int CommonCryptoSymOffset(int argc, char *const *argv) { int accum = 0; uint8_t iLikeBigBuffs[ILIKEEMDISBIG]; uint8_t andICannotLie[ILIKEEMDISBIG]; uint8_t iLikeEmRoundandBig[ILIKEEMDISBIG]; int i; size_t moved; CCCryptorStatus retval; byteBuffer key = hexStringToBytes("010203040506070809000a0b0c0d0e0f"); plan_tests(kTestTestCount); for(i=0; i<ALITTLEONTHESIDE; i++) { retval = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, 0, key->bytes, key->len, NULL, iLikeBigBuffs+i, ILIKEEMDISBIG-16, andICannotLie+i, ILIKEEMDISBIG, &moved); retval = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, 0, key->bytes, key->len, NULL, andICannotLie+i, moved, iLikeEmRoundandBig+i, ILIKEEMDISBIG, &moved); if(moved != (ILIKEEMDISBIG-16)) retval = 99; else if(memcmp(iLikeBigBuffs+i, iLikeEmRoundandBig+i, moved)) retval = 999; ok(retval == 0, "Encrypt/Decrypt Cycle"); accum += retval; } return accum != 0; }
static bool aes_operation(bool encrypt, const uint8_t *kek, size_t kek_len, uint8_t *block) { uint64_t iv[2] = { 0 }; size_t bytes_moved = 0; return (0 == CCCrypt(encrypt? kCCEncrypt : kCCDecrypt, kCCAlgorithmAES128, 0, kek, kek_len, iv, block, kCCBlockSizeAES128, block, kCCBlockSizeAES128, &bytes_moved)); }
static int p12Decrypt(pkcs12_context * context, const SecAsn1AlgId *algId, const SecAsn1Item *cipherText, SecAsn1Item *plainText) { NSS_P12_PBE_Params pbep; // XXX/cs not requiring decoding, but if pbep is uninit this will fail later algIdParse(context, algId, &pbep); CCAlgorithm alg = 0; uint32_t keySizeInBits = 0; uint32_t blockSizeInBytes = 0; // for IV, optional CCOptions options = 0; require_noerr_quiet(pkcsOidToParams(&algId->algorithm, &alg, &keySizeInBits, &blockSizeInBytes, &options), out); uint32_t iterCount = 0; require_noerr(p12DataToInt(&pbep.iterations, &iterCount), out); /* P12 style key derivation */ SecAsn1Item key = {0, NULL}; if(keySizeInBits) alloc_item(context, &key, (keySizeInBits+7)/8); require_noerr(p12_pbe_gen(context->passphrase, pbep.salt.Data, pbep.salt.Length, iterCount, PBE_ID_Key, key.Data, key.Length), out); /* P12 style IV derivation, optional */ SecAsn1Item iv = {0, NULL}; if(blockSizeInBytes) { alloc_item(context, &iv, blockSizeInBytes); require_noerr(p12_pbe_gen(context->passphrase, pbep.salt.Data, pbep.salt.Length, iterCount, PBE_ID_IV, iv.Data, iv.Length), out); } SecAsn1Item ourPtext = {0, NULL}; alloc_item(context, &ourPtext, cipherText->Length); require_noerr(CCCrypt(kCCDecrypt, alg, options/*kCCOptionPKCS7Padding*/, key.Data, key.Length, iv.Data, cipherText->Data, cipherText->Length, ourPtext.Data, ourPtext.Length, &ourPtext.Length), out); *plainText = ourPtext; return 0; out: return -1; }
static void rc4_encrypt(const void * clear, uint32_t clear_length, const void * key, uint32_t key_length, void * cypher) { size_t bytes_processed; CCCryptorStatus status; /* sizeof(cypher) == clear_length */ status = CCCrypt(kCCEncrypt, kCCAlgorithmRC4, 0, key, key_length, NULL, clear, clear_length, cypher, clear_length, &bytes_processed); if (status != kCCSuccess) { fprintf(stderr, "rc4_encrypt: CCCrypt failed with %d\n", status); return; } return; }
