/**
* A fully parametrized symmetric string encryption function
* Encrypts using the specified algorithm and CBC+PKCS7.
* Format as follows (//TODO ASN.1 Notation required):
* Base64
* {
* n bytes salt (parameter)
* 32 bytes IV
* message
* }
*/
string cryptTextUnauthenticated(string& plaintext, string& password, bool decrypt = false, string& algorithm = "Twofish", uint saltSize = 24)
{
AutoSeeded_RNG rng;
string fullAlgorithmName = algorithm + "/CBC/PKCS7";
//Generate a random salt
SecureVector<byte> salt(rng, saltSize);
//Check whether whe have to decrypt
Cipher_Dir direction = ENCRYPTION;
if(decrypt) {direction = DECRYPTION;}
SymmetricKey key = OctetString(hashRaw("SHA-256", password, salt));
InitializationVector iv(rng, 32);
Pipe encryptionPipe(new Chain(get_cipher(fullAlgorithmName, key, iv, direction)));
encryptionPipe.start_msg();
encryptionPipe.write(plaintext);
encryptionPipe.end_msg();
SecureVector<byte> encryptedData = encryptionPipe.read_all(0);
Pipe base64Pipe(new Base64_Encoder);
base64Pipe.start_msg ();
base64Pipe.write(salt);
base64Pipe.write(iv);
base64Pipe.write(encryptedData);
base64Pipe.end_msg();
return base64Pipe.read_all_as_string (0);
}
/**
* Gets the key length and IV/block length of a given key
*/
void get_key_info(int keytype, int *keylen, int *ivlen)
{
const EVP_CIPHER *cipher = get_cipher(keytype);
*keylen = EVP_CIPHER_key_length(cipher);
*ivlen = EVP_CIPHER_iv_length(cipher);
}
/**
* Takes a block of data encrypted with a symmetric cypher and decrypts it.
* The output buffer must be at least the size of source data.
*/
int decrypt_block(int keytype, const unsigned char *IV,
const unsigned char *key,
const unsigned char *src, unsigned int srclen,
unsigned char *dest, unsigned int *destlen)
{
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *cipher = get_cipher(keytype);
int len;
EVP_CIPHER_CTX_init(&ctx);
if (!EVP_DecryptInit_ex(&ctx, cipher, NULL, key, IV)) {
log_ssl_err("DecryptInit failed");
return 0;
}
if (!EVP_DecryptUpdate(&ctx, dest, &len, src, srclen)) {
log_ssl_err("DecryptUpdate failed");
return 0;
}
*destlen = len;
if (!EVP_DecryptFinal_ex(&ctx, dest + *destlen, &len)) {
log_ssl_err("DecryptFinal failed");
return 0;
}
*destlen += len;
EVP_CIPHER_CTX_cleanup(&ctx);
return 1;
}
static LUA_FUNCTION(openssl_pkcs7_encrypt)
{
PKCS7 * p7 = NULL;
BIO *in = load_bio_object(L, 1);
STACK_OF(X509) *recipcerts = openssl_sk_x509_fromtable(L, 2);
const EVP_CIPHER *cipher = get_cipher(L, 3, "des3");
long flags = luaL_optint(L, 4, 0);
if (cipher == NULL)
{
luaL_error(L, "Failed to get cipher");
}
p7 = PKCS7_encrypt(recipcerts, in, cipher, flags);
BIO_free(in);
sk_X509_pop_free(recipcerts, X509_free);
if (p7 == NULL)
{
lua_pushnil(L);
}
else
{
PUSH_OBJECT(p7, "openssl.pkcs7");
}
return 1;
}
static int pv_cipher(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
{
if (get_cipher(&res->rs, msg) < 0) {
return pv_get_null(msg, param, res);
}
res->flags = PV_VAL_STR;
return 0;
}
/**
* Returns whether a particular cipher is supported
*/
int cipher_supported(int keytype)
{
ALG_ID alg;
if ((alg = get_cipher(keytype)) == 0) {
return 0;
}
return alg_found(alg);
}
ENVELOP_API int env_unpack(IN int etype,
IN char * ebuf,IN int elen,
IN char * pbuf,IN OUT int * plen)
{
unsigned char *kbuf = NULL; //密钥
unsigned char *enc_buf = NULL;//密文
unsigned char iv[IV_SIZE]; //初始化向量
int klen = 0;
int enc_len = 0;
unsigned long tmp_len = 0;
int rlen = 0;
int ret;
if(elen > MAX_DATA_LEN )
return ERR_ENV_DATA_EXCEED;
if(*plen < elen - g_pub_key_size || elen < 1)
{
*plen = elen - g_pub_key_size;
return ERR_ENV_BUF_INVALID;
}
//打开信封,得到初始化向量,加密Key和密文
memcpy(&tmp_len,ebuf,LENGTH_BYTES);
if(tmp_len != IV_SIZE)
return ERR_ENV_ENV_INVALID;
rlen = rlen + LENGTH_BYTES;
memcpy(iv,ebuf + rlen,tmp_len);
rlen = rlen + tmp_len;
memcpy(&tmp_len,ebuf+rlen,LENGTH_BYTES);
if(tmp_len > (unsigned int)(elen - rlen))
return ERR_ENV_ENV_INVALID;
rlen = rlen + LENGTH_BYTES;
