void egg_secure_strclear (char *str) { if (!str) return; egg_secure_clear ((unsigned char*)str, strlen (str)); }
static void gkm_generic_key_finalize (GObject *obj) { GkmGenericKey *self = GKM_GENERIC_KEY (obj); if (self->value) { egg_secure_clear (self->value, self->n_value); egg_secure_free (self->value); self->value = NULL; self->n_value = 0; } G_OBJECT_CLASS (gkm_generic_key_parent_class)->finalize (obj); }
static void gcr_secret_exchange_default_free (gpointer to_free) { GcrSecretExchangeDefault *data = to_free; gcry_mpi_release (data->prime); gcry_mpi_release (data->base); gcry_mpi_release (data->pub); gcry_mpi_release (data->priv); if (data->key) { egg_secure_clear (data->key, EXCHANGE_1_KEY_LENGTH); egg_secure_free (data->key); } g_free (data); }
static gboolean gcr_secret_exchange_default_encrypt_transport_data (GcrSecretExchange *exchange, GckAllocator allocator, const guchar *plain_text, gsize n_plain_text, guchar **iv, gsize *n_iv, guchar **cipher_text, gsize *n_cipher_text) { GcrSecretExchangeDefault *data = exchange->pv->default_exchange; gcry_cipher_hd_t cih; gcry_error_t gcry; guchar *padded; gsize n_result; guchar *result; gsize pos; g_return_val_if_fail (data != NULL, FALSE); g_return_val_if_fail (data->key != NULL, FALSE); gcry = gcry_cipher_open (&cih, EXCHANGE_1_CIPHER_ALGO, EXCHANGE_1_CIPHER_MODE, 0); if (gcry != 0) { g_warning ("couldn't create aes cipher context: %s", gcry_strerror (gcry)); g_free (iv); return FALSE; } *iv = (allocator) (NULL, EXCHANGE_1_IV_LENGTH); g_return_val_if_fail (*iv != NULL, FALSE); gcry_create_nonce (*iv, EXCHANGE_1_IV_LENGTH); *n_iv = EXCHANGE_1_IV_LENGTH; /* 16 = 128 bits */ gcry = gcry_cipher_setkey (cih, data->key, EXCHANGE_1_KEY_LENGTH); g_return_val_if_fail (gcry == 0, FALSE); /* 16 = 128 bits */ gcry = gcry_cipher_setiv (cih, *iv, EXCHANGE_1_IV_LENGTH); g_return_val_if_fail (gcry == 0, FALSE); /* Pad the text properly */ if (!egg_padding_pkcs7_pad (egg_secure_realloc, 16, plain_text, n_plain_text, (gpointer*)&padded, &n_result)) g_return_val_if_reached (FALSE); result = (allocator) (NULL, n_result); g_return_val_if_fail (result != NULL, FALSE); for (pos = 0; pos < n_result; pos += 16) { gcry = gcry_cipher_encrypt (cih, result + pos, 16, padded + pos, 16); g_return_val_if_fail (gcry == 0, FALSE); } gcry_cipher_close (cih); egg_secure_clear (padded, n_result); egg_secure_free (padded); *cipher_text = result; *n_cipher_text = n_result; return TRUE; }
/** * main: * @argc: * @argv[]: Sent to gtk_init * * Prompt for GnuPG and SSH. Communicates using stdin/stdout. Communication data * is in ini-file structures * * Returns: 0 */ int main (int argc, char *argv[]) { GError *err = NULL; gchar *data; gboolean ret; gsize length; /* Exit on HUP signal */ signal(SIGINT, hup_handler); prepare_logging (); egg_libgcrypt_initialize (); input_data = g_key_file_new (); output_data = g_key_file_new (); gtk_init (&argc, &argv); #ifdef HAVE_LOCALE_H /* internationalisation */ setlocale (LC_ALL, ""); #endif #ifdef HAVE_GETTEXT bindtextdomain (GETTEXT_PACKAGE, MATELOCALEDIR); textdomain (GETTEXT_PACKAGE); bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8"); #endif data = read_all_input (); g_assert (data); if (!data[0]) fatal ("no auth dialog instructions", NULL); ret = g_key_file_load_from_data (input_data, data, strlen (data), G_KEY_FILE_NONE, &err); g_free (data); if (!ret) fatal ("couldn't parse auth dialog instructions", egg_error_message (err)); run_dialog (); /* Cleanup after any key */ if (the_key) { egg_secure_clear (the_key, n_the_key); egg_secure_free (the_key); the_key = NULL; n_the_key = 0; } g_key_file_free (input_data); data = g_key_file_to_data (output_data, &length, &err); g_key_file_free (output_data); if (!data) fatal ("couldn't format auth dialog response: %s", egg_error_message (err)); write_all_output (data, length); g_free (data); return 0; }
static SecretValue * service_decode_aes_secret (SecretSession *session, gconstpointer param, gsize n_param, gconstpointer value, gsize n_value, const gchar *content_type) { gcry_cipher_hd_t cih; gsize n_padded; gcry_error_t gcry; guchar *padded; gsize pos; if (n_param != 16) { g_message ("received an encrypted secret structure with invalid parameter"); return NULL; } if (n_value == 0 || n_value % 16 != 0) { g_message ("received an encrypted secret structure with bad secret length"); return NULL; } gcry = gcry_cipher_open (&cih, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0); if (gcry != 0) { g_warning ("couldn't create AES cipher: %s", gcry_strerror (gcry)); return NULL; } #if 0 g_printerr (" lib iv: %s\n", egg_hex_encode (param, n_param)); #endif gcry = gcry_cipher_setiv (cih, param, n_param); g_return_val_if_fail (gcry == 0, NULL); #if 0 g_printerr (" lib key: %s\n", egg_hex_encode (session->key, session->n_key)); #endif gcry = gcry_cipher_setkey (cih, session->key, session->n_key); g_return_val_if_fail (gcry == 0, NULL); /* Copy the memory buffer */ n_padded = n_value; padded = egg_secure_alloc (n_padded); memcpy (padded, value, n_padded); /* Perform the decryption */ for (pos = 0; pos < n_padded; pos += 16) { gcry = gcry_cipher_decrypt (cih, (guchar*)padded + pos, 16, NULL, 0); g_return_val_if_fail (gcry == 0, FALSE); } gcry_cipher_close (cih); /* Unpad the resulting value */ if (!pkcs7_unpad_bytes_in_place (padded, &n_padded)) { egg_secure_clear (padded, n_padded); egg_secure_free (padded); g_message ("received an invalid or unencryptable secret"); return FALSE; } return secret_value_new_full ((gchar *)padded, n_padded, content_type, egg_secure_free); }