u8 * eap_sim_parse_encr(const u8 *k_encr, const u8 *encr_data,
size_t encr_data_len, const u8 *iv,
struct eap_sim_attrs *attr, int aka)
{
u8 *decrypted;
if (!iv) {
wpa_printf(MSG_INFO, "EAP-SIM: Encrypted data, but no IV");
return NULL;
}
decrypted = os_malloc(encr_data_len);
if (decrypted == NULL)
return NULL;
os_memcpy(decrypted, encr_data, encr_data_len);
if (aes_128_cbc_decrypt(k_encr, iv, decrypted, encr_data_len)) {
os_free(decrypted);
return NULL;
}
wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Decrypted AT_ENCR_DATA",
decrypted, encr_data_len);
if (eap_sim_parse_attr(decrypted, decrypted + encr_data_len, attr,
aka, 1)) {
wpa_printf(MSG_INFO, "EAP-SIM: (encr) Failed to parse "
"decrypted AT_ENCR_DATA");
os_free(decrypted);
return NULL;
}
return decrypted;
}
int
main( int argc, char** argv )
{
w12ibe_pub_params* pub;
w12ibe_sk_id* sk;
int file_len;
GByteArray* aes_buf;
GByteArray* plt;
GByteArray* ct_buf;
w12ibe_ct* ct;
element_t m;
parse_args(argc, argv);
pub = w12ibe_pub_unserialize(suck_file(pub_file), 1);
sk = w12ibe_sk_id_unserialize(pub, suck_file(prv_file), 1);
read_w12ibe_file(in_file, &ct_buf, &file_len, &aes_buf);
ct = w12ibe_ct_unserialize(pub, ct_buf, 1);
if( !w12ibe_dec(pub, ct, sk, m) )
die("%s", w12ibe_error());
w12ibe_ct_free(ct);
plt = aes_128_cbc_decrypt(aes_buf, m);
g_byte_array_set_size(plt, file_len);
g_byte_array_free(aes_buf, 1);
//maybe I should free the sk too. However, it should be automatically been free when execution ends.
spit_file(out_file, plt, 1);
if( !keep )
unlink(in_file);
return 0;
}
int main()
{
int ret;
struct mmaped_bytes file_bytes;
ret = file_content(&file_bytes, "10.txt");
if (ret != 0) {
return ret;
}
struct malloced_bytes data_bytes;
ret = base64_to_bytes(&data_bytes, file_bytes.data, file_bytes.size);
if (ret != 0) {
fini_mmaped_bytes(&file_bytes);
return ret;
}
struct static_bytes key_bytes;
str_literal(&key_bytes, "YELLOW SUBMARINE");
uint8_t iv_bytes[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
struct malloced_bytes decrypted_bytes;
ret = aes_128_cbc_decrypt(&decrypted_bytes,
iv_bytes, 16,
key_bytes.data, key_bytes.size,
data_bytes.data, data_bytes.size);
if (ret != 0) {
fini_malloced_bytes(&data_bytes);
fini_mmaped_bytes(&file_bytes);
return ret;
}
uint8_t last_byte = decrypted_bytes.data[decrypted_bytes.size - 1];
size_t size;
if (last_byte < 16) {
size = decrypted_bytes.size - last_byte;
}
else {
size = decrypted_bytes.size;
}
for (size_t i = 0; i < size; ++i) {
printf("%c", decrypted_bytes.data[i]);
}
fini_malloced_bytes(&decrypted_bytes);
fini_malloced_bytes(&data_bytes);
fini_mmaped_bytes(&file_bytes);
return ret;
}
struct wpabuf * wps_decrypt_encr_settings(struct wps_data *wps, const u8 *encr,
size_t encr_len)
{
struct wpabuf *decrypted;
const size_t block_size = 16;
size_t i;
u8 pad;
const u8 *pos;
/* AES-128-CBC */
if (encr == NULL || encr_len < 2 * block_size || encr_len % block_size)
{
wpa_printf(MSG_DEBUG, "WPS: No Encrypted Settings received");
return NULL;
}
decrypted = wpabuf_alloc(encr_len - block_size);
