static void init(void) { logger_init(daemon_mode); setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); #ifndef _WIN32 signal(SIGPIPE, SIG_IGN); signal(SIGCHLD, SIG_IGN); signal(SIGABRT, SIG_IGN); #endif if (crypto_init(password)) { logger_log(LOG_ERR, "crypto init failed"); exit(1); } resolver_prepare(nameserver_num); uv_key_create(&thread_resolver_key); if (idle_timeout == 0) { idle_timeout = 60; } }
void app_startup(void) { msg_init(FALSE); iv_set_fatal_msg_handler(app_fatal); iv_init(); g_thread_init(NULL); crypto_init(); hostname_global_init(); dns_caching_global_init(); dns_caching_thread_init(); afinter_global_init(); child_manager_init(); alarm_init(); stats_init(); tzset(); log_msg_global_init(); log_tags_global_init(); log_source_global_init(); log_template_global_init(); value_pairs_global_init(); service_management_init(); scratch_buffers_allocator_init(); main_loop_thread_resource_init(); nondumpable_setlogger(nondumpable_allocator_logger); secret_storage_init(); transport_factory_id_global_init(); }
void test_crypto (enum transform which) { u_int8_t buf[256]; struct crypto_xf *xf; struct keystate *ks; enum cryptoerr err; xf = crypto_get (which); printf ("Testing %s: ", xf->name); SET_KEY (buf, xf->keymax); ks = crypto_init (xf, buf, xf->keymax, &err); if (!ks) { printf ("FAILED (init %d)", err); goto fail; } SET_KEY (buf, sizeof (buf)); crypto_init_iv (ks, buf, xf->blocksize); crypto_encrypt (ks, buf, sizeof (buf)); dump_buf (buf, sizeof buf); crypto_decrypt (ks, buf, sizeof (buf)); if (!verify_buf (buf, sizeof (buf))) printf ("FAILED "); else printf ("OKAY "); free (ks); fail: printf ("\n"); return; }
void cli_session(int sock_in, int sock_out) { seedrandom(); crypto_init(); common_session_init(sock_in, sock_out); chaninitialise(cli_chantypes); /* Set up cli_ses vars */ cli_session_init(); /* Ready to go */ sessinitdone = 1; /* Exchange identification */ session_identification(); send_msg_kexinit(); session_loop(cli_sessionloop); /* Not reached */ }
const unsigned char * objectcrypto_decrypt(char *user, char *object, char *content, char *passphrase) { //the three keys const unsigned char *K1, *K2, *K2E, *IV, *De; //initialize crypto_init(); //first, obtain K1 by hashing the passphrase. K1 = crypto_MD5(passphrase); //second, obtain K2E from the keySafe: K2E = keyset_retrieve(user, object); //third, use this to decrypt K2E to find K2. IV = IVSTRING;//_setIV(K1); K2 = crypto_decryptAES(K1, IV, K2E); //fourth, once you have K2, you can decrypt the content De = crypto_decryptAES(K2, IV, content); //check if the original file was blank if (strncmp(De, blankFile, 16) == 0) { De = NULL; } crypto_destroy(); //return this content return De; }
static void init(void) { #ifdef ANDROID logger_init(0); #else logger_init(daemon_mode); #endif setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); #if !defined(_WIN32) signal(SIGPIPE, SIG_IGN); signal(SIGCHLD, SIG_IGN); signal(SIGABRT, SIG_IGN); #endif if (crypto_init(password)) { logger_stderr("crypto init failed"); exit(1); } if (idle_timeout == 0) { idle_timeout = 60; } #if !defined(_WIN32) if (acl_file != NULL) { acl = !acl_init(acl_file); } #endif }
