mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-01-17 02:17:19 -05:00
145 lines
5.1 KiB
C++
145 lines
5.1 KiB
C++
/*******************************************************************************
|
|
* libretroshare/src/util: rsaes.cc *
|
|
* *
|
|
* libretroshare: retroshare core library *
|
|
* *
|
|
* Copyright 2013-2013 Cyril Soler <csoler@users.sourceforge.net> *
|
|
* *
|
|
* This program is free software: you can redistribute it and/or modify *
|
|
* it under the terms of the GNU Lesser General Public License as *
|
|
* published by the Free Software Foundation, either version 3 of the *
|
|
* License, or (at your option) any later version. *
|
|
* *
|
|
* This program is distributed in the hope that it will be useful, *
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
|
* GNU Lesser General Public License for more details. *
|
|
* *
|
|
* You should have received a copy of the GNU Lesser General Public License *
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>. *
|
|
* *
|
|
*******************************************************************************/
|
|
#include <iostream>
|
|
#include <openssl/evp.h>
|
|
#include <openssl/aes.h>
|
|
|
|
#include "rsaes.h"
|
|
|
|
uint32_t RsAES::get_buffer_size(uint32_t n)
|
|
{
|
|
return n + AES_BLOCK_SIZE ;
|
|
}
|
|
|
|
bool RsAES::aes_crypt_8_16(const uint8_t *input_data,uint32_t input_data_length,uint8_t key_data[16],uint8_t salt[8],uint8_t *output_data,uint32_t& output_data_length)
|
|
{
|
|
int nrounds = 5;
|
|
uint8_t key[32], iv[32];
|
|
|
|
/*
|
|
* Gen key & IV for AES 256 CBC mode. A SHA1 digest is used to hash the supplied key material.
|
|
* nrounds is the number of times the we hash the material. More rounds are more secure but
|
|
* slower.
|
|
*/
|
|
int i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, key_data, 16, nrounds, key, iv);
|
|
|
|
if (i != 32)
|
|
{
|
|
printf("Key size is %d bits - should be 256 bits\n", i);
|
|
return false ;
|
|
}
|
|
|
|
EVP_CIPHER_CTX *e_ctx = EVP_CIPHER_CTX_new();
|
|
EVP_EncryptInit_ex(e_ctx, EVP_aes_256_cbc(), NULL, key, iv);
|
|
|
|
/* max ciphertext len for a n bytes of plaintext is n + AES_BLOCK_SIZE -1 bytes */
|
|
int c_len = input_data_length + AES_BLOCK_SIZE ;
|
|
int f_len = 0;
|
|
|
|
if(output_data_length < (uint32_t)c_len)
|
|
{
|
|
EVP_CIPHER_CTX_free(e_ctx) ;
|
|
return false ;
|
|
}
|
|
|
|
/* update ciphertext, c_len is filled with the length of ciphertext generated,
|
|
*len is the size of plaintext in bytes */
|
|
|
|
if(!EVP_EncryptUpdate(e_ctx, output_data, &c_len, input_data, input_data_length))
|
|
{
|
|
std::cerr << "RsAES: decryption failed at end. Check padding." << std::endl;
|
|
EVP_CIPHER_CTX_free(e_ctx) ;
|
|
return false ;
|
|
}
|
|
|
|
/* update ciphertext with the final remaining bytes */
|
|
if(!EVP_EncryptFinal_ex(e_ctx, output_data+c_len, &f_len))
|
|
{
|
|
std::cerr << "RsAES: decryption failed at end. Check padding." << std::endl;
|
|
EVP_CIPHER_CTX_free(e_ctx) ;
|
|
return false ;
|
|
}
|
|
|
|
output_data_length = c_len + f_len;
|
|
|
|
EVP_CIPHER_CTX_free(e_ctx) ;
|
|
return true;
|
|
}
|
|
|
|
bool RsAES::aes_decrypt_8_16(const uint8_t *input_data,uint32_t input_data_length,uint8_t key_data[16],uint8_t salt[8],uint8_t *output_data,uint32_t& output_data_length)
|
|
{
|
|
int nrounds = 5;
|
|
uint8_t key[32], iv[32];
|
|
|
|
/*
|
|
* Gen key & IV for AES 256 CBC mode. A SHA1 digest is used to hash the supplied key material.
|
|
* nrounds is the number of times the we hash the material. More rounds are more secure but
|
|
* slower.
|
|
*/
|
|
int i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, key_data, 16, nrounds, key, iv);
|
|
|
|
if (i != 32)
|
|
{
|
|
printf("Key size is %d bits - should be 256 bits\n", i);
|
|
return false ;
|
|
}
|
|
|
|
EVP_CIPHER_CTX *e_ctx = EVP_CIPHER_CTX_new();
|
|
EVP_DecryptInit_ex(e_ctx, EVP_aes_256_cbc(), NULL, key, iv);
|
|
|
|
/* max ciphertext len for a n bytes of plaintext is n + AES_BLOCK_SIZE -1 bytes */
|
|
int c_len = input_data_length + AES_BLOCK_SIZE ;
|
|
int f_len = 0;
|
|
|
|
if(output_data_length < (uint32_t)c_len)
|
|
{
|
|
EVP_CIPHER_CTX_free(e_ctx) ;
|
|
return false ;
|
|
}
|
|
|
|
output_data_length = c_len ;
|
|
|
|
/* update ciphertext, c_len is filled with the length of ciphertext generated,
|
|
*len is the size of plaintext in bytes */
|
|
|
|
if(! EVP_DecryptUpdate(e_ctx, output_data, &c_len, input_data, input_data_length))
|
|
{
|
|
std::cerr << "RsAES: decryption failed." << std::endl;
|
|
EVP_CIPHER_CTX_free(e_ctx) ;
|
|
return false ;
|
|
}
|
|
|
|
/* update ciphertext with the final remaining bytes */
|
|
if(!EVP_DecryptFinal_ex(e_ctx, output_data+c_len, &f_len))
|
|
{
|
|
std::cerr << "RsAES: decryption failed at end. Check padding." << std::endl;
|
|
EVP_CIPHER_CTX_free(e_ctx) ;
|
|
return false ;
|
|
}
|
|
|
|
output_data_length = c_len + f_len;
|
|
|
|
EVP_CIPHER_CTX_free(e_ctx) ;
|
|
return true;
|
|
}
|
|
|