commit
d11be9025d
@ -514,7 +514,7 @@ static BOOL freerdp_assistance_parse_attr_uint32(UINT32* opt, const char* key, c
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
*opt = val;
|
||||
*opt = (UINT32)val;
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
@ -851,27 +851,25 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* pas
|
||||
BOOL rc = 0;
|
||||
size_t cbPasswordW = 0;
|
||||
size_t cbPassStubW = 0;
|
||||
size_t EncryptedSize = 0;
|
||||
BYTE PasswordHash[WINPR_MD5_DIGEST_LENGTH];
|
||||
WINPR_CIPHER_CTX* rc4Ctx = NULL;
|
||||
BYTE PasswordHash[WINPR_MD5_DIGEST_LENGTH] = { 0 };
|
||||
WINPR_RC4_CTX* rc4Ctx = NULL;
|
||||
BYTE* pbIn = NULL;
|
||||
BYTE* pbOut = NULL;
|
||||
size_t cbOut = 0;
|
||||
size_t cbIn = 0;
|
||||
size_t cbFinal = 0;
|
||||
BYTE* res = NULL;
|
||||
WCHAR* PasswordW = ConvertUtf8ToWCharAlloc(password, &cbPasswordW);
|
||||
WCHAR* PassStubW = ConvertUtf8ToWCharAlloc(passStub, &cbPassStubW);
|
||||
|
||||
cbPasswordW = (cbPasswordW) * sizeof(WCHAR);
|
||||
cbPassStubW = (cbPassStubW) * sizeof(WCHAR);
|
||||
const size_t EncryptedSize = cbPassStubW + 4;
|
||||
|
||||
if (!PasswordW || !PassStubW)
|
||||
goto fail;
|
||||
|
||||
cbPasswordW = (cbPasswordW) * sizeof(WCHAR);
|
||||
cbPassStubW = (cbPassStubW) * sizeof(WCHAR);
|
||||
if (!winpr_Digest(WINPR_MD_MD5, (BYTE*)PasswordW, cbPasswordW, (BYTE*)PasswordHash,
|
||||
sizeof(PasswordHash)))
|
||||
goto fail;
|
||||
|
||||
EncryptedSize = cbPassStubW + 4;
|
||||
pbIn = (BYTE*)calloc(1, EncryptedSize);
|
||||
pbOut = (BYTE*)calloc(1, EncryptedSize);
|
||||
|
||||
@ -880,7 +878,7 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* pas
|
||||
|
||||
*((UINT32*)pbIn) = (UINT32)cbPassStubW;
|
||||
CopyMemory(&pbIn[4], PassStubW, cbPassStubW);
|
||||
rc4Ctx = winpr_Cipher_New(WINPR_CIPHER_ARC4_128, WINPR_ENCRYPT, PasswordHash, NULL);
|
||||
rc4Ctx = winpr_RC4_New(PasswordHash, sizeof(PasswordHash));
|
||||
|
||||
if (!rc4Ctx)
|
||||
{
|
||||
@ -888,35 +886,24 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* pas
|
||||
goto fail;
|
||||
}
|
||||
|
||||
cbOut = cbFinal = 0;
|
||||
cbIn = EncryptedSize;
|
||||
rc = winpr_Cipher_Update(rc4Ctx, pbIn, cbIn, pbOut, &cbOut);
|
||||
rc = winpr_RC4_Update(rc4Ctx, EncryptedSize, pbIn, pbOut);
|
||||
|
||||
if (!rc)
|
||||
{
|
||||
WLog_ERR(TAG, "winpr_Cipher_Update failure");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (!winpr_Cipher_Final(rc4Ctx, pbOut + cbOut, &cbFinal))
|
||||
{
|
||||
WLog_ERR(TAG, "winpr_Cipher_Final failure");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
winpr_Cipher_Free(rc4Ctx);
|
||||
free(pbIn);
|
||||
free(PasswordW);
|
||||
free(PassStubW);
|
||||
*pEncryptedSize = EncryptedSize;
|
||||
return pbOut;
|
||||
res = pbOut;
|
||||
fail:
|
||||
winpr_Cipher_Free(rc4Ctx);
|
||||
winpr_RC4_Free(rc4Ctx);
|
||||
free(PasswordW);
|
||||
free(PassStubW);
|
||||
free(pbIn);
|
||||
if (!res)
|
||||
free(pbOut);
|
||||
return NULL;
|
||||
else
|
||||
*pEncryptedSize = EncryptedSize;
