int
generate_challenge(char **r_challenge, char **r_response, RSA * rsa)
{
unsigned char secret[32], *tmp;
unsigned long length, ret;
if(!rsa)
return -1;
if(get_randomness(secret, 32) == 0)
{
report_crypto_errors();
return -1;
}
*r_response = MyMalloc(65);
binary_to_hex(secret, *r_response, 32);
length = RSA_size(rsa);
tmp = MyMalloc(length);
ret = RSA_public_encrypt(32, secret, tmp, rsa, RSA_PKCS1_PADDING);
*r_challenge = MyMalloc((length << 1) + 1);
binary_to_hex(tmp, *r_challenge, length);
(*r_challenge)[length << 1] = 0;
MyFree(tmp);
if(ret < 0)
{
report_crypto_errors();
return (-1);
}
return (0);
}
static bool verify_credentials(struct cram_auth_request *request,
const unsigned char *credentials, size_t size)
{
unsigned char digest[MD5_RESULTLEN];
struct hmac_context ctx;
const char *response_hex;
if (size != CRAM_MD5_CONTEXTLEN) {
auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
"invalid credentials length");
return FALSE;
}
hmac_init(&ctx, NULL, 0, &hash_method_md5);
hmac_md5_set_cram_context(&ctx, credentials);
hmac_update(&ctx, request->challenge, strlen(request->challenge));
hmac_final(&ctx, digest);
response_hex = binary_to_hex(digest, sizeof(digest));
if (memcmp(response_hex, request->response, sizeof(digest)*2) != 0) {
auth_request_log_info(&request->auth_request, AUTH_SUBSYS_MECH,
"password mismatch");
return FALSE;
}
return TRUE;
}
static int imapc_mail_get_hdr_hash(struct index_mail *imail)
{
struct istream *input;
const unsigned char *data;
size_t size;
uoff_t old_offset;
struct sha1_ctxt sha1_ctx;
unsigned char sha1_output[SHA1_RESULTLEN];
const char *sha1_str;
sha1_init(&sha1_ctx);
old_offset = imail->data.stream == NULL ? 0 :
imail->data.stream->v_offset;
if (mail_get_hdr_stream(&imail->mail.mail, NULL, &input) < 0)
return -1;
while (i_stream_read_data(input, &data, &size, 0) > 0) {
sha1_loop(&sha1_ctx, data, size);
i_stream_skip(input, size);
}
i_stream_seek(imail->data.stream, old_offset);
sha1_result(&sha1_ctx, sha1_output);
sha1_str = binary_to_hex(sha1_output, sizeof(sha1_output));
imail->data.guid = p_strdup(imail->mail.data_pool, sha1_str);
return 0;
}
static
void test_static_v1_input_short(void)
{
ssize_t siz;
const struct hash_method *hash = hash_method_lookup("sha256");
unsigned char hash_ctx[hash->context_size];
unsigned char hash_dgst[hash->digest_size];
hash->init(hash_ctx);
test_begin("test_static_v1_input_short");
struct istream *is_1 = i_stream_create_file(DCRYPT_SRC_DIR"/sample-v1_short.asc", IO_BLOCK_SIZE);
struct istream *is_2 = i_stream_create_base64_decoder(is_1);
i_stream_unref(&is_1);
struct istream *is_3 = i_stream_create_decrypt(is_2, test_v1_kp.priv);
i_stream_unref(&is_2);
struct istream *is_4 = i_stream_create_hash(is_3, hash, hash_ctx);
i_stream_unref(&is_3);
while((siz = i_stream_read(is_4))>0) { i_stream_skip(is_4, siz); }
if (is_4->stream_errno != 0)
i_debug("error: %s", i_stream_get_error(is_4));
test_assert(is_4->stream_errno == 0);
i_stream_unref(&is_4);
hash->result(hash_ctx, hash_dgst);
test_assert(strcmp(test_sample_v1_short_hash, binary_to_hex(hash_dgst, sizeof(hash_dgst))) == 0);
test_end();
}
bool password_generate_encoded(const char *plaintext, const struct password_generate_params *params,
const char *scheme, const char **password_r)
{
const struct password_scheme *s;
const unsigned char *raw_password;
enum password_encoding encoding;
string_t *str;
size_t size;
s = password_scheme_lookup(scheme, &encoding);
if (s == NULL)
return FALSE;
s->password_generate(plaintext, params, &raw_password, &size);
switch (encoding) {
case PW_ENCODING_NONE:
*password_r = t_strndup(raw_password, size);
break;
case PW_ENCODING_BASE64:
str = t_str_new(MAX_BASE64_ENCODED_SIZE(size) + 1);
base64_encode(raw_password, size, str);
*password_r = str_c(str);
break;
case PW_ENCODING_HEX:
*password_r = binary_to_hex(raw_password, size);
break;
}
return TRUE;
}
/*******************************************************************-o-******
* dump_chunk
*
* Parameters:
* *title (May be NULL.)
