static int decrypt_token (CcnetProcessor *processor) { USE_PRIV; int hex_len, encrypted_len, token_len; char *encrypted_token = NULL; SeafileCrypt *crypt = NULL; unsigned char key[16], iv[16]; char *token = NULL; int ret = 0; /* raw data is half the length of hexidecimal */ hex_len = strlen(priv->token); if (hex_len % 2 != 0) { seaf_warning ("[check tx slave v3] invalid length of encrypted token\n"); ret = -1; goto out; } encrypted_len = hex_len / 2; encrypted_token = g_malloc (encrypted_len); hex_to_rawdata (priv->token, (unsigned char *)encrypted_token, encrypted_len); EVP_BytesToKey (EVP_aes_128_cbc(), /* cipher mode */ EVP_sha1(), /* message digest */ NULL, /* slat */ (unsigned char*)priv->session_key, strlen(priv->session_key), 1, /* iteration times */ key, /* the derived key */ iv); /* IV, initial vector */ crypt = seafile_crypt_new (1, key, iv); if (seafile_decrypt (&token, &token_len, encrypted_token, encrypted_len, crypt) < 0) { seaf_warning ("[check tx slave v3] failed to decrypt token\n"); ret = -1; goto out; } g_free (priv->token); /* we can use the decrypted data directly, since the trailing null byte is * also included when encrypting in the client */ priv->token = token; out: g_free (crypt); g_free (encrypted_token); return ret; }
static const EVP_CIPHER * typeToCIPHER(Cipher::Type t) { if(t == Cipher::TripleDES) return EVP_des_ede3_cbc(); else if(t == Cipher::AES_128) return EVP_aes_128_cbc(); else if(t == Cipher::AES_256) return EVP_aes_256_cbc(); else return 0; }
static const EVP_CIPHER* cipher_by_name(const char *name) { if (strcmp(name, "DES-CBC") == 0) { return EVP_des_cbc(); } else if (strcmp(name, "AES-128-CBC") == 0) { return EVP_aes_128_cbc(); } else if (strcmp(name, "AES-256-CBC") == 0) { return EVP_aes_256_cbc(); } else { return NULL; } }
static gboolean gst_hls_demux_decrypt_start (GstHLSDemux * demux, const guint8 * key_data, const guint8 * iv_data) { EVP_CIPHER_CTX_init (&demux->aes_ctx); if (!EVP_DecryptInit_ex (&demux->aes_ctx, EVP_aes_128_cbc (), NULL, key_data, iv_data)) return FALSE; EVP_CIPHER_CTX_set_padding (&demux->aes_ctx, 0); return TRUE; }
static const EVP_CIPHER * _wi_cipher_cipher(wi_cipher_t *cipher) { switch(cipher->type) { case WI_CIPHER_AES128: return EVP_aes_128_cbc(); case WI_CIPHER_AES192: return EVP_aes_192_cbc(); case WI_CIPHER_AES256: return EVP_aes_256_cbc(); case WI_CIPHER_BF128: return EVP_bf_cbc(); case WI_CIPHER_3DES192: return EVP_des_ede3_cbc(); } return NULL; }
int decrypt_and_verify_secrets(CPOR_key *key, unsigned char *input, size_t input_len, unsigned char *plaintext, size_t *plaintext_len, unsigned char *authenticator, size_t authenticator_len) { EVP_CIPHER_CTX ctx; EVP_CIPHER *cipher = NULL; unsigned char mac[EVP_MAX_MD_SIZE]; size_t mac_size = EVP_MAX_MD_SIZE; int len; if(!key || !key->k_enc || !key->k_mac || !input || !input_len || !plaintext || !plaintext_len || !authenticator || !authenticator_len) return 0; OpenSSL_add_all_algorithms(); memset(mac, 0, mac_size); /* Verify the HMAC-SHA1 */ if(!HMAC(EVP_sha1(), key->k_mac, key->k_mac_size, input, input_len, mac, (unsigned int *)&mac_size)) goto cleanup; if(authenticator_len != mac_size) goto cleanup; if(memcmp(mac, authenticator, mac_size) != 0) goto cleanup; EVP_CIPHER_CTX_init(&ctx); switch(key->k_enc_size) { case 16: cipher = (EVP_CIPHER *)EVP_aes_128_cbc(); break; case 24: cipher = (EVP_CIPHER *)EVP_aes_192_cbc(); break; case 32: cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); break; default: return 0; } if(!EVP_DecryptInit(&ctx, cipher, key->k_enc, NULL)) goto cleanup; *plaintext_len = 0; if(!EVP_DecryptUpdate(&ctx, plaintext, (int *)plaintext_len, input, input_len)) goto cleanup; EVP_DecryptFinal(&ctx, plaintext + *plaintext_len, &len); *plaintext_len += len; EVP_CIPHER_CTX_cleanup(&ctx); return 1; cleanup: *plaintext_len = 0; return 0; }