if (decrypted == NULL)
return NULL;
wpa_hexdump(MSG_MSGDUMP, "WPS: Encrypted Settings", encr, encr_len);
wpabuf_put_data(decrypted, encr + block_size, encr_len - block_size);
if (aes_128_cbc_decrypt(wps->keywrapkey, encr, wpabuf_mhead(decrypted),
wpabuf_len(decrypted))) {
wpabuf_free(decrypted);
return NULL;
}
wpa_hexdump_buf_key(MSG_MSGDUMP, "WPS: Decrypted Encrypted Settings",
decrypted);
pos = wpabuf_head_u8(decrypted) + wpabuf_len(decrypted) - 1;
pad = *pos;
if (pad > wpabuf_len(decrypted)) {
wpa_printf(MSG_DEBUG, "WPS: Invalid PKCS#5 v2.0 pad value");
wpabuf_free(decrypted);
return NULL;
}
for (i = 0; i < pad; i++) {
if (*pos-- != pad) {
wpa_printf(MSG_DEBUG, "WPS: Invalid PKCS#5 v2.0 pad "
"string");
wpabuf_free(decrypted);
return NULL;
}
}
decrypted->used -= pad;
return decrypted;
}
int eap_eke_decrypt_prot(struct eap_eke_session *sess,
const u8 *prot, size_t prot_len,
u8 *data, size_t *data_len)
{
size_t block_size, icv_len;
u8 icv[EAP_EKE_MAX_HASH_LEN];
if (sess->encr == EAP_EKE_ENCR_AES128_CBC)
block_size = AES_BLOCK_SIZE;
else
return -1;
if (sess->mac == EAP_EKE_PRF_HMAC_SHA1)
icv_len = SHA1_MAC_LEN;
else if (sess->mac == EAP_EKE_PRF_HMAC_SHA2_256)
icv_len = SHA256_MAC_LEN;
else
return -1;
if (prot_len < 2 * block_size + icv_len ||
(prot_len - icv_len) % block_size)
return -1;
if (eap_eke_mac(sess->mac, sess->ki, prot + block_size,
prot_len - block_size - icv_len, icv) < 0)
return -1;
if (os_memcmp_const(icv, prot + prot_len - icv_len, icv_len) != 0) {
wpa_printf(MSG_INFO, "EAP-EKE: ICV mismatch in Prot() data");
return -1;
}
if (*data_len < prot_len - block_size - icv_len) {
wpa_printf(MSG_INFO, "EAP-EKE: Not enough room for decrypted Prot() data");
return -1;
}
*data_len = prot_len - block_size - icv_len;
os_memcpy(data, prot + block_size, *data_len);
if (aes_128_cbc_decrypt(sess->ke, prot, data, *data_len) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to decrypt Prot() data");
return -1;
}
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Decrypted Prot() data",
data, *data_len);
return 0;
}
int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key,
const u8 *dhpriv, const u8 *peer_dhcomp)
{
u8 zeros[EAP_EKE_MAX_HASH_LEN];
u8 peer_pub[EAP_EKE_MAX_DH_LEN];
u8 modexp[EAP_EKE_MAX_DH_LEN];
size_t len;
const struct dh_group *dh;
dh = eap_eke_dh_group(sess->dhgroup);
if (sess->encr != EAP_EKE_ENCR_AES128_CBC || !dh)
return -1;
/* Decrypt peer DHComponent */
os_memcpy(peer_pub, peer_dhcomp + AES_BLOCK_SIZE, dh->prime_len);
if (aes_128_cbc_decrypt(key, peer_dhcomp, peer_pub, dh->prime_len) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to decrypt DHComponent");
return -1;
}
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Decrypted peer DH pubkey",
peer_pub, dh->prime_len);
/* SharedSecret = prf(0+, g ^ (x_s * x_p) (mod p)) */
len = dh->prime_len;
if (crypto_dh_derive_secret(*dh->generator, dh->prime, dh->prime_len,
NULL, 0, dhpriv, dh->prime_len, peer_pub,
dh->prime_len, modexp, &len) < 0)
return -1;
if (len < dh->prime_len) {
size_t pad = dh->prime_len - len;
