Home Explore Help
Register Sign In
huang_chao
/
EC600G
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
EC600G
/
components
/
net
/
mbedtls
/
programs
/
aes
/
crypt_and_hash.c

crypt_and_hash.c 19 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651 
  1. /*
    2. 

  2.  *  \brief  Generic file encryption program using generic wrappers for configured
    3. 

  3.  *          security.
    4. 

  4.  *
    5. 

  5.  *  Copyright The Mbed TLS Contributors
    6. 

  6.  *  SPDX-License-Identifier: Apache-2.0
    7. 

  7.  *
    8. 

  8.  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
    9. 

  9.  *  not use this file except in compliance with the License.
    10. 

  10.  *  You may obtain a copy of the License at
    11. 

  11.  *
    12. 

  12.  *  http://www.apache.org/licenses/LICENSE-2.0
    13. 

  13.  *
    14. 

  14.  *  Unless required by applicable law or agreed to in writing, software
    15. 

  15.  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    16. 

  16.  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    17. 

  17.  *  See the License for the specific language governing permissions and
    18. 

  18.  *  limitations under the License.
    19. 

  19.  */
    20. 

  20. 

  21. /* Enable definition of fileno() even when compiling with -std=c99. Must be
    22. 

  22.  * set before config.h, which pulls in glibc's features.h indirectly.
    23. 

  23.  * Harmless on other platforms. */
    24. 

  24. #define _POSIX_C_SOURCE 200112L
    25. 

  25. 

  26. #if !defined(MBEDTLS_CONFIG_FILE)
    27. 

  27. #include "mbedtls/config.h"
    28. 

  28. #else
    29. 

  29. #include MBEDTLS_CONFIG_FILE
    30. 

  30. #endif
    31. 

  31. 

  32. #if defined(MBEDTLS_PLATFORM_C)
    33. 

  33. #include "mbedtls/platform.h"
    34. 

  34. #else
    35. 

  35. #include <stdio.h>
    36. 

  36. #include <stdlib.h>
    37. 

  37. #define mbedtls_fprintf         fprintf
    38. 

  38. #define mbedtls_printf          printf
    39. 

  39. #define mbedtls_exit            exit
    40. 

  40. #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
    41. 

  41. #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
    42. 

  42. #endif /* MBEDTLS_PLATFORM_C */
    43. 

  43. 

  44. #if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \
    45. 

  45.  defined(MBEDTLS_FS_IO)
    46. 

  46. #include "mbedtls/cipher.h"
    47. 

  47. #include "mbedtls/md.h"
    48. 

  48. #include "mbedtls/platform_util.h"
    49. 

  49. 

  50. #include <stdio.h>
    51. 

  51. #include <stdlib.h>
    52. 

  52. #include <string.h>
    53. 

  53. #endif
    54. 

  54. 

  55. #if defined(_WIN32)
    56. 

  56. #include <windows.h>
    57. 

  57. #if !defined(_WIN32_WCE)
    58. 

  58. #include <io.h>
    59. 

  59. #endif
    60. 

  60. #else
    61. 

  61. #include <sys/types.h>
    62. 

  62. #include <unistd.h>
    63. 

  63. #endif
    64. 

  64. 

  65. #define MODE_ENCRYPT    0
    66. 

  66. #define MODE_DECRYPT    1
    67. 

  67. 

  68. #define USAGE   \
    69. 

  69.     "\n  crypt_and_hash <mode> <input filename> <output filename> <cipher> <mbedtls_md> <key>\n" \
    70. 

  70.     "\n   <mode>: 0 = encrypt, 1 = decrypt\n" \
    71. 

  71.     "\n  example: crypt_and_hash 0 file file.aes AES-128-CBC SHA1 hex:E76B2413958B00E193\n" \
    72. 

  72.     "\n"
    73. 

  73. 

  74. #if !defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C) || \
    75. 

  75.     !defined(MBEDTLS_FS_IO)
    76. 

  76. int main( void )
    77. 

  77. {
    78. 

  78.     mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
    79. 

  79.     mbedtls_exit( 0 );
    80. 

  80. }
    81. 

  81. #else
    82. 

  82. 

  83. 

  84. int main( int argc, char *argv[] )
    85. 

  85. {
    86. 

  86.     int ret = 1, i;
    87. 

  87.     unsigned n;
    88. 

  88.     int exit_code = MBEDTLS_EXIT_FAILURE;
    89. 

