static int des3_set3key_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
((void) key_length);
return des3_set3key_dec( (des3_context *) ctx, key );
}
int
cryDes3Decrypt(const char *sKey, int iKeyLen,
const char *sInBuf, int iInLen, char *sOutBuf, int *piOutLen)
{
unsigned char sHash[32];
unsigned char *pIV = sHash + 24;
des3_context tCtx;
if (iInLen % 8 || *piOutLen < iInLen) {
return -1;
}
*piOutLen = iInLen;
sha2((const unsigned char *)sKey, iKeyLen, sHash, 0);
des3_set3key_dec(&tCtx, sHash);
if (des3_crypt_cbc(&tCtx, DES_DECRYPT, iInLen, pIV,
(const unsigned char *)sInBuf,
(unsigned char *)sOutBuf) != 0) {
return -2;
}
return 0;
}
int
cryDes3UtilDecrypt(const char *sInBuf, int iInLen, char *sOutBuf, int *piOutLen,
const char sKey[24])
{
des3_context tCtx;
if (*piOutLen < (iInLen / 8 + (iInLen % 8 == 0 ? 0 : 1)) * 8)
return -1;
des3_set3key_dec(&tCtx, (unsigned char *)sKey);
*piOutLen = 0;
while (iInLen > 0) {
if (iInLen >= 8)
des3_crypt_ecb(&tCtx, (unsigned char *)sInBuf + *piOutLen,
(unsigned char *)sOutBuf + *piOutLen);
else {
memcpy(sOutBuf + *piOutLen, sInBuf + *piOutLen, iInLen);
memset(sOutBuf + *piOutLen + iInLen, 0, 8 - iInLen);
des3_crypt_ecb(&tCtx, (unsigned char *)sOutBuf + *piOutLen,
(unsigned char *)sOutBuf + *piOutLen);
}
*piOutLen += 8;
iInLen = iInLen > 8 ? iInLen - 8 : 0;
}
return 0;
}
static mrb_value mrb_des3_decrypt(mrb_state *mrb, mrb_value self) {
mrb_value mode, key, source, dest, iv;
unsigned char output[100];
des3_context ctx;
mrb_int len=16;
memset(output, 0, sizeof(output));
mrb_get_args(mrb, "SSSS", &mode, &key, &source, &iv);
des3_init(&ctx);
if (RSTRING_LEN(key) == 16) {
des3_set2key_dec(&ctx, RSTRING_PTR(key));
} else if (RSTRING_LEN(key) == 24) {
des3_set3key_dec(&ctx, RSTRING_PTR(key));
} else {
des3_free(&ctx);
return mrb_nil_value();
}
if (mrb_str_cmp(mrb, mode, mrb_str_new(mrb, "CBC", 3)) == 0) {
des3_crypt_cbc(&ctx, DES_DECRYPT, RSTRING_LEN(source), RSTRING_PTR(iv),
RSTRING_PTR(source), output);
len = RSTRING_LEN(source);
} else if (mrb_str_cmp(mrb, mode, mrb_str_new(mrb, "ECB", 3)) == 0) {
des3_crypt_ecb(&ctx, RSTRING_PTR(source), output);
len = 8;
} else {
des3_free(&ctx);
return mrb_nil_value();
}
des3_free(&ctx);
return mrb_str_new(mrb, output, len);
}
int
decrypt_3DES (unsigned char *p_key_str, int len_p_key_str, unsigned char *p_src_str, unsigned char *p_iv_str, int p_len_src_str, unsigned char *output, int *len_output)
{
int ret, src_len;
unsigned char src_str[100];
unsigned char iv_str[100];
unsigned char key_str[100];
des3_context ctx;
memset(src_str, 0x00, sizeof(src_str));
memset(iv_str, 0x00, sizeof(iv_str));
memset(key_str, 0x00, sizeof(key_str));
/* Initiate seeds or initiate vector */
memcpy(iv_str, p_iv_str, 8); // -> initial seeds
/* copy all bytes master key */
memcpy(key_str, p_key_str, len_p_key_str);
/* prepare source to decrypt */
src_len = p_len_src_str;
memcpy(src_str, p_src_str, src_len);
if( len_p_key_str == 16 )
des3_set2key_dec( &ctx, key_str );
