void ltc_init(void)
{
int cipherID;
unsigned char key[ENCRYPTION_KEY_LENGTH];
#if defined(ENCRYPTION_CTR) || defined(ENCRYPTION_CBC)
unsigned char IV[ENCRYPTION_BLOCK_LENGTH];
#endif
TRACE_DEBUG("LTC: Initializing ...\n\r");
// Register cipher
register_cipher(&CIPHER_DESC);
cipherID = find_cipher(CIPHER_NAME);
// Load key
ASCII2Hex(ENCRYPTION_KEY, key, ENCRYPTION_KEY_LENGTH);
#if defined(ENCRYPTION_CTR) || defined(ENCRYPTION_CBC)
// Load IV
ASCII2Hex(ENCRYPTION_IV, IV, ENCRYPTION_BLOCK_LENGTH);
#endif
// Start decryption mode
#if defined(ENCRYPTION_ECB)
ecb_start(cipherID, key, ENCRYPTION_KEY_LENGTH, 0, &sECB);
#elif defined(ENCRYPTION_CBC)
cbc_start(cipherID, IV, key, ENCRYPTION_KEY_LENGTH, 0, &sCBC);
#elif defined(ENCRYPTION_CTR)
ctr_start(cipherID, IV, key, ENCRYPTION_KEY_LENGTH, 0, CTR_COUNTER_BIG_ENDIAN, &sCTR);
#endif
TRACE_DEBUG("LTC: Initialization done.\n\r");
}
int main(int argc, char *argv[]){
/* Similar situation as before,
only the test vector is more complex.*/
unsigned char key[32];
bzero(key, 32);
unsigned char initcount[16];
bzero(initcount,16);
initcount[15]=1; //For test usage
unsigned char input[32];
bzero(input, 32);
unsigned char output[32]; //counter mode: assume xor works
bzero(output, 32);
aes256ctr(output, input, 32, key, initcount);
for(int i=0; i<32; i++) printf("%02x ", output[i]);
printf("\n");
symmetric_CTR ctr;
bzero(output, 32);
register_cipher(&aes_desc);
ctr_start(find_cipher("aes"), initcount, key, 32, 0, CTR_COUNTER_BIG_ENDIAN,
&ctr);
ctr_encrypt(input, output, 32, &ctr);
ctr_done(&ctr);
for(int i=0; i<32; i++) printf("%02x ", output[i]);
printf("\n");
exit(0);
}
/**
Make the PRNG ready to read from
@param prng The PRNG to make active
@return CRYPT_OK if successful
*/
int yarrow_ready(prng_state *prng)
{
int ks, err;
LTC_ARGCHK(prng != NULL);
if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) {
return err;
}
if ((err = cipher_is_valid(prng->yarrow.cipher)) != CRYPT_OK) {
return err;
}
/* setup CTR mode using the "pool" as the key */
ks = (int)hash_descriptor[prng->yarrow.hash].hashsize;
if ((err = cipher_descriptor[prng->yarrow.cipher].keysize(&ks)) != CRYPT_OK) {
return err;
}
if ((err = ctr_start(prng->yarrow.cipher, /* what cipher to use */
prng->yarrow.pool, /* IV */
prng->yarrow.pool, ks, /* KEY and key size */
0, /* number of rounds */
CTR_COUNTER_LITTLE_ENDIAN, /* little endian counter */
&prng->yarrow.ctr)) != CRYPT_OK) {
return err;
}
return CRYPT_OK;
}
int ctr_test(void)
{
#ifdef LTC_NO_TEST
return CRYPT_NOP;
#else
static const struct {
int keylen, msglen;
unsigned char key[32], IV[16], pt[64], ct[64];
} tests[] = {
/* 128-bit key, 16-byte pt */
{
16, 16,
{0xAE,0x68,0x52,0xF8,0x12,0x10,0x67,0xCC,0x4B,0xF7,0xA5,0x76,0x55,0x77,0xF3,0x9E },
{0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
{0x53,0x69,0x6E,0x67,0x6C,0x65,0x20,0x62,0x6C,0x6F,0x63,0x6B,0x20,0x6D,0x73,0x67 },
{0xE4,0x09,0x5D,0x4F,0xB7,0xA7,0xB3,0x79,0x2D,0x61,0x75,0xA3,0x26,0x13,0x11,0xB8 },
},
/* 128-bit key, 36-byte pt */
{
16, 36,
{0x76,0x91,0xBE,0x03,0x5E,0x50,0x20,0xA8,0xAC,0x6E,0x61,0x85,0x29,0xF9,0xA0,0xDC },
{0x00,0xE0,0x01,0x7B,0x27,0x77,0x7F,0x3F,0x4A,0x17,0x86,0xF0,0x00,0x00,0x00,0x00 },
{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,
0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,
0x20,0x21,0x22,0x23
},
{ 0xC1,0xCF,0x48,0xA8,0x9F,0x2F,0xFD,0xD9,0xCF,0x46,0x52,0xE9,0xEF,0xDB,0x72,0xD7,
0x45,0x40,0xA4,0x2B,0xDE,0x6D,0x78,0x36,0xD5,0x9A,0x5C,0xEA,0xAE,0xF3,0x10,0x53,
0x25,0xB2,0x07,0x2F
