static inline int iobuf_ssl_setup(IOBuf *buf)
{
int rc = 0;
buf->use_ssl = 1;
buf->handshake_performed = 0;
rc = ssl_init(&buf->ssl);
check(rc == 0, "Failed to initialize SSL structure.");
ssl_set_endpoint(&buf->ssl, SSL_IS_SERVER);
ssl_set_authmode(&buf->ssl, IO_SSL_VERIFY_METHOD);
havege_init(&buf->hs);
ssl_set_rng(&buf->ssl, havege_rand, &buf->hs);
#ifndef DEBUG
ssl_set_dbg(&buf->ssl, ssl_debug, NULL);
#endif
ssl_set_bio(&buf->ssl, ssl_fdrecv_wrapper, buf,
ssl_fdsend_wrapper, buf);
ssl_set_session(&buf->ssl, 1, 0, &buf->ssn);
ssl_set_scb(&buf->ssl, simple_get_session, simple_set_session);
memset(&buf->ssn, 0, sizeof(buf->ssn));
return 0;
error:
return -1;
}
unsigned char * mk_session_key(uint32_t * len)
{
// We will generate it completely at random,
// which may not be the best idea (see weak keys
// for GCM mode).
int i;
unsigned char * key;
if (!HSinitted)
{
havege_init(&HS);
HSinitted++;
}
key = malloc(4 * sizeof(int));
if (key == NULL)
return NULL;
for (i = 0; i < 4; i++)
{
((int*) key)[i] = havege_rand(&HS);
}
*len = 4 * sizeof(uint32_t);
return key;
}
result_t crypto_base::randomBytes(int32_t size, obj_ptr<Buffer_base> &retVal,
exlib::AsyncEvent *ac)
{
if (!ac)
return CHECK_ERROR(CALL_E_NOSYNC);
time_t t;
int i, ret;
havege_state hs;
unsigned char buf[1024];
std::string strBuf;
strBuf.resize(size);
havege_init(&hs);
t = time(NULL);
for (i = 0; i < size; i += sizeof(buf))
{
ret = havege_random(&hs, buf, sizeof(buf));
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
memcpy(&strBuf[i], buf, size - i > (int)sizeof(buf) ? (int)sizeof(buf) : size - i);
}
if (t == time(NULL))
t--;
retVal = new Buffer(strBuf);
return 0;
}
void entropy_init( entropy_context *ctx )
{
memset( ctx, 0, sizeof(entropy_context) );
#if defined(POLARSSL_THREADING_C)
polarssl_mutex_init( &ctx->mutex );
#endif
#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
sha512_starts( &ctx->accumulator, 0 );
#else
sha256_starts( &ctx->accumulator, 0 );
#endif
#if defined(POLARSSL_HAVEGE_C)
havege_init( &ctx->havege_data );
#endif
#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
entropy_add_source( ctx, platform_entropy_poll, NULL,
ENTROPY_MIN_PLATFORM );
#endif
#if defined(POLARSSL_TIMING_C)
entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK );
#endif
#if defined(POLARSSL_HAVEGE_C)
entropy_add_source( ctx, havege_poll, &ctx->havege_data,
ENTROPY_MIN_HAVEGE );
#endif
#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
}
IOBuf *IOBuf_create(size_t len, int fd, IOBufType type)
{
IOBuf *buf = h_calloc(sizeof(IOBuf), 1);
check_mem(buf);
buf->fd = fd;
buf->len = len;
buf->buf = h_malloc(len + 1);
check_mem(buf->buf);
hattach(buf->buf, buf);
buf->type = type;
if(type == IOBUF_SSL) {
buf->use_ssl = 1;
buf->handshake_performed = 0;
ssl_init(&buf->ssl);
ssl_set_endpoint(&buf->ssl, SSL_IS_SERVER);
ssl_set_authmode(&buf->ssl, SSL_VERIFY_NONE);
havege_init(&buf->hs);
ssl_set_rng(&buf->ssl, havege_rand, &buf->hs);
ssl_set_dbg(&buf->ssl, ssl_debug, NULL);
ssl_set_bio(&buf->ssl, ssl_fdrecv_wrapper, buf,
ssl_fdsend_wrapper, buf);
ssl_set_session(&buf->ssl, 1, 0, &buf->ssn);
memset(&buf->ssn, 0, sizeof(buf->ssn));
buf->send = ssl_send;
buf->recv = ssl_recv;
buf->stream_file = ssl_stream_file;
} else if(type == IOBUF_NULL) {
buf->send = null_send;
buf->recv = null_recv;
buf->stream_file = null_stream_file;
} else if(type == IOBUF_FILE) {
buf->send = file_send;
buf->recv = file_recv;
buf->stream_file = plain_stream_file;
} else if(type == IOBUF_SOCKET) {
buf->send = plaintext_send;
buf->recv = plaintext_recv;
buf->stream_file = plain_stream_file;
} else {
sentinel("Invalid IOBufType given: %d", type);
}
return buf;
error:
if(buf) h_free(buf);
return NULL;
}
Config* getRemoteConfig()
{
if(config == NULL)
{
config = new Config();
havege_init(&(config->havegeState));
config->load(getPluginConfigPath());
}
return config;
}
bool ssl_aio_stream::ssl_client_init()
{
#ifdef HAS_POLARSSL
ACL_VSTREAM* stream = get_vstream();
acl_assert(stream);
// 0. Initialize the RNG and the session data
havege_init((havege_state*) hs_);
int ret;
if ((ret = ssl_init((ssl_context*) ssl_)) != 0)
{
logger_error("failed, ssl_init returned %d", ret);
return false;
}
ssl_set_endpoint((ssl_context*) ssl_, SSL_IS_CLIENT);
ssl_set_authmode((ssl_context*) ssl_, SSL_VERIFY_NONE);
ssl_set_rng((ssl_context*) ssl_, ::havege_random, hs_);
//ssl_set_dbg((ssl_context*) ssl_, my_debug, stdout);
ssl_set_bio((ssl_context*) ssl_, __sock_read, this, __sock_send, this);
const int* cipher_suites = ssl_list_ciphersuites();
if (cipher_suites == NULL)
{
logger_error("ssl_list_ciphersuites null");
return false;
}
ssl_set_ciphersuites((ssl_context*) ssl_, cipher_suites);
ssl_set_session((ssl_context*) ssl_, (ssl_session*) ssn_);
acl_vstream_ctl(stream,
ACL_VSTREAM_CTL_READ_FN, __ssl_read,
ACL_VSTREAM_CTL_WRITE_FN, __ssl_send,
ACL_VSTREAM_CTL_CTX, this,
ACL_VSTREAM_CTL_END);
acl_tcp_set_nodelay(ACL_VSTREAM_SOCK(stream));
#endif
return true;
}
int main( int argc, char *argv[] )
{
FILE *f;
time_t t;
int i, j, k;
havege_state hs;
unsigned char buf[1024];
if( argc < 2 )
{
fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
return( 1 );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
printf( "failed to open '%s' for writing.\n", argv[0] );
return( 1 );
}
havege_init( &hs );
t = time( NULL );
for( i = 0, k = 32768; i < k; i++ )
{
for( j = 0; j < sizeof( buf ); j++ )
buf[j] = havege_rand( &hs );
fwrite( buf, sizeof( buf ), 1, f );
printf( "Generating 32Mb of data in file '%s'... %04.1f" \
"%% done\r", argv[1], (100 * (float) (i + 1)) / k );
fflush( stdout );
}
if( t == time( NULL ) )
t--;
fclose( f );
return( 0 );
}
extern uint32_t encrypt(unsigned char * key, uint32_t keylen, unsigned char * in, uint32_t inlen, unsigned char * out)
{
gcm_ctx_256b ctx;
int i;
if (!HSinitted)
{
havege_init(&HS);
HSinitted++;
}
for (i = 0; i < 4; i++)
{
((int*) (out + inlen + 16))[i] = havege_rand(&HS);
}
gcm_init_256b(&ctx,key,keylen * 8);
gcm_encrypt_256b(&ctx, out + inlen + 16,16,in,inlen,NULL,0,out,out + inlen);
gcm_destroy_256b(&ctx);
return 32 + inlen;
}
int gen_key( unsigned char *key, int key_lenght){
int i = 0;
int ret = 1;
havege_state *hs = malloc(sizeof( havege_state)) ;
if( hs == NULL )
return -1;
havege_init(hs);
ret = havege_random( hs, key, key_lenght);
for( i= 0; i < key_lenght; i++)
printf("%c",key[i]);
free(hs);
return ret;
}
PUBLIC int sslUpgrade(Webs *wp)
{
EstSocket *est;
WebsSocket *sp;
assert(wp);
if ((est = malloc(sizeof(EstSocket))) == 0) {
return -1;
}
wp->ssl = est;
ssl_free(&est->ctx);
havege_init(&est->hs);
ssl_init(&est->ctx);
ssl_set_endpoint(&est->ctx, 1);
ssl_set_authmode(&est->ctx, BIT_GOAHEAD_VERIFY_PEER ? SSL_VERIFY_OPTIONAL : SSL_VERIFY_NO_CHECK);
ssl_set_rng(&est->ctx, havege_rand, &est->hs);
ssl_set_dbg(&est->ctx, estTrace, NULL);
sp = socketPtr(wp->sid);
ssl_set_bio(&est->ctx, net_recv, &sp->sock, net_send, &sp->sock);
ssl_set_ciphers(&est->ctx, estConfig.ciphers);
ssl_set_session(&est->ctx, 1, 0, &est->session);
memset(&est->session, 0, sizeof(ssl_session));
ssl_set_ca_chain(&est->ctx, *BIT_GOAHEAD_CA ? &estConfig.ca : NULL, NULL);
if (*BIT_GOAHEAD_CERTIFICATE && *BIT_GOAHEAD_KEY) {
ssl_set_own_cert(&est->ctx, &estConfig.cert, &estConfig.rsa);
}
ssl_set_dh_param(&est->ctx, dhKey, dhg);
if (estHandshake(wp) < 0) {
return -1;
}
return 0;
}
/*
* Initialise the given ctr_drbg context, using a personalisation string and an
* entropy gathering function.
*/
ctr_drbg_context * rand_ctx_get()
{
static havege_state hs = {0};
static entropy_context ec = {0};
static ctr_drbg_context cd_ctx = {0};
static bool rand_initialised = false;
if (!rand_initialised)
{
struct gc_arena gc = gc_new();
struct buffer pers_string = alloc_buf_gc(100, &gc);
/*
* Personalisation string, should be as unique as possible (see NIST
* 800-90 section 8.7.1). We have very little information at this stage.
* Include Program Name, memory address of the context and PID.
