/** Decrypt a buffer.
* @param cipher cipher ID
* @param enc encrypted buffer
* @param enc_size number of bytes in @p enc
* @param plain on return contains plain text data
* @param plain_size size in bytes of @p plain
* @return number of bytes that were in the encrypted buffer (this can be shorter if the data
* did not exactly fit the AES block size.
*/
size_t
BufferDecryptor::decrypt(int cipher, const void *enc, size_t enc_size, void *plain, size_t plain_size)
{
#ifdef HAVE_LIBCRYPTO
if (keys_.find(cipher) == keys_.end()) {
generate_key(cipher);
}
const EVP_CIPHER *evp_cipher = cipher_by_id(cipher);
const size_t iv_size = EVP_CIPHER_iv_length(evp_cipher);
const unsigned char *iv = (const unsigned char *)enc;
unsigned char *enc_m = (unsigned char *)enc + iv_size;
enc_size -= iv_size;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
if ( ! EVP_DecryptInit(ctx, evp_cipher, (const unsigned char *)keys_[cipher].c_str(), iv))
{
EVP_CIPHER_CTX_free(ctx);
throw std::runtime_error("Could not initialize cipher context");
}
int outl = plain_size;
if ( ! EVP_DecryptUpdate(ctx,
(unsigned char *)plain, &outl, enc_m, enc_size))
{
EVP_CIPHER_CTX_free(ctx);
throw std::runtime_error("DecryptUpdate failed");
}
int plen = 0;
if ( ! EVP_DecryptFinal(ctx, (unsigned char *)plain + outl, &plen) ) {
EVP_CIPHER_CTX_free(ctx);
throw std::runtime_error("DecryptFinal failed");
}
outl += plen;
EVP_CIPHER_CTX_free(ctx);
return outl;
#else
throw std::runtime_error("Decryption support not available");
#endif
}
int spider_decrypt(void) {
unsigned char outbuf[LOG_MAX];
int olen,tlen,n;
char inbuff[LOG_MAX + EVP_MAX_BLOCK_LENGTH];
char baz[LOG_MAX + EVP_MAX_BLOCK_LENGTH];
EVP_CIPHER_CTX ctx;
int i;
// hmmm. how are we going to chop this back into lines and populate
// the log array?
if (logfp) {
fclose(logfp);
}
logfp = fopen(LogPath, "rb");
if (logfp == NULL) {
fprintf(stderr, "logfp: %s\n", strerror(errno));
exit(1);
}
EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit(&ctx, EVP_bf_cbc(), KEY, IV);
while ((n = fread(inbuff, 1, LOG_MAX + EVP_MAX_BLOCK_LENGTH, logfp)) > 0) {
if (EVP_DecryptUpdate(&ctx, outbuf, &olen, inbuff, n) != 1) {
return 0;
}
snprintf(baz, olen+1, "%s", outbuf);
bzero(&inbuff, LOG_MAX + EVP_MAX_BLOCK_LENGTH);
}
if ((i = EVP_DecryptFinal(&ctx, outbuf+olen, &tlen)) != 1) {
return 0;
}
bzero(baz, sizeof(baz));
snprintf(baz, tlen+1, "%s", outbuf+olen);
printf("%s", baz);
EVP_CIPHER_CTX_cleanup(&ctx);
return 1;
}
static int EVP_Update_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
EVP_CIPHER_CTX *ctx = tempargs->ctx;
int outl, count;
if (decrypt)
for (count = 0; COND(nb_iter); count++)
EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
else
for (count = 0; COND(nb_iter); count++)
EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
if (decrypt)
EVP_DecryptFinal_ex(ctx, buf, &outl);
else
EVP_EncryptFinal_ex(ctx, buf, &outl);
return count;
}
int decrypt_file(const char *path, const char *fileName, unsigned char *key) {
int outlen, inlen;
FILE *file, *temp;
file = fopen(fileName,"r+b");
if(file == NULL) {
return -2;
}
char tempName[PATH_SIZE];
cnct(path,"TemP.TemP",tempName);
