static int ikev2_build_ker(struct ikev2_responder_data *data,
struct wpabuf *msg, u8 next_payload)
{
struct ikev2_payload_hdr *phdr;
size_t plen;
struct wpabuf *pv;
wpa_printf(MSG_DEBUG, "IKEV2: Adding KEr payload");
pv = dh_init(data->dh, &data->r_dh_private);
if (pv == NULL) {
wpa_printf(MSG_DEBUG, "IKEV2: Failed to initialize DH");
return -1;
}
/* KEr - RFC 4306, Sect. 3.4 */
phdr = wpabuf_put(msg, sizeof(*phdr));
phdr->next_payload = next_payload;
phdr->flags = 0;
wpabuf_put_be16(msg, data->proposal.dh); /* DH Group # */
wpabuf_put(msg, 2); /* RESERVED */
/*
* RFC 4306, Sect. 3.4: possible zero padding for public value to
* match the length of the prime.
*/
wpabuf_put(msg, data->dh->prime_len - wpabuf_len(pv));
wpabuf_put_buf(msg, pv);
wpabuf_free(pv);
plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr;
WPA_PUT_BE16(phdr->payload_length, plen);
return 0;
}
int wps_build_public_key(struct wps_data *wps, struct wpabuf *msg)
{
struct wpabuf *pubkey;
wpa_printf(MSG_DEBUG, "WPS: * Public Key");
pubkey = dh_init(dh_groups_get(WPS_DH_GROUP), &wps->dh_privkey);
pubkey = wpabuf_zeropad(pubkey, 192);
if (pubkey == NULL) {
wpa_printf(MSG_DEBUG, "WPS: Failed to initialize "
"Diffie-Hellman handshake");
return -1;
}
wpabuf_put_be16(msg, ATTR_PUBLIC_KEY);
wpabuf_put_be16(msg, wpabuf_len(pubkey));
wpabuf_put_buf(msg, pubkey);
if (wps->registrar) {
wpabuf_free(wps->dh_pubkey_r);
wps->dh_pubkey_r = pubkey;
} else {
wpabuf_free(wps->dh_pubkey_e);
wps->dh_pubkey_e = pubkey;
}
return 0;
}
void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
{
*publ = dh_init(dh_groups_get(5), priv);
if (*publ == 0)
return NULL;
return (void *) 1;
}
/*
* Initialise DH for a server-supplied group.
*/
void *dh_setup_gex(Bignum pval, Bignum gval)
{
struct dh_ctx *ctx = snew(struct dh_ctx);
ctx->p = copybn(pval);
ctx->g = copybn(gval);
dh_init(ctx);
return ctx;
}
/*
* Initialise DH for a standard group.
*/
void *dh_setup_group(const struct ssh_kex *kex)
{
struct dh_ctx *ctx = snew(struct dh_ctx);
ctx->p = bignum_from_bytes(kex->pdata, kex->plen);
ctx->g = bignum_from_bytes(kex->gdata, kex->glen);
dh_init(ctx);
return ctx;
}
/*
* Initialise DH for a standard group.
*/
void *dh_setup_group(const struct ssh_kex *kex)
{
const struct dh_extra *extra = (const struct dh_extra *)kex->extra;
struct dh_ctx *ctx = snew(struct dh_ctx);
ctx->p = bignum_from_bytes(extra->pdata, extra->plen);
ctx->g = bignum_from_bytes(extra->gdata, extra->glen);
dh_init(ctx);
return ctx;
}
int evrb_crypto_init()
{
#ifdef USE_SRTP
int i=0;
if(i=srtp_init()) {
fprintf(stderr,"srtp_init() return %i\n",i);
return -1;
}
#endif
dh_init();
return 0;
}
int hostapd_wps_start_oob(struct hostapd_data *hapd, char *device_type,
char *path, char *method, char *name)
{
struct wps_context *wps = hapd->wps;
struct oob_device_data *oob_dev;
oob_dev = wps_get_oob_device(device_type);
if (oob_dev == NULL)
return -1;
oob_dev->device_path = path;
oob_dev->device_name = name;
wps->oob_conf.oob_method = wps_get_oob_method(method);
if (wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_R) {
/*
* Use pre-configured DH keys in order to be able to write the
* key hash into the OOB file.
