/** Combined XEX mode encrypt/decrypt, since they're almost the same.
* See xexEncryptInternal() and xexDecryptInternal() for a description of
* what this does and what each parameter is.
* \param out For encryption, this will be the resulting ciphertext. For
* decryption, this will be the resulting plaintext.
* \param in For encryption, this will be the source plaintext. For
* decryption, this will be the source ciphertext.
* \param n See xexEncryptInternal().
* \param seq See xexEncryptInternal().
* \param tweak_key See xexEncryptInternal().
* \param encrypt_key See xexEncryptInternal().
* \param is_decrypt To decrypt, use true. To encrypt, use false.
*/
static void xexEnDecrypt(uint8_t *out, uint8_t *in, uint8_t *n, uint8_t seq, uint8_t *tweak_key, uint8_t *encrypt_key, bool is_decrypt)
{
uint8_t expanded_key[EXPANDED_KEY_SIZE];
uint8_t delta[16];
uint8_t buffer[16];
uint8_t i;
aesExpandKey(expanded_key, tweak_key);
aesEncrypt(delta, n, expanded_key);
for (i = 0; i < seq; i++)
{
doubleInGF(delta);
}
memcpy(buffer, in, 16);
xor16Bytes(buffer, delta);
aesExpandKey(expanded_key, encrypt_key);
if (is_decrypt)
{
aesDecrypt(out, buffer, expanded_key);
}
else
{
aesEncrypt(out, buffer, expanded_key);
}
xor16Bytes(out, delta);
}
static void getContract(TrustedContractArgs *args){
int rsaErr = 0, aesErr = 0;
//hello(REP_TRUSTED_NAME);
printf("In trusted mode getContract()");
//X1XXuseDMA(); //DMA the encrypted data into trusted space
rsaErr = rsaDecrypt(encryptedAESKey,g_d,g_modulus,decryptedAESKey);
if(rsaErr != 0){
printf("RSA encryption failed.\n");
//*args->success = 0;
}
else{
aesErr = aesDecrypt(decryptedAESKey,encrypted,decrypted,nbytes);
}
if(aesErr != 0){
printf("AES encryption failed.\n");
//*args->success = 0;
}
else if(aesErr == 0 && rsaErr == 0){
//*(args)->success = 1;
memcpy(contract,decrypted,nbytes);
}
/*Clear decrypted aeskey*/
memset(decryptedAESKey,0, 128);
}
/*
* Class: Cypher
* Method: aesDecryption
* Signature: ([B[B)[B
*/
JNIEXPORT void JNICALL Java_Cypher_aesDecryption
(JNIEnv *env, jclass obj, jbyteArray message, jbyteArray cypher) {
char *message_tmp = (char*)(*env)->GetByteArrayElements(env, message, 0);
char *cypher_tmp = (char*)(*env)->GetByteArrayElements(env, cypher, 0);
aesDecrypt(message_tmp, cypher_tmp);
(*env)->SetByteArrayRegion(env, message, 0, 16, message_tmp);
(*env)->ReleaseByteArrayElements(env, message, message_tmp, 0);
(*env)->ReleaseByteArrayElements(env, cypher, cypher_tmp, 0);
}
void test_beecrypt_rijndael_ecb()
{
aesParam encctx;
aesSetup(&encctx, (byte*)enckey, 256, ENCRYPT);
for(unsigned int p = 0; p < bufferlen; p += 16)
aesEncrypt(&encctx, (uint32_t*)(buffer + p), (uint32_t*)(buffer + p));
aesParam decctx;
aesSetup(&decctx, (byte*)enckey, 256, DECRYPT);
for(unsigned int p = 0; p < bufferlen; p += 16)
aesDecrypt(&decctx, (uint32_t*)(buffer + p), (uint32_t*)(buffer + p));
