QByteArray UBAbstractPublisher::encrypt(const QString& clear)
{
static const char *key = "9ecHaspud9uD9ste5erAchehefrup3ec";
EVP_CIPHER_CTX aesEncryptContext;
EVP_CIPHER_CTX_init(&aesEncryptContext);
EVP_EncryptInit_ex(&aesEncryptContext, EVP_aes_256_ecb(), NULL, (const unsigned char*)key, NULL);
QByteArray clearData = clear.toUtf8();
int cipheredLength = clearData.length() + AES_BLOCK_SIZE;
int paddingLength = 0;
unsigned char *cipherText = (unsigned char *)malloc(cipheredLength);
if(!EVP_EncryptInit_ex(&aesEncryptContext, NULL, NULL, NULL, NULL))
return QByteArray();
if(!EVP_EncryptUpdate(&aesEncryptContext, cipherText, &cipheredLength, (unsigned char *)clearData.data(), clearData.length()))
return QByteArray();
/* update ciphertext with the final remaining bytes */
if(!EVP_EncryptFinal_ex(&aesEncryptContext, cipherText + cipheredLength, &paddingLength))
return QByteArray();
QByteArray cipheredData((const char *)cipherText, cipheredLength + paddingLength);
free(cipherText);
EVP_CIPHER_CTX_cleanup(&aesEncryptContext);
return cipheredData;
}
/** Set the key of <b>cipher</b> to <b>key</b>, which is
* <b>key_bits</b> bits long (must be 128, 192, or 256). Also resets
* the counter to 0.
*/
static void
aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits)
{
if (should_use_EVP) {
const EVP_CIPHER *c = 0;
switch (key_bits) {
case 128: c = EVP_aes_128_ecb(); break;
case 192: c = EVP_aes_192_ecb(); break;
case 256: c = EVP_aes_256_ecb(); break;
default: tor_assert(0);
}
EVP_EncryptInit(&cipher->key.evp, c, (const unsigned char*)key, NULL);
cipher->using_evp = 1;
} else {
AES_set_encrypt_key((const unsigned char *)key, key_bits,&cipher->key.aes);
cipher->using_evp = 0;
}
#ifdef USING_COUNTER_VARS
cipher->counter0 = 0;
cipher->counter1 = 0;
cipher->counter2 = 0;
cipher->counter3 = 0;
#endif
memset(cipher->ctr_buf.buf, 0, sizeof(cipher->ctr_buf.buf));
cipher->pos = 0;
memset(cipher->buf, 0, sizeof(cipher->buf));
}
static int
aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len)
{
if ((ctx->ctx = EVP_CIPHER_CTX_new()) == NULL)
return -1;
switch (key_len) {
case 16: ctx->type = EVP_aes_128_ecb(); break;
case 24: ctx->type = EVP_aes_192_ecb(); break;
case 32: ctx->type = EVP_aes_256_ecb(); break;
default: ctx->type = NULL; return -1;
}
ctx->key_len = key_len;
memcpy(ctx->key, key, key_len);
memset(ctx->nonce, 0, sizeof(ctx->nonce));
ctx->encr_pos = AES_BLOCK_SIZE;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
if (!EVP_CIPHER_CTX_reset(ctx->ctx)) {
EVP_CIPHER_CTX_free(ctx->ctx);
ctx->ctx = NULL;
}
#else
EVP_CIPHER_CTX_init(ctx->ctx);
#endif
return 0;
}
const EVP_CIPHER *OpensslAES::getEvpCipher() const
{
if (m_type == TypeAes128 && m_mode == ModeCbc) {
return EVP_aes_128_cbc();
} else if (m_type == TypeAes128 && m_mode == ModeCfb) {
return EVP_aes_128_cfb128();
} else if (m_type == TypeAes128 && m_mode == ModeEcb) {
return EVP_aes_128_ecb();
} else if (m_type == TypeAes128 && m_mode == ModeOfb) {
return EVP_aes_128_ofb();
} else if (m_type == TypeAes192 && m_mode == ModeCbc) {
return EVP_aes_192_cbc();
} else if (m_type == TypeAes192 && m_mode == ModeCfb) {
return EVP_aes_192_cfb128();
} else if (m_type == TypeAes192 && m_mode == ModeEcb) {
return EVP_aes_192_ecb();
} else if (m_type == TypeAes192 && m_mode == ModeOfb) {
return EVP_aes_192_ofb();
} else if (m_type == TypeAes256 && m_mode == ModeCbc) {
return EVP_aes_256_cbc();
} else if (m_type == TypeAes256 && m_mode == ModeCfb) {
return EVP_aes_256_cfb128();
} else if (m_type == TypeAes256 && m_mode == ModeEcb) {
return EVP_aes_256_ecb();
} else if (m_type == TypeAes256 && m_mode == ModeOfb) {
return EVP_aes_256_ofb();
}
return 0;
}
static int
ossl_aes_ecb_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
{
ossldata *od = c->ptr;
int err;
err = ossl_aes_init(c, key, klen, iv);
if (err)
return err;
switch (od->klen)
{
case 128 / 8:
od->evp_ciph = EVP_aes_128_ecb();
break;
case 192 / 8:
od->evp_ciph = EVP_aes_192_ecb();
break;
case 256 / 8:
od->evp_ciph = EVP_aes_256_ecb();
break;
default:
/* shouldn't happen */
err = PXE_CIPHER_INIT;
break;
}
return err;
}
static int
aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc) /* init key */
{
/*
* variable "c" is leaked from this scope, but is later freed
* in aes_ctr_cleanup
*/
aes_ctr_ctx *c;
const EVP_CIPHER *aes_cipher;
(void) enc;
switch(EVP_CIPHER_CTX_key_length(ctx)) {
case 16:
aes_cipher = EVP_aes_128_ecb();
break;
case 24:
aes_cipher = EVP_aes_192_ecb();
break;
case 32:
aes_cipher = EVP_aes_256_ecb();
break;
default:
return 0;
}
c = malloc(sizeof(*c));
if(c == NULL)
return 0;
#ifdef HAVE_OPAQUE_STRUCTS
c->aes_ctx = EVP_CIPHER_CTX_new();
#else
c->aes_ctx = malloc(sizeof(EVP_CIPHER_CTX));
#endif
if(c->aes_ctx == NULL) {
free(c);
return 0;
}
if(EVP_EncryptInit(c->aes_ctx, aes_cipher, key, NULL) != 1) {
#ifdef HAVE_OPAQUE_STRUCTS
EVP_CIPHER_CTX_free(c->aes_ctx);
#else
free(c->aes_ctx);
#endif
free(c);
return 0;
}
EVP_CIPHER_CTX_set_padding(c->aes_ctx, 0);
memcpy(c->ctr, iv, AES_BLOCK_SIZE);
EVP_CIPHER_CTX_set_app_data(ctx, c);
return 1;
}
const EVP_CIPHER* get_cipher_type(const enum cipher cipher, const enum cipher_mode mode) {
switch (mode) {
case MODE_ECB:
switch (cipher) {
case CIPHER_DES:
return EVP_des_ecb();
case CIPHER_AES_128:
return EVP_aes_128_ecb();
case CIPHER_AES_192:
return EVP_aes_192_ecb();
case CIPHER_AES_256:
return EVP_aes_256_ecb();
}
case MODE_CBC:
switch (cipher) {
case CIPHER_DES:
return EVP_des_cbc();
case CIPHER_AES_128:
return EVP_aes_128_cbc();
case CIPHER_AES_192:
return EVP_aes_192_cbc();
case CIPHER_AES_256:
return EVP_aes_256_cbc();
}
case MODE_OFB:
switch (cipher) {
case CIPHER_DES:
return EVP_des_ofb();
case CIPHER_AES_128:
return EVP_aes_128_ofb();
case CIPHER_AES_192:
return EVP_aes_192_ofb();
case CIPHER_AES_256:
return EVP_aes_256_ofb();
}
case MODE_CFB:
switch (cipher) {
case CIPHER_DES:
return EVP_des_cfb();
case CIPHER_AES_128:
return EVP_aes_128_cfb();
case CIPHER_AES_192:
return EVP_aes_192_cfb();
case CIPHER_AES_256:
return EVP_aes_256_cfb();
}
}
abort();
}
int
main(int argc, char** argv)
{
// get data to encrypt.
