vector<string> decrypt (vector<string> cipher, string keystr, primenc_et contprimenc, contenc_et contsecenc)
{
byte primdecarr[CIPHERLEN*20+1];
uint32_t i;
vector<string> decvec;
for(i=0;i<cipher.size();i++){
if(NO_PRIMENC == contprimenc){
nodec(primdecarr, cipher[i]);
}else if(BASE64 == contprimenc){
base64dec(primdecarr, cipher[i]);
}else if(BASE32 == contprimenc){
base32dec(primdecarr, cipher[i]);
}else if(BASE16 == contprimenc){
base16dec(primdecarr, cipher[i]);
}else{
throw contprimenc;
cout << "This primary encoding is not supported yet." << endl;
}
if(NO_CONTENC == contsecenc){
decvec.push_back(nocrypt(primdecarr));
}else if(AES_128 == contsecenc){
decvec.push_back(AESdec(primdecarr, keystr));
}else{
throw contsecenc;
cout << "This secondary encoding is not supported yet." << endl;
}
}
return decvec;
}
int crypt_new_1a(crypt_t c, unsigned char *key, int len)
{
unsigned char hash[32];
crypt_1a_t cs;
if(!key || len <= 0) return 1;
c->cs = malloc(sizeof(struct crypt_1a_struct));
memset(c->cs, 0, sizeof (struct crypt_1a_struct));
cs = (crypt_1a_t)c->cs;
if(len == uECC_BYTES*2)
{
memcpy(cs->id_public,key,uECC_BYTES*2);
}else{
// try to base64 decode in case that's the incoming format
if(key[len] != 0 || base64_binlength((char*)key,0) != uECC_BYTES*2 || base64dec(cs->id_public,(char*)key,0)) return -1;
}
// generate fingerprint
crypt_hash(cs->id_public,uECC_BYTES*2,hash);
// create line ephemeral key
uECC_make_key(cs->line_public, cs->line_private);
// alloc/copy in the public values (free'd by crypt_free)
c->part = malloc(32*2+1);
c->keylen = uECC_BYTES*2;
c->key = malloc(c->keylen);
memcpy(c->key,cs->id_public,uECC_BYTES*2);
util_hex(hash,32,(unsigned char*)c->part);
return 0;
}
int
decrypt_string (const char *key, const char *str, char *dest, int len)
{
BF_KEY bf_key;
uint32_t v;
size_t i;
/* Pad encoded string with 0 bits in case it's bogus */
if (!key || !key[0])
return 0;
/* length must be a multiple of BF_BLOCK encoded in base64 */
if (len % (BF_BLOCK * 6 / 4) != 0)
return 0;
BF_set_key (&bf_key, strlen (key), (const unsigned char *) key);
while (len > 0)
{
unsigned char block[BF_BLOCK] = { 0 };
for (i = v = 0; i < 6; ++i)
v |= base64dec (*str++) << (i * 6);
store32_be (block + 4, v);
for (i = v = 0; i < 6; ++i)
v |= base64dec (*str++) << (i * 6);
store32_be (block + 0, v);
BF_ecb_encrypt (block, block, &bf_key, BF_DECRYPT);
memcpy (dest, block, BF_BLOCK);
dest += BF_BLOCK;
len -= BF_BLOCK * 6 / 4;
}
*dest++ = 0;
return 1;
}
int crypt_private_1a(crypt_t c, unsigned char *key, int len)
{
crypt_1a_t cs = (crypt_1a_t)c->cs;
if(!key || len <= 0) return 1;
if(len == uECC_BYTES)
{
memcpy(cs->id_private,key,uECC_BYTES);
}else{
// try to base64 decode in case that's the incoming format
if(key[len] != 0 || base64_binlength((char*)key,0) != uECC_BYTES || base64dec(cs->id_private,(char*)key,0)) return -1;
}
c->isprivate = 1;
return 0;
}
int main(int argc, char** argv) {
int ret = 0, tests = 0;
char b64str[64+1];
unsigned char raw[BASE64DEC_BYTES(64)+1];
T(1 == 1);
T(BASE64ENC_BYTES(0) == 0);
T(BASE64ENC_BYTES(1) == 4);
T(BASE64ENC_BYTES(2) == 4);
T(BASE64ENC_BYTES(3) == 4);
T(BASE64ENC_BYTES(4) == 8);
T(BASE64ENC_BYTES(5) == 8);
T(BASE64ENC_BYTES(6) == 8);
T(BASE64ENC_BYTES(7) == 12);
T(BASE64DEC_BYTES(12) == 9);
T(BASE64DEC_BYTES(8) == 6);
T(BASE64DEC_BYTES(4) == 3);
base64enc(b64str, U"a", 1);
T(str_equal(b64str, "YQ=="));
T(base64dec(raw, b64str, sizeof raw) == 1);
T(str_equal(C raw, "a"));
base64enc(b64str, U"aa", 2);
T(str_equal(b64str, "YWE="));
T(base64dec(raw, b64str, sizeof raw) == 2);
