package main /* Picocrypt v1.28 Copyright (c) Evan Su (https://evansu.cc) Released under a GNU GPL v3 License https://github.com/HACKERALERT/Picocrypt ~ In cryptography we trust ~ */ import ( _ "embed" "archive/zip" "bytes" "crypto/cipher" "crypto/hmac" "crypto/rand" "crypto/subtle" "fmt" "hash" "image" "image/color" "io" "math" "math/big" "os" "path/filepath" "regexp" "strconv" "strings" "time" "github.com/HACKERALERT/clipboard" "github.com/HACKERALERT/crypto/argon2" "github.com/HACKERALERT/crypto/blake2b" "github.com/HACKERALERT/crypto/chacha20" "github.com/HACKERALERT/crypto/hkdf" "github.com/HACKERALERT/crypto/sha3" "github.com/HACKERALERT/dialog" "github.com/HACKERALERT/giu" "github.com/HACKERALERT/infectious" "github.com/HACKERALERT/serpent" "github.com/HACKERALERT/zxcvbn-go" ) // Generic variables var version = "v1.28" var window *giu.MasterWindow var dpi float32 var mode string var working bool var recombine bool // Popup modals var modalId int // A hack to keep modals centered var showPassgen bool // Password generator var showKeyfile bool // Keyfile manager var showProgress bool // Encryption/decryption progress var showConfirmation bool // Confirm overwriting an existing file // Input and output files var onlyFiles []string var onlyFolders []string var allFiles []string var inputLabel = "Drop files and folders into this window." var inputFile string var outputFile string // Password and generator variables var password string var cpassword string var passwordStrength int var passwordState = giu.InputTextFlagsPassword var passwordStateLabel = "Show" var passgenCopy = true var passgenLength int32 = 32 var passgenUpper = true var passgenLower = true var passgenNums = true var passgenSymbols = true // Keyfile variables var keyfile bool var keyfiles []string var keyfileOrderMatters bool var keyfilePrompt = "None selected." // Comments variables var comments string var commentsPrompt = "Comments:" var commentsDisabled bool // Advanced options var paranoid bool var reedsolo bool var deleteWhenDone bool var split bool var splitSize string var splitUnits = []string{"KiB", "MiB", "GiB", "TiB", "Total"} var splitSelected int32 = 1 var compress bool var keep bool var kept bool // Status variables var startLabel = "Start" var mainStatus = "Ready." var mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff} var popupStatus string // Progress variables var progress float32 var progressInfo string // Reed-Solomon codecs var rs1, _ = infectious.NewFEC(1, 3) // 1 data shard, 3 total -> 2 parity shards var rs5, _ = infectious.NewFEC(5, 15) var rs16, _ = infectious.NewFEC(16, 48) var rs24, _ = infectious.NewFEC(24, 72) var rs32, _ = infectious.NewFEC(32, 96) var rs64, _ = infectious.NewFEC(64, 192) var rs128, _ = infectious.NewFEC(128, 136) // Used for full Reed-Solomon on files // A passthrough and related helpers to get compression progress var compressDone int64 var compressTotal int64 type compressorProgress struct { io.Reader } func (p *compressorProgress) Read(data []byte) (int, error) { read, err := p.Reader.Read(data) compressDone += int64(read) progress = float32(compressDone) / float32(compressTotal) giu.Update() return read, err } // The graphical user interface func draw() { giu.SingleWindow().Flags(524351).Layout( giu.Custom(func() { if showPassgen { giu.PopupModal("Generate password:##"+strconv.Itoa(modalId)).Flags(6).Layout( giu.Row( giu.Label("Length:"), giu.SliderInt(&passgenLength, 4, 64).Size(giu.Auto), ), giu.Checkbox("Uppercase", &passgenUpper), giu.Checkbox("Lowercase", &passgenLower), giu.Checkbox("Numbers", &passgenNums), giu.Checkbox("Symbols", &passgenSymbols), giu.Checkbox("Copy to clipboard", &passgenCopy), giu.Row( giu.Button("Cancel").Size(100, 0).OnClick(func() { giu.CloseCurrentPopup() showPassgen = false }), giu.Button("Generate").Size(100, 0).OnClick(func() { password = genPassword() cpassword = password passwordStrength = zxcvbn.PasswordStrength(password, nil).Score giu.CloseCurrentPopup() showPassgen = false }), ), ).Build() giu.OpenPopup("Generate password:##" + strconv.Itoa(modalId)) giu.Update() } if showKeyfile { giu.PopupModal("Manage keyfiles:##"+strconv.Itoa(modalId)).Flags(70).Layout( giu.Label("Drag and drop your keyfiles here."), giu.Custom(func() { if mode != "decrypt" { giu.Checkbox("Require correct order", &keyfileOrderMatters).Build() giu.Tooltip("Decryption will require the correct keyfile order.").Build() } else if keyfileOrderMatters { giu.Label("Correct order is required.").Build() } }), giu.Separator(), giu.Custom(func() { for _, i := range keyfiles { giu.Label(filepath.Base(i)).Build() } }), giu.Row( giu.Button("Clear").Size(100, 0).OnClick(func() { keyfiles = nil if keyfile { keyfilePrompt = "Keyfiles required." } else { keyfilePrompt = "None selected." } modalId++ }), giu.Tooltip("Remove all keyfiles."), giu.Button("Done").Size(100, 0).OnClick(func() { giu.CloseCurrentPopup() showKeyfile = false }), ), ).Build() giu.OpenPopup("Manage keyfiles:##" + strconv.Itoa(modalId)) giu.Update() } if showConfirmation { giu.PopupModal("Warning:##"+strconv.Itoa(modalId)).Flags(6).Layout( giu.Label("Output already exists. Overwrite?"), giu.Row( giu.Button("No").Size(100, 0).OnClick(func() { giu.CloseCurrentPopup() showConfirmation = false }), giu.Button("Yes").Size(100, 0).OnClick(func() { giu.CloseCurrentPopup() showConfirmation = false modalId++ showProgress = true giu.Update() go func() { work() working = false showProgress = false giu.Update() }() }), ), ).Build() giu.OpenPopup("Warning:##" + strconv.Itoa(modalId)) giu.Update() } if showProgress { giu.PopupModal(" ##"+strconv.Itoa(modalId)).Flags(6).Layout( giu.Row( giu.ProgressBar(progress).Size(180, 0).Overlay(progressInfo), giu.Button("Cancel").Size(58, 0).OnClick(func() { working = false }), ), giu.Label(popupStatus), ).Build() giu.OpenPopup(" ##" + strconv.Itoa(modalId)) giu.Update() } }), giu.Row( giu.Label(inputLabel), giu.Custom(func() { bw, _ := giu.CalcTextSize("Clear") p, _ := giu.GetWindowPadding() bw += p * 2 giu.Dummy((bw+p)/-dpi, 0).Build() giu.SameLine() giu.Style().SetDisabled(len(allFiles) == 0 && len(onlyFiles) == 0).To( giu.Button("Clear").Size(bw/dpi, 0).OnClick(resetUI), giu.Tooltip("Clear all input files and reset UI state."), ).Build() }), ), giu.Separator(), giu.Style().SetDisabled(len(allFiles) == 0 && len(onlyFiles) == 0).To( giu.Label("Password:"), giu.Row( giu.Button(passwordStateLabel).Size(54, 0).OnClick(func() { if passwordState == giu.InputTextFlagsPassword { passwordState = giu.InputTextFlagsNone passwordStateLabel = "Hide" } else { passwordState = giu.InputTextFlagsPassword passwordStateLabel = "Show" } }), giu.Tooltip("Toggle the visibility of password entries."), giu.Button("Clear").Size(54, 0).OnClick(func() { password = "" cpassword = "" }), giu.Tooltip("Clear the password entries."), giu.Button("Copy").Size(54, 0).OnClick(func() { clipboard.WriteAll(password) }), giu.Tooltip("Copy the password into your clipboard."), giu.Button("Paste").Size(54, 0).OnClick(func() { tmp, _ := clipboard.ReadAll() password = tmp if mode != "decrypt" { cpassword = tmp } passwordStrength = zxcvbn.PasswordStrength(password, nil).Score giu.Update() }), giu.Tooltip("Paste a password from your clipboard."), giu.Style().SetDisabled(mode == "decrypt").To( giu.Button("Create").Size(54, 0).OnClick(func() { modalId++ showPassgen = true }), ), giu.Tooltip("Generate a cryptographically secure password."), ), giu.Row( giu.InputText(&password).Flags(passwordState).Size(302/dpi).OnChange(func() { passwordStrength = zxcvbn.PasswordStrength(password, nil).Score }), giu.Custom(func() { c := giu.GetCanvas() p := giu.GetCursorScreenPos() col := color.RGBA{ uint8(0xc8 - 31*passwordStrength), uint8(0x4c + 31*passwordStrength), 0x4b, 0xff, } if password == "" || mode == "decrypt" { col = color.RGBA{0xff, 0xff, 0xff, 0x00} } path := p.Add(image.Pt( int(math.Round(-20*float64(dpi))), int(math.Round(12*float64(dpi))), )) c.PathArcTo(path, 6*dpi, -math.Pi/2, math.Pi*(.4*float32(passwordStrength)-.1), -1) c.PathStroke(col, false, 2) }), ), giu.Dummy(0, 0), giu.Style().SetDisabled(password == "" || mode == "decrypt").To( giu.Label("Confirm password:"), giu.Row( giu.InputText(&cpassword).Flags(passwordState).Size(302/dpi), giu.Custom(func() { c := giu.GetCanvas() p := giu.GetCursorScreenPos() col := color.RGBA{0x4c, 0xc8, 0x4b, 0xff} if cpassword != password { col = color.RGBA{0xc8, 0x4c, 0x4b, 0xff} } if password == "" || cpassword == "" || mode == "decrypt" { col = color.RGBA{0xff, 0xff, 0xff, 0x00} } path := p.Add(image.Pt( int(math.Round(-20*float64(dpi))), int(math.Round(12*float64(dpi))), )) c.PathArcTo(path, 6*dpi, 0, 2*math.Pi, -1) c.PathStroke(col, false, 2) }), ), ), giu.Dummy(0, 0), giu.Style().SetDisabled(mode == "decrypt" && !keyfile).To( giu.Row( giu.Label("Keyfiles:"), giu.Button("Edit").Size(54, 0).OnClick(func() { modalId++ showKeyfile = true }), giu.Tooltip("Manage your keyfiles."), giu.Style().SetDisabled(mode == "decrypt").To( giu.Button("Create").Size(54, 0).OnClick(func() { f := dialog.File().Title("Choose where to save the keyfile.") f.SetStartDir(func() string { if len(onlyFiles) > 0 { return filepath.Dir(onlyFiles[0]) } return filepath.Dir(onlyFolders[0]) }()) f.SetInitFilename("Keyfile") file, err := f.Save() if file == "" || err != nil { return } fout, _ := os.Create(file) data := make([]byte, 1<<20) rand.Read(data) fout.Write(data) fout.Close() }), giu.Tooltip("Generate a cryptographically secure keyfile."), ), giu.Style().SetDisabled(true).To( giu.InputText(&keyfilePrompt).Size(giu.Auto), ), ), ), ), giu.Separator(), giu.Style().SetDisabled((mode == "decrypt" && comments == "") || (mode != "decrypt" && ((len(keyfiles) == 0 && password == "") || (password != cpassword)))).To( giu.Style().SetDisabled(mode == "decrypt" && comments == "").To( giu.Label(commentsPrompt), giu.InputText(&comments).Size(giu.Auto).Flags(func() giu.InputTextFlags { if commentsDisabled { return giu.InputTextFlagsReadOnly } return giu.InputTextFlagsNone }()), ), ), giu.Style().SetDisabled((len(keyfiles) == 0 && password == "") || (mode == "encrypt" && password != cpassword)).To( giu.Label("Advanced:"), giu.Custom(func() { if mode != "decrypt" { giu.Row( giu.Checkbox("Paranoid mode", ¶noid), giu.Tooltip("Provides the highest level of security attainable."), giu.Dummy(-170, 0), giu.Style().SetDisabled(!