/* Derive a usage key from a session key and krb5 usage constant. */
static krb5_error_code
usage_key(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
const krb5_keyblock *session_keyblock, krb5_keyusage usage,
krb5_keyblock *out)
{
char salt_buf[14];
unsigned int salt_len;
krb5_data out_data = make_data(out->contents, out->length);
krb5_crypto_iov iov;
krb5_keyusage ms_usage;
/* Generate the salt. */
ms_usage = krb5int_arcfour_translate_usage(usage);
if (session_keyblock->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
memcpy(salt_buf, l40, 10);
store_32_le(ms_usage, salt_buf + 10);
salt_len = 14;
} else {
store_32_le(ms_usage, salt_buf);
salt_len = 4;
}
/* Compute HMAC(key, salt) to produce the usage key. */
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = make_data(salt_buf, salt_len);
return krb5int_hmac_keyblock(hash, session_keyblock, &iov, 1, &out_data);
}
int main(int argc, char **argv)
{
size_t size = 0;
DataBuf buf;
char *data;
assert(databuf_init(&buf, size, DATABUF_FLAG_STRING));
databuf_print(&buf, 1, "after init size=%d", size);
#if 1
data = "a";
assert(databuf_strcat(&buf, data));
databuf_print(&buf, 1, "after strcat(%s)", data);
data = "bb";
assert(databuf_strcat(&buf, data));
databuf_print(&buf, 1, "after strcat(%s)", data);
data = "ccc";
assert(databuf_strcat(&buf, data));
databuf_print(&buf, 1, "after strcat(%s)", data);
#endif
data = databuf_export(&buf);
printf("concatenation=\"%s\"\n", data);
free(data);
#if 0
assert(databuf_init(&buf, size, 0));
databuf_print(&buf, 1, "after init size=%d", size);
size = 8;
data = make_data(size, "a");
assert(databuf_append(&buf, data, size));
databuf_print(&buf, 1, "after append size=%d", size);
assert(databuf_append(&buf, data, size));
free(data);
databuf_print(&buf, 1, "after append size=%d", size);
assert(databuf_advance(&buf, 4));
databuf_print(&buf, 1, "after databuf_advance(%d", 4);
assert(databuf_compress(&buf));
databuf_print(&buf, 1, "after compress");
size = 5;
data = make_data(size, "b");
assert(databuf_append(&buf, data, size));
free(data);
databuf_print(&buf, 1, "after append size=%d", size);
size = 7;
data = make_data(size, "c");
assert(databuf_append(&buf, data, size));
free(data);
databuf_print(&buf, 1, "after append size=%d", size);
databuf_free(&buf);
#endif
exit(0);
}
//////////////////////////////////////////////////////////////////////////
// parse_val
//////////////////////////////////////////////////////////////////////////
data_ptr parse_val(wstring key, data_map &data)
{
// quoted string
if (key[0] == L'\"')
{
return make_data(boost::trim_copy_if(key, boost::is_any_of(L"\""))) ;
}
// check for dotted notation, i.e [foo.bar]
size_t index = key.find(L".") ;
if (index == wstring::npos)
{
if (!data.has(key))
{
return make_data(L"{$" + key + L"}") ;
}
return data[key] ;
}
wstring sub_key = key.substr(0, index) ;
if (!data.has(sub_key))
{
return make_data(L"{$" + key + L"}") ;
}
data_ptr item = data[sub_key] ;
return parse_val(key.substr(index+1), item->getmap()) ;
}
krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
const krb5_crypto_iov *data,
size_t num_data,
krb5_data *output)
{
krb5_keyusage ms_usage;
krb5_error_code ret;
krb5_keyblock ks, *keyblock;
krb5_crypto_iov *hash_iov = NULL, iov;
krb5_data ds = empty_data(), hashval = empty_data();
char t[4];
if (key == NULL || key->keyblock.length > ctp->hash->blocksize)
return KRB5_BAD_ENCTYPE;
if (ctp->ctype == CKSUMTYPE_HMAC_MD5_ARCFOUR) {
/* Compute HMAC(key, "signaturekey\0") to get the signing key ks. */
ret = alloc_data(&ds, ctp->hash->hashsize);
if (ret != 0)
goto cleanup;
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = make_data("signaturekey", 13);