}
int decoding(char* in, int inlen, char** out, int* outlen) {
int ret;
char* aes;
int aes_len;
char* msg;
int msg_len;
aes_len = inlen; /* base64 decode-length always smaller than encode-length */
aes = get_pre_aes_buffer(aes_len);
if (aes == NULL) {
message_log(LOG_ERR, 0,
"get aes buffer for Base64Decode failed");
return -1;
}
ret = Base64Decode(in, inlen, aes, &aes_len);
if (ret < 0) {
message_log(LOG_ERR, 0,
"Base64Decode failed ret %d", ret);
return -2;
}
msg_len = aes_len;
msg = get_pre_msg_buffer(msg_len);
if (msg == NULL) {
message_log(LOG_ERR, 0,
"get msg buffer for aesDecrypt failed");
return -3;
}
ret = aesDecrypt(aes, aes_len, msg, &msg_len);
if (ret < 0) {
message_log(LOG_ERR, 0,
"aesDecrypt failed ret %d", ret);
return -4;
}
*out = msg;
*outlen = msg_len;
return 0;
}
int main()
{
int i, failures = 0;
aesParam param;
byte key[32];
byte src[16];
byte dst[16];
byte chk[16];
size_t keybits;
for (i = 0; i < NVECTORS; i++)
{
keybits = fromhex(key, table[i].key) << 3;
if (aesSetup(¶m, key, keybits, table[i].op))
return -1;
fromhex(src, table[i].input);
fromhex(chk, table[i].expect);
switch (table[i].op)
{
case ENCRYPT:
if (aesEncrypt(¶m, (uint32_t*) dst, (const uint32_t*) src))
return -1;
break;
case DECRYPT:
if (aesDecrypt(¶m, (uint32_t*) dst, (const uint32_t*) src))
return -1;
break;
}
if (memcmp(dst, chk, 16))
{
printf("failed vector %d\n", i+1);
failures++;
}
}
return failures;
}
size32_t aesDecryptWithRSAEncryptedKey(MemoryBuffer &out, size32_t inSz, const void *inBytes, const CLoadedKey &privateKey)
{
MemoryBuffer in;
in.setBuffer(inSz, (void *)inBytes, false);
// read encrypted AES key
size32_t encryptedAESKeySz;
in.read(encryptedAESKeySz);
MemoryBuffer aesKey;
size32_t decryptedAesKeySz = privateKeyDecrypt(aesKey, encryptedAESKeySz, in.readDirect(encryptedAESKeySz), privateKey);
if (decryptedAesKeySz != aesMaxKeySize)
throw makeStringException(0, "aesDecryptWithRSAEncryptedKey - invalid input");
unsigned iVPos = in.getPos(); // read directly further down
in.skip(aesBlockSize);
size32_t aesEncryptedSz;
in.read(aesEncryptedSz);
return aesDecrypt(out, aesEncryptedSz, in.readDirect(aesEncryptedSz), aesMaxKeySize, (const char *)aesKey.bytes(), (const char *)in.bytes()+iVPos);
}
/*decryption of XEX layer*/
void XEXLayerDec(const u32 irk[], const u8 Lprime[], const u8 C[], u8 Z[], unsigned long long int ctlen){
u8 mask[16];
u8 temp[16];
u8 pt[16];
memcpy(mask, Lprime, 16);
while(ctlen!=0){
double_mask(mask);
memcpy(temp, C, 16);
xor_byte_string(mask, temp, 16);
aesDecrypt(irk, temp, pt);
xor_byte_string(mask, pt, 16);
memcpy(Z, pt, 16);
C+=16;
Z+=16;
ctlen-=16;
}
}
JNIEXPORT jbyteArray Java_com_ghost_GCrypto_GCrypto_JNIDecryptWithAES(JNIEnv* env, jobject obj, jbyteArray dataString, jbyteArray passwordString)
{
crypto_cstring data;
data.length = (*env)->GetArrayLength(env, dataString);
