int rsa_encrypt (const char *const private_key_name, void *input, int ilen, void **output, int *olen) { vkprintf (3, "rsa_encrypt (private_key_name = %s, ilen = %d)\n", private_key_name, ilen); int err = 0; RSA *privKey = NULL; *output = NULL; *olen = -1; FILE *f = fopen (private_key_name, "rb"); if (f == NULL) { kprintf ("Couldn't open private key file: %s\n", private_key_name); return -1; } privKey = PEM_read_RSAPrivateKey (f, NULL, NULL, NULL); if (privKey == NULL) { kprintf ("PEM_read_RSAPrivateKey returns NULL.\n"); err = -2; goto clean; } fclose (f); f = NULL; unsigned char key[32], iv[32]; generate_aes_key (key, iv); const int rsa_size = RSA_size (privKey); *olen = 4 + rsa_size + 32 + ilen + AES_BLOCK_SIZE; unsigned char *b = *output = malloc (*olen); memcpy (b, &rsa_size, 4); if (!RSA_private_encrypt (32, key, b + 4, privKey, RSA_PKCS1_PADDING)) { kprintf ("RSA_private_encrypt fail.\n"); err = -3; goto clean; } memcpy (b + 4 + rsa_size, iv, 32); EVP_CIPHER_CTX e; EVP_CIPHER_CTX_init (&e); EVP_EncryptInit_ex (&e, EVP_aes_256_cbc(), NULL, key, iv); int c_len, f_len; EVP_EncryptUpdate (&e, b + 4 + rsa_size + 32, &c_len, input, ilen); EVP_EncryptFinal_ex (&e, b + 4 + rsa_size + 32 + c_len, &f_len); EVP_CIPHER_CTX_cleanup (&e); int r = 4 + rsa_size + 32 + c_len + f_len; vkprintf (3, "c_len = %d, f_len = %d\n", c_len, f_len); assert (r <= *olen); *olen = r; clean: if (f != NULL) { fclose (f); } if (privKey) { RSA_free (privKey); } return err; }
/** * Callback function to handle the sipc reg response. */ static gboolean sipc_reg_cb(gint sk, gpointer user_data) { gchar buf[BUF_LENGTH]; gchar *digest; gchar *nonce, *key, *aeskey; gchar *response; gint n; fetion_account *ac = (fetion_account*)user_data; if ((n = recv(sk, buf, sizeof(buf), 0)) == -1) { hybrid_account_error_reason(ac->account, _("sipc reg error.")); return FALSE; } buf[n] = '\0'; hybrid_debug_info("fetion", "recv:\n%s", buf); /* parse response, we need the key and nouce */ digest = sip_header_get_attr(buf, "W"); if (parse_sipc_reg_response(digest, &nonce, &key) != HYBRID_OK) { g_free(digest); return FALSE; } aeskey = generate_aes_key(); response = generate_response(nonce, ac->userid, ac->password, key, aeskey); /* fill verify_data for pic confirm */ strncpy(verify_data.response, response, sizeof(verify_data.response)); /* now we start to handle the pushed messages */ ac->source = hybrid_event_add(sk, HYBRID_EVENT_READ, hybrid_push_cb, ac); /* start sipc authencation action. */ sipc_aut_action(sk, ac, response); g_free(digest); g_free(nonce); g_free(key); g_free(aeskey); g_free(response); return FALSE; }
static int rsa_test() { static unsigned char encrypted_buf[130]; static unsigned char decrypted_buf[34]; static unsigned char *msg; int i=0; for(; i<3; i++) { msg = generate_aes_key(); log_debug(LOG_VERB, "i = %d", i); log_debug(LOG_VERB, "AES key : %s \n", base64_encode(msg, 32)); dyn_rsa_encrypt(msg, encrypted_buf); dyn_rsa_decrypt(encrypted_buf, decrypted_buf); log_debug(LOG_VERB, "Decrypted message : %s \n", base64_encode(decrypted_buf, 32)); } return 0; }
