static int FIPS_des3_test(void) { int ret = 0; unsigned char pltmp[8]; unsigned char citmp[8]; unsigned char key[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 }; unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' }; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 1) <= 0) goto err; EVP_Cipher(&ctx, citmp, plaintext, 8); if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 0) <= 0) goto err; EVP_Cipher(&ctx, pltmp, citmp, 8); if (memcmp(pltmp, plaintext, 8)) goto err; ret = 1; err: EVP_CIPHER_CTX_cleanup(&ctx); return ret; }
/* * This function decrypts a buffer using AES GCM mode * * Parameters: * c Crypto context * buf data to encrypt * enc_len length of encrypt buffer */ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf, unsigned int *enc_len) { if (c->dir != direction_encrypt && c->dir != direction_decrypt) { return (err_status_bad_param); } /* * Set the tag before decrypting */ EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, buf + (*enc_len - c->tag_len)); EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len); /* * Check the tag */ if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) { return (err_status_auth_fail); } /* * Reduce the buffer size by the tag length since the tag * is not part of the original payload */ *enc_len -= c->tag_len; return (err_status_ok); }
static int test_cipher(int i, const EVP_CIPHER *c, struct tests *t) { EVP_CIPHER_CTX ectx; EVP_CIPHER_CTX dctx; void *d; if (c == NULL) { printf("%s not supported\n", t->name); return 0; } EVP_CIPHER_CTX_init(&ectx); EVP_CIPHER_CTX_init(&dctx); if (EVP_CipherInit_ex(&ectx, c, NULL, NULL, NULL, 1) != 1) errx(1, "%s: %d EVP_CipherInit_ex einit", t->name, i); if (EVP_CipherInit_ex(&dctx, c, NULL, NULL, NULL, 0) != 1) errx(1, "%s: %d EVP_CipherInit_ex dinit", t->name, i); EVP_CIPHER_CTX_set_key_length(&ectx, t->keysize); EVP_CIPHER_CTX_set_key_length(&dctx, t->keysize); if (EVP_CipherInit_ex(&ectx, NULL, NULL, t->key, t->iv, 1) != 1) errx(1, "%s: %d EVP_CipherInit_ex encrypt", t->name, i); if (EVP_CipherInit_ex(&dctx, NULL, NULL, t->key, t->iv, 0) != 1) errx(1, "%s: %d EVP_CipherInit_ex decrypt", t->name, i); d = emalloc(t->datasize); if (!EVP_Cipher(&ectx, d, t->indata, t->datasize)) errx(1, "%s: %d EVP_Cipher encrypt failed", t->name, i); if (memcmp(d, t->outdata, t->datasize) != 0) { char *s, *s2; hex_encode(d, t->datasize, &s); hex_encode(t->outdata, t->datasize, &s2); errx(1, "%s: %d encrypt not the same: %s != %s", t->name, i, s, s2); } if (!EVP_Cipher(&dctx, d, d, t->datasize)) errx(1, "%s: %d EVP_Cipher decrypt failed", t->name, i); if (memcmp(d, t->indata, t->datasize) != 0) { char *s; hex_encode(d, t->datasize, &s); errx(1, "%s: %d decrypt not the same: %s", t->name, i, s); } if (t->outiv) /* XXXX check */; EVP_CIPHER_CTX_cleanup(&ectx); EVP_CIPHER_CTX_cleanup(&dctx); free(d); return 0; }
int _krb5_evp_encrypt_iov(krb5_context context, struct _krb5_key_data *key, struct krb5_crypto_iov *iov, int niov, krb5_boolean encryptp, int usage, void *ivec) { size_t blocksize, blockmask, wholeblocks; struct _krb5_evp_schedule *ctx = key->schedule->data; unsigned char tmp[EVP_MAX_BLOCK_LENGTH]; EVP_CIPHER_CTX *c; struct _krb5_evp_iov_cursor cursor; c = encryptp ? &ctx->ectx : &ctx->dctx; blocksize = EVP_CIPHER_CTX_block_size(c); blockmask = ~(blocksize - 1); if (ivec) EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1); else EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1); _krb5_evp_iov_cursor_init(&cursor, iov, niov); while (!