Пример #1
0
int main(int argc, char *argv[])
{
    /* Set up the key and iv. Do I need to say to not hard code these in a
     * real application? :-)
     */

    /* A 256 bit key */
    unsigned char key[AES_KEY_LENGTH] = { '\0' };

    /* A 128 bit IV */
    unsigned char iv[AES_IV_LENGTH] = { '\0' };


    /* Message to be encrypted */
    unsigned char *plaintext = NULL;

    /* Buffer for ciphertext. Ensure the buffer is long enough for the
     * ciphertext which may be longer than the plaintext, dependant on the
     * algorithm and mode
     */
    unsigned char *ciphertext = NULL;

    int plaintext_len = 0;
    int ciphertext_len = 0;

    int i = 0, rem = 0, num_of_blocks = 0;

    printf("AES file encryption tool.  Written by Kevin Neale 2015\n\n");

    if (argc < 5 || !argv[1] || !argv[2] || !argv[3] || !argv[4]) {
    printf("Usage: ./encrypt <in> <out> <key> <iv>\n\n");
    printf ("    <in>         - Filepath to the file to be encrypted\n");
    printf("    <out>        - Filepath to the file which will contain the encrypted data\n\n");
    printf ("    <key>        - 256 bit key to be used for the encryption represented as a 64 character hex string\n");
    printf("                   e.g. 471C6ABB3CAD5CD41509F961EDD3A2E08E76F61FF6D63412B79E9D500257A06A\n\n");
    printf("    <iv>         - 128 bit initialisation vector to be used for the encryption represented as a 32 character hex string\n");
    printf("                   e.g. 743D32B3BEDEEAF5\n\n");
    exit(EXIT_FAILURE);
    }

    //Open the input file
    FILE *in = fopen(argv[1], "r");

    if (!in) {
        printf("Error! Could not open input file\n");
        exit(EXIT_FAILURE);
    }
    //Open the output file
    FILE *out = fopen(argv[2], "w");


    if (!out) {
        printf("Error! Could not open output file\n");
        exit(EXIT_FAILURE);
    }
    //Get key and iv
    if (get_key(argv[3], key) != 0 || get_iv(argv[4], iv) != 0) {
        printf("Error! Bad parameters\n");
        exit(EXIT_FAILURE);
    }
    //Prepare input buffer

    //Determine lenght of the input and allocate a buffer to store it.
    fseek(in, 0L, SEEK_END);
    plaintext_len = ftell(in);

    printf("length of plaintext: %d\n", plaintext_len);
    fseek(in, 0L, SEEK_SET);

    if (plaintext_len <= 0) {
        printf("Error! Input file is empty\n");
        exit(EXIT_FAILURE);
    }

    plaintext = malloc(sizeof(char) * plaintext_len);

    if (!plaintext) {
        printf("Error! Could not allocate memory for input buffer\n");
        exit(EXIT_FAILURE);
    }

    memset(plaintext, '\0', sizeof(char) * plaintext_len);

    //Read the file data into the input buffer
    fread(plaintext, 1, plaintext_len, in);


    //Prepare the output buffer 
    //Calculate the length of the input data in blocks (128 bit (32 bytes) for AES).
    rem = plaintext_len % AES_BLOCK_SIZE;
    num_of_blocks = (plaintext_len - rem) / AES_BLOCK_SIZE;

    if (rem != 0) {
        num_of_blocks++;    //Add an extra block as the the input data is not an exact multiple of blocks.
    }

    ciphertext_len = num_of_blocks * AES_BLOCK_SIZE;    //Total memory to allocate is num of blocks times block size

    printf("number of blocks: %d\ntotal buffer to allocate: %d\n",num_of_blocks, ciphertext_len);

    ciphertext = malloc(sizeof(char) * ciphertext_len);

    if (!ciphertext) {
        printf("Error! Could not allocate memory for output buffer\n");
        exit(EXIT_FAILURE);
    }

    memset(ciphertext, '\0', sizeof(char) * ciphertext_len);


    /* Encrypt the plaintext */
    ciphertext_len =
    encrypt(plaintext, plaintext_len, key, iv, ciphertext);

    printf("length of ciphertext: %d\n", ciphertext_len);

    for (i = 0; i < ciphertext_len; i++) {
        fwrite(&ciphertext[i], sizeof(unsigned char), 1, out);
    }

    sync();         //Force output flush

    free(plaintext);
    free(ciphertext);

    fclose(in);
    fclose(out);

