TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 3cfb34564f7e420659b831f99b42eb81b141e938 / . / programs / aes / crypt_and_hash.c
blob: 7ad07b479d6818cb2766f9f5c5381b2114205d7e [file] [log] [blame]
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]1/*
2 * \brief Generic file encryption program using generic wrappers for configured
3 * security.
4 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]5 * Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]6 *
Manuel Pégourié-Gonnard860b5162015-01-28 17:12:07 +0000[diff] [blame]7 * This file is part of mbed TLS (https://polarssl.org)
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]8 *
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]24#if !defined(POLARSSL_CONFIG_FILE)
Manuel Pégourié-Gonnardabd6e022013-09-20 13:30:43 +0200[diff] [blame]25#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]26#else
27#include POLARSSL_CONFIG_FILE
28#endif
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]29
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]30#if defined(POLARSSL_PLATFORM_C)
31#include "polarssl/platform.h"
32#else
33#define polarssl_printf printf
34#define polarssl_fprintf fprintf
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]35#endif
36
Paul Bakker494c0b82011-04-24 15:30:07 +0000[diff] [blame]37#if defined(_WIN32)
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]38#include <windows.h>
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]39#if !defined(_WIN32_WCE)
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]40#include <io.h>
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]41#endif
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]42#else
43#include <sys/types.h>
44#include <unistd.h>
45#endif
46
47#include <string.h>
48#include <stdlib.h>
49#include <stdio.h>
50#include <time.h>
51
52#include "polarssl/cipher.h"
53#include "polarssl/md.h"
54
55#define MODE_ENCRYPT 0
56#define MODE_DECRYPT 1
57
58#define USAGE \
59 "\n crypt_and_hash <mode> <input filename> <output filename> <cipher> <md> <key>\n" \
60 "\n <mode>: 0 = encrypt, 1 = decrypt\n" \
61 "\n example: crypt_and_hash 0 file file.aes AES-128-CBC SHA1 hex:E76B2413958B00E193\n" \
62 "\n"
63
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]64#if !defined(POLARSSL_CIPHER_C) || !defined(POLARSSL_MD_C)
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]65int main( int argc, char *argv[] )
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]66{
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]67 ((void) argc);
68 ((void) argv);
69
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]70 polarssl_printf("POLARSSL_CIPHER_C and/or POLARSSL_MD_C not defined.\n");
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]71 return( 0 );
72}
73#else
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]74int main( int argc, char *argv[] )
75{
Paul Bakker25b5fe52011-05-26 14:02:58 +0000[diff] [blame]76 int ret = 1, i, n;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]77 int mode, lastn;
Paul Bakker25b5fe52011-05-26 14:02:58 +0000[diff] [blame]78 size_t keylen, ilen, olen;
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]79 FILE *fkey, *fin = NULL, *fout = NULL;
80
81 char *p;
82 unsigned char IV[16];
83 unsigned char key[512];
84 unsigned char digest[POLARSSL_MD_MAX_SIZE];
85 unsigned char buffer[1024];
86 unsigned char output[1024];
Paul Bakker424cd692013-10-31 14:22:08 +0100[diff] [blame]87 unsigned char diff;
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]88
89 const cipher_info_t *cipher_info;
90 const md_info_t *md_info;
91 cipher_context_t cipher_ctx;
92 md_context_t md_ctx;
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]93#if defined(_WIN32_WCE)
94 long filesize, offset;
95#elif defined(_WIN32)
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]96 LARGE_INTEGER li_size;
97 __int64 filesize, offset;
98#else
99 off_t filesize, offset;
100#endif
101
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]102 cipher_init( &cipher_ctx );
103 md_init( &md_ctx );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]104
105 /*
106 * Parse the command-line arguments.
