struct aes256ctr* aes256ctr_init(const char *key)
{
struct aes256ctr *ac;
gcry_error_t err;
if (! (ac = gcry_malloc_secure(sizeof(struct aes256ctr))))
return NULL;
err = gcry_cipher_open(&ac->ch, GCRY_CIPHER_AES256,
GCRY_CIPHER_MODE_CTR, GCRY_CIPHER_SECURE);
if (gcry_err_code(err))
goto error;
err = gcry_cipher_setkey(ac->ch, key, CIPHER_KEY_SIZE);
if (gcry_err_code(err))
goto error;
err = gcry_cipher_setctr(ac->ch, NULL, 0);
if (gcry_err_code(err))
goto error;
ac->idx = CIPHER_BLOCK_SIZE;
return ac;
error:
gcry_free(ac);
return NULL;
}
int hmacsha256_init(gcry_md_hd_t *mh, const char *key, int len)
{
gcry_error_t err;
err = gcry_md_open(mh, GCRY_MD_SHA256,
GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE);
if (gcry_err_code(err))
return 0;
err = gcry_md_setkey(*mh, key, len);
return ! gcry_err_code(err);
}
short verify(char *public_key, char *document, char *signature){
gcry_error_t error;
gcry_mpi_t r_mpi;
if ((error = gcry_mpi_scan(&r_mpi, GCRYMPI_FMT_HEX, document, 0, NULL))) {
printf("Error in gcry_mpi_scan() in encrypt(): %s\nSource: %s\n", gcry_strerror(error), gcry_strsource(error));
exit(1);
}
gcry_sexp_t data;
size_t erroff;
if ((error = gcry_sexp_build(&data, &erroff, "(data (flags raw) (value %m))", r_mpi))) {
printf("Error in gcry_sexp_build() in sign() at %ld: %s\nSource: %s\n", erroff, gcry_strerror(error), gcry_strsource(error));
exit(1);
}
gcry_sexp_t sig = sexp_new(signature);
gcry_sexp_t public_sexp = sexp_new(public_key);
short good_sig = 1;
struct timeval timer;
timer_start(&timer);
if ((error = gcry_pk_verify(sig, data, public_sexp))) {
if (gcry_err_code(error) != GPG_ERR_BAD_SIGNATURE) {
printf("Error in gcry_pk_verify(): %s\nSource: %s\n", gcry_strerror(error), gcry_strsource(error));
exit(1);
}
good_sig = 0;
}
timer_poll("libgcrypt Verify: %d.%06d seconds\n", &timer);
return good_sig;
}
void print_gcry_error(const char* message, const gcry_error_t* error)
{
printf("%s: [%d] %s - %s\n",
message,
gcry_err_code(*error),
gcry_strerror(*error),
gcry_strsource(*error));
}
Gc_rc
gc_cipher_setiv (gc_cipher_handle handle, size_t ivlen, const char *iv)
{
gcry_error_t err;
err = gcry_cipher_setiv ((gcry_cipher_hd_t) handle, iv, ivlen);
if (gcry_err_code (err))
return GC_INVALID_CIPHER;
return GC_OK;
}
static void
canon_len (void)
{
static struct {
size_t textlen; /* length of the buffer */
size_t expected;/* expected length or 0 on error and then ... */
size_t erroff; /* ... and at this offset */
gcry_error_t errcode; /* ... with this error code */
const char *text;
} values[] = {
{ 14, 13, 0, GPG_ERR_NO_ERROR, "(9:abcdefghi) " },
{ 16, 15, 0, GPG_ERR_NO_ERROR, "(10:abcdefghix)" },
{ 14, 0,14, GPG_ERR_SEXP_STRING_TOO_LONG, "(10:abcdefghi)" },
{ 15, 0, 1, GPG_ERR_SEXP_ZERO_PREFIX, "(010:abcdefghi)" },
{ 2, 0, 0, GPG_ERR_SEXP_NOT_CANONICAL, "1:"},
{ 4, 0, 4, GPG_ERR_SEXP_STRING_TOO_LONG, "(1:)"},
{ 5, 5, 0, GPG_ERR_NO_ERROR, "(1:x)"},
{ 2, 2, 0, GPG_ERR_NO_ERROR, "()"},
{ 4, 2, 0, GPG_ERR_NO_ERROR, "()()"},
{ 4, 4, 0, GPG_ERR_NO_ERROR, "(())"},
{ 3, 0, 3, GPG_ERR_SEXP_STRING_TOO_LONG, "(()"},
{ 3, 0, 1, GPG_ERR_SEXP_BAD_CHARACTER, "( )"},
{ 9, 9, 0, GPG_ERR_NO_ERROR, "(3:abc())"},
{ 10, 0, 6, GPG_ERR_SEXP_BAD_CHARACTER, "(3:abc ())"},
/* fixme: we need much more cases */
{ 0 },
};
int idx;
gcry_error_t errcode;
size_t n, erroff;
info ("checking canoncial length test function\n");
for (idx=0; values[idx].text; idx++)
{
n = gcry_sexp_canon_len ((const unsigned char*)values[idx].text,
values[idx].textlen,
&erroff, &errcode);
if (n && n == values[idx].expected)
; /* success */
else if (!n && !values[idx].expected)
{ /* we expected an error - check that this is the right one */
if (values[idx].erroff != erroff)
fail ("canonical length test %d - wrong error offset %u\n",
