int main(void)
{
HCRYPTPROV hCryptProv = 0;
HCRYPTKEY key = 0;
unsigned long cLen = 0;
char *cipherText = 0;
char *plainText = "PLAIN_TEXT_PLAIN_TEXT\0";
char *password = "******";
unsigned char *decrypted = 0;
if (!CryptoInit(&key, &hCryptProv, password, strlen(password)))
{
printf("Crypto initializing failed\n");
return EXIT_FAILURE;
}
if (!Encrypt(key, &cipherText, &cLen, (unsigned char *)plainText, strlen(plainText)))
{
printf("Encryption failed\n");
if (hCryptProv) CryptReleaseContext(hCryptProv, 0);
return EXIT_FAILURE;
}
printf("Encrypted string: %s\n", cipherText);
if (!Decrypt(key, &decrypted, cipherText, cLen))
{
printf("Decryption failed\n");
SAFE_FREE(cipherText);
if (hCryptProv) CryptReleaseContext(hCryptProv, 0);
return EXIT_FAILURE;
}
SAFE_FREE(cipherText);
printf("Decrypted string: %s\n", decrypted);
SAFE_FREE(decrypted);
CryptoUninit(key, hCryptProv);
return EXIT_SUCCESS;
}
ClientConf *DoAuthenticateServer(int net_fd, struct sockaddr_in *from)
{
ClientConf *Client = NULL;
int dcr_size = 0, cr_size = 0, i = 0;
char ConnectionID[MED_BUF];
unsigned char cr_buffer[BUFSIZ], dcr_buffer[BUFSIZ], orig_buffer[BUFSIZ], signature[MED_BUF];
unsigned int siglen = 0;
memset(dcr_buffer, 0, sizeof(dcr_buffer));
memset(orig_buffer, 0, sizeof(orig_buffer));
/* Get the connection ID */
if ((i = ReadN(net_fd, (struct sockaddr *)from, (unsigned char *)ConnectionID, MED_BUF)) <= 0) {
fprintf(stderr, "DoAuthenticateServer : ReadN\n");
return NULL;
}
ConnectionID[i] = '\0';
/* Load the client setup */
if ((Client = ReadClientConf(SrvSetup.cfgfile, ConnectionID)) == NULL) {
fprintf(stderr, "DoAuthenticateServer : ReadClientConf\n");
return NULL;
}
if (LoadPublicKeyFromFile(Client->fpubkey, &(Client->pub), CLIENT_LOAD_SERVER_PUBLIC_KEYFILE_ERR)) {
fprintf(stderr, "DoAuthenticateServer : LoadPublicKeyFromFile\n");
return NULL;
}
/* Create a random message, sign it, encrypt it and send it with its signature */
if (CreateRandomMessage(orig_buffer, MIN_BUF) < 0) {
fprintf(stderr, "DoAuthenticateServer : CreateRandomMessage\n");
return NULL;
}
if (SignMessage(SrvSetup.priv, orig_buffer, MIN_BUF, signature, &siglen) < 0) {
fprintf(stderr, "DoAuthenticateServer : SignMesage\n");
return NULL;
}
if (EncryptMessageWithPublicKey(Client->pub, orig_buffer, MIN_BUF, cr_buffer, &cr_size) < 0) {
fprintf(stderr, "DoAuthenticateServer : EncryptMessageWithPublicKey\n");
return NULL;
}
if (WriteH(net_fd, (struct sockaddr *)from, cr_buffer, cr_size) < 0) {
fprintf(stderr, "DoAuthenticateServer : WriteH\n");
return NULL;
}
if (WriteH(net_fd, (struct sockaddr *)from, signature, siglen) <= 0) {
fprintf(stderr, "DoAuthenticateServer : WriteH\n");
return NULL;
}
/* Read the answer and decrypt it */
if ((cr_size = ReadN(net_fd, (struct sockaddr *)from, cr_buffer, BUFSIZ)) < 0) {
fprintf(stderr, "DoAuthenticateServer : ReadN\n");
return NULL;
}
else if (cr_size == 0) {
fprintf(stderr, "Authentication failed. Access denied!\n");
fprintf(stderr, "Disconnecting client\n");
return NULL;
}
if (DecryptMessageWithPrivateKey(SrvSetup.priv, cr_buffer, cr_size, dcr_buffer, &dcr_size)) {
fprintf(stderr, "DoAuthenticateServer : DecryptMessageWithPrivateKey\n");
return NULL;
}
/* Check if the message is ok */