_krb5_evp_iov_cursor_done(&cursor)) { /* Number of bytes of data in this iovec that are in whole blocks */ wholeblocks = cursor.current.length & ~blockmask; if (wholeblocks != 0) { EVP_Cipher(c, cursor.current.data, cursor.current.data, wholeblocks); _krb5_evp_iov_cursor_advance(&cursor, wholeblocks); } /* If there's a partial block of data remaining in the current * iovec, steal enough from subsequent iovecs to form a whole block */ if (cursor.current.length > 0 && cursor.current.length < blocksize) { /* Build up a block's worth of data in tmp, leaving the cursor * pointing at where we started */ _krb5_evp_iov_cursor_fillbuf(&cursor, tmp, blocksize, NULL); EVP_Cipher(c, tmp, tmp, blocksize); /* Copy the data in tmp back into the iovecs that it came from, * advancing the cursor */ _krb5_evp_iov_cursor_fillvec(&cursor, tmp, blocksize); } } return 0; }
void cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len) { if (len % cc->cipher->block_size) fatal("cipher_encrypt: bad plaintext length %d", len); #ifdef SSH_OLD_EVP EVP_Cipher(&cc->evp, dest, (u_char *)src, len); #else if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0) fatal("evp_crypt: EVP_Cipher failed"); #endif }
static int ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len) { struct ssh1_3des_ctx *c; if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) return 0; if (EVP_Cipher(&c->k1, dest, __UNCONST(src), len) == 0 || EVP_Cipher(&c->k2, dest, dest, len) == 0 || EVP_Cipher(&c->k3, dest, dest, len) == 0) return 0; return 1; }
static int ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len) { struct ssh1_3des_ctx *c; if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { error("ssh1_3des_cbc: no context"); return (0); } if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 || EVP_Cipher(&c->k2, dest, dest, len) == 0 || EVP_Cipher(&c->k3, dest, dest, len) == 0) return (0); return (1); }
static int test_bulk_cipher(const char *cname, const EVP_CIPHER *c) { static unsigned char key[16]; static unsigned char iv[16]; int i; int64_t M = 0; for (i = 0; i < loops; i++) { EVP_CIPHER_CTX ectx; EVP_CIPHER_CTX dctx; STATS_START(M) EVP_CIPHER_CTX_init(&ectx); EVP_CIPHER_CTX_init(&dctx); if (EVP_CipherInit_ex(&ectx, c, NULL, NULL, NULL, 1) != 1) errx(1, "can't init encrypt"); if (EVP_CipherInit_ex(&dctx, c, NULL, NULL, NULL, 0) != 1) errx(1, "can't init decrypt"); EVP_CIPHER_CTX_set_key_length(&ectx, sizeof(key)); EVP_CIPHER_CTX_set_key_length(&dctx, sizeof(key)); if (EVP_CipherInit_ex(&ectx, NULL, NULL, key, iv, 1) != 1) errx(1, "can't init encrypt"); if (EVP_CipherInit_ex(&dctx, NULL, NULL, key, iv, 0) != 1) errx(1, "can't init decrypt"); if (!EVP_Cipher(&ectx, d, d, len)) errx(1, "can't encrypt"); if (!EVP_Cipher(&dctx, d, d, len)) errx(1, "can't decrypt"); EVP_CIPHER_CTX_cleanup(&ectx); EVP_CIPHER_CTX_cleanup(&dctx); STATS_END(M); if (d[0] != 0x00 || d[len - 1] != ((len - 1) & 0xff)) errx(1, "encrypt/decrypt inconsistent"); } printf("%s: mean time %llu usec%s\n", cname, M, (M == 1) ? "" : "s"); return 0; }
/* * cipher_crypt() operates as following: * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'. * Theses bytes are treated as additional authenticated data for * authenticated encryption modes. * En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag. * This tag is written on encryption and verified on decryption. * Both 'aadlen' and 'authlen' can be set to 0. * cipher_crypt() returns 0 on success and -1 if the decryption integrity * check fails. */ int cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen) { if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, aadlen, authlen, cc->encrypt); if (authlen) { u_char lastiv[1]; if (authlen != cipher_authlen(cc->cipher)) fatal("%s: authlen mismatch %d", __func__, authlen); /* increment IV */ if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv)) fatal("%s: EVP_CTRL_GCM_IV_GEN", __func__); /* set tag on decyption */ if (!cc->encrypt && !