struct aes256ctr* aes256ctr_init(const char *key)
{
struct aes256ctr *ac;
gcry_error_t err;
if (! (ac = gcry_malloc_secure(sizeof(struct aes256ctr))))
return NULL;
err = gcry_cipher_open(&ac->ch, GCRY_CIPHER_AES256,
GCRY_CIPHER_MODE_CTR, GCRY_CIPHER_SECURE);
if (gcry_err_code(err))
goto error;
err = gcry_cipher_setkey(ac->ch, key, CIPHER_KEY_SIZE);
if (gcry_err_code(err))
goto error;
err = gcry_cipher_setctr(ac->ch, NULL, 0);
if (gcry_err_code(err))
goto error;
ac->idx = CIPHER_BLOCK_SIZE;
return ac;
error:
gcry_free(ac);
return NULL;
}
/* Convert LENGTH bytes of data in CHAR_STRING into hex encoding and store
that in HEX_STRING. HEX_STRING must be allocated of at
least (2*LENGTH+1) bytes or be NULL so that the function mallocs an
appropriate buffer. Returns HEX_STRING or NULL on error (which may
only occur if HEX_STRING has been NULL and the internal malloc
failed). */
char *convert_char_to_hexstring (const void *char_string, size_t length, char *hex_string){
const unsigned char *s;
char *p;
if (!hex_string)
{
size_t nbytes = 2 * length + 1;
if (length && (nbytes-1) / 2 != length)
{
errno = ENOMEM;
return 0;
}
hex_string = gcry_malloc_secure(nbytes);
if (!hex_string)
return 0;
}
for (s = char_string, p = hex_string; length; length--, s++)
{
*p++ = tohex ((*s>>4)&15);
*p++ = tohex (*s&15);
}
*p = 0;
return hex_string;
}
/* Turn VALUE into an octet string and store it in an allocated buffer
at R_FRAME. If the resulting octet string is shorter than NBYTES
the result will be left padded with zeroes. If VALUE does not fit
into NBYTES an error code is returned. */
static gpg_err_code_t
int2octets (unsigned char **r_frame, gcry_mpi_t value, size_t nbytes)
{
gpg_err_code_t rc;
size_t nframe, noff, n;
unsigned char *frame;
rc = gpg_err_code (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0,
&nframe, value));
if (rc)
return rc;
if (nframe > nbytes)
return GPG_ERR_TOO_LARGE; /* Value too long to fit into NBYTES. */
noff = (nframe < nbytes)? nbytes - nframe : 0;
n = nframe + noff;
frame = mpi_is_secure (value)? gcry_malloc_secure (n) : gcry_malloc (n);
if (!frame)
return gpg_err_code_from_syserror ();
if (noff)
memset (frame, 0, noff);
nframe += noff;
rc = gpg_err_code (gcry_mpi_print (GCRYMPI_FMT_USG, frame+noff, nframe-noff,
NULL, value));
if (rc)
{
gcry_free (frame);
return rc;
}
*r_frame = frame;
return 0;
}
char *build_unlock_key (const char *user_pass, const char *phrase_completion){
char *key;
size_t pass_length = strlen(user_pass);
key = gcry_malloc_secure(33);
memccpy(key, user_pass, sizeof(char), pass_length);
memccpy(key + pass_length, phrase_completion + pass_length, sizeof(char), 32 - pass_length);
key[32] = '\0';
return key;
}
static void DH_KDF(char *key, const struct affine_point *P, int elemlen)
{
char *buf;
if (!(buf = gcry_malloc_secure(2 * elemlen))) {
fprintf(stderr, "Failed to malloc secure memory in DH_KDF()\n");
return;;
}
serialize_mpi(buf + 0 * elemlen, elemlen, DF_BIN, P->x);
serialize_mpi(buf + 1 * elemlen, elemlen, DF_BIN, P->y);
gcry_md_hash_buffer(GCRY_MD_SHA512, key, buf, 2 * elemlen);
gcry_free(buf);
}
void *
gcry_xmalloc_secure( size_t n )
{
void *p;
while ( !(p = gcry_malloc_secure( n )) ) {
if( !outofcore_handler
|| !outofcore_handler( outofcore_handler_value, n, 1 ) ) {
_gcry_fatal_error(gpg_err_code_from_errno (errno),
_("out of core in secure memory"));
}
}
return p;
}
/* Return an allocated buffer with the MPI (msb first). NBYTES
receives the length of this buffer. Caller must free the return
string. This function returns an allocated buffer with NBYTES set
to zero if the value of A is zero. If sign is not NULL, it will be
set to the sign of the A. On error NULL is returned and ERRNO set
appropriately. */
static unsigned char *
do_get_buffer (gcry_mpi_t a, unsigned int *nbytes, int *sign, int force_secure)
{
unsigned char *p, *buffer;
mpi_limb_t alimb;
int i;
size_t n;
if (sign)
*sign = a->sign;
*nbytes = a->nlimbs * BYTES_PER_MPI_LIMB;
n = *nbytes? *nbytes:1; /* Allocate at least one byte. */
p = buffer = (force_secure || mpi_is_secure(a))? gcry_malloc_secure (n)
: gcry_malloc (n);
if (!buffer)
return NULL;
for (i=a->nlimbs-1; i >= 0; i--)
{
alimb = a->d[i];
#if BYTES_PER_MPI_LIMB == 4
*p++ = alimb >> 24;
*p++ = alimb >> 16;
*p++ = alimb >> 8;
*p++ = alimb ;
#elif BYTES_PER_MPI_LIMB == 8
*p++ = alimb >> 56;
*p++ = alimb >> 48;
*p++ = alimb >> 40;
*p++ = alimb >> 32;
*p++ = alimb >> 24;
*p++ = alimb >> 16;
*p++ = alimb >> 8;
*p++ = alimb ;
