vector<string> encrypt (vector<string> clrtxt, string keystr, primenc_et contprimenc, contenc_et contsecenc)
{
byte primencarr[CIPHERLEN*2+10];
uint32_t i;
vector<string> encvec;
for(i=0;i<clrtxt.size();i++){
if(NO_CONTENC == contsecenc){
nodec(primencarr, clrtxt[i]);
}else if(AES_128 == contsecenc){
AESencs(primencarr, clrtxt[i], keystr);
}else{
cout << "This secondary encoding is not supported yet." << endl;
throw contsecenc;
}
if(NO_PRIMENC == contprimenc){
encvec.push_back(nocrypt(primencarr));
}else if(BASE64 == contprimenc){
encvec.push_back(base64enc(primencarr, CIPHERLEN));
}else if(BASE32 == contprimenc){
encvec.push_back(base32enc(primencarr, CIPHERLEN));
}else if(BASE16 == contprimenc){
encvec.push_back(base16enc(primencarr, CIPHERLEN));
}else{
cout << "This primary encoding is not supported yet." << endl;
throw contprimenc;
}
}
return encvec;
}
int crypt_keygen_1a(packet_t p)
{
char b64[uECC_BYTES*4];
uint8_t id_private[uECC_BYTES], id_public[uECC_BYTES*2];
// create line ephemeral key
uECC_make_key(id_public, id_private);
base64enc(b64,id_public,uECC_BYTES*2);
packet_set_str(p,"1a",b64);
base64enc(b64,id_private,uECC_BYTES);
packet_set_str(p,"1a_secret",b64);
return 0;
}
void wsGetHandshakeAnswer(const struct handshake *hs, uint8_t *outFrame,
size_t *outLength)
{
assert(outFrame && *outLength);
assert(hs->frameType == WS_OPENING_FRAME);
assert(hs && hs->key);
char *responseKey = NULL;
uint8_t length = strlen(hs->key)+strlen_P(secret);
responseKey = malloc(length);
memcpy(responseKey, hs->key, strlen(hs->key));
memcpy_P(&(responseKey[strlen(hs->key)]), secret, strlen_P(secret));
char shaHash[20];
memset(shaHash, 0, sizeof(shaHash));
sha1(shaHash, responseKey, length*8);
base64enc(responseKey, shaHash, 20);
int written = sprintf_P((char *)outFrame,
PSTR("HTTP/1.1 101 Switching Protocols\r\n"
"%s%s\r\n"
"%s%s\r\n"
"Sec-WebSocket-Accept: %s\r\n\r\n"),
upgradeField,
websocket,
connectionField,
upgrade2,
responseKey);
// if assert fail, that means, that we corrupt memory
assert(written <= *outLength);
*outLength = written;
}
static void strrandom(char *s, int len)
{
size_t i, bl = 4 * ((len + 2) / 3), tl = len + 8;
char *t = alloca(tl);
size_t j = sizeof(u_int) * bl;
size_t *b = alloca(j);
for (i = 0; i < bl; i++)
b[i] = rand();
base64enc((char *) b, bl, t, &tl);
strncpy(s, t, len);
s[len - 1] = 0;
}
void dsa_print_signature_b64(dsa_signature_t* s){
uint16_t size_r, size_s, size_o, i,j;
size_r = s->r.length_W*sizeof(bigint_word_t) +2;
size_s = s->s.length_W*sizeof(bigint_word_t) +2;
size_o = size_r + size_s +2;
uint8_t bin_b[size_o];
bin_b[0] = 0x30;
bin_b[1] = size_o -2;
bin_b[2] = 0x02;
bin_b[3] = size_r-2;
j=4;
for(i=s->r.length_W*sizeof(bigint_word_t); i>0; --i){
bin_b[j++] = ((uint8_t*)s->r.wordv)[i-1];
}
bin_b[j++] = 0x02;
bin_b[j++] = size_s -2;
for(i=s->s.length_W*sizeof(bigint_word_t); i>0; --i){
bin_b[j++] = ((uint8_t*)s->s.wordv)[i-1];
}
char b64_b[size_o*4/3+5];
base64enc(b64_b, bin_b, size_o);
cli_putstr(b64_b);
}
static void download_one_url(const char *url)
{
bool use_proxy; /* Use proxies if env vars are set */
int redir_limit;
len_and_sockaddr *lsa;
FILE *sfp; /* socket to web/ftp server */
FILE *dfp; /* socket to ftp server (data) */
char *proxy = NULL;
char *fname_out_alloc;
char *redirected_path = NULL;
struct host_info server;
struct host_info target;
server.allocated = NULL;
target.allocated = NULL;
server.user = NULL;
target.user = NULL;
parse_url(url, &target);
/* Use the proxy if necessary */
use_proxy = (strcmp(G.proxy_flag, "off") != 0);
if (use_proxy) {
proxy = getenv(target.is_ftp ? "ftp_proxy" : "http_proxy");
use_proxy = (proxy && proxy[0]);
