From 6dc4f1912caf7f01f4b977ff8aaa50be61db2aba Mon Sep 17 00:00:00 2001 From: Othmar Gsenger Date: Thu, 27 Dec 2007 11:13:13 +0000 Subject: adden new isakmpd --- keyexchange/isakmpd-20041012/regress/Makefile | 34 ++ .../isakmpd-20041012/regress/b2n/.cvsignore | 2 + keyexchange/isakmpd-20041012/regress/b2n/Makefile | 16 + keyexchange/isakmpd-20041012/regress/b2n/b2ntest.c | 368 +++++++++++++++++++++ keyexchange/isakmpd-20041012/regress/check.sh | 88 +++++ .../isakmpd-20041012/regress/crypto/.cvsignore | 2 + .../isakmpd-20041012/regress/crypto/Makefile | 20 ++ .../isakmpd-20041012/regress/crypto/cryptotest.c | 178 ++++++++++ keyexchange/isakmpd-20041012/regress/dh/.cvsignore | 2 + keyexchange/isakmpd-20041012/regress/dh/Makefile | 29 ++ keyexchange/isakmpd-20041012/regress/dh/dhtest.c | 102 ++++++ .../isakmpd-20041012/regress/ec2n/.cvsignore | 2 + keyexchange/isakmpd-20041012/regress/ec2n/Makefile | 16 + .../isakmpd-20041012/regress/ec2n/ec2ntest.c | 144 ++++++++ .../isakmpd-20041012/regress/exchange/.cvsignore | 1 + .../isakmpd-20041012/regress/exchange/Makefile | 58 ++++ .../isakmpd-20041012/regress/exchange/README | 78 +++++ .../isakmpd-20041012/regress/exchange/def-i.1 | Bin 0 -> 72 bytes .../isakmpd-20041012/regress/exchange/def-r.1 | Bin 0 -> 72 bytes .../regress/exchange/mm-1-setup.sh | 12 + .../isakmpd-20041012/regress/exchange/mm-i-1.t | 43 +++ .../isakmpd-20041012/regress/exchange/mm-r-1.t | 42 +++ .../isakmpd-20041012/regress/exchange/run.pl | 105 ++++++ .../isakmpd-20041012/regress/exchange/run.sh | 137 ++++++++ .../isakmpd-20041012/regress/group/.cvsignore | 2 + .../isakmpd-20041012/regress/group/Makefile | 29 ++ .../isakmpd-20041012/regress/group/grouptest.c | 121 +++++++ .../isakmpd-20041012/regress/hmac/.cvsignore | 2 + keyexchange/isakmpd-20041012/regress/hmac/Makefile | 16 + .../isakmpd-20041012/regress/hmac/hmactest.c | 93 ++++++ .../isakmpd-20041012/regress/prf/.cvsignore | 2 + keyexchange/isakmpd-20041012/regress/prf/Makefile | 16 + keyexchange/isakmpd-20041012/regress/prf/prftest.c | 116 +++++++ .../isakmpd-20041012/regress/rsakeygen/.cvsignore | 4 + .../isakmpd-20041012/regress/rsakeygen/Makefile | 83 +++++ .../isakmpd-20041012/regress/rsakeygen/rsakeygen.c | 128 +++++++ keyexchange/isakmpd-20041012/regress/util/Makefile | 15 + .../isakmpd-20041012/regress/util/utiltest.c | 85 +++++ .../isakmpd-20041012/regress/x509/.cvsignore | 2 + keyexchange/isakmpd-20041012/regress/x509/Makefile | 95 ++++++ .../isakmpd-20041012/regress/x509/x509test.c | 291 ++++++++++++++++ 41 files changed, 2579 insertions(+) create mode 100644 keyexchange/isakmpd-20041012/regress/Makefile create mode 100644 keyexchange/isakmpd-20041012/regress/b2n/.cvsignore create mode 100644 keyexchange/isakmpd-20041012/regress/b2n/Makefile create mode 100644 keyexchange/isakmpd-20041012/regress/b2n/b2ntest.c create mode 100644 keyexchange/isakmpd-20041012/regress/check.sh create mode 100644 keyexchange/isakmpd-20041012/regress/crypto/.cvsignore create mode 100644 keyexchange/isakmpd-20041012/regress/crypto/Makefile create mode 100644 keyexchange/isakmpd-20041012/regress/crypto/cryptotest.c create mode 100644 keyexchange/isakmpd-20041012/regress/dh/.cvsignore create mode 100644 keyexchange/isakmpd-20041012/regress/dh/Makefile create mode 100644 keyexchange/isakmpd-20041012/regress/dh/dhtest.c create mode 100644 keyexchange/isakmpd-20041012/regress/ec2n/.cvsignore create mode 100644 keyexchange/isakmpd-20041012/regress/ec2n/Makefile create mode 100644 keyexchange/isakmpd-20041012/regress/ec2n/ec2ntest.c create mode 100644 keyexchange/isakmpd-20041012/regress/exchange/.cvsignore create mode 100644 keyexchange/isakmpd-20041012/regress/exchange/Makefile create mode 100644 keyexchange/isakmpd-20041012/regress/exchange/README create mode 100644 keyexchange/isakmpd-20041012/regress/exchange/def-i.1 create mode 100644 keyexchange/isakmpd-20041012/regress/exchange/def-r.1 create mode 100644 keyexchange/isakmpd-20041012/regress/exchange/mm-1-setup.sh create mode 100644 keyexchange/isakmpd-20041012/regress/exchange/mm-i-1.t create mode 100644 keyexchange/isakmpd-20041012/regress/exchange/mm-r-1.t create mode 100644 keyexchange/isakmpd-20041012/regress/exchange/run.pl create mode 100644 keyexchange/isakmpd-20041012/regress/exchange/run.sh create mode 100644 keyexchange/isakmpd-20041012/regress/group/.cvsignore create mode 100644 keyexchange/isakmpd-20041012/regress/group/Makefile create mode 100644 keyexchange/isakmpd-20041012/regress/group/grouptest.c create mode 100644 keyexchange/isakmpd-20041012/regress/hmac/.cvsignore create mode 100644 keyexchange/isakmpd-20041012/regress/hmac/Makefile create mode 100644 keyexchange/isakmpd-20041012/regress/hmac/hmactest.c create mode 100644 keyexchange/isakmpd-20041012/regress/prf/.cvsignore create mode 100644 keyexchange/isakmpd-20041012/regress/prf/Makefile create mode 100644 keyexchange/isakmpd-20041012/regress/prf/prftest.c create mode 100644 keyexchange/isakmpd-20041012/regress/rsakeygen/.cvsignore create mode 100644 keyexchange/isakmpd-20041012/regress/rsakeygen/Makefile create mode 100644 keyexchange/isakmpd-20041012/regress/rsakeygen/rsakeygen.c create mode 100644 keyexchange/isakmpd-20041012/regress/util/Makefile create mode 100644 keyexchange/isakmpd-20041012/regress/util/utiltest.c create mode 100644 keyexchange/isakmpd-20041012/regress/x509/.cvsignore create mode 100644 keyexchange/isakmpd-20041012/regress/x509/Makefile create mode 100644 keyexchange/isakmpd-20041012/regress/x509/x509test.c (limited to 'keyexchange/isakmpd-20041012/regress') diff --git a/keyexchange/isakmpd-20041012/regress/Makefile b/keyexchange/isakmpd-20041012/regress/Makefile new file mode 100644 index 0000000..bcbf7e5 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/Makefile @@ -0,0 +1,34 @@ +# $OpenBSD: Makefile,v 1.9 2003/06/03 14:39:50 ho Exp $ +# $EOM: Makefile,v 1.8 1999/07/17 20:44:13 niklas Exp $ + +# +# Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +SUBDIR= b2n crypto dh ec2n exchange group hmac prf rsakeygen util x509 + +.include diff --git a/keyexchange/isakmpd-20041012/regress/b2n/.cvsignore b/keyexchange/isakmpd-20041012/regress/b2n/.cvsignore new file mode 100644 index 0000000..ed605b2 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/b2n/.cvsignore @@ -0,0 +1,2 @@ +b2ntest +obj diff --git a/keyexchange/isakmpd-20041012/regress/b2n/Makefile b/keyexchange/isakmpd-20041012/regress/b2n/Makefile new file mode 100644 index 0000000..57ffb1f --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/b2n/Makefile @@ -0,0 +1,16 @@ +# $OpenBSD: Makefile,v 1.7 2004/02/25 16:01:29 hshoexer Exp $ +# $EOM: Makefile,v 1.12 2000/10/13 13:04:17 ho Exp $ + +# Test some math + +PROG= b2ntest +SRCS= b2ntest.c conf.c log.c math_2n.c sysdep.c util.c +NOMAN= +TOPSRC= ${.CURDIR}/../.. +TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f- +OS!= awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile +.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} +CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall +DEBUG= -g + +.include diff --git a/keyexchange/isakmpd-20041012/regress/b2n/b2ntest.c b/keyexchange/isakmpd-20041012/regress/b2n/b2ntest.c new file mode 100644 index 0000000..97284db --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/b2n/b2ntest.c @@ -0,0 +1,368 @@ +/* $OpenBSD: b2ntest.c,v 1.8 2003/06/03 14:39:50 ho Exp $ */ +/* $EOM: b2ntest.c,v 1.4 1998/07/16 19:31:55 provos Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * Copyright (c) 2001 Niklas Hallqvist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +/* + * B2N is a module for doing arithmetic on the Field GF(2**n) which is + * isomorph to ring of polynomials GF(2)[x]/p(x) where p(x) is an + * irreduciable polynomial over GF(2)[x] with grade n. + */ + +#include +#include +#include + +#include "math_2n.h" + +#define BUFSIZE 200 + +#define CMP_FAIL(n,x) b2n_snprint (buf, BUFSIZE, n); if (strcmp (buf, (x))) \ + printf ("FAILED: %s != %s ", buf, x); else printf ("OKAY "); + +int +main (void) +{ + int i; + b2n_t n, m, d, r; + char buf[BUFSIZE]; + + b2n_init (n); + b2n_init (m); + b2n_init (d); + b2n_init (r); + + printf ("Arithimetic Tests for GF(2)[x]:\n"); + printf ("Testing: b2n_set*: "); + b2n_set_ui (n, 0xffc0); + CMP_FAIL (n, "0xffc0"); + + b2n_set_str (m, "0x180c0"); + CMP_FAIL (m, "0x0180c0"); + b2n_set_str (m, "0x808b8080c0"); + CMP_FAIL (m, "0x808b8080c0"); + + printf ("\nTesting: b2n_add: "); + b2n_add (d, n, m); + CMP_FAIL (d, "0x808b807f00"); + b2n_add (n, n, m); + CMP_FAIL (n, "0x808b807f00"); + b2n_add (n, n, n); + CMP_FAIL (n, "0x00"); + b2n_set_str (n, "0x9090900000000000000000"); + b2n_set_ui (m, 0); + b2n_add (n, n, m); + CMP_FAIL (n, "0x9090900000000000000000"); + + printf ("\nTesting: b2n_lshift: "); + b2n_set_str (m, "0x808b8080c0"); + b2n_lshift (n, m, 3); + CMP_FAIL (n, "0x04045c040600"); + b2n_lshift (n, m, 11); + CMP_FAIL (n, "0x04045c04060000"); + b2n_set (n, m); + for (i = 0; i < 