/* MUST BE THREAD-SAFE */
void calc_dh(struct pluto_crypto_req *r)
{
/* copy the request, since the reply will re-use the memory of the r->pcr_d.dhq */
struct pcr_skeyid_q dhq;
memcpy(&dhq, &r->pcr_d.dhq, sizeof(r->pcr_d.dhq));
/* clear out the reply */
struct pcr_skeyid_r *skr = &r->pcr_d.dhr;
zero(skr); /* ??? pointer fields might not be NULLed */
INIT_WIRE_ARENA(*skr);
const struct oakley_group_desc *group = lookup_group(dhq.oakley_group);
passert(group != NULL);
SECKEYPrivateKey *ltsecret = dhq.secret;
SECKEYPublicKey *pubk = dhq.pubk;
/* now calculate the (g^x)(g^y) */
chunk_t g;
setchunk_from_wire(g, &dhq, dhq.role == ORIGINAL_RESPONDER ? &dhq.gi : &dhq.gr);
DBG(DBG_CRYPT, DBG_dump_chunk("peer's g: ", g));
const char *story; /* we ignore the value */
skr->shared = calc_dh_shared(g, ltsecret, group, pubk, &story);
}
int si_get_perfcounter_group_info(struct r600_common_screen *screen,
unsigned index,
struct pipe_driver_query_group_info *info)
{
struct r600_perfcounters *pc = screen->perfcounters;
struct r600_perfcounter_block *block;
if (!pc)
return 0;
if (!info)
return pc->num_groups;
block = lookup_group(pc, &index);
if (!block)
return 0;
if (!block->group_names) {
if (!r600_init_block_names(screen, block))
return 0;
}
info->name = block->group_names + index * block->group_name_stride;
info->num_queries = block->num_selectors;
info->max_active_queries = block->num_counters;
return 1;
}
/* For testing purposes only */
int
passwd_cache::get_group_entry_age(const char *user) {
group_entry *gce;
if ( !lookup_group(user, gce) ) {
return -1;
} else {
return (time(NULL) - gce->lastupdated);
}
}
int get_project_gid() {
if (g_use_sandbox) {
#ifdef _DEBUG
gstate.boinc_project_gid = getegid();
#else
return lookup_group(BOINC_PROJECT_GROUP_NAME, gstate.boinc_project_gid);
#endif // _DEBUG
} else {
gstate.boinc_project_gid = 0;
}
return 0;
}
/* Get pfsgroup for this connection */
const struct oakley_group_desc *ike_alg_pfsgroup(struct connection *c,
lset_t policy)
{
const struct oakley_group_desc * ret = NULL;
/* ??? 0 isn't a legitimate value for esp_pfsgroup */
if ((policy & POLICY_PFS) &&
c->alg_info_esp != NULL &&
c->alg_info_esp->esp_pfsgroup != 0)
ret = lookup_group(c->alg_info_esp->esp_pfsgroup);
return ret;
}
/* gives us the number of groups a user is a member of */
int
passwd_cache::num_groups(const char* user) {
group_entry *cache_entry;
if ( !lookup_group( user, cache_entry) ) {
/* CACHE MISS */
/* the user isn't cached, so load it in first */
if ( cache_groups(user) ) {
/* if cache user succeeded, this should always succeed */
lookup_group(user, cache_entry);
} else {
dprintf(D_ALWAYS, "Failed to cache info for user %s\n",
user);
return -1;
}
} else {
/* CACHE HIT */
}
return cache_entry->gidlist_sz;
}
int get_project_gid() {
if (g_use_sandbox) {
#ifdef _DEBUG