*/
buf_printf(&pers_string, "OpenVPN %0u %p %s", platform_getpid(), &cd_ctx, time_string(0, 0, 0, &gc));
/* Initialise PolarSSL RNG, and built-in entropy sources */
havege_init(&hs);
entropy_init(&ec);
if (0 != entropy_add_source(&ec, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK))
msg (M_FATAL, "Failed to add hardclock to entropy pool");
if (0 != entropy_add_source(&ec, havege_poll, &hs, ENTROPY_MIN_HAVEGE))
msg (M_FATAL, "Failed to add havege to entropy pool");
if (0 != ctr_drbg_init(&cd_ctx, entropy_func, &ec, BPTR(&pers_string), BLEN(&pers_string)))
msg (M_FATAL, "Failed to initialize random generator");
gc_free(&gc);
rand_initialised = true;
}
return &cd_ctx;
}
void receiver(int sender, int receiver,
char *s_pub_key, char *r_priv_key,
char *s_nonce, char *r_nonce)
/*@ requires [_]public_invar(nsl_pub) &*&
[_]decryption_key_classifier(nsl_public_key) &*&
principal(receiver, _) &*&
[?f1]cryptogram(s_pub_key, 8 * KEY_SIZE,
?s_pub_key_ccs, ?s_pub_key_cg) &*&
s_pub_key_cg == cg_public_key(sender, ?s_id) &*&
[?f2]cryptogram(r_priv_key, 8 * KEY_SIZE,
?r_priv_key_ccs, ?r_priv_key_cg) &*&
r_priv_key_cg == cg_private_key(receiver, ?r_id) &*&
chars(s_nonce, NONCE_SIZE, _) &*&
chars(r_nonce, NONCE_SIZE, _); @*/
/*@ ensures principal(receiver, _) &*&
[f1]cryptogram(s_pub_key, 8 * KEY_SIZE,
s_pub_key_ccs, s_pub_key_cg) &*&
[f2]cryptogram(r_priv_key, 8 * KEY_SIZE,
r_priv_key_ccs, r_priv_key_cg) &*&
cryptogram(r_nonce, NONCE_SIZE, ?r_nonce_ccs, ?r_nonce_cg) &*&
r_nonce_cg == cg_nonce(receiver, _) &*&
(
col || bad(sender) || bad(receiver) ?
chars(s_nonce, NONCE_SIZE, _)
:
cryptogram(s_nonce, NONCE_SIZE, ?s_nonce_ccs, ?s_nonce_cg) &*&
s_nonce_cg == cg_nonce(sender, _) &*&
cg_info(s_nonce_cg) == int_pair(1, int_pair(receiver, r_id)) &*&
cg_info(r_nonce_cg) == int_pair(2, int_pair(sender, int_pair(sender,
int_pair(receiver, r_id))))
); @*/
{
//@ open principal(receiver, _);
int socket1;
int socket2;
pk_context s_context;
pk_context r_context;
havege_state havege_state;
if(net_bind(&socket1, NULL, SERVER_PORT) != 0)
abort();
if(net_accept(socket1, &socket2, NULL) != 0)
abort();
if(net_set_block(socket2) != 0)
abort();
//@ close pk_context(&s_context);
pk_init(&s_context);
if (pk_parse_public_key(&s_context, s_pub_key,
(unsigned int) 8 * KEY_SIZE) != 0)
abort();
//@ close pk_context(&r_context);
pk_init(&r_context);
if (pk_parse_key(&r_context, r_priv_key,
(unsigned int) 8 * KEY_SIZE, NULL, 0) != 0)
abort();
// Generate NB
//@ close havege_state(&havege_state);
havege_init(&havege_state);
//@ close principal(receiver, _);
receiver_msg1(&socket2, &havege_state, &r_context, sender, receiver, s_nonce);
//@ open principal(receiver, _);
//@ assert receiver_inter(?p_orig, ?c_orig, ?p_inst, ?s_nonce_ccs, ?s_nonce_cg);
//@ int info = int_pair(sender, int_pair(p_inst, int_pair(p_orig, c_orig)));
//@ close random_request(receiver, int_pair(2, info), false);
if (havege_random(&havege_state, r_nonce, NONCE_SIZE) != 0) abort();
//@ close principal(receiver, _);
receiver_msg2(&socket2, &havege_state, &s_context, receiver,
s_nonce, r_nonce);
//@ if (col || bad(p_inst) || bad(receiver)) chars_to_crypto_chars(s_nonce, NONCE_SIZE);
//@ close receiver_inter(p_orig, c_orig, p_inst, s_nonce_ccs, s_nonce_cg);
receiver_msg3(&socket2, &havege_state, &r_context, sender, receiver,
s_nonce, r_nonce);
/*@ if (col || bad(sender) || bad(receiver))
crypto_chars_to_chars(s_nonce, NONCE_SIZE); @*/
havege_free(&havege_state);
//@ open havege_state(&havege_state);
//@ pk_release_context_with_key(&s_context);
pk_free(&s_context);
//@ open pk_context(&s_context);
//@ pk_release_context_with_key(&r_context);
pk_free(&r_context);
//@ open pk_context(&r_context);
net_close(socket2);
net_close(socket1);
}
void sender(int sender, int receiver,
char *s_priv_key, char *r_pub_key,
char *s_nonce, char *r_nonce)
/*@ requires [_]public_invar(nsl_pub) &*&
[_]decryption_key_classifier(nsl_public_key) &*&
principal(sender, _) &*&
[?f1]cryptogram(s_priv_key, 8 * KEY_SIZE,
?s_priv_key_ccs, ?s_priv_key_cg) &*&
s_priv_key_cg == cg_private_key(sender, ?s_id) &*&
[?f2]cryptogram(r_pub_key, 8 * KEY_SIZE,
?r_pub_key_ccs, ?r_pub_key_cg) &*&
r_pub_key_cg == cg_public_key(receiver, ?r_id) &*&
chars(s_nonce, NONCE_SIZE, _) &*&
chars(r_nonce, NONCE_SIZE, _); @*/
/*@ ensures principal(sender, _) &*&
[f1]cryptogram(s_priv_key, 8 * KEY_SIZE,
s_priv_key_ccs, s_priv_key_cg) &*&
[f2]cryptogram(r_pub_key, 8 * KEY_SIZE,
r_pub_key_ccs, r_pub_key_cg) &*&
cryptogram(s_nonce, NONCE_SIZE, ?s_nonce_ccs, ?s_nonce_cg) &*&
s_nonce_cg == cg_nonce(sender, _) &*&
cg_info(s_nonce_cg) == int_pair(1, int_pair(receiver, r_id)) &*&
col || bad(sender) || bad(receiver) ?
chars(r_nonce, NONCE_SIZE, _)
:
cryptogram(r_nonce, NONCE_SIZE, _, ?r_nonce_cg) &*&
r_nonce_cg == cg_nonce(receiver, _) &*&
cg_info(r_nonce_cg) == int_pair(2, int_pair(sender, int_pair(sender,
int_pair(receiver, r_id)))); @*/
{
int socket;
pk_context s_context;
pk_context r_context;
havege_state havege_state;
net_usleep(20000);
if(net_connect(&socket, NULL, SERVER_PORT) != 0)
abort();
if(net_set_block(socket) != 0)
abort();
//@ close pk_context(&s_context);
pk_init(&s_context);
if (pk_parse_key(&s_context, s_priv_key,
(unsigned int) 8 * KEY_SIZE, NULL, 0) != 0)
abort();
//@ close pk_context(&r_context);
pk_init(&r_context);
if (pk_parse_public_key(&r_context, r_pub_key,
(unsigned int) 8 * KEY_SIZE) != 0)
abort();
// Generate NA
//@ open principal(sender, _);
//@ close havege_state(&havege_state);
havege_init(&havege_state);
//@ close random_request(sender, int_pair(1, int_pair(receiver, r_id)), false);
if (havege_random(&havege_state, s_nonce, NONCE_SIZE) != 0) abort();
//@ assert cryptogram(s_nonce, NONCE_SIZE, ?cs_s_nonce, ?cg_s_nonce);
//@ close principal(sender, _);
sender_msg1(&socket, &havege_state, &r_context, sender, s_nonce);
sender_msg2(&socket, &havege_state, &s_context, sender, receiver,
s_nonce, r_nonce);
sender_msg3(&socket, &havege_state, &r_context, sender, r_nonce);
havege_free(&havege_state);
//@ open havege_state(&havege_state);
//@ pk_release_context_with_key(&s_context);
pk_free(&s_context);
//@ open pk_context(&s_context);
//@ pk_release_context_with_key(&r_context);
pk_free(&r_context);
//@ open pk_context(&r_context);
net_close(socket);
}
int main( int argc, char *argv[] )
{
int keysize;
unsigned long i, j, tsc;
unsigned char tmp[64];
#if defined(POLARSSL_ARC4_C)
arc4_context arc4;
#endif
#if defined(POLARSSL_DES_C)
des3_context des3;
des_context des;
#endif
#if defined(POLARSSL_AES_C)
aes_context aes;
#endif
#if defined(POLARSSL_CAMELLIA_C)
camellia_context camellia;
#endif
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_BIGNUM_C) && \
defined(POLARSSL_GENPRIME)
rsa_context rsa;
#endif
#if defined(POLARSSL_HAVEGE_C)
havege_state hs;
#endif
#if defined(POLARSSL_CTR_DRBG_C)
ctr_drbg_context ctr_drbg;
#endif
((void) argc);
((void) argv);
memset( buf, 0xAA, sizeof( buf ) );
printf( "\n" );
#if defined(POLARSSL_MD4_C)
printf( HEADER_FORMAT, "MD4" );
fflush( stdout );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
md4( buf, BUFSIZE, tmp );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
md4( buf, BUFSIZE, tmp );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(POLARSSL_MD5_C)
printf( HEADER_FORMAT, "MD5" );
fflush( stdout );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
md5( buf, BUFSIZE, tmp );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
md5( buf, BUFSIZE, tmp );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(POLARSSL_SHA1_C)
printf( HEADER_FORMAT, "SHA-1" );
fflush( stdout );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
sha1( buf, BUFSIZE, tmp );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
sha1( buf, BUFSIZE, tmp );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(POLARSSL_SHA2_C)
printf( HEADER_FORMAT, "SHA-256" );
fflush( stdout );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
sha2( buf, BUFSIZE, tmp, 0 );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
sha2( buf, BUFSIZE, tmp, 0 );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(POLARSSL_SHA4_C)
printf( HEADER_FORMAT, "SHA-512" );
fflush( stdout );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
sha4( buf, BUFSIZE, tmp, 0 );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
sha4( buf, BUFSIZE, tmp, 0 );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(POLARSSL_ARC4_C)
printf( HEADER_FORMAT, "ARC4" );
fflush( stdout );
arc4_setup( &arc4, tmp, 32 );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
arc4_crypt( &arc4, BUFSIZE, buf, buf );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
arc4_crypt( &arc4, BUFSIZE, buf, buf );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(POLARSSL_DES_C)
printf( HEADER_FORMAT, "3DES" );
fflush( stdout );
des3_set3key_enc( &des3, tmp );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
printf( HEADER_FORMAT, "DES" );
fflush( stdout );
des_setkey_enc( &des, tmp );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );
tsc = hardclock();
for( j = 0; j < 1024; j++ )
des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(POLARSSL_AES_C)
for( keysize = 128; keysize <= 256; keysize += 64 )
{
printf( " AES-%d : ", keysize );
fflush( stdout );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
aes_setkey_enc( &aes, tmp, keysize );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf );
tsc = hardclock();
for( j = 0; j < 4096; j++ )
aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
}
#endif
#if defined(POLARSSL_CAMELLIA_C)
for( keysize = 128; keysize <= 256; keysize += 64 )
{
printf( " CAMELLIA-%d : ", keysize );
fflush( stdout );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
camellia_setkey_enc( &camellia, tmp, keysize );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
camellia_crypt_cbc( &camellia, CAMELLIA_ENCRYPT, BUFSIZE, tmp, buf, buf );
tsc = hardclock();
for( j = 0; j < 4096; j++ )
camellia_crypt_cbc( &camellia, CAMELLIA_ENCRYPT, BUFSIZE, tmp, buf, buf );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
}
#endif
#if defined(POLARSSL_HAVEGE_C)
printf( HEADER_FORMAT, "HAVEGE" );
fflush( stdout );
havege_init( &hs );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
havege_random( &hs, buf, BUFSIZE );
tsc = hardclock();
for( j = 1; j < 1024; j++ )
havege_random( &hs, buf, BUFSIZE );
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(POLARSSL_CTR_DRBG_C)
printf( HEADER_FORMAT, "CTR_DRBG (NOPR)" );
fflush( stdout );
if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
exit(1);
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
exit(1);
tsc = hardclock();
for( j = 1; j < 1024; j++ )
if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
exit(1);
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
printf( HEADER_FORMAT, "CTR_DRBG (PR)" );
fflush( stdout );
if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
exit(1);
ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_ON );
set_alarm( 1 );
for( i = 1; ! alarmed; i++ )
if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
exit(1);
tsc = hardclock();
for( j = 1; j < 1024; j++ )
if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
exit(1);
printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024,
( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_BIGNUM_C) && \
defined(POLARSSL_GENPRIME)
rsa_init( &rsa, RSA_PKCS_V15, 0 );
rsa_gen_key( &rsa, myrand, NULL, 1024, 65537 );
printf( HEADER_FORMAT, "RSA-1024" );
fflush( stdout );
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
{
buf[0] = 0;
rsa_public( &rsa, buf, buf );
}
printf( "%9lu public/s\n", i / 3 );
printf( HEADER_FORMAT, "RSA-1024" );
fflush( stdout );
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
{
buf[0] = 0;
rsa_private( &rsa, buf, buf );
}
printf( "%9lu private/s\n", i / 3 );
rsa_free( &rsa );
rsa_init( &rsa, RSA_PKCS_V15, 0 );
rsa_gen_key( &rsa, myrand, NULL, 2048, 65537 );
printf( HEADER_FORMAT, "RSA-2048" );
fflush( stdout );
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
{
buf[0] = 0;
rsa_public( &rsa, buf, buf );
}
printf( "%9lu public/s\n", i / 3 );
printf( HEADER_FORMAT, "RSA-2048" );
fflush( stdout );
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
{
buf[0] = 0;
rsa_private( &rsa, buf, buf );
}
printf( "%9lu private/s\n", i / 3 );
rsa_free( &rsa );
rsa_init( &rsa, RSA_PKCS_V15, 0 );
rsa_gen_key( &rsa, myrand, NULL, 4096, 65537 );
printf( HEADER_FORMAT, "RSA-4096" );
fflush( stdout );
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
{
buf[0] = 0;
rsa_public( &rsa, buf, buf );
}
printf( "%9lu public/s\n", i / 3 );
printf( HEADER_FORMAT, "RSA-4096" );
fflush( stdout );
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
{
buf[0] = 0;
rsa_private( &rsa, buf, buf );
}
printf( "%9lu private/s\n", i / 3 );
rsa_free( &rsa );
#endif
printf( "\n" );
#if defined(_WIN32)
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( 0 );
}
int main(int argc, char **argv) //@ : main_full(main_app)
//@ requires module(main_app, true);
//@ ensures true;
{
pthread_t a_thread;
havege_state havege_state;
printf("\n\tExecuting \"");
printf("yahalom protocol");
printf("\" ... \n\n");
//@ PROTOCOL_INIT(yahalom)
//@ int server = principal_create();
//@ assert server == 1;
//@ int sender = principal_create();
//@ assert sender == 2;
//@ int receiver = principal_create();
//@ assert receiver == 3;
//@ int attacker = principal_create();
//@ assume (bad(attacker));
//@ close havege_state(&havege_state);
havege_init(&havege_state);
//@ assume (bad(attacker));
//@ close pthread_run_pre(attacker_t)(NULL, some(attacker));
pthread_create(&a_thread, NULL, &attacker_t, NULL);
int i = 0;
#ifdef EXECUTE
while (i++ < 10)
#else
while (true)
#endif
/*@ invariant [_]public_invar(yahalom_pub) &*&
[_]decryption_key_classifier(yahalom_public_key) &*&
havege_state_initialized(&havege_state) &*&
principal(server, ?serv_count) &*&
principal(sender, ?send_count) &*&
principal(receiver, ?rcvr_count);
@*/
{
char s_key[KEY_SIZE];
char r_key[KEY_SIZE];
char key1[KEY_SIZE];
char key2[KEY_SIZE];
//@ open principal(sender, _);
//@ close random_request(sender, int_pair(3, server), true);
if (havege_random(&havege_state, s_key, KEY_SIZE) != 0) abort();
//@ close principal(sender, _);
//@ assert cryptogram(s_key, KEY_SIZE, ?cs_s_key, ?cg_s_key);
//@ assert cg_s_key == cg_symmetric_key(sender, send_count + 1);
//@ open principal(receiver, _);
//@ close random_request(receiver, int_pair(3, server), true);
if (havege_random(&havege_state, r_key, KEY_SIZE) != 0) abort();
//@ close principal(receiver, _);
//@ assert cryptogram(r_key, KEY_SIZE, ?cs_r_key, ?cg_r_key);
//@ assert cg_r_key == cg_symmetric_key(receiver, rcvr_count + 1);
{
pthread_t serv_thread, s_thread, r_thread;
struct yahalom_args serv_args, s_args, r_args;
serv_args.server = 1;
serv_args.sender = 2;
serv_args.receiver = 3;
serv_args.s_key = s_key;
serv_args.r_key = r_key;
s_args.server = 1;
s_args.sender = 2;
s_args.receiver = 3;
s_args.s_key = s_key;
s_args.key = key1;
r_args.server = 1;
r_args.sender = 2;
r_args.receiver = 3;
r_args.r_key = r_key;
r_args.key = key2;
//@ close pthread_run_pre(server_t)(&serv_args, ?serv_data);
pthread_create(&serv_thread, NULL, &server_t, &serv_args);
//@ close pthread_run_pre(sender_t)(&s_args, ?s_data);
pthread_create(&s_thread, NULL, &sender_t, &s_args);
//@ close pthread_run_pre(receiver_t)(&r_args, ?r_data);
pthread_create(&r_thread, NULL, &receiver_t, &r_args);
pthread_join(serv_thread, NULL);
//@ open pthread_run_post(server_t)(&serv_args, serv_data);
pthread_join(s_thread, NULL);
//@ open pthread_run_post(sender_t)(&s_args, s_data);
pthread_join(r_thread, NULL);
//@ open pthread_run_post(receiver_t)(&r_args, r_data);
}
//@ open cryptogram(key1, KEY_SIZE, ?cs_key1, _);
zeroize(key1, KEY_SIZE);
//@ open cryptogram(key2, KEY_SIZE, ?cs_key2, _);
zeroize(key2, KEY_SIZE);
//@ open [1/2]cryptogram(s_key, KEY_SIZE, _, _);
//@ open [1/2]cryptogram(s_key, KEY_SIZE, _, _);
zeroize(s_key, KEY_SIZE);
//@ open [1/2]cryptogram(r_key, KEY_SIZE, _, _);
//@ open [1/2]cryptogram(r_key, KEY_SIZE, _, _);
zeroize(r_key, KEY_SIZE);
printf(" |%i| ", i);
}
printf("\n\n\t\tDone\n");
return 0;
}
int main(int argc, char **argv) //@ : main_full(main_app)
//@ requires module(main_app, true);
//@ ensures true;
{
pthread_t a_thread;
havege_state havege_state;
printf("\n\tExecuting \"");
printf("enc_then_hmac protocol");
printf("\" ... \n\n");
//@ PROTOCOL_INIT(enc_then_hmac)
//@ int attacker = principal_create();
//@ int sender = principal_create();
//@ int receiver = principal_create();
//@ assume (!bad(sender) && !bad(receiver));
//@ close havege_state(&havege_state);
havege_init(&havege_state);
//@ assume (bad(attacker));
//@ close pthread_run_pre(attacker_t)(NULL, some(attacker));
pthread_create(&a_thread, NULL, &attacker_t, NULL);
int i = 0;
#ifdef EXECUTE
while (i++ < 10)
#else
while (true)
#endif
/*@ invariant [_]public_invar(enc_then_hmac_pub) &*&
[_]decryption_key_classifier(enc_then_hmac_public_key) &*&
!bad(sender) && !bad(receiver) &*&
havege_state_initialized(&havege_state) &*&
principal(sender, ?count) &*& principal(receiver, _);
@*/
{
char* enc_key;
char* hmac_key;
int temp;
enc_key = malloc(KEY_SIZE);
if (enc_key == 0) abort();
hmac_key = malloc(KEY_SIZE);
if (hmac_key == 0) abort();
//@ open principal(sender, _);
//@ close random_request(sender, 0, true);
if (havege_random(&havege_state, enc_key, KEY_SIZE) != 0) abort();
//@ assume (shared_with(sender, count + 1) == receiver);
//@ assert cryptogram(enc_key, KEY_SIZE, ?enc_cs_key, ?enc_cg_key);
//@ assert enc_cg_key == cg_symmetric_key(sender, count + 1);
//@ close random_request(sender, count + 1, true);
if (havege_random(&havege_state, hmac_key, KEY_SIZE) != 0) abort();
//@ assume (shared_with(sender, count + 2) == receiver);
//@ assert cryptogram(hmac_key, KEY_SIZE, ?hmac_cs_key, ?hmac_cg_key);
//@ assert hmac_cg_key == cg_symmetric_key(sender, count + 2);
{
pthread_t s_thread, r_thread;
struct enc_then_hmac_args s_args;
struct enc_then_hmac_args r_args;
char s_message[MSG_LEN];
char r_message[MAX_SIZE];
//@ assert chars(s_message, MSG_LEN, ?msg_cs);
//@ public_chars(s_message, MSG_LEN);
//@ chars_to_secret_crypto_chars(s_message, MSG_LEN);
//@ s_args.sender = sender;
//@ s_args.receiver = receiver;
s_args.enc_key = enc_key;
s_args.hmac_key = hmac_key;
s_args.msg = s_message;
//@ assume (send(sender, receiver, msg_cs) == true);
//@ r_args.sender = sender;
//@ r_args.receiver = receiver;
r_args.enc_key = enc_key;
r_args.hmac_key = hmac_key;
r_args.msg = r_message;
//@ close principal(sender, _);
//@ close pthread_run_pre(sender_t)(&s_args, ?s_data);
//@ close pthread_run_pre(receiver_t)(&r_args, ?r_data);
pthread_create(&r_thread, NULL, &receiver_t, &r_args);
pthread_create(&s_thread, NULL, &sender_t, &s_args);
pthread_join(s_thread, NULL);
//@ open pthread_run_post(sender_t)(&s_args, s_data);
pthread_join(r_thread, NULL);
//@ open pthread_run_post(receiver_t)(&r_args, r_data);
//@ open [1/2]cryptogram(enc_key, KEY_SIZE, enc_cs_key, _);
//@ open [1/2]cryptogram(enc_key, KEY_SIZE, enc_cs_key, _);
//@ open [1/2]cryptogram(hmac_key, KEY_SIZE, hmac_cs_key, _);
//@ open [1/2]cryptogram(hmac_key, KEY_SIZE, hmac_cs_key, _);
if (r_args.length != MSG_LEN)
abort();
//@ public_crypto_chars(s_message, MSG_LEN);
#ifdef EXECUTE
if (memcmp(s_message, r_message, MSG_LEN) != 0)
abort();
#endif
//@ open principal(sender, _);
//@ close principal(sender, _);
zeroize(r_message, r_args.length);
}
zeroize(enc_key, KEY_SIZE);
free((void*) enc_key);
zeroize(hmac_key, KEY_SIZE);
free((void*) hmac_key);
printf(" |%i| ", i);
}
printf("\n\n\t\tDone\n");
return 0;
}
int main(void)
{
int ret, len, server_fd = -1;
unsigned char buf[1024];
havege_state hs;
ssl_context ssl;
ssl_session ssn;
/*
* 0. Initialize the RNG and the session data
*/
havege_init(&hs);
memset(&ssl, 0, sizeof(ssl));
memset(&ssn, 0, sizeof(ssl_session));
/*
* 1. Start the connection
*/
printf("\n . Connecting to tcp/%s/%4d...", SERVER_NAME, SERVER_PORT);
fflush(stdout);
if ((ret = net_connect(&server_fd, SERVER_NAME, SERVER_PORT)) != 0) {
printf(" failed\n ! net_connect returned %d\n\n", ret);
goto exit;
}
printf(" ok\n");
/*
* 2. Setup stuff
*/
printf(" . Setting up the SSL/TLS structure...");
fflush(stdout);
if ((ret = ssl_init(&ssl)) != 0) {
printf(" failed\n ! ssl_init returned %d\n\n", ret);
goto exit;
}
printf(" ok\n");
ssl_set_endpoint(&ssl, SSL_IS_CLIENT);
ssl_set_authmode(&ssl, SSL_VERIFY_NONE);
ssl_set_rng(&ssl, havege_rand, &hs);
ssl_set_dbg(&ssl, my_debug, stdout);
ssl_set_bio(&ssl, net_recv, &server_fd, net_send, &server_fd);
ssl_set_ciphers(&ssl, ssl_default_ciphers);
ssl_set_session(&ssl, 1, 600, &ssn);
/*
* 3. Write the GET request
*/
printf(" > Write to server:");
fflush(stdout);
len = sprintf((char *)buf, GET_REQUEST);
while ((ret = ssl_write(&ssl, buf, len)) <= 0) {
if (ret != TROPICSSL_ERR_NET_TRY_AGAIN) {
printf(" failed\n ! ssl_write returned %d\n\n", ret);
goto exit;
}
}
len = ret;
printf(" %d bytes written\n\n%s", len, (char *)buf);
/*
* 7. Read the HTTP response
*/
printf(" < Read from server:");
fflush(stdout);
do {
len = sizeof(buf) - 1;
memset(buf, 0, sizeof(buf));
ret = ssl_read(&ssl, buf, len);
if (ret == TROPICSSL_ERR_NET_TRY_AGAIN)
continue;
if (ret == TROPICSSL_ERR_SSL_PEER_CLOSE_NOTIFY)
break;
if (ret <= 0) {
printf("failed\n ! ssl_read returned %d\n\n", ret);
break;
}
len = ret;
printf(" %d bytes read\n\n%s", len, (char *)buf);
}
while (0);
ssl_close_notify(&ssl);
exit:
net_close(server_fd);
ssl_free(&ssl);
memset(&ssl, 0, sizeof(ssl));
#ifdef WIN32
printf(" + Press Enter to exit this program.\n");
fflush(stdout);
getchar();
#endif
return (ret);
}
/*
* This function loads all the client/CA certificates and CRLs. Setup the TLS
* layer and do all necessary magic.
