unsigned char *bf_str_encrypt(unsigned char * str)
{
if(!strlen(str))
return ".";
unsigned char *ptr=str;
unsigned char *encrypt=(unsigned char *)malloc(sizeof(char)*512);
unsigned char *tmp=(unsigned char *)malloc(sizeof(char)*9);
unsigned char *out = calloc(9, sizeof(unsigned char *));
BF_KEY *key = calloc(9, 9);
BF_set_key(key, SIZE, (const unsigned char*)"TestKey" );
unsigned int jmp=0,counter=0;
bzero(encrypt,512);
while(*ptr != '\0' && counter != 512)
{
*(tmp+jmp)=*ptr;
if(jmp==7)
{
BF_ecb_encrypt(tmp, out, key, BF_ENCRYPT);
strcat(encrypt,out);
bzero(out,9);
bzero(tmp,9);
jmp=-1;
}
ptr++;
jmp++;
counter++;
}
if(strlen(tmp)<=8)
{
bzero(out,9);
while(strlen(tmp)<7)
strcat(tmp,".");
BF_ecb_encrypt(tmp, out, key, BF_ENCRYPT);
strcat(encrypt,out);
}
bzero(out,9);
bzero(tmp,9);
if(out)
free(out);
if(tmp)
free(tmp);
fprintf(stdout,"Result %s\n",encrypt);
return encrypt;
}
int main(void)
{
int i;
BF_KEY key;
BIO* bio_out;
static unsigned char key_data[BF_KEY_LENGTH] = {
0x52,0x69,0xf1,0x49,0xd4,0x1b,0xa0,0x15,
0x24,0x97,0x57,0x4d,0x7f,0x15,0x31,0x25
};
unsigned char ciphertext[BF_BLOCK];
unsigned char plaintext[BF_BLOCK];
/* Open SSL's DES ECB encrypt/decrypt function only handles 8 bytes of data */
char* data_to_encrypt = "8 Bytes.";
/* set the key structure using the predefined key */
BF_set_key(&key, BF_KEY_LENGTH, key_data);
BF_ecb_encrypt(data_to_encrypt, ciphertext, &key, BF_ENCRYPT);
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
BIO_printf(bio_out, "Original plaintext: %s\n", data_to_encrypt);
BIO_printf(bio_out, "Ciphertext: ");
/* print out the ciphertext */
for (i = 0; i < BF_BLOCK; i++)
BIO_printf(bio_out, "%02x", ((unsigned char*)ciphertext)[i]);
BIO_printf(bio_out, "\n");
/* start the decryption process */
BF_ecb_encrypt(ciphertext, plaintext, &key, BF_DECRYPT);
BIO_printf(bio_out, "Recovered plaintext: ");
/* print out the plaintext */
for (i = 0; i < BF_BLOCK; i++)
BIO_printf(bio_out, "%c", ((unsigned char*)plaintext)[i]);
BIO_printf(bio_out, "\n");
BIO_free(bio_out);
free(ciphertext);
free(plaintext);
return 0;
}
unsigned char *bf_str_decrypt(unsigned char * str)
{
if(!strlen(str))
return ".";
unsigned char *ptr=str;
unsigned char *decrypt=(unsigned char *)malloc(sizeof(char)*512);
unsigned char *tmp=(unsigned char *)malloc(sizeof(char)*9);
unsigned char *out = calloc(9, sizeof(unsigned char *));
BF_KEY *key = calloc(9, 9);
BF_set_key(key, SIZE, (const unsigned char*)"TestKey" );
unsigned int jmp=0,counter=0;
bzero(decrypt,512);
while(*ptr != '\0' && counter != 511)
{
*(tmp+jmp)=*ptr;
if(jmp==7)
{
BF_ecb_encrypt(tmp, out, key, BF_DECRYPT);
strcat(decrypt,out);
bzero(out,9);
bzero(tmp,9);
jmp=-1;
}
ptr++;
jmp++;
counter++;
}
if( jmp > 0 && jmp < 8)
{
BF_ecb_encrypt(tmp, out, key, BF_DECRYPT);
strcat(decrypt,out);
}
bzero(out,9);
bzero(tmp,9);
if(out)
free(out);
if(tmp)
free(tmp);
return decrypt;
}
void SRNG_bytes(
struct SRNG_st *st,
void *buf,
unsigned int n)
{
unsigned char *out = buf, *src, *dst;
while(1) {
/*
* this swaps src and dst to point to differenct halves of st->rnd on
* each iteration. st->idx is either 0 or BLOCK_SIZE. it is initialized
* to 0 in SRNG_init.
*/
src = st->rnd + st->idx;
dst = st->rnd + (BLOCK_SIZE - st->idx);
st->idx = BLOCK_SIZE - st->idx;
BF_ecb_encrypt(src, dst, &st->key, BF_ENCRYPT);
if(n < BLOCK_SIZE) {
memcpy(out, dst, n);
break;
}
memcpy(out, dst, BLOCK_SIZE);
n -= BLOCK_SIZE; out += BLOCK_SIZE;
}
}
/*
* Check if strong crypto is supported. Some openssl installations
* support only short keys and unfortunately BF_set_key does not return any
* error value. This function tests if is possible to use strong key.
*/
static int
bf_check_supported_key_len(void)
{
static const uint8 key[56] = {
0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69,
0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, 0x00, 0x11, 0x22, 0x33,
0x44, 0x55, 0x66, 0x77, 0x04, 0x68, 0x91, 0x04, 0xc2, 0xfd,
0x3b, 0x2f, 0x58, 0x40, 0x23, 0x64, 0x1a, 0xba, 0x61, 0x76,
0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff
};
static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53};
static uint8 out[8];
BF_KEY bf_key;
/* encrypt with 448bits key and verify output */
BF_set_key(&bf_key, 56, key);
BF_ecb_encrypt(data, out, &bf_key, BF_ENCRYPT);
if (memcmp(out, res, 8) != 0)
return 0; /* Output does not match -> strong cipher is
* not supported */
return 1;
}
/* Returned string must be freed when done with it! */
int encrypt_string(const char *key, const char *str, char *dest, int len)
{
BF_KEY bf_key;
if ( !key || !key[0] )
return 0;
BF_set_key(&bf_key, strlen(key), (const unsigned char *)key);
while( len > 0 ) {
const size_t blocksize = len < 8 ? len : BF_BLOCK;
unsigned char block[BF_BLOCK] = {0}; /* pad with zero */
uint32_t v;
size_t i;
memcpy(block, str, blocksize);
BF_ecb_encrypt(block, block, &bf_key, BF_ENCRYPT);
for(v = load32_be(block + 4), i = 0; i < 6; ++i) {
*dest++ = B64[v&0x3f];
v >>= 6;
}
for(v = load32_be(block + 0), i = 0; i < 6; ++i) {
*dest++ = B64[v&0x3f];
v >>= 6;
}
len -= blocksize;
str += blocksize;
}
*dest++ = 0;
return 1;
}
//-------------------------------------------------------------------------------------
int KBEBlowfish::decrypt( const unsigned char * src, unsigned char * dest,
int length )
{
if (length % BLOCK_SIZE != 0)
{
ERROR_MSG(fmt::format("Blowfish::decrypt:"
"Input stream size ({}) is not a multiple of the block size ({})\n",
length, (int)(BLOCK_SIZE)));
return -1;
}
uint64 * pPrevBlock = NULL;
for (int i=0; i < length; i += BLOCK_SIZE)