// GDB can't attach to applications which are running as a different user
// or group, so fix up data with current user and group during debugging
gstate.boinc_project_gid = getegid();
#else
return lookup_group(BOINC_PROJECT_GROUP_NAME, gstate.boinc_project_gid);
#endif // _DEBUG
} else {
gstate.boinc_project_gid = 0;
}
return 0;
}
/* MUST BE THREAD-SAFE */
void calc_dh_v2(struct pluto_crypto_req *r, const char **story)
{
struct pcr_skeycalc_v2_r *const skr = &r->pcr_d.dhv2;
/* copy the request, since the reply will re-use the memory of the r->pcr_d.dhq */
struct pcr_skeyid_q dhq;
memcpy(&dhq, &r->pcr_d.dhq, sizeof(r->pcr_d.dhq));
/* clear out the reply (including pointers) */
static const struct pcr_skeycalc_v2_r zero_pcr_skeycalc_v2_r;
*skr = zero_pcr_skeycalc_v2_r;
INIT_WIRE_ARENA(*skr);
const struct oakley_group_desc *group = lookup_group(dhq.oakley_group);
passert(group != NULL);
SECKEYPrivateKey *ltsecret = dhq.secret;
SECKEYPublicKey *pubk = dhq.pubk;
/* now calculate the (g^x)(g^y) --- need gi on responder, gr on initiator */
chunk_t g;
setchunk_from_wire(g, &dhq, dhq.role == ORIGINAL_RESPONDER ? &dhq.gi : &dhq.gr);
DBG(DBG_CRYPT, DBG_dump_chunk("peer's g: ", g));
skr->shared = calc_dh_shared(g, ltsecret, group, pubk, story);
if (skr->shared != NULL) {
/* okay, so now all the shared key material */
calc_skeyseed_v2(&dhq, /* input */
skr->shared, /* input */
dhq.key_size, /* input */
dhq.salt_size, /* input */
&skr->skeyseed, /* output */
&skr->skeyid_d, /* output */
&skr->skeyid_ai, /* output */
&skr->skeyid_ar, /* output */
&skr->skeyid_ei, /* output */
&skr->skeyid_er, /* output */
&skr->skeyid_pi, /* output */
&skr->skeyid_pr, /* output */
&skr->skey_initiator_salt, /* output */
&skr->skey_responder_salt, /* output */
&skr->skey_chunk_SK_pi, /* output */
&skr->skey_chunk_SK_pr); /* output */
}
}
int
alg_info_snprint_ike(char *buf, int buflen, struct alg_info_ike *alg_info)
{
char *ptr=buf;
int ret;
struct ike_info *ike_info;
int cnt;
int eklen, aklen;
const char *sep="";
struct encrypt_desc *enc_desc;
struct hash_desc *hash_desc;
ALG_INFO_IKE_FOREACH(alg_info, ike_info, cnt) {
if (ike_alg_enc_present(ike_info->ike_ealg)
&& (ike_alg_hash_present(ike_info->ike_halg))
&& (lookup_group(ike_info->ike_modp))) {
enc_desc=ike_alg_get_encrypter(ike_info->ike_ealg);
passert(enc_desc != NULL);
hash_desc=ike_alg_get_hasher(ike_info->ike_halg);
passert(hash_desc != NULL);
eklen=ike_info->ike_eklen;
if (!eklen)
eklen=enc_desc->keydeflen;
aklen=ike_info->ike_hklen;
if (!aklen)
aklen=hash_desc->hash_digest_len * BITS_PER_BYTE;
ret=snprintf(ptr, buflen, "%s%s(%d)_%03d-%s(%d)_%03d-%s(%d)"
, sep
, enum_name(&oakley_enc_names, ike_info->ike_ealg)+sizeof("OAKLEY")
, ike_info->ike_ealg, eklen
, enum_name(&oakley_hash_names, ike_info->ike_halg)+sizeof("OAKLEY")
