static mrb_value mrb_des3_decrypt(mrb_state *mrb, mrb_value self) {
mrb_value mode, key, source, dest, iv;
unsigned char output[100];
des3_context ctx;
mrb_int len=16;
memset(output, 0, sizeof(output));
mrb_get_args(mrb, "SSSS", &mode, &key, &source, &iv);
des3_init(&ctx);
if (RSTRING_LEN(key) == 16) {
des3_set2key_dec(&ctx, RSTRING_PTR(key));
} else if (RSTRING_LEN(key) == 24) {
des3_set3key_dec(&ctx, RSTRING_PTR(key));
} else {
des3_free(&ctx);
return mrb_nil_value();
}
if (mrb_str_cmp(mrb, mode, mrb_str_new(mrb, "CBC", 3)) == 0) {
des3_crypt_cbc(&ctx, DES_DECRYPT, RSTRING_LEN(source), RSTRING_PTR(iv),
RSTRING_PTR(source), output);
len = RSTRING_LEN(source);
} else if (mrb_str_cmp(mrb, mode, mrb_str_new(mrb, "ECB", 3)) == 0) {
des3_crypt_ecb(&ctx, RSTRING_PTR(source), output);
len = 8;
} else {
des3_free(&ctx);
return mrb_nil_value();
}
des3_free(&ctx);
return mrb_str_new(mrb, output, len);
}
static void * des3_ctx_alloc( void )
{
des3_context *des3;
des3 = (des3_context *) polarssl_malloc( sizeof( des3_context ) );
if( des3 == NULL )
return( NULL );
des3_init( des3 );
return( des3 );
}
int main( int argc, char *argv[] )
{
int keysize, i;
unsigned char tmp[200];
char title[TITLE_LEN];
todo_list todo;
if( argc == 1 )
memset( &todo, 1, sizeof( todo ) );
else
{
memset( &todo, 0, sizeof( todo ) );
for( i = 1; i < argc; i++ )
{
if( strcmp( argv[i], "md4" ) == 0 )
todo.md4 = 1;
else if( strcmp( argv[i], "md5" ) == 0 )
todo.md5 = 1;
else if( strcmp( argv[i], "ripemd160" ) == 0 )
todo.ripemd160 = 1;
else if( strcmp( argv[i], "sha1" ) == 0 )
todo.sha1 = 1;
else if( strcmp( argv[i], "sha256" ) == 0 )
todo.sha256 = 1;
else if( strcmp( argv[i], "sha512" ) == 0 )
todo.sha512 = 1;
else if( strcmp( argv[i], "arc4" ) == 0 )
todo.arc4 = 1;
else if( strcmp( argv[i], "des3" ) == 0 )
todo.des3 = 1;
else if( strcmp( argv[i], "des" ) == 0 )
todo.des = 1;
else if( strcmp( argv[i], "aes_cbc" ) == 0 )
todo.aes_cbc = 1;
else if( strcmp( argv[i], "aes_gcm" ) == 0 )
todo.aes_gcm = 1;
else if( strcmp( argv[i], "aes_ccm" ) == 0 )
todo.aes_ccm = 1;
else if( strcmp( argv[i], "camellia" ) == 0 )
todo.camellia = 1;
else if( strcmp( argv[i], "blowfish" ) == 0 )
todo.blowfish = 1;
else if( strcmp( argv[i], "havege" ) == 0 )
todo.havege = 1;
else if( strcmp( argv[i], "ctr_drbg" ) == 0 )
todo.ctr_drbg = 1;
else if( strcmp( argv[i], "hmac_drbg" ) == 0 )
todo.hmac_drbg = 1;
else if( strcmp( argv[i], "rsa" ) == 0 )
todo.rsa = 1;
else if( strcmp( argv[i], "dhm" ) == 0 )
todo.dhm = 1;
else if( strcmp( argv[i], "ecdsa" ) == 0 )
todo.ecdsa = 1;
else if( strcmp( argv[i], "ecdh" ) == 0 )
todo.ecdh = 1;
else
{
polarssl_printf( "Unrecognized option: %s\n", argv[i] );
polarssl_printf( "Available options: " OPTIONS );
}
}
}
polarssl_printf( "\n" );
memset( buf, 0xAA, sizeof( buf ) );
memset( tmp, 0xBB, sizeof( tmp ) );
#if defined(POLARSSL_MD4_C)
if( todo.md4 )
TIME_AND_TSC( "MD4", md4( buf, BUFSIZE, tmp ) );
#endif
#if defined(POLARSSL_MD5_C)
if( todo.md5 )
TIME_AND_TSC( "MD5", md5( buf, BUFSIZE, tmp ) );
#endif
#if defined(POLARSSL_RIPEMD160_C)
if( todo.ripemd160 )
TIME_AND_TSC( "RIPEMD160", ripemd160( buf, BUFSIZE, tmp ) );
#endif
#if defined(POLARSSL_SHA1_C)
if( todo.sha1 )
TIME_AND_TSC( "SHA-1", sha1( buf, BUFSIZE, tmp ) );
#endif
#if defined(POLARSSL_SHA256_C)
if( todo.sha256 )
TIME_AND_TSC( "SHA-256", sha256( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(POLARSSL_SHA512_C)
if( todo.sha512 )
TIME_AND_TSC( "SHA-512", sha512( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(POLARSSL_ARC4_C)
