CTomcryptInternals(void)
{
int ErrorCode = register_cipher(&rijndael_desc);
if (ErrorCode == -1)
{
throw ExInternalError(std::string("Cannot register AES cipher."));
}
ErrorCode = register_prng(&fortuna_desc);
if (ErrorCode == -1)
{
throw ExInternalError(std::string("Cannot register fortuna pseudo random generator."));
}
int const GeneratorID = find_prng("fortuna");
ErrorCode = rng_make_prng(128, GeneratorID, &mRandomGenerator, NULL);
if (ErrorCode != CRYPT_OK)
{
throw ExInternalError(std::string("Error while starting random generator: ")+std::string(error_to_string(ErrorCode)));
}
ErrorCode = register_hash(&sha256_desc);
if (ErrorCode == -1)
{
throw ExInternalError(std::string("Cannot register SHA2 hash."));
}
return;
}
int main(int argc, char **argv)
{
int rc = 0;
prng_state prng;
int prng_index, hash_index;
rsa_key key;
int i;
ltc_mp = tfm_desc;
prng_index = register_prng(&sprng_desc); /* (fortuna_desc is a good choice if your platform's PRNG sucks.) */
if (prng_index == -1) {
fail("Failed to register a RNG");
}
hash_index = register_hash(&sha256_desc);
if (hash_index == -1) {
fail("Failed to register sha256 hasher");
}
if ((rc = rng_make_prng(128, prng_index, &prng, NULL)) != CRYPT_OK) {
fail("rng_make_prng failed: %s", error_to_string(rc));
}
read_rsakey(&key, "privatekey.bin");
for (i = 1; i < argc; i++) {
sign_file(argv[i], &key, &prng, prng_index, hash_index);
}
rsa_free(&key);
return 0;
}
static void register_algs(void)
{
int err;
atexit(_unregister_all);
#ifndef LTC_YARROW
#error This demo requires Yarrow.
#endif
if ((err = register_all_ciphers()) != CRYPT_OK) {
fprintf(stderr, "register_all_ciphers err=%s\n", error_to_string(err));
exit(EXIT_FAILURE);
}
if ((err = register_all_hashes()) != CRYPT_OK) {
fprintf(stderr, "register_all_hashes err=%s\n", error_to_string(err));
exit(EXIT_FAILURE);
}
if ((err = register_all_prngs()) != CRYPT_OK) {
fprintf(stderr, "register_all_prngs err=%s\n", error_to_string(err));
exit(EXIT_FAILURE);
}
if ((err = rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL)) != CRYPT_OK) {
fprintf(stderr, "rng_make_prng failed: %s\n", error_to_string(err));
exit(EXIT_FAILURE);
}
if (strcmp("CRYPT_OK", error_to_string(err))) {
exit(EXIT_FAILURE);
}
}
int prng_test(void)
{
int err = CRYPT_NOP;
int x;
unsigned char buf[4096] = { 0 };
unsigned long n, one;
prng_state nprng;
#ifdef LTC_PRNG_ENABLE_LTC_RNG
unsigned long before;
unsigned long (*previous)(unsigned char *, unsigned long , void (*)(void)) = ltc_rng;
ltc_rng = my_test_rng;
before = my_test_rng_read;
if ((err = rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL)) != CRYPT_OK) {
fprintf(stderr, "rng_make_prng with 'my_test_rng' failed: %s\n", error_to_string(err));
exit(EXIT_FAILURE);
}
if (before == my_test_rng_read) {
fprintf(stderr, "somehow there was no read from the ltc_rng! %lu == %lu\n", before, my_test_rng_read);
exit(EXIT_FAILURE);
}
ltc_rng = previous;
#endif
/* test prngs (test, import/export) */
for (x = 0; prng_descriptor[x].name != NULL; x++) {
if(strstr(prng_descriptor[x].name, "no_prng") == prng_descriptor[x].name) continue;