, ike_info->ike_halg, aklen
, enum_name(&oakley_group_names, ike_info->ike_modp)+sizeof("OAKLEY_GROUP")
, ike_info->ike_modp);
ptr+=ret;
buflen-=ret;
if (buflen<0) break;
sep = ", ";
}
}
return ptr-buf;
}
bool
xml_snk_group_end(hidrd_xml_snk_inst *xml_snk,
const char *name)
{
const group *target_group;
xmlNodePtr target_element;
assert(xml_snk->cur == NULL);
assert(name != NULL);
target_group = lookup_group(name);
/* There must be such group */
assert(target_group != NULL);
/* Look up an element with the same name up the parent stack */
for (target_element = xml_snk->prnt;
target_element != NULL && target_element->type == XML_ELEMENT_NODE;
target_element = target_element->parent)
if (strcmp((const char *)target_element->name, name) == 0)
break;
/* If not found */
if (target_element == NULL || target_element->type != XML_ELEMENT_NODE)
{
xmlNodePtr end_element;
/* Insert closing element */
end_element = target_group->create_end(xml_snk->doc, NULL);
return xmlAddChild(xml_snk->prnt, end_element) != NULL;
}
else
{
/* Break open the branch up to the target element */
if (!xml_snk_element_break_branch(target_element, xml_snk->prnt,
group_break_cb))
return false;
/* Element done */
xml_snk->prnt = target_element->parent;
}
return true;
}
void calc_ke(struct pluto_crypto_req *r)
{
MP_INT mp_g;
MP_INT secret;
chunk_t gi;
struct pcr_kenonce *kn = &r->pcr_d.kn;
const struct oakley_group_desc *group;
group = lookup_group(kn->oakley_group);
pluto_crypto_allocchunk(&kn->thespace
, &kn->secret
, LOCALSECRETSIZE);
get_rnd_bytes(wire_chunk_ptr(kn, &(kn->secret)), LOCALSECRETSIZE);
n_to_mpz(&secret, wire_chunk_ptr(kn, &(kn->secret)), LOCALSECRETSIZE);
mpz_init(&mp_g);
oswcrypto.mod_exp(&mp_g, group->generator, &secret, group->modulus);
gi = mpz_to_n(&mp_g, group->bytes);
pluto_crypto_allocchunk(&kn->thespace, &kn->gi, gi.len);
{
char *gip = wire_chunk_ptr(kn, &(kn->gi));
memcpy(gip, gi.ptr, gi.len);
}
DBG(DBG_CRYPT,
DBG_dump("Local DH secret:\n"
, wire_chunk_ptr(kn, &(kn->secret))
, LOCALSECRETSIZE);
DBG_dump_chunk("Public DH value sent:\n", gi));
/* clean up after ourselves */
mpz_clear(&mp_g);
mpz_clear(&secret);
freeanychunk(gi);
}
/*******************************************************************************
函数名称: calc_ke
功能描述: 当模长度是1024时,可以使用硬件来加速模幂运算
输入参数:
输出参数: 无
返 回 值: 无
--------------------------------------------------------------------------------
最近一次修改记录 :
修改作者: 李 志
修改目的: 性能优化
修改日期: 2011-1-15
*******************************************************************************/
void calc_ke(struct pluto_crypto_req *r)
{
s32 ret = -1;
const struct oakley_group_desc *group;
chunk_t gi;
struct pcr_kenonce *kn = &r->pcr_d.kn;
group = lookup_group(kn->oakley_group);
pluto_crypto_allocchunk(&kn->thespace, &kn->secret, LOCALSECRETSIZE);
get_rnd_bytes(wire_chunk_ptr(kn, &(kn->secret)), LOCALSECRETSIZE);
