kaa_error_t aes_encrypt_decrypt_block(int mode, const uint8_t *input, uint8_t *output, const uint8_t *key) { if (input == NULL) { return KAA_ERR_BADPARAM; } if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT) { return KAA_ERR_BADPARAM; } static bool initialized = false; static mbedtls_aes_context aes_ctx; if (!initialized) { mbedtls_aes_init(&aes_ctx); initialized = true; } /* KAA_SESSION_KEY_LENGTH * 8 - size in bits */ if (mode == MBEDTLS_AES_ENCRYPT) { mbedtls_aes_setkey_enc(&aes_ctx, key, KAA_SESSION_KEY_LENGTH * 8); } else { mbedtls_aes_setkey_dec(&aes_ctx, key, KAA_SESSION_KEY_LENGTH * 8); } mbedtls_aes_crypt_ecb(&aes_ctx, mode, input, output); return KAA_ERR_NONE; }
CVolumeWiiCrypted::CVolumeWiiCrypted(std::unique_ptr<IBlobReader> reader, u64 _VolumeOffset, const unsigned char* _pVolumeKey) : m_pReader(std::move(reader)), m_AES_ctx(std::make_unique<mbedtls_aes_context>()), m_VolumeOffset(_VolumeOffset), m_dataOffset(0x20000), m_LastDecryptedBlockOffset(-1) { mbedtls_aes_setkey_dec(m_AES_ctx.get(), _pVolumeKey, 128); }
bool esp32_fs_crypt_init(void) { uint8_t tmp[32]; uint32_t addr = 0; for (addr = 0; addr < spi_flash_get_chip_size(); addr += 32) { mgos_wdt_feed(); if (spi_flash_read(addr, tmp, sizeof(tmp)) != ESP_OK) { LOG(LL_ERROR, ("SPI read error at 0x%x", addr)); return false; } int j; for (j = 0; j < sizeof(tmp); j++) { if (tmp[j] != 0xff) break; } if (j < sizeof(tmp)) continue; /* Found a suitably empty location, now decrypt it. */ if (spi_flash_read_encrypted(addr, tmp, sizeof(tmp)) != ESP_OK) { LOG(LL_ERROR, ("SPI encrypted read error at 0x%x", addr)); return false; } /* Now in tmp we have 32 x 0xff processed with the flash encryption key. */ mbedtls_aes_init(&s_aes_ctx_enc); mbedtls_aes_setkey_enc(&s_aes_ctx_enc, tmp, 256); mbedtls_aes_init(&s_aes_ctx_dec); mbedtls_aes_setkey_dec(&s_aes_ctx_dec, tmp, 256); LOG(LL_INFO, ("FS encryption key set up, seed @ 0x%x", addr)); return true; } LOG(LL_ERROR, ("Could not a suitable seed area for FS encryption")); return false; }
struct crypto_cipher * fast_crypto_cipher_init(enum crypto_cipher_alg alg, const uint8_t *iv, const uint8_t *key, size_t key_len) { struct fast_crypto_cipher *ctx; ctx = (struct fast_crypto_cipher *)os_zalloc(sizeof(*ctx)); if (ctx == NULL) { return NULL; } ctx->alg = alg; switch (alg) { case CRYPTO_CIPHER_ALG_RC4: if (key_len > sizeof(ctx->u.rc4.key)) { os_free(ctx); return NULL; } ctx->u.rc4.keylen = key_len; os_memcpy(ctx->u.rc4.key, key, key_len); break; case CRYPTO_CIPHER_ALG_AES: mbedtls_aes_init(&(ctx->u.aes.ctx_enc)); mbedtls_aes_setkey_enc(&(ctx->u.aes.ctx_enc), key, 256); mbedtls_aes_init(&(ctx->u.aes.ctx_dec)); mbedtls_aes_setkey_dec(&(ctx->u.aes.ctx_dec), key, 256); os_memcpy(ctx->u.aes.cbc, iv, AES_BLOCK_SIZE); break; #ifdef CONFIG_DES3 case CRYPTO_CIPHER_ALG_3DES: if (key_len != 24) { os_free(ctx); return NULL; } des3_key_setup(key, &ctx->u.des3.key); os_memcpy(ctx->u.des3.cbc, iv, 8); break; #endif #ifdef CONFIG_DES case CRYPTO_CIPHER_ALG_DES: if (key_len != 8) { os_free(ctx); return NULL; } des_key_setup(key, ctx->u.des.ek, ctx->u.des.dk); os_memcpy(ctx->u.des.cbc, iv, 8); break; #endif default: os_free(ctx); return NULL; } return (struct crypto_cipher *)ctx; }
bool CVolumeWiiCrypted::ChangePartition(u64 offset) { m_VolumeOffset = offset; m_LastDecryptedBlockOffset = -1; u8 volume_key[16]; DiscIO::VolumeKeyForPartition(*m_pReader, offset, volume_key); mbedtls_aes_setkey_dec(m_AES_ctx.get(), volume_key, 128); return true; }
