gchar* remmina_crypt_decrypt(const gchar *str)
{
guchar* buf;
gsize buf_len;
gcry_error_t err;
gcry_cipher_hd_t hd;
if (!str || str[0] == '\0')
return NULL;
if (!remmina_crypt_init(&hd))
return NULL;
buf = g_base64_decode(str, &buf_len);
err = gcry_cipher_decrypt(hd, buf, buf_len, NULL, 0);
if (err)
{
g_print("gcry_cipher_decrypt failure: %s\n", gcry_strerror(err));
g_free(buf);
gcry_cipher_close(hd);
return NULL;
}
gcry_cipher_close(hd);
/* Just in case */
buf[buf_len - 1] = '\0';
return (gchar*) buf;
}
/**
* ntfs_fek_release
*/
static void ntfs_fek_release(ntfs_fek *fek)
{
if (fek->des_gcry_cipher_hd_ptr)
gcry_cipher_close(*fek->des_gcry_cipher_hd_ptr);
gcry_cipher_close(fek->gcry_cipher_hd);
free(fek);
}
static void dCMAC(guint8 *pK, guint8 *ws, const guint8 *pN, guint16 SizeN, const guint8 *pC, guint16 SizeC)
{
gcry_cipher_hd_t cipher_hd;
guint8 *work;
guint8 *ptr;
guint16 SizeT = SizeN + SizeC;
guint16 worksize = SizeT;
/* worksize must be an integral multiple of 16 */
if (SizeT & 0xf) {
worksize += 0x10 - (worksize & 0xf);
}
work = (guint8 *)g_malloc(worksize);
if (work == NULL) {
return;
}
memcpy(work, pN, SizeN);
if (pC != NULL) {
memcpy(&work[SizeN], pC, SizeC);
}
/*
* pad the data if necessary, and XOR Q or D, depending on
* whether data was padded or not
*/
if (worksize != SizeT) {
work[SizeT] = 0x80;
for (ptr = &work[SizeT+1]; ptr < &work[worksize]; ptr++)
*ptr = 0;
ptr= &work[worksize-0x10];
BLK_XOR(ptr, instance.Q);
} else {
ptr = &work[worksize-0x10];
BLK_XOR(ptr, instance.D);
}
/* open the cipher */
if (gcry_cipher_open(&cipher_hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC,0)){/* GCRY_CIPHER_CBC_MAC)) { */
g_free(work);
return;
}
if (gcry_cipher_setkey(cipher_hd, pK, EAX_SIZEOF_KEY)) {
g_free(work);
gcry_cipher_close(cipher_hd);
return;
}
if (gcry_cipher_setiv(cipher_hd, ws, EAX_SIZEOF_KEY)) {
g_free(work);
gcry_cipher_close(cipher_hd);
return;
}
if (gcry_cipher_encrypt(cipher_hd, work, worksize, work, worksize)) {
g_free(work);
gcry_cipher_close(cipher_hd);
return;
}
memcpy(ws, ptr, EAX_SIZEOF_KEY);
g_free(work);
gcry_cipher_close(cipher_hd);
return;
}
static void CTR(const guint8 *ws, guint8 *pK, guint8 *pN, guint16 SizeN)
{
gcry_cipher_hd_t cipher_hd;
guint8 ctr[EAX_SIZEOF_KEY];
BLK_CPY(ctr, ws);
ctr[12] &= 0x7f;
ctr[14] &= 0x7f;
/* open the cipher */
if (gcry_cipher_open(&cipher_hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0)) {
return;
}
if (gcry_cipher_setkey(cipher_hd, pK, EAX_SIZEOF_KEY)) {
gcry_cipher_close(cipher_hd);
return;
}
if (gcry_cipher_setctr(cipher_hd, ctr, EAX_SIZEOF_KEY)) {
gcry_cipher_close(cipher_hd);
return;
}
if (gcry_cipher_encrypt(cipher_hd, pN, SizeN, pN, SizeN)) {
gcry_cipher_close(cipher_hd);
return;
}
gcry_cipher_close(cipher_hd);
return;
}
static void
bench_aead_decrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen,
const char *nonce, size_t noncelen)
{
gcry_cipher_hd_t hd = obj->priv;
int err;
char tag[16] = { 0, };
gcry_cipher_setiv (hd, nonce, noncelen);
gcry_cipher_final (hd);
err = gcry_cipher_decrypt (hd, buf, buflen, buf, buflen);
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_encrypt failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
