summaryrefslogtreecommitdiff
path: root/scripts/crypt_burn.c
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2015-06-01 14:46:30 +0200
committerYves-Alexis Perez <corsac@debian.org>2015-06-01 14:46:30 +0200
commitfc556ec2bc92a9d476c11406fad2c33db8bf7cb0 (patch)
tree7360889e50de867d72741213d534a756c73902c8 /scripts/crypt_burn.c
parent83b8aebb19fe6e49e13a05d4e8f5ab9a06177642 (diff)
downloadvyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.tar.gz
vyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.zip
Imported Upstream version 5.3.1
Diffstat (limited to 'scripts/crypt_burn.c')
-rw-r--r--scripts/crypt_burn.c264
1 files changed, 185 insertions, 79 deletions
diff --git a/scripts/crypt_burn.c b/scripts/crypt_burn.c
index 1768d769b..3bd36d2dc 100644
--- a/scripts/crypt_burn.c
+++ b/scripts/crypt_burn.c
@@ -16,34 +16,190 @@
#include <stdio.h>
#include <library.h>
-int main(int argc, char *argv[])
+static int burn_crypter(const proposal_token_t *token, u_int limit, u_int len)
{
- const proposal_token_t *token;
- aead_t *aead;
+ chunk_t iv, key, data;
crypter_t *crypter;
- char buffer[1024], assoc[8], iv[32];
- size_t bs;
- int i = 0, limit = 0;
+ int i = 0;
+ bool ok;
+
+ crypter = lib->crypto->create_crypter(lib->crypto, token->algorithm,
+ token->keysize / 8);
+ if (!crypter)
+ {
+ fprintf(stderr, "%N-%zu not supported\n",
+ encryption_algorithm_names, token->algorithm, token->keysize);
+ return FALSE;
+ }
+
+ iv = chunk_alloc(crypter->get_iv_size(crypter));
+ memset(iv.ptr, 0xFF, iv.len);
+ data = chunk_alloc(round_up(len, crypter->get_block_size(crypter)));
+ memset(data.ptr, 0xDD, data.len);
+ key = chunk_alloc(crypter->get_key_size(crypter));
+ memset(key.ptr, 0xAA, key.len);
+
+ ok = crypter->set_key(crypter, key);
+ while (ok)
+ {
+ if (!crypter->encrypt(crypter, data, iv, NULL))
+ {
+ fprintf(stderr, "encryption failed!\n");
+ ok = FALSE;
+ break;
+ }
+ if (!crypter->decrypt(crypter, data, iv, NULL))
+ {
+ fprintf(stderr, "decryption failed!\n");
+ ok = FALSE;
+ break;
+ }
+ if (limit && ++i == limit)
+ {
+ break;
+ }
+ }
+ crypter->destroy(crypter);
+
+ free(iv.ptr);
+ free(data.ptr);
+ free(key.ptr);
+
+ return ok;
+}
+
+static bool burn_aead(const proposal_token_t *token, u_int limit, u_int len)
+{
+ chunk_t iv, key, data, dataicv, assoc;
+ aead_t *aead;
+ int i = 0;
+ bool ok;
+
+ aead = lib->crypto->create_aead(lib->crypto, token->algorithm,
+ token->keysize / 8, 0);
+ if (!aead)
+ {
+ fprintf(stderr, "%N-%zu not supported\n",
+ encryption_algorithm_names, token->algorithm, token->keysize);
+ return FALSE;
+ }
+
+ iv = chunk_alloc(aead->get_iv_size(aead));
+ memset(iv.ptr, 0xFF, iv.len);
+ dataicv = chunk_alloc(round_up(len, aead->get_block_size(aead)) +
+ aead->get_icv_size(aead));
+ data = chunk_create(dataicv.ptr, dataicv.len - aead->get_icv_size(aead));
+ memset(data.ptr, 0xDD, data.len);
+ assoc = chunk_alloc(13);
+ memset(assoc.ptr, 0xCC, assoc.len);
+ key = chunk_alloc(aead->get_key_size(aead));
+ memset(key.ptr, 0xAA, key.len);
+
+ ok = aead->set_key(aead, key);
+ while (ok)
+ {
+ if (!aead->encrypt(aead, data, assoc, iv, NULL))
+ {
+ fprintf(stderr, "aead encryption failed!\n");
+ ok = FALSE;
+ break;
+ }
+ if (!aead->decrypt(aead, dataicv, assoc, iv, NULL))
+ {
+ fprintf(stderr, "aead integrity check failed!\n");
+ ok = FALSE;
+ break;
+ }
+ if (limit && ++i == limit)
+ {
+ break;
+ }
+ }
+ aead->destroy(aead);
+
+ free(iv.ptr);
+ free(data.ptr);
+ free(key.ptr);
+ free(assoc.ptr);
+
+ return ok;
+}
+
+static int burn_signer(const proposal_token_t *token, u_int limit, u_int len)
+{
+ chunk_t key, data, sig;
+ signer_t *signer;
+ int i = 0;
+ bool ok;
+
+ signer = lib->crypto->create_signer(lib->crypto, token->algorithm);
+ if (!signer)
+ {