if( todo.arc4 )
{
arc4_context arc4;
arc4_init( &arc4 );
arc4_setup( &arc4, tmp, 32 );
TIME_AND_TSC( "ARC4", arc4_crypt( &arc4, BUFSIZE, buf, buf ) );
arc4_free( &arc4 );
}
#endif
#if defined(POLARSSL_DES_C) && defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.des3 )
{
des3_context des3;
des3_init( &des3 );
des3_set3key_enc( &des3, tmp );
TIME_AND_TSC( "3DES",
des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
des3_free( &des3 );
}
if( todo.des )
{
des_context des;
des_init( &des );
des_setkey_enc( &des, tmp );
TIME_AND_TSC( "DES",
des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
des_free( &des );
}
#endif
#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.aes_cbc )
{
aes_context aes;
aes_init( &aes );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "AES-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
aes_setkey_enc( &aes, tmp, keysize );
TIME_AND_TSC( title,
aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
}
aes_free( &aes );
}
#endif
#if defined(POLARSSL_GCM_C)
if( todo.aes_gcm )
{
gcm_context gcm;
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "AES-GCM-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
gcm_init( &gcm, POLARSSL_CIPHER_ID_AES, tmp, keysize );
TIME_AND_TSC( title,
gcm_crypt_and_tag( &gcm, GCM_ENCRYPT, BUFSIZE, tmp,
12, NULL, 0, buf, buf, 16, tmp ) );
gcm_free( &gcm );
}
}
#endif
#if defined(POLARSSL_CCM_C)
if( todo.aes_ccm )
{
ccm_context ccm;
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "AES-CCM-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
ccm_init( &ccm, POLARSSL_CIPHER_ID_AES, tmp, keysize );
TIME_AND_TSC( title,
ccm_encrypt_and_tag( &ccm, BUFSIZE, tmp,
12, NULL, 0, buf, buf, tmp, 16 ) );
ccm_free( &ccm );
}
}
#endif
#endif
#if defined(POLARSSL_CAMELLIA_C) && defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.camellia )
{
camellia_context camellia;
camellia_init( &camellia );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
camellia_setkey_enc( &camellia, tmp, keysize );
TIME_AND_TSC( title,
camellia_crypt_cbc( &camellia, CAMELLIA_ENCRYPT,
BUFSIZE, tmp, buf, buf ) );
}
camellia_free( &camellia );
}
#endif
#if defined(POLARSSL_BLOWFISH_C) && defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.blowfish )
{
blowfish_context blowfish;
blowfish_init( &blowfish );
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
blowfish_setkey( &blowfish, tmp, keysize );
TIME_AND_TSC( title,
blowfish_crypt_cbc( &blowfish, BLOWFISH_ENCRYPT, BUFSIZE,
tmp, buf, buf ) );
}
blowfish_free( &blowfish );
}
#endif
#if defined(POLARSSL_HAVEGE_C)
if( todo.havege )
{
havege_state hs;
havege_init( &hs );
TIME_AND_TSC( "HAVEGE", havege_random( &hs, buf, BUFSIZE ) );
havege_free( &hs );
}
#endif
#if defined(POLARSSL_CTR_DRBG_C)
if( todo.ctr_drbg )
{
ctr_drbg_context ctr_drbg;
if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
exit(1);
TIME_AND_TSC( "CTR_DRBG (NOPR)",
if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
exit(1) );
if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
exit(1);
ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_ON );
TIME_AND_TSC( "CTR_DRBG (PR)",
if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
exit(1) );
ctr_drbg_free( &ctr_drbg );
}
int
cbctest(int type)
{
unsigned char test_string[TEST_SIZE];
char iv[CBC_MAX_IV_SIZE];
cbc_handle_t ch;
void *eh;
int ret;
int i;
switch (type) {
case CBC_DES3_TYPE:
ret = des3_init(&eh);
break;
case CBC_AES_128_TYPE:
ret = aes_init(&eh);
break;
case CBC_AES_192_TYPE:
ret = aes_init(&eh);
break;
case CBC_AES_256_TYPE:
ret = aes_init(&eh);
break;
default:
(void) printf("Illegal encryption type\n");
return (-1);
}
if (ret != 0) {
(void) printf("Error initializing encryption algorithm\n");
return (-1);
}
bzero(iv, CBC_MAX_IV_SIZE);
switch (type) {
case CBC_DES3_TYPE:
des3_key(eh, (uint8_t *)DES3_KEY);
cbc_makehandle(&ch, eh, DES3_KEY_SIZE, DES3_BLOCK_SIZE,
DES3_IV_SIZE, des3_encrypt, des3_decrypt);
break;
case CBC_AES_128_TYPE:
aes_key(eh, (uint8_t *)AES_128_KEY, AES_128_KEY_SIZE);
cbc_makehandle(&ch, eh, AES_128_KEY_SIZE, AES_BLOCK_SIZE,
AES_IV_SIZE, aes_encrypt, aes_decrypt);
break;
case CBC_AES_192_TYPE:
aes_key(eh, (uint8_t *)AES_192_KEY, AES_192_KEY_SIZE);
cbc_makehandle(&ch, eh, AES_192_KEY_SIZE, AES_BLOCK_SIZE,
AES_IV_SIZE, aes_encrypt, aes_decrypt);
break;
case CBC_AES_256_TYPE:
aes_key(eh, (uint8_t *)AES_256_KEY, AES_256_KEY_SIZE);
cbc_makehandle(&ch, eh, AES_256_KEY_SIZE, AES_BLOCK_SIZE,
AES_IV_SIZE, aes_encrypt, aes_decrypt);
break;
default:
/* Should not happen */
(void) printf("Illegal encryption type\n");
return (-1);
}
(void) strcpy((char *)test_string, TEST);
for (i = 0; i < TEST_SIZE; i += TEST_BLOCK_SIZE) {
(void) cbc_encrypt(&ch, (uint8_t *)&test_string[i],
TEST_BLOCK_SIZE, (uint8_t *)iv);
}
if (strcmp((char *)test_string, TEST) == 0) {
(void) printf("FAILED [Encryption]\n");
goto out;
}
bzero(iv, CBC_MAX_IV_SIZE);
for (i = 0; i < TEST_SIZE; i += TEST_BLOCK_SIZE) {
(void) cbc_decrypt(&ch, (uint8_t *)&test_string[i],
TEST_BLOCK_SIZE, (uint8_t *)iv);
}
if (strcmp((char *)test_string, TEST) == 0) {
(void) printf("PASSED\n");
} else {
(void) printf("FAILED [Decryption]\n");
}
out:
switch (type) {
case CBC_DES3_TYPE:
des3_fini(eh);
break;
case CBC_AES_128_TYPE:
case CBC_AES_192_TYPE:
case CBC_AES_256_TYPE:
aes_fini(eh);
break;
default:
/* Should not happen */
(void) printf("Illegal encryption type\n");
return (-1);
}
return (0);
}
static int
load_ssh1_private(RSA *rsa, struct iovec *iov)
{
BN_CTX *ctx;
BIGNUM *aux;
MD5_CTX md;
char pass[128], comment[BUFSIZ];
u_char *p, cipher_type, digest[16];
void *dstate;
int i;
i = strlen(SSH1_MAGIC) + 1;
/* Make sure it begins with the id string. */
if (iov->iov_len < i || memcmp(iov->iov_base, SSH1_MAGIC, i) != 0)
return (-1);
p = (u_char *)iov->iov_base + i;
i = iov->iov_len - i;
/* Skip cipher_type, reserved data, bits. */
cipher_type = *p;
p += 1 + 4 + 4;
i -= 1 + 4 + 4;
/* Read public key. */
if (get_bn(rsa->n, &p, &i) < 0 || get_bn(rsa->e, &p, &i) < 0)
return (-1);
/* Read comment. */
if (get_string(comment, sizeof(comment), &p, &i) < 0)
return (-1);
/* Decrypt private key. */
if (cipher_type != 0) {
sign_passwd_cb(pass, sizeof(pass), 0, NULL);
MD5_Init(&md);
MD5_Update(&md, (const u_char *)pass, strlen(pass));
MD5_Final(digest, &md);
memset(pass, 0, strlen(pass));
if ((dstate = des3_init(digest, sizeof(digest))) == NULL)
return (-1);
des3_decrypt(p, p, i, dstate);
if (p[0] != p[2] || p[1] != p[3]) {
fprintf(stderr, "Bad passphrase for %s\n", comment);
return (-1);
}
}
else if (p[0] != p[2] || p[1] != p[3])
return (-1);
p += 4;
i -= 4;
/* Read the private key. */
if (get_bn(rsa->d, &p, &i) < 0 ||
get_bn(rsa->iqmp, &p, &i) < 0)
return (-1);
/* In SSL and SSH v1 p and q are exchanged. */
if (get_bn(rsa->q, &p, &i) < 0 ||
get_bn(rsa->p, &p, &i) < 0)
return (-1);
/* Calculate p-1 and q-1. */
ctx = BN_CTX_new();
aux = BN_new();
BN_sub(aux, rsa->q, BN_value_one());
BN_mod(rsa->dmq1, rsa->d, aux, ctx);
BN_sub(aux, rsa->p, BN_value_one());
BN_mod(rsa->dmp1, rsa->d, aux, ctx);
BN_clear_free(aux);
BN_CTX_free(ctx);
return (0);
}
