/**
* testing function
*/
int crypto_aes_test(void)
{
/* "opaque" encryption, decryption ctx structures
* that libcrypto uses to record status of enc/dec operations */
EVP_CIPHER_CTX *en = NULL;
EVP_CIPHER_CTX *de = NULL;
/* The salt paramter is used as a salt in the derivation:
* it should point to an 8 byte buffer or NULL if no salt is used. */
unsigned char salt[] = {1,2,3,4,5,6,7,8};
unsigned char *key_data;
int key_data_len, i;
char *input[] = {"Kamailio - The Open Source SIP Server",
"Thank you for flying Kamailio!",
"100 Trying\nYour call is important to us",
NULL
};
en = EVP_CIPHER_CTX_new();
if(en==NULL) {
LM_ERR("cannot get new cipher context\n");
return -1;
}
de = EVP_CIPHER_CTX_new();
if(de==NULL) {
EVP_CIPHER_CTX_free(en);
LM_ERR("cannot get new cipher context\n");
return -1;
}
/* the key_data for testing */
key_data = (unsigned char *)"kamailio-sip-server";
key_data_len = strlen((const char *)key_data);
/* gen key and iv. init the cipher ctx object */
if (crypto_aes_init(key_data, key_data_len, salt, en, de)) {
LM_ERR("couldn't initialize AES cipher\n");
return -1;
}
/* encrypt and decrypt each input string and compare with the original */
for (i = 0; input[i]; i++) {
char *plaintext;
unsigned char *ciphertext;
int olen, len;
/* The enc/dec functions deal with binary data and not C strings.
* strlen() will return length of the string without counting the '\0'
* string marker. We always pass in the marker byte to the
* encrypt/decrypt functions so that after decryption we end up with
* a legal C string */
olen = len = strlen(input[i])+1;
ciphertext = crypto_aes_encrypt(en, (unsigned char *)input[i], &len);
plaintext = (char *)crypto_aes_decrypt(de, ciphertext, &len);
if (strncmp(plaintext, input[i], olen))
LM_ERR("FAIL: enc/dec failed for \"%s\"\n", input[i]);
else
LM_NOTICE("OK: enc/dec ok for \"%s\"\n", plaintext);
free(ciphertext);
free(plaintext);
}
EVP_CIPHER_CTX_cleanup(de);
EVP_CIPHER_CTX_free(de);
EVP_CIPHER_CTX_cleanup(en);
EVP_CIPHER_CTX_free(en);
return 0;
}
int ssl3_change_cipher_state(SSL *s, int which)
{
unsigned char *p, *mac_secret;
unsigned char exp_key[EVP_MAX_KEY_LENGTH];
unsigned char exp_iv[EVP_MAX_IV_LENGTH];
unsigned char *ms, *key, *iv;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
#ifndef OPENSSL_NO_COMP
COMP_METHOD *comp;
#endif
const EVP_MD *m;
int mdi;
size_t n, i, j, k, cl;
int reuse_dd = 0;
c = s->s3->tmp.new_sym_enc;
m = s->s3->tmp.new_hash;
/* m == NULL will lead to a crash later */
if (!ossl_assert(m != NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}
#ifndef OPENSSL_NO_COMP
if (s->s3->tmp.new_compression == NULL)
comp = NULL;
else
comp = s->s3->tmp.new_compression->method;
#endif
if (which & SSL3_CC_READ) {
if (s->enc_read_ctx != NULL) {
reuse_dd = 1;
} else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_MALLOC_FAILURE);
goto err;
} else {
/*
* make sure it's initialised in case we exit later with an error
*/
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
}
dd = s->enc_read_ctx;
if (ssl_replace_hash(&s->read_hash, m) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
COMP_CTX_free(s->expand);
s->expand = NULL;
if (comp != NULL) {
s->expand = COMP_CTX_new(comp);
if (s->expand == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SSL3_CHANGE_CIPHER_STATE,
SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err;
}
}
#endif
RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3->read_mac_secret[0]);
} else {
if (s->enc_write_ctx != NULL) {
reuse_dd = 1;
} else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_MALLOC_FAILURE);
goto err;
} else {
/*
* make sure it's initialised in case we exit later with an error
*/
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
}
dd = s->enc_write_ctx;
if (ssl_replace_hash(&s->write_hash, m) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_MALLOC_FAILURE);
goto err;
}
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
COMP_CTX_free(s->compress);
s->compress = NULL;
if (comp != NULL) {
s->compress = COMP_CTX_new(comp);
if (s->compress == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SSL3_CHANGE_CIPHER_STATE,
SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err;
}
}
#endif
RECORD_LAYER_reset_write_sequence(&s->rlayer);
mac_secret = &(s->s3->write_mac_secret[0]);
}
if (reuse_dd)
EVP_CIPHER_CTX_reset(dd);
p = s->s3->tmp.key_block;
mdi = EVP_MD_size(m);
if (mdi < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}
i = mdi;
cl = EVP_CIPHER_key_length(c);
j = cl;
k = EVP_CIPHER_iv_length(c);
if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
(which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
ms = &(p[0]);
n = i + i;
key = &(p[n]);
n += j + j;
iv = &(p[n]);
n += k + k;
} else {
n = i;
ms = &(p[n]);
n += i + j;
key = &(p[n]);
n += j + k;
iv = &(p[n]);
n += k;
}
if (n > s->s3->tmp.key_block_length) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}
memcpy(mac_secret, ms, i);
if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}
OPENSSL_cleanse(exp_key, sizeof(exp_key));
OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return 1;
err:
OPENSSL_cleanse(exp_key, sizeof(exp_key));
OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return 0;
}
int tls1_change_cipher_state(SSL *s, int which)
{
static const unsigned char empty[]="";
unsigned char *p,*mac_secret;
unsigned char *exp_label;
unsigned char tmp1[EVP_MAX_KEY_LENGTH];
unsigned char tmp2[EVP_MAX_KEY_LENGTH];
unsigned char iv1[EVP_MAX_IV_LENGTH*2];
unsigned char iv2[EVP_MAX_IV_LENGTH*2];
unsigned char *ms,*key,*iv;
int client_write;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
#ifndef OPENSSL_NO_COMP
const SSL_COMP *comp;
#endif
const EVP_MD *m;
int mac_type;
int *mac_secret_size;
EVP_MD_CTX *mac_ctx;
EVP_PKEY *mac_key;
int is_export,n,i,j,k,exp_label_len,cl;
int reuse_dd = 0;
is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
mac_type = s->s3->tmp.new_mac_pkey_type;
#ifndef OPENSSL_NO_COMP
comp=s->s3->tmp.new_compression;
#endif
#ifdef KSSL_DEBUG
printf("tls1_change_cipher_state(which= %d) w/\n", which);
printf("\talg= %ld/%ld, comp= %p\n",
s->s3->tmp.new_cipher->algorithm_mkey,
s->s3->tmp.new_cipher->algorithm_auth,
comp);
printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
c->nid,c->block_size,c->key_len,c->iv_len);
printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
{
int i;
for (i=0; i<s->s3->tmp.key_block_length; i++)
printf("%02x", s->s3->tmp.key_block[i]); printf("\n");
}
#endif /* KSSL_DEBUG */
if (which & SSL3_CC_READ)
{
if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
else
s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
if (s->enc_read_ctx != NULL)
reuse_dd = 1;
else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
goto err;
else
/* make sure it's intialized in case we exit later with an error */
EVP_CIPHER_CTX_init(s->enc_read_ctx);
dd= s->enc_read_ctx;
mac_ctx=ssl_replace_hash(&s->read_hash,NULL);
#ifndef OPENSSL_NO_COMP
if (s->expand != NULL)
{
COMP_CTX_free(s->expand);
s->expand=NULL;
}
if (comp != NULL)
{
s->expand=COMP_CTX_new(comp->method);
if (s->expand == NULL)
{
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
if (s->s3->rrec.comp == NULL)
s->s3->rrec.comp=(unsigned char *)
OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
if (s->s3->rrec.comp == NULL)
goto err;
}
#endif
/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
if (s->version != DTLS1_VERSION)
memset(&(s->s3->read_sequence[0]),0,8);
mac_secret= &(s->s3->read_mac_secret[0]);
mac_secret_size=&(s->s3->read_mac_secret_size);
}
else
{
if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
else
s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
reuse_dd = 1;
else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
goto err;
dd= s->enc_write_ctx;
if (SSL_IS_DTLS(s))
{
mac_ctx = EVP_MD_CTX_create();
if (!mac_ctx)
goto err;
s->write_hash = mac_ctx;
}
else
mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
#ifndef OPENSSL_NO_COMP
if (s->compress != NULL)
{
COMP_CTX_free(s->compress);
s->compress=NULL;
}
if (comp != NULL)
{
s->compress=COMP_CTX_new(comp->method);
if (s->compress == NULL)
{
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
}
#endif
/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
if (s->version != DTLS1_VERSION)
memset(&(s->s3->write_sequence[0]),0,8);
mac_secret= &(s->s3->write_mac_secret[0]);
mac_secret_size = &(s->s3->write_mac_secret_size);
}
if (reuse_dd)
EVP_CIPHER_CTX_cleanup(dd);
p=s->s3->tmp.key_block;
i=*mac_secret_size=s->s3->tmp.new_mac_secret_size;
cl=EVP_CIPHER_key_length(c);
j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
/* If GCM mode only part of IV comes from PRF */
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
k = EVP_GCM_TLS_FIXED_IV_LEN;
else
k=EVP_CIPHER_iv_length(c);
if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
(which == SSL3_CHANGE_CIPHER_SERVER_READ))
{
ms= &(p[ 0]); n=i+i;
key= &(p[ n]); n+=j+j;
iv= &(p[ n]); n+=k+k;
exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
client_write=1;
}
else
{
n=i;
ms= &(p[ n]); n+=i+j;
key= &(p[ n]); n+=j+k;
iv= &(p[ n]); n+=k;
exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
client_write=0;
}
if (n > s->s3->tmp.key_block_length)
{
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
goto err2;
}
memcpy(mac_secret,ms,i);
if (!(EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER))
{
mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
mac_secret,*mac_secret_size);
EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key);
EVP_PKEY_free(mac_key);
}
#ifdef TLS_DEBUG
printf("which = %04X\nmac key=",which);
{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
#endif
if (is_export)
{
/* In here I set both the read and write key/iv to the
* same value since only the correct one will be used :-).
