Home Explore Help
Register Sign In
embedded
/
owner-nrf52sdk
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c1d97a59f9
Branches Tags
owner-nrf52sdk
/
nRF5_SDK_17.0.2
/
external
/
mbedtls
/
programs
/
aes
/
aescrypt2.c

aescrypt2.c 13 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470 
  1. /*
    2. 

  2.  *  AES-256 file encryption program
    3. 

  3.  *
    4. 

  4.  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
    5. 

  5.  *  SPDX-License-Identifier: Apache-2.0
    6. 

  6.  *
    7. 

  7.  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
    8. 

  8.  *  not use this file except in compliance with the License.
    9. 

  9.  *  You may obtain a copy of the License at
    10. 

  10.  *
    11. 

  11.  *  http://www.apache.org/licenses/LICENSE-2.0
    12. 

  12.  *
    13. 

  13.  *  Unless required by applicable law or agreed to in writing, software
    14. 

  14.  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    15. 

  15.  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    16. 

  16.  *  See the License for the specific language governing permissions and
    17. 

  17.  *  limitations under the License.
    18. 

  18.  *
    19. 

  19.  *  This file is part of mbed TLS (https://tls.mbed.org)
    20. 

  20.  */
    21. 

  21. 

  22. /* Enable definition of fileno() even when compiling with -std=c99. Must be
    23. 

  23.  * set before config.h, which pulls in glibc's features.h indirectly.
    24. 

  24.  * Harmless on other platforms. */
    25. 

  25. #define _POSIX_C_SOURCE 1
    26. 

  26. 

  27. #if !defined(MBEDTLS_CONFIG_FILE)
    28. 

  28. #include "mbedtls/config.h"
    29. 

  29. #else
    30. 

  30. #include MBEDTLS_CONFIG_FILE
    31. 

  31. #endif
    32. 

  32. 

  33. #if defined(MBEDTLS_PLATFORM_C)
    34. 

  34. #include "mbedtls/platform.h"
    35. 

  35. #else
    36. 

  36. #include <stdio.h>
    37. 

  37. #include <stdlib.h>
    38. 

  38. #define mbedtls_fprintf         fprintf
    39. 

  39. #define mbedtls_printf          printf
    40. 

  40. #define mbedtls_exit            exit
    41. 

  41. #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
    42. 

  42. #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
    43. 

  43. #endif /* MBEDTLS_PLATFORM_C */
    44. 

  44. 

  45. #include "mbedtls/aes.h"
    46. 

  46. #include "mbedtls/md.h"
    47. 

  47. #include "mbedtls/platform_util.h"
    48. 

  48. 

  49. #include <stdio.h>
    50. 

  50. #include <stdlib.h>
    51. 

  51. #include <string.h>
    52. 

  52. 

  53. #if defined(_WIN32)
    54. 

  54. #include <windows.h>
    55. 

  55. #if !defined(_WIN32_WCE)
    56. 

  56. #include <io.h>
    57. 

  57. #endif
    58. 

  58. #else
    59. 

  59. #include <sys/types.h>
    60. 

  60. #include <unistd.h>
    61. 

  61. #endif
    62. 

  62. 

  63. #define MODE_ENCRYPT    0
    64. 

  64. #define MODE_DECRYPT    1
    65. 

  65. 

  66. #define USAGE   \
    67. 

  67.     "\n  aescrypt2 <mode> <input filename> <output filename> <key>\n" \
    68. 

  68.     "\n   <mode>: 0 = encrypt, 1 = decrypt\n" \
    69. 

  69.     "\n  example: aescrypt2 0 file file.aes hex:E76B2413958B00E193\n" \
    70. 

  70.     "\n"
    71. 

  71. 

  72. #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_SHA256_C) || \
    73. 

  73.     !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_MD_C)
    74. 

  74. int main( void )
    75. 

  75. {
    76. 

  76.     mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_SHA256_C "
    77. 

  77.                     "and/or MBEDTLS_FS_IO and/or MBEDTLS_MD_C "
    78. 

  78.                     "not defined.\n");
    79. 

  79.     return( 0 );
    80. 

  80. }
    81. 

  81. #else
    82. 

  82. 

  83. 

  84. int main( int argc, char *argv[] )
    85. 

  85. {
    86. 

  86.     int ret = 0;
    87. 

