|
Lines 183-189
void adjust_v2_header_byteorder(cencrypted_v2_pwheader *pwhdr) {
Link Here
|
| 183 |
pwhdr->encrypted_keyblob_size = htonl(pwhdr->encrypted_keyblob_size); |
183 |
pwhdr->encrypted_keyblob_size = htonl(pwhdr->encrypted_keyblob_size); |
| 184 |
} |
184 |
} |
| 185 |
|
185 |
|
| 186 |
HMAC_CTX hmacsha1_ctx; |
186 |
HMAC_CTX *hmacsha1_ctx; |
| 187 |
AES_KEY aes_decrypt_key; |
187 |
AES_KEY aes_decrypt_key; |
| 188 |
int CHUNK_SIZE=4096; // default |
188 |
int CHUNK_SIZE=4096; // default |
| 189 |
|
189 |
|
|
Lines 196-204
void compute_iv(uint32_t chunk_no, uint8_t *iv) {
Link Here
|
| 196 |
unsigned int mdLen; |
196 |
unsigned int mdLen; |
| 197 |
|
197 |
|
| 198 |
chunk_no = OSSwapHostToBigInt32(chunk_no); |
198 |
chunk_no = OSSwapHostToBigInt32(chunk_no); |
| 199 |
HMAC_Init_ex(&hmacsha1_ctx, NULL, 0, NULL, NULL); |
199 |
HMAC_Init_ex(hmacsha1_ctx, NULL, 0, NULL, NULL); |
| 200 |
HMAC_Update(&hmacsha1_ctx, (void *) &chunk_no, sizeof(uint32_t)); |
200 |
HMAC_Update(hmacsha1_ctx, (void *) &chunk_no, sizeof(uint32_t)); |
| 201 |
HMAC_Final(&hmacsha1_ctx, mdResult, &mdLen); |
201 |
HMAC_Final(hmacsha1_ctx, mdResult, &mdLen); |
| 202 |
memcpy(iv, mdResult, CIPHER_BLOCKSIZE); |
202 |
memcpy(iv, mdResult, CIPHER_BLOCKSIZE); |
| 203 |
} |
203 |
} |
| 204 |
|
204 |
|
|
Lines 212-263
void decrypt_chunk(uint8_t *ctext, uint8_t *ptext, uint32_t chunk_no) {
Link Here
|
| 212 |
/* DES3-EDE unwrap operation loosely based on to RFC 2630, section 12.6 |
212 |
/* DES3-EDE unwrap operation loosely based on to RFC 2630, section 12.6 |
| 213 |
* wrapped_key has to be 40 bytes in length. */ |
213 |
* wrapped_key has to be 40 bytes in length. */ |
| 214 |
int apple_des3_ede_unwrap_key(uint8_t *wrapped_key, int wrapped_key_len, uint8_t *decryptKey, uint8_t *unwrapped_key) { |
214 |
int apple_des3_ede_unwrap_key(uint8_t *wrapped_key, int wrapped_key_len, uint8_t *decryptKey, uint8_t *unwrapped_key) { |
| 215 |
EVP_CIPHER_CTX ctx; |
215 |
EVP_CIPHER_CTX *ctx; |
| 216 |
uint8_t *TEMP1, *TEMP2, *CEKICV; |
216 |
uint8_t *TEMP1, *TEMP2, *CEKICV; |
| 217 |
uint8_t IV[8] = { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; |
217 |
uint8_t IV[8] = { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; |
| 218 |
int outlen, tmplen, i; |
218 |
int outlen, tmplen, i; |
| 219 |
|
219 |
|
| 220 |
EVP_CIPHER_CTX_init(&ctx); |
220 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
|
|
221 |
ctx = EVP_CIPHER_CTX_new(); |
| 222 |
#else |
| 223 |
ctx = malloc(sizeof(*ctx)); |
| 224 |
#endif |
| 225 |
if (!ctx) { |
| 226 |
fprintf(stderr, "Out of memory: EVP_CIPHER_CTX!\n"); |
| 227 |
return(-1); |
| 228 |
} |
| 229 |
|
| 230 |
EVP_CIPHER_CTX_init(ctx); |
| 221 |
/* result of the decryption operation shouldn't be bigger than ciphertext */ |
231 |
/* result of the decryption operation shouldn't be bigger than ciphertext */ |
| 222 |
TEMP1 = malloc(wrapped_key_len); |
232 |