*/
if (!tls1_PRF(ssl_get_algorithm2(s),
exp_label,exp_label_len,
s->s3->client_random,SSL3_RANDOM_SIZE,
s->s3->server_random,SSL3_RANDOM_SIZE,
NULL,0,NULL,0,
key,j,tmp1,tmp2,EVP_CIPHER_key_length(c)))
goto err2;
key=tmp1;
if (k > 0)
{
if (!tls1_PRF(ssl_get_algorithm2(s),
TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
s->s3->client_random,SSL3_RANDOM_SIZE,
s->s3->server_random,SSL3_RANDOM_SIZE,
NULL,0,NULL,0,
empty,0,iv1,iv2,k*2))
goto err2;
if (client_write)
iv=iv1;
else
iv= &(iv1[k]);
}
}
s->session->key_arg_length=0;
#ifdef KSSL_DEBUG
{
int i;
printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
printf("\n");
printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
printf("\n");
}
#endif /* KSSL_DEBUG */
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
{
EVP_CipherInit_ex(dd,c,NULL,key,NULL,(which & SSL3_CC_WRITE));
EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv);
}
else
EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
/* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
if ((EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size)
EVP_CIPHER_CTX_ctrl(dd,EVP_CTRL_AEAD_SET_MAC_KEY,
*mac_secret_size,mac_secret);
#ifdef TLS_DEBUG
printf("which = %04X\nkey=",which);
{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
printf("\niv=");
{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
printf("\n");
#endif
OPENSSL_cleanse(tmp1,sizeof(tmp1));
OPENSSL_cleanse(tmp2,sizeof(tmp1));
OPENSSL_cleanse(iv1,sizeof(iv1));
OPENSSL_cleanse(iv2,sizeof(iv2));
return(1);
err:
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
err2:
return(0);
}
void init_encryption(struct encryption_ctx *ctx) {
ctx->status = STATUS_EMPTY;
ctx->ctx = EVP_CIPHER_CTX_new();
ctx->cipher = cipher;
}
int ssl3_change_cipher_state(SSL *s, int which)
{
unsigned char *p, *mac_secret;
unsigned char exp_key[EVP_MAX_KEY_LENGTH];
unsigned char exp_iv[EVP_MAX_IV_LENGTH];
unsigned char *ms, *key, *iv;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
#ifndef OPENSSL_NO_COMP
COMP_METHOD *comp;
#endif
const EVP_MD *m;
int n, i, j, k, cl;
int reuse_dd = 0;
c = s->s3->tmp.new_sym_enc;
m = s->s3->tmp.new_hash;
/* m == NULL will lead to a crash later */
OPENSSL_assert(m);
#ifndef OPENSSL_NO_COMP
if (s->s3->tmp.new_compression == NULL)
comp = NULL;
else
comp = s->s3->tmp.new_compression->method;
#endif
if (which & SSL3_CC_READ) {
if (s->enc_read_ctx != NULL)
reuse_dd = 1;
else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL)
goto err;
else
/*
* make sure it's intialized in case we exit later with an error
*/
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
dd = s->enc_read_ctx;
if (ssl_replace_hash(&s->read_hash, m) == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
COMP_CTX_free(s->expand);
s->expand = NULL;
if (comp != NULL) {
s->expand = COMP_CTX_new(comp);
if (s->expand == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
if (!RECORD_LAYER_setup_comp_buffer(&s->rlayer))
goto err;
}
#endif
RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3->read_mac_secret[0]);
} else {
if (s->enc_write_ctx != NULL)
reuse_dd = 1;
else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL)
goto err;
else
/*
* make sure it's intialized in case we exit later with an error
*/
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
dd = s->enc_write_ctx;
if (ssl_replace_hash(&s->write_hash, m) == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
COMP_CTX_free(s->compress);
s->compress = NULL;
if (comp != NULL) {
s->compress = COMP_CTX_new(comp);
if (s->compress == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
}
#endif
RECORD_LAYER_reset_write_sequence(&s->rlayer);
mac_secret = &(s->s3->write_mac_secret[0]);
}
if (reuse_dd)
EVP_CIPHER_CTX_reset(dd);
p = s->s3->tmp.key_block;
i = EVP_MD_size(m);
if (i < 0)
goto err2;
cl = EVP_CIPHER_key_length(c);
j = cl;
k = EVP_CIPHER_iv_length(c);
if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
(which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
ms = &(p[0]);
n = i + i;
key = &(p[n]);
n += j + j;
iv = &(p[n]);
n += k + k;
} else {
n = i;
ms = &(p[n]);
n += i + j;
key = &(p[n]);
n += j + k;
iv = &(p[n]);
n += k;
}
if (n > s->s3->tmp.key_block_length) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
memcpy(mac_secret, ms, i);
EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE));
#ifdef OPENSSL_SSL_TRACE_CRYPTO
if (s->msg_callback) {
int wh = which & SSL3_CC_WRITE ?
TLS1_RT_CRYPTO_WRITE : TLS1_RT_CRYPTO_READ;
s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
mac_secret, EVP_MD_size(m), s, s->msg_callback_arg);
if (c->key_len)
s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
key, c->key_len, s, s->msg_callback_arg);
if (k) {
s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_IV,
iv, k, s, s->msg_callback_arg);
}
}
#endif
OPENSSL_cleanse(exp_key, sizeof(exp_key));
OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return (1);
err:
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
err2:
OPENSSL_cleanse(exp_key, sizeof(exp_key));
OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return (0);
}
static bool _cjose_jwe_encrypt_dat_a256gcm(
cjose_jwe_t *jwe,
const uint8_t *plaintext,
size_t plaintext_len,
cjose_err *err)
{
EVP_CIPHER_CTX *ctx = NULL;
if (NULL == plaintext)
{
CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG);
goto _cjose_jwe_encrypt_dat_fail;
}
// get A256GCM cipher
const EVP_CIPHER *cipher = EVP_aes_256_gcm();
if (NULL == cipher)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
// instantiate and initialize a new openssl cipher context
ctx = EVP_CIPHER_CTX_new();
if (NULL == ctx)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
EVP_CIPHER_CTX_init(ctx);
// initialize context for encryption using A256GCM cipher and CEK and IV
if (EVP_EncryptInit_ex(ctx, cipher, NULL, jwe->cek, jwe->part[2].raw) != 1)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
// we need the header in base64url encoding as input for encryption
if ((NULL == jwe->part[0].b64u) && (!cjose_base64url_encode(
(const uint8_t *)jwe->part[0].raw, jwe->part[0].raw_len,
&jwe->part[0].b64u, &jwe->part[0].b64u_len, err)))
{
goto _cjose_jwe_encrypt_dat_fail;
}
// set GCM mode AAD data (hdr_b64u) by setting "out" to NULL
int bytes_encrypted = 0;
if (EVP_EncryptUpdate(ctx,
NULL, &bytes_encrypted,
(unsigned char *)jwe->part[0].b64u,
jwe->part[0].b64u_len) != 1 ||
bytes_encrypted != jwe->part[0].b64u_len)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
// allocate buffer for the ciphertext
cjose_get_dealloc()(jwe->part[3].raw);
jwe->part[3].raw_len = plaintext_len;
if (!_cjose_jwe_malloc(jwe->part[3].raw_len, false, &jwe->part[3].raw, err))
{
goto _cjose_jwe_encrypt_dat_fail;
}
// encrypt entire plaintext to ciphertext buffer
if (EVP_EncryptUpdate(ctx,
jwe->part[3].raw, &bytes_encrypted,
plaintext, plaintext_len) != 1)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
jwe->part[3].raw_len = bytes_encrypted;
// finalize the encryption and set the ciphertext length to correct value
if (EVP_EncryptFinal_ex(ctx, NULL, &bytes_encrypted) != 1)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
// allocate buffer for the authentication tag
cjose_get_dealloc()(jwe->part[4].raw);
jwe->part[4].raw_len = 16;
if (!_cjose_jwe_malloc(jwe->part[4].raw_len, false, &jwe->part[4].raw, err))
{
goto _cjose_jwe_encrypt_dat_fail;
}
// get the GCM-mode authentication tag
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
jwe->part[4].raw_len, jwe->part[4].raw) != 1)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
EVP_CIPHER_CTX_free(ctx);
return true;
_cjose_jwe_encrypt_dat_fail:
if (NULL != ctx)
{
EVP_CIPHER_CTX_free(ctx);
}
return false;
}
static EVP_PKEY *do_PVK_body(const unsigned char **in,
unsigned int saltlen, unsigned int keylen,
pem_password_cb *cb, void *u)
{
EVP_PKEY *ret = NULL;
const unsigned char *p = *in;
unsigned int magic;
unsigned char *enctmp = NULL, *q;
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
if (saltlen) {
char psbuf[PEM_BUFSIZE];
unsigned char keybuf[20];
int enctmplen, inlen;
if (cb)
inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
if (inlen <= 0) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
goto err;
}
enctmp = OPENSSL_malloc(keylen + 8);
if (enctmp == NULL) {
PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!derive_pvk_key(keybuf, p, saltlen,
(unsigned char *)psbuf, inlen))
goto err;
p += saltlen;
/* Copy BLOBHEADER across, decrypt rest */
memcpy(enctmp, p, 8);
p += 8;
if (keylen < 8) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
goto err;
}
inlen = keylen - 8;
q = enctmp + 8;
if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto err;
if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
goto err;
if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
goto err;
magic = read_ledword((const unsigned char **)&q);
if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
q = enctmp + 8;
memset(keybuf + 5, 0, 11);
if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto err;
OPENSSL_cleanse(keybuf, 20);
