![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to crypt_burn.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / scripts|
Return to crypt_burn.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / scripts |
1.1 misho 1: /*
2: * Copyright (C) 2010 Martin Willi
3: * Copyright (C) 2010 revosec AG
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include <stdio.h>
17: #include <library.h>
18:
19: static int burn_crypter(const proposal_token_t *token, u_int limit, u_int len)
20: {
21: chunk_t iv, key, data;
22: crypter_t *crypter;
23: int i = 0;
24: bool ok;
25:
26: crypter = lib->crypto->create_crypter(lib->crypto, token->algorithm,
27: token->keysize / 8);
28: if (!crypter)
29: {
30: fprintf(stderr, "%N-%zu not supported\n",
31: encryption_algorithm_names, token->algorithm, token->keysize);
32: return FALSE;
33: }
34:
35: iv = chunk_alloc(crypter->get_iv_size(crypter));
36: memset(iv.ptr, 0xFF, iv.len);
37: data = chunk_alloc(round_up(len, crypter->get_block_size(crypter)));
38: memset(data.ptr, 0xDD, data.len);
39: key = chunk_alloc(crypter->get_key_size(crypter));
40: memset(key.ptr, 0xAA, key.len);
41:
42: ok = crypter->set_key(crypter, key);
43: while (ok)
44: {
45: if (!crypter->encrypt(crypter, data, iv, NULL))
46: {
47: fprintf(stderr, "encryption failed!\n");
48: ok = FALSE;
49: break;
50: }
51: if (!crypter->decrypt(crypter, data, iv, NULL))
52: {
53: fprintf(stderr, "decryption failed!\n");
54: ok = FALSE;
55: break;
56: }
57: if (limit && ++i == limit)
58: {
59: break;
60: }
61: }
62: crypter->destroy(crypter);
63:
64: free(iv.ptr);
65: free(data.ptr);
66: free(key.ptr);
67:
68: return ok;
69: }
70:
71: static bool burn_aead(const proposal_token_t *token, u_int limit, u_int len)
72: {
73: chunk_t iv, key, data, dataicv, assoc;
74: aead_t *aead;
75: int i = 0;
76: bool ok;
77:
78: aead = lib->crypto->create_aead(lib->crypto, token->algorithm,
79: token->keysize / 8, 0);
80: if (!aead)
81: {
82: fprintf(stderr, "%N-%zu not supported\n",
83: encryption_algorithm_names, token->algorithm, token->keysize);
84: return FALSE;
85: }
86:
87: iv = chunk_alloc(aead->get_iv_size(aead));
88: memset(iv.ptr, 0xFF, iv.len);
89: dataicv = chunk_alloc(round_up(len, aead->get_block_size(aead)) +
90: aead->get_icv_size(aead));
91: data = chunk_create(dataicv.ptr, dataicv.len - aead->get_icv_size(aead));
92: memset(data.ptr, 0xDD, data.len);
93: assoc = chunk_alloc(13);
94: memset(assoc.ptr, 0xCC, assoc.len);
95: key = chunk_alloc(aead->get_key_size(aead));
96: memset(key.ptr, 0xAA, key.len);
97:
98: ok = aead->set_key(aead, key);
99: while (ok)
100: {
101: if (!aead->encrypt(aead, data, assoc, iv, NULL))
102: {
103: fprintf(stderr, "aead encryption failed!\n");
104: ok = FALSE;
105: break;
106: }
107: if (!aead->decrypt(aead, dataicv, assoc, iv, NULL))
108: {
109: fprintf(stderr, "aead integrity check failed!\n");
110: ok = FALSE;
111: break;
112: }
113: if (limit && ++i == limit)
114: {
115: break;
116: }
117: }
118: aead->destroy(aead);
119:
120: free(iv.ptr);
121: free(data.ptr);
122: free(key.ptr);
123: free(assoc.ptr);
124:
125: return ok;
126: }
127:
128: static int burn_signer(const proposal_token_t *token, u_int limit, u_int len)
129: {
130: chunk_t key, data, sig;
131: signer_t *signer;
132: int i = 0;
133: bool ok;
134:
135: signer = lib->crypto->create_signer(lib->crypto, token->algorithm);
136: if (!signer)
137: {
138: fprintf(stderr, "%N not supported\n",
139: integrity_algorithm_names, token->algorithm);
140: return FALSE;
141: }
142:
143: data = chunk_alloc(len);
144: memset(data.ptr, 0xDD, data.len);
145: key = chunk_alloc(signer->get_key_size(signer));
146: memset(key.ptr, 0xAA, key.len);
147: sig = chunk_alloc(signer->get_block_size(signer));
148:
149: ok = signer->set_key(signer, key);
150: while (ok)
151: {
152: if (!signer->get_signature(signer, data, sig.ptr))
153: {
154: fprintf(stderr, "creating signature failed!\n");
155: ok = FALSE;
156: break;
157: }
158: if (!signer->verify_signature(signer, data, sig))
159: {
160: fprintf(stderr, "verifying signature failed!\n");
161: ok = FALSE;
162: break;
163: }
164: if (limit && ++i == limit)
165: {
166: break;
167: }
168: }
169: signer->destroy(signer);
170:
171: free(data.ptr);
172: free(key.ptr);
173: free(sig.ptr);
174:
175: return ok;
176: }
177:
178: int main(int argc, char *argv[])
179: {
180: const proposal_token_t *token;
181: u_int limit = 0, len = 1024;
182: bool ok;
183:
184: library_init(NULL, "crypt_burn");
185: lib->plugins->load(lib->plugins, getenv("PLUGINS") ?: PLUGINS);
186: atexit(library_deinit);
187:
188: fprintf(stderr, "loaded: %s\n", lib->plugins->loaded_plugins(lib->plugins));
189:
190: if (argc < 2)
191: {
192: fprintf(stderr, "usage: %s <algorithm> [buflen=%u] [rounds=%u]\n",
193: argv[0], len, limit);
194: return 1;
195: }
196: if (argc > 2)
197: {
198: len = atoi(argv[2]);
199: if (len > (1 << 30))
200: {
201: fprintf(stderr, "buffer too large (1 GiB limit)\n");
202: return 1;
203: }
204: }
205: if (argc > 3)
206: {
207: limit = atoi(argv[3]);
208: }
209:
210: token = lib->proposal->get_token(lib->proposal, argv[1]);
211: if (!token)
212: {
213: fprintf(stderr, "algorithm '%s' unknown!\n", argv[1]);
214: return 1;
215: }
216:
217: switch (token->type)
218: {
219: case ENCRYPTION_ALGORITHM:
220: if (encryption_algorithm_is_aead(token->algorithm))
221: {
222: ok = burn_aead(token, limit, len);
223: }
224: else
225: {
226: ok = burn_crypter(token, limit, len);
227: }
228: break;
229: case INTEGRITY_ALGORITHM:
230: ok = burn_signer(token, limit, len);
231: break;
232: default:
233: fprintf(stderr, "'%s' is not a crypter/aead algorithm!\n", argv[1]);
234: ok = FALSE;
235: break;
236: }
237: return !ok;
238: }