diff options
| author | Martin Willi <martin@revosec.ch> | 2015-04-11 15:55:26 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2015-04-14 12:02:48 +0200 |
| commit | 9d6e952201a1292087dc42b16a3055a99dbee7ba (patch) | |
| tree | 5760f71ee6b75d4d580caf8484ad44be465e9c95 /scripts/timeattack.c | |
| parent | 71afe0a5567ff4cc51e536913f5c009700d3dcf8 (diff) | |
| download | strongswan-9d6e952201a1292087dc42b16a3055a99dbee7ba.tar.bz2 strongswan-9d6e952201a1292087dc42b16a3055a99dbee7ba.tar.xz | |
utils: Add a constant time chunk_equals() variant for cryptographic purposes
Diffstat (limited to 'scripts/timeattack.c')
| -rw-r--r-- | scripts/timeattack.c | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/scripts/timeattack.c b/scripts/timeattack.c index 3d7ffee7d..ef00e8c4e 100644 --- a/scripts/timeattack.c +++ b/scripts/timeattack.c @@ -235,6 +235,48 @@ static bool attack_memeq(char *name, u_int iterations, u_int distance) return FALSE; } +CALLBACK(attack_chunk1, bool, + u_char *subj, u_char *data, size_t len) +{ + return chunk_equals(chunk_create(subj, len), chunk_create(data, len)); +} + +CALLBACK(attack_chunk2, bool, + u_char *subj, u_char *data, size_t len) +{ + return chunk_equals_const(chunk_create(subj, len), chunk_create(data, len)); +} + +static bool attack_chunk(char *name, u_int iterations, u_int distance) +{ + struct { + char *name; + attackfn_t fn; + } attacks[] = { + { "chunk1", attack_chunk1 }, + { "chunk2", attack_chunk2 }, + }; + u_char exp[16]; + int i; + + srandom(time(NULL)); + for (i = 0; i < sizeof(exp); i++) + { + exp[i] = random(); + } + fprintf(stderr, "attacking %b\n", exp, sizeof(exp)); + + for (i = 0; i < countof(attacks); i++) + { + if (streq(name, attacks[i].name)) + { + return timeattack(attacks[i].fn, exp, sizeof(exp), + iterations, distance); + } + } + return FALSE; +} + CALLBACK(attack_aead, bool, aead_t *aead, u_char *data, size_t len) { @@ -357,7 +399,7 @@ int main(int argc, char *argv[]) if (argc < 3) { fprintf(stderr, "usage: %s <attack> <iterations> <distance>\n", argv[0]); - fprintf(stderr, " <attack>: memeq[1-5] / aead / signer\n"); + fprintf(stderr, " <attack>: memeq[1-5] / chunk[1-2] / aead / signer\n"); fprintf(stderr, " <iterations>: number of invocations * 1000\n"); fprintf(stderr, " <distance>: time difference in ns for a hit\n"); fprintf(stderr, " example: %s memeq1 100 500\n", argv[0]); @@ -368,5 +410,9 @@ int main(int argc, char *argv[]) { return !attack_memeq(argv[1], atoi(argv[2]), atoi(argv[3])); } + if (strpfx(argv[1], "chunk")) + { + return !attack_chunk(argv[1], atoi(argv[2]), atoi(argv[3])); + } return !attack_transform(argv[1], atoi(argv[2]), atoi(argv[3])); } |