(len(allFiles) > 1 || len(onlyFolders) > 0)).To( giu.Checkbox("Compress files", &compress), giu.Tooltip("Compress files with Deflate before encrypting."), ), ).Build() giu.Row( giu.Checkbox("Reed-Solomon", &reedsolo), giu.Tooltip("Prevent file corruption by erasure coding (slow)."), giu.Dummy(-170, 0), giu.Checkbox("Delete files", &deleteWhenDone), giu.Tooltip("Delete the input files after encryption."), ).Build() giu.Row( giu.Checkbox("Split into chunks:", &split), giu.Tooltip("Split the output file into smaller chunks."), giu.Dummy(-170, 0), giu.InputText(&splitSize).Size(86/dpi).Flags(1).OnChange(func() { split = splitSize != "" }), giu.Tooltip("Choose the chunk size."), giu.Combo("##splitter", splitUnits[splitSelected], splitUnits, &splitSelected).Size(68), giu.Tooltip("Choose the chunk size units."), ).Build() } else { giu.Row( giu.Checkbox("Force decrypt", &keep), giu.Tooltip("Override security measures when decrypting."), giu.Dummy(-170, 0), giu.Checkbox("Delete volume", &deleteWhenDone), giu.Tooltip("Delete the volume after a successful decryption."), ).Build() } }), giu.Label("Save output as:"), giu.Custom(func() { w, _ := giu.GetAvailableRegion() bw, _ := giu.CalcTextSize("Change") p, _ := giu.GetWindowPadding() bw += p * 2 dw := w - bw - p giu.Style().SetDisabled(true).To( giu.InputText(func() *string { tmp := "" if outputFile == "" { return &tmp } tmp = filepath.Base(outputFile) return &tmp }()).Size(dw / dpi / dpi).Flags(16384), ).Build() giu.SameLine() giu.Button("Change").Size(bw/dpi, 0).OnClick(func() { f := dialog.File().Title("Choose where to save the output. Don't include extensions.") f.SetStartDir(func() string { if len(onlyFiles) > 0 { return filepath.Dir(onlyFiles[0]) } return filepath.Dir(onlyFolders[0]) }()) // Prefill the filename tmp := strings.TrimSuffix(filepath.Base(outputFile), ".pcv") f.SetInitFilename(strings.TrimSuffix(tmp, filepath.Ext(tmp))) if mode == "encrypt" && (len(allFiles) > 1 || len(onlyFolders) > 0) { f.SetInitFilename("Encrypted") } file, err := f.Save() if file == "" || err != nil { return } // Add the correct extensions if mode == "encrypt" { if len(allFiles) > 1 || len(onlyFolders) > 0 { file += ".zip.pcv" } else { file += filepath.Ext(inputFile) + ".pcv" } } else { if strings.HasSuffix(inputFile, ".zip.pcv") { file += ".zip" } else { tmp := strings.TrimSuffix(filepath.Base(inputFile), ".pcv") file += filepath.Ext(tmp) } } outputFile = file }).Build() giu.Tooltip("Save the output with a custom name and path.").Build() }), giu.Dummy(0, 0), giu.Separator(), giu.Dummy(0, 0), giu.Button(startLabel).Size(giu.Auto, 34).OnClick(func() { if keyfile && keyfiles == nil { mainStatus = "Please select your keyfiles." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} return } tmp, err := strconv.Atoi(splitSize) if split && (splitSize == "" || tmp <= 0 || err != nil) { mainStatus = "Invalid split size." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} return } _, err = os.Stat(outputFile) if err == nil { modalId++ showConfirmation = true giu.Update() } else { modalId++ showProgress = true giu.Update() go func() { work() working = false showProgress = false giu.Update() }() } }), giu.Style().SetColor(giu.StyleColorText, mainStatusColor).To( giu.Label(mainStatus), ), ), giu.Custom(func() { window.SetSize(int(318*dpi), giu.GetCursorPos().Y+1) }), ) } func onDrop(names []string) { if showKeyfile { keyfiles = append(keyfiles, names...) // Remove duplicate keyfiles var tmp []string for _, i := range keyfiles { duplicate := false for _, j := range tmp { if i == j { duplicate = true } } stat, _ := os.Stat(i) if !duplicate && !stat.IsDir() { tmp = append(tmp, i) } } keyfiles = tmp // Update the keyfile status if len(keyfiles) == 1 { keyfilePrompt = "Using 1 keyfile." } else { keyfilePrompt = fmt.Sprintf("Using %d keyfiles.", len(keyfiles)) } // Recenter the keyfile modal modalId++ return } // Clear variables and UI state recombine = false onlyFiles = nil onlyFolders = nil allFiles = nil files, folders := 0, 0 size := 0 resetUI() // One item dropped if len(names) == 1 { stat, _ := os.Stat(names[0]) // A folder was dropped if stat.IsDir() { folders++ mode = "encrypt" inputLabel = "1 folder selected." startLabel = "Encrypt" onlyFolders = append(onlyFolders, names[0]) inputFile = filepath.Join(filepath.Dir(names[0]), "Encrypted") + ".zip" outputFile = inputFile + ".pcv" } else { // A file was dropped files++ name := filepath.Base(names[0]) // Is the file a part of a split volume? nums := []string{"0", "1", "2", "3", "4", "5", "6", "7", "8", "9"} endsNum := false for _, i := range nums { if strings.HasSuffix(names[0], i) { endsNum = true } } isSplit := strings.Contains(names[0], ".pcv.") && endsNum // Decide if encrypting or decrypting if strings.HasSuffix(names[0], ".pcv") || isSplit { mode = "decrypt" inputLabel = name startLabel = "Decrypt" commentsPrompt = "Comments (read-only):" commentsDisabled = true if isSplit { ind := strings.Index(names[0], ".pcv") names[0] = names[0][:ind+4] inputFile = names[0] outputFile = names[0][:ind] recombine = true } else { outputFile = names[0][:len(names[0])-4] } // Open the input file in read-only mode var fin *os.File if isSplit { fin, _ = os.Open(names[0] + ".0") } else { fin, _ = os.Open(names[0]) } // Use regex to test if the input is a valid Picocrypt volume tmp := make([]byte, 30) fin.Read(tmp) if string(tmp[:5]) == "v1.13" { resetUI() mainStatus = "Please use v1.13 to decrypt this file." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} fin.Close() return } if valid, _ := regexp.Match(`^v\d\.\d{2}.{10}0?\d+`, tmp); !valid && !isSplit { resetUI() mainStatus = "This doesn't seem like a Picocrypt volume." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} fin.Close() return } // Use regex to test if the volume is compatible fin.Seek(0, 0) tmp = make([]byte, 15) fin.Read(tmp) tmp, _ = rsDecode(rs5, tmp) if valid, _ := regexp.Match(`^v1.1[456]$`, tmp); valid { resetUI() mainStatus = "Please use v1.16 to decrypt this file." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} fin.Close() return } if valid, _ := regexp.Match(`^(v1.1[789])|(v1.2[01])$`, tmp); valid { resetUI() mainStatus = "Please use v1.21 to decrypt this file." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} fin.Close() return } // Read comments from file and check for corruption var err error tmp = make([]byte, 15) fin.Read(tmp) tmp, err = rsDecode(rs5, tmp) if err == nil { commentsLength, _ := strconv.Atoi(string(tmp)) tmp = make([]byte, commentsLength*3) fin.Read(tmp) comments = "" for i := 0; i < commentsLength*3; i += 3 { t, err := rsDecode(rs1, tmp[i:i+3]) if err != nil { comments = "Comments are corrupted." break } comments += string(t) } } else { comments = "Comments are corrupted." } // Read flags from file and check for corruption flags := make([]byte, 15) fin.Read(flags) fin.Close() flags, err = rsDecode(rs5, flags) if err != nil { mainStatus = "The volume header is damaged." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} return } // Update UI and variables according to flags if flags[1] == 1 { keyfile = true keyfilePrompt = "Keyfiles required." } else { keyfilePrompt = "Not applicable." } if flags[2] == 1 { keyfileOrderMatters = true } } else { // One file that is not a Picocrypt volume was dropped mode = "encrypt" inputLabel = name startLabel = "Encrypt" inputFile = names[0] outputFile = names[0] + ".pcv" } // Add the file onlyFiles = append(onlyFiles, names[0]) inputFile = names[0] size += int(stat.Size()) } } else { // There are multiple dropped items mode = "encrypt" // Go through each dropped item and add to corresponding slices for _, name := range names { stat, _ := os.Stat(name) if stat.IsDir() { folders++ onlyFolders = append(onlyFolders, name) } else { files++ onlyFiles = append(onlyFiles, name) allFiles = append(allFiles, name) size += int(stat.Size()) } } // Update UI with the number of files and folders selected if folders == 0 { inputLabel = fmt.Sprintf("%d files selected.", files) } else if files == 0 { inputLabel = fmt.Sprintf("%d folders selected.", folders) } else { if files == 1 && folders > 1 { inputLabel = fmt.Sprintf("1 file and %d folders selected.", folders) } else if folders == 1 && files > 1 { inputLabel = fmt.Sprintf("%d files and 1 folder selected.", files) } else if folders == 1 && files == 1 { inputLabel = "1 file and 1 folder selected." } else { inputLabel = fmt.Sprintf("%d files and %d folders selected.", files, folders) } } startLabel = "Encrypt" // Set the input and output paths inputFile = filepath.Join(filepath.Dir(names[0]), "Encrypted") + ".zip" outputFile = inputFile + ".pcv" } // Recursively add all files in 'onlyFolders' to 'allFiles' for _, name := range onlyFolders { filepath.Walk(name, func(path string, _ os.FileInfo, _ error) error { stat, _ := os.Stat(path) if !stat.IsDir() { allFiles = append(allFiles, path) size += int(stat.Size()) } return nil }) } inputLabel = fmt.Sprintf("%s (%s)", inputLabel, sizeify(int64(size))) } func work() { // Show that Picocrypt is encrypting/decrypting popupStatus = "Starting..." mainStatus = "Working..." mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff} working = true padded := false giu.Update() // Cryptography! var salt []byte // Argon2 salt, 16 bytes var hkdfSalt []byte // HKDF-SHA3 salt, 32 bytes var serpentSalt []byte // Serpent salt, 16 bytes var nonce []byte // 24-byte XChaCha20 nonce var keyHash []byte // SHA3-512 hash of encryption key var _keyHash []byte // Same as 'keyHash', but used for comparison var keyfileKey []byte // The SHA3-256 hashes of keyfiles var keyfileHash []byte = make([]byte, 32) // The SHA3-256 of 'keyfileKey' var _keyfileHash []byte // Same as 'keyfileHash', but used for comparison var dataMac []byte // 64-byte authentication tag (BLAKE2b or HMAC-SHA3) if mode == "encrypt" { if compress { popupStatus = "Compressing files..." } else { popupStatus = "Combining files..." } // Combine/compress all files into a .zip file if len(allFiles) > 1 || len(onlyFolders) > 0 { var rootDir string if len(onlyFolders) > 0 { rootDir = filepath.Dir(onlyFolders[0]) } else { rootDir = filepath.Dir(onlyFiles[0]) } file, err := os.Create(inputFile) if err != nil { mainStatus = "Access denied by operating system." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} return } compressTotal = 0 for _, path := range allFiles { stat, _ := os.Stat(path) compressTotal += stat.Size() } w := zip.NewWriter(file) for i, path := range allFiles { if !working { mainStatus = "Operation cancelled by user." mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff} w.Close() file.Close() os.Remove(inputFile) compressDone = 0 return } progressInfo = fmt.Sprintf("%d/%d", i+1, len(allFiles)) giu.Update() // Don't add the volume to itself if path == inputFile { continue } stat, _ := os.Stat(path) header, _ := zip.FileInfoHeader(stat) header.Name = strings.TrimPrefix(path, rootDir) header.Name = filepath.ToSlash(header.Name) header.Name = strings.TrimPrefix(header.Name, "/") if compress { header.Method = zip.Deflate } else { header.Method = zip.Store } writer, _ := w.CreateHeader(header) file, err := os.Open(path) if err != nil { mainStatus = "Access denied by operating system." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} os.Remove(inputFile) compressDone = 0 return } // Use a passthrough to catch compression progress prg := &compressorProgress{Reader: file} io.Copy(writer, prg) file.Close() } w.Close() file.Close() compressDone = 0 } } // Recombine a split file if necessary if recombine { popupStatus = "Recombining file..." total := 0 totalBytes := int64(0) done := 0 // Find out the number of splitted chunks for { stat, err := os.Stat(fmt.Sprintf("%s.%d", inputFile, total)) if err != nil { break } total++ totalBytes += stat.Size() } // Merge all chunks into one file fout, _ := os.Create(inputFile) for i := 0; i < total; i++ { fin, _ := os.Open(fmt.Sprintf("%s.%d", inputFile, i)) for { data := make([]byte, 1<<20) read, err := fin.Read(data) if err != nil { break } data = data[:read] fout.Write(data) done += read progressInfo = fmt.Sprintf("%d/%d", i+1, total) progress = float32(done) / float32(totalBytes) giu.Update() } fin.Close() } fout.Close() progressInfo = "" } // Subtract the header size from the total size if decrypting stat, _ := os.Stat(inputFile) total := stat.Size() if mode == "decrypt" { total -= 789 } // Open input file in read-only mode fin, err := os.Open(inputFile) if err != nil { mainStatus = "Access denied by operating system." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} if recombine { os.Remove(inputFile) } if len(allFiles) > 1 || len(onlyFolders) > 0 { os.Remove(inputFile) } return } var fout *os.File // If encrypting, generate values and write to file if mode == "encrypt" { popupStatus = "Generating values..." giu.Update() // Create the output file var err error fout, err = os.Create(outputFile) if err != nil { mainStatus = "Access denied by operating system." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} fin.Close() if len(allFiles) > 1 || len(onlyFolders) > 0 { os.Remove(inputFile) } return } // Set up cryptographic values salt = make([]byte, 16) hkdfSalt = make([]byte, 32) serpentSalt = make([]byte, 16) nonce = make([]byte, 24) // Write the program version to file fout.Write(rsEncode(rs5, []byte(version))) // Encode and write the comment length to file commentsLength := []byte(fmt.Sprintf("%05d", len(comments))) commentsLength = rsEncode(rs5, commentsLength) fout.Write(commentsLength) // Encode the comment and write to file for _, i := range []byte(comments) { fout.Write(rsEncode(rs1, []byte{i})) } // Configure flags and write to file flags := make([]byte, 5) if paranoid { // Paranoid mode selected flags[0] = 1 } if len(keyfiles) > 0 { // Keyfiles are being used flags[1] = 1 } if keyfileOrderMatters { // Order of keyfiles matter flags[2] = 1 } if reedsolo { // Full Reed-Solomon encoding is selected flags[3] = 1 } if total%(1<<20) >= 1<<20-128 { // Reed-Solomon internals flags[4] = 1 } flags = rsEncode(rs5, flags) fout.Write(flags) // Fill values with Go's CSPRNG rand.Read(salt) rand.Read(hkdfSalt) rand.Read(serpentSalt) rand.Read(nonce) // Encode values with Reed-Solomon and write to file fout.Write(rsEncode(rs16, salt)) fout.Write(rsEncode(rs32, hkdfSalt)) fout.Write(rsEncode(rs16, serpentSalt)) fout.Write(rsEncode(rs24, nonce)) // Write placeholders for future use fout.Write(make([]byte, 192)) // Hash of encryption key fout.Write(make([]byte, 96)) // Hash of keyfile key fout.Write(make([]byte, 192)) // BLAKE2b/HMAC-SHA3 tag } else { // Decrypting, read values from file and decode popupStatus = "Reading values..." giu.Update() errs := make([]error, 10) version := make([]byte, 15) fin.Read(version) _, errs[0] = rsDecode(rs5, version) tmp := make([]byte, 15) fin.Read(tmp) tmp, errs[1] = rsDecode(rs5, tmp) commentsLength, _ := strconv.Atoi(string(tmp)) fin.Read(make([]byte, commentsLength*3)) total -= int64(commentsLength) * 3 flags := make([]byte, 