temp = fopen(tempName,"wb");
unsigned char iv[8] = "DAJ-7l2"; /* вектор инициализации */
unsigned char inbuf[BUF_SIZE], outbuf[BUF_SIZE];
EVP_CIPHER_CTX ctx;
const EVP_CIPHER * cipher;
EVP_CIPHER_CTX_init(&ctx);
cipher = EVP_bf_cbc();
EVP_DecryptInit(&ctx, cipher, key, iv);
while(1) {
inlen = fread(inbuf, 1, BUF_SIZE, file);
if(inlen <= 0) break;
if(!EVP_DecryptUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
return 1;
fwrite(outbuf, 1, outlen, temp);
}
if(!EVP_DecryptFinal(&ctx, outbuf, &outlen))
return 1;
fwrite(outbuf, 1, outlen, temp);
EVP_CIPHER_CTX_cleanup(&ctx);
fclose(file);
fclose(temp);
remove(fileName);
rename(tempName,fileName);
return 0;
}
int decrypt(const char *passphrase)
{
unsigned char key[EVP_MAX_KEY_LENGTH];
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char salt[8] = {0};
unsigned char inbuf[256];
unsigned char outbuf[256 + EVP_MAX_BLOCK_LENGTH];
int nread, nwrite;
int outlen;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
genKeyIV(0, passphrase, salt, key, iv);
EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key, iv);
for (;;) {
if ((nread = read(STDIN_FILENO, inbuf, 255)) < 0) {
perror("Fail to read");
return -1;
} else if (nread == 0)
break;
if (!EVP_DecryptUpdate(&ctx, outbuf, &outlen, inbuf, nread)) {
fprintf(stderr, "Fail to EncryptUpdate!\n");
EVP_CIPHER_CTX_cleanup(&ctx);
return -1;
}
if ((nwrite = write(STDOUT_FILENO, outbuf, outlen)) < 0) {
perror("Fail to write");
return -1;
}
}
if (!EVP_DecryptFinal_ex(&ctx, outbuf, &outlen)) {
EVP_CIPHER_CTX_cleanup(&ctx);
return -1;
}
if (write(STDOUT_FILENO, outbuf, outlen) < 0) {
perror("Fail to write");
return -1;
}
EVP_CIPHER_CTX_cleanup(&ctx);
return 0;
}
int decrypt_str(unsigned char *buffer, const char *data, size_t dataLen, const char *key, size_t *outLen) {
EVP_CIPHER_CTX *ctx;
// TODO Bad
unsigned char iv[16] = {0};
int outlen1, outlen2;
if (!(ctx = EVP_CIPHER_CTX_new()))
return 0;
if (EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv) != 1)
return 2;
if (EVP_DecryptUpdate(ctx, buffer, &outlen1, data, dataLen) != 1)
return 3;
if (EVP_DecryptFinal_ex(ctx, buffer + outlen1, &outlen2) != 1)
return 4;
*outLen = outlen1 + outlen2;
return 1;
}
int decrypt(unsigned char *ciphertext,
int ciphertext_len,
unsigned char *key,
unsigned char *iv, unsigned char *plaintext)
{
EVP_CIPHER_CTX *ctx;
int len;
int plaintext_len;
/* Create and initialise the context */
if (!(ctx = EVP_CIPHER_CTX_new()))
handleErrors();
/* Initialise the decryption operation. IMPORTANT - ensure you use a key
* and IV size appropriate for your cipher
* In this example we are using 256 bit AES (i.e. a 256 bit key). The
* IV size for *most* modes is the same as the block size. For AES this
* is 128 bits */
if (1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv))
handleErrors();
/* Provide the message to be decrypted, and obtain the plaintext output.
* EVP_DecryptUpdate can be called multiple times if necessary
*/
if (1 !=EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext,ciphertext_len))
handleErrors();
plaintext_len = len;
/* Finalise the decryption. Further plaintext bytes may be written at
* this stage.
