ptr_lib::shared_ptr<PublicKey>
FilePrivateKeyStorage::getPublicKey(const Name& keyName)
{
string keyURI = keyName.toUri();
if (!doesKeyExist(keyName, KEY_CLASS_PUBLIC))
throw SecurityException("Public Key does not exist.");
ifstream file(nameTransform(keyURI, ".pub").c_str());
stringstream base64;
base64 << file.rdbuf();
// Use a vector in a shared_ptr so we can make it a Blob without copying.
ptr_lib::shared_ptr<vector<uint8_t> > der(new vector<uint8_t>());
fromBase64(base64.str(), *der);
Blob derBlob(der, false);
return ptr_lib::shared_ptr<PublicKey>(new PublicKey(derBlob));
}
bool loadFile(const char* fileName, Elysia::Genome::Genome &retval) {
FILE * fp=fopen(fileName,"rb");
if (!fp) return false;
fseek(fp,0,SEEK_END);
size_t fileSize=ftell(fp);
std::vector<unsigned char> data(fileSize);
fseek(fp,0,SEEK_SET);
if (!data.empty()) {
fread(&*data.begin(),1,fileSize,fp);
}
fclose(fp);
if (data.empty()) return false;
std::vector<unsigned char> buffer;
if (fromBase64(buffer,Base64::MemoryReference(&*data.begin(),fileSize))) {
if (buffer.size()&&retval.ParseFromArray(&*buffer.begin(),buffer.size())) {
return true;
} else {
return retval.ParseFromArray(&*data.begin(),fileSize);
}
} else {
return retval.ParseFromArray(&*data.begin(),fileSize);
}
}
gl::Texture QRcode::loadImageFromString(std::string value)
{
Buffer buff = fromBase64(value);
auto myImage = ci::loadImage(DataSourceBuffer::create(buff), ImageSource::Options(), "png");
return gl::Texture(myImage);
}
char* Crypto::decryptAndVerifyMessage(const char* whole, rsa* crypter, rsa* signer) {
// parse base 64 input
size_t wholeSize = strlen(whole);
size_t nonceLen;
size_t keyLen;
size_t messageLen;
size_t signatureLen;
int state = 0;
int len = 0;
for(int i=0; i<wholeSize; ++i) {
++len;
if(whole[i] == '\n') {
switch (state) {
case 0:
nonceLen = len;
break;
case 1:
keyLen = len;
break;
case 2:
messageLen = len;
break;
case 3:
signatureLen = len;
break;
default:
printf("unknown case detected : %d\n", state);
break;
}
state ++;
len = 0;
}
}
char nonce[nonceLen];
char key[keyLen];
char message[messageLen];
char signature[signatureLen];
state = 0;
len = 0;
for(int i=0; i<wholeSize; ++i) {
char c = whole[i];
c = (c == '\n' ? 0 : c);
switch (state) {
case 0:
nonce[len] = c;
break;
case 1:
key[len] = c;
break;
case 2:
message[len] = c;
break;
case 3:
signature[len] = c;
break;
default:
printf("unknown case detected : %d\n", state);
break;
}
if(c == 0) {
state ++;
len = 0;
} else {
++len;
}
}
if(CRYPTO_DEBUG) {
printf("nonce=%s\n", nonce);
printf("key=%s\n", key);
printf("message=%s\n", message);
printf("signature=%s\n", signature);
}
// End parsing base 64 file
//verify message signature
if(! signer->verify(message, signature)) {
if(CRYPTO_DEBUG) printf("signature is KO\n");
}
aes aes;
// decrypt nonce
size_t size;
u_char buffer[512];
u_char* nonceCrypted = fromBase64(nonce, &size);
if(nonceCrypted == NULL) return NULL;
size = crypter->decrypt(nonceCrypted, size, buffer, 512);
aes.setIV(buffer);
free(nonceCrypted);
//decrypt session key
u_char* keyCrypted = fromBase64(key, &size);
if(keyCrypted == NULL) return NULL;
size = crypter->decrypt(keyCrypted, size, buffer, 512);
aes.setKey(buffer);
free(keyCrypted);
aes.dumpKey();
aes.dumpNonce();