  89.     int mode;
    90. 

  90.     size_t keylen, ilen, olen;
    91. 

  91.     FILE *fkey, *fin = NULL, *fout = NULL;
    92. 

  92. 

  93.     char *p;
    94. 

  94.     unsigned char IV[16];
    95. 

  95.     unsigned char key[512];
    96. 

  96.     unsigned char digest[MBEDTLS_MD_MAX_SIZE];
    97. 

  97.     unsigned char buffer[1024];
    98. 

  98.     unsigned char output[1024];
    99. 

  99.     unsigned char diff;
    100. 

  100. 

  101.     const mbedtls_cipher_info_t *cipher_info;
    102. 

  102.     const mbedtls_md_info_t *md_info;
    103. 

  103.     mbedtls_cipher_context_t cipher_ctx;
    104. 

  104.     mbedtls_md_context_t md_ctx;
    105. 

  105. #if defined(_WIN32_WCE)
    106. 

  106.     long filesize, offset;
    107. 

  107. #elif defined(_WIN32)
    108. 

  108.        LARGE_INTEGER li_size;
    109. 

  109.     __int64 filesize, offset;
    110. 

  110. #else
    111. 

  111.       off_t filesize, offset;
    112. 

  112. #endif
    113. 

  113. 

  114.     mbedtls_cipher_init( &cipher_ctx );
    115. 

  115.     mbedtls_md_init( &md_ctx );
    116. 

  116. 

  117.     /*
    118. 

  118.      * Parse the command-line arguments.
    119. 

  119.      */
    120. 

  120.     if( argc != 7 )
    121. 

  121.     {
    122. 

  122.         const int *list;
    123. 

  123. 

  124.         mbedtls_printf( USAGE );
    125. 

  125. 

  126.         mbedtls_printf( "Available ciphers:\n" );
    127. 

  127.         list = mbedtls_cipher_list();
    128. 

  128.         while( *list )
    129. 

  129.         {
    130. 

  130.             cipher_info = mbedtls_cipher_info_from_type( *list );
    131. 

  131.             mbedtls_printf( "  %s\n", cipher_info->name );
    132. 

  132.             list++;
    133. 

  133.         }
    134. 

  134. 

  135.         mbedtls_printf( "\nAvailable message digests:\n" );
    136. 

  136.         list = mbedtls_md_list();
    137. 

  137.         while( *list )
    138. 

  138.         {
    139. 

  139.             md_info = mbedtls_md_info_from_type( *list );
    140. 

  140.             mbedtls_printf( "  %s\n", mbedtls_md_get_name( md_info ) );
    141. 

  141.             list++;
    142. 

  142.         }
    143. 

  143. 

  144. #if defined(_WIN32)
    145. 

  145.         mbedtls_printf( "\n  Press Enter to exit this program.\n" );
    146. 

  146.         fflush( stdout ); getchar();
    147. 

  147. #endif
    148. 

  148. 

  149.         goto exit;
    150. 

  150.     }
    151. 

  151. 

  152.     mode = atoi( argv[1] );
    153. 

  153. 

  154.     if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
    155. 

  155.     {
    156. 

  156.         mbedtls_fprintf( stderr, "invalid operation mode\n" );
    157. 

  157.         goto exit;
    158. 

  158.     }
    159. 

  159. 

  160.     if( strcmp( argv[2], argv[3] ) == 0 )
    161. 

  161.     {
    162. 

  162.         mbedtls_fprintf( stderr, "input and output filenames must differ\n" );
    163. 

  163.         goto exit;
    164. 

  164.     }
    165. 

  165. 

  166.     if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
    167. 

  167.     {
    168. 

  168.         mbedtls_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
    169. 

  169.         goto exit;
    170. 

  170.     }
    171. 

  171. 

  172.     if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
    173. 

  173.     {
    174. 

  174.         mbedtls_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
    175. 

  175.         goto exit;
    176. 

  176.     }
    177. 

  177. 

  178.     /*
    179. 

  179.      * Read the Cipher and MD from the command line
    180. 

  180.      */
    181. 

  181.     cipher_info = mbedtls_cipher_info_from_string( argv[4] );
    182. 

  182.     if( cipher_info == NULL )
    183. 

  183.     {
    184. 

  184.         mbedtls_fprintf( stderr, "Cipher '%s' not found\n", argv[4] );
    185. 