*/
if (1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len))
handleErrors();
plaintext_len += len;
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
return plaintext_len;
}
int
decrypt (int infd, int outfd)
{
unsigned char outbuf[IP_SIZE];
int olen, tlen, n;
unsigned char inbuff[OP_SIZE];
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
//EVP_CIPHER_CTX_init (ctx);
EVP_DecryptInit (ctx, EVP_bf_cbc (), key, iv);
for (;;)
{
bzero (&inbuff, OP_SIZE);
if ((n = read (infd, inbuff, OP_SIZE)) == -1)
{
perror ("read error");
break;
}
else if (n == 0)
break;
bzero (&outbuf, IP_SIZE);
if (EVP_DecryptUpdate (ctx, outbuf, &olen, inbuff, n) != 1)
{
printf ("error in decrypt update\n");
return 0;
}
if (EVP_DecryptFinal (ctx, outbuf + olen, &tlen) != 1)
{
printf ("error in decrypt final\n");
return 0;
}
olen += tlen;
if ((n = write (outfd, outbuf, olen)) == -1)
perror ("write error");
}
//EVP_CIPHER_CTX_cleanup (ctx);
return 1;
}
size32_t aesDecrypt(MemoryBuffer &out, size32_t inSz, const void *inBytes, size32_t keyLen, const char *key, const char *iv)
{
if (0 == inSz)
return 0;
OwnedEVPCipherCtx ctx(EVP_CIPHER_CTX_new());
if (!ctx)
throw makeEVPException(0, "Failed EVP_CIPHER_CTX_new");
const size32_t cipherBlockSz = 128;
// from man page - "should have sufficient room for (inl + cipher_block_size) bytes unless the cipher block size is 1 in which case inl bytes is sufficient"
size32_t outMaxSz = (cipherBlockSz==1) ? inSz : (inSz + cipherBlockSz/8);
size32_t startSz = out.length();
byte *outPtr = (byte *)out.reserveTruncate(outMaxSz);
/* Initialise the decryption operation. IMPORTANT - ensure you use a key
* and IV size appropriate for your cipher
* In this example we are using 256 bit AES (i.e. a 256 bit key). The
* IV size for *most* modes is the same as the block size. For AES this
* is 128 bits
* */
if (!iv) iv = staticAesIV;
if (1 != EVP_DecryptInit_ex(ctx, getAesCipher(keyLen), nullptr, (const unsigned char *)key, (const unsigned char *)iv))
throw makeEVPException(0, "Failed EVP_DecryptInit_ex");
/* Provide the message to be decrypted, and obtain the plaintext output.
* EVP_DecryptUpdate can be called multiple times if necessary
*/
int outSz;
if (1 != EVP_DecryptUpdate(ctx, outPtr, &outSz, (const unsigned char *)inBytes, inSz))
throw makeEVPException(0, "Failed EVP_DecryptUpdate");
int plaintext_len = outSz;
/* Finalise the decryption. Further plaintext bytes may be written at
* this stage.
*/
if (1 != EVP_DecryptFinal_ex(ctx, outPtr + outSz, &outSz))
throw makeEVPException(0, "Failed EVP_DecryptFinal_ex");
plaintext_len += outSz;
out.setLength(startSz+plaintext_len); // truncate length of 'out' to final size
return (size32_t)plaintext_len;
}
//The partner decryption function to above
unsigned char *blowfish_dec(unsigned char *key, unsigned char* data, int size)
{
unsigned char* out = malloc(size);
int outlen;
int tmplen;
unsigned char iv[] = {0}; //TODO maybe not this?
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit_ex(&ctx, EVP_bf_ecb(), NULL, key, iv);
EVP_CIPHER_CTX_set_padding(&ctx, 0);
EVP_DecryptUpdate(&ctx, out, &outlen, data, size);
if(!EVP_DecryptFinal_ex(&ctx, out + outlen, &tmplen)) {
ssl_error("Didn't do decrypt final");
}
outlen += tmplen;
EVP_CIPHER_CTX_cleanup(&ctx);
return out;
}
array::array* aes_decrypt(array::array* data, array::array* iv, array::array* key) {
byte* ivec = new byte[iv->length];
memcpy(ivec, iv->data, iv->length);
