diff options
| -rw-r--r-- | src/core/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | src/core/aes/aes_ssl.h | 74 | ||||
| -rw-r--r-- | src/core/aes/aes_ssl_cbc.cpp | 99 |
3 files changed, 174 insertions, 0 deletions
diff --git a/src/core/CMakeLists.txt b/src/core/CMakeLists.txt index f0032917..373927d1 100644 --- a/src/core/CMakeLists.txt +++ b/src/core/CMakeLists.txt @@ -27,6 +27,7 @@ aux_source_directory(./result_analyse GPG_SOURCE) aux_source_directory(./function GPG_SOURCE) aux_source_directory(./model GPG_SOURCE) +aux_source_directory(./aes GPG_SOURCE) aux_source_directory(. GPG_SOURCE) add_library(gpgfrontend_core STATIC ${GPG_SOURCE}) diff --git a/src/core/aes/aes_ssl.h b/src/core/aes/aes_ssl.h new file mode 100644 index 00000000..b5f0820f --- /dev/null +++ b/src/core/aes/aes_ssl.h @@ -0,0 +1,74 @@ +/** + * Copyright (C) 2021 Saturneric + * + * This file is part of GpgFrontend. + * + * GpgFrontend is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GpgFrontend is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GpgFrontend. If not, see <https://www.gnu.org/licenses/>. + * + * The initial version of the source code is inherited from + * the gpg4usb project, which is under GPL-3.0-or-later. + * + * All the source code of GpgFrontend was modified and released by + * Saturneric<[email protected]> starting on May 12, 2021. + * + * SPDX-License-Identifier: GPL-3.0-or-later + * + */ + +#ifndef GPGFRONTEND_AES_SSL_H +#define GPGFRONTEND_AES_SSL_H + +#include "GpgFrontend.h" + +#include <openssl/aes.h> +#include <openssl/evp.h> + +namespace GpgFrontend::RawAPI { + +/** + * @brief + * + * @param key_data + * @param key_data_len + * @param salt + * @param e_ctx + * @param d_ctx + * @return int + */ +int aes_256_cbc_init(uint8_t *key_data, int key_data_len, uint8_t *salt, + EVP_CIPHER_CTX *e_ctx, EVP_CIPHER_CTX *d_ctx); + +/** + * @brief + * + * @param e + * @param plaintext + * @param len + * @return uint8_t* + */ +uint8_t *aes_256_cbc_encrypt(EVP_CIPHER_CTX *e, uint8_t *plaintext, int *len); + +/** + * @brief + * + * @param e + * @param ciphertext + * @param len + * @return uint8_t* + */ +uint8_t *aes_256_cbc_decrypt(EVP_CIPHER_CTX *e, uint8_t *ciphertext, int *len); + +} // namespace GpgFrontend::RawAPI + +#endif // GPGFRONTEND_AES_SSL_H diff --git a/src/core/aes/aes_ssl_cbc.cpp b/src/core/aes/aes_ssl_cbc.cpp new file mode 100644 index 00000000..95ae0ce2 --- /dev/null +++ b/src/core/aes/aes_ssl_cbc.cpp @@ -0,0 +1,99 @@ +/** + * AES encryption/decryption demo program using OpenSSL EVP apis + * gcc -Wall openssl_aes.c -lcrypto + * this is public domain code. + * Saju Pillai ([email protected]) + **/ + +#include "aes_ssl.h" + +namespace GpgFrontend::RawAPI { + +/** + * @brief Create a 256 bit key and IV using the supplied key_data. salt can be + * added for taste. Fills in the encryption and decryption ctx objects and + * returns 0 on success + * + * @param key_data + * @param key_data_len + * @param salt + * @param e_ctx + * @param d_ctx + * @return int + */ +int aes_256_cbc_init(uint8_t *key_data, int key_data_len, uint8_t *salt, + EVP_CIPHER_CTX *e_ctx, EVP_CIPHER_CTX *d_ctx) { + int i, nrounds = 5; + uint8_t key[32], iv[32]; + + /* + * Gen key & IV for AES 256 CBC mode. A SHA1 digest is used to hash the + * supplied key material. nrounds is the number of times the we hash the + * material. More rounds are more secure but slower. + */ + i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, key_data, + key_data_len, nrounds, key, iv); + if (i != 32) { + printf("Key size is %d bits - should be 256 bits\n", i); + return -1; + } + + EVP_CIPHER_CTX_init(e_ctx); + EVP_EncryptInit_ex(e_ctx, EVP_aes_256_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_init(d_ctx); + EVP_DecryptInit_ex(d_ctx, EVP_aes_256_cbc(), NULL, key, iv); + + return 0; +} + +/** + * @brief Encrypt *len bytes of data All data going in & out is considered + * binary (uint8_t[]) + * + * @param e + * @param plaintext + * @param len + * @return uint8_t* + */ +uint8_t *aes_256_cbc_encrypt(EVP_CIPHER_CTX *e, uint8_t *plaintext, int *len) { + /* max ciphertext len for a n bytes of plaintext is n + AES_BLOCK_SIZE -1 + * bytes */ + int c_len = *len + AES_BLOCK_SIZE, f_len = 0; + auto *ciphertext = (uint8_t *)malloc(c_len); + + /* allows reusing of 'e' for multiple encryption cycles */ + EVP_EncryptInit_ex(e, nullptr, nullptr, nullptr, nullptr); + + /* update ciphertext, c_len is filled with the length of ciphertext generated, + *len is the size of plaintext in bytes */ + EVP_EncryptUpdate(e, ciphertext, &c_len, plaintext, *len); + + /* update ciphertext with the final remaining bytes */ + EVP_EncryptFinal_ex(e, ciphertext + c_len, &f_len); + + *len = c_len + f_len; + return ciphertext; +} + +/** + * @brief Decrypt *len bytes of ciphertext + * + * @param e + * @param ciphertext + * @param len + * @return uint8_t* + */ +uint8_t *aes_256_cbc_decrypt(EVP_CIPHER_CTX *e, uint8_t *ciphertext, int *len) { + /* plaintext will always be equal to or lesser than length of ciphertext*/ + int p_len = *len, f_len = 0; + auto *plaintext = (uint8_t *)malloc(p_len); + + EVP_DecryptInit_ex(e, nullptr, nullptr, nullptr, nullptr); + EVP_DecryptUpdate(e, plaintext, &p_len, ciphertext, *len); + EVP_DecryptFinal_ex(e, plaintext + p_len, &f_len); + + *len = p_len + f_len; + return plaintext; +} + +} // namespace GpgFrontend::RawAPI
\ No newline at end of file |