  185.         goto exit;
    186. 

  186.     }
    187. 

  187.     if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info) ) != 0 )
    188. 

  188.     {
    189. 

  189.         mbedtls_fprintf( stderr, "mbedtls_cipher_setup failed\n" );
    190. 

  190.         goto exit;
    191. 

  191.     }
    192. 

  192. 

  193.     md_info = mbedtls_md_info_from_string( argv[5] );
    194. 

  194.     if( md_info == NULL )
    195. 

  195.     {
    196. 

  196.         mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] );
    197. 

  197.         goto exit;
    198. 

  198.     }
    199. 

  199. 

  200.     if( mbedtls_md_setup( &md_ctx, md_info, 1 ) != 0 )
    201. 

  201.     {
    202. 

  202.         mbedtls_fprintf( stderr, "mbedtls_md_setup failed\n" );
    203. 

  203.         goto exit;
    204. 

  204.     }
    205. 

  205. 

  206.     /*
    207. 

  207.      * Read the secret key from file or command line
    208. 

  208.      */
    209. 

  209.     if( ( fkey = fopen( argv[6], "rb" ) ) != NULL )
    210. 

  210.     {
    211. 

  211.         keylen = fread( key, 1, sizeof( key ), fkey );
    212. 

  212.         fclose( fkey );
    213. 

  213.     }
    214. 

  214.     else
    215. 

  215.     {
    216. 

  216.         if( memcmp( argv[6], "hex:", 4 ) == 0 )
    217. 

  217.         {
    218. 

  218.             p = &argv[6][4];
    219. 

  219.             keylen = 0;
    220. 

  220. 

  221.             while( sscanf( p, "%02X", (unsigned int*) &n ) > 0 &&
    222. 

  222.                    keylen < (int) sizeof( key ) )
    223. 

  223.             {
    224. 

  224.                 key[keylen++] = (unsigned char) n;
    225. 

  225.                 p += 2;
    226. 

  226.             }
    227. 

  227.         }
    228. 

  228.         else
    229. 

  229.         {
    230. 

  230.             keylen = strlen( argv[6] );
    231. 

  231. 

  232.             if( keylen > (int) sizeof( key ) )
    233. 

  233.                 keylen = (int) sizeof( key );
    234. 

  234. 

  235.             memcpy( key, argv[6], keylen );
    236. 

  236.         }
    237. 

  237.     }
    238. 

  238. 

  239. #if defined(_WIN32_WCE)
    240. 

  240.     filesize = fseek( fin, 0L, SEEK_END );
    241. 

  241. #else
    242. 

  242. #if defined(_WIN32)
    243. 

  243.     /*
    244. 

  244.      * Support large files (> 2Gb) on Win32
    245. 

  245.      */
    246. 

  246.     li_size.QuadPart = 0;
    247. 

  247.     li_size.LowPart  =
    248. 

  248.         SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
    249. 

  249.                         li_size.LowPart, &li_size.HighPart, FILE_END );
    250. 

  250. 

  251.     if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
    252. 

  252.     {
    253. 

  253.         mbedtls_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
    254. 

  254.         goto exit;
    255. 

  255.     }
    256. 

  256. 

  257.     filesize = li_size.QuadPart;
    258. 

  258. #else
    259. 

  259.     if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
    260. 

  260.     {
    261. 

  261.         perror( "lseek" );
    262. 

  262.         goto exit;
    263. 

  263.     }
    264. 

  264. #endif
    265. 

  265. #endif
    266. 

  266. 

  267.     if( fseek( fin, 0, SEEK_SET ) < 0 )
    268. 

  268.     {
    269. 

  269.         mbedtls_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
    270. 

  270.         goto exit;
    271. 

  271.     }
    272. 

  272. 

  273.     if( mode == MODE_ENCRYPT )
    274. 

  274.     {
    275. 

  275.         /*
    276. 

  276.          * Generate the initialization vector as:
    277. 

  277.          * IV = MD( filesize || filename )[0..15]
    278. 

  278.          */
    279. 

  279.         for( i = 0; i < 8; i++ )
    280. 

  280.             buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
    281. 

  281. 

  282.         p = argv[2];
    283. 

  283. 

  284.         if( mbedtls_md_starts( &md_ctx ) != 0 )
    285. 

  285.         {
    286. 

  286.             mbedtls_fprintf( stderr, "mbedtls_md_starts() returned error\n" );
    287. 

