/** Return the hex-encoded SHA1 digest of the loaded GeoIP file. The
* result does not need to be deallocated, but will be overwritten by the
* next call of hex_str(). */
const char *
geoip_db_digest(sa_family_t family)
{
tor_assert(family == AF_INET || family == AF_INET6);
if (family == AF_INET)
return hex_str(geoip_digest, DIGEST_LEN);
else /* AF_INET6 */
return hex_str(geoip6_digest, DIGEST_LEN);
}
void hex_dump( unsigned char * buf, int len )
{
char str[KB(4)];
if( dbg_term )
puts( hex_str( buf, len, str ) );
if( dbg_file ){
fputs( hex_str( buf, len, str ), fp_log );
fprintf( fp_log, "\n" );
fflush( fp_log );
}
//fprintf( stderr, hex_str( buf, len ) );
}
/* Test helper function: Make sure that a bridge line gets parsed
* properly. Also make sure that the resulting bridge_line_t structure
* has its fields set correctly. */
static void
good_bridge_line_test(const char *string, const char *test_addrport,
const char *test_digest, const char *test_transport,
const smartlist_t *test_socks_args)
{
char *tmp = NULL;
bridge_line_t *bridge_line = parse_bridge_line(string);
test_assert(bridge_line);
/* test addrport */
tmp = tor_strdup(fmt_addrport(&bridge_line->addr, bridge_line->port));
test_streq(test_addrport, tmp);
tor_free(tmp);
/* If we were asked to validate a digest, but we did not get a
digest after parsing, we failed. */
if (test_digest && tor_digest_is_zero(bridge_line->digest))
test_assert(0);
/* If we were not asked to validate a digest, and we got a digest
after parsing, we failed again. */
if (!test_digest && !tor_digest_is_zero(bridge_line->digest))
test_assert(0);
/* If we were asked to validate a digest, and we got a digest after
parsing, make sure it's correct. */
if (test_digest) {
tmp = tor_strdup(hex_str(bridge_line->digest, DIGEST_LEN));
tor_strlower(tmp);
test_streq(test_digest, tmp);
tor_free(tmp);
}
/* If we were asked to validate a transport name, make sure tha it
matches with the transport name that was parsed. */
if (test_transport && !bridge_line->transport_name)
test_assert(0);
if (!test_transport && bridge_line->transport_name)
test_assert(0);
if (test_transport)
test_streq(test_transport, bridge_line->transport_name);
/* Validate the SOCKS argument smartlist. */
if (test_socks_args && !bridge_line->socks_args)
test_assert(0);
if (!test_socks_args && bridge_line->socks_args)
test_assert(0);
if (test_socks_args)
test_assert(smartlist_strings_eq(test_socks_args,
bridge_line->socks_args));
done:
tor_free(tmp);
bridge_line_free(bridge_line);
}
void encode_init(void)
{
uint8_t tmp[5];
luid_get(tmp, 5);
/* extract device ID */
hex_str(tmp, 5, did);
// /* and 'pseudo-randomize' the device ID to get sensor IDs */
// for (int i = 0; i < 3; i++) {
// for (int p = 0; p < 5; p++) {
// tmp[p] ^= rand[i];
// }
// hex_str(tmp, 5, sid[i]);
// }
}
// Elliptic Curve Digital Signature Algorithm Example
void ecdsa_ex () {
// Degree 163 Binary Field from fips186-2
use_NIST_B_163 ();
EC_Domain_Parameters dp = NIST_B_163;
ECPrivKey sk (dp);// generate a key pair from the EC domain parameters
std::string M ("correct message");
ECDSA sig1 (sk, OS2IP(SHA1(M))); // generate the signature
// DER encoding, is a common standard method of representing digital
// signatures
DER der_str (sig1);
HexEncoder hex_str (der_str);
// You might save the DER ecoded signature to a file or send it over
// the network here.