  87.     int exit_code = MBEDTLS_EXIT_FAILURE;
    88. 

  88. 

  89.     unsigned int i, n;
    90. 

  90.     int mode, lastn;
    91. 

  91.     size_t keylen;
    92. 

  92.     FILE *fkey, *fin = NULL, *fout = NULL;
    93. 

  93. 

  94.     char *p;
    95. 

  95. 

  96.     unsigned char IV[16];
    97. 

  97.     unsigned char tmp[16];
    98. 

  98.     unsigned char key[512];
    99. 

  99.     unsigned char digest[32];
    100. 

  100.     unsigned char buffer[1024];
    101. 

  101.     unsigned char diff;
    102. 

  102. 

  103.     mbedtls_aes_context aes_ctx;
    104. 

  104.     mbedtls_md_context_t sha_ctx;
    105. 

  105. 

  106. #if defined(_WIN32_WCE)
    107. 

  107.     long filesize, offset;
    108. 

  108. #elif defined(_WIN32)
    109. 

  109.        LARGE_INTEGER li_size;
    110. 

  110.     __int64 filesize, offset;
    111. 

  111. #else
    112. 

  112.       off_t filesize, offset;
    113. 

  113. #endif
    114. 

  114. 

  115.     mbedtls_aes_init( &aes_ctx );
    116. 

  116.     mbedtls_md_init( &sha_ctx );
    117. 

  117. 

  118.     ret = mbedtls_md_setup( &sha_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 1 );
    119. 

  119.     if( ret != 0 )
    120. 

  120.     {
    121. 

  121.         mbedtls_printf( "  ! mbedtls_md_setup() returned -0x%04x\n", -ret );
    122. 

  122.         goto exit;
    123. 

  123.     }
    124. 

  124. 

  125.     /*
    126. 

  126.      * Parse the command-line arguments.
    127. 

  127.      */
    128. 

  128.     if( argc != 5 )
    129. 

  129.     {
    130. 

  130.         mbedtls_printf( USAGE );
    131. 

  131. 

  132. #if defined(_WIN32)
    133. 

  133.         mbedtls_printf( "\n  Press Enter to exit this program.\n" );
    134. 

  134.         fflush( stdout ); getchar();
    135. 

  135. #endif
    136. 

  136. 

  137.         goto exit;
    138. 

  138.     }
    139. 

  139. 

  140.     mode = atoi( argv[1] );
    141. 

  141.     memset( IV,     0, sizeof( IV ) );
    142. 

  142.     memset( key,    0, sizeof( key ) );
    143. 

  143.     memset( digest, 0, sizeof( digest ) );
    144. 

  144.     memset( buffer, 0, sizeof( buffer ) );
    145. 

  145. 

  146.     if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
    147. 

  147.     {
    148. 

  148.         mbedtls_fprintf( stderr, "invalide operation mode\n" );
    149. 

  149.         goto exit;
    150. 

  150.     }
    151. 

  151. 

  152.     if( strcmp( argv[2], argv[3] ) == 0 )
    153. 

  153.     {
    154. 

  154.         mbedtls_fprintf( stderr, "input and output filenames must differ\n" );
    155. 

  155.         goto exit;
    156. 

  156.     }
    157. 

  157. 

  158.     if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
    159. 

  159.     {
    160. 

  160.         mbedtls_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
    161. 

  161.         goto exit;
    162. 

  162.     }
    163. 

  163. 

  164.     if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
    165. 

  165.     {
    166. 

  166.         mbedtls_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
    167. 

  167.         goto exit;
    168. 

  168.     }
    169. 

  169. 

  170.     /*
    171. 

  171.      * Read the secret key from file or command line
    172. 

  172.      */
    173. 

  173.     if( ( fkey = fopen( argv[4], "rb" ) ) != NULL )
    174. 

  174.     {
    175. 

  175.         keylen = fread( key, 1, sizeof( key ), fkey );
    176. 

  176.         fclose( fkey );
    177. 

  177.     }
    178. 

  178.     else
    179. 

  179.     {
    180. 

  180.         if( memcmp( argv[4], "hex:", 4 ) == 0 )
    181. 

  181.         {
    182. 

  182.             p = &argv[4][4];
    183. 

  183.             keylen = 0;
    184. 

  184. 

