static void test_hmac_test_vectors(void) { test_begin("test_hmac_test_vectors"); buffer_t *pt, *ct, *key, *res; pt = buffer_create_dynamic(pool_datastack_create(), 50); key = buffer_create_dynamic(pool_datastack_create(), 20); ct = buffer_create_dynamic(pool_datastack_create(), 32); res = buffer_create_dynamic(pool_datastack_create(), 32); hex_to_binary("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", key); hex_to_binary("dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd", pt); hex_to_binary("773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe", res); struct dcrypt_context_hmac *hctx; if (!dcrypt_ctx_hmac_create("sha256", &hctx, NULL)) { test_assert_failed("dcrypt_ctx_hmac_create", __FILE__, __LINE__-1); } else { dcrypt_ctx_hmac_set_key(hctx, key->data, key->used); test_assert(dcrypt_ctx_hmac_init(hctx, NULL)); test_assert(dcrypt_ctx_hmac_update(hctx, pt->data, pt->used, NULL)); test_assert(dcrypt_ctx_hmac_final(hctx, ct, NULL)); test_assert(buffer_cmp(ct, res)); dcrypt_ctx_hmac_destroy(&hctx); } test_end(); }
/* * convert the key to a bit pattern * obuf bit pattern * inbuf the key itself */ void expand_des_key(char *obuf, char *inbuf) { int i, j; /* counter in a for loop */ int nbuf[64]; /* used for hex/key translation */ /* * leading '0x' or '0X' == hex key */ if (inbuf[0] == '0' && (inbuf[1] == 'x' || inbuf[1] == 'X')) { inbuf = &inbuf[2]; /* * now translate it, bombing on any illegal hex digit */ for (i = 0; inbuf[i] && i < 16; i++) if ((nbuf[i] = hex_to_binary((int) inbuf[i], 16)) == -1) des_error("bad hex digit in key"); while (i < 16) nbuf[i++] = 0; for (i = 0; i < 8; i++) obuf[i] = ((nbuf[2*i]&0xf)<<4) | (nbuf[2*i+1]&0xf); /* preserve parity bits */ pflag = 1; return; } /* * leading '0b' or '0B' == binary key */ if (inbuf[0] == '0' && (inbuf[1] == 'b' || inbuf[1] == 'B')) { inbuf = &inbuf[2]; /* * now translate it, bombing on any illegal binary digit */ for (i = 0; inbuf[i] && i < 16; i++) if ((nbuf[i] = hex_to_binary((int) inbuf[i], 2)) == -1) des_error("bad binary digit in key"); while (i < 64) nbuf[i++] = 0; for (i = 0; i < 8; i++) for (j = 0; j < 8; j++) obuf[i] = (obuf[i]<<1)|nbuf[8*i+j]; /* preserve parity bits */ pflag = 1; return; } /* * no special leader -- ASCII */ strncpy(obuf, inbuf, 8); }
int main(int argc, char **argv) { FILE *kfile; RSA *rsa = NULL; char ndata[257], ddata[257]; /* respond privatefile challenge */ if (argc < 3) { puts("Usage: respond privatefile challenge [passphrase]"); return 0; } if (argc == 4) { /* This is TOTALLY insecure and not recommended, but for ** interfacing with irc client scripts, it's either this ** or don't use a passphrase. ** ** The likelihood of a passphrase leaking isn't TOO great, ** only ps auxww will show it, and even then, only at the ** precise moment this is called. */ insecure_mode = 1; pass_param = argv[3]; } if (!(kfile = fopen(argv[1], "r"))) { puts("Could not open the private keyfile."); return 0; } SSLeay_add_all_ciphers(); rsa = PEM_read_RSAPrivateKey(kfile, NULL,pass_cb, NULL); if(!rsa) { puts("Unable to read your private key, is the passphrase wrong?"); return 0; } fclose(kfile); if (hex_to_binary(argv[2], ndata, 128) != 128) { puts("Bad challenge."); return -1; } if (RSA_private_decrypt(128, (unsigned char*)ndata, (unsigned char*)ddata, rsa, RSA_PKCS1_PADDING) == -1) { puts("Decryption error."); return -1; } binary_to_hex((unsigned char*)ddata, ndata, 32); puts(ndata); return 0; }
