Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	usr.sbin/smtpd/smtpctl/../crypto.c	Lines:	0	130	0.0 %
Date:	2017-11-07	Branches:	0	92	0.0 %


/* $OpenBSD: crypto.c,v 1.6 2016/09/03 14:42:08 gilles Exp $	 */

/*
 * Copyright (c) 2013 Gilles Chehade <gilles@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/types.h>
#include <sys/stat.h>

#include <stdlib.h>
#include <string.h>

#include <openssl/evp.h>


#define	CRYPTO_BUFFER_SIZE	16384

#define	GCM_TAG_SIZE		16
#define	IV_SIZE			12
#define	KEY_SIZE		32

/* bump if we ever switch from aes-256-gcm to anything else */
#define	API_VERSION    		1


int	crypto_setup(const char *, size_t);
int	crypto_encrypt_file(FILE *, FILE *);
int	crypto_decrypt_file(FILE *, FILE *);
size_t	crypto_encrypt_buffer(const char *, size_t, char *, size_t);
size_t	crypto_decrypt_buffer(const char *, size_t, char *, size_t);

static struct crypto_ctx {
	unsigned char  		key[KEY_SIZE];
} cp;

int
crypto_setup(const char *key, size_t len)
{
	if (len != KEY_SIZE)
		return 0;

	memset(&cp, 0, sizeof cp);

	/* openssl rand -hex 16 */
	memcpy(cp.key, key, sizeof cp.key);

	return 1;
}

int
crypto_encrypt_file(FILE * in, FILE * out)
{
	EVP_CIPHER_CTX	ctx;
	uint8_t		ibuf[CRYPTO_BUFFER_SIZE];
	uint8_t		obuf[CRYPTO_BUFFER_SIZE];
	uint8_t		iv[IV_SIZE];
	uint8_t		tag[GCM_TAG_SIZE];
	uint8_t		version = API_VERSION;
	size_t		r, w;
	int		len;
	int		ret = 0;
	struct stat	sb;

	/* XXX - Do NOT encrypt files bigger than 64GB */
	if (fstat(fileno(in), &sb) < 0)
		return 0;
	if (sb.st_size >= 0x1000000000LL)
		return 0;

	/* prepend version byte*/
	if ((w = fwrite(&version, 1, sizeof version, out)) != sizeof version)
		return 0;

	/* generate and prepend IV */
	memset(iv, 0, sizeof iv);
	arc4random_buf(iv, sizeof iv);
	if ((w = fwrite(iv, 1, sizeof iv, out)) != sizeof iv)
		return 0;

	EVP_CIPHER_CTX_init(&ctx);
	EVP_EncryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);

	/* encrypt until end of file */
	while ((r = fread(ibuf, 1, CRYPTO_BUFFER_SIZE, in)) != 0) {
		if (!EVP_EncryptUpdate(&ctx, obuf, &len, ibuf, r))
			goto end;
		if (len && (w = fwrite(obuf, len, 1, out)) != 1)
			goto end;
	}
	if (!feof(in))
		goto end;

	/* finalize and write last chunk if any */
	if (!EVP_EncryptFinal_ex(&ctx, obuf, &len))
		goto end;
	if (len && (w = fwrite(obuf, len, 1, out)) != 1)
		goto end;

	/* get and append tag */
	EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag);
	if ((w = fwrite(tag, sizeof tag, 1, out)) != 1)
		goto end;

	fflush(out);
	ret = 1;

end:
	EVP_CIPHER_CTX_cleanup(&ctx);
	return ret;
}

int
crypto_decrypt_file(FILE * in, FILE * out)
{
	EVP_CIPHER_CTX	ctx;
	uint8_t		ibuf[CRYPTO_BUFFER_SIZE];
	uint8_t		obuf[CRYPTO_BUFFER_SIZE];
	uint8_t		iv[IV_SIZE];
	uint8_t		tag[GCM_TAG_SIZE];
	uint8_t		version;
	size_t		r, w;
	off_t		sz;
	int		len;
	int		ret = 0;
	struct stat	sb;