11; i++) + b2n_lshift (n, n, 1); + CMP_FAIL (n, "0x04045c04060000"); + b2n_lshift (d, m, 12); + CMP_FAIL (d, "0x0808b8080c0000"); + b2n_set_str (m, "0xdeadbeef"); + b2n_lshift (d, m, 103); + CMP_FAIL (d, "0x6f56df7780000000000000000000000000"); + + printf ("\nTesting: b2n_rshift: "); + b2n_rshift (m, n, 3); + CMP_FAIL (m, "0x808b8080c000"); + b2n_rshift (m, m, 11); + CMP_FAIL (m, "0x1011701018"); + b2n_set_str (m, "0x12381998713258186712365"); + b2n_rshift (m, m, 23); + CMP_FAIL (m, "0x024703330e264b030c"); + b2n_set_str (m, "0x12381998713258186712365"); + for (i=0; i<23; i++) + b2n_rshift (m, m, 1); + CMP_FAIL (m, "0x024703330e264b030c"); + + printf ("\nTesting: b2n_mul: 0x9 o 0x5: "); + b2n_set_ui (n, 9); + b2n_set_ui (m, 5); + b2n_mul (d, n, m); + CMP_FAIL (d, "0x2d"); + b2n_mul (n, n, m); + CMP_FAIL (d, "0x2d"); + + printf ("\nTesting: b2n_mul: 0x9 o 0x0: "); + b2n_set_ui (n, 9); + b2n_set_ui (m, 0); + b2n_mul (d, n, m); + CMP_FAIL (d, "0x00"); + b2n_set_ui (n, 0); + b2n_set_ui (m, 9); + b2n_mul (d, n, m); + CMP_FAIL (d, "0x00"); + + printf ("\nTesting: b2n_mul: 0x9 o 0x1: "); + b2n_set_ui (n, 9); + b2n_set_ui (m, 1); + b2n_mul (d, n, m); + CMP_FAIL (d, "0x09"); + + printf ("\nTesting: b2n_mul: 0x12329 o 0x1235: "); + b2n_set_str (n, "0x12329"); + b2n_set_str (m, "0x1235"); + b2n_mul (d, n, m); + CMP_FAIL (d, "0x10473a3d"); + b2n_mul (n, n, m); + CMP_FAIL (d, "0x10473a3d"); + + printf ("\nTesting: b2n_square: 0x1235 o 0x1235: "); + b2n_set_str (m, "0x1235"); + b2n_square (n, m); + CMP_FAIL (n, "0x01040511"); + + printf ("\nTesting: b2n_square: 0x80c1235 o 0x80c1235: "); + b2n_set_str (m, "0x80c1235"); + b2n_square (n, m); + CMP_FAIL (n, "0x40005001040511"); + + b2n_set_str (m, "0x12329"); + printf ("\nTesting: sigbit: 0x12329: %d, %s", + b2n_sigbit(m), b2n_sigbit(m) == 17 ? "OKAY" : "FAILED"); + b2n_set_ui (m, 0); + printf ("\nTesting: sigbit: 0x0: %d, %s", + b2n_sigbit(m), b2n_sigbit(m) == 0 ? "OKAY" : "FAILED"); + b2n_set_str (m, "0x7f3290000"); + printf ("\nTesting: sigbit: 0x7f3290000: %d, %s", + b2n_sigbit(m), b2n_sigbit(m) == 35 ? "OKAY" : "FAILED"); + + printf ("\nTesting: b2n_cmp: "); + b2n_set_str (m, "0x2234"); + b2n_set_str (n, "0x1234"); + printf ("%d <-> %d, ", b2n_sigbit (m), b2n_sigbit(n)); + printf ("%d, %d ,%d: ", b2n_cmp (m,m), b2n_cmp (m,n), b2n_cmp (n,m)); + if (b2n_cmp (m,m) || b2n_cmp (m,n) != 1 || b2n_cmp (n,m) != -1) + printf ("FAILED"); + else + printf ("OKAY"); + printf ("\nTesting: b2n_cmp_null: "); + b2n_set_str (m, "0x2234"); + b2n_set_ui (n, 0); + printf ("%d, %d: ", b2n_cmp_null (m), b2n_cmp_null (n)); + if (b2n_cmp_null (m) != 1 || b2n_cmp_null (n)) + printf ("FAILED"); + else + printf ("OKAY"); + + printf ("\nTesting: b2n_div: 0x2d / 0x5: "); + b2n_set_str (n, "0x2d"); + b2n_set_ui (m, 5); + b2n_div (n, m, n, m); + CMP_FAIL (n, "0x09"); + CMP_FAIL (m, "0x00"); + printf ("\nTesting: b2n_div: 0x2d / 0x1: "); + b2n_set_str (n, "0x2d"); + b2n_set_ui (m, 1); + b2n_div (n, m, n, m); + CMP_FAIL (n, "0x2d"); + CMP_FAIL (m, "0x00"); + + printf ("\nTesting: b2n_div: 0x10473a3d / 0x1235: "); + b2n_set_str (n, "0x10473a3d"); + b2n_set_str (m, "0x1235"); + b2n_div (n, m, n, m); + CMP_FAIL (n, "0x012329"); + CMP_FAIL (m, "0x00"); + + printf ("\nTesting: b2n_div: 0x10473a3d / 0x1536: "); + b2n_set_str (n, "0x10473a3d"); + b2n_set_str (m, "0x1536"); + b2n_div (n, m, n, m); + CMP_FAIL (n, "0x014331"); + CMP_FAIL (m, "0xab"); + b2n_set_str (n, "0x10473a3d"); + b2n_set_str (m, "0x1536"); + b2n_div_q (d, n, m); + CMP_FAIL (d, "0x014331"); + b2n_div_r (d, n, m); + CMP_FAIL (d, "0xab"); + + printf ("\nTesting: b2n_div: " + "0x0800000000000000000000004000000000000001 / 0xffab09909a00: "); + b2n_set_str (n, "0x0800000000000000000000004000000000000001"); + b2n_set_str (m, "0xffab09909a00"); + b2n_div_q (d, n, m); + CMP_FAIL (d, "0x18083e83a98647cedae0b3e69a5e"); + b2n_div_r (d, n, m); + CMP_FAIL (d, "0x5b8bf98cac01"); + b2n_set (d, m); + b2n_div (n, m, n, m); + CMP_FAIL (n, "0x18083e83a98647cedae0b3e69a5e"); + CMP_FAIL (m, "0x5b8bf98cac01"); + + printf ("\nTesting: b2n_div: " + "0x0800000000000000000000004000000000000001 / 0x7b: "); + b2n_set_str (n, "0x0800000000000000000000004000000000000001"); + b2n_set_str (m, "0x7b"); + b2n_div (n, m, n, m); + CMP_FAIL (n, "0x32dea27065bd44e0cb7a89c000000000000000"); + CMP_FAIL (m, "0x01"); + + printf ("\n\nArithimetic Tests for GF(2**m) ~= GF(2)[x]/p(x):\n"); + printf ("Testing: b2n_gcd: "); + b2n_set_str (d, "0x771"); + b2n_set_str (m, "0x26d"); + b2n_gcd (n, m, d); + CMP_FAIL (n, "0x0b"); + b2n_set_str (d, "0x0800000000000000000000004000000000000001"); + b2n_set_str (m, "0xffab09909a00"); + b2n_gcd (n, m, d); + CMP_FAIL (n, "0x01"); + b2n_set_str (d, "0x0800000000000000000000004000000000000001"); + b2n_set_str (m, "0x7b"); + b2n_gcd (n, m, d); + CMP_FAIL (n, "0x01"); + + printf ("\nTesting: b2n_mul_inv: "); + b2n_set_str (d, "0x0800000000000000000000004000000000000001"); + b2n_set_str (m, "0xffab09909a00"); + b2n_mul_inv (n, m, d); + CMP_FAIL (n, "0x074029149f69304174d28858ae5c60df208a22a8"); + b2n_set_str (n, "0xffab09909a00"); + b2n_mul_inv (n, n, d); + CMP_FAIL (n, "0x074029149f69304174d28858ae5c60df208a22a8"); + b2n_mul (n, n, m); + b2n_mod (n, n, d); + CMP_FAIL (n, "0x01"); + b2n_set_str (d, "0x0800000000000000000000004000000000000001"); + b2n_set_str (m, "0x7b"); + b2n_mul_inv (n, m, d); + CMP_FAIL (n, "0x32dea27065bd44e0cb7a89c000000000000000"); + b2n_mul (n, n, m); + b2n_mod (n, n, d); + CMP_FAIL (n, "0x01"); + + printf ("\nTesting: b2n_random: "); + b2n_random (m, 155); + b2n_snprint (buf, BUFSIZE, m); + printf ("%s, %d", buf, b2n_sigbit(m)); + + printf ("\nTesting: b2n_sqrt: "); + b2n_set_str (n, "0x0800000000000000000000004000000000000001"); + b2n_set_ui (d, 2); + b2n_sqrt (m, d, n); + b2n_square (d, m); + b2n_add (d, d, m); + b2n_mod (d, d, n); + CMP_FAIL (d, "0x02"); + + /* x**3 + b */ + b2n_set_ui (n, 0x7b); + b2n_square (d, n); + b2n_mul (d, d, n); + b2n_set_str (n, "0x07338f"); + b2n_add (d, d, n); + b2n_set_str (n, "0x0800000000000000000000004000000000000001"); + b2n_mod (d, d, n); + /* \alpha = x**3 + b - end */ + + /* \beta = x**(-2)*\alpha */ + b2n_set_ui (m, 0x7b); + b2n_mul_inv (m, m, n); + b2n_square (m, m); + b2n_mod (m, m, n); + b2n_mul (d, d, m); + b2n_mod (d, d, n); + b2n_set (r, d); + /* \beta = x**(-2)*\alpha - end */ + + b2n_sqrt (m, d, n); + CMP_FAIL (m, "0x0690aec7cd215d8f9a42bb1f0000000000000004"); + b2n_square (d, m); + b2n_mod (d, d, n); + b2n_add (d, d, m); + b2n_mod (d, d, n); + printf ("Squaring Check: "); + CMP_FAIL (d, "0x03d5af92c8311d9e8f56be4b3e690aec7cd215cc"); + + printf ("\nTesting: b2n_trace: "); + b2n_set_ui (m, 2); + b2n_trace (d, m, n); + CMP_FAIL (d, "0x00"); + b2n_set_ui (m, 0x11223); + b2n_trace (d, m, n); + CMP_FAIL (d, "0x01"); + + printf ("\nTesting: b2n_exp_mod: "); + b2n_set_ui (m, 0x7b); + b2n_exp_mod (d, m, 5, n); + CMP_FAIL (d, "0x7cccb7cb"); + b2n_set_str (m, "0x123456789abcdef"); + b2n_exp_mod (d, m, 13, n); + CMP_FAIL (d, "0x043f0a8550cb69b3c50d0340d1c6d5c97ecd60d4"); + + printf ("\nTesting: b2n_3mul: "); + b2n_set_ui (m, 0x7b); + b2n_3mul (m, m); + CMP_FAIL (m, "0x0171"); + + b2n_set_ui (m, 0x7fffffff); + b2n_3mul (m, m); + CMP_FAIL (m, "0x017ffffffd"); + + printf ("\nTesting: b2n_nadd: "); + b2n_set_str (m, "0x7fffffff"); + b2n_set_str (n, "0x10203045"); + b2n_nadd (d, n, m); + CMP_FAIL (d, "0x90203044"); + + b2n_set_str (m, "0x9a4a54d8b8dfa566112849991214329a233d"); + b2n_set_str (n, "0x70ee40dd60c8657e58eda9a17ad9176e28b4b457e5a34a0948e335"); + b2n_nadd (d, n, m); + CMP_FAIL (d, "0x70ee40dd60c8657e5987f3f65391f7138ec5dca17eb55e3be30672"); + + printf ("\nTesting: b2n_nsub: "); + b2n_set_str (n, "0x90203044"); + b2n_set_str (m, "0x10203045"); + b2n_nsub (d, n, m); + CMP_FAIL (d, "0x7fffffff"); + + b2n_set_str (n, "0x70ee40dd60c8657e5987f3f65391f7138ec5dca17eb55e3be30672"); + b2n_set_str (m, "0x70ee40dd60c8657e58eda9a17ad9176e28b4b457e5a34a0948e335"); + b2n_nsub (d, n, m); + CMP_FAIL (d, "0x9a4a54d8b8dfa566112849991214329a233d"); + + b2n_clear (n); + b2n_clear (m); + b2n_clear (d); + b2n_clear (r); + + printf ("\n"); + return 1; +} diff --git a/keyexchange/isakmpd-20041012/regress/check.sh b/keyexchange/isakmpd-20041012/regress/check.sh new file mode 100644 index 0000000..ea726c5 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/check.sh @@ -0,0 +1,88 @@ +#!/bin/sh +# $OpenBSD: check.sh,v 1.4 2003/06/03 14:39:50 ho Exp $ +# $EOM: check.sh,v 1.4 1998/07/17 21:33:13 niklas Exp $ + +# +# Copyright (c) 1998 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson. +# + +PROGNAME=$0 +NC=/usr/bin/nc +HOST=localhost +ISAKMP_PORT=500 + +set -- `getopt p: $*` +if [ $? != 0 ]; then + echo 'usage: $PROGNAME [-p port] host' >&2 + exit 2 +fi +for i; do + case "$i" in + -p) + ISAKMP_PORT=$2; shift; shift;; + --) + shift; break;; + esac +done + +if [ $# -gt 0 ]; then + HOST=$1 +fi + +send () { + ${NC} -u -w 1 ${HOST} ${ISAKMP_PORT} +} + +# Short message +printf "SHORT!" |send + +# (Most probably) invalid cookie +printf "INVALID COOKIES!