//
if (argc != 3) {
printf("Usage: %s <base64 enc key> <data to encryt>\n",
argv[0]);
return 0;
}
// base64 decode key
//
BIO *mbio = BIO_new_mem_buf(argv[1], strlen(argv[1]));
BIO *b64bio = BIO_new(BIO_f_base64());
BIO_set_flags(b64bio, BIO_FLAGS_BASE64_NO_NL);
BIO *bio = BIO_push(b64bio, mbio);
char key[256];
size_t keylen = 0;
keylen = BIO_read(bio, key, sizeof(key));
BIO_free(mbio);
BIO_free(b64bio);
// encrypt the data
//
char out[256];
int outlen = 0;
EVP_CIPHER_CTX ctx;
EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL);
EVP_EncryptUpdate(&ctx, out, &outlen, argv[2], strlen(argv[2]));
EVP_EncryptFinal(&ctx, out, &outlen);
EVP_CIPHER_CTX_cleanup(&ctx);
// base64 encode encrypted data
//
mbio = BIO_new(BIO_s_mem());
b64bio = BIO_new(BIO_f_base64());
BIO_set_flags(b64bio, BIO_FLAGS_BASE64_NO_NL);
bio = BIO_push(b64bio, mbio);
BIO_write(bio, out, outlen);
BIO_flush(bio);
char* data = NULL;
size_t datalen = 0;
datalen = BIO_get_mem_data(mbio, &data);
data[datalen] = '\0';
printf("encrypted data: [%s]\n", data);
BIO_free(mbio);
BIO_free(b64bio);
return 0;
}
void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
const char *name,
const char *unused, void *arg),
void *arg) {
callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg);
callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg);
callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg);
callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg);
callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg);
callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg);
callback(EVP_aes_256_ecb(), "AES-256-ECB", NULL, arg);
callback(EVP_aes_256_ofb(), "AES-256-OFB", NULL, arg);
callback(EVP_aes_256_xts(), "AES-256-XTS", NULL, arg);
callback(EVP_des_cbc(), "DES-CBC", NULL, arg);
callback(EVP_des_ecb(), "DES-ECB", NULL, arg);
callback(EVP_des_ede(), "DES-EDE", NULL, arg);
callback(EVP_des_ede_cbc(), "DES-EDE-CBC", NULL, arg);
callback(EVP_des_ede3_cbc(), "DES-EDE3-CBC", NULL, arg);
callback(EVP_rc2_cbc(), "RC2-CBC", NULL, arg);
callback(EVP_rc4(), "RC4", NULL, arg);
// OpenSSL returns everything twice, the second time in lower case.
callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg);
callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg);
callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg);
callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg);
callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg);
callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg);
callback(EVP_aes_256_ecb(), "aes-256-ecb", NULL, arg);
callback(EVP_aes_256_ofb(), "aes-256-ofb", NULL, arg);
callback(EVP_aes_256_xts(), "aes-256-xts", NULL, arg);
callback(EVP_des_cbc(), "des-cbc", NULL, arg);
callback(EVP_des_ecb(), "des-ecb", NULL, arg);
callback(EVP_des_ede(), "des-ede", NULL, arg);
callback(EVP_des_ede_cbc(), "des-ede-cbc", NULL, arg);
callback(EVP_des_ede3_cbc(), "des-ede3-cbc", NULL, arg);
callback(EVP_rc2_cbc(), "rc2-cbc", NULL, arg);
callback(EVP_rc4(), "rc4", NULL, arg);
}
/** Get cipher by name constants.
* @param cipher cipher name
* @return cipher engine
*/
const EVP_CIPHER *
cipher_by_name(const char *cipher)
{
if (strcmp(cipher, LN_aes_128_ecb) == 0) {
return EVP_aes_128_ecb();
} else if (strcmp(cipher, LN_aes_128_cbc) == 0) {
return EVP_aes_128_cbc();
} else if (strcmp(cipher, LN_aes_256_ecb) == 0) {
return EVP_aes_256_ecb();
} else if (strcmp(cipher, LN_aes_256_cbc) == 0) {
return EVP_aes_256_cbc();
} else {
throw std::runtime_error("Unknown cipher type");
}
}
void
isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out)
{
EVP_CIPHER_CTX c;
int len;
EVP_CIPHER_CTX_init(&c);
RUNTIME_CHECK(EVP_EncryptInit(&c, EVP_aes_256_ecb(), key, NULL) == 1);
EVP_CIPHER_CTX_set_padding(&c, 0);
RUNTIME_CHECK(EVP_EncryptUpdate(&c, out, &len, in,
ISC_AES_BLOCK_LENGTH) == 1);
RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(&c) == 1);
}
explicit Cipher(Name name = N_AES128_CBC)
: cipher_(0)
{
EVP_CIPHER_CTX_init(&ctx_);
switch (name) {
case N_AES128_CBC: cipher_ = EVP_aes_128_cbc(); break;
case N_AES192_CBC: cipher_ = EVP_aes_192_cbc(); break;
case N_AES256_CBC: cipher_ = EVP_aes_256_cbc(); break;
case N_AES128_ECB: cipher_ = EVP_aes_128_ecb(); break;
case N_AES192_ECB: cipher_ = EVP_aes_192_ecb(); break;
case N_AES256_ECB: cipher_ = EVP_aes_256_ecb(); break;
default:
throw cybozu::Exception("crypto:Cipher:Cipher:name") << (int)name;
}
}
static int
aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len)
{
switch (key_len) {
case 16: ctx->type = EVP_aes_128_ecb(); break;
case 24: ctx->type = EVP_aes_192_ecb(); break;
case 32: ctx->type = EVP_aes_256_ecb(); break;
default: ctx->type = NULL; return -1;
}
ctx->key_len = key_len;
memcpy(ctx->key, key, key_len);
memset(ctx->nonce, 0, sizeof(ctx->nonce));
ctx->encr_pos = AES_BLOCK_SIZE;
EVP_CIPHER_CTX_init(&ctx->ctx);
return 0;
}
/** Get cipher for PB_ENCRYPTION_* constants.
