/* [noscript] long decrypt (in buffer data, in long dataLen, out buffer result); */
NS_IMETHODIMP nsSecretDecoderRing::
Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 *_retval)
{
nsNSSShutDownPreventionLock locker;
nsresult rv = NS_OK;
PK11SlotInfo *slot = 0;
PK11SlotInfoCleaner tmpSlotCleaner(slot);
SECStatus s;
SECItem request;
SECItem reply;
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsSDRContext();
if (!ctx) { rv = NS_ERROR_OUT_OF_MEMORY; goto loser; }
*result = 0;
*_retval = 0;
/* Find token with SDR key */
slot = PK11_GetInternalKeySlot();
if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
/* Force authentication */
if (PK11_Authenticate(slot, true, ctx) != SECSuccess)
{
rv = NS_ERROR_NOT_AVAILABLE;
goto loser;
}
request.data = data;
request.len = dataLen;
reply.data = 0;
reply.len = 0;
s = PK11SDR_Decrypt(&request, &reply, ctx);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; }
*result = reply.data;
*_retval = reply.len;
loser:
return rv;
}
void
doDecrypt(char * dataString, FILE *outFile, FILE *logFile, secuPWData *pwdata)
{
int strLen = strlen(dataString);
SECItem *decoded = NSSBase64_DecodeBuffer(NULL, NULL, dataString, strLen);
SECStatus rv;
int err;
SECItem result = { siBuffer, NULL, 0 };
if ((decoded == NULL) || (decoded->len == 0)) {
if (logFile) {
err = PORT_GetError();
fprintf(logFile,"Base 64 decode failed on <%s>\n", dataString);
fprintf(logFile," Error %d: %s\n", err, SECU_Strerror(err));
}
fputs(dataString, outFile);
if (decoded)
SECITEM_FreeItem(decoded, PR_TRUE);
return;
}
rv = PK11SDR_Decrypt(decoded, &result, pwdata);
SECITEM_ZfreeItem(decoded, PR_TRUE);
if (rv == SECSuccess) {
/* result buffer has no extra space for a NULL */
fprintf(outFile, "Decrypted: \"%.*s\"\n", result.len, result.data);
SECITEM_ZfreeItem(&result, PR_FALSE);
return;
}
/* Encryption failed. output raw input. */
if (logFile) {
err = PORT_GetError();
fprintf(logFile,"SDR decrypt failed on <%s>\n", dataString);
fprintf(logFile," Error %d: %s\n", err, SECU_Strerror(err));
}
fputs(dataString,outFile);
}
int
main (int argc, char **argv)
{
int retval = 0; /* 0 - test succeeded. -1 - test failed */
SECStatus rv;
PLOptState *optstate;
char *program_name;
char *input_file = NULL; /* read encrypted data from here (or create) */
char *output_file = NULL; /* write new encrypted data here */
char *log_file = NULL; /* write new encrypted data here */
FILE *inFile = stdin;
FILE *outFile = stdout;
FILE *logFile = NULL;
PLOptStatus optstatus;
SECItem result;
int c;
secuPWData pwdata = { PW_NONE, NULL };
result.data = 0;
program_name = PL_strrchr(argv[0], '/');
program_name = program_name ? (program_name + 1) : argv[0];
optstate = PL_CreateOptState (argc, argv, "Hd:f:i:o:l:p:?");
if (optstate == NULL) {
SECU_PrintError (program_name, "PL_CreateOptState failed");
return 1;
}
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
short_usage (program_name);
return 1;
case 'H':
long_usage (program_name);
return 1;
case 'd':
SECU_ConfigDirectory(optstate->value);
break;
case 'i':
input_file = PL_strdup(optstate->value);
break;
case 'o':
output_file = PL_strdup(optstate->value);
break;
case 'l':
log_file = PL_strdup(optstate->value);
break;
case 'f':
pwdata.source = PW_FROMFILE;
pwdata.data = PL_strdup(optstate->value);
break;
case 'p':
pwdata.source = PW_PLAINTEXT;
pwdata.data = PL_strdup(optstate->value);
break;
}
}
PL_DestroyOptState(optstate);
if (optstatus == PL_OPT_BAD) {
short_usage (program_name);
return 1;
}
if (input_file) {
inFile = fopen(input_file,"r");
if (inFile == NULL) {
perror(input_file);
return 1;
}
PR_Free(input_file);
}
if (output_file) {
outFile = fopen(output_file,"w+");
if (outFile == NULL) {
perror(output_file);
return 1;
}
PR_Free(output_file);
}
if (log_file) {
logFile = fopen(log_file,"w+");
if (logFile == NULL) {
perror(log_file);
return 1;
}
PR_Free(log_file);
}
/*
* Initialize the Security libraries.