},
},
};
int idx, err, x;
unsigned char buf[64];
symmetric_CTR ctr;
/* AES can be under rijndael or aes... try to find it */
if ((idx = find_cipher("aes")) == -1) {
if ((idx = find_cipher("rijndael")) == -1) {
return CRYPT_NOP;
}
}
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
if ((err = ctr_start(idx, tests[x].IV, tests[x].key, tests[x].keylen, 0, CTR_COUNTER_BIG_ENDIAN|LTC_CTR_RFC3686, &ctr)) != CRYPT_OK) {
return err;
}
if ((err = ctr_encrypt(tests[x].pt, buf, tests[x].msglen, &ctr)) != CRYPT_OK) {
return err;
}
ctr_done(&ctr);
if (XMEMCMP(buf, tests[x].ct, tests[x].msglen)) {
return CRYPT_FAIL_TESTVECTOR;
}
}
return CRYPT_OK;
#endif
}
void Encrypt(PK0304* le, AE_EXTRA* ae, char* password)
{
char *salt, *key1, *key2, *check, digest[40];
u32 key_len = KeySize*2 + 2;
u32 dig_len = 40;
salt = BUF;
key1 = salt+SaltSize;
key2 = key1+KeySize;
check = key2+KeySize;
/* Gets a random salt (8-16 byte) */
sprng_read(salt, SaltSize, 0);
/* Generates 2 keys for AES and HMAC, plus 2-byte password verification value */
if (pkcs_5_alg2(password, strlen(password), salt, SaltSize, 1000, 0, key1, &key_len) != CRYPT_OK)
Z_ERROR("Failed to derive encryption keys");
// dump("salt", salt, SaltSize);
// dump("key", key1, KeySize);
if (ctr_start(0, IV, key1, KeySize, 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) != CRYPT_OK)
Z_ERROR("Failed to setup AES CTR encoder");
#ifdef GLADMAN_HMAC
hmac_sha1_begin(&hmac);
hmac_sha1_key(key2, KeySize, &hmac);
#else
if (hmac_init(&hmac, 0, key2, KeySize) != CRYPT_OK)
Z_ERROR("Failed to setup HMAC-SHA1");
#endif
if (AE2) le->Crc32 = 0;
le->Flag |= 1;
le->CompMethod = 99;
le->ExtraLen += 11;
le->CompSize += SaltSize + 12; /* variable salt, fixed password check and hmac */
safeWrite(ZOUT, le, sizeof(PK0304));
fileCopy(ZOUT, ZIN, le->NameLen+le->ExtraLen-11);
safeWrite(ZOUT, ae, 11);
safeWrite(ZOUT, salt, SaltSize);
safeWrite(ZOUT, check, 2);
/* encrypt contents */
fileFilter(ZOUT, ZIN, le->CompSize-SaltSize-12);
#ifdef GLADMAN_HMAC
hmac_sha1_end(digest, dig_len, &hmac);
#else
if (hmac_done(&hmac, digest, &dig_len) != CRYPT_OK)
Z_ERROR("Failed to computate HMAC");
#endif
safeWrite(ZOUT, digest, 10);
ctr_done(&ctr);
}
int symmetricEncrypt(unsigned char *key, unsigned long keylen, unsigned char *in, unsigned long len, unsigned char *IV, unsigned long ivlen)
{
symmetric_CTR ctr;
int err;
/* register aes first */
if ((err = register_cipher(&rijndael_desc)) == -1) {
return ERROR_REG_AES;
}
/* start up CTR mode */
if ((err = ctr_start(
find_cipher("rijndael"), /* index of desired cipher */
IV, /* the initial vecoter */
key, /* the secret key */
keylen, /* length of secret key */
0,
CTR_COUNTER_LITTLE_ENDIAN,
&ctr)
) != CRYPT_OK) {
//printf("%s\n", error_to_string(err));
return err;
}
/*
printf("from libcrypt: \n");
for(i = 0; i < 30; i++)
printf("%02x ", in[i]);
printf("\n");
fflush(stdout);
*/
if ((err = ctr_encrypt( in, /* plaintext */
in, /* ciphertext */
len, /* length of plaintext */
&ctr) /* CTR state */
) != CRYPT_OK) {
return err;
}
if ((err = ctr_done(&ctr)) != CRYPT_OK) {
return err;
}
return CRYPT_OK;
}
int symmetricDecrypt(unsigned char *key, unsigned long keylen, unsigned char *in, unsigned long len, unsigned char *IV, unsigned long ivlen)
{
symmetric_CTR ctr;
int err;
/* register aes first */
if (register_cipher(&rijndael_desc) == -1) {
return ERROR_REG_AES;
}
/* start up CTR mode */
if ((err = ctr_start(
find_cipher("rijndael"), /* index of desired cipher */
IV, /* the initial vecoter */
