本文整理匯總了C++中EVP_CIPHER_CTX_cleanup函數的典型用法代碼示例。如果您正苦於以下問題:C++ EVP_CIPHER_CTX_cleanup函數的具體用法?C++ EVP_CIPHER_CTX_cleanup怎麽用?C++ EVP_CIPHER_CTX_cleanup使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了EVP_CIPHER_CTX_cleanup函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的C++代碼示例。
示例1: main
int
main(int argc, char **argv)
{
int encryptp = 1;
const char *ifn = NULL, *ofn = NULL;
FILE *in, *out;
void *ibuf, *obuf;
int ilen, olen;
size_t block_size = 0;
const EVP_CIPHER *c = EVP_aes_128_cbc();
EVP_CIPHER_CTX ctx;
int ret;
setprogname(argv[0]);
if (argc == 2) {
if (strcmp(argv[1], "--version") == 0) {
printf("version");
exit(0);
}
if (strcmp(argv[1], "--help") == 0)
usage(0);
usage(1);
} else if (argc == 4) {
block_size = atoi(argv[1]);
if (block_size == 0)
errx(1, "invalid blocksize %s", argv[1]);
ifn = argv[2];
ofn = argv[3];
} else
usage(1);
in = fopen(ifn, "r");
if (in == NULL)
errx(1, "failed to open input file");
out = fopen(ofn, "w+");
if (out == NULL)
errx(1, "failed to open output file");
/* Check that key and ivec are long enough */
assert(EVP_CIPHER_key_length(c) <= sizeof(key));
assert(EVP_CIPHER_iv_length(c) <= sizeof(ivec));
/*
* Allocate buffer, the output buffer is at least
* EVP_CIPHER_block_size() longer
*/
ibuf = malloc(block_size);
obuf = malloc(block_size + EVP_CIPHER_block_size(c));
/*
* Init the memory used for EVP_CIPHER_CTX and set the key and
* ivec.
*/
EVP_CIPHER_CTX_init(&ctx);
EVP_CipherInit_ex(&ctx, c, NULL, key, ivec, encryptp);
/* read in buffer */
while ((ilen = fread(ibuf, 1, block_size, in)) > 0) {
/* encrypto/decrypt */
ret = EVP_CipherUpdate(&ctx, obuf, &olen, ibuf, ilen);
if (ret != 1) {
EVP_CIPHER_CTX_cleanup(&ctx);
errx(1, "EVP_CipherUpdate failed");
}
/* write out to output file */
fwrite(obuf, 1, olen, out);
}
/* done reading */
fclose(in);
/* clear up any last bytes left in the output buffer */
ret = EVP_CipherFinal_ex(&ctx, obuf, &olen);
EVP_CIPHER_CTX_cleanup(&ctx);
if (ret != 1)
errx(1, "EVP_CipherFinal_ex failed");
/* write the last bytes out and close */
fwrite(obuf, 1, olen, out);
fclose(out);
return 0;
}
示例2: log_err
//.........這裏部分代碼省略.........
}
if (indata == NULL)
{
(void)snprintf(errbuf,errbuf_len-1,"%s",
"Input data is NULL");
goto ExitProcessing;
}
if (password == NULL || *password == '\0')
{
(void)snprintf(errbuf,errbuf_len-1,"%s",
"Password is NULL");
goto ExitProcessing;
}
if (password_length <= 0)
{
(void)snprintf(errbuf,errbuf_len-1,
"Invalid password length %d",password_length);
goto ExitProcessing;
}
*outdata_len = 0;
/* convert input data to our blob */
blob = mutils_data_to_blob((unsigned char *)indata,indata_len);
CHECK_MALLOC(blob);
/* decode */
log_debug("%s:%d - Decoding ..",MCFL);
ci = decode_encrypted_blob(blob);
if (!ci)
{
goto ExitProcessing;
}
ci->options = 0x01;
rc = verify_rncryptor_format(ci->version,ci->options);
if (rc != SUCCESS)
{
(void)snprintf(errbuf,errbuf_len-1,"%s",
"Unknown RNCryptor Data Format");
goto ExitProcessing;
}
log_debug("%s:%d - Decoded version 0x%02x options 0x%02x",
MCFL,
ci->version,
ci->options);
log_debug("%s:%d - Verifying HMAC-SHA256 digest",MCFL);
/* very hmac */
if (verify_hmac(ci,password,password_length) != SUCCESS)
{
(void)snprintf(errbuf,errbuf_len-1,"%s",
"Could not verify HMAC");
goto ExitProcessing;
}
log_debug("%s:%d - HMAC verified",MCFL);