std::cout << "DER Encoding: " << hex_str << std::endl;
ECDSA sig2;
try { // try to catch any DER parsing errors
sig2 = der_str.toECDSA (); // decode the DER string
} catch (borzoiException e) { // print the error message and exit
e.debug_print ();
return;
}
ECPubKey pk (sk);
std::cout << "Checking signature against M: " << M.c_str () << "\n->";
std::cout << "SHA1(M): " << OS2IP(SHA1(M)) << std::endl;
if (sig2.verify(pk, OS2IP(SHA1(M)))) // try to verify the signature
std::cout << "valid signature\n";
else std::cout << "invalid signature\n";
M = "in" + M; // tamper with the message
std::cout << "Checking signature against M: " << M.c_str () << "\n->";
if (sig2.verify(pk, OS2IP(SHA1(M)))) // try to verify the signature
std::cout << "valid signature\n";
else std::cout << "invalid signature\n";
}
std::string rgb2hex(char* str) {
std::string hex_str("#");
std::string numb_str;
while (*str != '\0') {
if ('0' <= *str && *str <= '9') {
char c[2];
c[0] = *str;
c[1] = '\0';
numb_str += std::string(c);
} else {
if (!numb_str.empty()) {
int n = std::stoi(numb_str);
hex_str += int2hex_str256(n);
}
numb_str.clear();
}
str++;
}
return hex_str;
}
UIMsg::UIMsg(ErrorType errortype, unsigned char ucErrorCode, QDialog *parent, Qt::WindowFlags f) :
QDialog(parent,f)
{
// 初始化错误代码
this->initalErrorMsg();
this->initalNoticeMsg();
this->initalFileErrorMsg();
this->initalCommErrorMsg();
this->initalHostErrorMsg();
QPixmap bg;
bg.load(":/images/commonbg.png");
QPalette palette;
palette.setBrush(backgroundRole(),QBrush(bg));
this->setPalette(palette);
this->setAutoFillBackground(true);
this->setAttribute(Qt::WA_DeleteOnClose);
this->setGeometry(20,FRAME420_THVALUE+50,FRAME420_WIDTH,FRAME420_HEIGHT-50);
this->setFixedSize(FRAME420_WIDTH-40,FRAME420_HEIGHT-80);
this->setStyleSheet("QDialog{border: 6px solid silver;}");
QFont font("Helvetica",12,QFont::Bold);
QFont font2("Helvetica",14,QFont::Bold);
QFont font3("Helvetica",8,QFont::Bold);
//--------------define--------------------//
lbHead=new QLabel();
QFont fontH("Helvetica",18,QFont::Bold);
lbHead->setFont(fontH);
lbHead->setAlignment(Qt::AlignCenter);
lbHead->setMinimumHeight(40);
lbHead->setMaximumHeight(40);
lbHead->setSizePolicy(QSizePolicy::Expanding,QSizePolicy::Expanding);
lbMsg=new QLabel();
lbReturnCode=new QLabel();
lbMsg->setFont(font2);
lbReturnCode->setFont(font2);
lbMsg->setAlignment(Qt::AlignCenter);
lbReturnCode->setAlignment(Qt::AlignCenter);
lbMsg->setMinimumHeight(40);
lbReturnCode->setMinimumHeight(40);
btnSubmit=new QPushButton;
btnSubmit->setText(tr("OK"));
btnSubmit->setFont(font2);
btnSubmit->setMinimumHeight(30);
btnSubmit->setStyleSheet(BTN_GREY_STYLE);
this->beepTwice(); //beep
switch(errortype)
{
case NORMAL_ERROR:
{
lbHead->setText("ERROR");
lbHead->setStyleSheet("background-color: rgb(255,0,0);");
lbMsg->setText(hashError.value(ErrIndex(ucErrorCode)));
break;
}
case NOTICE_ERROR:
{
lbHead->setText("NOTICE");
lbHead->setStyleSheet("background-color: rgb(0, 153, 255);");
lbMsg->setText(hashNotice.value(MsgTabIndex(ucErrorCode)));
break;
}
case FILE_ERROR:
{
lbHead->setText("FILE ERROR");
lbHead->setStyleSheet("background-color: rgb(255,0,0);");
lbMsg->setText(hashFileError.value(FileErrIndex(ucErrorCode)));
break;
}
case COMM_ERROR:
{
lbHead->setText("COMM ERROR");
lbHead->setStyleSheet("background-color: rgb(255,0,0);");
lbMsg->setText(hashCommError.value(CommsErrIndex(ucErrorCode)));
break;
}
case HOST_ERROR:
{
qDebug()<<"不应该在这里处理";
break;
}
}
unsigned char ucCode;
ucCode = ucErrorCode;
unsigned char aucErrorCode[PARAM_ANSWER_LEN + 1] = {0};
hex_str(aucErrorCode, &ucCode, PARAM_ANSWER_LEN);
lbReturnCode->setText("Return Code : "+QString::fromAscii((const char*)aucErrorCode));
// -----------layout------------//
QSpacerItem *sp1=new QSpacerItem(1,1,QSizePolicy::Expanding,QSizePolicy::Expanding);
QSpacerItem *sp2=new QSpacerItem(1,1,QSizePolicy::Expanding,QSizePolicy::Expanding);
QSpacerItem *sp3=new QSpacerItem(1,1,QSizePolicy::Expanding,QSizePolicy::Expanding);
QHBoxLayout *h1Lay=new QHBoxLayout();
h1Lay->addSpacing(6);
h1Lay->addWidget(lbHead);
h1Lay->addSpacing(6);