ret = krb5int_hmac(ctp->hash, key, &iov, 1, &ds);
if (ret)
goto cleanup;
ks.length = key->keyblock.length;
ks.contents = (krb5_octet *) ds.data;
keyblock = &ks;
} else /* For md5-hmac, just use the key. */
keyblock = &key->keyblock;
/* Compute the MD5 value of the input. */
ms_usage = krb5int_arcfour_translate_usage(usage);
store_32_le(ms_usage, t);
hash_iov = k5alloc((num_data + 1) * sizeof(krb5_crypto_iov), &ret);
if (hash_iov == NULL)
goto cleanup;
hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
hash_iov[0].data = make_data(t, 4);
memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
ret = alloc_data(&hashval, ctp->hash->hashsize);
if (ret != 0)
goto cleanup;
ret = ctp->hash->hash(hash_iov, num_data + 1, &hashval);
if (ret != 0)
goto cleanup;
/* Compute HMAC(ks, md5value). */
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = hashval;
ret = krb5int_hmac_keyblock(ctp->hash, keyblock, &iov, 1, output);
cleanup:
zapfree(ds.data, ds.length);
zapfree(hashval.data, hashval.length);
free(hash_iov);
return ret;
}
krb5_error_code KRB5_CALLCONV
krb5_k_decrypt(krb5_context context, krb5_key key,
krb5_keyusage usage, const krb5_data *ivec,
const krb5_enc_data *input, krb5_data *output)
{
const struct krb5_keytypes *ktp;
krb5_crypto_iov iov[4];
krb5_error_code ret;
unsigned int header_len, trailer_len, plain_len;
char *scratch = NULL;
ktp = find_enctype(key->keyblock.enctype);
if (ktp == NULL)
return KRB5_BAD_ENCTYPE;
if (input->enctype != ENCTYPE_UNKNOWN && ktp->etype != input->enctype)
return KRB5_BAD_ENCTYPE;
/* Verify the input and output lengths. */
header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
if (input->ciphertext.length < header_len + trailer_len)
return KRB5_BAD_MSIZE;
plain_len = input->ciphertext.length - header_len - trailer_len;
if (output->length < plain_len)
return KRB5_BAD_MSIZE;
scratch = k5alloc(header_len + trailer_len, &ret);
if (scratch == NULL)
return ret;
iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
iov[0].data = make_data(scratch, header_len);
memcpy(iov[0].data.data, input->ciphertext.data, header_len);
iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
iov[1].data = make_data(output->data, plain_len);
memcpy(iov[1].data.data, input->ciphertext.data + header_len, plain_len);
/* Use empty padding since tokens don't indicate the padding length. */
iov[2].flags = KRB5_CRYPTO_TYPE_PADDING;
iov[2].data = empty_data();
iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER;
iov[3].data = make_data(scratch + header_len, trailer_len);
memcpy(iov[3].data.data, input->ciphertext.data + header_len + plain_len,
trailer_len);
ret = ktp->decrypt(ktp, key, usage, ivec, iov, 4);
if (ret != 0)
zap(output->data, plain_len);
else
output->length = plain_len;
zapfree(scratch, header_len + trailer_len);
return ret;
}
krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
const krb5_crypto_iov *data,
size_t num_data,
const krb5_data *input,
krb5_boolean *valid)
{
krb5_error_code ret;
unsigned char *plaintext = NULL;
krb5_key xorkey = NULL;
krb5_data computed = empty_data();
krb5_crypto_iov *hash_iov = NULL, iov;
size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize;
plaintext = k5memdup(input->data, input->length, &ret);
if (plaintext == NULL)
return ret;
ret = mk_xorkey(key, &xorkey);
if (ret != 0)
goto cleanup;
/* Decrypt the input checksum. */
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = make_data(plaintext, input->length);
ret = ctp->enc->decrypt(xorkey, NULL, &iov, 1);
if (ret != 0)
goto cleanup;
/* Hash the confounder, then the input data. */
hash_iov = k5alloc((num_data + 1) * sizeof(krb5_crypto_iov), &ret);
