/******************************************************************************/ /* SlunkCrypt, by LoRd_MuldeR */ /* This work has been released under the CC0 1.0 Universal license! */ /******************************************************************************/ #ifdef _WIN32 # define _CRT_SECURE_NO_WARNINGS 1 #else # define _GNU_SOURCE 1 #endif #include #include "utils.h" #include "crc.h" #include "test.h" #include #include #include #include #include #define BUFFER_SIZE 4096U #define SLUNK_MODE_HELP 0 #define SLUNK_MODE_VERS 1 #define SLUNK_MODE_ENCR 2 #define SLUNK_MODE_DECR 3 #define SLUNK_MODE_TEST 4 static const CHR *const ENVV_PASSWD_NAME = T("SLUNK_PASSPHRASE"); // ========================================================================== // Auxiliary functions // ========================================================================== static int parse_mode(const CHR* const command) { if ((!STRICMP(command, T("-h"))) || (!STRICMP(command, T("/?"))) || (!STRICMP(command, T("--help")))) { return SLUNK_MODE_HELP; } else if ((!STRICMP(command, T("-v"))) || (!STRICMP(command, T("--version")))) { return SLUNK_MODE_VERS; } else if ((!STRICMP(command, T("-e"))) || (!STRICMP(command, T("--encrypt")))) { return SLUNK_MODE_ENCR; } else if ((!STRICMP(command, T("-d"))) || (!STRICMP(command, T("--decrypt")))) { return SLUNK_MODE_DECR; } else if ((!STRICMP(command, T("-t"))) || (!STRICMP(command, T("--self-test")))) { return SLUNK_MODE_TEST; } else { FPRINTF(stderr, T("Error: The specified command \"%") T(PRISTR) T("\" is unknown!\n\n"), command); exit(EXIT_FAILURE); } } static void print_manpage(const CHR *const program) { FPUTS(T("====================================================================\n"), stderr); FPUTS(T("This software has been released under the CC0 1.0 Universal license:\n"), stderr); FPUTS(T("https://creativecommons.org/publicdomain/zero/1.0/legalcode\n"), stderr); FPUTS(T("====================================================================\n\n"), stderr); FPUTS(T("Usage:\n"), stderr); FPRINTF(stderr, T(" %") T(PRISTR) T(" --encrypt [[@][:]] \n"), program); FPRINTF(stderr, T(" %") T(PRISTR) T(" --decrypt [[@][:]] \n\n"), program); } static char *read_passphrase(const CHR* const file_name) { const size_t max_len = SLUNKCRYPT_PWDLEN_MAX + 2U; char *buffer = (char*) malloc(max_len * sizeof(char)); if (!buffer) { return NULL; } const int use_stdin = (STRICMP(file_name, T("-")) == 0); FILE *const file = use_stdin ? stdin : FOPEN(file_name, T("rb")); if (!file) { free(buffer); return NULL; } do { if (!fgets(buffer, (int)max_len, file)) { free(buffer); buffer = NULL; goto finish; } size_t length = strlen(buffer); while ((length > 0U) && ((buffer[length - 1U] == '\r') || (buffer[length - 1U] == '\n'))) { buffer[--length] = '\0'; } } while (!buffer[0U]); finish: if ((!use_stdin) && file) { fclose(file); } return buffer; } static int weak_passphrase(const char *str) { int flags[4U] = { 0, 0, 0, 0 }; while (*str) { const CHR c = *str++; if (isalpha(c)) { flags[isupper(c) ? 0U : 1U] = 1; } else { flags[isdigit(c) ? 2U : 3U] = 1; } } const int strong = flags[0U] && flags[1U] && flags[2U] && flags[3U]; return !strong; } static int open_files(FILE **const file_in, FILE **const file_out, const CHR* const input_path, const CHR* const output_path) { *file_in = FOPEN(input_path, T("rb")); if (!