*/
wpabuf_free(wps->dh_pubkey);
wpabuf_free(wps->dh_privkey);
wps->dh_privkey = NULL;
wps->dh_pubkey = dh_init(dh_groups_get(WPS_DH_GROUP),
&wps->dh_privkey);
wps->dh_pubkey = wpabuf_zeropad(wps->dh_pubkey, 192);
if (wps->dh_pubkey == NULL) {
wpa_printf(MSG_ERROR, "WPS: Failed to initialize "
"Diffie-Hellman handshake");
return -1;
}
}
if (wps_process_oob(wps, oob_dev, 1) < 0)
goto error;
if ((wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_E ||
wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_R) &&
hostapd_wps_add_pin(hapd, NULL, "any",
wpabuf_head(wps->oob_conf.dev_password), 0) <
0)
goto error;
return 0;
error:
wpabuf_free(wps->dh_pubkey);
wps->dh_pubkey = NULL;
wpabuf_free(wps->dh_privkey);
wps->dh_privkey = NULL;
return -1;
}
constraint::constraint(sudoku& puzzle) : n(puzzle.getN()), p(puzzle.getP()), q(puzzle.getQ())
{
rows_init(puzzle);
setColumns();
setBlocks();
domain_init();
if(tokenReader::lcv) {
lcv_init();
}
if(tokenReader::dh) {
dh_init();
}
if(tokenReader::mrv) {
mrv_init();
}
solution_init();
}
int main(int argc, char **argv)
{
int fd;
Elf *e;
lock_descr_t *lock_tab = NULL;
int nb_entry = 0;
if (argc < 3)
errx ( EXIT_FAILURE , " usage : %s file_name section_name1 [sct_name2 ...]" , argv [0]);
char *elf = argv[1];
/* Init and open of the elf file */
if ( elf_version ( EV_CURRENT ) == EV_NONE )
errx ( EXIT_FAILURE , " ELF library initialization failed : %s." , elf_errmsg ( -1));
if (( fd = open ( elf , O_RDONLY , 0)) < 0)
errx ( EXIT_FAILURE , " open \" %s \" failed " , elf);
if (( e = elf_begin ( fd , ELF_C_READ , NULL )) == NULL )
errx ( EXIT_FAILURE , " elf_begin () failed : %s.", elf_errmsg ( -1));
if ( elf_kind ( e ) != ELF_K_ELF )
errx ( EXIT_FAILURE , " %s is not an ELF object.", elf);
/* init debug helper */
debug_helper_t *dh = dh_init(elf);
int i;
for (i=2 ; i<argc ; i++) {
extract_lock_descr(e, argv[i], &lock_tab, &nb_entry);
get_dwarf_location(dh, lock_tab, nb_entry);
printf("%s:\n", argv[i]);
print_lock_descr(lock_tab, nb_entry);
printf("\n");
free(lock_tab);
lock_tab = NULL;
nb_entry = 0;
}
/* close */
dh_free(dh);
elf_end(e);
close(fd);
return 0;
}
int context_init(SERVICE_OPTIONS *section) { /* init SSL context */
/* create SSL context */
if(section->option.client)
section->ctx=SSL_CTX_new(section->client_method);
else /* server mode */
section->ctx=SSL_CTX_new(section->server_method);
if(!section->ctx) {
sslerror("SSL_CTX_new");
return 1; /* FAILED */
}
SSL_CTX_set_ex_data(section->ctx, index_opt, section); /* for callbacks */
/* load certificate and private key to be verified by the peer server */
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_NUMBER>=0x0090809fL
/* SSL_CTX_set_client_cert_engine() was introduced in OpenSSL 0.9.8i */
if(section->option.client && section->engine) {
if(SSL_CTX_set_client_cert_engine(section->ctx, section->engine))
s_log(LOG_INFO, "Client certificate engine (%s) enabled",
ENGINE_get_id(section->engine));
else /* no client certificate functionality in this engine */
sslerror("SSL_CTX_set_client_cert_engine"); /* ignore error */
}
#endif
if(auth_init(section))
return 1; /* FAILED */
/* initialize verification of the peer server certificate */
if(verify_init(section))
return 1; /* FAILED */
/* initialize DH/ECDH server mode */
if(!section->option.client) {