QVBoxLayout *v1Lay=new QVBoxLayout();
v1Lay->addSpacing(6);
v1Lay->addLayout(h1Lay);
v1Lay->addItem(sp1);
v1Lay->addWidget(lbMsg);
v1Lay->addItem(sp2);
if(errortype!=NOTICE_ERROR)
{
v1Lay->addWidget(lbReturnCode);
}
v1Lay->addItem(sp3);
QHBoxLayout *h2Lay=new QHBoxLayout();
h2Lay->addSpacing(10);
h2Lay->addWidget(btnSubmit);
h2Lay->addSpacing(10);
QVBoxLayout *layout=new QVBoxLayout(this);
layout->addLayout(v1Lay);
layout->addLayout(h2Lay);
layout->setContentsMargins(0,0,0,10);
connect(btnSubmit,SIGNAL(clicked()),this,SLOT(close()));
}
str
obj_str(void* p)
{
return hex_str((reg)p);
}
/** Return the hex-encoded SHA1 digest of the loaded GeoIP file. The
* result does not need to be deallocated, but will be overwritten by the
* next call of hex_str(). */
const char *
geoip_db_digest(void)
{
return hex_str(geoip_digest, DIGEST_LEN);
}
/* Called when a service rendezvous point circuit is done building. Given the
* service and the circuit, this function will send a RENDEZVOUS1 cell on the
* circuit using the information in the circuit identifier. If the cell can't
* be sent, the circuit is closed. */
void
hs_circ_service_rp_has_opened(const hs_service_t *service,
origin_circuit_t *circ)
{
size_t payload_len;
uint8_t payload[RELAY_PAYLOAD_SIZE] = {0};
tor_assert(service);
tor_assert(circ);
tor_assert(circ->hs_ident);
/* Some useful logging. */
log_info(LD_REND, "Rendezvous circuit %u has opened with cookie %s "
"for service %s",
TO_CIRCUIT(circ)->n_circ_id,
hex_str((const char *) circ->hs_ident->rendezvous_cookie,
REND_COOKIE_LEN),
safe_str_client(service->onion_address));
circuit_log_path(LOG_INFO, LD_REND, circ);
/* This can't fail. */
payload_len = hs_cell_build_rendezvous1(
circ->hs_ident->rendezvous_cookie,
sizeof(circ->hs_ident->rendezvous_cookie),
circ->hs_ident->rendezvous_handshake_info,
sizeof(circ->hs_ident->rendezvous_handshake_info),
payload);
/* Pad the payload with random bytes so it matches the size of a legacy cell
* which is normally always bigger. Also, the size of a legacy cell is
* always smaller than the RELAY_PAYLOAD_SIZE so this is safe. */
if (payload_len < HS_LEGACY_RENDEZVOUS_CELL_SIZE) {
crypto_rand((char *) payload + payload_len,
HS_LEGACY_RENDEZVOUS_CELL_SIZE - payload_len);
payload_len = HS_LEGACY_RENDEZVOUS_CELL_SIZE;
}
if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
RELAY_COMMAND_RENDEZVOUS1,
(const char *) payload, payload_len,
circ->cpath->prev) < 0) {
/* On error, circuit is closed. */
log_warn(LD_REND, "Unable to send RENDEZVOUS1 cell on circuit %u "
"for service %s",
TO_CIRCUIT(circ)->n_circ_id,
safe_str_client(service->onion_address));
goto done;
}
/* Setup end-to-end rendezvous circuit between the client and us. */
if (hs_circuit_setup_e2e_rend_circ(circ,
circ->hs_ident->rendezvous_ntor_key_seed,
sizeof(circ->hs_ident->rendezvous_ntor_key_seed),
1) < 0) {
log_warn(LD_GENERAL, "Failed to setup circ");
goto done;
}
done:
memwipe(payload, 0, sizeof(payload));
}
/* For a given service, the ntor onion key and a rendezvous cookie, launch a
* circuit to the rendezvous point specified by the link specifiers. On
* success, a circuit identifier is attached to the circuit with the needed
* data. This function will try to open a circuit for a maximum value of
* MAX_REND_FAILURES then it will give up. */
static void
launch_rendezvous_point_circuit(const hs_service_t *service,
const hs_service_intro_point_t *ip,
const hs_cell_introduce2_data_t *data)
{
int circ_needs_uptime;
time_t now = time(NULL);
extend_info_t *info = NULL;
origin_circuit_t *circ;
tor_assert(service);
tor_assert(ip);
tor_assert(data);
circ_needs_uptime = hs_service_requires_uptime_circ(service->config.ports);
/* Get the extend info data structure for the chosen rendezvous point
* specified by the given link specifiers. */
info = hs_get_extend_info_from_lspecs(data->link_specifiers,
&data->onion_pk,
service->config.is_single_onion);
if (info == NULL) {
/* We are done here, we can't extend to the rendezvous point.
* If you're running an IPv6-only v3 single onion service on 0.3.2 or with
* 0.3.2 clients, and somehow disable the option check, it will fail here.