if (hash_iov == NULL)
goto cleanup;
hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
hash_iov[0].data = make_data(plaintext, blocksize);
memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
ret = alloc_data(&computed, hashsize);
if (ret != 0)
goto cleanup;
ret = ctp->hash->hash(hash_iov, num_data + 1, &computed);
if (ret != 0)
goto cleanup;
/* Compare the decrypted hash to the computed one. */
*valid = (memcmp(plaintext + blocksize, computed.data, hashsize) == 0);
cleanup:
zapfree(plaintext, input->length);
zapfree(computed.data, hashsize);
free(hash_iov);
krb5_k_free_key(NULL, xorkey);
return ret;
}
static void enc()
{
krb5_key k;
krb5_crypto_iov iov;
krb5_data cdata = make_data(cipher, 16);
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = make_data(plain, 16);
krb5_k_create_key(NULL, &enc_key, &k);
/* cbc-mac is the same as block encryption for a single block. */
krb5int_camellia_cbc_mac(k, &iov, 1, &ivec, &cdata);
krb5_k_free_key(NULL, k);
}
krb5_error_code KRB5_CALLCONV
krb5_k_encrypt(krb5_context context, krb5_key key,
krb5_keyusage usage, const krb5_data *cipher_state,
const krb5_data *input, krb5_enc_data *output)
{
const struct krb5_keytypes *ktp;
krb5_crypto_iov iov[4];
krb5_error_code ret;
unsigned int header_len, padding_len, trailer_len, total_len;
ktp = find_enctype(key->keyblock.enctype);
if (ktp == NULL)
return KRB5_BAD_ENCTYPE;
output->magic = KV5M_ENC_DATA;
output->kvno = 0;
output->enctype = key->keyblock.enctype;
/* Get the lengths of the token parts and compute the total. */
header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
padding_len = krb5int_c_padding_length(ktp, input->length);
trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
total_len = header_len + input->length + padding_len + trailer_len;
if (output->ciphertext.length < total_len)
return KRB5_BAD_MSIZE;
/* Set up the iov structures for the token parts. */
iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
iov[0].data = make_data(output->ciphertext.data, header_len);
iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
iov[1].data = make_data(output->ciphertext.data + header_len,
input->length);
memcpy(iov[1].data.data, input->data, input->length);
iov[2].flags = KRB5_CRYPTO_TYPE_PADDING;
iov[2].data = make_data(iov[1].data.data + input->length, padding_len);
iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER;
iov[3].data = make_data(iov[2].data.data + padding_len, trailer_len);
ret = ktp->encrypt(ktp, key, usage, cipher_state, iov, 4);
if (ret != 0)
zap(iov[1].data.data, iov[1].data.length);
else
output->ciphertext.length = total_len;
return ret;
}
void RadialInterpolatePoints( const AcGePoint3dArray& datas, AcGePoint3dArray& pts )
{
MQ<double> rbf; // RBF as kernel we can use : MQ, IMQ, GAU, TPS, POT
Polinomio<double> pol;
double c;
Matrix<double> A;
Vector<double> x, y, f, b, lambda;
Vector<double> x_new, y_new, f_new;
int n, m;
//define the number of nodes
n = 10;
//define the shape parameter for MQ kernel
c = 3.0;
//make the 2d data, see 2d-comun.hpp
make_data( datas, x, y, f );
n = x.GetSize();
//configure the associate polynomial
// pol.make( data_dimension, degree_pol)
pol.make( 2 , rbf.get_degree_pol() );
//get the number of elements in the polynomial base
m = pol.get_M();
//make aditional data for: Ax=b
b.Reallocate( n + m );
b = 0.0;
//fill the expanded vector b = [f 0]
for( int i = 0; i < n; i++ )
b( i ) = f( i );
//fill the Gramm matrix
fill_gram( rbf, pol, c, x, y, A );
//solve the linear system by LU factorization
lambda = gauss( A, b );
make_data( pts, x_new, y_new, f_new );
//interpolate the data
f_new = interpolate( rbf, pol, c, lambda, x, y, x_new, y_new );