byte* outdata = new byte[data->length * 2];
int outLen1 = 0, outLen2 = 0;
EVP_CIPHER_CTX ctx;
EVP_DecryptInit(&ctx,EVP_aes_256_cbc(),key->data,ivec);
EVP_DecryptUpdate(&ctx,outdata, &outLen1, data->data, data->length);
EVP_DecryptFinal(&ctx,outdata + outLen1, &outLen2);
delete[] ivec;
array::array* lol = array::create(outLen1 + outLen2, outdata);
delete[] outdata;
return lol;
}
BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
{
BYTE* pPlainText;
int cbOut, cbFinal;
WINPR_PROTECTED_MEMORY_BLOCK* pMemBlock;
if (dwFlags != CRYPTPROTECTMEMORY_SAME_PROCESS)
return FALSE;
if (!g_ProtectedMemoryBlocks)
return FALSE;
pMemBlock = (WINPR_PROTECTED_MEMORY_BLOCK*) ListDictionary_GetItemValue(g_ProtectedMemoryBlocks, pData);
if (!pMemBlock)
return FALSE;
/* AES Decryption */
cbOut = pMemBlock->cbData + AES_BLOCK_SIZE - 1;
pPlainText = (BYTE*) malloc(cbOut);
EVP_DecryptInit_ex(&(pMemBlock->dec), NULL, NULL, NULL, NULL);
EVP_DecryptUpdate(&(pMemBlock->dec), pPlainText, &cbOut, pMemBlock->pData, pMemBlock->cbData);
EVP_DecryptFinal_ex(&(pMemBlock->dec), pPlainText + cbOut, &cbFinal);
CopyMemory(pMemBlock->pData, pPlainText, pMemBlock->cbData);
SecureZeroMemory(pPlainText, pMemBlock->cbData);
free(pPlainText);
ListDictionary_Remove(g_ProtectedMemoryBlocks, pData);
/* AES Cleanup */
EVP_CIPHER_CTX_cleanup(&(pMemBlock->enc));
EVP_CIPHER_CTX_cleanup(&(pMemBlock->dec));
free(pMemBlock);
return TRUE;
}
static char * decipher_evp (const unsigned char *key, int keylen, const unsigned char *ciphertext, int cipherlen, const EVP_CIPHER *type, int *outlen, int ivsize)
{
unsigned char *outbuf;
unsigned char *iv = NULL;
unsigned long errcode;
int outlen2;
EVP_CIPHER_CTX a;
EVP_CIPHER_CTX_init(&a);
EVP_CIPHER_CTX_set_padding(&a, 0);
if (ivsize > 0)
iv = new_malloc(ivsize);
outbuf = new_malloc(cipherlen + 1024);
if (ivsize > 0)
memcpy(iv, ciphertext, ivsize);
EVP_DecryptInit_ex(&a, type, NULL, NULL, iv);
EVP_CIPHER_CTX_set_key_length(&a, keylen);
EVP_CIPHER_CTX_set_padding(&a, 0);
EVP_DecryptInit_ex(&a, NULL, NULL, key, NULL);
if (EVP_DecryptUpdate(&a, outbuf, outlen, ciphertext, cipherlen) != 1)
yell("EVP_DecryptUpdate died.");
if (EVP_DecryptFinal_ex(&a, outbuf + (*outlen), &outlen2) != 1)
yell("EVP_DecryptFinal_Ex died.");
*outlen += outlen2;
EVP_CIPHER_CTX_cleanup(&a);
ERR_load_crypto_strings();
while ((errcode = ERR_get_error()))
{
char r[256];
ERR_error_string_n(errcode, r, 256);
yell("ERROR: %s", r);
}
if (ivsize > 0)
new_free(&iv);
return outbuf;
}
int decrypt_sym(unsigned char *ciphertext, int ciphertext_len, unsigned char *key, unsigned char *iv, unsigned char *plaintext) {
EVP_CIPHER_CTX *ctx;
int len;
int plaintext_len;
if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors();
if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) handleErrors();
if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) handleErrors();
plaintext_len = len;
if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) handleErrors();
plaintext_len += len;
EVP_CIPHER_CTX_free(ctx);
return plaintext_len;
}
/**
* AES-ECB-PKCS5Padding解密
*
* LUA示例:
* local codec = require('codec')
* local src = [[...]] --BASE64密文
* local key = [[...]] --16位数字串
* local bs = codec.base64_decode(src)
* local dst = codec.aes_decrypt(bs, key)
*/
static int codec_aes_decrypt(lua_State *L)
{
size_t len;
const char *src = luaL_checklstring(L, 1, &len);
char *key = luaL_checkstring(L, 2);
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
