static Variant mcrypt_generic(CObjRef td, CStrRef data, bool dencrypt) { MCrypt *pm = td.getTyped<MCrypt>(); if (!pm->m_init) { raise_warning("Operation disallowed prior to mcrypt_generic_init()."); return false; } if (data.empty()) { raise_warning("An empty string was passed"); return false; } unsigned char* data_s; int block_size, data_size; /* Check blocksize */ if (mcrypt_enc_is_block_mode(pm->m_td) == 1) { /* It's a block algorithm */ block_size = mcrypt_enc_get_block_size(pm->m_td); data_size = (((data.size() - 1) / block_size) + 1) * block_size; data_s = (unsigned char*)malloc(data_size + 1); memset(data_s, 0, data_size); memcpy(data_s, data.data(), data.size()); } else { /* It's not a block algorithm */ data_size = data.size(); data_s = (unsigned char*)malloc(data_size + 1); memcpy(data_s, data.data(), data.size()); } if (dencrypt) { mdecrypt_generic(pm->m_td, data_s, data_size); } else { mcrypt_generic(pm->m_td, data_s, data_size); } data_s[data_size] = '\0'; return String((char*)data_s, data_size, AttachString); }
static unsigned cipher_block_size(PX_Cipher * c) { MCRYPT ctx = (MCRYPT) c->ptr; return mcrypt_enc_get_block_size(ctx); }
EMOKIT_DECLSPEC int emokit_init_crypto(emokit_device* s) { emokit_get_crypto_key(s, 1); //libmcrypt initialization s->td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, NULL, MCRYPT_ECB, NULL); s->blocksize = mcrypt_enc_get_block_size(s->td); //should return a 16bits blocksize s->block_buffer = malloc(s->blocksize); mcrypt_generic_init(s->td, s->key, EMOKIT_KEYSIZE, NULL); return 0; }
int encrypt_buffer(void* buf, int buf_len, char* key, int key_len) { MCRYPT td = mcrypt_module_open("rijndael-128", NULL, "cbc", NULL); int blocksize = mcrypt_enc_get_block_size(td); if(buf_len % blocksize != 0) { return -1; } mcrypt_generic_init(td, key, key_len, IV); mcrypt_generic(td, buf, buf_len); mcrypt_generic_deinit (td); mcrypt_module_close(td); return 0; }
int epoc_init_crypto(epoc_device* s) { epoc_get_crypto_key(s->serial, ""); //libmcrypt initialization td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, NULL, MCRYPT_ECB, NULL); blocksize = mcrypt_enc_get_block_size(td); //should return a 16bits blocksize block_buffer = malloc(blocksize); mcrypt_generic_init( td, key, KEYSIZE, NULL); return 0; }
Variant f_mcrypt_get_block_size(CStrRef cipher, CStrRef module /* = null_string */) { MCRYPT td = mcrypt_module_open((char*)cipher.data(), (char*)MCG(algorithms_dir).data(), (char*)module.data(), (char*)MCG(modes_dir).data()); if (td == MCRYPT_FAILED) { raise_warning(MCRYPT_OPEN_MODULE_FAILED); return false; } int64_t ret = mcrypt_enc_get_block_size(td); mcrypt_module_close(td); return ret; }
Variant HHVM_FUNCTION(mcrypt_get_block_size, const String& cipher, const Variant& module /* = null_string */) { MCRYPT td = mcrypt_module_open((char*)cipher.data(), (char*)MCG(algorithms_dir).data(), (char*)module.asCStrRef().data(), (char*)MCG(modes_dir).data()); if (td == MCRYPT_FAILED) { MCRYPT_OPEN_MODULE_FAILED("mcrypt_get_block_size"); return false; } int64_t ret = mcrypt_enc_get_block_size(td); mcrypt_module_close(td); return ret; }
int encrypt(void* buffer, int buffer_len, /* Because the plaintext could include null bytes*/ char* IV, char* key, int key_len) { MCRYPT td = mcrypt_module_open("rijndael-128", NULL, "cbc", NULL); int blocksize = mcrypt_enc_get_block_size(td); if (buffer_len % blocksize != 0) { return 1; } mcrypt_generic_init(td, key, key_len, IV); mcrypt_generic(td, buffer, buffer_len); mcrypt_generic_deinit(td); mcrypt_module_close(td); return 0; }
