Esempio n. 1
0
static void
init(void) {
    logger_init(daemon_mode);

    setvbuf(stdout, NULL, _IONBF, 0);
    setvbuf(stderr, NULL, _IONBF, 0);

#ifndef _WIN32
    signal(SIGPIPE, SIG_IGN);
    signal(SIGCHLD, SIG_IGN);
    signal(SIGABRT, SIG_IGN);
#endif

    if (crypto_init(password)) {
        logger_log(LOG_ERR, "crypto init failed");
        exit(1);
    }

    resolver_prepare(nameserver_num);
    uv_key_create(&thread_resolver_key);

    if (idle_timeout == 0) {
        idle_timeout = 60;
    }
}
Esempio n. 2
0
void
app_startup(void)
{
  msg_init(FALSE);
  iv_set_fatal_msg_handler(app_fatal);
  iv_init();
  g_thread_init(NULL);
  crypto_init();
  hostname_global_init();
  dns_caching_global_init();
  dns_caching_thread_init();
  afinter_global_init();
  child_manager_init();
  alarm_init();
  stats_init();
  tzset();
  log_msg_global_init();
  log_tags_global_init();
  log_source_global_init();
  log_template_global_init();
  value_pairs_global_init();
  service_management_init();
  scratch_buffers_allocator_init();
  main_loop_thread_resource_init();
  nondumpable_setlogger(nondumpable_allocator_logger);
  secret_storage_init();
  transport_factory_id_global_init();
}
Esempio n. 3
0
void
test_crypto (enum transform which)
{
  u_int8_t buf[256];
  struct crypto_xf *xf;
  struct keystate *ks;
  enum cryptoerr err;

  xf = crypto_get (which);
  printf ("Testing %s: ", xf->name);

  SET_KEY (buf, xf->keymax);
  ks = crypto_init (xf, buf, xf->keymax, &err);
  if (!ks)
    {
      printf ("FAILED (init %d)", err);
      goto fail;
    }
  SET_KEY (buf, sizeof (buf));
  crypto_init_iv (ks, buf, xf->blocksize);
  crypto_encrypt (ks, buf, sizeof (buf));
  dump_buf (buf, sizeof buf);
  crypto_decrypt (ks, buf, sizeof (buf));
  if (!verify_buf (buf, sizeof (buf)))
    printf ("FAILED ");
  else
    printf ("OKAY ");

  free (ks);

 fail:
  printf ("\n");
  return;
}
Esempio n. 4
0
void cli_session(int sock_in, int sock_out) {

	seedrandom();

	crypto_init();

	common_session_init(sock_in, sock_out);

	chaninitialise(cli_chantypes);

	/* Set up cli_ses vars */
	cli_session_init();

	/* Ready to go */
	sessinitdone = 1;

	/* Exchange identification */
	session_identification();

	send_msg_kexinit();

	session_loop(cli_sessionloop);

	/* Not reached */

}
Esempio n. 5
0
const unsigned char * objectcrypto_decrypt(char *user, char *object, char *content, char *passphrase)
{
  //the three keys
  const unsigned char *K1, *K2, *K2E, *IV, *De;
  
  //initialize
  crypto_init();

  //first, obtain K1 by hashing the passphrase.
  K1 = crypto_MD5(passphrase);

  //second, obtain K2E from the keySafe:
  K2E = keyset_retrieve(user, object);


  //third, use this to decrypt K2E to find K2.
  IV = IVSTRING;//_setIV(K1);
  K2 = crypto_decryptAES(K1, IV, K2E);
  //fourth, once you have K2, you can decrypt the content
  De = crypto_decryptAES(K2, IV, content);

  //check if the original file was blank 
  if (strncmp(De, blankFile, 16) == 0)
  {
    De = NULL;
  }

  crypto_destroy();

  //return this content
  return De;
}
Esempio n. 6
0
static void
init(void) {
#ifdef ANDROID
    logger_init(0);
#else
    logger_init(daemon_mode);
#endif

    setvbuf(stdout, NULL, _IONBF, 0);
    setvbuf(stderr, NULL, _IONBF, 0);