	/* input file too small to be an encrypted file */
	if (fstat(fileno(in), &sb) < 0)
		return 0;
	if (sb.st_size <= (off_t) (sizeof version + sizeof tag + sizeof iv))
		return 0;
	sz = sb.st_size;

	/* extract tag */
	if (fseek(in, -sizeof(tag), SEEK_END) == -1)
		return 0;
	if ((r = fread(tag, 1, sizeof tag, in)) != sizeof tag)
		return 0;

	if (fseek(in, 0, SEEK_SET) == -1)
		return 0;

	/* extract version */
	if ((r = fread(&version, 1, sizeof version, in)) != sizeof version)
		return 0;
	if (version != API_VERSION)
		return 0;

	/* extract IV */
	memset(iv, 0, sizeof iv);
	if ((r = fread(iv, 1, sizeof iv, in)) != sizeof iv)
		return 0;

	/* real ciphertext length */
	sz -= sizeof version;
	sz -= sizeof iv;
	sz -= sizeof tag;


	EVP_CIPHER_CTX_init(&ctx);
	EVP_DecryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);

	/* set expected tag */
	EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);

	/* decrypt until end of ciphertext */
	while (sz) {
		if (sz > CRYPTO_BUFFER_SIZE)
			r = fread(ibuf, 1, CRYPTO_BUFFER_SIZE, in);
		else
			r = fread(ibuf, 1, sz, in);
		if (!r)
			break;
		if (!EVP_DecryptUpdate(&ctx, obuf, &len, ibuf, r))
			goto end;
		if (len && (w = fwrite(obuf, len, 1, out)) != 1)
			goto end;
		sz -= r;
	}
	if (ferror(in))
		goto end;

	/* finalize, write last chunk if any and perform authentication check */
	if (!EVP_DecryptFinal_ex(&ctx, obuf, &len))
		goto end;
	if (len && (w = fwrite(obuf, len, 1, out)) != 1)
		goto end;

	fflush(out);
	ret = 1;

end:
	EVP_CIPHER_CTX_cleanup(&ctx);
	return ret;
}

size_t
crypto_encrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen)
{
	EVP_CIPHER_CTX	ctx;
	uint8_t		iv[IV_SIZE];
	uint8_t		tag[GCM_TAG_SIZE];
	uint8_t		version = API_VERSION;
	off_t		sz;
	int		olen;
	int		len = 0;
	int		ret = 0;

	/* output buffer does not have enough room */
	if (outlen < inlen + sizeof version + sizeof tag + sizeof iv)
		return 0;

	/* input should not exceed 64GB */
	sz = inlen;
	if (sz >= 0x1000000000LL)
		return 0;

	/* prepend version */
	*out = version;
	len++;

	/* generate IV */
	memset(iv, 0, sizeof iv);
	arc4random_buf(iv, sizeof iv);
	memcpy(out + len, iv, sizeof iv);
	len += sizeof iv;

	EVP_CIPHER_CTX_init(&ctx);
	EVP_EncryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);

	/* encrypt buffer */
	if (!EVP_EncryptUpdate(&ctx, out + len, &olen, in, inlen))
		goto end;
	len += olen;

	/* finalize and write last chunk if any */
	if (!EVP_EncryptFinal_ex(&ctx, out + len, &olen))
		goto end;
	len += olen;

	/* get and append tag */
	EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag);
	memcpy(out + len, tag, sizeof tag);
	ret = len + sizeof tag;

end:
	EVP_CIPHER_CTX_cleanup(&ctx);
	return ret;
}

size_t
crypto_decrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen)
{
	EVP_CIPHER_CTX	ctx;
	uint8_t		iv[IV_SIZE];
	uint8_t		tag[GCM_TAG_SIZE];
	int		olen;
	int		len = 0;
	int		ret = 0;