  185.             while( sscanf( p, "%02X", &n ) > 0 &&
    186. 

  186.                    keylen < (int) sizeof( key ) )
    187. 

  187.             {
    188. 

  188.                 key[keylen++] = (unsigned char) n;
    189. 

  189.                 p += 2;
    190. 

  190.             }
    191. 

  191.         }
    192. 

  192.         else
    193. 

  193.         {
    194. 

  194.             keylen = strlen( argv[4] );
    195. 

  195. 

  196.             if( keylen > (int) sizeof( key ) )
    197. 

  197.                 keylen = (int) sizeof( key );
    198. 

  198. 

  199.             memcpy( key, argv[4], keylen );
    200. 

  200.         }
    201. 

  201.     }
    202. 

  202. 

  203. #if defined(_WIN32_WCE)
    204. 

  204.     filesize = fseek( fin, 0L, SEEK_END );
    205. 

  205. #else
    206. 

  206. #if defined(_WIN32)
    207. 

  207.     /*
    208. 

  208.      * Support large files (> 2Gb) on Win32
    209. 

  209.      */
    210. 

  210.     li_size.QuadPart = 0;
    211. 

  211.     li_size.LowPart  =
    212. 

  212.         SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
    213. 

  213.                         li_size.LowPart, &li_size.HighPart, FILE_END );
    214. 

  214. 

  215.     if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
    216. 

  216.     {
    217. 

  217.         mbedtls_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
    218. 

  218.         goto exit;
    219. 

  219.     }
    220. 

  220. 

  221.     filesize = li_size.QuadPart;
    222. 

  222. #else
    223. 

  223.     if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
    224. 

  224.     {
    225. 

  225.         perror( "lseek" );
    226. 

  226.         goto exit;
    227. 

  227.     }
    228. 

  228. #endif
    229. 

  229. #endif
    230. 

  230. 

  231.     if( fseek( fin, 0, SEEK_SET ) < 0 )
    232. 

  232.     {
    233. 

  233.         mbedtls_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
    234. 

  234.         goto exit;
    235. 

  235.     }
    236. 

  236. 

  237.     if( mode == MODE_ENCRYPT )
    238. 

  238.     {
    239. 

  239.         /*
    240. 

  240.          * Generate the initialization vector as:
    241. 

  241.          * IV = SHA-256( filesize || filename )[0..15]
    242. 

  242.          */
    243. 

  243.         for( i = 0; i < 8; i++ )
    244. 

  244.             buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
    245. 

  245. 

  246.         p = argv[2];
    247. 

  247. 

  248.         mbedtls_md_starts( &sha_ctx );
    249. 

  249.         mbedtls_md_update( &sha_ctx, buffer, 8 );
    250. 

  250.         mbedtls_md_update( &sha_ctx, (unsigned char *) p, strlen( p ) );
    251. 

  251.         mbedtls_md_finish( &sha_ctx, digest );
    252. 

  252. 

  253.         memcpy( IV, digest, 16 );
    254. 

  254. 

  255.         /*
    256. 

  256.          * The last four bits in the IV are actually used
    257. 

  257.          * to store the file size modulo the AES block size.
    258. 

  258.          */
    259. 

  259.         lastn = (int)( filesize & 0x0F );
    260. 

  260. 

  261.         IV[15] = (unsigned char)
    262. 

  262.             ( ( IV[15] & 0xF0 ) | lastn );
    263. 

  263. 

  264.         /*
    265. 

  265.          * Append the IV at the beginning of the output.
    266. 

  266.          */
    267. 

  267.         if( fwrite( IV, 1, 16, fout ) != 16 )
    268. 

  268.         {
    269. 

  269.             mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
    270. 

  270.             goto exit;
    271. 

  271.         }
    272. 

  272. 

  273.         /*
    274. 

  274.          * Hash the IV and the secret key together 8192 times
    275. 

  275.          * using the result to setup the AES context and HMAC.
    276. 

  276.          */
    277. 

  277.         memset( digest, 0,  32 );
    278. 

  278.         memcpy( digest, IV, 16 );
    279. 

  279. 

  280.         for( i = 0; i < 8192; i++ )
    281. 

  281.         {
    282. 

  282.             mbedtls_md_starts( &sha_ctx );
    283. 

  283.             mbedtls_md_update( &sha_ctx, digest, 32 );
    284. 

