static int _xts_test_accel_xts_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *tweak, symmetric_key *skey1, symmetric_key *skey2) { int ret; symmetric_xts xts; int (*orig)(const unsigned char *, unsigned char *, unsigned long , unsigned char *, symmetric_key *, symmetric_key *); /* AES can be under rijndael or aes... try to find it */ if ((xts.cipher = find_cipher("aes")) == -1) { if ((xts.cipher = find_cipher("rijndael")) == -1) { return CRYPT_NOP; } } orig = cipher_descriptor[xts.cipher].accel_xts_decrypt; cipher_descriptor[xts.cipher].accel_xts_decrypt = NULL; XMEMCPY(&xts.key1, skey1, sizeof(symmetric_key)); XMEMCPY(&xts.key2, skey2, sizeof(symmetric_key)); ret = xts_decrypt(ct, blocks << 4, pt, tweak, &xts); cipher_descriptor[xts.cipher].accel_xts_decrypt = orig; return ret; }
int ctr_test(void) { #ifdef LTC_NO_TEST return CRYPT_NOP; #else static const struct { int keylen, msglen; unsigned char key[32], IV[16], pt[64], ct[64]; } tests[] = { /* 128-bit key, 16-byte pt */ { 16, 16, {0xAE,0x68,0x52,0xF8,0x12,0x10,0x67,0xCC,0x4B,0xF7,0xA5,0x76,0x55,0x77,0xF3,0x9E }, {0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, {0x53,0x69,0x6E,0x67,0x6C,0x65,0x20,0x62,0x6C,0x6F,0x63,0x6B,0x20,0x6D,0x73,0x67 }, {0xE4,0x09,0x5D,0x4F,0xB7,0xA7,0xB3,0x79,0x2D,0x61,0x75,0xA3,0x26,0x13,0x11,0xB8 }, }, /* 128-bit key, 36-byte pt */ { 16, 36, {0x76,0x91,0xBE,0x03,0x5E,0x50,0x20,0xA8,0xAC,0x6E,0x61,0x85,0x29,0xF9,0xA0,0xDC }, {0x00,0xE0,0x01,0x7B,0x27,0x77,0x7F,0x3F,0x4A,0x17,0x86,0xF0,0x00,0x00,0x00,0x00 }, { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F, 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F, 0x20,0x21,0x22,0x23 }, { 0xC1,0xCF,0x48,0xA8,0x9F,0x2F,0xFD,0xD9,0xCF,0x46,0x52,0xE9,0xEF,0xDB,0x72,0xD7, 0x45,0x40,0xA4,0x2B,0xDE,0x6D,0x78,0x36,0xD5,0x9A,0x5C,0xEA,0xAE,0xF3,0x10,0x53, 0x25,0xB2,0x07,0x2F }, }, }; int idx, err, x; unsigned char buf[64]; symmetric_CTR ctr; /* AES can be under rijndael or aes... try to find it */ if ((idx = find_cipher("aes")) == -1) { if ((idx = find_cipher("rijndael")) == -1) { return CRYPT_NOP; } } for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { if ((err = ctr_start(idx, tests[x].IV, tests[x].key, tests[x].keylen, 0, CTR_COUNTER_BIG_ENDIAN|LTC_CTR_RFC3686, &ctr)) != CRYPT_OK) { return err; } if ((err = ctr_encrypt(tests[x].pt, buf, tests[x].msglen, &ctr)) != CRYPT_OK) { return err; } ctr_done(&ctr); if (XMEMCMP(buf, tests[x].ct, tests[x].msglen)) { return CRYPT_FAIL_TESTVECTOR; } } return CRYPT_OK; #endif }
C4Err ECB_Encrypt(Cipher_Algorithm algorithm, const void * key, const void * in, size_t bytesIn, void * out ) { int err = kC4Err_NoErr; int status = CRYPT_OK; symmetric_ECB ECB; int keylen = 0; int cipher = -1; switch(algorithm) { case kCipher_Algorithm_AES128: keylen = 128 >> 3; cipher = find_cipher("aes"); break; case kCipher_Algorithm_AES192: keylen = 192 >> 3; cipher = find_cipher("aes"); break; case kCipher_Algorithm_AES256: keylen = 256 >> 3; cipher = find_cipher("aes"); break; case kCipher_Algorithm_2FISH256: keylen = 256 >> 3; cipher = find_cipher("twofish"); break; default: RETERR(kC4Err_BadCipherNumber); } status = ecb_start(cipher, key, keylen, 0, &ECB ); CKSTAT; status = ecb_encrypt(in, out, bytesIn, &ECB); CKSTAT; done: ecb_done(&ECB); if(status != CRYPT_OK) err = sCrypt2C4Err(status); return err; }
int f8_test_mode(void) { #ifndef LTC_TEST return CRYPT_NOP; #else static const unsigned char key[16] = { 0x23, 0x48, 0x29, 0x00, 0x84, 0x67, 0xbe, 0x18, 0x6c, 0x3d, 0xe1, 0x4a, 0xae, 0x72, 0xd6, 0x2c }; static const unsigned char salt[4] = { 0x32, 0xf2, 0x87, 0x0d }; static const unsigned char IV[16] = { 0x00, 0x6e, 0x5c, 0xba, 0x50, 0x68, 0x1d, 0xe5, 0x5c, 0x62, 0x15, 0x99, 0xd4, 0x62, 0x56, 0x4a }; static const unsigned char pt[39] = { 0x70, 0x73, 0x65, 0x75, 0x64, 0x6f, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x6e, 0x65, 0x73, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, 0x6e, 0x65, 0x78, 0x74, 0x20, 0x62, 0x65, 0x73, 0x74, 0x20, 0x74, 0x68, 0x69, 0x6e, 0x67 }; static const unsigned char ct[39] = { 0x01, 0x9c, 0xe7, 0xa2, 0x6e, 0x78, 0x54, 0x01, 0x4a, 0x63, 0x66, 0xaa, 0x95, 0xd4, 0xee, 0xfd, 0x1a, 0xd4, 0x17, 0x2a, 0x14, 0xf9, 0xfa, 0xf4, 0x55, 0xb7, 0xf1, 0xd4, 0xb6, 0x2b, 0xd0, 0x8f, 0x56, 0x2c, 0x0e, 0xef, 0x7c, 0x48, 0x02 }; unsigned char buf[39]; symmetric_F8 f8; int err, idx; idx = find_cipher("aes"); if (idx == -1) { idx = find_cipher("rijndael"); if (idx == -1) return CRYPT_NOP; } /* initialize the context */ if ((err = f8_start(idx, IV, key, sizeof(key), salt, sizeof(salt), 0, &f8)) != CRYPT_OK) { return err; } /* encrypt block */ if ((err = f8_encrypt(pt, buf, sizeof(pt), &f8)) != CRYPT_OK) { f8_done(&f8); return err; } f8_done(&f8); /* compare */ if (XMEMCMP(buf, ct, sizeof(ct))) { return CRYPT_FAIL_TESTVECTOR; } return CRYPT_OK; #endif }
