Home Explore Help
Sign In
RISCI_ATOM
/
harvey
mirror of https://github.com/Harvey-OS/harvey.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 0d8aa4ec2a
Branches Tags
harvey
/
sys
/
src
/
cmd
/
auth
/
secstore
/
aescbc.c

aescbc.c 4.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159 
  1. /*
    2. 

  2.  * This file is part of the UCB release of Plan 9. It is subject to the license
    3. 

  3.  * terms in the LICENSE file found in the top-level directory of this
    4. 

  4.  * distribution and at http://akaros.cs.berkeley.edu/files/Plan9License. No
    5. 

  5.  * part of the UCB release of Plan 9, including this file, may be copied,
    6. 

  6.  * modified, propagated, or distributed except according to the terms contained
    7. 

  7.  * in the LICENSE file.
    8. 

  8.  */
    9. 

  9. 

  10. /* encrypt file by writing
    11. 

  11. 	v2hdr,
    12. 

  12. 	16byte initialization vector,
    13. 

  13. 	AES-CBC(key, random | file),
    14. 

  14.     HMAC_SHA1(md5(key), AES-CBC(random | file))
    15. 

  15. */
    16. 

  16. #include <u.h>
    17. 

  17. #include <libc.h>
    18. 

  18. #include <bio.h>
    19. 

  19. #include <mp.h>
    20. 

  20. #include <libsec.h>
    21. 

  21. #include <authsrv.h>
    22. 

  22. 

  23. extern char* getpassm(char*);
    24. 

  24. 

  25. enum{ CHK = 16, BUF = 4096 };
    26. 

  26. 

  27. uint8_t v2hdr[AESbsize+1] = "AES CBC SHA1  2\n";
    28. 

  28. Biobuf bin;
    29. 

  29. Biobuf bout;
    30. 

  30. 

  31. void
    32. 

  32. safewrite(uint8_t *buf, int n)
    33. 

  33. {
    34. 

  34. 	if(Bwrite(&bout, buf, n) != n)
    35. 

  35. 		sysfatal("write error");
    36. 

  36. }
    37. 

  37. 

  38. void
    39. 

  39. saferead(uint8_t *buf, int n)
    40. 

  40. {
    41. 

  41. 	if(Bread(&bin, buf, n) != n)
    42. 

  42. 		sysfatal("read error");
    43. 

  43. }
    44. 

  44. 

  45. int
    46. 

  46. main(int argc, char **argv)
    47. 

  47. {
    48. 

  48. 	int encrypt = 0;  /* 0=decrypt, 1=encrypt */
    49. 

  49. 	int n, nkey, pass_stdin = 0, pass_nvram = 0;
    50. 

  50. 	char *pass;
    51. 

  51. 	unsigned char key[AESmaxkey], key2[SHA1dlen];
    52. 

  52. 	unsigned char buf[BUF+SHA1dlen];    /* assumption: CHK <= SHA1dlen */
    53. 

  53. 	AESstate aes;
    54. 

  54. 	DigestState *dstate;
    55. 

  55. 	Nvrsafe nvr;
    56. 

  56. 

  57. 	ARGBEGIN{
    58. 

  58. 	case 'e':
    59. 

  59. 		encrypt = 1;
    60. 

  60. 		break;
    61. 

  61. 	case 'i':
    62. 

  62. 		pass_stdin = 1;
    63. 

  63. 		break;
    64. 

  64. 	case 'n':
    65. 

  65. 		pass_nvram = 1;
    66. 

  66. 		break;
    67. 

  67. 	}ARGEND;
    68. 

  68. 	if(argc!=0){
    69. 

  69. 		fprint(2,"usage: %s -d < cipher.aes > clear.txt\n", argv0);
    70. 

  70. 		fprint(2,"   or: %s -e < clear.txt > cipher.aes\n", argv0);
    71. 

  71. 		exits("usage");
    72. 

  72. 	}
    73. 

  73. 	Binit(&bin, 0, OREAD);
    74. 

  74. 	Binit(&bout, 1, OWRITE);
    75. 

  75. 

  76. 	if(pass_stdin){
    77. 

  77. 		n = readn(3, buf, (sizeof buf)-1);
    78. 

  78. 		if(n < 1)
    79. 

  79. 			exits("usage: echo password |[3=1] auth/aescbc -i ...");
    80. 

  80. 		buf[n] = 0;
    81. 

  81. 		while(buf[n-1] == '\n')
    82. 

  82. 			buf[--n] = 0;
    83. 

  83. 	}else if(pass_nvram){
    84. 

  84. 		if(readnvram(&nvr, 0) < 0)
    85. 

  85. 			exits("readnvram: %r");
    86. 

  86. 		strecpy((char*)buf, (char*)buf+sizeof buf, (char*)nvr.config);
    87. 

  87. 		n = strlen((char*)buf);
    88. 

  88. 	}else{
    89. 

  89. 		pass = getpassm("aescbc key:");
    90. 

  90. 		n = strlen(pass);
    91. 