else if( len_p_key_str == 24 )
des3_set3key_dec( &ctx, key_str );
*len_output = src_len;
ret = des3_crypt_cbc( &ctx, DES_DECRYPT, src_len, iv_str, src_str, output );
if( ret == 0 )
return d_SUCCESS;
//usrInfo(infErrDecrypt3KDES);
return d_ERR;
}
int ssl_derive_keys(ssl_context * ssl)
{
size_t i;
md5_context md5;
sha1_context sha1;
uint8_t tmp[64];
uint8_t padding[16];
uint8_t sha1sum[20];
uint8_t keyblk[256];
uint8_t *key1;
uint8_t *key2;
SSL_DEBUG_MSG(2, ("=> derive keys"));
/*
* SSLv3:
* master =
* MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) +
* MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) +
* MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) )
*
* TLSv1:
* master = PRF( premaster, "master secret", randbytes )[0..47]
*/
if (ssl->resume == 0) {
size_t len = ssl->pmslen;
SSL_DEBUG_BUF(3, "premaster secret", ssl->premaster, len);
if (ssl->minor_ver == SSL_MINOR_VERSION_0) {
for (i = 0; i < 3; i++) {
memset(padding, 'A' + i, 1 + i);
sha1_starts(&sha1);
sha1_update(&sha1, padding, 1 + i);
sha1_update(&sha1, ssl->premaster, len);
sha1_update(&sha1, ssl->randbytes, 64);
sha1_finish(&sha1, sha1sum);
md5_starts(&md5);
md5_update(&md5, ssl->premaster, len);
md5_update(&md5, sha1sum, 20);
md5_finish(&md5, ssl->session->master + i * 16);
}
} else
tls1_prf(ssl->premaster, len, "master secret",
ssl->randbytes, 64, ssl->session->master, 48);
memset(ssl->premaster, 0, sizeof(ssl->premaster));
} else
SSL_DEBUG_MSG(3, ("no premaster (session resumed)"));
/*
* Swap the client and server random values.
*/
memcpy(tmp, ssl->randbytes, 64);
memcpy(ssl->randbytes, tmp + 32, 32);
memcpy(ssl->randbytes + 32, tmp, 32);
memset(tmp, 0, sizeof(tmp));
/*
* SSLv3:
* key block =
* MD5( master + SHA1( 'A' + master + randbytes ) ) +
* MD5( master + SHA1( 'BB' + master + randbytes ) ) +
* MD5( master + SHA1( 'CCC' + master + randbytes ) ) +
* MD5( master + SHA1( 'DDDD' + master + randbytes ) ) +
* ...
*
* TLSv1:
* key block = PRF( master, "key expansion", randbytes )
*/
if (ssl->minor_ver == SSL_MINOR_VERSION_0) {
for (i = 0; i < 16; i++) {
memset(padding, 'A' + i, 1 + i);
sha1_starts(&sha1);
sha1_update(&sha1, padding, 1 + i);
sha1_update(&sha1, ssl->session->master, 48);
sha1_update(&sha1, ssl->randbytes, 64);
sha1_finish(&sha1, sha1sum);
md5_starts(&md5);
md5_update(&md5, ssl->session->master, 48);
md5_update(&md5, sha1sum, 20);
md5_finish(&md5, keyblk + i * 16);
}
memset(&md5, 0, sizeof(md5));
memset(&sha1, 0, sizeof(sha1));
memset(padding, 0, sizeof(padding));
memset(sha1sum, 0, sizeof(sha1sum));
} else
tls1_prf(ssl->session->master, 48, "key expansion",
ssl->randbytes, 64, keyblk, 256);
SSL_DEBUG_MSG(3, ("cipher = %s", ssl_get_cipher(ssl)));
SSL_DEBUG_BUF(3, "master secret", ssl->session->master, 48);
SSL_DEBUG_BUF(4, "random bytes", ssl->randbytes, 64);
SSL_DEBUG_BUF(4, "key block", keyblk, 256);
memset(ssl->randbytes, 0, sizeof(ssl->randbytes));
/*
* Determine the appropriate key, IV and MAC length.