/* Derive cipher key from password using encr salt and iteration as per RFC2898 */
log_debug("%s:%d - Deriving Cipher key with salt, iteration %d",
MCFL,
kdf_iter);
rc = PKCS5_PBKDF2_HMAC_SHA1(password,password_length,
ci->encryption_salt,
sizeof(ci->encryption_salt),
ci->kdf_iter,
sizeof(ci->encr_key),
ci->encr_key); /* ci->encr_key is returend */
if (rc != 1)
{
log_err("ERROR: Could not derive key from password with encr salt and iter");
goto ExitProcessing;
}
log_debug("%s:%d - Encryption key derived",MCFL);
/* decrypt */
outdata = (unsigned char *)malloc(ci->cipher_text_length *sizeof(unsigned char));
CHECK_MALLOC(outdata);
log_debug("%s:%d - Decrypting..",MCFL);
EVP_DecryptInit(&cipher_ctx,EVP_aes_256_cbc(),ci->encr_key,ci->iv);
EVP_DecryptUpdate(&cipher_ctx,outdata,&outlen1,ci->cipher_text,
ci->cipher_text_length);
EVP_DecryptFinal(&cipher_ctx,outdata + outlen1,&outlen2);
EVP_CIPHER_CTX_cleanup(&cipher_ctx);
*outdata_len = outlen1 + outlen2;
log_debug("%s:%d - Done decrypting, output length %d bytes",MCFL,*outdata_len);
ExitProcessing:
if (ci)
{
free_rncryptor_info(ci);
}
if (blob)
{
mutils_destroy_blob(blob);
}
return(outdata);
}
示例3: PEM_ASN1_write_bio
int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
void *x, const EVP_CIPHER *enc, unsigned char *kstr,
int klen, pem_password_cb *callback, void *u)
{
EVP_CIPHER_CTX ctx;
int dsize=0,i,j,ret=0;
unsigned char *p,*data=NULL;
const char *objstr=NULL;
char buf[PEM_BUFSIZE];
unsigned char key[EVP_MAX_KEY_LENGTH];
unsigned char iv[EVP_MAX_IV_LENGTH];
if (enc != NULL)
{
objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
if (objstr == NULL)
{
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
goto err;
}
}
if ((dsize=i2d(x,NULL)) < 0)
{
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
dsize=0;
goto err;
}
/* dzise + 8 bytes are needed */
/* actually it needs the cipher block size extra... */
data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
if (data == NULL)
{
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
p=data;
i=i2d(x,&p);
if (enc != NULL)
{
if (kstr == NULL)
{
if (callback == NULL)
klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
else
klen=(*callback)(buf,PEM_BUFSIZE,1,u);
if (klen <= 0)
{
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
goto err;
}
#ifdef CHARSET_EBCDIC
/* Convert the pass phrase from EBCDIC */
ebcdic2ascii(buf, buf, klen);
#endif
kstr=(unsigned char *)buf;
}
RAND_add(data,i,0);/* put in the RSA key. */
OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
goto err;
/* The 'iv' is used as the iv and as a salt. It is
* NOT taken from the BytesToKey function */
if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
goto err;
if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
buf[0]='\0';
PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
/* k=strlen(buf); */
EVP_CIPHER_CTX_init(&ctx);
ret = 1;
if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
|| !EVP_EncryptUpdate(&ctx,data,&j,data,i)
|| !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
ret = 0;
EVP_CIPHER_CTX_cleanup(&ctx);
if (ret == 0)
goto err;
i+=j;
}
else
{
ret=1;
buf[0]='\0';
}
i=PEM_write_bio(bp,name,buf,data,i);
if (i <= 0) ret=0;
err:
OPENSSL_cleanse(key,sizeof(key));
OPENSSL_cleanse(iv,sizeof(iv));
OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
OPENSSL_cleanse(buf,PEM_BUFSIZE);
if (data != NULL)
//.........這裏部分代碼省略.........
