extern size_t decrypt(unsigned char * key, size_t keylen, unsigned char * in, size_t inlen, unsigned char * out)
{
size_t outlen = decrypt_len(key, keylen, in, inlen);
memcpy(out, in + 7, outlen);
return outlen;
}
int recv_response(RPCstate * ctx)
{
unsigned char * m2_e;
uint32_t m2_e_len;
recv(&(ctx->conn_fd), (unsigned char*) &m2_e_len, sizeof(m2_e_len));
// Check if the read length is within bounds
if (m2_e_len < MIN_MSG2_LENGTH || m2_e_len > MAX_MSG2_LENGTH)
fail("client: msg2 has wrong length: %d", m2_e_len);
m2_e = malloc(m2_e_len);
if (m2_e == NULL)
return -1;
recv(&(ctx->conn_fd), m2_e, m2_e_len);
#ifdef VERBOSE
printf("Client: Received encrypted message: ");
print_buffer(m2_e,m2_e_len);
fflush(stdout);
#endif
ctx->response_len = decrypt_len(ctx->k, ctx->k_len, m2_e, m2_e_len);
if (ctx->response_len > MAX_PAYLOAD_LENGTH)
{
free(m2_e);
return -1;
}
ctx->response = malloc(ctx->response_len);
if (ctx->response == NULL)
{
free(m2_e);
return -1;
}
// this call returns 0 if not encrypted with the right key
ctx->response_len = decrypt(ctx->k, ctx->k_len, m2_e, m2_e_len, ctx->response);
if (ctx->response_len == 0)
{
free(m2_e);
return -1;
}
if(ctx->response_len < MIN_PAYLOAD_LENGTH || ctx->response_len > MAX_PAYLOAD_LENGTH)
fail("Client: response too long: %d", ctx->response_len);
#ifdef VERBOSE
printf("Client: Received and authenticated response: ");
print_text_buffer(ctx->response,ctx->response_len);
printf("\n");
fflush(stdout);
#endif
return 0;
}
extern size_t decrypt_len_proxy(unsigned char * key, size_t keylen, unsigned char * in, size_t inlen)
{
size_t ret = decrypt_len(key, keylen, in, inlen);
symL("decrypt_len", "len", sizeof(ret), FALSE);
store_buf(&ret);
if(ret < 0) exit(1);
return ret;
}
int main(int argc, char ** argv)
{
unsigned char * pkey, * skey, * xkey;
size_t pkey_len, skey_len, xkey_len;
unsigned char * m1, * m1_all;
unsigned char * Na;
size_t m1_len, m1_e_len, m1_all_len;
unsigned char * m2, * m2_e;
unsigned char * xNb;
size_t m2_len, m2_e_len;
size_t m2_l1, m2_l2;
unsigned char * m3_e;
size_t m3_e_len;
unsigned char * p;
// for encryption tags
unsigned char * etag = malloc(4);
BIO * bio = socket_connect();
pkey = get_pkey(&pkey_len, 'A');
skey = get_skey(&skey_len, 'A');
xkey = get_xkey(&xkey_len, 'A');
#ifdef VERBOSE
printf("pkey = ");
print_buffer(pkey, pkey_len);
printf("\n");
printf("skey = ");
print_buffer(skey, skey_len);
printf("\n");
printf("xkey = ");
print_buffer(xkey, xkey_len);
printf("\n");
#endif
/* Send message 1 */
m1_len = SIZE_NONCE + 4 + pkey_len
+ sizeof(size_t);
p = m1 = malloc(m1_len);
memcpy(p, "msg1", 4);
p += 4;
* (size_t *) p = SIZE_NONCE;
p += sizeof(size_t);
Na = p;
nonce(Na);
p += SIZE_NONCE;
memcpy(p, pkey, pkey_len);
m1_e_len = encrypt_len(xkey, xkey_len,
m1, m1_len);
m1_all_len = m1_e_len + sizeof(size_t) + 4;
m1_all = malloc(m1_all_len);
memcpy(m1_all, "encr", 4);
m1_e_len =
encrypt(xkey, xkey_len, m1,
m1_len,
m1_all + sizeof(m1_e_len) + 4);
m1_all_len = m1_e_len + sizeof(size_t) + 4;
