libwinpr-crypto: add generic cipher API with OpenSSL/mbedtls support
This commit is contained in:
Marc-André Moreau
parent
87c42127c7
commit
54292f29ea
@ -854,5 +854,119 @@ WINPR_API void winpr_RC4_Final(WINPR_RC4_CTX* ctx);
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif /* WINPR_CRYPTO_H */
|
/**
|
||||||
|
* Generic Cipher API
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* cipher operation types */
|
||||||
|
#define WINPR_ENCRYPT 0
|
||||||
|
#define WINPR_DECRYPT 1
|
||||||
|
|
||||||
|
/* cipher types */
|
||||||
|
#define WINPR_CIPHER_NONE 0
|
||||||
|
#define WINPR_CIPHER_NULL 1
|
||||||
|
#define WINPR_CIPHER_AES_128_ECB 2
|
||||||
|
#define WINPR_CIPHER_AES_192_ECB 3
|
||||||
|
#define WINPR_CIPHER_AES_256_ECB 4
|
||||||
|
#define WINPR_CIPHER_AES_128_CBC 5
|
||||||
|
#define WINPR_CIPHER_AES_192_CBC 6
|
||||||
|
#define WINPR_CIPHER_AES_256_CBC 7
|
||||||
|
#define WINPR_CIPHER_AES_128_CFB128 8
|
||||||
|
#define WINPR_CIPHER_AES_192_CFB128 9
|
||||||
|
#define WINPR_CIPHER_AES_256_CFB128 10
|
||||||
|
#define WINPR_CIPHER_AES_128_CTR 11
|
||||||
|
#define WINPR_CIPHER_AES_192_CTR 12
|
||||||
|
#define WINPR_CIPHER_AES_256_CTR 13
|
||||||
|
#define WINPR_CIPHER_AES_128_GCM 14
|
||||||
|
#define WINPR_CIPHER_AES_192_GCM 15
|
||||||
|
#define WINPR_CIPHER_AES_256_GCM 16
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_128_ECB 17
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_192_ECB 18
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_256_ECB 19
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_128_CBC 20
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_192_CBC 21
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_256_CBC 22
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_128_CFB128 23
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_192_CFB128 24
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_256_CFB128 25
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_128_CTR 26
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_192_CTR 27
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_256_CTR 28
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_128_GCM 29
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_192_GCM 30
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_256_GCM 31
|
||||||
|
#define WINPR_CIPHER_DES_ECB 32
|
||||||
|
#define WINPR_CIPHER_DES_CBC 33
|
||||||
|
#define WINPR_CIPHER_DES_EDE_ECB 34
|
||||||
|
#define WINPR_CIPHER_DES_EDE_CBC 35
|
||||||
|
#define WINPR_CIPHER_DES_EDE3_ECB 36
|
||||||
|
#define WINPR_CIPHER_DES_EDE3_CBC 37
|
||||||
|
#define WINPR_CIPHER_BLOWFISH_ECB 38
|
||||||
|
#define WINPR_CIPHER_BLOWFISH_CBC 39
|
||||||
|
#define WINPR_CIPHER_BLOWFISH_CFB64 40
|
||||||
|
#define WINPR_CIPHER_BLOWFISH_CTR 41
|
||||||
|
#define WINPR_CIPHER_ARC4_128 42
|
||||||
|
#define WINPR_CIPHER_AES_128_CCM 43
|
||||||
|
#define WINPR_CIPHER_AES_192_CCM 44
|
||||||
|
#define WINPR_CIPHER_AES_256_CCM 45
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_128_CCM 46
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_192_CCM 47
|
||||||
|
#define WINPR_CIPHER_CAMELLIA_256_CCM 48
|
||||||
|
|
||||||
|
struct _OPENSSL_CIPHER_CTX
|
||||||
|
{
|
||||||
|
const void* cipher;
|
||||||
|
void* engine;
|
||||||
|
int encrypt;
|
||||||
|
int buf_len;
|
||||||
|
BYTE oiv[16];
|
