int
main(int argc, char **argv)
{
int encrypt = 0; /* 0=decrypt, 1=encrypt */
int n, nkey, pass_stdin = 0, pass_nvram = 0;
char *pass;
unsigned char key[AESmaxkey], key2[SHA1dlen];
unsigned char buf[BUF+SHA1dlen]; /* assumption: CHK <= SHA1dlen */
AESstate aes;
DigestState *dstate;
Nvrsafe nvr;
ARGBEGIN{
case 'e':
encrypt = 1;
break;
case 'i':
pass_stdin = 1;
break;
case 'n':
pass_nvram = 1;
break;
}ARGEND;
if(argc!=0){
fprint(2,"usage: %s -d < cipher.aes > clear.txt\n", argv0);
fprint(2," or: %s -e < clear.txt > cipher.aes\n", argv0);
exits("usage");
}
Binit(&bin, 0, OREAD);
Binit(&bout, 1, OWRITE);
if(pass_stdin){
n = readn(3, buf, (sizeof buf)-1);
if(n < 1)
exits("usage: echo password |[3=1] auth/aescbc -i ...");
buf[n] = 0;
while(buf[n-1] == '\n')
buf[--n] = 0;
}else if(pass_nvram){
if(readnvram(&nvr, 0) < 0)
exits("readnvram: %r");
strecpy((char*)buf, (char*)buf+sizeof buf, (char*)nvr.config);
n = strlen((char*)buf);
}else{
pass = getpassm("aescbc key:");
n = strlen(pass);
if(n >= BUF)
exits("key too long");
strcpy((char*)buf, pass);
memset(pass, 0, n);
free(pass);
}
if(n <= 0)
sysfatal("no key");
dstate = sha1((unsigned char*)"aescbc file", 11, nil, nil);
sha1(buf, n, key2, dstate);
memcpy(key, key2, 16);
nkey = 16;
md5(key, nkey, key2, 0); /* so even if HMAC_SHA1 is broken, encryption key is protected */
if(encrypt){
safewrite(v2hdr, AESbsize);
genrandom(buf,2*AESbsize); /* CBC is semantically secure if IV is unpredictable. */
setupAESstate(&aes, key, nkey, buf); /* use first AESbsize bytes as IV */
aesCBCencrypt(buf+AESbsize, AESbsize, &aes); /* use second AESbsize bytes as initial plaintext */
safewrite(buf, 2*AESbsize);
dstate = hmac_sha1(buf+AESbsize, AESbsize, key2, MD5dlen, 0, 0);
for(;;){
n = Bread(&bin, buf, BUF);
if(n < 0)
sysfatal("read error");
aesCBCencrypt(buf, n, &aes);
safewrite(buf, n);
dstate = hmac_sha1(buf, n, key2, MD5dlen, 0, dstate);
if(n < BUF)
break; /* EOF */
}
hmac_sha1(0, 0, key2, MD5dlen, buf, dstate);
safewrite(buf, SHA1dlen);
}else{ /* decrypt */
saferead(buf, AESbsize);
if(memcmp(buf, v2hdr, AESbsize) == 0){
saferead(buf, 2*AESbsize); /* read IV and random initial plaintext */
setupAESstate(&aes, key, nkey, buf);
dstate = hmac_sha1(buf+AESbsize, AESbsize, key2, MD5dlen, 0, 0);
aesCBCdecrypt(buf+AESbsize, AESbsize, &aes);
saferead(buf, SHA1dlen);
while((n = Bread(&bin, buf+SHA1dlen, BUF)) > 0){
dstate = hmac_sha1(buf, n, key2, MD5dlen, 0, dstate);
aesCBCdecrypt(buf, n, &aes);
safewrite(buf, n);
memmove(buf, buf+n, SHA1dlen); /* these bytes are not yet decrypted */
}
hmac_sha1(0, 0, key2, MD5dlen, buf+SHA1dlen, dstate);
if(memcmp(buf, buf+SHA1dlen, SHA1dlen) != 0)
sysfatal("decrypted file failed to authenticate");
}else{ /* compatibility with past mistake */
// if file was encrypted with bad aescbc use this:
// memset(key, 0, AESmaxkey);
// else assume we're decrypting secstore files
setupAESstate(&aes, key, AESbsize, buf);
saferead(buf, CHK);
aesCBCdecrypt(buf, CHK, &aes);
while((n = Bread(&bin, buf+CHK, BUF)) > 0){
aesCBCdecrypt(buf+CHK, n, &aes);
safewrite(buf, n);
memmove(buf, buf+n, CHK);
}
if(memcmp(buf, "XXXXXXXXXXXXXXXX", CHK) != 0)
sysfatal("decrypted file failed to authenticate");
}
}
exits("");
return 1; /* keep other compilers happy */
}
/* decrypted by the program aescbc.c. */
static int
putfile(SConn *conn, char *pf, uchar *buf, ulong len, uchar *key, int nkey)
