|
| 1 | +/* |
| 2 | +
|
| 3 | + The MIT License (MIT) |
| 4 | +
|
| 5 | + Copyright (c) 2015-2018 Douglas J. Bakkum |
| 6 | +
|
| 7 | + Permission is hereby granted, free of charge, to any person obtaining |
| 8 | + a copy of this software and associated documentation files (the "Software"), |
| 9 | + to deal in the Software without restriction, including without limitation |
| 10 | + the rights to use, copy, modify, merge, publish, distribute, sublicense, |
| 11 | + and/or sell copies of the Software, and to permit persons to whom the |
| 12 | + Software is furnished to do so, subject to the following conditions: |
| 13 | +
|
| 14 | + The above copyright notice and this permission notice shall be included |
| 15 | + in all copies or substantial portions of the Software. |
| 16 | +
|
| 17 | + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
| 18 | + OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
| 19 | + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL |
| 20 | + THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES |
| 21 | + OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, |
| 22 | + ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR |
| 23 | + OTHER DEALINGS IN THE SOFTWARE. |
| 24 | +
|
| 25 | +*/ |
| 26 | + |
| 27 | +#include <stdint.h> |
| 28 | +#include <stdlib.h> |
| 29 | +#include <string.h> |
| 30 | + |
| 31 | +#include "aescbcb64.h" |
| 32 | +#include "hmac.h" |
| 33 | +#include "commander.h" |
| 34 | +#include "sharedsecret.h" |
| 35 | +#include "memory.h" |
| 36 | +#include "base64.h" |
| 37 | +#include "aes.h" |
| 38 | +#include "sha2.h" |
| 39 | +#include "random.h" |
| 40 | +#include "flags.h" |
| 41 | +#include "utils.h" |
| 42 | + |
| 43 | +// Must free() returned value |
| 44 | +static uint8_t *aescbcb64_init_and_encrypt(const unsigned char *in, int inlen, |
| 45 | + int *out_len, |
| 46 | + const uint8_t *key) |
| 47 | +{ |
| 48 | + int pads; |
| 49 | + int inpadlen = inlen + N_BLOCK - inlen % N_BLOCK; |
| 50 | + unsigned char inpad[inpadlen]; |
| 51 | + unsigned char enc[inpadlen]; |
| 52 | + unsigned char iv[N_BLOCK]; |
| 53 | + uint8_t *enc_cat = malloc(sizeof(uint8_t) * (inpadlen + |
| 54 | + N_BLOCK)); // concatenating [ iv0 | enc ] |
| 55 | + *out_len = inpadlen + N_BLOCK; |
| 56 | + |
| 57 | + aes_context ctx[1]; |
| 58 | + |
| 59 | + // Set cipher key |
| 60 | + memset(ctx, 0, sizeof(ctx)); |
| 61 | + aes_set_key(key, 32, ctx); |
| 62 | + |
| 63 | + // PKCS7 padding |
| 64 | + memcpy(inpad, in, inlen); |
| 65 | + for (pads = 0; pads < N_BLOCK - inlen % N_BLOCK; pads++ ) { |
| 66 | + inpad[inlen + pads] = (N_BLOCK - inlen % N_BLOCK); |
| 67 | + } |
| 68 | + |
| 69 | + // Make a random initialization vector |
| 70 | + if (random_bytes((uint8_t *)iv, N_BLOCK, 0) == DBB_ERROR) { |
| 71 | + commander_fill_report(cmd_str(CMD_random), NULL, DBB_ERR_MEM_ATAES); |
| 72 | + utils_zero(inpad, inpadlen); |
| 73 | + utils_zero(ctx, sizeof(ctx)); |
| 74 | + return NULL; |
| 75 | + } |
| 76 | + memcpy(enc_cat, iv, N_BLOCK); |
| 77 | + |
| 78 | + // CBC encrypt multiple blocks |
| 79 | + aes_cbc_encrypt(inpad, enc, inpadlen / N_BLOCK, iv, ctx); |
| 80 | + memcpy(enc_cat + N_BLOCK, enc, inpadlen); |
| 81 | + |
| 82 | + utils_zero(inpad, inpadlen); |
| 83 | + utils_zero(ctx, sizeof(ctx)); |
| 84 | + return enc_cat; |
| 85 | +} |
| 86 | + |
| 87 | + |
| 88 | +// Must free() returned value (allocated inside base64() function) |
| 89 | +char *aescbcb64_encrypt(const unsigned char *in, int inlen, int *out_b64len, |
| 90 | + const uint8_t *key) |
| 91 | +{ |
| 92 | + int out_len; |
| 93 | + uint8_t *enc_cat = aescbcb64_init_and_encrypt(in, inlen, &out_len, key); |
| 94 | + // base64 encoding |
| 95 | + char *b64; |
| 96 | + b64 = base64(enc_cat, out_len, out_b64len); |
