1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
/* SPDX-License-Identifier: GPL-2.0-or-later
* Copyright (C) 2022-2023 Eneas Ulir de Queiroz
*/
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifdef USE_WOLFSSL
# include <wolfssl/options.h>
# include <wolfssl/openssl/evp.h>
#else
# include <openssl/evp.h>
#endif
int do_crypt(FILE *infile, FILE *outfile, const EVP_CIPHER *cipher, const unsigned char *key,
const unsigned char *iv, int enc, int padding)
{
EVP_CIPHER_CTX *ctx;
unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
int inlen, outlen;
ctx = EVP_CIPHER_CTX_new();
EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
EVP_CIPHER_CTX_set_padding(ctx, padding);
for (;;) {
inlen = fread(inbuf, 1, 1024, infile);
if (inlen <= 0)
break;
if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) {
EVP_CIPHER_CTX_free(ctx);
return -1;
}
fwrite(outbuf, 1, outlen, outfile);
}
if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) {
EVP_CIPHER_CTX_free(ctx);
return -1;
}
fwrite(outbuf, 1, outlen, outfile);
EVP_CIPHER_CTX_free(ctx);
return 0;
}
static void check_enc_dec(const int enc)
{
if (enc == -1)
return;
fprintf(stderr, "Error: both -d and -e were specified.\n");
exit(EXIT_FAILURE);
}
#ifndef USE_WOLFSSL
static void print_ciphers(const OBJ_NAME *name,void *arg) {
fprintf(arg, "\t%s\n", name->name);
}
#endif
static void check_cipher(const EVP_CIPHER *cipher)
{
if (cipher == NULL) {
fprintf(stderr, "Error: invalid cipher: %s.\n", optarg);
#ifndef USE_WOLFSSL
fprintf(stderr, "Supported ciphers: \n");
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, print_ciphers, stderr);
#endif
exit(EXIT_FAILURE);
}
}
static void show_usage(const char* name)
{
fprintf(stderr, "Usage: %s: [-d | -e] [-n] -k key [-i iv] [-c cipher]\n"
"-d = decrypt; -e = encrypt; -n = no padding\n", name);
}
int main(int argc, char *argv[])
{
int enc = -1;
unsigned char *iv = NULL;
unsigned char *key = NULL;
long ivlen = 0, keylen = 0;
int cipher_ivlen, cipher_keylen;
int opt;
int padding = 1;
const EVP_CIPHER *cipher = EVP_aes_128_cbc();
int ret;
while ((opt = getopt(argc, argv, "c:dei:k:n")) != -1) {
switch (opt) {
case 'c':
cipher = EVP_get_cipherbyname(optarg);
check_cipher(cipher);
break;
case 'd':
check_enc_dec(enc);
enc = 0;
break;
case 'e':
check_enc_dec(enc);
enc = 1;
break;
case 'i':
iv = OPENSSL_hexstr2buf((const char *)optarg, &ivlen);
if (iv == NULL) {
fprintf(stderr, "Error setting IV to %s. The IV should be encoded in hex.\n",
optarg);
exit(EINVAL);
}
break;
case 'k':
key = OPENSSL_hexstr2buf((const char *)optarg, &keylen);
if (key == NULL) {
fprintf(stderr, "Error setting key to %s. The key should be encoded in hex.\n",
optarg);
exit(EINVAL);
}
break;
case 'n':
padding = 0;
break;
default:
show_usage(argv[0]);
exit(EINVAL);
}
}
if (key == NULL) {
fprintf(stderr, "Error: key not set.\n");
show_usage(argv[0]);
exit(EXIT_FAILURE);
}
if ((cipher_keylen = EVP_CIPHER_key_length(cipher)) != keylen) {
fprintf(stderr, "Error: key must be %d bytes; given key is %ld bytes.\n",
cipher_keylen, keylen);
exit(EXIT_FAILURE);
}
if ((cipher_ivlen = EVP_CIPHER_iv_length(cipher))) {
if (iv == NULL) {
fprintf(stderr, "Error: IV not set.\n");
show_usage(argv[0]);
exit(EXIT_FAILURE);
}
if (cipher_ivlen != ivlen) {
fprintf(stderr, "Error: IV must be %d bytes; given IV is %ld bytes.\n",
cipher_ivlen, ivlen);
exit(EXIT_FAILURE);
}
}
ret = do_crypt(stdin, stdout, cipher, key, iv, !!enc, padding);
if (ret)
fprintf(stderr, "Error during crypt operation.\n");
OPENSSL_free(iv);
OPENSSL_free(key);
return ret;
}
|