|
||||
return res;
|
||||
}
|
||||
|
||||
static BOOL freerdp_assistance_decrypt2(rdpAssistanceFile* file)
|
||||
@ -959,7 +946,8 @@ static BOOL freerdp_assistance_decrypt2(rdpAssistanceFile* file)
|
||||
goto fail;
|
||||
|
||||
aesDec =
|
||||
winpr_Cipher_New(WINPR_CIPHER_AES_128_CBC, WINPR_DECRYPT, DerivedKey, InitializationVector);
|
||||
winpr_Cipher_NewEx(WINPR_CIPHER_AES_128_CBC, WINPR_DECRYPT, DerivedKey, sizeof(DerivedKey),
|
||||
InitializationVector, sizeof(InitializationVector));
|
||||
|
||||
if (!aesDec)
|
||||
goto fail;
|
||||
|
@ -7,6 +7,10 @@
|
||||
#include <freerdp/assistance.h>
|
||||
|
||||
static const char TEST_MSRC_INCIDENT_PASSWORD_TYPE1[] = "Password1";
|
||||
static const BYTE TEST_MSRC_INCIDENT_PASSWORD_TYPE1_ENC[32] = {
|
||||
0x3c, 0x9c, 0xae, 0xb, 0xce, 0x7a, 0xb1, 0x5c, 0x8a, 0xac, 0x1, 0xd6, 0x76, 0x4, 0x5e, 0xdf,
|
||||
0x3f, 0xfa, 0xf0, 0x92, 0xe2, 0xde, 0x36, 0x8a, 0x20, 0x17, 0xe6, 0x8a, 0xd, 0xed, 0x7c, 0x90
|
||||
};
|
||||
|
||||
static const char TEST_MSRC_INCIDENT_FILE_TYPE1[] =
|
||||
"<?xml version=\"1.0\" encoding=\"Unicode\" ?>"
|
||||
@ -30,6 +34,10 @@ static const BYTE TEST_MSRC_INCIDENT_EXPERT_BLOB_TYPE1[32] =
|
||||
WINPR_PRAGMA_DIAG_POP
|
||||
|
||||
static const char TEST_MSRC_INCIDENT_PASSWORD_TYPE2[] = "48BJQ853X3B4";
|
||||
static const BYTE TEST_MSRC_INCIDENT_PASSWORD_TYPE2_ENC[32] = {
|
||||
0x77, 0x7d, 0xfa, 0xae, 0x90, 0x28, 0x12, 0x4d, 0xd0, 0x2e, 0xde, 0x80, 0x14, 0x22, 0x1b, 0x4a,
|
||||
0xd1, 0xf4, 0xec, 0x13, 0x85, 0x39, 0xd7, 0x33, 0xac, 0x76, 0x78, 0x95, 0xb2, 0xd8, 0x57, 0xd9
|
||||
};
|
||||
|
||||
static const char TEST_MSRC_INCIDENT_FILE_TYPE2[] =
|
||||
"<?xml version=\"1.0\"?>"
|
||||
@ -167,6 +175,10 @@ static const char connectionstr3[] =
|
||||
"L=\"0\"/>"
|
||||
"</UPLOADINFO>";
|
||||
static const char connectionpwd3[] = "4X638PTVZTKZ";
|
||||
static const BYTE connectionpwd3_enc[32] = { 0x15, 0x20, 0x04, 0x96, 0xaf, 0x33, 0xc6, 0xe0,
|
||||
0x1b, 0xbf, 0x4a, 0x15, 0xc9, 0xc1, 0xb8, 0x71,
|
||||
0x44, 0x3f, 0x2e, 0x93, 0xa8, 0x82, 0x35, 0x2b,
|
||||
0x24, 0x08, 0x06, 0x55, 0x16, 0x4e, 0x9d, 0x3b };
|
||||
|
||||
static BOOL run_test_parse(wLog* log, const char* input, size_t len, const char* password,
|
||||
BOOL expect)
|
||||
@ -193,7 +205,8 @@ static BOOL test_file_to_settings(wLog* log, rdpAssistanceFile* file)
|
||||
return rc;
|
||||
}
|
||||
|
||||
static BOOL test_file_from_buffer(wLog* log, const char* data, size_t size, const char* pwd)
|
||||
static BOOL test_file_from_buffer(wLog* log, const char* data, size_t size, const char* pwd,
|
||||
const BYTE* enc, size_t encsize)
|
||||
{
|
||||
BOOL rc = FALSE;
|
||||
int status = 0;
|
||||
@ -231,6 +244,14 @@ static BOOL test_file_from_buffer(wLog* log, const char* data, size_t size, cons
|
||||
|
||||
WLog_Print(log, WLOG_INFO, "expertBlob='%s'", expertBlob);
|
||||
}
|
||||
if (encsize != EncryptedPassStubLength)
|
||||
goto fail;
|
||||
if (encsize > 0)
|
||||
{
|
||||
