From comment in #18:

It might be worth highlighting this library's existence more in the README:

"For a rich set of API functions which can be used to integrate tc-play functionality into your codebase, please see 'man tcplay 3'. Here is an example of a simple C program to build an encrypted volume using this library. ..."

Using tcplay to create a container with a hidden volume is perfectly fine
mounting either volume with tcplay. However, TrueCrypt can only mount the
hidden volume. Attempting to mount the outer volume, with or without hidden
volume protection, results in a mount wrong fs type, etc... error.

Here's my process for making a container:

  dd if=/dev/zero of=foo.tc bs=1 count=0 seek=20M
  losetup /dev/loop0 foo.tc
  tcplay -c -d /dev/loop0 -g -a whirlpool -b AES-256-XTS
  <hidden volume, say 5M>
  tcplay -m foo.tc -d /dev/loop0 <hidden password>
  mkfs.ext4 /dev/mapper/foo.tc
  dmsetup remove foo.tc
  tcplay -m foo.tc -d /dev/loop0 -e <both passwords>
  mkfs.ext4 /dev/mapper/foo.tc
  dmsetup remove foo.tc

I have also tried making the filesystem on the outer volume first with hidden protection. Neither works.

As per comment on Gentoo bug 432914 (https://bugs.gentoo.org/show_bug.cgi?id=432914), it doesn't compile for me with -Werror in the CFLAGS

make -j 6 -l 4.0 SYSTEM=linux PBKDF_BACKEND=gcrypt program lib
x86_64-pc-linux-gnu-gcc -O2 -march=native -mtune=native -pipe -fomit-frame-pointer -Wsystem-headers -Werror -Wall -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wold-style-definition -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter -Wchar-subscripts -Winline -Wnested-externs -D_GNU_SOURCE -o tcplay main.c tcplay.c crc32.c safe_mem.c io.c hdr.c humanize.c crypto.c generic_xts.c crypto-gcrypt.c pbkdf2-gcrypt.c -lgcrypt -ldevmapper -luuid -Wl,-O1 -Wl,--as-needed
cc1: warnings being treated as errors
io.c: In function ‘read_passphrase’:
io.c:388:3: error: signed and unsigned type in conditional expression
io.c:388:3: error: signed and unsigned type in conditional expression
make: *** [program] Error 1

I can't see immediately why this error occurs - I think the macro is getting in the way. Eliminating -Werror enables it to build (not surprisingly).

Would be great if I don't have to hit enter (empty password) when mounting volumes. Maybe extra parameter or tcplay should mount with empty password first (like truecrypt does).

just downloaded the code from git and the displayed options are below:

Valid commands are:
-c, --create
Creates a new TC volume on the device specified by -d or --device.
-h, --help
Print help message and exit.
-i, --info
Gives information about the TC volume specified by -d or --device.
-m , --map=
Creates a dm-crypt mapping with the given name for the device
specified by -d or --device.
-v, --version
Print version message and exit.

There is an option "-m" to create a dm-crypt mapper but there is no option to remove it.

creating and restoring a truecrypt header to and from a header file with tcplay look like this:

[root@mtz ink]# tcplay --modify -d /dev/tcrypt/normal  --save-hdr-backup=tcrypt-normal.bk
Passphrase: 
New passphrase: 
Repeat passphrase: 
Writing new volume headers to disk/file...
All done!

With above,when creating the header,tcplay asks for a password that can unlock the volume and then asks for a password to be used to"unlock" the header file.

[root@mtz ink]# tcplay --modify -d /dev/tcrypt/normal  --use-hdr-file=tcrypt-normal.bk
Passphrase: 
New passphrase: 
Repeat passphrase: 
Writing new volume headers to disk/file...
All done!
[root@mtz ink]#

With above,when restoring a header file,it asks for a password to "unlock" the header file and then asks for a password to be used to unlock the volume

in zuluCrypt,i have implemented it as following:

[ink@mtz ~]$ zuluCrypt-cli -B -d /dev/tcrypt/normal -z ~/tcrypt.normal 
Enter passphrase: 
SUCCESS: header saved successfully

With the above,when i take a header backup,i only ask for a password to unlock the volume and i do not ask for a password to unlock the header file.

[ink@mtz ~]$ zuluCrypt-cli -kR -d /dev/tcrypt/normal -z ~/tcrypt.normal 
Enter new passphrase: 
Re enter new passphrase: 
SUCCESS: header restored successfully
[ink@mtz ~]$ 

With the above,when i restore from a header file backup,i only asks for a new password to be used to unlock the volume and i do not ask for a password to unlock the header.

Is how i am going about doing this correct?
tcplay binary seem to require one thing while the library allows another and i am wondering if i am doing something wrong.

truecrypt seem to create a 128 kilobytes header back up file while tcplay creates a 512 byte header backup file.

when restoring a header from a tcplay created back up using truecrypt,truecrypt complains that the size of the header backup is wrong.

tested with truecrypt 7.1a on linux

use the library in linux.

The library is not build with "$(LIBS)" variable and hence its not possible to "just use it" because it will complain of missing symbols

The library is build simply as libtcpplay.so.It will be better if the library name had version information associated with it that say something about the library API version.A pkgconfig file would also be nice,a proper build system wouldnt hurt.Basically,what i am saying is that your project will get wider adoption if it is in a state where it can easily be integrated in other projects.

The test build has a device path coded in and fails to run and the makefile seem to say the test is expected to be run on dragonfly bsd only

Nice work!

A progress report on creating TC volumes would be awesome.

Background story:
I tried to create a volume today, and saw one of my CPU cores was max'd out, but the hard drive was mostly idle.
So I thought "that doesn't look right, this could take forever"
I even tried AES where my PC gets 2.5GB/s with hardware acceleration: same behavior.
Now I'm creating the volume over samba from a windows VM. And I see the same behavior. Windows TC says its only running at 13MB/s and there is lots of CPU load.
So windows Truecrypt is no quicker, but at least it gives
% complete, Speed and ETA.
Which is great to know cos I'm only making a 20GB volume.
I think its an important feature to know how much time one is in for :)

Add an option to encrypt an unencrypted partition (and decrypt an encrypted partition) in place.

Most of the stuff to do this should already be present, short of the iv generation (which is trivial anyway).

Brownie points for adding an optional AES backend using the AESNI instructions.

