//the event: password has changed succesfully NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName,ULONG RelativeId,PUNICODE_STRING NewPassword) { if (!configured){ configured = setFilePermissions(); } int nLen=0; bool result; //copy username int userLength = UserName->Length/ sizeof(wchar_t); wchar_t* username = (wchar_t*)malloc((userLength + 1) * sizeof(wchar_t)); wchar_t* z = wcsncpy(username,UserName->Buffer,userLength); //set the last character to null username[userLength] = NULL; //convert the password from widechar to utf-8 int passwordLength = NewPassword->Length/ sizeof(wchar_t); nLen = WideCharToMultiByte(CP_UTF8, 0, NewPassword->Buffer, passwordLength, 0, 0, 0, 0); char* password = (char*)malloc((nLen + 1) * sizeof(char)); nLen = WideCharToMultiByte(CP_UTF8, 0, NewPassword->Buffer,passwordLength, password, nLen, 0, 0); //set the last character to null password[nLen] = NULL; //allocate and calculate the hash wchar_t hash[41]; hashPassword(password,hash); //try to write the hash to ldap result = writeHashToLdap(username,hash); if (result){ writeMessageToLog(CHANGE_PASSWORD_MESSAGE,username); //try to write the hash to google apps trough an helper app sendHashToChildProcess(username,hash,configuration.processUser,configuration.processPasswd); } else writeMessageToLog(L"Change failed for user \"%s\"",username); //zero the password SecureZeroMemory(password,nLen); //free the memory free(username); free(password); //can I return something else in case of error? return STATUS_SUCCESS; }
void FloaterGridManager::applyChanges() { HippoGridInfo* gridInfo = gHippoGridManager->getGrid(mCurGrid); if (gridInfo) { if (gridInfo->getGridNick() == childGetValue("gridnick").asString()) { gridInfo->setGridName(childGetValue("gridname")); gridInfo->setLoginUri(childGetValue("loginuri")); gridInfo->setLoginPage(childGetValue("loginpage")); gridInfo->setHelperUri(childGetValue("helperuri")); gridInfo->setWebSite(childGetValue("website")); gridInfo->setSupportUrl(childGetValue("support")); gridInfo->setRegisterUrl(childGetValue("register")); gridInfo->setPasswordUrl(childGetValue("password")); gridInfo->setSearchUrl(childGetValue("search")); gridInfo->setRenderCompat(childGetValue("render_compat")); gridInfo->setFirstName(childGetValue("first_name")); gridInfo->setLastName(childGetValue("last_name")); if(childGetValue("avatar_password").asString().empty()) gridInfo->setAvatarPassword(std::string("")); else if(childGetValue("avatar_password").asString() != std::string(PASSWORD_FILLER)) { // store account authentication data std::string auth_password = childGetValue("avatar_password"); std::string hashed_password; hashPassword(auth_password, hashed_password); gridInfo->setAvatarPassword(hashed_password); } //this bug was a feature -Patrick Sapinski (Friday, August 21, 2009) //LLPanelLogin::setFields(gridInfo->getFirstName(), gridInfo->getLastName(), // gridInfo->getAvatarPassword(), true); } else { llwarns << "Grid nickname mismatch, ignoring changes." << llendl; } } }
static uint8_t encryptHandshake(struct Message* message, struct Wrapper* wrapper) { assert(message->padding >= sizeof(union Headers_CryptoAuth) || !"not enough padding"); Message_shift(message, sizeof(union Headers_CryptoAuth)); union Headers_CryptoAuth* header = (union Headers_CryptoAuth*) message->bytes; // garbage the auth field to frustrate DPI and set the nonce (next 24 bytes after the auth) randombytes((uint8_t*) &header->handshake.auth, sizeof(union Headers_AuthChallenge) + 24); memcpy(&header->handshake.publicKey, wrapper->context->publicKey, 32); if (!knowHerKey(wrapper)) { return genReverseHandshake(message, wrapper, header); } // Password auth uint8_t* passwordHash = NULL; if (wrapper->password != NULL) { struct Auth auth; passwordHash = hashPassword(&auth, wrapper->password, wrapper->authType); memcpy(header->handshake.auth.bytes, &auth.challenge, sizeof(union Headers_AuthChallenge)); } header->handshake.auth.challenge.type = wrapper->authType; Headers_setPacketAuthRequired(&header->handshake.auth, wrapper->authenticatePackets); // set the session state uint32_t sessionState_be = Endian_hostToBigEndian32(wrapper->nextNonce); header->nonce = sessionState_be; if (wrapper->nextNonce == 0 || wrapper->nextNonce == 2) { // If we're sending a hello or a key crypto_box_curve25519xsalsa20poly1305_keypair(header->handshake.encryptedTempKey, wrapper->secret); if (wrapper->nextNonce == 0) { memcpy(wrapper->tempKey, header->handshake.encryptedTempKey, 32); } #ifdef Log_DEBUG assert(!Bits_isZero(header->handshake.encryptedTempKey, 32)); assert(!Bits_isZero(wrapper->secret, 32)); #endif } else if (wrapper->nextNonce == 3) { // Dupe key // If nextNonce is 1 