kbuf = ebuf +rlen;
klen = tmp_len;
rlen = rlen + tmp_len;
memcpy(&tmp_len,ebuf+rlen,LENGTH_BYTES);
if(tmp_len > (unsigned int)(elen - rlen))
return ERR_ENV_ENV_INVALID;
rlen = rlen + LENGTH_BYTES;
enc_buf = ebuf +rlen;
enc_len = tmp_len;
rlen = rlen + tmp_len;
if(rlen != elen)
return ERR_ENV_ENV_INVALID;
printf("do_unseal enc_len is %d,klen is %d\n",enc_len,klen);
ret = do_unseal(get_cipher(etype),
enc_buf,enc_len,
iv,
kbuf,klen,
pbuf,plen);
return ret;
}
static LUA_FUNCTION(openssl_cipher_decrypt_new)
{
const EVP_CIPHER* cipher = get_cipher(L, 1, NULL);
if (cipher)
{
size_t key_len = 0;
const char *key = luaL_optlstring(L, 2, NULL, &key_len); /* can be NULL */
size_t iv_len = 0;
const char *iv = luaL_optlstring(L, 3, NULL, &iv_len); /* can be NULL */
int pad = lua_isnoneornil(L, 4) ? 1 : lua_toboolean(L, 4);
ENGINE *e = lua_isnoneornil(L, 5) ? NULL : CHECK_OBJECT(5, ENGINE, "openssl.engine");
EVP_CIPHER_CTX *c = NULL;
char evp_key[EVP_MAX_KEY_LENGTH] = {0};
char evp_iv[EVP_MAX_IV_LENGTH] = {0};
int ret;
if (key)
{
key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH;
memcpy(evp_key, key, key_len);
}
if (iv_len > 0 && iv)
{
iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH;
memcpy(evp_iv, iv, iv_len);
}
c = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_init(c);
ret = EVP_DecryptInit_ex(c, cipher, e, key ? (const byte*)evp_key : NULL, iv_len > 0 ? (const byte*)evp_iv : NULL);
if (ret == 1)
{
ret = EVP_CIPHER_CTX_set_padding(c, pad);
if (ret == 1)
{
PUSH_OBJECT(c, "openssl.evp_cipher_ctx");
lua_pushinteger(L, DO_DECRYPT);
lua_rawsetp(L, LUA_REGISTRYINDEX, c);
return 1;
}
else
{
EVP_CIPHER_CTX_free(c);
luaL_error(L, "EVP_CipherInit_ex failed, please check openssl error");
}
}
EVP_CIPHER_CTX_free(c);
}
else
luaL_argerror(L, 1, "invalid cipher algorithm or openssl.evp_cipher object");
return 0;
}
SEXP PKI_sym_cipher(SEXP sKey, SEXP sCipher, SEXP sEncrypt) {
SEXP res;
int transient_cipher = 0;
int do_enc = (asInteger(sEncrypt) != 0) ? 1 : 0;
EVP_CIPHER_CTX *ctx = get_cipher(sKey, sCipher, do_enc, &transient_cipher);
if (!transient_cipher)
return sCipher;
res = PROTECT(R_MakeExternalPtr(ctx, R_NilValue, R_NilValue));
R_RegisterCFinalizerEx(res, PKI_free_cipher, TRUE);
setAttrib(res, install("class"), mkString("symmetric.cipher"));
UNPROTECT(1);
return res;
}
SEXP PKI_encrypt(SEXP what, SEXP sKey, SEXP sCipher) {
SEXP res;
EVP_PKEY *key;
RSA *rsa;
int len;
if (TYPEOF(what) != RAWSXP)
Rf_error("invalid payload to sign - must be a raw vector");
if (!inherits(sKey, "public.key") && !inherits(sKey, "private.key")) {
int transient_cipher = 0;
EVP_CIPHER_CTX *ctx = get_cipher(sKey, sCipher, 1, &transient_cipher);
int block_len = EVP_CIPHER_CTX_block_size(ctx);
int padding = LENGTH(what) % block_len;
/* Note: padding is always required, so if the last block is full, there
must be an extra block added at the end */
padding = block_len - padding;
/* FIXME: ctx will leak on alloc errors for transient ciphers - wrap them first */
res = allocVector(RAWSXP, len = (LENGTH(what) + padding));
if (!EVP_CipherUpdate(ctx, RAW(res), &len, RAW(what), LENGTH(what))) {
if (transient_cipher) {
EVP_CIPHER_CTX_cleanup(ctx);
free(ctx);
}
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
}
if (len < LENGTH(res))
EVP_CipherFinal(ctx, RAW(res) + len, &len);
if (transient_cipher) {
EVP_CIPHER_CTX_cleanup(ctx);
free(ctx);
}
return res;
}
key = (EVP_PKEY*) R_ExternalPtrAddr(sKey);
if (!key)
Rf_error("NULL key");
if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA)
Rf_error("Sorry only RSA keys are supported at this point");
rsa = EVP_PKEY_get1_RSA(key);
if (!rsa)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
len = RSA_public_encrypt(LENGTH(what), RAW(what), (unsigned char*) buf, rsa, RSA_PKCS1_PADDING);
if (len < 0)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
res = allocVector(RAWSXP, len);
memcpy(RAW(res), buf, len);
return res;
}
int main()
{
