001
/**
002
* Creator: WangBin, 2009-11-26
003
* For encrypt...
004
* I cant't verify those code, What the fuck 0f 3des, Make me always get the different result.Bad thing is the memory, should be careful of those free.
005
*
006
* Need To Notice: When you get the return NULL, means wrong; Remember free memory you get from the return.
007
* How To:
008
* 1.Four parameters: str1, ID, TimeStamp, 3DesKey.
009
3DesKey should be initialied as array,like "unsigned char key[24] ={0x2C, 0x7A, 0x0E, 0x98, 0xF1, 0xE0, 0x76, 0x49, 0x73, 0x15, 0xCD, 0x25, 0xE0, 0xB5, 0x43, 0xCB, 0x0E, 0x80, 0x76, 0x01, 0x7F, 0x23, 0x8A, 0x46};"(I needn't convert them). should not be a string!!
010
011
* Find some memory leaf, Be sure the proccess context is killed!
012
*/
013
014
#include <stdlib.h>
015
#include <string.h>
016
#include <stdio.h>
017
#include <XXX/base64.h>
018
#include <openssl/evp.h>
019
#include <openssl/sha.h>
020
#include <openssl/des.h>
021
#include "encrypt.h"
022
#define MAX_URL_LEN 2048
023
#define DES3_BYTE 8
024
#define DES3_PKCS7
025
026
typedef unsigned char uchar;
027
028
uchar *sha1_encode(uchar *src)
029
{
030
SHA_CTX c;
031
uchar *dest = (uchar *)malloc((SHA_DIGEST_LENGTH + 1)*sizeof(uchar));
032
memset(dest, 0, SHA_DIGEST_LENGTH + 1);
033
if(!SHA1_Init(&c))
034
{
035
free(dest);
036
return NULL;
037
}
038
SHA1_Update(&c, src, strlen(src));
039
SHA1_Final(dest,&c);
040
OPENSSL_cleanse(&c,sizeof(c));
041
return dest;
042
}
043
044
uchar *inter_string(uchar *s1, uchar *s2, uchar *s3)
045
{
046
uchar *dst, *tmp = NULL;
047
int value;
048
size_t len;
049
if(s3 != NULL)
050
{
051
len = strlen(s1) + strlen(s2) + strlen(s3) + 2;
052
#ifdef DES3_PKCS7 //PKCS7補全法,情goolge.確保3DES加密時是8的倍數
053
value = DES3_BYTE - len%DES3_BYTE;
054
if(value != 0)
055
{
056
tmp = (uchar *)malloc((value + 1)*sizeof(uchar));
057
memset(tmp, value, value);
058
memset(tmp + value, 0, 1);
059
}
060
#endif
061
len = (DES3_BYTE - len%DES3_BYTE) + len;
062
dst = (uchar *)malloc((len + 1)*sizeof(uchar));
063
memset(dst, 0, len + 1);
064
strcpy(dst, s1);
065
strcat(dst, "$");
066
strcat(dst, s2);
067
strcat(dst, "$");
068
strcat(dst, s3);
069
if(tmp != NULL)
070
strcat(dst, tmp);
071
free(tmp); //free a pointer to NULL..not a bad thing
072
}
073
else
074
{
075
len = strlen(s1) + strlen(s2) + 1;
076
len = (DES3_BYTE - len%DES3_BYTE) + len;
077
dst = (uchar *)malloc((len + 1)*sizeof(uchar));
078
memset(dst, 0, len + 1);
079
strcpy(dst, s1);
080
strcat(dst, "$");
081
strcat(dst, s2);
082
}
083
fprintf(stderr, "inter_string = %s, //////line = %dn", dst, __LINE__);
084
return dst;
085
}
086
087
int des_encode(uchar *key, uchar *iv, uchar *in, size_t len, uchar **out, int enc)
088
{
089
int ret, i, num;
090
uchar cbc_out[512];
091
uchar key1[8], key2[8], key3[8];
092
des_key_schedule ks,ks1,ks2;
093
des_cblock *iv3;
094
/************ugly to get key easily*****************/
095
memset(key1, 0, 8);
096
memset(key2, 0, 8);
097
memset(key3, 0, 8);
098
memcpy(key1, key, 8);
099
memcpy(key2, key + 8, 8);
100
memcpy(key3, key + 16, 8);
101
if ((ret = DES_set_key_checked((const_DES_cblock*)&key1, &ks)) != 0)
102
{
103
fprintf(stderr, "Key1 error %dn",ret);
104
return -1;
105
}
106
if ((ret = DES_set_key_checked((const_DES_cblock*)&key2, &ks1)) != 0)