os_memmove(modexp + pad, modexp, len);
os_memset(modexp, 0, pad);
}
os_memset(zeros, 0, sess->auth_len);
if (eap_eke_prf(sess->prf, zeros, sess->auth_len, modexp, dh->prime_len,
NULL, 0, sess->shared_secret) < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: SharedSecret",
sess->shared_secret, sess->auth_len);
return 0;
}
/**
* @brief Unwrap key with AES Key Wrap Algorithm (128-bit KEK)
*
* @param pCipTxt Wrapped key to be unwrapped
* @param TextLen Length of the wrapped key in bytes (16 bytes)
* @param pPlainTxt Plaintext key
* @param pKEK Key encryption key (KEK)
* @param KeyLen Length of KEK in bytes (must be divisible by 16)
* @param IV Encryption IV for CBC mode (16 bytes)
* @return 0 on success, -1 on failure
*/
int
MrvAES_UnWrap(u8 * pCipTxt, u32 TextLen, u8 * pPlainTxt, u8 * pKEK, u32 KeyLen,
u8 * IV)
{
u8 *buf;
buf = (u8 *) crypto_mem_malloc(TextLen);
if (buf == NULL) {
crypto_e("MrvAES_UnWrap malloc failed!\n");
return -WM_FAIL;
}
memcpy(buf, pCipTxt, TextLen);
aes_128_cbc_decrypt(pKEK, IV, buf, TextLen);
memcpy(pPlainTxt, buf, TextLen);
crypto_mem_free(buf);
return WM_SUCCESS;
}
int
main( int argc, char** argv )
{
bswabe_pub_t* pub;
bswabe_prv_t* prv;
int file_len;
GByteArray* aes_buf;
GByteArray* plt;
GByteArray* cph_buf;
bswabe_cph_t* cph;
element_t m;
parse_args(argc, argv);
pub = bswabe_pub_unserialize(suck_file(pub_file), 1);
prv = bswabe_prv_unserialize(pub, suck_file(prv_file), 1);
read_cpabe_file(in_file, &cph_buf, &file_len, &aes_buf);
cph = bswabe_cph_unserialize(pub, cph_buf, 1);
if( !bswabe_dec(pub, prv, cph, m) )
die("%s", bswabe_error());
bswabe_cph_free(cph);
plt = aes_128_cbc_decrypt(aes_buf, m);
g_byte_array_set_size(plt, file_len);
g_byte_array_free(aes_buf, 1);
spit_file(out_file, plt, 1);
if( !keep )
unlink(in_file);
/* report ops if necessary */
/* if( report_ops ) */
/* printf("pairings: %5d\n" */
/* "exponentiations: %5d\n" */
/* "multiplications: %5d\n", num_pairings, num_exps, num_muls); */
return 0;
}
static int test_cbc(void)
{
struct cbc_test_vector {
u8 key[16];
u8 iv[16];
u8 plain[32];
u8 cipher[32];
size_t len;
} vectors[] = {
{
{ 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
{ 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
"Single block msg",
{ 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
16
},
{
{ 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
{ 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
{ 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
32
}
};
int ret = 0;
u8 *buf;
unsigned int i;
for (i = 0; i < ARRAY_SIZE(vectors); i++) {
struct cbc_test_vector *tv = &vectors[i];
buf = malloc(tv->len);
if (buf == NULL) {
ret++;
break;
}
memcpy(buf, tv->plain, tv->len);
if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) ||
memcmp(buf, tv->cipher, tv->len) != 0) {
printf("AES-CBC encrypt %d failed\n", i);
ret++;
}
memcpy(buf, tv->cipher, tv->len);
if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) ||
memcmp(buf, tv->plain, tv->len) != 0) {
printf("AES-CBC decrypt %d failed\n", i);
ret++;
}
free(buf);
}
return ret;
}