int shift_value, i;
char plain_text[100], cipher_text[100];
printf("Plain Text : ");
scanf("%[^\n]s", plain_text);
printf("Shift : ");
scanf("%d", &shift_value);
for(i = 0 ; plain_text[i] != '\0' ; i++)
cipher_text[i] = get_cipher(plain_text[i], shift_value);
cipher_text[i] = '\0';
printf("%s", cipher_text);
return 0;
}
static int openssl_cms_EncryptedData_encrypt(lua_State*L)
{
BIO* in = load_bio_object(L, 1);
const EVP_CIPHER* ciphers = get_cipher(L, 2, NULL);
size_t klen;
const char* key = luaL_checklstring(L, 3, &klen);
unsigned int flags = luaL_optint(L, 4, 0);
CMS_ContentInfo *cms = CMS_EncryptedData_encrypt(in, ciphers, (const unsigned char*) key, klen, flags);
if (cms)
{
PUSH_OBJECT(cms, "openssl.cms");
return 1;
}
return openssl_pushresult(L, 0);
}
/**
* Gets the key length and IV/block length of a given key
*/
void get_key_info(int keytype, int *keylen, int *ivlen)
{
ALG_ID alg;
int numkeys, i;
alg = get_cipher(keytype);
numkeys = sizeof(keyinfo) / sizeof(struct keyinfo_t);
for (i = 0; i < numkeys; i++) {
if (alg == keyinfo[i].alg) {
*keylen = keyinfo[i].keysize;
*ivlen = keyinfo[i].blocksize;
return;
}
}
log(0, 0, "Key %d not found\n", keytype);
exit(1);
}
/**
* Gets the key length and IV/block length of a given key
*/
void get_key_info(int keytype, int *keylen, int *ivlen)
{
ALG_ID alg;
int numkeys, i;
alg = get_cipher(keytype);
numkeys = sizeof(keyinfo) / sizeof(struct keyinfo_t);
for (i = 0; i < numkeys; i++) {
if (alg == keyinfo[i].alg) {
*keylen = keyinfo[i].keysize;
*ivlen = keyinfo[i].blocksize;
return;
}
}
*keylen = 0;
*ivlen = 0;
}
SEXP PKI_decrypt(SEXP what, SEXP sKey, SEXP sCipher) {
SEXP res;
EVP_PKEY *key;
RSA *rsa;
int len;
if (TYPEOF(what) != RAWSXP)
Rf_error("invalid payload to sign - must be a raw vector");
PKI_init();
if (!inherits(sKey, "private.key")) {
int transient_cipher = 0, fin = 0;
EVP_CIPHER_CTX *ctx = get_cipher(sKey, sCipher, 0, &transient_cipher);
/* FIXME: ctx will leak on alloc errors for transient ciphers - wrap them first */
res = allocVector(RAWSXP, len = LENGTH(what));
if (!EVP_CipherUpdate(ctx, RAW(res), &len, RAW(what), LENGTH(what))) {
if (transient_cipher) {
EVP_CIPHER_CTX_cleanup(ctx);
free(ctx);
}
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
}
if (EVP_CipherFinal(ctx, RAW(res) + len, &fin))
len += fin;
if (len < LENGTH(res))
SETLENGTH(res, len);
if (transient_cipher) {
EVP_CIPHER_CTX_cleanup(ctx);
free(ctx);
}
return res;
}
key = (EVP_PKEY*) R_ExternalPtrAddr(sKey);
if (!key)
Rf_error("NULL key");
if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA)
Rf_error("Sorry only RSA keys are supported at this point");
rsa = EVP_PKEY_get1_RSA(key);
if (!rsa)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
len = RSA_private_decrypt(LENGTH(what), RAW(what), (unsigned char*) buf, rsa, RSA_PKCS1_PADDING);
if (len < 0)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
res = allocVector(RAWSXP, len);
memcpy(RAW(res), buf, len);
return res;
}
static LUA_FUNCTION(openssl_cipher_get)
{
if (!lua_isuserdata(L, 1))
{
const EVP_CIPHER* cipher = get_cipher(L, 1, NULL);
if (cipher)
PUSH_OBJECT((void*)cipher, "openssl.evp_cipher");
else
lua_pushnil(L);
}
else
{
luaL_argcheck(L, auxiliar_isclass(L, "openssl.evp_cipher", 1), 1, "only accept openssl.evp_cipher object");
lua_pushvalue(L, 1);
}
return 1;
}
static LUA_FUNCTION(openssl_cipher_new)
{
const EVP_CIPHER* cipher = get_cipher(L, 1, NULL);
if (cipher)
{
int enc = lua_toboolean(L, 2);
size_t key_len = 0;
const char *key = luaL_checklstring(L, 3, &key_len);
size_t iv_len = 0;
const char *iv = luaL_optlstring(L, 4, NULL, &iv_len);
int pad = lua_isnoneornil(L, 5) ? 1 : lua_toboolean(L, 5);
ENGINE *e = lua_isnoneornil(L, 6) ? NULL : CHECK_OBJECT(6, ENGINE, "openssl.engine");
EVP_CIPHER_CTX *c = NULL;
char evp_key[EVP_MAX_KEY_LENGTH] = {0};
char evp_iv[EVP_MAX_IV_LENGTH] = {0};
if (key)
{
key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH;
