Imported Upstream version 5.3.1

author: Yves-Alexis Perez <corsac@debian.org> 2015-06-01 14:46:30 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2015-06-01 14:46:30 +0200
commit: fc556ec2bc92a9d476c11406fad2c33db8bf7cb0 (patch)
tree: 7360889e50de867d72741213d534a756c73902c8 /scripts/crypt_burn.c
parent: 83b8aebb19fe6e49e13a05d4e8f5ab9a06177642 (diff)
download: vyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.tar.gz
vyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.zip
1 files changed, 185 insertions, 79 deletions
diff --git a/scripts/crypt_burn.c b/scripts/crypt_burn.c
index 1768d769b..3bd36d2dc 100644
--- a/scripts/crypt_burn.c
+++ b/scripts/crypt_burn.c
@@ -16,34 +16,190 @@
 #include <stdio.h>
 #include <library.h>
 
-int main(int argc, char *argv[])
+static int burn_crypter(const proposal_token_t *token, u_int limit, u_int len)
 {
-	const proposal_token_t *token;
-	aead_t *aead;
+	chunk_t iv, key, data;
 	crypter_t *crypter;
-	char buffer[1024], assoc[8], iv[32];
-	size_t bs;
-	int i = 0, limit = 0;
+	int i = 0;
+	bool ok;
+
+	crypter = lib->crypto->create_crypter(lib->crypto, token->algorithm,
+										  token->keysize / 8);
+	if (!crypter)
+	{
+		fprintf(stderr, "%N-%zu not supported\n",
+				encryption_algorithm_names, token->algorithm, token->keysize);
+		return FALSE;
+	}
+
+	iv = chunk_alloc(crypter->get_iv_size(crypter));
+	memset(iv.ptr, 0xFF, iv.len);
+	data = chunk_alloc(round_up(len, crypter->get_block_size(crypter)));
+	memset(data.ptr, 0xDD, data.len);
+	key = chunk_alloc(crypter->get_key_size(crypter));
+	memset(key.ptr, 0xAA, key.len);
+
+	ok = crypter->set_key(crypter, key);
+	while (ok)
+	{
+		if (!crypter->encrypt(crypter, data, iv, NULL))
+		{
+			fprintf(stderr, "encryption failed!\n");
+			ok = FALSE;
+			break;
+		}
+		if (!crypter->decrypt(crypter, data, iv, NULL))
+		{
+			fprintf(stderr, "decryption failed!\n");
+			ok = FALSE;
+			break;
+		}
+		if (limit && ++i == limit)
+		{
+			break;
+		}
+	}
+	crypter->destroy(crypter);
+
+	free(iv.ptr);
+	free(data.ptr);
+	free(key.ptr);
+
+	return ok;
+}
+
+static bool burn_aead(const proposal_token_t *token, u_int limit, u_int len)
+{
+	chunk_t iv, key, data, dataicv, assoc;
+	aead_t *aead;
+	int i = 0;
+	bool ok;
+
+	aead = lib->crypto->create_aead(lib->crypto, token->algorithm,
+									token->keysize / 8, 0);
+	if (!aead)
+	{
+		fprintf(stderr, "%N-%zu not supported\n",
+				encryption_algorithm_names, token->algorithm, token->keysize);
+		return FALSE;
+	}
+
+	iv = chunk_alloc(aead->get_iv_size(aead));
+	memset(iv.ptr, 0xFF, iv.len);
+	dataicv = chunk_alloc(round_up(len, aead->get_block_size(aead)) +
+						  aead->get_icv_size(aead));
+	data = chunk_create(dataicv.ptr, dataicv.len - aead->get_icv_size(aead));
+	memset(data.ptr, 0xDD, data.len);
+	assoc = chunk_alloc(13);
+	memset(assoc.ptr, 0xCC, assoc.len);
+	key = chunk_alloc(aead->get_key_size(aead));
+	memset(key.ptr, 0xAA, key.len);
+
+	ok = aead->set_key(aead, key);
+	while (ok)
+	{
+		if (!aead->encrypt(aead, data, assoc, iv, NULL))
+		{
+			fprintf(stderr, "aead encryption failed!\n");
+			ok = FALSE;
+			break;
+		}
+		if (!aead->decrypt(aead, dataicv, assoc, iv, NULL))
+		{
+			fprintf(stderr, "aead integrity check failed!\n");
+			ok = FALSE;
+			break;
+		}
+		if (limit && ++i == limit)
+		{
+			break;
+		}
+	}
+	aead->destroy(aead);
+
+	free(iv.ptr);
+	free(data.ptr);
+	free(key.ptr);
+	free(assoc.ptr);
+
+	return ok;
+}
+
+static int burn_signer(const proposal_token_t *token, u_int limit, u_int len)
+{
+	chunk_t  key, data, sig;
+	signer_t *signer;
+	int i = 0;
+	bool ok;
+
+	signer = lib->crypto->create_signer(lib->crypto, token->algorithm);
+	if (!signer)
+	{
+		fprintf(stderr, "%N not supported\n",
+				integrity_algorithm_names, token->algorithm);
+		return FALSE;
+	}
+
+	data = chunk_alloc(len);
+	memset(data.ptr, 0xDD, data.len);
+	key = chunk_alloc(signer->get_key_size(signer));
+	memset(key.ptr, 0xAA, key.len);
+	sig = chunk_alloc(signer->get_block_size(signer));
+
+	ok = signer->set_key(signer, key);
+	while (ok)
+	{
+		if (!signer->get_signature(signer, data, sig.ptr))
+		{
+			fprintf(stderr, "creating signature failed!\n");
+			ok = FALSE;
+			break;
+		}
+		if (!signer->verify_signature(signer, data, sig))
+		{
+			fprintf(stderr, "verifying signature failed!\n");
+			ok = FALSE;
+			break;
+		}
+		if (limit && ++i == limit)
+		{
+			break;
+		}
+	}
+	signer->destroy(signer);
 
