mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-21 14:37:57 +00:00
uencrypt: split common and library-specific code
This splits the code in 4 files: - uencrypt.h - uencrypt.c - main program - uencrypt-openssl.c - OpenSSL/wolfSSL implementation - uencrypt-mbedtls - mbedTLS implementation Other changes, accounting for ~400 bytes increase in ipk size: - more error condition checking and reporting, - hide key and iv command line arguments Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This commit is contained in:
parent
4662adef2a
commit
1781e7408a
@ -4,7 +4,7 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=uencrypt
|
||||
PKG_RELEASE:=4
|
||||
PKG_RELEASE:=5
|
||||
|
||||
PKG_LICENSE:=GPL-2.0-or-later
|
||||
PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
|
||||
@ -19,6 +19,8 @@ else ifeq ($(BUILD_VARIANT),wolfssl)
|
||||
CMAKE_OPTIONS+=-DUSE_WOLFSSL=1
|
||||
endif
|
||||
|
||||
TARGET_CFLAGS+=-Wall
|
||||
|
||||
define Package/uencrypt/default
|
||||
SECTION:=utils
|
||||
CATEGORY:=Base system
|
||||
|
@ -13,9 +13,9 @@ if (USE_MBEDTLS)
|
||||
add_definitions(-DUSE_MBEDTLS)
|
||||
find_library(MBEDCRYPTO_LIBRARY mbedcrypto REQUIRED)
|
||||
set(CRYPTO_LIBRARIES ${MBEDCRYPTO_LIBRARY})
|
||||
add_executable(${PROJECT_NAME} ${PROJECT_NAME}-mbedtls.c)
|
||||
set(CRYPTO_SOURCES ${PROJECT_NAME}-mbedtls.c)
|
||||
else()
|
||||
add_executable(${PROJECT_NAME} ${PROJECT_NAME}-openssl.c)
|
||||
set(CRYPTO_SOURCES ${PROJECT_NAME}-openssl.c)
|
||||
if (USE_WOLFSSL)
|
||||
add_definitions(-DUSE_WOLFSSL)
|
||||
find_library(WOLFSSL_LIBRARY wolfssl REQUIRED)
|
||||
@ -25,6 +25,7 @@ else()
|
||||
set(CRYPTO_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
|
||||
endif()
|
||||
endif()
|
||||
add_executable(${PROJECT_NAME} ${PROJECT_NAME}.c ${PROJECT_NAME}.h ${CRYPTO_SOURCES})
|
||||
|
||||
target_link_libraries(${PROJECT_NAME} ${CRYPTO_LIBRARIES})
|
||||
|
||||
|
@ -3,115 +3,16 @@
|
||||
*/
|
||||
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <mbedtls/cipher.h>
|
||||
#include "uencrypt.h"
|
||||
|
||||
int do_crypt(FILE *infile, FILE *outfile, const mbedtls_cipher_info_t *cipher_info,
|
||||
const unsigned char *key, const unsigned char *iv, int enc, int padding)
|
||||
unsigned char *hexstr2buf(const char *str, long *len)
|
||||
{
|
||||
mbedtls_cipher_context_t ctx;
|
||||
unsigned char inbuf[1024], outbuf[1024 + MBEDTLS_MAX_BLOCK_LENGTH];
|
||||
size_t inlen, outlen;
|
||||
int ret = 0;
|
||||
int step;
|
||||
|
||||
mbedtls_cipher_init(&ctx);
|
||||
if ((ret = mbedtls_cipher_setup(&ctx, cipher_info))) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_setup: %d\n", ret);
|
||||
goto out;
|
||||
}
|
||||
step = iv ? 1024 : mbedtls_cipher_get_block_size(&ctx);
|
||||
if ((ret = mbedtls_cipher_setkey(&ctx, key, (int) mbedtls_cipher_get_key_bitlen(&ctx),
|
||||
enc ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT))) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_setkey: %d\n", ret);
|
||||
goto out;
|
||||
}
|
||||
if (iv && (ret = mbedtls_cipher_set_iv(&ctx, iv, cipher_info->iv_size))) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_set_iv: %d\n", ret);
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (cipher_info->block_size > 1) {
|
||||
if (cipher_info->mode == MBEDTLS_MODE_CBC) {
|
||||
if ((ret = mbedtls_cipher_set_padding_mode(&ctx,
