1 /*
2 * \brief Generic file encryption program using generic wrappers for configured
3 * security.
4 *
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21 /* Enable definition of fileno() even when compiling with -std=c99. Must be
22 * set before mbedtls_config.h, which pulls in glibc's features.h indirectly.
23 * Harmless on other platforms. */
24 #define _POSIX_C_SOURCE 200112L
25
26 #include "mbedtls/build_info.h"
27
28 #if defined(MBEDTLS_PLATFORM_C)
29 #include "mbedtls/platform.h"
30 #else
31 #include <stdio.h>
32 #include <stdlib.h>
33 #define mbedtls_fprintf fprintf
34 #define mbedtls_printf printf
35 #define mbedtls_exit exit
36 #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
37 #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
38 #endif /* MBEDTLS_PLATFORM_C */
39
40 #if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \
41 defined(MBEDTLS_FS_IO)
42 #include "mbedtls/cipher.h"
43 #include "mbedtls/md.h"
44 #include "mbedtls/platform_util.h"
45
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <string.h>
49 #endif
50
51 #if defined(_WIN32)
52 #include <windows.h>
53 #if !defined(_WIN32_WCE)
54 #include <io.h>
55 #endif
56 #else
57 #include <sys/types.h>
58 #include <unistd.h>
59 #endif
60
61 #define MODE_ENCRYPT 0
62 #define MODE_DECRYPT 1
63
64 #define USAGE \
65 "\n crypt_and_hash <mode> <input filename> <output filename> <cipher> <mbedtls_md> <key>\n" \
66 "\n <mode>: 0 = encrypt, 1 = decrypt\n" \
67 "\n example: crypt_and_hash 0 file file.aes AES-128-CBC SHA1 hex:E76B2413958B00E193\n" \
68 "\n"
69
70 #if !defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C) || \
71 !defined(MBEDTLS_FS_IO)
main(void)72 int main( void )
73 {
74 mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
75 mbedtls_exit( 0 );
76 }
77 #else
78
79
main(int argc,char * argv[])80 int main( int argc, char *argv[] )
81 {
82 int ret = 1, i;
83 unsigned n;
84 int exit_code = MBEDTLS_EXIT_FAILURE;
85 int mode;
86 size_t keylen, ilen, olen;
87 FILE *fkey, *fin = NULL, *fout = NULL;
88
89 char *p;
90 unsigned char IV[16];
91 unsigned char key[512];
92 unsigned char digest[MBEDTLS_MD_MAX_SIZE];
93 unsigned char buffer[1024];
94 unsigned char output[1024];
95 unsigned char diff;
96
97 const mbedtls_cipher_info_t *cipher_info;
98 const mbedtls_md_info_t *md_info;
99 mbedtls_cipher_context_t cipher_ctx;
100 mbedtls_md_context_t md_ctx;
101 #if defined(_WIN32_WCE)
102 long filesize, offset;
103 #elif defined(_WIN32)
104 LARGE_INTEGER li_size;
105 __int64 filesize, offset;
106 #else
107 off_t filesize, offset;
108 #endif
109
110 mbedtls_cipher_init( &cipher_ctx );
111 mbedtls_md_init( &md_ctx );
112
113 /*
114 * Parse the command-line arguments.
115 */
116 if( argc != 7 )
117 {
118 const int *list;
119
120 mbedtls_printf( USAGE );
121
122 mbedtls_printf( "Available ciphers:\n" );
123 list = mbedtls_cipher_list();
124 while( *list )
125 {
126 cipher_info = mbedtls_cipher_info_from_type( *list );
127 mbedtls_printf( " %s\n", mbedtls_cipher_info_get_name( cipher_info ) );
128 list++;
129 }
130
131 mbedtls_printf( "\nAvailable message digests:\n" );
132 list = mbedtls_md_list();
133 while( *list )
134 {
135 md_info = mbedtls_md_info_from_type( *list );
136 mbedtls_printf( " %s\n", mbedtls_md_get_name( md_info ) );
137 list++;
138 }
139
140 #if defined(_WIN32)
141 mbedtls_printf( "\n Press Enter to exit this program.\n" );
142 fflush( stdout ); getchar();
143 #endif
144
145 goto exit;
146 }
147
148 mode = atoi( argv[1] );
149
150 if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
151 {
152 mbedtls_fprintf( stderr, "invalid operation mode\n" );
153 goto exit;
154 }
155
156 if( strcmp( argv[2], argv[3] ) == 0 )
157 {
158 mbedtls_fprintf( stderr, "input and output filenames must differ\n" );
159 goto exit;
160 }
161
162 if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
163 {
164 mbedtls_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
165 goto exit;
166 }
167
168 if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
169 {
170 mbedtls_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
171 goto exit;
172 }
173
174 /*
175 * Read the Cipher and MD from the command line
176 */
177 cipher_info = mbedtls_cipher_info_from_string( argv[4] );
178 if( cipher_info == NULL )
179 {
180 mbedtls_fprintf( stderr, "Cipher '%s' not found\n", argv[4] );
181 goto exit;
182 }
183 if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info) ) != 0 )
184 {
185 mbedtls_fprintf( stderr, "mbedtls_cipher_setup failed\n" );
186 goto exit;
187 }