if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
goto err;
if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
goto err;
magic = read_ledword((const unsigned char **)&q);
if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
goto err;
}
} else
OPENSSL_cleanse(keybuf, 20);
p = enctmp;
}
ret = b2i_PrivateKey(&p, keylen);
err:
EVP_CIPHER_CTX_free(cctx);
OPENSSL_free(enctmp);
return ret;
}
bool Wallet::readSecurityImage(const QString& inputFilePath, unsigned char** outputBufferPtr, int* outputBufferSize) {
unsigned char ivec[16];
unsigned char ckey[32];
initializeAESKeys(ivec, ckey, _salt);
// read encrypted file
QFile inputFile(inputFilePath);
if (!inputFile.exists()) {
qCDebug(commerce) << "cannot decrypt file" << inputFilePath << "it doesn't exist";
return false;
}
inputFile.open(QIODevice::ReadOnly | QIODevice::Text);
bool foundHeader = false;
bool foundFooter = false;
QByteArray base64EncryptedBuffer;
while (!inputFile.atEnd()) {
QString line(inputFile.readLine());
if (!foundHeader) {
foundHeader = (line == IMAGE_HEADER);
} else {
foundFooter = (line == IMAGE_FOOTER);
if (!foundFooter) {
base64EncryptedBuffer.append(line);
}
}
}
inputFile.close();
if (! (foundHeader && foundFooter)) {
qCDebug(commerce) << "couldn't parse" << inputFilePath << foundHeader << foundFooter;
return false;
}
// convert to bytes
auto encryptedBuffer = QByteArray::fromBase64(base64EncryptedBuffer);
// setup decrypted buffer
unsigned char* outputBuffer = new unsigned char[encryptedBuffer.size()];
int tempSize;
// TODO: add error handling
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
if (!EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, ckey, ivec)) {
qCDebug(commerce) << "decrypt init failure";
delete[] outputBuffer;
return false;
}
if (!EVP_DecryptUpdate(ctx, outputBuffer, &tempSize, (unsigned char*)encryptedBuffer.data(), encryptedBuffer.size())) {
qCDebug(commerce) << "decrypt update failure";
delete[] outputBuffer;
return false;
}
*outputBufferSize = tempSize;
if (!EVP_DecryptFinal_ex(ctx, outputBuffer + tempSize, &tempSize)) {
qCDebug(commerce) << "decrypt final failure";
delete[] outputBuffer;
return false;
}
EVP_CIPHER_CTX_free(ctx);
*outputBufferSize += tempSize;
*outputBufferPtr = outputBuffer;
qCDebug(commerce) << "decrypted buffer size" << *outputBufferSize;
return true;
}
int main(int argc, char *argv[])
{
unsigned char cipher_key[CIPHER_KEY_LEN];
unsigned char hmac_key[HMAC_KEY_LEN];
unsigned char md[HMAC_LEN];
unsigned char *ciphertext;
int ciphertext_len;
unsigned char *plaintext;
int plaintext_len;
int strength;
const EVP_CIPHER *cipher_type;
EVP_CIPHER_CTX *ctx;
FILE *fp;
int len;
int status;
long file_size;
if (argc < 5) {
fprintf(stderr, "dec -- decrypt jacs-format file\n");
fprintf(stderr, "usage: dec <alg> <password> <strength> <infile> [outfile]\n");
fprintf(stderr, "algs:\n");
fprintf(stderr, " PBKDF2-SHA1-AES256-HMAC-SHA256\n");
fprintf(stderr, "password : password or 'p' to prompt from stdin without echo\n");
fprintf(stderr, "strength : key derivation complexity\n");
fprintf(stderr, "infile : input file\n");
fprintf(stderr, "outfile : output file, defaults to stdout\n");
return 2;
}
#ifdef USE_MLOCK
/* For security, disable paging */
if (mlockall(MCL_CURRENT|MCL_FUTURE)) {
fprintf(stderr, "mlockall() failed\n");
return 1;
}
#endif
/* Initialise OpenSSL */
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
OPENSSL_config(NULL);
/* Get strength */
strength = atoi(argv[3]);
if (strength < 1 || strength > 31) {
fprintf(stderr, "strength must be between 1 and 31\n");
return 1;
}
/* Possibly read password from console */
if (!strcmp(argv[2], "p"))
argv[2] = getpass("Password:"******"PKCS5_PBKDF2_HMAC_SHA1 (cipher) failed\n");
return 1;
}
#if DEBUG
fprintf(stderr, "Cipher key: ");
dump_hex(cipher_key, sizeof(cipher_key));
fprintf(stderr, "\n");
#endif
/* Derive HMAC key */
status = PKCS5_PBKDF2_HMAC_SHA1(argv[2], strlen(argv[2]),
hmac_salt, sizeof(hmac_salt),
1<<strength,
HMAC_KEY_LEN, hmac_key);
if (!status) {
fprintf(stderr, "PKCS5_PBKDF2_HMAC_SHA1 (hmac) failed\n");
return 1;
}
#if DEBUG
fprintf(stderr, "HMAC key: ");
dump_hex(hmac_key, sizeof(hmac_key));
fprintf(stderr, "\n");
#endif
/* Load ciphertext file into memory */
fp = fopen(argv[4], "r");
if (!fp) {
fprintf(stderr, "cannot open input ciphertext file %s\n", argv[4]);
return 1;
}
if (fseek(fp, 0L, SEEK_END)) {
fprintf(stderr, "fseek failed\n");
return 1;
}
file_size = ftell(fp);
ciphertext_len = file_size;
if (file_size < 0 || file_size != (long)ciphertext_len) {
fprintf(stderr, "file too large\n");
return 1;
}
if (fseek(fp, 0L, SEEK_SET)) {
fprintf(stderr, "fseek failed\n");
return 1;
}
ciphertext = malloc(file_size);
plaintext = malloc(file_size);
if (!ciphertext || !plaintext) {
fprintf(stderr, "malloc failed\n");
return 1;
}
if (fread(ciphertext, 1, file_size, fp) != file_size) {
fprintf(stderr, "read error\n");
return 1;
}
if (fclose(fp)) {
fprintf(stderr, "close error\n");
return 1;
}
/* Verify file size */
if (file_size < IV_LEN + HMAC_LEN) {
fprintf(stderr, "ciphertext file is impossibly small\n");
return 1;
}
/* Verify HMAC */
{
unsigned int md_len = HMAC_LEN;
HMAC(EVP_sha256(), hmac_key, HMAC_KEY_LEN, ciphertext, ciphertext_len - HMAC_LEN, md, &md_len);
if (memcmp(md, ciphertext + ciphertext_len - HMAC_LEN, HMAC_LEN) || md_len != HMAC_LEN) {
fprintf(stderr, "HMAC FAILED\n");
return 1;
}
}
/* Get cipher type */
if (!strcmp(argv[1], "PBKDF2-SHA1-AES256-HMAC-SHA256")) {
cipher_type = EVP_aes_256_cbc();
} else {
fprintf(stderr, "cipher type '%s' not found\n", argv[1]);
return 1;
}
/* Decrypt */
if (!(ctx = EVP_CIPHER_CTX_new())) {
fprintf(stderr, "EVP_CIPHER_CTX_new failed\n");
return 1;
}
if (EVP_DecryptInit_ex(ctx, cipher_type, NULL, cipher_key, ciphertext) != 1) {
fprintf(stderr, "EVP_DecryptInit_ex failed\n");
return 1;
}
if (EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext + IV_LEN, ciphertext_len - IV_LEN - HMAC_LEN) != 1) {
fprintf(stderr, "EVP_DecryptUpdate failed\n");
return 1;
}
plaintext_len = len;
if (EVP_DecryptFinal_ex(ctx, plaintext + len, &len) != 1) {
fprintf(stderr, "EVP_DecryptFinal_ex failed\n");
return 1;
}
plaintext_len += len;
/* Write plaintext */
if (argc >= 6) {
/* to file */
fp = fopen(argv[5], "w");
if (!fp) {
fprintf(stderr, "cannot open output plaintext file %s\n", argv[4]);
return 1;
}
if (fwrite(plaintext, 1, plaintext_len, fp) != plaintext_len) {
fprintf(stderr, "write error\n");
return 1;
}
if (fclose(fp)) {
fprintf(stderr, "close error\n");
return 1;
}
} else {
/* to stdout */
if (fwrite(plaintext, 1, plaintext_len, stdout) != plaintext_len) {
fprintf(stderr, "write error\n");
return 1;
}
}
EVP_CIPHER_CTX_free(ctx);
free(ciphertext);
free(plaintext);
return 0;
}
static LUA_FUNCTION(openssl_evp_encrypt)
{
const EVP_CIPHER* cipher = NULL;
if (lua_istable(L, 1))
{
if (lua_getmetatable(L, 1) && lua_equal(L, 1, -1))
{
lua_pop(L, 1);
lua_remove(L, 1);
}
else
luaL_error(L, "call function with invalid state");
}
cipher = get_cipher(L, 1, NULL);
if (cipher)
{
size_t input_len = 0;
const char *input = luaL_checklstring(L, 2, &input_len);
size_t key_len = 0;
const char *key = luaL_optlstring(L, 3, NULL, &key_len); /* can be NULL */
size_t iv_len = 0;
const char *iv = luaL_optlstring(L, 4, NULL, &iv_len); /* can be NULL */
int pad = lua_isnoneornil(L, 5) ? 1 : lua_toboolean(L, 5);
ENGINE *e = lua_isnoneornil(L, 6) ? NULL : CHECK_OBJECT(6, ENGINE, "openssl.engine");
EVP_CIPHER_CTX *c = EVP_CIPHER_CTX_new();
int output_len = 0;
int len = 0;
char *buffer = NULL;
char evp_key[EVP_MAX_KEY_LENGTH] = {0};
char evp_iv[EVP_MAX_IV_LENGTH] = {0};
int ret = 0;
if (key)
{
key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH;
memcpy(evp_key, key, key_len);
}
if (iv_len > 0 && iv)
{
iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH;
memcpy(evp_iv, iv, iv_len);
}
EVP_CIPHER_CTX_init(c);
ret = EVP_EncryptInit_ex(c, cipher, e, (const byte*)evp_key, iv_len > 0 ? (const byte*)evp_iv : NULL);
if (ret == 1)
{
ret = EVP_CIPHER_CTX_set_padding(c, pad);
if (ret == 1)
{
buffer = OPENSSL_malloc(input_len + EVP_CIPHER_CTX_block_size(c));
ret = EVP_EncryptUpdate(c, (byte*) buffer, &len, (const byte*)input, input_len);
if ( ret == 1 )
{
output_len += len;
ret = EVP_EncryptFinal(c, (byte*)buffer + len, &len);
if (ret == 1)
{
output_len += len;
lua_pushlstring(L, buffer, output_len);
}
}
OPENSSL_free(buffer);
}
}
EVP_CIPHER_CTX_cleanup(c);
EVP_CIPHER_CTX_free(c);
return (ret == 1) ? ret : openssl_pushresult(L, ret);
}
else
luaL_error(L, "argument #1 is not a valid cipher algorithm or openssl.evp_cipher object");
return 0;
}
ARC4::ARC4(uint32 len) : m_ctx(EVP_CIPHER_CTX_new())
{
EVP_CIPHER_CTX_init(m_ctx);
EVP_EncryptInit_ex(m_ctx, EVP_rc4(), nullptr, nullptr, nullptr);
EVP_CIPHER_CTX_set_key_length(m_ctx, len);
}
static bool
alg_wrap_unw(const jose_hook_alg_t *alg, jose_cfg_t *cfg, const json_t *jwe,
const json_t *rcp, const json_t *jwk, json_t *cek)
{
const EVP_CIPHER *cph = NULL;
EVP_CIPHER_CTX *ecc = NULL;
bool ret = false;
