/* Derive a usage key from a session key and krb5 usage constant. */ static krb5_error_code usage_key(const struct krb5_enc_provider *enc, const struct krb5_hash_provider *hash, const krb5_keyblock *session_keyblock, krb5_keyusage usage, krb5_keyblock *out) { char salt_buf[14]; unsigned int salt_len; krb5_data out_data = make_data(out->contents, out->length); krb5_crypto_iov iov; krb5_keyusage ms_usage; /* Generate the salt. */ ms_usage = krb5int_arcfour_translate_usage(usage); if (session_keyblock->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { memcpy(salt_buf, l40, 10); store_32_le(ms_usage, salt_buf + 10); salt_len = 14; } else { store_32_le(ms_usage, salt_buf); salt_len = 4; } /* Compute HMAC(key, salt) to produce the usage key. */ iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data = make_data(salt_buf, salt_len); return krb5int_hmac_keyblock(hash, session_keyblock, &iov, 1, &out_data); }
int main(int argc, char **argv) { size_t size = 0; DataBuf buf; char *data; assert(databuf_init(&buf, size, DATABUF_FLAG_STRING)); databuf_print(&buf, 1, "after init size=%d", size); #if 1 data = "a"; assert(databuf_strcat(&buf, data)); databuf_print(&buf, 1, "after strcat(%s)", data); data = "bb"; assert(databuf_strcat(&buf, data)); databuf_print(&buf, 1, "after strcat(%s)", data); data = "ccc"; assert(databuf_strcat(&buf, data)); databuf_print(&buf, 1, "after strcat(%s)", data); #endif data = databuf_export(&buf); printf("concatenation=\"%s\"\n", data); free(data); #if 0 assert(databuf_init(&buf, size, 0)); databuf_print(&buf, 1, "after init size=%d", size); size = 8; data = make_data(size, "a"); assert(databuf_append(&buf, data, size)); databuf_print(&buf, 1, "after append size=%d", size); assert(databuf_append(&buf, data, size)); free(data); databuf_print(&buf, 1, "after append size=%d", size); assert(databuf_advance(&buf, 4)); databuf_print(&buf, 1, "after databuf_advance(%d", 4); assert(databuf_compress(&buf)); databuf_print(&buf, 1, "after compress"); size = 5; data = make_data(size, "b"); assert(databuf_append(&buf, data, size)); free(data); databuf_print(&buf, 1, "after append size=%d", size); size = 7; data = make_data(size, "c"); assert(databuf_append(&buf, data, size)); free(data); databuf_print(&buf, 1, "after append size=%d", size); databuf_free(&buf); #endif exit(0); }
////////////////////////////////////////////////////////////////////////// // parse_val ////////////////////////////////////////////////////////////////////////// data_ptr parse_val(wstring key, data_map &data) { // quoted string if (key[0] == L'\"') { return make_data(boost::trim_copy_if(key, boost::is_any_of(L"\""))) ; } // check for dotted notation, i.e [foo.bar] size_t index = key.find(L".") ; if (index == wstring::npos) { if (!data.has(key)) { return make_data(L"{$" + key + L"}") ; } return data[key] ; } wstring sub_key = key.substr(0, index) ; if (!data.has(sub_key)) { return make_data(L"{$" + key + L"}") ; } data_ptr item = data[sub_key] ; return parse_val(key.substr(index+1), item->getmap()) ; }
krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp, krb5_key key, krb5_keyusage usage, const krb5_crypto_iov *data, size_t num_data, krb5_data *output) { krb5_keyusage ms_usage; krb5_error_code ret; krb5_keyblock ks, *keyblock; krb5_crypto_iov *hash_iov = NULL, iov; krb5_data ds = empty_data(), hashval = empty_data(); char t[4]; if (key == NULL || key->keyblock.length > ctp->hash->blocksize) return KRB5_BAD_ENCTYPE; if (ctp->ctype == CKSUMTYPE_HMAC_MD5_ARCFOUR) { /* Compute HMAC(key, "signaturekey\0") to get the signing key ks. */ ret = alloc_data(&ds, ctp->hash->hashsize); if (ret != 0) goto cleanup; iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data = make_data("signaturekey", 13); ret = krb5int_hmac(ctp->hash, key, &iov, 1, &ds); if (ret) goto cleanup; ks.length = key->keyblock.length; ks.contents = (krb5_octet *) ds.data; keyblock = &ks; } else /* For md5-hmac, just use the key. */ keyblock = &key->keyblock; /* Compute the MD5 value of the input. */ ms_usage = krb5int_arcfour_translate_usage(usage); store_32_le(ms_usage, t); hash_iov = k5alloc((num_data + 1) * sizeof(krb5_crypto_iov), &ret); if (hash_iov == NULL) goto cleanup; hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA; hash_iov[0].data = make_data(t, 4); memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov)); ret = alloc_data(&hashval, ctp->hash->hashsize); if (ret != 0) goto cleanup; ret = ctp->hash->hash(hash_iov, num_data + 1, &hashval); if (ret != 0) goto cleanup; /* Compute HMAC(ks, md5value). */ iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data = hashval; ret = krb5int_hmac_keyblock(ctp->hash, keyblock, &iov, 1, output); cleanup: zapfree(ds.data, ds.length); zapfree(hashval.data, hashval.length); free(hash_iov); return ret; }
krb5_error_code KRB5_CALLCONV krb5_k_decrypt(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data *ivec, const krb5_enc_data *input, krb5_data *output) { const struct krb5_keytypes *ktp; krb5_crypto_iov iov[4]; krb5_error_code ret; unsigned int header_len, trailer_len, plain_len; char *scratch = NULL; ktp = find_enctype(key->keyblock.enctype); if (ktp == NULL) return KRB5_BAD_ENCTYPE; if (input->enctype != ENCTYPE_UNKNOWN && ktp->etype != input->enctype) return KRB5_BAD_ENCTYPE; /* Verify the input and output lengths. */ header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER); trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER); if (input->ciphertext.length < header_len + trailer_len) return KRB5_BAD_MSIZE; plain_len = input->ciphertext.length - header_len - trailer_len; if (output->length < plain_len) return KRB5_BAD_MSIZE; scratch = k5alloc(header_len + trailer_len, &ret); if (scratch == NULL) return ret; iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; iov[0].data = make_data(scratch, header_len); memcpy(iov[0].data.data, input->ciphertext.data, header_len); iov[1].flags = KRB5_CRYPTO_TYPE_DATA; iov[1].data = make_data(output->data, plain_len); memcpy(iov[1].data.data, input->ciphertext.data + header_len, plain_len); /* Use empty padding since tokens don't indicate the padding length. */ iov[2].flags = KRB5_CRYPTO_TYPE_PADDING; iov[2].data = empty_data(); iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER; iov[3].data = make_data(scratch + header_len, trailer_len); memcpy(iov[3].data.data, input->ciphertext.data + header_len + plain_len, trailer_len); ret = ktp->decrypt(ktp, key, usage, ivec, iov, 4); if (ret != 0) zap(output->data, plain_len); else output->length = plain_len; zapfree(scratch, header_len + trailer_len); return ret; }
krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp, krb5_key key, krb5_keyusage usage, const krb5_crypto_iov *data, size_t num_data, const krb5_data *input, krb5_boolean *valid) { krb5_error_code ret; unsigned char *plaintext = NULL; krb5_key xorkey = NULL; krb5_data computed = empty_data(); krb5_crypto_iov *hash_iov = NULL, iov; size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize; plaintext = k5memdup(input->data, input->length, &ret); if (plaintext == NULL) return ret; ret = mk_xorkey(key, &xorkey); if (ret != 0) goto cleanup; /* Decrypt the input checksum. */ iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data = make_data(plaintext, input->length); ret = ctp->enc->decrypt(xorkey, NULL, &iov, 1); if (ret != 0) goto cleanup; /* Hash the confounder, then the input data. */ hash_iov = k5alloc((num_data + 1) * sizeof(krb5_crypto_iov), &ret); if (hash_iov == NULL) goto cleanup; hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA; hash_iov[0].data = make_data(plaintext, blocksize); memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov)); ret = alloc_data(&computed, hashsize); if (ret != 0) goto cleanup; ret = ctp->hash->hash(hash_iov, num_data + 1, &computed); if (ret != 0) goto cleanup; /* Compare the decrypted hash to the computed one. */ *valid = (memcmp(plaintext + blocksize, computed.data, hashsize) == 0); cleanup: zapfree(plaintext, input->length); zapfree(computed.data, hashsize); free(hash_iov); krb5_k_free_key(NULL, xorkey); return ret; }
static void enc() { krb5_key k; krb5_crypto_iov iov; krb5_data cdata = make_data(cipher, 16); iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data = make_data(plain, 16); krb5_k_create_key(NULL, &enc_key, &k); /* cbc-mac is the same as block encryption for a single block. */ krb5int_camellia_cbc_mac(k, &iov, 1, &ivec, &cdata); krb5_k_free_key(NULL, k); }
krb5_error_code KRB5_CALLCONV krb5_k_encrypt(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data *cipher_state, const krb5_data *input, krb5_enc_data *output) { const struct krb5_keytypes *ktp; krb5_crypto_iov iov[4]; krb5_error_code ret; unsigned int header_len, padding_len, trailer_len, total_len; ktp = find_enctype(key->keyblock.enctype); if (ktp == NULL) return KRB5_BAD_ENCTYPE; output->magic = KV5M_ENC_DATA; output->kvno = 0; output->enctype = key->keyblock.enctype; /* Get the lengths of the token parts and compute the total. */ header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER); padding_len = krb5int_c_padding_length(ktp, input->length); trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER); total_len = header_len + input->length + padding_len + trailer_len; if (output->ciphertext.length < total_len) return KRB5_BAD_MSIZE; /* Set up the iov structures for the token parts. */ iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; iov[0].data = make_data(output->ciphertext.data, header_len); iov[1].flags = KRB5_CRYPTO_TYPE_DATA; iov[1].data = make_data(output->ciphertext.data + header_len, input->length); memcpy(iov[1].data.data, input->data, input->length); iov[2].flags = KRB5_CRYPTO_TYPE_PADDING; iov[2].data = make_data(iov[1].data.data + input->length, padding_len); iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER; iov[3].data = make_data(iov[2].data.data + padding_len, trailer_len); ret = ktp->encrypt(ktp, key, usage, cipher_state, iov, 4); if (ret != 0) zap(iov[1].data.data, iov[1].data.length); else output->ciphertext.length = total_len; return ret; }