main() { MCRYPT td; int i; char *key; /* created using mcrypt_gen_key */ char *block_buffer; char *IV; int blocksize; int keysize = 24; /* 192 bits == 24 bytes */ key = calloc(1, keysize); strcpy(key, "A_large_and_random_key"); td = mcrypt_module_open("saferplus", NULL, "cbc", NULL); blocksize = mcrypt_enc_get_block_size(td); block_buffer = malloc(blocksize); /* but unfortunately this does not fill all the key so the rest bytes are * padded with zeros. Try to use large keys or convert them with mcrypt_gen_key(). */ IV=malloc(mcrypt_enc_get_iv_size(td)); /* Put random data in IV. Note these are not real random data, * consider using /dev/random or /dev/urandom. */ /* srand(time(0)); */ for (i=0; i < mcrypt_enc_get_iv_size(td); i++) { IV[i]=rand(); } mcrypt_generic_init ( td key, keysize, IV); /* Encryption in CBC is performed in blocks */ while ( fread (block_buffer, 1, blocksize, stdin) == blocksize ) { mcrypt_generic (td, block_buffer, blocksize); /* mdecrypt_generic (td, block_buffer, blocksize); */ fwrite ( block_buffer, 1, blocksize, stdout); } mcrypt_generic_end (td); return 0; }
void dump_testcase_keysize(MCRYPT td, int key_size) { unsigned char *key, *iv = NULL; int iv_size, block_size; int mc_ret; padding_t padding; key = gen_rand_data(key_size); iv_size = mcrypt_enc_get_iv_size(td); if (iv_size != 0) { iv = gen_rand_data(iv_size); } /* * Generate a test case for these plaintext sizes: * * * empty: test behavior of padding on empty blocks * * 5-byte: odd, and smaller than any block size * * block_size - 1: edge case * * block_size: generally guaranteed to work * * block_size * 2 - 1: multiblock edge case * * block_size * 3: more multiblock */ block_size = mcrypt_enc_get_block_size(td); padding = mcrypt_enc_is_block_mode(td) ? PADDING_PKCS7 : PADDING_NONE; for (; padding <= PADDING_ZEROS; padding++) { dump_testcase_block(td, key, key_size, iv, iv_size, 0, padding); dump_testcase_block(td, key, key_size, iv, iv_size, 5, padding); dump_testcase_block(td, key, key_size, iv, iv_size, block_size - 1, padding); dump_testcase_block(td, key, key_size, iv, iv_size, block_size, padding); dump_testcase_block(td, key, key_size, iv, iv_size, block_size * 2 - 1, padding); dump_testcase_block(td, key, key_size, iv, iv_size, block_size * 3, padding); } free(key); if (iv) free(iv); return; }
int epoc_init(enum headset_type type) { if(type == RESEARCH_HEADSET) memcpy(key, RESEARCHKEY, KEYSIZE); else if(type == CONSUMER_HEADSET) memcpy(key, CONSUMERKEY, KEYSIZE); else if(type == SPECIAL_HEADSET) memcpy(key, SPECIALKEY, KEYSIZE); //libmcrypt initialization td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, NULL, MCRYPT_ECB, NULL); blocksize = mcrypt_enc_get_block_size(td); //should return a 16bits blocksize block_buffer = malloc(blocksize); mcrypt_generic_init( td, key, KEYSIZE, NULL); return 0; }
static Variant mcrypt_generic(const Resource& td, const String& data, bool dencrypt) { auto pm = cast<MCrypt>(td); if (!pm->m_init) { raise_warning("Operation disallowed prior to mcrypt_generic_init()."); return false; } if (data.empty()) { raise_warning("An empty string was passed"); return false; } String s; unsigned char* data_s; int block_size, data_size; /* Check blocksize */ if (mcrypt_enc_is_block_mode(pm->m_td) == 1) { /* It's a block algorithm */ block_size = mcrypt_enc_get_block_size(pm->m_td); data_size = (((data.size() - 1) / block_size) + 1) * block_size; s = String(data_size, ReserveString); data_s = (unsigned char *)s.mutableData(); memset(data_s, 0, data_size); memcpy(data_s, data.data(), data.size()); } else { /* It's not a block algorithm */ data_size = data.size(); s = String(data_size, ReserveString); data_s = (unsigned char *)s.mutableData(); memcpy(data_s, data.data(), data.size()); } if (dencrypt) { mdecrypt_generic(pm->m_td, data_s, data_size); } else { mcrypt_generic(pm->m_td, data_s, data_size); } s.setSize(data_size); return s; }
