From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- security/nss/cmd/pwdecrypt/Makefile | 45 +++++ security/nss/cmd/pwdecrypt/manifest.mn | 26 +++ security/nss/cmd/pwdecrypt/pwdecrypt.c | 330 +++++++++++++++++++++++++++++++ security/nss/cmd/pwdecrypt/pwdecrypt.gyp | 25 +++ 4 files changed, 426 insertions(+) create mode 100644 security/nss/cmd/pwdecrypt/Makefile create mode 100644 security/nss/cmd/pwdecrypt/manifest.mn create mode 100644 security/nss/cmd/pwdecrypt/pwdecrypt.c create mode 100644 security/nss/cmd/pwdecrypt/pwdecrypt.gyp (limited to 'security/nss/cmd/pwdecrypt') diff --git a/security/nss/cmd/pwdecrypt/Makefile b/security/nss/cmd/pwdecrypt/Makefile new file mode 100644 index 0000000000..265ea56015 --- /dev/null +++ b/security/nss/cmd/pwdecrypt/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include ../platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + + +include ../platrules.mk diff --git a/security/nss/cmd/pwdecrypt/manifest.mn b/security/nss/cmd/pwdecrypt/manifest.mn new file mode 100644 index 0000000000..51cb8c8f3c --- /dev/null +++ b/security/nss/cmd/pwdecrypt/manifest.mn @@ -0,0 +1,26 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +CORE_DEPTH = ../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = \ + pwdecrypt.c \ + $(NULL) + +# headers for the MODULE (defined above) are implicitly required. +REQUIRES = dbm seccmd + +# WINNT uses EXTRA_LIBS as the list of libs to link in. +# Unix uses OS_LIBS for that purpose. +# We can solve this via conditional makefile code, but +# can't do this in manifest.mn because OS_ARCH isn't defined there. +# So, look in the local Makefile for the defines for the list of libs. + +PROGRAM = pwdecrypt + +#USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/pwdecrypt/pwdecrypt.c b/security/nss/cmd/pwdecrypt/pwdecrypt.c new file mode 100644 index 0000000000..486486770f --- /dev/null +++ b/security/nss/cmd/pwdecrypt/pwdecrypt.c @@ -0,0 +1,330 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Test program for SDR (Secret Decoder Ring) functions. + */ + +#include "nspr.h" +#include "string.h" +#include "nss.h" +#include "secutil.h" +#include "cert.h" +#include "pk11func.h" +#include "nssb64.h" + +#include "plgetopt.h" +#include "pk11sdr.h" + +#define DEFAULT_VALUE "Test" + +static void +synopsis(char *program_name) +{ + PRFileDesc *pr_stderr; + + pr_stderr = PR_STDERR; + PR_fprintf(pr_stderr, + "Usage:\t%s [-i ] [-o ] [-d ]\n" + " \t[-l logfile] [-p pwd] [-f pwfile]\n", + program_name); +} + +static void +short_usage(char *program_name) +{ + PR_fprintf(PR_STDERR, + "Type %s -H for more detailed descriptions\n", + program_name); + synopsis(program_name); +} + +static void +long_usage(char *program_name) +{ + PRFileDesc *pr_stderr; + + pr_stderr = PR_STDERR; + synopsis(program_name); + PR_fprintf(pr_stderr, "\nDecode encrypted passwords (and other data).\n"); + PR_fprintf(pr_stderr, + "This program reads in standard configuration files looking\n" + "for base 64 encoded data. Data that looks like it's base 64 encode\n" + "is decoded an passed to the NSS SDR code. If the decode and decrypt\n" + "is successful, then decrypted data is outputted in place of the\n" + "original base 64 data. If the decode or decrypt fails, the original\n" + "data is written and the reason for failure is logged to the \n" + "optional logfile.