From 8c8a47cd542e60381773fe23f2075aa5b896be4f Mon Sep 17 00:00:00 2001 From: Eugene Crosser Date: Thu, 31 Oct 2013 03:02:23 +0400 Subject: [PATCH] wip on crypto --- crypto.c | 10 ++++- crypto.h | 1 + ossl_crypto.c | 21 +++++++-- pcsc_cr.c | 3 ++ test_cr.c | 3 ++ test_crypto.c | 121 +++++++++++++++++++++++++++++++++++++++----------- tom_crypto.c | 4 +- ykneo.c | 3 ++ 8 files changed, 135 insertions(+), 31 deletions(-) diff --git a/crypto.c b/crypto.c index 282a713..b524f8a 100644 --- a/crypto.c +++ b/crypto.c @@ -1,3 +1,6 @@ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif #include #include "crypto.h" #include "crypto_if.h" @@ -25,6 +28,12 @@ int select_crypto_if(int ifno) return 0; } +const char *if_name(int ifno) +{ + if (ifno < 0 || ifno > MAX_IF) return "invalid index"; + return ifs[ifno]->name; +} + static unsigned char iv[16] = {0}; unsigned long encrypt(void *key, int keylen, void *pt, void *ct, int tlen) @@ -47,7 +56,6 @@ unsigned long hash(void *pt, int tlen, void *tag, int *taglen) unsigned long hmac(void *key, int keylen, void *pt, int tlen, void *tag, int *taglen) { - assert(keylen == 20); assert(*taglen == 20); return ifs[which]->hmac(key, keylen, pt, tlen, tag, taglen); } diff --git a/crypto.h b/crypto.h index 06d7cd5..f0f709d 100644 --- a/crypto.h +++ b/crypto.h @@ -2,6 +2,7 @@ #define _CRYPTO_H int select_crypto_if(int ifno); +const char *if_name(int ifno); unsigned long encrypt(void *key, int keylen, void *pt, void *ct, int tlen); unsigned long decrypt(void *key, int keylen, void *ct, void *pt, int tlen); unsigned long hash(void *pt, int tlen, void *tag, int *taglen); diff --git a/ossl_crypto.c b/ossl_crypto.c index a7fc515..4fdbcf3 100644 --- a/ossl_crypto.c +++ b/ossl_crypto.c @@ -1,3 +1,6 @@ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif #include #include #include @@ -12,6 +15,8 @@ static unsigned long ossl_encrypt(void *key, int keylen, void *iv, int outlen1, outlen2; unsigned char hkey[16]; + ERR_load_crypto_strings(); /* FIXME */ + if (EVP_BytesToKey(EVP_aes_128_cbc(), EVP_sha1(), NULL, key, keylen, 5, hkey, NULL) != 16) return 1UL; if (!EVP_EncryptInit(&ctx, EVP_aes_128_cbc(), hkey, iv)) @@ -20,7 +25,11 @@ static unsigned long ossl_encrypt(void *key, int keylen, void *iv, return ERR_get_error(); if (!EVP_EncryptFinal(&ctx, ct + outlen1, &outlen2)) return ERR_get_error(); - if (outlen1 + outlen2 != tlen) return 1UL; + if (outlen1 + outlen2 != tlen) { + printf("enc tlen =%d outlen1=%d outlen2=%d\n", + tlen, outlen1, outlen2); + // return 1UL; + } return 0UL; } @@ -39,7 +48,11 @@ static unsigned long ossl_decrypt(void *key, int keylen, void *iv, return ERR_get_error(); if (!EVP_DecryptFinal(&ctx, ct + outlen1, &outlen2)) return ERR_get_error(); - if (outlen1 + outlen2 != tlen) return 1UL; + if (outlen1 + outlen2 != tlen) { + printf("dec tlen =%d outlen1=%d outlen2=%d\n", + tlen, outlen1, outlen2); + // return 1UL; + } return 0UL; } @@ -50,7 +63,7 @@ static unsigned long ossl_hash(void *pt, int tlen, void *tag, int *taglen) if (!SHA1_Init(&sctx)) return ERR_get_error(); if (!SHA1_Update(&sctx, pt, tlen)) return ERR_get_error(); if (!SHA1_Final(tag, &sctx)) return ERR_get_error(); - *taglen = 160; + *taglen = 20; return 0UL; } @@ -60,7 +73,7 @@ static unsigned long ossl_hmac(void *pt, int tlen, void *key, int keylen, HMAC_CTX hctx; HMAC_CTX_init(&hctx); - if (!HMAC_Init(&hctx, key, keylen, EVP_sha1())) return ERR_get_error(); + if (!HMAC_Init_ex(&hctx, key, keylen, EVP_sha1(), NULL)) return ERR_get_error(); if (!HMAC_Update(&hctx, pt, tlen)) return ERR_get_error(); if (!HMAC_Final(&hctx, tag, (unsigned int *)taglen)) return ERR_get_error(); diff --git a/pcsc_cr.c b/pcsc_cr.c index 03a05d0..52a18e7 100644 --- a/pcsc_cr.c +++ b/pcsc_cr.c @@ -1,3 +1,6 @@ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif #include #include #include diff --git a/test_cr.c b/test_cr.c index 9415406..43991d1 100644 --- a/test_cr.c +++ b/test_cr.c @@ -1,3 +1,6 @@ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif #include #include #include diff --git a/test_crypto.c b/test_crypto.c index 695c4fe..fe762cf 100644 --- a/test_crypto.c +++ b/test_crypto.c @@ -1,20 +1,13 @@ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif #include #include #include #include #include "crypto.h" -unsigned