Avoid zero IV for AES encryption in xcrypt

Author: kala13x

CMakeLists.txt

@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.5.0 FATAL_ERROR)
+cmake_minimum_required(VERSION 3.16)
 project(libxutils LANGUAGES C)
 
 if (WIN32)

README.md

@@ -45,7 +45,6 @@
 - [Implementation of advanced file search](https://github.com/kala13x/libxutils/blob/main/src/sys/srch.h)
 - [System time manipulation library](https://github.com/kala13x/libxutils/blob/main/src/sys/xtime.h)
 - [Performance monitoring library](https://github.com/kala13x/libxutils/blob/main/src/sys/mon.h)
-- [File and directory operations](https://github.com/kala13x/libxutils/blob/main/src/sys/xfs.h)
 - [Simple and fast memory pool](https://github.com/kala13x/libxutils/blob/main/src/sys/pool.h)
 - [Advanced logging library](https://github.com/kala13x/libxutils/blob/main/src/sys/log.h)
 

examples/CMakeLists.txt

@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.10)
+cmake_minimum_required(VERSION 3.16)
 project(xutils)
 
 set(CMAKE_C_STANDARD 11)

src/crypt/crypt.c

@@ -306,6 +306,40 @@ static xbool_t XCrypt_NeedsKey(xcrypt_chipher_t eCipher)
     return XFALSE;
 }
 
+static xbool_t XCrypt_NeedsIV(xcrypt_chipher_t eCipher)
+{
+    switch (eCipher)
+    {
+        case XC_AES:
+            return XTRUE;
+        case XC_XOR:
+        case XC_CASEAR:
+        case XC_HS256:
+        case XC_MD5_HMAC:
+#ifdef XCRYPT_USE_SSL
+        case XC_RS256:
+        case XC_RSAPR:
+        case XC_RSA:
+#endif
+        case XC_HEX:
+        case XC_CRC32:
+        case XC_BASE64:
+        case XC_B64URL:
+        case XC_MD5:
+        case XC_SHA1:
+        case XC_SHA256:
+        case XC_REVERSE:
+        case XC_MD5_SUM:
+        case XC_SHA1_SUM:
+        case XC_SHA256_SUM:
+            return XFALSE;
+        default:
+            break;
+    }
+
+    return XFALSE;
+}
+
 void XCrypt_ErrorCallback(xcrypt_ctx_t *pCtx, const char *pStr, ...)
 {
     if (pCtx->callback == NULL) return;
@@ -324,10 +358,11 @@ xbool_t XCrypt_KeyCallback(xcrypt_ctx_t *pCtx, xcrypt_chipher_t eCipher, xcrypt_
     memset(pKey, 0, sizeof(xcrypt_key_t));
     pKey->eCipher = eCipher;
 
-    if (!XCrypt_NeedsKey(eCipher) ||
-        pCtx->callback == NULL) return XTRUE;
+    if (!XCrypt_NeedsKey(eCipher) || pCtx->callback == NULL) return XTRUE;
+    if (!pCtx->callback(XCB_KEY, pKey, pCtx->pUserPtr)) return XFALSE;
 
-    return pCtx->callback(XCB_KEY, pKey, pCtx->pUserPtr);
+    if (!XCrypt_NeedsIV(eCipher)) return XTRUE;
+    return pCtx->callback(XCB_IV, pKey->sIV, pCtx->pUserPtr);
 }
 
 void XCrypt_Init(xcrypt_ctx_t *pCtx, xbool_t bDecrypt, char *pCiphers, xcrypt_cb_t callback, void *pUser)
@@ -345,6 +380,7 @@ uint8_t* XCrypt_Single(xcrypt_ctx_t *pCtx, xcrypt_chipher_t eCipher, const uint8
     if (!XCrypt_KeyCallback(pCtx, eCipher, &encKey)) return XFALSE;
 
     const uint8_t *pKey = (const uint8_t*)encKey.sKey;
+    const uint8_t *pIV = (const uint8_t*)encKey.sIV;
     size_t nKeyLength = encKey.nLength;
 
     uint8_t *pCrypted = NULL;
@@ -354,7 +390,7 @@ uint8_t* XCrypt_Single(xcrypt_ctx_t *pCtx, xcrypt_chipher_t eCipher, const uint8
     {
         case XC_CRC32: nCRC32 = XCRC32_Compute(pInput, *pLength); break;
         case XC_CRC32B: nCRC32 = XCRC32_ComputeB(pInput, *pLength); break;
-        case XC_AES: pCrypted = XCrypt_AES(pInput, pLength, pKey, nKeyLength, NULL); break;
+        case XC_AES: pCrypted = XCrypt_AES(pInput, pLength, pKey, nKeyLength, pIV); break;
         case XC_HEX: pCrypted = XCrypt_HEX(pInput, pLength, XSTR_SPACE, pCtx->nColumns, XFALSE); break;
         case XC_XOR: pCrypted = XCrypt_XOR(pInput, *pLength, pKey, nKeyLength); break;
         case XC_MD5: pCrypted = XMD5_Encrypt(pInput, *pLength); *pLength = XMD5_DIGEST_SIZE; break;
@@ -407,13 +443,14 @@ uint8_t* XDecrypt_Single(xcrypt_ctx_t *pCtx, xcrypt_chipher_t eCipher, const uin
     if (!XCrypt_KeyCallback(pCtx, eCipher, &decKey)) return XFALSE;
 
