Author: Antonio Borneo
Date: Wed Dec 4 14:40:55 2013
New Revision: 538
Log:
test-crypto: move crypted data out of code
The test program embeds encrypted binary data, but the
encryption key is not made available from the original
developer.
Move the binary data out of the code, so later we can
replace it with data encrypted under our control.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Added:
branches/vpnc-nortel/test/dec_data.bin
branches/vpnc-nortel/test/sig_data.bin
trunk/test/dec_data.bin
trunk/test/sig_data.bin
Modified:
branches/vpnc-nortel/Makefile
branches/vpnc-nortel/test-crypto.c
trunk/Makefile
trunk/test-crypto.c
Modified: branches/vpnc-nortel/Makefile
==============================================================================
--- branches/vpnc-nortel/Makefile (original)
+++ branches/vpnc-nortel/Makefile Wed Dec 4 14:40:55 2013
@@ -114,8 +114,8 @@
rm -rf vpnc-$*
test : all
- ./test-crypto test/cert.pem test/cert1.pem test/cert2.pem test/root.pem
- #./test-crypto test/cert.pem test/cert0.crt test/cert1.crt test/cert2.crt test/root.crt
+ ./test-crypto test/sig_data.bin test/dec_data.bin \
+ test/cert.pem test/cert1.pem test/cert2.pem test/root.pem
dist : VERSION vpnc.8 vpnc-$(RELEASE_VERSION).tar.gz
Modified: branches/vpnc-nortel/test-crypto.c
==============================================================================
--- branches/vpnc-nortel/test-crypto.c (original)
+++ branches/vpnc-nortel/test-crypto.c Wed Dec 4 14:40:55 2013
@@ -16,6 +16,7 @@
*/
#include <stdio.h>
+#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>
@@ -25,55 +26,64 @@
#include <stdlib.h>
#include "crypto.h"
+static unsigned char *read_binfile(const char *filename, size_t *len)
+{
+ int fd, ret;
+ struct stat s;
+ unsigned char *b;
+
+ if (filename == NULL || len ==NULL)
+ return NULL;
+
+ fd = open(filename, O_RDONLY);
+ if (fd < 0) {
+ fprintf(stderr, "Error opening file %s\n", filename);
+ return NULL;
+ }
+
+ ret = fstat(fd, &s);
+ if (ret < 0) {
+ fprintf(stderr, "Error while stat() file %s\n", filename);
+ close(fd);
+ return NULL;
+ }
+ if (s.st_size == 0) {
+ fprintf(stderr, "Empty file %s\n", filename);
+ close(fd);
+ return NULL;
+ }
+
+ b = malloc(s.st_size);
+ if (b == NULL) {
+ fprintf(stderr, "Error allocating memory\n");
+ close(fd);
+ return NULL;
+ }
+
+ ret = read(fd, b, s.st_size);
+ if (ret != s.st_size) {
+ fprintf(stderr, "Error reading file %s\n", filename);
+ free(b);
+ close(fd);
+ return NULL;
+ }
+
+ close(fd);
+ *len = s.st_size;
+ return b;
+}
+
int main(int argc, char *argv[])
{
crypto_ctx *cctx;
crypto_error *error = NULL;
int i;
unsigned char *data;
- size_t size = 0;
- const unsigned char sig_data[] = {
- 0x30, 0x82, 0x04, 0xb5, 0x30, 0x82, 0x03, 0x9d, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x02,
- 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00, 0x30,
- 0x81, 0x9f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
- 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b, 0x73, 0x68,
+ size_t size = 0, sig_len, dec_len;
+ unsigned char *sig_data, *dec_data;
- 0x69, 0x72, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4e, 0x65,
- 0x77, 0x62, 0x75, 0x72, 0x79, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e,
- 0x4d, 0x79, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x08, 0x54, 0x68, 0x65, 0x20, 0x55, 0x6e, 0x69,
-
- 0x74, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x74, 0x65, 0x73, 0x74,
- 0x2e, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x21,
- 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x74,
- 0x65, 0x73, 0x74, 0x40, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72,
-
- 0x67, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x39, 0x30, 0x34, 0x32, 0x38, 0x30, 0x32, 0x35, 0x30, 0x35,
- 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x34, 0x32, 0x36, 0x30, 0x32, 0x35, 0x30, 0x35, 0x32,
- 0x5a, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
- 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b,
- };
- const unsigned char dec_data[] = {
- 0x7c, 0x2a, 0xe4, 0x60, 0x10, 0x9f, 0xab, 0xd6, 0x76, 0x7b, 0x9d, 0x16, 0xbb, 0xd3, 0x16, 0xa3,