:/usr/src/tcplay/tc-play-1.1# ./tcplay --create --device=/dev/sda --cipher=TWOFISH-256-XTS --pbkdf-prf=whirlpool
Passphrase:
Repeat passphrase:
freeing safe_mem (hdr): 0x1483090 (tcplay.c:559)
Summary of actions:
 - Completely erase *EVERYTHING* on /dev/sda
 - Create volume on /dev/sda

 Are you sure you want to proceed? (y/n) y
Securely erasing the volume...
This process may take some time depending on the size of the volume
Creating volume headers...
Depending on your system, this process may take a few minutes as it uses true random data which might take a while to refill
tc_encrypt: starting chain
tc_encrypt: Currently using cipher TWOFISH-256-XTS
freeing safe_mem (hdr): 0x1486218 (crypto-gcrypt.c:161)
freeing safe_mem (hdr): 0x14861a8 (crypto.c:64)
tc_encrypt: starting chain
tc_encrypt: Currently using cipher TWOFISH-256-XTS
freeing safe_mem (hdr): 0x1486218 (crypto-gcrypt.c:161)
freeing safe_mem (hdr): 0x14861a8 (crypto.c:64)
freeing safe_mem (hdr): 0x14836e0 (hdr.c:162)
freeing safe_mem (hdr): 0x14837d0 (hdr.c:167)
freeing safe_mem (hdr): 0x1483090 (hdr.c:146)
Writing volume headers to disk...
offset: 0, internal offset: 0
offset: 2013134848, internal offset: 0
All done!
[...]

:/usr/src/tcplay/tc-play-1.1# ./tcplay -m tc -d /dev/sda
Passphrase:
[...]
Trying PRF algo whirlpool (1000)
Salt: 56f2d1dc307083d97589e01ef2252603455cb8310a16d03f69f48b9b35fa4b8faf652374a0d8e455c157948d9572589c56761616513fc190763b5b2bb56e5529

Trying cipher chain 0
tc_decrypt: starting chain!
tc_decrypt: Currently using cipher AES-256-XTS
freeing safe_mem (hdr): 0x10042e8 (crypto-gcrypt.c:161)
freeing safe_mem (hdr): 0x1004278 (crypto.c:64)
Signature mismatch
freeing safe_mem (hdr): 0x1004088 (hdr.c:60)
freeing safe_mem (hdr): 0x1003ec8 (tcplay.c:206)

Trying cipher chain 1
tc_decrypt: starting chain!
tc_decrypt: Currently using cipher TWOFISH-256-XTS
freeing safe_mem (hdr): 0x10042e8 (crypto-gcrypt.c:161)
freeing safe_mem (hdr): 0x1004278 (crypto.c:64)
tc_str: TRUE, tc_ver: 5, tc_min_ver: 7, crc_keys: -316304065, sz_vol: 2013003776, off_mk_scope: 131072, sz_mk_scope: 2013003776, flags: 0, sec_sz: 512 crc_dhdr: -1480720900
freeing safe_mem (hdr): 0x10014d8 (tcplay.c:436)
freeing safe_mem (hdr): 0x10014d8 (crypto.c:64)
freeing safe_mem (hdr): 0x1000f48 (tcplay.c:863)
freeing safe_mem (hdr): 0x1001078 (io.c:62)
freeing safe_mem (hdr): 0x10012a8 (io.c:62)
Params: twofish-xts-plain64 e61bd005de7ebaf4a02bc28212ea12ca220abbd01d3d1e6b40af85b89623337b1a102840527f6c832a29e5e56fd8929e2e8cdfbd6bb6e0fc1f0f637fec639c01 256 /dev/sda 256
freeing safe_mem (hdr): 0x1000f48 (tcplay.c:1654)
All ok!
[...]

:/usr/src/tcplay/tc-play-1.1# fdisk -l /dev/sda

Disk /dev/sda: 32.1 GB, 32078036992 bytes
64 heads, 32 sectors/track, 30592 cylinders, total 62652416 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x3b5dc43b

Disk /dev/sda doesn't contain a valid partition table


:/usr/src/tcplay/tc-play-1.1# fdisk -l /dev/mapper/tc

Disk /dev/mapper/tc: 2013 MB, 2013003776 bytes
255 heads, 63 sectors/track, 244 cylinders, total 3931648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x787785e3

Disk /dev/mapper/tc doesn't contain a valid partition table

This is probably a wraparound size_t (uint32 on arm?) problem.

find . -iname '*.[ch]' | xargs sed -i -e 's/ssize_t/int64_t/g' -e 's/size_t/uint64_t/g'

Solved my 'create' problems (utilized the full /dev/sda space) and truecrypt can read the created volume. But the current ''size_t' tcplay builds on ARM seem to read/map an already-created volume fine.

test, i tried to create a volume with a 110 byte key and tcplay segfaulted.

The discussion on how to handle larger keys in truecrypt volumes in cryptsetup is discussed here: http://thread.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/6504

valgrind reports the following here:

==7106== Invalid write of size 1
==7106== at 0x48082A3: strcpy (mc_replace_strmem.c:438)
==7106== by 0x48BFD62: create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x48BE75F: tc_api_create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x482EF53: ??? (in /usr/lib/libzuluCrypt.so.1.1.0)
==7106== Address 0x4e52148 is 0 bytes after a block of size 104 alloc'd
==7106== at 0x4807B09: malloc (vg_replace_malloc.c:270)
==7106== by 0x48C1774: _alloc_safe_mem (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x48BFD34: create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x48BE75F: tc_api_create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x482EF53: ??? (in /usr/lib/libzuluCrypt.so.1.1.0)
==7106==
==7106== Invalid write of size 1
==7106== at 0x4808296: strcpy (mc_replace_strmem.c:438)
==7106== by 0x48BFD62: create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x48BE75F: tc_api_create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x482EF53: ??? (in /usr/lib/libzuluCrypt.so.1.1.0)
==7106== Address 0x4e52149 is 1 bytes after a block of size 104 alloc'd
==7106== at 0x4807B09: malloc (vg_replace_malloc.c:270)
==7106== by 0x48C1774: _alloc_safe_mem (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x48BFD34: create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x48BE75F: tc_api_create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x482EF53: ??? (in /usr/lib/libzuluCrypt.so.1.1.0)
==7106==
==7106== Invalid write of size 1
==7106== at 0x48082A7: strcpy (mc_replace_strmem.c:438)
==7106== by 0x48BFD62: create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x48BE75F: tc_api_create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x482EF53: ??? (in /usr/lib/libzuluCrypt.so.1.1.0)
==7106== Address 0x4e5216e is not stack'd, malloc'd or (recently) free'd
==7106==
==7106== Invalid read of size 1
==7106== at 0x48C0310: create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x48BE75F: tc_api_create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x482EF53: ??? (in /usr/lib/libzuluCrypt.so.1.1.0)
==7106== Address 0x4e52148 is 0 bytes after a block of size 104 alloc'd
==7106== at 0x4807B09: malloc (vg_replace_malloc.c:270)
==7106== by 0x48C1774: _alloc_safe_mem (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x48BFD34: create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x48BE75F: tc_api_create_volume (in /usr/lib/libtcplay.so.0.1.1)
==7106== by 0x482EF53: ??? (in /usr/lib/libzuluCrypt.so.1.1.0)
==7106

I have a Truecrypt volume, created with standard options 10Mb, which I can successfully mount with truecrypt or realcrypt. However, although tcplay seems to work to decrypt it, I cannot mount the mapped drive:

Steps:

1. configure loop device: sudo losetup --find --show ~/something.tc
2. map / decrypt device: sudo tcplay --map="something" --device=$devname
3. attempt to mount: `sudo mount /dev/mapper/something ~/something

This last generates the error:

mount: wrong fs type, bad option, bad superblock on /dev/mapper/accounts,
       missing codepage or helper program, or other error
       In some cases useful info is found in syslog - try
       dmesg | tail or so

I assume this is a problem with the filesystem I actually have on the volume, which I assume is just standard NTFS but am unsure how to determine this for certain. file -s just shows data and the mount-point that results from realcrypt mounting it is just a fuseblk.

