int AES128_Decrypt2048(unsigned char* message,const unsigned char* MAC,const unsigned char* cipher,const unsigned char*sharekey,const unsigned char*IV){
size8_t i,j;
size32_t k;
//==================SHA256========================
//unsigned int BUFLEN = 16384;
unsigned char buf[256]={0};
for(k=0;k<256;k++)buf[k]=cipher[k];
sha256(buf,256);
int flag=0;
for(i=0;i<16;i++){
if(MAC[i]!=buf[i]){
flag=1;
break;
}
}
if(flag==1)return 0;
//==========DECRYPT===========
unsigned char d[16][16];
unsigned char c[16][16];
for(i=0;i<16;i++)
for(j=0;j<16;j++)
c[i][j]=cipher[i*16+j];
/*for(i=0;i<16;i++){
printf("rec_cipher %d:",i);
for(k=0;k<16;k++)
printf("%x ",c[i][k]);printf("\n");
}*/
aes_key key;
aes_set_decrypt_key(&key, sharekey, 128);
const unsigned char *XOR_data;
for(i=0;i<16;i++){
XOR_data=(i==15)?IV:c[15-i-1];
aes_decrypt(&key, c[15-i] , d[15-i]);
for(j=0;j<16;j++){
d[15-i][j]=XOR_data[j]^d[15-i][j];
}
}
/*
for(i=0;i<16;i++){
printf("dec_cipher %d:",i);
for(k=0;k<16;k++)printf("%x ",d[i][k]);printf("\n");
}
*/
//==========DECRYPT===========
for(i=0;i<16;i++)
for(j=0;j<16;j++)
message[i*16+j]=d[i][j];
return 1;
}
static gboolean
gst_hls_demux_decrypt_start (GstHLSDemux * demux, const guint8 * key_data,
const guint8 * iv_data)
{
aes_set_decrypt_key (&demux->aes_ctx.ctx, 16, key_data);
CBC_SET_IV (&demux->aes_ctx, iv_data);
return TRUE;
}
term_t cbif_aes_cbc_crypt4(proc_t *proc, term_t *regs)
{
term_t Key = regs[0];
term_t IVec = regs[1];
term_t Data = regs[2];
term_t Dir = regs[3];
if (!is_list(Key) && !is_boxed_binary(Key))
badarg(Key);
if (!is_boxed_binary(IVec))
badarg(IVec);
if (!is_list(Data) && !is_boxed_binary(Data))
badarg(Data);
if (!is_bool(Dir))
badarg(Dir);
int key_size = iolist_size(Key);
if (key_size < AES_MIN_KEY_SIZE || key_size > AES_MAX_KEY_SIZE)
badarg(Key);
uint8_t key_buf[key_size];
iolist_flatten(Key, key_buf);
bits_t src, dst;
bits_get_real(peel_boxed(IVec), &src);
if (src.ends -src.starts != AES_BLOCK_SIZE *8)
badarg(IVec);
uint8_t ivec_buf[AES_BLOCK_SIZE];
bits_init_buf(ivec_buf, AES_BLOCK_SIZE, &dst);
bits_copy(&src, &dst);
int data_size = iolist_size(Data);
if (data_size < 0)
badarg(Data);
assert(data_size <= 65536); //TODO: use heap_tmp_buf for larger Data
uint8_t data_buf[data_size];
iolist_flatten(Data, data_buf);
struct CBC_CTX(struct aes_ctx, AES_BLOCK_SIZE) ctx;
if (Dir == A_TRUE)
aes_set_encrypt_key((struct aes_ctx *)&ctx, key_size, key_buf);
else
aes_set_decrypt_key((struct aes_ctx *)&ctx, key_size, key_buf);
CBC_SET_IV(&ctx, ivec_buf);
uint8_t *ptr;
term_t cipher_text = heap_make_bin(&proc->hp, data_size, &ptr);
if (Dir == A_TRUE)
CBC_ENCRYPT(&ctx, aes_encrypt, data_size, ptr, data_buf);
else
CBC_DECRYPT(&ctx, aes_decrypt, data_size, ptr, data_buf);
return cipher_text;
}
static void
test_cbc_bulk(void)
{
struct knuth_lfib_ctx random;
uint8_t clear[CBC_BULK_DATA];
uint8_t cipher[CBC_BULK_DATA + 1];
const uint8_t *key = H("966c7bf00bebe6dc 8abd37912384958a"
"743008105a08657d dcaad4128eee38b3");
const uint8_t *start_iv = H("11adbff119749103 207619cfa0e8d13a");
const uint8_t *end_iv = H("c7a42a569b421224 d0c23e52f46f97f5");
struct CBC_CTX(struct aes_ctx, AES_BLOCK_SIZE) aes;
knuth_lfib_init(&random, CBC_BULK_DATA);
knuth_lfib_random(&random, CBC_BULK_DATA, clear);
/* Byte that should not be overwritten */
cipher[CBC_BULK_DATA] = 17;
aes_set_encrypt_key(&aes.ctx, 32, key);
CBC_SET_IV(&aes, start_iv);
CBC_ENCRYPT(&aes, aes_encrypt, CBC_BULK_DATA, cipher, clear);
ASSERT(cipher[CBC_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk encryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT(MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
/* Decrypt, in place */
aes_set_decrypt_key(&aes.ctx, 32, key);
CBC_SET_IV(&aes, start_iv);
CBC_DECRYPT(&aes, aes_decrypt, CBC_BULK_DATA, cipher, cipher);
