/** * @ingroup SnmpParser * @brief SNMPv3 암호화된 PDU 를 복호화한다. * @param pszPacket 암호화된 PDU * @param iPacketLen 암호화된 PDU 길이 * @param pszPassWord private 비밀번호 * @param pszEngineId SNMPv3 engine ID * @param iEngineIdLen SNMPv3 engine ID 길이 * @param pszPrivParam msgPrivacyParameter * @param iPrivParamLen msgPrivacyParameter 길이 * @param strPlain 평문 PDU 저장 변수 * @returns 성공하면 true 를 리턴하고 실패하면 false 를 리턴한다. */ bool SnmpDecrypt( const char * pszPacket, int iPacketLen, const char * pszPassWord, const char * pszEngineId, int iEngineIdLen , const char * pszPrivParam, int iPrivParamLen, std::string & strPlain ) { uint8_t szKey[16], szAuthKey[16], szIv[8]; strPlain.clear(); if( SnmpMakeKey( pszPassWord, szKey ) == false ) return false; if( SnmpMakeAuthKey( szKey, (const uint8_t *)pszEngineId, iEngineIdLen, szAuthKey ) == false ) return false; char * pszPlain = (char *)malloc( iPacketLen ); if( pszPlain == NULL ) return false; for( int i = 0; i < 8; ++i ) { szIv[i] = pszPrivParam[i] ^ szAuthKey[8+i]; } DES_key_schedule sttKeySchedule; DES_cblock sttBlock; memcpy( sttBlock, szAuthKey, sizeof(sttBlock) ); DES_key_sched( &sttBlock, &sttKeySchedule ); DES_cbc_encrypt( (uint8_t *)pszPacket, (uint8_t *)pszPlain, iPacketLen, &sttKeySchedule, (DES_cblock *)szIv, DES_DECRYPT ); strPlain.append( pszPlain, iPacketLen ); free( pszPlain ); return true; }
static int crypt_all(int *pcount, struct db_salt *salt) { int count = *pcount; int index = 0; #ifdef _OPENMP #pragma omp parallel for for (index = 0; index < count; index++) #endif { int i; DES_cblock des_key; DES_key_schedule schedule; DES_cblock ivec; unsigned char encrypted_challenge[16] = { 0 }; /* process key */ for(i = 0; i < strlen((const char*)saved_key[index]); i++) des_key[i] = bit_flip[ARCH_INDEX(saved_key[index][i])]; memset(ivec, 0, 8); DES_set_key_unchecked(&des_key, &schedule); /* do encryption */ DES_cbc_encrypt(cur_salt->challenge, &encrypted_challenge[0], 8, &schedule, &ivec, DES_ENCRYPT); if(memcmp(encrypted_challenge, cur_salt->response, 8) == 0) { DES_cbc_encrypt(&cur_salt->challenge[8], &encrypted_challenge[8], 8, &schedule, &ivec, DES_ENCRYPT); if(memcmp(encrypted_challenge, cur_salt->response, 16) == 0) memcpy((unsigned char*)crypt_out[index], encrypted_challenge, 16); } } return count; }
static void crypt_all(int count) { int index = 0; #ifdef _OPENMP #pragma omp parallel for for (index = 0; index < count; index++) #endif { DES_cblock des_key; DES_key_schedule schedule; DES_cblock ivec; int i; /* process key */ for(i = 0; saved_key[index][i]; i++) des_key[i] = a2e_precomputed[ARCH_INDEX(saved_key[index][i])]; /* replace missing characters in userid by (EBCDIC space (0x40) XOR 0x55) << 1 */ while(i < 8) des_key[i++] = 0x2a; DES_set_key_unchecked(&des_key, &schedule); /* do encryption */ memset(ivec, 0, 8); DES_cbc_encrypt(cur_salt->userid, (unsigned char*)crypt_out[index], 8, &schedule, &ivec, DES_ENCRYPT); } }
static int des_cbc_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int size) { DES_key_schedule *k = ctx->cipher_data; DES_cbc_encrypt(in, out, size, k, (DES_cblock *)ctx->iv, ctx->encrypt); return 1; }
static void cbc_test(char key1[8], char iv[8], char in[24], char out[24]) { unsigned char k1[8], indata[24], outdata[24], outdata2[24], ansdata[24]; DES_key_schedule s1; DES_cblock ivdata; memcpy(k1, key1, 8); memcpy(ivdata, iv, 8); memcpy(indata, in, 24); memcpy(ansdata, out, 24); DES_set_odd_parity(&k1); DES_set_key_unchecked(&k1, &s1); DES_cbc_encrypt(indata, outdata, 24, &s1, &ivdata, 1); if (memcmp(outdata, ansdata, sizeof(ansdata)) != 0) errx(1, "cbc: encrypt"); DES_cbc_encrypt(outdata, outdata2, 24, &s1, &ivdata, 0); if (memcmp(indata, outdata2, sizeof(outdata2)) != 0) errx(1, "cbc: decrypt"); }
