cleanup, add lxc package (broken)

This commit is contained in:
Neale Pickett 2011-09-23 17:05:14 -06:00
parent 2ab905ec9f
commit e001d433ab
28 changed files with 49 additions and 1088 deletions

View File

@ -1,20 +0,0 @@
LOGGER_PKGDIR = $(TARGET)/logger
logger-install: logger-build
mkdir -p $(LOGGER_PKGDIR)
mkdir -p $(LOGGER_PKGDIR)/bin/
$(MAKE) -C packages/logger/src install DESTDIR=$(CURDIR)/$(LOGGER_PKGDIR)
$(call COPYTREE, packages/logger/tokens, $(LOGGER_PKGDIR)/tokens)
$(call COPYTREE, packages/logger/service, $(LOGGER_PKGDIR)/service)
logger-clean:
rm -rf $(LOGGER_PKGDIR)
$(MAKE) -C packages/logger/src clean
logger-build:
$(MAKE) -C packages/logger/src build
PACKAGES += logger

View File

@ -1,4 +0,0 @@
#! /bin/sh
IP=$(cat ip.txt)
ip addr del $IP dev eth0

View File

@ -1 +0,0 @@
fd84:b410:3441::07a6/64

View File

@ -1,3 +0,0 @@
#! /bin/sh
exec svlogd -tt $PWD

View File

@ -1,6 +0,0 @@
#! /bin/sh -e
exec 2>&1
IP=$(cat ip.txt)
ip addr add $IP label eth0:logger dev eth0
exec tcpsvd ${IP%/*} 1958 /opt/logger/bin/logger

View File

@ -1,20 +0,0 @@
Base64 code was taken from
http://cvs.savannah.gnu.org/viewvc/*checkout*/gnulib/gnulib/lib/base64.c?revision=HEAD
/* base64.c -- Encode binary data using printable characters.
Copyright (C) 1999, 2000, 2001, 2004, 2005, 2006 Free Software
Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */

View File

@ -1,14 +0,0 @@
CFLAGS = -Wall -Werror
LDFLAGS = -static
TARGETS = logger
all: build
build: $(TARGETS)
logger: logger.o arc4.o token.o
install: $(TARGETS)
install -m 0755 $(TARGETS) $(DESTDIR)/bin
clean:
rm -f *.o $(TARGETS)

