void cmd_start_crypt_out(struct ctrl_command *cmd)
{
#ifdef HAVE_LIBCRYPTO
if (out_state.crypt)
send_error("can't start encryption - already started!");
if (!out_state.crypt_state.cipher)
send_error("can't start encryption - no cipher set!");
if (!out_state.crypt_state.key)
send_error("can't start encryption - no key set!");
out_state.crypt = 1;
if (!EVP_EncryptInit(&out_state.crypt_state.ctx,
out_state.crypt_state.cipher, NULL, NULL))
send_error("can't start encryption - EncryptInit (1) failed: %s!",
ERR_error_string(ERR_get_error(), NULL));
/*
* XXX - ugly hack to work around OpenSSL bug
* if/when OpenSSL fix it, or give proper workaround
* use that, and force minimum OpenSSL version
*
* Without this hack, BF/256 will fail.
*/
/* cast to avoid warning */
*(unsigned int *)(&out_state.crypt_state.ctx.cipher->flags)
|= EVP_CIPH_VARIABLE_LENGTH;
if (!EVP_CIPHER_CTX_set_key_length(&out_state.crypt_state.ctx,
out_state.crypt_state.keylen))
send_error("can't start encryption - set_key_length failed: %s!",
ERR_error_string(ERR_get_error(), NULL));
out_state.crypt_state.ivlen =
EVP_CIPHER_CTX_iv_length(&out_state.crypt_state.ctx);
if (out_state.crypt_state.ivlen)
out_state.crypt_state.iv = calloc(out_state.crypt_state.ivlen, 1);
if (out_state.crypt_state.rounds)
{
if (!EVP_CIPHER_CTX_ctrl(&out_state.crypt_state.ctx,
EVP_CTRL_SET_RC5_ROUNDS,
out_state.crypt_state.rounds, NULL))
send_error("can't start encryption - SET_RC5_ROUNDS failed: %s!",
ERR_error_string(ERR_get_error(), NULL));
}
if (!EVP_EncryptInit(&out_state.crypt_state.ctx,
NULL,
out_state.crypt_state.key,
out_state.crypt_state.iv))
send_error("can't start encryption - EncryptInit (2) failed: %s!",
ERR_error_string(ERR_get_error(), NULL));
#else
send_error("can't start encryption - no OpenSSL suppport!");
#endif
}
void
cmd_start_crypt_out(struct ctrl_command *cmd)
{
#ifdef HAVE_LIBCRYPTO
if (out_state.crypt)
send_error("can't start encryption - already started!");
if (!out_state.crypt_state.cipher)
send_error("can't start encryption - no cipher set!");
if (!out_state.crypt_state.key)
send_error("can't start encryption - no key set!");
out_state.crypt = 1;
if (!EVP_EncryptInit(&out_state.crypt_state.ctx,
out_state.crypt_state.cipher, NULL, NULL))
send_error("can't start encryption - EncryptInit (1) failed: %s!",
ERR_error_string(ERR_get_error(), NULL));
if (!EVP_CIPHER_CTX_set_key_length(&out_state.crypt_state.ctx,
out_state.crypt_state.keylen))
send_error("can't start encryption - set_key_length failed: %s!",
ERR_error_string(ERR_get_error(), NULL));
out_state.crypt_state.ivlen =
EVP_CIPHER_CTX_iv_length(&out_state.crypt_state.ctx);
if (out_state.crypt_state.ivlen)
out_state.crypt_state.iv = calloc(out_state.crypt_state.ivlen, 1);
if (out_state.crypt_state.rounds)
{
if (!EVP_CIPHER_CTX_ctrl(&out_state.crypt_state.ctx,
EVP_CTRL_SET_RC5_ROUNDS,
out_state.crypt_state.rounds, NULL))
send_error("can't start encryption - SET_RC5_ROUNDS failed: %s!",
ERR_error_string(ERR_get_error(), NULL));
}
if (!EVP_EncryptInit(&out_state.crypt_state.ctx,
NULL,
out_state.crypt_state.key,
out_state.crypt_state.iv))
send_error("can't start encryption - EncryptInit (2) failed: %s!",
ERR_error_string(ERR_get_error(), NULL));
#else
send_error("can't start encryption - no OpenSSL suppport!");
#endif
}
wi_cipher_t * wi_cipher_init_with_key(wi_cipher_t *cipher, wi_cipher_type_t type, wi_data_t *key, wi_data_t *iv) {
unsigned char *key_buffer, *iv_buffer;
cipher->type = type;
cipher->cipher = _wi_cipher_cipher(cipher);
key_buffer = (unsigned char *) wi_data_bytes(key);
iv_buffer = iv ? (unsigned char *) wi_data_bytes(iv) : NULL;
if(EVP_EncryptInit(&cipher->encrypt_ctx, cipher->cipher, NULL, NULL) != 1) {
wi_error_set_openssl_error();
wi_release(cipher);
return NULL;
}
if(EVP_DecryptInit(&cipher->decrypt_ctx, cipher->cipher, NULL, NULL) != 1) {
wi_error_set_openssl_error();
wi_release(cipher);
return NULL;
}
_wi_cipher_configure_cipher(cipher);
if(EVP_EncryptInit(&cipher->encrypt_ctx, cipher->cipher, key_buffer, iv_buffer) != 1) {
