/*
* Decrypts a file using AES
*/
int AesDecrypt(Aes* aes, byte* key, int size, FILE* inFile, FILE* outFile)
{
RNG rng;
byte iv[AES_BLOCK_SIZE];
byte* input;
byte* output;
byte salt[SALT_SIZE] = {0};
int i = 0;
int ret = 0;
int length;
int aSize;
fseek(inFile, 0, SEEK_END);
length = ftell(inFile);
fseek(inFile, 0, SEEK_SET);
aSize = length;
input = malloc(aSize);
output = malloc(aSize);
wc_InitRng(&rng);
/* reads from inFile and writes whatever is there to the input array */
ret = fread(input, 1, length, inFile);
if (ret == 0) {
printf("Input file does not exist.\n");
return -1010;
}
for (i = 0; i < SALT_SIZE; i++) {
/* finds salt from input message */
salt[i] = input[i];
}
for (i = SALT_SIZE; i < AES_BLOCK_SIZE + SALT_SIZE; i++) {
/* finds iv from input message */
iv[i - SALT_SIZE] = input[i];
}
/* replicates old key if keys match */
ret = wc_PBKDF2(key, key, strlen((const char*)key), salt, SALT_SIZE, 4096,
size, WC_SHA256);
if (ret != 0)
return -1050;
/* sets key */
ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
if (ret != 0)
return -1002;
/* change length to remove salt/iv block from being decrypted */
length -= (AES_BLOCK_SIZE + SALT_SIZE);
for (i = 0; i < length; i++) {
/* shifts message: ignores salt/iv on message*/
input[i] = input[i + (AES_BLOCK_SIZE + SALT_SIZE)];
}
/* decrypts the message to output based on input length + padding*/
ret = wc_AesCbcDecrypt(aes, output, input, length);
if (ret != 0)
return -1006;
if (salt[0] != 0) {
/* reduces length based on number of padded elements */
length -= output[length-1];
}
/* writes output to the outFile based on shortened length */
fwrite(output, 1, length, outFile);
/* closes the opened files and frees the memory*/
memset(input, 0, aSize);
memset(output, 0, aSize);
memset(key, 0, size);
free(input);
free(output);
free(key);
fclose(inFile);
fclose(outFile);
wc_FreeRng(&rng);
return 0;
}
/* check mcapi aes cbc */
static int check_aescbc(void)
{
CRYPT_AES_CTX mcAes;
Aes defAes;
int ret;
byte out1[AES_TEST_SIZE];
byte out2[AES_TEST_SIZE];
strncpy((char*)key, "1234567890abcdefghijklmnopqrstuv", 32);
strncpy((char*)iv, "1234567890abcdef", 16);
/* 128 cbc encrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 16, iv, CRYPT_AES_ENCRYPTION);
if (ret != 0) {
printf("mcapi aes-128 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 16, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("default aes-128 key set failed\n");
return -1;
}
ret = CRYPT_AES_CBC_Encrypt(&mcAes, out1, ourData, AES_TEST_SIZE);
if (ret != 0) {
printf("mcapi aes-128 cbc encrypt failed\n");
return -1;
}
wc_AesCbcEncrypt(&defAes, out2, ourData, AES_TEST_SIZE);
if (memcmp(out1, out2, AES_TEST_SIZE) != 0) {
printf("mcapi aes-128 cbc encrypt cmp failed\n");
return -1;
}
/* 128 cbc decrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 16, iv, CRYPT_AES_DECRYPTION);
if (ret != 0) {
printf("mcapi aes-128 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 16, iv, DES_DECRYPTION);
if (ret != 0) {
printf("default aes-128 key set failed\n");
return -1;
}
ret = CRYPT_AES_CBC_Decrypt(&mcAes, out2, out1, AES_TEST_SIZE);