(*file_in)) { FPUTS(T("Error: Failed to open input file for reading!\n\n"), stderr); return EXIT_FAILURE; } *file_out = FOPEN(output_path, T("wb")); if (!(*file_out)) { FPUTS(T("Error: Failed to open output file for writing!\n\n"), stderr); fclose(*file_out); return EXIT_FAILURE; } return EXIT_SUCCESS; } static void sigint_handler(const int sig) { if (sig == SIGINT) { g_slunkcrypt_abort_flag = 1; } } // ========================================================================== // Encrypt // ========================================================================== static int encrypt(const char* const passphrase, const CHR* const input_path, const CHR* const output_path) { slunkcrypt_t ctx = SLUNKCRYPT_NULL; FILE * file_in = NULL, * file_out = NULL; int result = EXIT_FAILURE; if (open_files(&file_in, &file_out, input_path, output_path) != EXIT_SUCCESS) { goto clean_up;; } const uint64_t file_size = get_file_size(file_in); if (file_size == UINT64_MAX) { FPUTS(T("I/O error: Failed to determine size of input file!\n\n"), stderr); goto clean_up; } else if (file_size < 1U) { FPUTS(T("Error: Input file is empty or an unsupported type!\n\n"), stderr); goto clean_up; } FPUTS(T("Encrypting file contents, please be patient... "), stderr); fflush(stderr); uint64_t nonce; if (slunkcrypt_generate_nonce(&nonce) != SLUNKCRYPT_SUCCESS) { FPUTS(T("\n\nSlunkCrypt error: Failed to generate nonce!\n\n"), stderr); goto clean_up; } ctx = slunkcrypt_alloc(nonce, (const uint8_t*)passphrase, strlen(passphrase)); if (!ctx) { FPUTS(g_slunkcrypt_abort_flag ? T("\n\nProcess interrupted!\n\n") : T("\n\nSlunkCrypt error: Failed to initialize encryption!\n\n"), stderr); goto clean_up; } nonce = swap_bytes_u64(nonce); if (fwrite(&nonce, sizeof(uint64_t), 1U, file_out) < 1U) { FPUTS(T("\n\nI/O error: Failed to write nonce value!\n\n"), stderr); goto clean_up; } clock_t clk_now, clk_update = clock(); uint64_t crc_actual = CRC_INITIALIZER, bytes_read = 0U; uint8_t buffer[BUFFER_SIZE]; FPRINTF(stderr, T("%5.1f%% "), 0.0); fflush(stderr); while (bytes_read < file_size) { const uint64_t bytes_remaining = file_size - bytes_read; const size_t request_len = (bytes_remaining < BUFFER_SIZE) ? ((size_t)bytes_remaining) : BUFFER_SIZE; const size_t count = fread(buffer, sizeof(uint8_t), request_len, file_in); if (count > 0U) { crc_actual = crc64_update(crc_actual, buffer, count); bytes_read += count; const int status = slunkcrypt_encrypt_inplace(ctx, buffer, count); if (status != SLUNKCRYPT_SUCCESS) { FPUTS((status == SLUNKCRYPT_ABORTED) ? T("\n\nProcess interrupted!\n\n") : T("\n\nSlunkCrypt error: Failed to encrypt data!\n\n"), stderr); goto clean_up; } if (fwrite(buffer, sizeof(uint8_t), count, file_out) < count) { FPUTS(T("\n\nI/O error: Failed to write encrypted data!\n\n"), stderr); goto clean_up; } } if (count < request_len) { break; /*EOF*/ } if ((clk_now = clock()) - clk_update > CLOCKS_PER_SEC) { FPRINTF(stderr, T("\b\b\b\b\b\b\b%5.1f%% "), (bytes_read / ((double)file_size)) * 100.0); fflush(stderr); clk_update = clk_now; } } if (ferror(file_in)) { FPUTS(T("\n\nI/O error: Failed to read input data!