if (memcmp(orig_buffer, dcr_buffer, MIN_BUF)) {
fprintf(stderr, "Access denied!\n");
return NULL;
}
/* Save the origin information in the client's structure */
memcpy(&(Client->ns.data), from, sizeof(struct sockaddr_in));
inet_aton(Client->ns.ip, &Client->ns.data.sin_addr);
/* Create a key, arrange a network setup for the client and send it over */
if (CreateRandomKey(Client->PrivKey, KEYSIZE)) {
fprintf(stderr, "DoAuthenticateServer : CreateRandomKey\n");
return NULL;
}
/*sprintf((char *)dcr_buffer, "key=%s,ip=%s,netmask=%s,broadcast=%s,mtu=%s", Client->PrivKey, Client->ns.ip, Client->ns.msk, Client->ns.brd, Client->ns.mtu);*/
memset(dcr_buffer, '\0', sizeof(dcr_buffer));
memcpy(dcr_buffer, "key=", 4);
memcpy(dcr_buffer + 4, Client->PrivKey, KEYSIZE);
sprintf((char *)dcr_buffer + 4 + KEYSIZE, ",ip=%s,netmask=%s,broadcast=%s", Client->ns.ip, Client->ns.msk, Client->ns.brd);
dcr_size = 4 + KEYSIZE + strlen(((char *)dcr_buffer) + 4 + KEYSIZE);
if (EncryptMessageWithPublicKey(Client->pub, dcr_buffer, dcr_size, cr_buffer, &cr_size) < 0) {
fprintf(stderr, "DoAuthenticateServer : EncryptMessageWithPublicKey\n");
return NULL;
}
if (WriteH(net_fd, (struct sockaddr *)from, cr_buffer, cr_size) < 0) {
fprintf(stderr, "DoAuthenticateServer : WriteH\n");
return NULL;
}
CryptoInit(&(Client->ctx), Client->PrivKey, &(Client->IV));
return Client;
}
static uint32 SecureRKModeInit(void)
{
#if !defined(CONFIG_SECURE_RSA_KEY_IN_RAM)
BOOT_HEADER *pHead = (BOOT_HEADER *)g_rsa_key_buf;
uint32 i = 0;
int32 ret;
#endif /* CONFIG_SECURE_RSA_KEY_IN_RAM */
uint32 secure = 0;
/* check efuse secure flag */
secure = 0;
#if !defined(CONFIG_SECURE_RSA_KEY_IN_RAM)
#if defined(CONFIG_RKCHIP_RK3128)
/* rk3128 efuse read char unit */
uint8 flag = 0;
EfuseRead(&flag, 0X1F, 1);
if (0xFF == flag) {
secure = 1;
}
CryptoInit();
#elif defined(CONFIG_RKCHIP_RK3288) || defined(CONFIG_RKCHIP_RK3368)
/* rk3288/rk3368 efuse read word unit */
uint32 flag = 0;
EfuseRead(&flag, 0X00, 4);
if (flag & 0x01) {
secure = 1;
}
CryptoInit();
#endif
#else
if (SecureRKModeGetRSAKey() == 0) {
secure = 1;
}
CryptoInit();
#endif /* CONFIG_SECURE_RSA_KEY_IN_RAM */
if (secure != 0) {
SecureMode = SBOOT_MODE_RK;
printf("Secure Boot Mode: 0x%x\n", SecureMode);
#if !defined(CONFIG_SECURE_RSA_KEY_IN_RAM)
StorageReadFlashInfo((uint8 *)&g_FlashInfo);
i = 0;
if (StorageGetBootMedia() == BOOT_FROM_FLASH) {
i = 2;
}
for (; i<16; i++) {
PRINT_E("SecureInit %x\n", i * g_FlashInfo.BlockSize + 4);
ret = StorageReadPba(i * g_FlashInfo.BlockSize + 4, g_rsa_key_buf, 4);
if (ret == FTL_OK) {
if (SecureRKModeGetRSAKey() == 0) {
if ((pHead->tag == 0x4B415352) && (SecureRKModeChkPubkey(pHead->RSA_N) == 0)) {
break;
}
}
}
}
/* check key error */
if (i >= 16) {
return ERROR;
}
#endif /* CONFIG_SECURE_RSA_KEY_IN_RAM */
/* config drm information */
SecureBootEn = 1;
SecureBootLock = 1;
if (StorageSysDataLoad(1, &gDrmKeyInfo) == FTL_OK) {
if ((gDrmKeyInfo.drmtag != 0x4B4D5244) || (gDrmKeyInfo.publicKeyLen == 0)) {
gDrmKeyInfo.drmtag = 0x4B4D5244;
gDrmKeyInfo.drmLen = 504;
gDrmKeyInfo.publicKeyLen = 0x200;
gDrmKeyInfo.keyBoxEnable = 1;
gDrmKeyInfo.drmKeyLen = 0;
gDrmKeyInfo.secureBootLock = 1;
gDrmKeyInfo.secureBootLockKey = 0;
StorageSysDataStore(1, &gDrmKeyInfo);
}
}
}
return OK;
}