void service_init(struct service *sv, uint16_t port, const char *key, const char *capture, const char *playback, uint32_t bitrate, void (*handler)(enum service_event event, const uint8_t uid[20], void *args), void *args) { sv->state = STATE_IDLE; sv->state_handler = handler; sv->state_args = args; sv->epfd = epoll_create1(0); assert(sv->epfd > 0); sv->timerfd = timerfd_create(CLOCK_MONOTONIC, 0); assert(sv->timerfd > 0); service_pollfd(sv, sv->timerfd, (void(*)(void*))timer_handler, sv); const int optval = 1; const struct sockaddr_in addr = { AF_INET, htons(port) }; sv->sockfd = socket(AF_INET, SOCK_DGRAM, 0); assert(sv->sockfd > 0); int res = setsockopt(sv->sockfd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)); assert(res == 0); if(bind(sv->sockfd, (struct sockaddr*)&addr, sizeof(addr)) != 0) { ERROR("Cannot bind socket"); abort(); } service_pollfd(sv, sv->sockfd, (void(*)(void*))socket_handler, sv); route_init(sv->table); sv->crypto = (struct crypto*)((void*)sv + sizeof(struct service)); crypto_init(sv->crypto, key, sv->srcid); sv->media = (struct media*)((void*)sv + sizeof(struct service) + crypto_sizeof()); media_init(sv->media, capture, playback); sv->packet_size = bitrate / 8 / 50; INFO("Media: bitrate = %u, capture = %s, playback = %s", bitrate, capture, playback); char tmp[128]; INFO("User ID is %.40s", hexify(sv->srcid, tmp, 20)); }
/** * Parse the config file, and initiate the host and crypto modules. */ int init (void) { int port, max, capup, capdown; parser_load_config(&port, &max, &capup, &capdown); crypto_init(); return host_init_server(port, max, capup, capdown); }
int main(int argc, char **argv) { unsigned char *x; unsigned long long xlen; if (argv[0]) if (argv[1]) { if (str_equal(argv[1], "-h")) die_usage(0); } /* get password */ x = (unsigned char *)env_get("PASSWORD"); if (!x) { errno = 0; die_usage("$PASSWORD not set"); } xlen = str_len((char *)x); /* create salt */ randombytes(s, sizeof s); /* derive key */ if (sha512hmacpbkdf2(h, sizeof h, x, xlen, s, sizeof s, ROUNDS) == -1) die_fatal("unable to derive keys", 0); byte_zero(x, xlen); /* create nonce */ randombytes(n, sizeof n); uint64_pack(n, nanoseconds()); sha512(nk, (unsigned char *)MAGIC, MAGICBYTES); crypto_block_aes256vulnerable(n, n, nk); /* initialize */ crypto_init(&ctx, n, h, MAGIC); randombytes(h, sizeof h); sha512_init(&shactx); /* write header */ if (writeall(1, MAGIC, MAGICBYTES) == -1) die_fatal("unable to write output", 0); if (writeall(1, s, sizeof s) == -1) die_fatal("unable to write output", 0); randombytes(s, sizeof s); if (writeall(1, n, sizeof n) == -1) die_fatal("unable to write output", 0); for (;;) { inlen = readblock(in, BLOCK); if (inlen != BLOCK) break; if (sha512_block(&shactx, in, inlen) != 0) die_fatal("unable to compute hash", 0); if (crypto_block(&ctx, in, inlen) != 0) die_fatal("unable to encrypt stream", 0); if (writeall(1, in, inlen) == -1) die_fatal("unable to write output", 0); } if (sha512_last(&shactx, h, in, inlen) != 0) die_fatal("unable to compute hash", 0); byte_copy(in + inlen, CHECKSUMBYTES, h); inlen += CHECKSUMBYTES; if (crypto_last(&ctx, in, inlen) != 0) die_fatal("unable to encrypt stream", 0); if (writeall(1, in, inlen) == -1) die_fatal("unable to write output", 0); if (fsyncfd(1) == -1) die_fatal("unable to write output", 0); cleanup(); _exit(0); }
void mvWLAN_init_crypt_lib(local_info_t *local) { crypto_init(); INIT_LIST_HEAD(&local->crypt_deinit_list); init_timer(&local->crypt_deinit_timer); local->crypt_deinit_timer.data = (unsigned long) local; local->crypt_deinit_timer.function = crypt_deinit_handler; }
