string_t * bits_encode(const bits_t *in) { string_t *ret; size_t len; char *out; u_int32_t *tmp; if (!in) return NULL; /* compute the total size of the input stream */ len = BITS2BYTES(in->length) + sizeof(*tmp); tmp = emalloc(len); out = emalloc(len * 2); /* stuff the length up front */ *tmp = htonl(in->length); (void)memcpy(tmp + 1, in->text, len - sizeof(*tmp)); if ((len = __b64_ntop((void *)tmp, len, out, len * 2)) == (size_t)-1) { free(out); free(tmp); return NULL; } ret = string_new(out, len); free(tmp); free(out); return ret; }
char * host_hash(const char *host, const char *name_from_hostfile, u_int src_len) { struct ssh_hmac_ctx *ctx; u_char salt[256], result[256]; char uu_salt[512], uu_result[512]; static char encoded[1024]; u_int i, len; len = ssh_digest_bytes(SSH_DIGEST_SHA1); if (name_from_hostfile == NULL) { /* Create new salt */ for (i = 0; i < len; i++) salt[i] = arc4random(); } else { /* Extract salt from known host entry */ if (extract_salt(name_from_hostfile, src_len, salt, sizeof(salt)) == -1) return (NULL); } if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL || ssh_hmac_init(ctx, salt, len) < 0 || ssh_hmac_update(ctx, host, strlen(host)) < 0 || ssh_hmac_final(ctx, result, sizeof(result))) fatal("%s: ssh_hmac failed", __func__); ssh_hmac_free(ctx); if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) fatal("%s: __b64_ntop failed", __func__); snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, HASH_DELIM, uu_result); return (encoded); }
char * host_hash(const char *host, const char *name_from_hostfile, u_int src_len) { const EVP_MD *md = EVP_sha1(); HMAC_CTX mac_ctx; u_char salt[256], result[256]; char uu_salt[512], uu_result[512]; static char encoded[1024]; u_int i, len; len = EVP_MD_size(md); if (name_from_hostfile == NULL) { /* Create new salt */ for (i = 0; i < len; i++) salt[i] = arc4random(); } else { /* Extract salt from known host entry */ if (extract_salt(name_from_hostfile, src_len, salt, sizeof(salt)) == -1) return (NULL); } HMAC_Init(&mac_ctx, salt, len, md); HMAC_Update(&mac_ctx, __UNCONST(host), strlen(host)); HMAC_Final(&mac_ctx, result, NULL); HMAC_cleanup(&mac_ctx); if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) fatal("host_hash: __b64_ntop failed"); snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, HASH_DELIM, uu_result); return (encoded); }
static int rdata_base64_to_string(buffer_type *output, rdata_atom_type rdata, rr_type* ATTR_UNUSED(rr)) { int length; size_t size = rdata_atom_size(rdata); if(size == 0) return 1; buffer_reserve(output, size * 2 + 1); length = __b64_ntop(rdata_atom_data(rdata), size, (char *) buffer_current(output), size * 2); if (length > 0) { buffer_skip(output, length); } return length != -1; }
static int lka_credentials(const char *tablename, const char *label, char *dst, size_t sz) { struct table *table; union lookup lk; char *buf; int buflen, r; table = table_find(tablename, NULL); if (table == NULL) { log_warnx("warn: credentials table %s missing", tablename); return (LKA_TEMPFAIL); } dst[0] = '\0'; switch(table_lookup(table, label, K_CREDENTIALS, &lk)) { case -1: log_warnx("warn: credentials lookup fail for %s:%s", tablename, label); return (LKA_TEMPFAIL); case 0: log_warnx("warn: credentials not found for %s:%s", tablename, label); return (LKA_PERMFAIL); default: if ((buflen = asprintf(&buf, "%c%s%c%s", '\0', lk.creds.username, '\0', lk.creds.password)) == -1) { log_warn("warn"); return (LKA_TEMPFAIL); } r = __b64_ntop((unsigned char *)buf, buflen, dst, sz); free(buf); if (r == -1) { log_warnx("warn: credentials parse error for %s:%s", tablename, label); return (LKA_TEMPFAIL); } return (LKA_OK); } }
static int lka_encode_credentials(char *dst, size_t size, struct map_credentials *map_credentials) { char *buf; int buflen; if ((buflen = asprintf(&buf, "%c%s%c%s", '\0', map_credentials->username, '\0', map_credentials->password)) == -1) fatal(NULL); if (__b64_ntop((unsigned char *)buf, buflen, dst, size) == -1) { free(buf); return 0; } free(buf); return 1; }
int base64_encode(unsigned char const *src, size_t srclen, char *dest, size_t destsize) { return __b64_ntop(src, srclen, dest, destsize); }
/* * Encode binary 'src' of length 'srclength', writing base64-encoded text * to 'target' of size 'targsize'. Will always nul-terminate 'target'. * Returns the number of bytes stored in 'target' or -1 on error (inc. * 'targsize' too small). */ int uuencode(const u_char *src, u_int srclength, char *target, size_t targsize) { return __b64_ntop(src, srclength, target, targsize); }
