Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1 | /* |
| 2 | * AES-256 file encryption program |
| 3 | * |
Manuel Pégourié-Gonnard | a658a40 | 2015-01-23 09:45:19 +0000 | [diff] [blame] | 4 | * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved |
Paul Bakker | b96f154 | 2010-07-18 20:36:00 +0000 | [diff] [blame] | 5 | * |
Manuel Pégourié-Gonnard | 085ab04 | 2015-01-23 11:06:27 +0000 | [diff] [blame] | 6 | * This file is part of mbed TLS (https://www.polarssl.org) |
Paul Bakker | b96f154 | 2010-07-18 20:36:00 +0000 | [diff] [blame] | 7 | * |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 8 | * This program is free software; you can redistribute it and/or modify |
| 9 | * it under the terms of the GNU General Public License as published by |
| 10 | * the Free Software Foundation; either version 2 of the License, or |
| 11 | * (at your option) any later version. |
| 12 | * |
| 13 | * This program is distributed in the hope that it will be useful, |
| 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 16 | * GNU General Public License for more details. |
| 17 | * |
| 18 | * You should have received a copy of the GNU General Public License along |
| 19 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 20 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 21 | */ |
| 22 | |
Manuel Pégourié-Gonnard | cef4ad2 | 2014-04-29 12:39:06 +0200 | [diff] [blame] | 23 | #if !defined(POLARSSL_CONFIG_FILE) |
Manuel Pégourié-Gonnard | abd6e02 | 2013-09-20 13:30:43 +0200 | [diff] [blame] | 24 | #include "polarssl/config.h" |
Manuel Pégourié-Gonnard | cef4ad2 | 2014-04-29 12:39:06 +0200 | [diff] [blame] | 25 | #else |
| 26 | #include POLARSSL_CONFIG_FILE |
| 27 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 28 | |
Paul Bakker | 494c0b8 | 2011-04-24 15:30:07 +0000 | [diff] [blame] | 29 | #if defined(_WIN32) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 30 | #include <windows.h> |
Paul Bakker | cce9d77 | 2011-11-18 14:26:47 +0000 | [diff] [blame] | 31 | #if !defined(_WIN32_WCE) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 32 | #include <io.h> |
Paul Bakker | cce9d77 | 2011-11-18 14:26:47 +0000 | [diff] [blame] | 33 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 34 | #else |
| 35 | #include <sys/types.h> |
| 36 | #include <unistd.h> |
| 37 | #endif |
| 38 | |
| 39 | #include <string.h> |
| 40 | #include <stdlib.h> |
| 41 | #include <stdio.h> |
| 42 | #include <time.h> |
| 43 | |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 44 | #include "polarssl/aes.h" |
Paul Bakker | d2681d8 | 2013-06-30 14:49:12 +0200 | [diff] [blame] | 45 | #include "polarssl/sha256.h" |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 46 | |
| 47 | #define MODE_ENCRYPT 0 |
| 48 | #define MODE_DECRYPT 1 |
| 49 | |
| 50 | #define USAGE \ |
| 51 | "\n aescrypt2 <mode> <input filename> <output filename> <key>\n" \ |
| 52 | "\n <mode>: 0 = encrypt, 1 = decrypt\n" \ |
| 53 | "\n example: aescrypt2 0 file file.aes hex:E76B2413958B00E193\n" \ |
| 54 | "\n" |
| 55 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 56 | #if !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C) |
Paul Bakker | cce9d77 | 2011-11-18 14:26:47 +0000 | [diff] [blame] | 57 | int main( int argc, char *argv[] ) |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 58 | { |
Paul Bakker | cce9d77 | 2011-11-18 14:26:47 +0000 | [diff] [blame] | 59 | ((void) argc); |