*/
PK11_SetPasswordFunc(SECU_GetModulePassword);
rv = NSS_Init(SECU_ConfigDirectory(NULL));
if (rv != SECSuccess) {
SECU_PrintError (program_name, "NSS_Init failed");
retval = 1;
goto prdone;
}
/* Get the encrypted result, either from the input file
* or from encrypting the plaintext value
*/
while ((c = getc(inFile)) != EOF) {
if (c == 'M') {
char *dataString = NULL;
SECItem *inText;
rv = getData(inFile, &dataString);
if (!rv) {
fputs(dataString,outFile);
free(dataString);
continue;
}
inText = NSSBase64_DecodeBuffer(NULL, NULL, dataString,
strlen(dataString));
if ((inText == NULL) || (inText->len == 0)) {
if (logFile) {
fprintf(logFile,"Base 64 decode failed on <%s>\n",
dataString);
fprintf(logFile," Error %x: %s\n",PORT_GetError(),
SECU_Strerror(PORT_GetError()));
}
fputs(dataString,outFile);
free(dataString);
continue;
}
result.data = NULL;
result.len = 0;
rv = PK11SDR_Decrypt(inText, &result, &pwdata);
SECITEM_FreeItem(inText, PR_TRUE);
if (rv != SECSuccess) {
if (logFile) {
fprintf(logFile,"SDR decrypt failed on <%s>\n",
dataString);
fprintf(logFile," Error %x: %s\n",PORT_GetError(),
SECU_Strerror(PORT_GetError()));
}
fputs(dataString,outFile);
free(dataString);
SECITEM_ZfreeItem(&result, PR_FALSE);
continue;
}
/* result buffer has no extra space for a NULL */
fprintf(outFile, "%.*s", result.len, result.data);
SECITEM_ZfreeItem(&result, PR_FALSE);
} else {
putc(c,outFile);
}
}
fclose(outFile);
fclose(inFile);
if (logFile) {
fclose(logFile);
}
if (NSS_Shutdown() != SECSuccess) {
SECU_PrintError (program_name, "NSS_Shutdown failed");
exit(1);
}
prdone:
PR_Cleanup ();
return retval;
}
int
main (int argc, char **argv)
{
int retval = 0; /* 0 - test succeeded. -1 - test failed */
SECStatus rv;
PLOptState *optstate;
PLOptStatus optstatus;
char *program_name;
const char *input_file = NULL; /* read encrypted data from here (or create) */
const char *output_file = NULL; /* write new encrypted data here */
const char *value = default_value; /* Use this for plaintext */
SECItem data;
SECItem result = {0, 0, 0};
SECItem text;
PRBool ascii = PR_FALSE;
secuPWData pwdata = { PW_NONE, 0 };
pr_stderr = PR_STDERR;
result.data = 0;
text.data = 0; text.len = 0;
program_name = PL_strrchr(argv[0], '/');
program_name = program_name ? (program_name + 1) : argv[0];
optstate = PL_CreateOptState (argc, argv, "?Had:i:o:t:vf:p:");
if (optstate == NULL) {
SECU_PrintError (program_name, "PL_CreateOptState failed");
return -1;
}
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
short_usage (program_name);
return retval;
case 'H':
long_usage (program_name);
return retval;
case 'a':
ascii = PR_TRUE;
break;
case 'd':
SECU_ConfigDirectory(optstate->value);
break;
case 'i':
input_file = optstate->value;
break;
case 'o':
output_file = optstate->value;
break;
case 't':
value = optstate->value;
break;
case 'f':
if (pwdata.data) {
PORT_Free(pwdata.data);
short_usage(program_name);
return -1;
}
pwdata.source = PW_FROMFILE;
pwdata.data = PORT_Strdup(optstate->value);
break;
case 'p':
if (pwdata.data) {
PORT_Free(pwdata.data);
short_usage(program_name);
return -1;
}
pwdata.source = PW_PLAINTEXT;
pwdata.data = PORT_Strdup(optstate->value);
break;
case 'v':
verbose = PR_TRUE;
break;
}
}
PL_DestroyOptState(optstate);
if (optstatus == PL_OPT_BAD) {
short_usage (program_name);
return -1;
}
if (!output_file && !input_file && value == default_value) {
short_usage (program_name);
PR_fprintf (pr_stderr, "Must specify at least one of -t, -i or -o \n");
return -1;
}
/*
* Initialize the Security libraries.
