Bryan Drewery 16 lat temu
rodzic
commit
41a418c5ec
4 zmienionych plików z 94 dodań i 2 usunięć
  1. 35 2
      src/crypt.c
  2. 2 0
      src/crypt.h
  3. 55 0
      src/crypto/aes_util.c
  4. 2 0
      src/crypto/aes_util.h

+ 35 - 2
src/crypt.c

@@ -36,7 +36,7 @@ char *encrypt_string(const char *keydata, char *in)
 }
 
 /**
- * @brief Encrypt a string
+ * @brief Encrypt a string with AES 256 ECB
  * @param key The key to encrypt with
  * @param data The string to encrypt
  * @return A new, encrypted string
@@ -50,6 +50,22 @@ bd::String encrypt_string(const bd::String& key, const bd::String& data) {
   return encrypted;
 }
 
+/**
+ * @brief Encrypt a string with AES 256 CBC
+ * @param key The key to encrypt with
+ * @param data The string to encrypt
+ * @param IV The IV to use (WARNING: This is modified inplace)
+ * @return A new, encrypted string
+ */
+bd::String encrypt_string_cbc(const bd::String& key, const bd::String& data, unsigned char* IV) {
+  if (!key) return data;
+  size_t len = data.length();
+  char *bdata = (char*) aes_encrypt_cbc_binary(key.c_str(), (unsigned char*) data.c_str(), &len, IV);
+  bd::String encrypted(bdata, len);
+  free(bdata);
+  return encrypted;
+}
+
 char *decrypt_string(const char *keydata, char *in)
 {
   size_t len = strlen(in);
@@ -69,7 +85,7 @@ char *decrypt_string(const char *keydata, char *in)
 }
 
 /**
- * @brief Decrypt a string
+ * @brief Decrypt an AES 256 ECB ciphered string
  * @param key The key to decrypt with
  * @param data The string to decrypt
  * @return A new, decrypted string
@@ -84,6 +100,23 @@ bd::String decrypt_string(const bd::String& key, const bd::String& data) {
   return decrypted;
 }
 
+/**
+ * @brief Decrypt anAES 256 CBC ciphered string
+ * @param key The key to decrypt with
+ * @param data The string to decrypt
+ * @param IV The IV to use (WARNING: This is modified inplace)
+ * @return A new, decrypted string
+ */
+bd::String decrypt_string_cbc(const bd::String& key, const bd::String& data, unsigned char* IV) {
+  if (!key) return data;
+  size_t len = data.length();
+  char *bdata = (char*) aes_decrypt_cbc_binary(key.c_str(), (unsigned char*) data.c_str(), &len, IV);
+  bd::String decrypted(bdata, len);
+  OPENSSL_cleanse(bdata, len);
+  free(bdata);
+  return decrypted;
+}
+
 int salted_sha1cmp(const char *salted_hash, const char *string) {
   char* cmp = salted_sha1(string, &salted_hash[1]); //Pass in the salt from the given hash
   int n = strcmp(salted_hash, cmp);

+ 2 - 0
src/crypt.h

@@ -28,10 +28,12 @@ int sha1cmp(const char *, const char*);
 
 char *encrypt_string(const char *, char *);
 bd::String encrypt_string(const bd::String&, const bd::String&);
+bd::String encrypt_string_cbc(const bd::String&, const bd::String&, unsigned char *);
 char *decrypt_string(const char *, char *);
 char *salted_sha1(const char *, const char* = NULL);
 int salted_sha1cmp(const char *, const char*);
 bd::String decrypt_string(const bd::String&, const bd::String&);
+bd::String decrypt_string_cbc(const bd::String&, const bd::String&, unsigned char *);
 char *cryptit (char *);
 char *decryptit (char *);
 void Encrypt_File(char *, char *);

+ 55 - 0
src/crypto/aes_util.c

@@ -76,3 +76,58 @@ aes_decrypt_ecb_binary(const char *keydata, unsigned char *in, size_t *len)
   out[*len] = 0;
   return out;
 }
+
+unsigned char *
+aes_encrypt_cbc_binary(const char *keydata, unsigned char *in, size_t *inlen, unsigned char *ivec)
+{
+  size_t len = *inlen;
+  unsigned char *out = NULL;
+
+  /* First pad indata to CRYPT_BLOCKSIZE multiple */
+  if (len % CRYPT_BLOCKSIZE)             /* more than 1 block? */
+    len += (CRYPT_BLOCKSIZE - (len % CRYPT_BLOCKSIZE));
+
+  out = (unsigned char *) my_calloc(1, len + 1);
+  *inlen = len;
+
+  if (!keydata || !*keydata) {
+    /* No key, no encryption */
+    memcpy(out, in, len);
+  } else {
+    char key[CRYPT_KEYSIZE + 1] = "";
+
+    strlcpy(key, keydata, sizeof(key));
+    AES_set_encrypt_key((const unsigned char *) key, CRYPT_KEYBITS, &e_key);
+    AES_cbc_encrypt(in, out, len, &e_key, ivec, AES_ENCRYPT);
+    OPENSSL_cleanse(key, sizeof(key));
+    OPENSSL_cleanse(&e_key, sizeof(e_key));
+  }
+  out[len] = 0;
+  return out;
+}
+
+unsigned char *
+aes_decrypt_cbc_binary(const char *keydata, unsigned char *in, size_t *len, unsigned char* ivec)
+{
+  unsigned char *out = NULL;
+
+  *len -= *len % CRYPT_BLOCKSIZE;
+  out = (unsigned char *) my_calloc(1, *len + 1);
+
+  if (!keydata || !*keydata) {
+    /* No key, no decryption */
+  } else {
+    /* Init/fetch key */
+    char key[CRYPT_KEYSIZE + 1] = "";
+
+    strlcpy(key, keydata, sizeof(key));
+    AES_set_decrypt_key((const unsigned char *) key, CRYPT_KEYBITS, &d_key);
+    AES_cbc_encrypt(in, out, *len, &d_key, ivec, AES_DECRYPT);
+    OPENSSL_cleanse(key, sizeof(key));
+    OPENSSL_cleanse(&d_key, sizeof(d_key));
+  }
+
+  *len = strlen((char*) out);
+  out[*len] = 0;
+  return out;
+}

+ 2 - 0
src/crypto/aes_util.h

@@ -9,4 +9,6 @@
 
 unsigned char *aes_encrypt_ecb_binary(const char *, unsigned char *, size_t *);
 unsigned char *aes_decrypt_ecb_binary(const char *, unsigned char *, size_t *);
+unsigned char *aes_encrypt_cbc_binary(const char *, unsigned char *, size_t *, unsigned char *);
+unsigned char *aes_decrypt_cbc_binary(const char *, unsigned char *, size_t *, unsigned char *);
 #endif