/****************
* This filter is used to en/de-cipher data with a conventional algorithm
*/
int
cipher_filter( void *opaque, int control,
IOBUF a, byte *buf, size_t *ret_len)
{
size_t size = *ret_len;
cipher_filter_context_t *cfx = opaque;
int rc=0;
if( control == IOBUFCTRL_UNDERFLOW ) { /* decrypt */
rc = -1; /* not yet used */
}
else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */
assert(a);
if( !cfx->header ) {
write_header( cfx, a );
}
if (cfx->mdc_hash)
gcry_md_write (cfx->mdc_hash, buf, size);
gcry_cipher_encrypt (cfx->cipher_hd, buf, size, NULL, 0);
rc = iobuf_write( a, buf, size );
}
else if( control == IOBUFCTRL_FREE ) {
if( cfx->mdc_hash ) {
byte *hash;
int hashlen = gcry_md_get_algo_dlen (gcry_md_get_algo
(cfx->mdc_hash));
byte temp[22];
assert( hashlen == 20 );
/* We must hash the prefix of the MDC packet here. */
temp[0] = 0xd3;
temp[1] = 0x14;
gcry_md_putc (cfx->mdc_hash, temp[0]);
gcry_md_putc (cfx->mdc_hash, temp[1]);
gcry_md_final (cfx->mdc_hash);
hash = gcry_md_read (cfx->mdc_hash, 0);
memcpy(temp+2, hash, 20);
gcry_cipher_encrypt (cfx->cipher_hd, temp, 22, NULL, 0);
gcry_md_close (cfx->mdc_hash); cfx->mdc_hash = NULL;
if( iobuf_write( a, temp, 22 ) )
log_error("writing MDC packet failed\n" );
}
gcry_cipher_close (cfx->cipher_hd);
}
else if( control == IOBUFCTRL_DESC ) {
*(char**)buf = "cipher_filter";
}
return rc;
}
std::string crypt_plugin::do_crypto( unsigned short len )
{
char *b, *r, *buff;
std::string out;
gcry_cipher_hd_t hand;
gcry_cipher_open( &hand, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS );
gcry_cipher_setiv( hand, NULL, 0 );
b = new char[16];
gcry_randomize( b, 16, GCRY_STRONG_RANDOM );
gcry_cipher_setkey( hand, b, 16 );
buff = new char[len];
r = new char[len+1];
gcry_randomize( r, len, GCRY_STRONG_RANDOM );
gcry_cipher_encrypt( hand, buff, len, r, len );
delete b;
memset( r, 0, len+1 );
for( unsigned int i = 0; i < len; i++ ) {
int k = 1 + (int) (92.0 * ((float)buff[i] / 256.0));
if( k < 0 )
k *= -1;
r[i] = k+34;
}
gcry_cipher_close(hand);
out = r;
delete buff;
delete r;
return out;
}
static void
bench_gcm_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen)
{
gcry_cipher_hd_t hd = obj->priv;
int err;
char tag[16];
char nonce[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce,
0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, };
gcry_cipher_setiv (hd, nonce, sizeof (nonce));
err = gcry_cipher_encrypt (hd, buf, buflen, buf, buflen);
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_encrypt failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
err = gcry_cipher_gettag (hd, tag, sizeof (tag));
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_gettag failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
}
static int xencrypt(gcry_cipher_hd_t hd, int blklen, const char *iv,
void *dst, size_t dstlen, const void *src, size_t srclen)
{
int i;
gcry_error_t err = 0;
char *s = (char *) src, *d = dst;
if(dstlen < srclen)
return xmsg(-1, VPN_DEBUG,
"not enough space to put encrypted data!\n");
for(i = 0; i < srclen; i+=blklen, s+=blklen, d+=blklen) {
err = gcry_cipher_setiv(hd, iv, blklen);
if(err) {
xmsg(0, VPN_DEBUG, "encrypt iv mismatch: %s\n", gpg_strerror(err));
break;
}
err = gcry_cipher_encrypt(hd, d, blklen, s, blklen);
if(err) {
xmsg(0, VPN_DEBUG, "encrypt failed: %s\n", gpg_strerror(err));
