test-crypto.c

   1 /* IPSec VPN client compatible with Cisco equipment.
   2
   3    This program is free software; you can redistribute it and/or modify
   4    it under the terms of the GNU General Public License as published by
   5    the Free Software Foundation; either version 2 of the License, or
   6    (at your option) any later version.
   7
   8    This program is distributed in the hope that it will be useful,
   9    but WITHOUT ANY WARRANTY; without even the implied warranty of
  10    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  11    GNU General Public License for more details.
  12
  13    You should have received a copy of the GNU General Public License
  14    along with this program; if not, write to the Free Software
  15    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  16 */
  17
  18 #include <stdio.h>
  19 #include <sys/types.h>
  20 #include <sys/stat.h>
  21 #include <fcntl.h>
  22 #include <errno.h>
  23 #include <limits.h>
  24 #include <string.h>
  25 #include <unistd.h>
  26 #include <stdlib.h>
  27 #include "crypto.h"
  28
  29 static unsigned char *read_binfile(const char *filename, size_t *len)
  30 {
  31         int fd, ret;
  32         struct stat s;
  33         unsigned char *b;
  34
  35         if (filename == NULL || len ==NULL)
  36                 return NULL;
  37
  38         fd = open(filename, O_RDONLY);
  39         if (fd < 0) {
  40                 fprintf(stderr, "Error opening file %s\n", filename);
  41                 return NULL;
  42         }
  43
  44         ret = fstat(fd, &s);
  45         if (ret < 0) {
  46                 fprintf(stderr, "Error while stat() file %s\n", filename);
  47                 close(fd);
  48                 return NULL;
  49         }
  50         if (s.st_size == 0) {
  51                 fprintf(stderr, "Empty file %s\n", filename);
  52                 close(fd);
  53                 return NULL;
  54         }
  55
  56         b = malloc(s.st_size);
  57         if (b == NULL) {
  58                 fprintf(stderr, "Error allocating memory\n");
  59                 close(fd);
  60                 return NULL;
  61         }
  62
  63         ret = read(fd, b, s.st_size);
  64         if (ret != s.st_size) {
  65                 fprintf(stderr, "Error reading file %s\n", filename);
  66                 free(b);
  67                 close(fd);
  68                 return NULL;
  69         }
  70
  71         close(fd);
  72         *len = s.st_size;
  73         return b;
  74 }
  75
  76 int main(int argc, char *argv[])
  77 {
  78         crypto_ctx *cctx;
  79         crypto_error *error = NULL;
  80         int i;
  81         unsigned char *data;
  82         size_t size = 0, sig_len, dec_len;
  83         unsigned char *sig_data, *dec_data;
  84
  85         if (argc < 6) {
  86                 fprintf(stderr, "Need at least 5 arguments: <sig> <dec> <ca> <cert1> <server>\n");
  87                 return 1;
  88         }
  89
  90         cctx = crypto_ctx_new(&error);
  91         if (!cctx) {
  92                 fprintf(stderr, "Error initializing crypto: %s\n", error->msg);
  93                 return error->code;
  94         }
  95
  96         /* Load certificates */
  97         for (i = 4; i < argc; i++) {
  98                 data = crypto_read_cert(argv[i], &size, &error);
  99                 if (!data) {
 100                         fprintf(stderr, "Error reading cert %d: %s\n", i + 1, error->msg);
 101                         return error->code;
 102                 }
 103                 if (crypto_push_cert(cctx, data, size, &error)) {
 104                         free(data);
 105                         fprintf(stderr, "Error pushing cert %d: %s\n", i + 1, error->msg);
 106                         return error->code;
 107                 }
 108                 free(data);
 109         }
 110
 111         /* Verify the cert chain */
 112         if (crypto_verify_chain(cctx, argv[3], NULL, &error) != 0) {
 113                 fprintf(stderr, "Error verifying chain: %s\n", error && error->msg ? error->msg : "(none)");
 114                 return error->code;
 115         }
 116
 117         /* Decrypt something using the public key of the server certificate */
 118         sig_data = read_binfile(argv[1], &sig_len);
 119         if (sig_data == NULL)
 120                 return 1;
 121
 122         dec_data = read_binfile(argv[2], &dec_len);
 123         if (dec_data == NULL) {
 124                 free(sig_data);
 125                 return 1;
 126         }
 127
 128         size = 0;
 129         data = crypto_decrypt_signature(cctx, &sig_data[0], sig_len, &size, CRYPTO_PAD_NONE, &error);
 130         if (!data || !size) {
 131                 fprintf(stderr, "Error decrypting signature: %s\n", error && error->msg ? error->msg : "(none)");
 132                 free(dec_data);
 133                 free(sig_data);
 134                 return error->code;
 135         }
 136
 137         if (size != dec_len) {
 138                 fprintf(stderr, "Error decrypting signature: unexpected "
 139                         "decrypted size %zd (expected %zu)\n", size, dec_len);
 140                 free(dec_data);
 141                 free(sig_data);
 142                 free(data);
 143                 return 1;
 144         }
 145
 146         if (memcmp(data, dec_data, dec_len)) {
 147                 fprintf(stderr, "Error decrypting signature: decrypted data did"
 148                         " not match expected decrypted data\n");
 149                 free(dec_data);
 150                 free(sig_data);
 151                 free(data);
 152                 return 1;
 153         }
 154         free(dec_data);
 155         free(sig_data);
 156         free(data);
 157
 158         fprintf(stdout, "Success\n");
 159
 160         crypto_ctx_free(cctx);
 161         return 0;
 162 }
 163