int main(int argc, char *argv[])
{
unsigned char str[BUFFER_SIZE] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
unsigned char *ciphertext, *plaintext;
int len, olen;
/* We add 1 because we're encrypting a string which has a NULL Terminator
* and want the NULL terminator to be present when we decrypt */
olen = len = strlen((const char*)str) + 1;
printf("Plaintext length: %d\n", len);
printf("String to be encrypted = {%s}\n\n", str);
printf("Begin to encrypt...\n");
ciphertext = rsa_encrypt(str, &len);
printf("Begin to decrypt..\n");
plaintext = rsa_decrypt(ciphertext, &olen);
if (strncmp((const char *)plaintext, (const char *)str, olen))
printf("\nFailed for the plaintext: {%s}\n", str);
else
printf("\nOk, Decrypted string = {%s}\n", plaintext);
free(ciphertext);
free(plaintext);
return 0;
}
int rsa_key_exchange( rsa_key *public_key,
unsigned char *premaster_secret,
unsigned char **key_exchange_message )
{
int i;
unsigned char *encrypted_premaster_secret = NULL;
int encrypted_length;
// first two bytes are protocol version
premaster_secret[ 0 ] = TLS_VERSION_MAJOR;
premaster_secret[ 1 ] = TLS_VERSION_MINOR;
for ( i = 2; i < MASTER_SECRET_LENGTH; i++ )
{
// XXX SHOULD BE RANDOM!
premaster_secret[ i ] = i;
}
encrypted_length = rsa_encrypt( premaster_secret, MASTER_SECRET_LENGTH,
&encrypted_premaster_secret, public_key );
*key_exchange_message = ( unsigned char * ) malloc( encrypted_length + 2 );
(*key_exchange_message)[ 0 ] = 0;
(*key_exchange_message)[ 1 ] = encrypted_length;
memcpy( (*key_exchange_message) + 2, encrypted_premaster_secret,
encrypted_length );
free( encrypted_premaster_secret );
return encrypted_length + 2;
}
/*
===============
SV_RSAGenMsg
Generate an encrypted RSA message
===============
*/
int SV_RSAGenMsg( const char *pubkey, char *cleartext, char *encrypted ) {
struct rsa_public_key public_key;
mpz_t message;
unsigned char buffer[ RSA_KEY_LENGTH / 8 - 11 ];
int retval;
Com_RandomBytes( buffer, RSA_KEY_LENGTH / 8 - 11 );
nettle_mpz_init_set_str_256_u( message, RSA_KEY_LENGTH / 8 - 11, buffer );
mpz_get_str( cleartext, 16, message );
rsa_public_key_init( &public_key );
mpz_set_ui( public_key.e, RSA_PUBLIC_EXPONENT );
retval = mpz_set_str( public_key.n, pubkey, 16 ) + 1;
if ( retval ) {
rsa_public_key_prepare( &public_key );
retval = rsa_encrypt( &public_key, NULL, qnettle_random, RSA_KEY_LENGTH / 8 - 11, buffer, message );
}
rsa_public_key_clear( &public_key );
mpz_get_str( encrypted, 16, message );
mpz_clear( message );
return retval;
}
void challenge_39()
{
mpz_t n, e, d;
char *p_str = "38b689c351cf329d5efd5676b";
char *q_str = "54060a750a88d007bd41db2cb";
rsa_keygen(p_str, q_str, n, e, d);
size_t pt_len = 32, ct_len = 0;
unsigned char pt[200] = "yellow submarineyellow submarine";
unsigned char ct[200] = {0};
mpz_out_str(stdout, 16, n);
printf("\n");
mpz_out_str(stdout, 16, e);
printf("\n");
mpz_out_str(stdout, 16, d);
printf("\n");
rsa_encrypt(pt, pt_len, ct, ct_len, n, e);
memset(pt, 0, 32);
rsa_decrypt(ct, ct_len, pt, pt_len, n, d);
printf("Plaintext length: %ld\n", pt_len);
print_binary(pt, pt_len);
}
/* 返回值不为空时用完需要释放 */
long long * rsa_api_encrypt_buffer(char *pub_key, int buf_len, char * buffer, int len)
{
if ((NULL == pub_key) || (buf_len < PUB_KEY_LEN*2))
{
os_printf("invalid param \n");
return NULL;
}
char mod_buf[PUB_KEY_LEN] = {0};
char exp_buf[PUB_KEY_LEN] = {0};
int i;
for (i=0; i<PUB_KEY_LEN; i++)
{
if ('0' != pub_key[i])
{
break;
}
}
if (i >= PUB_KEY_LEN)
{
os_printf("string invalid \n");
return NULL;
}
memcpy(mod_buf, &pub_key[i], PUB_KEY_LEN - i);
for (i=PUB_KEY_LEN; i<PUB_KEY_LEN*2; i++)
{
if ('0' != pub_key[i])
{
break;
}
}
if (i >= PUB_KEY_LEN*2)
{
os_printf("string invalid \n");
return NULL;
}
memcpy(exp_buf, &pub_key[i], PUB_KEY_LEN*2 - i);
struct public_key_class pub;
pub.modulus = atoll(mod_buf);
pub.exponent = atoll(exp_buf);
//os_sscanf(mod_buf, "%lld", &pub.modulus);
//os_sscanf(exp_buf, "%lld", &pub.exponent);
os_printf("get pub %lld %lld \n", pub.modulus, pub.exponent);
long long *encrypted = rsa_encrypt(buffer, len, &pub);
if (NULL == encrypted)
{
os_printf("rsa enc failed \n");
return NULL;
}
return encrypted;
}
//按PKCS#1标准加密
void rsa_encrypt_pkcs(unsigned char* plain, unsigned int plain_len,vlong& cipher, RSA_KEY& pubkey)
{
unsigned char pbEncBuf[128]={0};
vlong tmp_plain;
PKCS_Encode(plain,plain_len,pbEncBuf,128); //编码
PKCS_OS2IP(pbEncBuf,128,tmp_plain); //转为integer
cipher = rsa_encrypt(tmp_plain,pubkey.key,pubkey.modulus); //加密
PKCS_I2OSP(cipher,pbEncBuf,128); //转为octet string
cipher.load((UINT*)pbEncBuf,128/4); //转为vlong保存
}
static int
_wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo,
gnutls_datum_t * ciphertext,
const gnutls_datum_t * plaintext,
const gnutls_pk_params_st * pk_params)
{
int ret;
mpz_t p;
mpz_init(p);
switch (algo) {
case GNUTLS_PK_RSA:
{
struct rsa_public_key pub;
_rsa_params_to_pubkey(pk_params, &pub);
ret =
rsa_encrypt(&pub, NULL, rnd_func,
plaintext->size, plaintext->data,
p);
if (ret == 0) {
ret =
gnutls_assert_val
(GNUTLS_E_ENCRYPTION_FAILED);
goto cleanup;
}
ret =
_gnutls_mpi_dprint_size(p, ciphertext,
pub.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
break;
}
default:
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
ret = 0;
cleanup:
mpz_clear(p);
FAIL_IF_LIB_ERROR;
return ret;
}
/* encrypts (or decrypts) with private key, not sensitive to
timing attacks (blind encryption)
*/
void rsa_encrypt_secure(BIGNUM* m, const BIGNUM* d,
const BIGNUM* e, const BIGNUM* n,
const unsigned char * r_bin, int r_len) {
BN_CTX *ctx;
BIGNUM *tmp = BN_new();
BIGNUM *r = BN_new();
BIGNUM *r_inv = BN_new();
ctx = BN_CTX_new();
BN_bin2bn(r_bin, r_len, r);
BN_mod(r, r, n, ctx); /* r = r % n */
/*
printf(" r input: ");BN_print_fp(stdout, r);
printf(" n: ");BN_print_fp(stdout, n);
printf("\n");
*/
BN_mod(tmp, n, r, ctx);
/*printf("r=");BN_print_fp(stdout, r); printf("; tmp=");BN_print_fp(stdout, tmp);*/
while (BN_is_zero(tmp)) { /* */
BN_mod_add(r, r, BN_value_one(), n, ctx);
BN_mod(tmp, n, r, ctx);
/*printf("r=");BN_print_fp(stdout, r); printf("; tmp=");BN_print_fp(stdout, tmp);*/
}
/*printf("\n");*/
BN_mod_inverse(r_inv, r, n, ctx);
/*
printf(" r = ");BN_print_fp(stdout, r);
printf(" r_inv = ");BN_print_fp(stdout, r_inv);
printf(" n = ");BN_print_fp(stdout, n);
printf("\n");
*/
BN_mod_exp(r, r, e, n, ctx); /* r = r^e % n */
BN_mod_mul(m, m, r, n, ctx); /* m = m * r % n */
rsa_encrypt(m, d, n);
BN_mod_mul(m, m, r_inv, n, ctx);
BN_free(r);
BN_free(r_inv);
BN_free(tmp);
BN_CTX_free(ctx);
}
/* Get encrypted session key (enctypted with remote key) */
kaa_error_t ext_get_encrypted_session_key(uint8_t **buffer, size_t *buffer_size,
const uint8_t *remote_key, size_t remote_key_size)
{
if (buffer == NULL || buffer_size == NULL || remote_key == NULL || remote_key_size == 0) {
return KAA_ERR_BADPARAM;
}
kaa_error_t err = rsa_encrypt(remote_key, remote_key_size, keys.session_key,
KAA_SESSION_KEY_LENGTH, keys.encrypted_session_key);
if (err) {
return err;
}
*buffer = keys.encrypted_session_key;
*buffer_size = ENCRYPTED_SESSION_KEY_LENGTH;
return err;
}
RSA_SW_STATUS RSA_SW_Encrypt (DRV_HANDLE handle, uint8_t *cipherText, uint8_t *plainText, uint16_t msgLen, const RSA_SW_PUBLIC_KEY *publicKey)
{
uint16_t retVal;
retVal = rsa_encrypt (cipherText, plainText, msgLen, publicKey->n, publicKey->nLen, publicKey->exp, publicKey->eLen, rsaDesc0.xBuffer, rsaDesc0.yBuffer, rsaDesc0.randFunc);
switch (retVal)
{
case MCL_SUCCESS:
return RSA_SW_STATUS_READY;
break;
case MCL_ILLEGAL_PARAMETER:
return RSA_SW_STATUS_BAD_PARAM;
break;
case MCL_ILLEGAL_SIZE:
default:
return RSA_SW_STATUS_ERROR;
break;
}
}
// 服务器端组装发给客户端的协商包
char* pkg_talk_rtn(const packet_parser_t *pkg)
{
char *r;
unsigned char *encrypted_key;// 使用公钥加密过的临时密钥
char *output;
iks *x, *tmp;
int dest_len;
x = iks_new ("connection");
if(NULL == x) return NULL;
iks_insert_attrib(x, "xmlns", TALK_XMLNS);
iks_insert_attrib(x, "type", "result");
tmp = iks_insert(x, "encryption");
iks_insert_attrib(tmp, "type", pkg->curr_ert.transfer_ert_type);
// 使用公钥对临时密钥进行加密
if (pkg->asym_encrypt_hook == NULL)
{
encrypted_key = rsa_encrypt((unsigned char *)get_transfer_crt_key(pkg), strlen(get_transfer_crt_key(pkg)), &dest_len, (char *)(pkg->curr_ert.ert_keys[0]), CRYPT_TYPE_ENCRYPT);
}
else
{
encrypted_key = pkg->asym_encrypt_hook((unsigned char *)get_transfer_crt_key(pkg), strlen(get_transfer_crt_key(pkg)), &dest_len, (char *)(pkg->curr_ert.ert_keys[0]), CRYPT_TYPE_ENCRYPT);
}