break;
}
}
return err ? -1 : i;
}
int aes_ctr (char* key, int keyLength, char* inFile, long fileLength, char*
ctrInit, int blockLength,
char** outFile){
gcry_error_t err;
gcry_cipher_hd_t aeshd;
err = gcry_cipher_open(&aeshd, GCRY_CIPHER_AES256,
GCRY_CIPHER_MODE_CTR,
GCRY_CIPHER_SECURE);
if(err){return CIPHER_OPEN_ERROR;}
err = gcry_cipher_setkey(aeshd, key, keyLength);
if(err){return CIPHER_SETKEY_ERROR;}
err = gcry_cipher_setctr(aeshd, ctrInit, blockLength);
if(err){return CIPHER_SETCTR_ERROR;}
*outFile = (char*)(malloc(fileLength * sizeof(char)));
DPRINT("going to enc/dec now\n");
err = gcry_cipher_encrypt(aeshd, *outFile, fileLength, inFile, fileLength);
if(err){return CIPHER_ENCRYPT_ERROR;}
DPRINT("done with enc/dec\n");
gcry_cipher_close(aeshd);
return NONE;
}
static void
bench_aead_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen,
const char *nonce, size_t noncelen)
{
gcry_cipher_hd_t hd = obj->priv;
int err;
char tag[16];
gcry_cipher_setiv (hd, nonce, noncelen);
gcry_cipher_final (hd);
err = gcry_cipher_encrypt (hd, buf, buflen, buf, buflen);
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_encrypt failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
err = gcry_cipher_gettag (hd, tag, sizeof (tag));
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_gettag failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
}
netmd_error netmd_secure_setup_download(netmd_dev_handle *dev,
unsigned char *contentid,
unsigned char *key_encryption_key,
unsigned char *sessionkey)
{
unsigned char cmdhdr[] = { 0x00, 0x00 };
unsigned char data[32] = { 0x01, 0x01, 0x01, 0x01 /* ... */};
unsigned char cmd[sizeof(cmdhdr) + sizeof(data)];
unsigned char iv[8] = { 0 };
gcry_cipher_hd_t handle;
netmd_response response;
netmd_error error;
memcpy(data + 4, contentid, 20);
memcpy(data + 24, key_encryption_key, 8);
gcry_cipher_open(&handle, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0);
gcry_cipher_setkey(handle, sessionkey, 8);
gcry_cipher_setiv(handle, iv, 8);
gcry_cipher_encrypt(handle, data, sizeof(data), NULL, 0);
gcry_cipher_close(handle);
memcpy(cmd, cmdhdr, sizeof(cmdhdr));
memcpy(cmd + sizeof(cmdhdr), data, 32);
error = netmd_exch_secure_msg(dev, 0x22, cmd, sizeof(cmd), &response);
netmd_check_response_bulk(&response, cmdhdr, sizeof(cmdhdr), &error);
return error;
}
netmd_error netmd_secure_commit_track(netmd_dev_handle *dev, uint16_t track,
unsigned char* sessionkey)
{
unsigned char cmdhdr[] = {0x00, 0x10, 0x01};
unsigned char cmd[sizeof(cmdhdr) + sizeof(track) + 8];
unsigned char *buf;
gcry_cipher_hd_t handle;
unsigned char hash[8] = { 0 };
netmd_response response;
netmd_error error;
buf = cmd;
memcpy(buf, cmdhdr, sizeof(cmdhdr));
buf += sizeof(cmdhdr);
netmd_copy_word_to_buffer(&buf, track, 0);
gcry_cipher_open(&handle, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(handle, sessionkey, 8);
gcry_cipher_encrypt(handle, buf, sizeof(hash), hash, sizeof(hash));
buf += sizeof(hash);
gcry_cipher_close(handle);
error = netmd_exch_secure_msg(dev, 0x48, cmd, sizeof(cmd), &response);
netmd_check_response_bulk(&response, cmdhdr, sizeof(cmdhdr), &error);
netmd_check_response_word(&response, track, &error);
return error;
}
/**
* @brief Digest a buffer using SHA-256 and cipher using AES-128 with CBC.