  287.             goto exit;
    288. 

  288.         }
    289. 

  289.         if( mbedtls_md_update( &md_ctx, buffer, 8 ) != 0 )
    290. 

  290.         {
    291. 

  291.             mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
    292. 

  292.             goto exit;
    293. 

  293.         }
    294. 

  294.         if( mbedtls_md_update( &md_ctx, ( unsigned char * ) p, strlen( p ) )
    295. 

  295.             != 0 )
    296. 

  296.         {
    297. 

  297.             mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
    298. 

  298.             goto exit;
    299. 

  299.         }
    300. 

  300.         if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
    301. 

  301.         {
    302. 

  302.             mbedtls_fprintf( stderr, "mbedtls_md_finish() returned error\n" );
    303. 

  303.             goto exit;
    304. 

  304.         }
    305. 

  305. 

  306.         memcpy( IV, digest, 16 );
    307. 

  307. 

  308.         /*
    309. 

  309.          * Append the IV at the beginning of the output.
    310. 

  310.          */
    311. 

  311.         if( fwrite( IV, 1, 16, fout ) != 16 )
    312. 

  312.         {
    313. 

  313.             mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
    314. 

  314.             goto exit;
    315. 

  315.         }
    316. 

  316. 

  317.         /*
    318. 

  318.          * Hash the IV and the secret key together 8192 times
    319. 

  319.          * using the result to setup the AES context and HMAC.
    320. 

  320.          */
    321. 

  321.         memset( digest, 0,  32 );
    322. 

  322.         memcpy( digest, IV, 16 );
    323. 

  323. 

  324.         for( i = 0; i < 8192; i++ )
    325. 

  325.         {
    326. 

  326.             if( mbedtls_md_starts( &md_ctx ) != 0 )
    327. 

  327.             {
    328. 

  328.                 mbedtls_fprintf( stderr,
    329. 

  329.                                  "mbedtls_md_starts() returned error\n" );
    330. 

  330.                 goto exit;
    331. 

  331.             }
    332. 

  332.             if( mbedtls_md_update( &md_ctx, digest, 32 ) != 0 )
    333. 

  333.             {
    334. 

  334.                 mbedtls_fprintf( stderr,
    335. 

  335.                                  "mbedtls_md_update() returned error\n" );
    336. 

  336.                 goto exit;
    337. 

  337.             }
    338. 

  338.             if( mbedtls_md_update( &md_ctx, key, keylen ) != 0 )
    339. 

  339.             {
    340. 

  340.                 mbedtls_fprintf( stderr,
    341. 

  341.                                  "mbedtls_md_update() returned error\n" );
    342. 

  342.                 goto exit;
    343. 

  343.             }
    344. 

  344.             if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
    345. 

  345.             {
    346. 

  346.                 mbedtls_fprintf( stderr,
    347. 

  347.                                  "mbedtls_md_finish() returned error\n" );
    348. 

  348.                 goto exit;
    349. 

  349.             }
    350. 

  350. 

  351.         }
    352. 

  352. 

  353.         if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
    354. 

  354.                            MBEDTLS_ENCRYPT ) != 0 )
    355. 

  355.         {
    356. 

  356.             mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
    357. 

  357.             goto exit;
    358. 

  358.         }
    359. 

  359.         if( mbedtls_cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
    360. 

  360.         {
    361. 

  361.             mbedtls_fprintf( stderr, "mbedtls_cipher_set_iv() returned error\n");
    362. 

  362.             goto exit;
    363. 

  363.         }
    364. 

  364.         if( mbedtls_cipher_reset( &cipher_ctx ) != 0 )
    365. 

  365.         {
    366. 

  366.             mbedtls_fprintf( stderr, "mbedtls_cipher_reset() returned error\n");
    367. 

  367.             goto exit;
    368. 

  368.         }
    369. 

  369. 

  370.         if( mbedtls_md_hmac_starts( &md_ctx, digest, 32 ) != 0 )
    371. 

  371.         {
    372. 

  372.             mbedtls_fprintf( stderr, "mbedtls_md_hmac_starts() returned error\n" );
    373. 

  373.             goto exit;
    374. 

  374.         }
    375. 

  375. 

  376.         /*
    377. 

  377.          * Encrypt and write the ciphertext.
    378. 

  378.          */
    379. 

  379.         for( offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size( &cipher_ctx ) )
    380. 