| 60 | ((void) argv); |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 61 | printf("POLARSSL_AES_C and/or POLARSSL_SHA256_C not defined.\n"); |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 62 | return( 0 ); |
| 63 | } |
| 64 | #else |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 65 | int main( int argc, char *argv[] ) |
| 66 | { |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 67 | int ret = 1; |
| 68 | |
| 69 | int i, n; |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 70 | int mode, lastn; |
| 71 | size_t keylen; |
Paul Bakker | 20a7808 | 2011-01-21 09:32:12 +0000 | [diff] [blame] | 72 | FILE *fkey, *fin = NULL, *fout = NULL; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 73 | |
| 74 | char *p; |
| 75 | unsigned char IV[16]; |
| 76 | unsigned char key[512]; |
| 77 | unsigned char digest[32]; |
| 78 | unsigned char buffer[1024]; |
Manuel Pégourié-Gonnard | 291f9af | 2013-10-28 12:51:32 +0100 | [diff] [blame] | 79 | unsigned char diff; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 80 | |
| 81 | aes_context aes_ctx; |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 82 | sha256_context sha_ctx; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 83 | |
Paul Bakker | cce9d77 | 2011-11-18 14:26:47 +0000 | [diff] [blame] | 84 | #if defined(_WIN32_WCE) |
| 85 | long filesize, offset; |
| 86 | #elif defined(_WIN32) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 87 | LARGE_INTEGER li_size; |
| 88 | __int64 filesize, offset; |
| 89 | #else |
| 90 | off_t filesize, offset; |
| 91 | #endif |
| 92 | |
Paul Bakker | 8cfd9d8 | 2014-06-18 11:16:11 +0200 | [diff] [blame] | 93 | aes_init( &aes_ctx ); |
Paul Bakker | 14e8be4 | 2014-06-26 12:25:06 +0200 | [diff] [blame] | 94 | sha256_init( &sha_ctx ); |
Paul Bakker | 8cfd9d8 | 2014-06-18 11:16:11 +0200 | [diff] [blame] | 95 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 96 | /* |
| 97 | * Parse the command-line arguments. |
| 98 | */ |
| 99 | if( argc != 5 ) |
| 100 | { |
| 101 | printf( USAGE ); |
| 102 | |
Paul Bakker | cce9d77 | 2011-11-18 14:26:47 +0000 | [diff] [blame] | 103 | #if defined(_WIN32) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 104 | printf( "\n Press Enter to exit this program.\n" ); |
| 105 | fflush( stdout ); getchar(); |
| 106 | #endif |
| 107 | |
| 108 | goto exit; |
| 109 | } |
| 110 | |
| 111 | mode = atoi( argv[1] ); |
| 112 | |
| 113 | if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT ) |
| 114 | { |
| 115 | fprintf( stderr, "invalide operation mode\n" ); |
| 116 | goto exit; |
| 117 | } |
| 118 | |
| 119 | if( strcmp( argv[2], argv[3] ) == 0 ) |
| 120 | { |
| 121 | fprintf( stderr, "input and output filenames must differ\n" ); |
| 122 | goto exit; |
| 123 | } |
| 124 | |
| 125 | if( ( fin = fopen( argv[2], "rb" ) ) == NULL ) |
| 126 | { |
| 127 | fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] ); |
| 128 | goto exit; |
| 129 | } |
| 130 | |
| 131 | if( ( fout = fopen( argv[3], "wb+" ) ) == NULL ) |
| 132 | { |
| 133 | fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] ); |
| 134 | goto exit; |
| 135 | } |
| 136 | |
| 137 | /* |
| 138 | * Read the secret key and clean the command line. |
| 139 | */ |
| 140 | if( ( fkey = fopen( argv[4], "rb" ) ) != NULL ) |
| 141 | { |
| 142 | keylen = fread( key, 1, sizeof( key ), fkey ); |
| 143 | fclose( fkey ); |
| 144 | } |
| 145 | else |
| 146 | { |
