int main(int argc, char *argv[]) { unsigned char str[BUFFER_SIZE] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; unsigned char *ciphertext, *plaintext; int len, olen; /* We add 1 because we're encrypting a string which has a NULL Terminator * and want the NULL terminator to be present when we decrypt */ olen = len = strlen((const char*)str) + 1; printf("Plaintext length: %d\n", len); printf("String to be encrypted = {%s}\n\n", str); printf("Begin to encrypt...\n"); ciphertext = rsa_encrypt(str, &len); printf("Begin to decrypt..\n"); plaintext = rsa_decrypt(ciphertext, &olen); if (strncmp((const char *)plaintext, (const char *)str, olen)) printf("\nFailed for the plaintext: {%s}\n", str); else printf("\nOk, Decrypted string = {%s}\n", plaintext); free(ciphertext); free(plaintext); return 0; }
int rsa_key_exchange( rsa_key *public_key, unsigned char *premaster_secret, unsigned char **key_exchange_message ) { int i; unsigned char *encrypted_premaster_secret = NULL; int encrypted_length; // first two bytes are protocol version premaster_secret[ 0 ] = TLS_VERSION_MAJOR; premaster_secret[ 1 ] = TLS_VERSION_MINOR; for ( i = 2; i < MASTER_SECRET_LENGTH; i++ ) { // XXX SHOULD BE RANDOM! premaster_secret[ i ] = i; } encrypted_length = rsa_encrypt( premaster_secret, MASTER_SECRET_LENGTH, &encrypted_premaster_secret, public_key ); *key_exchange_message = ( unsigned char * ) malloc( encrypted_length + 2 ); (*key_exchange_message)[ 0 ] = 0; (*key_exchange_message)[ 1 ] = encrypted_length; memcpy( (*key_exchange_message) + 2, encrypted_premaster_secret, encrypted_length ); free( encrypted_premaster_secret ); return encrypted_length + 2; }
/* =============== SV_RSAGenMsg Generate an encrypted RSA message =============== */ int SV_RSAGenMsg( const char *pubkey, char *cleartext, char *encrypted ) { struct rsa_public_key public_key; mpz_t message; unsigned char buffer[ RSA_KEY_LENGTH / 8 - 11 ]; int retval; Com_RandomBytes( buffer, RSA_KEY_LENGTH / 8 - 11 ); nettle_mpz_init_set_str_256_u( message, RSA_KEY_LENGTH / 8 - 11, buffer ); mpz_get_str( cleartext, 16, message ); rsa_public_key_init( &public_key ); mpz_set_ui( public_key.e, RSA_PUBLIC_EXPONENT ); retval = mpz_set_str( public_key.n, pubkey, 16 ) + 1; if ( retval ) { rsa_public_key_prepare( &public_key ); retval = rsa_encrypt( &public_key, NULL, qnettle_random, RSA_KEY_LENGTH / 8 - 11, buffer, message ); } rsa_public_key_clear( &public_key ); mpz_get_str( encrypted, 16, message ); mpz_clear( message ); return retval; }
void challenge_39() { mpz_t n, e, d; char *p_str = "38b689c351cf329d5efd5676b"; char *q_str = "54060a750a88d007bd41db2cb"; rsa_keygen(p_str, q_str, n, e, d); size_t pt_len = 32, ct_len = 0; unsigned char pt[200] = "yellow submarineyellow submarine"; unsigned char ct[200] = {0}; mpz_out_str(stdout, 16, n); printf("\n"); mpz_out_str(stdout, 16, e); printf("\n"); mpz_out_str(stdout, 16, d); printf("\n"); rsa_encrypt(pt, pt_len, ct, ct_len, n, e); memset(pt, 0, 32); rsa_decrypt(ct, ct_len, pt, pt_len, n, d); printf("Plaintext length: %ld\n", pt_len); print_binary(pt, pt_len); }
/* 返回值不为空时用完需要释放 */ long long * rsa_api_encrypt_buffer(char *pub_key, int buf_len, char * buffer, int len) { if ((NULL == pub_key) || (buf_len < PUB_KEY_LEN*2)) { os_printf("invalid param \n"); return NULL; } char mod_buf[PUB_KEY_LEN] = {0}; char exp_buf[PUB_KEY_LEN] = {0}; int i; for (i=0; i<PUB_KEY_LEN; i++) { if ('0' != pub_key[i]) { break; } } if (i >= PUB_KEY_LEN) { os_printf("string invalid \n"); return NULL; } memcpy(mod_buf, &pub_key[i], PUB_KEY_LEN - i); for (i=PUB_KEY_LEN; i<PUB_KEY_LEN*2; i++) { if ('0' != pub_key[i]) { break; } } if (i >= PUB_KEY_LEN*2) { os_printf("string invalid \n"); return NULL; } memcpy(exp_buf, &pub_key[i], PUB_KEY_LEN*2 - i); struct public_key_class pub; pub.modulus = atoll(mod_buf); pub.exponent = atoll(exp_buf); //os_sscanf(mod_buf, "%lld", &pub.modulus); //os_sscanf(exp_buf, "%lld", &pub.exponent); os_printf("get pub %lld %lld \n", pub.modulus, pub.exponent); long long *encrypted = rsa_encrypt(buffer, len, &pub); if (NULL == encrypted) { os_printf("rsa enc failed \n"); return NULL; } return encrypted; }
//按PKCS#1标准加密 void rsa_encrypt_pkcs(unsigned char* plain, unsigned int plain_len,vlong& cipher, RSA_KEY& pubkey) { unsigned char pbEncBuf[128]={0}; vlong tmp_plain; PKCS_Encode(plain,plain_len,pbEncBuf,128); //编码 PKCS_OS2IP(pbEncBuf,128,tmp_plain); //转为integer cipher = rsa_encrypt(tmp_plain,pubkey.key,pubkey.modulus); //加密 PKCS_I2OSP(cipher,pbEncBuf,128); //转为octet string cipher.load((UINT*)pbEncBuf,128/4); //转为vlong保存 }
static int _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo, gnutls_datum_t * ciphertext, const gnutls_datum_t * plaintext, const gnutls_pk_params_st * pk_params) { int ret; mpz_t p; mpz_init(p); switch (algo) { case GNUTLS_PK_RSA: { struct rsa_public_key pub; _rsa_params_to_pubkey(pk_params, &pub); ret = rsa_encrypt(&pub, NULL, rnd_func, plaintext->size, plaintext->data, p); if (ret == 0) { ret = gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED); goto cleanup; } ret = _gnutls_mpi_dprint_size(p, ciphertext, pub.size); if (ret < 0) { gnutls_assert(); goto cleanup; } break; } default: gnutls_assert(); ret = GNUTLS_E_INTERNAL_ERROR; goto cleanup; } ret = 0; cleanup: mpz_clear(p); FAIL_IF_LIB_ERROR; return ret; }
/* encrypts (or decrypts) with private key, not sensitive to timing attacks (blind encryption) */ void rsa_encrypt_secure(BIGNUM* m, const BIGNUM* d, const BIGNUM* e, const BIGNUM* n, const unsigned char * r_bin, int r_len) { BN_CTX *ctx; BIGNUM *tmp = BN_new(); BIGNUM *r = BN_new(); BIGNUM *r_inv = BN_new(); ctx = BN_CTX_new(); BN_bin2bn(r_bin, r_len, r); BN_mod(r, r, n, ctx); /* r = r % n */ /* printf(" r input: ");BN_print_fp(stdout, r); printf(" n: ");BN_print_fp(stdout, n); printf("\n"); */ BN_mod(tmp, n, r, ctx); /*printf("r=");BN_print_fp(stdout, r); printf("; tmp=");BN_print_fp(stdout, tmp);*/ while (BN_is_zero(tmp)) { /* */ BN_mod_add(r, r, BN_value_one(), n, ctx); BN_mod(tmp, n, r, ctx); /*printf("r=");BN_print_fp(stdout, r); printf("; tmp=");BN_print_fp(stdout, tmp);*/ } /*printf("\n");*/ BN_mod_inverse(r_inv, r, n, ctx); /* printf(" r = ");BN_print_fp(stdout, r); printf(" r_inv = ");BN_print_fp(stdout, r_inv); printf(" n = ");BN_print_fp(stdout, n); printf("\n"); */ BN_mod_exp(r, r, e, n, ctx); /* r = r^e % n */ BN_mod_mul(m, m, r, n, ctx); /* m = m * r % n */ rsa_encrypt(m, d, n); BN_mod_mul(m, m, r_inv, n, ctx); BN_free(r); BN_free(r_inv); BN_free(tmp); BN_CTX_free(ctx); }
/* Get encrypted session key (enctypted with remote key) */ kaa_error_t ext_get_encrypted_session_key(uint8_t **buffer, size_t *buffer_size, const uint8_t *remote_key, size_t remote_key_size) { if (buffer == NULL || buffer_size == NULL || remote_key == NULL || remote_key_size == 0) { return KAA_ERR_BADPARAM; } kaa_error_t err = rsa_encrypt(remote_key, remote_key_size, keys.session_key, KAA_SESSION_KEY_LENGTH, keys.encrypted_session_key); if (err) { return err; } *buffer = keys.encrypted_session_key; *buffer_size = ENCRYPTED_SESSION_KEY_LENGTH; return err; }
RSA_SW_STATUS RSA_SW_Encrypt (DRV_HANDLE handle, uint8_t *cipherText, uint8_t *plainText, uint16_t msgLen, const RSA_SW_PUBLIC_KEY *publicKey) { uint16_t retVal; retVal = rsa_encrypt (cipherText, plainText, msgLen, publicKey->n, publicKey->nLen, publicKey->exp, publicKey->eLen, rsaDesc0.xBuffer, rsaDesc0.yBuffer, rsaDesc0.randFunc); switch (retVal) { case MCL_SUCCESS: return RSA_SW_STATUS_READY; break; case MCL_ILLEGAL_PARAMETER: return RSA_SW_STATUS_BAD_PARAM; break; case MCL_ILLEGAL_SIZE: default: return RSA_SW_STATUS_ERROR; break; } }