  380.         {
    381. 

  381.             ilen = ( (unsigned int) filesize - offset > mbedtls_cipher_get_block_size( &cipher_ctx ) ) ?
    382. 

  382.                 mbedtls_cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
    383. 

  383. 

  384.             if( fread( buffer, 1, ilen, fin ) != ilen )
    385. 

  385.             {
    386. 

  386.                 mbedtls_fprintf( stderr, "fread(%ld bytes) failed\n", (long) ilen );
    387. 

  387.                 goto exit;
    388. 

  388.             }
    389. 

  389. 

  390.             if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output, &olen ) != 0 )
    391. 

  391.             {
    392. 

  392.                 mbedtls_fprintf( stderr, "mbedtls_cipher_update() returned error\n");
    393. 

  393.                 goto exit;
    394. 

  394.             }
    395. 

  395. 

  396.             if( mbedtls_md_hmac_update( &md_ctx, output, olen ) != 0 )
    397. 

  397.             {
    398. 

  398.                 mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
    399. 

  399.                 goto exit;
    400. 

  400.             }
    401. 

  401. 

  402.             if( fwrite( output, 1, olen, fout ) != olen )
    403. 

  403.             {
    404. 

  404.                 mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
    405. 

  405.                 goto exit;
    406. 

  406.             }
    407. 

  407.         }
    408. 

  408. 

  409.         if( mbedtls_cipher_finish( &cipher_ctx, output, &olen ) != 0 )
    410. 

  410.         {
    411. 

  411.             mbedtls_fprintf( stderr, "mbedtls_cipher_finish() returned error\n" );
    412. 

  412.             goto exit;
    413. 

  413.         }
    414. 

  414.         if( mbedtls_md_hmac_update( &md_ctx, output, olen ) != 0 )
    415. 

  415.         {
    416. 

  416.             mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
    417. 

  417.             goto exit;
    418. 

  418.         }
    419. 

  419. 

  420.         if( fwrite( output, 1, olen, fout ) != olen )
    421. 

  421.         {
    422. 

  422.             mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
    423. 

  423.             goto exit;
    424. 

  424.         }
    425. 

  425. 

  426.         /*
    427. 

  427.          * Finally write the HMAC.
    428. 

  428.          */
    429. 

  429.         if( mbedtls_md_hmac_finish( &md_ctx, digest ) != 0 )
    430. 

  430.         {
    431. 

  431.             mbedtls_fprintf( stderr, "mbedtls_md_hmac_finish() returned error\n" );
    432. 

  432.             goto exit;
    433. 

  433.         }
    434. 

  434. 

  435.         if( fwrite( digest, 1, mbedtls_md_get_size( md_info ), fout ) != mbedtls_md_get_size( md_info ) )
    436. 

  436.         {
    437. 

  437.             mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", mbedtls_md_get_size( md_info ) );
    438. 

  438.             goto exit;
    439. 

  439.         }
    440. 

  440.     }
    441. 

  441. 

  442.     if( mode == MODE_DECRYPT )
    443. 

  443.     {
    444. 

  444.         /*
    445. 

  445.          *  The encrypted file must be structured as follows:
    446. 

  446.          *
    447. 

  447.          *        00 .. 15              Initialization Vector
    448. 

  448.          *        16 .. 31              Encrypted Block #1
    449. 

  449.          *           ..
    450. 

  450.          *      N*16 .. (N+1)*16 - 1    Encrypted Block #N
    451. 

  451.          *  (N+1)*16 .. (N+1)*16 + n    Hash(ciphertext)
    452. 

  452.          */
    453. 

  453.         if( filesize < 16 + mbedtls_md_get_size( md_info ) )
    454. 

  454.         {
    455. 

  455.             mbedtls_fprintf( stderr, "File too short to be encrypted.\n" );
    456. 

  456.             goto exit;
    457. 

  457.         }
    458. 

  458. 

  459.         if( mbedtls_cipher_get_block_size( &cipher_ctx ) == 0 )
    460. 

  460.         {
    461. 

  461.             mbedtls_fprintf( stderr, "Invalid cipher block size: 0. \n" );
    462. 

  462.             goto exit;
    463. 

  463.         }
    464. 

  464. 

  465.         /*
    466. 

  466.          * Check the file size.
    467. 

  467.          */
    468. 

  468.         if( cipher_info->mode != MBEDTLS_MODE_GCM &&
    469. 

