void Gobby::CertificateManager::load_key()
{
const std::string& filename = m_preferences.security.key_file;
if(!filename.empty())
{
GError* error = NULL;
gnutls_x509_privkey_t key = inf_cert_util_read_private_key(
filename.c_str(), &error);
set_private_key(key, error);
if(error != NULL)
g_error_free(error);
}
else
{
set_private_key(NULL, NULL);
}
}
bool Server::SetPrivateKey(const OTPassword& key) const
{
if (CURVE_KEY_BYTES != key.getMemorySize()) {
otErr << OT_METHOD << __FUNCTION__ << ": Invalid private key."
<< std::endl;
return false;
}
return set_private_key(key.getMemory(), key.getMemorySize());
}
void Gobby::CertificateManager::set_private_key(gnutls_x509_privkey_t key,
const char* filename,
const GError* error)
{
if(error != NULL)
{
g_assert(key == NULL);
set_private_key(NULL, error);
}
else
{
GError* local_error = NULL;
if(filename != NULL)
{
m_conn_key_file.block();
m_preferences.security.key_file = filename;
m_conn_key_file.unblock();
if(key != NULL)
{
inf_cert_util_write_private_key(
key, filename, &local_error);
}
}
if(local_error != NULL)
{
set_private_key(NULL, local_error);
if(key != NULL) gnutls_x509_privkey_deinit(key);
g_error_free(local_error);
}
else
{
set_private_key(key, NULL);
}
}
}
bool Server::SetPrivateKey(const std::string& z85) const
{
if (CURVE_KEY_Z85_BYTES > z85.size()) {
otErr << OT_METHOD << __FUNCTION__ << ": Invalid private key size ("
<< z85.size() << ")" << std::endl;
return false;
}
std::array<std::uint8_t, CURVE_KEY_BYTES> key;
::zmq_z85_decode(key.data(), z85.data());
return set_private_key(key.data(), key.size());
}
void mailprivacy_smime_set_private_keys_dir(struct mailprivacy * privacy,
char * directory)
{
DIR * dir;
struct dirent * ent;
chash_clear(private_keys);
if (directory == NULL)
return;
if (* directory == '\0')
return;
strncpy(private_keys_dir, directory, sizeof(private_keys_dir));
private_keys_dir[sizeof(private_keys_dir) - 1] = '\0';
dir = opendir(directory);
if (dir == NULL)
return;
while ((ent = readdir(dir)) != NULL) {
char filename[PATH_MAX];
char email[PATH_MAX];
char * p;
snprintf(filename, sizeof(filename),
"%s/%s", directory, ent->d_name);
strncpy(email, ent->d_name, sizeof(email));
email[sizeof(email) - 1] = '\0';
p = strstr(email, PRIVATE_KEY_SUFFIX);
if (p == NULL)
continue;
if (strlen(p) != sizeof(PRIVATE_KEY_SUFFIX) - 1)
continue;
* p = 0;
if (* email == '\0')
continue;
set_private_key(privacy, email, filename);
}
closedir(dir);
}
struct item *asymmetric_decryption(struct item *key, struct item *item, char tag)
/*@ requires [?f]world(?pub, ?key_clsfy) &*& true == valid_tag(tag) &*&
principal(?principal1, ?count1) &*&
item(item, ?enc, pub) &*& item(key, ?k, pub) &*&
enc == asymmetric_encrypted_item(?principal2, ?count2,
?pay, ?ent) &*&
k == private_key_item(?principal3, ?count3); @*/
/*@ ensures [f]world(pub, key_clsfy) &*&
principal(principal1, count1 + 1) &*&
item(item, enc, pub) &*& item(key, k, pub) &*&
item(result, ?dec, pub) &*& tag_for_item(dec) == tag &*&
col ?
[_]pub(dec)
: principal2 != principal3 || count2 != count3 ?