*/
log_fn(LOG_PROTOCOL_WARN, LD_REND,
"Not enough info to open a circuit to a rendezvous point for "
"%s service %s.",
get_service_anonymity_string(service),
safe_str_client(service->onion_address));
goto end;
}
for (int i = 0; i < MAX_REND_FAILURES; i++) {
int circ_flags = CIRCLAUNCH_NEED_CAPACITY | CIRCLAUNCH_IS_INTERNAL;
if (circ_needs_uptime) {
circ_flags |= CIRCLAUNCH_NEED_UPTIME;
}
/* Firewall and policies are checked when getting the extend info. */
if (service->config.is_single_onion) {
circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL;
}
circ = circuit_launch_by_extend_info(CIRCUIT_PURPOSE_S_CONNECT_REND, info,
circ_flags);
if (circ != NULL) {
/* Stop retrying, we have a circuit! */
break;
}
}
if (circ == NULL) {
log_warn(LD_REND, "Giving up on launching a rendezvous circuit to %s "
"for %s service %s",
safe_str_client(extend_info_describe(info)),
get_service_anonymity_string(service),
safe_str_client(service->onion_address));
goto end;
}
log_info(LD_REND, "Rendezvous circuit launched to %s with cookie %s "
"for %s service %s",
safe_str_client(extend_info_describe(info)),
safe_str_client(hex_str((const char *) data->rendezvous_cookie,
REND_COOKIE_LEN)),
get_service_anonymity_string(service),
safe_str_client(service->onion_address));
tor_assert(circ->build_state);
/* Rendezvous circuit have a specific timeout for the time spent on trying
* to connect to the rendezvous point. */
circ->build_state->expiry_time = now + MAX_REND_TIMEOUT;
/* Create circuit identifier and key material. */
{
hs_ntor_rend_cell_keys_t keys;
curve25519_keypair_t ephemeral_kp;
/* No need for extra strong, this is only for this circuit life time. This
* key will be used for the RENDEZVOUS1 cell that will be sent on the
* circuit once opened. */
curve25519_keypair_generate(&ephemeral_kp, 0);
if (hs_ntor_service_get_rendezvous1_keys(&ip->auth_key_kp.pubkey,
&ip->enc_key_kp,
&ephemeral_kp, &data->client_pk,
&keys) < 0) {
/* This should not really happened but just in case, don't make tor
* freak out, close the circuit and move on. */
log_info(LD_REND, "Unable to get RENDEZVOUS1 key material for "
"service %s",
safe_str_client(service->onion_address));
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
goto end;
}
circ->hs_ident = create_rp_circuit_identifier(service,
data->rendezvous_cookie,
&ephemeral_kp.pubkey, &keys);
memwipe(&ephemeral_kp, 0, sizeof(ephemeral_kp));
memwipe(&keys, 0, sizeof(keys));
tor_assert(circ->hs_ident);
}
end:
extend_info_free(info);
}
/**
* Operator to transform this type into string form
*
* @note String representation format is in hex
*/
operator std::string () const
{ return hex_str(); }
/**
* Get a string representation of this type
*
* @return A string representation of this type
*
* @note String representation format is in hex
*/
std::string to_string() const
{ return hex_str(); }
/**
* Get a string representation of this type
*
* @return A string representation of this type
*
* @note String representation format is in hex
*/
std::string str() const
{ return hex_str(); }
/** internal functions implementation starts here **/
void os_sendpass(IRC_User *s, IRC_User *u)
{
u_int32_t source_snid;
u_int32_t snid;
char *target;
char *email;
int lang;
/* status validation */
CHECK_IF_IDENTIFIED_NICK
/* syntax validation */
target = strtok(NULL, " ");
if (!is_soper(u->snid))
{
send_lang(u, s, PERMISSION_DENIED);
return;
}
if(!irc_IsUMode(u, UMODE_OPER)) /* extra security */
return;
else if(IsNull(target))
send_lang(u, s, SENDPASS_SYNTAX);
else if( (snid = nick2snid(target)) == 0 )
send_lang(u, s, NICK_X_NOT_REGISTERED, target);
/* sub-command */
else if(is_sadmin(snid) || is_sroot(snid))
{
log_log(os_log, mod_info.name, "Nick %s trying SENDPASS on sadmin/soper %s",
s->nick, target);
irc_SendSanotice(s, "Nick %s trying SENDPASS on sadmin/soper %s",
s->nick, target);
}
else if((sql_singlequery("SELECT email, lang FROM nickserv WHERE snid=%d",
snid) < 1) || ((email = sql_field(0)) == NULL))
send_lang(u, s, OS_SENDPASS_NO_EMAIL_X, target);
else
{
char buf[512];
char pbuf[PASSLEN+1];
lang = sql_field_i(1);
rand_string(pbuf, PASSLEN, PASSLEN);
pbuf[2] = '0'+ (random() % 10);
sql_execute("UPDATE nickserv_security SET pass=%s WHERE snid=%d",
sql_str(hex_str(encrypted_password(pbuf), 16)), snid);
snprintf(buf, sizeof(buf),
"From: \"%%from_name%%\" <%%from%%>\r\nTo:\"%s\" <%s>\r\nSubject:%s\r\n\r\n%s",
target, email,
"Nick Password",