wi_error_set_openssl_error();
wi_release(cipher);
return NULL;
}
if(EVP_DecryptInit(&cipher->decrypt_ctx, cipher->cipher, key_buffer, iv_buffer) != 1) {
wi_error_set_openssl_error();
wi_release(cipher);
return NULL;
}
cipher->key = wi_retain(key);
cipher->iv = wi_retain(iv);
return cipher;
}
/**
* @ingroup TestOpenssl
* @brief AES256 암호화 테스트
*/
void AES256( )
{
const char * pszKey = "12345678901234567890123456789012";
const char * pszIv = "1234567890123456";
const char * pszInput = "ABCD";
char szOutput[255];
int iOutputLen, iLen;
OpenSSL_add_all_ciphers();
const EVP_CIPHER * psttCipher = EVP_get_cipherbyname( "aes256" );
EVP_CIPHER_CTX sttCtx;
memset( szOutput, 0, sizeof(szOutput) );
EVP_CIPHER_CTX_init( &sttCtx );
EVP_EncryptInit( &sttCtx, psttCipher, (const unsigned char *)pszKey, (const unsigned char *)pszIv );
EVP_EncryptUpdate( &sttCtx, (uint8_t *)szOutput, &iOutputLen, (uint8_t *)pszInput, strlen(pszInput) );
EVP_EncryptFinal( &sttCtx, (uint8_t *)szOutput + iOutputLen, &iLen );
EVP_CIPHER_CTX_cleanup( &sttCtx );
iOutputLen += iLen;
for( int i = 0; i < iOutputLen; ++i )
{
printf( "%02X", (uint8_t)szOutput[i] );
}
printf( "\n" );
EVP_cleanup();
}
/** Set the key of <b>cipher</b> to <b>key</b>, which is
* <b>key_bits</b> bits long (must be 128, 192, or 256). Also resets
* the counter to 0.
*/
static void
aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits)
{
if (should_use_EVP) {
const EVP_CIPHER *c = 0;
switch (key_bits) {
case 128: c = EVP_aes_128_ecb(); break;
case 192: c = EVP_aes_192_ecb(); break;
case 256: c = EVP_aes_256_ecb(); break;
default: tor_assert(0);
}
EVP_EncryptInit(&cipher->key.evp, c, (const unsigned char*)key, NULL);
cipher->using_evp = 1;
} else {
AES_set_encrypt_key((const unsigned char *)key, key_bits,&cipher->key.aes);
cipher->using_evp = 0;
}
#ifdef USING_COUNTER_VARS
cipher->counter0 = 0;
cipher->counter1 = 0;
cipher->counter2 = 0;
cipher->counter3 = 0;
#endif
memset(cipher->ctr_buf.buf, 0, sizeof(cipher->ctr_buf.buf));
cipher->pos = 0;
memset(cipher->buf, 0, sizeof(cipher->buf));
}
static int
lencrypt (lua_State *L) {
size_t len = 0;
const char *text = lua_tolstring (L, 1, &len);
const char *key = lua_tostring (L, 2);
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
unsigned char iv[16] = { 0 };
char *output = malloc (len + AES_BLOCK_SIZE);
int olen1;
int olen2;
EVP_EncryptInit (ctx, EVP_aes_128_cbc(), (unsigned char *)key, iv);
EVP_EncryptUpdate (ctx, (unsigned char *)output, &olen1, (const unsigned char *)text, len);
int ok = EVP_EncryptFinal (ctx, (unsigned char *)output + olen1, &olen2);
if (!ok) {
free (output);
EVP_CIPHER_CTX_free (ctx);
return 0;
}
lua_pushlstring (L, output, olen1 + olen2);
free (output);
EVP_CIPHER_CTX_free (ctx);
return 1;
}
std::string encrypt_aes256(const std::string& plain,const std::string& key,const std::string& iv)
{
std::string cipher;
cipher.resize((plain.size()/AES_BLOCK_SIZE+1)*AES_BLOCK_SIZE);
EVP_CIPHER_CTX* ctx=nullptr;
try
{
ctx=EVP_CIPHER_CTX_new();
if(key.size()!=AES256_KEY_SIZE)
throw std::runtime_error("encrypt_aes256() - Given key size is invalid ("+
std::to_string(AES256_KEY_SIZE)+"bytes ).");
int temp_length;
int temp_unaligned_length;
if(ctx==nullptr)
throw std::runtime_error("encrypt_aes256() - Creating a EVP_CIPHER_CTX failed.");
if(EVP_CIPHER_CTX_set_padding(ctx,1)==0)
throw std::runtime_error("encrypt_aes256() - EVP_CIPHER_CTX_set_padding failed.");
if(EVP_EncryptInit(ctx,EVP_aes_256_cbc(),(uint8_t*)key.data(),(uint8_t*)iv.data())==0)
throw std::runtime_error("encrypt_aes256() - EVP_EncryptInit failed.");
if(EVP_EncryptUpdate(ctx,(uint8_t*)cipher.data(),&temp_length,(uint8_t*)plain.data(),plain.size())==0)
throw std::runtime_error("encrypt_aes256() - EVP_EncryptUpdate failed.");
if(EVP_EncryptFinal(ctx,(uint8_t*)cipher.data()+temp_length,&temp_unaligned_length)==0)
throw std::runtime_error("encrypt_aes256() - EVP_EncryptFinal failed.");
cipher.resize(temp_length+temp_unaligned_length);
}
catch(...)