|
||||
padding ? MBEDTLS_PADDING_PKCS7
|
||||
: MBEDTLS_PADDING_NONE))) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_set_padding_mode: %d\n", ret);
|
||||
goto out;
|
||||
}
|
||||
} else {
|
||||
if (cipher_info->mode != MBEDTLS_MODE_CBC && padding) {
|
||||
fprintf(stderr, "Error: mbedTLS only supports padding with CBC ciphers.\n");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_cipher_reset(&ctx))) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_reset: %d\n", ret);
|
||||
goto out;
|
||||
}
|
||||
|
||||
for (;;) {
|
||||
inlen = fread(inbuf, 1, step, infile);
|
||||
if (inlen <= 0)
|
||||
break;
|
||||
if ((ret = mbedtls_cipher_update(&ctx, inbuf, inlen, outbuf, &outlen))) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_update: %d\n", ret);
|
||||
goto out;
|
||||
}
|
||||
fwrite(outbuf, 1, outlen, outfile);
|
||||
}
|
||||
if ((ret = mbedtls_cipher_finish(&ctx, outbuf, &outlen))) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_finish: %d\n", ret);
|
||||
goto out;
|
||||
}
|
||||
fwrite(outbuf, 1, outlen, outfile);
|
||||
|
||||
out:
|
||||
mbedtls_cipher_free(&ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void check_enc_dec(const int enc)
|
||||
{
|
||||
if (enc == -1)
|
||||
return;
|
||||
fprintf(stderr, "Error: both -d and -e were specified.\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
static void check_cipher(const mbedtls_cipher_info_t *cipher_info)
|
||||
{
|
||||
const int *list;
|
||||
|
||||
if (cipher_info == NULL) {
|
||||
fprintf(stderr, "Error: invalid cipher: %s.\n", optarg);
|
||||
fprintf(stderr, "Supported ciphers: \n");
|
||||
for (list = mbedtls_cipher_list(); *list; list++) {
|
||||
cipher_info = mbedtls_cipher_info_from_type(*list);
|
||||
if (!cipher_info)
|
||||
continue;
|
||||
fprintf(stderr, "\t%s\n", cipher_info->name);
|
||||
}
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
|
||||
static void show_usage(const char* name)
|
||||
{
|
||||
fprintf(stderr, "Usage: %s: [-d | -e] [-n] -k key [-i iv] [-c cipher]\n"
|
||||
"-d = decrypt; -e = encrypt; -n = no padding\n", name);
|
||||
}
|
||||
|
||||
char *hexstr2buf(const char *str, size_t *len)
|
||||
{
|
||||
char *buf;
|
||||
size_t inlen = strlen(str);
|
||||
unsigned char *buf;
|
||||
long inlen = strlen(str);
|
||||
|
||||
*len = 0;
|
||||
if (inlen % 2)
|
||||
@ -119,94 +20,167 @@ char *hexstr2buf(const char *str, size_t *len)
|
||||
|
||||
*len = inlen >> 1;
|
||||
buf = malloc(*len);
|
||||
for (size_t x = 0; x < *len; x++)
|
||||
for (long x = 0; x < *len; x++)
|
||||
sscanf(str + x * 2, "%2hhx", buf + x);
|
||||
return buf;
|
||||
}
|
||||
|
||||
const cipher_t *get_default_cipher(void)
|
||||
{
|
||||
return mbedtls_cipher_info_from_type (MBEDTLS_CIPHER_AES_128_CBC);
|
||||
}
|
||||
|
||||
static char* upperstr(char *str) {
|
||||
for (char *s = str; *s; s++)
|
||||
*s = toupper((unsigned char) *s);
|
||||
return str;
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
const cipher_t *get_cipher_or_print_error(char *name)
|
||||
{
|
||||
int enc = -1;
|
||||
unsigned char *iv = NULL;
|
||||
unsigned char *key = NULL;
|
||||
size_t keylen = 0, ivlen = 0;
|
||||
int opt;
|
||||
int padding = 1;
|
||||
const mbedtls_cipher_info_t *cipher_info =
|
||||
mbedtls_cipher_info_from_type (MBEDTLS_CIPHER_AES_128_CBC);