output = (char *)calloc(dest_len*2+1, 1);
byte2hex(encrypted_key, dest_len, output);
iks_insert_cdata(tmp, output, 0);
free(output);
free(encrypted_key);
iks_insert_cdata(iks_insert(x, "compression"), pkg->cps_type, 0);
tmp = iks_insert(x, "heartbeat");
// TODO:在初始化服务器端包解析器的时候应该设置心跳参数
iks_insert_attrib(tmp, "sponsor", "server");
iks_insert_attrib(tmp, "seconds", "60");
r = iks_string(NULL, x);
iks_delete(x);
return r;
}
int main() {
printf("Hello world!");
struct public_key_class pub;
struct private_key_class priv;
rsa_gen_keys(&pub, &priv, "./primes.txt");
char *string_to_encode = "hello, my name is nemo.";
int message_length = strlen(string_to_encode);
printf("\nLength of string is: %d\n", message_length);
printf("\nEncrypting message: '%s'\n", string_to_encode);
long long *encoded_message = rsa_encrypt(string_to_encode, message_length, &pub);
if (encoded_message == NULL) {
printf("Encoded message is NULL!");
}
printf("Encoding complete!\n");
char *decoded_message = rsa_decrypt(encoded_message, 8*message_length, &priv);
printf("\n Decoded Message: '%s'", decoded_message);
free(encoded_message);
free(decoded_message);
return 0;
}
struct Msg *createMsg(int stepID, int senderID,
char *pubEncFile, char *sigFile,
char *key, char *x) {
//unsigned char *p = intToStr(stepID);
//unsigned char *id = intToStr(senderID);
unsigned char *pke; //public encryption
unsigned char *encrypt; //sym encryption
unsigned char *sign;
//sign
int xLen = strlen(x);
int sigLen = 0;
sign = rsa_sign(x, sigFile, &sigLen);
//public encryption
pke = rsa_encrypt(key, pubEncFile);
char *tmp = (char *)malloc(xLen + sigLen + 1);
strcpy(tmp, x); //free(x);
strcat(tmp, sign); //free(sign);
//sym enccryption
encrypt = des_encrypt( key, tmp, strlen(tmp));
struct Msg *msg = (struct Msg *)malloc( sizeof(struct Msg) );
//prepare the msg
msg->p = stepID;
msg->id = senderID;
msg->xLen = xLen;
msg->sigLen = sigLen;
msg->pke = pke;
msg->enc = encrypt;
msg->encLen = strlen(tmp);
return msg;
}
int main(int argc, char**argv)
{
char clearString[MSG_LEN] = "this is the data to be encrypted";
char encryptString[MSG_LEN] = {};;
char decryptString[MSG_LEN] = {};
createRSAPEM();
if (!rsa_encrypt(clearString, PUBKEY_FILE, encryptString))
{
printf("encrypt error\n");
return -1;
}
if (!rsa_decrypt(encryptString, PRIKEY_FILE, decryptString))
{
printf("decrypt error\n");
return -1;
}
printf("\n");
printf("before encrypt, the plaintext is:\n[%lu]:%s\n", strlen(clearString), clearString);
printf("after encrypt, the encrypted text len is:%s\n", encryptString);
printf("after decrypt, the decrypted text is:\n[%lu]:%s\n", strlen(decryptString), decryptString);
printf("\n");
if (memcmp(clearString, decryptString, MSG_LEN) == 0)
{
printf("Yes, it worked!\n");
}
else
{
printf("Oh, no!\n");
}
return 0;
}
// 客户端解析服务器响应的协商包,从协商包中解析出临时密钥,并使用自己的私钥进行解密
// 服务器端解析客户端发来的协商包,并填充服务器包解析器
int pkg_talk_parse(packet_parser_t *pkg, const char* xml)
{
iks *x, *e, *c;
int result=0;
int dest_len;
if(NULL==xml) return NULL_ERROR;
x = iks_tree (xml, 0, &result);
if(!x) return NULL_ERROR;
if(result != IKS_OK)
{
iks_delete(x);
return IKS_BADXML;
}
if(0 == iks_strcmp("connection",iks_name(x)))
{
char* tmp = NULL;
char *tempkey;
char *output;
tmp = iks_find_attrib(x, "type");
if(NULL != tmp){
if(strcmp(tmp, "create")==0)
set_talk_type(1, pkg); //说明为服务端
else
set_talk_type(0, pkg); //说明为客户端
}
if(1 == pkg->talk_type)
{
//说明本端为服务端
tmp = iks_find_cdata(x, "client-id");
set_client_id(tmp, pkg);
tmp = iks_find_cdata(x, "public-key");
if(SUCCESS != set_talk_crt_public_key(tmp, pkg))
return SET_TALK_CRT_KEY_ERROR;
tmp = iks_find_attrib(iks_find(x,"public-key"), "type");
if(SUCCESS != set_talk_crt_type(tmp, pkg))
return SET_TALK_CRT_TYPE_ERROR;
e = iks_find(x,"encryption");
while( e ){
tmp = iks_find_cdata(e, "allow");
if(SUCCESS == set_transfer_crt_type(tmp, pkg)) break;
e = iks_next(e);
}
// 服务器端设置传输数据使用的临时密钥
set_transfer_crt_key(TRANSFERKEY, pkg);
c = iks_find(x,"compression");
while( c ){
tmp = iks_find_cdata(c, "allow");
if(SUCCESS == set_cps_type(tmp, pkg)) break;
c = iks_next(c);
}
}
else if(0 == pkg->talk_type)
{
// 说明本端为客户端
tempkey = iks_find_cdata(x,"encryption");
output = (char *)calloc(strlen(tempkey)/2+1, 1);
hex2byte(tempkey, strlen(tempkey), (unsigned char *)output);
if (pkg->asym_encrypt_hook == NULL)
{
tempkey = (char *)rsa_encrypt((unsigned char *)output, strlen(tempkey)/2, &dest_len, pkg->curr_ert.ert_keys[1], CRYPT_TYPE_DECRYPT);
}
else
{
tempkey = (char *)pkg->asym_encrypt_hook((unsigned char *)output, strlen(tempkey)/2, &dest_len, pkg->curr_ert.ert_keys[1], CRYPT_TYPE_DECRYPT);
}
free(output);
// 比较服务器端响应的压缩加密方式与客户端请求的是否相同
if( SUCCESS != set_transfer_crt_key(tempkey, pkg))
return SET_TRANSFER_ERT_KEY_ERROR;
free(tempkey);
if( SUCCESS != cmp_transfer_crt_type(iks_find_attrib(iks_find(x, "encryption"), "type"), pkg) )
return CMP_TRANSFER_CRT_TYPE_ERROR;
if( SUCCESS != cmp_cps_type(iks_find_cdata(x, "compression"), pkg) )
return CMP_CPS_TYPE_ERROR;
set_heatbeat("client", iks_find_attrib(iks_find(x, "heartbeat"), "seconds"), pkg);
}
}
//iks_parser_delete (p);
iks_delete(x);
return SUCCESS;
}
void
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key key;
struct knuth_lfib_ctx lfib;
/* FIXME: How is this spelled? */
const uint8_t *msg = "Squemish ossifrage";
size_t msg_length;
uint8_t *decrypted;
size_t decrypted_length;
uint8_t after;
mpz_t gibberish;
rsa_private_key_init(&key);
rsa_public_key_init(&pub);
mpz_init(gibberish);
knuth_lfib_init(&lfib, 17);
test_rsa_set_key_1(&pub, &key);
msg_length = strlen(msg);
if (verbose)
fprintf(stderr, "msg: `%s', length = %d\n", msg, (int) msg_length);
ASSERT(rsa_encrypt(&pub,
&lfib, (nettle_random_func *) knuth_lfib_random,
msg_length, msg,
gibberish));
if (verbose)
{
fprintf(stderr, "encrypted: ");
mpz_out_str(stderr, 10, gibberish);
}
decrypted = xalloc(msg_length + 1);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length - 1;
ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
decrypted_length = msg_length;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = key.size;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length;
ASSERT(rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
/* Test invalid key. */
mpz_add_ui (key.q, key.q, 2);
decrypted_length = key.size;
ASSERT(!rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
rsa_private_key_clear(&key);
rsa_public_key_clear(&pub);
mpz_clear(gibberish);
free(decrypted);
}
int rsa_pss_verify(RSA_PUBLIC_KEY *key, uint8_t *sig, size_t siglen, uint8_t *message, size_t mlen, int *valid) {
if(key == NULL || sig == NULL || message == NULL || valid == NULL) {
return -1;
}
const size_t emlen = (key->bits - 2) / 8 + 1;
const size_t hlen = 32;
const size_t slen = hlen;
SHA256_CTX ctx;
uint8_t hash[hlen];
uint8_t zeroes[8];
uint8_t *em = NULL;
uint8_t *mask = NULL;
bignum em_bn = BN_ZERO;
bignum s_bn = BN_ZERO;
int ret;
*valid = 0;
if((em = malloc(emlen)) == NULL) {
return MALLOC_FAIL;
}
if((mask = malloc(emlen - hlen - 1)) == NULL) {
ret = MALLOC_FAIL;
goto err;
}
if((ret = os2ip(&s_bn, sig, siglen)) != 0) {
/* cleanup is non-necessary here, but no harm */
goto err;
}
if((ret = rsa_encrypt(key, &s_bn, &em_bn)) != 0) {
goto err;
}
if((ret = i2osp(em, emlen, &em_bn)) != 0) {
goto err;
}
mgf1_sha256(&em[emlen - hlen - 1], hlen, emlen - hlen - 1, mask);
xor_bytes(em, mask, emlen - hlen - 1, em);
sha256_init(&ctx);
sha256_update(&ctx, message, mlen);
sha256_final(&ctx, hash);
memset(zeroes, 0x00, 8);
sha256_init(&ctx);
sha256_update(&ctx, zeroes, 8);
sha256_update(&ctx, hash, hlen);
sha256_update(&ctx, &em[emlen - hlen - slen - 1], slen);
sha256_final(&ctx, hash);
xor_bytes(&em[emlen - hlen - 1], hash, hlen, &em[emlen - hlen - 1]);
em[emlen - hlen - slen - 2] ^= 0x01;
em[emlen - 1] ^= 0xbc;
em[0] &= ((uint8_t) 0xff) >> (emlen * 8 - (key->bits - 2));
memset(&em[emlen - hlen - slen - 1], 0x00, slen);
size_t i;
uint8_t val = 0;
for(i = 0; i < emlen; i++) {
val |= (em[i]);
}
if(val) {
*valid = 0;
} else {
*valid = 1;
}
ret = 0;
err:
memsets(&ctx, 0x00, sizeof(SHA256_CTX));
memsets(hash, 0x00, hlen);
if(em) zfree(em, emlen);
if(mask) zfree(mask, emlen - hlen - 1);
bnu_free(&em_bn);
bnu_free(&s_bn);
return ret;
}
unsigned int anak_kirim(
unsigned int identifikasi,
FILE *pberkas,
RSA *rsapub,
RSA *rsapriv,
struct KIRIMBERKAS *kirim,
struct INFOALAMAT *infoalamat,
int ukuberkas_panjang
){
char pesan[CHUNK_MESSAGE_SIZE];
char pecahan[ENCRYPTED_CONTAINER_SIZE];
size_t panjang_pesan=0;
// Perilaku.