#ifndef OPENSSL_NO_TLSEXT
SSL_CTX_set_tlsext_servername_arg(section->ctx, section);
SSL_CTX_set_tlsext_servername_callback(section->ctx, servername_cb);
#endif /* OPENSSL_NO_TLSEXT */
#ifndef OPENSSL_NO_DH
dh_init(section); /* ignore the result (errors are not critical) */
#endif /* OPENSSL_NO_DH */
#ifndef OPENSSL_NO_ECDH
ecdh_init(section); /* ignore the result (errors are not critical) */
#endif /* OPENSSL_NO_ECDH */
}
/* setup session cache */
if(!section->option.client) {
unsigned servname_len=(unsigned)strlen(section->servname);
if(servname_len>SSL_MAX_SSL_SESSION_ID_LENGTH)
servname_len=SSL_MAX_SSL_SESSION_ID_LENGTH;
if(!SSL_CTX_set_session_id_context(section->ctx,
(unsigned char *)section->servname, servname_len)) {
sslerror("SSL_CTX_set_session_id_context");
return 1; /* FAILED */
}
}
#ifdef SSL_SESS_CACHE_NO_INTERNAL_STORE
/* the default cache mode is just SSL_SESS_CACHE_SERVER */
SSL_CTX_set_session_cache_mode(section->ctx,
SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_STORE);
#endif
SSL_CTX_sess_set_cache_size(section->ctx, section->session_size);
SSL_CTX_set_timeout(section->ctx, section->session_timeout);
SSL_CTX_sess_set_new_cb(section->ctx, sess_new_cb);
SSL_CTX_sess_set_get_cb(section->ctx, sess_get_cb);
SSL_CTX_sess_set_remove_cb(section->ctx, sess_remove_cb);
/* set info callback */
SSL_CTX_set_info_callback(section->ctx, info_callback);
/* ciphers, options, mode */
if(section->cipher_list)
if(!SSL_CTX_set_cipher_list(section->ctx, section->cipher_list)) {
sslerror("SSL_CTX_set_cipher_list");
return 1; /* FAILED */
}
SSL_CTX_set_options(section->ctx,
(SSL_OPTIONS_TYPE)(section->ssl_options_set));
#if OPENSSL_VERSION_NUMBER>=0x009080dfL
SSL_CTX_clear_options(section->ctx,
(SSL_OPTIONS_TYPE)(section->ssl_options_clear));
s_log(LOG_DEBUG, "SSL options: 0x%08lX (+0x%08lX, -0x%08lX)",
SSL_CTX_get_options(section->ctx),
section->ssl_options_set, section->ssl_options_clear);
#else /* OpenSSL older than 0.9.8m */
s_log(LOG_DEBUG, "SSL options: 0x%08lX (+0x%08lX)",
SSL_CTX_get_options(section->ctx),
section->ssl_options_set);
#endif /* OpenSSL 0.9.8m or later */
/* initialize OpenSSL CONF options */
if(conf_init(section))
return 1; /* FAILED */
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode(section->ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
SSL_MODE_RELEASE_BUFFERS);
#else
SSL_CTX_set_mode(section->ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#endif
return 0; /* OK */
}
int main(int argc, char *argv[])
{
int status = -1;
dhuser_t alice, bob;
s_memclr(&alice, sizeof(dhuser_t));
s_memclr(&bob, sizeof(dhuser_t));
if(argc != 2)
goto err;
int ac = dh_init(&alice, SERVER);
int bc = dh_init(&bob, CLIENT);
if(ac != 0 || bc != 0)
goto err;
int mod_len = check_size(atoi(argv[1]),0);
if(mod_len < 0)
goto err;
if(dh_generateParameters(&alice, mod_len, mod_len, mod_len) < 0)
goto err;
if(dh_setParameters(&bob, mod_len, mod_len, mod_len, alice.P, alice.G) < 0)
goto err;
if(dh_generatePrivateKey(&alice) < 0 || dh_generatePrivateKey(&bob) < 0)
goto err;
dh_generateSharedKey(&alice); dh_generateSharedKey(&bob);
if(dh_computeSecret(&alice, bob.Shared_E) < 0 || dh_computeSecret(&bob, alice.Shared_F) < 0)
goto err;
char* alice_hash = dh_computePublicHash(&alice);
char* bob_hash = dh_computePublicHash(&bob);