err = CRYPT_OK;
DOX(prng_descriptor[x].test(), prng_descriptor[x].name);
DOX(prng_descriptor[x].start(&nprng), prng_descriptor[x].name);
DOX(prng_descriptor[x].add_entropy((unsigned char *)"helloworld12", 12, &nprng), prng_descriptor[x].name);
DOX(prng_descriptor[x].ready(&nprng), prng_descriptor[x].name);
n = sizeof(buf);
if (strcmp(prng_descriptor[x].name, "sprng")) {
one = 1;
if (prng_descriptor[x].pexport(buf, &one, &nprng) != CRYPT_BUFFER_OVERFLOW) {
fprintf(stderr, "Error testing pexport with a short buffer (%s)\n", prng_descriptor[x].name);
return CRYPT_ERROR;
}
}
DOX(prng_descriptor[x].pexport(buf, &n, &nprng), prng_descriptor[x].name);
prng_descriptor[x].done(&nprng);
DOX(prng_descriptor[x].pimport(buf, n, &nprng), prng_descriptor[x].name);
DOX(prng_descriptor[x].pimport(buf, 4096, &nprng), prng_descriptor[x].name); /* try to import larger data */
DOX(prng_descriptor[x].ready(&nprng), prng_descriptor[x].name);
if (prng_descriptor[x].read(buf, 100, &nprng) != 100) {
fprintf(stderr, "Error reading from imported PRNG (%s)!\n", prng_descriptor[x].name);
return CRYPT_ERROR;
}
prng_descriptor[x].done(&nprng);
}
return err;
}
int initEncrypt(){
prng_index = register_prng(&fortuna_desc);
hash_index = register_hash(&sha256_desc);
int err;
if ((err = rng_make_prng(128, find_prng("fortuna"), &prng, NULL)) != CRYPT_OK) {
printf("Error setting up PRNG, %s\n", error_to_string(err));
exit(EXIT_FAILURE);
}
return 0;
}
/** new() */
static int Lnew(lua_State* L) {
prng_state* prng = (prng_state*) lua_newuserdata(L, sizeof(prng_state));
luaL_getmetatable(L, MYTYPE);
lua_setmetatable(L, -2);
int idx = find_prng("fortuna");
if (idx == -1) {
lua_pushnil(L);
lua_pushstring (L, "cannot find 'fortuna' implementation");
return 2;
}
CHECK(rng_make_prng(ENTROPY, idx, prng, NULL));
return 1;
}
void CryptHelpers::Init()
{
ltc_mp = ltm_desc;
g_PRNGDescId = register_prng( &yarrow_desc );
if ( g_PRNGDescId == -1 )
RageException::Throw( "Could not register PRNG Descriptor" );
g_PRNGDesc = &yarrow_desc;
rng_make_prng(1024, g_PRNGDescId, &g_PRNGState, NULL);
g_SHA1DescId = register_hash( &sha1_desc );
if ( g_SHA1DescId == -1 )
RageException::Throw( "Could not register SHA1 Descriptor" );
g_SHA1Desc = &sha1_desc;
}
int generateRandom(unsigned char *array, unsigned long len)
{
int err, x;
prng_state prng;
if (register_prng(&yarrow_desc) == -1) {
return ERROR_PRNG;
}
if ((err = rng_make_prng(128, find_prng("yarrow"), &prng, NULL)) != CRYPT_OK) {
return err;
}
x = yarrow_read(array, len, &prng);
if (x != len) {
return ERROR_READ_IV;
}
sprng_done(&prng);
return CRYPT_OK;
}
int setup_crypt(void)
{
int err;
if(register_prng(&yarrow_desc) != CRYPT_OK) {
printf("Could not register prng.\n");
return -1;
}
printf("prng registered...\n");
if ((err = rng_make_prng(128, find_prng("yarrow"), &prng, NULL)) != CRYPT_OK) {
printf("Could not make prng: %s\n", error_to_string(err));
return -1;
}
/* generate a 1536 bit RSA key. This duplicates the exported key size
of Mythic's algorithm, but other sizes would work as well */
if ((err = rsa_make_key(&prng, find_prng("yarrow"), 192, 65537, &key)) != CRYPT_OK) {