// 服务器端组装发给客户端的协商包 char* pkg_talk_rtn(const packet_parser_t *pkg) { char *r; unsigned char *encrypted_key;// 使用公钥加密过的临时密钥 char *output; iks *x, *tmp; int dest_len; x = iks_new ("connection"); if(NULL == x) return NULL; iks_insert_attrib(x, "xmlns", TALK_XMLNS); iks_insert_attrib(x, "type", "result"); tmp = iks_insert(x, "encryption"); iks_insert_attrib(tmp, "type", pkg->curr_ert.transfer_ert_type); // 使用公钥对临时密钥进行加密 if (pkg->asym_encrypt_hook == NULL) { encrypted_key = rsa_encrypt((unsigned char *)get_transfer_crt_key(pkg), strlen(get_transfer_crt_key(pkg)), &dest_len, (char *)(pkg->curr_ert.ert_keys[0]), CRYPT_TYPE_ENCRYPT); } else { encrypted_key = pkg->asym_encrypt_hook((unsigned char *)get_transfer_crt_key(pkg), strlen(get_transfer_crt_key(pkg)), &dest_len, (char *)(pkg->curr_ert.ert_keys[0]), CRYPT_TYPE_ENCRYPT); } output = (char *)calloc(dest_len*2+1, 1); byte2hex(encrypted_key, dest_len, output); iks_insert_cdata(tmp, output, 0); free(output); free(encrypted_key); iks_insert_cdata(iks_insert(x, "compression"), pkg->cps_type, 0); tmp = iks_insert(x, "heartbeat"); // TODO:在初始化服务器端包解析器的时候应该设置心跳参数 iks_insert_attrib(tmp, "sponsor", "server"); iks_insert_attrib(tmp, "seconds", "60"); r = iks_string(NULL, x); iks_delete(x); return r; }
int main() { printf("Hello world!"); struct public_key_class pub; struct private_key_class priv; rsa_gen_keys(&pub, &priv, "./primes.txt"); char *string_to_encode = "hello, my name is nemo."; int message_length = strlen(string_to_encode); printf("\nLength of string is: %d\n", message_length); printf("\nEncrypting message: '%s'\n", string_to_encode); long long *encoded_message = rsa_encrypt(string_to_encode, message_length, &pub); if (encoded_message == NULL) { printf("Encoded message is NULL!"); } printf("Encoding complete!\n"); char *decoded_message = rsa_decrypt(encoded_message, 8*message_length, &priv); printf("\n Decoded Message: '%s'", decoded_message); free(encoded_message); free(decoded_message); return 0; }
struct Msg *createMsg(int stepID, int senderID, char *pubEncFile, char *sigFile, char *key, char *x) { //unsigned char *p = intToStr(stepID); //unsigned char *id = intToStr(senderID); unsigned char *pke; //public encryption unsigned char *encrypt; //sym encryption unsigned char *sign; //sign int xLen = strlen(x); int sigLen = 0; sign = rsa_sign(x, sigFile, &sigLen); //public encryption pke = rsa_encrypt(key, pubEncFile); char *tmp = (char *)malloc(xLen + sigLen + 1); strcpy(tmp, x); //free(x); strcat(tmp, sign); //free(sign); //sym enccryption encrypt = des_encrypt( key, tmp, strlen(tmp)); struct Msg *msg = (struct Msg *)malloc( sizeof(struct Msg) ); //prepare the msg msg->p = stepID; msg->id = senderID; msg->xLen = xLen; msg->sigLen = sigLen; msg->pke = pke; msg->enc = encrypt; msg->encLen = strlen(tmp); return msg; }
int main(int argc, char**argv) { char clearString[MSG_LEN] = "this is the data to be encrypted"; char encryptString[MSG_LEN] = {};; char decryptString[MSG_LEN] = {}; createRSAPEM(); if (!rsa_encrypt(clearString, PUBKEY_FILE, encryptString)) { printf("encrypt error\n"); return -1; } if (!rsa_decrypt(encryptString, PRIKEY_FILE, decryptString)) { printf("decrypt error\n"); return -1; } printf("\n"); printf("before encrypt, the plaintext is:\n[%lu]:%s\n", strlen(clearString), clearString); printf("after encrypt, the encrypted text len is:%s\n", encryptString); printf("after decrypt, the decrypted text is:\n[%lu]:%s\n", strlen(decryptString), decryptString); printf("\n"); if (memcmp(clearString, decryptString, MSG_LEN) == 0) { printf("Yes, it worked!\n"); } else { printf("Oh, no!\n"); } return 0; }
// 客户端解析服务器响应的协商包,从协商包中解析出临时密钥,并使用自己的私钥进行解密 // 服务器端解析客户端发来的协商包,并填充服务器包解析器 int pkg_talk_parse(packet_parser_t *pkg, const char* xml) { iks *x, *e, *c; int result=0; int dest_len; if(NULL==xml) return NULL_ERROR; x = iks_tree (xml, 0, &result); if(!x) return NULL_ERROR; if(result != IKS_OK) { iks_delete(x); return IKS_BADXML; } if(0 == iks_strcmp("connection",iks_name(x))) { char* tmp = NULL; char *tempkey; char *output; tmp = iks_find_attrib(x, "type"); if(NULL != tmp){ if(strcmp(tmp, "create")==0) set_talk_type(1, pkg); //说明为服务端 else set_talk_type(0, pkg); //说明为客户端 } if(1 == pkg->talk_type) { //说明本端为服务端 tmp = iks_find_cdata(x, "client-id"); set_client_id(tmp, pkg); tmp = iks_find_cdata(x, "public-key"); if(SUCCESS != set_talk_crt_public_key(tmp, pkg)) return SET_TALK_CRT_KEY_ERROR; tmp = iks_find_attrib(iks_find(x,"public-key"), "type"); if(SUCCESS != set_talk_crt_type(tmp, pkg)) return SET_TALK_CRT_TYPE_ERROR; e = iks_find(x,"encryption"); while( e ){ tmp = iks_find_cdata(e, "allow"); if(SUCCESS == set_transfer_crt_type(tmp, pkg)) break; e = iks_next(e); } // 服务器端设置传输数据使用的临时密钥 set_transfer_crt_key(TRANSFERKEY, pkg); c = iks_find(x,"compression"); while( c ){ tmp = iks_find_cdata(c, "allow"); if(SUCCESS == set_cps_type(tmp, pkg)) break; c = iks_next(c); } } else if(0 == pkg->talk_type) { // 说明本端为客户端 tempkey = iks_find_cdata(x,"encryption"); output = (char *)calloc(strlen(tempkey)/2+1, 1); hex2byte(tempkey, strlen(tempkey), (unsigned char *)output); if (pkg->asym_encrypt_hook == NULL) { tempkey = (char *)rsa_encrypt((unsigned char *)output, strlen(tempkey)/2, &dest_len, pkg->curr_ert.ert_keys[1], CRYPT_TYPE_DECRYPT); } else { tempkey = (char *)pkg->asym_encrypt_hook((unsigned char *)output, strlen(tempkey)/2, &dest_len, pkg->curr_ert.ert_keys[1], CRYPT_TYPE_DECRYPT); } free(output); // 比较服务器端响应的压缩加密方式与客户端请求的是否相同 if( SUCCESS != set_transfer_crt_key(tempkey, pkg)) return SET_TRANSFER_ERT_KEY_ERROR; free(tempkey); if( SUCCESS != cmp_transfer_crt_type(iks_find_attrib(iks_find(x, "encryption"), "type"), pkg) ) return CMP_TRANSFER_CRT_TYPE_ERROR; if( SUCCESS != cmp_cps_type(iks_find_cdata(x, "compression"), pkg) ) return CMP_CPS_TYPE_ERROR; set_heatbeat("client", iks_find_attrib(iks_find(x, "heartbeat"), "seconds"), pkg); } } //iks_parser_delete (p); iks_delete(x); return SUCCESS; }
void test_main(void) { struct rsa_public_key pub; struct rsa_private_key key; struct knuth_lfib_ctx lfib; /* FIXME: How is this spelled? */ const uint8_t *msg = "Squemish ossifrage"; size_t msg_length; uint8_t *decrypted; size_t decrypted_length; uint8_t after; mpz_t gibberish; rsa_private_key_init(&key); rsa_public_key_init(&pub); mpz_init(gibberish); knuth_lfib_init(&lfib, 17); test_rsa_set_key_1(&pub, &key); msg_length = strlen(msg); if (verbose) fprintf(stderr, "msg: `%s', length = %d\n", msg, (int) msg_length); ASSERT(rsa_encrypt(&pub, &lfib, (nettle_random_func *) knuth_lfib_random, msg_length, msg, gibberish)); if (verbose) { fprintf(stderr, "encrypted: "); mpz_out_str(stderr, 10, gibberish); } decrypted = xalloc(msg_length + 1); knuth_lfib_random (&lfib, msg_length + 1, decrypted); after = decrypted[msg_length]; decrypted_length = msg_length - 1; ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, gibberish)); decrypted_length = msg_length; ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish)); ASSERT(decrypted_length == msg_length); ASSERT(MEMEQ(msg_length, msg, decrypted)); ASSERT(decrypted[msg_length] == after); knuth_lfib_random (&lfib, msg_length + 1, decrypted); after = decrypted[msg_length]; decrypted_length = key.size; ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish)); ASSERT(decrypted_length == msg_length); ASSERT(MEMEQ(msg_length, msg, decrypted)); ASSERT(decrypted[msg_length] == after); knuth_lfib_random (&lfib, msg_length + 1, decrypted); after = decrypted[msg_length]; decrypted_length = msg_length; ASSERT(rsa_decrypt_tr(&pub, &key, &lfib, (nettle_random_func *) knuth_lfib_random, &decrypted_length, decrypted, gibberish)); ASSERT(decrypted_length == msg_length); ASSERT(MEMEQ(msg_length, msg, decrypted)); ASSERT(decrypted[msg_length] == after); /* Test invalid key. */ mpz_add_ui (key.q, key.q, 2); decrypted_length = key.size; ASSERT(!rsa_decrypt_tr(&pub, &key, &lfib, (nettle_random_func *) knuth_lfib_random, &decrypted_length, decrypted, gibberish)); rsa_private_key_clear(&key); rsa_public_key_clear(&pub); mpz_clear(gibberish); free(decrypted); }