* @param cipher cipher ID
* @return cipher engine
*/
const EVP_CIPHER *
cipher_by_id(int cipher)
{
switch (cipher) {
case PB_ENCRYPTION_AES_128_ECB:
return EVP_aes_128_ecb();
case PB_ENCRYPTION_AES_128_CBC:
return EVP_aes_128_cbc();
case PB_ENCRYPTION_AES_256_ECB:
return EVP_aes_256_ecb();
case PB_ENCRYPTION_AES_256_CBC:
return EVP_aes_256_cbc();
default:
throw std::runtime_error("Unknown cipher type");
}
}
const EVP_CIPHER* OSSLAES::getCipher() const
{
if (currentKey == NULL) return NULL;
// Check currentKey bit length; AES only supports 128, 192 or 256 bit keys
if ((currentKey->getBitLen() != 128) &&
(currentKey->getBitLen() != 192) &&
(currentKey->getBitLen() != 256))
{
ERROR_MSG("Invalid AES currentKey length (%d bits)", currentKey->getBitLen());
return NULL;
}
// Determine the cipher mode
if (!currentCipherMode.compare("cbc"))
{
switch(currentKey->getBitLen())
{
case 128:
return EVP_aes_128_cbc();
case 192:
return EVP_aes_192_cbc();
case 256:
return EVP_aes_256_cbc();
};
}
else if (!currentCipherMode.compare("ecb"))
{
switch(currentKey->getBitLen())
{
case 128:
return EVP_aes_128_ecb();
case 192:
return EVP_aes_192_ecb();
case 256:
return EVP_aes_256_ecb();
};
}
ERROR_MSG("Invalid AES cipher mode %s", currentCipherMode.c_str());
return NULL;
}
void
isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_CIPHER_CTX _context;
#endif
EVP_CIPHER_CTX *c;
int len;
c = EVP_CIPHER_CTX_new();
RUNTIME_CHECK(c != NULL);
RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_256_ecb(), key, NULL) == 1);
EVP_CIPHER_CTX_set_padding(c, 0);
RUNTIME_CHECK(EVP_EncryptUpdate(c, out, &len, in,
ISC_AES_BLOCK_LENGTH) == 1);
RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
EVP_CIPHER_CTX_free(c);
}
const EVP_CIPHER* algid_to_evp(uint32_t alg){
switch(alg&(SOTER_SYM_ALG_MASK|SOTER_SYM_PADDING_MASK|SOTER_SYM_KEY_LENGTH_MASK)){
case SOTER_SYM_AES_ECB_PKCS7|SOTER_SYM_256_KEY_LENGTH:
return EVP_aes_256_ecb();
case SOTER_SYM_AES_ECB_PKCS7|SOTER_SYM_192_KEY_LENGTH:
return EVP_aes_192_ecb();
case SOTER_SYM_AES_ECB_PKCS7|SOTER_SYM_128_KEY_LENGTH:
return EVP_aes_128_ecb();
case SOTER_SYM_AES_CTR|SOTER_SYM_256_KEY_LENGTH:
return EVP_aes_256_ctr();
case SOTER_SYM_AES_CTR|SOTER_SYM_192_KEY_LENGTH:
return EVP_aes_192_ctr();
case SOTER_SYM_AES_CTR|SOTER_SYM_128_KEY_LENGTH:
return EVP_aes_128_ctr();
case SOTER_SYM_AES_XTS|SOTER_SYM_256_KEY_LENGTH:
return EVP_aes_256_xts();
}
return NULL;
}
void SSLInitImpl()
{
if(0 == ssl_init_counter++)
{
log_info("OpenSSL library initialization");
SSL_library_init();
SSL_load_error_strings();
ERR_load_crypto_strings();
int numLocks = CRYPTO_num_locks();
sslmtx = new Pt::System::Mutex[numLocks];
//CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
CRYPTO_set_locking_callback(pt_locking_callback_impl);
//OpenSSL_add_all_algorithms();
EVP_add_cipher(EVP_des_ede3_cfb());
EVP_add_cipher(EVP_des_ede3_cfb1());
EVP_add_cipher(EVP_des_ede3_cfb8());
EVP_add_cipher(EVP_des_ede3_ofb());
EVP_add_cipher(EVP_aes_128_ecb());
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_128_cfb());
EVP_add_cipher(EVP_aes_128_cfb1());
EVP_add_cipher(EVP_aes_128_cfb8());
EVP_add_cipher(EVP_aes_128_ofb());
EVP_add_cipher(EVP_aes_192_ecb());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_192_cfb());
EVP_add_cipher(EVP_aes_192_cfb1());
EVP_add_cipher(EVP_aes_192_cfb8());
EVP_add_cipher(EVP_aes_192_ofb());
EVP_add_cipher(EVP_aes_256_ecb());
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_256_cfb());
EVP_add_cipher(EVP_aes_256_cfb1());
EVP_add_cipher(EVP_aes_256_cfb8());
EVP_add_cipher(EVP_aes_256_ofb());
}
}
static int
aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc) /* init key */
{
aes_ctr_ctx *c = malloc(sizeof(*c));
const EVP_CIPHER *aes_cipher;
(void) enc;
if (c == NULL)
return 0;
switch (ctx->key_len) {
case 16:
aes_cipher = EVP_aes_128_ecb();
break;
case 24:
aes_cipher = EVP_aes_192_ecb();
break;
case 32:
aes_cipher = EVP_aes_256_ecb();
break;
default:
return 0;
}
c->aes_ctx = malloc(sizeof(EVP_CIPHER_CTX));
if (c->aes_ctx == NULL)
return 0;
if (EVP_EncryptInit(c->aes_ctx, aes_cipher, key, NULL) != 1) {
return 0;
}
EVP_CIPHER_CTX_set_padding(c->aes_ctx, 0);
memcpy(c->ctr, iv, AES_BLOCK_SIZE);
EVP_CIPHER_CTX_set_app_data(ctx, c);
return 1;
}
void *aes_encrypt(void* args)
{
cpu_set_t cpuset;
int cip_len;
int tmp_len;
EVP_CIPHER_CTX *ctx;
aesPayloadStruct *aesPayload = (aesPayloadStruct*)args;
CPU_ZERO(&cpuset);
CPU_SET(aesPayload->cpuAffinity, &cpuset);
