int main(int argc, char *argv[]){
/* Similar situation as before,
only the test vector is more complex.*/
unsigned char key[32];
bzero(key, 32);
unsigned char initcount[16];
bzero(initcount,16);
initcount[15]=1; //For test usage
unsigned char input[32];
bzero(input, 32);
unsigned char output[32]; //counter mode: assume xor works
bzero(output, 32);
aes256ctr(output, input, 32, key, initcount);
for(int i=0; i<32; i++) printf("%02x ", output[i]);
printf("\n");
symmetric_CTR ctr;
bzero(output, 32);
register_cipher(&aes_desc);
ctr_start(find_cipher("aes"), initcount, key, 32, 0, CTR_COUNTER_BIG_ENDIAN,
&ctr);
ctr_encrypt(input, output, 32, &ctr);
ctr_done(&ctr);
for(int i=0; i<32; i++) printf("%02x ", output[i]);
printf("\n");
exit(0);
}
int ctr_test(void)
{
#ifdef LTC_NO_TEST
return CRYPT_NOP;
#else
static const struct {
int keylen, msglen;
unsigned char key[32], IV[16], pt[64], ct[64];
} tests[] = {
/* 128-bit key, 16-byte pt */
{
16, 16,
{0xAE,0x68,0x52,0xF8,0x12,0x10,0x67,0xCC,0x4B,0xF7,0xA5,0x76,0x55,0x77,0xF3,0x9E },
{0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
{0x53,0x69,0x6E,0x67,0x6C,0x65,0x20,0x62,0x6C,0x6F,0x63,0x6B,0x20,0x6D,0x73,0x67 },
{0xE4,0x09,0x5D,0x4F,0xB7,0xA7,0xB3,0x79,0x2D,0x61,0x75,0xA3,0x26,0x13,0x11,0xB8 },
},
/* 128-bit key, 36-byte pt */
{
16, 36,
{0x76,0x91,0xBE,0x03,0x5E,0x50,0x20,0xA8,0xAC,0x6E,0x61,0x85,0x29,0xF9,0xA0,0xDC },
{0x00,0xE0,0x01,0x7B,0x27,0x77,0x7F,0x3F,0x4A,0x17,0x86,0xF0,0x00,0x00,0x00,0x00 },
{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,
0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,
0x20,0x21,0x22,0x23
},
{ 0xC1,0xCF,0x48,0xA8,0x9F,0x2F,0xFD,0xD9,0xCF,0x46,0x52,0xE9,0xEF,0xDB,0x72,0xD7,
0x45,0x40,0xA4,0x2B,0xDE,0x6D,0x78,0x36,0xD5,0x9A,0x5C,0xEA,0xAE,0xF3,0x10,0x53,
0x25,0xB2,0x07,0x2F
},
},
};
int idx, err, x;
unsigned char buf[64];
symmetric_CTR ctr;
/* AES can be under rijndael or aes... try to find it */
if ((idx = find_cipher("aes")) == -1) {
if ((idx = find_cipher("rijndael")) == -1) {
return CRYPT_NOP;
}
}
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
if ((err = ctr_start(idx, tests[x].IV, tests[x].key, tests[x].keylen, 0, CTR_COUNTER_BIG_ENDIAN|LTC_CTR_RFC3686, &ctr)) != CRYPT_OK) {
return err;
}
if ((err = ctr_encrypt(tests[x].pt, buf, tests[x].msglen, &ctr)) != CRYPT_OK) {
return err;
}
ctr_done(&ctr);
if (XMEMCMP(buf, tests[x].ct, tests[x].msglen)) {
return CRYPT_FAIL_TESTVECTOR;
}
}
return CRYPT_OK;
#endif
}
/**
CTR decrypt
@param ct Ciphertext
@param pt [out] Plaintext
@param len Length of ciphertext (octets)
@param ctr CTR state
@return CRYPT_OK if successful
*/
int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CTR *ctr)
{
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(ctr != NULL);
return ctr_encrypt(ct, pt, len, ctr);
}
int eax_encryptx( const unsigned char pt[], unsigned char ct[], unsigned long length,
eax_state eax[1] )
{
int err;