    /* Clean up */
    EVP_cleanup();
    ERR_free_strings();

    return 0;
}
Пример #2
0
void attacker_send_auth_decrypted(havege_state *havege_state, void* socket)
  //@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker);
  //@ ensures  attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
{
  int temp;
  int size1;
  int size2;
  char buffer1[MAX_MESSAGE_SIZE];
  char buffer2[MAX_MESSAGE_SIZE];
  char buffer3[MAX_MESSAGE_SIZE];
  gcm_context gcm_context;
  char iv[16];

  //@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker);

  size1 = net_recv(socket, buffer1, MAX_MESSAGE_SIZE);
  size2 = net_recv(socket, buffer2, MAX_MESSAGE_SIZE);
  if (size1 <= 16 || size2 <= 16 ||
      (size1 != 16 && size1 != 24 && size1 != 32))
  {
    //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
    return;
  }

  //@ close gcm_context(&gcm_context);
  //@ interpret_symmetric_key(buffer1, size1);
  //@ assert cryptogram(buffer1, size1, ?ccs1, ?cg_key);
  //@ assert cg_key == cg_symmetric_key(?p, ?c);
  if (gcm_init(&gcm_context, POLARSSL_CIPHER_ID_AES,
      buffer1, (unsigned int) size1 * 8) == 0)
  {
    if (get_iv(havege_state, iv) == 0)
    {
      //@ assert crypto_chars(normal, iv, 16, ?ccs_iv);
      //@ assert chars(buffer2, size2, ?cs2);
      //@ interpret_auth_encrypted(buffer2, size2);
      //@ open cryptogram(buffer2, size2, ?ccs2, ?cg_enc);
      //@ cs_to_ccs_crypto_chars(buffer2, cs2);
      //@ chars_to_crypto_chars(buffer2, size2);
      //@ close exists(cg_enc);
      //@ assert cg_enc == cg_auth_encrypted(?p2, ?c2, ?ccs_output2, ?ccs_iv2);
      //@ crypto_chars_split(buffer2, 16);
      if (gcm_auth_decrypt(&gcm_context, (unsigned int) size2 - 16,
                            iv, 16, NULL, 0, buffer2, 16,
                            (void*) buffer2 + 16, buffer3) == 0)
      {
        /*@ if (!col)
            {
              assert crypto_chars(secret, buffer3, size2 - 16, ?ccs_output);
              ccs_output == ccs_output2;
              ccs_iv == ccs_iv2;
              assert ccs2 == ccs_for_cg(cg_enc);
              assert [_]pub(cg_enc);
              assert is_public_auth_decryption_is_public(?proof3, pub, pred);
              proof3(cg_key, cg_enc);
              public_crypto_chars(buffer3, size2 - 16);
              chars_to_crypto_chars(buffer3, size2 - 16);
            }
        @*/
        zeroize(iv, 16);
        //@ chars_to_crypto_chars(iv, 16);
      }
      //@ crypto_chars_to_chars(buffer3, size2 - 16);
      net_send(socket, buffer3, (unsigned int) size2 - 16);
      //@ crypto_chars_to_chars(buffer2, 16);
      //@ crypto_chars_to_chars((void*) buffer2 + 16, size2 - 16);
      //@ chars_join(buffer2);
    }
    //@ crypto_chars_to_chars(iv, 16);
    gcm_free(&gcm_context);
  }
  //@ open gcm_context(&gcm_context);
  //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
  //@ public_cryptogram(buffer1, cg_key);
}
Пример #3
0
void attacker_send_decrypted(havege_state *havege_state, void* socket)
  //@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker);
  //@ ensures  attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
{
  int temp;
  int size1;
  int size2;
  char buffer1[MAX_MESSAGE_SIZE];
  char buffer2[MAX_MESSAGE_SIZE];
  char buffer3[MAX_MESSAGE_SIZE];
  aes_context aes_context;
  char iv[16];
  size_t iv_off = 0;

  //@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker);

  size1 = net_recv(socket, buffer1, MAX_MESSAGE_SIZE);
  size2 = net_recv(socket, buffer2, MAX_MESSAGE_SIZE);
  if (size1 <= 0 || size2 < MINIMAL_STRING_SIZE ||
       (size1 != 16 && size1 != 24 && size1 != 32))
  {
    //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
    return;
  }