idx, (unsigned int)erroff);
if (gcry_err_code (errcode) != values[idx].errcode)
fail ("canonical length test %d - wrong error code %d\n",
idx, errcode);
}
else
fail ("canonical length test %d failed - n=%u, off=%u, err=%d\n",
idx, (unsigned int)n, (unsigned int)erroff, errcode);
}
}
Gc_rc
gc_cipher_setkey (gc_cipher_handle handle, size_t keylen, const char *key)
{
gcry_error_t err;
err = gcry_cipher_setkey ((gcry_cipher_hd_t) handle, key, keylen);
if (gcry_err_code (err))
return GC_INVALID_CIPHER;
return GC_OK;
}
/* Check that the signature SIG matches the hash HASH. PKEY is the
public key used for the verification. BADHASH is a hasvalue which
should; result in a bad signature status. */
static void
verify_one_signature (gcry_sexp_t pkey, gcry_sexp_t hash,
gcry_sexp_t badhash, gcry_sexp_t sig)
{
gcry_error_t rc;
rc = gcry_pk_verify (sig, hash, pkey);
if (rc)
fail ("gcry_pk_verify failed: %s\n", gpg_strerror (rc));
rc = gcry_pk_verify (sig, badhash, pkey);
if (gcry_err_code (rc) != GPG_ERR_BAD_SIGNATURE)
fail ("gcry_pk_verify failed to detect a bad signature: %s\n",
gpg_strerror (rc));
}
static int rpmcdsaErrChk(pgpDig dig, const char * msg, int rc, unsigned expected)
{
#ifdef REFERENCE
rpmgc gc = dig->impl;
/* Was the return code the expected result? */
rc = (gcry_err_code(gc->err) != expected);
if (rc)
fail("%s failed: %s\n", msg, gpg_strerror(gc->err));
/* XXX FIXME: rpmcdsaStrerror */
#else
rc = (rc == 0); /* XXX impedance match 1 -> 0 on success */
#endif
return rc; /* XXX 0 on success */
}
void aes256ctr_enc(struct aes256ctr *ac, char *buf, int len)
{
gcry_error_t err;
int full_blocks;
for(; len && (ac->idx < CIPHER_BLOCK_SIZE); len--)
*buf++ ^= ac->buf[ac->idx++];
full_blocks = (len / CIPHER_BLOCK_SIZE) * CIPHER_BLOCK_SIZE;
err = gcry_cipher_encrypt(ac->ch, buf, full_blocks, NULL, 0);
assert(! gcry_err_code(err));
len -= full_blocks;
buf += full_blocks;
if (len) {
memset(ac->buf, 0, CIPHER_BLOCK_SIZE);
err = gcry_cipher_encrypt(ac->ch, ac->buf, CIPHER_BLOCK_SIZE, NULL, 0);
assert(! gcry_err_code(err));
ac->idx = 0;
for(; len && (ac->idx < CIPHER_BLOCK_SIZE); len--)
*buf++ ^= ac->buf[ac->idx++];
}
}
CK_RV
gkm_dsa_mechanism_verify (gcry_sexp_t sexp, CK_BYTE_PTR data, CK_ULONG n_data,
CK_BYTE_PTR signature, CK_ULONG n_signature)
{
gcry_sexp_t ssig, splain;
gcry_error_t gcry;
gcry_mpi_t mpi, mpi2;
g_return_val_if_fail (sexp, CKR_GENERAL_ERROR);
g_return_val_if_fail (signature, CKR_ARGUMENTS_BAD);
g_return_val_if_fail (data, CKR_ARGUMENTS_BAD);
if (n_data != 20)
return CKR_DATA_LEN_RANGE;
if (n_signature != 40)
return CKR_SIGNATURE_LEN_RANGE;
/* Prepare the input s-expressions */
gcry = gcry_mpi_scan (&mpi, GCRYMPI_FMT_USG, data, n_data, NULL);
g_return_val_if_fail (gcry == 0, CKR_GENERAL_ERROR);
gcry = gcry_sexp_build (&splain, NULL, "(data (flags raw) (value %m))", mpi);
gcry_mpi_release (mpi);
g_return_val_if_fail (gcry == 0, CKR_GENERAL_ERROR);
gcry = gcry_mpi_scan (&mpi, GCRYMPI_FMT_USG, signature, 20, NULL);
g_return_val_if_fail (gcry == 0, CKR_GENERAL_ERROR);
gcry = gcry_mpi_scan (&mpi2, GCRYMPI_FMT_USG, signature + 20, 20, NULL);
g_return_val_if_fail (gcry == 0, CKR_GENERAL_ERROR);
gcry = gcry_sexp_build (&ssig, NULL, "(sig-val (dsa (r %m) (s %m)))", mpi, mpi2);
gcry_mpi_release (mpi);
gcry_mpi_release (mpi2);
g_return_val_if_fail (gcry == 0, CKR_GENERAL_ERROR);
/* Do the magic */
gcry = gcry_pk_verify (ssig, splain, sexp);
gcry_sexp_release (splain);
gcry_sexp_release (ssig);
/* TODO: See if any other codes should be mapped */
if (gcry_err_code (gcry) == GPG_ERR_BAD_SIGNATURE) {
return CKR_SIGNATURE_INVALID;
} else if (gcry) {
g_message ("signing of the data failed: %s", gcry_strerror (gcry));
return CKR_FUNCTION_FAILED;
}
return CKR_OK;
}
CK_RV