View File

@ -1 +0,0 @@
../../../src/arc4.c

View File

@ -1 +0,0 @@
../../../src/arc4.h

View File

@ -1,652 +0,0 @@
/** logger.c - generate fake log messages (part of dirtbags CTF)
*
* Author: Neale Pickett <neale@lanl.gov>
*
* This software has been authored by an employee or employees of Los
* Alamos National Security, LLC, operator of the Los Alamos National
* Laboratory (LANL) under Contract No. DE-AC52-06NA25396 with the
* U.S. Department of Energy. The U.S. Government has rights to use,
* reproduce, and distribute this software. The public may copy,
* distribute, prepare derivative works and publicly display this
* software without charge, provided that this Notice and any statement
* of authorship are reproduced on all copies. Neither the Government
* nor LANS makes any warranty, express or implied, or assumes any
* liability or responsibility for the use of this software. If
* software is modified to produce derivative works, such modified
* software should be clearly marked, so as not to confuse it with the
* version available from LANL.
*/
#include <time.h>
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#ifdef STANDALONE
# define TOKEN_MAX 50
#else
# include "token.h"
#endif
#define PID_MAX 32768
#define QSIZE 200
#define MSGS_PER_SEC_MIN 10
#define MSGS_PER_SEC_MAX 40
const uint8_t key[] = {0x99, 0xeb, 0xc0, 0xce,
0xe0, 0xc9, 0xed, 0x5b,
0xbd, 0xc8, 0xb5, 0xfd,
0xdd, 0x0b, 0x03, 0x10};
/* Storage space for tokens */
char token[3][TOKEN_MAX];
void
read_tokens()
{
int i;
ssize_t len;
char name[40];
for (i = 0; i < sizeof(token)/sizeof(*token); i += 1) {
#ifdef STANDALONE
strcpy(token[i], "logger:xylep-donut-nanox");
#else
/* This can't grow beyond 40. Think about it. */
sprintf(name, "logger%d", i);
len = get_token(token[i], sizeof(token[i]), name, key, sizeof(key));
if ((-1 == len) || (len >= sizeof(token[i]))) abort();
token[i][len] = '\0';
#endif
}
}
/*
* Base 64 (GPL: see COPYING)
*/
/* C89 compliant way to cast 'char' to 'unsigned char'. */
static inline unsigned char
to_uchar (char ch)
{
return ch;
}
/* Base64 encode IN array of size INLEN into OUT array of size OUTLEN.
If OUTLEN is less than BASE64_LENGTH(INLEN), write as many bytes as
possible. If OUTLEN is larger than BASE64_LENGTH(INLEN), also zero
terminate the output buffer. */
void
base64_encode (const char *in, size_t inlen,
char *out, size_t outlen)
{
static const char b64str[64] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
while (inlen && outlen) {
*out++ = b64str[(to_uchar(in[0]) >> 2) & 0x3f];
if (!--outlen)
break;
*out++ = b64str[((to_uchar(in[0]) << 4)
+ (--inlen ? to_uchar(in[1]) >> 4 : 0))
& 0x3f];
if (!--outlen)
break;
*out++ = (inlen
? b64str[((to_uchar(in[1]) << 2)
+ (--inlen ? to_uchar(in[2]) >> 6 : 0))
& 0x3f]
: '=');
if (!--outlen)
break;
*out++ = inlen ? b64str[to_uchar(in[2]) & 0x3f] : '=';
if (!--outlen)
break;
if (inlen)
inlen--;
if (inlen)
in += 3;
}
if (outlen)
*out = '\0';
}
/*
* Bubble Babble
*/
char const consonants[] = "bcdfghklmnprstvz";
char const vowels[] = "aeiouy";
#define bubblebabble_len(n) (6*(((n)/2)+1))
/** Compute bubble babble for input buffer.
*
* The generated output will be of length 6*((inlen/2)+1), including the
* trailing NULL.
*
* Test vectors:
* `' (empty string) `xexax'
* `1234567890' `xesef-disof-gytuf-katof-movif-baxux'
* `Pineapple' `xigak-nyryk-humil-bosek-sonax'
*/
void
bubblebabble(unsigned char *out,
unsigned char const *in,
const size_t inlen)
{
size_t pos = 0;
int seed = 1;