{
BF_ecb_encrypt(src + i, dest + i, this->pBlowFishKey(), BF_DECRYPT);
if (pPrevBlock)
{
*(uint64*)(dest + i) ^= *pPrevBlock;
}
pPrevBlock = (uint64*)(dest + i);
}
return length;
}
//-------------------------------------------------------------------------------------
int KBEBlowfish::encrypt( const unsigned char * src, unsigned char * dest,
int length )
{
// BLOCK_SIZEµÄÕûÊý±¶
if(length % BLOCK_SIZE != 0)
{
CRITICAL_MSG(fmt::format("Blowfish::encrypt: "
"Input length ({}) is not a multiple of block size ({})\n",
length, (int)(BLOCK_SIZE)));
}
uint64 * pPrevBlock = NULL;
for (int i=0; i < length; i += BLOCK_SIZE)
{
if (pPrevBlock)
{
*(uint64*)(dest + i) = *(uint64*)(src + i) ^ (*pPrevBlock);
}
else
{
*(uint64*)(dest + i) = *(uint64*)(src + i);
}
BF_ecb_encrypt(dest + i, dest + i, this->pBlowFishKey(), BF_ENCRYPT);
pPrevBlock = (uint64*)(src + i);
}
return length;
}
void BlowfishFilter::encrypt(uint8 *buf, MessageLengthEx len)
{
if (len % BLOCK_SIZE != 0)
{
ERROR_MSG("BlowfishFilter::encrypt: Input length (%d) is not a multiple of block size ", len);
return;
}
uint8* data = buf;
uint64 prevBlock = 0;
for (uint32 i = 0; i < len; i += BLOCK_SIZE)
{
if (prevBlock != 0)
{
uint64 oldValue = *(uint64*)(data + i);
*(uint64*)(data + i) = *(uint64*)(data + i) ^ (prevBlock);
prevBlock = oldValue;
}
else
{
prevBlock = *(uint64*)(data + i);
}
BF_ecb_encrypt(data + i, data + i, this->pBlowFishKey(), BF_ENCRYPT);
}
}
void makeEncryptKey(CFStringRef pass)
{
UInt32 passLen;
unsigned char *passData;
SecKeychainItemRef itemRef=NULL;
SecKeychainRef sysChain;
OSStatus secRes;
BF_KEY temp_key;
unsigned char encrypt_key[8];
if ((secRes = SecKeychainOpen(SYSTEM_KEYCHAIN, &sysChain)) != 0)
{
syslog(LOG_ERR,"Couldn't get system keychain: %d\n",secRes);
exit(-1);
}
if ((secRes = SecKeychainFindGenericPassword(sysChain, strlen(SECRET_SERVICENAME), SECRET_SERVICENAME, 0, NULL, &passLen, (void**)&passData, &itemRef))!=0)
{
syslog(LOG_ERR,"Error finding secret in keychain (%d). Failing",secRes);
exit(-1);
}
BF_set_key(&temp_key,passLen,passData);
BF_ecb_encrypt((const unsigned char*)CFStringGetCStringPtr(pass,CFStringGetFastestEncoding(pass)),encrypt_key,&temp_key,BF_ENCRYPT);
BF_set_key(&encrypt_bf_key,8,encrypt_key);
return;
}
static int
esp_blowfish_blockencrypt(const struct esp_algorithm *algo,
struct secasvar *sav, u_int8_t *s, u_int8_t *d)
{
BF_ecb_encrypt(s, d, (BF_KEY *)sav->sched, 1);
return 0;
}
void Blowfish::crypt(unsigned char * data, size_t len, MODE mode) const {
unsigned char * _data = new unsigned char[BLOCK_LENGHT];
for (int i = 0; i < len; i+=BLOCK_LENGHT) {
BF_ecb_encrypt(data + i, _data, m_key, mode == ENCRYPT ? BF_ENCRYPT : BF_DECRYPT);
memcpy(data + i, _data, BLOCK_LENGHT);
}
delete [] _data;
}
static int test_bf_ecb(int n)
{
int ret = 1;
BF_KEY key;
unsigned char out[8];
BF_set_key(&key, 8, ecb_data[n]);
BF_ecb_encrypt(&(plain_data[n][0]), out, &key, BF_ENCRYPT);
if (!TEST_mem_eq(&(cipher_data[n][0]), BF_BLOCK, out, BF_BLOCK))
ret = 0;
BF_ecb_encrypt(out, out, &key, BF_DECRYPT);
if (!TEST_mem_eq(&(plain_data[n][0]), BF_BLOCK, out, BF_BLOCK))
ret = 0;
return ret;
}
void decrypt_chal(char *chal, char *pwd)
{
register int i;
BF_KEY key;
BF_set_key(&key, 16, MD5(pwd,strlen(pwd),NULL));
for(i=0; i < VTUN_CHAL_SIZE; i += 8 )
BF_ecb_encrypt(chal + i, chal + i, &key, BF_DECRYPT);
}
int main()
{
unsigned char *in = (unsigned char *)"TestData";
unsigned char *out = calloc(1024, sizeof(unsigned char *));
unsigned char *out2 = calloc(1024, sizeof(unsigned char *));
unsigned char *out3 = calloc(1024, sizeof(unsigned char *));
BF_KEY *key = calloc(256, 256);
/* set up a test key */
BF_set_key(key, SIZE, (const unsigned char*)"TestKey" );
/* test out encryption */
BF_ecb_encrypt(in, out, key, BF_ENCRYPT);
printf("%s\n", out);
/* test out decryption */
BF_ecb_encrypt(out, out2, key, BF_DECRYPT);
printf("%s\n", out2);
// printf ("result %s \n",bf_str_encrypt("Linux"));
unsigned char *out4=bf_str_encrypt("seu madruga na vila");
printf ("result %s \n",out4);
puts("OK!");
unsigned char *out5=bf_str_decrypt(out4);
printf ("result decrypt %s \n",out5);
if(out)
free(out);
if(out2)
free(out2);
if(out4)
free(out4);
if(out5)
free(out5);
return 0;
}
static int
bf_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
{
unsigned bs = gen_ossl_block_size(c),
i;
ossldata *od = c->ptr;
for (i = 0; i < dlen / bs; i++)
BF_ecb_encrypt(data + i * bs, res + i * bs, &od->u.bf.key, BF_DECRYPT);
return 0;
}
void write_buffer(CFStringRef inData)
{
#ifdef DEBUG
syslog(LOG_ERR,"Writing buffer to file.");
#endif
if (CFWriteStreamGetStatus(logStream)!=kCFStreamStatusOpen)
{
CFWriteStreamSetProperty(logStream,kCFStreamPropertyAppendToFile,kCFBooleanTrue);
CFWriteStreamOpen(logStream);
}
if (!CFBooleanGetValue(doEncrypt))
{
CFWriteStreamWrite(logStream,(const UInt8*)CFStringGetCStringPtr(inData,CFStringGetFastestEncoding(inData)),CFStringGetLength(inData));
return;
}
int buff_pos = 0;
while (1)
{
int avail_space = 8-CFDataGetLength(encrypt_buffer); //space rem in buffer
int rem_to_copy = CFStringGetLength(inData)-buff_pos; //stuff in data that needs to be copied
int to_copy = rem_to_copy<avail_space?rem_to_copy:avail_space; //amount left to encryp, or avail space
if (avail_space)
{
UInt8 tmp_buff[8];
CFStringGetBytes(inData,CFRangeMake(buff_pos,to_copy),kCFStringEncodingNonLossyASCII,0,false,tmp_buff,8,NULL);
CFDataAppendBytes(encrypt_buffer,tmp_buff,to_copy);
avail_space -= to_copy;
if (avail_space>0) // small buffer? still space left?