data.context = (jbyte *)malloc(data.length * sizeof(jbyte));
(*env)->GetByteArrayRegion(env, dataString,0,data.length,data.context);
crypto_cstring password;
password.length = (*env)->GetArrayLength(env, passwordString);
password.context = (jbyte *)malloc(password.length * sizeof(jbyte));
(*env)->GetByteArrayRegion(env, passwordString,0,password.length,password.context);
crypto_cstring tmp = aesDecrypt(data.context, data.length, password.context, password.length);
jbyte *by = (jbyte*) tmp.context;
jbyteArray jarray = (*env)->NewByteArray(env, tmp.length);
(*env)->SetByteArrayRegion(env, jarray, 0, tmp.length, by);
free(data.context);
free(password.context);
return jarray;
}
/*
SHELL-AES decryption for plaintexts shorter than one blocks long:
parameters follow those of function shellaesEnc
*/
int shellaesDec_short(const u8 key[], const u8 nonce[], const u8 ad[], unsigned long long int adlen, const u8 c[], unsigned long long int ctlen, u8 p[], const u8 tag[]){
u8 V[16], F[16], keyprime[16], L[16], Lprime[16], S[16], I[16];
u32 mk[4*d], sk[12*d], rk[44], irk[44], rkprime[44];
u8 pt1[16], pt2[16], ct1[16], ct2[16];
u8 mask[16], mask1[16];
u8 temp[16];
int i, flag;
/* key setup */
aesKeySetupEnc(rk, key);
KeySetupEnc(mk, sk, L, Lprime, keyprime, rk, key);
aesKeySetupDec(irk, key);
aesKeySetupEnc(rkprime, keyprime);
memset(V, 0, 16);
/*PX-MAC*/
PXMAC(mk, sk, L, V, rk, ad, adlen);
/*derive the block of ciphertext and save it to ct1[]*/
memcpy(ct1, c, ctlen);
for(i=ctlen; i<16; ++i){
ct1[i]=tag[i-ctlen];
}
/*produce mask 3^3*Lprime*/
memcpy(mask, Lprime, 16);
for(i=0; i<3; ++i){
memcpy(temp, mask, 16);
double_mask(mask);
xor_byte_string(temp, mask, 16);
}
/*produce mask 2^2*3^3*Lprime*/
memcpy(mask1, mask, 16);
double_mask(mask1);
double_mask(mask1);
/*decrypt to obtain I[]*/
xor_byte_string(mask1, ct1, 16);
aesDecrypt(irk, ct1, pt1);
xor_byte_string(mask1, pt1, 16);
xor_byte_string(V, pt1, 16);
memcpy(ct1, pt1, 16);
xor_byte_string(ct1, V, 16);
xor_byte_string(mask, ct1, 16);
aesDecrypt(irk, ct1, pt1);
xor_byte_string(mask, pt1, 16);
memcpy(I, pt1, 16);
/*decrypt the plaintext*/
CENC(rkprime, S, F, nonce, 16);
xor_byte_string(S, pt1, 16);
memcpy(p, pt1, ctlen);
/*verify the validness of tag*/
memcpy(pt2, I, 16);
double_mask(mask);
xor_byte_string(mask, pt2, 16);
aesEncrypt(rk, pt2, ct2);
xor_byte_string(mask, ct2, 16);
xor_byte_string(V, ct2, 16);
memcpy(pt2, ct2, 16);
double_mask(mask1);
xor_byte_string(mask1, pt2, 16);
aesEncrypt(rk, pt2, ct2);
xor_byte_string(mask1, ct2, 16);
xor_byte_string(F, ct2, 16);
flag=1;
if(pt1[ctlen]!=0x80){
flag=0;
}
for(i=ctlen+1; i<16; ++i){
if(pt1[i]!=0){
flag=0;
}
}
for(i=0; i<ctlen; ++i){
if(ct2[i]!=tag[i+16-ctlen]){
flag=0;
}
}
/*
if(flag){
printf("the plaintext is:\n");
printf_byte_string(p, ctlen);
}
else{
printf("the tag is invalid!");
}
*/
return flag;