size_t ctl = 0;
size_t ptl = 0;
int len = 0;
switch (str2enum(alg->name, NAMES, NULL)) {
case 0: cph = EVP_aes_128_wrap(); break;
case 1: cph = EVP_aes_192_wrap(); break;
case 2: cph = EVP_aes_256_wrap(); break;
default: return NULL;
}
uint8_t ky[EVP_CIPHER_key_length(cph)];
uint8_t iv[EVP_CIPHER_iv_length(cph)];
uint8_t ct[KEYMAX + EVP_CIPHER_block_size(cph) * 2];
uint8_t pt[sizeof(ct)];
memset(iv, 0xA6, sizeof(iv));
if (jose_b64_dec(json_object_get(jwk, "k"), NULL, 0) != sizeof(ky))
goto egress;
if (jose_b64_dec(json_object_get(jwk, "k"), ky, sizeof(ky)) != sizeof(ky))
goto egress;
ctl = jose_b64_dec(json_object_get(rcp, "encrypted_key"), NULL, 0);
if (ctl > sizeof(ct))
goto egress;
if (jose_b64_dec(json_object_get(rcp, "encrypted_key"), ct, ctl) != ctl)
goto egress;
ecc = EVP_CIPHER_CTX_new();
if (!ecc)
goto egress;
EVP_CIPHER_CTX_set_flags(ecc, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
if (EVP_DecryptInit_ex(ecc, cph, NULL, ky, iv) <= 0)
goto egress;
if (EVP_DecryptUpdate(ecc, pt, &len, ct, ctl) <= 0)
goto egress;
ptl = len;
if (EVP_DecryptFinal(ecc, &pt[len], &len) <= 0)
goto egress;
ptl += len;
ret = json_object_set_new(cek, "k", jose_b64_enc(pt, ptl)) == 0;
egress:
OPENSSL_cleanse(ky, sizeof(ky));
OPENSSL_cleanse(pt, sizeof(pt));
EVP_CIPHER_CTX_free(ecc);
return ret;
}
static void evp_cipher_init(struct ssh_cipher_struct *cipher) {
if (cipher->ctx == NULL) {
cipher->ctx = EVP_CIPHER_CTX_new();
}
switch(cipher->ciphertype){
case SSH_AES128_CBC:
cipher->cipher = EVP_aes_128_cbc();
break;
case SSH_AES192_CBC:
cipher->cipher = EVP_aes_192_cbc();
break;
case SSH_AES256_CBC:
cipher->cipher = EVP_aes_256_cbc();
break;
#ifdef HAVE_OPENSSL_EVP_AES_CTR
case SSH_AES128_CTR:
cipher->cipher = EVP_aes_128_ctr();
break;
case SSH_AES192_CTR:
cipher->cipher = EVP_aes_192_ctr();
break;
case SSH_AES256_CTR:
cipher->cipher = EVP_aes_256_ctr();
break;
#else
case SSH_AES128_CTR:
case SSH_AES192_CTR:
case SSH_AES256_CTR:
SSH_LOG(SSH_LOG_WARNING, "This cipher is not available in evp_cipher_init");
break;
#endif
#ifdef HAVE_OPENSSL_EVP_AES_GCM
case SSH_AEAD_AES128_GCM:
cipher->cipher = EVP_aes_128_gcm();
break;
case SSH_AEAD_AES256_GCM:
cipher->cipher = EVP_aes_256_gcm();
break;
#else
case SSH_AEAD_AES128_GCM:
case SSH_AEAD_AES256_GCM:
SSH_LOG(SSH_LOG_WARNING, "This cipher is not available in evp_cipher_init");
break;
#endif /* HAVE_OPENSSL_EVP_AES_GCM */
case SSH_3DES_CBC:
cipher->cipher = EVP_des_ede3_cbc();
break;
#ifdef WITH_BLOWFISH_CIPHER
case SSH_BLOWFISH_CBC:
cipher->cipher = EVP_bf_cbc();
break;
/* ciphers not using EVP */
#endif
case SSH_AEAD_CHACHA20_POLY1305:
SSH_LOG(SSH_LOG_WARNING, "The ChaCha cipher cannot be handled here");
break;
case SSH_NO_CIPHER:
SSH_LOG(SSH_LOG_WARNING, "No valid ciphertype found");
break;
}
}
int tls13_change_cipher_state(SSL *s, int which)
{
static const unsigned char client_handshake_traffic[] =
"client handshake traffic secret";
static const unsigned char client_application_traffic[] =
"client application traffic secret";
static const unsigned char server_handshake_traffic[] =
"server handshake traffic secret";
static const unsigned char server_application_traffic[] =
"server application traffic secret";
unsigned char key[EVP_MAX_KEY_LENGTH];
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char secret[EVP_MAX_MD_SIZE];
unsigned char *insecret;
unsigned char *finsecret = NULL;
EVP_CIPHER_CTX *ciph_ctx;
const EVP_CIPHER *ciph = s->s3->tmp.new_sym_enc;
size_t ivlen, keylen, finsecretlen = 0;
const unsigned char *label;
size_t labellen;
int ret = 0;
if (which & SSL3_CC_READ) {
if (s->enc_read_ctx != NULL) {
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
} else {
s->enc_read_ctx = EVP_CIPHER_CTX_new();
if (s->enc_read_ctx == NULL) {
SSLerr(SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
goto err;
}
}
ciph_ctx = s->enc_read_ctx;
RECORD_LAYER_reset_read_sequence(&s->rlayer);
} else {
if (s->enc_write_ctx != NULL) {
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
} else {
s->enc_write_ctx = EVP_CIPHER_CTX_new();
if (s->enc_write_ctx == NULL) {
SSLerr(SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
goto err;
}
}
ciph_ctx = s->enc_write_ctx;
RECORD_LAYER_reset_write_sequence(&s->rlayer);
}
if (((which & SSL3_CC_CLIENT) && (which & SSL3_CC_WRITE))
|| ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) {
if (which & SSL3_CC_HANDSHAKE) {
insecret = s->handshake_secret;
finsecret = s->client_finished_secret;
finsecretlen = sizeof(s->client_finished_secret);
label = client_handshake_traffic;
labellen = sizeof(client_handshake_traffic) - 1;
} else {
insecret = s->session->master_key;
label = client_application_traffic;
labellen = sizeof(client_application_traffic) - 1;
}
} else {
if (which & SSL3_CC_HANDSHAKE) {
insecret = s->handshake_secret;
finsecret = s->server_finished_secret;
finsecretlen = sizeof(s->server_finished_secret);
label = server_handshake_traffic;
labellen = sizeof(server_handshake_traffic) - 1;
} else {
insecret = s->session->master_key;
label = server_application_traffic;
labellen = sizeof(server_application_traffic) - 1;
}
}
if (!tls13_derive_secret(s, insecret, label, labellen, secret)) {
SSLerr(SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err;
}
/* TODO(size_t): convert me */
keylen = EVP_CIPHER_key_length(ciph);
if (EVP_CIPHER_mode(ciph) == EVP_CIPH_GCM_MODE)
ivlen = EVP_GCM_TLS_FIXED_IV_LEN;
else if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE)
ivlen = EVP_CCM_TLS_FIXED_IV_LEN;
else
ivlen = EVP_CIPHER_iv_length(ciph);
if (!tls13_derive_key(s, secret, key, keylen)
|| !tls13_derive_iv(s, secret, iv, ivlen)
|| (finsecret != NULL && !tls13_derive_finishedkey(s, secret,
finsecret,
finsecretlen))) {
SSLerr(SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err;
}
if (EVP_CIPHER_mode(ciph) == EVP_CIPH_GCM_MODE) {
if (!EVP_CipherInit_ex(ciph_ctx, ciph, NULL, key, NULL,
(which & SSL3_CC_WRITE))
|| !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_GCM_SET_IV_FIXED,
(int)ivlen, iv)) {
SSLerr(SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_EVP_LIB);
goto err;
}
} else if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE) {
int taglen;
if (s->s3->tmp.new_cipher->algorithm_enc
& (SSL_AES128CCM8 | SSL_AES256CCM8))
taglen = 8;
else
taglen = 16;
if (!EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL,
(which & SSL3_CC_WRITE))
|| !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, 12,
NULL)
|| !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, taglen,
NULL)
|| !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_CCM_SET_IV_FIXED,
(int)ivlen, iv)
|| !EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1)) {
SSLerr(SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_EVP_LIB);
goto err;
}
} else {
if (!EVP_CipherInit_ex(ciph_ctx, ciph, NULL, key, iv,
(which & SSL3_CC_WRITE))) {
SSLerr(SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_EVP_LIB);
goto err;
}
}
#ifdef OPENSSL_SSL_TRACE_CRYPTO
if (s->msg_callback) {
int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0;
if (ciph->key_len)
s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
key, ciph->key_len, s, s->msg_callback_arg);
if (ivlen) {
if (EVP_CIPHER_mode(ciph) == EVP_CIPH_GCM_MODE)
wh |= TLS1_RT_CRYPTO_FIXED_IV;
else
wh |= TLS1_RT_CRYPTO_IV;
s->msg_callback(2, s->version, wh, iv, ivlen, s,
s->msg_callback_arg);
}
}
#endif
ret = 1;
err:
OPENSSL_cleanse(secret, sizeof(secret));
OPENSSL_cleanse(key, sizeof(key));
OPENSSL_cleanse(iv, sizeof(iv));
return ret;
}
int Encrypt(char **cipher, const char *plain, int plen, unsigned char *aesKey, unsigned char *aesIV){
EVP_CIPHER_CTX *ctx;
unsigned char *cipher_tmp = { 0 };
int len = 0, cipherTextLen = 0;
if (!(ctx = EVP_CIPHER_CTX_new())) {
return 0;
}
if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, aesKey, aesIV)) {
if (ctx) EVP_CIPHER_CTX_free(ctx);
return 0;
}
cipher_tmp = (unsigned char *)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, plen + 16);
if (cipher_tmp == NULL) {
if (ctx) EVP_CIPHER_CTX_free(ctx);
return 0;
}
if (1 != EVP_EncryptUpdate(ctx, cipher_tmp, &len, plain, plen - 1)) {
if (ctx) EVP_CIPHER_CTX_free(ctx);
if (cipher_tmp) {
HeapFree(GetProcessHeap(), 0, cipher_tmp);
cipher_tmp = NULL;
}
return 0;
}
cipherTextLen = len;
if (1 != EVP_EncryptFinal_ex(ctx, cipher_tmp + len, &len)) {
if (ctx) EVP_CIPHER_CTX_free(ctx);
if (cipher_tmp) {
HeapFree(GetProcessHeap(), 0, cipher_tmp);
cipher_tmp = NULL;
}
return 0;
}
cipherTextLen += len;
if (ctx) EVP_CIPHER_CTX_free(ctx);
if (cipherTextLen <= 0) {
if (cipher_tmp) {
HeapFree(GetProcessHeap(), 0, cipher_tmp);
cipher_tmp = NULL;
}
return 0;
}
cipher_tmp[cipherTextLen] = '\0';
if ((cipherTextLen = Base64Encode(cipher, cipher_tmp, cipherTextLen + 1)) <= 0){
if (cipher_tmp) {
HeapFree(GetProcessHeap(), 0, cipher_tmp);
cipher_tmp = NULL;
}
return 0;
}
if (cipher_tmp) {
HeapFree(GetProcessHeap(), 0, cipher_tmp);
cipher_tmp = NULL;
}
return cipherTextLen;
}
/** Decrypt an AES-128-CBC encrypted attribute
*
* @param[in] ctx to allocate decr buffer in.