*/
switch (ssl->session->cipher) {
#if defined(TROPICSSL_ARC4)
case TLS_RSA_WITH_RC4_128_MD5:
ssl->keylen = 16;
ssl->minlen = 16;
ssl->ivlen = 0;
ssl->maclen = 16;
break;
case TLS_RSA_WITH_RC4_128_SHA:
ssl->keylen = 16;
ssl->minlen = 20;
ssl->ivlen = 0;
ssl->maclen = 20;
break;
#endif
#if defined(TROPICSSL_DES)
case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
ssl->keylen = 24;
ssl->minlen = 24;
ssl->ivlen = 8;
ssl->maclen = 20;
break;
#endif
#if defined(TROPICSSL_AES)
case TLS_RSA_WITH_AES_128_CBC_SHA:
ssl->keylen = 16;
ssl->minlen = 32;
ssl->ivlen = 16;
ssl->maclen = 20;
break;
case TLS_RSA_WITH_AES_256_CBC_SHA:
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
ssl->keylen = 32;
ssl->minlen = 32;
ssl->ivlen = 16;
ssl->maclen = 20;
break;
#endif
#if defined(TROPICSSL_CAMELLIA)
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
ssl->keylen = 16;
ssl->minlen = 32;
ssl->ivlen = 16;
ssl->maclen = 20;
break;
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
ssl->keylen = 32;
ssl->minlen = 32;
ssl->ivlen = 16;
ssl->maclen = 20;
break;
#endif
default:
SSL_DEBUG_MSG(1, ("cipher %s is not available",
ssl_get_cipher(ssl)));
return (TROPICSSL_ERR_SSL_FEATURE_UNAVAILABLE);
}
SSL_DEBUG_MSG(3, ("keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
ssl->keylen, ssl->minlen, ssl->ivlen, ssl->maclen));
/*
* Finally setup the cipher contexts, IVs and MAC secrets.
*/
if (ssl->endpoint == SSL_IS_CLIENT) {
key1 = keyblk + ssl->maclen * 2;
key2 = keyblk + ssl->maclen * 2 + ssl->keylen;
memcpy(ssl->mac_enc, keyblk, ssl->maclen);
memcpy(ssl->mac_dec, keyblk + ssl->maclen, ssl->maclen);
memcpy(ssl->iv_enc, key2 + ssl->keylen, ssl->ivlen);
memcpy(ssl->iv_dec, key2 + ssl->keylen + ssl->ivlen,
ssl->ivlen);
} else {
key1 = keyblk + ssl->maclen * 2 + ssl->keylen;
key2 = keyblk + ssl->maclen * 2;
memcpy(ssl->mac_dec, keyblk, ssl->maclen);
memcpy(ssl->mac_enc, keyblk + ssl->maclen, ssl->maclen);
memcpy(ssl->iv_dec, key1 + ssl->keylen, ssl->ivlen);
memcpy(ssl->iv_enc, key1 + ssl->keylen + ssl->ivlen,
ssl->ivlen);
}
switch (ssl->session->cipher) {
#if defined(TROPICSSL_ARC4)
case TLS_RSA_WITH_RC4_128_MD5:
case TLS_RSA_WITH_RC4_128_SHA:
arc4_setup((arc4_context *) ssl->ctx_enc, key1, ssl->keylen);
arc4_setup((arc4_context *) ssl->ctx_dec, key2, ssl->keylen);
break;
#endif
#if defined(TROPICSSL_DES)
case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
des3_set3key_enc((des3_context *) ssl->ctx_enc, key1);
des3_set3key_dec((des3_context *) ssl->ctx_dec, key2);
break;
#endif
#if defined(TROPICSSL_AES)
case TLS_RSA_WITH_AES_128_CBC_SHA:
aes_setkey_enc((aes_context *) ssl->ctx_enc, key1, 128);
aes_setkey_dec((aes_context *) ssl->ctx_dec, key2, 128);
break;
case TLS_RSA_WITH_AES_256_CBC_SHA:
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
aes_setkey_enc((aes_context *) ssl->ctx_enc, key1, 256);
aes_setkey_dec((aes_context *) ssl->ctx_dec, key2, 256);
break;
#endif
#if defined(TROPICSSL_CAMELLIA)
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
camellia_setkey_enc((camellia_context *) ssl->ctx_enc, key1,
128);
camellia_setkey_dec((camellia_context *) ssl->ctx_dec, key2,
128);
break;
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
camellia_setkey_enc((camellia_context *) ssl->ctx_enc, key1,
256);
camellia_setkey_dec((camellia_context *) ssl->ctx_dec, key2,
256);
break;
#endif
default:
return (TROPICSSL_ERR_SSL_FEATURE_UNAVAILABLE);
}
memset(keyblk, 0, sizeof(keyblk));
SSL_DEBUG_MSG(2, ("<= derive keys"));
return (0);
}
