void cmd_start_crypt_in(struct ctrl_command *cmd) { #ifdef HAVE_LIBCRYPTO if (in_state.crypt) send_error("can't start decryption - already started!"); if (!in_state.crypt_state.cipher) send_error("can't start decryption - no cipher set!"); if (!in_state.crypt_state.key) send_error("can't start decryption - no key set!"); in_state.crypt = 1; if (!EVP_DecryptInit(&in_state.crypt_state.ctx, in_state.crypt_state.cipher, NULL, NULL)) send_error("can't start decryption - DecryptInit (1) failed: %s!", ERR_error_string(ERR_get_error(), NULL)); /* * XXX - ugly hack to work around OpenSSL bug * if/when OpenSSL fix it, or give proper workaround * use that, and force minimum OpenSSL version * * Without this hack, BF/256 will fail. */ /* cast to avoid warning */ *(unsigned int *)( &in_state.crypt_state.ctx.cipher->flags) |= EVP_CIPH_VARIABLE_LENGTH; if (!EVP_CIPHER_CTX_set_key_length(&in_state.crypt_state.ctx, in_state.crypt_state.keylen)) send_error("can't start decryption - set_key_length failed: %s!", ERR_error_string(ERR_get_error(), NULL)); in_state.crypt_state.ivlen = EVP_CIPHER_CTX_iv_length(&in_state.crypt_state.ctx); if (in_state.crypt_state.ivlen) in_state.crypt_state.iv = calloc(in_state.crypt_state.ivlen, 1); if (in_state.crypt_state.rounds) { if (!EVP_CIPHER_CTX_ctrl(&in_state.crypt_state.ctx, EVP_CTRL_SET_RC5_ROUNDS, in_state.crypt_state.rounds, NULL)) send_error("can't start decryption - SET_RC5_ROUNDS failed: %s!", ERR_error_string(ERR_get_error(), NULL)); } if (!EVP_DecryptInit(&in_state.crypt_state.ctx, NULL, in_state.crypt_state.key, in_state.crypt_state.iv)) send_error("can't start decryption - DecryptInit (2) failed: %s!", ERR_error_string(ERR_get_error(), NULL)); #else send_error("can't start decryption - no OpenSSL support!"); #endif }
void cmd_start_crypt_in(struct ctrl_command *cmd) { #ifdef HAVE_LIBCRYPTO if (in_state.crypt) send_error("can't start decryption - already started!"); if (!in_state.crypt_state.cipher) send_error("can't start decryption - no cipher set!"); if (!in_state.crypt_state.key) send_error("can't start decryption - no key set!"); in_state.crypt = 1; if (!EVP_DecryptInit(&in_state.crypt_state.ctx, in_state.crypt_state.cipher, NULL, NULL)) send_error("can't start decryption - DecryptInit (1) failed: %s!", ERR_error_string(ERR_get_error(), NULL)); if (!EVP_CIPHER_CTX_set_key_length(&in_state.crypt_state.ctx, in_state.crypt_state.keylen)) send_error("can't start decryption - set_key_length failed: %s!", ERR_error_string(ERR_get_error(), NULL)); in_state.crypt_state.ivlen = EVP_CIPHER_CTX_iv_length(&in_state.crypt_state.ctx); if (in_state.crypt_state.ivlen) in_state.crypt_state.iv = calloc(in_state.crypt_state.ivlen, 1); if (in_state.crypt_state.rounds) { if (!EVP_CIPHER_CTX_ctrl(&in_state.crypt_state.ctx, EVP_CTRL_SET_RC5_ROUNDS, in_state.crypt_state.rounds, NULL)) send_error("can't start decryption - SET_RC5_ROUNDS failed: %s!", ERR_error_string(ERR_get_error(), NULL)); } if (!EVP_DecryptInit(&in_state.crypt_state.ctx, NULL, in_state.crypt_state.key, in_state.crypt_state.iv)) send_error("can't start decryption - DecryptInit (2) failed: %s!", ERR_error_string(ERR_get_error(), NULL)); #else send_error("can't start decryption - no OpenSSL support!"); #endif }