lang_str_l(lang, SENDPASS_X_X, target, pbuf)
);
email_init_symbols();
email_add_symbol("email", email);
email_send(buf);
memset(pbuf, 0, PASSLEN);
send_lang(u, s, SENDPASS_X_SENT_X, target, email);
log_log(os_log, mod_info.name, "SENDPASS for %s requested by %s",
target, u->nick);
irc_SendSanotice(s, "SENDPASS for %s requested by %s",
target, u->nick);
}
}
/* Decide if the newly received <b>commit</b> should be kept depending on
* the current phase and state of the protocol. The <b>voter_key</b> is the
* RSA identity key fingerprint of the authority's vote from which the
* commit comes from. The <b>phase</b> is the phase we should be validating
* the commit for. Return 1 if the commit should be added to our state or 0
* if not. */
STATIC int
should_keep_commit(const sr_commit_t *commit, const char *voter_key,
sr_phase_t phase)
{
const sr_commit_t *saved_commit;
tor_assert(commit);
tor_assert(voter_key);
log_debug(LD_DIR, "SR: Inspecting commit from %s (voter: %s)?",
sr_commit_get_rsa_fpr(commit),
hex_str(voter_key, DIGEST_LEN));
/* For a commit to be considered, it needs to be authoritative (it should
* be the voter's own commit). */
if (!commit_is_authoritative(commit, voter_key)) {
log_debug(LD_DIR, "SR: Ignoring non-authoritative commit.");
goto ignore;
}
/* Let's make sure, for extra safety, that this fingerprint is known to
* us. Even though this comes from a vote, doesn't hurt to be
* extracareful. */
if (trusteddirserver_get_by_v3_auth_digest(commit->rsa_identity) == NULL) {
log_warn(LD_DIR, "SR: Fingerprint %s is not from a recognized "
"authority. Discarding commit.",
escaped(commit->rsa_identity));
goto ignore;
}
/* Check if the authority that voted for <b>commit</b> has already posted
* a commit before. */
saved_commit = sr_state_get_commit(commit->rsa_identity);
switch (phase) {
case SR_PHASE_COMMIT:
/* Already having a commit for an authority so ignore this one. */
if (saved_commit) {
/* Receiving known commits should happen naturally since commit phase
lasts multiple rounds. However if the commitment value changes
during commit phase, it might be a bug so log more loudly. */
if (!commitments_are_the_same(commit, saved_commit)) {
log_info(LD_DIR,
"SR: Received altered commit from %s in commit phase.",
sr_commit_get_rsa_fpr(commit));
} else {
log_debug(LD_DIR, "SR: Ignoring known commit during commit phase.");
}
goto ignore;
}
/* A commit with a reveal value during commitment phase is very wrong. */
if (commit_has_reveal_value(commit)) {
log_warn(LD_DIR, "SR: Commit from authority %s has a reveal value "
"during COMMIT phase. (voter: %s)",
sr_commit_get_rsa_fpr(commit),
hex_str(voter_key, DIGEST_LEN));
goto ignore;
}
break;
case SR_PHASE_REVEAL:
/* We are now in reveal phase. We keep a commit if and only if:
*
* - We have already seen a commit by this auth, AND
* - the saved commit has the same commitment value as this one, AND
* - the saved commit has no reveal information, AND
* - this commit does have reveal information, AND
* - the reveal & commit information are matching.
*
* If all the above are true, then we are interested in this new commit
* for its reveal information. */
if (!saved_commit) {
log_debug(LD_DIR, "SR: Ignoring commit first seen in reveal phase.");
goto ignore;
}
if (!commitments_are_the_same(commit, saved_commit)) {
log_warn(LD_DIR, "SR: Commit from authority %s is different from "
"previous commit in our state (voter: %s)",
sr_commit_get_rsa_fpr(commit),
hex_str(voter_key, DIGEST_LEN));
goto ignore;
}
if (commit_has_reveal_value(saved_commit)) {
log_debug(LD_DIR, "SR: Ignoring commit with known reveal info.");
goto ignore;
}
if (!commit_has_reveal_value(commit)) {
log_debug(LD_DIR, "SR: Ignoring commit without reveal value.");
goto ignore;
}
if (verify_commit_and_reveal(commit) < 0) {
log_warn(LD_BUG, "SR: Commit from authority %s has an invalid "
"reveal value. (voter: %s)",
sr_commit_get_rsa_fpr(commit),
hex_str(voter_key, DIGEST_LEN));
goto ignore;
}
break;
default:
tor_assert(0);
}
return 1;
ignore:
return 0;
}
/** Run unit tests for our SHA-1 functionality */
static void
test_crypto_sha(void)
{
crypto_digest_t *d1 = NULL, *d2 = NULL;
int i;
char key[160];
char digest[32];
char data[50];
char d_out1[DIGEST_LEN], d_out2[DIGEST256_LEN];
char *mem_op_hex_tmp=NULL;
/* Test SHA-1 with a test vector from the specification. */
i = crypto_digest(data, "abc", 3);
test_memeq_hex(data, "A9993E364706816ABA3E25717850C26C9CD0D89D");
