void ltc_init(void) { int cipherID; unsigned char key[ENCRYPTION_KEY_LENGTH]; #if defined(ENCRYPTION_CTR) || defined(ENCRYPTION_CBC) unsigned char IV[ENCRYPTION_BLOCK_LENGTH]; #endif TRACE_DEBUG("LTC: Initializing ...\n\r"); // Register cipher register_cipher(&CIPHER_DESC); cipherID = find_cipher(CIPHER_NAME); // Load key ASCII2Hex(ENCRYPTION_KEY, key, ENCRYPTION_KEY_LENGTH); #if defined(ENCRYPTION_CTR) || defined(ENCRYPTION_CBC) // Load IV ASCII2Hex(ENCRYPTION_IV, IV, ENCRYPTION_BLOCK_LENGTH); #endif // Start decryption mode #if defined(ENCRYPTION_ECB) ecb_start(cipherID, key, ENCRYPTION_KEY_LENGTH, 0, &sECB); #elif defined(ENCRYPTION_CBC) cbc_start(cipherID, IV, key, ENCRYPTION_KEY_LENGTH, 0, &sCBC); #elif defined(ENCRYPTION_CTR) ctr_start(cipherID, IV, key, ENCRYPTION_KEY_LENGTH, 0, CTR_COUNTER_BIG_ENDIAN, &sCTR); #endif TRACE_DEBUG("LTC: Initialization done.\n\r"); }
int main(int argc, char *argv[]){ /* Similar situation as before, only the test vector is more complex.*/ unsigned char key[32]; bzero(key, 32); unsigned char initcount[16]; bzero(initcount,16); initcount[15]=1; //For test usage unsigned char input[32]; bzero(input, 32); unsigned char output[32]; //counter mode: assume xor works bzero(output, 32); aes256ctr(output, input, 32, key, initcount); for(int i=0; i<32; i++) printf("%02x ", output[i]); printf("\n"); symmetric_CTR ctr; bzero(output, 32); register_cipher(&aes_desc); ctr_start(find_cipher("aes"), initcount, key, 32, 0, CTR_COUNTER_BIG_ENDIAN, &ctr); ctr_encrypt(input, output, 32, &ctr); ctr_done(&ctr); for(int i=0; i<32; i++) printf("%02x ", output[i]); printf("\n"); exit(0); }
/** Make the PRNG ready to read from @param prng The PRNG to make active @return CRYPT_OK if successful */ int yarrow_ready(prng_state *prng) { int ks, err; LTC_ARGCHK(prng != NULL); if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) { return err; } if ((err = cipher_is_valid(prng->yarrow.cipher)) != CRYPT_OK) { return err; } /* setup CTR mode using the "pool" as the key */ ks = (int)hash_descriptor[prng->yarrow.hash].hashsize; if ((err = cipher_descriptor[prng->yarrow.cipher].keysize(&ks)) != CRYPT_OK) { return err; } if ((err = ctr_start(prng->yarrow.cipher, /* what cipher to use */ prng->yarrow.pool, /* IV */ prng->yarrow.pool, ks, /* KEY and key size */ 0, /* number of rounds */ CTR_COUNTER_LITTLE_ENDIAN, /* little endian counter */ &prng->yarrow.ctr)) != CRYPT_OK) { return err; } return CRYPT_OK; }
int ctr_test(void) { #ifdef LTC_NO_TEST return CRYPT_NOP; #else static const struct { int keylen, msglen; unsigned char key[32], IV[16], pt[64], ct[64]; } tests[] = { /* 128-bit key, 16-byte pt */ { 16, 16, {0xAE,0x68,0x52,0xF8,0x12,0x10,0x67,0xCC,0x4B,0xF7,0xA5,0x76,0x55,0x77,0xF3,0x9E }, {0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, {0x53,0x69,0x6E,0x67,0x6C,0x65,0x20,0x62,0x6C,0x6F,0x63,0x6B,0x20,0x6D,0x73,0x67 }, {0xE4,0x09,0x5D,0x4F,0xB7,0xA7,0xB3,0x79,0x2D,0x61,0x75,0xA3,0x26,0x13,0x11,0xB8 }, }, /* 128-bit key, 36-byte pt */ { 16, 36, {0x76,0x91,0xBE,0x03,0x5E,0x50,0x20,0xA8,0xAC,0x6E,0x61,0x85,0x29,0xF9,0xA0,0xDC }, {0x00,0xE0,0x01,0x7B,0x27,0x77,0x7F,0x3F,0x4A,0x17,0x86,0xF0,0x00,0x00,0x00,0x00 }, { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F, 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F, 0x20,0x21,0x22,0x23 }, { 0xC1,0xCF,0x48,0xA8,0x9F,0x2F,0xFD,0xD9,0xCF,0x46,0x52,0xE9,0xEF,0xDB,0x72,0xD7, 0x45,0x40,0xA4,0x2B,0xDE,0x6D,0x78,0x36,0xD5,0x9A,0x5C,0xEA,0xAE,0xF3,0x10,0x53, 0x25,0xB2,0x07,0x2F }, }, }; int idx, err, x; unsigned char