if (ret != 0) {
printf("mcapi aes-128 cbc decrypt failed\n");
return -1;
}
wc_AesCbcDecrypt(&defAes, out1, out1, AES_TEST_SIZE);
if (memcmp(out1, out2, AES_TEST_SIZE) != 0) {
printf("mcapi aes-128 cbc decrypt cmp failed\n");
return -1;
}
if (memcmp(out1, ourData, AES_TEST_SIZE) != 0) {
printf("mcapi aes-128 cbc decrypt orig cmp failed\n");
return -1;
}
/* 192 cbc encrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 24, iv, CRYPT_AES_ENCRYPTION);
if (ret != 0) {
printf("mcapi aes-192 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 24, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("default aes-192 key set failed\n");
return -1;
}
ret = CRYPT_AES_CBC_Encrypt(&mcAes, out1, ourData, AES_TEST_SIZE);
if (ret != 0) {
printf("mcapi aes-192 cbc encrypt failed\n");
return -1;
}
wc_AesCbcEncrypt(&defAes, out2, ourData, AES_TEST_SIZE);
if (memcmp(out1, out2, AES_TEST_SIZE) != 0) {
printf("mcapi aes-192 cbc encrypt cmp failed\n");
return -1;
}
/* 192 cbc decrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 24, iv, CRYPT_AES_DECRYPTION);
if (ret != 0) {
printf("mcapi aes-192 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 24, iv, AES_DECRYPTION);
if (ret != 0) {
printf("default aes-192 key set failed\n");
return -1;
}
ret = CRYPT_AES_CBC_Decrypt(&mcAes, out2, out1, AES_TEST_SIZE);
if (ret != 0) {
printf("mcapi aes-192 cbc decrypt failed\n");
return -1;
}
wc_AesCbcDecrypt(&defAes, out1, out1, AES_TEST_SIZE);
if (memcmp(out1, out2, AES_TEST_SIZE) != 0) {
printf("mcapi aes-192 cbc decrypt cmp failed\n");
return -1;
}
if (memcmp(out1, ourData, AES_TEST_SIZE) != 0) {
printf("mcapi aes-192 cbc decrypt orig cmp failed\n");
return -1;
}
/* 256 cbc encrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 32, iv, CRYPT_AES_ENCRYPTION);
if (ret != 0) {
printf("mcapi aes-256 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 32, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("default aes-256 key set failed\n");
return -1;
}
ret = CRYPT_AES_CBC_Encrypt(&mcAes, out1, ourData, AES_TEST_SIZE);
if (ret != 0) {
printf("mcapi aes-256 cbc encrypt failed\n");
return -1;
}
wc_AesCbcEncrypt(&defAes, out2, ourData, AES_TEST_SIZE);
if (memcmp(out1, out2, AES_TEST_SIZE) != 0) {
printf("mcapi aes-256 cbc encrypt cmp failed\n");
return -1;
}
/* 256 cbc decrypt */
ret = CRYPT_AES_KeySet(&mcAes, key, 32, iv, CRYPT_AES_DECRYPTION);
if (ret != 0) {
printf("mcapi aes-256 key set failed\n");
return -1;
}
ret = wc_AesSetKey(&defAes, key, 32, iv, AES_DECRYPTION);
if (ret != 0) {
printf("default aes-256 key set failed\n");
return -1;
}
ret = CRYPT_AES_CBC_Decrypt(&mcAes, out2, out1, AES_TEST_SIZE);
if (ret != 0) {
printf("mcapi aes-256 cbc decrypt failed\n");
return -1;
}
wc_AesCbcDecrypt(&defAes, out1, out1, AES_TEST_SIZE);
if (memcmp(out1, out2, AES_TEST_SIZE) != 0) {
printf("mcapi aes-256 cbc decrypt cmp failed\n");
return -1;
}
if (memcmp(out1, ourData, AES_TEST_SIZE) != 0) {
printf("mcapi aes-256 cbc decrypt orig cmp failed\n");
return -1;
}
printf("aes-cbc mcapi test passed\n");
return 0;
}
