صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
tobias.wach
/
CCats
mirrorاز https://git.rwth-aachen.de/tobias.wach/ccats
1
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
شاخه: master
شاخه‌ها تگ‌ها
CCats
/
cli
/
test
/
cryptotest_gcm.c

cryptotest_gcm.c 6.2 KB
لینک دائمی تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240 
  1. #include <openssl/conf.h>
    2. 

  2. #include <openssl/err.h>
    3. 

  3. #include <openssl/evp.h>
    4. 

  4. #include <stdio.h>
    5. 

  5. #include <string.h>
    6. 

  6. 

  7. // based on OpenSSL sample
    8. 

  8. // refer to https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption
    9. 

  9. 

  10. void handleErrors(void);
    11. 

  11. int gcm_encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, unsigned char *iv, int iv_len, unsigned char *ciphertext, unsigned char *tag);
    12. 

  12. int gcm_decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *tag, unsigned char *key, unsigned char *iv, int iv_len, unsigned char *plaintext);
    13. 

  13. 

  14. int main(int argc, char **argv) {
    15. 

  15. 	/*
    16. 

  16. 	 * Set up the key and iv. Do I need to say to not hard code these in a
    17. 

  17. 	 * real application? :-)
    18. 

  18. 	 */
    19. 

  19. 

  20. 	FILE *f, *o;
    21. 

  21. 	unsigned char signature[4] = {'C', 'C', 'A', 'T'};
    22. 

  22. 	unsigned char key[32];
    23. 

  23. 	unsigned char iv[12];
    24. 

  24. 	unsigned char tag[16];
    25. 

  25. 	unsigned char *plain;
    26. 

  26. 	unsigned char *cipher;
    27. 

  27. 	unsigned insize, mode;
    28. 

  28. 	int decryptedtext_len, ciphertext_len;
    29. 

  29. 	if (argc < 4) {
    30. 

  30. 		printf("not enough args. use %s mode key in out\n", argv[0]);
    31. 

  31. 		return 1;
    32. 

  32. 	}
    33. 

  33. 

  34. 	mode = strtoul(argv[1], NULL, 10);
    35. 

  35. 

  36. 	if (!(f = fopen(argv[2], "rb"))) {
    37. 

  37. 		printf("cannot open key\n");
    38. 

  38. 		return 1;
    39. 

  39. 	}
    40. 

  40. 	fread(key, sizeof(key), 1, f);
    41. 

  41. 	fclose(f);
    42. 

  42. 

  43. 	if (!(f = fopen("/dev/urandom", "rb"))) {
    44. 

  44. 		printf("cannot open urandom\n");
    45. 

  45. 		return 1;
    46. 

  46. 	}
    47. 

  47. 	fread(iv, sizeof(iv), 1, f);
    48. 

  48. 	fclose(f);
    49. 

  49. 

  50. 	if (!(f = fopen(argv[3], "rb"))) {
    51. 

  51. 		printf("cannot open in\n");
    52. 

  52. 		return 1;
    53. 

  53. 	}
    54. 

  54. 	if (!(o = fopen(argv[4], "wb"))) {
    55. 

  55. 		printf("cannot open out\n");
    56. 

  56. 		return 1;
    57. 

  57. 	}
    58. 

  58. 

  59. 	if (mode) {
    60. 

  60. 		printf("using iv ");
    61. 

  61. 		for (unsigned i = 0; i < sizeof(iv); i++)
    62. 

  62. 			printf("%02x ", iv[i]);
    63. 

  63. 		printf("\n");
    64. 

  64. 

  65. 		printf("using tag ");
    66. 

  66. 		for (unsigned i = 0; i < sizeof(tag); i++)
    67. 

  67. 			printf("%02x ", tag[i]);
    68. 

  68. 		printf("\n");
    69. 

  69. 

  70. 		fseek(f, 0, SEEK_END);
    71. 

  71. 		insize = ftell(f) + 4;
    72. 

  72. 		fseek(f, 0, SEEK_SET);
    73. 

  73. 		plain = malloc(insize);
    74. 

