1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
/* SPDX-License-Identifier: GPL-2.0-or-later
* Copyright (C) 2022 Eneas Ulir de Queiroz
*/
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifdef USE_WOLFSSL
# include <wolfssl/options.h>
# include <wolfssl/openssl/evp.h>
#else
# include <openssl/evp.h>
#endif
int do_crypt(FILE *infile, FILE *outfile, const EVP_CIPHER *cipher, const char *key, const char *iv,
int enc, int padding)
{
EVP_CIPHER_CTX *ctx;
unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
int inlen, outlen;
ctx = EVP_CIPHER_CTX_new();
EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
EVP_CIPHER_CTX_set_padding(ctx, padding);
for (;;) {
inlen = fread(inbuf, 1, 1024, infile);
if (inlen <= 0)
break;
if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) {
EVP_CIPHER_CTX_free(ctx);
return -1;
}
fwrite(outbuf, 1, outlen, outfile);
}
if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) {
EVP_CIPHER_CTX_free(ctx);
return -1;
}
fwrite(outbuf, 1, outlen, outfile);
EVP_CIPHER_CTX_free(ctx);
return 0;
}
static void check_enc_dec(const int enc)
{
if (enc == -1)
return;
fprintf(stderr, "Error: both -d and -e were specified.\n");
exit(EXIT_FAILURE);
}
#ifndef USE_WOLFSSL
static void print_ciphers(const OBJ_NAME *name,void *arg) {
fprintf(arg, "\t%s\n", name->name);
}
#endif
static void check_cipher(const EVP_CIPHER *cipher)
{
if (cipher == NULL) {
fprintf(stderr, "Error: invalid cipher: %s.\n", optarg);
#ifndef USE_WOLFSSL
fprintf(stderr, "Supported ciphers: \n", optarg);
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, print_ciphers, stderr);
#endif
exit(EXIT_FAILURE);
}
}
static void show_usage(const char* name)
{
fprintf(stderr, "Usage: %s: [-d | -e] [-n] -k key [-i iv] [-c cipher]\n"
"-d = decrypt; -e = encrypt; -n = no padding\n", name);
}
int main(int argc, char *argv[])
{
int enc = -1;
unsigned char *iv = NULL;
unsigned char *key = NULL;
long len;
int opt;
int padding = 1;
int need_iv = 1;
const EVP_CIPHER *cipher = EVP_aes_128_cbc();
int ret;
while ((opt = getopt(argc, argv, "c:dei:k:n")) != -1) {
switch (opt) {
case 'c':
cipher = EVP_get_cipherbyname(optarg);
check_cipher(cipher);
int arglen = strlen(optarg);
if (arglen > 3 && strncmp(optarg+arglen-3, "ecb", 3) == 0) //if ends with "ecb"
need_iv = 0;
break;
case 'd':
check_enc_dec(enc);
enc = 0;
break;
case 'e':
check_enc_dec(enc);
enc = 1;
break;
case 'i':
iv = OPENSSL_hexstr2buf((const char *)optarg, &len);
if (iv == NULL) {
fprintf(stderr, "Error setting IV to %s. The IV should be encoded in hex.\n",
optarg);
exit(EINVAL);
}
break;
case 'k':
key = OPENSSL_hexstr2buf((const char *)optarg, &len);
if (key == NULL) {
fprintf(stderr, "Error setting key to %s. The key should be encoded in hex.\n",
optarg);
exit(EINVAL);
}
break;
case 'n':
padding = 0;
break;
default:
show_usage(argv[0]);
exit(EINVAL);
}
}
if (need_iv && iv == NULL) {
fprintf(stderr, "Error: iv not set.\n");
show_usage(argv[0]);
exit(EXIT_FAILURE);
}
if (key == NULL) {
fprintf(stderr, "Error: key not set.\n");
show_usage(argv[0]);
exit(EXIT_FAILURE);
}
ret = do_crypt(stdin, stdout, cipher, key, iv, !!enc, padding);
if (ret)
fprintf(stderr, "Error during crypt operation.\n");
OPENSSL_free(iv);
OPENSSL_free(key);
return ret;
}
|