\n\n"), stderr); goto clean_up; } if (bytes_read < file_size) { FPUTS(T("\n\nI/O error: Input file could not be fully read!\n\n"), stderr); goto clean_up; } crc_actual = swap_bytes_u64(crc64_finish(crc_actual)); const int status = slunkcrypt_encrypt_inplace(ctx, (uint8_t*)&crc_actual, sizeof(uint64_t)); if (status != SLUNKCRYPT_SUCCESS) { FPUTS((status == SLUNKCRYPT_ABORTED) ? T("\n\nProcess interrupted!\n\n") : T("\n\nSlunkCrypt error: Failed to encrypt checksum!\n\n"), stderr); goto clean_up; } if (fwrite(&crc_actual, sizeof(uint64_t), 1U, file_out) < 1U) { FPUTS(T("\n\nI/O error: Failed to write CRC checksum!\n\n"), stderr); goto clean_up; } FPRINTF(stderr, T("\b\b\b\b\b\b\b%5.1f%%\n\n"), 100.0); fflush(stderr); result = EXIT_SUCCESS; FPUTS(T("All is done.\n\n"), stderr); fflush(stderr); clean_up: if (ctx) { slunkcrypt_free(ctx); } if (file_out) { fclose(file_out); } if (file_in) { fclose(file_in); } return result; } // ========================================================================== // Decrypt // ========================================================================== static int decrypt(const char* const passphrase, const CHR* const input_path, const CHR* const output_path) { slunkcrypt_t ctx = SLUNKCRYPT_NULL; FILE *file_in = NULL, *file_out = NULL; int result = EXIT_FAILURE; if (open_files(&file_in, &file_out, input_path, output_path) != EXIT_SUCCESS) { goto clean_up; } const uint64_t file_size = get_file_size(file_in); if (file_size == UINT64_MAX) { FPUTS(T("I/O error: Failed to determine size of input file!\n\n"), stderr); goto clean_up; } else if (file_size < 16U) { FPUTS(T("Error: Input file is too small! Truncated?\n\n"), stderr); goto clean_up; } FPUTS(T("Decrypting file contents, please be patient... "), stderr); fflush(stderr); uint64_t nonce; if (fread(&nonce, sizeof(uint64_t), 1U, file_in) < 1U) { FPUTS(T("\n\nI/O error: Failed to read nonce value!\n\n"), stderr); goto clean_up; } ctx = slunkcrypt_alloc(swap_bytes_u64(nonce), (const uint8_t*)passphrase, strlen(passphrase)); if (!ctx) { FPUTS(g_slunkcrypt_abort_flag ? T("\n\nProcess interrupted!\n\n") : T("\n\nSlunkCrypt error: Failed to initialize decryption!\n\n"), stderr); goto clean_up; } clock_t clk_now, clk_update = clock(); uint64_t crc_actual = CRC_INITIALIZER, bytes_read = sizeof(uint64_t); uint8_t buffer[BUFFER_SIZE]; const uint64_t read_limit = file_size - sizeof(uint64_t); FPRINTF(stderr, T("%5.1f%% "), 0.0); fflush(stderr); while (bytes_read < read_limit) { const uint64_t bytes_remaining = read_limit - bytes_read; const size_t request_len = (bytes_remaining < BUFFER_SIZE) ? ((size_t)bytes_remaining) : BUFFER_SIZE; const size_t count = fread(buffer, sizeof(uint8_t), request_len, file_in); if (count > 0U) { bytes_read += count; const int status = slunkcrypt_decrypt_inplace(ctx, buffer, count); if (status != SLUNKCRYPT_SUCCESS) { FPUTS((status == SLUNKCRYPT_ABORTED) ? T("\n\nProcess interrupted!\n\n") : T("\n\nSlunkCrypt error: Failed to decrypt data!\n\n"), stderr); goto clean_up; } crc_actual = crc64_update(crc_actual, buffer, count); if (fwrite(buffer, sizeof(uint8_t), count, file_out) < count) { FPUTS(T("failed!\n\nI/O error: Failed to write decrypted data!