if( (err = ctr_encrypt( pt, ct, length, eax->ctr )) != EXIT_SUCCESS )
return err;
return omac_process( ct, length, eax->ctx_omac );
}
/* Filters to treat data during I/O */
void encrypt_authenticate(void* buf, u32 len)
{
if (ctr_encrypt(buf, buf, len, &ctr) != CRYPT_OK)
Z_ERROR("Failed to encrypt");
#ifdef GLADMAN_HMAC
hmac_sha1_data(buf, len, &hmac);
#else
if (hmac_process(&hmac, buf, len) != CRYPT_OK)
Z_ERROR("Failed to authenticate");
#endif
}
/**
CTR encrypt
@param pt Plaintext
@param ct [out] Ciphertext
@param len Length of plaintext (octets)
@param ctr CTR state
@return CRYPT_OK if successful
*/
int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr)
{
unsigned long incr;
int err;
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(ctr != NULL);
if ((err = cipher_is_valid(ctr->cipher)) != CRYPT_OK) {
return err;
}
/* is blocklen/padlen valid? */
if (ctr->blocklen < 1 || ctr->blocklen > (int)sizeof(ctr->ctr) ||
ctr->padlen < 0 || ctr->padlen > (int)sizeof(ctr->pad)) {
return CRYPT_INVALID_ARG;
}
#ifdef LTC_FAST
if (ctr->blocklen % sizeof(LTC_FAST_TYPE)) {
return CRYPT_INVALID_ARG;
}
#endif
if (cipher_descriptor[ctr->cipher]->accel_ctr_encrypt != NULL ) {
/* handle acceleration only if not in the middle of a block, accelerator is present and length is >= a block size */
if ((ctr->padlen == 0 || ctr->padlen == ctr->blocklen) && len >= (unsigned long)ctr->blocklen) {
if ((err = cipher_descriptor[ctr->cipher]->accel_ctr_encrypt(pt, ct, len/ctr->blocklen, ctr->ctr, ctr->mode, &ctr->key)) != CRYPT_OK) {
return err;
}
pt += (len / ctr->blocklen) * ctr->blocklen;
ct += (len / ctr->blocklen) * ctr->blocklen;
len %= ctr->blocklen;
/* counter was changed by accelerator so mark pad empty (will need updating in ctr_encrypt_sub()) */
ctr->padlen = ctr->blocklen;
}
/* try to re-synchronize on a block boundary for maximum use of acceleration */
incr = ctr->blocklen - ctr->padlen;
if (len >= incr + (unsigned long)ctr->blocklen) {
if ((err = ctr_encrypt_sub(pt, ct, incr, ctr)) != CRYPT_OK) {
return err;
}
pt += incr;
ct += incr;
len -= incr;
return ctr_encrypt(pt, ct, len, ctr);
}
}
return ctr_encrypt_sub(pt, ct, len, ctr);
}
/**
Read from the PRNG
@param out Destination
@param outlen Length of output
@param prng The active PRNG to read from
@return Number of octets read
*/
unsigned long yarrow_read(unsigned char *out, unsigned long outlen, prng_state *prng)
{
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(prng != NULL);
/* put out in predictable state first */
zeromem(out, outlen);
/* now randomize it */
if (ctr_encrypt(out, out, outlen, &prng->yarrow.ctr) != CRYPT_OK) {
return 0;
}
return outlen;
}
unsigned long yarrow_read(unsigned char *buf, unsigned long len, prng_state *prng)
{
_ARGCHK(buf != NULL);
_ARGCHK(prng != NULL);
/* put buf in predictable state first */
zeromem(buf, len);
/* now randomize it */
if (ctr_encrypt(buf, buf, len, &prng->yarrow.ctr) != CRYPT_OK) {
return 0;
