static void
init(void) {
logger_init(daemon_mode);
setvbuf(stdout, NULL, _IONBF, 0);
setvbuf(stderr, NULL, _IONBF, 0);
#ifndef _WIN32
signal(SIGPIPE, SIG_IGN);
signal(SIGCHLD, SIG_IGN);
signal(SIGABRT, SIG_IGN);
#endif
if (crypto_init(password)) {
logger_log(LOG_ERR, "crypto init failed");
exit(1);
}
resolver_prepare(nameserver_num);
uv_key_create(&thread_resolver_key);
if (idle_timeout == 0) {
idle_timeout = 60;
}
}
void
app_startup(void)
{
msg_init(FALSE);
iv_set_fatal_msg_handler(app_fatal);
iv_init();
g_thread_init(NULL);
crypto_init();
hostname_global_init();
dns_caching_global_init();
dns_caching_thread_init();
afinter_global_init();
child_manager_init();
alarm_init();
stats_init();
tzset();
log_msg_global_init();
log_tags_global_init();
log_source_global_init();
log_template_global_init();
value_pairs_global_init();
service_management_init();
scratch_buffers_allocator_init();
main_loop_thread_resource_init();
nondumpable_setlogger(nondumpable_allocator_logger);
secret_storage_init();
transport_factory_id_global_init();
}
void
test_crypto (enum transform which)
{
u_int8_t buf[256];
struct crypto_xf *xf;
struct keystate *ks;
enum cryptoerr err;
xf = crypto_get (which);
printf ("Testing %s: ", xf->name);
SET_KEY (buf, xf->keymax);
ks = crypto_init (xf, buf, xf->keymax, &err);
if (!ks)
{
printf ("FAILED (init %d)", err);
goto fail;
}
SET_KEY (buf, sizeof (buf));
crypto_init_iv (ks, buf, xf->blocksize);
crypto_encrypt (ks, buf, sizeof (buf));
dump_buf (buf, sizeof buf);
crypto_decrypt (ks, buf, sizeof (buf));
if (!verify_buf (buf, sizeof (buf)))
printf ("FAILED ");
else
printf ("OKAY ");
free (ks);
fail:
printf ("\n");
return;
}
void cli_session(int sock_in, int sock_out) {
seedrandom();
crypto_init();
common_session_init(sock_in, sock_out);
chaninitialise(cli_chantypes);
/* Set up cli_ses vars */
cli_session_init();
/* Ready to go */
sessinitdone = 1;
/* Exchange identification */
session_identification();
send_msg_kexinit();
session_loop(cli_sessionloop);
/* Not reached */
}
const unsigned char * objectcrypto_decrypt(char *user, char *object, char *content, char *passphrase)
{
//the three keys
const unsigned char *K1, *K2, *K2E, *IV, *De;
//initialize
crypto_init();
//first, obtain K1 by hashing the passphrase.
K1 = crypto_MD5(passphrase);
//second, obtain K2E from the keySafe:
K2E = keyset_retrieve(user, object);
//third, use this to decrypt K2E to find K2.