wi_cipher_t * wi_cipher_init_with_key(wi_cipher_t *cipher, wi_cipher_type_t type, wi_data_t *key, wi_data_t *iv) { unsigned char *key_buffer, *iv_buffer; cipher->type = type; cipher->cipher = _wi_cipher_cipher(cipher); key_buffer = (unsigned char *) wi_data_bytes(key); iv_buffer = iv ? (unsigned char *) wi_data_bytes(iv) : NULL; if(EVP_EncryptInit(&cipher->encrypt_ctx, cipher->cipher, NULL, NULL) != 1) { wi_error_set_openssl_error(); wi_release(cipher); return NULL; } if(EVP_DecryptInit(&cipher->decrypt_ctx, cipher->cipher, NULL, NULL) != 1) { wi_error_set_openssl_error(); wi_release(cipher); return NULL; } _wi_cipher_configure_cipher(cipher); if(EVP_EncryptInit(&cipher->encrypt_ctx, cipher->cipher, key_buffer, iv_buffer) != 1) { wi_error_set_openssl_error(); wi_release(cipher); return NULL; } if(EVP_DecryptInit(&cipher->decrypt_ctx, cipher->cipher, key_buffer, iv_buffer) != 1) { wi_error_set_openssl_error(); wi_release(cipher); return NULL; } cipher->key = wi_retain(key); cipher->iv = wi_retain(iv); return cipher; }
ndn_Error ndn_AesAlgorithm_decrypt128Cbc (const uint8_t *key, size_t keyLength, const uint8_t *initialVector, size_t initialVectorLength, const uint8_t *encryptedData, size_t encryptedDataLength, uint8_t *plainData, size_t *plainDataLength) { EVP_CIPHER_CTX ctx; int outLength1, outLength2; if (keyLength != ndn_AES_128_BLOCK_SIZE) return NDN_ERROR_Incorrect_key_size; if (initialVectorLength != ndn_AES_128_BLOCK_SIZE) return NDN_ERROR_Incorrect_initial_vector_size; EVP_DecryptInit (&ctx, EVP_aes_128_cbc(), (const unsigned char*)key, (const unsigned char*)initialVector); EVP_DecryptUpdate (&ctx, (unsigned char*)plainData, &outLength1, (const unsigned char*)encryptedData, encryptedDataLength); EVP_DecryptFinal (&ctx, (unsigned char*)plainData + outLength1, &outLength2); EVP_CIPHER_CTX_cleanup(&ctx); *plainDataLength = outLength1 + outLength2; return NDN_ERROR_success; }
std::string decrypt_aes256(const std::string& cipher,const std::string& key,const std::string& iv) { std::string plain; plain.resize((cipher.size()/AES_BLOCK_SIZE+1)*AES_BLOCK_SIZE); EVP_CIPHER_CTX* ctx=nullptr; try { std::string error_str="Decryption failed."; ctx=EVP_CIPHER_CTX_new(); if(key.size()!=AES256_KEY_SIZE) throw std::runtime_error(error_str); int temp_length; int temp_unaligned_length; if(ctx==nullptr) throw std::runtime_error(error_str); if(EVP_CIPHER_CTX_set_padding(ctx,1)==0) throw std::runtime_error(error_str); if(EVP_DecryptInit(ctx,EVP_aes_256_cbc(),(uint8_t*)key.data(),(uint8_t*)iv.data())==0) throw std::runtime_error(error_str); if(EVP_DecryptUpdate(ctx,(uint8_t*)plain.data(),&temp_length,(uint8_t*)cipher.data(),cipher.size())==0) throw std::runtime_error(error_str); if(EVP_DecryptFinal(ctx,(uint8_t*)plain.data()+temp_length,&temp_unaligned_length)==0) throw std::runtime_error(error_str); plain.resize(temp_length+temp_unaligned_length); } catch(...) { aes_cleanup(ctx); throw; } aes_cleanup(ctx); return plain; }
DBT *decrypt(DBT * data) { DBT *decrypted; unsigned char *safepasswd; int olen, tlen; FUNC; decrypted = s_malloc(sizeof(DBT)); decrypted->data = s_malloc(data->size); safepasswd = safepassword(); EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); EVP_DecryptInit(&ctx, EVP_bf_cbc(), safepasswd, config->iv); if (EVP_DecryptUpdate (&ctx, decrypted->data, &olen, data->data, data->size) != 1) { die_cryptoerr("Unexpected fatal error while decrypting.\n"); } if (EVP_DecryptFinal(&ctx, decrypted->data + olen, &tlen) != 1) { die_cryptoerr("Unexpected fatal error in decrypt final.\n"); } olen += tlen; EVP_CIPHER_CTX_cleanup(&ctx); decrypted->size = olen; free(safepasswd); EFUNC; return decrypted; }