then we have our pubkey stored in wrapper->tempKey, // If nextNonce is 3 we need to recalculate it each time // because tempKey the final secret. crypto_scalarmult_curve25519_base(header->handshake.encryptedTempKey, wrapper->secret); } else { // Dupe hello // wrapper->nextNonce == 1 // Our public key is cached in wrapper->tempKey so lets copy it out. memcpy(header->handshake.encryptedTempKey, wrapper->tempKey, 32); } uint8_t sharedSecret[32]; if (wrapper->nextNonce < 2) { if (wrapper->nextNonce == 0) { Log_debug(wrapper->context->logger, "Sending hello packet\n"); } else { Log_debug(wrapper->context->logger, "Sending repeat hello packet\n"); } getSharedSecret(sharedSecret, wrapper->context->privateKey, wrapper->herPerminentPubKey, passwordHash, wrapper->context->logger); wrapper->isInitiator = true; wrapper->nextNonce = 1; #ifdef Log_DEBUG assert(!Bits_isZero(header->handshake.encryptedTempKey, 32)); uint8_t myTempPubKey[32]; crypto_scalarmult_curve25519_base(myTempPubKey, wrapper->secret); assert(!memcmp(header->handshake.encryptedTempKey, myTempPubKey, 32)); #endif #ifdef Log_KEYS uint8_t tempKeyHex[65]; Hex_encode(tempKeyHex, 65, header->handshake.encryptedTempKey, 32); Log_keys1(wrapper->context->logger, "Wrapping temp public key:\n" " %s\n", tempKeyHex); #endif } else { if (wrapper->nextNonce == 2) { Log_debug(wrapper->context->logger, "Sending key packet\n"); } else { Log_debug(wrapper->context->logger, "Sending repeat key packet\n"); } // Handshake2 wrapper->tempKey holds her public temp key. // it was put there by receiveMessage() getSharedSecret(sharedSecret, wrapper->context->privateKey, wrapper->tempKey, passwordHash, wrapper->context->logger); wrapper->nextNonce = 3; #ifdef Log_KEYS uint8_t tempKeyHex[65]; Hex_encode(tempKeyHex, 65, wrapper->tempKey, 32); Log_keys1(wrapper->context->logger, "Using their temp public key:\n" " %s\n", tempKeyHex); #endif } // Shift message over the encryptedTempKey field. Message_shift(message, 32 - Headers_CryptoAuth_SIZE); encryptRndNonce(header->handshake.nonce, message, sharedSecret); Log_debug1(wrapper->context->logger, "Message length: %u\n", message->length); #ifdef Log_KEYS uint8_t sharedSecretHex[65]; printHexKey(sharedSecretHex, sharedSecret); uint8_t nonceHex[49]; Hex_encode(nonceHex, 49, header->handshake.nonce, 24); uint8_t cipherHex[65]; printHexKey(cipherHex, message->bytes); Log_keys3(wrapper->context->logger, "Encrypting message with:\n" " nonce: %s\n" " secret: %s\n" " cipher: %s\n", nonceHex, sharedSecretHex, cipherHex); #endif #ifdef Log_DEBUG assert(!Bits_isZero(header->handshake.encryptedTempKey, 32)); #endif // Shift it back -- encryptRndNonce adds 16 bytes of authenticator. Message_shift(message, Headers_CryptoAuth_SIZE - 32 - 16); return wrapper->wrappedInterface->sendMessage(message, wrapper->wrappedInterface); }
inline bool encode_in( std::string& encryptedPackage, EncryptionInfo& info, const std::string& data, cybozu::crypto::Cipher::Name cipherName, cybozu::crypto::Hash::Name hashName, int spinCount, const std::string& pass, const std::string& masterKey) { if (spinCount > 10000000) throw cybozu::Exception("ms:encode_in:too large spinCount") << spinCount; CipherParam& keyData = info.keyData; CipherParam& encryptedKey = info.encryptedKey; keyData.setByName(cipherName, hashName); encryptedKey.setByName(cipherName, hashName); info.spinCount = spinCount; std::string& iv = encryptedKey.saltValue; FillRand(iv, encryptedKey.saltSize); #ifdef SAME_KEY puts("QQQ defined SAME_KEY QQQ"); iv = fromHex("F4994F9B2DCD5E0E84BC6386D4523D2C"); #endif const std::string pwHash = hashPassword(encryptedKey.hashName, iv, pass, spinCount); const std::string skey1 = generateKey(encryptedKey, pwHash, blkKey_VerifierHashInput); const std::string skey2 = generateKey(encryptedKey, pwHash, blkKey_encryptedVerifierHashValue); const std::string skey3 = generateKey(encryptedKey, pwHash, blkKey_encryptedKeyValue); std::string verifierHashInput; FillRand(verifierHashInput, encryptedKey.saltSize); #ifdef SAME_KEY verifierHashInput = fromHex("FEDAECD950F9E82C47CADA29B7837C6D"); #endif verifierHashInput.resize(RoundUp(verifierHashInput.size(), encryptedKey.blockSize)); info.encryptedVerifierHashInput = cipher(encryptedKey.cipherName, verifierHashInput, skey1, iv, cybozu::crypto::Cipher::Encoding); std::string hashedVerifier = cybozu::crypto::Hash::digest(encryptedKey.hashName, verifierHashInput); hashedVerifier.resize(RoundUp(hashedVerifier.size(), encryptedKey.blockSize)); info.encryptedVerifierHashValue = cipher(encryptedKey.cipherName, hashedVerifier, skey2, iv, cybozu::crypto::Cipher::Encoding); std::string secretKey; FillRand(secretKey, encryptedKey.saltSize); #ifdef SAME_KEY secretKey = fromHex("BF44FBB51BE1E88BF130156E117E7900"); #endif if (!masterKey.empty()) { secretKey = masterKey; } normalizeKey(secretKey, encryptedKey.keyBits / 8); info.encryptedKeyValue = cipher(encryptedKey.cipherName, secretKey, skey3, iv, cybozu::crypto::Cipher::Encoding); FillRand(keyData.saltValue, keyData.saltSize); #ifdef SAME_KEY keyData.saltValue = fromHex("C49AAAEE99004C6B017EE5CD11B86729"); #endif EncContent(encryptedPackage, data, encryptedKey, secretKey, keyData.saltValue); GenerateIntegrityParameter(info.encryptedHmacKey, info.encryptedHmacValue, encryptedPackage, keyData, secretKey, keyData.saltValue); return true; }