if (memcmp(EncryptedPassStub, enc, encsize) != 0)
|
||||
goto fail;
|
||||
}
|
||||
|
||||
rc = test_file_to_settings(log, file);
|
||||
fail:
|
||||
freerdp_assistance_file_free(file);
|
||||
@ -241,21 +262,24 @@ fail:
|
||||
|
||||
static BOOL test_msrsc_incident_file_type1(wLog* log)
|
||||
{
|
||||
return test_file_from_buffer(log, TEST_MSRC_INCIDENT_FILE_TYPE1,
|
||||
sizeof(TEST_MSRC_INCIDENT_FILE_TYPE1),
|
||||
TEST_MSRC_INCIDENT_PASSWORD_TYPE1);
|
||||
return test_file_from_buffer(
|
||||
log, TEST_MSRC_INCIDENT_FILE_TYPE1, sizeof(TEST_MSRC_INCIDENT_FILE_TYPE1),
|
||||
TEST_MSRC_INCIDENT_PASSWORD_TYPE1, TEST_MSRC_INCIDENT_PASSWORD_TYPE1_ENC,
|
||||
sizeof(TEST_MSRC_INCIDENT_PASSWORD_TYPE1_ENC));
|
||||
}
|
||||
|
||||
static BOOL test_msrsc_incident_file_type2(wLog* log)
|
||||
{
|
||||
if (!test_file_from_buffer(log, connectionstr2, sizeof(connectionstr2),
|
||||
TEST_MSRC_INCIDENT_PASSWORD_TYPE2))
|
||||
TEST_MSRC_INCIDENT_PASSWORD_TYPE2, NULL, 0))
|
||||
return FALSE;
|
||||
if (!test_file_from_buffer(log, connectionstr3, sizeof(connectionstr3), connectionpwd3))
|
||||
if (!test_file_from_buffer(log, connectionstr3, sizeof(connectionstr3), connectionpwd3,
|
||||
connectionpwd3_enc, sizeof(connectionpwd3_enc)))
|
||||
return FALSE;
|
||||
if (!test_file_from_buffer(log, TEST_MSRC_INCIDENT_FILE_TYPE2,
|
||||
sizeof(TEST_MSRC_INCIDENT_FILE_TYPE2),
|
||||
TEST_MSRC_INCIDENT_PASSWORD_TYPE2))
|
||||
if (!test_file_from_buffer(
|
||||
log, TEST_MSRC_INCIDENT_FILE_TYPE2, sizeof(TEST_MSRC_INCIDENT_FILE_TYPE2),
|
||||
TEST_MSRC_INCIDENT_PASSWORD_TYPE2, TEST_MSRC_INCIDENT_PASSWORD_TYPE2_ENC,
|
||||
sizeof(TEST_MSRC_INCIDENT_PASSWORD_TYPE2_ENC)))
|
||||
return FALSE;
|
||||
return TRUE;
|
||||
}
|
||||
|
@ -799,8 +799,9 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp)
|
||||
|
||||
if (settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
|
||||
{
|
||||
rdp->fips_encrypt = winpr_Cipher_New(WINPR_CIPHER_DES_EDE3_CBC, WINPR_ENCRYPT,
|
||||
rdp->fips_encrypt_key, fips_ivec);
|
||||
rdp->fips_encrypt =
|
||||
winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_ENCRYPT, rdp->fips_encrypt_key,
|
||||
sizeof(rdp->fips_encrypt_key), fips_ivec, sizeof(fips_ivec));
|
||||
|
||||
if (!rdp->fips_encrypt)
|
||||
{
|
||||
@ -808,8 +809,9 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp)
|
||||
goto end;
|
||||
}
|
||||
|
||||
rdp->fips_decrypt = winpr_Cipher_New(WINPR_CIPHER_DES_EDE3_CBC, WINPR_DECRYPT,
|
||||
rdp->fips_decrypt_key, fips_ivec);
|
||||
rdp->fips_decrypt =
|
||||
winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_DECRYPT, rdp->fips_decrypt_key,
|
||||
sizeof(rdp->fips_decrypt_key), fips_ivec, sizeof(fips_ivec));
|
||||
|
||||
if (!rdp->fips_decrypt)
|
||||
{
|
||||
@ -927,8 +929,9 @@ BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s)
|
||||
|
||||
if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
|
||||
{
|
||||
rdp->fips_encrypt = winpr_Cipher_New(WINPR_CIPHER_DES_EDE3_CBC, WINPR_ENCRYPT,
|
||||