||||||
|
BYTE iv[16];
|
||||||
|
BYTE buf[32];
|
||||||
|
int num;
|
||||||
|
void* app_data;
|
||||||
|
int key_len;
|
||||||
|
unsigned long flags;
|
||||||
|
void* cipher_data;
|
||||||
|
int final_used;
|
||||||
|
int block_mask;
|
||||||
|
BYTE final[32];
|
||||||
|
BYTE winpr_pad[32];
|
||||||
|
};
|
||||||
|
typedef struct _OPENSSL_CIPHER_CTX OPENSSL_CIPHER_CTX;
|
||||||
|
|
||||||
|
struct _MBEDTLS_CIPHER_CTX
|
||||||
|
{
|
||||||
|
const void* cipher_info;
|
||||||
|
int key_bitlen;
|
||||||
|
int operation;
|
||||||
|
void* add_padding;
|
||||||
|
int* get_padding;
|
||||||
|
BYTE unprocessed_data[16];
|
||||||
|
size_t unprocessed_len;
|
||||||
|
BYTE iv[16];
|
||||||
|
size_t iv_size;
|
||||||
|
void* cipher_ctx;
|
||||||
|
BYTE winpr_pad[32];
|
||||||
|
};
|
||||||
|
typedef struct _MBEDTLS_CIPHER_CTX MBEDTLS_CIPHER_CTX;
|
||||||
|
|
||||||
|
union _WINPR_CIPHER_CTX
|
||||||
|
{
|
||||||
|
OPENSSL_CIPHER_CTX openssl;
|
||||||
|
MBEDTLS_CIPHER_CTX mbedtls;
|
||||||
|
};
|
||||||
|
typedef union _WINPR_CIPHER_CTX WINPR_CIPHER_CTX;
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
WINPR_API void winpr_Cipher_Init(WINPR_CIPHER_CTX* ctx, int cipher, int op, const BYTE* key, const BYTE* iv);
|
||||||
|
WINPR_API int winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const BYTE* input, size_t ilen, BYTE* output, size_t* olen);
|
||||||
|
WINPR_API void winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, BYTE* output, size_t* olen);
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif /* WINPR_CRYPTO_H */
|
||||||
|
|||||||
@ -28,12 +28,14 @@
|
|||||||
#include <openssl/aes.h>
|
#include <openssl/aes.h>
|
||||||
#include <openssl/rc4.h>
|
#include <openssl/rc4.h>
|
||||||
#include <openssl/des.h>
|
#include <openssl/des.h>
|
||||||
|
#include <openssl/evp.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WITH_MBEDTLS
|
#ifdef WITH_MBEDTLS
|
||||||
#include <mbedtls/aes.h>
|
#include <mbedtls/aes.h>
|
||||||
#include <mbedtls/arc4.h>
|
#include <mbedtls/arc4.h>
|
||||||
#include <mbedtls/des.h>
|
#include <mbedtls/des.h>
|
||||||
|
#include <mbedtls/cipher.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -68,3 +70,439 @@ void winpr_RC4_Final(WINPR_RC4_CTX* ctx)
|
|||||||
mbedtls_arc4_free((mbedtls_arc4_context*) ctx);
|
mbedtls_arc4_free((mbedtls_arc4_context*) ctx);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generic Cipher API
|
||||||
|
*/
|
||||||
|
|
||||||
|
#if defined(WITH_OPENSSL)
|
||||||
|
const EVP_CIPHER* winpr_openssl_get_evp_cipher(int cipher)
|
||||||
|
{
|
||||||
|
const EVP_CIPHER* evp = NULL;
|
||||||
|
|
||||||
|
switch (cipher)
|
||||||
|
{
|
||||||
|
case WINPR_CIPHER_NULL:
|
||||||
|
evp = EVP_enc_null();
|
||||||
|
break;
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_AES
|
||||||
|
case WINPR_CIPHER_AES_128_ECB:
|
||||||
|
evp = EVP_aes_128_ecb();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_192_ECB:
|
||||||
|
evp = EVP_aes_192_ecb();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_256_ECB:
|
||||||
|
evp = EVP_aes_256_ecb();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_128_CBC:
|
||||||
|
evp = EVP_aes_128_cbc();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_192_CBC:
|
||||||
|
evp = EVP_aes_192_cbc();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_256_CBC:
|
||||||
|