#if !defined(_WIN32)
    signal(SIGPIPE, SIG_IGN);
    signal(SIGCHLD, SIG_IGN);
    signal(SIGABRT, SIG_IGN);
#endif

    if (crypto_init(password)) {
        logger_stderr("crypto init failed");
        exit(1);
    }

    if (idle_timeout == 0) {
        idle_timeout = 60;
    }

#if !defined(_WIN32)
    if (acl_file != NULL) {
        acl = !acl_init(acl_file);
    }
#endif
}
Esempio n. 7
0
void service_init(struct service *sv, uint16_t port, const char *key, const char *capture, const char *playback, uint32_t bitrate,
        void (*handler)(enum service_event event, const uint8_t uid[20], void *args), void *args)
{
    sv->state = STATE_IDLE;
    sv->state_handler = handler;
    sv->state_args = args;
    sv->epfd = epoll_create1(0); assert(sv->epfd > 0);
    sv->timerfd = timerfd_create(CLOCK_MONOTONIC, 0); assert(sv->timerfd > 0);
    service_pollfd(sv, sv->timerfd, (void(*)(void*))timer_handler, sv);

    const int optval = 1;
    const struct sockaddr_in addr = { AF_INET, htons(port) };
    sv->sockfd = socket(AF_INET, SOCK_DGRAM, 0); assert(sv->sockfd > 0);
    int res = setsockopt(sv->sockfd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)); assert(res == 0);
    if(bind(sv->sockfd, (struct sockaddr*)&addr, sizeof(addr)) != 0) { ERROR("Cannot bind socket"); abort(); }
    service_pollfd(sv, sv->sockfd, (void(*)(void*))socket_handler, sv);

    route_init(sv->table);
    sv->crypto = (struct crypto*)((void*)sv + sizeof(struct service));
    crypto_init(sv->crypto, key, sv->srcid);
    sv->media = (struct media*)((void*)sv + sizeof(struct service) + crypto_sizeof());
    media_init(sv->media, capture, playback);
    sv->packet_size = bitrate / 8 / 50;
    INFO("Media: bitrate = %u, capture = %s, playback = %s", bitrate, capture, playback);

    char tmp[128]; INFO("User ID is %.40s", hexify(sv->srcid, tmp, 20));
}
Esempio n. 8
0
File: main.c Progetto: turnage/Charl
/**
 *  Parse the config file, and initiate the host and crypto modules.
 */
int init (void)
{
        int port, max, capup, capdown;
        parser_load_config(&port, &max, &capup, &capdown);
        crypto_init();
        return host_init_server(port, max, capup, capdown);
}
Esempio n. 9
0
int main(int argc, char **argv) {

    unsigned char *x;
    unsigned long long xlen;

    if (argv[0])
        if (argv[1]) {
            if (str_equal(argv[1], "-h"))
                die_usage(0);
        }

    /* get password  */
    x = (unsigned char *)env_get("PASSWORD");
    if (!x) { errno = 0; die_usage("$PASSWORD not set"); }
    xlen = str_len((char *)x);

    /* create salt */
    randombytes(s, sizeof s);

    /* derive key  */
    if (sha512hmacpbkdf2(h, sizeof h, x, xlen, s, sizeof s, ROUNDS) == -1) die_fatal("unable to derive keys", 0);
    byte_zero(x, xlen);

    /* create nonce */
    randombytes(n, sizeof n);
    uint64_pack(n, nanoseconds());
    sha512(nk, (unsigned char *)MAGIC, MAGICBYTES);
    crypto_block_aes256vulnerable(n, n, nk);

    /* initialize */
    crypto_init(&ctx, n, h, MAGIC);
    randombytes(h, sizeof h);
    sha512_init(&shactx);