sched_setaffinity(0, sizeof(cpuset), &cpuset);
if(!(ctx = EVP_CIPHER_CTX_new())) {
return NULL;
}
if (16 == aesPayload->keyLen) {
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, aesPayload->keyState, NULL)) {
return NULL;
}
} else {
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, aesPayload->keyState, NULL)) {
return NULL;
}
}
if(1 != EVP_EncryptUpdate(ctx, aesPayload->ctDataBuff, &tmp_len, aesPayload->ptDataBuff, aesPayload->dataLen)) {
return NULL;
}
cip_len = tmp_len;
if(1 != EVP_EncryptFinal_ex(ctx, aesPayload->ptDataBuff + tmp_len, &tmp_len)) {
return NULL;
}
cip_len += tmp_len;
return NULL;
}
bool CryptFileDevice::initCipher()
{
const EVP_CIPHER *cipher = EVP_enc_null();
if (m_aesKeyLength == kAesKeyLength128)
cipher = EVP_aes_128_ecb();
else if (m_aesKeyLength == kAesKeyLength192)
cipher = EVP_aes_192_ecb();
else if (m_aesKeyLength == kAesKeyLength256)
cipher = EVP_aes_256_ecb();
else
Q_ASSERT_X(false, Q_FUNC_INFO, "Unknown value of AesKeyLength");
EVP_CIPHER_CTX_init(&m_encCtx);
EVP_EncryptInit_ex(&m_encCtx, cipher, NULL, NULL, NULL);
int keyLength = EVP_CIPHER_CTX_key_length(&m_encCtx);
int ivLength = EVP_CIPHER_CTX_iv_length(&m_encCtx);
unsigned char key[keyLength];
unsigned char iv[ivLength];
int ok = EVP_BytesToKey(cipher,
EVP_sha256(),
m_salt.isEmpty() ? NULL : (unsigned char *)m_salt.data(),
(unsigned char *)m_password.data(),
m_password.length(),
m_numRounds,
key,
iv);
if (ok == 0)
return false;
EVP_CIPHER_CTX_init(&m_encCtx);
EVP_EncryptInit_ex(&m_encCtx, cipher, NULL, key, iv);
EVP_CIPHER_CTX_init(&m_decCtx);
EVP_DecryptInit_ex(&m_decCtx, cipher, NULL, key, iv);
return true;
}
char *cipher_aes_decrypt(const char *ciphertext, size_t len, const unsigned char key[KDF_HASH_LEN])
{
EVP_CIPHER_CTX ctx;
char *plaintext;
int out_len;
if (!len)
return NULL;
EVP_CIPHER_CTX_init(&ctx);
plaintext = xcalloc(len + AES_BLOCK_SIZE + 1, 1);
if (len >= 33 && len % 16 == 1 && ciphertext[0] == '!') {
if (!EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key, (unsigned char *)(ciphertext + 1)))
goto error;
ciphertext += 17;
len -= 17;
} else {
if (!EVP_DecryptInit_ex(&ctx, EVP_aes_256_ecb(), NULL, key, NULL))
goto error;
}
if (!EVP_DecryptUpdate(&ctx, (unsigned char *)plaintext, &out_len, (unsigned char *)ciphertext, len))
goto error;
len = out_len;
if (!EVP_DecryptFinal_ex(&ctx, (unsigned char *)(plaintext + out_len), &out_len))
goto error;
len += out_len;
plaintext[len] = '\0';
EVP_CIPHER_CTX_cleanup(&ctx);
return plaintext;
error:
EVP_CIPHER_CTX_cleanup(&ctx);
secure_clear(plaintext, len + AES_BLOCK_SIZE + 1);
free(plaintext);
return NULL;
}
const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
if (OPENSSL_strcasecmp(name, "rc4") == 0) {
return EVP_rc4();
} else if (OPENSSL_strcasecmp(name, "des-cbc") == 0) {
return EVP_des_cbc();
} else if (OPENSSL_strcasecmp(name, "des-ede3-cbc") == 0 ||
OPENSSL_strcasecmp(name, "3des") == 0) {
return EVP_des_ede3_cbc();
} else if (OPENSSL_strcasecmp(name, "aes-128-cbc") == 0) {
return EVP_aes_128_cbc();
} else if (OPENSSL_strcasecmp(name, "aes-256-cbc") == 0) {
return EVP_aes_256_cbc();
} else if (OPENSSL_strcasecmp(name, "aes-128-ctr") == 0) {
return EVP_aes_128_ctr();
} else if (OPENSSL_strcasecmp(name, "aes-256-ctr") == 0) {
return EVP_aes_256_ctr();
} else if (OPENSSL_strcasecmp(name, "aes-128-ecb") == 0) {
return EVP_aes_128_ecb();
} else if (OPENSSL_strcasecmp(name, "aes-256-ecb") == 0) {
return EVP_aes_256_ecb();
}
return NULL;
}
static EVP_CIPHER_CTX *get_cipher(SEXP sKey, SEXP sCipher, int enc, int *transient) {
EVP_CIPHER_CTX *ctx;
PKI_init();
if (inherits(sKey, "symmeric.cipher")) {
if (transient) transient[0] = 0;
return (EVP_CIPHER_CTX*) R_ExternalPtrAddr(sCipher);
}
if (TYPEOF(sKey) != RAWSXP && (TYPEOF(sKey) != STRSXP || LENGTH(sKey) < 1))
Rf_error("invalid key object");
else {
const char *cipher, *c_key;
int key_len;
const EVP_CIPHER *type;
if (TYPEOF(sCipher) != STRSXP || LENGTH(sCipher) != 1)
Rf_error("non-RSA key and no cipher is specified");
cipher = CHAR(STRING_ELT(sCipher, 0));
if (strlen(cipher) > sizeof(cipher_name) - 1)
Rf_error("invalid cipher name");
{
char *c = cipher_name;
while (*cipher) {
if ((*cipher >= 'a' && *cipher <= 'z') || (*cipher >= '0' && *cipher <= '9'))
*(c++) = *cipher;
else if (*cipher >= 'A' && *cipher <= 'Z')
*(c++) = *cipher + 32;
cipher++;
}
*c = 0;
cipher = (const char*) cipher_name;
}
if (!strcmp(cipher, "aes128") || !strcmp(cipher, "aes128cbc"))