static void test_hex_to_binary(void) { static const char *ok_input = "0001fEFf"; static unsigned char ok_output[] = { 0x00, 0x01, 0xfe, 0xff }; static const char *error_input[] = { "00 01", "0x01", "0g" }; buffer_t *buf = buffer_create_dynamic(pool_datastack_create(), 10); unsigned int i; test_begin("hex to binary"); test_assert(hex_to_binary("", buf) == 0); test_assert(buf->used == 0); test_assert(hex_to_binary(ok_input, buf) == 0); test_assert(buf->used == N_ELEMENTS(ok_output)); test_assert(memcmp(buf->data, ok_output, buf->used) == 0); for (i = 0; i < N_ELEMENTS(error_input); i++) test_assert(hex_to_binary(error_input[i], buf) == -1); test_end(); }
static bool master_input_request(struct auth_master_connection *conn, const char *args) { struct auth_client_connection *client_conn; const char *const *list, *const *params; unsigned int id, client_pid, client_id; uint8_t cookie[MASTER_AUTH_COOKIE_SIZE]; buffer_t buf; /* <id> <client-pid> <client-id> <cookie> [<parameters>] */ list = t_strsplit_tab(args); if (str_array_length(list) < 4 || str_to_uint(list[0], &id) < 0 || str_to_uint(list[1], &client_pid) < 0 || str_to_uint(list[2], &client_id) < 0) { i_error("BUG: Master sent broken REQUEST"); return FALSE; } buffer_create_from_data(&buf, cookie, sizeof(cookie)); if (hex_to_binary(list[3], &buf) < 0) { i_error("BUG: Master sent broken REQUEST cookie"); return FALSE; } params = list + 4; client_conn = auth_client_connection_lookup(client_pid); if (client_conn == NULL) { i_error("Master requested auth for nonexistent client %u", client_pid); o_stream_nsend_str(conn->output, t_strdup_printf("FAIL\t%u\n", id)); } else if (memcmp(client_conn->cookie, cookie, sizeof(cookie)) != 0) { i_error("Master requested auth for client %u with invalid cookie", client_pid); o_stream_nsend_str(conn->output, t_strdup_printf("FAIL\t%u\n", id)); } else if (!auth_request_handler_master_request( client_conn->request_handler, conn, id, client_id, params)) { i_error("Master requested auth for non-login client %u", client_pid); o_stream_nsend_str(conn->output, t_strdup_printf("FAIL\t%u\n", id)); } return TRUE; }
int quoted_printable_q_decode(const unsigned char *src, size_t src_size, buffer_t *dest) { char hexbuf[3]; size_t src_pos, next; bool errors = FALSE; hexbuf[2] = '\0'; next = 0; for (src_pos = 0; src_pos < src_size; src_pos++) { if (src[src_pos] != '_' && src[src_pos] != '=') continue; buffer_append(dest, src + next, src_pos - next); next = src_pos; if (src[src_pos] == '_') { buffer_append_c(dest, ' '); next++; continue; } if (src_pos+2 >= src_size) break; /* =<hex> */ hexbuf[0] = src[src_pos+1]; hexbuf[1] = src[src_pos+2]; if (hex_to_binary(hexbuf, dest) == 0) { src_pos += 2; next = src_pos+1; } else { /* non-hex data, show as-is */ errors = TRUE; next = src_pos; } } buffer_append(dest, src + next, src_size - next); return errors ? -1 : 0; }
static int quoted_printable_decode_full(const unsigned char *src, size_t src_size, size_t *src_pos_r, buffer_t *dest, bool eof) { char hexbuf[3]; size_t src_pos, pos, next; bool errors = FALSE; int ret; hexbuf[2] = '\0'; next = 0; for (src_pos = 0; src_pos < src_size; src_pos++) { if (src[src_pos] != '=' && src[src_pos] != '\n') continue; if (src[src_pos] == '\n') { /* drop trailing whitespace */ pos = src_pos; if (pos > 0 && src[pos-1] == '\r') pos--; while (pos > 0 && QP_IS_TRAILING_SPACE(src[pos-1])) pos--; buffer_append(dest, src + next, pos - next); next = src_pos+1; buffer_append_c(dest, '\r'); buffer_append_c(dest, '\n'); continue; } /* '=' */ buffer_append(dest, src + next, src_pos - next); next = src_pos; if ((ret = qp_is_end_of_line(src, &src_pos, src_size)) > 0) { /* =[whitespace][\r]\n */ next = src_pos+1; continue; } if (ret < 0) { /* '=' was followed only by whitespace */ break; } if (src_pos+2 >= src_size) { /* '=' was followed by