if(OAKLEY_GROUP_MODP1024 == kn->oakley_group && (!g_ipsec_device_is_dpx))
{
/*由于硬件只支持1024和512位的模运算,而ipsec最低使用768位的模运算,故只有1024位时才可以使用硬件计算*/
chunk_t secret_chunk;
IPSEC_DEBUG(DBG_CRYPT, IPSEC_dbg("hardware calc_ke mod exp, group:%d\n", kn->oakley_group););
int
alg_info_snprint_ike(char *buf, int buflen, struct alg_info_ike *alg_info)
{
char *ptr=buf;
int ret;
struct ike_info *ike_info;
int cnt;
int eklen, aklen;
struct encrypt_desc *enc_desc;
struct hash_desc *hash_desc;
ALG_INFO_IKE_FOREACH(alg_info, ike_info, cnt) {
if (ike_alg_enc_present(ike_info->ike_ealg)
&& (ike_alg_hash_present(ike_info->ike_halg))
&& (lookup_group(ike_info->ike_modp))) {
enc_desc=ike_alg_get_encrypter(ike_info->ike_ealg);
passert(enc_desc != NULL);
hash_desc=ike_alg_get_hasher(ike_info->ike_halg);
passert(hash_desc != NULL);
eklen=ike_info->ike_eklen;
if (!eklen)
eklen=enc_desc->keydeflen;
aklen=ike_info->ike_hklen;
if (!aklen)
aklen=hash_desc->hash_digest_len * BITS_PER_BYTE;
ret=snprintf(ptr, buflen, "%d_%03d-%d_%03d-%d, ",
ike_info->ike_ealg,
eklen,
ike_info->ike_halg,
aklen,
ike_info->ike_modp);
ptr+=ret;
buflen-=ret;
if (buflen<0) break;
}
}
return ptr-buf;
}
void calc_ke(struct pluto_crypto_req *r)
{
chunk_t prime;
chunk_t base;
SECKEYDHParams dhp;
PK11SlotInfo *slot = NULL;
SECKEYPrivateKey *privk;
SECKEYPublicKey *pubk;
struct pcr_kenonce *kn = &r->pcr_d.kn;
const struct oakley_group_desc *group;
group = lookup_group(kn->oakley_group);
base = mpz_to_n2(group->generator);
prime = mpz_to_n2(group->modulus);
DBG(DBG_CRYPT,DBG_dump_chunk("NSS: Value of Prime:\n", prime));
DBG(DBG_CRYPT,DBG_dump_chunk("NSS: Value of base:\n", base));
dhp.prime.data=prime.ptr;
dhp.prime.len=prime.len;
dhp.base.data=base.ptr;
dhp.base.len=base.len;
slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN,osw_return_nss_password_file_info());
if(!slot) {
loglog(RC_LOG_SERIOUS, "NSS: slot for DH key gen is NULL");
}
PR_ASSERT(slot!=NULL);
while(1) {
privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, &dhp, &pubk, PR_FALSE, PR_TRUE, osw_return_nss_password_file_info());
if(!privk) {
loglog(RC_LOG_SERIOUS, "NSS: DH private key creation failed (err %d)", PR_GetError());
}
PR_ASSERT(privk!=NULL);
if( group-> bytes == pubk->u.dh.publicValue.len ) {
DBG(DBG_CRYPT, DBG_log("NSS: generated dh priv and pub keys: %d\n", pubk->u.dh.publicValue.len));
break;
} else {
DBG(DBG_CRYPT, DBG_log("NSS: generating dh priv and pub keys"));
if (privk) SECKEY_DestroyPrivateKey(privk);
if (pubk) SECKEY_DestroyPublicKey(pubk);
}
}
pluto_crypto_allocchunk(&kn->thespace, &kn->secret, sizeof(SECKEYPrivateKey*));
{
char *gip = wire_chunk_ptr(kn, &(kn->secret));
memcpy(gip, &privk, sizeof(SECKEYPrivateKey *));
}
pluto_crypto_allocchunk(&kn->thespace, &kn->gi, pubk->u.dh.publicValue.len);
{
char *gip = wire_chunk_ptr(kn, &(kn->gi));