107 */
108 if( argc != 7 )
109 {
110 const int *list;
111
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]112 polarssl_printf( USAGE );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]113
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]114 polarssl_printf( "Available ciphers:\n" );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]115 list = cipher_list();
116 while( *list )
117 {
118 cipher_info = cipher_info_from_type( *list );
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]119 polarssl_printf( " %s\n", cipher_info->name );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]120 list++;
121 }
122
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]123 polarssl_printf( "\nAvailable message digests:\n" );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]124 list = md_list();
125 while( *list )
126 {
127 md_info = md_info_from_type( *list );
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]128 polarssl_printf( " %s\n", md_info->name );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]129 list++;
130 }
131
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]132#if defined(_WIN32)
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]133 polarssl_printf( "\n Press Enter to exit this program.\n" );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]134 fflush( stdout ); getchar();
135#endif
136
137 goto exit;
138 }
139
140 mode = atoi( argv[1] );
141
142 if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
143 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]144 polarssl_fprintf( stderr, "invalid operation mode\n" );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]145 goto exit;
146 }
147
148 if( strcmp( argv[2], argv[3] ) == 0 )
149 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]150 polarssl_fprintf( stderr, "input and output filenames must differ\n" );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]151 goto exit;
152 }
153
154 if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
155 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]156 polarssl_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]157 goto exit;
158 }
159
160 if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
161 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]162 polarssl_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]163 goto exit;
164 }
165
166 /*
167 * Read the Cipher and MD from the command line
168 */
169 cipher_info = cipher_info_from_string( argv[4] );
170 if( cipher_info == NULL )
171 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]172 polarssl_fprintf( stderr, "Cipher '%s' not found\n", argv[4] );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]173 goto exit;
174 }
Paul Bakkercbe3d0d2014-04-17 16:00:59 +0200[diff] [blame]175 if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info) ) != 0 )
176 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]177 polarssl_fprintf( stderr, "cipher_init_ctx failed\n" );
Paul Bakkercbe3d0d2014-04-17 16:00:59 +0200[diff] [blame]178 goto exit;
179 }
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]180
181 md_info = md_info_from_string( argv[5] );
182 if( md_info == NULL )
183 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]184 polarssl_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]185 goto exit;
186 }
187 md_init_ctx( &md_ctx, md_info);
188
189 /*
190 * Read the secret key and clean the command line.
191 */
192 if( ( fkey = fopen( argv[6], "rb" ) ) != NULL )
193 {
194 keylen = fread( key, 1, sizeof( key ), fkey );
195 fclose( fkey );
196 }
197 else
198 {
199 if( memcmp( argv[6], "hex:", 4 ) == 0 )
200 {
201 p = &argv[6][4];
202 keylen = 0;
203
204 while( sscanf( p, "%02X", &n ) > 0 &&
205 keylen < (int) sizeof( key ) )
206 {
207 key[keylen++] = (unsigned char) n;
208 p += 2;
209 }
210 }
211 else
212 {
213 keylen = strlen( argv[6] );
214
215 if( keylen > (int) sizeof( key ) )
216 keylen = (int) sizeof( key );
217
218 memcpy( key, argv[6], keylen );
219 }
220 }
221
222 memset( argv[6], 0, strlen( argv[6] ) );
223
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]224#if defined(_WIN32_WCE)
225 filesize = fseek( fin, 0L, SEEK_END );
226#else
227#if defined(_WIN32)
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]228 /*
229 * Support large files (> 2Gb) on Win32
230 */
231 li_size.QuadPart = 0;
232 li_size.LowPart =
233 SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
234 li_size.LowPart, &li_size.HighPart, FILE_END );
235
236 if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
237 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]238 polarssl_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]239 goto exit;
240 }
241
242 filesize = li_size.QuadPart;
243#else
244 if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
245 {
246 perror( "lseek" );
247 goto exit;
248 }
249#endif
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]250#endif
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]251
252 if( fseek( fin, 0, SEEK_SET ) < 0 )
253 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]254 polarssl_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]255 goto exit;
256 }
257
258 if( mode == MODE_ENCRYPT )
259 {
260 /*
261 * Generate the initialization vector as:
262 * IV = SHA-256( filesize || filename )[0..15]
263 */
264 for( i = 0; i < 8; i++ )
265 buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
266
267 p = argv[2];
268
269 md_starts( &md_ctx );
270 md_update( &md_ctx, buffer, 8 );
271 md_update( &md_ctx, (unsigned char *) p, strlen( p ) );
272 md_finish( &md_ctx, digest );
273
274 memcpy( IV, digest, 16 );
275
276 /*
277 * The last four bits in the IV are actually used
278 * to store the file size modulo the AES block size.
