69.415131">2 + x="37.331406" + y="66.839821" /> salt + x="38.011395" + y="69.151115">salt + x="43.406204" + y="66.839821" /> IV + x="44.271347" + y="69.151115">IV 1 + x="46.629761" + y="69.415131">1 + x="48.368423" + y="66.839821" /> ctxt + x="49.233566" + y="69.151115">ctxt 1 - - HMAC - 1 + x="54.127636" + y="69.415131">1 + x="37.331406" + y="66.839821" /> salt + x="38.011395" + y="69.151115">salt + x="43.406204" + y="66.839821" /> IV + x="44.271347" + y="69.151115">IV 1 + x="46.629761" + y="69.415131">1 + x="48.368423" + y="66.839821" /> ctxt + x="49.233566" + y="69.151115">ctxt 1 - - HMAC - 1 + x="54.127636" + y="69.415131">1 - Shufflecake v0.4.x + + x="29.946928" + y="37.286942">Shufflecake v0.4.x + Structure of disk and headers + x="30.017523" + y="40.736736">Structure of disk and headers Example where a password for volume 2 unlocks volume 2Example where a password for volume 2and recursively also volume 1 (dotted arrow). + x="30.035055" + y="46.911835" + id="tspan1616">unlocks volume 2 and recursively alsovolume 1 (dotted arrow). + +