| 147 | if( memcmp( argv[4], "hex:", 4 ) == 0 ) |
| 148 | { |
| 149 | p = &argv[4][4]; |
| 150 | keylen = 0; |
| 151 | |
| 152 | while( sscanf( p, "%02X", &n ) > 0 && |
| 153 | keylen < (int) sizeof( key ) ) |
| 154 | { |
| 155 | key[keylen++] = (unsigned char) n; |
| 156 | p += 2; |
| 157 | } |
| 158 | } |
| 159 | else |
| 160 | { |
| 161 | keylen = strlen( argv[4] ); |
| 162 | |
| 163 | if( keylen > (int) sizeof( key ) ) |
| 164 | keylen = (int) sizeof( key ); |
| 165 | |
| 166 | memcpy( key, argv[4], keylen ); |
| 167 | } |
| 168 | } |
| 169 | |
| 170 | memset( argv[4], 0, strlen( argv[4] ) ); |
| 171 | |
Paul Bakker | cce9d77 | 2011-11-18 14:26:47 +0000 | [diff] [blame] | 172 | #if defined(_WIN32_WCE) |
| 173 | filesize = fseek( fin, 0L, SEEK_END ); |
| 174 | #else |
| 175 | #if defined(_WIN32) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 176 | /* |
| 177 | * Support large files (> 2Gb) on Win32 |
| 178 | */ |
| 179 | li_size.QuadPart = 0; |
| 180 | li_size.LowPart = |
| 181 | SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ), |
| 182 | li_size.LowPart, &li_size.HighPart, FILE_END ); |
| 183 | |
| 184 | if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR ) |
| 185 | { |
| 186 | fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" ); |
| 187 | goto exit; |
| 188 | } |
| 189 | |
| 190 | filesize = li_size.QuadPart; |
| 191 | #else |
| 192 | if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 ) |
| 193 | { |
| 194 | perror( "lseek" ); |
| 195 | goto exit; |
| 196 | } |
| 197 | #endif |
Paul Bakker | cce9d77 | 2011-11-18 14:26:47 +0000 | [diff] [blame] | 198 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 199 | |
| 200 | if( fseek( fin, 0, SEEK_SET ) < 0 ) |
| 201 | { |
| 202 | fprintf( stderr, "fseek(0,SEEK_SET) failed\n" ); |
| 203 | goto exit; |
| 204 | } |
| 205 | |
| 206 | if( mode == MODE_ENCRYPT ) |
| 207 | { |
| 208 | /* |
| 209 | * Generate the initialization vector as: |
| 210 | * IV = SHA-256( filesize || filename )[0..15] |
| 211 | */ |
| 212 | for( i = 0; i < 8; i++ ) |
| 213 | buffer[i] = (unsigned char)( filesize >> ( i << 3 ) ); |
| 214 | |
| 215 | p = argv[2]; |
| 216 | |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 217 | sha256_starts( &sha_ctx, 0 ); |
| 218 | sha256_update( &sha_ctx, buffer, 8 ); |
| 219 | sha256_update( &sha_ctx, (unsigned char *) p, strlen( p ) ); |
| 220 | sha256_finish( &sha_ctx, digest ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 221 | |
| 222 | memcpy( IV, digest, 16 ); |
| 223 | |
| 224 | /* |
| 225 | * The last four bits in the IV are actually used |
| 226 | * to store the file size modulo the AES block size. |
| 227 | */ |
| 228 | lastn = (int)( filesize & 0x0F ); |
| 229 | |
| 230 | IV[15] = (unsigned char) |
| 231 | ( ( IV[15] & 0xF0 ) | lastn ); |
| 232 | |
| 233 | /* |
| 234 | * Append the IV at the beginning of the output. |
| 235 | */ |
| 236 | if( fwrite( IV, 1, 16, fout ) != 16 ) |
| 237 | { |
| 238 | fprintf( stderr, "fwrite(%d bytes) failed\n", 16 ); |
| 239 | goto exit; |
| 240 | } |
| 241 | |
| 242 | /* |
| 243 | * Hash the IV and the secret key together 8192 times |
| 244 | * using the result to setup the AES context and HMAC. |
| 245 | */ |
| 246 | memset( digest, 0, 32 ); |
| 247 | memcpy( digest, IV, 16 ); |
| 248 | |
| 249 | for( i = 0; i < 8192; i++ ) |
| 250 | { |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 251 | sha256_starts( &sha_ctx, 0 ); |