* (size_t *) (m1_all + 4) = m1_e_len;
send(bio, m1_all, m1_all_len);
#ifdef VERBOSE
printf("A: m1_e sent, m1_e = ");
print_buffer(m1_all, m1_all_len);
printf("\n");
fflush(stdout);
#endif
/* Receive message 2 */
recv(bio, etag, 4);
recv(bio, (unsigned char*) &m2_e_len,
sizeof(m2_e_len));
m2_e = malloc(m2_e_len);
recv(bio, m2_e, m2_e_len);
m2_len = decrypt_len(skey, skey_len,
m2_e, m2_e_len);
m2 = malloc(m2_len);
m2_len =
decrypt(skey, skey_len,
m2_e, m2_e_len, m2);
if(xkey_len + 2 * SIZE_NONCE
+ 2 * sizeof(size_t) + 4 != m2_len)
{
printf("A: m2 has wrong length\n");
exit(1);
}
if(memcmp(m2, "msg2", 4))
{
printf("A: m2 not properly tagged\n");
exit(1);
}
m2_l1 = *(size_t *) (m2 + 4);
m2_l2 = *(size_t *) (m2 + 4 + sizeof(size_t));
if(m2_l1 != SIZE_NONCE)
{
printf("A: m2 has wrong length for xNa\n");
exit(1);
}
if(m2_l2 != SIZE_NONCE)
{
printf("A: m2 has wrong length for xNb\n");
exit(1);
}
if(memcmp(m2 + 4 + 2 * sizeof(size_t),
Na, m2_l1))
{
printf("A: xNa in m2 doesn't match Na\n");
exit(1);
}
#ifndef LOWE_ATTACK
if(memcmp(m2 + m2_l1 + m2_l2
+ 2 * sizeof(size_t) + 4,
xkey, xkey_len))
{
printf("A: x_xkey in m2 doesn't match xkey\n");
exit(1);
}
#endif
xNb = m2 + m2_l1 + 2 * sizeof(size_t) + 4;
#ifdef VERBOSE
printf("A: m2 received and checked");
printf("\n");
fflush(stdout);
#endif
/* Send message 3 */
m3_e_len = encrypt_len(xkey, xkey_len,
xNb, m2_l2);
m3_e = malloc(m3_e_len + sizeof(size_t) + 4);
memcpy(m3_e, "encr", 4);
m3_e_len =
encrypt(xkey, xkey_len, xNb,
m2_l2, m3_e + sizeof(m3_e_len) + 4);
* (size_t *)(m3_e + 4) = m3_e_len;
send(bio, m3_e, m3_e_len + sizeof(m3_e_len) + 4);
#ifdef VERBOSE
printf("A: m3 sent");
printf("\n");
fflush(stdout);
#endif
#ifdef VERBOSE
printf("A: Na = ");
print_buffer(Na, SIZE_NONCE);
printf("\n");
printf("A: Nb = ");
print_buffer(xNb, SIZE_NONCE);
printf("\n");
fflush(stdout);
#endif
return 0;
}
int main(int argc, char ** argv)
{
// our identity and the identity of the other partner
unsigned char * host, * xhost;
size_t host_len, xhost_len;
unsigned char * pkey, * skey, * xkey;
size_t pkey_len, skey_len, xkey_len;
unsigned char * m1, * m1_e;
unsigned char * xNa, * xNb;
size_t m1_len, m1_e_len;
size_t m1_l;
unsigned char * m2, * m2_e;
unsigned char * Nb;
size_t m2_len, m2_e_len;
unsigned char * m3, * m3_e;
size_t m3_len, m3_e_len;
unsigned char * p;
// for dropping encryption tags
unsigned char * dummy = malloc(4);
BIO * bio = socket_listen();
host = get_host(&host_len, 'B');
pkey = get_pkey(&pkey_len, 'B');
skey = get_skey(&skey_len, 'B');
#ifdef VERBOSE
printf("B pkey = ");
print_buffer(pkey, pkey_len);
printf("\n");
printf("B skey = ");
print_buffer(skey, skey_len);
printf("\n");
#endif
/* Receive message 1 */
recv(bio, (unsigned char*) &m1_e_len, sizeof(m1_e_len));
if(m1_e_len > MAX_SIZE_CIPHER)
fail("Server: cipher in message 1 too long");
m1_e = malloc(m1_e_len);
recv(bio, m1_e, m1_e_len);
m1_len = decrypt_len(skey, skey_len, m1_e, m1_e_len);
m1 = malloc(m1_len);
m1_len = decrypt(skey, skey_len, m1_e, m1_e_len, m1);