#else
# error please implement for this limb size.
#endif
}
/* This is sub-optimal but we need to do the shift operation because
the caller has to free the returned buffer. */
for (p=buffer; *nbytes && !*p; p++, --*nbytes)
;
if (p != buffer)
memmove (buffer,p, *nbytes);
return buffer;
}
static gcry_mpi_t
ecdsa_cprng_get_exponent(struct aes256cprng *cprng,
const struct curve_params *cp)
{
int len = cp->order_len_bin;
gcry_mpi_t a;
char *buf;
if (!(buf = gcry_malloc_secure(len))) {
fprintf(stderr, "Failed to malloc secure memory in ecdsa_cprng_init()\n");
return NULL;
}
aes256cprng_fillbuf(cprng, buf, len);
a = buf_to_exponent(buf, len, cp);
gcry_free(buf);
return a;
}
void *Password_allocSecure(ulong size)
{
void *p;
#ifndef HAVE_GCRYPT
MemoryHeader *memoryHeader;
#endif
#ifdef HAVE_GCRYPT
p = gcry_malloc_secure(size);
#else /* not HAVE_GCRYPT */
memoryHeader = (MemoryHeader*)malloc(sizeof(MemoryHeader) + size);
memoryHeader->size = size;
p = (byte*)memoryHeader + sizeof(MemoryHeader);
#endif /* HAVE_GCRYPT */
return p;
}
/* Create and return a copy of the null-terminated string STRING. If
it is contained in secure memory, the copy will be contained in
secure memory as well. In an out-of-memory condition, NULL is
returned. */
char *
gcry_strdup (const char *string)
{
char *string_cp = NULL;
size_t string_n = 0;
string_n = strlen (string);
if (gcry_is_secure (string))
string_cp = gcry_malloc_secure (string_n + 1);
else
string_cp = gcry_malloc (string_n + 1);
if (string_cp)
strcpy (string_cp, string);
return string_cp;
}
void *
gcry_calloc_secure (size_t n, size_t m)
{
size_t bytes;
void *p;
bytes = n * m; /* size_t is unsigned so the behavior on overflow is
defined. */
if (m && bytes / m != n)
{
errno = ENOMEM;
return NULL;
}
p = gcry_malloc_secure (bytes);
if (p)
memset (p, 0, bytes);
return p;
}
gcry_mpi_t hash_to_exponent(const char *hash, const struct curve_params *cp)
{
int len = cp->order_len_bin;
struct aes256cprng *cprng;
gcry_mpi_t a;
char *buf;
if (!(buf = gcry_malloc_secure(len))) {
fprintf(stderr, "Failed to allocate secure memory in hash_to_exponent()\n");
return NULL;
}
if (!(cprng = aes256cprng_init(hash))) {
fprintf(stderr, "aes256cprng_init() failed in hash_to_exponent()\n");
return NULL;
}
aes256cprng_fillbuf(cprng, buf, len);
aes256cprng_done(cprng);
a = buf_to_exponent(buf, len, cp);
gcry_free(buf);
return a;
}
static struct secret_data_s *
new_data (const void *data, size_t length)
{
struct secret_data_s *d;
int total;
/* we pad the data to 32 bytes so that it get more complicated
finding something out by watching allocation patterns. This is
usally not possible but we better assume nothing about our
secure storage provider*/
total = length + 32 - (length % 32);
d = gcry_malloc_secure (sizeof *d + total - 1);
if (d)
{
d->totallen = total;
d->datalen = length;
memcpy (d->data, data, length);
}
return d;
}
/****************
* This function allocates an MPI which is optimized to hold
* a value as large as the one given in the argument and allocates it
* with the same flags as A.
*/
gcry_mpi_t
_gcry_mpi_alloc_like( gcry_mpi_t a )
{
gcry_mpi_t b;
if( a && (a->flags & 4) ) {
int n = (a->sign+7)/8;
void *p = gcry_is_secure(a->d)? gcry_malloc_secure( n )
: gcry_malloc( n );
memcpy( p, a->d, n );
b = gcry_mpi_set_opaque( NULL, p, a->sign );
}
else if( a ) {
b = mpi_is_secure(a)? mpi_alloc_secure( a->nlimbs )
: mpi_alloc( a->nlimbs );
b->nlimbs = 0;
b->sign = 0;
b->flags = a->flags;
}
else
b = NULL;
return b;
}
static struct aes256cprng*
ecdsa_cprng_init(const char *msg, const gcry_mpi_t d,
const struct curve_params *cp)
{
int len = cp->order_len_bin;
struct aes256cprng *cprng;
gcry_md_hd_t mh;
char *buf;
if (!(buf = gcry_malloc_secure(len))) {
fprintf(stderr, "Failed to malloc secure memory in ecdsa_cprng_init()\n");
return NULL;
}
serialize_mpi(buf, len, DF_BIN, d);
if (!hmacsha256_init(&mh, buf, len)) {
fprintf(stderr, "Failed to run hmacsha256_init()\n");
return NULL;
}
gcry_free(buf);
gcry_md_write(mh, msg, 64);
gcry_md_final(mh);
cprng = aes256cprng_init((const char*)gcry_md_read(mh, 0));
gcry_md_close(mh);
return cprng;
}
extern void io_encryption_init(IO_HANDLE ptr, enum gcry_cipher_algos c, enum gcry_md_algos h, enum gcry_cipher_modes m, const uint8_t *k, size_t l, io_extra_t x)
{
io_private_t *io_ptr = ptr;
if (!io_ptr || io_ptr->fd < 0)
return errno = EBADF , (void)NULL;
/*
* start setting up the encryption buffer
*/
if (!(io_ptr->buffer_crypt = gcry_malloc_secure(sizeof( buffer_t ))))
die(_("Out of memory @ %s:%d:%s [%zu]"), __FILE__, __LINE__, __func__, sizeof( buffer_t ));
gcry_md_open(&io_ptr->hash_handle, h, GCRY_MD_FLAG_SECURE);
gcry_cipher_open(&io_ptr->cipher_handle, c, m, GCRY_CIPHER_SECURE);
/*
* generate a hash of the supplied key data
*/
size_t hash_length = gcry_md_get_algo_dlen(h);
uint8_t *hash = gcry_malloc_secure(hash_length);
if (!hash)
die(_("Out of memory @ %s:%d:%s [%zu]"), __FILE__, __LINE__, __func__, hash_length);
gcry_md_hash_buffer(gcry_md_get_algo(io_ptr->hash_handle), hash, k, l);
/*
* set the key as the hash of supplied data
*/
size_t key_length = gcry_cipher_get_algo_keylen(c);
uint8_t *key = gcry_calloc_secure(key_length, sizeof( byte_t ));
if (!key)
die(_("Out of memory @ %s:%d:%s [%zu]"), __FILE__, __LINE__, __func__, key_length);