buf[64]; symmetric_CTR ctr; /* AES can be under rijndael or aes... try to find it */ if ((idx = find_cipher("aes")) == -1) { if ((idx = find_cipher("rijndael")) == -1) { return CRYPT_NOP; } } for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { if ((err = ctr_start(idx, tests[x].IV, tests[x].key, tests[x].keylen, 0, CTR_COUNTER_BIG_ENDIAN|LTC_CTR_RFC3686, &ctr)) != CRYPT_OK) { return err; } if ((err = ctr_encrypt(tests[x].pt, buf, tests[x].msglen, &ctr)) != CRYPT_OK) { return err; } ctr_done(&ctr); if (XMEMCMP(buf, tests[x].ct, tests[x].msglen)) { return CRYPT_FAIL_TESTVECTOR; } } return CRYPT_OK; #endif }
void Encrypt(PK0304* le, AE_EXTRA* ae, char* password) { char *salt, *key1, *key2, *check, digest[40]; u32 key_len = KeySize*2 + 2; u32 dig_len = 40; salt = BUF; key1 = salt+SaltSize; key2 = key1+KeySize; check = key2+KeySize; /* Gets a random salt (8-16 byte) */ sprng_read(salt, SaltSize, 0); /* Generates 2 keys for AES and HMAC, plus 2-byte password verification value */ if (pkcs_5_alg2(password, strlen(password), salt, SaltSize, 1000, 0, key1, &key_len) != CRYPT_OK) Z_ERROR("Failed to derive encryption keys"); // dump("salt", salt, SaltSize); // dump("key", key1, KeySize); if (ctr_start(0, IV, key1, KeySize, 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) != CRYPT_OK) Z_ERROR("Failed to setup AES CTR encoder"); #ifdef GLADMAN_HMAC hmac_sha1_begin(&hmac); hmac_sha1_key(key2, KeySize, &hmac); #else if (hmac_init(&hmac, 0, key2, KeySize) != CRYPT_OK) Z_ERROR("Failed to setup HMAC-SHA1"); #endif if (AE2) le->Crc32 = 0; le->Flag |= 1; le->CompMethod = 99; le->ExtraLen += 11; le->CompSize += SaltSize + 12; /* variable salt, fixed password check and hmac */ safeWrite(ZOUT, le, sizeof(PK0304)); fileCopy(ZOUT, ZIN, le->NameLen+le->ExtraLen-11); safeWrite(ZOUT, ae, 11); safeWrite(ZOUT, salt, SaltSize); safeWrite(ZOUT, check, 2); /* encrypt contents */ fileFilter(ZOUT, ZIN, le->CompSize-SaltSize-12); #ifdef GLADMAN_HMAC hmac_sha1_end(digest, dig_len, &hmac); #else if (hmac_done(&hmac, digest, &dig_len) != CRYPT_OK) Z_ERROR("Failed to computate HMAC"); #endif safeWrite(ZOUT, digest, 10); ctr_done(&ctr); }
int symmetricEncrypt(unsigned char *key, unsigned long keylen, unsigned char *in, unsigned long len, unsigned char *IV, unsigned long ivlen) { symmetric_CTR ctr; int err; /* register aes first */ if ((err = register_cipher(&rijndael_desc)) == -1) { return ERROR_REG_AES; } /* start up CTR mode */ if ((err = ctr_start( find_cipher("rijndael"), /* index of desired cipher */ IV, /* the initial vecoter */ key, /* the secret key */ keylen, /* length of secret key */ 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) ) != CRYPT_OK) { //printf("%s\n", error_to_string(err)); return err; } /* printf("from libcrypt: \n"); for(i = 0; i < 30; i++) printf("%02x ", in[i]); printf("\n"); fflush(stdout); */ if ((err = ctr_encrypt( in, /* plaintext */ in, /* ciphertext */ len, /* length of plaintext */ &ctr) /* CTR state */ ) != CRYPT_OK) { return err; } if ((err = ctr_done(&ctr)) != CRYPT_OK) { return err; } return CRYPT_OK; }