*/
CURLcode
Curl_polarssl_connect(struct connectdata *conn,
int sockindex)
{
struct SessionHandle *data = conn->data;
bool sni = TRUE; /* default is SNI enabled */
int ret = -1;
#ifdef ENABLE_IPV6
struct in6_addr addr;
#else
struct in_addr addr;
#endif
void *old_session = NULL;
size_t old_session_size = 0;
char buffer[1024];
if(conn->ssl[sockindex].state == ssl_connection_complete)
return CURLE_OK;
/* PolarSSL only supports SSLv3 and TLSv1 */
if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
failf(data, "PolarSSL does not support SSLv2");
return CURLE_SSL_CONNECT_ERROR;
}
else if(data->set.ssl.version == CURL_SSLVERSION_SSLv3)
sni = FALSE; /* SSLv3 has no SNI */
havege_init(&conn->ssl[sockindex].hs);
/* Load the trusted CA */
memset(&conn->ssl[sockindex].cacert, 0, sizeof(x509_cert));
if(data->set.str[STRING_SSL_CAFILE]) {
ret = x509parse_crtfile(&conn->ssl[sockindex].cacert,
data->set.str[STRING_SSL_CAFILE]);
if(ret) {
failf(data, "Error reading ca cert file %s: -0x%04X",
data->set.str[STRING_SSL_CAFILE], -ret);
if(data->set.ssl.verifypeer)
return CURLE_SSL_CACERT_BADFILE;
}
}
/* Load the client certificate */
memset(&conn->ssl[sockindex].clicert, 0, sizeof(x509_cert));
if(data->set.str[STRING_CERT]) {
ret = x509parse_crtfile(&conn->ssl[sockindex].clicert,
data->set.str[STRING_CERT]);
if(ret) {
failf(data, "Error reading client cert file %s: -0x%04X",
data->set.str[STRING_CERT], -ret);
return CURLE_SSL_CERTPROBLEM;
}
}
/* Load the client private key */
if(data->set.str[STRING_KEY]) {
ret = x509parse_keyfile(&conn->ssl[sockindex].rsa,
data->set.str[STRING_KEY],
data->set.str[STRING_KEY_PASSWD]);
if(ret) {
failf(data, "Error reading private key %s: -0x%04X",
data->set.str[STRING_KEY], -ret);
return CURLE_SSL_CERTPROBLEM;
}
}
/* Load the CRL */
memset(&conn->ssl[sockindex].crl, 0, sizeof(x509_crl));
if(data->set.str[STRING_SSL_CRLFILE]) {
ret = x509parse_crlfile(&conn->ssl[sockindex].crl,
data->set.str[STRING_SSL_CRLFILE]);
if(ret) {
failf(data, "Error reading CRL file %s: -0x%04X",
data->set.str[STRING_SSL_CRLFILE], -ret);
return CURLE_SSL_CRL_BADFILE;
}
}
infof(data, "PolarSSL: Connected to %s:%d\n",
conn->host.name, conn->remote_port);
havege_init(&conn->ssl[sockindex].hs);
if(ssl_init(&conn->ssl[sockindex].ssl)) {
failf(data, "PolarSSL: ssl_init failed");
return CURLE_SSL_CONNECT_ERROR;
}
ssl_set_endpoint(&conn->ssl[sockindex].ssl, SSL_IS_CLIENT);
ssl_set_authmode(&conn->ssl[sockindex].ssl, SSL_VERIFY_OPTIONAL);
ssl_set_rng(&conn->ssl[sockindex].ssl, havege_rand,
&conn->ssl[sockindex].hs);
ssl_set_bio(&conn->ssl[sockindex].ssl,
net_recv, &conn->sock[sockindex],
net_send, &conn->sock[sockindex]);
ssl_set_ciphers(&conn->ssl[sockindex].ssl, ssl_default_ciphers);
if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
memcpy(&conn->ssl[sockindex].ssn, old_session, old_session_size);
infof(data, "PolarSSL re-using session\n");
}
ssl_set_session(&conn->ssl[sockindex].ssl, 1, 600,
&conn->ssl[sockindex].ssn);
ssl_set_ca_chain(&conn->ssl[sockindex].ssl,
&conn->ssl[sockindex].cacert,
&conn->ssl[sockindex].crl,
conn->host.name);
ssl_set_own_cert(&conn->ssl[sockindex].ssl,
&conn->ssl[sockindex].clicert, &conn->ssl[sockindex].rsa);
if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&
#ifdef ENABLE_IPV6
!Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&
#endif
sni && ssl_set_hostname(&conn->ssl[sockindex].ssl, conn->host.name)) {
infof(data, "WARNING: failed to configure "
"server name indication (SNI) TLS extension\n");
}
infof(data, "PolarSSL: performing SSL/TLS handshake...\n");
#ifdef POLARSSL_DEBUG
ssl_set_dbg(&conn->ssl[sockindex].ssl, polarssl_debug, data);
#endif
for(;;) {
if(!(ret = ssl_handshake(&conn->ssl[sockindex].ssl)))
break;
else if(ret != POLARSSL_ERR_NET_TRY_AGAIN) {
failf(data, "ssl_handshake returned -0x%04X", -ret);
return CURLE_SSL_CONNECT_ERROR;
}
else {
/* wait for data from server... */
long timeout_ms = Curl_timeleft(data, NULL, TRUE);
if(timeout_ms < 0) {
failf(data, "SSL connection timeout");
return CURLE_OPERATION_TIMEDOUT;
}
switch(Curl_socket_ready(conn->sock[sockindex],
CURL_SOCKET_BAD, timeout_ms)) {
case 0:
failf(data, "SSL handshake timeout");
return CURLE_OPERATION_TIMEDOUT;
break;
case CURL_CSELECT_IN:
continue;
break;
default:
return CURLE_SSL_CONNECT_ERROR;
break;
}
}
}
infof(data, "PolarSSL: Handshake complete, cipher is %s\n",
ssl_get_cipher(&conn->ssl[sockindex].ssl));
ret = ssl_get_verify_result(&conn->ssl[sockindex].ssl);
if(ret && data->set.ssl.verifypeer) {
if(ret & BADCERT_EXPIRED)
failf(data, "Cert verify failed: BADCERT_EXPIRED\n");
if(ret & BADCERT_REVOKED)
failf(data, "Cert verify failed: BADCERT_REVOKED");
if(ret & BADCERT_CN_MISMATCH)
failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
if(ret & BADCERT_NOT_TRUSTED)
failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED");
return CURLE_SSL_CACERT;
}
if(conn->ssl[sockindex].ssl.peer_cert) {
/* If the session was resumed, there will be no peer certs */
memset(buffer, 0, sizeof(buffer));
if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ",
conn->ssl[sockindex].ssl.peer_cert) != -1)
infof(data, "Dumping cert info:\n%s\n", buffer);
}
conn->ssl[sockindex].state = ssl_connection_complete;
conn->recv[sockindex] = polarssl_recv;
conn->send[sockindex] = polarssl_send;
/* Save the current session data for possible re-use */
{
void *new_session = malloc(sizeof(conn->ssl[sockindex].ssn));
if(new_session) {
memcpy(new_session, &conn->ssl[sockindex].ssn,
sizeof(conn->ssl[sockindex].ssn));
if(old_session)
Curl_ssl_delsessionid(conn, old_session);
return Curl_ssl_addsessionid(conn, new_session,
sizeof(conn->ssl[sockindex].ssn));
}
}
return CURLE_OK;
}
int main( int argc, char *argv[] )
{
int ret = 0, server_fd;
unsigned char buf[1024];
havege_state hs;
ssl_context ssl;
ssl_session ssn;
x509_cert clicert;
rsa_context rsa;
int i, j, n;
char *p, *q;
if( argc == 0 )
{
usage:
printf( USAGE );
goto exit;
}
opt.mode = DFL_MODE;
opt.filename = DFL_FILENAME;
opt.server_name = DFL_SERVER_NAME;
opt.server_port = DFL_SERVER_PORT;
opt.debug_level = DFL_DEBUG_LEVEL;
for( i = 1; i < argc; i++ )
{
n = strlen( argv[i] );
for( j = 0; j < n; j++ )
{
if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
argv[i][j] |= 0x20;
}
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
goto usage;
*q++ = '\0';
if( strcmp( p, "mode" ) == 0 )
{
if( strcmp( q, "file" ) == 0 )
opt.mode = MODE_FILE;
else if( strcmp( q, "ssl" ) == 0 )
opt.mode = MODE_SSL;
else
goto usage;
}
else if( strcmp( p, "filename" ) == 0 )
opt.filename = q;
else if( strcmp( p, "server_name" ) == 0 )
opt.server_name = q;
else if( strcmp( p, "server_port" ) == 0 )
{
opt.server_port = atoi( q );
if( opt.server_port < 1 || opt.server_port > 65535 )
goto usage;
}
else if( strcmp( p, "debug_level" ) == 0 )
{
opt.debug_level = atoi( q );
if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage;
}
else
goto usage;
}
if( opt.mode == MODE_FILE )
{
x509_cert crt;
memset( &crt, 0, sizeof( x509_cert ) );
/*
* 1.1. Load the certificate
*/
printf( "\n . Loading the certificate ..." );
fflush( stdout );
ret = x509parse_crtfile( &crt, opt.filename );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
x509_free( &crt );
goto exit;
}
printf( " ok\n" );
/*
* 1.2 Print the certificate
*/
printf( " . Peer certificate information ...\n" );
ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", &crt );
if( ret == -1 )
{
printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
x509_free( &crt );
goto exit;
}
printf( "%s\n", buf );
x509_free( &crt );
}
else if( opt.mode == MODE_SSL )
{
/*
* 1. Initialize the RNG and the session data
*/
havege_init( &hs );
memset( &ssn, 0, sizeof( ssl_session ) );
/*
* 2. Start the connection
*/
printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name,
opt.server_port );
fflush( stdout );
if( ( ret = net_connect( &server_fd, opt.server_name,
opt.server_port ) ) != 0 )
{
printf( " failed\n ! net_connect returned %d\n\n", ret );
goto exit;
}
/*
* 3. Setup stuff
*/
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
ssl_set_rng( &ssl, havege_rand, &hs );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
ssl_set_ciphers( &ssl, ssl_default_ciphers );
ssl_set_session( &ssl, 1, 600, &ssn );
ssl_set_own_cert( &ssl, &clicert, &rsa );
ssl_set_hostname( &ssl, opt.server_name );
/*
* 4. Handshake
*/
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_TRY_AGAIN )
{
printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
goto exit;
}
}
printf( " ok\n" );
/*
* 5. Print the certificate
*/
printf( " . Peer certificate information ...\n" );
ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", ssl.peer_cert );
if( ret == -1 )
{
printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
goto exit;
}
printf( "%s\n", buf );
ssl_close_notify( &ssl );
}
else
goto usage;
exit:
net_close( server_fd );
x509_free( &clicert );
rsa_free( &rsa );
