int decrypt_verify(int is_client, const uint8 *packet, size_t length, uint8 **cleartext, size_t *clen) { int res, ok = 0; dtls_cipher_context_t *cipher; static unsigned char buf[1000]; switch (CURRENT_CONFIG->cipher) { case AES128: /* TLS_PSK_WITH_AES128_CBC_SHA */ *cleartext = buf; *clen = length - sizeof(dtls_record_header_t); if (is_client) cipher = CURRENT_CONFIG->read_cipher; else cipher = CURRENT_CONFIG->write_cipher; res = dtls_decrypt(cipher, (uint8 *)packet + sizeof(dtls_record_header_t), *clen, buf, NULL, 0); if (res < 0) { warn("decryption failed!\n"); } else { ok = pcap_verify(CURRENT_CONFIG, is_client, (uint8 *)packet, length, *cleartext, res); if (ok) *clen = res - dtls_kb_digest_size(CURRENT_CONFIG); } break; default: /* no cipher suite selected */ *cleartext = (uint8 *)packet + sizeof(dtls_record_header_t); *clen = length - sizeof(dtls_record_header_t); ok = 1; } if (ok) printf("verify OK\n"); else printf("verification failed!\n"); return ok; }
int main(int argc, char **argv) { int len, n; for (n = 0; n < sizeof(data)/sizeof(struct test_vector); ++n) { dtls_cipher_context_t *cipher; cipher = dtls_new_cipher(&ciphers[AES128], data[n].key, sizeof(data[n].key)); if (!cipher) { fprintf(stderr, "cannot set key\n"); exit(-1); } dtls_init_cipher(cipher, data[n].nonce, sizeof(data[n].nonce)); if (data[n].M == 0) len = dtls_encrypt(cipher, data[n].msg, data[n].lm); else len = dtls_decrypt(cipher, data[n].msg, data[n].lm); printf("Packet Vector #%d ", n+1); if (len != data[n].r_lm || memcmp(data[n].msg, data[n].result, len)) printf("FAILED, "); else printf("OK, "); printf("result is (total length = %d):\n\t", (int)len); dump(data[n].msg, len); free(cipher); } return 0; }