int AES128_Decrypt2048(unsigned char* message,const unsigned char* MAC,const unsigned char* cipher,const unsigned char*sharekey,const unsigned char*IV){ size8_t i,j; size32_t k; //==================SHA256======================== //unsigned int BUFLEN = 16384; unsigned char buf[256]={0}; for(k=0;k<256;k++)buf[k]=cipher[k]; sha256(buf,256); int flag=0; for(i=0;i<16;i++){ if(MAC[i]!=buf[i]){ flag=1; break; } } if(flag==1)return 0; //==========DECRYPT=========== unsigned char d[16][16]; unsigned char c[16][16]; for(i=0;i<16;i++) for(j=0;j<16;j++) c[i][j]=cipher[i*16+j]; /*for(i=0;i<16;i++){ printf("rec_cipher %d:",i); for(k=0;k<16;k++) printf("%x ",c[i][k]);printf("\n"); }*/ aes_key key; aes_set_decrypt_key(&key, sharekey, 128); const unsigned char *XOR_data; for(i=0;i<16;i++){ XOR_data=(i==15)?IV:c[15-i-1]; aes_decrypt(&key, c[15-i] , d[15-i]); for(j=0;j<16;j++){ d[15-i][j]=XOR_data[j]^d[15-i][j]; } } /* for(i=0;i<16;i++){ printf("dec_cipher %d:",i); for(k=0;k<16;k++)printf("%x ",d[i][k]);printf("\n"); } */ //==========DECRYPT=========== for(i=0;i<16;i++) for(j=0;j<16;j++) message[i*16+j]=d[i][j]; return 1; }
static gboolean gst_hls_demux_decrypt_start (GstHLSDemux * demux, const guint8 * key_data, const guint8 * iv_data) { aes_set_decrypt_key (&demux->aes_ctx.ctx, 16, key_data); CBC_SET_IV (&demux->aes_ctx, iv_data); return TRUE; }
term_t cbif_aes_cbc_crypt4(proc_t *proc, term_t *regs) { term_t Key = regs[0]; term_t IVec = regs[1]; term_t Data = regs[2]; term_t Dir = regs[3]; if (!is_list(Key) && !is_boxed_binary(Key)) badarg(Key); if (!is_boxed_binary(IVec)) badarg(IVec); if (!is_list(Data) && !is_boxed_binary(Data)) badarg(Data); if (!is_bool(Dir)) badarg(Dir); int key_size = iolist_size(Key); if (key_size < AES_MIN_KEY_SIZE || key_size > AES_MAX_KEY_SIZE) badarg(Key); uint8_t key_buf[key_size]; iolist_flatten(Key, key_buf); bits_t src, dst; bits_get_real(peel_boxed(IVec), &src); if (src.ends -src.starts != AES_BLOCK_SIZE *8) badarg(IVec); uint8_t ivec_buf[AES_BLOCK_SIZE]; bits_init_buf(ivec_buf, AES_BLOCK_SIZE, &dst); bits_copy(&src, &dst); int data_size = iolist_size(Data); if (data_size < 0) badarg(Data); assert(data_size <= 65536); //TODO: use heap_tmp_buf for larger Data uint8_t data_buf[data_size]; iolist_flatten(Data, data_buf); struct CBC_CTX(struct aes_ctx, AES_BLOCK_SIZE) ctx; if (Dir == A_TRUE) aes_set_encrypt_key((struct aes_ctx *)&ctx, key_size, key_buf); else aes_set_decrypt_key((struct aes_ctx *)&ctx, key_size, key_buf); CBC_SET_IV(&ctx, ivec_buf); uint8_t *ptr; term_t cipher_text = heap_make_bin(&proc->hp, data_size, &ptr); if (Dir == A_TRUE) CBC_ENCRYPT(&ctx, aes_encrypt, data_size, ptr, data_buf); else CBC_DECRYPT(&ctx, aes_decrypt, data_size, ptr, data_buf); return cipher_text; }
static void test_cbc_bulk(void) { struct knuth_lfib_ctx random; uint8_t clear[CBC_BULK_DATA]; uint8_t cipher[CBC_BULK_DATA + 1]; const uint8_t *key = H("966c7bf00bebe6dc 8abd37912384958a" "743008105a08657d dcaad4128eee38b3"); const uint8_t *start_iv = H("11adbff119749103 207619cfa0e8d13a"); const uint8_t *end_iv = H("c7a42a569b421224 d0c23e52f46f97f5"); struct CBC_CTX(struct aes_ctx, AES_BLOCK_SIZE) aes; knuth_lfib_init(&random, CBC_BULK_DATA); knuth_lfib_random(&random, CBC_BULK_DATA, clear); /* Byte that should not be overwritten */ cipher[CBC_BULK_DATA] = 17; aes_set_encrypt_key(&aes.ctx, 32, key); CBC_SET_IV(&aes, start_iv); CBC_ENCRYPT(&aes, aes_encrypt, CBC_BULK_DATA, cipher, clear); ASSERT(cipher[CBC_BULK_DATA] == 17); if (verbose) { printf("IV after bulk encryption: "); print_hex(AES_BLOCK_SIZE, aes.iv); printf("\n"); } ASSERT(MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv)); /* Decrypt, in place */ aes_set_decrypt_key(&aes.ctx, 32, key); CBC_SET_IV(&aes, start_iv); CBC_DECRYPT(&aes, aes_decrypt, CBC_BULK_DATA, cipher, cipher); ASSERT(cipher[CBC_BULK_DATA] == 17); if (verbose) { printf("IV after bulk decryption: "); print_hex(AES_BLOCK_SIZE, aes.iv); printf("\n"); } ASSERT (MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv)); ASSERT (MEMEQ(CBC_BULK_DATA, clear, cipher)); }