*/
PK11_SetPasswordFunc(SECU_GetModulePassword);
if (output_file) {
rv = NSS_InitReadWrite(SECU_ConfigDirectory(NULL));
} else {
rv = NSS_Init(SECU_ConfigDirectory(NULL));
}
if (rv != SECSuccess) {
SECU_PrintError(program_name, "NSS_Init failed");
retval = -1;
goto prdone;
}
/* Convert value into an item */
data.data = (unsigned char *)value;
data.len = strlen(value);
/* Get the encrypted result, either from the input file
* or from encrypting the plaintext value
*/
if (input_file)
{
if (verbose) printf("Reading data from %s\n", input_file);
if (!strcmp(input_file, "-")) {
retval = readStdin(&result);
ascii = PR_TRUE;
} else {
retval = readInputFile(input_file, &result);
}
if (retval != 0)
goto loser;
if (ascii) {
/* input was base64 encoded. Decode it. */
SECItem newResult = {0, 0, 0};
SECItem *ok = NSSBase64_DecodeBuffer(NULL, &newResult,
(const char *)result.data, result.len);
if (!ok) {
SECU_PrintError(program_name, "Base 64 decode failed");
retval = -1;
goto loser;
}
SECITEM_ZfreeItem(&result, PR_FALSE);
result = *ok;
}
}
else
{
SECItem keyid = { 0, 0, 0 };
SECItem outBuf = { 0, 0, 0 };
PK11SlotInfo *slot = NULL;
/* sigh, initialize the key database */
slot = PK11_GetInternalKeySlot();
if (slot && PK11_NeedUserInit(slot)) {
switch (pwdata.source) {
case PW_FROMFILE:
rv = SECU_ChangePW(slot, 0, pwdata.data);
break;
case PW_PLAINTEXT:
rv = SECU_ChangePW(slot, pwdata.data, 0);
break;
default:
rv = SECU_ChangePW(slot, "", 0);
break;
}
if (rv != SECSuccess) {
SECU_PrintError(program_name, "Failed to initialize slot \"%s\"",
PK11_GetSlotName(slot));
return SECFailure;
}
}
if (slot) {
PK11_FreeSlot(slot);
}
rv = PK11SDR_Encrypt(&keyid, &data, &result, &pwdata);
if (rv != SECSuccess) {
if (verbose)
SECU_PrintError(program_name, "Encrypt operation failed\n");
retval = -1;
goto loser;
}
if (verbose) printf("Encrypted result is %d bytes long\n", result.len);
if (!strcmp(output_file, "-")) {
ascii = PR_TRUE;
}
if (ascii) {
/* base64 encode output. */
char * newResult = NSSBase64_EncodeItem(NULL, NULL, 0, &result);
if (!newResult) {
SECU_PrintError(program_name, "Base 64 encode failed\n");
retval = -1;
goto loser;
}
outBuf.data = (unsigned char *)newResult;
outBuf.len = strlen(newResult);
if (verbose)
printf("Base 64 encoded result is %d bytes long\n", outBuf.len);
} else {
outBuf = result;
}
/* -v printf("Result is %.*s\n", text.len, text.data); */
if (output_file) {
PRFileDesc *file;
PRInt32 count;
if (verbose) printf("Writing result to %s\n", output_file);
if (!strcmp(output_file, "-")) {
file = PR_STDOUT;
} else {
/* Write to file */
file = PR_Open(output_file, PR_CREATE_FILE|PR_WRONLY, 0666);
}
if (!file) {
if (verbose)
SECU_PrintError(program_name,
"Open of output file %s failed\n",
output_file);
retval = -1;
goto loser;
}
count = PR_Write(file, outBuf.data, outBuf.len);
if (file == PR_STDOUT) {
puts("");
} else {
PR_Close(file);
}
if (count != outBuf.len) {
if (verbose) SECU_PrintError(program_name, "Write failed\n");
retval = -1;
goto loser;
}
if (ascii) {
free(outBuf.data);
}
}
}
/* Decrypt the value */
rv = PK11SDR_Decrypt(&result, &text, &pwdata);
if (rv != SECSuccess) {
if (verbose) SECU_PrintError(program_name, "Decrypt operation failed\n");
retval = -1;
goto loser;
}
if (verbose) printf("Decrypted result is \"%.*s\"\n", text.len, text.data);
/* Compare to required value */
if (text.len != data.len || memcmp(data.data, text.data, text.len) != 0)
{
if (verbose) PR_fprintf(pr_stderr, "Comparison failed\n");
retval = -1;
goto loser;
}
loser:
if (text.data) SECITEM_ZfreeItem(&text, PR_FALSE);
if (result.data) SECITEM_ZfreeItem(&result, PR_FALSE);
if (NSS_Shutdown() != SECSuccess) {
exit(1);
}
prdone:
PR_Cleanup ();
if (pwdata.data) {
PORT_Free(pwdata.data);
}
return retval;
}