/
gm_crypt.c
186 lines (158 loc) · 5.73 KB
/
gm_crypt.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
/******************************************************************************
*
* mod_gearman - distribute checks with gearman
*
* Copyright (c) 2010 Sven Nierlein - sven.nierlein@consol.de
*
* This file is part of mod_gearman.
*
* mod_gearman is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* mod_gearman is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with mod_gearman. If not, see <http://www.gnu.org/licenses/>.
*
*****************************************************************************/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
#include <gm_crypt.h>
#include "common.h"
int encryption_initialized = 0;
unsigned char key[KEYBYTES];
/* initialize encryption */
EVP_CIPHER_CTX * mod_gm_aes_init(const char * password) {
EVP_CIPHER_CTX * ctx;
/* pad key till keysize */
int i;
for (i = 0; i < KEYBYTES; i++)
key[i] = *password != 0 ? *password++ : 0;
/* Create and initialise the context */
if(!(ctx = EVP_CIPHER_CTX_new())) {
fprintf(stderr, "EVP_CIPHER_CTX_new failed:\n");
ERR_print_errors_fp(stderr);
exit(1);
}
// disable padding, this has to be done manually. For historical reasons, mod-gearman uses zero padding which
// is not supported by openssl
EVP_CIPHER_CTX_set_padding(ctx, 0);
encryption_initialized = 1;
return(ctx);
}
/* deinitialize encryption */
void mod_gm_aes_deinit(EVP_CIPHER_CTX *ctx) {
if(ctx != NULL)
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
encryption_initialized = 0;
return;
}
/* encrypt text with given key */
int mod_gm_aes_encrypt(EVP_CIPHER_CTX * ctx, unsigned char * ciphertext, const unsigned char * plaintext, int plaintext_len) {
int len;
int ciphertext_len;
assert(encryption_initialized == 1);
assert(ctx != NULL);
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key, NULL)) {
fprintf(stderr, "EVP_EncryptInit_ex failed:\n");
ERR_print_errors_fp(stderr);
return -1;
}
if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) {
fprintf(stderr, "EVP_EncryptUpdate failed\n");
ERR_print_errors_fp(stderr);
return -1;
}
ciphertext_len = len;
// do zero padding
if(BLOCKSIZE%plaintext_len != 0) {
const char * zeros = "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0";
if(1 != EVP_EncryptUpdate(ctx, ciphertext+len, &len, (const unsigned char *)zeros, BLOCKSIZE - (plaintext_len % BLOCKSIZE))) {
fprintf(stderr, "EVP_EncryptUpdate failed\n");
ERR_print_errors_fp(stderr);
return -1;
}
ciphertext_len += len;
}
if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + ciphertext_len, &len)) {
fprintf(stderr, "EVP_EncryptFinal_ex failed\n");
ERR_print_errors_fp(stderr);
return -1;
}
return ciphertext_len;
}
/* decrypt text with given key */
int mod_gm_aes_decrypt(EVP_CIPHER_CTX * ctx, unsigned char * plaintext, unsigned char * ciphertext, int ciphertext_len) {
int len;
assert(encryption_initialized == 1);
assert(ctx != NULL);
if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_ecb(), NULL, key, NULL)) {
fprintf(stderr, "EVP_DecryptInit_ex failed\n");
ERR_print_errors_fp(stderr);
return -1;
}
if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) {
fprintf(stderr, "EVP_DecryptUpdate failed\n");
ERR_print_errors_fp(stderr);
return -1;
}
if(len < 0) {
fprintf(stderr, "EVP_DecryptUpdate return length: %d\n", len);
return -1;
}
return 1;
}
/* create hex sum for char[] */
char *mod_gm_hexsum(const char *text) {
unsigned char *result = NULL;
unsigned int resultlen = -1;
unsigned int i = 0;
char *hex = gm_malloc(sizeof(char)*((KEYBYTES*2)+1));
result = HMAC(EVP_sha256(), key, KEYBYTES, (const unsigned char*)text, strlen(text), result, &resultlen);
for(i = 0; i < resultlen; i++){
snprintf(hex+(i*2), 3, "%02hhX", result[i]);
}
return(hex);
}
int base64_decode(const char *source, int sourcelen, unsigned char * target) {
int n = EVP_DecodeBlock(target, (const unsigned char*)source, sourcelen);
if(n == -1) {
// try again and strip newlines, base64 decode fails if there are any newlines in the base64 string
char *stripped = gm_malloc(sizeof(char) * sourcelen);
int j = 0;
int i = 0;
for(i = 0; i < sourcelen; i++) {
if(source[i] != '\n') {
stripped[j++] = source[i];
}
}
stripped[j] = '\0';
n = EVP_DecodeBlock(target, (const unsigned char*)stripped, strlen(stripped));
gm_free(stripped);
if(n == -1) {
fprintf(stderr, "base64 decode failed: ");
ERR_print_errors_fp(stderr);
fprintf(stderr, "\n");
return(-1);
}
}
return(n);
}
unsigned char * base64_encode(const unsigned char *source, size_t sourcelen) {
unsigned char * target = gm_malloc(sizeof(char) * ((sourcelen/3)*4)+5);
if(!EVP_EncodeBlock(target, source, sourcelen)) {
fprintf(stderr, "base64 encode failed: ");
ERR_print_errors_fp(stderr);
fprintf(stderr, "\n");
return(NULL);
}
return(target);
}