int rsa_pss_verify(RSA_PUBLIC_KEY *key, uint8_t *sig, size_t siglen, uint8_t *message, size_t mlen, int *valid) { if(key == NULL || sig == NULL || message == NULL || valid == NULL) { return -1; } const size_t emlen = (key->bits - 2) / 8 + 1; const size_t hlen = 32; const size_t slen = hlen; SHA256_CTX ctx; uint8_t hash[hlen]; uint8_t zeroes[8]; uint8_t *em = NULL; uint8_t *mask = NULL; bignum em_bn = BN_ZERO; bignum s_bn = BN_ZERO; int ret; *valid = 0; if((em = malloc(emlen)) == NULL) { return MALLOC_FAIL; } if((mask = malloc(emlen - hlen - 1)) == NULL) { ret = MALLOC_FAIL; goto err; } if((ret = os2ip(&s_bn, sig, siglen)) != 0) { /* cleanup is non-necessary here, but no harm */ goto err; } if((ret = rsa_encrypt(key, &s_bn, &em_bn)) != 0) { goto err; } if((ret = i2osp(em, emlen, &em_bn)) != 0) { goto err; } mgf1_sha256(&em[emlen - hlen - 1], hlen, emlen - hlen - 1, mask); xor_bytes(em, mask, emlen - hlen - 1, em); sha256_init(&ctx); sha256_update(&ctx, message, mlen); sha256_final(&ctx, hash); memset(zeroes, 0x00, 8); sha256_init(&ctx); sha256_update(&ctx, zeroes, 8); sha256_update(&ctx, hash, hlen); sha256_update(&ctx, &em[emlen - hlen - slen - 1], slen); sha256_final(&ctx, hash); xor_bytes(&em[emlen - hlen - 1], hash, hlen, &em[emlen - hlen - 1]); em[emlen - hlen - slen - 2] ^= 0x01; em[emlen - 1] ^= 0xbc; em[0] &= ((uint8_t) 0xff) >> (emlen * 8 - (key->bits - 2)); memset(&em[emlen - hlen - slen - 1], 0x00, slen); size_t i; uint8_t val = 0; for(i = 0; i < emlen; i++) { val |= (em[i]); } if(val) { *valid = 0; } else { *valid = 1; } ret = 0; err: memsets(&ctx, 0x00, sizeof(SHA256_CTX)); memsets(hash, 0x00, hlen); if(em) zfree(em, emlen); if(mask) zfree(mask, emlen - hlen - 1); bnu_free(&em_bn); bnu_free(&s_bn); return ret; }
unsigned int anak_kirim( unsigned int identifikasi, FILE *pberkas, RSA *rsapub, RSA *rsapriv, struct KIRIMBERKAS *kirim, struct INFOALAMAT *infoalamat, int ukuberkas_panjang ){ char pesan[CHUNK_MESSAGE_SIZE]; char pecahan[ENCRYPTED_CONTAINER_SIZE]; size_t panjang_pesan=0; // Perilaku. int status=0;; int maksimal_coba=aturan.tries; int ulang_tunggu=aturan.waitretry; int urut_tunggu=aturan.waitqueue; unsigned int kelompok_kirim=kirim->kelompok_kirim; char *nama_berkas=kirim->berkas; // Identifikasi. bool identifikasi_awal=true; unsigned int identifikasi_sebelumnya=kirim->identifikasi_sebelumnya; // Pengepala Pecahan. int paritas=0; int panji=0; int status_gerbang=0; int status_peladen=0; // Tujuan. char *hostname=kirim->hostname; char *portno=kirim->portno; // Berurutan kirim. kirim->urut_kali++; // Membersihkan isi. memset(pesan, 0, CHUNK_MESSAGE_SIZE); memset(pecahan, 0, MAX_CHUNK_SIZE); // Bila identifikasi // lebih dari MAX_CHUNK_ID, // maka identifikasi adalah NOL. if(identifikasi>MAX_CHUNK_ID){ DEBUG1(_("Telah melebihi maksimal identifikasi %1$i."), MAX_CHUNK_ID); DEBUG1(_("Nilai identifikasi adalah %1$i."), identifikasi); // Ke NOL. identifikasi=0; DEBUG1(_("Mengubah identifikasi ke nilai 0."), 0); // Keluar. DEBUG1(_("Tidak melanjutkan pengiriman."), 0); return identifikasi; }; // Apakah pertama. if(kirim->paksa_panji!=UNDEFINED_FLAG){ // Memaksa panji. panji=kirim->paksa_panji; kirim->paksa_panji=UNDEFINED_FLAG; // Pesan. DEBUG1(_("Memaksa panji '%1$s'."),arti_panji(panji)); // Langsung berhenti bila panji STOP. if(panji==STOP_FLAG){ // Mengirim panji STOP // dan keluar dari perulangan. DEBUG1(_("Menghentikan pengulangan pengiriman."), 0); kirim->do_kirim=false; }; }else if(identifikasi==0){ // Panji. panji=START_FLAG; // Memastikan nama berkas ada. if(!strlen(nama_berkas)){ // Kesalahan. FAIL(_("Gagal memperoleh nama berkas."), 0); exit(EXIT_FAILURE_MEMORY); }; // Pecahan pertama adalah // pecahan dengan informasi berkas. memcpy(pesan, buat_pesan_start( pesan, CHUNK_MESSAGE_SIZE, kirim->berkas_identifikasi, nama_berkas, kirim->ukuran_berkas ), CHUNK_MESSAGE_SIZE); // Apakah hampir akhir. }else if(identifikasi==MAX_CHUNK_ID){ // Panji. DEBUG1(_("Mengirim panji '%1$s'."),_("Henti")); panji=STOP_FLAG; /* }else if (kirim->ukuran_kirim>kirim->ukuran_berkas){ // Panji STOP. DEBUG1(_("Mengirim panji '%1$s'."), _("Henti")); panji=STOP_FLAG; // Hentikan perulangan. // Keluar dari perulangan. DEBUG1(_("Menghentikan pengulangan pengiriman."), 0); kirim->do_kirim=false; */ }else{ // Panji. panji=INTRANSFER_FLAG; // Mendapatkan posisi berkas. long int penunjuk_berkas=0 +((long)(kelompok_kirim-1)*(MAX_CHUNK_ID-1)*CHUNK_MESSAGE_SIZE) +((long)identifikasi-1)*(long)CHUNK_MESSAGE_SIZE; // Bila mendekati dan pecahan transfer terakhir, // maka penunjuk merupakan // panjang berkas dikurangi CHUNK_MESSAGE_SIZE. // Aktifkan dengan aturan.shifteof=true. int panjang_geser_akhir=0; size_t panjang_baca=CHUNK_MESSAGE_SIZE; if ( aturan.shifteof && kirim->ukuran_kirim + (double)CHUNK_MESSAGE_SIZE >= kirim->ukuran_berkas && kirim->ukuran_berkas - kirim->ukuran_kirim <= (double)CHUNK_MESSAGE_SIZE ){ // Pesan. DEBUG3(_("Merupakan pecahan akhir."), 0); // Jumlah geser. panjang_geser_akhir=(int)0 +((double)CHUNK_MESSAGE_SIZE -(kirim->ukuran_berkas-kirim->ukuran_kirim)); // Mengubah penunjuk berkas. penunjuk_berkas=kirim->ukuran_berkas-CHUNK_MESSAGE_SIZE; // Panjang baca. panjang_baca=CHUNK_MESSAGE_SIZE; }else{ // Jumlah geser. panjang_geser_akhir=0; // Panjang baca. panjang_baca=CHUNK_MESSAGE_SIZE; }; // Menggeser penunjuk berkas. status=fseek(pberkas, penunjuk_berkas, SEEK_SET); // Memeriksa posisi. if(status<0){ FAIL( _("Gagal memindah posisi penunjuk berkas '%1$s': %2$s (%3$i)."), nama_berkas, strerror(errno), errno ); exit(EXIT_FAILURE_IO); }else{ long posisi_sekarang=ftell(pberkas); if(posisi_sekarang<0){ FAIL( _("Gagal mendapatkan posisi penunjuk berkas '%1$s': %2$s (%3$i)."), nama_berkas, strerror(errno), errno ); exit(EXIT_FAILURE_IO); }else if(posisi_sekarang!=penunjuk_berkas){ FAIL( _("Posisi penunjuk berkas '%1$s' (%2$li) tidak sesuai. Diharapkan: %2$li."), nama_berkas, posisi_sekarang, errno ); exit(EXIT_FAILURE_IO); }else{ // Berhasil. if(kelompok_kirim>1){ DEBUG3( _("Mulai membaca di bita %1$i sebesar %2$lu bita untuk pesan %3$i kelompok %4$i."), penunjuk_berkas, (long unsigned int) panjang_baca, identifikasi, kelompok_kirim ); }else{ DEBUG3( _("Mulai membaca di bita %1$i sebesar %2$lu bita untuk pesan %3$i."), penunjuk_berkas, (long unsigned int) panjang_baca, identifikasi ); }; }; }; // Baca berkas untuk pesan. panjang_pesan=fread(pesan, 1, CHUNK_MESSAGE_SIZE, pberkas); // Menambah bita terkirim. if(identifikasi_awal || identifikasi!