void RadialInterpolatePoints( const AcGePoint3dArray& datas, AcGePoint3dArray& pts ) { MQ<double> rbf; // RBF as kernel we can use : MQ, IMQ, GAU, TPS, POT Polinomio<double> pol; double c; Matrix<double> A; Vector<double> x, y, f, b, lambda; Vector<double> x_new, y_new, f_new; int n, m; //define the number of nodes n = 10; //define the shape parameter for MQ kernel c = 3.0; //make the 2d data, see 2d-comun.hpp make_data( datas, x, y, f ); n = x.GetSize(); //configure the associate polynomial // pol.make( data_dimension, degree_pol) pol.make( 2 , rbf.get_degree_pol() ); //get the number of elements in the polynomial base m = pol.get_M(); //make aditional data for: Ax=b b.Reallocate( n + m ); b = 0.0; //fill the expanded vector b = [f 0] for( int i = 0; i < n; i++ ) b( i ) = f( i ); //fill the Gramm matrix fill_gram( rbf, pol, c, x, y, A ); //solve the linear system by LU factorization lambda = gauss( A, b ); make_data( pts, x_new, y_new, f_new ); //interpolate the data f_new = interpolate( rbf, pol, c, lambda, x, y, x_new, y_new ); write_back_data( f_new, pts ); }
/* Performs a prompt and saves the response in the out parameter. */ static krb5_error_code doprompt(krb5_context context, krb5_prompter_fct prompter, void *prompter_data, const char *banner, const char *prompttxt, char *out, size_t len) { krb5_prompt prompt; krb5_data prompt_reply; krb5_error_code retval; krb5_prompt_type prompt_type = KRB5_PROMPT_TYPE_PREAUTH; if (prompttxt == NULL || out == NULL) return EINVAL; memset(out, 0, len); prompt_reply = make_data(out, len); prompt.reply = &prompt_reply; prompt.prompt = (char *)prompttxt; prompt.hidden = 1; /* PROMPTER_INVOCATION */ k5_set_prompt_types(context, &prompt_type); retval = (*prompter)(context, prompter_data, NULL, banner, 1, &prompt); k5_set_prompt_types(context, NULL); if (retval != 0) return retval; return 0; }
krb5_error_code krb5int_dk_cmac_prf(const struct krb5_keytypes *ktp, krb5_key key, const krb5_data *in, krb5_data *out) { krb5_crypto_iov iov; krb5_data prfconst = make_data("prf", 3); krb5_key kp = NULL; krb5_error_code ret; if (ktp->prf_length != ktp->enc->block_size) return KRB5_BAD_MSIZE; iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data = *in; /* Derive a key using the PRF constant. */ ret = krb5int_derive_key(ktp->enc, key, &kp, &prfconst, DERIVE_SP800_108_CMAC); if (ret != 0) goto cleanup; /* PRF is CMAC of input */ ret = krb5int_cmac_checksum(ktp->enc, kp, &iov, 1, out); if (ret != 0) goto cleanup; cleanup: krb5_k_free_key(NULL, kp); return ret; }
/* Run one invocation of the callback, unlocking the mutex and possibly the DB * around the invocation. */ static krb5_error_code curs_run_cb(iter_curs *curs, ctx_iterate_cb func, krb5_pointer func_arg) { krb5_db2_context *dbc = curs->dbc; krb5_error_code retval, lockerr; krb5_db_entry *entry; krb5_context ctx = curs->ctx; krb5_data contdata; contdata = make_data(curs->data.data, curs->data.size); retval = krb5_decode_princ_entry(ctx, &contdata, &entry); if (retval) return retval; /* Save libdb key across possible DB closure. */ retval = curs_save(curs); if (retval) return retval; if (dbc->unlockiter) curs_unlock(curs); k5_mutex_unlock(krb5_db2_mutex); retval = (*func)(func_arg, entry); krb5_db2_free(ctx, entry); k5_mutex_lock(krb5_db2_mutex); if (dbc->unlockiter) { lockerr = curs_lock(curs); if (lockerr) return lockerr; } return retval; }
krb5_error_code krb5int_pbkdf2_hmac(const struct krb5_hash_provider *hash, const krb5_data *out, unsigned long count, const krb5_data *pass, const krb5_data *salt) { krb5_keyblock keyblock; char tmp[128]; krb5_data d; krb5_crypto_iov iov; krb5_error_code err; assert(hash->hashsize <= sizeof(tmp)); if (pass->length > hash->blocksize) { d = make_data(tmp, hash->hashsize); iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data = *pass; err = hash->hash(&iov, 1, &d); if (err) return err; keyblock.length = d.length; keyblock.contents = (krb5_octet *) d.data; } else { keyblock.length = pass->length; keyblock.contents = (krb5_octet *) pass->data; } keyblock.enctype = ENCTYPE_NULL; err = pbkdf2(hash, &keyblock, salt, count, out); return err; }
