Gc_rc
gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf)
{
switch (hash)
{
#ifdef GNULIB_GC_MD2
case GC_MD2:
md2_buffer (in, inlen, resbuf);
break;
#endif
#ifdef GNULIB_GC_MD4
case GC_MD4:
md4_buffer (in, inlen, resbuf);
break;
#endif
#ifdef GNULIB_GC_MD5
case GC_MD5:
md5_buffer (in, inlen, resbuf);
break;
#endif
#ifdef GNULIB_GC_SHA1
case GC_SHA1:
sha1_buffer (in, inlen, resbuf);
break;
#endif
default:
return GC_INVALID_HASH;
}
return GC_OK;
}
static bool init_pcr_info(uint32_t locality,
tpm_locality_selection_t release_locs,
uint32_t nr_create, const uint8_t indcs_create[],
uint32_t nr_release, const uint8_t indcs_release[],
const tpm_pcr_value_t *values_release[],
tpm_pcr_info_long_t *pcr_info)
{
uint32_t offset;
uint32_t i, blob_size;
static tpm_locality_selection_t localities[TPM_NR_LOCALITIES] = {
TPM_LOC_ZERO, TPM_LOC_ONE, TPM_LOC_TWO, TPM_LOC_THREE, TPM_LOC_FOUR
};
if ( (release_locs & TPM_LOC_RSVD) != 0 )
return TPM_BAD_PARAMETER;
if ( pcr_info == NULL )
return TPM_BAD_PARAMETER;
if ( locality >= TPM_NR_LOCALITIES )
return TPM_BAD_PARAMETER;
if ( indcs_create == NULL )
nr_create = 0;
if ( indcs_release == NULL || values_release == NULL )
nr_release = 0;
for ( i = 0; i < nr_create; i++ )
if ( indcs_create[i] >= TPM_NR_PCRS )
return TPM_BAD_PARAMETER;
for ( i = 0; i < nr_release; i++ ) {
if ( indcs_release[i] >= TPM_NR_PCRS || values_release[i] == NULL )
return TPM_BAD_PARAMETER;
}
memset(pcr_info, 0, sizeof(*pcr_info));
pcr_info->tag = TPM_TAG_PCR_INFO_LONG;
pcr_info->locality_at_creation = localities[locality];
pcr_info->locality_at_release = release_locs;
pcr_info->creation_pcr_selection.size_of_select = 3;
for ( i = 0; i < nr_create; i++ )
pcr_info->creation_pcr_selection.pcr_select[indcs_create[i]/8] |=
1 << (indcs_create[i] % 8);
pcr_info->release_pcr_selection.size_of_select = 3;
for ( i = 0; i < nr_release; i++ )
pcr_info->release_pcr_selection.pcr_select[indcs_release[i]/8] |=
1 << (indcs_release[i] % 8);
if ( nr_release > 0 ) {
offset = 0;
UNLOAD_PCR_SELECTION(WRAPPER_IN_BUF, offset,
&pcr_info->release_pcr_selection);
blob_size = sizeof(tpm_pcr_value_t) * nr_release;
UNLOAD_INTEGER(WRAPPER_IN_BUF, offset, blob_size);
for ( i = 0; i < nr_release; i++ )
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, values_release[i]);
sha1_buffer(WRAPPER_IN_BUF, offset,
(uint8_t *)&pcr_info->digest_at_release);
}
return true;
}
Eina_Bool
shotgun_emoticon_custom_add(Shotgun_Auth *auth, const char *file, const char *text, const char *type)
{
Shotgun_Custom_Emoticon *emo;
char *data_base64,
tmp_cid[63];
size_t len,
len64;
const char *sha1;
Eina_File *fh;
const unsigned char *data;
EINA_SAFETY_ON_NULL_RETURN_VAL(auth, EINA_FALSE);
EINA_SAFETY_ON_NULL_RETURN_VAL(file, EINA_FALSE);
EINA_SAFETY_ON_NULL_RETURN_VAL(text, EINA_FALSE);
EINA_SAFETY_ON_NULL_RETURN_VAL(type, EINA_FALSE);
fh = eina_file_open(file, EINA_FALSE);
if (!fh)
{
ERR("Couldnt open file %s", file);
return EINA_FALSE;
}
len = eina_file_size_get(fh);
data = (const unsigned char *)eina_file_map_all(fh, EINA_FILE_SEQUENTIAL);
DBG("data[%p] len=%ld", data, len);