示例4: _gssapi_unwrap_arcfour
OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
const gsskrb5_ctx context_handle,
krb5_context context,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
gss_qop_t *qop_state,
krb5_keyblock *key)
{
u_char Klocaldata[16];
krb5_keyblock Klocal;
krb5_error_code ret;
uint32_t seq_number;
size_t datalen;
OM_uint32 omret;
u_char k6_data[16], SND_SEQ[8], Confounder[8];
u_char cksum_data[8];
u_char *p, *p0;
int cmp;
int conf_flag;
size_t padlen = 0, len;
if (conf_state)
*conf_state = 0;
if (qop_state)
*qop_state = 0;
p0 = input_message_buffer->value;
if (IS_DCE_STYLE(context_handle)) {
len = GSS_ARCFOUR_WRAP_TOKEN_SIZE +
GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE;
if (input_message_buffer->length < len)
return GSS_S_BAD_MECH;
} else {
len = input_message_buffer->length;
}
omret = _gssapi_verify_mech_header(&p0,
len,
GSS_KRB5_MECHANISM);
if (omret)
return omret;
/* length of mech header */
len = (p0 - (u_char *)input_message_buffer->value) +
GSS_ARCFOUR_WRAP_TOKEN_SIZE;
if (len > input_message_buffer->length)
return GSS_S_BAD_MECH;
/* length of data */
datalen = input_message_buffer->length - len;
p = p0;
if (memcmp(p, "\x02\x01", 2) != 0)
return GSS_S_BAD_SIG;
p += 2;
if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
return GSS_S_BAD_SIG;
p += 2;
if (memcmp (p, "\x10\x00", 2) == 0)
conf_flag = 1;
else if (memcmp (p, "\xff\xff", 2) == 0)
conf_flag = 0;
else
return GSS_S_BAD_SIG;
p += 2;
if (memcmp (p, "\xff\xff", 2) != 0)
return GSS_S_BAD_MIC;
p = NULL;
ret = arcfour_mic_key(context, key,
p0 + 16, 8, /* SGN_CKSUM */
k6_data, sizeof(k6_data));
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
{
EVP_CIPHER_CTX rc4_key;
EVP_CIPHER_CTX_init(&rc4_key);
EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
EVP_Cipher(&rc4_key, SND_SEQ, p0 + 8, 8);
EVP_CIPHER_CTX_cleanup(&rc4_key);
memset(k6_data, 0, sizeof(k6_data));
}
_gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
if (context_handle->more_flags & LOCAL)
cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
else
cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
//.........這裏部分代碼省略.........
示例5: log_debug
//.........這裏部分代碼省略.........
blob = mutils_allocate_blob(blocksize);
}
else
{
blob = mutils_allocate_blob(indata_len);
}
CHECK_MALLOC(blob);
log_debug("%s:%d - input data size %d bytes",
MCFL,
indata_len);
log_debug("%s:%d - Encoding",MCFL);
/*
** Encode. memory will be re-allocated for blob if needed.
*/
/* version */
mutils_write_blob_byte(blob,ci->version);
/* options */
mutils_write_blob_byte(blob,ci->options);
/* 8 byte encryption salt, we're using password */
mutils_write_blob(blob,8,encr_salt_8);
/* 8 byte hmac salt */
mutils_write_blob(blob,8,hmac_salt_8);
/* 16 byte iv */
mutils_write_blob(blob,16,iv_16);
log_debug("%s:%d - Deriving HMAC key with salt, iterations %d",
MCFL,
kdf_iter);
/* Derive HMAC key from password using hmac salt and iteration as per RFC2898 */
rc = PKCS5_PBKDF2_HMAC_SHA1(password,password_length,
hmac_salt_8,
8,
kdf_iter,
32,
hmac_key); /* hmac_key is returend */
if (rc != 1)
{
log_err("ERROR: Could not derive key from password with hmac salt and iter");
(void)snprintf(errbuf,errbuf_len-1,"%s",
"Could not derive key from password with hmac salt and iter");
goto ExitProcessing;
}
log_debug("%s:%d - Encrypting..",MCFL);
/* allocate space for cipher text */
ciphertext_len = indata_len + blocksize - (indata_len % blocksize);
ciphertext = (unsigned char *) malloc(ciphertext_len * sizeof(unsigned char));