/* Derive encryption and integrity keys for CMAC-using enctypes. */ static krb5_error_code derive_keys(const struct krb5_enc_provider *enc, krb5_key key, krb5_keyusage usage, krb5_key *ke_out, krb5_key *ki_out) { krb5_error_code ret; unsigned char buf[K5CLENGTH]; krb5_data constant = make_data(buf, K5CLENGTH); krb5_key ke, ki; *ke_out = *ki_out = NULL; /* Derive the encryption key. */ store_32_be(usage, buf); buf[4] = 0xAA; ret = krb5int_derive_key(enc, key, &ke, &constant, DERIVE_SP800_108_CMAC); if (ret != 0) return ret; /* Derive the integrity key. */ buf[4] = 0x55; ret = krb5int_derive_key(enc, key, &ki, &constant, DERIVE_SP800_108_CMAC); if (ret != 0) { krb5_k_free_key(NULL, ke); return ret; } *ke_out = ke; *ki_out = ki; return 0; }
/* Derive an encryption key from a usage key and (typically) checksum. */ static krb5_error_code enc_key(const struct krb5_enc_provider *enc, const struct krb5_hash_provider *hash, const krb5_keyblock *usage_keyblock, const krb5_data *checksum, krb5_keyblock *out) { krb5_keyblock *trunc_keyblock = NULL; krb5_data out_data = make_data(out->contents, out->length); krb5_crypto_iov iov; krb5_error_code ret; /* Copy usage_keyblock to trunc_keyblock and truncate if exportable. */ ret = krb5int_c_copy_keyblock(NULL, usage_keyblock, &trunc_keyblock); if (ret != 0) return ret; if (trunc_keyblock->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) memset(trunc_keyblock->contents + 7, 0xab, 9); /* Compute HMAC(trunc_key, checksum) to produce the encryption key. */ iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data = *checksum; ret = krb5int_hmac_keyblock(hash, trunc_keyblock, &iov, 1, &out_data); krb5int_c_free_keyblock(NULL, trunc_keyblock); return ret; }
/* Determines if a pin is required. If it is, it will be prompted for. */ static inline krb5_error_code collect_pin(krb5_context context, krb5_prompter_fct prompter, void *prompter_data, const krb5_otp_tokeninfo *ti, krb5_data *out_pin) { krb5_error_code retval; char otppin[1024]; krb5_flags collect; krb5_data pin; /* If no PIN will be collected, don't prompt. */ collect = ti->flags & (KRB5_OTP_FLAG_COLLECT_PIN | KRB5_OTP_FLAG_SEPARATE_PIN); if (collect == 0) { *out_pin = empty_data(); return 0; } /* Collect the PIN. */ retval = doprompt(context, prompter, prompter_data, NULL, _("OTP Token PIN"), otppin, sizeof(otppin)); if (retval != 0) return retval; /* Set the PIN. */ pin = make_data(strdup(otppin), strlen(otppin)); if (pin.data == NULL) return ENOMEM; *out_pin = pin; return 0; }
static krb5_error_code build_principal_va(krb5_context context, krb5_principal princ, unsigned int rlen, const char *realm, va_list ap) { krb5_error_code retval = 0; char *r = NULL; krb5_data *data = NULL; krb5_int32 count = 0; krb5_int32 size = 2; /* initial guess at needed space */ char *component = NULL; data = malloc(size * sizeof(krb5_data)); if (!data) { retval = ENOMEM; } if (!retval) { r = strdup(realm); if (!r) { retval = ENOMEM; } } while (!retval && (component = va_arg(ap, char *))) { if (count == size) { krb5_data *new_data = NULL; size *= 2; new_data = realloc(data, size * sizeof(krb5_data)); if (new_data) { data = new_data; } else { retval = ENOMEM; } } if (!retval) { data[count].length = strlen(component); data[count].data = strdup(component); if (!data[count].data) { retval = ENOMEM; } count++; } } if (!retval) { princ->type = KRB5_NT_UNKNOWN; princ->magic = KV5M_PRINCIPAL; princ->realm = make_data(r, rlen); princ->data = data; princ->length = count; r = NULL; /* take ownership */ data = NULL; /* take ownership */ } if (data) { while (--count >= 0) { free(data[count].data); } free(data); } free(r); return retval; }