ASSERT(cipher[CBC_BULK_DATA] == 17);
if (verbose)
{
printf("IV after bulk decryption: ");
print_hex(AES_BLOCK_SIZE, aes.iv);
printf("\n");
}
ASSERT (MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
ASSERT (MEMEQ(CBC_BULK_DATA, clear, cipher));
}
static int
myaes_setkey(void *_ctx, const void *userkey, size_t keysize)
{
struct myaes_ctx *ctx = _ctx;
if (ctx->enc)
aes_set_encrypt_key(&ctx->aes, keysize, userkey);
else
aes_set_decrypt_key(&ctx->aes, keysize, userkey);
return 0;
}
void
rsa_session_set_decrypt_key(struct rsa_session *ctx,
const struct rsa_session_info *key)
{
const uint8_t *aes_key = SESSION_AES_KEY(key);
const uint8_t *iv = SESSION_IV(key);
const uint8_t *hmac_key = SESSION_HMAC_KEY(key);
aes_set_decrypt_key(&ctx->aes.ctx, AES_KEY_SIZE, aes_key);
CBC_SET_IV(&ctx->aes, iv);
hmac_sha1_set_key(&ctx->hmac, SHA1_DIGEST_SIZE, hmac_key);
}
int
padlock_aes_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
{
struct padlock_ctx *ctx = _ctx;
struct padlock_cipher_data *pce;
#ifdef HAVE_LIBNETTLE
struct aes_ctx nc;
#endif
memset (_ctx, 0, sizeof (struct padlock_cipher_data));
pce = ALIGN16 (&ctx->expanded_key);
pce->cword.b.encdec = (ctx->enc == 0);
switch (keysize)
{
case 16:
pce->cword.b.ksize = 0;
pce->cword.b.rounds = 10;
memcpy (pce->ks.rd_key, userkey, 16);
pce->cword.b.keygen = 0;
break;
#ifdef HAVE_LIBNETTLE
case 24:
pce->cword.b.ksize = 1;
pce->cword.b.rounds = 12;
goto common_24_32;
case 32:
pce->cword.b.ksize = 2;
pce->cword.b.rounds = 14;
common_24_32:
/* expand key using nettle */
if (ctx->enc)
aes_set_encrypt_key (&nc, keysize, userkey);
else
aes_set_decrypt_key (&nc, keysize, userkey);
memcpy (pce->ks.rd_key, nc.keys, sizeof (nc.keys));
pce->ks.rounds = nc.nrounds;
pce->cword.b.keygen = 1;
break;
#endif
default:
return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED);
}
padlock_reload_key ();
return 0;
}
int
hcrypt_aes_set_decrypt_key (const uint8_t *key,
unsigned bits,
struct aes_ctx *ctx)
{
size_t key_length = bits / 8;
if (!(key_length == 16 || key_length == 24 || key_length == 32)) {
return -1;
}
aes_set_decrypt_key (ctx, bits / 8, key);
return 0;
}
bool RarVolume::DecryptInit(int keyLength)
{
#ifdef HAVE_OPENSSL
if (!(m_context = EVP_CIPHER_CTX_new())) return false;
if (!EVP_DecryptInit((EVP_CIPHER_CTX*)m_context,
keyLength == 128 ? EVP_aes_128_cbc() : EVP_aes_256_cbc(),
m_decryptKey, m_decryptIV))
return false;
return true;
#elif defined(HAVE_NETTLE)
m_context = new aes_ctx;
aes_set_decrypt_key((aes_ctx*)m_context, keyLength == 128 ? 16 : 32, m_decryptKey);
return true;
#else
return false;
#endif
}
static int
wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize)
{
struct nettle_cipher_ctx *ctx = _ctx;
uint8_t des_key[DES3_KEY_SIZE];
switch (ctx->algo)
{
case GNUTLS_CIPHER_AES_128_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
break;
case GNUTLS_CIPHER_AES_128_CBC:
case GNUTLS_CIPHER_AES_192_CBC:
case GNUTLS_CIPHER_AES_256_CBC:
if (ctx->enc)
aes_set_encrypt_key (ctx->ctx_ptr, keysize, key);
else
aes_set_decrypt_key (ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
case GNUTLS_CIPHER_CAMELLIA_192_CBC:
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
if (ctx->enc)
camellia_set_encrypt_key (ctx->ctx_ptr, keysize, key);
else
camellia_set_decrypt_key (ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_3DES_CBC:
if (keysize != DES3_KEY_SIZE)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity (keysize, des_key, key);
/* this fails on weak keys */
if (des3_set_key (ctx->ctx_ptr, des_key) != 1)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
break;
case GNUTLS_CIPHER_DES_CBC:
if (keysize != DES_KEY_SIZE)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity (keysize, des_key, key);
if (des_set_key (ctx->ctx_ptr, des_key) != 1)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
break;