int main() { MCRYPT td, td2; int i, t, imax; int j, jmax, ivsize; int x = 0, siz; char **names; char **modes; char *text; unsigned char *IV; unsigned char *key; int keysize; names = mcrypt_list_algorithms (ALGORITHMS_DIR, &jmax); modes = mcrypt_list_modes (MODES_DIR, &imax); if (names==NULL || modes==NULL) { fprintf(stderr, "Error getting algorithms/modes\n"); exit(1); } for (j=0;j<jmax;j++) { printf( "Algorithm: %s... ", names[j]); if (mcrypt_module_self_test( names[j], ALGORITHMS_DIR)==0) { printf( "ok\n"); } else { x=1; printf( "\n"); } printf( "Modes:\n"); for (i=0;i<imax;i++) { td = mcrypt_module_open(names[j], ALGORITHMS_DIR, modes[i], MODES_DIR); td2 = mcrypt_module_open(names[j], ALGORITHMS_DIR, modes[i], MODES_DIR); if (td != MCRYPT_FAILED && td2 != MCRYPT_FAILED) { keysize = mcrypt_enc_get_key_size(td); key = calloc(1, keysize); if (key==NULL) exit(1); for (t=0;t<keysize;t++) key[t] = (t % 255) + 13; ivsize = mcrypt_enc_get_iv_size(td); if (ivsize>0) { IV = calloc( 1, ivsize); if (IV==NULL) exit(1); for (t=0;t<ivsize;t++) IV[t] = (t*2 % 255) + 15; } if (mcrypt_generic_init( td, key, keysize, IV) < 0) { fprintf(stderr, "Failed to Initialize algorithm!\n"); return -1; } if (mcrypt_enc_is_block_mode(td)!=0) siz = (strlen(TEXT) / mcrypt_enc_get_block_size(td))*mcrypt_enc_get_block_size(td); else siz = strlen(TEXT); text = calloc( 1, siz); if (text==NULL) exit(1); memmove( text, TEXT, siz); mcrypt_generic( td, text, siz); if (mcrypt_generic_init( td2, key, keysize, IV) < 0) { fprintf(stderr, "Failed to Initialize algorithm!\n"); return -1; } mdecrypt_generic( td2, text, siz); if ( memcmp( text, TEXT, siz) == 0) { printf( " %s: ok\n", modes[i]); } else { printf( " %s: failed\n", modes[i]); x=1; } mcrypt_generic_deinit(td); mcrypt_generic_deinit(td2); mcrypt_module_close(td); mcrypt_module_close(td2); free(text); free(key); if (ivsize>0) free(IV); } } printf("\n"); } mcrypt_free_p(names, jmax); mcrypt_free_p(modes, imax); if (x>0) fprintf(stderr, "\nProbably some of the algorithms listed above failed. " "Try not to use these algorithms, and file a bug report to [email protected]\n\n"); return x; }
void dump_testcase_block(MCRYPT td, unsigned char *key, int key_size, unsigned char *iv, int iv_size, int data_size, padding_t padding) { int mc_ret; int is_block, block_size, block_overlap, block_fill; int i; unsigned char *plaintext, *ciphertext; mc_ret = mcrypt_generic_init(td, (void *)key, key_size, (void *)iv); if (mc_ret < 0) { mcrypt_perror(mc_ret); return; } plaintext = gen_rand_data(data_size); if (plaintext == NULL) { return; } is_block = mcrypt_enc_is_block_mode(td); if (is_block) { block_size = mcrypt_enc_get_block_size(td); block_overlap = data_size % block_size; block_fill = block_size - block_overlap; if (padding == PADDING_NONE) { /* do nothing */ } else if (padding == PADDING_PKCS7) { if (block_fill == 0) { /* ALWAYS add padding */ block_fill = block_size; } plaintext = (unsigned char *)realloc(plaintext, data_size + block_fill); for (i = 0; i < block_fill; i++) { plaintext[data_size+i] = block_fill; } data_size = data_size + block_fill; if ((data_size % block_size) != 0) { fprintf(stderr, "bad data size!