IV = IVSTRING;//_setIV(K1);
K2 = crypto_decryptAES(K1, IV, K2E);
//fourth, once you have K2, you can decrypt the content
De = crypto_decryptAES(K2, IV, content);
//check if the original file was blank
if (strncmp(De, blankFile, 16) == 0)
{
De = NULL;
}
crypto_destroy();
//return this content
return De;
}
static void
init(void) {
#ifdef ANDROID
logger_init(0);
#else
logger_init(daemon_mode);
#endif
setvbuf(stdout, NULL, _IONBF, 0);
setvbuf(stderr, NULL, _IONBF, 0);
#if !defined(_WIN32)
signal(SIGPIPE, SIG_IGN);
signal(SIGCHLD, SIG_IGN);
signal(SIGABRT, SIG_IGN);
#endif
if (crypto_init(password)) {
logger_stderr("crypto init failed");
exit(1);
}
if (idle_timeout == 0) {
idle_timeout = 60;
}
#if !defined(_WIN32)
if (acl_file != NULL) {
acl = !acl_init(acl_file);
}
#endif
}
void service_init(struct service *sv, uint16_t port, const char *key, const char *capture, const char *playback, uint32_t bitrate,
void (*handler)(enum service_event event, const uint8_t uid[20], void *args), void *args)
{
sv->state = STATE_IDLE;
sv->state_handler = handler;
sv->state_args = args;
sv->epfd = epoll_create1(0); assert(sv->epfd > 0);
sv->timerfd = timerfd_create(CLOCK_MONOTONIC, 0); assert(sv->timerfd > 0);
service_pollfd(sv, sv->timerfd, (void(*)(void*))timer_handler, sv);
const int optval = 1;
const struct sockaddr_in addr = { AF_INET, htons(port) };
sv->sockfd = socket(AF_INET, SOCK_DGRAM, 0); assert(sv->sockfd > 0);
int res = setsockopt(sv->sockfd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)); assert(res == 0);
if(bind(sv->sockfd, (struct sockaddr*)&addr, sizeof(addr)) != 0) { ERROR("Cannot bind socket"); abort(); }
service_pollfd(sv, sv->sockfd, (void(*)(void*))socket_handler, sv);
route_init(sv->table);
sv->crypto = (struct crypto*)((void*)sv + sizeof(struct service));
crypto_init(sv->crypto, key, sv->srcid);
sv->media = (struct media*)((void*)sv + sizeof(struct service) + crypto_sizeof());
media_init(sv->media, capture, playback);
sv->packet_size = bitrate / 8 / 50;
INFO("Media: bitrate = %u, capture = %s, playback = %s", bitrate, capture, playback);
char tmp[128]; INFO("User ID is %.40s", hexify(sv->srcid, tmp, 20));
}
/**
* Parse the config file, and initiate the host and crypto modules.
*/
int init (void)
{
int port, max, capup, capdown;
parser_load_config(&port, &max, &capup, &capdown);
crypto_init();
return host_init_server(port, max, capup, capdown);
}
int main(int argc, char **argv) {
unsigned char *x;
unsigned long long xlen;
if (argv[0])
if (argv[1]) {
if (str_equal(argv[1], "-h"))
die_usage(0);
}
/* get password */
x = (unsigned char *)env_get("PASSWORD");
if (!x) { errno = 0; die_usage("$PASSWORD not set"); }
xlen = str_len((char *)x);
/* create salt */
randombytes(s, sizeof s);
/* derive key */
if (sha512hmacpbkdf2(h, sizeof h, x, xlen, s, sizeof s, ROUNDS) == -1) die_fatal("unable to derive keys", 0);
byte_zero(x, xlen);
/* create nonce */
randombytes(n, sizeof n);
uint64_pack(n, nanoseconds());
sha512(nk, (unsigned char *)MAGIC, MAGICBYTES);
crypto_block_aes256vulnerable(n, n, nk);
/* initialize */
crypto_init(&ctx, n, h, MAGIC);
randombytes(h, sizeof h);
sha512_init(&shactx);
/* write header */
if (writeall(1, MAGIC, MAGICBYTES) == -1) die_fatal("unable to write output", 0);
if (writeall(1, s, sizeof s) == -1) die_fatal("unable to write output", 0);
randombytes(s, sizeof s);
if (writeall(1, n, sizeof n) == -1) die_fatal("unable to write output", 0);
for (;;) {
inlen = readblock(in, BLOCK);
if (inlen != BLOCK) break;
if (sha512_block(&shactx, in, inlen) != 0) die_fatal("unable to compute hash", 0);
if (crypto_block(&ctx, in, inlen) != 0) die_fatal("unable to encrypt stream", 0);
if (writeall(1, in, inlen) == -1) die_fatal("unable to write output", 0);
}
if (sha512_last(&shactx, h, in, inlen) != 0) die_fatal("unable to compute hash", 0);
byte_copy(in + inlen, CHECKSUMBYTES, h);
inlen += CHECKSUMBYTES;
if (crypto_last(&ctx, in, inlen) != 0) die_fatal("unable to encrypt stream", 0);
if (writeall(1, in, inlen) == -1) die_fatal("unable to write output", 0);
if (fsyncfd(1) == -1) die_fatal("unable to write output", 0);
cleanup();
_exit(0);
}
void mvWLAN_init_crypt_lib(local_info_t *local)
{
crypto_init();
INIT_LIST_HEAD(&local->crypt_deinit_list);
init_timer(&local->crypt_deinit_timer);
local->crypt_deinit_timer.data = (unsigned long) local;
local->crypt_deinit_timer.function = crypt_deinit_handler;
}
/**
* u2fs_global_init:
* @flags: initialization flags, ORed #u2fs_initflags.