/** * u2fs_global_init: * @flags: initialization flags, ORed #u2fs_initflags. * * Initialize the library. This function is not guaranteed to be * thread safe and must be invoked on application startup. * * Returns: On success %U2FS_OK (integer 0) is returned, and on errors * an #u2fs_rc error code. */ u2fs_rc u2fs_global_init(u2fs_initflags flags) { if (flags & U2FS_DEBUG) debug = 1; crypto_init(); return U2FS_OK; }
void storage_init (struct config_data_storage *config_storage) { void crypto_init (void); crypto_init (); cfg = config_storage; storage_desc = msgregister ("storage", storage_msghandler); }
static int load_module(void *mod) { crypto_init(); if (ast_opt_init_keys) crypto_load(STDIN_FILENO, STDOUT_FILENO); else crypto_load(-1, -1); return 0; }
gboolean crypto_randomize (void *buffer, gsize buffer_len, GError **error) { if (!crypto_init (error)) return FALSE; gnutls_rnd (GNUTLS_RND_RANDOM, buffer, buffer_len); return TRUE; }
int load_module(void) { crypto_init(); if (option_initcrypto) crypto_load(STDIN_FILENO, STDOUT_FILENO); else crypto_load(-1, -1); return 0; }
void trng_init(trng_t *obj) { (void)obj; /* Init crypto module */ crypto_init(); PRNG_ENABLE_INT(); }
END_TEST START_TEST(check_ec_serialization) { EC_KEY *pair, *pair2; unsigned char *sbuf, *sbuf2; int res; size_t ssize, ssize2; res = crypto_init(); ck_assert_msg(!res, "Crypto initialization routine failed.\n"); for (size_t i = 0; i < N_SERIALIZATION_TESTS; i++) { pair = _generate_ec_keypair(0); ck_assert_msg((pair != NULL), "EC serialization check failed: could not generate key pair.\n"); sbuf = _serialize_ec_pubkey(pair, &ssize); ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n"); pair2 = _deserialize_ec_pubkey(sbuf, ssize, 0); ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n"); sbuf2 = _serialize_ec_pubkey(pair, &ssize2); ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n"); ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2); res = memcmp(sbuf, sbuf2, ssize); ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n"); free(sbuf); free(sbuf2); _free_ec_key(pair2); sbuf = _serialize_ec_privkey(pair, &ssize); ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n"); pair2 = _deserialize_ec_privkey(sbuf, ssize, 0); ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n"); sbuf2 = _serialize_ec_privkey(pair, &ssize2); ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n"); ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2); res = memcmp(sbuf, sbuf2, ssize); ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n"); free(sbuf); free(sbuf2); free_ec_key(pair); } fprintf(stderr, "EC serialization check completed.\n"); }
END_TEST START_TEST(check_ec_sha_signatures) { EC_KEY *key; unsigned char *rdata, *sigdata; size_t dlens[] = { 16, 128, 1024, 65535 }; size_t rsize, siglen, last_min = 1; unsigned int shabits; int res; res = crypto_init(); ck_assert_msg(!res, "Crypto initialization routine failed.\n"); key = generate_ec_keypair(0); ck_assert_msg((key != NULL), "EC SHA signature/verification check failed: could not generate key pair.\n"); for (size_t i = 0; i < (sizeof(dlens) / sizeof(dlens[0])); i++) { for (size_t j = 0; j < N_SIGNATURE_TIER_TESTS; j++) { for (size_t k = 0; k < 3; k++) { if (!k) { shabits = 160; } else if (k == 1) { shabits = 256; } else { shabits = 512; } rdata = gen_random_data(last_min, dlens[i], &rsize); ck_assert_msg((rdata != NULL), "EC SHA signature/verification check failed: could not generate random data.