u2_weak j2_mcd(Pt5, aesc, de)(u2_wire wir_r, u2_atom a, u2_atom b) { c3_y a_y[32]; c3_y b_y[16]; #if defined(U2_OS_osx) size_t siz_i = 0; #else AES_KEY key_u; #endif c3_assert(u2_cr_met(3, a) <= 32); c3_assert(u2_cr_met(3, b) <= 16); u2_cr_bytes(0, 32, a_y, a); u2_cr_bytes(0, 16, b_y, b); #if defined(U2_OS_osx) if ( kCCSuccess != CCCrypt(kCCDecrypt, kCCAlgorithmAES128, kCCOptionECBMode, a_y, kCCKeySizeAES256, 0, b_y, 16, b_y, 16, &siz_i) ) { return u2_bl_bail(wir_r, c3__exit); } else c3_assert(16 == siz_i); #else if ( 0 != AES_set_decrypt_key(a_y, 256, &key_u) ) { return u2_bl_bail(wir_r, c3__exit); } else { AES_decrypt(b_y, b_y, &key_u); } #endif return u2_ci_bytes(16, b_y); }
/* * Test harness for CCCryptor with lots of options. */ CCCryptorStatus doCCCrypt( bool forEncrypt, CCAlgorithm encrAlg, bool doCbc, bool doPadding, const void *keyBytes, size_t keyLen, const void *iv, bool randUpdates, bool inPlace, /* !doPadding only */ size_t ctxSize, /* if nonzero, we allocate ctx */ bool askOutSize, const uint8_t *inText, size_t inTextLen, uint8_t **outText, size_t *outTextLen) /* both returned, WE malloc */ { CCCryptorRef cryptor = NULL; CCCryptorStatus crtn; CCOperation op = forEncrypt ? kCCEncrypt : kCCDecrypt; CCOptions options = 0; uint8_t *outBuf = NULL; /* mallocd output buffer */ uint8_t *outp; /* running ptr into outBuf */ const uint8 *inp; /* running ptr into inText */ size_t outLen; /* bytes remaining in outBuf */ size_t toMove; /* bytes remaining in inText */ size_t thisMoveOut; /* output from CCCryptUpdate()/CCCryptFinal() */ size_t outBytes; /* total bytes actually produced in outBuf */ char ctx[CC_MAX_CTX_SIZE]; /* for CCCryptorCreateFromData() */ uint8_t *textMarker = NULL; /* 8 bytes of marker here after expected end of * output */ char *ctxMarker = NULL; /* ditto for caller-provided context */ unsigned dex; size_t askedOutSize; /* from the lib */ size_t thisOutLen; /* dataOutAvailable we use */ if(ctxSize > CC_MAX_CTX_SIZE) { printf("***HEY! Adjust CC_MAX_CTX_SIZE!\n"); exit(1); } if(!doCbc) { options |= kCCOptionECBMode; } if(doPadding) { options |= kCCOptionPKCS7Padding; } /* just hack this one */ outLen = inTextLen; if(forEncrypt) { outLen += MAX_BLOCK_SIZE; } outBuf = (uint8_t *)malloc(outLen + MARKER_LENGTH); memset(outBuf, 0xEE, outLen + MARKER_LENGTH); /* library should not touch this memory */ textMarker = outBuf + outLen; memset(textMarker, MARKER_BYTE, MARKER_LENGTH); /* subsequent errors to errOut: */ if(inPlace) { memmove(outBuf, inText, inTextLen); inp = outBuf; } else { inp = inText; } if(!randUpdates) { /* one shot */ if(askOutSize) { crtn = CCCrypt(op, encrAlg, options, keyBytes, keyLen, iv, inp, inTextLen, outBuf, 0, &askedOutSize); if(crtn != kCCBufferTooSmall) { printf("***Did not get kCCBufferTooSmall as expected\n"); printf(" alg %d inTextLen %lu cbc %d padding %d keyLen %lu\n", (int)encrAlg, (unsigned long)inTextLen, (int)doCbc, (int)doPadding, (unsigned long)keyLen); printCCError("CCCrypt", crtn); crtn = -1; goto errOut; } outLen = askedOutSize; } crtn = CCCrypt(op, encrAlg, options, keyBytes, keyLen, iv, inp, inTextLen, outBuf, outLen, &outLen); if(crtn) { printCCError("CCCrypt", crtn); goto errOut; } *outText = outBuf; *outTextLen = outLen; goto