char pt[48] = "the quick brown fox jumps over a lazy dog"; -unsigned char key[16] = { -0x0f,0x65,0xd1,0x3a,0xfe,0xcb,0xc4,0xb9,0x52,0xb1,0x60,0xcf,0xe8,0x55,0x6a,0xdd -}; - -static void usage(const char const *cmd) -{ - fprintf(stderr, "usage: %s\n", cmd); -} - -#define printh(p,x) printh_f(p, x, sizeof(x)) +#define printh(x) printh_f(#x, x, sizeof(x)) void printh_f(char *p, unsigned char *x, size_t l) { int i; @@ -23,23 +16,101 @@ void printh_f(char *p, unsigned char *x, size_t l) printf("\n"); } -int main(int argc, char *argv[]) +int test_enc_dec(int iface1, int iface2) { unsigned long err; - unsigned char ct1[48], re1[48]; - unsigned char sha1[20], sha2[20]; - unsigned char hmac1[20], hmac2[20]; - - printf("source: %s\n", pt); - printh("source", pt); - printh("key", key); - if (select_crypto_if(0)) return 1; - if (err = encrypt(key, sizeof(key), pt, ct1, sizeof(pt))) + unsigned char pt[48] = "the quick brown fox jumps over a lazy dog"; + unsigned char key[16] = {0x0f,0x65,0xd1,0x3a,0xfe,0xcb,0xc4,0xb9, + 0x52,0xb1,0x60,0xcf,0xe8,0x55,0x6a,0xdd}; + unsigned char ct[64]; + unsigned char re[48]; + + printf("%d -> %d\n", iface1, iface2); + printh(pt); + printh(key); + if (select_crypto_if(iface1)) return 1; + if ((err = encrypt(key, sizeof(key), pt, ct, sizeof(pt)))) { printf("encrypt error: %s\n", crypto_errstr(err)); - printh("ct1", ct1); - if (err = decrypt(key, sizeof(key), ct1, re1, sizeof(re1))) + return 1; + } + printh(ct); + if (select_crypto_if(iface2)) return 1; + if ((err = decrypt(key, sizeof(key), ct, re, sizeof(ct)))) { printf("decrypt error: %s\n", crypto_errstr(err)); - printh("re1", re1); - if (select_crypto_if(1)) return 1; + return 1; + } + printh(re); + if (memcmp(pt, re, sizeof(pt))) { + printf("fail\n"); + return 1; + } + return 0; +} + +int test_sha(int iface) +{ + unsigned char sha1[20]; + unsigned long err; + int shalen; + unsigned char spt[3] = "abc"; + unsigned char sstd[20] = {0xA9,0x99,0x3E,0x36,0x47,0x06,0x81,0x6A, + 0xBA,0x3E,0x25,0x71,0x78,0x50,0xC2,0x6C,0x9C,0xD0,0xD8,0x9D}; + + if (select_crypto_if(iface)) return 1; + shalen = 20; + if ((err = hash(spt, sizeof(spt), sha1, &shalen))) { + printf("hash error: %s\n", crypto_errstr(err)); + return 1; + } + printf("%d: len=%d ", iface, shalen); + printh(sha1); + if (memcmp(sha1, sstd, sizeof(sstd))) { + printf("fail\n"); + return 1; + } return 0; } + +int test_hmac(int iface) +{ + unsigned char hmac1[20]; + unsigned long err; + int hmaclen; + unsigned char hpt[28] = "what do ya want for nothing?"; + unsigned char hkey[4] = "Jefe"; + unsigned char hstd[20] = {0xef,0xfc,0xdf,0x6a,0xe5,0xeb,0x2f,0xa2, + 0xd2,0x74,0x16,0xd5,0xf1,0x84,0xdf,0x9c,0x25,0x9a,0x7c,0x79}; + + if (select_crypto_if(iface)) return 1; + hmaclen = 20; + if ((err = hmac(hkey, sizeof(hkey), hpt, sizeof(hpt), + hmac1, &hmaclen))) { + printf("hash error: %s\n", crypto_errstr(err)); + return 1; + } + printf("%d: len=%d ", iface, hmaclen); + printh(hmac1); + if (memcmp(hmac1, hstd, sizeof(hstd))) { + printf("fail\n"); + return 1; + } + return 0; +} + +int main(int argc, char *argv[]) +{ + int rc, maxrc = 0; + int numifs, i, j; + + for (numifs = 0; select_crypto_if(numifs) == 0; numifs++) + printf("%d: %s\n", numifs, if_name(numifs)); + printf("Testing %d interfaces\n", numifs); + + for (i = 0; i < numifs; i++) + if ((rc = test_sha(i)) > maxrc) maxrc = rc; + for (i = 0; i < numifs; i++) + if ((rc = test_hmac(i)) > maxrc) maxrc = rc; + for (i = 0; i < numifs; i++) for (j = 0; j < numifs; j++) + if ((rc = test_enc_dec(i,j)) > maxrc) maxrc = rc; + return maxrc; +} diff --git a/tom_crypto.c b/tom_crypto.c index 97a18e1..d774333 100644 --- a/tom_crypto.c +++ b/tom_crypto.c @@ -1,3 +1,6 @@ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif #include #include "crypto_if.h" @@ -50,7 +53,6 @@ static unsigned long tom_hmac(void *key, int keylen, int index, rc; unsigned long ltaglen = *taglen; - if (keylen != 20) return CRYPT_INVALID_KEYSIZE; if ((index = register_hash(&sha1_desc)) == -1) return CRYPT_INVALID_HASH; rc = hmac_memory(index, key, keylen, pt, tlen, tag, <aglen); diff --git a/ykneo.c b/ykneo.c index 2510e18..5a153a5 100644 --- a/ykneo.c +++ b/ykneo.c @@ -1,3 +1,6 @@ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif #include #include #include -- 2.39.2