memcpy(evp_key, key, key_len);
}
if (iv_len > 0 && iv)
{
iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH;
memcpy(evp_iv, iv, iv_len);
}
c = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_init(c);
if (!EVP_CipherInit_ex(c, cipher, e, key ? (const byte*)evp_key : NULL, iv_len > 0 ? (const byte*)evp_iv : NULL, enc))
{
EVP_CIPHER_CTX_set_padding(c, pad);
luaL_error(L, "EVP_CipherInit_ex failed, please check openssl error");
}
PUSH_OBJECT(c, "openssl.evp_cipher_ctx");
lua_pushinteger(L, DO_CIPHER);
lua_rawsetp(L, LUA_REGISTRYINDEX, c);
}
else
luaL_error(L, "argument #1 is not a valid cipher algorithm or openssl.evp_cipher object");
return 1;
}
U8_EXPORT ssize_t u8_cryptic
(int do_encrypt,const char *cname,
const unsigned char *key,int keylen,
const unsigned char *iv,int ivlen,
u8_block_reader reader,u8_block_writer writer,
void *readstate,void *writestate,
u8_context caller)
{
if (strncasecmp(cname,"rsa",3)==0) {
u8_seterr(_("RSA support NYI"),"u8_cryptic/CommonCrypto",u8_strdup(cname));
return -1;}
else {
CCCryptorRef ctx;
CCOptions options=0;
ssize_t inlen, outlen, totalin=0, totalout=0, retval=0;
unsigned char inbuf[1024], outbuf[1024];
struct U8_CCCIPHER *cipher=get_cipher(cname);
if (cipher) {
size_t blocksize=cipher->cc_blocksize;
ssize_t needivlen=cipher->cc_ivlen;
if (!((keylen<=cipher->cc_keymax)&&(keylen>=cipher->cc_keymin)))
return u8_reterr(u8_BadCryptoKey,
((caller)?(caller):((u8_context)"u8_cryptic")),
u8_mkstring("%d!=[%d,%d](%s)",keylen,
cipher->cc_keymin,cipher->cc_keymax,
cname));
if ((needivlen)&&(ivlen!=needivlen))
return u8_reterr(u8_BadCryptoIV,
((caller)?(caller):(COMMONCRYPTO_CRYPTIC)),
u8_mkstring("%d!=%d(%s)",ivlen,needivlen,cname));
if (needivlen==0) iv=NULL;
memset(&ctx,0,sizeof(ctx));
CCCryptorStatus status=CCCryptorCreate
(((do_encrypt)? (kCCEncrypt) : (kCCDecrypt)),
cipher->cc_algorithm,cipher->cc_opts,key,keylen,iv,&ctx);
u8_log(CRYPTO_LOGLEVEL,COMMONCRYPTO_CRYPTIC,
" %s cipher=%s, keylen=%d/[%d,%d], ivlen=%d, blocksize=%d\n",
((do_encrypt)?("encrypt"):("decrypt")),
cname,keylen,cipher->cc_keymin,cipher->cc_keymax,
ivlen,blocksize);
while (1) {
inlen = reader(inbuf,blocksize,readstate);
if (inlen <= 0) {
u8_log(CRYPTO_LOGLEVEL,COMMONCRYPTO_CRYPTIC,
"Finished %s(%s) with %ld in, %ld out",
((do_encrypt)?("encrypt"):("decrypt")),cname,
totalin,totalout);
break;}
if ((status=CCCryptorUpdate(ctx,inbuf,inlen,outbuf,1024,&outlen))
!=kCCSuccess) {
CCCryptorRelease(ctx);
return u8_reterr(u8_InternalCryptoError,
((caller)?(caller):((u8_context)"u8_cryptic")),
NULL);}
else {
u8_log(CRYPTO_LOGLEVEL,COMMONCRYPTO_CRYPTIC,
"%s(%s) consumed %d/%ld bytes, emitted %d/%ld bytes"
" in=<%v>\n out=<%v>",
((do_encrypt)?("encrypt"):("decrypt")),cname,
inlen,totalin,outlen,totalout+outlen,
inbuf,inlen,outbuf,outlen);
writer(outbuf,outlen,writestate);
totalout=totalout+outlen;}}
if ((status=CCCryptorFinal(ctx,outbuf,1024,&outlen))!=kCCSuccess) {
CCCryptorRelease(ctx);
return u8_reterr(u8_InternalCryptoError,
((caller)?(caller):((u8_context)"u8_cryptic")),
NULL);}
else {
writer(outbuf,outlen,writestate);
u8_log(CRYPTO_LOGLEVEL,COMMONCRYPTO_CRYPTIC,
"%s(%s) done after consuming %ld/%ld bytes, emitting %ld/%ld bytes"
"\n final out=<%v>",
((do_encrypt)?("encrypt"):("decrypt")),cname,
inlen,totalin,outlen,totalout+outlen,
outbuf,outlen);
CCCryptorRelease(ctx);
totalout=totalout+outlen;
return totalout;}}
else return u8_reterr("Unknown cipher",
((caller)?(caller):((u8_context)"u8_cryptic")),
u8_strdup(cname));
}
}
/**
* Takes a block of data encrypted with a symmetric cypher and decrypts it.
* The output buffer must be at least the size of source data.
*/
int decrypt_block(int keytype, const unsigned char *IV,
const unsigned char *key,
const unsigned char *src, unsigned int srclen,
unsigned char *dest, unsigned int *destlen)
{
// TODO: right now we reimport the key each time. Test to see if this
// is quick enough or if we need to cache an imported key.