evp = EVP_aes_256_cbc();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_128_CFB128:
|
||||||
|
evp = EVP_aes_128_cfb128();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_192_CFB128:
|
||||||
|
evp = EVP_aes_192_cfb128();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_256_CFB128:
|
||||||
|
evp = EVP_aes_256_cfb128();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_128_CTR:
|
||||||
|
evp = EVP_aes_128_ctr();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_192_CTR:
|
||||||
|
evp = EVP_aes_192_ctr();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_256_CTR:
|
||||||
|
evp = EVP_aes_256_ctr();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_128_GCM:
|
||||||
|
evp = EVP_aes_128_gcm();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_192_GCM:
|
||||||
|
evp = EVP_aes_192_gcm();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_256_GCM:
|
||||||
|
evp = EVP_aes_256_gcm();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_128_CCM:
|
||||||
|
evp = EVP_aes_128_ccm();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_192_CCM:
|
||||||
|
evp = EVP_aes_192_ccm();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_256_CCM:
|
||||||
|
evp = EVP_aes_256_ccm();
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_CAMELLIA
|
||||||
|
case WINPR_CIPHER_CAMELLIA_128_ECB:
|
||||||
|
evp = EVP_camellia_128_ecb();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_192_ECB:
|
||||||
|
evp = EVP_camellia_192_ecb();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_256_ECB:
|
||||||
|
evp = EVP_camellia_256_ecb();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_128_CBC:
|
||||||
|
evp = EVP_camellia_128_cbc();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_192_CBC:
|
||||||
|
evp = EVP_camellia_192_cbc();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_256_CBC:
|
||||||
|
evp = EVP_camellia_256_cbc();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_128_CFB128:
|
||||||
|
evp = EVP_camellia_128_cfb128();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_192_CFB128:
|
||||||
|
evp = EVP_camellia_192_cfb128();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_256_CFB128:
|
||||||
|
evp = EVP_camellia_256_cfb128();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_128_CTR:
|
||||||
|
case WINPR_CIPHER_CAMELLIA_192_CTR:
|
||||||
|
case WINPR_CIPHER_CAMELLIA_256_CTR:
|
||||||
|
case WINPR_CIPHER_CAMELLIA_128_GCM:
|
||||||
|
case WINPR_CIPHER_CAMELLIA_192_GCM:
|
||||||
|
case WINPR_CIPHER_CAMELLIA_256_GCM:
|
||||||
|
case WINPR_CIPHER_CAMELLIA_128_CCM:
|
||||||
|
case WINPR_CIPHER_CAMELLIA_192_CCM:
|
||||||
|
case WINPR_CIPHER_CAMELLIA_256_CCM:
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_DES
|
||||||
|
case WINPR_CIPHER_DES_ECB:
|
||||||
|
evp = EVP_des_ecb();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_DES_CBC:
|
||||||
|
evp = EVP_des_cbc();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_DES_EDE_ECB:
|
||||||
|
evp = EVP_des_ede_ecb();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_DES_EDE_CBC:
|
||||||
|
evp = EVP_des_ede_cbc();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_DES_EDE3_ECB:
|
||||||
|
evp = EVP_des_ede3_ecb();
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_DES_EDE3_CBC:
|
||||||
|
evp = EVP_des_ede3_cbc();
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_RC4