true == key_clsfy(principal3, count3, false) &*&
[_]pub(dec)
:
switch(pay)
{
case some(dec2):
return dec == dec2;
case none:
return false;
}; @*/
{
struct item* result = 0;
debug_print("DECRYPTING:\n");
print_item(item);
check_is_asymmetric_encrypted(item);
{
pk_context context;
unsigned int olen;
char output[MAX_PACKAGE_SIZE];
// Key
//@ close pk_context(&context);
//@ open [f]world(pub, key_clsfy);
pk_init(&context);
//@ close [f]world(pub, key_clsfy);
set_private_key(&context, key);
//@ open [f]world(pub, key_clsfy);
/*@ assert pk_context_with_key(&context, pk_private,
?principal, ?count, RSA_BIT_KEY_SIZE); @*/
// Decryption
//@ open item(item, enc, pub);
/*@ assert enc == asymmetric_encrypted_item(principal2, count2,
pay, ent); @*/
//@ open [_]item_constraints(enc, ?enc_cs, pub);
//@ assert [_]ic_parts(enc)(?enc_tag, ?enc_cont);
//@ assert enc_cs == append(enc_tag, enc_cont);
//@ open [_]ic_cg(enc)(_, ?enc_cg);
//@ assert enc_cg == cg_asym_encrypted(principal2, count2, ?cs_pay, ent);
if (item->size - TAG_LENGTH > RSA_KEY_SIZE ||
item->size - TAG_LENGTH < MINIMAL_STRING_SIZE)
abort_crypto_lib("Asymmetric decryption failed: incorrect sizes");
//@ assert item->content |-> ?i_cont &*& item->size |-> ?i_size;
//@ crypto_chars_split(i_cont, TAG_LENGTH);
//@ drop_append(TAG_LENGTH, enc_tag, enc_cont);
//@ assert crypto_chars(secret, i_cont + TAG_LENGTH, i_size - TAG_LENGTH, enc_cont);
//@ if (col) enc_cg = chars_for_cg_sur(enc_cont, tag_asym_encrypted);
//@ if (col) public_crypto_chars_extract(i_cont + TAG_LENGTH, enc_cg);
//@ close cryptogram(i_cont + TAG_LENGTH, i_size - TAG_LENGTH, enc_cont, enc_cg);
void *random_state = nonces_expose_state();
//@ close random_state_predicate(havege_state_initialized);
/*@ produce_function_pointer_chunk random_function(
asym_enc_havege_random_stub)
(havege_state_initialized)(state, out, len) { call(); } @*/
//@ open principal(principal1, count1);
//@ structure s = known_value(0, full_tag(tag));
//@ close decryption_pre(false, false, principal1, s, enc_cont);
if(pk_decrypt(&context, item->content + TAG_LENGTH,
(unsigned int) item->size - TAG_LENGTH,
output, &olen, MAX_PACKAGE_SIZE,
asym_enc_havege_random_stub, random_state) != 0)
abort_crypto_lib("Decryption failed");
/*@ open decryption_post(false, ?garbage, principal1,
s, ?p_key, ?c_key, ?cs_out); @*/
//@ assert u_integer(&olen, ?size_out);
//@ pk_release_context_with_key(&context);
//@ open cryptogram(i_cont + TAG_LENGTH, i_size - TAG_LENGTH, enc_cont, enc_cg);
pk_free(&context);
//@ open pk_context(&context);
nonces_hide_state(random_state);
//@ assert chars((void*)output + size_out, MAX_PACKAGE_SIZE - size_out, ?cs_rest);
result = malloc(sizeof(struct item));
if (result == 0) {abort_crypto_lib("Malloc failed");}
result->size = (int) olen;
if ((int) olen <= MINIMAL_STRING_SIZE)
abort_crypto_lib("Decryption: Incorrect size");
result->content = malloc(result->size);
if (result->content == 0) {abort_crypto_lib("Malloc failed");}
//@ close [f]world(pub, key_clsfy);
//@ assert u_integer(&olen, ?olen_val);
//@ assert crypto_chars(_, output, olen_val, cs_out);
//@ crypto_chars_split(output, TAG_LENGTH);
//@ assert crypto_chars(_, output, TAG_LENGTH, ?cs_tag);
//@ assert crypto_chars(_, (void*) output + TAG_LENGTH, olen_val - TAG_LENGTH, ?cs_i);
/*@ if (col)
{
crypto_chars_to_chars(output, TAG_LENGTH);
chars_to_crypto_chars(output, TAG_LENGTH);
}
else if (!garbage)
{
switch(pay)
{
case some(pay1):
open [_]item_constraints(pay1, cs_out, pub);
case none:
open [_]ill_formed_item_chars(enc)(cs_out);
public_generated_split(polarssl_pub(pub), cs_out, TAG_LENGTH);
}
public_crypto_chars(output, TAG_LENGTH);
}
@*/
//@ close check_tag2_ghost_args(false, garbage, p_key, c_key, cs_i);