/** Initialize a Pelican state @param pelmac The Pelican state to initialize @param cipher The index of the desired cipher, must be AES @param key The secret key @param keylen The length of the secret key (octets) @return CRYPT_OK if successful */ int pelican_init(pelican_state *pelmac, int cipher, const unsigned char *key, unsigned long keylen) { int index; int err; LTC_ARGCHK(pelmac != NULL); LTC_ARGCHK(key != NULL); index = find_cipher("aes"); if (cipher != index || index < 0) { return CRYPT_INVALID_CIPHER; } #ifdef LTC_FAST if (16 % sizeof(LTC_FAST_TYPE)) { return CRYPT_INVALID_ARG; } #endif if ((err = aes_setup(key, keylen, 0, &pelmac->K)) != CRYPT_OK) { return err; } zeromem(pelmac->state, 16); aes_ecb_encrypt(pelmac->state, pelmac->state, &pelmac->K); pelmac->buflen = 0; return CRYPT_OK; }
int main(int argc, char *argv[]){ /* Similar situation as before, only the test vector is more complex.*/ unsigned char key[32]; bzero(key, 32); unsigned char initcount[16]; bzero(initcount,16); initcount[15]=1; //For test usage unsigned char input[32]; bzero(input, 32); unsigned char output[32]; //counter mode: assume xor works bzero(output, 32); aes256ctr(output, input, 32, key, initcount); for(int i=0; i<32; i++) printf("%02x ", output[i]); printf("\n"); symmetric_CTR ctr; bzero(output, 32); register_cipher(&aes_desc); ctr_start(find_cipher("aes"), initcount, key, 32, 0, CTR_COUNTER_BIG_ENDIAN, &ctr); ctr_encrypt(input, output, 32, &ctr); ctr_done(&ctr); for(int i=0; i<32; i++) printf("%02x ", output[i]); printf("\n"); exit(0); }
void ltc_init(void) { int cipherID; unsigned char key[ENCRYPTION_KEY_LENGTH]; #if defined(ENCRYPTION_CTR) || defined(ENCRYPTION_CBC) unsigned char IV[ENCRYPTION_BLOCK_LENGTH]; #endif TRACE_DEBUG("LTC: Initializing ...\n\r"); // Register cipher register_cipher(&CIPHER_DESC); cipherID = find_cipher(CIPHER_NAME); // Load key ASCII2Hex(ENCRYPTION_KEY, key, ENCRYPTION_KEY_LENGTH); #if defined(ENCRYPTION_CTR) || defined(ENCRYPTION_CBC) // Load IV ASCII2Hex(ENCRYPTION_IV, IV, ENCRYPTION_BLOCK_LENGTH); #endif // Start decryption mode #if defined(ENCRYPTION_ECB) ecb_start(cipherID, key, ENCRYPTION_KEY_LENGTH, 0, &sECB); #elif defined(ENCRYPTION_CBC) cbc_start(cipherID, IV, key, ENCRYPTION_KEY_LENGTH, 0, &sCBC); #elif defined(ENCRYPTION_CTR) ctr_start(cipherID, IV, key, ENCRYPTION_KEY_LENGTH, 0, CTR_COUNTER_BIG_ENDIAN, &sCTR); #endif TRACE_DEBUG("LTC: Initialization done.\n\r"); }
// ========================================================================= // Initialize libtomcrypt cypher NTSTATUS InitLTCCypher( OUT int *cipher ) { NTSTATUS status = STATUS_CRYPTO_SYSTEM_INVALID; DEBUGOUTCYPHERIMPL(DEBUGLEV_ENTER, (TEXT("InitLTCCypher\n"))); // Initialize cipher *cipher = register_cipher(&cast5_desc); if (*cipher == -1) { DEBUGOUTCYPHERIMPL(DEBUGLEV_ERROR, (TEXT("Could not register cipher\n"))); } else { *cipher = find_cipher("cast5"); if (*cipher == -1) { DEBUGOUTCYPHERIMPL(DEBUGLEV_ERROR, (TEXT("Could not find cipher\n"))); } else { status = STATUS_SUCCESS; } } DEBUGOUTCYPHERIMPL(DEBUGLEV_EXIT, (TEXT("InitLTCCypher\n"))); return status; }
SCLError CCM_Decrypt(uint8_t *key, size_t keyLen, uint8_t *seq, size_t seqLen, uint8_t *in, size_t inLen, uint8_t *tag, size_t tagSize, uint8_t **outData, size_t *outSize) { SCLError err = kSCLError_NoErr; int status = CRYPT_OK; uint8_t *buffer = NULL; size_t buffLen = inLen; int IVlen = keyLen >>1; uint8_t bytes2Pad = 0; unsigned char T[32]; unsigned long tagLen = sizeof(T); buffer = XMALLOC(buffLen); status = ccm_memory(find_cipher("aes"), key, IVlen , NULL, key+ IVlen, IVlen, seq, seqLen, buffer, buffLen, in, T, &tagLen , CCM_DECRYPT);CKSTAT; // This will only compare as many bytes of the tag as you specify in tagSize // we need to be careful with CCM to not leak key information, an easy way to do // that is to only export half the hash. if((memcmp(T,tag,tagSize) != 0)) RETERR(kSCLError_CorruptData); bytes2Pad = *(buffer+buffLen-1); *outData = buffer; *outSize = buffLen- bytes2Pad; done: if(status != CRYPT_OK || err != kSCLError_NoErr) { if(buffer) { memset(buffer, buffLen, 0); XFREE(buffer); } err = IsSCLError(err)?err:sCrypt2SCLError(status); } return err; }
static int sqlcipher_ltc_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) { int rc, cipher_idx, hash_idx; symmetric_CBC cbc; if((cipher_idx = find_cipher(sqlcipher_ltc_get_cipher(ctx))) == -1) return SQLITE_ERROR; if((rc = cbc_start(cipher_idx, iv, key, key_sz, 0, &cbc)) != CRYPT_OK) return SQLITE_ERROR; rc = mode == 1 ? cbc_encrypt(in, out, in_sz, &cbc) : cbc_decrypt(in, out, in_sz, &cbc); if(rc != CRYPT_OK) return SQLITE_ERROR; cbc_done(&cbc); return SQLITE_OK; }
/** Self-test the hash @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled */ int chc_test(void) { static const struct { unsigned char *msg, md[MAXBLOCKSIZE]; int len; } tests[] = { { (unsigned char *)"hello world", { 0xcf, 0x57, 0x9d, 0xc3, 0x0a, 0x0e, 0xea, 0x61, 0x0d, 0x54, 0x47, 0xc4, 0x3c, 0x06, 0xf5, 0x4e }, 16 } }; int x, oldhashidx, idx; unsigned char out[MAXBLOCKSIZE]; hash_state md; /* AES can be under rijndael or aes... try to find it */ if ((idx = find_cipher("aes")) == -1) { if ((idx = find_cipher("rijndael")) == -1) { return CRYPT_NOP; } } oldhashidx = cipher_idx; chc_register(idx); for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { chc_init(&md); chc_process(&md, tests[x].msg, strlen((char *)tests[x].msg)); chc_done(&md, out); if (XMEMCMP(out, tests[x].md, tests[x].len)) { return CRYPT_FAIL_TESTVECTOR; } } if (oldhashidx != UNDEFED_HASH) { chc_register(oldhashidx); } return CRYPT_OK; }