TEMP1 = malloc(wrapped_key_len); |
| 223 |
TEMP2 = malloc(wrapped_key_len); |
233 |
TEMP2 = malloc(wrapped_key_len); |
| 224 |
CEKICV = malloc(wrapped_key_len); |
234 |
CEKICV = malloc(wrapped_key_len); |
| 225 |
/* uses PKCS#7 padding for symmetric key operations by default */ |
235 |
/* uses PKCS#7 padding for symmetric key operations by default */ |
| 226 |
EVP_DecryptInit_ex(&ctx, EVP_des_ede3_cbc(), NULL, decryptKey, IV); |
236 |
EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, decryptKey, IV); |
| 227 |
|
237 |
|
| 228 |
if(!EVP_DecryptUpdate(&ctx, TEMP1, &outlen, wrapped_key, wrapped_key_len)) { |
238 |
if(!EVP_DecryptUpdate(ctx, TEMP1, &outlen, wrapped_key, wrapped_key_len)) { |
| 229 |
fprintf(stderr, "internal error (1) during key unwrap operation!\n"); |
239 |
fprintf(stderr, "internal error (1) during key unwrap operation!\n"); |
| 230 |
return(-1); |
240 |
return(-1); |
| 231 |
} |
241 |
} |
| 232 |
if(!EVP_DecryptFinal_ex(&ctx, TEMP1 + outlen, &tmplen)) { |
242 |
if(!EVP_DecryptFinal_ex(ctx, TEMP1 + outlen, &tmplen)) { |
| 233 |
fprintf(stderr, "internal error (2) during key unwrap operation!\n"); |
243 |
fprintf(stderr, "internal error (2) during key unwrap operation!\n"); |
| 234 |
return(-1); |
244 |
return(-1); |
| 235 |
} |
245 |
} |
| 236 |
outlen += tmplen; |
246 |
outlen += tmplen; |
| 237 |
EVP_CIPHER_CTX_cleanup(&ctx); |
247 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
|
|
248 |
EVP_CIPHER_CTX_reset(ctx); |
| 249 |
#else |
| 250 |
EVP_CIPHER_CTX_cleanup(ctx); |
| 251 |
#endif |
| 238 |
|
252 |
|
| 239 |
/* reverse order of TEMP3 */ |
253 |
/* reverse order of TEMP3 */ |
| 240 |
for(i = 0; i < outlen; i++) TEMP2[i] = TEMP1[outlen - i - 1]; |
254 |
for(i = 0; i < outlen; i++) TEMP2[i] = TEMP1[outlen - i - 1]; |
| 241 |
|
255 |
|
| 242 |
EVP_CIPHER_CTX_init(&ctx); |
256 |
EVP_CIPHER_CTX_init(ctx); |
| 243 |
/* uses PKCS#7 padding for symmetric key operations by default */ |
257 |
/* uses PKCS#7 padding for symmetric key operations by default */ |
| 244 |
EVP_DecryptInit_ex(&ctx, EVP_des_ede3_cbc(), NULL, decryptKey, TEMP2); |
258 |
EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, decryptKey, TEMP2); |
| 245 |
if(!EVP_DecryptUpdate(&ctx, CEKICV, &outlen, TEMP2+8, outlen-8)) { |
259 |
if(!EVP_DecryptUpdate(ctx, CEKICV, &outlen, TEMP2+8, outlen-8)) { |
| 246 |
fprintf(stderr, "internal error (3) during key unwrap operation!\n"); |
260 |
fprintf(stderr, "internal error (3) during key unwrap operation!\n"); |
| 247 |
return(-1); |
261 |
return(-1); |
| 248 |
} |
262 |
} |
| 249 |
if(!EVP_DecryptFinal_ex(&ctx, CEKICV + outlen, &tmplen)) { |
263 |
if(!EVP_DecryptFinal_ex(ctx, CEKICV + outlen, &tmplen)) { |
| 250 |
fprintf(stderr, "internal error (4) during key unwrap operation!\n"); |
264 |
fprintf(stderr, "internal error (4) during key unwrap operation!\n"); |
| 251 |
return(-1); |
265 |
return(-1); |
| 252 |
} |
266 |
} |
| 253 |
|
267 |
|