	/* out does not have enough room */
	if (outlen < inlen - sizeof tag + sizeof iv)
		return 0;

	/* extract tag */
	memcpy(tag, in + inlen - sizeof tag, sizeof tag);
	inlen -= sizeof tag;

	/* check version */
	if (*in != API_VERSION)
		return 0;
	in++;
	inlen--;

	/* extract IV */
	memset(iv, 0, sizeof iv);
	memcpy(iv, in, sizeof iv);
	inlen -= sizeof iv;
	in += sizeof iv;

	EVP_CIPHER_CTX_init(&ctx);
	EVP_DecryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);

	/* set expected tag */
	EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);

	/* decrypt buffer */
	if (!EVP_DecryptUpdate(&ctx, out, &olen, in, inlen))
		goto end;
	len += olen;

	/* finalize, write last chunk if any and perform authentication check */
	if (!EVP_DecryptFinal_ex(&ctx, out + len, &olen))
		goto end;
	ret = len + olen;

end:
	EVP_CIPHER_CTX_cleanup(&ctx);
	return ret;
}

#if 0
int
main(int argc, char *argv[])
{
	if (argc != 3) {
		printf("usage: crypto <key> <buffer>\n");
		return 1;
	}

	if (!crypto_setup(argv[1], strlen(argv[1]))) {
		printf("crypto_setup failed\n");
		return 1;
	}

	{
		char            encbuffer[4096];
		size_t          enclen;
		char            decbuffer[4096];
		size_t          declen;

		printf("encrypt/decrypt buffer: ");
		enclen = crypto_encrypt_buffer(argv[2], strlen(argv[2]),
					       encbuffer, sizeof encbuffer);

		/* uncomment below to provoke integrity check failure */
		/*
		 * encbuffer[13] = 0x42;
		 * encbuffer[14] = 0x42;
		 * encbuffer[15] = 0x42;
		 * encbuffer[16] = 0x42;
		 */

		declen = crypto_decrypt_buffer(encbuffer, enclen,
					       decbuffer, sizeof decbuffer);
		if (declen != 0 && !strncmp(argv[2], decbuffer, declen))
			printf("ok\n");
		else
			printf("nope\n");
	}

	{
		FILE           *fpin;
		FILE           *fpout;
		printf("encrypt/decrypt file: ");

		fpin = fopen("/etc/passwd", "r");
		fpout = fopen("/tmp/passwd.enc", "w");
		if (!crypto_encrypt_file(fpin, fpout)) {
			printf("encryption failed\n");
			return 1;
		}
		fclose(fpin);
		fclose(fpout);

		/* uncomment below to provoke integrity check failure */
		/*
		 * fpin = fopen("/tmp/passwd.enc", "a");
		 * fprintf(fpin, "borken");
		 * fclose(fpin);
		 */
		fpin = fopen("/tmp/passwd.enc", "r");
		fpout = fopen("/tmp/passwd.dec", "w");
		if (!crypto_decrypt_file(fpin, fpout))
			printf("nope\n");
		else
			printf("ok\n");
		fclose(fpin);
		fclose(fpout);
	}