| 252 | sha256_update( &sha_ctx, digest, 32 ); |
| 253 | sha256_update( &sha_ctx, key, keylen ); |
| 254 | sha256_finish( &sha_ctx, digest ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 255 | } |
| 256 | |
| 257 | memset( key, 0, sizeof( key ) ); |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 258 | aes_setkey_enc( &aes_ctx, digest, 256 ); |
| 259 | sha256_hmac_starts( &sha_ctx, digest, 32, 0 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 260 | |
| 261 | /* |
| 262 | * Encrypt and write the ciphertext. |
| 263 | */ |
| 264 | for( offset = 0; offset < filesize; offset += 16 ) |
| 265 | { |
| 266 | n = ( filesize - offset > 16 ) ? 16 : (int) |
| 267 | ( filesize - offset ); |
| 268 | |
| 269 | if( fread( buffer, 1, n, fin ) != (size_t) n ) |
| 270 | { |
| 271 | fprintf( stderr, "fread(%d bytes) failed\n", n ); |
| 272 | goto exit; |
| 273 | } |
| 274 | |
| 275 | for( i = 0; i < 16; i++ ) |
| 276 | buffer[i] = (unsigned char)( buffer[i] ^ IV[i] ); |
| 277 | |
| 278 | aes_crypt_ecb( &aes_ctx, AES_ENCRYPT, buffer, buffer ); |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 279 | sha256_hmac_update( &sha_ctx, buffer, 16 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 280 | |
| 281 | if( fwrite( buffer, 1, 16, fout ) != 16 ) |
| 282 | { |
| 283 | fprintf( stderr, "fwrite(%d bytes) failed\n", 16 ); |
| 284 | goto exit; |
| 285 | } |
| 286 | |
| 287 | memcpy( IV, buffer, 16 ); |
| 288 | } |
| 289 | |
| 290 | /* |
| 291 | * Finally write the HMAC. |
| 292 | */ |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 293 | sha256_hmac_finish( &sha_ctx, digest ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 294 | |
| 295 | if( fwrite( digest, 1, 32, fout ) != 32 ) |
| 296 | { |
| 297 | fprintf( stderr, "fwrite(%d bytes) failed\n", 16 ); |
| 298 | goto exit; |
| 299 | } |
| 300 | } |
| 301 | |
| 302 | if( mode == MODE_DECRYPT ) |
| 303 | { |
| 304 | unsigned char tmp[16]; |
| 305 | |
| 306 | /* |
| 307 | * The encrypted file must be structured as follows: |
| 308 | * |
| 309 | * 00 .. 15 Initialization Vector |
| 310 | * 16 .. 31 AES Encrypted Block #1 |
| 311 | * .. |
| 312 | * N*16 .. (N+1)*16 - 1 AES Encrypted Block #N |
| 313 | * (N+1)*16 .. (N+1)*16 + 32 HMAC-SHA-256(ciphertext) |
| 314 | */ |
| 315 | if( filesize < 48 ) |
| 316 | { |
| 317 | fprintf( stderr, "File too short to be encrypted.\n" ); |
| 318 | goto exit; |
| 319 | } |
| 320 | |
| 321 | if( ( filesize & 0x0F ) != 0 ) |
| 322 | { |
| 323 | fprintf( stderr, "File size not a multiple of 16.\n" ); |
| 324 | goto exit; |
| 325 | } |
| 326 | |
| 327 | /* |
Paul Bakker | 60b1d10 | 2013-10-29 10:02:51 +0100 | [diff] [blame] | 328 | * Subtract the IV + HMAC length. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 329 | */ |
| 330 | filesize -= ( 16 + 32 ); |
| 331 | |
| 332 | /* |
| 333 | * Read the IV and original filesize modulo 16. |
| 334 | */ |
| 335 | if( fread( buffer, 1, 16, fin ) != 16 ) |
| 336 | { |
| 337 | fprintf( stderr, "fread(%d bytes) failed\n", 16 ); |
| 338 | goto exit; |
| 339 | } |
| 340 | |
| 341 | memcpy( IV, buffer, 16 ); |
| 342 | lastn = IV[15] & 0x0F; |
| 343 | |
| 344 | /* |
| 345 | * Hash the IV and the secret key together 8192 times |
| 346 | * using the result to setup the AES context and HMAC. |
| 347 | */ |
| 348 | memset( digest, 0, 32 ); |
| 349 | memcpy( digest, IV, 16 ); |
| 350 | |
| 351 | for( i = 0; i < 8192; i++ ) |