int status=0;;
int maksimal_coba=aturan.tries;
int ulang_tunggu=aturan.waitretry;
int urut_tunggu=aturan.waitqueue;
unsigned int kelompok_kirim=kirim->kelompok_kirim;
char *nama_berkas=kirim->berkas;
// Identifikasi.
bool identifikasi_awal=true;
unsigned int identifikasi_sebelumnya=kirim->identifikasi_sebelumnya;
// Pengepala Pecahan.
int paritas=0;
int panji=0;
int status_gerbang=0;
int status_peladen=0;
// Tujuan.
char *hostname=kirim->hostname;
char *portno=kirim->portno;
// Berurutan kirim.
kirim->urut_kali++;
// Membersihkan isi.
memset(pesan, 0, CHUNK_MESSAGE_SIZE);
memset(pecahan, 0, MAX_CHUNK_SIZE);
// Bila identifikasi
// lebih dari MAX_CHUNK_ID,
// maka identifikasi adalah NOL.
if(identifikasi>MAX_CHUNK_ID){
DEBUG1(_("Telah melebihi maksimal identifikasi %1$i."), MAX_CHUNK_ID);
DEBUG1(_("Nilai identifikasi adalah %1$i."), identifikasi);
// Ke NOL.
identifikasi=0;
DEBUG1(_("Mengubah identifikasi ke nilai 0."), 0);
// Keluar.
DEBUG1(_("Tidak melanjutkan pengiriman."), 0);
return identifikasi;
};
// Apakah pertama.
if(kirim->paksa_panji!=UNDEFINED_FLAG){
// Memaksa panji.
panji=kirim->paksa_panji;
kirim->paksa_panji=UNDEFINED_FLAG;
// Pesan.
DEBUG1(_("Memaksa panji '%1$s'."),arti_panji(panji));
// Langsung berhenti bila panji STOP.
if(panji==STOP_FLAG){
// Mengirim panji STOP
// dan keluar dari perulangan.
DEBUG1(_("Menghentikan pengulangan pengiriman."), 0);
kirim->do_kirim=false;
};
}else if(identifikasi==0){
// Panji.
panji=START_FLAG;
// Memastikan nama berkas ada.
if(!strlen(nama_berkas)){
// Kesalahan.
FAIL(_("Gagal memperoleh nama berkas."), 0);
exit(EXIT_FAILURE_MEMORY);
};
// Pecahan pertama adalah
// pecahan dengan informasi berkas.
memcpy(pesan, buat_pesan_start(
pesan,
CHUNK_MESSAGE_SIZE,
kirim->berkas_identifikasi,
nama_berkas,
kirim->ukuran_berkas
), CHUNK_MESSAGE_SIZE);
// Apakah hampir akhir.
}else if(identifikasi==MAX_CHUNK_ID){
// Panji.
DEBUG1(_("Mengirim panji '%1$s'."),_("Henti"));
panji=STOP_FLAG;
/*
}else if (kirim->ukuran_kirim>kirim->ukuran_berkas){
// Panji STOP.
DEBUG1(_("Mengirim panji '%1$s'."), _("Henti"));
panji=STOP_FLAG;
// Hentikan perulangan.
// Keluar dari perulangan.
DEBUG1(_("Menghentikan pengulangan pengiriman."), 0);
kirim->do_kirim=false;
*/
}else{
// Panji.
panji=INTRANSFER_FLAG;
// Mendapatkan posisi berkas.
long int penunjuk_berkas=0
+((long)(kelompok_kirim-1)*(MAX_CHUNK_ID-1)*CHUNK_MESSAGE_SIZE)
+((long)identifikasi-1)*(long)CHUNK_MESSAGE_SIZE;
// Bila mendekati dan pecahan transfer terakhir,
// maka penunjuk merupakan
// panjang berkas dikurangi CHUNK_MESSAGE_SIZE.
// Aktifkan dengan aturan.shifteof=true.
int panjang_geser_akhir=0;
size_t panjang_baca=CHUNK_MESSAGE_SIZE;
if (
aturan.shifteof
&& kirim->ukuran_kirim + (double)CHUNK_MESSAGE_SIZE
>= kirim->ukuran_berkas
&& kirim->ukuran_berkas - kirim->ukuran_kirim
<= (double)CHUNK_MESSAGE_SIZE
){
// Pesan.
DEBUG3(_("Merupakan pecahan akhir."), 0);
// Jumlah geser.
panjang_geser_akhir=(int)0
+((double)CHUNK_MESSAGE_SIZE
-(kirim->ukuran_berkas-kirim->ukuran_kirim));
// Mengubah penunjuk berkas.
penunjuk_berkas=kirim->ukuran_berkas-CHUNK_MESSAGE_SIZE;
// Panjang baca.
panjang_baca=CHUNK_MESSAGE_SIZE;
}else{
// Jumlah geser.
panjang_geser_akhir=0;
// Panjang baca.
panjang_baca=CHUNK_MESSAGE_SIZE;
};
// Menggeser penunjuk berkas.
status=fseek(pberkas, penunjuk_berkas, SEEK_SET);
// Memeriksa posisi.
if(status<0){
FAIL(
_("Gagal memindah posisi penunjuk berkas '%1$s': %2$s (%3$i)."),
nama_berkas, strerror(errno), errno
);
exit(EXIT_FAILURE_IO);
}else{
long posisi_sekarang=ftell(pberkas);
if(posisi_sekarang<0){
FAIL(
_("Gagal mendapatkan posisi penunjuk berkas '%1$s': %2$s (%3$i)."),
nama_berkas, strerror(errno), errno
);
exit(EXIT_FAILURE_IO);
}else if(posisi_sekarang!=penunjuk_berkas){
FAIL(
_("Posisi penunjuk berkas '%1$s' (%2$li) tidak sesuai. Diharapkan: %2$li."),
nama_berkas, posisi_sekarang, errno
);
exit(EXIT_FAILURE_IO);
}else{
// Berhasil.
if(kelompok_kirim>1){
DEBUG3(
_("Mulai membaca di bita %1$i sebesar %2$lu bita untuk pesan %3$i kelompok %4$i."),
penunjuk_berkas,
(long unsigned int) panjang_baca,
identifikasi, kelompok_kirim
);
}else{
DEBUG3(
_("Mulai membaca di bita %1$i sebesar %2$lu bita untuk pesan %3$i."),
penunjuk_berkas,
(long unsigned int) panjang_baca, identifikasi
);
};
};
};
// Baca berkas untuk pesan.
panjang_pesan=fread(pesan, 1, CHUNK_MESSAGE_SIZE, pberkas);
// Menambah bita terkirim.
if(identifikasi_awal ||
identifikasi!=identifikasi_sebelumnya){
// Menambah.
identifikasi_awal=false;
// kirim->ukuran_kirim+=(double)panjang_pesan;
identifikasi_sebelumnya=identifikasi;
kirim->identifikasi_sebelumnya=identifikasi;
};
// Menggeser.
if(
panjang_geser_akhir>0
&& panjang_geser_akhir <= CHUNK_MESSAGE_SIZE
){
// Membuat sementara.
char pesan_tmp[CHUNK_MESSAGE_SIZE+1];
memset(pesan_tmp, 0, CHUNK_MESSAGE_SIZE+1);
// Mengeser.
panjang_pesan=CHUNK_MESSAGE_SIZE-panjang_geser_akhir;
memmove(pesan_tmp+0, pesan+panjang_geser_akhir, panjang_pesan);
// Mengembalikan.
memset(pesan, 0, CHUNK_MESSAGE_SIZE);
memcpy(pesan, pesan_tmp, panjang_pesan);
// Membersihkan.
memset(pesan_tmp, 0, CHUNK_MESSAGE_SIZE+1);
// Pesan.
DEBUG3(
_("Menggeser pesan sebanyak %1$i bita."),
panjang_geser_akhir
);
DEBUG3(
_("Mulai dibaca di bita %1$i sebesar %2$lu bita"),
penunjuk_berkas+panjang_geser_akhir, panjang_pesan
);
};
// Bila telah selesai.
