/* * Generate a random key. If key_type is provided, make * sure generated key is valid for key_type. */ void generate_key_random (struct key *key, const struct key_type *kt) { int cipher_len = MAX_CIPHER_KEY_LENGTH; int hmac_len = MAX_HMAC_KEY_LENGTH; struct gc_arena gc = gc_new (); do { CLEAR (*key); if (kt) { if (kt->cipher && kt->cipher_length > 0 && kt->cipher_length <= cipher_len) cipher_len = kt->cipher_length; if (kt->digest && kt->hmac_length > 0 && kt->hmac_length <= hmac_len) hmac_len = kt->hmac_length; } if (!rand_bytes (key->cipher, cipher_len) || !rand_bytes (key->hmac, hmac_len)) msg (M_FATAL, "ERROR: Random number generator cannot obtain entropy for key generation"); dmsg (D_SHOW_KEY_SOURCE, "Cipher source entropy: %s", format_hex (key->cipher, cipher_len, 0, &gc)); dmsg (D_SHOW_KEY_SOURCE, "HMAC source entropy: %s", format_hex (key->hmac, hmac_len, 0, &gc)); if (kt) fixup_key (key, kt); } while (kt && !check_key (key, kt)); gc_free (&gc); }
END_TEST START_TEST(test_large_data_symmetric) { unsigned char k[CRYPTO_SYMMETRIC_KEY_SIZE]; unsigned char n[CRYPTO_NONCE_SIZE]; unsigned char m1[16 * 16 * 16]; unsigned char c1[sizeof(m1) + CRYPTO_MAC_SIZE]; unsigned char m1prime[sizeof(m1)]; int c1len; int m1plen; //Generate random messages rand_bytes(m1, sizeof(m1)); rand_bytes(n, CRYPTO_NONCE_SIZE); //Generate key new_symmetric_key(k); c1len = encrypt_data_symmetric(k, n, m1, sizeof(m1), c1); ck_assert_msg(c1len == sizeof(m1) + CRYPTO_MAC_SIZE, "could not encrypt data"); m1plen = decrypt_data_symmetric(k, n, c1, c1len, m1prime); ck_assert_msg(m1plen == sizeof(m1), "decrypted text lengths differ"); ck_assert_msg(memcmp(m1prime, m1, sizeof(m1)) == 0, "decrypted texts differ"); }
void * auth_simple_init_data() { auth_simple_global_data *global = (auth_simple_global_data*)malloc(sizeof(auth_simple_global_data)); rand_bytes(global->local_client_id, 8); rand_bytes((uint8_t*)&global->connection_id, 4); global->connection_id &= 0xFFFFFF; return global; }
/* Generate random compact signatures and messagse and check */ void test_random_sigs(int count) { int error_count = 0; for(int i=0;i<count; i++) { unsigned char sig[64]; unsigned char msg[32]; unsigned char pubkey[33]; int pubkeylen; rand_bytes(sig,64); //try 65 rand_bytes(msg,32); int ret = secp256k1_ecdsa_recover_compact( msg, 32, sig, pubkey, &pubkeylen, 1, (int)(rand_byte()%4) ); if(ret == 1) { error_count++; } } printf("test_random_sigs: %d out of %d randomly generated messages/signatures returned 1 for secp256k1_ecdsa_recover_compact\n", error_count, count); }
static int obfs_tls_response(buffer_t *buf, size_t cap, obfs_t *obfs) { if (obfs == NULL || obfs->obfs_stage < 0) return 0; static buffer_t tmp = { 0, 0, 0, NULL }; if (obfs->obfs_stage == 0) { size_t buf_len = buf->len; size_t hello_len = sizeof(struct tls_server_hello); size_t change_cipher_spec_len = sizeof(struct tls_change_cipher_spec); size_t encrypted_handshake_len = sizeof(struct tls_encrypted_handshake); size_t tls_len = hello_len + change_cipher_spec_len + encrypted_handshake_len + buf_len; brealloc(&tmp, buf_len, cap); brealloc(buf, tls_len, cap); memcpy(tmp.data, buf->data, buf_len); /* Server Hello */ memcpy(buf->data, &tls_server_hello_template, hello_len); struct tls_server_hello *hello = (struct tls_server_hello *)buf->data; hello->random_unix_time = CT_HTONL((uint32_t)time(NULL)); rand_bytes(hello->random_bytes, 28); if (obfs->buf != NULL) { memcpy(hello->session_id, obfs->buf->data, 32); } else { rand_bytes(hello->session_id, 32); } /* Change Cipher Spec */ memcpy(buf->data + hello_len, &tls_change_cipher_spec_template, change_cipher_spec_len); /* Encrypted Handshake */ memcpy(buf->data + hello_len + change_cipher_spec_len, &tls_encrypted_handshake_template, encrypted_handshake_len); memcpy(buf->data + hello_len + change_cipher_spec_len + encrypted_handshake_len, tmp.data, buf_len); struct tls_encrypted_handshake *encrypted_handshake = (struct tls_encrypted_handshake *)(buf->data + hello_len + change_cipher_spec_len); encrypted_handshake->len = CT_HTONS(buf_len); buf->len = tls_len; obfs->obfs_stage++; } else if (obfs->obfs_stage == 1) { obfs_app_data(buf, cap, obfs); } return buf->len; }
TEST_F(cryptoboxtest, send_ten_messages) { struct device *a, *b; add_devices(2); /* Connect the 2 devices */ connect_devices(); a = (struct device *)devicel.head->data; b = (struct device *)devicel.tail->data; err = device_new_session(a, b); ASSERT_EQ(0, err); for (int i=0; i<5; i++) { size_t len = rand_u16(); uint8_t *msg = (uint8_t *)mem_alloc(len, NULL); rand_bytes(msg, len); send_message(a, b, msg, len); /* reverse direction */ send_message(b, a, msg, len); mem_deref(msg); } }
static void test_binary_seq_rev_cmp() { test_status("binary_seq_reverse_complement() binary_seq_to_str()"); uint8_t data[TLEN], tmp[TLEN]; char str[4*TLEN+1], rev[4*TLEN+1], restore[4*TLEN+1]; size_t i, j, k, nbases; for(i = 0; i < NTESTS; i++) { // Get random sequence, mask top byte, convert to string rand_bytes(data, TLEN); nbases = rand() & (4*TLEN-1); binary_seq_to_str(data, nbases, str); // Reverse complement, convert to string memcpy(tmp, data, TLEN); binary_seq_reverse_complement(tmp, nbases); binary_seq_to_str(tmp, nbases, rev); // Check strings match for(j = 0, k = nbases-1; j < nbases; j++, k--) TASSERT(str[j] == dna_char_complement(rev[k])); // Reverse complement again, check we get back same binary_seq+string binary_seq_reverse_complement(tmp, nbases); binary_seq_to_str(tmp, nbases, restore); TASSERT(memcmp(data, tmp, TLEN) == 0); TASSERT(strncmp(str, restore, nbases) == 0); } }
void prng_bytes (uint8_t *output, int len) { static size_t processed = 0; if (nonce_md) { const int md_size = md_kt_size (nonce_md); while (len > 0) { unsigned int outlen = 0; const int blen = min_int (len, md_size); md_full(nonce_md, nonce_data, md_size + nonce_secret_len, nonce_data); memcpy (output, nonce_data, blen); output += blen; len -= blen; /* Ensure that random data is reset regularly */ processed += blen; if(processed > PRNG_NONCE_RESET_BYTES) { prng_reset_nonce(); processed = 0; } } } else rand_bytes (output, len); }
static int media_alloc(struct mnat_media **mp, struct mnat_sess *sess, int proto, void *sock1, void *sock2, struct sdp_media *sdpm) { struct mnat_media *m; struct sa laddr; struct pcp_map map; unsigned i; int err = 0; if (!mp || !sess || !sdpm || proto != IPPROTO_UDP) return EINVAL; m = mem_zalloc(sizeof(*m), media_destructor); if (!m) return ENOMEM; m->compc = sock2 ? 2 : 1; list_append(&sess->medial, &m->le, m); m->sess = sess; m->sdpm = mem_ref(sdpm); for (i=0; i<m->compc; i++) { struct comp *comp = &m->compv[i]; comp->id = i+1; comp->media = m; err = udp_local_get(i==0 ? sock1 : sock2, &laddr); if (err) goto out; rand_bytes(map.nonce, sizeof(map.nonce)); map.proto = proto; map.int_port = sa_port(&laddr); /* note: using same address-family as the PCP server */ sa_init(&map.ext_addr, sa_af(&pcp_srv)); info("pcp: %s: internal port for %s is %u\n", sdp_media_name(sdpm), i==0 ? "RTP" : "RTCP", map.int_port); err = pcp_request(&comp->pcp, NULL, &pcp_srv, PCP_MAP, LIFETIME, &map, pcp_resp_handler, comp, 0); if (err) goto out; } out: if (err) mem_deref(m); else if (mp) { *mp = m; } return err; }