| 97 | + free(enc_cat); |
| 98 | + return b64; |
| 99 | +} |
| 100 | + |
| 101 | +// Encrypts a given constant char array of length inlen using the AES algorithm with CBC mode, |
| 102 | +// appends its SHA256 HMAC and base64 encodes the result. |
| 103 | +// |
| 104 | +// Must free() returned value |
| 105 | +char *aescbcb64_hmac_encrypt(const unsigned char *in, int inlen, int *out_b64len, |
| 106 | + const uint8_t *shared_secret) |
| 107 | +{ |
| 108 | + uint8_t encryption_key[SHA256_DIGEST_LENGTH]; |
| 109 | + uint8_t authentication_key[SHA256_DIGEST_LENGTH]; |
| 110 | + |
| 111 | + sharedsecret_derive_keys(shared_secret, encryption_key, authentication_key); |
| 112 | + |
| 113 | + int encrypt_len; |
| 114 | + uint8_t *encrypted = aescbcb64_init_and_encrypt(in, |
| 115 | + inlen, |
| 116 | + &encrypt_len, |
| 117 | + encryption_key); |
| 118 | + uint8_t hmac[SHA256_DIGEST_LENGTH]; |
| 119 | + hmac_sha256(authentication_key, SHA256_DIGEST_LENGTH, encrypted, encrypt_len, hmac); |
| 120 | + |
| 121 | + uint8_t authenticated_encrypted_msg[encrypt_len + SHA256_DIGEST_LENGTH]; |
| 122 | + memcpy(authenticated_encrypted_msg, encrypted, encrypt_len); |
| 123 | + memcpy(authenticated_encrypted_msg + encrypt_len, hmac, SHA256_DIGEST_LENGTH); |
| 124 | + |
| 125 | + free(encrypted); |
| 126 | + utils_zero(encryption_key, sizeof(encryption_key)); |
| 127 | + utils_zero(authentication_key, sizeof(authentication_key)); |
| 128 | + char *b64 = base64(authenticated_encrypted_msg, encrypt_len + SHA256_DIGEST_LENGTH, |
| 129 | + out_b64len); |
| 130 | + return b64; |
| 131 | +} |
| 132 | + |
| 133 | +char *aescbcb64_init_and_decrypt(uint8_t *ub64, int ub64len, int *decrypt_len, |
| 134 | + const uint8_t *key) |
| 135 | +{ |
| 136 | + *decrypt_len = 0; |
| 137 | + |
| 138 | + // Set cipher key |
| 139 | + aes_context ctx[1]; |
| 140 | + memset(ctx, 0, sizeof(ctx)); |
| 141 | + aes_set_key(key, 32, ctx); |
| 142 | + |
| 143 | + unsigned char dec_pad[ub64len - N_BLOCK]; |
| 144 | + aes_cbc_decrypt(ub64 + N_BLOCK, dec_pad, ub64len / N_BLOCK - 1, ub64, ctx); |
| 145 | + |
| 146 | + // Strip PKCS7 padding |
| 147 | + int padlen = dec_pad[ub64len - N_BLOCK - 1]; |
| 148 | + if (ub64len - N_BLOCK - padlen <= 0) { |
| 149 | + utils_zero(dec_pad, sizeof(dec_pad)); |
| 150 | + utils_zero(ctx, sizeof(ctx)); |
| 151 | + return NULL; |
| 152 | + } |
| 153 | + char *dec = malloc(ub64len - N_BLOCK - padlen + 1); // +1 for null termination |
| 154 | + if (!dec) { |
| 155 | + utils_zero(dec_pad, sizeof(dec_pad)); |
| 156 | + utils_zero(ctx, sizeof(ctx)); |
| 157 | + return NULL; |
| 158 | + } |
| 159 | + memcpy(dec, dec_pad, ub64len - N_BLOCK - padlen); |
| 160 | + dec[ub64len - N_BLOCK - padlen] = '\0'; |
| 161 | + *decrypt_len = ub64len - N_BLOCK - padlen + 1; |
| 162 | + utils_zero(dec_pad, sizeof(dec_pad)); |
| 163 | + utils_zero(ctx, sizeof(ctx)); |
| 164 | + return dec; |
| 165 | +} |
| 166 | + |
| 167 | +// Must free() returned value |
| 168 | +char *aescbcb64_decrypt(const unsigned char *in, int inlen, int *decrypt_len, |
| 169 | + const uint8_t *key) |
| 170 | +{ |
| 171 | + if (!in || inlen == 0) { |
| 172 | + return NULL; |
| 173 | + } |
| 174 | + |
| 175 | + // Unbase64 |
| 176 | + int ub64len; |
| 177 | + unsigned char *ub64 = unbase64((const char *)in, inlen, &ub64len); |
| 178 | + if (!ub64) { |
| 179 | + return NULL; |
| 180 | + } |
| 181 | + if ((ub64len % N_BLOCK) || ub64len < N_BLOCK) { |
| 182 | + free(ub64); |
| 183 | + return NULL; |
| 184 | + } |
| 185 | + |
| 186 | + char *ret = aescbcb64_init_and_decrypt(ub64, ub64len, decrypt_len, key); |
| 187 | + memset(ub64, 0, ub64len); |
| 188 | + free(ub64); |
| 189 | + return ret; |
| 190 | +} |
| 191 | + |
| 192 | + |
0 commit comments