     const uint8_t *pKey = (const uint8_t*)decKey.sKey;
+    const uint8_t *pIV = (const uint8_t*)decKey.sIV;
     size_t nKeyLength = decKey.nLength;
     uint8_t *pDecrypted = NULL;
 
     switch (eCipher)
     {
         case XC_HEX: pDecrypted = XDecrypt_HEX(pInput, pLength, XFALSE); break;
-        case XC_AES: pDecrypted = XDecrypt_AES(pInput, pLength, pKey, nKeyLength, NULL); break;
+        case XC_AES: pDecrypted = XDecrypt_AES(pInput, pLength, pKey, nKeyLength, pIV); break;
         case XC_XOR: pDecrypted = XCrypt_XOR(pInput, *pLength, pKey, nKeyLength); break;
         case XC_CASEAR: pDecrypted = (uint8_t*)XDecrypt_Casear((const char*)pInput, *pLength, atoi(decKey.sKey)); break;
         case XC_BASE64: pDecrypted = (uint8_t*)XBase64_Decrypt(pInput, pLength); break;

src/crypt/crypt.h

@@ -61,13 +61,15 @@ typedef enum
 {
     XCB_INVALID = (uint8_t)0,
     XCB_ERROR,
-    XCB_KEY
+    XCB_KEY,
+    XCB_IV
 } xcrypt_cb_type_t;
 
 typedef struct XCryptKey 
 {
     xcrypt_chipher_t eCipher;
     char sKey[XSTR_MIN];
+    char sIV[XSTR_MICRO];
     size_t nLength;
 } xcrypt_key_t;
 

src/data/str.h

@@ -64,6 +64,7 @@
 #define XSTR_MIN                    2048
 #define XSTR_TINY                   256
 #define XSTR_MICRO                  32
+#define XSTR_PICO                   16
 #define XSTR_NPOS                   UINT_MAX
 #define XSTR_STACK                  XSTR_MID
 

src/xver.h

@@ -12,8 +12,8 @@
 
 #define XUTILS_VERSION_MAX      2
 #define XUTILS_VERSION_MIN      7
-#define XUTILS_BUILD_NUMBER     2
-#define XUTILS_BUILD_DATE       "21Jun2025"
+#define XUTILS_BUILD_NUMBER     3
+#define XUTILS_BUILD_DATE       "15Sep2025"
 
 #ifdef __cplusplus
 extern "C" {

tools/CMakeLists.txt

@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.10)
+cmake_minimum_required(VERSION 3.16)
 project(xutils)
 
 set(CMAKE_C_STANDARD 11)

tools/xcrypt.c

@@ -24,7 +24,7 @@
 
 #define XCRYPT_VER_MAX      0
 #define XCRYPT_VER_MIN      1
-#define XCRYPT_BUILD_NUM    22
+#define XCRYPT_BUILD_NUM    23
 
 #define XAES_KEY_LENGTH     256
 #define XHEX_COLUMNS        16
@@ -39,6 +39,7 @@ typedef struct
     char sText[XSTR_MID];
     char sPair[XSTR_MID];
     char sKey[XSTR_MID];
+    char sIV[XSTR_MICRO];
 
     size_t nKeySize;
     xbool_t bDecrypt;
@@ -104,17 +105,17 @@ static void XCrypt_DisplayUsage(const char *pName)
     bRSA = XTRUE;
 #endif
 
-    const char *pRSAOption = bRSA ? "[-g <pub:priv>]" : XSTR_EMPTY;
+    const char *pRSAOption = bRSA ? " [-g <pub:priv>]" : XSTR_EMPTY;
     const char *pRSADesc = bRSA ? "and RSA" : XSTR_EMPTY;
 
-    xlog("==========================================================");
+    xlog("============================================================");
     xlog(" Crypt/Decrypt file or text - v%d.%d build %d (%s)",
         XCRYPT_VER_MAX, XCRYPT_VER_MIN, XCRYPT_BUILD_NUM, __DATE__);
-    xlog("==========================================================");
+    xlog("============================================================");
 