rdp->fips_encrypt_key, fips_ivec);
|
||||
rdp->fips_encrypt =
|
||||
winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_ENCRYPT, rdp->fips_encrypt_key,
|
||||
sizeof(rdp->fips_encrypt_key), fips_ivec, sizeof(fips_ivec));
|
||||
|
||||
if (!rdp->fips_encrypt)
|
||||
{
|
||||
@ -936,8 +939,9 @@ BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s)
|
||||
goto end;
|
||||
}
|
||||
|
||||
rdp->fips_decrypt = winpr_Cipher_New(WINPR_CIPHER_DES_EDE3_CBC, WINPR_DECRYPT,
|
||||
rdp->fips_decrypt_key, fips_ivec);
|
||||
rdp->fips_decrypt =
|
||||
winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_DECRYPT, rdp->fips_decrypt_key,
|
||||
sizeof(rdp->fips_decrypt_key), fips_ivec, sizeof(fips_ivec));
|
||||
|
||||
if (!rdp->fips_decrypt)
|
||||
{
|
||||
|
@ -412,7 +412,7 @@ static WINPR_CIPHER_CTX* treatAuthBlob(const BYTE* pbInput, size_t cbInput)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ret = winpr_Cipher_New(cipherType, WINPR_ENCRYPT, Stream_Pointer(s), NULL);
|
||||
ret = winpr_Cipher_NewEx(cipherType, WINPR_ENCRYPT, Stream_Pointer(s), cbKeyData, NULL, 0);
|
||||
if (!ret)
|
||||
{
|
||||
WLog_ERR(TAG, "error creating cipher");
|
||||
|
@ -2967,14 +2967,27 @@ static void log_build_warn_cipher(rdpRdp* rdp, log_line_t* firstLine, WINPR_CIPH
|
||||
|
||||
char key[WINPR_CIPHER_MAX_KEY_LENGTH] = { 0 };
|
||||
char iv[WINPR_CIPHER_MAX_IV_LENGTH] = { 0 };
|
||||
WINPR_CIPHER_CTX* enc = winpr_Cipher_New(md, WINPR_ENCRYPT, key, iv);
|
||||
WINPR_CIPHER_CTX* dec = winpr_Cipher_New(md, WINPR_DECRYPT, key, iv);
|
||||
if (enc && dec)
|
||||
|
||||
/* RC4 only exists in the compatiblity functions winpr_RC4_*
|
||||
* winpr_Cipher_* does not support that. */
|
||||
if (md == WINPR_CIPHER_ARC4_128)
|
||||
{
|
||||
haveCipher = TRUE;
|
||||
WINPR_RC4_CTX* enc = winpr_RC4_New(key, sizeof(key));
|
||||
haveCipher = enc != NULL;
|
||||
winpr_RC4_Free(enc);
|
||||
}
|
||||
else
|
||||
{
|
||||
WINPR_CIPHER_CTX* enc =
|
||||
winpr_Cipher_NewEx(md, WINPR_ENCRYPT, key, sizeof(key), iv, sizeof(iv));
|
||||
WINPR_CIPHER_CTX* dec =
|
||||
winpr_Cipher_NewEx(md, WINPR_DECRYPT, key, sizeof(key), iv, sizeof(iv));
|
||||
if (enc && dec)
|
||||
haveCipher = TRUE;
|
||||
|
||||
winpr_Cipher_Free(enc);
|
||||
winpr_Cipher_Free(dec);
|
||||
}
|
||||
|
||||
if (!haveCipher)
|
||||
{
|
||||
|
@ -265,9 +265,32 @@ extern "C"
|
||||
WINPR_API void winpr_Cipher_Free(WINPR_CIPHER_CTX* ctx);
|
||||
|
||||
WINPR_ATTR_MALLOC(winpr_Cipher_Free, 1)
|
||||
WINPR_API WINPR_CIPHER_CTX* winpr_Cipher_New(WINPR_CIPHER_TYPE cipher,
|
||||
WINPR_API WINPR_DEPRECATED_VAR("[since 3.10.0] use winpr_Cipher_NewEx",
|
||||
WINPR_CIPHER_CTX* winpr_Cipher_New(WINPR_CIPHER_TYPE cipher,
|
||||
WINPR_CRYPTO_OPERATION op,
|
||||
const void* key,
|
||||
const void* iv));
|
||||
|
||||
/** @brief Create a new \b WINPR_CIPHER_CTX
|
||||
*
|
||||
* creates a new stream cipher. Only the ciphers supported by your SSL library are available,
|
||||
* fallback to WITH_INTERNAL_RC4 is not possible.