gkm_rsa_mechanism_verify (gcry_sexp_t sexp, EggPadding padding, CK_BYTE_PTR data,
CK_ULONG n_data, CK_BYTE_PTR signature, CK_ULONG n_signature)
{
gcry_sexp_t ssig, sdata;
gcry_error_t gcry;
guint nbits;
CK_RV rv;
g_return_val_if_fail (sexp, CKR_GENERAL_ERROR);
g_return_val_if_fail (signature, CKR_ARGUMENTS_BAD);
g_return_val_if_fail (data, CKR_ARGUMENTS_BAD);
/* The key size */
nbits = gcry_pk_get_nbits (sexp);
g_return_val_if_fail (nbits > 0, CKR_GENERAL_ERROR);
if (n_signature != (nbits + 7) / 8)
return CKR_SIGNATURE_LEN_RANGE;
/* Prepare the input s expressions */
rv = gkm_crypto_data_to_sexp ("(data (flags raw) (value %m))",
nbits, padding, data, n_data, &sdata);
if (rv != CKR_OK)
return rv;
rv = gkm_crypto_data_to_sexp ("(sig-val (rsa (s %m)))",
nbits, NULL, signature, n_signature, &ssig);
if (rv != CKR_OK) {
gcry_sexp_release (sdata);
return rv;
}
/* Do the magic */
gcry = gcry_pk_verify (ssig, sdata, sexp);
gcry_sexp_release (sdata);
gcry_sexp_release (ssig);
/* TODO: See if any other codes should be mapped */
if (gcry_err_code (gcry) == GPG_ERR_BAD_SIGNATURE) {
return CKR_SIGNATURE_INVALID;
} else if (gcry) {
g_message ("signing of the data failed: %s", gcry_strerror (gcry));
return CKR_FUNCTION_FAILED;
}
return CKR_OK;
}
libspectrum_error
libspectrum_verify_signature( libspectrum_signature *signature,
libspectrum_rzx_dsa_key *key )
{
libspectrum_error error;
gcry_error_t gcrypt_error;
gcry_sexp_t hash, key_sexp, signature_sexp;
error = get_hash( &hash, signature->start, signature->length );
if( error ) return error;
error = create_key( &key_sexp, key, 0 );
if( error ) { gcry_sexp_release( hash ); return error; }
error = gcry_sexp_build( &signature_sexp, NULL, signature_format,
signature->r, signature->s );
if( error ) {
libspectrum_print_error(
LIBSPECTRUM_ERROR_LOGIC,
"create_signature: error building signature sexp: %s",
gcry_strerror( error )
);
gcry_sexp_release( key_sexp ); gcry_sexp_release( hash );
return LIBSPECTRUM_ERROR_LOGIC;
}
gcrypt_error = gcry_pk_verify( signature_sexp, hash, key_sexp );
gcry_sexp_release( signature_sexp );
gcry_sexp_release( key_sexp ); gcry_sexp_release( hash );
if( gcrypt_error ) {
if( gcry_err_code( gcrypt_error ) == GPG_ERR_BAD_SIGNATURE ) {
return LIBSPECTRUM_ERROR_SIGNATURE;
} else {
libspectrum_print_error(
LIBSPECTRUM_ERROR_LOGIC,
"libgcrypt error verifying signature: %s",
gcry_strerror( gcrypt_error )
);
return LIBSPECTRUM_ERROR_LOGIC;
}
}
return LIBSPECTRUM_ERROR_NONE;
}
char *
f4dns_hash( const char *fqn, char *hash_return ) {
gcry_error_t err;
gcry_md_hd_t mh;
char *md;
const char prefix[] = "F4DNS::";
err = gcry_md_open(&mh, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE);
assert( ! gcry_err_code(err) );
gcry_md_write(mh, prefix, sizeof(prefix));
//gcry_md_write(mh, request_type, strlen(request_type));
gcry_md_write(mh, fqn, strlen(fqn));
gcry_md_final(mh);
md = (char*)gcry_md_read(mh, 0);
memcpy(hash_return, md, 20);
gcry_md_close(mh);
return hash_return;
}
char *
f4crypto_hash_fqdn( const char *fqdn, uint8_t replica, char *hash_return ) {
gcry_error_t err;
gcry_md_hd_t mh;
char *md;
const char prefix[] = "F4DNS::";
assert( strlen(fqdn) );
assert( hash_return != NULL );
err = gcry_md_open(&mh, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE);
assert( ! gcry_err_code(err) );
gcry_md_write(mh, prefix, sizeof(prefix));
gcry_md_write(mh, fqdn, strlen(fqdn));
gcry_md_write(mh, &replica, sizeof(uint8_t));
gcry_md_final(mh);
md = (char*)gcry_md_read(mh, 0);
memcpy(hash_return, md, 20);
gcry_md_close(mh);
return hash_return;
}
static int
generate_key_or_iv(unsigned int id, tvbuff_t *salt_tvb, unsigned int iter,
const char *pw, unsigned int req_keylen, char * keybuf)
{
int rc;
unsigned int i, j;
gcry_md_hd_t md;
gcry_mpi_t num_b1 = NULL;
size_t pwlen;