int Init_GCM(JNIEnv* env, jobject obj, jbyteArray key, jbyteArray iv, jint mode) { jbyte* keyBytes = (*env)->GetByteArrayElements(env, key, NULL); if (!keyBytes) { return CRYPTO_FAILURE; } jbyte* ivBytes = (*env)->GetByteArrayElements(env, iv, NULL); if (!ivBytes) { (*env)->ReleaseByteArrayElements(env, key, keyBytes, JNI_ABORT); return CRYPTO_FAILURE; } GCM_JNI_CTX* ctx = Create_GCM_JNI_CTX(keyBytes, ivBytes); Set_GCM_JNI_CTX(env, obj, ctx); (*env)->ReleaseByteArrayElements(env, key, keyBytes, JNI_ABORT); (*env)->ReleaseByteArrayElements(env, iv, ivBytes, JNI_ABORT); if (mode == GCM_ENCRYPT_MODE) { if (!EVP_EncryptInit(ctx->cipherCtx, EVP_aes_128_gcm(), ctx->key, ctx->iv)) { return CRYPTO_FAILURE; } } else if (mode == GCM_DECRYPT_MODE) { if (!EVP_DecryptInit(ctx->cipherCtx, EVP_aes_128_gcm(), ctx->key, ctx->iv)) { return CRYPTO_FAILURE; } } else { return CRYPTO_FAILURE; } return CRYPTO_SUCCESS; }
const char* decrypt(unsigned char* inbuff, int inbuff_len, unsigned char* key, unsigned char* iv) { EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); EVP_DecryptInit(&ctx, EVP_bf_cbc(), key, iv); unsigned char* outbuf = (unsigned char *)malloc(sizeof(unsigned char) * BUF_SIZE); memset(outbuf, 0, BUF_SIZE); int olen=0, tlen=0; if (EVP_DecryptUpdate(&ctx, outbuf, &olen, inbuff, inbuff_len) != 1) { LOGE("Error in decrypt update"); return 0; } if (EVP_DecryptFinal(&ctx, outbuf + olen, &tlen) != 1) { LOGE("Error in decrypt final"); return 0; } EVP_CIPHER_CTX_cleanup(&ctx); outbuf[olen+tlen-1] = '\0'; return (const char*) outbuf; }
static int ldecrypt (lua_State *L) { size_t len = 0; const char *text = lua_tolstring (L, 1, &len); const char *key = lua_tostring (L, 2); EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); unsigned char iv[16] = { 0 }; char *output = malloc (len); int olen1; int olen2; EVP_DecryptInit (ctx, EVP_aes_128_cbc(), (unsigned char *)key, iv); EVP_DecryptUpdate (ctx, (unsigned char *)output, &olen1, (const unsigned char *)text, len); int ok = EVP_DecryptFinal (ctx, (unsigned char *)(output + olen1), &olen2); if (!ok) { free (output); EVP_CIPHER_CTX_free (ctx); return 0; } lua_pushlstring (L, output, olen1 + olen2); free (output); EVP_CIPHER_CTX_free (ctx); return 1; }
enum snmp_code snmp_pdu_decrypt(const struct snmp_pdu *pdu) { int32_t err, olen; uint8_t iv[SNMP_PRIV_AES_IV_SIZ]; const EVP_CIPHER *ctype; EVP_CIPHER_CTX ctx; err = snmp_pdu_cipher_init(pdu, pdu->scoped_len, &ctype, iv); if (err < 0) return (SNMP_CODE_EDECRYPT); else if (err == 0) return (SNMP_CODE_OK); if (EVP_DecryptInit(&ctx, ctype, pdu->user.priv_key, iv) != 1 || EVP_CIPHER_CTX_set_padding(&ctx, 0) != 1) return (SNMP_CODE_EDECRYPT); if (EVP_DecryptUpdate(&ctx, pdu->scoped_ptr, &olen, pdu->scoped_ptr, pdu->scoped_len) != 1 || EVP_DecryptFinal(&ctx, pdu->scoped_ptr + olen, &olen) != 1) { EVP_CIPHER_CTX_cleanup(&ctx); return (SNMP_CODE_EDECRYPT); } EVP_CIPHER_CTX_cleanup(&ctx); return (SNMP_CODE_OK); }
bool AesCbcCipher::decrypt(const Vuc& in, Vuc& out) { // according to the openssl docs: // the amount of data written may be as large as (in.size() + cipher_block_size - 1) size_t outSize = in.size() + AES_BLOCK_SIZE - 1; // the output buffer must also be a multiple of blocksize if ((outSize % AES_BLOCK_SIZE) != 0) outSize = ((outSize / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE; out.resize(outSize, 0); // init the cipher; must keep track of the number of bytes produced ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free> ctx(EVP_CIPHER_CTX_new()); EVP_DecryptInit(ctx.get(), getCipher(), &key_[0], &iv_[0]); // do the decrypt int nBytes = 0; EVP_DecryptUpdate(ctx.get(), &out[0], &nBytes, &in[0], in.size()); int nTotalBytes = nBytes; if (!EVP_DecryptFinal(ctx.get(), &out[nBytes], &nBytes)) return false; // padding incorrect nTotalBytes += nBytes; // the actual output size is in nTotalBytes assert(nTotalBytes); Vuc(out.begin(), out.begin()+nTotalBytes).swap(out); // shrink to fit return true; }