\n"); + PR_fprintf(pr_stderr, + " %-13s Read stream including encrypted data from " + "\"read_file\"\n", + "-i read_file"); + PR_fprintf(pr_stderr, + " %-13s Write results to \"write_file\"\n", + "-o write_file"); + PR_fprintf(pr_stderr, + " %-13s Find security databases in \"dbdir\"\n", + "-d dbdir"); + PR_fprintf(pr_stderr, + " %-13s Log failed decrypt/decode attempts to \"log_file\"\n", + "-l log_file"); + PR_fprintf(pr_stderr, + " %-13s Token password\n", + "-p pwd"); + PR_fprintf(pr_stderr, + " %-13s Password file\n", + "-f pwfile"); +} + +/* + * base64 table only used to identify the end of a base64 string + */ +static unsigned char b64[256] = { + /* 00: */ 0, 0, 0, 0, 0, 0, 0, 0, + /* 08: */ 0, 0, 0, 0, 0, 0, 0, 0, + /* 10: */ 0, 0, 0, 0, 0, 0, 0, 0, + /* 18: */ 0, 0, 0, 0, 0, 0, 0, 0, + /* 20: */ 0, 0, 0, 0, 0, 0, 0, 0, + /* 28: */ 0, 0, 0, 1, 0, 0, 0, 1, + /* 30: */ 1, 1, 1, 1, 1, 1, 1, 1, + /* 38: */ 1, 1, 0, 0, 0, 0, 0, 0, + /* 40: */ 0, 1, 1, 1, 1, 1, 1, 1, + /* 48: */ 1, 1, 1, 1, 1, 1, 1, 1, + /* 50: */ 1, 1, 1, 1, 1, 1, 1, 1, + /* 58: */ 1, 1, 1, 0, 0, 0, 0, 0, + /* 60: */ 0, 1, 1, 1, 1, 1, 1, 1, + /* 68: */ 1, 1, 1, 1, 1, 1, 1, 1, + /* 70: */ 1, 1, 1, 1, 1, 1, 1, 1, + /* 78: */ 1, 1, 1, 0, 0, 0, 0, 0 +}; + +enum { + false = 0, + true = 1 +} bool; + +#define isatobchar(c) (b64[c]) + +#define MAX_STRING 8192 + +int +isBase64(char *inString) +{ + unsigned int i; + unsigned char c; + + for (i = 0; (c = inString[i]) != 0 && isatobchar(c); ++i) + ; + if (c == '=') { + while ((c = inString[++i]) == '=') + ; /* skip trailing '=' characters */ + } + if (c && c != '\n' && c != '\r') + return false; + if (i == 0 || i % 4) + return false; + return true; +} + +void +doDecrypt(char *dataString, FILE *outFile, FILE *logFile, secuPWData *pwdata) +{ + int strLen = strlen(dataString); + SECItem *decoded = NSSBase64_DecodeBuffer(NULL, NULL, dataString, strLen); + SECStatus rv; + int err; + SECItem result = { siBuffer, NULL, 0 }; + + if ((decoded == NULL) || (decoded->len == 0)) { + if (logFile) { + err = PORT_GetError(); + fprintf(logFile, "Base 64 decode failed on <%s>\n", dataString); + fprintf(logFile, " Error %d: %s\n", err, SECU_Strerror(err)); + } + fputs(dataString, outFile); + if (decoded) + SECITEM_FreeItem(decoded, PR_TRUE); + return; + } + + rv = PK11SDR_Decrypt(decoded, &result, pwdata); + SECITEM_ZfreeItem(decoded, PR_TRUE); + if (rv == SECSuccess) { + /* result buffer has no extra space for a NULL */ + fprintf(outFile, "Decrypted: \"%.*s\"\n", result.len, result.data); + SECITEM_ZfreeItem(&result, PR_FALSE); + return; + } + /* Encryption failed. output raw input. */ + if (logFile) { + err = PORT_GetError(); + fprintf(logFile, "SDR decrypt failed on <%s>\n", dataString); + fprintf(logFile, " Error %d: %s\n", err, SECU_Strerror(err)); + } + fputs(dataString, outFile); +} + +void +doDecode(char *dataString, FILE *outFile, FILE *logFile) +{ + int strLen = strlen(dataString + 1); + SECItem *decoded; + + decoded = NSSBase64_DecodeBuffer(NULL, NULL, dataString + 1, strLen); + if ((decoded == NULL) || (decoded->len == 0)) { + if (logFile) { + int err = PORT_GetError(); + fprintf(logFile, "Base 64 decode failed on <%s>\n", dataString + 1); + fprintf(logFile, " Error %d: %s\n", err, SECU_Strerror(err)); + } + fputs(dataString, outFile); + if (decoded) + SECITEM_FreeItem(decoded, PR_TRUE); + return; + } + fprintf(outFile, "Decoded: \"%.