//decrypt message
u_char* messageCrypted = fromBase64(message, &size);
if(messageCrypted == NULL) return NULL;
u_char* plainText = (u_char*)malloc(size);
if(plainText == NULL) {
free(messageCrypted);
if(CRYPTO_DEBUG) printf("cannot allocate memory for plain text\n");
return NULL;
}
aes.decrypt(messageCrypted, plainText, size);
plainText[size] = 0;
free(messageCrypted);
return (char*) plainText;
}
/**
* \brief Loads the ChanServ database from disk
*/
void readChanData()
{
RegChanList *rcl;
RegNickList *rnl;
char *command;
int done = 0, db_version = 1;
int line_num = 0;
char *pass;
char *topic;
rcl = NULL;
rnl = NULL;
db.cs = fopen(CS_DIR "chanserv.db", "r");
if (db.cs == NULL)
return;
while (!done) {
if ((sfgets(dbLine, 2048, db.cs)) == 0) {
if (!done) {
unexpected_eof(CS_DB);
}
done = 1;
fclose(db.cs);
return;
}
line_num++;
if (parse_init(&state, dbLine) != 0) {
fprintf(stderr,
CS_DIR "chanserv.db:%d: " " Fatal error during read "
" (Null line?) \n", line_num);
abort();
}
command = parse_getarg(&state);
if (!strcmp(command, "version")) {
db_version = atoi(parse_getarg(&state));
}
else if (!strcmp(command, "channel")) {
char *sChannelName, *sFounderNick;
rcl = (RegChanList *) oalloc(sizeof(RegChanList));
sChannelName = parse_getarg(&state);
sFounderNick = parse_getarg(&state);
initRegChanData(rcl);
if (strlen(sChannelName) >= CHANLEN) {
fprintf(stderr,
CS_DIR "chanserv.db:%d: "
" Channel name '%.80s' exceeds " " CHANLEN.\n",
line_num, sChannelName);
sshutdown(-1);
} else if (strlen(sFounderNick) >= NICKLEN) {
fprintf(stderr,
CS_DIR "chanserv.db:%d: "
" Founder nick name '%.80s' " " (%.80s)"
" exceeds NICKLEN.\n", line_num, sFounderNick,
sChannelName);
sshutdown(-1);
}
if (!sChannelName || !sFounderNick) {
fprintf(stderr,
CS_DIR "chanserv.db:%d: " " Parse error. (%p, %p)",
line_num, sChannelName, sFounderNick);
sshutdown(-1);
}
rnl = getRegNickData(sFounderNick);
strcpy(rcl->name, sChannelName);
if (rnl)
{
rcl->founderId = rnl->regnum;
rnl->chans++;
}
else
rcl->founderId = RegId(0, 0);
rcl->mlock = atol(parse_getarg(&state));
rcl->flags = atol(parse_getarg(&state));
pass = parse_getarg(&state); /*! \bug XXX verify this works */
if (!pass) {
fprintf(stderr,
CS_DIR "chanserv.db:%d: " " Null password?!",
line_num);
sshutdown(-1);
}
if ((db_version < 2) || *pass == '@') {
if (db_version < 2)
strcpy((char *)rcl->password, pass);
else
strcpy((char *)rcl->password, pass + 1);
if (strlen(pass) > (u_int)((db_version < 2) ? PASSLEN : PASSLEN+1)) {
fprintf(stderr,
CS_DIR "chanserv.db:%d: " " password > PASSLEN",
line_num);
sshutdown(-1);
}
xorit((char *)rcl->password);
rcl->flags &= ~CENCRYPT;
}
else {
u_char *tmpup = fromBase64(pass+1, NULL);
int q;
if (!tmpup)
abort();
for(q = 0; q < 16; q++)
rcl->password[q] = tmpup[q];
FREE(tmpup);
rcl->flags |= CENCRYPT;
}
rcl->timereg = (time_t) atol(parse_getarg(&state));
rcl->timestamp = (time_t) atol(parse_getarg(&state));
strncpyzt(rcl->key, parse_getarg(&state), KEYLEN);
rcl->limit = atol(parse_getarg(&state));
rcl->memolevel = atoi(parse_getarg(&state));
rcl->tlocklevel = atoi(parse_getarg(&state));
rcl->restrictlevel = atoi(parse_getarg(&state));
/* The rest of the line - skipping the leading : */
topic = parse_getallargs(&state);
