/* * CBC decryption routine * size of 'input' has to be multiple of 16 * 'input' contains cleartext on exit * 'iv' must hold the same 16 byte initialization vector * that has been used to encrypt the cleartext */ int decryptCBC(unsigned char *input, int len, unsigned char *key, int klen, unsigned char *iv) { int i; unsigned char w[32 * 15] = {0}; unsigned char k[32] = {0}; unsigned char piv[16]; unsigned char tpiv[16]; if (input == 0 || key == 0 || iv == 0) { return 0; } memcpy(piv, iv, 16); memcpy(k, key, min(klen, 32)); KeyExpansion(k, w, 8); for (i = 0; i < len; i += 16) { int n; memcpy(tpiv, &input[i], 16); decryptBlock(&input[i], &input[i], w, 14); for (n = 0; n < 16; n++) { input[i+n] ^= piv[n]; } memcpy(piv, tpiv, 16); } return 1; }
//Decrypts cipher with AES cipher void AES::decrypt(int keySize, uint64_t numBytes, uint8_t*& data, uint8_t* key) { int size=numBytes-16; //don't worry about iv uint8_t* decrypted=new uint8_t[size]; for(int i=0;i<size;i++) //copy over data decrypted[i]=data[i+16]; uint8_t* expandedKey=expandKey(keySize,key); //generate expanded key for(int i=0;i<(int) numBytes/16;i++) { //decrypt each block decryptBlock(keySize,decrypted+i*16,expandedKey); } /* int padding=decrypted[size-1]; //len of padding uint8_t* unpadded=new uint8_t[numBytes-padding]; for(int i=0;i<(int)numBytes-padding;i++) unpadded[i]=decrypted[i]; delete decrypted; data=unpadded;*/ data=decrypted; }
static int doDecrypt(FILE *logfp, FILE *eifp, FILE *outfp) { off64_t blkEnd; off64_t currOffs = 0; int r = 1; int fd; struct stat buf; while(1) { /* process block */ if(initCrypt(eifp) != 0) goto done; /* set blkEnd to size of logfp and proceed. */ if((fd = fileno(logfp)) == -1) { r = -1; goto done; } if((r = fstat(fd, &buf)) != 0) goto done; blkEnd = buf.st_size; r = eiGetEND(eifp, &blkEnd); if(r != 0 && r != 1) goto done; decryptBlock(logfp, outfp, blkEnd, &currOffs); gcry_cipher_close(gcry_chd); } r = 0; done: return r; }
u_char * Blowfish::decode(const u_char *message, u_int Size) { u_int resSize = Size; u_char* result = new u_char[resSize]; for (u_int i = 0; i < Size; i++) result[i] = message[i]; for (u_int i = 0; i < resSize; i += 8) { decryptBlock((u_int*)(result+i), (u_int*)(result+i+4)); } return result; }
static int doDecrypt(FILE *logfp, FILE *eifp, FILE *outfp) { off64_t blkEnd; off64_t currOffs = 0; int r; while(1) { /* process block */ if(initCrypt(eifp) != 0) goto done; if((r = eiGetEND(eifp, &blkEnd)) != 0) goto done; decryptBlock(logfp, outfp, blkEnd, &currOffs); gcry_cipher_close(gcry_chd); } r = 0; done: return r; }
/* * ECB decryption routine * size of 'input' has to be multiple of 16 * 'input' contains cleartext on exit */ int decrypt(unsigned char *input, int len, unsigned char *key, int klen) { int i; unsigned char w[32 * 15] = {0}; unsigned char k[32] = {0}; if (input == 0 || key == 0) { return 0; } memcpy(k, key, min(klen, 32)); KeyExpansion(k, w, 8); for (i = 0; i < len; i += 16) { decryptBlock(&input[i], &input[i], w, 14); } return 1; }
//Decrypts stream with AES cipher void AES::decryptStream (int keySize, std::istream* in, std::ostream* out, uint8_t* key) { uint8_t* expandedKey=expandKey(keySize,key); //generate expanded key uint8_t block[16]; in->read((char*)block,16); //skips first 16 bytes of iv while(!in->eof()) { in->read((char*)block,16); decryptBlock(keySize,block,expandedKey); in->get(); //check if next is eof if(!in->eof()) { out->write((char*)block,16); } else { out->write((char*)block,16-block[15]); } in->unget(); //go back } }