}
return len;
}
int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length)
{
int err;
_ARGCHK(eax != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
/* encrypt */
if ((err = ctr_encrypt(pt, ct, length, &eax->ctr)) != CRYPT_OK) {
return err;
}
/* omac ciphertext */
return omac_process(&eax->ctomac, ct, length);
}
int symmetricEncrypt(unsigned char *key, unsigned long keylen, unsigned char *in, unsigned long len, unsigned char *IV, unsigned long ivlen)
{
symmetric_CTR ctr;
int err;
/* register aes first */
if ((err = register_cipher(&rijndael_desc)) == -1) {
return ERROR_REG_AES;
}
/* start up CTR mode */
if ((err = ctr_start(
find_cipher("rijndael"), /* index of desired cipher */
IV, /* the initial vecoter */
key, /* the secret key */
keylen, /* length of secret key */
0,
CTR_COUNTER_LITTLE_ENDIAN,
&ctr)
) != CRYPT_OK) {
//printf("%s\n", error_to_string(err));
return err;
}
/*
printf("from libcrypt: \n");
for(i = 0; i < 30; i++)
printf("%02x ", in[i]);
printf("\n");
fflush(stdout);
*/
if ((err = ctr_encrypt( in, /* plaintext */
in, /* ciphertext */
len, /* length of plaintext */
&ctr) /* CTR state */
) != CRYPT_OK) {
return err;
}
if ((err = ctr_done(&ctr)) != CRYPT_OK) {
return err;
}
return CRYPT_OK;
}
static int
EncryptCTR(
int cipher,
int rounds,
int counterMode,
unsigned char *iv,
unsigned char *key,
unsigned long keyLength,
unsigned char *data,
unsigned long dataLength,
unsigned char *dest
)
{
int status;
symmetric_CTR state;
status = ctr_start(cipher, iv, key, keyLength, rounds, counterMode, &state);
if (status == CRYPT_OK) {
status = ctr_encrypt(data, dest, dataLength, &state);
ctr_done(&state);
}
return status;
}
int modes_test(void)
{
unsigned char pt[64], ct[64], tmp[64], key[16], iv[16], iv2[16];
int x, cipher_idx;
symmetric_CBC cbc;
symmetric_CFB cfb;
symmetric_OFB ofb;
symmetric_CTR ctr;
unsigned long l;
/* make a random pt, key and iv */
yarrow_read(pt, 64, &test_yarrow);
yarrow_read(key, 16, &test_yarrow);
yarrow_read(iv, 16, &test_yarrow);
/* get idx of AES handy */
cipher_idx = find_cipher("aes");
if (cipher_idx == -1) {
printf("test requires AES");
return 1;
}
/* test CBC mode */
/* encode the block */
DO(cbc_start(cipher_idx, iv, key, 16, 0, &cbc));
l = sizeof(iv2);
DO(cbc_getiv(iv2, &l, &cbc));
if (l != 16 || memcmp(iv2, iv, 16)) {
printf("cbc_getiv failed");
return 1;
}
for (x = 0; x < 4; x++) {
DO(cbc_encrypt(pt+x*16, ct+x*16, &cbc));
}
/* decode the block */
DO(cbc_setiv(iv2, l, &cbc));
zeromem(tmp, sizeof(tmp));
for (x = 0; x < 4; x++) {
DO(cbc_decrypt(ct+x*16, tmp+x*16, &cbc));
}
if (memcmp(tmp, pt, 64) != 0) {
printf("CBC failed");
return 1;
}
/* test CFB mode */
/* encode the block */
DO(cfb_start(cipher_idx, iv, key, 16, 0, &cfb));
l = sizeof(iv2);
DO(cfb_getiv(iv2, &l, &cfb));
/* note we don't memcmp iv2/iv since cfb_start processes the IV for the first block */
if (l != 16) {
printf("cfb_getiv failed");
return 1;
}