memcpy(gip, pubk->u.dh.publicValue.data, pubk->u.dh.publicValue.len);
}
pluto_crypto_allocchunk(&kn->thespace, &kn->pubk, sizeof(SECKEYPublicKey*));
{
char *gip = wire_chunk_ptr(kn, &(kn->pubk));
memcpy(gip, &pubk, sizeof(SECKEYPublicKey*));
}
DBG(DBG_CRYPT,
DBG_dump("NSS: Local DH secret:\n"
, wire_chunk_ptr(kn, &(kn->secret))
, sizeof(SECKEYPrivateKey*));
DBG_dump("NSS: Public DH value sent(computed in NSS):\n", wire_chunk_ptr(kn, &(kn->gi)),pubk->u.dh.publicValue.len));
DBG(DBG_CRYPT,
DBG_dump("NSS: Local DH public value (pointer):\n"
, wire_chunk_ptr(kn, &(kn->pubk))
, sizeof(SECKEYPublicKey*)));
/* clean up after ourselves */
if (slot) {
PK11_FreeSlot(slot);
}
/* if (privk){SECKEY_DestroyPrivateKey(privk);} */
/* if (pubk){SECKEY_DestroyPublicKey(pubk);} */
freeanychunk(prime);
freeanychunk(base);
}
void
dir_crawl(GTree *t, GHashTable *linkhash, GHashTable *userhash,
GHashTable *grouphash, char *path)
{
DIR *dir;
struct dirent *dent;
struct rdup *directory;
struct chown_pack *cp;
char *curpath;
gchar *lnk;
struct stat s;
struct rdup pop;
struct remove_path rp;
dev_t current_dev;
size_t curpath_len;
/* dir stack */
gint32 d = 0;
gint32 dstack_cnt = 1;
struct rdup **dirstack =
g_malloc(dstack_cnt * D_STACKSIZE * sizeof(struct rdup *));
if (!(dir = opendir(path))) {
/* non-dirs are also allowed, check for this, if it isn't give the error */
if (access(path, R_OK) == 0) {
g_free(dirstack);
return;
}
msg(_("Cannot enter directory `%s\': %s"), path, strerror(errno));
g_free(dirstack);
return;
}
/* get device */
#ifdef HAVE_DIRFD
if (fstat(dirfd(dir), &s) != 0) {
#else
if (fstat(rdup_dirfd(dir), &s) != 0) {
#endif
msg(_("Cannot determine holding device of the directory `%s\': %s"), path,
strerror(errno));
closedir(dir);
g_free(dirstack);
return;
}
current_dev = s.st_dev;
while((dent = readdir(dir))) {
if (!strcmp(dent->d_name, ".") ||
!strcmp(dent->d_name, ".."))
continue;
if (opt_chown) {
if ( !strncmp(dent->d_name, USRGRPINFO, LEN_USRGRPINFO) ) {
continue;
}
}
if (strcmp(path, "/") == 0) {
curpath = g_strdup_printf("/%s", dent->d_name);
curpath_len = strlen(curpath);
} else {
curpath = g_strdup_printf("%s/%s", path, dent->d_name);
curpath_len = strlen(curpath);
}
if (lstat(curpath, &s) != 0) {
msg(_("Could not stat path `%s\': %s"), curpath, strerror(errno));
g_free(curpath);
continue;
}
if (strchr(curpath, '\n')) {
msg(_("Newline (\\n) found in path `%s\', skipping"), curpath);
g_free(curpath);
continue;
}
if (S_ISREG(s.st_mode) || S_ISLNK(s.st_mode) ||
S_ISBLK(s.st_mode) || S_ISCHR(s.st_mode) ||
S_ISFIFO(s.st_mode) || S_ISSOCK(s.st_mode) ) {
pop.f_name = curpath;
pop.f_target = NULL;
pop.f_name_size = curpath_len;
pop.f_uid = s.st_uid;
pop.f_user = lookup_user(userhash, pop.f_uid);
pop.f_gid = s.st_gid;
pop.f_group = lookup_group(grouphash, pop.f_gid);