CHECK_MALLOC(ciphertext);
EVP_EncryptUpdate(&cipher_ctx,ciphertext,&outlen1,indata,indata_len);
EVP_EncryptFinal(&cipher_ctx,ciphertext + outlen1,&outlen2);
EVP_CIPHER_CTX_cleanup(&cipher_ctx);
mutils_write_blob(blob,outlen1 + outlen2,ciphertext);
log_debug("%s:%d - Plain text length: %d",MCFL,indata_len);
log_debug("%s:%d - Cipther text length: %d",MCFL,outlen1 + outlen2);
log_debug("%s:%d - Padding %d bytes",
MCFL,
(ciphertext_len - indata_len));
log_debug("%s:%d - outdata len: %d",MCFL,outlen1 + outlen2);
log_debug("%s:%d - calculating HMAC-SHA256",MCFL);
/* calculate HMAC-SHA256 */
sha256 = EVP_sha256();
HMAC_CTX_init(&hmac_ctx);
HMAC_Init(&hmac_ctx,hmac_key,sizeof(hmac_key),sha256);
HMAC_Update(&hmac_ctx,blob->data,blob->length);
HMAC_Final(&hmac_ctx,hmac_sha256,&hmac_len);
HMAC_CTX_cleanup(&hmac_ctx);
mutils_write_blob(blob,hmac_len,hmac_sha256);
log_debug("%s:%d - Output lenth %lu",MCFL,blob->length);
output = (unsigned char *)malloc(blob->length * sizeof(unsigned char));
CHECK_MALLOC(output);
memcpy(output,blob->data,blob->length);
*outdata_len = blob->length;
ExitProcessing:
if (ci)
{
free_rncryptor_info(ci);
}
if (blob)
{
mutils_destroy_blob(blob);
}
if (ciphertext)
{
(void)free((char *)ciphertext);
}
return(output);
}
示例6: i2b_PVK
static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
pem_password_cb *cb, void *u)
{
int outlen = 24, pklen;
unsigned char *p, *salt = NULL;
EVP_CIPHER_CTX cctx;
EVP_CIPHER_CTX_init(&cctx);
if (enclevel)
outlen += PVK_SALTLEN;
pklen = do_i2b(NULL, pk, 0);
if (pklen < 0)
return -1;
outlen += pklen;
if (!out)
return outlen;
if (*out)
p = *out;
else {
p = OPENSSL_malloc(outlen);
if (!p) {
PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
return -1;
}
*out = p;
}
write_ledword(&p, MS_PVKMAGIC);
write_ledword(&p, 0);
if (pk->type == EVP_PKEY_DSA)
write_ledword(&p, MS_KEYTYPE_SIGN);
else
write_ledword(&p, MS_KEYTYPE_KEYX);
write_ledword(&p, enclevel ? 1 : 0);
write_ledword(&p, enclevel ? PVK_SALTLEN : 0);
write_ledword(&p, pklen);
if (enclevel) {
if (RAND_bytes(p, PVK_SALTLEN) <= 0)
goto error;
salt = p;
p += PVK_SALTLEN;
}
do_i2b(&p, pk, 0);
if (enclevel == 0)
return outlen;
else {
char psbuf[PEM_BUFSIZE];
unsigned char keybuf[20];
int enctmplen, inlen;
if (cb)
inlen = cb(psbuf, PEM_BUFSIZE, 1, u);
else
inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u);
if (inlen <= 0) {
PEMerr(PEM_F_I2B_PVK, PEM_R_BAD_PASSWORD_READ);
goto error;
}
if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
(unsigned char *)psbuf, inlen))
goto error;
if (enclevel == 1)
memset(keybuf + 5, 0, 11);
p = salt + PVK_SALTLEN + 8;
if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
goto error;
OPENSSL_cleanse(keybuf, 20);
if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
goto error;
if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
goto error;
}
EVP_CIPHER_CTX_cleanup(&cctx);
return outlen;
error:
EVP_CIPHER_CTX_cleanup(&cctx);
return -1;
}
示例7: _gssapi_verify_mic_arcfour
OM_uint32
_gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
const gsskrb5_ctx context_handle,
krb5_context context,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
krb5_keyblock *key,
const char *type)
{
krb5_error_code ret;
uint32_t seq_number;
OM_uint32 omret;
u_char SND_SEQ[8], cksum_data[8], *p;
char k6_data[16];
int cmp;
if (qop_state)
*qop_state = 0;
p = token_buffer->value;
omret = _gsskrb5_verify_header (&p,
token_buffer->length,
type,
GSS_KRB5_MECHANISM);
if (omret)
return omret;
if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
