u8 * eap_sim_parse_encr(const u8 *k_encr, const u8 *encr_data, size_t encr_data_len, const u8 *iv, struct eap_sim_attrs *attr, int aka) { u8 *decrypted; if (!iv) { wpa_printf(MSG_INFO, "EAP-SIM: Encrypted data, but no IV"); return NULL; } decrypted = os_malloc(encr_data_len); if (decrypted == NULL) return NULL; os_memcpy(decrypted, encr_data, encr_data_len); if (aes_128_cbc_decrypt(k_encr, iv, decrypted, encr_data_len)) { os_free(decrypted); return NULL; } wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Decrypted AT_ENCR_DATA", decrypted, encr_data_len); if (eap_sim_parse_attr(decrypted, decrypted + encr_data_len, attr, aka, 1)) { wpa_printf(MSG_INFO, "EAP-SIM: (encr) Failed to parse " "decrypted AT_ENCR_DATA"); os_free(decrypted); return NULL; } return decrypted; }
int main( int argc, char** argv ) { w12ibe_pub_params* pub; w12ibe_sk_id* sk; int file_len; GByteArray* aes_buf; GByteArray* plt; GByteArray* ct_buf; w12ibe_ct* ct; element_t m; parse_args(argc, argv); pub = w12ibe_pub_unserialize(suck_file(pub_file), 1); sk = w12ibe_sk_id_unserialize(pub, suck_file(prv_file), 1); read_w12ibe_file(in_file, &ct_buf, &file_len, &aes_buf); ct = w12ibe_ct_unserialize(pub, ct_buf, 1); if( !w12ibe_dec(pub, ct, sk, m) ) die("%s", w12ibe_error()); w12ibe_ct_free(ct); plt = aes_128_cbc_decrypt(aes_buf, m); g_byte_array_set_size(plt, file_len); g_byte_array_free(aes_buf, 1); //maybe I should free the sk too. However, it should be automatically been free when execution ends. spit_file(out_file, plt, 1); if( !keep ) unlink(in_file); return 0; }
int main() { int ret; struct mmaped_bytes file_bytes; ret = file_content(&file_bytes, "10.txt"); if (ret != 0) { return ret; } struct malloced_bytes data_bytes; ret = base64_to_bytes(&data_bytes, file_bytes.data, file_bytes.size); if (ret != 0) { fini_mmaped_bytes(&file_bytes); return ret; } struct static_bytes key_bytes; str_literal(&key_bytes, "YELLOW SUBMARINE"); uint8_t iv_bytes[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; struct malloced_bytes decrypted_bytes; ret = aes_128_cbc_decrypt(&decrypted_bytes, iv_bytes, 16, key_bytes.data, key_bytes.size, data_bytes.data, data_bytes.size); if (ret != 0) { fini_malloced_bytes(&data_bytes); fini_mmaped_bytes(&file_bytes); return ret; } uint8_t last_byte = decrypted_bytes.data[decrypted_bytes.size - 1]; size_t size; if (last_byte < 16) { size = decrypted_bytes.size - last_byte; } else { size = decrypted_bytes.size; } for (size_t i = 0; i < size; ++i) { printf("%c", decrypted_bytes.data[i]); } fini_malloced_bytes(&decrypted_bytes); fini_malloced_bytes(&data_bytes); fini_mmaped_bytes(&file_bytes); return ret; }
struct wpabuf * wps_decrypt_encr_settings(struct wps_data *wps, const u8 *encr, size_t encr_len) { struct wpabuf *decrypted; const size_t block_size = 16; size_t i; u8 pad; const u8 *pos; /* AES-128-CBC */ if (encr == NULL || encr_len < 2 * block_size || encr_len % block_size) { wpa_printf(MSG_DEBUG, "WPS: No Encrypted Settings received"); return NULL; } decrypted = wpabuf_alloc(encr_len - block_size); if (decrypted == NULL) return NULL; wpa_hexdump(MSG_MSGDUMP, "WPS: Encrypted