/*AES128 decryption*/
int Aes128_Dec(byte_t * cipherText,int cilen,byte_t * key,int keylen,byte_t * plainText)
{
if(!cipherText || cilen<=0 || !key || keylen!=16 || !plainText)
return -1;
int i=0,ret=0;
if(cilen<16)
return -1;
state_put(cipherText,plainText);
key_expansion(key,W);
i=10;
state_add_rou_key(plainText,W+i*4);
i--;
while(i>0){
if(istate_rshift_bvary(plainText)<0)
return -1;
if(state_add_rou_key(plainText,W+i*4)<0)
return -1;
istate_mix_columns(plainText);
i--;
}
if(istate_rshift_bvary(plainText)<0)
return -1;
if(state_add_rou_key(plainText,W+i*4)<0)
return -1;
return 0;
}
int Aes128cbc_Pkcs7_Dec(byte_t * cipherText,int cilen,byte_t * key,int keylen,byte_t * plainText,int * ptlen,const byte_t * iv)
{
if(!cipherText || cilen<=0 || !key || keylen!=16 || !plainText)
return -1;
int i=0,ret=0;
byte_t inPadBuf[16];
state_put(cipherText,plainText);
key_expansion(key,W);
i=10;
state_add_rou_key(plainText,W+i*4);
i--;
while(i>0){
if(istate_rshift_bvary(plainText)<0)
return -1;
if(state_add_rou_key(plainText,W+i*4)<0)
return -1;
istate_mix_columns(plainText);
i--;
}
if(istate_rshift_bvary(plainText)<0)
return -1;
if(state_add_rou_key(plainText,W+i*4)<0)
return -1;
int j;
for(i=0;i<4;i++)
for(j=0;j<4;j++)
plainText[i*4+j]=plainText[i*4+j]^iv[j*4+i];
reverse4x(plainText);
//depkcs7
PKCS7_UnPad(plainText,16,16,ptlen);
return 0;
}
/*AES128 encryption*/
int Aes128_Enc(byte_t * input,int inlen,byte_t * key,int keylen,byte_t * output)
{
if(!input || inlen!=16 || !key || keylen!=16 || !output)
return -1;
int i=0,ret=0;
state_put(input,output);
key_expansion(key,W);
i=0;
state_add_rou_key(output,W+i*4);
i++;
while(i<10){
if(state_bvary_lshift(output)<0)
return -1;
state_mix_columns(output);
if(state_add_rou_key(output,W+i*4)<0)
return -1;
i++;
}
if(state_bvary_lshift(output)<0)
return -1;
if(state_add_rou_key(output,W+i*4)<0)
return -1;
return 0;
}
static void
process(bl_t bl)
{
struct sockaddr_storage rss;
socklen_t rsl;
char rbuf[BUFSIZ];
bl_info_t *bi;
struct conf c;
struct dbinfo dbi;
struct timespec ts;
if (clock_gettime(CLOCK_REALTIME, &ts) == -1) {
(*lfun)(LOG_ERR, "clock_gettime failed (%m)");
return;
}
if ((bi = bl_recv(bl)) == NULL) {
(*lfun)(LOG_ERR, "no message (%m)");
return;
}
if (getremoteaddress(bi, &rss, &rsl) == -1)
goto out;
if (debug) {
sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss);
(*lfun)(LOG_DEBUG, "processing type=%d fd=%d remote=%s msg=%s"
" uid=%lu gid=%lu", bi->bi_type, bi->bi_fd, rbuf,
bi->bi_msg, (unsigned long)bi->bi_uid,
(unsigned long)bi->bi_gid);
}
if (conf_find(bi->bi_fd, bi->bi_uid, &rss, &c) == NULL) {
(*lfun)(LOG_DEBUG, "no rule matched");
goto out;
}
if (state_get(state, &c, &dbi) == -1)
goto out;
if (debug) {
char b1[128], b2[128];
(*lfun)(LOG_DEBUG, "%s: db state info for %s: count=%d/%d "
"last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail,
fmttime(b1, sizeof(b1), dbi.last),
fmttime(b2, sizeof(b2), ts.tv_sec));
}
switch (bi->bi_type) {
case BL_ADD:
dbi.count++;
dbi.last = ts.tv_sec;
if (dbi.id[0]) {
/*
* We should not be getting this since the rule
* should have blocked the address. A possible
* explanation is that someone removed that rule,
* and another would be that we got another attempt
* before we added the rule. In anycase, we remove
* and re-add the rule because we don't want to add
* it twice, because then we'd lose track of it.
*/
(*lfun)(LOG_DEBUG, "rule exists %s", dbi.id);
(void)run_change("rem", &c, dbi.id, 0);
dbi.id[0] = '\0';
}
if (c.c_nfail != -1 && dbi.count >= c.c_nfail) {
int res = run_change("add", &c, dbi.id, sizeof(dbi.id));
if (res == -1)
goto out;
sockaddr_snprintf(rbuf, sizeof(rbuf), "%a",
(void *)&rss);
(*lfun)(LOG_INFO,
"blocked %s/%d:%d for %d seconds",
rbuf, c.c_lmask, c.c_port, c.c_duration);
}
break;
case BL_DELETE:
if (dbi.last == 0)
goto out;
dbi.last = 0;
break;
default:
(*lfun)(LOG_ERR, "unknown message %d", bi->bi_type);
}
if (state_put(state, &c, &dbi) == -1)
goto out;
out:
close(bi->bi_fd);
}