int data_decrypt(unsigned char *src, unsigned char *dst, int len, struct peer *p) { int tlen, olen; if (encryption_disabled){ memcpy(dst,src,len); return len; } if (!ctx_initialized) { EVP_CIPHER_CTX_init (&ctx); ctx_initialized = 1; } EVP_DecryptInit (&ctx, EVP_bf_cbc (), p->key, p->iv); if (EVP_DecryptUpdate (&ctx, dst, &olen, src, len) != 1) { fprintf (stderr,"error in decrypt update\n"); olen = -1; goto cleanup; } if (EVP_DecryptFinal (&ctx, dst + olen, &tlen) != 1) { fprintf (stderr,"error in decrypt final\n"); olen = -1; goto cleanup; } olen += tlen; cleanup: EVP_CIPHER_CTX_cleanup(&ctx); return olen; }
/** Decrypt. * Do the decryption. * @return size of the plain text message. */ size_t WorldInfoMessageDecryptor::decrypt() { if ( (plain_buffer == NULL) || (plain_buffer_length == 0) || (crypt_buffer == NULL) || (crypt_buffer_length == 0) ) { throw MissingParameterException("Buffer(s) not set for decryption"); } #ifdef HAVE_LIBCRYPTO EVP_CIPHER_CTX ctx; if ( ! EVP_DecryptInit(&ctx, EVP_aes_128_ecb(), key, iv) ) { throw MessageDecryptionException("Could not initialize cipher context"); } int outl = plain_buffer_length; if ( ! EVP_DecryptUpdate(&ctx, (unsigned char *)plain_buffer, &outl, (unsigned char *)crypt_buffer, crypt_buffer_length) ) { throw MessageDecryptionException("DecryptUpdate failed"); } int plen = 0; if ( ! EVP_DecryptFinal(&ctx, (unsigned char *)plain_buffer + outl, &plen) ) { throw MessageDecryptionException("DecryptFinal failed"); } outl += plen; return outl; #else // Plain-text copy-through for debugging. memcpy(plain_buffer, crypt_buffer, crypt_buffer_length); return crypt_buffer_length; #endif }
ndn_Error ndn_AesAlgorithm_decrypt128Ecb (const uint8_t *key, size_t keyLength, const uint8_t *encryptedData, size_t encryptedDataLength, uint8_t *plainData, size_t *plainDataLength) { EVP_CIPHER_CTX *ctx; int outLength1, outLength2; if (keyLength != ndn_AES_128_BLOCK_SIZE) return NDN_ERROR_Incorrect_key_size; ctx = EVP_CIPHER_CTX_new(); if (!ctx) return NDN_ERROR_Error_in_decrypt_operation; EVP_DecryptInit(ctx, EVP_aes_128_ecb(), (const unsigned char*)key, 0); EVP_DecryptUpdate (ctx, (unsigned char*)plainData, &outLength1, (const unsigned char*)encryptedData, encryptedDataLength); EVP_DecryptFinal (ctx, (unsigned char*)plainData + outLength1, &outLength2); EVP_CIPHER_CTX_free(ctx); *plainDataLength = outLength1 + outLength2; return NDN_ERROR_success; }
/** * @brief Performs basic Encrypt-then-MAC style Authenticated Encryption. * * @param[in] ekey a buffer holding the ENC key * @param[in] ekey_len len of ekey buffer * @param[in] mkey a buffer holding the MAC key * @param[in] mkey_len len of mkey buffer * @param[in] ctxt a buffer holding the ciphertext * @param[in] ctxt_len length of ciphertext * @param[in] mac a buffer holding the MAC * @param[in] mac_len length of MAC * @param[in] iv an iv (optional) * @param[in] iv_len length of iv (optional) * @param[out] output an allocated buffer, will hold the plaintext * @param[in,out] output_len length of buffer, will hold length of plaintext * @return 0 on success, non-zero on error **/ int verify_then_decrypt(const unsigned char *ekey, size_t ekey_len, const unsigned char *mkey, size_t mkey_len, const unsigned char *ctxt, size_t ctxt_len, const unsigned char *mac, size_t mac_len, const unsigned char *iv, size_t iv_len, unsigned char *output, size_t *output_len) { EVP_CIPHER_CTX *ctx; ctx = EVP_CIPHER_CTX_new(); EVP_CIPHER *cipher = NULL; unsigned char auth[EVP_MAX_MD_SIZE]; size_t auth_len = EVP_MAX_MD_SIZE; int len; if (!ekey || !ekey_len || !mkey || !mkey_len || !ctxt || !ctxt_len || !mac || !mac_len || !output || !output_len) return -1; OpenSSL_add_all_algorithms(); memset(auth, 0, auth_len); // Verify the HMAC-SHA1 if (!HMAC(EVP_sha1(), mkey, mkey_len, ctxt, ctxt_len, auth, (unsigned int *) &auth_len)) goto cleanup; if (auth_len != mac_len) goto cleanup; if (memcmp(mac, auth, mac_len) != 0) goto cleanup; EVP_CIPHER_CTX_init(ctx); switch(ekey_len){ case 16: cipher = (EVP_CIPHER *)EVP_aes_128_cbc(); break; case 24: cipher = (EVP_CIPHER *)EVP_aes_192_cbc(); break; case 32: cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); break; default: return -1; } if (*output_len < ctxt_len) goto cleanup; *output_len = 0; if (!EVP_DecryptInit(ctx, cipher, ekey, iv)) goto cleanup; if (!EVP_DecryptUpdate(ctx, output, (int *) output_len, ctxt, ctxt_len)) goto cleanup; EVP_DecryptFinal(ctx, output + *output_len, &len); *output_len += len; EVP_CIPHER_CTX_cleanup(ctx); return 0; cleanup: *output_len = 0; return 1; }
int openssl_decrypt(struct emvpn_socket *v, uint8_t *to, uint8_t *from, int len) { int clen, flen = 0; EVP_CIPHER_CTX_init(&dec); EVP_DecryptInit(&dec, EVP_aes_256_cbc(), v->key.key, v->key.iv); EVP_DecryptUpdate(&dec, to, &clen, from, len); EVP_DecryptFinal_ex(&dec, to + clen, &flen); return clen + (flen % 16) ; }
EVP_CIPHER_CTX* CreateCTX(GByte* pabyKey, GByte* pabyIV, bool bDecrypt) { EVP_CIPHER_CTX* pstCTX = new EVP_CIPHER_CTX; const EVP_CIPHER * cipher = NULL; EVP_CIPHER_CTX_init(pstCTX); wxGISAppConfig oConfig = GetConfig(); if(oConfig.IsOk()) { wxString sMode = oConfig.Read(enumGISHKCU, wxString(wxT("wxGISCommon/crypt/mode")), wxString(ERR)); #ifndef OPENSSL_NO_AES if(sMode.IsSameAs(wxString(wxT("AES")), false)) cipher = EVP_aes_256_cfb(); #endif #ifndef OPENSSL_NO_IDEA if(sMode.IsSameAs(wxString(wxT("IDEA")), false)) cipher = EVP_idea_cbc(); #endif #ifndef OPENSSL_NO_RC2 if(sMode.IsSameAs(wxString(wxT("RC2")), false)) cipher = EVP_rc2_cbc(); #endif #ifndef OPENSSL_NO_BF if(sMode.IsSameAs(wxString(wxT("BF")), false)) cipher = EVP_bf_cbc(); #endif #ifndef OPENSSL_NO_CAST if(sMode.IsSameAs(wxString(wxT("CAST5")), false)) cipher = EVP_cast5_cbc(); #endif #ifndef OPENSSL_NO_DES if(NULL == cipher || sMode.IsSameAs(wxString(ERR)) || sMode.IsSameAs(wxString(wxT("DES")), false)) cipher = EVP_des_cfb(); #endif } else #ifndef OPENSSL_NO_DES cipher = EVP_des_cfb(); #else return NULL; #endif if(NULL == cipher) return NULL; bool bResult; if(bDecrypt) bResult = EVP_EncryptInit(pstCTX, cipher, pabyKey, pabyIV); else bResult = EVP_DecryptInit(pstCTX, cipher, pabyKey, pabyIV); if(!bResult) return NULL; return pstCTX; }
/* * This function decrypts a string after it has been received on a socket. * It performs previous checking on the format and may discard the * message and return an error if the format mismatch. We can avoid a * decryption if the format mismatches. * * @return It returns the plaintext length or -1 if a generic error occured, * -2 if the format is not the one expected and 0 in case of disconnection. * It leaves the decrypted message in **plain ( which is allocated). */ int decrypt_msg(int sk, char format, unsigned char** plain, unsigned char* shared_secret) { EVP_CIPHER_CTX* ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned int iv_len = EVP_MAX_IV_LENGTH; unsigned char* msg = NULL;//msg has to set free in this function unsigned int msg_len; char recv_format; int outlen, outtot = 0, ret; *plain = NULL; ctx = (EVP_CIPHER_CTX*)calloc(1, sizeof(EVP_CIPHER_CTX)); EVP_CIPHER_CTX_init(ctx); if ((msg_len = recv_msg(sk, &msg, &recv_format)) <= 0) { ret = msg_len; goto fail; } if (recv_format != format) { ret = -2; goto fail; } *plain = (unsigned char*)calloc(1, msg_len - iv_len); memcpy(iv, msg, iv_len); if (EVP_DecryptInit(ctx, EVP_aes_256_cbc(), shared_secret, iv) == 0) { ret = -1; goto fail; } if (EVP_DecryptUpdate(ctx, *plain, &outlen, msg + iv_len, msg_len - iv_len) == 0) { ret = -1; goto fail; } outtot = outlen; if (EVP_DecryptFinal(ctx, *plain + outtot, &outlen) == 0) { ret = -1; goto fail; } outtot += outlen; EVP_CIPHER_CTX_cleanup(ctx); free(ctx); free(msg); return outtot; fail: EVP_CIPHER_CTX_cleanup(ctx); free(ctx); if (*plain != NULL) { free(*plain); } if (msg != NULL) { free(msg); } return ret; }