write_back_data( f_new, pts );
}
/* Performs a prompt and saves the response in the out parameter. */
static krb5_error_code
doprompt(krb5_context context, krb5_prompter_fct prompter, void *prompter_data,
const char *banner, const char *prompttxt, char *out, size_t len)
{
krb5_prompt prompt;
krb5_data prompt_reply;
krb5_error_code retval;
krb5_prompt_type prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
if (prompttxt == NULL || out == NULL)
return EINVAL;
memset(out, 0, len);
prompt_reply = make_data(out, len);
prompt.reply = &prompt_reply;
prompt.prompt = (char *)prompttxt;
prompt.hidden = 1;
/* PROMPTER_INVOCATION */
k5_set_prompt_types(context, &prompt_type);
retval = (*prompter)(context, prompter_data, NULL, banner, 1, &prompt);
k5_set_prompt_types(context, NULL);
if (retval != 0)
return retval;
return 0;
}
krb5_error_code
krb5int_dk_cmac_prf(const struct krb5_keytypes *ktp, krb5_key key,
const krb5_data *in, krb5_data *out)
{
krb5_crypto_iov iov;
krb5_data prfconst = make_data("prf", 3);
krb5_key kp = NULL;
krb5_error_code ret;
if (ktp->prf_length != ktp->enc->block_size)
return KRB5_BAD_MSIZE;
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = *in;
/* Derive a key using the PRF constant. */
ret = krb5int_derive_key(ktp->enc, key, &kp, &prfconst,
DERIVE_SP800_108_CMAC);
if (ret != 0)
goto cleanup;
/* PRF is CMAC of input */
ret = krb5int_cmac_checksum(ktp->enc, kp, &iov, 1, out);
if (ret != 0)
goto cleanup;
cleanup:
krb5_k_free_key(NULL, kp);
return ret;
}
/* Run one invocation of the callback, unlocking the mutex and possibly the DB
* around the invocation. */
static krb5_error_code
curs_run_cb(iter_curs *curs, ctx_iterate_cb func, krb5_pointer func_arg)
{
krb5_db2_context *dbc = curs->dbc;
krb5_error_code retval, lockerr;
krb5_db_entry *entry;
krb5_context ctx = curs->ctx;
krb5_data contdata;
contdata = make_data(curs->data.data, curs->data.size);
retval = krb5_decode_princ_entry(ctx, &contdata, &entry);
if (retval)
return retval;
/* Save libdb key across possible DB closure. */
retval = curs_save(curs);
if (retval)
return retval;
if (dbc->unlockiter)
curs_unlock(curs);
k5_mutex_unlock(krb5_db2_mutex);
retval = (*func)(func_arg, entry);
krb5_db2_free(ctx, entry);
k5_mutex_lock(krb5_db2_mutex);
if (dbc->unlockiter) {
lockerr = curs_lock(curs);
if (lockerr)
return lockerr;
}
return retval;
}
krb5_error_code
krb5int_pbkdf2_hmac(const struct krb5_hash_provider *hash,
const krb5_data *out, unsigned long count,
const krb5_data *pass, const krb5_data *salt)
{
krb5_keyblock keyblock;
char tmp[128];
krb5_data d;
krb5_crypto_iov iov;
krb5_error_code err;
assert(hash->hashsize <= sizeof(tmp));
if (pass->length > hash->blocksize) {
d = make_data(tmp, hash->hashsize);
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = *pass;
err = hash->hash(&iov, 1, &d);
if (err)
return err;
keyblock.length = d.length;
keyblock.contents = (krb5_octet *) d.data;
} else {
keyblock.length = pass->length;
keyblock.contents = (krb5_octet *) pass->data;
}
keyblock.enctype = ENCTYPE_NULL;
err = pbkdf2(hash, &keyblock, salt, count, out);
return err;
}
/* Derive encryption and integrity keys for CMAC-using enctypes. */
static krb5_error_code
derive_keys(const struct krb5_enc_provider *enc, krb5_key key,
krb5_keyusage usage, krb5_key *ke_out, krb5_key *ki_out)
{
krb5_error_code ret;
unsigned char buf[K5CLENGTH];
krb5_data constant = make_data(buf, K5CLENGTH);
krb5_key ke, ki;
*ke_out = *ki_out = NULL;
/* Derive the encryption key. */
store_32_be(usage, buf);
buf[4] = 0xAA;
ret = krb5int_derive_key(enc, key, &ke, &constant, DERIVE_SP800_108_CMAC);
if (ret != 0)
return ret;
/* Derive the integrity key. */