memcpy(key, hash, key_length < hash_length ? key_length : hash_length);
gcry_cipher_setkey(io_ptr->cipher_handle, key, key_length); /* here is where it blows-up on Windows 8, using AES */
gcry_free(key);
/*
* the 2011.* versions (incorrectly) used key length instead of block
* length; versions after 2014.06 randomly generate the IV instead
*/
io_ptr->buffer_crypt->block = gcry_cipher_get_algo_blklen(c);
uint8_t *iv = gcry_calloc_secure(x.x_iv == IV_BROKEN ? key_length : io_ptr->buffer_crypt->block, sizeof( byte_t ));
if (!iv)
die(_("Out of memory @ %s:%d:%s [%zu]"), __FILE__, __LINE__, __func__, io_ptr->buffer_crypt->block);
if (x.x_iv == IV_RANDOM)
{
if (x.x_encrypt)
{
gcry_create_nonce(iv, io_ptr->buffer_crypt->block);
io_write(ptr, iv, io_ptr->buffer_crypt->block);
}
else
io_read(ptr, iv, io_ptr->buffer_crypt->block);
}
else
{
uint8_t *iv_hash = gcry_malloc_secure(hash_length);
if (!iv_hash)
die(_("Out of memory @ %s:%d:%s [%zu]"), __FILE__, __LINE__, __func__, hash_length);
/*
* set the IV as the hash of the hash
*/
gcry_md_hash_buffer(gcry_md_get_algo(io_ptr->hash_handle), iv_hash, hash, hash_length);
memcpy(iv, iv_hash, io_ptr->buffer_crypt->block < hash_length ? io_ptr->buffer_crypt->block : hash_length);
gcry_free(iv_hash);
}
gcry_free(hash);
if (m == GCRY_CIPHER_MODE_CTR)
gcry_cipher_setctr(io_ptr->cipher_handle, iv, io_ptr->buffer_crypt->block);
else
gcry_cipher_setiv(io_ptr->cipher_handle, iv, io_ptr->buffer_crypt->block);
gcry_free(iv);
/*
* set the rest of the buffer
*/
if (!(io_ptr->buffer_crypt->stream = gcry_malloc_secure(io_ptr->buffer_crypt->block)))
die(_("Out of memory @ %s:%d:%s [%zu]"), __FILE__, __LINE__, __func__, io_ptr->buffer_crypt->block);
/*
* when encrypting/writing data:
* 0: length of data buffered so far (in stream)
* 1: length of data processed (from d)
* when decrypting/reading data:
* 0: length of available data in input buffer (stream)
* 1: available space in read buffer (d)
* 2: next available memory location for data (from d)
*/
for (unsigned i = 0; i < OFFSET_SLOTS; i++)
io_ptr->buffer_crypt->offset[i] = 0;
io_ptr->cipher_init = true;
io_ptr->hash_init = true;
io_ptr->operation = IO_ENCRYPT;
return;
}
gboolean
egg_hkdf_perform (const gchar *hash_algo, gconstpointer input, gsize n_input,
gconstpointer salt, gsize n_salt, gconstpointer info,
gsize n_info, gpointer output, gsize n_output)
{
gpointer alloc = NULL;
gpointer buffer = NULL;
gcry_md_hd_t md1, md2;
guint hash_len;
gint i;
gint flags, algo;
gsize step, n_buffer;
guchar *at;
gcry_error_t gcry;
algo = gcry_md_map_name (hash_algo);
g_return_val_if_fail (algo != 0, FALSE);
hash_len = gcry_md_get_algo_dlen (algo);
g_return_val_if_fail (hash_len != 0, FALSE);
g_return_val_if_fail (n_output <= 255 * hash_len, FALSE);
/* Buffer we need to for intermediate stuff */
if (gcry_is_secure (input)) {
flags = GCRY_MD_FLAG_SECURE;
buffer = gcry_malloc_secure (hash_len);
} else {
flags = 0;
buffer = gcry_malloc (hash_len);
}
g_return_val_if_fail (buffer, FALSE);
n_buffer = 0;
/* Salt defaults to hash_len zeros */
if (!salt) {
salt = alloc = g_malloc0 (hash_len);
n_salt = hash_len;
}
/* Step 1: Extract */
gcry = gcry_md_open (&md1, algo, GCRY_MD_FLAG_HMAC | flags);
g_return_val_if_fail (gcry == 0, FALSE);
gcry = gcry_md_setkey (md1, salt, n_salt);
g_return_val_if_fail (gcry == 0, FALSE);
gcry_md_write (md1, input, n_input);
/* Step 2: Expand */
gcry = gcry_md_open (&md2, algo, GCRY_MD_FLAG_HMAC | flags);
g_return_val_if_fail (gcry == 0, FALSE);
gcry = gcry_md_setkey (md2, gcry_md_read (md1, algo), hash_len);
g_return_val_if_fail (gcry == 0, FALSE);
gcry_md_close (md1);
at = output;
for (i = 1; i < 256; ++i) {
gcry_md_reset (md2);
gcry_md_write (md2, buffer, n_buffer);
gcry_md_write (md2, info, n_info);
gcry_md_putc (md2, i);
n_buffer = hash_len;
memcpy (buffer, gcry_md_read (md2, algo), n_buffer);
step = MIN (n_buffer, n_output);
memcpy (at, buffer, step);
n_output -= step;
at += step;
if (!n_output)
break;
}
g_free (alloc);
gcry_free (buffer);
return TRUE;
}
/* Ask for the passphrase using the supplied arguments. The returned
passphrase needs to be freed by the caller. */
int
agent_get_passphrase (ctrl_t ctrl,
char **retpass, const char *desc, const char *prompt,
const char *errtext, int with_qualitybar)
{
int rc;
char line[ASSUAN_LINELENGTH];
struct entry_parm_s parm;
int saveflag;
*retpass = NULL;
if (opt.batch)
return gpg_error (GPG_ERR_BAD_PASSPHRASE);
rc = start_pinentry (ctrl);
if (rc)
return rc;
if (!prompt)
prompt = desc && strstr (desc, "PIN")? "PIN": _("Passphrase");
if (desc)
snprintf (line, DIM(line)-1, "SETDESC %s", desc);
else
snprintf (line, DIM(line)-1, "RESET");
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
snprintf (line, DIM(line)-1, "SETPROMPT %s", prompt);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
if (with_qualitybar && opt.min_passphrase_len)
{
rc = setup_qualitybar ();
if (rc)
return unlock_pinentry (rc);
}
if (errtext)
{
snprintf (line, DIM(line)-1, "SETERROR %s", errtext);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
}
memset (&parm, 0, sizeof parm);
parm.size = ASSUAN_LINELENGTH/2 - 5;
parm.buffer = gcry_malloc_secure (parm.size+10);
if (!parm.buffer)
return unlock_pinentry (out_of_core ());
saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
assuan_begin_confidential (entry_ctx);
rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
inq_quality, entry_ctx, NULL, NULL);
assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
/* Most pinentries out in the wild return the old Assuan error code
for canceled which gets translated to an assuan Cancel error and
not to the code for a user cancel. Fix this here. */
if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
if (rc)
xfree (parm.buffer);
else
*retpass = parm.buffer;
return unlock_pinentry (rc);
}
/* Ask for the passphrase using the supplied arguments. The returned
passphrase needs to be freed by the caller. */
int
agent_get_passphrase (ctrl_t ctrl,
char **retpass, const char *desc, const char *prompt,
const char *errtext, int with_qualitybar)
{
int rc;
char line[ASSUAN_LINELENGTH];
struct entry_parm_s parm;
int saveflag;
int close_button;
*retpass = NULL;
if (opt.batch)
return gpg_error (GPG_ERR_BAD_PASSPHRASE);
if (ctrl->pinentry_mode != PINENTRY_MODE_ASK)
{
if (ctrl->pinentry_mode == PINENTRY_MODE_CANCEL)
return gpg_error (GPG_ERR_CANCELED);
if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK)
{
size_t size;
size_t len = ASSUAN_LINELENGTH/2;
unsigned char *buffer = gcry_malloc_secure (len);
rc = pinentry_loopback(ctrl, "PASSPHRASE", &buffer, &size, len);
if (rc)
xfree(buffer);
else
{
buffer[size] = 0;
*retpass = buffer;
}
return rc;
}
return gpg_error (GPG_ERR_NO_PIN_ENTRY);
}
rc = start_pinentry (ctrl);
if (rc)
return rc;
if (!prompt)
prompt = desc && strstr (desc, "PIN")? "PIN": _("Passphrase");
if (desc)
snprintf (line, DIM(line)-1, "SETDESC %s", desc);
else
snprintf (line, DIM(line)-1, "RESET");
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
snprintf (line, DIM(line)-1, "SETPROMPT %s", prompt);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
if (with_qualitybar && opt.min_passphrase_len)
{
rc = setup_qualitybar ();
if (rc)
return unlock_pinentry (rc);
}
if (errtext)
{
snprintf (line, DIM(line)-1, "SETERROR %s", errtext);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
}
memset (&parm, 0, sizeof parm);
parm.size = ASSUAN_LINELENGTH/2 - 5;
parm.buffer = gcry_malloc_secure (parm.size+10);
if (!parm.buffer)
return unlock_pinentry (out_of_core ());
saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
assuan_begin_confidential (entry_ctx);
close_button = 0;
rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
inq_quality, entry_ctx,
close_button_status_cb, &close_button);
assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
/* Most pinentries out in the wild return the old Assuan error code
for canceled which gets translated to an assuan Cancel error and
not to the code for a user cancel. Fix this here. */
if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
/* Change error code in case the window close button was clicked
to cancel the operation. */
if (close_button && gpg_err_code (rc) == GPG_ERR_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED);
if (rc)
xfree (parm.buffer);
else
*retpass = parm.buffer;
return unlock_pinentry (rc);
}
void Cipher::computeDES()
{
//rePlain = new QRegExp("^[\\w|/]+\\.(plain)$");
reCipher = new QRegExp("([\\w]+)");
// Next line is not needed since we derive the key from the passphrase
// reKey = new QRegExp("^[\\w|/]+\\.(key)$");
// Let's derive the key given by the password
fprintf(stdout, "passphrase: %s\n", leKey->text().toLocal8Bit().constData());
fprintf(stdout, "size in bytes: %d\n", comboSize->currentText().toInt()/8);
int keylen = comboSize->currentText().toLocal8Bit().toInt()/8;
int pass_len = leKey->text().length();
fprintf(stdout, "size of pass: %d\n", pass_len);
Util print;
int hash_len = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
unsigned char *pass = (unsigned char *) gcry_malloc_secure(sizeof(unsigned char)*hash_len);
strcpy( (char *) pass, leKey->text().toLocal8Bit().constData());
fprintf(stdout, "pass: "******"Failure to open MD_SHA256: %s/%s\n",
gcry_strsource (err),
gcry_strerror (err));
goto out;
}
gcry_md_write(hd, pass, pass_len);
pass = gcry_md_read(hd, GCRY_MD_SHA256);
printf("hash_len: %d\n", hash_len);
fprintf(stdout, "Digest of key: ");
print.printBuff(pass, hash_len);
/*
Dans un soucis de contrôle minimaliste des entrées, nous vérifions, avant toutes opérations, que les
QLineEdit contienne bien une extension .in pour le fichier d'entrée, une extension .out pour le fi-
chier de sortie et une extension .key pour le fichier de clé
*/
if(reCipher->exactMatch(leCipher->text()))
{
des = new DES();
if(!(strcmp(comboMode->currentText().toLocal8Bit().constData(), "CBC")))
{
printf("DES3 encryption\n");
rep = des->des3_cbc_encrypt(lePlain->text().toLocal8Bit().constData(),
(const char *) pass,
leCipher->text().toLocal8Bit().constData(),
leIv->text().toLocal8Bit().constData());
}
if(rep == 1){
mb = new QMessageBox(this);
mb->setText("Symmetric encryption error");
mb->setWindowTitle("Information");
mb->exec();
}else{
mb = new QMessageBox(this);
mb->setWindowTitle("Information");
mb->setText("Success");
mb->exec();
this->close();
}
}
else{
/*if(!rePlain->exactMatch(lePlain->text())){
mb = new QMessageBox(this);
mb->setText("The given plain file is wrong.");
mb->setWindowTitle("Information");
mb->exec();
this->close();