}
/*inverse of XLS*/
void XLSInv(const u32 irk[], const u8 Lprime[], const u8 c[], unsigned long long fb_ctlen, unsigned int nfb_ctlen, u8 p[], u8 tag[]){
u8 pt[16], ct[16];
u8 temp[16];
u8 mask1[16], mask2[16];
// CHANGE VLA allocation changed to dynamic (for MSVC compiler)
// u8 byte1[nfb_ctlen], byte2[nfb_ctlen];
u8* byte1 = new u8[nfb_ctlen];
u8* byte2 = new u8[nfb_ctlen];
int i;
/*produce mask 3^2*Lprime, and save it to mask1[]*/
memcpy(mask1, Lprime, 16);
for(i=0; i<2; ++i){
memcpy(temp, mask1, 16);
double_mask(mask1);
xor_byte_string(temp, mask1, 16);
}
/*produce mask 7^2*Lprime, and save it to mask2[]*/
memcpy(mask2, Lprime, 16);
for(i=0; i<2; ++i){
memcpy(temp, mask2, 16);
double_mask(mask2);
xor_byte_string(mask2, temp, 16);
double_mask(mask2);
xor_byte_string(temp, mask2, 16);
}
/*produce the masks for E' and E'', and save them to mask1[] and mask2[] respectively*/
while(fb_ctlen!=0){
double_mask(mask1);
double_mask(mask2);
fb_ctlen-=16;
}
double_mask(mask1);
double_mask(mask2);
memcpy(ct, c, nfb_ctlen);
memcpy(ct+nfb_ctlen, tag, 16-nfb_ctlen);
memcpy(byte2, tag+16-nfb_ctlen, nfb_ctlen);
/*the first round */
xor_byte_string(mask1, ct, 16);
aesDecrypt(irk, ct, pt);
xor_byte_string(mask1, pt, 16);
pt[15-nfb_ctlen]^=0x01;
memcpy(byte1, pt+16-nfb_ctlen, nfb_ctlen);
MIX(byte1, byte2, nfb_ctlen);
memcpy(pt+16-nfb_ctlen, byte1, nfb_ctlen);
memcpy(ct, pt, 16);
/*The second round*/
xor_byte_string(mask2, ct, 16);
aesDecrypt(irk, ct, pt);
xor_byte_string(mask2, pt, 16);
pt[15-nfb_ctlen]^=0x01;
memcpy(byte1, pt+16-nfb_ctlen, nfb_ctlen);
MIX(byte1, byte2, nfb_ctlen);
memcpy(pt+16-nfb_ctlen, byte1, nfb_ctlen);
memcpy(ct, pt, 16);
/*the third round */
xor_byte_string(mask1, ct, 16);
aesDecrypt(irk, ct, pt);
xor_byte_string(mask1, pt, 16);
/*separate the output to plaintext and tag*/
memcpy(p, pt, nfb_ctlen);
memcpy(tag, pt+nfb_ctlen, 16-nfb_ctlen);
memcpy(tag+16-nfb_ctlen, byte2, nfb_ctlen);
// CHANGE memory management (VLA allocation changed to dynamic)
delete[] byte1;
delete[] byte2;
}
void doInteraction() {
char *cmd;
// i/o
opRec oprec;
unsigned char dataStr[256];
// aes
aesParam aesparam;
byte aesSrc[16];
byte aesDst[16];
// rsa
rsakp keypair;
mpnumber m, cipher, signature;
// sha1
byte digest[20];
char digestHex[41];
sha1Param sha1param;
int i;
oprec.data = dataStr;
oprec.dataLen = MAXDATLEN;
while(1) {
// reset the data string
for( i = 0; i < MAXDATLEN; i++ ) {
oprec.data[i] = '0';
}
oprec.dataLen = MAXDATLEN;
// grab the string and parse it
cmd = getString();
if(parseString(cmd, &oprec) != 1) {
oprec.dataLen = MAXDATLEN;
continue;
}
switch(oprec.cipherType) {
case CH_AES:
for( i = 0; i < 16; i++ ) {
aesSrc[i] = 0;
}
if(aesSetup(&aesparam, AESkeyTable[oprec.keyIndex].key, 128, oprec.opType == CH_ENCRYPT ? ENCRYPT : DECRYPT ))
continue;
fromhex(aesSrc, oprec.data);
if( oprec.opType == CH_ENCRYPT ) {