// Kecuali bila aturan.transferedcheck=true
// maka penghentian melihat bita terterima Peladen
// bukan bila berkas kosong. Berguna bila merupakan
// sambungan paralel sehingga saat pecahan melebihi ukuran,
// tidak langsung menghentikan.
if (
(!panjang_pesan
&& !aturan.transferedcheck)
||
(!panjang_pesan
&& (
kirim->ukuran_kirim
> kirim->ukuran_berkas+(CHUNK_MESSAGE_SIZE*10)
)
)
){
DEBUG3(_("Panjang pesan akhir adalah %1$i bita"), panjang_pesan);
if(feof(pberkas)!=0){
// Selesai kirim.
char penyangga_feof[ukuberkas_panjang];
INFO(
_("Berkas '%1$s' dengan ukuran %2$s (%3$.0lf bita) telah selesai dikirim."),
nama_berkas,
readable_fs(kirim->ukuran_berkas, penyangga_feof),
kirim->ukuran_berkas
);
memset(penyangga_feof, 0, ukuberkas_panjang);
clearerr(pberkas);
}else if(ferror(pberkas)!=0){
// Kesalahan.
FAIL(
_("Gagal membaca berkas '%1$s': %2$s (%3$i)."),
nama_berkas, strerror(errno), errno
);
clearerr(pberkas);
exit(EXIT_FAILURE_IO);
}else{
// Kesalahan.
WARN(
_("Kesalahan berkas yang tidak diketahui: %1$s (%2$i)."),
strerror(errno), errno
);
};
// Pesan.
DEBUG1(_("Mengirim panji '%1$s'."),_("Henti"));
panji=STOP_FLAG;
// Mengirim panji STOP
// dan keluar dari perulangan.
DEBUG1(_("Menghentikan pengulangan pengiriman."), 0);
kirim->do_kirim=false;
}else{
// Pesan.
DEBUG3(_("Panjang pesan adalah %1$i bita"), panjang_pesan);
};
};
// Bangun pesan.
memcpy(pecahan, buat_pesan(
pecahan,
identifikasi,
&paritas,
pesan
), MAX_CHUNK_SIZE);
// Bangun pengepala.
DEBUG2(_("Panji %1$s."), arti_panji(panji));
memcpy(pecahan, buat_pengepala(
pecahan,
identifikasi,
panji,
paritas,
status_gerbang,
status_peladen
), MAX_CHUNK_SIZE);
// Pesan.
if(kelompok_kirim>1){
DEBUG1(
_("Mengirim pesan %1$i kelompok %2$i."),
identifikasi, kelompok_kirim);
}else{
DEBUG1(
_("Mengirim pesan %1$i."),
identifikasi);
};
// ============= Enkripsi =======
int panjang_pecahan;
// Enkripsi.
if(!aturan.rawtransfer){
// Pesan mentah.
DEBUG5(_("Pesan mentah dikirim"), pecahan, 0, MAX_CHUNK_SIZE);
// Penyandian.
unsigned char pesan_ency[MAX_CHUNK_SIZE+1];
memcpy(pesan_ency, pecahan, MAX_CHUNK_SIZE);
unsigned char tujuan_ency[ENCRYPTED_CONTAINER_SIZE+1];
panjang_pecahan=rsa_encrypt(
pesan_ency,
MAX_CHUNK_SIZE+1,
tujuan_ency,
rsapub,
aturan.rsa_padding
);
// Bersihkan.
memset(pesan_ency, 0, MAX_CHUNK_SIZE);
// Pesan mentah.
DEBUG5(
_("Pesan mentah dikirim tersandikan"),
tujuan_ency, 0, MAX_CHUNK_SIZE
);
// Salin.
memcpy(pecahan, tujuan_ency, panjang_pecahan);
}else{
panjang_pecahan=MAX_CHUNK_SIZE;
};
// ============ /Enkripsi =======
// Kirim.
int panjang_diterima;
char *kirim_data=kirimdata(
pecahan,
panjang_pecahan,
hostname,
portno,
infoalamat,
&panjang_diterima
);
// Bila kosong.
if(kirim_data == NULL){
// Pesan kesalahan.
DEBUG1(_("Kegagalan %1$s."), _("Soket"));
// Keluar.
exit(EXIT_FAILURE_SOCKET);
};
// Menyalin isi.
memcpy(pecahan, kirim_data, ENCRYPTED_CONTAINER_SIZE);
// Pesan mentah.
DEBUG4(_("Panjang pesan mentah diterima: %1$i"), panjang_pecahan);
DEBUG5(_("Pesan mentah diterima"), pecahan, 0, panjang_pecahan);
// ============= Dekripsi =======
if(!aturan.rawtransfer){
// Pemecah sandi.
unsigned char pesan_deco[ENCRYPTED_CONTAINER_SIZE+1];
memcpy(pesan_deco, pecahan, ENCRYPTED_CONTAINER_SIZE);
unsigned char tujuan_deco[MAX_CHUNK_SIZE+1];
panjang_pecahan=rsa_decrypt(
pesan_deco,
panjang_diterima,
tujuan_deco,
rsapriv,
aturan.rsa_padding
);
// Periksa.
// print_unsigned_array(tujuan_deco, 100);
// Bersihkan.
memset(pesan_deco, 0, MAX_CHUNK_SIZE);
// Pesan mentah.
DEBUG4(
_("Panjang pesan mentah diterima terpecahkan: %1$i"),
panjang_pecahan
);
DEBUG5(
_("Pesan mentah diterima terpecahkan"),
tujuan_deco, 0, panjang_pecahan
);
// Salin.
memcpy(pecahan, tujuan_deco, MAX_CHUNK_SIZE);
};
// ============ /Dekripsi =======
// Mendapatkan pesan.
DEBUG4(_("Membersihkan penampung pesan."), 0);
memset(pesan, 0, CHUNK_MESSAGE_SIZE);
DEBUG4(_("Menyalin pesan."), 0);
memcpy(pesan, ambil_pesan(pecahan), CHUNK_MESSAGE_SIZE);
DEBUG4(_("Selesai menyalin pesan."), 0);
// Periksa.
// print_unsigned_array(tujuan_deco, 100);
// Mendapatkan pengepala.
// Respons.
int r_versi;
int r_panji;
int r_paritas;
int r_status_gerbang;
int r_status_peladen;
unsigned int r_identifikasi;
DEBUG4(_("Mendapatkan pengepala."), 0);
ambil_pengepala(
pecahan,
&r_versi,
&r_identifikasi,
&r_panji,
&r_paritas,
&r_status_gerbang,
&r_status_peladen
);
DEBUG4(_("Selesai mendapatkan pengepala."), 0);
// Mendapatkan informasi peladen.
char* r_berkas_id;
char* berkas_ukuran_str;
char* berkas_diterima_str;
char* unix_time_str;
// Alikasi memori.
r_berkas_id=malloc(
sizeof(r_berkas_id)* (CHUNK_MESSAGE_SIZE/2));
berkas_ukuran_str=malloc(
sizeof(berkas_ukuran_str)* (CHUNK_MESSAGE_SIZE/2));
berkas_diterima_str=malloc(
sizeof(berkas_diterima_str)* (CHUNK_MESSAGE_SIZE/2));
unix_time_str=malloc(
sizeof(unix_time_str)* (CHUNK_MESSAGE_SIZE/2));
// Membersihkan isi.
memset(r_berkas_id, 0,
sizeof(r_berkas_id)* (CHUNK_MESSAGE_SIZE/2));
memset(berkas_ukuran_str, 0,
sizeof(berkas_ukuran_str)* (CHUNK_MESSAGE_SIZE/2));
memset(berkas_diterima_str, 0,
sizeof(berkas_diterima_str)* (CHUNK_MESSAGE_SIZE/2));
memset(unix_time_str, 0,
sizeof(unix_time_str)* (CHUNK_MESSAGE_SIZE/2));
// Ambil informasi.
DEBUG4(_("Mendapatkan informasi peladen."), 0);
DEBUG5(_("Pesan"), pesan, 0, CHUNK_MESSAGE_SIZE);
status=ambil_pesan_peladen(
pesan,
CHUNK_MESSAGE_SIZE,
&r_berkas_id,
&berkas_ukuran_str,
&berkas_diterima_str,
&unix_time_str
);
DEBUG4(_("Selesai mendapatkan informasi peladen."), 0);
// Ubah nilai.
double r_berkas_ukuran=0;
double r_berkas_diterima=0;
double r_unixtime=0;
if(status>0){
// Tidak menerima.
DEBUG1(
_("Tidak memahami Peladen di pecahan %1$i (Status %2$i)."),
r_identifikasi, status
);
}else{
// Ubah nilai.
r_berkas_ukuran=strtod(berkas_ukuran_str, NULL);
r_berkas_diterima=strtod(berkas_diterima_str, NULL);
r_unixtime=strtod(unix_time_str, NULL);
};
// Balasan
DEBUG2(_("Balasan: Versi: %1$i."), r_versi);
DEBUG2(_("Balasan: Identifikasi: %1$i."), r_identifikasi);
DEBUG2(_("Balasan: Panji: %1$s."), arti_panji(r_panji));
DEBUG2(_("Balasan: Paritas: %1$i."), r_paritas);
DEBUG2(_("Balasan: Status Gerbang: %1$s."), arti_status(r_status_gerbang));
DEBUG2(_("Balasan: Status Peladen: %1$s."), arti_status(r_status_peladen));
DEBUG2(_("Balasan: Identifikasi berkas: %1$s."), r_berkas_id);
DEBUG2(_("Balasan: Ukuran berkas: %1$.0f bita."), r_berkas_ukuran);
DEBUG2(_("Balasan: Berkas diterima: %1$.0f bita."), r_berkas_diterima)
DEBUG2(_("Balasan: Waktu Peladen: %1$.06f."), r_unixtime);
DEBUG1(
_("Perbedaan waktu Peladen: %1$.06f detik."),
infokancil.unixtime-r_unixtime
);
// Menyimpan.
if(r_berkas_diterima<=0){
DEBUG2(
_("Berkas terterima berukuran %1$.0f bita."), r_berkas_diterima
);
}else{
kirim->ukuran_kirim=r_berkas_diterima;
};
// Bila berkas yang diterima
// telah sama atau lebih besar dari ukuran.
if(
aturan.transferedcheck
&& r_berkas_diterima>=kirim->ukuran_berkas
){
// Pesan.
if(
(r_berkas_diterima-kirim->ukuran_berkas)
> (double)CHUNK_MESSAGE_SIZE * (aturan.parallel)
){
WARN(
_("Peladen telah menerima berkas melebihi %1$.0f bita."),
r_berkas_diterima-kirim->ukuran_berkas
);
}else if(r_berkas_diterima>kirim->ukuran_berkas){
DEBUG1(
_("Peladen telah menerima berkas melebihi %1$.0f bita."),
r_berkas_diterima-kirim->ukuran_berkas
);
}else{
DEBUG1(_("Peladen telah menerima keseluruhan berkas."), 0);
};
// Ubah nilai.
kirim->ukuran_kirim=r_berkas_diterima;
kirim->paksa_panji=STOP_FLAG;
// Keluar.
return identifikasi;
};
// Memeriksa hasil.