  74. 		cipher = malloc(insize);
    75. 

  75. 		fread(plain + 4, insize, 1, f);
    76. 

  76. 		fclose(f);
    77. 

  77. 		/* prepend signature */
    78. 

  78. 		memcpy(plain, signature, 4);
    79. 

  79. 		/* Encrypt the plaintext */
    80. 

  80. 		ciphertext_len = gcm_encrypt(plain, insize, key, iv, sizeof(iv), cipher, tag);
    81. 

  81. 		fwrite(iv, sizeof(iv), 1, o);
    82. 

  82. 		fwrite(tag, sizeof(tag), 1, o);
    83. 

  83. 		fwrite(cipher, ciphertext_len, 1, o);
    84. 

  84. 		fclose(o);
    85. 

  85. 	} else {
    86. 

  86. 		fseek(f, 0, SEEK_END);
    87. 

  87. 		insize = ftell(f) - sizeof(iv) - sizeof(tag);
    88. 

  88. 		fseek(f, 0, SEEK_SET);
    89. 

  89. 		cipher = malloc(insize);
    90. 

  90. 		plain = malloc(insize);
    91. 

  91. 		fread(iv, sizeof(iv), 1, f);
    92. 

  92. 		fread(tag, sizeof(tag), 1, f);
    93. 

  93. 		fread(cipher, insize, 1, f);
    94. 

  94. 		fclose(f);
    95. 

  95. 

  96. 		printf("using iv ");
    97. 

  97. 		for (unsigned i = 0; i < sizeof(iv); i++)
    98. 

  98. 			printf("%02x ", iv[i]);
    99. 

  99. 		printf("\n");
    100. 

  100. 

  101. 		printf("using tag ");
    102. 

  102. 		for (unsigned i = 0; i < sizeof(tag); i++)
    103. 

  103. 			printf("%02x ", tag[i]);
    104. 

  104. 		printf("\n");
    105. 

  105. 

  106. 		decryptedtext_len = gcm_decrypt(cipher, insize, tag, key, iv, sizeof(iv), plain);
    107. 

  107. 		if (decryptedtext_len < 0) {
    108. 

  108. 			printf("decrypt failed\n");
    109. 

  109. 			fclose(o);
    110. 

  110. 			remove(argv[4]);
    111. 

  111. 		} else if (memcmp(plain, signature, 4)) {
    112. 

  112. 			printf("signature mismatch, expected ");
    113. 

  113. 			for (int i = 0; i < sizeof(signature); i++)
    114. 

  114. 				printf("%02x ", signature[i]);
    115. 

  115. 			printf("but got ");
    116. 

  116. 			for (int i = 0; i < sizeof(signature); i++)
    117. 

  117. 				printf("%02x ", plain[i]);
    118. 

  118. 			printf("\n");
    119. 

  119. 			fclose(o);
    120. 

  120. 			remove(argv[4]);
    121. 

  121. 		} else {
    122. 

  122. 			fwrite(plain + 4, decryptedtext_len - 4, 1, o);
    123. 

  123. 			fclose(o);
    124. 

  124. 		}
    125. 

  125. 	}
    126. 

  126. 	free(cipher);
    127. 

  127. 	free(plain);
    128. 

  128. 	printf("done\n");
    129. 

  129. 	return 0;
    130. 

  130. }
    131. 

  131. 

  132. void handleErrors(void) {
    133. 

  133. 	ERR_print_errors_fp(stderr);
    134. 

  134. 	abort();
    135. 

  135. }
    136. 

  136. 

  137. int gcm_encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, unsigned char *iv, int iv_len, unsigned char *ciphertext, unsigned char *tag) {
    138. 

  138. 	EVP_CIPHER_CTX *ctx;
    139. 

  139. 

  140. 	int len;
    141. 

  141. 

  142. 	int ciphertext_len;
    143. 

  143. 

  144. 	/* Create and initialise the context */
    145. 

  145. 	if (!(ctx = EVP_CIPHER_CTX_new()))
    146. 

  146. 		handleErrors();
    147. 

  147. 

  148. 	/* Initialise the encryption operation. */
    149. 