if( aesEncrypt(&aesparam, (uint32_t *)aesDst, (uint32_t *)aesSrc) )
continue;
} else {
if( aesDecrypt(&aesparam, (uint32_t *)aesDst, (uint32_t *)aesSrc) )
continue;
}
for( i = 0; i < 16; i++ ) {
printf("%02X", aesDst[i] );
}
printf( "\n" );
break;
case CH_SGN:
// init sha1
if( sha1Reset( &sha1param ) )
continue;
if( sha1Update( &sha1param, oprec.data, oprec.dataLen ))
continue;
if( sha1Digest( &sha1param, digest ) )
continue;
// digest now contains the 160-bit message we want to sign
toHex(digest, digestHex, 20);
// digestHex now has the correct large number representation of the message
#if TESTING
fprintf( stderr, "sha1 of message: %s\n", digestHex );
#endif
// init rsa
rsakpInit(&keypair);
mpbsethex(&keypair.n, RSAkeyTable[oprec.keyIndex].rsa_n);
mpnsethex(&keypair.e, RSAkeyTable[oprec.keyIndex].rsa_e);
mpbsethex(&keypair.p, RSAkeyTable[oprec.keyIndex].rsa_p);
mpbsethex(&keypair.q, RSAkeyTable[oprec.keyIndex].rsa_q);
mpnsethex(&keypair.dp, RSAkeyTable[oprec.keyIndex].rsa_dp);
mpnsethex(&keypair.dq, RSAkeyTable[oprec.keyIndex].rsa_dq);
mpnsethex(&keypair.qi, RSAkeyTable[oprec.keyIndex].rsa_qi);
mpnzero(&m);
mpnzero(&cipher);
mpnzero(&signature);
mpnsethex(&m, digestHex);
// we are now all set to do the signing
// need to:
// write signing alg here
// make test case
// this link is very helpful in writing this code:
// http://tools.ietf.org/html/rfc3447#page-12
rsapricrt(&keypair.n, &keypair.p, &keypair.q, &keypair.dp, &keypair.dq, &keypair.qi, &m, &signature);
for( i = 0; i < signature.size; i++ ) {
printf("%08X", signature.data[i] );
}
printf( "\n" );
#if TESTING
mpnfree(&m);
mpnzero(&m);
rsapub(&keypair.n, &keypair.e, &signature, &m);
for( i = 0; i < m.size; i++ ) {
printf("%08X", m.data[i] );
}
printf( "\n" );
#endif
rsakpFree(&keypair);
break;
case CH_VRF:
rsakpInit(&keypair);
mpbsethex(&keypair.n, RSAkeyTable[oprec.keyIndex].rsa_n);
mpnsethex(&keypair.e, RSAkeyTable[oprec.keyIndex].rsa_e);
mpbsethex(&keypair.p, RSAkeyTable[oprec.keyIndex].rsa_p);
mpbsethex(&keypair.q, RSAkeyTable[oprec.keyIndex].rsa_q);
mpnsethex(&keypair.dp, RSAkeyTable[oprec.keyIndex].rsa_dp);
mpnsethex(&keypair.dq, RSAkeyTable[oprec.keyIndex].rsa_dq);
mpnsethex(&keypair.qi, RSAkeyTable[oprec.keyIndex].rsa_qi);
mpnzero(&m);
mpnzero(&cipher);
mpnzero(&signature);
mpnsethex(&m, oprec.data);
rsapub(&keypair.n, &keypair.e, &m, &cipher);
for( i = 0; i < cipher.size; i++ )
printf("%08X", cipher.data[i]);
printf( "\n" );
break;
case CH_SHA:
// init sha1
if( sha1Reset( &sha1param ) )
continue;
if( sha1Update( &sha1param, oprec.data, oprec.dataLen ))
continue;
if( sha1Digest( &sha1param, digest ) )
continue;
// digest now contains the 160-bit message we want to sign
toHex(digest, digestHex, 20);
printf( "%s\n", digestHex );
break;
default:
fprintf( stderr, "unknown cipher type caught.\n" );
} // switch
// prevent the leak!