\n"); exit(1); } } else if (padding == PADDING_ZEROS) { if (block_overlap != 0) { plaintext = (unsigned char *)realloc(plaintext, data_size + block_fill); for (i = 0; i < block_fill; i++) { plaintext[data_size+i] = '\0'; } data_size = data_size + block_fill; } } else { fprintf(stderr, "bad error\n"); exit(1); } } ciphertext = malloc(data_size); if (ciphertext == NULL) { fprintf(stderr, "Out of memory\n"); return; } memcpy( (void *)ciphertext, (void *)plaintext, data_size); mc_ret = mcrypt_generic(td, ciphertext, data_size); if (mc_ret == 0) { char *enc_key, *enc_iv, *enc_pt, *enc_ct; enc_key = dump_value( (void *)key, key_size ); enc_iv = dump_value( (void *)iv, iv_size ); enc_pt = dump_value( (void *)plaintext, data_size ); enc_ct = dump_value( (void *)ciphertext, data_size ); printf("algo=%s,mode=%s,key=%s,iv=%s,padding=%s,pt=%s,ct=%s\n", testing_algo, testing_mode, enc_key, enc_iv, padding_name(padding), enc_pt, enc_ct); free(enc_key); free(enc_iv); free(enc_pt); free(enc_ct); } free(plaintext); free(ciphertext); mc_ret = mcrypt_generic_deinit(td); if (mc_ret < 0) { fprintf(stderr, "Error %d during deinit of %s in %s mode" " (%d-byte key)\n", testing_algo, testing_mode, key_size); return; } }
int main(int argc, char **argv) { int dev,cnt,sock; unsigned char buf_frame[1536+sizeof(struct ether_header)]; unsigned char *buf = buf_frame+sizeof(struct ether_header); struct ether_header *header = (struct ether_header*) buf_frame; #ifndef __NetBSD__ struct ifreq ifr; #endif MCRYPT td; char *key; int blocksize=0; int keysize = 32; /* 256 bits == 32 bytes */ char enc_state[1024]; int enc_state_size; char* tun_device = "/dev/net/tun"; char* dev_name="tun%d"; if(getenv("TUN_DEVICE")) { tun_device = getenv("TUN_DEVICE"); } if(getenv("DEV_NAME")) { dev_name = getenv("DEV_NAME"); } if(getenv("MCRYPT_KEYFILE")) { if (getenv("MCRYPT_KEYSIZE")) { keysize=atoi(getenv("MCRYPT_KEYSIZE"))/8; } key = calloc(1, keysize); FILE* keyf = fopen(getenv("MCRYPT_KEYFILE"), "r"); if (!keyf) { perror("fopen keyfile"); return 10; } memset(key, 0, keysize); fread(key, 1, keysize, keyf); fclose(keyf); char* algo="twofish"; char* mode="cbc"; if (getenv("MCRYPT_ALGO")) { algo = getenv("MCRYPT_ALGO"); } if (getenv("MCRYPT_MODE")) { mode = getenv("MCRYPT_MODE"); } td = mcrypt_module_open(algo, NULL, mode, NULL); if (td==MCRYPT_FAILED) { fprintf(stderr, "mcrypt_module_open failed algo=%s mode=%s keysize=%d\n", algo, mode, keysize); return 11; } blocksize = mcrypt_enc_get_block_size(td); //block_buffer = malloc(blocksize); mcrypt_generic_init( td, key, keysize, NULL); enc_state_size = sizeof enc_state; mcrypt_enc_get_state(td, enc_state, &enc_state_size); } if(argc<=2) { fprintf(stderr, "Usage: tap_mcrypt plaintext_interface destination_mac_address\n" "Example: tap_mcrypt wlan0 ff:ff:ff:ff:ff:ff\n" " (note that ff:ff:ff:ff:ff:ff may work bad in Wi-Fi)\n" " Environment variables:\n" " TUN_DEVICE /dev/net/tun\n" " DEV_NAME name of the device, default tun%%d\n" " SOURCE_MAC_ADDRESS -- by default use interface's one\n" " \n" " MCRYPT_KEYFILE -- turn on encryption, read key from this file\n" " MCRYPT_KEYSIZE -- key size in bits, default 256\n" " MCRYPT_ALGO -- algorithm, default is twofish. aes256 is called rijndael-256\n" " MCRYPT_MODE -- mode, default is CBC\n" ); exit(1); } char* interface = argv[1]; char* dest_mac = argv[2]; if((dev = open(tun_device, O_RDWR)) < 0) { fprintf(stderr,"open(%s) failed: %s\n", tun_device, strerror(errno)); exit(2); } #ifndef __NetBSD__ memset(&ifr, 0, sizeof(ifr)); ifr.ifr_flags = IFF_TAP | IFF_NO_PI; strncpy(ifr.ifr_name, dev_name, IFNAMSIZ); if(ioctl(dev, TUNSETIFF, (void*) &ifr) < 0) { perror("ioctl(TUNSETIFF) failed"); exit(3); } { struct ifreq ifr_tun; strncpy(ifr_tun.ifr_name, ifr.ifr_name, IFNAMSIZ); if((sock = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)))==-1) { perror("socket() failed"); exit(4); } if (ioctl(sock, SIOCGIFFLAGS, &ifr_tun) < 0) { perror("ioctl