| 254 |
outlen += tmplen; |
268 |
outlen += tmplen; |
| 255 |
EVP_CIPHER_CTX_cleanup(&ctx); |
269 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
|
|
270 |
EVP_CIPHER_CTX_reset(ctx); |
| 271 |
#else |
| 272 |
EVP_CIPHER_CTX_cleanup(ctx); |
| 273 |
#endif |
| 256 |
|
274 |
|
| 257 |
memcpy(unwrapped_key, CEKICV+4, outlen-4); |
275 |
memcpy(unwrapped_key, CEKICV+4, outlen-4); |
| 258 |
free(TEMP1); |
276 |
free(TEMP1); |
| 259 |
free(TEMP2); |
277 |
free(TEMP2); |
| 260 |
free(CEKICV); |
278 |
free(CEKICV); |
|
|
279 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 280 |
EVP_CIPHER_CTX_free(ctx); |
| 281 |
#else |
| 282 |
free(ctx); |
| 283 |
#endif |
| 261 |
return(0); |
284 |
return(0); |
| 262 |
} |
285 |
} |
| 263 |
|
286 |
|
|
Lines 279-309
int unwrap_v1_header(char *passphrase, cencrypted_v1_header *header, uint8_t *ae
Link Here
|
| 279 |
int unwrap_v2_header(char *passphrase, cencrypted_v2_pwheader *header, uint8_t *aes_key, uint8_t *hmacsha1_key) { |
302 |
int unwrap_v2_header(char *passphrase, cencrypted_v2_pwheader *header, uint8_t *aes_key, uint8_t *hmacsha1_key) { |
| 280 |
/* derived key is a 3DES-EDE key */ |
303 |
/* derived key is a 3DES-EDE key */ |
| 281 |
uint8_t derived_key[192/8]; |
304 |
uint8_t derived_key[192/8]; |
| 282 |
EVP_CIPHER_CTX ctx; |
305 |
EVP_CIPHER_CTX *ctx; |
| 283 |
uint8_t *TEMP1; |
306 |
uint8_t *TEMP1; |
| 284 |
int outlen, tmplen; |
307 |
int outlen, tmplen; |
| 285 |
|
308 |
|
|
|
309 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 310 |
ctx = EVP_CIPHER_CTX_new(); |
| 311 |
#else |
| 312 |
ctx = malloc(sizeof(*ctx)); |
| 313 |
#endif |
| 314 |
if (!ctx) { |
| 315 |
fprintf(stderr, "Out of memory: EVP_CIPHER_CTX!\n"); |
| 316 |
return(-1); |
| 317 |
} |
| 318 |
|
| 286 |
PKCS5_PBKDF2_HMAC_SHA1(passphrase, strlen(passphrase), (unsigned char*)header->kdf_salt, 20, |
319 |
PKCS5_PBKDF2_HMAC_SHA1(passphrase, strlen(passphrase), (unsigned char*)header->kdf_salt, 20, |
| 287 |
PBKDF2_ITERATION_COUNT, sizeof(derived_key), derived_key); |
320 |
PBKDF2_ITERATION_COUNT, sizeof(derived_key), derived_key); |
| 288 |
|
321 |
|
| 289 |
print_hex(derived_key, 192/8); |
322 |
print_hex(derived_key, 192/8); |
| 290 |
|
323 |
|
| 291 |
EVP_CIPHER_CTX_init(&ctx); |
324 |
EVP_CIPHER_CTX_init(ctx); |
| 292 |
/* result of the decryption operation shouldn't be bigger than ciphertext */ |
325 |
/* result of the decryption operation shouldn't be bigger than ciphertext */ |
| 293 |
TEMP1 = malloc(header->encrypted_keyblob_size); |
326 |
TEMP1 = malloc(header->encrypted_keyblob_size); |
| 294 |
/* uses PKCS#7 padding for symmetric key operations by default */ |
327 |
/* uses PKCS#7 padding for symmetric key operations by default */ |
| 295 |
EVP_DecryptInit_ex(&ctx, EVP_des_ede3_cbc(), NULL, derived_key, header->blob_enc_iv); |
328 |
EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, derived_key, header->blob_enc_iv); |
| 296 |
|
329 |
