Lines 183-189
void adjust_v2_header_byteorder(cencrypted_v2_pwheader *pwhdr) {
Link Here
|
183 |
pwhdr->encrypted_keyblob_size = htonl(pwhdr->encrypted_keyblob_size); |
183 |
pwhdr->encrypted_keyblob_size = htonl(pwhdr->encrypted_keyblob_size); |
184 |
} |
184 |
} |
185 |
|
185 |
|
186 |
HMAC_CTX hmacsha1_ctx; |
186 |
HMAC_CTX *hmacsha1_ctx; |
187 |
AES_KEY aes_decrypt_key; |
187 |
AES_KEY aes_decrypt_key; |
188 |
int CHUNK_SIZE=4096; // default |
188 |
int CHUNK_SIZE=4096; // default |
189 |
|
189 |
|
Lines 196-204
void compute_iv(uint32_t chunk_no, uint8_t *iv) {
Link Here
|
196 |
unsigned int mdLen; |
196 |
unsigned int mdLen; |
197 |
|
197 |
|
198 |
chunk_no = OSSwapHostToBigInt32(chunk_no); |
198 |
chunk_no = OSSwapHostToBigInt32(chunk_no); |
199 |
HMAC_Init_ex(&hmacsha1_ctx, NULL, 0, NULL, NULL); |
199 |
HMAC_Init_ex(hmacsha1_ctx, NULL, 0, NULL, NULL); |
200 |
HMAC_Update(&hmacsha1_ctx, (void *) &chunk_no, sizeof(uint32_t)); |
200 |
HMAC_Update(hmacsha1_ctx, (void *) &chunk_no, sizeof(uint32_t)); |
201 |
HMAC_Final(&hmacsha1_ctx, mdResult, &mdLen); |
201 |
HMAC_Final(hmacsha1_ctx, mdResult, &mdLen); |
202 |
memcpy(iv, mdResult, CIPHER_BLOCKSIZE); |
202 |
memcpy(iv, mdResult, CIPHER_BLOCKSIZE); |
203 |
} |
203 |
} |
204 |
|
204 |
|
Lines 212-263
void decrypt_chunk(uint8_t *ctext, uint8_t *ptext, uint32_t chunk_no) {
Link Here
|
212 |
/* DES3-EDE unwrap operation loosely based on to RFC 2630, section 12.6 |
212 |
/* DES3-EDE unwrap operation loosely based on to RFC 2630, section 12.6 |
213 |
* wrapped_key has to be 40 bytes in length. */ |
213 |
* wrapped_key has to be 40 bytes in length. */ |
214 |
int apple_des3_ede_unwrap_key(uint8_t *wrapped_key, int wrapped_key_len, uint8_t *decryptKey, uint8_t *unwrapped_key) { |
214 |
int apple_des3_ede_unwrap_key(uint8_t *wrapped_key, int wrapped_key_len, uint8_t *decryptKey, uint8_t *unwrapped_key) { |
215 |
EVP_CIPHER_CTX ctx; |
215 |
EVP_CIPHER_CTX *ctx; |
216 |
uint8_t *TEMP1, *TEMP2, *CEKICV; |
216 |
uint8_t *TEMP1, *TEMP2, *CEKICV; |
217 |
uint8_t IV[8] = { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; |
217 |
uint8_t IV[8] = { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; |
218 |
int outlen, tmplen, i; |
218 |
int outlen, tmplen, i; |
219 |
|
219 |
|
220 |
EVP_CIPHER_CTX_init(&ctx); |
220 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
|
|
221 |
ctx = EVP_CIPHER_CTX_new(); |
222 |
#else |
223 |
ctx = malloc(sizeof(*ctx)); |
224 |
#endif |
225 |
if (!ctx) { |
226 |
fprintf(stderr, "Out of memory: EVP_CIPHER_CTX!\n"); |
227 |
return(-1); |
228 |
} |
229 |
|
230 |
EVP_CIPHER_CTX_init(ctx); |
221 |
/* result of the decryption operation shouldn't be bigger than ciphertext */ |
231 |
/* result of the decryption operation shouldn't be bigger than ciphertext */ |
222 |
TEMP1 = malloc(wrapped_key_len); |
232 |