void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher, const char *name, const char *unused, void *arg), void *arg) { callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg); callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg); callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg); callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg); callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg); callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg); callback(EVP_aes_256_ecb(), "AES-256-ECB", NULL, arg); callback(EVP_aes_256_ofb(), "AES-256-OFB", NULL, arg); callback(EVP_aes_256_xts(), "AES-256-XTS", NULL, arg); callback(EVP_des_cbc(), "DES-CBC", NULL, arg); callback(EVP_des_ecb(), "DES-ECB", NULL, arg); callback(EVP_des_ede(), "DES-EDE", NULL, arg); callback(EVP_des_ede_cbc(), "DES-EDE-CBC", NULL, arg); callback(EVP_des_ede3_cbc(), "DES-EDE3-CBC", NULL, arg); callback(EVP_rc2_cbc(), "RC2-CBC", NULL, arg); callback(EVP_rc4(), "RC4", NULL, arg); // OpenSSL returns everything twice, the second time in lower case. callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg); callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg); callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg); callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg); callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg); callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg); callback(EVP_aes_256_ecb(), "aes-256-ecb", NULL, arg); callback(EVP_aes_256_ofb(), "aes-256-ofb", NULL, arg); callback(EVP_aes_256_xts(), "aes-256-xts", NULL, arg); callback(EVP_des_cbc(), "des-cbc", NULL, arg); callback(EVP_des_ecb(), "des-ecb", NULL, arg); callback(EVP_des_ede(), "des-ede", NULL, arg); callback(EVP_des_ede_cbc(), "des-ede-cbc", NULL, arg); callback(EVP_des_ede3_cbc(), "des-ede3-cbc", NULL, arg); callback(EVP_rc2_cbc(), "rc2-cbc", NULL, arg); callback(EVP_rc4(), "rc4", NULL, arg); }
void *encfs_common_get_salt(char *ciphertext) { char *ctcopy = strdup(ciphertext); char *keeptr = ctcopy; int i; char *p; static encfs_common_custom_salt cs; ctcopy += 7; p = strtokm(ctcopy, "*"); cs.keySize = atoi(p); switch(cs.keySize) { case 128: cs.blockCipher = EVP_aes_128_cbc(); cs.streamCipher = EVP_aes_128_cfb(); break; case 192: cs.blockCipher = EVP_aes_192_cbc(); cs.streamCipher = EVP_aes_192_cfb(); break; case 256: default: cs.blockCipher = EVP_aes_256_cbc(); cs.streamCipher = EVP_aes_256_cfb(); break; } cs.keySize = cs.keySize / 8; p = strtokm(NULL, "*"); cs.iterations = atoi(p); p = strtokm(NULL, "*"); cs.cipher = atoi(p); p = strtokm(NULL, "*"); cs.saltLen = atoi(p); p = strtokm(NULL, "*"); for (i = 0; i < cs.saltLen; i++) cs.salt[i] = atoi16[ARCH_INDEX(p[i * 2])] * 16 + atoi16[ARCH_INDEX(p[i * 2 + 1])]; p = strtokm(NULL, "*"); cs.dataLen = atoi(p); p = strtokm(NULL, "*"); for (i = 0; i < cs.dataLen; i++) cs.data[i] = atoi16[ARCH_INDEX(p[i * 2])] * 16 + atoi16[ARCH_INDEX(p[i * 2 + 1])]; cs.ivLength = EVP_CIPHER_iv_length( cs.blockCipher ); MEM_FREE(keeptr); return (void *) &cs; }
static const EVP_CIPHER *getAesCipher(size32_t keyLen) { switch (keyLen) { case 128/8: return EVP_aes_128_cbc(); case 192/8: return EVP_aes_192_cbc(); case 256/8: return EVP_aes_256_cbc(); default: throw makeStringException(0, "Invalid AES key size, must be 128, 192 or 256 bit"); } }