Any ideas why this might be so, and whether it might be a problem with tcplay?

attempting to mount a volume created by tcplay on a 4k/sector hard disk, using the original truecrypt software, does not work (and vice versa).

analysis

tcplay appears to calculate the volume start offset incorrectly on 4k hard disks.

steps to reproduce

blank the disk, so we can see what's happening

dd if=/dev/zero of=/dev/sda bs=4096 count=`expr 1024 \* 1024`

create volume using insecure erase. (weak crypto optional; saves time).

tcplay -c -d /dev/sda -z -w

inspect the volume header, and observe that Sector Size=4096, IV Offset=32, Block Offset=32.

tcplay -i -d /dev/sda

inspect the raw disk sectors, observe that encrypted headers are written at 0x0

hd /dev/sda | less

map volume and write some test data

tcplay -m test -d /dev/sda
echo "HELLO WORLD" > /dev/mapper/test
tcplay -u test

inspect the raw disk sectors again. observe that encrypted headers are written at byte offset 0x0, and the encrypted "HELLO WORLD" text written at byte offset 0x4000 (32 * 512).

hd /dev/sda | less

expected result

the encrypted "HELLO WORLD" text should be written at byte offset 0x20000 (32 * 4096).

bonus points

make -i more meaningful. consider printing "sectors" after the IV Offset and Block Offset values.

Support trim command by passing "allow_discards" to dm-crypt on linux. DragonFly version has no such concept, so will have to be handled by an ifdef.

Hello,

My first ever attempt to use tcplay has failed. What I did:

1. Inserted a flashdrive (it got mounted as /dev/sdb1). Opened the terminal.
2. In the terminal I entered:
   ~$ tcplay -i -d /dev/sdb1
   It gave me:
   Error opening /dev/sdb1
   could not get disk information
   I also tried:
   ~$ tcplay -i -d /dev/sdb
   Result:
   Error opening /dev/sdb
   could not get disk information
   And even:
   ~$ tcplay -i -d /dev/sda5 (an empty partition on my HDD)
   Result:
   Error opening /dev/sda5
   could not get disk information

So it can't work with any of them (I've tried with them mounted and unmounted, tried with and without sudo - same results).

Quite discouraging for the first use.
My system is Xubuntu 14.04.

Thanks in advance
Max

Are you aware of any current or planned OS X support? I am considering looking into porting the code but would like to know if anyone is already doing it.

mparusinski

example program that segfaults is below:

#include <tcplay_api.h>

int main( void )
{
    tc_api_task task ;
    if( tc_api_init( 0 ) == TC_OK ){
                task = tc_api_task_init( "create" ) ;
                if( task != 0 ){
            tc_api_task_set( task,NULL,"blabla" ) ;
            tc_api_task_uninit( task ) ;
                }
                tc_api_uninit() ;
    }

    return 0 ;
}

Seen on 0.10 tag and HEAD

make -j2 PBKDF_BACKEND=gcrypt program
x86_64-pc-linux-gnu-gcc -march=core2 -mcx16 -msahf --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=4096 -mtune=core2 -mfpmath=sse -O2 -pipe -Wsystem-headers -Werror -Wall -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wold-style-definition -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter -Wchar-subscripts -Winline -Wnested-externs -D_GNU_SOURCE -o tcplay main.c tcplay.c crc32.c safe_mem.c io.c hdr.c humanize.c crypto.c generic_xts.c crypto-gcrypt.c pbkdf2-gcrypt.c -lgcrypt -ldevmapper -luuid -Wl,--hash-style=gnu -Wl,-O1 -Wl,--as-needed
make -j2 PBKDF_BACKEND=gcrypt lib
x86_64-pc-linux-gnu-gcc -march=core2 -mcx16 -msahf --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=4096 -mtune=core2 -mfpmath=sse -O2 -pipe -Wsystem-headers -Werror -Wall -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wold-style-definition -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter -Wchar-subscripts -Winline -Wnested-externs -D_GNU_SOURCE -c -fPIC tcplay_api.c tcplay.c crc32.c safe_mem.c io.c hdr.c humanize.c crypto.c generic_xts.c crypto-gcrypt.c pbkdf2-gcrypt.c -Wl,--hash-style=gnu -Wl,-O1 -Wl,--as-needed
tcplay_api.c: In function ‘tc_api_create_volume’:
tcplay_api.c:117:6: error: too few arguments to function ‘create_volume’
tcplay.h:193:5: note: declared here
make: *** [lib] Error 1

Just though i should make you aware of this if you dont know.

Two mappers are created instead of expected one when "bash special characters" are used in the mapper name as shown below.

-m argument has 'xx yy' thats xxyy

check for created mappers and two will show up instead on one.You can check this locally if you have a linux system.

Possible things you can do to mitigate this:

1. Nothing and let the user deal with multiple mappers
2. Substitute bash special characters with an underscore character or something similar.
3. Return an error.

[root@mtz ink]# tcplay -m 'xx yy' -d /dev/loop0
Passphrase:
All ok!

ls -l /dev/mapper/* | grep xx
lrwxrwxrwx 1 root root 7 Feb 19 01:16 /dev/mapper/xx -> ../dm-1
brw-rw---- 1 root disk 253, 1 Feb 19 01:16 /dev/mapper/xx yy
[root@mtz ink]#

Sorry, I don't know how to contact you, so I use the bugreport.

I can only use tcplay (to recognise and map volumes under /dev) as root. With truecrypt I had to add users to a "truecrypt" group, but for tc-play, what should I do ?

Hi,

With all the news about the official TrueCrypt implementation's debacle, it seems like the author of tcplay should have some relevant insight. I would like to hear your thoughts if you are willing, about the official implementation, and about tcplay and the TrueCrypt format in general.

Thanks.

I tested the new API and this is the output:

[root@mtz zc]# tcplay -j tcrypt
Cipher: TWOFISH-256-XTS,AES-256-XTS
Key Length: 1024 bits
Sector size: 512
Volume size: 40704 sectors
IV offset: 61184
Block offset: 61184

Nice to have: A field that gives a path of the device that contains the encrypted volume.Sooner or later,somebody may have a bunch of opened mappers and may want to know what mapping name is associated with what device.Granted,they can put that information in the mapper name so it is not a major issue but a nice to have one.

