static int des3_1_set_key(struct crypto_struct *cipher, void *key, void *IV) { if (cipher->key == NULL) { if (alloc_key(cipher) < 0) { return -1; } if (gcry_cipher_open(&cipher->key[0], GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0)) { SAFE_FREE(cipher->key); return -1; } if (gcry_cipher_setkey(cipher->key[0], key, 8)) { SAFE_FREE(cipher->key); return -1; } if (gcry_cipher_setiv(cipher->key[0], IV, 8)) { SAFE_FREE(cipher->key); return -1; } if (gcry_cipher_open(&cipher->key[1], GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0)) { SAFE_FREE(cipher->key); return -1; } if (gcry_cipher_setkey(cipher->key[1], key + 8, 8)) { SAFE_FREE(cipher->key); return -1; } if (gcry_cipher_setiv(cipher->key[1], IV + 8, 8)) { SAFE_FREE(cipher->key); return -1; } if (gcry_cipher_open(&cipher->key[2], GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0)) { SAFE_FREE(cipher->key); return -1; } if (gcry_cipher_setkey(cipher->key[2], key + 16, 8)) { SAFE_FREE(cipher->key); return -1; } if (gcry_cipher_setiv(cipher->key[2], IV + 16, 8)) { SAFE_FREE(cipher->key); return -1; } } return 0; }
int init_decrypt_ctx(struct decrypt_ctx *ctx, struct psafe3_pro *pro, struct safe_sec *sec) { gcry_error_t gerr; assert(ctx != NULL); assert(pro != NULL); assert(sec != NULL); gerr = gcry_cipher_open(&ctx->cipher, GCRY_CIPHER_TWOFISH, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE); if (gerr != GPG_ERR_NO_ERROR) goto err_cipher; ctx->gerr = gcry_cipher_setkey(ctx->cipher, sec->rand_k, 32); if (gerr != GPG_ERR_NO_ERROR) goto err_cipher; ctx->gerr = gcry_cipher_setiv(ctx->cipher, pro->iv, 16); if (gerr != GPG_ERR_NO_ERROR) goto err_cipher; gerr = gcry_md_open(&ctx->hmac, GCRY_MD_SHA256, GCRY_MD_FLAG_SECURE|GCRY_MD_FLAG_HMAC); if (gerr != GPG_ERR_NO_ERROR) goto err_hmac; gerr = gcry_md_setkey(ctx->hmac, sec->rand_l, 32); if (gerr != GPG_ERR_NO_ERROR) goto err_hmac; return 0; err_hmac: gcry_cipher_close(ctx->cipher); err_cipher: ctx->gerr = gerr; return -1; }
netmd_error netmd_secure_setup_download(netmd_dev_handle *dev, unsigned char *contentid, unsigned char *key_encryption_key, unsigned char *sessionkey) { unsigned char cmdhdr[] = { 0x00, 0x00 }; unsigned char data[32] = { 0x01, 0x01, 0x01, 0x01 /* ... */}; unsigned char cmd[sizeof(cmdhdr) + sizeof(data)]; unsigned char iv[8] = { 0 }; gcry_cipher_hd_t handle; netmd_response response; netmd_error error; memcpy(data + 4, contentid, 20); memcpy(data + 24, key_encryption_key, 8); gcry_cipher_open(&handle, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0); gcry_cipher_setkey(handle, sessionkey, 8); gcry_cipher_setiv(handle, iv, 8); gcry_cipher_encrypt(handle, data, sizeof(data), NULL, 0); gcry_cipher_close(handle); memcpy(cmd, cmdhdr, sizeof(cmdhdr)); memcpy(cmd + sizeof(cmdhdr), data, 32); error = netmd_exch_secure_msg(dev, 0x22, cmd, sizeof(cmd), &response); netmd_check_response_bulk(&response, cmdhdr, sizeof(cmdhdr), &error); return error; }
static int gcrypt_set_iv(void *user_ctx, size_t len, uint8_t *iv) { int rc = -PRIV_CRYPT_SOME_ERR; struct gcrypt_state *st = user_ctx; if (!user_ctx) goto out; if (st->mode != GCRY_CIPHER_MODE_CTR) { if ((rc = gcry_cipher_setiv(st->hd, iv, len)) != 0) { DPRINTF("gcry_cipher_setiv: %d\n", rc); rc = -PRIV_CRYPT_SOME_ERR; goto out; } } else { if ((rc = gcry_cipher_setctr(st->hd, iv, len)) != 0) { DPRINTF("gcry_cipher_setctr: %d\n", rc); rc = -PRIV_CRYPT_SOME_ERR; goto out; } } rc = 0; out: return rc; }
