projects/sencrypt: sencrypt.c annotate

annotate sencrypt.c @ 21:5f9dc8f3c53e version-3

Release version 3

author	Guido Berhoerster <guido+sencrypt@berhoerster.name>
date	Mon, 05 Aug 2019 11:19:02 +0200
parents	c45f17f58de1
children

rev	line source
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	1 /*
9 cc930aa0f3c2 Perform 50000 iterations with the PBKDF2 hash function when creating new files Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 4 diff changeset	2 * Copyright (C) 2016 Guido Berhoerster <guido+sencrypt@berhoerster.name>
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	3 *
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	4 * Permission is hereby granted, free of charge, to any person obtaining
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	5 * a copy of this software and associated documentation files (the
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	6 * "Software"), to deal in the Software without restriction, including
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	7 * without limitation the rights to use, copy, modify, merge, publish,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	8 * distribute, sublicense, and/or sell copies of the Software, and to
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	9 * permit persons to whom the Software is furnished to do so, subject to
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	10 * the following conditions:
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	11 *
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	12 * The above copyright notice and this permission notice shall be included
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	13 * in all copies or substantial portions of the Software.
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	14 *
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	18 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	19 * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	20 * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	21 * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	22 */
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	23
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	24 #include <stdio.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	25 #include <string.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	26 #include <stdint.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	27 #include <stdbool.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	28 #include <unistd.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	29 #include <limits.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	30 #include <libgen.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	31 #include <arpa/inet.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	32 #include <sys/stat.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	33 #include <openssl/conf.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	34 #include <openssl/rand.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	35 #include <openssl/evp.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	36 #include <openssl/err.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	37
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	38 #ifdef HAVE_ERR_H
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	39 #include <err.h>
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	40 #endif /* HAVE_ERR_H */
4 abb770754967 Use C99-compatible version of snprintf on UnixWare 7 Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 3 diff changeset	41 #include "compat.h"
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	42
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	43 #define MAX(a, b) (((a) > (b)) ? (a) : (b))
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	44
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	45 #define EXIT_USAGE 2
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	46
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	47 #define SENCRYPT_FORMAT_VERSION 1
15 00ca3ee8e310 Perform 500000 iterations with the PBKDF2 hash function when creating new files Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 12 diff changeset	48 #define PBKDF2_ITERATIONS 500000
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	49 #define SALT_LEN 16
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	50 #define BUFFER_SIZE (16 * 1024)
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	51 #define MAX_PASSWORD_LEN 256
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	52
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	53 enum {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	54 CMD_SENCRYPT,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	55 CMD_SDECRYPT
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	56 };
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	57
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	58 static void
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	59 openssl_warn(void) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	60 unsigned long errcode;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	61
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	62 while ((errcode = ERR_get_error()) != 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	63 warnx("%s", ERR_error_string(errcode, NULL));
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	64 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	65 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	66
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	67 static size_t
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	68 read_keyfile(const char filename, unsigned char key, size_t key_size_max)
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	69 {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	70 size_t keyfile_size = 0;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	71 FILE *fp = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	72
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	73 fp = fopen(filename, "r");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	74 if (fp == NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	75 warn("could not open key file \"%s\"", filename);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	76 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	77 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	78
20 c45f17f58de1 Simplify key file reading Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 18 diff changeset	79 keyfile_size = fread(key, 1, key_size_max, fp);
c45f17f58de1 Simplify key file reading Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 18 diff changeset	80 if (ferror(fp)) {
c45f17f58de1 Simplify key file reading Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 18 diff changeset	81 warn("failed to read key file \"%s\"", filename);
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	82 goto out;
20 c45f17f58de1 Simplify key file reading Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 18 diff changeset	83 } else if (!feof(fp) \|\| (keyfile_size < 1)) {
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	84 warnx("invalid key size");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	85 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	86 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	87
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	88 out:
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	89 if (fp != NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	90 fclose(fp);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	91 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	92
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	93 return (keyfile_size);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	94 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	95
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	96 static int
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	97 find_algorithm(const char algo_name, const EVP_CIPHER *cipher_ptr,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	98 size_t *key_len_ptr)
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	99 {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	100 int retval = 0;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	101 const EVP_CIPHER *cipher = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	102 size_t key_len = *key_len_ptr;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	103
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	104 if (strcmp(algo_name, "aes") == 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	105 switch (key_len) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	106 case 0:
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	107 key_len = 16;