*
* Initialize the library. This function is not guaranteed to be
* thread safe and must be invoked on application startup.
*
* Returns: On success %U2FS_OK (integer 0) is returned, and on errors
* an #u2fs_rc error code.
*/
u2fs_rc u2fs_global_init(u2fs_initflags flags)
{
if (flags & U2FS_DEBUG)
debug = 1;
crypto_init();
return U2FS_OK;
}
void
storage_init (struct config_data_storage *config_storage)
{
void crypto_init (void);
crypto_init ();
cfg = config_storage;
storage_desc = msgregister ("storage", storage_msghandler);
}
static int load_module(void *mod)
{
crypto_init();
if (ast_opt_init_keys)
crypto_load(STDIN_FILENO, STDOUT_FILENO);
else
crypto_load(-1, -1);
return 0;
}
gboolean
crypto_randomize (void *buffer, gsize buffer_len, GError **error)
{
if (!crypto_init (error))
return FALSE;
gnutls_rnd (GNUTLS_RND_RANDOM, buffer, buffer_len);
return TRUE;
}
int load_module(void)
{
crypto_init();
if (option_initcrypto)
crypto_load(STDIN_FILENO, STDOUT_FILENO);
else
crypto_load(-1, -1);
return 0;
}
void trng_init(trng_t *obj)
{
(void)obj;
/* Init crypto module */
crypto_init();
PRNG_ENABLE_INT();
}
END_TEST
START_TEST(check_ec_serialization)
{
EC_KEY *pair, *pair2;
unsigned char *sbuf, *sbuf2;
int res;
size_t ssize, ssize2;
res = crypto_init();
ck_assert_msg(!res, "Crypto initialization routine failed.\n");
for (size_t i = 0; i < N_SERIALIZATION_TESTS; i++) {
pair = _generate_ec_keypair(0);
ck_assert_msg((pair != NULL), "EC serialization check failed: could not generate key pair.\n");
sbuf = _serialize_ec_pubkey(pair, &ssize);
ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n");
pair2 = _deserialize_ec_pubkey(sbuf, ssize, 0);
ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n");
sbuf2 = _serialize_ec_pubkey(pair, &ssize2);
ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n");
ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2);
res = memcmp(sbuf, sbuf2, ssize);
ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n");
free(sbuf);
free(sbuf2);
_free_ec_key(pair2);
sbuf = _serialize_ec_privkey(pair, &ssize);
ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n");
pair2 = _deserialize_ec_privkey(sbuf, ssize, 0);
ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n");
sbuf2 = _serialize_ec_privkey(pair, &ssize2);
ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n");
ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2);
res = memcmp(sbuf, sbuf2, ssize);
ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n");
free(sbuf);
free(sbuf2);
free_ec_key(pair);
}
fprintf(stderr, "EC serialization check completed.\n");
}
END_TEST
START_TEST(check_ec_sha_signatures)
{
EC_KEY *key;
unsigned char *rdata, *sigdata;
size_t dlens[] = { 16, 128, 1024, 65535 };
size_t rsize, siglen, last_min = 1;
unsigned int shabits;
int res;
res = crypto_init();
ck_assert_msg(!res, "Crypto initialization routine failed.\n");
key = generate_ec_keypair(0);
ck_assert_msg((key != NULL), "EC SHA signature/verification check failed: could not generate key pair.\n");
for (size_t i = 0; i < (sizeof(dlens) / sizeof(dlens[0])); i++) {
for (size_t j = 0; j < N_SIGNATURE_TIER_TESTS; j++) {
for (size_t k = 0; k < 3; k++) {
if (!k) {
shabits = 160;
} else if (k == 1) {
shabits = 256;
} else {
shabits = 512;
}
rdata = gen_random_data(last_min, dlens[i], &rsize);
ck_assert_msg((rdata != NULL), "EC SHA signature/verification check failed: could not generate random data.\n");
sigdata = ec_sign_sha_data(rdata, rsize, shabits, key, &siglen);
ck_assert_msg((sigdata != NULL), "EC SHA signature/verification check failed: could not sign data.\n");
ck_assert_msg((siglen > 0), "EC SHA signature/verification check failed: signature result had bad length.\n");