non-whitespace */ if (eof) errors = TRUE; break; } /* =<hex> */ hexbuf[0] = src[src_pos+1]; hexbuf[1] = src[src_pos+2]; if (hex_to_binary(hexbuf, dest) == 0) { src_pos += 2; next = src_pos + 1; } else { /* non-hex data, show as-is */ errors = TRUE; next = src_pos; } } if (src_pos == src_size) { /* add everything but trailing spaces */ if (src_pos > 0 && src[src_pos-1] == '\r') src_pos--; while (src_pos > 0 && QP_IS_TRAILING_SPACE(src[src_pos-1])) src_pos--; buffer_append(dest, src + next, src_pos - next); next = src_pos; } *src_pos_r = next; return errors ? -1 : 0; }
static void test_cipher_test_vectors(void) { static struct { const char *key; const char *iv; const char *pt; const char *ct; } vectors[] = { { "2b7e151628aed2a6abf7158809cf4f3c", "000102030405060708090a0b0c0d0e0f", "6bc1bee22e409f96e93d7e117393172a", "7649abac8119b246cee98e9b12e9197d" }, { "2b7e151628aed2a6abf7158809cf4f3c", "7649ABAC8119B246CEE98E9B12E9197D", "ae2d8a571e03ac9c9eb76fac45af8e51", "5086cb9b507219ee95db113a917678b2" } }; test_begin("test_cipher_test_vectors"); buffer_t *key,*iv,*pt,*ct,*res_enc,*res_dec; key = buffer_create_dynamic(pool_datastack_create(), 16); iv = buffer_create_dynamic(pool_datastack_create(), 16); pt = buffer_create_dynamic(pool_datastack_create(), 16); ct = buffer_create_dynamic(pool_datastack_create(), 16); res_enc = buffer_create_dynamic(pool_datastack_create(), 32); res_dec = buffer_create_dynamic(pool_datastack_create(), 32); for(size_t i = 0; i < N_ELEMENTS(vectors); i++) { struct dcrypt_context_symmetric *ctx; buffer_set_used_size(key, 0); buffer_set_used_size(iv, 0); buffer_set_used_size(pt, 0); buffer_set_used_size(ct, 0); buffer_set_used_size(res_enc, 0); buffer_set_used_size(res_dec, 0); hex_to_binary(vectors[i].key, key); hex_to_binary(vectors[i].iv, iv); hex_to_binary(vectors[i].pt, pt); hex_to_binary(vectors[i].ct, ct); if (!dcrypt_ctx_sym_create("AES-128-CBC", DCRYPT_MODE_ENCRYPT, &ctx, NULL)) { test_assert_failed("dcrypt_ctx_sym_create", __FILE__, __LINE__-1); continue; } dcrypt_ctx_sym_set_padding(ctx, FALSE); dcrypt_ctx_sym_set_key(ctx, key->data, key->used); dcrypt_ctx_sym_set_iv(ctx, iv->data, iv->used); test_assert_idx(dcrypt_ctx_sym_init(ctx, NULL), i); test_assert_idx(dcrypt_ctx_sym_update(ctx, pt->data, pt->used, res_enc, NULL), i); test_assert_idx(dcrypt_ctx_sym_final(ctx, res_enc, NULL), i); test_assert_idx(buffer_cmp(ct, res_enc), i); dcrypt_ctx_sym_destroy(&ctx); if (!dcrypt_ctx_sym_create("AES-128-CBC", DCRYPT_MODE_DECRYPT, &ctx, NULL)) { test_assert_failed("dcrypt_ctx_sym_create", __FILE__, __LINE__-1); continue; } dcrypt_ctx_sym_set_padding(ctx, FALSE); dcrypt_ctx_sym_set_key(ctx, key->data, key->used); dcrypt_ctx_sym_set_iv(ctx, iv->data, iv->used); test_assert_idx(dcrypt_ctx_sym_init(ctx, NULL), i); test_assert_idx(dcrypt_ctx_sym_update(ctx, res_enc->data, res_enc->used, res_dec, NULL), i); test_assert_idx(dcrypt_ctx_sym_final(ctx, res_dec, NULL), i); test_assert_idx(buffer_cmp(pt, res_dec), i); dcrypt_ctx_sym_destroy(&ctx); } test_end(); }
static void test_cipher_aead_test_vectors(void) { struct dcrypt_context_symmetric *ctx; const char *error = NULL; test_begin("test_cipher_aead_test_vectors"); if (!dcrypt_ctx_sym_create("aes-128-gcm", DCRYPT_MODE_ENCRYPT, &ctx, &error)) { test_assert_failed("dcrypt_ctx_sym_create", __FILE__, __LINE__-1); return; } buffer_t *key, *iv, *aad, *pt, *ct, *tag, *tag_res, *res; key = buffer_create_dynamic(pool_datastack_create(), 16); iv = buffer_create_dynamic(pool_datastack_create(), 16); aad = buffer_create_dynamic(pool_datastack_create(), 16); pt = buffer_create_dynamic(pool_datastack_create(), 16); ct = buffer_create_dynamic(pool_datastack_create(), 16); tag = buffer_create_dynamic(pool_datastack_create(), 16); res = buffer_create_dynamic(pool_datastack_create(), 16); tag_res = buffer_create_dynamic(pool_datastack_create(), 16); hex_to_binary("feffe9928665731c6d6a8f9467308308", key); hex_to_binary("cafebabefacedbaddecaf888", iv); hex_to_binary("d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", pt); hex_to_binary("42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985", ct); hex_to_binary("4d5c2af327cd64a62cf35abd2ba6fab4", tag); dcrypt_ctx_sym_set_key(ctx, key->data, key->used); dcrypt_ctx_sym_set_iv(ctx, iv->data, iv->used); dcrypt_ctx_sym_set_aad(ctx, aad->data, aad->used); test_assert(dcrypt_ctx_sym_init(ctx, &error)); test_assert(dcrypt_ctx_sym_update(ctx, pt->data, pt->used, res, &error)); test_assert(dcrypt_ctx_sym_final(ctx, res, &error)); test_assert(dcrypt_ctx_sym_get_tag(ctx, tag_res)); test_assert(buffer_cmp(ct, res) == TRUE); test_assert(buffer_cmp(tag, tag_res) == TRUE); dcrypt_ctx_sym_destroy(&ctx); if (!dcrypt_ctx_sym_create("aes-128-gcm", DCRYPT_MODE_DECRYPT, &ctx, &error)) { test_assert_failed("dcrypt_ctx_sym_create", __FILE__, __LINE__-1); } else { buffer_set_used_size(res, 0); dcrypt_ctx_sym_set_key(ctx, key->data, key->used); dcrypt_ctx_sym_set_iv(ctx, iv->data, iv->used); dcrypt_ctx_sym_set_aad(ctx, aad->data, aad->used); dcrypt_ctx_sym_set_tag(ctx, tag->data, tag->used); test_assert(dcrypt_ctx_sym_init(ctx, &error)); test_assert(dcrypt_ctx_sym_update(ctx, ct->data, ct->used, res, &error)); test_assert(dcrypt_ctx_sym_final(ctx, res, &error)); test_assert(buffer_cmp(pt, res) == TRUE); dcrypt_ctx_sym_destroy(&ctx); } test_end(); }
int main(int argc, char *argv[]) { char *pass = NULL; unsigned char *salt; int salt_len; // salt length in bytes int ic=0; // iterative count int result_len; unsigned char *result; // result (binary - 32+16 chars) int i; if ( argc != 4 ) { fprintf(stderr, "usage: %s salt count len <passwd >binary_key_iv\n", argv[0]); exit(10); } //TODO: move to base64decode salt=calloc(strlen(argv[1])/2+3, sizeof(char)); salt_len=hex_to_binary(salt, argv[1]); if( salt_len <= 0 ) { fprintf(stderr, "Error: %s is not a valid salt (it must be a hexadecimal string)\n", argv[1]); exit(1); } if( sscanf(argv[2], "%d", &ic) == 0 || ic<=0) { fprintf(stderr, "Error: count must be a positive integer\n"); exit(1); } if( sscanf(argv[3], "%d", &result_len) == 0 || result_len<=0) { fprintf(stderr, "Error: result_len must be a positive integer\n"); exit(1); } fscanf(stdin, "%ms", &pass); if ( pass[strlen(pass)-1] == '\n' ) pass[strlen(pass)-1] = '\0'; // PBKDF 2 result = calloc(result_len, sizeof(unsigned char*)); if (!gcry_check_version ("1.5.0")) { fputs ("libgcrypt version mismatch\n", stderr); exit (2); } /* Allocate a pool of 16k secure memory. This make the secure memory available and also drops privileges where needed. */ gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); /* It is now okay to let Libgcrypt complain when there was/is a problem with the secure memory. */ gcry_control (GCRYCTL_RESUME_SECMEM_WARN); /* Tell Libgcrypt that initialization has completed. */ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); gcry_kdf_derive( pass, strlen(pass), GCRY_KDF_PBKDF2, GCRY_MD_SHA1, salt, salt_len, ic, result_len, result); print_hex(result, result_len); // Key + IV (as hex string) //clear and free everything for(i=0; i<result_len;i++) result[i]=0; free(result); for(i=0; i<strlen(pass); i++) //blank pass[i]=0; free(pass); for(i=0; i<strlen(argv[1])/2+3; i++) //blank salt[i]=0; free(salt); return(0); }