if(!alice_hash || !bob_hash)
goto err;
byte sig_buf[2048];
s_memclr(sig_buf, 2048);
unsigned int sig_len = sizeof(sig_buf);
sign(alice_hash, sig_buf, &sig_len);
printf("%u\n",sig_len);
if(verify(bob_hash, sig_buf, sig_len) != 1)
printf("Authentication failed\n");
else
printf("Secret sharing successful\n");
status = 0;
err:
if(alice_hash) delete(alice_hash, strlen(alice_hash));
if(bob_hash) delete(bob_hash, strlen(bob_hash));
dh_destroy(&alice);
dh_destroy(&bob);
return status;
}
int main(int argc, char *argv[])
{
/** SET 5 CHALLENGE 33 **/
/** DH KEY EXCHANGE **/
// small int
unsigned long a, A, b, B, s1, s2;
srand(time(NULL));
dh_generate_keypair_smallint(&a, &A);
dh_generate_keypair_smallint(&b, &B);
s1 = dh_generate_session_key_smallint(a, B);
s2 = dh_generate_session_key_smallint(b, A);
printf("[s5c1] *smallint* a = %ld, A = %ld, b = %ld, B = %ld, s = %ld ?= %ld\n", a, A, b, B, s1, s2);
// bigint
BIGNUM *p, *g;
BIGNUM *ba, *bA, *bb, *bB, *bs1, *bs2;
g = BN_new();
p = BN_new();
ba = BN_new();
bA = BN_new();
bb = BN_new();
bB = BN_new();
bs1 = BN_new();
bs2 = BN_new();
unsigned char c_s1[20], c_s2[20];
unsigned int i;
dh_init(p, g);
dh_generate_keypair(ba, bA, g, p);
dh_generate_keypair(bb, bB, g, p);
dh_generate_session_key(c_s1, bs1, ba, bB, p);
dh_generate_session_key(c_s2, bs2, bb, bA, p);
printf("[s5c1] *bignum* s1 = '");
// BN_print_fp(stdout, &bs1);
for(i=0; i<20; i++)
printf("%02x", c_s1[i]);
printf("'\n[s5c1] *bignum* s2 = '");
// BN_print_fp(stdout, &bs2);
for(i=0; i<20; i++)
printf("%02x", c_s2[i]);
printf("'\n");
BN_free(ba);
BN_free(bA);
BN_free(bb);
BN_free(bB);
BN_free(bs1);
BN_free(bs2);
/** SET 5 CHALLENGE 34 **/
/** DH-KE FIXED KEY MITM **/
unsigned char c_p[1024];
unsigned char c_g[1024];
unsigned char c_A[1024];
unsigned char c_B[1024];
ba = BN_new();
bA = BN_new();
// M -> B: p, g, p
printf("[s5c2] M -> B: p, g, p\n");
dhke_initiate(c_p, c_g, c_A, ba, bA, p, g);
// M -> A: p
printf("[s5c2] M -> A: p\n");
// dhke_initiate_reply(c_B, c_p, c_g, c_A, c_s2);
dhke_initiate_reply(c_B, c_p, c_g, c_p, c_s2);
// A -> B: cmsg, iv
// dhke_initiate_finalize(c_s1, c_B, &ba, &p);
dhke_initiate_finalize(c_s1, c_p, ba, p);
printf("[s5c2] *bignum* s1 = '");
for(i=0; i<20; i++)
printf("%02x", c_s1[i]);
printf("'\n[s5c2] *bignum* s2 = '");
for(i=0; i<20; i++)
printf("%02x", c_s2[i]);
printf("'\n");
unsigned char *plain_in = "YELLOW SUBMARINE";
unsigned char p_out[128];
unsigned char c_out[128];
unsigned char iv[16];
unsigned int c_len, p_len;
c_len = dhke_session_send(c_out, iv, plain_in, 16, c_s1);
printf("[s5c2] A -> B: cmsg = '");
for(i=0; i<c_len; i++) {
printf("%02x", c_out[i]);
}
printf("', iv\n");
// perform attack as M
unsigned char m_out[128];
// M performs decryption
dhke_attack_zero_session_key(m_out, c_out, c_len, iv);
printf("[s5c2] M decrypts msg='%s'\n", m_out);
// B performs decryption
p_len = dhke_session_recv(p_out, c_out, c_len, c_s2, iv);
printf("[s5c2] B recvd: msg = '%s'\n", p_out);
BN_free(ba);
BN_free(bA);
/** SET 5 CHALLENGE 35 **/
/** DH-KE MALICIOUS G MITM **/
memset(c_g, 0, 1024);
memset(c_p, 0, 1024);
memset(c_A, 0, 1024);
memset(c_B, 0, 1024);
memset(c_out, 0, 128);
memset(m_out, 0, 128);
BIGNUM *bn1, *g2;
ba = BN_new();
bA = BN_new();
bn1 = BN_new();
g2 = BN_new();
