mirrors
/
enchive
mirror of https://github.com/skeeto/enchive.git
1
0
Fork 0
Code Issues Releases Wiki Activity
enchive/enchive.c

831 lines
20 KiB
C
Raw Blame History

#define _POSIX_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <errno.h>
#define OPTPARSE_IMPLEMENTATION
#include "docs.h"
#include "sha256.h"
#include "chacha.h"
#include "optparse.h"
int curve25519_donna(u8 *p, const u8 *s, const u8 *b);
/* Global options. */
static char *global_random_device = "/dev/urandom";
static char *global_pubkey = 0;
static char *global_seckey = 0;
static struct {
char *name;
FILE *file;
} cleanup[2];
static void
cleanup_register(FILE *file, char *name)
{
if (file) {
unsigned i;
for (i = 0; i < sizeof(cleanup) / sizeof(*cleanup); i++) {
cleanup[i].name = name;
cleanup[i].file = file;
return;
}
}
abort();
}
static void
fatal(const char *fmt, ...)
{
unsigned i;
va_list ap;
va_start(ap, fmt);
fprintf(stderr, "enchive: ");
vfprintf(stderr, fmt, ap);
fputc('\n', stderr);
for (i = 0; i < sizeof(cleanup) / sizeof(*cleanup); i++) {
if (cleanup[i].file)
fclose(cleanup[i].file);
remove(cleanup[i].name);
}
exit(EXIT_FAILURE);
}
static void
get_passphrase_dumb(char *buf, size_t len, char *prompt)
{
size_t passlen;
fprintf(stderr, "warning: reading passphrase from stdin with echo\n");
fputs(prompt, stderr);
fflush(stderr);
if (!fgets(buf, len, stdin))
fatal("could not read passphrase");
passlen = strlen(buf);
if (buf[passlen - 1] < ' ')
buf[passlen - 1] = 0;
}
#if defined(__unix__) || defined(__APPLE__)
#include <fcntl.h>
#include <unistd.h>
#include <termios.h>
static FILE *
secure_creat(char *file)
{
int fd = open(file, O_CREAT | O_WRONLY, 00600);
if (fd == -1)
return 0;
return fdopen(fd, "wb");
}
static void
get_passphrase(char *buf, size_t len, char *prompt)
{
int tty = open("/dev/tty", O_RDWR);
if (tty == -1) {
get_passphrase_dumb(buf, len, prompt);
} else {
char newline = '\n';
size_t i = 0;
struct termios old, new;
if (write(tty, prompt, strlen(prompt)) == -1)
fatal("error asking for passphrase");
tcgetattr(tty, &old);
new = old;
new.c_lflag &= ~ECHO;
tcsetattr(tty, TCSANOW, &new);
errno = 0;
while (i < len - 1 && read(tty, buf + i, 1) == 1) {
if (buf[i] == '\n' || buf[i] == '\r')
break;
i++;
}
buf[i] = 0;
tcsetattr(tty, TCSANOW, &old);
if (write(tty, &newline, 1) == -1)
fatal("error asking for passphrase");
close(tty);
if (errno)
fatal("could not read passphrase from /dev/tty");
}
}
#elif defined(_WIN32)
#include <windows.h>
static void
get_passphrase(char *buf, size_t len, char *prompt)
{
DWORD orig;
HANDLE in = GetStdHandle(STD_INPUT_HANDLE);
if (!GetConsoleMode(in, &orig)) {
get_passphrase_dumb(buf, len, prompt);
} else {
size_t passlen;
size_t i = 0;
DWORD n;
SetConsoleMode(in, orig & ~ENABLE_ECHO_INPUT);
fputs(prompt, stderr);
if (!fgets(buf, len, stdin))
fatal("could not read passphrase");
fputc('\n', stderr);
passlen = strlen(buf);
if (buf[passlen - 1] < ' ')
buf[passlen - 1] = 0;
}
}
/* fallback to standard open */
static FILE *
secure_creat(char *file)
{
return fopen(file, "wb");
}
#else
/* fallback to standard open */
static FILE *
secure_creat(char *file)
{
return fopen(file, "wb");
}
static void
get_passphrase(char *buf, size_t len, char *prompt)
{
get_passphrase_dumb(buf, len, prompt);
}
#endif
#define KEY_DERIVE_ITERATIONS 0x00400000ul
#define SECKEY_DERIVE_ITERATIONS 0x01000000ul
static void
key_derive(char *key, u8 *buf, unsigned long iterations)