188
189 md_info = mbedtls_md_info_from_string( argv[5] );
190 if( md_info == NULL )
191 {
192 mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] );
193 goto exit;
194 }
195
196 if( mbedtls_md_setup( &md_ctx, md_info, 1 ) != 0 )
197 {
198 mbedtls_fprintf( stderr, "mbedtls_md_setup failed\n" );
199 goto exit;
200 }
201
202 /*
203 * Read the secret key from file or command line
204 */
205 if( ( fkey = fopen( argv[6], "rb" ) ) != NULL )
206 {
207 keylen = fread( key, 1, sizeof( key ), fkey );
208 fclose( fkey );
209 }
210 else
211 {
212 if( memcmp( argv[6], "hex:", 4 ) == 0 )
213 {
214 p = &argv[6][4];
215 keylen = 0;
216
217 while( sscanf( p, "%02X", (unsigned int*) &n ) > 0 &&
218 keylen < (int) sizeof( key ) )
219 {
220 key[keylen++] = (unsigned char) n;
221 p += 2;
222 }
223 }
224 else
225 {
226 keylen = strlen( argv[6] );
227
228 if( keylen > (int) sizeof( key ) )
229 keylen = (int) sizeof( key );
230
231 memcpy( key, argv[6], keylen );
232 }
233 }
234
235 #if defined(_WIN32_WCE)
236 filesize = fseek( fin, 0L, SEEK_END );
237 #else
238 #if defined(_WIN32)
239 /*
240 * Support large files (> 2Gb) on Win32
241 */
242 li_size.QuadPart = 0;
243 li_size.LowPart =
244 SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
245 li_size.LowPart, &li_size.HighPart, FILE_END );
246
247 if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
248 {
249 mbedtls_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
250 goto exit;
251 }
252
253 filesize = li_size.QuadPart;
254 #else
255 if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
256 {
257 perror( "lseek" );
258 goto exit;
259 }
260 #endif
261 #endif
262
263 if( fseek( fin, 0, SEEK_SET ) < 0 )
264 {
265 mbedtls_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
266 goto exit;
267 }
268
269 if( mode == MODE_ENCRYPT )
270 {
271 /*
272 * Generate the initialization vector as:
273 * IV = MD( filesize || filename )[0..15]
274 */
275 for( i = 0; i < 8; i++ )
276 buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
277
278 p = argv[2];
279
280 if( mbedtls_md_starts( &md_ctx ) != 0 )
281 {
282 mbedtls_fprintf( stderr, "mbedtls_md_starts() returned error\n" );
283 goto exit;
284 }
285 if( mbedtls_md_update( &md_ctx, buffer, 8 ) != 0 )
286 {
287 mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
288 goto exit;
289 }
290 if( mbedtls_md_update( &md_ctx, ( unsigned char * ) p, strlen( p ) )
291 != 0 )
292 {
293 mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
294 goto exit;
295 }
296 if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
297 {
298 mbedtls_fprintf( stderr, "mbedtls_md_finish() returned error\n" );
299 goto exit;
300 }
301
302 memcpy( IV, digest, 16 );
303
304 /*
305 * Append the IV at the beginning of the output.
306 */
307 if( fwrite( IV, 1, 16, fout ) != 16 )
308 {
309 mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
310 goto exit;
311 }
312
313 /*
314 * Hash the IV and the secret key together 8192 times
315 * using the result to setup the AES context and HMAC.
316 */
317 memset( digest, 0, 32 );
318 memcpy( digest, IV, 16 );
319
320 for( i = 0; i < 8192; i++ )
321 {
322 if( mbedtls_md_starts( &md_ctx ) != 0 )
323 {
324 mbedtls_fprintf( stderr,
325 "mbedtls_md_starts() returned error\n" );
326 goto exit;
327 }
328 if( mbedtls_md_update( &md_ctx, digest, 32 ) != 0 )
329 {
330 mbedtls_fprintf( stderr,
331 "mbedtls_md_update() returned error\n" );
332 goto exit;
333 }
334 if( mbedtls_md_update( &md_ctx, key, keylen ) != 0 )
335 {
336 mbedtls_fprintf( stderr,
337 "mbedtls_md_update() returned error\n" );
338 goto exit;
339 }
340 if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
341 {
342 mbedtls_fprintf( stderr,
343 "mbedtls_md_finish() returned error\n" );
344 goto exit;
345 }
346
347 }
348
349 if( mbedtls_cipher_setkey( &cipher_ctx,
350 digest,
351 (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
352 MBEDTLS_ENCRYPT ) != 0 )
353 {
354 mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
355 goto exit;
356 }
357 if( mbedtls_cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
358 {
359 mbedtls_fprintf( stderr, "mbedtls_cipher_set_iv() returned error\n");
360 goto exit;
361 }
362 if( mbedtls_cipher_reset( &cipher_ctx ) != 0 )
363 {
364 mbedtls_fprintf( stderr, "mbedtls_cipher_reset() returned error\n");
365 goto exit;
366 }
367
368 if( mbedtls_md_hmac_starts( &md_ctx, digest, 32 ) != 0 )
369 {
370 mbedtls_fprintf( stderr, "mbedtls_md_hmac_starts() returned error\n" );
371 goto exit;
372 }
373
374 /*
375 * Encrypt and write the ciphertext.
