static void
fooTicket(void)
{
krb5_error_code ret;
krb5_data data;
size_t size;
Ticket t;
t.tkt_vno = 5;
t.realm = "SU.SE";
t.sname.name_type = KRB5_NT_PRINCIPAL;
t.sname.name_string.len = 1;
t.sname.name_string.val = ecalloc(1, sizeof(t.sname.name_string.val[0]));
t.sname.name_string.val[0] = estrdup("lha");
t.enc_part.etype = ETYPE_AES256_CTS_HMAC_SHA1_96;
t.enc_part.kvno = NULL;
t.enc_part.cipher.length = 6;
t.enc_part.cipher.data = "hejhej";
ASN1_MALLOC_ENCODE(Ticket, data.data, data.length, &t, &size, ret);
if (ret)
errx(1, "ASN1_MALLOC_ENCODE(Ticket)");
rk_dumpdata("foo", data.data, data.length);
free(data.data);
}
static void
slave_status(krb5_context context,
const char *file,
const char *fmt, ...)
{
char *status;
char *fmt2;
va_list args;
int len;
if (asprintf(&fmt2, "%s\n", fmt) == -1 || fmt2 == NULL) {
(void) unlink(file);
return;
}
va_start(args, fmt);
len = vasprintf(&status, fmt2, args);
free(fmt2);
va_end(args);
if (len < 0 || status == NULL) {
(void) unlink(file);
return;
}
krb5_warnx(context, "slave status change: %s", status);
rk_dumpdata(file, status, len);
free(status);
}
int
_hx509_write_file(const char *fn, const void *data, size_t length)
{
rk_dumpdata(fn, data, length);
return 0;
}
static int
p12_store(hx509_context context,
hx509_certs certs, void *data, int flags, hx509_lock lock)
{
struct ks_pkcs12 *p12 = data;
PKCS12_PFX pfx;
PKCS12_AuthenticatedSafe as;
PKCS12_OctetString asdata;
size_t size;
int ret;
memset(&as, 0, sizeof(as));
memset(&pfx, 0, sizeof(pfx));
ret = hx509_certs_iter_f(context, p12->certs, store_func, &as);
if (ret)
goto out;
ASN1_MALLOC_ENCODE(PKCS12_AuthenticatedSafe, asdata.data, asdata.length,
&as, &size, ret);
free_PKCS12_AuthenticatedSafe(&as);
if (ret)
return ret;
ret = der_parse_hex_heim_integer("03", &pfx.version);
if (ret) {
free(asdata.data);
goto out;
}
pfx.authSafe.content = calloc(1, sizeof(*pfx.authSafe.content));
ASN1_MALLOC_ENCODE(PKCS12_OctetString,
pfx.authSafe.content->data,
pfx.authSafe.content->length,
&asdata, &size, ret);
free(asdata.data);
if (ret)
goto out;
ret = der_copy_oid(&asn1_oid_id_pkcs7_data, &pfx.authSafe.contentType);
if (ret)
goto out;
ASN1_MALLOC_ENCODE(PKCS12_PFX, asdata.data, asdata.length,
&pfx, &size, ret);
if (ret)
goto out;
#if 0
const struct _hx509_password *pw;
pw = _hx509_lock_get_passwords(lock);
if (pw != NULL) {
pfx.macData = calloc(1, sizeof(*pfx.macData));
if (pfx.macData == NULL) {
ret = ENOMEM;
hx509_set_error_string(context, 0, ret, "malloc out of memory");
return ret;
}
if (pfx.macData == NULL) {
free(asdata.data);
goto out;
}
}
ret = calculate_hash(&aspath, pw, pfx.macData);
#endif
rk_dumpdata(p12->fn, asdata.data, asdata.length);
free(asdata.data);
out:
free_PKCS12_AuthenticatedSafe(&as);
free_PKCS12_PFX(&pfx);
return ret;
}
int
main(int argc, char **argv)
{
int idx = 0;
char *buffer;
char path[MAXPATHLEN];
setprogname(argv[0]);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx))
usage(1);
if (help_flag)
usage(0);
if(version_flag){
print_version(NULL);
exit(0);
}
argc -= idx;
argv += idx;
if (argc != 0)
usage(1);
buffer = emalloc(len);
if (rand_method) {
if (0) {
}
#ifndef NO_RAND_FORTUNA_METHOD
else if (strcasecmp(rand_method, "fortuna") == 0)
RAND_set_rand_method(RAND_fortuna_method());
#endif
#ifndef NO_RAND_UNIX_METHOD
else if (strcasecmp(rand_method, "unix") == 0)
RAND_set_rand_method(RAND_unix_method());
#endif
#ifndef NO_RAND_EGD_METHOD
else if (strcasecmp(rand_method, "egd") == 0)
RAND_set_rand_method(RAND_egd_method());
#endif
#ifdef WIN32
