void
egg_secure_strclear (char *str)
{
if (!str)
return;
egg_secure_clear ((unsigned char*)str, strlen (str));
}
static void
gkm_generic_key_finalize (GObject *obj)
{
GkmGenericKey *self = GKM_GENERIC_KEY (obj);
if (self->value) {
egg_secure_clear (self->value, self->n_value);
egg_secure_free (self->value);
self->value = NULL;
self->n_value = 0;
}
G_OBJECT_CLASS (gkm_generic_key_parent_class)->finalize (obj);
}
static void
gcr_secret_exchange_default_free (gpointer to_free)
{
GcrSecretExchangeDefault *data = to_free;
gcry_mpi_release (data->prime);
gcry_mpi_release (data->base);
gcry_mpi_release (data->pub);
gcry_mpi_release (data->priv);
if (data->key) {
egg_secure_clear (data->key, EXCHANGE_1_KEY_LENGTH);
egg_secure_free (data->key);
}
g_free (data);
}
static gboolean
gcr_secret_exchange_default_encrypt_transport_data (GcrSecretExchange *exchange,
GckAllocator allocator,
const guchar *plain_text,
gsize n_plain_text,
guchar **iv,
gsize *n_iv,
guchar **cipher_text,
gsize *n_cipher_text)
{
GcrSecretExchangeDefault *data = exchange->pv->default_exchange;
gcry_cipher_hd_t cih;
gcry_error_t gcry;
guchar *padded;
gsize n_result;
guchar *result;
gsize pos;
g_return_val_if_fail (data != NULL, FALSE);
g_return_val_if_fail (data->key != NULL, FALSE);
gcry = gcry_cipher_open (&cih, EXCHANGE_1_CIPHER_ALGO, EXCHANGE_1_CIPHER_MODE, 0);
if (gcry != 0) {
g_warning ("couldn't create aes cipher context: %s", gcry_strerror (gcry));
g_free (iv);
return FALSE;
}
*iv = (allocator) (NULL, EXCHANGE_1_IV_LENGTH);
g_return_val_if_fail (*iv != NULL, FALSE);
gcry_create_nonce (*iv, EXCHANGE_1_IV_LENGTH);
*n_iv = EXCHANGE_1_IV_LENGTH;
/* 16 = 128 bits */
gcry = gcry_cipher_setkey (cih, data->key, EXCHANGE_1_KEY_LENGTH);
g_return_val_if_fail (gcry == 0, FALSE);
/* 16 = 128 bits */
gcry = gcry_cipher_setiv (cih, *iv, EXCHANGE_1_IV_LENGTH);
g_return_val_if_fail (gcry == 0, FALSE);
/* Pad the text properly */
if (!egg_padding_pkcs7_pad (egg_secure_realloc, 16, plain_text, n_plain_text,
(gpointer*)&padded, &n_result))
g_return_val_if_reached (FALSE);
result = (allocator) (NULL, n_result);
g_return_val_if_fail (result != NULL, FALSE);
for (pos = 0; pos < n_result; pos += 16) {
gcry = gcry_cipher_encrypt (cih, result + pos, 16, padded + pos, 16);
g_return_val_if_fail (gcry == 0, FALSE);
}
gcry_cipher_close (cih);
egg_secure_clear (padded, n_result);
egg_secure_free (padded);
*cipher_text = result;
*n_cipher_text = n_result;
return TRUE;
}
/**
* main:
* @argc:
* @argv[]: Sent to gtk_init
*
* Prompt for GnuPG and SSH. Communicates using stdin/stdout. Communication data
* is in ini-file structures
*
* Returns: 0
*/
int
main (int argc, char *argv[])
{
GError *err = NULL;
gchar *data;
gboolean ret;
gsize length;
/* Exit on HUP signal */
signal(SIGINT, hup_handler);
prepare_logging ();
egg_libgcrypt_initialize ();
input_data = g_key_file_new ();
output_data = g_key_file_new ();
gtk_init (&argc, &argv);
#ifdef HAVE_LOCALE_H
/* internationalisation */
setlocale (LC_ALL, "");
#endif
#ifdef HAVE_GETTEXT
bindtextdomain (GETTEXT_PACKAGE, MATELOCALEDIR);
textdomain (GETTEXT_PACKAGE);
bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
#endif
data = read_all_input ();
g_assert (data);
if (!data[0])
fatal ("no auth dialog instructions", NULL);
ret = g_key_file_load_from_data (input_data, data, strlen (data), G_KEY_FILE_NONE, &err);
g_free (data);
if (!ret)
fatal ("couldn't parse auth dialog instructions", egg_error_message (err));
run_dialog ();
/* Cleanup after any key */
if (the_key) {
egg_secure_clear (the_key, n_the_key);
egg_secure_free (the_key);
the_key = NULL;
n_the_key = 0;
}
g_key_file_free (input_data);
data = g_key_file_to_data (output_data, &length, &err);
g_key_file_free (output_data);
if (!data)
fatal ("couldn't format auth dialog response: %s", egg_error_message (err));
write_all_output (data, length);
g_free (data);
return 0;
}
static SecretValue *
service_decode_aes_secret (SecretSession *session,
gconstpointer param,
gsize n_param,
gconstpointer value,
gsize n_value,
const gchar *content_type)
{
gcry_cipher_hd_t cih;
gsize n_padded;
gcry_error_t gcry;
guchar *padded;
gsize pos;
if (n_param != 16) {
g_message ("received an encrypted secret structure with invalid parameter");
return NULL;
}
if (n_value == 0 || n_value % 16 != 0) {
g_message ("received an encrypted secret structure with bad secret length");
return NULL;
}
gcry = gcry_cipher_open (&cih, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
if (gcry != 0) {
g_warning ("couldn't create AES cipher: %s", gcry_strerror (gcry));
return NULL;
}
#if 0
g_printerr (" lib iv: %s\n", egg_hex_encode (param, n_param));
#endif
gcry = gcry_cipher_setiv (cih, param, n_param);
g_return_val_if_fail (gcry == 0, NULL);
#if 0
g_printerr (" lib key: %s\n", egg_hex_encode (session->key, session->n_key));
#endif
gcry = gcry_cipher_setkey (cih, session->key, session->n_key);
g_return_val_if_fail (gcry == 0, NULL);
/* Copy the memory buffer */
n_padded = n_value;
padded = egg_secure_alloc (n_padded);
memcpy (padded, value, n_padded);
/* Perform the decryption */
for (pos = 0; pos < n_padded; pos += 16) {
gcry = gcry_cipher_decrypt (cih, (guchar*)padded + pos, 16, NULL, 0);
g_return_val_if_fail (gcry == 0, FALSE);
}
gcry_cipher_close (cih);
/* Unpad the resulting value */
if (!pkcs7_unpad_bytes_in_place (padded, &n_padded)) {
egg_secure_clear (padded, n_padded);
egg_secure_free (padded);
g_message ("received an invalid or unencryptable secret");
return FALSE;
}
return secret_value_new_full ((gchar *)padded, n_padded, content_type, egg_secure_free);
}