int symmetricDecrypt(unsigned char *key, unsigned long keylen, unsigned char *in, unsigned long len, unsigned char *IV, unsigned long ivlen) { symmetric_CTR ctr; int err; /* register aes first */ if (register_cipher(&rijndael_desc) == -1) { return ERROR_REG_AES; } /* start up CTR mode */ if ((err = ctr_start( find_cipher("rijndael"), /* index of desired cipher */ IV, /* the initial vecoter */ key, /* the secret key */ keylen, /* length of secret key */ 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) ) != CRYPT_OK) { return err; } // if ((err = ctr_setiv( IV, /* the initial IV we gave to ctr_start */ // 16, /* the IV is 16 bytes long */ // &ctr) /* the ctr state we wish to modify */ // ) != CRYPT_OK) { // printf("ctr_setiv error: %s\n", error_to_string(err)); // return -1; // } if ((err = ctr_decrypt( in, /* plaintext */ in, /* ciphertext */ len, /* length of plaintext */ &ctr) /* CTR state */ ) != CRYPT_OK) { return err; } if ((err = ctr_done(&ctr)) != CRYPT_OK) { return err; } return CRYPT_OK; }
void DB_AuthLoad_InitCrypto() { if (ffVersion < 319) { return; } register_hash(&sha256_desc); register_cipher(&aes_desc); unsigned char encKey[256]; DB_ReadXFileRawData(encKey, 256); ZoneKey key; DB_AuthLoad_DecryptKey(encKey, &key); int aes = find_cipher("aes"); ctr_start(aes, key.iv, key.key, sizeof(key.key), 0, 0, &ffCTR); memcpy(ffIV, key.iv, sizeof(ffIV)); }
void ltc_init_3DES_CTR(void) { int cipherID; unsigned char key[ENCRYPTION_KEY_LENGTH]; unsigned char IV[ENCRYPTION_BLOCK_LENGTH]; TRACE_DEBUG("LTC: Initializing CTR...\n\r"); // Register cipher register_cipher(&des3_desc); cipherID = find_cipher("3des"); // Load key ASCII2Hex(ENCRYPTION_KEY, key, ENCRYPTION_KEY_LENGTH); // Load IV ASCII2Hex(ENCRYPTION_IV, IV, ENCRYPTION_BLOCK_LENGTH); // Start decryption mode ctr_start(cipherID, IV, key, ENCRYPTION_KEY_LENGTH, 0, CTR_COUNTER_BIG_ENDIAN, &sCTR); TRACE_DEBUG("LTC: Initialization done.\n\r"); }
static int EncryptCTR( int cipher, int rounds, int counterMode, unsigned char *iv, unsigned char *key, unsigned long keyLength, unsigned char *data, unsigned long dataLength, unsigned char *dest ) { int status; symmetric_CTR state; status = ctr_start(cipher, iv, key, keyLength, rounds, counterMode, &state); if (status == CRYPT_OK) { status = ctr_encrypt(data, dest, dataLength, &state); ctr_done(&state); } return status; }
int modes_test(void) { unsigned char pt[64], ct[64], tmp[64], key[16], iv[16], iv2[16]; int x, cipher_idx; symmetric_CBC cbc; symmetric_CFB cfb; symmetric_OFB ofb; symmetric_CTR ctr; unsigned long l; /* make a random pt, key and iv */ yarrow_read(pt, 64, &test_yarrow); yarrow_read(key, 16, &test_yarrow); yarrow_read(iv, 16, &test_yarrow); /* get idx of AES handy */ cipher_idx = find_cipher("aes"); if (cipher_idx == -1) { printf("test requires AES"); return 1; } /* test CBC mode */ /* encode the block */ DO(cbc_start(cipher_idx, iv, key, 16, 0, &cbc)); l = sizeof(iv2); DO(cbc_getiv(iv2, &l, &cbc)); if (l != 16 || memcmp(iv2, iv, 16)) { printf("cbc_getiv failed"); return 1; } for (x = 0; x < 4; x++) { DO(cbc_encrypt(pt+x*16, ct+x*16, &cbc)); } /* decode the block */ DO(cbc_setiv(iv2, l, &cbc)); zeromem(tmp, sizeof(tmp)); for (x = 0; x < 4; x++) { DO(cbc_decrypt(ct+x*16, tmp+x*16, &cbc)); } if (memcmp(tmp, pt, 64) != 0) { printf("CBC failed"); return 1; } /* test CFB mode */ /* encode the block */ DO(cfb_start(cipher_idx, iv, key, 16, 0, &cfb)); l = sizeof(iv2); DO(cfb_getiv(iv2, &l, &cfb)); /* note we don't memcmp iv2/iv since cfb_start processes the IV for the first block */ if (l != 16) { printf("cfb_getiv failed"); return 1; } DO(cfb_encrypt(pt, ct, 64, &cfb)); /* decode the block */ DO(cfb_setiv(iv, l, &cfb)); zeromem(tmp, sizeof(tmp)); DO(cfb_decrypt(ct, tmp, 64, &cfb)); if (memcmp(tmp, pt, 64) != 0) { printf("CFB failed"); return 1; } /* test OFB mode */ /* encode the block */ DO(ofb_start(cipher_idx, iv, key, 16, 0, &ofb)); l = sizeof(iv2); DO(ofb_getiv(iv2, &l, &ofb)); if (l != 16 || memcmp(iv2, iv, 