/** * @brief Decipher a buffer using AES-128 with CBC. */ int crypt_aes_dec(crypt_context_t *context, char *encBuffer, char *outBuffer, unsigned int buffLen, char *iniVector) { int rv; ASSERT(context, rv, CRYPT_FAILED, "crypt_aes_dec: Argument is NULL.\n"); ASSERT(encBuffer, rv, CRYPT_FAILED, "crypt_aes_dec: Argument is NULL.\n"); ASSERT(outBuffer, rv, CRYPT_FAILED, "crypt_aes_dec: Argument is NULL.\n"); ASSERT(iniVector, rv, CRYPT_FAILED, "crypt_aes_dec: Argument is NULL.\n"); ASSERT(context->initialised, rv, CRYPT_FAILED, "crypt_aes_dec: Context is not initialised.\n"); gcry_error_t gcryError; gcry_cipher_hd_t gcryCipherHd = NULL; size_t keyLength = gcry_cipher_get_algo_keylen(GCRY_CIPHER_AES128); size_t blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER_AES128); gcryError = gcry_cipher_open(&gcryCipherHd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0); ASSERT(!gcryError, rv, CRYPT_FAILED, "crypt_aes_dec: %s: %s\n", gcry_strsource(gcryError), gcry_strerror(gcryError)); gcryError = gcry_cipher_setkey(gcryCipherHd, context->secretKey, keyLength); ASSERT(!gcryError, rv, CRYPT_FAILED, "crypt_aes_dec: %s: %s\n", gcry_strsource(gcryError), gcry_strerror(gcryError)); gcryError = gcry_cipher_setiv(gcryCipherHd, iniVector, blkLength); ASSERT(!gcryError, rv, CRYPT_FAILED, "crypt_aes_dec: %s: %s\n", gcry_strsource(gcryError), gcry_strerror(gcryError)); gcryError = gcry_cipher_decrypt(gcryCipherHd, outBuffer, buffLen, encBuffer, buffLen); ASSERT(!gcryError, rv, CRYPT_FAILED, "crypt_aes_dec: %s: %s\n", gcry_strsource(gcryError), gcry_strerror(gcryError)); _err: if(gcryCipherHd) gcry_cipher_close(gcryCipherHd); return rv; }
static void bench_gcm_decrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) { gcry_cipher_hd_t hd = obj->priv; int err; char tag[16] = { 0, }; char nonce[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, }; gcry_cipher_setiv (hd, nonce, sizeof (nonce)); err = gcry_cipher_decrypt (hd, buf, buflen, buf, buflen); if (err) { fprintf (stderr, PGM ": gcry_cipher_encrypt failed: %s\n", gpg_strerror (err)); gcry_cipher_close (hd); exit (1); } err = gcry_cipher_checktag (hd, tag, sizeof (tag)); if (gpg_err_code (err) == GPG_ERR_CHECKSUM) err = gpg_error (GPG_ERR_NO_ERROR); if (err) { fprintf (stderr, PGM ": gcry_cipher_gettag failed: %s\n", gpg_strerror (err)); gcry_cipher_close (hd); exit (1); } }
static gboolean gst_hls_demux_decrypt_start (GstHLSDemux * demux, const guint8 * key_data, const guint8 * iv_data) { gcry_error_t err = 0; gboolean ret = FALSE; err = gcry_cipher_open (&demux->aes_ctx, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0); if (err) goto out; err = gcry_cipher_setkey (demux->aes_ctx, key_data, 16); if (err) goto out; err = gcry_cipher_setiv (demux->aes_ctx, iv_data, 16); if (!err) ret = TRUE; out: if (!ret) if (demux->aes_ctx) gcry_cipher_close (demux->aes_ctx); return ret; }
std::string crypt_plugin::do_crypto( unsigned short len ) { char *b, *r, *buff; std::string out; gcry_cipher_hd_t hand; gcry_cipher_open( &hand, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS ); gcry_cipher_setiv( hand, NULL, 0 ); b = new char[16]; gcry_randomize( b, 16, GCRY_STRONG_RANDOM ); gcry_cipher_setkey( hand, b, 16 ); buff = new char[len]; r = new char[len+1]; gcry_randomize( r, len, GCRY_STRONG_RANDOM ); gcry_cipher_encrypt( hand, buff, len, r, len ); delete b; memset( r, 0, len+1 ); for( unsigned int i = 0; i < len; i++ ) { int k = 1 + (int) (92.0 * ((float)buff[i] / 256.0)); if( k < 0 ) k *= -1; r[i] = k+34; } gcry_cipher_close(hand); out = r; delete buff; delete r; return out; }
int decode_packet(gcry_cipher_hd_t * hd, char * packet, int len, char *command, int *commandlen, unsigned long * seqnum){ u_char chk_carried[CHECKSUM_LEN]; u_int chk_calculated; memcpy(chk_carried,&packet[len-CHECKSUM_LEN],CHECKSUM_LEN); //printf("\r\n CHK_CALC %x %x %x",checksum(packet,len),(((chk_carried[0]<<8)&0x00FF00)|(chk_carried[1]&0x0000FF)),checksum(packet,len)-(((chk_carried[0]<<8)&0x00FF00)|(chk_carried[1]&0x0000FF))); if(checksum(packet,len)!=(((chk_carried[0]<<8)&0x00FF00)|(chk_carried[1]&0x0000FF))){ printf("\r\n BAD CHECKSUM"); return -1; } gcry_cipher_setiv(*hd,&packet[MAC_LEN], GCRY_IVLEN); *commandlen=len-MAC_LEN-GCRY_IVLEN-CHECKSUM_LEN; gcry_cipher_decrypt (*hd,command,*commandlen ,&packet[MAC_LEN+GCRY_IVLEN], *commandlen); int ac=0; unsigned long cseqnum=0; for(ac=0;ac<SEQ_LEN;ac++){ cseqnum|=((command[(*commandlen-1-ac)]&0x000000FF)<<(ac*8)); } if(*seqnum>=cseqnum){ return -2; } *seqnum=cseqnum; *commandlen-=SEQ_LEN; return 0; }