|
||||
*
|
||||
* @param cipher The cipher to create the context for
|
||||
* @param op Operation \b WINPR_ENCRYPT or \b WINPR_DECRYPT
|
||||
* @param key A pointer to the key material (size must match expectations for the cipher used)
|
||||
* @param keylen The length in bytes of key material
|
||||
* @param iv A pointer to the IV material (size must match expectations for the cipher used)
|
||||
* @param ivlen The length in bytes of the IV
|
||||
*
|
||||
* @return A newly allocated context or \b NULL
|
||||
*
|
||||
* @since version 3.10.0
|
||||
*/
|
||||
WINPR_ATTR_MALLOC(winpr_Cipher_Free, 1)
|
||||
WINPR_API WINPR_CIPHER_CTX* winpr_Cipher_NewEx(WINPR_CIPHER_TYPE cipher,
|
||||
WINPR_CRYPTO_OPERATION op, const void* key,
|
||||
const void* iv);
|
||||
size_t keylen, const void* iv, size_t ivlen);
|
||||
WINPR_API BOOL winpr_Cipher_SetPadding(WINPR_CIPHER_CTX* ctx, BOOL enabled);
|
||||
WINPR_API BOOL winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const void* input, size_t ilen,
|
||||
void* output, size_t* olen);
|
||||
|
@ -47,6 +47,19 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
struct winpr_cipher_ctx_private_st
|
||||
{
|
||||
WINPR_CIPHER_TYPE cipher;
|
||||
WINPR_CRYPTO_OPERATION op;
|
||||
|
||||
#ifdef WITH_OPENSSL
|
||||
EVP_CIPHER_CTX* ectx;
|
||||
#endif
|
||||
#ifdef WITH_MBEDTLS
|
||||
mbedtls_cipher_context_t* mctx;
|
||||
#endif
|
||||
};
|
||||
|
||||
/**
|
||||
* RC4
|
||||
*/
|
||||
@ -562,69 +575,95 @@ mbedtls_cipher_type_t winpr_mbedtls_get_cipher_type(int cipher)
|
||||
WINPR_CIPHER_CTX* winpr_Cipher_New(WINPR_CIPHER_TYPE cipher, WINPR_CRYPTO_OPERATION op,
|
||||
const void* key, const void* iv)
|
||||
{
|
||||
WINPR_CIPHER_CTX* ctx = NULL;
|
||||
#if defined(WITH_OPENSSL)
|
||||
int operation = 0;
|
||||
const EVP_CIPHER* evp = NULL;
|
||||
EVP_CIPHER_CTX* octx = NULL;
|
||||
return winpr_Cipher_NewEx(cipher, op, key, 0, iv, 0);
|
||||
}
|
||||
|
||||
if (!(evp = winpr_openssl_get_evp_cipher(cipher)))
|
||||
return NULL;
|
||||
|
||||
if (!(octx = EVP_CIPHER_CTX_new()))
|
||||
return NULL;
|
||||
|
||||
operation = (op == WINPR_ENCRYPT) ? 1 : 0;
|
||||
|
||||
if (EVP_CipherInit_ex(octx, evp, NULL, key, iv, operation) != 1)
|
||||
WINPR_API WINPR_CIPHER_CTX* winpr_Cipher_NewEx(WINPR_CIPHER_TYPE cipher, WINPR_CRYPTO_OPERATION op,
|
||||
const void* key, size_t keylen, const void* iv,
|
||||
size_t ivlen)
|
||||
{
|
||||
EVP_CIPHER_CTX_free(octx);
|
||||
if (cipher == WINPR_CIPHER_ARC4_128)
|
||||
{
|
||||
WLog_ERR(TAG,
|
||||
"WINPR_CIPHER_ARC4_128 (RC4) cipher not supported, use winpr_RC4_new instead");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
EVP_CIPHER_CTX_set_padding(octx, 0);
|
||||
ctx = (WINPR_CIPHER_CTX*)octx;
|
||||
WINPR_CIPHER_CTX* ctx = calloc(1, sizeof(WINPR_CIPHER_CTX));
|
||||
if (!ctx)
|
||||
return NULL;
|
||||
|
||||
ctx->cipher = cipher;
|
||||
ctx->op = op;
|
||||
|
||||
#if defined(WITH_OPENSSL)
|
||||
const EVP_CIPHER* evp = winpr_openssl_get_evp_cipher(cipher);
|
||||
if (!evp)