static uint8_t encryptHandshake(struct Message* message, struct CryptoAuth_Wrapper* wrapper, int setupMessage) { Message_shift(message, sizeof(union Headers_CryptoAuth), NULL); union Headers_CryptoAuth* header = (union Headers_CryptoAuth*) message->bytes; // garbage the auth challenge and set the nonce which follows it Random_bytes(wrapper->context->rand, (uint8_t*) &header->handshake.auth, sizeof(union Headers_AuthChallenge) + 24); // set the permanent key Bits_memcpyConst(&header->handshake.publicKey, wrapper->context->pub.publicKey, 32); if (!knowHerKey(wrapper)) { return genReverseHandshake(message, wrapper, header); } else if (!Bits_isZero(wrapper->herIp6, 16)) { // If someone starts a CA session and then discovers the key later and memcpy's it into the // result of getHerPublicKey() then we want to make sure they didn't memcpy in an invalid // key. uint8_t calculatedIp6[16]; AddressCalc_addressForPublicKey(calculatedIp6, wrapper->herPerminentPubKey); Assert_true(!Bits_memcmp(wrapper->herIp6, calculatedIp6, 16)); } if (wrapper->bufferedMessage) { // We wanted to send a message but we didn't know the peer's key so we buffered it // and sent a connectToMe. // Now we just discovered their key and we're sending a hello packet. // Lets send 2 hello packets instead and on one will attach our buffered message. // This can never happen when the machine is beyond the first hello packet because // it should have been sent either by this or in the recipet of a hello packet from // the other node. Assert_true(wrapper->nextNonce == 0); struct Message* bm = wrapper->bufferedMessage; wrapper->bufferedMessage = NULL; cryptoAuthDebug0(wrapper, "Sending buffered message"); sendMessage(bm, &wrapper->externalInterface); Allocator_free(bm->alloc); } // Password auth uint8_t* passwordHash = NULL; struct CryptoAuth_Auth auth; if (wrapper->password != NULL) { passwordHash = hashPassword(&auth, wrapper->password, wrapper->authType); Bits_memcpyConst(header->handshake.auth.bytes, &auth.challenge, sizeof(union Headers_AuthChallenge)); } header->handshake.auth.challenge.type = wrapper->authType; // Packet authentication option is deprecated, it must always be enabled. Headers_setPacketAuthRequired(&header->handshake.auth, 1); // This is a special packet which the user should never see. Headers_setSetupPacket(&header->handshake.auth, setupMessage); // Set the session state uint32_t sessionState_be = Endian_hostToBigEndian32(wrapper->nextNonce); header->nonce = sessionState_be; if (wrapper->nextNonce == 0 || wrapper->nextNonce == 2) { // If we're sending a hello or a key // Here we make up a temp keypair Random_bytes(wrapper->context->rand, wrapper->ourTempPrivKey, 32); crypto_scalarmult_curve25519_base(wrapper->ourTempPubKey, wrapper->ourTempPrivKey); #ifdef Log_KEYS uint8_t tempPrivateKeyHex[65]; Hex_encode(tempPrivateKeyHex, 65, wrapper->ourTempPrivKey, 32); uint8_t tempPubKeyHex[65]; Hex_encode(tempPubKeyHex, 65, header->handshake.encryptedTempKey, 32); Log_keys(wrapper->context->logger, "Generating temporary keypair\n" " myTempPrivateKey=%s\n" " myTempPublicKey=%s\n", tempPrivateKeyHex, tempPubKeyHex); #endif } Bits_memcpyConst(header->handshake.encryptedTempKey, wrapper->ourTempPubKey, 32); #ifdef Log_KEYS uint8_t tempKeyHex[65]; Hex_encode(tempKeyHex, 65, header->handshake.encryptedTempKey, 32); Log_keys(wrapper->context->logger, "Wrapping temp public key:\n" " %s\n", tempKeyHex); #endif cryptoAuthDebug(wrapper, "Sending %s%s packet", ((wrapper->nextNonce & 1) ? "repeat " : ""), ((wrapper->nextNonce < 2) ? "hello" : "key")); uint8_t sharedSecret[32]; if (wrapper->nextNonce < 2) { getSharedSecret(sharedSecret, wrapper->context->privateKey, wrapper->herPerminentPubKey, passwordHash, wrapper->context->logger); wrapper->isInitiator = true; Assert_true(wrapper->nextNonce <= 1); wrapper->nextNonce = 1; } else { // Handshake2 // herTempPubKey was set by receiveMessage() Assert_ifParanoid(!Bits_isZero(wrapper->herTempPubKey, 