TEMP1 = malloc(wrapped_key_len); |
223 |
TEMP2 = malloc(wrapped_key_len); |
233 |
TEMP2 = malloc(wrapped_key_len); |
224 |
CEKICV = malloc(wrapped_key_len); |
234 |
CEKICV = malloc(wrapped_key_len); |
225 |
/* uses PKCS#7 padding for symmetric key operations by default */ |
235 |
/* uses PKCS#7 padding for symmetric key operations by default */ |
226 |
EVP_DecryptInit_ex(&ctx, EVP_des_ede3_cbc(), NULL, decryptKey, IV); |
236 |
EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, decryptKey, IV); |
227 |
|
237 |
|
228 |
if(!EVP_DecryptUpdate(&ctx, TEMP1, &outlen, wrapped_key, wrapped_key_len)) { |
238 |
if(!EVP_DecryptUpdate(ctx, TEMP1, &outlen, wrapped_key, wrapped_key_len)) { |
229 |
fprintf(stderr, "internal error (1) during key unwrap operation!\n"); |
239 |
fprintf(stderr, "internal error (1) during key unwrap operation!\n"); |
230 |
return(-1); |
240 |
return(-1); |
231 |
} |
241 |
} |
232 |
if(!EVP_DecryptFinal_ex(&ctx, TEMP1 + outlen, &tmplen)) { |
242 |
if(!EVP_DecryptFinal_ex(ctx, TEMP1 + outlen, &tmplen)) { |
233 |
fprintf(stderr, "internal error (2) during key unwrap operation!\n"); |
243 |
fprintf(stderr, "internal error (2) during key unwrap operation!\n"); |
234 |
return(-1); |
244 |
return(-1); |
235 |
} |
245 |
} |
236 |
outlen += tmplen; |
246 |
outlen += tmplen; |
237 |
EVP_CIPHER_CTX_cleanup(&ctx); |
247 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
|
|
248 |
EVP_CIPHER_CTX_reset(ctx); |
249 |
#else |
250 |
EVP_CIPHER_CTX_cleanup(ctx); |
251 |
#endif |
238 |
|
252 |
|
239 |
/* reverse order of TEMP3 */ |
253 |
/* reverse order of TEMP3 */ |
240 |
for(i = 0; i < outlen; i++) TEMP2[i] = TEMP1[outlen - i - 1]; |
254 |
for(i = 0; i < outlen; i++) TEMP2[i] = TEMP1[outlen - i - 1]; |
241 |
|
255 |
|
242 |
EVP_CIPHER_CTX_init(&ctx); |
256 |
EVP_CIPHER_CTX_init(ctx); |
243 |
/* uses PKCS#7 padding for symmetric key operations by default */ |
257 |
/* uses PKCS#7 padding for symmetric key operations by default */ |
244 |
EVP_DecryptInit_ex(&ctx, EVP_des_ede3_cbc(), NULL, decryptKey, TEMP2); |
258 |
EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, decryptKey, TEMP2); |
245 |
if(!EVP_DecryptUpdate(&ctx, CEKICV, &outlen, TEMP2+8, outlen-8)) { |
259 |
if(!EVP_DecryptUpdate(ctx, CEKICV, &outlen, TEMP2+8, outlen-8)) { |
246 |
fprintf(stderr, "internal error (3) during key unwrap operation!\n"); |
260 |
fprintf(stderr, "internal error (3) during key unwrap operation!\n"); |
247 |
return(-1); |
261 |
return(-1); |
248 |
} |
262 |
} |
249 |
if(!EVP_DecryptFinal_ex(&ctx, CEKICV + outlen, &tmplen)) { |
263 |
if(!EVP_DecryptFinal_ex(ctx, CEKICV + outlen, &tmplen)) { |
250 |
fprintf(stderr, "internal error (4) during key unwrap operation!\n"); |
264 |
fprintf(stderr, "internal error (4) during key unwrap operation!\n"); |
251 |
return(-1); |
265 |
return(-1); |
252 |
} |
266 |
} |
