static gpgme_error_t passphrase_cb(void *opaque, const char *uid_hint, const char *passphrase_info, int last_was_bad, int fd) { log_write("info: %s\n", passphrase_info); log_write("uid: %s\n", uid_hint); char *passphrase = get_passphrase(passphrase_info); if (!passphrase) { if (write(fd, "\n", 1) != 1) { return gpgme_error_from_errno(errno); } return 0; } const char *begin = passphrase; size_t offset = 0; size_t size = strlen(begin); do { const char *ptr = begin + offset; int c = (int) write(fd, ptr, size - offset); if (c <= 0) break; offset += c; } while (offset < size); g_free(passphrase); if (offset != size) { return gpgme_error_from_errno(errno); } if (write(fd, "\n", 1) != 1) { return gpgme_error_from_errno(errno); } return 0; }
std::string Command::get_passphrase_arg(const std::string& prompt, const std::string& opt_name) { const std::string s = get_arg(opt_name); if(s != "-") return s; return get_passphrase(prompt); }
/* * Function: main * -------------- * Where it all begins. */ int main(int argc, char *argv[]) { unsigned char key[KEYBYTES] = {0}; unsigned char nonce[NONCEBYTES] = {0}; char passphrase[PHRASEMAX] = {0}; if (argc != 4) { usage(); } get_passphrase(passphrase); get_key_material(key, nonce, passphrase); process_file(argv[1], argv[2], argv[3], key, nonce); exit(EXIT_SUCCESS); }
static int smime_command_passphrase(struct mailprivacy * privacy, struct mailmessage * msg, char * command, char * userid, char * stdoutfile, char * stderrfile) { char * passphrase; int res; int bad_passphrase; bad_passphrase = 0; passphrase = NULL; if (userid != NULL) passphrase = get_passphrase(privacy, userid); res = mailprivacy_spawn_and_wait(command, passphrase, stdoutfile, stderrfile, &bad_passphrase); if (res != NO_ERROR_PASSPHRASE) { switch (res) { case ERROR_PASSPHRASE_COMMAND: return ERROR_SMIME_COMMAND; case ERROR_PASSPHRASE_FILE: return ERROR_SMIME_FILE; default: return ERROR_SMIME_COMMAND; } return res; } if (bad_passphrase) { if (userid != NULL) { mailprivacy_smime_add_encryption_id(privacy, msg, userid); return ERROR_SMIME_NOPASSPHRASE; } return ERROR_SMIME_CHECK; } return NO_ERROR_SMIME; }
static int key_hdl_to_zc(libzfs_handle_t *hdl, zfs_handle_t *zhp, char *keysource, int crypt, zfs_cmd_t *zc, zfs_crypto_zckey_t cmd) { // CK_SESSION_HANDLE session; int ret = 0; key_format_t format; key_locator_t locator; char *uri; //pkcs11_uri_t p11uri; size_t keylen = zio_crypt_table[crypt].ci_keylen; char *keydata = NULL; size_t keydatalen = 0; char *tmpkeydata = NULL; size_t tmpkeydatalen = 0; uint64_t salt; //struct cb_arg_curl cb_curl = { 0 }; fprintf(stderr, "in key_hdl_to_zc\r\n"); zc->zc_crypto.zic_clone_newkey = hdl->libzfs_crypt.zc_clone_newkey; if (!keysource_prop_parser(keysource, &format, &locator, &uri)) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid keysource property.")); return (-1); } /* * First check if there was anything in the handle already * if so we use that and we are done with locating the data. * Note that we may be looking at other fields * and zic_clone_newkey even if zc_key_data_len is empty. * * We allow this regardless of the locator so that things * like a PAM module can provide the passphrase but the user * can still have "passphrase,prompt" to use zfs(1M) interactively. */ if (hdl->libzfs_crypt.zc_key_data_len != 0) { keydata = zfs_alloc(hdl, hdl->libzfs_crypt.zc_key_data_len); bcopy(hdl->libzfs_crypt.zc_key_data, keydata, hdl->libzfs_crypt.zc_key_data_len); keydatalen = hdl->libzfs_crypt.zc_key_data_len; goto format_key; } /* * Get the key from the URI or prompt for it. * If the format is raw then prompting is a simple read(2) * otherwise we put up a prompt saying what we are asking for. * We can't do this with the 'zfs mount -a' that is in * sys:/system/filesystem/local:default but we shouldn't * cause errors or warnings there either. */ switch (locator) { case KEY_LOCATOR_PROMPT: if (format == KEY_FORMAT_RAW) { keydata = zfs_alloc(hdl, keylen); errno = 0; keydatalen = read(STDIN_FILENO, keydata, keylen); if (keydatalen != keylen) { free(keydata); return (-1); } } else { int tries = 0; do { /* get_passphrase allocates keydata */ ret = get_passphrase(hdl, &keydata, &keydatalen, format, zc, cmd); } while (ret != 0 && ++tries < 3); if (ret) return (-1); } break; case KEY_LOCATOR_FILE_URI: /* * Need to tell pkcs11_read_data() how big of a key * we want in case the locator URI is a device (eg, /dev/random) * to be read from and not a file. * * Note that pkcs11_read_data allocates memory with malloc * that we need to free. */ #if 0 // FIXME keydatalen = keylen; ret = pkcs11_read_data(&(uri[7]), (void **)&keydata, &keydatalen); if (ret != 0) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "failed to read key