	return 0;
}
#endif


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: crypto.c,v 1.6 2016/09/03 14:42:08 gilles Exp $ */
2
3			/*
4			* Copyright (c) 2013 Gilles Chehade <gilles@openbsd.org>
5			*
6			* Permission to use, copy, modify, and distribute this software for any
7			* purpose with or without fee is hereby granted, provided that the above
8			* copyright notice and this permission notice appear in all copies.
9			*
10			* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11			* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12			* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13			* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14			* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15			* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16			* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17			*/
18
19			#include <sys/types.h>
20			#include <sys/stat.h>
21
22			#include <stdlib.h>
23			#include <string.h>
24
25			#include <openssl/evp.h>
26
27
28			#define CRYPTO_BUFFER_SIZE 16384
29
30			#define GCM_TAG_SIZE 16
31			#define IV_SIZE 12
32			#define KEY_SIZE 32
33
34			/* bump if we ever switch from aes-256-gcm to anything else */
35			#define API_VERSION 1
36
37
38			int crypto_setup(const char *, size_t);
39			int crypto_encrypt_file(FILE , FILE );
40			int crypto_decrypt_file(FILE , FILE );
41			size_t crypto_encrypt_buffer(const char , size_t, char , size_t);
42			size_t crypto_decrypt_buffer(const char , size_t, char , size_t);
43
44			static struct crypto_ctx {
45			unsigned char key[KEY_SIZE];
46			} cp;
47
48			int
49			crypto_setup(const char *key, size_t len)
50			{
51			if (len != KEY_SIZE)
52			return 0;
53
54			memset(&cp, 0, sizeof cp);
55
56			/* openssl rand -hex 16 */
57			memcpy(cp.key, key, sizeof cp.key);
58
59			return 1;
60			}
61
62			int
63			crypto_encrypt_file(FILE * in, FILE * out)
64			{
65			EVP_CIPHER_CTX ctx;
66			uint8_t ibuf[CRYPTO_BUFFER_SIZE];
67			uint8_t obuf[CRYPTO_BUFFER_SIZE];
68			uint8_t iv[IV_SIZE];
69			uint8_t tag[GCM_TAG_SIZE];
70			uint8_t version = API_VERSION;
71			size_t r, w;
72			int len;
73			int ret = 0;
74			struct stat sb;
75
76			/* XXX - Do NOT encrypt files bigger than 64GB */
77			if (fstat(fileno(in), &sb) < 0)
78			return 0;
79			if (sb.st_size >= 0x1000000000LL)
80			return 0;
81
82			/* prepend version byte*/
83			if ((w = fwrite(&version, 1, sizeof version, out)) != sizeof version)
84			return 0;
85
86			/* generate and prepend IV */
87			memset(iv, 0, sizeof iv);
88			arc4random_buf(iv, sizeof iv);
89			if ((w = fwrite(iv, 1, sizeof iv, out)) != sizeof iv)
90			return 0;
91
92			EVP_CIPHER_CTX_init(&ctx);
93			EVP_EncryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
94
95			/* encrypt until end of file */
96			while ((r = fread(ibuf, 1, CRYPTO_BUFFER_SIZE, in)) != 0) {
97			if (!EVP_EncryptUpdate(&ctx, obuf, &len, ibuf, r))
98			goto end;
99			if (len && (w = fwrite(obuf, len, 1, out)) != 1)
100			goto end;
101			}
102			if (!feof(in))
103			goto end;
104
105			/* finalize and write last chunk if any */
106			if (!EVP_EncryptFinal_ex(&ctx, obuf, &len))
107			goto end;
108			if (len && (w = fwrite(obuf, len, 1, out)) != 1)
109			goto end;
110
111			/* get and append tag */
112			EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag);
113			if ((w = fwrite(tag, sizeof tag, 1, out)) != 1)
114			goto end;
115
