char* encrypt(rsa_packet * packet, char *public_key, char *plaintext){
gcry_error_t error;
gcry_mpi_t r_mpi;
if ((error = gcry_mpi_scan(&r_mpi, GCRYMPI_FMT_HEX, plaintext, 0, NULL))) {
printf("Error in gcry_mpi_scan() in encrypt(): %s\nSource: %s\n", gcry_strerror(error), gcry_strsource(error));
exit(1);
}
gcry_sexp_t data;
size_t erroff;
if ((error = gcry_sexp_build(&data, &erroff, "(data (flags raw) (value %m))", r_mpi))) {
printf("Error in gcry_sexp_build() in encrypt() at %ld: %s\nSource: %s\n", erroff, gcry_strerror(error), gcry_strsource(error));
exit(1);
}
gcry_sexp_t public_sexp = sexp_new(public_key);
gcry_sexp_t r_ciph;
struct timeval timer;
timer_start(&timer);
if ((error = gcry_pk_encrypt(&r_ciph, data, public_sexp))) {
printf("Error in gcry_pk_encrypt(): %s\nSource: %s\n", gcry_strerror(error), gcry_strsource(error));
exit(1);
}
timer_poll("\nSoftware encrypt: %d.%06d seconds\n", &timer);
gcry_sexp_t cipher_sexp = gcry_sexp_cdr(gcry_sexp_find_token(r_ciph, "a", 1));
gcry_mpi_t cipher_mpi = gcry_sexp_nth_mpi(cipher_sexp, 0, GCRYMPI_FMT_USG);
gcry_mpi_print(GCRYMPI_FMT_USG, packet->ciphertext, 256, &packet->cipher_len, cipher_mpi);
return sexp_string(r_ciph);
}
GNUNET_CRYPTO_random_init ()
{
gcry_error_t rc;
if (! gcry_check_version (NEED_LIBGCRYPT_VERSION))
{
FPRINTF (stderr,
_("libgcrypt has not the expected version (version %s is required).\n"),
NEED_LIBGCRYPT_VERSION);
GNUNET_assert (0);
}
if ((rc = gcry_control (GCRYCTL_DISABLE_SECMEM, 0)))
FPRINTF (stderr,
"Failed to set libgcrypt option %s: %s\n",
"DISABLE_SECMEM",
gcry_strerror (rc));
/* Otherwise gnunet-ecc takes forever to complete, besides
we are fine with "just" using GCRY_STRONG_RANDOM */
if ((rc = gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0)))
FPRINTF (stderr,
"Failed to set libgcrypt option %s: %s\n",
"ENABLE_QUICK_RANDOM",
gcry_strerror (rc));
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
gcry_fast_random_poll ();
GNUNET_CRYPTO_seed_weak_random (time (NULL) ^
GNUNET_CRYPTO_random_u32
(GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX));
}
char* sign(char *private_key, char *document){
gcry_error_t error;
gcry_mpi_t r_mpi;
if ((error = gcry_mpi_scan(&r_mpi, GCRYMPI_FMT_HEX, document, 0, NULL))) {
printf("Error in gcry_mpi_scan() in encrypt(): %s\nSource: %s\n", gcry_strerror(error), gcry_strsource(error));
exit(1);
}
gcry_sexp_t data;
size_t erroff;
if ((error = gcry_sexp_build(&data, &erroff, "(data (flags raw) (value %m))", r_mpi))) {
printf("Error in gcry_sexp_build() in sign() at %ld: %s\nSource: %s\n", erroff, gcry_strerror(error), gcry_strsource(error));
exit(1);
}
gcry_sexp_t private_sexp = sexp_new(private_key);
gcry_sexp_t r_sig;
struct timeval timer;
timer_start(&timer);
if ((error = gcry_pk_sign(&r_sig, data, private_sexp))) {
printf("Error in gcry_pk_sign(): %s\nSource: %s\n", gcry_strerror(error), gcry_strsource(error));
exit(1);
}
timer_poll("libgcrypt Sign: %d.%06d seconds\n", &timer);
return sexp_string(r_sig);
}
char* decrypt(char *private_key, char *ciphertext){
gcry_error_t error;
gcry_sexp_t data = sexp_new(ciphertext);
gcry_sexp_t private_sexp = sexp_new(private_key);
gcry_sexp_t r_plain;
struct timeval timer;
timer_start(&timer);
if ((error = gcry_pk_decrypt(&r_plain, data, private_sexp))) {
printf("Error in gcry_pk_decrypt(): %s\nSource: %s\n", gcry_strerror(error), gcry_strsource(error));
exit(1);
}
timer_poll("\nSoftware decrypt: %d.%06d seconds\n", &timer);