tt_int_op(i, ==, 0);
/* Test SHA-256 with a test vector from the specification. */
i = crypto_digest256(data, "abc", 3, DIGEST_SHA256);
test_memeq_hex(data, "BA7816BF8F01CFEA414140DE5DAE2223B00361A3"
"96177A9CB410FF61F20015AD");
tt_int_op(i, ==, 0);
/* Test HMAC-SHA-1 with test cases from RFC2202. */
/* Case 1. */
memset(key, 0x0b, 20);
crypto_hmac_sha1(digest, key, 20, "Hi There", 8);
test_streq(hex_str(digest, 20),
"B617318655057264E28BC0B6FB378C8EF146BE00");
/* Case 2. */
crypto_hmac_sha1(digest, "Jefe", 4, "what do ya want for nothing?", 28);
test_streq(hex_str(digest, 20),
"EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
/* Case 4. */
base16_decode(key, 25,
"0102030405060708090a0b0c0d0e0f10111213141516171819", 50);
memset(data, 0xcd, 50);
crypto_hmac_sha1(digest, key, 25, data, 50);
test_streq(hex_str(digest, 20),
"4C9007F4026250C6BC8414F9BF50C86C2D7235DA");
/* Case 5. */
memset(key, 0xaa, 80);
crypto_hmac_sha1(digest, key, 80,
"Test Using Larger Than Block-Size Key - Hash Key First",
54);
test_streq(hex_str(digest, 20),
"AA4AE5E15272D00E95705637CE8A3B55ED402112");
/* Test HMAC-SHA256 with test cases from wikipedia and RFC 4231 */
/* Case empty (wikipedia) */
crypto_hmac_sha256(digest, "", 0, "", 0);
test_streq(hex_str(digest, 32),
"B613679A0814D9EC772F95D778C35FC5FF1697C493715653C6C712144292C5AD");
/* Case quick-brown (wikipedia) */
crypto_hmac_sha256(digest, "key", 3,
"The quick brown fox jumps over the lazy dog", 43);
test_streq(hex_str(digest, 32),
"F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8");
/* "Test Case 1" from RFC 4231 */
memset(key, 0x0b, 20);
crypto_hmac_sha256(digest, key, 20, "Hi There", 8);
test_memeq_hex(digest,
"b0344c61d8db38535ca8afceaf0bf12b"
"881dc200c9833da726e9376c2e32cff7");
/* "Test Case 2" from RFC 4231 */
memset(key, 0x0b, 20);
crypto_hmac_sha256(digest, "Jefe", 4, "what do ya want for nothing?", 28);
test_memeq_hex(digest,
"5bdcc146bf60754e6a042426089575c7"
"5a003f089d2739839dec58b964ec3843");
/* "Test case 3" from RFC 4231 */
memset(key, 0xaa, 20);
memset(data, 0xdd, 50);
crypto_hmac_sha256(digest, key, 20, data, 50);
test_memeq_hex(digest,
"773ea91e36800e46854db8ebd09181a7"
"2959098b3ef8c122d9635514ced565fe");
/* "Test case 4" from RFC 4231 */
base16_decode(key, 25,
"0102030405060708090a0b0c0d0e0f10111213141516171819", 50);
memset(data, 0xcd, 50);
crypto_hmac_sha256(digest, key, 25, data, 50);
test_memeq_hex(digest,
"82558a389a443c0ea4cc819899f2083a"
"85f0faa3e578f8077a2e3ff46729665b");
/* "Test case 5" from RFC 4231 */
memset(key, 0x0c, 20);
crypto_hmac_sha256(digest, key, 20, "Test With Truncation", 20);
test_memeq_hex(digest,
"a3b6167473100ee06e0c796c2955552b");
/* "Test case 6" from RFC 4231 */
memset(key, 0xaa, 131);
crypto_hmac_sha256(digest, key, 131,
"Test Using Larger Than Block-Size Key - Hash Key First",
54);
test_memeq_hex(digest,
"60e431591ee0b67f0d8a26aacbf5b77f"
"8e0bc6213728c5140546040f0ee37f54");
/* "Test case 7" from RFC 4231 */
memset(key, 0xaa, 131);
crypto_hmac_sha256(digest, key, 131,
"This is a test using a larger than block-size key and a "
"larger than block-size data. The key needs to be hashed "
"before being used by the HMAC algorithm.", 152);
test_memeq_hex(digest,
"9b09ffa71b942fcb27635fbcd5b0e944"
"bfdc63644f0713938a7f51535c3a35e2");
/* Incremental digest code. */
d1 = crypto_digest_new();
test_assert(d1);
crypto_digest_add_bytes(d1, "abcdef", 6);
d2 = crypto_digest_dup(d1);
test_assert(d2);
crypto_digest_add_bytes(d2, "ghijkl", 6);
crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
crypto_digest(d_out2, "abcdefghijkl", 12);
test_memeq(d_out1, d_out2, DIGEST_LEN);
crypto_digest_assign(d2, d1);
crypto_digest_add_bytes(d2, "mno", 3);
crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
crypto_digest(d_out2, "abcdefmno", 9);
test_memeq(d_out1, d_out2, DIGEST_LEN);
crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
crypto_digest(d_out2, "abcdef", 6);
test_memeq(d_out1, d_out2, DIGEST_LEN);
crypto_digest_free(d1);
crypto_digest_free(d2);
/* Incremental digest code with sha256 */
d1 = crypto_digest256_new(DIGEST_SHA256);
test_assert(d1);
crypto_digest_add_bytes(d1, "abcdef", 6);
d2 = crypto_digest_dup(d1);
test_assert(d2);
crypto_digest_add_bytes(d2, "ghijkl", 6);
crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
crypto_digest256(d_out2, "abcdefghijkl", 12, DIGEST_SHA256);
test_memeq(d_out1, d_out2, DIGEST_LEN);
crypto_digest_assign(d2, d1);