err = gcry_cipher_checktag (hd, tag, sizeof (tag));
if (gpg_err_code (err) == GPG_ERR_CHECKSUM)
err = gpg_error (GPG_ERR_NO_ERROR);
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_gettag failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
}
static void
bench_gcm_decrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen)
{
gcry_cipher_hd_t hd = obj->priv;
int err;
char tag[16] = { 0, };
char nonce[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce,
0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, };
gcry_cipher_setiv (hd, nonce, sizeof (nonce));
err = gcry_cipher_decrypt (hd, buf, buflen, buf, buflen);
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_encrypt failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
err = gcry_cipher_checktag (hd, tag, sizeof (tag));
if (gpg_err_code (err) == GPG_ERR_CHECKSUM)
err = gpg_error (GPG_ERR_NO_ERROR);
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_gettag failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
}
/* destroy partner
*/
static void PianoDestroyPartner (PianoPartner_t *partner) {
free (partner->user);
free (partner->password);
free (partner->device);
free (partner->authToken);
gcry_cipher_close (partner->in);
gcry_cipher_close (partner->out);
memset (partner, 0, sizeof (*partner));
}
static void
bench_ccm_authenticate_do_bench (struct bench_obj *obj, void *buf,
size_t buflen)
{
gcry_cipher_hd_t hd = obj->priv;
int err;
char tag[8] = { 0, };
char nonce[11] = { 0x80, 0x01, };
u64 params[3];
char data = 0xff;
gcry_cipher_setiv (hd, nonce, sizeof (nonce));
/* Set CCM lengths */
params[0] = sizeof (data); /*datalen */
params[1] = buflen; /*aadlen */
params[2] = sizeof (tag);
err =
gcry_cipher_ctl (hd, GCRYCTL_SET_CCM_LENGTHS, params, sizeof (params));
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_ctl failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
err = gcry_cipher_authenticate (hd, buf, buflen);
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_authenticate failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
err = gcry_cipher_encrypt (hd, &data, sizeof (data), &data, sizeof (data));
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_encrypt failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
err = gcry_cipher_gettag (hd, tag, sizeof (tag));
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_gettag failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
}
void test_libgcrypt_serpent_ecb()
{
gcry_cipher_hd_t encctx;
gcry_cipher_open(&encctx, GCRY_CIPHER_SERPENT256, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(encctx, enckey, 32);
gcry_cipher_encrypt(encctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(encctx);
gcry_cipher_hd_t decctx;
gcry_cipher_open(&decctx, GCRY_CIPHER_SERPENT256, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(decctx, enckey, 32);
gcry_cipher_decrypt(decctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(decctx);
}
void test_libgcrypt_rijndael_ecb()
{
gcry_cipher_hd_t encctx;
gcry_cipher_open(&encctx, GCRY_CIPHER_RIJNDAEL256, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(encctx, enckey, 32);