std::vector<u8> CNANDContentLoader::AESDecode(const u8* key, u8* iv, const u8* src, u32 size) { mbedtls_aes_context aes_ctx; std::vector<u8> buffer(size); mbedtls_aes_setkey_dec(&aes_ctx, key, 128); mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_DECRYPT, size, iv, src, buffer.data()); return buffer; }
//AES/CBC/PKCS5Padding //key只能是16、24、32个ASSCII字符组成的串儿 unsigned char* aes_cbc_pkcs5padding_decode(unsigned char *input, size_t inputLength, size_t *outputLength, const char *key) { size_t keyLength = strlen(key); printf("keyLength = %zu\n", keyLength); if (keyLength != 32 && keyLength != 24 && keyLength != 16) { perror("key必须是16、24、32个ASSCII字符组成的串\n"); return NULL; } mbedtls_aes_context aes; //初始向量,一般是一个随机数组成的,长度必须是块大小,一个块是16字节,也就是16个ASCII字符 unsigned char iv[16]; memcpy(iv, key, keyLength); //解密后的数据长度 unsigned char *output = (unsigned char *)calloc(inputLength, sizeof(unsigned char)); //设置加密的key,并初始化 mbedtls_aes_setkey_dec(&aes, (unsigned char*)key, keyLength * 8); //加密数据 mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, inputLength, iv, input, output); int outputLastIndex = inputLength - 1; //取出output最后一个字节,转成数字 unsigned int lastValue = output[outputLastIndex]; printf("lastValue = %d\n", lastValue); if (lastValue > 0 && lastValue <= 16) { int j = outputLastIndex; while(output[j] == lastValue) { j--; } printf("j = %d\n", j); *outputLength = j + 1; outputLastIndex = j; } size_t inputHexLength = 2 * inputLength + 1; char inputHex[inputHexLength]; memset(inputHex, 0, inputHexLength); bytes2HexStr(inputHex, input, inputLength); size_t outputHexLength = 2 * inputLength + 1; char outputHex[outputHexLength]; memset(outputHex, 0, outputHexLength); bytes2HexStr(outputHex, output, inputLength); printf("aesDecode(%s, %s)=%s\n", inputHex, key, outputHex); return output; }
int AESContext::setKeyDec(State & state, mbedtls_aes_context * context){ Stack * stack = state.stack; if (stack->is<LUA_TSTRING>(1)){ const std::string key = stack->toLString(1); unsigned int realBits = key.length() * 8; unsigned int keyBits; if (stack->is<LUA_TNUMBER>(2)){ keyBits = stack->to<int>(2); if (keyBits > realBits){ keyBits = realBits; } } else{ keyBits = realBits; } stack->push<int>(mbedtls_aes_setkey_dec(context, reinterpret_cast<const unsigned char*>(key.c_str()), keyBits)); return 1; } return 0; }
void VolumeKeyForPartition(IBlobReader& _rReader, u64 offset, u8* VolumeKey) { CBlobBigEndianReader Reader(_rReader); u8 SubKey[16]; _rReader.Read(offset + 0x1bf, 16, SubKey); u8 IV[16]; memset(IV, 0, 16); _rReader.Read(offset + 0x44c, 8, IV); bool usingKoreanKey = false; // Issue: 6813 // Magic value is at partition's offset + 0x1f1 (1byte) // If encrypted with the Korean key, the magic value would be 1 // Otherwise it is zero if (Reader.Read8(0x3) == 'K' && Reader.Read8(offset + 0x1f1) == 1) usingKoreanKey = true; mbedtls_aes_context AES_ctx; mbedtls_aes_setkey_dec(&AES_ctx, (usingKoreanKey ? s_master_key_korean : s_master_key), 128); mbedtls_aes_crypt_cbc(&AES_ctx, MBEDTLS_AES_DECRYPT, 16, IV, SubKey, VolumeKey); }
int mbedtls_aes_self_test(int verbose) { (void)verbose; /* 128-bit Key 2b7e151628aed2a6abf7158809cf4f3c */ const uint8_t key_128b[16] = {0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c}; mbedtls_aes_context aes; int retval = 0; uint8_t input[16] = {0}; uint8_t output[16] = {0}; uint8_t decrypt[16] = {0}; strcpy((char *)input, (const char *)"hw_aes_test"); mbedtls_aes_init(&aes); retval = mbedtls_aes_setkey_enc(&aes, (const unsigned char *)key_128b, 128); VerifyOrExit(retval != 0, retval = -1); retval = mbedtls_aes_setkey_dec(&aes, (const unsigned char *)key_128b, 128); VerifyOrExit(retval != 0, retval = -1); retval = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_ENCRYPT, input, output); VerifyOrExit(retval != 0, retval = -1); retval = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_DECRYPT, output, decrypt); VerifyOrExit(retval != 0, retval = -1); mbedtls_aes_free(&aes); exit: return retval; }