116			fflush(out);
117			ret = 1;
118
119			end:
120			EVP_CIPHER_CTX_cleanup(&ctx);
121			return ret;
122			}
123
124			int
125			crypto_decrypt_file(FILE * in, FILE * out)
126			{
127			EVP_CIPHER_CTX ctx;
128			uint8_t ibuf[CRYPTO_BUFFER_SIZE];
129			uint8_t obuf[CRYPTO_BUFFER_SIZE];
130			uint8_t iv[IV_SIZE];
131			uint8_t tag[GCM_TAG_SIZE];
132			uint8_t version;
133			size_t r, w;
134			off_t sz;
135			int len;
136			int ret = 0;
137			struct stat sb;
138
139			/* input file too small to be an encrypted file */
140			if (fstat(fileno(in), &sb) < 0)
141			return 0;
142			if (sb.st_size <= (off_t) (sizeof version + sizeof tag + sizeof iv))
143			return 0;
144			sz = sb.st_size;
145
146			/* extract tag */
147			if (fseek(in, -sizeof(tag), SEEK_END) == -1)
148			return 0;
149			if ((r = fread(tag, 1, sizeof tag, in)) != sizeof tag)
150			return 0;
151
152			if (fseek(in, 0, SEEK_SET) == -1)
153			return 0;
154
155			/* extract version */
156			if ((r = fread(&version, 1, sizeof version, in)) != sizeof version)
157			return 0;
158			if (version != API_VERSION)
159			return 0;
160
161			/* extract IV */
162			memset(iv, 0, sizeof iv);
163			if ((r = fread(iv, 1, sizeof iv, in)) != sizeof iv)
164			return 0;
165
166			/* real ciphertext length */
167			sz -= sizeof version;
168			sz -= sizeof iv;
169			sz -= sizeof tag;
170
171
172			EVP_CIPHER_CTX_init(&ctx);
173			EVP_DecryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
174
175			/* set expected tag */
176			EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);
177
178			/* decrypt until end of ciphertext */
179			while (sz) {
180			if (sz > CRYPTO_BUFFER_SIZE)
181			r = fread(ibuf, 1, CRYPTO_BUFFER_SIZE, in);
182			else
183			r = fread(ibuf, 1, sz, in);
184			if (!r)
185			break;
186			if (!EVP_DecryptUpdate(&ctx, obuf, &len, ibuf, r))
187			goto end;
188			if (len && (w = fwrite(obuf, len, 1, out)) != 1)
189			goto end;
190			sz -= r;
191			}
192			if (ferror(in))
193			goto end;
194
195			/* finalize, write last chunk if any and perform authentication check */
196			if (!EVP_DecryptFinal_ex(&ctx, obuf, &len))
197			goto end;
198			if (len && (w = fwrite(obuf, len, 1, out)) != 1)
199			goto end;
200
201			fflush(out);
202			ret = 1;
203
204			end:
205			EVP_CIPHER_CTX_cleanup(&ctx);
206			return ret;
207			}
208
209			size_t
210			crypto_encrypt_buffer(const char in, size_t inlen, char out, size_t outlen)
211			{
212			EVP_CIPHER_CTX ctx;
213			uint8_t iv[IV_SIZE];
214			uint8_t tag[GCM_TAG_SIZE];
215			uint8_t version = API_VERSION;
216			off_t sz;
217			int olen;
218			int len = 0;
219			int ret = 0;
220
221			/* output buffer does not have enough room */
222			if (outlen < inlen + sizeof version + sizeof tag + sizeof iv)
223			return 0;
224
225			/* input should not exceed 64GB */
226			sz = inlen;
227			if (sz >= 0x1000000000LL)
228			return 0;
229
230			/* prepend version */
231			*out = version;
232			len++;
233
234			/* generate IV */
235			memset(iv, 0, sizeof iv);
236			arc4random_buf(iv, sizeof iv);
237			memcpy(out + len, iv, sizeof iv);
238			len += sizeof iv;
239
240			EVP_CIPHER_CTX_init(&ctx);
241			EVP_EncryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
242
243			/* encrypt buffer */
244			if (!EVP_EncryptUpdate(&ctx, out + len, &olen, in, inlen))
245			goto end;
246			len += olen;
247
248			/* finalize and write last chunk if any */
