[sr-dev] git:master:40d92899: crypto: saved functions in crypto_aes.c

Daniel-Constantin Mierla miconda at gmail.com
Tue Jun 2 11:06:38 CEST 2020


Module: kamailio
Branch: master
Commit: 40d9289977b97becc4d4bd948bcde57ea320cf0e
URL: https://github.com/kamailio/kamailio/commit/40d9289977b97becc4d4bd948bcde57ea320cf0e

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2020-06-02T07:57:34+02:00

crypto: saved functions in crypto_aes.c

---

Modified: src/modules/crypto/crypto_aes.c

---

Diff:  https://github.com/kamailio/kamailio/commit/40d9289977b97becc4d4bd948bcde57ea320cf0e.diff
Patch: https://github.com/kamailio/kamailio/commit/40d9289977b97becc4d4bd948bcde57ea320cf0e.patch

---

diff --git a/src/modules/crypto/crypto_aes.c b/src/modules/crypto/crypto_aes.c
index 9573c7264d..777d43502b 100644
--- a/src/modules/crypto/crypto_aes.c
+++ b/src/modules/crypto/crypto_aes.c
@@ -19,3 +19,122 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  */
 
+/**
+ * Create an 256 bit key and IV using the supplied key_data and salt.
+ * Fills in the encryption and decryption ctx objects and returns 0 on success
+ */
+int crypto_aes_init(unsigned char *key_data, int key_data_len,
+		unsigned char *salt, EVP_CIPHER_CTX *e_ctx, EVP_CIPHER_CTX *d_ctx)
+{
+	int i, nrounds = 5;
+	int x;
+	unsigned char key[32], iv[32];
+
+	/*
+	 * Gen key & IV for AES 256 CBC mode. A SHA1 digest is used to hash
+	 * the supplied key material.
+	 * nrounds is the number of times the we hash the material. More rounds
+	 * are more secure but slower.
+	 */
+	i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt,
+			key_data, key_data_len, nrounds, key, iv);
+	if (i != 32) {
+		LM_ERR("key size is %d bits - should be 256 bits\n", i);
+		return -1;
+	}
+
+	for(x = 0; x<32; ++x)
+		LM_DBG("key: %x iv: %x \n", key[x], iv[x]);
+
+	for(x = 0; x<8; ++x)
+		LM_DBG("salt: %x\n", salt[x]);
+
+	if(e_ctx) {
+		EVP_CIPHER_CTX_init(e_ctx);
+		EVP_EncryptInit_ex(e_ctx, EVP_aes_256_cbc(), NULL, key, iv);
+	}
+	if(d_ctx) {
+		EVP_CIPHER_CTX_init(d_ctx);
+		EVP_DecryptInit_ex(d_ctx, EVP_aes_256_cbc(), NULL, key, iv);
+	}
+
+	return 0;
+}
+
+/*
+ * Encrypt *len bytes of data
+ * All data going in & out is considered binary (unsigned char[])
+ */
+unsigned char *crypto_aes_encrypt(EVP_CIPHER_CTX *e, unsigned char *plaintext,
+		int *len)
+{
+	/* max ciphertext len for a n bytes of plaintext is
+	 * n + AES_BLOCK_SIZE -1 bytes */
+	int c_len = *len + AES_BLOCK_SIZE - 1, f_len = 0;
+	unsigned char *ciphertext = (unsigned char *)malloc(c_len);
+
+	if(ciphertext == NULL) {
+		LM_ERR("no more system memory\n");
+		return NULL;
+	}
+	/* allows reusing of 'e' for multiple encryption cycles */
+	if(!EVP_EncryptInit_ex(e, NULL, NULL, NULL, NULL)){
+		LM_ERR("failure in EVP_EncryptInit_ex \n");
+		free(ciphertext);
+		return NULL;
+	}
+
+	/* update ciphertext, c_len is filled with the length of ciphertext
+	 * generated, *len is the size of plaintext in bytes */
+	if(!EVP_EncryptUpdate(e, ciphertext, &c_len, plaintext, *len)){
+		LM_ERR("failure in EVP_EncryptUpdate \n");
+		free(ciphertext);
+		return NULL;
+	}
+
+	/* update ciphertext with the final remaining bytes */
+	if(!EVP_EncryptFinal_ex(e, ciphertext+c_len, &f_len)){
+		LM_ERR("failure in EVP_EncryptFinal_ex \n");
+		free(ciphertext);
+		return NULL;
+	}
+
+	*len = c_len + f_len;
+	return ciphertext;
+}
+
+/*
+ * Decrypt *len bytes of ciphertext
+ */
+unsigned char *crypto_aes_decrypt(EVP_CIPHER_CTX *e, unsigned char *ciphertext,
+		int *len)
+{
+	/* plaintext will always be equal to or lesser than length of ciphertext*/
+	int p_len = *len, f_len = 0;
+	unsigned char *plaintext = (unsigned char *)malloc(p_len);
+
+	if(plaintext==NULL) {
+		LM_ERR("no more system memory\n");
+		return NULL;
+	}
+	if(!EVP_DecryptInit_ex(e, NULL, NULL, NULL, NULL)){
+		LM_ERR("failure in EVP_DecryptInit_ex \n");
+		free(plaintext);
+		return NULL;
+	}
+
+	if(!EVP_DecryptUpdate(e, plaintext, &p_len, ciphertext, *len)){
+		LM_ERR("failure in EVP_DecryptUpdate\n");
+		free(plaintext);
+		return NULL;
+	}
+
+	if(!EVP_DecryptFinal_ex(e, plaintext+p_len, &f_len)){
+		LM_ERR("failure in EVP_DecryptFinal_ex\n");
+		free(plaintext);
+		return NULL;
+	}
+
+	*len = p_len + f_len;
+	return plaintext;
+}
\ No newline at end of file




More information about the sr-dev mailing list