void cmd_start_crypt_out(struct ctrl_command *cmd) { #ifdef HAVE_LIBCRYPTO if (out_state.crypt) send_error("can't start encryption - already started!"); if (!out_state.crypt_state.cipher) send_error("can't start encryption - no cipher set!"); if (!out_state.crypt_state.key) send_error("can't start encryption - no key set!"); out_state.crypt = 1; if (!EVP_EncryptInit(&out_state.crypt_state.ctx, out_state.crypt_state.cipher, NULL, NULL)) send_error("can't start encryption - EncryptInit (1) failed: %s!", ERR_error_string(ERR_get_error(), NULL)); /* * XXX - ugly hack to work around OpenSSL bug * if/when OpenSSL fix it, or give proper workaround * use that, and force minimum OpenSSL version * * Without this hack, BF/256 will fail. */ /* cast to avoid warning */ *(unsigned int *)(&out_state.crypt_state.ctx.cipher->flags) |= EVP_CIPH_VARIABLE_LENGTH; if (!EVP_CIPHER_CTX_set_key_length(&out_state.crypt_state.ctx, out_state.crypt_state.keylen)) send_error("can't start encryption - set_key_length failed: %s!", ERR_error_string(ERR_get_error(), NULL)); out_state.crypt_state.ivlen = EVP_CIPHER_CTX_iv_length(&out_state.crypt_state.ctx); if (out_state.crypt_state.ivlen) out_state.crypt_state.iv = calloc(out_state.crypt_state.ivlen, 1); if (out_state.crypt_state.rounds) { if (!EVP_CIPHER_CTX_ctrl(&out_state.crypt_state.ctx, EVP_CTRL_SET_RC5_ROUNDS, out_state.crypt_state.rounds, NULL)) send_error("can't start encryption - SET_RC5_ROUNDS failed: %s!", ERR_error_string(ERR_get_error(), NULL)); } if (!EVP_EncryptInit(&out_state.crypt_state.ctx, NULL, out_state.crypt_state.key, out_state.crypt_state.iv)) send_error("can't start encryption - EncryptInit (2) failed: %s!", ERR_error_string(ERR_get_error(), NULL)); #else send_error("can't start encryption - no OpenSSL suppport!"); #endif }
void cmd_start_crypt_out(struct ctrl_command *cmd) { #ifdef HAVE_LIBCRYPTO if (out_state.crypt) send_error("can't start encryption - already started!"); if (!out_state.crypt_state.cipher) send_error("can't start encryption - no cipher set!"); if (!out_state.crypt_state.key) send_error("can't start encryption - no key set!"); out_state.crypt = 1; if (!EVP_EncryptInit(&out_state.crypt_state.ctx, out_state.crypt_state.cipher, NULL, NULL)) send_error("can't start encryption - EncryptInit (1) failed: %s!", ERR_error_string(ERR_get_error(), NULL)); if (!EVP_CIPHER_CTX_set_key_length(&out_state.crypt_state.ctx, out_state.crypt_state.keylen)) send_error("can't start encryption - set_key_length failed: %s!", ERR_error_string(ERR_get_error(), NULL)); out_state.crypt_state.ivlen = EVP_CIPHER_CTX_iv_length(&out_state.crypt_state.ctx); if (out_state.crypt_state.ivlen) out_state.crypt_state.iv = calloc(out_state.crypt_state.ivlen, 1); if (out_state.crypt_state.rounds) { if (!EVP_CIPHER_CTX_ctrl(&out_state.crypt_state.ctx, EVP_CTRL_SET_RC5_ROUNDS, out_state.crypt_state.rounds, NULL)) send_error("can't start encryption - SET_RC5_ROUNDS failed: %s!", ERR_error_string(ERR_get_error(), NULL)); } if (!EVP_EncryptInit(&out_state.crypt_state.ctx, NULL, out_state.crypt_state.key, out_state.crypt_state.iv)) send_error("can't start encryption - EncryptInit (2) failed: %s!", ERR_error_string(ERR_get_error(), NULL)); #else send_error("can't start encryption - no OpenSSL suppport!"); #endif }