gcry_mpi_t r_mpi = gcry_sexp_nth_mpi(r_plain, 0, GCRYMPI_FMT_USG);
unsigned char *plaintext;
size_t plaintext_size;
if ((error = gcry_mpi_aprint(GCRYMPI_FMT_HEX, &plaintext, &plaintext_size, r_mpi))) {
printf("Error in gcry_mpi_aprint(): %s\nSource: %s\n", gcry_strerror(error), gcry_strsource(error));
exit(1);
}
// Return type hack
return (char *) plaintext;
}
static void
get_dsa_key_fips186_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
{
gcry_sexp_t key_spec, key, pub_key, sec_key;
int rc;
rc = gcry_sexp_new
(&key_spec, "(genkey (dsa (nbits 4:1024)(use-fips186)))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
rc = gcry_pk_genkey (&key, key_spec);
gcry_sexp_release (key_spec);
if (rc)
die ("error generating DSA key: %s\n", gcry_strerror (rc));
if (verbose > 1)
show_sexp ("generated DSA key (fips 186):\n", key);
pub_key = gcry_sexp_find_token (key, "public-key", 0);
if (!pub_key)
die ("public part missing in key\n");
sec_key = gcry_sexp_find_token (key, "private-key", 0);
if (!sec_key)
die ("private part missing in key\n");
gcry_sexp_release (key);
*pkey = pub_key;
*skey = sec_key;
}
char * get_hmac(char * cipher, char * key, size_t length){
/* Generating hmac from the encrypted content
GCRY_MD_SHA512 - Algo
flags or of GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC
indicating that its secure mode and we need HMAC
*/
gcry_error_t err;
gcry_md_hd_t hm;
err = gcry_md_open(&hm, GCRY_MD_SHA512, GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC);
if(err != GPG_ERR_NO_ERROR){
printf ("Error at opening handle for hmac: %s\n",gcry_strerror(err));
exit(-1);
}
err = gcry_md_enable(hm,GCRY_MD_SHA512);
err = gcry_md_setkey(hm, key,KEYLENGTH_SHA );
if(err != GPG_ERR_NO_ERROR){
printf ("Error at setting key: %s\n",gcry_strerror(err));
exit(-1);
}
// generating the HMAC using the cipher text
gcry_md_write(hm,cipher,length);
gcry_md_final(hm);
// printf("\nlength: %lu\n",length);
char * hmac;
hmac = gcry_md_read(hm , GCRY_MD_SHA512 );
if(hmac == NULL ){
printf ("hmac null ?\n");
// exit(-1);
}
// print_buf(hmac,64); // debug
// printf("hmac length : %lu\n",strlen(hmac)); // debug to check hmac length should be 64
return hmac;
}
static void
get_elg_key_new (gcry_sexp_t *pkey, gcry_sexp_t *skey, int fixed_x)
{
gcry_sexp_t key_spec, key, pub_key, sec_key;
int rc;
rc = gcry_sexp_new
(&key_spec,
(fixed_x
? "(genkey (elg (nbits 4:1024)(xvalue my.not-so-secret.key)))"
: "(genkey (elg (nbits 3:512)))"),
0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
rc = gcry_pk_genkey (&key, key_spec);
gcry_sexp_release (key_spec);
if (rc)
die ("error generating Elgamal key: %s\n", gcry_strerror (rc));
if (verbose > 1)
show_sexp ("generated ELG key:\n", key);
pub_key = gcry_sexp_find_token (key, "public-key", 0);
if (!pub_key)
die ("public part missing in key\n");
sec_key = gcry_sexp_find_token (key, "private-key", 0);
if (!sec_key)
die ("private part missing in key\n");
gcry_sexp_release (key);
*pkey = pub_key;
*skey = sec_key;
}
short verify(char *public_key, char *document, char *signature){
gcry_error_t error;
gcry_mpi_t r_mpi;
if ((error = gcry_mpi_scan(&r_mpi, GCRYMPI_FMT_HEX, document, 0, NULL))) {
printf("Error in gcry_mpi_scan() in encrypt(): %s\nSource: %s\n", gcry_strerror(error), gcry_strsource(error));
exit(1);
}
gcry_sexp_t data;
size_t erroff;
if ((error = gcry_sexp_build(&data, &erroff, "(data (flags raw) (value %m))", r_mpi))) {
printf("Error in gcry_sexp_build() in sign() at %ld: %s\nSource: %s\n", erroff, gcry_strerror(error), gcry_strsource(error));