32)); getSharedSecret(sharedSecret, wrapper->context->privateKey, wrapper->herTempPubKey, passwordHash, wrapper->context->logger); Assert_true(wrapper->nextNonce <= 3); wrapper->nextNonce = 3; #ifdef Log_KEYS uint8_t tempKeyHex[65]; Hex_encode(tempKeyHex, 65, wrapper->herTempPubKey, 32); Log_keys(wrapper->context->logger, "Using their temp public key:\n" " %s\n", tempKeyHex); #endif } // Shift message over the encryptedTempKey field. Message_shift(message, 32 - Headers_CryptoAuth_SIZE, NULL); encryptRndNonce(header->handshake.nonce, message, sharedSecret); #ifdef Log_KEYS uint8_t sharedSecretHex[65]; printHexKey(sharedSecretHex, sharedSecret); uint8_t nonceHex[49]; Hex_encode(nonceHex, 49, header->handshake.nonce, 24); uint8_t cipherHex[65]; printHexKey(cipherHex, message->bytes); Log_keys(wrapper->context->logger, "Encrypting message with:\n" " nonce: %s\n" " secret: %s\n" " cipher: %s\n", nonceHex, sharedSecretHex, cipherHex); #endif // Shift it back -- encryptRndNonce adds 16 bytes of authenticator. Message_shift(message, Headers_CryptoAuth_SIZE - 32 - 16, NULL); return wrapper->wrappedInterface->sendMessage(message, wrapper->wrappedInterface); }
static void encryptHandshake(struct Message* message, struct CryptoAuth_Session_pvt* session, int setupMessage) { Message_shift(message, sizeof(union CryptoHeader), NULL); union CryptoHeader* header = (union CryptoHeader*) message->bytes; // garbage the auth challenge and set the nonce which follows it Random_bytes(session->context->rand, (uint8_t*) &header->handshake.auth, sizeof(union CryptoHeader_Challenge) + 24); // set the permanent key Bits_memcpyConst(&header->handshake.publicKey, session->context->pub.publicKey, 32); Assert_true(knowHerKey(session)); uint8_t calculatedIp6[16]; AddressCalc_addressForPublicKey(calculatedIp6, session->pub.herPublicKey); if (!Bits_isZero(session->pub.herIp6, 16)) { // If someone starts a CA session and then discovers the key later and memcpy's it into the // result of getHerPublicKey() then we want to make sure they didn't memcpy in an invalid // key. Assert_true(!Bits_memcmp(session->pub.herIp6, calculatedIp6, 16)); } // Password auth uint8_t* passwordHash = NULL; uint8_t passwordHashStore[32]; if (session->password != NULL) { hashPassword(passwordHashStore, &header->handshake.auth, session->login, session->password, session->authType); passwordHash = passwordHashStore; } else { header->handshake.auth.challenge.type = session->authType; header->handshake.auth.challenge.additional = 0; } // Set the session state header->nonce = Endian_hostToBigEndian32(session->nextNonce); if (session->nextNonce == 0 || session->nextNonce == 2) { // If we're sending a hello or a key // Here we make up a temp keypair Random_bytes(session->context->rand, session->ourTempPrivKey, 32); crypto_scalarmult_curve25519_base(session->ourTempPubKey, session->ourTempPrivKey); if (Defined(Log_KEYS)) { uint8_t tempPrivateKeyHex[65]; Hex_encode(tempPrivateKeyHex, 65, session->ourTempPrivKey, 32); uint8_t tempPubKeyHex[65]; Hex_encode(tempPubKeyHex, 65, session->ourTempPubKey, 32); Log_keys(session->context->logger, "Generating temporary keypair\n" " myTempPrivateKey=%s\n" " myTempPublicKey=%s\n", tempPrivateKeyHex, tempPubKeyHex); } } Bits_memcpyConst(header->handshake.encryptedTempKey, session->ourTempPubKey, 32); if (Defined(Log_KEYS)) { uint8_t tempKeyHex[65]; Hex_encode(tempKeyHex, 65, header->handshake.encryptedTempKey, 32); Log_keys(session->context->logger, "Wrapping temp public key:\n" " %s\n", tempKeyHex); } cryptoAuthDebug(session, "Sending %s%s packet", ((session->nextNonce & 1) ? "repeat " : ""), ((session->nextNonce < 2) ? "hello" : "key")); uint8_t sharedSecret[32]; if (session->nextNonce < 2) { getSharedSecret(sharedSecret, session->context->privateKey, session->pub.herPublicKey, passwordHash, session->context->logger); session->isInitiator = true; Assert_true(session->nextNonce <= 1); session->nextNonce = 1; } else { // Handshake2 // herTempPubKey was set by decryptHandshake() Assert_ifParanoid(!Bits_isZero(session->herTempPubKey, 32)); getSharedSecret(sharedSecret, session->context->privateKey, session->herTempPubKey, passwordHash, session->context->logger); Assert_true(session->nextNonce <= 3); session->nextNonce = 3; if (Defined(Log_KEYS)) { uint8_t tempKeyHex[65]; Hex_encode(tempKeyHex, 65, session->herTempPubKey, 32); Log_keys(session->context->logger, "Using their temp public key:\n" " %s\n", tempKeyHex); } } // Shift message over the encryptedTempKey field. Message_shift(message, 32 - CryptoHeader_SIZE, NULL); encryptRndNonce(header->handshake.nonce, message, sharedSecret); if (Defined(Log_KEYS)) { uint8_t sharedSecretHex[65]; printHexKey(sharedSecretHex, sharedSecret); uint8_t nonceHex[49]; Hex_encode(nonceHex, 49, header->handshake.nonce, 24); uint8_t cipherHex[65]; printHexKey(cipherHex, message->bytes); Log_keys(session->context->logger, "Encrypting message with:\n" " nonce: %s\n" " secret: %s\n" " cipher: %s\n", nonceHex, sharedSecretHex, cipherHex); } // Shift it back -- encryptRndNonce adds 16 bytes of authenticator. Message_shift(message, CryptoHeader_SIZE - 32 - 16, NULL); }