|
||||
const mbedtls_cipher_info_t *cipher;
|
||||
|
||||
cipher = mbedtls_cipher_info_from_string(upperstr(name));
|
||||
if (cipher)
|
||||
return cipher;
|
||||
|
||||
fprintf(stderr, "Error: invalid cipher: %s.\n", name);
|
||||
fprintf(stderr, "Supported ciphers: \n");
|
||||
for (const int *list = mbedtls_cipher_list(); *list; list++) {
|
||||
cipher = mbedtls_cipher_info_from_type(*list);
|
||||
if (!cipher)
|
||||
continue;
|
||||
fprintf(stderr, "\t%s\n", cipher->name);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int get_cipher_ivsize(const cipher_t *cipher)
|
||||
{
|
||||
const mbedtls_cipher_info_t *c = cipher;
|
||||
|
||||
return c->iv_size;
|
||||
}
|
||||
|
||||
int get_cipher_keysize(const cipher_t *cipher)
|
||||
{
|
||||
const mbedtls_cipher_info_t *c = cipher;
|
||||
|
||||
return c->key_bitlen >> 3;
|
||||
}
|
||||
|
||||
ctx_t *create_ctx(const cipher_t *cipher, const unsigned char *key,
|
||||
const unsigned char *iv, int enc, int padding)
|
||||
{
|
||||
mbedtls_cipher_context_t *ctx;
|
||||
const mbedtls_cipher_info_t *cipher_info=cipher;
|
||||
int ret;
|
||||
|
||||
while ((opt = getopt(argc, argv, "c:dei:k:n")) != -1) {
|
||||
switch (opt) {
|
||||
case 'c':
|
||||
cipher_info = mbedtls_cipher_info_from_string(upperstr(optarg));
|
||||
check_cipher(cipher_info);
|
||||
break;
|
||||
case 'd':
|
||||
check_enc_dec(enc);
|
||||
enc = 0;
|
||||
break;
|
||||
case 'e':
|
||||
check_enc_dec(enc);
|
||||
enc = 1;
|
||||
break;
|
||||
case 'i':
|
||||
iv = (unsigned char *) hexstr2buf((const char *)optarg, &ivlen);
|
||||
if (iv == NULL) {
|
||||
fprintf(stderr, "Error setting IV to %s. The IV should be encoded in hex.\n",
|
||||
optarg);
|
||||
exit(EINVAL);
|
||||
}
|
||||
break;
|
||||
case 'k':
|
||||
key = (unsigned char *) hexstr2buf((const char *)optarg, &keylen);
|
||||
if (key == NULL) {
|
||||
fprintf(stderr, "Error setting key to %s. The key should be encoded in hex.\n",
|
||||
optarg);
|
||||
exit(EINVAL);
|
||||
}
|
||||
break;
|
||||
case 'n':
|
||||
padding = 0;
|
||||
break;
|
||||
default:
|
||||
show_usage(argv[0]);
|
||||
exit(EINVAL);
|
||||
ctx = malloc(sizeof (mbedtls_cipher_context_t));
|
||||
if (!ctx) {
|
||||
fprintf (stderr, "Error: create_ctx: out of memory.\n");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
mbedtls_cipher_init(ctx);
|
||||
ret = mbedtls_cipher_setup(ctx, cipher_info);
|
||||
if (ret) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_setup: %d\n", ret);
|
||||
goto abort;
|
||||
}
|
||||
ret = mbedtls_cipher_setkey(ctx, key,
|
||||
(int) mbedtls_cipher_get_key_bitlen(ctx),
|
||||
enc ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT);
|
||||
if (ret) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_setkey: %d\n", ret);
|
||||
goto abort;
|
||||
}
|
||||
if (iv) {
|
||||
ret = mbedtls_cipher_set_iv(ctx, iv, mbedtls_cipher_get_iv_size(ctx));
|
||||
if (ret) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_set_iv: %d\n", ret);
|
||||
goto abort;
|
||||
}
|
||||
}
|
||||
if (cipher_info->iv_size) {
|
||||
if (iv == NULL) {
|
||||
fprintf(stderr, "Error: iv not set.\n");
|
||||
show_usage(argv[0]);
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
if (cipher_info->mode == MBEDTLS_MODE_CBC) {
|
||||
ret = mbedtls_cipher_set_padding_mode(ctx, padding ?