  284.             mbedtls_md_update( &sha_ctx, key, keylen );
    285. 

  285.             mbedtls_md_finish( &sha_ctx, digest );
    286. 

  286.         }
    287. 

  287. 

  288.         mbedtls_aes_setkey_enc( &aes_ctx, digest, 256 );
    289. 

  289.         mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
    290. 

  290. 

  291.         /*
    292. 

  292.          * Encrypt and write the ciphertext.
    293. 

  293.          */
    294. 

  294.         for( offset = 0; offset < filesize; offset += 16 )
    295. 

  295.         {
    296. 

  296.             n = ( filesize - offset > 16 ) ? 16 : (int)
    297. 

  297.                 ( filesize - offset );
    298. 

  298. 

  299.             if( fread( buffer, 1, n, fin ) != (size_t) n )
    300. 

  300.             {
    301. 

  301.                 mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", n );
    302. 

  302.                 goto exit;
    303. 

  303.             }
    304. 

  304. 

  305.             for( i = 0; i < 16; i++ )
    306. 

  306.                 buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
    307. 

  307. 

  308.             mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, buffer, buffer );
    309. 

  309.             mbedtls_md_hmac_update( &sha_ctx, buffer, 16 );
    310. 

  310. 

  311.             if( fwrite( buffer, 1, 16, fout ) != 16 )
    312. 

  312.             {
    313. 

  313.                 mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
    314. 

  314.                 goto exit;
    315. 

  315.             }
    316. 

  316. 

  317.             memcpy( IV, buffer, 16 );
    318. 

  318.         }
    319. 

  319. 

  320.         /*
    321. 

  321.          * Finally write the HMAC.
    322. 

  322.          */
    323. 

  323.         mbedtls_md_hmac_finish( &sha_ctx, digest );
    324. 

  324. 

  325.         if( fwrite( digest, 1, 32, fout ) != 32 )
    326. 

  326.         {
    327. 

  327.             mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
    328. 

  328.             goto exit;
    329. 

  329.         }
    330. 

  330.     }
    331. 

  331. 

  332.     if( mode == MODE_DECRYPT )
    333. 

  333.     {
    334. 

  334.         /*
    335. 

  335.          *  The encrypted file must be structured as follows:
    336. 

  336.          *
    337. 

  337.          *        00 .. 15              Initialization Vector
    338. 

  338.          *        16 .. 31              AES Encrypted Block #1
    339. 

  339.          *           ..
    340. 

  340.          *      N*16 .. (N+1)*16 - 1    AES Encrypted Block #N
    341. 

  341.          *  (N+1)*16 .. (N+1)*16 + 32   HMAC-SHA-256(ciphertext)
    342. 

  342.          */
    343. 

  343.         if( filesize < 48 )
    344. 

  344.         {
    345. 

  345.             mbedtls_fprintf( stderr, "File too short to be encrypted.\n" );
    346. 

  346.             goto exit;
    347. 

  347.         }
    348. 

  348. 

  349.         if( ( filesize & 0x0F ) != 0 )
    350. 

  350.         {
    351. 

  351.             mbedtls_fprintf( stderr, "File size not a multiple of 16.\n" );
    352. 

  352.             goto exit;
    353. 

  353.         }
    354. 

  354. 

  355.         /*
    356. 

  356.          * Subtract the IV + HMAC length.
    357. 

  357.          */
    358. 

  358.         filesize -= ( 16 + 32 );
    359. 

  359. 

  360.         /*
    361. 

  361.          * Read the IV and original filesize modulo 16.
    362. 

  362.          */
    363. 

  363.         if( fread( buffer, 1, 16, fin ) != 16 )
    364. 

  364.         {
    365. 

  365.             mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
    366. 

  366.             goto exit;
    367. 

  367.         }
    368. 

  368. 

  369.         memcpy( IV, buffer, 16 );
    370. 

  370.         lastn = IV[15] & 0x0F;
    371. 

  371. 

  372.         /*
    373. 

  373.          * Hash the IV and the secret key together 8192 times
    374. 

  374.          * using the result to setup the AES context and HMAC.
    375. 

  375.          */
    376. 

  376.         memset( digest, 0,  32 );
    377. 

  377.         memcpy( digest, IV, 16 );
    378. 