* *buf
* size
*/
void
dump_chunk(const char *debugtoken, const char *title, const u_char * buf,
int size)
{
u_int printunit = 64; /* XXX Make global. */
char chunk[SNMP_MAXBUF], *s, *sp;
if (title && (*title != '\0')) {
DEBUGMSGTL((debugtoken, "%s\n", title));
}
memset(chunk, 0, SNMP_MAXBUF);
size = binary_to_hex(buf, size, &s);
sp = s;
while (size > 0) {
if (size > (int) printunit) {
strncpy(chunk, sp, printunit);
chunk[printunit] = '\0';
DEBUGMSGTL((debugtoken, "\t%s\n", chunk));
} else {
DEBUGMSGTL((debugtoken, "\t%s\n", sp));
}
sp += printunit;
size -= printunit;
}
SNMP_FREE(s);
} /* end dump_chunk() */
static ssize_t i_stream_base64_decoder_read(struct istream_private *stream)
{
struct base64_decoder_istream *bstream =
(struct base64_decoder_istream *)stream;
const unsigned char *data;
size_t pre_count, post_count, size;
int ret;
do {
ret = i_stream_read_parent(stream);
if (ret <= 0) {
if (ret < 0 && stream->istream.stream_errno == 0 &&
i_stream_get_data_size(stream->parent) > 0) {
/* base64 input with a partial block */
data = i_stream_get_data(stream->parent, &size);
io_stream_set_error(&stream->iostream,
"base64 input ends with a partial block: 0x%s",
binary_to_hex(data, size));
stream->istream.stream_errno = EINVAL;
}
return ret;
}
/* encode as many blocks as fits into destination buffer */
pre_count = stream->pos - stream->skip;
while ((ret = i_stream_base64_try_decode_block(bstream)) > 0) ;
post_count = stream->pos - stream->skip;
} while (ret == 0 && pre_count == post_count);
if (ret < 0 && pre_count == post_count)
return ret;
i_assert(post_count > pre_count);
return post_count - pre_count;
}
/*******************************************************************-o-******
* dump_etimelist_entry
*
* Parameters:
* e
* count
*/
void
dump_etimelist_entry(Enginetime e, int count)
{
u_int buflen;
char tabs[SNMP_MAXBUF], *t = tabs, *s;
count += 1;
while (count--) {
t += sprintf(t, " ");
}
buflen = e->engineID_len;
#ifdef NETSNMP_ENABLE_TESTING_CODE
if (!(s = dump_snmpEngineID(e->engineID, &buflen))) {
#endif
binary_to_hex(e->engineID, e->engineID_len, &s);
#ifdef NETSNMP_ENABLE_TESTING_CODE
}
#endif
DEBUGMSGTL(("dump_etimelist", "%s\n", tabs));
DEBUGMSGTL(("dump_etimelist", "%s%s (len=%d) <%d,%d>\n", tabs,
s, e->engineID_len, e->engineTime, e->engineBoot));
DEBUGMSGTL(("dump_etimelist", "%s%ld (%ld)", tabs,
e->lastReceivedEngineTime,
snmpv3_local_snmpEngineTime() - e->lastReceivedEngineTime));
SNMP_FREE(s);
} /* end dump_etimelist_entry() */
int dsync_mail_get_hdr_hash(struct mail *mail, const char **hdr_hash_r)
{
struct istream *hdr_input, *input;
struct mailbox_header_lookup_ctx *hdr_ctx;
struct md5_context md5_ctx;
unsigned char md5_result[MD5_RESULTLEN];
const unsigned char *data;
size_t size;
int ret = 0;
hdr_ctx = mailbox_header_lookup_init(mail->box, hashed_headers);
ret = mail_get_header_stream(mail, hdr_ctx, &hdr_input);
mailbox_header_lookup_unref(&hdr_ctx);
if (ret < 0)
return -1;
input = i_stream_create_lf(hdr_input);
md5_init(&md5_ctx);
while (!i_stream_is_eof(input)) {
if (i_stream_read_data(input, &data, &size, 0) == -1)
break;
if (size == 0)
break;
md5_update(&md5_ctx, data, size);
i_stream_skip(input, size);
}
if (input->stream_errno != 0)
ret = -1;
i_stream_unref(&input);
md5_final(&md5_ctx, md5_result);
*hdr_hash_r = binary_to_hex(md5_result, sizeof(md5_result));
return ret;
}
int
main(int argc, char **argv)
{
FILE *kfile;
RSA *rsa = NULL;
char ndata[257], ddata[257];
/* respond privatefile challenge */
if (argc < 3)
{
puts("Usage: respond privatefile challenge [passphrase]");
return 0;
}
if (argc == 4)
{
/* This is TOTALLY insecure and not recommended, but for
** interfacing with irc client scripts, it's either this
** or don't use a passphrase.
**
** The likelihood of a passphrase leaking isn't TOO great,
** only ps auxww will show it, and even then, only at the
** precise moment this is called.
*/
insecure_mode = 1;
pass_param = argv[3];
}
if (!(kfile = fopen(argv[1], "r")))
{
puts("Could not open the private keyfile.");
return 0;
}
SSLeay_add_all_ciphers();
rsa = PEM_read_RSAPrivateKey(kfile, NULL,pass_cb, NULL);
if(!rsa)
{
puts("Unable to read your private key, is the passphrase wrong?");
return 0;
}
fclose(kfile);
if (hex_to_binary(argv[2], ndata, 128) != 128)
{
puts("Bad challenge.");
return -1;
}
if (RSA_private_decrypt(128, (unsigned char*)ndata,
(unsigned char*)ddata, rsa, RSA_PKCS1_PADDING) == -1)
{
puts("Decryption error.");
return -1;
}
binary_to_hex((unsigned char*)ddata, ndata, 32);
puts(ndata);
return 0;
}
static const char *unique_fname(void)
{
unsigned char randbuf[8];
random_fill_weak(randbuf, sizeof(randbuf));