15) fin.Read(flags) flags, errs[2] = rsDecode(rs5, flags) paranoid = flags[0] == 1 reedsolo = flags[3] == 1 padded = flags[4] == 1 salt = make([]byte, 48) fin.Read(salt) salt, errs[3] = rsDecode(rs16, salt) hkdfSalt = make([]byte, 96) fin.Read(hkdfSalt) hkdfSalt, errs[4] = rsDecode(rs32, hkdfSalt) serpentSalt = make([]byte, 48) fin.Read(serpentSalt) serpentSalt, errs[5] = rsDecode(rs16, serpentSalt) nonce = make([]byte, 72) fin.Read(nonce) nonce, errs[6] = rsDecode(rs24, nonce) _keyHash = make([]byte, 192) fin.Read(_keyHash) _keyHash, errs[7] = rsDecode(rs64, _keyHash) _keyfileHash = make([]byte, 96) fin.Read(_keyfileHash) _keyfileHash, errs[8] = rsDecode(rs32, _keyfileHash) dataMac = make([]byte, 192) fin.Read(dataMac) dataMac, errs[9] = rsDecode(rs64, dataMac) // If there was an issue during decoding, the header is corrupted for _, err := range errs { if err != nil { if keep { // If the user chooses to force decrypt kept = true } else { mainStatus = "The volume header is damaged." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} fin.Close() if recombine { os.Remove(inputFile) } return } } } } popupStatus = "Deriving key..." progress = 0 progressInfo = "" giu.Update() // Derive encryption keys and subkeys var key []byte if paranoid { // Overkilled parameters for paranoid mode key = argon2.IDKey( []byte(password), salt, 8, // 8 passes 1<<20, // 1 GiB memory 8, // 8 threads 32, // 32-byte output key ) } else { // High Argon2 parameters by default key = argon2.IDKey( []byte(password), salt, 4, 1<<20, 4, 32, ) } // If the 'Cancel' button was pressed, cancel and clean up if !working { mainStatus = "Operation cancelled by user." mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff} fin.Close() if mode == "encrypt" { fout.Close() } if recombine { os.Remove(inputFile) } if len(allFiles) > 1 || len(onlyFolders) > 0 { os.Remove(inputFile) } os.Remove(outputFile) return } // If keyfiles are being used if len(keyfiles) > 0 || keyfile { if keyfileOrderMatters { // If order matters, hash progressively var keysum = sha3.New256() for _, path := range keyfiles { kin, _ := os.Open(path) kstat, _ := os.Stat(path) kbytes := make([]byte, kstat.Size()) kin.Read(kbytes) kin.Close() keysum.Write(kbytes) } keyfileKey = keysum.Sum(nil) keyfileSha3 := sha3.New256() keyfileSha3.Write(keyfileKey) keyfileHash = keyfileSha3.Sum(nil) } else { // If order doesn't matter, hash individually and combine var keysum []byte for _, path := range keyfiles { kin, _ := os.Open(path) kstat, _ := os.Stat(path) kbytes := make([]byte, kstat.Size()) kin.Read(kbytes) kin.Close() ksha3 := sha3.New256() ksha3.Write(kbytes) keyfileKey := ksha3.Sum(nil) if keysum == nil { keysum = keyfileKey } else { for i, j := range keyfileKey { keysum[i] ^= j } } } keyfileKey = keysum keyfileSha3 := sha3.New256() keyfileSha3.Write(keysum) keyfileHash = keyfileSha3.Sum(nil) } } // Hash the encryption key (used to check if a password is correct when decrypting) sha3_512 := sha3.New512() sha3_512.Write(key) keyHash = sha3_512.Sum(nil) // Validate the password and/or keyfiles if mode == "decrypt" { incorrect := false keyCorrect := true keyfileCorrect := true keyCorrect = subtle.ConstantTimeCompare(keyHash, _keyHash) == 1 if keyfile { keyfileCorrect = subtle.ConstantTimeCompare(keyfileHash, _keyfileHash) == 1 incorrect = !keyCorrect || !keyfileCorrect } else { incorrect = !keyCorrect } // If there's an issue with the password and/or keyfiles if incorrect { if keep { kept = true } else { if !keyCorrect { mainStatus = "The provided password is incorrect." } else { if keyfileOrderMatters { mainStatus = "Incorrect keyfiles or order." } else { mainStatus = "Incorrect keyfiles." } } mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} fin.Close() if recombine { os.Remove(inputFile) } return } } // Create the output file for decryption var err error fout, err = os.Create(outputFile) if err != nil { mainStatus = "Access denied by operating system." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} fin.Close() if recombine { os.Remove(inputFile) } return } } if len(keyfiles) > 0 || keyfile { // XOR the encryption key with the keyfile to make the master key tmp := key key = make([]byte, 32) for i := range key { key[i] = tmp[i] ^ keyfileKey[i] } } done := 0 counterDone := 0 counter := 0 startTime := time.Now() chacha, _ := chacha20.NewUnauthenticatedCipher(key, nonce) // Use HKDF-SHA3 to generate a subkey var mac hash.Hash subkey := make([]byte, 32) hkdf := hkdf.New(sha3.New256, key, hkdfSalt, nil) hkdf.Read(subkey) if paranoid { mac = hmac.New(sha3.New512, subkey) // HMAC-SHA3 } else { mac, _ = blake2b.New512(subkey) // Keyed BLAKE2b } // Generate another subkey and cipher (not used unless paranoid mode is checked) serpentKey := make([]byte, 32) hkdf.Read(serpentKey) s, _ := serpent.NewCipher(serpentKey) serpent := cipher.NewCTR(s, serpentSalt) for { // If the user cancels the process, stop and clean up if !working { mainStatus = "Operation cancelled by user." mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff} fin.Close() fout.Close() if recombine { os.Remove(inputFile) } if