int encrypt_and_authentucate_secrets(CPOR_key *key, unsigned char *input, size_t input_len, unsigned char *ciphertext, size_t *ciphertext_len, unsigned char *authenticator, size_t *authenticator_len) { EVP_CIPHER_CTX ctx; EVP_CIPHER *cipher = NULL; int len; if(!key || !key->k_enc || !key->k_mac || !input || !input_len || !ciphertext || !ciphertext_len || !authenticator || !authenticator_len) return 0; OpenSSL_add_all_algorithms(); EVP_CIPHER_CTX_init(&ctx); switch(key->k_enc_size) { case 16: cipher = (EVP_CIPHER *)EVP_aes_128_cbc(); break; case 24: cipher = (EVP_CIPHER *)EVP_aes_192_cbc(); break; case 32: cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); break; default: return 0; } //TODO: Fix the NULL IV if(!EVP_EncryptInit(&ctx, cipher, key->k_enc, NULL)) goto cleanup; *ciphertext_len = 0; if(!EVP_EncryptUpdate(&ctx, ciphertext, (int *)ciphertext_len, input, input_len)) goto cleanup; EVP_EncryptFinal(&ctx, ciphertext + *ciphertext_len, &len); *ciphertext_len += len; *authenticator_len = 0; /* Do the HMAC-SHA1 */ if(!HMAC(EVP_sha1(), key->k_mac, key->k_mac_size, ciphertext, *ciphertext_len, authenticator, (unsigned int *)authenticator_len)) goto cleanup; EVP_CIPHER_CTX_cleanup(&ctx); return 1; cleanup: *ciphertext_len = 0; *authenticator_len = 0; return 0; }
bool AES_CBC_MAC_Validate(COSE_MacMessage * pcose, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { const EVP_CIPHER * pcipher = NULL; EVP_CIPHER_CTX ctx; int cbOut; byte rgbIV[16] = { 0 }; byte rgbTag[16] = { 0 }; bool f = false; unsigned int i; switch (cbKey*8) { case 128: pcipher = EVP_aes_128_cbc(); break; case 256: pcipher = EVP_aes_256_cbc(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); } // Setup and run the OpenSSL code EVP_CIPHER_CTX_init(&ctx); CHECK_CONDITION(EVP_EncryptInit_ex(&ctx, pcipher, NULL, pbKey, rgbIV), COSE_ERR_CRYPTO_FAIL); TSize /= 8; for (i = 0; i < (unsigned int) cbAuthData / 16; i++) { CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbTag, &cbOut, pbAuthData+(i*16), 16), COSE_ERR_CRYPTO_FAIL); } if (cbAuthData % 16 != 0) { CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbTag, &cbOut, pbAuthData + (i * 16), cbAuthData % 16), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(EVP_EncryptUpdate(&ctx, rgbTag, &cbOut, rgbIV, 16 - (cbAuthData % 16)), COSE_ERR_CRYPTO_FAIL); } cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG); CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR); for (i = 0; i < (unsigned int)TSize; i++) f |= (cn->v.bytes[i] != rgbTag[i]); EVP_CIPHER_CTX_cleanup(&ctx); return !f; errorReturn: EVP_CIPHER_CTX_cleanup(&ctx); return false; }
const EVP_CIPHER * Aes128EncriptionStrategy::getType(EncriptionBlockType mode){ const EVP_CIPHER * type; switch(mode){ case CBC: type = EVP_aes_128_cbc(); break; case OFB: type = EVP_aes_128_ofb(); break; case CFB: type = EVP_aes_128_cfb8(); break; case ECB: type = EVP_aes_128_ecb(); break; } return type; }
int decrypt(char *message, uint32_t message_size, char *password, char *plaintext){ EVP_CIPHER_CTX *ctx; int len; int plaintext_len; char key[KEY_SIZE_BYTES]; int status = generateKey(password, SALT, key); if(!status){ return -1; } const char *ciphertext = getEncryptedBody(message); /* Create and initialise the context */ if(!