return t_strdup_printf("%s.%s.%s", my_hostname, my_pid,
binary_to_hex(randbuf, sizeof(randbuf)));
}
static
void test_static_v2_input(void)
{
test_begin("test_static_v2_input");
ssize_t amt;
const struct hash_method *hash = hash_method_lookup("sha256");
unsigned char hash_ctx[hash->context_size];
unsigned char hash_dgst[hash->digest_size];
hash->init(hash_ctx);
struct istream *is_1 = i_stream_create_file(DCRYPT_SRC_DIR"/sample-v2.asc", IO_BLOCK_SIZE);
struct istream *is_2 = i_stream_create_base64_decoder(is_1);
i_stream_unref(&is_1);
struct istream *is_3 = i_stream_create_decrypt(is_2, test_v2_kp.priv);
i_stream_unref(&is_2);
struct istream *is_4 = i_stream_create_hash(is_3, hash, hash_ctx);
i_stream_unref(&is_3);
while((amt = i_stream_read(is_4))>0) { i_stream_skip(is_4, amt); }
if (is_4->stream_errno != 0)
i_debug("error: %s", i_stream_get_error(is_4));
test_assert(is_4->stream_errno == 0);
i_stream_unref(&is_4);
hash->result(hash_ctx, hash_dgst);
test_assert(strcmp(test_sample_v2_hash, binary_to_hex(hash_dgst, sizeof(hash_dgst))) == 0);
test_end();
/** this code is left here to show how the sample file is created
struct istream *is = i_stream_create_file("../lib-fts/udhr_fra.txt", 8192);
struct istream *is_2 = i_stream_create_hash(is, hash, hash_ctx);
int fd = open("sample-v2.bin", O_CREAT|O_TRUNC|O_WRONLY, S_IRWXU);
struct ostream *os = o_stream_create_fd_file(fd, 0, TRUE);
struct ostream *os_2 = o_stream_create_encrypt(os, "aes-256-gcm-sha256", test_v2_kp.pub, IO_STREAM_ENC_INTEGRITY_AEAD);
const unsigned char *ptr;
size_t siz;
while(i_stream_read_data(is_2, &ptr, &siz, 0)>0) {
o_stream_nsend(os_2, ptr, siz);
i_stream_skip(is_2, siz);
}
i_assert(o_stream_nfinish(os_2)==0);
o_stream_close(os_2);
i_stream_close(is_2);
hash->result(hash_ctx, hash_dgst);
printf("%s\n", binary_to_hex(hash_dgst, sizeof(hash_dgst)));
*/
}
safe_mkstemp_full(string_t *prefix, mode_t mode, uid_t uid, gid_t gid,
const char *gid_origin)
{
size_t prefix_len;
struct stat st;
unsigned char randbuf[8];
mode_t old_umask;
int fd;
prefix_len = str_len(prefix);
for (;;) {
do {
random_fill_weak(randbuf, sizeof(randbuf));
str_truncate(prefix, prefix_len);
str_append(prefix,
binary_to_hex(randbuf, sizeof(randbuf)));
} while (lstat(str_c(prefix), &st) == 0);
if (errno != ENOENT) {
i_error("stat(%s) failed: %m", str_c(prefix));
str_truncate(prefix, prefix_len);
return -1;
}
old_umask = umask(0666 ^ mode);
fd = open(str_c(prefix), O_RDWR | O_EXCL | O_CREAT, 0666);
umask(old_umask);
if (fd != -1)
break;
if (errno != EEXIST) {
if (errno != ENOENT && errno != EACCES)
i_error("open(%s) failed: %m", str_c(prefix));
str_truncate(prefix, prefix_len);
return -1;
}
}
if (uid == (uid_t)-1 && gid == (gid_t)-1)
return fd;
if (fchown(fd, uid, gid) < 0) {
if (errno == EPERM) {
i_error("%s", eperm_error_get_chgrp("fchown",
str_c(prefix), gid, gid_origin));
} else {
i_error("fchown(%s, %ld, %ld) failed: %m",
str_c(prefix),
uid == (uid_t)-1 ? -1L : (long)uid,
gid == (gid_t)-1 ? -1L : (long)gid);
}
i_close_fd(&fd);
(void)unlink(str_c(prefix));
return -1;
}
return fd;
}
/*******************************************************************-o-******
* test_genKu
*
* Returns:
* Number of failures.
*
*
* Test generation of usmUser master key from a passphrase.
*
* ASSUMES Passphrase is made of printable characters!
*/
int
test_genKu(void)
{
int rval = SNMPERR_SUCCESS,
failcount = 0,
properlength = BYTESIZE(SNMP_TRANS_AUTHLEN_HMACMD5), kulen;
char *hashname = "usmHMACMD5AuthProtocol.", *s;
u_char Ku[LOCAL_MAXBUF];
oid *hashtype = usmHMACMD5AuthProtocol;
OUTPUT("Test of generate_Ku --");
/*
* Set passphrase.
*/
if (!passphrase) {
passphrase = PASSPHRASE_DEFAULT;
}
if (!bequiet)
fprintf(stdout, "Passphrase%s:\n\t%s\n\n",
(passphrase == PASSPHRASE_DEFAULT) ? " (default)" : "",
passphrase);
test_genKu_again:
memset(Ku, 0, LOCAL_MAXBUF);
kulen = LOCAL_MAXBUF;
rval = generate_Ku(hashtype, USM_LENGTH_OID_TRANSFORM,
passphrase, strlen(passphrase), Ku, &kulen);
FAILED(rval, "generate_Ku().");
if (kulen != properlength) {
FAILED(SNMPERR_GENERR, "Ku length is wrong for this hashtype.");
}
binary_to_hex(Ku, kulen, &s);
if (!bequiet)
fprintf(stdout, "Ku (len=%d): %s\n", kulen, s);
free_zero(s, kulen);
SUCCESS(hashname);
if (!bequiet)
fprintf(stdout, "\n");
if (hashtype == usmHMACMD5AuthProtocol) {
hashtype = usmHMACSHA1AuthProtocol;
hashname = "usmHMACSHA1AuthProtocol.";
properlength = BYTESIZE(SNMP_TRANS_AUTHLEN_HMACSHA1);
goto test_genKu_again;
}
return failcount;
} /* end test_genKu() */
/*
* log CSV version of trap.
* dontcare param is there so this function can be passed directly
* to CONTAINER_FOR_EACH.