wi_cipher_t * wi_cipher_init_with_key(wi_cipher_t *cipher, wi_cipher_type_t type, wi_data_t *key, wi_data_t *iv) { unsigned char *key_buffer, *iv_buffer; cipher->type = type; cipher->cipher = _wi_cipher_cipher(cipher); key_buffer = (unsigned char *) wi_data_bytes(key); iv_buffer = iv ? (unsigned char *) wi_data_bytes(iv) : NULL; if(EVP_EncryptInit(&cipher->encrypt_ctx, cipher->cipher, NULL, NULL) != 1) { wi_error_set_openssl_error(); wi_release(cipher); return NULL; } if(EVP_DecryptInit(&cipher->decrypt_ctx, cipher->cipher, NULL, NULL) != 1) { wi_error_set_openssl_error(); wi_release(cipher); return NULL; } _wi_cipher_configure_cipher(cipher); if(EVP_EncryptInit(&cipher->encrypt_ctx, cipher->cipher, key_buffer, iv_buffer) != 1) { wi_error_set_openssl_error(); wi_release(cipher); return NULL; } if(EVP_DecryptInit(&cipher->decrypt_ctx, cipher->cipher, key_buffer, iv_buffer) != 1) { wi_error_set_openssl_error(); wi_release(cipher); return NULL; } cipher->key = wi_retain(key); cipher->iv = wi_retain(iv); return cipher; }
/** * @ingroup TestOpenssl * @brief AES256 암호화 테스트 */ void AES256( ) { const char * pszKey = "12345678901234567890123456789012"; const char * pszIv = "1234567890123456"; const char * pszInput = "ABCD"; char szOutput[255]; int iOutputLen, iLen; OpenSSL_add_all_ciphers(); const EVP_CIPHER * psttCipher = EVP_get_cipherbyname( "aes256" ); EVP_CIPHER_CTX sttCtx; memset( szOutput, 0, sizeof(szOutput) ); EVP_CIPHER_CTX_init( &sttCtx ); EVP_EncryptInit( &sttCtx, psttCipher, (const unsigned char *)pszKey, (const unsigned char *)pszIv ); EVP_EncryptUpdate( &sttCtx, (uint8_t *)szOutput, &iOutputLen, (uint8_t *)pszInput, strlen(pszInput) ); EVP_EncryptFinal( &sttCtx, (uint8_t *)szOutput + iOutputLen, &iLen ); EVP_CIPHER_CTX_cleanup( &sttCtx ); iOutputLen += iLen; for( int i = 0; i < iOutputLen; ++i ) { printf( "%02X", (uint8_t)szOutput[i] ); } printf( "\n" ); EVP_cleanup(); }
/** Set the key of <b>cipher</b> to <b>key</b>, which is * <b>key_bits</b> bits long (must be 128, 192, or 256). Also resets * the counter to 0. */ static void aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits) { if (should_use_EVP) { const EVP_CIPHER *c = 0; switch (key_bits) { case 128: c = EVP_aes_128_ecb(); break; case 192: c = EVP_aes_192_ecb(); break; case 256: c = EVP_aes_256_ecb(); break; default: tor_assert(0); } EVP_EncryptInit(&cipher->key.evp, c, (const unsigned char*)key, NULL); cipher->using_evp = 1; } else { AES_set_encrypt_key((const unsigned char *)key, key_bits,&cipher->key.aes); cipher->using_evp = 0; } #ifdef USING_COUNTER_VARS cipher->counter0 = 0; cipher->counter1 = 0; cipher->counter2 = 0; cipher->counter3 = 0; #endif memset(cipher->ctr_buf.buf, 0, sizeof(cipher->ctr_buf.buf)); cipher->pos = 0; memset(cipher->buf, 0, sizeof(cipher->buf)); }
static int lencrypt (lua_State *L) { size_t len = 0; const char *text = lua_tolstring (L, 1, &len); const char *key = lua_tostring (L, 2); EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); unsigned char iv[16] = { 0 }; char *output = malloc (len + AES_BLOCK_SIZE); int olen1; int olen2; EVP_EncryptInit (ctx, EVP_aes_128_cbc(), (unsigned char *)key, iv); EVP_EncryptUpdate (ctx, (unsigned char *)output, &olen1, (const unsigned char *)text, len); int ok = EVP_EncryptFinal (ctx, (unsigned char *)output + olen1, &olen2); if (!ok) { free (output); EVP_CIPHER_CTX_free (ctx); return 0; } lua_pushlstring (L, output, olen1 + olen2); free (output); EVP_CIPHER_CTX_free (ctx); return 1; }