char * ssh_gssapi_client_mechanisms(const char *host) { gss_OID_set supported; OM_uint32 min_status; Buffer buf; int i = 0; char *mechs; char *encoded; int enclen; char digest[EVP_MAX_MD_SIZE]; char deroid[2]; const EVP_MD *evp_md = EVP_md5(); EVP_MD_CTX md; int oidpos=0; gss_indicate_mechs(&min_status,&supported); if (datafellows & SSH_BUG_GSSAPI_BER) { gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping) *((supported->count*2)+1)); } else { gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping) *(supported->count+1)); } buffer_init(&buf); for (i=0;i<supported->count;i++) { gss_enc2oid[oidpos].encoded=NULL; if (supported->elements[i].length<128 && ssh_gssapi_check_mechanism(&(supported->elements[i]),host)) { /* Earlier versions of this code interpreted the * spec incorrectly with regard to OID encoding. They * also mis-encoded the krb5 OID. The following * _temporary_ code interfaces with these broken * servers */ if (datafellows & SSH_BUG_GSSAPI_BER) { char *bodge=NULL; gss_OID_desc krb5oid={9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"}; gss_OID_desc gsioid={9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"}; if (supported->elements[i].length==krb5oid.length && memcmp(supported->elements[i].elements, krb5oid.elements, krb5oid.length)==0) { bodge="Se3H81ismmOC3OE+FwYCiQ=="; } if (supported->elements[i].length==gsioid.length && memcmp(supported->elements[i].elements, gsioid.elements, gsioid.length)==0) { bodge="N3+k7/4wGxHyuP8Yxi4RhA=="; } if (bodge) { if (oidpos!=0) { buffer_put_char(&buf,','); } buffer_append(&buf, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1); buffer_append(&buf, bodge, strlen(bodge)); gss_enc2oid[oidpos].oid=&(supported->elements[i]); gss_enc2oid[oidpos].encoded=bodge; oidpos++; } } /* Add the required DER encoding octets and MD5 hash */ deroid[0]=0x06; /* Object Identifier */ deroid[1]=supported->elements[i].length; EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md,deroid,2); EVP_DigestUpdate(&md, supported->elements[i].elements, supported->elements[i].length); EVP_DigestFinal(&md, digest, NULL); /* Base64 encode it */ encoded=xmalloc(EVP_MD_size(evp_md)*2); enclen=__b64_ntop(digest, EVP_MD_size(evp_md), encoded,EVP_MD_size(evp_md)*2); if (oidpos!=0) { buffer_put_char(&buf,','); } buffer_append(&buf, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1); buffer_append(&buf, encoded, enclen); debug("Mechanism encoded as %s",encoded); gss_enc2oid[oidpos].oid=&(supported->elements[i]); gss_enc2oid[oidpos].encoded=encoded; oidpos++; } } gss_enc2oid[oidpos].oid=NULL; gss_enc2oid[oidpos].encoded=NULL; buffer_put_char(&buf,'\0'); mechs=xmalloc(buffer_len(&buf)); buffer_get(&buf,mechs,buffer_len(&buf)); buffer_free(&buf); if (strlen(mechs)==0) return(NULL); else return(mechs); }
char * ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, const char *host, const char *client) { Buffer buf; size_t i; int oidpos, enclen; char *mechs, *encoded; u_char digest[EVP_MAX_MD_SIZE]; char deroid[2]; const EVP_MD *evp_md = EVP_md5(); EVP_MD_CTX md; if (gss_enc2oid != NULL) { for (i = 0; gss_enc2oid[i].encoded != NULL; i++) free(gss_enc2oid[i].encoded); free(gss_enc2oid); } gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) * (gss_supported->count + 1)); buffer_init(&buf); oidpos = 0; for (i = 0; i < gss_supported->count; i++) { if (gss_supported->elements[i].length < 128 && (*check)(NULL, &(gss_supported->elements[i]), host, client)) { deroid[0] = SSH_GSS_OIDTYPE; deroid[1] = gss_supported->elements[i].length; EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, deroid, 2); EVP_DigestUpdate(&md, gss_supported->elements[i].elements, gss_supported->elements[i].length); EVP_DigestFinal(&md, digest, NULL); encoded = xmalloc(EVP_MD_size(evp_md) * 2); enclen = __b64_ntop(digest, EVP_MD_size(evp_md), encoded, EVP_MD_size(evp_md) * 2); if (oidpos != 0) buffer_put_char(&buf, ','); buffer_append(&buf, KEX_GSS_GEX_SHA1_ID, sizeof(KEX_GSS_GEX_SHA1_ID) - 1); buffer_append(&buf, encoded, enclen); buffer_put_char(&buf, ','); buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID, sizeof(KEX_GSS_GRP1_SHA1_ID) - 1); buffer_append(&buf, encoded, enclen); buffer_put_char(&buf, ','); buffer_append(&buf, KEX_GSS_GRP14_SHA1_ID, sizeof(KEX_GSS_GRP14_SHA1_ID) - 1); buffer_append(&buf, encoded, enclen); gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]); gss_enc2oid[oidpos].encoded = encoded; oidpos++; } } gss_enc2oid[oidpos].oid = NULL; gss_enc2oid[oidpos].encoded = NULL; buffer_put_char(&buf, '\0'); mechs = xmalloc(buffer_len(&buf)); buffer_get(&buf, mechs, buffer_len(&buf)); buffer_free(&buf); if (strlen(mechs) == 0) { free(mechs); mechs = NULL; } return (mechs); }