~aritra1911/openssl_madness

bc61906234826a04e51712bee32ec964950fdade — Aritra Sarkar 2 years ago d82553e + 4e4994c
Merge branch 'aes' into openssl-3.0
6 files changed, 136 insertions(+), 4 deletions(-)

M .gitignore
M Makefile
A aes.c
A driver.c
A message.txt.aes128_cbc
M notes.txt
M .gitignore => .gitignore +1 -0
@@ 1,3 1,4 @@
*.o
*.swp
madness
aes

M Makefile => Makefile +7 -4
@@ 16,13 16,16 @@ endif

.PHONY: all clean

all: madness
all: madness aes

madness: madness.o
	$(CC) $(LDFLAGS) -o $@ $^

madness.o: madness.c
	$(CC) $(CFLAGS) -c -o $@ $^
aes: aes.o driver.o
	$(CC) $(LDFLAGS) -o $@ $^

%.o: %.c
	$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<

clean:
	$(RM) *.o madness
	$(RM) *.o madness aes

A aes.c => aes.c +63 -0
@@ 0,0 1,63 @@
#include <stdio.h>
#include <openssl/evp.h>

/**
 * General encryption and decryption function example using FILE I/O and
 * AES128 with a 128-bit key:
 */
int do_crypt(FILE *in, FILE *out, int do_encrypt)
{
    /* Allow enough space in output buffer for additional block */
    unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
    int inlen, outlen;
    EVP_CIPHER_CTX *ctx;
    /*
     * Bogus key and IV: we'd normally set these from
     * another source.
     */
    unsigned char key[] = "0123456789abcdeF";
    unsigned char iv[] = "1234567887654321";

    /* Don't set key or IV right away; we want to check lengths */
    ctx = EVP_CIPHER_CTX_new();

#if OPENSSL_VERSION_NUMBER < 0x30000000L
    EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
                      do_encrypt);
    OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
    OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
#else
    EVP_CipherInit_ex2(ctx, EVP_aes_128_cbc(), NULL, NULL,
                       do_encrypt, NULL);
    OPENSSL_assert(EVP_CIPHER_CTX_get_key_length(ctx) == 16);
    OPENSSL_assert(EVP_CIPHER_CTX_get_iv_length(ctx) == 16);
#endif

    /* Now we can set key and IV */
#if OPENSSL_VERSION_NUMBER < 0x30000000L
    EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1);
#else
    EVP_CipherInit_ex2(ctx, NULL, key, iv, -1, NULL);
#endif

    for (;;) {
        inlen = fread(inbuf, 1, 1024, in);
        if (inlen <= 0)
            break;
        if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) {
            /* Error */
            EVP_CIPHER_CTX_free(ctx);
            return 0;
        }
        fwrite(outbuf, 1, outlen, out);
    }
    if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) {
        /* Error */
        EVP_CIPHER_CTX_free(ctx);
        return 0;
    }
    fwrite(outbuf, 1, outlen, out);

    EVP_CIPHER_CTX_free(ctx);
    return 1;
}

A driver.c => driver.c +37 -0
@@ 0,0 1,37 @@
#include <stdio.h>
#include <stdlib.h>

int do_crypt(FILE *in, FILE *out, int do_encrypt);

static inline void print_usage(const char *bin)
{
    fprintf(stderr, "Usage : %s [-d]\n", bin);
}

int main(int argc, char **argv)
{
    int enc = 1;

    /* A small itsy bitsy tiny little argument parser */
    if ( argc > 1 ) {
        for (int i = 1; i < argc; i++) {
            if ( argv[i][0] == '-' ) {
                switch ( argv[i][1] ) {
                case 'd':
                    enc = 0;
                    break;
                default:
                    print_usage(argv[0]);
                    return EXIT_FAILURE;
                }
            } else {
                print_usage(argv[0]);
                return EXIT_FAILURE;
            }
        }
    }

    do_crypt(stdin, stdout, enc);

    return 0;
}

A message.txt.aes128_cbc => message.txt.aes128_cbc +0 -0
M notes.txt => notes.txt +28 -0
@@ 40,3 40,31 @@ $ fortune -s | /opt/openssl/bin/openssl pkeyutl -encrypt -inkey pubkey.pem -pubi
# OR : Use our own tool #

$ fortune -l | ./madness -ek pubkey.pem | ./madness -dk key.pem


#########
## AES ##
#########

❯ /opt/openssl/bin/openssl enc -aes-128-cbc -pass pass:hello -S B00B5A2D3121C8A7 -pbkdf2 -P
salt=B00B5A2D3121C8A7
key=BB2D36DF28856942C778A174DDAE79AF
iv =BF6A5178C88652023E9907A331BF1504

Yes the salt is 'BOOBSANDMINICHAT'

❯ fortune -lo | /opt/openssl/bin/openssl enc -aes-128-cbc -pass pass:hello -S B00B5A2D3121C8A7 -pbkdf2 -v -out offortune.aes_128_cbc
bufsize=8192
bytes read   :      626
bytes written:      640

❯ /opt/openssl/bin/openssl enc -aes-128-cbc -d -pass pass:hello -S B00B5A2D3121C8A7 -pbkdf2 -in offortune.aes_128_cbc
"Creation science" has not entered the curriculum for a reason so simple
 and so basic that we often forget to mention it: because it is false, and
 because good teachers understand exactly why it is false.  What could be
 more destructive of that most fragile yet most precious commodity in our
 entire intellectual heritage -- good teaching -- than a bill forcing
 honorable teachers to sully their sacred trust by granting equal treatment
 to a doctrine not only known to be false, but calculated to undermine any
 general understanding of science as an enterprise?"
          [Stephen Jay Gould, "The Skeptical Inquirer"]