gcry_cipher_encrypt(encctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(encctx);
gcry_cipher_hd_t decctx;
gcry_cipher_open(&decctx, GCRY_CIPHER_RIJNDAEL256, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(decctx, enckey, 32);
gcry_cipher_decrypt(decctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(decctx);
}
static int
bench_encrypt_init (struct bench_obj *obj)
{
struct bench_cipher_mode *mode = obj->priv;
gcry_cipher_hd_t hd;
int err, keylen;
obj->min_bufsize = BUF_START_SIZE;
obj->max_bufsize = BUF_END_SIZE;
obj->step_size = BUF_STEP_SIZE;
obj->num_measure_repetitions = num_measurement_repetitions;
err = gcry_cipher_open (&hd, mode->algo, mode->mode, 0);
if (err)
{
fprintf (stderr, PGM ": error opening cipher `%s'\n",
gcry_cipher_algo_name (mode->algo));
exit (1);
}
keylen = gcry_cipher_get_algo_keylen (mode->algo);
if (keylen)
{
char key[keylen];
int i;
for (i = 0; i < keylen; i++)
key[i] = 0x33 ^ (11 - i);
err = gcry_cipher_setkey (hd, key, keylen);
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_setkey failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
}
else
{
fprintf (stderr, PGM ": failed to get key length for algorithm `%s'\n",
gcry_cipher_algo_name (mode->algo));
gcry_cipher_close (hd);
exit (1);
}
obj->priv = hd;
return 0;
}
void test_libgcrypt_blowfish_ecb()
{
gcry_cipher_hd_t encctx;
gcry_cipher_open(&encctx, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(encctx, enckey, 16);
gcry_cipher_encrypt(encctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(encctx);
gcry_cipher_hd_t decctx;
gcry_cipher_open(&decctx, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(decctx, enckey, 16);
gcry_cipher_decrypt(decctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(decctx);
}
void test_libgcrypt_3des_ecb()
{
gcry_cipher_hd_t encctx;
gcry_cipher_open(&encctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(encctx, enckey, 24);
gcry_cipher_encrypt(encctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(encctx);
gcry_cipher_hd_t decctx;
gcry_cipher_open(&decctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(decctx, enckey, 24);
gcry_cipher_decrypt(decctx, buffer, bufferlen, buffer, bufferlen);
gcry_cipher_close(decctx);
}
/**
* ntfs_des_test
*/
static BOOL ntfs_des_test(void)
{
const u8 known_des_key[8] = {
0x27, 0xd1, 0x93, 0x09, 0xcb, 0x78, 0x93, 0x1f
};
const u8 known_des_encrypted_data[8] = {
0xdc, 0xf7, 0x68, 0x2a, 0xaf, 0x48, 0x53, 0x0f
};
const u8 known_decrypted_data[8] = {
0xd8, 0xd9, 0x15, 0x23, 0x5b, 0x88, 0x0e, 0x09
};
u8 test_decrypted_data[8];
int res;
gcry_error_t err;
gcry_cipher_hd_t gcry_cipher_hd;
err = gcry_cipher_open(&gcry_cipher_hd, GCRY_CIPHER_DES,
GCRY_CIPHER_MODE_ECB, 0);
if (err != GPG_ERR_NO_ERROR) {
ntfs_log_error("Failed to open des cipher (error 0x%x).\n",
err);
return FALSE;
}
err = gcry_cipher_setkey(gcry_cipher_hd, known_des_key,
sizeof(known_des_key));
if (err != GPG_ERR_NO_ERROR) {
ntfs_log_error("Failed to set des key (error 0x%x.\n", err);
gcry_cipher_close(gcry_cipher_hd);
return FALSE;
}
/*
* Apply DES decryption (ntfs actually uses encryption when decrypting).