HCRYPTKEY hckey;
char keyblob[BLOBLEN];
BLOBHEADER *bheader;
DWORD *keysize;
BYTE *keydata;
int bloblen, keylen, ivlen, rval;
ALG_ID alg;
DWORD mode, _destlen;
get_key_info(keytype, &keylen, &ivlen);
alg = get_cipher(keytype);
bheader = (BLOBHEADER *)keyblob;
keysize = (DWORD *)(keyblob + sizeof(BLOBHEADER));
keydata = (BYTE *)((char *)keysize + sizeof(DWORD));
memset(keyblob, 0, sizeof(keyblob));
bheader->bType = PLAINTEXTKEYBLOB;
bheader->bVersion = CUR_BLOB_VERSION;
bheader->aiKeyAlg = alg;
*keysize = keylen;
memcpy(keydata, key, keylen);
bloblen = sizeof(BLOBHEADER) + sizeof(DWORD) + keylen;
if (!CryptImportKey(base_prov, keyblob, bloblen, 0, 0, &hckey)) {
mserror("CryptImportKey failed");
return 0;
}
mode = CRYPT_MODE_CBC;
if (!CryptSetKeyParam(hckey, KP_MODE, (BYTE *)&mode, 0)) {
mserror("CryptSetKeyParam failed on KP_MODE");
rval = 0;
goto end;
}
if (!CryptSetKeyParam(hckey, KP_IV, IV, 0)) {
mserror("CryptSetKeyParam failed on KP_IV");
rval = 0;
goto end;
}
memcpy(dest, src, srclen);
_destlen = srclen;
if (!CryptDecrypt(hckey, 0, 1, 0, dest, &_destlen)) {
mserror("CryptDecrypt failed");
rval = 0;
goto end;
}
*destlen = _destlen;
rval = 1;
end:
if (!CryptDestroyKey(hckey)) {
mserror("CryptDestroyKey failed");
}
return rval;
}
ENVELOP_API int env_pack(
IN int etype,
IN char * pbuf,IN int plen,
IN char * ebuf,IN OUT int * elen)
{
unsigned char *kbuf = NULL; //密钥
unsigned char *enc_buf = NULL;//密文
unsigned char iv[IV_SIZE]; //初始化向量
int klen = 0;
int enc_len = 0;
unsigned long tmp_len = 0;
int rlen = 0;
int ret;
if(plen > MAX_DATA_LEN)
return ERR_ENV_DATA_EXCEED;
if(*elen < ENV_BUFFER_MIN(plen))
{
*elen = ENV_BUFFER_MIN(plen);
return ERR_ENV_BUF_INVALID;
}
do
{
kbuf = malloc(g_pub_key_size);
enc_buf = malloc(plen + 8);
if(kbuf == NULL)
return ERR_ENV_MEMORY;
if(enc_buf == NULL)
return ERR_ENV_MEMORY;
ret = do_seal(get_cipher(etype),pbuf,plen,enc_buf,&enc_len,iv,kbuf,&klen);
if(ret != 0)
break;
//组装信封
memset(ebuf,0x0,*elen);
tmp_len = sizeof(iv);
memcpy(ebuf,&tmp_len,LENGTH_BYTES);
rlen = rlen + LENGTH_BYTES;
memcpy(ebuf + rlen,iv,tmp_len);
rlen = rlen + tmp_len;
tmp_len = klen;
memcpy(ebuf + rlen,&tmp_len,LENGTH_BYTES);
rlen = rlen + LENGTH_BYTES;
memcpy(ebuf + rlen,kbuf,tmp_len);
rlen = rlen + tmp_len;
tmp_len = enc_len;
memcpy(ebuf + rlen,&tmp_len,LENGTH_BYTES);
rlen = rlen + LENGTH_BYTES;
memcpy(ebuf + rlen,enc_buf,tmp_len);
rlen = rlen + tmp_len;
*elen = rlen;
}while(0);
if(kbuf != NULL)
free(kbuf);
if(enc_buf != NULL)
free(enc_buf);
return ret;
}
bool
list_interface(const char* name)
{
printf("%s", name);
size_t length = strlen(name);
if (length < 8)
putchar('\t');
else
printf("\n\t");
// get link level interface for this interface
BNetworkInterface interface(name);
if (!interface.Exists()) {
printf("Interface not found!\n");
return false;
}
BNetworkAddress linkAddress;
status_t status = interface.GetHardwareAddress(linkAddress);
if (status == B_OK) {
const char *type = "unknown";
switch (linkAddress.LinkLevelType()) {
case IFT_ETHER:
type = "Ethernet";
break;
case IFT_LOOP:
type = "Local Loopback";
break;
case IFT_MODEM:
type = "Modem";
break;
}
BString address = linkAddress.ToString();
if (address.Length() == 0)
address = "none";
printf("Hardware type: %s, Address: %s\n", type, address.String());
} else
printf("No link level: %s\n", strerror(status));
int media = interface.Media();
if ((media & IFM_ACTIVE) != 0) {
// dump media state in case we're linked
const char* type = "unknown";
bool show = false;
for (int32 i = 0; kMediaTypes[i].type >= 0; i++) {
// loopback don't really have a media anyway
if (IFM_TYPE(media) == 0/*IFT_LOOP*/)
break;
// only check for generic or correct subtypes
if (kMediaTypes[i].type
&& kMediaTypes[i].type != IFM_TYPE(media))
continue;
for (int32 j = 0; kMediaTypes[i].subtypes[j].subtype >= 0; j++) {
if (kMediaTypes[i].subtypes[j].subtype == IFM_SUBTYPE(media)) {
// found a match
type = kMediaTypes[i].subtypes[j].pretty;
show = true;
break;
}
}
}
if (show)
printf("\tMedia type: %s\n", type);
}
// Print associated wireless network(s)
BNetworkDevice device(name);
if (device.IsWireless()) {
wireless_network network;
bool first = true;
uint32 cookie = 0;
while (device.GetNextAssociatedNetwork(cookie, network) == B_OK) {
if (first) {
printf("\tNetwork: ");
first = false;
} else
printf("\t\t");
printf("%s, Address: %s, %s", network.name,
network.address.ToString().String(),
get_authentication_mode(network.authentication_mode,
network.flags));
const char* keyMode = get_key_mode(network.key_mode);
if (keyMode != NULL)
printf(", %s/%s", keyMode, get_cipher(network.cipher));
putchar('\n');
}
}
uint32 flags = interface.Flags();
list_interface_addresses(interface, flags);
// Print MTU, metric, flags
printf("\tMTU: %" B_PRId32 ", Metric: %" B_PRId32, interface.MTU(),
interface.Metric());
if (flags != 0) {
const struct {
int value;
const char *name;
} kFlags[] = {
{IFF_UP, "up"},
{IFF_NOARP, "noarp"},
{IFF_BROADCAST, "broadcast"},
{IFF_LOOPBACK, "loopback"},
{IFF_PROMISC, "promiscuous"},
{IFF_ALLMULTI, "allmulti"},
{IFF_AUTOUP, "autoup"},
{IFF_LINK, "link"},
{IFF_AUTO_CONFIGURED, "auto-configured"},
{IFF_CONFIGURING, "configuring"},
};
bool first = true;
for (uint32 i = 0; i < sizeof(kFlags) / sizeof(kFlags[0]); i++) {
if ((flags & kFlags[i].value) != 0) {
if (first) {
printf(",");
first = false;
}
putchar(' ');
printf(kFlags[i].name);
}
}
}
putchar('\n');
// Print statistics
ifreq_stats stats;