=identifikasi_sebelumnya){ // Menambah. identifikasi_awal=false; // kirim->ukuran_kirim+=(double)panjang_pesan; identifikasi_sebelumnya=identifikasi; kirim->identifikasi_sebelumnya=identifikasi; }; // Menggeser. if( panjang_geser_akhir>0 && panjang_geser_akhir <= CHUNK_MESSAGE_SIZE ){ // Membuat sementara. char pesan_tmp[CHUNK_MESSAGE_SIZE+1]; memset(pesan_tmp, 0, CHUNK_MESSAGE_SIZE+1); // Mengeser. panjang_pesan=CHUNK_MESSAGE_SIZE-panjang_geser_akhir; memmove(pesan_tmp+0, pesan+panjang_geser_akhir, panjang_pesan); // Mengembalikan. memset(pesan, 0, CHUNK_MESSAGE_SIZE); memcpy(pesan, pesan_tmp, panjang_pesan); // Membersihkan. memset(pesan_tmp, 0, CHUNK_MESSAGE_SIZE+1); // Pesan. DEBUG3( _("Menggeser pesan sebanyak %1$i bita."), panjang_geser_akhir ); DEBUG3( _("Mulai dibaca di bita %1$i sebesar %2$lu bita"), penunjuk_berkas+panjang_geser_akhir, panjang_pesan ); }; // Bila telah selesai. // Kecuali bila aturan.transferedcheck=true // maka penghentian melihat bita terterima Peladen // bukan bila berkas kosong. Berguna bila merupakan // sambungan paralel sehingga saat pecahan melebihi ukuran, // tidak langsung menghentikan. if ( (!panjang_pesan && !aturan.transferedcheck) || (!panjang_pesan && ( kirim->ukuran_kirim > kirim->ukuran_berkas+(CHUNK_MESSAGE_SIZE*10) ) ) ){ DEBUG3(_("Panjang pesan akhir adalah %1$i bita"), panjang_pesan); if(feof(pberkas)!=0){ // Selesai kirim. char penyangga_feof[ukuberkas_panjang]; INFO( _("Berkas '%1$s' dengan ukuran %2$s (%3$.0lf bita) telah selesai dikirim."), nama_berkas, readable_fs(kirim->ukuran_berkas, penyangga_feof), kirim->ukuran_berkas ); memset(penyangga_feof, 0, ukuberkas_panjang); clearerr(pberkas); }else if(ferror(pberkas)!=0){ // Kesalahan. FAIL( _("Gagal membaca berkas '%1$s': %2$s (%3$i)."), nama_berkas, strerror(errno), errno ); clearerr(pberkas); exit(EXIT_FAILURE_IO); }else{ // Kesalahan. WARN( _("Kesalahan berkas yang tidak diketahui: %1$s (%2$i)."), strerror(errno), errno ); }; // Pesan. DEBUG1(_("Mengirim panji '%1$s'."),_("Henti")); panji=STOP_FLAG; // Mengirim panji STOP // dan keluar dari perulangan. DEBUG1(_("Menghentikan pengulangan pengiriman."), 0); kirim->do_kirim=false; }else{ // Pesan. DEBUG3(_("Panjang pesan adalah %1$i bita"), panjang_pesan); }; }; // Bangun pesan. memcpy(pecahan, buat_pesan( pecahan, identifikasi, &paritas, pesan ), MAX_CHUNK_SIZE); // Bangun pengepala. DEBUG2(_("Panji %1$s."), arti_panji(panji)); memcpy(pecahan, buat_pengepala( pecahan, identifikasi, panji, paritas, status_gerbang, status_peladen ), MAX_CHUNK_SIZE); // Pesan. if(kelompok_kirim>1){ DEBUG1( _("Mengirim pesan %1$i kelompok %2$i."), identifikasi, kelompok_kirim); }else{ DEBUG1( _("Mengirim pesan %1$i."), identifikasi); }; // ============= Enkripsi ======= int panjang_pecahan; // Enkripsi. if(!aturan.rawtransfer){ // Pesan mentah. DEBUG5(_("Pesan mentah dikirim"), pecahan, 0, MAX_CHUNK_SIZE); // Penyandian. unsigned char pesan_ency[MAX_CHUNK_SIZE+1]; memcpy(pesan_ency, pecahan, MAX_CHUNK_SIZE); unsigned char tujuan_ency[ENCRYPTED_CONTAINER_SIZE+1]; panjang_pecahan=rsa_encrypt( pesan_ency, MAX_CHUNK_SIZE+1, tujuan_ency, rsapub, aturan.rsa_padding ); // Bersihkan. memset(pesan_ency, 0, MAX_CHUNK_SIZE); // Pesan mentah. DEBUG5( _("Pesan mentah dikirim tersandikan"), tujuan_ency, 0, MAX_CHUNK_SIZE ); // Salin. memcpy(pecahan, tujuan_ency, panjang_pecahan); }else{ panjang_pecahan=MAX_CHUNK_SIZE; }; // ============ /Enkripsi ======= // Kirim. int panjang_diterima; char *kirim_data=kirimdata( pecahan, panjang_pecahan, hostname, portno, infoalamat, &panjang_diterima ); // Bila kosong. if(kirim_data == NULL){ // Pesan kesalahan. DEBUG1(_("Kegagalan %1$s."), _("Soket")); // Keluar. exit(EXIT_FAILURE_SOCKET); }; // Menyalin isi. memcpy(pecahan, kirim_data, ENCRYPTED_CONTAINER_SIZE); // Pesan mentah. DEBUG4(_("Panjang pesan mentah diterima: %1$i"), panjang_pecahan); DEBUG5(_("Pesan mentah diterima"), pecahan, 0, panjang_pecahan); // ============= Dekripsi ======= if(!aturan.rawtransfer){ // Pemecah sandi. unsigned char pesan_deco[ENCRYPTED_CONTAINER_SIZE+1]; memcpy(pesan_deco, pecahan, ENCRYPTED_CONTAINER_SIZE); unsigned char tujuan_deco[MAX_CHUNK_SIZE+1]; panjang_pecahan=rsa_decrypt( pesan_deco, panjang_diterima, tujuan_deco, rsapriv, aturan.rsa_padding ); // Periksa. // print_unsigned_array(tujuan_deco, 100); // Bersihkan. memset(pesan_deco, 0, MAX_CHUNK_SIZE); // Pesan mentah. DEBUG4( _("Panjang pesan mentah diterima terpecahkan: %1$i"), panjang_pecahan ); DEBUG5( _("Pesan mentah diterima terpecahkan"), tujuan_deco, 0, panjang_pecahan ); // Salin. memcpy(pecahan, tujuan_deco, MAX_CHUNK_SIZE); }; // ============ /Dekripsi ======= // Mendapatkan pesan. DEBUG4(_("Membersihkan penampung pesan."), 0); memset(pesan, 0, CHUNK_MESSAGE_SIZE); DEBUG4(_("Menyalin pesan."), 0); memcpy(pesan, ambil_pesan(pecahan), CHUNK_MESSAGE_SIZE); DEBUG4(_("Selesai menyalin pesan."), 0); // Periksa. // print_unsigned_array(tujuan_deco, 100); // Mendapatkan pengepala. // Respons. int r_versi; int r_panji; int r_paritas; int r_status_gerbang; int r_status_peladen; unsigned int r_identifikasi; DEBUG4(_("Mendapatkan pengepala."), 0); ambil_pengepala( pecahan, &r_versi, &r_identifikasi, &r_panji, &r_paritas, &r_status_gerbang, &r_status_peladen ); DEBUG4(_("Selesai mendapatkan pengepala."), 0); // Mendapatkan informasi peladen. char* r_berkas_id; char* berkas_ukuran_str; char* berkas_diterima_str; char* unix_time_str; // Alikasi memori. r_berkas_id=malloc( sizeof(r_berkas_id)* (CHUNK_MESSAGE_SIZE/2)); berkas_ukuran_str=malloc( sizeof(berkas_ukuran_str)* (CHUNK_MESSAGE_SIZE/2)); berkas_diterima_str=malloc( sizeof(berkas_diterima_str)* (CHUNK_MESSAGE_SIZE/2)); unix_time_str=malloc( sizeof(unix_time_str)* (CHUNK_MESSAGE_SIZE/2)); // Membersihkan isi. memset(r_berkas_id, 0, sizeof(r_berkas_id)* (CHUNK_MESSAGE_SIZE/2)); memset(berkas_ukuran_str, 0, sizeof(berkas_ukuran_str)* (CHUNK_MESSAGE_SIZE/2)); memset(berkas_diterima_str, 0, sizeof(berkas_diterima_str)* (CHUNK_MESSAGE_SIZE/2)); memset(unix_time_str, 0, sizeof(unix_time_str)* (CHUNK_MESSAGE_SIZE/2)); // Ambil informasi. DEBUG4(_("Mendapatkan informasi peladen."), 0); DEBUG5(_("Pesan"), pesan, 0, CHUNK_MESSAGE_SIZE); status=ambil_pesan_peladen( pesan, CHUNK_MESSAGE_SIZE, &r_berkas_id, &berkas_ukuran_str, &berkas_diterima_str, &unix_time_str ); DEBUG4(_("Selesai mendapatkan informasi peladen."), 0); // Ubah nilai. double r_berkas_ukuran=0; double r_berkas_diterima=0; double r_unixtime=0; if(status>0){ // Tidak menerima. DEBUG1( _("Tidak memahami Peladen di pecahan %1$i (Status %2$i)."), r_identifikasi, status ); }else{ // Ubah nilai. r_berkas_ukuran=strtod(berkas_ukuran_str, NULL); r_berkas_diterima=strtod(berkas_diterima_str, NULL); r_unixtime=strtod(unix_time_str, NULL); }; // Balasan DEBUG2(_("Balasan: Versi: %1$i."), r_versi); DEBUG2(_("Balasan: Identifikasi: %1$i."), r_identifikasi); DEBUG2(_("Balasan: Panji: %1$s."), arti_panji(r_panji)); DEBUG2(_("Balasan: Paritas: %1$i."), r_paritas); DEBUG2(_("Balasan: Status Gerbang: %1$s."), arti_status(r_status_gerbang)); DEBUG2(_("Balasan: Status Peladen: %1$s."), arti_status(r_status_peladen)); DEBUG2(_("Balasan: Identifikasi berkas: %1$s."), r_berkas_id); DEBUG2(_("Balasan: Ukuran berkas: %1$.0f bita."), r_berkas_ukuran); DEBUG2(_("Balasan: Berkas diterima: %1$.0f bita."), r_berkas_diterima) DEBUG2(_("Balasan: Waktu Peladen: %1$.06f."), r_unixtime); DEBUG1( _("Perbedaan waktu Peladen: %1$.06f detik."), infokancil.unixtime-r_unixtime ); // Menyimpan. if(r_berkas_diterima<=0){ DEBUG2( _("Berkas terterima berukuran %1$.0f bita."), r_berkas_diterima ); }else{ kirim->ukuran_kirim=r_berkas_diterima; }; // Bila berkas yang diterima // telah sama atau lebih besar dari ukuran. if( aturan.transferedcheck && r_berkas_diterima>=kirim->ukuran_berkas ){ // Pesan. if( (r_berkas_diterima-kirim->ukuran_berkas) > (double)CHUNK_MESSAGE_SIZE * (aturan.parallel) ){ WARN( _("Peladen telah menerima berkas melebihi %1$.0f bita."), r_berkas_diterima-kirim->ukuran_berkas ); }else if(r_berkas_diterima>kirim->ukuran_berkas){ DEBUG1( _("Peladen telah menerima berkas melebihi %1$.0f bita."), r_berkas_diterima-kirim->ukuran_berkas ); }else{ DEBUG1(_("Peladen telah menerima keseluruhan berkas."), 0); }; // Ubah nilai. kirim->ukuran_kirim=r_berkas_diterima; kirim->paksa_panji=STOP_FLAG; // Keluar. return identifikasi; }; // Memeriksa hasil. // Bila status gerbang atau peladen adalah NOL. if(!r_status_gerbang || !r_status_peladen){ // Memeriksa apakah // telah terlalu banyak melakukan percobaan. if(kirim->coba>maksimal_coba){ FAIL( _("Telah melakukan percobaan sebanyak %1$i kali. Berhenti."), maksimal_coba ); exit(EXIT_FAILURE); }else if(!r_status_gerbang && !r_status_peladen){ WARN( _("Gagal mengirim ke %1$s dan %2$s."), _("Gerbang"),_("Peladen") ); }else if(!r_status_peladen){ WARN(_("Gagal mengirim ke %1$s."),_("Peladen")); }else{ WARN(_("Gagal mengirim ke %1$s."),_("Gerbang")); }; // Panji Taksah. if(r_panji==INVALID_FLAG){ // Pesan. NOTICE(_("Panji Taksah ditemukan."), 0); NOTICE( _("Menunggu %1$i detik untuk mengirim ulang."), ulang_tunggu ); sleep(ulang_tunggu); }else if(r_panji==START_FLAG){ // Mengunlang pengiriman // informasi berkas. int tunggu=ulang_tunggu; NOTICE(_("Meminta pengiriman ulang informasi berkas."), 0); NOTICE(_("Menunggu %1$i detik untuk mengirim ulang."), tunggu); sleep(tunggu); // Mengatur ulang ukuran berkas terkirim. kirim->ukuran_kirim=0; }else if(r_panji==INTRANSFER_FLAG){ // Meminta pengiriman ulang // berkas berdasarkan identifikasi. NOTICE( _("Meminta pengiriman ulang pecahan identifikasi '%1$i'."), r_identifikasi ); // Mengatur ulang ukuran berkas terkirim // sesuai dengan ukuran peladen. kirim->ukuran_kirim=r_berkas_diterima; }; // Mengirim ulang. NOTICE( _("Percobaan ke-%1$i. Mengulangi pengiriman pecahan %2$i."), kirim->coba, r_identifikasi ); identifikasi=r_identifikasi; // Menambah // percobaan pengiriman. kirim->coba++; }else{ /* // Bila ukuran terterima Peladen // lebih besar dari pada terketahui Klien. if(r_berkas_diterima> kirim->ukuran_kirim){ // Pesan. DEBUG2( _("Peladen telah menerima berkas melebihi %1$.0f bita dari yang terkirim."), r_berkas_diterima-(kirim->ukuran_berkas) ); // Ubah isi. kirim->ukuran_kirim=r_berkas_diterima; }; */ // Berhasil. DEBUG2(_("Berhasil mengirim ke Gerbang dan Peladen."), 0); // Menambahkan. identifikasi++; DEBUG2(_("Menambah identifikasi menjadi %1$i."), identifikasi); // Bila belum selesai. if(kirim->ukuran_kirim<=kirim->ukuran_berkas){ // Bila lebih dari spesifikasi, // mengulangi dari NOL. if(identifikasi>MAX_CHUNK_ID){ // Pesan. WARN( _("Telah melebihi maksimal identifikasi %1$i."), MAX_CHUNK_ID ); DEBUG1(_("Nilai identifikasi adalah %1$i."), identifikasi); // Perkembangan. tampil_info_progres_berkas( PROGRES_KIRIM, kirim->berkas, kirim->ukuran_kirim, kirim->ukuran_berkas, ukuberkas_panjang ); // Menambah kelompok. kelompok_kirim++; kirim->kelompok_kirim=kelompok_kirim; // Pesan. DEBUG1( _("Menunggu %1$i detik untuk melanjutkan."), urut_tunggu ); DEBUG1( _("Kelompok pecahan selanjutnya adalah '%1$i'."), kelompok_kirim ); // Tunggu. sleep(urut_tunggu); // Mengulangi identifikasi. identifikasi=0; }; }else{ // DEBUG1(_("Menghentikan pengulangan pengiriman."), 0); // kirim->do_kirim=false; }; kirim->coba=1; }; /* // Bila lebih dari maksimal kali kirim, // menunggu sebanyak waktu untuk mengirim ulang. if(kirim->urut_kali>=urut_maksimal && !urut_jangan_tunggu){ // Pesan. WARN( _("Telah mengirim berurutan sebanyak %1$i kali."), kirim->urut_kali ); // Perkembangan. tampil_info_progres_berkas( PROGRES_KIRIM, kirim->berkas, kirim->ukuran_kirim, kirim->ukuran_berkas, ukuberkas_panjang ); // Pesan. NOTICE(_("Menunggu %1$i detik untuk mengirim ulang."), urut_tunggu); sleep(urut_tunggu); kirim->urut_kali=0; }; */ // Memastikan nilai kelompok benar. kirim->kelompok_kirim=kelompok_kirim; // Mengembalikan nilai identifikasi. return identifikasi; // kirim->identifikasi=identifikasi; // Mengembalikan data. // kirim->berkas=berkas; // if(identifikasi>3) // kirim->do_kirim=false; }
//加密 vlong rsa_encrypt( const vlong& plain , RSA_KEY& pubkey ) { return rsa_encrypt(plain,pubkey.key,pubkey.modulus); }
int rsa_oaep_encrypt(RSA_PUBLIC_KEY *key, uint8_t *message, size_t mlen, uint8_t *out, size_t outlen) { if(key == NULL || message == NULL || out == NULL) { return -1; } const size_t k = (key->bits - 1) / 8 + 1; const size_t hlen = 32; uint8_t seed[hlen]; uint8_t *mask; uint8_t *em; uint8_t *db; bignum m_bn; bignum c_bn; int ret; /* message is too long to encrypt */ if(k - 2 * hlen - 2 < mlen) { return TOO_LONG; } /* output buffer is too small */ if(outlen < k) { return TOO_SHORT; } /* do stuff involving the masks first, as in case of error it does not * need to be kept secure */ if(cs_rand(seed, hlen) != 0) { return CRYPTOGRAPHY_ERROR; } if((mask = malloc(k - hlen - 1)) == NULL) { return MALLOC_FAIL; } /* calculate dbMask = MGF(seed, k - hLen - 1) */ mgf1_sha256(seed, hlen, k - hlen - 1, mask); /* now initialize the string to be encrypted */ if((em = malloc(k)) == NULL) { return MALLOC_FAIL; } /* from now on we have to clean up memory after any failures */ /* em[hlen:] is all DB = lhash || PS || 0x01 || M */ db = em + hlen + 1; memcpy(db, lhash, hlen); /* PS is a padding string of zeroes */ memset(db + hlen, 0x00, k - 2 * hlen - mlen - 2); /* there is then one byte of value 0x01 */ db[k - 2 - hlen - mlen] = 0x01; /* then message */ memcpy(&db[k - hlen - 1 - mlen], message, mlen); /* now apply the mask to it */ xor_bytes(db, mask, k - hlen - 1, db); /* now we can repurpose mask to encode the seed mask */ mgf1_sha256(db, k - hlen - 1, hlen, mask); /* xor it into em */ xor_bytes(seed, mask, hlen, em + 1); em[0] = 0x00; m_bn = BN_ZERO; c_bn = BN_ZERO; /* now convert to a big integer */ if((ret = os2ip(&m_bn, em, k)) != 0) { goto err; } /* encrypt */ if((ret = rsa_encrypt(key, &m_bn, &c_bn)) != 0) { goto err; } /* convert back */ if((ret = i2osp(out, outlen, &c_bn)) != 0) { goto err; } /* encryption is officially done, clean up */ ret = 0; err: /* free mask and em, zero seed */ zfree(mask, k - hlen - 1); zfree(em, k - 1); memsets(seed, 0x00, hlen); /* free the bignums */ /* an error here is still an error as it is a possible leak of * sensitive data */ ret = ret == 0 ? bnu_free(&m_bn) : ret; ret = ret == 0 ? bnu_free(&c_bn) : ret; return ret; }