279 */
280 lastn = (int)( filesize & 0x0F );
281
282 IV[15] = (unsigned char)
283 ( ( IV[15] & 0xF0 ) | lastn );
284
285 /*
286 * Append the IV at the beginning of the output.
287 */
288 if( fwrite( IV, 1, 16, fout ) != 16 )
289 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]290 polarssl_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]291 goto exit;
292 }
293
294 /*
295 * Hash the IV and the secret key together 8192 times
296 * using the result to setup the AES context and HMAC.
297 */
298 memset( digest, 0, 32 );
299 memcpy( digest, IV, 16 );
300
301 for( i = 0; i < 8192; i++ )
302 {
303 md_starts( &md_ctx );
304 md_update( &md_ctx, digest, 32 );
305 md_update( &md_ctx, key, keylen );
306 md_finish( &md_ctx, digest );
307
308 }
309
310 memset( key, 0, sizeof( key ) );
311
Paul Bakker26c4e3c2012-07-04 17:08:33 +0000[diff] [blame]312 if( cipher_setkey( &cipher_ctx, digest, cipher_info->key_length,
313 POLARSSL_ENCRYPT ) != 0 )
314 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]315 polarssl_fprintf( stderr, "cipher_setkey() returned error\n");
Paul Bakker26c4e3c2012-07-04 17:08:33 +0000[diff] [blame]316 goto exit;
317 }
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]318 if( cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
319 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]320 polarssl_fprintf( stderr, "cipher_set_iv() returned error\n");
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]321 goto exit;
322 }
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]323 if( cipher_reset( &cipher_ctx ) != 0 )
Paul Bakker26c4e3c2012-07-04 17:08:33 +0000[diff] [blame]324 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]325 polarssl_fprintf( stderr, "cipher_reset() returned error\n");
Paul Bakker26c4e3c2012-07-04 17:08:33 +0000[diff] [blame]326 goto exit;
327 }
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]328
329 md_hmac_starts( &md_ctx, digest, 32 );
330
331 /*
332 * Encrypt and write the ciphertext.
333 */
334 for( offset = 0; offset < filesize; offset += cipher_get_block_size( &cipher_ctx ) )
335 {
Paul Bakker25b5fe52011-05-26 14:02:58 +0000[diff] [blame]336 ilen = ( (unsigned int) filesize - offset > cipher_get_block_size( &cipher_ctx ) ) ?
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]337 cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]338
Paul Bakker25b5fe52011-05-26 14:02:58 +0000[diff] [blame]339 if( fread( buffer, 1, ilen, fin ) != ilen )
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]340 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]341 polarssl_fprintf( stderr, "fread(%ld bytes) failed\n", (long) ilen );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]342 goto exit;
343 }
344
Paul Bakkercbe3d0d2014-04-17 16:00:59 +0200[diff] [blame]345 if( cipher_update( &cipher_ctx, buffer, ilen, output, &olen ) != 0 )
346 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]347 polarssl_fprintf( stderr, "cipher_update() returned error\n");
Paul Bakkercbe3d0d2014-04-17 16:00:59 +0200[diff] [blame]348 goto exit;
349 }
350
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]351 md_hmac_update( &md_ctx, output, olen );
352
Paul Bakker2c0994e2011-05-25 13:51:57 +0000[diff] [blame]353 if( fwrite( output, 1, olen, fout ) != olen )
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]354 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]355 polarssl_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]356 goto exit;
357 }
358 }
359
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]360 if( cipher_finish( &cipher_ctx, output, &olen ) != 0 )
Paul Bakker26c4e3c2012-07-04 17:08:33 +0000[diff] [blame]361 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]362 polarssl_fprintf( stderr, "cipher_finish() returned error\n" );
Paul Bakker26c4e3c2012-07-04 17:08:33 +0000[diff] [blame]363 goto exit;
364 }
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]365 md_hmac_update( &md_ctx, output, olen );
366
Paul Bakker2c0994e2011-05-25 13:51:57 +0000[diff] [blame]367 if( fwrite( output, 1, olen, fout ) != olen )
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]368 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]369 polarssl_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]370 goto exit;
371 }
Paul Bakker26c4e3c2012-07-04 17:08:33 +0000[diff] [blame]372
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]373 /*
374 * Finally write the HMAC.