ssl_free( &ssl );
memset( &ssl, 0, sizeof( ssl ) );
#ifdef WIN32
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
int main() //@ : main
//@ requires true;
//@ ensures true;
{
pthread_t a_thread;
havege_state havege_state;
int* principals = malloc(sizeof(int));
if (principals == 0) abort();
*principals = 0;
printf("\n\tExecuting \"");
printf("secure_storage");
printf(" protocol");
printf("\" ... \n\n");
//@ PACK_PROOF_OBLIGATIONS(ss)
//@ close exists(ss_polarssl_pub);
//@ polarssl_init();
//@ int sender = polarssl_create_principal();
(*principals)++;
//@ int receiver = polarssl_create_principal();
(*principals)++;
//@ close havege_state(&havege_state);
havege_init(&havege_state);
//@ close pthread_run_pre(attacker_t)(principals, _);
pthread_create(&a_thread, NULL, &attacker_t, principals);
int i = 0;
#ifdef EXECUTE
while (i++ < 10)
#else
while (true)
#endif
/*@ invariant [2/3]polarssl_world(ss_polarssl_pub) &*&
havege_state_initialized(&havege_state) &*&
polarssl_generated_values(sender, ?count_s);
@*/
{
char* key;
char* message;
int temp;
int message_len;
//@ close random_request(sender, 0, true);
key = malloc(KEY_BYTE_SIZE);
if (key == 0) abort();
if (havege_random(&havege_state, key, KEY_BYTE_SIZE) != 0) abort();
r_int_with_bounds(&havege_state, &temp,
POLARSSL_MIN_HMAC_INPUT_BYTE_SIZE,
POLARSSL_MAX_MESSAGE_BYTE_SIZE - 65);
message_len = temp;
message = malloc(message_len);
if (message == 0) abort();
//@ assert chars(message, message_len, ?msg_cs);
//@ polarssl_public_generated_chars_assume(ss_polarssl_pub, msg_cs);
{
pthread_t s_thread, r_thread;
struct ss_args s_args;
struct ss_args r_args;
/*@ open polarssl_cryptogram(key, KEY_BYTE_SIZE, ?key_cs,
polarssl_symmetric_key(sender, count_s + 1)); @*/
//@ assert chars(key, KEY_BYTE_SIZE, ?cs_key);
s_args.key_len = KEY_BYTE_SIZE;
s_args.key = key;
s_args.message_len = message_len;
s_args.message = malloc(message_len);
if (s_args.message == 0) abort();
memcpy(s_args.message, message, (unsigned int) message_len);
/*@ close polarssl_public_message(ss_polarssl_pub)
(s_args.message, message_len, msg_cs); @*/
r_args.key_len = KEY_BYTE_SIZE;
r_args.key = key;
/*@ close polarssl_cryptogram(key, KEY_BYTE_SIZE, key_cs,
polarssl_symmetric_key(sender, count_s + 1)); @*/
//@ assume (app_send_event(sender, msg_cs));
//@ close pthread_run_pre(sender_t)(&s_args, _);
pthread_create(&s_thread, NULL, &sender_t, &s_args);
//@ close pthread_run_pre(receiver_t)(&r_args, _);
pthread_create(&r_thread, NULL, &receiver_t, &r_args);
pthread_join(s_thread, NULL);
//@ open pthread_run_post(sender_t)(&s_args, _);
pthread_join(r_thread, NULL);
//@ open pthread_run_post(receiver_t)(&r_args, _);
/*@ open polarssl_public_message(ss_polarssl_pub)
(s_args.message, _, ?s_cs); @*/
//@ assert true == app_send_event(sender, s_cs);
free(s_args.message);
/*@ open polarssl_public_message(ss_polarssl_pub)
(r_args.message, _, ?r_cs); @*/
/*@ if (!bad(sender))
{
assert true == app_send_event(sender, r_cs);
}
@*/
free(r_args.message);
//@ open [1/2]polarssl_cryptogram(key, _, _, _);
//@ open [1/2]polarssl_cryptogram(key, _, _, _);
}
free(key);
free(message);
}
//@ havege_exit(&havege_state);
//@ open havege_state(&havege_state);
//@ destroy_polarssl_principal(sender);
//@ destroy_polarssl_principal(receiver);
printf("Done\n");
//@ leak malloc_block_ints(principals, 1);
//@ leak [_]polarssl_world(_);
return 0;
}
/*********************************************************************************************************
** 函数名称: __vpnClientConnect
** 功能描述: VPN 客户端链接服务器
** 输 入 : pvpnctx VPN 上下文 (除了 VPNCTX_iVerifyOpt 有初值, 其他字段必须经过清空)
** cpcCACrtFile CA 证书文件 .pem or .crt
** cpcPrivateCrtFile 私有证书文件 .pem or .crt
** cpcKeyFile 私有密钥文件 .pem or .key
** cpcKeyPassword 私有密钥文件解密密码, 如果密钥文件不存在密码, 则为 NULL
** inaddr SSL 服务器地址
** usPort SSL 服务器端口 (网络字节序)
** iSSLTimeoutSec 超时时间(单位秒, 推荐: 600)
** 输 出 : ERROR
** 全局变量:
** 调用模块:
*********************************************************************************************************/
INT __vpnClientOpen (__PVPN_CONTEXT pvpnctx,
CPCHAR cpcCACrtFile,
CPCHAR cpcPrivateCrtFile,
CPCHAR cpcKeyFile,
CPCHAR cpcKeyPassword,
struct in_addr inaddr,
u16_t usPort,
INT iSSLTimeoutSec)
{
INT i;
INT iError = PX_ERROR;
struct sockaddr_in sockaddrinRemote;
(VOID)iSSLTimeoutSec; /* 新的 PolarSSL 暂未使用 */
if (pvpnctx == LW_NULL) {
return (PX_ERROR);
}
pvpnctx->VPNCTX_iMode = __VPN_SSL_CLIENT; /* 设置为 client 模式 */
pvpnctx->VPNCTX_iSocket = PX_ERROR; /* 没有创建 socket */
havege_init(&pvpnctx->VPNCTX_haveagestat); /* 初始化随机数 */
if (pvpnctx->VPNCTX_iVerifyOpt != SSL_VERIFY_NONE) { /* 需要认证证书 */
/*
* 安装 CA 证书和客户端证书
*/
iError = x509parse_crtfile(&pvpnctx->VPNCTX_x509certCA, cpcCACrtFile);
if (iError != ERROR_NONE) {
_DebugHandle(__ERRORMESSAGE_LEVEL, "CA root certificate error.\r\n");
return (PX_ERROR);
}
iError = x509parse_crtfile(&pvpnctx->VPNCTX_x509certPrivate, cpcPrivateCrtFile);
if (iError != ERROR_NONE) {
_DebugHandle(__ERRORMESSAGE_LEVEL, "client certificate error.\r\n");
goto __error_handle;
}
/*
* 安装 RSA 私有密钥
*/
if (cpcKeyFile) {
iError = x509parse_keyfile(&pvpnctx->VPNCTX_rasctx, cpcKeyFile, cpcKeyPassword);
} else {
iError = x509parse_keyfile(&pvpnctx->VPNCTX_rasctx, cpcPrivateCrtFile, cpcKeyPassword);
}
if (iError != ERROR_NONE) {
_DebugHandle(__ERRORMESSAGE_LEVEL, "key file error.\r\n");
goto __error_handle;
}
}
/*
* 链接 SSL 服务器
*/
pvpnctx->VPNCTX_iSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (pvpnctx->VPNCTX_iSocket < 0) {
_DebugHandle(__ERRORMESSAGE_LEVEL, "can not create socket.\r\n");
goto __error_handle;
}
lib_bzero(&sockaddrinRemote, sizeof(sockaddrinRemote));
sockaddrinRemote.sin_len = sizeof(struct sockaddr_in);
sockaddrinRemote.sin_family = AF_INET;
sockaddrinRemote.sin_addr = inaddr;
sockaddrinRemote.sin_port = usPort;
if(connect(pvpnctx->VPNCTX_iSocket,
(struct sockaddr *)&sockaddrinRemote,
sizeof(struct sockaddr_in)) < 0) {
_DebugHandle(__ERRORMESSAGE_LEVEL, "can not connect server.\r\n");
goto __error_handle;
}
havege_init(&pvpnctx->VPNCTX_haveagestat); /* 初始化随机数 */
/*
* 初始化 SSL/STL
*/
if (ssl_init(&pvpnctx->VPNCTX_sslctx) != ERROR_NONE) {
_DebugHandle(__ERRORMESSAGE_LEVEL, "can not init ssl context.\r\n");
goto __error_handle;
}
ssl_set_endpoint(&pvpnctx->VPNCTX_sslctx, SSL_IS_CLIENT);
ssl_set_authmode(&pvpnctx->VPNCTX_sslctx, pvpnctx->VPNCTX_iVerifyOpt);
ssl_set_rng(&pvpnctx->VPNCTX_sslctx, havege_random, &pvpnctx->VPNCTX_haveagestat);
ssl_set_dbg(&pvpnctx->VPNCTX_sslctx, LW_NULL, stdout); /* 不需要 DEBUG 信息 */
ssl_set_bio(&pvpnctx->VPNCTX_sslctx,
net_recv, &pvpnctx->VPNCTX_iSocket,
net_send, &pvpnctx->VPNCTX_iSocket);
ssl_set_ciphersuites(&pvpnctx->VPNCTX_sslctx, ssl_default_ciphersuites);
ssl_set_session(&pvpnctx->VPNCTX_sslctx, &pvpnctx->VPNCTX_sslsn);
ssl_set_ca_chain(&pvpnctx->VPNCTX_sslctx, &pvpnctx->VPNCTX_x509certCA, LW_NULL, LW_NULL);
ssl_set_own_cert(&pvpnctx->VPNCTX_sslctx, &pvpnctx->VPNCTX_x509certPrivate, &pvpnctx->VPNCTX_rasctx);
ssl_set_hostname(&pvpnctx->VPNCTX_sslctx, LW_NULL); /* 不设置服务器名 */
for (i = 0; i < __VPN_SSL_HANDSHAKE_MAX_TIME; i++) {
iError = ssl_handshake(&pvpnctx->VPNCTX_sslctx); /* 握手 */
if (iError == ERROR_NONE) {
break;
} else if ((iError != POLARSSL_ERR_NET_WANT_READ) &&
(iError != POLARSSL_ERR_NET_WANT_WRITE)) {
_DebugHandle(__ERRORMESSAGE_LEVEL, "can not handshake.\r\n");
goto __error_handle;
}
}
if (i >= __VPN_SSL_HANDSHAKE_MAX_TIME) {
goto __error_handle;
}
return (ERROR_NONE);
__error_handle:
if (pvpnctx->VPNCTX_iSocket >= 0) {
net_close(pvpnctx->VPNCTX_iSocket);
}
x509_free(&pvpnctx->VPNCTX_x509certPrivate);
x509_free(&pvpnctx->VPNCTX_x509certCA);
rsa_free(&pvpnctx->VPNCTX_rasctx);
ssl_free(&pvpnctx->VPNCTX_sslctx);
return (PX_ERROR);
}
int main( int argc, char *argv[] )
{
int keysize, i;
unsigned char tmp[200];
char title[TITLE_LEN];
todo_list todo;
if( argc == 1 )
memset( &todo, 1, sizeof( todo ) );
else
{
memset( &todo, 0, sizeof( todo ) );
for( i = 1; i < argc; i++ )
{
if( strcmp( argv[i], "md4" ) == 0 )
todo.md4 = 1;
else if( strcmp( argv[i], "md5" ) == 0 )
todo.md5 = 1;
else if( strcmp( argv[i], "ripemd160" ) == 0 )
todo.ripemd160 = 1;
else if( strcmp( argv[i], "sha1" ) == 0 )
todo.sha1 = 1;
else if( strcmp( argv[i], "sha256" ) == 0 )
todo.sha256 = 1;
else if( strcmp( argv[i], "sha512" ) == 0 )
todo.sha512 = 1;
else if( strcmp( argv[i], "arc4" ) == 0 )
todo.arc4 = 1;
else if( strcmp( argv[i], "des3" ) == 0 )
todo.des3 = 1;
else if( strcmp( argv[i], "des" ) == 0 )
todo.des = 1;
else if( strcmp( argv[i], "aes_cbc" ) == 0 )
todo.aes_cbc = 1;
else if( strcmp( argv[i], "aes_gcm" ) == 0 )
todo.aes_gcm = 1;
else if( strcmp( argv[i], "camellia" ) == 0 )
todo.camellia = 1;
else if( strcmp( argv[i], "blowfish" ) == 0 )
todo.blowfish = 1;
else if( strcmp( argv[i], "havege" ) == 0 )
todo.havege = 1;
else if( strcmp( argv[i], "ctr_drbg" ) == 0 )
todo.ctr_drbg = 1;
else if( strcmp( argv[i], "hmac_drbg" ) == 0 )
todo.hmac_drbg = 1;