std::string encrypt_aes256(const std::string& plain,const std::string& key,const std::string& iv) { std::string cipher; cipher.resize((plain.size()/AES_BLOCK_SIZE+1)*AES_BLOCK_SIZE); EVP_CIPHER_CTX* ctx=nullptr; try { ctx=EVP_CIPHER_CTX_new(); if(key.size()!=AES256_KEY_SIZE) throw std::runtime_error("encrypt_aes256() - Given key size is invalid ("+ std::to_string(AES256_KEY_SIZE)+"bytes )."); int temp_length; int temp_unaligned_length; if(ctx==nullptr) throw std::runtime_error("encrypt_aes256() - Creating a EVP_CIPHER_CTX failed."); if(EVP_CIPHER_CTX_set_padding(ctx,1)==0) throw std::runtime_error("encrypt_aes256() - EVP_CIPHER_CTX_set_padding failed."); if(EVP_EncryptInit(ctx,EVP_aes_256_cbc(),(uint8_t*)key.data(),(uint8_t*)iv.data())==0) throw std::runtime_error("encrypt_aes256() - EVP_EncryptInit failed."); if(EVP_EncryptUpdate(ctx,(uint8_t*)cipher.data(),&temp_length,(uint8_t*)plain.data(),plain.size())==0) throw std::runtime_error("encrypt_aes256() - EVP_EncryptUpdate failed."); if(EVP_EncryptFinal(ctx,(uint8_t*)cipher.data()+temp_length,&temp_unaligned_length)==0) throw std::runtime_error("encrypt_aes256() - EVP_EncryptFinal failed."); cipher.resize(temp_length+temp_unaligned_length); } catch(...) { aes_cleanup(ctx); throw; } aes_cleanup(ctx); return cipher; }
unsigned char * aes_oneshot_encrypt( unsigned char * key, int key_len, unsigned char * salt, int salt_len, unsigned char * data, int data_len, int * out_len) { int nalloc = 0; int npartial = 0; int nfinal = 0; unsigned char * encrypted = 0; unsigned char key_buff[SHA256_DIGEST_LENGTH]; unsigned char iv_buff[SHA256_DIGEST_LENGTH]; *out_len = 0; SHA256( key, key_len, key_buff ); SHA256( salt, salt_len, iv_buff ); EVP_CIPHER_CTX ctx; EVP_EncryptInit(&ctx, EVP_aes_256_cbc(), key_buff, iv_buff); nalloc = data_len + EVP_CIPHER_CTX_block_size(&ctx); encrypted = malloc( nalloc ); EVP_EncryptUpdate(&ctx, encrypted, &npartial, data, data_len); EVP_EncryptFinal_ex(&ctx, encrypted+npartial, &nfinal); *out_len = npartial + nfinal; return encrypted; }
DBT *encrypt(unsigned char *unenc, unsigned long size) { unsigned char *safepasswd; EVP_CIPHER_CTX ctx; DBT *encoded; int olen, tlen; FUNC; safepasswd = safepassword(); EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit(&ctx, EVP_bf_cbc(), safepasswd, config->iv); encoded = s_malloc(sizeof(DBT)); encoded->data = s_malloc(8 + size); //Blowfish can grow 64 bits if (EVP_EncryptUpdate(&ctx, encoded->data, &olen, unenc, size) != 1) { die_cryptoerr("error in encrypt update\n"); } if (EVP_EncryptFinal(&ctx, encoded->data + olen, &tlen) != 1) { die_cryptoerr("error in encrypt final\n"); } EVP_CIPHER_CTX_cleanup(&ctx); encoded->size = olen + tlen; if (encoded->size > 8 + size) { die_cryptoerr ("Unexpected fatal error : data has grown in size after encryption.\n"); } free(safepasswd); EFUNC; return encoded; }
int data_encrypt(unsigned char *src, unsigned char *dst, int len, struct peer *p) { int tlen, olen; if (encryption_disabled){ memcpy(dst,src,len); return len; } if (!ctx_initialized) { EVP_CIPHER_CTX_init (&ctx); ctx_initialized = 1; } EVP_EncryptInit (&ctx, EVP_bf_cbc (), p->key, p->iv); if (EVP_EncryptUpdate (&ctx, dst, &olen, src, len) != 1) { fprintf (stderr,"error in encrypt update\n"); olen = -1; goto cleanup; } if (EVP_EncryptFinal (&ctx, dst + olen, &tlen) != 1) { fprintf (stderr,"error in encrypt final\n"); olen = -1; goto cleanup; } olen += tlen; cleanup: EVP_CIPHER_CTX_cleanup(&ctx); return olen; }