* @param[out] out where to write pointer to decr buffer.
* @param[in] data to decrypt.
* @param[in] attr_len length of encrypted data.
* @param[in] data_len length of data remaining in the packet.
* @param[in] decoder_ctx containing keys, and the IV (if we already found it).
* @return
* - Number of decr bytes decrypted on success.
* - < 0 on failure.
*/
static ssize_t sim_value_decrypt(TALLOC_CTX *ctx, uint8_t **out,
uint8_t const *data, size_t const attr_len, size_t const data_len,
void *decoder_ctx)
{
fr_sim_decode_ctx_t *packet_ctx = decoder_ctx;
EVP_CIPHER_CTX *evp_ctx;
EVP_CIPHER const *evp_cipher = EVP_aes_128_cbc();
size_t block_size = EVP_CIPHER_block_size(evp_cipher);
size_t len = 0, decr_len = 0;
uint8_t *decr = NULL;
if (!fr_cond_assert(attr_len <= data_len)) return -1;
FR_PROTO_HEX_DUMP(data, attr_len, "ciphertext");
/*
* Encrypted values must be a multiple of 16.
*
* There's a padding attribute to ensure they
* always can be...
*/
if (attr_len % block_size) {
fr_strerror_printf("%s: Encrypted attribute is not a multiple of cipher's block size (%zu)",
__FUNCTION__, block_size);
return -1;
}
/*
* Ugh, now we have to go hunting for it....
*/
if (!packet_ctx->have_iv) {
uint8_t const *p = data + attr_len; /* Skip to the end of packet_ctx attribute */
uint8_t const *end = data + data_len;
while ((size_t)(end - p) >= sizeof(uint32_t)) {
uint8_t sim_at = p[0];
size_t sim_at_len = p[1] * sizeof(uint32_t);
if (sim_at_len == 0) {
fr_strerror_printf("%s: Failed IV search. AT Length field is zero", __FUNCTION__);
return -1;
}
if ((p + sim_at_len) > end) {
fr_strerror_printf("%s: Invalid IV length, longer than remaining data", __FUNCTION__);
return -1;
}
if (sim_at == FR_SIM_IV) {
if (sim_iv_extract(&(packet_ctx->iv[0]), p + 2, sim_at_len - 2) < 0) return -1;
packet_ctx->have_iv = true;
break;
}
p += sim_at_len;
}
if (!packet_ctx->have_iv) {
fr_strerror_printf("%s: No IV present in packet, can't decrypt data", __FUNCTION__);
return -1;
}
}
evp_ctx = EVP_CIPHER_CTX_new();
if (!evp_ctx) {
tls_strerror_printf("%s: Failed initialising EVP ctx", __FUNCTION__);
return -1;
}
if (!EVP_DecryptInit_ex(evp_ctx, evp_cipher, NULL, packet_ctx->keys->k_encr, packet_ctx->iv)) {
tls_strerror_printf("%s: Failed setting decryption parameters", __FUNCTION__);
error:
talloc_free(decr);
EVP_CIPHER_CTX_free(evp_ctx);
return -1;
}
MEM(decr = talloc_zero_array(ctx, uint8_t, attr_len));
/*
* By default OpenSSL expects 16 bytes of cleartext
* to produce 32 bytes of ciphertext, due to padding
* being added if the decr is a multiple of 16.
*
* There's no way for OpenSSL to determine if a
* 16 byte ciphertext was padded or not, so we need to
* inform OpenSSL explicitly that there's no padding.
*/
EVP_CIPHER_CTX_set_padding(evp_ctx, 0);
if (!EVP_DecryptUpdate(evp_ctx, decr, (int *)&len, data, attr_len)) {
tls_strerror_printf("%s: Failed decrypting attribute", __FUNCTION__);
goto error;
}
decr_len = len;
if (!EVP_DecryptFinal_ex(evp_ctx, decr + decr_len, (int *)&len)) {
tls_strerror_printf("%s: Failed decrypting attribute", __FUNCTION__);
goto error;
}
decr_len += len;
EVP_CIPHER_CTX_free(evp_ctx);
/*
* Note: packet_ctx implicitly validates the length of the padding
* attribute (if present), so we don't have to do it later.
*/
if (decr_len % block_size) {
fr_strerror_printf("%s: Expected decrypted value length to be multiple of %zu, got %zu",
__FUNCTION__, block_size, decr_len);
goto error;
}
/*
* Ciphertext should be same length as plaintext.
*/
if (unlikely(attr_len != decr_len)) {
fr_strerror_printf("%s: Invalid plaintext length, expected %zu, got %zu",
__FUNCTION__, attr_len, decr_len);
goto error;
}
FR_PROTO_TRACE("decryption successful, got %zu bytes of cleartext", decr_len);
FR_PROTO_HEX_DUMP(decr, decr_len, "cleartext");
*out = decr;
return decr_len;
}
int Decrypt(char **plain, const char *cipher, int clen, unsigned char *aesKey, unsigned char *aesIV){
EVP_CIPHER_CTX *ctx;
int len = 0, b64DecodedLen = 0, plainTextLen = 0, retValue = 0;
unsigned char *plain_tmp = { 0 };
b64DecodedLen = Base64Decode(&plain_tmp, cipher);
if (b64DecodedLen == 0) return 0;
if (!(ctx = EVP_CIPHER_CTX_new())) {
if (plain_tmp) {
HeapFree(GetProcessHeap(), 0, plain_tmp);
plain_tmp = NULL;
}
return 0;
}
if (1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, aesKey, aesIV)){
if (ctx) EVP_CIPHER_CTX_free(ctx);
if (plain_tmp) {
HeapFree(GetProcessHeap(), 0, plain_tmp);
plain_tmp = NULL;
}
return 0;
}
*plain = (char*)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, b64DecodedLen);
if (*plain == NULL) return 0;
if (1 != EVP_DecryptUpdate(ctx, *plain, &len, plain_tmp, b64DecodedLen - 1)){
if (ctx) EVP_CIPHER_CTX_free(ctx);
if (plain_tmp) {
HeapFree(GetProcessHeap(), 0, plain_tmp);
plain_tmp = NULL;
}
if (plain) {
HeapFree(GetProcessHeap(), 0, plain);
plain = NULL;
}
return 0;
}
if (plain_tmp) {
HeapFree(GetProcessHeap(), 0, plain_tmp);
plain_tmp = NULL;
}
plainTextLen = len;
if (1 != EVP_DecryptFinal_ex(ctx, *plain + len, &len)){
if (ctx) EVP_CIPHER_CTX_free(ctx);
if (plain) {
HeapFree(GetProcessHeap(), 0, plain);
plain = NULL;
}
return 0;
}
plainTextLen += len;
retValue = plainTextLen;
*(*plain + plainTextLen) = '\0';
if (ctx) EVP_CIPHER_CTX_free(ctx);
return retValue;
}
jdoubleArray Java_de_blinkt_openvpn_core_NativeUtils_getOpenSSLSpeed(JNIEnv* env, jclass thiz, jstring algorithm, jint testnumber)
{
static const unsigned char key16[16] = {
0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
};
const EVP_CIPHER *evp_cipher = NULL;
const char* alg = (*env)->GetStringUTFChars( env, algorithm , NULL ) ;
evp_cipher = EVP_get_cipherbyname(alg);
if (evp_cipher == NULL)
evp_md = EVP_get_digestbyname(alg);
if (evp_cipher == NULL && evp_md == NULL) {
// BIO_printf(bio_err, "%s: %s is an unknown cipher or digest\n", prog, opt_arg());
//jniThrowException(env, "java/security/NoSuchAlgorithmException", "Algorithm not found");
return NULL;
}
const char* name;
loopargs_t *loopargs = NULL;
int loopargs_len = 1;
int async_jobs=0;
loopargs = malloc(loopargs_len * sizeof(loopargs_t));
memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
jdoubleArray ret = (*env)->NewDoubleArray(env, 3);
if (testnum < 0 || testnum >= SIZE_NUM)
return NULL;
testnum = testnumber;
for (int i = 0; i < loopargs_len; i++) {
int misalign=0;
loopargs[i].buf_malloc = malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1);
loopargs[i].buf2_malloc = malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1);
/* Align the start of buffers on a 64 byte boundary */
loopargs[i].buf = loopargs[i].buf_malloc + misalign;
loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
}
int count;
float d;
if (evp_cipher) {
name = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
/*
* -O3 -fschedule-insns messes up an optimization here!