else if( strcmp( argv[i], "rsa" ) == 0 )
todo.rsa = 1;
else if( strcmp( argv[i], "dhm" ) == 0 )
todo.dhm = 1;
else if( strcmp( argv[i], "ecdsa" ) == 0 )
todo.ecdsa = 1;
else if( strcmp( argv[i], "ecdh" ) == 0 )
todo.ecdh = 1;
else
{
printf( "Unrecognized option: %s\n", argv[i] );
printf( "Available options:" OPTIONS );
}
}
}
printf( "\n" );
memset( buf, 0xAA, sizeof( buf ) );
#if defined(POLARSSL_MD4_C)
if( todo.md4 )
TIME_AND_TSC( "MD4", md4( buf, BUFSIZE, tmp ) );
#endif
#if defined(POLARSSL_MD5_C)
if( todo.md5 )
TIME_AND_TSC( "MD5", md5( buf, BUFSIZE, tmp ) );
#endif
#if defined(POLARSSL_RIPEMD160_C)
if( todo.ripemd160 )
TIME_AND_TSC( "RIPEMD160", ripemd160( buf, BUFSIZE, tmp ) );
#endif
#if defined(POLARSSL_SHA1_C)
if( todo.sha1 )
TIME_AND_TSC( "SHA-1", sha1( buf, BUFSIZE, tmp ) );
#endif
#if defined(POLARSSL_SHA256_C)
if( todo.sha256 )
TIME_AND_TSC( "SHA-256", sha256( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(POLARSSL_SHA512_C)
if( todo.sha512 )
TIME_AND_TSC( "SHA-512", sha512( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(POLARSSL_ARC4_C)
if( todo.arc4 )
{
arc4_context arc4;
arc4_setup( &arc4, tmp, 32 );
TIME_AND_TSC( "ARC4", arc4_crypt( &arc4, BUFSIZE, buf, buf ) );
}
#endif
#if defined(POLARSSL_DES_C) && defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.des3 )
{
des3_context des3;
des3_set3key_enc( &des3, tmp );
TIME_AND_TSC( "3DES",
des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
}
if( todo.des )
{
des_context des;
des_setkey_enc( &des, tmp );
TIME_AND_TSC( "DES",
des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
}
#endif
#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.aes_cbc )
{
aes_context aes;
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "AES-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
aes_setkey_enc( &aes, tmp, keysize );
TIME_AND_TSC( title,
aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
}
}
#endif
#if defined(POLARSSL_GCM_C)
if( todo.aes_gcm )
{
gcm_context gcm;
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "AES-GCM-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
gcm_init( &gcm, POLARSSL_CIPHER_ID_AES, tmp, keysize );
TIME_AND_TSC( title,
gcm_crypt_and_tag( &gcm, GCM_ENCRYPT, BUFSIZE, tmp,
12, NULL, 0, buf, buf, 16, tmp ) );
gcm_free( &gcm );
}
}
#endif
#endif
#if defined(POLARSSL_CAMELLIA_C) && defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.camellia )
{
camellia_context camellia;
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
camellia_setkey_enc( &camellia, tmp, keysize );
TIME_AND_TSC( title,
camellia_crypt_cbc( &camellia, CAMELLIA_ENCRYPT,
BUFSIZE, tmp, buf, buf ) );
}
}
#endif
#if defined(POLARSSL_BLOWFISH_C) && defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.blowfish )
{
blowfish_context blowfish;
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
blowfish_setkey( &blowfish, tmp, keysize );
TIME_AND_TSC( title,
blowfish_crypt_cbc( &blowfish, BLOWFISH_ENCRYPT, BUFSIZE,
tmp, buf, buf ) );
}
}
#endif
#if defined(POLARSSL_HAVEGE_C)
if( todo.havege )
{
havege_state hs;
havege_init( &hs );
TIME_AND_TSC( "HAVEGE", havege_random( &hs, buf, BUFSIZE ) );
}
#endif
#if defined(POLARSSL_CTR_DRBG_C)
if( todo.ctr_drbg )
{
ctr_drbg_context ctr_drbg;
if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
exit(1);
TIME_AND_TSC( "CTR_DRBG (NOPR)",
if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
exit(1) );
if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
exit(1);
ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_ON );
TIME_AND_TSC( "CTR_DRBG (PR)",
if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
exit(1) );
}
int sign(unsigned char *output,unsigned char *input, int input_len, char *pri_key_file)
{
unsigned char * cipher = NULL;
unsigned char * k_c = NULL;
unsigned char sign[128];
int ret;
FILE *fkey;
rsa_context rsa_ctx;
havege_state prng_ctx;
cipher = (unsigned char *)malloc((32)*sizeof(char));
/* ********************** HASH controle integrite *********************** */
k_c = (unsigned char *)malloc(2*KEY_LENGTH*sizeof(unsigned char));
memset(k_c, 0, 2*KEY_LENGTH);
//generation de la clef symetrique de KEY_LENGTH bits
gen_key(k_c, KEY_LENGTH);
sha2_hmac(k_c, KEY_LENGTH, input, input_len, cipher, 0);
print_hex(k_c, KEY_LENGTH, "cle secrete utilisée pour le hash : ");
/* *** Read the private asymetric key in the file*** */
if( ( fkey = fopen( pri_key_file, "rb" ) ) == NULL ) {
ret = 1;
printf( " failed\n ! Could not open %s\n" \
" ! Please run rsa_genkey first\n\n",pri_key_file );
goto cleanup;
}
rsa_init( &rsa_ctx, RSA_PKCS_V15, 0 );
if( ( ret = mpi_read_file( &rsa_ctx.N , 16, fkey ) ) != 0 ||
( ret = mpi_read_file( &rsa_ctx.E , 16, fkey ) ) != 0 ||
( ret = mpi_read_file( &rsa_ctx.D , 16, fkey ) ) != 0 ||
( ret = mpi_read_file( &rsa_ctx.P , 16, fkey ) ) != 0 ||
( ret = mpi_read_file( &rsa_ctx.Q , 16, fkey ) ) != 0 ||
( ret = mpi_read_file( &rsa_ctx.DP, 16, fkey ) ) != 0 ||
( ret = mpi_read_file( &rsa_ctx.DQ, 16, fkey ) ) != 0 ||
( ret = mpi_read_file( &rsa_ctx.QP, 16, fkey ) ) != 0 )
{
printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto cleanup;
}
rsa_ctx.len = ( mpi_msb( &rsa_ctx.N ) + 7 ) >> 3;
fclose( fkey );
/* *** SYM_K(key) : chiffrement RSA de la clé de chiffrement key (16) => rsa-1024 bits = 128 octets en sortie *** */
/* *** cipher = ASYM_Kpriv (Hash) *** */
havege_init(&prng_ctx);
memset(sign, 0, 128);
if( ( ret = rsa_pkcs1_encrypt( &rsa_ctx, havege_random, &prng_ctx, RSA_PRIVATE, KEY_LENGTH, cipher, sign ) ) != 0 ) {
printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret );
goto cleanup;
}
print_hex(sign, sizeof(sign), "Hash chiffrée avec RSA : ");
/* *** ASYM_Kpub (K) *** */
output = (unsigned char *) malloc( 128 * sizeof(unsigned char));
memcpy(output, sign, 128);
cleanup:
if(cipher != NULL) {
memset(cipher, 0, 32);
free(cipher);
}
if(k_c != NULL) {
memset(k_c, 0, 2*KEY_LENGTH);
free(k_c);
}
memset(&prng_ctx,0x00, sizeof(havege_state));
memset(&rsa_ctx, 0x00, sizeof(rsa_ctx));
memset(sign, 0, 128);
return ret;
}
int main( void )
{
int ret;
rsa_context rsa;
havege_state hs;
FILE *fpub = NULL;
FILE *fpriv = NULL;
printf( "\n . Seeding the random number generator..." );
fflush( stdout );
havege_init( &hs );
printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
fflush( stdout );
rsa_init( &rsa, RSA_PKCS_V15, 0 );
if( ( ret = rsa_gen_key( &rsa, havege_rand, &hs, KEY_SIZE, EXPONENT ) ) != 0 )
{
printf( " failed\n ! rsa_gen_key returned %d\n\n", ret );
goto exit;
}
printf( " ok\n . Exporting the public key in rsa_pub.txt...." );
fflush( stdout );
if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL )
{
printf( " failed\n ! could not open rsa_pub.txt for writing\n\n" );
ret = 1;
goto exit;
}
if( ( ret = mpi_write_file( "N = ", &rsa.N, 16, fpub ) ) != 0 ||
( ret = mpi_write_file( "E = ", &rsa.E, 16, fpub ) ) != 0 )
{
printf( " failed\n ! mpi_write_file returned %d\n\n", ret );
goto exit;
}
printf( " ok\n . Exporting the private key in rsa_priv.txt..." );
fflush( stdout );
if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL )
{
printf( " failed\n ! could not open rsa_priv.txt for writing\n" );
ret = 1;
goto exit;
}
if( ( ret = mpi_write_file( "N = " , &rsa.N , 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "E = " , &rsa.E , 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "D = " , &rsa.D , 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "P = " , &rsa.P , 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "Q = " , &rsa.Q , 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "DP = ", &rsa.DP, 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "DQ = ", &rsa.DQ, 16, fpriv ) ) != 0 ||
( ret = mpi_write_file( "QP = ", &rsa.QP, 16, fpriv ) ) != 0 )
{
printf( " failed\n ! mpi_write_file returned %d\n\n", ret );
goto exit;
}
/*
printf( " ok\n . Generating the certificate..." );
x509write_init_raw( &cert );
x509write_add_pubkey( &cert, &rsa );
x509write_add_subject( &cert, "CN='localhost'" );
x509write_add_validity( &cert, "2007-09-06 17:00:32",
"2010-09-06 17:00:32" );
x509write_create_selfsign( &cert, &rsa );
x509write_crtfile( &cert, "cert.der", X509_OUTPUT_DER );
x509write_crtfile( &cert, "cert.pem", X509_OUTPUT_PEM );
x509write_free_raw( &cert );
*/
printf( " ok\n\n" );
exit:
if( fpub != NULL )
fclose( fpub );
if( fpriv != NULL )
fclose( fpriv );
rsa_free( &rsa );
#ifdef WIN32
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
int main( void )
{
int ret, len;
int listen_fd;
int client_fd;
unsigned char buf[1024];
havege_state hs;
ssl_context ssl;
ssl_session ssn;
x509_cert srvcert;
rsa_context rsa;
/*
* 1. Load the certificates and private RSA key
*/
printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
memset( &srvcert, 0, sizeof( x509_cert ) );
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use x509parse_crtfile() to read the
* server and CA certificates, as well as x509parse_keyfile().
