2 * Copyright (C) 2010 Martin Willi
4 * Copyright (C) secunet Security Networks AG
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 static int burn_crypter(const proposal_token_t
*token
, u_int limit
, u_int len
)
22 chunk_t iv
, key
, data
;
27 crypter
= lib
->crypto
->create_crypter(lib
->crypto
, token
->algorithm
,
31 fprintf(stderr
, "%N-%zu not supported\n",
32 encryption_algorithm_names
, token
->algorithm
, token
->keysize
);
36 iv
= chunk_alloc(crypter
->get_iv_size(crypter
));
37 memset(iv
.ptr
, 0xFF, iv
.len
);
38 data
= chunk_alloc(round_up(len
, crypter
->get_block_size(crypter
)));
39 memset(data
.ptr
, 0xDD, data
.len
);
40 key
= chunk_alloc(crypter
->get_key_size(crypter
));
41 memset(key
.ptr
, 0xAA, key
.len
);
43 ok
= crypter
->set_key(crypter
, key
);
46 if (!crypter
->encrypt(crypter
, data
, iv
, NULL
))
48 fprintf(stderr
, "encryption failed!\n");
52 if (!crypter
->decrypt(crypter
, data
, iv
, NULL
))
54 fprintf(stderr
, "decryption failed!\n");
58 if (limit
&& ++i
== limit
)
63 crypter
->destroy(crypter
);
72 static bool burn_aead(const proposal_token_t
*token
, u_int limit
, u_int len
)
74 chunk_t iv
, key
, data
, dataicv
, assoc
;
79 aead
= lib
->crypto
->create_aead(lib
->crypto
, token
->algorithm
,
80 token
->keysize
/ 8, 0);
83 fprintf(stderr
, "%N-%zu not supported\n",
84 encryption_algorithm_names
, token
->algorithm
, token
->keysize
);
88 iv
= chunk_alloc(aead
->get_iv_size(aead
));
89 memset(iv
.ptr
, 0xFF, iv
.len
);
90 dataicv
= chunk_alloc(round_up(len
, aead
->get_block_size(aead
)) +
91 aead
->get_icv_size(aead
));
92 data
= chunk_create(dataicv
.ptr
, dataicv
.len
- aead
->get_icv_size(aead
));
93 memset(data
.ptr
, 0xDD, data
.len
);
94 assoc
= chunk_alloc(13);
95 memset(assoc
.ptr
, 0xCC, assoc
.len
);
96 key
= chunk_alloc(aead
->get_key_size(aead
));
97 memset(key
.ptr
, 0xAA, key
.len
);
99 ok
= aead
->set_key(aead
, key
);
102 if (!aead
->encrypt(aead
, data
, assoc
, iv
, NULL
))
104 fprintf(stderr
, "aead encryption failed!\n");
108 if (!aead
->decrypt(aead
, dataicv
, assoc
, iv
, NULL
))
110 fprintf(stderr
, "aead integrity check failed!\n");
114 if (limit
&& ++i
== limit
)
129 static int burn_signer(const proposal_token_t
*token
, u_int limit
, u_int len
)
131 chunk_t key
, data
, sig
;
136 signer
= lib
->crypto
->create_signer(lib
->crypto
, token
->algorithm
);
139 fprintf(stderr
, "%N not supported\n",
140 integrity_algorithm_names
, token
->algorithm
);
144 data
= chunk_alloc(len
);
145 memset(data
.ptr
, 0xDD, data
.len
);
146 key
= chunk_alloc(signer
->get_key_size(signer
));
147 memset(key
.ptr
, 0xAA, key
.len
);
148 sig
= chunk_alloc(signer
->get_block_size(signer
));
150 ok
= signer
->set_key(signer
, key
);
153 if (!signer
->get_signature(signer
, data
, sig
.ptr
))
155 fprintf(stderr
, "creating signature failed!\n");
159 if (!signer
->verify_signature(signer
, data
, sig
))
161 fprintf(stderr
, "verifying signature failed!\n");
165 if (limit
&& ++i
== limit
)
170 signer
->destroy(signer
);
179 int main(int argc
, char *argv
[])
181 const proposal_token_t
*token
;
182 u_int limit
= 0, len
= 1024;
185 library_init(NULL
, "crypt_burn");
186 lib
->plugins
->load(lib
->plugins
, getenv("PLUGINS") ?: PLUGINS
);
187 atexit(library_deinit
);
189 fprintf(stderr
, "loaded: %s\n", lib
->plugins
->loaded_plugins(lib
->plugins
));
193 fprintf(stderr
, "usage: %s <algorithm> [buflen=%u] [rounds=%u]\n",
194 argv
[0], len
, limit
);
202 fprintf(stderr
, "buffer too large (1 GiB limit)\n");
208 limit
= atoi(argv
[3]);
211 token
= lib
->proposal
->get_token(lib
->proposal
, argv
[1]);
214 fprintf(stderr
, "algorithm '%s' unknown!\n", argv
[1]);
220 case ENCRYPTION_ALGORITHM
:
221 if (encryption_algorithm_is_aead(token
->algorithm
))
223 ok
= burn_aead(token
, limit
, len
);
227 ok
= burn_crypter(token
, limit
, len
);
230 case INTEGRITY_ALGORITHM
:
231 ok
= burn_signer(token
, limit
, len
);
234 fprintf(stderr
, "'%s' is not a crypter/aead algorithm!\n", argv
[1]);