void TokenFor::gettext( std::wostream &stream, data_map &data ) { data_ptr value = parse_val(m_key, data) ; data_list &items = value->getlist() ; for (size_t i = 0 ; i < items.size() ; ++i) { data_map loop ; loop[L"index"] = make_data(boost::lexical_cast<wstring>(i+1)) ; loop[L"index0"] = make_data(boost::lexical_cast<wstring>(i)) ; data[L"loop"] = make_data(loop); data[m_val] = items[i] ; for(size_t j = 0 ; j < m_children.size() ; ++j) { m_children[j]->gettext(stream, data) ; } } }
// add edge (uname,vname,weight) to graph // NOTE: this function does not check for duplicated edge!!! void add_edge(char *uname, char *vname, double weight, graph_t *g) { int uid= add_vertex(uname, g); int vid= add_vertex(vname, g); vertex_t *v; data_t data; // add (v, weight) to adjacency list of u v= g->vs + uid; data= make_data(vid, weight); list_add_end(v->A, data); // add (u, weight) to adjacency list of v (as graph is undirected) v= g->vs + vid; data= make_data(uid, weight); list_add_end(v->A, data); g->m++; }
krb5_error_code krb5int_confounder_checksum(const struct krb5_cksumtypes *ctp, krb5_key key, krb5_keyusage usage, const krb5_crypto_iov *data, size_t num_data, krb5_data *output) { krb5_error_code ret; krb5_data conf, hashval; krb5_key xorkey = NULL; krb5_crypto_iov *hash_iov, iov; size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize; /* Partition the output buffer into confounder and hash. */ conf = make_data(output->data, blocksize); hashval = make_data(output->data + blocksize, hashsize); /* Create the confounder. */ ret = krb5_c_random_make_octets(NULL, &conf); if (ret != 0) return ret; ret = mk_xorkey(key, &xorkey); if (ret) return ret; /* Hash the confounder, then the input data. */ hash_iov = k5alloc((num_data + 1) * sizeof(krb5_crypto_iov), &ret); if (hash_iov == NULL) goto cleanup; hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA; hash_iov[0].data = conf; memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov)); ret = ctp->hash->hash(hash_iov, num_data + 1, &hashval); if (ret != 0) goto cleanup; /* Confounder and hash are in output buffer; encrypt them in place. */ iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data = *output; ret = ctp->enc->encrypt(xorkey, NULL, &iov, 1); cleanup: free(hash_iov); krb5_k_free_key(NULL, xorkey); return ret; }
wstring TokenFor::gettext( data_map &data ) { std::vector<wstring> elements ; data_ptr value = parse_val(m_key, data) ; data_list &items = value->getlist() ; for (size_t i = 0 ; i < items.size() ; ++i) { data[L"loop"] = make_data(boost::lexical_cast<wstring>(i+1)) ; data[L"loop0"] = make_data(boost::lexical_cast<wstring>(i)) ; data[m_val] = items[i] ; for(size_t j = 0 ; j < m_children.size() ; ++j) { elements.push_back(m_children[j]->gettext(data)) ; } } return boost::join(elements, L"") ; }
/* Set the attrset object by decoding the packet. */ static krb5_error_code packet_set_attrset(krb5_context ctx, const char *secret, krad_packet *pkt) { krb5_data tmp; tmp = make_data(pkt_attr(pkt), pkt->pkt.length - OFFSET_ATTR); return kr_attrset_decode(ctx, &tmp, secret, pkt_auth(pkt), &pkt->attrset); }