}
else if(!reKey->exactMatch(leKey->text())){
mb = new QMessageBox(this);
mb->setText("The given key is wrong.");
mb->setWindowTitle("Information");
mb->exec();
this->close();
}*/
if(!reCipher->exactMatch(leCipher->text())){
mb = new QMessageBox(this);
mb->setText("The given name doesn't respect the given format.");
mb->setWindowTitle("Information");
mb->exec();
this->close();
}
}
// not actually needed, it is done by derivePassphrase
out:
if(hd)
gcry_md_close(hd);
}
int main(int argc, char **argv)
{
int ret;
setlocale(LC_ALL, "");
if (argc != 3) {
wprintf(L"Usage: psafe file.psafe3 passphrase");
exit(EXIT_FAILURE);
}
init_crypto(64*1024);
size_t sz;
uint8_t *ptr;
ptr = mapfile_ro(argv[1], &sz);
if (ptr == NULL)
err(1, "%s", argv[1]);
struct psafe3_pro *pro;
pro = (struct psafe3_pro *)(ptr + 4);
struct safe_sec *sec;
sec = gcry_malloc_secure(sizeof(*sec));
ret = stretch_and_check_pass(argv[2], strlen(argv[2]), pro, sec);
if (ret != 0) {
gcry_free(sec);
wprintf(L"Invalid password.\n");
exit(1);
}
uint8_t *safe;
size_t safe_size;
safe_size = sz - (4 + sizeof(*pro) + 48);
assert(safe_size > 0);
assert(safe_size % TWOF_BLKSIZE == 0);
safe = gcry_malloc_secure(safe_size);
assert(safe != NULL);
gcry_error_t gerr;
struct decrypt_ctx ctx;
if (init_decrypt_ctx(&ctx, pro, sec) < 0)
gcrypt_fatal(ctx.gerr);
size_t bcnt;
bcnt = safe_size / TWOF_BLKSIZE;
assert(bcnt > 0);
uint8_t *encp;
uint8_t *safep;
encp = ptr + 4 + sizeof(*pro);
safep = safe;
while (bcnt--) {
gerr = gcry_cipher_decrypt(ctx.cipher, safep, TWOF_BLKSIZE, encp, TWOF_BLKSIZE);
if (gerr != GPG_ERR_NO_ERROR)
gcrypt_fatal(gerr);
safep += TWOF_BLKSIZE;
encp += TWOF_BLKSIZE;
}
enum { HDR, DB };
int state = HDR;
safep = safe;
while (safep < safe + safe_size) {
struct field *fld;
fld = (struct field *)safep;
wprintf(L"len=%-3u type=%02x ", fld->len, fld->type);
if (state == DB)
db_print(stdout, fld);
else
hd_print(stdout, fld);
if (fld->type == 0xff)
state = DB;
putwc('\n', stdout);
if (fld->len)
gcry_md_write(ctx.hmac, safep + sizeof(*fld), fld->len);
safep += ((fld->len + 5 + 15) / TWOF_BLKSIZE) * TWOF_BLKSIZE;
}
assert(memcmp(ptr + (sz - 48), "PWS3-EOFPWS3-EOF", TWOF_BLKSIZE) == 0);
#define EOL() putwc('\n', stdout)
EOL();
print_prologue(stdout, pro);
wprintf(L"KEY "); printhex(stdout, sec->pprime, 32); EOL();
wprintf(L"H(KEY) "); printhex(stdout, pro->h_pprime, 32); EOL();
gcry_md_final(ctx.hmac);
wprintf(L"HMAC' ");
uint8_t hmac[32];
memmove(hmac, gcry_md_read(ctx.hmac, GCRY_MD_SHA256), 32);
printhex(stdout, hmac, 32);
EOL();
wprintf(L"HMAC ");
printhex(stdout, ptr + (sz - 32), 32);
EOL();
#undef EOL
gcry_free(safe);
gcry_free(sec);
unmapfile(ptr, sz);
term_decrypt_ctx(&ctx);
exit(0);
}
/****************
* Scan the provided buffer and return the S expression in our internal
* format. Returns a newly allocated expression. If erroff is not NULL and
* a parsing error has occurred, the offset into buffer will be returned.
* If ARGFLAG is true, the function supports some printf like
* expressions.
* These are:
* %m - MPI
* %s - string (no autoswitch to secure allocation)
* %d - integer stored as string (no autoswitch to secure allocation)
* %b - memory buffer; this takes _two_ arguments: an integer with the
* length of the buffer and a pointer to the buffer.
* %S - Copy an gcry_sexp_t here. The S-expression needs to be a
* regular one, starting with a parenthesis.
* (no autoswitch to secure allocation)
* all other format elements are currently not defined and return an error.
* this includes the "%%" sequence becauce the percent sign is not an
* allowed character.
* FIXME: We should find a way to store the secure-MPIs not in the string
* but as reference to somewhere - this can help us to save huge amounts
* of secure memory. The problem is, that if only one element is secure, all
* other elements are automagicaly copied to secure memory too, so the most
* common operation gcry_sexp_cdr_mpi() will always return a secure MPI
* regardless whether it is needed or not.
*/
static gcry_error_t
vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
const char *buffer, size_t length, int argflag,
void **arg_list, va_list arg_ptr)
{
gcry_err_code_t err = 0;
static const char tokenchars[] =
"abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"0123456789-./_:*+=";
const char *p;
size_t n;
const char *digptr = NULL;
const char *quoted = NULL;
const char *tokenp = NULL;
const char *hexfmt = NULL;
const char *base64 = NULL;
const char *disphint = NULL;
const char *percent = NULL;
int hexcount = 0;
int quoted_esc = 0;
int datalen = 0;
size_t dummy_erroff;
struct make_space_ctx c;
int arg_counter = 0;
int level = 0;
if (!erroff)
erroff = &dummy_erroff;
/* Depending on whether ARG_LIST is non-zero or not, this macro gives
us the next argument, either from the variable argument list as
specified by ARG_PTR or from the argument array ARG_LIST. */
#define ARG_NEXT(storage, type) \
do \
{ \
if (!arg_list) \
storage = va_arg (arg_ptr, type); \
else \
storage = *((type *) (arg_list[arg_counter++])); \
} \
while (0)
/* The MAKE_SPACE macro is used before each store operation to
ensure that the buffer is large enough. It requires a global
context named C and jumps out to the label LEAVE on error! It
also sets ERROFF using the variables BUFFER and P. */
