Пример #1
0
main() {

  MCRYPT td;
  int i;
  char *key;
  char password[20];
  char block_buffer;
  char *IV;
  int keysize=19; /* 128 bits */

  key=calloc(1, keysize);
  strcpy(password, "A_large_key");

/* Generate the key using the password */
/*  mhash_keygen( KEYGEN_MCRYPT, MHASH_MD5, key, keysize, NULL, 0, password, strlen(password));
 */
  memmove( key, password, strlen(password));

  td = mcrypt_module_open("twofish", NULL, "cfb", NULL);
  if (td==MCRYPT_FAILED) {
     return 1;
  }
  IV = malloc(mcrypt_enc_get_iv_size(td));

/* Put random data in IV. Note these are not real random data, 
 * consider using /dev/random or /dev/urandom.
 */

  /*  srand(time(0)); */
  for (i=0; i< mcrypt_enc_get_iv_size( td); i++) {
    IV[i]=rand();
  }

  i=mcrypt_generic_init( td, key, keysize, IV);
  if (i<0) {
     mcrypt_perror(i);
     return 1;
  }

  /* Encryption in CFB is performed in bytes */
  while ( fread (&block_buffer, 1, 1, stdin) == 1 ) {
      mcrypt_generic (td, &block_buffer, 1);

/* Comment above and uncomment this to decrypt */
/*    mdecrypt_generic (td, &block_buffer, 1);  */

      fwrite ( &block_buffer, 1, 1, stdout);
  }
  mcrypt_generic_deinit(td);

  mcrypt_module_close(td);

  return 0;

}
Пример #2
0
int64_t HHVM_FUNCTION(mcrypt_generic_init, const Resource& td,
                                           const String& key,
                                           const String& iv) {
  auto pm = cast<MCrypt>(td);
  int max_key_size = mcrypt_enc_get_key_size(pm->m_td);
  int iv_size = mcrypt_enc_get_iv_size(pm->m_td);

  if (key.empty()) {
    raise_warning("Key size is 0");
  }

  unsigned char *key_s = (unsigned char *)malloc(key.size());
  memset(key_s, 0, key.size());

  unsigned char *iv_s = (unsigned char *)malloc(iv_size + 1);
  memset(iv_s, 0, iv_size + 1);

  int key_size;
  if (key.size() > max_key_size) {
    raise_warning("Key size too large; supplied length: %d, max: %d",
                    key.size(), max_key_size);
    key_size = max_key_size;
  } else {
    key_size = key.size();
  }
  memcpy(key_s, key.data(), key.size());

  if (iv.size() != iv_size) {
    raise_warning("Iv size incorrect; supplied length: %d, needed: %d",
                    iv.size(), iv_size);
  }
  memcpy(iv_s, iv.data(), std::min(iv_size, iv.size()));

  mcrypt_generic_deinit(pm->m_td);
  int result = mcrypt_generic_init(pm->m_td, key_s, key_size, iv_s);

  /* If this function fails, close the mcrypt module to prevent crashes
   * when further functions want to access this resource */
  if (result < 0) {
    pm->close();
    switch (result) {
    case -3:
      raise_warning("Key length incorrect");
      break;
    case -4:
      raise_warning("Memory allocation error");
      break;
    case -1:
    default:
      raise_warning("Unknown error");
      break;
    }
  } else {
    pm->m_init = true;
  }

  free(iv_s);
  free(key_s);
  return result;
}
Пример #3
0
void setup_encryption() {
	td = mcrypt_module_open("twofish", NULL, "cfb", NULL);
	if (td == MCRYPT_FAILED) error_exit("mcrypt failed", errno);

	key_fd = open(enckeyf, O_RDONLY);
	if (key_fd <= -1) error_exit("unable to open key file", errno);

	enckey = malloc(key_len);
	if (enckey == NULL) error_exit("failed to allocate memory for key", errno);

	int iv_size = mcrypt_enc_get_iv_size(td);
	IV = malloc(iv_size);
	if (IV == NULL) error_exit("failed to allocate memory for IV", errno);

	memset(enckey, 0, key_len);
	int numread = read(key_fd, enckey, key_len);
	if (numread != key_len) error_exit("failed to read key", errno);

	int c = close(key_fd);
	if (c <= -1) error_exit("failed to close key file", errno);

	int i = 0;
	while (i < iv_size) {
		IV[i] = 0;
		i++;
	}

	if (mcrypt_generic_init(td, enckey, key_len, IV) <= -1) error_exit("failed to start encryption process", errno);

	free(enckey);
	free(IV);
}
Пример #4
0
static unsigned
cipher_iv_size(PX_Cipher * c)
{
	MCRYPT		ctx = (MCRYPT) c->ptr;

	return mcrypt_enc_mode_has_iv(ctx)
		? mcrypt_enc_get_iv_size(ctx) : 0;
}
Пример #5
0
main() {