size_t i = 0;
out[pos++] = 'x';
while (1) {
unsigned char c;
if (i == inlen) {
out[pos++] = vowels[seed % 6];
out[pos++] = 'x';
out[pos++] = vowels[seed / 6];
break;
}
c = in[i++];
out[pos++] = vowels[(((c >> 6) & 3) + seed) % 6];
out[pos++] = consonants[(c >> 2) & 15];
out[pos++] = vowels[((c & 3) + (seed / 6)) % 6];
if (i == inlen) {
break;
}
seed = ((seed * 5) + (c * 7) + in[i]) % 36;
c = in[i++];
out[pos++] = consonants[(c >> 4) & 15];
out[pos++] = '-';
out[pos++] = consonants[c & 15];
}
out[pos++] = 'x';
out[pos] = '\0';
}
int
randint(int max)
{
return random() % max;
}
#define itokenlen 5
char const *
bogus_token()
{
static char token[TOKEN_MAX];
unsigned char crap[itokenlen];
unsigned char digest[bubblebabble_len(itokenlen)];
int i;
for (i = 0; i < sizeof(crap); i += 1 ) {
crap[i] = (unsigned char)randint(256);
}
bubblebabble(digest, (unsigned char *)&crap, itokenlen);
snprintf(token, sizeof(token), "bogus:%s", digest);
token[sizeof(token) - 1] = '\0';
return token;
}
#define choice(a) (a[randint(sizeof(a)/sizeof(*a))])
char const *users[] = {"alice", "bob", "carol", "dave",
"eve", "fran", "gordon",
"isaac", "justin", "mallory",
"oscar", "pat", "steve",
"trent", "vanna", "walter", "zoe"};
char const *
user()
{
return choice(users);
}
char const *filenames[] = {"about", "request", "page", "buttons",
"images", "overview"};
char const *extensions[] = {"html", "htm", "jpg", "png", "css", "cgi"};
char const *fields[] = {"q", "s", "search", "id", "req", "oid", "pmt",
"u", "page", "xxnp", "stat", "jk", "ttb",
"access", "domain", "needle", "service", "client"};
char const *values[] = {"1", "turnip", "chupacabra", "58", "identify",
"parthenon", "jellyfish", "pullman", "auth",
"xa4Jmwl", "cornmeal", "ribbon", "49299248",
"javaWidget", "crashdump", "priority",
"blogosphere"};
char const *
url()
{
static char url[200];
int i, parts;
strcpy(url, "/");
parts = randint(4);
for (i = 0; i < parts; i += 1) {
if (i > 0) {
strcat(url, "/");
}
strcat(url, choice(filenames));
}
if (randint(5) > 1) {
if (i > 0) {
strcat(url, ".");
strcat(url, choice(extensions));
}
} else {
parts = randint(8) + 1;
for (i = 0; i < parts; i += 1) {
if (0 == i) {
strcat(url, "?");
} else {
strcat(url, "&");
}
strcat(url, choice(fields));
strcat(url, "=");
strcat(url, choice(values));
}
}
return url;
}
struct message {
time_t when;
char text[300];
struct message *next;
};
/* Allocate some messages */
struct message heap[QSIZE];
struct message *pool;
struct message *queue;
struct message *
get_message()
{
struct message *ret = pool;
if (pool) {
pool = pool->next;
}
return ret;
}
void
free_message(struct message *msg)
{
if (msg) {
msg->next = pool;
pool = msg;
}
}
/* Either get count messages, or don't get any at all. */
int
get_many_messages(struct message **msgs, size_t count)
{
int i;
for (i = 0; i < count; i += 1) {
msgs[i] = get_message();
}
if (NULL == msgs[i-1]) {
for (i = 0; i < count; i += 1) {
free_message(msgs[i]);
}
return -1;
}
return 0;
}
void
enqueue_message(struct message *msg)
{
struct message *cur;
/* In some cases, we want msg to be at the head */
if ((NULL == queue) || (queue->when > msg->when)) {
msg->next = queue;
queue = msg;
return;
}
/* Find where to stick it */
for (cur = queue; NULL != cur->next; cur = cur->next) {
if (cur->next->when > msg->when) break;
}
/* Insert it after cur */
msg->next = cur->next;
cur->next = msg;
}
void
enqueue_messages(struct message **msgs, size_t count)
{
int i;
for (i = 0; i < count; i += 1) {
enqueue_message(msgs[i]);