16)) { printf("ofb_getiv failed"); return 1; } DO(ofb_encrypt(pt, ct, 64, &ofb)); /* decode the block */ DO(ofb_setiv(iv2, l, &ofb)); zeromem(tmp, sizeof(tmp)); DO(ofb_decrypt(ct, tmp, 64, &ofb)); if (memcmp(tmp, pt, 64) != 0) { printf("OFB failed"); return 1; } /* test CTR mode */ /* encode the block */ DO(ctr_start(cipher_idx, iv, key, 16, 0, &ctr)); l = sizeof(iv2); DO(ctr_getiv(iv2, &l, &ctr)); if (l != 16 || memcmp(iv2, iv, 16)) { printf("ctr_getiv failed"); return 1; } DO(ctr_encrypt(pt, ct, 64, &ctr)); /* decode the block */ DO(ctr_setiv(iv2, l, &ctr)); zeromem(tmp, sizeof(tmp)); DO(ctr_decrypt(ct, tmp, 64, &ctr)); if (memcmp(tmp, pt, 64) != 0) { printf("CTR failed"); return 1; } return 0; }
int eax_init( const unsigned char key[], unsigned long key_len, const unsigned char nonce[], unsigned long nonce_len, const unsigned char hdr[], unsigned long header_len, eax_state eax[1] ) { unsigned char *buf; int err = EXIT_FAILURE; omac_state *omac; unsigned long len; if( header_len > 0 && hdr == NULL ) goto exit3; if( ( buf = malloc( AES_BLOCK_SIZE ) ) == NULL ) goto exit3; if( ( omac = malloc( sizeof(*omac) ) ) == NULL ) goto exit2; memset( buf, 0, AES_BLOCK_SIZE ); if( (err = omac_init(key, key_len, omac)) != EXIT_SUCCESS ) goto exit1; if( (err = omac_process(buf, AES_BLOCK_SIZE, omac)) != EXIT_SUCCESS ) goto exit1; if( (err = omac_process(nonce, nonce_len, omac)) != EXIT_SUCCESS ) goto exit1; len = sizeof( eax->nv ); if( (err = omac_done(eax->nv, &len, omac)) != EXIT_SUCCESS ) goto exit1; memset( buf, 0, AES_BLOCK_SIZE ); buf[AES_BLOCK_SIZE - 1] = 1; if( (err = omac_init(key, key_len, eax->hdr_omac)) != EXIT_SUCCESS ) goto exit1; if( (err = omac_process(buf, AES_BLOCK_SIZE, eax->hdr_omac)) != EXIT_SUCCESS ) goto exit1; if( header_len != 0 && ( (err = omac_process(hdr, header_len, eax->hdr_omac) ) != EXIT_SUCCESS ) ) goto exit1; if( (err = ctr_start(eax->nv, key, key_len, 0, CTR_COUNTER_BIG_ENDIAN, eax->ctr) ) != EXIT_SUCCESS ) goto exit1; if( (err = omac_init(key, key_len, eax->ctx_omac)) != EXIT_SUCCESS ) goto exit1; memset( buf, 0, AES_BLOCK_SIZE ); buf[AES_BLOCK_SIZE - 1] = 2; if( (err = omac_process(buf, AES_BLOCK_SIZE, eax->ctx_omac)) != EXIT_SUCCESS ) goto exit1; err = EXIT_SUCCESS; exit1: free( omac ); exit2: free( buf ); exit3: return err; }
/* IF YOU CALL THIS MULTIPLE TIMES WITH THE SAME KEY YOU MUST PROVIDE AN IV POINTER! */ int crypt_data(const unsigned char *data_in, unsigned char *data_out, size_t data_size, const unsigned char *data_mkey, size_t data_mkey_size, unsigned char *data_new_hmac, const unsigned char *data_chk_hmac, size_t data_hmac_size, unsigned char **IV_start, int mode) { if (mode != MODE_ENCRYPT && mode != MODE_DECRYPT) { fprintf(stderr, "crypt_data called with invalid mode %d\n", mode); return -1; } symmetric_CTR ctr; #ifdef _POSIX_MEMLOCK_RANGE if (mlock(&ctr, sizeof(ctr)) != 0) { fprintf(stderr, "WARNING: mlock failed at %s:%d - ", __FILE__, __LINE__); perror(""); } #endif int err; int ret = 0; /* return code */ unsigned char *IV; unsigned long IV_size = 16; int hash_idx = find_hash("sha256"); size_t data_ckey_size, data_hkey_size; data_ckey_size = data_hkey_size = data_mkey_size; unsigned char *subkeys = safe_malloc(data_ckey_size + data_hkey_size); #ifdef _POSIX_MEMLOCK_RANGE if (mlock(subkeys, data_ckey_size + data_hkey_size) != 0) { fprintf(stderr, "WARNING: mlock failed at %s:%d - ", __FILE__, __LINE__); perror(""); } #endif unsigned char *data_ckey = subkeys + 0; unsigned char *data_hkey = subkeys + data_ckey_size; pbkdf2(data_mkey, data_mkey_size, "H", 1, SUBKEY_ITER, hash_idx, data_hkey, &data_hkey_size); pbkdf2(data_mkey, data_mkey_size, "C", 1, SUBKEY_ITER, hash_idx, data_ckey, &data_ckey_size); if (IV_start == NULL || *IV_start == NULL) { IV = safe_malloc(IV_size); /* fprintf(stderr, "Initializing key-based IV\n"); */ /* This is at least as secure as starting with a zeroed IV */ pbkdf2(data_mkey, data_mkey_size, "I", 1, SUBKEY_ITER, hash_idx, IV, &IV_size); } if (IV_start != NULL) { if (*IV_start != NULL) { /* fprintf(stderr, "IV = *IV_start\n"); */ IV = *IV_start; } else { /* fprintf(stderr, "*IV_start = IV\n"); */ *IV_start = IV; } } if (mode == MODE_DECRYPT && data_chk_hmac != NULL) { if ((err = hmac_vrfymem(hash_idx, data_hkey, data_hkey_size, data_in, data_size, data_chk_hmac, (long unsigned int *)&data_hmac_size)) != CRYPT_OK) { crypt_data_return(THRCR_BADMAC); } } /* LTC_CTR_RFC3686 is needed to avoid reusing a counter value. */ if ((err = ctr_start(find_cipher("aes"), IV, data_ckey, data_ckey_size, 0, CTR_COUNTER_BIG_ENDIAN | LTC_CTR_RFC3686, &ctr)) != CRYPT_OK) { fprintf(stderr, "Error initializing cipher: %d\n", err); crypt_data_return(-1); } /* ctr_encrypt is used for both encryption and decryption */ if ((err = ctr_encrypt(data_in, data_out, data_size, &ctr)) != CRYPT_OK) { fprintf(stderr, "ctr_encrypt error: %s\n", error_to_string(err)); ctr_done(&ctr); /* done with cipher, clean up keys */ crypt_data_return(-1); } ctr_done(&ctr); /* done with cipher, clean up keys */ if (mode == MODE_ENCRYPT && data_new_hmac != NULL) { if ((err = hmac_memory(hash_idx, data_hkey, data_hkey_size, data_out, data_size, data_new_hmac, (long unsigned int *)&data_hmac_size)) != CRYPT_OK) { fprintf(stderr, "hmac error: %s\n", error_to_string(err)); crypt_data_return(-1); } } crypt_data_return: /* before actually returning, make sure key material isn't in memory */ MEMWIPE(&ctr, sizeof(ctr)); MEMWIPE(subkeys, data_ckey_size + data_hkey_size); #ifdef _POSIX_MEMLOCK_RANGE munlock(subkeys, data_ckey_size + data_hkey_size); #endif safe_free(subkeys); /* save the IV */ if (IV_start != NULL && *IV_start != NULL) { /* fprintf(stderr, "*IV_start = ctr.ctr\n"); */ ctr_getiv(*IV_start, &IV_size, &ctr); } else { safe_free(IV); } return ret; }
/* a wrapper to make ctr_start and cbc_start look the same */ static int dropbear_big_endian_ctr_start(int cipher, const unsigned char *IV, const unsigned char *key, int keylen, int num_rounds, symmetric_CTR *ctr) { return ctr_start(cipher, IV, key, keylen, num_rounds, CTR_COUNTER_BIG_ENDIAN, ctr); }
unsigned long decode(FILE *fdin, FILE *fdout) { unsigned char plaintext[512],ciphertext[512]; unsigned char tmpkey[512], key[MAXBLOCKSIZE], IV[MAXBLOCKSIZE]; unsigned char inbuf[2048]; /* i/o block size */ unsigned long outlen, y, ivsize, x, wlen; symmetric_CTR ctr; int cipher_idx, hash_idx, ks; char *cipher = "3des"; cipher_idx = find_cipher(cipher); if (cipher_idx == -1) { fprintf(stderr, "Invalid cipher(%s)\n", cipher); exit(-1); } hash_idx = find_hash("sha256"); if (hash_idx == -1) { fprintf(stderr, "SHA256 not found...?\n"); exit(-1); } ivsize = cipher_descriptor[cipher_idx].block_length; ks = hash_descriptor[hash_idx].hashsize; if (cipher_descriptor[cipher_idx].keysize(&ks) != CRYPT_OK) { fprintf(stderr, "Invalid keysize???\n"); exit(-1); } strcpy(tmpkey, EZPUPGKEY) ; outlen = sizeof(key); if ((my_errno = hash_memory(hash_idx,tmpkey,strlen((char *)tmpkey),key,&outlen)) != CRYPT_OK) { fprintf(stderr, "Error hashing key: %s\n", error_to_string(my_errno)); exit(-1); } /* Decrypt only */ /* Need to read in IV */ if (fread(IV,1,ivsize,fdin) != ivsize) { fprintf(stderr, "Error reading IV from input.