|
||||||
|
case WINPR_CIPHER_ARC4_128:
|
||||||
|
evp = EVP_rc4();
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
case WINPR_CIPHER_BLOWFISH_ECB:
|
||||||
|
case WINPR_CIPHER_BLOWFISH_CBC:
|
||||||
|
case WINPR_CIPHER_BLOWFISH_CFB64:
|
||||||
|
case WINPR_CIPHER_BLOWFISH_CTR:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return evp;
|
||||||
|
}
|
||||||
|
#elif defined(WITH_MBEDTLS)
|
||||||
|
mbedtls_cipher_type_t winpr_mbedtls_get_cipher_type(int cipher)
|
||||||
|
{
|
||||||
|
mbedtls_cipher_type_t type = MBEDTLS_CIPHER_NONE;
|
||||||
|
|
||||||
|
switch (cipher)
|
||||||
|
{
|
||||||
|
case WINPR_CIPHER_NONE:
|
||||||
|
type = MBEDTLS_CIPHER_NONE;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_NULL:
|
||||||
|
type = MBEDTLS_CIPHER_NULL;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_128_ECB:
|
||||||
|
type = MBEDTLS_CIPHER_AES_128_ECB;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_192_ECB:
|
||||||
|
type = MBEDTLS_CIPHER_AES_192_ECB;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_256_ECB:
|
||||||
|
type = MBEDTLS_CIPHER_AES_256_ECB;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_128_CBC:
|
||||||
|
type = MBEDTLS_CIPHER_AES_128_CBC;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_192_CBC:
|
||||||
|
type = MBEDTLS_CIPHER_AES_192_CBC;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_256_CBC:
|
||||||
|
type = MBEDTLS_CIPHER_AES_256_CBC;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_128_CFB128:
|
||||||
|
type = MBEDTLS_CIPHER_AES_128_CFB128;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_192_CFB128:
|
||||||
|
type = MBEDTLS_CIPHER_AES_192_CFB128;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_256_CFB128:
|
||||||
|
type = MBEDTLS_CIPHER_AES_256_CFB128;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_128_CTR:
|
||||||
|
type = MBEDTLS_CIPHER_AES_128_CTR;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_192_CTR:
|
||||||
|
type = MBEDTLS_CIPHER_AES_192_CTR;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_256_CTR:
|
||||||
|
type = MBEDTLS_CIPHER_AES_256_CTR;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_128_GCM:
|
||||||
|
type = MBEDTLS_CIPHER_AES_128_GCM;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_192_GCM:
|
||||||
|
type = MBEDTLS_CIPHER_AES_192_GCM;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_256_GCM:
|
||||||
|
type = MBEDTLS_CIPHER_AES_256_GCM;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_128_ECB:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_128_ECB;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_192_ECB:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_192_ECB;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_256_ECB:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_256_ECB;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_128_CBC:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_128_CBC;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_192_CBC:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_192_CBC;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_256_CBC:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_256_CBC;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_128_CFB128:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_128_CFB128;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