case GNUTLS_CIPHER_ARCFOUR_128:
case GNUTLS_CIPHER_ARCFOUR_40:
arcfour_set_key (ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_RC2_40_CBC:
arctwo_set_key (ctx->ctx_ptr, keysize, key);
break;
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
}
static int
wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
{
struct nettle_cipher_ctx *ctx = _ctx;
uint8_t des_key[DES3_KEY_SIZE];
switch (ctx->algo) {
case GNUTLS_CIPHER_AES_128_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
break;
case GNUTLS_CIPHER_AES_128_CBC:
case GNUTLS_CIPHER_AES_192_CBC:
case GNUTLS_CIPHER_AES_256_CBC:
if (ctx->enc)
aes_set_encrypt_key(ctx->ctx_ptr, keysize, key);
else
aes_set_decrypt_key(ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
case GNUTLS_CIPHER_CAMELLIA_192_CBC:
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
if (ctx->enc)
camellia_set_encrypt_key(ctx->ctx_ptr, keysize,
key);
else
camellia_set_decrypt_key(ctx->ctx_ptr, keysize,
key);
break;
case GNUTLS_CIPHER_3DES_CBC:
if (keysize != DES3_KEY_SIZE) {
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity(keysize, des_key, key);
if (des3_set_key(ctx->ctx_ptr, des_key) != 1) {
gnutls_assert();
}
zeroize_temp_key(des_key, sizeof(des_key));
break;
case GNUTLS_CIPHER_CAMELLIA_128_GCM:
case GNUTLS_CIPHER_CAMELLIA_256_GCM:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
_gcm_camellia_set_key(&ctx->ctx.camellia_gcm, keysize,
key);
break;
case GNUTLS_CIPHER_DES_CBC:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
if (keysize != DES_KEY_SIZE) {
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity(keysize, des_key, key);
if (des_set_key(ctx->ctx_ptr, des_key) != 1) {
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
zeroize_temp_key(des_key, sizeof(des_key));
break;
case GNUTLS_CIPHER_ARCFOUR_128:
case GNUTLS_CIPHER_ARCFOUR_40:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
arcfour_set_key(ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_SALSA20_256:
case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
salsa20_set_key(ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_RC2_40_CBC:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
arctwo_set_key(ctx->ctx_ptr, keysize, key);
break;
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
}
QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
QCryptoCipherMode mode,
const uint8_t *key, size_t nkey,
Error **errp)
{
QCryptoCipher *cipher;
QCryptoCipherNettle *ctx;
uint8_t *rfbkey;
switch (mode) {
case QCRYPTO_CIPHER_MODE_ECB:
case QCRYPTO_CIPHER_MODE_CBC:
break;
default:
error_setg(errp, "Unsupported cipher mode %d", mode);
return NULL;
}
if (!qcrypto_cipher_validate_key_length(alg, nkey, errp)) {
return NULL;
}
cipher = g_new0(QCryptoCipher, 1);
cipher->alg = alg;
cipher->mode = mode;
ctx = g_new0(QCryptoCipherNettle, 1);
switch (alg) {
case QCRYPTO_CIPHER_ALG_DES_RFB:
ctx->ctx_encrypt = g_new0(struct des_ctx, 1);
ctx->ctx_decrypt = NULL; /* 1 ctx can do both */
rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey);
des_set_key(ctx->ctx_encrypt, rfbkey);
g_free(rfbkey);
ctx->alg_encrypt = des_encrypt_wrapper;
ctx->alg_decrypt = des_decrypt_wrapper;
ctx->blocksize = DES_BLOCK_SIZE;
break;
case QCRYPTO_CIPHER_ALG_AES_128:
case QCRYPTO_CIPHER_ALG_AES_192:
case QCRYPTO_CIPHER_ALG_AES_256:
ctx->ctx_encrypt = g_new0(struct aes_ctx, 1);
ctx->ctx_decrypt = g_new0(struct aes_ctx, 1);
aes_set_encrypt_key(ctx->ctx_encrypt, nkey, key);
aes_set_decrypt_key(ctx->ctx_decrypt, nkey, key);
ctx->alg_encrypt = aes_encrypt_wrapper;
ctx->alg_decrypt = aes_decrypt_wrapper;
ctx->blocksize = AES_BLOCK_SIZE;
break;
default:
error_setg(errp, "Unsupported cipher algorithm %d", alg);
goto error;
}
ctx->iv = g_new0(uint8_t, ctx->blocksize);
cipher->opaque = ctx;
return cipher;
error:
g_free(cipher);
g_free(ctx);
return NULL;
}