\0\x10\0\0\0\0\0\0\0\0\0\x1c" |send + +# Invalid next payload type +printf "01234567\0\0\0\0\0\0\0\0!\x10\0\0\0\0\0\0\0\0\0\x1c" |send + +# Invalid major version +printf "01234567\0\0\0\0\0\0\0\0\0\x20\0\0\0\0\0\0\0\0\0\x1c" |send + +# Invalid minor version +printf "01234567\0\0\0\0\0\0\0\0\0\x11\0\0\0\0\0\0\0\0\0\x1c" |send + +# Invalid exchange type +printf "01234567\0\0\0\0\0\0\0\0\0\x10!\0\0\0\0\0\0\0\0\x1c" |send + +# Invalid flags +printf "01234567\0\0\0\0\0\0\0\0\0\x10\2\x80\0\0\0\0\0\0\0\x1c" |send + +# Invalid message ID +printf "01234567\0\0\0\0\0\0\0\0\0\x10\2\0BAD!\0\0\0\x1c" |send + +# Short length +printf "01234567\0\0\0\0\0\0\0\0\0\x10\2\0\0\0\0\0\0\0\0\x1b" |send + +# Long length +printf "01234567\0\0\0\0\0\0\0\0\0\x10\2\0\0\0\0\0\0\0\0\x1d" |send diff --git a/keyexchange/isakmpd-20041012/regress/crypto/.cvsignore b/keyexchange/isakmpd-20041012/regress/crypto/.cvsignore new file mode 100644 index 0000000..7b3c6ec --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/crypto/.cvsignore @@ -0,0 +1,2 @@ +cryptotest +obj diff --git a/keyexchange/isakmpd-20041012/regress/crypto/Makefile b/keyexchange/isakmpd-20041012/regress/crypto/Makefile new file mode 100644 index 0000000..b2a0ef9 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/crypto/Makefile @@ -0,0 +1,20 @@ +# $OpenBSD: Makefile,v 1.11 2004/02/25 16:01:29 hshoexer Exp $ +# $EOM: Makefile,v 1.7 2000/03/28 21:22:06 ho Exp $ + +# Test Crypto: + +PROG= cryptotest +SRCS= crypto.c cryptotest.c conf.c log.c sysdep.c util.c +TOPSRC= ${.CURDIR}/../.. +TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f- +OS!= awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile +.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} +CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall \ + -DUSE_TRIPLEDES -DUSE_CAST -DUSE_BLOWFISH -DUSE_DES \ + -DUSE_AES +LDADD+= -lcrypto -ldes +DPADD+= ${LIBCRYPTO} ${LIBDES} +NOMAN= +DEBUG= -g + +.include diff --git a/keyexchange/isakmpd-20041012/regress/crypto/cryptotest.c b/keyexchange/isakmpd-20041012/regress/crypto/cryptotest.c new file mode 100644 index 0000000..d860ddd --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/crypto/cryptotest.c @@ -0,0 +1,178 @@ +/* $OpenBSD: cryptotest.c,v 1.13 2004/04/07 22:45:50 ho Exp $ */ +/* $EOM: cryptotest.c,v 1.5 1998/10/07 16:40:49 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * Copyright (c) 2001 Niklas Hallqvist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include +#include +#include +#include +#include + +#include "crypto.h" + +void test_crypto (enum transform); + +#define SET_KEY(x,y) {size_t i; for (i=0; i < (y); i++) (x)[i] = i;} + +int +verify_buf (u_int8_t *buf, u_int16_t len) +{ + int i; + + for (i = 0; i < len; i++) + if (buf[i] != i) + return 0; + + return 1; +} + +#define nibble2bin(y) (tolower((y)) < 'a' ? (y) - '0': tolower((y)) - 'a' + 10) +#define hexchar2bin(x) ((nibble2bin((x)[0]) << 4) + nibble2bin((x)[1])) +#define nibble2c(x) ((x) >= 10 ? ('a'-10+(x)) : ('0' + (x))) + +static void asc2bin (u_int8_t *bin, u_int8_t *asc, u_int16_t len) +{ + int i; + + for (i = 0; i < len; i += 2, asc += 2) + { + *bin++ = hexchar2bin(asc); + } +} + +void +special_test_blf (void) +{ + u_int8_t *akey = "0123456789ABCDEFF0E1D2C3B4A59687"; + u_int8_t *aiv = "FEDCBA9876543210"; + u_int8_t data[] = "7654321 Now is the time for \0\0\0"; /* len 29 */ + u_int8_t *acipher + = "6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CCE7"; + u_int8_t key[16], cipher[32], iv[8]; + struct crypto_xf *xf; + struct keystate *ks; + enum cryptoerr err; + int i; + + asc2bin (key, akey, strlen (akey)); + asc2bin (iv, aiv, strlen (aiv)); + asc2bin (cipher, acipher, 64); + + xf = crypto_get (BLOWFISH_CBC); + printf ("Special Test-Case %s: ", xf->name); + + ks = crypto_init (xf, key, 16, &err); + if (!ks) + { + printf ("FAILED (init %d)", err); + goto fail; + } + + crypto_init_iv (ks, iv, xf->blocksize); + crypto_encrypt (ks, data, 32); + + for (i = 0; i < 32; i++) + if (data[i] != cipher[i]) + break; + if (i < 32) + printf ("FAILED "); + else + printf ("OKAY "); + + free (ks); + +fail: + printf ("\n"); + return; +} + +int +main (void) +{ + test_crypto (DES_CBC); + + test_crypto (TRIPLEDES_CBC); + + test_crypto (BLOWFISH_CBC); + + test_crypto (CAST_CBC); + + test_crypto (AES_CBC); + + special_test_blf (); + + return 1; +} + +void +dump_buf (u_int8_t *buf, size_t len) +{ + size_t i; + + for (i = 0; i < len; i++) + printf ("%02x ", buf[i]); + printf ("\n"); +} + +void +test_crypto (enum transform which) +{ + u_int8_t buf[256]; + struct crypto_xf *xf; + struct keystate *ks; + enum cryptoerr err; + + xf = crypto_get (which); + printf ("Testing %s: ", xf->name); + + SET_KEY (buf, xf->keymax); + ks = crypto_init (xf, buf, xf->keymax, &err); + if (!ks) + { + printf ("FAILED (init %d)", err); + goto fail; + } + SET_KEY (buf, sizeof (buf)); + crypto_init_iv (ks, buf, xf->blocksize); + crypto_encrypt (ks, buf, sizeof (buf)); + dump_buf (buf, sizeof buf); + crypto_decrypt (ks, buf, sizeof (buf)); + if (!verify_buf (buf, sizeof (buf))) + printf ("FAILED "); + else + printf ("OKAY "); + + free (ks); + + fail: + printf ("\n"); + return; +} diff --git a/keyexchange/isakmpd-20041012/regress/dh/.cvsignore b/keyexchange/isakmpd-20041012/regress/dh/.cvsignore new file mode 100644 index 0000000..d47de54 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/dh/.cvsignore @@ -0,0 +1,2 @@ +dhtest +obj diff --git a/keyexchange/isakmpd-20041012/regress/dh/Makefile b/keyexchange/isakmpd-20041012/regress/dh/Makefile new file mode 100644 index 0000000..e7f8d79 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/dh/Makefile @@ -0,0 +1,29 @@ +# $OpenBSD: Makefile,v 1.8 2004/02/25 16:01:29 hshoexer Exp $ +# $EOM: Makefile,v 1.10 2000/04/07 20:19:43 niklas Exp $ + +# Test DH: + +PROG= dhtest +SRCS= math_2n.c math_ec2n.c math_group.c dh.c dhtest.c log.c util.c \ + sysdep.c gmp_util.c conf.c +TOPSRC= ${.CURDIR}/../.. +TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f- +OS!= awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile +FEATURES!= awk '/^FEATURES=/ { print $$0 }' ${.CURDIR}/../../Makefile | sed 's/FEATURES=.//' +.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} +CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall \ + -DUSE_EC +NOMAN= +LDADD+= -lcrypto +DPADD+= ${LIBCRYPTO} +DEBUG= -g + +.if ${FEATURES:Mgmp} == "gmp" +CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_GMP +LDADD+= -lgmp +DPADD+= ${LIBGMP} +.else +CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_OPENSSL +.endif + +.include diff --git a/keyexchange/isakmpd-20041012/regress/dh/dhtest.c b/keyexchange/isakmpd-20041012/regress/dh/dhtest.c new file mode 100644 index 0000000..ef23caf --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/dh/dhtest.c @@ -0,0 +1,102 @@ +/* $OpenBSD: dhtest.c,v 1.5 2003/06/03 14:39:50 ho Exp $ */ +/* $EOM: dhtest.c,v 1.1 1998/07/18 21:14:20 provos Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +/* + * This module does a Diffie-Hellman Exchange + */ + +#include +#include +#include + +#include "math_group.h" +#include "dh.h" + +#define DUMP_X(_x_) point = (_x_); b2n_print (point->x); + +int +main (void) +{ + int len; + char buf[100], buf2[100]; + char sec[100], sec2[100]; + struct group *group, *group2; + + group_init (); + group = group_get (4); + group2 = group_get (4); + + printf ("Testing DH (elliptic curve): \n"); + + printf ("dh_getlen\n"); + len = dh_getlen (group); + printf ("dh_create_exchange\n"); + dh_create_exchange (group, buf); + dh_create_exchange (group2, buf2); + + printf ("dh_create_shared\n"); + dh_create_shared (group, sec, buf2); + dh_create_shared (group2, sec2, buf); + + printf ("Result: "); + if (memcmp (sec, sec2, len)) + printf ("FAILED "); + else + printf ("OKAY "); + + group_free (group); + group_free (group2); + + printf ("\nTesting DH (MODP): \n"); + + group = group_get (1); + group2 = group_get (1); + + printf ("dh_getlen\n"); + len = dh_getlen (group); + printf ("dh_create_exchange\n"); + dh_create_exchange (group, buf); + dh_create_exchange (group2, buf2); + + printf ("dh_create_shared\n"); + dh_create_shared (group, sec, buf2); + dh_create_shared (group2, sec2, buf); + + printf ("Result: "); + if (memcmp (sec, sec2, len)) + printf ("FAILED "); + else + printf ("OKAY "); + + + printf ("\n"); + return 1; +} diff --git a/keyexchange/isakmpd-20041012/regress/ec2n/.cvsignore b/keyexchange/isakmpd-20041012/regress/ec2n/.cvsignore new file mode 100644 index 0000000..6f2d7c6 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/ec2n/.cvsignore @@ -0,0 +1,2 @@ +ec2ntest +obj diff --git a/keyexchange/isakmpd-20041012/regress/ec2n/Makefile b/keyexchange/isakmpd-20041012/regress/ec2n/Makefile new file mode 100644 index 0000000..827ecbe --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/ec2n/Makefile @@ -0,0 +1,16 @@ +# $OpenBSD: Makefile,v 1.7 2004/02/25 16:01:29 hshoexer Exp $ +# $EOM: Makefile,v 1.9 2000/10/13 13:04:17 ho Exp $ + +# Test EC2N: + +PROG= ec2ntest +SRCS= math_2n.c math_ec2n.c ec2ntest.c log.c sysdep.c util.c conf.c +TOPSRC= ${.CURDIR}/../.. +TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f- +OS!= awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile +.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} +CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall +NOMAN= +DEBUG= -g + +.include diff --git a/keyexchange/isakmpd-20041012/regress/ec2n/ec2ntest.c b/keyexchange/isakmpd-20041012/regress/ec2n/ec2ntest.c new file mode 100644 index 0000000..0535e8c --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/ec2n/ec2ntest.c @@ -0,0 +1,144 @@ +/* $OpenBSD: ec2ntest.c,v 1.5 2003/06/04 07:31:17 ho Exp $ */ +/* $EOM: ec2ntest.c,v 1.3 1998/07/16 09:21:59 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +/* + * B2N is a module for doing arithmetic on the Field GF(2**n) which is + * isomorph to ring of polynomials GF(2)[x]/p(x) where p(x) is an + * irreduciable polynomial over GF(2)[x] with grade n. + */ + +#include +#include +#include + +#include "math_2n.h" +#include "math_ec2n.h" + +#define BUFSIZE 200 + +#define CMP_FAIL(n,x) b2n_snprint (buf, BUFSIZE, n); if (strcmp (buf, (x))) \ + printf ("FAILED: %s != %s ", buf, x); else printf ("OKAY "); + +int +main (void) +{ + b2n_t k; + ec2np_t p, q, r; + ec2ng_t g; + char buf[BUFSIZE]; + + b2n_init (k); + ec2np_init (p); + ec2np_init (q); + ec2np_init (r); + ec2ng_init (g); + + printf ("Testing: ec2ng_set* :"); + /* Init Group */ + ec2ng_set_p_str (g, "0x0800000000000000000000004000000000000001"); + CMP_FAIL (g->p, "0x0800000000000000000000004000000000000001"); + ec2ng_set_a_ui (g, 0); + CMP_FAIL (g->a, "0x00"); + ec2ng_set_b_str (g, "0x07338f"); + CMP_FAIL (g->b, "0x07338f"); + + printf ("\nTesting: ec2np_find_y: "); + /* Init Point */ + ec2np_set_x_ui (p, 0x7b); + ec2np_find_y (p, g); + + CMP_FAIL (p->y, "0x01c8"); + + printf ("\nTesting: ec2np_ison: "); + if (ec2np_ison (p, g)) + printf ("OKAY "); + else + printf ("FAILED "); + + ec2np_set_x_ui (q, 0x4); + ec2np_find_y (q, g); + if (ec2np_ison (q, g)) + printf ("OKAY "); + else + printf ("FAILED "); + + printf ("\nTesting: ec2np_add: "); + ec2np_set (r, p); + b2n_add (r->y, r->y, r->x); + ec2np_add (r, r, p, g); + if (!r->inf) + printf ("FAILED "); + else + printf ("OKAY "); + + ec2np_add (q, p, q, g); + CMP_FAIL (q->x, "0x06f32d7cc82cec8612a87a86e026350fb7595469"); + CMP_FAIL (q->y, "0x4ab92e21e51358ca8deab3fbbc9f7d8a7d1575"); + if (ec2np_ison (q, g)) + printf ("OKAY "); + else + printf ("FAILED "); + + ec2np_add (p, q, q, g); + CMP_FAIL (p->x, "0x0390001461385559a22ac9b6181c1e1889b38451"); + CMP_FAIL (p->y, "0x0188e61f38d747d7813c6a8b33d14dfb7418b04c"); + if (ec2np_ison (p, g)) + printf ("OKAY "); + else + printf ("FAILED "); + + printf ("\nTesting: ec2np_mul: "); + b2n_set_ui (k, 57); + ec2np_set (q, p); + ec2np_mul (q, q, k, g); + if (ec2np_ison (q, g)) + printf ("OKAY "); + else + printf ("FAILED "); + CMP_FAIL (q->x, "0x06bcf88caab88f99399350c46559da3b91afbf9d"); + + b2n_set_str (k, "0x0800000000000000000057db5698537193aef943"); + ec2np_set (q, p); + ec2np_mul (q, q, k, g); + if (ec2np_ison (q, g)) + printf ("OKAY "); + else + printf ("FAILED "); + CMP_FAIL (q->x, "0x0390001461385559a22ac9b6181c1e1889b38451"); + + printf ("\n"); + ec2np_clear (p); + ec2np_clear (q); + ec2np_clear (r); + ec2ng_clear (g); + b2n_clear (k); + return 1; +} diff --git a/keyexchange/isakmpd-20041012/regress/exchange/.cvsignore b/keyexchange/isakmpd-20041012/regress/exchange/.cvsignore new file mode 100644 index 0000000..b672fde --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/exchange/.cvsignore @@ -0,0 +1 @@ +obj diff --git a/keyexchange/isakmpd-20041012/regress/exchange/Makefile b/keyexchange/isakmpd-20041012/regress/exchange/Makefile new file mode 100644 index 0000000..ac22db8 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/exchange/Makefile @@ -0,0 +1,58 @@ +# $OpenBSD: Makefile,v 1.7 2003/06/03 14:39:50 ho Exp $ +# $EOM: Makefile,v 1.8 2000/03/28 21:22:07 ho Exp $ + +# +# Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +TOPSRC= ${.CURDIR}/../.. +TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f- +OS!= awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile +.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} +CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall +RUN= ISAKMPD=${TOPOBJ}/isakmpd ${.CURDIR}/run.sh + +TESTS= def + +all: + +test: ${TESTS:S/^/test-/} + +.for TEST in ${TESTS} +test-${TEST}: +.ifdef ONLY_INIT + @echo Testing "${TEST}" test as initiator + @${RUN} ${RUNFLAGS} ${.CURDIR}/${TEST} +.endif +.ifdef ONLY_RESP + @echo Testing "${TEST}" test as responder + @${RUN} -r ${RUNFLAGS} ${.CURDIR}/${TEST} +.endif +.endfor + +.include +.include diff --git a/keyexchange/isakmpd-20041012/regress/exchange/README b/keyexchange/isakmpd-20041012/regress/exchange/README new file mode 100644 index 0000000..cd1555b --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/exchange/README @@ -0,0 +1,78 @@ +$OpenBSD: README,v 1.1 1999/08/05 22:41:39 niklas Exp $ +$EOM: README,v 1.1 1999/08/05 15:07:37 niklas Exp $ + +XXX The old run.sh test-framework is obsoleted, it will go away anyday. + +We wanted to do a regression test environment which was flexible +enough to be able to easily reproduce anomalies in isakmpd. It +turns out this is not easy to do, as many problems are timing related. + +Currently ticks are milliseconds. An idea is to try to measure +isakmpd's response time somehow, and use that time as some kind of +basis for a tick. + +Our test environment should be able to parse scripts like this: + +#Tick Action Format Data +0 send H* ffffffff +0 recv H* 00000000 +1000 send H* deadbeef + +Ticks are not absolute but relative to the last event. the format is +Perl's pack/unpack template formats. Data is in the given format with +one exception, spaces are ignored, newlines are end-of-data unless +preceeded by a backslash. + +Comments are lines with a numbersign as the first non-whitespace +character. Empty lines are ignored, unless inside a multi-line data +in which it will be part of the data buffer. + +Here is a real world example: + +# $RCSId$ + +# Initiate a MM +0 send H* ad9de636 f12460bb 00000000 00000000 01100200 00000000 \ + 00000050 00000034 00000001 00000001 00000028 01010001 \ + 00000020 00010000 80010005 80020002 80030001 80040002 \ + 800b0001 800c0258 + +400 recv H* ad9de636 f12460bb 2aa5a583 ab2f3980 01100200 00000000 \ + 00000050 00000034 00000001 00000001 00000028 01010001 \ + 00000020 00010000 80010005 80020002 80030001 80040002 \ + 800b0001 800c0258 + +110 send H* ad9de636 f12460bb 2aa5a583 ab2f3980 04100200 00000000 \ + 000000b4 0a000084 60a8c102 ce97687e 45e3fdd9 6fd586b4 \ + f3a91167 559dd214 a78d678e 2772b7b2 83267487 15ec02a9 \ + 419b77ee 0f2add09 e9e09b7d ad40c883 ef2039c9 c59b67ff \ + 56e4d6f8 c99d47cb d4a565bc 8d192f76 f695d243 09121df5 \ + 524884a7 3f702630 7f4fad44 e222c4b1 242fd1cd ca3a161d \ + bcdf6706 025cc90d c4b00ef9 bee5ada2 00000014 ff7c493c \ + 88e68a10 4ab19a6a 7e75c771 + +800 recv H* ad9de636 f12460bb 2aa5a583 ab2f3980 04100200 00000000 \ + 000000b4 0a000084 681b9859 7680a3ff 894bb982 ef924bc8 \ + 4d9c7ebf 3a92db7b bcfe68f7 6e1de327 a975293f f5c550b1 \ + 9c69d6ed 64f201ec 514f4f44 0e6242b9 df4917e6 4418212d \ + 66a66eb1 f3b70c2d 4e14e382 d42ebe04 1027957c 5dadcaf1 \ + a531c085 6cee739f 433c185c 12a8a946 88622f66 f211783c \ + 277e134d 22d8e809 f1d38bab 6ca2a35f 00000014 6a917048 \ + a406fd47 b3d16554 cd6f0967 + +140 send H* ad9de636 f12460bb 2aa5a583 ab2f3980 05100201 00000000 \ + 0000005c d6571dec a8b55acb 1069210c 7d195417 1c2738e9 \ + 42f1d9a3 8561d0ec 0697cd06 ac1beb19 1dc8acf5 904ec1d5 \ + 5b2b154e 38b0de90 4f2e1f71 083047ca 10cab3d5 + +900 recv H* ad9de636 f12460bb 2aa5a583 ab2f3980 05100201 00000000 \ + 00000044 b46b1db4 9ecfbfa6 a5e9baa2 8eb3cb68 be3a857c \ + b039fa72 d595e69f 03669dbd 350781e2 56c36dce + +run with: + +perl run.pl filename + +You need to have an isakmpd listening on the address which is given in +run.pl. Of course you need to run it in deterministic mode (-r). +There will be a better explanation soon. diff --git a/keyexchange/isakmpd-20041012/regress/exchange/def-i.1 b/keyexchange/isakmpd-20041012/regress/exchange/def-i.1 new file mode 100644 index 0000000..1712249 Binary files /dev/null and b/keyexchange/isakmpd-20041012/regress/exchange/def-i.1 differ diff --git a/keyexchange/isakmpd-20041012/regress/exchange/def-r.1 b/keyexchange/isakmpd-20041012/regress/exchange/def-r.1 new file mode 100644 index 0000000..56f5e62 Binary files /dev/null and b/keyexchange/isakmpd-20041012/regress/exchange/def-r.1 differ diff --git a/keyexchange/isakmpd-20041012/regress/exchange/mm-1-setup.sh b/keyexchange/isakmpd-20041012/regress/exchange/mm-1-setup.sh new file mode 100644 index 0000000..0efd7c9 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/exchange/mm-1-setup.sh @@ -0,0 +1,12 @@ +# $OpenBSD: mm-1-setup.sh,v 1.2 2000/01/26 15:23:52 niklas Exp $ +# $EOM: mm-1-setup.sh,v 1.2 1999/10/05 12:54:27 niklas Exp $ + +# XXX Need to start isakmpd here in a nice way. + +echo "C set [Phase 1]:127.0.0.1=localhost 1">/tmp/fifo +echo "C set [localhost]:phase=1 1">/tmp/fifo +echo "C set [localhost]:transport=udp 1">/tmp/fifo +echo "C set [localhost]:address=127.0.0.1 1">/tmp/fifo +echo "C set [localhost]:port=1501 1">/tmp/fifo +echo "C set [localhost]:configuration=default-main-mode 1">/tmp/fifo +echo "C set [localhost]:authentication=mekmitasdigoat 1">/tmp/fifo diff --git a/keyexchange/isakmpd-20041012/regress/exchange/mm-i-1.t b/keyexchange/isakmpd-20041012/regress/exchange/mm-i-1.t new file mode 100644 index 0000000..9f9b1be --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/exchange/mm-i-1.t @@ -0,0 +1,43 @@ +# $OpenBSD: mm-i-1.t,v 1.1 1999/08/05 22:41:39 niklas Exp $ +# $EOM: mm-i-1.t,v 1.1 1999/08/05 15:07:38 niklas Exp $ + +# The seed to isakmpd was 19990805 + +# Initiate a MM +0 send H* ad9de636 f12460bb 00000000 00000000 01100200 00000000 \ + 00000050 00000034 00000001 00000001 00000028 01010001 \ + 00000020 00010000 80010005 80020002 80030001 80040002 \ + 800b0001 800c0258 + +400 recv H* ad9de636 f12460bb 2aa5a583 ab2f3980 01100200 00000000 \ + 00000050 00000034 00000001 00000001 00000028 01010001 \ + 00000020 00010000 80010005 80020002 80030001 80040002 \ + 800b0001 800c0258 + +110 send H* ad9de636 f12460bb 2aa5a583 ab2f3980 04100200 00000000 \ + 000000b4 0a000084 60a8c102 ce97687e 45e3fdd9 6fd586b4 \ + f3a91167 559dd214 a78d678e 2772b7b2 83267487 15ec02a9 \ + 419b77ee 0f2add09 e9e09b7d ad40c883 ef2039c9 c59b67ff \ + 56e4d6f8 c99d47cb d4a565bc 8d192f76 f695d243 09121df5 \ + 524884a7 3f702630 7f4fad44 e222c4b1 242fd1cd ca3a161d \ + bcdf6706 025cc90d c4b00ef9 bee5ada2 00000014 ff7c493c \ + 88e68a10 4ab19a6a 7e75c771 + +800 recv H* ad9de636 f12460bb 2aa5a583 ab2f3980 04100200 00000000 \ + 000000b4 0a000084 681b9859 7680a3ff 894bb982 ef924bc8 \ + 4d9c7ebf 3a92db7b bcfe68f7 6e1de327 a975293f f5c550b1 \ + 9c69d6ed 64f201ec 514f4f44 0e6242b9 df4917e6 4418212d \ + 66a66eb1 f3b70c2d 4e14e382 d42ebe04 1027957c 5dadcaf1 \ + a531c085 6cee739f 433c185c 12a8a946 88622f66 f211783c \ + 277e134d 22d8e809 f1d38bab 6ca2a35f 00000014 6a917048 \ + a406fd47 b3d16554 cd6f0967 + +140 send H* ad9de636 f12460bb 2aa5a583 ab2f3980 05100201 00000000 \ + 0000005c d6571dec a8b55acb 1069210c 7d195417 1c2738e9 \ + 42f1d9a3 8561d0ec 0697cd06 ac1beb19 1dc8acf5 904ec1d5 \ + 5b2b154e 38b0de90 4f2e1f71 083047ca 10cab3d5 + +900 recv H* ad9de636 f12460bb 2aa5a583 ab2f3980 05100201 00000000 \ + 00000044 b46b1db4 9ecfbfa6 a5e9baa2 8eb3cb68 be3a857c \ + b039fa72 d595e69f 03669dbd 350781e2 56c36dce + diff --git a/keyexchange/isakmpd-20041012/regress/exchange/mm-r-1.t b/keyexchange/isakmpd-20041012/regress/exchange/mm-r-1.t new file mode 100644 index 0000000..0c48224 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/exchange/mm-r-1.t @@ -0,0 +1,42 @@ +# $OpenBSD: mm-r-1.t,v 1.1 1999/08/05 22:41:39 niklas Exp $ +# $EOM: mm-r-1.t,v 1.1 1999/08/05 15:07:38 niklas Exp $ + +# The seed to isakmpd was 19990805 + +# Respond to this MM +999999 recv H* ad9de636 f12460bb 00000000 00000000 01100200 00000000 \ + 00000050 00000034 00000001 00000001 00000028 01010001 \ + 00000020 00010000 80010005 80020002 80030001 80040002 \ + 800b0001 800c0258 + +40 send H* ad9de636 f12460bb 2aa5a583 ab2f3980 01100200 00000000 \ + 00000050 00000034 00000001 00000001 00000028 01010001 \ + 00000020 00010000 80010005 80020002 80030001 80040002 \ + 800b0001 800c0258 + +1100 recv H* ad9de636 f12460bb 2aa5a583 ab2f3980 04100200 00000000 \ + 000000b4 0a000084 60a8c102 ce97687e 45e3fdd9 6fd586b4 \ + f3a91167 559dd214 a78d678e 2772b7b2 83267487 15ec02a9 \ + 419b77ee 0f2add09 e9e09b7d ad40c883 ef2039c9 c59b67ff \ + 56e4d6f8 c99d47cb d4a565bc 8d192f76 f695d243 09121df5 \ + 524884a7 3f702630 7f4fad44 e222c4b1 242fd1cd ca3a161d \ + bcdf6706 025cc90d c4b00ef9 bee5ada2 00000014 ff7c493c \ + 88e68a10 4ab19a6a 7e75c771 + +80 send H* ad9de636 f12460bb 2aa5a583 ab2f3980 04100200 00000000 \ + 000000b4 0a000084 681b9859 7680a3ff 894bb982 ef924bc8 \ + 4d9c7ebf 3a92db7b bcfe68f7 6e1de327 a975293f f5c550b1 \ + 9c69d6ed 64f201ec 514f4f44 0e6242b9 df4917e6 4418212d \ + 66a66eb1 f3b70c2d 4e14e382 d42ebe04 1027957c 5dadcaf1 \ + a531c085 6cee739f 433c185c 12a8a946 88622f66 f211783c \ + 277e134d 22d8e809 f1d38bab 6ca2a35f 00000014 6a917048 \ + a406fd47 b3d16554 cd6f0967 + +1400 recv H* ad9de636 f12460bb 2aa5a583 ab2f3980 05100201 00000000 \ + 0000005c d6571dec a8b55acb 1069210c 7d195417 1c2738e9 \ + 42f1d9a3 8561d0ec 0697cd06 ac1beb19 1dc8acf5 904ec1d5 \ + 5b2b154e 38b0de90 4f2e1f71 083047ca 10cab3d5 + +90 send H* ad9de636 f12460bb 2aa5a583 ab2f3980 05100201 00000000 \ + 00000044 b46b1db4 9ecfbfa6 a5e9baa2 8eb3cb68 be3a857c \ + b039fa72 d595e69f 03669dbd 350781e2 56c36dce diff --git a/keyexchange/isakmpd-20041012/regress/exchange/run.pl b/keyexchange/isakmpd-20041012/regress/exchange/run.pl new file mode 100644 index 0000000..d9fce2d --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/exchange/run.pl @@ -0,0 +1,105 @@ +#!/usr/bin/perl +# $OpenBSD: run.pl,v 1.2 2004/01/26 14:56:03 niklas Exp $ +# $EOM: run.pl,v 1.2 1999/08/05 22:42:42 niklas Exp $ + +# +# Copyright (c) 2004 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +use strict; +require 5.002; +require 'sys/syscall.ph'; +use Socket; +use Sys::Hostname; + +my ($rfd, $tickfac, $myaddr, $myport, $hisaddr, $hisport, $proto, $bindaddr, + $conaddr, $sec, $tick, $action, $template, $data, $next, + $nfd, $pkt, $verbose); + +$| = 1; + +$verbose = 1; +$tickfac = 0.001; +$myaddr = gethostbyname ('127.0.0.1'); +$myport = 1501; + $hisaddr = inet_aton ('127.0.0.1'); +$hisport = 1500; + +$proto = getprotobyname ('udp'); +$bindaddr = sockaddr_in ($myport, $myaddr); +socket (SOCKET, PF_INET, SOCK_DGRAM, $proto) || die "socket: $!"; +bind (SOCKET, $bindaddr); +vec ($rfd, fileno SOCKET, 1) = 1; + +$conaddr = sockaddr_in ($hisport, $hisaddr); + +sub getsec +{ + my ($tv) = pack ("ll", 0, 0); + my ($tz) = pack ("ii", 0, 0); + syscall (&SYS_gettimeofday, $tv, $tz) && return undef; + my ($sec, $usec) = unpack ("ll", $tv); + $sec % 86400 + $usec / 1000000; +} + +$sec = &getsec; +while (<>) { + next if /^\s*#/o || /^\s*$/o; + chop; + ($tick, $action, $template, $data) = split ' ', $_, 4; + while ($data =~ /\\$/o) { + chop $data; + $_ = <>; + next if /^\s*#/o; + chop; + $data .= $_; + } + $data =~ s/\s//go; + $data = pack $template, $data; + $next = $sec + $tick * $tickfac; + if ($action eq "send") { + # Wait for the moment to come. + print STDERR "waiting ", $next - $sec, " secs\n"; + select undef, undef, undef, $next - $sec + while ($sec = &getsec) < $next; +# print $data; + send SOCKET, $data, 0, $conaddr; + print STDERR "sent ", unpack ("H*", $data), "\n" if $verbose; + } elsif ($action eq "recv") { + $sec = &getsec; + printf (STDERR "waiting for data or the %.3f sec timeout\n", + $next - $sec); + $nfd = select $rfd, undef, undef, $next - $sec; + if ($nfd) { + printf STDERR "got back after %.3f secs\n", &getsec - $sec + if $verbose; +# sysread (STDIN, $pkt, 65536) if $nfd; + sysread (SOCKET, $pkt, 65536) if $nfd; + print STDERR "read ", unpack ("H*", $pkt), "\n" if $verbose; + print STDERR "cmp ", unpack ("H*", $data), "\n" if $verbose; + } else { + print STDERR "timed out\n" if $verbose; + } + die "mismatch\n" if $pkt ne $data; + } +} diff --git a/keyexchange/isakmpd-20041012/regress/exchange/run.sh b/keyexchange/isakmpd-20041012/regress/exchange/run.sh new file mode 100644 index 0000000..587c2c1 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/exchange/run.sh @@ -0,0 +1,137 @@ +#!/bin/sh +# $OpenBSD: run.sh,v 1.8 2004/01/09 10:03:04 hshoexer Exp $ +# $EOM: run.sh,v 1.6 1999/08/05 15:02:33 niklas Exp $ + +# +# Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +# Defaults +SRCPORT=1500 +DSTPORT=1501 +FIFO=test.fifo +TIMEOUT=2 + +NC=${NC:-/usr/bin/nc} +ISAKMPD=${ISAKMPD:-/sbin/isakmpd} + +progname=`basename $0` +indent=`echo -n $progname |sed 's/./ /g'` +seed=980801 +initiator=yes +retval=0 +verbose=no +clean=yes + +usage () +{ + echo "usage: $progname [-nrv] [-d dst-port] [-f fifo] [-s src-port]" >&2 + echo " $indent [-t timeout] testsuite" >&2 + exit 2 +} + +set -- `getopt d:f:nrs:t:v $*` +if [ $? != 0 ]; then + usage +fi +for i; do + case "$i" in + -d) + DSTPORT=$2; shift; shift;; + -f) + FIFO=$2; shift; shift;; + -n) + clean=no; shift;; + -r) + initiator=no; shift;; + -s) + SRCPORT=$2; shift; shift;; + -t) + TIMEOUT=$2; shift; shift;; + -v) + verbose=yes; shift;; + --) + shift; break;; + esac +done + +if [ $# -eq 1 ]; then + suite=$1 +else + usage +fi + +[ ${verbose} = yes ] && set -x + +# Start isakmpd and wait for the fifo to get created +rm -f ${FIFO} +${ISAKMPD} -d -p${SRCPORT} -f${FIFO} -r${seed} & +isakmpd_pid=$! +trap 'kill $isakmpd_pid; rm -f${FIFO}; [ $clean = yes ] && rm -f packet' 1 2 15 +while [ ! -p ${FIFO} ]; do + sleep 1 +done + +# Start the exchange +if [ $initiator = yes ]; then + ${NC} -nul -w${TIMEOUT} 127.0.0.1 ${DSTPORT} packet & +# ${NC} -nu -w${TIMEOUT} -p${SRCPORT} 127.0.0.1 ${DSTPORT} packet + sleep 1 + echo "c udp 127.0.0.1:${DSTPORT} 2 1" >${FIFO} + in_packets=`ls ${suite}-i.