    /* write header */
    if (writeall(1, MAGIC, MAGICBYTES) == -1) die_fatal("unable to write output", 0);
    if (writeall(1, s, sizeof s) == -1) die_fatal("unable to write output", 0);
    randombytes(s, sizeof s);
    if (writeall(1, n, sizeof n) == -1) die_fatal("unable to write output", 0);

    for (;;) {
        inlen = readblock(in, BLOCK);
        if (inlen != BLOCK) break;
        if (sha512_block(&shactx, in, inlen) != 0) die_fatal("unable to compute hash", 0);
        if (crypto_block(&ctx, in, inlen) != 0) die_fatal("unable to encrypt stream", 0);
        if (writeall(1, in, inlen) == -1) die_fatal("unable to write output", 0);
    }
    if (sha512_last(&shactx, h, in, inlen) != 0) die_fatal("unable to compute hash", 0);
    byte_copy(in + inlen, CHECKSUMBYTES, h);
    inlen += CHECKSUMBYTES;
    if (crypto_last(&ctx, in, inlen) != 0) die_fatal("unable to encrypt stream", 0);
    if (writeall(1, in, inlen) == -1) die_fatal("unable to write output", 0);

    if (fsyncfd(1) == -1) die_fatal("unable to write output", 0);
    cleanup();
    _exit(0);
}
Esempio n. 10
0
void mvWLAN_init_crypt_lib(local_info_t *local)
{
	crypto_init();

	INIT_LIST_HEAD(&local->crypt_deinit_list);
	init_timer(&local->crypt_deinit_timer);
	local->crypt_deinit_timer.data = (unsigned long) local;
	local->crypt_deinit_timer.function = crypt_deinit_handler;
}
Esempio n. 11
0
/**
 * u2fs_global_init:
 * @flags: initialization flags, ORed #u2fs_initflags.
 *
 * Initialize the library.  This function is not guaranteed to be
 * thread safe and must be invoked on application startup.
 *
 * Returns: On success %U2FS_OK (integer 0) is returned, and on errors
 * an #u2fs_rc error code.
 */
u2fs_rc u2fs_global_init(u2fs_initflags flags)
{
  if (flags & U2FS_DEBUG)
    debug = 1;

  crypto_init();

  return U2FS_OK;
}
Esempio n. 12
0
void
storage_init (struct config_data_storage *config_storage)
{
	void crypto_init (void);

	crypto_init ();
	cfg = config_storage;
	storage_desc = msgregister ("storage", storage_msghandler);
}
Esempio n. 13
0
static int load_module(void *mod)
{
	crypto_init();
	if (ast_opt_init_keys)
		crypto_load(STDIN_FILENO, STDOUT_FILENO);
	else
		crypto_load(-1, -1);
	return 0;
}
Esempio n. 14
0
gboolean
crypto_randomize (void *buffer, gsize buffer_len, GError **error)
{
    if (!crypto_init (error))
        return FALSE;

    gnutls_rnd (GNUTLS_RND_RANDOM, buffer, buffer_len);
    return TRUE;
}
Esempio n. 15
0
int load_module(void)
{
	crypto_init();
	if (option_initcrypto)
		crypto_load(STDIN_FILENO, STDOUT_FILENO);
	else
		crypto_load(-1, -1);
	return 0;
}
Esempio n. 16
0
void trng_init(trng_t *obj)
{
    (void)obj;
    
    /* Init crypto module */
    crypto_init();
    
    PRNG_ENABLE_INT();
}
Esempio n. 17
0
END_TEST


START_TEST(check_ec_serialization)
{
	EC_KEY *pair, *pair2;
	unsigned char *sbuf, *sbuf2;
	int res;
	size_t ssize, ssize2;

	res = crypto_init();
	ck_assert_msg(!res, "Crypto initialization routine failed.\n");

	for (size_t i = 0; i < N_SERIALIZATION_TESTS; i++) {
		pair = _generate_ec_keypair(0);
		ck_assert_msg((pair != NULL), "EC serialization check failed: could not generate key pair.\n");

		sbuf = _serialize_ec_pubkey(pair, &ssize);
		ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n");

		pair2 = _deserialize_ec_pubkey(sbuf, ssize, 0);
		ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n");

		sbuf2 = _serialize_ec_pubkey(pair, &ssize2);
		ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n");

		ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2);

		res = memcmp(sbuf, sbuf2, ssize);
		ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n");

		free(sbuf);
		free(sbuf2);

		_free_ec_key(pair2);

		sbuf = _serialize_ec_privkey(pair, &ssize);
		ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n");

		pair2 = _deserialize_ec_privkey(sbuf, ssize, 0);
		ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n");

		sbuf2 = _serialize_ec_privkey(pair, &ssize2);
		ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n");

		ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2);

		res = memcmp(sbuf, sbuf2, ssize);
		ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n");

		free(sbuf);
		free(sbuf2);
		free_ec_key(pair);
	}

	fprintf(stderr, "EC serialization check completed.\n");
}
Esempio n. 18
0
END_TEST


START_TEST(check_ec_sha_signatures)
{
	EC_KEY *key;

	unsigned char *rdata, *sigdata;
	size_t dlens[] = { 16, 128, 1024, 65535 };
	size_t rsize, siglen, last_min = 1;
	unsigned int shabits;
	int res;

	res = crypto_init();
	ck_assert_msg(!res, "Crypto initialization routine failed.\n");

	key = generate_ec_keypair(0);
	ck_assert_msg((key != NULL), "EC SHA signature/verification check failed: could not generate key pair.\n");

	for (size_t i = 0; i < (sizeof(dlens) / sizeof(dlens[0])); i++) {

		for (size_t j = 0; j < N_SIGNATURE_TIER_TESTS; j++) {

			for (size_t k = 0; k < 3; k++) {

				if (!k) {
					shabits = 160;
				} else if (k == 1) {
					shabits = 256;
				} else {
					shabits = 512;
				}

				rdata = gen_random_data(last_min, dlens[i], &rsize);
				ck_assert_msg((rdata != NULL), "EC SHA signature/verification check failed: could not generate random data.\n");
				sigdata = ec_sign_sha_data(rdata, rsize, shabits, key, &siglen);
				ck_assert_msg((sigdata != NULL), "EC SHA signature/verification check failed: could not sign data.\n");
				ck_assert_msg((siglen > 0), "EC SHA signature/verification check failed: signature result had bad length.\n");

				res = verify_ec_sha_signature(rdata, rsize, shabits, sigdata, siglen, key);
				ck_assert_msg((res == 1), "EC SHA signature/verification check failed: signature verification failed (%d).\n", res);

				free(sigdata);
				free(rdata);
			}

			last_min = dlens[i];
		}

	}


	free_ec_key(key);

	fprintf(stderr, "EC SHA signature/verification check completed.\n");
}
Esempio n. 19
0
gboolean
crypto_verify_pkcs12 (const guint8 *data,
                      gsize data_len,
                      const char *password,
                      GError **error)
{
    gnutls_pkcs12_t p12;
    gnutls_datum_t dt;
    gboolean success = FALSE;
    int err;

    g_return_val_if_fail (data != NULL, FALSE);

    if (!crypto_init (error))
        return FALSE;

    dt.data = (unsigned char *) data;
    dt.size = data_len;

    err = gnutls_pkcs12_init (&p12);
    if (err < 0) {
        g_set_error (error, NM_CRYPTO_ERROR,
                     NM_CRYPTO_ERROR_FAILED,
                     _("Couldn't initialize PKCS#12 decoder: %s"),
                     gnutls_strerror (err));
        return FALSE;
    }

    /* DER first */
    err = gnutls_pkcs12_import (p12, &dt, GNUTLS_X509_FMT_DER, 0);
    if (err < 0) {
        /* PEM next */
        err = gnutls_pkcs12_import (p12, &dt, GNUTLS_X509_FMT_PEM, 0);
        if (err < 0) {
            g_set_error (error, NM_CRYPTO_ERROR,
                         NM_CRYPTO_ERROR_INVALID_DATA,
                         _("Couldn't decode PKCS#12 file: %s"),
                         gnutls_strerror (err));
            goto out;
        }
    }

    err = gnutls_pkcs12_verify_mac (p12, password);
    if (err == GNUTLS_E_SUCCESS)
        success = TRUE;
    else {
        g_set_error (error, NM_CRYPTO_ERROR,
                     NM_CRYPTO_ERROR_DECRYPTION_FAILED,
                     _("Couldn't verify PKCS#12 file: %s"),
                     gnutls_strerror (err));
    }

out:
    gnutls_pkcs12_deinit (p12);
    return success;
}
Esempio n. 20
0
int dropbearconvert_main(int argc, char ** argv) {
#else 
int main(int argc, char ** argv) {
#endif

	int intype, outtype;
	const char* infile;
	const char* outfile;

	crypto_init();
	seedrandom();