*/
static void
_sql_log(sql_buf *sqlb, void* dontcare)
{
netsnmp_iterator *it;
sql_vb_buf *sqlvb;
if ((NULL == sqlb) || sqlb->logged)
return;
/*
* log trap info
* nothing done to protect against data insertion attacks with
* respect to bad data (commas, newlines, etc)
*/
snmp_log(LOG_ERR,
"trap:%d-%d-%d %d:%d:%d,%s,%d,%d,%d,%s,%s,%d,%d,%d,%s,%s,%s,%s\n",
sqlb->time.year,sqlb->time.month,sqlb->time.day,
sqlb->time.hour,sqlb->time.minute,sqlb->time.second,
sqlb->user,
sqlb->type, sqlb->version, sqlb->reqid, sqlb->oid,
sqlb->transport, sqlb->security_model, sqlb->msgid,
sqlb->security_level, sqlb->context,
sqlb->context_engine, sqlb->security_name,
sqlb->security_engine);
sqlb->logged = 1; /* prevent multiple logging */
it = CONTAINER_ITERATOR(sqlb->varbinds);
if (NULL == it) {
snmp_log(LOG_ERR,
"error creating iterator; incomplete trap logged\n");
return;
}
/** log varbind info */
for( sqlvb = ITERATOR_FIRST(it); sqlvb; sqlvb = ITERATOR_NEXT(it)) {
#ifdef NETSNMP_MYSQL_TRAP_VALUE_TEXT
snmp_log(LOG_ERR,"varbind:%s,%s\n", sqlvb->oid, sqlvb->val);
#else
char *hex;
int len = binary_to_hex(sqlvb->val, sqlvb->val_len, &hex);
if (hex) {
snmp_log(LOG_ERR,"varbind:%d,%s,%s\n", sqlvb->oid, hex);
free(hex);
}
else {
snmp_log(LOG_ERR,"malloc failed for varbind hex value\n");
snmp_log(LOG_ERR,"varbind:%s,\n", sqlvb->oid);
}
#endif
}
ITERATOR_RELEASE(it);
}
static void test_foo(void)
{
buffer_t *buf = buffer_create_dynamic(default_pool, 100);
for (int i = 1; i <= 24; i++) {
buffer_set_used_size(buf, 0);
buffer_append_c(buf, 0xff);
buffer_append_c(buf, 0xff);
buffer_append_c(buf, 0xff);
buffer_truncate_rshift_bits(buf, i);
printf("%2d bits: %24s %s\n", i,
binary_to_hex(buf->data, buf->used),
binary_to_10(buf->data, buf->used));
}
}
//==============================================================================
void USB_Device::bulk_write(uint8_t endpoint, size_t count, const uint8_t data[])
{
log_info("usb, bulk write, count: %u, data: %s", count,
binary_to_hex(data, count, " ").c_str());
int transferred = 0;
endpoint |= LIBUSB_ENDPOINT_OUT;
ssize_t result = libusb_bulk_transfer(handle_, endpoint, const_cast<uint8_t*>(data), count,
&transferred, timeout_);
if (result < 0)
on_error("libusb_bulk_transfer (out)", result);
if ((int)count != transferred)
on_timeout_error("libusb_bulk_transfer (out)", count, transferred);
}
//==============================================================================
void USB_Device::bulk_read(uint8_t endpoint, size_t count, uint8_t data[])
{
int transferred = 0;
endpoint |= LIBUSB_ENDPOINT_IN;
ssize_t result = libusb_bulk_transfer(handle_, endpoint, data, count,
&transferred, timeout_);
log_info("usb, bulk read, count %u: data: %s",
count, binary_to_hex(data, transferred, " ").c_str());
if (result < 0)
on_error("libusb_bulk_transfer (in)", result);
if ((int)count != transferred)
on_timeout_error("libusb_bulk_transfer (in)", count, transferred);
}
const char *auth_token_get(const char *service, const char *session_pid,
const char *username, const char *session_id)
{
struct hmac_context ctx;
unsigned char result[SHA1_RESULTLEN];
hmac_init(&ctx, (const unsigned char*)username, strlen(username),
&hash_method_sha1);
hmac_update(&ctx, session_pid, strlen(session_pid));
if (session_id != NULL && *session_id != '\0')
hmac_update(&ctx, session_id, strlen(session_id));
hmac_update(&ctx, service, strlen(service));
hmac_update(&ctx, auth_token_secret, sizeof(auth_token_secret));
hmac_final(&ctx, result);
return binary_to_hex(result, sizeof(result));
}
//==============================================================================
void USB_Device::control_read(uint8_t bmRequestType, uint8_t bRequest, uint16_t wValue,
uint16_t wIndex, uint8_t data[], size_t count)
{
bmRequestType |= LIBUSB_ENDPOINT_IN;
log_info("usb, control read, request_type: %02Xh, request: %02Xh, value: %04Xh, index: %04Xh, count: %u",
bmRequestType, bRequest, wValue, wIndex, count);
ssize_t result = libusb_control_transfer(handle_, bmRequestType, bRequest,
wValue, wIndex, data, count, timeout_);
if (result < 0)
on_error("libusb_control_transfer (in)", result);
if (count && (ssize_t)count != result)
on_timeout_error("libusb_control_transfer (in)", count, result);
log_info("usb, control read, data: %s", binary_to_hex(data, count, " ").c_str());
}
static int
i_stream_qp_try_decode_input(struct qp_decoder_istream *bstream, bool eof)
{
struct istream_private *stream = &bstream->istream;
const unsigned char *data;
size_t size, avail, buffer_avail, pos;
buffer_t buf;
int ret;
data = i_stream_get_data(stream->parent, &size);
if (size == 0)
return 0;
/* normally the decoded quoted-printable content can't be larger than
the encoded content, but because we always use CRLFs, it may use
twice as much space by only converting LFs to CRLFs. */
i_stream_try_alloc(stream, size, &avail);
buffer_avail = stream->buffer_size - stream->pos;
if (size > buffer_avail/2) {
/* can't fit everything to destination buffer.