  MCRYPT td;
  int i;
  char *key; /* created using mcrypt_gen_key */
  char *block_buffer;
  char *IV;
  int blocksize;
  int keysize = 24; /* 192 bits == 24 bytes */


  key = calloc(1, keysize);
  strcpy(key, "A_large_and_random_key"); 

  td = mcrypt_module_open("saferplus", NULL, "cbc", NULL);

  blocksize = mcrypt_enc_get_block_size(td);
  block_buffer = malloc(blocksize);
/* but unfortunately this does not fill all the key so the rest bytes are
 * padded with zeros. Try to use large keys or convert them with mcrypt_gen_key().
 */

  IV=malloc(mcrypt_enc_get_iv_size(td));

/* Put random data in IV. Note these are not real random data, 
 * consider using /dev/random or /dev/urandom.
 */

/* srand(time(0)); */
  for (i=0; i < mcrypt_enc_get_iv_size(td); i++) {
    IV[i]=rand();
  }

  mcrypt_generic_init ( td key, keysize, IV);

  /* Encryption in CBC is performed in blocks */
  while ( fread (block_buffer, 1, blocksize, stdin) == blocksize ) {
      mcrypt_generic (td, block_buffer, blocksize);
/*      mdecrypt_generic (td, block_buffer, blocksize); */
      fwrite ( block_buffer, 1, blocksize, stdout);
  }
  mcrypt_generic_end (td);

  return 0;

}
Пример #6
0
void init_mcrypt() {

  // Open encryption module
  if((td = mcrypt_module_open("twofish", NULL, "cfb", NULL)) == MCRYPT_FAILED) {
    fprintf(stderr, "Error: could not open mcrypt library.\n");
    exit(RC=EXIT_FAILURE);
  }

  // Open file containing key for reading
  if((key_fd = open("my.key", O_RDONLY)) == ERROR) {
    fprintf(stderr, "Error: could not open my.key.\n");
    exit(RC=EXIT_FAILURE);
  }

  // Allocate space for key
  if((key = calloc(1, KEY_SIZE)) == NULL) {
    fprintf(stderr, "Error: could not calloc() for key.\n");
    exit(RC=EXIT_FAILURE);
  }

  // Read in key
  if(read(key_fd, key, KEY_SIZE) != KEY_SIZE) {
    fprintf(stderr, "Error: could not read from my.key into key.\n");
    exit(RC=EXIT_FAILURE);
  }

  // Close file
  if(close(key_fd) == ERROR) {
    fprintf(stderr, "Error: could not close my.key.\n");
    exit(RC=EXIT_FAILURE);
  }

  /*---- Create actual key --------------*/
  IV = malloc(mcrypt_enc_get_iv_size(td));

  int i;
  for(i = 0; i < mcrypt_enc_get_iv_size(td); i++)
    IV[i] = rand(); // Used the same seed to produce the same outputs for testing purposes
  
  if(mcrypt_generic_init(td, key, KEY_SIZE, IV) < 0) {
    fprintf(stderr, "Error: could not mcrypt_generic_init.\n");
    exit(RC=EXIT_FAILURE);
  }
}
Пример #7
0
int main() 
{
	MCRYPT m;
	if ((m = mcrypt_module_open("rijndael-128", NULL, "cbc", NULL)) == MCRYPT_FAILED) { printf("MCRYPT failed\n"); return 0; }
	
	int key_len = strlen(vector) - mcrypt_enc_get_iv_size(m);
	unsigned char* key = malloc(key_len);
	unsigned char* iv = malloc(mcrypt_enc_get_iv_size(m));

	memcpy(key, &vector, key_len);
	memcpy(iv, &vector[key_len], mcrypt_enc_get_iv_size(m));
	
	if (mcrypt_generic_init(m, key, strlen(key), iv) < 0) { printf("init failed\n"); return 0; }
	if (mdecrypt_generic(m, code, strlen(code))) { printf("decrypt failed\n"); return 0; }
	if (mcrypt_generic_deinit(m) < 0) { printf("deinit failed\n"); return 0; }
	mcrypt_module_close(m);