int ret = EVP_DecryptInit_ex(&ctx, EVP_aes_128_ecb(), NULL, (unsigned char *)key, NULL);
if(ret != 1)
{
EVP_CIPHER_CTX_cleanup(&ctx);
return luaL_error(L, "EVP decrypt init error");
}
int n, wn;
char dst[len];
memset(dst, 0, len);
ret = EVP_DecryptUpdate(&ctx, (unsigned char *)dst, &wn, (unsigned char *)src, len);
if(ret != 1)
{
EVP_CIPHER_CTX_cleanup(&ctx);
return luaL_error(L, "EVP decrypt update error");
}
n = wn;
ret = EVP_DecryptFinal_ex(&ctx, (unsigned char *)(dst + n), &wn);
if(ret != 1)
{
EVP_CIPHER_CTX_cleanup(&ctx);
return luaL_error(L, "EVP decrypt final error");
}
EVP_CIPHER_CTX_cleanup(&ctx);
n += wn;
lua_pushlstring(L, dst, n);
return 1;
}
int symmetric_decrypt(char* ciphertext, char* plaintext,char* key,int enctextsize)
{
int nc; /* amount of bytes [de]crypted at each step */
int nctot; /* total amount of encrypted bytes */
int pt_len; /* plain text size */
int ct_len; /* encrypted text size */
int ct_ptr; /* first available entry in the buffer */
int msg_len; /* message length */
int k_size;
/* Context allocation */
EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)malloc(sizeof(EVP_CIPHER_CTX));
/* Context initialization */
EVP_CIPHER_CTX_init(ctx);
/* Context setup for encryption */
EVP_DecryptInit(ctx, EVP_des_ecb(), NULL, NULL);
/* Decryption key setup */
EVP_DecryptInit(ctx, NULL, key, NULL);
/* Encryption */
nc = 0;
nctot = 0;
ct_ptr = 0;
EVP_DecryptUpdate(ctx, &plaintext[ct_ptr], &nc, ciphertext, enctextsize);
ct_ptr += nc;
nctot += nc;
EVP_DecryptFinal(ctx, &plaintext[ct_ptr], &nc);
nctot += nc;
return nctot;
}
int aes_decrypt(EVP_CIPHER_CTX *d, int in,int out)
{
int inlen=0,flen=0,outlen=0;
char inbuf[SIZE+AES_BLOCK_SIZE]; /****** CHECK ???? ****/
char outbuf[SIZE+AES_BLOCK_SIZE];
if(!EVP_DecryptInit_ex(d, NULL, NULL, NULL, NULL))
{
perror("\n Eror in DECinit:");
return 1;
}
while((inlen = read(in,inbuf,SIZE)) >0)
{
if(!EVP_DecryptUpdate(d,(unsigned char*)outbuf, &outlen,(unsigned char*)inbuf,inlen))
{
perror("\n Error,DECRYPT_UPDATE:");
return 1;
}
if((write(out,outbuf,outlen)) != outlen)
{
perror("\n ERROR,Writing dec bytes:");
return 1;
}
}
if(!EVP_DecryptFinal_ex(d,(unsigned char*)outbuf,&flen))
{
perror("\n Error,DECRYPT_FINAL:");
return 1;
}
if((write(out,outbuf,flen)) != flen)
{
perror("\n ERROR,Writng FINAL dec bytes:");
return 1;
}
return 0;
}
int Crypt::dec_data(uint8_t *cipher_text, int cipher_text_len, uint8_t *plain_text, uint64_t k_nas_enc) {
EVP_CIPHER_CTX *ctx;
int len;
int plain_text_len;
if (!(ctx = EVP_CIPHER_CTX_new())) {
handle_crypt_error();
}
if (1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) {
handle_crypt_error();
}
if (1 != EVP_DecryptUpdate(ctx, plain_text, &len, cipher_text, cipher_text_len)) {
handle_crypt_error();
}
plain_text_len = len;
if (1 != EVP_DecryptFinal_ex(ctx, plain_text + len, &len)) {
handle_crypt_error();
}
plain_text_len += len;
EVP_CIPHER_CTX_free(ctx);
return plain_text_len;
}
bool RarVolume::DecryptBuf(const uint8 in[16], uint8 out[16])
{
#ifdef HAVE_OPENSSL
uint8 outbuf[32];
int outlen = 0;
if (!EVP_DecryptUpdate((EVP_CIPHER_CTX*)m_context, outbuf, &outlen, in, 16)) return false;
memcpy(out, outbuf + outlen, 16);
debug("decrypted: %s", *Util::FormatBuffer((const char*)out, 16));
return true;
#elif defined(HAVE_NETTLE)
aes_decrypt((aes_ctx*)m_context, 16, out, in);
for (int i = 0; i < 16; i++)
{
out[i] ^= m_decryptIV[i];
}
memcpy(m_decryptIV, in, 16);
debug("decrypted: %s", *Util::FormatBuffer((const char*)out, 16));
