int
main (int argc, char **argv)
{
/* argv[1] is the file name */
char raw_sk[2*CCA_STRENGTH];
if (argc != 2) {
usage (argv[0]);
}
else {
setprogname (argv[0]);
/* first, let's create a new symmetric key */
ri ();
/* Note that since we'll need to do both AES-CBC-MAC and HMAC-SHA1,
there are actuall *two* symmetric keys, which could, e.g., be
stored contiguosly in a buffer */
prng_getbytes(raw_sk, 2*CCA_STRENGTH);
/* now let's armor and dump to disk the symmetric key buffer */
write_skfile(argv[1], raw_sk, 2*CCA_STRENGTH);
/* finally, let's scrub the buffer that held the random bits
by overwriting with a bunch of 0's */
bzero(raw_sk, 2*CCA_STRENGTH);
}
return 0;
}
int
main (int argc, char **argv)
{
/* YOUR CODE HERE */
ssize_t raw_sklen = 32;
char* skfname = argv[1];
if (argc != 2) {
usage (argv[0]);
}
else {
setprogname (argv[0]);
/* first, let's create a new symmetric key */
ri ();
/* Note that since we'll need to do both AES-CTR and AES-CBC-MAC,
there are actuall *two* symmetric keys, which could, e.g., be
stored contiguosly in a buffer */
/* YOUR CODE HERE */
char* buffer = (char*)malloc(raw_sklen * sizeof(char));
prng_getbytes(buffer, raw_sklen);
/* now let's armor and dump to disk the symmetric key buffer */
/* YOUR CODE HERE */
write_skfile(skfname, buffer, raw_sklen);
bzero(buffer, raw_sklen);
free(buffer);
/* finally, let's scrub the buffer that held the random bits
by overwriting with a bunch of 0's */
}
return 0;
}
int
pre_encrypt (MP_INT *out, const char *msg, size_t nbits)
{
size_t msglen = strlen (msg);
char msbmask;
size_t msgzlen, padsize, reslen;
char *res;
char *mp, *hp, *h;
size_t i;
if (msglen + enc_minz + enc_pad > nbits / 8) {
mpz_set_ui (out, 0);
return -1;
}
msbmask = 0xff >> (-nbits & 7);
padsize = enc_pad + !!(nbits & 7);
msgzlen = (nbits / 8) - enc_pad;
reslen = padsize + msgzlen;
res = malloc (reslen);
h = malloc (padsize);
if (!res || !h) {
free (res);
free (h);
mpz_set_ui (out, 0);
return -1;
}
mp = res;
hp = mp + msgzlen;
prng_getbytes (hp, padsize);
hp[padsize-1] &= msbmask;
sha1oracle_lookup (enc_gidx, mp, msgzlen, hp, padsize);
for (i = 0; i < msglen; i++)
mp[i] ^= msg[i];
sha1oracle_lookup (enc_hidx, h, padsize, mp, msgzlen);
for (i = 0; i < padsize; i++)
hp[i] ^= h[i];
hp[padsize-1] &= msbmask;
mpz_set_rawmag_le (out, res, reslen);
bzero (res, reslen);
free (res);
bzero (h, padsize);
free (h);
return 0;
}
int
pre_sign (MP_INT *out, sha1_ctx *sc, size_t nbits)
{
const size_t mlen = (nbits + 7) / 8;
const size_t padsize = mlen - sha1_hashsize;
char r[sig_rndbytes];
char *mp, *hp;
int i;
mp = malloc (mlen);
if (!mp || nbits/8 < sig_minpad + sig_rndbytes + sha1_hashsize) {
u_char garbage[sha1_hashsize];
free (mp);
sha1_final (sc, garbage);
mpz_set_ui (out, 0);
return -1;
}
prng_getbytes (r, sig_rndbytes);
sha1_update (sc, r, sig_rndbytes);
sha1_final (sc, (u_char *) mp);
hp = mp + sha1_hashsize;
sha1oracle_lookup (sig_gidx, hp, padsize, mp, sha1_hashsize);
hp[padsize-1] &= 0xff >> (-nbits & 7);
for (i = 0; i < sig_rndbytes; i++)