key, /* the secret key */
keylen, /* length of secret key */
0,
CTR_COUNTER_LITTLE_ENDIAN,
&ctr)
) != CRYPT_OK) {
return err;
}
// if ((err = ctr_setiv( IV, /* the initial IV we gave to ctr_start */
// 16, /* the IV is 16 bytes long */
// &ctr) /* the ctr state we wish to modify */
// ) != CRYPT_OK) {
// printf("ctr_setiv error: %s\n", error_to_string(err));
// return -1;
// }
if ((err = ctr_decrypt( in, /* plaintext */
in, /* ciphertext */
len, /* length of plaintext */
&ctr) /* CTR state */
) != CRYPT_OK) {
return err;
}
if ((err = ctr_done(&ctr)) != CRYPT_OK) {
return err;
}
return CRYPT_OK;
}
void DB_AuthLoad_InitCrypto()
{
if (ffVersion < 319)
{
return;
}
register_hash(&sha256_desc);
register_cipher(&aes_desc);
unsigned char encKey[256];
DB_ReadXFileRawData(encKey, 256);
ZoneKey key;
DB_AuthLoad_DecryptKey(encKey, &key);
int aes = find_cipher("aes");
ctr_start(aes, key.iv, key.key, sizeof(key.key), 0, 0, &ffCTR);
memcpy(ffIV, key.iv, sizeof(ffIV));
}
void ltc_init_3DES_CTR(void)
{
int cipherID;
unsigned char key[ENCRYPTION_KEY_LENGTH];
unsigned char IV[ENCRYPTION_BLOCK_LENGTH];
TRACE_DEBUG("LTC: Initializing CTR...\n\r");
// Register cipher
register_cipher(&des3_desc);
cipherID = find_cipher("3des");
// Load key
ASCII2Hex(ENCRYPTION_KEY, key, ENCRYPTION_KEY_LENGTH);
// Load IV
ASCII2Hex(ENCRYPTION_IV, IV, ENCRYPTION_BLOCK_LENGTH);
// Start decryption mode
ctr_start(cipherID, IV, key, ENCRYPTION_KEY_LENGTH, 0, CTR_COUNTER_BIG_ENDIAN, &sCTR);
TRACE_DEBUG("LTC: Initialization done.\n\r");
}
static int
EncryptCTR(
int cipher,
int rounds,
int counterMode,
unsigned char *iv,
unsigned char *key,
unsigned long keyLength,
unsigned char *data,
unsigned long dataLength,
unsigned char *dest
)
{
int status;
symmetric_CTR state;
status = ctr_start(cipher, iv, key, keyLength, rounds, counterMode, &state);
if (status == CRYPT_OK) {
status = ctr_encrypt(data, dest, dataLength, &state);
ctr_done(&state);
}
return status;
}
int modes_test(void)
{
unsigned char pt[64], ct[64], tmp[64], key[16], iv[16], iv2[16];
int x, cipher_idx;
symmetric_CBC cbc;
symmetric_CFB cfb;
symmetric_OFB ofb;
symmetric_CTR ctr;
unsigned long l;
/* make a random pt, key and iv */
yarrow_read(pt, 64, &test_yarrow);
yarrow_read(key, 16, &test_yarrow);
yarrow_read(iv, 16, &test_yarrow);
/* get idx of AES handy */
cipher_idx = find_cipher("aes");
if (cipher_idx == -1) {
printf("test requires AES");
return 1;
}
/* test CBC mode */
/* encode the block */
DO(cbc_start(cipher_idx, iv, key, 16, 0, &cbc));
l = sizeof(iv2);
DO(cbc_getiv(iv2, &l, &cbc));
if (l != 16 || memcmp(iv2, iv, 16)) {
printf("cbc_getiv failed");
return 1;
}
for (x = 0; x < 4; x++) {
DO(cbc_encrypt(pt+x*16, ct+x*16, &cbc));
}
/* decode the block */
DO(cbc_setiv(iv2, l, &cbc));
zeromem(tmp, sizeof(tmp));
for (x = 0; x < 4; x++) {
DO(cbc_decrypt(ct+x*16, tmp+x*16, &cbc));
}
if (memcmp(tmp, pt, 64) != 0) {
printf("CBC failed");
return 1;
}
/* test CFB mode */
/* encode the block */
DO(cfb_start(cipher_idx, iv, key, 16, 0, &cfb));
l = sizeof(iv2);
DO(cfb_getiv(iv2, &l, &cfb));
/* note we don't memcmp iv2/iv since cfb_start processes the IV for the first block */
if (l != 16) {
printf("cfb_getiv failed");
return 1;
}
DO(cfb_encrypt(pt, ct, 64, &cfb));
/* decode the block */
DO(cfb_setiv(iv, l, &cfb));
zeromem(tmp, sizeof(tmp));
DO(cfb_decrypt(ct, tmp, 64, &cfb));
if (memcmp(tmp, pt, 64) != 0) {
printf("CFB failed");
return 1;
}
/* test OFB mode */
/* encode the block */