*/
int crypt_sha_aes_sign(crypt_context_t *context, char *inBuffer, char *encBuffer, unsigned int buffLen, char *iniVector) {
int rv;
ASSERT(context, rv, CRYPT_FAILED, "crypt_sha_aes_sign: Argument is NULL.\n");
ASSERT(inBuffer, rv, CRYPT_FAILED, "crypt_sha_aes_sign: Argument is NULL.\n");
ASSERT(encBuffer, rv, CRYPT_FAILED, "crypt_sha_aes_sign: Argument is NULL.\n");
ASSERT(iniVector, rv, CRYPT_FAILED, "crypt_sha_aes_sign: Argument is NULL.\n");
ASSERT(context->initialised, rv, CRYPT_FAILED, "crypt_sha_aes_sign: Context is not initialised.\n");
char midBuffer[32];
gcry_error_t gcryError;
gcry_cipher_hd_t gcryCipherHd = NULL;
size_t keyLength = gcry_cipher_get_algo_keylen(GCRY_CIPHER_AES128);
size_t blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER_AES128);
gcry_md_hash_buffer(GCRY_MD_SHA256, midBuffer, inBuffer, buffLen);
gcryError = gcry_cipher_open(&gcryCipherHd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0);
ASSERT(!gcryError, rv, CRYPT_FAILED, "crypt_sha_aes_sign: %s: %s\n", gcry_strsource(gcryError), gcry_strerror(gcryError));
gcryError = gcry_cipher_setkey(gcryCipherHd, context->secretKey, keyLength);
ASSERT(!gcryError, rv, CRYPT_FAILED, "crypt_sha_aes_sign: %s: %s\n", gcry_strsource(gcryError), gcry_strerror(gcryError));
gcryError = gcry_cipher_setiv(gcryCipherHd, iniVector, blkLength);
ASSERT(!gcryError, rv, CRYPT_FAILED, "crypt_sha_aes_sign: %s: %s\n", gcry_strsource(gcryError), gcry_strerror(gcryError));
gcryError = gcry_cipher_encrypt(gcryCipherHd, encBuffer, buffLen, midBuffer, buffLen);
ASSERT(!gcryError, rv, CRYPT_FAILED, "crypt_sha_aes_sign: %s: %s\n", gcry_strsource(gcryError), gcry_strerror(gcryError));
_err:
if(gcryCipherHd)
gcry_cipher_close(gcryCipherHd);
return rv;
}
static void
encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
{
gcry_cipher_hd_t hd;
byte buf[33];
assert ( dek->keylen <= 32 );
if (!*seskey)
{
*seskey=xmalloc_clear(sizeof(DEK));
(*seskey)->keylen=dek->keylen;
(*seskey)->algo=dek->algo;
make_session_key(*seskey);
/*log_hexdump( "thekey", c->key, c->keylen );*/
}
/* The encrypted session key is prefixed with a one-octet algorithm id. */
buf[0] = (*seskey)->algo;
memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen );
/* We only pass already checked values to the following fucntion,
thus we consider any failure as fatal. */
if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
BUG ();
if (gcry_cipher_setkey (hd, dek->key, dek->keylen))
BUG ();
gcry_cipher_setiv (hd, NULL, 0);
gcry_cipher_encrypt (hd, buf, (*seskey)->keylen + 1, NULL, 0);
gcry_cipher_close (hd);
memcpy( enckey, buf, (*seskey)->keylen + 1 );
wipememory( buf, sizeof buf ); /* burn key */
}
static void CTR(const guint8 *ws, guint8 *pK, guint8 *pN, guint16 SizeN)
{
gcry_cipher_hd_t cipher_hd;
guint8 ctr[EAX_SIZEOF_KEY];
BLK_CPY(ctr, ws);
ctr[12] &= 0x7f;
ctr[14] &= 0x7f;
/* open the cipher */
if (gcry_cipher_open(&cipher_hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0)) {
return;
}
if (gcry_cipher_setkey(cipher_hd, pK, EAX_SIZEOF_KEY)) {
gcry_cipher_close(cipher_hd);
return;
}
if (gcry_cipher_setctr(cipher_hd, ctr, EAX_SIZEOF_KEY)) {