* names[D_EVP] somehow becomes NULL
*/
for (int k = 0; k < loopargs_len; k++) {
loopargs[k].ctx = EVP_CIPHER_CTX_new();
if (decrypt)
EVP_DecryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv);
else
EVP_EncryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv);
EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
}
Time_F(START);
pthread_t timer_thread;
if (pthread_create(&timer_thread, NULL, stop_run, NULL))
return NULL;
count = run_benchmark(async_jobs, EVP_Update_loop, loopargs);
d = Time_F(STOP);
for (int k = 0; k < loopargs_len; k++) {
EVP_CIPHER_CTX_free(loopargs[k].ctx);
}
}
if (evp_md) {
name = OBJ_nid2ln(EVP_MD_type(evp_md));
// print_message(names[D_EVP], save_count, lengths[testnum]);
pthread_t timer_thread;
if (pthread_create(&timer_thread, NULL, stop_run, NULL))
return NULL;
Time_F(START);
count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs);
d = Time_F(STOP);
}
// Save results in hacky way
double results[] = {(double) lengths[testnum], (double) count, d};
(*env)->SetDoubleArrayRegion(env, ret, 0, 3, results);
// print_result(D_EVP, testnum, count, d);
return ret;
}
static bool _cjose_jwe_decrypt_dat_a256gcm(
cjose_jwe_t *jwe,
cjose_err *err)
{
EVP_CIPHER_CTX *ctx = NULL;
// get A256GCM cipher
const EVP_CIPHER *cipher = EVP_aes_256_gcm();
if (NULL == cipher)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_decrypt_dat_a256gcm_fail;
}
// instantiate and initialize a new openssl cipher context
ctx = EVP_CIPHER_CTX_new();
if (NULL == ctx)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_decrypt_dat_a256gcm_fail;
}
EVP_CIPHER_CTX_init(ctx);
// initialize context for decryption using A256GCM cipher and CEK and IV
if (EVP_DecryptInit_ex(ctx, cipher, NULL, jwe->cek, jwe->part[2].raw) != 1)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_decrypt_dat_a256gcm_fail;
}
// set the expected GCM-mode authentication tag
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
jwe->part[4].raw_len, jwe->part[4].raw) != 1)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_decrypt_dat_a256gcm_fail;
}
// set GCM mode AAD data (hdr_b64u) by setting "out" to NULL
int bytes_decrypted = 0;
if (EVP_DecryptUpdate(ctx,
NULL, &bytes_decrypted,
(unsigned char *)jwe->part[0].b64u,
jwe->part[0].b64u_len) != 1 ||
bytes_decrypted != jwe->part[0].b64u_len)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_decrypt_dat_a256gcm_fail;
}
// allocate buffer for the plaintext
cjose_get_dealloc()(jwe->dat);
jwe->dat_len = jwe->part[3].raw_len;
if (!_cjose_jwe_malloc(jwe->dat_len, false, &jwe->dat, err))
{
goto _cjose_jwe_decrypt_dat_a256gcm_fail;
}
// decrypt ciphertext to plaintext buffer
if (EVP_DecryptUpdate(ctx,
jwe->dat, &bytes_decrypted,
jwe->part[3].raw, jwe->part[3].raw_len) != 1)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_decrypt_dat_a256gcm_fail;
}
jwe->dat_len = bytes_decrypted;
// finalize the encryption
if (EVP_DecryptFinal_ex(ctx, NULL, &bytes_decrypted) != 1)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_decrypt_dat_a256gcm_fail;
}
EVP_CIPHER_CTX_free(ctx);
return true;
_cjose_jwe_decrypt_dat_a256gcm_fail:
if (NULL != ctx)
{
EVP_CIPHER_CTX_free(ctx);
}
return false;
}
int main(void) {
EVP_CIPHER_CTX *ctx = NULL;
unsigned char key[16];
unsigned char iv[12];
unsigned char tag[16];
unsigned char data[128];
unsigned char ori_msg[128];
unsigned char enc_msg[128+16];
unsigned char dec_msg[128];
int r, len, enc_msg_len, dec_msg_len;
const EVP_CIPHER* cipher = NULL;
ERR_load_CRYPTO_strings();
OPENSSL_add_all_algorithms_noconf();
r = RAND_bytes(key, sizeof(key));
assert(r == 1);
r = RAND_bytes(iv, sizeof(iv));
assert(r == 1);
r = RAND_pseudo_bytes(data, sizeof(data));
assert(r == 1);
r = RAND_pseudo_bytes(ori_msg, sizeof(ori_msg));
assert(r == 1);
r = RAND_pseudo_bytes(enc_msg, sizeof(enc_msg));
assert(r == 1);
cipher = EVP_aes_128_gcm();
ctx = EVP_CIPHER_CTX_new();
assert(ctx);
EVP_CIPHER_CTX_init(ctx);
len = EVP_CIPHER_key_length(cipher);
assert(len == sizeof(key));
len = EVP_CIPHER_iv_length(cipher);
assert(len == sizeof(iv));
r = EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv);
assert(r == 1);
r = EVP_EncryptUpdate(ctx, NULL, &enc_msg_len, data, sizeof(data));
assert(r == 1);
r = EVP_EncryptUpdate(ctx, enc_msg, &enc_msg_len, ori_msg, sizeof(ori_msg));
assert(r == 1);
assert(enc_msg_len == sizeof(ori_msg));
r = EVP_EncryptFinal_ex(ctx, enc_msg + enc_msg_len, &len);
assert(r == 1);
assert(len == 0);
r = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, sizeof(tag), tag);
assert(r == 1);
r = EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv);
assert(r == 1);
r = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof(tag), tag);
assert(r == 1);
r = EVP_DecryptUpdate(ctx, NULL, &dec_msg_len, data, sizeof(data));
assert(r == 1);
r = EVP_DecryptUpdate(ctx, dec_msg, &dec_msg_len, enc_msg, enc_msg_len);
assert(r == 1);
assert(dec_msg_len == enc_msg_len);
r = EVP_DecryptFinal_ex(ctx, dec_msg + dec_msg_len, &len);
assert(r == 1);
assert(len == 0);
assert(memcmp(ori_msg, dec_msg, dec_msg_len) == 0);
EVP_CIPHER_CTX_free(ctx);
puts("OK!");
return 0;
}
static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
pem_password_cb *cb, void *u)
{
int outlen = 24, pklen;
unsigned char *p, *salt = NULL;
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
if (enclevel)
outlen += PVK_SALTLEN;
pklen = do_i2b(NULL, pk, 0);
if (pklen < 0)
return -1;
outlen += pklen;
if (!out)
return outlen;
if (*out)
p = *out;
else {
p = OPENSSL_malloc(outlen);
if (p == NULL) {
PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
return -1;
}
*out = p;
}
write_ledword(&p, MS_PVKMAGIC);
write_ledword(&p, 0);
if (EVP_PKEY_id(pk) == EVP_PKEY_DSA)
write_ledword(&p, MS_KEYTYPE_SIGN);
else
write_ledword(&p, MS_KEYTYPE_KEYX);
write_ledword(&p, enclevel ? 1 : 0);
write_ledword(&p, enclevel ? PVK_SALTLEN : 0);
write_ledword(&p, pklen);
if (enclevel) {
if (RAND_bytes(p, PVK_SALTLEN) <= 0)
goto error;
salt = p;
p += PVK_SALTLEN;
}
do_i2b(&p, pk, 0);
if (enclevel == 0)
return outlen;
else {
char psbuf[PEM_BUFSIZE];
unsigned char keybuf[20];
int enctmplen, inlen;
if (cb)
inlen = cb(psbuf, PEM_BUFSIZE, 1, u);
else
inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u);
if (inlen <= 0) {
PEMerr(PEM_F_I2B_PVK, PEM_R_BAD_PASSWORD_READ);
goto error;
}
if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
(unsigned char *)psbuf, inlen))
goto error;
if (enclevel == 1)
memset(keybuf + 5, 0, 11);
p = salt + PVK_SALTLEN + 8;
if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto error;
OPENSSL_cleanse(keybuf, 20);
if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
goto error;
if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))
goto error;
}
EVP_CIPHER_CTX_free(cctx);
return outlen;
error:
EVP_CIPHER_CTX_free(cctx);
return -1;
}
X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
const unsigned char *salt, int saltlen,
unsigned char *aiv, uint64_t N, uint64_t r,
uint64_t p)
{
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
int alg_nid;
size_t keylen = 0;
EVP_CIPHER_CTX *ctx = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
PBE2PARAM *pbe2 = NULL;
ASN1_OBJECT *obj;
if (!cipher) {
ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_PASSED_NULL_PARAMETER);
goto err;
}
if (EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) {
ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
ASN1_R_INVALID_SCRYPT_PARAMETERS);
goto err;
}
alg_nid = EVP_CIPHER_type(cipher);
if (alg_nid == NID_undef) {
ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
goto err;
}
obj = OBJ_nid2obj(alg_nid);
pbe2 = PBE2PARAM_new();
if (pbe2 == NULL)
goto merr;
/* Setup the AlgorithmIdentifier for the encryption scheme */
scheme = pbe2->encryption;
scheme->algorithm = obj;
scheme->parameter = ASN1_TYPE_new();
if (scheme->parameter == NULL)
goto merr;
/* Create random IV */
if (EVP_CIPHER_iv_length(cipher)) {
if (aiv)
memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
goto err;
}
ctx = EVP_CIPHER_CTX_new();
if (ctx == NULL)
goto merr;
/* Dummy cipherinit to just setup the IV */
if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0)
goto err;
if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {
ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
goto err;
}
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
/* If its RC2 then we'd better setup the key length */
if (alg_nid == NID_rc2_cbc)
keylen = EVP_CIPHER_key_length(cipher);
/* Setup keyfunc */
X509_ALGOR_free(pbe2->keyfunc);
pbe2->keyfunc = pkcs5_scrypt_set(salt, saltlen, keylen, N, r, p);
if (pbe2->keyfunc == NULL)
goto merr;
/* Now set up top level AlgorithmIdentifier */
ret = X509_ALGOR_new();
if (ret == NULL)
goto merr;
ret->algorithm = OBJ_nid2obj(NID_pbes2);
/* Encode PBE2PARAM into parameter */
if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2,
&ret->parameter) == NULL)
goto merr;
PBE2PARAM_free(pbe2);
pbe2 = NULL;
return ret;
merr:
ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_MALLOC_FAILURE);
err:
PBE2PARAM_free(pbe2);
X509_ALGOR_free(kalg);
X509_ALGOR_free(ret);
EVP_CIPHER_CTX_free(ctx);
return NULL;
}
static int test_tls13_encryption(void)
{
SSL_CTX *ctx = NULL;
SSL *s = NULL;
SSL3_RECORD rec;
unsigned char *key = NULL, *iv = NULL, *seq = NULL;
const EVP_CIPHER *ciph = EVP_aes_128_gcm();
int ret = 0;
size_t ivlen, ctr;
/*
* Encrypted TLSv1.3 records always have an outer content type of
* application data, and a record version of TLSv1.2.