if(sizeof(size_t) + SIZE_NONCE + 4 > m1_len)
{
fprintf(stderr, "m1 has wrong length\n");
exit(1);
}
if(memcmp(m1, "msg1", 4))
{
fprintf(stderr, "B: m1 not properly tagged, aborting\n");
exit(1);
}
m1_l = * (size_t *) (m1 + 4);
if(m1_l != SIZE_NONCE)
{
fprintf(stderr, "A: m1 contains wrong length for xNa\n");
exit(1);
}
xhost_len = m1_len - (4 + sizeof(size_t) + m1_l);
xhost = m1 + 4 + sizeof(size_t) + m1_l;
if(xhost_len > MAX_SIZE_HOST)
fail("B: host size in m1 too long");
#ifdef VERBOSE
printf("B xhost = ");
print_buffer(xhost, xhost_len);
printf("\n");
#endif
xkey = lookup_xkey(&xkey_len, xhost, xhost_len, 'B');
#ifdef VERBOSE
printf("B xkey = ");
print_buffer(xkey, xkey_len);
printf("\n");
#endif
/*
if(memcmp(m1 + sizeof(size_t) + m1_l + 4, xkey, xkey_len))
{
fprintf(stderr, "x_xkey in m1 doesn't match xkey\n");
exit(1);
}
*/
xNa = m1 + 4 + sizeof(size_t);
typehint(xNa, m1_l, "fixed_20_nonce");
#ifdef VERBOSE
fprintf(stderr, "B: m1 received and checked");
fprintf(stderr, "\n");
fflush(stderr);
#endif
#ifdef CSEC_VERIFY
#ifdef USE_EVENT_PARAMS
event2("server_begin", xhost, xhost_len, host, host_len);
#else
event0("server_begin");
#endif
#endif
/* Send message 2 */
m2_len = 2 * SIZE_NONCE + 2 * sizeof(size_t) + 4 + host_len;
p = m2 = malloc(m2_len);
memcpy(p, "msg2", 4);
p += 4;
* (size_t *) p = m1_l;
p += sizeof(size_t);
* (size_t *) p = SIZE_NONCE;
p += sizeof(size_t);
memcpy(p, xNa, m1_l);
p += m1_l;
Nb = p;
nonce(Nb);
p += SIZE_NONCE;
memcpy(p, host, host_len);
m2_e_len = encrypt_len(xkey, xkey_len, m2, m2_len);
if(m2_e_len > MAX_SIZE_CIPHER)
fail("Server: cipher in message 2 too long");
m2_e = malloc(m2_e_len);
m2_e_len = encrypt(xkey, xkey_len, m2, m2_len, m2_e);
send(bio, &m2_e_len, sizeof(m2_e_len));
send(bio, m2_e, m2_e_len);
#ifdef VERBOSE
printf("B: m2_e sent, m2_e = ");
print_buffer(m2_e, m2_e_len);
printf("\n");
fflush(stdout);
#endif
/* Receive message 3 */
recv(bio, (unsigned char*) &m3_e_len, sizeof(m3_e_len));
if(m3_e_len > MAX_SIZE_CIPHER)
fail("Server: cipher in message 3 too long");
m3_e = malloc(m3_e_len);
recv(bio, m3_e, m3_e_len);
m3_len = decrypt_len(skey, skey_len, m3_e, m3_e_len);
m3 = malloc(m3_len);
m3_len = decrypt(skey, skey_len, m3_e, m3_e_len, m3);
if(memcmp(m3, "msg3", 4))
{
fprintf(stderr, "B: m3 not properly tagged, aborting\n");
exit(1);
}
if(m3_len != SIZE_NONCE + 4)
{
fprintf(stderr, "B: m3 has wrong length\n");
exit(1);
}
xNb = m3 + 4;
typehint(xNb, SIZE_NONCE, "fixed_20_nonce");
if(memcmp(xNb, Nb, SIZE_NONCE))
{
fprintf(stderr, "xNb in m3 doesn't match Nb\n");
exit(1);
}
#ifdef VERBOSE
printf("B: Na = ");
print_buffer(xNa, SIZE_NONCE);
printf("\n");
printf("B: Nb = ");
print_buffer(Nb, SIZE_NONCE);
printf("\n");
fflush(stdout);
#endif
#ifdef CSEC_VERIFY
#ifdef USE_EVENT_PARAMS
event2("server_end", xhost, xhost_len, host, host_len);
#else
event0("server_end");
#endif
#endif
// wait for the client to close, to avoid "Address already in use" errors
wait_close(bio);
return 0;
}