  91. 		if(n >= BUF)
    92. 

  92. 			exits("key too long");
    93. 

  93. 		strcpy((char*)buf, pass);
    94. 

  94. 		memset(pass, 0, n);
    95. 

  95. 		free(pass);
    96. 

  96. 	}
    97. 

  97. 	if(n <= 0)
    98. 

  98. 		sysfatal("no key");
    99. 

  99. 	dstate = sha1((unsigned char*)"aescbc file", 11, nil, nil);
    100. 

  100. 	sha1(buf, n, key2, dstate);
    101. 

  101. 	memcpy(key, key2, 16);
    102. 

  102. 	nkey = 16;
    103. 

  103. 	md5(key, nkey, key2, 0);  /* so even if HMAC_SHA1 is broken, encryption key is protected */
    104. 

  104. 

  105. 	if(encrypt){
    106. 

  106. 		safewrite(v2hdr, AESbsize);
    107. 

  107. 		genrandom(buf,2*AESbsize); /* CBC is semantically secure if IV is unpredictable. */
    108. 

  108. 		setupAESstate(&aes, key, nkey, buf);  /* use first AESbsize bytes as IV */
    109. 

  109. 		aesCBCencrypt(buf+AESbsize, AESbsize, &aes);  /* use second AESbsize bytes as initial plaintext */
    110. 

  110. 		safewrite(buf, 2*AESbsize);
    111. 

  111. 		dstate = hmac_sha1(buf+AESbsize, AESbsize, key2, MD5dlen, 0, 0);
    112. 

  112. 		for(;;){
    113. 

  113. 			n = Bread(&bin, buf, BUF);
    114. 

  114. 			if(n < 0)
    115. 

  115. 				sysfatal("read error");
    116. 

  116. 			aesCBCencrypt(buf, n, &aes);
    117. 

  117. 			safewrite(buf, n);
    118. 

  118. 			dstate = hmac_sha1(buf, n, key2, MD5dlen, 0, dstate);
    119. 

  119. 			if(n < BUF)
    120. 

  120. 				break; /* EOF */
    121. 

  121. 		}
    122. 

  122. 		hmac_sha1(0, 0, key2, MD5dlen, buf, dstate);
    123. 

  123. 		safewrite(buf, SHA1dlen);
    124. 

  124. 	}else{ /* decrypt */
    125. 

  125. 		saferead(buf, AESbsize);
    126. 

  126. 		if(memcmp(buf, v2hdr, AESbsize) == 0){
    127. 

  127. 			saferead(buf, 2*AESbsize);  /* read IV and random initial plaintext */
    128. 

  128. 			setupAESstate(&aes, key, nkey, buf);
    129. 

  129. 			dstate = hmac_sha1(buf+AESbsize, AESbsize, key2, MD5dlen, 0, 0);
    130. 

  130. 			aesCBCdecrypt(buf+AESbsize, AESbsize, &aes);
    131. 

  131. 			saferead(buf, SHA1dlen);
    132. 

  132. 			while((n = Bread(&bin, buf+SHA1dlen, BUF)) > 0){
    133. 

  133. 				dstate = hmac_sha1(buf, n, key2, MD5dlen, 0, dstate);
    134. 

  134. 				aesCBCdecrypt(buf, n, &aes);
    135. 

  135. 				safewrite(buf, n);
    136. 

  136. 				memmove(buf, buf+n, SHA1dlen);  /* these bytes are not yet decrypted */
    137. 

  137. 			}
    138. 

  138. 			hmac_sha1(0, 0, key2, MD5dlen, buf+SHA1dlen, dstate);
    139. 

  139. 			if(memcmp(buf, buf+SHA1dlen, SHA1dlen) != 0)
    140. 

  140. 				sysfatal("decrypted file failed to authenticate");
    141. 

  141. 		}else{ /* compatibility with past mistake */
    142. 

  142. 			// if file was encrypted with bad aescbc use this:
    143. 

  143. 			//         memset(key, 0, AESmaxkey);
    144. 

  144. 			//    else assume we're decrypting secstore files
    145. 

  145. 			setupAESstate(&aes, key, AESbsize, buf);
    146. 

  146. 			saferead(buf, CHK);
    147. 

  147. 			aesCBCdecrypt(buf, CHK, &aes);
    148. 

  148. 			while((n = Bread(&bin, buf+CHK, BUF)) > 0){
    149. 

  149. 				aesCBCdecrypt(buf+CHK, n, &aes);
    150. 

  150. 				safewrite(buf, n);
    151. 

  151. 				memmove(buf, buf+n, CHK);
    152. 

  152. 			}
    153. 

  153. 			if(memcmp(buf, "XXXXXXXXXXXXXXXX", CHK) != 0)
    154. 

  154. 				sysfatal("decrypted file failed to authenticate");
    155. 

  155. 		}
    156. 

  156. 	}
    157. 

  157. 	exits("");
    158. 

  158. 	return 1;  /* keep  other compilers happy */
    159. 

  159. }
    160.