#if DEBUG_TRACE
	/* It's hard for it to get in the way _too_ much */
	debug_trace = 1;
#endif

	/* get the commandline options */
	if (argc != 5) {
		fprintf(stderr, "All arguments must be specified\n");
		goto usage;
	}

	/* input type */
	if (argv[1][0] == 'd') {
		intype = KEYFILE_DROPBEAR;
	} else if (argv[1][0] == 'o') {
		intype = KEYFILE_OPENSSH;
	} else {
		fprintf(stderr, "Invalid input key type\n");
		goto usage;
	}

	/* output type */
	if (argv[2][0] == 'd') {
		outtype = KEYFILE_DROPBEAR;
	} else if (argv[2][0] == 'o') {
		outtype = KEYFILE_OPENSSH;
	} else {
		fprintf(stderr, "Invalid output key type\n");
		goto usage;
	}

	/* we don't want output readable by others */
	umask(077);

	infile = argv[3];
	outfile = argv[4];

	return do_convert(intype, infile, outtype, outfile);

usage:
	printhelp(argv[0]);
	return 1;
}
Esempio n. 21
0
void svr_session(int sock, int childpipe) {
	char *host, *port;
	size_t len;
    reseedrandom();

	crypto_init();
	common_session_init(sock, sock);

	/* Initialise server specific parts of the session */
	svr_ses.childpipe = childpipe;
#ifdef __uClinux__
	svr_ses.server_pid = getpid();
#endif
	svr_authinitialise();
	chaninitialise(svr_chantypes);
	svr_chansessinitialise();

	ses.connect_time = time(NULL);

	/* for logging the remote address */
	get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0);
	len = strlen(host) + strlen(port) + 2;
	svr_ses.addrstring = m_malloc(len);
	snprintf(svr_ses.addrstring, len, "%s:%s", host, port);
	m_free(host);
	m_free(port);

	get_socket_address(ses.sock_in, NULL, NULL, 
			&svr_ses.remotehost, NULL, 1);

	/* set up messages etc */
	ses.remoteclosed = svr_remoteclosed;

	/* packet handlers */
	ses.packettypes = svr_packettypes;
	ses.buf_match_algo = svr_buf_match_algo;

	ses.isserver = 1;

	/* We're ready to go now */
	sessinitdone = 1;

	/* exchange identification, version etc */
	session_identification();

	/* start off with key exchange */
	send_msg_kexinit();

	/* Run the main for loop. NULL is for the dispatcher - only the client
	 * code makes use of it */
	session_loop(NULL);

	/* Not reached */

}
Esempio n. 22
0
int
main (int argc, char **argv)
{
	GError *error = NULL;

	nmtst_init (&argc, &argv, TRUE);

	if (!crypto_init (&error))
		FAIL ("crypto-init", "failed to initialize crypto: %s", error->message);

	g_test_add_data_func ("/libnm/crypto/cert/pem",
	                      "test_ca_cert.pem",
	                      test_cert);
	g_test_add_data_func ("/libnm/crypto/cert/pem-2",
	                      "test2_ca_cert.pem",
	                      test_cert);
	g_test_add_data_func ("/libnm/crypto/cert/der",
	                      "test_ca_cert.der",
	                      test_cert);
	g_test_add_data_func ("/libnm/crypto/cert/pem-no-ending-newline",
	                      "ca-no-ending-newline.pem",
	                      test_cert);
	g_test_add_data_func ("/libnm/crypto/cert/pem-combined",
	                      "test_key_and_cert.pem",
	                      test_cert);
	g_test_add_data_func ("/libnm/crypto/cert/pem-combined-2",
	                      "test2_key_and_cert.pem",
	                      test_cert);

	g_test_add_data_func ("/libnm/crypto/key/padding-6",
	                      "test_key_and_cert.pem, test, test-key-only-decrypted.der",
	                      test_key);
	g_test_add_data_func ("/libnm/crypto/key/key-only",
	                      "test-key-only.pem, test, test-key-only-decrypted.der",
	                      test_key);
	g_test_add_data_func ("/libnm/crypto/key/padding-8",
	                      "test2_key_and_cert.pem, 12345testing",
	                      test_key);
	g_test_add_data_func ("/libnm/crypto/key/aes",
	                      "test-aes-key.pem, test-aes-password",
	                      test_key);