- 0x61, 0x50, 0x56, 0x13, 0xe4, 0x61, 0x0e, 0x90, 0x71, 0x5c, 0x47, 0xae, 0x4a, 0xc2, 0x89, 0xf8,
- 0x47, 0x61, 0x4c, 0x3f, 0xd6, 0x11, 0x97, 0xb7, 0x0d, 0x84, 0x86, 0xdd, 0xe9, 0x6d, 0x3e, 0x89,
- 0xe0, 0x4f, 0x7a, 0x95, 0x3f, 0x6e, 0xe4, 0xcd, 0xb2, 0x80, 0x3e, 0x19, 0x3e, 0x97, 0x7c, 0xdf,
- 0xd5, 0xff, 0xcb, 0x90, 0xfb, 0x71, 0x9c, 0xef, 0xa1, 0xf6, 0x8c, 0x36, 0xb3, 0x1f, 0x63, 0x7f,
- 0x32, 0xf5, 0x00, 0x12, 0x5e, 0x13, 0x84, 0x88, 0xe3, 0x13, 0x1c, 0x11, 0x2d, 0x9a, 0xd7, 0xec,
- 0x51, 0x94, 0x20, 0x6e, 0x8f, 0x69, 0xdf, 0x07, 0xe9, 0x46, 0x3b, 0xd9, 0x1c, 0x0a, 0xc0, 0x60,
- 0x90, 0x3a, 0x9a, 0x18, 0xa8, 0x19, 0xc6, 0x78, 0xc9, 0xf3, 0x1a, 0xbb, 0xca, 0xa8, 0xb5, 0x05,
- 0x6b, 0xa8, 0xfb, 0xeb, 0xdd, 0x19, 0x56, 0xc4, 0xfe, 0x7c, 0x84, 0xb1, 0xfd, 0x92, 0xbd, 0xe2,
- 0xb2, 0x94, 0x57, 0x3d, 0x03, 0x0a, 0xf1, 0xee, 0xca, 0xec, 0x8a, 0x0f, 0xb6, 0x23, 0x0b, 0x44,
- 0x14, 0x0d, 0xe0, 0xb1, 0x68, 0x38, 0x56, 0x7c, 0x66, 0x60, 0x8f, 0x54, 0x8b, 0x5c, 0x80, 0x37,
- 0x94, 0x27, 0x89, 0x47, 0x2c, 0x24, 0x45, 0x6b, 0x76, 0xdd, 0xfb, 0xf1, 0x31, 0xef, 0x7f, 0xa4,
- 0xba, 0x95, 0x4b, 0x91, 0x9c, 0x86, 0xa6, 0x48, 0xa2, 0x5a, 0x41, 0x64, 0x31, 0x14, 0x80, 0x6b,
- 0xb3, 0x0d, 0x46, 0x14, 0xb2, 0x61, 0x49, 0x81, 0xf5, 0x14, 0x2e, 0x1c, 0x3b, 0x7b, 0xc2, 0x23,
- 0x9d, 0x31, 0x66, 0x49, 0x56, 0x50, 0x69, 0x69, 0x5a, 0x5c, 0x82, 0x68, 0x96, 0x04, 0xc1, 0x76,
- 0x18, 0x19, 0x13, 0x95, 0xad, 0xbd, 0x5f, 0x96, 0x6d, 0xfe, 0xde, 0x65, 0x6a, 0x78, 0x47, 0x63,
- };
-
- if (argc < 4) {
- fprintf(stderr, "Need at least 3 arguments: <ca> <cert1> <server>\n");
+ if (argc < 6) {
+ fprintf(stderr, "Need at least 5 arguments: <sig> <dec> <ca> <cert1> <server>\n");
return 1;
}
@@ -84,7 +94,7 @@
}
/* Load certificates */
- for (i = 2; i < argc; i++) {
+ for (i = 4; i < argc; i++) {
data = crypto_read_cert(argv[i], &size, &error);
if (!data) {
fprintf(stderr, "Error reading cert %d: %s\n", i + 1, error->msg);
@@ -99,30 +109,50 @@
}
/* Verify the cert chain */
- if (crypto_verify_chain(cctx, argv[1], NULL, &error) != 0) {
+ if (crypto_verify_chain(cctx, argv[3], NULL, &error) != 0) {
fprintf(stderr, "Error verifying chain: %s\n", error && error->msg ? error->msg : "(none)");
return error->code;
}
/* Decrypt something using the public key of the server certificate */
+ sig_data = read_binfile(argv[1], &sig_len);
+ if (sig_data == NULL)
+ return 1;
+
+ dec_data = read_binfile(argv[2], &dec_len);
+ if (dec_data == NULL) {
+ free(sig_data);
+ return 1;
+ }
+
size = 0;
- data = crypto_decrypt_signature(cctx, &sig_data[0], sizeof(sig_data), &size, CRYPTO_PAD_NONE, &error);
+ data = crypto_decrypt_signature(cctx, &sig_data[0], sig_len, &size, CRYPTO_PAD_NONE, &error);
if (!data || !size) {
fprintf(stderr, "Error decrypting signature: %s\n", error && error->msg ? error->msg : "(none)");
+ free(dec_data);
+ free(sig_data);
return error->code;
}
- if (size != sizeof(dec_data)) {
+ if (size != dec_len) {
fprintf(stderr, "Error decrypting signature: unexpected "
- "decrypted size %zd (expected %zu)\n", size, sizeof(dec_data));
+ "decrypted size %zd (expected %zu)\n", size, dec_len);
+ free(dec_data);
+ free(sig_data);
+ free(data);
return 1;
}
- if (memcmp(data, dec_data, sizeof(dec_data))) {
+ if (memcmp(data, dec_data, dec_len)) {
fprintf(stderr, "Error decrypting signature: decrypted data did"
" not match expected decrypted data\n");
+ free(dec_data);
+ free(sig_data);
+ free(data);
return 1;
}
+ free(dec_data);
+ free(sig_data);
free(data);
fprintf(stdout, "Success\n");
Added: branches/vpnc-nortel/test/dec_data.bin
==============================================================================
--- branches/vpnc-nortel/test/dec_data.bin (added)
+++ branches/vpnc-nortel/test/dec_data.bin Wed Dec 4 14:40:55 2013
@@ -0,0 +1,3 @@
+|*ä`Ÿ«Öv{»ӣaPVäaÂq\G®J‰øGaL?֗· „†Ãém>‰à Oz•?näò€>>—|ßÕÿËÂûqœï¡öŒ6³c2õ+À`Â:š¨ÆxÉó»Ê¨µk¨ûëÃVÄþ|„±ý’½â²”W=
+ñîÊ슶#D à ±h8V|f`ÂT‹\€7”'‰G,$EkvÃûñ1鷺•K‘œ†¦H¢ZAd1€k³ F²aIÂõ.;{Â#Â1fIVPiiZ\‚h–Ãv•Â½_–mþÞejxGc
Added: branches/vpnc-nortel/test/sig_data.bin
==============================================================================