*/
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
strlen( test_srv_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
goto exit;
}
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
strlen( test_ca_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
goto exit;
}
ret = x509parse_key( &rsa, (unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
printf( " failed\n ! x509parse_key returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 2. Setup the listening TCP socket
*/
printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
{
printf( " failed\n ! net_bind returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 3. Wait until a client connects
*/
#ifdef WIN32
ShellExecute( NULL, "open", "https://localhost:4433/",
NULL, NULL, SW_SHOWNORMAL );
#endif
client_fd = -1;
memset( &ssl, 0, sizeof( ssl ) );
accept:
net_close( client_fd );
ssl_free( &ssl );
printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
printf( " failed\n ! net_accept returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 4. Setup stuff
*/
printf( " . Setting up the RNG and SSL data...." );
fflush( stdout );
havege_init( &hs );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto accept;
}
printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
ssl_set_rng( &ssl, havege_rand, &hs );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
ssl_set_scb( &ssl, my_get_session,
my_set_session );
ssl_set_ciphers( &ssl, my_ciphers );
ssl_set_session( &ssl, 1, 0, &ssn );
memset( &ssn, 0, sizeof( ssl_session ) );
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
/*
* 5. Handshake
*/
printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_TRY_AGAIN )
{
printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
goto accept;
}
}
printf( " ok\n" );
/*
* 6. Read the HTTP Request
*/
printf( " < Read from client:" );
fflush( stdout );
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = ssl_read( &ssl, buf, len );
if( ret == POLARSSL_ERR_NET_TRY_AGAIN )
continue;
if( ret <= 0 )
{
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
printf( " connection was closed gracefully\n" );
break;
case POLARSSL_ERR_NET_CONN_RESET:
printf( " connection was reset by peer\n" );
break;
default:
printf( " ssl_read returned %d\n", ret );
break;
}
break;
}
len = ret;
printf( " %d bytes read\n\n%s", len, (char *) buf );
}
while( 0 );
/*
* 7. Write the 200 Response
*/
printf( " > Write to client:" );
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
ssl_get_cipher( &ssl ) );
while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
{
printf( " failed\n ! peer closed the connection\n\n" );
goto accept;
}
if( ret != POLARSSL_ERR_NET_TRY_AGAIN )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
printf( " %d bytes written\n\n%s\n", len, (char *) buf );
ssl_close_notify( &ssl );
goto accept;
exit:
net_close( client_fd );
x509_free( &srvcert );
rsa_free( &rsa );
ssl_free( &ssl );
cur = s_list_1st;
while( cur != NULL )
{
prv = cur;
cur = cur->next;
memset( prv, 0, sizeof( ssl_session ) );
free( prv );
}
memset( &ssl, 0, sizeof( ssl_context ) );
#ifdef WIN32
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
tcpcon_t *
tcp_connect(const char *hostname, int port, char *errbuf, size_t errbufsize,
int timeout, int ssl)
{
struct net_hostent *hp;
char *tmphstbuf;
int fd, r, err, herr, optval;
const char *errtxt;
struct sockaddr_in in;
socklen_t errlen = sizeof(int);
if(!strcmp(hostname, "localhost")) {
if((fd = getstreamsocket(AF_INET, errbuf, errbufsize)) == -1)
return NULL;
memset(&in, 0, sizeof(in));
in.sin_family = AF_INET;
in.sin_port = htons(port);
in.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
r = netConnect(fd, (struct sockaddr *)&in, sizeof(struct sockaddr_in));
} else {
herr = 0;
tmphstbuf = NULL; /* free NULL is a nop */
hp = netGetHostByName(hostname);
if(hp == NULL)
herr = h_errno;
if(herr != 0) {
switch(herr) {
case HOST_NOT_FOUND:
errtxt = "Unknown host";
break;
case NO_ADDRESS:
errtxt = "The requested name is valid but does not have an IP address";
break;
case NO_RECOVERY:
errtxt = "A non-recoverable name server error occurred";
break;
case TRY_AGAIN:
errtxt = "A temporary error occurred on an authoritative name server";
break;
default:
errtxt = "Unknown error";
break;
}
snprintf(errbuf, errbufsize, "%s", errtxt);
free(tmphstbuf);
return NULL;
} else if(hp == NULL) {
snprintf(errbuf, errbufsize, "Resolver internal error");
free(tmphstbuf);
return NULL;
}
if((fd = getstreamsocket(hp->h_addrtype, errbuf, errbufsize)) == -1) {
free(tmphstbuf);
return NULL;
}
switch(hp->h_addrtype) {
case AF_INET:
memset(&in, 0, sizeof(in));
in.sin_family = AF_INET;
in.sin_port = htons(port);
lv2_void* netaddrlist = (lv2_void*)(u64)hp->h_addr_list;
memcpy(&in.sin_addr, (char*)(u64)netaddrlist[0], sizeof(struct in_addr));
r = netConnect(fd, (struct sockaddr *)&in, sizeof(struct sockaddr_in));
break;
default:
snprintf(errbuf, errbufsize, "Invalid protocol family");
free(tmphstbuf);
return NULL;
}
free(tmphstbuf);
}
if(r < 0) {
if(net_errno == NET_EINPROGRESS) {
struct pollfd pfd;
pfd.fd = fd;
pfd.events = POLLOUT;
pfd.revents = 0;
r = netPoll(&pfd, 1, timeout);
if(r == 0) {
/* Timeout */
snprintf(errbuf, errbufsize, "Connection attempt timed out");
netClose(fd);
return NULL;
}
if(r == -1) {
snprintf(errbuf, errbufsize, "poll() error: %s",
strerror(net_errno));
netClose(fd);
return NULL;
}
netGetSockOpt(fd, SOL_SOCKET, SO_ERROR, (void *)&err, &errlen);
} else {
err = net_errno;
}
} else {
err = 0;
}
if(err != 0) {
snprintf(errbuf, errbufsize, "%s", strerror(err));
netClose(fd);
return NULL;
}
optval = 0;
r = netSetSockOpt(fd, SOL_SOCKET, SO_NBIO, &optval, sizeof(optval));
if(r < 0) {
snprintf(errbuf, errbufsize, "Unable to go blocking: %s",
strerror(net_errno));
netClose(fd);
return NULL;
}
tcpcon_t *tc = calloc(1, sizeof(tcpcon_t));
tc->fd = fd;
htsbuf_queue_init(&tc->spill, 0);
if(ssl) {
#if ENABLE_POLARSSL
if(1) {
tc->ssl = malloc(sizeof(ssl_context));
if(ssl_init(tc->ssl)) {
snprintf(errbuf, errlen, "SSL failed to initialize");
close(fd);
free(tc->ssl);
free(tc);
return NULL;
}
tc->ssn = malloc(sizeof(ssl_session));
tc->hs = malloc(sizeof(havege_state));
havege_init(tc->hs);
memset(tc->ssn, 0, sizeof(ssl_session));
ssl_set_endpoint(tc->ssl, SSL_IS_CLIENT );
ssl_set_authmode(tc->ssl, SSL_VERIFY_NONE );
ssl_set_rng(tc->ssl, havege_rand, tc->hs );
ssl_set_bio(tc->ssl, net_recv, &tc->fd, net_send, &tc->fd);
ssl_set_ciphers(tc->ssl, ssl_default_ciphers );
ssl_set_session(tc->ssl, 1, 600, tc->ssn );
tc->read = polarssl_read;
tc->write = polarssl_write;
} else
#endif
{
snprintf(errbuf, errlen, "SSL not supported");
tcp_close(tc);
return NULL;
}
} else {
tc->read = tcp_read;
tc->write = tcp_write;
}
return tc;
}
void app_send(char *key, char *message, int message_len)
/*@ requires polarssl_generated_values(?creator, ?count1) &*&
[?f0]polarssl_world(sc_auth_polarssl_pub) &*&
[?f1]polarssl_cryptogram(key, KEY_BYTE_SIZE, ?key_cs, ?key_cg) &*&
key_cg == polarssl_symmetric_key(creator, ?key_id) &*&
[?f2]chars(message, message_len, ?m_cs) &*&
message_len >= POLARSSL_MIN_ENCRYPTED_BYTE_SIZE &*&
message_len < POLARSSL_MAX_MESSAGE_BYTE_SIZE - 84 &*&
bad(creator) ?
[_]polarssl_public_generated_chars(sc_auth_polarssl_pub)(m_cs)
:
true == app_send_event(creator, m_cs);
@*/
/*@ ensures polarssl_generated_values(creator, ?count2) &*& count2 > count1 &*&
[f0]polarssl_world(sc_auth_polarssl_pub) &*&
[f1]polarssl_cryptogram(key, KEY_BYTE_SIZE, key_cs, key_cg) &*&
[f2]chars(message, message_len, m_cs);
@*/
{
int socket;
havege_state havege_state;
char iv[16];
// init
{
net_usleep(20000);
if(net_connect(&socket, NULL, APP_RECEIVE_PORT) != 0)
abort();
if(net_set_block(socket) != 0)
abort();
//@ close havege_state(&havege_state);
havege_init(&havege_state);
}
// iv stuff
{
//@ close random_request(creator, 0, false);
if (havege_random(&havege_state, iv, 16) != 0) abort();
}
//@ open polarssl_cryptogram(iv, 16, ?iv_cs, _);
char* m = malloc(16 + message_len + 16);
if (m == 0) abort();
memcpy(m, iv, 16);
//@ assert chars(m, 16, iv_cs);
//@ assert chars(m + 16, message_len + 16, ?cs1);
//@ polarssl_public_generated_chars_assume(sc_auth_polarssl_pub, iv_cs);
// encrypt message
{
unsigned int temp;
gcm_context gcm_context;
//@ close gcm_context(&gcm_context);
//@ open [f1]polarssl_cryptogram(key, KEY_BYTE_SIZE, key_cs, key_cg);
//@ close polarssl_key_id(creator, key_id);
if (gcm_init(&gcm_context, POLARSSL_AES_CIPHER_ID, key,
(unsigned int) KEY_BYTE_SIZE * 8) != 0) abort();
//@ close [f1]polarssl_cryptogram(key, KEY_BYTE_SIZE, key_cs, key_cg);
//@ chars_split(m + 16, message_len);
if (gcm_crypt_and_tag(&gcm_context, POLARSSL_GCM_ENCRYPT,
(unsigned int) message_len,
iv, 16, NULL, 0, message, m + 16, 16,
(char*) ((m + 16) + message_len)) != 0)
abort();
gcm_free(&gcm_context);
//@ open gcm_context(&gcm_context);
}
//@ assert polarssl_cryptogram(m + 16, message_len, ?e_cs, ?e_cg);
/*@ assert e_cg == polarssl_auth_encrypted(
creator, key_id, ?t_cs, m_cs, iv_cs); @*/
//@ close sc_auth_polarssl_pub(e_cg);
//@ leak sc_auth_polarssl_pub(e_cg);
/*@ polarssl_public_message_from_cryptogram(
sc_auth_polarssl_pub, m + 16, message_len, e_cs, e_cg); @*/
/*@ open polarssl_public_message(sc_auth_polarssl_pub)
(m + 16, message_len, e_cs); @*/
//@ assert chars(m + 16 + message_len, 16, t_cs);
//@ chars_join(m);
//@ chars_join(m);
//@ assert chars(m, 16 + message_len + 16, ?cs);
//@ append_assoc(iv_cs, e_cs, t_cs);
//@ assert cs == append(iv_cs, append(e_cs, t_cs));
//@ polarssl_public_generated_chars_assume(sc_auth_polarssl_pub, t_cs);
/*@ polarssl_public_generated_chars_join(
sc_auth_polarssl_pub, iv_cs, e_cs); @*/
/*@ polarssl_public_generated_chars_join(
sc_auth_polarssl_pub, append(iv_cs, e_cs), t_cs); @*/
/*@ close polarssl_public_message(sc_auth_polarssl_pub)
(m, 16 + message_len + 16,
append(iv_cs, append(e_cs, t_cs))); @*/
net_send(&socket, m, (unsigned int) 16 + (unsigned int) message_len + 16);
//@ open polarssl_public_message(sc_auth_polarssl_pub)(m, _, _);