{
aes_cleanup(ctx);
throw;
}
aes_cleanup(ctx);
return cipher;
}
unsigned char * aes_oneshot_encrypt( unsigned char * key, int key_len,
unsigned char * salt, int salt_len,
unsigned char * data, int data_len,
int * out_len)
{
int nalloc = 0;
int npartial = 0;
int nfinal = 0;
unsigned char * encrypted = 0;
unsigned char key_buff[SHA256_DIGEST_LENGTH];
unsigned char iv_buff[SHA256_DIGEST_LENGTH];
*out_len = 0;
SHA256( key, key_len, key_buff );
SHA256( salt, salt_len, iv_buff );
EVP_CIPHER_CTX ctx;
EVP_EncryptInit(&ctx, EVP_aes_256_cbc(), key_buff, iv_buff);
nalloc = data_len + EVP_CIPHER_CTX_block_size(&ctx);
encrypted = malloc( nalloc );
EVP_EncryptUpdate(&ctx, encrypted, &npartial, data, data_len);
EVP_EncryptFinal_ex(&ctx, encrypted+npartial, &nfinal);
*out_len = npartial + nfinal;
return encrypted;
}
DBT *encrypt(unsigned char *unenc, unsigned long size)
{
unsigned char *safepasswd;
EVP_CIPHER_CTX ctx;
DBT *encoded;
int olen, tlen;
FUNC;
safepasswd = safepassword();
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit(&ctx, EVP_bf_cbc(), safepasswd, config->iv);
encoded = s_malloc(sizeof(DBT));
encoded->data = s_malloc(8 + size); //Blowfish can grow 64 bits
if (EVP_EncryptUpdate(&ctx, encoded->data, &olen, unenc, size) != 1) {
die_cryptoerr("error in encrypt update\n");
}
if (EVP_EncryptFinal(&ctx, encoded->data + olen, &tlen) != 1) {
die_cryptoerr("error in encrypt final\n");
}
EVP_CIPHER_CTX_cleanup(&ctx);
encoded->size = olen + tlen;
if (encoded->size > 8 + size) {
die_cryptoerr
("Unexpected fatal error : data has grown in size after encryption.\n");
}
free(safepasswd);
EFUNC;
return encoded;
}
int data_encrypt(unsigned char *src, unsigned char *dst, int len, struct peer *p)
{
int tlen, olen;
if (encryption_disabled){
memcpy(dst,src,len);
return len;
}
if (!ctx_initialized) {
EVP_CIPHER_CTX_init (&ctx);
ctx_initialized = 1;
}
EVP_EncryptInit (&ctx, EVP_bf_cbc (), p->key, p->iv);
if (EVP_EncryptUpdate (&ctx, dst, &olen, src, len) != 1)
{
fprintf (stderr,"error in encrypt update\n");
olen = -1;
goto cleanup;
}
if (EVP_EncryptFinal (&ctx, dst + olen, &tlen) != 1)
{
fprintf (stderr,"error in encrypt final\n");
olen = -1;
goto cleanup;
}
olen += tlen;
cleanup:
EVP_CIPHER_CTX_cleanup(&ctx);
return olen;
}
char *
CGI_encrypt(const void *p, int len, const char *password) {
EVP_CIPHER_CTX ctx;
unsigned char md[DIGEST_SIZE];
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char key[EVP_MAX_KEY_LENGTH];
unsigned char *out;
char *b64;
int offset, rlen;
if (p == 0 || len <= 0 || password == 0 || *password == 0) {
return 0;
}
out = malloc(SALT_SIZE + DIGEST_SIZE + len + EVP_MAX_BLOCK_LENGTH);
init_salt(out);
digest(p, len, password, out, md);
EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), out,
(unsigned char *) password, strlen(password), 1, key, iv);
EVP_EncryptInit(&ctx, EVP_aes_256_cbc(), key, iv);
offset = SALT_SIZE;
EVP_EncryptUpdate(&ctx, out + offset, &rlen, md, DIGEST_SIZE);
offset += rlen;
EVP_EncryptUpdate(&ctx, out + offset, &rlen, p, len);