check_tag2(output, tag);
//@ if (!garbage) chars_to_secret_crypto_chars(output, TAG_LENGTH);
//@ crypto_chars_join(output);
memcpy(result->content, output, olen);
//@ assert result->content |-> ?cont;
//@ assert crypto_chars(?kind, cont, olen_val, cs_out);
zeroize(output, (int) olen);
//@ close item(item, enc, pub);
//@ assert enc == asymmetric_encrypted_item(principal2, count2, pay, ent);
//@ assert col || enc_cg == cg_asym_encrypted(principal2, count2, cs_pay, ent);
/*@ if (col)
{
crypto_chars_to_chars(cont, olen_val);
public_chars(cont, olen_val);
chars_to_crypto_chars(cont, olen_val);
}
else if (garbage)
{
assert true == key_clsfy(principal3, count3, false);
public_chars(cont, olen_val);
chars_to_crypto_chars(cont, olen_val);
}
else
{
assert principal2 == principal3;
assert count2 == count3;
assert cs_out == cs_pay;
switch(pay)
{
case some(pay1):
assert [_]item_constraints(pay1, cs_out, pub);
case none:
open [_]ill_formed_item_chars(enc)(cs_out);
assert [_]public_generated(polarssl_pub(pub))(cs_out);
public_crypto_chars(cont, olen_val);
chars_to_crypto_chars(cont, olen_val);
}
}
@*/
parse_item(result->content, (int) olen);
/*@ if (col || garbage)
{
retreive_proof_obligations();
deserialize_item(cs_out, pub);
leak proof_obligations(pub);
chars_to_secret_crypto_chars(cont, olen_val);
}
@*/
//@ open [_]item_constraints(?dec, cs_out, pub);
//@ assert [_]ic_parts(dec)(?dec_tag, ?dec_cont);
//@ take_append(TAG_LENGTH, dec_tag, dec_cont);
//@ drop_append(TAG_LENGTH, dec_tag, dec_cont);
//@ assert dec_tag == full_tag(tag);
//@ assert tag_for_item(dec) == tag;
//@ close item(result, dec, pub);
}
return result;
}
static int
keychain_iter(hx509_context context,
hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
{
SecKeychainAttributeList *attrs = NULL;
SecKeychainAttributeInfo attrInfo;
uint32 attrFormat[1] = { 0 };
SecKeychainItemRef itemRef;
SecItemAttr item[1];
struct iter *iter = cursor;
OSStatus ret;
UInt32 len;
void *ptr = NULL;
if (iter->certs)
return hx509_certs_next_cert(context, iter->certs, iter->cursor, cert);
*cert = NULL;
ret = SecKeychainSearchCopyNext(iter->searchRef, &itemRef);
if (ret == errSecItemNotFound)
return 0;
else if (ret != 0)
return EINVAL;
/*
* Pick out certificate and matching "keyid"
*/
item[0] = kSecPublicKeyHashItemAttr;
attrInfo.count = 1;
attrInfo.tag = item;
attrInfo.format = attrFormat;
ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL,
&attrs, &len, &ptr);
if (ret)
return EINVAL;
ret = hx509_cert_init_data(context, ptr, len, cert);
if (ret)
goto out;
/*
* Find related private key if there is one by looking at
* kSecPublicKeyHashItemAttr == kSecKeyLabel
*/
{
SecKeychainSearchRef search;
SecKeychainAttribute attrKeyid;
SecKeychainAttributeList attrList;
attrKeyid.tag = kSecKeyLabel;
attrKeyid.length = attrs->attr[0].length;
attrKeyid.data = attrs->attr[0].data;
attrList.count = 1;
attrList.attr = &attrKeyid;
ret = SecKeychainSearchCreateFromAttributes(NULL,
CSSM_DL_DB_RECORD_PRIVATE_KEY,
&attrList,
&search);
if (ret) {
ret = 0;
goto out;
}
ret = SecKeychainSearchCopyNext(search, &itemRef);
CFRelease(search);
if (ret == errSecItemNotFound) {
ret = 0;
goto out;
} else if (ret) {
ret = EINVAL;
goto out;
}
set_private_key(context, itemRef, *cert);
}
out:
SecKeychainItemFreeAttributesAndData(attrs, ptr);
return ret;
}
ElGamalDecrypter::ElGamalDecrypter():ElGamalBase()
{
key_type tmp(3ul);
set_private_key(tmp);
}
ElGamalDecrypter::ElGamalDecrypter(const key_type& op_prvatekey)
{
set_private_key(op_prvatekey);
}
struct item *asymmetric_signature(struct item *key, struct item *payload)
/*@ requires [?f]world(?pub, ?key_clsfy) &*&
principal(?principal1, ?count1) &*&
item(payload, ?pay, pub) &*& item(key, ?k, pub) &*&
