Home Explore Help
Register Sign In
RISCI_ATOM
/
harvey
mirror of https://github.com/Harvey-OS/harvey.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 1701f0a09b
Branches Tags
harvey
/
sys
/
src
/
cmd
/
auth
/
secstore
/
aescbc.c

aescbc.c 4.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166 
  1. /* encrypt file by writing
    2. 

  2. 	v2hdr,
    3. 

  3. 	16byte initialization vector,
    4. 

  4. 	AES-CBC(key, random | file),
    5. 

  5.     HMAC_SHA1(md5(key), AES-CBC(random | file))
    6. 

  6. */
    7. 

  7. #include <u.h>
    8. 

  8. #include <libc.h>
    9. 

  9. #include <bio.h>
    10. 

  10. #include <mp.h>
    11. 

  11. #include <libsec.h>
    12. 

  12. #include <authsrv.h>
    13. 

  13. 

  14. extern char* getpassm(char*);
    15. 

  15. 

  16. enum{ CHK = 16, BUF = 4096 };
    17. 

  17. 

  18. uchar v2hdr[AESbsize+1] = "AES CBC SHA1  2\n";
    19. 

  19. Biobuf bin;
    20. 

  20. Biobuf bout;
    21. 

  21. 

  22. void
    23. 

  23. safewrite(uchar *buf, int n)
    24. 

  24. {
    25. 

  25. 	int i = Bwrite(&bout, buf, n);
    26. 

  26. 

  27. 	if(i == n)
    28. 

  28. 		return;
    29. 

  29. 	fprint(2, "write error\n");
    30. 

  30. 	exits("write error");
    31. 

  31. }
    32. 

  32. 

  33. void
    34. 

  34. saferead(uchar *buf, int n)
    35. 

  35. {
    36. 

  36. 	int i = Bread(&bin, buf, n);
    37. 

  37. 

  38. 	if(i == n)
    39. 

  39. 		return;
    40. 

  40. 	fprint(2, "read error\n");
    41. 

  41. 	exits("read error");
    42. 

  42. }
    43. 

  43. 

  44. int
    45. 

  45. main(int argc, char **argv)
    46. 

  46. {
    47. 

  47. 	int encrypt = 0;  /* 0=decrypt, 1=encrypt */
    48. 

  48. 	int n, nkey, pass_stdin = 0, pass_nvram = 0;
    49. 

  49. 	char *pass;
    50. 

  50. 	uchar key[AESmaxkey], key2[SHA1dlen];
    51. 

  51. 	uchar buf[BUF+SHA1dlen];    /* assumption: CHK <= SHA1dlen */
    52. 

  52. 	AESstate aes;
    53. 

  53. 	DigestState *dstate;
    54. 

  54. 	Nvrsafe nvr;
    55. 

  55. 

  56. 	ARGBEGIN{
    57. 

  57. 	case 'e':
    58. 

  58. 		encrypt = 1;
    59. 

  59. 		break;
    60. 

  60. 	case 'i':
    61. 

  61. 		pass_stdin = 1;
    62. 

  62. 		break;
    63. 

  63. 	case 'n':
    64. 

  64. 		pass_nvram = 1;
    65. 

  65. 		break;
    66. 

  66. 	}ARGEND;
    67. 

  67. 	if(argc!=0){
    68. 

  68. 		fprint(2,"usage: %s -d < cipher.aes > clear.txt\n", argv0);
    69. 

  69. 		fprint(2,"   or: %s -e < clear.txt > cipher.aes\n", argv0);
    70. 

  70. 		exits("usage");
    71. 

  71. 	}
    72. 

  72. 	Binit(&bin, 0, OREAD);
    73. 

  73. 	Binit(&bout, 1, OWRITE);
    74. 

  74. 

  75. 	if(pass_stdin){
    76. 

  76. 		n = readn(3, buf, (sizeof buf)-1);
    77. 

  77. 		if(n < 1)
    78. 

  78. 			exits("usage: echo password |[3=1] auth/aescbc -i ...");
    79. 

  79. 		buf[n] = 0;
    80. 

  80. 		while(buf[n-1] == '\n')
    81. 

  81. 			buf[--n] = 0;
    82. 

  82. 	}else if(pass_nvram){
    83. 

  83. 		if(readnvram(&nvr, 0) < 0)
    84. 

  84. 			exits("readnvram: %r");
    85. 

  85. 		strecpy((char*)buf, (char*)buf+sizeof buf, (char*)nvr.config);
    86. 

  86. 		n = strlen((char*)buf);
    87. 

  87. 	}else{
    88. 

  88. 		pass = getpassm("aescbc key:");
    89. 

  89. 		n = strlen(pass);
    90. 

  90. 		if(n >= BUF)
    91. 

  91. 			exits("key too long");
    92. 

  92. 		strcpy((char*)buf, pass);
    93. 

  93. 		memset(pass, 0, n);
    94. 

  94. 		free(pass);
    95. 

  95. 	}
    96. 

  96. 	if(n <= 0){
    97. 