\n\n"), stderr); goto clean_up; } } if (count < request_len) { break; /*EOF*/ } if ((clk_now = clock()) - clk_update > CLOCKS_PER_SEC) { FPRINTF(stderr, T("\b\b\b\b\b\b\b%5.1f%% "), (bytes_read / ((double)read_limit)) * 100.0); fflush(stderr); clk_update = clk_now; } } if (ferror(file_in)) { FPUTS(T("\n\nI/O error: Failed to read input data!\n\n"), stderr); goto clean_up; } if (bytes_read < read_limit) { FPUTS(T("\n\nI/O error: Input file could not be fully read!\n\n"), stderr); goto clean_up; } crc_actual = crc64_finish(crc_actual); uint64_t crc_expected; if (fread(&crc_expected, sizeof(uint64_t), 1U, file_in) < 1U) { FPUTS(T("\n\nI/O error: Failed to read CRC checksum!\n\n"), stderr); goto clean_up; } const int status = slunkcrypt_decrypt_inplace(ctx, (uint8_t*)&crc_expected, sizeof(uint64_t)); if (status != SLUNKCRYPT_SUCCESS) { FPUTS((status == SLUNKCRYPT_ABORTED) ? T("\n\nProcess interrupted!\n\n") : T("\n\nSlunkCrypt error: Failed to decrypt checksum!\n\n"), stderr); goto clean_up; } crc_expected = swap_bytes_u64(crc_expected); FPRINTF(stderr, T("\b\b\b\b\b\b\b%5.1f%%\n\n"), 100.0); fflush(stderr); if (crc_actual != crc_expected) { FPRINTF(stderr, T("CRC error: Checksum mismatch detected! [expected: 0x%016") T(PRIX64) T(", actual: 0x%016") T(PRIX64) T("]\n\n"), crc_expected, crc_actual); FPUTS(T("Wrong passphrase or corrupted file?\n\n"), stderr); goto clean_up; } result = EXIT_SUCCESS; FPUTS(T("CRC checksum is correct.\n\n"), stderr); fflush(stderr); clean_up: if (ctx) { slunkcrypt_free(ctx); } if (file_out) { fclose(file_out); } if (file_in) { fclose(file_in); } return result; } // ========================================================================== // Self-test // ========================================================================== static int run_test_case(const char *const message, const uint64_t checksum) { static const char* const passphrase = "OrpheanBeh0lderScry!Doubt"; int status, result = EXIT_FAILURE; const size_t length = strlen(message) + 1U; slunkcrypt_t ctx = SLUNKCRYPT_NULL; uint64_t nonce; if (slunkcrypt_generate_nonce(&nonce) != SLUNKCRYPT_SUCCESS) { FPUTS(T("\n\nWhoops: Failed to generate nonce!\n\n"), stderr); return EXIT_FAILURE; } char* const text_temp = strdup(message); if (!text_temp) { FPUTS(T("\n\nWhoops: Failed to allocate text buffer!\n\n"), stderr); goto clean_up; } const uint64_t crc_original = crc64_finish(crc64_update(CRC_INITIALIZER, (uint8_t*)text_temp, length)); if (crc_original != checksum) { FPRINTF(stderr, T("\n\nWhoops: Checksum mismatch detected! [expected: 0x%016") T(PRIX64) T(", actual: 0x%016") T(PRIX64) T("]\n\n"), checksum, crc_original); goto clean_up; } ctx = slunkcrypt_alloc(nonce, (const uint8_t*)passphrase, strlen(passphrase)); if (!ctx) { FPUTS(g_slunkcrypt_abort_flag ? T("\n\nProcess interrupted!\n\n") : T("\n\nWhoops: Failed to initialize encoder!\n\n"), stderr); goto clean_up; } status = slunkcrypt_encrypt_inplace(ctx, (uint8_t*)text_temp, length); if (status != SLUNKCRYPT_SUCCESS) { FPUTS((status == SLUNKCRYPT_ABORTED) ? T("\n\nProcess interrupted!\n\n") : T("\n\nWhoops: Failed to encrypt the message!\n\n"), stderr); goto clean_up; } if (strncmp(message, text_temp, length) == 0) { FPUTS(T("\n\nWhoops: Encrypted message equals the original message!