char hash[20], buf_b[64], buf_i[128], *p;
char *salt_p;
int salt_size;
size_t cur_keylen;
size_t n;
gcry_error_t err;
cur_keylen = 0;
salt_size = tvb_captured_length(salt_tvb);
salt_p = (char *)tvb_memdup(wmem_packet_scope(), salt_tvb, 0, salt_size);
if (pw == NULL)
pwlen = 0;
else
pwlen = strlen(pw);
if (pwlen > 63 / 2)
{
return FALSE;
}
/* Store salt and password in BUF_I */
p = buf_i;
for (i = 0; i < 64; i++)
*p++ = salt_p[i % salt_size];
if (pw)
{
for (i = j = 0; i < 64; i += 2)
{
*p++ = 0;
*p++ = pw[j];
if (++j > pwlen) /* Note, that we include the trailing zero */
j = 0;
}
}
else
memset (p, 0, 64);
for (;;) {
err = gcry_md_open(&md, GCRY_MD_SHA1, 0);
if (gcry_err_code(err))
{
return FALSE;
}
for (i = 0; i < 64; i++)
{
unsigned char lid = id & 0xFF;
gcry_md_write (md, &lid, 1);
}
gcry_md_write(md, buf_i, pw ? 128 : 64);
gcry_md_final (md);
memcpy (hash, gcry_md_read (md, 0), 20);
gcry_md_close (md);
for (i = 1; i < iter; i++)
gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20);
for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
keybuf[cur_keylen++] = hash[i];
if (cur_keylen == req_keylen)
{
gcry_mpi_release (num_b1);
return TRUE; /* ready */
}
/* need more bytes. */
for (i = 0; i < 64; i++)
buf_b[i] = hash[i % 20];
n = 64;
rc = gcry_mpi_scan (&num_b1, GCRYMPI_FMT_USG, buf_b, n, &n);
if (rc != 0)
{
return FALSE;
}
gcry_mpi_add_ui (num_b1, num_b1, 1);
for (i = 0; i < 128; i += 64)
{
gcry_mpi_t num_ij;
n = 64;
rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, n, &n);
if (rc != 0)
{
return FALSE;
}
gcry_mpi_add (num_ij, num_ij, num_b1);
gcry_mpi_clear_highbit (num_ij, 64 * 8);
n = 64;
rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, n, &n, num_ij);
if (rc != 0)
{
return FALSE;
}
gcry_mpi_release (num_ij);
}
}
}
int sig_verify(ssh_session session, ssh_public_key pubkey,
SIGNATURE *signature, unsigned char *digest, int size) {
#ifdef HAVE_LIBGCRYPT
gcry_error_t valid = 0;
gcry_sexp_t gcryhash;
#elif defined HAVE_LIBCRYPTO
int valid = 0;
#endif
unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
sha1(digest, size, hash + 1);
#ifdef DEBUG_CRYPTO
ssh_print_hexa("Hash to be verified with dsa", hash + 1, SHA_DIGEST_LEN);
#endif
switch(pubkey->type) {
case SSH_KEYTYPE_DSS:
#ifdef HAVE_LIBGCRYPT
valid = gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash);
if (valid != 0) {
ssh_set_error(session, SSH_FATAL,
"RSA error: %s", gcry_strerror(valid));
return -1;
}
valid = gcry_pk_verify(signature->dsa_sign, gcryhash, pubkey->dsa_pub);
gcry_sexp_release(gcryhash);
if (valid == 0) {
return 0;
}
if (gcry_err_code(valid) != GPG_ERR_BAD_SIGNATURE) {
ssh_set_error(session, SSH_FATAL,
"DSA error: %s", gcry_strerror(valid));
return -1;
}
#elif defined HAVE_LIBCRYPTO
valid = DSA_do_verify(hash + 1, SHA_DIGEST_LEN, signature->dsa_sign,
pubkey->dsa_pub);
if (valid == 1) {
return 0;
}
if (valid == -1) {
ssh_set_error(session, SSH_FATAL,
"DSA error: %s", ERR_error_string(ERR_get_error(), NULL));
return -1;
}
#endif
ssh_set_error(session, SSH_FATAL, "Invalid DSA signature");
return -1;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
#ifdef HAVE_LIBGCRYPT
valid = gcry_sexp_build(&gcryhash, NULL,
"(data(flags pkcs1)(hash sha1 %b))", SHA_DIGEST_LEN, hash + 1);
if (valid != 0) {
ssh_set_error(session, SSH_FATAL,
"RSA error: %s", gcry_strerror(valid));
return -1;
}
valid = gcry_pk_verify(signature->rsa_sign,gcryhash,pubkey->rsa_pub);
gcry_sexp_release(gcryhash);
if (valid == 0) {
return 0;
}
if (gcry_err_code(valid) != GPG_ERR_BAD_SIGNATURE) {
ssh_set_error(session, SSH_FATAL,
"RSA error: %s", gcry_strerror(valid));
return -1;
}
#elif defined HAVE_LIBCRYPTO
valid = RSA_verify(NID_sha1, hash + 1, SHA_DIGEST_LEN,
signature->rsa_sign->string, ssh_string_len(signature->rsa_sign),
pubkey->rsa_pub);