DO(ofb_start(cipher_idx, iv, key, 16, 0, &ofb));
l = sizeof(iv2);
DO(ofb_getiv(iv2, &l, &ofb));
if (l != 16 || memcmp(iv2, iv, 16)) {
printf("ofb_getiv failed");
return 1;
}
DO(ofb_encrypt(pt, ct, 64, &ofb));
/* decode the block */
DO(ofb_setiv(iv2, l, &ofb));
zeromem(tmp, sizeof(tmp));
DO(ofb_decrypt(ct, tmp, 64, &ofb));
if (memcmp(tmp, pt, 64) != 0) {
printf("OFB failed");
return 1;
}
/* test CTR mode */
/* encode the block */
DO(ctr_start(cipher_idx, iv, key, 16, 0, &ctr));
l = sizeof(iv2);
DO(ctr_getiv(iv2, &l, &ctr));
if (l != 16 || memcmp(iv2, iv, 16)) {
printf("ctr_getiv failed");
return 1;
}
DO(ctr_encrypt(pt, ct, 64, &ctr));
/* decode the block */
DO(ctr_setiv(iv2, l, &ctr));
zeromem(tmp, sizeof(tmp));
DO(ctr_decrypt(ct, tmp, 64, &ctr));
if (memcmp(tmp, pt, 64) != 0) {
printf("CTR failed");
return 1;
}
return 0;
}
int eax_init( const unsigned char key[], unsigned long key_len,
const unsigned char nonce[], unsigned long nonce_len,
const unsigned char hdr[], unsigned long header_len,
eax_state eax[1] )
{
unsigned char *buf;
int err = EXIT_FAILURE;
omac_state *omac;
unsigned long len;
if( header_len > 0 && hdr == NULL )
goto exit3;
if( ( buf = malloc( AES_BLOCK_SIZE ) ) == NULL )
goto exit3;
if( ( omac = malloc( sizeof(*omac) ) ) == NULL )
goto exit2;
memset( buf, 0, AES_BLOCK_SIZE );
if( (err = omac_init(key, key_len, omac)) != EXIT_SUCCESS )
goto exit1;
if( (err = omac_process(buf, AES_BLOCK_SIZE, omac)) != EXIT_SUCCESS )
goto exit1;
if( (err = omac_process(nonce, nonce_len, omac)) != EXIT_SUCCESS )
goto exit1;
len = sizeof( eax->nv );
if( (err = omac_done(eax->nv, &len, omac)) != EXIT_SUCCESS )
goto exit1;
memset( buf, 0, AES_BLOCK_SIZE );
buf[AES_BLOCK_SIZE - 1] = 1;
if( (err = omac_init(key, key_len, eax->hdr_omac)) != EXIT_SUCCESS )
goto exit1;
if( (err = omac_process(buf, AES_BLOCK_SIZE, eax->hdr_omac)) != EXIT_SUCCESS )
goto exit1;
if( header_len != 0 && ( (err = omac_process(hdr, header_len, eax->hdr_omac) ) != EXIT_SUCCESS ) )
goto exit1;
if( (err = ctr_start(eax->nv, key, key_len, 0, CTR_COUNTER_BIG_ENDIAN, eax->ctr) ) != EXIT_SUCCESS )
goto exit1;
if( (err = omac_init(key, key_len, eax->ctx_omac)) != EXIT_SUCCESS )
goto exit1;
memset( buf, 0, AES_BLOCK_SIZE );
buf[AES_BLOCK_SIZE - 1] = 2;
if( (err = omac_process(buf, AES_BLOCK_SIZE, eax->ctx_omac)) != EXIT_SUCCESS )
goto exit1;
err = EXIT_SUCCESS;
exit1:
free( omac );
exit2:
free( buf );
exit3:
return err;
}
/* IF YOU CALL THIS MULTIPLE TIMES WITH THE SAME KEY YOU MUST PROVIDE AN IV POINTER! */
int crypt_data(const unsigned char *data_in,
unsigned char *data_out, size_t data_size,
const unsigned char *data_mkey, size_t data_mkey_size,
unsigned char *data_new_hmac,
const unsigned char *data_chk_hmac,
size_t data_hmac_size,
unsigned char **IV_start,
int mode) {
if (mode != MODE_ENCRYPT && mode != MODE_DECRYPT) {
fprintf(stderr, "crypt_data called with invalid mode %d\n", mode);
return -1;
}
symmetric_CTR ctr;
#ifdef _POSIX_MEMLOCK_RANGE
if (mlock(&ctr, sizeof(ctr)) != 0) {
fprintf(stderr, "WARNING: mlock failed at %s:%d - ", __FILE__, __LINE__);
perror("");
}
#endif
int err;
int ret = 0; /* return code */
unsigned char *IV;
unsigned long IV_size = 16;
int hash_idx = find_hash("sha256");
size_t data_ckey_size, data_hkey_size;
data_ckey_size = data_hkey_size = data_mkey_size;
unsigned char *subkeys = safe_malloc(data_ckey_size + data_hkey_size);
#ifdef _POSIX_MEMLOCK_RANGE
if (mlock(subkeys, data_ckey_size + data_hkey_size) != 0) {
fprintf(stderr, "WARNING: mlock failed at %s:%d - ", __FILE__, __LINE__);