\n"); sigdata = ec_sign_sha_data(rdata, rsize, shabits, key, &siglen); ck_assert_msg((sigdata != NULL), "EC SHA signature/verification check failed: could not sign data.\n"); ck_assert_msg((siglen > 0), "EC SHA signature/verification check failed: signature result had bad length.\n"); res = verify_ec_sha_signature(rdata, rsize, shabits, sigdata, siglen, key); ck_assert_msg((res == 1), "EC SHA signature/verification check failed: signature verification failed (%d).\n", res); free(sigdata); free(rdata); } last_min = dlens[i]; } } free_ec_key(key); fprintf(stderr, "EC SHA signature/verification check completed.\n"); }
gboolean crypto_verify_pkcs12 (const guint8 *data, gsize data_len, const char *password, GError **error) { gnutls_pkcs12_t p12; gnutls_datum_t dt; gboolean success = FALSE; int err; g_return_val_if_fail (data != NULL, FALSE); if (!crypto_init (error)) return FALSE; dt.data = (unsigned char *) data; dt.size = data_len; err = gnutls_pkcs12_init (&p12); if (err < 0) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_FAILED, _("Couldn't initialize PKCS#12 decoder: %s"), gnutls_strerror (err)); return FALSE; } /* DER first */ err = gnutls_pkcs12_import (p12, &dt, GNUTLS_X509_FMT_DER, 0); if (err < 0) { /* PEM next */ err = gnutls_pkcs12_import (p12, &dt, GNUTLS_X509_FMT_PEM, 0); if (err < 0) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Couldn't decode PKCS#12 file: %s"), gnutls_strerror (err)); goto out; } } err = gnutls_pkcs12_verify_mac (p12, password); if (err == GNUTLS_E_SUCCESS) success = TRUE; else { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_DECRYPTION_FAILED, _("Couldn't verify PKCS#12 file: %s"), gnutls_strerror (err)); } out: gnutls_pkcs12_deinit (p12); return success; }
int dropbearconvert_main(int argc, char ** argv) { #else int main(int argc, char ** argv) { #endif int intype, outtype; const char* infile; const char* outfile; crypto_init(); seedrandom(); #if DEBUG_TRACE /* It's hard for it to get in the way _too_ much */ debug_trace = 1; #endif /* get the commandline options */ if (argc != 5) { fprintf(stderr, "All arguments must be specified\n"); goto usage; } /* input type */ if (argv[1][0] == 'd') { intype = KEYFILE_DROPBEAR; } else if (argv[1][0] == 'o') { intype = KEYFILE_OPENSSH; } else { fprintf(stderr, "Invalid input key type\n"); goto usage; } /* output type */ if (argv[2][0] == 'd') { outtype = KEYFILE_DROPBEAR; } else if (argv[2][0] == 'o') { outtype = KEYFILE_OPENSSH; } else { fprintf(stderr, "Invalid output key type\n"); goto usage; } /* we don't want output readable by others */ umask(077); infile = argv[3]; outfile = argv[4]; return do_convert(intype, infile, outtype, outfile); usage: printhelp(argv[0]); return 1; }
void svr_session(int sock, int childpipe) { char *host, *port; size_t len; reseedrandom(); crypto_init(); common_session_init(sock, sock); /* Initialise server specific parts of the session */ svr_ses.childpipe = childpipe; #ifdef __uClinux__ svr_ses.server_pid = getpid(); #endif svr_authinitialise(); chaninitialise(svr_chantypes); svr_chansessinitialise(); ses.connect_time = time(NULL); /* for logging the remote address */ get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0); len = strlen(host) + strlen(port) + 2; svr_ses.addrstring = m_malloc(len); snprintf(svr_ses.addrstring, len, "%s:%s", host, port); m_free(host); m_free(port); get_socket_address(ses.sock_in, NULL, NULL, &svr_ses.remotehost, NULL, 1); /* set up messages etc */ ses.remoteclosed = svr_remoteclosed; /* packet handlers */ ses.packettypes = svr_packettypes; ses.buf_match_algo = svr_buf_match_algo; ses.isserver = 1; /* We're ready to go now */ sessinitdone = 1; /* exchange identification, version etc */ session_identification(); /* start off with key exchange */ send_msg_kexinit(); /* Run the main for loop. NULL is for the dispatcher - only the client * code makes use of it */ session_loop(NULL); /* Not reached */ }