void enc_ctx_init(int method, enc_ctx_t *ctx, int enc) { memset(ctx, 0, sizeof(enc_ctx_t)); cipher_context_init(&ctx->evp, method, enc); if (enc) { rand_bytes(ctx->evp.iv, enc_iv_len); } }
int auth_simple_pack_auth_data(auth_simple_global_data *global, char *data, int datalength, char *outdata) { unsigned char rand_len = (xorshift128plus() & 0xF) + 1; int out_size = rand_len + datalength + 6 + 12; outdata[0] = out_size >> 8; outdata[1] = out_size; outdata[2] = rand_len; ++global->connection_id; if (global->connection_id > 0xFF000000) { rand_bytes(global->local_client_id, 8); rand_bytes((uint8_t*)&global->connection_id, 4); global->connection_id &= 0xFFFFFF; } time_t t = time(NULL); memintcopy_lt(outdata + rand_len + 2, t); memmove(outdata + rand_len + 2 + 4, global->local_client_id, 4); memintcopy_lt(outdata + rand_len + 2 + 8, global->connection_id); memmove(outdata + rand_len + 2 + 12, data, datalength); fillcrc32((unsigned char *)outdata, out_size); return out_size; }
void stream_ctx_init(cipher_t *cipher, cipher_ctx_t *cipher_ctx, int enc) { sodium_memzero(cipher_ctx, sizeof(cipher_ctx_t)); stream_cipher_ctx_init(cipher_ctx, cipher->method, enc); cipher_ctx->cipher = cipher; if (enc) { rand_bytes(cipher_ctx->nonce, cipher->nonce_len); } }
void aead_ctx_init(cipher_t *cipher, cipher_ctx_t *cipher_ctx, int enc) { sodium_memzero(cipher_ctx, sizeof(cipher_ctx_t)); cipher_ctx->cipher = cipher; aead_cipher_ctx_init(cipher_ctx, cipher->method, enc); if (enc) { rand_bytes(cipher_ctx->salt, cipher->key_len); } }
void test_crypto (const struct crypto_options *co, struct frame* frame) { int i, j; struct gc_arena gc = gc_new (); struct buffer src = alloc_buf_gc (TUN_MTU_SIZE (frame), &gc); struct buffer work = alloc_buf_gc (BUF_SIZE (frame), &gc); struct buffer encrypt_workspace = alloc_buf_gc (BUF_SIZE (frame), &gc); struct buffer decrypt_workspace = alloc_buf_gc (BUF_SIZE (frame), &gc); struct buffer buf = clear_buf(); /* init work */ ASSERT (buf_init (&work, FRAME_HEADROOM (frame))); msg (M_INFO, "Entering " PACKAGE_NAME " crypto self-test mode."); for (i = 1; i <= TUN_MTU_SIZE (frame); ++i) { update_time (); msg (M_INFO, "TESTING ENCRYPT/DECRYPT of packet length=%d", i); /* * Load src with random data. */ ASSERT (buf_init (&src, 0)); ASSERT (i <= src.capacity); src.len = i; ASSERT (rand_bytes (BPTR (&src), BLEN (&src))); /* copy source to input buf */ buf = work; memcpy (buf_write_alloc (&buf, BLEN (&src)), BPTR (&src), BLEN (&src)); /* encrypt */ openvpn_encrypt (&buf, encrypt_workspace, co, frame); /* decrypt */ openvpn_decrypt (&buf, decrypt_workspace, co, frame); /* compare */ if (buf.len != src.len) msg (M_FATAL, "SELF TEST FAILED, src.len=%d buf.len=%d", src.len, buf.len); for (j = 0; j < i; ++j) { const uint8_t in = *(BPTR (&src) + j); const uint8_t out = *(BPTR (&buf) + j); if (in != out) msg (M_FATAL, "SELF TEST FAILED, pos=%d in=%d out=%d", j, in, out); } } msg (M_INFO, PACKAGE_NAME " crypto self-test mode SUCCEEDED."); gc_free (&gc); }
