/* * Decrypts a file using AES */ int AesDecrypt(Aes* aes, byte* key, int size, FILE* inFile, FILE* outFile) { RNG rng; byte iv[AES_BLOCK_SIZE]; byte* input; byte* output; byte salt[SALT_SIZE] = {0}; int i = 0; int ret = 0; int length; int aSize; fseek(inFile, 0, SEEK_END); length = ftell(inFile); fseek(inFile, 0, SEEK_SET); aSize = length; input = malloc(aSize); output = malloc(aSize); wc_InitRng(&rng); /* reads from inFile and writes whatever is there to the input array */ ret = fread(input, 1, length, inFile); if (ret == 0) { printf("Input file does not exist.\n"); return -1010; } for (i = 0; i < SALT_SIZE; i++) { /* finds salt from input message */ salt[i] = input[i]; } for (i = SALT_SIZE; i < AES_BLOCK_SIZE + SALT_SIZE; i++) { /* finds iv from input message */ iv[i - SALT_SIZE] = input[i]; } /* replicates old key if keys match */ ret = wc_PBKDF2(key, key, strlen((const char*)key), salt, SALT_SIZE, 4096, size, WC_SHA256); if (ret != 0) return -1050; /* sets key */ ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); if (ret != 0) return -1002; /* change length to remove salt/iv block from being decrypted */ length -= (AES_BLOCK_SIZE + SALT_SIZE); for (i = 0; i < length; i++) { /* shifts message: ignores salt/iv on message*/ input[i] = input[i + (AES_BLOCK_SIZE + SALT_SIZE)]; } /* decrypts the message to output based on input length + padding*/ ret = wc_AesCbcDecrypt(aes, output, input, length); if (ret != 0) return -1006; if (salt[0] != 0) { /* reduces length based on number of padded elements */ length -= output[length-1]; } /* writes output to the outFile based on shortened length */ fwrite(output, 1, length, outFile); /* closes the opened files and frees the memory*/ memset(input, 0, aSize); memset(output, 0, aSize); memset(key, 0, size); free(input); free(output); free(key); fclose(inFile); fclose(outFile); wc_FreeRng(&rng); return 0; }
/* check mcapi aes cbc */ static int check_aescbc(void) { CRYPT_AES_CTX mcAes; Aes defAes; int ret; byte out1[AES_TEST_SIZE]; byte out2[AES_TEST_SIZE]; strncpy((char*)key, "1234567890abcdefghijklmnopqrstuv", 32); strncpy((char*)iv, "1234567890abcdef", 16); /* 128 cbc encrypt */ ret = CRYPT_AES_KeySet(&mcAes, key, 16, iv, CRYPT_AES_ENCRYPTION); if (ret != 0) { printf("mcapi aes-128 key set failed\n"); return -1; } ret = wc_AesSetKey(&defAes, key, 16, iv, AES_ENCRYPTION); if (ret != 0) { printf("default aes-128 key set failed\n"); return -1; } ret = CRYPT_AES_CBC_Encrypt(&mcAes, out1, ourData, AES_TEST_SIZE); if (ret != 0) { printf("mcapi aes-128 cbc encrypt failed\n"); return -1; } wc_AesCbcEncrypt(&defAes, out2, ourData, AES_TEST_SIZE); if (memcmp(out1, out2, AES_TEST_SIZE) != 0) { printf("mcapi aes-128 cbc encrypt cmp failed\n"); return -1; } /* 128 cbc decrypt */ ret = CRYPT_AES_KeySet(&mcAes, key, 16, iv, CRYPT_AES_DECRYPTION); if (ret != 0) { printf("mcapi aes-128 key set failed\n"); return -1; } ret = wc_AesSetKey(&defAes, key, 16, iv, DES_DECRYPTION); if (ret != 0) { printf("default aes-128 key set failed\n"); return -1; } ret = CRYPT_AES_CBC_Decrypt(&mcAes, out2, out1, AES_TEST_SIZE); if (ret != 0) { printf("mcapi aes-128 cbc decrypt failed\n"); return -1; } wc_AesCbcDecrypt(&defAes, out1, out1, AES_TEST_SIZE); if (memcmp(out1, out2, AES_TEST_SIZE) != 0) { printf("mcapi aes-128 cbc decrypt cmp failed\n"); return -1; } if (memcmp(out1, ourData, AES_TEST_SIZE) != 0) { printf("mcapi aes-128 cbc decrypt orig cmp failed\n"); return -1; } /* 192 cbc encrypt */ ret = CRYPT_AES_KeySet(&mcAes, key, 24, iv, CRYPT_AES_ENCRYPTION); if (ret != 0) { printf("mcapi aes-192 key set failed\n"); return -1; } ret = wc_AesSetKey(&defAes, key, 24, iv, AES_ENCRYPTION); if (ret != 0) { printf("default aes-192 key set failed\n"); return -1; } ret = CRYPT_AES_CBC_Encrypt(&mcAes, out1, ourData, AES_TEST_SIZE); if (ret != 0) { printf("mcapi aes-192 cbc encrypt failed\n"); return -1; } wc_AesCbcEncrypt(&defAes, out2, ourData, AES_TEST_SIZE); if (memcmp(out1, out2, AES_TEST_SIZE) != 0) { printf("mcapi aes-192 cbc encrypt cmp failed\n"); return -1; } /* 192 cbc decrypt */ ret = CRYPT_AES_KeySet(&mcAes, key, 24, iv, CRYPT_AES_DECRYPTION); if (ret != 0) { printf("mcapi aes-192 key set failed\n"); return -1; } ret = wc_AesSetKey(&defAes, key, 24, iv, AES_DECRYPTION); if (ret != 0) { printf("default aes-192 key set failed\n"); return -1; } ret = CRYPT_AES_CBC_Decrypt(&mcAes, out2, out1, AES_TEST_SIZE); if (ret != 0) { printf("mcapi aes-192 cbc decrypt failed\n"); return -1; } wc_AesCbcDecrypt(&defAes, out1, out1, AES_TEST_SIZE); if (memcmp(out1, out2, AES_TEST_SIZE) != 0) { printf("mcapi aes-192 cbc decrypt cmp failed\n"); return -1; } if (memcmp(out1, ourData, AES_TEST_SIZE) != 0) { printf("mcapi aes-192 cbc decrypt orig cmp failed\n"); return -1; } /* 256 cbc encrypt */ ret = CRYPT_AES_KeySet(&mcAes, key, 32, iv, CRYPT_AES_ENCRYPTION); if (ret != 0) { printf("mcapi aes-256 key set failed\n"); return -1; } ret = wc_AesSetKey(&defAes, key, 32, iv, AES_ENCRYPTION); if (ret != 0) { printf("default aes-256 key set failed\n"); return -1; } ret = CRYPT_AES_CBC_Encrypt(&mcAes, out1, ourData, AES_TEST_SIZE); if (ret != 0) { printf("mcapi aes-256 cbc encrypt failed\n"); return -1; } wc_AesCbcEncrypt(&defAes, out2, ourData, AES_TEST_SIZE); if (memcmp(out1, out2, AES_TEST_SIZE) != 0) { printf("mcapi aes-256 cbc encrypt cmp failed\n"); return -1; } /* 256 cbc decrypt */ ret = CRYPT_AES_KeySet(&mcAes, key, 32, iv, CRYPT_AES_DECRYPTION); if (ret != 0) { printf("mcapi aes-256 key set failed\n"); return -1; } ret = wc_AesSetKey(&defAes, key, 32, iv, AES_DECRYPTION); if (ret != 0) { printf("default aes-256 key set failed\n"); return -1; } ret = CRYPT_AES_CBC_Decrypt(&mcAes, out2, out1, AES_TEST_SIZE); if (ret != 0) { printf("mcapi aes-256 cbc decrypt failed\n"); return -1; } wc_AesCbcDecrypt(&defAes, out1, out1, AES_TEST_SIZE); if (memcmp(out1, out2, AES_TEST_SIZE) != 0) { printf("mcapi aes-256 cbc decrypt cmp failed\n"); return -1; } if (memcmp(out1, ourData, AES_TEST_SIZE) != 0) { printf("mcapi aes-256 cbc decrypt orig cmp failed\n"); return -1; } printf("aes-cbc mcapi test passed\n"); return 0; }