static void dCMAC(guint8 *pK, guint8 *ws, const guint8 *pN, guint16 SizeN, const guint8 *pC, guint16 SizeC) { gcry_cipher_hd_t cipher_hd; guint8 *work; guint8 *ptr; guint16 SizeT = SizeN + SizeC; guint16 worksize = SizeT; /* worksize must be an integral multiple of 16 */ if (SizeT & 0xf) { worksize += 0x10 - (worksize & 0xf); } work = (guint8 *)g_malloc(worksize); if (work == NULL) { return; } memcpy(work, pN, SizeN); if (pC != NULL) { memcpy(&work[SizeN], pC, SizeC); } /* * pad the data if necessary, and XOR Q or D, depending on * whether data was padded or not */ if (worksize != SizeT) { work[SizeT] = 0x80; for (ptr = &work[SizeT+1]; ptr < &work[worksize]; ptr++) *ptr = 0; ptr= &work[worksize-0x10]; BLK_XOR(ptr, instance.Q); } else { ptr = &work[worksize-0x10]; BLK_XOR(ptr, instance.D); } /* open the cipher */ if (gcry_cipher_open(&cipher_hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC,0)){/* GCRY_CIPHER_CBC_MAC)) { */ g_free(work); return; } if (gcry_cipher_setkey(cipher_hd, pK, EAX_SIZEOF_KEY)) { g_free(work); gcry_cipher_close(cipher_hd); return; } if (gcry_cipher_setiv(cipher_hd, ws, EAX_SIZEOF_KEY)) { g_free(work); gcry_cipher_close(cipher_hd); return; } if (gcry_cipher_encrypt(cipher_hd, work, worksize, work, worksize)) { g_free(work); gcry_cipher_close(cipher_hd); return; } memcpy(ws, ptr, EAX_SIZEOF_KEY); g_free(work); gcry_cipher_close(cipher_hd); return; }
static int xdecrypt(gcry_cipher_hd_t hd, int blklen, const char *iv, void *dst, size_t dstlen, const void *src, size_t srclen) { int i; gcry_error_t err = 0; char *s = (char *) src, *d = dst; if(dstlen < srclen) return xmsg(-1, VPN_DEBUG, "not enough space to put decrypted data!\n"); for(i = 0; i < srclen; i+=blklen, s+=blklen, d+=blklen) { err = gcry_cipher_setiv(hd, iv, blklen); if(err) { xmsg(0, VPN_DEBUG, "decrypt iv mismatch: %s\n", gpg_strerror(err)); break; } err = gcry_cipher_decrypt(hd, d, blklen, s, blklen); if(err) { xmsg(0, VPN_DEBUG, "decrypt failed: %s\n", gpg_strerror(err)); break; } } return err ? -1 : i; }
static void bench_aead_decrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen, const char *nonce, size_t noncelen) { gcry_cipher_hd_t hd = obj->priv; int err; char tag[16] = { 0, }; gcry_cipher_setiv (hd, nonce, noncelen); gcry_cipher_final (hd); err = gcry_cipher_decrypt (hd, buf, buflen, buf, buflen); if (err) { fprintf (stderr, PGM ": gcry_cipher_encrypt failed: %s\n", gpg_strerror (err)); gcry_cipher_close (hd); exit (1); } err = gcry_cipher_checktag (hd, tag, sizeof (tag)); if (gpg_err_code (err) == GPG_ERR_CHECKSUM) err = gpg_error (GPG_ERR_NO_ERROR); if (err) { fprintf (stderr, PGM ": gcry_cipher_gettag failed: %s\n", gpg_strerror (err)); gcry_cipher_close (hd); exit (1); } }