*/
err = gcry_cipher_encrypt(gcry_cipher_hd, test_decrypted_data,
sizeof(test_decrypted_data), known_des_encrypted_data,
sizeof(known_des_encrypted_data));
gcry_cipher_close(gcry_cipher_hd);
if (err) {
ntfs_log_error("Failed to des decrypt test data (error "
"0x%x).\n", err);
return FALSE;
}
res = !memcmp(test_decrypted_data, known_decrypted_data,
sizeof(known_decrypted_data));
ntfs_log_error("Testing whether des decryption works: %s\n",
res ? "SUCCESS" : "FAILED");
return res;
}
static gboolean remmina_crypt_init(gcry_cipher_hd_t *phd)
{
guchar* secret;
gcry_error_t err;
gsize secret_len;
secret = g_base64_decode(remmina_pref.secret, &secret_len);
if (secret_len < 32)
{
g_print("secret corrupted\n");
g_free(secret);
return FALSE;
}
err = gcry_cipher_open(phd, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
if (err)
{
g_print("gcry_cipher_open failure: %s\n", gcry_strerror(err));
g_free(secret);
return FALSE;
}
err = gcry_cipher_setkey((*phd), secret, 24);
if (err)
{
g_print("gcry_cipher_setkey failure: %s\n", gcry_strerror(err));
g_free(secret);
gcry_cipher_close((*phd));
return FALSE;
}
err = gcry_cipher_setiv((*phd), secret + 24, 8);
if (err)
{
g_print("gcry_cipher_setiv failure: %s\n", gcry_strerror(err));
g_free(secret);
gcry_cipher_close((*phd));
return FALSE;
}
g_free(secret);
return TRUE;
}
static gboolean
gst_hls_demux_decrypt_start (GstHLSDemux * demux, const guint8 * key_data,
const guint8 * iv_data)
{
gcry_error_t err = 0;
gboolean ret = FALSE;
err =
gcry_cipher_open (&demux->aes_ctx, GCRY_CIPHER_AES128,
GCRY_CIPHER_MODE_CBC, 0);
if (err)
goto out;
err = gcry_cipher_setkey (demux->aes_ctx, key_data, 16);
if (err)
goto out;
err = gcry_cipher_setiv (demux->aes_ctx, iv_data, 16);
if (!err)
ret = TRUE;
out:
if (!ret)
if (demux->aes_ctx)
gcry_cipher_close (demux->aes_ctx);
return ret;
}
extern void io_release(IO_HANDLE ptr)
{
io_private_t *io_ptr = ptr;
if (!io_ptr)
return (errno = EBADF , (void)NULL);
if (io_ptr->buffer_crypt)
{
if (io_ptr->buffer_crypt->stream)
gcry_free(io_ptr->buffer_crypt->stream);
gcry_free(io_ptr->buffer_crypt);
}
if (io_ptr->buffer_ecc)
{
if (io_ptr->buffer_ecc->stream)
free(io_ptr->buffer_ecc->stream);
free(io_ptr->buffer_ecc);
}
if (io_ptr->cipher_init)
gcry_cipher_close(io_ptr->cipher_handle);
if (io_ptr->hash_init)
gcry_md_close(io_ptr->hash_handle);
if (io_ptr->lzma_init)
lzma_end(&io_ptr->lzma_handle);
gcry_free(io_ptr);
io_ptr = NULL;
return;
}
static void
encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
{
gcry_cipher_hd_t hd;
byte buf[33];
assert ( dek->keylen <= 32 );
if (!*seskey)
{
*seskey=xmalloc_clear(sizeof(DEK));
(*seskey)->keylen=dek->keylen;
(*seskey)->algo=dek->algo;
make_session_key(*seskey);
/*log_hexdump( "thekey", c->key, c->keylen );*/
}
/* The encrypted session key is prefixed with a one-octet algorithm id. */
buf[0] = (*seskey)->algo;
memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen );
/* We only pass already checked values to the following fucntion,
thus we consider any failure as fatal. */
if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
BUG ();
if (gcry_cipher_setkey (hd, dek->key, dek->keylen))
BUG ();
gcry_cipher_setiv (hd, NULL, 0);
gcry_cipher_encrypt (hd, buf, (*seskey)->keylen + 1, NULL, 0);
gcry_cipher_close (hd);
memcpy( enckey, buf, (*seskey)->keylen + 1 );
wipememory( buf, sizeof buf ); /* burn key */
}
Gc_rc
gc_cipher_close (gc_cipher_handle handle)
{
gcry_cipher_close (handle);
return GC_OK;
}
static void
bench_encrypt_free (struct bench_obj *obj)
{
gcry_cipher_hd_t hd = obj->priv;
gcry_cipher_close (hd);
}
int init_decrypt_ctx(struct decrypt_ctx *ctx, struct psafe3_pro *pro,
struct safe_sec *sec)
{
gcry_error_t gerr;
assert(ctx != NULL);
assert(pro != NULL);
assert(sec != NULL);
gerr = gcry_cipher_open(&ctx->cipher, GCRY_CIPHER_TWOFISH,
GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE);
if (gerr != GPG_ERR_NO_ERROR) goto err_cipher;
ctx->gerr = gcry_cipher_setkey(ctx->cipher, sec->rand_k, 32);
if (gerr != GPG_ERR_NO_ERROR) goto err_cipher;
ctx->gerr = gcry_cipher_setiv(ctx->cipher, pro->iv, 16);
if (gerr != GPG_ERR_NO_ERROR) goto err_cipher;
gerr = gcry_md_open(&ctx->hmac, GCRY_MD_SHA256,
GCRY_MD_FLAG_SECURE|GCRY_MD_FLAG_HMAC);
if (gerr != GPG_ERR_NO_ERROR) goto err_hmac;
gerr = gcry_md_setkey(ctx->hmac, sec->rand_l, 32);
if (gerr != GPG_ERR_NO_ERROR) goto err_hmac;
return 0;
err_hmac:
gcry_cipher_close(ctx->cipher);
err_cipher:
ctx->gerr = gerr;
return -1;
}
static int
doDecrypt(FILE *logfp, FILE *eifp, FILE *outfp)
{
off64_t blkEnd;
off64_t currOffs = 0;
int r = 1;
int fd;
struct stat buf;
while(1) {
/* process block */
if(initCrypt(eifp) != 0)
goto done;
/* set blkEnd to size of logfp and proceed. */
if((fd = fileno(logfp)) == -1) {
r = -1;
goto done;
}
if((r = fstat(fd, &buf)) != 0) goto done;
blkEnd = buf.st_size;
r = eiGetEND(eifp, &blkEnd);
if(r != 0 && r != 1) goto done;
decryptBlock(logfp, outfp, blkEnd, &currOffs);
gcry_cipher_close(gcry_chd);
}
r = 0;
done: return r;
}
int aes_ctr (char* key, int keyLength, char* inFile, long fileLength, char*
ctrInit, int blockLength,
char** outFile){
gcry_error_t err;
gcry_cipher_hd_t aeshd;
err = gcry_cipher_open(&aeshd, GCRY_CIPHER_AES256,
GCRY_CIPHER_MODE_CTR,
GCRY_CIPHER_SECURE);
if(err){return CIPHER_OPEN_ERROR;}
err = gcry_cipher_setkey(aeshd, key, keyLength);
if(err){return CIPHER_SETKEY_ERROR;}
err = gcry_cipher_setctr(aeshd, ctrInit, blockLength);
if(err){return CIPHER_SETCTR_ERROR;}
*outFile = (char*)(malloc(fileLength * sizeof(char)));
DPRINT("going to enc/dec now\n");
err = gcry_cipher_encrypt(aeshd, *outFile, fileLength, inFile, fileLength);
if(err){return CIPHER_ENCRYPT_ERROR;}
DPRINT("done with enc/dec\n");
gcry_cipher_close(aeshd);
return NONE;
}
/**
* @brief Decipher a buffer using AES-128 with CBC.