|
||||
goto fail;
|
||||
|
||||
ctx->ectx = EVP_CIPHER_CTX_new();
|
||||
if (!ctx->ectx)
|
||||
goto fail;
|
||||
|
||||
#if 0
|
||||
if (keylen != 0)
|
||||
{
|
||||
WINPR_ASSERT(keylen <= INT32_MAX);
|
||||
const int len = EVP_CIPHER_CTX_key_length(ctx->ectx);
|
||||
if ((len > 0) && (len != keylen))
|
||||
{
|
||||
if (EVP_CIPHER_CTX_set_key_length(ctx->ectx, (int)keylen) != 1)
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
|
||||
if (ivlen != 0)
|
||||
{
|
||||
WINPR_ASSERT(ivlen <= INT32_MAX);
|
||||
const int len = EVP_CIPHER_CTX_iv_length(ctx->ectx);
|
||||
if ((len > 0) && (ivlen != len))
|
||||
goto fail;
|
||||
}
|
||||
#endif
|
||||
|
||||
const int operation = (op == WINPR_ENCRYPT) ? 1 : 0;
|
||||
|
||||
if (EVP_CipherInit_ex(ctx->ectx, evp, NULL, key, iv, operation) != 1)
|
||||
goto fail;
|
||||
|
||||
EVP_CIPHER_CTX_set_padding(ctx->ectx, 0);
|
||||
|
||||
#elif defined(WITH_MBEDTLS)
|
||||
int key_bitlen;
|
||||
mbedtls_operation_t operation;
|
||||
mbedtls_cipher_context_t* mctx;
|
||||
mbedtls_cipher_type_t cipher_type = winpr_mbedtls_get_cipher_type(cipher);
|
||||
const mbedtls_cipher_info_t* cipher_info = mbedtls_cipher_info_from_type(cipher_type);
|
||||
|
||||
if (!cipher_info)
|
||||
return NULL;
|
||||
goto fail;
|
||||
|
||||
if (!(mctx = (mbedtls_cipher_context_t*)calloc(1, sizeof(mbedtls_cipher_context_t))))
|
||||
return NULL;
|
||||
ctx->mctx = calloc(1, sizeof(mbedtls_cipher_context_t));
|
||||
if (!ctx->mctx)
|
||||
goto fail;
|
||||
|
||||
operation = (op == WINPR_ENCRYPT) ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT;
|
||||
mbedtls_cipher_init(mctx);
|
||||
const mbedtls_operation_t operation = (op == WINPR_ENCRYPT) ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT;
|
||||
mbedtls_cipher_init(ctx->mctx);
|
||||
|
||||
if (mbedtls_cipher_setup(mctx, cipher_info) != 0)
|
||||
{
|
||||
free(mctx);
|
||||
return NULL;
|
||||
}
|
||||
if (mbedtls_cipher_setup(ctx->mctx, cipher_info) != 0)
|
||||
goto fail;
|
||||
|
||||
key_bitlen = mbedtls_cipher_get_key_bitlen(mctx);
|
||||
const int key_bitlen = mbedtls_cipher_get_key_bitlen(ctx->mctx);
|
||||
|
||||
if (mbedtls_cipher_setkey(mctx, key, key_bitlen, operation) != 0)
|
||||
{
|
||||
mbedtls_cipher_free(mctx);
|
||||
free(mctx);
|
||||
return NULL;
|
||||
}
|
||||
if (mbedtls_cipher_setkey(ctx->mctx, key, key_bitlen, operation) != 0)
|
||||
goto fail;
|
||||
|
||||
if (mbedtls_cipher_set_padding_mode(mctx, MBEDTLS_PADDING_NONE) != 0)
|
||||
{
|
||||
mbedtls_cipher_free(mctx);
|
||||
free(mctx);
|
||||
return NULL;
|
||||
}
|
||||
if (mbedtls_cipher_set_padding_mode(ctx->mctx, MBEDTLS_PADDING_NONE) != 0)
|
||||
goto fail;
|
||||
|
||||
ctx = (WINPR_CIPHER_CTX*)mctx;
|
||||
#endif
|
||||
return ctx;
|
||||
|
||||
fail:
|
||||
winpr_Cipher_Free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
BOOL winpr_Cipher_SetPadding(WINPR_CIPHER_CTX* ctx, BOOL enabled)
|
||||
@ -632,7 +671,9 @@ BOOL winpr_Cipher_SetPadding(WINPR_CIPHER_CTX* ctx, BOOL enabled)
|