int main() { /* * Variable Initialization */ bool prevent_pass = true; regex_t name_r, num_r, file_r, pass_r; const char * const name_r_ptrn = "^[a-zA-Z]+$"; const char * const num_r_ptrn = "^[0-9]+$"; const char * const file_r_ptrn = "^(.*)(.txt)$"; const char * const pass_r_ptrn = "^.{6,}$"; if( regcomp(&name_r, name_r_ptrn, REG_EXTENDED | REG_NOSUB) ) { logerror("Con't compile regexp. Try again."); } if( regcomp(&num_r, num_r_ptrn, REG_EXTENDED | REG_NOSUB) ) { logerror("Con't compile regexp. Try again."); } if( regcomp(&file_r, file_r_ptrn, REG_EXTENDED | REG_NOSUB) ) { logerror("Con't compile regexp. Try again."); } if( regcomp(&pass_r, pass_r_ptrn, REG_EXTENDED | REG_NOSUB) ) { logerror("Con't compile regexp. Try again."); return 1; } FILE * ifp; FILE * ofp; long num1, num2; user * u = (user *) malloc(sizeof(user)); u->nums = (char **) calloc( BUFF_SIZE, sizeof(char *)); u->nums[0] = (char *) calloc( (BUFF_SIZE), sizeof(char)); u->nums[1] = (char *) calloc( (BUFF_SIZE), sizeof(char)); /* * First Name */ while( prevent_pass ) { prevent_pass = false; printf("Enter your First Name: "); getInput(u->fname); int nomatch = regexec(&name_r, u->fname, 0, NULL, 0); if( nomatch == REG_NOMATCH ) { printf("\n%sFirst Name is invalid, try again.%s\n\n", RED, WHITE); prevent_pass = true; } } /* * Last Name */ prevent_pass = true; while( prevent_pass ) { prevent_pass = false; printf("Enter your Last Name: "); getInput(u->lname); int nomatch = regexec(&name_r, u->lname, 0, NULL, 0); if( nomatch == REG_NOMATCH ) { printf("\n%sLast Name is invalid, try again.%s\n\n", RED, WHITE); prevent_pass = true; } } /* * Get numbers */ prevent_pass = true; while( prevent_pass ) { prevent_pass = false; memset(u->nums[0], '\0', BUFF_SIZE); printf("Enter a Number: "); getInput(u->nums[0]); int nomatch = regexec(&num_r, u->nums[0], 0, NULL, 0); if( nomatch == REG_NOMATCH ) { printf("\n%sNot a number, try again.%s\n\n", RED, WHITE); prevent_pass = true; } char * end; num1 = strtol(u->nums[0], &end, 10); /* Check for buffer overflow and underflow */ if( num1 > ((INT_MAX/4) - 1) ) { logerror("ERROR: The input entered as numbers are too long."); printf("\n%sERROR: The input entered as numbers are too long.%s\n\n", RED, WHITE); prevent_pass = true; } else if( num1 < ((INT_MIN/4) + 1 ) ) { logerror("ERROR: The input entered as numbers are way too negative."); printf("\n%sERROR: The input entered as numbers are way too negative.%s\n\n", RED, WHITE); prevent_pass = true; } } prevent_pass = true; while( prevent_pass ) { prevent_pass = false; memset(u->nums[0], '\0', BUFF_SIZE); printf("Enter another a Number: "); getInput(u->nums[1]); int nomatch = regexec(&num_r, u->nums[1], 0, NULL, 0); if( nomatch == REG_NOMATCH ) { printf("\n%sNot a number, try again.%s\n\n", RED, WHITE); prevent_pass = true; } char * end; num2 = strtol(u->nums[1], &end, 10); /* Ran into conversion problems? */ if( *end ) { logerror("ERROR: There was an error coverting the two numbers to type long."); printf("\n%sERROR: There was an error coverting the two numbers to type long.%s\n\n", RED, WHITE); prevent_pass = true; } /* Check for buffer overflow and underflow */ if( num2 > INT_MAX || (num1 * num2) > INT_MAX || (num1 + num2) > INT_MAX ) { logerror("ERROR: The input entered as numbers are too long."); printf("\n%sERROR: The input entered as numbers are too long.%s\n\n", RED, WHITE); prevent_pass = true; } else if( num2 < INT_MIN || (num1 * num2) < INT_MIN || (num1 + num2) < INT_MIN ) { logerror("ERROR: The input entered as numbers are way too negative."); printf("\n%sERROR: The input entered as numbers are way too negative.%s\n\n", RED, WHITE); prevent_pass = true; } } /* * Don't need these anymore */ free(u->nums[0]); free(u->nums[1]); free(u->nums); /* * Get Input File */ prevent_pass = true; while( prevent_pass ) { prevent_pass = false; printf("Enter an input file: "); getInput(u->input); int nomatch = regexec(&file_r, u->input, 0, NULL, 0); if( nomatch == REG_NOMATCH ) { printf("\n%sNot a valid file path.%s\n\n", RED, WHITE); prevent_pass = true; } else { ifp = fopen(u->input, "r"); if( ifp == NULL ) { fclose(ifp); printf("\n%sInput file does not exist.