DO(cfb_encrypt(pt, ct, 64, &cfb));
/* decode the block */
DO(cfb_setiv(iv, l, &cfb));
zeromem(tmp, sizeof(tmp));
DO(cfb_decrypt(ct, tmp, 64, &cfb));
if (memcmp(tmp, pt, 64) != 0) {
printf("CFB failed");
return 1;
}
/* test OFB mode */
/* encode the block */
DO(ofb_start(cipher_idx, iv, key, 16, 0, &ofb));
l = sizeof(iv2);
DO(ofb_getiv(iv2, &l, &ofb));
if (l != 16 || memcmp(iv2, iv, 16)) {
printf("ofb_getiv failed");
return 1;
}
DO(ofb_encrypt(pt, ct, 64, &ofb));
/* decode the block */
DO(ofb_setiv(iv2, l, &ofb));
zeromem(tmp, sizeof(tmp));
DO(ofb_decrypt(ct, tmp, 64, &ofb));
if (memcmp(tmp, pt, 64) != 0) {
printf("OFB failed");
return 1;
}
/* test CTR mode */
/* encode the block */
DO(ctr_start(cipher_idx, iv, key, 16, 0, &ctr));
l = sizeof(iv2);
DO(ctr_getiv(iv2, &l, &ctr));
if (l != 16 || memcmp(iv2, iv, 16)) {
printf("ctr_getiv failed");
return 1;
}
DO(ctr_encrypt(pt, ct, 64, &ctr));
/* decode the block */
DO(ctr_setiv(iv2, l, &ctr));
zeromem(tmp, sizeof(tmp));
DO(ctr_decrypt(ct, tmp, 64, &ctr));
if (memcmp(tmp, pt, 64) != 0) {
printf("CTR failed");
return 1;
}
return 0;
}
/* IF YOU CALL THIS MULTIPLE TIMES WITH THE SAME KEY YOU MUST PROVIDE AN IV POINTER! */
int crypt_data(const unsigned char *data_in,
unsigned char *data_out, size_t data_size,
const unsigned char *data_mkey, size_t data_mkey_size,
unsigned char *data_new_hmac,
const unsigned char *data_chk_hmac,
size_t data_hmac_size,
unsigned char **IV_start,
int mode) {
if (mode != MODE_ENCRYPT && mode != MODE_DECRYPT) {
fprintf(stderr, "crypt_data called with invalid mode %d\n", mode);
return -1;
}
symmetric_CTR ctr;
#ifdef _POSIX_MEMLOCK_RANGE
if (mlock(&ctr, sizeof(ctr)) != 0) {
fprintf(stderr, "WARNING: mlock failed at %s:%d - ", __FILE__, __LINE__);
perror("");
}
#endif
int err;
int ret = 0; /* return code */
unsigned char *IV;
unsigned long IV_size = 16;
int hash_idx = find_hash("sha256");
size_t data_ckey_size, data_hkey_size;
data_ckey_size = data_hkey_size = data_mkey_size;
unsigned char *subkeys = safe_malloc(data_ckey_size + data_hkey_size);
#ifdef _POSIX_MEMLOCK_RANGE
if (mlock(subkeys, data_ckey_size + data_hkey_size) != 0) {
fprintf(stderr, "WARNING: mlock failed at %s:%d - ", __FILE__, __LINE__);
perror("");
}
#endif
unsigned char *data_ckey = subkeys + 0;
unsigned char *data_hkey = subkeys + data_ckey_size;
pbkdf2(data_mkey, data_mkey_size, "H", 1, SUBKEY_ITER, hash_idx, data_hkey, &data_hkey_size);
pbkdf2(data_mkey, data_mkey_size, "C", 1, SUBKEY_ITER, hash_idx, data_ckey, &data_ckey_size);
if (IV_start == NULL || *IV_start == NULL) {
IV = safe_malloc(IV_size);
/* fprintf(stderr, "Initializing key-based IV\n"); */
/* This is at least as secure as starting with a zeroed IV */
pbkdf2(data_mkey, data_mkey_size, "I", 1, SUBKEY_ITER, hash_idx, IV, &IV_size);
}
if (IV_start != NULL) {
if (*IV_start != NULL) {
/* fprintf(stderr, "IV = *IV_start\n"); */
IV = *IV_start;
} else {