SIOCGIFFLAGS"); } ifr_tun.ifr_mtu=1408; if(ioctl(sock, SIOCSIFMTU, (void*) &ifr_tun) < 0) { perror("ioctl(SIOCSIFMTU) failed"); } close(sock); } #endif if((sock = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)))==-1) { perror("socket() failed"); exit(4); } char source_mac[6]; int card_index; struct sockaddr_ll device; memset(&device, 0, sizeof(device)); init_MAC_addr(sock, interface, source_mac, &card_index); device.sll_ifindex=card_index; device.sll_family = AF_PACKET; memcpy(device.sll_addr, source_mac, 6); device.sll_halen = htons(6); parseMac(dest_mac, header->ether_dhost); memcpy(header->ether_shost, source_mac, 6); header->ether_type = htons(0x08F4); if(fork()) while(1) { cnt=read(dev,(void*)buf,1518); //printpacket("sent", buf, cnt); if (blocksize) { cnt = ((cnt-1)/blocksize+1)*blocksize; // pad to block size mcrypt_generic (td, buf, cnt); mcrypt_enc_set_state (td, enc_state, enc_state_size); } //printpacket("encr", buf, cnt); sendto(sock, buf_frame, cnt+sizeof(struct ether_header),0,(struct sockaddr *)&device, sizeof device); } else while(1) { size_t size = sizeof device; cnt=recvfrom(sock,buf_frame,1536,0,(struct sockaddr *)&device,&size); if(device.sll_ifindex != card_index) { continue; /* Not our interface */ } if(header->ether_type != htons(0x08F4)) { continue; /* Not our protocol type */ } cnt-=sizeof(struct ether_header); //printpacket("recv", buf, cnt); if (blocksize) { cnt = ((cnt-1)/blocksize+1)*blocksize; // pad to block size mdecrypt_generic (td, buf, cnt); mcrypt_enc_set_state (td, enc_state, enc_state_size); } //printpacket("decr", buf, cnt); write(dev,(void*)buf,cnt); } if (blocksize) { mcrypt_generic_deinit (td); mcrypt_module_close(td); } }
static int check_auth_cookie(request_rec *r) { const char *cookies = NULL, *auth_line = NULL; char *cookie = NULL; /* Debug. */ /*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "check_auth_cookie called");*/ /* Get config for this directory. */ cookie_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, &auth_cookie_module); /* Check we have been configured. */ if (!conf->cookie_auth_cookie) { return DECLINED; } /* Do not override real auth header, unless config instructs us to. */ if (!conf->cookie_auth_override && apr_table_get(r->headers_in, "Authorization")) { if (conf->cookie_auth_env) { unsetenv(conf->cookie_auth_env); } return DECLINED; } /* todo: protect against xxxCookieNamexxx, regex? */ /* todo: make case insensitive? */ /* Get the cookie (code from mod_log_config). */ if ((cookies = apr_table_get(r->headers_in, "Cookie"))) { char *start_cookie, *end_cookie; if ((start_cookie = ap_strstr_c(cookies, conf->cookie_auth_cookie))) { start_cookie += strlen(conf->cookie_auth_cookie) + 1; cookie = apr_pstrdup(r->pool, start_cookie); /* kill everything in cookie after ';' */ end_cookie = strchr(cookie, ';'); if (end_cookie) { *end_cookie = '\0'; } ap_unescape_url(cookie); } } /* No cookie? Nothing for us to do. */ if (!cookie) { if (conf->cookie_auth_unauth_redirect) { const char* redirect = conf->cookie_auth_unauth_redirect; compose_and_set_redirect(r, redirect); return HTTP_MOVED_TEMPORARILY; } else { return DECLINED; } } /* Debug. */ /*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s=%s", conf->cookie_auth_cookie, cookie);*/ char* aux_auth_info = ""; /* Construct the fake auth_line. */ if (conf->cookie_auth_base64) { char* decoded_cookie = apr_palloc(r->pool, apr_base64_decode_len(cookie)); int decoded_cookie_length = apr_base64_decode(decoded_cookie, cookie); int valid = 1; /* if the cookie is encrypted, decrypt it in place */ if (conf->cookie_auth_encrypt) { MCRYPT td = mcrypt_module_open("rijndael-128", NULL, "cbc", NULL); int keysize = strlen(conf->cookie_auth_encrypt); int blocksize = mcrypt_enc_get_block_size(td); // We will copy the iv from the beginning of the cookie. // The iv does not need to be null-terminated, but we will // null-terminate it for convenience. int iv_length = mcrypt_enc_get_iv_size(td); char* iv = (char*) apr_palloc(r->pool, iv_length + 1); memcpy(iv, decoded_cookie, iv_length); iv[iv_length] = '\0'; // Take the iv off the beginning of the cookie decoded_cookie += iv_length; decoded_cookie_length -= iv_length; mcrypt_generic_init( td, conf->cookie_auth_encrypt, keysize, iv); // Encryption in CBC is performed in blocks, so our // decryption string will always be an integral number // of full blocks. char* decrypt_ptr = decoded_cookie; while (decoded_cookie_length >= blocksize) { mdecrypt_generic(td, decrypt_ptr, blocksize); decrypt_ptr += blocksize; decoded_cookie_length -= blocksize; } if (decoded_cookie_length != 0) { valid = 0; } mcrypt_generic_deinit (td); mcrypt_module_close(td); /*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "mdecrypt(%s)=%s", conf->cookie_auth_cookie, decoded_cookie);*/ } /* if the cookie did not decrypt, then do nothing */ if (valid) { char* end_auth_info = strchr(decoded_cookie, '\t'); if (end_auth_info) { aux_auth_info = decoded_cookie; char* unencoded_cookie = end_auth_info + 1; *end_auth_info = 0; auth_line = apr_pstrcat(r->pool, "Basic ", ap_pbase64encode(r->pool, unencoded_cookie), NULL); } else { auth_line = apr_pstrcat(r->pool, "Basic ", ap_pbase64encode(r->pool, decoded_cookie), NULL); } } } else { // Aux auth info and cookie encrypt features only available in base64 mode ap_unescape_url(cookie); auth_line = apr_pstrcat(r->pool, "Basic ", ap_pbase64encode(r->pool, cookie), NULL); } /* If there is aux auth info, then set the env variable */ if (conf->cookie_auth_env) { apr_table_set(r->subprocess_env, conf->cookie_auth_env, aux_auth_info); } /* Debug. */ /*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Authorization: %s", auth_line);*/ /* If there is no aux auth info, then force a redirect if our conf directives say that we should */ if (conf->cookie_auth_env_redirect && !strlen(aux_auth_info)) { const char* redirect = conf->cookie_auth_env_redirect; compose_and_set_redirect(r, redirect); return HTTP_MOVED_TEMPORARILY; } else { /* Set fake auth_line. */ if (auth_line) { apr_table_set(r->headers_in, "Authorization", auth_line); } } /* Always return DECLINED because we don't authorize, */ /* we just set things up for the next auth module to. */ return DECLINED; }
/* {{{ php_mcrypt_filter_create * Instantiate mcrypt filter */ static php_stream_filter *php_mcrypt_filter_create(const char *filtername, zval *filterparams, int persistent) { int encrypt = 1, iv_len, key_len, keyl, result; const char *cipher = filtername + sizeof("mcrypt.") - 1; zval *tmpzval; MCRYPT mcrypt_module; char *iv = NULL, *key = NULL; char *algo_dir = INI_STR("mcrypt.algorithms_dir"); char *mode_dir = INI_STR("mcrypt.modes_dir"); char *mode = "cbc"; php_mcrypt_filter_data *data; if (strncasecmp(filtername, "mdecrypt.", sizeof("mdecrypt.") - 1) == 0) { encrypt = 0; cipher += sizeof("de") - 1; } else if (strncasecmp(filtername, "mcrypt.", sizeof("mcrypt.") - 1) != 0) { /* Should never happen */ return NULL; } if (!filterparams || Z_TYPE_P(filterparams) != IS_ARRAY) { php_error_docref(NULL, E_WARNING, "Filter parameters for %s must be an array", filtername); return NULL; } if ((tmpzval = zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("mode")))) { if (Z_TYPE_P(tmpzval) == IS_STRING) { mode = Z_STRVAL_P(tmpzval); } else { php_error_docref(NULL, E_WARNING, "mode is not a