	printf ("[*] Vector: ");
	for (int i = 0; i < strlen(vector); i++) { 
		printf("%02x", vector[i] & 0xff); 
	}
	printf ("\n[*] Vector Length: %d\n", strlen(vector));
	printf ("[*] Key: ");
	for (int i = 0; i < strlen(key); i++) { 
		printf("%02x", key[i] & 0xff); 
	}
	printf ("\n[*] Key Length: %d\n", key_len);
	printf ("[*] IV: ");
	for (int i = 0; i < strlen(iv); i++) { 
		printf("%02x", iv[i] & 0xff); 
	}
	printf ("\n[*] IV Length: %d\n", strlen(iv));
	printf("\n[+] Shellcode: \n\n");
	for (int i = 0; i < strlen(code); i++) { 
		printf("\\x%x", code[i] & 0xff); 
	}
	printf("\n");

	int (*ret)() = (int(*)())code;
	ret();
	return 0;
}
Пример #8
0
Variant f_mcrypt_get_iv_size(CStrRef cipher, CStrRef mode) {
  MCRYPT td = mcrypt_module_open((char*)cipher.data(),
                                 (char*)MCG(algorithms_dir).data(),
                                 (char*)mode.data(),
                                 (char*)MCG(modes_dir).data());
  if (td == MCRYPT_FAILED) {
    raise_warning(MCRYPT_OPEN_MODULE_FAILED);
    return false;
  }

  int64_t ret = mcrypt_enc_get_iv_size(td);
  mcrypt_module_close(td);
  return ret;
}
Пример #9
0
Variant HHVM_FUNCTION(mcrypt_get_iv_size, const String& cipher,
                                          const String& mode) {
  MCRYPT td = mcrypt_module_open((char*)cipher.data(),
                                 (char*)MCG(algorithms_dir).data(),
                                 (char*)mode.data(),
                                 (char*)MCG(modes_dir).data());
  if (td == MCRYPT_FAILED) {
    MCRYPT_OPEN_MODULE_FAILED("mcrypt_get_iv_size");
    return false;
  }

  int64_t ret = mcrypt_enc_get_iv_size(td);
  mcrypt_module_close(td);
  return ret;
}
Пример #10
0
Aes256::Aes256(BinData key):
  key_( std::move(key) ),
  iv_( generateRandomData( ivSize() ) ),
  td_(MCRYPT_RIJNDAEL_256, MCRYPT_CFB)
{
  if( key_.size()!=iv_.size() )
    throw std::runtime_error("key and IV size differ");

  assert( static_cast<size_t>(mcrypt_enc_get_key_size(td_.get()))==keySize() );
  assert( static_cast<size_t>(mcrypt_enc_get_iv_size(td_.get())) ==ivSize()  );

  int ret;
  if( (ret = mcrypt_generic_init(td_.get(), key_.data(), key_.size(), iv_.data())) < 0 )
    throw std::runtime_error( (Util::ErrStrm{}<<"mcrypt_generic_init(): "<<mcrypt_strerror(ret)).str().c_str() );
}
Пример #11
0
void dump_testcase_keysize(MCRYPT td, int key_size) {
    unsigned char *key, *iv = NULL;
    int iv_size, block_size;
    int mc_ret;
    padding_t padding;

    key = gen_rand_data(key_size);

    iv_size = mcrypt_enc_get_iv_size(td);
    if (iv_size != 0) {
        iv = gen_rand_data(iv_size);
    }

    /*
     * Generate a test case for these plaintext sizes:
     *
     *  * empty:              test behavior of padding on empty blocks
     *  * 5-byte:             odd, and smaller than any block size
     *  * block_size - 1:     edge case
     *  * block_size:         generally guaranteed to work
     *  * block_size * 2 - 1: multiblock edge case
     *  * block_size * 3:     more multiblock
     */
    block_size = mcrypt_enc_get_block_size(td);

    padding = mcrypt_enc_is_block_mode(td) ? PADDING_PKCS7 : PADDING_NONE;

    for (; padding <= PADDING_ZEROS; padding++) {
        dump_testcase_block(td, key, key_size, iv, iv_size, 0, padding);
        dump_testcase_block(td, key, key_size, iv, iv_size, 5, padding);
        dump_testcase_block(td, key, key_size, iv, iv_size, block_size - 1,
                            padding);
        dump_testcase_block(td, key, key_size, iv, iv_size, block_size,
                            padding);
        dump_testcase_block(td, key, key_size, iv, iv_size,
                            block_size * 2 - 1, padding);
        dump_testcase_block(td, key, key_size, iv, iv_size, block_size * 3,
                            padding);
    }

    free(key);
    if (iv) free(iv);

    return;
}
Пример #12
0
static Variant php_mcrypt_do_crypt(CStrRef cipher, CStrRef key, CStrRef data,
                                   CStrRef mode, CStrRef iv, bool dencrypt) {
  MCRYPT td = mcrypt_module_open((char*)cipher.data(),
                                 (char*)MCG(algorithms_dir).data(),
                                 (char*)mode.data(),
                                 (char*)MCG(modes_dir).data());
  if (td == MCRYPT_FAILED) {
    raise_warning(MCRYPT_OPEN_MODULE_FAILED);
    return false;
  }