/* fprintf(stderr, "*IV_start = IV\n"); */
*IV_start = IV;
}
}
if (mode == MODE_DECRYPT && data_chk_hmac != NULL) {
if ((err = hmac_vrfymem(hash_idx,
data_hkey, data_hkey_size,
data_in, data_size, data_chk_hmac,
(long unsigned int *)&data_hmac_size)) != CRYPT_OK) {
crypt_data_return(THRCR_BADMAC);
}
}
/* LTC_CTR_RFC3686 is needed to avoid reusing a counter value. */
if ((err = ctr_start(find_cipher("aes"), IV, data_ckey, data_ckey_size, 0,
CTR_COUNTER_BIG_ENDIAN | LTC_CTR_RFC3686, &ctr)) != CRYPT_OK) {
fprintf(stderr, "Error initializing cipher: %d\n", err);
crypt_data_return(-1);
}
/* ctr_encrypt is used for both encryption and decryption */
if ((err = ctr_encrypt(data_in, data_out, data_size, &ctr)) != CRYPT_OK) {
fprintf(stderr, "ctr_encrypt error: %s\n", error_to_string(err));
ctr_done(&ctr); /* done with cipher, clean up keys */
crypt_data_return(-1);
}
ctr_done(&ctr); /* done with cipher, clean up keys */
if (mode == MODE_ENCRYPT && data_new_hmac != NULL) {
if ((err = hmac_memory(hash_idx,
data_hkey, data_hkey_size,
data_out, data_size, data_new_hmac,
(long unsigned int *)&data_hmac_size)) != CRYPT_OK) {
fprintf(stderr, "hmac error: %s\n", error_to_string(err));
crypt_data_return(-1);
}
}
crypt_data_return:
/* before actually returning, make sure key material isn't in memory */
MEMWIPE(&ctr, sizeof(ctr));
MEMWIPE(subkeys, data_ckey_size + data_hkey_size);
#ifdef _POSIX_MEMLOCK_RANGE
munlock(subkeys, data_ckey_size + data_hkey_size);
#endif
safe_free(subkeys);
/* save the IV */
if (IV_start != NULL && *IV_start != NULL) {
/* fprintf(stderr, "*IV_start = ctr.ctr\n"); */
ctr_getiv(*IV_start, &IV_size, &ctr);
} else {
safe_free(IV);
}
return ret;
}
TEE_Result tee_cipher_update(void *ctx, uint32_t algo,
TEE_OperationMode mode, bool last_block,
const uint8_t *data, size_t len, uint8_t *dst)
{
TEE_Result res;
int ltc_res = CRYPT_OK;
size_t block_size;
uint8_t tmp_block[64], tmp2_block[64];
int nb_blocks, len_last_block;
struct symmetric_CTS *cts;
/*
* Check that the block contains the correct number of data, apart
* for the last block in some XTS / CTR / XTS mode
*/
res = tee_cipher_get_block_size(algo, &block_size);
if (res != TEE_SUCCESS)
return res;
if ((len % block_size) != 0) {
if (!last_block)
return TEE_ERROR_BAD_PARAMETERS;
switch (algo) {
case TEE_ALG_AES_ECB_NOPAD:
case TEE_ALG_DES_ECB_NOPAD:
case TEE_ALG_DES3_ECB_NOPAD:
case TEE_ALG_AES_CBC_NOPAD:
case TEE_ALG_DES_CBC_NOPAD:
case TEE_ALG_DES3_CBC_NOPAD:
return TEE_ERROR_BAD_PARAMETERS;
case TEE_ALG_AES_CTR:
case TEE_ALG_AES_XTS:
case TEE_ALG_AES_CTS:
/*
* These modes doesn't require padding for the last
* block.
*
* This isn't entirely true, both XTS and CTS can only
* encrypt minimum one block and also they need at least
* one complete block in the last update to finish the
* encryption. The algorithms are supposed to detect
* that, we're only making sure that all data fed up to
* that point consists of complete blocks.
