result_t PKey::decrypt(Buffer_base *data, obj_ptr<Buffer_base> &retVal, AsyncEvent *ac) { if (!ac) return CHECK_ERROR(CALL_E_NOSYNC); result_t hr; bool priv; hr = isPrivate(priv); if (hr < 0) return hr; if (!priv) return CHECK_ERROR(CALL_E_INVALID_CALL); int32_t ret; std::string str; std::string output; size_t olen; data->toString(str); output.resize(MBEDTLS_PREMASTER_SIZE * 2); ret = mbedtls_pk_decrypt(&m_key, (const unsigned char *)str.c_str(), str.length(), (unsigned char *)&output[0], &olen, output.length(), mbedtls_ctr_drbg_random, &g_ssl.ctr_drbg); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); output.resize(olen); retVal = new Buffer(output); return 0; }
int main( int argc, char *argv[] ) { FILE *f; int ret, c; size_t i, olen = 0; mbedtls_pk_context pk; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; unsigned char result[1024]; unsigned char buf[512]; const char *pers = "mbedtls_pk_decrypt"; ((void) argv); mbedtls_ctr_drbg_init( &ctr_drbg ); memset(result, 0, sizeof( result ) ); ret = 1; if( argc != 2 ) { mbedtls_printf( "usage: mbedtls_pk_decrypt <key_file>\n" ); #if defined(_WIN32) mbedtls_printf( "\n" ); #endif goto exit; } mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); mbedtls_entropy_init( &entropy ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); goto exit; } mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); fflush( stdout ); mbedtls_pk_init( &pk ); if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret ); goto exit; } /* * Extract the RSA encrypted value from the text file */ ret = 1; if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL ) { mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" ); goto exit; } i = 0; while( fscanf( f, "%02X", &c ) > 0 && i < (int) sizeof( buf ) ) buf[i++] = (unsigned char) c; fclose( f ); /* * Decrypt the encrypted RSA data and print the result. */ mbedtls_printf( "\n . Decrypting the encrypted data" ); fflush( stdout ); if( ( ret = mbedtls_pk_decrypt( &pk, buf, i, result, &olen, sizeof(result), mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", -ret ); goto exit; } mbedtls_printf( "\n . OK\n\n" ); mbedtls_printf( "The decrypted result is: '%s'\n\n", result ); ret = 0; exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); #if defined(MBEDTLS_ERROR_C) if( ret != 0 ) { mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); mbedtls_printf( " ! Last error was: %s\n", buf ); } #endif #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); #endif return( ret ); }
/** * Block symmetric ciphers. * Please note that linker-override is possible, but dynamic override is generally * preferable to avoid clobbering all symmetric support. * * @param uint8_t* Buffer containing plaintext. * @param int Length of plaintext. * @param uint8_t* Target buffer for ciphertext. * @param int Length of output. * @param uint8_t* Buffer containing the symmetric key. * @param int Length of the key, in bits. * @param uint8_t* IV. Caller's responsibility to use correct size. * @param Cipher The cipher by which to encrypt. * @param uint32_t Options to the optionation. * @return true if the root function ought to defer. */ int __attribute__((weak)) wrapped_sym_cipher(uint8_t* in, int in_len, uint8_t* out, int out_len, uint8_t* key, int key_len, uint8_t* iv, Cipher ci, uint32_t opts) { if (cipher_deferred_handling(ci)) { // If overriden by user implementation. return _sym_overrides[ci](in, in_len, out, out_len, key, key_len, iv, ci, opts); } int8_t ret = -1; switch (ci) { #if defined(MBEDTLS_AES_C) case Cipher::SYM_AES_256_CBC: case Cipher::SYM_AES_192_CBC: case Cipher::SYM_AES_128_CBC: { mbedtls_aes_context ctx; if (opts & OP_ENCRYPT) { mbedtls_aes_setkey_enc(&ctx, key, (unsigned int) key_len); } else { mbedtls_aes_setkey_dec(&ctx, key, (unsigned int) key_len); } ret = mbedtls_aes_crypt_cbc(&ctx, _cipher_opcode(ci, opts), in_len, iv, in, out); mbedtls_aes_free(&ctx); } break; #endif #if defined(MBEDTLS_RSA_C) case Cipher::ASYM_RSA: { mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_init(&ctr_drbg); size_t olen = 0; mbedtls_pk_context ctx; mbedtls_pk_init(&ctx); if (opts & OP_ENCRYPT) { ret = mbedtls_pk_encrypt(&ctx, in, in_len, out, &olen, out_len, mbedtls_ctr_drbg_random, &ctr_drbg); } else { ret = mbedtls_pk_decrypt(&ctx, in, in_len, out, &olen, out_len, mbedtls_ctr_drbg_random, &ctr_drbg); } mbedtls_pk_free(&ctx); } break; #endif #if defined(MBEDTLS_BLOWFISH_C) case Cipher::SYM_BLOWFISH_CBC: { mbedtls_blowfish_context ctx; mbedtls_blowfish_setkey(&ctx, key, key_len); ret = mbedtls_blowfish_crypt_cbc(&ctx, _cipher_opcode(ci, opts), in_len, iv, in, out); mbedtls_blowfish_free(&ctx); } break; #endif #if defined(WRAPPED_SYM_NULL) case Cipher::SYM_NULL: memcpy(out, in, in_len); ret = 0; break; #endif default: break; } return ret; }