blob variant::as_blob()const
{
switch( get_type() )
{
case null_type:
return blob();
case blob_type:
return get_blob();
case string_type:
{
const string& str = get_string();
if( str.size() == 0 ) return blob();
if( str.back() == '=' )
{
std::string b64 = base64_decode( get_string() );
return blob( { std::vector<char>( b64.begin(), b64.end() ) } );
}
return blob( { std::vector<char>( str.begin(), str.end() ) } );
}
case object_type:
case array_type:
FC_THROW_EXCEPTION( bad_cast_exception, "Invalid cast from ${type} to Blob", ("type",get_type()) );
default:
return blob( { std::vector<char>( (char*)&_data, (char*)&_data + sizeof(_data) ) } );
}
}
bool Session_Manager_SQL::load_from_server_info(const Server_Information& server,
Session& session)
{
auto stmt = m_db->new_statement("select session from tls_sessions"
" where hostname = ?1 and hostport = ?2"
" order by session_start desc");
stmt->bind(1, server.hostname());
stmt->bind(2, server.port());
while(stmt->step())
{
std::pair<const byte*, size_t> blob = stmt->get_blob(0);
try
{
session = Session::decrypt(blob.first, blob.second, m_session_key);
return true;
}
catch(...)
{
}
}
return false;
}
void ImageBlobs::mark_blobs_on_image()
{
for (unsigned int i = 0; i < get_blobs_number(); i++) {
const struct Blob* blob = get_blob(i);
for (unsigned int j = 0; j < (unsigned int)blob->elements_number; j++) {
const struct Element& element = blob->elements[j];
(*m_image)(element.coord.y, element.coord.x) = i + 1;
}
}
}
string variant::as_string()const
{
switch( get_type() )
{
case string_type:
return **reinterpret_cast<const const_string_ptr*>(this);
case double_type:
return to_string(*reinterpret_cast<const double*>(this));
case int64_type:
return to_string(*reinterpret_cast<const int64_t*>(this));
case uint64_type:
return to_string(*reinterpret_cast<const uint64_t*>(this));
case bool_type:
return *reinterpret_cast<const bool*>(this) ? "true" : "false";
case blob_type:
if( get_blob().data.size() )
return base64_encode( get_blob().data.data(), get_blob().data.size() ) + "=";
return string();
case null_type:
return string();
default:
FC_THROW_EXCEPTION( bad_cast_exception, "Invalid cast from ${type} to string", ("type", get_type() ) );
}
}
std::vector<std::shared_ptr<const X509_Certificate>>
Certificate_Store_In_SQL::find_certs_for_key(const Private_Key& key) const
{
auto fpr = key.fingerprint("SHA-256");
auto stmt = m_database->new_statement("SELECT certificate FROM " + m_prefix + "certificates WHERE priv_fingerprint == ?1");
stmt->bind(1,fpr);
std::vector<std::shared_ptr<const X509_Certificate>> certs;
while(stmt->step())
{
auto blob = stmt->get_blob(0);
certs.push_back(std::make_shared<X509_Certificate>(
std::vector<uint8_t>(blob.first,blob.first + blob.second)));
}
return certs;
}
// Private key handling
std::shared_ptr<const Private_Key> Certificate_Store_In_SQL::find_key(const X509_Certificate& cert) const
{
auto stmt = m_database->new_statement("SELECT key FROM " + m_prefix + "keys "
"JOIN " + m_prefix + "certificates ON " +
m_prefix + "keys.fingerprint == " + m_prefix + "certificates.priv_fingerprint "
"WHERE " + m_prefix + "certificates.fingerprint == ?1");
stmt->bind(1,cert.fingerprint("SHA-256"));
std::shared_ptr<const Private_Key> key;
while(stmt->step())
{
auto blob = stmt->get_blob(0);
DataSource_Memory src(blob.first,blob.second);
key.reset(PKCS8::load_key(src, m_rng, m_password));
}
return key;
}
std::vector<X509_DN> Certificate_Store_In_SQL::all_subjects() const
{
std::vector<X509_DN> ret;
auto stmt = m_database->new_statement("SELECT subject_dn FROM " + m_prefix + "certificates");
while(stmt->step())
{
auto blob = stmt->get_blob(0);
BER_Decoder dec(blob.first,blob.second);
X509_DN dn;
dn.decode_from(dec);
ret.push_back(dn);
}
return ret;
}
bool Session_Manager_SQL::load_from_session_id(const std::vector<byte>& session_id,
Session& session)
{
auto stmt = m_db->new_statement("select session from tls_sessions where session_id = ?1");
stmt->bind(1, hex_encode(session_id));
while(stmt->step())
{
std::pair<const byte*, size_t> blob = stmt->get_blob(0);
try
{
session = Session::decrypt(blob.first, blob.second, m_session_key);
return true;
}
catch(...)