gcry_error_t decryptFile(FILE *infile, unsigned char *IV, unsigned char *key, FILE *outfile) { gcry_error_t error; gcry_cipher_hd_t hd; unsigned char inbuffer[16]; unsigned char obp[16]; unsigned char *outbuffer = NULL; int eof = 0; int n; int strength = getCipherStrength(); int algorithm = strength == 256 ? GCRY_CIPHER_AES256 : GCRY_CIPHER_AES128; size_t keylength = strength == 256 ? 32 : 16; error = gcry_cipher_open(&hd, algorithm, GCRY_CIPHER_MODE_OFB, 0); if (error != GPG_ERR_NO_ERROR) return error; error = gcry_cipher_setkey(hd, key, keylength); if (error != GPG_ERR_NO_ERROR) return error; error = gcry_cipher_setiv(hd, IV, 16); if (error != GPG_ERR_NO_ERROR) return error; while (!eof) { n = fread(inbuffer, 1, 16, infile); if (n > 0 && n < 16) return gcry_error_from_errno(EPIPE); if (n == 0) { if (outbuffer == NULL) return gcry_error_from_errno(EINVAL); n = 16 - (int)outbuffer[15]; eof = 1; } if (outbuffer != NULL) fwrite(outbuffer, 1, n, outfile); outbuffer = obp; error = gcry_cipher_decrypt(hd, outbuffer, 16, inbuffer, 16); if (error != GPG_ERR_NO_ERROR) return error; } return GPG_ERR_NO_ERROR; }
static void encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey) { gcry_cipher_hd_t hd; byte buf[33]; assert ( dek->keylen <= 32 ); if (!*seskey) { *seskey=xmalloc_clear(sizeof(DEK)); (*seskey)->keylen=dek->keylen; (*seskey)->algo=dek->algo; make_session_key(*seskey); /*log_hexdump( "thekey", c->key, c->keylen );*/ } /* The encrypted session key is prefixed with a one-octet algorithm id. */ buf[0] = (*seskey)->algo; memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen ); /* We only pass already checked values to the following fucntion, thus we consider any failure as fatal. */ if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1)) BUG (); if (gcry_cipher_setkey (hd, dek->key, dek->keylen)) BUG (); gcry_cipher_setiv (hd, NULL, 0); gcry_cipher_encrypt (hd, buf, (*seskey)->keylen + 1, NULL, 0); gcry_cipher_close (hd); memcpy( enckey, buf, (*seskey)->keylen + 1 ); wipememory( buf, sizeof buf ); /* burn key */ }
guchar * egg_openssl_decrypt_block (const gchar *dekinfo, const gchar *password, gssize n_password, GBytes *data, gsize *n_decrypted) { gcry_cipher_hd_t ch; guchar *key = NULL; guchar *iv = NULL; int gcry, ivlen; int algo = 0; int mode = 0; guchar *decrypted; if (!parse_dekinfo (dekinfo, &algo, &mode, &iv)) return FALSE; ivlen = gcry_cipher_get_algo_blklen (algo); /* We assume the iv is at least as long as at 8 byte salt */ g_return_val_if_fail (ivlen >= 8, FALSE); /* IV is already set from the DEK info */ if (!egg_symkey_generate_simple (algo, GCRY_MD_MD5, password, n_password, iv, 8, 1, &key, NULL)) { g_free (iv); return NULL; } gcry = gcry_cipher_open (&ch, algo, mode, 0); g_return_val_if_fail (!gcry, NULL); gcry = gcry_cipher_setkey (ch, key, gcry_cipher_get_algo_keylen (algo)); g_return_val_if_fail (!gcry, NULL); egg_secure_free (key); /* 16 = 128 bits */ gcry = gcry_cipher_setiv (ch, iv, ivlen); g_return_val_if_fail (!gcry, NULL); g_free (iv); /* Allocate output area */ *n_decrypted = g_bytes_get_size (data); decrypted = egg_secure_alloc (*n_decrypted); gcry = gcry_cipher_decrypt (ch, decrypted, *n_decrypted, g_bytes_get_data (data, NULL), g_bytes_get_size (data)); if (gcry) { egg_secure_free (decrypted); g_return_val_if_reached (NULL); } gcry_cipher_close (ch); return decrypted; }
void init(aes_type type,std::string const &key) { if(key.size()*8!=unsigned(type)) { throw booster::invalid_argument("Invalid key size"); } key_ = key; type_ = type; int algo=0; switch(type) { case aes128: algo = GCRY_CIPHER_AES128; break; case aes192: algo = GCRY_CIPHER_AES192; break; case aes256: algo = GCRY_CIPHER_AES256; break; default: throw booster::invalid_argument("Invalid encryption method"); } enc_ = 0; dec_ = 0; char iv_enc[16]; char iv_dec[16]= {0}; urandom_device rnd; rnd.generate(iv_enc,sizeof(iv_enc)); if( gcry_cipher_open(&enc_,algo,GCRY_CIPHER_MODE_CBC,0) || gcry_cipher_open(&dec_,algo,GCRY_CIPHER_MODE_CBC,0) || gcry_cipher_setkey(enc_,key_.c_str(),key.size()) || gcry_cipher_setkey(dec_,key_.c_str(),key.size()) || gcry_cipher_setiv(enc_,iv_enc,16) || gcry_cipher_setiv(dec_,iv_dec,16) ) { if(enc_) gcry_cipher_close(enc_); if(dec_) gcry_cipher_close(dec_); throw booster::runtime_error("Failed to create AES encryptor"); } }