--- branches/vpnc-nortel/test/sig_data.bin (added)
+++ branches/vpnc-nortel/test/sig_data.bin Wed Dec 4 14:40:55 2013
@@ -0,0 +1,2 @@
+0‚µ0‚ 0 *†H†÷ +My Company Ltd10UThe Unit10Utest.somewhere.org1!0 *†H†÷ test@somewhere.org0 090428025052Z 190426025052Z0ÂÂ10 UUS10U Berk
Modified: trunk/Makefile
==============================================================================
--- trunk/Makefile (original)
+++ trunk/Makefile Wed Dec 4 14:40:55 2013
@@ -114,8 +114,8 @@
rm -rf vpnc-$*
test : all
- ./test-crypto test/cert.pem test/cert1.pem test/cert2.pem test/root.pem
- #./test-crypto test/cert.pem test/cert0.crt test/cert1.crt test/cert2.crt test/root.crt
+ ./test-crypto test/sig_data.bin test/dec_data.bin \
+ test/cert.pem test/cert1.pem test/cert2.pem test/root.pem
dist : VERSION vpnc.8 vpnc-$(RELEASE_VERSION).tar.gz
Modified: trunk/test-crypto.c
==============================================================================
--- trunk/test-crypto.c (original)
+++ trunk/test-crypto.c Wed Dec 4 14:40:55 2013
@@ -16,6 +16,7 @@
*/
#include <stdio.h>
+#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>
@@ -25,55 +26,64 @@
#include <stdlib.h>
#include "crypto.h"
+static unsigned char *read_binfile(const char *filename, size_t *len)
+{
+ int fd, ret;
+ struct stat s;
+ unsigned char *b;
+
+ if (filename == NULL || len ==NULL)
+ return NULL;
+
+ fd = open(filename, O_RDONLY);
+ if (fd < 0) {
+ fprintf(stderr, "Error opening file %s\n", filename);
+ return NULL;
+ }
+
+ ret = fstat(fd, &s);
+ if (ret < 0) {
+ fprintf(stderr, "Error while stat() file %s\n", filename);
+ close(fd);
+ return NULL;
+ }
+ if (s.st_size == 0) {
+ fprintf(stderr, "Empty file %s\n", filename);
+ close(fd);
+ return NULL;
+ }
+
+ b = malloc(s.st_size);
+ if (b == NULL) {
+ fprintf(stderr, "Error allocating memory\n");
+ close(fd);
+ return NULL;
+ }
+
+ ret = read(fd, b, s.st_size);
+ if (ret != s.st_size) {
+ fprintf(stderr, "Error reading file %s\n", filename);
+ free(b);
+ close(fd);
+ return NULL;
+ }
+
+ close(fd);
+ *len = s.st_size;
+ return b;
+}
+
int main(int argc, char *argv[])
{
crypto_ctx *cctx;
crypto_error *error = NULL;
int i;
unsigned char *data;
- size_t size = 0;
- const unsigned char sig_data[] = {
- 0x30, 0x82, 0x04, 0xb5, 0x30, 0x82, 0x03, 0x9d, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x02,
- 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00, 0x30,
- 0x81, 0x9f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
- 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b, 0x73, 0x68,
+ size_t size = 0, sig_len, dec_len;
+ unsigned char *sig_data, *dec_data;
- 0x69, 0x72, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4e, 0x65,
- 0x77, 0x62, 0x75, 0x72, 0x79, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e,
- 0x4d, 0x79, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x08, 0x54, 0x68, 0x65, 0x20, 0x55, 0x6e, 0x69,
-
- 0x74, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x74, 0x65, 0x73, 0x74,
- 0x2e, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x21,
- 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x74,
- 0x65, 0x73, 0x74, 0x40, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72,
-
- 0x67, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x39, 0x30, 0x34, 0x32, 0x38, 0x30, 0x32, 0x35, 0x30, 0x35,
- 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x34, 0x32, 0x36, 0x30, 0x32, 0x35, 0x30, 0x35, 0x32,
- 0x5a, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
- 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b,
- };
- const unsigned char dec_data[] = {
- 0x7c, 0x2a, 0xe4, 0x60, 0x10, 0x9f, 0xab, 0xd6, 0x76, 0x7b, 0x9d, 0x16, 0xbb, 0xd3, 0x16, 0xa3,
- 0x61, 0x50, 0x56, 0x13, 0xe4, 0x61, 0x0e, 0x90, 0x71, 0x5c, 0x47, 0xae, 0x4a, 0xc2, 0x89, 0xf8,
- 0x47, 0x61, 0x4c, 0x3f, 0xd6, 0x11, 0x97, 0xb7, 0x0d, 0x84, 0x86, 0xdd, 0xe9, 0x6d, 0x3e, 0x89,
- 0xe0, 0x4f, 0x7a, 0x95, 0x3f, 0x6e, 0xe4, 0xcd, 0xb2, 0x80, 0x3e, 0x19, 0x3e, 0x97, 0x7c, 0xdf,
- 0xd5, 0xff, 0xcb, 0x90, 0xfb, 0x71, 0x9c, 0xef, 0xa1, 0xf6, 0x8c, 0x36, 0xb3, 0x1f, 0x63, 0x7f,
