int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
{
int ret;
if (c->cipher->set_asn1_parameters != NULL)
ret = c->cipher->set_asn1_parameters(c, type);
else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
switch (EVP_CIPHER_CTX_mode(c)) {
case EVP_CIPH_WRAP_MODE:
if (EVP_CIPHER_CTX_nid(c) == NID_id_smime_alg_CMS3DESwrap)
ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
ret = 1;
break;
case EVP_CIPH_GCM_MODE:
case EVP_CIPH_CCM_MODE:
case EVP_CIPH_XTS_MODE:
ret = -1;
break;
default:
ret = EVP_CIPHER_set_asn1_iv(c, type);
}
} else
ret = -1;
return (ret);
}
static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
struct cipher_ctx *cipher_ctx =
(struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
const struct cipher_data_st *cipher_d =
get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
/* cleanup a previous session */
if (cipher_ctx->sess.ses != 0 &&
clean_devcrypto_session(&cipher_ctx->sess) == 0)
return 0;
cipher_ctx->sess.cipher = cipher_d->devcryptoid;
cipher_ctx->sess.keylen = cipher_d->keylen;
cipher_ctx->sess.key = (void *)key;
cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE;
cipher_ctx->blocksize = cipher_d->blocksize;
if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
return 1;
}
static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
struct cipher_ctx *cipher_ctx =
(struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
const struct cipher_data_st *cipher_d =
get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
if ((cipher_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
SYSerr(SYS_F_OPEN, errno);
return 0;
}
memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
cipher_ctx->sess.cipher = cipher_d->devcryptoid;
cipher_ctx->sess.keylen = cipher_d->keylen;
cipher_ctx->sess.key = (void *)key;
cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
if (ioctl(cipher_ctx->cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
SYSerr(SYS_F_IOCTL, errno);
close(cipher_ctx->cfd);
return 0;
}
return 1;
}
STDMETHODIMP CBCipher::get_Name(BSTR *pVal)
{
if(!m_ctx.cipher)return SetErrorInfo(s_strAlgoError);
*pVal = CBString(OBJ_nid2sn(EVP_CIPHER_CTX_nid(&m_ctx))).AllocSysString();
return S_OK;
}
static int cuda_crypt(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, const unsigned char *in_arg, size_t nbytes) {
assert(in_arg && out_arg && ctx && nbytes);
size_t current=0;
int chunk;
cuda_crypt_parameters crypt = {in_arg, out_arg, nbytes, ctx, host_data, device_data_in, device_data_out};
switch(EVP_CIPHER_CTX_nid(ctx)) {
case NID_des_ecb:
case NID_des_cbc:
cuda_device_crypt = DES_cuda_crypt;
break;
case NID_bf_ecb:
case NID_bf_cbc:
cuda_device_crypt = BF_cuda_crypt;
break;
case NID_cast5_ecb:
case NID_cast5_cbc:
cuda_device_crypt = CAST_cuda_crypt;
break;
case NID_camellia_128_ecb:
case NID_camellia_128_cbc:
cuda_device_crypt = CMLL_cuda_crypt;
break;
case NID_idea_ecb:
case NID_idea_cbc:
cuda_device_crypt = IDEA_cuda_crypt;
break;
case NID_aes_128_ecb:
case NID_aes_128_cbc:
case NID_aes_192_ecb:
case NID_aes_192_cbc:
case NID_aes_256_ecb:
case NID_aes_256_cbc:
cuda_device_crypt = AES_cuda_crypt;
break;
default:
return 0;
}
while (nbytes!=current) {
chunk=(nbytes-current)/maxbytes;
if(chunk>=1) {
crypt.nbytes=maxbytes;
cuda_device_crypt(&crypt);
current+=maxbytes;
crypt.in+=maxbytes;
crypt.out+=maxbytes;
} else {
cuda_device_crypt(&crypt);
current+=(nbytes-current);
crypt.in+=(nbytes-current);
crypt.out+=(nbytes-current);
}
}
return 1;
}
/*
* call-seq:
* cipher.authenticated? -> boolean
*
* Indicated whether this Cipher instance uses an Authenticated Encryption
* mode.