return true;
#else
return false;
#endif
}
/**
* 功能描述:3DES解密
* @param pData:原始数据
* @param ilen: 原始数据长度
* @param ppDecryptData: 解密后数据
* @return -1: 失败, 其他: 解密数据长度
**/
int TripleDESDecrypt(const char* pData, int ilen, char** ppDecryptData)
{
/*密钥*/
unsigned char key[24] = {43,14,54,109,109,8,84,87,116,30,19,68,35,51,83,72,16,2,83,48,117,85,9,80};
/*初始化向量*/
unsigned char iv[8] = {111,121,47,42,75,34,33,124};
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
int rc = EVP_EncryptInit_ex(&ctx,EVP_des_ede3_cbc(),NULL,key,iv);
if (rc != 1)
{
EVP_CIPHER_CTX_cleanup(&ctx);
return -1;
}
int outlen = ilen + 1;
*ppDecryptData = (char*)malloc(outlen);
memset(*ppDecryptData, 0 , outlen);
rc = EVP_DecryptUpdate(&ctx, (unsigned char*)(*ppDecryptData), &outlen, (unsigned char*)pData, ilen);
if(rc != 1)
{
EVP_CIPHER_CTX_cleanup(&ctx);
free(*ppDecryptData);
return -1;
}
int outlentmp = 0;
rc = EVP_DecryptFinal_ex(&ctx, (unsigned char*)(*ppDecryptData) + outlen,&outlentmp);
if(rc != 1)
{
EVP_CIPHER_CTX_cleanup(&ctx);
free(*ppDecryptData);
return -1;
}
outlen += outlentmp;
EVP_CIPHER_CTX_cleanup(&ctx);
return outlen;
}
int
decrypt_data(const void *in, int inlen, void *out, int *outlen,
const void *iv, const void *key)
{
int len;
ERR_clear_error();
cryptutil_init();
/* In this we are using 256 bit AES (i.e. a 256 bit key). The
* IV size for *most* modes is the same as the block size. For AES this
* is 128 bits
*/
if(EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key, iv) != 1) {
log_crypt_err("Not able to initialize decrypt context for AES-256");
return 0;
}
/* Provide the cypher text to be decrypted, and obtain the plaintext output */
if(EVP_DecryptUpdate(&ctx, out, &len, in, inlen) != 1) {
log_crypt_err("Not able to decrypt using AES-256");
return 0;
}
*outlen = len;
/* Finalise the encryption. Further ciphertext bytes may be written at
* this stage.
*/
if(EVP_DecryptFinal_ex(&ctx, out + len, &len) != 1) {
log_crypt_err("Not able to finalize encryption using AES-256");
return 0;
}
*outlen += len;
return 1;
}
/**
* @brief AES256 data decryption
* @see el_aes256_create_key()
* @see el_aes256_encrypt_data()
* @param key The key generated by el_aes256_create_key()
* @param out Output buffer containing the decrypted data
* @param in Input buffer containing the encrypted data
* @param in_len The size of encrypted data buffer
* @return The size of decrypted data buffer (output) or -1 on error
*/
int el_aes256_decrypt_data(
const unsigned char *key,
unsigned char *out,
const unsigned char *in,
size_t in_len) {
EVP_CIPHER_CTX e_ctx;
unsigned char hmac[EVP_MAX_MD_SIZE];
unsigned int mdlen;
int mlen, flen;
const unsigned char *enctext = in + EVP_MAX_MD_SIZE + EVP_MAX_IV_LENGTH;
const unsigned char *iv = in + EVP_MAX_MD_SIZE;
if (!HMAC(EVP_sha256(), key, EVP_MAX_KEY_LENGTH, in + EVP_MAX_MD_SIZE, in_len - EVP_MAX_MD_SIZE, hmac, &mdlen))
return -1;
/* Switch to constant-time comparison function */
if (memcmp(in, hmac, mdlen))
return -2;
EVP_CIPHER_CTX_init(&e_ctx);
if (!EVP_DecryptInit_ex(&e_ctx, EVP_aes_256_cbc(), NULL, key, iv)) {
EVP_CIPHER_CTX_cleanup(&e_ctx);
return -3;
}
if (!EVP_DecryptUpdate(&e_ctx, out, &mlen, enctext, in_len - EVP_MAX_MD_SIZE - EVP_MAX_IV_LENGTH)) {
EVP_CIPHER_CTX_cleanup(&e_ctx);
return -4;
}
EVP_DecryptFinal_ex(&e_ctx, out + mlen, &flen);
EVP_CIPHER_CTX_cleanup(&e_ctx);
return mlen + flen;
}