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_TAG, authlen, (u_char *)src + aadlen + len)) fatal("%s: EVP_CTRL_GCM_SET_TAG", __func__); } if (aadlen) { if (authlen && EVP_Cipher(&cc->evp, NULL, (u_char *)src, aadlen) < 0) fatal("%s: EVP_Cipher(aad) failed", __func__); memcpy(dest, src, aadlen); } if (len % cc->cipher->block_size) fatal("%s: bad plaintext length %d", __func__, len); if (EVP_Cipher(&cc->evp, dest + aadlen, (u_char *)src + aadlen, len) < 0) fatal("%s: EVP_Cipher failed", __func__); if (authlen) { /* compute tag (on encrypt) or verify tag (on decrypt) */ if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0) { if (cc->encrypt) fatal("%s: EVP_Cipher(final) failed", __func__); else return -1; } if (cc->encrypt && !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG, authlen, dest + aadlen + len)) fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__); } return 0; }
krb5_error_code _krb5_evp_encrypt(krb5_context context, struct _krb5_key_data *key, void *data, size_t len, krb5_boolean encryptp, int usage, void *ivec) { struct _krb5_evp_schedule *ctx = key->schedule->data; EVP_CIPHER_CTX *c; c = encryptp ? &ctx->ectx : &ctx->dctx; if (ivec == NULL) { /* alloca ? */ size_t len2 = EVP_CIPHER_CTX_iv_length(c); void *loiv = malloc(len2); if (loiv == NULL) return krb5_enomem(context); memset(loiv, 0, len2); EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1); free(loiv); } else EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1); EVP_Cipher(c, data, data, len); return 0; }
int tls_process_record_data(struct SSLConnection *conn, const opaque *fragment, const int len, uint8_t **out, uint32_t *outl) { EVP_CIPHER_CTX *evp; unsigned char pad; unsigned char *decoded; uint32_t dlen; if (conn->direction == 0) { evp = &conn->client_cipher_ctx; } else { evp = &conn->server_cipher_ctx; } decoded = sng_malloc(len); EVP_Cipher(evp, decoded, (unsigned char *) fragment, len); // Get padding counter and remove from data pad = decoded[len - 1]; dlen = (len - (pad + 1) - /* Trailing MAC */20); if ((int32_t)dlen > 0 && dlen <= *outl) { memcpy(*out, decoded, dlen); *outl = dlen; } // Clenaup decoded memory sng_free(decoded); return *outl; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_des_checksum(krb5_context context, const EVP_MD *evp_md, struct _krb5_key_data *key, const void *data, size_t len, Checksum *cksum) { struct _krb5_evp_schedule *ctx = key->schedule->data; EVP_MD_CTX *m; DES_cblock ivec; unsigned char *p = cksum->checksum.data; krb5_generate_random_block(p, 8); m = EVP_MD_CTX_create(); if (m == NULL) return krb5_enomem(context); EVP_DigestInit_ex(m, evp_md, NULL); EVP_DigestUpdate(m, p, 8); EVP_DigestUpdate(m, data, len); EVP_DigestFinal_ex (m, p + 8, NULL); EVP_MD_CTX_destroy(m); memset (&ivec, 0, sizeof(ivec)); EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1); EVP_Cipher(&ctx->ectx, p, p, 24); return 0; }
int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, const EVP_CIPHER *cipher, ENGINE *impl) { static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH]; #ifdef OPENSSL_FIPS if (FIPS_mode()) { /* If we have an ENGINE need to allow non FIPS */ if ((impl || ctx->cctx.engine) && !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS); return 0; } /* Other algorithm blocking will be done in FIPS_cmac_init, * via FIPS_cipherinit(). */ if (!impl && !ctx->cctx.engine) return FIPS_cmac_init(ctx, key, keylen, cipher, NULL); } #endif /* All zeros means restart */ if (!key && !cipher && !impl && keylen == 0) { /* Not initialised */ if (ctx->nlast_block == -1) return 0; if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; return 1; } /* Initialiase context */ if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL)) return 0; /* Non-NULL key means initialisation complete */ if (key) { int bl; if (!EVP_CIPHER_CTX_cipher(&ctx->cctx)) return 0; if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen)) return 0; if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv)) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl)) return 0; make_kn(ctx->k1, ctx->tbl, bl); make_kn(ctx->k2, ctx->k1, bl); OPENSSL_cleanse(ctx->tbl, bl); /* Reset context again ready for first data block */ if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; /* Zero tbl so resume works */ memset(ctx->tbl, 0, bl); ctx->nlast_block = 0; } return 1; }