int main(int argc, char **argv) { #ifdef CAMELLIA krb5_context context = NULL; krb5_keyblock keyblock; krb5_key key; const struct krb5_enc_provider *enc = &krb5int_enc_camellia128; krb5_crypto_iov iov; unsigned char resultbuf[16]; krb5_data result = make_data(resultbuf, 16); /* Create the example key. */ keyblock.magic = KV5M_KEYBLOCK; keyblock.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC; keyblock.length = 16; keyblock.contents = keybytes; assert(krb5_k_create_key(context, &keyblock, &key) == 0); /* Example 1. */ iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data = make_data(input, 0); assert(krb5int_cmac_checksum(enc, key, &iov, 1, &result) == 0); check_result("example 1", resultbuf, cmac1); /* Example 2. */ iov.data.length = 16; assert(krb5int_cmac_checksum(enc, key, &iov, 1, &result) == 0); check_result("example 2", resultbuf, cmac2); /* Example 3. */ iov.data.length = 40; assert(krb5int_cmac_checksum(enc, key, &iov, 1, &result) == 0); check_result("example 3", resultbuf, cmac3); /* Example 4. */ iov.data.length = 64; assert(krb5int_cmac_checksum(enc, key, &iov, 1, &result) == 0); check_result("example 4", resultbuf, cmac4); printf("All CMAC tests passed.\n"); krb5_k_free_key(context, key); #endif /* CAMELLIA */ return 0; }
void query(imgdb::dbSpace* db, unsigned int id, const deleted_t& removed) { fprintf(stderr, "q%d ", id); imgdb::sim_vector res = db->queryImg(imgdb::queryArg(*make_data(id), 8, 0)); bool shouldfail = removed.find(id) != removed.end(); if (shouldfail != (res[0].id != id || res[0].width != 800+id || res[0].height != 600+id || res[0].score < imgdb::ScoreMax * 9 / 10)) { fprintf(stderr, "%s: id=%lld %dx%d %.1f\n", shouldfail ? "FOUND DELETED IMAGE" : "NOT FOUND", (long long) res[0].id, res[0].width, res[0].height, 1.0*res[0].score/imgdb::ScoreMax); throw imgdb::internal_error("Failed!"); } }
static launch_data_t make_data(launch_t conn, size_t *data_offset, size_t *fdoffset) { launch_data_t r = conn->recvbuf + *data_offset; size_t i; if ((conn->recvlen - *data_offset) < sizeof(struct _launch_data)) return NULL; *data_offset += sizeof(struct _launch_data); switch (r->type) { case LAUNCH_DATA_DICTIONARY: case LAUNCH_DATA_ARRAY: if ((conn->recvlen - *data_offset) < (r->_array_cnt * sizeof(launch_data_t))) { errno = EAGAIN; return NULL; } r->_array = conn->recvbuf + *data_offset; *data_offset += r->_array_cnt * sizeof(launch_data_t); for (i = 0; i < r->_array_cnt; i++) { r->_array[i] = make_data(conn, data_offset, fdoffset); if (r->_array[i] == NULL) return NULL; } break; case LAUNCH_DATA_STRING: if ((conn->recvlen - *data_offset) < (r->string_len + 1)) { errno = EAGAIN; return NULL; } r->string = conn->recvbuf + *data_offset; *data_offset += r->string_len + 1; break; case LAUNCH_DATA_OPAQUE: if ((conn->recvlen - *data_offset) < r->opaque_size) { errno = EAGAIN; return NULL; } r->opaque = conn->recvbuf + *data_offset; *data_offset += r->opaque_size; break; case LAUNCH_DATA_FD: r->fd = conn->recvfds[*fdoffset]; *fdoffset += 1; break; case LAUNCH_DATA_INTEGER: case LAUNCH_DATA_REAL: case LAUNCH_DATA_BOOL: break; default: errno = EINVAL; return NULL; break; } return r; }
krb5_error_code kg_arcfour_docrypt(const krb5_keyblock *keyblock, int usage, const unsigned char *kd_data, size_t kd_data_len, const unsigned char *input_buf, size_t input_len, unsigned char *output_buf) { krb5_error_code code; krb5_data kd = make_data((char *) kd_data, kd_data_len); krb5_crypto_iov kiov; krb5int_access kaccess; code = krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION); if (code) return code; memcpy(output_buf, input_buf, input_len); kiov.flags = KRB5_CRYPTO_TYPE_DATA; kiov.data = make_data(output_buf, input_len); return (*kaccess.arcfour_gsscrypt)(keyblock, usage, &kd, &kiov, 1); }