int elektraCryptoGcryHandleCreate (elektraCryptoHandle ** handle, KeySet * config, Key * errorKey) { gcry_error_t gcry_err; unsigned char keyBuffer[64], ivBuffer[64]; size_t keyLength, ivLength; (*handle) = NULL; // retrieve keys from configuration Key * key = elektraCryptoReadParamKey (config, errorKey); Key * iv = elektraCryptoReadParamIv (config, errorKey); if (key == NULL || iv == NULL) { return (-1); } keyLength = keyGetBinary (key, keyBuffer, sizeof (keyBuffer)); ivLength = keyGetBinary (iv, ivBuffer, sizeof (ivBuffer)); // create the handle (*handle) = elektraMalloc (sizeof (elektraCryptoHandle)); if (*handle == NULL) { memset (keyBuffer, 0, sizeof (keyBuffer)); memset (ivBuffer, 0, sizeof (ivBuffer)); ELEKTRA_SET_ERROR (87, errorKey, "Memory allocation failed"); return (-1); } if ((gcry_err = gcry_cipher_open (*handle, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 0)) != 0) { goto error; } if ((gcry_err = gcry_cipher_setkey (**handle, keyBuffer, keyLength)) != 0) { goto error; } if ((gcry_err = gcry_cipher_setiv (**handle, ivBuffer, ivLength)) != 0) { goto error; } memset (keyBuffer, 0, sizeof (keyBuffer)); memset (ivBuffer, 0, sizeof (ivBuffer)); return 1; error: memset (keyBuffer, 0, sizeof (keyBuffer)); memset (ivBuffer, 0, sizeof (ivBuffer)); ELEKTRA_SET_ERRORF (ELEKTRA_ERROR_CRYPTO_CONFIG_FAULT, errorKey, "Failed to create handle because: %s", gcry_strerror (gcry_err)); gcry_cipher_close (**handle); elektraFree (*handle); (*handle) = NULL; return (-1); }
void SymmetricCipherGcrypt::reset() { gcry_error_t error; error = gcry_cipher_reset(m_ctx); Q_ASSERT(error == 0); error = gcry_cipher_setiv(m_ctx, m_iv.constData(), m_iv.size()); Q_ASSERT(error == 0); }
static gboolean service_encode_aes_secret (SecretSession *session, SecretValue *value, GVariantBuilder *builder) { gcry_cipher_hd_t cih; guchar *padded; gsize n_padded, pos; gcry_error_t gcry; gpointer iv; gconstpointer secret; gsize n_secret; GVariant *child; g_variant_builder_add (builder, "o", session->path); /* Create the cipher */ gcry = gcry_cipher_open (&cih, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0); if (gcry != 0) { g_warning ("couldn't create AES cipher: %s", gcry_strerror (gcry)); return FALSE; } secret = secret_value_get (value, &n_secret); /* Perform the encoding here */ padded = pkcs7_pad_bytes_in_secure_memory (secret, n_secret, &n_padded); g_assert (padded != NULL); /* Setup the IV */ iv = g_malloc0 (16); gcry_create_nonce (iv, 16); gcry = gcry_cipher_setiv (cih, iv, 16); g_return_val_if_fail (gcry == 0, FALSE); /* Setup the key */ gcry = gcry_cipher_setkey (cih, session->key, session->n_key); g_return_val_if_fail (gcry == 0, FALSE); /* Perform the encryption */ for (pos = 0; pos < n_padded; pos += 16) { gcry = gcry_cipher_encrypt (cih, (guchar*)padded + pos, 16, NULL, 0); g_return_val_if_fail (gcry == 0, FALSE); } gcry_cipher_close (cih); child = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), iv, 16, TRUE, g_free, iv); g_variant_builder_add_value (builder, child); child = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), padded, n_padded, TRUE, egg_secure_free, padded); g_variant_builder_add_value (builder, child); g_variant_builder_add (builder, "s", secret_value_get_content_type (value)); return TRUE; }