- 0x32, 0xf5, 0x00, 0x12, 0x5e, 0x13, 0x84, 0x88, 0xe3, 0x13, 0x1c, 0x11, 0x2d, 0x9a, 0xd7, 0xec,
- 0x51, 0x94, 0x20, 0x6e, 0x8f, 0x69, 0xdf, 0x07, 0xe9, 0x46, 0x3b, 0xd9, 0x1c, 0x0a, 0xc0, 0x60,
- 0x90, 0x3a, 0x9a, 0x18, 0xa8, 0x19, 0xc6, 0x78, 0xc9, 0xf3, 0x1a, 0xbb, 0xca, 0xa8, 0xb5, 0x05,
- 0x6b, 0xa8, 0xfb, 0xeb, 0xdd, 0x19, 0x56, 0xc4, 0xfe, 0x7c, 0x84, 0xb1, 0xfd, 0x92, 0xbd, 0xe2,
- 0xb2, 0x94, 0x57, 0x3d, 0x03, 0x0a, 0xf1, 0xee, 0xca, 0xec, 0x8a, 0x0f, 0xb6, 0x23, 0x0b, 0x44,
- 0x14, 0x0d, 0xe0, 0xb1, 0x68, 0x38, 0x56, 0x7c, 0x66, 0x60, 0x8f, 0x54, 0x8b, 0x5c, 0x80, 0x37,
- 0x94, 0x27, 0x89, 0x47, 0x2c, 0x24, 0x45, 0x6b, 0x76, 0xdd, 0xfb, 0xf1, 0x31, 0xef, 0x7f, 0xa4,
- 0xba, 0x95, 0x4b, 0x91, 0x9c, 0x86, 0xa6, 0x48, 0xa2, 0x5a, 0x41, 0x64, 0x31, 0x14, 0x80, 0x6b,
- 0xb3, 0x0d, 0x46, 0x14, 0xb2, 0x61, 0x49, 0x81, 0xf5, 0x14, 0x2e, 0x1c, 0x3b, 0x7b, 0xc2, 0x23,
- 0x9d, 0x31, 0x66, 0x49, 0x56, 0x50, 0x69, 0x69, 0x5a, 0x5c, 0x82, 0x68, 0x96, 0x04, 0xc1, 0x76,
- 0x18, 0x19, 0x13, 0x95, 0xad, 0xbd, 0x5f, 0x96, 0x6d, 0xfe, 0xde, 0x65, 0x6a, 0x78, 0x47, 0x63,
- };
-
- if (argc < 4) {
- fprintf(stderr, "Need at least 3 arguments: <ca> <cert1> <server>\n");
+ if (argc < 6) {
+ fprintf(stderr, "Need at least 5 arguments: <sig> <dec> <ca> <cert1> <server>\n");
return 1;
}
@@ -84,7 +94,7 @@
}
/* Load certificates */
- for (i = 2; i < argc; i++) {
+ for (i = 4; i < argc; i++) {
data = crypto_read_cert(argv[i], &size, &error);
if (!data) {
fprintf(stderr, "Error reading cert %d: %s\n", i + 1, error->msg);
@@ -99,30 +109,50 @@
}
/* Verify the cert chain */
- if (crypto_verify_chain(cctx, argv[1], NULL, &error) != 0) {
+ if (crypto_verify_chain(cctx, argv[3], NULL, &error) != 0) {
fprintf(stderr, "Error verifying chain: %s\n", error && error->msg ? error->msg : "(none)");
return error->code;
}
/* Decrypt something using the public key of the server certificate */
+ sig_data = read_binfile(argv[1], &sig_len);
+ if (sig_data == NULL)
+ return 1;
+
+ dec_data = read_binfile(argv[2], &dec_len);
+ if (dec_data == NULL) {
+ free(sig_data);
+ return 1;
+ }
+
size = 0;
- data = crypto_decrypt_signature(cctx, &sig_data[0], sizeof(sig_data), &size, CRYPTO_PAD_NONE, &error);
+ data = crypto_decrypt_signature(cctx, &sig_data[0], sig_len, &size, CRYPTO_PAD_NONE, &error);
if (!data || !size) {
fprintf(stderr, "Error decrypting signature: %s\n", error && error->msg ? error->msg : "(none)");
+ free(dec_data);
+ free(sig_data);
return error->code;
}
- if (size != sizeof(dec_data)) {
+ if (size != dec_len) {
fprintf(stderr, "Error decrypting signature: unexpected "
- "decrypted size %zd (expected %zu)\n", size, sizeof(dec_data));
+ "decrypted size %zd (expected %zu)\n", size, dec_len);
+ free(dec_data);
+ free(sig_data);
+ free(data);
return 1;
}
- if (memcmp(data, dec_data, sizeof(dec_data))) {
+ if (memcmp(data, dec_data, dec_len)) {
fprintf(stderr, "Error decrypting signature: decrypted data did"
" not match expected decrypted data\n");
+ free(dec_data);
+ free(sig_data);
+ free(data);
return 1;
}
+ free(dec_data);
+ free(sig_data);
free(data);
fprintf(stdout, "Success\n");
Added: trunk/test/dec_data.bin
==============================================================================
--- trunk/test/dec_data.bin (added)
+++ trunk/test/dec_data.bin Wed Dec 4 14:40:55 2013
@@ -0,0 +1,3 @@
+|*ä`Ÿ«Öv{»ӣaPVäaÂq\G®J‰øGaL?֗· „†Ãém>‰à Oz•?näò€>>—|ßÕÿËÂûqœï¡öŒ6³c2õ+À`Â:š¨ÆxÉó»Ê¨µk¨ûëÃVÄþ|„±ý’½â²”W=
+ñîÊ슶#D à ±h8V|f`ÂT‹\€7”'‰G,$EkvÃûñ1鷺•K‘œ†¦H¢ZAd1€k³ F²aIÂõ.;{Â#Â1fIVPiiZ\‚h–Ãv•Â½_–mþÞejxGc
Added: trunk/test/sig_data.bin
==============================================================================
--- trunk/test/sig_data.bin (added)
+++ trunk/test/sig_data.bin Wed Dec 4 14:40:55 2013
@@ -0,0 +1,2 @@
+0‚µ0‚ 0 *†H†÷ +My Company Ltd10UThe Unit10Utest.somewhere.org1!0 *†H†÷ test@somewhere.org0 090428025052Z 190426025052Z0ÂÂ10 UUS10U Berk
_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/
Date: Wed Dec 4 14:40:55 2013
New Revision: 538
Log:
test-crypto: move crypted data out of code
The test program embeds encrypted binary data, but the
encryption key is not made available from the original
developer.