(ctx = EVP_CIPHER_CTX_new())){ return -1; } /* Initialise the decryption operation. IMPORTANT - ensure you use a key * and IV size appropriate for your cipher * In this example we are using 256 bit AES (i.e. a 256 bit key). The * IV size for *most* modes is the same as the block size. For AES this * is 128 bits */ if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, (unsigned char *) key, (unsigned char *) message)){ return -1; } /* Provide the message to be decrypted, and obtain the plaintext output. * EVP_DecryptUpdate can be called multiple times if necessary */ if(1 != EVP_DecryptUpdate(ctx, (unsigned char *) plaintext, &len, (unsigned char *) ciphertext, message_size - IV_SIZE_BYTES)){ return -1; } plaintext_len = len; /* Finalise the decryption. Further plaintext bytes may be written at * this stage. */ if(1 != EVP_DecryptFinal_ex(ctx, (unsigned char *) plaintext + len, &len)){ return -1; } plaintext_len += len; /* Clean up */ EVP_CIPHER_CTX_free(ctx); return plaintext_len; }
int aes_init (crypt_data_t* crypt_data, crypt_init_t crypt_init) { const EVP_CIPHER* cipher = 0; switch (crypt_data->keysize) { case 16: cipher = EVP_aes_128_cbc (); break; case 24: cipher = EVP_aes_192_cbc (); break; case 32: cipher = EVP_aes_256_cbc (); break; default: fprintf (stderr, "Invalid key size.\n"); return -1; } EVP_CIPHER_CTX_init (&crypt_data->ctx); if (!crypt_init (&crypt_data->ctx, cipher, NULL, crypt_data->keybuf, crypt_data->ivbuf)) { fprintf (stderr, "OpenSSL initialization failed.\n"); return 1; } if (verbose) { fprintf (stderr, "EVP Initialized\n Algorithm: %s\n", EVP_CIPHER_name (EVP_CIPHER_CTX_cipher (&crypt_data->ctx))); fprintf (stderr, " IV: "); pp_buf (stderr, crypt_data->ivbuf, crypt_data->ivsize, 16, 2); fprintf (stderr, " Key: "); pp_buf (stderr, crypt_data->keybuf, crypt_data->keysize, 16, 2); } crypt_data->buf_size = INBUFSIZE; crypt_data->out_buf = (char*)malloc (crypt_data->buf_size + EVP_CIPHER_CTX_block_size (&crypt_data->ctx)); crypt_data->in_buf = (char*)malloc (crypt_data->buf_size); if (!crypt_data->out_buf || !crypt_data->in_buf) { fprintf (stderr, "Unable to allocate memory.\n"); return 1; } return 0; }
/* token -> AES encrypt with session key -> rawdata_to_hex -> output */ static char * encrypt_token (CcnetProcessor *processor, const char *token) { CcnetPeer *peer = NULL; char *enc_out = NULL; SeafileCrypt *crypt = NULL; unsigned char key[16], iv[16]; int len; char *output = NULL; if (!token) goto out; peer = ccnet_get_peer(seaf->ccnetrpc_client, processor->peer_id); if (!peer || !peer->session_key) { seaf_warning ("[check tx v3] peer or peer session key not exist\n"); goto out; } EVP_BytesToKey (EVP_aes_128_cbc(), /* cipher mode */ EVP_sha1(), /* message digest */ NULL, /* slat */ (unsigned char*)peer->session_key, strlen(peer->session_key), 1, /* iteration times */ key, /* the derived key */ iv); /* IV, initial vector */ crypt = seafile_crypt_new (CURRENT_ENC_VERSION, key, iv); /* encrypt the token with session key, including the trailing null byte */ if (seafile_encrypt (&enc_out, &len, token, strlen(token) + 1, crypt) < 0) { seaf_warning ("[check tx v3] failed to encrypt token\n"); goto out; } output = g_malloc (len * 2 + 1); rawdata_to_hex ((unsigned char *)enc_out, output, len); output[len * 2] = '\0'; out: g_free (crypt); g_free (enc_out); if (peer) g_object_unref(peer); return output; }
int AesFileEnc::do_crypt(FILE *in, FILE *out, int do_encrypt, unsigned char* key) { /* Allow enough space in output buffer for additional block */ unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; int inlen, outlen; EVP_CIPHER_CTX ctx; std::cout << "tutaj"; // std::cout <<key<<std::endl; //unsigned char key[] = "0123456789abcdeF"; std::cout <<key<< std::endl; //unsigned char iv[] = "1234567887654321"; EVP_CIPHER_CTX_init(&ctx); EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, do_encrypt); unsigned char *iv = this->iv(EVP_CIPHER_CTX_iv_length(&ctx)); std::cout<< this->keyLength << std::endl; std::cout<< EVP_CIPHER_CTX_iv_length(&ctx) <<std::endl; OPENSSL_assert(EVP_CIPHER_CTX_key_length(&ctx) == this->keyLength); //OPENSSL_assert(EVP_CIPHER_CTX_iv_length(&ctx) == this->keyLength); EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt); for(;;) { inlen = fread(inbuf, 1, 1024, in); if(inlen <= 0) break; if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) { EVP_CIPHER_CTX_cleanup(&ctx); return 0; } fwrite(outbuf, 1, outlen, out); } if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) { EVP_CIPHER_CTX_cleanup(&ctx); return 0; } fwrite(outbuf, 1, outlen, out); EVP_CIPHER_CTX_cleanup(&ctx); return 1; }
/* * AES libcrypto */ static int sb_aes_init(struct sb_image_ctx *ictx, uint8_t *iv, int enc) { EVP_CIPHER_CTX *ctx = &ictx->cipher_ctx; int ret; /* If there is no init vector, init vector is all zeroes. */ if (!iv) iv = ictx->image_key; EVP_CIPHER_CTX_init(ctx); ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), ictx->image_key, iv, enc); if (ret == 1) EVP_CIPHER_CTX_set_padding(ctx, 0); return ret; }
explicit Cipher(Name name = N_AES128_CBC) : cipher_(0) { EVP_CIPHER_CTX_init(&ctx_); switch (name) { case N_AES128_CBC: cipher_ = EVP_aes_128_cbc(); break; case N_AES192_CBC: cipher_ = EVP_aes_192_cbc(); break; case N_AES256_CBC: cipher_ = EVP_aes_256_cbc(); break; case N_AES128_ECB: cipher_ = EVP_aes_128_ecb(); break; case N_AES192_ECB: cipher_ = EVP_aes_192_ecb(); break; case N_AES256_ECB: cipher_ = EVP_aes_256_ecb(); break; default: throw cybozu::Exception("crypto:Cipher:Cipher:name") << (int)name; } }
char* decryptToArray(FILE *ifp,char ckey[], char ivec[]) { fseek(ifp, 0L, SEEK_END); int fsize = ftell(ifp); fseek(ifp, 0L, SEEK_SET); int outLen1 = 0; int outLen2 = 0; unsigned char *indata = malloc(fsize); unsigned char *outdata = malloc(fsize); fread(indata,sizeof(char),fsize, ifp);//Read Entire File EVP_CIPHER_CTX ctx; EVP_DecryptInit(&ctx,EVP_aes_128_cbc(),ckey,ivec); EVP_DecryptUpdate(&ctx,outdata,&outLen1,indata,fsize); EVP_DecryptFinal(&ctx,outdata + outLen1,&outLen2); return(outdata); }
/** Get cipher by name constants. * @param cipher cipher name * @return cipher engine */ const EVP_CIPHER * cipher_by_name(const char *cipher) { if (strcmp(cipher, LN_aes_128_ecb) == 0) { return EVP_aes_128_ecb(); } else if (strcmp(cipher, LN_aes_128_cbc) == 0) { return EVP_aes_128_cbc(); } else if (strcmp(cipher, LN_aes_256_ecb) == 0) { return EVP_aes_256_ecb(); } else if (strcmp(cipher, LN_aes_256_cbc) == 0) { return EVP_aes_256_cbc(); } else { throw std::runtime_error("Unknown cipher type"); } }
/* convert SSH v2 key in OpenSSL PEM format */ static int sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, const char *_passphrase, const char *comment) { int success, r; int blen, len = strlen(_passphrase); u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; const u_char *bptr; BIO *bio = NULL; if (len > 0 && len <= 4) return SSH_ERR_PASSPHRASE_TOO_SHORT; if ((bio = BIO_new(BIO_s_mem())) == NULL) return SSH_ERR_ALLOC_FAIL; switch (key->type) { case KEY_DSA: success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, cipher, passphrase, len, NULL, NULL); break; case KEY_ECDSA: success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa, cipher, passphrase, len, NULL, NULL); break; case KEY_RSA: success = PEM_write_bio_RSAPrivateKey(bio, key->rsa, cipher, passphrase, len, NULL, NULL); break; default: success = 0; break; } if (success == 0) { r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) { r = SSH_ERR_INTERNAL_ERROR; goto out; } if ((r = sshbuf_put(blob, bptr, blen)) != 0) goto out; r = 0; out: BIO_free(bio); return r; }