Settings", encr, encr_len); wpabuf_put_data(decrypted, encr + block_size, encr_len - block_size); if (aes_128_cbc_decrypt(wps->keywrapkey, encr, wpabuf_mhead(decrypted), wpabuf_len(decrypted))) { wpabuf_free(decrypted); return NULL; } wpa_hexdump_buf_key(MSG_MSGDUMP, "WPS: Decrypted Encrypted Settings", decrypted); pos = wpabuf_head_u8(decrypted) + wpabuf_len(decrypted) - 1; pad = *pos; if (pad > wpabuf_len(decrypted)) { wpa_printf(MSG_DEBUG, "WPS: Invalid PKCS#5 v2.0 pad value"); wpabuf_free(decrypted); return NULL; } for (i = 0; i < pad; i++) { if (*pos-- != pad) { wpa_printf(MSG_DEBUG, "WPS: Invalid PKCS#5 v2.0 pad " "string"); wpabuf_free(decrypted); return NULL; } } decrypted->used -= pad; return decrypted; }
int eap_eke_decrypt_prot(struct eap_eke_session *sess, const u8 *prot, size_t prot_len, u8 *data, size_t *data_len) { size_t block_size, icv_len; u8 icv[EAP_EKE_MAX_HASH_LEN]; if (sess->encr == EAP_EKE_ENCR_AES128_CBC) block_size = AES_BLOCK_SIZE; else return -1; if (sess->mac == EAP_EKE_PRF_HMAC_SHA1) icv_len = SHA1_MAC_LEN; else if (sess->mac == EAP_EKE_PRF_HMAC_SHA2_256) icv_len = SHA256_MAC_LEN; else return -1; if (prot_len < 2 * block_size + icv_len || (prot_len - icv_len) % block_size) return -1; if (eap_eke_mac(sess->mac, sess->ki, prot + block_size, prot_len - block_size - icv_len, icv) < 0) return -1; if (os_memcmp_const(icv, prot + prot_len - icv_len, icv_len) != 0) { wpa_printf(MSG_INFO, "EAP-EKE: ICV mismatch in Prot() data"); return -1; } if (*data_len < prot_len - block_size - icv_len) { wpa_printf(MSG_INFO, "EAP-EKE: Not enough room for decrypted Prot() data"); return -1; } *data_len = prot_len - block_size - icv_len; os_memcpy(data, prot + block_size, *data_len); if (aes_128_cbc_decrypt(sess->ke, prot, data, *data_len) < 0) { wpa_printf(MSG_INFO, "EAP-EKE: Failed to decrypt Prot() data"); return -1; } wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Decrypted Prot() data", data, *data_len); return 0; }
int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key, const u8 *dhpriv, const u8 *peer_dhcomp) { u8 zeros[EAP_EKE_MAX_HASH_LEN]; u8 peer_pub[EAP_EKE_MAX_DH_LEN]; u8 modexp[EAP_EKE_MAX_DH_LEN]; size_t len; const struct dh_group *dh; dh = eap_eke_dh_group(sess->dhgroup); if (sess->encr != EAP_EKE_ENCR_AES128_CBC || !dh) return -1; /* Decrypt peer DHComponent */ os_memcpy(peer_pub, peer_dhcomp + AES_BLOCK_SIZE, dh->prime_len); if (aes_128_cbc_decrypt(key, peer_dhcomp, peer_pub, dh->prime_len) < 0) { wpa_printf(MSG_INFO, "EAP-EKE: Failed to decrypt DHComponent"); return -1; } wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Decrypted peer DH pubkey", peer_pub, dh->prime_len); /* SharedSecret = prf(0+, g ^ (x_s * x_p) (mod p)) */ len = dh->prime_len; if (crypto_dh_derive_secret(*dh->generator, dh->prime, dh->prime_len, NULL, 0, dhpriv, dh->prime_len, peer_pub, dh->prime_len, modexp, &len) < 0) return -1; if (len < dh->prime_len) { size_t pad = dh->prime_len - len; os_memmove(modexp + pad, modexp, len); os_memset(modexp, 0, pad); } os_memset(zeros, 0, sess->auth_len); if (eap_eke_prf(sess->prf, zeros, sess->auth_len, modexp, dh->prime_len, NULL, 0, sess->shared_secret) < 0) return -1; wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: SharedSecret", sess->shared_secret, sess->auth_len); return 0; }