gcry_cipher_close(cipher_hd);
return;
}
if (gcry_cipher_encrypt(cipher_hd, pN, SizeN, pN, SizeN)) {
gcry_cipher_close(cipher_hd);
return;
}
gcry_cipher_close(cipher_hd);
return;
}
static void dCMAC(guint8 *pK, guint8 *ws, const guint8 *pN, guint16 SizeN, const guint8 *pC, guint16 SizeC)
{
gcry_cipher_hd_t cipher_hd;
guint8 *work;
guint8 *ptr;
guint16 SizeT = SizeN + SizeC;
guint16 worksize = SizeT;
/* worksize must be an integral multiple of 16 */
if (SizeT & 0xf) {
worksize += 0x10 - (worksize & 0xf);
}
work = (guint8 *)g_malloc(worksize);
if (work == NULL) {
return;
}
memcpy(work, pN, SizeN);
if (pC != NULL) {
memcpy(&work[SizeN], pC, SizeC);
}
/*
* pad the data if necessary, and XOR Q or D, depending on
* whether data was padded or not
*/
if (worksize != SizeT) {
work[SizeT] = 0x80;
for (ptr = &work[SizeT+1]; ptr < &work[worksize]; ptr++)
*ptr = 0;
ptr= &work[worksize-0x10];
BLK_XOR(ptr, instance.Q);
} else {
ptr = &work[worksize-0x10];
BLK_XOR(ptr, instance.D);
}
/* open the cipher */
if (gcry_cipher_open(&cipher_hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC,0)){/* GCRY_CIPHER_CBC_MAC)) { */
g_free(work);
return;
}
if (gcry_cipher_setkey(cipher_hd, pK, EAX_SIZEOF_KEY)) {
g_free(work);
gcry_cipher_close(cipher_hd);
return;
}
if (gcry_cipher_setiv(cipher_hd, ws, EAX_SIZEOF_KEY)) {
g_free(work);
gcry_cipher_close(cipher_hd);
return;
}
if (gcry_cipher_encrypt(cipher_hd, work, worksize, work, worksize)) {
g_free(work);
gcry_cipher_close(cipher_hd);
return;
}
memcpy(ws, ptr, EAX_SIZEOF_KEY);
g_free(work);
gcry_cipher_close(cipher_hd);
return;
}
virtual void encrypt(void const *in,void *out,unsigned len)
{
if(len % 16 != 0) {
throw booster::invalid_argument("Invalid block size");
}
if(gcry_cipher_encrypt(enc_,out,len,in,len)!=0) {
throw booster::runtime_error("Encryption failed");
}
}
static void run_gcrypt_cast128(uint8_t *output,
const uint8_t *input, unsigned size)
{
static gcry_cipher_hd_t cast;
if (!cast)
gcry_cipher_open(&cast, GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(cast, hardcoded_key, 16);
gcry_cipher_encrypt(cast, output, size, input, size);
}
static void run_gcrypt_aes128(uint8_t *output,
const uint8_t *input, unsigned size)
{
static gcry_cipher_hd_t aes;
if (!aes)
gcry_cipher_open(&aes, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(aes, hardcoded_key, 16);
gcry_cipher_encrypt(aes, output, size, input, size);
}
static gpg_error_t
new_data (const char *string, struct secret_data_s **r_data)
{
gpg_error_t err;
struct secret_data_s *d, *d_enc;
size_t length;
int total;
int res;
*r_data = NULL;
err = init_encryption ();
if (err)
return err;
length = strlen (string) + 1;
/* We pad the data to 32 bytes so that it get more complicated
finding something out by watching allocation patterns. This is
usally not possible but we better assume nothing about our secure
storage provider. To support the AESWRAP mode we need to add 8
extra bytes as well. */
total = (length + 8) + 32 - ((length+8) % 32);
d = xtrymalloc_secure (sizeof *d + total - 1);
if (!d)
return gpg_error_from_syserror ();
memcpy (d->data, string, length);