static size_t decrypt_buffer(const unsigned char *buffer, size_t in_len, unsigned const char key[KDF_HASH_LEN], unsigned char **out)
{
EVP_CIPHER_CTX ctx;
unsigned char *plaintext = NULL;
int out_len;
unsigned int hmac_len;
size_t len;
unsigned char hmac[SHA256_DIGEST_LENGTH];
EVP_CIPHER_CTX_init(&ctx);
if (in_len < (SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE * 2))
goto error;
if (!HMAC(EVP_sha256(), key, KDF_HASH_LEN, (unsigned char *)(buffer + SHA256_DIGEST_LENGTH), in_len - SHA256_DIGEST_LENGTH, hmac, &hmac_len))
goto error;
if (CRYPTO_memcmp(hmac, buffer, SHA256_DIGEST_LENGTH))
goto error;
plaintext = xcalloc(in_len + AES_BLOCK_SIZE, 1);
if (!EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key, (unsigned char *)(buffer + SHA256_DIGEST_LENGTH)))
goto error;
if (!EVP_DecryptUpdate(&ctx, (unsigned char *)plaintext, &out_len, (unsigned char *)(buffer + SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE), in_len - SHA256_DIGEST_LENGTH - AES_BLOCK_SIZE))
goto error;
len = out_len;
if (!EVP_DecryptFinal_ex(&ctx, (unsigned char *)(plaintext + out_len), &out_len))
goto error;
len += out_len;
EVP_CIPHER_CTX_cleanup(&ctx);
*out = plaintext;
return len;
error:
EVP_CIPHER_CTX_cleanup(&ctx);
free(plaintext);
*out = NULL;
return 0;
}
void decrypt(FILE *ifp, FILE *ofp, unsigned char ckey[])
{
//Get file size
fseek(ifp, 0L, SEEK_END);
int fsize = ftell(ifp);
//set back to normal
fseek(ifp, 0L, SEEK_SET);
int outLen1 = 0; int outLen2 = 0;
unsigned char *indata = (unsigned char *)malloc(fsize);
unsigned char *outdata = (unsigned char *)malloc(fsize);
unsigned char ivec[] = "dontusethisinput";
//Read File
fread(indata, sizeof(char), fsize, ifp);//Read Entire File
//setup decryption
EVP_CIPHER_CTX ctx;
EVP_DecryptInit(&ctx, EVP_aes_128_cbc(), ckey, ivec);
EVP_DecryptUpdate(&ctx, outdata, &outLen1, indata, fsize);
EVP_DecryptFinal(&ctx, outdata + outLen1, &outLen2);
fwrite(outdata, sizeof(char), outLen1 + outLen2, ofp);
}
int s3fs::Crypto::decrypt_block(const unsigned char encrypted[], int inlen, unsigned char outbuf[])
{
int outlen;
int tmplen;
EVP_CIPHER_CTX_init(&ctx);
EVP_CIPHER_CTX_set_padding(&ctx, 1L);
EVP_DecryptInit_ex(&ctx, EVP_aes_256_ctr(), NULL, key, iv);
if(!EVP_DecryptUpdate(&ctx, outbuf, &outlen, encrypted, inlen))
{
cerr << "An error has occurred while decrypting the encrypted text." << endl;
EVP_CIPHER_CTX_cleanup(&ctx);
}
if(!EVP_DecryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
{
cerr << "An error has occurred while decrypting the encrypted text." << endl;
EVP_CIPHER_CTX_cleanup(&ctx);
}
outlen += tmplen;
EVP_CIPHER_CTX_cleanup(&ctx);
return outlen;
}
void decrypt(FILE *ifp, FILE *ofp, char ckey[], char ivec[])
{
fseek(ifp, 0L, SEEK_END);
int fsize = ftell(ifp);
fseek(ifp, 0L, SEEK_SET);
int outLen1 = 0; int outLen2 = 0;
unsigned char *indata = malloc(fsize);
unsigned char *outdata = malloc(fsize);
fread(indata,sizeof(char),fsize, ifp);//Read Entire File
EVP_CIPHER_CTX ctx;
EVP_DecryptInit(&ctx,EVP_aes_128_cbc(),ckey,ivec);
EVP_DecryptUpdate(&ctx,outdata,&outLen1,indata,fsize);
EVP_DecryptFinal(&ctx,outdata + outLen1,&outLen2);
fwrite(outdata,sizeof(char),outLen1 + outLen2,ofp);
}
bool OldDecrypt(const std::vector<unsigned char>& vchCiphertext, CKeyingMaterial& vchPlaintext, const unsigned char chKey[32], const unsigned char chIV[16])
{
// plaintext will always be equal to or lesser than length of ciphertext
int nLen = vchCiphertext.size();
int nPLen = nLen, nFLen = 0;
vchPlaintext = CKeyingMaterial(nPLen);