_192_CFB128:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_192_CFB128;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_256_CFB128:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_256_CFB128;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_128_CTR:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_128_CTR;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_192_CTR:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_192_CTR;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_256_CTR:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_256_CTR;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_128_GCM:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_128_GCM;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_192_GCM:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_192_GCM;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_256_GCM:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_256_GCM;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_DES_ECB:
|
||||||
|
type = MBEDTLS_CIPHER_DES_ECB;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_DES_CBC:
|
||||||
|
type = MBEDTLS_CIPHER_DES_CBC;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_DES_EDE_ECB:
|
||||||
|
type = MBEDTLS_CIPHER_DES_EDE_ECB;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_DES_EDE_CBC:
|
||||||
|
type = MBEDTLS_CIPHER_DES_EDE_CBC;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_DES_EDE3_ECB:
|
||||||
|
type = MBEDTLS_CIPHER_DES_EDE3_ECB;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_DES_EDE3_CBC:
|
||||||
|
type = MBEDTLS_CIPHER_DES_EDE3_CBC;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_BLOWFISH_ECB:
|
||||||
|
type = MBEDTLS_CIPHER_BLOWFISH_ECB;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_BLOWFISH_CBC:
|
||||||
|
type = MBEDTLS_CIPHER_BLOWFISH_CBC;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_BLOWFISH_CFB64:
|
||||||
|
type = MBEDTLS_CIPHER_BLOWFISH_CFB64;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_BLOWFISH_CTR:
|
||||||
|
type = MBEDTLS_CIPHER_BLOWFISH_CTR;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_ARC4_128:
|
||||||
|
type = MBEDTLS_CIPHER_ARC4_128;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_128_CCM:
|
||||||
|
type = MBEDTLS_CIPHER_AES_128_CCM;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_192_CCM:
|
||||||
|
type = MBEDTLS_CIPHER_AES_192_CCM;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_AES_256_CCM:
|
||||||
|
type = MBEDTLS_CIPHER_AES_256_CCM;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_128_CCM:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_128_CCM;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_192_CCM:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_192_CCM;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case WINPR_CIPHER_CAMELLIA_256_CCM:
|
||||||
|
type = MBEDTLS_CIPHER_CAMELLIA_256_CCM;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return type;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
void winpr_Cipher_Init(WINPR_CIPHER_CTX* ctx, int cipher, int op, const BYTE* key, const BYTE* iv)
|
||||||
|
{
|
||||||
|
#if defined(WITH_OPENSSL)
|
||||||
|
int operation;
|
||||||
|
const EVP_CIPHER* evp;
|
||||||
|
evp = winpr_openssl_get_evp_cipher(cipher);
|
||||||
|
operation = (op == WINPR_ENCRYPT) ? 1 : 0;