*/
rec.data = NULL;
rec.type = SSL3_RT_APPLICATION_DATA;
rec.rec_version = TLS1_2_VERSION;
ctx = SSL_CTX_new(TLS_method());
if (!TEST_ptr(ctx)) {
TEST_info("Failed creating SSL_CTX");
goto err;
}
s = SSL_new(ctx);
if (!TEST_ptr(s)) {
TEST_info("Failed creating SSL");
goto err;
}
s->enc_read_ctx = EVP_CIPHER_CTX_new();
if (!TEST_ptr(s->enc_read_ctx))
goto err;
s->enc_write_ctx = EVP_CIPHER_CTX_new();
if (!TEST_ptr(s->enc_write_ctx))
goto err;
s->s3->tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES);
if (!TEST_ptr(s->s3->tmp.new_cipher)) {
TEST_info("Failed to find cipher");
goto err;
}
for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) {
/* Load the record */
ivlen = EVP_CIPHER_iv_length(ciph);
if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen,
RECORD_LAYER_get_read_sequence(&s->rlayer))) {
TEST_error("Failed loading key into EVP_CIPHER_CTX");
goto err;
}
/* Set up the read/write sequences */
memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer),
RECORD_LAYER_get_read_sequence(&s->rlayer), SEQ_NUM_SIZE);
memcpy(s->write_iv, s->read_iv, ivlen);
/* Load the key into the EVP_CIPHER_CTXs */
if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0
|| EVP_CipherInit_ex(s->enc_read_ctx, ciph, NULL, key, NULL, 0)
<= 0) {
TEST_error("Failed loading key into EVP_CIPHER_CTX\n");
goto err;
}
/* Encrypt it */
if (!TEST_size_t_eq(tls13_enc(s, &rec, 1, 1), 1)) {
TEST_info("Failed to encrypt record %zu", ctr);
goto err;
}
if (!TEST_true(test_record(&rec, &refdata[ctr], 1))) {
TEST_info("Record %zu encryption test failed", ctr);
goto err;
}
/* Decrypt it */
if (!TEST_int_eq(tls13_enc(s, &rec, 1, 0), 1)) {
TEST_info("Failed to decrypt record %zu", ctr);
goto err;
}
if (!TEST_true(test_record(&rec, &refdata[ctr], 0))) {
TEST_info("Record %zu decryption test failed", ctr);
goto err;
}
OPENSSL_free(rec.data);
OPENSSL_free(key);
OPENSSL_free(iv);
OPENSSL_free(seq);
rec.data = NULL;
key = NULL;
iv = NULL;
seq = NULL;
}
TEST_note("PASS: %zu records tested", ctr);
ret = 1;
err:
OPENSSL_free(rec.data);
OPENSSL_free(key);
OPENSSL_free(iv);
OPENSSL_free(seq);
SSL_free(s);
SSL_CTX_free(ctx);
return ret;
}
int decodeFile(const char* filenameOut, const char* filenameIn) {
int ret = 0;
int filenameSizeIn = strlen(filenameIn)*sizeof(char)+1;
int filenameSizeOut = strlen(filenameOut)*sizeof(char)+1;
char encFilename[filenameSizeIn];
char decFilename[filenameSizeOut];
strncpy(encFilename, filenameIn, filenameSizeIn);
encFilename[filenameSizeIn-1]=0;
strncpy(decFilename, filenameOut, filenameSizeOut);
decFilename[filenameSizeOut-1]=0;
EVP_CIPHER_CTX *d_ctx = EVP_CIPHER_CTX_new();
// unsigned char * key = new unsigned char[KEYSIZE];
// loadKey("key", key, KEYSIZE);
// unsigned char key[] = "01234567890123450123456789012345"; // 256-bit
// unsigned char iv[] = "01234567890123456";
FILE *enc_file, *dec_file;
printf("dec filename: %s\n", decFilename);
enc_file = fopen ( encFilename, "rb" );
dec_file = fopen ( decFilename, "wb" );
unsigned char *encData, *decData;
int decData_len = 0;
int len = 0;
int bytesread = 0;
/**
* DECRYPT
*/
//if (!( EVP_DecryptInit_ex(d_ctx, EVP_aes_256_cbc(), NULL, key, iv) )) {
if (!( EVP_DecryptInit_ex(d_ctx, EVP_aes_256_cbc(), NULL, cKeyBuffer, iv) )) {
ret = -1;
printf("ERROR: EVP_DECRYPTINIT_EX\n");
}
// go through file, and decrypt
if ( enc_file != NULL ) {
encData = new unsigned char[aes_blocksize];
decData = new unsigned char[aes_blocksize+EVP_CIPHER_CTX_block_size(d_ctx)]; // potential for output to be 16 bytes longer than original
printf( "Decoding file: %s\n", decFilename);
bytesread = fread(encData, 1, aes_blocksize, enc_file);
// read bytes from file, then send to cipher
while ( bytesread ) {
if (!(EVP_DecryptUpdate(d_ctx, decData, &len, encData, bytesread ))) {
ret = -1;
printf( "ERROR: EVP_DECRYPTUPDATE\n");
}
decData_len = len;
fwrite(decData, 1, decData_len, dec_file );
// read more bytes
bytesread = fread(encData, 1, aes_blocksize, enc_file);
}
// last step of decryption
if (!(EVP_DecryptFinal_ex(d_ctx, decData, &len))) {
ret = -1;
printf( "ERROR: EVP_DECRYPTFINAL_EX\n");
}
decData_len = len;
fwrite(decData, 1, decData_len, dec_file );
// free cipher
EVP_CIPHER_CTX_free(d_ctx);
// close files
printf( "\t>>\n");
fclose(enc_file);
fclose(dec_file);
} else {
printf( "Unable to open files for encoding\n");
ret = -1;
return ret;
}
return ret;
}
int
cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,
int do_encrypt)
{
struct sshcipher_ctx *cc = NULL;
int ret = SSH_ERR_INTERNAL_ERROR;
#ifdef WITH_OPENSSL
const EVP_CIPHER *type;
int klen;
u_char *junk, *discard;
#endif
*ccp = NULL;
if ((cc = calloc(sizeof(*cc), 1)) == NULL)
return SSH_ERR_ALLOC_FAIL;
if (cipher->number == SSH_CIPHER_DES) {
if (keylen > 8)
keylen = 8;
}
cc->plaintext = (cipher->number == SSH_CIPHER_NONE);
cc->encrypt = do_encrypt;
if (keylen < cipher->key_len ||
(iv != NULL && ivlen < cipher_ivlen(cipher))) {
ret = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
cc->cipher = cipher;
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
ret = chachapoly_init(&cc->cp_ctx, key, keylen);
goto out;
}
#ifndef WITH_OPENSSL
if ((cc->cipher->flags & CFLAG_AESCTR) != 0) {
aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen);
aesctr_ivsetup(&cc->ac_ctx, iv);
ret = 0;
goto out;
}
if ((cc->cipher->flags & CFLAG_NONE) != 0) {
ret = 0;
goto out;
}
ret = SSH_ERR_INVALID_ARGUMENT;
goto out;
#else /* WITH_OPENSSL */
type = (*cipher->evptype)();
if ((cc->evp = EVP_CIPHER_CTX_new()) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
if (EVP_CipherInit(cc->evp, type, NULL, (const u_char *)iv,
(do_encrypt == CIPHER_ENCRYPT)) == 0) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
if (cipher_authlen(cipher) &&
!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
-1, __UNCONST(iv))) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
klen = EVP_CIPHER_CTX_key_length(cc->evp);
if (klen > 0 && keylen != (u_int)klen) {
if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
}
if (EVP_CipherInit(cc->evp, NULL, __UNCONST(key), NULL, -1) == 0) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
if (cipher->discard_len > 0) {
if ((junk = malloc(cipher->discard_len)) == NULL ||
(discard = malloc(cipher->discard_len)) == NULL) {
free(junk);
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
ret = EVP_Cipher(cc->evp, discard, junk, cipher->discard_len);
explicit_bzero(discard, cipher->discard_len);
free(junk);
free(discard);
if (ret != 1) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
}
ret = 0;
#endif /* WITH_OPENSSL */
out:
if (ret == 0) {
/* success */
*ccp = cc;
} else {
if (cc != NULL) {
#ifdef WITH_OPENSSL
if (cc->evp != NULL)
EVP_CIPHER_CTX_free(cc->evp);
#endif /* WITH_OPENSSL */
explicit_bzero(cc, sizeof(*cc));
free(cc);
}
}
return ret;
}
int encodeFile(const char* filenameOut, const char* filenameIn) {
int ret = 0;
int filenameInSize = strlen(filenameIn)*sizeof(char)+1;
int filenameOutSize = strlen(filenameOut)*sizeof(char)+1;
char filename[filenameInSize];
char encFilename[filenameOutSize];
// create key, if it's uninitialized
int seedbytes = 1024;
memset(cKeyBuffer, 0, KEYSIZE );
if (!opensslIsSeeded) {
if (!RAND_load_file("/dev/urandom", seedbytes)) {
//__android_log_print(ANDROID_LOG_ERROR, TAG, "Failed to seed OpenSSL RNG");
return -1;
}
opensslIsSeeded = 1;
}
if (!RAND_bytes((unsigned char *)cKeyBuffer, KEYSIZE )) {
//__android_log_print(ANDROID_LOG_ERROR, TAG, "Faled to create OpenSSSL random integers: %ul", ERR_get_error);
}
strncpy(encFilename, filenameOut, filenameOutSize);
encFilename[filenameOutSize-1]=0;
strncpy(filename, filenameIn, filenameInSize);
filename[filenameInSize-1]=0;
EVP_CIPHER_CTX *e_ctx = EVP_CIPHER_CTX_new();
// unsigned char * key = new unsigned char[KEYSIZE];
// loadKey("key", key, KEYSIZE);
// unsigned char key[] = "01234567890123450123456789012345"; // 256-bit
FILE *orig_file, *enc_file;
printf ("filename: %s\n" ,filename );
printf ("enc filename: %s\n" ,encFilename );
orig_file = fopen( filename, "rb" );
enc_file = fopen ( encFilename, "wb" );
unsigned char *encData, *origData;
int encData_len = 0;
int len = 0;
int bytesread = 0;
/**
* ENCRYPT
*/
//if (!(EVP_EncryptInit_ex(e_ctx, EVP_aes_256_cbc(), NULL, key, iv ))) {