if (interface.GetStats(stats) == B_OK) {
printf("\tReceive: %d packets, %d errors, %Ld bytes, %d mcasts, %d "
"dropped\n", stats.receive.packets, stats.receive.errors,
stats.receive.bytes, stats.receive.multicast_packets,
stats.receive.dropped);
printf("\tTransmit: %d packets, %d errors, %Ld bytes, %d mcasts, %d "
"dropped\n", stats.send.packets, stats.send.errors,
stats.send.bytes, stats.send.multicast_packets, stats.send.dropped);
printf("\tCollisions: %d\n", stats.collisions);
}
putchar('\n');
return true;
}
static LUA_FUNCTION(openssl_bio_new_filter)
{
/* 0 1 2 3 4 5 */
static const char* sType[] = {"base64", "buffer", "cipher", "md", "ssl", NULL};
int type = luaL_checkoption(L, 1, NULL, sType);
BIO* bio = NULL;
int ret = 1;
int closeflag = 0;
switch (type)
{
case 0:
bio = BIO_new(BIO_f_base64());
break;
case 1:
bio = BIO_new(BIO_f_buffer());
break;
case 2:
{
const EVP_CIPHER* c = get_cipher(L, 2, NULL);
size_t kl, il;
const char* k = luaL_checklstring(L, 3, &kl);
const char* v = luaL_checklstring(L, 4, &il);
int encrypt = auxiliar_checkboolean(L, 5);
bio = BIO_new(BIO_f_cipher());
BIO_set_cipher(bio, c, (const unsigned char*)k, (const unsigned char*)v, encrypt);
}
break;
case 3:
{
const EVP_MD* md = get_digest(L, 2);
bio = BIO_new(BIO_f_md());
ret = BIO_set_md(bio, md);
}
case 4:
{
SSL* ssl = CHECK_OBJECT(2, SSL, "openssl.ssl");
closeflag = luaL_checkoption(L, 3, "noclose", close_flags);
bio = BIO_new(BIO_f_ssl());
ret = BIO_set_ssl(bio, ssl, closeflag);
}
break;
default:
ret = 0;
}
if (ret == 1 && bio)
{
PUSH_OBJECT(bio, "openssl.bio");
if (closeflag)
{
openssl_newvalue(L, bio);
lua_pushboolean(L, 1);
openssl_setvalue(L, bio, "free_all");
}
return 1;
}
else
{
if (bio)
BIO_free(bio);
return openssl_pushresult(L, ret);
}
return 0;
}
bool BotanWrapper::EncryptFile(QString Source, QString Destination)
{
QFileInfo name = Source;
QString base = name.baseName();
QString encrypted1 = eoutput + base + ".gg";
QString encrypted2 = toutput + base + ".twofish";
QFile e(encrypted1);
QFile t(encrypted2);
try
{
//Setup the key derive functions
PKCS5_PBKDF2 pbkdf2(new HMAC(new Keccak_1600));
const u32bit PBKDF2_ITERATIONS = 700000;
qDebug() << "create keys";
//Create the KEY and IV
KDF* kdf = get_kdf("KDF2(SHA-512)");
AutoSeeded_RNG rng;
qDebug() << "create salt";
SecureVector<byte> salt(256);
rng.randomize(&salt[0], salt.size());
mSalt = salt;
qDebug() << "create master key";
//Create the master key
SecureVector<byte> mMaster = pbkdf2.derive_key(128, mPassword.toStdString(), &mSalt[0], mSalt.size(),PBKDF2_ITERATIONS).bits_of();
SymmetricKey mKey = kdf->derive_key(32, mMaster, "salt1");
InitializationVector mIV = kdf->derive_key(16, mMaster, "salt2");
qDebug() << "start encryption";
string inFilename = Source.toStdString();
string outFilename = encrypted1.toStdString();
std::ifstream inFile(inFilename.c_str());
std::ofstream outFile(outFilename.c_str());
Pipe pipe(get_cipher("AES-256/EAX", mKey, mIV,ENCRYPTION),new DataSink_Stream(outFile));
outFile.write((const char*)mSalt.begin(), mSalt.size());
pipe.start_msg();
inFile >> pipe;
pipe.end_msg();
outFile.flush();
outFile.close();
inFile.close();
QMessageBox msgBox;
/*****************TWOFISH ENCRYPTION********************/
qDebug() << "Twofish";
//Setup the key derive functions
PKCS5_PBKDF2 pbkdf3(new HMAC(new Skein_512));
//Create the KEY and IV
KDF* kdf2 = get_kdf("KDF2(Whirlpool)");
SecureVector<byte> salt2(256);
rng.randomize(&salt2[0], salt2.size());
mSalt2 = salt2;
//Create the master key
SecureVector<byte> mMaster2 = pbkdf3.derive_key(128, mPassword2.toStdString(), &mSalt2[0], mSalt2.size(),PBKDF2_ITERATIONS).bits_of();
SymmetricKey mKey2 = kdf2->derive_key(32, mMaster2, "salt1");
InitializationVector mIV2 = kdf2->derive_key(16, mMaster2, "salt2");
string inFilename2 = encrypted1.toStdString();
string outFilename2 = encrypted2.toStdString();
std::ifstream inFile2(inFilename2.c_str());
std::ofstream outFile2(outFilename2.c_str());
Pipe pipe2(get_cipher("Twofish/CFB", mKey2, mIV2,ENCRYPTION),new DataSink_Stream(outFile2));
outFile2.write((const char*)mSalt2.begin(), mSalt2.size());
pipe2.start_msg();
inFile2 >> pipe2;
pipe2.end_msg();
outFile2.flush();
outFile2.close();
inFile2.close();
/**************************SERPENT ENCRYPTION*****************/
//Create the KEY and IV
KDF* kdf3 = get_kdf("KDF2(Tiger)");
SecureVector<byte> salt3(256);
rng.randomize(&salt3[0], salt3.size());
mSalt3 = salt3;
//Create the master key
SecureVector<byte> mMaster3 = pbkdf2.derive_key(128, mPassword3.toStdString(), &mSalt3[0], mSalt3.size(),PBKDF2_ITERATIONS).bits_of();
SymmetricKey mKey3 = kdf3->derive_key(32, mMaster3, "salt1");
InitializationVector mIV3 = kdf3->derive_key(16, mMaster3, "salt2");
string inFilename3 = encrypted2.toStdString();
string outFilename3 = Destination.toStdString();
std::ifstream inFile3(inFilename3.c_str());
std::ofstream outFile3(outFilename3.c_str());
qDebug() << "serpent";
Pipe pipe3(get_cipher("Serpent/CBC/PKCS7", mKey3, mIV3,ENCRYPTION),new DataSink_Stream(outFile3));
outFile3.write((const char*)mSalt3.begin(), mSalt3.size());
pipe3.start_msg();
inFile3 >> pipe3;
pipe3.end_msg();
outFile3.flush();
outFile3.close();
inFile3.close();
msgBox.setText("Success!");
msgBox.setInformativeText("File successfully encrypted!");
msgBox.setStandardButtons(QMessageBox::Ok);
msgBox.setDefaultButton(QMessageBox::Ok);
msgBox.exec();
e.remove(); t.remove();
return true;
}
catch(...)
