src/cli/cipher.cpp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

/*
* (C) 2015,2017 Simon Warta (Kullo GmbH)
* (C) 2020 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "cli.h"

#if defined(BOTAN_HAS_CIPHER_MODES)

#include <botan/cipher_mode.h>
#include <botan/hex.h>
#include <sstream>

#if defined(BOTAN_HAS_AEAD_MODES)
  #include <botan/aead.h>
#endif

namespace Botan_CLI {

class Cipher final : public Command
   {
   public:
      Cipher() : Command("cipher --cipher=AES-256/GCM --decrypt --key= --nonce= --ad= --buf-size=4096 input-file") {}

      std::string group() const override
         {
         return "crypto";
         }

      std::string description() const override
         {
         return "Encrypt or decrypt with a symmetric cipher";
         }

      void go() override
         {
         const std::string cipher_algo = get_arg_or("cipher", "");
         const std::string key_hex = get_arg("key");
         const std::string nonce_hex  = get_arg("nonce");
         const std::string ad_hex = get_arg_or("ad", "");
         const std::string input_file = get_arg_or("input-file", "-");
         const size_t buf_size = get_arg_sz("buf-size");

         const Botan::SymmetricKey key(key_hex);
         const Botan::InitializationVector nonce(nonce_hex);
         const std::vector<uint8_t> ad = Botan::hex_decode(ad_hex);

         auto direction = flag_set("decrypt") ? Botan::Cipher_Dir::DECRYPTION : Botan::Cipher_Dir::ENCRYPTION;

         auto cipher = Botan::Cipher_Mode::create(cipher_algo, direction);
         if(!cipher)
            throw CLI_Error_Unsupported("Cipher algorithm '" + cipher_algo + "' not available");

         // Set key
         cipher->set_key(key);

         // Set associated data
         if(!ad.empty())
            {
#if defined(BOTAN_HAS_AEAD_MODES)
            if(Botan::AEAD_Mode* aead = dynamic_cast<Botan::AEAD_Mode*>(cipher.get()))
               {
               aead->set_ad(ad);
               }
            else
#endif
               {
               throw CLI_Usage_Error("Cannot specify associated data with non-AEAD mode");
               }
            }

         // Set nonce
         cipher->start(nonce.bits_of());

         const std::vector<uint8_t> input = this->slurp_file(input_file, buf_size);

         Botan::secure_vector<uint8_t> buf(input.begin(), input.end());
         cipher->finish(buf);

         write_output(buf);
         }
   };

BOTAN_REGISTER_COMMAND("cipher", Cipher);

}

#endif