#define MAKE_SPACE(n) do { \
gpg_err_code_t _ms_err = make_space (&c, (n)); \
if (_ms_err) \
{ \
err = _ms_err; \
*erroff = p - buffer; \
goto leave; \
} \
} while (0)
/* The STORE_LEN macro is used to store the length N at buffer P. */
#define STORE_LEN(p,n) do { \
DATALEN ashort = (n); \
memcpy ( (p), &ashort, sizeof(ashort) ); \
(p) += sizeof (ashort); \
} while (0)
/* We assume that the internal representation takes less memory than
the provided one. However, we add space for one extra datalen so
that the code which does the ST_CLOSE can use MAKE_SPACE */
c.allocated = length + sizeof(DATALEN);
if (buffer && length && gcry_is_secure (buffer))
c.sexp = gcry_malloc_secure (sizeof *c.sexp + c.allocated - 1);
else
c.sexp = gcry_malloc (sizeof *c.sexp + c.allocated - 1);
if (!c.sexp)
{
err = gpg_err_code_from_errno (errno);
*erroff = 0;
goto leave;
}
c.pos = c.sexp->d;
for (p = buffer, n = length; n; p++, n--)
{
if (tokenp && !hexfmt)
{
if (strchr (tokenchars, *p))
continue;
else
{
datalen = p - tokenp;
MAKE_SPACE (datalen);
*c.pos++ = ST_DATA;
STORE_LEN (c.pos, datalen);
memcpy (c.pos, tokenp, datalen);
c.pos += datalen;
tokenp = NULL;
}
}
if (quoted)
{
if (quoted_esc)
{
switch (*p)
{
case 'b': case 't': case 'v': case 'n': case 'f':
case 'r': case '"': case '\'': case '\\':
quoted_esc = 0;
break;
case '0': case '1': case '2': case '3': case '4':
case '5': case '6': case '7':
if (!((n > 2)
&& (p[1] >= '0') && (p[1] <= '7')
&& (p[2] >= '0') && (p[2] <= '7')))
{
*erroff = p - buffer;
/* Invalid octal value. */
err = GPG_ERR_SEXP_BAD_QUOTATION;
goto leave;
}
p += 2;
n -= 2;
quoted_esc = 0;
break;
case 'x':
if (!((n > 2) && hexdigitp (p+1) && hexdigitp (p+2)))
{
*erroff = p - buffer;
/* Invalid hex value. */
err = GPG_ERR_SEXP_BAD_QUOTATION;
goto leave;
}
p += 2;
n -= 2;
quoted_esc = 0;
break;
case '\r':
/* ignore CR[,LF] */
if (n && (p[1] == '\n'))
{
p++;
n--;
}
quoted_esc = 0;
break;
case '\n':
/* ignore LF[,CR] */
if (n && (p[1] == '\r'))
{
p++;
n--;
}
quoted_esc = 0;
break;
default:
*erroff = p - buffer;
/* Invalid quoted string escape. */
err = GPG_ERR_SEXP_BAD_QUOTATION;
goto leave;
}
}
else if (*p == '\\')
quoted_esc = 1;
else if (*p == '\"')
{
/* Keep it easy - we know that the unquoted string will
never be larger. */
unsigned char *save;
size_t len;
quoted++; /* Skip leading quote. */
MAKE_SPACE (p - quoted);
*c.pos++ = ST_DATA;
save = c.pos;
STORE_LEN (c.pos, 0); /* Will be fixed up later. */
len = unquote_string (quoted, p - quoted, c.pos);
c.pos += len;
STORE_LEN (save, len);
quoted = NULL;
}
}
else if (hexfmt)
{
if (isxdigit (*p))
hexcount++;
else if (*p == '#')
{
if ((hexcount & 1))
{
*erroff = p - buffer;
err = GPG_ERR_SEXP_ODD_HEX_NUMBERS;
goto leave;
}
datalen = hexcount / 2;
MAKE_SPACE (datalen);
*c.pos++ = ST_DATA;
STORE_LEN (c.pos, datalen);
for (hexfmt++; hexfmt < p; hexfmt++)
{
int tmpc;
if (whitespacep (hexfmt))
continue;
tmpc = hextonibble (*(const unsigned char*)hexfmt);
for (hexfmt++; hexfmt < p && whitespacep (hexfmt); hexfmt++)
;
if (hexfmt < p)
{
tmpc *= 16;
tmpc += hextonibble (*(const unsigned char*)hexfmt);
}
*c.pos++ = tmpc;
}
hexfmt = NULL;
}
else if (!whitespacep (p))
{
*erroff = p - buffer;
err = GPG_ERR_SEXP_BAD_HEX_CHAR;
goto leave;
}
}
else if (base64)
{
if (*p == '|')
base64 = NULL;
}
else if (digptr)
{
if (digitp (p))
;
else if (*p == ':')
{
datalen = atoi (digptr); /* FIXME: check for overflow. */
digptr = NULL;
if (datalen > n - 1)
{
*erroff = p - buffer;
/* Buffer too short. */
err = GPG_ERR_SEXP_STRING_TOO_LONG;
goto leave;
}
/* Make a new list entry. */
MAKE_SPACE (datalen);
*c.pos++ = ST_DATA;
STORE_LEN (c.pos, datalen);
memcpy (c.pos, p + 1, datalen);
c.pos += datalen;
n -= datalen;
p += datalen;
}
else if (*p == '\"')
{
digptr = NULL; /* We ignore the optional length. */
quoted = p;
quoted_esc = 0;
}
else if (*p == '#')
{
digptr = NULL; /* We ignore the optional length. */
hexfmt = p;
hexcount = 0;
}
else if (*p == '|')
{
digptr = NULL; /* We ignore the optional length. */
base64 = p;
}
else
{
*erroff = p - buffer;
err = GPG_ERR_SEXP_INV_LEN_SPEC;
goto leave;
}
}
else if (percent)
{
if (*p == 'm' || *p == 'M')
{
/* Insert an MPI. */
gcry_mpi_t m;
size_t nm = 0;
int mpifmt = *p == 'm'? GCRYMPI_FMT_STD: GCRYMPI_FMT_USG;
ARG_NEXT (m, gcry_mpi_t);
if (gcry_mpi_get_flag (m, GCRYMPI_FLAG_OPAQUE))
{
void *mp;
unsigned int nbits;
mp = gcry_mpi_get_opaque (m, &nbits);
nm = (nbits+7)/8;
if (mp && nm)
{
MAKE_SPACE (nm);
if (!gcry_is_secure (c.sexp->d)
&& gcry_mpi_get_flag (m, GCRYMPI_FLAG_SECURE))
{
/* We have to switch to secure allocation. */
gcry_sexp_t newsexp;
byte *newhead;
newsexp = gcry_malloc_secure (sizeof *newsexp
+ c.allocated - 1);
if (!newsexp)
{
err = gpg_err_code_from_errno (errno);
goto leave;
}
newhead = newsexp->d;
memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
c.pos = newhead + (c.pos - c.sexp->d);
gcry_free (c.sexp);
c.sexp = newsexp;
}
*c.pos++ = ST_DATA;
STORE_LEN (c.pos, nm);
memcpy (c.pos, mp, nm);
c.pos += nm;
}
}
else
{
if (gcry_mpi_print (mpifmt, NULL, 0, &nm, m))
BUG ();
MAKE_SPACE (nm);
if (!gcry_is_secure (c.sexp->d)
&& gcry_mpi_get_flag ( m, GCRYMPI_FLAG_SECURE))
{
/* We have to switch to secure allocation. */
gcry_sexp_t newsexp;
byte *newhead;