buf[4] = 0x55;
ret = krb5int_derive_key(enc, key, &ki, &constant, DERIVE_SP800_108_CMAC);
if (ret != 0) {
krb5_k_free_key(NULL, ke);
return ret;
}
*ke_out = ke;
*ki_out = ki;
return 0;
}
/* Derive an encryption key from a usage key and (typically) checksum. */
static krb5_error_code
enc_key(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
const krb5_keyblock *usage_keyblock, const krb5_data *checksum,
krb5_keyblock *out)
{
krb5_keyblock *trunc_keyblock = NULL;
krb5_data out_data = make_data(out->contents, out->length);
krb5_crypto_iov iov;
krb5_error_code ret;
/* Copy usage_keyblock to trunc_keyblock and truncate if exportable. */
ret = krb5int_c_copy_keyblock(NULL, usage_keyblock, &trunc_keyblock);
if (ret != 0)
return ret;
if (trunc_keyblock->enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
memset(trunc_keyblock->contents + 7, 0xab, 9);
/* Compute HMAC(trunc_key, checksum) to produce the encryption key. */
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = *checksum;
ret = krb5int_hmac_keyblock(hash, trunc_keyblock, &iov, 1, &out_data);
krb5int_c_free_keyblock(NULL, trunc_keyblock);
return ret;
}
/* Determines if a pin is required. If it is, it will be prompted for. */
static inline krb5_error_code
collect_pin(krb5_context context, krb5_prompter_fct prompter,
void *prompter_data, const krb5_otp_tokeninfo *ti,
krb5_data *out_pin)
{
krb5_error_code retval;
char otppin[1024];
krb5_flags collect;
krb5_data pin;
/* If no PIN will be collected, don't prompt. */
collect = ti->flags & (KRB5_OTP_FLAG_COLLECT_PIN |
KRB5_OTP_FLAG_SEPARATE_PIN);
if (collect == 0) {
*out_pin = empty_data();
return 0;
}
/* Collect the PIN. */
retval = doprompt(context, prompter, prompter_data, NULL,
_("OTP Token PIN"), otppin, sizeof(otppin));
if (retval != 0)
return retval;
/* Set the PIN. */
pin = make_data(strdup(otppin), strlen(otppin));
if (pin.data == NULL)
return ENOMEM;
*out_pin = pin;
return 0;
}
static krb5_error_code
build_principal_va(krb5_context context, krb5_principal princ,
unsigned int rlen, const char *realm, va_list ap)
{
krb5_error_code retval = 0;
char *r = NULL;
krb5_data *data = NULL;
krb5_int32 count = 0;
krb5_int32 size = 2; /* initial guess at needed space */
char *component = NULL;
data = malloc(size * sizeof(krb5_data));
if (!data) { retval = ENOMEM; }
if (!retval) {
r = strdup(realm);
if (!r) { retval = ENOMEM; }
}
while (!retval && (component = va_arg(ap, char *))) {
if (count == size) {
krb5_data *new_data = NULL;
size *= 2;
new_data = realloc(data, size * sizeof(krb5_data));
if (new_data) {
data = new_data;
} else {
retval = ENOMEM;
}
}
if (!retval) {
data[count].length = strlen(component);
data[count].data = strdup(component);
if (!data[count].data) { retval = ENOMEM; }
count++;
}
}
if (!retval) {
princ->type = KRB5_NT_UNKNOWN;
princ->magic = KV5M_PRINCIPAL;
princ->realm = make_data(r, rlen);
princ->data = data;
princ->length = count;
r = NULL; /* take ownership */
data = NULL; /* take ownership */
}
if (data) {
while (--count >= 0) {
free(data[count].data);
}
free(data);
}
free(r);
return retval;
}
void TokenFor::gettext( std::wostream &stream, data_map &data )
{
data_ptr value = parse_val(m_key, data) ;
data_list &items = value->getlist() ;
for (size_t i = 0 ; i < items.size() ; ++i)
{
data_map loop ;
loop[L"index"] = make_data(boost::lexical_cast<wstring>(i+1)) ;
loop[L"index0"] = make_data(boost::lexical_cast<wstring>(i)) ;
data[L"loop"] = make_data(loop);
data[m_val] = items[i] ;
for(size_t j = 0 ; j < m_children.size() ; ++j)
{
m_children[j]->gettext(stream, data) ;
}
}
}
// add edge (uname,vname,weight) to graph
// NOTE: this function does not check for duplicated edge!!!