*/
static VALUE
ossl_cipher_is_authenticated(VALUE self)
{
EVP_CIPHER_CTX *ctx;
int nid;
GetCipher(self, ctx);
nid = EVP_CIPHER_CTX_nid(ctx);
if (ossl_is_gcm(nid)) {
return Qtrue;
} else {
return Qfalse;
}
}
static LUA_FUNCTION(openssl_cipher_ctx_info)
{
EVP_CIPHER_CTX *ctx = CHECK_OBJECT(1, EVP_CIPHER_CTX, "openssl.evp_cipher_ctx");
lua_newtable(L);
AUXILIAR_SET(L, -1, "block_size", EVP_CIPHER_CTX_block_size(ctx), integer);
AUXILIAR_SET(L, -1, "key_length", EVP_CIPHER_CTX_key_length(ctx), integer);
AUXILIAR_SET(L, -1, "iv_length", EVP_CIPHER_CTX_iv_length(ctx), integer);
AUXILIAR_SET(L, -1, "flags", EVP_CIPHER_CTX_flags(ctx), integer);
AUXILIAR_SET(L, -1, "nid", EVP_CIPHER_CTX_nid(ctx), integer);
AUXILIAR_SET(L, -1, "type", EVP_CIPHER_CTX_mode(ctx), integer);
AUXILIAR_SET(L, -1, "mode", EVP_CIPHER_CTX_type(ctx), integer);
AUXILIAR_SETOBJECT(L, EVP_CIPHER_CTX_cipher(ctx), "openssl.evp_cipher", -1, "cipher");
return 1;
}
/*
* call-seq:
* cipher.auth_tag = string -> string
*
* Sets the authentication tag to verify the contents of the
* ciphertext. The tag must be set after calling Cipher#decrypt,
* Cipher#key= and Cipher#iv=, but before assigning the associated
* authenticated data using Cipher#auth_data= and of course, before
* decrypting any of the ciphertext. After all decryption is
* performed, the tag is verified automatically in the call to
* Cipher#final.
*/
static VALUE
ossl_cipher_set_auth_tag(VALUE self, VALUE vtag)
{
EVP_CIPHER_CTX *ctx;
int nid;
unsigned char *tag;
int tag_len;
StringValue(vtag);
tag = (unsigned char *) RSTRING_PTR(vtag);
tag_len = RSTRING_LENINT(vtag);
GetCipher(self, ctx);
nid = EVP_CIPHER_CTX_nid(ctx);
if (ossl_is_gcm(nid)) {
ossl_set_gcm_auth_tag(ctx, tag, tag_len);
} else {
ossl_raise(eCipherError, "authentication tag not supported by this cipher");
}
return vtag;
}
/*
* call-seq:
* cipher.auth_tag([ tag_len ] -> string
*
* Gets the authentication tag generated by Authenticated Encryption Cipher
* modes (GCM for example). This tag may be stored along with the ciphertext,
* then set on the decryption cipher to authenticate the contents of the
* ciphertext against changes. If the optional integer parameter +tag_len+ is
* given, the returned tag will be +tag_len+ bytes long. If the parameter is
* omitted, the maximum length of 16 bytes will be returned. For maximum
* security, the default of 16 bytes should be chosen.
*
* The tag may only be retrieved after calling Cipher#final.