offset += rlen;
EVP_EncryptFinal(&ctx, out + offset, &rlen);
b64 = CGI_encode_base64(out, offset + rlen);
free(out);
return b64;
}
int Init_GCM(JNIEnv* env, jobject obj, jbyteArray key, jbyteArray iv, jint mode) {
jbyte* keyBytes = (*env)->GetByteArrayElements(env, key, NULL);
if (!keyBytes) {
return CRYPTO_FAILURE;
}
jbyte* ivBytes = (*env)->GetByteArrayElements(env, iv, NULL);
if (!ivBytes) {
(*env)->ReleaseByteArrayElements(env, key, keyBytes, JNI_ABORT);
return CRYPTO_FAILURE;
}
GCM_JNI_CTX* ctx = Create_GCM_JNI_CTX(keyBytes, ivBytes);
Set_GCM_JNI_CTX(env, obj, ctx);
(*env)->ReleaseByteArrayElements(env, key, keyBytes, JNI_ABORT);
(*env)->ReleaseByteArrayElements(env, iv, ivBytes, JNI_ABORT);
if (mode == GCM_ENCRYPT_MODE) {
if (!EVP_EncryptInit(ctx->cipherCtx, EVP_aes_128_gcm(), ctx->key, ctx->iv)) {
return CRYPTO_FAILURE;
}
} else if (mode == GCM_DECRYPT_MODE) {
if (!EVP_DecryptInit(ctx->cipherCtx, EVP_aes_128_gcm(), ctx->key, ctx->iv)) {
return CRYPTO_FAILURE;
}
} else {
return CRYPTO_FAILURE;
}
return CRYPTO_SUCCESS;
}
const char* encrypt(unsigned char* inbuff, int inbuff_len, unsigned char* key, unsigned char* iv)
{
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit(&ctx, EVP_bf_cbc(), key, iv);
unsigned char* outbuf = (unsigned char *)malloc(sizeof(unsigned char) * BUF_SIZE);
memset(outbuf, 0, BUF_SIZE);
int olen=0, tlen=0;
if (EVP_EncryptUpdate(&ctx, outbuf, &olen, inbuff, inbuff_len) != 1) {
LOGE("Error in encrypt update");
return 0;
}
if (EVP_EncryptFinal(&ctx, outbuf + olen, &tlen) != 1) {
std::ostringstream err;
err << "Error in encrypt final: " << strerror(errno);
LOGE(err.str().c_str());
return 0;
}
EVP_CIPHER_CTX_cleanup(&ctx);
return (const char*) outbuf;
}
enum snmp_code
snmp_pdu_encrypt(const struct snmp_pdu *pdu)
{
int32_t err, olen;
uint8_t iv[SNMP_PRIV_AES_IV_SIZ];
const EVP_CIPHER *ctype;
EVP_CIPHER_CTX ctx;
err = snmp_pdu_cipher_init(pdu, pdu->scoped_len, &ctype, iv);
if (err < 0)
return (SNMP_CODE_EDECRYPT);
else if (err == 0)
return (SNMP_CODE_OK);
if (EVP_EncryptInit(&ctx, ctype, pdu->user.priv_key, iv) != 1)
return (SNMP_CODE_FAILED);
if (EVP_EncryptUpdate(&ctx, pdu->scoped_ptr, &olen, pdu->scoped_ptr,
pdu->scoped_len) != 1 ||
EVP_EncryptFinal(&ctx, pdu->scoped_ptr + olen, &olen) != 1) {
EVP_CIPHER_CTX_cleanup(&ctx);
return (SNMP_CODE_FAILED);
}
EVP_CIPHER_CTX_cleanup(&ctx);
return (SNMP_CODE_OK);
}
bool AesCbcCipher::encrypt(const Vuc& in, Vuc& out)
{
// according to the openssl docs:
// the amount of data written may be as large as (in.size() + cipher_block_size - 1)
size_t outSize = in.size() + AES_BLOCK_SIZE - 1;
// the output buffer must also be a multiple of blocksize
if ((outSize % AES_BLOCK_SIZE) != 0)
outSize = ((outSize / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE;
out.resize(outSize, 0);
// init encryption
ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free> ctx(EVP_CIPHER_CTX_new());
EVP_EncryptInit(ctx.get(), getCipher(), &key_[0], &iv_[0]);