|
||||
MBEDTLS_PADDING_PKCS7 :
|
||||
MBEDTLS_PADDING_NONE);
|
||||
if (ret) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_set_padding_mode: %d\n",
|
||||
ret);
|
||||
goto abort;
|
||||
}
|
||||
if (ivlen != cipher_info->iv_size) {
|
||||
fprintf(stderr, "Error: IV must be %d bytes; given IV is %zd bytes.\n",
|
||||
cipher_info->iv_size, ivlen);
|
||||
exit(EXIT_FAILURE);
|
||||
} else {
|
||||
if (cipher_info->block_size > 1 && padding) {
|
||||
fprintf(stderr,
|
||||
"Error: mbedTLS only allows padding with CBC ciphers.\n");
|
||||
goto abort;
|
||||
}
|
||||
}
|
||||
if (key == NULL) {
|
||||
fprintf(stderr, "Error: key not set.\n");
|
||||
show_usage(argv[0]);
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
ret = mbedtls_cipher_reset(ctx);
|
||||
if (ret) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_reset: %d\n", ret);
|
||||
goto abort;
|
||||
}
|
||||
return ctx;
|
||||
|
||||
abort:
|
||||
free_ctx(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int do_crypt(FILE *infile, FILE *outfile, ctx_t *ctx)
|
||||
{
|
||||
unsigned char inbuf[CRYPT_BUF_SIZE];
|
||||
unsigned char outbuf[CRYPT_BUF_SIZE + MBEDTLS_MAX_BLOCK_LENGTH];
|
||||
size_t inlen, outlen, step;
|
||||
int ret;
|
||||
|
||||
if (mbedtls_cipher_get_cipher_mode(ctx) == MBEDTLS_MODE_ECB) {
|
||||
step = mbedtls_cipher_get_block_size(ctx);
|
||||
if (step > CRYPT_BUF_SIZE) {
|
||||
step = CRYPT_BUF_SIZE;
|
||||
}
|
||||
} else {
|
||||
step = CRYPT_BUF_SIZE;
|
||||
}
|
||||
|
||||
for (;;) {
|
||||
inlen = fread(inbuf, 1, step, infile);
|
||||
if (inlen <= 0)
|
||||
break;
|
||||
ret = mbedtls_cipher_update(ctx, inbuf, inlen, outbuf, &outlen);
|
||||
if (ret) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_update: %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
ret = fwrite(outbuf, 1, outlen, outfile);
|
||||
if (ret != outlen) {
|
||||
fprintf(stderr, "Error: cipher_update short write.\n");
|
||||
return ret - outlen;
|
||||
}
|
||||
}
|
||||
ret = mbedtls_cipher_finish(ctx, outbuf, &outlen);
|
||||
if (ret) {
|
||||
fprintf(stderr, "Error: mbedtls_cipher_finish: %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
ret = fwrite(outbuf, 1, outlen, outfile);
|
||||
if (ret != outlen) {
|
||||
fprintf(stderr, "Error: cipher_finish short write.\n");
|
||||
return ret - outlen;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void free_ctx(ctx_t *ctx)
|
||||
{
|
||||
if (ctx) {
|
||||
mbedtls_cipher_free(ctx);
|
||||
free(ctx);
|
||||
}
|
||||
if (keylen != cipher_info->key_bitlen >> 3) {
|
||||
fprintf(stderr, "Error: key must be %d bytes; given key is %zd bytes.\n",
|
||||
cipher_info->key_bitlen >> 3, keylen);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
ret = do_crypt(stdin, stdout, cipher_info, key, iv, !!enc, padding);
|
||||
if (iv)
|
||||
memset(iv, 0, ivlen);
|
||||
memset(key, 0, keylen);
|
||||
free(iv);
|
||||
free(key);
|
||||
return ret;
|
||||
}
|