| 352 | { |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 353 | sha256_starts( &sha_ctx, 0 ); |
| 354 | sha256_update( &sha_ctx, digest, 32 ); |
| 355 | sha256_update( &sha_ctx, key, keylen ); |
| 356 | sha256_finish( &sha_ctx, digest ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 357 | } |
| 358 | |
| 359 | memset( key, 0, sizeof( key ) ); |
Paul Bakker | 8cfd9d8 | 2014-06-18 11:16:11 +0200 | [diff] [blame] | 360 | aes_setkey_dec( &aes_ctx, digest, 256 ); |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 361 | sha256_hmac_starts( &sha_ctx, digest, 32, 0 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 362 | |
| 363 | /* |
| 364 | * Decrypt and write the plaintext. |
| 365 | */ |
| 366 | for( offset = 0; offset < filesize; offset += 16 ) |
| 367 | { |
| 368 | if( fread( buffer, 1, 16, fin ) != 16 ) |
| 369 | { |
| 370 | fprintf( stderr, "fread(%d bytes) failed\n", 16 ); |
| 371 | goto exit; |
| 372 | } |
| 373 | |
| 374 | memcpy( tmp, buffer, 16 ); |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 375 | |
| 376 | sha256_hmac_update( &sha_ctx, buffer, 16 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 377 | aes_crypt_ecb( &aes_ctx, AES_DECRYPT, buffer, buffer ); |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 378 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 379 | for( i = 0; i < 16; i++ ) |
| 380 | buffer[i] = (unsigned char)( buffer[i] ^ IV[i] ); |
| 381 | |
| 382 | memcpy( IV, tmp, 16 ); |
| 383 | |
| 384 | n = ( lastn > 0 && offset == filesize - 16 ) |
| 385 | ? lastn : 16; |
| 386 | |
| 387 | if( fwrite( buffer, 1, n, fout ) != (size_t) n ) |
| 388 | { |
| 389 | fprintf( stderr, "fwrite(%d bytes) failed\n", n ); |
| 390 | goto exit; |
| 391 | } |
| 392 | } |
| 393 | |
| 394 | /* |
| 395 | * Verify the message authentication code. |
| 396 | */ |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 397 | sha256_hmac_finish( &sha_ctx, digest ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 398 | |
| 399 | if( fread( buffer, 1, 32, fin ) != 32 ) |
| 400 | { |
| 401 | fprintf( stderr, "fread(%d bytes) failed\n", 32 ); |
| 402 | goto exit; |
| 403 | } |
| 404 | |
Manuel Pégourié-Gonnard | 291f9af | 2013-10-28 12:51:32 +0100 | [diff] [blame] | 405 | /* Use constant-time buffer comparison */ |
| 406 | diff = 0; |
| 407 | for( i = 0; i < 32; i++ ) |
| 408 | diff |= digest[i] ^ buffer[i]; |
| 409 | |
| 410 | if( diff != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 411 | { |
| 412 | fprintf( stderr, "HMAC check failed: wrong key, " |
| 413 | "or file corrupted.\n" ); |
| 414 | goto exit; |
| 415 | } |
| 416 | } |
| 417 | |
| 418 | ret = 0; |
| 419 | |
| 420 | exit: |
Paul Bakker | 6d44032 | 2011-02-06 12:49:19 +0000 | [diff] [blame] | 421 | if( fin ) |
| 422 | fclose( fin ); |
| 423 | if( fout ) |
| 424 | fclose( fout ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 425 | |
| 426 | memset( buffer, 0, sizeof( buffer ) ); |
| 427 | memset( digest, 0, sizeof( digest ) ); |
| 428 | |
Paul Bakker | 8cfd9d8 | 2014-06-18 11:16:11 +0200 | [diff] [blame] | 429 | aes_free( &aes_ctx ); |
Paul Bakker | 14e8be4 | 2014-06-26 12:25:06 +0200 | [diff] [blame] | 430 | sha256_free( &sha_ctx ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 431 | |
| 432 | return( ret ); |
| 433 | } |
Paul Bakker | 9e36f04 | 2013-06-30 14:34:05 +0200 | [diff] [blame] | 434 | #endif /* POLARSSL_AES_C && POLARSSL_SHA256_C */ |