/* HAS BUGS! DON'T USE - this is only present for use in des.c */ void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length, DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock *iv1, DES_cblock *iv2, int enc) { int off=((int)length-1)/8; long l8=((length+7)/8)*8; DES_cblock niv1,niv2; if (enc == DES_ENCRYPT) { DES_cbc_encrypt((unsigned char*)input, (unsigned char*)output,length,&ks1,iv1,enc); if (length >= sizeof(DES_cblock)) op_memcpy(niv1,output[off],sizeof(DES_cblock)); DES_cbc_encrypt((unsigned char*)output, (unsigned char*)output,l8,&ks2,iv1,!enc); DES_cbc_encrypt((unsigned char*)output, (unsigned char*)output,l8,&ks1,iv2,enc); if (length >= sizeof(DES_cblock)) op_memcpy(niv2,output[off],sizeof(DES_cblock)); } else { if (length >= sizeof(DES_cblock)) op_memcpy(niv2,input[off],sizeof(DES_cblock)); DES_cbc_encrypt((unsigned char*)input, (unsigned char*)output,l8,&ks1,iv2,enc); DES_cbc_encrypt((unsigned char*)output, (unsigned char*)output,l8,&ks2,iv1,!enc); if (length >= sizeof(DES_cblock)) op_memcpy(niv1,output[off],sizeof(DES_cblock)); DES_cbc_encrypt((unsigned char*)output, (unsigned char*)output,length,&ks1,iv1,enc); } op_memcpy(*iv1,niv1,sizeof(DES_cblock)); op_memcpy(*iv2,niv2,sizeof(DES_cblock)); }
int DES_enc_write(int fd, const void *_buf, int len, DES_key_schedule *sched, DES_cblock *iv) { #if defined(OPENSSL_NO_POSIX_IO) return (-1); #else # ifdef _LIBC extern unsigned long time(); extern int write(); # endif const unsigned char *buf = _buf; long rnum; int i, j, k, outnum; static unsigned char *outbuf = NULL; unsigned char shortbuf[8]; unsigned char *p; const unsigned char *cp; static int start = 1; if (len < 0) return -1; if (outbuf == NULL) { outbuf = OPENSSL_malloc(BSIZE + HDRSIZE); if (outbuf == NULL) return (-1); } /* * If we are sending less than 8 bytes, the same char will look the same * if we don't pad it out with random bytes */ if (start) { start = 0; } /* lets recurse if we want to send the data in small chunks */ if (len > MAXWRITE) { j = 0; for (i = 0; i < len; i += k) { k = DES_enc_write(fd, &(buf[i]), ((len - i) > MAXWRITE) ? MAXWRITE : (len - i), sched, iv); if (k < 0) return (k); else j += k; } return (j); } /* write length first */ p = outbuf; l2n(len, p); /* pad short strings */ if (len < 8) { cp = shortbuf; memcpy(shortbuf, buf, len); if (RAND_bytes(shortbuf + len, 8 - len) <= 0) return -1; rnum = 8; } else { cp = buf; rnum = ((len + 7) / 8 * 8); /* round up to nearest eight */ } if (DES_rw_mode & DES_PCBC_MODE) DES_pcbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched, iv, DES_ENCRYPT); else DES_cbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched, iv, DES_ENCRYPT); /* output */ outnum = rnum + HDRSIZE; for (j = 0; j < outnum; j += i) { /* * eay 26/08/92 I was not doing writing from where we got up to. */ # ifndef _WIN32 i = write(fd, (void *)&(outbuf[j]), outnum - j); # else i = _write(fd, (void *)&(outbuf[j]), outnum - j); # endif if (i == -1) { # ifdef EINTR if (errno == EINTR) i = 0; else # endif /* * This is really a bad error - very bad It will stuff-up * both ends. */ return (-1); } } return (len); #endif /* OPENSSL_NO_POSIX_IO */ }
int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, DES_cblock *iv) { #if defined(OPENSSL_NO_POSIX_IO) return(0); #else /* data to be unencrypted */ int net_num=0; static unsigned char *net=NULL; /* extra unencrypted data * for when a block of 100 comes in but is des_read one byte at * a time. */ static unsigned char *unnet=NULL; static int unnet_start=0; static int unnet_left=0; static unsigned char *tmpbuf=NULL; int i; long num=0,rnum; unsigned char *p; if (tmpbuf == NULL) { tmpbuf=(unsigned char*)OPENSSL_malloc(BSIZE); if (tmpbuf == NULL) return(-1); } if (net == NULL) { net=(unsigned char*)OPENSSL_malloc(BSIZE); if (net == NULL) return(-1); } if (unnet == NULL) { unnet=(unsigned char*)OPENSSL_malloc(BSIZE); if (unnet == NULL) return(-1); } /* left over data from last decrypt */ if (unnet_left != 0) { if (unnet_left < len) { /* we still still need more data but will return * with the number of bytes we have - should always * check the return value */ TINYCLR_SSL_MEMCPY(buf,&(unnet[unnet_start]), unnet_left); /* eay 26/08/92 I had the next 2 lines * reversed :-( */ i=unnet_left; unnet_start=unnet_left=0; } else { TINYCLR_SSL_MEMCPY(buf,&(unnet[unnet_start]),len); unnet_start+=len; unnet_left-=len; i=len; } return(i); } /* We need to get more data. */ if (len > MAXWRITE) len=MAXWRITE; /* first - get the length */ while (net_num < HDRSIZE) { #ifndef OPENSSL_SYS_WIN32 i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); #else i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); #endif #ifdef EINTR if ((i == -1) && (errno == EINTR)) continue; #endif if (i <= 0) return(0); net_num+=i; } /* we now have at net_num bytes in net */ p=net; /* num=0; */ n2l(p,num); /* num should be rounded up to the next group of eight * we make sure that we have read a multiple of 8 bytes from the net. */ if ((num > MAXWRITE) || (num < 0)) /* error */ return(-1); rnum=(num < 8)?8:((num+7)/8*8); net_num=0; while (net_num < rnum) { #ifndef OPENSSL_SYS_WIN32 i=read(fd,(void *)&(net[net_num]),rnum-net_num); #else i=_read(fd,(void *)&(net[net_num]),rnum-net_num); #endif #ifdef EINTR if ((i == -1) && (errno == EINTR)) continue; #endif if (i <= 0) return(0); net_num+=i; } /* Check if there will be data left over. */ if (len < num) { if (DES_rw_mode & DES_PCBC_MODE) DES_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT); else DES_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT); TINYCLR_SSL_MEMCPY(buf,unnet,len); unnet_start=len; unnet_left=num-len; /* The following line is done because we return num * as the number of bytes read. */ num=len; } else { /* >output is a multiple of 8 byes, if len < rnum * >we must be careful. The user must be aware that this * >routine will write more bytes than he asked for. * >The length of the buffer must be correct. * FIXED - Should be ok now 18-9-90 - eay */ if (len < rnum) { if (DES_rw_mode & DES_PCBC_MODE) DES_pcbc_encrypt(net,tmpbuf,num,sched,iv, DES_DECRYPT); else DES_cbc_encrypt(net,tmpbuf,num,sched,iv, DES_DECRYPT); /* eay 26/08/92 fix a bug that returned more * bytes than you asked for (returned len bytes :-( */ TINYCLR_SSL_MEMCPY(buf,tmpbuf,num); } else { if (DES_rw_mode & DES_PCBC_MODE) DES_pcbc_encrypt(net,(unsigned char*)buf,num,sched,iv, DES_DECRYPT); else DES_cbc_encrypt(net,(unsigned char*)buf,num,sched,iv, DES_DECRYPT); } } return num; #endif /* OPENSSL_NO_POSIX_IO */ }
int openssl_test() { EVP_MD_CTX md_ctx; testVector a, b, c; byte hash[SHA_DIGEST_SIZE]; a.input = "1234567890123456789012345678901234567890123456789012345678" "9012345678901234567890"; a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" "\x7a"; a.inLen = strlen(a.input); a.outLen = strlen(a.output); EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_md5()); EVP_DigestUpdate(&md_ctx, a.input, a.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0) return -71; b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaa"; b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" "\x53\x99\x5E\x26\xA0"; b.inLen = strlen(b.input); b.outLen = strlen(b.output); EVP_MD_CTX_init(&md_ctx); EVP_DigestInit(&md_ctx, EVP_sha1()); EVP_DigestUpdate(&md_ctx, b.input, b.inLen); EVP_DigestFinal(&md_ctx, hash, 0); if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0) return -72; if (RAND_bytes(hash, sizeof(hash)) != 1) return -73; c.input = "what do ya want for nothing?"; c.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7" "\x38"; c.inLen = strlen(c.input); c.outLen = strlen(c.output); HMAC(EVP_md5(), "Jefe", 4, (byte*)c.input, (int)c.inLen, hash, 0); if (memcmp(hash, c.output, MD5_DIGEST_SIZE) != 0) return -74; { /* des test */ const byte vector[] = { /* "now is the time for all " w/o trailing 0 */ 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; byte plain[24]; byte cipher[24]; const_DES_cblock key = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef }; DES_cblock iv = { 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef }; DES_key_schedule sched; const byte verify[] = { 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8, 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73, 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b }; DES_key_sched(&key, &sched); DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT); DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT); if (memcmp(plain, vector, sizeof(vector)) != 0) return -75; if (memcmp(cipher, verify, sizeof(verify)) != 0) return -76; /* test changing iv */ DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT); DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT); if (memcmp(cipher, verify, sizeof(verify)) != 0) return -77; } /* end des test */ return 0; }