pop.f_ctime = s.st_ctime;
pop.f_mtime = s.st_mtime;
pop.f_atime = s.st_atime;
pop.f_mode = s.st_mode;
pop.f_size = s.st_size;
pop.f_dev = s.st_dev;
pop.f_rdev = s.st_rdev;
pop.f_ino = s.st_ino;
pop.f_lnk = 0;
if (gfunc_regexp(pregex_list, curpath, curpath_len)) {
g_free(curpath);
continue;
}
if (opt_nobackup && !strcmp(dent->d_name, NOBACKUP)) {
/* return after seeing .nobackup */
if (opt_verbose > 0) {
msg(_("%s found in '%s\'"), NOBACKUP, path);
}
/* remove all files found in this path */
rp.tree = t;
rp.len = strlen(path);
rp.path = path;
g_tree_foreach(t, gfunc_remove_path, (gpointer)&rp);
/* add .nobackup back in */
g_tree_insert(t, (gpointer) entry_dup(&pop), VALUE);
g_free(dirstack);
closedir(dir);
return;
}
/* hardlinks */
if (s.st_nlink > 1) {
if ((lnk = hlink(linkhash, &pop))) {
pop.f_target = lnk;
pop.f_lnk = 1;
}
}
if (S_ISLNK(s.st_mode))
pop.f_target = slink(&pop);
if (S_ISLNK(s.st_mode) || pop.f_lnk) {
/* fix the name and the sizes */
pop.f_size = pop.f_name_size;
pop.f_name_size += 4 + strlen(pop.f_target);
}
/* check for USRGRPINFO file */
if ( opt_chown && (cp = chown_parse(path, dent->d_name)) != NULL ) {
pop.f_uid = cp->u;
pop.f_gid = cp->g;
pop.f_user = cp->user;
pop.f_group = cp->group;
}
g_tree_insert(t, (gpointer) entry_dup(&pop), VALUE);
if (pop.f_target != NULL)
g_free(pop.f_target);
g_free(curpath);
continue;
} else if(S_ISDIR(s.st_mode)) {
/* one filesystem */
if (opt_onefilesystem && s.st_dev != current_dev) {
msg(_("Not walking into different filesystem `%s\'"), curpath);
g_free(curpath);
continue;
}
/* Exclude list */
if (gfunc_regexp(pregex_list, curpath, curpath_len)) {
g_free(curpath);
continue;
}
dirstack[d] = g_malloc(sizeof(struct rdup));
dirstack[d]->f_name = g_strdup(curpath);
dirstack[d]->f_target = NULL;
dirstack[d]->f_name_size = curpath_len;
dirstack[d]->f_uid = s.st_uid;
dirstack[d]->f_user = lookup_user(userhash, s.st_uid);
dirstack[d]->f_gid = s.st_gid;
dirstack[d]->f_group = lookup_group(grouphash, s.st_gid);
dirstack[d]->f_ctime = s.st_ctime;
dirstack[d]->f_mtime = s.st_mtime;
dirstack[d]->f_atime = s.st_atime;
dirstack[d]->f_mode = s.st_mode;
dirstack[d]->f_size = s.st_size;
dirstack[d]->f_dev = s.st_dev;
dirstack[d]->f_rdev = s.st_rdev;
dirstack[d]->f_ino = s.st_ino;
dirstack[d]->f_lnk = 0;
/* check for USRGRPINFO file */
if ( opt_chown && (cp = chown_parse(curpath, NULL)) != NULL ) {
dirstack[d]->f_uid = cp->u;
dirstack[d]->f_gid = cp->g;
dirstack[d]->f_user = cp->user;
dirstack[d]->f_group = cp->group;
}
if (d++ % D_STACKSIZE == 0) {
dirstack = g_realloc(dirstack,
++dstack_cnt * D_STACKSIZE *
sizeof(struct rdup *));
}
g_free(curpath);
continue;
} else {
if (opt_verbose > 0) {
msg(_("Neither file nor directory `%s\'"), curpath);
}
g_free(curpath);
}
}
closedir(dir);
if (opt_atime) {
/* reset dirs atime */
