static DATA_BLOB *encrypt_blob(struct torture_context *tctx,
TALLOC_CTX *mem_ctx,
DATA_BLOB *key,
DATA_BLOB *iv,
DATA_BLOB *to_encrypt,
const AlgorithmIdentifier *alg)
{
hx509_crypto crypto;
hx509_context hctx;
heim_octet_string ivos;
heim_octet_string *encrypted;
DATA_BLOB *blob = talloc_zero(mem_ctx, DATA_BLOB);
int res;
ivos.data = talloc_array(mem_ctx, uint8_t, iv->length);
ivos.length = iv->length;
memcpy(ivos.data, iv->data, iv->length);
hx509_context_init(&hctx);
res = hx509_crypto_init(hctx, NULL, &alg->algorithm, &crypto);
if (res) {
torture_comment(tctx,
"error while doing the init of the crypto object\n");
hx509_context_free(&hctx);
return NULL;
}
res = hx509_crypto_set_key_data(crypto, key->data, key->length);
if (res) {
torture_comment(tctx,
"error while setting the key of the crypto object\n");
hx509_context_free(&hctx);
return NULL;
}
hx509_crypto_set_padding(crypto, HX509_CRYPTO_PADDING_NONE);
res = hx509_crypto_encrypt(crypto,
to_encrypt->data,
to_encrypt->length,
&ivos,
&encrypted);
if (res) {
torture_comment(tctx, "error while encrypting\n");
hx509_crypto_destroy(crypto);
hx509_context_free(&hctx);
return NULL;
}
*blob = data_blob_talloc(blob, encrypted->data, encrypted->length);
der_free_octet_string(encrypted);
free(encrypted);
hx509_crypto_destroy(crypto);
hx509_context_free(&hctx);
return blob;
}
/*
* Encrypt a blob with the private key of the certificate
* passed as a parameter.
*/
static DATA_BLOB *encrypt_blob_pk(struct torture_context *tctx,
TALLOC_CTX *mem_ctx,
uint8_t *cert_data,
uint32_t cert_len,
DATA_BLOB *to_encrypt)
{
hx509_context hctx;
hx509_cert cert;
heim_octet_string secretdata;
heim_octet_string encrypted;
heim_oid encryption_oid;
DATA_BLOB *blob;
int hret;
hx509_context_init(&hctx);
hret = hx509_cert_init_data(hctx, cert_data, cert_len, &cert);
if (hret) {
torture_comment(tctx, "error while loading the cert\n");
hx509_context_free(&hctx);
return NULL;
}
secretdata.data = to_encrypt->data;
secretdata.length = to_encrypt->length;
hret = hx509_cert_public_encrypt(hctx, &secretdata,
cert, &encryption_oid,
&encrypted);
hx509_cert_free(cert);
hx509_context_free(&hctx);
if (hret) {
torture_comment(tctx, "error while encrypting\n");
return NULL;
}
blob = talloc_zero(mem_ctx, DATA_BLOB);
if (blob == NULL) {
der_free_oid(&encryption_oid);
der_free_octet_string(&encrypted);
return NULL;
}
*blob = data_blob_talloc(blob, encrypted.data, encrypted.length);
der_free_octet_string(&encrypted);
der_free_oid(&encryption_oid);
if (blob->data == NULL) {
return NULL;
}
return blob;
}
int
main(int argc, char **argv)
{
hx509_context context;
int ret = 0;
ret = hx509_context_init(&context);
if (ret)
errx(1, "hx509_context_init failed with %d", ret);
ret += test_name(context, "CN=foo,C=SE");
ret += test_name(context, "CN=foo,CN=kaka,CN=FOO,DC=ad1,C=SE");
ret += test_name(context, "1.2.3.4=foo,C=SE");
ret += test_name_fail(context, "=");
ret += test_name_fail(context, "CN=foo,=foo");
ret += test_name_fail(context, "CN=foo,really-unknown-type=foo");
ret += test_expand(context, "UID=${uid},C=SE", "UID=lha,C=SE");
ret += test_expand(context, "UID=foo${uid},C=SE", "UID=foolha,C=SE");
ret += test_expand(context, "UID=${uid}bar,C=SE", "UID=lhabar,C=SE");
ret += test_expand(context, "UID=f${uid}b,C=SE", "UID=flhab,C=SE");
ret += test_expand(context, "UID=${uid}${uid},C=SE", "UID=lhalha,C=SE");
ret += test_expand(context, "UID=${uid}{uid},C=SE", "UID=lha{uid},C=SE");
ret += test_compare(context);
hx509_context_free(&context);
return ret;
}
/*
* Certs used for this protocol have a GUID in the issuer_uniq_id field.
* This function fetch it.
*/
static struct GUID *get_cert_guid(struct torture_context *tctx,
TALLOC_CTX *mem_ctx,
uint8_t *cert_data,
uint32_t cert_len)
{
hx509_context hctx;
hx509_cert cert;
heim_bit_string subjectuniqid;
DATA_BLOB data;
int hret;
uint32_t size;
struct GUID *guid = talloc_zero(mem_ctx, struct GUID);
NTSTATUS status;
hx509_context_init(&hctx);
hret = hx509_cert_init_data(hctx, cert_data, cert_len, &cert);
if (hret) {
torture_comment(tctx, "error while loading the cert\n");
hx509_context_free(&hctx);
return NULL;
}
hret = hx509_cert_get_issuer_unique_id(hctx, cert, &subjectuniqid);
if (hret) {
torture_comment(tctx, "error while getting the issuer_uniq_id\n");
hx509_cert_free(cert);
hx509_context_free(&hctx);
return NULL;
}
/* The subjectuniqid is a bit string,
* which means that the real size has to be divided by 8
* to have the number of bytes
*/
hx509_cert_free(cert);
hx509_context_free(&hctx);
size = subjectuniqid.length / 8;
data = data_blob_const(subjectuniqid.data, size);
status = GUID_from_data_blob(&data, guid);
der_free_bit_string(&subjectuniqid);
if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
return guid;
}
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_context(krb5_context context)
{
if (context->default_cc_name)
free(context->default_cc_name);
if (context->default_cc_name_env)
free(context->default_cc_name_env);
if (context->config_files)
krb5_free_config_files(context->config_files);
free(context->etypes);
free(context->etypes_des);
heim_release(context->default_realms);
krb5_config_file_free (context, context->cf);
free_error_table (context->et_list);
free(rk_UNCONST(context->cc_ops));
free(context->kt_types);
krb5_clear_error_message(context);
if (context->warn_dest != NULL)
krb5_closelog(context, context->warn_dest);
if (context->debug_dest != NULL)
krb5_closelog(context, context->debug_dest);
krb5_set_extra_addresses(context, NULL);
krb5_set_ignore_addresses(context, NULL);
#ifndef HEIMDAL_SMALLER
krb5_set_send_to_kdc_func(context, NULL, NULL);
#endif
#ifdef PKINIT
if (context->hx509ctx)
hx509_context_free(&context->hx509ctx);
#endif
HEIMDAL_MUTEX_destroy(context->mutex);
free(context->mutex);
if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
rk_SOCK_EXIT();
}
memset(context, 0, sizeof(*context));
free(context);
}