if (topic == NULL)
rcl->desc[0] = '\0';
else
strncpyzt(rcl->desc, topic, CHANDESCBUF);
addRegChan(rcl);
mostchans++;
} else if (!strcmp(command, "topic")) {
rcl = getRegChanData(parse_getarg(&state));
if (rcl == NULL)
continue;
strncpyzt(rcl->tsetby, parse_getarg(&state), NICKLEN);
rcl->ttimestamp = (time_t) atol(parse_getarg(&state));
/* The rest of the topic, skipping the : in it */
topic = parse_getallargs(&state);
if (topic == NULL)
rcl->topic = NULL;
else
rcl->topic = strdup(topic);
} else if (!strcmp(command, "url")) {
rcl = getRegChanData(parse_getarg(&state));
if (rcl == NULL)
continue;
topic = parse_getallargs(&state);
if (topic == NULL)
rcl->url = NULL;
else
rcl->url = strdup(topic);
} else if (!strcmp(command, "autogreet")) {
rcl = getRegChanData(parse_getarg(&state));
if (rcl == NULL)
continue;
topic = parse_getallargs(&state);
if (topic == NULL)
rcl->autogreet = NULL;
else
rcl->autogreet = strdup(topic);
} else if (!strcmp(command, "markby")) {
rcl = getRegChanData(parse_getarg(&state));
if (rcl == NULL)
continue;
topic = parse_getarg(&state);
if (topic == NULL)
rcl->markby = NULL;
else
rcl->markby = strdup(topic);
} else if (strcmp(command, "chkey") == 0) {
char *tmpp = parse_getarg(&state);
if (rcl && tmpp)
rcl->chpw_key = strtoul(tmpp, (char **)0, 16);
} else if (!strcmp(command, "op")) {
cAccessList *lame;
char *tmpName;
rcl = getRegChanData(parse_getarg(&state));
if (rcl == NULL)
continue;
tmpName = parse_getarg(&state);
if ((rnl = getRegNickData(tmpName)) != NULL)
{
lame = (cAccessList *) oalloc(sizeof(cAccessList));
lame->nickId = rnl->regnum;
lame->uflags = atoi(parse_getarg(&state));
addChanOp(rcl, lame);
}
} else if (!strcmp(command, "akick")) {
cAkickList *lame;
lame = (cAkickList *) oalloc(sizeof(cAkickList));
rcl = getRegChanData(parse_getarg(&state));
if (rcl == NULL)
continue;
strncpyzt(lame->mask, parse_getarg(&state), 70);
lame->added = (time_t) atol(parse_getarg(&state));
/* The rest of the string... */
topic = parse_getallargs(&state);
if (topic == NULL)
lame->reason[0] = '\0';
else {
strncpyzt(lame->reason, topic, NICKLEN + 50);
}
addChanAkick(rcl, lame);
} else if (!strcmp(command, "done"))
done = 1;
else {
fprintf(stderr, "GLOBOPS :Read chan data (%s)", dbLine);
sshutdown(-1);
}
#ifdef DBDEBUG
sSend(":%s PRIVMSG " DEBGUGCHAN " :Read chan data (%s)", ChanServ,
dbLine);
#endif
parse_cleanup(&state);
}
fclose(db.cs);
}
/**
* \brief Loads the NickServ database from disk
*/
void readNickData()
{
RegNickList *rnl = NULL;
char *command, *tmpp;
unsigned char *tmpup;
int done = 0, db_version = 1;
int line_num = 0, do_enc = 0;
#ifdef REQ_EMAIL
readRegData();
#endif
db.ns = fopen(NS_DB, "r");
if (db.ns == NULL) {
logDump(corelog, "Unable to open " NS_DB ": %s", strerror(errno));
return;
}
while (!done) {
if (!(sfgets(dbLine, 1024, db.ns))) {
if (!done) {
unexpected_eof(NS_DB);
}
done = 1;
fclose(db.ns);
return;
}
line_num++;
if (parse_init(&state, dbLine) != 0) {
/*! \bug XXX make a nicer error here! */
abort();
}
command = parse_getarg(&state);
if (strcmp(command, "version") == 0) {
tmpp = parse_getarg(&state);
assert(tmpp);
if (tmpp)
db_version = atoi(tmpp);
}
else
if (strcmp(command, "nick") == 0) {
rnl = (RegNickList *) oalloc(sizeof(RegNickList));