perror("");
}
#endif
unsigned char *data_ckey = subkeys + 0;
unsigned char *data_hkey = subkeys + data_ckey_size;
pbkdf2(data_mkey, data_mkey_size, "H", 1, SUBKEY_ITER, hash_idx, data_hkey, &data_hkey_size);
pbkdf2(data_mkey, data_mkey_size, "C", 1, SUBKEY_ITER, hash_idx, data_ckey, &data_ckey_size);
if (IV_start == NULL || *IV_start == NULL) {
IV = safe_malloc(IV_size);
/* fprintf(stderr, "Initializing key-based IV\n"); */
/* This is at least as secure as starting with a zeroed IV */
pbkdf2(data_mkey, data_mkey_size, "I", 1, SUBKEY_ITER, hash_idx, IV, &IV_size);
}
if (IV_start != NULL) {
if (*IV_start != NULL) {
/* fprintf(stderr, "IV = *IV_start\n"); */
IV = *IV_start;
} else {
/* fprintf(stderr, "*IV_start = IV\n"); */
*IV_start = IV;
}
}
if (mode == MODE_DECRYPT && data_chk_hmac != NULL) {
if ((err = hmac_vrfymem(hash_idx,
data_hkey, data_hkey_size,
data_in, data_size, data_chk_hmac,
(long unsigned int *)&data_hmac_size)) != CRYPT_OK) {
crypt_data_return(THRCR_BADMAC);
}
}
/* LTC_CTR_RFC3686 is needed to avoid reusing a counter value. */
if ((err = ctr_start(find_cipher("aes"), IV, data_ckey, data_ckey_size, 0,
CTR_COUNTER_BIG_ENDIAN | LTC_CTR_RFC3686, &ctr)) != CRYPT_OK) {
fprintf(stderr, "Error initializing cipher: %d\n", err);
crypt_data_return(-1);
}
/* ctr_encrypt is used for both encryption and decryption */
if ((err = ctr_encrypt(data_in, data_out, data_size, &ctr)) != CRYPT_OK) {
fprintf(stderr, "ctr_encrypt error: %s\n", error_to_string(err));
ctr_done(&ctr); /* done with cipher, clean up keys */
crypt_data_return(-1);
}
ctr_done(&ctr); /* done with cipher, clean up keys */
if (mode == MODE_ENCRYPT && data_new_hmac != NULL) {
if ((err = hmac_memory(hash_idx,
data_hkey, data_hkey_size,
data_out, data_size, data_new_hmac,
(long unsigned int *)&data_hmac_size)) != CRYPT_OK) {
fprintf(stderr, "hmac error: %s\n", error_to_string(err));
crypt_data_return(-1);
}
}
crypt_data_return:
/* before actually returning, make sure key material isn't in memory */
MEMWIPE(&ctr, sizeof(ctr));
MEMWIPE(subkeys, data_ckey_size + data_hkey_size);
#ifdef _POSIX_MEMLOCK_RANGE
munlock(subkeys, data_ckey_size + data_hkey_size);
#endif
safe_free(subkeys);
/* save the IV */
if (IV_start != NULL && *IV_start != NULL) {
/* fprintf(stderr, "*IV_start = ctr.ctr\n"); */
ctr_getiv(*IV_start, &IV_size, &ctr);
} else {
safe_free(IV);
}
return ret;
}
/* a wrapper to make ctr_start and cbc_start look the same */
static int dropbear_big_endian_ctr_start(int cipher,
const unsigned char *IV,
const unsigned char *key, int keylen,
int num_rounds, symmetric_CTR *ctr) {
return ctr_start(cipher, IV, key, keylen, num_rounds, CTR_COUNTER_BIG_ENDIAN, ctr);
}
unsigned long decode(FILE *fdin, FILE *fdout)
{
unsigned char plaintext[512],ciphertext[512];
unsigned char tmpkey[512], key[MAXBLOCKSIZE], IV[MAXBLOCKSIZE];
unsigned char inbuf[2048]; /* i/o block size */
unsigned long outlen, y, ivsize, x, wlen;
symmetric_CTR ctr;
int cipher_idx, hash_idx, ks;
char *cipher = "3des";
cipher_idx = find_cipher(cipher);
if (cipher_idx == -1) {
fprintf(stderr, "Invalid cipher(%s)\n", cipher);
exit(-1);
}
hash_idx = find_hash("sha256");
if (hash_idx == -1) {
fprintf(stderr, "SHA256 not found...?\n");
exit(-1);
}
ivsize = cipher_descriptor[cipher_idx].block_length;
ks = hash_descriptor[hash_idx].hashsize;
if (cipher_descriptor[cipher_idx].keysize(&ks) != CRYPT_OK) {
fprintf(stderr, "Invalid keysize???\n");
exit(-1);
}
strcpy(tmpkey, EZPUPGKEY) ;