// Bila status gerbang atau peladen adalah NOL.
if(!r_status_gerbang || !r_status_peladen){
// Memeriksa apakah
// telah terlalu banyak melakukan percobaan.
if(kirim->coba>maksimal_coba){
FAIL(
_("Telah melakukan percobaan sebanyak %1$i kali. Berhenti."),
maksimal_coba
);
exit(EXIT_FAILURE);
}else if(!r_status_gerbang && !r_status_peladen){
WARN(
_("Gagal mengirim ke %1$s dan %2$s."),
_("Gerbang"),_("Peladen")
);
}else if(!r_status_peladen){
WARN(_("Gagal mengirim ke %1$s."),_("Peladen"));
}else{
WARN(_("Gagal mengirim ke %1$s."),_("Gerbang"));
};
// Panji Taksah.
if(r_panji==INVALID_FLAG){
// Pesan.
NOTICE(_("Panji Taksah ditemukan."), 0);
NOTICE(
_("Menunggu %1$i detik untuk mengirim ulang."),
ulang_tunggu
);
sleep(ulang_tunggu);
}else if(r_panji==START_FLAG){
// Mengunlang pengiriman
// informasi berkas.
int tunggu=ulang_tunggu;
NOTICE(_("Meminta pengiriman ulang informasi berkas."), 0);
NOTICE(_("Menunggu %1$i detik untuk mengirim ulang."), tunggu);
sleep(tunggu);
// Mengatur ulang ukuran berkas terkirim.
kirim->ukuran_kirim=0;
}else if(r_panji==INTRANSFER_FLAG){
// Meminta pengiriman ulang
// berkas berdasarkan identifikasi.
NOTICE(
_("Meminta pengiriman ulang pecahan identifikasi '%1$i'."),
r_identifikasi
);
// Mengatur ulang ukuran berkas terkirim
// sesuai dengan ukuran peladen.
kirim->ukuran_kirim=r_berkas_diterima;
};
// Mengirim ulang.
NOTICE(
_("Percobaan ke-%1$i. Mengulangi pengiriman pecahan %2$i."),
kirim->coba, r_identifikasi
);
identifikasi=r_identifikasi;
// Menambah
// percobaan pengiriman.
kirim->coba++;
}else{
/*
// Bila ukuran terterima Peladen
// lebih besar dari pada terketahui Klien.
if(r_berkas_diterima> kirim->ukuran_kirim){
// Pesan.
DEBUG2(
_("Peladen telah menerima berkas melebihi %1$.0f bita dari yang terkirim."),
r_berkas_diterima-(kirim->ukuran_berkas)
);
// Ubah isi.
kirim->ukuran_kirim=r_berkas_diterima;
};
*/
// Berhasil.
DEBUG2(_("Berhasil mengirim ke Gerbang dan Peladen."), 0);
// Menambahkan.
identifikasi++;
DEBUG2(_("Menambah identifikasi menjadi %1$i."), identifikasi);
// Bila belum selesai.
if(kirim->ukuran_kirim<=kirim->ukuran_berkas){
// Bila lebih dari spesifikasi,
// mengulangi dari NOL.
if(identifikasi>MAX_CHUNK_ID){
// Pesan.
WARN(
_("Telah melebihi maksimal identifikasi %1$i."),
MAX_CHUNK_ID
);
DEBUG1(_("Nilai identifikasi adalah %1$i."), identifikasi);
// Perkembangan.
tampil_info_progres_berkas(
PROGRES_KIRIM, kirim->berkas,
kirim->ukuran_kirim, kirim->ukuran_berkas,
ukuberkas_panjang
);
// Menambah kelompok.
kelompok_kirim++;
kirim->kelompok_kirim=kelompok_kirim;
// Pesan.
DEBUG1(
_("Menunggu %1$i detik untuk melanjutkan."),
urut_tunggu
);
DEBUG1(
_("Kelompok pecahan selanjutnya adalah '%1$i'."),
kelompok_kirim
);
// Tunggu.
sleep(urut_tunggu);
// Mengulangi identifikasi.
identifikasi=0;
};
}else{
// DEBUG1(_("Menghentikan pengulangan pengiriman."), 0);
// kirim->do_kirim=false;
};
kirim->coba=1;
};
/*
// Bila lebih dari maksimal kali kirim,
// menunggu sebanyak waktu untuk mengirim ulang.
if(kirim->urut_kali>=urut_maksimal && !urut_jangan_tunggu){
// Pesan.
WARN(
_("Telah mengirim berurutan sebanyak %1$i kali."),
kirim->urut_kali
);
// Perkembangan.
tampil_info_progres_berkas(
PROGRES_KIRIM, kirim->berkas,
kirim->ukuran_kirim, kirim->ukuran_berkas,
ukuberkas_panjang
);
// Pesan.
NOTICE(_("Menunggu %1$i detik untuk mengirim ulang."), urut_tunggu);
sleep(urut_tunggu);
kirim->urut_kali=0;
};
*/
// Memastikan nilai kelompok benar.
kirim->kelompok_kirim=kelompok_kirim;
// Mengembalikan nilai identifikasi.
return identifikasi;
// kirim->identifikasi=identifikasi;
// Mengembalikan data.
// kirim->berkas=berkas;
// if(identifikasi>3)
// kirim->do_kirim=false;
}
//加密
vlong rsa_encrypt( const vlong& plain , RSA_KEY& pubkey )
{
return rsa_encrypt(plain,pubkey.key,pubkey.modulus);
}
int rsa_oaep_encrypt(RSA_PUBLIC_KEY *key, uint8_t *message, size_t mlen, uint8_t *out, size_t outlen) {
if(key == NULL || message == NULL || out == NULL) {
return -1;
}
const size_t k = (key->bits - 1) / 8 + 1;
const size_t hlen = 32;
uint8_t seed[hlen];
uint8_t *mask;
uint8_t *em;
uint8_t *db;
bignum m_bn;
bignum c_bn;
int ret;
/* message is too long to encrypt */
if(k - 2 * hlen - 2 < mlen) {
return TOO_LONG;
}
/* output buffer is too small */
if(outlen < k) {
return TOO_SHORT;
}
/* do stuff involving the masks first, as in case of error it does not
* need to be kept secure */
if(cs_rand(seed, hlen) != 0) {
return CRYPTOGRAPHY_ERROR;
}
if((mask = malloc(k - hlen - 1)) == NULL) {
return MALLOC_FAIL;
}
/* calculate dbMask = MGF(seed, k - hLen - 1) */
mgf1_sha256(seed, hlen, k - hlen - 1, mask);
/* now initialize the string to be encrypted */
if((em = malloc(k)) == NULL) {
return MALLOC_FAIL;
}
/* from now on we have to clean up memory after any failures */
/* em[hlen:] is all DB = lhash || PS || 0x01 || M */
db = em + hlen + 1;
memcpy(db, lhash, hlen);
/* PS is a padding string of zeroes */
memset(db + hlen, 0x00, k - 2 * hlen - mlen - 2);
/* there is then one byte of value 0x01 */
db[k - 2 - hlen - mlen] = 0x01;
/* then message */
memcpy(&db[k - hlen - 1 - mlen], message, mlen);
/* now apply the mask to it */
xor_bytes(db, mask, k - hlen - 1, db);
/* now we can repurpose mask to encode the seed mask */
mgf1_sha256(db, k - hlen - 1, hlen, mask);
/* xor it into em */
xor_bytes(seed, mask, hlen, em + 1);
em[0] = 0x00;
m_bn = BN_ZERO;
c_bn = BN_ZERO;
/* now convert to a big integer */
if((ret = os2ip(&m_bn, em, k)) != 0) {
goto err;
}
/* encrypt */
if((ret = rsa_encrypt(key, &m_bn, &c_bn)) != 0) {
goto err;
}
/* convert back */
if((ret = i2osp(out, outlen, &c_bn)) != 0) {
goto err;
}
/* encryption is officially done, clean up */
ret = 0;
err:
/* free mask and em, zero seed */
zfree(mask, k - hlen - 1);
zfree(em, k - 1);
memsets(seed, 0x00, hlen);
/* free the bignums */
/* an error here is still an error as it is a possible leak of
* sensitive data */
ret = ret == 0 ? bnu_free(&m_bn) : ret;
ret = ret == 0 ? bnu_free(&c_bn) : ret;
return ret;
}
int main(int argc, char *argv[])
{
/** SET 5 CHALLENGE 33 **/
/** DH KEY EXCHANGE **/
// small int
unsigned long a, A, b, B, s1, s2;
srand(time(NULL));
dh_generate_keypair_smallint(&a, &A);
dh_generate_keypair_smallint(&b, &B);
s1 = dh_generate_session_key_smallint(a, B);
s2 = dh_generate_session_key_smallint(b, A);
printf("[s5c1] *smallint* a = %ld, A = %ld, b = %ld, B = %ld, s = %ld ?= %ld\n", a, A, b, B, s1, s2);
// bigint
BIGNUM *p, *g;
BIGNUM *ba, *bA, *bb, *bB, *bs1, *bs2;
g = BN_new();
p = BN_new();
ba = BN_new();
bA = BN_new();
bb = BN_new();
bB = BN_new();
bs1 = BN_new();
bs2 = BN_new();
unsigned char c_s1[20], c_s2[20];
unsigned int i;
dh_init(p, g);
dh_generate_keypair(ba, bA, g, p);
dh_generate_keypair(bb, bB, g, p);
dh_generate_session_key(c_s1, bs1, ba, bB, p);
dh_generate_session_key(c_s2, bs2, bb, bA, p);
printf("[s5c1] *bignum* s1 = '");
// BN_print_fp(stdout, &bs1);
for(i=0; i<20; i++)
printf("%02x", c_s1[i]);
printf("'\n[s5c1] *bignum* s2 = '");
// BN_print_fp(stdout, &bs2);
for(i=0; i<20; i++)
printf("%02x", c_s2[i]);
printf("'\n");
BN_free(ba);
BN_free(bA);
BN_free(bb);
BN_free(bB);
BN_free(bs1);
BN_free(bs2);
/** SET 5 CHALLENGE 34 **/
/** DH-KE FIXED KEY MITM **/
unsigned char c_p[1024];
unsigned char c_g[1024];
unsigned char c_A[1024];
unsigned char c_B[1024];
ba = BN_new();
bA = BN_new();
// M -> B: p, g, p
printf("[s5c2] M -> B: p, g, p\n");
dhke_initiate(c_p, c_g, c_A, ba, bA, p, g);
// M -> A: p
printf("[s5c2] M -> A: p\n");
// dhke_initiate_reply(c_B, c_p, c_g, c_A, c_s2);
dhke_initiate_reply(c_B, c_p, c_g, c_p, c_s2);
// A -> B: cmsg, iv
// dhke_initiate_finalize(c_s1, c_B, &ba, &p);
dhke_initiate_finalize(c_s1, c_p, ba, p);
printf("[s5c2] *bignum* s1 = '");
for(i=0; i<20; i++)
printf("%02x", c_s1[i]);
printf("'\n[s5c2] *bignum* s2 = '");
for(i=0; i<20; i++)
printf("%02x", c_s2[i]);
printf("'\n");
unsigned char *plain_in = "YELLOW SUBMARINE";
unsigned char p_out[128];
unsigned char c_out[128];
unsigned char iv[16];
unsigned int c_len, p_len;
c_len = dhke_session_send(c_out, iv, plain_in, 16, c_s1);
printf("[s5c2] A -> B: cmsg = '");