static gboolean decrypt_buffer (EggBuffer *buffer, GkmSecret *master, guchar salt[8], int iterations) { const gchar *password = NULL; gcry_cipher_hd_t cih; gcry_error_t gerr; guchar *key, *iv; gsize n_password = 0; size_t pos; g_assert (buffer->len % 16 == 0); g_assert (16 == gcry_cipher_get_algo_blklen (GCRY_CIPHER_AES128)); g_assert (16 == gcry_cipher_get_algo_keylen (GCRY_CIPHER_AES128)); /* No password is set, try an null password */ if (master == NULL) { password = NULL; n_password = 0; } else { password = gkm_secret_get_password (master, &n_password); } if (!egg_symkey_generate_simple (GCRY_CIPHER_AES128, GCRY_MD_SHA256, password, n_password, salt, 8, iterations, &key, &iv)) return FALSE; gerr = gcry_cipher_open (&cih, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0); if (gerr) { g_warning ("couldn't create aes cipher context: %s", gcry_strerror (gerr)); egg_secure_free (key); g_free (iv); return FALSE; } /* 16 = 128 bits */ gerr = gcry_cipher_setkey (cih, key, 16); g_return_val_if_fail (!gerr, FALSE); egg_secure_free (key); /* 16 = 128 bits */ gerr = gcry_cipher_setiv (cih, iv, 16); g_return_val_if_fail (!gerr, FALSE); g_free (iv); for (pos = 0; pos < buffer->len; pos += 16) { /* In place encryption */ gerr = gcry_cipher_decrypt (cih, buffer->buf + pos, 16, NULL, 0); g_return_val_if_fail (!gerr, FALSE); } gcry_cipher_close (cih); return TRUE; }
void inject_command(pcap_t *fp, gcry_cipher_hd_t * hd,char * dst_mac, char * command, int len, unsigned long * seqnum){ char pkt[1000]; u_char buf[1024]; u_char iv[GCRY_IVLEN]={0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}; len+=SEQ_LEN; char pkt_len[6]; char type[] = { 0x00,0x00,0x0d,0x00,0x04,0x80,0x02,0x00,0x02,0x00,0x00,0x00,0x00,0x80,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x64,0x00,0x11,0x00,0x00,0x05, 'I', 'N', 'T', 'C', 'P',0x01,0x04,0x82,0x84,0x8b,0x96,0x03,0x01,0x0c,0x04,0x06,0x01,0x02,0x00,0x00,0x00,0x00,0x05,0x04,0x00,0x01,0x00,0x00,0xdd,0x18,0x00,0x50,0xf2,0x01,0x01, 0x00,0x00,0x50,0xf2,0x04,0x01,0x00,0x00,0x50,0xf2,0x04,0x01,0x00,0x00,0x50,0xf2,0x02,0x00,0x00}; u_int tlen=len+MAC_LEN+CHECKSUM_LEN+GCRY_IVLEN; random_vector(iv,GCRY_IVLEN); memcpy(&pkt[0],dst_mac,MAC_LEN); memcpy(&pkt[MAC_LEN],iv,GCRY_IVLEN); gcry_cipher_setiv(*hd,iv, GCRY_IVLEN); char cmdseq[1000]; memcpy(cmdseq,command,len); u_int ac=0; (*seqnum)++; if(*seqnum>0xFFFFFFFF){*seqnum=0x01;} for(ac=0;ac<SEQ_LEN;ac++){ cmdseq[len-1-ac]=(char)((*seqnum)>>(ac*8)); } gcry_cipher_encrypt(*hd, &pkt[GCRY_IVLEN+MAC_LEN],len , cmdseq, len); u_int chk=checksum(pkt,tlen); u_char chkarr[CHECKSUM_LEN]; chkarr[0]=(chk>>8); chkarr[1]=chk&0x00FF; memcpy(&pkt[GCRY_IVLEN+MAC_LEN+len], chkarr,CHECKSUM_LEN); memcpy(buf, type, sizeof(type)); memcpy(buf+sizeof(type), pkt, tlen); #ifndef MANDO_ABORDO print_vector(pkt,tlen); #endif for(ac=0;ac<BEACONS_PER_REQUEST;ac++){ int inj=pcap_inject(fp,buf, sizeof(type)+sizeof(pkt_len)+tlen); #ifndef MANDO_ABORDO printf("\r\n INJ %i",inj); #endif } }
int deobfuscate(char *ct, int len, const char **resp, char *reslenp) { const char *h1 = ct; const char *h4 = ct + 20; const char *enc = ct + 40; char ht[20], h2[20], h3[20], key[24]; const char *iv = h1; char *res; gcry_cipher_hd_t ctx; int reslen; if (len < 48) return -1; len -= 40; memcpy(ht, h1, 20); ht[19]++; gcry_md_hash_buffer(GCRY_MD_SHA1, h2, ht, 20); ht[19] += 2; gcry_md_hash_buffer(GCRY_MD_SHA1, h3, ht, 20); memcpy(key, h2, 20); memcpy(key + 20, h3, 4); /* who cares about parity anyway? */ gcry_md_hash_buffer(GCRY_MD_SHA1, ht, enc, len); if (memcmp(h4, ht, 20) != 0) return -1; res = malloc(len); if (res == NULL) return -1; gcry_cipher_open(&ctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0); gcry_cipher_setkey(ctx, key, 24); gcry_cipher_setiv(ctx, iv, 8); gcry_cipher_decrypt(ctx, (unsigned char *)res, len, (unsigned char *)enc, len); gcry_cipher_close(ctx); reslen = len - res[len - 1]; res[reslen] = '\0'; if (resp) *resp = res; if (reslenp) *reslenp = reslen; return 0; }