if (valid == 1) {
return 0;
}
if (valid == -1) {
ssh_set_error(session, SSH_FATAL,
"RSA error: %s", ERR_error_string(ERR_get_error(), NULL));
return -1;
}
#endif
ssh_set_error(session, SSH_FATAL, "Invalid RSA signature");
return -1;
default:
ssh_set_error(session, SSH_FATAL, "Unknown public key type");
return -1;
}
return -1;
}
/* Entry point for the local-db authentication method. Returns TRUE
(1) if authentication succeeded and FALSE (0) otherwise. */
static int
auth_method_localdb_auth_do (poldi_ctx_t ctx,
const char *username_desired, char **username_authenticated)
{
unsigned char *challenge;
unsigned char *response;
size_t challenge_n;
size_t response_n;
gcry_sexp_t key;
gpg_error_t err;
char *card_username;
const char *username;
card_username = NULL;
challenge = NULL;
response = NULL;
username = NULL;
key = NULL;
/*
* Process authentication request.
*/
if (!username_desired)
{
/* We didn't receive a username from PAM, therefore we need to
figure it out somehow. We use the card's serialno for looking
up an account. */
err = usersdb_lookup_by_serialno (ctx->cardinfo.serialno, &card_username);
if (gcry_err_code (err) == GPG_ERR_AMBIGUOUS_NAME)
/* Given serialno is associated with more than one account =>
ask the user for desired identity. */
err = conv_ask (ctx->conv, 0, &card_username,
_("Please enter username: "******"Trying authentication as user `%s'..."), username);
if (!ctx->quiet)
conv_tell (ctx->conv,
_("Trying authentication as user `%s'..."), username);
/* Verify (again) that the given account is associated with the
serial number. */
err = usersdb_check (ctx->cardinfo.serialno, username);
if (err)
{
if (ctx->debug)
log_msg_debug (ctx->loghandle,
_("Serial number %s is not associated with user %s"),
ctx->cardinfo.serialno, username);
conv_tell (ctx->conv,
_("Serial number %s is not associated with user %s"),
ctx->cardinfo.serialno, username);
err = gcry_error (GPG_ERR_INV_NAME);
goto out;
}
/* Retrieve key belonging to card. */
err = key_lookup_by_serialno (ctx, ctx->cardinfo.serialno, &key);
if (err)
goto out;
/* Generate challenge. */
err = challenge_generate (&challenge, &challenge_n);
if (err)
{
log_msg_error (ctx->loghandle,
_("failed to generate challenge: %s"),
gpg_strerror (err));
goto out;
}
/* Let card sign the challenge. */
err = scd_pksign (ctx->scd, "OPENPGP.3",
challenge, challenge_n,
&response, &response_n);
if (err)
{
log_msg_error (ctx->loghandle,
_("failed to retrieve challenge signature from card: %s"),
gpg_strerror (err));
goto out;
}
/* Verify response. */
err = challenge_verify (key, challenge, challenge_n, response, response_n);
if (err)
{
log_msg_error (ctx->loghandle,
_("failed to verify challenge"));
goto out;
}
if (!username_desired)
*username_authenticated = card_username;
/* Done. */
out:
/* Release resources. */
gcry_sexp_release (key);
challenge_release (challenge);
xfree (response);
if (err)
xfree (card_username);
return !err;
}
gchar * __pkey_manage_aes_encrypt_aux (const gchar *in, const gchar *password, const guchar *iv, const guchar *ctr)
{
guchar *key = __pkey_manage_create_key (password);
guchar *out = (guchar *) g_strdup(in);
gchar *res;
gcry_error_t get;
gcry_cipher_hd_t cry_ctxt;
get = gcry_cipher_open (&cry_ctxt, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 0);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
if (! iv || !ctr) {
get = gcry_cipher_setiv(cry_ctxt, &old_iv, 16);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
if (! ctr)
ctr = old_ctr;
get = gcry_cipher_setctr(cry_ctxt, &old_ctr, 16);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
} else {
get = gcry_cipher_setiv(cry_ctxt, iv, 16);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
if (! ctr)
ctr = old_ctr;