for(i=0; i<c_len; i++) {
printf("%02x", c_out[i]);
}
printf("', iv\n");
// perform attack as M
unsigned char m_out[128];
// M performs decryption
dhke_attack_zero_session_key(m_out, c_out, c_len, iv);
printf("[s5c2] M decrypts msg='%s'\n", m_out);
// B performs decryption
p_len = dhke_session_recv(p_out, c_out, c_len, c_s2, iv);
printf("[s5c2] B recvd: msg = '%s'\n", p_out);
BN_free(ba);
BN_free(bA);
/** SET 5 CHALLENGE 35 **/
/** DH-KE MALICIOUS G MITM **/
memset(c_g, 0, 1024);
memset(c_p, 0, 1024);
memset(c_A, 0, 1024);
memset(c_B, 0, 1024);
memset(c_out, 0, 128);
memset(m_out, 0, 128);
BIGNUM *bn1, *g2;
ba = BN_new();
bA = BN_new();
bn1 = BN_new();
g2 = BN_new();
// prepare malicious g'
// g' = 0; --> perform dhke_attack_zero_session_key()
// printf("[s5c3] M sets g' = 0\n");
// BN_zero(&g2);
// g' = p --> perform dhke_attack_zero_session_key()
// printf("[s5c3] M sets g' = p\n");
// BN_copy(&g2, &p);
// g' = p-1
printf("[s5c3] M sets and distributes g' = p-1\n");
BN_one(bn1);
BN_sub(g2, p, bn1);
// M -> B: p, g', A'
printf("[s5c3] A -> B: A'\n");
dhke_initiate(c_p, c_g, c_A, ba, bA, p, g2);
// M -> A: B'
printf("[s5c3] B -> A: B'\n");
dhke_initiate_reply(c_B, c_p, c_g, c_A, c_s2);
// A -> B: cmsg, iv
dhke_initiate_finalize(c_s1, c_B, ba, p);
c_len = dhke_session_send(c_out, iv, plain_in, 16, c_s1);
printf("[s5c3] A -> B: cmsg = '");
for(i=0; i<c_len; i++) {
printf("%02x", c_out[i]);
}
printf("', iv\n");
// M performs decryption
// use for: g' = 0, g' = p
// dhke_attack_zero_session_key(m_out, c_out, c_len, iv);
// use for g' = p-1
dhke_attack_p_1_session_key(m_out, c_out, c_len, c_A, c_B, iv);
printf("[s5c3] M decrypts msg='%s'\n", m_out);
// B performs decryption
p_len = dhke_session_recv(p_out, c_out, c_len, c_s2, iv);
printf("[s5c3] B recvd: msg = '%s'\n", p_out);
BN_free(ba);
BN_free(bA);
BN_free(bn1);
BN_free(g2);
/** SET 5 CHALLENGE 36 **/
/** SECURE REMOTE PASSWORD **/
unsigned char srp_salt[9];
unsigned char *srp_pass = "******"; // 16
unsigned char str_hash[2*SHA256_DIGEST_LENGTH+1];
unsigned char hmac_s[SHA256_DIGEST_LENGTH];
unsigned int hmac_s_len;
unsigned char hmac_c[SHA256_DIGEST_LENGTH];
unsigned int hmac_c_len;
BIGNUM *v, *sS, *cS;
v = BN_new();
ba = BN_new();
bA = BN_new();
bb = BN_new();
bB = BN_new();
cS = BN_new();
sS = BN_new();
memset(srp_salt, 0, 9);
srp_server_init(srp_salt, v, bb, bB, srp_pass, g, p);
srp_client_init(ba, bA, g, p);
// printf("server calc S\n");
srp_server_calc_session_key(str_hash, sS, bA, bb, bB, v, p);
// printf("[s5c4] server: sha256(S) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
memset(str_hash, 0, 2*SHA256_DIGEST_LENGTH+1);
srp_client_calc_session_key(str_hash, cS, srp_salt, srp_pass, ba, bA, bB, g, p);
// printf("[s5c4] client: sha256(S) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
printf("[s5c4] server: HMAC(K,Salt) = ");
for(i=0; i<hmac_s_len; i++) {
printf("%02x", hmac_s[i]);
}
printf("\n");
printf("[s5c4] client: HMAC(K,Salt) = ");
for(i=0; i<hmac_c_len; i++) {
printf("%02x", hmac_c[i]);
}
printf("\n");
if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len))
printf("[s5c4] server: Client HMAC-SHA256 successfully validated!\n");
else
printf("[s5c4] server: Client HMAC-SHA256 *NOT* validated!\n");
BN_free(v);
BN_free(ba);
BN_free(bA);
BN_free(bb);
BN_free(bB);
BN_free(cS);
BN_free(sS);
/** SET 5 CHALLENGE 37 **/
/** SRP MALICIOUS A ATTACK **/
// we're skipping the networking part here and just call the simulator
// functions from srp.c
ba = BN_new();
bA = BN_new();
bb = BN_new();
bB = BN_new();
sS = BN_new();
cS = BN_new();
v = BN_new();
srp_server_init(srp_salt, v, bb, bB, srp_pass, g, p);
srp_client_init(ba, bA, g, p);
// now modify A (bA) to be 0, N, c*N
// BN_zero(bA); // A = 0
BN_copy(bA, p); // A = N (doesn't matter if we use N, 2*N, c*N)
// send to server and let server do its calculations
srp_server_calc_session_key(str_hash, sS, bA, bb, bB, v, p);
// printf("[s5c5] server: sha256(S=0) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
// client now authenticates with HMAC_SHA256(K=SHA256(S=0), salt)
// K=SHA256(S=0)
srp_generate_salted_password_hash(cS, str_hash, "", "0");
// printf("[s5c5] client: sha256(S=0) = %s\n", str_hash);
// calc HMAC_SHA256(K, salt)
hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
printf("[s5c5] server: HMAC(K,Salt) = ");
for(i=0; i<hmac_s_len; i++) {
printf("%02x", hmac_s[i]);
}
printf("\n");
printf("[s5c5] client: HMAC(K,Salt) = ");
for(i=0; i<hmac_c_len; i++) {
printf("%02x", hmac_c[i]);
}
printf("\n");
if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len))
printf("[s5c5] server: forged client HMAC-SHA256 successfully validated!\n");
else
printf("[s5c5] server: forged client HMAC-SHA256 *NOT* validated!\n");
BN_free(ba);
BN_free(bA);
BN_free(bb);
BN_free(bB);
BN_free(sS);
BN_free(cS);
BN_free(v);
/** SET 5 CHALLENGE 38 **/
/** SSRP OFFLINE DICTIONARY ATTACK **/
BIGNUM *u, *fb, *fB;
u = BN_new();
v = BN_new();
ba = BN_new();
bA = BN_new();
bb = BN_new();
bB = BN_new();
cS = BN_new();
sS = BN_new();
fb = BN_new();
fB = BN_new();
memset(srp_salt, 0, 9*sizeof(unsigned char));
ssrp_server_init(srp_salt, v, bb, bB, u, srp_pass, g, p);
ssrp_client_init(ba, bA, g, p);
ssrp_server_calc_session_key(str_hash, sS, bA, bb, u, v, p);
// printf("[s5c6] server: sha256(S=0) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
memset(str_hash, 0, 2*SHA256_DIGEST_LENGTH);
// original settings transmitted to client
// ssrp_client_calc_session_key(str_hash, cS, srp_salt, srp_pass, ba, bB, u, p);
// forged settings transmitted to client:
// u = 1, b = 1, B=g=2, salt=""
BN_one(u);
BN_one(fb);
BN_copy(fB, g);
ssrp_client_calc_session_key(str_hash, cS, "", srp_pass, ba, fB, u, p);
// printf("[s5c6] client: sha256(S) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), "", 0);
// printf("[s5c6] server: HMAC(K,Salt) = ");
// for(i=0; i<hmac_s_len; i++) {
// printf("%02x", hmac_s[i]);
// }
// printf("\n");
printf("[s5c6] client: HMAC(K,\"\") = ");
for(i=0; i<hmac_c_len; i++) {
printf("%02x", hmac_c[i]);
}
printf("\n");
// perform offline dictionary attack
char pass[1024];
if(ssrp_dictionary_attack(pass, hmac_c, "dict.txt", bA, g, p)>0)
printf("[s5c6] Password cracked: '%s'\n", pass);
else
printf("[s5c6] Password not cracked!\n");
// if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len))
// printf("[s5c6] server: Client HMAC-SHA256 successfully validated!\n");
// else
// printf("[s5c6] server: Client HMAC-SHA256 *NOT* validated!\n");
dh_clear(p, g);
BN_free(p);
BN_free(g);
BN_free(ba);
BN_free(bA);
BN_free(bb);
BN_free(bB);
BN_free(u);
BN_free(v);
BN_free(cS);
BN_free(sS);
BN_free(fb);
BN_free(fB);
/** SET 5 CHALLENGE 39 **/
/** RSA **/
BIO *out = NULL;
out = BIO_new(BIO_s_file());
BIO_set_fp(out, stdout, BIO_NOCLOSE);
egcd_test();
inv_mod_test();
// Testing RSA core functions
rsa_key_t puk;
rsa_key_t pik;
puk.e = BN_new();
puk.n = BN_new();
pik.e = BN_new();
pik.n = BN_new();
BIGNUM *BN_plain = BN_new();
BIGNUM *BN_crypt = BN_new();
BN_hex2bn(&BN_plain, "31337");
printf("[s5c7] BN_plain = ");
BN_print(out, BN_plain);
rsa_generate_keypair(&puk, &pik, 128);
rsa_bn_encrypt(BN_crypt, BN_plain, &puk);
printf("\n[s5c7] BN_crypt = ");
BN_print(out, BN_crypt);
rsa_bn_decrypt(BN_plain, BN_crypt, &pik);
printf("\n[s5c7] BN_plain'= ");
BN_print(out, BN_plain);
printf("\n");
BN_free(BN_plain);
BN_free(BN_crypt);
// test RSA 'wrapper' funcs
unsigned char *rsa_plain_in = "Hello RSA World!";
unsigned char *rsa_crypt = NULL;
unsigned int rsa_crypt_len = 0;
unsigned char *rsa_plain_out = NULL;
unsigned int rsa_plain_len;
rsa_crypt_len = rsa_encrypt(&rsa_crypt, rsa_plain_in, 16, &puk);
rsa_plain_len = rsa_decrypt(&rsa_plain_out, rsa_crypt, rsa_crypt_len, &pik);
//rsa_plain_out[rsa_plain_len-1] = 0;
printf("[s5c7] Encrypting '%s' using RSA...\n[s5c7] RSA crypted: '", rsa_plain_in);
for(i=0; i<rsa_crypt_len; i++) {
printf("%02x", rsa_crypt[i]);
}
printf("'\n[s5c7] RSA decrypted: '%s'\n", rsa_plain_out);
free(rsa_crypt);
free(rsa_plain_out);
/** SET 5 CHALLENGE 40 **/
/** RSA E=3 BROADCAST ATTACK (CRT) **/
// test chinese remainder theorem impl.