res = verify_ec_sha_signature(rdata, rsize, shabits, sigdata, siglen, key);
ck_assert_msg((res == 1), "EC SHA signature/verification check failed: signature verification failed (%d).\n", res);
free(sigdata);
free(rdata);
}
last_min = dlens[i];
}
}
free_ec_key(key);
fprintf(stderr, "EC SHA signature/verification check completed.\n");
}
gboolean
crypto_verify_pkcs12 (const guint8 *data,
gsize data_len,
const char *password,
GError **error)
{
gnutls_pkcs12_t p12;
gnutls_datum_t dt;
gboolean success = FALSE;
int err;
g_return_val_if_fail (data != NULL, FALSE);
if (!crypto_init (error))
return FALSE;
dt.data = (unsigned char *) data;
dt.size = data_len;
err = gnutls_pkcs12_init (&p12);
if (err < 0) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_FAILED,
_("Couldn't initialize PKCS#12 decoder: %s"),
gnutls_strerror (err));
return FALSE;
}
/* DER first */
err = gnutls_pkcs12_import (p12, &dt, GNUTLS_X509_FMT_DER, 0);
if (err < 0) {
/* PEM next */
err = gnutls_pkcs12_import (p12, &dt, GNUTLS_X509_FMT_PEM, 0);
if (err < 0) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_INVALID_DATA,
_("Couldn't decode PKCS#12 file: %s"),
gnutls_strerror (err));
goto out;
}
}
err = gnutls_pkcs12_verify_mac (p12, password);
if (err == GNUTLS_E_SUCCESS)
success = TRUE;
else {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Couldn't verify PKCS#12 file: %s"),
gnutls_strerror (err));
}
out:
gnutls_pkcs12_deinit (p12);
return success;
}
int dropbearconvert_main(int argc, char ** argv) {
#else
int main(int argc, char ** argv) {
#endif
int intype, outtype;
const char* infile;
const char* outfile;
crypto_init();
seedrandom();
#if DEBUG_TRACE
/* It's hard for it to get in the way _too_ much */
debug_trace = 1;
#endif
/* get the commandline options */
if (argc != 5) {
fprintf(stderr, "All arguments must be specified\n");
goto usage;
}
/* input type */
if (argv[1][0] == 'd') {
intype = KEYFILE_DROPBEAR;
} else if (argv[1][0] == 'o') {
intype = KEYFILE_OPENSSH;
} else {
fprintf(stderr, "Invalid input key type\n");
goto usage;
}
/* output type */
if (argv[2][0] == 'd') {
outtype = KEYFILE_DROPBEAR;
} else if (argv[2][0] == 'o') {
outtype = KEYFILE_OPENSSH;
} else {
fprintf(stderr, "Invalid output key type\n");
goto usage;
}
/* we don't want output readable by others */
umask(077);
infile = argv[3];
outfile = argv[4];
return do_convert(intype, infile, outtype, outfile);
usage:
printhelp(argv[0]);
return 1;
}
void svr_session(int sock, int childpipe) {
char *host, *port;
size_t len;
reseedrandom();
crypto_init();
common_session_init(sock, sock);
/* Initialise server specific parts of the session */
svr_ses.childpipe = childpipe;
#ifdef __uClinux__
svr_ses.server_pid = getpid();
#endif
svr_authinitialise();
chaninitialise(svr_chantypes);
svr_chansessinitialise();
ses.connect_time = time(NULL);
/* for logging the remote address */
get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0);
len = strlen(host) + strlen(port) + 2;
svr_ses.addrstring = m_malloc(len);
snprintf(svr_ses.addrstring, len, "%s:%s", host, port);
m_free(host);
m_free(port);
get_socket_address(ses.sock_in, NULL, NULL,
&svr_ses.remotehost, NULL, 1);
/* set up messages etc */
ses.remoteclosed = svr_remoteclosed;
/* packet handlers */
ses.packettypes = svr_packettypes;
ses.buf_match_algo = svr_buf_match_algo;
ses.isserver = 1;
/* We're ready to go now */
sessinitdone = 1;
/* exchange identification, version etc */
session_identification();
/* start off with key exchange */
send_msg_kexinit();
/* Run the main for loop. NULL is for the dispatcher - only the client
* code makes use of it */
session_loop(NULL);
/* Not reached */