write as much as we can. */
size = buffer_avail/2;
if (size == 0)
return -2;
}
buffer_create_from_data(&buf, stream->w_buffer + stream->pos,
buffer_avail);
ret = !eof ? quoted_printable_decode(data, size, &pos, &buf) :
quoted_printable_decode_final(data, size, &pos, &buf);
if (ret < 0) {
io_stream_set_error(&stream->iostream,
"Invalid quoted-printable data: 0x%s",
binary_to_hex(data+pos, I_MAX(size-pos, 8)));
stream->istream.stream_errno = EINVAL;
return -1;
}
stream->pos += buf.used;
i_stream_skip(stream->parent, pos);
return pos > 0 ? 1 : 0;
}
static ssize_t i_stream_qp_decoder_read(struct istream_private *stream)
{
struct qp_decoder_istream *bstream =
(struct qp_decoder_istream *)stream;
const unsigned char *data;
size_t pre_count, post_count, size;
int ret;
size_t prev_size = 0;
do {
ret = i_stream_read_parent(stream, &prev_size);
if (ret <= 0) {
if (ret != -1 || stream->istream.stream_errno != 0)
return 0;
ret = i_stream_qp_try_decode_input(bstream, TRUE);
if (ret == 0) {
/* ended with =[whitespace] but without LF */
stream->istream.eof = TRUE;
return -1;
}
/* partial qp input */
i_assert(ret < 0);
data = i_stream_get_data(stream->parent, &size);
io_stream_set_error(&stream->iostream,
"quoted-printable input ends with a partial block: 0x%s",
binary_to_hex(data, size));
stream->istream.stream_errno = EINVAL;
return -1;
}
/* encode as much data as fits into destination buffer */
pre_count = stream->pos - stream->skip;
while ((ret = i_stream_qp_try_decode_input(bstream, FALSE)) > 0) ;
post_count = stream->pos - stream->skip;
} while (ret == 0 && pre_count == post_count);
if (ret < 0)
return ret;
i_assert(post_count > pre_count);
return post_count - pre_count;
}
//==============================================================================
void CC_UnitDriver::read_xdata_memory(uint16_t address, size_t count, ByteVector &data)
{
log_info("programmer, read xdata memory at %04Xh, count: %u", address, count);
uint8_t header[] = {
0x40, 0x55, 0x00, 0x72, 0x56, 0xE5, 0x92, 0xBE, 0x57, 0x75,
0x92, 0x00, 0x74, 0x56, 0xE5, 0x83, 0x76, 0x56, 0xE5, 0x82
};
uint8_t footer[] = { 0xD4, 0x57, 0x90, 0xC2, 0x57, 0x75, 0x92, 0x90, 0x56, 0x74 };
uint8_t load_dtpr[] = { 0xBE, 0x57, 0x90, 0x00, 0x00 };
uint8_t mov_a_dtpr[] = { 0x4E, 0x55, 0xE0 };
uint8_t inc_dtpr[] = { 0x5E, 0x55, 0xA3 };
ByteVector command;
vector_append(command, header, sizeof(header));
load_dtpr[sizeof(load_dtpr) - 1] = address;
load_dtpr[sizeof(load_dtpr) - 2] = address >> 8;
vector_append(command, load_dtpr, sizeof(load_dtpr));
for (size_t i = 0; i < count; i++)
{
if (i == (count - 1) || !((i + 1) % 64))
mov_a_dtpr[0] |= 1;
else
mov_a_dtpr[0] &= ~1;
vector_append(command, mov_a_dtpr, sizeof(mov_a_dtpr));
vector_append(command, inc_dtpr, sizeof(inc_dtpr));
}
vector_append(command, footer, sizeof(footer));
data.resize(count);
usb_device_.bulk_write(endpoint_out_, command.size(), &command[0]);
usb_device_.bulk_read(endpoint_in_, count, &data[0]);
log_info("programmer, read xdata memory, data: %s", binary_to_hex(&data[0], count, " ").c_str());
}
static int
hardlink_replace(const char *src, const char *dest, ino_t src_inode)
{
const char *p, *destdir, *tmppath;
unsigned char randbuf[8];
struct stat st;
p = strrchr(dest, '/');
i_assert(p != NULL);
destdir = t_strdup_until(dest, p);
random_fill_weak(randbuf, sizeof(randbuf));
tmppath = t_strdup_printf("%s/temp.%s.%s.%s",
destdir, my_hostname, my_pid,
binary_to_hex(randbuf, sizeof(randbuf)));
if (link(src, tmppath) < 0) {
if (errno == EMLINK)
return 0;
i_error("link(%s, %s) failed: %m", src, tmppath);
return -1;
}
if (stat(tmppath, &st) < 0) {
i_error("stat(%s) failed: %m", tmppath);
return -1;
}
if (st.st_ino != src_inode) {
if (unlink(tmppath) < 0)
i_error("unlink(%s) failed: %m", tmppath);
return 0;
}
if (rename(tmppath, dest) < 0) {
i_error("rename(%s, %s) failed: %m", src, tmppath);
if (unlink(tmppath) < 0)
i_error("unlink(%s) failed: %m", tmppath);
return -1;
}
return 1;
}
static void test_binary_to_hex(void)
{
static unsigned char input[] = { 0xff, 0x00, 0x01, 0xb3 };
static char *output_lcase = "ff0001b3";
static char *output_ucase = "FF0001B3";
string_t *str;
test_begin("binary to hex");
test_assert(strcmp(binary_to_hex(input, sizeof(input)), output_lcase) == 0);
test_end();
test_begin("binary to hex ucase");
test_assert(strcmp(binary_to_hex_ucase(input, sizeof(input)), output_ucase) == 0);
test_end();
test_begin("binary to hex ucase");
str = t_str_new(32);
str_append_c(str, '<');
binary_to_hex_append(str, input, sizeof(input));
str_append_c(str, '>');
test_assert(strcmp(str_c(str), t_strconcat("<", output_lcase, ">", NULL)) == 0);
test_end();
}
static int
i_stream_base64_try_decode_block(struct base64_decoder_istream *bstream)
{
struct istream_private *stream = &bstream->istream;
const unsigned char *data;
size_t size, avail, buffer_avail, pos;
buffer_t buf;
data = i_stream_get_data(stream->parent, &size);
if (size == 0)
return 0;
i_stream_try_alloc(stream, (size+3)/4*3, &avail);
buffer_avail = stream->buffer_size - stream->pos;
if ((size + 3) / 4 * 3 > buffer_avail) {
/* can't fit everything to destination buffer.