+	free(data.ptr);
+	free(key.ptr);
+	free(sig.ptr);
+
+	return ok;
+}
+
+int main(int argc, char *argv[])
+{
+	const proposal_token_t *token;
+	u_int limit = 0, len = 1024;
+	bool ok;
 
 	library_init(NULL, "crypt_burn");
-	lib->plugins->load(lib->plugins, PLUGINS);
+	lib->plugins->load(lib->plugins, getenv("PLUGINS") ?: PLUGINS);
 	atexit(library_deinit);
 
-	printf("loaded: %s\n", PLUGINS);
-
-	memset(buffer, 0x12, sizeof(buffer));
-	memset(assoc, 0x34, sizeof(assoc));
-	memset(iv, 0x56, sizeof(iv));
+	fprintf(stderr, "loaded: %s\n", lib->plugins->loaded_plugins(lib->plugins));
 
 	if (argc < 2)
 	{
-		fprintf(stderr, "usage: %s <algorithm>!\n", argv[0]);
+		fprintf(stderr, "usage: %s <algorithm> [buflen=%u] [rounds=%u]\n",
+				argv[0], len, limit);
 		return 1;
 	}
 	if (argc > 2)
 	{
-		limit = atoi(argv[2]);
+		len = atoi(argv[2]);
+	}
+	if (argc > 3)
+	{
+		limit = atoi(argv[3]);
 	}
 
 	token = lib->proposal->get_token(lib->proposal, argv[1]);
@@ -52,76 +208,26 @@ int main(int argc, char *argv[])
 		fprintf(stderr, "algorithm '%s' unknown!\n", argv[1]);
 		return 1;
 	}
-	if (token->type != ENCRYPTION_ALGORITHM)
-	{
-		fprintf(stderr, "'%s' is not an encryption/aead algorithm!\n", argv[1]);
-		return 1;
-	}
 
-	if (encryption_algorithm_is_aead(token->algorithm))
+	switch (token->type)
 	{
-		aead = lib->crypto->create_aead(lib->crypto,
-									token->algorithm, token->keysize / 8, 0);
-		if (!aead)
-		{
-			fprintf(stderr, "aead '%s' not supported!\n", argv[1]);
-			return 1;
-		}
-		while (TRUE)
-		{
-			if (!aead->encrypt(aead,
-				chunk_create(buffer, sizeof(buffer) - aead->get_icv_size(aead)),
-				chunk_from_thing(assoc),
-				chunk_create(iv, aead->get_iv_size(aead)), NULL))
+		case ENCRYPTION_ALGORITHM:
+			if (encryption_algorithm_is_aead(token->algorithm))
 			{
-				fprintf(stderr, "aead encryption failed!\n");
-				return 1;
+				ok = burn_aead(token, limit, len);
 			}
-			if (!aead->decrypt(aead, chunk_create(buffer, sizeof(buffer)),
-				chunk_from_thing(assoc),
-				chunk_create(iv, aead->get_iv_size(aead)), NULL))
+			else
 			{
-				fprintf(stderr, "aead integrity check failed!\n");
-				return 1;
+				ok = burn_crypter(token, limit, len);
 			}
-			if (limit && ++i == limit)
-			{
-				break;
-			}
-		}
-		aead->destroy(aead);
-	}
-	else
-	{
-		crypter = lib->crypto->create_crypter(lib->crypto,
-										token->algorithm, token->keysize / 8);
-		if (!crypter)
-		{
-			fprintf(stderr, "crypter '%s' not supported!\n", argv[1]);
-			return 1;
-		}
-		bs = crypter->get_block_size(crypter);
-
-		while (TRUE)
-		{
-			if (!crypter->encrypt(crypter,
-					chunk_create(buffer, sizeof(buffer) / bs * bs),
-					chunk_create(iv, crypter->get_iv_size(crypter)), NULL))
-			{
-				continue;
-			}
-			if (!crypter->decrypt(crypter,
-					chunk_create(buffer, sizeof(buffer) / bs * bs),
-					chunk_create(iv, crypter->get_iv_size(crypter)), NULL))
-			{
-				continue;
-			}
-			if (limit && ++i == limit)
-			{
-				break;
-			}
-		}
-		crypter->destroy(crypter);
+			break;
+		case INTEGRITY_ALGORITHM:
+			ok = burn_signer(token, limit, len);
+			break;
+		default:
+			fprintf(stderr, "'%s' is not a crypter/aead algorithm!\n", argv[1]);
+			ok = FALSE;
+			break;
 	}
-	return 0;
+	return !ok;
 }
author	Yves-Alexis Perez <corsac@debian.org>	2015-06-01 14:46:30 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2015-06-01 14:46:30 +0200
commit	fc556ec2bc92a9d476c11406fad2c33db8bf7cb0 (patch)
tree	7360889e50de867d72741213d534a756c73902c8 /scripts/crypt_burn.c
parent	83b8aebb19fe6e49e13a05d4e8f5ab9a06177642 (diff)
download	vyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.tar.gz vyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.zip