SCLError GCM_Decrypt(uint8_t *key, size_t keyLen, uint8_t *seq, size_t seqLen, uint8_t *in, size_t inLen, uint8_t *tag, size_t tagSize, uint8_t **outData, size_t *outSize) { SCLError err = kSCLError_NoErr; int status = CRYPT_OK; uint8_t *buffer = NULL; size_t buffLen = inLen; int IVlen = keyLen >>1; uint8_t bytes2Pad = 0; unsigned char T[32]; unsigned long tagLen = sizeof(T); buffer = XMALLOC(buffLen); status = gcm_memory(find_cipher("aes"), key, IVlen , key+ IVlen, IVlen, seq, seqLen, buffer, buffLen, in, T, &tagLen , GCM_DECRYPT);CKSTAT; if( tagLen != tagSize || (memcmp(T,tag,tagLen) != 0)) RETERR(kSCLError_CorruptData); bytes2Pad = *(buffer+buffLen-1); *outData = buffer; *outSize = buffLen- bytes2Pad; done: if(status != CRYPT_OK || err != kSCLError_NoErr) { if(buffer) { memset(buffer, buffLen, 0); XFREE(buffer); } err = IsSCLError(err)?err:sCrypt2SCLError(status); } return err; }
/** Test f9-MAC mode Return CRYPT_OK on succes */ int f9_test(void) { #ifdef LTC_NO_TEST return CRYPT_NOP; #else static const struct { int msglen; unsigned char K[16], M[128], T[4]; } tests[] = { { 20, { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00, 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 }, { 0x38, 0xA6, 0xF0, 0x56, 0xB8, 0xAE, 0xFD, 0xA9, 0x33, 0x32, 0x34, 0x62, 0x63, 0x39, 0x38, 0x61, 0x37, 0x34, 0x79, 0x40 }, { 0x46, 0xE0, 0x0D, 0x4B } }, { 105, { 0x83, 0xFD, 0x23, 0xA2, 0x44, 0xA7, 0x4C, 0xF3, 0x58, 0xDA, 0x30, 0x19, 0xF1, 0x72, 0x26, 0x35 }, { 0x36, 0xAF, 0x61, 0x44, 0x4F, 0x30, 0x2A, 0xD2, 0x35, 0xC6, 0x87, 0x16, 0x63, 0x3C, 0x66, 0xFB, 0x75, 0x0C, 0x26, 0x68, 0x65, 0xD5, 0x3C, 0x11, 0xEA, 0x05, 0xB1, 0xE9, 0xFA, 0x49, 0xC8, 0x39, 0x8D, 0x48, 0xE1, 0xEF, 0xA5, 0x90, 0x9D, 0x39, 0x47, 0x90, 0x28, 0x37, 0xF5, 0xAE, 0x96, 0xD5, 0xA0, 0x5B, 0xC8, 0xD6, 0x1C, 0xA8, 0xDB, 0xEF, 0x1B, 0x13, 0xA4, 0xB4, 0xAB, 0xFE, 0x4F, 0xB1, 0x00, 0x60, 0x45, 0xB6, 0x74, 0xBB, 0x54, 0x72, 0x93, 0x04, 0xC3, 0x82, 0xBE, 0x53, 0xA5, 0xAF, 0x05, 0x55, 0x61, 0x76, 0xF6, 0xEA, 0xA2, 0xEF, 0x1D, 0x05, 0xE4, 0xB0, 0x83, 0x18, 0x1E, 0xE6, 0x74, 0xCD, 0xA5, 0xA4, 0x85, 0xF7, 0x4D, 0x7A, 0x40|0x80 }, { 0x95, 0xAE, 0x41, 0xBA }, } }; unsigned char T[16]; unsigned long taglen; int err, x, idx; /* find kasumi */ if ((idx = find_cipher("kasumi")) == -1) { return CRYPT_NOP; } for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { taglen = 4; if ((err = f9_memory(idx, tests[x].K, 16, tests[x].M, tests[x].msglen, T, &taglen)) != CRYPT_OK) { return err; } if (taglen != 4 || XMEMCMP(T, tests[x].T, 4)) { return CRYPT_FAIL_TESTVECTOR; } } return CRYPT_OK; #endif }
void CAESModule::decrypt(Tools::CSecureMemory &rPlainText, Tools::CSecureMemory const &rCypherText) const { FASSERT(((rCypherText.getSize()-gIVSize) % gBlockSize) == 0); FASSERT(mKey.getSize() == gKeySize); Tools::CSecureMemory const IV(&rCypherText[0], gIVSize); int ErrorCode; int const Cipher = find_cipher("rijndael"); FASSERT(Cipher != -1); symmetric_CBC CBCMode; ErrorCode = cbc_start(Cipher, &IV[0], &mKey[0], static_cast<unsigned long>(mKey.getSize()), 0, &CBCMode); if (ErrorCode != CRYPT_OK) { throw ExInternalError(std::string("Cannot setup AES cipher: ") + std::string(error_to_string(ErrorCode))); } Tools::CSecureMemory PaddedPlainText; PaddedPlainText.allocate(rCypherText.getSize() - gIVSize); ErrorCode = cbc_decrypt(&rCypherText[gIVSize], &PaddedPlainText[0], static_cast<unsigned long>(PaddedPlainText.getSize()), &CBCMode); if (ErrorCode != CRYPT_OK) { throw ExInternalError(std::string("Error during decryption: ") + std::string(error_to_string(ErrorCode))); } ErrorCode = cbc_done(&CBCMode); if (ErrorCode != CRYPT_OK) { throw ExInternalError(std::string("Error when closing decryption stream: ") + std::string(error_to_string(ErrorCode))); } try { Tools::getUnpaddedMemory(rPlainText, PaddedPlainText); } catch(Debug::ExAssert &rError) { UNUSED_ARGUMENT(rError); throw ExKeyError(std::string("{CAESModule} Memory structure of decrypted data is invalid. Cannot delete padding bytes.")); } return; }
int my_aes_setup(int tmpKey){ if (register_cipher(&aes_desc) == -1) { printf("Error registering aes\n"); exit(EXIT_FAILURE); } unsigned char key[32]; unsigned long keyLength = 32; hash_memory(hash_index,(unsigned char*)&tmpKey, sizeof(int), key, &keyLength); int err; if ((err = cipher_descriptor[find_cipher("aes")].setup(key, keyLength, 0, &symKey)) != CRYPT_OK) { printf("Error setting up AES ,%i, %s\n",err, error_to_string(err)); exit(EXIT_FAILURE); } return 0; }