crypto_digest_add_bytes(d2, "mno", 3);
crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
crypto_digest256(d_out2, "abcdefmno", 9, DIGEST_SHA256);
test_memeq(d_out1, d_out2, DIGEST_LEN);
crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
crypto_digest256(d_out2, "abcdef", 6, DIGEST_SHA256);
test_memeq(d_out1, d_out2, DIGEST_LEN);
done:
if (d1)
crypto_digest_free(d1);
if (d2)
crypto_digest_free(d2);
tor_free(mem_op_hex_tmp);
}
// Elliptic Curve Integrated Encryption Scheme
void ecies_ex () {
// Degree 163 Binary Field from fips186-2
use_NIST_B_233 ();
EC_Domain_Parameters dp = NIST_B_233;
ECPrivKey sk (dp);// generate a private key from the domain parameters
ECPubKey pk (sk);// calculate the public key the private key
// plaintext p1 = a, b, c, d
OCTETSTR p1(4); p1[0]='a'; p1[1]='b'; p1[2]='c'; p1[3]='d';
int i;
for (i=0; i<4; i++) {
std::cout << p1[i];
}
std::cout << std::endl;
ECIES ct1 (p1, pk); // encrypt using the public key
std::cout << "ct1: " << std::endl << ct1 << std::endl;
OCTETSTR p2;
try { // try to catch any exceptions if the tag is invalid
p2 = ct1.decrypt(sk); // decrypt using the private key
} catch (borzoiException e) { // print the error message and exit
e.debug_print ();
return;
}
for (i=0; i<4; i++) {
std::cout << p2[i];
}
std::cout << std::endl;
// DER encoding
DER der_str (ct1);
HexEncoder hex_str (der_str);
// You might save the DER ecoded ciphertext to a file or send it over
// the network here.
std::cout << "DER Encoding: " << hex_str << std::endl;
ECIES ct2;
try { // try to catch any DER parsing errors
ct2 = der_str.toECIES (); // decode the DER string
} catch (borzoiException e) { // print the error message and exit
e.debug_print ();
return;
}
std::cout << "ct2: " << std::endl << ct2 << std::endl;
OCTETSTR p3;
try { // try to catch any exceptions if the tag is invalid
p3 = ct2.decrypt(sk); // decrypt using the private key
} catch (borzoiException e) { // print the error message and exit
e.debug_print ();
return;
}
for (i=0; i<4; i++) {
std::cout << p3[i];
}
std::cout << std::endl;
}
/** Process a 'netinfo' cell: read and act on its contents, and set the
* connection state to "open". */
static void
command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
{
time_t timestamp;
uint8_t my_addr_type;
uint8_t my_addr_len;
const uint8_t *my_addr_ptr;
const uint8_t *cp, *end;
uint8_t n_other_addrs;
time_t now = time(NULL);
long apparent_skew = 0;
uint32_t my_apparent_addr = 0;
if (conn->link_proto < 2) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Received a NETINFO cell on %s connection; dropping.",
conn->link_proto == 0 ? "non-versioned" : "a v1");
return;
}
if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V2 &&
conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Received a NETINFO cell on non-handshaking connection; dropping.");
return;
}
tor_assert(conn->handshake_state &&
conn->handshake_state->received_versions);
if (conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
tor_assert(conn->link_proto >= 3);
if (conn->handshake_state->started_here) {
if (!conn->handshake_state->authenticated) {
log_fn(LOG_PROTOCOL_WARN, LD_OR, "Got a NETINFO cell from server, "
"but no authentication. Closing the connection.");
connection_mark_for_close(TO_CONN(conn));
return;
}
} else {
/* we're the server. If the client never authenticated, we have
some housekeeping to do.*/
if (!conn->handshake_state->authenticated) {
tor_assert(tor_digest_is_zero(
(const char*)conn->handshake_state->authenticated_peer_id));
connection_or_set_circid_type(conn, NULL);
connection_or_init_conn_from_address(conn,
&conn->_base.addr,
conn->_base.port,
(const char*)conn->handshake_state->authenticated_peer_id,
0);
}
}
}
/* Decode the cell. */
timestamp = ntohl(get_uint32(cell->payload));
if (labs(now - conn->handshake_state->sent_versions_at) < 180) {
apparent_skew = now - timestamp;
}
my_addr_type = (uint8_t) cell->payload[4];
my_addr_len = (uint8_t) cell->payload[5];
my_addr_ptr = (uint8_t*) cell->payload + 6;
end = cell->payload + CELL_PAYLOAD_SIZE;
cp = cell->payload + 6 + my_addr_len;
if (cp >= end) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Addresses too long in netinfo cell; closing connection.");
connection_mark_for_close(TO_CONN(conn));
return;
} else if (my_addr_type == RESOLVED_TYPE_IPV4 && my_addr_len == 4) {
my_apparent_addr = ntohl(get_uint32(my_addr_ptr));
}
n_other_addrs = (uint8_t) *cp++;
while (n_other_addrs && cp < end-2) {