/* * This function processes the AAD * * Parameters: * c Crypto context * aad Additional data to process for AEAD cipher suites * aad_len length of aad buffer */ static srtp_err_status_t srtp_aes_gcm_openssl_set_aad(void *cv, const uint8_t *aad, uint32_t aad_len) { srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; int rv; /* * Set dummy tag, OpenSSL requires the Tag to be set before * processing AAD */ /* * OpenSSL never write to address pointed by the last parameter of * EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality, * OpenSSL copy its content to the context), so we can make * aad read-only in this function and all its wrappers. */ unsigned char dummy_tag[GCM_AUTH_TAG_LEN]; memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN); EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, &dummy_tag); rv = EVP_Cipher(c->ctx, NULL, aad, aad_len); if (rv != aad_len) { return (srtp_err_status_algo_fail); } else { return (srtp_err_status_ok); } }
krb5_error_code _krb5_des_checksum(krb5_context context, CCDigestAlg alg, struct _krb5_key_data *key, const void *data, size_t len, Checksum *cksum) { struct _krb5_evp_schedule *ctx = key->schedule->data; CCDigestRef m; unsigned char ivec[8]; unsigned char *p = cksum->checksum.data; krb5_generate_random_block(p, 8); m = CCDigestCreate(alg); if (m == NULL) { krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } CCDigestUpdate(m, p, 8); CCDigestUpdate(m, data, len); CCDigestFinal(m, p + 8); CCDigestDestroy(m); memset (&ivec, 0, sizeof(ivec)); EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)ivec, -1); EVP_Cipher(&ctx->ectx, p, p, 24); return 0; }
int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) { int i, bl, lb; #ifdef OPENSSL_FIPS if (FIPS_mode() && !ctx->cctx.engine) return FIPS_cmac_final(ctx, out, poutlen); #endif if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); *poutlen = (size_t)bl; if (!out) return 1; lb = ctx->nlast_block; /* Is last block complete? */ if (lb == bl) { for (i = 0; i < bl; i++) out[i] = ctx->last_block[i] ^ ctx->k1[i]; } else { ctx->last_block[lb] = 0x80; if (bl - lb > 1) memset(ctx->last_block + lb + 1, 0, bl - lb - 1); for (i = 0; i < bl; i++) out[i] = ctx->last_block[i] ^ ctx->k2[i]; } if (!EVP_Cipher(&ctx->cctx, out, out, bl)) { OPENSSL_cleanse(out, bl); return 0; } return 1; }
/* read/writes from s->s2->mac_data using length for encrypt and * decrypt. It sets s->s2->padding and s->[rw]length * if we are encrypting */ void ssl2_enc(SSL *s, int send) { EVP_CIPHER_CTX *ds; unsigned long l; int bs; if (send) { ds=s->enc_write_ctx; l=s->s2->wlength; } else { ds=s->enc_read_ctx; l=s->s2->rlength; } /* check for NULL cipher */ if (ds == NULL) return; bs=ds->cipher->block_size; /* This should be using (bs-1) and bs instead of 7 and 8, but * what the hell. */ if (bs == 8) l=(l+7)/8*8; EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l); }
