void encrypt_buf(struct encryption_ctx *ctx, unsigned char *buf, size_t *len) { if (ctx->cipher == CIPHER_TABLE) { table_encrypt(buf, *len); } else { if (ctx->status == STATUS_EMPTY) { size_t iv_len = encryption_iv_len[_method]; memset(ctx->iv, 0, iv_len); RAND_bytes(ctx->iv, iv_len); init_cipher(ctx, ctx->iv, iv_len, 1); size_t out_len = *len + ctx->iv_len; unsigned char *cipher_text = malloc(out_len); cipher_update(ctx, cipher_text, &out_len, buf, *len); memcpy(buf, ctx->iv, iv_len); memcpy(buf + iv_len, cipher_text, out_len); *len = iv_len + out_len; free(cipher_text); } else { size_t out_len = *len + ctx->iv_len; unsigned char *cipher_text = malloc(out_len); cipher_update(ctx, cipher_text, &out_len, buf, *len); memcpy(buf, cipher_text, out_len); *len = out_len; free(cipher_text); } } }
static int cipher_context_update(cipher_ctx_t *ctx, uint8_t *output, size_t *olen, const uint8_t *input, size_t ilen) { #ifdef USE_CRYPTO_APPLECC cipher_cc_t *cc = &ctx->cc; if (cc->valid == kCCContextValid) { CCCryptorStatus ret; ret = CCCryptorUpdate(cc->cryptor, input, ilen, output, ilen, olen); return (ret == kCCSuccess) ? 1 : 0; } #endif cipher_evp_t *evp = &ctx->evp; #if defined(USE_CRYPTO_OPENSSL) int err = 0, tlen = *olen; err = EVP_CipherUpdate(evp, (uint8_t *)output, &tlen, (const uint8_t *)input, ilen); *olen = tlen; return err; #elif defined(USE_CRYPTO_POLARSSL) return !cipher_update(evp, (const uint8_t *)input, ilen, (uint8_t *)output, olen); #elif defined(USE_CRYPTO_MBEDTLS) return !mbedtls_cipher_update(evp, (const uint8_t *)input, ilen, (uint8_t *)output, olen); #endif }
int cipher_context_update(cipher_ctx_t *evp, uint8_t *output, int *olen, \ const uint8_t *input, int ilen) { #if defined(USE_CRYPTO_OPENSSL) return EVP_CipherUpdate(evp, (uint8_t *) output, (size_t *) olen, \ (const uint8_t *) input, (size_t) ilen); #elif defined(USE_CRYPTO_POLARSSL) return !cipher_update(evp, (const uint8_t *) input, (size_t) ilen, \ (uint8_t *) output, (size_t *) olen); #endif }
int cipher_ctx_update (cipher_context_t *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len) { int retval = 0; size_t s_dst_len = *dst_len; retval = cipher_update(ctx, src, (size_t)src_len, dst, &s_dst_len); *dst_len = s_dst_len; return 0 == retval; }
int cipher_ctx_update (cipher_context_t *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len) { size_t s_dst_len = *dst_len; if (!polar_ok(cipher_update(ctx, src, (size_t)src_len, dst, &s_dst_len))) return 0; *dst_len = s_dst_len; return 1; }
result_t Cipher::process(const operation_t operation, Buffer_base *data, obj_ptr<Buffer_base> &retVal) { int ret; ret = cipher_setkey(&m_ctx, (unsigned char *)m_key.c_str(), (int)m_key.length() * 8, operation); if (ret != 0) return _ssl::setError(ret); ret = cipher_reset(&m_ctx); if (ret != 0) return _ssl::setError(ret); std::string input; std::string output; unsigned char buffer[1024]; size_t olen, ilen, offset, block_size, data_size; data->toString(input); block_size = cipher_get_block_size(&m_ctx); data_size = input.length(); for (offset = 0; offset < data_size; offset += block_size) { ilen = ((unsigned int)data_size - offset > block_size) ? block_size : (unsigned int)(data_size - offset); ret = cipher_update(&m_ctx, (unsigned char *)input.c_str() + offset, ilen, buffer, &olen); if (ret != 0) { reset(); return _ssl::setError(ret); } output.append((const char *)buffer, olen); } ret = cipher_finish(&m_ctx, buffer, &olen); reset(); if (ret != 0) return _ssl::setError(ret); output.append((const char *)buffer, olen); retVal = new Buffer(output); return 0; }
static int cipher_context_update(cipher_ctx_t *ctx, uint8_t *output, int *olen, const uint8_t *input, int ilen) { #ifdef USE_CRYPTO_APPLECC cipher_cc_t *cc = &ctx->cc; if (cc->valid == kCCContextValid) { CCCryptorStatus ret; ret = CCCryptorUpdate(cc->cryptor, input, ilen, output, ilen + BLOCK_SIZE, (size_t *) olen); return (ret == kCCSuccess) ? 1 : 0; } #endif cipher_evp_t *evp = &ctx->evp; #if defined(USE_CRYPTO_OPENSSL) return EVP_CipherUpdate(evp, (uint8_t *) output, olen, (const uint8_t *) input, (size_t) ilen); #elif defined(USE_CRYPTO_POLARSSL) return !cipher_update(evp, (const uint8_t *) input, (size_t) ilen, (uint8_t *) output, (size_t *) olen); #endif }