if (d > 0 && opt_atime) {
struct utimbuf ut;
ut.actime = dirstack[d - 1]->f_atime;
ut.modtime = dirstack[d - 1]->f_mtime;
if (utime(dirstack[d - 1]->f_name, &ut) == -1)
msg(_("Failed to reset atime: '%s\': %s"), dirstack[d - 1]->f_name, strerror(errno));
}
}
while (d > 0) {
directory = dirstack[--d];
g_tree_insert(t, (gpointer) entry_dup(directory), VALUE);
/* recurse */
/* potentially expensive operation. Better would be to when we hit
* .nobackup to go up the tree and delete some nodes.... or not */
dir_crawl(t, linkhash, userhash, grouphash, directory->f_name);
entry_free(directory);
}
g_free(dirstack);
return;
}
/* MUST BE THREAD-SAFE */
void calc_ke(struct pluto_crypto_req *r)
{
SECKEYDHParams dhp;
PK11SlotInfo *slot = NULL;
SECKEYPrivateKey *privk;
SECKEYPublicKey *pubk;
struct pcr_kenonce *kn = &r->pcr_d.kn;
const struct oakley_group_desc *group = lookup_group(kn->oakley_group);
chunk_t base = mpz_to_n_autosize(group->generator);
chunk_t prime = mpz_to_n_autosize(group->modulus);
DBG(DBG_CRYPT, DBG_dump_chunk("NSS: Value of Prime:", prime));
DBG(DBG_CRYPT, DBG_dump_chunk("NSS: Value of base:", base));
dhp.prime.data = prime.ptr;
dhp.prime.len = prime.len;
dhp.base.data = base.ptr;
dhp.base.len = base.len;
slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN,
lsw_return_nss_password_file_info());
if (slot == NULL)
loglog(RC_LOG_SERIOUS, "NSS: slot for DH key gen is NULL");
passert(slot != NULL);
for (;;) {
pubk = NULL; /* ??? is this needed? Output-only from next call? */
privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN,
&dhp, &pubk, PR_FALSE, PR_TRUE,
lsw_return_nss_password_file_info());
if (privk == NULL) {
loglog(RC_LOG_SERIOUS,
"NSS: DH private key creation failed (err %d)",
PR_GetError());
}
passert(privk != NULL && pubk != NULL);
if (group->bytes == pubk->u.dh.publicValue.len) {
DBG(DBG_CRYPT,
DBG_log("NSS: generated dh priv and pub keys: %d",
pubk->u.dh.publicValue.len));
break;
} else {
DBG(DBG_CRYPT,
DBG_log("NSS: generating dh priv and pub keys again"));
SECKEY_DestroyPrivateKey(privk);
SECKEY_DestroyPublicKey(pubk);
}
}
kn->secret = privk;
kn->pubk = pubk;
ALLOC_WIRE_CHUNK(*kn, gi, pubk->u.dh.publicValue.len);
{
unsigned char *gip = WIRE_CHUNK_PTR(*kn, gi);
memcpy(gip, pubk->u.dh.publicValue.data,
pubk->u.dh.publicValue.len);
}
DBG(DBG_CRYPT, {
DBG_log("NSS: Local DH secret (pointer): %p",
kn->secret);
DBG_dump("NSS: Public DH value sent(computed in NSS):",
WIRE_CHUNK_PTR(*kn, gi),
pubk->u.dh.publicValue.len);
});
/**
* prepend path leading up to backup directory to the tree
*/
gboolean
dir_prepend(GTree *t, char *path, GHashTable *u, GHashTable *g)
{
char *c;
char *p;
char *path2;
size_t len;
struct stat s;
struct rdup e;
path2 = g_strdup(path);
len = strlen(path);
/* add closing / */
if (path2[len - 1] != '/') {
path2 = g_realloc(path2, len + 2);