int symmetricEncrypt(unsigned char *key, unsigned long keylen, unsigned char *in, unsigned long len, unsigned char *IV, unsigned long ivlen) { symmetric_CTR ctr; int err; /* register aes first */ if ((err = register_cipher(&rijndael_desc)) == -1) { return ERROR_REG_AES; } /* start up CTR mode */ if ((err = ctr_start( find_cipher("rijndael"), /* index of desired cipher */ IV, /* the initial vecoter */ key, /* the secret key */ keylen, /* length of secret key */ 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) ) != CRYPT_OK) { //printf("%s\n", error_to_string(err)); return err; } /* printf("from libcrypt: \n"); for(i = 0; i < 30; i++) printf("%02x ", in[i]); printf("\n"); fflush(stdout); */ if ((err = ctr_encrypt( in, /* plaintext */ in, /* ciphertext */ len, /* length of plaintext */ &ctr) /* CTR state */ ) != CRYPT_OK) { return err; } if ((err = ctr_done(&ctr)) != CRYPT_OK) { return err; } return CRYPT_OK; }
void aes256gcmtomcrypt(unsigned char *c, unsigned char *m, unsigned long long mlen, unsigned char *nonce, unsigned char *key){ /*Using libtomcrypt as alternative gives us way to check implementation*/ register_cipher(&aes_desc); unsigned char tag[16]; unsigned long taglen=16; unsigned char decryptag[16]; unsigned char j0[16]; memcpy(j0, nonce, 12); j0[12]=0; j0[13]=0; j0[14]=0; j0[15]=1; gcm_memory(find_cipher("aes"), key, 32, nonce, 12, 0, 0, m+16, mlen-16, c+16, tag, &taglen ,GCM_ENCRYPT); memcpy(c, tag, 16); }
int symmetricDecrypt(unsigned char *key, unsigned long keylen, unsigned char *in, unsigned long len, unsigned char *IV, unsigned long ivlen) { symmetric_CTR ctr; int err; /* register aes first */ if (register_cipher(&rijndael_desc) == -1) { return ERROR_REG_AES; } /* start up CTR mode */ if ((err = ctr_start( find_cipher("rijndael"), /* index of desired cipher */ IV, /* the initial vecoter */ key, /* the secret key */ keylen, /* length of secret key */ 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) ) != CRYPT_OK) { return err; } // if ((err = ctr_setiv( IV, /* the initial IV we gave to ctr_start */ // 16, /* the IV is 16 bytes long */ // &ctr) /* the ctr state we wish to modify */ // ) != CRYPT_OK) { // printf("ctr_setiv error: %s\n", error_to_string(err)); // return -1; // } if ((err = ctr_decrypt( in, /* plaintext */ in, /* ciphertext */ len, /* length of plaintext */ &ctr) /* CTR state */ ) != CRYPT_OK) { return err; } if ((err = ctr_done(&ctr)) != CRYPT_OK) { return err; } return CRYPT_OK; }
void ltc_init_3DES_ECB(void) { int cipherID; unsigned char key[ENCRYPTION_KEY_LENGTH]; TRACE_DEBUG("LTC: Initializing ECB...\n\r"); // Register cipher register_cipher(&des3_desc); cipherID = find_cipher("3des"); // Load key ASCII2Hex(ENCRYPTION_KEY, key, ENCRYPTION_KEY_LENGTH); // Start decryption mode ecb_start(cipherID, key, ENCRYPTION_KEY_LENGTH, 0, &sECB); TRACE_DEBUG("LTC: Initialization done.\n\r"); }
/** Find a cipher flexibly. First by name then if not present by block and key size @param name The name of the cipher desired @param blocklen The minimum length of the block cipher desired (octets) @param keylen The minimum length of the key size desired (octets) @return >= 0 if found, -1 if not present */ int find_cipher_any(const char *name, int blocklen, int keylen) { int x; LTC_ARGCHK(name != NULL); x = find_cipher(name); if (x != -1) return x; for (x = 0; x < TAB_SIZE; x++) { if (cipher_descriptor[x].name == NULL) { continue; } if (blocklen <= (int)cipher_descriptor[x].block_length && keylen <= (int)cipher_descriptor[x].max_key_length) { return x; } } return -1; }
void DB_AuthLoad_InitCrypto() { if (ffVersion < 319) { return; } register_hash(&sha256_desc); register_cipher(&aes_desc); unsigned char encKey[256]; DB_ReadXFileRawData(encKey, 256); ZoneKey key; DB_AuthLoad_DecryptKey(encKey, &key); int aes = find_cipher("aes"); ctr_start(aes, key.iv, key.key, sizeof(key.key), 0, 0, &ffCTR); memcpy(ffIV, key.iv, sizeof(ffIV)); }
/** Find a cipher flexibly. First by name then if not present by block and key size @param name The name of the cipher desired @param blocklen The minimum length of the block cipher desired (octets) @param keylen The minimum length of the key size desired (octets) @return >= 0 if found, -1 if not present */ int find_cipher_any(const char *name, int blocklen, int keylen) { int x; if(name != NULL) { x = find_cipher(name); if (x != -1) return x; } LTC_MUTEX_LOCK(<c_cipher_mutex); for (x = 0; x < TAB_SIZE; x++) { if (cipher_descriptor[x].name == NULL) { continue; } if (blocklen <= (int)cipher_descriptor[x].block_length && keylen <= (int)cipher_descriptor[x].max_key_length) { LTC_MUTEX_UNLOCK(<c_cipher_mutex); return x; } } LTC_MUTEX_UNLOCK(<c_cipher_mutex); return -1; }
void CAESModule::encrypt(Tools::CSecureMemory &rCypherText, Tools::CSecureMemory const &rPlainText) const { FASSERT(mKey.getSize() == gKeySize); Tools::CSecureMemory IV; getRandomIV(IV); Tools::CSecureMemory PaddedPlainText; getPadding(PaddedPlainText, rPlainText); int ErrorCode; rCypherText.allocate(PaddedPlainText.getSize()+IV.getSize()); std::memcpy(&rCypherText[0], &IV[0], IV.getSize()); int const Cipher = find_cipher("rijndael"); FASSERT(Cipher != -1); symmetric_CBC CBCMode; ErrorCode = cbc_start(Cipher, &IV[0], &mKey[0], static_cast<unsigned long>(mKey.getSize()), 0, &CBCMode); if (ErrorCode != CRYPT_OK) { throw ExInternalError(std::string("Cannot setup AES cipher: ") + std::string(error_to_string(ErrorCode))); } ErrorCode = cbc_encrypt(&PaddedPlainText[0], &rCypherText[IV.getSize()], static_cast<unsigned long>(PaddedPlainText.getSize()), &CBCMode); if (ErrorCode != CRYPT_OK) { throw ExInternalError(std::string("Error during encryption: ") + std::string(error_to_string(ErrorCode))); } ErrorCode = cbc_done(&CBCMode); if (ErrorCode != CRYPT_OK) { throw ExInternalError(std::string("Error when closing encryption stream: ") + std::string(error_to_string(ErrorCode))); } return; }
