void Cipher::reset() { memset(&m_ctx, 0, sizeof(m_ctx)); cipher_init_ctx(&m_ctx, m_info); if (m_iv.length()) cipher_set_iv(&m_ctx, (unsigned char *)m_iv.c_str(), m_iv.length()); }
void cipher_ctx_init (cipher_context_t *ctx, uint8_t *key, int key_len, const cipher_info_t *kt, int enc) { ASSERT(NULL != kt && NULL != ctx); CLEAR (*ctx); if (0 != cipher_init_ctx(ctx, kt)) msg (M_FATAL, "PolarSSL cipher context init #1"); if (0 != cipher_setkey(ctx, key, key_len*8, enc)) msg (M_FATAL, "PolarSSL cipher set key"); /* make sure we used a big enough key */ ASSERT (ctx->key_length <= key_len*8); }
void cipher_context_init(cipher_ctx_t *evp, int method, int enc) { if (method <= TABLE || method >= CIPHER_NUM) { LOGE("cipher_context_init(): Illegal method"); return; } const char *ciphername = supported_ciphers[method]; const cipher_kt_t *cipher = get_cipher_type(method); #if defined(USE_CRYPTO_OPENSSL) if (cipher == NULL) { LOGE("Cipher %s not found in OpenSSL library", ciphername); FATAL("Cannot initialize cipher"); } EVP_CIPHER_CTX_init(evp); if (!EVP_CipherInit_ex(evp, cipher, NULL, NULL, NULL, enc)) { LOGE("Cannot initialize cipher %s", ciphername); exit(EXIT_FAILURE); } if (!EVP_CIPHER_CTX_set_key_length(evp, enc_key_len)) { EVP_CIPHER_CTX_cleanup(evp); LOGE("Invalid key length: %d", enc_key_len); exit(EXIT_FAILURE); } if (method > RC4) { EVP_CIPHER_CTX_set_padding(evp, 1); } #elif defined(USE_CRYPTO_POLARSSL) if (cipher == NULL) { LOGE("Cipher %s not found in PolarSSL library", ciphername); FATAL("Cannot initialize PolarSSL cipher"); } if (cipher_init_ctx(evp, cipher) != 0) { FATAL("Cannot initialize PolarSSL cipher context"); } #endif }
void cipher_context_init(cipher_ctx_t *ctx, int method, int enc) { if (method <= TABLE || method >= CIPHER_NUM) { LOGE("cipher_context_init(): Illegal method"); return; } if (method >= SALSA20) { enc_iv_len = supported_ciphers_iv_size[method]; return; } const char *ciphername = supported_ciphers[method]; #if defined(USE_CRYPTO_APPLECC) cipher_cc_t *cc = &ctx->cc; cc->cryptor = NULL; cc->cipher = supported_ciphers_applecc[method]; if (cc->cipher == kCCAlgorithmInvalid) { cc->valid = kCCContextInvalid; } else { cc->valid = kCCContextValid; if (cc->cipher == kCCAlgorithmRC4) { cc->mode = kCCModeRC4; cc->padding = ccNoPadding; } else { cc->mode = kCCModeCFB; cc->padding = ccPKCS7Padding; } return; } #endif cipher_evp_t *evp = &ctx->evp; const cipher_kt_t *cipher = get_cipher_type(method); #if defined(USE_CRYPTO_OPENSSL) if (cipher == NULL) { LOGE("Cipher %s not found in OpenSSL library", ciphername); FATAL("Cannot initialize cipher"); } EVP_CIPHER_CTX_init(evp); if (!EVP_CipherInit_ex(evp, cipher, NULL, NULL, NULL, enc)) { LOGE("Cannot initialize cipher %s", ciphername); exit(EXIT_FAILURE); } if (!EVP_CIPHER_CTX_set_key_length(evp, enc_key_len)) { EVP_CIPHER_CTX_cleanup(evp); LOGE("Invalid key length: %d", enc_key_len); exit(EXIT_FAILURE); } if (method > RC4_MD5) { EVP_CIPHER_CTX_set_padding(evp, 1); } #elif defined(USE_CRYPTO_POLARSSL) if (cipher == NULL) { LOGE("Cipher %s not found in PolarSSL library", ciphername); FATAL("Cannot initialize PolarSSL cipher"); } if (cipher_init_ctx(evp, cipher) != 0) { FATAL("Cannot initialize PolarSSL cipher context"); } #elif defined(USE_CRYPTO_MBEDTLS) // XXX: mbedtls_cipher_setup future change // NOTE: Currently also clears structure. In future versions you will be required to call // mbedtls_cipher_init() on the structure first. // void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ); if (cipher == NULL) { LOGE("Cipher %s not found in mbed TLS library", ciphername); FATAL("Cannot initialize mbed TLS cipher"); } mbedtls_cipher_init(evp); if (mbedtls_cipher_setup(evp, cipher) != 0) { FATAL("Cannot initialize mbed TLS cipher context"); } #endif }