*/
break;
default:
return TEE_ERROR_NOT_SUPPORTED;
}
}
switch (algo) {
case TEE_ALG_AES_ECB_NOPAD:
case TEE_ALG_DES_ECB_NOPAD:
case TEE_ALG_DES3_ECB_NOPAD:
if (mode == TEE_MODE_ENCRYPT)
ltc_res = ecb_encrypt(data, dst, len, (symmetric_ECB *)ctx);
else
ltc_res = ecb_decrypt(data, dst, len, (symmetric_ECB *)ctx);
break;
case TEE_ALG_AES_CBC_NOPAD:
case TEE_ALG_DES_CBC_NOPAD:
case TEE_ALG_DES3_CBC_NOPAD:
if (mode == TEE_MODE_ENCRYPT)
ltc_res = cbc_encrypt(data, dst, len, (symmetric_CBC *)ctx);
else
ltc_res = cbc_decrypt(data, dst, len, (symmetric_CBC *)ctx);
break;
case TEE_ALG_AES_CTR:
if (mode == TEE_MODE_ENCRYPT)
ltc_res = ctr_encrypt(data, dst, len, (symmetric_CTR *)ctx);
else
ltc_res = ctr_decrypt(data, dst, len, (symmetric_CTR *)ctx);
break;
case TEE_ALG_AES_XTS:
return TEE_ERROR_NOT_SUPPORTED;
/*
if (mode == TEE_MODE_ENCRYPT) {
ltc_res = xts_encrypt(data, dst, len, (symmetric_xts *)ctx);
} else {
ltc_res = xts_decrypt(data, dst, len, (symmetric_xts *)ctx);
}
*/
break;
case TEE_ALG_AES_CTS:
/*
* From http://en.wikipedia.org/wiki/Ciphertext_stealing
* CBC ciphertext stealing encryption using a standard
* CBC interface:
* 1. Pad the last partial plaintext block with 0.
* 2. Encrypt the whole padded plaintext using the
* standard CBC mode.
* 3. Swap the last two ciphertext blocks.
* 4. Truncate the ciphertext to the length of the
* original plaintext.
*
* CBC ciphertext stealing decryption using a standard
* CBC interface
* 1. Dn = Decrypt (K, Cn-1). Decrypt the second to last
* ciphertext block.
* 2. Cn = Cn || Tail (Dn, B-M). Pad the ciphertext to the
* nearest multiple of the block size using the last
* B-M bits of block cipher decryption of the
* second-to-last ciphertext block.
* 3. Swap the last two ciphertext blocks.
* 4. Decrypt the (modified) ciphertext using the standard
* CBC mode.
* 5. Truncate the plaintext to the length of the original
* ciphertext.
*/
cts = (struct symmetric_CTS *)ctx;
if (!last_block)
return tee_cipher_update(
&cts->cbc, TEE_ALG_AES_CBC_NOPAD, mode,
last_block, data, len, dst);
/* Compute the last block length and check constraints */
if (block_size > 64)
return TEE_ERROR_BAD_STATE;
nb_blocks = ((len + block_size - 1) / block_size);
if (nb_blocks < 2)
return TEE_ERROR_BAD_STATE;
len_last_block = len % block_size;
if (len_last_block == 0)
len_last_block = block_size;
if (mode == TEE_MODE_ENCRYPT) {
memcpy(tmp_block,
data + ((nb_blocks - 1) * block_size),
len_last_block);
memset(tmp_block + len_last_block,
0,
block_size - len_last_block);
res = tee_cipher_update(
&cts->cbc, TEE_ALG_AES_CBC_NOPAD, mode, 0,
data, (nb_blocks - 1) * block_size, dst);
if (res != TEE_SUCCESS)
return res;
memcpy(dst + (nb_blocks - 1) * block_size,
dst + (nb_blocks - 2) * block_size,
len_last_block);
res = tee_cipher_update(
&cts->cbc, TEE_ALG_AES_CBC_NOPAD, mode, 0,
tmp_block,
block_size,
dst + (nb_blocks - 2) * block_size);
if (res != TEE_SUCCESS)
return res;
} else {
/* 1. Decrypt the second to last ciphertext block */
res = tee_cipher_update(
&cts->ecb, TEE_ALG_AES_ECB_NOPAD, mode, 0,