d_enc = xtrymalloc (sizeof *d_enc + total - 1);
if (!d_enc)
{
err = gpg_error_from_syserror ();
xfree (d);
return err;
}
d_enc->totallen = total;
res = npth_mutex_lock (&encryption_lock);
if (res)
log_fatal ("failed to acquire cache encryption mutex: %s\n",
strerror (res));
err = gcry_cipher_encrypt (encryption_handle, d_enc->data, total,
d->data, total - 8);
xfree (d);
res = npth_mutex_unlock (&encryption_lock);
if (res)
log_fatal ("failed to release cache encryption mutex: %s\n", strerror (res));
if (err)
{
xfree (d_enc);
return err;
}
*r_data = d_enc;
return 0;
}
void gcrypt_encrypt(void *obj, char *in, char *out, size_t blocks) {
gcry_error_t err = 0;
err = gcry_cipher_encrypt(*(gcry_cipher_hd_t *)obj, out, blocks * MY_BLOCKSIZE, in, blocks * MY_BLOCKSIZE);
if (err != GPG_ERR_NO_ERROR) {
printf("Error encrypting %u\n", err);
exit(1);
}
}
Gc_rc
gc_cipher_encrypt_inline (gc_cipher_handle handle, size_t len, char *data)
{
if (gcry_cipher_encrypt ((gcry_cipher_hd_t) handle,
data, len, NULL, len) != 0)
return GC_INVALID_CIPHER;
return GC_OK;
}
static ssize_t enc_write(io_private_t *f, const void *d, size_t l)
{
size_t remainder[2] = { l, f->buffer_crypt->block - f->buffer_crypt->offset[0] }; /* 0: length of data yet to buffer (from d); 1: available space in output buffer (stream) */
if (!d && !l)
{
#if defined(__DEBUG__) && !defined(__DEBUG_WITH_ENCRYPTION__)
memset(f->buffer_crypt->stream + f->buffer_crypt->offset[0], 0x00, remainder[1]);
#else
gcry_create_nonce(f->buffer_crypt->stream + f->buffer_crypt->offset[0], remainder[1]);
gcry_cipher_encrypt(f->cipher_handle, f->buffer_crypt->stream, f->buffer_crypt->block, NULL, 0);
#endif
ssize_t e = ecc_write(f, f->buffer_crypt->stream, f->buffer_crypt->block);
ecc_sync(f);
f->buffer_crypt->block = 0;
gcry_free(f->buffer_crypt->stream);
f->buffer_crypt->stream = NULL;
memset(f->buffer_crypt->offset, 0x00, sizeof f->buffer_crypt->offset);
return e;
}
f->buffer_crypt->offset[1] = 0;
while (remainder[0])
{
if (remainder[0] < remainder[1])
{
memcpy(f->buffer_crypt->stream + f->buffer_crypt->offset[0], d + f->buffer_crypt->offset[1], remainder[0]);
f->buffer_crypt->offset[0] += remainder[0];
return l;
}
memcpy(f->buffer_crypt->stream + f->buffer_crypt->offset[0], d + f->buffer_crypt->offset[1], remainder[1]);
#if !defined(__DEBUG__) || defined(__DEBUG_WITH_ENCRYPTION__)
gcry_cipher_encrypt(f->cipher_handle, f->buffer_crypt->stream, f->buffer_crypt->block, NULL, 0);
#endif
ssize_t e = EXIT_SUCCESS;
if ((e = ecc_write(f, f->buffer_crypt->stream, f->buffer_crypt->block)) < 0)
return e;
f->buffer_crypt->offset[0] = 0;
memset(f->buffer_crypt->stream, 0x00, f->buffer_crypt->block);
f->buffer_crypt->offset[1] += remainder[1];
remainder[0] -= remainder[1];
remainder[1] = f->buffer_crypt->block - f->buffer_crypt->offset[0];
}
return l;
}
static gboolean
service_encode_aes_secret (SecretSession *session,
SecretValue *value,
GVariantBuilder *builder)
{
gcry_cipher_hd_t cih;
guchar *padded;
gsize n_padded, pos;
gcry_error_t gcry;
gpointer iv;
gconstpointer secret;
gsize n_secret;
GVariant *child;
g_variant_builder_add (builder, "o", session->path);