int main(int argc, char *argv[]) { /** SET 5 CHALLENGE 33 **/ /** DH KEY EXCHANGE **/ // small int unsigned long a, A, b, B, s1, s2; srand(time(NULL)); dh_generate_keypair_smallint(&a, &A); dh_generate_keypair_smallint(&b, &B); s1 = dh_generate_session_key_smallint(a, B); s2 = dh_generate_session_key_smallint(b, A); printf("[s5c1] *smallint* a = %ld, A = %ld, b = %ld, B = %ld, s = %ld ?= %ld\n", a, A, b, B, s1, s2); // bigint BIGNUM *p, *g; BIGNUM *ba, *bA, *bb, *bB, *bs1, *bs2; g = BN_new(); p = BN_new(); ba = BN_new(); bA = BN_new(); bb = BN_new(); bB = BN_new(); bs1 = BN_new(); bs2 = BN_new(); unsigned char c_s1[20], c_s2[20]; unsigned int i; dh_init(p, g); dh_generate_keypair(ba, bA, g, p); dh_generate_keypair(bb, bB, g, p); dh_generate_session_key(c_s1, bs1, ba, bB, p); dh_generate_session_key(c_s2, bs2, bb, bA, p); printf("[s5c1] *bignum* s1 = '"); // BN_print_fp(stdout, &bs1); for(i=0; i<20; i++) printf("%02x", c_s1[i]); printf("'\n[s5c1] *bignum* s2 = '"); // BN_print_fp(stdout, &bs2); for(i=0; i<20; i++) printf("%02x", c_s2[i]); printf("'\n"); BN_free(ba); BN_free(bA); BN_free(bb); BN_free(bB); BN_free(bs1); BN_free(bs2); /** SET 5 CHALLENGE 34 **/ /** DH-KE FIXED KEY MITM **/ unsigned char c_p[1024]; unsigned char c_g[1024]; unsigned char c_A[1024]; unsigned char c_B[1024]; ba = BN_new(); bA = BN_new(); // M -> B: p, g, p printf("[s5c2] M -> B: p, g, p\n"); dhke_initiate(c_p, c_g, c_A, ba, bA, p, g); // M -> A: p printf("[s5c2] M -> A: p\n"); // dhke_initiate_reply(c_B, c_p, c_g, c_A, c_s2); dhke_initiate_reply(c_B, c_p, c_g, c_p, c_s2); // A -> B: cmsg, iv // dhke_initiate_finalize(c_s1, c_B, &ba, &p); dhke_initiate_finalize(c_s1, c_p, ba, p); printf("[s5c2] *bignum* s1 = '"); for(i=0; i<20; i++) printf("%02x", c_s1[i]); printf("'\n[s5c2] *bignum* s2 = '"); for(i=0; i<20; i++) printf("%02x", c_s2[i]); printf("'\n"); unsigned char *plain_in = "YELLOW SUBMARINE"; unsigned char p_out[128]; unsigned char c_out[128]; unsigned char iv[16]; unsigned int c_len, p_len; c_len = dhke_session_send(c_out, iv, plain_in, 16, c_s1); printf("[s5c2] A -> B: cmsg = '"); for(i=0; i<c_len; i++) { printf("%02x", c_out[i]); } printf("', iv\n"); // perform attack as M unsigned char m_out[128]; // M performs decryption dhke_attack_zero_session_key(m_out, c_out, c_len, iv); printf("[s5c2] M decrypts msg='%s'\n", m_out); // B performs decryption p_len = dhke_session_recv(p_out, c_out, c_len, c_s2, iv); printf("[s5c2] B recvd: msg = '%s'\n", p_out); BN_free(ba); BN_free(bA); /** SET 5 CHALLENGE 35 **/ /** DH-KE MALICIOUS G MITM **/ memset(c_g, 0, 1024); memset(c_p, 0, 1024); memset(c_A, 0, 1024); memset(c_B, 0, 1024); memset(c_out, 0, 128); memset(m_out, 0, 128); BIGNUM *bn1, *g2; ba = BN_new(); bA = BN_new(); bn1 = BN_new(); g2 = BN_new(); // prepare malicious g' // g' = 0; --> perform dhke_attack_zero_session_key() // printf("[s5c3] M sets g' = 0\n"); // BN_zero(&g2); // g' = p --> perform dhke_attack_zero_session_key() // printf("[s5c3] M sets g' = p\n"); // BN_copy(&g2, &p); // g' = p-1 printf("[s5c3] M sets and distributes g' = p-1\n"); BN_one(bn1); BN_sub(g2, p, bn1); // M -> B: p, g', A' printf("[s5c3] A -> B: A'\n"); dhke_initiate(c_p, c_g, c_A, ba, bA, p, g2); // M -> A: B' printf("[s5c3] B -> A: B'\n"); dhke_initiate_reply(c_B, c_p, c_g, c_A, c_s2); // A -> B: cmsg, iv dhke_initiate_finalize(c_s1, c_B, ba, p); c_len = dhke_session_send(c_out, iv, plain_in, 16, c_s1); printf("[s5c3] A -> B: cmsg = '"); for(i=0; i<c_len; i++) { printf("%02x", c_out[i]); } printf("', iv\n"); // M performs decryption // use for: g' = 0, g' = p // dhke_attack_zero_session_key(m_out, c_out, c_len, iv); // use for g' = p-1 dhke_attack_p_1_session_key(m_out, c_out, c_len, c_A, c_B, iv); printf("[s5c3] M decrypts msg='%s'\n", m_out); // B performs decryption p_len = dhke_session_recv(p_out, c_out, c_len, c_s2, iv); printf("[s5c3] B recvd: msg = '%s'\n", p_out); BN_free(ba); BN_free(bA); BN_free(bn1); BN_free(g2); /** SET 5 CHALLENGE 36 **/ /** SECURE REMOTE PASSWORD **/ unsigned char srp_salt[9]; unsigned char *srp_pass = "******"; // 16 unsigned char str_hash[2*SHA256_DIGEST_LENGTH+1]; unsigned char hmac_s[SHA256_DIGEST_LENGTH]; unsigned int hmac_s_len; unsigned char hmac_c[SHA256_DIGEST_LENGTH]; unsigned int hmac_c_len; BIGNUM *v, *sS, *cS; v = BN_new(); ba = BN_new(); bA = BN_new(); bb = BN_new(); bB = BN_new(); cS = BN_new(); sS = BN_new(); memset(srp_salt, 0, 9); srp_server_init(srp_salt, v, bb, bB, srp_pass, g, p); srp_client_init(ba, bA, g, p); // printf("server calc S\n"); srp_server_calc_session_key(str_hash, sS, bA, bb, bB, v, p); // printf("[s5c4] server: sha256(S) = %s\n", str_hash); // calc HMAC_SHA256(&cS, salt) hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt)); memset(str_hash, 0, 2*SHA256_DIGEST_LENGTH+1); srp_client_calc_session_key(str_hash, cS, srp_salt, srp_pass, ba, bA, bB, g, p); // printf("[s5c4] client: sha256(S) = %s\n", str_hash); // calc HMAC_SHA256(&cS, salt) hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt)); printf("[s5c4] server: HMAC(K,Salt) = "); for(i=0; i<hmac_s_len; i++) { printf("%02x", hmac_s[i]); } printf("\n"); printf("[s5c4] client: HMAC(K,Salt) = "); for(i=0; i<hmac_c_len; i++) { printf("%02x", hmac_c[i]); } printf("\n"); if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len)) printf("[s5c4] server: Client HMAC-SHA256 successfully validated!\n"); else printf("[s5c4] server: Client HMAC-SHA256 *NOT* validated!\n"); BN_free(v); BN_free(ba); BN_free(bA); BN_free(bb); BN_free(bB); BN_free(cS); BN_free(sS); /** SET 5 CHALLENGE 37 **/ /** SRP MALICIOUS A ATTACK **/ // we're skipping the networking part here and just call the simulator // functions from srp.c ba = BN_new(); bA = BN_new(); bb = BN_new(); bB = BN_new(); sS = BN_new(); cS = BN_new(); v = BN_new(); srp_server_init(srp_salt, v, bb, bB, srp_pass, g, p); srp_client_init(ba, bA, g, p); // now modify A (bA) to be 0, N, c*N // BN_zero(bA); // A = 0 BN_copy(bA, p); // A = N (doesn't matter if we use N, 2*N, c*N) // send to server and let server do its calculations srp_server_calc_session_key(str_hash, sS, bA, bb, bB, v, p); // printf("[s5c5] server: sha256(S=0) = %s\n", str_hash); // calc HMAC_SHA256(&cS, salt) hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt)); // client now authenticates with HMAC_SHA256(K=SHA256(S=0), salt) // K=SHA256(S=0) srp_generate_salted_password_hash(cS, str_hash, "", "0"); // printf("[s5c5] client: sha256(S=0) = %s\n", str_hash); // calc HMAC_SHA256(K, salt) hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt)); printf("[s5c5] server: HMAC(K,Salt) = "); for(i=0; i<hmac_s_len; i++) { printf("%02x", hmac_s[i]); } printf("\n"); printf("[s5c5] client: HMAC(K,Salt) = "); for(i=0; i<hmac_c_len; i++) { printf("%02x", hmac_c[i]); } printf("\n"); if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len)) printf("[s5c5] server: forged client HMAC-SHA256 successfully validated!\n"); else printf("[s5c5] server: forged client HMAC-SHA256 *NOT* validated!\n"); BN_free(ba); BN_free(bA); BN_free(bb); BN_free(bB); BN_free(sS); BN_free(cS); BN_free(v); /** SET 5 CHALLENGE 38 **/ /** SSRP OFFLINE DICTIONARY ATTACK **/ BIGNUM *u, *fb, *fB; u = BN_new(); v = BN_new(); ba = BN_new(); bA = BN_new(); bb = BN_new(); bB = BN_new(); cS = BN_new(); sS = BN_new(); fb = BN_new(); fB = BN_new(); memset(srp_salt, 0, 9*sizeof(unsigned char)); ssrp_server_init(srp_salt, v, bb, bB, u, srp_pass, g, p); ssrp_client_init(ba, bA, g, p); ssrp_server_calc_session_key(str_hash, sS, bA, bb, u, v, p); // printf("[s5c6] server: sha256(S=0) = %s\n", str_hash); // calc HMAC_SHA256(&cS, salt) hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt)); memset(str_hash, 0, 2*SHA256_DIGEST_LENGTH); // original settings transmitted to client // ssrp_client_calc_session_key(str_hash, cS, srp_salt, srp_pass, ba, bB, u, p); // forged settings transmitted to client: // u = 1, b = 1, B=g=2, salt="" BN_one(u); BN_one(fb); BN_copy(fB, g); ssrp_client_calc_session_key(str_hash, cS, "", srp_pass, ba, fB, u, p); // printf("[s5c6] client: sha256(S) = %s\n", str_hash); // calc HMAC_SHA256(&cS, salt) hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), "", 0); // printf("[s5c6] server: HMAC(K,Salt) = "); // for(i=0; i<hmac_s_len; i++) { // printf("%02x", hmac_s[i]); // } // printf("\n"); printf("[s5c6] client: HMAC(K,\"\") = "); for(i=0; i<hmac_c_len; i++) { printf("%02x", hmac_c[i]); } printf("\n"); // perform offline dictionary attack char pass[1024]; if(ssrp_dictionary_attack(pass, hmac_c, "dict.txt", bA, g, p)>0) printf("[s5c6] Password cracked: '%s'\n", pass); else printf("[s5c6] Password not cracked!