Move the binary data out of the code, so later we can
replace it with data encrypted under our control.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Added:
branches/vpnc-nortel/test/dec_data.bin
branches/vpnc-nortel/test/sig_data.bin
trunk/test/dec_data.bin
trunk/test/sig_data.bin
Modified:
branches/vpnc-nortel/Makefile
branches/vpnc-nortel/test-crypto.c
trunk/Makefile
trunk/test-crypto.c
Modified: branches/vpnc-nortel/Makefile
==============================================================================
--- branches/vpnc-nortel/Makefile (original)
+++ branches/vpnc-nortel/Makefile Wed Dec 4 14:40:55 2013
@@ -114,8 +114,8 @@
rm -rf vpnc-$*
test : all
- ./test-crypto test/cert.pem test/cert1.pem test/cert2.pem test/root.pem
- #./test-crypto test/cert.pem test/cert0.crt test/cert1.crt test/cert2.crt test/root.crt
+ ./test-crypto test/sig_data.bin test/dec_data.bin \
+ test/cert.pem test/cert1.pem test/cert2.pem test/root.pem
dist : VERSION vpnc.8 vpnc-$(RELEASE_VERSION).tar.gz
Modified: branches/vpnc-nortel/test-crypto.c
==============================================================================
--- branches/vpnc-nortel/test-crypto.c (original)
+++ branches/vpnc-nortel/test-crypto.c Wed Dec 4 14:40:55 2013
@@ -16,6 +16,7 @@
*/
#include <stdio.h>
+#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>
@@ -25,55 +26,64 @@
#include <stdlib.h>
#include "crypto.h"
+static unsigned char *read_binfile(const char *filename, size_t *len)
+{
+ int fd, ret;
+ struct stat s;
+ unsigned char *b;
+
+ if (filename == NULL || len ==NULL)
+ return NULL;
+
+ fd = open(filename, O_RDONLY);
+ if (fd < 0) {
+ fprintf(stderr, "Error opening file %s\n", filename);
+ return NULL;
+ }
+
+ ret = fstat(fd, &s);
+ if (ret < 0) {
+ fprintf(stderr, "Error while stat() file %s\n", filename);
+ close(fd);
+ return NULL;
+ }
+ if (s.st_size == 0) {
+ fprintf(stderr, "Empty file %s\n", filename);
+ close(fd);
+ return NULL;
+ }
+
+ b = malloc(s.st_size);
+ if (b == NULL) {
+ fprintf(stderr, "Error allocating memory\n");
+ close(fd);
+ return NULL;
+ }
+
+ ret = read(fd, b, s.st_size);
+ if (ret != s.st_size) {
+ fprintf(stderr, "Error reading file %s\n", filename);
+ free(b);
+ close(fd);
+ return NULL;
+ }
+
+ close(fd);
+ *len = s.st_size;
+ return b;
+}
+
int main(int argc, char *argv[])
{
crypto_ctx *cctx;
crypto_error *error = NULL;
int i;
unsigned char *data;
- size_t size = 0;
- const unsigned char sig_data[] = {
- 0x30, 0x82, 0x04, 0xb5, 0x30, 0x82, 0x03, 0x9d, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x02,
- 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00, 0x30,
- 0x81, 0x9f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
- 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b, 0x73, 0x68,
+ size_t size = 0, sig_len, dec_len;
+ unsigned char *sig_data, *dec_data;
- 0x69, 0x72, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4e, 0x65,
- 0x77, 0x62, 0x75, 0x72, 0x79, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e,
- 0x4d, 0x79, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x08, 0x54, 0x68, 0x65, 0x20, 0x55, 0x6e, 0x69,
-
- 0x74, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x74, 0x65, 0x73, 0x74,
- 0x2e, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x21,
- 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x74,
- 0x65, 0x73, 0x74, 0x40, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72,
-
- 0x67, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x39, 0x30, 0x34, 0x32, 0x38, 0x30, 0x32, 0x35, 0x30, 0x35,
- 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x34, 0x32, 0x36, 0x30, 0x32, 0x35, 0x30, 0x35, 0x32,
- 0x5a, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
- 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b,
- };
- const unsigned char dec_data[] = {
- 0x7c, 0x2a, 0xe4, 0x60, 0x10, 0x9f, 0xab, 0xd6, 0x76, 0x7b, 0x9d, 0x16, 0xbb, 0xd3, 0x16, 0xa3,
- 0x61, 0x50, 0x56, 0x13, 0xe4, 0x61, 0x0e, 0x90, 0x71, 0x5c, 0x47, 0xae, 0x4a, 0xc2, 0x89, 0xf8,