18 07f525330bc7 Mark fallthrough case Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 16 diff changeset	108 /* FALLTHROUGH */
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	109 case 16:
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	110 cipher = EVP_aes_128_cbc();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	111 break;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	112 case 24:
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	113 cipher = EVP_aes_192_cbc();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	114 break;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	115 case 32:
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	116 cipher = EVP_aes_256_cbc();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	117 break;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	118 default:
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	119 warnx("invalid key length %zu", key_len);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	120 retval = -1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	121 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	122 } else if (strcmp(algo_name, "arcfour") == 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	123 if (key_len == 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	124 key_len = 16;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	125 cipher = EVP_rc4();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	126 } else if (key_len <= EVP_MAX_KEY_LENGTH) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	127 /*
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	128 * for RC4 keys are not used verbatim but dervied using
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	129 * PBKDF2 with a hardcoded key length of 128 bit
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	130 */
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	131 key_len = 16;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	132 cipher = EVP_rc4();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	133 } else {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	134 warnx("invalid key length %zu", key_len);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	135 retval = -1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	136 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	137 } else if (strcmp(algo_name, "des") == 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	138 if (key_len == 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	139 key_len = 8;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	140 cipher = EVP_des_cbc();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	141 } else if (key_len == 8) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	142 cipher = EVP_des_cbc();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	143 } else {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	144 warnx("invalid key length %zu", key_len);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	145 retval = -1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	146 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	147 } else if (strcmp(algo_name, "3des") == 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	148 if (key_len == 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	149 key_len = 24;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	150 cipher = EVP_des_ede3_cbc();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	151 } else if (key_len == 24) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	152 cipher = EVP_des_ede3_cbc();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	153 } else {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	154 warnx("invalid key length %zu", key_len);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	155 retval = -1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	156 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	157 } else {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	158 warnx("unknown algorithm \"%s\"", algo_name);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	159 retval = -1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	160 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	161
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	162 *cipher_ptr = cipher;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	163 *key_len_ptr = key_len;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	164
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	165 return (retval);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	166 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	167
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	168 static int
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	169 read_header(BIO bio_in, uint32_t iterations, unsigned char *iv, int iv_len,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	170 unsigned char *salt, int salt_len)
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	171 {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	172 int read_len;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	173 uint32_t version;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	174 int retval = 0;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	175
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	176 read_len = BIO_read(bio_in, &version, sizeof (version));
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	177 if (read_len != sizeof (version)) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	178 warnx("failed to read version from input file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	179 if (read_len < 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	180 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	181 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	182 retval = -1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	183 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	184 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	185 version = htonl(version);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	186 if (version != SENCRYPT_FORMAT_VERSION) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	187 warnx("unknown format version %d", version);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	188 retval = -1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	189 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	190 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	191
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	192 read_len = BIO_read(bio_in, iterations, sizeof (*iterations));
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	193 if (read_len != sizeof (*iterations)) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	194 warnx("failed to read iterations from input file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	195 if (read_len < 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	196 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	197 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	198 retval = -1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	199 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	200 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	201 iterations = htonl(iterations);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	202 if ((*iterations == 0) \|\| ((sizeof (int) <= sizeof (uint32_t)) &&
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	203 (*iterations > INT_MAX))) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	204 warnx("invalid number of iterations");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	205 retval = -1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	206 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	207 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	208
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	209 if (iv_len > 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	210 read_len = BIO_read(bio_in, iv, iv_len);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	211 if (read_len != iv_len) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	212 warnx("failed to read IV from input file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	213 if (read_len < 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	214 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	215 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	216 retval = -1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	217 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	218 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	219 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	220