int main() { RSA *rsa_key = generate_rsa_keys(); unsigned char *rsa_pubkey_pem; unsigned int pub_pem_size = rsa_publickey_to_pem(rsa_key, &rsa_pubkey_pem); printf ("%s\n", rsa_pubkey_pem); unsigned char *rsa_privkey_pem; unsigned int priv_pem_size = rsa_privatekey_to_pem(rsa_key, &rsa_privkey_pem, NULL); printf ("%s\n", rsa_privkey_pem); printf ("RSA keys generated\n"); unsigned char *plaintext = (unsigned char *)"Hello World!"; unsigned int plaintext_length = 12; unsigned char *encrypted_message = (unsigned char *)malloc(kBits); printf ("beginning rsa encryption\n"); RSA *rsa_pubkey = rsa_pem_to_publickey(rsa_pubkey_pem); unsigned int encrypted_length = rsa_encrypt_message(plaintext, plaintext_length, rsa_pubkey, &encrypted_message); printf ("\'Hello World!\' encrypted is:\n"); printf ("%s\n", encrypted_message); unsigned char *decrypted_message = (unsigned char *)malloc(plaintext_length*sizeof(unsigned char)); printf ("beginning rsa decryption\n"); RSA *rsa_privkey = rsa_pem_to_privatekey(rsa_privkey_pem, rsa_key); rsa_decrypt_message(encrypted_message, encrypted_length, rsa_privkey, &decrypted_message); printf ("The decrypted message is:\n"); printf ("%s\n", decrypted_message); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); OPENSSL_config(NULL); unsigned char *aes_key = generate_aes_key(); unsigned char *aes_iv = generate_aes_iv(); printf ("AES key and iv generated\n"); unsigned char *aes_encrypted_message = (unsigned char *)malloc(plaintext_length*(unsigned char) + AES_BLOCK_SIZE); printf ("beginning aes encryption\n"); unsigned int aes_encrypted_length = aes_encrypt_message(plaintext, plaintext_length, aes_key, aes_iv, &aes_encrypted_message); printf ("\'Hello World encrypted is:\n"); printf ("%s\n", aes_encrypted_message); printf ("%u\n", aes_encrypted_length); unsigned char *aes_decrypted_message = (unsigned char *)malloc(plaintext_length*(unsigned char) + AES_BLOCK_SIZE); unsigned int aes_decrypted_length = aes_decrypt_message(aes_encrypted_message, aes_encrypted_length, aes_key, aes_iv, &aes_decrypted_message); printf ("The decrypted message is:\n"); printf ("%s\n", aes_decrypted_message); exit(EXIT_SUCCESS); }
FX_RET_CODE fx_generate_response( __in char* sz_key, __in char* sz_nonce, \ __in char* sz_user_id, __in char* sz_password, \ __out char** sz_response ) { FX_RET_CODE ret = FX_ERROR_OK; int n_ret = 0, n_user_id = 0, n_total_len = 0, n_nonce_len = strlen( sz_nonce ); byte* hex_step1 = NULL, *hex_step2 = NULL, *hex_aes_key = NULL, *hex_in = NULL; char* sz_aes_key = NULL; if ( sz_key == NULL || sz_nonce == NULL || sz_user_id == NULL || \ sz_password == NULL ) { return FX_ERROR_UNKOWN; } /* * step 1: sha1( domain:password ) */ ret = fx_ssi_get_v4digest_1( (byte*)FX_SHA1_DOMAIN, strlen( FX_SHA1_DOMAIN ), \ (byte*)sz_password, strlen( sz_password ), &hex_step1 ); if ( FX_ERROR_OK != ret ) { return ret; } /* * step 2: sha1( hex(user_id) + $(step 1) ) */ n_user_id = atoi( sz_user_id ); ret = fx_ssi_get_v4digest_1( (byte*)&n_user_id, sizeof( int ), \ hex_step1, SHA1_DIGESTSIZE, &hex_step2 ); if ( FX_ERROR_OK != ret ) { free( hex_step1 ); return ret; } free( hex_step1 ); /* * step 3: rsa( nonce + $(hex_step2) + hex(sz_ase_key) ) */ generate_aes_key( &sz_aes_key ); n_ret = hex_str_2_byte( sz_aes_key, &hex_aes_key ); if ( n_ret <= 0 ) { free( hex_step2 ); return FX_ERROR_UNKOWN; } n_total_len = n_nonce_len + SHA1_DIGESTSIZE + n_ret; hex_in = (byte*)malloc( n_total_len ); memset( hex_in, 0, n_total_len ); memcpy( hex_in, sz_nonce, n_nonce_len ); memcpy( hex_in + n_nonce_len, hex_step2, SHA1_DIGESTSIZE ); memcpy( hex_in + n_nonce_len + SHA1_DIGESTSIZE, hex_aes_key, n_ret ); n_ret = do_hash_padding( sz_key, hex_in, n_total_len, sz_response ); if ( n_ret <= 0 ) { free( hex_step2 ); return FX_ERROR_UNKOWN; } free( hex_step2 ); free( sz_aes_key ); return FX_ERROR_OK; }