}
int
main (int argc, char **argv)
{
GError *error = NULL;
nmtst_init (&argc, &argv, TRUE);
if (!crypto_init (&error))
FAIL ("crypto-init", "failed to initialize crypto: %s", error->message);
g_test_add_data_func ("/libnm/crypto/cert/pem",
"test_ca_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-2",
"test2_ca_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/der",
"test_ca_cert.der",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-no-ending-newline",
"ca-no-ending-newline.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-combined",
"test_key_and_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/cert/pem-combined-2",
"test2_key_and_cert.pem",
test_cert);
g_test_add_data_func ("/libnm/crypto/key/padding-6",
"test_key_and_cert.pem, test, test-key-only-decrypted.der",
test_key);
g_test_add_data_func ("/libnm/crypto/key/key-only",
"test-key-only.pem, test, test-key-only-decrypted.der",
test_key);
g_test_add_data_func ("/libnm/crypto/key/padding-8",
"test2_key_and_cert.pem, 12345testing",
test_key);
g_test_add_data_func ("/libnm/crypto/key/aes",
"test-aes-key.pem, test-aes-password",
test_key);
g_test_add_data_func ("/libnm/crypto/PKCS#12/1",
"test-cert.p12, test",
test_pkcs12);
g_test_add_data_func ("/libnm/crypto/PKCS#12/2",
"test2-cert.p12, 12345testing",
test_pkcs12);
g_test_add_data_func ("/libnm/crypto/PKCS#8",
"pkcs8-enc-key.pem, 1234567890",
test_pkcs8);
return g_test_run ();
}
int cli_main(int argc, char ** argv) {
#else
int main(int argc, char ** argv) {
#endif
int sock_in, sock_out;
struct dropbear_progress_connection *progress = NULL;
_dropbear_exit = cli_dropbear_exit;
_dropbear_log = cli_dropbear_log;
disallow_core();
seedrandom();
crypto_init();
cli_getopts(argc, argv);
#ifndef DISABLE_SYSLOG
if (opts.usingsyslog) {
startsyslog("dbclient");
}
#endif
TRACE(("user='******' host='%s' port='%s' bind_address='%s' bind_port='%s'", cli_opts.username,
cli_opts.remotehost, cli_opts.remoteport, cli_opts.bind_address, cli_opts.bind_port))
if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
dropbear_exit("signal() error");
}
pid_t proxy_cmd_pid = 0;
#if DROPBEAR_CLI_PROXYCMD
if (cli_opts.proxycmd) {
cli_proxy_cmd(&sock_in, &sock_out, &proxy_cmd_pid);
m_free(cli_opts.proxycmd);
if (signal(SIGINT, kill_proxy_sighandler) == SIG_ERR ||
signal(SIGTERM, kill_proxy_sighandler) == SIG_ERR ||
signal(SIGHUP, kill_proxy_sighandler) == SIG_ERR) {
dropbear_exit("signal() error");
}
} else
#endif
{
progress = connect_remote(cli_opts.remotehost, cli_opts.remoteport,
cli_connected, &ses, cli_opts.bind_address, cli_opts.bind_port);
sock_in = sock_out = -1;
}
cli_session(sock_in, sock_out, progress, proxy_cmd_pid);
/* not reached */
return -1;
}
gboolean
crypto_verify_pkcs8 (const guint8 *data,
gsize data_len,
gboolean is_encrypted,
const char *password,
GError **error)
{
gnutls_x509_privkey_t p8;
gnutls_datum_t dt;
int err;
g_return_val_if_fail (data != NULL, FALSE);
if (!crypto_init (error))
return FALSE;
dt.data = (unsigned char *) data;
dt.size = data_len;
err = gnutls_x509_privkey_init (&p8);
if (err < 0) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_FAILED,
_("Couldn't initialize PKCS#8 decoder: %s"),
gnutls_strerror (err));
return FALSE;
}
err = gnutls_x509_privkey_import_pkcs8 (p8,
&dt,
GNUTLS_X509_FMT_DER,
is_encrypted ? password : NULL,
is_encrypted ? 0 : GNUTLS_PKCS_PLAIN);
gnutls_x509_privkey_deinit (p8);
if (err < 0) {
if (err == GNUTLS_E_UNKNOWN_CIPHER_TYPE) {
/* HACK: gnutls doesn't support all the cipher types that openssl
* can use with PKCS#8, so if we encounter one, we have to assume
* the given password works. gnutls needs to unsuckify, apparently.