|
||||||
|
EVP_CIPHER_CTX_init((EVP_CIPHER_CTX*) ctx);
|
||||||
|
EVP_CipherInit_ex((EVP_CIPHER_CTX*) ctx, evp, NULL, key, iv, operation);
|
||||||
|
#elif defined(WITH_MBEDTLS)
|
||||||
|
int key_bitlen;
|
||||||
|
mbedtls_operation_t operation;
|
||||||
|
mbedtls_cipher_type_t cipher_type;
|
||||||
|
const mbedtls_cipher_info_t* cipher_info;
|
||||||
|
cipher_type = winpr_mbedtls_get_cipher_type(cipher);
|
||||||
|
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
|
||||||
|
operation = (op == WINPR_ENCRYPT) ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT;
|
||||||
|
mbedtls_cipher_init((mbedtls_cipher_context_t*) ctx);
|
||||||
|
mbedtls_cipher_setup((mbedtls_cipher_context_t*) ctx, cipher_info);
|
||||||
|
key_bitlen = mbedtls_cipher_get_key_bitlen((mbedtls_cipher_context_t*) ctx);
|
||||||
|
mbedtls_cipher_setkey((mbedtls_cipher_context_t*) ctx, key, key_bitlen, operation);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
int winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const BYTE* input, size_t ilen, BYTE* output, size_t* olen)
|
||||||
|
{
|
||||||
|
#if defined(WITH_OPENSSL)
|
||||||
|
int outl = (int) *olen;
|
||||||
|
EVP_CipherUpdate((EVP_CIPHER_CTX*) ctx, output, &outl, input, ilen);
|
||||||
|
*olen = (size_t) outl;
|
||||||
|
#elif defined(WITH_MBEDTLS)
|
||||||
|
mbedtls_cipher_update((mbedtls_cipher_context_t*) ctx, input, ilen, output, olen);
|
||||||
|
#endif
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
void winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, BYTE* output, size_t* olen)
|
||||||
|
{
|
||||||
|
#if defined(WITH_OPENSSL)
|
||||||
|
int outl = (int) *olen;
|
||||||
|
EVP_CipherFinal_ex((EVP_CIPHER_CTX*) ctx, output, &outl);
|
||||||
|
EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX*) ctx);
|
||||||
|
*olen = (size_t) outl;
|
||||||
|
#elif defined(WITH_MBEDTLS)
|
||||||
|
mbedtls_cipher_finish((mbedtls_cipher_context_t*) ctx, output, olen);
|
||||||
|
mbedtls_cipher_free((mbedtls_cipher_context_t*) ctx);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|||||||
@ -141,15 +141,21 @@
|
|||||||
#include "crypto.h"
|
#include "crypto.h"
|
||||||
|
|
||||||
#include <winpr/crt.h>
|
#include <winpr/crt.h>
|
||||||
|
#include <winpr/crypto.h>
|
||||||
#include <winpr/collections.h>
|
#include <winpr/collections.h>
|
||||||
|
|
||||||
|
#ifdef WITH_OPENSSL
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
#include <openssl/aes.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
static wListDictionary* g_ProtectedMemoryBlocks = NULL;
|
static wListDictionary* g_ProtectedMemoryBlocks = NULL;
|
||||||
|
|
||||||
BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
||||||
{
|
{
|
||||||
#ifdef WITH_OPENSSL
|
|
||||||
BYTE* pCipherText;
|
BYTE* pCipherText;
|
||||||
int cbOut, cbFinal;
|
size_t cbOut, cbFinal;
|
||||||
|
WINPR_CIPHER_CTX enc;
|
||||||
BYTE randomKey[256];
|
BYTE randomKey[256];
|
||||||
WINPR_PROTECTED_MEMORY_BLOCK* pMemBlock;
|
WINPR_PROTECTED_MEMORY_BLOCK* pMemBlock;
|
||||||
|
|
||||||
@ -172,27 +178,17 @@ BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
|||||||
pMemBlock->cbData = cbData;
|
pMemBlock->cbData = cbData;
|
||||||
pMemBlock->dwFlags = dwFlags;
|
pMemBlock->dwFlags = dwFlags;
|
||||||
|
|
||||||
/* AES Initialization */
|
winpr_RAND(pMemBlock->salt, 8);