char *sNick, *sUser, *sHost, *sPass;
sNick = parse_getarg(&state);
sUser = parse_getarg(&state);
sHost = parse_getarg(&state);
sPass = parse_getarg(&state);
if (strlen(sNick) >= NICKLEN) {
fprintf(stderr,
NS_DB ":%d: " " Nickname '%.80s' exceeds "
" NICKLEN.\n", line_num, sNick);
sshutdown(-1);
}
strcpy(rnl->nick, sNick);
strncpyzt(rnl->user, sUser, USERLEN);
SetDynBuffer(&rnl->host, sHost);
if (db_version < 2)
{
if (strlen(sPass) > PASSLEN) {
fprintf(stderr,
NS_DB ":%d: " " Password for nick '%s' "
" exceeds PASSLEN.\n", line_num, sNick);
sshutdown(-1);
}
strcpy((char *)rnl->password, xorit(sPass));
}
else {
char encType = *sPass;
if (encType == '@') {
if (strlen(sPass+1) > PASSLEN) {
fprintf(stderr,
NS_DB ":%d: " " Password for nick '%s' "
" exceeds PASSLEN.\n", line_num, sNick);
sshutdown(-1);
}
strcpy((char *)rnl->password, xorit(sPass + 1));
do_enc = 0;
}
else if (encType == '$') {
int q, len;
tmpup = fromBase64(sPass + 1, &len);
assert(tmpup);
for(q = 0; q < 16; q++)
rnl->password[q] = tmpup[q];
do_enc = 1;
FREE(tmpup);
}
else
rnl->password[0] = '\0';
}
rnl->timestamp = (time_t) atol(parse_getarg(&state));
rnl->timereg = (time_t) atol(parse_getarg(&state));
rnl->flags = atoi(parse_getarg(&state));
if (db_version >= 3) {
const char *idString = parse_getarg(&state);
int av, bv;
sscanf(idString, "%X*%X", &av, &bv);
rnl->regnum.SetDirect(top_regnick_idnum, av, bv);
}
else {
rnl->regnum.SetNext(top_regnick_idnum);
}
if (do_enc)
rnl->flags |= NENCRYPT;
else
rnl->flags &= ~NENCRYPT;
rnl->opflags = 0;
rnl->idtime = DEF_NDELAY;
ADD_MEMO_BOX(rnl);
addRegNick(rnl);
} else if (strcmp(command, "is") == 0) {
char *data = parse_getarg(&state);
if (rnl && data)
rnl->is_readtime = atol(data);
} else if (strcmp(command, "oper") == 0) {
char *opflags_s;
if (rnl && (rnl == getRegNickData(parse_getarg(&state)))) {
if ((opflags_s = parse_getarg(&state)))
rnl->opflags |=
(strtoul(opflags_s, (char **)0, 10) &
~(OROOT | OSERVOP));
if (rnl->opflags)
addOpData(rnl);
}
} else if (strcmp(command, "url") == 0) {
if (rnl && (rnl == getRegNickData(parse_getarg(&state))))
{
rnl->url = strdup(parse_getarg(&state));
if (strlen(rnl->url) > (URLLEN - 1))
rnl->url[URLLEN - 1] = '\0';
}
} else if (strcmp(command, "gecos") == 0) {
#ifdef TRACK_GECOS
char *gecos = parse_getallargs(&state);
if (gecos != NULL)
rnl->gecos = strdup(gecos);
#endif
} else if (strcmp(command, "akey") == 0) {
#ifdef REQ_EMAIL
if (rnl)
rnl->email_key = atoi(parse_getarg(&state));
#endif
} else if (strcmp(command, "chkey") == 0) {
char *tmpp = parse_getarg(&state);
if (rnl && tmpp)
rnl->chpw_key = strtoul(tmpp, (char **)0, 16);
} else if (strcmp(command, "markby") == 0) {
char *mby;
rnl = getRegNickData(parse_getarg(&state));
if (!rnl || !(mby = parse_getarg(&state)))
continue;
rnl->markby = strdup(mby);
} else if (strcmp(command, "access") == 0) {
rnl = getRegNickData(parse_getarg(&state));
addAccItem(rnl, parse_getarg(&state));
} else if (!strcmp(command, "email")) {
rnl = getRegNickData(parse_getarg(&state));
strncpyzt(rnl->email, parse_getarg(&state), EMAILLEN);
if (!strcmp(rnl->email, "(none)"))
strcat(rnl->email, " ");
} else if (!strcmp(command, "idtime")) {
rnl = getRegNickData(parse_getarg(&state));