* Specifically, by default openssl uses pbeWithMD5AndDES-CBC
* which gnutls does not support.
*/
} else {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_INVALID_DATA,
_("Couldn't decode PKCS#8 file: %s"),
gnutls_strerror (err));
return FALSE;
}
}
return TRUE;
}
static TEE_Result tee_cryp_init(void)
{
TEE_Result res = crypto_init();
if (res) {
EMSG("Failed to initialize crypto API: %#" PRIx32, res);
panic();
}
plat_rng_init();
return TEE_SUCCESS;
}
/*
* Application entry point.
*/
int main(void)
{
#if 0
static const evhandler_t evhndl[] = {
InsertHandler,
RemoveHandler
};
#endif
/*
* System initializations.
* - HAL initialization, this also initializes the configured device drivers
* and performs the board-specific initializations.
* - Kernel initialization, the main() function becomes a thread and the
* RTOS is active.
*/
halInit();
chSysInit();
crypto_init();
buttons_init();
chHeapInit(fast_heap, FAST_HEAP_ADDR, FAST_HEAP_SIZE);
sdStart(&SD2, NULL);
palSetPadMode(GPIOA, 2, PAL_MODE_ALTERNATE(7));
palSetPadMode(GPIOA, 3, PAL_MODE_ALTERNATE(7));
lcd_init();
setvbuf(stdin, NULL, _IONBF, 0);
mmcObjectInit(&MMCD1);
mmcStart(&MMCD1, &mmccfg);
mount_card();
pwmStart(&PWMD1, &lcd_pwmcfg);
palSetPadMode(GPIOA, 8, PAL_MODE_ALTERNATE(1));
// XXX moveme
palSetPadMode(GPIOB, 6, PAL_MODE_INPUT_PULLUP);
palSetPadMode(GPIOB, 15, PAL_MODE_INPUT_PULLUP);
palSetPadMode(GPIOB, 14, PAL_MODE_INPUT_PULLUP);
palSetPadMode(GPIOC, 10, PAL_MODE_INPUT_PULLUP);
palSetPadMode(GPIOC, 11, PAL_MODE_INPUT_PULLUP);
fiprintf(lcd_stdout, "HIHI");
while (TRUE) {
console_cmd_loop();
//chEvtDispatch(evhndl, chEvtWaitOne(ALL_EVENTS));
}
return 0;
}
/* doesn't work: encryption and decryption cannot work off the same buffer
static unsigned char *_setIV(const unsigned char *k)
{
static unsigned char _ivBuff[LENGTH];
int i = 0;
for (i = 0; i < LENGTH; i++)
{
_ivBuff[i] = k[LENGTH - (i + 1)];
}
printf("i is %d!!!\n", i);
_ivBuff[LENGTH] = '\0';
return _ivBuff;
}
*/
const unsigned char * objectcrypto_encrypt(char *user, char *object, char *content, char *passphrase)
{
//the three keys
const unsigned char *K1, *K2, *K2E, *IV, *Ci;
//initialize
crypto_init();
//first, hash the passphrase. This is K1
K1 = crypto_MD5(passphrase);
//printf("MD5 hash: ");
//crypto_print(K1);
//second, obtain the per-file urandom key. This is K2
int r = open("/dev/urandom", O_RDONLY);
ssize_t result = read(r, _rBuff, LENGTH);
if (result < 0)
{
// error, unable to read /dev/urandom
printf("Error, unable to read /dev/urandom\n");
K2 = "0123456789012345";
}
else
{
K2 = (const unsigned char *)_rBuff;
}
close(r);
//printf("Encrypt K2: %s\n", K2);
//third, encrypt K2 using K1 as the key and an IV. This is KE2
IV = IVSTRING;//_setIV(K1);
K2E = crypto_encryptAES(K1, IV, K2);
//fourth, store KE2
keyset_store(user, object, K2E);
//fifth, round data to the nearest 16 bytes and encrypt content using K2
if (strlen(content) == 0)
{
content = blankFile;
}
Ci = crypto_encryptAES(K2, IV, (const unsigned char *)content);
crypto_destroy();
//return this content
return Ci;
}
int cli_main(int argc, char ** argv) {