printf("Could not generate RSA key: %s\n", error_to_string(err));
return -1;
}
printf("RSA key generated...\n");
/* export the key starting at keybuff[10] so we can prepend the
fixed header the client expects */
exported_key_len = sizeof(exported_key_buffer);
if ((err = rsa_export(&exported_key_buffer[10], &exported_key_len, PK_PUBLIC, &key)) != CRYPT_OK) {
printf("Could not export RSA public key: %s\n", error_to_string(err));
return -1;
}
printf("RSA public key exported (%lu bytes)...\n", exported_key_len);
/* some sort of protocol version information proceeds the key when
we send it. If not correct, login.dll generates version mismatch
error message. */
*((unsigned long *)&exported_key_buffer[0]) = htonl(LOGIN_PROTOCOL_VERSION);
*((unsigned short *)&exported_key_buffer[4]) = htons(1);
/* add the size */
*((unsigned short *)&exported_key_buffer[6]) = htons(exported_key_len);
*((unsigned short *)&exported_key_buffer[8]) = htons(exported_key_len);
return 0;
}
void nabto_random(uint8_t* buf, size_t len) {
static bool isInitialized = false;
size_t bytes;
if (!isInitialized) {
int wprng;
int status;
register_prng(&fortuna_desc);
wprng = find_prng("fortuna");
status = rng_make_prng(128, wprng, &unabto_prng_state, NULL);
if (status != CRYPT_OK) {
NABTO_LOG_FATAL(("Could not initialize random function"));
return;
}
isInitialized = true;
}
bytes = fortuna_desc.read(buf, len, &unabto_prng_state);
if (bytes != len) {
NABTO_LOG_FATAL(("Random function did not give required bytes"));
}
}
SgObject Sg_MakeSecureRandom(SgString *name, int bits)
{
const char *cname = Sg_Utf32sToUtf8s(name);
int wprng = find_prng(cname), err;
SgBuiltinPrng *prng;
if (wprng == -1) {
Sg_Error(UC("%A is not supported"), name);
return SG_UNDEF;
}
prng = make_prng(name);
prng->wprng = wprng;
err = rng_make_prng(bits, wprng, &prng->prng, NULL);
if (err != CRYPT_OK) {
Sg_Error(UC("Failed to initialize secure random: %A"),
Sg_MakeStringC(error_to_string(err)));
return SG_UNDEF;
}
Sg_RegisterFinalizer(prng, finalize_prng, NULL);
return SG_OBJ(prng);
}
/** Generates and returns a new (privkey, pubkey) ECDH key pair.
* Keys are represented as Lua strings, the private one under a libtomcrypt
* proprietary format, the public one under X9.63 format. */
static int lnew( lua_State *L) {
prng_state prng;
int prng_initialized = 0;
ecc_key key;
int idx = find_prng("fortuna");
if( -1 == idx) goto failure;
if( CRYPT_OK != rng_make_prng( ENTROPY, idx, & prng, NULL)) goto failure;
prng_initialized=1;
/* Generate the 512 bits ECC key in privkey. */
if( CRYPT_OK != ecc_make_key( & prng, idx, 64, & key)) goto failure;
/* Buffer will hold both the private and public key transiently,
* until each of them is transformed into a Lua string. */
unsigned char buff [BUFF_SIZE];
unsigned long buff_len = BUFF_SIZE;
/* Push the string representation of privkey (tomcrypt's proprietary format). */
if( CRYPT_OK != ecc_export( buff, & buff_len, PK_PRIVATE, & key)) goto failure;
lua_pushlstring( L, (const char*) buff, buff_len);
/* Push the string representation of pubkey (ANSI X9.63 format, which only