int main (int argc, char **argv) { GError *error = NULL; nmtst_init (&argc, &argv, TRUE); if (!crypto_init (&error)) FAIL ("crypto-init", "failed to initialize crypto: %s", error->message); g_test_add_data_func ("/libnm/crypto/cert/pem", "test_ca_cert.pem", test_cert); g_test_add_data_func ("/libnm/crypto/cert/pem-2", "test2_ca_cert.pem", test_cert); g_test_add_data_func ("/libnm/crypto/cert/der", "test_ca_cert.der", test_cert); g_test_add_data_func ("/libnm/crypto/cert/pem-no-ending-newline", "ca-no-ending-newline.pem", test_cert); g_test_add_data_func ("/libnm/crypto/cert/pem-combined", "test_key_and_cert.pem", test_cert); g_test_add_data_func ("/libnm/crypto/cert/pem-combined-2", "test2_key_and_cert.pem", test_cert); g_test_add_data_func ("/libnm/crypto/key/padding-6", "test_key_and_cert.pem, test, test-key-only-decrypted.der", test_key); g_test_add_data_func ("/libnm/crypto/key/key-only", "test-key-only.pem, test, test-key-only-decrypted.der", test_key); g_test_add_data_func ("/libnm/crypto/key/padding-8", "test2_key_and_cert.pem, 12345testing", test_key); g_test_add_data_func ("/libnm/crypto/key/aes", "test-aes-key.pem, test-aes-password", test_key); g_test_add_data_func ("/libnm/crypto/PKCS#12/1", "test-cert.p12, test", test_pkcs12); g_test_add_data_func ("/libnm/crypto/PKCS#12/2", "test2-cert.p12, 12345testing", test_pkcs12); g_test_add_data_func ("/libnm/crypto/PKCS#8", "pkcs8-enc-key.pem, 1234567890", test_pkcs8); return g_test_run (); }
int cli_main(int argc, char ** argv) { #else int main(int argc, char ** argv) { #endif int sock_in, sock_out; struct dropbear_progress_connection *progress = NULL; _dropbear_exit = cli_dropbear_exit; _dropbear_log = cli_dropbear_log; disallow_core(); seedrandom(); crypto_init(); cli_getopts(argc, argv); #ifndef DISABLE_SYSLOG if (opts.usingsyslog) { startsyslog("dbclient"); } #endif TRACE(("user='******' host='%s' port='%s' bind_address='%s' bind_port='%s'", cli_opts.username, cli_opts.remotehost, cli_opts.remoteport, cli_opts.bind_address, cli_opts.bind_port)) if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) { dropbear_exit("signal() error"); } pid_t proxy_cmd_pid = 0; #if DROPBEAR_CLI_PROXYCMD if (cli_opts.proxycmd) { cli_proxy_cmd(&sock_in, &sock_out, &proxy_cmd_pid); m_free(cli_opts.proxycmd); if (signal(SIGINT, kill_proxy_sighandler) == SIG_ERR || signal(SIGTERM, kill_proxy_sighandler) == SIG_ERR || signal(SIGHUP, kill_proxy_sighandler) == SIG_ERR) { dropbear_exit("signal() error"); } } else #endif { progress = connect_remote(cli_opts.remotehost, cli_opts.remoteport, cli_connected, &ses, cli_opts.bind_address, cli_opts.bind_port); sock_in = sock_out = -1; } cli_session(sock_in, sock_out, progress, proxy_cmd_pid); /* not reached */ return -1; }
