1 /* 2 * AFsplitter - Anti forensic information splitter 3 * Copyright 2004, Clemens Fruhwirth <clemens@endorphin.org> 4 * Copyright (C) 2009 Red Hat, Inc. All rights reserved. 5 * 6 * AFsplitter diffuses information over a large stripe of data, 7 * therefor supporting secure data destruction. 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * version 2 as published by the Free Software Foundation. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU Library General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 21 */ 22 23 #include <stddef.h> 24 #include <stdlib.h> 25 #include <string.h> 26 #include <netinet/in.h> 27 #include <errno.h> 28 #include <openssl/evp.h> 29 #include "random.h" 30 31 static void XORblock(char const *src1, char const *src2, char *dst, size_t n) 32 { 33 size_t j; 34 35 for(j = 0; j < n; ++j) 36 dst[j] = src1[j] ^ src2[j]; 37 } 38 39 static int hash_buf(char *src, char *dst, uint32_t iv, int len, const EVP_MD *hash_id) 40 { 41 EVP_MD_CTX mdctx; 42 unsigned char *digest; 43 44 iv = htonl(iv); 45 46 EVP_DigestInit(&mdctx, hash_id); 47 EVP_DigestUpdate(&mdctx, (unsigned char *)&iv, sizeof(iv)); 48 EVP_DigestUpdate(&mdctx, src, len); 49 EVP_DigestFinal(&mdctx, dst, NULL); 50 51 return 0; 52 } 53 54 /* diffuse: Information spreading over the whole dataset with 55 * the help of hash function. 56 */ 57 58 static int diffuse(char *src, char *dst, size_t size, const EVP_MD *hash_id) 59 { 60 unsigned int digest_size = EVP_MD_size(hash_id); 61 unsigned int i, blocks, padding; 62 63 blocks = size / digest_size; 64 padding = size % digest_size; 65 66 for (i = 0; i < blocks; i++) 67 if(hash_buf(src + digest_size * i, 68 dst + digest_size * i, 69 i, digest_size, hash_id)) 70 return 1; 71 72 if(padding) 73 if(hash_buf(src + digest_size * i, 74 dst + digest_size * i, 75 i, padding, hash_id)) 76 return 1; 77 78 return 0; 79 } 80 81 /* 82 * Information splitting. The amount of data is multiplied by 83 * blocknumbers. The same blocksize and blocknumbers values 84 * must be supplied to AF_merge to recover information. 85 */ 86 87 int AF_split(char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash) 88 { 89 unsigned int i; 90 char *bufblock; 91 int r = -EINVAL; 92 const EVP_MD *hash_id; 93 94 OpenSSL_add_all_digests(); 95 if (!(hash_id = EVP_get_digestbyname(hash))) 96 return -EINVAL; 97 98 if((bufblock = calloc(blocksize, 1)) == NULL) return -ENOMEM; 99 100 /* process everything except the last block */ 101 for(i=0; i<blocknumbers-1; i++) { 102 r = getRandom(dst+(blocksize*i),blocksize); 103 if(r < 0) goto out; 104 105 XORblock(dst+(blocksize*i),bufblock,bufblock,blocksize); 106 if(diffuse(bufblock, bufblock, blocksize, hash_id)) 107 goto out; 108 } 109 /* the last block is computed */ 110 XORblock(src,bufblock,dst+(i*blocksize),blocksize); 111 r = 0; 112 out: 113 free(bufblock); 114 return r; 115 } 116 117 int AF_merge(char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash) 118 { 119 unsigned int i; 120 char *bufblock; 121 int r = -EINVAL; 122 const EVP_MD *hash_id; 123 124 OpenSSL_add_all_digests(); 125 if (!(hash_id = EVP_get_digestbyname(hash))) 126 return -EINVAL; 127 128 if((bufblock = calloc(blocksize, 1)) == NULL) return -ENOMEM; 129 130 memset(bufblock,0,blocksize); 131 for(i=0; i<blocknumbers-1; i++) { 132 XORblock(src+(blocksize*i),bufblock,bufblock,blocksize); 133 if(diffuse(bufblock, bufblock, blocksize, hash_id)) 134 goto out; 135 } 136 XORblock(src + blocksize * i, bufblock, dst, blocksize); 137 r = 0; 138 out: 139 free(bufblock); 140 return 0; 141 } 142