\n"); // if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len)) // printf("[s5c6] server: Client HMAC-SHA256 successfully validated!\n"); // else // printf("[s5c6] server: Client HMAC-SHA256 *NOT* validated!\n"); dh_clear(p, g); BN_free(p); BN_free(g); BN_free(ba); BN_free(bA); BN_free(bb); BN_free(bB); BN_free(u); BN_free(v); BN_free(cS); BN_free(sS); BN_free(fb); BN_free(fB); /** SET 5 CHALLENGE 39 **/ /** RSA **/ BIO *out = NULL; out = BIO_new(BIO_s_file()); BIO_set_fp(out, stdout, BIO_NOCLOSE); egcd_test(); inv_mod_test(); // Testing RSA core functions rsa_key_t puk; rsa_key_t pik; puk.e = BN_new(); puk.n = BN_new(); pik.e = BN_new(); pik.n = BN_new(); BIGNUM *BN_plain = BN_new(); BIGNUM *BN_crypt = BN_new(); BN_hex2bn(&BN_plain, "31337"); printf("[s5c7] BN_plain = "); BN_print(out, BN_plain); rsa_generate_keypair(&puk, &pik, 128); rsa_bn_encrypt(BN_crypt, BN_plain, &puk); printf("\n[s5c7] BN_crypt = "); BN_print(out, BN_crypt); rsa_bn_decrypt(BN_plain, BN_crypt, &pik); printf("\n[s5c7] BN_plain'= "); BN_print(out, BN_plain); printf("\n"); BN_free(BN_plain); BN_free(BN_crypt); // test RSA 'wrapper' funcs unsigned char *rsa_plain_in = "Hello RSA World!"; unsigned char *rsa_crypt = NULL; unsigned int rsa_crypt_len = 0; unsigned char *rsa_plain_out = NULL; unsigned int rsa_plain_len; rsa_crypt_len = rsa_encrypt(&rsa_crypt, rsa_plain_in, 16, &puk); rsa_plain_len = rsa_decrypt(&rsa_plain_out, rsa_crypt, rsa_crypt_len, &pik); //rsa_plain_out[rsa_plain_len-1] = 0; printf("[s5c7] Encrypting '%s' using RSA...\n[s5c7] RSA crypted: '", rsa_plain_in); for(i=0; i<rsa_crypt_len; i++) { printf("%02x", rsa_crypt[i]); } printf("'\n[s5c7] RSA decrypted: '%s'\n", rsa_plain_out); free(rsa_crypt); free(rsa_plain_out); /** SET 5 CHALLENGE 40 **/ /** RSA E=3 BROADCAST ATTACK (CRT) **/ // test chinese remainder theorem impl. crt_test(); // test n-th root impl. nthroot_test(); // let's do "the real thing" rsa_broadcast_attack_test(); BN_free(puk.e); BN_free(puk.n); BN_free(pik.e); BN_free(pik.n); BIO_free(out); return 0; }
int raopcl_connect(raopcl_t *p, char *host,u_int16_t destport) { u_int8_t buf[4+8+16]; char sid[16]; char sci[24]; char *sac=NULL,*key=NULL,*iv=NULL; char sdp[1024]; int rval=-1; key_data_t *setup_kd=NULL; char *aj, *token, *pc; const char delimiters[] = ";"; u_int8_t rsakey[512]; int i; raopcl_data_t *raopcld; if(!p) return -1; raopcld=(raopcl_data_t *)p; RAND_bytes(buf, sizeof(buf)); sprintf(sid, "%d", *((u_int32_t*)buf)); sprintf(sci, "%08x%08x",*((u_int32_t*)(buf+4)),*((u_int32_t*)(buf+8))); base64_encode(buf+12,16,&sac); if(!(raopcld->rtspcl=rtspcl_open())) goto erexit; if(rtspcl_set_useragent(raopcld->rtspcl,"iTunes/4.6 (Macintosh; U; PPC Mac OS X 10.3)")) goto erexit; if(rtspcl_add_exthds(raopcld->rtspcl,"Client-Instance", sci)) goto erexit; if(rtspcl_connect(raopcld->rtspcl, host, destport, sid)) goto erexit; i=rsa_encrypt(raopcld->key,16,rsakey); base64_encode(rsakey,i,&key); remove_char_from_string(key,'='); base64_encode(raopcld->iv,16,&iv); remove_char_from_string(iv,'='); sprintf(sdp, "v=0\r\n" "o=iTunes %s 0 IN IP4 %s\r\n" "s=iTunes\r\n" "c=IN IP4 %s\r\n" "t=0 0\r\n" "m=audio 0 RTP/AVP 96\r\n" "a=rtpmap:96 AppleLossless\r\n" "a=fmtp:96 4096 0 16 40 10 14 2 255 0 0 44100\r\n" "a=rsaaeskey:%s\r\n" "a=aesiv:%s\r\n", sid, rtspcl_local_ip(raopcld->rtspcl), host, key, iv); remove_char_from_string(sac,'='); if(rtspcl_add_exthds(raopcld->rtspcl, "Apple-Challenge", sac)) goto erexit; if(rtspcl_annouce_sdp(raopcld->rtspcl, sdp)) goto erexit; if(rtspcl_mark_del_exthds(raopcld->rtspcl, "Apple-Challenge")) goto erexit; if(rtspcl_setup(raopcld->rtspcl, &setup_kd)) goto erexit; if(!(aj=kd_lookup(setup_kd,"Audio-Jack-Status"))) { ERRMSG("%s: Audio-Jack-Status is missing\n",__func__); goto erexit; } token=strtok(aj,delimiters); while(token){ if((pc=strstr(token,"="))){ *pc=0; if(!strcmp(token,"type") && !strcmp(pc+1,"digital")){ raopcld->ajtype=JACK_TYPE_DIGITAL; } }else{ if(!strcmp(token,"connected")){ raopcld->ajstatus=JACK_STATUS_CONNECTED; } } token=strtok(NULL,delimiters); } if(rtspcl_record(raopcld->rtspcl)) goto erexit; // keep host address and port information if(realloc_memory((void**)&raopcld->addr,strlen(host)+1,__func__)) goto erexit; strcpy(raopcld->addr,host); raopcld->rtsp_port=destport; if(raopcl_stream_connect(raopcld)) goto erexit; rval=0; erexit: if(sac) free(sac); if(key) free(key); if(iv) free(iv); free_kd(setup_kd); return rval; }
int main(int argc, char *argv[]) { OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); opterr = 0; char *key = NULL; char *infile = NULL; char *outfile = NULL; char *host = NULL; int encrypt = 0; int decrypt = 0; int c = 0; int size = 0; while ((c = getopt (argc, argv, "he:d:i:o:H:")) != -1) switch (c) { case 'e': encrypt = 1; key = optarg; break; case 'd': decrypt = 1; key = optarg; break; case 'i': infile = optarg; break; case 'o': outfile = optarg; break; case 'H': encrypt = 1; host = optarg; break; case 'h': usage(); exit(1); default: printf("ERROR: Unknown option '-%c'\n", optopt); usage(); exit(1); } if(host){ key = get_host_pubkey(host); if(!key){ fprintf(stderr,"ERROR: Unable to locate public key for host %s\n",host); exit(1); } } if(encrypt > 0 && key && infile && outfile){ size = rsa_encrypt(key, infile, outfile); if(size < 0) exit(1); }else if(decrypt > 0 && key && infile && outfile){ size = rsa_decrypt(key, infile, outfile); if(size < 0) exit(1); }else{ usage(); exit(1); } exit(0); }
void rsa_decrypt(BIGNUM* m, const BIGNUM* e, const BIGNUM* n) { rsa_encrypt(m, e, n); }
int main(int argc, char ** argv) { int ec_fifo, ce_fifo, es_fifo, se_fifo; FILE* fp; ssize_t msg_size; uint8_t *buff; char client_nm[NM_LENGTH], client_nm_tmp[NM_LENGTH]; uint8_t rsa_tmp[RSA_LENGTH], rsa_tmp2[RSA_LENGTH]; BIGNUM /**bn_n, *bn_d,*/ *bn_client_e, *bn_client_n, *bn_r; char client_cipher_suite; uint8_t sym_id, hash_id, public_id; uint8_t k[K_SIZE] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; int i, done; int k_len, c_hex_len, c_len; uint8_t g[HASH_LENGTH], g1[HASH_LENGTH]; uint8_t c[MSG_SIZE_MAX]; unsigned int tmp; assert(K_SIZE == 8); bn_client_e = BN_new(); bn_client_n = BN_new(); bn_r = BN_new(); /* Mandatory arguments */ if (!argv[1] || !argv[2] || !argv[3] || !argv[4] || !argv[1] || !argv[2] || !argv[3] || !argv[4]) { fprintf(stderr, "%s [server->eve fifo] [eve->server fifo] [eve->client fifo] [client->eve fifo]\n", argv[0]); exit(1); } se_fifo = open_channel(argv[1]); es_fifo = open_channel(argv[2]); ec_fifo = open_fifo(argv[3]); ce_fifo = open_fifo(argv[4]); /* wait real client to connect */ fprintf(stderr,"(E) Waiting connection...\n"); if (wait_connection(ce_fifo) < 0) { fprintf(stderr,"(E) Communication error...\n"); goto next; } /* connect to server */ write_msg(es_fifo, (const u_int8_t *)CONNECTION_STRING, strlen(CONNECTION_STRING)); forward_string(se_fifo, ec_fifo, OK_STRING); /* Server authentication */ /* client challange */ forward_msg(ce_fifo, es_fifo); /* server response to challange */ forward_msg(se_fifo, ec_fifo); /* Client authentication */ /* Client name */ msg_size = forward_msg_read(ce_fifo, es_fifo, &buff); /* vvvv copy-paste from server vvvv */ buff[msg_size] = '\0'; strncpy((char *)client_nm, (const char *) buff, NM_LENGTH); /* EXTRACT from (names[],c_puk[],n[]) the pair (c_puk[i],n[i]) where names[i] = nm */ if ((fp = fopen("server_folder/clients_rsa64_public_keys.txt", "r")) == NULL) { fprintf(stderr, "Error while getting clients RSA public keys...