// prepare malicious g'
// g' = 0; --> perform dhke_attack_zero_session_key()
// printf("[s5c3] M sets g' = 0\n");
// BN_zero(&g2);
// g' = p --> perform dhke_attack_zero_session_key()
// printf("[s5c3] M sets g' = p\n");
// BN_copy(&g2, &p);
// g' = p-1
printf("[s5c3] M sets and distributes g' = p-1\n");
BN_one(bn1);
BN_sub(g2, p, bn1);
// M -> B: p, g', A'
printf("[s5c3] A -> B: A'\n");
dhke_initiate(c_p, c_g, c_A, ba, bA, p, g2);
// M -> A: B'
printf("[s5c3] B -> A: B'\n");
dhke_initiate_reply(c_B, c_p, c_g, c_A, c_s2);
// A -> B: cmsg, iv
dhke_initiate_finalize(c_s1, c_B, ba, p);
c_len = dhke_session_send(c_out, iv, plain_in, 16, c_s1);
printf("[s5c3] A -> B: cmsg = '");
for(i=0; i<c_len; i++) {
printf("%02x", c_out[i]);
}
printf("', iv\n");
// M performs decryption
// use for: g' = 0, g' = p
// dhke_attack_zero_session_key(m_out, c_out, c_len, iv);
// use for g' = p-1
dhke_attack_p_1_session_key(m_out, c_out, c_len, c_A, c_B, iv);
printf("[s5c3] M decrypts msg='%s'\n", m_out);
// B performs decryption
p_len = dhke_session_recv(p_out, c_out, c_len, c_s2, iv);
printf("[s5c3] B recvd: msg = '%s'\n", p_out);
BN_free(ba);
BN_free(bA);
BN_free(bn1);
BN_free(g2);
/** SET 5 CHALLENGE 36 **/
/** SECURE REMOTE PASSWORD **/
unsigned char srp_salt[9];
unsigned char *srp_pass = "******"; // 16
unsigned char str_hash[2*SHA256_DIGEST_LENGTH+1];
unsigned char hmac_s[SHA256_DIGEST_LENGTH];
unsigned int hmac_s_len;
unsigned char hmac_c[SHA256_DIGEST_LENGTH];
unsigned int hmac_c_len;
BIGNUM *v, *sS, *cS;
v = BN_new();
ba = BN_new();
bA = BN_new();
bb = BN_new();
bB = BN_new();
cS = BN_new();
sS = BN_new();
memset(srp_salt, 0, 9);
srp_server_init(srp_salt, v, bb, bB, srp_pass, g, p);
srp_client_init(ba, bA, g, p);
// printf("server calc S\n");
srp_server_calc_session_key(str_hash, sS, bA, bb, bB, v, p);
// printf("[s5c4] server: sha256(S) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
memset(str_hash, 0, 2*SHA256_DIGEST_LENGTH+1);
srp_client_calc_session_key(str_hash, cS, srp_salt, srp_pass, ba, bA, bB, g, p);
// printf("[s5c4] client: sha256(S) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
printf("[s5c4] server: HMAC(K,Salt) = ");
for(i=0; i<hmac_s_len; i++) {
printf("%02x", hmac_s[i]);
}
printf("\n");
printf("[s5c4] client: HMAC(K,Salt) = ");
for(i=0; i<hmac_c_len; i++) {
printf("%02x", hmac_c[i]);
}
printf("\n");
if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len))
printf("[s5c4] server: Client HMAC-SHA256 successfully validated!\n");
else
printf("[s5c4] server: Client HMAC-SHA256 *NOT* validated!\n");
BN_free(v);
BN_free(ba);
BN_free(bA);
BN_free(bb);
BN_free(bB);
BN_free(cS);
BN_free(sS);
/** SET 5 CHALLENGE 37 **/
/** SRP MALICIOUS A ATTACK **/
// we're skipping the networking part here and just call the simulator
// functions from srp.c
ba = BN_new();
bA = BN_new();
bb = BN_new();
bB = BN_new();
sS = BN_new();
cS = BN_new();
v = BN_new();
srp_server_init(srp_salt, v, bb, bB, srp_pass, g, p);
srp_client_init(ba, bA, g, p);
// now modify A (bA) to be 0, N, c*N
// BN_zero(bA); // A = 0
BN_copy(bA, p); // A = N (doesn't matter if we use N, 2*N, c*N)
// send to server and let server do its calculations
srp_server_calc_session_key(str_hash, sS, bA, bb, bB, v, p);
// printf("[s5c5] server: sha256(S=0) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