-    xlog("Usage: %s [-c <ciphers>] [-i <input>] [-o <output>]", pName);
-    xlog(" %s [-K <keyfile>] [-k <key>] %s", XCrypt_WhiteSpace(nLength), pRSAOption);
-    xlog(" %s [-t <text>] [-d] [-f] [-p] [-s] [-h] [-v]\n", XCrypt_WhiteSpace(nLength));
+    xlog("Usage: %s [-c <ciphers>] [-i <input>] [-o <output>] [-v]", pName);
+    xlog(" %s [-K <keyfile>] [-k <key>]%s [-x]", XCrypt_WhiteSpace(nLength), pRSAOption);
+    xlog(" %s [-t <text>] [-I <iv>] [-d] [-f] [-p] [-s] [-h]\n", XCrypt_WhiteSpace(nLength));
 
     xlog("Options are:");
     xlog("   -c <ciphers>        # Encryption or decryption ciphers (%s*%s)", XSTR_CLR_RED, XSTR_FMT_RESET);
@@ -126,6 +127,7 @@ static void XCrypt_DisplayUsage(const char *pName)
     xlog("   -K <keyfile>        # File path containing the key");
     xlog("   -k <key>            # The key to pass as an argument");
     xlog("   -t <text>           # Input text to pass as an argument");
+    xlog("   -I <iv>             # Initialization vector for AES");
     xlog("   -d                  # Decryption mode");
     xlog("   -f                  # Force overwrite output");
     xlog("   -s                  # Key size for AES %s", pRSADesc);
@@ -296,6 +298,60 @@ static xbool_t XCrypt_GetKey(xcrypt_args_t *pArgs, xcrypt_key_t *pKey)
     return XCrypt_SetKey(pArgs, pKey, nLength);
 }
 
+static xbool_t XCrypt_GetIV(xcrypt_args_t *pArgs, xcrypt_key_t *pKey)
+{
+    if (xstrused(pArgs->sIV))
+    {
+        size_t nLength = xstrncpy(pKey->sIV, sizeof(pKey->sIV), pArgs->sIV);
+        if (nLength < 16)
+        {
+            xlogw("IV is too short, will be padded with zero bytes");
+            memset(pKey->sIV + nLength, 0, 16 - nLength);
+        }
+
+        return XTRUE;
+    }
+
+    char sIV[XSTR_PICO];
+    sIV[0] = XSTR_NUL;
+
+    const char *pCipher = XCrypt_GetCipherStr(pKey->eCipher);
+    printf("Enter IV for the cipher '%s': ", pCipher);
+
+    if (!XCLI_GetPass(NULL, pKey->sIV, sizeof(pKey->sIV)))
+    {
+        xloge("Failed to read IV: %d", errno);
+        return XFALSE;
+    }
+
+    if (!pArgs->bDecrypt || pArgs->bForce)
+    {
+        printf("Re-enter IV for the cipher '%s': ", pCipher);
+        sIV[0] = XSTR_NUL;
+
+        if (!XCLI_GetPass(NULL, sIV, sizeof(sIV)))
+        {
+            xloge("Failed to read IV: %d", errno);
+            return XFALSE;
+        }
+
+        if (strcmp(pKey->sIV, sIV))
+        {
+            xloge("IV do not match");
+            return XFALSE;
+        }
+    }
+
+    size_t nLength = strlen(pKey->sIV);
+    if (nLength < 16)
+    {
+        xlogw("IV is too short, will be padded with zero bytes");
+        memset(pKey->sIV + nLength, 0, 16 - nLength);
+    }
+
+    return XTRUE;
+}
+
 static XSTATUS XCrypt_ValidateArgs(xcrypt_args_t *pArgs)
 {
     if (xstrused(pArgs->sPair))
@@ -376,7 +432,7 @@ static xbool_t XCrypt_ParseArgs(xcrypt_args_t *pArgs, int argc, char *argv[])
     memset(pArgs, 0, sizeof(xcrypt_args_t));
     int nChar = 0;
 
-    while ((nChar = getopt(argc, argv, "c:i:o:g:k:K:t:s:d1:f1:h1:p1:s1:x1:v1")) != -1)
+    while ((nChar = getopt(argc, argv, "c:i:o:g:k:K:I:t:s:d1:f1:h1:p1:s1:x1:v1")) != -1)
     {
         switch (nChar)
         {
@@ -400,6 +456,9 @@ static xbool_t XCrypt_ParseArgs(xcrypt_args_t *pArgs, int argc, char *argv[])
             case 'K':
                 xstrncpy(pArgs->sKeyFile, sizeof(pArgs->sKeyFile), optarg);
                 break;
+            case 'I':
+                xstrncpy(pArgs->sIV, sizeof(pArgs->sIV), optarg);
+                break;
             case 't':
                 xstrncpy(pArgs->sText, sizeof(pArgs->sText), optarg);
                 break;
@@ -470,6 +529,13 @@ xbool_t XCrypt_Callback(xcrypt_cb_type_t eType, void *pData, void *pCtx)
         xcrypt_key_t *pKey = (xcrypt_key_t*)pData;
         return XCrypt_GetKey(pArgs, pKey);
     }
+    else if (eType == XCB_IV)
+    {
+        xcrypt_args_t *pArgs = (xcrypt_args_t*)pCtx;
+        xcrypt_key_t *pKey = (xcrypt_key_t*)pData;
+        return XCrypt_GetIV(pArgs, pKey);
+    }
+
 
     xloge("%s (%d)", (const char*)pData, errno);
     return XFALSE;