static int test_cipher(struct tests *t) { const EVP_CIPHER *c = t->cipher(); EVP_CIPHER_CTX ectx; EVP_CIPHER_CTX dctx; void *d; EVP_CIPHER_CTX_init(&ectx); EVP_CIPHER_CTX_init(&dctx); if (EVP_CipherInit_ex(&ectx, c, NULL, NULL, NULL, 1) != 1) errx(1, "%s: EVP_CipherInit_ex einit", t->name); if (EVP_CipherInit_ex(&dctx, c, NULL, NULL, NULL, 0) != 1) errx(1, "%s: EVP_CipherInit_ex dinit", t->name); EVP_CIPHER_CTX_set_key_length(&ectx, t->keysize); EVP_CIPHER_CTX_set_key_length(&dctx, t->keysize); if (EVP_CipherInit_ex(&ectx, NULL, NULL, t->key, t->iv, 1) != 1) errx(1, "%s: EVP_CipherInit_ex encrypt", t->name); if (EVP_CipherInit_ex(&dctx, NULL, NULL, t->key, t->iv, 0) != 1) errx(1, "%s: EVP_CipherInit_ex decrypt", t->name); d = emalloc(t->datasize); if (!EVP_Cipher(&ectx, d, t->indata, t->datasize)) return 1; if (memcmp(d, t->outdata, t->datasize) != 0) errx(1, "%s: encrypt not the same", t->name); if (!EVP_Cipher(&dctx, d, d, t->datasize)) return 1; if (memcmp(d, t->indata, t->datasize) != 0) errx(1, "%s: decrypt not the same", t->name); if (t->outiv) /* XXXX check */; EVP_CIPHER_CTX_cleanup(&ectx); EVP_CIPHER_CTX_cleanup(&dctx); free(d); return 0; }
void cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len) { if (len % cc->cipher->block_size) fatal("cipher_encrypt: bad plaintext length %d", len); if (EVP_Cipher(&cc->evp, dest, __UNCONST(src), len) == 0) fatal("evp_crypt: EVP_Cipher failed"); }
void cipher_init(CipherContext *cc, Cipher *cipher, const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, int do_encrypt) { static int dowarn = 1; const EVP_CIPHER *type; int klen; u_char *junk, *discard; if (cipher->number == SSH_CIPHER_DES) { if (dowarn) { error("Warning: use of DES is strongly discouraged " "due to cryptographic weaknesses"); dowarn = 0; } if (keylen > 8) keylen = 8; } cc->plaintext = (cipher->number == SSH_CIPHER_NONE); if (keylen < cipher->key_len) fatal("cipher_init: key length %d is insufficient for %s.", keylen, cipher->name); if (iv != NULL && ivlen < cipher->block_size) fatal("cipher_init: iv length %d is insufficient for %s.", ivlen, cipher->name); cc->cipher = cipher; type = (*cipher->evptype)(); EVP_CIPHER_CTX_init(&cc->evp); if (EVP_CipherInit(&cc->evp, type, NULL, __UNCONST(iv), (do_encrypt == CIPHER_ENCRYPT)) == 0) fatal("cipher_init: EVP_CipherInit failed for %s", cipher->name); klen = EVP_CIPHER_CTX_key_length(&cc->evp); if (klen > 0 && keylen != (u_int)klen) { debug2("cipher_init: set keylen (%d -> %d)", klen, keylen); if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) fatal("cipher_init: set keylen failed (%d -> %d)", klen, keylen); } if (EVP_CipherInit(&cc->evp, NULL, __UNCONST(key), NULL, -1) == 0) fatal("cipher_init: EVP_CipherInit: set key failed for %s", cipher->name); if (cipher->discard_len > 0) { junk = xmalloc(cipher->discard_len); discard = xmalloc(cipher->discard_len); if (EVP_Cipher(&cc->evp, discard, junk, cipher->discard_len) == 0) fatal("evp_crypt: EVP_Cipher failed during discard"); memset(discard, 0, cipher->discard_len); xfree(junk); xfree(discard); } }
int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) { const unsigned char *data = in; size_t bl; #ifdef OPENSSL_FIPS if (FIPS_mode() && !ctx->cctx.engine) return FIPS_cmac_update(ctx, in, dlen); #endif if (ctx->nlast_block == -1) return 0; if (dlen == 0) return 1; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); /* Copy into partial block if we need to */ if (ctx->nlast_block > 0) { size_t nleft; nleft = bl - ctx->nlast_block; if (dlen < nleft) nleft = dlen; memcpy(ctx->last_block + ctx->nlast_block, data, nleft); dlen -= nleft; ctx->nlast_block += nleft; /* If no more to process return */ if (dlen == 0) return 1; data += nleft; /* Else not final block so encrypt it */ if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block,bl)) return 0; } /* Encrypt all but one of the complete blocks left */ while(dlen > bl) { if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl)) return 0; dlen -= bl; data += bl; } /* Copy any data left to last block buffer */ memcpy(ctx->last_block, data, dlen); ctx->nlast_block = dlen; return 1; }