DBG("data[1] = %c", data[1]);
sha1 = sha1_buffer(data, len);
data_base64 = shotgun_base64_encode(data, len, &len64);
eina_file_map_free(fh, (void *)data);
eina_file_close(fh);
emo = calloc(1, sizeof(Shotgun_Custom_Emoticon));
if (!emo) return EINA_FALSE;
emo->file = eina_stringshare_add(file);
emo->text = strdup(text);
emo->type = strdup(type);
emo->data_base64 = data_base64;
sprintf(tmp_cid, "cid:sha1+%[email protected]", sha1);
emo->cid = strdup(tmp_cid);
auth->custom_emoticons = eina_inlist_append(auth->custom_emoticons, EINA_INLIST_GET(emo));
return EINA_TRUE;
}
static void calc_pcr_composition(uint32_t nr, const uint8_t indcs[],
const tpm_pcr_value_t *values[],
tpm_composite_hash_t *composite)
{
uint32_t i, offset, blob_size;
tpm_pcr_selection_t sel;
if ( nr == 0 || indcs == NULL || values == NULL || composite == NULL)
return;
sel.size_of_select = 3;
sel.pcr_select[0] = sel.pcr_select[1] = sel.pcr_select[2] = 0;
for ( i = 0; i < nr; i++ )
sel.pcr_select[indcs[i]/8] |= 1 << (indcs[i] % 8);
offset = 0;
UNLOAD_PCR_SELECTION(WRAPPER_IN_BUF, offset, &sel);
blob_size = sizeof(tpm_pcr_value_t) * nr;
UNLOAD_INTEGER(WRAPPER_IN_BUF, offset, blob_size);
for ( i = 0; i < nr; i++ )
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, values[i]);
sha1_buffer(WRAPPER_IN_BUF, offset, (uint8_t *)composite);
}
int
main (void)
{
const char *in1 = "abcdefgh";
const char *out1 = "\x42\x5a\xf1\x2a\x07\x43\x50\x2b"
"\x32\x2e\x93\xa0\x15\xbc\xf8\x68\xe3\x24\xd5\x6a";
char buf[SHA1_DIGEST_SIZE];
if (memcmp (sha1_buffer (in1, strlen (in1), buf),
out1, SHA1_DIGEST_SIZE) != 0)
{
size_t i;
printf ("expected:\n");
for (i = 0; i < SHA1_DIGEST_SIZE; i++)
printf ("%02x ", out1[i] & 0xFF);
printf ("\ncomputed:\n");
for (i = 0; i < SHA1_DIGEST_SIZE; i++)
printf ("%02x ", buf[i] & 0xFF);
printf ("\n");
return 1;
}
return 0;
}
Gc_rc
gc_sha1 (const void *in, size_t inlen, void *resbuf)
{
sha1_buffer (in, inlen, resbuf);
return GC_OK;
}
static uint32_t _tpm_wrap_unseal(uint32_t locality, const uint8_t *in_data,
uint32_t *secret_size, uint8_t *secret)
{
uint32_t ret;
tpm_nonce_t odd_osap, even_osap;
tpm_nonce_t nonce_even, nonce_odd, nonce_even_d, nonce_odd_d;
tpm_authhandle_t hauth, hauth_d;
tpm_authdata_t shared_secret;
tpm_authdata_t pub_auth, res_auth, pub_auth_d, res_auth_d;
uint8_t cont_session = false, cont_session_d = false;
tpm_key_handle_t hkey = TPM_KH_SRK;
uint32_t offset;
uint32_t ordinal = TPM_ORD_UNSEAL;
tpm_digest_t digest;
/* skip generate nonce for odd_osap, just use the random value in stack */
/* establish a osap session */
ret = tpm_osap(locality, TPM_ET_SRK, TPM_KH_SRK, &odd_osap, &hauth,
&nonce_even, &even_osap);
if ( ret != TPM_SUCCESS )
return ret;
/* calculate the shared secret
shared-secret = HMAC(auth, even_osap || odd_osap) */
offset = 0;
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &even_osap);
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &odd_osap);
HMAC_SHA1((uint8_t *)&srk_authdata, sizeof(srk_authdata),
WRAPPER_IN_BUF, offset,
(uint8_t *)&shared_secret);
/* establish a oiap session */
ret = tpm_oiap(locality, &hauth_d, &nonce_even_d);