void add_edge(char *uname, char *vname, double weight, graph_t *g) {
int uid= add_vertex(uname, g);
int vid= add_vertex(vname, g);
vertex_t *v;
data_t data;
// add (v, weight) to adjacency list of u
v= g->vs + uid;
data= make_data(vid, weight);
list_add_end(v->A, data);
// add (u, weight) to adjacency list of v (as graph is undirected)
v= g->vs + vid;
data= make_data(uid, weight);
list_add_end(v->A, data);
g->m++;
}
krb5_error_code
krb5int_confounder_checksum(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
const krb5_crypto_iov *data, size_t num_data,
krb5_data *output)
{
krb5_error_code ret;
krb5_data conf, hashval;
krb5_key xorkey = NULL;
krb5_crypto_iov *hash_iov, iov;
size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize;
/* Partition the output buffer into confounder and hash. */
conf = make_data(output->data, blocksize);
hashval = make_data(output->data + blocksize, hashsize);
/* Create the confounder. */
ret = krb5_c_random_make_octets(NULL, &conf);
if (ret != 0)
return ret;
ret = mk_xorkey(key, &xorkey);
if (ret)
return ret;
/* Hash the confounder, then the input data. */
hash_iov = k5alloc((num_data + 1) * sizeof(krb5_crypto_iov), &ret);
if (hash_iov == NULL)
goto cleanup;
hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
hash_iov[0].data = conf;
memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
ret = ctp->hash->hash(hash_iov, num_data + 1, &hashval);
if (ret != 0)
goto cleanup;
/* Confounder and hash are in output buffer; encrypt them in place. */
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = *output;
ret = ctp->enc->encrypt(xorkey, NULL, &iov, 1);
cleanup:
free(hash_iov);
krb5_k_free_key(NULL, xorkey);
return ret;
}
wstring TokenFor::gettext( data_map &data )
{
std::vector<wstring> elements ;
data_ptr value = parse_val(m_key, data) ;
data_list &items = value->getlist() ;
for (size_t i = 0 ; i < items.size() ; ++i)
{
data[L"loop"] = make_data(boost::lexical_cast<wstring>(i+1)) ;
data[L"loop0"] = make_data(boost::lexical_cast<wstring>(i)) ;
data[m_val] = items[i] ;
for(size_t j = 0 ; j < m_children.size() ; ++j)
{
elements.push_back(m_children[j]->gettext(data)) ;
}
}
return boost::join(elements, L"") ;
}
/* Set the attrset object by decoding the packet. */
static krb5_error_code
packet_set_attrset(krb5_context ctx, const char *secret, krad_packet *pkt)
{
krb5_data tmp;
tmp = make_data(pkt_attr(pkt), pkt->pkt.length - OFFSET_ATTR);
return kr_attrset_decode(ctx, &tmp, secret, pkt_auth(pkt), &pkt->attrset);
}
int
main(int argc, char **argv)
{
#ifdef CAMELLIA
krb5_context context = NULL;
krb5_keyblock keyblock;
krb5_key key;
const struct krb5_enc_provider *enc = &krb5int_enc_camellia128;
krb5_crypto_iov iov;
unsigned char resultbuf[16];
krb5_data result = make_data(resultbuf, 16);
/* Create the example key. */
keyblock.magic = KV5M_KEYBLOCK;
keyblock.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC;
keyblock.length = 16;
keyblock.contents = keybytes;
assert(krb5_k_create_key(context, &keyblock, &key) == 0);
/* Example 1. */
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = make_data(input, 0);
assert(krb5int_cmac_checksum(enc, key, &iov, 1, &result) == 0);
check_result("example 1", resultbuf, cmac1);