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	221 read_len = BIO_read(bio_in, salt, salt_len);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	222 if (read_len != salt_len) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	223 warnx("failed to read salt from input file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	224 if (read_len < 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	225 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	226 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	227 retval = -1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	228 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	229 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	230
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	231 out:
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	232 return (retval);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	233 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	234
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	235 static int
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	236 sencrypt(const EVP_CIPHER cipher, BIO bio_in, BIO *bio_out,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	237 const unsigned char key, size_t key_len, const unsigned char iv,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	238 const unsigned char *salt)
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	239 {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	240 int retval = 0;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	241 uint32_t version;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	242 uint32_t iterations;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	243 int iv_len;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	244 int write_len;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	245 int read_len;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	246 BIO *bio_cipher = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	247 char *buf = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	248 EVP_CIPHER_CTX *cipher_ctx;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	249
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	250 /* set up cipher filter */
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	251 bio_cipher = BIO_new(BIO_f_cipher());
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	252 BIO_set_cipher(bio_cipher, cipher, NULL, NULL, 1);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	253 BIO_get_cipher_ctx(bio_cipher, &cipher_ctx);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	254 if (EVP_CIPHER_CTX_set_key_length(cipher_ctx, (int)key_len) != 1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	255 warnx("failed to set key length");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	256 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	257 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	258 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	259 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	260 if (EVP_CipherInit_ex(cipher_ctx, NULL, NULL, key, iv, 1) != 1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	261 warnx("failed to initialize cipher");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	262 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	263 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	264 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	265 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	266 BIO_push(bio_cipher, bio_out);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	267
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	268 /* write header */
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	269 version = htonl(SENCRYPT_FORMAT_VERSION);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	270 write_len = BIO_write(bio_out, &version, sizeof (version));
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	271 if (write_len != sizeof (version)) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	272 warnx("failed to write version to output file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	273 if (write_len < 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	274 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	275 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	276 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	277 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	278 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	279
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	280 iterations = htonl(PBKDF2_ITERATIONS);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	281 write_len = BIO_write(bio_out, &iterations, sizeof (iterations));
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	282 if (write_len != sizeof (iterations)) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	283 warnx("failed to write iterations to output file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	284 if (write_len < 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	285 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	286 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	287 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	288 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	289 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	290
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	291 iv_len = EVP_CIPHER_iv_length(cipher);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	292 if (iv_len > 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	293 write_len = BIO_write(bio_out, iv, iv_len);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	294 if (write_len != iv_len) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	295 warnx("failed to write IV to output file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	296 if (write_len < 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	297 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	298 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	299 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	300 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	301 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	302 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	303
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	304 write_len = BIO_write(bio_out, salt, SALT_LEN);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	305 if (write_len != SALT_LEN) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	306 warnx("failed to write salt to output file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	307 if (write_len < 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	308 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	309 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	310 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	311 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	312 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	313
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	314 if (BIO_flush(bio_out) < 1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	315 warnx("failed to flush output file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	316 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	317 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	318 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	319 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	320
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	321 buf = malloc(BUFFER_SIZE);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	322 if (buf == NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	323 warn(NULL);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	324 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	325 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	326 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	327
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	328 /* encrypt data */
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	329 while ((read_len = BIO_read(bio_in, buf, BUFFER_SIZE)) > 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	330 if ((write_len = BIO_write(bio_cipher, buf, read_len)) !=
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	331 read_len) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	332 warnx("failed to write to output file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	333 if (write_len < 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	334 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	335 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	336 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	337 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	338 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	339 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	340 if (read_len < 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	341 warnx("failed to read from input file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	342 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	343 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	344 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	345 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	346
