Print this page
6418676 encrypt(1) and decrypt(1) could benefit from being 64-bit programs
*** 18,62 ****
*
* CDDL HEADER END
*/
/* Portions Copyright 2005 Richard Lowe */
/*
! * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
! #pragma ident "@(#)decrypt.c 1.13 07/10/04 SMI"
/*
* decrypt.c
*
* Implements encrypt(1) and decrypt(1) commands
*
* One binary performs both encrypt/decrypt operation.
*
! * usage:
! *
! * algorithm - mechanism name without CKM_ prefix. Case
* does not matter
! * keyfile - file containing key data. If not specified user is
* prompted to enter key. key length > 0 is required
! * infile - input file to encrypt/decrypt. If omitted, stdin used.
! * outfile - output file to encrypt/decrypt. If omitted, stdout used.
* if infile & outfile are same, a temp file is used for
* output and infile is replaced with this file after
! * operation is complete.
*
* Implementation notes:
! * iv data - It is generated by random bytes equal to one block size.
*
! * encrypted output format -
* - Output format version number - 4 bytes in network byte order.
* - Iterations used in key gen function, 4 bytes in network byte order.
! * - IV ( 'ivlen' bytes)
* - Salt data used in key gen (16 bytes)
! * - cipher text data.
! *
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
--- 18,64 ----
*
* CDDL HEADER END
*/
/* Portions Copyright 2005 Richard Lowe */
/*
! * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
! #pragma ident "@(#)decrypt.c 1.14 08/04/30 SMI"
/*
* decrypt.c
*
* Implements encrypt(1) and decrypt(1) commands
*
* One binary performs both encrypt/decrypt operation.
*
! * Usage:
! * -a algorithm mechanism name without CKM_ prefix. Case
* does not matter
! * -k keyfile file containing key data. If not specified user is
* prompted to enter key. key length > 0 is required
! * -i infile input file to encrypt/decrypt. If omitted, stdin used.
! * -o outfile output file to encrypt/decrypt. If omitted, stdout used.
* if infile & outfile are same, a temp file is used for
* output and infile is replaced with this file after
! * operation is complete
! * -l Display the list of algorithms
! * -v Display verbose information
! * -T tokenspec Specify a PKCS#11 token (optionally used with -K)
! * -K keylabel Specify the symmetric PKCS#11 token key label
*
* Implementation notes:
! * IV data - It is generated by random bytes equal to one block size.
*
! * Encrypted output format -
* - Output format version number - 4 bytes in network byte order.
* - Iterations used in key gen function, 4 bytes in network byte order.
! * - IV ('ivlen' bytes). Length is algorithm-dependent (see mech_aliases)
* - Salt data used in key gen (16 bytes)
! * - Cipher text data (remainder of the file)
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
*** 163,180 ****
static boolean_t kflag = B_FALSE; /* -k <keyfile> flag */
static boolean_t iflag = B_FALSE; /* -i <infile> flag, use stdin if absent */
static boolean_t oflag = B_FALSE; /* -o <outfile> flag, use stdout if absent */
static boolean_t lflag = B_FALSE; /* -l flag (list) */
static boolean_t vflag = B_FALSE; /* -v flag (verbose) */
! static boolean_t Tflag = B_FALSE;
! static boolean_t Kflag = B_FALSE;
static char *keyfile = NULL; /* name of keyfile */
static char *inputfile = NULL; /* name of input file */
static char *outputfile = NULL; /* name of output file */
! static char *token_label = NULL;
! static char *key_label = NULL;
static int status_pos = 0; /* current position of progress bar element */
/*
* function prototypes
--- 165,182 ----
static boolean_t kflag = B_FALSE; /* -k <keyfile> flag */