get = gcry_cipher_setctr(cry_ctxt, ctr, 16);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
}
get = gcry_cipher_setkey (cry_ctxt, key, 32);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
get = gcry_cipher_encrypt(cry_ctxt, out, strlen(in), NULL, 0);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
gcry_cipher_close (cry_ctxt);
res = __pkey_manage_to_hex (out, strlen(in));
g_free (out);
return res;
}
gchar * __pkey_manage_aes_decrypt_aux (const gchar *string, const gchar *password, const guchar *iv, const guchar *ctr)
{
guchar *out = __pkey_manage_from_hex(string);
guchar *key = __pkey_manage_create_key (password);
gcry_cipher_hd_t cry_ctxt;
gcry_error_t get;
get = gcry_cipher_open (&cry_ctxt, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 0);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
if (! iv || !ctr) {
get = gcry_cipher_setiv(cry_ctxt, &old_iv, 16);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
if (! ctr)
ctr = old_ctr;
get = gcry_cipher_setctr(cry_ctxt, &old_ctr, 16);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
} else {
get = gcry_cipher_setiv(cry_ctxt, iv, 16);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
if (! ctr)
ctr = old_ctr;
get = gcry_cipher_setctr(cry_ctxt, ctr, 16);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
}
get = gcry_cipher_setkey (cry_ctxt, key, 32);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
get = gcry_cipher_decrypt(cry_ctxt, out, strlen(string)/2, NULL, 0);
if (get) {
fprintf (stderr, "ERR GCRYPT: %ud\n", gcry_err_code(get));
return NULL;
}
gcry_cipher_close (cry_ctxt);
return (gchar *) out;
}
void handle_msg_event(void *opdata, OtrlMessageEvent msg_event, ConnContext *context, const char *message, gcry_error_t err) {
char* msg = "";
switch(msg_event) {
case OTRL_MSGEVENT_NONE:
msg = "OTRL_MSGEVENT_NONE";
break;
case OTRL_MSGEVENT_ENCRYPTION_REQUIRED:
msg = "OTRL_MSGEVENT_ENCRYPTION_REQUIRED";
break;
case OTRL_MSGEVENT_ENCRYPTION_ERROR:
msg = "OTRL_MSGEVENT_ENCRYPTION_ERROR";
break;
case OTRL_MSGEVENT_CONNECTION_ENDED:
msg = "OTRL_MSGEVENT_CONNECTION_ENDED";
break;
case OTRL_MSGEVENT_SETUP_ERROR:
msg = "OTRL_MSGEVENT_SETUP_ERROR";
break;
case OTRL_MSGEVENT_MSG_REFLECTED:
msg = "OTRL_MSGEVENT_MSG_REFLECTED";
break;
case OTRL_MSGEVENT_MSG_RESENT:
msg = "OTRL_MSGEVENT_MSG_RESENT";
break;
case OTRL_MSGEVENT_RCVDMSG_NOT_IN_PRIVATE:
msg = "OTRL_MSGEVENT_RCVDMSG_NOT_IN_PRIVATE";
break;
case OTRL_MSGEVENT_RCVDMSG_UNREADABLE:
msg = "OTRL_MSGEVENT_RCVDMSG_UNREADABLE";
break;
case OTRL_MSGEVENT_RCVDMSG_MALFORMED:
msg = "OTRL_MSGEVENT_RCVDMSG_MALFORMED";
break;
case OTRL_MSGEVENT_LOG_HEARTBEAT_RCVD:
msg = "OTRL_MSGEVENT_LOG_HEARTBEAT_RCVD";
break;
case OTRL_MSGEVENT_LOG_HEARTBEAT_SENT:
msg = "OTRL_MSGEVENT_LOG_HEARTBEAT_SENT";
break;
case OTRL_MSGEVENT_RCVDMSG_GENERAL_ERR:
msg = "OTRL_MSGEVENT_RCVDMSG_GENERAL_ERR";
break;
case OTRL_MSGEVENT_RCVDMSG_UNENCRYPTED:
msg = "OTRL_MSGEVENT_RCVDMSG_UNENCRYPTED";
break;
case OTRL_MSGEVENT_RCVDMSG_UNRECOGNIZED:
msg = "OTRL_MSGEVENT_RCVDMSG_UNRECOGNIZED";
break;
case OTRL_MSGEVENT_RCVDMSG_FOR_OTHER_INSTANCE:
msg = "OTRL_MSGEVENT_RCVDMSG_FOR_OTHER_INSTANCE";
break;
}
pthread_mutex_lock(&log_mutex);
fprintf(logfd, "Handle_msg_event called with msg_event %s errcode %i message %s \n", msg, gcry_err_code(err), message);
fflush(logfd);
pthread_mutex_unlock(&log_mutex);
write_query_response(Q_ID_ERR, msg);
}
int PBE_decrypt_data(const char *object_identifier_id_param, tvbuff_t *encrypted_tvb, asn1_ctx_t *actx, proto_item *item)
{
#ifdef HAVE_LIBGCRYPT
const char *encryption_algorithm;
gcry_cipher_hd_t cipher;
gcry_error_t err;
int algo;
int mode;
int ivlen = 0;
int keylen = 0;
int datalen = 0;
char *key = NULL;
char *iv = NULL;
char *clear_data = NULL;
tvbuff_t *clear_tvb = NULL;
const gchar *oidname;