exit(1);
}
gcry_sexp_t sig = sexp_new(signature);
gcry_sexp_t public_sexp = sexp_new(public_key);
short good_sig = 1;
struct timeval timer;
timer_start(&timer);
if ((error = gcry_pk_verify(sig, data, public_sexp))) {
if (gcry_err_code(error) != GPG_ERR_BAD_SIGNATURE) {
printf("Error in gcry_pk_verify(): %s\nSource: %s\n", gcry_strerror(error), gcry_strsource(error));
exit(1);
}
good_sig = 0;
}
timer_poll("libgcrypt Verify: %d.%06d seconds\n", &timer);
return good_sig;
}
static void
check_keys (gcry_sexp_t pkey, gcry_sexp_t skey, unsigned int nbits_data,
gpg_err_code_t decrypt_fail_code)
{
gcry_sexp_t plain;
gcry_mpi_t x;
int rc;
/* Create plain text. */
x = gcry_mpi_new (nbits_data);
gcry_mpi_randomize (x, nbits_data, GCRY_WEAK_RANDOM);
rc = gcry_sexp_build (&plain, NULL, "(data (flags raw) (value %m))", x);
if (rc)
die ("converting data for encryption failed: %s\n",
gcry_strerror (rc));
check_keys_crypt (pkey, skey, plain, decrypt_fail_code);
gcry_sexp_release (plain);
gcry_mpi_release (x);
/* Create plain text. */
x = gcry_mpi_new (nbits_data);
gcry_mpi_randomize (x, nbits_data, GCRY_WEAK_RANDOM);
rc = gcry_sexp_build (&plain, NULL,
"(data (flags raw no-blinding) (value %m))", x);
gcry_mpi_release (x);
if (rc)
die ("converting data for encryption failed: %s\n",
gcry_strerror (rc));
check_keys_crypt (pkey, skey, plain, decrypt_fail_code);
gcry_sexp_release (plain);
}
static int tagcrypt_key_gen (gcry_sexp_t *key_pair, int size)
{
gcry_sexp_t param;
gcry_error_t err;
err = gcry_sexp_build (¶m, NULL, "(6:genkey(3:rsa(5:nbits%d)))", size);
if (err) {
GCRY_CRITICAL (gcry_strerror (err));
goto ERR;
}
err = gcry_pk_genkey (key_pair, param);
if (err) {
GCRY_CRITICAL (gcry_strerror (err));
goto ERR;
}
gcry_sexp_release(param);
return 0;
ERR:
if (param) gcry_sexp_release (param);
return -1;
}
void print_gcrypt_err(gcry_error_t err){
if ( err )
{
fprintf ( stderr, "Failure: %s/%s\n",
gcry_strsource ( err ),
gcry_strerror ( err ) );
fprintf ( stdout, "Failure: %s/%s\n",
gcry_strsource ( err ),
gcry_strerror ( err ) );
}
}
int qcrypto_hmac_bytesv(QCryptoHmac *hmac,
const struct iovec *iov,
size_t niov,
uint8_t **result,
size_t *resultlen,
Error **errp)
{
QCryptoHmacGcrypt *ctx;
gcry_error_t err;
uint32_t ret;
int i;
ctx = hmac->opaque;
for (i = 0; i < niov; i++) {
gcry_mac_write(ctx->handle, iov[i].iov_base, iov[i].iov_len);
}
ret = gcry_mac_get_algo_maclen(qcrypto_hmac_alg_map[hmac->alg]);
if (ret <= 0) {
error_setg(errp, "Unable to get hmac length: %s",
gcry_strerror(ret));
return -1;
}
if (*resultlen == 0) {
*resultlen = ret;
*result = g_new0(uint8_t, *resultlen);
} else if (*resultlen != ret) {
error_setg(errp, "Result buffer size %zu is smaller than hmac %d",
*resultlen, ret);
return -1;
}
err = gcry_mac_read(ctx->handle, *result, resultlen);
if (err != 0) {
error_setg(errp, "Cannot get result: %s",
gcry_strerror(err));
return -1;
}
err = gcry_mac_reset(ctx->handle);
if (err != 0) {
error_setg(errp, "Cannot reset hmac context: %s",
gcry_strerror(err));
return -1;
}
return 0;
}
static libspectrum_error
serialise_mpis( libspectrum_byte **signature, size_t *signature_length,
gcry_mpi_t r, gcry_mpi_t s )
{
gcry_error_t error;
size_t length, length_s;
unsigned char *ptr;
error = gcry_mpi_print( GCRYMPI_FMT_PGP, NULL, 0, &length, r );
if( error ) {
libspectrum_print_error( LIBSPECTRUM_ERROR_LOGIC,
"serialise_mpis: length of r: %s",
gcry_strerror( error ) );
return LIBSPECTRUM_ERROR_LOGIC;
}