* supports public keys. This is the format expected by the server). */
if( CRYPT_OK != ecc_ansi_x963_export( & key, buff, & buff_len)) goto failure;
lua_pushlstring( L, (const char *) buff, buff_len);
fortuna_done( & prng);
return 2;
failure:
/* TODO: release resources */
if( prng_initialized) fortuna_done( & prng);
lua_pushnil( L);
lua_pushstring( L, "error");
return 2;
}
int main(int argc, char *argv[])
{
unsigned char plaintext[512],ciphertext[512];
unsigned char tmpkey[512], key[MAXBLOCKSIZE], IV[MAXBLOCKSIZE];
unsigned char inbuf[512]; /* i/o block size */
unsigned long outlen, y, ivsize, x, decrypt;
symmetric_CTR ctr;
int cipher_idx, hash_idx, ks;
char *infile, *outfile, *cipher;
prng_state prng;
FILE *fdin, *fdout;
/* register algs, so they can be printed */
register_algs();
if (argc < 4) {
return usage(argv[0]);
}
if (!strcmp(argv[1], "-d")) {
decrypt = 1;
cipher = argv[2];
infile = argv[3];
outfile = argv[4];
} else {
decrypt = 0;
cipher = argv[1];
infile = argv[2];
outfile = argv[3];
}
/* file handles setup */
fdin = fopen(infile,"rb");
if (fdin == NULL) {
perror("Can't open input for reading");
exit(-1);
}
fdout = fopen(outfile,"wb");
if (fdout == NULL) {
perror("Can't open output for writing");
exit(-1);
}
cipher_idx = find_cipher(cipher);
if (cipher_idx == -1) {
printf("Invalid cipher entered on command line.\n");
exit(-1);
}
hash_idx = find_hash("sha256");
if (hash_idx == -1) {
printf("LTC_SHA256 not found...?\n");
exit(-1);
}
ivsize = cipher_descriptor[cipher_idx].block_length;
ks = hash_descriptor[hash_idx].hashsize;
if (cipher_descriptor[cipher_idx].keysize(&ks) != CRYPT_OK) {
printf("Invalid keysize???\n");
exit(-1);
}
printf("\nEnter key: ");
fgets((char *)tmpkey,sizeof(tmpkey), stdin);
outlen = sizeof(key);
if ((errno = hash_memory(hash_idx,tmpkey,strlen((char *)tmpkey),key,&outlen)) != CRYPT_OK) {
printf("Error hashing key: %s\n", error_to_string(errno));
exit(-1);
}
if (decrypt) {
/* Need to read in IV */
if (fread(IV,1,ivsize,fdin) != ivsize) {
printf("Error reading IV from input.\n");
exit(-1);
}
if ((errno = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
printf("ctr_start error: %s\n",error_to_string(errno));
exit(-1);
}
/* IV done */
do {
y = fread(inbuf,1,sizeof(inbuf),fdin);
if ((errno = ctr_decrypt(inbuf,plaintext,y,&ctr)) != CRYPT_OK) {
printf("ctr_decrypt error: %s\n", error_to_string(errno));
exit(-1);
}
if (fwrite(plaintext,1,y,fdout) != y) {
printf("Error writing to file.\n");
exit(-1);
}
} while (y == sizeof(inbuf));
fclose(fdin);
fclose(fdout);
} else { /* encrypt */
/* Setup yarrow for random bytes for IV */
if ((errno = rng_make_prng(128, find_prng("yarrow"), &prng, NULL)) != CRYPT_OK) {
printf("Error setting up PRNG, %s\n", error_to_string(errno));
}
/* You can use rng_get_bytes on platforms that support it */
/* x = rng_get_bytes(IV,ivsize,NULL);*/
x = yarrow_read(IV,ivsize,&prng);
if (x != ivsize) {
printf("Error reading PRNG for IV required.\n");
exit(-1);
}
if (fwrite(IV,1,ivsize,fdout) != ivsize) {
printf("Error writing IV to output.\n");
exit(-1);
}
