From a103eebf6022198174b66353ebc2471622e191e5 Mon Sep 17 00:00:00 2001 From: Andrei Burdulescu Date: Sat, 16 Mar 2024 12:43:38 +0200 Subject: [PATCH] Add SHE commands --- internal/hash/sha.go | 2 +- internal/kdf/pbkdf2.go | 2 +- internal/kem/rsa/cmd/kem.go | 2 +- internal/keygen/aes.go | 2 +- internal/keygen/ed25519.go | 2 +- internal/keygen/rsa.go | 2 +- internal/she/cmd/decode.go | 66 ++++++++++++++++++++++++++++++++ internal/she/cmd/encode.go | 64 +++++++++++++++++++++++++++++++ internal/she/cmd/encode_test.go | 13 +++++++ internal/she/cmd/example.go | 39 +++++++++++++++++++ internal/she/cmd/example.json | 15 ++++++++ internal/she/cmd/example_test.go | 13 +++++++ main.go | 65 +++++++++++++++++++++++++------ 13 files changed, 269 insertions(+), 18 deletions(-) create mode 100644 internal/she/cmd/decode.go create mode 100644 internal/she/cmd/encode.go create mode 100644 internal/she/cmd/encode_test.go create mode 100644 internal/she/cmd/example.go create mode 100644 internal/she/cmd/example.json create mode 100644 internal/she/cmd/example_test.go diff --git a/internal/hash/sha.go b/internal/hash/sha.go index 580d2b8..03c8b11 100644 --- a/internal/hash/sha.go +++ b/internal/hash/sha.go @@ -15,7 +15,7 @@ var ShaCmd = &cmd.Command{ Run: runSha, Brief: "Generate cryptographic hash using SHA", - Usage: `Usage: pocryp hash-sha -alg [-bin] [-in INPUT] [-out OUTPUT] + Usage: `Usage: pocryp sha -alg [-bin] [-in INPUT] [-out OUTPUT] Compute SHA digest of INPUT to OUTPUT. diff --git a/internal/kdf/pbkdf2.go b/internal/kdf/pbkdf2.go index 1f1fa11..f8e1c97 100644 --- a/internal/kdf/pbkdf2.go +++ b/internal/kdf/pbkdf2.go @@ -16,7 +16,7 @@ var Pbkdf2Cmd = &cmd.Command{ Run: runPbkdf2, Brief: "Derive key using PBKDF2", - Usage: `Usage: pocryp kdf-pbkdf2 [-bin] -key|-key-file -salt|-salt-file -iter -len -hash [-out OUTPUT] + Usage: `Usage: pocryp pbkdf2 [-bin] -key|-key-file -salt|-salt-file -iter -len -hash [-out OUTPUT] Derive a new key from the given key using PBKDF2. diff --git a/internal/kem/rsa/cmd/kem.go b/internal/kem/rsa/cmd/kem.go index 1e1c466..4ded365 100644 --- a/internal/kem/rsa/cmd/kem.go +++ b/internal/kem/rsa/cmd/kem.go @@ -20,7 +20,7 @@ var Cmd = &cmd.Command{ Run: run, Brief: "Encapsulate/Decapsulate using RSA-KEM", - Usage: `Usage: pocryp kem-rsa [-bin] [-e/-d] -key [-in INPUT] [-out OUTPUT] + Usage: `Usage: pocryp rsa-kem [-bin] [-e/-d] -key [-in INPUT] [-out OUTPUT] Encapsulate/Decapsulate INPUT to OUTPUT using RSA-KEM. diff --git a/internal/keygen/aes.go b/internal/keygen/aes.go index c22634b..032e2b9 100644 --- a/internal/keygen/aes.go +++ b/internal/keygen/aes.go @@ -14,7 +14,7 @@ var AesCmd = &cmd.Command{ Run: runAes, Brief: "Generate AES key", - Usage: `Usage: pocryp gen-aes [-out OUTPUT] [-bin] NUM_BITS + Usage: `Usage: pocryp aes-keygen [-out OUTPUT] [-bin] NUM_BITS Generate AES key. Valid NUM_BITS: 128, 192, 256. diff --git a/internal/keygen/ed25519.go b/internal/keygen/ed25519.go index c2fe325..61449e9 100644 --- a/internal/keygen/ed25519.go +++ b/internal/keygen/ed25519.go @@ -12,7 +12,7 @@ var Ed25519Cmd = &cmd.Command{ Run: runEd25519, Brief: "Generate ED25519 key", - Usage: `Usage: pocryp gen-ed25519 [-out OUTPUT] [-bin] + Usage: `Usage: pocryp ed25519-keygen [-out OUTPUT] [-bin] Generate ED25519 key. diff --git a/internal/keygen/rsa.go b/internal/keygen/rsa.go index e80f215..7217bd4 100644 --- a/internal/keygen/rsa.go +++ b/internal/keygen/rsa.go @@ -17,7 +17,7 @@ var RsaCmd = &cmd.Command{ Run: runRsa, Brief: "Generate RSA key", - Usage: `Usage: pocryp gen-rsa [-out OUTPUT] NUM_BITS + Usage: `Usage: pocryp rsa-keygen [-out OUTPUT] NUM_BITS Generate RSA key. Valid NUM_BITS: 2048, 3072, 4096. diff --git a/internal/she/cmd/decode.go b/internal/she/cmd/decode.go new file mode 100644 index 0000000..0f7616a --- /dev/null +++ b/internal/she/cmd/decode.go @@ -0,0 +1,66 @@ +package cmd + +import ( + "encoding/hex" + "encoding/json" + "fmt" + "io" + "os" + "strings" + + "bandr.me/p/pocryp/internal/cli/cmd" + "bandr.me/p/pocryp/internal/she/mup" +) + +var DecodeCmd = &cmd.Command{ + Name: "she-decode", + Run: runDecode, + Brief: "Decode M1,M2,M3,M4,M5 to JSON input", + + Usage: `Usage: pocryp she-decode [hex_string] + +Decode the M1,M2,M3,M4,M5 given as a hex string to its JSON form. +If no argument given, stdin will be read. +`, +} + +func runDecode(cmd *cmd.Command) error { + keyHex := cmd.Flags.String("key", "", "Secret key as hex") + + if err := cmd.Parse(); err != nil { + return err + } + + input := cmd.Flags.Arg(0) + if cmd.Flags.NArg() == 0 { + data, err := io.ReadAll(os.Stdin) + if err != nil { + return fmt.Errorf("failed to read stdin: %w", err) + } + input = string(data) + } + input = strings.NewReplacer(" ", "", "\t", "", "\r", "", "\n", "").Replace(input) + + key, err := hex.DecodeString(*keyHex) + if err != nil { + return fmt.Errorf("failed to decode key: %w", err) + } + if len(key) != 16 { + return fmt.Errorf("invalid key size: %d", len(key)) + } + + m1m2m3, err := hex.DecodeString(input) + if err != nil { + return fmt.Errorf("failed to decode input: %w", err) + } + + result, err := mup.Decode(m1m2m3, key) + if err != nil { + return err + } + + enc := json.NewEncoder(os.Stdout) + enc.SetIndent("", " ") + + return enc.Encode(result) +} diff --git a/internal/she/cmd/encode.go b/internal/she/cmd/encode.go new file mode 100644 index 0000000..ad13c3d --- /dev/null +++ b/internal/she/cmd/encode.go @@ -0,0 +1,64 @@ +package cmd + +import ( + "encoding/hex" + "encoding/json" + "fmt" + "os" + + "bandr.me/p/pocryp/internal/cli/cmd" + "bandr.me/p/pocryp/internal/she/mup" +) + +var EncodeCmd = &cmd.Command{ + Name: "she-encode", + Run: runEncode, + Brief: "Encode JSON input to M1,M2,M3,M4,M5", + + Usage: `Usage: pocryp she-encode [input.json] + +Encode the given JSON input file to M1,M2,M3,M4,M5. +If no argument given, stdin will be read. +`, +} + +func runEncode(cmd *cmd.Command) error { + oneLine := cmd.Flags.Bool("l", false, "Print everything on one line") + + if err := cmd.Parse(); err != nil { + return err + } + + inFile := os.Stdin + if cmd.Flags.NArg() > 0 { + f, err := os.Open(cmd.Flags.Arg(0)) + if err != nil { + return err + } + defer f.Close() + inFile = f + } + + var input mup.Input + if err := json.NewDecoder(inFile).Decode(&input); err != nil { + return err + } + + result, err := input.Encode() + if err != nil { + return err + } + + if *oneLine { + fmt.Println(hex.EncodeToString(result[:])) + } else { + m1, m2, m3, m4, m5 := mup.SliceMs(result) + fmt.Println(hex.EncodeToString(m1)) + fmt.Println(hex.EncodeToString(m2)) + fmt.Println(hex.EncodeToString(m3)) + fmt.Println(hex.EncodeToString(m4)) + fmt.Println(hex.EncodeToString(m5)) + } + + return nil +} diff --git a/internal/she/cmd/encode_test.go b/internal/she/cmd/encode_test.go new file mode 100644 index 0000000..bb41b73 --- /dev/null +++ b/internal/she/cmd/encode_test.go @@ -0,0 +1,13 @@ +package cmd + +import ( + "testing" +) + +func TestEncode(t *testing.T) { + EncodeCmd.Args = []string{"-foo"} + EncodeCmd.Init() + if err := runEncode(EncodeCmd); err == nil { + t.Fatal("expected error") + } +} diff --git a/internal/she/cmd/example.go b/internal/she/cmd/example.go