if (use_proxy)
parse_url(proxy, &server);
}
if (!use_proxy) {
server.port = target.port;
if (ENABLE_FEATURE_IPV6) {
//free(server.allocated); - can't be non-NULL
server.host = server.allocated = xstrdup(target.host);
} else {
server.host = target.host;
}
}
if (ENABLE_FEATURE_IPV6)
strip_ipv6_scope_id(target.host);
/* If there was no -O FILE, guess output filename */
fname_out_alloc = NULL;
if (!(option_mask32 & WGET_OPT_OUTNAME)) {
G.fname_out = bb_get_last_path_component_nostrip(target.path);
/* handle "wget http://kernel.org//" */
if (G.fname_out[0] == '/' || !G.fname_out[0])
G.fname_out = (char*)"index.html";
/* -P DIR is considered only if there was no -O FILE */
if (G.dir_prefix)
G.fname_out = fname_out_alloc = concat_path_file(G.dir_prefix, G.fname_out);
else {
/* redirects may free target.path later, need to make a copy */
G.fname_out = fname_out_alloc = xstrdup(G.fname_out);
}
}
#if ENABLE_FEATURE_WGET_STATUSBAR
G.curfile = bb_get_last_path_component_nostrip(G.fname_out);
#endif
/* Determine where to start transfer */
G.beg_range = 0;
if (option_mask32 & WGET_OPT_CONTINUE) {
G.output_fd = open(G.fname_out, O_WRONLY);
if (G.output_fd >= 0) {
G.beg_range = xlseek(G.output_fd, 0, SEEK_END);
}
/* File doesn't exist. We do not create file here yet.
* We are not sure it exists on remote side */
}
redir_limit = 5;
resolve_lsa:
lsa = xhost2sockaddr(server.host, server.port);
if (!(option_mask32 & WGET_OPT_QUIET)) {
char *s = xmalloc_sockaddr2dotted(&lsa->u.sa);
fprintf(stderr, "Connecting to %s (%s)\n", server.host, s);
free(s);
}
establish_session:
/*G.content_len = 0; - redundant, got_clen = 0 is enough */
G.got_clen = 0;
G.chunked = 0;
if (use_proxy || !target.is_ftp) {
/*
* HTTP session
*/
char *str;
int status;
/* Open socket to http server */
sfp = open_socket(lsa);
/* Send HTTP request */
if (use_proxy) {
fprintf(sfp, "GET %stp://%s/%s HTTP/1.1\r\n",
target.is_ftp ? "f" : "ht", target.host,
target.path);
} else {
if (option_mask32 & WGET_OPT_POST_DATA)
fprintf(sfp, "POST /%s HTTP/1.1\r\n", target.path);
else
fprintf(sfp, "GET /%s HTTP/1.1\r\n", target.path);
}
fprintf(sfp, "Host: %s\r\nUser-Agent: %s\r\n",
target.host, G.user_agent);
/* Ask server to close the connection as soon as we are done
* (IOW: we do not intend to send more requests)
*/
fprintf(sfp, "Connection: close\r\n");
#if ENABLE_FEATURE_WGET_AUTHENTICATION
if (target.user) {
fprintf(sfp, "Proxy-Authorization: Basic %s\r\n"+6,
base64enc(target.user));
}
if (use_proxy && server.user) {
fprintf(sfp, "Proxy-Authorization: Basic %s\r\n",
base64enc(server.user));
}
#endif
if (G.beg_range != 0)
fprintf(sfp, "Range: bytes=%"OFF_FMT"u-\r\n", G.beg_range);
#if ENABLE_FEATURE_WGET_LONG_OPTIONS
if (G.extra_headers)
fputs(G.extra_headers, sfp);
if (option_mask32 & WGET_OPT_POST_DATA) {
fprintf(sfp,
"Content-Type: application/x-www-form-urlencoded\r\n"
"Content-Length: %u\r\n"
"\r\n"
"%s",
(int) strlen(G.post_data), G.post_data
);
} else
#endif
{
fprintf(sfp, "\r\n");
}
fflush(sfp);
/*
* Retrieve HTTP response line and check for "200" status code.
*/
read_response:
fgets_and_trim(sfp);
str = G.wget_buf;
str = skip_non_whitespace(str);
str = skip_whitespace(str);
// FIXME: no error check
// xatou wouldn't work: "200 OK"
status = atoi(str);
switch (status) {
case 0:
case 100:
while (gethdr(sfp) != NULL)
/* eat all remaining headers */;
goto read_response;
case 200:
/*
Response 204 doesn't say "null file", it says "metadata
has changed but data didn't":
"10.2.5 204 No Content
The server has fulfilled the request but does not need to return
an entity-body, and might want to return updated metainformation.