break;
buff_pos += to_copy; //move along the buffer
}
UInt8 enc_buff[8];
BF_ecb_encrypt(CFDataGetBytePtr(encrypt_buffer),enc_buff,&encrypt_bf_key,BF_ENCRYPT);
CFWriteStreamWrite(logStream,enc_buff,8);
CFDataDeleteBytes(encrypt_buffer,CFRangeMake(0,8));
if (buff_pos==CFStringGetLength(inData)) //just in case buffer happens to fit perfectly
break;
}
return;
}
static int test_bf_set_key(int n)
{
int ret = 1;
BF_KEY key;
unsigned char out[8];
BF_set_key(&key, n+1, key_test);
BF_ecb_encrypt(key_data, out, &key, BF_ENCRYPT);
/* mips-sgi-irix6.5-gcc vv -mabi=64 bug workaround */
if (!TEST_mem_eq(out, 8, &(key_out[n][0]), 8))
ret = 0;
return ret;
}
static void bf_chunk(unsigned char *dst, const unsigned char *src,
const unsigned char *secret, int enc)
{
BF_KEY bf_key;
int i;
BF_set_key(&bf_key, CHUNK_SIZE, secret);
/* BF_ecb_encrypt works with 64bits at a time */
for (i = 0; i < CHUNK_SIZE/8; i ++) {
BF_ecb_encrypt(src, dst, &bf_key, enc);
src += 8;
dst += 8;
}
}
int
decrypt_string (const char *key, const char *str, char *dest, int len)
{
BF_KEY bf_key;
uint32_t v;
size_t i;
/* Pad encoded string with 0 bits in case it's bogus */
if (!key || !key[0])
return 0;
/* length must be a multiple of BF_BLOCK encoded in base64 */
if (len % (BF_BLOCK * 6 / 4) != 0)
return 0;
BF_set_key (&bf_key, strlen (key), (const unsigned char *) key);
while (len > 0)
{
unsigned char block[BF_BLOCK] = { 0 };
for (i = v = 0; i < 6; ++i)
v |= base64dec (*str++) << (i * 6);
store32_be (block + 4, v);
for (i = v = 0; i < 6; ++i)
v |= base64dec (*str++) << (i * 6);
store32_be (block + 0, v);
BF_ecb_encrypt (block, block, &bf_key, BF_DECRYPT);
memcpy (dest, block, BF_BLOCK);
dest += BF_BLOCK;
len -= BF_BLOCK * 6 / 4;
}
*dest++ = 0;
return 1;
}
int main()
{
unsigned char outbuf[1024] = {0};
int outlen = 1024;
const unsigned char key[] = {0x6B, 0x60, 0xCB, 0x5B, 0x82, 0xCE, 0x90, 0xB1, 0xCC, 0x2B, 0x6C, 0x55, 0x6C, 0x6C, 0x6C, 0x6C};
unsigned char intext[] = {0xb2, 0xfb, 0xda, 0x4f, 0xc9, 0x23, 0x47, 0xa0, 0x10, 0xb3, 0x37, 0x67, 0x9b, 0x2f,\
0xb4, 0x3e, 0x69, 0xb7, 0x13, 0xef, 0x6b, 0x5c, 0xd0, 0xb9, 0x16, 0x1c, 0x71, 0x5d, 0x0a, 0x0d,\
0x96, 0x9b, 0x09, 0x3e, 0x3f, 0xd9, 0x42, 0x82, 0xc6, 0x54, 0xd7, 0x9b, 0x5f, 0x10, 0x1d, 0xdb,\
0x26, 0xa0, 0x6d, 0x7d, 0xcd, 0xcc, 0xf8, 0x01, 0xfc, 0xd8, 0x43, 0xf6, 0xdd, 0xc0, 0x9c, 0x41,\
0x98, 0xc8, 0x0c, 0x94, 0x87, 0x44, 0xf7, 0xc3, 0xf7, 0xba, 0xf3, 0xc9, 0x46, 0x45, 0xd0, 0x49,\
0xde, 0x4d, 0x33, 0xee, 0x6b, 0x3a, 0x8c, 0x18, 0xce, 0xe0, 0x82, 0x97, 0x4c, 0xd8, 0x91, 0xf7,\
0xdf, 0xbe, 0x7c, 0xf6, 0x59, 0x2c, 0xee, 0x5a, 0x95, 0xb3, 0xcd, 0xeb, 0x86, 0xa0, 0xd9, 0x05,\
0x16, 0x41, 0xa3, 0x90, 0x58, 0xcf, 0x0d, 0xba, 0x87, 0x90, 0x91, 0xe6, 0x08, 0xfd, 0xbc, 0x6d,\
0xff, 0x51, 0xcf, 0xe0, 0xf9, 0xc6, 0x71, 0x3b, 0xa0, 0xcc, 0x14, 0x3d, 0x46, 0x79, 0xd4, 0x9b,\
0x0c, 0x37, 0x01, 0x77, 0x99, 0x87, 0xcc, 0x6c, 0x25, 0x01, 0x31, 0x01, 0xea, 0xfc, 0xac, 0xe1,\
0x57, 0x4d, 0xa5, 0xa2, 0xda, 0xa3, 0x98, 0xc4, 0x83, 0x7a, 0x72, 0x8c, 0xcb, 0x52, 0xbd, 0x16,\
0x1c, 0x77, 0xb6, 0x7c, 0x52, 0xf7, 0x72, 0xab, 0xee, 0xba, 0x56, 0xb5, 0x76, 0xbf, 0xfa, 0xc5,\
0x6c, 0xe6};
int inlen = sizeof(intext);
printf("keylen= %d\n", sizeof(key));
printf("inlen = %d\n", inlen);
BF_KEY bf_key;
BF_set_key(&bf_key, sizeof(key), key);
unsigned int temp[2] = {0};
for (int i = 0; i < inlen; i += 8)
{
temp[0] = GetInt32BE(&intext[i]);
temp[1] = GetInt32BE(&intext[i+4]);
BF_ecb_encrypt((unsigned char*)&temp, &outbuf[i], &bf_key, BF_DECRYPT);
}
outlen = inlen;
int i = 0;
while (i < outlen)
{
printf("%02X ", outbuf[i]);
i++;
if (i % 16 == 0) printf("\n");
}
printf("\n");
int ecx = GetInt32BE(&outbuf[outlen-4]);
*(int*)(&outbuf[outlen-4]) = ecx;
int edx = 0;
for (int i = outlen-8; i >= 0; i-=4)
{
edx = GetInt32BE(&outbuf[i]);
edx ^= ecx;
ecx -= edx;
*(int*)(&outbuf[i]) = edx;
}
i = 0;
while (i < outlen)
{
printf("%02X ", outbuf[i]);
i++;
if (i % 16 == 0) printf("\n");
}
printf("\n");
return 0;
}
bool AuthenticateBlowfish(const CString& sLine) {
/* Encrypt our sasl password with blowfish
*
* Our response should look something like:
*
* base64(
* our public key length (2 bytes)
* our public key
* sasl username + \0
* blowfish(
* sasl password
* )
* )
*/
CString::size_type length;
/* Our DH params */
DHCommon dh;
if (!dh.ParseDH(sLine))
return false;
// TODO for passwords with length 8, 16, 24, 32, etc. this will have 8 additional zero bytes at the end...
// But it works when treated as null-terminated string anyway, and if it works I don't want to touch it right now.