{
return false;
}
}
bool BotanWrapper::DecryptFile(QString Source, QString Destination)
{
//qDebug() << "\n\n";
QFileInfo name = Source;
//qDebug() << Source;
QString base = name.baseName();
//qDebug() << base;
QString encrypted3 = soutput + base + ".serpentdecrypted";
//qDebug() << soutput;
QString encrypted4 = tfoutput + base + ".twofishdecrypted";
//qDebug() << toutput;
try
{
//Setup the key derive functions
PKCS5_PBKDF2 pbkdf2(new HMAC(new Keccak_1600));
const u32bit PBKDF2_ITERATIONS = 700000;
string inFilename3 = Source.toStdString();
string outFilename3 = encrypted3.toStdString();
std::ifstream in3(inFilename3.c_str(),std::ios::binary);
std::ofstream out3(outFilename3.c_str(),std::ios::binary);
char* salt3 = new char[256];
in3.read(salt3 , 256 );
qDebug() << "create salt";
SecureVector<byte> salts3((const byte*)salt3, 256 ) ;
mSalt3 = salts3;
//Create the KEY and IV
KDF* kdf3 = get_kdf("KDF2(Tiger)");
qDebug() << "create master key";
//Create the master key
SecureVector<byte> mMaster3 = pbkdf2.derive_key(128, mPassword3.toStdString(), &mSalt3[0], mSalt3.size(),PBKDF2_ITERATIONS).bits_of();
SymmetricKey mKey3 = kdf3->derive_key(32, mMaster3, "salt1");
InitializationVector mIV3 = kdf3->derive_key(16, mMaster3, "salt2");
qDebug() << "begin serpent decrypt";
Pipe pipe3(get_cipher("Serpent/CBC/PKCS7", mKey3, mIV3,DECRYPTION),new DataSink_Stream(out3));
pipe3.start_msg();
in3 >> pipe3;
pipe3.end_msg();
out3.flush();
out3.close();
in3.close();
/*************************TWOFISH DECRYPTION*************************/
PKCS5_PBKDF2 pbkdf3(new HMAC(new Skein_512));
string inFilename2 = encrypted3.toStdString();
string outFilename2 = encrypted4.toStdString();
std::ifstream in2(inFilename2.c_str(),std::ios::binary);
std::ofstream out2(outFilename2.c_str(),std::ios::binary);
char* salt2 = new char[256];
in2.read(salt2 , 256 );
SecureVector<byte> salts2((const byte*)salt2, 256 ) ;
mSalt2 = salts2;
//Create the KEY and IV
KDF* kdf2 = get_kdf("KDF2(Whirlpool)");
//Create the master key
SecureVector<byte> mMaster2 = pbkdf3.derive_key(128, mPassword2.toStdString(), &mSalt2[0], mSalt2.size(),PBKDF2_ITERATIONS).bits_of();
SymmetricKey mKey2 = kdf2->derive_key(32, mMaster2, "salt1");
InitializationVector mIV2 = kdf2->derive_key(16, mMaster2, "salt2");
qDebug() << "twofish";
Pipe pipe2(get_cipher("Twofish/CFB", mKey2, mIV2,DECRYPTION),new DataSink_Stream(out2));
pipe2.start_msg();
in2 >> pipe2;
pipe2.end_msg();
out2.flush();
out2.close();
in2.close();
/************AES DECRYPTION*************************/
string inFilename = encrypted4.toStdString();
string outFilename = Destination.toStdString();
std::ifstream in(inFilename.c_str(),std::ios::binary);
std::ofstream out(outFilename.c_str(),std::ios::binary);
char* salt = new char[256];
in.read(salt , 256 );
SecureVector<byte> salts((const byte*)salt, 256 ) ;
mSalt = salts;
//Create the KEY and IV
KDF* kdf = get_kdf("KDF2(SHA-512)");
//Create the master key
SecureVector<byte> mMaster = pbkdf2.derive_key(128, mPassword.toStdString(), &mSalt[0], mSalt.size(),PBKDF2_ITERATIONS).bits_of();
SymmetricKey mKey = kdf->derive_key(32, mMaster, "salt1");
InitializationVector mIV = kdf->derive_key(16, mMaster, "salt2");
qDebug() << "AES";
Pipe pipe(get_cipher("AES-256/EAX", mKey, mIV,DECRYPTION),new DataSink_Stream(out));
pipe.start_msg();
in >> pipe;
pipe.end_msg();
out.flush();
out.close();
in.close();
QMessageBox msgBox;
msgBox.setText("Success!");
msgBox.setInformativeText("File successfully decrypted!");
msgBox.setStandardButtons(QMessageBox::Ok);
msgBox.setDefaultButton(QMessageBox::Ok);
msgBox.exec();
QFile s(encrypted3), t(encrypted4);
s.remove(); t.remove();
return true;
}
catch(...)