{
unsigned long i;
SHA256_CTX ctx[1];
sha256_init(ctx);
sha256_final(ctx, buf);
for (i = 0; i < iterations; i++) {
sha256_init(ctx);
sha256_update(ctx, (void *)key, strlen(key));
sha256_update(ctx, buf, sizeof(buf));
sha256_final(ctx, buf);
}
}
#if defined(__unix__) || defined(__APPLE__)
static void
secure_entropy(void *buf, size_t len)
{
FILE *r = fopen(global_random_device, "rb");
if (!r)
fatal("failed to open /dev/urandom");
if (!fread(buf, len, 1, r))
fatal("failed to gather entropy");
fclose(r);
}
#elif defined (_WIN32)
#include <windows.h>
static void
secure_entropy(void *buf, size_t len)
{
HCRYPTPROV h = 0;
DWORD type = PROV_RSA_FULL;
DWORD flags = CRYPT_VERIFYCONTEXT | CRYPT_SILENT;
if (!CryptAcquireContext(&h, 0, 0, type, flags) ||
!CryptGenRandom(h, len, buf))
fatal("failed to gather entropy");
CryptReleaseContext(h, 0);
}
#endif
static void
generate_secret(u8 *s)
{
secure_entropy(s, 32);
s[0] &= 248;
s[31] &= 127;
s[31] |= 64;
}
static void
compute_public(u8 *p, const u8 *s)
{
static const u8 b[32] = {9};
curve25519_donna(p, s, b);
}
static void
compute_shared(u8 *sh, const u8 *s, const u8 *p)
{
curve25519_donna(sh, s, p);
}
static void
symmetric_encrypt(FILE *in, FILE *out, u8 *key, u8 *iv)
{
static u8 buffer[2][CHACHA_BLOCKLENGTH * 1024];
u8 msghash[SHA256_BLOCK_SIZE];
SHA256_CTX hash[1];
chacha_ctx ctx[1];
chacha_keysetup(ctx, key, 256);
chacha_ivsetup(ctx, iv);
sha256_init(hash);
for (;;) {
size_t z = fread(buffer[0], 1, sizeof(buffer[0]), in);
if (!z) {
if (ferror(in))
fatal("error reading plaintext file");
break;
}
sha256_update(hash, buffer[0], z);
chacha_encrypt_bytes(ctx, buffer[0], buffer[1], z);
if (!fwrite(buffer[1], z, 1, out))
fatal("error writing ciphertext file");
if (z < sizeof(buffer[0]))
break;
}
sha256_final(hash, msghash);
sha256_init(hash);
sha256_update(hash, key, 32);
sha256_update(hash, msghash, sizeof(msghash));
sha256_final(hash, msghash);
if (!fwrite(msghash, SHA256_BLOCK_SIZE, 1, out))
fatal("error writing checksum to ciphertext file");
if (fflush(out))
fatal("error flushing to ciphertext file");
}
static void
symmetric_decrypt(FILE *in, FILE *out, u8 *key, u8 *iv)
{
static u8 buffer[2][CHACHA_BLOCKLENGTH * 1024 + SHA256_BLOCK_SIZE];
u8 msghash[SHA256_BLOCK_SIZE];
SHA256_CTX hash[1];
chacha_ctx ctx[1];
chacha_keysetup(ctx, key, 256);
chacha_ivsetup(ctx, iv);
sha256_init(hash);
/* Always keep SHA256_BLOCK_SIZE bytes in the buffer. */
if (!(fread(buffer[0], SHA256_BLOCK_SIZE, 1, in))) {
if (ferror(in))
fatal("cannot read ciphertext file");
else
fatal("ciphertext file too short");
}
for (;;) {
u8 *p = buffer[0] + SHA256_BLOCK_SIZE;
size_t z = fread(p, 1, sizeof(buffer[0]) - SHA256_BLOCK_SIZE, in);
if (!z) {
if (ferror(in))
fatal("error reading ciphertext file");
break;
}
chacha_encrypt_bytes(ctx, buffer[0], buffer[1], z);
sha256_update(hash, buffer[1], z);
if (!fwrite(buffer[1], z, 1, out))
fatal("error writing plaintext file");
/* Move last SHA256_BLOCK_SIZE bytes to the front. */
memmove(buffer[0], buffer[0] + z, SHA256_BLOCK_SIZE);
if (z < sizeof(buffer[0]) - SHA256_BLOCK_SIZE)
break;
}
sha256_final(hash, msghash);
sha256_init(hash);
sha256_update(hash, key, 32);
sha256_update(hash, msghash, sizeof(msghash));
sha256_final(hash, msghash);
if (memcmp(buffer[0], msghash, SHA256_BLOCK_SIZE) != 0)
fatal("checksum mismatch!");
if (fflush(out))
fatal("error flushing to plaintext file");
