1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
/*
Copyright (C) 2018 Carl Hetherington <cth@carlh.net>
This file is part of DCP-o-matic.
DCP-o-matic is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
DCP-o-matic is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with DCP-o-matic. If not, see <http://www.gnu.org/licenses/>.
*/
/* Based on code from https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption */
#include "crypto.h"
#include "exceptions.h"
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <boost/scoped_array.hpp>
using std::string;
using boost::shared_array;
using namespace dcpomatic;
/** The cipher that this code uses */
#define CIPHER EVP_aes_256_cbc()
dcp::Data
dcpomatic::random_iv ()
{
EVP_CIPHER const * cipher = CIPHER;
dcp::Data iv (EVP_CIPHER_iv_length(cipher));
RAND_bytes (iv.data().get(), iv.size());
return iv;
}
dcp::Data
dcpomatic::encrypt (string plaintext, dcp::Data key, dcp::Data iv)
{
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new ();
if (!ctx) {
throw CryptoError ("could not create cipher context");
}
int r = EVP_EncryptInit_ex (ctx, CIPHER, 0, key.data().get(), iv.data().get());
if (r != 1) {
throw CryptoError ("could not initialise cipher context for encryption");
}
dcp::Data ciphertext (plaintext.size() * 2);
int len;
r = EVP_EncryptUpdate (ctx, ciphertext.data().get(), &len, (uint8_t const *) plaintext.c_str(), plaintext.size());
if (r != 1) {
throw CryptoError ("could not encrypt data");
}
int ciphertext_len = len;
r = EVP_EncryptFinal_ex (ctx, ciphertext.data().get() + len, &len);
if (r != 1) {
throw CryptoError ("could not finish encryption");
}
ciphertext.set_size (ciphertext_len + len);
EVP_CIPHER_CTX_free (ctx);
return ciphertext;
}
string
dcpomatic::decrypt (dcp::Data ciphertext, dcp::Data key, dcp::Data iv)
{
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new ();
if (!ctx) {
throw CryptoError ("could not create cipher context");
}
int r = EVP_DecryptInit_ex (ctx, CIPHER, 0, key.data().get(), iv.data().get());
if (r != 1) {
throw CryptoError ("could not initialise cipher context for decryption");
}
dcp::Data plaintext (ciphertext.size() * 2);
int len;
r = EVP_DecryptUpdate (ctx, plaintext.data().get(), &len, ciphertext.data().get(), ciphertext.size());
if (r != 1) {
throw CryptoError ("could not decrypt data");
}
int plaintext_len = len;
r = EVP_DecryptFinal_ex (ctx, plaintext.data().get() + len, &len);
if (r != 1) {
throw CryptoError ("could not finish decryption");
}
plaintext_len += len;
plaintext.set_size (plaintext_len + 1);
plaintext.data().get()[plaintext_len] = '\0';
EVP_CIPHER_CTX_free (ctx);
return string ((char *) plaintext.data().get());
}
int
dcpomatic::crypto_key_length ()
{
return EVP_CIPHER_key_length (CIPHER);
}
|