||||
|
@ -2,56 +2,15 @@
|
||||
* Copyright (C) 2022-2023 Eneas Ulir de Queiroz
|
||||
*/
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include "uencrypt.h"
|
||||
|
||||
#ifdef USE_WOLFSSL
|
||||
# include <wolfssl/options.h>
|
||||
# include <wolfssl/openssl/evp.h>
|
||||
#else
|
||||
# include <openssl/evp.h>
|
||||
#endif
|
||||
|
||||
int do_crypt(FILE *infile, FILE *outfile, const EVP_CIPHER *cipher, const unsigned char *key,
|
||||
const unsigned char *iv, int enc, int padding)
|
||||
const cipher_t *get_default_cipher(void)
|
||||
{
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
|
||||
int inlen, outlen;
|
||||
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
|
||||
EVP_CIPHER_CTX_set_padding(ctx, padding);
|
||||
|
||||
for (;;) {
|
||||
inlen = fread(inbuf, 1, 1024, infile);
|
||||
if (inlen <= 0)
|
||||
break;
|
||||
if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) {
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
return -1;
|
||||
}
|
||||
fwrite(outbuf, 1, outlen, outfile);
|
||||
}
|
||||
if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) {
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
return -1;
|
||||
}
|
||||
fwrite(outbuf, 1, outlen, outfile);
|
||||
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void check_enc_dec(const int enc)
|
||||
{
|
||||
if (enc == -1)
|
||||
return;
|
||||
fprintf(stderr, "Error: both -d and -e were specified.\n");
|
||||
exit(EXIT_FAILURE);
|
||||
return EVP_aes_128_cbc();
|
||||
}
|
||||
|
||||
#ifndef USE_WOLFSSL
|
||||
@ -60,100 +19,98 @@ static void print_ciphers(const OBJ_NAME *name,void *arg) {
|
||||
}
|
||||
#endif
|
||||
|
||||
static void check_cipher(const EVP_CIPHER *cipher)
|
||||
const cipher_t *get_cipher_or_print_error(char *name)
|
||||
{
|
||||
if (cipher == NULL) {
|
||||
fprintf(stderr, "Error: invalid cipher: %s.\n", optarg);
|
||||
const EVP_CIPHER *cipher;
|
||||
|
||||
if ((cipher = EVP_get_cipherbyname(name)))
|
||||
return cipher;
|
||||
|
||||
fprintf(stderr, "Error: invalid cipher: %s.\n", name);
|
||||
#ifndef USE_WOLFSSL
|
||||
fprintf(stderr, "Supported ciphers: \n");
|
||||
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, print_ciphers, stderr);
|
||||
fprintf(stderr, "Supported ciphers: \n");
|
||||
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, print_ciphers, stderr);
|
||||
#endif
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static void show_usage(const char* name)
|
||||
int get_cipher_ivsize(const cipher_t *cipher)
|
||||
{
|
||||
fprintf(stderr, "Usage: %s: [-d | -e] [-n] -k key [-i iv] [-c cipher]\n"
|
||||
"-d = decrypt; -e = encrypt; -n = no padding\n", name);
|
||||
return EVP_CIPHER_iv_length(cipher);
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
int get_cipher_keysize(const cipher_t *cipher)
|
||||
{
|
||||
int enc = -1;
|
||||
unsigned char *iv = NULL;
|
||||
unsigned char *key = NULL;
|
||||
long ivlen = 0, keylen = 0;
