int
decrypt_verify(int is_client, const uint8 *packet, size_t length,
uint8 **cleartext, size_t *clen) {
int res, ok = 0;
dtls_cipher_context_t *cipher;
static unsigned char buf[1000];
switch (CURRENT_CONFIG->cipher) {
case AES128: /* TLS_PSK_WITH_AES128_CBC_SHA */
*cleartext = buf;
*clen = length - sizeof(dtls_record_header_t);
if (is_client)
cipher = CURRENT_CONFIG->read_cipher;
else
cipher = CURRENT_CONFIG->write_cipher;
res = dtls_decrypt(cipher,
(uint8 *)packet + sizeof(dtls_record_header_t), *clen,
buf, NULL, 0);
if (res < 0) {
warn("decryption failed!\n");
} else {
ok = pcap_verify(CURRENT_CONFIG, is_client, (uint8 *)packet, length,
*cleartext, res);
if (ok)
*clen = res - dtls_kb_digest_size(CURRENT_CONFIG);
}
break;
default: /* no cipher suite selected */
*cleartext = (uint8 *)packet + sizeof(dtls_record_header_t);
*clen = length - sizeof(dtls_record_header_t);
ok = 1;
}
if (ok)
printf("verify OK\n");
else
printf("verification failed!\n");
return ok;
}
int main(int argc, char **argv) {
int len, n;
for (n = 0; n < sizeof(data)/sizeof(struct test_vector); ++n) {
dtls_cipher_context_t *cipher;
cipher = dtls_new_cipher(&ciphers[AES128],
data[n].key,
sizeof(data[n].key));
if (!cipher) {
fprintf(stderr, "cannot set key\n");
exit(-1);
}
dtls_init_cipher(cipher, data[n].nonce, sizeof(data[n].nonce));
if (data[n].M == 0)
len = dtls_encrypt(cipher, data[n].msg, data[n].lm);
else
len = dtls_decrypt(cipher, data[n].msg, data[n].lm);
printf("Packet Vector #%d ", n+1);
if (len != data[n].r_lm
|| memcmp(data[n].msg, data[n].result, len))
printf("FAILED, ");
else
printf("OK, ");
printf("result is (total length = %d):\n\t", (int)len);
dump(data[n].msg, len);
free(cipher);
}
return 0;
}