if ( ret != TPM_SUCCESS )
return ret;
/* skip generate nonce_odd & nonce_odd_d, just use the random values */
/* calculate authdata */
/* in_param_digest = sha1(1S ~ 6S) */
offset = 0;
UNLOAD_INTEGER(WRAPPER_IN_BUF, offset, ordinal);
UNLOAD_STORED_DATA12(WRAPPER_IN_BUF, offset, in_data);
sha1_buffer(WRAPPER_IN_BUF, offset, (uint8_t *)&digest);
/* authdata1 = hmac(key, in_param_digest || auth_params1) */
offset = 0;
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &digest);
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &nonce_even);
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &nonce_odd);
UNLOAD_INTEGER(WRAPPER_IN_BUF, offset, cont_session);
HMAC_SHA1((uint8_t *)&shared_secret, sizeof(shared_secret),
WRAPPER_IN_BUF, offset,
(uint8_t *)&pub_auth);
/* authdata2 = hmac(key, in_param_digest || auth_params2) */
offset = 0;
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &digest);
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &nonce_even_d);
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &nonce_odd_d);
UNLOAD_INTEGER(WRAPPER_IN_BUF, offset, cont_session_d);
HMAC_SHA1((uint8_t *)&blob_authdata, sizeof(blob_authdata),
WRAPPER_IN_BUF, offset,
(uint8_t *)&pub_auth_d);
/* call the simple seal function */
ret = _tpm_unseal(locality, hkey, in_data,
hauth, &nonce_odd, &cont_session,
(const tpm_authdata_t *)&pub_auth,
hauth_d, &nonce_odd_d, &cont_session_d,
(const tpm_authdata_t *)&pub_auth_d,
secret_size, secret,
&nonce_even, &res_auth, &nonce_even_d, &res_auth_d);
/* skip check for res_auth */
return ret;
}
static uint32_t _tpm_wrap_seal(uint32_t locality,
const tpm_pcr_info_long_t *pcr_info,
uint32_t in_data_size, const uint8_t *in_data,
uint32_t *sealed_data_size, uint8_t *sealed_data)
{
uint32_t ret;
tpm_nonce_t odd_osap, even_osap, nonce_even, nonce_odd;
tpm_authhandle_t hauth;
tpm_authdata_t shared_secret, pub_auth, res_auth;
tpm_encauth_t enc_auth;
uint8_t cont_session = false;
tpm_key_handle_t hkey = TPM_KH_SRK;
uint32_t pcr_info_size = sizeof(*pcr_info);
uint32_t offset;
uint32_t ordinal = TPM_ORD_SEAL;
tpm_digest_t digest;
/* skip generate nonce for odd_osap, just use the random value in stack */
/* establish a osap session */
ret = tpm_osap(locality, TPM_ET_SRK, TPM_KH_SRK, &odd_osap, &hauth,
&nonce_even, &even_osap);
if ( ret != TPM_SUCCESS )
return ret;
/* calculate the shared secret
shared-secret = HMAC(srk_auth, even_osap || odd_osap) */
offset = 0;
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &even_osap);
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &odd_osap);
HMAC_SHA1((uint8_t *)&srk_authdata, sizeof(srk_authdata),
WRAPPER_IN_BUF, offset,
(uint8_t *)&shared_secret);
/* generate ecrypted authdata for data
enc_auth = XOR(authdata, sha1(shared_secret || last_even_nonce)) */
offset = 0;
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &shared_secret);
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &nonce_even);
sha1_buffer(WRAPPER_IN_BUF, offset, (uint8_t *)&digest);
memcpy(&enc_auth, &blob_authdata, sizeof(blob_authdata));
XOR_BLOB_TYPE(&enc_auth, &digest);