  378. 

  379.         for( i = 0; i < 8192; i++ )
    380. 

  380.         {
    381. 

  381.             mbedtls_md_starts( &sha_ctx );
    382. 

  382.             mbedtls_md_update( &sha_ctx, digest, 32 );
    383. 

  383.             mbedtls_md_update( &sha_ctx, key, keylen );
    384. 

  384.             mbedtls_md_finish( &sha_ctx, digest );
    385. 

  385.         }
    386. 

  386. 

  387.         mbedtls_aes_setkey_dec( &aes_ctx, digest, 256 );
    388. 

  388.         mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
    389. 

  389. 

  390.         /*
    391. 

  391.          * Decrypt and write the plaintext.
    392. 

  392.          */
    393. 

  393.         for( offset = 0; offset < filesize; offset += 16 )
    394. 

  394.         {
    395. 

  395.             if( fread( buffer, 1, 16, fin ) != 16 )
    396. 

  396.             {
    397. 

  397.                 mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
    398. 

  398.                 goto exit;
    399. 

  399.             }
    400. 

  400. 

  401.             memcpy( tmp, buffer, 16 );
    402. 

  402. 

  403.             mbedtls_md_hmac_update( &sha_ctx, buffer, 16 );
    404. 

  404.             mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_DECRYPT, buffer, buffer );
    405. 

  405. 

  406.             for( i = 0; i < 16; i++ )
    407. 

  407.                 buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
    408. 

  408. 

  409.             memcpy( IV, tmp, 16 );
    410. 

  410. 

  411.             n = ( lastn > 0 && offset == filesize - 16 )
    412. 

  412.                 ? lastn : 16;
    413. 

  413. 

  414.             if( fwrite( buffer, 1, n, fout ) != (size_t) n )
    415. 

  415.             {
    416. 

  416.                 mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", n );
    417. 

  417.                 goto exit;
    418. 

  418.             }
    419. 

  419.         }
    420. 

  420. 

  421.         /*
    422. 

  422.          * Verify the message authentication code.
    423. 

  423.          */
    424. 

  424.         mbedtls_md_hmac_finish( &sha_ctx, digest );
    425. 

  425. 

  426.         if( fread( buffer, 1, 32, fin ) != 32 )
    427. 

  427.         {
    428. 

  428.             mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 32 );
    429. 

  429.             goto exit;
    430. 

  430.         }
    431. 

  431. 

  432.         /* Use constant-time buffer comparison */
    433. 

  433.         diff = 0;
    434. 

  434.         for( i = 0; i < 32; i++ )
    435. 

  435.             diff |= digest[i] ^ buffer[i];
    436. 

  436. 

  437.         if( diff != 0 )
    438. 

  438.         {
    439. 

  439.             mbedtls_fprintf( stderr, "HMAC check failed: wrong key, "
    440. 

  440.                              "or file corrupted.\n" );
    441. 

  441.             goto exit;
    442. 

  442.         }
    443. 

  443.     }
    444. 

  444. 

  445.     exit_code = MBEDTLS_EXIT_SUCCESS;
    446. 

  446. 

  447. exit:
    448. 

  448.     if( fin )
    449. 

  449.         fclose( fin );
    450. 

  450.     if( fout )
    451. 

  451.         fclose( fout );
    452. 

  452. 

  453.     /* Zeroize all command line arguments to also cover
    454. 

  454.        the case when the user has missed or reordered some,
    455. 

  455.        in which case the key might not be in argv[4]. */
    456. 

  456.     for( i = 0; i < (unsigned int) argc; i++ )
    457. 

  457.         mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
    458. 

  458. 

  459.     mbedtls_platform_zeroize( IV,     sizeof( IV ) );
    460. 

  460.     mbedtls_platform_zeroize( key,    sizeof( key ) );
    461. 

  461.     mbedtls_platform_zeroize( tmp,    sizeof( tmp ) );
    462. 

  462.     mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
    463. 

  463.     mbedtls_platform_zeroize( digest, sizeof( digest ) );
    464. 

  464. 

  465.     mbedtls_aes_free( &aes_ctx );
    466. 

  466.     mbedtls_md_free( &sha_ctx );
    467. 

  467. 

  468.     return( exit_code );
    469. 

  469. }
    470. 

  470. #endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */
    471.