int Crypto::initDec(unsigned char key[16], unsigned char iv[8]) { memcpy(m_pcKey, key, 16); memcpy(m_pcIV, iv, 8); EVP_CIPHER_CTX_init(&m_CTX); EVP_DecryptInit(&m_CTX, EVP_bf_cbc(), m_pcKey, m_pcIV); m_iCoderType = -1; return 0; }
int main(void) { unsigned char ot[1024]; // open text unsigned char st[1024]; // sifrovany text unsigned char key[EVP_MAX_KEY_LENGTH] = "Super tajny klic"; // klic pro sifrovani unsigned char iv[EVP_MAX_IV_LENGTH] = "vector unknown"; // inicializacni vektor const char * filename = "Mad_scientist_cbc.bmp"; const char * outfilename = "Mad_scientist_cbc_dec.bmp"; int otLength = 0; int stLength = 0; int tmpLength = 0; int readlen = 0; char header[14]; unsigned int offset = 0; EVP_CIPHER_CTX ctx; // struktura pro kontext FILE * fin = fopen(filename,"rb"); FILE * fout = fopen(outfilename,"w+b"); if(!fin){ printf("File not found"); } fread(header,1,14,fin); fwrite(header,1,14,fout); offset = (unsigned int)*(&header[10]); offset -= 14; while(offset > 1024){ fread(ot,1,1024,fin); fwrite(ot,1,1024,fout); offset -= 1024; } fread(ot,1,offset,fin); fwrite(ot,1,offset,fout); EVP_DecryptInit(&ctx, EVP_des_cbc(), key, iv); // nastaveni kontextu pro sifrovani do{ readlen = fread(ot,1,1024,fin); EVP_DecryptUpdate(&ctx, st, &stLength, ot, readlen); // sifrovani ot fwrite(st,1,stLength,fout); }while(readlen == 1024); EVP_DecryptFinal(&ctx, &st[stLength], &tmpLength); // ziskani sifrovaneho textu z kontextu fwrite(&st[stLength],1,tmpLength,fout); stLength += tmpLength; fclose(fin); fclose(fout); exit(0); }
int symmetric_decrypt(char* ciphertext, char* plaintext,char* key,int enctextsize) { int nc; /* amount of bytes [de]crypted at each step */ int nctot; /* total amount of encrypted bytes */ int pt_len; /* plain text size */ int ct_len; /* encrypted text size */ int ct_ptr; /* first available entry in the buffer */ int msg_len; /* message length */ int k_size; /* Context allocation */ EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)malloc(sizeof(EVP_CIPHER_CTX)); /* Context initialization */ EVP_CIPHER_CTX_init(ctx); /* Context setup for encryption */ EVP_DecryptInit(ctx, EVP_des_ecb(), NULL, NULL); /* Decryption key setup */ EVP_DecryptInit(ctx, NULL, key, NULL); /* Encryption */ nc = 0; nctot = 0; ct_ptr = 0; EVP_DecryptUpdate(ctx, &plaintext[ct_ptr], &nc, ciphertext, enctextsize); ct_ptr += nc; nctot += nc; EVP_DecryptFinal(ctx, &plaintext[ct_ptr], &nc); nctot += nc; return nctot; }
int decrypt_and_verify_secrets(CPOR_key *key, unsigned char *input, size_t input_len, unsigned char *plaintext, size_t *plaintext_len, unsigned char *authenticator, size_t authenticator_len) { EVP_CIPHER_CTX ctx; EVP_CIPHER *cipher = NULL; unsigned char mac[EVP_MAX_MD_SIZE]; size_t mac_size = EVP_MAX_MD_SIZE; int len; if(!key || !key->k_enc || !key->k_mac || !input || !input_len || !plaintext || !plaintext_len || !authenticator || !authenticator_len) return 0; OpenSSL_add_all_algorithms(); memset(mac, 0, mac_size); /* Verify the HMAC-SHA1 */ if(!HMAC(EVP_sha1(), key->k_mac, key->k_mac_size, input, input_len, mac, (unsigned int *)&mac_size)) goto cleanup; if(authenticator_len != mac_size) goto cleanup; if(memcmp(mac, authenticator, mac_size) != 0) goto cleanup; EVP_CIPHER_CTX_init(&ctx); switch(key->k_enc_size) { case 