hp[i] ^= r[i];
mpz_set_rawmag_le (out, mp, mlen);
bzero (mp, mlen);
free (mp);
return 0;
}
int
main (int argc, char **argv)
{
const char *ke_msg1 = NULL;
char *ke_msg2 = NULL;
char *ca_file = NULL;
char *sk_file = NULL;
char *cert_file = NULL;
char *resp_id = NULL;
int out_fd;
flow1 *to_b = NULL;
flow2 *from_b = NULL;
cert *own_cert = NULL;
dckey *sk = NULL;
dckey *ca_pk = NULL;
u_char seskey[sha1_hashsize], secret[aes_blocklen];
char *pretty_secret = NULL;
if ((argc == 5) && argv[1][0] != '-') {
/* no -p option */
ca_file = "./.pki/ca.pub";
}
else if ((argc == 6)
&& (argv[1][0] != '-')
&& (argv[1] + 1) && (argv[1][1] != 'p')
&& (argv[1] + 2)) {
/* -p option present, followed by CERT-FILE without separating blank */
ca_file = argv[1] + 2;
}
else if ((argc == 7) && !strcmp (argv[1], "-p")) {
/* -p option present, followed by blank and CERT-FILE */
ca_file = argv[2];
}
else {
usage (argv[0]);
/* does not return */
}
setprogname (argv[0]);
ri ();
sk_file = argv[argc - 4];
cert_file = argv[argc - 3];
resp_id = argv[argc - 2];
out_fd = atoi (argv[argc - 1]);
if (!cert_verify (own_cert = cert_read (cert_file))) {
fprintf (stderr, "%s: trouble reading certificate from %s, or certificate expired\n",
getprogname (), cert_file);
perror (getprogname ());
exit (1);
}
else {
to_b = prepare_ke_msg (own_cert, xstrdup (resp_id));
sk = sk_from_file (sk_file);
ke_msg1 = export_ke_msg (to_b, sk);
dcfree (sk);
sk = NULL;
write_chunk (1, ke_msg1, strlen (ke_msg1));
check_n_free ((char **) &ke_msg1);
ca_pk = pk_from_file (ca_file);
if (!(ke_msg2 = read_line (0))
|| !(from_b = process_ke_reply (to_b, ke_msg2, ca_pk))) {
fprintf (stderr, "error reading/parsing bob's message:\n%s", ke_msg2);
dcfree (ca_pk);
ca_pk = NULL;
check_n_free(&ke_msg2);
exit (1);
}
dcfree (ca_pk);
ca_pk = NULL;
check_n_free(&ke_msg2);
/* derive_key looks at seskey to know if it the caller is alice or bob */
seskey[0] = 'a';
if (derive_key (seskey, to_b, from_b) == -1) {
fprintf (stderr, "error deriving session key for alice.\n");
flow1_clr (to_b);
flow2_clr (from_b);
exit (1);
}
else {
/* choose a random number to send */
prng_getbytes (secret, aes_blocklen);
cat_buf (&pretty_secret, secret, aes_blocklen);
/* send it to bob, encrypted under the newly established session key */
send_secret (1, secret, seskey);
/* dump the chosen secret to standard error */
if ((write_chunk (out_fd, pretty_secret, strlen (pretty_secret)) == -1)
|| (write_chunk (out_fd, "\n", 1) == -1)) {
fprintf (stderr, "error writing to the launcher.\n");
bzero (seskey, sha1_hashsize);
bzero (secret, sizeof (secret));
bzero (pretty_secret, strlen (pretty_secret));
xfree (pretty_secret);
pretty_secret = NULL;
flow1_clr (to_b);
flow2_clr (from_b);
exit (1);
}
/* wipe out sensitive data */
bzero (seskey, sha1_hashsize);
bzero (secret, sizeof (secret));
bzero (pretty_secret, strlen (pretty_secret));
xfree (pretty_secret);
pretty_secret = NULL;
flow1_clr (to_b);
flow2_clr (from_b);
}
}
/* fprintf (stderr, "alice:done.\n"); */
return 0;
}