CString::size_type password_length = GetNV("password").size() + (8 - (GetNV("password").size() % 8));
unsigned char *encrypted_password = (unsigned char *)malloc(password_length);
char *plaintext_password = (char *)malloc(password_length);
memset(encrypted_password, 0, password_length);
memset(plaintext_password, 0, password_length);
memcpy(plaintext_password, GetNV("password").c_str(), GetNV("password").size());
BF_KEY key;
BF_set_key(&key, dh.key_size, dh.secret);
char *out_ptr = (char *)encrypted_password;
char *in_ptr = (char *)plaintext_password;
for (length = password_length; length; length -= 8, in_ptr += 8, out_ptr += 8) {
BF_ecb_encrypt((unsigned char *)in_ptr, (unsigned char *)out_ptr, &key, BF_ENCRYPT);
}
free(plaintext_password);
/* Build our response */
length = 2 + BN_num_bytes(dh.dh->pub_key) + password_length + GetNV("username").size() + 1;
char *response = (char *)malloc(length);
out_ptr = response;
/* Add our key to the response */
uint16_t size16 = htons((uint16_t)BN_num_bytes(dh.dh->pub_key));
memcpy(out_ptr, &size16, sizeof(size16));
out_ptr += 2;
BN_bn2bin(dh.dh->pub_key, (unsigned char *)out_ptr);
out_ptr += BN_num_bytes(dh.dh->pub_key);
/* Add sasl username to response */
memcpy(out_ptr, GetNV("username").c_str(), GetNV("username").length() + 1); // +1 for zero byte in the end
out_ptr += GetNV("username").length() + 1;
/* Finally add the encrypted password to the response */
memcpy(out_ptr, encrypted_password, password_length);
free(encrypted_password);
/* Base 64 encode and send! */
PutIRC("AUTHENTICATE " + CString((const char *)response, length).Base64Encode_n());
free(response);
return true;
}
string PacketCenter::process_encryption(PacketType type, PacketType translation)
{
PacketType other_type = type == ENCRYPTED ? DECRYPTED : ENCRYPTED;
HungryVector<Packet*>* read = &packets[type];
HungryVector<Packet*>* write = &packets[other_type];
/* Guard against repeated calls, and makes sure that a key
* was handed to this object.
*/
if (_key == 0 || processed[other_type]) return "";
/* Determine how many packets we'll be sending for encryption. */
int num_to_process = read->size();
/* Iterate over the packets we've created */
for (int i = 0; i < num_to_process; i++)
{
/* Allocate memory for the CharArray that will hold the
* encrypted ciphertext.
*/
CharArray out = (CharArray) calloc(Packet::SIZE+1, sizeof(char));
/* Extract the CharArray from the packet to be encrypted. */
CharArray in = read->at(i)->getData();
/* Send the data for encryption at last! */
BF_ecb_encrypt (in, out, _key, (int) other_type);
/* As always, trim the vector we've created to guard against extra
* data mucking things up, and make sure that we are not allowed
* to call this method again.
*/
write->add(new Packet(out));
}
write->trim();
std::stringstream strm;
int num_packets = write->size();
for (int i = 0; i < num_packets; i++)
{
string str;
if (other_type == ENCRYPTED)
{
str = write->at(i)->int_str();
}
else
{
str = write->at(i)->str();
}
int len = str.length();
for (int c =0; c < len; c++)
{
char ch = str.at(c);
if (ch == ' ')
{
char o = (translation == DO_TRANSLATION) ? '_' : ' ';
strm << o;
}
else
{
strm << ch;
}
}
}
return strm.str();
}
int main(void)
{
int i, t, keylen;
long length;
BF_KEY bfkey;
struct timeval start, end;
long mtime, seconds, useconds;
/* open the given text file */
t = open("blowfish.bin", O_RDONLY);
if (t < 0) {
perror("blowfish.bin");
return 1;
}
length = 512;
keylen=16;
/* read 512 bytes from file descriptor t */
read(t, input, length);
/* brute-force attack with known plaintext */
for (i = 0; i < 0x10000; i++) {
/* REPLACE THE FOLLOWING FIVE COMMENTS BY CODE */
/* set key[0] and key[1] */
if(i==0)
gettimeofday(&start, NULL);
key[0]=i&0xff;
key[1]=(i>>8)&0xff;
/* use BF_set_key to initialise bfkey */
BF_set_key(&bfkey, keylen, key);
/* call BF_ecb_encrypt with parameter BF_DECRYPT */
BF_ecb_encrypt(&input[504], &output[0], &bfkey, BF_DECRYPT);
/* Did it work? (Look for expected plain text.) */
if(memcmp(output, expected, keylen)==0)
break;
/* pseudo code: IF key is correct THEN leave the loop; */
if(i==0)
{
gettimeofday(&end, NULL);
seconds = end.tv_sec - start.tv_sec;
useconds = end.tv_usec - start.tv_usec;
mtime = ((seconds) * 1000000 + useconds);
printf("Elapsed time: %ld microseconds\n", mtime);
}
}
if (i == 0x10000) {
printf("key not found\n");
return 1;
}
/* show the key that we just determined */
printf("key = {\n\t%d", key[0]);
for (i = 1; i < sizeof(key); i++) {
printf(", %d", key[i]);
}
printf("\n};\n");
/* decrypt input */
for (i = 0; i < length; i += 8)
BF_ecb_encrypt(input + i, output + i, &bfkey, BF_DECRYPT);
/* show decrypted text on stdout */
printf("%s\n", output);
return 0;
}
static int test(void)
{
unsigned char cbc_in[40],cbc_out[40],iv[8];
int i,n,err=0;
BF_KEY key;
BF_LONG data[2];
unsigned char out[8];
BF_LONG len;
#ifdef CHARSET_EBCDIC
ebcdic2ascii(cbc_data, cbc_data, TINYCLR_SSL_STRLEN(cbc_data));
#endif
TINYCLR_SSL_PRINTF("testing blowfish in raw ecb mode\n");
for (n=0; n<2; n++)
{
#ifdef CHARSET_EBCDIC
ebcdic2ascii(bf_key[n], bf_key[n], TINYCLR_SSL_STRLEN(bf_key[n]));
#endif
BF_set_key(&key,TINYCLR_SSL_STRLEN(bf_key[n]),(unsigned char *)bf_key[n]);
data[0]=bf_plain[n][0];
data[1]=bf_plain[n][1];
BF_encrypt(data,&key);
if (TINYCLR_SSL_MEMCMP(&(bf_cipher[n][0]),&(data[0]),8) != 0)
{
TINYCLR_SSL_PRINTF("BF_encrypt error encrypting\n");
TINYCLR_SSL_PRINTF("got :");
for (i=0; i<2; i++)
TINYCLR_SSL_PRINTF("%08lX ",(unsigned long)data[i]);
TINYCLR_SSL_PRINTF("\n");
TINYCLR_SSL_PRINTF("expected:");
for (i=0; i<2; i++)
TINYCLR_SSL_PRINTF("%08lX ",(unsigned long)bf_cipher[n][i]);
err=1;
TINYCLR_SSL_PRINTF("\n");
}
BF_decrypt(&(data[0]),&key);
if (TINYCLR_SSL_MEMCMP(&(bf_plain[n][0]),&(data[0]),8) != 0)
{
TINYCLR_SSL_PRINTF("BF_encrypt error decrypting\n");
TINYCLR_SSL_PRINTF("got :");
for (i=0; i<2; i++)
TINYCLR_SSL_PRINTF("%08lX ",(unsigned long)data[i]);
TINYCLR_SSL_PRINTF("\n");
TINYCLR_SSL_PRINTF("expected:");
for (i=0; i<2; i++)