write as much as we can. */
size = (buffer_avail / 3) * 4;
if (size == 0)
return -2;
}
buffer_create_from_data(&buf, stream->w_buffer + stream->pos,
buffer_avail);
if (base64_decode(data, size, &pos, &buf) < 0) {
io_stream_set_error(&stream->iostream,
"Invalid base64 data: 0x%s",
binary_to_hex(data+pos, I_MIN(size-pos, 8)));
stream->istream.stream_errno = EINVAL;
return -1;
}
stream->pos += buf.used;
i_stream_skip(stream->parent, pos);
return pos > 0 ? 1 : 0;
}
_SCAPI_NOT_CONFIGURED
#endif /* */
/*******************************************************************-o-******
* sc_generate_keyed_hash
*
* Parameters:
* authtype Type of authentication transform.
* authtypelen
* *key Pointer to key (Kul) to use in keyed hash.
* keylen Length of key in bytes.
* *message Pointer to the message to hash.
* msglen Length of the message.
* *MAC Will be returned with allocated bytes containg hash.
* *maclen Length of the hash buffer in bytes; also indicates
* whether the MAC should be truncated.
*
* Returns:
* SNMPERR_SUCCESS Success.
* SNMPERR_GENERR All errs
*
*
* A hash of the first msglen bytes of message using a keyed hash defined
* by authtype is created and stored in MAC. MAC is ASSUMED to be a buffer
* of at least maclen bytes. If the length of the hash is greater than
* maclen, it is truncated to fit the buffer. If the length of the hash is
* less than maclen, maclen set to the number of hash bytes generated.
*
* ASSUMED that the number of hash bits is a multiple of 8.
*/
int
sc_generate_keyed_hash( oid *authtype, size_t authtypelen,
u_char *key, u_int keylen,
u_char *message, u_int msglen,
u_char *MAC, size_t *maclen)
#if defined(USE_INTERNAL_MD5) || defined(USE_OPENSSL)
{
int rval = SNMPERR_SUCCESS;
int properlength;
u_char buf[SNMP_MAXBUF_SMALL];
#if defined(USE_OPENSSL)
int buf_len = sizeof(buf);
u_char *bufp = buf;
#endif
DEBUGTRACE;
#ifdef SNMP_TESTING_CODE
{
int i;
DEBUGMSG(("sc_generate_keyed_hash", "sc_generate_keyed_hash(): key=0x"));
for(i=0; i< keylen; i++)
DEBUGMSG(("sc_generate_keyed_hash", "%02x", key[i] & 0xff));
DEBUGMSG(("sc_generate_keyed_hash"," (%d)\n", keylen));
}
#endif /* SNMP_TESTING_CODE */
/*
* Sanity check.
*/
if ( !authtype || !key || !message || !MAC || !maclen
|| (keylen<=0) || (msglen<=0) || (*maclen<=0)
|| (authtypelen != USM_LENGTH_OID_TRANSFORM) )
{
QUITFUN(SNMPERR_GENERR, sc_generate_keyed_hash_quit);
}
properlength = sc_get_properlength(authtype, authtypelen);
if (properlength == SNMPERR_GENERR)
return properlength;
if ( ((int)keylen < properlength) ) {
QUITFUN(SNMPERR_GENERR, sc_generate_keyed_hash_quit);
}
#ifdef USE_OPENSSL
/*
* Determine transform type.
*/
if (ISTRANSFORM(authtype, HMACMD5Auth))
HMAC(EVP_md5(), key, keylen, message, msglen,
buf, &buf_len);
else if (ISTRANSFORM(authtype, HMACSHA1Auth))
HMAC(EVP_sha1(), key, keylen, message, msglen,
buf, &buf_len);
else {
QUITFUN(SNMPERR_GENERR, sc_generate_keyed_hash_quit);
}
if (buf_len != properlength) {
QUITFUN(rval, sc_generate_keyed_hash_quit);
}
if (*maclen > buf_len)
*maclen = buf_len;
memcpy(MAC, buf, *maclen);
#else
if ((int)*maclen > properlength)
*maclen = properlength;
if (MDsign(message, msglen, MAC, *maclen, key, keylen)) {
rval = SNMPERR_GENERR;
goto sc_generate_keyed_hash_quit;
}
#endif /* USE_OPENSSL */
#ifdef SNMP_TESTING_CODE
{
char *s;
int len = binary_to_hex(MAC, *maclen, &s);
DEBUGMSGTL(("scapi","Full v3 message hash: %s\n", s));
SNMP_ZERO(s, len);
SNMP_FREE(s);
}
#endif
sc_generate_keyed_hash_quit:
SNMP_ZERO(buf, SNMP_MAXBUF_SMALL);
return rval;
} /* end sc_generate_keyed_hash() */
/*******************************************************************-o-******
*/
int
main(int argc, char **argv)
{
int rval = SNMPERR_SUCCESS;
size_t oldKu_len = SNMP_MAXBUF_SMALL,
newKu_len = SNMP_MAXBUF_SMALL,
oldkul_len = SNMP_MAXBUF_SMALL,
newkul_len = SNMP_MAXBUF_SMALL,
keychange_len = SNMP_MAXBUF_SMALL;
char *s = NULL;
u_char oldKu[SNMP_MAXBUF_SMALL],
newKu[SNMP_MAXBUF_SMALL],
oldkul[SNMP_MAXBUF_SMALL],
newkul[SNMP_MAXBUF_SMALL],
keychange[SNMP_MAXBUF_SMALL];
int i;
int arg = 1;
local_progname = argv[0];
/*
* Parse.