return GSS_S_BAD_SIG;
p += 2;
if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
return GSS_S_BAD_MIC;
p += 4;
ret = arcfour_mic_cksum(context,
key, KRB5_KU_USAGE_SIGN,
cksum_data, sizeof(cksum_data),
p - 8, 8,
message_buffer->value, message_buffer->length,
NULL, 0);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = arcfour_mic_key(context, key,
cksum_data, sizeof(cksum_data),
k6_data, sizeof(k6_data));
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
cmp = ct_memcmp(cksum_data, p + 8, 8);
if (cmp) {
*minor_status = 0;
return GSS_S_BAD_MIC;
}
{
EVP_CIPHER_CTX rc4_key;
EVP_CIPHER_CTX_init(&rc4_key);
EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0);
EVP_Cipher(&rc4_key, SND_SEQ, p, 8);
EVP_CIPHER_CTX_cleanup(&rc4_key);
memset(k6_data, 0, sizeof(k6_data));
}
_gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
if (context_handle->more_flags & LOCAL)
cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
else
cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
memset(SND_SEQ, 0, sizeof(SND_SEQ));
if (cmp != 0) {
*minor_status = 0;
return GSS_S_BAD_MIC;
}
HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
omret = _gssapi_msg_order_check(context_handle->order, seq_number);
HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
if (omret)
return omret;
*minor_status = 0;
return GSS_S_COMPLETE;
}
示例8: cipher_ctx_cleanup
void
cipher_ctx_cleanup (EVP_CIPHER_CTX *ctx)
{
EVP_CIPHER_CTX_cleanup (ctx);
}
示例9: htonl
long _IKED::packet_ike_decrypt( IDB_PH1 * sa, PACKET_IKE & packet, BDATA * iv )
{
log.txt( LLOG_INFO,
"=< : cookies %08x%08x:%08x%08x\n",
htonl( *( long * ) &sa->cookies.i[ 0 ] ),
htonl( *( long * ) &sa->cookies.i[ 4 ] ),
htonl( *( long * ) &sa->cookies.r[ 0 ] ),
htonl( *( long * ) &sa->cookies.r[ 4 ] ) );
log.txt( LLOG_INFO,
"=< : message %08x\n",
htonl( packet.get_msgid() ) );
//
// check if decrypt is required
//
unsigned char * data = packet.buff();
size_t size = packet.size();
if( !( data[ ISAKMP_FLAGS_OFFSET ] & ISAKMP_FLAG_ENCRYPT ) )
return LIBIKE_OK;
log.bin(
LLOG_DEBUG,
LLOG_DECODE,
iv->buff(),
iv->size(),
"=< : decrypt iv" );
//
// temporarily save enough
// of the packet to store
// as iv data post decrypt
//
unsigned char iv_data[ HMAC_MAX_MD_CBLOCK ];
memcpy(
iv_data,
data + size - iv->size(),
iv->size() );
//
// init cipher key and iv
//
EVP_CIPHER_CTX ctx_cipher;
EVP_CIPHER_CTX_init( &ctx_cipher );
EVP_CipherInit_ex(
&ctx_cipher,
sa->evp_cipher,
NULL,
NULL,
NULL,
0 );
EVP_CIPHER_CTX_set_key_length(
&ctx_cipher,
( int ) sa->key.size() );
EVP_CipherInit_ex(
&ctx_cipher,
NULL,
NULL,
sa->key.buff(),
iv->buff(),
0 );
//
// decrypt all but header
//
EVP_Cipher(
&ctx_cipher,
data + sizeof( IKE_HEADER ),
data + sizeof( IKE_HEADER ),
( int ) size - sizeof( IKE_HEADER ) );
EVP_CIPHER_CTX_cleanup( &ctx_cipher );
log.bin(
LLOG_DEBUG,
LLOG_DECODE,
data,
size,
"== : decrypt packet" );
//
// validate the packet integrity
//
IKE_HEADER * header = ( IKE_HEADER * ) packet.buff();
size = sizeof( IKE_HEADER );
if( packet.size() < size )
{
log.txt( LLOG_ERROR,
//.........這裏部分代碼省略.........
示例10: tls_decrypt_ticket
static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
const unsigned char *sess_id, int sesslen,
SSL_SESSION **psess)
{
SSL_SESSION *sess;
unsigned char *sdec;
const unsigned char *p;
int slen, mlen;
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
HMAC_CTX hctx;
EVP_CIPHER_CTX ctx;
/* Attempt to process session ticket, first conduct sanity and
* integrity checks on ticket.