16: cipher = (EVP_CIPHER *)EVP_aes_128_cbc(); break; case 24: cipher = (EVP_CIPHER *)EVP_aes_192_cbc(); break; case 32: cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); break; default: return 0; } if(!EVP_DecryptInit(&ctx, cipher, key->k_enc, NULL)) goto cleanup; *plaintext_len = 0; if(!EVP_DecryptUpdate(&ctx, plaintext, (int *)plaintext_len, input, input_len)) goto cleanup; EVP_DecryptFinal(&ctx, plaintext + *plaintext_len, &len); *plaintext_len += len; EVP_CIPHER_CTX_cleanup(&ctx); return 1; cleanup: *plaintext_len = 0; return 0; }
void pki_evp::veryOldFromData(unsigned char *p, int size ) { unsigned char *sik, *pdec, *pdec1, *sik1; int outl, decsize; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char ckey[EVP_MAX_KEY_LENGTH]; memset(iv, 0, EVP_MAX_IV_LENGTH); RSA *rsakey; EVP_CIPHER_CTX ctx; const EVP_CIPHER *cipher = EVP_des_ede3_cbc(); sik = (unsigned char *)OPENSSL_malloc(size); check_oom(sik); pki_openssl_error(); pdec = (unsigned char *)OPENSSL_malloc(size); if (pdec == NULL ) { OPENSSL_free(sik); check_oom(pdec); } pdec1=pdec; sik1=sik; memcpy(iv, p, 8); /* recover the iv */ /* generate the key */ EVP_BytesToKey(cipher, EVP_sha1(), iv, (unsigned char *)oldpasswd, strlen(oldpasswd), 1, ckey,NULL); /* we use sha1 as message digest, * because an md5 version of the password is * stored in the database... */ EVP_CIPHER_CTX_init (&ctx); EVP_DecryptInit( &ctx, cipher, ckey, iv); EVP_DecryptUpdate( &ctx, pdec , &outl, p + 8, size -8 ); decsize = outl; EVP_DecryptFinal( &ctx, pdec + decsize , &outl ); decsize += outl; pki_openssl_error(); memcpy(sik, pdec, decsize); if (key->type == EVP_PKEY_RSA) { rsakey=d2i_RSAPrivateKey(NULL,(const unsigned char **)&pdec, decsize); if (pki_ign_openssl_error()) { rsakey = d2i_RSA_PUBKEY(NULL, (const unsigned char **)&sik, decsize); } pki_openssl_error(); if (rsakey) EVP_PKEY_assign_RSA(key, rsakey); } OPENSSL_free(sik1); OPENSSL_free(pdec1); EVP_CIPHER_CTX_cleanup(&ctx); pki_openssl_error(); encryptKey(); }
/* * Function: aesIsFast * Purpose: Test if AES performance is sufficient to require encryption * Parameters: none * Returns: boolean: (true) if AES performance is acceptable, (false) otherwise * Exceptions: InvalidKeyException if EVP_DecryptInit fails, OutOfMemoryError * if memory allocation fails. */ static jboolean android_security_cts_EncryptionTest_aesIsFast(JNIEnv *env, jobject) { EVP_CIPHER_CTX ctx; uint8_t *buf; uint8_t key[EVP_CIPHER_key_length(TEST_EVP_CIPHER)]; uint8_t iv[EVP_CIPHER_iv_length(TEST_EVP_CIPHER)]; memset(key, 0x42, sizeof(key)); memset(iv, 0x11, sizeof(iv)); EVP_CIPHER_CTX_init(&ctx); if (!EVP_DecryptInit(&ctx, TEST_EVP_CIPHER, key, iv)) { jniThrowException(env, "java/security/InvalidKeyException", "EVP_DecryptInit failed"); return false; } buf = new (std::nothrow) uint8_t[TEST_BUFSIZE + EVP_CIPHER_block_size(TEST_EVP_CIPHER)]; if (!buf) { jniThrowException(env, "java/lang/OutOfMemoryError", "Failed to allocate test buffer"); return false; } memset(buf, 0xF0, TEST_BUFSIZE); int len; uint64_t t = ns(); for (int i = 0; i < TEST_ITERATIONS; ++i) { EVP_DecryptUpdate(&ctx, buf, &len, buf, TEST_BUFSIZE); } t = ns() - t; delete[] buf; unsigned long ms = (unsigned long)(t / 1000000); double speed = (double)(TEST_ITERATIONS * TEST_BUFSIZE / (1024 * 1024)) * 1000.0 / ms; ALOGE("EncryptionTest::aesIsFast: %u iterations in %lu ms (%.01lf MiB/s) " "(threshold %u ms)", TEST_ITERATIONS, ms, speed, TEST_THRESHOLD); return ms < TEST_THRESHOLD; }