*/
for(; (arg < argc) && (argv[arg][0] == '-') ; arg++){
switch(argv[arg][1]){
case 'D': snmp_set_do_debugging(1); break;
case 'E': engineid = (u_char *)argv[++arg]; break;
case 'f': forcepassphrase = 1; break;
case 'N': newpass = argv[++arg]; break;
case 'O': oldpass = argv[++arg]; break;
case 'P': promptindicator = 0; break;
case 't': transform_type_input = argv[++arg]; break;
case 'v': verbose = 1; break;
case 'V': visible = 1; break;
case 'h':
rval = 0;
default:
usage_to_file(stdout);
exit(rval);
}
}
if ( !transform_type_input ) {
fprintf(stderr, "The -t option is mandatory.\n");
usage_synopsis(stdout);
exit(1000);
}
/*
* Convert and error check transform_type.
*/
if ( !strcmp(transform_type_input, "md5") ) {
transform_type = usmHMACMD5AuthProtocol;
} else if ( !strcmp(transform_type_input, "sha1") ) {
transform_type = usmHMACSHA1AuthProtocol;
} else {
fprintf(stderr,
"Unrecognized hash transform: \"%s\".\n",
transform_type_input);
usage_synopsis(stderr);
QUITFUN(rval = SNMPERR_GENERR, main_quit);
}
if (verbose) {
fprintf(stderr, "Hash:\t\t%s\n",
(transform_type == usmHMACMD5AuthProtocol)
? "usmHMACMD5AuthProtocol"
: "usmHMACSHA1AuthProtocol"
);
}
/*
* Build engineID. Accept hex engineID as the bits
* "in-and-of-themselves", otherwise create an engineID with the
* given string as text.
*
* If no engineID is given, lookup the first IP address for the
* localhost and use that (see setup_engineID()).
*/
if ( engineid && (tolower(*(engineid+1)) == 'x') ) {
engineid_len = hex_to_binary2( engineid+2,
strlen((char *)engineid)-2,
(char **) &engineid);
DEBUGMSGTL(("encode_keychange","engineIDLen: %d\n", engineid_len));
} else {
engineid_len = setup_engineID(&engineid, (char *)engineid);
}
#ifdef SNMP_TESTING_CODE
if (verbose) {
fprintf(stderr, "EngineID:\t%s\n",
/* XXX = */ dump_snmpEngineID(engineid, &engineid_len));
}
#endif
/*
* Get passphrases from user.
*/
rval = get_user_passphrases();
QUITFUN(rval, main_quit);
if ( strlen(oldpass) < USM_LENGTH_P_MIN ) {
fprintf(stderr, "Old passphrase must be greater than %d "
"characters in length.\n",
USM_LENGTH_P_MIN);
QUITFUN(rval = SNMPERR_GENERR, main_quit);
} else if ( strlen(newpass) < USM_LENGTH_P_MIN ) {
fprintf(stderr, "New passphrase must be greater than %d "
"characters in length.\n",
USM_LENGTH_P_MIN);
QUITFUN(rval = SNMPERR_GENERR, main_quit);
}
if (verbose) {
fprintf(stderr,
"Old passphrase:\t%s\nNew passphrase:\t%s\n",
oldpass, newpass);
}
/*
* Compute Ku and Kul's from old and new passphrases, then
* compute the keychange string & print it out.
*/
rval = sc_init();
QUITFUN(rval, main_quit);
rval = generate_Ku( transform_type, USM_LENGTH_OID_TRANSFORM,
(u_char *)oldpass, strlen(oldpass),
oldKu, &oldKu_len);
QUITFUN(rval, main_quit);
rval = generate_Ku( transform_type, USM_LENGTH_OID_TRANSFORM,
(u_char *)newpass, strlen(newpass),
newKu, &newKu_len);
QUITFUN(rval, main_quit);
DEBUGMSGTL(("encode_keychange", "EID (%d): ", engineid_len));
for(i=0; i < (int)engineid_len; i++)
DEBUGMSGTL(("encode_keychange", "%02x",(int) (engineid[i])));
DEBUGMSGTL(("encode_keychange","\n"));
DEBUGMSGTL(("encode_keychange", "old Ku (%d) (from %s): ", oldKu_len, oldpass));
for(i=0; i < (int)oldKu_len; i++)
DEBUGMSGTL(("encode_keychange", "%02x",(int) (oldKu[i])));
DEBUGMSGTL(("encode_keychange","\n"));
rval = generate_kul( transform_type, USM_LENGTH_OID_TRANSFORM,
engineid, engineid_len,
oldKu, oldKu_len,
oldkul, &oldkul_len);
QUITFUN(rval, main_quit);
DEBUGMSGTL(("encode_keychange", "generating old Kul (%d) (from Ku): ", oldkul_len));
for(i=0; i < (int)oldkul_len; i++)
DEBUGMSGTL(("encode_keychange", "%02x",(int) (oldkul[i])));
DEBUGMSGTL(("encode_keychange","\n"));
rval = generate_kul( transform_type, USM_LENGTH_OID_TRANSFORM,
engineid, engineid_len,
newKu, newKu_len,
newkul, &newkul_len);
QUITFUN(rval, main_quit);
DEBUGMSGTL(("encode_keychange", "generating new Kul (%d) (from Ku): ", oldkul_len));
for(i=0; i < (int)newkul_len; i++)
DEBUGMSGTL(("encode_keychange", "%02x",newkul[i]));
DEBUGMSGTL(("encode_keychange","\n"));
rval = encode_keychange(transform_type, USM_LENGTH_OID_TRANSFORM,
oldkul, oldkul_len,
newkul, newkul_len,
keychange, &keychange_len);
QUITFUN(rval, main_quit);
binary_to_hex(keychange, keychange_len, &s);
printf("%s%s\n",
(verbose) ? "KeyChange string:\t" : "", /* XXX stdout */
s);
/*
* Cleanup.