*/
mlen = EVP_MD_size(tlsext_tick_md());
eticklen -= mlen;
/* Need at least keyname + iv + some encrypted data */
if (eticklen < 48)
goto tickerr;
/* Check key name matches */
if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16))
goto tickerr;
/* Check HMAC of encrypted ticket */
HMAC_CTX_init(&hctx);
HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
tlsext_tick_md(), NULL);
HMAC_Update(&hctx, etick, eticklen);
HMAC_Final(&hctx, tick_hmac, NULL);
HMAC_CTX_cleanup(&hctx);
if (memcmp(tick_hmac, etick + eticklen, mlen))
goto tickerr;
/* Set p to start of IV */
p = etick + 16;
EVP_CIPHER_CTX_init(&ctx);
/* Attempt to decrypt session data */
EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
s->ctx->tlsext_tick_aes_key, p);
/* Move p after IV to start of encrypted ticket, update length */
p += 16;
eticklen -= 32;
sdec = OPENSSL_malloc(eticklen);
if (!sdec)
{
EVP_CIPHER_CTX_cleanup(&ctx);
return -1;
}
EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
goto tickerr;
slen += mlen;
EVP_CIPHER_CTX_cleanup(&ctx);
p = sdec;
sess = d2i_SSL_SESSION(NULL, &p, slen);
OPENSSL_free(sdec);
if (sess)
{
/* The session ID if non-empty is used by some clients to
* detect that the ticket has been accepted. So we copy it to
* the session structure. If it is empty set length to zero
* as required by standard.
*/
if (sesslen)
memcpy(sess->session_id, sess_id, sesslen);
sess->session_id_length = sesslen;
*psess = sess;
s->tlsext_ticket_expected = 0;
return 1;
}
/* If session decrypt failure indicate a cache miss and set state to
* send a new ticket
*/
tickerr:
s->tlsext_ticket_expected = 1;
return 0;
}
示例11: try_decrypt
static int
try_decrypt(hx509_context context,
struct hx509_collector *collector,
const AlgorithmIdentifier *alg,
const EVP_CIPHER *c,
const void *ivdata,
const void *password,
size_t passwordlen,
const void *cipher,
size_t len)
{
heim_octet_string clear;
size_t keylen;
void *key;
int ret;
keylen = EVP_CIPHER_key_length(c);
key = malloc(keylen);
if (key == NULL) {
hx509_clear_error_string(context);
return ENOMEM;
}
ret = EVP_BytesToKey(c, EVP_md5(), ivdata,
password, passwordlen,
1, key, NULL);
if (ret <= 0) {
hx509_set_error_string(context, 0, HX509_CRYPTO_INTERNAL_ERROR,
"Failed to do string2key for private key");
return HX509_CRYPTO_INTERNAL_ERROR;
}
clear.data = malloc(len);
if (clear.data == NULL) {
hx509_set_error_string(context, 0, ENOMEM,
"Out of memory to decrypt for private key");
ret = ENOMEM;
goto out;
}
clear.length = len;
{
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_CipherInit_ex(&ctx, c, NULL, key, ivdata, 0);
EVP_Cipher(&ctx, clear.data, cipher, len);
EVP_CIPHER_CTX_cleanup(&ctx);
}
ret = _hx509_collector_private_key_add(context,
collector,
alg,
NULL,
&clear,
NULL);
memset(clear.data, 0, clear.length);
free(clear.data);
out:
memset(key, 0, keylen);
free(key);
return ret;
}
示例12: entersafe_mac_apdu
static int entersafe_mac_apdu(sc_card_t *card, sc_apdu_t *apdu,
u8 * key,size_t keylen,
u8 * buff,size_t buffsize)
{
int r;
u8 iv[8];
u8 *tmp=0,*tmp_rounded=NULL;
size_t tmpsize=0,tmpsize_rounded=0;
int outl=0;
EVP_CIPHER_CTX ctx;
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
assert(card);
assert(apdu);
assert(key);
assert(buff);
if(apdu->cse != SC_APDU_CASE_3_SHORT)
return SC_ERROR_INTERNAL;
if(keylen!=8 && keylen!=16)
return SC_ERROR_INTERNAL;
r=entersafe_gen_random(card,iv,sizeof(iv));
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL,r,"entersafe gen random failed");