static boolean_t iflag = B_FALSE; /* -i <infile> flag, use stdin if absent */
static boolean_t oflag = B_FALSE; /* -o <outfile> flag, use stdout if absent */
static boolean_t lflag = B_FALSE; /* -l flag (list) */
static boolean_t vflag = B_FALSE; /* -v flag (verbose) */
! static boolean_t Tflag = B_FALSE; /* -T flag (tokenspec) */
! static boolean_t Kflag = B_FALSE; /* -K flag (keylabel) */
static char *keyfile = NULL; /* name of keyfile */
static char *inputfile = NULL; /* name of input file */
static char *outputfile = NULL; /* name of output file */
! static char *token_label = NULL; /* name of PKCS#11 token */
! static char *key_label = NULL; /* name of PKCS#11 token key label */
static int status_pos = 0; /* current position of progress bar element */
/*
* function prototypes
*** 196,206 ****
struct CommandInfo *cmd;
char *cmdname; /* name of command */
boolean_t errflag = B_FALSE;
(void) setlocale(LC_ALL, "");
! #if !defined(TEXT_DOMAIN) /* Should be defiend by cc -D */
#define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */
#endif
(void) textdomain(TEXT_DOMAIN);
/*
--- 198,208 ----
struct CommandInfo *cmd;
char *cmdname; /* name of command */
boolean_t errflag = B_FALSE;
(void) setlocale(LC_ALL, "");
! #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
#define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */
#endif
(void) textdomain(TEXT_DOMAIN);
/*
*** 434,446 ****
boolean_t errflag = B_TRUE;
boolean_t inoutsame = B_FALSE; /* if both input & output are same */
CK_BYTE_PTR pivbuf = NULL_PTR;
CK_ULONG ivlen = 0L;
int mech_match = 0;
! CK_ULONG iterations = CK_PKCS5_PBKD2_ITERATIONS;
CK_ULONG keylen;
! int version = SUNW_ENCRYPT_FILE_VERSION;
CK_KEY_TYPE keytype;
KMF_RETURN kmfrv;
CK_SLOT_ID token_slot_id;
if (aflag) {
--- 436,448 ----
boolean_t errflag = B_TRUE;
boolean_t inoutsame = B_FALSE; /* if both input & output are same */
CK_BYTE_PTR pivbuf = NULL_PTR;
CK_ULONG ivlen = 0L;
int mech_match = 0;
! uint32_t iterations = CK_PKCS5_PBKD2_ITERATIONS;
CK_ULONG keylen;
! uint32_t version = SUNW_ENCRYPT_FILE_VERSION;
CK_KEY_TYPE keytype;
KMF_RETURN kmfrv;
CK_SLOT_ID token_slot_id;
if (aflag) {
*** 738,750 ****
switch (version) {
case 1:
/*
* Version 1 output format:
* - Iterations used in key gen function (4 bytes)
! * - IV ( 'ivlen' bytes)
* - Salt data used in key gen (16 bytes)
*
* An encrypted file has IV as first block (0 or
* more bytes depending on mechanism) followed
* by cipher text. Get the IV from the encrypted
* file.
--- 740,754 ----
switch (version) {
case 1:
/*
* Version 1 output format:
+ * - Output format version 1 (4 bytes)
* - Iterations used in key gen function (4 bytes)
! * - IV ('ivlen' bytes). The length algorithm-dependent
* - Salt data used in key gen (16 bytes)
+ * - Cipher text data (remainder of the file)
*
* An encrypted file has IV as first block (0 or
* more bytes depending on mechanism) followed
* by cipher text. Get the IV from the encrypted
* file.
*** 896,907 ****
}
/* Write the version header encrypt command */
if (cmd->type == CKA_ENCRYPT) {
/* convert to network order for storage */
! int netversion = htonl(version);
! CK_ULONG netiter;
if (write(outfd, &netversion, sizeof (netversion))
!= sizeof (netversion)) {
cryptoerror(LOG_STDERR, gettext(
"failed to write version number "
--- 900,911 ----
}
/* Write the version header encrypt command */
if (cmd->type == CKA_ENCRYPT) {
/* convert to network order for storage */
! uint32_t netversion = htonl(version);
! uint32_t netiter;
if (write(outfd, &netversion, sizeof (netversion))
!= sizeof (netversion)) {
cryptoerror(LOG_STDERR, gettext(
"failed to write version number "