// do the encrypt; must keep track of the number of bytes produced
int nBytes = 0;
EVP_EncryptUpdate(ctx.get(), &out[0], &nBytes, &in[0], in.size());
int nTotalBytes = nBytes;
EVP_EncryptFinal(ctx.get(), &out[nBytes], &nBytes);
nTotalBytes += nBytes;
// the actual output size is in nTotalBytes
assert(nTotalBytes);
Vuc(out.begin(), out.begin()+nTotalBytes).swap(out); // shrink to fit
return true;
}
ndn_Error
ndn_AesAlgorithm_encrypt128Cbc
(const uint8_t *key, size_t keyLength, const uint8_t *initialVector,
size_t initialVectorLength, const uint8_t *plainData,
size_t plainDataLength, uint8_t *encryptedData, size_t *encryptedDataLength)
{
EVP_CIPHER_CTX *ctx;
int outLength1, outLength2;
if (keyLength != ndn_AES_128_BLOCK_SIZE)
return NDN_ERROR_Incorrect_key_size;
if (initialVectorLength != ndn_AES_128_BLOCK_SIZE)
return NDN_ERROR_Incorrect_initial_vector_size;
ctx = EVP_CIPHER_CTX_new();
if (!ctx)
return NDN_ERROR_Error_in_encrypt_operation;
EVP_EncryptInit
(ctx, EVP_aes_128_cbc(), (const unsigned char*)key,
(const unsigned char*)initialVector);
EVP_EncryptUpdate
(ctx, (unsigned char*)encryptedData, &outLength1,
(const unsigned char*)plainData, plainDataLength);
EVP_EncryptFinal
(ctx, (unsigned char*)encryptedData + outLength1, &outLength2);
EVP_CIPHER_CTX_free(ctx);
*encryptedDataLength = outLength1 + outLength2;
return NDN_ERROR_success;
}
aes_cnt_cipher_t *
aes_new_cipher(const char *key, const char *iv)
{
EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
EVP_EncryptInit(cipher, EVP_aes_128_ctr(),
(const unsigned char*)key, (const unsigned char *)iv);
return (aes_cnt_cipher_t *) cipher;
}
/**
* @brief Performs basic Encrypt-then-MAC style Authenticated Encryption.
*
* @param[in] ekey a buffer holding the ENC key
* @param[in] ekey_len len of ekey buffer
* @param[in] mkey a buffer holding the MAC key
* @param[in] mkey_len len of mkey buffer
* @param[in] input the plaintext message
* @param[in] input_len len of message buffer
* @param[in,out] ctxt an allocated buffer, will hold the ciphertext
* @param[in,out] ctxt_len length of buffer, will hold length of ciphertext
* @param[in,out] mac an allocated buffer, will hold the MAC
* @param[in,out] mac_len length of buffer, will hold length of MAC
* @param[in,out] iv a randomly chosen iv (optional)
* @param[in] iv_len length of buffer for iv (optional)
* @return 0 on success, non-zero on error
**/
int encrypt_then_mac(const unsigned char *ekey, size_t ekey_len,
const unsigned char *mkey, size_t mkey_len,
const unsigned char *input, size_t input_len,
unsigned char *ctxt, size_t *ctxt_len,
unsigned char *mac, size_t *mac_len,
unsigned char *iv, size_t iv_len)
{
EVP_CIPHER_CTX *ctx;
ctx = EVP_CIPHER_CTX_new();
EVP_CIPHER *cipher = NULL;
int len;
if (!ekey || !ekey_len || !mkey || !mkey_len ||
!input_len || !ctxt || !ctxt_len || !mac || !mac_len)
return -1;
OpenSSL_add_all_algorithms();
EVP_CIPHER_CTX_init(ctx);
switch(ekey_len){
case 16:
cipher = (EVP_CIPHER *)EVP_aes_128_cbc();
break;
case 24:
cipher = (EVP_CIPHER *)EVP_aes_192_cbc();