}
static void
prepend_home(char *buf, size_t buflen, char *file)
{
size_t filelen = strlen(file);
char *home = getenv("HOME");
size_t homelen;
if (!home)
fatal("no HOME environment, can't figure out public file");
homelen = strlen(home);
if (homelen + 1 + filelen + 1 > buflen)
fatal("HOME is too long");
memcpy(buf, home, homelen);
buf[homelen] = '/';
memcpy(buf + homelen + 1, file, filelen + 1);
}
static char *
default_pubfile(void)
{
static char buf[4096];
prepend_home(buf, sizeof(buf), ".enchive.pub");
return buf;
}
static char *
default_secfile(void)
{
static char buf[4096];
prepend_home(buf, sizeof(buf), ".enchive.sec");
return buf;
}
static void
write_pubkey(char *file, u8 *key)
{
FILE *f = fopen(file, "wb");
if (!f)
fatal("failed to open key file for writing -- %s", file);
cleanup_register(f, file);
if (!fwrite(key, 32, 1, f))
fatal("failed to write key file -- %s", file);
if (fclose(f))
fatal("failed to flush key file -- %s", file);
}
static void
write_seckey(char *file, u8 *seckey, int encrypt)
{
FILE *secfile;
chacha_ctx cha[1];
SHA256_CTX sha[1];
u8 buf[8 + 24 + 32] = {0};
u8 key[32];
if (encrypt) {
char pass[2][256];
get_passphrase(pass[0], sizeof(pass[0]),
"passphrase (empty for none): ");
get_passphrase(pass[1], sizeof(pass[0]),
"passphrase (repeat): ");
if (strcmp(pass[0], pass[1]) != 0)
fatal("passphrases don't match");
if (!pass[0][0]) {
encrypt = 0;
} else {
key_derive(pass[0], key, KEY_DERIVE_ITERATIONS);
sha256_init(sha);
sha256_update(sha, key, 32);
sha256_final(sha, buf + 8);
secure_entropy(buf, 8);
}
}
if (encrypt) {
chacha_keysetup(cha, key, 256);
chacha_ivsetup(cha, buf);
chacha_encrypt_bytes(cha, seckey, buf + 32, 32);
} else {
memcpy(buf + 32, seckey, 32);
}
secfile = secure_creat(file);
if (!secfile)
fatal("failed to open key file for writing -- %s", file);
cleanup_register(secfile, file);
if (!fwrite(buf, sizeof(buf), 1, secfile))
fatal("failed to write key file -- %s", file);
if (fclose(secfile))
fatal("failed to flush key file -- %s", file);
}
static void
load_pubkey(char *file, u8 *key)
{
FILE *f = fopen(file, "rb");
if (!f)
fatal("failed to open key file for reading -- %s", file);
if (!fread(key, 32, 1, f))
fatal("failed to read key file -- %s", file);
fclose(f);
}
static void
load_seckey(char *file, u8 *seckey)
{
FILE *secfile;
chacha_ctx cha[1];
SHA256_CTX sha[1];
u8 buf[8 + 24 + 32];
u8 empty[8] = {0};
u8 keyhash[SHA256_BLOCK_SIZE];
u8 key[32];
secfile = fopen(file, "rb");
if (!secfile)
fatal("failed to open key file for reading -- %s", file);
if (!fread(buf, sizeof(buf), 1, secfile))
fatal("failed to read key file -- %s", file);
fclose(secfile);
if (memcmp(buf, empty, sizeof(empty)) != 0) {
char pass[256];
get_passphrase(pass, sizeof(pass), "passphrase: ");
key_derive(pass, key, KEY_DERIVE_ITERATIONS);
sha256_init(sha);
sha256_update(sha, key, 32);
sha256_final(sha, keyhash);
if (memcmp(keyhash, buf + 8, 24) != 0)
fatal("wrong passphrase");
chacha_keysetup(cha, key, 256);
chacha_ivsetup(cha, buf);
chacha_encrypt_bytes(cha, buf + 32, seckey, 32);
} else {
memcpy(seckey, buf + 32, 32);
}
}
enum command {
COMMAND_UNKNOWN = -2,
COMMAND_AMBIGUOUS = -1,
COMMAND_KEYGEN,
COMMAND_ARCHIVE,
COMMAND_EXTRACT,
COMMAND_HELP
};
static const char command_names[][8] = {
"keygen", "archive", "extract", "help"
};
static enum command
parse_command(char *command)
{
int found = -2;
size_t len = strlen(command);
