const gchar* egg_openssl_prep_dekinfo (GHashTable *headers) { gchar *dekinfo, *hex; gsize ivlen; guchar *iv; /* Create the iv */ ivlen = gcry_cipher_get_algo_blklen (GCRY_CIPHER_3DES); g_return_val_if_fail (ivlen, NULL); iv = g_malloc (ivlen); gcry_create_nonce (iv, ivlen); /* And encode it into the string */ hex = egg_hex_encode (iv, ivlen); g_return_val_if_fail (hex, NULL); dekinfo = g_strdup_printf ("DES-EDE3-CBC,%s", hex); g_free (hex); g_free (iv); g_hash_table_insert (headers, g_strdup ("DEK-Info"), (void*)dekinfo); g_hash_table_insert (headers, g_strdup ("Proc-Type"), g_strdup ("4,ENCRYPTED")); return dekinfo; }
static void imported_object (GckObject *object, const gchar *destination) { gulong attr_types[3]; GckAttributes *attrs; const GckAttribute *id; CK_OBJECT_CLASS klass; const gchar *message; GError *err = NULL; gchar *label, *hex; attr_types[0] = CKA_LABEL; attr_types[1] = CKA_CLASS; attr_types[2] = CKA_ID; attrs = gck_object_get_full (object, attr_types, G_N_ELEMENTS (attr_types), NULL, &err); if (attrs == NULL) { gkr_tool_handle_error (&err, "couldn't get imported object info"); return; } if (!gck_attributes_find_string (attrs, CKA_LABEL, &label)) label = g_strdup ("unknown"); if (!gck_attributes_find_ulong (attrs, CKA_CLASS, &klass)) klass = CKO_DATA; id = gck_attributes_find (attrs, CKA_ID); switch (klass) { case CKO_CERTIFICATE: message = "%s: imported certificate: %s\n"; break; case CKO_DATA: message = "%s: imported data: %s\n"; break; case CKO_PRIVATE_KEY: message = "%s: imported private key: %s\n"; break; case CKO_PUBLIC_KEY: message = "%s: imported public key: %s\n"; break; case CKO_SECRET_KEY: message = "%s: imported secret key: %s\n"; break; default: message = "%s: imported object: %s\n"; break; }; g_print (message, destination, label); if (id) { hex = egg_hex_encode (id->value, id->length); g_print ("\tidentifier: %s\n", hex); g_free (hex); } gck_attributes_unref (attrs); g_free (label); }
/** * gcr_certificate_get_serial_number_hex: * @self: a #GcrCertificate * * Get the serial number of the certificate as a hex string. * * The caller should free the returned data using g_free() when * it is no longer required. * * Returns: an allocated string containing the serial number as hex. */ gchar* gcr_certificate_get_serial_number_hex (GcrCertificate *self) { guchar *serial; gsize n_serial; gchar *hex; g_return_val_if_fail (GCR_IS_CERTIFICATE (self), NULL); serial = gcr_certificate_get_serial_number (self, &n_serial); if (serial == NULL) return NULL; hex = egg_hex_encode (serial, n_serial); g_free (serial); return hex; }
/** * builder: The GTKBuilder * password_type: password type description * * Reads the encrypted data from the prompt and transfers it using output_data. * If crypto is available, it uses crypto. * **/ static void gather_password (GtkBuilder *builder, const gchar *password_type) { GtkEntry *entry; gchar iv[16]; gpointer data; gsize n_data; gchar *name; const gchar *text; gchar *value; name = g_strdup_printf ("%s_entry", password_type); entry = GTK_ENTRY (gtk_builder_get_object (builder, name)); g_return_if_fail (GTK_IS_ENTRY (entry)); g_free (name); if (!gtk_widget_get_realized (GTK_WIDGET (entry))) return; /* A non-encrypted password: just send the value back */ if (!g_key_file_has_group (input_data, "transport")) { text = gtk_entry_get_text (entry); value = egg_hex_encode ((const guchar*)text, strlen (text)); g_key_file_set_string (output_data, password_type, "parameter", ""); g_key_file_set_string (output_data, password_type, "value", value); g_free (value); return; } if (!the_key && !negotiate_transport_crypto ()) { g_warning ("couldn't negotiate transport crypto for password"); return; } gcry_create_nonce (iv, sizeof (iv)); data = gku_prompt_util_encrypt_text (the_key, n_the_key, iv, sizeof (iv), gtk_entry_get_text (entry), &n_data); g_return_if_fail (data); gku_prompt_util_encode_hex (output_data, password_type, "parameter", iv, sizeof (iv)); gku_prompt_util_encode_hex (output_data, password_type, "value", data, n_data); g_free (data); }
static void dump_certificate_complete (GNode *asn) { GNode *cert; gchar *issuer, *serial, *subject; gconstpointer element; gpointer data; gsize n_data, n_element; /* Parse the certificate out */ cert = egg_asn1x_create (pkix_asn1_tab, "Certificate"); g_return_if_fail (cert); element = egg_asn1x_get_raw_element (asn, &n_element); g_return_if_fail (element); if (!egg_asn1x_decode (cert, element, n_element)) barf_and_die ("couldn't parse certificate", egg_asn1x_message (cert)); issuer = egg_dn_read (egg_asn1x_node (asn, "issuer", NULL)); g_return_if_fail (issuer); subject = egg_dn_read (egg_asn1x_node (asn, "subject", NULL)); g_return_if_fail (subject); data = egg_asn1x_get_integer_as_raw (egg_asn1x_node (asn, "serial", NULL), NULL, &n_data); g_return_if_fail (data && n_data); serial = egg_hex_encode (data, n_data); g_free (data); g_print ("Complete\n"); g_print (" issuer: %s\n", issuer); g_print (" subject: %s\n", subject); g_print (" serial: 0x%s\n", serial); egg_asn1x_destroy (cert); g_free (data); g_free (serial); g_free (issuer); g_free (subject); }
static gchar* identifier_for_object (GkmObject *object) { GkmSerializableIface *serial; const gchar *ext; gchar *identifier; gchar *name = NULL; guchar *data; gsize n_data; g_assert (GKM_IS_OBJECT (object)); g_assert (GKM_IS_SERIALIZABLE (object)); /* Figure out the extension and prefix */ serial = GKM_SERIALIZABLE_GET_INTERFACE (object); ext = serial->extension; g_return_val_if_fail (ext, NULL); /* First we try to use the CN of a subject */ data = gkm_object_get_attribute_data (object, NULL, CKA_SUBJECT, &n_data); if (data && n_data) name = name_for_subject (data, n_data); g_free (data); /* Next we try hex encoding the ID */ if (name == NULL) { data = gkm_object_get_attribute_data (object, NULL, CKA_ID, &n_data); if (data && n_data) name = egg_hex_encode (data, n_data); g_free (data); } /* Build up the identifier */ identifier = g_strconcat (name, ext, NULL); g_strdelimit (identifier, UNWANTED_IDENTIFIER_CHARS, '_'); g_free (name); return identifier; }
static void dump_certificate_reference (GNode *asn) { gchar *issuer, *serial; gpointer data; gsize n_data; GNode *name; gconstpointer element; gsize n_element; /* Parse the name out */ name = egg_asn1x_create (pkix_asn1_tab, "Name"); g_return_if_fail (name); element = egg_asn1x_get_raw_element (egg_asn1x_node (asn, "issuer", NULL), &n_element); g_return_if_fail (element); if (!egg_asn1x_decode (name, element, n_element)) barf_and_die ("couldn't parse certificate", egg_asn1x_message (name)); issuer = egg_dn_read (name); g_return_if_fail (issuer); data = egg_asn1x_get_integer_as_raw (egg_asn1x_node (asn, "serial", NULL), NULL, &n_data); g_return_if_fail (data && n_data); serial = egg_hex_encode (data, n_data); g_free (data); g_print ("Reference\n"); g_print (" issuer: %s\n", issuer); g_print (" serial: 0x%s\n", serial); egg_asn1x_destroy (name); g_free (data); g_free (serial); g_free (issuer); }