bool fOk = true;
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
assert(ctx);
if (fOk) fOk = EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0;
if (fOk) fOk = EVP_DecryptUpdate(ctx, &vchPlaintext[0], &nPLen, &vchCiphertext[0], nLen) != 0;
if (fOk) fOk = EVP_DecryptFinal_ex(ctx, (&vchPlaintext[0]) + nPLen, &nFLen) != 0;
EVP_CIPHER_CTX_free(ctx);
if (!fOk) return false;
vchPlaintext.resize(nPLen + nFLen);
return true;
}
CK_RV PKCS11_Encryption_OpenSSL::DecryptUpdate(Cryptoki_Session_Context* pSessionCtx, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
{
OPENSSL_HEADER();
OpenSSLEncryptData *pDec;
if(pSessionCtx == NULL || pSessionCtx->DecryptionCtx == NULL) return CKR_SESSION_CLOSED;
pDec = (OpenSSLEncryptData*)pSessionCtx->DecryptionCtx;
if(pDec->IsSymmetric)
{
int outLen = *pulPartLen;
OPENSSL_CHECKRESULT(EVP_DecryptUpdate((EVP_CIPHER_CTX*)pDec->Key->ctx, pPart, &outLen, pEncryptedPart, ulEncryptedPartLen));
*pulPartLen = outLen;
}
else
{
size_t outLen = *pulPartLen;
OPENSSL_CHECKRESULT(EVP_PKEY_decrypt((EVP_PKEY_CTX*)pDec->Key->ctx, pPart, &outLen, pEncryptedPart, ulEncryptedPartLen));
*pulPartLen = outLen;
}
OPENSSL_CLEANUP();
if(retVal != CKR_OK)
{
TINYCLR_SSL_FREE(pDec);
pSessionCtx->DecryptionCtx = NULL;
}
OPENSSL_RETURN();
}
void openssl_evp_symcrypt()
{
EVP_CIPHER_CTX ctx;
int i, len1 = 0, len2 = 0, len3 = 0;
unsigned char outs[MAX1_LEN], des[MAX1_LEN];
unsigned char iv[EVP_MAX_KEY_LENGTH], key[EVP_MAX_KEY_LENGTH];
unsigned char msg[MAX1_LEN] = "openssl symmetric encrypt test";
for (i = 0; i < 24; i++)
key[i] = i;
for (i = 0; i < 8; i++)
iv[i] = i;
memset(des, 0, sizeof(des));
memset(outs, 0, sizeof(outs));
OpenSSL_add_all_algorithms();
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit(&ctx, EVP_des_ede3_cbc(), key, iv);
EVP_EncryptUpdate(&ctx, outs, &len1, msg, strlen((char *)msg));
EVP_EncryptFinal(&ctx, outs + len1, &len3);
len1 = len1 + len3;
printf("\nEVP_SYNEncry (%s) = ", msg);
for (i = 0; i < len1; i++)
printf("0x%.02x ", outs[i]);
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit(&ctx, EVP_des_ede3_cbc(), key, iv);
EVP_DecryptUpdate(&ctx, des, &len2, outs, len1);
EVP_DecryptFinal(&ctx, des + len2, &len3);
len2 += len3;
printf("\nEVP_SYNDecry (");
for (i = 0; i < len1; i++)
printf("0x%.02x ", outs[i]);
printf(") = %s\n", des);
EVP_CIPHER_CTX_cleanup(&ctx);
}
// ----------------------------------------------------------------------------
NetworkString* Crypto::decryptRecieve(ENetPacket* p)
{
int clen = (int)(p->dataLength - 8);
auto ns = std::unique_ptr<NetworkString>(new NetworkString(p->data, clen));
std::array<uint8_t, 12> iv = {};
if (NetworkConfig::get()->isClient())
memcpy(iv.data() + 4, p->data, 4);
else
memcpy(iv.data(), p->data, 4);
uint8_t* packet_start = p->data + 8;
uint8_t* tag = p->data + 4;
if (EVP_DecryptInit_ex(m_decrypt, NULL, NULL, NULL, iv.data()) != 1)
{
throw std::runtime_error("Failed to set IV.");
}
if (!EVP_CIPHER_CTX_ctrl(m_decrypt, EVP_CTRL_GCM_SET_TAG, 4, tag))
{
throw std::runtime_error("Failed to set tag.");
}
int dlen;
if (EVP_DecryptUpdate(m_decrypt, ns->m_buffer.data(), &dlen,
packet_start, clen) != 1)
{
throw std::runtime_error("Failed to decrypt.");
}
if (EVP_DecryptFinal_ex(m_decrypt, unused_16_blocks.data(), &dlen) > 0)
{
assert(dlen == 0);
NetworkString* result = ns.get();
ns.release();
return result;
}
throw std::runtime_error("Failed to finalize decryption.");
} // decryptRecieve