vod_status_t aes_cbc_encrypt_init( aes_cbc_encrypt_context_t** context, request_context_t* request_context, write_callback_t callback, void* callback_context, const u_char* key, const u_char* iv) { aes_cbc_encrypt_context_t* state; vod_pool_cleanup_t *cln; state = vod_alloc(request_context->pool, sizeof(*state)); if (state == NULL) { vod_log_debug0(VOD_LOG_DEBUG_LEVEL, request_context->log, 0, "aes_cbc_encrypt_init: vod_alloc failed"); return VOD_ALLOC_FAILED; } cln = vod_pool_cleanup_add(request_context->pool, 0); if (cln == NULL) { vod_log_debug0(VOD_LOG_DEBUG_LEVEL, request_context->log, 0, "aes_cbc_encrypt_init: vod_pool_cleanup_add failed"); return VOD_ALLOC_FAILED; } cln->handler = (vod_pool_cleanup_pt)aes_cbc_encrypt_cleanup; cln->data = state; state->callback = callback; state->callback_context = callback_context; state->request_context = request_context; EVP_CIPHER_CTX_init(&state->cipher); if (1 != EVP_EncryptInit_ex(&state->cipher, EVP_aes_128_cbc(), NULL, key, iv)) { vod_log_error(VOD_LOG_ERR, request_context->log, 0, "aes_cbc_encrypt_init: EVP_EncryptInit_ex failed"); return VOD_ALLOC_FAILED; } *context = state; return VOD_OK; }
/* CMAC-AES128: generate hash of known digest value and compare to known precomputed correct hash */ static int FIPS_cmac_aes128_test() { unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6, 0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, }; unsigned char data[] = "Sample text"; unsigned char kaval[EVP_MAX_MD_SIZE] = { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23, 0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, }; unsigned char *out = NULL; size_t outlen; CMAC_CTX *ctx = CMAC_CTX_new(); int r = 0; ERR_clear_error(); if (!ctx) goto end; if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL)) goto end; if (!CMAC_Update(ctx,data,sizeof(data)-1)) goto end; /* This should return 1. If not, there's a programming error... */ if (!CMAC_Final(ctx, out, &outlen)) goto end; out = OPENSSL_malloc(outlen); if (!CMAC_Final(ctx, out, &outlen)) goto end; #if 0 { char *hexout = OPENSSL_malloc(outlen * 2 + 1); bin2hex(out, outlen, hexout); printf("CMAC-AES128: res = %s\n", hexout); OPENSSL_free(hexout); } r = 1; #else if (!memcmp(out,kaval,outlen)) r = 1; #endif end: CMAC_CTX_free(ctx); if (out) OPENSSL_free(out); return r; }
static void evp_cipher_init(struct ssh_cipher_struct *cipher) { if (cipher->ctx == NULL) { cipher->ctx = EVP_CIPHER_CTX_new(); } switch(cipher->ciphertype){ case SSH_AES128_CBC: cipher->cipher = EVP_aes_128_cbc(); break; case SSH_AES192_CBC: cipher->cipher = EVP_aes_192_cbc(); break; case SSH_AES256_CBC: cipher->cipher = EVP_aes_256_cbc(); break; #ifdef HAVE_OPENSSL_EVP_AES_CTR case SSH_AES128_CTR: cipher->cipher = EVP_aes_128_ctr(); break; case SSH_AES192_CTR: cipher->cipher = EVP_aes_192_ctr(); break; case SSH_AES256_CTR: cipher->cipher = EVP_aes_256_ctr(); break; #else case SSH_AES128_CTR: case SSH_AES192_CTR: case SSH_AES256_CTR: SSH_LOG(SSH_LOG_WARNING, "This cipher is not available in evp_cipher_init"); break; #endif case SSH_3DES_CBC: cipher->cipher = EVP_des_ede3_cbc(); break; case SSH_BLOWFISH_CBC: cipher->cipher = EVP_bf_cbc(); break; /* ciphers not using EVP */ case SSH_3DES_CBC_SSH1: case SSH_DES_CBC_SSH1: SSH_LOG(SSH_LOG_WARNING, "This cipher should not use evp_cipher_init"); break; case SSH_NO_CIPHER: SSH_LOG(SSH_LOG_WARNING, "No valid ciphertype found"); break; } }
