void parse_opts(int argc, char** argv)
{
int ch;
// Parse the options/switches
while ((ch = getopt(argc, argv, "v:k:m:?")) != -1)
switch (ch) {
case 'k':
key = optarg;
loadkey( key );
break;
case 'm':
str = optarg;
break;
case 'v':
initv = optarg;
loadMessage(initv);
break;
case '?':
default:
usage();
break;
}
}
static int
check_response(char *challenge, char *response, char *key)
{
char buf[20];
#ifdef KOONTZ_DES
extern void des (union LR_block *);
extern void loadkey(char *,int);
extern void set_des_mode(int);
union LR_block data;
strncpy((char *)data.string, (char *)challenge, 8);
set_des_mode(ENCRYPT);
loadkey(key, NOSHIFT);
des(&data);
memset(key, 0, 8); /* no need for the secret key anymore, scratch it */
sprintf(buf, "%2.2X%2.2X%2.2X%2.2X",
(int)(data.LR[0]) & 0xff,
(int)(data.LR[0]>>8) & 0xff,
(int)(data.LR[0]>>16) & 0xff,
(int)(data.LR[0]>>24) & 0xff);
#endif /* KOONTZ_DES */
#ifdef EAY_LIBDES
des_cblock res;
des_key_schedule ks;
des_set_key((des_cblock *)key, ks);
memset(key, 0, 8);
des_ecb_encrypt((des_cblock *)challenge, &res, ks, DES_ENCRYPT);
#ifdef LITTLE_ENDIAN
/* use this on Intel x86 boxes */
sprintf(buf, "%2.2X%2.2X%2.2X%2.2X",
res[0], res[1], res[2], res[3]);
#else /* ie. BIG_ENDIAN */
/* use this on big endian RISC boxes */
sprintf(buf, "%2.2X%2.2X%2.2X%2.2X",
res[3], res[2], res[1], res[0]);
#endif /* LITTLE_ENDIAN */
#endif /* EAY_LIBDES */
/* return success only if ALL requirements have been met */
if (strncmp(buf, response, 8) == 0)
return 1;
return 0;
}
int
main(int argc, char **argv) {
char *algname = NULL, *classname = NULL;
char *filename = NULL, *dir = NULL, *namestr;
char *lookaside = NULL;
char *endp;
int ch;
unsigned int dtype = DNS_DSDIGEST_SHA1;
isc_boolean_t both = ISC_TRUE;
isc_boolean_t usekeyset = ISC_FALSE;
isc_boolean_t showall = ISC_FALSE;
isc_result_t result;
isc_log_t *log = NULL;
isc_entropy_t *ectx = NULL;
dns_rdataset_t rdataset;
dns_rdata_t rdata;
dns_rdata_init(&rdata);
if (argc == 1)
usage();
result = isc_mem_create(0, 0, &mctx);
if (result != ISC_R_SUCCESS)
fatal("out of memory");
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv,
"12Aa:c:d:Ff:K:l:sv:h")) != -1) {
switch (ch) {
case '1':
dtype = DNS_DSDIGEST_SHA1;
both = ISC_FALSE;
break;
case '2':
dtype = DNS_DSDIGEST_SHA256;
both = ISC_FALSE;
break;
case 'A':
showall = ISC_TRUE;
break;
case 'a':
algname = isc_commandline_argument;
both = ISC_FALSE;
break;
case 'c':
classname = isc_commandline_argument;
break;
case 'd':
fprintf(stderr, "%s: the -d option is deprecated; "
"use -K\n", program);
/* fall through */
case 'K':
dir = isc_commandline_argument;
if (strlen(dir) == 0U)
fatal("directory must be non-empty string");
break;
case 'f':
filename = isc_commandline_argument;
break;
case 'l':
lookaside = isc_commandline_argument;
if (strlen(lookaside) == 0U)
fatal("lookaside must be a non-empty string");
break;
case 's':
usekeyset = ISC_TRUE;
break;
case 'v':
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
fatal("-v must be followed by a number");
break;
case 'F':
/* Reserved for FIPS mode */
/* FALLTHROUGH */
case '?':
if (isc_commandline_option != '?')