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	347 if (BIO_flush(bio_cipher) < 1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	348 warnx("failed to flush output file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	349 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	350 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	351 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	352 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	353
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	354 out:
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	355 free(buf);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	356
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	357 if (bio_cipher != NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	358 BIO_pop(bio_cipher);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	359 BIO_free(bio_cipher);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	360 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	361
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	362 return (retval);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	363 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	364
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	365 static int
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	366 sdecrypt(const EVP_CIPHER cipher, BIO bio_in, BIO *bio_out,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	367 const unsigned char key, size_t key_len, const unsigned char iv)
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	368 {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	369 int read_len;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	370 BIO *bio_cipher = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	371 int write_len;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	372 char *buf = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	373 EVP_CIPHER_CTX *cipher_ctx;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	374 int retval = 0;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	375
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	376 buf = malloc(BUFFER_SIZE);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	377 if (buf == NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	378 warn(NULL);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	379 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	380 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	381 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	382
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	383 /* set up cipher filter */
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	384 bio_cipher = BIO_new(BIO_f_cipher());
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	385 BIO_set_cipher(bio_cipher, cipher, NULL, NULL, 0);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	386 BIO_get_cipher_ctx(bio_cipher, &cipher_ctx);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	387 if (EVP_CIPHER_CTX_set_key_length(cipher_ctx, (int)key_len) != 1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	388 warnx("failed to set key length");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	389 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	390 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	391 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	392 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	393 if (EVP_CipherInit_ex(cipher_ctx, NULL, NULL, key, iv, 0) != 1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	394 warnx("failed to initialize cipher");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	395 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	396 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	397 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	398 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	399 BIO_push(bio_cipher, bio_in);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	400
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	401 /* decrypt data */
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	402 while ((read_len = BIO_read(bio_cipher, buf, BUFFER_SIZE)) > 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	403 if ((write_len = BIO_write(bio_out, buf, read_len)) !=
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	404 read_len) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	405 warnx("failed to write to to output file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	406 if (write_len < 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	407 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	408 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	409 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	410 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	411 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	412 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	413 if (read_len < 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	414 warnx("failed to read from input file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	415 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	416 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	417 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	418 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	419
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	420 if (BIO_flush(bio_out) < 1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	421 warnx("failed to flush output file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	422 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	423 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	424 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	425 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	426
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	427 if (BIO_get_cipher_status(bio_cipher) == 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	428 warnx("decryption failed");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	429 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	430 retval = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	431 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	432 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	433
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	434 out:
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	435 free(buf);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	436
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	437 if (bio_cipher != NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	438 BIO_pop(bio_cipher);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	439 BIO_free(bio_cipher);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	440 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	441
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	442 return (retval);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	443 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	444
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	445 static void
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	446 list_algorithms(void)
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	447 {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	448 printf("Algorithm Keysize: Min Max (bits)\n"
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	449 "------------------------------------------\n");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	450 printf("%-15s %5u %5u\n", "aes", 128, 256);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	451 printf("%-15s %5u %5u\n", "arcfour", 8,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	452 EVP_MAX_KEY_LENGTH * 8);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	453 printf("%-15s %5u %5u\n", "des", 64, 64);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	454 printf("%-15s %5u %5u\n", "3des", 192, 192);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	455 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	456
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	457 static void
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	458 usage(int cmd)
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	459 {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	460 if (cmd == CMD_SENCRYPT) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	461 fprintf(stderr, "usage: sencrypt -l \| [-v] -a algorithm "
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	462 "[-k key_file] [-i input_file] [-o output_file]\n");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	463 } else if (cmd == CMD_SDECRYPT) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	464 fprintf(stderr, "usage: sdecrypt -l \| [-v] -a algorithm "