QString QtAes::decrypt(const QString &input) const { // from base64 QByteArray base64Array; base64Array.append(input); QByteArray inArray = QByteArray::fromBase64(base64Array); // decrypt every block QByteArray outArray; const unsigned char *inbuffer = (const unsigned char *)inArray.data(); int remain = inArray.length(); while(remain > 0) { decryptBlock(inbuffer, outArray); remain -= AES_BLOCK_SIZE; inbuffer += AES_BLOCK_SIZE; } // DONE return QString::fromUtf8(outArray); }
void PayloadConfidentialBlock::decrypt(dtn::data::Bundle& bundle, const dtn::security::SecurityKey &long_key) { // list of block to delete if the process is successful std::list<const dtn::data::Block*> erasure_list; // load the RSA key RSA *rsa_key = long_key.getRSA(); try { // array for the current symmetric AES key unsigned char key[ibrcommon::AES128Stream::key_size_in_bytes]; // correlator of the first PCB dtn::data::Number correlator = 0; bool decrypt_related = false; // iterate through all blocks for (dtn::data::Bundle::iterator it = bundle.begin(); it != bundle.end(); ++it) { try { dynamic_cast<const PayloadIntegrityBlock&>(**it); // add this block to the erasure list for later deletion erasure_list.push_back(&**it); } catch (const std::bad_cast&) { }; try { const PayloadConfidentialBlock &pcb = dynamic_cast<const PayloadConfidentialBlock&>(**it); // get salt and key uint32_t salt = getSalt(pcb._ciphersuite_params); // decrypt related blocks if (decrypt_related) { // try to decrypt the block try { decryptBlock(bundle, it, salt, key); // success! add this block to the erasue list erasure_list.push_back(&**it); } catch (const ibrcommon::Exception&) { IBRCOMMON_LOGGER_TAG("PayloadConfidentialBlock", critical) << "tag verfication failed, reversing decryption..." << IBRCOMMON_LOGGER_ENDL; decryptBlock(bundle, it, salt, key); // abort the decryption and discard the bundle? throw ibrcommon::Exception("decrypt of correlated block reversed, tag verfication failed"); } } // if security destination does match the key, then try to decrypt the payload else if (pcb.isSecurityDestination(bundle, long_key.reference) && (pcb._ciphersuite_id == SecurityBlock::PCB_RSA_AES128_PAYLOAD_PIB_PCB)) { // try to decrypt the symmetric AES key if (!getKey(pcb._ciphersuite_params, key, ibrcommon::AES128Stream::key_size_in_bytes, rsa_key)) { IBRCOMMON_LOGGER_TAG("PayloadConfidentialBlock", critical) << "could not get symmetric key decrypted" << IBRCOMMON_LOGGER_ENDL; throw ibrcommon::Exception("decrypt failed - could not get symmetric key decrypted"); } // try to decrypt the payload if (!decryptPayload(bundle, key, salt)) { // reverse decryption IBRCOMMON_LOGGER_TAG("PayloadConfidentialBlock", critical) << "tag verfication failed, reversing decryption..." << IBRCOMMON_LOGGER_ENDL; decryptPayload(bundle, key, salt); throw ibrcommon::Exception("decrypt reversed - tag verfication failed"); } // success! add this block to the erasue list erasure_list.push_back(&**it); // check if first PCB has a correlator if (pcb._ciphersuite_flags & CONTAINS_CORRELATOR) { // ... and decrypt all correlated block with the same key decrypt_related = true; // store the correlator correlator = pcb._correlator; } else { // no correlated blocks should exists // stop here with decryption break; } } else { // exit here, because we can not decrypt the first PCB. throw ibrcommon::Exception("unable to decrypt the first PCB"); } } catch (const std::bad_cast&) { }; } // delete all block in the erasure list for (std::list<const dtn::data::Block* >::const_iterator it = erasure_list.begin(); it != erasure_list.end(); ++it) { bundle.remove(**it); } } catch (const std::exception&) { long_key.free(rsa_key); throw; } long_key.free(rsa_key); }