GString *name;
proto_tree *tree;
char byte;
gboolean decrypt_ok = TRUE;
if(((password == NULL) || (*password == '\0')) && (try_null_password == FALSE)) {
/* we are not configured to decrypt */
return FALSE;
}
encryption_algorithm = x509af_get_last_algorithm_id();
/* these are the only encryption schemes we understand for now */
if(!strcmp(encryption_algorithm, PKCS12_PBE_3DES_SHA1_OID)) {
ivlen = 8;
keylen = 24;
algo = GCRY_CIPHER_3DES;
mode = GCRY_CIPHER_MODE_CBC;
} else if(!strcmp(encryption_algorithm, PKCS12_PBE_ARCFOUR_SHA1_OID)) {
ivlen = 0;
keylen = 16;
algo = GCRY_CIPHER_ARCFOUR;
mode = GCRY_CIPHER_MODE_NONE;
} else if(!strcmp(encryption_algorithm, PKCS12_PBE_RC2_40_SHA1_OID)) {
ivlen = 8;
keylen = 5;
algo = GCRY_CIPHER_RFC2268_40;
mode = GCRY_CIPHER_MODE_CBC;
} else {
/* we don't know how to decrypt this */
proto_item_append_text(item, " [Unsupported encryption algorithm]");
return FALSE;
}
if((iteration_count == 0) || (salt == NULL)) {
proto_item_append_text(item, " [Insufficient parameters]");
return FALSE;
}
/* allocate buffers */
key = ep_alloc(keylen);
if(!generate_key_or_iv(1 /*LEY */, salt, iteration_count, password, keylen, key))
return FALSE;
if(ivlen) {
iv = ep_alloc(ivlen);
if(!generate_key_or_iv(2 /* IV */, salt, iteration_count, password, ivlen, iv))
return FALSE;
}
/* now try an internal function */
err = gcry_cipher_open(&cipher, algo, mode, 0);
if (gcry_err_code (err))
return FALSE;
err = gcry_cipher_setkey (cipher, key, keylen);
if (gcry_err_code (err)) {
gcry_cipher_close (cipher);
return FALSE;
}
if(ivlen) {
err = gcry_cipher_setiv (cipher, iv, ivlen);
if (gcry_err_code (err)) {
gcry_cipher_close (cipher);
return FALSE;
}
}
datalen = tvb_length(encrypted_tvb);
clear_data = g_malloc(datalen);
err = gcry_cipher_decrypt (cipher, clear_data, datalen, tvb_get_ephemeral_string(encrypted_tvb, 0, datalen), datalen);
if (gcry_err_code (err)) {
proto_item_append_text(item, " [Failed to decrypt with password preference]");
gcry_cipher_close (cipher);
g_free(clear_data);
return FALSE;
}
gcry_cipher_close (cipher);
/* We don't know if we have successfully decrypted the data or not so we:
a) check the trailing bytes
b) see if we start with a sequence or a set (is this too constraining?
*/
/* first the trailing bytes */
byte = clear_data[datalen-1];
if(byte <= 0x08) {
int i;
for(i = (int)byte; i > 0 ; i--) {
if(clear_data[datalen - i] != byte) {
decrypt_ok = FALSE;
break;
}
}
} else {
/* XXX: is this a failure? */
}
/* we assume the result is ASN.1 - check it is a SET or SEQUENCE */
byte = clear_data[0];
if((byte != 0x30) && (byte != 0x31)) { /* do we need more here? OCTET STRING? */
decrypt_ok = FALSE;
}
if(!decrypt_ok) {
g_free(clear_data);
proto_item_append_text(item, " [Failed to decrypt with supplied password]");
return FALSE;
}
proto_item_append_text(item, " [Decrypted successfully]");
tree = proto_item_add_subtree(item, ett_decrypted_pbe);
/* OK - so now clear_data contains the decrypted data */
clear_tvb = tvb_new_child_real_data(encrypted_tvb,(const guint8 *)clear_data, datalen, datalen);
tvb_set_free_cb(clear_tvb, g_free);
name = g_string_new("");
oidname = oid_resolved_from_string(object_identifier_id_param);
g_string_printf(name, "Decrypted %s", oidname ? oidname : object_identifier_id_param);
/* add it as a new source */
add_new_data_source(actx->pinfo, clear_tvb, name->str);
g_string_free(name, TRUE);
/* now try and decode it */
call_ber_oid_callback(object_identifier_id_param, clear_tvb, 0, actx->pinfo, tree);
return TRUE;
#else
/* we cannot decrypt */
return FALSE;
#endif
}
/* Test the public key sign function using the private ket SKEY. PKEY
is used for verification. */
static void
check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey)
{
gcry_error_t rc;