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	465 "[-k key_file] [-i input_file] [-o output_file]\n");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	466 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	467 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	468
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	469 int
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	470 main(int argc, char *argv[])
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	471 {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	472 char *progname;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	473 int cmd;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	474 int c;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	475 bool aflag = false;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	476 char *algo_name = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	477 bool is_algo_rc4 = false;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	478 bool iflag = false;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	479 char *in_filename = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	480 bool kflag = false;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	481 char *key_filename = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	482 bool lflag = false;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	483 bool oflag = false;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	484 char *out_filename = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	485 bool vflag = false;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	486 bool errflag = false;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	487 unsigned char key[EVP_MAX_KEY_LENGTH];
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	488 size_t key_len = 0;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	489 size_t key_file_len;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	490 const EVP_CIPHER *cipher;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	491 BIO *bio_in = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	492 uint32_t iterations = PBKDF2_ITERATIONS;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	493 unsigned char iv[EVP_MAX_IV_LENGTH];
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	494 unsigned char salt[SALT_LEN];
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	495 BIO *bio_out = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	496 int need_tmpfile = 0;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	497 FILE *fp_in;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	498 struct stat statbuf_in;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	499 struct stat statbuf_out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	500 int fd_tmp = -1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	501 FILE *fp_tmp = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	502 char *out_filename_tmp = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	503 char *out_dir = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	504 char *tmp_filename = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	505 int len;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	506 mode_t old_mode;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	507 char pwdata[MAX(MAX_PASSWORD_LEN, EVP_MAX_KEY_LENGTH)];
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	508 size_t pwdata_len = 0;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	509 int status = EXIT_SUCCESS;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	510
16 d9c4bdc004d2 Add support for OpenSSL 1.1 Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 15 diff changeset	511 #if OPENSSL_VERSION_NUMBER < 0x10100000L
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	512 /* initialize OpenSSL */
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	513 OpenSSL_add_all_algorithms();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	514 ERR_load_crypto_strings();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	515 OPENSSL_config(NULL);
16 d9c4bdc004d2 Add support for OpenSSL 1.1 Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 15 diff changeset	516 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	517
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	518 progname = strrchr(argv[0], '/');
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	519 progname = (progname != NULL) ? progname + 1 : argv[0];
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	520 if ((strcmp(progname, "sencrypt") == 0) \|\|
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	521 (strcmp(progname, "encrypt") == 0)) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	522 cmd = CMD_SENCRYPT;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	523 } else if ((strcmp(progname, "sdecrypt") == 0) \|\|
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	524 (strcmp(progname, "decrypt") == 0)) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	525 cmd = CMD_SDECRYPT;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	526 } else {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	527 fprintf(stderr, "invalid command name");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	528 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	529 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	530 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	531
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	532 while (!errflag && (c = getopt(argc, argv, "a:i:k:lo:v")) != -1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	533 switch (c) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	534 case 'a':
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	535 aflag = true;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	536 algo_name = optarg;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	537 is_algo_rc4 = (strcmp(algo_name, "arcfour") == 0);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	538 break;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	539 case 'i':
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	540 iflag = true;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	541 in_filename = optarg;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	542 break;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	543 case 'k':
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	544 kflag = true;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	545 key_filename = optarg;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	546 break;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	547 case 'l':
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	548 lflag = true;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	549 break;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	550 case 'o':
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	551 oflag = true;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	552 out_filename = optarg;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	553 break;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	554 case 'v':
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	555 vflag = true;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	556 break;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	557 default:
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	558 errflag = true;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	559 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	560 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	561 if (errflag \|\| (!lflag && !aflag) \|\| (lflag && aflag) \|\|
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	562 (argc > optind)) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	563 usage(cmd);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	564 status = EXIT_USAGE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	565 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	566 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	567
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	568 if (lflag) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	569 list_algorithms();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	570 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	571 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	572
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	573 if (kflag) {
20 c45f17f58de1 Simplify key file reading Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 18 diff changeset	574 key_file_len = read_keyfile(key_filename, key, sizeof (key));