data + (nb_blocks - 2) * block_size,
block_size,
tmp2_block);
if (res != TEE_SUCCESS)
return res;
/* 2. Cn = Cn || Tail (Dn, B-M) */
memcpy(tmp_block,
data + ((nb_blocks - 1) * block_size),
len_last_block);
memcpy(tmp_block + len_last_block,
tmp2_block + len_last_block,
block_size - len_last_block);
/* 3. Swap the last two ciphertext blocks */
/* done by passing the correct buffers in step 4. */
/* 4. Decrypt the (modified) ciphertext */
if (nb_blocks > 2) {
res = tee_cipher_update(
&cts->cbc, TEE_ALG_AES_CBC_NOPAD,
mode, 0,
data,
(nb_blocks - 2) * block_size,
dst);
if (res != TEE_SUCCESS)
return res;
}
res = tee_cipher_update(
&cts->cbc, TEE_ALG_AES_CBC_NOPAD, mode, 0,
tmp_block,
block_size,
dst + ((nb_blocks - 2) * block_size));
if (res != TEE_SUCCESS)
return res;
res = tee_cipher_update(
&cts->cbc, TEE_ALG_AES_CBC_NOPAD, mode, 0,
data + ((nb_blocks - 2) * block_size),
block_size,
tmp_block);
if (res != TEE_SUCCESS)
return res;
/* 5. Truncate the plaintext */
memcpy(dst + (nb_blocks - 1) * block_size,
tmp_block,
len_last_block);
break;
}
break;
default:
return TEE_ERROR_NOT_SUPPORTED;
}
if (ltc_res == CRYPT_OK)
return TEE_SUCCESS;
else
return TEE_ERROR_BAD_STATE;
}
int main(){
char plaintext[] = "Hi I am an AES CTR test vector distributed on 4 128-bit blocks!";
unsigned char key[16] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
unsigned char iv[16] = {0x01, 0xff, 0x83, 0xf2, 0xf9, 0x98, 0xba, 0xa4, 0xda, 0xdc, 0xaa, 0xcc, 0x8e, 0x17, 0xa4, 0x1b};
symmetric_CTR ctr;
unsigned char ciphertext[sizeof(plaintext)];
unsigned char deciphertext[sizeof(plaintext)];
int err;
if (register_cipher(&aes_desc) == -1) {
printf("Error: in %s, unable to register cipher\n", __func__);
return 0;
}
printf("Plaintext: \"%s\"\n", plaintext);
printf("IV: ");
fprintBuffer_raw(stdout, (char*)iv, sizeof(iv));
printf("\nKey 128: ");
fprintBuffer_raw(stdout, (char*)key, sizeof(key));
/* ENCRYPT */
if ((err = ctr_start(find_cipher("aes"), iv, key, sizeof(key), 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
if ((err = ctr_encrypt((unsigned char*)plaintext, ciphertext, sizeof(plaintext), &ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
if ((err = ctr_done(&ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
/* DECRYPT */
if ((err = ctr_start(find_cipher("aes"), iv, key, sizeof(key), 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
if ((err = ctr_decrypt(ciphertext, deciphertext, sizeof(plaintext), &ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
if ((err = ctr_done(&ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
printf("\nCiphertext CTR: ");
fprintBuffer_raw(stdout, (char*)ciphertext, sizeof(plaintext));
if (memcmp(deciphertext, plaintext, sizeof(plaintext)) == 0){
printf("\nRecovery: OK\n");
}
else{
printf("\nRecovery: FAIL\n");
}
return 0;
}
int main(int argc, char *argv[])
{
unsigned char plaintext[512],ciphertext[512];
unsigned char tmpkey[512], key[MAXBLOCKSIZE], IV[MAXBLOCKSIZE];
unsigned char inbuf[512]; /* i/o block size */
unsigned long outlen, y, ivsize, x, decrypt;