/* encode the APDU in the buffer */
if ((r=sc_apdu_get_octets(card->ctx, apdu, &tmp, &tmpsize,SC_PROTO_RAW)) != SC_SUCCESS)
goto out;
/* round to 8 */
tmpsize_rounded=(tmpsize/8+1)*8;
tmp_rounded = malloc(tmpsize_rounded);
if (tmp_rounded == NULL)
{
r = SC_ERROR_OUT_OF_MEMORY;
goto out;
}
/*build content and padded buffer by 0x80 0x00 0x00..... */
memset(tmp_rounded,0,tmpsize_rounded);
memcpy(tmp_rounded,tmp,tmpsize);
tmp_rounded[4]+=4;
tmp_rounded[tmpsize]=0x80;
/* block_size-1 blocks*/
EVP_CIPHER_CTX_init(&ctx);
EVP_CIPHER_CTX_set_padding(&ctx,0);
EVP_EncryptInit_ex(&ctx, EVP_des_cbc(), NULL, key, iv);
if(tmpsize_rounded>8){
if(!EVP_EncryptUpdate(&ctx,tmp_rounded,&outl,tmp_rounded,tmpsize_rounded-8)){
r = SC_ERROR_INTERNAL;
goto out;
}
}
/* last block */
if(keylen==8)
{
if(!EVP_EncryptUpdate(&ctx,tmp_rounded+outl,&outl,tmp_rounded+outl,8)){
r = SC_ERROR_INTERNAL;
goto out;
}
}
else
{
EVP_EncryptInit_ex(&ctx, EVP_des_ede_cbc(), NULL, key,tmp_rounded+outl-8);
if(!EVP_EncryptUpdate(&ctx,tmp_rounded+outl,&outl,tmp_rounded+outl,8)){
r = SC_ERROR_INTERNAL;
goto out;
}
}
if (!EVP_CIPHER_CTX_cleanup(&ctx)){
r = SC_ERROR_INTERNAL;
goto out;
}
memcpy(buff,apdu->data,apdu->lc);
/* use first 4 bytes of last block as mac value*/
memcpy(buff+apdu->lc,tmp_rounded+tmpsize_rounded-8,4);
apdu->data=buff;
apdu->lc+=4;
apdu->datalen=apdu->lc;
out:
if(tmp)
free(tmp);
if(tmp_rounded)
free(tmp_rounded);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r);
}
示例13: EVP_CIPHER_CTX_init
int AesFileEnc::do_crypt(FILE *in, FILE *out, int do_encrypt)
{
/* Allow enough space in output buffer for additional block */
unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
int inlen, outlen;
EVP_CIPHER_CTX ctx;
std::cout << "tutaj";
unsigned char* key = this->key();
// std::cout <<key<<std::endl;
//unsigned char key[] = "0123456789abcdeF";
std::cout <<key<< std::endl;
//unsigned char iv[] = "1234567887654321";
EVP_CIPHER_CTX_init(&ctx);
switch(this->type)
{
case cbc128:
EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
do_encrypt);
break;
case cbc192:
EVP_CipherInit_ex(&ctx, EVP_aes_192_cbc(), NULL, NULL, NULL,
do_encrypt);
break;
case cbc256:
EVP_CipherInit_ex(&ctx, EVP_aes_256_cbc(), NULL, NULL, NULL,
do_encrypt);
break;
case ecb128:
EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(), NULL, NULL, NULL,
do_encrypt);
break;
case ecb192:
EVP_CipherInit_ex(&ctx, EVP_aes_192_ecb(), NULL, NULL, NULL,
do_encrypt);
break;
case ecb256:
EVP_CipherInit_ex(&ctx, EVP_aes_256_ecb(), NULL, NULL, NULL,
do_encrypt);
break;
case cfb128:
EVP_CipherInit_ex(&ctx, EVP_aes_128_cfb(), NULL, NULL, NULL,
do_encrypt);
break;
case cfb192:
EVP_CipherInit_ex(&ctx, EVP_aes_192_cfb(), NULL, NULL, NULL,
do_encrypt);
break;
case cfb256:
EVP_CipherInit_ex(&ctx, EVP_aes_256_cfb(), NULL, NULL, NULL,
do_encrypt);
break;
case ofb128:
EVP_CipherInit_ex(&ctx, EVP_aes_128_ofb(), NULL, NULL, NULL,
do_encrypt);
break;
case ofb192:
EVP_CipherInit_ex(&ctx, EVP_aes_192_ofb(), NULL, NULL, NULL,
do_encrypt);
break;
case ofb256:
EVP_CipherInit_ex(&ctx, EVP_aes_256_ofb(), NULL, NULL, NULL,
do_encrypt);
break;
}
unsigned char *iv = this->iv(EVP_CIPHER_CTX_iv_length(&ctx));
std::cout<< this->keyLength << std::endl;
std::cout<< EVP_CIPHER_CTX_iv_length(&ctx) <<std::endl;
OPENSSL_assert(EVP_CIPHER_CTX_key_length(&ctx) == this->keyLength);
//OPENSSL_assert(EVP_CIPHER_CTX_iv_length(&ctx) == this->keyLength);
EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
for(;;)
{
inlen = fread(inbuf, 1, 1024, in);
if(inlen <= 0) break;
if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
{
EVP_CIPHER_CTX_cleanup(&ctx);
return 0;
}
fwrite(outbuf, 1, outlen, out);
}
if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
{
EVP_CIPHER_CTX_cleanup(&ctx);
return 0;
}
fwrite(outbuf, 1, outlen, out);
EVP_CIPHER_CTX_cleanup(&ctx);
return 1;
}
示例14: crypto_aes_close
void crypto_aes_close (crypto_aes_t *crypto) {
EVP_CIPHER_CTX_cleanup(&(crypto->enc));
EVP_CIPHER_CTX_cleanup(&(crypto->dec));
pthread_mutex_destroy(&(crypto->lock));
free(crypto);
}
示例15: ciphers_valid
//.........這裏部分代碼省略.........
* Theses bytes are treated as additional authenticated data for
* authenticated encryption modes.
* En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'.
* Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag.
* This tag is written on encryption and verified on decryption.
* Both 'aadlen' and 'authlen' can be set to 0.
* cipher_crypt() returns 0 on success and -1 if the decryption integrity
* check fails.
*/
int
cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src,
u_int len, u_int aadlen, u_int authlen)
{
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len,
aadlen, authlen, cc->encrypt);
if (authlen) {
u_char lastiv[1];
if (authlen != cipher_authlen(cc->cipher))
fatal("%s: authlen mismatch %d", __func__, authlen);
/* increment IV */
if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN,
1, lastiv))
fatal("%s: EVP_CTRL_GCM_IV_GEN", __func__);
/* set tag on decyption */
if (!cc->encrypt &&
!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_TAG,
authlen, (u_char *)src + aadlen + len))
fatal("%s: EVP_CTRL_GCM_SET_TAG", __func__);
}
if (aadlen) {
if (authlen &&
EVP_Cipher(&cc->evp, NULL, (u_char *)src, aadlen) < 0)
fatal("%s: EVP_Cipher(aad) failed", __func__);
memcpy(dest, src, aadlen);
}
if (len % cc->cipher->block_size)
fatal("%s: bad plaintext length %d", __func__, len);
if (EVP_Cipher(&cc->evp, dest + aadlen, (u_char *)src + aadlen,
len) < 0)
fatal("%s: EVP_Cipher failed", __func__);
if (authlen) {
/* compute tag (on encrypt) or verify tag (on decrypt) */
if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0) {
if (cc->encrypt)
fatal("%s: EVP_Cipher(final) failed", __func__);
else
return -1;
}
if (cc->encrypt &&
!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG,
authlen, dest + aadlen + len))
fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__);
}
return 0;
}
/* Extract the packet length, including any decryption necessary beforehand */
int
cipher_get_length(CipherContext *cc, u_int *plenp, u_int seqnr,
const u_char *cp, u_int len)
{
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
return chachapoly_get_length(&cc->cp_ctx, plenp, seqnr,
cp, len);
if (len < 4)
return -1;
*plenp = get_u32(cp);
return 0;
}
void
cipher_cleanup(CipherContext *cc)
{
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
}
/*
* Selects the cipher, and keys if by computing the MD5 checksum of the
* passphrase and using the resulting 16 bytes as the key.
*/
void
cipher_set_key_string(CipherContext *cc, const Cipher *cipher,
const char *passphrase, int do_encrypt)
{
u_char digest[16];
if (ssh_digest_memory(SSH_DIGEST_MD5, passphrase, strlen(passphrase),
digest, sizeof(digest)) < 0)
fatal("%s: md5 failed", __func__);
cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt);
explicit_bzero(digest, sizeof(digest));
}