/* Create the cipher */
gcry = gcry_cipher_open (&cih, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
if (gcry != 0) {
g_warning ("couldn't create AES cipher: %s", gcry_strerror (gcry));
return FALSE;
}
secret = secret_value_get (value, &n_secret);
/* Perform the encoding here */
padded = pkcs7_pad_bytes_in_secure_memory (secret, n_secret, &n_padded);
g_assert (padded != NULL);
/* Setup the IV */
iv = g_malloc0 (16);
gcry_create_nonce (iv, 16);
gcry = gcry_cipher_setiv (cih, iv, 16);
g_return_val_if_fail (gcry == 0, FALSE);
/* Setup the key */
gcry = gcry_cipher_setkey (cih, session->key, session->n_key);
g_return_val_if_fail (gcry == 0, FALSE);
/* Perform the encryption */
for (pos = 0; pos < n_padded; pos += 16) {
gcry = gcry_cipher_encrypt (cih, (guchar*)padded + pos, 16, NULL, 0);
g_return_val_if_fail (gcry == 0, FALSE);
}
gcry_cipher_close (cih);
child = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), iv, 16, TRUE, g_free, iv);
g_variant_builder_add_value (builder, child);
child = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), padded, n_padded, TRUE, egg_secure_free, padded);
g_variant_builder_add_value (builder, child);
g_variant_builder_add (builder, "s", secret_value_get_content_type (value));
return TRUE;
}
void inject_command(pcap_t *fp, gcry_cipher_hd_t * hd,char * dst_mac, char * command, int len, unsigned long * seqnum){
char pkt[1000];
u_char buf[1024];
u_char iv[GCRY_IVLEN]={0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11};
len+=SEQ_LEN;
char pkt_len[6];
char type[] = { 0x00,0x00,0x0d,0x00,0x04,0x80,0x02,0x00,0x02,0x00,0x00,0x00,0x00,0x80,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x64,0x00,0x11,0x00,0x00,0x05,
'I', 'N', 'T', 'C', 'P',0x01,0x04,0x82,0x84,0x8b,0x96,0x03,0x01,0x0c,0x04,0x06,0x01,0x02,0x00,0x00,0x00,0x00,0x05,0x04,0x00,0x01,0x00,0x00,0xdd,0x18,0x00,0x50,0xf2,0x01,0x01,
0x00,0x00,0x50,0xf2,0x04,0x01,0x00,0x00,0x50,0xf2,0x04,0x01,0x00,0x00,0x50,0xf2,0x02,0x00,0x00};
u_int tlen=len+MAC_LEN+CHECKSUM_LEN+GCRY_IVLEN;
random_vector(iv,GCRY_IVLEN);
memcpy(&pkt[0],dst_mac,MAC_LEN);
memcpy(&pkt[MAC_LEN],iv,GCRY_IVLEN);
gcry_cipher_setiv(*hd,iv, GCRY_IVLEN);
char cmdseq[1000];
memcpy(cmdseq,command,len);
u_int ac=0;
(*seqnum)++;
if(*seqnum>0xFFFFFFFF){*seqnum=0x01;}
for(ac=0;ac<SEQ_LEN;ac++){
cmdseq[len-1-ac]=(char)((*seqnum)>>(ac*8));
}
gcry_cipher_encrypt(*hd, &pkt[GCRY_IVLEN+MAC_LEN],len , cmdseq, len);
u_int chk=checksum(pkt,tlen);
u_char chkarr[CHECKSUM_LEN];
chkarr[0]=(chk>>8);
chkarr[1]=chk&0x00FF;
memcpy(&pkt[GCRY_IVLEN+MAC_LEN+len], chkarr,CHECKSUM_LEN);
memcpy(buf, type, sizeof(type));
memcpy(buf+sizeof(type), pkt, tlen);
#ifndef MANDO_ABORDO
print_vector(pkt,tlen);
#endif
for(ac=0;ac<BEACONS_PER_REQUEST;ac++){
int inj=pcap_inject(fp,buf, sizeof(type)+sizeof(pkt_len)+tlen);
#ifndef MANDO_ABORDO
printf("\r\n INJ %i",inj);
#endif
}
}
static void
bench_ccm_authenticate_do_bench (struct bench_obj *obj, void *buf,
size_t buflen)
{
gcry_cipher_hd_t hd = obj->priv;
int err;
char tag[8] = { 0, };
char nonce[11] = { 0x80, 0x01, };
u64 params[3];
char data = 0xff;