+ fprintf(stderr, "%N not supported\n",
+ integrity_algorithm_names, token->algorithm);
+ return FALSE;
+ }
+
+ data = chunk_alloc(len);
+ memset(data.ptr, 0xDD, data.len);
+ key = chunk_alloc(signer->get_key_size(signer));
+ memset(key.ptr, 0xAA, key.len);
+ sig = chunk_alloc(signer->get_block_size(signer));
+
+ ok = signer->set_key(signer, key);
+ while (ok)
+ {
+ if (!signer->get_signature(signer, data, sig.ptr))
+ {
+ fprintf(stderr, "creating signature failed!\n");
+ ok = FALSE;
+ break;
+ }
+ if (!signer->verify_signature(signer, data, sig))
+ {
+ fprintf(stderr, "verifying signature failed!\n");
+ ok = FALSE;
+ break;
+ }
+ if (limit && ++i == limit)
+ {
+ break;
+ }
+ }
+ signer->destroy(signer);
+ free(data.ptr);
+ free(key.ptr);
+ free(sig.ptr);
+
+ return ok;
+}
+
+int main(int argc, char *argv[])
+{
+ const proposal_token_t *token;
+ u_int limit = 0, len = 1024;
+ bool ok;
library_init(NULL, "crypt_burn");
- lib->plugins->load(lib->plugins, PLUGINS);
+ lib->plugins->load(lib->plugins, getenv("PLUGINS") ?: PLUGINS);
atexit(library_deinit);
- printf("loaded: %s\n", PLUGINS);
-
- memset(buffer, 0x12, sizeof(buffer));
- memset(assoc, 0x34, sizeof(assoc));
- memset(iv, 0x56, sizeof(iv));
+ fprintf(stderr, "loaded: %s\n", lib->plugins->loaded_plugins(lib->plugins));
if (argc < 2)
{
- fprintf(stderr, "usage: %s <algorithm>!\n", argv[0]);
+ fprintf(stderr, "usage: %s <algorithm> [buflen=%u] [rounds=%u]\n",
+ argv[0], len, limit);
return 1;
}
if (argc > 2)
{
- limit = atoi(argv[2]);
+ len = atoi(argv[2]);
+ }
+ if (argc > 3)
+ {
+ limit = atoi(argv[3]);
}
token = lib->proposal->get_token(lib->proposal, argv[1]);
@@ -52,76 +208,26 @@ int main(int argc, char *argv[])
fprintf(stderr, "algorithm '%s' unknown!\n", argv[1]);
return 1;
}
- if (token->type != ENCRYPTION_ALGORITHM)
- {
- fprintf(stderr, "'%s' is not an encryption/aead algorithm!\n", argv[1]);
- return 1;
- }
- if (encryption_algorithm_is_aead(token->algorithm))
+ switch (token->type)
{
- aead = lib->crypto->create_aead(lib->crypto,
- token->algorithm, token->keysize / 8, 0);
- if (!aead)
- {
- fprintf(stderr, "aead '%s' not supported!\n", argv[1]);
- return 1;
- }
- while (TRUE)
- {
- if (!aead->encrypt(aead,
- chunk_create(buffer, sizeof(buffer) - aead->get_icv_size(aead)),
- chunk_from_thing(assoc),
- chunk_create(iv, aead->get_iv_size(aead)), NULL))
+ case ENCRYPTION_ALGORITHM:
+ if (encryption_algorithm_is_aead(token->algorithm))
{
- fprintf(stderr, "aead encryption failed!\n");
- return 1;
+ ok = burn_aead(token, limit, len);
}
- if (!aead->decrypt(aead, chunk_create(buffer, sizeof(buffer)),
- chunk_from_thing(assoc),
- chunk_create(iv, aead->get_iv_size(aead)), NULL))
+ else
{
- fprintf(stderr, "aead integrity check failed!\n");
- return 1;
+ ok = burn_crypter(token, limit, len);
}
- if (limit && ++i == limit)
- {
- break;
- }
- }
- aead->destroy(aead);
- }
- else
- {
- crypter = lib->crypto->create_crypter(lib->crypto,
- token->algorithm, token->keysize / 8);
- if (!crypter)
- {
- fprintf(stderr, "crypter '%s' not supported!\n", argv[1]);
- return 1;
- }
- bs = crypter->get_block_size(crypter);
-
- while (TRUE)
- {
- if (!crypter->encrypt(crypter,
- chunk_create(buffer, sizeof(buffer) / bs * bs),
- chunk_create(iv, crypter->get_iv_size(crypter)), NULL))
- {
- continue;
- }
- if (!crypter->decrypt(crypter,
- chunk_create(buffer, sizeof(buffer) / bs * bs),
- chunk_create(iv, crypter->get_iv_size(crypter)), NULL))
- {
- continue;
- }
- if (limit && ++i == limit)
- {
- break;
- }
- }
- crypter->destroy(crypter);
+ break;
+ case INTEGRITY_ALGORITHM:
+ ok = burn_signer(token, limit, len);
+ break;
+ default:
+ fprintf(stderr, "'%s' is not a crypter/aead algorithm!\n", argv[1]);
+ ok = FALSE;
+ break;
}
- return 0;
+ return !ok;
}