int i;
for (i = 0; i < 4; i++) {
if (strncmp(command, command_names[i], len) == 0) {
if (found >= 0)
return COMMAND_AMBIGUOUS;
found = i;
}
}
return found;
}
static void
command_keygen(struct optparse *options)
{
static const struct optparse_long keygen[] = {
{"derive", 'd', OPTPARSE_NONE},
{"force", 'f', OPTPARSE_NONE},
{"plain", 'u', OPTPARSE_NONE},
{0, 0, 0}
};
char *pubfile = global_pubkey;
char *secfile = global_seckey;
u8 public[32];
u8 secret[32];
int clobber = 0;
int encrypt = 1;
int derive = 0;
int option;
while ((option = optparse_long(options, keygen, 0)) != -1) {
switch (option) {
case 'd':
derive = 1;
break;
case 'f':
clobber = 1;
break;
case 'u':
encrypt = 0;
break;
default:
fatal("%s", options->errmsg);
}
}
if (!pubfile)
pubfile = default_pubfile();
if (!clobber && fopen(pubfile, "r"))
fatal("operation would clobber %s", pubfile);
if (!secfile)
secfile = default_secfile();
if (!clobber && fopen(secfile, "r"))
fatal("operation would clobber %s", secfile);
/* Generate secret key. */
if (derive) {
char pass[2][256];
get_passphrase(pass[0], sizeof(pass[0]),
"secret key passphrase: ");
get_passphrase(pass[1], sizeof(pass[0]),
"secret key passphrase (repeat): ");
if (strcmp(pass[0], pass[1]) != 0)
fatal("passphrases don't match");
key_derive(pass[0], secret, SECKEY_DERIVE_ITERATIONS);
} else {
generate_secret(secret);
}
compute_public(public, secret);
write_pubkey(pubfile, public);
write_seckey(secfile, secret, encrypt);
}
static void
command_archive(struct optparse *options)
{
static const struct optparse_long archive[] = {
{"delete", 'd', OPTPARSE_NONE},
{0, 0, 0}
};
char *infile;
char *outfile;
FILE *in = stdin;
FILE *out = stdout;
char *pubfile = global_pubkey;
u8 public[32];
u8 esecret[32];
u8 epublic[32];
u8 shared[32];
u8 iv[8];
int delete = 0;
int option;
while ((option = optparse_long(options, archive, 0)) != -1) {
switch (option) {
case 'd':
delete = 1;
break;
default:
fatal("%s", options->errmsg);
}
}
if (!pubfile)
pubfile = default_pubfile();
load_pubkey(pubfile, public);
infile = optparse_arg(options);
if (infile) {
in = fopen(infile, "rb");
if (!in)
fatal("could not open input file -- %s", infile);
}
outfile = optparse_arg(options);
if (!outfile && infile) {
static const char suffix[] = ".enchive";
size_t len = strlen(infile);
outfile = malloc(len + sizeof(suffix));
if (!outfile)
fatal("out of memory");
memcpy(outfile, infile, len);
memcpy(outfile + len, suffix, sizeof(suffix));
}
if (outfile) {
out = fopen(outfile, "wb");
if (!out)
fatal("could not open output file -- %s", infile);
cleanup_register(out, outfile);
}
/* Generare ephemeral keypair. */
generate_secret(esecret);
compute_public(epublic, esecret);
compute_shared(shared, esecret, public);
secure_entropy(iv, sizeof(iv));
if (!fwrite(iv, sizeof(iv), 1, out))
fatal("failed to write IV to archive");
if (!fwrite(epublic, sizeof(epublic), 1, out))
fatal("failed to write ephemeral key to archive");
symmetric_encrypt(in, out, shared, iv);
if (in != stdin)
fclose(in);
if (out != stdout)
fclose(out); /* already flushed */
if (delete && infile)
remove(infile);
}
static void
command_extract(struct optparse *options)
{
static const struct optparse_long extract[] = {
{"delete", 'd', OPTPARSE_NONE},
{0, 0, 0}
};
char *infile;
char *outfile;
FILE *in = stdin;
FILE *out = stdout;
char *secfile = global_seckey;
u8 secret[32];
u8 epublic[32];
u8 shared[32];