outlen = sizeof(key);
if ((my_errno = hash_memory(hash_idx,tmpkey,strlen((char *)tmpkey),key,&outlen)) != CRYPT_OK) {
fprintf(stderr, "Error hashing key: %s\n", error_to_string(my_errno));
exit(-1);
}
/* Decrypt only */
/* Need to read in IV */
if (fread(IV,1,ivsize,fdin) != ivsize) {
fprintf(stderr, "Error reading IV from input.\n");
exit(-1);
}
if ((my_errno = ctr_start(cipher_idx,IV,key,ks,0,&ctr)) != CRYPT_OK) {
fprintf(stderr, "ctr_start error: %s\n",error_to_string(my_errno));
exit(-1);
}
wlen = 0 ;
/* IV done */
do {
y = fread(inbuf,1,sizeof(inbuf),fdin);
if ((my_errno = ctr_decrypt(inbuf,plaintext,y,&ctr)) != CRYPT_OK) {
fprintf(stderr, "ctr_decrypt error: %s\n",
error_to_string(my_errno));
exit(-1);
}
if (fwrite(plaintext,1,y,fdout) != y) {
fprintf(stderr, "Error writing to file.\n");
exit(-1);
}
wlen += y ;
} while (y == sizeof(inbuf));
return wlen;
}
int main(){
char plaintext[] = "Hi I am an AES CTR test vector distributed on 4 128-bit blocks!";
unsigned char key[16] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
unsigned char iv[16] = {0x01, 0xff, 0x83, 0xf2, 0xf9, 0x98, 0xba, 0xa4, 0xda, 0xdc, 0xaa, 0xcc, 0x8e, 0x17, 0xa4, 0x1b};
symmetric_CTR ctr;
unsigned char ciphertext[sizeof(plaintext)];
unsigned char deciphertext[sizeof(plaintext)];
int err;
if (register_cipher(&aes_desc) == -1) {
printf("Error: in %s, unable to register cipher\n", __func__);
return 0;
}
printf("Plaintext: \"%s\"\n", plaintext);
printf("IV: ");
fprintBuffer_raw(stdout, (char*)iv, sizeof(iv));
printf("\nKey 128: ");
fprintBuffer_raw(stdout, (char*)key, sizeof(key));
/* ENCRYPT */
if ((err = ctr_start(find_cipher("aes"), iv, key, sizeof(key), 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
if ((err = ctr_encrypt((unsigned char*)plaintext, ciphertext, sizeof(plaintext), &ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
if ((err = ctr_done(&ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
/* DECRYPT */
if ((err = ctr_start(find_cipher("aes"), iv, key, sizeof(key), 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
if ((err = ctr_decrypt(ciphertext, deciphertext, sizeof(plaintext), &ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
if ((err = ctr_done(&ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
printf("\nCiphertext CTR: ");
fprintBuffer_raw(stdout, (char*)ciphertext, sizeof(plaintext));
if (memcmp(deciphertext, plaintext, sizeof(plaintext)) == 0){
printf("\nRecovery: OK\n");
}
else{
printf("\nRecovery: FAIL\n");
}
return 0;
}
int main(int argc, char *argv[])
{
unsigned char plaintext[512],ciphertext[512];
unsigned char tmpkey[512], key[MAXBLOCKSIZE], IV[MAXBLOCKSIZE];
unsigned char inbuf[512]; /* i/o block size */
unsigned long outlen, y, ivsize, x, decrypt;
symmetric_CTR ctr;
int cipher_idx, hash_idx, ks;
char *infile, *outfile, *cipher;
prng_state prng;
FILE *fdin, *fdout;
/* register algs, so they can be printed */
register_algs();
if (argc < 4) {
return usage(argv[0]);
}
if (!strcmp(argv[1], "-d")) {
decrypt = 1;
cipher = argv[2];
infile = argv[3];
outfile = argv[4];
} else {
decrypt = 0;
cipher = argv[1];
infile = argv[2];
outfile = argv[3];
}
/* file handles setup */
fdin = fopen(infile,"rb");
if (fdin == NULL) {
perror("Can't open input for reading");
exit(-1);
}
fdout = fopen(outfile,"wb");
if (fdout == NULL) {
perror("Can't open output for writing");
exit(-1);
}
cipher_idx = find_cipher(cipher);
if (cipher_idx == -1) {
printf("Invalid cipher entered on command line.\n");
exit(-1);
}