char * CGI_encrypt(const void *p, int len, const char *password) { EVP_CIPHER_CTX ctx; unsigned char md[DIGEST_SIZE]; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char *out; char *b64; int offset, rlen; if (p == 0 || len <= 0 || password == 0 || *password == 0) { return 0; } out = malloc(SALT_SIZE + DIGEST_SIZE + len + EVP_MAX_BLOCK_LENGTH); init_salt(out); digest(p, len, password, out, md); EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), out, (unsigned char *) password, strlen(password), 1, key, iv); EVP_EncryptInit(&ctx, EVP_aes_256_cbc(), key, iv); offset = SALT_SIZE; EVP_EncryptUpdate(&ctx, out + offset, &rlen, md, DIGEST_SIZE); offset += rlen; EVP_EncryptUpdate(&ctx, out + offset, &rlen, p, len); offset += rlen; EVP_EncryptFinal(&ctx, out + offset, &rlen); b64 = CGI_encode_base64(out, offset + rlen); free(out); return b64; }
int Init_GCM(JNIEnv* env, jobject obj, jbyteArray key, jbyteArray iv, jint mode) { jbyte* keyBytes = (*env)->GetByteArrayElements(env, key, NULL); if (!keyBytes) { return CRYPTO_FAILURE; } jbyte* ivBytes = (*env)->GetByteArrayElements(env, iv, NULL); if (!ivBytes) { (*env)->ReleaseByteArrayElements(env, key, keyBytes, JNI_ABORT); return CRYPTO_FAILURE; } GCM_JNI_CTX* ctx = Create_GCM_JNI_CTX(keyBytes, ivBytes); Set_GCM_JNI_CTX(env, obj, ctx); (*env)->ReleaseByteArrayElements(env, key, keyBytes, JNI_ABORT); (*env)->ReleaseByteArrayElements(env, iv, ivBytes, JNI_ABORT); if (mode == GCM_ENCRYPT_MODE) { if (!EVP_EncryptInit(ctx->cipherCtx, EVP_aes_128_gcm(), ctx->key, ctx->iv)) { return CRYPTO_FAILURE; } } else if (mode == GCM_DECRYPT_MODE) { if (!EVP_DecryptInit(ctx->cipherCtx, EVP_aes_128_gcm(), ctx->key, ctx->iv)) { return CRYPTO_FAILURE; } } else { return CRYPTO_FAILURE; } return CRYPTO_SUCCESS; }
const char* encrypt(unsigned char* inbuff, int inbuff_len, unsigned char* key, unsigned char* iv) { EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit(&ctx, EVP_bf_cbc(), key, iv); unsigned char* outbuf = (unsigned char *)malloc(sizeof(unsigned char) * BUF_SIZE); memset(outbuf, 0, BUF_SIZE); int olen=0, tlen=0; if (EVP_EncryptUpdate(&ctx, outbuf, &olen, inbuff, inbuff_len) != 1) { LOGE("Error in encrypt update"); return 0; } if (EVP_EncryptFinal(&ctx, outbuf + olen, &tlen) != 1) { std::ostringstream err; err << "Error in encrypt final: " << strerror(errno); LOGE(err.str().c_str()); return 0; } EVP_CIPHER_CTX_cleanup(&ctx); return (const char*) outbuf; }
enum snmp_code snmp_pdu_encrypt(const struct snmp_pdu *pdu) { int32_t err, olen; uint8_t iv[SNMP_PRIV_AES_IV_SIZ]; const EVP_CIPHER *ctype; EVP_CIPHER_CTX ctx; err = snmp_pdu_cipher_init(pdu, pdu->scoped_len, &ctype, iv); if (err < 0) return (SNMP_CODE_EDECRYPT); else if (err == 0) return (SNMP_CODE_OK); if (EVP_EncryptInit(&ctx, ctype, pdu->user.priv_key, iv) != 1) return (SNMP_CODE_FAILED); if (EVP_EncryptUpdate(&ctx, pdu->scoped_ptr, &olen, pdu->scoped_ptr, pdu->scoped_len) != 1 || EVP_EncryptFinal(&ctx, pdu->scoped_ptr + olen, &olen) != 1) { EVP_CIPHER_CTX_cleanup(&ctx); return (SNMP_CODE_FAILED); } EVP_CIPHER_CTX_cleanup(&ctx); return (SNMP_CODE_OK); }