*/
main_quit:
snmp_call_callbacks(SNMP_CALLBACK_LIBRARY, SNMP_CALLBACK_SHUTDOWN,
NULL);
SNMP_ZERO(oldpass, strlen(oldpass));
SNMP_ZERO(newpass, strlen(newpass));
SNMP_ZERO(oldKu, oldKu_len);
SNMP_ZERO(newKu, newKu_len);
SNMP_ZERO(oldkul, oldkul_len);
SNMP_ZERO(newkul, newkul_len);
SNMP_ZERO(s, strlen(s));
return rval;
} /* end main() */
/*******************************************************************-o-******
* test_dokeyedhash
*
* Returns:
* Number of failures.
*
*
* Test keyed hashes with a variety of MAC length requests.
*
*
* NOTE Both tests intentionally use the same secret
*
* FIX Get input or output from some other package which hashes...
* XXX Could cut this in half with a little indirection...
*/
int
test_dokeyedhash(void)
{
int rval = SNMPERR_SUCCESS, failcount = 0, bigstring_len = strlen(BIGSTRING), secret_len = strlen(BIGSECRET), properlength, mlcount = 0, /* MAC Length count. */
hblen; /* Hash Buffer length. */
u_int hashbuf_len[MLCOUNT_MAX] = {
LOCAL_MAXBUF,
BYTESIZE(SNMP_TRANS_AUTHLEN_HMACSHA1),
BYTESIZE(SNMP_TRANS_AUTHLEN_HMACMD5),
BYTESIZE(SNMP_TRANS_AUTHLEN_HMAC96),
7,
0,
};
u_char hashbuf[LOCAL_MAXBUF];
char *s;
test_dokeyedhash_again:
OUTPUT("Keyed hash test using MD5 --");
memset(hashbuf, 0, LOCAL_MAXBUF);
hblen = hashbuf_len[mlcount];
properlength = BYTESIZE(SNMP_TRANS_AUTHLEN_HMACMD5);
rval =
sc_generate_keyed_hash(usmHMACMD5AuthProtocol,
USM_LENGTH_OID_TRANSFORM, BIGSECRET,
secret_len, BIGSTRING, bigstring_len,
hashbuf, &hblen);
FAILED(rval, "sc_generate_keyed_hash().");
if (hashbuf_len[mlcount] > properlength) {
if (hblen != properlength) {
FAILED(SNMPERR_GENERR, "Wrong MD5 hash length returned. (1)");
}
} else if (hblen != hashbuf_len[mlcount]) {
FAILED(SNMPERR_GENERR, "Wrong MD5 hash length returned. (2)");
}
rval =
sc_check_keyed_hash(usmHMACMD5AuthProtocol,
USM_LENGTH_OID_TRANSFORM, BIGSECRET,
secret_len, BIGSTRING, bigstring_len, hashbuf,
hblen);
FAILED(rval, "sc_check_keyed_hash().");
binary_to_hex(hashbuf, hblen, &s);
fprintf(stdout, "hash buffer (len=%d, request=%d): %s\n",
hblen, hashbuf_len[mlcount], s);
SNMP_FREE(s);
SUCCESS("Keyed hash test using MD5.");
OUTPUT("Keyed hash test using SHA1 --");
memset(hashbuf, 0, LOCAL_MAXBUF);
hblen = hashbuf_len[mlcount];
properlength = BYTESIZE(SNMP_TRANS_AUTHLEN_HMACSHA1);
rval =
sc_generate_keyed_hash(usmHMACSHA1AuthProtocol,
USM_LENGTH_OID_TRANSFORM, BIGSECRET,
secret_len, BIGSTRING, bigstring_len,
hashbuf, &hblen);
FAILED(rval, "sc_generate_keyed_hash().");
if (hashbuf_len[mlcount] > properlength) {
if (hblen != properlength) {
FAILED(SNMPERR_GENERR,
"Wrong SHA1 hash length returned. (1)");
}
} else if (hblen != hashbuf_len[mlcount]) {
FAILED(SNMPERR_GENERR, "Wrong SHA1 hash length returned. (2)");
}
rval =
sc_check_keyed_hash(usmHMACSHA1AuthProtocol,
USM_LENGTH_OID_TRANSFORM, BIGSECRET,
secret_len, BIGSTRING, bigstring_len, hashbuf,
hblen);
FAILED(rval, "sc_check_keyed_hash().");
binary_to_hex(hashbuf, hblen, &s);
fprintf(stdout, "hash buffer (len=%d, request=%d): %s\n",
hblen, hashbuf_len[mlcount], s);
SNMP_FREE(s);
SUCCESS("Keyed hash test using SHA1.");
/*
* Run the basic hash tests but vary the size MAC requests.
*/
if (hashbuf_len[++mlcount] != 0) {
goto test_dokeyedhash_again;
}
return failcount;
} /* end test_dokeyedhash() */
const char *mail_guid_128_to_string(const uint8_t guid_128[MAIL_GUID_128_SIZE])
{
return binary_to_hex(guid_128, MAIL_GUID_128_SIZE);
}