int pkcs5_pbes2( asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output ) { int ret, iterations = 0, keylen = 0; unsigned char *p, *end, *end2; asn1_buf kdf_alg_oid, enc_scheme_oid, salt; md_type_t md_type = POLARSSL_MD_SHA1; unsigned char key[32], iv[32]; size_t len = 0, olen = 0; const md_info_t *md_info; const cipher_info_t *cipher_info; md_context_t md_ctx; cipher_context_t cipher_ctx; p = pbe_params->p; end = p + pbe_params->len; /* * PBES2-params ::= SEQUENCE { * keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, * encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} * } */ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); } if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); } end2 = p + len; if( ( ret = asn1_get_tag( &p, end2, &kdf_alg_oid.len, ASN1_OID ) ) != 0 ) return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); kdf_alg_oid.p = p; p += kdf_alg_oid.len; // Only PBKDF2 supported at the moment // if( !OID_CMP( OID_PKCS5_PBKDF2, &kdf_alg_oid ) ) return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( ( ret = pkcs5_parse_pbkdf2_params( &p, end2, &salt, &iterations, &keylen, &md_type ) ) != 0 ) { return( ret ); } md_info = md_info_from_type( md_type ); if( md_info == NULL ) return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); } end2 = p + len; if( ( ret = asn1_get_tag( &p, end2, &enc_scheme_oid.len, ASN1_OID ) ) != 0 ) return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); enc_scheme_oid.p = p; p += enc_scheme_oid.len; #if defined(POLARSSL_DES_C) // Only DES-CBC and DES-EDE3-CBC supported at the moment // if( OID_CMP( OID_DES_EDE3_CBC, &enc_scheme_oid ) ) { cipher_info = cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC ); } else if( OID_CMP( OID_DES_CBC, &enc_scheme_oid ) ) { cipher_info = cipher_info_from_type( POLARSSL_CIPHER_DES_CBC ); } else #endif /* POLARSSL_DES_C */ return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( cipher_info == NULL ) return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); keylen = cipher_info->key_length / 8; if( ( ret = asn1_get_tag( &p, end2, &len, ASN1_OCTET_STRING ) ) != 0 ) return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); if( len != cipher_info->iv_size ) return( POLARSSL_ERR_PKCS5_INVALID_FORMAT ); memcpy( iv, p, len ); if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) return( ret ); if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 ) return( ret ); if ( ( ret = pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len, iterations, keylen, key ) ) != 0 ) { return( ret ); } if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 ) return( ret ); if( ( ret = cipher_reset( &cipher_ctx, iv ) ) != 0 ) return( ret ); if( ( ret = cipher_update( &cipher_ctx, data, datalen, output, &olen ) ) != 0 ) { return( ret ); } if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 ) return( POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH ); return( 0 ); }
void cipher_context_init(cipher_ctx_t *ctx, int method, int enc) { if (method <= TABLE || method >= CIPHER_NUM) { LOGE("cipher_context_init(): Illegal method"); return; } const char *ciphername = supported_ciphers[method]; #if defined(USE_CRYPTO_APPLECC) cipher_cc_t *cc = &ctx->cc; cc->cryptor = NULL; cc->cipher = supported_ciphers_applecc[method]; if (cc->cipher == kCCAlgorithmInvalid) { cc->valid = kCCContextInvalid; } else { cc->valid = kCCContextValid; if (cc->cipher == kCCAlgorithmRC4) { cc->mode = kCCModeRC4; cc->padding = ccNoPadding; } else { cc->mode = kCCModeCFB; cc->padding = ccPKCS7Padding; } return; } #endif cipher_evp_t *evp = &ctx->evp; const cipher_kt_t *cipher = get_cipher_type(method); #if defined(USE_CRYPTO_OPENSSL) if (cipher == NULL) { LOGE("Cipher %s not found in OpenSSL library", ciphername); FATAL("Cannot initialize cipher"); } EVP_CIPHER_CTX_init(evp); if (!EVP_CipherInit_ex(evp, cipher, NULL, NULL, NULL, enc)) { LOGE("Cannot initialize cipher %s", ciphername); exit(EXIT_FAILURE); } if (!EVP_CIPHER_CTX_set_key_length(evp, enc_key_len)) { EVP_CIPHER_CTX_cleanup(evp); LOGE("Invalid key length: %d", enc_key_len); exit(EXIT_FAILURE); } if (method > RC4_MD5) { EVP_CIPHER_CTX_set_padding(evp, 1); } #elif defined(USE_CRYPTO_POLARSSL) if (cipher == NULL) { LOGE("Cipher %s not found in PolarSSL library", ciphername); FATAL("Cannot initialize PolarSSL cipher"); } if (cipher_init_ctx(evp, cipher) != 0) { FATAL("Cannot initialize PolarSSL cipher context"); } #endif }