new file mode 100644 index 0000000..07ce889 --- /dev/null +++ b/internal/she/cmd/example.go @@ -0,0 +1,39 @@ +package cmd + +import ( + "encoding/json" + "os" + + "bandr.me/p/pocryp/internal/cli/cmd" + "bandr.me/p/pocryp/internal/she/mup" +) + +var ExampleCmd = &cmd.Command{ + Name: "she-example", + Run: runExample, + Brief: "Print example JSON input", + + Usage: `Usage: pocryp she-example + +Print example JSON input to stdout. +`, +} + +func runExample(cmd *cmd.Command) error { + if err := cmd.Parse(); err != nil { + return err + } + + enc := json.NewEncoder(os.Stdout) + enc.SetIndent("", " ") + + input := mup.Input{ + UID: "000000000000000000000000000000", + ID: 0, + AuthID: 0, + AuthKey: "00000000000000000000000000000000", + NewKey: "00000000000000000000000000000000", + } + + return enc.Encode(input) +} diff --git a/internal/she/cmd/example.json b/internal/she/cmd/example.json new file mode 100644 index 0000000..42f2cf5 --- /dev/null +++ b/internal/she/cmd/example.json @@ -0,0 +1,15 @@ +{ + "UID": "000000000000000000000000000001", + "AuthID": 1, + "AuthKey": "000102030405060708090a0b0c0d0e0f", + "ID": 4, + "NewKey": "0f0e0d0c0b0a09080706050403020100", + "Counter": 1, + "Flags": { + "Write": false, + "Boot": false, + "Debugger": false, + "KeyUsage": false, + "Wildcard": false + } +} diff --git a/internal/she/cmd/example_test.go b/internal/she/cmd/example_test.go new file mode 100644 index 0000000..878bb87 --- /dev/null +++ b/internal/she/cmd/example_test.go @@ -0,0 +1,13 @@ +package cmd + +import ( + "testing" +) + +func TestExample(t *testing.T) { + ExampleCmd.Args = []string{"-foo"} + ExampleCmd.Init() + if err := runExample(ExampleCmd); err == nil { + t.Fatal("expected error") + } +} diff --git a/main.go b/main.go index bddd38d..624827a 100644 --- a/main.go +++ b/main.go @@ -13,34 +13,75 @@ import ( encoding_rsa "bandr.me/p/pocryp/internal/encoding/rsa" kem_rsa "bandr.me/p/pocryp/internal/kem/rsa/cmd" keywrap_aes "bandr.me/p/pocryp/internal/keywrap/aes/cmd" + she "bandr.me/p/pocryp/internal/she/cmd" ) func main() { var a cli.App - a.Add("Key Generation", keygen.AesCmd, keygen.RsaCmd, keygen.Ed25519Cmd) + a.Add( + "Key Generation", + keygen.AesCmd, + keygen.RsaCmd, + keygen.Ed25519Cmd, + ) - a.Add("Key Encoding", + a.Add( + "Key Encoding", encoding_rsa.Priv2PubCmd, - encoding_rsa.Raw2DerCmd, encoding_rsa.Der2RawCmd, - encoding_rsa.Pem2DerCmd, encoding_rsa.Der2PemCmd, + encoding_rsa.Raw2DerCmd, + encoding_rsa.Der2RawCmd, + encoding_rsa.Pem2DerCmd, + encoding_rsa.Der2PemCmd, ) - a.Add("Block Cipher", aes.EcbCmd) + a.Add( + "Block Cipher", + aes.EcbCmd, + ) - a.Add("Stream Cipher", aes.CbcCmd) + a.Add( + "Stream Cipher", + aes.CbcCmd, + ) - a.Add("Message Authentication Code(MAC)", aes.CmacGenerateCmd, aes.CmacVerifyCmd) + a.Add( + "Message Authentication Code(MAC)", + aes.CmacGenerateCmd, + aes.CmacVerifyCmd, + ) - a.Add("Authenticated Encryption(AEAD)", aes.GcmCmd) + a.Add( + "Authenticated Encryption(AEAD)", + aes.GcmCmd, + ) - a.Add("Key Wrap", keywrap_aes.Cmd) + a.Add( + "Key Wrap", + keywrap_aes.Cmd, + ) - a.Add("Key Derivation Function(KDF)", kdf.Pbkdf2Cmd) + a.Add( + "Key Derivation Function(KDF)", + kdf.Pbkdf2Cmd, + ) - a.Add("Hash Function", hash.ShaCmd) + a.Add( + "Hash Function", + hash.ShaCmd, + ) - a.Add("Key Encapsulation Mechanism(KEM)", kem_rsa.Cmd) + a.Add( + "Key Encapsulation Mechanism(KEM)", + kem_rsa.Cmd, + ) + + a.Add( + "Secured Hardware Extensions(AUTOSAR)", + she.ExampleCmd, + she.EncodeCmd, + she.DecodeCmd, + ) if err := a.Run(os.Args[1:]...); err != nil { fmt.Fprintln(os.Stderr, "error:", err)