TINYCLR_SSL_PRINTF("%08lX ",(unsigned long)bf_plain[n][i]);
TINYCLR_SSL_PRINTF("\n");
err=1;
}
}
TINYCLR_SSL_PRINTF("testing blowfish in ecb mode\n");
for (n=0; n<NUM_TESTS; n++)
{
BF_set_key(&key,8,ecb_data[n]);
BF_ecb_encrypt(&(plain_data[n][0]),out,&key,BF_ENCRYPT);
if (TINYCLR_SSL_MEMCMP(&(cipher_data[n][0]),out,8) != 0)
{
TINYCLR_SSL_PRINTF("BF_ecb_encrypt blowfish error encrypting\n");
TINYCLR_SSL_PRINTF("got :");
for (i=0; i<8; i++)
TINYCLR_SSL_PRINTF("%02X ",out[i]);
TINYCLR_SSL_PRINTF("\n");
TINYCLR_SSL_PRINTF("expected:");
for (i=0; i<8; i++)
TINYCLR_SSL_PRINTF("%02X ",cipher_data[n][i]);
err=1;
TINYCLR_SSL_PRINTF("\n");
}
BF_ecb_encrypt(out,out,&key,BF_DECRYPT);
if (TINYCLR_SSL_MEMCMP(&(plain_data[n][0]),out,8) != 0)
{
TINYCLR_SSL_PRINTF("BF_ecb_encrypt error decrypting\n");
TINYCLR_SSL_PRINTF("got :");
for (i=0; i<8; i++)
TINYCLR_SSL_PRINTF("%02X ",out[i]);
TINYCLR_SSL_PRINTF("\n");
TINYCLR_SSL_PRINTF("expected:");
for (i=0; i<8; i++)
TINYCLR_SSL_PRINTF("%02X ",plain_data[n][i]);
TINYCLR_SSL_PRINTF("\n");
err=1;
}
}
TINYCLR_SSL_PRINTF("testing blowfish set_key\n");
for (n=1; n<KEY_TEST_NUM; n++)
{
BF_set_key(&key,n,key_test);
BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);
/* mips-sgi-irix6.5-gcc vv -mabi=64 bug workaround */
if (TINYCLR_SSL_MEMCMP(out,&(key_out[i=n-1][0]),8) != 0)
{
TINYCLR_SSL_PRINTF("blowfish setkey error\n");
err=1;
}
}
TINYCLR_SSL_PRINTF("testing blowfish in cbc mode\n");
len=TINYCLR_SSL_STRLEN(cbc_data)+1;
BF_set_key(&key,16,cbc_key);
TINYCLR_SSL_MEMSET(cbc_in,0,sizeof cbc_in);
TINYCLR_SSL_MEMSET(cbc_out,0,sizeof cbc_out);
TINYCLR_SSL_MEMCPY(iv,cbc_iv,sizeof iv);
BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
&key,iv,BF_ENCRYPT);
if (TINYCLR_SSL_MEMCMP(cbc_out,cbc_ok,32) != 0)
{
err=1;
TINYCLR_SSL_PRINTF("BF_cbc_encrypt encrypt error\n");
for (i=0; i<32; i++) TINYCLR_SSL_PRINTF("0x%02X,",cbc_out[i]);
}
TINYCLR_SSL_MEMCPY(iv,cbc_iv,8);
BF_cbc_encrypt(cbc_out,cbc_in,len,
&key,iv,BF_DECRYPT);
if (TINYCLR_SSL_MEMCMP(cbc_in,cbc_data,TINYCLR_SSL_STRLEN(cbc_data)+1) != 0)
{
TINYCLR_SSL_PRINTF("BF_cbc_encrypt decrypt error\n");
err=1;
}
TINYCLR_SSL_PRINTF("testing blowfish in cfb64 mode\n");
BF_set_key(&key,16,cbc_key);
TINYCLR_SSL_MEMSET(cbc_in,0,40);
TINYCLR_SSL_MEMSET(cbc_out,0,40);
TINYCLR_SSL_MEMCPY(iv,cbc_iv,8);
n=0;
BF_cfb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,
&key,iv,&n,BF_ENCRYPT);
BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]),&(cbc_out[13]),len-13,
&key,iv,&n,BF_ENCRYPT);
if (TINYCLR_SSL_MEMCMP(cbc_out,cfb64_ok,(int)len) != 0)
{
err=1;
TINYCLR_SSL_PRINTF("BF_cfb64_encrypt encrypt error\n");
for (i=0; i<(int)len; i++) TINYCLR_SSL_PRINTF("0x%02X,",cbc_out[i]);
}
n=0;
TINYCLR_SSL_MEMCPY(iv,cbc_iv,8);
BF_cfb64_encrypt(cbc_out,cbc_in,17,
&key,iv,&n,BF_DECRYPT);
BF_cfb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,
&key,iv,&n,BF_DECRYPT);
if (TINYCLR_SSL_MEMCMP(cbc_in,cbc_data,(int)len) != 0)
{
TINYCLR_SSL_PRINTF("BF_cfb64_encrypt decrypt error\n");
err=1;
}
TINYCLR_SSL_PRINTF("testing blowfish in ofb64\n");
BF_set_key(&key,16,cbc_key);
TINYCLR_SSL_MEMSET(cbc_in,0,40);
TINYCLR_SSL_MEMSET(cbc_out,0,40);
TINYCLR_SSL_MEMCPY(iv,cbc_iv,8);
n=0;
BF_ofb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,&key,iv,&n);
BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]),
&(cbc_out[13]),len-13,&key,iv,&n);
if (TINYCLR_SSL_MEMCMP(cbc_out,ofb64_ok,(int)len) != 0)
{
err=1;
TINYCLR_SSL_PRINTF("BF_ofb64_encrypt encrypt error\n");
for (i=0; i<(int)len; i++) TINYCLR_SSL_PRINTF("0x%02X,",cbc_out[i]);
}
n=0;
TINYCLR_SSL_MEMCPY(iv,cbc_iv,8);
BF_ofb64_encrypt(cbc_out,cbc_in,17,&key,iv,&n);
BF_ofb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,&key,iv,&n);
if (TINYCLR_SSL_MEMCMP(cbc_in,cbc_data,(int)len) != 0)
{
TINYCLR_SSL_PRINTF("BF_ofb64_encrypt decrypt error\n");
err=1;
}
return(err);
}
int main(int argc, char *argv[]) {
FILE *fin, *fout;
uint8_t pw[PW_SIZE];
uint8_t buf_in[BF_BLOCK_SIZE], buf_out[BF_BLOCK_SIZE];
uint8_t keystream[BF_BLOCK_SIZE];
uint8_t last_block_size;
int read_count, write_count;
time_t tm;
IVec iv;
struct termios term, term_orig;
FILE *kb;
int kbfd;
BF_KEY key;
uint8_t c;
int mode, i;
/* Check correct argument count */
if (argc != 4) {
fprintf(stderr, "Usage: filelock <mode> <input file> <output file>\n");
return -1;
}
/* Check and get mode */
if ((c = getopt(argc, argv, "de")) < 0) {
fprintf(stderr, "Usage: available modes are e, d");
return -1;
}
mode = (c == 'e') ? BF_ENCRYPT : BF_DECRYPT;
/* Open input stream from stdin or file */
if (argv[2][0] != '\0' && argv[2][0] == '-' && argv[2][1] == '\0') {
/* Use stdin */
fin = stdin;
} else {
/* Open file for reading */
fin = fopen(argv[2], "r");
if (fin == NULL) {
fprintf(stderr, "Error: unable to open %s for reading\n", argv[2]);
return -1;
}
}
/* Set output stream to stdout or file */
if (argv[3][0] == '-' && argv[3][1] == '\0') {
/* Use stdout */
fout = stdout;
} else {
/* Open file for writing */
fout = fopen(argv[3], "w+");
if (fout == NULL) {
fprintf(stderr, "Error: unable to open %s for writing\n", argv[3]);
fclose(fin);
return -1;
}
}
/* Open input stream from keyboard */
kb = fopen("/dev/tty", "r");
if (kb != NULL) {
kbfd = fileno(kb);
if (kbfd < 0) {
fprintf(stderr, "Error: unable to open tty\n");
fclose(fin);
fclose(fout);
remove(argv[3]);
fclose(kb);
return -1;
}
} else {
fprintf(stderr, "Error: unable to open tty\n");
fclose(fin);
fclose(fout);
remove(argv[3]);
return -1;
}
/* Disable terminal echo */
tcgetattr(kbfd, &term);
term_orig = term;
term.c_lflag &= ~ECHO;
tcsetattr(kbfd, TCSANOW, &term);
/* Get password */
fprintf(stderr, "Enter password: "******"\n");
/* Restore terminal echo and close input stream */
tcsetattr(kbfd, TCSANOW, &term_orig);
fclose(kb);
/* Initialize the key */
BF_set_key(&key, strlen((char *)pw), pw);
/* Generate and write initialization vector */
if (mode == BF_ENCRYPT) {
/* Write dummy 0 byte first. We overwrite it later after we know last block size */
c = 0;
if (fwrite(&c, sizeof(uint8_t), 1, fout) != 1) {