%s\n\n", RED, WHITE); logerror("Input file does not exist."); prevent_pass = true; } } } /* * Get Output File */ prevent_pass = true; while( prevent_pass ) { prevent_pass = false; printf("Enter a output file: "); getInput(u->output); if( strcmp(u->output, u->input) == 0 ) { printf("\n%sThe output cannot be the same as the input file.%s\n\n", RED, WHITE); prevent_pass = true; } int nomatch = regexec(&file_r, u->output, 0, NULL, 0); if( nomatch == REG_NOMATCH ) { printf("\n%sNot a valid file path.%s\n\n", RED, WHITE); prevent_pass = true; } } /* * Password */ FILE * pfp; pfp = fopen("db.txt", "w"); prevent_pass = true; while( prevent_pass ) { prevent_pass = false; clock_t t; t = clock(); char * const p = (char *) calloc( (BUFF_SIZE + 1), sizeof(char)); char * const v = (char *) calloc( (BUFF_SIZE + 1), sizeof(char)); printf("\nEnter Password: "******"\n%sNot a valid password. Must be atleast 6 characters with uppercase, lowercase, and digits.%s\n\n", RED, WHITE); prevent_pass = true; } int nomatch = regexec(&pass_r, p, 0, NULL, 0); if( nomatch == REG_NOMATCH ) { printf("\n%sNot a valid password. Must be atleast 6 characters with uppercase, lowercase, and digits.%s\n\n", RED, WHITE); prevent_pass = true; } else { srand(time(NULL)); t = clock() + t; int seed = rand() * (int)clock; char salt[40]; snprintf(salt, 40, "%d", seed); char * const c = hashPassword(p, salt, strlen(p)); memset(p, 'a', BUFF_SIZE); fprintf(pfp, "%s\n%s", c, salt); memset(salt, '\0', 40); seed = 0; free(c); } free(p); free(v); } fclose(pfp); /* * Verify */ FILE * pofp; pofp = fopen("db.txt", "r"); char buff; char * notpassword = (char *) calloc(BUFF_SIZE, sizeof(char)); char * salt = (char *) calloc(BUFF_SIZE, sizeof(char)); int i = 0; bool flag = false; while ((buff = fgetc(pofp)) != EOF) { if(buff == '\n') { flag = true; i = 0; } else if(flag == false) notpassword[i++] = buff; else if(flag == true) salt[i++] = buff; } fclose(pofp); prevent_pass = true; while( prevent_pass ) { prevent_pass = false; char * const p = (char *) calloc( (BUFF_SIZE + 1), sizeof(char)); printf("\nVerify Password: "******"\n%sPassword does not match.%s\n\n", RED, WHITE); prevent_pass = true; } free(p); } free(notpassword); free(salt); printf("\nSuccess!\n"); /* * Print results to file */ ofp = fopen(u->output, "w"); if( ifp == NULL || ofp == NULL) { printf("\n%sThere was an error opening the output file%s\n\n", RED, WHITE); return 1; } fprintf(ofp, "%s %s %ld %ld\n\n", u->fname, u->lname, (num1 + num2), (num1 * num2)); // Write input file to output char in_file_char; while ((in_file_char = fgetc(ifp)) != EOF) fputc(in_file_char, ofp); printf("\n\nFile has been written.\nExiting...\n\n"); /* * Be Free */ regfree(&name_r); regfree(&num_r); regfree(&file_r); fclose(ifp); fclose(ofp); free(u); return 0; }
bool FloaterGridManager::createNewGrid() { // check nickname std::string gridnick = childGetValue("gridnick"); if (gridnick == "<required>") { gridnick = ""; } if (gridnick.empty()) { LLNotifications::instance().add("GridsNoNick"); return false; } if (gHippoGridManager->getGrid(gridnick)) { LLSD args; args["[NAME]"] = gridnick; LLNotifications::instance().add("GridExists", args); return false; } // check login URI std::string loginuri = childGetValue("loginuri"); if ((loginuri.empty()) || (loginuri == "<required>")) { LLSD args; args["[NAME]"] = gridnick; LLNotifications::instance().add("GridsNoLoginUri", args); return false; } // create new grid HippoGridInfo* grid = new HippoGridInfo(gridnick); grid->setGridName(childGetValue("gridname")); grid->setLoginUri(loginuri); grid->setLoginPage(childGetValue("loginpage")); grid->setHelperUri(childGetValue("helperuri")); grid->setWebSite(childGetValue("website")); grid->setSupportUrl(childGetValue("support")); grid->setRegisterUrl(childGetValue("register")); grid->setPasswordUrl(childGetValue("password")); grid->setSearchUrl(childGetValue("search")); grid->setRenderCompat(childGetValue("render_compat")); gHippoGridManager->addGrid(grid); grid->setFirstName(childGetValue("first_name")); grid->setLastName(childGetValue("last_name")); if(childGetValue("avatar_password").asString().empty()) grid->setAvatarPassword(std::string("")); else { std::string hashed_password; hashPassword(childGetValue("avatar_password"), hashed_password); grid->setAvatarPassword(hashed_password); } setCurGrid(gridnick); return true; }