symmetric_CTR ctr;
int cipher_idx, hash_idx, ks;
char *infile, *outfile, *cipher;
prng_state prng;
FILE *fdin, *fdout;
/* register algs, so they can be printed */
register_algs();
if (argc < 4) {
return usage(argv[0]);
}
if (!strcmp(argv[1], "-d")) {
decrypt = 1;
cipher = argv[2];
infile = argv[3];
outfile = argv[4];
} else {
decrypt = 0;
cipher = argv[1];
infile = argv[2];
outfile = argv[3];
}
/* file handles setup */
fdin = fopen(infile,"rb");
if (fdin == NULL) {
perror("Can't open input for reading");
exit(-1);
}
fdout = fopen(outfile,"wb");
if (fdout == NULL) {
perror("Can't open output for writing");
exit(-1);
}
cipher_idx = find_cipher(cipher);
if (cipher_idx == -1) {
printf("Invalid cipher entered on command line.\n");
exit(-1);
}
hash_idx = find_hash("sha256");
if (hash_idx == -1) {
printf("LTC_SHA256 not found...?\n");
exit(-1);
}
ivsize = cipher_descriptor[cipher_idx].block_length;
ks = hash_descriptor[hash_idx].hashsize;
if (cipher_descriptor[cipher_idx].keysize(&ks) != CRYPT_OK) {
printf("Invalid keysize???\n");
exit(-1);
}
printf("\nEnter key: ");
fgets((char *)tmpkey,sizeof(tmpkey), stdin);
outlen = sizeof(key);
if ((errno = hash_memory(hash_idx,tmpkey,strlen((char *)tmpkey),key,&outlen)) != CRYPT_OK) {
printf("Error hashing key: %s\n", error_to_string(errno));
exit(-1);
}
if (decrypt) {
/* Need to read in IV */
if (fread(IV,1,ivsize,fdin) != ivsize) {
printf("Error reading IV from input.\n");
exit(-1);
}
if ((errno = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
printf("ctr_start error: %s\n",error_to_string(errno));
exit(-1);
}
/* IV done */
do {
y = fread(inbuf,1,sizeof(inbuf),fdin);
if ((errno = ctr_decrypt(inbuf,plaintext,y,&ctr)) != CRYPT_OK) {
printf("ctr_decrypt error: %s\n", error_to_string(errno));
exit(-1);
}
if (fwrite(plaintext,1,y,fdout) != y) {
printf("Error writing to file.\n");
exit(-1);
}
} while (y == sizeof(inbuf));
fclose(fdin);
fclose(fdout);
} else { /* encrypt */
/* Setup yarrow for random bytes for IV */
if ((errno = rng_make_prng(128, find_prng("yarrow"), &prng, NULL)) != CRYPT_OK) {
printf("Error setting up PRNG, %s\n", error_to_string(errno));
}
/* You can use rng_get_bytes on platforms that support it */
/* x = rng_get_bytes(IV,ivsize,NULL);*/
x = yarrow_read(IV,ivsize,&prng);
if (x != ivsize) {
printf("Error reading PRNG for IV required.\n");
exit(-1);
}
if (fwrite(IV,1,ivsize,fdout) != ivsize) {
printf("Error writing IV to output.\n");
exit(-1);
}
if ((errno = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
printf("ctr_start error: %s\n",error_to_string(errno));
exit(-1);
}
do {
y = fread(inbuf,1,sizeof(inbuf),fdin);
if ((errno = ctr_encrypt(inbuf,ciphertext,y,&ctr)) != CRYPT_OK) {
printf("ctr_encrypt error: %s\n", error_to_string(errno));
exit(-1);
}
if (fwrite(ciphertext,1,y,fdout) != y) {
printf("Error writing to output.\n");
exit(-1);
}
} while (y == sizeof(inbuf));
fclose(fdout);
fclose(fdin);
}
return 0;
}
void ctr_decrypt(unsigned char *ct, unsigned char *pt, int len, struct symmetric_CTR *ctr)
{
ctr_encrypt(ct, pt, len, ctr);
}