hash_idx = find_hash("sha256");
if (hash_idx == -1) {
printf("LTC_SHA256 not found...?\n");
exit(-1);
}
ivsize = cipher_descriptor[cipher_idx].block_length;
ks = hash_descriptor[hash_idx].hashsize;
if (cipher_descriptor[cipher_idx].keysize(&ks) != CRYPT_OK) {
printf("Invalid keysize???\n");
exit(-1);
}
printf("\nEnter key: ");
fgets((char *)tmpkey,sizeof(tmpkey), stdin);
outlen = sizeof(key);
if ((errno = hash_memory(hash_idx,tmpkey,strlen((char *)tmpkey),key,&outlen)) != CRYPT_OK) {
printf("Error hashing key: %s\n", error_to_string(errno));
exit(-1);
}
if (decrypt) {
/* Need to read in IV */
if (fread(IV,1,ivsize,fdin) != ivsize) {
printf("Error reading IV from input.\n");
exit(-1);
}
if ((errno = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
printf("ctr_start error: %s\n",error_to_string(errno));
exit(-1);
}
/* IV done */
do {
y = fread(inbuf,1,sizeof(inbuf),fdin);
if ((errno = ctr_decrypt(inbuf,plaintext,y,&ctr)) != CRYPT_OK) {
printf("ctr_decrypt error: %s\n", error_to_string(errno));
exit(-1);
}
if (fwrite(plaintext,1,y,fdout) != y) {
printf("Error writing to file.\n");
exit(-1);
}
} while (y == sizeof(inbuf));
fclose(fdin);
fclose(fdout);
} else { /* encrypt */
/* Setup yarrow for random bytes for IV */
if ((errno = rng_make_prng(128, find_prng("yarrow"), &prng, NULL)) != CRYPT_OK) {
printf("Error setting up PRNG, %s\n", error_to_string(errno));
}
/* You can use rng_get_bytes on platforms that support it */
/* x = rng_get_bytes(IV,ivsize,NULL);*/
x = yarrow_read(IV,ivsize,&prng);
if (x != ivsize) {
printf("Error reading PRNG for IV required.\n");
exit(-1);
}
if (fwrite(IV,1,ivsize,fdout) != ivsize) {
printf("Error writing IV to output.\n");
exit(-1);
}
if ((errno = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
printf("ctr_start error: %s\n",error_to_string(errno));
exit(-1);
}
do {
y = fread(inbuf,1,sizeof(inbuf),fdin);
if ((errno = ctr_encrypt(inbuf,ciphertext,y,&ctr)) != CRYPT_OK) {
printf("ctr_encrypt error: %s\n", error_to_string(errno));
exit(-1);
}
if (fwrite(ciphertext,1,y,fdout) != y) {
printf("Error writing to output.\n");
exit(-1);
}
} while (y == sizeof(inbuf));
fclose(fdout);
fclose(fdin);
}
return 0;
}
TEE_Result tee_cipher_init3(void *ctx, uint32_t algo,
TEE_OperationMode mode, const uint8_t *key1,
size_t key1_len, const uint8_t *key2,
size_t key2_len, const uint8_t *iv, size_t iv_len)
{
TEE_Result res;
int ltc_res, ltc_cipherindex;
uint8_t *real_key, key_array[24];
size_t real_key_len;
struct symmetric_CTS *cts;
res = tee_algo_to_ltc_cipherindex(algo, <c_cipherindex);
if (res != TEE_SUCCESS)
return TEE_ERROR_NOT_SUPPORTED;
switch (algo) {
case TEE_ALG_AES_ECB_NOPAD:
case TEE_ALG_DES_ECB_NOPAD:
ltc_res = ecb_start(
ltc_cipherindex, key1, key1_len,
0, (symmetric_ECB *)ctx);
break;
case TEE_ALG_DES3_ECB_NOPAD:
/* either des3 or des2, depending on the size of the key */
get_des2_key(key1, key1_len, key_array,
&real_key, &real_key_len);
ltc_res = ecb_start(
ltc_cipherindex, real_key, real_key_len,
0, (symmetric_ECB *)ctx);
break;
case TEE_ALG_AES_CBC_NOPAD:
case TEE_ALG_DES_CBC_NOPAD:
if (iv_len !=
(size_t)cipher_descriptor[ltc_cipherindex].block_length)
return TEE_ERROR_BAD_PARAMETERS;
ltc_res = cbc_start(
ltc_cipherindex, iv, key1, key1_len,
0, (symmetric_CBC *)ctx);
break;
case TEE_ALG_DES3_CBC_NOPAD:
/* either des3 or des2, depending on the size of the key */
get_des2_key(key1, key1_len, key_array,
&real_key, &real_key_len);
if (iv_len !=
(size_t)cipher_descriptor[ltc_cipherindex].block_length)