  /* Checking for key-length */
  int max_key_length = mcrypt_enc_get_key_size(td);
  if (key.size() > max_key_length) {
    raise_warning("Size of key is too large for this algorithm");
  }
  int count;
  int *key_length_sizes = mcrypt_enc_get_supported_key_sizes(td, &count);
  int use_key_length;
  char *key_s = NULL;
  if (count == 0 && key_length_sizes == NULL) { // all lengths 1 - k_l_s = OK
    use_key_length = key.size();
    key_s = (char*)malloc(use_key_length);
    memcpy(key_s, key.data(), use_key_length);
  } else if (count == 1) {  /* only m_k_l = OK */
    key_s = (char*)malloc(key_length_sizes[0]);
    memset(key_s, 0, key_length_sizes[0]);
    memcpy(key_s, key.data(), MIN(key.size(), key_length_sizes[0]));
    use_key_length = key_length_sizes[0];
  } else { /* dertermine smallest supported key > length of requested key */
    use_key_length = max_key_length; /* start with max key length */
    for (int i = 0; i < count; i++) {
      if (key_length_sizes[i] >= key.size() &&
          key_length_sizes[i] < use_key_length) {
        use_key_length = key_length_sizes[i];
      }
    }
    key_s = (char*)malloc(use_key_length);
    memset(key_s, 0, use_key_length);
    memcpy(key_s, key.data(), MIN(key.size(), use_key_length));
  }
  mcrypt_free(key_length_sizes);

  /* Check IV */
  char *iv_s = NULL;
  int iv_size = mcrypt_enc_get_iv_size(td);

  /* IV is required */
  if (mcrypt_enc_mode_has_iv(td) == 1) {
    if (!iv.empty()) {
      if (iv_size != iv.size()) {
        raise_warning("The IV parameter must be as long as the blocksize");
      } else {
        iv_s = (char*)malloc(iv_size + 1);
        memcpy(iv_s, iv.data(), iv_size);
      }
    } else {
      raise_warning("Attempt to use an empty IV, which is NOT recommended");
      iv_s = (char*)malloc(iv_size + 1);
      memset(iv_s, 0, iv_size + 1);
    }
  }

  int block_size;
  unsigned long int data_size;
  String s;
  char *data_s;
  /* Check blocksize */
  if (mcrypt_enc_is_block_mode(td) == 1) { /* It's a block algorithm */
    block_size = mcrypt_enc_get_block_size(td);
    data_size = (((data.size() - 1) / block_size) + 1) * block_size;
    s = String(data_size, ReserveString);
    data_s = (char*)s.mutableSlice().ptr;
    memset(data_s, 0, data_size);
    memcpy(data_s, data.data(), data.size());
  } else { /* It's not a block algorithm */
    data_size = data.size();
    s = String(data_size, ReserveString);
    data_s = (char*)s.mutableSlice().ptr;
    memcpy(data_s, data.data(), data.size());
  }

  if (mcrypt_generic_init(td, key_s, use_key_length, iv_s) < 0) {
    raise_warning("Mcrypt initialisation failed");
    return false;
  }
  if (dencrypt) {
    mdecrypt_generic(td, data_s, data_size);
  } else {
    mcrypt_generic(td, data_s, data_size);
  }

  /* freeing vars */
  mcrypt_generic_end(td);
  if (key_s != NULL) {
    free(key_s);
  }
  if (iv_s != NULL) {
    free(iv_s);
  }
  return s.setSize(data_size);
}
Пример #13
0
int64_t f_mcrypt_enc_get_iv_size(CObjRef td) {
  return mcrypt_enc_get_iv_size(td.getTyped<MCrypt>()->m_td);
}
Пример #14
0
/* {{{ php_mcrypt_filter_create
 * Instantiate mcrypt filter
 */
static php_stream_filter *php_mcrypt_filter_create(const char *filtername, zval *filterparams, int persistent)
{
	int encrypt = 1, iv_len, key_len, keyl, result;
	const char *cipher = filtername + sizeof("mcrypt.") - 1;
	zval *tmpzval;
	MCRYPT mcrypt_module;
	char *iv = NULL, *key = NULL;
	char *algo_dir = INI_STR("mcrypt.algorithms_dir");
	char *mode_dir = INI_STR("mcrypt.modes_dir");
	char *mode = "cbc";
	php_mcrypt_filter_data *data;

	if (strncasecmp(filtername, "mdecrypt.", sizeof("mdecrypt.") - 1) == 0) {
		encrypt = 0;
		cipher += sizeof("de") - 1;
	} else if (strncasecmp(filtername, "mcrypt.", sizeof("mcrypt.") - 1) != 0) {
		/* Should never happen */
		return NULL;
	}