// client now authenticates with HMAC_SHA256(K=SHA256(S=0), salt)
// K=SHA256(S=0)
srp_generate_salted_password_hash(cS, str_hash, "", "0");
// printf("[s5c5] client: sha256(S=0) = %s\n", str_hash);
// calc HMAC_SHA256(K, salt)
hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
printf("[s5c5] server: HMAC(K,Salt) = ");
for(i=0; i<hmac_s_len; i++) {
printf("%02x", hmac_s[i]);
}
printf("\n");
printf("[s5c5] client: HMAC(K,Salt) = ");
for(i=0; i<hmac_c_len; i++) {
printf("%02x", hmac_c[i]);
}
printf("\n");
if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len))
printf("[s5c5] server: forged client HMAC-SHA256 successfully validated!\n");
else
printf("[s5c5] server: forged client HMAC-SHA256 *NOT* validated!\n");
BN_free(ba);
BN_free(bA);
BN_free(bb);
BN_free(bB);
BN_free(sS);
BN_free(cS);
BN_free(v);
/** SET 5 CHALLENGE 38 **/
/** SSRP OFFLINE DICTIONARY ATTACK **/
BIGNUM *u, *fb, *fB;
u = BN_new();
v = BN_new();
ba = BN_new();
bA = BN_new();
bb = BN_new();
bB = BN_new();
cS = BN_new();
sS = BN_new();
fb = BN_new();
fB = BN_new();
memset(srp_salt, 0, 9*sizeof(unsigned char));
ssrp_server_init(srp_salt, v, bb, bB, u, srp_pass, g, p);
ssrp_client_init(ba, bA, g, p);
ssrp_server_calc_session_key(str_hash, sS, bA, bb, u, v, p);
// printf("[s5c6] server: sha256(S=0) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_s_len = sha256_secret_prefix_mac(hmac_s, str_hash, strlen(str_hash), srp_salt, strlen(srp_salt));
memset(str_hash, 0, 2*SHA256_DIGEST_LENGTH);
// original settings transmitted to client
// ssrp_client_calc_session_key(str_hash, cS, srp_salt, srp_pass, ba, bB, u, p);
// forged settings transmitted to client:
// u = 1, b = 1, B=g=2, salt=""
BN_one(u);
BN_one(fb);
BN_copy(fB, g);
ssrp_client_calc_session_key(str_hash, cS, "", srp_pass, ba, fB, u, p);
// printf("[s5c6] client: sha256(S) = %s\n", str_hash);
// calc HMAC_SHA256(&cS, salt)
hmac_c_len = sha256_secret_prefix_mac(hmac_c, str_hash, strlen(str_hash), "", 0);
// printf("[s5c6] server: HMAC(K,Salt) = ");
// for(i=0; i<hmac_s_len; i++) {
// printf("%02x", hmac_s[i]);
// }
// printf("\n");
printf("[s5c6] client: HMAC(K,\"\") = ");
for(i=0; i<hmac_c_len; i++) {
printf("%02x", hmac_c[i]);
}
printf("\n");
// perform offline dictionary attack
char pass[1024];
if(ssrp_dictionary_attack(pass, hmac_c, "dict.txt", bA, g, p)>0)
printf("[s5c6] Password cracked: '%s'\n", pass);
else
printf("[s5c6] Password not cracked!\n");
// if((hmac_s_len == hmac_c_len) && !strncmp(hmac_s, hmac_c, hmac_s_len))
// printf("[s5c6] server: Client HMAC-SHA256 successfully validated!\n");
// else
// printf("[s5c6] server: Client HMAC-SHA256 *NOT* validated!\n");
dh_clear(p, g);
BN_free(p);
BN_free(g);
BN_free(ba);
BN_free(bA);
BN_free(bb);
BN_free(bB);
BN_free(u);
BN_free(v);
BN_free(cS);
BN_free(sS);
BN_free(fb);
BN_free(fB);
/** SET 5 CHALLENGE 39 **/
/** RSA **/
BIO *out = NULL;
out = BIO_new(BIO_s_file());
BIO_set_fp(out, stdout, BIO_NOCLOSE);
egcd_test();
inv_mod_test();
// Testing RSA core functions
rsa_key_t puk;
rsa_key_t pik;
puk.e = BN_new();
puk.n = BN_new();
pik.e = BN_new();
pik.n = BN_new();
BIGNUM *BN_plain = BN_new();
BIGNUM *BN_crypt = BN_new();
BN_hex2bn(&BN_plain, "31337");
printf("[s5c7] BN_plain = ");
BN_print(out, BN_plain);