/* Example 2. */
iov.data.length = 16;
assert(krb5int_cmac_checksum(enc, key, &iov, 1, &result) == 0);
check_result("example 2", resultbuf, cmac2);
/* Example 3. */
iov.data.length = 40;
assert(krb5int_cmac_checksum(enc, key, &iov, 1, &result) == 0);
check_result("example 3", resultbuf, cmac3);
/* Example 4. */
iov.data.length = 64;
assert(krb5int_cmac_checksum(enc, key, &iov, 1, &result) == 0);
check_result("example 4", resultbuf, cmac4);
printf("All CMAC tests passed.\n");
krb5_k_free_key(context, key);
#endif /* CAMELLIA */
return 0;
}
void query(imgdb::dbSpace* db, unsigned int id, const deleted_t& removed) {
fprintf(stderr, "q%d ", id);
imgdb::sim_vector res = db->queryImg(imgdb::queryArg(*make_data(id), 8, 0));
bool shouldfail = removed.find(id) != removed.end();
if (shouldfail != (res[0].id != id || res[0].width != 800+id || res[0].height != 600+id || res[0].score < imgdb::ScoreMax * 9 / 10)) {
fprintf(stderr, "%s: id=%lld %dx%d %.1f\n", shouldfail ? "FOUND DELETED IMAGE" : "NOT FOUND", (long long) res[0].id, res[0].width, res[0].height, 1.0*res[0].score/imgdb::ScoreMax);
throw imgdb::internal_error("Failed!");
}
}
static launch_data_t make_data(launch_t conn, size_t *data_offset, size_t *fdoffset)
{
launch_data_t r = conn->recvbuf + *data_offset;
size_t i;
if ((conn->recvlen - *data_offset) < sizeof(struct _launch_data))
return NULL;
*data_offset += sizeof(struct _launch_data);
switch (r->type) {
case LAUNCH_DATA_DICTIONARY:
case LAUNCH_DATA_ARRAY:
if ((conn->recvlen - *data_offset) < (r->_array_cnt * sizeof(launch_data_t))) {
errno = EAGAIN;
return NULL;
}
r->_array = conn->recvbuf + *data_offset;
*data_offset += r->_array_cnt * sizeof(launch_data_t);
for (i = 0; i < r->_array_cnt; i++) {
r->_array[i] = make_data(conn, data_offset, fdoffset);
if (r->_array[i] == NULL)
return NULL;
}
break;
case LAUNCH_DATA_STRING:
if ((conn->recvlen - *data_offset) < (r->string_len + 1)) {
errno = EAGAIN;
return NULL;
}
r->string = conn->recvbuf + *data_offset;
*data_offset += r->string_len + 1;
break;
case LAUNCH_DATA_OPAQUE:
if ((conn->recvlen - *data_offset) < r->opaque_size) {
errno = EAGAIN;
return NULL;
}
r->opaque = conn->recvbuf + *data_offset;
*data_offset += r->opaque_size;
break;
case LAUNCH_DATA_FD:
r->fd = conn->recvfds[*fdoffset];
*fdoffset += 1;
break;
case LAUNCH_DATA_INTEGER:
case LAUNCH_DATA_REAL:
case LAUNCH_DATA_BOOL:
break;
default:
errno = EINVAL;
return NULL;
break;
}
return r;
}
krb5_error_code
kg_arcfour_docrypt(const krb5_keyblock *keyblock, int usage,
const unsigned char *kd_data, size_t kd_data_len,
const unsigned char *input_buf, size_t input_len,
unsigned char *output_buf)
{
krb5_error_code code;
krb5_data kd = make_data((char *) kd_data, kd_data_len);
krb5_crypto_iov kiov;
krb5int_access kaccess;
code = krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION);
if (code)
return code;
memcpy(output_buf, input_buf, input_len);
kiov.flags = KRB5_CRYPTO_TYPE_DATA;
kiov.data = make_data(output_buf, input_len);
return (*kaccess.arcfour_gsscrypt)(keyblock, usage, &kd, &kiov, 1);
}
static krb5_error_code
test_process(krb5_context context, krb5_clpreauth_moddata moddata,
krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