int auth_sha1_v4_pack_auth_data(auth_simple_global_data *global, server_info *server, char *data, int datalength, char *outdata) { unsigned int rand_len = (datalength > 1300 ? 0 : datalength > 400 ? (xorshift128plus() & 0x7F) : (xorshift128plus() & 0x3FF)) + 1; int data_offset = rand_len + 4 + 2; int out_size = data_offset + datalength + 12 + OBFS_HMAC_SHA1_LEN; const char* salt = "auth_sha1_v4"; int salt_len = strlen(salt); unsigned char *crc_salt = (unsigned char*)malloc(salt_len + server->key_len + 2); crc_salt[0] = outdata[0] = out_size >> 8; crc_salt[1] = outdata[1] = out_size; memcpy(crc_salt + 2, salt, salt_len); memcpy(crc_salt + salt_len + 2, server->key, server->key_len); fillcrc32to(crc_salt, salt_len + server->key_len + 2, (unsigned char *)outdata + 2); free(crc_salt); if (rand_len < 128) { outdata[6] = rand_len; } else { outdata[6] = 0xFF; outdata[7] = rand_len >> 8; outdata[8] = rand_len; } ++global->connection_id; if (global->connection_id > 0xFF000000) { rand_bytes(global->local_client_id, 8); rand_bytes((uint8_t*)&global->connection_id, 4); global->connection_id &= 0xFFFFFF; } time_t t = time(NULL); memintcopy_lt(outdata + data_offset, t); memmove(outdata + data_offset + 4, global->local_client_id, 4); memintcopy_lt(outdata + data_offset + 8, global->connection_id); memmove(outdata + data_offset + 12, data, datalength); char hash[ONETIMEAUTH_BYTES * 2]; ss_sha1_hmac(hash, outdata, out_size - OBFS_HMAC_SHA1_LEN, server->iv); memcpy(outdata + out_size - OBFS_HMAC_SHA1_LEN, hash, OBFS_HMAC_SHA1_LEN); return out_size; }
void rand_pseudo_bytes(char* buf, int count) { static int init = init_openssl(); (void)init; // RAND_pseudo_bytes is deprecated in favor of RAND_bytes as of OpenSSL 1.1.0 #if OPENSSL_VERSION_NUMBER < 0x10100000L int result = RAND_pseudo_bytes((unsigned char*)buf, count); if (result == -1) FC_THROW("Error calling OpenSSL's RAND_pseudo_bytes(): ${code}", ("code", (uint32_t)ERR_get_error())); #else rand_bytes(buf, count); #endif }
END_TEST START_TEST(test_large_data) { unsigned char k[CRYPTO_SHARED_KEY_SIZE]; unsigned char n[CRYPTO_NONCE_SIZE]; unsigned char m1[MAX_CRYPTO_PACKET_SIZE - CRYPTO_MAC_SIZE]; unsigned char c1[sizeof(m1) + CRYPTO_MAC_SIZE]; unsigned char m1prime[sizeof(m1)]; unsigned char m2[MAX_CRYPTO_PACKET_SIZE]; unsigned char c2[sizeof(m2) + CRYPTO_MAC_SIZE]; int c1len, c2len; int m1plen; //Generate random messages rand_bytes(m1, sizeof(m1)); rand_bytes(m2, sizeof(m2)); rand_bytes(n, CRYPTO_NONCE_SIZE); //Generate key rand_bytes(k, CRYPTO_SHARED_KEY_SIZE); c1len = encrypt_data_symmetric(k, n, m1, sizeof(m1), c1); c2len = encrypt_data_symmetric(k, n, m2, sizeof(m2), c2); ck_assert_msg(c1len == sizeof(m1) + CRYPTO_MAC_SIZE, "could not encrypt"); ck_assert_msg(c2len == sizeof(m2) + CRYPTO_MAC_SIZE, "could not encrypt"); m1plen = decrypt_data_symmetric(k, n, c1, c1len, m1prime); ck_assert_msg(m1plen == sizeof(m1), "decrypted text lengths differ"); ck_assert_msg(memcmp(m1prime, m1, sizeof(m1)) == 0, "decrypted texts differ"); }
void fp_rand(fp_t a) { int bits, digits; rand_bytes((uint8_t *)a, RLC_FP_DIGS * sizeof(dig_t)); RLC_RIP(bits, digits, RLC_FP_BITS); if (bits > 0) { dig_t mask = ((dig_t)1 << (dig_t)bits) - 1; a[RLC_FP_DIGS - 1] &= mask; } while (dv_cmp(a, fp_prime_get(), RLC_FP_DIGS) != RLC_LT) { fp_subn_low(a, a, fp_prime_get()); } }