crt_test();
// test n-th root impl.
nthroot_test();
// let's do "the real thing"
rsa_broadcast_attack_test();
BN_free(puk.e);
BN_free(puk.n);
BN_free(pik.e);
BN_free(pik.n);
BIO_free(out);
return 0;
}
int raopcl_connect(raopcl_t *p, char *host,u_int16_t destport)
{
u_int8_t buf[4+8+16];
char sid[16];
char sci[24];
char *sac=NULL,*key=NULL,*iv=NULL;
char sdp[1024];
int rval=-1;
key_data_t *setup_kd=NULL;
char *aj, *token, *pc;
const char delimiters[] = ";";
u_int8_t rsakey[512];
int i;
raopcl_data_t *raopcld;
if(!p) return -1;
raopcld=(raopcl_data_t *)p;
RAND_bytes(buf, sizeof(buf));
sprintf(sid, "%d", *((u_int32_t*)buf));
sprintf(sci, "%08x%08x",*((u_int32_t*)(buf+4)),*((u_int32_t*)(buf+8)));
base64_encode(buf+12,16,&sac);
if(!(raopcld->rtspcl=rtspcl_open())) goto erexit;
if(rtspcl_set_useragent(raopcld->rtspcl,"iTunes/4.6 (Macintosh; U; PPC Mac OS X 10.3)")) goto erexit;
if(rtspcl_add_exthds(raopcld->rtspcl,"Client-Instance", sci)) goto erexit;
if(rtspcl_connect(raopcld->rtspcl, host, destport, sid)) goto erexit;
i=rsa_encrypt(raopcld->key,16,rsakey);
base64_encode(rsakey,i,&key);
remove_char_from_string(key,'=');
base64_encode(raopcld->iv,16,&iv);
remove_char_from_string(iv,'=');
sprintf(sdp,
"v=0\r\n"
"o=iTunes %s 0 IN IP4 %s\r\n"
"s=iTunes\r\n"
"c=IN IP4 %s\r\n"
"t=0 0\r\n"
"m=audio 0 RTP/AVP 96\r\n"
"a=rtpmap:96 AppleLossless\r\n"
"a=fmtp:96 4096 0 16 40 10 14 2 255 0 0 44100\r\n"
"a=rsaaeskey:%s\r\n"
"a=aesiv:%s\r\n",
sid, rtspcl_local_ip(raopcld->rtspcl), host, key, iv);
remove_char_from_string(sac,'=');
if(rtspcl_add_exthds(raopcld->rtspcl, "Apple-Challenge", sac)) goto erexit;
if(rtspcl_annouce_sdp(raopcld->rtspcl, sdp)) goto erexit;
if(rtspcl_mark_del_exthds(raopcld->rtspcl, "Apple-Challenge")) goto erexit;
if(rtspcl_setup(raopcld->rtspcl, &setup_kd)) goto erexit;
if(!(aj=kd_lookup(setup_kd,"Audio-Jack-Status"))) {
ERRMSG("%s: Audio-Jack-Status is missing\n",__func__);
goto erexit;
}
token=strtok(aj,delimiters);
while(token){
if((pc=strstr(token,"="))){
*pc=0;
if(!strcmp(token,"type") && !strcmp(pc+1,"digital")){
raopcld->ajtype=JACK_TYPE_DIGITAL;
}
}else{
if(!strcmp(token,"connected")){
raopcld->ajstatus=JACK_STATUS_CONNECTED;
}
}
token=strtok(NULL,delimiters);
}
if(rtspcl_record(raopcld->rtspcl)) goto erexit;
// keep host address and port information
if(realloc_memory((void**)&raopcld->addr,strlen(host)+1,__func__)) goto erexit;
strcpy(raopcld->addr,host);
raopcld->rtsp_port=destport;
if(raopcl_stream_connect(raopcld)) goto erexit;
rval=0;
erexit:
if(sac) free(sac);
if(key) free(key);
if(iv) free(iv);
free_kd(setup_kd);
return rval;
}
int main(int argc, char *argv[]) {
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
opterr = 0;
char *key = NULL;
char *infile = NULL;
char *outfile = NULL;
char *host = NULL;
int encrypt = 0;
int decrypt = 0;
int c = 0;
int size = 0;
while ((c = getopt (argc, argv, "he:d:i:o:H:")) != -1)
switch (c)
{
case 'e':
encrypt = 1;
key = optarg;
break;
case 'd':
decrypt = 1;
key = optarg;
break;
case 'i':
infile = optarg;
break;
case 'o':
outfile = optarg;
break;
case 'H':
encrypt = 1;
host = optarg;
break;
case 'h':
usage();
exit(1);
default:
printf("ERROR: Unknown option '-%c'\n", optopt);
usage();
exit(1);
}
if(host){
key = get_host_pubkey(host);
if(!key){
fprintf(stderr,"ERROR: Unable to locate public key for host %s\n",host);
exit(1);
}
}
if(encrypt > 0 && key && infile && outfile){
size = rsa_encrypt(key, infile, outfile);
if(size < 0)
exit(1);
}else if(decrypt > 0 && key && infile && outfile){
size = rsa_decrypt(key, infile, outfile);
if(size < 0)
exit(1);
}else{
usage();
exit(1);
}
exit(0);
}
void rsa_decrypt(BIGNUM* m, const BIGNUM* e, const BIGNUM* n) {
rsa_encrypt(m, e, n);
}
int main(int argc, char ** argv) {
int ec_fifo, ce_fifo, es_fifo, se_fifo;
FILE* fp;
ssize_t msg_size;
uint8_t *buff;
char client_nm[NM_LENGTH], client_nm_tmp[NM_LENGTH];
uint8_t rsa_tmp[RSA_LENGTH], rsa_tmp2[RSA_LENGTH];
BIGNUM /**bn_n, *bn_d,*/ *bn_client_e, *bn_client_n, *bn_r;
char client_cipher_suite;
uint8_t sym_id, hash_id, public_id;
uint8_t k[K_SIZE] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1};
int i, done;
int k_len, c_hex_len, c_len;
uint8_t g[HASH_LENGTH], g1[HASH_LENGTH];
uint8_t c[MSG_SIZE_MAX];
unsigned int tmp;
assert(K_SIZE == 8);
bn_client_e = BN_new();
bn_client_n = BN_new();
bn_r = BN_new();
/* Mandatory arguments */
if (!argv[1] || !argv[2] || !argv[3] || !argv[4] ||
!argv[1] || !argv[2] || !argv[3] || !argv[4]) {
fprintf(stderr, "%s [server->eve fifo] [eve->server fifo] [eve->client fifo] [client->eve fifo]\n", argv[0]);
exit(1);
}
se_fifo = open_channel(argv[1]);
es_fifo = open_channel(argv[2]);
ec_fifo = open_fifo(argv[3]);
ce_fifo = open_fifo(argv[4]);
/* wait real client to connect */
fprintf(stderr,"(E) Waiting connection...\n");
if (wait_connection(ce_fifo) < 0) {
fprintf(stderr,"(E) Communication error...\n");
goto next;
}
/* connect to server */
write_msg(es_fifo, (const u_int8_t *)CONNECTION_STRING, strlen(CONNECTION_STRING));
forward_string(se_fifo, ec_fifo, OK_STRING);
/* Server authentication */
/* client challange */
forward_msg(ce_fifo, es_fifo);
/* server response to challange */
forward_msg(se_fifo, ec_fifo);
/* Client authentication */
/* Client name */
msg_size = forward_msg_read(ce_fifo, es_fifo, &buff);
/* vvvv copy-paste from server vvvv */
buff[msg_size] = '\0';
strncpy((char *)client_nm, (const char *) buff, NM_LENGTH);
/* EXTRACT from (names[],c_puk[],n[]) the pair (c_puk[i],n[i]) where names[i] = nm */
if ((fp = fopen("server_folder/clients_rsa64_public_keys.txt", "r")) == NULL) {
fprintf(stderr, "Error while getting clients RSA public keys...\n");
goto next;
}
done = 0;
while (!feof(fp)) {
fscanf(fp, "%129s %129s %129s", client_nm_tmp, rsa_tmp, rsa_tmp2);
if (strcmp(client_nm_tmp, client_nm) == 0) {
done = 1;
break;
}
}
if (done == 0) {
fprintf(stderr, "Error: unrecognized client\n");
goto next;
}
fclose(fp);
BN_hex2bn(&bn_client_n, (const char *) rsa_tmp);
BN_hex2bn(&bn_client_e, (const char *) rsa_tmp2);
/* ^^^^ copy-paste from server ^^^^ */
/* now I know client name and pub key */
/* server challange */
forward_msg(se_fifo, ec_fifo);
/* client response */
forward_msg(ce_fifo, es_fifo);
/* Negotiation of the cipher suite */
/* cipher suite c -> s */
forward_msg_read(ce_fifo, es_fifo, &buff);
/* vvvv copy-paste from server vvvv */
client_cipher_suite = buff[0];
cipher_suite_table(client_cipher_suite, &sym_id, &hash_id, &public_id);
/* ^^^^ copy-paste from server ^^^^ */
/* Negotiation of the private key */