||||
WINPR_ASSERT(ctx);
|
||||
|
||||
#if defined(WITH_OPENSSL)
|
||||
EVP_CIPHER_CTX_set_padding((EVP_CIPHER_CTX*)ctx, enabled);
|
||||
if (!ctx->ectx)
|
||||
return FALSE;
|
||||
EVP_CIPHER_CTX_set_padding(ctx->ectx, enabled);
|
||||
#elif defined(WITH_MBEDTLS)
|
||||
mbedtls_cipher_padding_t option = enabled ? MBEDTLS_PADDING_PKCS7 : MBEDTLS_PADDING_NONE;
|
||||
if (mbedtls_cipher_set_padding_mode((mbedtls_cipher_context_t*)ctx, option) != 0)
|
||||
@ -646,6 +687,9 @@ BOOL winpr_Cipher_SetPadding(WINPR_CIPHER_CTX* ctx, BOOL enabled)
|
||||
BOOL winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const void* input, size_t ilen, void* output,
|
||||
size_t* olen)
|
||||
{
|
||||
WINPR_ASSERT(ctx);
|
||||
WINPR_ASSERT(olen);
|
||||
|
||||
#if defined(WITH_OPENSSL)
|
||||
int outl = (int)*olen;
|
||||
|
||||
@ -655,16 +699,16 @@ BOOL winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const void* input, size_t ilen,
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
WINPR_ASSERT(ctx);
|
||||
if (EVP_CipherUpdate((EVP_CIPHER_CTX*)ctx, output, &outl, input, (int)ilen) == 1)
|
||||
WINPR_ASSERT(ctx->ectx);
|
||||
if (EVP_CipherUpdate(ctx->ectx, output, &outl, input, (int)ilen) == 1)
|
||||
{
|
||||
*olen = (size_t)outl;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
#elif defined(WITH_MBEDTLS)
|
||||
|
||||
if (mbedtls_cipher_update((mbedtls_cipher_context_t*)ctx, input, ilen, output, olen) == 0)
|
||||
WINPR_ASSERT(ctx->mctx);
|
||||
if (mbedtls_cipher_update(ctx->mctx, input, ilen, output, olen) == 0)
|
||||
return TRUE;
|
||||
|
||||
#endif
|
||||
@ -675,10 +719,13 @@ BOOL winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const void* input, size_t ilen,
|
||||
|
||||
BOOL winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, void* output, size_t* olen)
|
||||
{
|
||||
WINPR_ASSERT(ctx);
|
||||
|
||||
#if defined(WITH_OPENSSL)
|
||||
int outl = (int)*olen;
|
||||
|
||||
if (EVP_CipherFinal_ex((EVP_CIPHER_CTX*)ctx, output, &outl) == 1)
|
||||
WINPR_ASSERT(ctx->ectx);
|
||||
if (EVP_CipherFinal_ex(ctx->ectx, output, &outl) == 1)
|
||||
{
|
||||
*olen = (size_t)outl;
|
||||
return TRUE;
|
||||
@ -686,10 +733,12 @@ BOOL winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, void* output, size_t* olen)
|
||||
|
||||
#elif defined(WITH_MBEDTLS)
|
||||
|
||||
if (mbedtls_cipher_finish((mbedtls_cipher_context_t*)ctx, output, olen) == 0)
|
||||
WINPR_ASSERT(ctx->mctx);
|
||||
if (mbedtls_cipher_finish(ctx->mctx, output, olen) == 0)
|
||||
return TRUE;
|
||||
|
||||
#endif
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@ -699,11 +748,17 @@ void winpr_Cipher_Free(WINPR_CIPHER_CTX* ctx)
|
||||
return;
|
||||
|
||||
#if defined(WITH_OPENSSL)
|
||||
EVP_CIPHER_CTX_free((EVP_CIPHER_CTX*)ctx);
|
||||
if (ctx->ectx)
|
||||
EVP_CIPHER_CTX_free(ctx->ectx);
|
||||
#elif defined(WITH_MBEDTLS)
|
||||
mbedtls_cipher_free((mbedtls_cipher_context_t*)ctx);
|
||||
free(ctx);
|
||||
if (ctx->mctx)
|
||||
{
|
||||
mbedtls_cipher_free(ctx->mctx);
|
||||