\n"); goto next; } done = 0; while (!feof(fp)) { fscanf(fp, "%129s %129s %129s", client_nm_tmp, rsa_tmp, rsa_tmp2); if (strcmp(client_nm_tmp, client_nm) == 0) { done = 1; break; } } if (done == 0) { fprintf(stderr, "Error: unrecognized client\n"); goto next; } fclose(fp); BN_hex2bn(&bn_client_n, (const char *) rsa_tmp); BN_hex2bn(&bn_client_e, (const char *) rsa_tmp2); /* ^^^^ copy-paste from server ^^^^ */ /* now I know client name and pub key */ /* server challange */ forward_msg(se_fifo, ec_fifo); /* client response */ forward_msg(ce_fifo, es_fifo); /* Negotiation of the cipher suite */ /* cipher suite c -> s */ forward_msg_read(ce_fifo, es_fifo, &buff); /* vvvv copy-paste from server vvvv */ client_cipher_suite = buff[0]; cipher_suite_table(client_cipher_suite, &sym_id, &hash_id, &public_id); /* ^^^^ copy-paste from server ^^^^ */ /* Negotiation of the private key */ /* k already set as an arbitrary key */ /* vvvv copy-paste from server vvvv */ if (sym_id == 1) { k_len = 3; } else { k_len = K_SIZE; } BN_bin2bn(k, k_len, bn_r); /* If we're using RSA512 read the correct key (we have the 64bit one) */ if (public_id == 6) { if ((fp = fopen("server_folder/clients_rsa512_public_keys.txt", "r")) == NULL) { fprintf(stderr, "Error while getting clients RSA public keys...\n"); goto next; } done = 0; while (!feof(fp)) { fscanf(fp, "%129s %129s %129s", client_nm_tmp, rsa_tmp, rsa_tmp2); if (strcmp(client_nm_tmp, client_nm) == 0) { done = 1; break; } } if (done == 0) { fprintf(stderr, "Error: unrecognized client\n"); goto next; } fclose(fp); BN_hex2bn(&bn_client_n, (const char *) rsa_tmp); BN_hex2bn(&bn_client_e, (const char *) rsa_tmp2); } /* ENCRYPT key */ rsa_encrypt(bn_r, bn_client_e, bn_client_n); /* WRITE encrypted k to C */ buff = (uint8_t *) BN_bn2hex(bn_r); if ((write_msg(ec_fifo, buff, strlen((char *) buff))) < 0) { fprintf(stderr, "Error while sending C to the client...\n"); goto next; } OPENSSL_free(buff); /* Encrypted communication */ if ((msg_size = read_msg(ce_fifo,&buff)) < 0) { fprintf(stderr, "Error while reading message from the client...\n"); goto next; } c_hex_len = msg_size - HASH_LENGTH * 2; if (c_hex_len <= 0) { fprintf(stderr, "Error, malformed message...\n"); goto next; } c_len = c_hex_len / 2; for (i=0; i<msg_size; i+=2) { if (i < c_hex_len) { sscanf((char *) (buff+i), "%02x", &tmp); c[i/2] = (uint8_t) tmp; } else { sscanf((char *) (buff+i), "%02x", &tmp); g[(i - c_hex_len) / 2] = (uint8_t) tmp; } } /* Decrypt C */ decrypt(sym_id, c, c_len, k); /* COMPUTE G' = H(M) */ sponge_hash(c, c_len, g1); c[c_len] = '\0'; /* CHECK G' = G */ done = 1; for (i=0; i<HASH_LENGTH; i++) { if (g[i] != g1[i]) { done = 0; } } /* If the check fails print error message */ if (done == 0) { if ((write_msg(ec_fifo, (uint8_t *) CORRUPTED_STRING, strlen(CORRUPTED_STRING))) < 0) { fprintf(stderr, "Error while writing to the client...\n"); goto next; } } /* PUT M' on a file */ if ((fp = fopen("eve_folder/received_messages.txt", "a+")) == NULL) { fprintf(stderr, "Error while saving message...\n"); fclose(fp); goto next; } fprintf(fp, "%s", c); fflush(stdout); fprintf(stdout, "MESSAGGIO SEGRETO >>>%s<<< FINE MESSAGGIO SEGRETO\n", c); fflush(stdout); fclose(fp); /* WRITE ok message to C */ if ((write_msg(ec_fifo, (uint8_t *) DECRYPTED_STRING, strlen(DECRYPTED_STRING))) < 0) { fprintf(stderr, "Error while writing C to the client...\n"); goto next; } /* ^^^^ copy-paste from server ^^^^ */ next: /*close_channels ...!*/ BN_free(bn_client_n); BN_free(bn_client_e); BN_free(bn_r); exit(0); }
int main(int argc, char **argv) { struct rsa_session ctx; struct rsa_session_info info; struct rsa_public_key key; mpz_t x; int c; const char *random_name = NULL; enum { OPT_HELP = 300 }; static const struct option options[] = { /* Name, args, flag, val */ { "help", no_argument, NULL, OPT_HELP }, { "random", required_argument, NULL, 'r' }, { NULL, 0, NULL, 0} }; while ( (c = getopt_long(argc, argv, "o:r:", options, NULL)) != -1) switch (c) { case 'r': random_name = optarg; break; case '?': return EXIT_FAILURE; case OPT_HELP: usage(stdout); return EXIT_SUCCESS; default: abort(); } argv += optind; argc -= optind; if (argc != 1) { usage (stderr); return EXIT_FAILURE; } rsa_public_key_init(&key); if (!read_rsa_key(argv[0], &key, NULL)) { werror("Invalid key\n"); return EXIT_FAILURE; } /* NOTE: No sources */ yarrow256_init(&ctx.yarrow, 0, NULL); /* Read some data to seed the generator */ if (!simple_random(&ctx.yarrow, random_name)) { werror("Initialization of randomness generator failed.\n"); return EXIT_FAILURE; } WRITE_UINT32(SESSION_VERSION(&info), RSA_VERSION); yarrow256_random(&ctx.yarrow, sizeof(info.key) - 4, info.key + 4); rsa_session_set_encrypt_key(&ctx, &info); #ifdef WIN32 _setmode(0, O_BINARY); _setmode(1, O_BINARY); #endif write_version(stdout); mpz_init(x); if (!rsa_encrypt(&key, &ctx.yarrow, (nettle_random_func *) yarrow256_random, sizeof(info.key), info.key, x)) { werror("RSA encryption failed.\n"); return EXIT_FAILURE; } write_bignum(stdout, x); mpz_clear (x); if (!process_file(&ctx, stdin, stdout)) return EXIT_FAILURE; rsa_public_key_clear(&key); return EXIT_SUCCESS; }
int main(){ LCLIB_CTX lclib_ctx; unsigned char data1[13]; unsigned char *data=NULL; unsigned long int datLen=13; //unsigned char s1[BSIZE/8]; //unsigned char s2[BSIZE/8]; //unsigned long int l1=BSIZE/8; //unsigned long int l2=BSIZE/8; int i; unsigned char *N,*d,*e; struct timeval tvs,tve,tvd; struct timezone tz; /* r=open("/dev/urandom",O_RDONLY); i=read(r,s1,BSIZE/8); i=read(r,s2,BSIZE/8); */ memcpy(data1,"abcdef0123456",13); printf("clear text\n"); for(i=0;i<13;i++) printf("%x",data1[i]); printf("\n\n"); rsa_init(&lclib_ctx,BSIZE); data=rsa_alloc(&lclib_ctx,data1,13); if(data==NULL){ printf("unable to alloc\n"); exit(0); } gettimeofday(&tvs,&tz); printf("calculating %d bit rsa key pair\n",BSIZE); //i=rsa_genkeys(&lclib_ctx,s1,l1,s2,l2); i=rsa_genkeys_internal(&lclib_ctx); gettimeofday(&tve,&tz); i=rsa_encrypt(&lclib_ctx,data,&datLen); printf("->%d\n",i); printf("encrypted data\n"); for(i=0;i<BSIZE/8;i++) printf("%x",data[i]); printf("\n\n"); i=rsa_decrypt(&lclib_ctx,data,&datLen); printf("->%d\n",i); printf("decrypted / clear text\n"); for(i=0;i<(int)datLen;i++) printf("%x",data[i]); printf("\n"); tvd.tv_sec=tve.tv_sec - tvs.tv_sec; printf("time taken to generate a %d bit key was %ld \ seconds\n",BSIZE,tvd.tv_sec); printf("bnBits=%u\n",bnBits(&lclib_ctx.rsa_ctx.e)); rsa_extractkeys(&lclib_ctx,&N,&d,&e); printf("N=\n"); for(i=0;i<(int)lclib_ctx.rsa_ctx.bits/8;i++) printf("%x",N[i]); printf("\n"); printf("d=\n"); for(i=0;i<(int)lclib_ctx.rsa_ctx.bits/8;i++) printf("%x",d[i]); printf("\n"); printf("e=\n"); for(i=0;i<(int)lclib_ctx.rsa_ctx.bits/8;i++) printf("%x",e[i]); printf("\n"); rsa_setkeys(&lclib_ctx,N,d,e); /* rsa_encrypt(&lclib_ctx,data,&datLen); printf("encrypted data\n"); for(i=0;i<BSIZE/8;i++) printf("%x",data[i]); printf("\n\n"); rsa_decrypt(&lclib_ctx,data,&datLen); printf("decrypted / clear text\n"); for(i=0;i<(int)datLen;i++) printf("%x",data[i]); printf("\n"); */ rsa_sign(&lclib_ctx,data,&datLen); printf("\nsigned data\n"); for(i=0;i<BSIZE/8;i++) printf("%x",data[i]); printf("\n\n"); rsa_verify(&lclib_ctx,data,&datLen); printf("clear text\n"); for(i=0;i<(int)datLen;i++) printf("%x",data[i]); printf("\n"); rsa_freekeys(&lclib_ctx,&N,&d,&e); lclib_end(&lclib_ctx); rsa_free(data); return 0; }