- 0x47, 0x61, 0x4c, 0x3f, 0xd6, 0x11, 0x97, 0xb7, 0x0d, 0x84, 0x86, 0xdd, 0xe9, 0x6d, 0x3e, 0x89,
- 0xe0, 0x4f, 0x7a, 0x95, 0x3f, 0x6e, 0xe4, 0xcd, 0xb2, 0x80, 0x3e, 0x19, 0x3e, 0x97, 0x7c, 0xdf,
- 0xd5, 0xff, 0xcb, 0x90, 0xfb, 0x71, 0x9c, 0xef, 0xa1, 0xf6, 0x8c, 0x36, 0xb3, 0x1f, 0x63, 0x7f,
- 0x32, 0xf5, 0x00, 0x12, 0x5e, 0x13, 0x84, 0x88, 0xe3, 0x13, 0x1c, 0x11, 0x2d, 0x9a, 0xd7, 0xec,
- 0x51, 0x94, 0x20, 0x6e, 0x8f, 0x69, 0xdf, 0x07, 0xe9, 0x46, 0x3b, 0xd9, 0x1c, 0x0a, 0xc0, 0x60,
- 0x90, 0x3a, 0x9a, 0x18, 0xa8, 0x19, 0xc6, 0x78, 0xc9, 0xf3, 0x1a, 0xbb, 0xca, 0xa8, 0xb5, 0x05,
- 0x6b, 0xa8, 0xfb, 0xeb, 0xdd, 0x19, 0x56, 0xc4, 0xfe, 0x7c, 0x84, 0xb1, 0xfd, 0x92, 0xbd, 0xe2,
- 0xb2, 0x94, 0x57, 0x3d, 0x03, 0x0a, 0xf1, 0xee, 0xca, 0xec, 0x8a, 0x0f, 0xb6, 0x23, 0x0b, 0x44,
- 0x14, 0x0d, 0xe0, 0xb1, 0x68, 0x38, 0x56, 0x7c, 0x66, 0x60, 0x8f, 0x54, 0x8b, 0x5c, 0x80, 0x37,
- 0x94, 0x27, 0x89, 0x47, 0x2c, 0x24, 0x45, 0x6b, 0x76, 0xdd, 0xfb, 0xf1, 0x31, 0xef, 0x7f, 0xa4,
- 0xba, 0x95, 0x4b, 0x91, 0x9c, 0x86, 0xa6, 0x48, 0xa2, 0x5a, 0x41, 0x64, 0x31, 0x14, 0x80, 0x6b,
- 0xb3, 0x0d, 0x46, 0x14, 0xb2, 0x61, 0x49, 0x81, 0xf5, 0x14, 0x2e, 0x1c, 0x3b, 0x7b, 0xc2, 0x23,
- 0x9d, 0x31, 0x66, 0x49, 0x56, 0x50, 0x69, 0x69, 0x5a, 0x5c, 0x82, 0x68, 0x96, 0x04, 0xc1, 0x76,
- 0x18, 0x19, 0x13, 0x95, 0xad, 0xbd, 0x5f, 0x96, 0x6d, 0xfe, 0xde, 0x65, 0x6a, 0x78, 0x47, 0x63,
- };
-
- if (argc < 4) {
- fprintf(stderr, "Need at least 3 arguments: <ca> <cert1> <server>\n");
+ if (argc < 6) {
+ fprintf(stderr, "Need at least 5 arguments: <sig> <dec> <ca> <cert1> <server>\n");
return 1;
}
@@ -84,7 +94,7 @@
}
/* Load certificates */
- for (i = 2; i < argc; i++) {
+ for (i = 4; i < argc; i++) {
data = crypto_read_cert(argv[i], &size, &error);
if (!data) {
fprintf(stderr, "Error reading cert %d: %s\n", i + 1, error->msg);
@@ -99,30 +109,50 @@
}
/* Verify the cert chain */
- if (crypto_verify_chain(cctx, argv[1], NULL, &error) != 0) {
+ if (crypto_verify_chain(cctx, argv[3], NULL, &error) != 0) {
fprintf(stderr, "Error verifying chain: %s\n", error && error->msg ? error->msg : "(none)");
return error->code;
}
/* Decrypt something using the public key of the server certificate */
+ sig_data = read_binfile(argv[1], &sig_len);
+ if (sig_data == NULL)
+ return 1;
+
+ dec_data = read_binfile(argv[2], &dec_len);
+ if (dec_data == NULL) {
+ free(sig_data);
+ return 1;
+ }
+
size = 0;
- data = crypto_decrypt_signature(cctx, &sig_data[0], sizeof(sig_data), &size, CRYPTO_PAD_NONE, &error);
+ data = crypto_decrypt_signature(cctx, &sig_data[0], sig_len, &size, CRYPTO_PAD_NONE, &error);
if (!data || !size) {
fprintf(stderr, "Error decrypting signature: %s\n", error && error->msg ? error->msg : "(none)");
+ free(dec_data);
+ free(sig_data);
return error->code;
}
- if (size != sizeof(dec_data)) {
+ if (size != dec_len) {
fprintf(stderr, "Error decrypting signature: unexpected "
- "decrypted size %zd (expected %zu)\n", size, sizeof(dec_data));
+ "decrypted size %zd (expected %zu)\n", size, dec_len);
+ free(dec_data);
+ free(sig_data);
+ free(data);
return 1;
}
- if (memcmp(data, dec_data, sizeof(dec_data))) {
+ if (memcmp(data, dec_data, dec_len)) {
fprintf(stderr, "Error decrypting signature: decrypted data did"
" not match expected decrypted data\n");
+ free(dec_data);
+ free(sig_data);
+ free(data);
return 1;
}
+ free(dec_data);
+ free(sig_data);
free(data);
fprintf(stdout, "Success\n");
Added: branches/vpnc-nortel/test/dec_data.bin
==============================================================================
--- branches/vpnc-nortel/test/dec_data.bin (added)
+++ branches/vpnc-nortel/test/dec_data.bin Wed Dec 4 14:40:55 2013
@@ -0,0 +1,3 @@
+|*ä`Ÿ«Öv{»ӣaPVäaÂq\G®J‰øGaL?֗· „†Ãém>‰à Oz•?näò€>>—|ßÕÿËÂûqœï¡öŒ6³c2õ+À`Â:š¨ÆxÉó»Ê¨µk¨ûëÃVÄþ|„±ý’½â²”W=
+ñîÊ슶#D à ±h8V|f`ÂT‹\€7”'‰G,$EkvÃûñ1鷺•K‘œ†¦H¢ZAd1€k³ F²aIÂõ.;{Â#Â1fIVPiiZ\‚h–Ãv•Â½_–mþÞejxGc
Added: branches/vpnc-nortel/test/sig_data.bin
==============================================================================
--- branches/vpnc-nortel/test/sig_data.bin (added)