free(ctx->mctx);
|
||||
}
|
||||
#endif
|
||||
|
||||
free(ctx);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -789,7 +844,7 @@ int winpr_Cipher_BytesToKey(int cipher, WINPR_MD_TYPE md, const void* salt, cons
|
||||
goto err;
|
||||
}
|
||||
|
||||
i = 0;
|
||||
unsigned int i = 0;
|
||||
|
||||
if (nkey)
|
||||
{
|
||||
|
@ -186,8 +186,9 @@ BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
||||
if (!pCipherText)
|
||||
goto out;
|
||||
|
||||
if ((enc = winpr_Cipher_New(WINPR_CIPHER_AES_256_CBC, WINPR_ENCRYPT, pMemBlock->key,
|
||||
pMemBlock->iv)) == NULL)
|
||||
if ((enc = winpr_Cipher_NewEx(WINPR_CIPHER_AES_256_CBC, WINPR_ENCRYPT, pMemBlock->key,
|
||||
sizeof(pMemBlock->key), pMemBlock->iv, sizeof(pMemBlock->iv))) ==
|
||||
NULL)
|
||||
goto out;
|
||||
if (!winpr_Cipher_Update(enc, pMemBlock->pData, pMemBlock->cbData, pCipherText, &cbOut))
|
||||
goto out;
|
||||
@ -234,8 +235,9 @@ BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
||||
if (!pPlainText)
|
||||
goto out;
|
||||
|
||||
if ((dec = winpr_Cipher_New(WINPR_CIPHER_AES_256_CBC, WINPR_DECRYPT, pMemBlock->key,
|
||||
pMemBlock->iv)) == NULL)
|
||||
if ((dec = winpr_Cipher_NewEx(WINPR_CIPHER_AES_256_CBC, WINPR_DECRYPT, pMemBlock->key,
|
||||
sizeof(pMemBlock->key), pMemBlock->iv, sizeof(pMemBlock->iv))) ==
|
||||
NULL)
|
||||
goto out;
|
||||
if (!winpr_Cipher_Update(dec, pMemBlock->pData, pMemBlock->cbData, pPlainText, &cbOut))
|
||||
goto out;
|
||||
|
@ -4,12 +4,11 @@
|
||||
#include <winpr/crypto.h>
|
||||
#include <winpr/ssl.h>
|
||||
|
||||
static BOOL test_crypto_cipher_aes_128_cbc(void)
|
||||
static BOOL test_crypto_cipher_aes_128_cbc(BOOL ex)
|
||||
{
|
||||
WINPR_CIPHER_CTX* ctx = NULL;
|
||||
BOOL result = FALSE;
|
||||
BYTE key[] = "0123456789abcdeF";
|
||||
BYTE iv[] = "1234567887654321";
|
||||
BYTE key[16] = "0123456789abcdeF";
|
||||
BYTE iv[16] = "1234567887654321";
|
||||
BYTE ibuf[1024] = { 0 };
|
||||
BYTE obuf[1024] = { 0 };
|
||||
size_t ilen = 0;
|
||||
@ -20,7 +19,13 @@ static BOOL test_crypto_cipher_aes_128_cbc(void)
|
||||
|
||||
/* encrypt */
|
||||
|
||||
if (!(ctx = winpr_Cipher_New(WINPR_CIPHER_AES_128_CBC, WINPR_ENCRYPT, key, iv)))
|
||||
WINPR_CIPHER_CTX* ctx = NULL;
|
||||
if (ex)
|
||||
ctx = winpr_Cipher_NewEx(WINPR_CIPHER_AES_128_CBC, WINPR_ENCRYPT, key, sizeof(key), iv,
|
||||
sizeof(iv));
|
||||
else
|
||||
ctx = winpr_Cipher_New(WINPR_CIPHER_AES_128_CBC, WINPR_ENCRYPT, key, iv);
|
||||
if (!ctx)
|
||||
{
|
||||
(void)fprintf(stderr, "%s: winpr_Cipher_New (encrypt) failed\n", __func__);
|
||||
return FALSE;
|
||||
@ -219,7 +224,10 @@ int TestCryptoCipher(int argc, char* argv[])
|
||||
|
||||
winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
|
||||
|
||||
if (!test_crypto_cipher_aes_128_cbc())
|
||||
if (!test_crypto_cipher_aes_128_cbc(TRUE))
|
||||
return -1;
|
||||
|
||||
if (!test_crypto_cipher_aes_128_cbc(FALSE))
|
||||
return -1;
|
||||
|
||||
if (!test_crypto_cipher_rc4())
|
||||
|
Loading…
Reference in New Issue
Block a user