\n"); exit(-1); } if ((my_errno = ctr_start(cipher_idx,IV,key,ks,0,&ctr)) != CRYPT_OK) { fprintf(stderr, "ctr_start error: %s\n",error_to_string(my_errno)); exit(-1); } wlen = 0 ; /* IV done */ do { y = fread(inbuf,1,sizeof(inbuf),fdin); if ((my_errno = ctr_decrypt(inbuf,plaintext,y,&ctr)) != CRYPT_OK) { fprintf(stderr, "ctr_decrypt error: %s\n", error_to_string(my_errno)); exit(-1); } if (fwrite(plaintext,1,y,fdout) != y) { fprintf(stderr, "Error writing to file.\n"); exit(-1); } wlen += y ; } while (y == sizeof(inbuf)); return wlen; }
int main(){ char plaintext[] = "Hi I am an AES CTR test vector distributed on 4 128-bit blocks!"; unsigned char key[16] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}; unsigned char iv[16] = {0x01, 0xff, 0x83, 0xf2, 0xf9, 0x98, 0xba, 0xa4, 0xda, 0xdc, 0xaa, 0xcc, 0x8e, 0x17, 0xa4, 0x1b}; symmetric_CTR ctr; unsigned char ciphertext[sizeof(plaintext)]; unsigned char deciphertext[sizeof(plaintext)]; int err; if (register_cipher(&aes_desc) == -1) { printf("Error: in %s, unable to register cipher\n", __func__); return 0; } printf("Plaintext: \"%s\"\n", plaintext); printf("IV: "); fprintBuffer_raw(stdout, (char*)iv, sizeof(iv)); printf("\nKey 128: "); fprintBuffer_raw(stdout, (char*)key, sizeof(key)); /* ENCRYPT */ if ((err = ctr_start(find_cipher("aes"), iv, key, sizeof(key), 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr)) != CRYPT_OK){ printf("ERROR: in %s, %s\n", __func__, error_to_string(err)); return 0; } if ((err = ctr_encrypt((unsigned char*)plaintext, ciphertext, sizeof(plaintext), &ctr)) != CRYPT_OK){ printf("ERROR: in %s, %s\n", __func__, error_to_string(err)); return 0; } if ((err = ctr_done(&ctr)) != CRYPT_OK){ printf("ERROR: in %s, %s\n", __func__, error_to_string(err)); return 0; } /* DECRYPT */ if ((err = ctr_start(find_cipher("aes"), iv, key, sizeof(key), 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr)) != CRYPT_OK){ printf("ERROR: in %s, %s\n", __func__, error_to_string(err)); return 0; } if ((err = ctr_decrypt(ciphertext, deciphertext, sizeof(plaintext), &ctr)) != CRYPT_OK){ printf("ERROR: in %s, %s\n", __func__, error_to_string(err)); return 0; } if ((err = ctr_done(&ctr)) != CRYPT_OK){ printf("ERROR: in %s, %s\n", __func__, error_to_string(err)); return 0; } printf("\nCiphertext CTR: "); fprintBuffer_raw(stdout, (char*)ciphertext, sizeof(plaintext)); if (memcmp(deciphertext, plaintext, sizeof(plaintext)) == 0){ printf("\nRecovery: OK\n"); } else{ printf("\nRecovery: FAIL\n"); } return 0; }
int main(int argc, char *argv[]) { unsigned char plaintext[512],ciphertext[512]; unsigned char tmpkey[512], key[MAXBLOCKSIZE], IV[MAXBLOCKSIZE]; unsigned char inbuf[512]; /* i/o block size */ unsigned long outlen, y, ivsize, x, decrypt; symmetric_CTR ctr; int cipher_idx, hash_idx, ks; char *infile, *outfile, *cipher; prng_state prng; FILE *fdin, *fdout; /* register algs, so they can be printed */ register_algs(); if (argc < 4) { return usage(argv[0]); } if (!strcmp(argv[1], "-d")) { decrypt = 1; cipher = argv[2]; infile = argv[3]; outfile = argv[4]; } else { decrypt = 0; cipher = argv[1]; infile = argv[2]; outfile = argv[3]; } /* file handles setup */ fdin = fopen(infile,"rb"); if (fdin == NULL) { perror("Can't open input for reading"); exit(-1); } fdout = fopen(outfile,"wb"); if (fdout == NULL) { perror("Can't open output for writing"); exit(-1); } cipher_idx = find_cipher(cipher); if (cipher_idx == -1) { printf("Invalid cipher entered on command line.