break;
case 32:
cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
break;
default:
return -1;
}
if (iv && iv_len) {
if (!RAND_bytes(iv, iv_len)) goto cleanup;
}
if (!EVP_EncryptInit(ctx, cipher, ekey, iv)) goto cleanup;
*ctxt_len = 0;
if (!EVP_EncryptUpdate(ctx, ctxt, (int *) ctxt_len, input, input_len))
goto cleanup;
EVP_EncryptFinal(ctx, ctxt + *ctxt_len, &len);
*ctxt_len += len;
// Do the HMAC-SHA1
*mac_len = 0;
if (!HMAC(EVP_sha1(), mkey, mkey_len, ctxt, *ctxt_len,
mac, (unsigned int *) mac_len))
goto cleanup;
EVP_CIPHER_CTX_cleanup(ctx);
return 0;
cleanup:
if (ctxt_len) *ctxt_len = 0;
if (mac_len) *mac_len = 0;
return 1;
}
static int
aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc) /* init key */
{
/*
* variable "c" is leaked from this scope, but is later freed
* in aes_ctr_cleanup
*/
aes_ctr_ctx *c;
const EVP_CIPHER *aes_cipher;
(void) enc;
switch(EVP_CIPHER_CTX_key_length(ctx)) {
case 16:
aes_cipher = EVP_aes_128_ecb();
break;
case 24:
aes_cipher = EVP_aes_192_ecb();
break;
case 32:
aes_cipher = EVP_aes_256_ecb();
break;
default:
return 0;
}
c = malloc(sizeof(*c));
if(c == NULL)
return 0;
#ifdef HAVE_OPAQUE_STRUCTS
c->aes_ctx = EVP_CIPHER_CTX_new();
#else
c->aes_ctx = malloc(sizeof(EVP_CIPHER_CTX));
#endif
if(c->aes_ctx == NULL) {
free(c);
return 0;
}
if(EVP_EncryptInit(c->aes_ctx, aes_cipher, key, NULL) != 1) {
#ifdef HAVE_OPAQUE_STRUCTS
EVP_CIPHER_CTX_free(c->aes_ctx);
#else
free(c->aes_ctx);
#endif
free(c);
return 0;
}
EVP_CIPHER_CTX_set_padding(c->aes_ctx, 0);
memcpy(c->ctr, iv, AES_BLOCK_SIZE);
EVP_CIPHER_CTX_set_app_data(ctx, c);
return 1;
}
int openssl_encrypt(struct emvpn_socket *v, uint8_t *to, uint8_t *from, int len)
{
int clen, flen = 0;
EVP_CIPHER_CTX_init(&enc);
EVP_EncryptInit(&enc, EVP_aes_256_cbc(), v->key.key, v->key.iv);
EVP_EncryptUpdate(&enc, to, &clen, from, len);
EVP_EncryptFinal_ex(&enc, to + clen, &flen);
return clen + (flen % 16) ;
}
int
main(int argc, char** argv)
{
// get data to encrypt.
//
if (argc != 3) {
printf("Usage: %s <base64 enc key> <data to encryt>\n",
argv[0]);
return 0;
}
// base64 decode key
//
BIO *mbio = BIO_new_mem_buf(argv[1], strlen(argv[1]));
BIO *b64bio = BIO_new(BIO_f_base64());
BIO_set_flags(b64bio, BIO_FLAGS_BASE64_NO_NL);
BIO *bio = BIO_push(b64bio, mbio);
char key[256];
size_t keylen = 0;
keylen = BIO_read(bio, key, sizeof(key));
BIO_free(mbio);
BIO_free(b64bio);
// encrypt the data
//
char out[256];
int outlen = 0;
EVP_CIPHER_CTX ctx;
EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL);
EVP_EncryptUpdate(&ctx, out, &outlen, argv[2], strlen(argv[2]));
EVP_EncryptFinal(&ctx, out, &outlen);
EVP_CIPHER_CTX_cleanup(&ctx);
// base64 encode encrypted data
//
mbio = BIO_new(BIO_s_mem());
b64bio = BIO_new(BIO_f_base64());
BIO_set_flags(b64bio, BIO_FLAGS_BASE64_NO_NL);
bio = BIO_push(b64bio, mbio);
BIO_write(bio, out, outlen);
BIO_flush(bio);
char* data = NULL;
size_t datalen = 0;
datalen = BIO_get_mem_data(mbio, &data);
data[datalen] = '\0';
printf("encrypted data: [%s]\n", data);