253 |
|
267 |
|
254 |
outlen += tmplen; |
268 |
outlen += tmplen; |
255 |
EVP_CIPHER_CTX_cleanup(&ctx); |
269 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
|
|
270 |
EVP_CIPHER_CTX_reset(ctx); |
271 |
#else |
272 |
EVP_CIPHER_CTX_cleanup(ctx); |
273 |
#endif |
256 |
|
274 |
|
257 |
memcpy(unwrapped_key, CEKICV+4, outlen-4); |
275 |
memcpy(unwrapped_key, CEKICV+4, outlen-4); |
258 |
free(TEMP1); |
276 |
free(TEMP1); |
259 |
free(TEMP2); |
277 |
free(TEMP2); |
260 |
free(CEKICV); |
278 |
free(CEKICV); |
|
|
279 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
280 |
EVP_CIPHER_CTX_free(ctx); |
281 |
#else |
282 |
free(ctx); |
283 |
#endif |
261 |
return(0); |
284 |
return(0); |
262 |
} |
285 |
} |
263 |
|
286 |
|
Lines 279-309
int unwrap_v1_header(char *passphrase, cencrypted_v1_header *header, uint8_t *ae
Link Here
|
279 |
int unwrap_v2_header(char *passphrase, cencrypted_v2_pwheader *header, uint8_t *aes_key, uint8_t *hmacsha1_key) { |
302 |
int unwrap_v2_header(char *passphrase, cencrypted_v2_pwheader *header, uint8_t *aes_key, uint8_t *hmacsha1_key) { |
280 |
/* derived key is a 3DES-EDE key */ |
303 |
/* derived key is a 3DES-EDE key */ |
281 |
uint8_t derived_key[192/8]; |
304 |
uint8_t derived_key[192/8]; |
282 |
EVP_CIPHER_CTX ctx; |
305 |
EVP_CIPHER_CTX *ctx; |
283 |
uint8_t *TEMP1; |
306 |
uint8_t *TEMP1; |
284 |
int outlen, tmplen; |
307 |
int outlen, tmplen; |
285 |
|
308 |
|
|
|
309 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
310 |
ctx = EVP_CIPHER_CTX_new(); |
311 |
#else |
312 |
ctx = malloc(sizeof(*ctx)); |
313 |
#endif |
314 |
if (!ctx) { |
315 |
fprintf(stderr, "Out of memory: EVP_CIPHER_CTX!\n"); |
316 |
return(-1); |
317 |
} |
318 |
|
286 |
PKCS5_PBKDF2_HMAC_SHA1(passphrase, strlen(passphrase), (unsigned char*)header->kdf_salt, 20, |
319 |
PKCS5_PBKDF2_HMAC_SHA1(passphrase, strlen(passphrase), (unsigned char*)header->kdf_salt, 20, |
287 |
PBKDF2_ITERATION_COUNT, sizeof(derived_key), derived_key); |
320 |
PBKDF2_ITERATION_COUNT, sizeof(derived_key), derived_key); |
288 |
|
321 |
|
289 |
print_hex(derived_key, 192/8); |
322 |
print_hex(derived_key, 192/8); |
290 |
|
323 |
|
291 |
EVP_CIPHER_CTX_init(&ctx); |
324 |
EVP_CIPHER_CTX_init(ctx); |
292 |
/* result of the decryption operation shouldn't be bigger than ciphertext */ |
325 |
/* result of the decryption operation shouldn't be bigger than ciphertext */ |
293 |
TEMP1 = malloc(header->encrypted_keyblob_size); |
326 |
TEMP1 = malloc(header->encrypted_keyblob_size); |
294 |
/* uses PKCS#7 padding for symmetric key operations by default */ |
327 |
/* uses PKCS#7 padding for symmetric key operations by default */ |
295 |
EVP_DecryptInit_ex(&ctx, EVP_des_ede3_cbc(), NULL, derived_key, header->blob_enc_iv); |
328 |
EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, derived_key, header->blob_enc_iv); |