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	575 if (key_file_len < 1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	576 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	577 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	578 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	579 key_len = key_file_len;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	580 } else {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	581 if (EVP_read_pw_string(pwdata, sizeof (pwdata), "Enter key:",
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	582 (cmd == CMD_SENCRYPT) ? 1 : 0) != 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	583 warnx("could not read passphrase");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	584 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	585 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	586 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	587 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	588 pwdata_len = strlen(pwdata);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	589 if (pwdata_len < 1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	590 warnx("invalid passphrase");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	591 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	592 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	593 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	594 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	595
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	596 /* the cipher is determined based on name and length of the key file */
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	597 if (find_algorithm(algo_name, &cipher, &key_len) == -1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	598 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	599 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	600 }
10 8e9dd5328b5a Print a warning message when using an insecure algorithm Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 9 diff changeset	601 if ((cmd == CMD_SENCRYPT) && ((cipher != EVP_aes_128_cbc()) &&
8e9dd5328b5a Print a warning message when using an insecure algorithm Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 9 diff changeset	602 (cipher != EVP_aes_192_cbc()) && (cipher != EVP_aes_256_cbc()))) {
8e9dd5328b5a Print a warning message when using an insecure algorithm Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 9 diff changeset	603 fprintf(stderr, "warning: the %s algorithm is no longer "
8e9dd5328b5a Print a warning message when using an insecure algorithm Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 9 diff changeset	604 "considered secure", algo_name);
8e9dd5328b5a Print a warning message when using an insecure algorithm Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 9 diff changeset	605 }
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	606
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	607 if (iflag) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	608 bio_in = BIO_new_file(in_filename, "r");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	609 } else {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	610 bio_in = BIO_new_fp(stdin, BIO_NOCLOSE);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	611 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	612 if (bio_in == NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	613 warnx("could not open input file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	614 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	615 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	616 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	617 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	618
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	619 if (cmd == CMD_SENCRYPT) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	620 /* generate random salt and IV */
3 f230c550e261 Correct check for errors from RAND_bytes() Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 0 diff changeset	621 if ((RAND_bytes(salt, sizeof (salt)) != 1) \|\|
f230c550e261 Correct check for errors from RAND_bytes() Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 0 diff changeset	622 (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1)) {
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	623 /* not enough entropy or unknown error */
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	624 warnx("failed to generate random data");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	625 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	626 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	627 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	628 } else {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	629 read_header(bio_in, &iterations, iv,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	630 EVP_CIPHER_iv_length(cipher), salt, (int)sizeof (salt));
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	631 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	632
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	633 /*
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	634 * if no keyfile was given or the RC4 cipher is used, derive the key
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	635 * from the password and salt
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	636 */
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	637 if (kflag && is_algo_rc4) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	638 memcpy(pwdata, key, key_file_len);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	639 pwdata_len = key_file_len;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	640 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	641 if (!kflag \|\| is_algo_rc4) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	642 if (PKCS5_PBKDF2_HMAC_SHA1(pwdata, (int)pwdata_len, salt,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	643 sizeof (salt), (int)iterations, (int)key_len, key) == 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	644 warnx("failed to generate key");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	645 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	646 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	647 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	648 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	649
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	650 if (oflag) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	651 /*
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	652 * if input and output files are identical, create and write the
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	653 * output to a temporary file for the output which is then
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	654 * renamed to out_filename
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	655 */
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	656 if (iflag) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	657 BIO_get_fp(bio_in, &fp_in);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	658 if (fstat(fileno(fp_in), &statbuf_in) == -1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	659 warn("could not stat input file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	660 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	661 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	662 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	663 if (stat(out_filename, &statbuf_out) == -1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	664 if (errno != ENOENT) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	665 warn("could not stat output file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	666 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	667 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	668 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	669 } else if ((statbuf_in.st_ino == statbuf_out.st_ino) &&
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	670 (statbuf_in.st_dev == statbuf_out.st_dev)) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	671 need_tmpfile = 1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	672 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	673 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	674