The response MAY include new or updated metainformation in the form
of entity-headers, which if present SHOULD be associated with
the requested variant.
If the client is a user agent, it SHOULD NOT change its document
view from that which caused the request to be sent. This response
is primarily intended to allow input for actions to take place
without causing a change to the user agent's active document view,
although any new or updated metainformation SHOULD be applied
to the document currently in the user agent's active view.
The 204 response MUST NOT include a message-body, and thus
is always terminated by the first empty line after the header fields."
However, in real world it was observed that some web servers
(e.g. Boa/0.94.14rc21) simply use code 204 when file size is zero.
*/
case 204:
if (G.beg_range != 0) {
/* "Range:..." was not honored by the server.
* Restart download from the beginning.
*/
reset_beg_range_to_zero();
}
break;
case 300: /* redirection */
case 301:
case 302:
case 303:
break;
case 206: /* Partial Content */
if (G.beg_range != 0)
/* "Range:..." worked. Good. */
break;
/* Partial Content even though we did not ask for it??? */
/* fall through */
default:
bb_error_msg_and_die("server returned error: %s", sanitize_string(G.wget_buf));
}
/*
* Retrieve HTTP headers.
*/
while ((str = gethdr(sfp)) != NULL) {
static const char keywords[] ALIGN1 =
"content-length\0""transfer-encoding\0""location\0";
enum {
KEY_content_length = 1, KEY_transfer_encoding, KEY_location
};
smalluint key;
/* gethdr converted "FOO:" string to lowercase */
/* strip trailing whitespace */
char *s = strchrnul(str, '\0') - 1;
while (s >= str && (*s == ' ' || *s == '\t')) {
*s = '\0';
s--;
}
key = index_in_strings(keywords, G.wget_buf) + 1;
if (key == KEY_content_length) {
G.content_len = BB_STRTOOFF(str, NULL, 10);
if (G.content_len < 0 || errno) {
bb_error_msg_and_die("content-length %s is garbage", sanitize_string(str));
}
G.got_clen = 1;
continue;
}
if (key == KEY_transfer_encoding) {
if (strcmp(str_tolower(str), "chunked") != 0)
bb_error_msg_and_die("transfer encoding '%s' is not supported", sanitize_string(str));
G.chunked = 1;
}
if (key == KEY_location && status >= 300) {
if (--redir_limit == 0)
bb_error_msg_and_die("too many redirections");
fclose(sfp);
if (str[0] == '/') {
free(redirected_path);
target.path = redirected_path = xstrdup(str+1);
/* lsa stays the same: it's on the same server */
} else {
parse_url(str, &target);
if (!use_proxy) {
free(server.allocated);
server.allocated = NULL;
server.host = target.host;
/* strip_ipv6_scope_id(target.host); - no! */
/* we assume remote never gives us IPv6 addr with scope id */
server.port = target.port;
free(lsa);
goto resolve_lsa;
} /* else: lsa stays the same: we use proxy */
}
goto establish_session;
}
}
// if (status >= 300)
// bb_error_msg_and_die("bad redirection (no Location: header from server)");
/* For HTTP, data is pumped over the same connection */
dfp = sfp;
} else {
int main(int argc, char** argv) {
int ret = 0, tests = 0;
char b64str[64+1];
unsigned char raw[BASE64DEC_BYTES(64)+1];
T(1 == 1);
T(BASE64ENC_BYTES(0) == 0);
T(BASE64ENC_BYTES(1) == 4);
T(BASE64ENC_BYTES(2) == 4);
T(BASE64ENC_BYTES(3) == 4);
T(BASE64ENC_BYTES(4) == 8);
T(BASE64ENC_BYTES(5) == 8);
T(BASE64ENC_BYTES(6) == 8);
T(BASE64ENC_BYTES(7) == 12);
T(BASE64DEC_BYTES(12) == 9);
T(BASE64DEC_BYTES(8) == 6);
T(BASE64DEC_BYTES(4) == 3);
base64enc(b64str, U"a", 1);