static int cipher_do_cipher(hc_EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int len) { struct ossl_cipher_ctx *ossl_ctx = ctx->cipher_data; assert(ossl_ctx != NULL); return EVP_Cipher(ossl_ctx->ossl_cipher_ctx, out, in, len); }
/* * cipher_crypt() operates as following: * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'. * Theses bytes are treated as additional authenticated data for * authenticated encryption modes. * En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag. * This tag is written on encryption and verified on decryption. * Both 'aadlen' and 'authlen' can be set to 0. */ void cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen) { if (authlen) { u_char lastiv[1]; if (authlen != cipher_authlen(cc->cipher)) fatal("%s: authlen mismatch %d", __func__, authlen); /* increment IV */ if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv)) fatal("%s: EVP_CTRL_GCM_IV_GEN", __func__); /* set tag on decyption */ if (!cc->encrypt && !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_TAG, authlen, __UNCONST(src + aadlen + len))) fatal("%s: EVP_CTRL_GCM_SET_TAG", __func__); } if (aadlen) { if (authlen && EVP_Cipher(&cc->evp, NULL, (const u_char *)src, aadlen) < 0) fatal("%s: EVP_Cipher(aad) failed", __func__); memcpy(dest, src, aadlen); } if (len % cc->cipher->block_size) fatal("%s: bad plaintext length %d", __func__, len); if (EVP_Cipher(&cc->evp, dest + aadlen, (const u_char *)src + aadlen, len) < 0) fatal("%s: EVP_Cipher failed", __func__); if (authlen) { /* compute tag (on encrypt) or verify tag (on decrypt) */ if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0) { if (cc->encrypt) fatal("%s: EVP_Cipher(final) failed", __func__); else fatal("Decryption integrity check failed"); } if (cc->encrypt && !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG, authlen, dest + aadlen + len)) fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__); } }
int sftp_cipher_write_data(struct ssh2_packet *pkt, unsigned char *buf, size_t *buflen) { struct sftp_cipher *cipher; EVP_CIPHER_CTX *cipher_ctx; cipher = &(write_ciphers[write_cipher_idx]); cipher_ctx = write_ctxs[write_cipher_idx]; if (cipher->key) { int res; unsigned char *data, *ptr; uint32_t datalen, datasz = sizeof(uint32_t) + pkt->packet_len; datalen = datasz; ptr = data = palloc(pkt->pool, datasz); sftp_msg_write_int(&data, &datalen, pkt->packet_len); sftp_msg_write_byte(&data, &datalen, pkt->padding_len); sftp_msg_write_data(&data, &datalen, pkt->payload, pkt->payload_len, FALSE); sftp_msg_write_data(&data, &datalen, pkt->padding, pkt->padding_len, FALSE); res = EVP_Cipher(cipher_ctx, buf, ptr, (datasz - datalen)); if (res != 1) { (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, "error encrypting %s data for client: %s", cipher->algo, sftp_crypto_get_errors()); errno = EIO; return -1; } *buflen = (datasz - datalen); #ifdef SFTP_DEBUG_PACKET { unsigned int i; (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, "encrypted packet data (len %lu):", (unsigned long) *buflen); for (i = 0; i < *buflen;) { (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION, " %02x%02x %02x%02x %02x%02x %02x%02x", ((unsigned char *) buf)[i], ((unsigned char *) buf)[i+1], ((unsigned char *) buf)[i+2], ((unsigned char *) buf)[i+3], ((unsigned char *) buf)[i+4], ((unsigned char *) buf)[i+5], ((unsigned char *) buf)[i+6], ((unsigned char *) buf)[i+7]); i += 8; } } #endif return 0; } *buflen = 0; return 0; }
int cipher_crypt(struct sshcipher_ctx *cc, u_char *dest, const u_char *src, u_int len) { if (len % cc->cipher->block_size) return SSH_ERR_INVALID_ARGUMENT; if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0) return SSH_ERR_LIBCRYPTO_ERROR; return 0; }