*/
int crypt_aes_dec(crypt_context_t *context, char *encBuffer, char *outBuffer, unsigned int buffLen, char *iniVector) {
int rv;
ASSERT(context, rv, CRYPT_FAILED, "crypt_aes_dec: Argument is NULL.\n");
ASSERT(encBuffer, rv, CRYPT_FAILED, "crypt_aes_dec: Argument is NULL.\n");
ASSERT(outBuffer, rv, CRYPT_FAILED, "crypt_aes_dec: Argument is NULL.\n");
ASSERT(iniVector, rv, CRYPT_FAILED, "crypt_aes_dec: Argument is NULL.\n");
ASSERT(context->initialised, rv, CRYPT_FAILED, "crypt_aes_dec: Context is not initialised.\n");
gcry_error_t gcryError;
gcry_cipher_hd_t gcryCipherHd = NULL;
size_t keyLength = gcry_cipher_get_algo_keylen(GCRY_CIPHER_AES128);
size_t blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER_AES128);
gcryError = gcry_cipher_open(&gcryCipherHd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0);
ASSERT(!gcryError, rv, CRYPT_FAILED, "crypt_aes_dec: %s: %s\n", gcry_strsource(gcryError), gcry_strerror(gcryError));
gcryError = gcry_cipher_setkey(gcryCipherHd, context->secretKey, keyLength);
ASSERT(!gcryError, rv, CRYPT_FAILED, "crypt_aes_dec: %s: %s\n", gcry_strsource(gcryError), gcry_strerror(gcryError));
gcryError = gcry_cipher_setiv(gcryCipherHd, iniVector, blkLength);
ASSERT(!gcryError, rv, CRYPT_FAILED, "crypt_aes_dec: %s: %s\n", gcry_strsource(gcryError), gcry_strerror(gcryError));
gcryError = gcry_cipher_decrypt(gcryCipherHd, outBuffer, buffLen, encBuffer, buffLen);
ASSERT(!gcryError, rv, CRYPT_FAILED, "crypt_aes_dec: %s: %s\n", gcry_strsource(gcryError), gcry_strerror(gcryError));
_err:
if(gcryCipherHd)
gcry_cipher_close(gcryCipherHd);
return rv;
}
std::string crypt_plugin::do_crypto( unsigned short len )
{
char *b, *r, *buff;
std::string out;
gcry_cipher_hd_t hand;
gcry_cipher_open( &hand, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS );
gcry_cipher_setiv( hand, NULL, 0 );
b = new char[16];
gcry_randomize( b, 16, GCRY_STRONG_RANDOM );
gcry_cipher_setkey( hand, b, 16 );
buff = new char[len];
r = new char[len+1];
gcry_randomize( r, len, GCRY_STRONG_RANDOM );
gcry_cipher_encrypt( hand, buff, len, r, len );
delete b;
memset( r, 0, len+1 );
for( unsigned int i = 0; i < len; i++ ) {
int k = 1 + (int) (92.0 * ((float)buff[i] / 256.0));
if( k < 0 )
k *= -1;
r[i] = k+34;
}
gcry_cipher_close(hand);
out = r;
delete buff;
delete r;
return out;
}
netmd_error netmd_secure_commit_track(netmd_dev_handle *dev, uint16_t track,
unsigned char* sessionkey)
{
unsigned char cmdhdr[] = {0x00, 0x10, 0x01};
unsigned char cmd[sizeof(cmdhdr) + sizeof(track) + 8];
unsigned char *buf;
gcry_cipher_hd_t handle;
unsigned char hash[8] = { 0 };
netmd_response response;
netmd_error error;
buf = cmd;
memcpy(buf, cmdhdr, sizeof(cmdhdr));
buf += sizeof(cmdhdr);
netmd_copy_word_to_buffer(&buf, track, 0);
gcry_cipher_open(&handle, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
gcry_cipher_setkey(handle, sessionkey, 8);
gcry_cipher_encrypt(handle, buf, sizeof(hash), hash, sizeof(hash));
buf += sizeof(hash);
gcry_cipher_close(handle);
error = netmd_exch_secure_msg(dev, 0x48, cmd, sizeof(cmd), &response);
netmd_check_response_bulk(&response, cmdhdr, sizeof(cmdhdr), &error);
netmd_check_response_word(&response, track, &error);
return error;
}
/****************
* Make a session key and put it into DEK
*/
void
make_session_key( DEK *dek )
{
gcry_cipher_hd_t chd;
int i, rc;
dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo);
if (openpgp_cipher_open (&chd, dek->algo, GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE
| (dek->algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC))) )