T(str_equal(b64str, "YQ=="));
T(base64dec(raw, b64str, sizeof raw) == 1);
T(str_equal(C raw, "a"));
base64enc(b64str, U"aa", 2);
T(str_equal(b64str, "YWE="));
T(base64dec(raw, b64str, sizeof raw) == 2);
T(str_equal(C raw, "aa"));
base64enc(b64str, U"aaa", 3);
T(str_equal(b64str, "YWFh"));
T(base64dec(raw, b64str, sizeof raw) == 3);
T(str_equal(C raw, "aaa"));
T(base64enc_str(b64str, U"AAAA", sizeof 2) == 0);
T(base64enc_str(b64str, U"AAAA", sizeof b64str) == 1);
T(str_equal(b64str, "QUFBQQ=="));
T(base64dec(raw, b64str, sizeof raw) == 4);
T(str_equal(C raw, "AAAA"));
base64enc(b64str, U"AAAA", 4);
T(str_equal(b64str, "QUFBQQ=="));
T(base64dec(raw, b64str, sizeof raw) == 4);
T(str_equal(C raw, "AAAA"));
base64enc(b64str, U"\x01\x02\x03\x04\x05", 5);
T(str_equal(b64str, "AQIDBAU="));
T(base64dec(raw, b64str, sizeof raw) == 5);
T(str_equal(C raw, "\x01\x02\x03\x04\x05"));
T(base64dec(raw, "=QIDBAU=", sizeof raw) == 0);
T(base64dec(raw, "AQ(DBAU=", sizeof raw) == 0);
T(base64dec(raw, "AQIDB@U=", sizeof raw) == 0);
T(base64dec(raw, "AQIDBAU==", sizeof raw) == 0);
T(base64dec(raw, "AQIDB===", sizeof raw) == 0);
base64enc(b64str, U"\x26\xC7\x1B\x28\xFE\xB0\x90\x08\x5A\xDE\xC6\xE0\xF0\xF4\x76\xDD", 16);
T(str_equal(b64str, "JscbKP6wkAha3sbg8PR23Q=="));
T(base64dec(raw, b64str, sizeof raw) == 16);
T(str_equal(C raw, "\x26\xC7\x1B\x28\xFE\xB0\x90\x08\x5A\xDE\xC6\xE0\xF0\xF4\x76\xDD"));
base64enc(b64str, U"\xF3\x9B\x70\xA5\x63\xFA\x54\x86\xD1", 9);
T(str_equal(b64str, "85twpWP6VIbR"));
T(base64dec(raw, b64str, sizeof raw) == 9);
T(str_equal(C raw, "\xF3\x9B\x70\xA5\x63\xFA\x54\x86\xD1"));
printf("%d out of %d tests failed.\n", ret, tests);
return ret;
}
int sspi_auth_protocol_connect(const struct protocol_interface *protocol, const char *auth_string)
{
char *protocols;
const char *proto;
int fdin, fdout, fderr;
int l;
short len;
char line[1024];
char buf[1024];
int first;
if (!strcmp (auth_string, "BEGIN SSPI"))
sspi_protocol_interface.verify_only = 0;
else
return CVSPROTO_NOTME;
server_getline(protocol, &protocols, 1024);
if(!protocols)
{
server_printf("Nope!\n");
return CVSPROTO_FAIL;
}
else if(strstr(protocols,"Negotiate"))
proto="Negotiate";
else if(strstr(protocols,"NTLM"))
proto="NTLM";
else
{
server_printf("Nope!\n");
return CVSPROTO_FAIL;
}
free(protocols);
server_printf("%s\n",proto); /* We have negotiated NTLM */
if(run_command(winbindwrapper, &fdin, &fdout, &fderr))
return CVSPROTO_FAIL;
first=1;
do
{
read(current_server()->in_fd,&len,2);
len=ntohs(len);
l=read(current_server()->in_fd,buf,len);
if(l<0)
return CVSPROTO_FAIL;
if(first)
strcpy(line,"YR ");
else
strcpy(line,"KK ");
first = 0;
l=base64enc((unsigned char *)buf,(unsigned char *)line+3,len);
strcat(line,"\n");
write(fdin, line, strlen(line));
l=read(fdout, line, sizeof(line));
if(l<0)
return CVSPROTO_FAIL;
line[l]='\0';
if(line[0]=='T' && line[1]=='T')
{
len=base64dec((unsigned char *)line+3,(unsigned char *)buf,l-4);
base64enc((unsigned char *)buf,(unsigned char *)line+3,len);
len=htons(len);
write(current_server()->out_fd,&len,2);
write(current_server()->out_fd,buf,ntohs(len));
}
} while(line[0]=='T' && line[1]=='T');
if(line[0]!='A' || line[1]!='F')
return CVSPROTO_FAIL;
close(fdin);
close(fdout);
close(fderr);
line[strlen(line)-1]='\0';
sspi_protocol_interface.auth_username = strdup(line+3);
/* Get the repository details for checking */
server_getline (protocol, &sspi_protocol_interface.auth_repository, 4096);
return CVSPROTO_SUCCESS;
}