/* * Packet-oriented wrapper for non-AEAD modes */ int cipher_crypt( cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ) { int ret; size_t finish_olen; if( ( ret = cipher_set_iv( ctx, iv, iv_len ) ) != 0 ) return( ret ); if( ( ret = cipher_reset( ctx ) ) != 0 ) return( ret ); if( ( ret = cipher_update( ctx, input, ilen, output, olen ) ) != 0 ) return( ret ); if( ( ret = cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 ) return( ret ); *olen += finish_olen; return( 0 ); }
struct ibuf * ikev2_msg_decrypt(struct iked *env, struct iked_sa *sa, struct ibuf *msg, struct ibuf *src) { ssize_t ivlen, encrlen, integrlen, blocklen, outlen, tmplen; uint8_t pad = 0, *ptr; struct ibuf *integr, *encr, *tmp = NULL, *out = NULL; off_t ivoff, encroff, integroff; if (sa == NULL || sa->sa_encr == NULL || sa->sa_integr == NULL) { log_debug("%s: invalid SA", __func__); print_hex(ibuf_data(src), 0, ibuf_size(src)); goto done; } if (!sa->sa_hdr.sh_initiator) { encr = sa->sa_key_iencr; integr = sa->sa_key_iauth; } else { encr = sa->sa_key_rencr; integr = sa->sa_key_rauth; } blocklen = cipher_length(sa->sa_encr); ivlen = cipher_ivlength(sa->sa_encr); ivoff = 0; integrlen = hash_length(sa->sa_integr); integroff = ibuf_size(src) - integrlen; encroff = ivlen; encrlen = ibuf_size(src) - integrlen - ivlen; if (encrlen < 0 || integroff < 0) { log_debug("%s: invalid integrity value", __func__); goto done; } log_debug("%s: IV length %zd", __func__, ivlen); print_hex(ibuf_data(src), 0, ivlen); log_debug("%s: encrypted payload length %zd", __func__, encrlen); print_hex(ibuf_data(src), encroff, encrlen); log_debug("%s: integrity checksum length %zd", __func__, integrlen); print_hex(ibuf_data(src), integroff, integrlen); /* * Validate packet checksum */ if ((tmp = ibuf_new(NULL, ibuf_length(integr))) == NULL) goto done; hash_setkey(sa->sa_integr, integr->buf, ibuf_length(integr)); hash_init(sa->sa_integr); hash_update(sa->sa_integr, ibuf_data(msg), ibuf_size(msg) - integrlen); hash_final(sa->sa_integr, tmp->buf, &tmplen); if (memcmp(tmp->buf, ibuf_data(src) + integroff, integrlen) != 0) { log_debug("%s: integrity check failed", __func__); goto done; } log_debug("%s: integrity check succeeded", __func__); print_hex(tmp->buf, 0, tmplen); ibuf_release(tmp); tmp = NULL; /* * Decrypt the payload and strip any padding */ if ((encrlen % blocklen) != 0) { log_debug("%s: unaligned encrypted payload", __func__); goto done; } cipher_setkey(sa->sa_encr, encr->buf, ibuf_length(encr)); cipher_setiv(sa->sa_encr, ibuf_data(src) + ivoff, ivlen); cipher_init_decrypt(sa->sa_encr); if ((out = ibuf_new(NULL, cipher_outlength(sa->sa_encr, encrlen))) == NULL) goto done; if ((outlen = ibuf_length(out)) != 0) { cipher_update(sa->sa_encr, ibuf_data(src) + encroff, encrlen, ibuf_data(out), &outlen); ptr = ibuf_seek(out, outlen - 1, 1); pad = *ptr; } log_debug("%s: decrypted payload length %zd/%zd padding %d", __func__, outlen, encrlen, pad); print_hex(ibuf_data(out), 0, ibuf_size(out)); if (ibuf_setsize(out, outlen) != 0) goto done; ibuf_release(src); return (out); done: ibuf_release(tmp); ibuf_release(out); ibuf_release(src); return (NULL); }
struct ibuf * ikev2_msg_encrypt(struct iked *env, struct iked_sa *sa, struct ibuf *src) { size_t len, encrlen, integrlen, blocklen, outlen; uint8_t *buf, pad = 0, *ptr; struct ibuf *encr, *dst = NULL, *out = NULL; buf = ibuf_data(src); len = ibuf_size(src); log_debug("%s: decrypted length %zu", __func__, len); print_hex(buf, 0, len); if (sa == NULL || sa->sa_encr == NULL || sa->sa_integr == NULL) { log_debug("%s: invalid SA", __func__); goto done; } if (sa->sa_hdr.sh_initiator) encr = sa->sa_key_iencr; else encr = sa->sa_key_rencr; blocklen = cipher_length(sa->sa_encr); integrlen = hash_length(sa->sa_integr); encrlen = roundup(len + sizeof(pad), blocklen); pad = encrlen - (len + sizeof(pad)); /* * Pad