BIO_free(mbio);
BIO_free(b64bio);
return 0;
}
EVP_CIPHER_CTX* CreateCTX(GByte* pabyKey, GByte* pabyIV, bool bDecrypt)
{
EVP_CIPHER_CTX* pstCTX = new EVP_CIPHER_CTX;
const EVP_CIPHER * cipher = NULL;
EVP_CIPHER_CTX_init(pstCTX);
wxGISAppConfig oConfig = GetConfig();
if(oConfig.IsOk())
{
wxString sMode = oConfig.Read(enumGISHKCU, wxString(wxT("wxGISCommon/crypt/mode")), wxString(ERR));
#ifndef OPENSSL_NO_AES
if(sMode.IsSameAs(wxString(wxT("AES")), false))
cipher = EVP_aes_256_cfb();
#endif
#ifndef OPENSSL_NO_IDEA
if(sMode.IsSameAs(wxString(wxT("IDEA")), false))
cipher = EVP_idea_cbc();
#endif
#ifndef OPENSSL_NO_RC2
if(sMode.IsSameAs(wxString(wxT("RC2")), false))
cipher = EVP_rc2_cbc();
#endif
#ifndef OPENSSL_NO_BF
if(sMode.IsSameAs(wxString(wxT("BF")), false))
cipher = EVP_bf_cbc();
#endif
#ifndef OPENSSL_NO_CAST
if(sMode.IsSameAs(wxString(wxT("CAST5")), false))
cipher = EVP_cast5_cbc();
#endif
#ifndef OPENSSL_NO_DES
if(NULL == cipher || sMode.IsSameAs(wxString(ERR)) || sMode.IsSameAs(wxString(wxT("DES")), false))
cipher = EVP_des_cfb();
#endif
}
else
#ifndef OPENSSL_NO_DES
cipher = EVP_des_cfb();
#else
return NULL;
#endif
if(NULL == cipher)
return NULL;
bool bResult;
if(bDecrypt)
bResult = EVP_EncryptInit(pstCTX, cipher, pabyKey, pabyIV);
else
bResult = EVP_DecryptInit(pstCTX, cipher, pabyKey, pabyIV);
if(!bResult)
return NULL;
return pstCTX;
}
int Crypto::initEnc(unsigned char key[16], unsigned char iv[8])
{
memcpy(m_pcKey, key, 16);
memcpy(m_pcIV, iv, 8);
EVP_CIPHER_CTX_init(&m_CTX);
EVP_EncryptInit(&m_CTX, EVP_bf_cbc(), m_pcKey, m_pcIV);
m_iCoderType = 1;
return 0;
}
/*
tlamijan
*/
int main(void) {
unsigned char ot[1024]; // open text
unsigned char st[1024]; // sifrovany text
unsigned char key[EVP_MAX_KEY_LENGTH] = "Super tajny klic"; // klic pro sifrovani
unsigned char iv[EVP_MAX_IV_LENGTH] = "vector unknown"; // inicializacni vektor
const char * filename = "Mad_scientist.bmp";
const char * outfilename = "Mad_scientist_aes_cbc.bmp";
int otLength = 0;
int stLength = 0;
int tmpLength = 0;
int readlen = 0;
char header[14];
unsigned int offset = 0;
EVP_CIPHER_CTX ctx; // struktura pro kontext
FILE * fin = fopen(filename,"rb");
FILE * fout = fopen(outfilename,"w+b");
if(!fin){
printf("File not found");
}
fread(header,1,14,fin);
fwrite(header,1,14,fout);
offset = (unsigned int)*(&header[10]);
offset -= 14;
while(offset > 1024){
fread(ot,1,1024,fin);
fwrite(ot,1,1024,fout);
offset -= 1024;
}
fread(ot,1,offset,fin);
fwrite(ot,1,offset,fout);
EVP_EncryptInit(&ctx, EVP_aes_256_cbc(), key, iv); // nastaveni kontextu pro sifrovani
do{
readlen = fread(ot,1,1024,fin);
EVP_EncryptUpdate(&ctx, st, &stLength, ot, readlen); // sifrovani ot
fwrite(st,1,stLength,fout);
}while(readlen == 1024);
EVP_EncryptFinal(&ctx, &st[stLength], &tmpLength); // ziskani sifrovaneho textu z kontextu
fwrite(&st[stLength],1,tmpLength,fout);
stLength += tmpLength;
fclose(fin);
fclose(fout);
exit(0);
}
/** Encrypt a buffer.
* Uses the cipher set in the constructor.
