コード例 #1
0
ファイル: gtmcrypt_ref.c プロジェクト: mihawk/fis-gtm 
/*
 * Initialize encryption if not yet initialized.
 *
 * Arguments:	flags	Encryption flags to use.
 *
 * Returns:	0 if encryption was initialized successfully; -1 otherwise.
 */
gtm_status_t gtmcrypt_init(gtm_int_t flags)
{
	int fips_requested, fips_enabled, rv;

	if (gtmcrypt_inited)
		return 0;
	if (0 != gc_load_gtmshr_symbols())
		return -1;
#	ifdef USE_GCRYPT
	gcry_set_log_handler(gtm_gcry_log_handler, NULL);
#	endif
	IS_FIPS_MODE_REQUESTED(fips_requested);
	if (fips_requested)
	{
#		ifdef USE_GCRYPT
#		ifndef GCRYPT_NO_FIPS
		if (0 != (rv = gcry_control(GCRYCTL_FORCE_FIPS_MODE)))
		{
			GC_APPEND_GCRY_ERROR(rv, "Failed to initialize FIPS mode.");
			return -1;
		}
#		endif
#		else
		ENABLE_FIPS_MODE(rv, fips_enabled);
		/* Relevant error detail populated in the above macro. */
		if (-1 == rv)
			return -1;
#		endif
	}
#	ifdef USE_GCRYPT
	if (0 != gc_sym_init())
		return -1;
#	endif
	GC_PK_INIT;
	/* Update $gtm_passwd for future invocation */
	if (0 != gc_update_passwd(GTM_PASSWD_ENV, &gtmcrypt_pwent, GTMCRYPT_DEFAULT_PASSWD_PROMPT,
					GTMCRYPT_OP_INTERACTIVE_MODE & flags))
	{
		return -1;
	}
	gtmcrypt_inited = TRUE;
	gtmcrypt_init_flags = flags;
	gtmcrypt_err_string[0] = '\0';
	if (0 != gc_pk_gpghome_has_permissions())
		return -1;
	return 0;
}
コード例 #2
0
ファイル: gtmcrypt_ref.c プロジェクト: ChristyV/fis-gtm 
/* Note: If any of the following macros fail, the error return happens within the macro. */
xc_status_t gtmcrypt_getkey_by_hash(xc_string_t *hash, gtmcrypt_key_t *handle)
{
	gtm_dbkeys_tbl	*entry;
	xc_status_t	status = GC_SUCCESS;
	int		err_caused_by_gpg;
	char		save_err[MAX_GTMCRYPT_ERR_STRLEN], hex_buff[GTMCRYPT_HASH_HEX_LEN + 1];
	char		*gpg_msg = "Verify encrypted key file and your GNUPGHOME settings";
	char		*correct_key_msg = "Verify encryption key in DB keys file";
	char		*alert_msg;

	*handle = INVALID_HANDLE;
	GC_VERIFY_INITED;
	gtmcrypt_err_string[0] = '\0';	/* discard any previously recorded error messages */
	entry = gc_dbk_get_entry_by_hash(hash);
	/* If the load below failed, don't continue */
	GC_DBK_RELOAD_IF_NEEDED(entry, status, NULL, hash->address);
	if (0 == status)
	{
		entry = gc_dbk_get_entry_by_hash(hash);
		if (NULL == entry)
		{	/* Lookup still failed. Verify if we have right permissions on GNUPGHOME or $HOME/.gnupg
			 * (if GNUPGHOME is unset). If not, then the below function will store the appropriate
			 * error message in err_string and so return GC_FAILURE.
			 */
			if (GC_SUCCESS != gc_pk_gpghome_has_permissions())
				return GC_FAILURE;
			err_caused_by_gpg = ('\0' != gtmcrypt_err_string[0]);
			alert_msg = (err_caused_by_gpg ? gpg_msg : correct_key_msg);
			GC_HEX(hash->address, hex_buff, GTMCRYPT_HASH_HEX_LEN);
			if (err_caused_by_gpg)
			{
				strcpy(save_err, gtmcrypt_err_string);
				UPDATE_ERROR_STRING("Expected hash - %s - %s. %s", hex_buff, save_err, alert_msg);
			} else
				UPDATE_ERROR_STRING("Expected hash - %s. %s", hex_buff, alert_msg);
			return GC_FAILURE;
		}
		*handle = entry->index;
	}
	return status;
}