error = gcry_mpi_print( GCRYMPI_FMT_PGP, NULL, 0, &length_s, s );
if( error ) {
libspectrum_print_error( LIBSPECTRUM_ERROR_LOGIC,
"serialise_mpis: length of s: %s",
gcry_strerror( error ) );
return LIBSPECTRUM_ERROR_LOGIC;
}
length += length_s; *signature_length = length;
*signature = libspectrum_malloc( length );
error = gcry_mpi_print( GCRYMPI_FMT_PGP, *signature, length, &length, r );
if( error ) {
libspectrum_print_error( LIBSPECTRUM_ERROR_LOGIC,
"serialise_mpis: printing r: %s",
gcry_strerror( error ) );
libspectrum_free( *signature );
return LIBSPECTRUM_ERROR_LOGIC;
}
ptr = *signature + length; length = *signature_length - length;
error = gcry_mpi_print( GCRYMPI_FMT_PGP, ptr, length, NULL, s );
if( error ) {
libspectrum_print_error( LIBSPECTRUM_ERROR_LOGIC,
"serialise_mpis: printing s: %s",
gcry_strerror( error ) );
libspectrum_free( *signature );
return LIBSPECTRUM_ERROR_LOGIC;
}
return LIBSPECTRUM_ERROR_NONE;
}
static int
initCrypt(FILE *eifp)
{
int r = 0;
gcry_error_t gcryError;
char iv[4096];
blkLength = gcry_cipher_get_algo_blklen(cry_algo);
if(blkLength > sizeof(iv)) {
fprintf(stderr, "internal error[%s:%d]: block length %d too large for "
"iv buffer\n", __FILE__, __LINE__, blkLength);
r = 1; goto done;
}
if((r = eiGetIV(eifp, iv, blkLength)) != 0) goto done;
size_t keyLength = gcry_cipher_get_algo_keylen(cry_algo);
if(strlen(cry_key) != keyLength) {
fprintf(stderr, "invalid key length; key is %u characters, but "
"exactly %u characters are required\n", cry_keylen,
keyLength);
r = 1; goto done;
}
gcryError = gcry_cipher_open(&gcry_chd, cry_algo, cry_mode, 0);
if (gcryError) {
printf("gcry_cipher_open failed: %s/%s\n",
gcry_strsource(gcryError),
gcry_strerror(gcryError));
r = 1; goto done;
}
gcryError = gcry_cipher_setkey(gcry_chd, cry_key, keyLength);
if (gcryError) {
printf("gcry_cipher_setkey failed: %s/%s\n",
gcry_strsource(gcryError),
gcry_strerror(gcryError));
r = 1; goto done;
}
gcryError = gcry_cipher_setiv(gcry_chd, iv, blkLength);
if (gcryError) {
printf("gcry_cipher_setiv failed: %s/%s\n",
gcry_strsource(gcryError),
gcry_strerror(gcryError));
r = 1; goto done;
}
done: return r;
}
static gboolean remmina_crypt_init(gcry_cipher_hd_t *phd)
{
guchar* secret;
gcry_error_t err;
gsize secret_len;
secret = g_base64_decode(remmina_pref.secret, &secret_len);
if (secret_len < 32)
{
g_print("secret corrupted\n");
g_free(secret);
return FALSE;
}
err = gcry_cipher_open(phd, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
if (err)
{
g_print("gcry_cipher_open failure: %s\n", gcry_strerror(err));
g_free(secret);
return FALSE;
}
err = gcry_cipher_setkey((*phd), secret, 24);
if (err)
{
g_print("gcry_cipher_setkey failure: %s\n", gcry_strerror(err));
g_free(secret);
gcry_cipher_close((*phd));
return FALSE;
}
err = gcry_cipher_setiv((*phd), secret + 24, 8);
if (err)
{
g_print("gcry_cipher_setiv failure: %s\n", gcry_strerror(err));
g_free(secret);
gcry_cipher_close((*phd));
return FALSE;
}
g_free(secret);
return TRUE;
}
/**
* @brief derive the cryptographic key and IV for a given (Elektra) Key k
* @param config KeySet holding the plugin/backend configuration
* @param errorKey holds an error description in case of failure
* @param masterKey holds the decrypted master password from the plugin configuration
* @param k the (Elektra)-Key to be encrypted
* @param cKey (Elektra)-Key holding the cryptographic material
* @param cIv (Elektra)-Key holding the initialization vector
* @retval -1 on failure. errorKey holds the error description.