static SecretValue * service_decode_aes_secret (SecretSession *session, gconstpointer param, gsize n_param, gconstpointer value, gsize n_value, const gchar *content_type) { gcry_cipher_hd_t cih; gsize n_padded; gcry_error_t gcry; guchar *padded; gsize pos; if (n_param != 16) { g_message ("received an encrypted secret structure with invalid parameter"); return NULL; } if (n_value == 0 || n_value % 16 != 0) { g_message ("received an encrypted secret structure with bad secret length"); return NULL; } gcry = gcry_cipher_open (&cih, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0); if (gcry != 0) { g_warning ("couldn't create AES cipher: %s", gcry_strerror (gcry)); return NULL; } #if 0 g_printerr (" lib iv: %s\n", egg_hex_encode (param, n_param)); #endif gcry = gcry_cipher_setiv (cih, param, n_param); g_return_val_if_fail (gcry == 0, NULL); #if 0 g_printerr (" lib key: %s\n", egg_hex_encode (session->key, session->n_key)); #endif gcry = gcry_cipher_setkey (cih, session->key, session->n_key); g_return_val_if_fail (gcry == 0, NULL); /* Copy the memory buffer */ n_padded = n_value; padded = egg_secure_alloc (n_padded); memcpy (padded, value, n_padded); /* Perform the decryption */ for (pos = 0; pos < n_padded; pos += 16) { gcry = gcry_cipher_decrypt (cih, (guchar*)padded + pos, 16, NULL, 0); g_return_val_if_fail (gcry == 0, FALSE); } gcry_cipher_close (cih); /* Unpad the resulting value */ if (!pkcs7_unpad_bytes_in_place (padded, &n_padded)) { egg_secure_clear (padded, n_padded); egg_secure_free (padded); g_message ("received an invalid or unencryptable secret"); return FALSE; } return secret_value_new_full ((gchar *)padded, n_padded, content_type, egg_secure_free); }
static gboolean response_open_session_aes (SecretSession *session, GVariant *response) { gconstpointer buffer; GVariant *argument; const gchar *sig; gsize n_buffer; gcry_mpi_t peer; gcry_error_t gcry; gpointer ikm; gsize n_ikm; sig = g_variant_get_type_string (response); g_return_val_if_fail (sig != NULL, FALSE); if (!g_str_equal (sig, "(vo)")) { g_warning ("invalid OpenSession() response from daemon with signature: %s", sig); return FALSE; } g_assert (session->path == NULL); g_variant_get (response, "(vo)", &argument, &session->path); buffer = g_variant_get_fixed_array (argument, &n_buffer, sizeof (guchar)); gcry = gcry_mpi_scan (&peer, GCRYMPI_FMT_USG, buffer, n_buffer, NULL); g_return_val_if_fail (gcry == 0, FALSE); g_variant_unref (argument); #if 0 g_printerr (" lib publi: "); gcry_mpi_dump (session->publi); g_printerr ("\n lib peer: "); gcry_mpi_dump (peer); g_printerr ("\n"); #endif ikm = egg_dh_gen_secret (peer, session->privat, session->prime, &n_ikm); gcry_mpi_release (peer); #if 0 g_printerr (" lib ikm: %s\n", egg_hex_encode (ikm, n_ikm)); #endif if (ikm == NULL) { g_warning ("couldn't negotiate a valid AES session key"); g_free (session->path); session->path = NULL; return FALSE; } session->n_key = 16; session->key = egg_secure_alloc (session->n_key); if (!egg_hkdf_perform ("sha256", ikm, n_ikm, NULL, 0, NULL, 0, session->key, session->n_key)) g_return_val_if_reached (FALSE); egg_secure_free (ikm); session->algorithms = ALGORITHMS_AES; return TRUE; }