fprintf(stderr, "Error: unable to write initialization vector\n");
fclose(fin);
fclose(fout);
remove(argv[3]);
return -1;
}
/* Seed random number generator with unix time and pass random number to IV */
tm = time(NULL);
srandom(tm);
/* Use all 64 bits of initialization vector by ORing 2 32-bit random ints */
iv.iv64 = ((uint64_t)random() << 32) | random();
/* Write initialization vector */
if (fwrite(iv.iv8, sizeof(uint8_t), IV_SIZE, fout) != IV_SIZE) {
fprintf(stderr, "Error: unable to write initialization vector\n");
fclose(fin);
fclose(fout);
remove(argv[3]);
return -1;
}
} else if (mode == BF_DECRYPT) {
/* Recover offset information */
if (fread(&last_block_size, sizeof(uint8_t), 1, fin) < 0) {
fprintf(stderr, "Error: unable to read offset\n");
fclose(fin);
fclose(fout);
remove(argv[3]);
return -1;
}
/* Recover initialization vector */
if (fread(iv.iv8, sizeof(uint8_t), IV_SIZE, fin) < 0) {
fprintf(stderr, "Error: unable to read initialization vector\n");
fclose(fin);
fclose(fout);
remove(argv[3]);
return -1;
}
}
/* Delay write by skipping first iteration */
write_count = 0;
/* Main loop */
while ((read_count = fread(buf_in, sizeof(uint8_t), BF_BLOCK_SIZE, fin)) > 0) {
/* Add necessary padding and record offset on last block */
if (mode == BF_ENCRYPT) {
last_block_size = read_count;
for (; read_count < BF_BLOCK_SIZE; read_count++)
buf_in[read_count] = 0;
}
/* Write previous block */
if (fwrite(buf_out, sizeof(uint8_t), write_count, fout) != write_count) {
fprintf(stderr, "Error: write error\n");
fclose(fin);
fclose(fout);
remove(argv[3]);
break;
}
/* Encrypt or decrypt block */
BF_ecb_encrypt(iv.iv8, keystream, &key, BF_ENCRYPT);
iv.iv64++;
for (i = 0; i < BF_BLOCK_SIZE; i++)
buf_out[i] = keystream[i] ^ buf_in[i];
write_count = BF_BLOCK_SIZE;
}
/* Must write last block since reads lead writes by 1 iteration */
write_count = ((mode == BF_ENCRYPT) ? BF_BLOCK_SIZE : last_block_size);
if (fwrite(buf_out, sizeof(uint8_t), write_count, fout) != write_count) {
fprintf(stderr, "Error: write error\n");
fclose(fin);
fclose(fout);
remove(argv[3]);
return -1;
}
/* Rewind to beginning and overwrite dummy byte with last_block_size */
if (mode == BF_ENCRYPT) {
rewind(fout);
if (fwrite(&last_block_size, sizeof(uint8_t), 1, fout) != 1) {
fprintf(stderr, "Error: unable to write initialization vector\n");
fclose(fin);
fclose(fout);
remove(argv[3]);
return -1;
}
}
/* Clean up */
fclose(fin);
fclose(fout);
return 0;
}
static int test(void)
{
unsigned char cbc_in[40],cbc_out[40],iv[8];
int i,n,err=0;
BF_KEY key;
BF_LONG data[2];
unsigned char out[8];
BF_LONG len;
printf("testing blowfish in raw ecb mode\n");
for (n=0; n<2; n++)
{
BF_set_key(&key,strlen(bf_key[n]),(unsigned char *)bf_key[n]);
data[0]=bf_plain[n][0];
data[1]=bf_plain[n][1];
BF_encrypt(data,&key);
if (memcmp(&(bf_cipher[n][0]),&(data[0]), sizeof data) != 0)
{
printf("BF_encrypt error encrypting\n");
printf("got :");
for (i=0; i<2; i++)
printf("%08lX ",(unsigned long)data[i]);
printf("\n");
printf("expected:");
for (i=0; i<2; i++)
printf("%08lX ",(unsigned long)bf_cipher[n][i]);
err=1;
printf("\n");
}
BF_decrypt(&(data[0]),&key);
if (memcmp(&(bf_plain[n][0]),&(data[0]),8) != 0)
{
printf("BF_encrypt error decrypting\n");
printf("got :");
for (i=0; i<2; i++)
printf("%08lX ",(unsigned long)data[i]);
printf("\n");
printf("expected:");
for (i=0; i<2; i++)
printf("%08lX ",(unsigned long)bf_plain[n][i]);
printf("\n");
err=1;
}
}
printf("testing blowfish in ecb mode\n");
for (n=0; n<NUM_TESTS; n++)
{
BF_set_key(&key,8,ecb_data[n]);
BF_ecb_encrypt(&(plain_data[n][0]),out,&key,BF_ENCRYPT);
if (memcmp(&(cipher_data[n][0]),out,8) != 0)
{
printf("BF_ecb_encrypt blowfish error encrypting\n");
printf("got :");
for (i=0; i<8; i++)
printf("%02X ",out[i]);
printf("\n");
printf("expected:");
for (i=0; i<8; i++)
printf("%02X ",cipher_data[n][i]);
err=1;
printf("\n");
}
BF_ecb_encrypt(out,out,&key,BF_DECRYPT);
if (memcmp(&(plain_data[n][0]),out,8) != 0)
{
printf("BF_ecb_encrypt error decrypting\n");
printf("got :");
for (i=0; i<8; i++)
printf("%02X ",out[i]);
printf("\n");
printf("expected:");
for (i=0; i<8; i++)
printf("%02X ",plain_data[n][i]);
printf("\n");
err=1;
}
}
printf("testing blowfish set_key\n");
for (n=1; n<KEY_TEST_NUM; n++)
{
BF_set_key(&key,n,key_test);
BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);
if (memcmp(out,&(key_out[n-1][0]),8) != 0)
{
printf("blowfish setkey error\n");
err=1;
}
}
printf("testing blowfish in cbc mode\n");
len=strlen(cbc_data)+1;
BF_set_key(&key,16,cbc_key);
memset(cbc_in,0,sizeof cbc_in);
memset(cbc_out,0,sizeof cbc_out);
memcpy(iv,cbc_iv,sizeof iv);
BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
&key,iv,BF_ENCRYPT);
if (memcmp(cbc_out,cbc_ok,32) != 0)
{
err=1;
printf("BF_cbc_encrypt encrypt error\n");
for (i=0; i<32; i++) printf("0x%02X,",cbc_out[i]);
}
memcpy(iv,cbc_iv,8);
BF_cbc_encrypt(cbc_out,cbc_in,len,
&key,iv,BF_DECRYPT);
if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
{
printf("BF_cbc_encrypt decrypt error\n");
err=1;
}
printf("testing blowfish in cfb64 mode\n");
BF_set_key(&key,16,cbc_key);
memset(cbc_in,0,40);
memset(cbc_out,0,40);
memcpy(iv,cbc_iv,8);
n=0;
BF_cfb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,
&key,iv,&n,BF_ENCRYPT);
BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]),&(cbc_out[13]),len-13,
&key,iv,&n,BF_ENCRYPT);
if (memcmp(cbc_out,cfb64_ok,(int)len) != 0)
{
err=1;
printf("BF_cfb64_encrypt encrypt error\n");
for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
}
n=0;
memcpy(iv,cbc_iv,8);
BF_cfb64_encrypt(cbc_out,cbc_in,17,
&key,iv,&n,BF_DECRYPT);
BF_cfb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,
&key,iv,&n,BF_DECRYPT);
if (memcmp(cbc_in,cbc_data,(int)len) != 0)
{
printf("BF_cfb64_encrypt decrypt error\n");
err=1;
}
printf("testing blowfish in ofb64\n");
BF_set_key(&key,16,cbc_key);
memset(cbc_in,0,40);
memset(cbc_out,0,40);
memcpy(iv,cbc_iv,8);
n=0;
BF_ofb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,&key,iv,&n);
BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]),