bool AesCbcCipher::encrypt(const Vuc& in, Vuc& out) { // according to the openssl docs: // the amount of data written may be as large as (in.size() + cipher_block_size - 1) size_t outSize = in.size() + AES_BLOCK_SIZE - 1; // the output buffer must also be a multiple of blocksize if ((outSize % AES_BLOCK_SIZE) != 0) outSize = ((outSize / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE; out.resize(outSize, 0); // init encryption ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free> ctx(EVP_CIPHER_CTX_new()); EVP_EncryptInit(ctx.get(), getCipher(), &key_[0], &iv_[0]); // do the encrypt; must keep track of the number of bytes produced int nBytes = 0; EVP_EncryptUpdate(ctx.get(), &out[0], &nBytes, &in[0], in.size()); int nTotalBytes = nBytes; EVP_EncryptFinal(ctx.get(), &out[nBytes], &nBytes); nTotalBytes += nBytes; // the actual output size is in nTotalBytes assert(nTotalBytes); Vuc(out.begin(), out.begin()+nTotalBytes).swap(out); // shrink to fit return true; }
ndn_Error ndn_AesAlgorithm_encrypt128Cbc (const uint8_t *key, size_t keyLength, const uint8_t *initialVector, size_t initialVectorLength, const uint8_t *plainData, size_t plainDataLength, uint8_t *encryptedData, size_t *encryptedDataLength) { EVP_CIPHER_CTX *ctx; int outLength1, outLength2; if (keyLength != ndn_AES_128_BLOCK_SIZE) return NDN_ERROR_Incorrect_key_size; if (initialVectorLength != ndn_AES_128_BLOCK_SIZE) return NDN_ERROR_Incorrect_initial_vector_size; ctx = EVP_CIPHER_CTX_new(); if (!ctx) return NDN_ERROR_Error_in_encrypt_operation; EVP_EncryptInit (ctx, EVP_aes_128_cbc(), (const unsigned char*)key, (const unsigned char*)initialVector); EVP_EncryptUpdate (ctx, (unsigned char*)encryptedData, &outLength1, (const unsigned char*)plainData, plainDataLength); EVP_EncryptFinal (ctx, (unsigned char*)encryptedData + outLength1, &outLength2); EVP_CIPHER_CTX_free(ctx); *encryptedDataLength = outLength1 + outLength2; return NDN_ERROR_success; }
aes_cnt_cipher_t * aes_new_cipher(const char *key, const char *iv) { EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); EVP_EncryptInit(cipher, EVP_aes_128_ctr(), (const unsigned char*)key, (const unsigned char *)iv); return (aes_cnt_cipher_t *) cipher; }
/** * @brief Performs basic Encrypt-then-MAC style Authenticated Encryption. * * @param[in] ekey a buffer holding the ENC key * @param[in] ekey_len len of ekey buffer * @param[in] mkey a buffer holding the MAC key * @param[in] mkey_len len of mkey buffer * @param[in] input the plaintext message * @param[in] input_len len of message buffer * @param[in,out] ctxt an allocated buffer, will hold the ciphertext * @param[in,out] ctxt_len length of buffer, will hold length of ciphertext * @param[in,out] mac an allocated buffer, will hold the MAC * @param[in,out] mac_len length of buffer, will hold length of MAC * @param[in,out] iv a randomly chosen iv (optional) * @param[in] iv_len length of buffer for iv (optional) * @return 0 on success, non-zero on error **/ int encrypt_then_mac(const unsigned char *ekey, size_t ekey_len, const unsigned char *mkey, size_t mkey_len, const unsigned char *input, size_t input_len, unsigned char *ctxt, size_t *ctxt_len, unsigned char *mac, size_t *mac_len, unsigned char *iv, size_t iv_len) { EVP_CIPHER_CTX *ctx; ctx = EVP_CIPHER_CTX_new(); EVP_CIPHER *cipher = NULL; int len; if (!ekey || !ekey_len || !mkey || !mkey_len || !input_len || !ctxt || !ctxt_len || !mac || !mac_len) return -1; OpenSSL_add_all_algorithms(); EVP_CIPHER_CTX_init(ctx); switch(ekey_len){ case 16: cipher = (EVP_CIPHER *)EVP_aes_128_cbc(); break; case 24: cipher = (EVP_CIPHER *)EVP_aes_192_cbc(); break; case 32: cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); break; default: return -1; } if (iv && iv_len) { if (!RAND_bytes(iv, iv_len)) goto cleanup; } if (!EVP_EncryptInit(ctx, cipher, ekey, iv)) goto cleanup; *ctxt_len = 0; if (!EVP_EncryptUpdate(ctx, ctxt, (int *) ctxt_len, input, input_len)) goto cleanup; EVP_EncryptFinal(ctx, ctxt + *ctxt_len, &len); *ctxt_len += len; // Do the HMAC-SHA1 *mac_len = 0; if (!HMAC(EVP_sha1(), mkey, mkey_len, ctxt, *ctxt_len, mac, (unsigned int *) mac_len)) goto cleanup; EVP_CIPHER_CTX_cleanup(ctx); return 0; cleanup: if (ctxt_len) *ctxt_len = 0; if (mac_len) *mac_len = 0; return 1; }