char* decryptToArray(FILE *ifp,char ckey[], char ivec[]) { fseek(ifp, 0L, SEEK_END); int fsize = ftell(ifp); fseek(ifp, 0L, SEEK_SET); int outLen1 = 0; int outLen2 = 0; unsigned char *indata = malloc(fsize); unsigned char *outdata = malloc(fsize); fread(indata,sizeof(char),fsize, ifp);//Read Entire File EVP_CIPHER_CTX ctx; EVP_DecryptInit(&ctx,EVP_aes_128_cbc(),ckey,ivec); EVP_DecryptUpdate(&ctx,outdata,&outLen1,indata,fsize); EVP_DecryptFinal(&ctx,outdata + outLen1,&outLen2); return(outdata); }
QByteArray JulyAES256::decrypt(const QByteArray &data, const QByteArray &password) { int outLen=0; QByteArray dataBuff;dataBuff.resize(data.size()+AES_BLOCK_SIZE); EVP_CIPHER_CTX evpCipherCtx; EVP_CIPHER_CTX_init(&evpCipherCtx); EVP_DecryptInit(&evpCipherCtx,EVP_aes_256_cbc(),(const unsigned char*)sha256(password).data(),(const unsigned char*)sha256("JulyAES"+password).data()); EVP_DecryptUpdate(&evpCipherCtx,(unsigned char*)dataBuff.data(),&outLen,(const unsigned char*)data.data(),data.size()); int tempLen=outLen; EVP_DecryptFinal(&evpCipherCtx,(unsigned char*)dataBuff.data()+tempLen,&outLen); tempLen+=outLen; EVP_CIPHER_CTX_cleanup(&evpCipherCtx); dataBuff.resize(tempLen); return dataBuff; }
void * CGI_decrypt(const char *p, int *len, const char *password) { EVP_CIPHER_CTX ctx; unsigned char md[DIGEST_SIZE]; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char *ret, *out; int offset, rlen = 0; if (p == 0 || *p == 0 || password == 0 || *password == 0) { return 0; } ret = CGI_decode_base64(p, &rlen); if (rlen <= DIGEST_SIZE + SALT_SIZE) { free(ret); return 0; } out = malloc(rlen + EVP_MAX_BLOCK_LENGTH); EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), ret, (unsigned char *) password, strlen(password), 1, key, iv); EVP_DecryptInit(&ctx, EVP_aes_256_cbc(), key, iv); EVP_DecryptUpdate(&ctx, out, &offset, ret + SALT_SIZE, rlen - SALT_SIZE); EVP_DecryptFinal(&ctx, out + offset, &rlen); rlen += offset - DIGEST_SIZE; /* * The salt is in ret, the decrypted digest and decrypted * data are in out, and the data length is rlen. */ if (rlen > 0) { digest(out + DIGEST_SIZE, rlen, password, ret, md); } if (rlen > 0 && memcmp(out, md, DIGEST_SIZE) == 0) { memcpy(ret, out + DIGEST_SIZE, rlen); ret[rlen] = 0; if (len != 0) { *len = rlen; } } else { free(ret); ret = 0; } free(out); return ret; }
bool RarVolume::DecryptInit(int keyLength) { #ifdef HAVE_OPENSSL if (!(m_context = EVP_CIPHER_CTX_new())) return false; if (!EVP_DecryptInit((EVP_CIPHER_CTX*)m_context, keyLength == 128 ? EVP_aes_128_cbc() : EVP_aes_256_cbc(), m_decryptKey, m_decryptIV)) return false; return true; #elif defined(HAVE_NETTLE) m_context = new aes_ctx; aes_set_decrypt_key((aes_ctx*)m_context, keyLength == 128 ? 16 : 32, m_decryptKey); return true; #else return false; #endif }
int aes_decrypt(EVP_CIPHER_CTX* context, const unsigned char *key, const unsigned char *iv, unsigned char *enc_msg, size_t enc_msg_len, char **dec_msg) { size_t block_len = 0; size_t dec_msg_len = 0; *dec_msg = (char*)malloc(enc_msg_len); EVP_DecryptInit(context, EVP_aes_256_cbc(), key, iv); EVP_DecryptUpdate(context, (unsigned char*)*dec_msg, (int*)&block_len, enc_msg, (int)enc_msg_len); dec_msg_len += block_len; EVP_DecryptFinal_ex(context, (unsigned char*)*dec_msg + dec_msg_len, (int*)&block_len); dec_msg_len += block_len; (*dec_msg)[dec_msg_len] = '\0'; return enc_msg_len; }
string Sym_Encryption::generic_decrypt(unsigned char* k, unsigned char* cipher, int msg_ll, string iv) { unsigned char* plaintext; int nc; string str; plaintext = (unsigned char*)malloc(msg_ll); bzero(plaintext, msg_ll); EVP_DecryptInit(this->ctx, EVP_aes_128_cbc(), k, (unsigned char*)iv.data()); EVP_DecryptUpdate(this->ctx, plaintext, &nc, cipher, msg_ll); EVP_DecryptFinal(this->ctx, plaintext, &nc); str.assign((const char *)plaintext, msg_ll); free (plaintext); return str; }