  97. 		fprint(2,"no key\n");
    98. 

  98. 		exits("key");
    99. 

  99. 	}
    100. 

  100. 	dstate = sha1((uchar*)"aescbc file", 11, nil, nil);
    101. 

  101. 	sha1(buf, n, key2, dstate);
    102. 

  102. 	memcpy(key, key2, 16);
    103. 

  103. 	nkey = 16;
    104. 

  104. 	md5(key, nkey, key2, 0);  /* so even if HMAC_SHA1 is broken, encryption key is protected */
    105. 

  105. 

  106. 	if(encrypt){
    107. 

  107. 		safewrite(v2hdr, AESbsize);
    108. 

  108. 		genrandom(buf,2*AESbsize); /* CBC is semantically secure if IV is unpredictable. */
    109. 

  109. 		setupAESstate(&aes, key, nkey, buf);  /* use first AESbsize bytes as IV */
    110. 

  110. 		aesCBCencrypt(buf+AESbsize, AESbsize, &aes);  /* use second AESbsize bytes as initial plaintext */
    111. 

  111. 		safewrite(buf, 2*AESbsize);
    112. 

  112. 		dstate = hmac_sha1(buf+AESbsize, AESbsize, key2, MD5dlen, 0, 0);
    113. 

  113. 		while(1){
    114. 

  114. 			n = Bread(&bin, buf, BUF);
    115. 

  115. 			if(n < 0){
    116. 

  116. 				fprint(2,"read error\n");
    117. 

  117. 				exits("read error");
    118. 

  118. 			}
    119. 

  119. 			aesCBCencrypt(buf, n, &aes);
    120. 

  120. 			safewrite(buf, n);
    121. 

  121. 			dstate = hmac_sha1(buf, n, key2, MD5dlen, 0, dstate);
    122. 

  122. 			if(n < BUF)
    123. 

  123. 				break; /* EOF */
    124. 

  124. 		}
    125. 

  125. 		hmac_sha1(0, 0, key2, MD5dlen, buf, dstate);
    126. 

  126. 		safewrite(buf, SHA1dlen);
    127. 

  127. 	}else{ /* decrypt */
    128. 

  128. 		saferead(buf, AESbsize);
    129. 

  129. 		if(memcmp(buf, v2hdr, AESbsize) == 0){
    130. 

  130. 			saferead(buf, 2*AESbsize);  /* read IV and random initial plaintext */
    131. 

  131. 			setupAESstate(&aes, key, nkey, buf);
    132. 

  132. 			dstate = hmac_sha1(buf+AESbsize, AESbsize, key2, MD5dlen, 0, 0);
    133. 

  133. 			aesCBCdecrypt(buf+AESbsize, AESbsize, &aes);
    134. 

  134. 			saferead(buf, SHA1dlen);
    135. 

  135. 			while((n = Bread(&bin, buf+SHA1dlen, BUF)) > 0){
    136. 

  136. 				dstate = hmac_sha1(buf, n, key2, MD5dlen, 0, dstate);
    137. 

  137. 				aesCBCdecrypt(buf, n, &aes);
    138. 

  138. 				safewrite(buf, n);
    139. 

  139. 				memmove(buf, buf+n, SHA1dlen);  /* these bytes are not yet decrypted */
    140. 

  140. 			}
    141. 

  141. 			hmac_sha1(0, 0, key2, MD5dlen, buf+SHA1dlen, dstate);
    142. 

  142. 			if(memcmp(buf, buf+SHA1dlen, SHA1dlen) != 0){
    143. 

  143. 				fprint(2,"decrypted file failed to authenticate\n");
    144. 

  144. 				exits("decrypted file failed to authenticate");
    145. 

  145. 			}
    146. 

  146. 		}else{ /* compatibility with past mistake */
    147. 

  147. 			// if file was encrypted with bad aescbc use this:
    148. 

  148. 			//         memset(key, 0, AESmaxkey);
    149. 

  149. 			//    else assume we're decrypting secstore files
    150. 

  150. 			setupAESstate(&aes, key, AESbsize, buf);
    151. 

  151. 			saferead(buf, CHK);
    152. 

  152. 			aesCBCdecrypt(buf, CHK, &aes);
    153. 

  153. 			while((n = Bread(&bin, buf+CHK, BUF)) > 0){
    154. 

  154. 				aesCBCdecrypt(buf+CHK, n, &aes);
    155. 

  155. 				safewrite(buf, n);
    156. 

  156. 				memmove(buf, buf+n, CHK);
    157. 

  157. 			}
    158. 

  158. 			if(memcmp(buf, "XXXXXXXXXXXXXXXX", CHK) != 0){
    159. 

  159. 				fprint(2,"decrypted file failed to authenticate\n");
    160. 

  160. 				exits("decrypted file failed to authenticate");
    161. 

  161. 			}
    162. 

  162. 		}
    163. 

  163. 	}
    164. 

  164. 	exits("");
    165. 

  165. 	return 1;  /* keep  other compilers happy */
    166. 

  166. }
    167.