newsexp = gcry_malloc_secure (sizeof *newsexp
+ c.allocated - 1);
if (!newsexp)
{
err = gpg_err_code_from_errno (errno);
goto leave;
}
newhead = newsexp->d;
memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
c.pos = newhead + (c.pos - c.sexp->d);
gcry_free (c.sexp);
c.sexp = newsexp;
}
*c.pos++ = ST_DATA;
STORE_LEN (c.pos, nm);
if (gcry_mpi_print (mpifmt, c.pos, nm, &nm, m))
BUG ();
c.pos += nm;
}
}
else if (*p == 's')
{
/* Insert an string. */
const char *astr;
size_t alen;
ARG_NEXT (astr, const char *);
alen = strlen (astr);
MAKE_SPACE (alen);
*c.pos++ = ST_DATA;
STORE_LEN (c.pos, alen);
memcpy (c.pos, astr, alen);
c.pos += alen;
}
else if (*p == 'b')
{
/* Insert a memory buffer. */
const char *astr;
int alen;
ARG_NEXT (alen, int);
ARG_NEXT (astr, const char *);
MAKE_SPACE (alen);
if (alen
&& !gcry_is_secure (c.sexp->d)
&& gcry_is_secure (astr))
{
/* We have to switch to secure allocation. */
gcry_sexp_t newsexp;
byte *newhead;
newsexp = gcry_malloc_secure (sizeof *newsexp
+ c.allocated - 1);
if (!newsexp)
{
err = gpg_err_code_from_errno (errno);
goto leave;
}
newhead = newsexp->d;
memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
c.pos = newhead + (c.pos - c.sexp->d);
gcry_free (c.sexp);
c.sexp = newsexp;
}
*c.pos++ = ST_DATA;
STORE_LEN (c.pos, alen);
memcpy (c.pos, astr, alen);
c.pos += alen;
}
else if (*p == 'd')
{
/* Insert an integer as string. */
int aint;
size_t alen;
char buf[35];
ARG_NEXT (aint, int);
sprintf (buf, "%d", aint);
alen = strlen (buf);
MAKE_SPACE (alen);
*c.pos++ = ST_DATA;
STORE_LEN (c.pos, alen);
memcpy (c.pos, buf, alen);
c.pos += alen;
}
else if (*p == 'u')
{
/* Insert an unsigned integer as string. */
unsigned int aint;
size_t alen;
char buf[35];
ARG_NEXT (aint, unsigned int);
sprintf (buf, "%u", aint);
alen = strlen (buf);
MAKE_SPACE (alen);
*c.pos++ = ST_DATA;
STORE_LEN (c.pos, alen);
memcpy (c.pos, buf, alen);
c.pos += alen;
}
else if (*p == 'S')
{
/* Insert a gcry_sexp_t. */
gcry_sexp_t asexp;
size_t alen, aoff;
ARG_NEXT (asexp, gcry_sexp_t);
alen = get_internal_buffer (asexp, &aoff);
if (alen)
{
MAKE_SPACE (alen);
memcpy (c.pos, asexp->d + aoff, alen);
c.pos += alen;
}
}
else
{
*erroff = p - buffer;
/* Invalid format specifier. */
err = GPG_ERR_SEXP_INV_LEN_SPEC;
goto leave;
}
percent = NULL;
}
else if (*p == '(')
{
if (disphint)
{
*erroff = p - buffer;
/* Open display hint. */
err = GPG_ERR_SEXP_UNMATCHED_DH;
goto leave;
}
MAKE_SPACE (0);
*c.pos++ = ST_OPEN;
level++;
}
else if (*p == ')')
{
/* Walk up. */
if (disphint)
{
*erroff = p - buffer;
/* Open display hint. */
err = GPG_ERR_SEXP_UNMATCHED_DH;
goto leave;
}
MAKE_SPACE (0);
*c.pos++ = ST_CLOSE;
level--;
}
else if (*p == '\"')
{
quoted = p;
quoted_esc = 0;
}
else if (*p == '#')
{
hexfmt = p;
hexcount = 0;
}
else if (*p == '|')
base64 = p;
else if (*p == '[')
{
if (disphint)
{
*erroff = p - buffer;
/* Open display hint. */
err = GPG_ERR_SEXP_NESTED_DH;
goto leave;
}
disphint = p;
}
else if (*p == ']')
{
if (!disphint)
{
*erroff = p - buffer;
/* Open display hint. */
err = GPG_ERR_SEXP_UNMATCHED_DH;
goto leave;
}
disphint = NULL;
}
else if (digitp (p))
{
if (*p == '0')
{
/* A length may not begin with zero. */
*erroff = p - buffer;
err = GPG_ERR_SEXP_ZERO_PREFIX;
goto leave;
}
digptr = p;
}
else if (strchr (tokenchars, *p))
tokenp = p;
else if (whitespacep (p))
;
else if (*p == '{')
{
/* fixme: handle rescanning: we can do this by saving our
current state and start over at p+1 -- Hmmm. At this
point here we are in a well defined state, so we don't
need to save it. Great. */
*erroff = p - buffer;
err = GPG_ERR_SEXP_UNEXPECTED_PUNC;
goto leave;
}
else if (strchr ("&\\", *p))
{
/* Reserved punctuation. */
*erroff = p - buffer;
err = GPG_ERR_SEXP_UNEXPECTED_PUNC;
goto leave;
}
else if (argflag && (*p == '%'))
percent = p;
else
{
/* Bad or unavailable. */
*erroff = p - buffer;
err = GPG_ERR_SEXP_BAD_CHARACTER;
goto leave;
}
}
MAKE_SPACE (0);
*c.pos++ = ST_STOP;
if (level && !err)
err = GPG_ERR_SEXP_UNMATCHED_PAREN;
leave:
if (err)
{
/* Error -> deallocate. */
if (c.sexp)
{
/* Extra paranoid wipe on error. */
if (gcry_is_secure (c.sexp))
wipememory (c.sexp, sizeof (struct gcry_sexp) + c.allocated - 1);
gcry_free (c.sexp);
}
/* This might be expected by existing code... */
*retsexp = NULL;
}
else
*retsexp = normalize (c.sexp);
return gcry_error (err);
#undef MAKE_SPACE
#undef STORE_LEN
}
/* Create an OTR Data message. Pass the plaintext as msg, and an
* optional chain of TLVs. A newly-allocated string will be returned in
* *encmessagep. */
gcry_error_t otrl_proto_create_data(char **encmessagep, ConnContext *context,
const char *msg, const OtrlTLV *tlvs, unsigned char flags)
{
size_t justmsglen = strlen(msg);
size_t msglen = justmsglen + 1 + otrl_tlv_seriallen(tlvs);
size_t buflen;
size_t pubkeylen;
unsigned char *buf = NULL;
unsigned char *bufp;
size_t lenp;
DH_sesskeys *sess = &(context->sesskeys[1][0]);
gcry_error_t err;
size_t reveallen = 20 * context->numsavedkeys;
size_t base64len;
char *base64buf = NULL;
unsigned char *msgbuf = NULL;
enum gcry_mpi_format format = GCRYMPI_FMT_USG;
char *msgdup;
int version = context->protocol_version;
/* Make sure we're actually supposed to be able to encrypt */
if (context->msgstate != OTRL_MSGSTATE_ENCRYPTED ||
context->their_keyid == 0) {