type = EVP_aes_128_cbc();
else if (!strcmp(cipher, "aes128ecb"))
type = EVP_aes_128_ecb();
else if (!strcmp(cipher, "aes128ofb"))
type = EVP_aes_128_ofb();
else if (!strcmp(cipher, "aes256") || !strcmp(cipher, "aes256cbc"))
type = EVP_aes_256_cbc();
else if (!strcmp(cipher, "aes256ecb"))
type = EVP_aes_256_ecb();
else if (!strcmp(cipher, "aes256ofb"))
type = EVP_aes_256_ofb();
else if (!strcmp(cipher, "blowfish") || !strcmp(cipher, "bfcbc"))
type = EVP_bf_cbc();
else if (!strcmp(cipher, "bfecb"))
type = EVP_bf_ecb();
else if (!strcmp(cipher, "bfofb"))
type = EVP_bf_ofb();
else if (!strcmp(cipher, "bfcfb"))
type = EVP_bf_cfb();
else Rf_error("unknown cipher `%s'", CHAR(STRING_ELT(sCipher, 0)));
if (TYPEOF(sKey) == STRSXP) {
c_key = CHAR(STRING_ELT(sKey, 0));
key_len = strlen(c_key);
} else {
c_key = (const char*) RAW(sKey);
key_len = LENGTH(sKey);
}
if (key_len < EVP_CIPHER_key_length(type))
Rf_error("key is too short (%d bytes) for the cipher - need %d bytes", key_len, EVP_CIPHER_key_length(type));
ctx = (EVP_CIPHER_CTX*) malloc(sizeof(*ctx));
if (!ctx)
Rf_error("cannot allocate memory for cipher");
if (!EVP_CipherInit(ctx, type, (unsigned char*) c_key, 0, enc)) {
free(ctx);
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
}
if (transient) transient[0] = 1;
return ctx;
}
}
void OpenSSL_add_all_ciphers(void)
{
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cfb());
EVP_add_cipher(EVP_des_cfb1());
EVP_add_cipher(EVP_des_cfb8());
EVP_add_cipher(EVP_des_ede_cfb());
EVP_add_cipher(EVP_des_ede3_cfb());
EVP_add_cipher(EVP_des_ofb());
EVP_add_cipher(EVP_des_ede_ofb());
EVP_add_cipher(EVP_des_ede3_ofb());
EVP_add_cipher(EVP_desx_cbc());
EVP_add_cipher_alias(SN_desx_cbc,"DESX");
EVP_add_cipher_alias(SN_desx_cbc,"desx");
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher_alias(SN_des_cbc,"DES");
EVP_add_cipher_alias(SN_des_cbc,"des");
EVP_add_cipher(EVP_des_ede_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
EVP_add_cipher(EVP_des_ecb());
EVP_add_cipher(EVP_des_ede());
EVP_add_cipher(EVP_des_ede3());
#endif
#ifndef OPENSSL_NO_RC4
EVP_add_cipher(EVP_rc4());
EVP_add_cipher(EVP_rc4_40());
#endif
#ifndef OPENSSL_NO_IDEA
EVP_add_cipher(EVP_idea_ecb());
EVP_add_cipher(EVP_idea_cfb());
EVP_add_cipher(EVP_idea_ofb());
EVP_add_cipher(EVP_idea_cbc());
EVP_add_cipher_alias(SN_idea_cbc,"IDEA");
EVP_add_cipher_alias(SN_idea_cbc,"idea");
#endif
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_ecb());
EVP_add_cipher(EVP_rc2_cfb());
EVP_add_cipher(EVP_rc2_ofb());
EVP_add_cipher(EVP_rc2_cbc());
EVP_add_cipher(EVP_rc2_40_cbc());
EVP_add_cipher(EVP_rc2_64_cbc());
EVP_add_cipher_alias(SN_rc2_cbc,"RC2");
EVP_add_cipher_alias(SN_rc2_cbc,"rc2");
#endif
#ifndef OPENSSL_NO_BF
EVP_add_cipher(EVP_bf_ecb());
EVP_add_cipher(EVP_bf_cfb());
EVP_add_cipher(EVP_bf_ofb());
EVP_add_cipher(EVP_bf_cbc());
EVP_add_cipher_alias(SN_bf_cbc,"BF");
EVP_add_cipher_alias(SN_bf_cbc,"bf");
EVP_add_cipher_alias(SN_bf_cbc,"blowfish");
#endif
#ifndef OPENSSL_NO_CAST
EVP_add_cipher(EVP_cast5_ecb());
EVP_add_cipher(EVP_cast5_cfb());
EVP_add_cipher(EVP_cast5_ofb());
EVP_add_cipher(EVP_cast5_cbc());
EVP_add_cipher_alias(SN_cast5_cbc,"CAST");
EVP_add_cipher_alias(SN_cast5_cbc,"cast");
EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc");
EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc");
#endif
#ifndef OPENSSL_NO_RC5
EVP_add_cipher(EVP_rc5_32_12_16_ecb());
EVP_add_cipher(EVP_rc5_32_12_16_cfb());
EVP_add_cipher(EVP_rc5_32_12_16_ofb());
EVP_add_cipher(EVP_rc5_32_12_16_cbc());
EVP_add_cipher_alias(SN_rc5_cbc,"rc5");
EVP_add_cipher_alias(SN_rc5_cbc,"RC5");
#endif
#ifndef OPENSSL_NO_AES
EVP_add_cipher(EVP_aes_128_ecb());
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_128_cfb());
EVP_add_cipher(EVP_aes_128_cfb1());
EVP_add_cipher(EVP_aes_128_cfb8());
EVP_add_cipher(EVP_aes_128_ofb());
#if 0
EVP_add_cipher(EVP_aes_128_ctr());
#endif
EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
EVP_add_cipher(EVP_aes_192_ecb());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_192_cfb());
EVP_add_cipher(EVP_aes_192_cfb1());
EVP_add_cipher(EVP_aes_192_cfb8());
EVP_add_cipher(EVP_aes_192_ofb());
#if 0
EVP_add_cipher(EVP_aes_192_ctr());
#endif
EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
EVP_add_cipher(EVP_aes_256_ecb());
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_256_cfb());
EVP_add_cipher(EVP_aes_256_cfb1());
EVP_add_cipher(EVP_aes_256_cfb8());