static int myaes_setkey(void *_ctx, const void *userkey, size_t keysize) { struct myaes_ctx *ctx = _ctx; if (ctx->enc) aes_set_encrypt_key(&ctx->aes, keysize, userkey); else aes_set_decrypt_key(&ctx->aes, keysize, userkey); return 0; }
void rsa_session_set_decrypt_key(struct rsa_session *ctx, const struct rsa_session_info *key) { const uint8_t *aes_key = SESSION_AES_KEY(key); const uint8_t *iv = SESSION_IV(key); const uint8_t *hmac_key = SESSION_HMAC_KEY(key); aes_set_decrypt_key(&ctx->aes.ctx, AES_KEY_SIZE, aes_key); CBC_SET_IV(&ctx->aes, iv); hmac_sha1_set_key(&ctx->hmac, SHA1_DIGEST_SIZE, hmac_key); }
int padlock_aes_cipher_setkey (void *_ctx, const void *userkey, size_t keysize) { struct padlock_ctx *ctx = _ctx; struct padlock_cipher_data *pce; #ifdef HAVE_LIBNETTLE struct aes_ctx nc; #endif memset (_ctx, 0, sizeof (struct padlock_cipher_data)); pce = ALIGN16 (&ctx->expanded_key); pce->cword.b.encdec = (ctx->enc == 0); switch (keysize) { case 16: pce->cword.b.ksize = 0; pce->cword.b.rounds = 10; memcpy (pce->ks.rd_key, userkey, 16); pce->cword.b.keygen = 0; break; #ifdef HAVE_LIBNETTLE case 24: pce->cword.b.ksize = 1; pce->cword.b.rounds = 12; goto common_24_32; case 32: pce->cword.b.ksize = 2; pce->cword.b.rounds = 14; common_24_32: /* expand key using nettle */ if (ctx->enc) aes_set_encrypt_key (&nc, keysize, userkey); else aes_set_decrypt_key (&nc, keysize, userkey); memcpy (pce->ks.rd_key, nc.keys, sizeof (nc.keys)); pce->ks.rounds = nc.nrounds; pce->cword.b.keygen = 1; break; #endif default: return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED); } padlock_reload_key (); return 0; }
int hcrypt_aes_set_decrypt_key (const uint8_t *key, unsigned bits, struct aes_ctx *ctx) { size_t key_length = bits / 8; if (!(key_length == 16 || key_length == 24 || key_length == 32)) { return -1; } aes_set_decrypt_key (ctx, bits / 8, key); return 0; }
bool RarVolume::DecryptInit(int keyLength) { #ifdef HAVE_OPENSSL if (!(m_context = EVP_CIPHER_CTX_new())) return false; if (!EVP_DecryptInit((EVP_CIPHER_CTX*)m_context, keyLength == 128 ? EVP_aes_128_cbc() : EVP_aes_256_cbc(), m_decryptKey, m_decryptIV)) return false; return true; #elif defined(HAVE_NETTLE) m_context = new aes_ctx; aes_set_decrypt_key((aes_ctx*)m_context, keyLength == 128 ? 16 : 32, m_decryptKey); return true; #else return false; #endif }
static int wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize) { struct nettle_cipher_ctx *ctx = _ctx; uint8_t des_key[DES3_KEY_SIZE]; switch (ctx->algo) { case GNUTLS_CIPHER_AES_128_GCM: case GNUTLS_CIPHER_AES_256_GCM: gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key); break; case GNUTLS_CIPHER_AES_128_CBC: case GNUTLS_CIPHER_AES_192_CBC: case GNUTLS_CIPHER_AES_256_CBC: if (ctx->enc) aes_set_encrypt_key (ctx->ctx_ptr, keysize, key); else aes_set_decrypt_key (ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_CAMELLIA_128_CBC: case GNUTLS_CIPHER_CAMELLIA_192_CBC: case GNUTLS_CIPHER_CAMELLIA_256_CBC: if (ctx->enc) camellia_set_encrypt_key (ctx->ctx_ptr, keysize, key); else camellia_set_decrypt_key (ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_3DES_CBC: if (keysize != DES3_KEY_SIZE) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } des_fix_parity (keysize, des_key, key); /* this fails on weak keys */ if (des3_set_key (ctx->ctx_ptr, des_key) != 1) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } break; case GNUTLS_CIPHER_DES_CBC: if (keysize != DES_KEY_SIZE) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } des_fix_parity (keysize, des_key, key); if (des_set_key (ctx->ctx_ptr, des_key) != 1) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } break; case GNUTLS_CIPHER_ARCFOUR_128: case GNUTLS_CIPHER_ARCFOUR_40: arcfour_set_key (ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_RC2_40_CBC: arctwo_set_key (ctx->ctx_ptr, keysize, key); break; default: gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } return 0; }
