bool Crypto::checkAlgorithms()
{
if (gcry_cipher_algo_info(GCRY_CIPHER_AES256, GCRYCTL_TEST_ALGO, nullptr, nullptr) != 0) {
m_errorStr = "GCRY_CIPHER_AES256 not found.";
qWarning("Crypto::checkAlgorithms: %s", qPrintable(m_errorStr));
return false;
}
if (gcry_cipher_algo_info(GCRY_CIPHER_TWOFISH, GCRYCTL_TEST_ALGO, nullptr, nullptr) != 0) {
m_errorStr = "GCRY_CIPHER_TWOFISH not found.";
qWarning("Crypto::checkAlgorithms: %s", qPrintable(m_errorStr));
return false;
}
if (gcry_cipher_algo_info(GCRY_CIPHER_SALSA20, GCRYCTL_TEST_ALGO, nullptr, nullptr) != 0) {
m_errorStr = "GCRY_CIPHER_SALSA20 not found.";
qWarning("Crypto::checkAlgorithms: %s", qPrintable(m_errorStr));
return false;
}
if (gcry_md_test_algo(GCRY_MD_SHA256) != 0) {
m_errorStr = "GCRY_MD_SHA256 not found.";
qWarning("Crypto::checkAlgorithms: %s", qPrintable(m_errorStr));
return false;
}
return true;
}
int real_crypto(My_crypto* obj, const unsigned char key[], const unsigned key_len, const unsigned char input[], const unsigned in_len, unsigned char output[], int choose) //choose == 1 enc, == 2 dec
{
int cipher = obj->_cipher;
//fprintf(stderr, "cipher=%i\n", cipher);
guint* real_keylen = g_new0(guint, 1);
gcry_cipher_algo_info(cipher, GCRYCTL_GET_KEYLEN, NULL, real_keylen);
//fprintf(stderr, "real_keylen=%i\n", *real_keylen);
gchar* real_key = g_new0(gchar, *real_keylen);
int i;
for (i = 0; i < *real_keylen; i++)
real_key[i] = key[i % key_len];
if (gcry_cipher_setkey(obj->_cipherhd, real_key, *real_keylen) != GPG_ERR_NO_ERROR) {
gcry_cipher_close(obj->_cipherhd);
obj->_cipherhd = NULL;
}
unsigned int blocksize;
gcry_cipher_algo_info(obj->_cipher, GCRYCTL_GET_BLKLEN, NULL, &blocksize);
//guchar* salts = g_malloc0( 1 * blocksize);
//gcry_cipher_setiv(cipherhd, salts, blocksize);
//gcry_cipher_encrypt(cipherhd, salts, 1 * blocksize, NULL, 0);
//fprintf(stderr, "salts = %s\n", salts);
gchar* iv = g_new0(gchar, blocksize);
memset(iv, 0, blocksize);
gcry_cipher_setiv(obj->_cipherhd, iv, blocksize);
unsigned out_len = in_len;
//fprintf(stderr, "in_len=%i\n", in_len);
//fprintf(stderr, "choose=%i\n", choose);
if(choose==1)
gcry_cipher_encrypt(obj->_cipherhd, output, out_len, input, in_len);
else if(choose==2)
gcry_cipher_decrypt(obj->_cipherhd, output, out_len, input, in_len);
*real_keylen = 0;
g_free(real_keylen);
memset(real_key, 0, *real_keylen);
g_free(real_key);
memset(iv, 0, blocksize);
g_free(iv);
return 0;
}
/** \brief return the key length
*/
size_t skey_ciph_t::get_key_len() const throw()
{
size_t key_len;
// get the block length
if( gcry_cipher_algo_info( get_gcry_cipher_algo(), GCRYCTL_GET_KEYLEN, NULL, &key_len ) )
DBG_ASSERT( 0 );
return key_len;
}
/* This functions returns the blocklength of the algorithm ALGO
counted in octets. On error 0 is returned.
This is a convenience functions which should be preferred over
gcry_cipher_algo_info because it allows for proper type
checking. */
size_t
gcry_cipher_get_algo_blklen (int algo)
{
size_t n;
if (gcry_cipher_algo_info( algo, GCRYCTL_GET_BLKLEN, NULL, &n))
n = 0;
return n;
}
void SymmetricCipherGcrypt::init()
{
gcry_error_t error;
error = gcry_cipher_open(&m_ctx, m_algo, m_mode, 0);
Q_ASSERT(error == 0); // TODO: real error checking
size_t blockSizeT;
error = gcry_cipher_algo_info(m_algo, GCRYCTL_GET_BLKLEN, Q_NULLPTR, &blockSizeT);
Q_ASSERT(error == 0);
m_blockSize = blockSizeT;
}
SymmetricCipherGcrypt::SymmetricCipherGcrypt(SymmetricCipher::Algorithm algo, SymmetricCipher::Mode mode,
SymmetricCipher::Direction direction)
: m_algo(gcryptAlgo(algo))
, m_mode(gcryptMode(mode))
, m_direction(direction)
, m_blockSize(-1)
{
Q_ASSERT(Crypto::initalized());
gcry_error_t error;
error = gcry_cipher_open(&m_ctx, m_algo, m_mode, 0);
Q_ASSERT(error == 0); // TODO: real error checking
size_t blockSizeT;
error = gcry_cipher_algo_info(m_algo, GCRYCTL_GET_BLKLEN, Q_NULLPTR, &blockSizeT);
Q_ASSERT(error == 0);
m_blockSize = blockSizeT;
}
static gcry_cipher_hd_t
prepare_and_encode_pkcs8_cipher (GNode *asn, const gchar *password,
gsize n_password, gsize *n_block)
{
GNode *asn1_params = NULL;
gcry_cipher_hd_t cih;
guchar salt[8];
gcry_error_t gcry;
