void test_crypto (enum transform which) { u_int8_t buf[256]; struct crypto_xf *xf; struct keystate *ks; enum cryptoerr err; xf = crypto_get (which); printf ("Testing %s: ", xf->name); SET_KEY (buf, xf->keymax); ks = crypto_init (xf, buf, xf->keymax, &err); if (!ks) { printf ("FAILED (init %d)", err); goto fail; } SET_KEY (buf, sizeof (buf)); crypto_init_iv (ks, buf, xf->blocksize); crypto_encrypt (ks, buf, sizeof (buf)); dump_buf (buf, sizeof buf); crypto_decrypt (ks, buf, sizeof (buf)); if (!verify_buf (buf, sizeof (buf))) printf ("FAILED "); else printf ("OKAY "); free (ks); fail: printf ("\n"); return; }
void special_test_blf (void) { u_int8_t *akey = "0123456789ABCDEFF0E1D2C3B4A59687"; u_int8_t *aiv = "FEDCBA9876543210"; u_int8_t data[] = "7654321 Now is the time for \0\0\0"; /* len 29 */ u_int8_t *acipher = "6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CCE7"; u_int8_t key[16], cipher[32], iv[8]; struct crypto_xf *xf; struct keystate *ks; enum cryptoerr err; int i; asc2bin (key, akey, strlen (akey)); asc2bin (iv, aiv, strlen (aiv)); asc2bin (cipher, acipher, 64); xf = crypto_get (BLOWFISH_CBC); printf ("Special Test-Case %s: ", xf->name); ks = crypto_init (xf, key, 16, &err); if (!ks) { printf ("FAILED (init %d)", err); goto fail; } crypto_init_iv (ks, iv, xf->blocksize); crypto_encrypt (ks, data, 32); for (i = 0; i < 32; i++) if (data[i] != cipher[i]) break; if (i < 32) printf ("FAILED "); else printf ("OKAY "); free (ks); fail: printf ("\n"); return; }
/* * Compute DH values and key material. This is done in a post-send function * as that means we can do parallel work in both the initiator and responder * thus speeding up exchanges. */ int ike_phase_1_post_exchange_KE_NONCE (struct message *msg) { struct exchange *exchange = msg->exchange; struct ipsec_exch *ie = exchange->data; struct prf *prf; struct hash *hash = ie->hash; enum cryptoerr err; /* Compute Diffie-Hellman shared value. */ ie->g_xy = malloc (ie->g_x_len); if (!ie->g_xy) { /* XXX How to notify peer? */ log_error ("ike_phase_1_post_exchange_KE_NONCE: malloc (%lu) failed", (unsigned long)ie->g_x_len); return -1; } if (dh_create_shared (ie->group, ie->g_xy, exchange->initiator ? ie->g_xr : ie->g_xi)) { log_print ("ike_phase_1_post_exchange_KE_NONCE: " "dh_create_shared failed"); return -1; } LOG_DBG_BUF ((LOG_NEGOTIATION, 80, "ike_phase_1_post_exchange_KE_NONCE: g^xy", ie->g_xy, ie->g_x_len)); /* Compute the SKEYID depending on the authentication method. */ ie->skeyid = ie->ike_auth->gen_skeyid (exchange, &ie->skeyid_len); if (!ie->skeyid) { /* XXX Log and teardown? */ return -1; } LOG_DBG_BUF ((LOG_NEGOTIATION, 80, "ike_phase_1_post_exchange_KE_NONCE: SKEYID", ie->skeyid, ie->skeyid_len)); /* SKEYID_d. */ ie->skeyid_d = malloc (ie->skeyid_len); if (!ie->skeyid_d) { /* XXX How to notify peer? */ log_error ("ike_phase_1_post_exchange_KE_NONCE: malloc (%lu) failed", (unsigned long)ie->skeyid_len); return -1; } prf = prf_alloc (ie->prf_type, hash->type, ie->skeyid, ie->skeyid_len); if (!prf) { /* XXX Log and teardown? */ return -1; } prf->Init (prf->prfctx); prf->Update (prf->prfctx, ie->g_xy, ie->g_x_len); prf->Update (prf->prfctx, exchange->cookies, ISAKMP_HDR_COOKIES_LEN); prf->Update (prf->prfctx, (unsigned char *)"\0", 1); prf->Final (ie->skeyid_d, prf->prfctx); LOG_DBG_BUF ((LOG_NEGOTIATION, 80, "ike_phase_1_post_exchange_KE_NONCE: SKEYID_d", ie->skeyid_d, ie->skeyid_len)); /* SKEYID_a. */ ie->skeyid_a = malloc (ie->skeyid_len); if (!ie->skeyid_a) { log_error ("ike_phase_1_post_exchange_KE_NONCE: malloc (%lu) failed", (unsigned long)ie->skeyid_len); prf_free (prf); return -1; } prf->Init (prf->prfctx); prf->Update (prf->prfctx, ie->skeyid_d, ie->skeyid_len); prf->Update (prf->prfctx, ie->g_xy, ie->g_x_len); prf->Update (prf->prfctx, exchange->cookies, ISAKMP_HDR_COOKIES_LEN); prf->Update (prf->prfctx, (unsigned char *)"\1", 1); prf->Final (ie->skeyid_a, prf->prfctx); LOG_DBG_BUF ((LOG_NEGOTIATION, 80, "ike_phase_1_post_exchange_KE_NONCE: SKEYID_a", ie->skeyid_a, ie->skeyid_len)); /* SKEYID_e. */ ie->skeyid_e = malloc (ie->skeyid_len); if (!ie->skeyid_e) { /* XXX How to notify peer? */ log_error ("ike_phase_1_post_exchange_KE_NONCE: malloc (%lu) failed", (unsigned long)ie->skeyid_len); prf_free (prf); return -1; } prf->Init (prf->prfctx); prf->Update (prf->prfctx, ie->skeyid_a, ie->skeyid_len); prf->Update (prf->prfctx, ie->g_xy, ie->g_x_len); prf->Update (prf->prfctx, exchange->cookies, ISAKMP_HDR_COOKIES_LEN); prf->Update (prf->prfctx, (unsigned char *)"\2", 1); prf->Final (ie->skeyid_e, prf->prfctx); prf_free (prf); LOG_DBG_BUF ((LOG_NEGOTIATION, 80, "ike_phase_1_post_exchange_KE_NONCE: SKEYID_e", ie->skeyid_e, ie->skeyid_len)); /* Key length determination. */ if (!exchange->key_length) exchange->key_length = exchange->crypto->keymax; /* Derive a longer key from skeyid_e */ if (ie->skeyid_len < exchange->key_length) { u_int16_t len, keylen; u_int8_t *key, *p; prf = prf_alloc (ie->prf_type, hash->type, ie->skeyid_e, ie->skeyid_len); if (!prf) { /* XXX - notify peer */ return -1; } /* Make keylen a multiple of prf->blocksize */ keylen = exchange->key_length; if (keylen % prf->blocksize) keylen += prf->blocksize - (keylen % prf->blocksize); key = malloc (keylen); if (!key) { /* XXX - Notify peer. */ log_error ("ike_phase_1_post_exchange_KE_NONCE: malloc (%d) failed", keylen); return -1; } prf->Init (prf->prfctx); prf->Update (prf->prfctx, (unsigned char *)"\0", 1); prf->Final (key, prf->prfctx); for (len = prf->blocksize, p = key; len < exchange->key_length; len += prf->blocksize, p += prf->blocksize) { prf->Init (prf->prfctx); prf->Update (prf->prfctx, p, prf->blocksize); prf->Final (p + prf->blocksize, prf->prfctx); } prf_free (prf); /* Setup our keystate using the derived encryption key. */ exchange->keystate = crypto_init (exchange->crypto, key, exchange->key_length, &err); free (key); } else /* Setup our keystate using the raw skeyid_e. */ exchange->keystate = crypto_init (exchange->crypto, ie->skeyid_e, exchange->key_length, &err); /* Special handling for DES weak keys. */ if (!exchange->keystate && err == EWEAKKEY && (exchange->key_length << 1) <= ie->skeyid_len) { log_print ("ike_phase_1_post_exchange_KE_NONCE: " "weak key, trying subseq. skeyid_e"); exchange->keystate = crypto_init (exchange->crypto, ie->skeyid_e + exchange->key_length, exchange->key_length, &err); } if (!exchange->keystate) { log_print ("ike_phase_1_post_exchange_KE_NONCE: " "exchange->crypto->init () failed: %d", err); /* * XXX We really need to know if problems are of transient nature * or fatal (like failed assertions etc.) */ return -1; } /* Setup IV. XXX Only for CBC transforms, no? */ hash->Init (hash->ctx); hash->Update (hash->ctx, ie->g_xi, ie->g_x_len); hash->Update (hash->ctx, ie->g_xr, ie->g_x_len); hash->Final (hash->digest, hash->ctx); crypto_init_iv (exchange->keystate, hash->digest, exchange->crypto->blocksize); return 0; }
static struct data *_get( const void *buf, size_t len ) { struct data *object_interface = & _interface; FILE *fp = NULL; long sizeof_png = 0; #ifdef HAVE_VIDEO const int W = VIDEO_FORMATS[0].width; const int H = VIDEO_FORMATS[0].height; #else const int W = DEFAULT_VIDEO_WIDTH; const int H = DEFAULT_VIDEO_HEIGHT; #endif #ifdef HAVE_TIMESTAMP static const char *TIME_FORMAT = "%y-%m-%d_%I:%M:%S%p"; // "2013-11-11 6:06:24PM" is 21 characters char tbuf[32]; const time_t ctime = time(NULL); struct tm ltime; localtime_r( &ctime, <ime ); if( strftime( tbuf, 32, TIME_FORMAT, <ime ) == 0 ) warnx( "strftime failed" ); #endif printf( "%s( %p, %ld )\n", __func__, buf, len ); #ifdef HAVE_CRYPTO crypto_init_iv( buf, len ); // currently entire Get payload is IV. #endif #ifdef HAVE_VIDEO if( _vci->snap( _vci, &_sizeof_vid_buffer, (uint8_t**)&_vid_buffer ) ) { warnx( "failed snapshot" ); return NULL; } yuyv2rgb( (const uint16_t *)_vid_buffer, W, H, _obj_buffer ); #else // Write "snow" into the raster line buffer. for(int i = 0; i < _sizeof_obj_buffer; i++ ) { _obj_buffer[i] = (uint8_t)( rand() % 256 ); } #endif #ifdef HAVE_TIMESTAMP _overlay_time_rgb( tbuf, _obj_buffer + ((H-charcell_height-2)*W + 2)*_samples_per_dcs_pixel, // assuming 8x17 W*_samples_per_dcs_pixel /* stride */); #endif fp = tmpfile(); if( NULL == fp ) { warn( "failed creating tmpfile" ); return NULL; } png_write( fp, _obj_buffer, W, H, "", _samples_per_dcs_pixel ); sizeof_png = ftell( fp ); _sizeof_obj // may be > sizeof_png... #ifdef HAVE_CRYPTO = crypto_sizeof_ciphertext( sizeof_png ); #else = sizeof_png;