/** Frees the server
* \relates adbus_Server
*/
void adbus_serv_free(adbus_Server* s)
{
if (s == NULL)
return;
adbus_Remote* r = s->remotes.next;
while (r) {
adbus_Remote* next = r->hl.next;
adbus_remote_disconnect(r);
r = next;
}
dl_clear(Remote, &s->remotes);
for (dh_Iter ii = dh_begin(&s->services); ii != dh_end(&s->services); ++ii) {
if (dh_exist(&s->services, ii)) {
adbusI_serv_freeservice(dh_val(&s->services, ii));
}
}
dh_clear(Service, &s->services);
dh_free(Service, &s->services);
adbusI_serv_freebus(s);
adbus_iface_deref(s->busInterface);
free(s);
}
int main(int argc, char *argv[])
{
/** SET 5 CHALLENGE 33 **/
/** DH KEY EXCHANGE **/
// small int
unsigned long a, A, b, B, s1, s2;
srand(time(NULL));
dh_generate_keypair_smallint(&a, &A);
dh_generate_keypair_smallint(&b, &B);
s1 = dh_generate_session_key_smallint(a, B);
s2 = dh_generate_session_key_smallint(b, A);
printf("[s5c1] *smallint* a = %ld, A = %ld, b = %ld, B = %ld, s = %ld ?= %ld\n", a, A, b, B, s1, s2);
// bigint
BIGNUM *p, *g;
BIGNUM *ba, *bA, *bb, *bB, *bs1, *bs2;
g = BN_new();
p = BN_new();
ba = BN_new();
bA = BN_new();
bb = BN_new();
bB = BN_new();
bs1 = BN_new();
bs2 = BN_new();
unsigned char c_s1[20], c_s2[20];
unsigned int i;
dh_init(p, g);
dh_generate_keypair(ba, bA, g, p);
dh_generate_keypair(bb, bB, g, p);
dh_generate_session_key(c_s1, bs1, ba, bB, p);
dh_generate_session_key(c_s2, bs2, bb, bA, p);
printf("[s5c1] *bignum* s1 = '");
// BN_print_fp(stdout, &bs1);
for(i=0; i<20; i++)
printf("%02x", c_s1[i]);
printf("'\n[s5c1] *bignum* s2 = '");
// BN_print_fp(stdout, &bs2);
for(i=0; i<20; i++)
printf("%02x", c_s2[i]);
printf("'\n");
BN_free(ba);
BN_free(bA);
BN_free(bb);
BN_free(bB);
BN_free(bs1);
BN_free(bs2);
/** SET 5 CHALLENGE 34 **/
/** DH-KE FIXED KEY MITM **/
unsigned char c_p[1024];
unsigned char c_g[1024];
unsigned char c_A[1024];
unsigned char c_B[1024];
ba = BN_new();
bA = BN_new();
// M -> B: p, g, p
printf("[s5c2] M -> B: p, g, p\n");
dhke_initiate(c_p, c_g, c_A, ba, bA, p, g);
// M -> A: p
printf("[s5c2] M -> A: p\n");
// dhke_initiate_reply(c_B, c_p, c_g, c_A, c_s2);
dhke_initiate_reply(c_B, c_p, c_g, c_p, c_s2);
// A -> B: cmsg, iv
// dhke_initiate_finalize(c_s1, c_B, &ba, &p);
dhke_initiate_finalize(c_s1, c_p, ba, p);
printf("[s5c2] *bignum* s1 = '");
for(i=0; i<20; i++)
printf("%02x", c_s1[i]);
printf("'\n[s5c2] *bignum* s2 = '");
for(i=0; i<20; i++)
printf("%02x", c_s2[i]);
printf("'\n");
unsigned char *plain_in = "YELLOW SUBMARINE";
unsigned char p_out[128];
unsigned char c_out[128];
unsigned char iv[16];
unsigned int c_len, p_len;
c_len = dhke_session_send(c_out, iv, plain_in, 16, c_s1);
printf("[s5c2] A -> B: cmsg = '");
for(i=0; i<c_len; i++) {
printf("%02x", c_out[i]);
}
printf("', iv\n");