/* skip generate nonce for nonce_odd, just use the random value in stack */
/* calculate authdata */
/* in_param_digest = sha1(1S ~ 6S) */
offset = 0;
UNLOAD_INTEGER(WRAPPER_IN_BUF, offset, ordinal);
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &enc_auth);
UNLOAD_INTEGER(WRAPPER_IN_BUF, offset, pcr_info_size);
UNLOAD_PCR_INFO_LONG(WRAPPER_IN_BUF, offset, pcr_info);
UNLOAD_INTEGER(WRAPPER_IN_BUF, offset, in_data_size);
UNLOAD_BLOB(WRAPPER_IN_BUF, offset, in_data, in_data_size);
sha1_buffer(WRAPPER_IN_BUF, offset, (uint8_t *)&digest);
/* authdata = hmac(key, in_param_digest || auth_params) */
offset = 0;
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &digest);
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &nonce_even);
UNLOAD_BLOB_TYPE(WRAPPER_IN_BUF, offset, &nonce_odd);
UNLOAD_INTEGER(WRAPPER_IN_BUF, offset, cont_session);
HMAC_SHA1((uint8_t *)&shared_secret, sizeof(shared_secret),
WRAPPER_IN_BUF, offset,
(uint8_t *)&pub_auth);
/* call the simple seal function */
ret = _tpm_seal(locality, hkey, (const tpm_encauth_t *)&enc_auth,
pcr_info_size, pcr_info, in_data_size, in_data,
hauth, &nonce_odd, &cont_session,
(const tpm_authdata_t *)&pub_auth,
sealed_data_size, sealed_data,
&nonce_even, &res_auth);
/* skip check for res_auth */
return ret;
}
UT_Error ODc_Crypto::performDecrypt(GsfInput* pStream,
unsigned char* salt, UT_uint32 salt_length, UT_uint32 iter_count,
unsigned char* ivec, const std::string& password, UT_uint32 decrypted_size,
GsfInput** pDecryptedInput)
{
unsigned char sha1_password[PASSWORD_HASH_LEN];
char key[PBKDF2_KEYLEN];
// get the sha1 sum of the password
sha1_buffer(&password[0], password.size(), sha1_password);
// create a PBKDF2 key from the sha1 sum
int k = pbkdf2_sha1 ((const char*)sha1_password, PASSWORD_HASH_LEN, (const char*)salt, salt_length, iter_count, key, PBKDF2_KEYLEN);
if (k != 0)
return UT_ERROR;
// create the decryption key
BF_KEY bf_key;
BF_set_key(&bf_key, PBKDF2_KEYLEN, (const unsigned char*)key);
// perform the actual decryption
UT_sint32 content_size = gsf_input_size(pStream);
if (content_size == -1)
return UT_ERROR;
const unsigned char* content = gsf_input_read(pStream, content_size, NULL);
if (!content)
return UT_ERROR;
int num = 0;
unsigned char* content_decrypted = (unsigned char*)g_malloc(content_size);
BF_cfb64_encrypt(content, content_decrypted, content_size, &bf_key, ivec, &num, BF_DECRYPT);
// deflate the decrypted content
z_stream zs;
zs.zalloc = Z_NULL;
zs.zfree = Z_NULL;
zs.opaque = Z_NULL;
zs.avail_in = 0;
zs.next_in = Z_NULL;
int err;
err = inflateInit2(&zs, -MAX_WBITS);
if (err != Z_OK)
return UT_ERROR;
unsigned char* decrypted = (unsigned char*)g_malloc(decrypted_size);
zs.avail_in = content_size;
zs.avail_out = decrypted_size;
zs.next_in = content_decrypted;
zs.next_out = decrypted;
err = inflate(&zs, Z_FINISH);
FREEP(content_decrypted);
if (err != Z_STREAM_END)
{
inflateEnd(&zs);
FREEP(decrypted);
return UT_ERROR;
}
inflateEnd(&zs);
*pDecryptedInput = gsf_input_memory_new(decrypted, decrypted_size, TRUE);
return UT_OK;
}
/*
* Reads and parses a metadata resource for an image in the WIM file.