bool crypt_openssl::decode(unsigned char *datain, int lenin, unsigned char *dataout, int lenout) { EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL); OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16); OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv); if(!EVP_DecryptUpdate(ctx, dataout, &lenout, datain, lenin)) { return false; } if(!EVP_EncryptFinal_ex(ctx, dataout, &lenout)) { return false; } }
SSH2Encryption::SSH2Encryption(const QString & algorithm) { m_ctx = EVP_CIPHER_CTX_new(); if (algorithm == "aes128-cbc") { m_ivLen = 16; m_blockSize = 16; m_secretLen = 16; m_evptype = EVP_aes_128_cbc(); } else if (algorithm == "3des-cbc") { m_ivLen = 8; m_blockSize = 8; m_secretLen = 24; m_evptype = EVP_des_ede3_cbc(); } }
bool RarVolume::DecryptInit(int keyLength) { #ifdef HAVE_OPENSSL if (!(m_context = EVP_CIPHER_CTX_new())) return false; if (!EVP_DecryptInit((EVP_CIPHER_CTX*)m_context, keyLength == 128 ? EVP_aes_128_cbc() : EVP_aes_256_cbc(), m_decryptKey, m_decryptIV)) return false; return true; #elif defined(HAVE_NETTLE) m_context = new aes_ctx; aes_set_decrypt_key((aes_ctx*)m_context, keyLength == 128 ? 16 : 32, m_decryptKey); return true; #else return false; #endif }
static wi_boolean_t _wi_cipher_set_type(wi_cipher_t *cipher, wi_cipher_type_t type) { cipher->type = type; #ifdef WI_CIPHER_OPENSSL switch(cipher->type) { case WI_CIPHER_AES128: cipher->cipher = EVP_aes_128_cbc(); return true; case WI_CIPHER_AES192: cipher->cipher = EVP_aes_192_cbc(); return true; case WI_CIPHER_AES256: cipher->cipher = EVP_aes_256_cbc(); return true; case WI_CIPHER_BF128: cipher->cipher = EVP_bf_cbc(); return true; case WI_CIPHER_3DES192: cipher->cipher = EVP_des_ede3_cbc(); return true; default: return false; } #endif #ifdef WI_CIPHER_COMMONCRYPTO switch(cipher->type) { case WI_CIPHER_AES128: cipher->algorithm = kCCAlgorithmAES128; return true; case WI_CIPHER_3DES192: cipher->algorithm = kCCAlgorithm3DES; return true; default: return false; } #endif }
// We are doing CBC-MAC not CMAC at this time bool AES_CMAC_Validate(COSE_MacMessage * pcose, int KeySize, int TagSize, const byte * pbAuthData, int cbAuthData, cose_errback * perr) { CMAC_CTX * pctx = NULL; const EVP_CIPHER * pcipher = NULL; byte * rgbOut = NULL; size_t cbOut; bool f = false; unsigned int i; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif pctx = CMAC_CTX_new(); switch (KeySize) { case 128: pcipher = EVP_aes_128_cbc(); break; case 256: pcipher = EVP_aes_256_cbc(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break; } rgbOut = COSE_CALLOC(128/8, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(CMAC_Init(pctx, pcose->pbKey, pcose->cbKey, pcipher, NULL /*impl*/) == 1, COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(CMAC_Update(pctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(CMAC_Final(pctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL); cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG); CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR); for (i = 0; i < (unsigned int)TagSize / 8; i++) f |= (cn->v.bytes[i] != rgbOut[i]); COSE_FREE(rgbOut, context); CMAC_CTX_cleanup(pctx); CMAC_CTX_free(pctx); return !f; errorReturn: COSE_FREE(rgbOut, context); CMAC_CTX_cleanup(pctx); CMAC_CTX_free(pctx); return false; }
/** Get cipher for PB_ENCRYPTION_* constants. * @param cipher cipher ID * @return cipher engine */ const EVP_CIPHER * cipher_by_id(int cipher) { switch (cipher) { case PB_ENCRYPTION_AES_128_ECB: return EVP_aes_128_ecb(); case PB_ENCRYPTION_AES_128_CBC: return EVP_aes_128_cbc(); case PB_ENCRYPTION_AES_256_ECB: return EVP_aes_256_ecb(); case PB_ENCRYPTION_AES_256_CBC: return EVP_aes_256_cbc(); default: throw std::runtime_error("Unknown cipher type"); } }