aboutsummaryrefslogtreecommitdiffstats
path: root/src/cli/encryption.cpp
blob: c17b00dbb404576a42e038e6e68109264eba0906 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
/*
* (C) 2015,2017 Simon Warta (Kullo GmbH)
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "cli.h"

#if defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_AEAD_MODES)

#include <botan/aead.h>
#include <botan/hex.h>
#include <sstream>

namespace Botan_CLI {

namespace {

auto VALID_MODES = std::map<std::string, std::string>{
         // Don't add algorithms here without extending tests
         // in `src/scripts/cli_tests.py`
         { "aes-128-cfb", "AES-128/CFB" },
         { "aes-192-cfb", "AES-192/CFB" },
         { "aes-256-cfb", "AES-256/CFB" },
         { "aes-128-gcm", "AES-128/GCM" },
         { "aes-192-gcm", "AES-192/GCM" },
         { "aes-256-gcm", "AES-256/GCM" },
         { "aes-128-ocb", "AES-128/OCB" },
         { "aes-128-xts", "AES-128/XTS" },
         { "aes-256-xts", "AES-256/XTS" },
         { "chacha20poly1305", "ChaCha20Poly1305" },
};

Botan::secure_vector<uint8_t>
do_crypt(const std::string &cipher,
         const std::vector<uint8_t> &input,
         const Botan::SymmetricKey &key,
         const Botan::InitializationVector &iv,
         const std::vector<uint8_t>& ad,
         Botan::Cipher_Dir direction)
   {
   if(iv.size() == 0)
      throw CLI_Usage_Error("IV must not be empty");

   // TODO: implement streaming

   std::unique_ptr<Botan::Cipher_Mode> processor(Botan::get_cipher_mode(cipher, direction));
   if(!processor)
      throw CLI_Error("Cipher algorithm not found");

   // Set key
   processor->set_key(key);

   if(Botan::AEAD_Mode* aead = dynamic_cast<Botan::AEAD_Mode*>(processor.get()))
      {
      aead->set_ad(ad);
      }
   else if(ad.size() != 0)
      {
      throw CLI_Usage_Error("Cannot specify associated data with non-AEAD mode");
      }

   // Set IV
   processor->start(iv.bits_of());

   Botan::secure_vector<uint8_t> buf(input.begin(), input.end());
   processor->finish(buf);

   return buf;
   }

}

class Encryption final : public Command
   {
   public:
      Encryption() : Command("encryption --buf-size=4096 --decrypt --mode= --key= --iv= --ad=") {}

      std::string group() const override
         {
         return "encryption";
         }

      std::string description() const override
         {
         return "Encrypt or decrypt a given file";
         }

      void go() override
         {
         std::string mode = get_arg_or("mode", "");
         if (!VALID_MODES.count(mode))
            {
            std::ostringstream error;
            error << "Invalid mode: '" << mode << "'\n"
                  << "valid modes are:";
            for (auto valid_mode : VALID_MODES) error << " " << valid_mode.first;

            throw CLI_Usage_Error(error.str());
            }

         const std::string key_hex = get_arg("key");
         const std::string iv_hex  = get_arg("iv");
         const std::string ad_hex  = get_arg_or("ad", "");
         const size_t buf_size = get_arg_sz("buf-size");

         const std::vector<uint8_t> input = this->slurp_file("-", buf_size);

         if (verbose())
            {
            error_output() << "Got " << input.size() << " bytes of input data.\n";
            }

         const Botan::SymmetricKey key(key_hex);
         const Botan::InitializationVector iv(iv_hex);
         const std::vector<uint8_t> ad = Botan::hex_decode(ad_hex);

         auto direction = flag_set("decrypt") ? Botan::Cipher_Dir::DECRYPTION : Botan::Cipher_Dir::ENCRYPTION;
         write_output(do_crypt(VALID_MODES[mode], input, key, iv, ad, direction));
         }
   };

BOTAN_REGISTER_COMMAND("encryption", Encryption);

}

#endif