static int aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) /* init key */ { /* * variable "c" is leaked from this scope, but is later freed * in aes_ctr_cleanup */ aes_ctr_ctx *c; const EVP_CIPHER *aes_cipher; (void) enc; switch(EVP_CIPHER_CTX_key_length(ctx)) { case 16: aes_cipher = EVP_aes_128_ecb(); break; case 24: aes_cipher = EVP_aes_192_ecb(); break; case 32: aes_cipher = EVP_aes_256_ecb(); break; default: return 0; } c = malloc(sizeof(*c)); if(c == NULL) return 0; #ifdef HAVE_OPAQUE_STRUCTS c->aes_ctx = EVP_CIPHER_CTX_new(); #else c->aes_ctx = malloc(sizeof(EVP_CIPHER_CTX)); #endif if(c->aes_ctx == NULL) { free(c); return 0; } if(EVP_EncryptInit(c->aes_ctx, aes_cipher, key, NULL) != 1) { #ifdef HAVE_OPAQUE_STRUCTS EVP_CIPHER_CTX_free(c->aes_ctx); #else free(c->aes_ctx); #endif free(c); return 0; } EVP_CIPHER_CTX_set_padding(c->aes_ctx, 0); memcpy(c->ctr, iv, AES_BLOCK_SIZE); EVP_CIPHER_CTX_set_app_data(ctx, c); return 1; }
int openssl_encrypt(struct emvpn_socket *v, uint8_t *to, uint8_t *from, int len) { int clen, flen = 0; EVP_CIPHER_CTX_init(&enc); EVP_EncryptInit(&enc, EVP_aes_256_cbc(), v->key.key, v->key.iv); EVP_EncryptUpdate(&enc, to, &clen, from, len); EVP_EncryptFinal_ex(&enc, to + clen, &flen); return clen + (flen % 16) ; }
int main(int argc, char** argv) { // get data to encrypt. // if (argc != 3) { printf("Usage: %s <base64 enc key> <data to encryt>\n", argv[0]); return 0; } // base64 decode key // BIO *mbio = BIO_new_mem_buf(argv[1], strlen(argv[1])); BIO *b64bio = BIO_new(BIO_f_base64()); BIO_set_flags(b64bio, BIO_FLAGS_BASE64_NO_NL); BIO *bio = BIO_push(b64bio, mbio); char key[256]; size_t keylen = 0; keylen = BIO_read(bio, key, sizeof(key)); BIO_free(mbio); BIO_free(b64bio); // encrypt the data // char out[256]; int outlen = 0; EVP_CIPHER_CTX ctx; EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL); EVP_EncryptUpdate(&ctx, out, &outlen, argv[2], strlen(argv[2])); EVP_EncryptFinal(&ctx, out, &outlen); EVP_CIPHER_CTX_cleanup(&ctx); // base64 encode encrypted data // mbio = BIO_new(BIO_s_mem()); b64bio = BIO_new(BIO_f_base64()); BIO_set_flags(b64bio, BIO_FLAGS_BASE64_NO_NL); bio = BIO_push(b64bio, mbio); BIO_write(bio, out, outlen); BIO_flush(bio); char* data = NULL; size_t datalen = 0; datalen = BIO_get_mem_data(mbio, &data); data[datalen] = '\0'; printf("encrypted data: [%s]\n", data); BIO_free(mbio); BIO_free(b64bio); return 0; }
EVP_CIPHER_CTX* CreateCTX(GByte* pabyKey, GByte* pabyIV, bool bDecrypt) { EVP_CIPHER_CTX* pstCTX = new EVP_CIPHER_CTX; const EVP_CIPHER * cipher = NULL; EVP_CIPHER_CTX_init(pstCTX); wxGISAppConfig oConfig = GetConfig(); if(oConfig.IsOk()) { wxString sMode = oConfig.Read(enumGISHKCU, wxString(wxT("wxGISCommon/crypt/mode")), wxString(ERR)); #ifndef OPENSSL_NO_AES if(sMode.IsSameAs(wxString(wxT("AES")), false)) cipher = EVP_aes_256_cfb(); #endif #ifndef OPENSSL_NO_IDEA if(sMode.IsSameAs(wxString(wxT("IDEA")), false)) cipher = EVP_idea_cbc(); #endif #ifndef OPENSSL_NO_RC2 if(sMode.IsSameAs(wxString(wxT("RC2")), false)) cipher = EVP_rc2_cbc(); #endif #ifndef OPENSSL_NO_BF if(sMode.IsSameAs(wxString(wxT("BF")), false)) cipher = EVP_bf_cbc(); #endif #ifndef OPENSSL_NO_CAST if(sMode.IsSameAs(wxString(wxT("CAST5")), false)) cipher = EVP_cast5_cbc(); #endif #ifndef OPENSSL_NO_DES if(NULL == cipher || sMode.IsSameAs(wxString(ERR)) || sMode.IsSameAs(wxString(wxT("DES")), false)) cipher = EVP_des_cfb(); #endif } else #ifndef OPENSSL_NO_DES cipher = EVP_des_cfb(); #else return NULL; #endif if(NULL == cipher) return NULL; bool bResult; if(bDecrypt) bResult = EVP_EncryptInit(pstCTX, cipher, pabyKey, pabyIV); else bResult = EVP_DecryptInit(pstCTX, cipher, pabyKey, pabyIV); if(!bResult) return NULL; return pstCTX; }
int Crypto::initEnc(unsigned char key[16], unsigned char iv[8]) { memcpy(m_pcKey, key, 16); memcpy(m_pcIV, iv, 8); EVP_CIPHER_CTX_init(&m_CTX); EVP_EncryptInit(&m_CTX, EVP_bf_cbc(), m_pcKey, m_pcIV); m_iCoderType = 1; return 0; }
/* tlamijan */ int main(void) { unsigned char ot[1024]; // open text unsigned char st[1024]; // sifrovany text unsigned char key[EVP_MAX_KEY_LENGTH] = "Super tajny klic"; // klic pro sifrovani unsigned char iv[EVP_MAX_IV_LENGTH] = "vector unknown"; // inicializacni vektor const char * filename = "Mad_scientist.bmp"; const char * outfilename = "Mad_scientist_aes_cbc.bmp"; int otLength = 0; int stLength = 0; int tmpLength = 0; int readlen = 0; char header[14]; unsigned int offset = 0; EVP_CIPHER_CTX ctx; // struktura pro kontext FILE * fin = fopen(filename,"rb"); FILE * fout = fopen(outfilename,"w+b"); if(!fin){ printf("File not found"); } fread(header,1,14,fin); fwrite(header,1,14,fout); offset = (unsigned int)*(&header[10]); offset -= 14; while(offset > 1024){ fread(ot,1,1024,fin); fwrite(ot,1,1024,fout); offset -= 1024; } fread(ot,1,offset,fin); fwrite(ot,1,offset,fout); EVP_EncryptInit(&ctx, EVP_aes_256_cbc(), key, iv); // nastaveni kontextu pro sifrovani do{ readlen = fread(ot,1,1024,fin); EVP_EncryptUpdate(&ctx, st, &stLength, ot, readlen); // sifrovani ot fwrite(st,1,stLength,fout); }while(readlen == 1024); EVP_EncryptFinal(&ctx, &st[stLength], &tmpLength); // ziskani sifrovaneho textu z kontextu fwrite(&st[stLength],1,tmpLength,fout); stLength += tmpLength; fclose(fin); fclose(fout); exit(0); }
/** Encrypt a buffer. * Uses the cipher set in the constructor. * @param plain plain text data * @param enc upon return contains encrypted buffer */ void BufferEncryptor::encrypt(const std::string &plain, std::string &enc) { #ifdef HAVE_LIBCRYPTO const EVP_CIPHER *evp_cipher = cipher_by_id(cipher_id_); const size_t iv_size = EVP_CIPHER_iv_length(evp_cipher); unsigned char iv_hash[SHA256_DIGEST_LENGTH]; unsigned char *enc_m = (unsigned char *)enc.c_str(); if (iv_size > 0) { iv_ += 1; if (! SHA256((unsigned char *)&iv_, sizeof(iv_), iv_hash)) { throw std::runtime_error("Failed to generate IV"); } enc.replace(0, iv_size, (char *)iv_hash, iv_size); enc_m += iv_size; } EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); if ( ! EVP_EncryptInit(ctx, evp_cipher, key_, iv_hash)) { EVP_CIPHER_CTX_free(ctx); throw std::runtime_error("Could not initialize cipher context"); } int outl = enc.size() - iv_size; if ( ! EVP_EncryptUpdate(ctx, enc_m, &outl, (unsigned char *)plain.c_str(), plain.size()) ) { EVP_CIPHER_CTX_free(ctx); throw std::runtime_error("EncryptUpdate failed"); } int plen = 0; if ( ! EVP_EncryptFinal_ex(ctx, enc_m + outl, &plen) ) { EVP_CIPHER_CTX_free(ctx); throw std::runtime_error("EncryptFinal failed"); } outl += plen; EVP_CIPHER_CTX_free(ctx); enc.resize(outl + iv_size); #else throw std::runtime_error("Encryption support not available"); #endif }