void ltc_init_AES_CBC(void) { int cipherID; unsigned char key[ENCRYPTION_KEY_LENGTH]; unsigned char IV[ENCRYPTION_BLOCK_LENGTH]; TRACE_DEBUG("LTC: Initializing CBC...\n\r"); // Register cipher register_cipher(&rijndael_desc); cipherID = find_cipher("rijndael"); // Load key ASCII2Hex(ENCRYPTION_KEY, key, ENCRYPTION_KEY_LENGTH); // Load IV ASCII2Hex(ENCRYPTION_IV, IV, ENCRYPTION_BLOCK_LENGTH); // Start decryption mode cbc_start(cipherID, IV, key, ENCRYPTION_KEY_LENGTH, 0, &sCBC); TRACE_DEBUG("LTC: Initialization done.\n\r"); }
void ltc_init_3DES_CTR(void) { int cipherID; unsigned char key[ENCRYPTION_KEY_LENGTH]; unsigned char IV[ENCRYPTION_BLOCK_LENGTH]; TRACE_DEBUG("LTC: Initializing CTR...\n\r"); // Register cipher register_cipher(&des3_desc); cipherID = find_cipher("3des"); // Load key ASCII2Hex(ENCRYPTION_KEY, key, ENCRYPTION_KEY_LENGTH); // Load IV ASCII2Hex(ENCRYPTION_IV, IV, ENCRYPTION_BLOCK_LENGTH); // Start decryption mode ctr_start(cipherID, IV, key, ENCRYPTION_KEY_LENGTH, 0, CTR_COUNTER_BIG_ENDIAN, &sCTR); TRACE_DEBUG("LTC: Initialization done.\n\r"); }
/** Test the GCM code @return CRYPT_OK on success */ int gcm_test(void) { #ifndef LTC_TEST return CRYPT_NOP; #else static const struct { unsigned char K[32]; int keylen; unsigned char P[128]; unsigned long ptlen; unsigned char A[128]; unsigned long alen; unsigned char IV[128]; unsigned long IVlen; unsigned char C[128]; unsigned char T[16]; } tests[] = { /* test case #1 */ { /* key */ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 16, /* plaintext */ { 0 }, 0, /* AAD data */ { 0 }, 0, /* IV */ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 12, /* ciphertext */ { 0 }, /* tag */ { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a } }, /* test case #2 */ { /* key */ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 16, /* PT */ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 16, /* ADATA */ { 0 }, 0, /* IV */ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 12, /* CT */ { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 }, /* TAG */ { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf } }, /* test case #3 */ { /* key */ { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, }, 16, /* PT */ { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, }, 64, /* ADATA */ { 0 }, 0, /* IV */ { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, }, 12, /* CT */ { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85, }, /* TAG */ { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4, } }, /* test case #4 */ { /* key */ { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, }, 16, /* PT */ { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39, }, 60, /* ADATA */ { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2, }, 20, /* IV */ { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, }, 12, /* CT */ { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 0x3d, 0x58, 0xe0, 0x91, }, /* TAG */ { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, } }, /* test case #5 */ { /* key */ { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, }, 16, /* PT */ { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39, }, 60, /* ADATA */ { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2, }, 20, /* IV */ { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, }, 8, /* CT */ { 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a, 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55, 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8, 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23, 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2, 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42, 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07, 0xc2, 0x3f, 0x45, 0x98, }, /* TAG */ { 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb, } }, /* test case #6 */ { /* key */ { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, }, 16, /* PT */ { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39, }, 60, /* ADATA */ { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2, }, 20, /* IV */ { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, 0xa6, 0x37, 0xb3, 0x9b, }, 60, /* CT */ { 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6, 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94, 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8, 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7, 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90, 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f, 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03, 0x4c, 0x34, 0xae, 0xe5, }, /* TAG */ { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50, } }, /* test case #46 from BG (catches the LTC bug of v1.15) */ { /* key */ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 16, /* PT */ { 0xa2, 0xaa, 0xb3, 0xad, 0x8b, 0x17, 0xac, 0xdd, 0xa2, 0x88, 0x42, 0x6c, 0xd7, 0xc4, 0x29, 0xb7, 0xca, 0x86, 0xb7, 0xac, 0xa0, 0x58, 0x09, 0xc7, 0x0c, 0xe8, 0x2d, 0xb2, 0x57, 0x11, 0xcb, 0x53, 0x02, 0xeb, 0x27, 0x43, 0xb0, 0x36, 0xf3, 0xd7, 0x50, 0xd6, 0xcf, 0x0d, 0xc0, 0xac, 0xb9, 0x29, 0x50, 0xd5, 0x46, 0xdb, 0x30, 0x8f, 0x93, 0xb4, 0xff, 0x24, 0x4a, 0xfa, 0x9d, 0xc7, 0x2b, 0xcd, 0x75, 0x8d, 0x2c }, 67, /* ADATA */ { 0x68, 0x8e, 0x1a, 0xa9, 0x84, 0xde, 0x92, 0x6d, 0xc7, 0xb4, 0xc4, 0x7f, 0x44 }, 13, /* IV */ { 0xb7, 0x21, 0x38, 0xb5, 0xa0, 0x5f, 0xf5, 0x07, 0x0e, 0x8c, 0xd9, 0x41, 0x83, 0xf7, 0x61, 0xd8 }, 16, /* CT */ { 0xcb, 0xc8, 0xd2, 0xf1, 0x54, 0x81, 0xa4, 0xcc, 0x7d, 0xd1, 0xe1, 0x9a, 0xaa, 0x83, 0xde, 0x56, 0x78, 0x48, 0x3e, 0xc3, 0x59, 0xae, 0x7d, 0xec, 0x2a, 0xb8, 0xd5, 0x34, 0xe0, 0x90, 0x6f, 0x4b, 0x46, 0x63, 0xfa, 0xff, 0x58, 0xa8, 0xb2, 0xd7, 0x33, 0xb8, 0x45, 0xee, 0xf7, 0xc9, 0xb3, 0x31, 0xe9, 0xe1, 0x0e, 0xb2, 0x61, 0x2c, 0x99, 0x5f, 0xeb, 0x1a, 0xc1, 0x5a, 0x62, 0x86, 0xcc, 0xe8, 0xb2, 0x97, 0xa8 }, /* TAG */ { 0x8d, 0x2d, 0x2a, 0x93, 0x72, 0x62, 0x6f, 0x6b, 0xee, 0x85, 0x80, 0x27, 0x6a, 0x63, 0x66, 0xbf } } /* rest of test cases are the same except AES key size changes... ignored... */ }; int idx, err; unsigned long x, y; unsigned char out[2][128], T[2][16]; /* find aes */ idx = find_cipher("aes"); if (idx == -1) { idx = find_cipher("rijndael"); if (idx == -1) { return CRYPT_NOP; } } for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { y = sizeof(T[0]); if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen, tests[x].IV, tests[x].IVlen, tests[x].A, tests[x].alen, (unsigned char*)tests[x].P, tests[x].ptlen, out[0], T[0], &y, GCM_ENCRYPT)) != CRYPT_OK) { return err; } if (XMEMCMP(out[0], tests[x].C, tests[x].ptlen)) { #if 0 printf("\nCiphertext wrong %lu\n", x); for (y = 0; y < tests[x].ptlen; y++) { printf("%02x", out[0][y] & 255); } printf("\n"); #endif return CRYPT_FAIL_TESTVECTOR; } if (XMEMCMP(T[0], tests[x].T, 16)) { #if 0 printf("\nTag on plaintext wrong %lu\n", x); for (y = 0; y < 16; y++) { printf("%02x", T[0][y] & 255); } printf("\n"); #endif return CRYPT_FAIL_TESTVECTOR; } y = sizeof(T[1]); if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen, tests[x].IV, tests[x].IVlen, tests[x].A, tests[x].alen, out[1], tests[x].ptlen, out[0], T[1], &y, GCM_DECRYPT)) != CRYPT_OK) { return err; } if (XMEMCMP(out[1], tests[x].P, tests[x].ptlen)) { #if 0 printf("\nplaintext wrong %lu\n", x); for (y = 0; y < tests[x].ptlen; y++) { printf("%02x", out[0][y] & 255); } printf("\n"); #endif return CRYPT_FAIL_TESTVECTOR; } if (XMEMCMP(T[1], tests[x].T, 16)) { #if 0 printf("\nTag on ciphertext wrong %lu\n", x); for (y = 0; y < 16; y++) { printf("%02x", T[1][y] & 255); } printf("\n"); #endif return CRYPT_FAIL_TESTVECTOR; } } return CRYPT_OK; #endif }
/** Test LRW against specs @return CRYPT_OK if goodly */ int lrw_test(void) { #ifndef LTC_TEST return CRYPT_NOP; #else static const struct { unsigned char key[16], tweak[16], IV[16], P[16], expected_tweak[16], C[16]; } tests[] = { { { 0x45, 0x62, 0xac, 0x25, 0xf8, 0x28, 0x17, 0x6d, 0x4c, 0x26, 0x84, 0x14, 0xb5, 0x68, 0x01, 0x85 }, { 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03, 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 }, { 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03, 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 }, { 0xf1, 0xb2, 0x73, 0xcd, 0x65, 0xa3, 0xdf, 0x5f, 0xe9, 0x5d, 0x48, 0x92, 0x54, 0x63, 0x4e, 0xb8 } }, { { 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c, 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44 }, { 0x35, 0x23, 0xc2, 0xde, 0xc5, 0x69, 0x4f, 0xa8, 0x72, 0xa9, 0xac, 0xa7, 0x0b, 0x2b, 0xee, 0xbc }, { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 }, { 0x1a, 0x91, 0xe1, 0x6f, 0x62, 0xb4, 0xa7, 0xd4, 0x39, 0x54, 0xd6, 0x53, 0x85, 0x95, 0xf7, 0x5e }, { 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5, 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 }, }, { { 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c, 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44 }, { 0x67, 0x53, 0xc9, 0x0c, 0xb7, 0xd8, 0xcd, 0xe5, 0x06, 0xa0, 0x47, 0x78, 0x1a, 0xad, 0x85, 0x11 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 }, { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 }, { 0x1a, 0x91, 0xe1, 0x6f, 0x62, 0xb4, 0xa7, 0xd4, 0x39, 0x54, 0xd6, 0x53, 0x85, 0x95, 0xf7, 0x5e }, { 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5, 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 }, }, { { 0xd8, 0x2a, 0x91, 0x34, 0xb2, 0x6a, 0x56, 0x50, 0x30, 0xfe, 0x69, 0xe2, 0x37, 0x7f, 0x98, 0x47 }, { 0x4e, 0xb5, 0x5d, 0x31, 0x05, 0x97, 0x3a, 0x3f, 0x5e, 0x23, 0xda, 0xfb, 0x5a, 0x45, 0xd6, 0xc0 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 }, { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 }, { 0x18, 0xc9, 0x1f, 0x6d, 0x60, 0x1a, 0x1a, 