375 */
376 md_hmac_finish( &md_ctx, digest );
377
Paul Bakker26c4e3c2012-07-04 17:08:33 +0000[diff] [blame]378 if( fwrite( digest, 1, md_get_size( md_info ), fout ) != md_get_size( md_info ) )
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]379 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]380 polarssl_fprintf( stderr, "fwrite(%d bytes) failed\n", md_get_size( md_info ) );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]381 goto exit;
382 }
383 }
384
385 if( mode == MODE_DECRYPT )
386 {
387 /*
388 * The encrypted file must be structured as follows:
389 *
390 * 00 .. 15 Initialization Vector
391 * 16 .. 31 AES Encrypted Block #1
392 * ..
393 * N*16 .. (N+1)*16 - 1 AES Encrypted Block #N
394 * (N+1)*16 .. (N+1)*16 + 32 HMAC-SHA-256(ciphertext)
395 */
Paul Bakker26c4e3c2012-07-04 17:08:33 +0000[diff] [blame]396 if( filesize < 16 + md_get_size( md_info ) )
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]397 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]398 polarssl_fprintf( stderr, "File too short to be encrypted.\n" );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]399 goto exit;
400 }
401
Paul Bakker26c4e3c2012-07-04 17:08:33 +0000[diff] [blame]402 if( ( ( filesize - md_get_size( md_info ) ) %
403 cipher_get_block_size( &cipher_ctx ) ) != 0 )
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]404 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]405 polarssl_fprintf( stderr, "File content not a multiple of the block size (%d).\n",
Paul Bakker26c4e3c2012-07-04 17:08:33 +0000[diff] [blame]406 cipher_get_block_size( &cipher_ctx ));
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]407 goto exit;
408 }
409
410 /*
Paul Bakker60b1d102013-10-29 10:02:51 +0100[diff] [blame]411 * Subtract the IV + HMAC length.
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]412 */
413 filesize -= ( 16 + md_get_size( md_info ) );
414
415 /*
416 * Read the IV and original filesize modulo 16.
417 */
418 if( fread( buffer, 1, 16, fin ) != 16 )
419 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]420 polarssl_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]421 goto exit;
422 }
423
424 memcpy( IV, buffer, 16 );
425 lastn = IV[15] & 0x0F;
426
427 /*
428 * Hash the IV and the secret key together 8192 times
429 * using the result to setup the AES context and HMAC.
430 */
431 memset( digest, 0, 32 );
432 memcpy( digest, IV, 16 );
433
434 for( i = 0; i < 8192; i++ )
435 {
436 md_starts( &md_ctx );
437 md_update( &md_ctx, digest, 32 );
438 md_update( &md_ctx, key, keylen );
439 md_finish( &md_ctx, digest );
440 }
441
442 memset( key, 0, sizeof( key ) );
443
Paul Bakkercbe3d0d2014-04-17 16:00:59 +0200[diff] [blame]444 if( cipher_setkey( &cipher_ctx, digest, cipher_info->key_length,
445 POLARSSL_DECRYPT ) != 0 )
446 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]447 polarssl_fprintf( stderr, "cipher_setkey() returned error\n" );
Paul Bakkercbe3d0d2014-04-17 16:00:59 +0200[diff] [blame]448 goto exit;
449 }
450
451 if( cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
452 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]453 polarssl_fprintf( stderr, "cipher_set_iv() returned error\n" );
Paul Bakkercbe3d0d2014-04-17 16:00:59 +0200[diff] [blame]454 goto exit;
455 }
456
457 if( cipher_reset( &cipher_ctx ) != 0 )
458 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]459 polarssl_fprintf( stderr, "cipher_reset() returned error\n" );
Paul Bakkercbe3d0d2014-04-17 16:00:59 +0200[diff] [blame]460 goto exit;
461 }
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]462
463 md_hmac_starts( &md_ctx, digest, 32 );
464
465 /*
466 * Decrypt and write the plaintext.