return TEE_ERROR_BAD_PARAMETERS;
ltc_res = cbc_start(
ltc_cipherindex, iv, real_key, real_key_len,
0, (symmetric_CBC *)ctx);
break;
case TEE_ALG_AES_CTR:
if (iv_len !=
(size_t)cipher_descriptor[ltc_cipherindex].block_length)
return TEE_ERROR_BAD_PARAMETERS;
ltc_res = ctr_start(
ltc_cipherindex, iv, key1, key1_len,
0, CTR_COUNTER_BIG_ENDIAN, (symmetric_CTR *)ctx);
break;
case TEE_ALG_AES_CTS:
cts = (struct symmetric_CTS *)ctx;
res = tee_cipher_init3(
(void *)(&(cts->ecb)),
TEE_ALG_AES_ECB_NOPAD, mode,
key1, key1_len, key2, key2_len, iv, iv_len);
if (res != TEE_SUCCESS)
return res;
res = tee_cipher_init3(
(void *)(&(cts->cbc)),
TEE_ALG_AES_CBC_NOPAD, mode,
key1, key1_len, key2, key2_len, iv, iv_len);
if (res != TEE_SUCCESS)
return res;
ltc_res = CRYPT_OK;
break;
case TEE_ALG_AES_XTS:
if (key1_len != key2_len)
return TEE_ERROR_BAD_PARAMETERS;
ltc_res = xts_start(
ltc_cipherindex, key1, key2, key1_len,
0, (symmetric_xts *)ctx);
break;
default:
return TEE_ERROR_NOT_SUPPORTED;
}
if (ltc_res == CRYPT_OK)
return TEE_SUCCESS;
else
return TEE_ERROR_BAD_STATE;
}
void Decrypt(PK0304 *le, char *password)
{
char *salt, *key1, *key2, *check, digest[40];
u32 key_len, dig_len = 40, start, xlen;
AE_EXTRA ae;
start = ftell(ZIN);
/* Searches for AE-1 header */
fseek(ZIN, le->NameLen, SEEK_CUR);
for(xlen=le->ExtraLen; xlen;)
{
safeRead(&ae, ZIN, 4);
xlen -= (4 + ae.Size);
if (ae.Sig == 0x9901)
{
safeRead(&ae.Version, ZIN, 7);
continue;
}
fseek(ZIN, ae.Size, SEEK_CUR);
}
if (ae.Sig != 0x9901)
Z_ERROR("Fatal! Can't find AE extra header!");
if (ae.Strength < 1 || ae.Strength > 3)
Z_ERROR("Bad encryption strength");
SaltSize = KS[ae.Strength].Salt;
KeySize = KS[ae.Strength].Key;
salt = BUF;
key1 = salt+SaltSize;
key2 = key1+KeySize;
check = key2+KeySize;
key_len = KeySize*2+2;
/* Loads salt and password check value, and regenerates original crypto material */
fseek(ZIN, start+le->NameLen+le->ExtraLen, SEEK_SET);
safeRead(salt, ZIN, SaltSize);
safeRead(check+2, ZIN, 2);
point1:
if (pkcs_5_alg2(password, strlen(password), salt, SaltSize, 1000, 0, key1, &key_len) != CRYPT_OK)
Z_ERROR("Failed to derive encryption keys");
if (memcmp(check, check+2, 2))
{
printf("\nCan't decrypt data: try another password.\nNew password: "******"\n");
goto point1;
}
if (ctr_start(0, IV, key1, KeySize, 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) != CRYPT_OK)
Z_ERROR("Failed to setup AES CTR decoder");
#ifdef GLADMAN_HMAC
hmac_sha1_begin(&hmac);
hmac_sha1_key(key2, KeySize, &hmac);
#else
if (hmac_init(&hmac, 0, key2, KeySize) != CRYPT_OK)
Z_ERROR("Failed to setup HMAC-SHA1");
#endif
/* Adjusts local header */
le->Flag ^= 1;
le->CompMethod = ae.CompMethod;
le->ExtraLen -= 11;
le->CompSize -= (SaltSize + 12);
/* Writes local header and copies extra, except 0x9901 */
safeWrite(ZOUT, le, sizeof(PK0304));
fseek(ZIN, start, SEEK_SET);
fileCopy(ZOUT, ZIN, le->NameLen);
for(xlen=le->ExtraLen+11; xlen;)
{
safeRead(&ae, ZIN, 4);
xlen -= (4 + ae.Size);
if (ae.Sig == 0x9901)
{
safeRead(&ae.Version, ZIN, 7);
continue;
}
safeWrite(ZOUT, &ae, 4);
fileCopy(ZOUT, ZIN, ae.Size);
}
fseek(ZIN, SaltSize+2, SEEK_CUR);
fileFilter(ZOUT, ZIN, le->CompSize);
#ifdef GLADMAN_HMAC
hmac_sha1_end(digest, dig_len, &hmac);
#else
if (hmac_done(&hmac, digest, &dig_len) != CRYPT_OK)
Z_ERROR("Failed to computate HMAC");
#endif
/* Retrieves and checks HMACs */
safeRead(digest+10, ZIN, 10);
if (memcmp(digest, digest+10, 10))
printf(" authentication failed, contents were lost!");
ctr_done(&ctr);
}