else if (strcasecmp(rand_method, "w32crypto") == 0)
RAND_set_rand_method(RAND_w32crypto_method());
#endif
else
errx(1, "unknown method %s", rand_method);
}
if (RAND_file_name(path, sizeof(path)) == NULL)
errx(1, "RAND_file_name failed");
if (RAND_status() != 1)
errx(1, "random not ready yet");
if (RAND_bytes(buffer, len) != 1)
errx(1, "RAND_bytes");
if (filename)
rk_dumpdata(filename, buffer, len);
/* head vs tail */
if (len >= 100000) {
int bit, i;
double res;
int bits[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
for (i = 0; i < len; i++) {
unsigned char c = ((unsigned char *)buffer)[i];
for (bit = 0; bit < 8 && c; bit++) {
if (c & 1)
bits[bit]++;
c = c >> 1;
}
}
for (bit = 0; bit < 8; bit++) {
res = ((double)abs(len - bits[bit] * 2)) / (double)len;
if (res > 0.005)
errx(1, "head%d vs tail%d > 0.5%%%% %lf == %d vs %d",
bit, bit, res, len, bits[bit]);
printf("head vs tails bit%d: %lf\n", bit, res);
}
}
int
main(int argc, char **argv)
{
int idx = 0;
char *buffer;
char path[MAXPATHLEN];
setprogname(argv[0]);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx))
usage(1);
if (help_flag)
usage(0);
if(version_flag){
print_version(NULL);
exit(0);
}
if (argc != idx)
usage(1);
buffer = emalloc(len);
if (rand_method) {
if (0) {
}
#ifndef NO_RAND_FORTUNA_METHOD
else if (strcasecmp(rand_method, "fortuna") == 0)
RAND_set_rand_method(RAND_fortuna_method());
#endif
#ifndef NO_RAND_UNIX_METHOD
else if (strcasecmp(rand_method, "unix") == 0)
RAND_set_rand_method(RAND_unix_method());
#endif
#ifdef WIN32
else if (strcasecmp(rand_method, "w32crypto") == 0)
RAND_set_rand_method(RAND_w32crypto_method());
#endif
else
errx(1, "unknown method %s", rand_method);
}
if (RAND_file_name(path, sizeof(path)) == NULL)
errx(1, "RAND_file_name failed");
if (RAND_status() != 1)
errx(1, "random not ready yet");
if (RAND_bytes(buffer, len) != 1)
errx(1, "RAND_bytes");
if (filename)
rk_dumpdata(filename, buffer, len);
/* head vs tail */
if (len >= 100000) {
unsigned bytes[256];
unsigned bits[8];
size_t bit, i;
double res;
double slen = sqrt((double)len);
memset(bits, 0, sizeof(bits));
memset(bytes, 0, sizeof(bytes));
for (i = 0; i < len; i++) {
unsigned char c = ((unsigned char *)buffer)[i];
bytes[c]++;
for (bit = 0; bit < 8 && c; bit++) {
if (c & 1)
bits[bit]++;
c = c >> 1;
}
}
/*
* The count for each bit value has a mean of n*p = len/2,
* and a standard deviation of sqrt(n*p*q) ~ sqrt(len/4).
* Normalizing by dividing by "n*p", we get a mean of 1 and
* a standard deviation of sqrt(q/n*p) = 1/sqrt(len).
*
* A 5.33-sigma event happens 1 time in 10 million.
* A 5.73-sigma event happens 1 time in 100 million.
* A 6.11-sigma event happens 1 time in 1000 million.
*
* We tolerate 5.33-sigma events (we have 8 not entirely
* independent chances of skewed results) and want to fail
* with a good RNG less often than 1 time in million.
*/
for (bit = 0; bit < 8; bit++) {
res = slen * fabs(1.0 - 2 * (double)bits[bit] / len);
if (res > 5.33)
errx(1, "head%d vs tail%d: %.1f-sigma (%d of %d)",
(int)bit, (int)bit, res, bits[bit], len);
printf("head vs tails bit%d: %f-sigma\n", (int)bit, res);
}
/*
* The count of each byte value has a mean of n*p = len/256,
* and a standard deviation of sqrt(n*p*q) ~ sqrt(len/256).
* Normalizing by dividing by "n*p", we get a mean of 1 and
* a standard deviation of sqrt(q/n*p) ~ 16/sqrt(len).
*
* We tolerate 5.73-sigma events (we have 256 not entirely
* independent chances of skewed results). Note, for example,
* a 5.2-sigma event was observed in ~5,000 runs.