int encrypt_and_authentucate_secrets(CPOR_key *key, unsigned char *input, size_t input_len, unsigned char *ciphertext, size_t *ciphertext_len, unsigned char *authenticator, size_t *authenticator_len) { EVP_CIPHER_CTX ctx; EVP_CIPHER *cipher = NULL; int len; if(!key || !key->k_enc || !key->k_mac || !input || !input_len || !ciphertext || !ciphertext_len || !authenticator || !authenticator_len) return 0; OpenSSL_add_all_algorithms(); EVP_CIPHER_CTX_init(&ctx); switch(key->k_enc_size) { case 16: cipher = (EVP_CIPHER *)EVP_aes_128_cbc(); break; case 24: cipher = (EVP_CIPHER *)EVP_aes_192_cbc(); break; case 32: cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); break; default: return 0; } //TODO: Fix the NULL IV if(!EVP_EncryptInit(&ctx, cipher, key->k_enc, NULL)) goto cleanup; *ciphertext_len = 0; if(!EVP_EncryptUpdate(&ctx, ciphertext, (int *)ciphertext_len, input, input_len)) goto cleanup; EVP_EncryptFinal(&ctx, ciphertext + *ciphertext_len, &len); *ciphertext_len += len; *authenticator_len = 0; /* Do the HMAC-SHA1 */ if(!HMAC(EVP_sha1(), key->k_mac, key->k_mac_size, ciphertext, *ciphertext_len, authenticator, (unsigned int *)authenticator_len)) goto cleanup; EVP_CIPHER_CTX_cleanup(&ctx); return 1; cleanup: *ciphertext_len = 0; *authenticator_len = 0; return 0; }
aes_cnt_cipher_t * aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits) { EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); const EVP_CIPHER *c; switch (key_bits) { case 128: c = EVP_aes_128_ctr(); break; case 192: c = EVP_aes_192_ctr(); break; case 256: c = EVP_aes_256_ctr(); break; default: tor_assert(0); // LCOV_EXCL_LINE } EVP_EncryptInit(cipher, c, key, iv); return (aes_cnt_cipher_t *) cipher; }
void isc_aes256_crypt(const unsigned char *key, const unsigned char *in, unsigned char *out) { EVP_CIPHER_CTX c; int len; EVP_CIPHER_CTX_init(&c); RUNTIME_CHECK(EVP_EncryptInit(&c, EVP_aes_256_ecb(), key, NULL) == 1); EVP_CIPHER_CTX_set_padding(&c, 0); RUNTIME_CHECK(EVP_EncryptUpdate(&c, out, &len, in, ISC_AES_BLOCK_LENGTH) == 1); RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH); RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(&c) == 1); }
QByteArray JulyAES256::encrypt(const QByteArray &data, const QByteArray &password) { int outLen=0; QByteArray dataBuff;dataBuff.resize(data.size()+AES_BLOCK_SIZE); EVP_CIPHER_CTX evpCipherCtx; EVP_CIPHER_CTX_init(&evpCipherCtx); EVP_EncryptInit(&evpCipherCtx,EVP_aes_256_cbc(),(const unsigned char*)sha256(password).data(),(const unsigned char*)sha256("JulyAES"+password).data()); EVP_EncryptUpdate(&evpCipherCtx,(unsigned char*)dataBuff.data(),&outLen,(const unsigned char*)data.data(),data.size()); int tempLen=outLen; EVP_EncryptFinal(&evpCipherCtx,(unsigned char*)dataBuff.data()+tempLen,&outLen); tempLen+=outLen; EVP_CIPHER_CTX_cleanup(&evpCipherCtx); dataBuff.resize(tempLen); return dataBuff; }
int aes_encrypt(EVP_CIPHER_CTX* context, const unsigned char *key, const unsigned char *iv, const unsigned char *msg, size_t msg_len, unsigned char **enc_msg) { size_t block_len = 0; size_t enc_msg_len = 0; *enc_msg = (unsigned char*)malloc(msg_len + AES_BLOCK_SIZE); EVP_EncryptInit(context, EVP_aes_256_cbc(), key, iv); EVP_EncryptUpdate(context, *enc_msg, (int*)&block_len, (unsigned char*)msg, msg_len); enc_msg_len += block_len; EVP_EncryptFinal_ex(context, *enc_msg + enc_msg_len, (int*)&block_len); return enc_msg_len + block_len; }