* @retval 1 on success
*/
static int getKeyIvForDecryption (KeySet * config, Key * errorKey, Key * masterKey, Key * k, Key * cKey, Key * cIv)
{
gcry_error_t gcry_err;
kdb_octet_t keyBuffer[KEY_BUFFER_SIZE];
kdb_octet_t * saltBuffer = NULL;
kdb_unsigned_long_t saltBufferLen = 0;
ELEKTRA_ASSERT (masterKey != NULL, "Parameter `masterKey` must not be NULL");
// get the salt
if (CRYPTO_PLUGIN_FUNCTION (getSaltFromPayload) (errorKey, k, &saltBuffer, &saltBufferLen) != 1)
{
return -1; // error set by CRYPTO_PLUGIN_FUNCTION(getSaltFromPayload)()
}
// get the iteration count
const kdb_unsigned_long_t iterations = CRYPTO_PLUGIN_FUNCTION (getIterationCount) (errorKey, config);
// derive the cryptographic key and the IV
if ((gcry_err = gcry_kdf_derive (keyValue (masterKey), keyGetValueSize (masterKey), GCRY_KDF_PBKDF2, GCRY_MD_SHA512, saltBuffer,
saltBufferLen, iterations, KEY_BUFFER_SIZE, keyBuffer)))
{
ELEKTRA_SET_ERRORF (ELEKTRA_ERROR_CRYPTO_INTERNAL_ERROR, errorKey,
"Failed to restore the cryptographic key for decryption because: %s", gcry_strerror (gcry_err));
return -1;
}
keySetBinary (cKey, keyBuffer, ELEKTRA_CRYPTO_GCRY_KEYSIZE);
keySetBinary (cIv, keyBuffer + ELEKTRA_CRYPTO_GCRY_KEYSIZE, ELEKTRA_CRYPTO_GCRY_BLOCKSIZE);
return 1;
}
/** \brief Decipher Data
*
* @param dst_len The destination buffer length.
* It MUST be greated than or equal to src_len.
* @return the plain text length used in the destination buffer, or -1 if an
* error occured (e.g. invalid padding in the resulting plain text)
*/
ssize_t skey_ciph_t::decipher( const skey_ciph_iv_t & iv, const void *src_ptr
, size_t src_len, void *dst_ptr, size_t dst_len )
throw()
{
// sanity check - the key_data MUST be initialized, so init_key() MUST have been called
DBG_ASSERT( !key_datum.is_null() );
// copy the src buffer to the destination
DBG_ASSERT( dst_len >= src_len );
memcpy( dst_ptr, src_ptr, src_len );
// set the iv
set_iv( iv );
// does the encrypt itself
gcry_error_t err;
err = gcry_cipher_decrypt(gcry_cipher_hd, (unsigned char *)dst_ptr, src_len, NULL, 0 );
if( err ){
KLOG_ERR("gcry_cipher_decrypt failed due to " << gcry_strerror(err) );
return -1;
}
// parse the padding
ssize_t padding_len = padding_parse( dst_ptr, src_len );
// if the padding is invalid, return -1
if( padding_len == -1 ) return -1;
// return the plain text length aka src_len - padding_len
return src_len - padding_len;
}
static gboolean
read_public_dsa (EggBuffer *req, gsize *offset, gcry_sexp_t *sexp)
{
gcry_mpi_t p, q, g, y;
int gcry;
if (!read_mpi (req, offset, &p) ||
!read_mpi (req, offset, &q) ||
!read_mpi (req, offset, &g) ||
!read_mpi (req, offset, &y))
return FALSE;
gcry = gcry_sexp_build (sexp, NULL, SEXP_PUBLIC_DSA, p, q, g, y);
if (gcry) {
g_warning ("couldn't parse incoming public DSA key: %s", gcry_strerror (gcry));
return FALSE;
}
gcry_mpi_release (p);
gcry_mpi_release (q);
gcry_mpi_release (g);
gcry_mpi_release (y);
return TRUE;
}
gchar* remmina_crypt_decrypt(const gchar *str)
{
guchar* buf;
gsize buf_len;
gcry_error_t err;
gcry_cipher_hd_t hd;
if (!str || str[0] == '\0')
return NULL;
if (!remmina_crypt_init(&hd))
return NULL;
buf = g_base64_decode(str, &buf_len);
err = gcry_cipher_decrypt(hd, buf, buf_len, NULL, 0);