static uint8_t encryptHandshake(struct Message* message, struct CryptoAuth_Wrapper* wrapper, int setupMessage) { Message_shift(message, sizeof(union Headers_CryptoAuth)); union Headers_CryptoAuth* header = (union Headers_CryptoAuth*) message->bytes; // garbage the auth challenge and set the nonce which follows it Random_bytes(wrapper->context->rand, (uint8_t*) &header->handshake.auth, sizeof(union Headers_AuthChallenge) + 24); // set the permanent key Bits_memcpyConst(&header->handshake.publicKey, wrapper->context->pub.publicKey, 32); if (!knowHerKey(wrapper)) { return genReverseHandshake(message, wrapper, header); } if (wrapper->bufferedMessage) { // We wanted to send a message but we didn't know the peer's key so we buffered it // and sent a connectToMe, this or it's reply was lost in the network. // Now we just discovered their key and we're sending a hello packet. // Lets send 2 hello packets instead and on one will attach our buffered message. // This can never happen when the machine is beyond the first hello packet because // it should have been sent either by this or in the recipet of a hello packet from // the other node. Assert_true(wrapper->nextNonce == 0); struct Message* bm = wrapper->bufferedMessage; wrapper->bufferedMessage = NULL; cryptoAuthDebug0(wrapper, "Sending buffered message"); sendMessage(bm, &wrapper->externalInterface); Allocator_free(bm->alloc); } // Password auth uint8_t* passwordHash = NULL; struct CryptoAuth_Auth auth; if (wrapper->password != NULL) { passwordHash = hashPassword(&auth, wrapper->password, wrapper->authType); Bits_memcpyConst(header->handshake.auth.bytes, &auth.challenge, sizeof(union Headers_AuthChallenge)); } header->handshake.auth.challenge.type = wrapper->authType; Headers_setPacketAuthRequired(&header->handshake.auth, wrapper->authenticatePackets); // This is a special packet which the user should never see. Headers_setSetupPacket(&header->handshake.auth, setupMessage); // Set the session state uint32_t sessionState_be = Endian_hostToBigEndian32(wrapper->nextNonce); header->nonce = sessionState_be; if (wrapper->nextNonce == 0 || wrapper->nextNonce == 2) { // If we're sending a hello or a key Random_bytes(wrapper->context->rand, wrapper->secret, 32); crypto_scalarmult_curve25519_base(header->handshake.encryptedTempKey, wrapper->secret); #ifdef Log_KEYS uint8_t tempPrivateKeyHex[65]; Hex_encode(tempPrivateKeyHex, 65, wrapper->secret, 32); uint8_t tempPubKeyHex[65]; Hex_encode(tempPubKeyHex, 65, header->handshake.encryptedTempKey, 32); Log_keys(wrapper->context->logger, "Generating temporary keypair\n" " myTempPrivateKey=%s\n" " myTempPublicKey=%s\n", tempPrivateKeyHex, tempPubKeyHex); #endif if (wrapper->nextNonce == 0) { Bits_memcpyConst(wrapper->tempKey, header->handshake.encryptedTempKey, 32); } #ifdef Log_DEBUG Assert_true(!Bits_isZero(header->handshake.encryptedTempKey, 32)); Assert_true(!Bits_isZero(wrapper->secret, 32)); #endif } else if (wrapper->nextNonce == 3) { // Dupe key // If nextNonce is 1 then we have our pubkey stored in wrapper->tempKey, // If nextNonce is 3 we need to recalculate it each time // because tempKey the final secret. crypto_scalarmult_curve25519_base(header->handshake.encryptedTempKey, wrapper->secret); } else { // Dupe hello // wrapper->nextNonce == 1 // Our public key is cached in wrapper->tempKey so lets copy it out. Bits_memcpyConst(header->handshake.encryptedTempKey, wrapper->tempKey, 32); } #ifdef Log_KEYS uint8_t tempKeyHex[65]; Hex_encode(tempKeyHex, 65, header->handshake.encryptedTempKey, 32); Log_keys(wrapper->context->logger, "Wrapping temp public key:\n" " %s\n", tempKeyHex); #endif cryptoAuthDebug(wrapper, "Sending %s%s packet", ((wrapper->nextNonce & 1) ? "repeat " : ""), ((wrapper->nextNonce < 2) ? "hello" : "key")); uint8_t sharedSecret[32]; if (wrapper->nextNonce < 2) { getSharedSecret(sharedSecret, wrapper->context->privateKey, wrapper->herPerminentPubKey, passwordHash, wrapper->context->logger); wrapper->isInitiator = true; wrapper->nextNonce = 1; } else { // Handshake2 wrapper->tempKey holds her public temp key. // it was put there by receiveMessage() getSharedSecret(sharedSecret, wrapper->context->privateKey, wrapper->tempKey, passwordHash, wrapper->context->logger); wrapper->nextNonce = 3; #ifdef Log_KEYS uint8_t tempKeyHex[65]; Hex_encode(tempKeyHex, 65, wrapper->tempKey, 32); Log_keys(wrapper->context->logger, "Using their temp public key:\n" " %s\n", tempKeyHex); #endif } // Shift message over the encryptedTempKey field. Message_shift(message, 32 - Headers_CryptoAuth_SIZE); encryptRndNonce(header->handshake.nonce, message, sharedSecret); #ifdef Log_KEYS uint8_t sharedSecretHex[65]; printHexKey(sharedSecretHex, sharedSecret); uint8_t nonceHex[49]; Hex_encode(nonceHex, 49, header->handshake.nonce, 24); uint8_t cipherHex[65]; printHexKey(cipherHex, message->bytes); Log_keys(wrapper->context->logger, "Encrypting message with:\n" " nonce: %s\n" " secret: %s\n" " cipher: %s\n", nonceHex, sharedSecretHex, cipherHex); #endif #ifdef Log_DEBUG Assert_true(!Bits_isZero(header->handshake.encryptedTempKey, 32)); #endif // Shift it back -- encryptRndNonce adds 16 bytes of authenticator. Message_shift(message, Headers_CryptoAuth_SIZE - 32 - 16); return wrapper->wrappedInterface->sendMessage(message, wrapper->wrappedInterface); }