rnl->idtime = atoi(parse_getarg(&state));
} else if (!strcmp(command, "done"))
done = 1;
else {
fprintf(stderr, NS_DB ":%d: Error reading nick data (%s)",
line_num, dbLine);
sshutdown(-1);
}
#ifdef DBDEBUG
sSend(":%s PRIVMSG " DEBUGCHAN " :Read nick data (%s)", NICKSERV,
dbLine);
#endif
parse_cleanup(&state);
}
fclose(db.ns);
readMemoData();
}
Blob
FilePrivateKeyStorage::sign
(const uint8_t *data, size_t dataLength, const Name& keyName,
DigestAlgorithm digestAlgorithm)
{
string keyURI = keyName.toUri();
if (!doesKeyExist(keyName, KEY_CLASS_PRIVATE))
throw SecurityException
("FilePrivateKeyStorage::sign: private key doesn't exist");
if (digestAlgorithm != DIGEST_ALGORITHM_SHA256)
throw SecurityException
("FilePrivateKeyStorage::sign: Unsupported digest algorithm");
// Read the private key.
ifstream file(nameTransform(keyURI, ".pri").c_str());
stringstream base64;
base64 << file.rdbuf();
vector<uint8_t> pkcs8Der;
fromBase64(base64.str(), pkcs8Der);
// The private key is generated by NFD which stores as PKCS #8. Decode it
// to find the algorithm OID and the inner private key DER.
ptr_lib::shared_ptr<DerNode> parsedNode = DerNode::parse(&pkcs8Der[0], 0);
const std::vector<ptr_lib::shared_ptr<DerNode> >& pkcs8Children =
parsedNode->getChildren();
// Get the algorithm OID and parameters.
const std::vector<ptr_lib::shared_ptr<DerNode> >& algorithmIdChildren =
DerNode::getSequence(pkcs8Children, 1).getChildren();
string oidString
(dynamic_cast<DerNode::DerOid&>(*algorithmIdChildren[0]).toVal().toRawStr());
ptr_lib::shared_ptr<DerNode> algorithmParameters = algorithmIdChildren[1];
// Get the value of the 3rd child which is the octet string.
Blob privateKeyDer = pkcs8Children[2]->toVal();
// Get the digest to sign.
uint8_t digest[SHA256_DIGEST_LENGTH];
ndn_digestSha256(data, dataLength, digest);
// TODO: use RSA_size, etc. to get the proper size of the signature buffer.
uint8_t signatureBits[1000];
unsigned int signatureBitsLength;
// Decode the private key and sign.
if (oidString == RSA_ENCRYPTION_OID) {
// Use a temporary pointer since d2i updates it.
const uint8_t* derPointer = privateKeyDer.buf();
rsa_st* privateKey = d2i_RSAPrivateKey(NULL, &derPointer, privateKeyDer.size());
if (!privateKey)
throw SecurityException
("FilePrivateKeyStorage::sign: Error decoding the RSA private key DER");
int success = RSA_sign
(NID_sha256, digest, sizeof(digest), signatureBits, &signatureBitsLength,
privateKey);
// Free the private key before checking for success.
RSA_free(privateKey);
if (!success)
throw SecurityException("FilePrivateKeyStorage::sign: Error in RSA_sign");
}
else if (oidString == EC_ENCRYPTION_OID) {
ec_key_st* privateKey = decodeEcPrivateKey(algorithmParameters, privateKeyDer);
int success = ECDSA_sign
(NID_sha256, digest, sizeof(digest), signatureBits, &signatureBitsLength,
privateKey);
// Free the private key before checking for success.
EC_KEY_free(privateKey);
if (!success)
throw SecurityException("FilePrivateKeyStorage::sign: Error in ECDSA_sign");
}
else
throw SecurityException
("FilePrivateKeyStorage::sign: Unrecognized private key OID");
return Blob(signatureBits, (size_t)signatureBitsLength);
}
Buffer fromBase64(const string &input)
{
return fromBase64(input.c_str(), input.size());
}