rsa_generate_keypair(&puk, &pik, 128);
rsa_bn_encrypt(BN_crypt, BN_plain, &puk);
printf("\n[s5c7] BN_crypt = ");
BN_print(out, BN_crypt);
rsa_bn_decrypt(BN_plain, BN_crypt, &pik);
printf("\n[s5c7] BN_plain'= ");
BN_print(out, BN_plain);
printf("\n");
BN_free(BN_plain);
BN_free(BN_crypt);
// test RSA 'wrapper' funcs
unsigned char *rsa_plain_in = "Hello RSA World!";
unsigned char *rsa_crypt = NULL;
unsigned int rsa_crypt_len = 0;
unsigned char *rsa_plain_out = NULL;
unsigned int rsa_plain_len;
rsa_crypt_len = rsa_encrypt(&rsa_crypt, rsa_plain_in, 16, &puk);
rsa_plain_len = rsa_decrypt(&rsa_plain_out, rsa_crypt, rsa_crypt_len, &pik);
//rsa_plain_out[rsa_plain_len-1] = 0;
printf("[s5c7] Encrypting '%s' using RSA...\n[s5c7] RSA crypted: '", rsa_plain_in);
for(i=0; i<rsa_crypt_len; i++) {
printf("%02x", rsa_crypt[i]);
}
printf("'\n[s5c7] RSA decrypted: '%s'\n", rsa_plain_out);
free(rsa_crypt);
free(rsa_plain_out);
/** SET 5 CHALLENGE 40 **/
/** RSA E=3 BROADCAST ATTACK (CRT) **/
// test chinese remainder theorem impl.
crt_test();
// test n-th root impl.
nthroot_test();
// let's do "the real thing"
rsa_broadcast_attack_test();
BN_free(puk.e);
BN_free(puk.n);
BN_free(pik.e);
BN_free(pik.n);
BIO_free(out);
return 0;
}
int
main (int argc, char *argv[])
{
/* Check to see if the user is running
* us as root, which is a nono
*/
if (geteuid () == 0)
{
fprintf (stderr, "Don't run ircd as root!!!\n");
return (-1);
}
/* save server boot time right away, so getrusage works correctly */
set_time ();
/* Setup corefile size immediately after boot -kre */
setup_corefile ();
/* set initialVMTop before we allocate any memory */
initialVMTop = get_vm_top ();
ServerRunning = 0;
/* It ain't random, but it ought to be a little harder to guess */
srand (SystemTime.tv_sec ^ (SystemTime.tv_usec | (getpid () << 20)));
memset (&me, 0, sizeof (me));
memset (&meLocalUser, 0, sizeof (meLocalUser));
me.localClient = &meLocalUser;
dlinkAdd (&me, &me.node, &global_client_list); /* Pointer to beginning
of Client list */
memset (&ServerInfo, 0, sizeof (ServerInfo));
/* Initialise the channel capability usage counts... */
init_chcap_usage_counts ();
ConfigFileEntry.dpath = DPATH;
ConfigFileEntry.configfile = CPATH; /* Server configuration file */
ConfigFileEntry.klinefile = KPATH; /* Server kline file */
ConfigFileEntry.xlinefile = XPATH; /* Server xline file */
ConfigFileEntry.dlinefile = DLPATH; /* dline file */
ConfigFileEntry.cresvfile = CRESVPATH; /* channel resv file */
ConfigFileEntry.nresvfile = NRESVPATH; /* nick resv file */
myargv = argv;
umask (077); /* better safe than sorry --SRB */
parseargs (&argc, &argv, myopts);
build_version ();
if (printVersion)
{
printf ("ircd: version %s\n", ircd_version);
exit (EXIT_SUCCESS);
}
if (chdir (ConfigFileEntry.dpath))
{
perror ("chdir");
exit (EXIT_FAILURE);
}
if (!server_state.foreground)
make_daemon ();
else
print_startup (getpid ());
#ifdef HAVE_LIBCRYPTO
dh_init();
fprintf(stderr, "SSL: Initialize\n");
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
ServerInfo.ctx = SSL_CTX_new(SSLv23_server_method());
if (!ServerInfo.ctx) {
ERR_print_errors_fp(stderr);
return 0;
}
fprintf(stderr, "SSL: Client based SSL connections are enabled.\n");
#endif
setup_signals ();
/* We need this to initialise the fd array before anything else */