gboolean crypto_verify_pkcs8 (const guint8 *data, gsize data_len, gboolean is_encrypted, const char *password, GError **error) { gnutls_x509_privkey_t p8; gnutls_datum_t dt; int err; g_return_val_if_fail (data != NULL, FALSE); if (!crypto_init (error)) return FALSE; dt.data = (unsigned char *) data; dt.size = data_len; err = gnutls_x509_privkey_init (&p8); if (err < 0) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_FAILED, _("Couldn't initialize PKCS#8 decoder: %s"), gnutls_strerror (err)); return FALSE; } err = gnutls_x509_privkey_import_pkcs8 (p8, &dt, GNUTLS_X509_FMT_DER, is_encrypted ? password : NULL, is_encrypted ? 0 : GNUTLS_PKCS_PLAIN); gnutls_x509_privkey_deinit (p8); if (err < 0) { if (err == GNUTLS_E_UNKNOWN_CIPHER_TYPE) { /* HACK: gnutls doesn't support all the cipher types that openssl * can use with PKCS#8, so if we encounter one, we have to assume * the given password works. gnutls needs to unsuckify, apparently. * Specifically, by default openssl uses pbeWithMD5AndDES-CBC * which gnutls does not support. */ } else { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA, _("Couldn't decode PKCS#8 file: %s"), gnutls_strerror (err)); return FALSE; } } return TRUE; }
static TEE_Result tee_cryp_init(void) { TEE_Result res = crypto_init(); if (res) { EMSG("Failed to initialize crypto API: %#" PRIx32, res); panic(); } plat_rng_init(); return TEE_SUCCESS; }
/* * Application entry point. */ int main(void) { #if 0 static const evhandler_t evhndl[] = { InsertHandler, RemoveHandler }; #endif /* * System initializations. * - HAL initialization, this also initializes the configured device drivers * and performs the board-specific initializations. * - Kernel initialization, the main() function becomes a thread and the * RTOS is active. */ halInit(); chSysInit(); crypto_init(); buttons_init(); chHeapInit(fast_heap, FAST_HEAP_ADDR, FAST_HEAP_SIZE); sdStart(&SD2, NULL); palSetPadMode(GPIOA, 2, PAL_MODE_ALTERNATE(7)); palSetPadMode(GPIOA, 3, PAL_MODE_ALTERNATE(7)); lcd_init(); setvbuf(stdin, NULL, _IONBF, 0); mmcObjectInit(&MMCD1); mmcStart(&MMCD1, &mmccfg); mount_card(); pwmStart(&PWMD1, &lcd_pwmcfg); palSetPadMode(GPIOA, 8, PAL_MODE_ALTERNATE(1)); // XXX moveme palSetPadMode(GPIOB, 6, PAL_MODE_INPUT_PULLUP); palSetPadMode(GPIOB, 15, PAL_MODE_INPUT_PULLUP); palSetPadMode(GPIOB, 14, PAL_MODE_INPUT_PULLUP); palSetPadMode(GPIOC, 10, PAL_MODE_INPUT_PULLUP); palSetPadMode(GPIOC, 11, PAL_MODE_INPUT_PULLUP); fiprintf(lcd_stdout, "HIHI"); while (TRUE) { console_cmd_loop(); //chEvtDispatch(evhndl, chEvtWaitOne(ALL_EVENTS)); } return 0; }
/* doesn't work: encryption and decryption cannot work off the same buffer static unsigned char *_setIV(const unsigned char *k) { static unsigned char _ivBuff[LENGTH]; int i = 0; for (i = 0; i < LENGTH; i++) { _ivBuff[i] = k[LENGTH - (i + 1)]; } printf("i is %d!!!\n", i); _ivBuff[LENGTH] = '\0'; return _ivBuff; } */ const unsigned char * objectcrypto_encrypt(char *user, char *object, char *content, char *passphrase) { //the three keys const unsigned char *K1, *K2, *K2E, *IV, *Ci; //initialize crypto_init(); //first, hash the passphrase. This is K1 K1 = crypto_MD5(passphrase); //printf("MD5 hash: "); //crypto_print(K1); //second, obtain the per-file urandom key. This is K2 int r = open("/dev/urandom", O_RDONLY); ssize_t result = read(r, _rBuff, LENGTH); if (result < 0) { // error, unable to read /dev/urandom printf("Error, unable to read /dev/urandom\n"); K2 = "0123456789012345"; } else { K2 = (const unsigned char *)_rBuff; } close(r); //printf("Encrypt K2: %s\n", K2); //third, encrypt K2 using K1 as the key and an IV. This is KE2 IV = IVSTRING;//_setIV(K1); K2E = crypto_encryptAES(K1, IV, K2); //fourth, store KE2 keyset_store(user, object, K2E); //fifth, round data to the nearest 16 bytes and encrypt content using K2 if (strlen(content) == 0) { content = blankFile; } Ci = crypto_encryptAES(K2, IV, (const unsigned char *)content); crypto_destroy(); //return this content return Ci; }