if (err)
{
g_print("gcry_cipher_decrypt failure: %s\n", gcry_strerror(err));
g_free(buf);
gcry_cipher_close(hd);
return NULL;
}
gcry_cipher_close(hd);
/* Just in case */
buf[buf_len - 1] = '\0';
return (gchar*) buf;
}
gcry_cipher_hd_t
gkm_aes_key_get_cipher (GkmAesKey *self, int mode)
{
gcry_cipher_hd_t cih;
gcry_error_t gcry;
int algorithm;
g_return_val_if_fail (GKM_IS_AES_KEY (self), NULL);
algorithm = algorithm_for_length (self->n_value);
g_return_val_if_fail (algorithm != 0, NULL);
gcry = gcry_cipher_open (&cih, algorithm, mode, 0);
if (gcry != 0) {
g_warning ("couldn't open %s cipher: %s",
gcry_cipher_algo_name (algorithm), gcry_strerror (gcry));
return NULL;
}
/* Setup the key */
gcry = gcry_cipher_setkey (cih, self->value, self->n_value);
g_return_val_if_fail (gcry == 0, NULL);
return cih;
}
/* Implementation of SHA1-HMAC. We're rolling our own just to
* double-check that the calls libotr makes to libgcrypt are in fact
* doing the right thing. */
void sha1hmac(unsigned char digest[20], unsigned char key[20],
unsigned char *data, size_t datalen)
{
unsigned char ipad[64], opad[64];
size_t i;
gcry_md_hd_t sha1;
gcry_error_t err;
unsigned char hash[20];
memset(ipad, 0, 64);
memset(opad, 0, 64);
memmove(ipad, key, 20);
memmove(opad, key, 20);
for(i=0;i<64;++i) {
ipad[i] ^= 0x36;
opad[i] ^= 0x5c;
}
err = gcry_md_open(&sha1, GCRY_MD_SHA1, 0);
if (err) {
fprintf(stderr, "Error: %s\n", gcry_strerror(err));
exit(1);
}
gcry_md_write(sha1, ipad, 64);
gcry_md_write(sha1, data, datalen);
memmove(hash, gcry_md_read(sha1, 0), 20);
gcry_md_reset(sha1);
gcry_md_write(sha1, opad, 64);
gcry_md_write(sha1, hash, 20);
memmove(digest, gcry_md_read(sha1, 0), 20);
gcry_md_close(sha1);
}
static void
get_keys_sample (gcry_sexp_t *pkey, gcry_sexp_t *skey, int secret_variant)
{
gcry_sexp_t pub_key, sec_key;
int rc;
static const char *secret;
switch (secret_variant)
{
case 0: secret = sample_private_key_1; break;
case 1: secret = sample_private_key_1_1; break;
case 2: secret = sample_private_key_1_2; break;
default: die ("BUG\n");
}
rc = gcry_sexp_sscan (&pub_key, NULL, sample_public_key_1,
strlen (sample_public_key_1));
if (!rc)
rc = gcry_sexp_sscan (&sec_key, NULL, secret, strlen (secret));
if (rc)
die ("converting sample keys failed: %s\n", gcry_strerror (rc));
*pkey = pub_key;
*skey = sec_key;
}
/**
* Verify whether the given hash corresponds to the given signature and the
* signature is valid with respect to the given public key.
*
* @param hash hash of the message to verify to match the @a sig
* @param sig signature that is being validated
* @param public_key public key of the signer
* @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
*/
int
GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
const struct GNUNET_CRYPTO_rsa_Signature *sig,
const struct GNUNET_CRYPTO_rsa_PublicKey *public_key)
{
gcry_sexp_t data;
int rc;
data = data_to_sexp (hash,
sizeof (struct GNUNET_HashCode));
rc = gcry_pk_verify (sig->sexp,
data,
public_key->sexp);
gcry_sexp_release (data);
if (0 != rc)
{
LOG (GNUNET_ERROR_TYPE_WARNING,
_("RSA signature verification failed at %s:%d: %s\n"),
__FILE__,
__LINE__,
gcry_strerror (rc));
return GNUNET_SYSERR;
}
return GNUNET_OK;
}
/*
* Load instance tags.