	if (!filterparams || Z_TYPE_P(filterparams) != IS_ARRAY) {
		php_error_docref(NULL, E_WARNING, "Filter parameters for %s must be an array", filtername);
		return NULL;
	}

	if ((tmpzval = zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("mode")))) {
		if (Z_TYPE_P(tmpzval) == IS_STRING) {
			mode = Z_STRVAL_P(tmpzval);
		} else {
			php_error_docref(NULL, E_WARNING, "mode is not a string, ignoring");
		}
	}

	if ((tmpzval=zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("algorithms_dir")))) {
		if (Z_TYPE_P(tmpzval) == IS_STRING) {
			algo_dir = Z_STRVAL_P(tmpzval);
		} else {
			php_error_docref(NULL, E_WARNING, "algorithms_dir is not a string, ignoring");
		}
	}

	if ((tmpzval=zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("modes_dir")))) {
		if (Z_TYPE_P(tmpzval) == IS_STRING) {
			mode_dir = Z_STRVAL_P(tmpzval);
		} else {
			php_error_docref(NULL, E_WARNING, "modes_dir is not a string, ignoring");
		}
	}

	if ((tmpzval = zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("key"))) &&
		Z_TYPE_P(tmpzval) == IS_STRING) {
		key = Z_STRVAL_P(tmpzval);
		key_len = (int)Z_STRLEN_P(tmpzval);
	} else {
		php_error_docref(NULL, E_WARNING, "key not specified or is not a string");
		return NULL;
	}

	mcrypt_module = mcrypt_module_open((char *)cipher, algo_dir, mode, mode_dir);
	if (mcrypt_module == MCRYPT_FAILED) {
		php_error_docref(NULL, E_WARNING, "Could not open encryption module");
		return NULL;
	}
	iv_len = mcrypt_enc_get_iv_size(mcrypt_module);
	keyl = mcrypt_enc_get_key_size(mcrypt_module);
	if (keyl < key_len) {
		key_len = keyl;
	}

	if (!(tmpzval = zend_hash_str_find(Z_ARRVAL_P(filterparams), ZEND_STRL("iv"))) ||
		Z_TYPE_P(tmpzval) != IS_STRING) {
		php_error_docref(NULL, E_WARNING, "Filter parameter[iv] not provided or not of type: string");
		mcrypt_module_close(mcrypt_module);
		return NULL;
	}

	iv = emalloc(iv_len + 1);
	if ((size_t)iv_len <= Z_STRLEN_P(tmpzval)) {
		memcpy(iv, Z_STRVAL_P(tmpzval), iv_len);
	} else {
		memcpy(iv, Z_STRVAL_P(tmpzval), Z_STRLEN_P(tmpzval));
		memset(iv + Z_STRLEN_P(tmpzval), 0, iv_len - Z_STRLEN_P(tmpzval));
	}

	result = mcrypt_generic_init(mcrypt_module, key, key_len, iv);
	efree(iv);
	if (result < 0) {
		switch (result) {
			case -3:
				php_error_docref(NULL, E_WARNING, "Key length incorrect");
				break;
			case -4:
				php_error_docref(NULL, E_WARNING, "Memory allocation error");
				break;
			case -1:
			default:
				php_error_docref(NULL, E_WARNING, "Unknown error");
				break;
		}
		mcrypt_module_close(mcrypt_module);
		return NULL;
	}

	data = pemalloc(sizeof(php_mcrypt_filter_data), persistent);
	data->module = mcrypt_module;
	data->encrypt = encrypt;
	if (mcrypt_enc_is_block_mode(mcrypt_module)) {
		data->blocksize = mcrypt_enc_get_block_size(mcrypt_module);
		data->block_buffer = pemalloc(data->blocksize, persistent);
	} else {
		data->blocksize = 0;
		data->block_buffer = NULL;
	}
	data->block_used = 0;
	data->persistent = persistent;

	return php_stream_filter_alloc(&php_mcrypt_filter_ops, data, persistent);
}
Пример #15
0
int64_t HHVM_FUNCTION(mcrypt_enc_get_iv_size, const Resource& td) {
  return mcrypt_enc_get_iv_size(td.getTyped<MCrypt>()->m_td);
}
Пример #16
0
int main()
{
	MCRYPT td, td2;
	int i, t, imax;
	int j, jmax, ivsize;
	int x = 0, siz;
	char **names;
	char **modes;
	char *text;
	unsigned char *IV;
	unsigned char *key;
	int keysize;
	