|
||||
int cipher_ivlen, cipher_keylen;
|
||||
int opt;
|
||||
int padding = 1;
|
||||
const EVP_CIPHER *cipher = EVP_aes_128_cbc();
|
||||
return EVP_CIPHER_key_length(cipher);
|
||||
}
|
||||
|
||||
ctx_t *create_ctx(const cipher_t *cipher, const unsigned char *key,
|
||||
const unsigned char *iv, int enc, int padding)
|
||||
{
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
int ret;
|
||||
|
||||
while ((opt = getopt(argc, argv, "c:dei:k:n")) != -1) {
|
||||
switch (opt) {
|
||||
case 'c':
|
||||
cipher = EVP_get_cipherbyname(optarg);
|
||||
check_cipher(cipher);
|
||||
break;
|
||||
case 'd':
|
||||
check_enc_dec(enc);
|
||||
enc = 0;
|
||||
break;
|
||||
case 'e':
|
||||
check_enc_dec(enc);
|
||||
enc = 1;
|
||||
break;
|
||||
case 'i':
|
||||
iv = OPENSSL_hexstr2buf((const char *)optarg, &ivlen);
|
||||
if (iv == NULL) {
|
||||
fprintf(stderr, "Error setting IV to %s. The IV should be encoded in hex.\n",
|
||||
optarg);
|
||||
exit(EINVAL);
|
||||
}
|
||||
break;
|
||||
case 'k':
|
||||
key = OPENSSL_hexstr2buf((const char *)optarg, &keylen);
|
||||
if (key == NULL) {
|
||||
fprintf(stderr, "Error setting key to %s. The key should be encoded in hex.\n",
|
||||
optarg);
|
||||
exit(EINVAL);
|
||||
}
|
||||
break;
|
||||
case 'n':
|
||||
padding = 0;
|
||||
break;
|
||||
default:
|
||||
show_usage(argv[0]);
|
||||
exit(EINVAL);
|
||||
}
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (!ctx) {
|
||||
fprintf (stderr, "Error: create_ctx: out of memory.\n");
|
||||
return NULL;
|
||||
}
|
||||
if (key == NULL) {
|
||||
fprintf(stderr, "Error: key not set.\n");
|
||||
show_usage(argv[0]);
|
||||
exit(EXIT_FAILURE);
|
||||
ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
|
||||
if (!ret) {
|
||||
fprintf(stderr, "Error:EVP_CipherInit_ex: %d\n", ret);
|
||||
goto abort;
|
||||
}
|
||||
if ((cipher_keylen = EVP_CIPHER_key_length(cipher)) != keylen) {
|
||||
fprintf(stderr, "Error: key must be %d bytes; given key is %ld bytes.\n",
|
||||
cipher_keylen, keylen);
|
||||
exit(EXIT_FAILURE);
|
||||
ret = EVP_CIPHER_CTX_set_padding(ctx, padding);
|
||||
if (!ret) {
|
||||
fprintf(stderr, "Error:EVP_CIPHER_CTX_set_padding: %d\n", ret);
|
||||
goto abort;
|
||||
}
|
||||
if ((cipher_ivlen = EVP_CIPHER_iv_length(cipher))) {
|
||||
if (iv == NULL) {
|
||||
fprintf(stderr, "Error: IV not set.\n");
|
||||
show_usage(argv[0]);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
if (cipher_ivlen != ivlen) {
|
||||
fprintf(stderr, "Error: IV must be %d bytes; given IV is %ld bytes.\n",
|
||||
cipher_ivlen, ivlen);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
ret = do_crypt(stdin, stdout, cipher, key, iv, !!enc, padding);
|
||||
if (ret)
|
||||
fprintf(stderr, "Error during crypt operation.\n");
|
||||
OPENSSL_free(iv);
|
||||
OPENSSL_free(key);
|
||||
return ret;
|
||||
|
||||
return ctx;
|
||||
|
||||
abort:
|
||||
free_ctx(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