  469.             ( ( filesize - mbedtls_md_get_size( md_info ) ) %
    470. 

  470.                 mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
    471. 

  471.         {
    472. 

  472.             mbedtls_fprintf( stderr, "File content not a multiple of the block size (%u).\n",
    473. 

  473.                      mbedtls_cipher_get_block_size( &cipher_ctx ));
    474. 

  474.             goto exit;
    475. 

  475.         }
    476. 

  476. 

  477.         /*
    478. 

  478.          * Subtract the IV + HMAC length.
    479. 

  479.          */
    480. 

  480.         filesize -= ( 16 + mbedtls_md_get_size( md_info ) );
    481. 

  481. 

  482.         /*
    483. 

  483.          * Read the IV and original filesize modulo 16.
    484. 

  484.          */
    485. 

  485.         if( fread( buffer, 1, 16, fin ) != 16 )
    486. 

  486.         {
    487. 

  487.             mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
    488. 

  488.             goto exit;
    489. 

  489.         }
    490. 

  490. 

  491.         memcpy( IV, buffer, 16 );
    492. 

  492. 

  493.         /*
    494. 

  494.          * Hash the IV and the secret key together 8192 times
    495. 

  495.          * using the result to setup the AES context and HMAC.
    496. 

  496.          */
    497. 

  497.         memset( digest, 0,  32 );
    498. 

  498.         memcpy( digest, IV, 16 );
    499. 

  499. 

  500.         for( i = 0; i < 8192; i++ )
    501. 

  501.         {
    502. 

  502.             if( mbedtls_md_starts( &md_ctx ) != 0 )
    503. 

  503.             {
    504. 

  504.                 mbedtls_fprintf( stderr, "mbedtls_md_starts() returned error\n" );
    505. 

  505.                 goto exit;
    506. 

  506.             }
    507. 

  507.             if( mbedtls_md_update( &md_ctx, digest, 32 ) != 0 )
    508. 

  508.             {
    509. 

  509.                 mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
    510. 

  510.                 goto exit;
    511. 

  511.             }
    512. 

  512.             if( mbedtls_md_update( &md_ctx, key, keylen ) != 0 )
    513. 

  513.             {
    514. 

  514.                 mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
    515. 

  515.                 goto exit;
    516. 

  516.             }
    517. 

  517.             if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
    518. 

  518.             {
    519. 

  519.                 mbedtls_fprintf( stderr, "mbedtls_md_finish() returned error\n" );
    520. 

  520.                 goto exit;
    521. 

  521.             }
    522. 

  522.         }
    523. 

  523. 

  524.         if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
    525. 

  525.                            MBEDTLS_DECRYPT ) != 0 )
    526. 

  526.         {
    527. 

  527.             mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );
    528. 

  528.             goto exit;
    529. 

  529.         }
    530. 

  530. 

  531.         if( mbedtls_cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
    532. 

  532.         {
    533. 

  533.             mbedtls_fprintf( stderr, "mbedtls_cipher_set_iv() returned error\n" );
    534. 

  534.             goto exit;
    535. 

  535.         }
    536. 

  536. 

  537.         if( mbedtls_cipher_reset( &cipher_ctx ) != 0 )
    538. 

  538.         {
    539. 

  539.             mbedtls_fprintf( stderr, "mbedtls_cipher_reset() returned error\n" );
    540. 

  540.             goto exit;
    541. 

  541.         }
    542. 

  542. 

  543.         if( mbedtls_md_hmac_starts( &md_ctx, digest, 32 ) != 0 )
    544. 

  544.         {
    545. 

  545.             mbedtls_fprintf( stderr, "mbedtls_md_hmac_starts() returned error\n" );
    546. 

  546.             goto exit;
    547. 

  547.         }
    548. 

  548. 

  549.         /*
    550. 

  550.          * Decrypt and write the plaintext.
    551. 

  551.          */
    552. 

  552.         for( offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size( &cipher_ctx ) )
    553. 

  553.         {
    554. 

  554.             ilen = ( (unsigned int) filesize - offset > mbedtls_cipher_get_block_size( &cipher_ctx ) ) ?
    555. 

  555.                 mbedtls_cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
    556. 

  556. 

  557.             if( fread( buffer, 1, ilen, fin ) != ilen )
    558. 

  558.             {
    559. 

  559.                 mbedtls_fprintf( stderr, "fread(%u bytes) failed\n",
    560. 