EVP_add_cipher(EVP_aes_256_ofb());
#if 0
EVP_add_cipher(EVP_aes_256_ctr());
#endif
EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
#endif
PKCS12_PBE_add();
PKCS5_PBE_add();
}
void AESCryptoKey::TransformBlock(bool encrypt,
const uint8_t *pbIn,
uint32_t cbIn,
uint8_t *pbOut,
uint32_t & cbOut,
const uint8_t *pbIv,
uint32_t cbIv)
{
if (pbIn == nullptr) {
throw exceptions::RMSCryptoNullPointerException("Null pointer pbIn exception");
}
if (pbOut == nullptr) {
throw exceptions::RMSCryptoNullPointerException("Null pointer pbOut exception");
}
if (((cbIv == 0) && (pbIv != nullptr)) || ((cbIv != 0) && (pbIv == nullptr))) {
pbIv = nullptr;
cbIv = 0;
}
int totalOut = static_cast<int>(cbOut);
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
const EVP_CIPHER *cipher = nullptr;
switch (m_algorithm) {
case api::CRYPTO_ALGORITHM_AES_ECB:
switch(m_key.size()) {
case 16:
cipher = EVP_aes_128_ecb();
break;
case 24:
cipher = EVP_aes_192_ecb();
break;
case 32:
cipher = EVP_aes_256_ecb();
break;
default:
throw exceptions::RMSCryptoInvalidArgumentException("Invalid key length");
}
break;
case api::CRYPTO_ALGORITHM_AES_CBC:
case api::CRYPTO_ALGORITHM_AES_CBC_PKCS7:
switch(m_key.size()) {
case 16:
cipher = EVP_aes_128_cbc();
break;
case 24:
cipher = EVP_aes_192_cbc();
break;
case 32:
cipher = EVP_aes_256_cbc();
break;
default:
throw exceptions::RMSCryptoInvalidArgumentException("Invalid key length");
}
break;
break;
default:
throw exceptions::RMSCryptoInvalidArgumentException("Unsupported algorithm");
}
// check lengths
if ((pbIv != nullptr) &&
(EVP_CIPHER_iv_length(cipher) != static_cast<int>(cbIv))) {
throw exceptions::RMSCryptoInvalidArgumentException(
"Invalid initial vector length");
}
if (EVP_CIPHER_key_length(cipher) != static_cast<int>(m_key.size())) {
throw exceptions::RMSCryptoInvalidArgumentException("Invalid key length");
}
EVP_CipherInit_ex(&ctx, cipher, NULL, m_key.data(), pbIv, encrypt ? 1 : 0);
if (m_algorithm == api::CRYPTO_ALGORITHM_AES_CBC_PKCS7) {
EVP_CIPHER_CTX_set_padding(&ctx, 1);
} else {
EVP_CIPHER_CTX_set_padding(&ctx, 0);
}
if (!EVP_CipherUpdate(&ctx, pbOut, &totalOut, pbIn, static_cast<int>(cbIn))) {
throw exceptions::RMSCryptoIOException(
exceptions::RMSCryptoException::UnknownError,
"Failed to transform data");
}
pbOut += totalOut;
// add padding if necessary
if (m_algorithm == api::CRYPTO_ALGORITHM_AES_CBC_PKCS7) {
int remain = cbOut - totalOut;
if (remain < EVP_CIPHER_block_size(cipher)) {
throw exceptions::RMSCryptoInsufficientBufferException(
"No enough buffer size");
}
if (!EVP_CipherFinal_ex(&ctx, pbOut, &remain)) {
throw exceptions::RMSCryptoIOException(
exceptions::RMSCryptoException::UnknownError,
"Failed to transform final block");
}
totalOut += remain;
}
EVP_CIPHER_CTX_cleanup(&ctx);
// remember total size
cbOut = static_cast<uint32_t>(totalOut);
}
void mexserver() //gestisco i job
{
long ret,quanti=0;
char key[32] ;
unsigned char * msg;
long numblocchi;
unsigned char **p;
unsigned char zero[16];
int index;
EVP_CIPHER_CTX* ctx;
unsigned char ** ciphertext;
unsigned char* L;
printf("mexdalserver\n");
//key=malloc(32);
ret = recv(sk, (void *)key, 32, 0);//key
if(ret==-1) {
printf("mexserver errore: errore in ricezione idjob dal server!\n");
exit(1);
}
printf("key : \n");
printf("key : %s\n",key);
printf("\n");
if(ret==0) { //server si e' disconnesso
printf("Il server ha chiuso la connessione!!/n");
exit(3);
}
ret = recv(sk, (void *)&index, sizeof(int), 0); //mi serve per il calcolo di p
if(ret==-1) {
printf("mexserver errore: errore in ricezione lunghezza dal server3!\n");
exit(1);
}
printf("ricevuto index: %d\n",index);
ret = recv(sk, (void *)&quanti, sizeof(long), 0); //ricevo lunghezza stringa
if(ret==-1) {
printf("mexserver errore: errore in ricezione lunghezza dal server1!\n");
exit(1);
}
printf("ricevuto quanti: %ld\n",quanti);
msg=malloc(quanti);
ret = recv(sk, (void *)msg, quanti, 0); //ricevo file da cifrare
if(ret==-1) {
printf("mexserver errore: errore in ricezione lunghezza dal server2!\n");
exit(1);
}
printf("ricevuto msg\n");
printf("\n MSG %s\n",msg);
numblocchi=quanti/16;
printf("stai elaborando %ld\n",numblocchi);
printf("blocchi \n");
//**************************
exit(1);//****************crush************************
//****************************
p=malloc(sizeof(unsigned char*)* numblocchi );
#pragma omp parallel for
for (int z=1; z<numblocchi; z++) {
p[z]=malloc(16);
//l'ultimo carattere mi dice se completato..