}
}
struct message *
dequeue_message(time_t now)
{
if ((NULL != queue) && (queue->when <= now)) {
struct message *ret = queue;
queue = queue->next;
free_message(ret);
return ret;
}
return NULL;
}
int
main(int argc, char *argv[])
{
int i;
int pid = 52;
time_t then = time(NULL) - 100; /* Assure we get new tokens right away */
/* Seed RNG */
srandom(then);
/* Initialize free messages */
{
pool = &(heap[0]);
for (i = 0; i < QSIZE - 1; i += 1) {
heap[i].next = &(heap[i+1]);
}
heap[i].next = NULL;
}
/* Now let's make some crap! */
while (! feof(stdout)) {
struct message *msg;
time_t now = time(NULL);
int i, max;
/* Print messages */
while ((msg = dequeue_message(now))) {
char ftime[80];
struct tm *tm;
tm = gmtime(&msg->when);
if (! tm) {
snprintf(ftime, sizeof(ftime), "%ld", now);
} else {
strftime(ftime, sizeof(ftime), "%b %d %T", tm);
}
printf("%s loghost %s\n", ftime, msg->text);
}
fflush(stdout);
/* Time for new tokens? */
if (then + 60 <= now) {
read_tokens();
then = now;
}
/* Make some messages */
max = MSGS_PER_SEC_MIN + randint(MSGS_PER_SEC_MAX - MSGS_PER_SEC_MIN);
for (i = 0; i < max; i += 1) {
time_t start = now + 1;
struct message *messages[10];
/* Increment the PID */
pid = (pid + 1 + randint(20)) % PID_MAX;
switch (randint(90)) {
case 0:
/* Internal diagnostic! */
if (-1 != get_many_messages(messages, 1)) {
int queued, pooled;
struct message *msg;
for (pooled = 0, msg = pool;
msg;
msg = msg->next, pooled += 1);
/* Start at one because of this message */
for (queued = 1, msg = queue;
msg;
msg = msg->next, queued += 1);
messages[0]->when = now;
snprintf(messages[0]->text, sizeof(messages[0]->text),
"DEBUG: %d in pool, %d in queue (%d total)",
pooled, queued, pooled + queued);
enqueue_messages(messages, 1);
}
case 1:
/* Lame-o "token" service */
if (-1 != get_many_messages(messages, 1)) {
messages[0]->when = start;
snprintf(messages[0]->text, sizeof(messages[0]->text),
"tokenserv[%d]: token is %s",
pid, token[0]);
enqueue_messages(messages, 1);
}
/* Always follow this with a couple lines of fluff so it's
not the last thing in a batch */
max += 2;
break;
case 2:
/* IMAP */
{
char const *mytoken;
char const *u;
char btoken[TOKEN_MAX * 2];
if (randint(5) == 0) {
mytoken = token[1];
u = "token";
} else {
mytoken = bogus_token();
u = user();
}
base64_encode(mytoken, strlen(mytoken), btoken, sizeof(btoken));
if (-1 != get_many_messages(messages, 2)) {
const int offset=15;
messages[0]->when = start;
snprintf(messages[0]->text, sizeof(messages[0]->text),
"imapd[%d]: Login: user=%s method=PLAIN token1=%.*s",
pid, u, offset, btoken);
messages[1]->when = start + 4 + randint(60);
snprintf(messages[1]->text, sizeof(messages[1]->text),
"imapd[%d]: Disconnected: Logged out token2=%s",
pid, btoken + offset);
enqueue_messages(messages, 2);
}
}
case 3:
/* IRC */
if (-1 != get_many_messages(messages, 3)) {
int connection = randint(512);
int port = randint(65536);
messages[0]->when = start;
snprintf(messages[0]->text, sizeof(messages[0]->text),
"ircd: Accepted connection %d from %d.%d.%d.%d:%d on socket %d.",
connection,
randint(256), randint(256),
randint(256), randint(256),
port,
randint(256));
messages[1]->when = start + randint(5);
snprintf(messages[1]->text, sizeof(messages[1]->text),
"ircd: User \"%s!~%s@dirtbags.net\" registered (connection %d).",
user(), user(), connection);
messages[2]->when = messages[1]->when + randint(600);
snprintf(messages[2]->text, sizeof(messages[2]->text),