static void bench_ccm_authenticate_do_bench (struct bench_obj *obj, void *buf, size_t buflen) { gcry_cipher_hd_t hd = obj->priv; int err; char tag[8] = { 0, }; char nonce[11] = { 0x80, 0x01, }; u64 params[3]; char data = 0xff; gcry_cipher_setiv (hd, nonce, sizeof (nonce)); /* Set CCM lengths */ params[0] = sizeof (data); /*datalen */ params[1] = buflen; /*aadlen */ params[2] = sizeof (tag); err = gcry_cipher_ctl (hd, GCRYCTL_SET_CCM_LENGTHS, params, sizeof (params)); if (err) { fprintf (stderr, PGM ": gcry_cipher_ctl failed: %s\n", gpg_strerror (err)); gcry_cipher_close (hd); exit (1); } err = gcry_cipher_authenticate (hd, buf, buflen); if (err) { fprintf (stderr, PGM ": gcry_cipher_authenticate failed: %s\n", gpg_strerror (err)); gcry_cipher_close (hd); exit (1); } err = gcry_cipher_encrypt (hd, &data, sizeof (data), &data, sizeof (data)); if (err) { fprintf (stderr, PGM ": gcry_cipher_encrypt failed: %s\n", gpg_strerror (err)); gcry_cipher_close (hd); exit (1); } err = gcry_cipher_gettag (hd, tag, sizeof (tag)); if (err) { fprintf (stderr, PGM ": gcry_cipher_gettag failed: %s\n", gpg_strerror (err)); gcry_cipher_close (hd); exit (1); } }
Gc_rc gc_cipher_setiv (gc_cipher_handle handle, size_t ivlen, const char *iv) { gcry_error_t err; err = gcry_cipher_setiv ((gcry_cipher_hd_t) handle, iv, ivlen); if (gcry_err_code (err)) return GC_INVALID_CIPHER; return GC_OK; }
/* Function to decrypt the ciphertext passed to it, it also takes the lenght of the file as input. function returns palintext*/ char * decryptfunction(char *textbuffer, char * aeskey, size_t textlen, char *iv) { gcry_error_t err; gcry_cipher_hd_t handle; size_t keylength = gcry_cipher_get_algo_keylen(CIPHER); /* For aes256 keylength is 32 */ size_t blklength = gcry_cipher_get_algo_blklen(CIPHER); /*For aes256 blklength is 16 */ size_t i,result; char *decbuffer = malloc(textlen); /*buffer to hold decrypted data */ printf("Starting Decryption Process\n"); err = gcry_cipher_open( &handle, CIPHER, MODE, GCRY_CIPHER_CBC_CTS); if(err) { printf("Error creating cipher handle\n"); exit(0); } printf("Cipher handle created successfully\n"); err= gcry_cipher_setkey(handle, aeskey, keylength); if(err) { printf("Error setting cipher key\n"); } printf("Cipher key created successfully\n"); err = gcry_cipher_setiv(handle, iv , blklength); if(err) { printf("Error setting initialization vector\n"); } printf("Initialization vector set successfully\n"); err = gcry_cipher_decrypt( handle, decbuffer, textlen, textbuffer, textlen); if(err) { printf("Error while decrypting\n"); } printf("Text successfully decrypted\n"); gcry_cipher_close(handle); printf("Cipher handle closed successfully\n"); return decbuffer; }
static int aes_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) { int mode=GCRY_CIPHER_MODE_CBC; if (cipher->key == NULL) { if (alloc_key(cipher) < 0) { return -1; } if(strstr(cipher->name,"-ctr")) mode=GCRY_CIPHER_MODE_CTR; switch (cipher->keysize) { case 128: if (gcry_cipher_open(&cipher->key[0], GCRY_CIPHER_AES128, mode, 0)) { SAFE_FREE(cipher->key); return -1; } break; case 192: if (gcry_cipher_open(&cipher->key[0], GCRY_CIPHER_AES192, mode, 0)) { SAFE_FREE(cipher->key); return -1; } break; case 256: if (gcry_cipher_open(&cipher->key[0], GCRY_CIPHER_AES256, mode, 0)) { SAFE_FREE(cipher->key); return -1; } break; } if (gcry_cipher_setkey(cipher->key[0], key, cipher->keysize / 8)) { SAFE_FREE(cipher->key); return -1; } if(mode == GCRY_CIPHER_MODE_CBC){ if (gcry_cipher_setiv(cipher->key[0], IV, 16)) { SAFE_FREE(cipher->key); return -1; } } else { if(gcry_cipher_setctr(cipher->key[0],IV,16)){ SAFE_FREE(cipher->key); return -1; } } } return 0; }
/** \brief set the IV */ void skey_ciph_t::set_iv(const skey_ciph_iv_t & iv) const throw() { void * iv_ptr = (void *)iv.get_iv_ptr(); gcry_error_t err; // if no iv is required, return now if( require_iv() == false ) return; // if an iv is required, set it if( ciph_type.get_mode() == skey_ciph_mode_t::CTR ){ err = gcry_cipher_setctr( gcry_cipher_hd, iv_ptr, get_block_len() ); DBG_ASSERT( !err ); }else{ err = gcry_cipher_setiv( gcry_cipher_hd, iv_ptr, get_block_len() ); DBG_ASSERT( !err ); } }