return gcry_error(GPG_ERR_CONFLICT);
}
/* We need to copy the incoming msg, since it might be an alias for
* context->lastmessage, which we'll be freeing soon. */
msgdup = gcry_malloc_secure(justmsglen + 1);
if (msgdup == NULL) {
return gcry_error(GPG_ERR_ENOMEM);
}
strcpy(msgdup, msg);
*encmessagep = NULL;
/* Header, send keyid, recv keyid, counter, msg len, msg
* len of revealed mac keys, revealed mac keys, MAC */
buflen = 3 + (version == 2 ? 1 : 0) + 4 + 4 + 8 + 4 + msglen +
4 + reveallen + 20;
gcry_mpi_print(format, NULL, 0, &pubkeylen, context->our_dh_key.pub);
buflen += pubkeylen + 4;
buf = malloc(buflen);
msgbuf = gcry_malloc_secure(msglen);
if (buf == NULL || msgbuf == NULL) {
free(buf);
gcry_free(msgbuf);
gcry_free(msgdup);
return gcry_error(GPG_ERR_ENOMEM);
}
memmove(msgbuf, msgdup, justmsglen);
msgbuf[justmsglen] = '\0';
otrl_tlv_serialize(msgbuf + justmsglen + 1, tlvs);
bufp = buf;
lenp = buflen;
if (version == 1) {
memmove(bufp, "\x00\x01\x03", 3); /* header */
} else {
memmove(bufp, "\x00\x02\x03", 3); /* header */
}
debug_data("Header", bufp, 3);
bufp += 3; lenp -= 3;
if (version == 2) {
bufp[0] = flags;
bufp += 1; lenp -= 1;
}
write_int(context->our_keyid-1); /* sender keyid */
debug_int("Sender keyid", bufp-4);
write_int(context->their_keyid); /* recipient keyid */
debug_int("Recipient keyid", bufp-4);
write_mpi(context->our_dh_key.pub, pubkeylen, "Y"); /* Y */
otrl_dh_incctr(sess->sendctr);
memmove(bufp, sess->sendctr, 8); /* Counter (top 8 bytes only) */
debug_data("Counter", bufp, 8);
bufp += 8; lenp -= 8;
write_int(msglen); /* length of encrypted data */
debug_int("Msg len", bufp-4);
err = gcry_cipher_reset(sess->sendenc);
if (err) goto err;
err = gcry_cipher_setctr(sess->sendenc, sess->sendctr, 16);
if (err) goto err;
err = gcry_cipher_encrypt(sess->sendenc, bufp, msglen, msgbuf, msglen);
if (err) goto err; /* encrypted data */
debug_data("Enc data", bufp, msglen);
bufp += msglen;
lenp -= msglen;
gcry_md_reset(sess->sendmac);
gcry_md_write(sess->sendmac, buf, bufp-buf);
memmove(bufp, gcry_md_read(sess->sendmac, GCRY_MD_SHA1), 20);
debug_data("MAC", bufp, 20);
bufp += 20; /* MAC */
lenp -= 20;
write_int(reveallen); /* length of revealed MAC keys */
debug_int("Revealed MAC length", bufp-4);
if (reveallen > 0) {
memmove(bufp, context->saved_mac_keys, reveallen);
debug_data("Revealed MAC data", bufp, reveallen);
bufp += reveallen; lenp -= reveallen;
free(context->saved_mac_keys);
context->saved_mac_keys = NULL;
context->numsavedkeys = 0;
}
assert(lenp == 0);
/* Make the base64-encoding. */
base64len = ((buflen + 2) / 3) * 4;
base64buf = malloc(5 + base64len + 1 + 1);
if (base64buf == NULL) {
err = gcry_error(GPG_ERR_ENOMEM);
goto err;
}
memmove(base64buf, "?OTR:", 5);
otrl_base64_encode(base64buf+5, buf, buflen);
base64buf[5 + base64len] = '.';
base64buf[5 + base64len + 1] = '\0';
free(buf);
gcry_free(msgbuf);
*encmessagep = base64buf;
gcry_free(context->lastmessage);
context->lastmessage = NULL;
context->may_retransmit = 0;
if (msglen > 0) {
const char *prefix = "[resent] ";
size_t prefixlen = strlen(prefix);
if (!strncmp(prefix, msgdup, prefixlen)) {
/* The prefix is already there. Don't add it again. */
prefix = "";
prefixlen = 0;
}
context->lastmessage = gcry_malloc_secure(prefixlen + justmsglen + 1);
if (context->lastmessage) {
strcpy(context->lastmessage, prefix);
strcat(context->lastmessage, msgdup);
}
}
gcry_free(msgdup);
return gcry_error(GPG_ERR_NO_ERROR);
err:
free(buf);
gcry_free(msgbuf);
gcry_free(msgdup);
*encmessagep = NULL;
return err;
}
/* Handle the NEEDPIN inquiry. */
static gpg_error_t
inq_needpin (void *opaque, const char *line)
{
struct inq_needpin_s *parm = opaque;
const char *s;
char *pin;
size_t pinlen;
int rc;
parm->any_inq_seen = 1;
if ((s = has_leading_keyword (line, "NEEDPIN")))
{
line = s;
pinlen = 90;
pin = gcry_malloc_secure (pinlen);
if (!pin)
return out_of_core ();
rc = parm->getpin_cb (parm->getpin_cb_arg, line, pin, pinlen);
if (!rc)
rc = assuan_send_data (parm->ctx, pin, pinlen);
xfree (pin);
}
else if ((s = has_leading_keyword (line, "POPUPPINPADPROMPT")))
{
rc = parm->getpin_cb (parm->getpin_cb_arg, s, NULL, 1);
}
else if ((s = has_leading_keyword (line, "DISMISSPINPADPROMPT")))
{
rc = parm->getpin_cb (parm->getpin_cb_arg, "", NULL, 0);
}
else if (parm->passthru)
{
unsigned char *value;
size_t valuelen;
int rest;
int needrest = !strncmp (line, "KEYDATA", 8);
/* Pass the inquiry up to our caller. We limit the maximum
amount to an arbitrary value. As we know that the KEYDATA
enquiry is pretty sensitive we disable logging then */
if ((rest = (needrest
&& !assuan_get_flag (parm->passthru, ASSUAN_CONFIDENTIAL))))
assuan_begin_confidential (parm->passthru);
rc = assuan_inquire (parm->passthru, line, &value, &valuelen, 8096);
if (rest)
assuan_end_confidential (parm->passthru);
if (!rc)
{
if ((rest = (needrest
&& !assuan_get_flag (parm->ctx, ASSUAN_CONFIDENTIAL))))
assuan_begin_confidential (parm->ctx);
rc = assuan_send_data (parm->ctx, value, valuelen);
if (rest)
assuan_end_confidential (parm->ctx);
xfree (value);
}
else
log_error ("error forwarding inquiry '%s': %s\n",
line, gpg_strerror (rc));
}
else
{
log_error ("unsupported inquiry '%s'\n", line);
rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
}
return rc;
}