guchar *key, *iv, *portion;
gsize n_key, n_portion;
int iterations;
init_quarks ();
/* Make sure the encryption algorithm works */
g_return_val_if_fail (gcry_cipher_algo_info (OID_PKCS12_PBE_3DES_SHA1,
GCRYCTL_TEST_ALGO, NULL, 0), NULL);
/* The encryption algorithm */
if(!egg_asn1x_set_oid_as_quark (egg_asn1x_node (asn, "encryptionAlgorithm", "algorithm", NULL),
OID_PKCS12_PBE_3DES_SHA1))
g_return_val_if_reached (NULL);
/* Randomize some input for the password based secret */
iterations = 1000 + (int) (1000.0 * rand () / (RAND_MAX + 1.0));
gcry_create_nonce (salt, sizeof (salt));
/* Allocate space for the key and iv */
n_key = gcry_cipher_get_algo_keylen (GCRY_CIPHER_3DES);
*n_block = gcry_cipher_get_algo_blklen (GCRY_MD_SHA1);
g_return_val_if_fail (n_key && *n_block, NULL);
if (!egg_symkey_generate_pkcs12 (GCRY_CIPHER_3DES, GCRY_MD_SHA1,
password, n_password, salt,
sizeof (salt), iterations, &key, &iv))
g_return_val_if_reached (NULL);
/* Now write out the parameters */
asn1_params = egg_asn1x_create (pkix_asn1_tab, "pkcs-12-PbeParams");
g_return_val_if_fail (asn1_params, NULL);
if (!egg_asn1x_set_string_as_raw (egg_asn1x_node (asn1_params, "salt", NULL), salt, sizeof (salt), NULL))
g_return_val_if_reached (NULL);
if (!egg_asn1x_set_integer_as_ulong (egg_asn1x_node (asn1_params, "iterations", NULL), iterations))
g_return_val_if_reached (NULL);
portion = egg_asn1x_encode (asn1_params, NULL, &n_portion);
if (portion == NULL) {
g_warning ("couldn't encode pkcs8 params key: %s", egg_asn1x_message (asn1_params));
g_return_val_if_reached (NULL);
}
if (!egg_asn1x_set_raw_element (egg_asn1x_node (asn, "encryptionAlgorithm", "parameters", NULL),
portion, n_portion, g_free))
g_return_val_if_reached (NULL);
/* Now make a cipher that matches what we wrote out */
gcry = gcry_cipher_open (&cih, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
g_return_val_if_fail (gcry == 0, NULL);
g_return_val_if_fail (cih, NULL);
gcry_cipher_setiv (cih, iv, *n_block);
gcry_cipher_setkey (cih, key, n_key);
g_free (iv);
egg_secure_free (key);
egg_asn1x_destroy (asn1_params);
return cih;
}
static gcry_cipher_hd_t
prepare_and_encode_pkcs8_cipher (GNode *asn, const gchar *password,
gsize n_password, gsize *n_block)
{
GNode *asn1_params = NULL;
gcry_cipher_hd_t cih;
guchar *salt;
gsize n_salt;
gcry_error_t gcry;
guchar *key, *iv;
gsize n_key;
int iterations;
init_quarks ();
/* Make sure the encryption algorithm works */
g_return_val_if_fail (gcry_cipher_algo_info (gcry_cipher_map_name (g_quark_to_string (OID_PKCS12_PBE_3DES_SHA1)),
GCRYCTL_TEST_ALGO, NULL, 0) == 0, NULL);
/* The encryption algorithm */
if(!egg_asn1x_set_oid_as_quark (egg_asn1x_node (asn, "encryptionAlgorithm", "algorithm", NULL),
OID_PKCS12_PBE_3DES_SHA1))
g_return_val_if_reached (NULL);
/* Randomize some input for the password based secret */
iterations = g_random_int_range (1000, 4096);
n_salt = 8;
salt = g_malloc (n_salt);
gcry_create_nonce (salt, n_salt);
/* Allocate space for the key and iv */
n_key = gcry_cipher_get_algo_keylen (GCRY_CIPHER_3DES);
*n_block = gcry_cipher_get_algo_blklen (GCRY_MD_SHA1);
g_return_val_if_fail (n_key && *n_block, NULL);
if (!egg_symkey_generate_pkcs12 (GCRY_CIPHER_3DES, GCRY_MD_SHA1,
password, n_password, salt,
sizeof (salt), iterations, &key, &iv))
g_return_val_if_reached (NULL);
/* Now write out the parameters */
asn1_params = egg_asn1x_create (pkix_asn1_tab, "pkcs-12-PbeParams");
g_return_val_if_fail (asn1_params, NULL);
egg_asn1x_set_string_as_raw (egg_asn1x_node (asn1_params, "salt", NULL), salt, n_salt, g_free);
egg_asn1x_set_integer_as_ulong (egg_asn1x_node (asn1_params, "iterations", NULL), iterations);
egg_asn1x_set_any_from (egg_asn1x_node (asn, "encryptionAlgorithm", "parameters", NULL), asn1_params);
/* Now make a cipher that matches what we wrote out */
gcry = gcry_cipher_open (&cih, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
g_return_val_if_fail (gcry == 0, NULL);
g_return_val_if_fail (cih, NULL);
gcry_cipher_setiv (cih, iv, *n_block);
gcry_cipher_setkey (cih, key, n_key);
g_free (iv);
egg_secure_free (key);
egg_asn1x_destroy (asn1_params);
return cih;
}