*
* @imd:
* Pointer to the image metadata structure for the image whose metadata
* resource we are reading. Its `metadata_blob' member specifies the blob
* table entry for the metadata resource. The rest of the image metadata
* entry will be filled in by this function.
*
* Return values:
* WIMLIB_ERR_SUCCESS (0)
* WIMLIB_ERR_INVALID_METADATA_RESOURCE
* WIMLIB_ERR_NOMEM
* WIMLIB_ERR_READ
* WIMLIB_ERR_UNEXPECTED_END_OF_FILE
* WIMLIB_ERR_DECOMPRESSION
*/
int
read_metadata_resource(struct wim_image_metadata *imd)
{
const struct blob_descriptor *metadata_blob;
void *buf;
int ret;
u8 hash[SHA1_HASH_SIZE];
struct wim_security_data *sd;
struct wim_dentry *root;
metadata_blob = imd->metadata_blob;
/* Read the metadata resource into memory. (It may be compressed.) */
ret = read_blob_into_alloc_buf(metadata_blob, &buf);
if (ret)
return ret;
/* Checksum the metadata resource. */
sha1_buffer(buf, metadata_blob->size, hash);
if (!hashes_equal(metadata_blob->hash, hash)) {
ERROR("Metadata resource is corrupted "
"(invalid SHA-1 message digest)!");
ret = WIMLIB_ERR_INVALID_METADATA_RESOURCE;
goto out_free_buf;
}
/* Parse the metadata resource.
*
* Notes: The metadata resource consists of the security data, followed
* by the directory entry for the root directory, followed by all the
* other directory entries in the filesystem. The subdir offset field
* of each directory entry gives the start of its child entries from the
* beginning of the metadata resource. An end-of-directory is signaled
* by a directory entry of length '0', really of length 8, because
* that's how long the 'length' field is. */
ret = read_wim_security_data(buf, metadata_blob->size, &sd);
if (ret)
goto out_free_buf;
ret = read_dentry_tree(buf, metadata_blob->size, sd->total_length, &root);
if (ret)
goto out_free_security_data;
/* We have everything we need from the buffer now. */
FREE(buf);
buf = NULL;
/* Calculate and validate inodes. */
ret = dentry_tree_fix_inodes(root, &imd->inode_list);
if (ret)
goto out_free_dentry_tree;
fix_security_ids(imd, sd->num_entries);
/* Success; fill in the image_metadata structure. */
imd->root_dentry = root;
imd->security_data = sd;
INIT_LIST_HEAD(&imd->unhashed_blobs);
return 0;
out_free_dentry_tree:
free_dentry_tree(root, NULL);
out_free_security_data:
free_wim_security_data(sd);
out_free_buf:
FREE(buf);
return ret;
}