gcry_sexp_t sig, badhash, hash;
int dataidx;
static const char baddata[] =
"(data\n (flags pkcs1)\n"
" (hash sha1 #11223344556677889900AABBCCDDEEFF10203041#))\n";
static struct
{
const char *data;
int expected_rc;
} datas[] =
{
{ "(data\n (flags pkcs1)\n"
" (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n",
0 },
{ "(data\n (flags )\n"
" (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n",
GPG_ERR_CONFLICT },
{ "(data\n (flags pkcs1)\n"
" (hash foo #11223344556677889900AABBCCDDEEFF10203040#))\n",
GPG_ERR_DIGEST_ALGO },
{ "(data\n (flags )\n" " (value #11223344556677889900AA#))\n",
0 },
{ "(data\n (flags raw)\n" " (value #11223344556677889900AA#))\n",
0 },
{ "(data\n (flags pkcs1)\n"
" (value #11223344556677889900AA#))\n",
GPG_ERR_CONFLICT },
{ "(data\n (flags raw foo)\n"
" (value #11223344556677889900AA#))\n",
GPG_ERR_INV_FLAG },
{ NULL }
};
rc = gcry_sexp_sscan (&badhash, NULL, baddata, strlen (baddata));
if (rc)
die ("converting data failed: %s\n", gpg_strerror (rc));
for (dataidx = 0; datas[dataidx].data; dataidx++)
{
if (verbose)
fprintf (stderr, "signature test %d\n", dataidx);
rc = gcry_sexp_sscan (&hash, NULL, datas[dataidx].data,
strlen (datas[dataidx].data));
if (rc)
die ("converting data failed: %s\n", gpg_strerror (rc));
rc = gcry_pk_sign (&sig, hash, skey);
if (gcry_err_code (rc) != datas[dataidx].expected_rc)
fail ("gcry_pk_sign failed: %s\n", gpg_strerror (rc));
if (!rc)
verify_one_signature (pkey, hash, badhash, sig);
gcry_sexp_release (sig);
sig = NULL;
gcry_sexp_release (hash);
hash = NULL;
}
gcry_sexp_release (badhash);
}
Gc_rc
gc_hash_open (Gc_hash hash, Gc_hash_mode mode, gc_hash_handle * outhandle)
{
_gc_hash_ctx *ctx;
int gcryalg = 0, gcrymode = 0;
gcry_error_t err;
Gc_rc rc = GC_OK;
ctx = calloc (sizeof (*ctx), 1);
if (!ctx)
return GC_MALLOC_ERROR;
ctx->alg = hash;
ctx->mode = mode;
switch (hash)
{
case GC_MD2:
gcryalg = GCRY_MD_NONE;
break;
case GC_MD4:
gcryalg = GCRY_MD_MD4;
break;
case GC_MD5:
gcryalg = GCRY_MD_MD5;
break;
case GC_SHA1:
gcryalg = GCRY_MD_SHA1;
break;
case GC_SHA256:
gcryalg = GCRY_MD_SHA256;
break;
case GC_SHA384:
gcryalg = GCRY_MD_SHA384;
break;
case GC_SHA512:
gcryalg = GCRY_MD_SHA512;
break;
case GC_SHA224:
gcryalg = GCRY_MD_SHA224;
break;
case GC_RMD160:
gcryalg = GCRY_MD_RMD160;
break;
default:
rc = GC_INVALID_HASH;
}
switch (mode)
{
case 0:
gcrymode = 0;
break;
case GC_HMAC:
gcrymode = GCRY_MD_FLAG_HMAC;
break;
default:
rc = GC_INVALID_HASH;
}
if (rc == GC_OK && gcryalg != GCRY_MD_NONE)
{
err = gcry_md_open (&ctx->gch, gcryalg, gcrymode);
if (gcry_err_code (err))
rc = GC_INVALID_HASH;
}
if (rc == GC_OK)
*outhandle = ctx;
else
free (ctx);
return rc;
}
Gc_rc
gc_cipher_open (Gc_cipher alg, Gc_cipher_mode mode,
gc_cipher_handle * outhandle)
{
int gcryalg, gcrymode;
gcry_error_t err;
switch (alg)
{
case GC_AES128:
gcryalg = GCRY_CIPHER_RIJNDAEL;
break;
case GC_AES192:
gcryalg = GCRY_CIPHER_RIJNDAEL;
break;
case GC_AES256:
gcryalg = GCRY_CIPHER_RIJNDAEL256;
break;
case GC_3DES:
gcryalg = GCRY_CIPHER_3DES;
break;
case GC_DES:
gcryalg = GCRY_CIPHER_DES;
break;
case GC_ARCFOUR128:
case GC_ARCFOUR40:
gcryalg = GCRY_CIPHER_ARCFOUR;
break;
case GC_ARCTWO40:
gcryalg = GCRY_CIPHER_RFC2268_40;
break;
#ifdef HAVE_CAMELLIA
case GC_CAMELLIA128:
gcryalg = GCRY_CIPHER_CAMELLIA128;
break;
case GC_CAMELLIA256:
gcryalg = GCRY_CIPHER_CAMELLIA256;
break;
#endif
default:
return GC_INVALID_CIPHER;
}
switch (mode)
{
case GC_ECB:
gcrymode = GCRY_CIPHER_MODE_ECB;
break;
case GC_CBC:
gcrymode = GCRY_CIPHER_MODE_CBC;
break;
case GC_STREAM:
gcrymode = GCRY_CIPHER_MODE_STREAM;
break;
default:
return GC_INVALID_CIPHER;
}
err = gcry_cipher_open ((gcry_cipher_hd_t *) outhandle,
gcryalg, gcrymode, 0);
if (gcry_err_code (err))
return GC_INVALID_CIPHER;
return GC_OK;
}