Another thing i noticed is with the output
[root@mtz zc]# dmsetup info /dev/mapper/tcrypt
Name: tcrypt
State: ACTIVE
Read Ahead: 256
Tables present: LIVE
Open count: 0
Event number: 0
Major, minor: 253, 4
Number of targets: 1
UUID: b48ffaf7-80aa-49a7-a5b0-88df1325afb5

If possible,it will be nice to prepend your project name infront of the UUID string to make it apparent what mapper is opened by tcplay and what mapper is opened by another program.Again,not critical but nice to have.

api_opts structire with the above settings segfaults

memset( &api_opts,'\0',sizeof( api_opts ) ) ;

api_opts.tc_device = "/dev/bla bla"v;
api_opts.tc_passphrase = "xxx" ;
api_opts.tc_cipher = "AES-256-XTS";
api_opts.tc_cipher_hidden = NULL;
api_opts.tc_prf_hash = "whirlpool";
api_opts.tc_prf_hash_hidden = NULL;

I do not want to create a hidden volume and thats why fields that deal with it are NULL.

valgrind reports:

==10199== Invalid read of size 1
==10199== at 0x4808256: __GI_strlen (mc_replace_strmem.c:400)
==10199== by 0x4973164: strdup (in /lib/i686/libc-2.13.so)
==10199== by 0x4861157: check_cipher_chain (in /usr/lib/libtcplay.so.0.1.1)
==10199== by 0x4BE1AB7: ???
==10199== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==10199==

I'm packaging tcplay for Fedora Linux, and it would help simplify the packaging if you could commit the man page (from Dragonfly) into this repository.

Thanks!
Eric

System OS is Debian Testing/Jessie 64-bit.
tcplay v1.1 from Debian repository.
Disk is 500 GB connected via USB with one partition.
tcplay -c on the partition creates an approximately 1.8 GB volume.
If any other information would be helpful, please ask.
Thanks!

[233238.673671] usb 5-4: New USB device found, idVendor=152d, idProduct=2338
[233238.673680] usb 5-4: New USB device strings: Mfr=1, Product=2, SerialNumber=5
[233238.673686] usb 5-4: Product: USB to ATA/ATAPI Bridge
[233238.673691] usb 5-4: Manufacturer: JMicron
[233238.675506] usb-storage 5-4:1.0: USB Mass Storage device detected
[233238.675971] scsi5 : usb-storage 5-4:1.0
[233239.677001] scsi 5:0:0:0: Direct-Access WDC WD50 00AAKS-00YGA0 1C02 PQ: 0 ANSI: 2 CCS
[233239.679531] sd 5:0:0:0: Attached scsi generic sg1 type 0
[233239.680967] sd 5:0:0:0: [sdb] 976773168 512-byte logical blocks: (500 GB/465 GiB)
[233239.681890] sd 5:0:0:0: [sdb] Write Protect is off
[233239.681900] sd 5:0:0:0: [sdb] Mode Sense: 00 38 00 00
[233239.697456] sdb: sdb1

root@dmz1:~# fdisk /dev/sdb

Command (m for help): p

Disk /dev/sdb: 500.1 GB, 500107862016 bytes
81 heads, 63 sectors/track, 191411 cylinders, total 976773168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000098ec

Device Boot Start End Blocks Id System
/dev/sdb1 2048 976773167 488385560 83 Linux

Command (m for help): q

root@dmz1:~# tcplay -c -d /dev/sdb1 -z
Passphrase:
Repeat passphrase:
Summary of actions:

• Completely erase EVERYTHING on /dev/sdb1

• Create volume on /dev/sdb1

  Are you sure you want to proceed? (y/n) y
  Creating volume headers...
  Depending on your system, this process may take a few minutes as it uses true random data which might take a while to refill
  Writing volume headers to disk...
  All done!
  root@dmz1:~# tcplay -i -d /dev/sdb1
  Passphrase:
  Device: /dev/sdb1
  PBKDF2 PRF: RIPEMD160
  PBKDF2 iterations: 2000
  Cipher: AES-256-XTS
  Key Length: 512 bits
  CRC Key Data: 0x577473ab
  Sector size: 512
  Volume size: 3692080 sectors
  IV offset: 256
  Block offset: 256

Most libraries these days do not expose their internal data structures and asks a user to "hold" them though opaque pointers. I hope you know what i am talking about here.

Anyway,i am trying to have a runtime dependency on your library and load it using dlopen() at runtime and i can not safely do so because the library currently does not give the "tc_api_opts" structure.

Its not safe for me to use the library at present because the version of the structure i may ship in my source files will at some point or another differ from the one the library expects.

Having an opaque handle would have solved the problem i have.It would also allow you to modify the structure without the modification showing up in your public API necessitating recompilation of projects that depend on your library.

I am trying to use your library to create truecrypt volumes in my project hosted at: http://code.google.com/p/zulucrypt/

I attempt to build latest version in MINT 64Bit v16.
I obtain below error in cmake output.

Please set CMAKE_CXX_COMPILER to a valid compiler path or name.

Following was cure:
sudo apt-get update && sudo apt-get install build-essential

Maybe in the readme on homepage can say:
"On Ubuntu, the following dev packages are needed to build tcplay:
apt-get install libdevmapper-dev libgcrypt11-dev uuid-dev build-essential

just downloaded the git version and browse through it and i saw errors in your use of strncpy().

For example,in new_info() function in tcplay.c, the variable "info->dev" will not be NULL terminated if strlen(dev) >= sizeof(info->dev)

Same potential problem is in dm_info_map() function and maybe some other places i havent noticed.

It will be nice if you could wrap it around extern "C" to allow C++ users to use it "out of the box"

It will be nice if you used "const char_" when ever appropriate. My build system complained about it and the question that came to mind is "why do you want to modify my device path?". Use of "const char_" adds what they call "self documenting code" and will aleviate the need of your users to cast away of their consts to shut up their build system

The passphrase entry is not accompanied with its size and this means the passphrase must be NULL terminated and the NULL character is not a legal part of the passphrase.This decisions makes it impossible to just get the key of preferred size simply from reading it from "/dev/random" or "/dev/urandom" or using a binary file as a key.From what i know,truecrypt handles differently passphrase and keyfiles and hence its not possible to just send the passphrase as a keyfile to work around the limitation.

The limitation does not make sense when the structure is used through the library.

Hi,

I got the following[1] request to add this package to Gentoo. It would be great if you can help me a bit.

I do not like system components to use cmake, and it is nice to see that you have classic make.

If you want I can help you port to autotools... but if not, the following changes are suggested to Makefile.classic to ease downstream interaction.

1. Please separate the application specific CFLAGS and the optional CFLAGS.

   Optional CFLAGS are WARNFLAGS, DEBUG, so the following should work without breaking application.

   make CFLAGS="-O3"

2. Please add LDFLAGS to be used when linking.

3. Please add install target and support DESTDIR

   The following sequence should work:

   make CFLAGS="-O2 -march=native -fomit-frame-pointer -pipe" LDFLAGS="-Wl,-O1 -Wl,--as-needed" CC=x86_64-pc-linux-gnu-gcc AR=x86_64-pc-linux-gnu-ar
   make install DESTDIR=/tmp/root1 PREFIX=/usr LIBDIR=/usr/lib64

Thank you!

[1] https://bugs.gentoo.org/show_bug.cgi?id=432914

I have a TrueCrypt encrypted Disk using pre-boot encryption (i.e. I have to give my TrueCrypt password in order to boot).