krb5_kdc_req *request, krb5_data *encoded_request_body,
krb5_data *encoded_previous_request, krb5_pa_data *pa_data,
krb5_prompter_fct prompter, void *prompter_data,
krb5_pa_data ***out_pa_data)
{
struct client_state *st = (struct client_state *)moddata;
struct client_request_state *reqst = (struct client_request_state *)modreq;
krb5_error_code ret;
krb5_keyblock *k;
krb5_enc_data enc;
krb5_data plain;
const char *indstr;
if (pa_data->length == 0) {
/* This is an optimistic preauth test. Send a recognizable padata
* value so the KDC knows not to expect a cookie. */
if (st->fail_optimistic) {
k5_setmsg(context, KRB5_PREAUTH_FAILED, "induced optimistic fail");
return KRB5_PREAUTH_FAILED;
}
*out_pa_data = make_pa_list("optimistic", 10);
return 0;
} else if (reqst->second_round_trip) {
printf("2rt: %.*s\n", pa_data->length, pa_data->contents);
if (st->fail_2rt) {
k5_setmsg(context, KRB5_PREAUTH_FAILED, "induced 2rt fail");
return KRB5_PREAUTH_FAILED;
}
} else if (pa_data->length == 6 &&
memcmp(pa_data->contents, "no key", 6) == 0) {
printf("no key\n");
} else {
/* This fails during s4u_identify_user(), so don't assert. */
ret = cb->get_as_key(context, rock, &k);
if (ret)
return ret;
ret = alloc_data(&plain, pa_data->length);
assert(!ret);
enc.enctype = k->enctype;
enc.ciphertext = make_data(pa_data->contents, pa_data->length);
ret = krb5_c_decrypt(context, k, 1024, NULL, &enc, &plain);
assert(!ret);
printf("%.*s\n", plain.length, plain.data);
free(plain.data);
}
reqst->second_round_trip = TRUE;
indstr = (st->indicators != NULL) ? st->indicators : "";
*out_pa_data = make_pa_list(indstr, strlen(indstr));
return 0;
}
/* Create a new packet. */
static krad_packet *
packet_new()
{
krad_packet *pkt;
pkt = calloc(1, sizeof(krad_packet));
if (pkt == NULL)
return NULL;
pkt->pkt = make_data(pkt->buffer, sizeof(pkt->buffer));
return pkt;
}
static krb5_error_code hmac1(const struct krb5_hash_provider *h,
krb5_keyblock *key,
krb5_data *in, krb5_data *out)
{
char tmp[40];
size_t blocksize, hashsize;
krb5_error_code err;
krb5_key k;
krb5_crypto_iov iov;
krb5_data d;
printk(" test key", key);
blocksize = h->blocksize;
hashsize = h->hashsize;
if (hashsize > sizeof(tmp))
abort();
if (key->length > blocksize) {
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = make_data(key->contents, key->length);
d = make_data(tmp, hashsize);
err = h->hash(&iov, 1, &d);
if (err) {
com_err(whoami, err, "hashing key before calling hmac");
exit(1);
}
key->length = d.length;
key->contents = (krb5_octet *) d.data;
printk(" pre-hashed key", key);
}
printd(" hmac input", in);
krb5_k_create_key(NULL, key, &k);
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = *in;
err = krb5int_hmac(h, k, &iov, 1, out);
krb5_k_free_key(NULL, k);
if (err == 0)
printd(" hmac output", out);
return err;
}
/* Ensure that mcc_hashtab is initialized. Call with krb5int_mcc_mutex
* locked. */
static krb5_error_code
init_table(krb5_context context)
{
krb5_error_code ret;
uint8_t seed[K5_HASH_SEED_LEN];
krb5_data d = make_data(seed, sizeof(seed));
if (mcc_hashtab != NULL)
return 0;
ret = krb5_c_random_make_octets(context, &d);
if (ret)
return ret;
return k5_hashtab_create(seed, 64, &mcc_hashtab);
}