errOut; } /* random multi updates */ if(ctxSize) { size_t ctxSizeCreated; if(askOutSize) { crtn = CCCryptorCreateFromData(op, encrAlg, options, keyBytes, keyLen, iv, ctx, 0 /* ctxSize */, &cryptor, &askedOutSize); if(crtn != kCCBufferTooSmall) { printf("***Did not get kCCBufferTooSmall as expected\n"); printCCError("CCCryptorCreateFromData", crtn); crtn = -1; goto errOut; } ctxSize = askedOutSize; } crtn = CCCryptorCreateFromData(op, encrAlg, options, keyBytes, keyLen, iv, ctx, ctxSize, &cryptor, &ctxSizeCreated); if(crtn) { printCCError("CCCryptorCreateFromData", crtn); return crtn; } ctxMarker = ctx + ctxSizeCreated; memset(ctxMarker, MARKER_BYTE, MARKER_LENGTH); } else { crtn = CCCryptorCreate(op, encrAlg, options, keyBytes, keyLen, iv, &cryptor); if(crtn) { printCCError("CCCryptorCreate", crtn); return crtn; } } toMove = inTextLen; /* total to go */ outp = outBuf; outBytes = 0; /* bytes actually produced in outBuf */ while(toMove) { uint32 thisMoveIn; /* input to CCryptUpdate() */ thisMoveIn = genRand(1, toMove); logSize(("###ptext segment len %lu\n", (unsigned long)thisMoveIn)); if(askOutSize) { thisOutLen = CCCryptorGetOutputLength(cryptor, thisMoveIn, false); } else { thisOutLen = outLen; } crtn = CCCryptorUpdate(cryptor, inp, thisMoveIn, outp, thisOutLen, &thisMoveOut); if(crtn) { printCCError("CCCryptorUpdate", crtn); goto errOut; } inp += thisMoveIn; toMove -= thisMoveIn; outp += thisMoveOut; outLen -= thisMoveOut; outBytes += thisMoveOut; } if(doPadding) { /* Final is not needed if padding is disabled */ if(askOutSize) { thisOutLen = CCCryptorGetOutputLength(cryptor, 0, true); } else { thisOutLen = outLen; } crtn = CCCryptorFinal(cryptor, outp, thisOutLen, &thisMoveOut); } else { thisMoveOut = 0; crtn = kCCSuccess; } if(crtn) { printCCError("CCCryptorFinal", crtn); goto errOut; } outBytes += thisMoveOut; *outText = outBuf; *outTextLen = outBytes; crtn = kCCSuccess; for(dex=0; dex<MARKER_LENGTH; dex++) { if(textMarker[dex] != MARKER_BYTE) { printf("***lib scribbled on our textMarker memory (op=%s)!\n", forEncrypt ? "encrypt" : "decrypt"); crtn = (CCCryptorStatus)-1; } } if(ctxSize) { for(dex=0; dex<MARKER_LENGTH; dex++) { if(ctxMarker[dex] != MARKER_BYTE) { printf("***lib scribbled on our ctxMarker memory (op=%s)!\n", forEncrypt ? "encrypt" : "decrypt"); crtn = (CCCryptorStatus)-1; } } } errOut: if(crtn) { if(outBuf) { free(outBuf); } } if(cryptor) { CCCryptorRelease(cryptor); } return crtn; }
/** * Encrypts a buffer using the crypto API * * @param SrcBuffer the source data being encrypted * @param SrcLen the size of the buffer in bytes * @param DestBuffer (out) chunk of memory that is written to * @param DestLen (in) the size of the dest buffer, (out) the size of the encrypted data * * @return true if the encryption worked, false otherwise */ static bool EncryptBuffer(const uint8* SrcBuffer,const uint32 SrcLen,uint8* DestBuffer,uint32& DestLen) { bool bEncryptedOk = false; #if PLATFORM_MAC unsigned long long MacAddress = 0; uint32 AddressSize = sizeof(unsigned long long); GetMacAddress((uint8*)&MacAddress,AddressSize); unsigned long long Entropy = 5148284414757334885ull; Entropy ^= MacAddress; uint8 