static OM_uint32 unwrap_des (OM_uint32 * minor_status, const gsskrb5_ctx context_handle, const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int * conf_state, gss_qop_t * qop_state, krb5_keyblock *key ) { u_char *p, *seq; size_t len; MD5_CTX md5; u_char hash[16]; DES_key_schedule schedule; DES_cblock deskey; DES_cblock zero; int i; uint32_t seq_number; size_t padlength; OM_uint32 ret; int cstate; int cmp; p = input_message_buffer->value; ret = _gsskrb5_verify_header (&p, input_message_buffer->length, "\x02\x01", GSS_KRB5_MECHANISM); if (ret) return ret; if (memcmp (p, "\x00\x00", 2) != 0) return GSS_S_BAD_SIG; p += 2; if (memcmp (p, "\x00\x00", 2) == 0) { cstate = 1; } else if (memcmp (p, "\xFF\xFF", 2) == 0) { cstate = 0; } else return GSS_S_BAD_MIC; p += 2; if(conf_state != NULL) *conf_state = cstate; if (memcmp (p, "\xff\xff", 2) != 0) return GSS_S_DEFECTIVE_TOKEN; p += 2; p += 16; len = p - (u_char *)input_message_buffer->value; if(cstate) { /* decrypt data */ memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); for (i = 0; i < sizeof(deskey); ++i) deskey[i] ^= 0xf0; DES_set_key (&deskey, &schedule); memset (&zero, 0, sizeof(zero)); DES_cbc_encrypt ((void *)p, (void *)p, input_message_buffer->length - len, &schedule, &zero, DES_DECRYPT); memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); } /* check pad */ ret = _gssapi_verify_pad(input_message_buffer, input_message_buffer->length - len, &padlength); if (ret) return ret; MD5_Init (&md5); MD5_Update (&md5, p - 24, 8); MD5_Update (&md5, p, input_message_buffer->length - len); MD5_Final (hash, &md5); memset (&zero, 0, sizeof(zero)); memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); DES_set_key (&deskey, &schedule); DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); if (memcmp (p - 8, hash, 8) != 0) return GSS_S_BAD_MIC; /* verify sequence number */ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); p -= 16; DES_set_key (&deskey, &schedule); DES_cbc_encrypt ((void *)p, (void *)p, 8, &schedule, (DES_cblock *)hash, DES_DECRYPT); memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); seq = p; _gsskrb5_decode_om_uint32(seq, &seq_number); if (context_handle->more_flags & LOCAL) cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); else cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); if (cmp != 0) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); return GSS_S_BAD_MIC; } ret = _gssapi_msg_order_check(context_handle->order, seq_number); if (ret) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); return ret; } HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); /* copy out data */ output_message_buffer->length = input_message_buffer->length - len - padlength - 8; output_message_buffer->value = malloc(output_message_buffer->length); if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) return GSS_S_FAILURE; memcpy (output_message_buffer->value, p + 24, output_message_buffer->length); return GSS_S_COMPLETE; }
void decrypt(const unsigned char *ct, unsigned char *pt, long length){ DES_cbc_encrypt(ct, pt, length, &schedule, &ivdata, 0); }
void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) { DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output, length, (DES_key_schedule *)schedule, ivec, enc); }
void des1_decrypt(struct keystate *ks, u_int8_t *d, u_int16_t len) { DES_cbc_encrypt((void *)d, (void *)d, len, &ks->ks_des[0], (void *)ks->riv, DES_DECRYPT); }
void encrypt(const unsigned char *pt, unsigned char *ct, DES_key_schedule* schedule, long length){ DES_cbc_encrypt(pt, ct, length, schedule, &ivdata, 1); }