]> git.ipfire.org Git - people/ms/strongswan.git/blame - scripts/crypt_burn.c
Merge branch 'utils-split'
[people/ms/strongswan.git] / scripts / crypt_burn.c
CommitLineData
f3af4969
TB
1/*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
37e52c3f
MW
15
16#include <stdio.h>
17#include <library.h>
37e52c3f 18
3935d812 19static int burn_crypter(const proposal_token_t *token, u_int limit, u_int len)
5da79478 20{
466d560a 21 chunk_t iv, key, data;
5da79478
MW
22 crypter_t *crypter;
23 int i = 0;
24 bool ok;
25
26 crypter = lib->crypto->create_crypter(lib->crypto, token->algorithm,
27 token->keysize / 8);
28 if (!crypter)
29 {
30 fprintf(stderr, "%N-%zu not supported\n",
31 encryption_algorithm_names, token->algorithm, token->keysize);
32 return FALSE;
33 }
34
35 iv = chunk_alloc(crypter->get_iv_size(crypter));
36 memset(iv.ptr, 0xFF, iv.len);
3935d812 37 data = chunk_alloc(round_up(len, crypter->get_block_size(crypter)));
5da79478 38 memset(data.ptr, 0xDD, data.len);
466d560a
MW
39 key = chunk_alloc(crypter->get_key_size(crypter));
40 memset(key.ptr, 0xAA, key.len);
5da79478 41
466d560a 42 ok = crypter->set_key(crypter, key);
5da79478
MW
43 while (ok)
44 {
45 if (!crypter->encrypt(crypter, data, iv, NULL))
46 {
47 fprintf(stderr, "encryption failed!\n");
48 ok = FALSE;
49 break;
50 }
51 if (!crypter->decrypt(crypter, data, iv, NULL))
52 {
53 fprintf(stderr, "decryption failed!\n");
54 ok = FALSE;
55 break;
56 }
57 if (limit && ++i == limit)
58 {
59 break;
60 }
61 }
62 crypter->destroy(crypter);
63
64 free(iv.ptr);
65 free(data.ptr);
466d560a 66 free(key.ptr);
5da79478
MW
67
68 return ok;
69}
70
3935d812 71static bool burn_aead(const proposal_token_t *token, u_int limit, u_int len)
5da79478 72{
466d560a 73 chunk_t iv, key, data, dataicv, assoc;
5da79478
MW
74 aead_t *aead;
75 int i = 0;
76 bool ok;
77
78 aead = lib->crypto->create_aead(lib->crypto, token->algorithm,
79 token->keysize / 8, 0);
80 if (!aead)
81 {
82 fprintf(stderr, "%N-%zu not supported\n",
83 encryption_algorithm_names, token->algorithm, token->keysize);
84 return FALSE;
85 }
86
87 iv = chunk_alloc(aead->get_iv_size(aead));
88 memset(iv.ptr, 0xFF, iv.len);
3935d812 89 dataicv = chunk_alloc(round_up(len, aead->get_block_size(aead)) +
5da79478
MW
90 aead->get_icv_size(aead));
91 data = chunk_create(dataicv.ptr, dataicv.len - aead->get_icv_size(aead));
92 memset(data.ptr, 0xDD, data.len);
93 assoc = chunk_alloc(13);
94 memset(assoc.ptr, 0xCC, assoc.len);
466d560a
MW
95 key = chunk_alloc(aead->get_key_size(aead));
96 memset(key.ptr, 0xAA, key.len);
5da79478 97
466d560a 98 ok = aead->set_key(aead, key);
5da79478
MW
99 while (ok)
100 {
101 if (!aead->encrypt(aead, data, assoc, iv, NULL))
102 {
103 fprintf(stderr, "aead encryption failed!\n");
104 ok = FALSE;
105 break;
106 }
107 if (!aead->decrypt(aead, dataicv, assoc, iv, NULL))
108 {
109 fprintf(stderr, "aead integrity check failed!\n");
110 ok = FALSE;