fprintf(stderr, "%s: invalid argument -%c\n",
program, isc_commandline_option);
/* FALLTHROUGH */
case 'h':
usage();
default:
fprintf(stderr, "%s: unhandled option -%c\n",
program, isc_commandline_option);
exit(1);
}
}
if (algname != NULL) {
if (strcasecmp(algname, "SHA1") == 0 ||
strcasecmp(algname, "SHA-1") == 0)
dtype = DNS_DSDIGEST_SHA1;
else if (strcasecmp(algname, "SHA256") == 0 ||
strcasecmp(algname, "SHA-256") == 0)
dtype = DNS_DSDIGEST_SHA256;
#ifdef HAVE_OPENSSL_GOST
else if (strcasecmp(algname, "GOST") == 0)
dtype = DNS_DSDIGEST_GOST;
#endif
else if (strcasecmp(algname, "SHA384") == 0 ||
strcasecmp(algname, "SHA-384") == 0)
dtype = DNS_DSDIGEST_SHA384;
else
fatal("unknown algorithm %s", algname);
}
rdclass = strtoclass(classname);
if (usekeyset && filename != NULL)
fatal("cannot use both -s and -f");
/* When not using -f, -A is implicit */
if (filename == NULL)
showall = ISC_TRUE;
if (argc < isc_commandline_index + 1 && filename == NULL)
fatal("the key file name was not specified");
if (argc > isc_commandline_index + 1)
fatal("extraneous arguments");
if (ectx == NULL)
setup_entropy(mctx, NULL, &ectx);
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
if (result != ISC_R_SUCCESS)
fatal("could not initialize hash");
result = dst_lib_init(mctx, ectx,
ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
if (result != ISC_R_SUCCESS)
fatal("could not initialize dst: %s",
isc_result_totext(result));
isc_entropy_stopcallbacksources(ectx);
setup_logging(verbose, mctx, &log);
dns_rdataset_init(&rdataset);
if (usekeyset || filename != NULL) {
if (argc < isc_commandline_index + 1 && filename != NULL) {
/* using zone name as the zone file name */
namestr = filename;
} else
namestr = argv[isc_commandline_index];
result = initname(namestr);
if (result != ISC_R_SUCCESS)
fatal("could not initialize name %s", namestr);
if (usekeyset)
result = loadkeyset(dir, &rdataset);
else
result = loadsetfromfile(filename, &rdataset);
if (result != ISC_R_SUCCESS)
fatal("could not load DNSKEY set: %s\n",
isc_result_totext(result));
for (result = dns_rdataset_first(&rdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset)) {
dns_rdata_init(&rdata);
dns_rdataset_current(&rdataset, &rdata);
if (verbose > 2)
logkey(&rdata);
if (both) {
emit(DNS_DSDIGEST_SHA1, showall, lookaside,
&rdata);
emit(DNS_DSDIGEST_SHA256, showall, lookaside,
&rdata);
} else
emit(dtype, showall, lookaside, &rdata);
}
} else {
unsigned char key_buf[DST_KEY_MAXSIZE];
loadkey(argv[isc_commandline_index], key_buf,
DST_KEY_MAXSIZE, &rdata);
if (both) {
emit(DNS_DSDIGEST_SHA1, showall, lookaside, &rdata);
emit(DNS_DSDIGEST_SHA256, showall, lookaside, &rdata);
} else
emit(dtype, showall, lookaside, &rdata);
}
if (dns_rdataset_isassociated(&rdataset))
dns_rdataset_disassociate(&rdataset);
cleanup_logging(&log);
dst_lib_destroy();
isc_hash_destroy();
cleanup_entropy(&ectx);
dns_name_destroy();
if (verbose > 10)
isc_mem_stats(mctx, stdout);
isc_mem_destroy(&mctx);
fflush(stdout);
if (ferror(stdout)) {
fprintf(stderr, "write error\n");
return (1);
} else
return (0);
}
int main(int argc, char **argv)
{
int n, payloadlen, offset, plen, c;
UCHAR encrypted[BLEN], plaintext[BLEN];
UCHAR sender_pubkey[crypto_box_PUBLICKEYBYTES];
UCHAR receiver_secretkey[crypto_box_SECRETKEYBYTES];
UCHAR nonce[crypto_box_NONCEBYTES];
char message[BLEN], *m;
char *p, *b_text, *b_nonce;
char *delimiters = ":";
if (argc != 3) {
fprintf(stderr, "Usage: %s FROMpubkey-file TOprivkey-file\n", *argv);
return (1);
}
sodium_init();
if (loadkey(argv[1], sender_pubkey, crypto_box_PUBLICKEYBYTES) != crypto_box_PUBLICKEYBYTES) {
fprintf(stderr, "Can't load %s: size mismatch\n", argv[1]);
exit(2);
}
if (loadkey(argv[2], receiver_secretkey, crypto_box_SECRETKEYBYTES) != crypto_box_SECRETKEYBYTES) {
fprintf(stderr, "Can't load %s: size mismatch\n", argv[2]);
exit(2);
}
// dumpkeys(receiver_secretkey, sender_pubkey);
/* Read stdin for message consisting of b64nonce : b64crypted */
for (c = fgetc(stdin), p = message, n = 0;
(n < BLEN) && (c != EOF);
c = fgetc(stdin), n++) {
*p++ = c;
*p = 0;
}
/* Warning: message string is being altered by strsep() */
m = message;
b_nonce = strsep(&m, delimiters);
b_text = strsep(&m, delimiters);
n = base64_decode(b_nonce, nonce);
assert(n == crypto_box_NONCEBYTES);
#if 0
/*
* PyNacl's encrypted output contains the nonce in the first
* 24 octets of the encrypted result. I'm pointing `nonce'
* to the beginning of that buffer.
*/
offset = crypto_box_NONCEBYTES;
#endif
offset = 0;
n = base64_decode(b_text, encrypted);
if (n < 0) {
fprintf(stderr, "b64decode failed to decode payload\n");
exit(1);
}
payloadlen = n - offset;
plen = decrypt(plaintext, sender_pubkey, receiver_secretkey, nonce, encrypted + offset, payloadlen);
if (plen < 0) {
fprintf(stderr, "Cannot decrypt payload\n");
exit(1);
}
write(1, plaintext, plen);
return 0;
}