"ircd: Shutting down connection %d (Got QUIT command.) with dirtbags.net:%d.",
connection, port);
enqueue_messages(messages, 3);
}
break;
case 4:
/* cron */
if (-1 != get_many_messages(messages, 1)) {
messages[0]->when = start;
snprintf(messages[0]->text, sizeof(messages[0]->text),
"/USR/SBIN/CRON[%d]: (root) CMD ( /opt/bloatware/cleanup.sh )",
pid);
enqueue_messages(messages, 1);
}
break;
case 5:
/* sudo */
if (-1 != get_many_messages(messages, 1)) {
char const *u = user();
messages[0]->when = start;
snprintf(messages[0]->text, sizeof(messages[0]->text),
"sudo: %12s : TTY=pts/%d ; PWD=/home/%s ; USER=root; COMMAND=/usr/bin/less /var/log/syslog",
u, randint(12), u);
enqueue_messages(messages, 1);
}
break;
case 6 ... 20:
/* SMTP */
{
char const *mytoken;
size_t tokenlen;
char const *host;
size_t hostlen;
char const *from;
size_t fromlen;
char const *to;
int is_token;
if (randint(10) == 0) {
is_token = 1;
mytoken = token[2];
} else {
is_token = 0;
mytoken = bogus_token();
}
tokenlen = strlen(mytoken);
host = mytoken;
hostlen = tokenlen/3;
from = mytoken + hostlen;
fromlen = tokenlen/3;
to = mytoken + hostlen + fromlen;
if (-1 != get_many_messages(messages, 8)) {
int o1 = randint(256);
int o2 = randint(256);
int o3 = randint(256);
int o4 = randint(256);
long int mid = random();
long int mid2 = random();
messages[0]->when = start;
snprintf(messages[0]->text, sizeof(messages[0]->text),
"smtp/smtpd[%d]: connect from %.*s[%d.%d.%d.%d]",
pid, hostlen, host, o1, o2, o3, o4);
messages[1]->when = messages[0]->when + randint(1);
snprintf(messages[1]->text, sizeof(messages[1]->text),
"smtp/smtpd[%d]: %08lX: client=%.*s[%d.%d.%d.%d]",
pid, mid, hostlen, host, o1, o2, o3, o4);
messages[2]->when = messages[1]->when + 2 + randint(3);
snprintf(messages[2]->text, sizeof(messages[2]->text),
"smtp/smtpd[%d]: disconnect from [%d.%d.%d.%d]",
pid, o1, o2, o3, o4);
pid = (pid + 1 + randint(5)) % PID_MAX;
messages[3]->when = messages[1]->when + 1 + randint(2);
snprintf(messages[3]->text, sizeof(messages[3]->text),
"smtp/cleanup[%d]: %08lX: message-id=<%08lx@junkmail.spam>",
pid, mid, mid2);
pid = (pid + 1 + randint(5)) % PID_MAX;
messages[4]->when = messages[3]->when + randint(1);
snprintf(messages[4]->text, sizeof(messages[4]->text),
"smtp/qmgr[%d]: %08lX: from=<%.*s@junkmail.spam>, size=%d, nrcpt=1 (queue active)",
pid, mid, fromlen, from, randint(6000));
messages[5]->when = messages[4]->when + 2 + randint(2);
snprintf(messages[5]->text, sizeof(messages[5]->text),
"smtp/qmgr[%d]: %08lX: removed",
pid, mid);
messages[6]->when = messages[4]->when + randint(1);
snprintf(messages[6]->text, sizeof(messages[6]->text),
"smtp/deliver(%s): msgid=<%08lx@junkmail.spam>: saved to INBOX",
to, mid2);
pid = (pid + 1 + randint(5)) % PID_MAX;
messages[7]->when = messages[4]->when + randint(1);
snprintf(messages[7]->text, sizeof(messages[7]->text),
"smtp/local[%d]: %08lX: to <%s@dirtbags.net>, relay=local, dsn=2.0.0, status=sent (delivered to command /usr/bin/deliver)",
pid, mid, to);
enqueue_messages(messages, 8);
}
}
break;
case 21 ... 30:
/* ssh */
break;
default:
/* HTTP */
if (-1 != get_many_messages(messages, 1)) {
messages[0]->when = start;
snprintf(messages[0]->text, sizeof(messages[0]->text),
"httpd[%d]: %d.%d.%d.%d\t-\tdirtbags.net\t80\tGET\t%s\t-\tHTTP/1.1\t200\t%d\t-\tMozilla/5.0",
pid,
randint(256), randint(256),
randint(256), randint(256),
url(), randint(4000) + 378);
enqueue_messages(messages, 1);
}
break;
}
}
{
struct timespec t = { 1, 0 };
nanosleep(&t, NULL);
}
}
return 0;
}