*/
static void instag_load(struct otr_user_state *ustate)
{
int ret;
char *filename;
gcry_error_t err;
assert(ustate);
/* Getting the otr instance filename path */
ret = asprintf(&filename, "%s%s", get_client_config_dir(),
OTR_INSTAG_FILE);
if (ret < 0) {
goto error_filename;
}
ret = access(filename, F_OK);
if (ret < 0) {
IRSSI_DEBUG("no instance tags found at %9%s%9", filename);
goto end;
}
err = otrl_instag_read(ustate->otr_state, filename);
if (err == GPG_ERR_NO_ERROR) {
IRSSI_DEBUG("Instance tags loaded from %9%s%9", filename);
} else {
IRSSI_DEBUG("Error loading instance tags: %d (%d)",
gcry_strerror(err), gcry_strsource(err));
}
end:
free(filename);
error_filename:
return;
}
libspectrum_error
libspectrum_verify_signature( libspectrum_signature *signature,
libspectrum_rzx_dsa_key *key )
{
libspectrum_error error;
gcry_error_t gcrypt_error;
gcry_sexp_t hash, key_sexp, signature_sexp;
error = get_hash( &hash, signature->start, signature->length );
if( error ) return error;
error = create_key( &key_sexp, key, 0 );
if( error ) { gcry_sexp_release( hash ); return error; }
error = gcry_sexp_build( &signature_sexp, NULL, signature_format,
signature->r, signature->s );
if( error ) {
libspectrum_print_error(
LIBSPECTRUM_ERROR_LOGIC,
"create_signature: error building signature sexp: %s",
gcry_strerror( error )
);
gcry_sexp_release( key_sexp ); gcry_sexp_release( hash );
return LIBSPECTRUM_ERROR_LOGIC;
}
gcrypt_error = gcry_pk_verify( signature_sexp, hash, key_sexp );
gcry_sexp_release( signature_sexp );
gcry_sexp_release( key_sexp ); gcry_sexp_release( hash );
if( gcrypt_error ) {
if( gcry_err_code( gcrypt_error ) == GPG_ERR_BAD_SIGNATURE ) {
return LIBSPECTRUM_ERROR_SIGNATURE;
} else {
libspectrum_print_error(
LIBSPECTRUM_ERROR_LOGIC,
"libgcrypt error verifying signature: %s",
gcry_strerror( gcrypt_error )
);
return LIBSPECTRUM_ERROR_LOGIC;
}
}
return LIBSPECTRUM_ERROR_NONE;
}
CK_RV
gkm_dsa_mechanism_sign (gcry_sexp_t sexp, CK_BYTE_PTR data, CK_ULONG n_data,
CK_BYTE_PTR signature, CK_ULONG_PTR n_signature)
{
gcry_sexp_t ssig, splain;
gcry_error_t gcry;
gcry_mpi_t mpi;
CK_ULONG size;
CK_RV rv;
g_return_val_if_fail (sexp, CKR_GENERAL_ERROR);
g_return_val_if_fail (n_signature, CKR_ARGUMENTS_BAD);
g_return_val_if_fail (data, CKR_ARGUMENTS_BAD);
if (n_data != 20)
return CKR_DATA_LEN_RANGE;
/* If no output, then don't process */
if (!signature) {
*n_signature = 40;
return CKR_OK;
} else if (*n_signature < 40) {
*n_signature = 40;
return CKR_BUFFER_TOO_SMALL;
}
/* Prepare the input s-expression */
gcry = gcry_mpi_scan (&mpi, GCRYMPI_FMT_USG, data, n_data, NULL);
g_return_val_if_fail (gcry == 0, CKR_GENERAL_ERROR);
gcry = gcry_sexp_build (&splain, NULL, "(data (flags raw) (value %m))", mpi);
gcry_mpi_release (mpi);
g_return_val_if_fail (gcry == 0, CKR_GENERAL_ERROR);
/* Do the magic */
gcry = gcry_pk_sign (&ssig, splain, sexp);
gcry_sexp_release (splain);
/* TODO: Certain codes should be returned (data too big etc... ) */
if (gcry) {
g_message ("signing of the data failed: %s", gcry_strerror (gcry));
return CKR_FUNCTION_FAILED;
}
g_assert (*n_signature >= 40);
size = 20;
rv = gkm_crypto_sexp_to_data (ssig, 20 * 8, signature, &size, NULL, "dsa", "r", NULL);
if (rv == CKR_OK) {
g_return_val_if_fail (size == 20, CKR_GENERAL_ERROR);
rv = gkm_crypto_sexp_to_data (ssig, 20 * 8, signature + 20, &size, NULL, "dsa", "s", NULL);
if (rv == CKR_OK) {
g_return_val_if_fail (size == 20, CKR_GENERAL_ERROR);
*n_signature = 40;
}
}
gcry_sexp_release (ssig);
return CKR_OK;
}
void print_gcry_error(const char* message, const gcry_error_t* error)
{
printf("%s: [%d] %s - %s\n",
message,
gcry_err_code(*error),
gcry_strerror(*error),
gcry_strsource(*error));
}
int elektraCryptoGcryHandleCreate(elektraCryptoHandle **handle, KeySet *config, Key *errorKey)
{
gcry_error_t gcry_err;
unsigned char keyBuffer[64], ivBuffer[64];
size_t keyLength, ivLength;
(*handle) = NULL;
// retrieve keys from configuration
Key *key = elektraCryptoReadParamKey(config, errorKey);
Key *iv = elektraCryptoReadParamIv(config, errorKey);
if (key == NULL || iv == NULL)
{
return (-1);
}
keyLength = keyGetBinary(key, keyBuffer, sizeof(keyBuffer));
ivLength = keyGetBinary(iv, ivBuffer, sizeof(ivBuffer));
// create the handle
(*handle) = elektraMalloc(sizeof(elektraCryptoHandle));
if (*handle == NULL)
{
memset(keyBuffer, 0, sizeof(keyBuffer));
memset(ivBuffer, 0, sizeof(ivBuffer));
ELEKTRA_SET_ERROR(87, errorKey, "Memory allocation failed");
return (-1);
}
if ((gcry_err = gcry_cipher_open(*handle, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 0)) != 0)
{
goto error;
}
if ((gcry_err = gcry_cipher_setkey(**handle, keyBuffer, keyLength)) != 0)
{
goto error;
}
if ((gcry_err = gcry_cipher_setiv(**handle, ivBuffer, ivLength)) != 0)
{
goto error;
}
memset(keyBuffer, 0, sizeof(keyBuffer));
memset(ivBuffer, 0, sizeof(ivBuffer));
return 1;
error:
memset(keyBuffer, 0, sizeof(keyBuffer));
memset(ivBuffer, 0, sizeof(ivBuffer));
ELEKTRA_SET_ERRORF(130, errorKey, "Failed to create handle because: %s", gcry_strerror(gcry_err));
gcry_cipher_close(**handle);
elektraFree(*handle);
(*handle) = NULL;
return (-1);
}
/* Read the block begin metadata and set our state variables accordingly. Can also
* be used to init the first block in write case.