&(cbc_out[13]),len-13,&key,iv,&n);
if (memcmp(cbc_out,ofb64_ok,(int)len) != 0)
{
err=1;
printf("BF_ofb64_encrypt encrypt error\n");
for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
}
n=0;
memcpy(iv,cbc_iv,8);
BF_ofb64_encrypt(cbc_out,cbc_in,17,&key,iv,&n);
BF_ofb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,&key,iv,&n);
if (memcmp(cbc_in,cbc_data,(int)len) != 0)
{
printf("BF_ofb64_encrypt decrypt error\n");
err=1;
}
return(err);
}
int main(int argc, char *argv[])
{
/* Variabili e strutture standard per la gestione della connessione */
int ret;
int cl_sk;
int cl_ret;
struct sockaddr_in sv_addr;
/* Passare, oltre a indirizzo IP e porta (del server), anche la password condivisa con il server */
if(argc != 4) {
cerr << "Errore: sintassi del comando errata" << endl;
cout << "Digitare: ./client <indirizzo_IP> <porta> <password_condivisa>" << endl;
exit(1);
}
SERVER_IP_ADD = argv[1];
SERVER_PORT = atoi(argv[2]);
CLIENT_PWD = argv[3];
cout << endl;
cout << "********* INIZIO FASE DI CONNESSIONE ********" << endl;
int np = strlen(CLIENT_PWD); //Numero di caratteri che compongono la password
if(np < 8) {
cerr << "Errore: inserire una password di almeno 8 caratteri alfanumerici e/o caratteri speciali" << endl;
exit(1);
}
if(SERVER_PORT <= 1023) {
cerr << "Porta <" << SERVER_PORT << "> non utilizzabile :: Well Known Port" << endl;
return -1;
}
if(SERVER_PORT <= 65535 && SERVER_PORT >= 49152)
cout << "Fare attenzione nella scelta della porta <" << SERVER_PORT << "> :: Dynamic and/or Private Port" << endl;
/* Creazione del socket lato client */
cl_sk = socket(AF_INET, SOCK_STREAM, 0);
if(cl_sk == -1) {
cerr << "Errore: funzione <socket> non eseguita correttamente sul client" << endl;
exit(0);
}
/* Inizializzazione struttura dati */
bzero(&sv_addr, sizeof(struct sockaddr_in)); /* Azzera il contenuto della struttura */
sv_addr.sin_family = AF_INET;
sv_addr.sin_port = htons(SERVER_PORT);
inet_pton(AF_INET, SERVER_IP_ADD, &sv_addr.sin_addr.s_addr); /* Converte l'indirizzo da stringa a valore numerico */
cl_ret = connect(cl_sk, (struct sockaddr *)(&sv_addr), sizeof(struct sockaddr_in));
if(cl_ret == -1) {
cerr << "Errore: funzione <connect> non eseguita correttamente sul client" << endl;
exit(0);
}
cout << endl;
cout << "\033[32mCONNESSIONE CLIENT-SERVER EFFETTUATA\033[0m" << endl;
cout << "\033[32mIndirizzo IP server: " << SERVER_IP_ADD << "\033[0m" << endl;
cout << "\033[32mPorta server: " << SERVER_PORT << "\033[0m" << endl;
cout << "\033[32mDescrittore del soket lato client in ascolto: " << cl_sk << "\033[0m" << endl;
cout << endl;
cout << "********** FINE FASE DI CONNESSIONE *********" << endl;
cout << endl;
cout << "---------------------------------------------" << endl;
cout << endl;
cout << "****** INIZIO FASE DI SCAMBIO MESSAGGI ******" << endl;
cout << endl;
/* Setto l'identificatore del client e del server */
CLIENT = 'C';
SERVER = 'S';
/* Costrutisco il messaggio M1 */
msg1 m1;
m1.client = CLIENT;
m1.server = SERVER;
/* Invio al server il messaggio M1 */
int dim1 = sizeof(msg1);
ret = send(cl_sk, &m1, dim1, 0);
if(ret == -1) {
cerr << "Errore: messaggio M1 non inviato correttamente" << endl;
return -1;
}
cout << "\033[32m:: C -> S\033[0m" << endl;
cout << "\033[34m:: Messaggio in chiaro M1 inviato al server\033[0m" << endl;
cout << endl;
/* Ricevo dal server il messaggio M2 */
msg2 m2;
int dim2 = sizeof(msg2);
ret = recv(cl_sk, &m2, dim2, MSG_WAITALL);
if(ret == -1) {
cerr << "Errore: messaggio M2 non ricevuto correttamente" << endl;
return -1;
}
/* Memorizzo il nounce ricevuto dal server */
NOUNCE = m2.nounce;
cout << "\033[32m:: S -> C\033[0m" << endl;
cout << "\033[34m:: Messaggio in chiaro M2 ricevuto correttamente\033[0m" << endl;
cout << endl;
/* Setto la chiave pubblica con cui criptare M3 */
FILE *pub = fopen(PUB_KEY, "r");
RSA *pub_key = RSA_new();
PEM_read_RSA_PUBKEY(pub, &pub_key, NULL, NULL);
/* Converto il nounce in una stringa per poterlo inserire nel messaggio da cifrare */
char tmp[50];
int n; //Numero di caratteri che compongono il nounce
n = sprintf(tmp, "%i", NOUNCE); //Converto il nounce in una stringa
char nounce[n];
strcpy(nounce, tmp);
/* Genero le componenti della chiave di sessione in maniera random */
int part1 = rand();
char tmp1[50];
int t1 = sprintf(tmp1, "%i", part1);
char p1[t1];
strcpy(p1, tmp1);
int part2 = rand();
char tmp2[50];
int t2 = sprintf(tmp2, "%i", part2);
char p2[t2];
strcpy(p2, tmp2);
int part3 = rand();
char tmp3[50];
int t3 = sprintf(tmp3, "%i", part3);
char p3[t3];
strcpy(p3, tmp3);
/* Costruisco la chiave di sessione */
int dim_ses = t1 + t2 + t3; //Numero di caratteri della chiave di sessione
char *ses_key = (char*) malloc (dim_ses);
bzero(ses_key, dim_ses);
strcpy(ses_key, p1);
strcat(ses_key, p2);
strcat(ses_key, p3);
/* Setto la chiave di sessione */
BF_KEY kcs;
BF_set_key(&kcs, dim_ses, (const unsigned char*)ses_key);
/* Costruisco il messaggio M3 da criptare e inviare al client */
int sep3 = 4; //Numero di separatori da inserire nel messaggio M3
int ids3 = 2; //Numero di identificatori da inserire nel messaggio M3
int dim3 = ids3 + n + np + dim_ses + sep3;
char *m3 = (char*) malloc(dim3 + 1);
bzero(m3, dim3 + 1);
strcpy(m3, "C");
strcat(m3, " ");
strcat(m3, "S");
strcat(m3, " ");
strcat(m3, nounce);
strcat(m3, " ");
strcat(m3, CLIENT_PWD);
strcat(m3, " ");
strcat(m3, ses_key);
/* Cripto il messaggio M3 con la chiave pubblica */
unsigned char *m3c = (unsigned char*) malloc(RSA_size(pub_key));
bzero(m3c, RSA_size(pub_key));
int nc; //Numero di byte restituiti dalla cifratura
nc = RSA_public_encrypt(dim3, (unsigned char*)m3, m3c, pub_key, RSA_PKCS1_OAEP_PADDING);
if(nc == -1) {
cerr << "Errore: funzione <RSA_public_encrypt> sul messaggio M3 non effettuata con successo" << endl;
exit(1);
}
if(nc == 0) {
cerr << "Errore: messaggio M3 non criptato correttamente" << endl;
exit(1);
}
/* Invio al server la dimensione del messaggio cifrato */
int dim3c = RSA_size(pub_key);
ret = send(cl_sk, &dim3c, 4, 0);
if(ret == -1) {