	names = mcrypt_list_algorithms (ALGORITHMS_DIR, &jmax);
	modes = mcrypt_list_modes (MODES_DIR, &imax);

	if (names==NULL || modes==NULL) {
		fprintf(stderr, "Error getting algorithms/modes\n");
		exit(1);
	}
	
	for (j=0;j<jmax;j++) {
		printf( "Algorithm: %s... ", names[j]);

		if (mcrypt_module_self_test( names[j], ALGORITHMS_DIR)==0) {
			printf( "ok\n");
		} else {
			x=1;
			printf( "\n");
		}
		printf( "Modes:\n");
			for (i=0;i<imax;i++) {
				td = mcrypt_module_open(names[j], ALGORITHMS_DIR, modes[i], MODES_DIR);
				td2 = mcrypt_module_open(names[j], ALGORITHMS_DIR, modes[i], MODES_DIR);
				if (td != MCRYPT_FAILED && td2 != MCRYPT_FAILED) {
					keysize = mcrypt_enc_get_key_size(td);
					key = calloc(1, keysize);
					if (key==NULL) exit(1);
					
					for (t=0;t<keysize;t++)
						key[t] = (t % 255) + 13;
					
					ivsize = mcrypt_enc_get_iv_size(td);
					if (ivsize>0) {
						IV = calloc( 1, ivsize);
						if (IV==NULL) exit(1);
						for (t=0;t<ivsize;t++)
							IV[t] = (t*2 % 255) + 15;
					}
					if (mcrypt_generic_init( td, key, keysize, IV) < 0) {
						fprintf(stderr, "Failed to Initialize algorithm!\n");
						return -1;
					}

					if (mcrypt_enc_is_block_mode(td)!=0)
						siz = (strlen(TEXT) / mcrypt_enc_get_block_size(td))*mcrypt_enc_get_block_size(td);
					else siz = strlen(TEXT);

					text = calloc( 1, siz);
					if (text==NULL) exit(1);
					
					memmove( text, TEXT, siz);

					mcrypt_generic( td, text, siz);

					if (mcrypt_generic_init( td2, key, keysize, IV) < 0) {
						fprintf(stderr, "Failed to Initialize algorithm!\n");
						return -1;
					}

					mdecrypt_generic( td2, text, siz);
					if ( memcmp( text, TEXT, siz) == 0) {
						printf( "   %s: ok\n", modes[i]);
					} else {
						printf( "   %s: failed\n", modes[i]);
						x=1;
					}
					mcrypt_generic_deinit(td);
					mcrypt_generic_deinit(td2);
					mcrypt_module_close(td);
					mcrypt_module_close(td2);					free(text);
					free(key);
					if (ivsize>0) free(IV);
				}
			}
		printf("\n");
		
	}	
	mcrypt_free_p(names, jmax);
	mcrypt_free_p(modes, imax);
	

	if (x>0) fprintf(stderr, "\nProbably some of the algorithms listed above failed. "
				"Try not to use these algorithms, and file a bug report to [email protected]\n\n");
	return x;
}
Пример #17
0
static int check_auth_cookie(request_rec *r)
{

	const char *cookies = NULL, *auth_line = NULL;
	char *cookie = NULL;

    /* Debug. */
	/*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
	    "check_auth_cookie called");*/

	/* Get config for this directory. */
    cookie_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
		&auth_cookie_module);

    /* Check we have been configured. */
    if (!conf->cookie_auth_cookie) {
        return DECLINED;
    }

	/* Do not override real auth header, unless config instructs us to. */
	if (!conf->cookie_auth_override &&
		apr_table_get(r->headers_in, "Authorization")) {
		if (conf->cookie_auth_env) {
			unsetenv(conf->cookie_auth_env);
		}
		return DECLINED;
	}

	/* todo: protect against xxxCookieNamexxx, regex? */
	/* todo: make case insensitive? */
	/* Get the cookie (code from mod_log_config). */
	if ((cookies = apr_table_get(r->headers_in, "Cookie"))) {
		char *start_cookie, *end_cookie;
		if ((start_cookie = ap_strstr_c(cookies, conf->cookie_auth_cookie))) {
		    start_cookie += strlen(conf->cookie_auth_cookie) + 1;
		    cookie = apr_pstrdup(r->pool, start_cookie);
			/* kill everything in cookie after ';' */
			end_cookie = strchr(cookie, ';');
			if (end_cookie) {
				*end_cookie = '\0';
      }
      ap_unescape_url(cookie);
		}
	}

	/* No cookie? Nothing for us to do. */
	if (!cookie) {
                if (conf->cookie_auth_unauth_redirect) {
        	        const char* redirect = conf->cookie_auth_unauth_redirect;
        		compose_and_set_redirect(r, redirect);
                        return HTTP_MOVED_TEMPORARILY;
                }
                else {
			return DECLINED;
                }
	}