{
return false;
}
}
static int openssl_cms_encrypt(lua_State *L)
{
STACK_OF(X509)* encerts = CHECK_OBJECT(1, STACK_OF(X509), "openssl.stack_of_x509");
BIO* in = load_bio_object(L, 2);
const EVP_CIPHER* ciphers = get_cipher(L, 3, NULL);
unsigned int flags = luaL_optint(L, 4, 0);
int ret = 0;
CMS_ContentInfo *cms = CMS_encrypt(encerts, in, ciphers, flags);
CMS_RecipientInfo *recipient;
if (cms)
{
if (lua_istable(L, 5))
{
lua_getfield(L, 5, "key");
lua_getfield(L, 5, "keyid");
if (lua_isstring(L, -1) && lua_isstring(L, -2))
{
size_t keylen, keyidlen;
unsigned char* key = (unsigned char*)luaL_checklstring(L, -2, &keylen);
unsigned char* keyid = (unsigned char*) luaL_checklstring(L, -1, &keyidlen);
key = memdup((const char*) key, keylen);
keyid = (unsigned char*) memdup((const char*)keyid, keyidlen);
recipient = CMS_add0_recipient_key(cms, NID_undef,
key, keylen,
keyid, keyidlen,
NULL, NULL, NULL);
if (!recipient)
ret = 0;
}
else if (!lua_isnil(L, -1) || !lua_isnil(L, -2))
{
luaL_argerror(L, 5, "key and keyid field must be string");
} else
ret = 1;
lua_pop(L, 2);
if (ret)
{
lua_getfield(L, 5, "password");
if (lua_isstring(L, -1))
{
unsigned char*passwd = (unsigned char*)lua_tostring(L, -1);
recipient = CMS_add0_recipient_password(cms,
-1, NID_undef, NID_undef,
passwd, -1, NULL);
if (!recipient)
ret = 0;
}
else if (!lua_isnil(L, -1))
{
luaL_argerror(L, 5, "password field must be string");
}
lua_pop(L, 1);
}
}
if (ret)
{
if (flags & CMS_STREAM)
ret = CMS_final(cms, in, NULL, flags);
}
}
if (ret)
{
PUSH_OBJECT(cms, "openssl.cms");
return 1;
}
return openssl_pushresult(L, ret);
}
static LUA_FUNCTION(openssl_evp_encrypt)
{
const EVP_CIPHER* cipher = NULL;
if (lua_istable(L, 1))
{
if (lua_getmetatable(L, 1) && lua_equal(L, 1, -1))
{
lua_pop(L, 1);
lua_remove(L, 1);
}
else
luaL_error(L, "call function with invalid state");
}
cipher = get_cipher(L, 1, NULL);
if (cipher)
{
size_t input_len = 0;
const char *input = luaL_checklstring(L, 2, &input_len);
size_t key_len = 0;
const char *key = luaL_optlstring(L, 3, NULL, &key_len); /* can be NULL */
size_t iv_len = 0;
const char *iv = luaL_optlstring(L, 4, NULL, &iv_len); /* can be NULL */
int pad = lua_isnoneornil(L, 5) ? 1 : lua_toboolean(L, 5);
ENGINE *e = lua_isnoneornil(L, 6) ? NULL : CHECK_OBJECT(6, ENGINE, "openssl.engine");
EVP_CIPHER_CTX *c = EVP_CIPHER_CTX_new();
int output_len = 0;
int len = 0;
char *buffer = NULL;
char evp_key[EVP_MAX_KEY_LENGTH] = {0};
char evp_iv[EVP_MAX_IV_LENGTH] = {0};
int ret = 0;
if (key)
{
key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH;
memcpy(evp_key, key, key_len);
}
if (iv_len > 0 && iv)
{
iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH;
memcpy(evp_iv, iv, iv_len);
}
EVP_CIPHER_CTX_init(c);
ret = EVP_EncryptInit_ex(c, cipher, e, (const byte*)evp_key, iv_len > 0 ? (const byte*)evp_iv : NULL);
if (ret == 1)
{
ret = EVP_CIPHER_CTX_set_padding(c, pad);
if (ret == 1)
{
buffer = OPENSSL_malloc(input_len + EVP_CIPHER_CTX_block_size(c));
ret = EVP_EncryptUpdate(c, (byte*) buffer, &len, (const byte*)input, input_len);
if ( ret == 1 )
{
output_len += len;
ret = EVP_EncryptFinal(c, (byte*)buffer + len, &len);
if (ret == 1)
{
output_len += len;
lua_pushlstring(L, buffer, output_len);
}
}
OPENSSL_free(buffer);
}
}
EVP_CIPHER_CTX_cleanup(c);
EVP_CIPHER_CTX_free(c);
return (ret == 1) ? ret : openssl_pushresult(L, ret);
}
else
luaL_error(L, "argument #1 is not a valid cipher algorithm or openssl.evp_cipher object");
return 0;
}
static int sel_cipher(str* res, select_t* s, sip_msg_t* msg)
{
return get_cipher(res, msg);
}
/**
* Returns whether a particular cipher is supported
*/
int cipher_supported(int keytype)
{
return (get_cipher(keytype) != NULL);
}