* 2>/dev/null` + out_packets=`ls ${suite}-r.* 2>/dev/null` +else + in_packets=`ls ${suite}-r.* 2>/dev/null` + out_packets=`ls ${suite}-i.* 2>/dev/null` +fi +his_turn=$initiator +while [ \( $his_turn = yes -a X"$in_packets" != X \) \ + -o \( $his_turn = no -a X"$out_packets" != X \) ]; do + if [ $his_turn = no ]; then + set $out_packets + packet=$1 + shift + out_packets=$* + cat $packet |${NC} -nu -w${TIMEOUT} -p${SRCPORT} 127.0.0.1 ${DSTPORT} \ + >packet + my_turn=no + else + set $in_packets + packet=$1 + shift + in_packets=$* + if ! cmp $packet packet 2>/dev/null; then + retval=1 + break + fi + my_turn=yes + fi +done +kill $isakmpd_pid +rm -f ${FIFO} +[ $clean = yes ] && rm -f packet +exit $retval diff --git a/keyexchange/isakmpd-20041012/regress/group/.cvsignore b/keyexchange/isakmpd-20041012/regress/group/.cvsignore new file mode 100644 index 0000000..2326f3a --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/group/.cvsignore @@ -0,0 +1,2 @@ +grouptest +obj diff --git a/keyexchange/isakmpd-20041012/regress/group/Makefile b/keyexchange/isakmpd-20041012/regress/group/Makefile new file mode 100644 index 0000000..9dc9982 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/group/Makefile @@ -0,0 +1,29 @@ +# $OpenBSD: Makefile,v 1.8 2004/02/25 16:01:29 hshoexer Exp $ +# $EOM: Makefile,v 1.12 2000/04/07 20:19:43 niklas Exp $ + +# Test Group: + +PROG= grouptest +SRCS= math_2n.c math_ec2n.c math_group.c grouptest.c log.c util.c \ + sysdep.c gmp_util.c conf.c +TOPSRC= ${.CURDIR}/../.. +TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f- +OS!= awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile +FEATURES!= awk '/^FEATURES=/ { print $$0 }' ${.CURDIR}/../../Makefile | sed 's/FEATURES=.//' +.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} +CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall \ + -DUSE_EC +NOMAN= +LDADD+= -lcrypto +DPADD+= ${LIBCRYPTO} +DEBUG= -g + +.if ${FEATURES:Mgmp} == "gmp" +CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_GMP +LDADD+= -lgmp +DPADD+= ${LIBGMP} +.else +CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_OPENSSL +.endif + +.include diff --git a/keyexchange/isakmpd-20041012/regress/group/grouptest.c b/keyexchange/isakmpd-20041012/regress/group/grouptest.c new file mode 100644 index 0000000..ba03283 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/group/grouptest.c @@ -0,0 +1,121 @@ +/* $OpenBSD: grouptest.c,v 1.4 2003/06/03 14:39:51 ho Exp $ */ +/* $EOM: grouptest.c,v 1.2 1998/07/18 21:15:55 provos Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +/* + * This module exercises the operations supplied by the group abstraction. + */ + +#include +#include +#include + +#include "math_2n.h" +#include "math_ec2n.h" +#include "math_group.h" + +#define DUMP_X(_x_) point = (_x_); b2n_print (point->x); + +int +main (void) +{ + int i; + char buf[100]; + char buf2[100]; + struct group *group, *group2; + ec2np_ptr point; + + group_init (); + group = group_get (3); + group2 = group_get (3); + + printf ("Testing: setraw, getraw: "); + for (i = 0; i < 20; i++) + buf[i] = i; + + group->setraw (group, group->c, buf, 20); + if (group->getlen (group) != 20) + printf ("FAILED "); + else + printf ("OKAY "); + + group->getraw (group, group->c, buf2); + for (i = 0; i < 20; i++) + if (buf2[i] != i) + break; + if (i < 20) + printf ("FAILED "); + else + printf ("OKAY "); + + printf ("\nTesting: setrandom: "); + group->setrandom (group, group->c); + DUMP_X (group->c); + group2->setrandom (group2, group2->c); + DUMP_X (group2->c); + + printf ("\nTesting: operation:\n"); + group->operation (group, group->a, group->gen, group->c); + point = group->a; + printf ("\tX (%d): ", point->x->chunks); b2n_print (point->x); + printf ("\tY (%d): ", point->y->chunks); b2n_print (point->y); + + group2->operation (group2, group2->a, group2->gen, group2->c); + point = group2->a; + printf ("\tX (%d): ", point->x->chunks); b2n_print (point->x); + printf ("\tY (%d): ", point->y->chunks); b2n_print (point->y); + + printf ("Exchange Value 1: "); b2n_print (group->d); + printf ("Exchange Value 2: "); b2n_print (group2->d); + + printf ("Testing: operation ...:\n"); + group->getraw (group, group->a, buf); + group2->setraw (group2, group2->b, buf, 20); + + group2->getraw (group2, group2->a, buf); + group->setraw (group, group->b, buf, 20); + + group2->operation (group2, group2->a, group2->b, group2->c); + printf ("Exchange Value 21: "); DUMP_X (group2->a); + + group->operation (group, group->a, group->b, group->c); + printf ("Exchange Value 12: "); DUMP_X (group->a); + + group->getraw (group, group->a, buf); + group2->getraw (group2, group2->a, buf2); + printf ("Testing: operation ...: "); + if (memcmp(buf, buf2, 20)) + printf ("FAILED "); + else + printf ("OKAY "); + + printf ("\n"); + return 1; +} diff --git a/keyexchange/isakmpd-20041012/regress/hmac/.cvsignore b/keyexchange/isakmpd-20041012/regress/hmac/.cvsignore new file mode 100644 index 0000000..5fc5f86 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/hmac/.cvsignore @@ -0,0 +1,2 @@ +hmactest +obj diff --git a/keyexchange/isakmpd-20041012/regress/hmac/Makefile b/keyexchange/isakmpd-20041012/regress/hmac/Makefile new file mode 100644 index 0000000..39bb2c7 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/hmac/Makefile @@ -0,0 +1,16 @@ +# $OpenBSD: Makefile,v 1.4 1999/02/26 03:28:31 niklas Exp $ +# $EOM: Makefile,v 1.3 1999/02/25 15:14:24 niklas Exp $ + +# Test HMAC: + +PROG= hmactest +SRCS= hash.c hmactest.c +TOPSRC= ${.CURDIR}/../.. +TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f- +OS!= awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile +.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} +CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall +NOMAN= +DEBUG= -g + +.include diff --git a/keyexchange/isakmpd-20041012/regress/hmac/hmactest.c b/keyexchange/isakmpd-20041012/regress/hmac/hmactest.c new file mode 100644 index 0000000..3b86f06 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/hmac/hmactest.c @@ -0,0 +1,93 @@ +/* $OpenBSD: hmactest.c,v 1.5 2003/06/04 07:31:17 ho Exp $ */ +/* $EOM: hmactest.c,v 1.3 1998/08/09 19:16:24 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include +#include +#include +#include + +#include "hash.h" + +int test_hmac(char *, struct hash *, char *, int, char *, int, char *); + +#define nibble2c(x) ((x) >= 10 ? ('a'-10+(x)) : ('0' + (x))) + +int +main (void) +{ + char key[100]; + + memset(key, 11, 20); + test_hmac ("HMAC-MD5 Test Case 1", hash_get (HASH_MD5), + key, 16, "Hi There", 8, "9294727a3638bb1c13f48ef8158bfc9d"); + test_hmac ("HMAC-MD5 Test Case 2", hash_get (HASH_MD5), + "Jefe", 4, + "what do ya want for nothing?", 28, + "750c783e6ab0b503eaa86e310a5db738"); + test_hmac ("HMAC-SHA1 Test Case 1", hash_get (HASH_SHA1), + key, 20, "Hi There", 8, + "b617318655057264e28bc0b6fb378c8ef146be00"); + test_hmac ("HMAC-SHA1 Test Case 2", hash_get (HASH_SHA1), + "Jefe", 4, "what do ya want for nothing?", 28, + "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79"); + + return 1; +} + +int +test_hmac(char *test, struct hash *hash, char *key, int klen, + char *data, int dlen, char *cmp) +{ + char output[2*HASH_MAX+1]; + int i; + + printf("Testing %s: ", test); + + hash->HMACInit(hash, key, klen); + hash->Update(hash->ctx, data, dlen); + hash->HMACFinal(hash->digest, hash); + + for (i=0; ihashsize; i++) + { + output[2*i] = nibble2c((hash->digest[i] >> 4) & 0xf); + output[2*i+1] = nibble2c(hash->digest[i] & 0xf); + } + output[2*i] = 0; + + if (!strcmp(output, cmp)) + { + printf("OKAY\n"); + return 1; + } + + printf("%s <-> %s\n", output, cmp); + return 0; +} diff --git a/keyexchange/isakmpd-20041012/regress/prf/.cvsignore b/keyexchange/isakmpd-20041012/regress/prf/.cvsignore new file mode 100644 index 0000000..023b310 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/prf/.cvsignore @@ -0,0 +1,2 @@ +prftest +obj diff --git a/keyexchange/isakmpd-20041012/regress/prf/Makefile b/keyexchange/isakmpd-20041012/regress/prf/Makefile new file mode 100644 index 0000000..5d9b1fa --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/prf/Makefile @@ -0,0 +1,16 @@ +# $OpenBSD: Makefile,v 1.7 2004/02/25 16:01:29 hshoexer Exp $ +# $EOM: Makefile,v 1.6 2000/03/28 21:22:07 ho Exp $ + +# Test PRF: + +PROG= prftest +SRCS= prf.c hash.c log.c prftest.c conf.c sysdep.c util.c +TOPSRC= ${.CURDIR}/../.. +TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f- +OS!= awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile +.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} +CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall +NOMAN= +DEBUG= -g + +.include diff --git a/keyexchange/isakmpd-20041012/regress/prf/prftest.c b/keyexchange/isakmpd-20041012/regress/prf/prftest.c new file mode 100644 index 0000000..15d7578 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/prf/prftest.c @@ -0,0 +1,116 @@ +/* $OpenBSD: prftest.c,v 1.7 2003/06/03 14:39:51 ho Exp $ */ +/* $EOM: prftest.c,v 1.2 1998/10/07 16:40:50 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include +#include +#include +#include + +#include "hash.h" +#include "prf.h" + +int test_prf (char *, enum hashes, char *, int, char *, int, char *); + +#define nibble2c(x) ((x) >= 10 ? ('a'-10+(x)) : ('0' + (x))) + +/* + * Basically the same as the HMAC regress, but to keep with modularity + * prf seems to be useful. So here we just check the HMAC test cases, + * until there are more PRFs. + */ + +int +main (void) +{ + char key[100]; + + memset (key, 11, 20); + test_prf ("PRF MD5 Test Case 1", HASH_MD5, + key, 16, "Hi There", 8, "9294727a3638bb1c13f48ef8158bfc9d"); + test_prf ("PRF MD5 Test Case 2", HASH_MD5, + "Jefe", 4, + "what do ya want for nothing?", 28, + "750c783e6ab0b503eaa86e310a5db738"); + test_prf ("PRF SHA1 Test Case 1", HASH_SHA1, + key, 20, "Hi There", 8, + "b617318655057264e28bc0b6fb378c8ef146be00"); + test_prf ("PRF SHA1 Test Case 2", HASH_SHA1, + "Jefe", 4, "what do ya want for nothing?", 28, + "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79"); + test_prf ("PRF SHA1 Test Case 3", HASH_SHA1, + "Bloody long key, this one, eben longer than the blocksize " + "of ordinary keyed HMAC functions", 90, + "what do ya want for nothing?", 28, + "52ca5fbcd7d4821bc6bf8b6e95e131109dff901b"); + + return 0; +} + +int +test_prf (char *test, enum hashes hash, char *key, int klen, + char *data, int dlen, char *cmp) +{ + char output[2*HASH_MAX+1]; + char digest[HASH_MAX]; + struct prf *prf; + int i; + + printf ("Testing %s: ", test); + + prf = prf_alloc (PRF_HMAC, hash, key, klen); + if (!prf) + { + printf("prf_alloc () failed\n"); + return 0; + } + + prf->Init (prf->prfctx); + prf->Update (prf->prfctx, data, dlen); + prf->Final (digest, prf->prfctx); + + prf_free (prf); + + for (i = 0; i < prf->blocksize; i++) + { + output[2 * i] = nibble2c ((digest[i] >> 4) & 0xf); + output[2 * i + 1] = nibble2c (digest[i] & 0xf); + } + output[2 * i] = 0; + + if (strcmp (output, cmp) == 0) + { + printf ("OKAY\n"); + return 1; + } + + printf ("%s <-> %s\n", output, cmp); + return 0; +} diff --git a/keyexchange/isakmpd-20041012/regress/rsakeygen/.cvsignore b/keyexchange/isakmpd-20041012/regress/rsakeygen/.cvsignore new file mode 100644 index 0000000..0ecb82e --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/rsakeygen/.cvsignore @@ -0,0 +1,4 @@ +isakmpd_key +isakmpd_key.pub +rsakeygen +obj diff --git a/keyexchange/isakmpd-20041012/regress/rsakeygen/Makefile b/keyexchange/isakmpd-20041012/regress/rsakeygen/Makefile new file mode 100644 index 0000000..578a7b5 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/rsakeygen/Makefile @@ -0,0 +1,83 @@ +# $OpenBSD: Makefile,v 1.15 2004/02/25 16:01:29 hshoexer Exp $ +# $EOM: Makefile,v 1.10 2000/03/28 21:23:24 ho Exp $ + +# +# Copyright (c) 1999 Niels Provos. All rights reserved. +# Copyright (c) 1999, 2001 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +# RSA Key Generation + +PROG= rsakeygen +SRCS= libcrypto.c log.c rsakeygen.c sysdep.c util.c conf.c +TOPSRC= ${.CURDIR}/../.. +TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f- +OS!= awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile +FEATURES!= awk '/^FEATURES=/ { print $$0 }' ${.CURDIR}/../../Makefile | sed 's/FEATURES=.//' +.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} +CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall \ + -DUSE_DEBUG +NOMAN= +DEBUG= -g + +.if ${FEATURES:Mgmp} == "gmp" +CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_GMP +LDADD+= -lgmp +DPADD+= ${LIBGMP} +.else +CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_OPENSSL +.endif + +.include "${TOPSRC}/sysdep/${OS}/Makefile.sysdep" + +.ifdef HAVE_DLOPEN +CFLAGS+= -DHAVE_DLOPEN +SRCS+= dyn.c +.endif + +.ifdef USE_LIBCRYPTO +CFLAGS+= -DUSE_LIBCRYPTO +LDADD+= -lcrypto +DPADD+= ${LIBCRYPTO} +.endif + +.if !defined (HAVE_DLOPEN) && !defined (USE_LIBCRYPTO) +.BEGIN: + @echo RSA cannot be used in this environmet, skipping... + +PROG= +.else +# USE_X509 is required for libcrypto.h to include the correct headers, +# but it is not set by ${OS}/Makefile.sysdep - setting it manually here +# should be safe enough. +CFLAGS+= -DUSE_X509 +.endif + +LDADD+= ${DESLIB} +DPADD+= ${DESLIBDEP} + +.include diff --git a/keyexchange/isakmpd-20041012/regress/rsakeygen/rsakeygen.c b/keyexchange/isakmpd-20041012/regress/rsakeygen/rsakeygen.c new file mode 100644 index 0000000..08548a0 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/rsakeygen/rsakeygen.c @@ -0,0 +1,128 @@ +/* $OpenBSD: rsakeygen.c,v 1.19 2004/02/26 15:27:05 hshoexer Exp $ */ +/* $EOM: rsakeygen.c,v 1.10 2000/12/21 15:18:53 ho Exp $ */ + +/* + * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. + * Copyright (c) 1999, 2001 Niklas Hallqvist. All rights reserved. + * Copyright (c) 2001 Håkan Olsson. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include +#include +#include +#include +#include + +#include "libcrypto.h" +#include "log.h" +#include "math_mp.h" + +#define nibble2bin(y) (tolower (y) < 'a' ? (y) - '0' : tolower (y) - 'a' + 10) +#define hexchar2bin(x) ((nibble2bin ((x)[0]) << 4) + nibble2bin ((x)[1])) +#define nibble2c(x) ((x) >= 10 ? ('a' - 10 + (x)) : ('0' + (x))) + +#define TEST_STRING "!Dies ist ein Test" + +int +main (void) +{ + u_int8_t enc[256], dec[256], *asn, *foo; + int len; + FILE *fd; + int erg = 0; + RSA *key; + + libcrypto_init (); + + log_debug_cmd (LOG_CRYPTO, 99); + memset (dec, '\0', sizeof dec); + strlcpy (dec, TEST_STRING, 256); + + key = RSA_generate_key (1024, RSA_F4, NULL, NULL); + if (key == NULL) + { + printf("Failed to generate key\n"); + return 0; + } + + printf ("n: 0x"); + BN_print_fp (stdout, key->n); + printf ("\ne: 0x"); + BN_print_fp (stdout, key->e); + printf ("\n"); + + printf ("n: 0x"); + BN_print_fp (stdout, key->n); + printf ("\ne: 0x"); + BN_print_fp (stdout, key->e); + printf ("\nd: 0x"); + BN_print_fp (stdout, key->d); + printf ("\np: 0x"); + BN_print_fp (stdout, key->p); + printf ("\nq: 0x"); + BN_print_fp (stdout, key->q); + printf ("\n"); + + printf ("Testing Signing/Verifying: "); + /* Sign with Private Key */ + len = RSA_private_encrypt (strlen (dec) + 1, dec, enc, key, + RSA_PKCS1_PADDING); + if (len == -1) + printf ("SIGN FAILED "); + else + { + /* Decrypt/Verify with Public Key */ + erg = RSA_public_decrypt (len, enc, dec, key, RSA_PKCS1_PADDING); + + if (erg == -1 || strcmp (dec, TEST_STRING)) + printf ("VERIFY FAILED"); + else + printf ("OKAY"); + } + + printf ("\n"); + + len = i2d_RSAPublicKey (key, NULL); + foo = asn = malloc (len); + len = i2d_RSAPublicKey (key, &foo); + fd = fopen ("isakmpd_key.pub", "w"); + fwrite (asn, len, 1, fd); + fclose (fd); + free (asn); + + len = i2d_RSAPrivateKey (key, NULL); + foo = asn = malloc (len); + len = i2d_RSAPrivateKey (key, &foo); + fd = fopen ("isakmpd_key", "w"); + fwrite (asn, len, 1, fd); + fclose (fd); + free (asn); + + RSA_free (key); + + return 1; +} diff --git a/keyexchange/isakmpd-20041012/regress/util/Makefile b/keyexchange/isakmpd-20041012/regress/util/Makefile new file mode 100644 index 0000000..88c0785 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/util/Makefile @@ -0,0 +1,15 @@ +# $OpenBSD: Makefile,v 1.2 2004/02/25 16:01:29 hshoexer Exp $ + +# Test some utility functions + +PROG= utiltest +SRCS= log.c sysdep.c util.c utiltest.c conf.c +TOPSRC= ${.CURDIR}/../.. +TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f- +OS!= awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile +.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} +CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall +NOMAN= +DEBUG= -g + +.include diff --git a/keyexchange/isakmpd-20041012/regress/util/utiltest.c b/keyexchange/isakmpd-20041012/regress/util/utiltest.c new file mode 100644 index 0000000..89d8615 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/util/utiltest.c @@ -0,0 +1,85 @@ +/* $OpenBSD: utiltest.c,v 1.3 2003/06/03 14:39:51 ho Exp $ */ + +/* + * Copyright (c) 2001 Niklas Hallqvist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include + +#include "sysdep.h" + +#include "util.h" + +int test_1 (char *, char *, int); + +int +main (int argc, char *argv[]) +{ + test_1 ("10.0.0.1", "10", 0); + test_1 ("10.0.0.1", "isakmp", 0); + test_1 ("10::1", "10", 0); + test_1 ("10::1", "isakmp", 0); + test_1 ("10.0x0.1", "10", -1); + test_1 ("10.0.0.1", "telnet", -1); + test_1 ("10::x:1", "10", -1); + test_1 ("10::1", "telnet", -1); + return 0; +} + +int test_1 (char *address, char *port, int ok) +{ + struct sockaddr *sa; +#ifdef DEBUG + struct sockaddr_in *sai; + struct sockaddr_in6 *sai6; + int i; +#endif + int rv; + + printf ("test_1 (\"%s\", \"%s\") ", address, port); + rv = text2sockaddr (address, port, &sa) == ok; + printf (rv ? "OK" : "FAIL"); + printf ("\n"); + +#ifdef DEBUG + printf ("af %d len %d ", sa->sa_family, sa->sa_len); + if (sa->sa_family == AF_INET) + { + sai = (struct sockaddr_in *)sa; + printf ("addr %08x port %d\n", ntohl (sai->sin_addr.s_addr), + ntohs (sai->sin_port)); + } + else + { + sai6 = (struct sockaddr_in6 *)sa; + printf ("addr "); + for (i = 0; i < sizeof sai6->sin6_addr; i++) + printf ("%02x", sai6->sin6_addr.s6_addr[i]); + printf (" port %d\n", ntohs (sai6->sin6_port)); + } +#endif + return rv; +} diff --git a/keyexchange/isakmpd-20041012/regress/x509/.cvsignore b/keyexchange/isakmpd-20041012/regress/x509/.cvsignore new file mode 100644 index 0000000..9863c98 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/x509/.cvsignore @@ -0,0 +1,2 @@ +x509test +obj diff --git a/keyexchange/isakmpd-20041012/regress/x509/Makefile b/keyexchange/isakmpd-20041012/regress/x509/Makefile new file mode 100644 index 0000000..2ce1e95 --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/x509/Makefile @@ -0,0 +1,95 @@ +# $OpenBSD: Makefile,v 1.14 2003/06/03 14:39:51 ho Exp $ +# $EOM: Makefile,v 1.16 2000/09/28 12:53:27 niklas Exp $ + +# +# Copyright (c) 1999 Niels Provos. All rights reserved. +# Copyright (c) 1999, 2001 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +# Test X509 + +# Enable this if you have a DNSSEC enabled OpenSSL +#LIBLWRES= /usr/local/lib/liblwres.a + +PROG= x509test +SRCS= x509test.c conf.c log.c libcrypto.c sysdep.c field.c util.c \ + isakmp_fld.c ipsec_fld.c ipsec_num.c isakmp_num.c constants.c \ + cert.c +TOPSRC= ${.CURDIR}/../.. +TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f- +OS!= awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile +FEATURES!= awk '/^FEATURES=/ { print $$0 }' ${.CURDIR}/../../Makefile | sed 's/FEATURES=.//' +.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} +CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall \ + -DUSE_X509 +NOMAN= +DEBUG= -g + +.if ${FEATURES:Mgmp} == "gmp" +CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_GMP +LDADD+= -lgmp +DPADD+= ${LIBGMP} +.else +CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_OPENSSL +.endif + +.include "${TOPSRC}/sysdep/${OS}/Makefile.sysdep" + +.ifdef HAVE_DLOPEN +X509= x509.c +POLICY= policy.c +CFLAGS+= -DHAVE_DLOPEN +SRCS+= dyn.c +.endif + +.ifdef USE_KEYNOTE +USE_LIBCRYPTO= yes +POLICY= policy.c +LDADD+= -lkeynote -lm +DPADD+= ${LIBKEYNOTE} ${LIBM} +CFLAGS+= -DUSE_KEYNOTE +.endif + +.ifdef USE_LIBCRYPTO +X509= x509.c +CFLAGS+= -DUSE_LIBCRYPTO +LDADD+= -lcrypto ${LIBLWRES} +DPADD+= ${LIBCRYPTO} +.endif + +.if !defined (HAVE_DLOPEN) && !defined (USE_LIBCRYPTO) || !defined (USE_KEYNOTE) +.BEGIN: + +PROG= +.endif + +SRCS+= ${X509} ${POLICY} + +LDADD+= ${DESLIB} +DPADD+= ${DESLIBDEP} + +.include diff --git a/keyexchange/isakmpd-20041012/regress/x509/x509test.c b/keyexchange/isakmpd-20041012/regress/x509/x509test.c new file mode 100644 index 0000000..25b8bab --- /dev/null +++ b/keyexchange/isakmpd-20041012/regress/x509/x509test.c @@ -0,0 +1,291 @@ +/* $OpenBSD: x509test.c,v 1.22 2003/06/03 14:39:51 ho Exp $ */ +/* $EOM: x509test.c,v 1.9 2000/12/21 15:24:25 ho Exp $ */ + +/* + * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. + * Copyright (c) 1999, 2001 Niklas Hallqvist. All rights reserved. + * Copyright (c) 2001 Håkan Olsson. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +/* + * This program takes a certificate generated by ssleay and a key pair + * from rsakeygen. It reads the IP address from certificate.txt and + * includes this as subject alt name extension into the certifcate. + * The result gets written as new certificate that can be used by + * isakmpd. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "conf.h" +#include "ipsec_num.h" +#include "isakmp_fld.h" +#include "libcrypto.h" +#include "log.h" +#include "math_mp.h" +#include "x509.h" + +static int x509_check_subjectaltname (u_char *, u_int, X509 *); + +u_int32_t file_sz; + +#if 0 +/* XXX Currently unused. */ +static u_int8_t * +open_file (char *name) +{ + int fd; + struct stat st; + u_int8_t *addr; + + if (stat (name, &st) == -1) + log_fatal ("stat (\"%s\", &st)", name); + file_sz = st.st_size; + fd = open (name, O_RDONLY); + if (fd == -1) + log_fatal ("open (\"%s\", O_RDONLY)", name); + addr = mmap (0, file_sz, PROT_READ | PROT_WRITE, MAP_FILE | MAP_PRIVATE, + fd, 0); + if (addr == MAP_FAILED) + log_fatal ("mmap (0, %d, PROT_READ | PROT_WRITE, MAP_FILE | MAP_PRIVATE," + "%d, 0)", file_sz, fd); + close (fd); + + return addr; +} +#endif + +/* + * Check that a certificate has a subjectAltName and that it matches our ID. + */ +static int +x509_check_subjectaltname (u_char *id, u_int id_len, X509 *scert) +{ + u_int8_t *altname; + u_int32_t altlen; + int type, idtype, ret; + + type = x509_cert_subjectaltname (scert, &altname, &altlen); + if (!type) + { + log_print ("x509_check_subjectaltname: can't access subjectAltName"); + return 0; + } + + /* + * Now that we have the X509 certicate in native form, get the + * subjectAltName extension and verify that it matches our ID. + */ + + /* XXX Get type of ID. */ + idtype = id[0]; + id += ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ; + id_len -= ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ; + + ret = 0; + switch (idtype) + { + case IPSEC_ID_IPV4_ADDR: + if (type == X509v3_IP_ADDR) + ret = 1; + break; + case IPSEC_ID_FQDN: + if (type == X509v3_DNS_NAME) + ret = 1; + break; + case IPSEC_ID_USER_FQDN: + if (type == X509v3_RFC_NAME) + ret = 1; + break; + default: + ret = 0; + break; + } + + if (!ret) + { + LOG_DBG ((LOG_CRYPTO, 50, + "x509_check_subjectaltname: " + "our ID type (%d) does not match X509 cert ID type (%d)", + idtype, type)); + return 0; + } + + if (altlen != id_len || memcmp (altname, id, id_len) != 0) + { + LOG_DBG ((LOG_CRYPTO, 50, + "x509_check_subjectaltname: " + "our ID does not match X509 cert ID")); + return 0; + } + + return 1; +} + +int +main (int argc, char *argv[]) +{ + RSA *pub_key, *priv_key; + X509 *cert; + BIO *certfile, *keyfile; + EVP_PKEY *pkey_pub; + u_char ipaddr[6]; + struct in_addr saddr; + char enc[256], dec[256]; + u_int8_t idpayload[8]; + int err, len; + + if (argc < 3 || argc > 4) + { + fprintf (stderr, "usage: x509test private-key certificate ip-address\n"); + exit (1); + } + + /* + * X509_verify will fail, as will all other functions that call + * EVP_get_digest_byname. + */ + + libcrypto_init (); + + printf ("Reading private key %s\n", argv[1]); + keyfile = BIO_new (BIO_s_file ()); + if (BIO_read_filename (keyfile, argv[1]) == -1) + { + perror ("read"); + exit (1); + } +#if SSLEAY_VERSION_NUMBER >= 0x00904100L + priv_key = PEM_read_bio_RSAPrivateKey (keyfile, NULL, NULL, NULL); +#else + priv_key = PEM_read_bio_RSAPrivateKey (keyfile, NULL, NULL); +#endif + BIO_free (keyfile); + if (priv_key == NULL) + { + printf("PEM_read_bio_RSAPrivateKey () failed\n"); + exit (1); + } + + /* Use a certificate created by ssleay. */ + printf ("Reading ssleay created certificate %s\n", argv[2]); + certfile = BIO_new (BIO_s_file ()); + if (BIO_read_filename (certfile, argv[2]) == -1) + { + perror ("read"); + exit (1); + } +#if SSLEAY_VERSION_NUMBER >= 0x00904100L + cert = PEM_read_bio_X509 (certfile, NULL, NULL, NULL); +#else + cert = PEM_read_bio_X509 (certfile, NULL, NULL); +#endif + BIO_free (certfile); + if (cert == NULL) + { + printf("PEM_read_bio_X509 () failed\n"); + exit (1); + } + + pkey_pub = X509_get_pubkey (cert); + /* XXX Violation of the interface? */ + pub_key = pkey_pub->pkey.rsa; + if (pub_key == NULL) + { + exit (1); + } + + printf ("Testing RSA keys: "); + + err = 0; + strlcpy (dec, "Eine kleine Testmeldung", 256); + if ((len = RSA_private_encrypt (strlen (dec), dec, enc, priv_key, + RSA_PKCS1_PADDING)) == -1) + + printf ("SIGN FAILED "); + else + err = RSA_public_decrypt (len, enc, dec, pub_key, RSA_PKCS1_PADDING); + + if (err == -1 || strcmp (dec, "Eine kleine Testmeldung")) + printf ("SIGN/VERIFY FAILED"); + else + printf ("OKAY"); + printf ("\n"); + + + printf ("Validate SIGNED: "); + err = X509_verify (cert, pkey_pub); + printf ("X509 verify: %d ", err); + if (err == -1) + printf ("FAILED "); + else + printf ("OKAY "); + printf ("\n"); + + if (argc == 4) + { + printf ("Verifying extension: "); + if (inet_aton (argv[3], &saddr) == 0) + { + printf ("inet_aton () failed\n"); + exit (1); + } + + saddr.s_addr = htonl (saddr.s_addr); + ipaddr[0] = 0x87; + ipaddr[1] = 0x04; + ipaddr[2] = saddr.s_addr >> 24; + ipaddr[3] = (saddr.s_addr >> 16) & 0xff; + ipaddr[4] = (saddr.s_addr >> 8) & 0xff; + ipaddr[5] = saddr.s_addr & 0xff; + bzero (idpayload, sizeof idpayload); + idpayload[0] = IPSEC_ID_IPV4_ADDR; + bcopy (ipaddr + 2, idpayload + 4, 4); + + if (!x509_check_subjectaltname (idpayload, sizeof idpayload, cert)) + printf("FAILED "); + else + printf("OKAY "); + printf ("\n"); + } + + return 1; +} -- cgit v1.2.3