  149. 	if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
    150. 

  150. 		handleErrors();
    151. 

  151. 

  152. 	/*
    153. 

  153. 	 * Set IV length if default 12 bytes (96 bits) is not appropriate
    154. 

  154. 	 */
    155. 

  155. 	if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, iv_len, NULL))
    156. 

  156. 		handleErrors();
    157. 

  157. 

  158. 	/* Initialise key and IV */
    159. 

  159. 	if (1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
    160. 

  160. 		handleErrors();
    161. 

  161. 

  162. 	/*
    163. 

  163. 	 * Provide the message to be encrypted, and obtain the encrypted output.
    164. 

  164. 	 * EVP_EncryptUpdate can be called multiple times if necessary
    165. 

  165. 	 */
    166. 

  166. 	if (1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
    167. 

  167. 		handleErrors();
    168. 

  168. 	ciphertext_len = len;
    169. 

  169. 

  170. 	/*
    171. 

  171. 	 * Finalise the encryption. Normally ciphertext bytes may be written at
    172. 

  172. 	 * this stage, but this does not occur in GCM mode
    173. 

  173. 	 */
    174. 

  174. 	if (1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
    175. 

  175. 		handleErrors();
    176. 

  176. 	ciphertext_len += len;
    177. 

  177. 

  178. 	/* Get the tag */
    179. 

  179. 	if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
    180. 

  180. 		handleErrors();
    181. 

  181. 

  182. 	/* Clean up */
    183. 

  183. 	EVP_CIPHER_CTX_free(ctx);
    184. 

  184. 

  185. 	return ciphertext_len;
    186. 

  186. }
    187. 

  187. 

  188. int gcm_decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *tag, unsigned char *key, unsigned char *iv, int iv_len,
    189. 

  189.                 unsigned char *plaintext) {
    190. 

  190. 	EVP_CIPHER_CTX *ctx;
    191. 

  191. 	int len;
    192. 

  192. 	int plaintext_len;
    193. 

  193. 	int ret;
    194. 

  194. 

  195. 	/* Create and initialise the context */
    196. 

  196. 	if (!(ctx = EVP_CIPHER_CTX_new()))
    197. 

  197. 		handleErrors();
    198. 

  198. 

  199. 	/* Initialise the decryption operation. */
    200. 

  200. 	if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
    201. 

  201. 		handleErrors();
    202. 

  202. 

  203. 	/* Set IV length. Not necessary if this is 12 bytes (96 bits) */
    204. 

  204. 	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, iv_len, NULL))
    205. 

  205. 		handleErrors();
    206. 

  206. 

  207. 	/* Initialise key and IV */
    208. 

  208. 	if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
    209. 

  209. 		handleErrors();
    210. 

  210. 

  211. 	/*
    212. 

  212. 	 * Provide the message to be decrypted, and obtain the plaintext output.
    213. 

  213. 	 * EVP_DecryptUpdate can be called multiple times if necessary
    214. 

  214. 	 */
    215. 

  215. 	if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
    216. 

  216. 		handleErrors();
    217. 

  217. 	plaintext_len = len;
    218. 

  218. 

  219. 	/* Set expected tag value. Works in OpenSSL 1.0.1d and later */
    220. 

  220. 	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
    221. 

  221. 		handleErrors();
    222. 

  222. 

  223. 	/*
    224. 

  224. 	 * Finalise the decryption. A positive return value indicates success,
    225. 

  225. 	 * anything else is a failure - the plaintext is not trustworthy.
    226. 

  226. 	 */
    227. 

  227. 	ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
    228. 

  228. 

  229. 	/* Clean up */
    230. 

  230. 	EVP_CIPHER_CTX_free(ctx);
    231. 

  231. 

  232. 	if (ret > 0) {
    233. 

  233. 		/* Success */
    234. 

  234. 		plaintext_len += len;
    235. 

  235. 		return plaintext_len;
    236. 

  236. 	} else {
    237. 

  237. 		/* Verify failed */
    238. 

  238. 		return -1;
    239. 

  239. 	}
    240. 

  240. }
    241.