fdlist_init ();
if (!server_state.foreground)
close_all_connections (); /* this needs to be before init_netio()! */
else
check_can_use_v6 (); /* Done in close_all_connections normally */
init_log (logFileName);
init_netio (); /* This needs to be setup early ! -- adrian */
/* Check if there is pidfile and daemon already running */
check_pidfile (pidFileName);
/* Init the event subsystem */
eventInit ();
init_sys ();
#ifndef NOBALLOC
initBlockHeap ();
#endif
init_dlink_nodes ();
init_slink_nodes ();
initialize_message_files ();
dbuf_init ();
init_hash ();
init_ip_hash_table (); /* client host ip hash table */
init_host_hash (); /* Host-hashtable. */
clear_hash_parse ();
init_client ();
init_user ();
init_channels ();
init_class ();
init_whowas ();
init_stats ();
init_hooks ();
read_conf_files (1); /* cold start init conf files */
initServerMask ();
init_uid ();
init_auth (); /* Initialise the auth code */
init_resolver (); /* Needs to be setup before the io loop */
init_reject (); /* Set up the reject code. */
init_umodes (); /* Set up the usermode system. */
initialize_foundation_signals(); /* register things that modules need */
#ifdef HAVE_LIBCRYPTO
bio_spare_fd = save_spare_fd ("SSL private key validation");
#endif /* HAVE_LIBCRYPTO */
initialize_server_capabs (); /* Set up default_server_capabs */
initialize_global_set_options ();
if (ServerInfo.name == NULL)
{
fprintf (stderr,
"ERROR: No server name specified in serverinfo block.\n");
ilog (L_CRIT, "No server name specified in serverinfo block.");
exit (EXIT_FAILURE);
}
strlcpy (me.name, ServerInfo.name, sizeof (me.name));
/* serverinfo{} description must exist. If not, error out. */
if (ServerInfo.description == NULL)
{
fprintf (stderr,
"ERROR: No server description specified in serverinfo block.\n");
ilog (L_CRIT,
"ERROR: No server description specified in serverinfo block.");
exit (EXIT_FAILURE);
}
strlcpy (me.info, ServerInfo.description, sizeof (me.info));
me.from = &me;
me.servptr = &me;
SetMe (&me);
make_server (&me);
strlcpy (me.serv->up, me.name, sizeof (me.serv->up));
me.lasttime = me.since = me.firsttime = CurrentTime;
hash_add_client (&me);
/* add ourselves to global_serv_list */
dlinkAdd (&me, make_dlink_node (), &global_serv_list);
check_class ();
#ifndef STATIC_MODULES
if (chdir (MODPATH))
{
ilog (L_CRIT, "Could not load core modules. Terminating!");
exit (EXIT_FAILURE);
}
mod_set_base ();
load_all_modules (1);
load_core_modules (1);
/* Go back to DPATH after checking to see if we can chdir to MODPATH */
chdir (ConfigFileEntry.dpath);
#else
load_all_modules (1);
#endif
write_pidfile (pidFileName);
ilog (L_NOTICE, "Server Ready");
eventAddIsh ("cleanup_tklines", cleanup_tklines, NULL,
CLEANUP_TKLINES_TIME);
/* We want try_connections to be called as soon as possible now! -- adrian */
/* No, 'cause after a restart it would cause all sorts of nick collides */
eventAddIsh ("try_connections", try_connections, NULL,
STARTUP_CONNECTIONS_TIME);
eventAddIsh ("collect_zipstats", collect_zipstats, NULL, ZIPSTATS_TIME);
/* Setup the timeout check. I'll shift it later :) -- adrian */
eventAddIsh ("comm_checktimeouts", comm_checktimeouts, NULL, 1);
if (splitmode)
eventAddIsh ("check_splitmode", check_splitmode, NULL, 60);
ServerRunning = 1;
io_loop ();
return (0);
}