+++ branches/vpnc-nortel/test/sig_data.bin Wed Dec 4 14:40:55 2013
@@ -0,0 +1,2 @@
+0‚µ0‚ 0 *†H†÷ +My Company Ltd10UThe Unit10Utest.somewhere.org1!0 *†H†÷ test@somewhere.org0 090428025052Z 190426025052Z0ÂÂ10 UUS10U Berk
Modified: trunk/Makefile
==============================================================================
--- trunk/Makefile (original)
+++ trunk/Makefile Wed Dec 4 14:40:55 2013
@@ -114,8 +114,8 @@
rm -rf vpnc-$*
test : all
- ./test-crypto test/cert.pem test/cert1.pem test/cert2.pem test/root.pem
- #./test-crypto test/cert.pem test/cert0.crt test/cert1.crt test/cert2.crt test/root.crt
+ ./test-crypto test/sig_data.bin test/dec_data.bin \
+ test/cert.pem test/cert1.pem test/cert2.pem test/root.pem
dist : VERSION vpnc.8 vpnc-$(RELEASE_VERSION).tar.gz
Modified: trunk/test-crypto.c
==============================================================================
--- trunk/test-crypto.c (original)
+++ trunk/test-crypto.c Wed Dec 4 14:40:55 2013
@@ -16,6 +16,7 @@
*/
#include <stdio.h>
+#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>
@@ -25,55 +26,64 @@
#include <stdlib.h>
#include "crypto.h"
+static unsigned char *read_binfile(const char *filename, size_t *len)
+{
+ int fd, ret;
+ struct stat s;
+ unsigned char *b;
+
+ if (filename == NULL || len ==NULL)
+ return NULL;
+
+ fd = open(filename, O_RDONLY);
+ if (fd < 0) {
+ fprintf(stderr, "Error opening file %s\n", filename);
+ return NULL;
+ }
+
+ ret = fstat(fd, &s);
+ if (ret < 0) {
+ fprintf(stderr, "Error while stat() file %s\n", filename);
+ close(fd);
+ return NULL;
+ }
+ if (s.st_size == 0) {
+ fprintf(stderr, "Empty file %s\n", filename);
+ close(fd);
+ return NULL;
+ }
+
+ b = malloc(s.st_size);
+ if (b == NULL) {
+ fprintf(stderr, "Error allocating memory\n");
+ close(fd);
+ return NULL;
+ }
+
+ ret = read(fd, b, s.st_size);
+ if (ret != s.st_size) {
+ fprintf(stderr, "Error reading file %s\n", filename);
+ free(b);
+ close(fd);
+ return NULL;
+ }
+
+ close(fd);
+ *len = s.st_size;
+ return b;
+}
+
int main(int argc, char *argv[])
{
crypto_ctx *cctx;
crypto_error *error = NULL;
int i;
unsigned char *data;
- size_t size = 0;
- const unsigned char sig_data[] = {
- 0x30, 0x82, 0x04, 0xb5, 0x30, 0x82, 0x03, 0x9d, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x02,
- 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, 0x05, 0x00, 0x30,
- 0x81, 0x9f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
- 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b, 0x73, 0x68,
+ size_t size = 0, sig_len, dec_len;
+ unsigned char *sig_data, *dec_data;
- 0x69, 0x72, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4e, 0x65,
- 0x77, 0x62, 0x75, 0x72, 0x79, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e,
- 0x4d, 0x79, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x31, 0x11,
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x08, 0x54, 0x68, 0x65, 0x20, 0x55, 0x6e, 0x69,
-
- 0x74, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x74, 0x65, 0x73, 0x74,
- 0x2e, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x21,
- 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x74,
- 0x65, 0x73, 0x74, 0x40, 0x73, 0x6f, 0x6d, 0x65, 0x77, 0x68, 0x65, 0x72, 0x65, 0x2e, 0x6f, 0x72,
-
- 0x67, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x39, 0x30, 0x34, 0x32, 0x38, 0x30, 0x32, 0x35, 0x30, 0x35,
- 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x34, 0x32, 0x36, 0x30, 0x32, 0x35, 0x30, 0x35, 0x32,
- 0x5a, 0x30, 0x81, 0x8f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
- 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6b,
- };
- const unsigned char dec_data[] = {
- 0x7c, 0x2a, 0xe4, 0x60, 0x10, 0x9f, 0xab, 0xd6, 0x76, 0x7b, 0x9d, 0x16, 0xbb, 0xd3, 0x16, 0xa3,
- 0x61, 0x50, 0x56, 0x13, 0xe4, 0x61, 0x0e, 0x90, 0x71, 0x5c, 0x47, 0xae, 0x4a, 0xc2, 0x89, 0xf8,
- 0x47, 0x61, 0x4c, 0x3f, 0xd6, 0x11, 0x97, 0xb7, 0x0d, 0x84, 0x86, 0xdd, 0xe9, 0x6d, 0x3e, 0x89,
- 0xe0, 0x4f, 0x7a, 0x95, 0x3f, 0x6e, 0xe4, 0xcd, 0xb2, 0x80, 0x3e, 0x19, 0x3e, 0x97, 0x7c, 0xdf,