* @param plain plain text data
* @param enc upon return contains encrypted buffer
*/
void
BufferEncryptor::encrypt(const std::string &plain, std::string &enc)
{
#ifdef HAVE_LIBCRYPTO
const EVP_CIPHER *evp_cipher = cipher_by_id(cipher_id_);
const size_t iv_size = EVP_CIPHER_iv_length(evp_cipher);
unsigned char iv_hash[SHA256_DIGEST_LENGTH];
unsigned char *enc_m = (unsigned char *)enc.c_str();
if (iv_size > 0) {
iv_ += 1;
if (! SHA256((unsigned char *)&iv_, sizeof(iv_), iv_hash)) {
throw std::runtime_error("Failed to generate IV");
}
enc.replace(0, iv_size, (char *)iv_hash, iv_size);
enc_m += iv_size;
}
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
if ( ! EVP_EncryptInit(ctx, evp_cipher, key_, iv_hash))
{
EVP_CIPHER_CTX_free(ctx);
throw std::runtime_error("Could not initialize cipher context");
}
int outl = enc.size() - iv_size;
if ( ! EVP_EncryptUpdate(ctx, enc_m, &outl,
(unsigned char *)plain.c_str(), plain.size()) )
{
EVP_CIPHER_CTX_free(ctx);
throw std::runtime_error("EncryptUpdate failed");
}
int plen = 0;
if ( ! EVP_EncryptFinal_ex(ctx, enc_m + outl, &plen) ) {
EVP_CIPHER_CTX_free(ctx);
throw std::runtime_error("EncryptFinal failed");
}
outl += plen;
EVP_CIPHER_CTX_free(ctx);
enc.resize(outl + iv_size);
#else
throw std::runtime_error("Encryption support not available");
#endif
}
int encrypt_and_authentucate_secrets(CPOR_key *key, unsigned char *input, size_t input_len, unsigned char *ciphertext, size_t *ciphertext_len, unsigned char *authenticator, size_t *authenticator_len) {
EVP_CIPHER_CTX ctx;
EVP_CIPHER *cipher = NULL;
int len;
if(!key || !key->k_enc || !key->k_mac || !input || !input_len || !ciphertext || !ciphertext_len || !authenticator || !authenticator_len) return 0;
OpenSSL_add_all_algorithms();
EVP_CIPHER_CTX_init(&ctx);
switch(key->k_enc_size) {
case 16:
cipher = (EVP_CIPHER *)EVP_aes_128_cbc();
break;
case 24:
cipher = (EVP_CIPHER *)EVP_aes_192_cbc();
break;
case 32:
cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
break;
default:
return 0;
}
//TODO: Fix the NULL IV
if(!EVP_EncryptInit(&ctx, cipher, key->k_enc, NULL)) goto cleanup;
*ciphertext_len = 0;
if(!EVP_EncryptUpdate(&ctx, ciphertext, (int *)ciphertext_len, input, input_len)) goto cleanup;
EVP_EncryptFinal(&ctx, ciphertext + *ciphertext_len, &len);
*ciphertext_len += len;
*authenticator_len = 0;
/* Do the HMAC-SHA1 */
if(!HMAC(EVP_sha1(), key->k_mac, key->k_mac_size, ciphertext, *ciphertext_len,
authenticator, (unsigned int *)authenticator_len)) goto cleanup;
EVP_CIPHER_CTX_cleanup(&ctx);
return 1;
cleanup:
*ciphertext_len = 0;
*authenticator_len = 0;
return 0;
}
aes_cnt_cipher_t *
aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
{
EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
const EVP_CIPHER *c;
switch (key_bits) {
case 128: c = EVP_aes_128_ctr(); break;
case 192: c = EVP_aes_192_ctr(); break;
case 256: c = EVP_aes_256_ctr(); break;
default: tor_assert(0); // LCOV_EXCL_LINE
}
EVP_EncryptInit(cipher, c, key, iv);
return (aes_cnt_cipher_t *) cipher;
}
void
isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out)
{
EVP_CIPHER_CTX c;
int len;
EVP_CIPHER_CTX_init(&c);
RUNTIME_CHECK(EVP_EncryptInit(&c, EVP_aes_256_ecb(), key, NULL) == 1);
EVP_CIPHER_CTX_set_padding(&c, 0);
RUNTIME_CHECK(EVP_EncryptUpdate(&c, out, &len, in,
ISC_AES_BLOCK_LENGTH) == 1);
RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(&c) == 1);
}
QByteArray JulyAES256::encrypt(const QByteArray &data, const QByteArray &password)
{
int outLen=0;
QByteArray dataBuff;dataBuff.resize(data.size()+AES_BLOCK_SIZE);
EVP_CIPHER_CTX evpCipherCtx;
EVP_CIPHER_CTX_init(&evpCipherCtx);
EVP_EncryptInit(&evpCipherCtx,EVP_aes_256_cbc(),(const unsigned char*)sha256(password).data(),(const unsigned char*)sha256("JulyAES"+password).data());
EVP_EncryptUpdate(&evpCipherCtx,(unsigned char*)dataBuff.data(),&outLen,(const unsigned char*)data.data(),data.size());
int tempLen=outLen;
EVP_EncryptFinal(&evpCipherCtx,(unsigned char*)dataBuff.data()+tempLen,&outLen);
tempLen+=outLen;
EVP_CIPHER_CTX_cleanup(&evpCipherCtx);
dataBuff.resize(tempLen);
return dataBuff;
}
int aes_encrypt(EVP_CIPHER_CTX* context, const unsigned char *key, const unsigned char *iv, const unsigned char *msg, size_t msg_len, unsigned char **enc_msg) {
size_t block_len = 0;
size_t enc_msg_len = 0;
*enc_msg = (unsigned char*)malloc(msg_len + AES_BLOCK_SIZE);
EVP_EncryptInit(context, EVP_aes_256_cbc(), key, iv);
EVP_EncryptUpdate(context, *enc_msg, (int*)&block_len, (unsigned char*)msg, msg_len);
enc_msg_len += block_len;
EVP_EncryptFinal_ex(context, *enc_msg + enc_msg_len, (int*)&block_len);
return enc_msg_len + block_len;
}