	/* Debug. */
	/*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
	    "%s=%s", conf->cookie_auth_cookie, cookie);*/

	char* aux_auth_info = "";

	/* Construct the fake auth_line. */
	if (conf->cookie_auth_base64) {
		char* decoded_cookie = apr_palloc(r->pool, apr_base64_decode_len(cookie));
    int decoded_cookie_length = apr_base64_decode(decoded_cookie, cookie);

		int valid = 1;

		/* if the cookie is encrypted, decrypt it in place */
		if (conf->cookie_auth_encrypt) {
      MCRYPT td = mcrypt_module_open("rijndael-128", NULL, "cbc", NULL);
      int keysize = strlen(conf->cookie_auth_encrypt);
      int blocksize = mcrypt_enc_get_block_size(td);

			// We will copy the iv from the beginning of the cookie.
			// The iv does not need to be null-terminated, but we will
			// null-terminate it for convenience.
			int iv_length = mcrypt_enc_get_iv_size(td);
			char* iv = (char*) apr_palloc(r->pool, iv_length + 1);
			memcpy(iv, decoded_cookie, iv_length);
			iv[iv_length] = '\0';

			// Take the iv off the beginning of the cookie
			decoded_cookie += iv_length;
      decoded_cookie_length -= iv_length;

      mcrypt_generic_init( td, conf->cookie_auth_encrypt, keysize, iv);
      // Encryption in CBC is performed in blocks, so our
      // decryption string will always be an integral number
      // of full blocks.
      char* decrypt_ptr = decoded_cookie;
      while (decoded_cookie_length >= blocksize) {
        mdecrypt_generic(td, decrypt_ptr, blocksize);
        decrypt_ptr += blocksize;
        decoded_cookie_length -= blocksize;
      }
      if (decoded_cookie_length != 0) {
        valid = 0;
      }
      mcrypt_generic_deinit (td);
      mcrypt_module_close(td);
      /*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
        "mdecrypt(%s)=%s", conf->cookie_auth_cookie, decoded_cookie);*/
		}

		/* if the cookie did not decrypt, then do nothing */
		if (valid) {
			char* end_auth_info = strchr(decoded_cookie, '\t');

			if (end_auth_info) {
				aux_auth_info = decoded_cookie;
				char* unencoded_cookie = end_auth_info + 1;
				*end_auth_info = 0;

				auth_line = apr_pstrcat(r->pool, "Basic ", ap_pbase64encode(r->pool, unencoded_cookie), NULL);
			}
			else {
				auth_line = apr_pstrcat(r->pool, "Basic ", ap_pbase64encode(r->pool, decoded_cookie), NULL);
			}
		}
	} else {
		// Aux auth info and cookie encrypt features only available in base64 mode
		ap_unescape_url(cookie);
		auth_line = apr_pstrcat(r->pool, "Basic ",
			ap_pbase64encode(r->pool, cookie), NULL);
	}

	/* If there is aux auth info, then set the env variable */
	if (conf->cookie_auth_env) {
	  apr_table_set(r->subprocess_env, conf->cookie_auth_env, aux_auth_info);
	}

	/* Debug. */
	/*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
		"Authorization: %s", auth_line);*/

	/* If there is no aux auth info, then force a redirect if our conf directives say that we should */
        if (conf->cookie_auth_env_redirect && !strlen(aux_auth_info)) {
        	const char* redirect = conf->cookie_auth_env_redirect;
        	compose_and_set_redirect(r, redirect);
                return HTTP_MOVED_TEMPORARILY;
        }
        else {
	        /* Set fake auth_line. */
		if (auth_line) {
                	apr_table_set(r->headers_in, "Authorization", auth_line);
                }
	}

	/* Always return DECLINED because we don't authorize, */
	/* we just set things up for the next auth module to. */
    return DECLINED;
}
Пример #18
0
int64_t HHVM_FUNCTION(mcrypt_enc_get_iv_size, const Resource& td) {
  return mcrypt_enc_get_iv_size(cast<MCrypt>(td)->m_td);
}
Пример #19
0
static int internal_init_mcrypt(MCRYPT td, const void *key, int lenofkey, const void *IV)
{
	int *sizes = NULL;
	int num_of_sizes, i, ok = 0;
	int key_size = mcrypt_enc_get_key_size(td);

	if (lenofkey > key_size || lenofkey==0) {
		return MCRYPT_KEY_LEN_ERROR;	/* error */	
	}
	