- 0xd5, 0xff, 0xcb, 0x90, 0xfb, 0x71, 0x9c, 0xef, 0xa1, 0xf6, 0x8c, 0x36, 0xb3, 0x1f, 0x63, 0x7f,
- 0x32, 0xf5, 0x00, 0x12, 0x5e, 0x13, 0x84, 0x88, 0xe3, 0x13, 0x1c, 0x11, 0x2d, 0x9a, 0xd7, 0xec,
- 0x51, 0x94, 0x20, 0x6e, 0x8f, 0x69, 0xdf, 0x07, 0xe9, 0x46, 0x3b, 0xd9, 0x1c, 0x0a, 0xc0, 0x60,
- 0x90, 0x3a, 0x9a, 0x18, 0xa8, 0x19, 0xc6, 0x78, 0xc9, 0xf3, 0x1a, 0xbb, 0xca, 0xa8, 0xb5, 0x05,
- 0x6b, 0xa8, 0xfb, 0xeb, 0xdd, 0x19, 0x56, 0xc4, 0xfe, 0x7c, 0x84, 0xb1, 0xfd, 0x92, 0xbd, 0xe2,
- 0xb2, 0x94, 0x57, 0x3d, 0x03, 0x0a, 0xf1, 0xee, 0xca, 0xec, 0x8a, 0x0f, 0xb6, 0x23, 0x0b, 0x44,
- 0x14, 0x0d, 0xe0, 0xb1, 0x68, 0x38, 0x56, 0x7c, 0x66, 0x60, 0x8f, 0x54, 0x8b, 0x5c, 0x80, 0x37,
- 0x94, 0x27, 0x89, 0x47, 0x2c, 0x24, 0x45, 0x6b, 0x76, 0xdd, 0xfb, 0xf1, 0x31, 0xef, 0x7f, 0xa4,
- 0xba, 0x95, 0x4b, 0x91, 0x9c, 0x86, 0xa6, 0x48, 0xa2, 0x5a, 0x41, 0x64, 0x31, 0x14, 0x80, 0x6b,
- 0xb3, 0x0d, 0x46, 0x14, 0xb2, 0x61, 0x49, 0x81, 0xf5, 0x14, 0x2e, 0x1c, 0x3b, 0x7b, 0xc2, 0x23,
- 0x9d, 0x31, 0x66, 0x49, 0x56, 0x50, 0x69, 0x69, 0x5a, 0x5c, 0x82, 0x68, 0x96, 0x04, 0xc1, 0x76,
- 0x18, 0x19, 0x13, 0x95, 0xad, 0xbd, 0x5f, 0x96, 0x6d, 0xfe, 0xde, 0x65, 0x6a, 0x78, 0x47, 0x63,
- };
-
- if (argc < 4) {
- fprintf(stderr, "Need at least 3 arguments: <ca> <cert1> <server>\n");
+ if (argc < 6) {
+ fprintf(stderr, "Need at least 5 arguments: <sig> <dec> <ca> <cert1> <server>\n");
return 1;
}
@@ -84,7 +94,7 @@
}
/* Load certificates */
- for (i = 2; i < argc; i++) {
+ for (i = 4; i < argc; i++) {
data = crypto_read_cert(argv[i], &size, &error);
if (!data) {
fprintf(stderr, "Error reading cert %d: %s\n", i + 1, error->msg);
@@ -99,30 +109,50 @@
}
/* Verify the cert chain */
- if (crypto_verify_chain(cctx, argv[1], NULL, &error) != 0) {
+ if (crypto_verify_chain(cctx, argv[3], NULL, &error) != 0) {
fprintf(stderr, "Error verifying chain: %s\n", error && error->msg ? error->msg : "(none)");
return error->code;
}
/* Decrypt something using the public key of the server certificate */
+ sig_data = read_binfile(argv[1], &sig_len);
+ if (sig_data == NULL)
+ return 1;
+
+ dec_data = read_binfile(argv[2], &dec_len);
+ if (dec_data == NULL) {
+ free(sig_data);
+ return 1;
+ }
+
size = 0;
- data = crypto_decrypt_signature(cctx, &sig_data[0], sizeof(sig_data), &size, CRYPTO_PAD_NONE, &error);
+ data = crypto_decrypt_signature(cctx, &sig_data[0], sig_len, &size, CRYPTO_PAD_NONE, &error);
if (!data || !size) {
fprintf(stderr, "Error decrypting signature: %s\n", error && error->msg ? error->msg : "(none)");
+ free(dec_data);
+ free(sig_data);
return error->code;
}
- if (size != sizeof(dec_data)) {
+ if (size != dec_len) {
fprintf(stderr, "Error decrypting signature: unexpected "
- "decrypted size %zd (expected %zu)\n", size, sizeof(dec_data));
+ "decrypted size %zd (expected %zu)\n", size, dec_len);
+ free(dec_data);
+ free(sig_data);
+ free(data);
return 1;
}
- if (memcmp(data, dec_data, sizeof(dec_data))) {
+ if (memcmp(data, dec_data, dec_len)) {
fprintf(stderr, "Error decrypting signature: decrypted data did"
" not match expected decrypted data\n");
+ free(dec_data);
+ free(sig_data);
+ free(data);
return 1;
}
+ free(dec_data);
+ free(sig_data);
free(data);
fprintf(stdout, "Success\n");
Added: trunk/test/dec_data.bin
==============================================================================
--- trunk/test/dec_data.bin (added)
+++ trunk/test/dec_data.bin Wed Dec 4 14:40:55 2013
@@ -0,0 +1,3 @@
+|*ä`Ÿ«Öv{»ӣaPVäaÂq\G®J‰øGaL?֗· „†Ãém>‰à Oz•?näò€>>—|ßÕÿËÂûqœï¡öŒ6³c2õ+À`Â:š¨ÆxÉó»Ê¨µk¨ûëÃVÄþ|„±ý’½â²”W=
+ñîÊ슶#D à ±h8V|f`ÂT‹\€7”'‰G,$EkvÃûñ1鷺•K‘œ†¦H¢ZAd1€k³ F²aIÂõ.;{Â#Â1fIVPiiZ\‚h–Ãv•Â½_–mþÞejxGc
Added: trunk/test/sig_data.bin
==============================================================================
--- trunk/test/sig_data.bin (added)
+++ trunk/test/sig_data.bin Wed Dec 4 14:40:55 2013
@@ -0,0 +1,2 @@
+0‚µ0‚ 0 *†H†÷ +My Company Ltd10UThe Unit10Utest.somewhere.org1!0 *†H†÷ test@somewhere.org0 090428025052Z 190426025052Z0ÂÂ10 UUS10U Berk
_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/