View File

@ -1 +0,0 @@
../../../src/token.c

View File

@ -1 +0,0 @@
../../../src/token.h

View File

@ -1 +0,0 @@
logger

View File

@ -1 +0,0 @@
S゙*郢シ緩ミ7<EFBE90>k<13>

View File

@ -1 +0,0 @@
™כְ־אֹם[½ָµ<C2B5> 

View File

@ -1 +0,0 @@
logger

View File

@ -1 +0,0 @@
S゙*郢シ緩ミ7<EFBE90>k<13>

View File

@ -1 +0,0 @@
™כְ־אֹם[½ָµ<C2B5> 

View File

@ -1 +0,0 @@
logger

View File

@ -1 +0,0 @@
S゙*郢シ緩ミ7<EFBE90>k<13>

View File

@ -1 +0,0 @@
™כְ־אֹם[½ָµ<C2B5> 

49
packages/lxc/lxc.mk Normal file
View File

@ -0,0 +1,49 @@
LXC_PKGDIR = $(TARGET)/lxc
LXC_BUILDDIR = $(BUILD)/lxc
LXC_VERSION = 0.7.5
LXC_TAR = $(CACHE)/lxc-$(LXC_VERSION).tar.gz
LXC_URL = http://lxc.sourceforge.net/download/lxc/lxc-$(LXC_VERSION).tar.gz
LXC_SRCDIR = $(LXC_BUILDDIR)/lxc-$(LXC_VERSION)
LXC_COMMANDS = attach cgroup checkpoint console execute freeze
LXC_COMMANDS += info init kill monitor restart start stop
LXC_COMMANDS += unfreeze unshare wait
LXC_PROGRAMS = $(addprefix $(LXC_SRCDIR)/src/lxc/lxc-, $(LXC_COMMANDS))
# Prevents automake from mangling cross-compiled binary names
LXC_CC_HOST := $(shell $(CC) -v 2>&1 | awk '/Target:/{print $$2}')
LXC_CONF_OPT := --host=i386-unknown-linux-uclibc --program-transform-name=
lxc-install: lxc-build
$(LXC_TAR):
@ mkdir -p $(@D)
wget -O $@ $(LXC_URL)
lxc-source: $(LXC_BUILDDIR)/source
$(LXC_BUILDDIR)/source: $(LXC_TAR)
mkdir -p $(LXC_BUILDDIR)
zcat $(LXC_TAR) | (cd $(LXC_BUILDDIR) && tar xf -)
touch $@
lxc-build: $(LXC_BUILDDIR)/built
$(LXC_BUILDDIR)/built: $(LXC_BUILDDIR)/source
cd $(LXC_SRCDIR) && ./configure $(LXC_CONF_OPT)
$(MAKE) -C $(LXC_SRCDIR)
touch $@
lxc-install: lxc-build
mkdir -p $(LXC_PKGDIR)/lib
cp $(LXC_SRCDIR)/src/lxc/liblxc.so $(LXC_PKGDIR)/lib
mkdir -p $(LXC_PKGDIR)/bin
cp $(LXC_PROGRAMS) $(LXC_PKGDIR)/bin
# $(call COPYTREE, packages/lxc/service, $(LXC_PKGDIR)/service)
lxc-clean:
rm -rf $(LXC_BUILDDIR)
PACKAGES += lxc