/* Consider all the other addresses; if any matches, this connection is
* "canonical." */
tor_addr_t addr;
const uint8_t *next =
decode_address_from_payload(&addr, cp, (int)(end-cp));
if (next == NULL) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Bad address in netinfo cell; closing connection.");
connection_mark_for_close(TO_CONN(conn));
return;
}
if (tor_addr_eq(&addr, &conn->real_addr)) {
conn->is_canonical = 1;
break;
}
cp = next;
--n_other_addrs;
}
/* Act on apparent skew. */
/** Warn when we get a netinfo skew with at least this value. */
#define NETINFO_NOTICE_SKEW 3600
if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
router_get_by_id_digest(conn->identity_digest)) {
char dbuf[64];
int severity;
/*XXXX be smarter about when everybody says we are skewed. */
if (router_digest_is_trusted_dir(conn->identity_digest))
severity = LOG_WARN;
else
severity = LOG_INFO;
format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
log_fn(severity, LD_GENERAL, "Received NETINFO cell with skewed time from "
"server at %s:%d. It seems that our clock is %s by %s, or "
"that theirs is %s. Tor requires an accurate clock to work: "
"please check your time and date settings.",
conn->_base.address, (int)conn->_base.port,
apparent_skew>0 ? "ahead" : "behind", dbuf,
apparent_skew>0 ? "behind" : "ahead");
if (severity == LOG_WARN) /* only tell the controller if an authority */
control_event_general_status(LOG_WARN,
"CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
apparent_skew,
conn->_base.address, conn->_base.port);
}
/* XXX maybe act on my_apparent_addr, if the source is sufficiently
* trustworthy. */
(void)my_apparent_addr;
if (connection_or_set_state_open(conn)<0) {
log_fn(LOG_PROTOCOL_WARN, LD_OR, "Got good NETINFO cell from %s:%d; but "
"was unable to make the OR connection become open.",
safe_str_client(conn->_base.address),
conn->_base.port);
connection_mark_for_close(TO_CONN(conn));
} else {
log_info(LD_OR, "Got good NETINFO cell from %s:%d; OR connection is now "
"open, using protocol version %d. Its ID digest is %s",
safe_str_client(conn->_base.address),
conn->_base.port, (int)conn->link_proto,
hex_str(conn->identity_digest, DIGEST_LEN));
}
assert_connection_ok(TO_CONN(conn),time(NULL));
}
/**
* Start at a random md5 hash and search through all possible hashes to find
* a string that hashes to itself.
*/
int main(void)
{
/* there are 2^128 possible md5 hashes */
mpz_t max;
mpz_init(max);
mpz_ui_pow_ui(max, 2, MD5_BITS);
/* initialize PRNG with MT algorithm and seed with time */
gmp_randstate_t rand_state;
gmp_randinit_mt(rand_state);
gmp_randseed_ui(rand_state, time(NULL));
/* pick a random one to start with and free PRNG memory */
mpz_t start;
mpz_init(start);
mpz_urandomb(start, rand_state, MD5_BITS);
gmp_randclear(rand_state);
printf("Starting with random string: \"");
mpz_out_str(stdout, HEX_BASE, start);
printf("\"\n");
/* current hash */
mpz_t current;
mpz_init_set(current, start);
/* get ready to calculate hashes */
MD5_CTX md5_ctx;
unsigned char input[MD5_BYTES];
unsigned char digest[MD5_BYTES];
char input_str[MD5_STR_LEN + 1];
char digest_str[MD5_STR_LEN + 1];
/* search from start until max */
while(mpz_cmp(current, max) < 0)
{
/* initialize MD5 and get current as an unsigned char[] */
MD5_Init(&md5_ctx);
mpz_export(input, NULL, 1, 1, 0, 0, current);
/* hash the input string */
hex_str(input_str, input, MD5_BYTES);
MD5_Update(&md5_ctx, input_str, MD5_STR_LEN);
MD5_Final(digest, &md5_ctx);
/* check for a match */
if(strncmp(input, digest, MD5_BYTES) == 0)
{
/* we have a winner! */
hex_str(digest_str, digest, MD5_BYTES);
printf("md5(\"%s\") = \"%s\"\n", input_str, digest_str);
}
/* keep looking */
mpz_add_ui(current, current, 1);
}
/* now search backwards from start */
mpz_set(current, start);
mpz_sub_ui(current, current, 1);
while(mpz_cmp_ui(current, 0) >= 0)
{
/* initialize MD5 and get current as an unsigned char[] */
MD5_Init(&md5_ctx);
mpz_export(input, NULL, 1, 1, 0, 0, current);
/* hash the input string */
hex_str(input_str, input, MD5_BYTES);
MD5_Update(&md5_ctx, input_str, MD5_STR_LEN);
MD5_Final(digest, &md5_ctx);
/* check for a match */
if(strncmp(input, digest, MD5_BYTES) == 0)
{
/* we have a winner! */
hex_str(digest_str, digest, MD5_BYTES);
printf("md5(\"%s\") = \"%s\"\n", input_str, digest_str);
}
/* keep looking */
mpz_sub_ui(current, current, 1);
}
/* clean up */
mpz_clear(max);
mpz_clear(start);
mpz_clear(current);
}