}
ciphertext=malloc(sizeof(unsigned char*)*numblocchi);
ctx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));
EVP_CIPHER_CTX_init(ctx);
int outlen=0;
L=malloc(16);
/* Context setup for encryption */
EVP_EncryptInit(ctx, EVP_aes_256_ecb(), key, NULL);
EVP_CIPHER_CTX_set_padding(ctx, 0);
EVP_EncryptUpdate(ctx, L, &outlen, (unsigned char*)zero, 16);
if (!EVP_EncryptFinal(ctx, L+outlen, &outlen)) { // se == 0 -> errore
printf("Errore in EVP_EncryptFinal\n");
exit(-1);
}
EVP_CIPHER_CTX_cleanup(ctx);
EVP_CIPHER_CTX_free(ctx);
for (int i=0; i<16; i++)
printf(" %02X", (unsigned char)L[i]);
printf("\n");
memset(zero, 0, 16);
zero[15]=1;
for (int i; i<16; i++)
L[i]|=zero[i];
//L trovata adessi IL;
calcolaLI(numblocchi, L, p,index);
char carry=0;
char ris;
#pragma omp parallel for private(ctx, outlen)
for (int i=0;i<numblocchi ; i++) { //fa il cipher
for(int z=0;z <16;z++){
// msg[i*16+z]+=p[i][z];{
ris = msg[i*16+z]&127 || p[i][z]&127;
msg[i*16+z]+= p[i][z] + carry;
if (ris==1 && (msg[i*16+z]&127)==0)
carry=1;
else
carry=0;
}
ciphertext[i]=malloc(16);
carry=0;
ctx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));
EVP_CIPHER_CTX_init(ctx);
outlen = 0;
EVP_EncryptInit(ctx, EVP_aes_256_ecb(), key, NULL);
EVP_CIPHER_CTX_set_padding(ctx, 0);
EVP_EncryptUpdate(ctx, ciphertext[i], &outlen, &msg[i*16], 16);
if (!EVP_EncryptFinal(ctx, ciphertext[i]+outlen, &outlen)) { // se == 0 -> errore
printf("Errore in EVP_EncryptFinal\n");
exit(-1);
}
EVP_CIPHER_CTX_cleanup(ctx);
EVP_CIPHER_CTX_free(ctx);
}
#pragma omp parallel for
for (int i=0;i<numblocchi ; i++) { //xor tra i cipher calcolati
for(int z=0;z <16;z++)
zero[z]^=ciphertext[i][z];
}
char x='a';
ret=send(sk,(void*)&x,sizeof(char),0);//mando risultato
if (ret ==-1)
{
printf ("errore nel mandare comando e' il mex d'uscita");
exit(1);
}
printf("zero : \n");
for (int i=0; i<16; i++)
printf(" %02X", (unsigned char)zero[i]);
printf("\n");
ret=send(sk,(void*)zero,16,0);//mando risultato
if (ret ==-1)
{
printf ("errore nel mandare comando e' il mex d'uscita");
exit(1);
}
printf("finito un job\n");
}
void OpenSSL_add_all_ciphers(void)
{
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cfb());
EVP_add_cipher(EVP_des_cfb1());
EVP_add_cipher(EVP_des_cfb8());
EVP_add_cipher(EVP_des_ede_cfb());
EVP_add_cipher(EVP_des_ede3_cfb());
EVP_add_cipher(EVP_des_ede3_cfb1());
EVP_add_cipher(EVP_des_ede3_cfb8());
EVP_add_cipher(EVP_des_ofb());
EVP_add_cipher(EVP_des_ede_ofb());
EVP_add_cipher(EVP_des_ede3_ofb());
EVP_add_cipher(EVP_desx_cbc());
EVP_add_cipher_alias(SN_desx_cbc, "DESX");
EVP_add_cipher_alias(SN_desx_cbc, "desx");
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher_alias(SN_des_cbc, "DES");
EVP_add_cipher_alias(SN_des_cbc, "des");
EVP_add_cipher(EVP_des_ede_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
EVP_add_cipher(EVP_des_ecb());
EVP_add_cipher(EVP_des_ede());
EVP_add_cipher(EVP_des_ede3());
EVP_add_cipher(EVP_des_ede3_wrap());
#endif
#ifndef OPENSSL_NO_RC4
EVP_add_cipher(EVP_rc4());
EVP_add_cipher(EVP_rc4_40());
# ifndef OPENSSL_NO_MD5
EVP_add_cipher(EVP_rc4_hmac_md5());
# endif
#endif
#ifndef OPENSSL_NO_IDEA
EVP_add_cipher(EVP_idea_ecb());
EVP_add_cipher(EVP_idea_cfb());
EVP_add_cipher(EVP_idea_ofb());
EVP_add_cipher(EVP_idea_cbc());
EVP_add_cipher_alias(SN_idea_cbc, "IDEA");
EVP_add_cipher_alias(SN_idea_cbc, "idea");
#endif
#ifndef OPENSSL_NO_SEED
EVP_add_cipher(EVP_seed_ecb());
EVP_add_cipher(EVP_seed_cfb());
EVP_add_cipher(EVP_seed_ofb());
EVP_add_cipher(EVP_seed_cbc());
EVP_add_cipher_alias(SN_seed_cbc, "SEED");
EVP_add_cipher_alias(SN_seed_cbc, "seed");
#endif
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_ecb());
EVP_add_cipher(EVP_rc2_cfb());
EVP_add_cipher(EVP_rc2_ofb());
EVP_add_cipher(EVP_rc2_cbc());
EVP_add_cipher(EVP_rc2_40_cbc());
EVP_add_cipher(EVP_rc2_64_cbc());
EVP_add_cipher_alias(SN_rc2_cbc, "RC2");
EVP_add_cipher_alias(SN_rc2_cbc, "rc2");
#endif
#ifndef OPENSSL_NO_BF
EVP_add_cipher(EVP_bf_ecb());
EVP_add_cipher(EVP_bf_cfb());
EVP_add_cipher(EVP_bf_ofb());
EVP_add_cipher(EVP_bf_cbc());
EVP_add_cipher_alias(SN_bf_cbc, "BF");
EVP_add_cipher_alias(SN_bf_cbc, "bf");
EVP_add_cipher_alias(SN_bf_cbc, "blowfish");
#endif
#ifndef OPENSSL_NO_CAST
EVP_add_cipher(EVP_cast5_ecb());
EVP_add_cipher(EVP_cast5_cfb());
EVP_add_cipher(EVP_cast5_ofb());
EVP_add_cipher(EVP_cast5_cbc());
EVP_add_cipher_alias(SN_cast5_cbc, "CAST");
EVP_add_cipher_alias(SN_cast5_cbc, "cast");
EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc");
EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc");
#endif
#ifndef OPENSSL_NO_RC5
EVP_add_cipher(EVP_rc5_32_12_16_ecb());
EVP_add_cipher(EVP_rc5_32_12_16_cfb());
EVP_add_cipher(EVP_rc5_32_12_16_ofb());
EVP_add_cipher(EVP_rc5_32_12_16_cbc());
EVP_add_cipher_alias(SN_rc5_cbc, "rc5");
EVP_add_cipher_alias(SN_rc5_cbc, "RC5");
#endif
#ifndef OPENSSL_NO_AES
EVP_add_cipher(EVP_aes_128_ecb());
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_128_cfb());
EVP_add_cipher(EVP_aes_128_cfb1());
EVP_add_cipher(EVP_aes_128_cfb8());
EVP_add_cipher(EVP_aes_128_ofb());
EVP_add_cipher(EVP_aes_128_ctr());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_128_xts());
EVP_add_cipher(EVP_aes_128_ccm());
EVP_add_cipher(EVP_aes_128_wrap());
EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
EVP_add_cipher(EVP_aes_192_ecb());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_192_cfb());
EVP_add_cipher(EVP_aes_192_cfb1());
EVP_add_cipher(EVP_aes_192_cfb8());
EVP_add_cipher(EVP_aes_192_ofb());
EVP_add_cipher(EVP_aes_192_ctr());
EVP_add_cipher(EVP_aes_192_gcm());
EVP_add_cipher(EVP_aes_192_ccm());
EVP_add_cipher(EVP_aes_192_wrap());
EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
EVP_add_cipher(EVP_aes_256_ecb());
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_256_cfb());
EVP_add_cipher(EVP_aes_256_cfb1());
EVP_add_cipher(EVP_aes_256_cfb8());
EVP_add_cipher(EVP_aes_256_ofb());
EVP_add_cipher(EVP_aes_256_ctr());
EVP_add_cipher(EVP_aes_256_gcm());
EVP_add_cipher(EVP_aes_256_xts());
EVP_add_cipher(EVP_aes_256_ccm());
EVP_add_cipher(EVP_aes_256_wrap());
EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
# endif
# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
# endif
#endif
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_ecb());
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_128_cfb());
EVP_add_cipher(EVP_camellia_128_cfb1());
EVP_add_cipher(EVP_camellia_128_cfb8());
EVP_add_cipher(EVP_camellia_128_ofb());
EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128");
EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128");
EVP_add_cipher(EVP_camellia_192_ecb());
EVP_add_cipher(EVP_camellia_192_cbc());
EVP_add_cipher(EVP_camellia_192_cfb());
EVP_add_cipher(EVP_camellia_192_cfb1());
EVP_add_cipher(EVP_camellia_192_cfb8());
EVP_add_cipher(EVP_camellia_192_ofb());
EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192");
EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192");
EVP_add_cipher(EVP_camellia_256_ecb());
EVP_add_cipher(EVP_camellia_256_cbc());
EVP_add_cipher(EVP_camellia_256_cfb());
EVP_add_cipher(EVP_camellia_256_cfb1());
EVP_add_cipher(EVP_camellia_256_cfb8());
EVP_add_cipher(EVP_camellia_256_ofb());
EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256");
EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256");
#endif
}
/**
* @brief Create a key from the given passphrase. By default, the PBKDF2
* algorithm is used to generate the key from the passphrase. It is expected
* that the same pass phrase will generate the same key, regardless of the
* backend crypto platform used. The key is cleaned up when the context
* is cleaned, and may be reused with multiple encryption or decryption
* operations.