// perform attack as M
unsigned char m_out[128];
// M performs decryption
dhke_attack_zero_session_key(m_out, c_out, c_len, iv);
printf("[s5c2] M decrypts msg='%s'\n", m_out);
// B performs decryption
p_len = dhke_session_recv(p_out, c_out, c_len, c_s2, iv);
printf("[s5c2] B recvd: msg = '%s'\n", p_out);
BN_free(ba);
BN_free(bA);
/** SET 5 CHALLENGE 35 **/
/** DH-KE MALICIOUS G MITM **/
memset(c_g, 0, 1024);
memset(c_p, 0, 1024);
memset(c_A, 0, 1024);
memset(c_B, 0, 1024);
memset(c_out, 0, 128);
memset(m_out, 0, 128);
BIGNUM *bn1, *g2;
ba = BN_new();
bA = BN_new();
bn1 = BN_new();
g2 = BN_new();
// prepare malicious g'
// g' = 0; --> perform dhke_attack_zero_session_key()
// printf("[s5c3] M sets g' = 0\n");
// BN_zero(&g2);
// g' = p --> perform dhke_attack_zero_session_key()
// printf("[s5c3] M sets g' = p\n");
// BN_copy(&g2, &p);
// g' = p-1
printf("[s5c3] M sets and distributes g' = p-1\n");
BN_one(bn1);
BN_sub(g2, p, bn1);
// M -> B: p, g', A'
printf("[s5c3] A -> B: A'\n");
dhke_initiate(c_p, c_g, c_A, ba, bA, p, g2);
// M -> A: B'
printf("[s5c3] B -> A: B'\n");
dhke_initiate_reply(c_B, c_p, c_g, c_A, c_s2);
// A -> B: cmsg, iv
dhke_initiate_finalize(c_s1, c_B, ba, p);
c_len = dhke_session_send(c_out, iv, plain_in, 16, c_s1);
printf("[s5c3] A -> B: cmsg = '");
for(i=0; i<c_len; i++) {
printf("%02x", c_out[i]);
}
printf("', iv\n");
// M performs decryption
// use for: g' = 0, g' = p
// dhke_attack_zero_session_key(m_out, c_out, c_len, iv);
// use for g' = p-1
dhke_attack_p_1_session_key(m_out, c_out, c_len, c_A, c_B, iv);
printf("[s5c3] M decrypts msg='%s'\n", m_out);
// B performs decryption
p_len = dhke_session_recv(p_out, c_out, c_len, c_s2, iv);
printf("[s5c3] B recvd: msg = '%s'\n", p_out);
BN_free(ba);
BN_free(bA);
BN_free(bn1);
BN_free(g2);
/** SET 5 CHALLENGE 36 **/
/** SECURE REMOTE PASSWORD **/
unsigned char srp_salt[9];
unsigned char *srp_pass = "******"; // 16
unsigned char str_hash[2*SHA256_DIGEST_LENGTH+1];
unsigned char hmac_s[SHA256_DIGEST_LENGTH];
unsigned int hmac_s_len;
unsigned char hmac_c[SHA256_DIGEST_LENGTH];
unsigned int hmac_c_len;
BIGNUM *v, *sS, *cS;
v = BN_new();
ba = BN_new();
bA = BN_new();
bb = BN_new();
bB = BN_new();
cS = BN_new();
sS = BN_new();
memset(srp_salt, 0, 9);
srp_server_init(srp_salt, v, bb, bB, srp_pass, g, p);
srp_client_init(ba, bA, g, p);
// printf("server calc S\n");
srp_server_calc_session_key(str_hash, sS, bA, bb, bB, v, p);
// printf("[s5c4] server: sha256(S) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
memset(str_hash, 0, 2*SHA256_DIGEST_LENGTH+1);
srp_client_calc_session_key(str_hash, cS, srp_salt, srp_pass, ba, bA, bB, g, p);
// printf("[s5c4] client: sha256(S) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