int do_crypt(FILE *infile, FILE *outfile, ctx_t *ctx)
|
||||
{
|
||||
unsigned char inbuf[CRYPT_BUF_SIZE];
|
||||
unsigned char outbuf[CRYPT_BUF_SIZE + EVP_MAX_BLOCK_LENGTH];
|
||||
int inlen, outlen;
|
||||
int ret;
|
||||
|
||||
for (;;) {
|
||||
inlen = fread(inbuf, 1, CRYPT_BUF_SIZE, infile);
|
||||
if (inlen <= 0)
|
||||
break;
|
||||
ret = EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen);
|
||||
if (!ret) {
|
||||
fprintf(stderr, "Error: EVP_CipherUpdate: %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
ret = fwrite(outbuf, 1, outlen, outfile);
|
||||
if (ret != outlen) {
|
||||
fprintf(stderr, "Error: CipherUpdate short write.\n");
|
||||
return ret - outlen;
|
||||
}
|
||||
}
|
||||
ret = EVP_CipherFinal_ex(ctx, outbuf, &outlen);
|
||||
if (!ret) {
|
||||
fprintf(stderr, "Error: EVP_CipherFinal: %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
ret = fwrite(outbuf, 1, outlen, outfile);
|
||||
if (ret != outlen) {
|
||||
fprintf(stderr, "Error: CipherFinal short write.\n");
|
||||
return ret - outlen;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void free_ctx(ctx_t *ctx)
|
||||
{
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
}
|
||||
|
105
package/utils/uencrypt/src/uencrypt.c
Normal file
105
package/utils/uencrypt/src/uencrypt.c
Normal file
@ -0,0 +1,105 @@
|
||||
/* SPDX-License-Identifier: GPL-2.0-or-later
|
||||
* Copyright (C) 2023 Eneas Ulir de Queiroz
|
||||
*/
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "uencrypt.h"
|
||||
|
||||
static void check_enc_dec(const int enc)
|
||||
{
|
||||
if (enc == -1)
|
||||
return;
|
||||
fprintf(stderr, "Error: both -d and -e were specified.\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
static void show_usage(const char* name)
|
||||
{
|
||||
fprintf(stderr, "Usage: %s: [-d | -e] [-n] -k key [-i iv] [-c cipher]\n"
|
||||
"-d = decrypt; -e = encrypt; -n = no padding\n", name);
|
||||
}
|
||||
|
||||
static void uencrypt_clear_free(void *ptr, size_t len)
|
||||
{
|
||||
if (ptr) {
|
||||
memset(ptr, 0, len);
|
||||
free(ptr);
|
||||
}
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
int enc = -1;
|
||||
unsigned char *iv = NULL;
|
||||
unsigned char *key = NULL;
|
||||
long keylen = 0, ivlen = 0;
|
||||
int opt;
|
||||
int padding = 1;
|
||||
const cipher_t *cipher = get_default_cipher();
|
||||
ctx_t* ctx;
|
||||
int ret = EXIT_FAILURE;
|
||||
|
||||
while ((opt = getopt(argc, argv, "c:dei:k:n")) != -1) {
|
||||
switch (opt) {
|
||||
case 'c':
|
||||
if (!(cipher = get_cipher_or_print_error(optarg)))
|
||||
exit(EXIT_FAILURE);
|
||||
break;
|
||||
case 'd':
|
||||
check_enc_dec(enc);
|
||||
enc = 0;
|
||||
break;
|
||||
case 'e':
|
||||
check_enc_dec(enc);
|
||||
enc = 1;
|
||||
break;
|
||||
case 'i':
|
||||
iv = hexstr2buf(optarg, &ivlen);
|
||||
if (iv == NULL) {
|
||||
fprintf(stderr, "Error setting IV to %s. The IV should be encoded in hex.\n",