View File

@ -1 +0,0 @@
../../../include/token.c

View File

@ -1 +0,0 @@
../../../include/token.h

View File

@ -1,230 +0,0 @@
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "arc4.h"
#define swap(a, b) do {uint8_t _swap=a; a=b, b=_swap;} while (0)
void
arc4_init(struct arc4_ctx *ctx, uint8_t const *key, size_t keylen)
{
int i;
int j = 0;
for (i = 0; i < 256; i += 1) {
ctx->S[i] = i;
}
for (i = 0; i < 256; i += 1) {
j = (j + ctx->S[i] + key[i % keylen]) % 256;
swap(ctx->S[i], ctx->S[j]);
}
ctx->i = 0;
ctx->j = 0;
}
uint8_t
arc4_out(struct arc4_ctx *ctx)
{
ctx->i = (ctx->i + 1) % 256;
ctx->j = (ctx->j + ctx->S[ctx->i]) % 256;
swap(ctx->S[ctx->i], ctx->S[ctx->j]);
return ctx->S[(ctx->S[ctx->i] + ctx->S[ctx->j]) % 256];
}
void
arc4_crypt(struct arc4_ctx *ctx,
uint8_t *obuf, const uint8_t *ibuf, size_t buflen)
{
size_t k;
for (k = 0; k < buflen; k += 1) {
obuf[k] = ibuf[k] ^ arc4_out(ctx);
}
}
/* Create a nonce as an arc4 stream with key=seed */
void
arc4_nonce(uint8_t *nonce, size_t noncelen,
void *seed, size_t seedlen)
{
struct arc4_ctx ctx;
int i;
arc4_init(&ctx, seed, seedlen);
for (i = 0; i < noncelen; i += 1) {
nonce[i] = arc4_out(&ctx);
}
}
/***************************************************
*
* Psuedo Random Number Generation
*
*/
static struct arc4_ctx prng_ctx;
static int prng_initialized = 0;
void
arc4_rand_seed(const uint8_t *seed, size_t seedlen)
{
arc4_init(&prng_ctx, seed, seedlen);
prng_initialized = 1;
}
static void
arc4_rand_autoseed()
{
if (! prng_initialized) {
uint8_t key[ARC4_KEYLEN];
FILE *urandom;
/* Open /dev/urandom or die trying */
urandom = fopen("/dev/urandom", "r");
if (! urandom) {
perror("Opening /dev/urandom");
abort();
}
setbuf(urandom, NULL);
fread(&key, sizeof(key), 1, urandom);
fclose(urandom);
arc4_rand_seed(key, sizeof(key));
}
}
uint8_t
arc4_rand8()
{
arc4_rand_autoseed();
return arc4_out(&prng_ctx);
}
uint32_t
arc4_rand32()
{
arc4_rand_autoseed();
return ((arc4_out(&prng_ctx) << 0) |
(arc4_out(&prng_ctx) << 8) |
(arc4_out(&prng_ctx) << 16) |
(arc4_out(&prng_ctx) << 24));
}
/*****************************************
*
* Stream operations
*
*/
ssize_t
arc4_encrypt_stream(FILE *out, FILE *in,
const uint8_t *key, size_t keylen)
{
struct arc4_ctx ctx;
uint32_t seed = arc4_rand32();
uint8_t nonce[ARC4_KEYLEN];
ssize_t written = 0;
int i;
fwrite("arc4", 4, 1, out);
fwrite(&seed, sizeof(seed), 1, out);
arc4_nonce(nonce, sizeof(nonce), &seed, sizeof(seed));
for (i = 0; i < keylen; i += 1) {
nonce[i] ^= key[i];
}
arc4_init(&ctx, nonce, sizeof(nonce));
while (1) {
int c = fgetc(in);
if (EOF == c) break;
fputc((uint8_t)c ^ arc4_out(&ctx), out);
written += 1;
}
return written;
}
ssize_t
arc4_decrypt_stream(FILE *out, FILE *in,
const uint8_t *key, size_t keylen)
{
struct arc4_ctx ctx;
uint32_t seed;
uint8_t nonce[ARC4_KEYLEN];
ssize_t written = 0;
char sig[4];
int i;
fread(&sig, sizeof(sig), 1, in);
if (memcmp(sig, "arc4", 4)) {
return -1;
}
fread(&seed, sizeof(seed), 1, in);
arc4_nonce(nonce, sizeof(nonce), &seed, sizeof(seed));
for (i = 0; i < keylen; i += 1) {
nonce[i] ^= key[i];
}
arc4_init(&ctx, nonce, sizeof(nonce));
while (1) {
int c = fgetc(in);
if (EOF == c) break;
fputc((uint8_t)c ^ arc4_out(&ctx), out);
written += 1;
}
return written;
}
#ifdef ARC4_MAIN
#include <sysexits.h>
#include <unistd.h>
int
main(int argc, char *argv[])
{
uint8_t key[ARC4_KEYLEN] = {0};
size_t keylen;
/* Read key and initialize context */
{
char *ekey = getenv("KEY");
if (ekey) {
keylen = strlen(ekey);
memcpy(key, ekey, keylen);
} else {
keylen = read(3, key, sizeof(key));
if (-1 == keylen) {
fprintf(stderr, "error: must specify key.\n");
return 1;
}
}
}
if (! argv[1]) {
if (-1 == arc4_decrypt_stream(stdout, stdin, key, keylen)) {
fprintf(stderr, "error: not an arc4 stream.\n");
return 1;
}
} else if (0 == strcmp(argv[1], "-e")) {
arc4_encrypt_stream(stdout, stdin, key, keylen);
} else {
fprintf(stderr, "Usage: %s [-e] <PLAINTEXT\n", argv[0]);
fprintf(stderr, "\n");
fprintf(stderr, "You must pass in a key on fd 3 or in the environment variable KEY.\n");
return EX_USAGE;
}
return 0;
}
#endif /* ARC4_MAIN */