#if (TESTING == 0)
if( cmd != NULL )
free(cmd);
#endif
} // while
}
void Ex_Anl(u8 *data_buf)
{
switch (*(data_buf + 2))
{
case 0X10:
{
AbsoluteOpticalEncoder_VAL = *(data_buf + 4);
for (int i = 0; i < 8; ++i)
{
if (AbsoluteOpticalEncoder_VAL < AbsoluteOpticalEncoder_Apart[i])
{
RelayStata = i;
break;
}
}
Sys_Printf(Printf_USART, "\r\nAbsoluteOpticalEncoder_VAL:%d", AbsoluteOpticalEncoder_VAL);
Sys_Printf(Printf_USART, "\r\nRelayStata:%d", RelayStata);
break;
}
case 0X11:
{
if (*(data_buf + 4) < 8)
AbsoluteOpticalEncoder_Apart[*(data_buf + 4)] = *(data_buf + 5);
Sys_Printf(Printf_USART, "\r\nAbsoluteOpticalEncoder_Apart:\r\n");
for (int i = 0; i < 8; i++)Sys_Printf(Printf_USART, " %d", AbsoluteOpticalEncoder_Apart[i]);
break;
}
case 0X12:
{
TimeUnlock = *(data_buf + 4);
Sys_Printf(Printf_USART, "\r\nTimeUnlock:%d", TimeUnlock);
break;
}
case 0X13:
{
srand(SysTick_Clock());
Sys_Printf(USART1, (char *)"\r\n%d", rand());
unsigned char dat[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
unsigned char chainCipherBlock[16];
unsigned char i;
for (i = 0; i < 32; i++) AES_Key_Table[i] = i; //做运算之前先要设置好密钥,这里只是设置密钥的DEMO。
memset(chainCipherBlock, 0x00, sizeof(chainCipherBlock));
aesEncInit();//在执行加密初始化之前可以为AES_Key_Table赋值有效的密码数据
aesEncrypt(dat, chainCipherBlock);//AES加密,数组dat里面的新内容就是加密后的数据。
//aesEncrypt(dat+16, chainCipherBlock);//AES源数据大于16字节时,把源数据的指针+16就好了
Sys_Printf(USART1, (char *)"\r\n");
for (int i = 0; i < 16; ++i) Sys_Printf(USART1, (char *)"%X ", dat[i]);
memset(chainCipherBlock, 0x00, sizeof(chainCipherBlock)); //这里要重新初始化清空
aesDecInit();//在执行解密初始化之前可以为AES_Key_Table赋值有效的密码数据
aesDecrypt(dat, chainCipherBlock);//AES解密,密文数据存放在dat里面,经解密就能得到之前的明文。
Sys_Printf(USART1, (char *)"\r\n");
for (int i = 0; i < 16; ++i) Sys_Printf(USART1, (char *)"%X ", dat[i]);
break;
}
case 0X14:
{
ChipUniqueID32[2] = *(__IO u32 *)(0X1FFFF7E8); // 低字节
ChipUniqueID32[1] = *(__IO u32 *)(0X1FFFF7EC); //
ChipUniqueID32[0] = *(__IO u32 *)(0X1FFFF7F0); // 高字节
Sys_Printf(USART1, (char *)"ChipUniqueID: %X %X %X", ChipUniqueID32[0], ChipUniqueID32[1], ChipUniqueID32[2]);
Sys_Printf(USART1, (char *)"ChipUniqueID: %X %X %X %X %X %X %X %X %X %X %X %X", ChipUniqueID8[0], ChipUniqueID8[1], ChipUniqueID8[2],ChipUniqueID8[3], ChipUniqueID8[4], ChipUniqueID8[5],ChipUniqueID8[6], ChipUniqueID8[7], ChipUniqueID8[8],ChipUniqueID8[9], ChipUniqueID8[10], ChipUniqueID8[11]);
break;
}
}
}