*/
for (i = 0; i < 256; i++) {
res = (slen / 16) * fabs(1.0 - 256 * (double)bytes[i] / len);
if (res > 5.73)
errx(1, "byte %d: %.1f-sigma (%d of %d)",
(int) i, res, bytes[i], len);
printf("byte %d: %f-sigma\n", (int)i, res);
}
}
int
generic_test (const struct test_case *tests,
unsigned ntests,
size_t data_size,
int (ASN1CALL *encode)(unsigned char *, size_t, void *, size_t *),
int (ASN1CALL *length)(void *),
int (ASN1CALL *decode)(unsigned char *, size_t, void *, size_t *),
int (ASN1CALL *free_data)(void *),
int (*cmp)(void *a, void *b),
int (ASN1CALL *copy)(const void *from, void *to))
{
unsigned char *buf, *buf2;
int i;
int failures = 0;
void *data;
struct map_page *data_map, *buf_map, *buf2_map;
#ifdef HAVE_SIGACTION
struct sigaction sa, osa;
#endif
for (i = 0; i < ntests; ++i) {
int ret;
size_t sz, consumed_sz, length_sz, buf_sz;
void *to = NULL;
current_test = tests[i].name;
current_state = "init";
#ifdef HAVE_SIGACTION
sigemptyset (&sa.sa_mask);
sa.sa_flags = 0;
#ifdef SA_RESETHAND
sa.sa_flags |= SA_RESETHAND;
#endif
sa.sa_handler = segv_handler;
sigaction (SIGSEGV, &sa, &osa);
#endif
data = map_alloc(OVERRUN, NULL, data_size, &data_map);
buf_sz = tests[i].byte_len;
buf = map_alloc(UNDERRUN, NULL, buf_sz, &buf_map);
current_state = "encode";
ret = (*encode) (buf + buf_sz - 1, buf_sz,
tests[i].val, &sz);
if (ret != 0) {
printf ("encoding of %s failed %d\n", tests[i].name, ret);
++failures;
continue;
}
if (sz != tests[i].byte_len) {
printf ("encoding of %s has wrong len (%lu != %lu)\n",
tests[i].name,
(unsigned long)sz, (unsigned long)tests[i].byte_len);
++failures;
continue;
}
current_state = "length";
length_sz = (*length) (tests[i].val);
if (sz != length_sz) {
printf ("length for %s is bad (%lu != %lu)\n",
tests[i].name, (unsigned long)length_sz, (unsigned long)sz);
++failures;
continue;
}
current_state = "memcmp";
if (memcmp (buf, tests[i].bytes, tests[i].byte_len) != 0) {
printf ("encoding of %s has bad bytes:\n"
"correct: ", tests[i].name);
print_bytes ((unsigned char *)tests[i].bytes, tests[i].byte_len);
printf ("\nactual: ");
print_bytes (buf, sz);
printf ("\n");
#if 0
rk_dumpdata("correct", tests[i].bytes, tests[i].byte_len);
rk_dumpdata("actual", buf, sz);
exit (1);
#endif
++failures;
continue;
}
buf2 = map_alloc(OVERRUN, buf, sz, &buf2_map);
current_state = "decode";
ret = (*decode) (buf2, sz, data, &consumed_sz);
if (ret != 0) {
printf ("decoding of %s failed %d\n", tests[i].name, ret);
++failures;
continue;
}
if (sz != consumed_sz) {
printf ("different length decoding %s (%ld != %ld)\n",
tests[i].name,
(unsigned long)sz, (unsigned long)consumed_sz);
++failures;
continue;
}
current_state = "cmp";
if ((*cmp)(data, tests[i].val) != 0) {
printf ("%s: comparison failed\n", tests[i].name);
++failures;
continue;
}
current_state = "copy";
if (copy) {
to = emalloc(data_size);
ret = (*copy)(data, to);
if (ret != 0) {
printf ("copy of %s failed %d\n", tests[i].name, ret);
++failures;
continue;
}
current_state = "cmp-copy";
if ((*cmp)(data, to) != 0) {
printf ("%s: copy comparison failed\n", tests[i].name);
++failures;
continue;
}
}
current_state = "free";
if (free_data) {
(*free_data)(data);
if (to) {
(*free_data)(to);
free(to);
}
}
current_state = "free";
map_free(buf_map, tests[i].name, "encode");
map_free(buf2_map, tests[i].name, "decode");
map_free(data_map, tests[i].name, "data");
#ifdef HAVE_SIGACTION
sigaction (SIGSEGV, &osa, NULL);
#endif
}
current_state = "done";
return failures;
}