|
| 297 |
if(!EVP_DecryptUpdate(&ctx, TEMP1, &outlen, header->encrypted_keyblob, header->encrypted_keyblob_size)) { |
330 |
if(!EVP_DecryptUpdate(ctx, TEMP1, &outlen, header->encrypted_keyblob, header->encrypted_keyblob_size)) { |
| 298 |
fprintf(stderr, "internal error (1) during key unwrap operation!\n"); |
331 |
fprintf(stderr, "internal error (1) during key unwrap operation!\n"); |
| 299 |
return(-1); |
332 |
return(-1); |
| 300 |
} |
333 |
} |
| 301 |
if(!EVP_DecryptFinal_ex(&ctx, TEMP1 + outlen, &tmplen)) { |
334 |
if(!EVP_DecryptFinal_ex(ctx, TEMP1 + outlen, &tmplen)) { |
| 302 |
fprintf(stderr, "internal error (2) during key unwrap operation!\n"); |
335 |
fprintf(stderr, "internal error (2) during key unwrap operation!\n"); |
| 303 |
return(-1); |
336 |
return(-1); |
| 304 |
} |
337 |
} |
| 305 |
outlen += tmplen; |
338 |
outlen += tmplen; |
| 306 |
EVP_CIPHER_CTX_cleanup(&ctx); |
339 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
|
|
340 |
EVP_CIPHER_CTX_free(ctx); |
| 341 |
#else |
| 342 |
EVP_CIPHER_CTX_cleanup(ctx); |
| 343 |
free(ctx); |
| 344 |
#endif |
| 307 |
memcpy(aes_key, TEMP1, 16); |
345 |
memcpy(aes_key, TEMP1, 16); |
| 308 |
memcpy(hmacsha1_key, TEMP1, 20); |
346 |
memcpy(hmacsha1_key, TEMP1, 20); |
| 309 |
|
347 |
|
|
Lines 446-453
int main(int argc, char *argv[]) {
Link Here
|
| 446 |
CHUNK_SIZE = v2header.blocksize; |
484 |
CHUNK_SIZE = v2header.blocksize; |
| 447 |
} |
485 |
} |
| 448 |
|
486 |
|
| 449 |
HMAC_CTX_init(&hmacsha1_ctx); |
487 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 450 |
HMAC_Init_ex(&hmacsha1_ctx, hmacsha1_key, sizeof(hmacsha1_key), EVP_sha1(), NULL); |
488 |
hmacsha1_ctx = HMAC_CTX_new(); |
|
|
489 |
#else |
| 490 |
hmacsha1_ctx = malloc(sizeof(*hmacsha1_ctx)); |
| 491 |
#endif |
| 492 |
if (!hmacsha1_ctx) { |
| 493 |
fprintf(stderr, "Out of memory: HMAC CTX!\n"); |
| 494 |
exit(1); |
| 495 |
} |
| 496 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 497 |
HMAC_CTX_reset(hmacsha1_ctx); |
| 498 |
#else |
| 499 |
HMAC_CTX_init(hmacsha1_ctx); |
| 500 |
#endif |
| 501 |
HMAC_Init_ex(hmacsha1_ctx, hmacsha1_key, sizeof(hmacsha1_key), EVP_sha1(), NULL); |
| 451 |
AES_set_decrypt_key(aes_key, CIPHER_KEY_LENGTH * 8, &aes_decrypt_key); |
502 |
AES_set_decrypt_key(aes_key, CIPHER_KEY_LENGTH * 8, &aes_decrypt_key); |
| 452 |
|
503 |
|
| 453 |
if (verbose >= 1) { |
504 |
if (verbose >= 1) { |
|
Lines 472-476
int main(int argc, char *argv[]) {
Link Here
|
| 472 |
} |
523 |
} |
| 473 |
|
524 |
|
| 474 |
if (verbose) fprintf(stderr, "%"PRIX32" chunks written\n", chunk_no); |
525 |
if (verbose) fprintf(stderr, "%"PRIX32" chunks written\n", chunk_no); |
|
|
526 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 527 |
HMAC_CTX_free(hmacsha1_ctx); |
| 528 |
#else |
| 529 |
HMAC_CTX_cleanup(hmacsha1_ctx); |
| 530 |
free(hmacsha1_ctx); |
| 531 |
#endif |
| 475 |
return(0); |
532 |
return(0); |
| 476 |
} |
533 |
} |