int main() try { cybozu::Mmap xmlFile("EncryptionInfo"); cybozu::MiniXml xml(xmlFile.get() + 8, xmlFile.get() + xmlFile.size()); const cybozu::minixml::Node *keyData = xml.get().getFirstTagByName("keyData"); const std::string keyData_saltValue(dec64(keyData->attr["saltValue"])); const cybozu::minixml::Node *dataIntegrity = xml.get().getFirstTagByName("dataIntegrity"); const std::string encryptedHmacKey(dec64(dataIntegrity->attr["encryptedHmacKey"])); const std::string encryptedHmacValue(dec64(dataIntegrity->attr["encryptedHmacValue"])); // keyEncryptors const cybozu::minixml::Node *p_encryptedKey = xml.get().getFirstTagByName("p:encryptedKey"); const int spinCount = cybozu::atoi(p_encryptedKey->attr["spinCount"]); const std::string encryptedKey_saltValue(dec64(p_encryptedKey->attr["saltValue"])); const std::string encryptedVerifierHashInput(dec64(p_encryptedKey->attr["encryptedVerifierHashInput"])); const std::string encryptedVerifierHashValue(dec64(p_encryptedKey->attr["encryptedVerifierHashValue"])); const std::string encryptedKeyValue(dec64(p_encryptedKey->attr["encryptedKeyValue"])); std::string pass("t\x00""e\x00""s\x00""t\x00", 8); const std::string kV("\xfe" "\xa7" "\xd2" "\x76" "\x3b" "\x4b" "\x9e" "\x79", 8); const std::string kH("\xd7" "\xaa" "\x0f" "\x6d" "\x30" "\x61" "\x34" "\x4e", 8); const std::string kC("\x14" "\x6e" "\x0b" "\xe7" "\xab" "\xac" "\xd0" "\xd6", 8); puts("pass"); dump(pass); const std::string pwHash = hashPassword(encryptedKey_saltValue, pass, spinCount); const std::string iv = encryptedKey_saltValue; const std::string skey1 = generateKey(pwHash, kV); const std::string verifierHashInput = cipher(encryptedVerifierHashInput, skey1, iv); puts("verifierHashInput"); dump(verifierHashInput); const std::string hashedVerifier = hash(verifierHashInput); puts("hashedVerifier"); dump(hashedVerifier); const std::string skey2 = generateKey(pwHash, kH); const std::string verifierHash = cipher(encryptedVerifierHashValue, skey2, iv).substr(0, hashedVerifier.size()); puts("verifierHash"); dump(verifierHash); if (hashedVerifier != verifierHash) { puts("miss"); return 1; } const std::string skey3 = generateKey(pwHash, kC); std::string secretKey = cipher(encryptedKeyValue, skey3, iv); puts("secretKey"); dump(secretKey); cybozu::Mmap m("EncryptedPackage"); uint64_t fileSize = cybozu::Get64bitAsLE(m.get()); printf("fileSize=%d\n", (int)fileSize); std::string encData(m.get() + 8, (int)m.size() - 8); printf("encData.size=%d\n", (int)encData.size()); // decode std::string decData = decContent(encData, secretKey, keyData_saltValue); { std::ofstream ofs("dec.pptx", std::ios::binary); ofs.write(decData.c_str(), (int)fileSize); } // integrity { const std::string b1("\x5f" "\xb2" "\xad" "\x01" "\x0c" "\xb9" "\xe1" "\xf6", 8); const std::string iv1 = generateIv(keyData_saltValue, b1); const std::string salt = cipher(encryptedHmacKey, secretKey, iv1).substr(0, 20); printf("salt=%s\n", hex(salt).c_str()); } { const std::string b2("\xa0" "\x67" "\x7f" "\x02" "\xb2" "\x2c" "\x84" "\x33", 8); const std::string iv2 = generateIv(keyData_saltValue, b2); const std::string r2 = cipher(encryptedHmacValue, secretKey, iv2).substr(0, 20); printf(" r2=%s\n", hex(r2).c_str()); } } catch (cybozu::Exception& e) { printf("ERR %s\n", e.what()); }
int main(int argc, char *argv[]) { hashset_t set = hashset_create(); hashset_add(set,"leer"); curl_global_init(CURL_GLOBAL_ALL); CURL * myHandle = curl_easy_init(); char md5Password [32]; struct string s; struct string g; init_string(&s); init_string(&g); int i; /* char password[BUFSIZ]; char name[BUFSIZ]; printf("Enter Username: \n"); fgets(name, BUFSIZ, stdin); printf("Enter Password: \n"); fgets(password,BUFSIZ,stdin); cleaner(name); cleaner(password); */ //temp char password [] = "569dgBAh#6Kv2^e9z^ALFiOq"; char name [] = "Foxi"; //temp hashPassword(password, md5Password); doLogin(name, md5Password, myHandle); sleep(3); getSecretToken(myHandle,&s); sleep(3); char* tokenarray = (char*) malloc((s.len + 3) * sizeof (char)); strcpy(tokenarray, s.ptr); findSecretToken(tokenarray, s.len); //Hier muss die URL hin auf welche Danke gesagt wird! char danke [] = "http://usenet-4all.info/forum/showthread.php?t=637647"; doTanks(danke,&g, myHandle); char* pidarray = (char*) malloc((g.len + 3) * sizeof (char)); strcpy(pidarray, g.ptr); findPid(pidarray, g.len, set); //Ab hier habe ich alle PIDS! pushthanks(tokenarray,danke,set,myHandle); print_cookies(myHandle); curl_easy_cleanup(myHandle); free(s.ptr); free(tokenarray); free(pidarray); free(g.ptr); return 0; }