{
}
}
return false;
}
ssize_t stringtbl::locate(const blob & search, const blob_comparator * blob_cmp, bool do_lock) const
{
scopelock scope(fp->lock, do_lock);
/* binary search */
ssize_t min = 0, max = count - 1;
while(min <= max)
{
int c;
/* watch out for overflow! */
ssize_t index = min + (max - min) / 2;
blob value = get_blob(index);
if(!value.exists())
return -1;
c = blob_cmp ? blob_cmp->compare(value, search) : value.compare(search);
if(c < 0)
min = index + 1;
else if(c > 0)
max = index - 1;
else
return index;
}
return -1;
}
std::vector<X509_CRL> Certificate_Store_In_SQL::generate_crls() const
{
auto stmt = m_database->new_statement(
"SELECT certificate,reason,time FROM " + m_prefix + "revoked "
"JOIN " + m_prefix + "certificates ON " +
m_prefix + "certificates.fingerprint == " + m_prefix + "revoked.fingerprint");
std::map<X509_DN,std::vector<CRL_Entry>> crls;
while(stmt->step())
{
auto blob = stmt->get_blob(0);
auto cert = X509_Certificate(
std::vector<uint8_t>(blob.first,blob.first + blob.second));
auto code = static_cast<CRL_Code>(stmt->get_size_t(1));
auto ent = CRL_Entry(cert,code);
auto i = crls.find(cert.issuer_dn());
if(i == crls.end())
{
crls.insert(std::make_pair(cert.issuer_dn(),std::vector<CRL_Entry>({ent})));
}
else
{
i->second.push_back(ent);
}
}
std::vector<X509_CRL> ret;
X509_Time t(std::chrono::system_clock::now());
for(auto p: crls)
{
ret.push_back(X509_CRL(p.first,t,t,p.second));
}
return ret;
}
Session_Manager_SQL::Session_Manager_SQL(std::shared_ptr<SQL_Database> db,
const std::string& passphrase,
RandomNumberGenerator& rng,
size_t max_sessions,
std::chrono::seconds session_lifetime) :
m_db(db),
m_rng(rng),
m_max_sessions(max_sessions),
m_session_lifetime(session_lifetime)
{
m_db->create_table(
"create table if not exists tls_sessions "
"("
"session_id TEXT PRIMARY KEY, "
"session_start INTEGER, "
"hostname TEXT, "
"hostport INTEGER, "
"session BLOB"
")");
m_db->create_table(
"create table if not exists tls_sessions_metadata "
"("
"passphrase_salt BLOB, "
"passphrase_iterations INTEGER, "
"passphrase_check INTEGER "
")");
const size_t salts = m_db->row_count("tls_sessions_metadata");
if(salts == 1)
{
// existing db
auto stmt = m_db->new_statement("select * from tls_sessions_metadata");
if(stmt->step())
{
std::pair<const byte*, size_t> salt = stmt->get_blob(0);
const size_t iterations = stmt->get_size_t(1);
const size_t check_val_db = stmt->get_size_t(2);
size_t check_val_created;
m_session_key = derive_key(passphrase,
salt.first,
salt.second,
iterations,
check_val_created);
if(check_val_created != check_val_db)
throw std::runtime_error("Session database password not valid");
}
}
else
{
// maybe just zap the salts + sessions tables in this case?
if(salts != 0)
throw std::runtime_error("Seemingly corrupted database, multiple salts found");
// new database case
std::vector<byte> salt = unlock(rng.random_vec(16));
const size_t iterations = 256 * 1024;
size_t check_val = 0;
m_session_key = derive_key(passphrase, salt.data(), salt.size(),
iterations, check_val);
auto stmt = m_db->new_statement("insert into tls_sessions_metadata values(?1, ?2, ?3)");
stmt->bind(1, salt);
stmt->bind(2, iterations);
stmt->bind(3, check_val);
stmt->spin();
}
}
int main()
{
auto b = get_blob();
modify_blob(b);
set_blob(b);
}
void *ssh_fastalloc_alloc(SshFastMemoryAllocator a)
{
return get_blob(a);
}
int
main(int argc, const char * argv[])
{
uint32_t status;
int rcent;
pid_t pid;
pid = getpid();
if (get_blob(pid, CS_OPS_ENTITLEMENTS_BLOB))
errx(1, "failed to get entitlements");
if (get_blob(0, CS_OPS_ENTITLEMENTS_BLOB))
errx(1, "failed to get entitlements");
if (get_blob(pid, CS_OPS_BLOB))
errx(1, "failed to get blob");
if (get_blob(0, CS_OPS_BLOB))
errx(1, "failed to get blob");
if (get_blob(pid, CS_OPS_IDENTITY))
errx(1, "failed to get identity");
if (get_blob(0, CS_OPS_IDENTITY))
errx(1, "failed to get identity");
rcent = csops(pid, CS_OPS_SET_STATUS, &status, sizeof(status) - 1);
if (rcent == 0)
err(1, "passed when passed in too short status buffer");
status = htonl(CS_RESTRICT);
rcent = csops(pid, CS_OPS_SET_STATUS, &status, sizeof(status));
if (rcent != 0)
errx(1, "failed to mark proc RESTRICTED");
rcent = csops(pid, CS_OPS_MARKINVALID, NULL, 0);
if (rcent != 0)
errx(1, "failed to mark proc invalid");
status = htonl(CS_VALID);
rcent = csops(pid, CS_OPS_SET_STATUS, &status, sizeof(status));
if (rcent == 0)
errx(1, "managed set flags on an INVALID proc");
if (!get_blob(pid, CS_OPS_ENTITLEMENTS_BLOB))
errx(1, "got entitlements while invalid");
if (!get_blob(pid, CS_OPS_IDENTITY))
errx(1, "got identity");
if (!get_blob(0, CS_OPS_IDENTITY))
errx(1, "got identity");
if (!get_blob(pid, CS_OPS_BLOB))
errx(1, "got blob");
return 0;
}