*/
static VALUE
ossl_cipher_get_auth_tag(int argc, VALUE *argv, VALUE self)
{
VALUE vtag_len;
EVP_CIPHER_CTX *ctx;
int nid, tag_len;
if (rb_scan_args(argc, argv, "01", &vtag_len) == 0) {
tag_len = 16;
} else {
tag_len = NUM2INT(vtag_len);
}
GetCipher(self, ctx);
nid = EVP_CIPHER_CTX_nid(ctx);
if (ossl_is_gcm(nid)) {
return ossl_get_gcm_auth_tag(ctx, tag_len);
} else {
ossl_raise(eCipherError, "authentication tag not supported by this cipher");
return Qnil; /* dummy */
}
}
static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
int ciphertype;
int ret;
afalg_ctx *actx;
char ciphername[ALG_MAX_SALG_NAME];
if (ctx == NULL || key == NULL) {
ALG_WARN("%s: Null Parameter\n", __func__);
return 0;
}
if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
ALG_WARN("%s: Cipher object NULL\n", __func__);
return 0;
}
actx = EVP_CIPHER_CTX_get_cipher_data(ctx);
if (actx == NULL) {
ALG_WARN("%s: Cipher data NULL\n", __func__);
return 0;
}
ciphertype = EVP_CIPHER_CTX_nid(ctx);
switch (ciphertype) {
case NID_aes_128_cbc:
strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME);
break;
default:
ALG_WARN("%s: Unsupported Cipher type %d\n", __func__, ciphertype);
return 0;
}
ciphername[ALG_MAX_SALG_NAME-1]='\0';
if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) {
ALG_WARN("%s: Unsupported IV length :%d\n", __func__,
EVP_CIPHER_CTX_iv_length(ctx));
return 0;
}
/* Setup AFALG socket for crypto processing */
ret = afalg_create_sk(actx, "skcipher", ciphername);
if (ret < 1)
return 0;
ret = afalg_set_key(actx, key, EVP_CIPHER_CTX_key_length(ctx));
if (ret < 1)
goto err;
/* Setup AIO ctx to allow async AFALG crypto processing */
if (afalg_init_aio(&actx->aio) == 0)
goto err;
# ifdef ALG_ZERO_COPY
pipe(actx->zc_pipe);
# endif
actx->init_done = MAGIC_INIT_NUM;
return 1;
err:
close(actx->sfd);
close(actx->bfd);
return 0;
}
int main(int argc, char * argv[]) {
unsigned char st[BUFFER_SIZE]; // sifrovany text
unsigned char * key; // klic pro sifrovani
unsigned char iv[EVP_MAX_IV_LENGTH]; // inicializacni vektor
unsigned char readBuffer[BUFFER_SIZE];
const char * filename = argv[1];
const char * outfilename = argv[3];
const char * keyfile = argv[2];
if(argc != 4){
fprintf(stderr, "Error shoud be: pem soubor_s_daty soubor_s_verejnym_klicem vystupni_soubor \n" );
exit(1);
}
int stLength = 0;
int tmpLength = 0;
int readlen = 0;
int keyLength = 0;
FILE * fplainin = fopen(filename,"rb");
FILE * fcyphedout = fopen(outfilename,"w+b");
EVP_PKEY * pubkey;
EVP_CIPHER_CTX ctx;
FILE * fpubkey = fopen(keyfile,"rb");
pubkey = PEM_read_PUBKEY(fpubkey, NULL, NULL, NULL); //No password protection of the key itself
fclose(fpubkey);
// printf("Reading pubkey\n");
//EVP_PKEY_CTX * ctx = EVP_PKEY_CTX_new(pubkey,NULL);
keyLength = EVP_PKEY_size(pubkey);
key = (unsigned char*) malloc(keyLength);
EVP_SealInit(&ctx,
EVP_des_cbc(),
&key, &keyLength, iv,
&pubkey,
1);
/*
printf("Key length: %d\n",keyLength);
for(int i=0 ; i < keyLength ; i++){
printf("%x",key[i]);
}
printf("\n");
*/
// printf("Seal Init\n");
int nid = EVP_CIPHER_CTX_nid(&ctx);
fwrite(&nid,sizeof(nid),1,fcyphedout);
writeData(fcyphedout,(void*)iv,EVP_MAX_IV_LENGTH);
fwrite(&keyLength,sizeof(keyLength),1,fcyphedout);
writeData(fcyphedout,(void*)key,keyLength);
printf("NID: %d\n",nid);
while((readlen =fread(readBuffer,1,BUFFER_SIZE,fplainin))!=0){
EVP_SealUpdate(&ctx, st,&stLength, readBuffer, readlen);
fwrite(st,1,stLength,fcyphedout);
// printf("Seal update\n");
}
EVP_SealFinal(&ctx, st, &tmpLength);
//printf("Seal final\n");
fwrite(st,1,tmpLength,fcyphedout);
fclose(fplainin);
fclose(fcyphedout);
/*
Encrypting end
*/
//EVP_CIPHER_CTX ctx;
free(key);
}