376 */
377 for( offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size( &cipher_ctx ) )
378 {
379 ilen = ( (unsigned int) filesize - offset > mbedtls_cipher_get_block_size( &cipher_ctx ) ) ?
380 mbedtls_cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
381
382 if( fread( buffer, 1, ilen, fin ) != ilen )
383 {
384 mbedtls_fprintf( stderr, "fread(%ld bytes) failed\n", (long) ilen );
385 goto exit;
386 }
387
388 if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output, &olen ) != 0 )
389 {
390 mbedtls_fprintf( stderr, "mbedtls_cipher_update() returned error\n");
391 goto exit;
392 }
393
394 if( mbedtls_md_hmac_update( &md_ctx, output, olen ) != 0 )
395 {
396 mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
397 goto exit;
398 }
399
400 if( fwrite( output, 1, olen, fout ) != olen )
401 {
402 mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
403 goto exit;
404 }
405 }
406
407 if( mbedtls_cipher_finish( &cipher_ctx, output, &olen ) != 0 )
408 {
409 mbedtls_fprintf( stderr, "mbedtls_cipher_finish() returned error\n" );
410 goto exit;
411 }
412 if( mbedtls_md_hmac_update( &md_ctx, output, olen ) != 0 )
413 {
414 mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
415 goto exit;
416 }
417
418 if( fwrite( output, 1, olen, fout ) != olen )
419 {
420 mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
421 goto exit;
422 }
423
424 /*
425 * Finally write the HMAC.
426 */
427 if( mbedtls_md_hmac_finish( &md_ctx, digest ) != 0 )
428 {
429 mbedtls_fprintf( stderr, "mbedtls_md_hmac_finish() returned error\n" );
430 goto exit;
431 }
432
433 if( fwrite( digest, 1, mbedtls_md_get_size( md_info ), fout ) != mbedtls_md_get_size( md_info ) )
434 {
435 mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", mbedtls_md_get_size( md_info ) );
436 goto exit;
437 }
438 }
439
440 if( mode == MODE_DECRYPT )
441 {
442 /*
443 * The encrypted file must be structured as follows:
444 *
445 * 00 .. 15 Initialization Vector
446 * 16 .. 31 Encrypted Block #1
447 * ..
448 * N*16 .. (N+1)*16 - 1 Encrypted Block #N
449 * (N+1)*16 .. (N+1)*16 + n Hash(ciphertext)
450 */
451 if( filesize < 16 + mbedtls_md_get_size( md_info ) )
452 {
453 mbedtls_fprintf( stderr, "File too short to be encrypted.\n" );
454 goto exit;
455 }
456
457 if( mbedtls_cipher_get_block_size( &cipher_ctx ) == 0 )
458 {
459 mbedtls_fprintf( stderr, "Invalid cipher block size: 0. \n" );
460 goto exit;
461 }
462
463 /*
464 * Check the file size.
465 */
466 if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
467 ( ( filesize - mbedtls_md_get_size( md_info ) ) %
468 mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
469 {
470 mbedtls_fprintf( stderr, "File content not a multiple of the block size (%u).\n",
471 mbedtls_cipher_get_block_size( &cipher_ctx ));
472 goto exit;
473 }
474
475 /*
476 * Subtract the IV + HMAC length.
477 */
478 filesize -= ( 16 + mbedtls_md_get_size( md_info ) );
479
480 /*
481 * Read the IV and original filesize modulo 16.
482 */
483 if( fread( buffer, 1, 16, fin ) != 16 )
484 {
485 mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
486 goto exit;
487 }
488
489 memcpy( IV, buffer, 16 );
490
491 /*
492 * Hash the IV and the secret key together 8192 times
493 * using the result to setup the AES context and HMAC.