IPCCommandResult WFSI::IOCtl(const IOCtlRequest& request) { s32 return_error_code = IPC_SUCCESS; switch (request.request) { case IOCTL_WFSI_IMPORT_TITLE_INIT: { u32 tmd_addr = Memory::Read_U32(request.buffer_in); u32 tmd_size = Memory::Read_U32(request.buffer_in + 4); m_patch_type = static_cast<PatchType>(Memory::Read_U32(request.buffer_in + 32)); m_continue_install = Memory::Read_U32(request.buffer_in + 36); INFO_LOG(IOS_WFS, "IOCTL_WFSI_IMPORT_TITLE_INIT: patch type %d, continue install: %s", m_patch_type, m_continue_install ? "true" : "false"); if (m_patch_type == PatchType::PATCH_TYPE_2) { const std::string content_dir = StringFromFormat("/vol/%s/title/%s/%s/content", m_device_name.c_str(), m_current_group_id_str.c_str(), m_current_title_id_str.c_str()); File::Rename(WFS::NativePath(content_dir + "/default.dol"), WFS::NativePath(content_dir + "/_default.dol")); } if (!IOS::ES::IsValidTMDSize(tmd_size)) { ERROR_LOG(IOS_WFS, "IOCTL_WFSI_IMPORT_TITLE_INIT: TMD size too large (%d)", tmd_size); return_error_code = IPC_EINVAL; break; } std::vector<u8> tmd_bytes; tmd_bytes.resize(tmd_size); Memory::CopyFromEmu(tmd_bytes.data(), tmd_addr, tmd_size); m_tmd.SetBytes(std::move(tmd_bytes)); IOS::ES::TicketReader ticket = m_ios.GetES()->FindSignedTicket(m_tmd.GetTitleId()); if (!ticket.IsValid()) { return_error_code = -11028; break; } memcpy(m_aes_key, ticket.GetTitleKey(m_ios.GetIOSC()).data(), sizeof(m_aes_key)); mbedtls_aes_setkey_dec(&m_aes_ctx, m_aes_key, 128); SetImportTitleIdAndGroupId(m_tmd.GetTitleId(), m_tmd.GetGroupId()); if (m_patch_type == PatchType::PATCH_TYPE_1) CancelPatchImport(m_continue_install); else if (m_patch_type == PatchType::NOT_A_PATCH) CancelTitleImport(m_continue_install); break; } case IOCTL_WFSI_PREPARE_PROFILE: m_base_extract_path = StringFromFormat("/vol/%s/tmp/", m_device_name.c_str()); // Fall through intended. case IOCTL_WFSI_PREPARE_CONTENT: { const char* ioctl_name = request.request == IOCTL_WFSI_PREPARE_PROFILE ? "IOCTL_WFSI_PREPARE_PROFILE" : "IOCTL_WFSI_PREPARE_CONTENT"; // Initializes the IV from the index of the content in the TMD contents. u32 content_id = Memory::Read_U32(request.buffer_in + 8); IOS::ES::Content content_info; if (!m_tmd.FindContentById(content_id, &content_info)) { WARN_LOG(IOS_WFS, "%s: Content id %08x not found", ioctl_name, content_id); return_error_code = -10003; break; } memset(m_aes_iv, 0, sizeof(m_aes_iv)); m_aes_iv[0] = content_info.index >> 8; m_aes_iv[1] = content_info.index & 0xFF; INFO_LOG(IOS_WFS, "%s: Content id %08x found at index %d", ioctl_name, content_id, content_info.index); m_arc_unpacker.Reset(); break; } case IOCTL_WFSI_IMPORT_PROFILE: case IOCTL_WFSI_IMPORT_CONTENT: { const char* ioctl_name = request.request == IOCTL_WFSI_IMPORT_PROFILE ? "IOCTL_WFSI_IMPORT_PROFILE" : "IOCTL_WFSI_IMPORT_CONTENT"; u32 content_id = Memory::Read_U32(request.buffer_in + 0xC); u32 input_ptr = Memory::Read_U32(request.buffer_in + 0x10); u32 input_size = Memory::Read_U32(request.buffer_in + 0x14); INFO_LOG(IOS_WFS, "%s: %08x bytes of data at %08x from content id %d", ioctl_name, input_size, input_ptr, content_id); std::vector<u8> decrypted(input_size); mbedtls_aes_crypt_cbc(&m_aes_ctx, MBEDTLS_AES_DECRYPT, input_size, m_aes_iv, Memory::GetPointer(input_ptr), decrypted.data()); m_arc_unpacker.AddBytes(decrypted); break; } case IOCTL_WFSI_IMPORT_CONTENT_END: case IOCTL_WFSI_IMPORT_PROFILE_END: { const char* ioctl_name = request.request == IOCTL_WFSI_IMPORT_PROFILE_END ? "IOCTL_WFSI_IMPORT_PROFILE_END" : "IOCTL_WFSI_IMPORT_CONTENT_END"; INFO_LOG(IOS_WFS, "%s", ioctl_name); auto callback = [this](const std::string& filename, const std::vector<u8>& bytes) { INFO_LOG(IOS_WFS, "Extract: %s (%zd bytes)", filename.c_str(), bytes.size()); std::string path = WFS::NativePath(m_base_extract_path + "/" + filename); File::CreateFullPath(path); File::IOFile f(path, "wb"); if (!f) { ERROR_LOG(IOS_WFS, "Could not extract %s to %s", filename.c_str(), path.c_str()); return; } f.WriteBytes(bytes.data(), bytes.size()); }; m_arc_unpacker.Extract(callback); // Technically not needed, but let's not keep large buffers in RAM for no // reason if we can avoid it. m_arc_unpacker.Reset(); break; } case IOCTL_WFSI_FINALIZE_TITLE_INSTALL: { std::string tmd_path; if (m_patch_type == NOT_A_PATCH) { std::string title_install_dir = StringFromFormat("/vol/%s/_install/%s", m_device_name.c_str(), m_import_title_id_str.c_str()); std::string title_final_dir = StringFromFormat("/vol/%s/title/%s/%s", m_device_name.c_str(), m_import_group_id_str.c_str(), m_import_title_id_str.c_str()); File::Rename(WFS::NativePath(title_install_dir), WFS::NativePath(title_final_dir)); tmd_path = StringFromFormat("/vol/%s/title/%s/%s/meta/%016" PRIx64 ".tmd", m_device_name.c_str(), m_import_group_id_str.c_str(), m_import_title_id_str.c_str(), m_import_title_id); } else { std::string patch_dir = StringFromFormat("/vol/%s/title/%s/%s/_patch", m_device_name.c_str(), m_current_group_id_str.c_str(), m_current_title_id_str.c_str()); File::DeleteDirRecursively(WFS::NativePath(patch_dir)); tmd_path = StringFromFormat("/vol/%s/title/%s/%s/meta/%016" PRIx64 ".tmd", m_device_name.c_str(), m_current_group_id_str.c_str(), m_current_title_id_str.c_str(), m_import_title_id); } File::IOFile tmd_file(WFS::NativePath(tmd_path), "wb"); tmd_file.WriteBytes(m_tmd.GetBytes().data(), m_tmd.GetBytes().size()); break; } case IOCTL_WFSI_FINALIZE_PATCH_INSTALL: { INFO_LOG(IOS_WFS, "IOCTL_WFSI_FINALIZE_PATCH_INSTALL"); if (m_patch_type != NOT_A_PATCH) { std::string current_title_dir = StringFromFormat("/vol/%s/title/%s/%s", m_device_name.c_str(), m_current_group_id_str.c_str(), m_current_title_id_str.c_str()); std::string patch_dir = current_title_dir + "/_patch"; File::CopyDir(WFS::NativePath(patch_dir), WFS::NativePath(current_title_dir), true); } break; } case IOCTL_WFSI_DELETE_TITLE: // Bytes 0-4: ?? // Bytes 4-8: game id // Bytes 1c-1e: title id? WARN_LOG(IOS_WFS, "IOCTL_WFSI_DELETE_TITLE: unimplemented"); break; case IOCTL_WFSI_GET_VERSION: INFO_LOG(IOS_WFS, "IOCTL_WFSI_GET_VERSION"); Memory::Write_U32(0x20, request.buffer_out); break; case IOCTL_WFSI_IMPORT_TITLE_CANCEL: { INFO_LOG(IOS_WFS, "IOCTL_WFSI_IMPORT_TITLE_CANCEL"); bool continue_install = Memory::Read_U32(request.buffer_in) != 0; if (m_patch_type == PatchType::NOT_A_PATCH) return_error_code = CancelTitleImport(continue_install); else if (m_patch_type == PatchType::PATCH_TYPE_1 || m_patch_type == PatchType::PATCH_TYPE_2) return_error_code = CancelPatchImport(continue_install); else return_error_code = WFS_EINVAL; m_tmd = {}; break; } case IOCTL_WFSI_INIT: { INFO_LOG(IOS_WFS, "IOCTL_WFSI_INIT"); u64 tid; if (GetIOS()->GetES()->GetTitleId(&tid) < 0) { ERROR_LOG(IOS_WFS, "IOCTL_WFSI_INIT: Could not get title id."); return_error_code = IPC_EINVAL; break; } IOS::ES::TMDReader tmd = GetIOS()->GetES()->FindInstalledTMD(tid); SetCurrentTitleIdAndGroupId(tmd.GetTitleId(), tmd.GetGroupId()); break; } case IOCTL_WFSI_SET_DEVICE_NAME: INFO_LOG(IOS_WFS, "IOCTL_WFSI_SET_DEVICE_NAME"); m_device_name = Memory::GetString(request.buffer_in); break; case IOCTL_WFSI_APPLY_TITLE_PROFILE: { INFO_LOG(IOS_WFS, "IOCTL_WFSI_APPLY_TITLE_PROFILE"); if (m_patch_type == NOT_A_PATCH) { std::string install_directory = StringFromFormat("/vol/%s/_install", m_device_name.c_str()); if (!m_continue_install && File::IsDirectory(WFS::NativePath(install_directory))) { File::DeleteDirRecursively(WFS::NativePath(install_directory)); } m_base_extract_path = StringFromFormat("%s/%s/content", install_directory.c_str(), m_import_title_id_str.c_str()); File::CreateFullPath(WFS::NativePath(m_base_extract_path)); File::CreateDir(WFS::NativePath(m_base_extract_path)); for (auto dir : {"work", "meta", "save"}) { std::string path = StringFromFormat("%s/%s/%s", install_directory.c_str(), m_import_title_id_str.c_str(), dir); File::CreateDir(WFS::NativePath(path)); } std::string group_path = StringFromFormat("/vol/%s/title/%s", m_device_name.c_str(), m_import_group_id_str.c_str()); File::CreateFullPath(WFS::NativePath(group_path)); File::CreateDir(WFS::NativePath(group_path)); } else { m_base_extract_path = StringFromFormat("/vol/%s/title/%s/%s/_patch/content", m_device_name.c_str(), m_current_group_id_str.c_str(), m_current_title_id_str.c_str()); File::CreateFullPath(WFS::NativePath(m_base_extract_path)); File::CreateDir(WFS::NativePath(m_base_extract_path)); } break; } case IOCTL_WFSI_GET_TMD: { u64 subtitle_id = Memory::Read_U64(request.buffer_in); u32 address = Memory::Read_U32(request.buffer_in + 24); INFO_LOG(IOS_WFS, "IOCTL_WFSI_GET_TMD: subtitle ID %016" PRIx64, subtitle_id); u32 tmd_size; return_error_code = GetTmd(m_current_group_id, m_current_title_id, subtitle_id, address, &tmd_size); Memory::Write_U32(tmd_size, request.buffer_out); break; } case IOCTL_WFSI_GET_TMD_ABSOLUTE: { u64 subtitle_id = Memory::Read_U64(request.buffer_in); u32 address = Memory::Read_U32(request.buffer_in + 24); u16 group_id = Memory::Read_U16(request.buffer_in + 36); u32 title_id = Memory::Read_U32(request.buffer_in + 32); INFO_LOG(IOS_WFS, "IOCTL_WFSI_GET_TMD_ABSOLUTE: tid %08x, gid %04x, subtitle ID %016" PRIx64, title_id, group_id, subtitle_id); u32 tmd_size; return_error_code = GetTmd(group_id, title_id, subtitle_id, address, &tmd_size); Memory::Write_U32(tmd_size, request.buffer_out); break; } case IOCTL_WFSI_SET_FST_BUFFER: { INFO_LOG(IOS_WFS, "IOCTL_WFSI_SET_FST_BUFFER: address %08x, size %08x", request.buffer_in, request.buffer_in_size); break; } case IOCTL_WFSI_NOOP: break; case IOCTL_WFSI_LOAD_DOL: { std::string path = StringFromFormat("/vol/%s/title/%s/%s/content", m_device_name.c_str(), m_current_group_id_str.c_str(), m_current_title_id_str.c_str()); u32 dol_addr = Memory::Read_U32(request.buffer_in + 0x18); u32 max_dol_size = Memory::Read_U32(request.buffer_in + 0x14); u16 dol_extension_id = Memory::Read_U16(request.buffer_in + 0x1e); if (dol_extension_id == 0) { path += "/default.dol"; } else { path += StringFromFormat("/extension%d.dol", dol_extension_id); } INFO_LOG(IOS_WFS, "IOCTL_WFSI_LOAD_DOL: loading %s at address %08x (size %d)", path.c_str(), dol_addr, max_dol_size); File::IOFile fp(WFS::NativePath(path), "rb"); if (!fp) { WARN_LOG(IOS_WFS, "IOCTL_WFSI_LOAD_DOL: no such file or directory: %s", path.c_str()); return_error_code = WFS_ENOENT; break; } u32 real_dol_size = fp.GetSize(); if (dol_addr == 0) { // Write the expected size to the size parameter, in the input. Memory::Write_U32(real_dol_size, request.buffer_in + 0x14); } else { fp.ReadBytes(Memory::GetPointer(dol_addr), max_dol_size); } Memory::Write_U32(real_dol_size, request.buffer_out); break; } case IOCTL_WFSI_CHECK_HAS_SPACE: WARN_LOG(IOS_WFS, "IOCTL_WFSI_CHECK_HAS_SPACE: returning true"); // TODO(wfs): implement this properly. // 1 is returned if there is free space, 0 otherwise. // // WFSI builds a path depending on the import state // /vol/VOLUME_ID/title/GROUP_ID/GAME_ID // /vol/VOLUME_ID/_install/GAME_ID // then removes everything after the last path separator ('/') // it then calls WFSISrvGetFreeBlkNum (ioctl 0x5a, aliased to 0x5b) with that path. // If the ioctl fails, WFSI returns 0. // If the ioctl succeeds, WFSI returns 0 or 1 depending on the three u32s in the input buffer // and the three u32s returned by WFSSRV (TODO: figure out what it does) return_error_code = 1; break; default: // TODO(wfs): Should be returning an error. However until we have // everything properly stubbed it's easier to simulate the methods // succeeding. request.DumpUnknown(GetDeviceName(), LogTypes::IOS, LogTypes::LWARNING); Memory::Memset(request.buffer_out, 0, request.buffer_out_size); break; } return GetDefaultReply(return_error_code); }
int main( void ) { FILE *f; int ret; size_t n, buflen; mbedtls_net_context server_fd; unsigned char *p, *end; unsigned char buf[2048]; unsigned char hash[32]; const char *pers = "dh_client"; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_rsa_context rsa; mbedtls_dhm_context dhm; mbedtls_aes_context aes; mbedtls_net_init( &server_fd ); mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 ); mbedtls_dhm_init( &dhm ); mbedtls_aes_init( &aes ); mbedtls_ctr_drbg_init( &ctr_drbg ); /* * 1. Setup the RNG */ mbedtls_printf( "\n . Seeding the random number generator" ); fflush( stdout ); mbedtls_entropy_init( &entropy ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); goto exit; } /* * 2. Read the server's public RSA key */ mbedtls_printf( "\n . Reading public key from rsa_pub.txt" ); fflush( stdout ); if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL ) { ret = 1; mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \ " ! Please run rsa_genkey first\n\n" ); goto exit; } mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); goto exit; } rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; fclose( f ); /* * 3. Initiate the connection */ mbedtls_printf( "\n . Connecting to tcp/%s/%s", SERVER_NAME, SERVER_PORT ); fflush( stdout ); if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME, SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret ); goto exit; } /* * 4a. First get the buffer length */ mbedtls_printf( "\n . Receiving the server's DH parameters" ); fflush( stdout ); memset( buf, 0, sizeof( buf ) ); if( ( ret = mbedtls_net_recv( &server_fd, buf, 2 ) ) != 2 ) { mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); goto exit; } n = buflen = ( buf[0] << 8 ) | buf[1]; if( buflen < 1 || buflen > sizeof( buf ) ) { mbedtls_printf( " failed\n ! Got an invalid buffer length\n\n" ); goto exit; } /* * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P */ memset( buf, 0, sizeof( buf ) ); if( ( ret = mbedtls_net_recv( &server_fd, buf, n ) ) != (int) n ) { mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); goto exit; } p = buf, end = buf + buflen; if( ( ret = mbedtls_dhm_read_params( &dhm, &p, end ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_dhm_read_params returned %d\n\n", ret ); goto exit; } if( dhm.len < 64 || dhm.len > 512 ) { ret = 1; mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" ); goto exit; } /* * 5. Check that the server's RSA signature matches * the SHA-256 hash of (P,G,Ys) */ mbedtls_printf( "\n . Verifying the server's RSA signature" ); fflush( stdout ); p += 2; if( ( n = (size_t) ( end - p ) ) != rsa.len ) { ret = 1; mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" ); goto exit; } mbedtls_sha1( buf, (int)( p - 2 - buf ), hash ); if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret ); goto exit; } /* * 6. Send our public value: Yc = G ^ Xc mod P */ mbedtls_printf( "\n . Sending own public value to server" ); fflush( stdout ); n = dhm.len; if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, n, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret ); goto exit; } if( ( ret = mbedtls_net_send( &server_fd, buf, n ) ) != (int) n ) { mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret ); goto exit; } /* * 7. Derive the shared secret: K = Ys ^ Xc mod P */ mbedtls_printf( "\n . Shared secret: " ); fflush( stdout ); if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret ); goto exit; } for( n = 0; n < 16; n++ ) mbedtls_printf( "%02x", buf[n] ); /* * 8. Setup the AES-256 decryption key * * This is an overly simplified example; best practice is * to hash the shared secret with a random value to derive * the keying material for the encryption/decryption keys, * IVs and MACs. */ mbedtls_printf( "...\n . Receiving and decrypting the ciphertext" ); fflush( stdout ); mbedtls_aes_setkey_dec( &aes, buf, 256 ); memset( buf, 0, sizeof( buf ) ); if( ( ret = mbedtls_net_recv( &server_fd, buf, 16 ) ) != 16 ) { mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); goto exit; } mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf ); buf[16] = '\0'; mbedtls_printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf ); exit: mbedtls_net_free( &server_fd ); mbedtls_aes_free( &aes ); mbedtls_rsa_free( &rsa ); mbedtls_dhm_free( &dhm ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); #endif return( ret ); }
static NO_INLINE JsVar *jswrap_crypto_AEScrypt(JsVar *message, JsVar *key, JsVar *options, bool encrypt) { int err; unsigned char iv[16]; // initialisation vector memset(iv, 0, 16); CryptoMode mode = CM_CBC; if (jsvIsObject(options)) { JsVar *ivVar = jsvObjectGetChild(options, "iv", 0); if (ivVar) { jsvIterateCallbackToBytes(ivVar, iv, sizeof(iv)); jsvUnLock(ivVar); } JsVar *modeVar = jsvObjectGetChild(options, "mode", 0); if (!jsvIsUndefined(modeVar)) mode = jswrap_crypto_getMode(modeVar); jsvUnLock(modeVar); if (mode == CM_NONE) return 0; } else if (!jsvIsUndefined(options)) { jsError("'options' must be undefined, or an Object"); return 0; } mbedtls_aes_context aes; mbedtls_aes_init( &aes ); JSV_GET_AS_CHAR_ARRAY(messagePtr, messageLen, message); if (!messagePtr) return 0; JSV_GET_AS_CHAR_ARRAY(keyPtr, keyLen, key); if (!keyPtr) return 0; if (encrypt) err = mbedtls_aes_setkey_enc( &aes, (unsigned char*)keyPtr, (unsigned int)keyLen*8 ); else err = mbedtls_aes_setkey_dec( &aes, (unsigned char*)keyPtr, (unsigned int)keyLen*8 ); if (err) { jswrap_crypto_error(err); return 0; } char *outPtr = 0; JsVar *outVar = jsvNewArrayBufferWithPtr((unsigned int)messageLen, &outPtr); if (!outPtr) { jsError("Not enough memory for result"); return 0; } switch (mode) { case CM_CBC: err = mbedtls_aes_crypt_cbc( &aes, encrypt ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT, messageLen, iv, (unsigned char*)messagePtr, (unsigned char*)outPtr ); break; case CM_CFB: err = mbedtls_aes_crypt_cfb8( &aes, encrypt ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT, messageLen, iv, (unsigned char*)messagePtr, (unsigned char*)outPtr ); break; case CM_CTR: { size_t nc_off = 0; unsigned char nonce_counter[16]; unsigned char stream_block[16]; memset(nonce_counter, 0, sizeof(nonce_counter)); memset(stream_block, 0, sizeof(stream_block)); err = mbedtls_aes_crypt_ctr( &aes, messageLen, &nc_off, nonce_counter, stream_block, (unsigned char*)messagePtr, (unsigned char*)outPtr ); break; } case CM_ECB: { size_t i = 0; while (!err && i+15 < messageLen) { err = mbedtls_aes_crypt_ecb( &aes, encrypt ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT, (unsigned char*)&messagePtr[i], (unsigned char*)&outPtr[i] ); i += 16; } break; } default: err = MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; break; } mbedtls_aes_free( &aes ); if (!err) { return outVar; } else { jswrap_crypto_error(err); jsvUnLock(outVar); return 0; } }
static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_bitlen ) { return mbedtls_aes_setkey_dec( (mbedtls_aes_context *) ctx, key, key_bitlen ); }
/** * Block symmetric ciphers. * Please note that linker-override is possible, but dynamic override is generally * preferable to avoid clobbering all symmetric support. * * @param uint8_t* Buffer containing plaintext. * @param int Length of plaintext. * @param uint8_t* Target buffer for ciphertext. * @param int Length of output. * @param uint8_t* Buffer containing the symmetric key. * @param int Length of the key, in bits. * @param uint8_t* IV. Caller's responsibility to use correct size. * @param Cipher The cipher by which to encrypt. * @param uint32_t Options to the optionation. * @return true if the root function ought to defer. */ int __attribute__((weak)) wrapped_sym_cipher(uint8_t* in, int in_len, uint8_t* out, int out_len, uint8_t* key, int key_len, uint8_t* iv, Cipher ci, uint32_t opts) { if (cipher_deferred_handling(ci)) { // If overriden by user implementation. return _sym_overrides[ci](in, in_len, out, out_len, key, key_len, iv, ci, opts); } int8_t ret = -1; switch (ci) { #if defined(MBEDTLS_AES_C) case Cipher::SYM_AES_256_CBC: case Cipher::SYM_AES_192_CBC: case Cipher::SYM_AES_128_CBC: { mbedtls_aes_context ctx; if (opts & OP_ENCRYPT) { mbedtls_aes_setkey_enc(&ctx, key, (unsigned int) key_len); } else { mbedtls_aes_setkey_dec(&ctx, key, (unsigned int) key_len); } ret = mbedtls_aes_crypt_cbc(&ctx, _cipher_opcode(ci, opts), in_len, iv, in, out); mbedtls_aes_free(&ctx); } break; #endif #if defined(MBEDTLS_RSA_C) case Cipher::ASYM_RSA: { mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_init(&ctr_drbg); size_t olen = 0; mbedtls_pk_context ctx; mbedtls_pk_init(&ctx); if (opts & OP_ENCRYPT) { ret = mbedtls_pk_encrypt(&ctx, in, in_len, out, &olen, out_len, mbedtls_ctr_drbg_random, &ctr_drbg); } else { ret = mbedtls_pk_decrypt(&ctx, in, in_len, out, &olen, out_len, mbedtls_ctr_drbg_random, &ctr_drbg); } mbedtls_pk_free(&ctx); } break; #endif #if defined(MBEDTLS_BLOWFISH_C) case Cipher::SYM_BLOWFISH_CBC: { mbedtls_blowfish_context ctx; mbedtls_blowfish_setkey(&ctx, key, key_len); ret = mbedtls_blowfish_crypt_cbc(&ctx, _cipher_opcode(ci, opts), in_len, iv, in, out); mbedtls_blowfish_free(&ctx); } break; #endif #if defined(WRAPPED_SYM_NULL) case Cipher::SYM_NULL: memcpy(out, in, in_len); ret = 0; break; #endif default: break; } return ret; }