107
{
108
fprintf(stderr, "Key2 error %dn",ret);
109
return -1;
110
}
111
if ((ret = DES_set_key_checked((const_DES_cblock*)&key3, &ks2)) != 0)
112
{
113
fprintf(stderr, "Key3 error %dn",ret);
114
return -1;
115
}
116
iv3 = (des_cblock *)malloc(strlen(iv)*sizeof(uchar));
117
memset(cbc_out,0,512);
118
memcpy(iv3,iv,strlen(iv));
119
num = len/16;
120
des_ede3_cbc_encrypt(in,cbc_out,len,ks,ks1,ks2,iv3,enc); //cbc算法
121
memcpy(*out, cbc_out, len);
122
/*
123
for(i = 0; i < num; i++)
124
des_ede3_cbc_encrypt(&(in[16*i]),&(cbc_out[16*i]),16L,ks,ks1,ks2,iv3,enc);
125
des_ede3_cbc_encrypt(&(in[16*i]),&(cbc_out[16*i]),len - num*16,ks,ks1,ks2,iv3,enc); //16位加密
126
*/
127
for(i=0 ; i < len ; i++)
128
printf(" %02x",cbc_out[i]);
129
printf("n");
130
free(iv3);
131
return 0;
132
}
133
/*======================================================================
134
I dont't know what about base64+sha1
135
we use the sha1-array or a new char * from the sha1-array
136
whatever I do the char charges with ugly code
137
=======================================================================*/
138
uchar *split_byte(uchar *src, size_t len)
139
{
140
int i;
141
uchar tmp, tmp1;
142
uchar *dest = (uchar *)malloc((len + 1)*sizeof(uchar));
143
memset(dest, 0, len + 1);
144
for(i = 0; i < len/2; i++)
145
sprintf(dest + i*2,"%02x",src[i] & 0x000000ff);
146
fprintf(stderr, "function = %s, ////dest = %s, //////line = %dn", __FUNCTION__, dest, __LINE__);
147
}
148
149
uchar *encrypt_JST(uchar *ID, uchar *str1, uchar *TimeStamp, uchar * key, uchar *iv)
150
{
151
int ret, i;
152
size_t len;
153
uchar *sha1, *sha_str, *digest, *digest1, *encrypt;
154
uchar *des3, *src, *url_str, *url;
155
src = inter_string(str1, TimeStamp, NULL);
156
sha1 = sha1_encode(src);
157
if(!sha1)
158
{
159
free(src);
160
return NULL;
161
}
162
len = strlen(sha1);
163
#ifdef CONVERT_T_STR
164
sha_str = split_byte(sha1, len*2);
165
ret = base64_encode_alloc(sha_str, len*2, &digest);
166
#else
167
ret = base64_encode_alloc(sha1, len, &digest);
168
#endif
169
if(!ret)
170
{
171
free(src);
172
free(sha1);
173
#ifdef CONVERT_T_STR
174
free(sha_str);
175
#endif
176
return NULL;
177
encrypt = (uchar *)malloc(len*sizeof(uchar));
178
memset(encrypt, 0, len);
179
if(des_encode(key, iv, des3, len, &encrypt, DES_ENCRYPT))
180
{
181
free(src);
182
free(sha1);
183
#ifdef CONVERT_T_STR
184
free(sha_str);
185
#endif
186
free(des3);
187
free(digest);
188
free(encrypt);
189
return NULL;
190
}
191
ret = base64_encode_alloc(encrypt, len, &digest1);
192
if(!ret)
193
{
194
free(src);
195
free(sha1);
196
#ifdef CONVERT_T_STR
197
free(sha_str);
198
#endif
199
free(des3);
200
free(digest);
201
free(encrypt);
202
return NULL;
203
}
204
fprintf(stderr, "digest1= %s, ////////line = %dn", digest1, __LINE__);
205
url_str = inter_string(ID, digest1, NULL);
206
207
url = (uchar *)malloc(MAX_URL_LEN * sizeof(uchar));
208
url_encode(url_str, url, MAX_URL_LEN - 1);
209
fprintf(stderr, "ur = %s, ///////line = %dn", url, __LINE__);
210
free(src);
211
free(sha1);
212
#ifdef CONVERT_T_STR
213
free(sha_str);
214
#endif
215
free(des3);
216
free(digest);
217
free(encrypt);
218
free(digest1);
219
free(url_str);
220
return url;
221
}
