initial commit

[authenticator.git] / authenticator.c

/* Copyright 2015 Jann Horn <jann@thejh.net>.
 * See LICENSE for license information.
 */

#define _GNU_SOURCE
#include <assert.h>
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>
#include <string.h> /* GNU basename */
#include <openssl/sha.h>
#include <openssl/rand.h>

#define eprintf(...) fprintf(stderr, __VA_ARGS__)

#define SALT_BITS 14
#define SALT_MASK 0x00003fffU /* lowest 14 bits */
#define HASH_MASK 0x00ffc000U /* next 10 bits */

void base64_encode(uint32_t n, char out[5]);
uint32_t base64_decode(char *in);

static void openssl_failure(void) {
  eprintf("OpenSSL internal failure\n");
  exit(3);
}

static uint32_t gen_authenticator(char *path, uint16_t salt) {
  SHA256_CTX ctx;
  if (!SHA256_Init(&ctx)) openssl_failure();

  /* append the filename including the terminating nullbyte to prevent
   * ambiguity regarding where the filename ends */
  char *name = basename(path);
  if (!SHA256_Update(&ctx, name, strlen(name)+1)) openssl_failure();

  FILE *f = fopen(path, "r");
  if (!f) {
    perror("unable to open input file");
    exit(1);
  }
  char buf[20000];
  size_t len;
  while ((len = fread(buf, 1, sizeof(buf), f)) > 0) {
    if (!SHA256_Update(&ctx, buf, len)) openssl_failure();
  }
  if (!feof(f) || ferror(f)) {
    eprintf("error occured while reading input file");
    exit(1);
  }
  fclose(f);

  if (!SHA256_Update(&ctx, &salt, sizeof(salt))) openssl_failure();

  unsigned char digest[SHA256_DIGEST_LENGTH];
  if (!SHA256_Final(digest, &ctx)) openssl_failure();

  uint32_t authenticator = salt;
  authenticator |= (digest[0] << SALT_BITS | digest[1] << (SALT_BITS+8)) & HASH_MASK;
  return authenticator;
}

static void chop(char *str) {
  if (*str == '\0') return;
  char *p = str + strlen(str) - 1;
  while (p >= str && (*p == '\r' || *p == '\n')) {
    *p = '\0';
    p--;
  }
}

#define RED "\x1b[0;31m"
#define GREEN "\x1b[0;32m"
#define RESET "\x1b[0m"

int main(int argc, char **argv) {
  if (argc != 3) {
usage:
    eprintf("bad invocation. usage:\n"
            "%s <gen | verify> <path>\n", argv[0]);
    return 2;
  }

  /* 4 bytes base64, 1 byte null, rest trailing garbage from fgets */
  char b64_authenticator[30];

  if (strcmp(argv[1], "gen") == 0) {
    uint16_t salt;
    if (RAND_bytes((unsigned char*)&salt, sizeof(salt)) != 1) openssl_failure();
    salt &= SALT_MASK;
    uint32_t authenticator = gen_authenticator(argv[2], salt);
    base64_encode(authenticator, b64_authenticator);
    printf("Authenticator generated: \x1b[7m%s\x1b[0m\n", b64_authenticator);
    printf(RED"AFTER"RESET" the recipient confirms that he has received the file,\n"
           "tell him the authenticator code and roughly compare the filename.\n");
  } else if (strcmp(argv[1], "verify") == 0) {
    printf("Please enter the 4-character authenticator: ");
    if (!fgets(b64_authenticator, sizeof(b64_authenticator), stdin)) {
      eprintf("unable to read user input\n");
      return 2;
    }
    chop(b64_authenticator);
    uint32_t authenticator = base64_decode(b64_authenticator);
    if (gen_authenticator(argv[2], authenticator & SALT_MASK) == authenticator) {
      printf("verification "GREEN"SUCCESSFUL"RESET"\n"
             "If the filename of the received file matches\n"
             "the one you expected, everything is fine.\n");
    } else {
      printf("verification "RED"FAILED"RESET"\n"
             "Something nasty might be going on!\n"
             RED"DO NOT RETRANSMIT THE FILE OR LET THE SENDER REGENERATE THE AUTHENTICATOR!"RESET"\n"
             "Because there is a small inherent chance of attacks succeeding against this scheme,\n"
             "retrying might make an attack possible. Find out what happened and, if you think an\n"
             "attack might have happened, switch to normal cryptographic checksums.\n");
      return 1;
    }
  } else {
    goto usage;
  }

  return 0;
}