u8 iv[8];
int delete = 0;
int option;
while ((option = optparse_long(options, extract, 0)) != -1) {
switch (option) {
case 'd':
delete = 1;
break;
default:
fatal("%s", options->errmsg);
}
}
if (!secfile)
secfile = default_secfile();
load_seckey(secfile, secret);
infile = optparse_arg(options);
if (infile) {
in = fopen(infile, "rb");
if (!in)
fatal("could not open input file -- %s", infile);
}
outfile = optparse_arg(options);
if (!outfile && infile) {
static const char suffix[] = ".enchive";
size_t slen = sizeof(suffix) - 1;
size_t len = strlen(infile);
if (len <= slen || strcmp(suffix, infile + len - slen) != 0)
fatal("could not determine output filename from %s", infile);
outfile = malloc(len - slen);
if (!outfile)
fatal("out of memory");
memcpy(outfile, infile, len - slen);
outfile[len - slen] = 0;
}
if (outfile) {
out = fopen(outfile, "wb");
if (!out)
fatal("could not open output file -- %s", infile);
cleanup_register(out, outfile);
}
if (!(fread(iv, sizeof(iv), 1, in)))
fatal("failed to read IV from archive");
if (!(fread(epublic, sizeof(epublic), 1, in)))
fatal("failed to read ephemeral key from archive");
compute_shared(shared, secret, epublic);
symmetric_decrypt(in, out, shared, iv);
if (in != stdin)
fclose(in);
if (out != stdout)
fclose(out); /* already flushed */
if (delete && infile)
remove(infile);
}
static void
command_help(struct optparse *options)
{
static const struct optparse_long help[] = {
{0, 0, 0}
};
char *command;
int option;
while ((option = optparse_long(options, help, 0)) != -1) {
switch (option) {
default:
fatal("%s", options->errmsg);
}
}
command = optparse_arg(options);
if (!command)
command = "help";
switch (parse_command(command)) {
case COMMAND_UNKNOWN:
case COMMAND_AMBIGUOUS:
fatal("unknown command -- %s\n", command);
break;
case COMMAND_KEYGEN:
fputs(docs_keygen, stdout);
break;
case COMMAND_ARCHIVE:
fputs(docs_archive, stdout);
break;
case COMMAND_EXTRACT:
fputs(docs_extract, stdout);
break;
case COMMAND_HELP:
fputs(docs_help, stdout);
break;
}
}
static void
print_usage(FILE *f)
{
fputs(docs_usage, f);
}
int
main(int argc, char **argv)
{
static const struct optparse_long global[] = {
{"random-device", 'r', OPTPARSE_REQUIRED},
{"pubkey", 'p', OPTPARSE_REQUIRED},
{"seckey", 's', OPTPARSE_REQUIRED},
{0, 0, 0}
};
int option;
char *command;
struct optparse options[1];
optparse_init(options, argv);
options->permute = 0;
(void)argc;
while ((option = optparse_long(options, global, 0)) != -1) {
switch (option) {
case 'r':
#ifdef _WIN32
fprintf(stderr, "warning: --random-device ignored\n");
#endif
global_random_device = options->optarg;
break;
case 'p':
global_pubkey = options->optarg;
break;
case 's':
global_seckey = options->optarg;
break;
default:
fatal("%s", options->errmsg);
}
}
command = optparse_arg(options);
options->permute = 1;
if (!command) {
fprintf(stderr, "enchive: missing command\n");
print_usage(stderr);
exit(EXIT_FAILURE);
}
switch (parse_command(command)) {
case COMMAND_UNKNOWN:
case COMMAND_AMBIGUOUS:
fprintf(stderr, "enchive: unknown command, %s\n", command);
print_usage(stderr);
exit(EXIT_FAILURE);
break;
case COMMAND_KEYGEN:
command_keygen(options);
break;
case COMMAND_ARCHIVE:
command_archive(options);
break;
case COMMAND_EXTRACT:
command_extract(options);
break;
case COMMAND_HELP:
command_help(options);
break;
}
return 0;
}
Reference in New Issue View Git Blame Copy Permalink