	g_test_add_data_func ("/libnm/crypto/PKCS#12/1",
	                      "test-cert.p12, test",
	                      test_pkcs12);
	g_test_add_data_func ("/libnm/crypto/PKCS#12/2",
	                      "test2-cert.p12, 12345testing",
	                      test_pkcs12);

	g_test_add_data_func ("/libnm/crypto/PKCS#8",
	                      "pkcs8-enc-key.pem, 1234567890",
	                      test_pkcs8);

	return g_test_run ();
}
Esempio n. 23
0
int cli_main(int argc, char ** argv) {
#else
int main(int argc, char ** argv) {
#endif

	int sock_in, sock_out;
	struct dropbear_progress_connection *progress = NULL;

	_dropbear_exit = cli_dropbear_exit;
	_dropbear_log = cli_dropbear_log;

	disallow_core();

	seedrandom();
	crypto_init();

	cli_getopts(argc, argv);

#ifndef DISABLE_SYSLOG
	if (opts.usingsyslog) {
		startsyslog("dbclient");
	}
#endif

	TRACE(("user='******' host='%s' port='%s' bind_address='%s' bind_port='%s'", cli_opts.username,
				cli_opts.remotehost, cli_opts.remoteport, cli_opts.bind_address, cli_opts.bind_port))

	if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
		dropbear_exit("signal() error");
	}

	pid_t proxy_cmd_pid = 0;
#if DROPBEAR_CLI_PROXYCMD
	if (cli_opts.proxycmd) {
		cli_proxy_cmd(&sock_in, &sock_out, &proxy_cmd_pid);
		m_free(cli_opts.proxycmd);
		if (signal(SIGINT, kill_proxy_sighandler) == SIG_ERR ||
			signal(SIGTERM, kill_proxy_sighandler) == SIG_ERR ||
			signal(SIGHUP, kill_proxy_sighandler) == SIG_ERR) {
			dropbear_exit("signal() error");
		}
	} else
#endif
	{
		progress = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 
			cli_connected, &ses, cli_opts.bind_address, cli_opts.bind_port);
		sock_in = sock_out = -1;
	}

	cli_session(sock_in, sock_out, progress, proxy_cmd_pid);

	/* not reached */
	return -1;
}
Esempio n. 24
0
gboolean
crypto_verify_pkcs8 (const guint8 *data,
                     gsize data_len,
                     gboolean is_encrypted,
                     const char *password,
                     GError **error)
{
    gnutls_x509_privkey_t p8;
    gnutls_datum_t dt;
    int err;

    g_return_val_if_fail (data != NULL, FALSE);

    if (!crypto_init (error))
        return FALSE;

    dt.data = (unsigned char *) data;
    dt.size = data_len;

    err = gnutls_x509_privkey_init (&p8);
    if (err < 0) {
        g_set_error (error, NM_CRYPTO_ERROR,
                     NM_CRYPTO_ERROR_FAILED,
                     _("Couldn't initialize PKCS#8 decoder: %s"),
                     gnutls_strerror (err));
        return FALSE;
    }

    err = gnutls_x509_privkey_import_pkcs8 (p8,
                                            &dt,
                                            GNUTLS_X509_FMT_DER,
                                            is_encrypted ? password : NULL,
                                            is_encrypted ? 0 : GNUTLS_PKCS_PLAIN);
    gnutls_x509_privkey_deinit (p8);

    if (err < 0) {
        if (err == GNUTLS_E_UNKNOWN_CIPHER_TYPE) {
            /* HACK: gnutls doesn't support all the cipher types that openssl
             * can use with PKCS#8, so if we encounter one, we have to assume
             * the given password works.  gnutls needs to unsuckify, apparently.
             * Specifically, by default openssl uses pbeWithMD5AndDES-CBC
             * which gnutls does not support.
             */
        } else {
            g_set_error (error, NM_CRYPTO_ERROR,
                         NM_CRYPTO_ERROR_INVALID_DATA,
                         _("Couldn't decode PKCS#8 file: %s"),
                         gnutls_strerror (err));
            return FALSE;
        }
    }