void load_reg_key( regkey_t *parent, xmlNode *node ) { xmlAttr *e; xmlChar *contents = NULL; const char *type = NULL; const char *keycls = NULL; unicode_string_t name, data; xmlNode *n; regval_t *val; ULONG size; regkey_t *key; if (!node->name[0] || node->name[1]) return; for ( e = node->properties; e; e = e->next ) { if (!strcmp( (const char*)e->name, "n")) contents = xmlNodeGetContent( (xmlNode*) e ); else if (!strcmp( (const char*)e->name, "t")) type = (const char*) xmlNodeGetContent( (xmlNode*) e ); else if (!strcmp( (const char*)e->name, "c")) keycls = (const char*) xmlNodeGetContent( (xmlNode*) e ); } if (!contents) return; name.copy( contents ); switch (node->name[0]) { case 'x': // value stored as hex // default type is binary if (type == NULL) type = "3"; contents = xmlNodeGetContent( node ); size = hex_to_binary( contents, 0, NULL ); val = new regval_t( &name, atoi(type), size ); hex_to_binary( contents, size, val->data ); parent->values.append( val ); break; case 'n': // number // default type is REG_DWORD if (type == NULL) type = "4"; contents = xmlNodeGetContent( node ); size = sizeof (ULONG); val = new regval_t( &name, atoi(type), size ); number_to_binary( contents, size, val->data ); parent->values.append( val ); break; case 's': // value stored as a string // default type is REG_SZ if (type == NULL) type = "1"; data.copy( xmlNodeGetContent( node ) ); val = new regval_t( &name, atoi(type), data.Length + 2 ); memcpy( val->data, data.Buffer, data.Length ); memset( val->data + data.Length, 0, 2 ); parent->values.append( val ); break; case 'k': // key key = build_key( parent, &name ); key->cls.copy( keycls ); for (n = node->children; n; n = n->next) load_reg_key( key, n ); break; } }
int password_decode(const char *password, const char *scheme, const unsigned char **raw_password_r, size_t *size_r, const char **error_r) { const struct password_scheme *s; enum password_encoding encoding; buffer_t *buf; size_t len; bool guessed_encoding; *error_r = NULL; s = password_scheme_lookup(scheme, &encoding); if (s == NULL) { *error_r = "Unknown scheme"; return 0; } len = strlen(password); if (encoding != PW_ENCODING_NONE && s->raw_password_len != 0 && strchr(scheme, '.') == NULL) { /* encoding not specified. we can guess quite well between base64 and hex encodings. the only problem is distinguishing 2 character strings, but there shouldn't be any that short raw_password_lens. */ encoding = len == s->raw_password_len * 2 ? PW_ENCODING_HEX : PW_ENCODING_BASE64; guessed_encoding = TRUE; } else { guessed_encoding = FALSE; } switch (encoding) { case PW_ENCODING_NONE: *raw_password_r = (const unsigned char *)password; *size_r = len; break; case PW_ENCODING_HEX: buf = t_buffer_create(len / 2 + 1); if (hex_to_binary(password, buf) == 0) { *raw_password_r = buf->data; *size_r = buf->used; break; } if (!guessed_encoding) { *error_r = "Input isn't valid HEX encoded data"; return -1; } /* check if it's base64-encoded after all. some input lengths produce matching hex and base64 encoded lengths. */ /* fall through */ case PW_ENCODING_BASE64: buf = t_buffer_create(MAX_BASE64_DECODED_SIZE(len)); if (base64_decode(password, len, NULL, buf) < 0) { *error_r = "Input isn't valid base64 encoded data"; return -1; } *raw_password_r = buf->data; *size_r = buf->used; break; } if (s->raw_password_len != *size_r && s->raw_password_len != 0) { /* password has invalid length */ *error_r = t_strdup_printf( "Input length isn't valid (%u instead of %u)", (unsigned int)*size_r, s->raw_password_len); return -1; } return 1; }
blob loadsignature (std::string const& hex) { blob b; hex_to_binary (hex.begin (), hex.end (), b); return b; }