  //@ close aes_context(&aes_context);
  //@ interpret_symmetric_key(buffer1, size1);
  //@ assert cryptogram(buffer1, size1, ?ccs1, ?cg_key);
  //@ assert cg_key == cg_symmetric_key(?p, ?c);
  if (aes_setkey_enc(&aes_context, buffer1, (unsigned int) size1 * 8) == 0)
  {
    if (get_iv(havege_state, iv) == 0)
    {
      //@ assert crypto_chars(normal, iv, 16, ?ccs_iv);
      //@ interpret_encrypted(buffer2, size2);
      //@ open cryptogram(buffer2, size2, ?ccs2, ?cg_enc);
      //@ close cryptogram(buffer2, size2, ccs2, cg_enc);
      //@ assert cg_enc == cg_encrypted(?p2, ?c2, ?ccs_output2, ?ccs_iv2);
      //@ structure s = known_value(0, nil);
      //@ close decryption_pre(true, false, attacker, s, ccs2);
      int success = aes_crypt_cfb128(&aes_context, AES_DECRYPT,
                                     (unsigned int) size2, &iv_off, iv,
                                     buffer2, buffer3);
      if (success == 0) zeroize(iv, 16); 
      //@ if (success == 0) chars_to_crypto_chars(iv, 16);
      //@ open decryption_post(true, ?garbage, attacker, s, p, c, ?ccs_output);
      /*@ if (garbage)
          {
            assert is_public_key_classifier(?proof, _, _, _);
            proof(cg_key, p, c, true);
            decryption_garbage(buffer3, size2, s);
          }
          else if (success == 0)
          {
            assert crypto_chars(secret, buffer3, size2, ccs_output);
            assert ccs_output == ccs_output2;
            assert ccs_iv == ccs_iv2;
            assert ccs2 == ccs_for_cg(cg_enc);
            public_ccs_cg(cg_enc);
            assert [_]pub(cg_enc);
            assert is_public_decryption_is_public(?proof2, pub, pred);
            proof2(cg_key, cg_enc);
            public_crypto_chars(buffer3, size2);
            chars_to_crypto_chars(buffer3, size2);
          }
      @*/
      //@ crypto_chars_to_chars(buffer3, size2);
      net_send(socket, buffer3, (unsigned int) size2);
      //@ public_cryptogram(buffer2, cg_enc);
    }
    aes_free(&aes_context);
    //@ crypto_chars_to_chars(iv, 16);
  }
  //@ open aes_context(&aes_context);
  //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
  //@ public_cryptogram(buffer1, cg_key);
}
Пример #4
0
void attacker_send_auth_encrypted(havege_state *havege_state, void* socket)
  //@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker);
  //@ ensures  attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
{
  int temp;
  int size1;
  int size2;
  char buffer1[MAX_MESSAGE_SIZE];
  char buffer2[MAX_MESSAGE_SIZE];
  char buffer3[MAX_MESSAGE_SIZE];
  gcm_context gcm_context;
  char iv[16];

  //@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker);

  size1 = net_recv(socket, buffer1, MAX_MESSAGE_SIZE);
  size2 = net_recv(socket, buffer2, MAX_MESSAGE_SIZE);
  if (size1 <= 0 || size2 <= 16 || size2 > MAX_MESSAGE_SIZE - 16 ||
      (size1 != 16 && size1 != 24 && size1 != 32))
  {
    //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
    return;
  }
  //@ assert chars(buffer1, size1, ?cs1);
  //@ assert chars(buffer2, size2, ?cs2);