#else
int main(int argc, char ** argv) {
#endif
int sock_in, sock_out;
char* error = NULL;
_dropbear_exit = cli_dropbear_exit;
_dropbear_log = cli_dropbear_log;
disallow_core();
seedrandom();
crypto_init();
cli_getopts(argc, argv);
TRACE(("user='******' host='%s' port='%s'", cli_opts.username,
cli_opts.remotehost, cli_opts.remoteport))
if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
dropbear_exit("signal() error");
}
#ifdef ENABLE_CLI_PROXYCMD
if (cli_opts.proxycmd) {
cli_proxy_cmd(&sock_in, &sock_out);
m_free(cli_opts.proxycmd);
} else
#endif
{
int sock = connect_remote(cli_opts.ipfamily,
cli_opts.remotehost, cli_opts.remoteport,
0, &error);
sock_in = sock_out = sock;
if (cli_opts.wantpty) {
set_sock_priority(sock, DROPBEAR_PRIO_LOWDELAY);
}
}
if (sock_in < 0) {
dropbear_exit("%s", error);
}
cli_session(sock_in, sock_out);
/* not reached */
return -1;
}
void svr_session(int sock, int childpipe,
char* remotehost, char *addrstring) {
struct timeval timeout;
reseedrandom();
crypto_init();
common_session_init(sock, remotehost);
/* Initialise server specific parts of the session */
svr_ses.childpipe = childpipe;
svr_ses.addrstring = addrstring;
svr_authinitialise();
chaninitialise(svr_chantypes);
svr_chansessinitialise();
if (gettimeofday(&timeout, 0) < 0) {
dropbear_exit("Error getting time");
}
ses.connecttimeout = timeout.tv_sec + AUTH_TIMEOUT;
/* set up messages etc */
ses.remoteclosed = svr_remoteclosed;
/* packet handlers */
ses.packettypes = svr_packettypes;
ses.buf_match_algo = svr_buf_match_algo;
ses.isserver = 1;
/* We're ready to go now */
sessinitdone = 1;
/* exchange identification, version etc */
session_identification();
/* start off with key exchange */
send_msg_kexinit();
/* Run the main for loop. NULL is for the dispatcher - only the client
* code makes use of it */
session_loop(NULL);
/* Not reached */
}
END_TEST
START_TEST(check_ecdh_kdf)
{
EC_KEY *ec1, *ec2, *pub1, *pub2;
int res;
size_t serial_size;
unsigned char *serial_temp, key1[48], key2[48];
memset(key1, 0, 48);
memset(key2, 0, 48);
res = crypto_init();
ec1 = _generate_ec_keypair(0);
ec2 = _generate_ec_keypair(0);
ck_assert_msg((ec1 != NULL), "EC key generation failed.\n");
ck_assert_msg((ec2 != NULL), "EC key generation failed.\n");
serial_temp = _serialize_ec_pubkey(ec1, &serial_size);
ck_assert_msg(serial_temp != NULL, "could not serialize public key.\n");
pub1 = _deserialize_ec_pubkey(serial_temp, serial_size, 0);
res = _compute_aes256_kek(pub1, ec2, key1);
ck_assert_msg((res == 0), "could not perform ECDH key exchange.\n");
free(serial_temp);
serial_temp = _serialize_ec_pubkey(ec2, &serial_size);
ck_assert_msg((serial_temp != NULL), "could not serialize public key.\n");
pub2 = _deserialize_ec_pubkey(serial_temp, serial_size, 0);
res = _compute_aes256_kek(pub2, ec1, key2);
ck_assert_msg((res == 0), "could not perform the second ECDH key exchange.\n");
ck_assert_msg((memcmp(key1, key2, 48) == 0), "the key derivation functions did not yield the correct result");
fprintf(stderr, "ECDH key derivation function check completed.\n");
}