467 */
468 for( offset = 0; offset < filesize; offset += cipher_get_block_size( &cipher_ctx ) )
469 {
470 if( fread( buffer, 1, cipher_get_block_size( &cipher_ctx ), fin ) !=
471 (size_t) cipher_get_block_size( &cipher_ctx ) )
472 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]473 polarssl_fprintf( stderr, "fread(%d bytes) failed\n",
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]474 cipher_get_block_size( &cipher_ctx ) );
475 goto exit;
476 }
477
478 md_hmac_update( &md_ctx, buffer, cipher_get_block_size( &cipher_ctx ) );
Paul Bakkercbe3d0d2014-04-17 16:00:59 +0200[diff] [blame]479 if( cipher_update( &cipher_ctx, buffer,
480 cipher_get_block_size( &cipher_ctx ),
481 output, &olen ) != 0 )
482 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]483 polarssl_fprintf( stderr, "cipher_update() returned error\n" );
Paul Bakkercbe3d0d2014-04-17 16:00:59 +0200[diff] [blame]484 goto exit;
485 }
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]486
Paul Bakker2c0994e2011-05-25 13:51:57 +0000[diff] [blame]487 if( fwrite( output, 1, olen, fout ) != olen )
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]488 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]489 polarssl_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]490 goto exit;
491 }
492 }
493
494 /*
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]495 * Verify the message authentication code.
496 */
497 md_hmac_finish( &md_ctx, digest );
498
499 if( fread( buffer, 1, md_get_size( md_info ), fin ) != md_get_size( md_info ) )
500 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]501 polarssl_fprintf( stderr, "fread(%d bytes) failed\n", md_get_size( md_info ) );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]502 goto exit;
503 }
504
Paul Bakker424cd692013-10-31 14:22:08 +0100[diff] [blame]505 /* Use constant-time buffer comparison */
506 diff = 0;
507 for( i = 0; i < md_get_size( md_info ); i++ )
508 diff |= digest[i] ^ buffer[i];
509
510 if( diff != 0 )
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]511 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]512 polarssl_fprintf( stderr, "HMAC check failed: wrong key, "
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]513 "or file corrupted.\n" );
514 goto exit;
515 }
Manuel Pégourié-Gonnard0f2eacb2013-11-25 17:55:17 +0100[diff] [blame]516
517 /*
518 * Write the final block of data
519 */
520 cipher_finish( &cipher_ctx, output, &olen );
521
522 if( fwrite( output, 1, olen, fout ) != olen )
523 {
Rich Evansf90016a2015-01-19 14:26:37 +0000[diff] [blame]524 polarssl_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
Manuel Pégourié-Gonnard0f2eacb2013-11-25 17:55:17 +0100[diff] [blame]525 goto exit;
526 }
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]527 }
528
529 ret = 0;
530
531exit:
Paul Bakker6d440322011-02-06 12:49:19 +0000[diff] [blame]532 if( fin )
533 fclose( fin );
534 if( fout )
535 fclose( fout );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]536
537 memset( buffer, 0, sizeof( buffer ) );
538 memset( digest, 0, sizeof( digest ) );
539
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]540 cipher_free( &cipher_ctx );
541 md_free( &md_ctx );
Paul Bakker20a78082011-01-21 09:32:12 +0000[diff] [blame]542
543 return( ret );
544}
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]545#endif /* POLARSSL_CIPHER_C && POLARSSL_MD_C */