/* k already set as an arbitrary key */
/* vvvv copy-paste from server vvvv */
if (sym_id == 1) {
k_len = 3;
}
else {
k_len = K_SIZE;
}
BN_bin2bn(k, k_len, bn_r);
/* If we're using RSA512 read the correct key (we have the 64bit one) */
if (public_id == 6) {
if ((fp = fopen("server_folder/clients_rsa512_public_keys.txt", "r")) == NULL) {
fprintf(stderr, "Error while getting clients RSA public keys...\n");
goto next;
}
done = 0;
while (!feof(fp)) {
fscanf(fp, "%129s %129s %129s", client_nm_tmp, rsa_tmp, rsa_tmp2);
if (strcmp(client_nm_tmp, client_nm) == 0) {
done = 1;
break;
}
}
if (done == 0) {
fprintf(stderr, "Error: unrecognized client\n");
goto next;
}
fclose(fp);
BN_hex2bn(&bn_client_n, (const char *) rsa_tmp);
BN_hex2bn(&bn_client_e, (const char *) rsa_tmp2);
}
/* ENCRYPT key */
rsa_encrypt(bn_r, bn_client_e, bn_client_n);
/* WRITE encrypted k to C */
buff = (uint8_t *) BN_bn2hex(bn_r);
if ((write_msg(ec_fifo, buff, strlen((char *) buff))) < 0) {
fprintf(stderr, "Error while sending C to the client...\n");
goto next;
}
OPENSSL_free(buff);
/* Encrypted communication */
if ((msg_size = read_msg(ce_fifo,&buff)) < 0) {
fprintf(stderr, "Error while reading message from the client...\n");
goto next;
}
c_hex_len = msg_size - HASH_LENGTH * 2;
if (c_hex_len <= 0) {
fprintf(stderr, "Error, malformed message...\n");
goto next;
}
c_len = c_hex_len / 2;
for (i=0; i<msg_size; i+=2) {
if (i < c_hex_len) {
sscanf((char *) (buff+i), "%02x", &tmp);
c[i/2] = (uint8_t) tmp;
}
else {
sscanf((char *) (buff+i), "%02x", &tmp);
g[(i - c_hex_len) / 2] = (uint8_t) tmp;
}
}
/* Decrypt C */
decrypt(sym_id, c, c_len, k);
/* COMPUTE G' = H(M) */
sponge_hash(c, c_len, g1);
c[c_len] = '\0';
/* CHECK G' = G */
done = 1;
for (i=0; i<HASH_LENGTH; i++) {
if (g[i] != g1[i]) {
done = 0;
}
}
/* If the check fails print error message */
if (done == 0) {
if ((write_msg(ec_fifo, (uint8_t *) CORRUPTED_STRING, strlen(CORRUPTED_STRING))) < 0) {
fprintf(stderr, "Error while writing to the client...\n");
goto next;
}
}
/* PUT M' on a file */
if ((fp = fopen("eve_folder/received_messages.txt", "a+")) == NULL) {
fprintf(stderr, "Error while saving message...\n");
fclose(fp);
goto next;
}
fprintf(fp, "%s", c);
fflush(stdout);
fprintf(stdout, "MESSAGGIO SEGRETO >>>%s<<< FINE MESSAGGIO SEGRETO\n", c);
fflush(stdout);
fclose(fp);
/* WRITE ok message to C */
if ((write_msg(ec_fifo, (uint8_t *) DECRYPTED_STRING, strlen(DECRYPTED_STRING))) < 0) {
fprintf(stderr, "Error while writing C to the client...\n");
goto next;
}
/* ^^^^ copy-paste from server ^^^^ */
next:
/*close_channels ...!*/
BN_free(bn_client_n);
BN_free(bn_client_e);
BN_free(bn_r);
exit(0);
}
int
main(int argc, char **argv)
{
struct rsa_session ctx;
struct rsa_session_info info;
struct rsa_public_key key;
mpz_t x;
int c;
const char *random_name = NULL;
enum { OPT_HELP = 300 };
static const struct option options[] =
{
/* Name, args, flag, val */
{ "help", no_argument, NULL, OPT_HELP },
{ "random", required_argument, NULL, 'r' },
{ NULL, 0, NULL, 0}
};
while ( (c = getopt_long(argc, argv, "o:r:", options, NULL)) != -1)
switch (c)
{
case 'r':
random_name = optarg;
break;
case '?':
return EXIT_FAILURE;
case OPT_HELP:
usage(stdout);
return EXIT_SUCCESS;
default:
abort();
}
argv += optind;
argc -= optind;
if (argc != 1)
{
usage (stderr);
return EXIT_FAILURE;
}
rsa_public_key_init(&key);
if (!read_rsa_key(argv[0], &key, NULL))
{
werror("Invalid key\n");
return EXIT_FAILURE;
}
/* NOTE: No sources */
yarrow256_init(&ctx.yarrow, 0, NULL);
/* Read some data to seed the generator */
if (!simple_random(&ctx.yarrow, random_name))
{
werror("Initialization of randomness generator failed.\n");
return EXIT_FAILURE;
}
WRITE_UINT32(SESSION_VERSION(&info), RSA_VERSION);
yarrow256_random(&ctx.yarrow, sizeof(info.key) - 4, info.key + 4);
rsa_session_set_encrypt_key(&ctx, &info);
#ifdef WIN32
_setmode(0, O_BINARY);
_setmode(1, O_BINARY);
#endif
write_version(stdout);
mpz_init(x);
if (!rsa_encrypt(&key,
&ctx.yarrow, (nettle_random_func *) yarrow256_random,
sizeof(info.key), info.key,
x))
{
werror("RSA encryption failed.\n");
return EXIT_FAILURE;
}
write_bignum(stdout, x);
mpz_clear (x);
if (!process_file(&ctx,
stdin, stdout))
return EXIT_FAILURE;
rsa_public_key_clear(&key);
return EXIT_SUCCESS;
}
int main(){
LCLIB_CTX lclib_ctx;
unsigned char data1[13];
unsigned char *data=NULL;
unsigned long int datLen=13;
//unsigned char s1[BSIZE/8];
//unsigned char s2[BSIZE/8];
//unsigned long int l1=BSIZE/8;
//unsigned long int l2=BSIZE/8;
int i;
unsigned char *N,*d,*e;
struct timeval tvs,tve,tvd;
struct timezone tz;
/*
r=open("/dev/urandom",O_RDONLY);
i=read(r,s1,BSIZE/8);
i=read(r,s2,BSIZE/8);
*/
memcpy(data1,"abcdef0123456",13);
printf("clear text\n");
for(i=0;i<13;i++)
printf("%x",data1[i]);
printf("\n\n");
rsa_init(&lclib_ctx,BSIZE);
data=rsa_alloc(&lclib_ctx,data1,13);
if(data==NULL){
printf("unable to alloc\n");
exit(0);
}
gettimeofday(&tvs,&tz);
printf("calculating %d bit rsa key pair\n",BSIZE);
//i=rsa_genkeys(&lclib_ctx,s1,l1,s2,l2);
i=rsa_genkeys_internal(&lclib_ctx);
gettimeofday(&tve,&tz);
i=rsa_encrypt(&lclib_ctx,data,&datLen);
printf("->%d\n",i);
printf("encrypted data\n");
for(i=0;i<BSIZE/8;i++)
printf("%x",data[i]);
printf("\n\n");
i=rsa_decrypt(&lclib_ctx,data,&datLen);
printf("->%d\n",i);
printf("decrypted / clear text\n");
for(i=0;i<(int)datLen;i++)
printf("%x",data[i]);
printf("\n");
tvd.tv_sec=tve.tv_sec - tvs.tv_sec;
printf("time taken to generate a %d bit key was %ld \
seconds\n",BSIZE,tvd.tv_sec);
printf("bnBits=%u\n",bnBits(&lclib_ctx.rsa_ctx.e));
rsa_extractkeys(&lclib_ctx,&N,&d,&e);
printf("N=\n");
for(i=0;i<(int)lclib_ctx.rsa_ctx.bits/8;i++)
printf("%x",N[i]);
printf("\n");
printf("d=\n");
for(i=0;i<(int)lclib_ctx.rsa_ctx.bits/8;i++)
printf("%x",d[i]);
printf("\n");
printf("e=\n");
for(i=0;i<(int)lclib_ctx.rsa_ctx.bits/8;i++)
printf("%x",e[i]);
printf("\n");
rsa_setkeys(&lclib_ctx,N,d,e);
/*
rsa_encrypt(&lclib_ctx,data,&datLen);
printf("encrypted data\n");
for(i=0;i<BSIZE/8;i++)
printf("%x",data[i]);
printf("\n\n");
rsa_decrypt(&lclib_ctx,data,&datLen);
printf("decrypted / clear text\n");
for(i=0;i<(int)datLen;i++)
printf("%x",data[i]);
printf("\n");
*/
rsa_sign(&lclib_ctx,data,&datLen);
printf("\nsigned data\n");
for(i=0;i<BSIZE/8;i++)
printf("%x",data[i]);
printf("\n\n");
rsa_verify(&lclib_ctx,data,&datLen);
printf("clear text\n");
for(i=0;i<(int)datLen;i++)
printf("%x",data[i]);
printf("\n");
rsa_freekeys(&lclib_ctx,&N,&d,&e);
lclib_end(&lclib_ctx);
rsa_free(data);
return 0;
}