    return TRUE;
}
Esempio n. 25
0
static TEE_Result tee_cryp_init(void)
{
	TEE_Result res = crypto_init();

	if (res) {
		EMSG("Failed to initialize crypto API: %#" PRIx32, res);
		panic();
	}
	plat_rng_init();

	return TEE_SUCCESS;
}
Esempio n. 26
0
File: main.c Progetto: cdrttn/keeper
/*
 * Application entry point.
 */
int main(void)
{
#if 0
	static const evhandler_t evhndl[] = {
		InsertHandler,
		RemoveHandler
	};
#endif
	/*
	* System initializations.
	* - HAL initialization, this also initializes the configured device drivers
	*   and performs the board-specific initializations.
	* - Kernel initialization, the main() function becomes a thread and the
	*   RTOS is active.
	*/
	halInit();
	chSysInit();
	crypto_init();
	buttons_init();

	chHeapInit(fast_heap, FAST_HEAP_ADDR, FAST_HEAP_SIZE);

	sdStart(&SD2, NULL);
	palSetPadMode(GPIOA, 2, PAL_MODE_ALTERNATE(7));
	palSetPadMode(GPIOA, 3, PAL_MODE_ALTERNATE(7));
	lcd_init();

	setvbuf(stdin, NULL, _IONBF, 0);

	mmcObjectInit(&MMCD1);
	mmcStart(&MMCD1, &mmccfg);
	mount_card();

	pwmStart(&PWMD1, &lcd_pwmcfg);
	palSetPadMode(GPIOA, 8, PAL_MODE_ALTERNATE(1));

	// XXX moveme
	palSetPadMode(GPIOB, 6, PAL_MODE_INPUT_PULLUP);
	palSetPadMode(GPIOB, 15, PAL_MODE_INPUT_PULLUP);
	palSetPadMode(GPIOB, 14, PAL_MODE_INPUT_PULLUP);
	palSetPadMode(GPIOC, 10, PAL_MODE_INPUT_PULLUP);
	palSetPadMode(GPIOC, 11, PAL_MODE_INPUT_PULLUP);

	fiprintf(lcd_stdout, "HIHI");
	while (TRUE) {
		console_cmd_loop();
		//chEvtDispatch(evhndl, chEvtWaitOne(ALL_EVENTS));
	}

	return 0;
}
Esempio n. 27
0
/* doesn't work: encryption and decryption cannot work off the same buffer

static unsigned char *_setIV(const unsigned char *k)
{
  static unsigned char _ivBuff[LENGTH];
  int i = 0;
  for (i = 0; i < LENGTH; i++)
  {
    _ivBuff[i] = k[LENGTH - (i + 1)];
  }
  printf("i is %d!!!\n", i);
  _ivBuff[LENGTH] = '\0';
  return _ivBuff;
}
*/
const unsigned char * objectcrypto_encrypt(char *user, char *object, char *content, char *passphrase)
{
  //the three keys
  const unsigned char *K1, *K2, *K2E, *IV, *Ci;
  
  //initialize
  crypto_init();

  //first, hash the passphrase.  This is K1
  K1 = crypto_MD5(passphrase);
  //printf("MD5 hash: ");
  //crypto_print(K1);

  //second, obtain the per-file urandom key.  This is K2
  int r = open("/dev/urandom", O_RDONLY);
  ssize_t result = read(r, _rBuff, LENGTH);
  if (result < 0)
  {
      // error, unable to read /dev/urandom
      printf("Error, unable to read /dev/urandom\n"); 
      K2 = "0123456789012345";
  
  }
  else
  {
      K2 = (const unsigned char *)_rBuff;
  }
  close(r);
  
  //printf("Encrypt K2: %s\n", K2); 

  //third, encrypt K2 using K1 as the key and an IV.  This is KE2
  IV = IVSTRING;//_setIV(K1);
  K2E = crypto_encryptAES(K1, IV, K2);


  //fourth, store KE2
  keyset_store(user, object, K2E);

  //fifth, round data to the nearest 16 bytes and encrypt content using K2
  if (strlen(content) == 0)
  {
    content = blankFile;  
  }
  Ci = crypto_encryptAES(K2, IV, (const unsigned char *)content);
  crypto_destroy();