{
int i, n, fd, ivo, bufi, done;
char s[Maxmsg];
uchar skey[SHA1dlen], b[CHK+Maxmsg], IV[AESbsize];
AESstate aes;
DigestState *sha;
/* create initialization vector */
srand(time(0)); /* doesn't need to be unpredictable */
for(i=0; i<AESbsize; i++)
IV[i] = 0xff & rand();
sha = sha1((uchar*)"aescbc file", 11, nil, nil);
sha1(key, nkey, skey, sha);
setupAESstate(&aes, skey, AESbsize, IV);
memset(skey, 0, sizeof skey);
snprint(s, Maxmsg, "PUT %s\n", pf);
conn->write(conn, (uchar*)s, strlen(s));
if(buf == nil){
/* get file size */
if((fd = open(pf, OREAD)) < 0){
fprint(2, "can't open %s: %r\n", pf);
return -1;
}
len = seek(fd, 0, 2);
seek(fd, 0, 0);
} else {
fd = -1;
}
if(len > MAXFILESIZE){
fprint(2, "implausible filesize %ld for %s\n", len, pf);
return -1;
}
/* send file size */
snprint(s, Maxmsg, "%ld", len+AESbsize+CHK);
conn->write(conn, (uchar*)s, strlen(s));
/* send IV and file+XXXXX in Maxmsg chunks */
ivo = AESbsize;
bufi = 0;
memcpy(b, IV, ivo);
for(done = 0; !done; ){
if(buf == nil){
n = read(fd, b+ivo, Maxmsg-ivo);
if(n < 0){
fprint(2, "read error on %s: %r\n", pf);
return -1;
}
}else{
if((n = len - bufi) > Maxmsg-ivo)
n = Maxmsg-ivo;
memcpy(b+ivo, buf+bufi, n);
bufi += n;
}
n += ivo;
ivo = 0;
if(n < Maxmsg){ /* EOF on input; append XX... */
memset(b+n, 'X', CHK);
n += CHK; /* might push n>Maxmsg */
done = 1;
}
aesCBCencrypt(b, n, &aes);
if(n > Maxmsg){
assert(done==1);
conn->write(conn, b, Maxmsg);
n -= Maxmsg;
memmove(b, b+Maxmsg, n);
}
conn->write(conn, b, n);
}
if(buf == nil)
close(fd);
fprint(2, "saved %ld bytes\n", len);
return 0;
}
int
convert(char **db, int len)
{
int i, nu, keydblen, keydboff, keydbaes;
char *p = *db;
keydblen = KEYDBLEN;
keydboff = KEYDBOFF;
keydbaes = len > 24 && memcmp(p, "AES KEYS", 8) == 0;
if(keydbaes) {
keydblen += AESKEYLEN;
keydboff = 8+16; /* signature[8] + iv[16] */
}
len -= keydboff;
if(len % keydblen) {
fprint(2, "%s: file odd length; not converting %d bytes\n", argv0, len % keydblen);
len -= len % keydblen;
}
len += keydboff;
if(keydbaes) {
AESstate s;
/* make sure we have aes key for decryption */
if(memcmp(okey.aes, zeros, AESKEYLEN) == 0) {
fprint(2, "%s: no aes key in NVRAM\n", argv0);
exits("no aes key");
}
setupAESstate(&s, okey.aes, AESKEYLEN, zeros);
aesCBCdecrypt((uchar*)p+8, len-8, &s);
} else {
DESstate s;
uchar k[8];
des56to64((uchar*)okey.des, k);
setupDESstate(&s, k, zeros);
desCBCdecrypt((uchar*)p, len, &s);
}
nu = 0;
for(i = keydboff; i < len; i += keydblen) {
if (badname(&p[i])) {
fprint(2, "%s: bad name %.30s... - aborting\n", argv0, &p[i]);
exits("bad name");
}
nu++;
}
if(verb) {
for(i = keydboff; i < len; i += keydblen)
print("%s\n", &p[i]);
exits(nil);
}
if(convaes && !keydbaes) {
char *s, *d;
keydboff = 8+16;
keydblen += AESKEYLEN;
len = keydboff + keydblen*nu;
p = realloc(p, len);
if(p == nil)
error("out of memory");
*db = p;
s = p + KEYDBOFF + nu*KEYDBLEN;
d = p + keydboff + nu*keydblen;
for(i=0; i<nu; i++) {
s -= KEYDBLEN;
d -= keydblen;
memmove(d, s, KEYDBLEN);
memset(d + KEYDBLEN, 0, keydblen-KEYDBLEN);
}
keydbaes = 1;
}
genrandom((uchar*)p, keydboff);
if(keydbaes) {
AESstate s;
memmove(p, "AES KEYS", 8);
setupAESstate(&s, nkey.aes, AESKEYLEN, zeros);
aesCBCencrypt((uchar*)p+8, len-8, &s);
} else {
DESstate s;
uchar k[8];
des56to64((uchar*)nkey.des, k);
setupDESstate(&s, k, zeros);
desCBCencrypt((uchar*)p, len, &s);
}
return len;
}