|
||||||
|
winpr_RAND(randomKey, sizeof(randomKey));
|
||||||
|
|
||||||
RAND_bytes(pMemBlock->salt, 8);
|
#ifdef WITH_OPENSSL
|
||||||
RAND_bytes(randomKey, sizeof(randomKey));
|
EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), pMemBlock->salt,
|
||||||
|
randomKey, sizeof(randomKey), 4, pMemBlock->key, pMemBlock->iv);
|
||||||
EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(),
|
#endif
|
||||||
pMemBlock->salt,
|
|
||||||
randomKey, sizeof(randomKey),
|
|
||||||
4, pMemBlock->key, pMemBlock->iv);
|
|
||||||
|
|
||||||
SecureZeroMemory(randomKey, sizeof(randomKey));
|
SecureZeroMemory(randomKey, sizeof(randomKey));
|
||||||
|
|
||||||
EVP_CIPHER_CTX_init(&(pMemBlock->enc));
|
cbOut = pMemBlock->cbData + 16 - 1;
|
||||||
EVP_EncryptInit_ex(&(pMemBlock->enc), EVP_aes_256_cbc(), NULL, pMemBlock->key, pMemBlock->iv);
|
|
||||||
|
|
||||||
EVP_CIPHER_CTX_init(&(pMemBlock->dec));
|
|
||||||
EVP_DecryptInit_ex(&(pMemBlock->dec), EVP_aes_256_cbc(), NULL, pMemBlock->key, pMemBlock->iv);
|
|
||||||
|
|
||||||
/* AES Encryption */
|
|
||||||
|
|
||||||
cbOut = pMemBlock->cbData + AES_BLOCK_SIZE - 1;
|
|
||||||
pCipherText = (BYTE*) malloc(cbOut);
|
pCipherText = (BYTE*) malloc(cbOut);
|
||||||
|
|
||||||
if (!pCipherText)
|
if (!pCipherText)
|
||||||
@ -201,24 +197,21 @@ BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
|||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
EVP_EncryptInit_ex(&(pMemBlock->enc), NULL, NULL, NULL, NULL);
|
winpr_Cipher_Init(&enc, WINPR_CIPHER_AES_256_CBC, WINPR_ENCRYPT, pMemBlock->key, pMemBlock->iv);
|
||||||
EVP_EncryptUpdate(&(pMemBlock->enc), pCipherText, &cbOut, pMemBlock->pData, pMemBlock->cbData);
|
winpr_Cipher_Update(&enc, pMemBlock->pData, pMemBlock->cbData, pCipherText, &cbOut);
|
||||||
EVP_EncryptFinal_ex(&(pMemBlock->enc), pCipherText + cbOut, &cbFinal);
|
winpr_Cipher_Final(&enc, pCipherText + cbOut, &cbFinal);
|
||||||
|
|
||||||
CopyMemory(pMemBlock->pData, pCipherText, pMemBlock->cbData);
|
CopyMemory(pMemBlock->pData, pCipherText, pMemBlock->cbData);
|
||||||
free(pCipherText);
|
free(pCipherText);
|
||||||
|
|
||||||
return ListDictionary_Add(g_ProtectedMemoryBlocks, pData, pMemBlock);
|
return ListDictionary_Add(g_ProtectedMemoryBlocks, pData, pMemBlock);
|
||||||
#else
|
|
||||||
return TRUE;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
||||||
{
|
{
|
||||||
#ifdef WITH_OPENSSL
|
|
||||||
BYTE* pPlainText;
|
BYTE* pPlainText;
|
||||||
int cbOut, cbFinal;
|
size_t cbOut, cbFinal;
|
||||||
|
WINPR_CIPHER_CTX dec;
|
||||||
WINPR_PROTECTED_MEMORY_BLOCK* pMemBlock;
|
WINPR_PROTECTED_MEMORY_BLOCK* pMemBlock;
|
||||||
|
|
||||||
if (dwFlags != CRYPTPROTECTMEMORY_SAME_PROCESS)
|
if (dwFlags != CRYPTPROTECTMEMORY_SAME_PROCESS)
|
||||||
@ -232,18 +225,16 @@ BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
|||||||
if (!pMemBlock)
|
if (!pMemBlock)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
/* AES Decryption */
|
cbOut = pMemBlock->cbData + 16 - 1;
|
||||||
|
|
||||||
cbOut = pMemBlock->cbData + AES_BLOCK_SIZE - 1;
|
|
||||||
|
|
||||||
pPlainText = (BYTE*) malloc(cbOut);
|
pPlainText = (BYTE*) malloc(cbOut);
|
||||||
|
|
||||||
if (!pPlainText)
|
if (!pPlainText)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
EVP_DecryptInit_ex(&(pMemBlock->dec), NULL, NULL, NULL, NULL);
|