if ((errno = ctr_start(cipher_idx,IV,key,ks,0,CTR_COUNTER_LITTLE_ENDIAN,&ctr)) != CRYPT_OK) {
printf("ctr_start error: %s\n",error_to_string(errno));
exit(-1);
}
do {
y = fread(inbuf,1,sizeof(inbuf),fdin);
if ((errno = ctr_encrypt(inbuf,ciphertext,y,&ctr)) != CRYPT_OK) {
printf("ctr_encrypt error: %s\n", error_to_string(errno));
exit(-1);
}
if (fwrite(ciphertext,1,y,fdout) != y) {
printf("Error writing to output.\n");
exit(-1);
}
} while (y == sizeof(inbuf));
fclose(fdout);
fclose(fdin);
}
return 0;
}
static void reg_algs(void)
{
int err;
#ifdef LTC_RIJNDAEL
register_cipher (&aes_desc);
#endif
#ifdef LTC_BLOWFISH
register_cipher (&blowfish_desc);
#endif
#ifdef LTC_XTEA
register_cipher (&xtea_desc);
#endif
#ifdef LTC_RC5
register_cipher (&rc5_desc);
#endif
#ifdef LTC_RC6
register_cipher (&rc6_desc);
#endif
#ifdef LTC_SAFERP
register_cipher (&saferp_desc);
#endif
#ifdef LTC_TWOFISH
register_cipher (&twofish_desc);
#endif
#ifdef LTC_SAFER
register_cipher (&safer_k64_desc);
register_cipher (&safer_sk64_desc);
register_cipher (&safer_k128_desc);
register_cipher (&safer_sk128_desc);
#endif
#ifdef LTC_RC2
register_cipher (&rc2_desc);
#endif
#ifdef LTC_DES
register_cipher (&des_desc);
register_cipher (&des3_desc);
#endif
#ifdef LTC_CAST5
register_cipher (&cast5_desc);
#endif
#ifdef LTC_NOEKEON
register_cipher (&noekeon_desc);
#endif
#ifdef LTC_SKIPJACK
register_cipher (&skipjack_desc);
#endif
#ifdef LTC_KHAZAD
register_cipher (&khazad_desc);
#endif
#ifdef LTC_ANUBIS
register_cipher (&anubis_desc);
#endif
#ifdef LTC_KSEED
register_cipher (&kseed_desc);
#endif
#ifdef LTC_KASUMI
register_cipher (&kasumi_desc);
#endif
#ifdef LTC_MULTI2
register_cipher (&multi2_desc);
#endif
#ifdef LTC_TIGER
register_hash (&tiger_desc);
#endif
#ifdef LTC_MD2
register_hash (&md2_desc);
#endif
#ifdef LTC_MD4
register_hash (&md4_desc);
#endif
#ifdef LTC_MD5
register_hash (&md5_desc);
#endif
#ifdef LTC_SHA1
register_hash (&sha1_desc);
#endif
#ifdef LTC_SHA224
register_hash (&sha224_desc);
#endif
#ifdef LTC_SHA256
register_hash (&sha256_desc);
#endif
#ifdef LTC_SHA384
register_hash (&sha384_desc);
#endif
#ifdef LTC_SHA512
register_hash (&sha512_desc);
#endif
#ifdef LTC_RIPEMD128
register_hash (&rmd128_desc);
#endif
#ifdef LTC_RIPEMD160
register_hash (&rmd160_desc);
#endif
#ifdef LTC_RIPEMD256
register_hash (&rmd256_desc);
#endif
#ifdef LTC_RIPEMD320
register_hash (&rmd320_desc);
#endif
#ifdef LTC_WHIRLPOOL
register_hash (&whirlpool_desc);
#endif
#ifdef LTC_CHC_HASH
register_hash(&chc_desc);
if ((err = chc_register(register_cipher(&aes_desc))) != CRYPT_OK) {
fprintf(stderr, "chc_register error: %s\n", error_to_string(err));
exit(EXIT_FAILURE);
}
#endif
#ifndef LTC_YARROW
#error This demo requires Yarrow.
#endif
register_prng(&yarrow_desc);
#ifdef LTC_FORTUNA
register_prng(&fortuna_desc);
#endif
#ifdef LTC_RC4
register_prng(&rc4_desc);
#endif
#ifdef LTC_SOBER128
register_prng(&sober128_desc);
#endif
if ((err = rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL)) != CRYPT_OK) {
fprintf(stderr, "rng_make_prng failed: %s\n", error_to_string(err));
exit(EXIT_FAILURE);
}
}