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	675 if (need_tmpfile) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	676 out_filename_tmp = strdup(out_filename);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	677 if (out_filename_tmp == NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	678 warn(NULL);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	679 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	680 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	681 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	682 out_dir = dirname(out_filename_tmp);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	683 len = snprintf(NULL, 0, "%s/sencryptXXXXXX", out_dir);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	684 if (len < 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	685 warn(NULL);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	686 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	687 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	688 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	689 tmp_filename = malloc((size_t)len + 1);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	690 if (tmp_filename == NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	691 warn(NULL);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	692 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	693 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	694 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	695 if (snprintf(tmp_filename, (size_t)len + 1,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	696 "%s/sencryptXXXXXX", out_dir) != len) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	697 warn(NULL);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	698 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	699 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	700 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	701 old_mode = umask(077);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	702 fd_tmp = mkstemp(tmp_filename);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	703 umask(old_mode);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	704 if (fd_tmp == -1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	705 warn("could not create temporary file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	706 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	707 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	708 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	709 fp_tmp = fdopen(fd_tmp, "w");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	710 if (fp_tmp == NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	711 warn("could not open temporary file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	712 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	713 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	714 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	715 fd_tmp = -1;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	716 bio_out = BIO_new_fp(fp_tmp, BIO_CLOSE);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	717 if (bio_out == NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	718 warnx("could not open temporary file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	719 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	720 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	721 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	722 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	723 fp_tmp = NULL;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	724 } else {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	725 old_mode = umask(077);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	726 bio_out = BIO_new_file(out_filename, "w");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	727 umask(old_mode);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	728 if (bio_out == NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	729 warnx("could not open output file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	730 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	731 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	732 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	733 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	734 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	735 } else {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	736 bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	737 if (bio_out == NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	738 warnx("could not open output file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	739 openssl_warn();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	740 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	741 goto out;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	742 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	743 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	744
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	745 if (cmd == CMD_SENCRYPT) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	746 if (sencrypt(cipher, bio_in, bio_out, key, key_len,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	747 iv, salt) == -1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	748 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	749 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	750 } else {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	751 if (sdecrypt(cipher, bio_in, bio_out, key, key_len,
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	752 iv) == -1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	753 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	754 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	755 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	756
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	757 out:
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	758 OPENSSL_cleanse(pwdata, pwdata_len);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	759 OPENSSL_cleanse(key, key_len);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	760
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	761 if (fd_tmp != -1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	762 close(fd_tmp);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	763 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	764
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	765 if (fp_tmp != NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	766 fclose(fp_tmp);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	767 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	768
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	769 if (bio_in != NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	770 BIO_free_all(bio_in);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	771 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	772
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	773 if (bio_out != NULL) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	774 BIO_free_all(bio_out);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	775
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	776 if (status == 0) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	777 if (need_tmpfile) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	778 if (rename(tmp_filename, out_filename) == -1) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	779 warn("could not create output file");
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	780 status = EXIT_FAILURE;
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	781 unlink(tmp_filename);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	782 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	783 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	784 } else {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	785 if (need_tmpfile) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	786 unlink(tmp_filename);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	787 } else if (oflag) {
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	788 unlink(out_filename);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	789 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	790 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	791 }
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	792
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	793 free(out_filename_tmp);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	794 free(tmp_filename);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	795
16 d9c4bdc004d2 Add support for OpenSSL 1.1 Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 15 diff changeset	796 #if OPENSSL_VERSION_NUMBER < 0x10100000L
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	797 EVP_cleanup();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	798 ERR_free_strings();
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	799 CONF_modules_free();
16 d9c4bdc004d2 Add support for OpenSSL 1.1 Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: 15 diff changeset	800 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
0 73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	801
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	802 exit(status);
73af139d1a94 Initial revision Guido Berhoerster <guido+sencrypt@berhoerster.name> parents: diff changeset	803 }

Mercurial > projects > sencrypt

annotate sencrypt.c @ 21:5f9dc8f3c53e version-3