gcry_cipher_setiv (hd, nonce, sizeof (nonce));
/* Set CCM lengths */
params[0] = sizeof (data); /*datalen */
params[1] = buflen; /*aadlen */
params[2] = sizeof (tag);
err =
gcry_cipher_ctl (hd, GCRYCTL_SET_CCM_LENGTHS, params, sizeof (params));
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_ctl failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
err = gcry_cipher_authenticate (hd, buf, buflen);
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_authenticate failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
err = gcry_cipher_encrypt (hd, &data, sizeof (data), &data, sizeof (data));
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_encrypt failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
err = gcry_cipher_gettag (hd, tag, sizeof (tag));
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_gettag failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
}
/**
* Encrypt a block with a symmetric session key.
*
* @param block the block to encrypt
* @param size the size of the @a block
* @param sessionkey the key used to encrypt
* @param iv the initialization vector to use, use INITVALUE for streams
* @param result the output parameter in which to store the encrypted result
* can be the same or overlap with @c block
* @returns the size of the encrypted block, -1 for errors.
* Due to the use of CFB and therefore an effective stream cipher,
* this size should be the same as @c len.
*/
ssize_t
GNUNET_CRYPTO_symmetric_encrypt (const void *block,
size_t size,
const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
void *result)
{
gcry_cipher_hd_t handle;
char tmp[size];
if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
return -1;
GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
gcry_cipher_close (handle);
if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
return -1;
GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
gcry_cipher_close (handle);
memset (tmp, 0, sizeof (tmp));
return size;
}
guchar*
gkm_data_der_write_private_pkcs8_crypted (gcry_sexp_t skey, const gchar *password,
gsize n_password, gsize *n_data)
{
gcry_error_t gcry;
gcry_cipher_hd_t cih;
GNode *asn = NULL;
guchar *key, *data;
gsize n_key, block = 0;
/* Encode the key in normal pkcs8 fashion */
key = gkm_data_der_write_private_pkcs8_plain (skey, &n_key);
if (key == NULL)
return NULL;
asn = egg_asn1x_create (pkix_asn1_tab, "pkcs-8-EncryptedPrivateKeyInfo");
g_return_val_if_fail (asn, NULL);
/* Create a and write out a cipher used for encryption */
cih = prepare_and_encode_pkcs8_cipher (asn, password, n_password, &block);
g_return_val_if_fail (cih, NULL);
/* Pad the block of data */
if(block > 1) {
gsize pad;
guchar *padded;
pad = block - (n_key % block);
if (pad == 0)
pad = block;
padded = egg_secure_realloc (key, n_key + pad);
memset (padded + n_key, pad, pad);
key = padded;
n_key += pad;
}
gcry = gcry_cipher_encrypt (cih, key, n_key, NULL, 0);
g_return_val_if_fail (gcry == 0, NULL);
gcry_cipher_close (cih);
if (!egg_asn1x_set_string_as_raw (egg_asn1x_node (asn, "encryptedData", NULL),
key, n_key, egg_secure_free))
g_return_val_if_reached (NULL);