	sizes = mcrypt_enc_get_supported_key_sizes(td, &num_of_sizes);
	if (sizes != NULL) {
		for (i = 0; i < num_of_sizes; i++) {
			if (lenofkey == sizes[i]) {
				ok = 1;
				break;
			}
		}
	} else {		/* sizes==NULL */
		if (num_of_sizes == 0
		    && lenofkey <= mcrypt_enc_get_key_size(td))
			ok = 1;
	}


	if (ok == 0) { /* not supported key size */
		key_size = mcrypt_enc_get_key_size(td);
		if (sizes != NULL) {
			for (i = 0; i < num_of_sizes; i++) {
				if (lenofkey <= sizes[i]) {
					key_size = sizes[i];
					break;
				}
			}
		} else { /* well every key size is supported! */
			key_size = lenofkey;
		}
	} else {
		key_size = lenofkey;
	}
	free(sizes);

	td->keyword_given = mxcalloc(1, mcrypt_enc_get_key_size(td));
	if (td->keyword_given==NULL) return MCRYPT_MEMORY_ALLOCATION_ERROR; 
	
	memmove(td->keyword_given, key, lenofkey);
	i = mcrypt_get_size(td);
	td->akey = mxcalloc(1, i);
	if (td->akey==NULL) {
		free(td->keyword_given);
		return MCRYPT_MEMORY_ALLOCATION_ERROR;
	}
	i = mcrypt_mode_get_size(td);
	if (i > 0) {
		td->abuf = mxcalloc(1, i);
		if (td->abuf==NULL) {
			free(td->keyword_given);
			free(td->akey);
			return MCRYPT_MEMORY_ALLOCATION_ERROR;
		}
	}
	ok = init_mcrypt(td, td->abuf, key, key_size, IV);
	if (ok!=0) {
		free(td->keyword_given);
		free(td->akey);
		free(td->abuf);
		return MCRYPT_UNKNOWN_ERROR; /* algorithm error */
	}

	ok = mcrypt_set_key(td,
		       (void *) td->akey,
		       (void *) td->keyword_given,
		       key_size, IV, IV!=NULL ? mcrypt_enc_get_iv_size(td) : 0);

	if (ok!=0) {
		internal_end_mcrypt(td);
		return MCRYPT_UNKNOWN_ERROR; /* algorithm error */
	}

	return 0;
}
Пример #20
0
int main()
{
	MCRYPT td, td2;
	int i, t, imax;
	int j, jmax, ivsize;
	int x = 0, siz;
	char *text;
	unsigned char *IV;
	unsigned char *key;
	int keysize;
	
    td = mcrypt_module_open("idea", ALGORITHMS_DIR, "cbc", MODES_DIR);
    td2 = mcrypt_module_open("idea", ALGORITHMS_DIR, "cbc", MODES_DIR);

    if (td != MCRYPT_FAILED && td2 != MCRYPT_FAILED) {
        fprintf(stderr, "Created IDEA cipher.\n");

        keysize = mcrypt_enc_get_key_size(td);
        fprintf(stderr, "Cipher key size %d.\n", keysize);

        key = calloc(1, keysize);
        if (key==NULL) exit(1);
					
        for (t=0;t<keysize;t++)
            key[t] = (t % 255) + 13;
					
        ivsize = mcrypt_enc_get_iv_size(td);
        fprintf(stderr, "IV size %d.\n", ivsize);
        if (ivsize>0) {
            IV = calloc( 1, ivsize);
            if (IV==NULL) exit(1);
            for (t=0;t<ivsize;t++)
                IV[t] = (t*2 % 255) + 15;
        }

        if (mcrypt_generic_init( td, key, keysize, IV) < 0) {
            fprintf(stderr, "Failed to Initialize algorithm!\n");
            return -1;
        }

        if (mcrypt_enc_is_block_mode(td)!=0)
            siz = (strlen(TEXT) / mcrypt_enc_get_block_size(td))*mcrypt_enc_get_block_size(td);
        else siz = strlen(TEXT);

        text = calloc( 1, siz);
        if (text==NULL) exit(1);
					
        memmove( text, TEXT, siz);

        mcrypt_generic( td, text, siz);

        if (mcrypt_generic_init( td2, key, keysize, IV) < 0) {
            fprintf(stderr, "Failed to Initialize algorithm!\n");
            return -1;
        }

        mdecrypt_generic( td2, text, siz);
        if ( memcmp( text, TEXT, siz) == 0) {
            printf( "   %s: ok\n", "cbc");
        } else {
            printf( "   %s: failed\n", "cbc");
            x=1;
        }

        mcrypt_generic_deinit(td);
        mcrypt_generic_deinit(td2);
        mcrypt_module_close(td);
        mcrypt_module_close(td2);
        free(text);
        free(key);
        if (ivsize>0) free(IV);
    }

    return 0;
}