static gboolean remmina_crypt_init(gcry_cipher_hd_t *phd) { guchar* secret; gcry_error_t err; gsize secret_len; secret = g_base64_decode(remmina_pref.secret, &secret_len); if (secret_len < 32) { g_print("secret corrupted\n"); g_free(secret); return FALSE; } err = gcry_cipher_open(phd, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0); if (err) { g_print("gcry_cipher_open failure: %s\n", gcry_strerror(err)); g_free(secret); return FALSE; } err = gcry_cipher_setkey((*phd), secret, 24); if (err) { g_print("gcry_cipher_setkey failure: %s\n", gcry_strerror(err)); g_free(secret); gcry_cipher_close((*phd)); return FALSE; } err = gcry_cipher_setiv((*phd), secret + 24, 8); if (err) { g_print("gcry_cipher_setiv failure: %s\n", gcry_strerror(err)); g_free(secret); gcry_cipher_close((*phd)); return FALSE; } g_free(secret); return TRUE; }
static int initCrypt(FILE *eifp) { int r = 0; gcry_error_t gcryError; char iv[4096]; blkLength = gcry_cipher_get_algo_blklen(cry_algo); if(blkLength > sizeof(iv)) { fprintf(stderr, "internal error[%s:%d]: block length %d too large for " "iv buffer\n", __FILE__, __LINE__, blkLength); r = 1; goto done; } if((r = eiGetIV(eifp, iv, blkLength)) != 0) goto done; size_t keyLength = gcry_cipher_get_algo_keylen(cry_algo); if(strlen(cry_key) != keyLength) { fprintf(stderr, "invalid key length; key is %u characters, but " "exactly %u characters are required\n", cry_keylen, keyLength); r = 1; goto done; } gcryError = gcry_cipher_open(&gcry_chd, cry_algo, cry_mode, 0); if (gcryError) { printf("gcry_cipher_open failed: %s/%s\n", gcry_strsource(gcryError), gcry_strerror(gcryError)); r = 1; goto done; } gcryError = gcry_cipher_setkey(gcry_chd, cry_key, keyLength); if (gcryError) { printf("gcry_cipher_setkey failed: %s/%s\n", gcry_strsource(gcryError), gcry_strerror(gcryError)); r = 1; goto done; } gcryError = gcry_cipher_setiv(gcry_chd, iv, blkLength); if (gcryError) { printf("gcry_cipher_setiv failed: %s/%s\n", gcry_strsource(gcryError), gcry_strerror(gcryError)); r = 1; goto done; } done: return r; }
int real_crypto(My_crypto* obj, const unsigned char key[], const unsigned key_len, const unsigned char input[], const unsigned in_len, unsigned char output[], int choose) //choose == 1 enc, == 2 dec { int cipher = obj->_cipher; //fprintf(stderr, "cipher=%i\n", cipher); guint* real_keylen = g_new0(guint, 1); gcry_cipher_algo_info(cipher, GCRYCTL_GET_KEYLEN, NULL, real_keylen); //fprintf(stderr, "real_keylen=%i\n", *real_keylen); gchar* real_key = g_new0(gchar, *real_keylen); int i; for (i = 0; i < *real_keylen; i++) real_key[i] = key[i % key_len]; if (gcry_cipher_setkey(obj->_cipherhd, real_key, *real_keylen) != GPG_ERR_NO_ERROR) { gcry_cipher_close(obj->_cipherhd); obj->_cipherhd = NULL; } unsigned int blocksize; gcry_cipher_algo_info(obj->_cipher, GCRYCTL_GET_BLKLEN, NULL, &blocksize); //guchar* salts = g_malloc0( 1 * blocksize); //gcry_cipher_setiv(cipherhd, salts, blocksize); //gcry_cipher_encrypt(cipherhd, salts, 1 * blocksize, NULL, 0); //fprintf(stderr, "salts = %s\n", salts); gchar* iv = g_new0(gchar, blocksize); memset(iv, 0, blocksize); gcry_cipher_setiv(obj->_cipherhd, iv, blocksize); unsigned out_len = in_len; //fprintf(stderr, "in_len=%i\n", in_len); //fprintf(stderr, "choose=%i\n", choose); if(choose==1) gcry_cipher_encrypt(obj->_cipherhd, output, out_len, input, in_len); else if(choose==2) gcry_cipher_decrypt(obj->_cipherhd, output, out_len, input, in_len); *real_keylen = 0; g_free(real_keylen); memset(real_key, 0, *real_keylen); g_free(real_key); memset(iv, 0, blocksize); g_free(iv); return 0; }