\n"); exit(-1); } hash_idx = find_hash("sha256"); if (hash_idx == -1) { printf("LTC_SHA256 not found...?\n"); exit(-1); } ivsize = cipher_descriptor[cipher_idx].block_length; ks = hash_descriptor[hash_idx].hashsize; if (cipher_descriptor[cipher_idx].keysize(&ks) != CRYPT_OK) { printf("Invalid keysize???\n"); exit(-1); } printf("\nEnter key: "); fgets((char *)tmpkey,sizeof(tmpkey), stdin); outlen = sizeof(key); if ((errno = hash_memory(hash_idx,tmpkey,strlen((char *)tmpkey),key,&outlen)) != CRYPT_OK) { printf("Error hashing key: %s\n", error_to_string(errno)); exit(-1); } if (decrypt) { /* Need to read in IV */ if (fread(IV,1,ivsize,fdin) != ivsize) { printf("Error reading IV from input.\n"); exit(-1); } if ((errno = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) { printf("ctr_start error: %s\n",error_to_string(errno)); exit(-1); } /* IV done */ do { y = fread(inbuf,1,sizeof(inbuf),fdin); if ((errno = ctr_decrypt(inbuf,plaintext,y,&ctr)) != CRYPT_OK) { printf("ctr_decrypt error: %s\n", error_to_string(errno)); exit(-1); } if (fwrite(plaintext,1,y,fdout) != y) { printf("Error writing to file.\n"); exit(-1); } } while (y == sizeof(inbuf)); fclose(fdin); fclose(fdout); } else { /* encrypt */ /* Setup yarrow for random bytes for IV */ if ((errno = rng_make_prng(128, find_prng("yarrow"), &prng, NULL)) != CRYPT_OK) { printf("Error setting up PRNG, %s\n", error_to_string(errno)); } /* You can use rng_get_bytes on platforms that support it */ /* x = rng_get_bytes(IV,ivsize,NULL);*/ x = yarrow_read(IV,ivsize,&prng); if (x != ivsize) { printf("Error reading PRNG for IV required.\n"); exit(-1); } if (fwrite(IV,1,ivsize,fdout) != ivsize) { printf("Error writing IV to output.\n"); exit(-1); } if ((errno = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) { printf("ctr_start error: %s\n",error_to_string(errno)); exit(-1); } do { y = fread(inbuf,1,sizeof(inbuf),fdin); if ((errno = ctr_encrypt(inbuf,ciphertext,y,&ctr)) != CRYPT_OK) { printf("ctr_encrypt error: %s\n", error_to_string(errno)); exit(-1); } if (fwrite(ciphertext,1,y,fdout) != y) { printf("Error writing to output.\n"); exit(-1); } } while (y == sizeof(inbuf)); fclose(fdout); fclose(fdin); } return 0; }
TEE_Result tee_cipher_init3(void *ctx, uint32_t algo, TEE_OperationMode mode, const uint8_t *key1, size_t key1_len, const uint8_t *key2, size_t key2_len, const uint8_t *iv, size_t iv_len) { TEE_Result res; int ltc_res, ltc_cipherindex; uint8_t *real_key, key_array[24]; size_t real_key_len; struct symmetric_CTS *cts; res = tee_algo_to_ltc_cipherindex(algo, <c_cipherindex); if (res != TEE_SUCCESS) return TEE_ERROR_NOT_SUPPORTED; switch (algo) { case TEE_ALG_AES_ECB_NOPAD: case TEE_ALG_DES_ECB_NOPAD: ltc_res = ecb_start( ltc_cipherindex, key1, key1_len, 0, (symmetric_ECB *)ctx); break; case TEE_ALG_DES3_ECB_NOPAD: /* either des3 or des2, depending on the size of the key */ get_des2_key(key1, key1_len, key_array, &real_key, &real_key_len); ltc_res = ecb_start( ltc_cipherindex, real_key, real_key_len, 0, (symmetric_ECB *)ctx); break; case TEE_ALG_AES_CBC_NOPAD: case TEE_ALG_DES_CBC_NOPAD: if (iv_len != (size_t)cipher_descriptor[ltc_cipherindex].block_length) return TEE_ERROR_BAD_PARAMETERS; ltc_res = cbc_start( ltc_cipherindex, iv, key1, key1_len, 0, (symmetric_CBC *)ctx); break; case TEE_ALG_DES3_CBC_NOPAD: /* either des3 or des2, depending on the size of the key */ get_des2_key(key1, key1_len, key_array, &real_key, &real_key_len); if (iv_len != (size_t)cipher_descriptor[ltc_cipherindex].block_length) return TEE_ERROR_BAD_PARAMETERS; ltc_res = cbc_start( ltc_cipherindex, iv, real_key, real_key_len, 0, (symmetric_CBC *)ctx); break; case TEE_ALG_AES_CTR: if (iv_len != (size_t)cipher_descriptor[ltc_cipherindex].block_length) return TEE_ERROR_BAD_PARAMETERS; ltc_res = ctr_start( ltc_cipherindex, iv, key1, key1_len, 0, CTR_COUNTER_BIG_ENDIAN, (symmetric_CTR *)ctx); break; case TEE_ALG_AES_CTS: cts = (struct symmetric_CTS *)ctx; res = tee_cipher_init3( (void *)(&(cts->ecb)), TEE_ALG_AES_ECB_NOPAD, mode, key1, key1_len, key2, key2_len, iv, iv_len); if (res != TEE_SUCCESS) return res; res = tee_cipher_init3( (void *)(&(cts->cbc)), TEE_ALG_AES_CBC_NOPAD, mode, key1, key1_len, key2, key2_len, iv, iv_len); if (res != TEE_SUCCESS) return res; ltc_res = CRYPT_OK; break; case TEE_ALG_AES_XTS: if (key1_len != key2_len) return TEE_ERROR_BAD_PARAMETERS; ltc_res = xts_start( ltc_cipherindex, key1, key2, key1_len, 0, (symmetric_xts *)ctx); break; default: return TEE_ERROR_NOT_SUPPORTED; } if (ltc_res == CRYPT_OK) return TEE_SUCCESS; else return TEE_ERROR_BAD_STATE; }
void Decrypt(PK0304 *le, char *password) { char *salt, *key1, *key2, *check, digest[40]; u32 key_len, dig_len = 40, start, xlen; AE_EXTRA ae; start = ftell(ZIN); /* Searches for AE-1 header */ fseek(ZIN, le->NameLen, SEEK_CUR); for(xlen=le->ExtraLen; xlen;) { safeRead(&ae, ZIN, 4); xlen -= (4 + ae.Size); if (ae.Sig == 0x9901) { safeRead(&ae.Version, ZIN, 7); continue; } fseek(ZIN, ae.Size, SEEK_CUR); } if (ae.Sig != 0x9901) Z_ERROR("Fatal! Can't find AE extra header!"); if (ae.Strength < 1 || ae.Strength > 3) Z_ERROR("Bad encryption strength"); SaltSize = KS[ae.Strength].Salt; KeySize = KS[ae.Strength].Key; salt = BUF; key1 = salt+SaltSize; key2 = key1+KeySize; check = key2+KeySize; key_len = KeySize*2+2; /* Loads salt and password check value, and regenerates original crypto material */ fseek(ZIN, start+le->NameLen+le->ExtraLen, SEEK_SET); safeRead(salt, ZIN, SaltSize); safeRead(check+2, ZIN, 2); point1: if (pkcs_5_alg2(password, strlen(password), salt, SaltSize, 1000, 0, key1, &key_len) != CRYPT_OK) Z_ERROR("Failed to derive encryption keys"); if (memcmp(check, check+2, 2)) { printf("\nCan't decrypt data: try another password.\nNew password: "******"\n"); goto point1; } if (ctr_start(0, IV, key1, KeySize, 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) != CRYPT_OK) Z_ERROR("Failed to setup AES CTR decoder"); #ifdef GLADMAN_HMAC hmac_sha1_begin(&hmac); hmac_sha1_key(key2, KeySize, &hmac); #else if (hmac_init(&hmac, 0, key2, KeySize) != CRYPT_OK) Z_ERROR("Failed to setup HMAC-SHA1"); #endif /* Adjusts local header */ le->Flag ^= 1; le->CompMethod = ae.CompMethod; le->ExtraLen -= 11; le->CompSize -= (SaltSize + 12); /* Writes local header and copies extra, except 0x9901 */ safeWrite(ZOUT, le, sizeof(PK0304)); fseek(ZIN, start, SEEK_SET); fileCopy(ZOUT, ZIN, le->NameLen); for(xlen=le->ExtraLen+11; xlen;) { safeRead(&ae, ZIN, 4); xlen -= (4 + ae.Size); if (ae.Sig == 0x9901) { safeRead(&ae.Version, ZIN, 7); continue; } safeWrite(ZOUT, &ae, 4); fileCopy(ZOUT, ZIN, ae.Size); } fseek(ZIN, SaltSize+2, SEEK_CUR); fileFilter(ZOUT, ZIN, le->CompSize); #ifdef GLADMAN_HMAC hmac_sha1_end(digest, dig_len, &hmac); #else if (hmac_done(&hmac, digest, &dig_len) != CRYPT_OK) Z_ERROR("Failed to computate HMAC"); #endif /* Retrieves and checks HMACs */ safeRead(digest+10, ZIN, 10); if (memcmp(digest, digest+10, 10)) printf(" authentication failed, contents were lost!"); ctr_done(&ctr); }