/** * @brief Unwrap key with AES Key Wrap Algorithm (128-bit KEK) * * @param pCipTxt Wrapped key to be unwrapped * @param TextLen Length of the wrapped key in bytes (16 bytes) * @param pPlainTxt Plaintext key * @param pKEK Key encryption key (KEK) * @param KeyLen Length of KEK in bytes (must be divisible by 16) * @param IV Encryption IV for CBC mode (16 bytes) * @return 0 on success, -1 on failure */ int MrvAES_UnWrap(u8 * pCipTxt, u32 TextLen, u8 * pPlainTxt, u8 * pKEK, u32 KeyLen, u8 * IV) { u8 *buf; buf = (u8 *) crypto_mem_malloc(TextLen); if (buf == NULL) { crypto_e("MrvAES_UnWrap malloc failed!\n"); return -WM_FAIL; } memcpy(buf, pCipTxt, TextLen); aes_128_cbc_decrypt(pKEK, IV, buf, TextLen); memcpy(pPlainTxt, buf, TextLen); crypto_mem_free(buf); return WM_SUCCESS; }
int main( int argc, char** argv ) { bswabe_pub_t* pub; bswabe_prv_t* prv; int file_len; GByteArray* aes_buf; GByteArray* plt; GByteArray* cph_buf; bswabe_cph_t* cph; element_t m; parse_args(argc, argv); pub = bswabe_pub_unserialize(suck_file(pub_file), 1); prv = bswabe_prv_unserialize(pub, suck_file(prv_file), 1); read_cpabe_file(in_file, &cph_buf, &file_len, &aes_buf); cph = bswabe_cph_unserialize(pub, cph_buf, 1); if( !bswabe_dec(pub, prv, cph, m) ) die("%s", bswabe_error()); bswabe_cph_free(cph); plt = aes_128_cbc_decrypt(aes_buf, m); g_byte_array_set_size(plt, file_len); g_byte_array_free(aes_buf, 1); spit_file(out_file, plt, 1); if( !keep ) unlink(in_file); /* report ops if necessary */ /* if( report_ops ) */ /* printf("pairings: %5d\n" */ /* "exponentiations: %5d\n" */ /* "multiplications: %5d\n", num_pairings, num_exps, num_muls); */ return 0; }
static int test_cbc(void) { struct cbc_test_vector { u8 key[16]; u8 iv[16]; u8 plain[32]; u8 cipher[32]; size_t len; } vectors[] = { { { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b, 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 }, { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }, "Single block msg", { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8, 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a }, 16 }, { { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a }, { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }, { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a, 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a, 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 }, 32 } }; int ret = 0; u8 *buf; unsigned int i; for (i = 0; i < ARRAY_SIZE(vectors); i++) { struct cbc_test_vector *tv = &vectors[i]; buf = malloc(tv->len); if (buf == NULL) { ret++; break; } memcpy(buf, tv->plain, tv->len); if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) || memcmp(buf, tv->cipher, tv->len) != 0) { printf("AES-CBC encrypt %d failed\n", i); ret++; } memcpy(buf, tv->cipher, tv->len); if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) || memcmp(buf, tv->plain, tv->len) != 0) { printf("AES-CBC decrypt %d failed\n", i); ret++; } free(buf); } return ret; }