  560.                     mbedtls_cipher_get_block_size( &cipher_ctx ) );
    561. 

  561.                 goto exit;
    562. 

  562.             }
    563. 

  563. 

  564.             if( mbedtls_md_hmac_update( &md_ctx, buffer, ilen ) != 0 )
    565. 

  565.             {
    566. 

  566.                 mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
    567. 

  567.                 goto exit;
    568. 

  568.             }
    569. 

  569.             if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output,
    570. 

  570.                                        &olen ) != 0 )
    571. 

  571.             {
    572. 

  572.                 mbedtls_fprintf( stderr, "mbedtls_cipher_update() returned error\n" );
    573. 

  573.                 goto exit;
    574. 

  574.             }
    575. 

  575. 

  576.             if( fwrite( output, 1, olen, fout ) != olen )
    577. 

  577.             {
    578. 

  578.                 mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
    579. 

  579.                 goto exit;
    580. 

  580.             }
    581. 

  581.         }
    582. 

  582. 

  583.         /*
    584. 

  584.          * Verify the message authentication code.
    585. 

  585.          */
    586. 

  586.         if( mbedtls_md_hmac_finish( &md_ctx, digest ) != 0 )
    587. 

  587.         {
    588. 

  588.             mbedtls_fprintf( stderr, "mbedtls_md_hmac_finish() returned error\n" );
    589. 

  589.             goto exit;
    590. 

  590.         }
    591. 

  591. 

  592.         if( fread( buffer, 1, mbedtls_md_get_size( md_info ), fin ) != mbedtls_md_get_size( md_info ) )
    593. 

  593.         {
    594. 

  594.             mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", mbedtls_md_get_size( md_info ) );
    595. 

  595.             goto exit;
    596. 

  596.         }
    597. 

  597. 

  598.         /* Use constant-time buffer comparison */
    599. 

  599.         diff = 0;
    600. 

  600.         for( i = 0; i < mbedtls_md_get_size( md_info ); i++ )
    601. 

  601.             diff |= digest[i] ^ buffer[i];
    602. 

  602. 

  603.         if( diff != 0 )
    604. 

  604.         {
    605. 

  605.             mbedtls_fprintf( stderr, "HMAC check failed: wrong key, "
    606. 

  606.                              "or file corrupted.\n" );
    607. 

  607.             goto exit;
    608. 

  608.         }
    609. 

  609. 

  610.         /*
    611. 

  611.          * Write the final block of data
    612. 

  612.          */
    613. 

  613.         if( mbedtls_cipher_finish( &cipher_ctx, output, &olen ) != 0 )
    614. 

  614.         {
    615. 

  615.             mbedtls_fprintf( stderr, "mbedtls_cipher_finish() returned error\n" );
    616. 

  616.             goto exit;
    617. 

  617.         }
    618. 

  618. 

  619.         if( fwrite( output, 1, olen, fout ) != olen )
    620. 

  620.         {
    621. 

  621.             mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
    622. 

  622.             goto exit;
    623. 

  623.         }
    624. 

  624.     }
    625. 

  625. 

  626.     exit_code = MBEDTLS_EXIT_SUCCESS;
    627. 

  627. 

  628. exit:
    629. 

  629.     if( fin )
    630. 

  630.         fclose( fin );
    631. 

  631.     if( fout )
    632. 

  632.         fclose( fout );
    633. 

  633. 

  634.     /* Zeroize all command line arguments to also cover
    635. 

  635.        the case when the user has missed or reordered some,
    636. 

  636.        in which case the key might not be in argv[6]. */
    637. 

  637.     for( i = 0; i < argc; i++ )
    638. 

  638.         mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
    639. 

  639. 

  640.     mbedtls_platform_zeroize( IV,     sizeof( IV ) );
    641. 

  641.     mbedtls_platform_zeroize( key,    sizeof( key ) );
    642. 

  642.     mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
    643. 

  643.     mbedtls_platform_zeroize( output, sizeof( output ) );
    644. 

  644.     mbedtls_platform_zeroize( digest, sizeof( digest ) );
    645. 

  645. 

  646.     mbedtls_cipher_free( &cipher_ctx );
    647. 

  647.     mbedtls_md_free( &md_ctx );
    648. 

  648. 

  649.     mbedtls_exit( exit_code );
    650. 

  650. }
    651. 

  651. #endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */
    652.