0x37, 0x5d, 0x0b, 0x0e, 0xf7, 0x3a, 0xd5, 0x74, 0xc4 }, { 0x76, 0x32, 0x21, 0x83, 0xed, 0x8f, 0xf1, 0x82, 0xf9, 0x59, 0x62, 0x03, 0x69, 0x0e, 0x5e, 0x01 }, } }; int idx, err, x; symmetric_LRW lrw; unsigned char buf[2][16]; idx = find_cipher("aes"); if (idx == -1) { idx = find_cipher("rijndael"); if (idx == -1) { return CRYPT_NOP; } } for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { /* schedule it */ if ((err = lrw_start(idx, tests[x].IV, tests[x].key, 16, tests[x].tweak, 0, &lrw)) != CRYPT_OK) { return err; } /* check pad against expected tweak */ if (XMEMCMP(tests[x].expected_tweak, lrw.pad, 16)) { lrw_done(&lrw); return CRYPT_FAIL_TESTVECTOR; } /* process block */ if ((err = lrw_encrypt(tests[x].P, buf[0], 16, &lrw)) != CRYPT_OK) { lrw_done(&lrw); return err; } if (XMEMCMP(buf[0], tests[x].C, 16)) { lrw_done(&lrw); return CRYPT_FAIL_TESTVECTOR; } /* process block */ if ((err = lrw_setiv(tests[x].IV, 16, &lrw)) != CRYPT_OK) { lrw_done(&lrw); return err; } if ((err = lrw_decrypt(buf[0], buf[1], 16, &lrw)) != CRYPT_OK) { lrw_done(&lrw); return err; } if (XMEMCMP(buf[1], tests[x].P, 16)) { lrw_done(&lrw); return CRYPT_FAIL_TESTVECTOR; } if ((err = lrw_done(&lrw)) != CRYPT_OK) { return err; } } return CRYPT_OK; #endif }
/* Generate the actual encryption/integrity keys, using the results of the * key exchange, as specified in section 5.2 of the IETF secsh-transport * draft. This occurs after the DH key-exchange. * * ses.newkeys is the new set of keys which are generated, these are only * taken into use after both sides have sent a newkeys message */ static void gen_new_keys() { unsigned char IV[MAX_IV_LEN]; unsigned char key[MAX_KEY_LEN]; hash_state hs; unsigned int keysize; TRACE(("enter gen_new_keys")); /* the dh_K and hash are the start of all hashes, we make use of that */ sha1_init(&hs); sha1_process_mp(&hs, ses.dh_K); mp_clear(ses.dh_K); m_free(ses.dh_K); sha1_process(&hs, ses.hash, SHA1_HASH_SIZE); m_burn(ses.hash, SHA1_HASH_SIZE); /* client->server IV */ hashkeys(IV, SHA1_HASH_SIZE, &hs, 'A'); /* client->server encryption key */ keysize = ses.newkeys->recv_algo_crypt->keysize; hashkeys(key, keysize, &hs, 'C'); if (cbc_start( find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name), IV, key, keysize, 0, &ses.newkeys->recv_symmetric_struct) != CRYPT_OK) { dropbear_exit("crypto error"); } /* server->client IV */ hashkeys(IV, SHA1_HASH_SIZE, &hs, 'B'); /* server->client encryption key */ keysize = ses.newkeys->trans_algo_crypt->keysize; hashkeys(key, keysize, &hs, 'D'); if (cbc_start( find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name), IV, key, keysize, 0, &ses.newkeys->trans_symmetric_struct) != CRYPT_OK) { dropbear_exit("crypto error"); } /* MAC key client->server */ keysize = ses.newkeys->recv_algo_mac->keysize; hashkeys(ses.newkeys->recvmackey, keysize, &hs, 'E'); /* MAC key server->client */ keysize = ses.newkeys->trans_algo_mac->keysize; hashkeys(ses.newkeys->transmackey, keysize, &hs, 'F'); #ifndef DISABLE_ZLIB gen_new_zstreams(); #endif /* Switch over to the new keys */ m_burn(ses.keys, sizeof(struct key_context)); m_free(ses.keys); ses.keys = ses.newkeys; ses.newkeys = NULL; TRACE(("leave gen_new_keys")); }
/** Test the EAX implementation @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled */ int eax_test(void) { #ifndef LTC_TEST return CRYPT_NOP; #else static const struct { int keylen, noncelen, headerlen, msglen; unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE], header[MAXBLOCKSIZE], plaintext[MAXBLOCKSIZE], ciphertext[MAXBLOCKSIZE], tag[MAXBLOCKSIZE]; } tests[] = { /* NULL message */ { 16, 0, 0, 0, /* key */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* nonce */ { 0 }, /* header */ { 0 }, /* plaintext */ { 0 }, /* ciphertext */ { 0 }, /* tag */ { 0x9a, 0xd0, 0x7e, 0x7d, 0xbf, 0xf3, 0x01, 0xf5, 0x05, 0xde, 0x59, 0x6b, 0x96, 0x15, 0xdf, 0xff } }, /* test with nonce */ { 16, 16, 0, 0, /* key */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* header */ { 0 }, /* plaintext */ { 0 }, /* ciphertext */ { 0 }, /* tag */ { 0x1c, 0xe1, 0x0d, 0x3e, 0xff, 0xd4, 0xca, 0xdb, 0xe2, 0xe4, 0x4b, 0x58, 0xd6, 0x0a, 0xb9, 0xec } }, /* test with header [no nonce] */ { 16, 0, 16, 0, /* key */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* nonce */ { 0 }, /* header */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* plaintext */ { 0 }, /* ciphertext */ { 0 }, /* tag */ { 0x3a, 0x69, 0x8f, 0x7a, 0x27, 0x0e, 0x51, 0xb0, 0xf6, 0x5b, 0x3d, 0x3e, 0x47, 0x19, 0x3c, 0xff } }, /* test with header + nonce + plaintext */ { 16, 16, 16, 32, /* key */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* header */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* plaintext */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* ciphertext */ { 0x29, 0xd8, 0x78, 0xd1, 0xa3, 0xbe, 0x85, 0x7b, 0x6f, 0xb8, 0xc8, 0xea, 0x59, 0x50, 0xa7, 0x78, 0x33, 0x1f, 0xbf, 0x2c, 0xcf, 0x33, 0x98, 0x6f, 0x35, 0xe8, 0xcf, 0x12, 0x1d, 0xcb, 0x30, 0xbc }, /* tag */ { 0x4f, 0xbe, 0x03, 0x38, 0xbe, 0x1c, 0x8c, 0x7e, 0x1d, 0x7a, 0xe7, 0xe4, 0x5b, 0x92, 0xc5, 0x87 } }, /* test with header + nonce + plaintext [not even sizes!] */ { 16, 15, 14, 29, /* key */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e }, /* header */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d }, /* plaintext */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c }, /* ciphertext */ { 0xdd, 0x25, 0xc7, 0x54, 0xc5, 0xb1, 0x7c, 0x59, 0x28, 0xb6, 0x9b, 0x73, 0x15, 0x5f, 0x7b, 0xb8, 0x88, 0x8f, 0xaf, 0x37, 0x09, 0x1a, 0xd9, 0x2c, 0x8a, 0x24, 0xdb, 0x86, 0x8b }, /* tag */ { 0x0d, 0x1a, 0x14, 0xe5, 0x22, 0x24, 0xff, 0xd2, 0x3a, 0x05, 0xfa, 0x02, 0xcd, 0xef, 0x52, 0xda } }, /* Vectors from Brian Gladman */ { 16, 16, 8, 0, /* key */ { 0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f, 0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78 }, /* nonce */ { 0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07, 0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3 }, /* header */ { 0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b }, /* PT */ { 0x00 }, /* CT */ { 0x00 }, /* tag */ { 0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b, 0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01 } }, { 16, 16, 8, 2, /* key */ { 0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b, 0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4 }, /* nonce */ { 0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84, 0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd }, /* header */ { 0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa }, /* PT */ { 0xf7, 0xfb }, /* CT */ { 0x19, 0xdd }, /* tag */ { 0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda, 0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5 } }, { 16, 16, 8, 5, /* key */ { 0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7, 0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23 }, /* nonce */ { 0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84, 0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e }, /* header */ { 0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6 }, /* PT */ { 0x1a, 0x47, 0xcb, 0x49, 0x33 }, /* CT */ { 0xd8, 0x51, 0xd5, 0xba, 0xe0 }, /* Tag */ { 0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19, 0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80 } } }; int err, x, idx, res; unsigned long len; unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE]; /* AES can be under rijndael or aes... try to find it */ if ((idx = find_cipher("aes")) == -1) { if ((idx = find_cipher("rijndael")) == -1) { return CRYPT_NOP; } } for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { len = sizeof(outtag); if ((err = eax_encrypt_authenticate_memory(idx, tests[x].key, tests[x].keylen, tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen, tests[x].plaintext, tests[x].msglen, outct, outtag, &len)) != CRYPT_OK) { return err; } if (memcmp(outct, tests[x].ciphertext, tests[x].msglen) || memcmp(outtag, tests[x].tag, len)) { #if 0 unsigned long y; printf("\n\nFailure: \nCT:\n"); for (y = 0; y < (unsigned long)tests[x].msglen; ) { printf("0x%02x", outct[y]); if (y < (unsigned long)(tests[x].msglen-1)) printf(", "); if (!(++y % 8)) printf("\n"); } printf("\nTAG:\n"); for (y = 0; y < len; ) { printf("0x%02x", outtag[y]); if (y < len-1) printf(", "); if (!(++y % 8)) printf("\n"); } #endif return CRYPT_FAIL_TESTVECTOR; } /* test decrypt */ if ((err = eax_decrypt_verify_memory(idx, tests[x].key, tests[x].keylen, tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen, outct, tests[x].msglen, outct, outtag, len, &res)) != CRYPT_OK) { return err; } if ((res != 1) || memcmp(outct, tests[x].plaintext, tests[x].msglen)) { #if 0 unsigned long y; printf("\n\nFailure (res == %d): \nPT:\n", res); for (y = 0; y < (unsigned long)tests[x].msglen; ) { printf("0x%02x", outct[y]); if (y < (unsigned long)(tests[x].msglen-1)) printf(", "); if (!(++y % 8)) printf("\n"); } printf("\n\n"); #endif return CRYPT_FAIL_TESTVECTOR; } } return CRYPT_OK; #endif /* LTC_TEST */ }
SCLError CCM_Encrypt(uint8_t *key, size_t keyLen, uint8_t *seq, size_t seqLen, const uint8_t *in, size_t inLen, uint8_t **outData, size_t *outSize, uint8_t *outTag, size_t tagSize) { SCLError err = kSCLError_NoErr; int status = CRYPT_OK; uint8_t bytes2Pad; uint8_t *buffer = NULL; size_t buffLen = 0; int IVlen = keyLen >>1; unsigned char T[32]; unsigned long tagLen = 0; unsigned long tag2Copy = tagSize; ValidateParam (tagSize <= sizeof(T)); /* calclulate Pad byte */ if(inLen < MIN_MSG_BLOCKSIZE) { bytes2Pad = MIN_MSG_BLOCKSIZE - inLen; } else { bytes2Pad = roundup(inLen, MSG_BLOCKSIZE) + MSG_BLOCKSIZE - inLen; }; buffLen = inLen + bytes2Pad; buffer = XMALLOC(buffLen); memcpy(buffer, in, inLen); memset(buffer+inLen, bytes2Pad, bytes2Pad); tagLen = sizeof(T); status = ccm_memory(find_cipher("aes"), key, IVlen , NULL, key+ IVlen, IVlen, seq, seqLen, buffer, buffLen, buffer, T, &tagLen , CCM_ENCRYPT); CKSTAT; *outData = buffer; *outSize = buffLen; memcpy(outTag, T, tag2Copy); done: if(status != CRYPT_OK) { if(buffer) { memset(buffer, buffLen, 0); XFREE(buffer); } err = sCrypt2SCLError(status); } return err; }