len(allFiles) > 1 || len(onlyFolders) > 0 { os.Remove(inputFile) } os.Remove(outputFile) return } // Read in data from the file var src []byte if mode == "decrypt" && reedsolo { src = make([]byte, 1<<20/128*136) } else { src = make([]byte, 1<<20) } size, err := fin.Read(src) if err != nil { break } src = src[:size] dst := make([]byte, len(src)) // Do the actual encryption if mode == "encrypt" { if paranoid { serpent.XORKeyStream(dst, src) copy(src, dst) } chacha.XORKeyStream(dst, src) mac.Write(dst) if reedsolo { copy(src, dst) dst = nil // If a full MiB is available if len(src) == 1<<20 { // Encode every chunk for i := 0; i < 1<<20; i += 128 { dst = append(dst, rsEncode(rs128, src[i:i+128])...) } } else { // Encode the full chunks chunks := math.Floor(float64(len(src)) / 128) for i := 0; float64(i) < chunks; i++ { dst = append(dst, rsEncode(rs128, src[i*128:(i+1)*128])...) } // Pad and encode the final partial chunk dst = append(dst, rsEncode(rs128, pad(src[int(chunks*128):]))...) } } } else { // Decryption if reedsolo { copy(dst, src) src = nil // If a complete 1 MiB block is available if len(dst) == 1<<20/128*136 { // Decode every chunk for i := 0; i < 1<<20/128*136; i += 136 { tmp, err := rsDecode(rs128, dst[i:i+136]) if err != nil { if keep { kept = true } else { fin.Close() fout.Close() broken() mainStatus = "The input file is irrecoverably damaged." return } } if i == 1113976 && done+1114112 >= int(total) && padded { tmp = unpad(tmp) } src = append(src, tmp...) } } else { // Decode the full chunks chunks := len(dst)/136 - 1 for i := 0; i < chunks; i++ { tmp, err := rsDecode(rs128, dst[i*136:(i+1)*136]) if err != nil { if keep { kept = true } else { fin.Close() fout.Close() broken() mainStatus = "The input file is irrecoverably damaged." return } } src = append(src, tmp...) } // Unpad and decode the final partial chunk tmp, err := rsDecode(rs128, dst[int(chunks)*136:]) if err != nil { if keep { kept = true } else { fin.Close() fout.Close() broken() mainStatus = "The input file is irrecoverably damaged." return } } src = append(src, unpad(tmp)...) } dst = make([]byte, len(src)) } mac.Write(src) chacha.XORKeyStream(dst, src) if paranoid { copy(src, dst) serpent.XORKeyStream(dst, src) } } fout.Write(dst) // Update stats if mode == "decrypt" && reedsolo { done += 1 << 20 / 128 * 136 } else { done += 1 << 20 } counterDone += 1 << 20 counter++ progress = float32(done) / float32(total) elapsed := float64(time.Since(startTime)) / (1 << 20) / 1000 speed := float64(done) / elapsed / (1 << 20) eta := int(math.Floor(float64(total-int64(done)) / (speed * (1 << 20)))) progress = float32(math.Min(float64(progress), 1)) // Cap progress to 100% progressInfo = fmt.Sprintf("%.2f%%", progress*100) popupStatus = fmt.Sprintf("Working at %.2f MiB/s (ETA: %s)", speed, humanize(eta)) giu.Update() // If more than 256 GiB passed, change the nonce to prevent counter overflow blocks := counterDone/64 + 1 if blocks+(1<<20/64) > 1<<32 { nonce = make([]byte, 24) hkdf.Read(nonce) chacha, _ = chacha20.NewUnauthenticatedCipher(key, nonce) counterDone = 0 } } if mode == "encrypt" { // Seek back to header to write important values fout.Seek(int64(309+len(comments)*3), 0) fout.Write(rsEncode(rs64, keyHash)) fout.Write(rsEncode(rs32, keyfileHash)) fout.Write(rsEncode(rs64, mac.Sum(nil))) } else { // Validate the authenticity of decrypted data if subtle.ConstantTimeCompare(mac.Sum(nil), dataMac) == 0 { if keep { kept = true } else { fin.Close() fout.Close() broken() return } } } fin.Close() fout.Close() // Split files into chunks if split { var splitted []string popupStatus = "Splitting file..." stat, _ := os.Stat(outputFile) size := stat.Size() finished := 0 finishedRaw := 0 chunkSize, _ := strconv.Atoi(splitSize) // User can choose KiB, MiB, GiB, TiB, or custom number of chunks if splitSelected == 0 { chunkSize *= 1 << 10 } else if splitSelected == 1 { chunkSize *= 1 << 20 } else if splitSelected == 2 { chunkSize *= 1 << 30 } else if splitSelected == 3 { chunkSize *= 1 << 40 } else { chunkSize = int(math.Ceil(float64(size) / float64(chunkSize))) } // Get the number of required chunks chunks := int(math.Ceil(float64(size) / float64(chunkSize))) progressInfo = fmt.Sprintf("%d/%d", finished+1, chunks) giu.Update() fin, _ := os.Open(outputFile) for i := 0; i < chunks; i++ { // Make the chunks fout, _ := os.Create(fmt.Sprintf("%s.%d", outputFile, i)) done := 0 // Copy data into the chunk for { data := make([]byte, 1<<20) for done+len(data) > chunkSize { data = make([]byte, int(math.Ceil(float64(len(data))/2))) } read, err := fin.Read(data) if err != nil { break } if !working { fin.Close() fout.Close() if len(allFiles) > 1 || len(onlyFolders) > 0 { os.Remove(inputFile) } mainStatus = "Operation cancelled by user." mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff} // If user cancels, remove the unfinished files for _, j := range splitted { os.Remove(j) } os.Remove(fmt.Sprintf("%s.