static krb5_error_code test_process(krb5_context context, krb5_clpreauth_moddata moddata, krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt, krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock, krb5_kdc_req *request, krb5_data *encoded_request_body, krb5_data *encoded_previous_request, krb5_pa_data *pa_data, krb5_prompter_fct prompter, void *prompter_data, krb5_pa_data ***out_pa_data) { struct client_state *st = (struct client_state *)moddata; struct client_request_state *reqst = (struct client_request_state *)modreq; krb5_error_code ret; krb5_keyblock *k; krb5_enc_data enc; krb5_data plain; const char *indstr; if (pa_data->length == 0) { /* This is an optimistic preauth test. Send a recognizable padata * value so the KDC knows not to expect a cookie. */ if (st->fail_optimistic) { k5_setmsg(context, KRB5_PREAUTH_FAILED, "induced optimistic fail"); return KRB5_PREAUTH_FAILED; } *out_pa_data = make_pa_list("optimistic", 10); return 0; } else if (reqst->second_round_trip) { printf("2rt: %.*s\n", pa_data->length, pa_data->contents); if (st->fail_2rt) { k5_setmsg(context, KRB5_PREAUTH_FAILED, "induced 2rt fail"); return KRB5_PREAUTH_FAILED; } } else if (pa_data->length == 6 && memcmp(pa_data->contents, "no key", 6) == 0) { printf("no key\n"); } else { /* This fails during s4u_identify_user(), so don't assert. */ ret = cb->get_as_key(context, rock, &k); if (ret) return ret; ret = alloc_data(&plain, pa_data->length); assert(!ret); enc.enctype = k->enctype; enc.ciphertext = make_data(pa_data->contents, pa_data->length); ret = krb5_c_decrypt(context, k, 1024, NULL, &enc, &plain); assert(!ret); printf("%.*s\n", plain.length, plain.data); free(plain.data); } reqst->second_round_trip = TRUE; indstr = (st->indicators != NULL) ? st->indicators : ""; *out_pa_data = make_pa_list(indstr, strlen(indstr)); return 0; }
/* Create a new packet. */ static krad_packet * packet_new() { krad_packet *pkt; pkt = calloc(1, sizeof(krad_packet)); if (pkt == NULL) return NULL; pkt->pkt = make_data(pkt->buffer, sizeof(pkt->buffer)); return pkt; }
static krb5_error_code hmac1(const struct krb5_hash_provider *h, krb5_keyblock *key, krb5_data *in, krb5_data *out) { char tmp[40]; size_t blocksize, hashsize; krb5_error_code err; krb5_key k; krb5_crypto_iov iov; krb5_data d; printk(" test key", key); blocksize = h->blocksize; hashsize = h->hashsize; if (hashsize > sizeof(tmp)) abort(); if (key->length > blocksize) { iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data = make_data(key->contents, key->length); d = make_data(tmp, hashsize); err = h->hash(&iov, 1, &d); if (err) { com_err(whoami, err, "hashing key before calling hmac"); exit(1); } key->length = d.length; key->contents = (krb5_octet *) d.data; printk(" pre-hashed key", key); } printd(" hmac input", in); krb5_k_create_key(NULL, key, &k); iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data = *in; err = krb5int_hmac(h, k, &iov, 1, out); krb5_k_free_key(NULL, k); if (err == 0) printd(" hmac output", out); return err; }
/* Ensure that mcc_hashtab is initialized. Call with krb5int_mcc_mutex * locked. */ static krb5_error_code init_table(krb5_context context) { krb5_error_code ret; uint8_t seed[K5_HASH_SEED_LEN]; krb5_data d = make_data(seed, sizeof(seed)); if (mcc_hashtab != NULL) return 0; ret = krb5_c_random_make_octets(context, &d); if (ret) return ret; return k5_hashtab_create(seed, 64, &mcc_hashtab); }