*/
static rsRetVal
rsgcryBlkBegin(gcryfile gf)
{
gcry_error_t gcryError;
uchar *iv = NULL;
DEFiRet;
const char openMode = gf->openMode;
gcryError = gcry_cipher_open(&gf->chd, gf->ctx->algo, gf->ctx->mode, 0);
if (gcryError) {
DBGPRINTF("gcry_cipher_open failed: %s/%s\n",
gcry_strsource(gcryError), gcry_strerror(gcryError));
ABORT_FINALIZE(RS_RET_ERR);
}
gcryError = gcry_cipher_setkey(gf->chd, gf->ctx->key, gf->ctx->keyLen);
if (gcryError) {
DBGPRINTF("gcry_cipher_setkey failed: %s/%s\n",
gcry_strsource(gcryError), gcry_strerror(gcryError));
ABORT_FINALIZE(RS_RET_ERR);
}
if(openMode == 'r') {
readIV(gf, &iv);
readBlkEnd(gf);
} else {
seedIV(gf, &iv);
}
gcryError = gcry_cipher_setiv(gf->chd, iv, gf->blkLength);
if (gcryError) {
DBGPRINTF("gcry_cipher_setiv failed: %s/%s\n",
gcry_strsource(gcryError), gcry_strerror(gcryError));
ABORT_FINALIZE(RS_RET_ERR);
}
if(openMode == 'w') {
CHKiRet(eiOpenAppend(gf));
CHKiRet(eiWriteIV(gf, iv));
}
finalize_it:
free(iv);
RETiRet;
}
static gboolean
service_encode_aes_secret (SecretSession *session,
SecretValue *value,
GVariantBuilder *builder)
{
gcry_cipher_hd_t cih;
guchar *padded;
gsize n_padded, pos;
gcry_error_t gcry;
gpointer iv;
gconstpointer secret;
gsize n_secret;
GVariant *child;
g_variant_builder_add (builder, "o", session->path);
/* Create the cipher */
gcry = gcry_cipher_open (&cih, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
if (gcry != 0) {
g_warning ("couldn't create AES cipher: %s", gcry_strerror (gcry));
return FALSE;
}
secret = secret_value_get (value, &n_secret);
/* Perform the encoding here */
padded = pkcs7_pad_bytes_in_secure_memory (secret, n_secret, &n_padded);
g_assert (padded != NULL);
/* Setup the IV */
iv = g_malloc0 (16);
gcry_create_nonce (iv, 16);
gcry = gcry_cipher_setiv (cih, iv, 16);
g_return_val_if_fail (gcry == 0, FALSE);
/* Setup the key */
gcry = gcry_cipher_setkey (cih, session->key, session->n_key);
g_return_val_if_fail (gcry == 0, FALSE);
/* Perform the encryption */
for (pos = 0; pos < n_padded; pos += 16) {
gcry = gcry_cipher_encrypt (cih, (guchar*)padded + pos, 16, NULL, 0);
g_return_val_if_fail (gcry == 0, FALSE);
}
gcry_cipher_close (cih);
child = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), iv, 16, TRUE, g_free, iv);
g_variant_builder_add_value (builder, child);
child = g_variant_new_from_data (G_VARIANT_TYPE ("ay"), padded, n_padded, TRUE, egg_secure_free, padded);
g_variant_builder_add_value (builder, child);
g_variant_builder_add (builder, "s", secret_value_get_content_type (value));
return TRUE;
}