\n\n"), stderr); goto clean_up; } status = slunkcrypt_reset(ctx, nonce, (const uint8_t*)passphrase, strlen(passphrase)); if (status != SLUNKCRYPT_SUCCESS) { FPUTS((status == SLUNKCRYPT_ABORTED) ? T("\n\nProcess interrupted!\n\n") : T("\n\nWhoops: Failed to initialize decoder!\n\n"), stderr); goto clean_up; } status = slunkcrypt_decrypt_inplace(ctx, (uint8_t*)text_temp, length); if (status != SLUNKCRYPT_SUCCESS) { FPUTS((status == SLUNKCRYPT_ABORTED) ? T("\n\nProcess interrupted!\n\n") : T("\n\nWhoops: Failed to decrypt the message!\n\n"), stderr); goto clean_up; } if (memcmp(message, text_temp, length * sizeof(char)) != 0) { FPUTS(T("\n\nWhoops: Decrypted message does *not* match the original message!\n\n"), stderr); goto clean_up; } const uint64_t crc_decrypted = crc64_finish(crc64_update(CRC_INITIALIZER, (uint8_t*)text_temp, length)); if (crc_decrypted != crc_original) { FPRINTF(stderr, T("\n\nWhoops: Checksum mismatch detected! [expected: 0x%016") T(PRIX64) T(", actual: 0x%016") T(PRIX64) T("]\n\n"), crc_original, crc_decrypted); goto clean_up; } result = EXIT_SUCCESS; clean_up: if (ctx) { slunkcrypt_free(ctx); } if (text_temp) { slunkcrypt_bzero(text_temp, strlen(text_temp)); free(text_temp); } return result; } static int run_self_test(void) { static const size_t total = 32U; const char* const test_data[] = { TEST_DATA_0, TEST_DATA_1, TEST_DATA_2, TEST_DATA_3, NULL }; const uint64_t test_chck[] = { TEST_CHCK_0, TEST_CHCK_1, TEST_CHCK_2, TEST_CHCK_3, 0x00 }; size_t completed = 0U; FPRINTF(stderr, T("Self-test is running, please be patient... %2u/%2u "), (unsigned int)completed, (unsigned int)total); fflush(stderr); for (size_t i = 0U; i < 8U; ++i) { for (size_t j = 0U; test_data[j]; ++j) { FPRINTF(stderr, T("\b\b\b\b\b\b%2u/%2u "), (unsigned int)++completed, (unsigned int)total); fflush(stderr); if (run_test_case(test_data[j], test_chck[j]) != EXIT_SUCCESS) { return EXIT_FAILURE; } } } FPRINTF(stderr, T("\b\b\b\b\b\b%2u/%2u\n\nCompleted successfully.\n\n"), (unsigned int)total, (unsigned int)total); fflush(stderr); return EXIT_SUCCESS; } // ========================================================================== // Main function // ========================================================================== int MAIN(const int argc, CHR *const argv[]) { init_terminal(); setup_signal_handler(SIGINT, sigint_handler); int result = EXIT_FAILURE; char *passphrase_buffer = NULL; FPRINTF(stderr, T("SlunkCrypt Utility (%") T(PRIstr) T("-%") T(PRIstr) T("), by LoRd_MuldeR \n"), OS_TYPE, CPU_ARCH); FPRINTF(stderr, T("Using libSlunkCrypt v%u.%u.%u [%") T(PRIstr) T("]\n\n"), SLUNKCRYPT_VERSION_MAJOR, SLUNKCRYPT_VERSION_MINOR, SLUNKCRYPT_VERSION_PATCH, SLUNKCRYPT_BUILD); /* ----------------------------------------------------- */ /* Parse arguments */ /* ----------------------------------------------------- */ if (argc < 2) { FPRINTF(stderr, T("Error: Nothing to do. Please type '%") T(PRISTR) T(" --help' for details!\n\n"), get_file_name(argv[0U])); goto clean_up; } const int mode = parse_mode(argv[1U]); switch (mode) { case SLUNK_MODE_HELP: print_manpage(get_file_name(argv[0U])); case SLUNK_MODE_VERS: result = EXIT_SUCCESS; goto clean_up; case SLUNK_MODE_TEST: result = run_self_test(); goto clean_up; } if (argc < 4) { FPRINTF(stderr, T("Error: Required argument is missing. Please type '%") T(PRISTR) T(" --help' for details!