string, ignoring"); } } if ((tmpzval=zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("algorithms_dir")))) { if (Z_TYPE_P(tmpzval) == IS_STRING) { algo_dir = Z_STRVAL_P(tmpzval); } else { php_error_docref(NULL, E_WARNING, "algorithms_dir is not a string, ignoring"); } } if ((tmpzval=zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("modes_dir")))) { if (Z_TYPE_P(tmpzval) == IS_STRING) { mode_dir = Z_STRVAL_P(tmpzval); } else { php_error_docref(NULL, E_WARNING, "modes_dir is not a string, ignoring"); } } if ((tmpzval = zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("key"))) && Z_TYPE_P(tmpzval) == IS_STRING) { key = Z_STRVAL_P(tmpzval); key_len = (int)Z_STRLEN_P(tmpzval); } else { php_error_docref(NULL, E_WARNING, "key not specified or is not a string"); return NULL; } mcrypt_module = mcrypt_module_open((char *)cipher, algo_dir, mode, mode_dir); if (mcrypt_module == MCRYPT_FAILED) { php_error_docref(NULL, E_WARNING, "Could not open encryption module"); return NULL; } iv_len = mcrypt_enc_get_iv_size(mcrypt_module); keyl = mcrypt_enc_get_key_size(mcrypt_module); if (keyl < key_len) { key_len = keyl; } if (!(tmpzval = zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("iv"))) || Z_TYPE_P(tmpzval) != IS_STRING) { php_error_docref(NULL, E_WARNING, "Filter parameter[iv] not provided or not of type: string"); mcrypt_module_close(mcrypt_module); return NULL; } iv = emalloc(iv_len + 1); if ((size_t)iv_len <= Z_STRLEN_P(tmpzval)) { memcpy(iv, Z_STRVAL_P(tmpzval), iv_len); } else { memcpy(iv, Z_STRVAL_P(tmpzval), Z_STRLEN_P(tmpzval)); memset(iv + Z_STRLEN_P(tmpzval), 0, iv_len - Z_STRLEN_P(tmpzval)); } result = mcrypt_generic_init(mcrypt_module, key, key_len, iv); efree(iv); if (result < 0) { switch (result) { case -3: php_error_docref(NULL, E_WARNING, "Key length incorrect"); break; case -4: php_error_docref(NULL, E_WARNING, "Memory allocation error"); break; case -1: default: php_error_docref(NULL, E_WARNING, "Unknown error"); break; } mcrypt_module_close(mcrypt_module); return NULL; } data = pemalloc(sizeof(php_mcrypt_filter_data), persistent); data->module = mcrypt_module; data->encrypt = encrypt; if (mcrypt_enc_is_block_mode(mcrypt_module)) { data->blocksize = mcrypt_enc_get_block_size(mcrypt_module); data->block_buffer = pemalloc(data->blocksize, persistent); } else { data->blocksize = 0; data->block_buffer = NULL; } data->block_used = 0; data->persistent = persistent; return php_stream_filter_alloc(&php_mcrypt_filter_ops, data, persistent); }
int64_t f_mcrypt_enc_get_block_size(CObjRef td) { return mcrypt_enc_get_block_size(td.getTyped<MCrypt>()->m_td); }
int64_t HHVM_FUNCTION(mcrypt_enc_get_block_size, const Resource& td) { return mcrypt_enc_get_block_size(cast<MCrypt>(td)->m_td); }
static Variant php_mcrypt_do_crypt(CStrRef cipher, CStrRef key, CStrRef data, CStrRef mode, CStrRef iv, bool dencrypt) { MCRYPT td = mcrypt_module_open((char*)cipher.data(), (char*)MCG(algorithms_dir).data(), (char*)mode.data(), (char*)MCG(modes_dir).data()); if (td == MCRYPT_FAILED) { raise_warning(MCRYPT_OPEN_MODULE_FAILED); return false; } /* Checking for key-length */ int max_key_length = mcrypt_enc_get_key_size(td); if (key.size() > max_key_length) { raise_warning("Size of key is too large for this algorithm"); } int count; int *key_length_sizes = mcrypt_enc_get_supported_key_sizes(td, &count); int use_key_length; char *key_s = NULL; if (count == 0 && key_length_sizes == NULL) { // all lengths 1 - k_l_s = OK use_key_length = key.size(); key_s = (char*)malloc(use_key_length); memcpy(key_s, key.data(), use_key_length); } else if (count == 1) { /* only m_k_l = OK */ key_s = (char*)malloc(key_length_sizes[0]); memset(key_s, 0, key_length_sizes[0]); memcpy(key_s, key.data(), MIN(key.size(), key_length_sizes[0])); use_key_length = key_length_sizes[0]; } else { /* dertermine smallest supported key > length of requested key */ use_key_length = max_key_length; /* start with max key length */ for (int i = 0; i < count; i++) { if (key_length_sizes[i] >= key.size() && key_length_sizes[i] < use_key_length) { use_key_length = key_length_sizes[i]; } } key_s = (char*)malloc(use_key_length); memset(key_s, 0, use_key_length); memcpy(key_s, key.data(), MIN(key.size(), use_key_length)); } mcrypt_free(key_length_sizes); /* Check IV */ char *iv_s = NULL; int iv_size = mcrypt_enc_get_iv_size(td); /* IV is required */ if (mcrypt_enc_mode_has_iv(td) == 1) { if (!iv.empty()) { if (iv_size != iv.size()) { raise_warning("The IV parameter must be as long as the blocksize"); } else { iv_s = (char*)malloc(iv_size + 1); memcpy(iv_s, iv.data(), iv_size); } } else { raise_warning("Attempt to use an empty IV, which is NOT recommended"); iv_s = (char*)malloc(iv_size + 1); memset(iv_s, 0, iv_size + 1); } } int block_size; unsigned long int data_size; String s; char *data_s; /* Check blocksize */ if (mcrypt_enc_is_block_mode(td) == 1) { /* It's a block algorithm */ block_size = mcrypt_enc_get_block_size(td); data_size = (((data.size() - 1) / block_size) + 1) * block_size; s = String(data_size, ReserveString); data_s = (char*)s.mutableSlice().ptr; memset(data_s, 0, data_size); memcpy(data_s, data.data(), data.size()); } else { /* It's not a block algorithm */ data_size = data.size(); s = String(data_size, ReserveString); data_s = (char*)s.mutableSlice().ptr; memcpy(data_s, data.data(), data.size()); } if (mcrypt_generic_init(td, key_s, use_key_length, iv_s) < 0) { raise_warning("Mcrypt initialisation failed"); return false; } if (dencrypt) { mdecrypt_generic(td, data_s, data_size); } else { mcrypt_generic(td, data_s, data_size); } /* freeing vars */ mcrypt_generic_end(td); if (key_s != NULL) { free(key_s); } if (iv_s != NULL) { free(iv_s); } return s.setSize(data_size); }
int main() { MCRYPT td, td2; int i, t, imax; int j, jmax, ivsize; int x = 0, siz; char *text; unsigned char *IV; unsigned char *key; int keysize; td = mcrypt_module_open("idea", ALGORITHMS_DIR, "cbc", MODES_DIR); td2 = mcrypt_module_open("idea", ALGORITHMS_DIR, "cbc", MODES_DIR); if (td != MCRYPT_FAILED && td2 != MCRYPT_FAILED) { fprintf(stderr, "Created IDEA cipher.\n"); keysize = mcrypt_enc_get_key_size(td); fprintf(stderr, "Cipher key size %d.\n", keysize); key = calloc(1, keysize); if (key==NULL) exit(1); for (t=0;t<keysize;t++) key[t] = (t % 255) + 13; ivsize = mcrypt_enc_get_iv_size(td); fprintf(stderr, "IV size %d.\n", ivsize); if (ivsize>0) { IV = calloc( 1, ivsize); if (IV==NULL) exit(1); for (t=0;t<ivsize;t++) IV[t] = (t*2 % 255) + 15; } if (mcrypt_generic_init( td, key, keysize, IV) < 0) { fprintf(stderr, "Failed to Initialize algorithm!\n"); return -1; } if (mcrypt_enc_is_block_mode(td)!=0) siz = (strlen(TEXT) / mcrypt_enc_get_block_size(td))*mcrypt_enc_get_block_size(td); else siz = strlen(TEXT); text = calloc( 1, siz); if (text==NULL) exit(1); memmove( text, TEXT, siz); mcrypt_generic( td, text, siz); if (mcrypt_generic_init( td2, key, keysize, IV) < 0) { fprintf(stderr, "Failed to Initialize algorithm!\n"); return -1; } mdecrypt_generic( td2, text, siz); if ( memcmp( text, TEXT, siz) == 0) { printf( " %s: ok\n", "cbc"); } else { printf( " %s: failed\n", "cbc"); x=1; } mcrypt_generic_deinit(td); mcrypt_generic_deinit(td2); mcrypt_module_close(td); mcrypt_module_close(td2); free(text); free(key); if (ivsize>0) free(IV); } return 0; }