int auth_sha1_pack_auth_data(auth_simple_global_data *global, server_info *server, char *data, int datalength, char *outdata) { unsigned char rand_len = (xorshift128plus() & 0x7F) + 1; int data_offset = rand_len + 4 + 2; int out_size = data_offset + datalength + 12 + OBFS_HMAC_SHA1_LEN; fillcrc32to((unsigned char *)server->key, server->key_len, (unsigned char *)outdata); outdata[4] = out_size >> 8; outdata[5] = out_size; outdata[6] = rand_len; ++global->connection_id; if (global->connection_id > 0xFF000000) { rand_bytes(global->local_client_id, 8); rand_bytes((uint8_t*)&global->connection_id, 4); global->connection_id &= 0xFFFFFF; } time_t t = time(NULL); memintcopy_lt(outdata + data_offset, t); memmove(outdata + data_offset + 4, global->local_client_id, 4); memintcopy_lt(outdata + data_offset + 8, global->connection_id); memmove(outdata + data_offset + 12, data, datalength); char hash[ONETIMEAUTH_BYTES * 2]; ss_sha1_hmac(hash, outdata, out_size - OBFS_HMAC_SHA1_LEN, server->iv); memcpy(outdata + out_size - OBFS_HMAC_SHA1_LEN, hash, OBFS_HMAC_SHA1_LEN); return out_size; }
/* Reset the nonce value, also done periodically to refresh entropy */ static void prng_reset_nonce () { const int size = md_kt_size (nonce_md) + nonce_secret_len; #if 1 /* Must be 1 for real usage */ if (!rand_bytes (nonce_data, size)) msg (M_FATAL, "ERROR: Random number generator cannot obtain entropy for PRNG"); #else /* Only for testing -- will cause a predictable PRNG sequence */ { int i; for (i = 0; i < size; ++i) nonce_data[i] = (uint8_t) i; } #endif }
int tls12_ticket_pack_auth_data(tls12_ticket_auth_global_data *global, server_info *server, char *outdata) { int out_size = 32; time_t t = time(NULL); outdata[0] = t >> 24; outdata[1] = t >> 16; outdata[2] = t >> 8; outdata[3] = t; rand_bytes((uint8_t*)outdata + 4, 18); uint8_t *key = (uint8_t*)malloc(server->key_len + 32); char hash[ONETIMEAUTH_BYTES * 2]; memcpy(key, server->key, server->key_len); memcpy(key + server->key_len, global->local_client_id, 32); ss_sha1_hmac_with_key(hash, outdata, out_size - OBFS_HMAC_SHA1_LEN, key, server->key_len + 32); free(key); memcpy(outdata + out_size - OBFS_HMAC_SHA1_LEN, hash, OBFS_HMAC_SHA1_LEN); return out_size; }
void bn_rand(bn_t a, int sign, int bits) { int digits; SPLIT(bits, digits, bits, BN_DIG_LOG); digits += (bits > 0 ? 1 : 0); bn_grow(a, digits); rand_bytes((uint8_t *)a->dp, digits * sizeof(dig_t)); a->used = digits; a->sign = sign; if (bits > 0) { dig_t mask = ((dig_t)1 << (dig_t)bits) - 1; a->dp[a->used - 1] &= mask; } bn_trim(a); }
TEST_F(cryptoboxtest, performance) { #define NUM_MESSAGES 1000 #define MSG_SIZE 256 uint64_t t1, t2; struct device *a, *b; size_t len = MSG_SIZE; add_devices(2); connect_devices(); a = (struct device *)devicel.head->data; b = (struct device *)devicel.tail->data; err = device_new_session(a, b); ASSERT_EQ(0, err); uint8_t *msg = (uint8_t *)mem_alloc(len, NULL); rand_bytes(msg, len); re_printf("sending %d messages of size %zu bytes\n", NUM_MESSAGES, len); t1 = tmr_jiffies(); for (int i=0; i<NUM_MESSAGES; i++) { send_message(a, b, msg, len); } t2 = tmr_jiffies(); re_printf("~~~ performance report ~~~\n"); re_printf("num_messages: %d\n", NUM_MESSAGES); re_printf("message_size: %zu\n", len); re_printf("total_time: %d ms\n", (int)(t2-t1)); re_printf("average: %.1f ms\n", 1.0*(t2-t1)/NUM_MESSAGES); re_printf("~~~ ~~~ ~~~ ~~~ ~~~ ~~~ ~~~\n"); re_printf("\n"); mem_deref(msg); }