View File

@ -1,40 +0,0 @@
#ifndef __ARC4_H__
#define __ARC4_H__
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#define ARC4_KEYLEN 256
struct arc4_ctx {
uint8_t S[256];
uint8_t i;
uint8_t j;
};
/* Stream operations */
ssize_t
arc4_encrypt_stream(FILE *out, FILE *in,
const uint8_t *key, size_t keylen);
ssize_t
arc4_decrypt_stream(FILE *out, FILE *in,
const uint8_t *key, size_t keylen);
/* Auto-seeding Psuedo Random Number Generator */
void arc4_rand_seed(const uint8_t *seed, size_t seedlen);
uint8_t arc4_rand8();
uint32_t arc4_rand32();
/* Low-level operations */
void arc4_init(struct arc4_ctx *ctx, const uint8_t *key, size_t keylen);
uint8_t arc4_out(struct arc4_ctx *ctx);
void arc4_crypt(struct arc4_ctx *ctx,
uint8_t *obuf, const uint8_t *ibuf, size_t buflen);
void arc4_crypt_buffer(const uint8_t *key, size_t keylen,
uint8_t *buf, size_t buflen);
void arc4_nonce(uint8_t *nonce, size_t noncelen, void *seed, size_t seedlen);
#endif

View File

@ -1,64 +0,0 @@
#define _GNU_SOURCE
#include <stdio.h>
#include <stdint.h>
#include <limits.h>
#include "token.h"
#include "arc4.h"
#ifndef CTF_BASE
#define CTF_BASE "/var/lib/ctf"
#endif
ssize_t
write_token(FILE *out,
const char *name,
const uint8_t *key, size_t keylen)
{
char *base;
char path[PATH_MAX];
int pathlen;
FILE *f;
ssize_t ret;
base = getenv("CTF_BASE");
if (! base) base = CTF_BASE;
pathlen = snprintf(path, sizeof(path) - 1,
"%s/tokens/%s", base, name);
path[pathlen] = '\0';
f = fopen(path, "r");
if (NULL == f) return -1;
ret = arc4_decrypt_stream(out, f, key, keylen);
fclose(f);
return ret;
}
ssize_t
print_token(const char *name,
const uint8_t *key, size_t keylen)
{
return write_token(stdout, name, key, keylen);
}
ssize_t
get_token(char *buf, size_t buflen,
const char *name,
const uint8_t *key, size_t keylen)
{
FILE *f;
ssize_t l;
f = fmemopen(buf, buflen, "w");
if (! f) return -1;
l = write_token(f, name, key, keylen);
fclose(f);
if (-1 == l) return -1;
while ('\n' == buf[l-1]) l -= 1;
buf[l-1] = '\0';
return l;
}

View File

@ -1,19 +0,0 @@
#ifndef __TOKEN_H__
#define __TOKEN_H__
#define TOKEN_MAX 50
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
ssize_t write_token(FILE *out,
const char *name,
const uint8_t *key, size_t keylen);
ssize_t print_token(const char *name,
const uint8_t *key, size_t keylen);
ssize_t get_token(char *buf, size_t buflen,
const char *name,
const uint8_t *key, size_t keylen);
#endif