  //@ close gcm_context(&gcm_context);
  //@ interpret_symmetric_key(buffer1, size1);
  //@ assert cryptogram(buffer1, size1, cs_to_ccs(cs1), ?cg_key);
  //@ assert cg_key == cg_symmetric_key(?p, ?c);
  if (gcm_init(&gcm_context, POLARSSL_CIPHER_ID_AES,
      buffer1, (unsigned int) size1 * 8) == 0)
  {
    if (get_iv(havege_state, iv) == 0)
    {
      //@ chars_to_crypto_chars(buffer2, size2);
      //@ chars_split(buffer3, 16);
      if (gcm_crypt_and_tag(&gcm_context, GCM_ENCRYPT,
                            (unsigned int) size2, iv, 16, NULL, 0,
                            buffer2, (void*) buffer3 + 16, 16, buffer3) == 0)
      {
        /*@
          {
            crypto_chars_to_chars(buffer2, size2);
            public_chars(buffer2, size2);
            chars_to_crypto_chars(buffer2, size2);
            assert exists(?cg_enc);
            assert is_public_auth_encryption_is_public(?proof2, pub, pred);
            proof2(cg_enc);
            assert crypto_chars(secret, buffer3, 16, ?ccs_tag);
            assert crypto_chars(secret, (void*) buffer3 + 16, size2, ?ccs_enc);
            public_cg_ccs(cg_enc);
            public_ccs_split(append(ccs_tag, ccs_enc), 16);
            take_append(16, ccs_tag, ccs_enc);
            drop_append(16, ccs_tag, ccs_enc);
            public_crypto_chars(buffer3, 16);
            public_crypto_chars((void*) buffer3 + 16, size2);
          }
        @*/
        net_send(socket, buffer3, (unsigned int) size2 + 16);
        //@ chars_to_crypto_chars(buffer3, 16);
        //@ chars_to_crypto_chars((void*) buffer3 + 16, size2);
      }
      //@ crypto_chars_to_chars(buffer2, size2);
      //@ crypto_chars_join(buffer3);
      //@ crypto_chars_to_chars(buffer3, size2 + 16);
    }
    gcm_free(&gcm_context);
    //@ crypto_chars_to_chars(iv, 16);
  }
  //@ open gcm_context(&gcm_context);
  //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
  //@ public_cryptogram(buffer1, cg_key);
}
Пример #5
0
void attacker_send_encrypted(havege_state *havege_state, void* socket)
  //@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker);
  //@ ensures  attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
{
  int temp;
  int size1;
  int size2;
  char buffer1[MAX_MESSAGE_SIZE];
  char buffer2[MAX_MESSAGE_SIZE];
  char buffer3[MAX_MESSAGE_SIZE];
  aes_context aes_context;
  size_t iv_off = 0;
  char iv[16];

  //@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker);

  size1 = net_recv(socket, buffer1, MAX_MESSAGE_SIZE);
  size2 = net_recv(socket, buffer2, MAX_MESSAGE_SIZE);
  if (size1 <= 0 || size2 < MINIMAL_STRING_SIZE ||
      (size1 != 16 && size1 != 24 && size1 != 32))
  {
    //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
    return;
  }

  //@ close aes_context(&aes_context);
  //@ interpret_symmetric_key(buffer1, size1);
  //@ assert cryptogram(buffer1, size1, ?ccs1, ?cg_key);
  //@ assert cg_key == cg_symmetric_key(?p, ?c);
  if (aes_setkey_enc(&aes_context, buffer1, (unsigned int) size1 * 8) == 0)
  {
    if (get_iv(havege_state, iv) == 0)
    {
      //@ assert crypto_chars(normal, iv, 16, ?ccs_iv);
      //@ chars_to_crypto_chars(buffer2, size2);
      if (aes_crypt_cfb128(&aes_context, AES_ENCRYPT,
                            (unsigned int) size2, &iv_off, iv, buffer2,
                            buffer3) == 0)
      {
        /*@
          {
            assert cryptogram(buffer3, size2, ?ccs_enc, ?cg_enc);
            assert cg_enc == cg_encrypted(p, c, ?cs2, ccs_iv);
            assert [_]pub(cg_key);
            assert is_public_encryption_is_public(?proof2, pub, pred);
            crypto_chars_to_chars(buffer2, size2);
            public_chars(buffer2, size2);
            proof2(cg_enc);
            public_cryptogram(buffer3, cg_enc);
            chars_to_crypto_chars(buffer2, size2);
          }
        @*/
        net_send(socket, buffer3, (unsigned int) size2);
      }
      //@ crypto_chars_to_chars(buffer2, size2);
    }
    aes_free(&aes_context);
    //@ open aes_context(&aes_context);
    //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
    //@ public_cryptogram(buffer1, cg_symmetric_key(p, c));
    //@ crypto_chars_to_chars(iv, 16);
    return;
  }

  //@ open aes_context(&aes_context);
  //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
  //@ public_cryptogram(buffer1, cg_symmetric_key(p, c));
  return;
}