int cli_main(int argc, char ** argv) { #else int main(int argc, char ** argv) { #endif int sock_in, sock_out; char* error = NULL; _dropbear_exit = cli_dropbear_exit; _dropbear_log = cli_dropbear_log; disallow_core(); seedrandom(); crypto_init(); cli_getopts(argc, argv); TRACE(("user='******' host='%s' port='%s'", cli_opts.username, cli_opts.remotehost, cli_opts.remoteport)) if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) { dropbear_exit("signal() error"); } #ifdef ENABLE_CLI_PROXYCMD if (cli_opts.proxycmd) { cli_proxy_cmd(&sock_in, &sock_out); m_free(cli_opts.proxycmd); } else #endif { int sock = connect_remote(cli_opts.ipfamily, cli_opts.remotehost, cli_opts.remoteport, 0, &error); sock_in = sock_out = sock; if (cli_opts.wantpty) { set_sock_priority(sock, DROPBEAR_PRIO_LOWDELAY); } } if (sock_in < 0) { dropbear_exit("%s", error); } cli_session(sock_in, sock_out); /* not reached */ return -1; }
void svr_session(int sock, int childpipe, char* remotehost, char *addrstring) { struct timeval timeout; reseedrandom(); crypto_init(); common_session_init(sock, remotehost); /* Initialise server specific parts of the session */ svr_ses.childpipe = childpipe; svr_ses.addrstring = addrstring; svr_authinitialise(); chaninitialise(svr_chantypes); svr_chansessinitialise(); if (gettimeofday(&timeout, 0) < 0) { dropbear_exit("Error getting time"); } ses.connecttimeout = timeout.tv_sec + AUTH_TIMEOUT; /* set up messages etc */ ses.remoteclosed = svr_remoteclosed; /* packet handlers */ ses.packettypes = svr_packettypes; ses.buf_match_algo = svr_buf_match_algo; ses.isserver = 1; /* We're ready to go now */ sessinitdone = 1; /* exchange identification, version etc */ session_identification(); /* start off with key exchange */ send_msg_kexinit(); /* Run the main for loop. NULL is for the dispatcher - only the client * code makes use of it */ session_loop(NULL); /* Not reached */ }
END_TEST START_TEST(check_ecdh_kdf) { EC_KEY *ec1, *ec2, *pub1, *pub2; int res; size_t serial_size; unsigned char *serial_temp, key1[48], key2[48]; memset(key1, 0, 48); memset(key2, 0, 48); res = crypto_init(); ec1 = _generate_ec_keypair(0); ec2 = _generate_ec_keypair(0); ck_assert_msg((ec1 != NULL), "EC key generation failed.\n"); ck_assert_msg((ec2 != NULL), "EC key generation failed.\n"); serial_temp = _serialize_ec_pubkey(ec1, &serial_size); ck_assert_msg(serial_temp != NULL, "could not serialize public key.\n"); pub1 = _deserialize_ec_pubkey(serial_temp, serial_size, 0); res = _compute_aes256_kek(pub1, ec2, key1); ck_assert_msg((res == 0), "could not perform ECDH key exchange.\n"); free(serial_temp); serial_temp = _serialize_ec_pubkey(ec2, &serial_size); ck_assert_msg((serial_temp != NULL), "could not serialize public key.\n"); pub2 = _deserialize_ec_pubkey(serial_temp, serial_size, 0); res = _compute_aes256_kek(pub2, ec1, key2); ck_assert_msg((res == 0), "could not perform the second ECDH key exchange.\n"); ck_assert_msg((memcmp(key1, key2, 48) == 0), "the key derivation functions did not yield the correct result"); fprintf(stderr, "ECDH key derivation function check completed.\n"); }