printf("[s5c4] server: HMAC(K,Salt) = ");
for(i=0; i<hmac_s_len; i++) {
printf("%02x", hmac_s[i]);
}
printf("\n");
printf("[s5c4] client: HMAC(K,Salt) = ");
for(i=0; i<hmac_c_len; i++) {
printf("%02x", hmac_c[i]);
}
printf("\n");
if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len))
printf("[s5c4] server: Client HMAC-SHA256 successfully validated!\n");
else
printf("[s5c4] server: Client HMAC-SHA256 *NOT* validated!\n");
BN_free(v);
BN_free(ba);
BN_free(bA);
BN_free(bb);
BN_free(bB);
BN_free(cS);
BN_free(sS);
/** SET 5 CHALLENGE 37 **/
/** SRP MALICIOUS A ATTACK **/
// we're skipping the networking part here and just call the simulator
// functions from srp.c
ba = BN_new();
bA = BN_new();
bb = BN_new();
bB = BN_new();
sS = BN_new();
cS = BN_new();
v = BN_new();
srp_server_init(srp_salt, v, bb, bB, srp_pass, g, p);
srp_client_init(ba, bA, g, p);
// now modify A (bA) to be 0, N, c*N
// BN_zero(bA); // A = 0
BN_copy(bA, p); // A = N (doesn't matter if we use N, 2*N, c*N)
// send to server and let server do its calculations
srp_server_calc_session_key(str_hash, sS, bA, bb, bB, v, p);
// printf("[s5c5] server: sha256(S=0) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
// client now authenticates with HMAC_SHA256(K=SHA256(S=0), salt)
// K=SHA256(S=0)
srp_generate_salted_password_hash(cS, str_hash, "", "0");
// printf("[s5c5] client: sha256(S=0) = %s\n", str_hash);
// calc HMAC_SHA256(K, salt)
hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
printf("[s5c5] server: HMAC(K,Salt) = ");
for(i=0; i<hmac_s_len; i++) {
printf("%02x", hmac_s[i]);
}
printf("\n");
printf("[s5c5] client: HMAC(K,Salt) = ");
for(i=0; i<hmac_c_len; i++) {
printf("%02x", hmac_c[i]);
}
printf("\n");
if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len))
printf("[s5c5] server: forged client HMAC-SHA256 successfully validated!\n");
else
printf("[s5c5] server: forged client HMAC-SHA256 *NOT* validated!\n");
BN_free(ba);
BN_free(bA);
BN_free(bb);
BN_free(bB);
BN_free(sS);
BN_free(cS);
BN_free(v);
/** SET 5 CHALLENGE 38 **/
/** SSRP OFFLINE DICTIONARY ATTACK **/
BIGNUM *u, *fb, *fB;
u = BN_new();
v = BN_new();
ba = BN_new();
bA = BN_new();
bb = BN_new();
bB = BN_new();
cS = BN_new();
sS = BN_new();
fb = BN_new();
fB = BN_new();
memset(srp_salt, 0, 9*sizeof(unsigned char));
ssrp_server_init(srp_salt, v, bb, bB, u, srp_pass, g, p);
ssrp_client_init(ba, bA, g, p);
ssrp_server_calc_session_key(str_hash, sS, bA, bb, u, v, p);
// printf("[s5c6] server: sha256(S=0) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
memset(str_hash, 0, 2*SHA256_DIGEST_LENGTH);
// original settings transmitted to client
// ssrp_client_calc_session_key(str_hash, cS, srp_salt, srp_pass, ba, bB, u, p);
// forged settings transmitted to client:
// u = 1, b = 1, B=g=2, salt=""
BN_one(u);
BN_one(fb);
BN_copy(fB, g);
ssrp_client_calc_session_key(str_hash, cS, "", srp_pass, ba, fB, u, p);
// printf("[s5c6] client: sha256(S) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), "", 0);
// printf("[s5c6] server: HMAC(K,Salt) = ");
// for(i=0; i<hmac_s_len; i++) {
// printf("%02x", hmac_s[i]);
// }
// printf("\n");
printf("[s5c6] client: HMAC(K,\"\") = ");
for(i=0; i<hmac_c_len; i++) {
printf("%02x", hmac_c[i]);
}
printf("\n");
// perform offline dictionary attack
char pass[1024];
if(ssrp_dictionary_attack(pass, hmac_c, "dict.txt", bA, g, p)>0)
printf("[s5c6] Password cracked: '%s'\n", pass);
else
printf("[s5c6] Password not cracked!\n");
// if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len))
// printf("[s5c6] server: Client HMAC-SHA256 successfully validated!\n");
// else
// printf("[s5c6] server: Client HMAC-SHA256 *NOT* validated!\n");
dh_clear(p, g);
BN_free(p);
BN_free(g);
BN_free(ba);
BN_free(bA);
BN_free(bb);
BN_free(bB);
BN_free(u);
BN_free(v);
BN_free(cS);
BN_free(sS);
BN_free(fb);
BN_free(fB);
/** SET 5 CHALLENGE 39 **/
/** RSA **/
BIO *out = NULL;
out = BIO_new(BIO_s_file());
BIO_set_fp(out, stdout, BIO_NOCLOSE);
egcd_test();
inv_mod_test();
// Testing RSA core functions
rsa_key_t puk;
rsa_key_t pik;
puk.e = BN_new();
puk.n = BN_new();
pik.e = BN_new();
pik.n = BN_new();
BIGNUM *BN_plain = BN_new();
BIGNUM *BN_crypt = BN_new();
BN_hex2bn(&BN_plain, "31337");
printf("[s5c7] BN_plain = ");
BN_print(out, BN_plain);
rsa_generate_keypair(&puk, &pik, 128);
rsa_bn_encrypt(BN_crypt, BN_plain, &puk);
printf("\n[s5c7] BN_crypt = ");
BN_print(out, BN_crypt);
rsa_bn_decrypt(BN_plain, BN_crypt, &pik);
printf("\n[s5c7] BN_plain'= ");
BN_print(out, BN_plain);
printf("\n");
BN_free(BN_plain);
BN_free(BN_crypt);
// test RSA 'wrapper' funcs
unsigned char *rsa_plain_in = "Hello RSA World!";
unsigned char *rsa_crypt = NULL;
unsigned int rsa_crypt_len = 0;
unsigned char *rsa_plain_out = NULL;
unsigned int rsa_plain_len;
rsa_crypt_len = rsa_encrypt(&rsa_crypt, rsa_plain_in, 16, &puk);
rsa_plain_len = rsa_decrypt(&rsa_plain_out, rsa_crypt, rsa_crypt_len, &pik);
//rsa_plain_out[rsa_plain_len-1] = 0;
printf("[s5c7] Encrypting '%s' using RSA...\n[s5c7] RSA crypted: '", rsa_plain_in);
for(i=0; i<rsa_crypt_len; i++) {
printf("%02x", rsa_crypt[i]);
}
printf("'\n[s5c7] RSA decrypted: '%s'\n", rsa_plain_out);
free(rsa_crypt);
free(rsa_plain_out);
/** SET 5 CHALLENGE 40 **/
/** RSA E=3 BROADCAST ATTACK (CRT) **/
// test chinese remainder theorem impl.
crt_test();
// test n-th root impl.
nthroot_test();
// let's do "the real thing"
rsa_broadcast_attack_test();
BN_free(puk.e);
BN_free(puk.n);
BN_free(pik.e);
BN_free(pik.n);
BIO_free(out);
return 0;
}