249			if (!EVP_EncryptFinal_ex(&ctx, out + len, &olen))
250			goto end;
251			len += olen;
252
253			/* get and append tag */
254			EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag);
255			memcpy(out + len, tag, sizeof tag);
256			ret = len + sizeof tag;
257
258			end:
259			EVP_CIPHER_CTX_cleanup(&ctx);
260			return ret;
261			}
262
263			size_t
264			crypto_decrypt_buffer(const char in, size_t inlen, char out, size_t outlen)
265			{
266			EVP_CIPHER_CTX ctx;
267			uint8_t iv[IV_SIZE];
268			uint8_t tag[GCM_TAG_SIZE];
269			int olen;
270			int len = 0;
271			int ret = 0;
272
273			/* out does not have enough room */
274			if (outlen < inlen - sizeof tag + sizeof iv)
275			return 0;
276
277			/* extract tag */
278			memcpy(tag, in + inlen - sizeof tag, sizeof tag);
279			inlen -= sizeof tag;
280
281			/* check version */
282			if (*in != API_VERSION)
283			return 0;
284			in++;
285			inlen--;
286
287			/* extract IV */
288			memset(iv, 0, sizeof iv);
289			memcpy(iv, in, sizeof iv);
290			inlen -= sizeof iv;
291			in += sizeof iv;
292
293			EVP_CIPHER_CTX_init(&ctx);
294			EVP_DecryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
295
296			/* set expected tag */
297			EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);
298
299			/* decrypt buffer */
300			if (!EVP_DecryptUpdate(&ctx, out, &olen, in, inlen))
301			goto end;
302			len += olen;
303
304			/* finalize, write last chunk if any and perform authentication check */
305			if (!EVP_DecryptFinal_ex(&ctx, out + len, &olen))
306			goto end;
307			ret = len + olen;
308
309			end:
310			EVP_CIPHER_CTX_cleanup(&ctx);
311			return ret;
312			}
313
314			#if 0
315			int
316			main(int argc, char *argv[])
317			{
318			if (argc != 3) {
319			printf("usage: crypto <key> <buffer>\n");
320			return 1;
321			}
322
323			if (!crypto_setup(argv[1], strlen(argv[1]))) {
324			printf("crypto_setup failed\n");
325			return 1;
326			}
327
328			{
329			char encbuffer[4096];
330			size_t enclen;
331			char decbuffer[4096];
332			size_t declen;
333
334			printf("encrypt/decrypt buffer: ");
335			enclen = crypto_encrypt_buffer(argv[2], strlen(argv[2]),
336			encbuffer, sizeof encbuffer);
337
338			/* uncomment below to provoke integrity check failure */
339			/*
340			* encbuffer[13] = 0x42;
341			* encbuffer[14] = 0x42;
342			* encbuffer[15] = 0x42;
343			* encbuffer[16] = 0x42;
344			*/
345
346			declen = crypto_decrypt_buffer(encbuffer, enclen,
347			decbuffer, sizeof decbuffer);
348			if (declen != 0 && !strncmp(argv[2], decbuffer, declen))
349			printf("ok\n");
350			else
351			printf("nope\n");
352			}
353
354			{
355			FILE *fpin;
356			FILE *fpout;
357			printf("encrypt/decrypt file: ");
358
359			fpin = fopen("/etc/passwd", "r");
360			fpout = fopen("/tmp/passwd.enc", "w");
361			if (!crypto_encrypt_file(fpin, fpout)) {
362			printf("encryption failed\n");
363			return 1;
364			}
365			fclose(fpin);
366			fclose(fpout);
367
368			/* uncomment below to provoke integrity check failure */
369			/*
370			* fpin = fopen("/tmp/passwd.enc", "a");
371			* fprintf(fpin, "borken");
372			* fclose(fpin);
373			*/
374			fpin = fopen("/tmp/passwd.enc", "r");
375			fpout = fopen("/tmp/passwd.dec", "w");
376			if (!crypto_decrypt_file(fpin, fpout))
377			printf("nope\n");
378			else
379			printf("ok\n");
380			fclose(fpin);
381			fclose(fpout);
382			}
383
384
385			return 0;
386			}
387			#endif