static krb5_error_code AES_PRF(krb5_context context, krb5_crypto crypto, const krb5_data *in, krb5_data *out) { struct _krb5_checksum_type *ct = crypto->et->checksum; krb5_error_code ret; Checksum result; krb5_keyblock *derived; result.cksumtype = ct->type; ret = krb5_data_alloc(&result.checksum, ct->checksumsize); if (ret) { krb5_set_error_message(context, ret, N_("malloc: out memory", "")); return ret; } ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); if (ret) { krb5_data_free(&result.checksum); return ret; } if (result.checksum.length < crypto->et->blocksize) krb5_abortx(context, "internal prf error"); derived = NULL; ret = krb5_derive_key(context, crypto->key.key, crypto->et->type, "prf", 3, &derived); if (ret) krb5_abortx(context, "krb5_derive_key"); ret = krb5_data_alloc(out, crypto->et->blocksize); if (ret) krb5_abortx(context, "malloc failed"); { const EVP_CIPHER *c = (*crypto->et->keytype->evp)(); EVP_CIPHER_CTX *ctx; ctx = EVP_CIPHER_CTX_new(); /* ivec all zero */ if (ctx == NULL) krb5_abortx(context, "malloc failed"); EVP_CipherInit_ex(ctx, c, NULL, derived->keyvalue.data, NULL, 1); EVP_Cipher(ctx, out->data, result.checksum.data, crypto->et->blocksize); EVP_CIPHER_CTX_free(ctx); } krb5_data_free(&result.checksum); krb5_free_keyblock(context, derived); return ret; }
int _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx, _libssh2_cipher_type(algo), int encrypt, unsigned char *block, size_t blocksize) { unsigned char buf[EVP_MAX_BLOCK_LENGTH]; int ret; (void) algo; (void) encrypt; #ifdef HAVE_OPAQUE_STRUCTS ret = EVP_Cipher(*ctx, buf, block, blocksize); #else ret = EVP_Cipher(ctx, buf, block, blocksize); #endif if(ret == 1) { memcpy(block, buf, blocksize); } return ret == 1 ? 0 : 1; }
/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext */ static int FIPS_aes_test(void) { int ret = 0; unsigned char pltmp[16]; unsigned char citmp[16]; unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16}; unsigned char plaintext[16] = "etaonrishdlcu"; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0) goto err; EVP_Cipher(&ctx, citmp, plaintext, 16); if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0) goto err; EVP_Cipher(&ctx, pltmp, citmp, 16); if (memcmp(pltmp, plaintext, 16)) goto err; ret = 1; err: EVP_CIPHER_CTX_cleanup(&ctx); return ret; }
/* * This function encrypts a buffer using AES GCM mode * * Parameters: * c Crypto context * buf data to encrypt * enc_len length of encrypt buffer */ static srtp_err_status_t srtp_aes_gcm_openssl_encrypt (srtp_aes_gcm_ctx_t *c, unsigned char *buf, unsigned int *enc_len) { if (c->dir != direction_encrypt && c->dir != direction_decrypt) { return (srtp_err_status_bad_param); } /* * Encrypt the data */ EVP_Cipher(&c->ctx, buf, buf, *enc_len); return (srtp_err_status_ok); }
/* * this will adjust ndo_packetp and ndo_snapend to new buffer! */ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, int initiator, u_char spii[8], u_char spir[8], __capability u_char *buf, packetbody_t end) { struct sa_list *sa; __capability const u_char *iv; int len; EVP_CIPHER_CTX ctx; /* initiator arg is any non-zero value */ if(initiator) initiator=1; /* see if we can find the SA, and if so, decode it */ for (sa = ndo->ndo_sa_list_head; sa != NULL; sa = sa->next) { if (sa->spi == 0 && initiator == sa->initiator && memcmp(spii, sa->spii, 8) == 0 && memcmp(spir, sa->spir, 8) == 0) break; } if(sa == NULL) return 0; if(sa->evp == NULL) return 0; /* * remove authenticator, and see if we still have something to * work with */ end = end - sa->authlen; iv = buf; buf = buf + sa->ivlen; len = end-buf; if(end <= buf) return 0; memset(&ctx, 0, sizeof(ctx)); if (EVP_CipherInit(&ctx, sa->evp, sa->secret, NULL, 0) < 0) (*ndo->ndo_warning)(ndo, "espkey init failed"); EVP_CipherInit(&ctx, NULL, NULL, iv, 0); EVP_Cipher(&ctx, buf, buf, len); EVP_CIPHER_CTX_cleanup(&ctx); /* XXX-BD: should create new capability on CHERI */ ndo->ndo_packetp = buf; ndo->ndo_snapend = end; return 1; }