k == private_key_item(?principal2, ?count2); @*/
/*@ ensures [f]world(pub, key_clsfy) &*&
principal(principal1, count1 + 1) &*&
item(payload, pay, pub) &*& item(key, k, pub) &*&
item(result, ?sig, pub) &*&
col ? true :
sig == asymmetric_signature_item(principal2, count2,
some(pay), ?ent); @*/
{
debug_print("ASYM SIGNING:\n");
print_item(payload);
struct item* result;
result = malloc(sizeof(struct item));
if (result == 0) abort_crypto_lib("Malloc failed");
debug_print("signing item\n");
print_item(payload);
print_item(key);
{
pk_context context;
unsigned int olen;
char* output;
// Key
//@ close pk_context(&context);
//@ open [f]world(pub, key_clsfy);
pk_init(&context);
//@ close [f]world(pub, key_clsfy);
set_private_key(&context, key);
//@ open [f]world(pub, key_clsfy);
/*@ assert pk_context_with_key(&context, pk_private,
?principal, ?count, RSA_BIT_KEY_SIZE); @*/
//@ assert col || principal == principal2;
//@ assert col || count == count2;
// Payload
//@ open item(payload, pay, pub);
//@ open [_]item_constraints(pay, ?pay_cs, pub);
//@ assert payload->content |-> ?p_cont &*& payload->size |-> ?p_size;
if (payload->size > RSA_KEY_SIZE)
abort_crypto_lib("Assymetric signing failed: incorrect size");
output = malloc(RSA_KEY_SIZE);
if (output == 0) abort_crypto_lib("Malloc failed");
void *random_state = nonces_expose_state();
//@ close random_state_predicate(havege_state_initialized);
/*@ produce_function_pointer_chunk random_function(
asym_sig_havege_random_stub)
(havege_state_initialized)(state, out, len) { call(); } @*/
//@ open principal(principal1, count1);
if(pk_sign(&context, POLARSSL_MD_NONE,
payload->content, (unsigned int) payload->size,
output, &olen,
asym_sig_havege_random_stub, random_state) != 0)
abort_crypto_lib("Signing failed");
//@ open principal(principal1, count1 + 1);
//@ open cryptogram(output, ?sig_length, ?sig_cs, ?sig_cg);
//@ assert sig_cg == cg_asym_signature(principal, count, pay_cs, ?ent);
//@ assert u_integer(&olen, sig_length);
//@ assert sig_length > 0 &*& sig_length <= RSA_KEY_SIZE;
nonces_hide_state(random_state);
//@ pk_release_context_with_key(&context);
pk_free(&context);
//@ open pk_context(&context);
//@ close [f]world(pub, key_clsfy);
debug_print("signed item\n");
print_buffer(output, (int) olen);
// Create item
if (olen < MINIMAL_STRING_SIZE)
abort_crypto_lib("Assymetric signing failed: output to small");
result->size = TAG_LENGTH + (int) olen;
result->content = malloc(result->size);
if (result->content == 0) {abort_crypto_lib("Malloc failed");}
write_tag(result->content, TAG_ASYMMETRIC_SIG);
//@ assert result->content |-> ?cont &*& result->size |-> ?size;
//@ assert chars(cont, TAG_LENGTH, ?tag_cs);
//@ assert tag_cs == full_tag(TAG_ASYMMETRIC_SIG);
//@ public_chars(cont, TAG_LENGTH);
//@ chars_to_secret_crypto_chars(cont, TAG_LENGTH);
memcpy(result->content + TAG_LENGTH, output, olen);
//@ crypto_chars_join(cont);
//@ list<char> cs = append(tag_cs, sig_cs);
//@ assert crypto_chars(secret, cont, size, cs);
//@ item e = asymmetric_signature_item(principal, count, some(pay), ent);
//@ close ic_cg(e)(sig_cs, sig_cg);
/*@ if (col)
{
public_chars(cont, size);
public_generated_split(polarssl_pub(pub), cs, TAG_LENGTH);
}
@*/
//@ close item(payload, pay, pub);
zeroize(output, (int) olen);
//@ chars_join(output);
free(output);
//@ WELL_FORMED(tag_cs, sig_cs, TAG_ASYMMETRIC_SIG)
//@ close ic_parts(e)(tag_cs, sig_cs);
//@ close well_formed_item_chars(e)(pay_cs);
//@ leak well_formed_item_chars(e)(pay_cs);
//@ close item_constraints(e, cs, pub);
//@ leak item_constraints(e, cs, pub);
//@ close item(result, e, pub);
}
debug_print("SINGING RESULT:\n");
print_item(result);
return result;
}