I'd like to mount this disk with tc-play.

I can properly access the information about the encrypted device:

./tcplay -i -d /dev/sda1 -s /dev/sda

Passphrase:
PBKDF2 PRF: RIPEMD160
PBKDF2 iterations: 1000
Cipher: AES-256-XTS
Key Length: 512 bits
CRC Key Data: 0x2ab71cf7
Sector size: 512
Volume size: 500118129 sectors
IV offset: 63
Block offset: 0

However, I have try to map sda1 with the "--map" option, I get:

./tcplay -m myTrueCryptDisk -d /dev/sda1 -s /dev/sda

evice-mapper: resume ioctl on foobar failed: Invalid argument
dm_task_run failed
Could not set up mapping myTrueCryptDisk

dmesg gives:
device-mapper: table: 253:5: sda1 too small for target: start=0, len=500118129, dev_size=500113408

The disk layout is:

fdisk -l /dev/sda

Disk /dev/sda: 256.1 GB, 256060514304 bytes
255 heads, 63 sectors/track, 31130 cylinders, total 500118192 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x2251ff07

Device Boot Start End Blocks Id System
/dev/sda1 * 2048 500115455 250056704 7 HPFS/NTFS/exFAT

This looks somehow like a reminiscent of Issue #6. I am using the latest tc-play version available on github (master).

TIA,
BoardsKiller

I've got a disk with truecrypt system encryption. There are 3 primary partions:

/dev/sda
/dev/sda1
/dev/sda2
/dev/sda3

When I run:

Passphrase: 
PBKDF2 PRF:     RIPEMD160
PBKDF2 iterations:  1000
Cipher:         AES-256-XTS
Key Length:     512 bits
CRC Key Data:       0x77d59da3
Sector size:        512
Volume size:        625142385 sectors
IV offset:      63
Block offset:       63

The Volume size: field is wrong. It seems that this value is taken from entire /dev/sda. Moreover, if I choose /dev/sda2, /dev/sda3 or even whole /dev/sda for "-d" option the value of Volume size: is the same.

The real problem begins when I try to map encrypted partion:

Passphrase: 
device-mapper: resume ioctl failed: Invalid argument
dm_task_run failed
Could not set up mapping truecrypt2

And in syslog I've got:
device-mapper: table: 253:2: sda2 too small for target: start=63, len=625142385, dev_size=209508352

On Ubuntu 13.10, there are two missing cmake hooks necessary to compile tc-play:

username@backup:~/tc-play/objdir$ cmake ..
-- Could NOT find PkgConfig (missing: PKG_CONFIG_EXECUTABLE)
CMake Error at CMakeLists.txt:30 (message):
Could not find the devmapper library

-- Configuring incomplete, errors occurred!

The other one is the UUID library, which you can see cmake fail on if you swap the order of detection between devmapper and uuid:

username@backup:~/tc-play/objdir$ cmake ..
-- Could NOT find PkgConfig (missing: PKG_CONFIG_EXECUTABLE)
CMake Error at CMakeLists.txt:30 (message):
Could not find the uuid library

-- Configuring incomplete, errors occurred!

These both result from cmake not having built-in modules for these libraries.

Would it be possible please to ship a version of FindUUID.cmake and FindDevMapper.cmake with tc-play, or otherwise update the README with extra instructions to build this package properly?

I realize this is more of a cmake issue than a tc-play issue, but it would be useful to have these instructions included with tc-play anyway.

clean unmounting USB, while using tcplay
http://fedoraforum.org/forum/showthread.php?t=272798

User mohancloudworld said :

In the tcplay man pages, the process of mapping and mounting is explained but nothing is mentioned about unmapping and unmounting. And being a beginner in using encrypted partitions, I knew nothing about this.

User solve this problem by :
I finally got my issue solved. I had to remove (unmapping) the map files (/dev/mapper/truecryptX) using cryptsetup, i.e., "cryptsetup remove truecryptX". Previously I was not unmapping but, just removing the map files using "rm" command.

Can you update the tcplay documentation or man page to explain the process of unmapping and unmounting with tcplay ?

It will be nice if the tool will get the ability to create a volume without being asked to confirm or repeat the passphrase .It will make it easier to wrap the tool around scripts and GUI

Hello,

I tried to install the commit b681a71 and I can't compile on a 64bits Kubuntu computer with the lines
mkdir objdir
cd objdir
cmake ..
make

I've the error :