* @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If
* *key is not NULL, *key must point at a previously created structure.
* @param key The key returned, see note.
* @param ivSize The size of the initialisation vector will be returned, based
* on whether an IV is relevant for this type of crypto.
* @param pass The passphrase to use.
* @param passLen The passphrase length in bytes
* @param salt The salt to use.
* @param saltLen The salt length in bytes
* @param type 3DES_192, AES_128, AES_192, AES_256.
* @param mode Electronic Code Book / Cipher Block Chaining.
* @param doPad Pad if necessary.
* @param iterations Iteration count
* @param f The context to use.
* @param p The pool to use.
* @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend
* error occurred while generating the key. APR_ENOCIPHER if the type or mode
* is not supported by the particular backend. APR_EKEYTYPE if the key type is
* not known. APR_EPADDING if padding was requested but is not supported.
* APR_ENOTIMPL if not implemented.
*/
static apr_status_t crypto_passphrase(apr_crypto_key_t **k, apr_size_t *ivSize,
const char *pass, apr_size_t passLen, const unsigned char * salt,
apr_size_t saltLen, const apr_crypto_block_key_type_e type,
const apr_crypto_block_key_mode_e mode, const int doPad,
const int iterations, const apr_crypto_t *f, apr_pool_t *p)
{
apr_crypto_key_t *key = *k;
if (!key) {
*k = key = apr_array_push(f->keys);
}
if (!key) {
return APR_ENOMEM;
}
key->f = f;
key->provider = f->provider;
/* determine the cipher to be used */
switch (type) {
case (APR_KEY_3DES_192):
/* A 3DES key */
if (mode == APR_MODE_CBC) {
key->cipher = EVP_des_ede3_cbc();
}
else {
key->cipher = EVP_des_ede3_ecb();
}
break;
case (APR_KEY_AES_128):
if (mode == APR_MODE_CBC) {
key->cipher = EVP_aes_128_cbc();
}
else {
key->cipher = EVP_aes_128_ecb();
}
break;
case (APR_KEY_AES_192):
if (mode == APR_MODE_CBC) {
key->cipher = EVP_aes_192_cbc();
}
else {
key->cipher = EVP_aes_192_ecb();
}
break;
case (APR_KEY_AES_256):
if (mode == APR_MODE_CBC) {
key->cipher = EVP_aes_256_cbc();
}
else {
key->cipher = EVP_aes_256_ecb();
}
break;
default:
/* unknown key type, give up */
return APR_EKEYTYPE;
}
/* find the length of the key we need */
key->keyLen = EVP_CIPHER_key_length(key->cipher);
/* make space for the key */
key->key = apr_pcalloc(p, key->keyLen);
if (!key->key) {
return APR_ENOMEM;
}
apr_crypto_clear(p, key->key, key->keyLen);
/* generate the key */
if (PKCS5_PBKDF2_HMAC_SHA1(pass, passLen, (unsigned char *) salt, saltLen,
iterations, key->keyLen, key->key) == 0) {
return APR_ENOKEY;
}
key->doPad = doPad;
/* note: openssl incorrectly returns non zero IV size values for ECB
* algorithms, so work around this by ignoring the IV size.
*/
if (APR_MODE_ECB != mode) {
key->ivSize = EVP_CIPHER_iv_length(key->cipher);
}
if (ivSize) {
*ivSize = key->ivSize;
}
return APR_SUCCESS;
}
void AES256(PA_PluginParameters params)
{
sLONG_PTR *pResult = (sLONG_PTR *)params->fResult;
PackagePtr pParams = (PackagePtr)params->fParameters;
C_BLOB Param1;
C_BLOB Param2;
C_LONGINT Param3;
C_LONGINT Param4;
C_LONGINT Param5;
C_LONGINT Param6;
C_BLOB Param7;
C_BLOB Param8;
C_TEXT returnValue;
Param1.fromParamAtIndex(pParams, 1);
Param2.fromParamAtIndex(pParams, 2);
Param3.fromParamAtIndex(pParams, 3);
Param4.fromParamAtIndex(pParams, 4);
Param5.fromParamAtIndex(pParams, 5);
Param6.fromParamAtIndex(pParams, 6);
Param7.fromParamAtIndex(pParams, 7);
Param8.fromParamAtIndex(pParams, 8);
const EVP_CIPHER *cipher;
switch (Param4.getIntValue())
{
case 0:
cipher = EVP_aes_256_ecb();
break;
case 1:
cipher = EVP_aes_256_cbc();
break;
case 2:
cipher = EVP_aes_256_cfb1();
break;
case 3:
cipher = EVP_aes_256_cfb8();
break;
case 4:
cipher = EVP_aes_256_cfb128();
break;
case 5:
cipher = EVP_aes_256_ofb();
break;
case 6:
cipher = EVP_aes_256_ctr();
break;
case 7:
cipher = EVP_aes_256_gcm();
break;
case 8:
cipher = EVP_aes_256_ccm();
break;
case 9:
cipher = EVP_aes_256_xts();
break;
default:
cipher = EVP_aes_256_ecb();
break;
}
CC_AES(cipher, Param1, Param2, Param3, Param5, Param6, Param7, Param8, returnValue);
returnValue.setReturn(pResult);
}