data = egg_asn1x_encode (asn, NULL, n_data);
if (data == NULL)
g_warning ("couldn't encode encrypted pkcs8 key: %s", egg_asn1x_message (asn));
egg_asn1x_destroy (asn);
return data;
}
static int
wrap_gcry_cipher_encrypt (void *ctx, const void *plain, size_t plainsize,
void *encr, size_t encrsize)
{
int err;
err = gcry_cipher_encrypt (ctx, encr, encrsize, plain, plainsize);
if (err == 0)
return 0;
gnutls_assert ();
return GNUTLS_E_ENCRYPTION_FAILED;
}
void test_libgcrypt_3des_ecb()
{
gcry_cipher_hd_t encctx;
gcry_cipher_open(&encctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(encctx, enckey, 24);
gcry_cipher_encrypt(encctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(encctx);
gcry_cipher_hd_t decctx;
gcry_cipher_open(&decctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(decctx, enckey, 24);
gcry_cipher_decrypt(decctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(decctx);
}
void test_libgcrypt_blowfish_ecb()
{
gcry_cipher_hd_t encctx;
gcry_cipher_open(&encctx, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(encctx, enckey, 16);
gcry_cipher_encrypt(encctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(encctx);
gcry_cipher_hd_t decctx;
gcry_cipher_open(&decctx, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(decctx, enckey, 16);
gcry_cipher_decrypt(decctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(decctx);
}
void test_libgcrypt_rijndael_ecb()
{
gcry_cipher_hd_t encctx;
gcry_cipher_open(&encctx, GCRY_CIPHER_RIJNDAEL256, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(encctx, enckey, 32);
gcry_cipher_encrypt(encctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(encctx);
gcry_cipher_hd_t decctx;
gcry_cipher_open(&decctx, GCRY_CIPHER_RIJNDAEL256, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(decctx, enckey, 32);
gcry_cipher_decrypt(decctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(decctx);
}
void retailmac(unsigned char *rootkey, unsigned char *hostnonce,
unsigned char *devnonce, unsigned char *sessionkey)
{
gcry_cipher_hd_t handle1;
gcry_cipher_hd_t handle2;
unsigned char des3_key[24] = { 0 };
unsigned char iv[8] = { 0 };
gcry_cipher_open(&handle1, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(handle1, rootkey, 8);
gcry_cipher_encrypt(handle1, iv, 8, hostnonce, 8);
memcpy(des3_key, rootkey, 16);
memcpy(des3_key+16, rootkey, 8);
gcry_cipher_open(&handle2, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
gcry_cipher_setkey(handle2, des3_key, 24);
gcry_cipher_setiv(handle2, iv, 8);
gcry_cipher_encrypt(handle2, sessionkey, 8, devnonce, 8);
gcry_cipher_close(handle1);
gcry_cipher_close(handle2);
}
void test_libgcrypt_serpent_ecb()
{
gcry_cipher_hd_t encctx;
gcry_cipher_open(&encctx, GCRY_CIPHER_SERPENT256, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(encctx, enckey, 32);
gcry_cipher_encrypt(encctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(encctx);
gcry_cipher_hd_t decctx;
gcry_cipher_open(&decctx, GCRY_CIPHER_SERPENT256, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(decctx, enckey, 32);
gcry_cipher_decrypt(decctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(decctx);
}