if (!(EVP_EncryptInit_ex(e_ctx, EVP_aes_256_cbc(), NULL, cKeyBuffer, iv ))) {
ret = -1;
printf( "ERROR: EVP_ENCRYPTINIT_EX\n");
}
// go through file, and encrypt
if ( orig_file != NULL ) {
origData = new unsigned char[aes_blocksize];
encData = new unsigned char[aes_blocksize+EVP_CIPHER_CTX_block_size(e_ctx)]; // potential for encryption to be 16 bytes longer than original
printf( "Encoding file: %s\n", filename);
bytesread = fread(origData, 1, aes_blocksize, orig_file);
// read bytes from file, then send to cipher
while ( bytesread ) {
if (!(EVP_EncryptUpdate(e_ctx, encData, &len, origData, bytesread))) {
ret = -1;
printf( "ERROR: EVP_ENCRYPTUPDATE\n");
}
encData_len = len;
fwrite(encData, 1, encData_len, enc_file );
// read more bytes
bytesread = fread(origData, 1, aes_blocksize, orig_file);
}
// last step encryption
if (!(EVP_EncryptFinal_ex(e_ctx, encData, &len))) {
ret = -1;
printf( "ERROR: EVP_ENCRYPTFINAL_EX\n");
}
encData_len = len;
fwrite(encData, 1, encData_len, enc_file );
// free cipher
EVP_CIPHER_CTX_free(e_ctx);
// close files
printf( "\t>>\n");
fclose(orig_file);
fclose(enc_file);
} else {
printf( "Unable to open files for encoding\n");
ret = -1;
return ret;
}
return ret;
}
static int w_crypto_aes_encrypt(sip_msg_t* msg, char* inb, char* keyb, char* outb)
{
str ins;
str keys;
pv_spec_t *dst;
pv_value_t val;
EVP_CIPHER_CTX *en = NULL;
str etext;
if (fixup_get_svalue(msg, (gparam_t*)inb, &ins) != 0) {
LM_ERR("cannot get input value\n");
return -1;
}
if (fixup_get_svalue(msg, (gparam_t*)keyb, &keys) != 0) {
LM_ERR("cannot get key value\n");
return -1;
}
en = EVP_CIPHER_CTX_new();
if(en==NULL) {
LM_ERR("cannot get new cipher context\n");
return -1;
}
dst = (pv_spec_t*)outb;
/* gen key and iv. init the cipher ctx object */
if (crypto_aes_init((unsigned char *)keys.s, keys.len,
(unsigned char*)((_crypto_salt_param)?_crypto_salt:0), en, NULL)) {
EVP_CIPHER_CTX_free(en);
LM_ERR("couldn't initialize AES cipher\n");
return -1;
}
etext.len = ins.len;
etext.s = (char *)crypto_aes_encrypt(en, (unsigned char *)ins.s, &etext.len);
if(etext.s==NULL) {
EVP_CIPHER_CTX_free(en);
LM_ERR("AES encryption failed\n");
return -1;
}
memset(&val, 0, sizeof(pv_value_t));
val.rs.s = pv_get_buffer();
val.rs.len = base64_enc((unsigned char *)etext.s, etext.len,
(unsigned char *)val.rs.s, pv_get_buffer_size()-1);
if (val.rs.len < 0) {
EVP_CIPHER_CTX_free(en);
LM_ERR("base64 output of encrypted value is too large (need %d)\n",
-val.rs.len);
goto error;
}
LM_DBG("base64 encrypted result: [%.*s]\n", val.rs.len, val.rs.s);
val.flags = PV_VAL_STR;
dst->setf(msg, &dst->pvp, (int)EQ_T, &val);
free(etext.s);
EVP_CIPHER_CTX_cleanup(en);
EVP_CIPHER_CTX_free(en);
return 1;
error:
free(etext.s);
EVP_CIPHER_CTX_cleanup(en);
EVP_CIPHER_CTX_free(en);
return -1;
}
BUF_MEM *
retail_mac_des(const BUF_MEM * key, const BUF_MEM * in)
{
/* ISO 9797-1 algorithm 3 retail mac without any padding */
BUF_MEM * c_tmp = NULL, *d_tmp = NULL, *mac = NULL, *block = NULL;
EVP_CIPHER_CTX * ctx = NULL;
size_t len;
check(key, "Invalid arguments");
/* Flawfinder: ignore */
len = EVP_CIPHER_block_size(EVP_des_cbc());
check(key->length >= 2*len, "Key too short");
ctx = EVP_CIPHER_CTX_new();
if (!ctx)
goto err;
EVP_CIPHER_CTX_init(ctx);
/* Flawfinder: ignore */
if (!EVP_CipherInit_ex(ctx, EVP_des_cbc(), NULL,
(unsigned char *) key->data, NULL, 1) ||
!EVP_CIPHER_CTX_set_padding(ctx, 0))
goto err;
/* get last block of des_cbc encrypted input */
/* Flawfinder: ignore */
c_tmp = cipher(ctx, EVP_des_cbc(), NULL, NULL, NULL, 1, in);
if (!c_tmp)
goto err;
block = BUF_MEM_create_init(c_tmp->data + c_tmp->length - len, len);
/* decrypt last block with the rest of the key */
/* IV is always NULL */
/* Flawfinder: ignore */
if (!block || !EVP_CipherInit_ex(ctx, EVP_des_cbc(), NULL,
(unsigned char *) key->data + len, NULL, 0) ||
!EVP_CIPHER_CTX_set_padding(ctx, 0))
goto err;
/* Flawfinder: ignore */
d_tmp = cipher(ctx, EVP_des_cbc(), NULL, NULL, NULL, 0, block);
/* encrypt last block with the first key */
/* IV is always NULL */
/* Flawfinder: ignore */
if (!d_tmp || !EVP_CipherInit_ex(ctx, EVP_des_cbc(), NULL,
(unsigned char *) key->data, NULL, 1) ||
!EVP_CIPHER_CTX_set_padding(ctx, 0))
goto err;
/* Flawfinder: ignore */
mac = cipher(ctx, EVP_des_cbc(), NULL, NULL, NULL, 1, d_tmp);
BUF_MEM_free(block);
BUF_MEM_free(c_tmp);
BUF_MEM_free(d_tmp);
EVP_CIPHER_CTX_free(ctx);
return mac;
err:
if (block)
BUF_MEM_free(block);
if (c_tmp)
BUF_MEM_free(c_tmp);
if (d_tmp)
BUF_MEM_free(d_tmp);
if (ctx)
EVP_CIPHER_CTX_free(ctx);
return NULL;
}
void CC_AES(const EVP_CIPHER *cipher,
C_BLOB &Param1,
C_BLOB &Param2,
C_LONGINT &Param3,
C_LONGINT &Param5,
C_LONGINT &Param6,
C_BLOB &Param7,
C_BLOB &Param8,
C_TEXT &returnValue)
{
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
const unsigned char *source = (const unsigned char *)Param1.getBytesPtr();
int source_len = Param1.getBytesLength();
int crypted_len, tail_len;
bool key_and_iv_is_valid = false;
if( !Param2.getBytesLength()
&& Param7.getBytesLength()
&& Param8.getBytesLength()
&& Param7.getBytesLength() <= EVP_MAX_KEY_LENGTH
&& Param8.getBytesLength() <= EVP_MAX_IV_LENGTH)
{
memset(key, 0, EVP_MAX_KEY_LENGTH);
memset( iv, 0, EVP_MAX_IV_LENGTH );
memcpy(key, Param7.getBytesPtr(), Param7.getBytesLength());
memcpy( iv, Param8.getBytesPtr(), Param8.getBytesLength());
key_and_iv_is_valid = true;
}else
{
// passphrase -> key, iv
key_and_iv_is_valid = (EVP_BytesToKey(cipher, EVP_md5(), NULL,
Param2.getBytesPtr(), Param2.getBytesLength(),
2048, key, iv) > 0);
}
if (key_and_iv_is_valid) {
if(EVP_CipherInit(ctx, cipher, key, iv, 0 == Param3.getIntValue()))
{
if(Param6.getIntValue())
{
EVP_CIPHER_CTX_set_padding(ctx, 0);
}
size_t buf_size = source_len + EVP_MAX_BLOCK_LENGTH;
unsigned char *buf = (unsigned char *)calloc(buf_size, sizeof(unsigned char));
if(EVP_CipherUpdate(ctx, buf, &crypted_len, source, source_len))
{
if(EVP_CipherFinal(ctx, (buf + crypted_len), &tail_len))
{
crypted_len += tail_len;
C_BLOB temp;
temp.setBytes((const uint8_t *)buf, crypted_len);
switch (Param5.getIntValue())
{
case 1:
temp.toB64Text(&returnValue);
break;
case 2:
temp.toB64Text(&returnValue, true);
break;
default:
temp.toHexText(&returnValue);
break;
}
}
}
free(buf);
}
EVP_CIPHER_CTX_free(ctx);
}
}
void * decryption_func(void *arg)
{
struct decryption_func_locals *dfargs;
unsigned char *pwd, *key, *iv, *out;
unsigned int pwd_len, len, out_len1, out_len2;
int ret, found;
EVP_CIPHER_CTX *ctx;
dfargs = (struct decryption_func_locals *) arg;
key = (unsigned char *) malloc(EVP_CIPHER_key_length(cipher));
iv = (unsigned char *) malloc(EVP_CIPHER_iv_length(cipher));
out = (unsigned char *) malloc(data_len + EVP_CIPHER_block_size(cipher));
ctx = EVP_CIPHER_CTX_new();
if((key == NULL) || (iv == NULL) || (out == NULL) || (ctx == NULL))
{
fprintf(stderr, "Error: memory allocation failed.\n\n");
exit(EXIT_FAILURE);
}
do
{
if(dictionary == NULL)
{
if(binary)
ret = generate_next_binary_password(&pwd, &pwd_len);
else
ret = generate_next_password(&pwd, &pwd_len);
}
else
ret = read_dictionary_line(&pwd, &pwd_len);
if(ret == 0)
break;
/* Decrypt data with password */
if(no_salt)
EVP_BytesToKey(cipher, digest, NULL, pwd, pwd_len, 1, key, iv);
else
EVP_BytesToKey(cipher, digest, salt, pwd, pwd_len, 1, key, iv);
EVP_DecryptInit(ctx, cipher, key, iv);
EVP_DecryptUpdate(ctx, out, &out_len1, data, data_len);
ret = EVP_DecryptFinal(ctx, out + out_len1, &out_len2);
if(no_error || (ret == 1))
{
if(magic == NULL)
found = valid_data(out, out_len1 + out_len2);
else
found = !strncmp(out, magic, strlen(magic));
}
else
found = 0;
if(found)
{
/* We have a positive result */
handle_signal(SIGUSR1); /* Print some stats */
pthread_mutex_lock(&found_password_lock);
found_password++;
printf("Password candidate: %s\n", pwd);
if(only_one_password)
stop = 1;
pthread_mutex_unlock(&found_password_lock);
}
dfargs->counter++;
EVP_CIPHER_CTX_cleanup(ctx);
if(limit > 0)
{
pthread_mutex_lock(&found_password_lock);
count_limit++;
if(count_limit >= limit)
{
fprintf(stderr, "Maximum number of passphrases tested, aborting.\n");
stop = 1;
}
pthread_mutex_unlock(&found_password_lock);
}
free(pwd);
}
while(stop == 0);
EVP_CIPHER_CTX_free(ctx);
free(out);
free(iv);
free(key);
pthread_exit(NULL);
}