Scanning dependencies of target tcplay-bin
[ 3%] Building C object CMakeFiles/tcplay-bin.dir/main.c.o
[ 6%] Building C object CMakeFiles/tcplay-bin.dir/tcplay.c.o
/home/tob/Logiciels/Securite/tc-play/tcplay.c: In function ‘modify_volume’:
/home/tob/Logiciels/Securite/tc-play/tcplay.c:1165:14: attention : variable ‘dev’ set but not used [-Wunused-but-set-variable]
/home/tob/Logiciels/Securite/tc-play/tcplay.c: In function ‘opts_free’:
/home/tob/Logiciels/Securite/tc-play/tcplay.c:2107:3: attention : passing argument 1 of ‘_free_safe_mem’ discards ‘const’ qualifier from pointer target type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay.c:58:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:279:6: note: expected ‘void _’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay.c:2111:3: attention : passing argument 1 of ‘_free_safe_mem’ discards ‘const’ qualifier from pointer target type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay.c:58:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:279:6: note: expected ‘void *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay.c:2115:3: attention : passing argument 1 of ‘_free_safe_mem’ discards ‘const’ qualifier from pointer target type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay.c:58:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:279:6: note: expected ‘void *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay.c:2119:3: attention : passing argument 1 of ‘_free_safe_mem’ discards ‘const’ qualifier from pointer target type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay.c:58:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:279:6: note: expected ‘void *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay.c:2121:3: attention : passing argument 1 of ‘_free_safe_mem’ discards ‘const’ qualifier from pointer target type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay.c:58:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:279:6: note: expected ‘void *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay.c:2123:3: attention : passing argument 1 of ‘_free_safe_mem’ discards ‘const’ qualifier from pointer target type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay.c:58:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:279:6: note: expected ‘void *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay.c:2125:3: attention : passing argument 1 of ‘_free_safe_mem’ discards ‘const’ qualifier from pointer target type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay.c:58:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:279:6: note: expected ‘void *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay.c:2127:3: attention : passing argument 1 of ‘_free_safe_mem’ discards ‘const’ qualifier from pointer target type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay.c:58:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:279:6: note: expected ‘void *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay.c:2129:3: attention : passing argument 1 of ‘_free_safe_mem’ discards ‘const’ qualifier from pointer target type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay.c:58:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:279:6: note: expected ‘void *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay.c:2131:3: attention : passing argument 1 of ‘_free_safe_mem’ discards ‘const’ qualifier from pointer target type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay.c:58:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:279:6: note: expected ‘void *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay.c:2133:3: attention : passing argument 1 of ‘_free_safe_mem’ discards ‘const’ qualifier from pointer target type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay.c:58:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:279:6: note: expected ‘void *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay.c:2135:3: attention : passing argument 1 of ‘free_safe_mem’ discards ‘const’ qualifier from pointer target type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay.c:58:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:279:6: note: expected ‘void *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay.c: In function ‘modify_volume’:
/home/tob/Logiciels/Securite/tc-play/tcplay.c:1284:7: attention : ‘offset_backup’ may be used uninitialized in this function [-Wmaybe-uninitialized]
[ 9%] Building C object CMakeFiles/tcplay-bin.dir/crc32.c.o
[ 12%] Building C object CMakeFiles/tcplay-bin.dir/safe_mem.c.o
[ 15%] Building C object CMakeFiles/tcplay-bin.dir/io.c.o
[ 18%] Building C object CMakeFiles/tcplay-bin.dir/hdr.c.o
[ 21%] Building C object CMakeFiles/tcplay-bin.dir/humanize.c.o
[ 24%] Building C object CMakeFiles/tcplay-bin.dir/crypto.c.o
[ 27%] Building C object CMakeFiles/tcplay-bin.dir/generic_xts.c.o
[ 30%] Building C object CMakeFiles/tcplay-bin.dir/crypto-gcrypt.c.o
[ 33%] Building C object CMakeFiles/tcplay-bin.dir/pbkdf2-gcrypt.c.o
Linking C executable tcplay
[ 33%] Built target tcplay-bin
Scanning dependencies of target tcplay-so
[ 36%] Building C object CMakeFiles/tcplay-so.dir/tcplay_api.c.o
/home/tob/Logiciels/Securite/tc-play/tcplay_api.c: In function ‘tc_api_create_volume’:
/home/tob/Logiciels/Securite/tc-play/tcplay_api.c:143:6: attention : passing argument 1 of ‘create_volume’ from incompatible pointer type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay_api.c:36:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:295:5: note: expected ‘struct tcplay_opts *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay_api.c:143:6: erreur: too many arguments to function ‘create_volume’
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay_api.c:36:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:295:5: note: declared here
/home/tob/Logiciels/Securite/tc-play/tcplay_api.c: In function ‘tc_api_map_volume’:
/home/tob/Logiciels/Securite/tc-play/tcplay_api.c:190:6: attention : passing argument 1 of ‘map_volume’ from incompatible pointer type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay_api.c:36:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:300:5: note: expected ‘struct tcplay_opts *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay_api.c:190:6: erreur: too many arguments to function ‘map_volume’
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay_api.c:36:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:300:5: note: declared here
/home/tob/Logiciels/Securite/tc-play/tcplay_api.c: In function ‘tc_api_info_volume’:
/home/tob/Logiciels/Securite/tc-play/tcplay_api.c:235:6: attention : passing argument 1 of ‘info_map_common’ from incompatible pointer type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay_api.c:36:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:296:21: note: expected ‘struct tcplay_opts *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay_api.c:235:6: attention : passing argument 2 of ‘info_map_common’ makes pointer from integer without a cast [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay_api.c:36:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:296:21: note: expected ‘char *’ but argument is of type ‘int’
/home/tob/Logiciels/Securite/tc-play/tcplay_api.c:235:6: erreur: too many arguments to function ‘info_map_common’
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay_api.c:36:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:296:21: note: declared here
/home/tob/Logiciels/Securite/tc-play/tcplay_api.c: In function ‘tc_api_modify_volume’:
/home/tob/Logiciels/Securite/tc-play/tcplay_api.c:333:6: attention : passing argument 1 of ‘modify_volume’ from incompatible pointer type [enabled by default]
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay_api.c:36:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:301:5: note: expected ‘struct tcplay_opts *’ but argument is of type ‘const char *’
/home/tob/Logiciels/Securite/tc-play/tcplay_api.c:333:6: erreur: too many arguments to function ‘modify_volume’
In file included from /home/tob/Logiciels/Securite/tc-play/tcplay_api.c:36:0:
/home/tob/Logiciels/Securite/tc-play/tcplay.h:301:5: note: declared here
make[2]: ** [CMakeFiles/tcplay-so.dir/tcplay_api.c.o] Erreur 1
make[1]: *** [CMakeFiles/tcplay-so.dir/all] Erreur 2

make: *** [all] Erreur 2

What can I do ?

Thank you.

currently,tcplay uses only /dev/random to get random data and as a result of it,the tool hangs for an uncomfortable long time when creating a volume especially when used from a GUI application.

Would it be possible to add an option to get the data from /dev/urandom for those who find it secure enough and dont want to wait for the extra time /dev/random will require.

Hi

I tried to compile first with the make command:
I had to install
libdevmapper-dev uuid-dev libssl-dev (vs 09.8)
but make failed with:
pbkdf2-openssl.o: In function pbkdf2': pbkdf2-openssl.c:(.text+0x5e): undefined reference toPKCS5_PBKDF2_HMAC'
collect2: ld returned 1 exit status
make: *** [tcplay] Error 1
then i tried out cmake
and obtained
-- checking for module 'openssl>=1.0.0a'
-- package 'openssl>=1.0.0a' not found

so this looks bad, any change to get it to work, for openssl version <1?

thanks

Uwe Brauer

truecrypt binary has an option to create a volume header backup in a separate file independently of the encrypted volume.Any plans to support this feature?

truecrypt binary also seem to recreate the header when backing it up whereas cryptsetup seem to just "memcpy()" a LUKS header to a separate file as a LUKS header backup.

Any comments on why these two behave differently if you have any?

Looking at your sources,you only seem to support "xts-plain" mode and not "xts-plain64".

Any reason why you are not supporting "xts-plain64"?.If you only want to support one,why not go with "xts-plan64" one?

The below link among others online seem to suggest "xts-plain" is not very secure when a volume is large enough.

https://wiki.archlinux.org/index.php/User:Nonix#XTS

There are links[1][2] that express interest in tcplay but stops short because it has no GUI,do you have any plans to have any?

[1]http://www.reddit.com/r/linux/comments/1e9svo/introducing_zulumounta_feature_full_alternative/c9zakiz

[2]https://tails.boum.org/todo/replace_truecrypt_with_tc-play/

I'm packaging tcplay for Fedora Linux, and it is Fedora policy to request that upstream include the license in a text file (such as LICENSE or COPYING) if it is not already present. Having such a file is not an absolute requiremen; I am creating this issue so that you can decide whether you want to do it, and I can document that the request has been made.