*s\"\n", decoded->len, decoded->data); + SECITEM_ZfreeItem(decoded, PR_TRUE); +} + +char dataString[MAX_STRING + 1]; + +int +main(int argc, char **argv) +{ + int retval = 0; /* 0 - test succeeded. -1 - test failed */ + SECStatus rv; + PLOptState *optstate; + char *program_name; + char *input_file = NULL; /* read encrypted data from here (or create) */ + char *output_file = NULL; /* write new encrypted data here */ + char *log_file = NULL; /* write new encrypted data here */ + FILE *inFile = stdin; + FILE *outFile = stdout; + FILE *logFile = NULL; + PLOptStatus optstatus; + secuPWData pwdata = { PW_NONE, NULL }; + + program_name = PL_strrchr(argv[0], '/'); + program_name = program_name ? (program_name + 1) : argv[0]; + + optstate = PL_CreateOptState(argc, argv, "Hd:f:i:o:l:p:?"); + if (optstate == NULL) { + SECU_PrintError(program_name, "PL_CreateOptState failed"); + return 1; + } + + while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { + switch (optstate->option) { + case '?': + short_usage(program_name); + return 1; + + case 'H': + long_usage(program_name); + return 1; + + case 'd': + SECU_ConfigDirectory(optstate->value); + break; + + case 'i': + input_file = PL_strdup(optstate->value); + break; + + case 'o': + output_file = PL_strdup(optstate->value); + break; + + case 'l': + log_file = PL_strdup(optstate->value); + break; + + case 'f': + pwdata.source = PW_FROMFILE; + pwdata.data = PL_strdup(optstate->value); + break; + + case 'p': + pwdata.source = PW_PLAINTEXT; + pwdata.data = PL_strdup(optstate->value); + break; + } + } + PL_DestroyOptState(optstate); + if (optstatus == PL_OPT_BAD) { + short_usage(program_name); + return 1; + } + + if (input_file) { + inFile = fopen(input_file, "r"); + if (inFile == NULL) { + perror(input_file); + return 1; + } + PR_Free(input_file); + } + if (output_file) { + outFile = fopen(output_file, "w+"); + if (outFile == NULL) { + perror(output_file); + return 1; + } + PR_Free(output_file); + } + if (log_file) { + if (log_file[0] == '-') + logFile = stderr; + else + logFile = fopen(log_file, "w+"); + if (logFile == NULL) { + perror(log_file); + return 1; + } + PR_Free(log_file); + } + + /* + * Initialize the Security libraries. + */ + PK11_SetPasswordFunc(SECU_GetModulePassword); + rv = NSS_Init(SECU_ConfigDirectory(NULL)); + if (rv != SECSuccess) { + SECU_PrintError(program_name, "NSS_Init failed"); + retval = 1; + goto prdone; + } + + /* Get the encrypted result, either from the input file + * or from encrypting the plaintext value + */ + while (fgets(dataString, sizeof dataString, inFile)) { + unsigned char c = dataString[0]; + + if (c == 'M' && isBase64(dataString)) { + doDecrypt(dataString, outFile, logFile, &pwdata); + } else if (c == '~' && isBase64(dataString + 1)) { + doDecode(dataString, outFile, logFile); + } else { + fputs(dataString, outFile); + } + } + if (pwdata.data) + PR_Free(pwdata.data); + + fclose(outFile); + fclose(inFile); + if (logFile && logFile != stderr) { + fclose(logFile); + } + + if (NSS_Shutdown() != SECSuccess) { + SECU_PrintError(program_name, "NSS_Shutdown failed"); + exit(1); + } + +prdone: + PR_Cleanup(); + return retval; +} diff --git a/security/nss/cmd/pwdecrypt/pwdecrypt.gyp b/security/nss/cmd/pwdecrypt/pwdecrypt.gyp new file mode 100644 index 0000000000..c3ae8eeb99 --- /dev/null +++ b/security/nss/cmd/pwdecrypt/pwdecrypt.gyp @@ -0,0 +1,25 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi', + '../../cmd/platlibs.gypi' + ], + 'targets': [ + { + 'target_name': 'pwdecrypt', + 'type': 'executable', + 'sources': [ + 'pwdecrypt.c' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:dbm_exports', + '<(DEPTH)/exports.gyp:nss_exports' + ] + } + ], + 'variables': { + 'module': 'nss' + } +} \ No newline at end of file -- cgit v1.2.3