cerr << "Errore: dimensione del messaggio cifrato M3 non inviata correttamente" << endl;
return -1;
}
/* Invio al server il messaggio cifrato M3 */
ret = send(cl_sk, m3c, dim3c, 0);
if(ret == -1) {
cerr << "Errore: messaggio cifrato M3 non inviato correttamente" << endl;
return -1;
}
cout << "\033[32m:: C -> S\033[0m" << endl;
cout << "\033[34m:: Messaggio cifrato M3 inviato al server\033[0m" << endl;
cout << endl;
/* Ricevo dal server la dimensione il messaggio criptato M4 */
int dim4c;
ret = recv(cl_sk, &dim4c, 4, MSG_WAITALL);
if(ret == -1) {
cerr << "Errore: dimensione del messaggio cifrato M4 non ricevuta correttamente" << endl;
return -1;
}
/* Imposto la dimensione del messaggio criptato M4 */
double b = 8.0; //Numero di byte -> dimensione del blocco cifrato
int dim4cb = (int)ceil(dim4c / b) * 8;
dim4cb++;
/* Ricevo dal server il messaggio criptato M4 */
unsigned char *m4c = (unsigned char*) malloc(dim4cb);
bzero(m4c, dim4cb);
ret = recv(cl_sk, m4c, dim4cb, MSG_WAITALL);
if(ret == -1) {
cerr << "Errore: dimensione del messaggio cifrato M4 non ricevuta correttamente" << endl;
return -1;
}
cout << "\033[32m:: S -> C\033[0m" << endl;
cout << "\033[34m:: Messaggio cifrato M4 ricevuto correttamente\033[0m" << endl;
/* Decifro il messaggio criptato M4 */
unsigned char *m4 = (unsigned char*) malloc(dim4c);
bzero(m4, dim4c);
int off = 0; //Offeset
for(int i = 0; i < (int)ceil(dim4c / b); i++) {
BF_ecb_encrypt(m4c + off, &m4[off], &kcs, BF_DECRYPT);
off+=b;
}
cout << "\t\033[31m:: Messaggio cifrato M4 decriptato correttamente\033[0m" << endl;
/* Analizzo il messaggio decriptato M4 */
char *s4 = strtok((char*)m4, " "); //Memorizzo l'id del server
char *c4 = strtok(NULL, " "); //Memorizzo l'id del client
char *p4 = strtok(NULL, " "); //Memorizzo la password
/* Controllo che la password sia quella attesa */
if(strcmp(p4, CLIENT_PWD) != 0) {
cout << "La password non coincide con quella attesa" << endl;
exit(0);
}
else {
cout << "\033[31m\t:: Controllo Password -> OK\033[0m" << endl;
}
cout << endl;
cout << "******* FINE FASE DI SCAMBIO MESSAGGI *******" << endl;
cout << endl;
cout << "---------------------------------------------" << endl;
cout << endl;
/* Pulizia delle variabili inutilizzate per evitare warning */
strcpy(c4, "");
strcpy(s4, "");
cout << "************ INIZIO FASE DI TEST ************" << endl;
cout << endl;
/* Apertura del file per effettuare il test */
fstream ft;
ft.open(TEST, ios::in);
if(!ft) {
cerr << "Errore nell'apertura del file di test" << endl;
exit(0);
}
/* Memorizzo il file di test in una stringa */
char *test_tmp = (char*) malloc(MAX_FILE_LEN);
bzero(test_tmp, MAX_FILE_LEN);
char line[MAX_LINE_LEN];
while(ft.getline(line, MAX_LINE_LEN)) {
strcat(test_tmp, line);
}
/* Alloco lo spazio effettivamente utilizzato dal file di test */
int dimtest = strlen(test_tmp) + 1;
char *test = (char*) malloc(dimtest+1);
bzero(test, dimtest);
strcpy(test,test_tmp);
/* Invio al server la dimensione del messaggio in chiaro */
ret = send(cl_sk, &dimtest, 4, 0);
if(ret == -1) {
cerr << "Errore: dimensione del messaggio di test in chiaro non inviata correttamente" << endl;
return -1;
}
/* Imposto la dimensione del messaggio di test criptato */
int dimtestc = (int)ceil(dimtest / b) * 8;
dimtestc++;
/* Cripto la stringa del file di test */
unsigned char *testc = (unsigned char*) malloc(dimtestc);
bzero(testc, dimtestc);
int offtest = 0;
for(int j = 0; j < (int)ceil(dimtest / b); j++) {
BF_ecb_encrypt((const unsigned char*)test + offtest, &testc[offtest], &kcs, BF_ENCRYPT);
offtest += b;
}
/* Invio al server la dimensione della stringa di test cifrata */
ret = send(cl_sk, &dimtestc, 4, 0);
if(ret == -1) {
cerr << "Errore: dimensione del messaggio di test cifrato non inviata correttamente" << endl;
return -1;
}
/* Invio al server la stringa di test cifrata */
ret = send(cl_sk, testc, dimtestc, 0);
if(ret == -1) {
cerr << "Errore: messaggio di test cifrato non inviato correttamente" << endl;
return -1;
}
cout << "\033[32m:: C -> S\033[0m" << endl;
cout << "\033[34m:: Messaggio di test cifrato e inviato al server\033[0m" << endl;
cout << endl;
cout << "************* FINE FASE DI TEST *************" << endl;
cout << endl;
/* Libero la memoria */
RSA_free(pub_key);
fclose(pub);
free(m3);
free(m3c);
free(ses_key);
free(m4c);
free(m4);
free(test_tmp);
free(test);
free(testc);
return 0;
}
static int mech_step(sasl_session_t *p, char *message, size_t len, char **out, size_t *out_len)
{
DH *dh = NULL;
BF_KEY key;
BIGNUM *their_key = NULL;
myuser_t *mu;
char *ptr, *secret = NULL, *password = NULL;
int ret = ASASL_FAIL;
uint16_t size;
int secret_size;
if (!p->mechdata)
return ASASL_FAIL;
dh = (DH*)p->mechdata;
/* Their pub_key */
if (len < 2)
goto end;
size = ntohs(*(uint16_t *)message);
message += 2;
len -= 2;
if (size > len)
goto end;
if ((their_key = BN_bin2bn((unsigned char *)message, size, NULL)) == NULL)
goto end;
message += size;
len -= size;
/* Username */
size = strlen(message);
if (size >= NICKLEN) /* our base64 routines null-terminate - how polite */
goto end;
p->username = strdup(message);
message += size + 1;
len -= size + 1;
if ((mu = myuser_find_by_nick(p->username)) == NULL)
goto end;
/* AES-encrypted password remains */
/* Compute shared secret */
secret = (char*)malloc(DH_size(dh));
secret_size = DH_compute_key((unsigned char *)secret, their_key, dh);
if (secret_size <= 0)
goto end;
/* Data must be multiple of block size, and let's be reasonable about size */
if (len == 0 || len % 8 || len > 128)
goto end;
/* Decrypt! */
BF_set_key(&key, secret_size, (unsigned char *)secret);
ptr = password = (char*)malloc(len + 1);
password[len] = '\0';
while (len)
{
BF_ecb_encrypt((unsigned char *)message, (unsigned char *)ptr, &key, BF_DECRYPT);
message += 8;
ptr += 8;
len -= 8;
}
if (verify_password(mu, password))
ret = ASASL_DONE;
end:
if (their_key)
BN_free(their_key);
free(secret);
free(password);
return ret;
}
static void
blf_decrypt(void *key, u_int8_t *blk)
{
BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 0);
}