int radius_packet_init(struct pppoe_buf *pbuf, uint32 *seed, uint8 code) { struct radius_packet *packet; if (unlikely(!pbuf || !seed)) { pppoe_log(LOG_WARNING, "Radius Packet init fail (input error)\n"); return PPPOEERR_EINVAL; } packet = (struct radius_packet *)pbuf_put(pbuf, sizeof(struct radius_packet)); packet->code = code; packet->id = 0; packet->length = htons(sizeof(struct radius_packet)); if (RADIUS_CODE_ACCESS_REQUEST == packet->code) { rand_bytes(seed, packet->authenticator, RADIUS_AUTHLEN); } return PPPOEERR_SUCCESS; }
int test_sys_rand(void) { char str[64]; uint8_t buf[64]; volatile uint16_t u16 = rand_u16(); volatile uint32_t u32 = rand_u32(); volatile uint64_t u64 = rand_u64(); volatile char ch = rand_char(); (void)u16; (void)u32; (void)u64; (void)ch; rand_str(str, sizeof(str)); rand_bytes(buf, sizeof(buf)); return 0; }
void cipher_context_set_iv(cipher_ctx_t *evp, uint8_t *iv, size_t iv_len, int enc) { if (evp == NULL || iv == NULL) { LOGE("cipher_context_set_keyiv(): Cipher context or IV is null"); return; } if (enc) { rand_bytes(iv, iv_len); } #if defined(USE_CRYPTO_OPENSSL) if (!EVP_CipherInit_ex(evp, NULL, NULL, enc_key, iv, enc)) { EVP_CIPHER_CTX_cleanup(evp); FATAL("Cannot set key and IV"); } #elif defined(USE_CRYPTO_POLARSSL) if (cipher_setkey(evp, enc_key, enc_key_len * 8, enc) != 0) { cipher_free_ctx(evp); FATAL("Cannot set PolarSSL cipher key"); } #if POLARSSL_VERSION_NUMBER >= 0x01030000 if (cipher_set_iv(evp, iv, iv_len) != 0) { cipher_free_ctx(evp); FATAL("Cannot set PolarSSL cipher IV"); } if(cipher_reset(evp) != 0) { cipher_free_ctx(evp); FATAL("Cannot finalize PolarSSL cipher context"); } #else if(cipher_reset(evp, iv) != 0) { cipher_free_ctx(evp); FATAL("Cannot set PolarSSL cipher IV"); } #endif #endif #ifdef DEBUG dump("IV", iv); #endif }
END_TEST START_TEST(test_endtoend) { unsigned char pk1[CRYPTO_PUBLIC_KEY_SIZE]; unsigned char sk1[CRYPTO_SECRET_KEY_SIZE]; unsigned char pk2[CRYPTO_PUBLIC_KEY_SIZE]; unsigned char sk2[CRYPTO_SECRET_KEY_SIZE]; unsigned char k1[CRYPTO_SHARED_KEY_SIZE]; unsigned char k2[CRYPTO_SHARED_KEY_SIZE]; unsigned char n[CRYPTO_NONCE_SIZE]; unsigned char m[500]; unsigned char c1[sizeof(m) + CRYPTO_MAC_SIZE]; unsigned char c2[sizeof(m) + CRYPTO_MAC_SIZE]; unsigned char c3[sizeof(m) + CRYPTO_MAC_SIZE]; unsigned char c4[sizeof(m) + CRYPTO_MAC_SIZE]; unsigned char m1[sizeof(m)]; unsigned char m2[sizeof(m)]; unsigned char m3[sizeof(m)]; unsigned char m4[sizeof(m)]; int mlen; int c1len, c2len, c3len, c4len; int m1len, m2len, m3len, m4len; int testno; // Test 100 random messages and keypairs for (testno = 0; testno < 100; testno++) { //Generate random message (random length from 100 to 500) mlen = (random_u32() % 400) + 100; rand_bytes(m, mlen); rand_bytes(n, CRYPTO_NONCE_SIZE); //Generate keypairs crypto_new_keypair(pk1, sk1); crypto_new_keypair(pk2, sk2); //Precompute shared keys encrypt_precompute(pk2, sk1, k1); encrypt_precompute(pk1, sk2, k2); ck_assert_msg(memcmp(k1, k2, CRYPTO_SHARED_KEY_SIZE) == 0, "encrypt_precompute: bad"); //Encrypt all four ways c1len = encrypt_data(pk2, sk1, n, m, mlen, c1); c2len = encrypt_data(pk1, sk2, n, m, mlen, c2); c3len = encrypt_data_symmetric(k1, n, m, mlen, c3); c4len = encrypt_data_symmetric(k2, n, m, mlen, c4); ck_assert_msg(c1len == c2len && c1len == c3len && c1len == c4len, "cyphertext lengths differ"); ck_assert_msg(c1len == mlen + (int)CRYPTO_MAC_SIZE, "wrong cyphertext length"); ck_assert_msg(memcmp(c1, c2, c1len) == 0 && memcmp(c1, c3, c1len) == 0 && memcmp(c1, c4, c1len) == 0, "crypertexts differ"); //Decrypt all four ways m1len = decrypt_data(pk2, sk1, n, c1, c1len, m1); m2len = decrypt_data(pk1, sk2, n, c1, c1len, m2); m3len = decrypt_data_symmetric(k1, n, c1, c1len, m3); m4len = decrypt_data_symmetric(k2, n, c1, c1len, m4); ck_assert_msg(m1len == m2len && m1len == m3len && m1len == m4len, "decrypted text lengths differ"); ck_assert_msg(m1len == mlen, "wrong decrypted text length"); ck_assert_msg(memcmp(m1, m2, mlen) == 0 && memcmp(m1, m3, mlen) == 0 && memcmp(m1, m4, mlen) == 0, "decrypted texts differ"); ck_assert_msg(memcmp(m1, m, mlen) == 0, "wrong decrypted text"); } }
int ss_encrypt_all(buffer_t *plain, int method, int auth, size_t capacity) { if (method > TABLE) { cipher_ctx_t evp; cipher_context_init(&evp, method, 1); size_t iv_len = enc_iv_len; int err = 1; static buffer_t tmp = { 0, 0, 0, NULL }; brealloc(&tmp, iv_len + plain->len, capacity); buffer_t *cipher = &tmp; cipher->len = plain->len; uint8_t iv[MAX_IV_LENGTH]; rand_bytes(iv, iv_len); cipher_context_set_iv(&evp, iv, iv_len, 1); memcpy(cipher->array, iv, iv_len); if (auth) { ss_onetimeauth(plain, iv, capacity); cipher->len = plain->len; } if (method >= SALSA20) { crypto_stream_xor_ic((uint8_t *)(cipher->array + iv_len), (const uint8_t *)plain->array, (uint64_t)(plain->len), (const uint8_t *)iv, 0, enc_key, method); } else { err = cipher_context_update(&evp, (uint8_t *)(cipher->array + iv_len), &cipher->len, (const uint8_t *)plain->array, plain->len); } if (!err) { bfree(plain); cipher_context_release(&evp); return -1; } #ifdef DEBUG dump("PLAIN", plain->array, plain->len); dump("CIPHER", cipher->array + iv_len, cipher->len); #endif cipher_context_release(&evp); brealloc(plain, iv_len + cipher->len, capacity); memcpy(plain->array, cipher->array, iv_len + cipher->len); plain->len = iv_len + cipher->len; return 0; } else { char *begin = plain->array; char *ptr = plain->array; while (ptr < begin + plain->len) { *ptr = (char)enc_table[(uint8_t)*ptr]; ptr++; } return 0; } }
void tls_crypt_v2_write_client_key_file(const char *filename, const char *b64_metadata, const char *server_key_file, const char *server_key_inline) { struct gc_arena gc = gc_new(); struct key_ctx server_key = { 0 }; struct buffer client_key_pem = { 0 }; struct buffer dst = alloc_buf_gc(TLS_CRYPT_V2_CLIENT_KEY_LEN + TLS_CRYPT_V2_MAX_WKC_LEN, &gc); struct key2 client_key = { 2 }; if (!rand_bytes((void *)client_key.keys, sizeof(client_key.keys))) { msg(M_FATAL, "ERROR: could not generate random key"); goto cleanup; } ASSERT(buf_write(&dst, client_key.keys, sizeof(client_key.keys))); struct buffer metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN, &gc); if (b64_metadata) { if (TLS_CRYPT_V2_MAX_B64_METADATA_LEN < strlen(b64_metadata)) { msg(M_FATAL, "ERROR: metadata too long (%d bytes, max %u bytes)", (int)strlen(b64_metadata), TLS_CRYPT_V2_MAX_B64_METADATA_LEN); } ASSERT(buf_write(&metadata, &TLS_CRYPT_METADATA_TYPE_USER, 1)); int decoded_len = openvpn_base64_decode(b64_metadata, BPTR(&metadata), BCAP(&metadata)); if (decoded_len < 0) { msg(M_FATAL, "ERROR: failed to base64 decode provided metadata"); goto cleanup; } ASSERT(buf_inc_len(&metadata, decoded_len)); } else { int64_t timestamp = htonll((uint64_t)now); ASSERT(buf_write(&metadata, &TLS_CRYPT_METADATA_TYPE_TIMESTAMP, 1)); ASSERT(buf_write(&metadata, ×tamp, sizeof(timestamp))); } tls_crypt_v2_init_server_key(&server_key, true, server_key_file, server_key_inline); if (!tls_crypt_v2_wrap_client_key(&dst, &client_key, &metadata, &server_key, &gc)) { msg(M_FATAL, "ERROR: could not wrap generated client key"); goto cleanup; } /* PEM-encode Kc || WKc */ if (!crypto_pem_encode(tls_crypt_v2_cli_pem_name, &client_key_pem, &dst, &gc)) { msg(M_FATAL, "ERROR: could not PEM-encode client key"); goto cleanup; } if (!buffer_write_file(filename, &client_key_pem)) { msg(M_FATAL, "ERROR: could not write client key file"); goto cleanup; } /* Sanity check: load client key (as "client") */ struct key_ctx_bi test_client_key; struct buffer test_wrapped_client_key; msg(D_GENKEY, "Testing client-side key loading..."); tls_crypt_v2_init_client_key(&test_client_key, &test_wrapped_client_key, filename, NULL); free_key_ctx_bi(&test_client_key); /* Sanity check: unwrap and load client key (as "server") */ struct buffer test_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN, &gc); struct key2 test_client_key2 = { 0 }; free_key_ctx(&server_key); tls_crypt_v2_init_server_key(&server_key, false, server_key_file, server_key_inline); msg(D_GENKEY, "Testing server-side key loading..."); ASSERT(tls_crypt_v2_unwrap_client_key(&test_client_key2, &test_metadata, test_wrapped_client_key, &server_key)); secure_memzero(&test_client_key2, sizeof(test_client_key2)); free_buf(&test_wrapped_client_key); cleanup: secure_memzero(&client_key, sizeof(client_key)); free_key_ctx(&server_key); buf_clear(&client_key_pem); buf_clear(&dst); gc_free(&gc); }
_IKED::_IKED() { path_conf[ 0 ] = 0; path_log[ 0 ] = 0; peercount = 0; loopcount = 0; tunnelid = 2; policyid = 1; dnsgrpid = 0; logflags = LOGFLAG_ECHO; retry_count = 2; retry_delay = 5; sock_ike_open = 0; sock_natt_open = 0; rand_bytes( &ident, 2 ); lock_run.name( "run" ); lock_net.name( "net" ); lock_idb.name( "idb" ); cond_run.alert(); cond_idb.alert(); unsigned char xauth[] = VEND_XAUTH; vend_xauth.set( xauth, sizeof( xauth ) ); unsigned char frag[] = VEND_FRAG; vend_frag.set( frag, sizeof( frag ) ); unsigned char dpd1[] = VEND_DPD1; vend_dpd1.set( dpd1, sizeof( dpd1 ) ); unsigned char dpd1_ng[] = VEND_DPD1_NG; vend_dpd1_ng.set( dpd1_ng, sizeof( dpd1_ng ) ); unsigned char hbeat[] = VEND_HBEAT; vend_hbeat.set( hbeat, sizeof( hbeat ) ); unsigned char natt_v00[] = VEND_NATT_V00; vend_natt_v00.set( natt_v00, sizeof( natt_v00 ) ); unsigned char natt_v01[] = VEND_NATT_V01; vend_natt_v01.set( natt_v01, sizeof( natt_v01 ) ); unsigned char natt_v02[] = VEND_NATT_V02; vend_natt_v02.set( natt_v02, sizeof( natt_v02 ) ); unsigned char natt_v03[] = VEND_NATT_V03; vend_natt_v03.set( natt_v03, sizeof( natt_v03 ) ); unsigned char natt_rfc[] = VEND_NATT_RFC; vend_natt_rfc.set( natt_rfc, sizeof( natt_rfc ) ); unsigned char ssoft[] = VEND_SSOFT; vend_ssoft.set( ssoft, sizeof( ssoft ) ); unsigned char kame[] = VEND_KAME; vend_kame.set( kame, sizeof( kame ) ); unsigned char unity[] = VEND_UNITY; vend_unity.set( unity, sizeof( unity ) ); unsigned char netsc[] = VEND_NETSC; vend_netsc.set( netsc, sizeof( netsc ) ); unsigned char zwall[] = VEND_ZWALL; vend_zwall.set( zwall, sizeof( zwall ) ); unsigned char swind[] = VEND_SWIND; vend_swind.set( swind, sizeof( swind ) ); unsigned char chkpt[] = VEND_CHKPT; vend_chkpt.set( chkpt, sizeof( chkpt ) ); unsigned char fwtype[] = UNITY_FWTYPE; unity_fwtype.set( fwtype, sizeof( fwtype ) ); dump_decrypt = false; dump_encrypt = false; conf_fail = false; }