|
||||
optarg);
|
||||
exit(EINVAL);
|
||||
}
|
||||
memset(optarg, '*', strlen(optarg));
|
||||
break;
|
||||
case 'k':
|
||||
key = hexstr2buf(optarg, &keylen);
|
||||
if (key == NULL) {
|
||||
fprintf(stderr, "Error setting key to %s. The key should be encoded in hex.\n",
|
||||
optarg);
|
||||
exit(EINVAL);
|
||||
}
|
||||
memset(optarg, '*', strlen(optarg));
|
||||
break;
|
||||
case 'n':
|
||||
padding = 0;
|
||||
break;
|
||||
default:
|
||||
show_usage(argv[0]);
|
||||
exit(EINVAL);
|
||||
}
|
||||
}
|
||||
if (ivlen != get_cipher_ivsize(cipher)) {
|
||||
fprintf(stderr, "Error: IV must be %d bytes; given IV is %zd bytes.\n",
|
||||
get_cipher_ivsize(cipher), ivlen);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
if (keylen != get_cipher_keysize(cipher)) {
|
||||
fprintf(stderr, "Error: key must be %d bytes; given key is %zd bytes.\n",
|
||||
get_cipher_keysize(cipher), keylen);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
ctx = create_ctx(cipher, key, iv, !!enc, padding);
|
||||
if (ctx) {
|
||||
ret = do_crypt(stdin, stdout, ctx);
|
||||
free_ctx(ctx);
|
||||
}
|
||||
uencrypt_clear_free(iv, ivlen);
|
||||
uencrypt_clear_free(key, keylen);
|
||||
return ret;
|
||||
}
|
49
package/utils/uencrypt/src/uencrypt.h
Normal file
49
package/utils/uencrypt/src/uencrypt.h
Normal file
@ -0,0 +1,49 @@
|
||||
/* SPDX-License-Identifier: GPL-2.0-or-later
|
||||
* Copyright (C) 2022-2023 Eneas Ulir de Queiroz
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#define CRYPT_BUF_SIZE 1024
|
||||
|
||||
#ifdef USE_MBEDTLS
|
||||
# include <mbedtls/cipher.h>
|
||||
|
||||
# if defined(MBEDTLS_MAX_BLOCK_LENGTH) \
|
||||
&& MBEDTLS_MAX_BLOCK_LENGTH > CRYPT_BUF_SIZE
|
||||
# undef CRYPT_BUF_SIZE
|
||||
# define CRYPT_BUF_SIZE MAX_BLOCK_LENGTH
|
||||
# endif
|
||||
|
||||
unsigned char *hexstr2buf(const char* str, long *len);
|
||||
|
||||
#else /* USE_MBEDTLS */
|
||||
# ifdef USE_WOLFSSL
|
||||
# include <wolfssl/options.h>
|
||||
# include <wolfssl/openssl/evp.h>
|
||||
# else
|
||||
# include <openssl/evp.h>
|
||||
# endif
|
||||
|
||||
# if defined(EVP_MAX_BLOCK_LENGTH) \
|
||||
&& EVP_MAX_BLOCK_LENGTH > CRYPT_BUF_SIZE
|
||||
# undef CRYPT_BUF_SIZE
|
||||
# define CRYPT_BUF_SIZE EVP_MAX_BLOCK_LENGTH
|
||||
# endif
|
||||
|
||||
# define hexstr2buf OPENSSL_hexstr2buf
|
||||
|
||||
#endif /* USE_MBEDTLS */
|
||||
|
||||
typedef void cipher_t;
|
||||
typedef void ctx_t;
|
||||
|
||||
const cipher_t *get_default_cipher(void);
|
||||
const cipher_t *get_cipher_or_print_error(char *name);
|
||||
int get_cipher_ivsize(const cipher_t *cipher);
|
||||
int get_cipher_keysize(const cipher_t *cipher);
|
||||
|
||||
ctx_t *create_ctx(const cipher_t *cipher, const unsigned char *key,
|
||||
const unsigned char *iv, int enc, int padding);
|
||||
int do_crypt(FILE *infile, FILE *outfile, ctx_t *ctx);
|
||||
void free_ctx(ctx_t *ctx);
|
Loading…
Reference in New Issue
Block a user