path2[len] = '/';
path2[len + 1] = '\0';
}
for (p = path2 + 1; (c = strchr(p, '/')); p++) {
*c = '\0';
if (lstat(path2, &s) != 0) {
msg(_("Could not stat path `%s\': %s"), path2, strerror(errno));
g_free(path2);
return FALSE;
}
e.f_name = path2;
e.f_target = NULL;
e.f_name_size = strlen(path2);
e.f_uid = s.st_uid;
e.f_user = lookup_user(u, e.f_uid);
e.f_gid = s.st_gid;
e.f_group = lookup_group(g, e.f_gid);
e.f_ctime = s.st_ctime;
e.f_mtime = s.st_mtime;
e.f_atime = s.st_atime;
e.f_mode = s.st_mode;
e.f_size = s.st_size;
e.f_dev = s.st_dev;
e.f_rdev = s.st_rdev;
e.f_ino = s.st_ino;
e.f_lnk = 0;
/* symlinks; also set the target */
if (S_ISLNK(s.st_mode)) {
e.f_target = slink(&e);
e.f_size = e.f_name_size;
e.f_name_size += 4 + strlen(e.f_target);
/* When we encounter a symlink on this level, it is very hard to make this
* backup work, because the target may fall out of the backup. If this
* is the case the entire backup fails. Gnu tar only show the symlink
* and then stops. We do now the same, heance the return FALSE
*/
g_tree_insert(t, (gpointer) entry_dup(&e), VALUE);
g_free(e.f_target);
g_free(path2);
return FALSE;
}
g_tree_insert(t, (gpointer) entry_dup(&e), VALUE);
*c = '/';
p = c++;
}
g_free(path2);
return TRUE;
}
static int parser_alg_info_add(struct parser_context *p_ctx
, struct alg_info *alg_info
, void (*alg_info_add)(struct alg_info *alg_info
, int ealg_id, int ek_bits
, int aalg_id, int ak_bits
, int modp_id
, bool permitmann)
, const struct oakley_group_desc *(*lookup_group)(u_int16_t group)
, bool permitike)
{
int ealg_id, aalg_id;
int modp_id = 0;
const struct oakley_group_desc *gd;
ealg_id=aalg_id=-1;
if (p_ctx->ealg_permit && *p_ctx->ealg_buf)
{
ealg_id=p_ctx->ealg_getbyname(p_ctx->ealg_buf, strlen(p_ctx->ealg_buf));
if (ealg_id==ESP_MAGIC_ID)
{
ealg_id=p_ctx->eklen;
p_ctx->eklen=0;
}
if (ealg_id<0)
{
p_ctx->err="enc_alg not found";
goto out;
}
DBG(DBG_CRYPT, DBG_log("parser_alg_info_add() " "ealg_getbyname(\"%s\")=%d", p_ctx->ealg_buf, ealg_id));
}
if (p_ctx->aalg_permit && *p_ctx->aalg_buf)
{
aalg_id=p_ctx->aalg_getbyname(p_ctx->aalg_buf, strlen(p_ctx->aalg_buf));
if (aalg_id<0)
{
p_ctx->err="hash_alg not found";
goto out;
}
DBG(DBG_CRYPT, DBG_log("parser_alg_info_add() " "aalg_getbyname(\"%s\")=%d",p_ctx->aalg_buf, aalg_id));
}
if (p_ctx->modp_getbyname && *p_ctx->modp_buf)
{
modp_id=p_ctx->modp_getbyname(p_ctx->modp_buf, strlen(p_ctx->modp_buf));
if (modp_id<0)
{
p_ctx->err="modp group not found";
goto out;
}
DBG(DBG_CRYPT, DBG_log("parser_alg_info_add() " "modp_getbyname(\"%s\")=%d", p_ctx->modp_buf, modp_id));
if (modp_id && !(gd=lookup_group(modp_id)))
{
p_ctx->err="found modp group id, but not supported";
goto out;
}
}
(*alg_info_add)(alg_info,ealg_id, p_ctx->eklen,aalg_id, p_ctx->aklen,modp_id, permitike);
return 0;
out:
return -1;
}