static int wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize) { struct nettle_cipher_ctx *ctx = _ctx; uint8_t des_key[DES3_KEY_SIZE]; switch (ctx->algo) { case GNUTLS_CIPHER_AES_128_GCM: case GNUTLS_CIPHER_AES_256_GCM: gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key); break; case GNUTLS_CIPHER_AES_128_CBC: case GNUTLS_CIPHER_AES_192_CBC: case GNUTLS_CIPHER_AES_256_CBC: if (ctx->enc) aes_set_encrypt_key(ctx->ctx_ptr, keysize, key); else aes_set_decrypt_key(ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_CAMELLIA_128_CBC: case GNUTLS_CIPHER_CAMELLIA_192_CBC: case GNUTLS_CIPHER_CAMELLIA_256_CBC: if (ctx->enc) camellia_set_encrypt_key(ctx->ctx_ptr, keysize, key); else camellia_set_decrypt_key(ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_3DES_CBC: if (keysize != DES3_KEY_SIZE) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } des_fix_parity(keysize, des_key, key); if (des3_set_key(ctx->ctx_ptr, des_key) != 1) { gnutls_assert(); } zeroize_temp_key(des_key, sizeof(des_key)); break; case GNUTLS_CIPHER_CAMELLIA_128_GCM: case GNUTLS_CIPHER_CAMELLIA_256_GCM: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); _gcm_camellia_set_key(&ctx->ctx.camellia_gcm, keysize, key); break; case GNUTLS_CIPHER_DES_CBC: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (keysize != DES_KEY_SIZE) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } des_fix_parity(keysize, des_key, key); if (des_set_key(ctx->ctx_ptr, des_key) != 1) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } zeroize_temp_key(des_key, sizeof(des_key)); break; case GNUTLS_CIPHER_ARCFOUR_128: case GNUTLS_CIPHER_ARCFOUR_40: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); arcfour_set_key(ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_SALSA20_256: case GNUTLS_CIPHER_ESTREAM_SALSA20_256: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); salsa20_set_key(ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_RC2_40_CBC: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); arctwo_set_key(ctx->ctx_ptr, keysize, key); break; default: gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } return 0; }
QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, QCryptoCipherMode mode, const uint8_t *key, size_t nkey, Error **errp) { QCryptoCipher *cipher; QCryptoCipherNettle *ctx; uint8_t *rfbkey; switch (mode) { case QCRYPTO_CIPHER_MODE_ECB: case QCRYPTO_CIPHER_MODE_CBC: break; default: error_setg(errp, "Unsupported cipher mode %d", mode); return NULL; } if (!qcrypto_cipher_validate_key_length(alg, nkey, errp)) { return NULL; } cipher = g_new0(QCryptoCipher, 1); cipher->alg = alg; cipher->mode = mode; ctx = g_new0(QCryptoCipherNettle, 1); switch (alg) { case QCRYPTO_CIPHER_ALG_DES_RFB: ctx->ctx_encrypt = g_new0(struct des_ctx, 1); ctx->ctx_decrypt = NULL; /* 1 ctx can do both */ rfbkey = qcrypto_cipher_munge_des_rfb_key(key, nkey); des_set_key(ctx->ctx_encrypt, rfbkey); g_free(rfbkey); ctx->alg_encrypt = des_encrypt_wrapper; ctx->alg_decrypt = des_decrypt_wrapper; ctx->blocksize = DES_BLOCK_SIZE; break; case QCRYPTO_CIPHER_ALG_AES_128: case QCRYPTO_CIPHER_ALG_AES_192: case QCRYPTO_CIPHER_ALG_AES_256: ctx->ctx_encrypt = g_new0(struct aes_ctx, 1); ctx->ctx_decrypt = g_new0(struct aes_ctx, 1); aes_set_encrypt_key(ctx->ctx_encrypt, nkey, key); aes_set_decrypt_key(ctx->ctx_decrypt, nkey, key); ctx->alg_encrypt = aes_encrypt_wrapper; ctx->alg_decrypt = aes_decrypt_wrapper; ctx->blocksize = AES_BLOCK_SIZE; break; default: error_setg(errp, "Unsupported cipher algorithm %d", alg); goto error; } ctx->iv = g_new0(uint8_t, ctx->blocksize); cipher->opaque = ctx; return cipher; error: g_free(cipher); g_free(ctx); return NULL; }