\n\n"), get_file_name(argv[0U])); goto clean_up; } const CHR* const passphrase = (argc > 4) ? argv[2U] : GETENV(ENVV_PASSWD_NAME); const CHR* const input_file = argv[(argc > 4) ? 3U : 2U], * const output_file = argv[(argc > 4) ? 4U : 3U]; if ((!passphrase) || (!passphrase[0U]) || (((passphrase[0U] == T('@')) || (passphrase[0U] == T(':'))) && (!passphrase[1U]))) { FPUTS(T("Error: The specified passphrase must not be empty!\n\n"), stderr); goto clean_up; } if ((!input_file[0U]) || (!output_file[0U])) { FPUTS(T("Error: The input file and/or output file must not be empty!\n\n"), stderr); goto clean_up; } /* ----------------------------------------------------- */ /* Initialize passphrase */ /* ----------------------------------------------------- */ passphrase_buffer = (passphrase[0U] == T('@')) ? read_passphrase(passphrase + 1U) : CHR_to_utf8((passphrase[0U] == T(':')) ? (passphrase + 1U) : passphrase); if (!passphrase_buffer) { FPUTS(T("Error: Failed to read the passphrase!\n\n"), stderr); goto clean_up; } slunkcrypt_bzero((CHR*)passphrase, STRLEN(passphrase) * sizeof(CHR)); const size_t passphrase_len = strlen(passphrase_buffer); if (passphrase_len < SLUNKCRYPT_PWDLEN_MIN) { FPRINTF(stderr, T("Error: Passphrase must be at least %") T(PRIu64) T(" characters in length!\n\n"), (uint64_t)SLUNKCRYPT_PWDLEN_MIN); goto clean_up; } else if (passphrase_len > SLUNKCRYPT_PWDLEN_MAX) { FPRINTF(stderr, T("Error: Passphrase must be at most %") T(PRIu64) T(" characters in length!\n\n"), (uint64_t)SLUNKCRYPT_PWDLEN_MAX); goto clean_up; } if (passphrase_len < 12U) { FPUTS(T("Warning: Using a *short* passphrase; a length of 12 characters or more is recommended!\n\n"), stderr); } else if (weak_passphrase(passphrase_buffer)) { FPUTS(T("Warning: Using a *weak* passphrase; a mix of upper-case letters, lower-case letters, digits and 'special' characters is recommended!\n\n"), stderr); } /* ----------------------------------------------------- */ /* Encrypt or decrypt */ /* ----------------------------------------------------- */ const clock_t clk_start = clock(); switch (mode) { case SLUNK_MODE_ENCR: result = encrypt(passphrase_buffer, input_file, output_file); break; case SLUNK_MODE_DECR: result = decrypt(passphrase_buffer, input_file, output_file); break; default: FPUTS(T("Unexpected mode encountered!\n\n"), stderr); } if (!g_slunkcrypt_abort_flag) { FPUTS(T("--------\n\n"), stderr); fflush(stderr); const clock_t clk_end = clock(); FPRINTF(stderr, T("Operation completed after %.1f seconds.\n\n"), (clk_end - clk_start) / ((double)CLOCKS_PER_SEC)); } /* ----------------------------------------------------- */ /* Final clean-up */ /* ----------------------------------------------------- */ clean_up: if (passphrase_buffer) { slunkcrypt_bzero(passphrase_buffer, strlen(passphrase_buffer)); free(passphrase_buffer); } return result; } #if defined(_WIN32) && defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR) void __wgetmainargs(int*, wchar_t***, wchar_t***, int, int*); int main() { wchar_t** enpv, ** argv; int argc, si = 0; __wgetmainargs(&argc, &argv, &enpv, 1, &si); return wmain(argc, argv); } #endif