111 break;
112 }
113 if (limit && ++i == limit)
114 {
115 break;
116 }
117 }
118 aead->destroy(aead);
119
120 free(iv.ptr);
121 free(data.ptr);
466d560a 122 free(key.ptr);
5da79478
MW
123
124 return ok;
125}
126
22d0c934
MW
127static int burn_signer(const proposal_token_t *token, u_int limit, u_int len)
128{
129 chunk_t key, data, sig;
130 signer_t *signer;
131 int i = 0;
132 bool ok;
133
134 signer = lib->crypto->create_signer(lib->crypto, token->algorithm);
135 if (!signer)
136 {
137 fprintf(stderr, "%N not supported\n",
138 integrity_algorithm_names, token->algorithm);
139 return FALSE;
140 }
141
142 data = chunk_alloc(len);
143 memset(data.ptr, 0xDD, data.len);
144 key = chunk_alloc(signer->get_key_size(signer));
145 memset(key.ptr, 0xAA, key.len);
146 sig = chunk_alloc(signer->get_block_size(signer));
147
148 ok = signer->set_key(signer, key);
149 while (ok)
150 {
151 if (!signer->get_signature(signer, data, sig.ptr))
152 {
153 fprintf(stderr, "creating signature failed!\n");
154 ok = FALSE;
155 break;
156 }
157 if (!signer->verify_signature(signer, data, sig))
158 {
159 fprintf(stderr, "verifying signature failed!\n");
160 ok = FALSE;
161 break;
162 }
163 if (limit && ++i == limit)
164 {
165 break;
166 }
167 }
168 signer->destroy(signer);
169
170 free(data.ptr);
171 free(key.ptr);
172 free(sig.ptr);
173
174 return ok;
175}
176
37e52c3f
MW
177int main(int argc, char *argv[])
178{
179 const proposal_token_t *token;
3935d812 180 u_int limit = 0, len = 1024;
5da79478 181 bool ok;
37e52c3f 182
34d3bfcf 183 library_init(NULL, "crypt_burn");
d5ce572d 184 lib->plugins->load(lib->plugins, getenv("PLUGINS") ?: PLUGINS);
37e52c3f
MW
185 atexit(library_deinit);
186
d5ce572d 187 fprintf(stderr, "loaded: %s\n", lib->plugins->loaded_plugins(lib->plugins));
37e52c3f 188
37e52c3f
MW
189 if (argc < 2)
190 {
3935d812
MW
191 fprintf(stderr, "usage: %s <algorithm> [buflen=%u] [rounds=%u]\n",
192 argv[0], len, limit);
37e52c3f
MW
193 return 1;
194 }
195 if (argc > 2)
196 {
3935d812
MW
197 len = atoi(argv[2]);
198 }
199 if (argc > 3)
200 {
201 limit = atoi(argv[3]);
37e52c3f
MW
202 }
203
4c57c630 204 token = lib->proposal->get_token(lib->proposal, argv[1]);
37e52c3f
MW
205 if (!token)
206 {
207 fprintf(stderr, "algorithm '%s' unknown!\n", argv[1]);
208 return 1;
209 }
37e52c3f 210
5da79478 211 switch (token->type)
37e52c3f 212 {
5da79478
MW
213 case ENCRYPTION_ALGORITHM:
214 if (encryption_algorithm_is_aead(token->algorithm))
e2ed7bfd 215 {
3935d812 216 ok = burn_aead(token, limit, len);
e2ed7bfd 217 }
5da79478 218 else
37e52c3f 219 {
3935d812 220 ok = burn_crypter(token, limit, len);
37e52c3f 221 }
5da79478 222 break;
22d0c934
MW
223 case INTEGRITY_ALGORITHM:
224 ok = burn_signer(token, limit, len);
225 break;
5da79478
MW
226 default:
227 fprintf(stderr, "'%s' is not a crypter/aead algorithm!\n", argv[1]);
228 ok = FALSE;
229 break;
37e52c3f 230 }
5da79478 231 return !ok;
37e52c3f 232}