{
free(m);
havege_free(&havege_state);
//@ open havege_state(&havege_state);
net_close(socket);
}
}
static CURLcode
polarssl_connect_step1(struct connectdata *conn,
int sockindex)
{
struct SessionHandle *data = conn->data;
struct ssl_connect_data* connssl = &conn->ssl[sockindex];
bool sni = TRUE; /* default is SNI enabled */
int ret = -1;
#ifdef ENABLE_IPV6
struct in6_addr addr;
#else
struct in_addr addr;
#endif
void *old_session = NULL;
size_t old_session_size = 0;
char errorbuf[128];
memset(errorbuf, 0, sizeof(errorbuf));
/* PolarSSL only supports SSLv3 and TLSv1 */
if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
failf(data, "PolarSSL does not support SSLv2");
return CURLE_SSL_CONNECT_ERROR;
}
else if(data->set.ssl.version == CURL_SSLVERSION_SSLv3)
sni = FALSE; /* SSLv3 has no SNI */
#if POLARSSL_VERSION_NUMBER<0x01010000
havege_init(&connssl->hs);
#else
#ifdef THREADING_SUPPORT
entropy_init_mutex(&entropy);
if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func_mutex, &entropy,
connssl->ssn.id, connssl->ssn.length)) != 0) {
#ifdef POLARSSL_ERROR_C
error_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* POLARSSL_ERROR_C */
failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n",
-ret, errorbuf);
}
#else
entropy_init(&connssl->entropy);
if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func, &connssl->entropy,
connssl->ssn.id, connssl->ssn.length)) != 0) {
#ifdef POLARSSL_ERROR_C
error_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* POLARSSL_ERROR_C */
failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n",
-ret, errorbuf);
}
#endif /* THREADING_SUPPORT */
#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */
/* Load the trusted CA */
memset(&connssl->cacert, 0, sizeof(x509_cert));
if(data->set.str[STRING_SSL_CAFILE]) {
ret = x509parse_crtfile(&connssl->cacert,
data->set.str[STRING_SSL_CAFILE]);
if(ret<0) {
#ifdef POLARSSL_ERROR_C
error_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* POLARSSL_ERROR_C */
failf(data, "Error reading ca cert file %s - PolarSSL: (-0x%04X) %s",
data->set.str[STRING_SSL_CAFILE], -ret, errorbuf);
if(data->set.ssl.verifypeer)
return CURLE_SSL_CACERT_BADFILE;
}
}
/* Load the client certificate */
memset(&connssl->clicert, 0, sizeof(x509_cert));
if(data->set.str[STRING_CERT]) {
ret = x509parse_crtfile(&connssl->clicert,
data->set.str[STRING_CERT]);
if(ret) {
#ifdef POLARSSL_ERROR_C
error_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* POLARSSL_ERROR_C */
failf(data, "Error reading client cert file %s - PolarSSL: (-0x%04X) %s",
data->set.str[STRING_CERT], -ret, errorbuf);
return CURLE_SSL_CERTPROBLEM;
}
}
/* Load the client private key */
if(data->set.str[STRING_KEY]) {
ret = x509parse_keyfile(&connssl->rsa,
data->set.str[STRING_KEY],
data->set.str[STRING_KEY_PASSWD]);
if(ret) {
#ifdef POLARSSL_ERROR_C
error_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* POLARSSL_ERROR_C */
failf(data, "Error reading private key %s - PolarSSL: (-0x%04X) %s",
data->set.str[STRING_KEY], -ret, errorbuf);
return CURLE_SSL_CERTPROBLEM;
}
}
/* Load the CRL */
memset(&connssl->crl, 0, sizeof(x509_crl));
if(data->set.str[STRING_SSL_CRLFILE]) {
ret = x509parse_crlfile(&connssl->crl,
data->set.str[STRING_SSL_CRLFILE]);
if(ret) {
#ifdef POLARSSL_ERROR_C
error_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* POLARSSL_ERROR_C */
failf(data, "Error reading CRL file %s - PolarSSL: (-0x%04X) %s",
data->set.str[STRING_SSL_CRLFILE], -ret, errorbuf);
return CURLE_SSL_CRL_BADFILE;
}
}
infof(data, "PolarSSL: Connecting to %s:%d\n",
conn->host.name, conn->remote_port);
if(ssl_init(&connssl->ssl)) {
failf(data, "PolarSSL: ssl_init failed");
return CURLE_SSL_CONNECT_ERROR;
}
ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);
ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);
#if POLARSSL_VERSION_NUMBER<0x01010000
ssl_set_rng(&connssl->ssl, havege_rand,
&connssl->hs);
#else
ssl_set_rng(&connssl->ssl, ctr_drbg_random,
&connssl->ctr_drbg);
#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */
ssl_set_bio(&connssl->ssl,
net_recv, &conn->sock[sockindex],
net_send, &conn->sock[sockindex]);
#if POLARSSL_VERSION_NUMBER<0x01000000
ssl_set_ciphers(&connssl->ssl, ssl_default_ciphers);
#else
ssl_set_ciphersuites(&connssl->ssl, ssl_default_ciphersuites);
#endif
if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
memcpy(&connssl->ssn, old_session, old_session_size);
infof(data, "PolarSSL re-using session\n");
}
/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's
1.1.4 version and the like */
#if POLARSSL_VERSION_NUMBER<0x01020000
ssl_set_session(&connssl->ssl, 1, 600,
&connssl->ssn);
#else
ssl_set_session(&connssl->ssl,
&connssl->ssn);
#endif
ssl_set_ca_chain(&connssl->ssl,
&connssl->cacert,
&connssl->crl,
conn->host.name);
ssl_set_own_cert(&connssl->ssl,
&connssl->clicert, &connssl->rsa);
if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&
#ifdef ENABLE_IPV6
!Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&
#endif
sni && ssl_set_hostname(&connssl->ssl, conn->host.name)) {
infof(data, "WARNING: failed to configure "
"server name indication (SNI) TLS extension\n");
}
#ifdef POLARSSL_DEBUG
ssl_set_dbg(&connssl->ssl, polarssl_debug, data);
#endif
connssl->connecting_state = ssl_connect_2;
return CURLE_OK;
}
tcpcon_t *
tcp_connect(const char *hostname, int port, char *errbuf, size_t errbufsize,
int timeout, int ssl)
{
struct hostent *hp;
char *tmphstbuf;
int fd, val, r, err, herr;
const char *errtxt;
#if !defined(__APPLE__)
struct hostent hostbuf;
size_t hstbuflen;
int res;
#endif
struct sockaddr_in6 in6;
struct sockaddr_in in;
socklen_t errlen = sizeof(int);
if(!strcmp(hostname, "localhost")) {
if((fd = getstreamsocket(AF_INET, errbuf, errbufsize)) == -1)
return NULL;
memset(&in, 0, sizeof(in));
in.sin_family = AF_INET;
in.sin_port = htons(port);
in.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
r = connect(fd, (struct sockaddr *)&in, sizeof(struct sockaddr_in));
} else {
#if defined(__APPLE__)
herr = 0;
tmphstbuf = NULL; /* free NULL is a nop */
/* TODO: AF_INET6 */
hp = gethostbyname(hostname);
if(hp == NULL)
herr = h_errno;
#else
hstbuflen = 1024;
tmphstbuf = malloc(hstbuflen);
while((res = gethostbyname_r(hostname, &hostbuf, tmphstbuf, hstbuflen,
&hp, &herr)) == ERANGE) {
hstbuflen *= 2;
tmphstbuf = realloc(tmphstbuf, hstbuflen);
}
#endif
if(herr != 0) {
switch(herr) {
case HOST_NOT_FOUND:
errtxt = "Unknown host";
break;
case NO_ADDRESS:
errtxt = "The requested name is valid but does not have an IP address";
break;
case NO_RECOVERY:
errtxt = "A non-recoverable name server error occurred";
break;
case TRY_AGAIN:
errtxt = "A temporary error occurred on an authoritative name server";
break;
default:
errtxt = "Unknown error";
break;
}
snprintf(errbuf, errbufsize, "%s", errtxt);
free(tmphstbuf);
return NULL;
} else if(hp == NULL) {
snprintf(errbuf, errbufsize, "Resolver internal error");
free(tmphstbuf);
return NULL;
}
if((fd = getstreamsocket(hp->h_addrtype, errbuf, errbufsize)) == -1) {
free(tmphstbuf);
return NULL;
}
switch(hp->h_addrtype) {
case AF_INET:
memset(&in, 0, sizeof(in));
in.sin_family = AF_INET;
in.sin_port = htons(port);
memcpy(&in.sin_addr, hp->h_addr_list[0], sizeof(struct in_addr));
r = connect(fd, (struct sockaddr *)&in, sizeof(struct sockaddr_in));
break;
case AF_INET6:
memset(&in6, 0, sizeof(in6));
in6.sin6_family = AF_INET6;
in6.sin6_port = htons(port);
memcpy(&in6.sin6_addr, hp->h_addr_list[0], sizeof(struct in6_addr));
r = connect(fd, (struct sockaddr *)&in, sizeof(struct sockaddr_in6));
break;
default:
snprintf(errbuf, errbufsize, "Invalid protocol family");
free(tmphstbuf);
return NULL;
}
free(tmphstbuf);
}
if(r == -1) {
if(errno == EINPROGRESS) {
struct pollfd pfd;
pfd.fd = fd;
pfd.events = POLLOUT;
pfd.revents = 0;
r = poll(&pfd, 1, timeout);
if(r == 0) {
/* Timeout */
snprintf(errbuf, errbufsize, "Connection attempt timed out");
close(fd);
return NULL;
}
if(r == -1) {
snprintf(errbuf, errbufsize, "poll() error: %s", strerror(errno));
close(fd);
return NULL;
}
getsockopt(fd, SOL_SOCKET, SO_ERROR, (void *)&err, &errlen);
} else {
err = errno;
}
} else {
err = 0;
}
if(err != 0) {
snprintf(errbuf, errbufsize, "%s", strerror(err));
close(fd);
return NULL;
}
fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_NONBLOCK);
val = 1;
setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val));
tcpcon_t *tc = calloc(1, sizeof(tcpcon_t));
tc->fd = fd;
htsbuf_queue_init(&tc->spill, 0);
if(ssl) {
#if ENABLE_OPENSSL
if(showtime_ssl_ctx != NULL) {
char errmsg[120];
if((tc->ssl = SSL_new(showtime_ssl_ctx)) == NULL) {
ERR_error_string(ERR_get_error(), errmsg);
snprintf(errbuf, errlen, "SSL: %s", errmsg);
tcp_close(tc);
return NULL;
}
if(SSL_set_fd(tc->ssl, tc->fd) == 0) {
ERR_error_string(ERR_get_error(), errmsg);
snprintf(errbuf, errlen, "SSL fd: %s", errmsg);
tcp_close(tc);
return NULL;
}
if(SSL_connect(tc->ssl) <= 0) {
ERR_error_string(ERR_get_error(), errmsg);
snprintf(errbuf, errlen, "SSL connect: %s", errmsg);
tcp_close(tc);
return NULL;
}
SSL_set_mode(tc->ssl, SSL_MODE_AUTO_RETRY);
tc->read = ssl_read;
tc->write = ssl_write;
} else
#elif ENABLE_POLARSSL
if(1) {
tc->ssl = malloc(sizeof(ssl_context));
if(ssl_init(tc->ssl)) {
snprintf(errbuf, errlen, "SSL failed to initialize");
close(fd);
free(tc->ssl);
free(tc);
return NULL;
}
tc->ssn = malloc(sizeof(ssl_session));
tc->hs = malloc(sizeof(havege_state));
havege_init(tc->hs);
memset(tc->ssn, 0, sizeof(ssl_session));
ssl_set_endpoint(tc->ssl, SSL_IS_CLIENT );
ssl_set_authmode(tc->ssl, SSL_VERIFY_NONE );
ssl_set_rng(tc->ssl, havege_rand, tc->hs );
ssl_set_bio(tc->ssl, net_recv, &tc->fd, net_send, &tc->fd);
ssl_set_ciphers(tc->ssl, ssl_default_ciphers );
ssl_set_session(tc->ssl, 1, 600, tc->ssn );
tc->read = polarssl_read;
tc->write = polarssl_write;
} else
#endif
{
snprintf(errbuf, errlen, "SSL not supported");
tcp_close(tc);
return NULL;
}
} else {
tc->read = tcp_read;
tc->write = tcp_write;
}
return tc;
}