  //return this content
  return Ci;
}
Esempio n. 28
0
int cli_main(int argc, char ** argv) {
#else
int main(int argc, char ** argv) {
#endif

	int sock_in, sock_out;
	char* error = NULL;

	_dropbear_exit = cli_dropbear_exit;
	_dropbear_log = cli_dropbear_log;

	disallow_core();

	seedrandom();
	crypto_init();

	cli_getopts(argc, argv);

	TRACE(("user='******' host='%s' port='%s'", cli_opts.username,
				cli_opts.remotehost, cli_opts.remoteport))

	if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
		dropbear_exit("signal() error");
	}

#ifdef ENABLE_CLI_PROXYCMD
	if (cli_opts.proxycmd) {
		cli_proxy_cmd(&sock_in, &sock_out);
		m_free(cli_opts.proxycmd);
	} else
#endif
	{
		int sock = connect_remote(cli_opts.ipfamily,
				cli_opts.remotehost, cli_opts.remoteport, 
				0, &error);
		sock_in = sock_out = sock;
	 	if (cli_opts.wantpty) {
			set_sock_priority(sock, DROPBEAR_PRIO_LOWDELAY);
	 	}
	}

	if (sock_in < 0) {
		dropbear_exit("%s", error);
	}

	cli_session(sock_in, sock_out);

	/* not reached */
	return -1;
}
Esempio n. 29
0
void svr_session(int sock, int childpipe, 
		char* remotehost, char *addrstring) {

	struct timeval timeout;

    reseedrandom();

	crypto_init();
	common_session_init(sock, remotehost);

	/* Initialise server specific parts of the session */
	svr_ses.childpipe = childpipe;
	svr_ses.addrstring = addrstring;
	svr_authinitialise();
	chaninitialise(svr_chantypes);
	svr_chansessinitialise();

	if (gettimeofday(&timeout, 0) < 0) {
		dropbear_exit("Error getting time");
	}

	ses.connecttimeout = timeout.tv_sec + AUTH_TIMEOUT;

	/* set up messages etc */
	ses.remoteclosed = svr_remoteclosed;

	/* packet handlers */
	ses.packettypes = svr_packettypes;
	ses.buf_match_algo = svr_buf_match_algo;

	ses.isserver = 1;

	/* We're ready to go now */
	sessinitdone = 1;

	/* exchange identification, version etc */
	session_identification();

	/* start off with key exchange */
	send_msg_kexinit();

	/* Run the main for loop. NULL is for the dispatcher - only the client
	 * code makes use of it */
	session_loop(NULL);

	/* Not reached */

}
Esempio n. 30
0
END_TEST


START_TEST(check_ecdh_kdf)
{

	EC_KEY *ec1, *ec2, *pub1, *pub2;
	int res;
	size_t serial_size;
	unsigned char *serial_temp, key1[48], key2[48];

	memset(key1, 0, 48);
	memset(key2, 0, 48);

	res = crypto_init();

	ec1 = _generate_ec_keypair(0);
	ec2 = _generate_ec_keypair(0);

	ck_assert_msg((ec1 != NULL), "EC key generation failed.\n");
	ck_assert_msg((ec2 != NULL), "EC key generation failed.\n");

	serial_temp = _serialize_ec_pubkey(ec1, &serial_size);

	ck_assert_msg(serial_temp != NULL, "could not serialize public key.\n");

	pub1 = _deserialize_ec_pubkey(serial_temp, serial_size, 0);

	res = _compute_aes256_kek(pub1, ec2, key1);

	ck_assert_msg((res == 0), "could not perform ECDH key exchange.\n");

	free(serial_temp);

	serial_temp = _serialize_ec_pubkey(ec2, &serial_size);

	ck_assert_msg((serial_temp != NULL), "could not serialize public key.\n");

	pub2 = _deserialize_ec_pubkey(serial_temp, serial_size, 0);

	res = _compute_aes256_kek(pub2, ec1, key2);

	ck_assert_msg((res == 0), "could not perform the second ECDH key exchange.\n");

	ck_assert_msg((memcmp(key1, key2, 48) == 0), "the key derivation functions did not yield the correct result");

	fprintf(stderr, "ECDH key derivation function check completed.\n");
}