From: Eneas U de Queiroz Date: Fri, 8 Jul 2022 14:08:21 +0000 (-0300) Subject: uencrypt: add package to decrypt WG4хх223 config X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=bc43ad88ed18722c0621fd6dfef0ff68268f4e14;p=openwrt%2Fstaging%2Fnbd.git uencrypt: add package to decrypt WG4хх223 config This adds a simple AES-128-CBC encryption/decryption program using either wolfSSL or OpenSSL as backend to decrypt Arcadyan WG4xx223 configuration partitions. The ipk size is 3,355 bytes. Signed-off-by: Eneas U de Queiroz --- diff --git a/package/utils/uencrypt/Makefile b/package/utils/uencrypt/Makefile new file mode 100644 index 0000000000..77fdf64e0e --- /dev/null +++ b/package/utils/uencrypt/Makefile @@ -0,0 +1,57 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (C) 2022 Eneas Ulir de Queiroz + +include $(TOPDIR)/rules.mk + +PKG_NAME:=uencrypt +PKG_RELEASE:=1 + +PKG_FLAGS:=nonshared +PKG_LICENSE:=GPL-2.0-or-later +PKG_MAINTAINER:=Eneas U de Queiroz +PKG_CONFIG_DEPENDS:=\ + CONFIG_UENCRYPT_OPENSSL \ + CONFIG_UENCRYPT_WOLFSSL + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +CMAKE_INSTALL:=1 +CMAKE_OPTIONS+=$(if $(CONFIG_UENCRYPT_WOLFSSL),-DUSE_WOLFSSL=1) + +define Package/uencrypt + SECTION:=utils + CATEGORY:=Base system + TITLE:=Decryption utility for Arcadyan WG4xx223 + DEPENDS:=@TARGET_ramips_mt7621 +UENCRYPT_WOLFSSL:libwolfssl +UENCRYPT_OPENSSL:libopenssl +endef + +define Package/uencrypt/description + This is a small AES-128-CBC encrypton/decryption program. + Even though it can be used for regular encryption and + decryption operations using AES-128-CBC, it is included + here to unencrypt the configuration from mtd on Arcadyan + WG430223 and WG443223 routers. +endef + +define Package/uencrypt/config + if PACKAGE_uencrypt + choice + prompt "Crypto provider" + default UENCRYPT_WOLFSSL + + config UENCRYPT_OPENSSL + bool "OpenSSL" + + config UENCRYPT_WOLFSSL + bool "wolfSSL" + endchoice + endif +endef + +define Package/uencrypt/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/uencrypt $(1)/usr/bin +endef + +$(eval $(call BuildPackage,uencrypt)) diff --git a/package/utils/uencrypt/src/CMakeLists.txt b/package/utils/uencrypt/src/CMakeLists.txt new file mode 100644 index 0000000000..cd25d2f12f --- /dev/null +++ b/package/utils/uencrypt/src/CMakeLists.txt @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (C) 2022 Eneas Ulir de Queiroz + +cmake_minimum_required(VERSION 2.8.12 FATAL_ERROR) +project(uencrypt LANGUAGES C) + +option(USE_WOLFSSL "Use WolfSSL as crypto provider" OFF) +if (USE_WOLFSSL) + add_definitions(-DUSE_WOLFSSL) + find_library(WOLFSSL_LIBRARY wolfssl REQUIRED) + set(CRYPTO_LIBRARIES ${WOLFSSL_LIBRARY}) +else() + find_package(OpenSSL REQUIRED) + set(CRYPTO_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) +endif() + +add_executable(${PROJECT_NAME} ${PROJECT_NAME}.c) +target_link_libraries(${PROJECT_NAME} ${CRYPTO_LIBRARIES}) + +install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION bin) diff --git a/package/utils/uencrypt/src/uencrypt.c b/package/utils/uencrypt/src/uencrypt.c new file mode 100644 index 0000000000..c4199b057a --- /dev/null +++ b/package/utils/uencrypt/src/uencrypt.c @@ -0,0 +1,117 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later + * Copyright (C) 2022 Eneas Ulir de Queiroz + */ + +#include +#include +#include +#include + +#ifdef USE_WOLFSSL +# include +# include +#else +# include +#endif + +int do_crypt(FILE *infile, FILE *outfile, const char *key, const char *iv, + int enc, int padding) +{ + EVP_CIPHER_CTX *ctx; + unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; + int inlen, outlen; + + ctx = EVP_CIPHER_CTX_new(); + EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv, enc); + EVP_CIPHER_CTX_set_padding(ctx, padding); + + for (;;) { + inlen = fread(inbuf, 1, 1024, infile); + if (inlen <= 0) + break; + if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) { + EVP_CIPHER_CTX_free(ctx); + return -1; + } + fwrite(outbuf, 1, outlen, outfile); + } + if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) { + EVP_CIPHER_CTX_free(ctx); + return -1; + } + fwrite(outbuf, 1, outlen, outfile); + + EVP_CIPHER_CTX_free(ctx); + return 0; +} + +static void check_enc_dec(const int enc) +{ + if (enc == -1) + return; + fprintf(stderr, "Error: both -d and -e were specified.\n"); + exit(EXIT_FAILURE); +} + +static void show_usage(const char* name) +{ + fprintf(stderr, "Usage: %s: [-d | -e] [-n] -k key -i iv\n" + "-d = decrypt; -e = encrypt; -n = no padding\n", name); +} + +int main(int argc, char *argv[]) +{ + int enc = -1; + unsigned char *iv = NULL; + unsigned char *key = NULL; + long len; + int opt; + int padding = 1; + int ret; + + while ((opt = getopt(argc, argv, "dei:k:n")) != -1) { + switch (opt) { + case 'd': + check_enc_dec(enc); + enc = 0; + break; + case 'e': + check_enc_dec(enc); + enc = 1; + break; + case 'i': + iv = OPENSSL_hexstr2buf((const char *)optarg, &len); + if (iv == NULL || len != 16) { + fprintf(stderr, "Error setting IV to %s. The IV should be 16 bytes, encoded in hex.\n", + optarg); + exit(EINVAL); + } + break; + case 'k': + key = OPENSSL_hexstr2buf((const char *)optarg, &len); + if (key == NULL || len != 16) { + fprintf(stderr, "Error setting key to %s. The key should be 16 bytes, encoded in hex.\n", + optarg); + exit(EINVAL); + } + break; + case 'n': + padding = 0; + break; + default: + show_usage(argv[0]); + exit(EINVAL); + } + } + if (iv == NULL || key == NULL) { + fprintf(stderr, "Error: %s not set.\n", key ? "iv" : (iv ? "key" : "key and iv")); + show_usage(argv[0]); + exit(EXIT_FAILURE); + } + ret = do_crypt(stdin, stdout, key, iv, !!enc, padding); + if (ret) + fprintf(stderr, "Error during crypt operation.\n"); + OPENSSL_free(iv); + OPENSSL_free(key); + return ret; +}