BUG();
gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM );
for (i=0; i < 16; i++ )
{
rc = gcry_cipher_setkey (chd, dek->key, dek->keylen);
if (!rc)
{
gcry_cipher_close (chd);
return;
}
if (gpg_err_code (rc) != GPG_ERR_WEAK_KEY)
BUG();
log_info(_("weak key created - retrying\n") );
/* Renew the session key until we get a non-weak key. */
gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM);
}
log_fatal (_("cannot avoid weak key for symmetric cipher; "
"tried %d times!\n"), i);
}
netmd_error netmd_secure_setup_download(netmd_dev_handle *dev,
unsigned char *contentid,
unsigned char *key_encryption_key,
unsigned char *sessionkey)
{
unsigned char cmdhdr[] = { 0x00, 0x00 };
unsigned char data[32] = { 0x01, 0x01, 0x01, 0x01 /* ... */};
unsigned char cmd[sizeof(cmdhdr) + sizeof(data)];
unsigned char iv[8] = { 0 };
gcry_cipher_hd_t handle;
netmd_response response;
netmd_error error;
memcpy(data + 4, contentid, 20);
memcpy(data + 24, key_encryption_key, 8);
gcry_cipher_open(&handle, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0);
gcry_cipher_setkey(handle, sessionkey, 8);
gcry_cipher_setiv(handle, iv, 8);
gcry_cipher_encrypt(handle, data, sizeof(data), NULL, 0);
gcry_cipher_close(handle);
memcpy(cmd, cmdhdr, sizeof(cmdhdr));
memcpy(cmd + sizeof(cmdhdr), data, 32);
error = netmd_exch_secure_msg(dev, 0x22, cmd, sizeof(cmd), &response);
netmd_check_response_bulk(&response, cmdhdr, sizeof(cmdhdr), &error);
return error;
}
static void
bench_aead_authenticate_do_bench (struct bench_obj *obj, void *buf,
size_t buflen, const char *nonce,
size_t noncelen)
{
gcry_cipher_hd_t hd = obj->priv;
int err;
char tag[16] = { 0, };
char data = 0xff;
err = gcry_cipher_setiv (hd, nonce, noncelen);
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_setiv failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
err = gcry_cipher_authenticate (hd, buf, buflen);
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_authenticate failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
gcry_cipher_final (hd);
err = gcry_cipher_encrypt (hd, &data, sizeof (data), &data, sizeof (data));
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_encrypt failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
err = gcry_cipher_gettag (hd, tag, sizeof (tag));
if (err)
{
fprintf (stderr, PGM ": gcry_cipher_gettag failed: %s\n",
gpg_strerror (err));
gcry_cipher_close (hd);
exit (1);
}
}
static int privatekey_decrypt(int algo, int mode, unsigned int key_len,
unsigned char *iv, unsigned int iv_len,
ssh_buffer data, ssh_auth_callback cb,
void *userdata,
const char *desc)
{
char passphrase[MAX_PASSPHRASE_SIZE] = {0};
unsigned char key[MAX_KEY_SIZE] = {0};
unsigned char *tmp = NULL;
gcry_cipher_hd_t cipher;
int rc = -1;
if (!algo) {
return -1;
}
if (cb) {
rc = (*cb)(desc, passphrase, MAX_PASSPHRASE_SIZE, 0, 0, userdata);
if (rc < 0) {
return -1;
}
} else if (cb == NULL && userdata != NULL) {
snprintf(passphrase, MAX_PASSPHRASE_SIZE, "%s", (char *) userdata);
}
if (passphrase_to_key(passphrase, strlen(passphrase), iv, key, key_len) < 0) {
return -1;
}
if (gcry_cipher_open(&cipher, algo, mode, 0)
|| gcry_cipher_setkey(cipher, key, key_len)
|| gcry_cipher_setiv(cipher, iv, iv_len)
|| (tmp = malloc(ssh_buffer_get_len(data) * sizeof (char))) == NULL
|| gcry_cipher_decrypt(cipher, tmp, ssh_buffer_get_len(data),
ssh_buffer_get(data), ssh_buffer_get_len(data))) {
gcry_cipher_close(cipher);
return -1;
}
memcpy(ssh_buffer_get(data), tmp, ssh_buffer_get_len(data));
SAFE_FREE(tmp);
gcry_cipher_close(cipher);
return 0;
}