%d", outputFile, i)) os.Remove(outputFile) return } data = data[:read] fout.Write(data) done += read if done >= chunkSize { break } finishedRaw += read progress = float32(finishedRaw) / float32(size) giu.Update() } fout.Close() // Update stats finished++ if finished == chunks { finished-- } splitted = append(splitted, fmt.Sprintf("%s.%d", outputFile, i)) progressInfo = fmt.Sprintf("%d/%d", finished+1, chunks) giu.Update() } fin.Close() os.Remove(outputFile) } // Remove the temporary file used to combine a splitted volume if recombine { os.Remove(inputFile) } // Delete the temporary zip file used to encrypt files if len(allFiles) > 1 || len(onlyFolders) > 0 { os.Remove(inputFile) } // Delete the input file(s) if the user chooses if deleteWhenDone { progressInfo = "" popupStatus = "Deleting files..." giu.Update() if mode == "decrypt" { if recombine { total := 0 for { _, err := os.Stat(fmt.Sprintf("%s.%d", inputFile, total)) if err != nil { break } os.Remove(fmt.Sprintf("%s.%d", inputFile, total)) total++ } } else { os.Remove(inputFile) } } else { for _, i := range onlyFiles { os.Remove(i) } for _, i := range onlyFolders { os.RemoveAll(i) } } } // All done, reset the UI resetUI() // If the user chose to keep a corrupted/modified file, let them know if kept { mainStatus = "The input file was modified. Please be careful." mainStatusColor = color.RGBA{0xff, 0xff, 0x00, 0xff} } else { mainStatus = "Completed." mainStatusColor = color.RGBA{0x00, 0xff, 0x00, 0xff} } // Clear some variables working = false kept = false key = nil popupStatus = "Ready." } // This function is run if an issue occurs during decryption func broken() { mainStatus = "The input file is damaged or modified." mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff} // Clean up files since decryption failed if recombine { os.Remove(inputFile) } os.Remove(outputFile) } // Reset the UI to a clean state with nothing selected or checked func resetUI() { mode = "" onlyFiles = nil onlyFolders = nil allFiles = nil inputLabel = "Drop files and folders into this window." startLabel = "Start" password = "" cpassword = "" keyfiles = nil keyfile = false keyfileOrderMatters = false keyfilePrompt = "None selected." comments = "" commentsPrompt = "Comments:" commentsDisabled = false keep = false reedsolo = false split = false splitSize = "" splitSelected = 1 deleteWhenDone = false paranoid = false compress = false inputFile = "" outputFile = "" progress = 0 progressInfo = "" mainStatus = "Ready." mainStatusColor = color.RGBA{0xff, 0xff, 0xff, 0xff} giu.Update() } // Reed-Solomon encoder func rsEncode(rs *infectious.FEC, data []byte) []byte { res := make([]byte, rs.Total()) rs.Encode(data, func(s infectious.Share) { res[s.Number] = s.Data[0] }) return res } // Reed-Solomon decoder func rsDecode(rs *infectious.FEC, data []byte) ([]byte, error) { tmp := make([]infectious.Share, rs.Total()) for i := 0; i < rs.Total(); i++ { tmp[i].Number = i tmp[i].Data = append(tmp[i].Data, data[i]) } res, err := rs.Decode(nil, tmp) // Force decode for the "Force decrypt" option if err != nil { if rs.Total() == 136 { return data[:128], err } return data[:rs.Total()/3], err } return res, nil } // PKCS#7 pad (for use with Reed-Solomon) func pad(data []byte) []byte { padLen := 128 - len(data)%128 padding := bytes.Repeat([]byte{byte(padLen)}, padLen) return append(data, padding...) } // PKCS#7 unpad func unpad(data []byte) []byte { length := len(data) padLen := int(data[length-1]) return data[:length-padLen] } // Generate a cryptographically secure password func genPassword() string { chars := "" if passgenUpper { chars += "ABCDEFGHIJKLMNOPQRSTUVWXYZ" } if passgenLower { chars += "abcdefghijklmnopqrstuvwxyz" } if passgenNums { chars += "1234567890" } if passgenSymbols { chars += "-=!@#$^&()_+?" } if chars == "" { return chars } tmp := make([]byte, passgenLength) for i := 0; i < int(passgenLength); i++ { j, _ := rand.Int(rand.Reader, new(big.Int).SetUint64(uint64(len(chars)))) tmp[i] = chars[j.Int64()] } if passgenCopy { clipboard.WriteAll(string(tmp)) } return string(tmp) } // Convert seconds to HH:MM:SS func humanize(seconds int) string { hours := int(math.Floor(float64(seconds) / 3600)) seconds %= 3600 minutes := int(math.Floor(float64(seconds) / 60)) seconds %= 60 hours = int(math.Max(float64(hours), 0)) minutes = int(math.Max(float64(minutes), 0)) seconds = int(math.Max(float64(seconds), 0)) return fmt.Sprintf("%02d:%02d:%02d", hours, minutes, seconds) } // Convert bytes to KiB, MiB, etc. func sizeify(size int64) string { if size >= int64(1<<40) { return fmt.Sprintf("%.2fT", float64(size)/(1<<40)) } else if size >= int64(1<<30) { return fmt.Sprintf("%.2fG", float64(size)/(1<<30)) } else if size >= int64(1<<20) { return fmt.Sprintf("%.0fM", float64(size)/(1<<20)) } else { return fmt.Sprintf("%.0fK", float64(size)/(1<<10)) } } func main() { // Create the main window window = giu.NewMasterWindow("Picocrypt", 318, 479, giu.MasterWindowFlagsNotResizable) // Start the dialog module dialog.Init() // Set callbacks window.SetDropCallback(onDrop) window.SetCloseCallback(func() bool { return !working }) // Set universal DPI dpi = giu.Context.GetPlatform().GetContentScale() // Start the UI window.Run(draw) }