T(str_equal(C raw, "aa"));
base64enc(b64str, U"aaa", 3);
T(str_equal(b64str, "YWFh"));
T(base64dec(raw, b64str, sizeof raw) == 3);
T(str_equal(C raw, "aaa"));
T(base64enc_str(b64str, U"AAAA", sizeof 2) == 0);
T(base64enc_str(b64str, U"AAAA", sizeof b64str) == 1);
T(str_equal(b64str, "QUFBQQ=="));
T(base64dec(raw, b64str, sizeof raw) == 4);
T(str_equal(C raw, "AAAA"));
base64enc(b64str, U"AAAA", 4);
T(str_equal(b64str, "QUFBQQ=="));
T(base64dec(raw, b64str, sizeof raw) == 4);
T(str_equal(C raw, "AAAA"));
base64enc(b64str, U"\x01\x02\x03\x04\x05", 5);
T(str_equal(b64str, "AQIDBAU="));
T(base64dec(raw, b64str, sizeof raw) == 5);
T(str_equal(C raw, "\x01\x02\x03\x04\x05"));
T(base64dec(raw, "=QIDBAU=", sizeof raw) == 0);
T(base64dec(raw, "AQ(DBAU=", sizeof raw) == 0);
T(base64dec(raw, "AQIDB@U=", sizeof raw) == 0);
T(base64dec(raw, "AQIDBAU==", sizeof raw) == 0);
T(base64dec(raw, "AQIDB===", sizeof raw) == 0);
base64enc(b64str, U"\x26\xC7\x1B\x28\xFE\xB0\x90\x08\x5A\xDE\xC6\xE0\xF0\xF4\x76\xDD", 16);
T(str_equal(b64str, "JscbKP6wkAha3sbg8PR23Q=="));
T(base64dec(raw, b64str, sizeof raw) == 16);
T(str_equal(C raw, "\x26\xC7\x1B\x28\xFE\xB0\x90\x08\x5A\xDE\xC6\xE0\xF0\xF4\x76\xDD"));
base64enc(b64str, U"\xF3\x9B\x70\xA5\x63\xFA\x54\x86\xD1", 9);
T(str_equal(b64str, "85twpWP6VIbR"));
T(base64dec(raw, b64str, sizeof raw) == 9);
T(str_equal(C raw, "\xF3\x9B\x70\xA5\x63\xFA\x54\x86\xD1"));
printf("%d out of %d tests failed.\n", ret, tests);
return ret;
}
int sspi_auth_protocol_connect(const struct protocol_interface *protocol, const char *auth_string)
{
char *protocols;
const char *proto;
int fdin, fdout, fderr;
int l;
short len;
char line[1024];
char buf[1024];
int first;
if (!strcmp (auth_string, "BEGIN SSPI"))
sspi_protocol_interface.verify_only = 0;
else
return CVSPROTO_NOTME;
server_getline(protocol, &protocols, 1024);
if(!protocols)
{
server_printf("Nope!\n");
return CVSPROTO_FAIL;
}
else if(strstr(protocols,"Negotiate"))
proto="Negotiate";
else if(strstr(protocols,"NTLM"))
proto="NTLM";
else
{
server_printf("Nope!\n");
return CVSPROTO_FAIL;
}
free(protocols);
server_printf("%s\n",proto); /* We have negotiated NTLM */
if(run_command(winbindwrapper, &fdin, &fdout, &fderr))
return CVSPROTO_FAIL;
first=1;
do
{
read(current_server()->in_fd,&len,2);
len=ntohs(len);
l=read(current_server()->in_fd,buf,len);
if(l<0)
return CVSPROTO_FAIL;
if(first)
strcpy(line,"YR ");
else
strcpy(line,"KK ");
first = 0;
l=base64enc((unsigned char *)buf,(unsigned char *)line+3,len);
strcat(line,"\n");
write(fdin, line, strlen(line));
l=read(fdout, line, sizeof(line));
if(l<0)
return CVSPROTO_FAIL;
line[l]='\0';
if(line[0]=='T' && line[1]=='T')
{
len=base64dec((unsigned char *)line+3,(unsigned char *)buf,l-4);
base64enc((unsigned char *)buf,(unsigned char *)line+3,len);
len=htons(len);
write(current_server()->out_fd,&len,2);
write(current_server()->out_fd,buf,ntohs(len));
}
} while(line[0]=='T' && line[1]=='T');
if(line[0]!='A' || line[1]!='F')
return CVSPROTO_FAIL;
close(fdin);
close(fdout);
close(fderr);
line[strlen(line)-1]='\0';
sspi_protocol_interface.auth_username = strdup(line+3);
/* Get the repository details for checking */
server_getline (protocol, &sspi_protocol_interface.auth_repository, 4096);
return CVSPROTO_SUCCESS;
}
string b64AESdec(string b64cipher, string keystr)
{
byte b64decarr[CIPHERLEN*8/6*4+1];
base64dec(b64decarr, b64cipher);
return AESdec(b64decarr, keystr);
}
void base64dec(byte* dec, string base64str)
{
base64dec(dec, (byte*) base64str.c_str(), base64str.size());
}