winpr_Cipher_Init(&dec, WINPR_CIPHER_AES_256_CBC, WINPR_DECRYPT, pMemBlock->key, pMemBlock->iv);
|
||||||
EVP_DecryptUpdate(&(pMemBlock->dec), pPlainText, &cbOut, pMemBlock->pData, pMemBlock->cbData);
|
winpr_Cipher_Update(&dec, pMemBlock->pData, pMemBlock->cbData, pPlainText, &cbOut);
|
||||||
EVP_DecryptFinal_ex(&(pMemBlock->dec), pPlainText + cbOut, &cbFinal);
|
winpr_Cipher_Final(&dec, pPlainText + cbOut, &cbFinal);
|
||||||
|
|
||||||
CopyMemory(pMemBlock->pData, pPlainText, pMemBlock->cbData);
|
CopyMemory(pMemBlock->pData, pPlainText, pMemBlock->cbData);
|
||||||
SecureZeroMemory(pPlainText, pMemBlock->cbData);
|
SecureZeroMemory(pPlainText, pMemBlock->cbData);
|
||||||
@ -251,17 +242,9 @@ BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
|||||||
|
|
||||||
ListDictionary_Remove(g_ProtectedMemoryBlocks, pData);
|
ListDictionary_Remove(g_ProtectedMemoryBlocks, pData);
|
||||||
|
|
||||||
/* AES Cleanup */
|
|
||||||
|
|
||||||
EVP_CIPHER_CTX_cleanup(&(pMemBlock->enc));
|
|
||||||
EVP_CIPHER_CTX_cleanup(&(pMemBlock->dec));
|
|
||||||
|
|
||||||
free(pMemBlock);
|
free(pMemBlock);
|
||||||
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
#else
|
|
||||||
return TRUE;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOL CryptProtectData(DATA_BLOB* pDataIn, LPCWSTR szDataDescr, DATA_BLOB* pOptionalEntropy,
|
BOOL CryptProtectData(DATA_BLOB* pDataIn, LPCWSTR szDataDescr, DATA_BLOB* pOptionalEntropy,
|
||||||
|
|||||||
@ -22,12 +22,6 @@
|
|||||||
|
|
||||||
#ifndef _WIN32
|
#ifndef _WIN32
|
||||||
|
|
||||||
#ifdef WITH_OPENSSL
|
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
|
||||||
#include <openssl/aes.h>
|
|
||||||
#include <openssl/rand.h>
|
|
||||||
|
|
||||||
struct _WINPR_PROTECTED_MEMORY_BLOCK
|
struct _WINPR_PROTECTED_MEMORY_BLOCK
|
||||||
{
|
{
|
||||||
BYTE* pData;
|
BYTE* pData;
|
||||||
@ -36,13 +30,9 @@ struct _WINPR_PROTECTED_MEMORY_BLOCK
|
|||||||
BYTE key[32];
|
BYTE key[32];
|
||||||
BYTE iv[32];
|
BYTE iv[32];
|
||||||
BYTE salt[8];
|
BYTE salt[8];
|
||||||
EVP_CIPHER_CTX enc;
|
|
||||||
EVP_CIPHER_CTX dec;
|
|
||||||
};
|
};
|
||||||
typedef struct _WINPR_PROTECTED_MEMORY_BLOCK WINPR_PROTECTED_MEMORY_BLOCK;
|
typedef struct _WINPR_PROTECTED_MEMORY_BLOCK WINPR_PROTECTED_MEMORY_BLOCK;
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
struct _WINPR_CERTSTORE
|
struct _WINPR_CERTSTORE
|
||||||
{
|
{
|
||||||
LPCSTR lpszStoreProvider;
|
LPCSTR lpszStoreProvider;
|
||||||
|
|||||||
@ -263,9 +263,9 @@ int makecert_print_command_line_help(int argc, char** argv)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef WITH_OPENSSL
|
||||||
int x509_add_ext(X509* cert, int nid, char* value)
|
int x509_add_ext(X509* cert, int nid, char* value)
|
||||||
{
|
{
|
||||||
#ifdef WITH_OPENSSL
|
|
||||||
X509V3_CTX ctx;
|
X509V3_CTX ctx;
|
||||||
X509_EXTENSION* ext;
|
X509_EXTENSION* ext;
|
||||||
|
|
||||||
@ -279,10 +279,10 @@ int x509_add_ext(X509* cert, int nid, char* value)
|
|||||||
|
|
||||||
X509_add_ext(cert, ext, -1);
|
X509_add_ext(cert, ext, -1);
|
||||||
X509_EXTENSION_free(ext);
|
X509_EXTENSION_free(ext);
|
||||||
#endif
|
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
char* x509_name_parse(char* name, char* txt, int* length)
|
char* x509_name_parse(char* name, char* txt, int* length)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user