494 */
495 memset( digest, 0, 32 );
496 memcpy( digest, IV, 16 );
497
498 for( i = 0; i < 8192; i++ )
499 {
500 if( mbedtls_md_starts( &md_ctx ) != 0 )
501 {
502 mbedtls_fprintf( stderr, "mbedtls_md_starts() returned error\n" );
503 goto exit;
504 }
505 if( mbedtls_md_update( &md_ctx, digest, 32 ) != 0 )
506 {
507 mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
508 goto exit;
509 }
510 if( mbedtls_md_update( &md_ctx, key, keylen ) != 0 )
511 {
512 mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
513 goto exit;
514 }
515 if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
516 {
517 mbedtls_fprintf( stderr, "mbedtls_md_finish() returned error\n" );
518 goto exit;
519 }
520 }
521
522 if( mbedtls_cipher_setkey( &cipher_ctx,
523 digest,
524 (int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
525 MBEDTLS_DECRYPT ) != 0 )
526 {
527 mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );
528 goto exit;
529 }
530
531 if( mbedtls_cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
532 {
533 mbedtls_fprintf( stderr, "mbedtls_cipher_set_iv() returned error\n" );
534 goto exit;
535 }
536
537 if( mbedtls_cipher_reset( &cipher_ctx ) != 0 )
538 {
539 mbedtls_fprintf( stderr, "mbedtls_cipher_reset() returned error\n" );
540 goto exit;
541 }
542
543 if( mbedtls_md_hmac_starts( &md_ctx, digest, 32 ) != 0 )
544 {
545 mbedtls_fprintf( stderr, "mbedtls_md_hmac_starts() returned error\n" );
546 goto exit;
547 }
548
549 /*
550 * Decrypt and write the plaintext.
551 */
552 for( offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size( &cipher_ctx ) )
553 {
554 ilen = ( (unsigned int) filesize - offset > mbedtls_cipher_get_block_size( &cipher_ctx ) ) ?
555 mbedtls_cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
556
557 if( fread( buffer, 1, ilen, fin ) != ilen )
558 {
559 mbedtls_fprintf( stderr, "fread(%u bytes) failed\n",
560 mbedtls_cipher_get_block_size( &cipher_ctx ) );
561 goto exit;
562 }
563
564 if( mbedtls_md_hmac_update( &md_ctx, buffer, ilen ) != 0 )
565 {
566 mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
567 goto exit;
568 }
569 if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output,
570 &olen ) != 0 )
571 {
572 mbedtls_fprintf( stderr, "mbedtls_cipher_update() returned error\n" );
573 goto exit;
574 }
575
576 if( fwrite( output, 1, olen, fout ) != olen )
577 {
578 mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
579 goto exit;
580 }
581 }
582
583 /*
584 * Verify the message authentication code.
585 */
586 if( mbedtls_md_hmac_finish( &md_ctx, digest ) != 0 )
587 {
588 mbedtls_fprintf( stderr, "mbedtls_md_hmac_finish() returned error\n" );
589 goto exit;
590 }
591
592 if( fread( buffer, 1, mbedtls_md_get_size( md_info ), fin ) != mbedtls_md_get_size( md_info ) )
593 {
594 mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", mbedtls_md_get_size( md_info ) );
595 goto exit;
596 }
597
598 /* Use constant-time buffer comparison */
599 diff = 0;
600 for( i = 0; i < mbedtls_md_get_size( md_info ); i++ )
601 diff |= digest[i] ^ buffer[i];
602
603 if( diff != 0 )
604 {
605 mbedtls_fprintf( stderr, "HMAC check failed: wrong key, "
606 "or file corrupted.\n" );
607 goto exit;
608 }
609
610 /*
611 * Write the final block of data
612 */
613 if( mbedtls_cipher_finish( &cipher_ctx, output, &olen ) != 0 )
614 {
615 mbedtls_fprintf( stderr, "mbedtls_cipher_finish() returned error\n" );
616 goto exit;
617 }
618
619 if( fwrite( output, 1, olen, fout ) != olen )
620 {
621 mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
622 goto exit;
623 }
624 }
625
626 exit_code = MBEDTLS_EXIT_SUCCESS;
627
628 exit:
629 if( fin )
630 fclose( fin );
631 if( fout )
632 fclose( fout );
633
634 /* Zeroize all command line arguments to also cover
635 the case when the user has missed or reordered some,
636 in which case the key might not be in argv[6]. */
637 for( i = 0; i < argc; i++ )
638 mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
639
640 mbedtls_platform_zeroize( IV, sizeof( IV ) );
641 mbedtls_platform_zeroize( key, sizeof( key ) );
642 mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
643 mbedtls_platform_zeroize( output, sizeof( output ) );
644 mbedtls_platform_zeroize( digest, sizeof( digest ) );
645
646 mbedtls_cipher_free( &cipher_ctx );
647 mbedtls_md_free( &md_ctx );
648
649 mbedtls_exit( exit_code );
650 }
651 #endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */
652