Should also include some way to use -m or -i on the backup header instead of the main header.

tc-play revision: a0d7aa0

cc version info:

$ cc -v
Using built-in specs.
Target: x86_64-pc-linux-gnu
Configured with: /var/tmp/portage/sys-devel/gcc-4.4.5/work/gcc-4.4.5/configure --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/4.4.5 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/4.4.5/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.4.5 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.4.5/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.4.5/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/4.4.5/include/g++-v4 --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --disable-altivec --disable-fixed-point --without-ppl --without-cloog --enable-nls --without-included-gettext --with-system-zlib --disable-werror --enable-secureplt --enable-multilib --enable-libmudflap --disable-libssp --enable-libgomp --with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/4.4.5/python --enable-checking=release --disable-libgcj --enable-languages=c,c++,fortran --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --with-bugurl=http://bugs.gentoo.org/ --with-pkgversion='Gentoo 4.4.5 p1.2, pie-0.4.5'
Thread model: posix
gcc version 4.4.5 (Gentoo 4.4.5 p1.2, pie-0.4.5) 

Actual error:

$ make
cc -Wsystem-headers -Werror -Wall -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wold-style-definition -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter -Wchar-subscripts -Winline -Wnested-externs -O3 -o tc-play main.c tcplay.c crc32.c safe_mem.c io.c hdr.c humanize.c crypto.c generic_xts.c crypto-gcrypt.c pbkdf2-openssl.c -lgcrypt -ldevmapper -luuid -lcrypto
cc1: warnings being treated as errors
In file included from /usr/include/stdlib.h:955,
                 from main.c:33:
/usr/include/bits/stdlib.h:65: error: no previous prototype for 'ptsname_r'
cc1: warnings being treated as errors
tcplay.c: In function 'dm_setup':
tcplay.c:1112: error: ignoring return value of 'asprintf', declared with attribute warn_unused_result
cc1: warnings being treated as errors
In file included from /usr/include/stdlib.h:955,
                 from crc32.c:40:
/usr/include/bits/stdlib.h:65: error: no previous prototype for 'ptsname_r'
cc1: warnings being treated as errors
In file included from /usr/include/stdlib.h:955,
                 from safe_mem.c:32:
/usr/include/bits/stdlib.h:65: error: no previous prototype for 'ptsname_r'
cc1: warnings being treated as errors
In file included from /usr/include/stdlib.h:955,
                 from io.c:42:
/usr/include/bits/stdlib.h:65: error: no previous prototype for 'ptsname_r'
io.c: In function 'read_passphrase':
io.c:353: error: format not a string literal and no format arguments
cc1: warnings being treated as errors
In file included from /usr/include/stdlib.h:955,
                 from hdr.c:39:
/usr/include/bits/stdlib.h:65: error: no previous prototype for 'ptsname_r'
cc1: warnings being treated as errors
In file included from /usr/include/stdlib.h:955,
                 from humanize.c:31:
/usr/include/bits/stdlib.h:65: error: no previous prototype for 'ptsname_r'
cc1: warnings being treated as errors
In file included from /usr/include/stdlib.h:955,
                 from generic_xts.c:23:
/usr/include/bits/stdlib.h:65: error: no previous prototype for 'ptsname_r'
cc1: warnings being treated as errors
In file included from /usr/include/stdlib.h:955,
                 from /usr/include/gcrypt.h:25,
                 from crypto-gcrypt.c:35:
/usr/include/bits/stdlib.h:65: error: no previous prototype for 'ptsname_r'
In file included from /usr/include/sys/socket.h:40,
                 from /usr/include/gcrypt.h:42,
                 from crypto-gcrypt.c:35:
/usr/include/bits/socket.h:431: error: 'struct mmsghdr' declared inside parameter list
/usr/include/bits/socket.h:431: error: its scope is only this definition or declaration, which is probably not what you want
In file included from crypto-gcrypt.c:35:
/usr/include/gcrypt.h:1336: error: 'gcry_ac_io_mode_t' is deprecated
/usr/include/gcrypt.h:1337: error: 'gcry_ac_io_type_t' is deprecated
/usr/include/gcrypt.h:1344: error: 'gcry_ac_data_read_cb_t' is deprecated
/usr/include/gcrypt.h:1358: error: 'gcry_ac_data_write_cb_t' is deprecated
/usr/include/gcrypt.h:1393: error: 'gcry_md_algo_t' is deprecated
/usr/include/gcrypt.h:1401: error: 'gcry_md_algo_t' is deprecated
/usr/include/gcrypt.h:1407: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1411: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1415: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1416: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1421: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1425: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1433: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1440: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1448: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1456: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1463: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1470: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1470: error: 'gcry_ac_io_mode_t' is deprecated
/usr/include/gcrypt.h:1471: error: 'gcry_ac_io_type_t' is deprecated
/usr/include/gcrypt.h:1477: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1477: error: 'gcry_ac_io_mode_t' is deprecated
/usr/include/gcrypt.h:1478: error: 'gcry_ac_io_type_t' is deprecated
/usr/include/gcrypt.h:1482: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1483: error: 'gcry_ac_id_t' is deprecated
/usr/include/gcrypt.h:1487: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1491: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1491: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1492: error: 'gcry_ac_key_type_t' is deprecated
/usr/include/gcrypt.h:1492: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1500: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1502: error: 'gcry_ac_key_pair_t' is deprecated
/usr/include/gcrypt.h:1507: error: 'gcry_ac_key_pair_t' is deprecated
/usr/include/gcrypt.h:1508: error: 'gcry_ac_key_type_t' is deprecated
/usr/include/gcrypt.h:1512: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1516: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1516: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1520: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1521: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1526: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1526: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1531: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1535: error: 'gcry_ac_key_pair_t' is deprecated
/usr/include/gcrypt.h:1541: error: 'gcry_ac_em_t' is deprecated
/usr/include/gcrypt.h:1543: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1544: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1550: error: 'gcry_ac_em_t' is deprecated
/usr/include/gcrypt.h:1552: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1553: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1559: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1561: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1563: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1569: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1571: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1573: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1578: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1579: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1581: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1587: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1588: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1590: error: 'gcry_ac_data_t' is deprecated
/usr/include/gcrypt.h:1598: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1599: error: 'gcry_ac_scheme_t' is deprecated
/usr/include/gcrypt.h:1601: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1602: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1603: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1611: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1612: error: 'gcry_ac_scheme_t' is deprecated
/usr/include/gcrypt.h:1614: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1615: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1616: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1624: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1625: error: 'gcry_ac_scheme_t' is deprecated
/usr/include/gcrypt.h:1627: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1628: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1629: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1638: error: 'gcry_ac_handle_t' is deprecated
/usr/include/gcrypt.h:1639: error: 'gcry_ac_scheme_t' is deprecated
/usr/include/gcrypt.h:1641: error: 'gcry_ac_key_t' is deprecated
/usr/include/gcrypt.h:1642: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1643: error: 'gcry_ac_io_t' is deprecated
/usr/include/gcrypt.h:1649: error: 'gcry_ac_id_t' is deprecated
/usr/include/gcrypt.h:1656: error: 'gcry_ac_id_t' is deprecated
cc1: warnings being treated as errors
In file included from /usr/include/stdlib.h:955,
                 from /usr/include/openssl/crypto.h:120,
                 from /usr/include/openssl/bio.h:69,
                 from /usr/include/openssl/evp.h:75,
                 from pbkdf2-openssl.c:31:
/usr/include/bits/stdlib.h:65: error: no previous prototype for 'ptsname_r'
make: *** [program] Error 1

tested wih tcplay version 1.0

Test:
Create a volume that uses a a hidden volume.
Create both volumes using keyfiles.

