static DATA_BLOB *encrypt_blob(struct torture_context *tctx, TALLOC_CTX *mem_ctx, DATA_BLOB *key, DATA_BLOB *iv, DATA_BLOB *to_encrypt, const AlgorithmIdentifier *alg) { hx509_crypto crypto; hx509_context hctx; heim_octet_string ivos; heim_octet_string *encrypted; DATA_BLOB *blob = talloc_zero(mem_ctx, DATA_BLOB); int res; ivos.data = talloc_array(mem_ctx, uint8_t, iv->length); ivos.length = iv->length; memcpy(ivos.data, iv->data, iv->length); hx509_context_init(&hctx); res = hx509_crypto_init(hctx, NULL, &alg->algorithm, &crypto); if (res) { torture_comment(tctx, "error while doing the init of the crypto object\n"); hx509_context_free(&hctx); return NULL; } res = hx509_crypto_set_key_data(crypto, key->data, key->length); if (res) { torture_comment(tctx, "error while setting the key of the crypto object\n"); hx509_context_free(&hctx); return NULL; } hx509_crypto_set_padding(crypto, HX509_CRYPTO_PADDING_NONE); res = hx509_crypto_encrypt(crypto, to_encrypt->data, to_encrypt->length, &ivos, &encrypted); if (res) { torture_comment(tctx, "error while encrypting\n"); hx509_crypto_destroy(crypto); hx509_context_free(&hctx); return NULL; } *blob = data_blob_talloc(blob, encrypted->data, encrypted->length); der_free_octet_string(encrypted); free(encrypted); hx509_crypto_destroy(crypto); hx509_context_free(&hctx); return blob; }
/* * Encrypt a blob with the private key of the certificate * passed as a parameter. */ static DATA_BLOB *encrypt_blob_pk(struct torture_context *tctx, TALLOC_CTX *mem_ctx, uint8_t *cert_data, uint32_t cert_len, DATA_BLOB *to_encrypt) { hx509_context hctx; hx509_cert cert; heim_octet_string secretdata; heim_octet_string encrypted; heim_oid encryption_oid; DATA_BLOB *blob; int hret; hx509_context_init(&hctx); hret = hx509_cert_init_data(hctx, cert_data, cert_len, &cert); if (hret) { torture_comment(tctx, "error while loading the cert\n"); hx509_context_free(&hctx); return NULL; } secretdata.data = to_encrypt->data; secretdata.length = to_encrypt->length; hret = hx509_cert_public_encrypt(hctx, &secretdata, cert, &encryption_oid, &encrypted); hx509_cert_free(cert); hx509_context_free(&hctx); if (hret) { torture_comment(tctx, "error while encrypting\n"); return NULL; } blob = talloc_zero(mem_ctx, DATA_BLOB); if (blob == NULL) { der_free_oid(&encryption_oid); der_free_octet_string(&encrypted); return NULL; } *blob = data_blob_talloc(blob, encrypted.data, encrypted.length); der_free_octet_string(&encrypted); der_free_oid(&encryption_oid); if (blob->data == NULL) { return NULL; } return blob; }
int main(int argc, char **argv) { hx509_context context; int ret = 0; ret = hx509_context_init(&context); if (ret) errx(1, "hx509_context_init failed with %d", ret); ret += test_name(context, "CN=foo,C=SE"); ret += test_name(context, "CN=foo,CN=kaka,CN=FOO,DC=ad1,C=SE"); ret += test_name(context, "1.2.3.4=foo,C=SE"); ret += test_name_fail(context, "="); ret += test_name_fail(context, "CN=foo,=foo"); ret += test_name_fail(context, "CN=foo,really-unknown-type=foo"); ret += test_expand(context, "UID=${uid},C=SE", "UID=lha,C=SE"); ret += test_expand(context, "UID=foo${uid},C=SE", "UID=foolha,C=SE"); ret += test_expand(context, "UID=${uid}bar,C=SE", "UID=lhabar,C=SE"); ret += test_expand(context, "UID=f${uid}b,C=SE", "UID=flhab,C=SE"); ret += test_expand(context, "UID=${uid}${uid},C=SE", "UID=lhalha,C=SE"); ret += test_expand(context, "UID=${uid}{uid},C=SE", "UID=lha{uid},C=SE"); ret += test_compare(context); hx509_context_free(&context); return ret; }
/* * Certs used for this protocol have a GUID in the issuer_uniq_id field. * This function fetch it. */ static struct GUID *get_cert_guid(struct torture_context *tctx, TALLOC_CTX *mem_ctx, uint8_t *cert_data, uint32_t cert_len) { hx509_context hctx; hx509_cert cert; heim_bit_string subjectuniqid; DATA_BLOB data; int hret; uint32_t size; struct GUID *guid = talloc_zero(mem_ctx, struct GUID); NTSTATUS status; hx509_context_init(&hctx); hret = hx509_cert_init_data(hctx, cert_data, cert_len, &cert); if (hret) { torture_comment(tctx, "error while loading the cert\n"); hx509_context_free(&hctx); return NULL; } hret = hx509_cert_get_issuer_unique_id(hctx, cert, &subjectuniqid); if (hret) { torture_comment(tctx, "error while getting the issuer_uniq_id\n"); hx509_cert_free(cert); hx509_context_free(&hctx); return NULL; } /* The subjectuniqid is a bit string, * which means that the real size has to be divided by 8 * to have the number of bytes */ hx509_cert_free(cert); hx509_context_free(&hctx); size = subjectuniqid.length / 8; data = data_blob_const(subjectuniqid.data, size); status = GUID_from_data_blob(&data, guid); der_free_bit_string(&subjectuniqid); if (!NT_STATUS_IS_OK(status)) { return NULL; } return guid; }
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_context(krb5_context context) { if (context->default_cc_name) free(context->default_cc_name); if (context->default_cc_name_env) free(context->default_cc_name_env); if (context->config_files) krb5_free_config_files(context->config_files); free(context->etypes); free(context->etypes_des); heim_release(context->default_realms); krb5_config_file_free (context, context->cf); free_error_table (context->et_list); free(rk_UNCONST(context->cc_ops)); free(context->kt_types); krb5_clear_error_message(context); if (context->warn_dest != NULL) krb5_closelog(context, context->warn_dest); if (context->debug_dest != NULL) krb5_closelog(context, context->debug_dest); krb5_set_extra_addresses(context, NULL); krb5_set_ignore_addresses(context, NULL); #ifndef HEIMDAL_SMALLER krb5_set_send_to_kdc_func(context, NULL, NULL); #endif #ifdef PKINIT if (context->hx509ctx) hx509_context_free(&context->hx509ctx); #endif HEIMDAL_MUTEX_destroy(context->mutex); free(context->mutex); if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) { rk_SOCK_EXIT(); } memset(context, 0, sizeof(*context)); free(context); }