Key[kCCKeySizeAES128]; check(kCCKeySizeAES128 == 2*sizeof(unsigned long long)); FMemory::Memcpy(Key,&Entropy,sizeof(Entropy)); FMemory::Memcpy(Key+sizeof(Entropy),&Entropy,sizeof(Entropy)); size_t OutBufferSize = SrcLen + kCCBlockSizeAES128; uint8* OutBuffer = (uint8*)FMemory::Malloc(OutBufferSize); FMemory::Memset(OutBuffer,0,OutBufferSize); size_t BytesEncrypted = 0; CCCryptorStatus Status = CCCrypt( kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, Key, kCCKeySizeAES128, NULL, SrcBuffer, SrcLen, OutBuffer, OutBufferSize, &BytesEncrypted); if (Status == kCCSuccess) { DestLen = BytesEncrypted; FMemory::Memcpy(DestBuffer,OutBuffer,DestLen); bEncryptedOk = true; } else { UE_LOG(LogTaskBrowser, Log, TEXT("CCCrypt failed w/ 0x%08x"), Status); } FMemory::Free(OutBuffer); #elif PLATFORM_LINUX printf("STaskBrowser.cpp: LINUX EncryptBuffer()\n"); #elif PLATFORM_WINDOWS DATA_BLOB SourceBlob, EntropyBlob, FinalBlob; // Set up the datablob to encrypt SourceBlob.cbData = SrcLen; SourceBlob.pbData = (uint8*)SrcBuffer; // Get the mac address for mixing into the entropy (ties the encryption to a location) ULONGLONG MacAddress = 0; uint32 AddressSize = sizeof(ULONGLONG); GetMacAddress((uint8*)&MacAddress,AddressSize); // Set up the entropy blob (changing this breaks all previous encrypted buffers!) ULONGLONG Entropy = 5148284414757334885ui64; Entropy ^= MacAddress; EntropyBlob.cbData = sizeof(ULONGLONG); EntropyBlob.pbData = (uint8*)&Entropy; // Zero the output data FMemory::Memzero(&FinalBlob,sizeof(DATA_BLOB)); // Now encrypt the data if (CryptProtectData(&SourceBlob, NULL, &EntropyBlob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &FinalBlob)) { if (FinalBlob.cbData <= DestLen) { // Copy the final results DestLen = FinalBlob.cbData; FMemory::Memcpy(DestBuffer,FinalBlob.pbData,DestLen); bEncryptedOk = true; } // Free the encryption buffer LocalFree(FinalBlob.pbData); } else { uint32 Error = GetLastError(); UE_LOG(LogTaskBrowser, Log, TEXT("CryptProtectData failed w/ 0x%08x"), Error); } #else unimplemented(); #endif return bEncryptedOk; }
PSCryptorStatus PSCryptor::EncryptDecrypt (bool encrypt, const void* dataIn, size_t dataLen, void *dataOut, size_t dataOutAvailable, size_t *dataOutMoved) { #if _WIN32 if (fSessionKey == NULL) return kCryptorUnknownErr; // for lack of better error BOOL result = 0; // if encrypting or decrypting not in place if (dataIn != dataOut) memcpy (dataOut, dataIn, dataLen); DWORD pdwDataLen = (DWORD) dataLen; if (encrypt) { result = CryptEncrypt ( fSessionKey, NULL, TRUE, 0, (LPBYTE) dataOut, &pdwDataLen, (DWORD) dataOutAvailable); } else { result = CryptDecrypt ( fSessionKey, NULL, TRUE, 0, (LPBYTE) dataOut, &pdwDataLen); } if (!result) return MapPlatformStatusToPSCryptorStatus (GetLastError ()); *dataOutMoved = (size_t) pdwDataLen; return kCryptorSuccess; #else CCOperation op = (encrypt ? kCCEncrypt : kCCDecrypt); CCCryptorStatus status = CCCrypt ( op, kCCAlgorithm3DES, kCCOptionPKCS7Padding, (const void *) fDerivedKey, kPBKDKeyLength, NULL, dataIn, dataLen, dataOut, dataOutAvailable, dataOutMoved); if (status == kCCSuccess) return kCryptorSuccess; return MapPlatformStatusToPSCryptorStatus (status); #endif }