296 |
|
329 |
|
297 |
if(!EVP_DecryptUpdate(&ctx, TEMP1, &outlen, header->encrypted_keyblob, header->encrypted_keyblob_size)) { |
330 |
if(!EVP_DecryptUpdate(ctx, TEMP1, &outlen, header->encrypted_keyblob, header->encrypted_keyblob_size)) { |
298 |
fprintf(stderr, "internal error (1) during key unwrap operation!\n"); |
331 |
fprintf(stderr, "internal error (1) during key unwrap operation!\n"); |
299 |
return(-1); |
332 |
return(-1); |
300 |
} |
333 |
} |
301 |
if(!EVP_DecryptFinal_ex(&ctx, TEMP1 + outlen, &tmplen)) { |
334 |
if(!EVP_DecryptFinal_ex(ctx, TEMP1 + outlen, &tmplen)) { |
302 |
fprintf(stderr, "internal error (2) during key unwrap operation!\n"); |
335 |
fprintf(stderr, "internal error (2) during key unwrap operation!\n"); |
303 |
return(-1); |
336 |
return(-1); |
304 |
} |
337 |
} |
305 |
outlen += tmplen; |
338 |
outlen += tmplen; |
306 |
EVP_CIPHER_CTX_cleanup(&ctx); |
339 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
|
|
340 |
EVP_CIPHER_CTX_free(ctx); |
341 |
#else |
342 |
EVP_CIPHER_CTX_cleanup(ctx); |
343 |
free(ctx); |
344 |
#endif |
307 |
memcpy(aes_key, TEMP1, 16); |
345 |
memcpy(aes_key, TEMP1, 16); |
308 |
memcpy(hmacsha1_key, TEMP1, 20); |
346 |
memcpy(hmacsha1_key, TEMP1, 20); |
309 |
|
347 |
|
Lines 446-453
int main(int argc, char *argv[]) {
Link Here
|
446 |
CHUNK_SIZE = v2header.blocksize; |
484 |
CHUNK_SIZE = v2header.blocksize; |
447 |
} |
485 |
} |
448 |
|
486 |
|
449 |
HMAC_CTX_init(&hmacsha1_ctx); |
487 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
450 |
HMAC_Init_ex(&hmacsha1_ctx, hmacsha1_key, sizeof(hmacsha1_key), EVP_sha1(), NULL); |
488 |
hmacsha1_ctx = HMAC_CTX_new(); |
|
|
489 |
#else |
490 |
hmacsha1_ctx = malloc(sizeof(*hmacsha1_ctx)); |
491 |
#endif |
492 |
if (!hmacsha1_ctx) { |
493 |
fprintf(stderr, "Out of memory: HMAC CTX!\n"); |
494 |
exit(1); |
495 |
} |
496 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
497 |
HMAC_CTX_reset(hmacsha1_ctx); |
498 |
#else |
499 |
HMAC_CTX_init(hmacsha1_ctx); |
500 |
#endif |
501 |
HMAC_Init_ex(hmacsha1_ctx, hmacsha1_key, sizeof(hmacsha1_key), EVP_sha1(), NULL); |
451 |
AES_set_decrypt_key(aes_key, CIPHER_KEY_LENGTH * 8, &aes_decrypt_key); |
502 |
AES_set_decrypt_key(aes_key, CIPHER_KEY_LENGTH * 8, &aes_decrypt_key); |
452 |
|
503 |
|
453 |
if (verbose >= 1) { |
504 |
if (verbose >= 1) { |
Lines 472-476
int main(int argc, char *argv[]) {
Link Here
|
472 |
} |
523 |
} |
473 |
|
524 |
|
474 |
if (verbose) fprintf(stderr, "%"PRIX32" chunks written\n", chunk_no); |
525 |
if (verbose) fprintf(stderr, "%"PRIX32" chunks written\n", chunk_no); |
|
|
526 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
527 |
HMAC_CTX_free(hmacsha1_ctx); |
528 |
#else |
529 |
HMAC_CTX_cleanup(hmacsha1_ctx); |
530 |
free(hmacsha1_ctx); |
531 |
#endif |
475 |
return(0); |
532 |
return(0); |
476 |
} |
533 |
} |