Open the normal volume with its keyfile and the volume will open.
Open the hidden volume with its keyfile and it will not open.

test below

Create a volume and open the normal volume

[root@mtz ink]# ./test /dev/loop1 normal.key hidden.key --normal
tc_api_init() passed
tc_api_create_volume() passed
opening normal volume
tc_api_map_volume() passed
tc_api_unmap_volume() passed

Create a volume and open the hidden volume

[root@mtz ink]# ./test /dev/loop1 normal.key hidden.key --hidden
tc_api_init() passed
tc_api_create_volume() passed
opening hidden volume
tc_api_map_volume() failed
[root@mtz ink]# 

Source code for the above "test" program

#include<stdio.h>
#include<string.h>
#include<tcplay_api.h>


int main( int argc,char * argv[] )
{
    const char * device = argv[1] ;

    const char * keyfiles[2] = { NULL,NULL } ;
    keyfiles[0] = argv[2] ;

    const char * keyfiles_h[2] = { NULL,NULL } ;
    keyfiles_h[0] = argv[3] ;

    int hidden ;

    const char * e = argv[4] ;
    if( e == NULL ){
        hidden = 0 ;
    }else if( strcmp( e,"--hidden" ) == 0 ){
        hidden = 1 ;
    }else{
        hidden = 0 ;
    }

    tc_api_opts api_opts ;

    memset( &api_opts,'\0',sizeof( api_opts ) ) ;

    api_opts.tc_device          = device ;
    api_opts.tc_cipher          = "AES-256-XTS";
    api_opts.tc_prf_hash        = "RIPEMD160"  ;
    api_opts.tc_no_secure_erase = 1 ;
    api_opts.tc_use_weak_keys   = 1 ;
    api_opts.tc_keyfiles        = keyfiles ;
    api_opts.tc_keyfiles_hidden = keyfiles_h ;

    api_opts.tc_map_name = "zzz" ;

    int r ;

    if( tc_api_init( 0 ) == TC_OK ){
        puts( "tc_api_init() passed" ) ;
        r = tc_api_create_volume( &api_opts );
        if( r == TC_OK ){
            puts( "tc_api_create_volume() passed" ) ;
            if( hidden ){
                /*
                 * open hidden volume
                 */
                puts( "opening hidden volume" ) ;
                api_opts.tc_keyfiles = NULL ;
            }else{
                /*
                 * open normal volume
                 */
                puts( "opening normal volume" ) ;
                api_opts.tc_keyfiles_hidden = NULL ;
            }

            r = tc_api_map_volume( &api_opts ) ;
            if( r == TC_OK ){
                puts( "tc_api_map_volume() passed" ) ;
                sleep( 3 ) ;
                r = tc_api_unmap_volume( &api_opts ) ;
                if( r == TC_OK ){
                    puts( "tc_api_unmap_volume() passed" ) ;
                }else{
                    puts( "tc_api_unmap_volume() failed" ) ;
                }
            }else{
                puts( "tc_api_map_volume() failed" ) ;
            }
        }else{
            puts( "tc_api_create_volume() failed" ) ;
        }
        tc_api_uninit() ;
    }else{
        puts( "tc_api_init() failed" ) ;
    }

    return 0 ;
}

Is it possible to have in the README the dependencies needed in order to compile tc-play?

On my Debian i receive the following errors and I don't know if is a problem with dependencies or what.

$ make PBKDF_BACKEND=gcrypt
cc -Wsystem-headers -Werror -Wall -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wold-style-definition -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter -Wchar-subscripts -Winline -Wnested-externs -O3 -D_GNU_SOURCE -o tcplay main.c tcplay.c crc32.c safe_mem.c io.c hdr.c humanize.c crypto.c generic_xts.c crypto-gcrypt.c pbkdf2-gcrypt.c -lgcrypt -ldevmapper -luuid
cc1: warnings being treated as errors
pbkdf2-gcrypt.c: In function ‘pbkdf2’:
pbkdf2-gcrypt.c:64: error: implicit declaration of function ‘gcry_kdf_derive’
pbkdf2-gcrypt.c:64: error: nested extern declaration of ‘gcry_kdf_derive’
pbkdf2-gcrypt.c:64: error: ‘GCRY_KDF_PBKDF2’ undeclared (first use in this function)
pbkdf2-gcrypt.c:64: error: (Each undeclared identifier is reported only once
pbkdf2-gcrypt.c:64: error: for each function it appears in.)
make: *** [program] Error 1

or

$ make PBKDF_BACKEND=openssl
cc -Wsystem-headers -Werror -Wall -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wold-style-definition -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wunused-parameter -Wchar-subscripts -Winline -Wnested-externs -O3 -D_GNU_SOURCE -o tcplay main.c tcplay.c crc32.c safe_mem.c io.c hdr.c humanize.c crypto.c generic_xts.c crypto-gcrypt.c pbkdf2-openssl.c -lgcrypt -ldevmapper -luuid -lcrypto
cc1: warnings being treated as errors
pbkdf2-openssl.c: In function ‘pbkdf2’:
pbkdf2-openssl.c:51: error: implicit declaration of function ‘PKCS5_PBKDF2_HMAC’
pbkdf2-openssl.c:51: error: nested extern declaration of ‘PKCS5_PBKDF2_HMAC’
make: *** [program] Error 1

The last error can be avoided with the following patch

diff --git a/pbkdf2-openssl.c b/pbkdf2-openssl.c
index 6fb27e1..c1210a3 100644
--- a/pbkdf2-openssl.c
+++ b/pbkdf2-openssl.c
@@ -48,8 +48,8 @@ pbkdf2(struct pbkdf_prf_algo *hash, const char *pass, int passlen,
                tc_log(1, "Hash %s not found\n", hash->name);
                return ENOENT;
        }
-       r = PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen,
-           hash->iteration_count, md, keylen, out);
+       r = PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen,
+           hash->iteration_count, keylen, out);

        if (r == 0) {
                tc_log(1, "Error in PBKDF2\n");

but I don't know if is the correct approach.

#include<tcplay_api.h>
int main( int argc,char * argv[] )
{
    return 0 ;
}

above program fail to build with the below error.You are missing a header file mentioned above.You havent noticed it because you always include the header below other headers and headers above it pull it in.Adding your header above all other header files reveals its missing.

gcc tt.c
In file included from tt.c:2:0:
/usr/include/tcplay_api.h:50:2: error: unknown type name ‘size_t’
[root@mtz ink]#

PROBLEM:

'--protect-hidden' currently truncates the size of the decoy volume in order to protect the hidden volume. this works well for FAT32, but does not work for EXT4 as this file system checks the reported volume size against information stored in ext4 headers.

SUGGESTION:

add '--protect-method=FOO' option that gives control over the protection method.
e.g.
truncate -- current behaviour (default)
error -- report full size of the decoy volume. when the file system writes to the hidden area, don't write anything and raise an i/o error.
fake -- report full size of the decoy volume. when the file system writes to the hidden area, don't write anything, but pretend that the operation was successful.