the payload and encrypt it */ if (pad) { if ((ptr = ibuf_advance(src, pad)) == NULL) goto done; arc4random_buf(ptr, pad); } if (ibuf_add(src, &pad, sizeof(pad)) != 0) goto done; log_debug("%s: padded length %zu", __func__, ibuf_size(src)); print_hex(ibuf_data(src), 0, ibuf_size(src)); cipher_setkey(sa->sa_encr, encr->buf, ibuf_length(encr)); cipher_setiv(sa->sa_encr, NULL, 0); cipher_init_encrypt(sa->sa_encr); if ((dst = ibuf_dup(sa->sa_encr->encr_iv)) == NULL) goto done; if ((out = ibuf_new(NULL, cipher_outlength(sa->sa_encr, encrlen))) == NULL) goto done; outlen = ibuf_size(out); cipher_update(sa->sa_encr, ibuf_data(src), encrlen, ibuf_data(out), &outlen); if (outlen && ibuf_add(dst, ibuf_data(out), outlen) != 0) goto done; if ((ptr = ibuf_advance(dst, integrlen)) == NULL) goto done; explicit_bzero(ptr, integrlen); log_debug("%s: length %zu, padding %d, output length %zu", __func__, len + sizeof(pad), pad, ibuf_size(dst)); print_hex(ibuf_data(dst), 0, ibuf_size(dst)); ibuf_release(src); ibuf_release(out); return (dst); done: ibuf_release(src); ibuf_release(out); ibuf_release(dst); return (NULL); }
int pkcs5_pbes2( asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output ) { int ret, iterations = 0, keylen = 0; unsigned char *p, *end, *end2; asn1_buf kdf_alg_oid, enc_scheme_oid, salt; md_type_t md_type = POLARSSL_MD_SHA1; unsigned char key[32], iv[32]; size_t len = 0, olen = 0; const md_info_t *md_info; const cipher_info_t *cipher_info; md_context_t md_ctx; cipher_context_t cipher_ctx; p = pbe_params->p; end = p + pbe_params->len; /* * PBES2-params ::= SEQUENCE { * keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, * encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} * } */ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); } if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); } end2 = p + len; if( ( ret = asn1_get_tag( &p, end2, &kdf_alg_oid.len, ASN1_OID ) ) != 0 ) return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); kdf_alg_oid.p = p; p += kdf_alg_oid.len; // Only PBKDF2 supported at the moment // if( !OID_CMP( OID_PKCS5_PBKDF2, &kdf_alg_oid ) ) return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( ( ret = pkcs5_parse_pbkdf2_params( &p, end2, &salt, &iterations, &keylen, &md_type ) ) != 0 ) { return( ret ); } md_info = md_info_from_type( md_type ); if( md_info == NULL ) return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); } end2 = p + len; if( ( ret = asn1_get_tag( &p, end2, &enc_scheme_oid.len, ASN1_OID ) ) != 0 ) return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); enc_scheme_oid.p = p; p += enc_scheme_oid.len; #if defined(POLARSSL_DES_C) // Only DES-CBC and DES-EDE3-CBC supported at the moment // if( OID_CMP( OID_DES_EDE3_CBC, &enc_scheme_oid ) ) { cipher_info = cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC ); } else if( OID_CMP( OID_DES_CBC, &enc_scheme_oid ) ) { cipher_info = cipher_info_from_type( POLARSSL_CIPHER_DES_CBC ); } else #endif /* POLARSSL_DES_C */ return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( cipher_info == NULL ) return( POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE ); keylen = cipher_info->key_length / 8; if( ( ret = asn1_get_tag( &p, end2, &len, ASN1_OCTET_STRING ) ) != 0 ) return( POLARSSL_ERR_PKCS5_INVALID_FORMAT + ret ); if( len != cipher_info->iv_size ) return( POLARSSL_ERR_PKCS5_INVALID_FORMAT ); memcpy( iv, p, len ); if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) return( ret ); if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 ) return( ret ); if ( ( ret = pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len, iterations, keylen, key ) ) != 0 ) { return( ret ); } if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 ) return( ret ); if( ( ret = cipher_reset( &cipher_ctx, iv ) ) != 0 ) return( ret ); if( ( ret = cipher_update( &cipher_ctx, data, datalen, output, &olen ) ) != 0 ) { return( ret ); } if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 ) return( POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH ); return( 0 ); }