file: %s"), strerror(ret)); errno = ret; return (-1); } #endif break; case KEY_LOCATOR_PKCS11_URI: #if 0 // FIXME keydatalen = keylen; /* * Parse out the PKCS#11 URI and * get the value of the wrapping key. */ if (pkcs11_parse_uri(uri, &p11uri) != PK11_URI_OK) { errno = EINVAL; return (-1); } ret = get_pkcs11_key_value(hdl, zc, cmd, &p11uri, &keydata, &keydatalen); pkcs11_free_uri(&p11uri); if (ret != 0) { return (-1); } #endif break; case KEY_LOCATOR_HTTPS_URI: { #if 0 CURL *curl_hdl = curl_easy_init(); CURLcode cerr; cerr = curl_easy_setopt(curl_hdl, CURLOPT_URL, uri); if (cerr != CURLE_OK) goto curl_fail; cerr = curl_easy_setopt(curl_hdl, CURLOPT_FAILONERROR, 1L); if (cerr != CURLE_OK) goto curl_fail; cerr = curl_easy_setopt(curl_hdl, CURLOPT_WRITEFUNCTION, get_keydata_curl); if (cerr != CURLE_OK) goto curl_fail; cb_curl.cb_hdl = hdl; cerr = curl_easy_setopt(curl_hdl, CURLOPT_WRITEDATA, &cb_curl); if (cerr != CURLE_OK) goto curl_fail; cerr = curl_easy_perform(curl_hdl); curl_fail: /* * Just deal with libcurl errors here, reading the wrong key * size is dealt with generically in the format_key section. */ if (cerr != 0) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "failed to retreive key from '%s': '%s'"), uri, curl_easy_strerror(cerr)); return (-1); } keydata = cb_curl.cb_keydata; keydatalen = cb_curl.cb_keydatalen; curl_easy_cleanup(curl_hdl); #endif break; case KEY_LOCATOR_NONE: // Avoid Warning break; } } format_key: if (keydata == NULL || keydatalen == 0) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "key can not be of zero size")); errno = ret; return (-1); } /* * Now that we have the key do any transform that is necessary * such as turning the hex format into raw or in the case of * a passphrase running it through PKCS#5 to get the raw key. * * Note that zic_keydata is not malloc'd memory so that we * don't have to worry about our caller freeing it. */ switch (format) { case KEY_FORMAT_RAW: bcopy(keydata, zc->zc_crypto.zic_keydata, keydatalen); zc->zc_crypto.zic_keydatalen = keydatalen; zc->zc_crypto.zic_salt = 0; break; case KEY_FORMAT_HEX: /* * If the keylen is not on the byte boundary, in terms of hex * format, and that extra char is a linefeed, we can trim it */ if (keydatalen == (keylen * 2) + 1 && keydata[keydatalen] == '\n') { keydatalen--; } /* * hexstr_to_bytes allocates memory with malloc * but we want the data in zic_keydata which isn't malloc'd * so to avoid a memory leak we use a tmpkeydata buffer * and bcopy it. */ #if 0 // FIXME ret = hexstr_to_bytes(keydata, keydatalen, (uchar_t **)&tmpkeydata, &tmpkeydatalen); #endif if (ret) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid hex format key.")); errno = EACCES; ret = -1; goto out; } bcopy(tmpkeydata, zc->zc_crypto.zic_keydata, tmpkeydatalen); bzero(tmpkeydata, tmpkeydatalen); free(tmpkeydata); zc->zc_crypto.zic_keydatalen = tmpkeydatalen; zc->zc_crypto.zic_salt = 0; break; case KEY_FORMAT_PASSPHRASE: /* Remove any extra linefeed that may be on the end */ if (keydata[keydatalen - 1] == '\n') keydatalen--; if (cmd == ZFS_CRYPTO_KEY_LOAD) { salt = zfs_prop_get_int(zhp, ZFS_PROP_SALT); } else { #if 0 // FIXME ret = pkcs11_get_random(&salt, sizeof (uint64_t)); if (ret) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "failed to obtain salt: %s."), pkcs11_strerror(ret)); errno = EINVAL; ret = -1; goto out; } #endif } fprintf(stderr, "Key is '%s' and is len %u\r\n", keydata, keydatalen); // FIXME tmpkeydata = strdup(keydata); tmpkeydatalen = keydatalen; salt = 0x1234; #if 0 // FIXME ret = SUNW_C_GetMechSession(CKM_PKCS5_PBKD2, &session); if (ret) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "failed to access CKM_PKCS5_PBKD2: %s."), pkcs11_strerror(ret)); errno = EINVAL; ret = -1; goto out; } /* * pkcs11_PasswdToKey allocates memory with malloc * but we want the data in zic_keydata which isn't malloc'd * so to avoid a memory leak we use a tmpkeydata buffer * and bcopy it. */ ret = pkcs11_PasswdToKey(session, keydata, keydatalen, (void *)&salt, sizeof (uint64_t), CKK_AES, keylen, (void **)&tmpkeydata, &tmpkeydatalen); (void) C_CloseSession(session); if (ret) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "failed to generate key: %s."), pkcs11_strerror(ret)); errno = EINVAL; ret = -1; goto out; } #endif bcopy(tmpkeydata, zc->zc_crypto.zic_keydata, tmpkeydatalen); bzero(tmpkeydata, tmpkeydatalen); free(tmpkeydata); zc->zc_crypto.zic_keydatalen = tmpkeydatalen; zc->zc_crypto.zic_salt = salt; break; default: ASSERT(format); } if (zc->zc_crypto.zic_keydatalen != keylen) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "key length invalid. expected %lu bytes have %lu"), keylen, zc->zc_crypto.zic_keydatalen); errno = EIO; ret = -1; } if (tmpkeydatalen) // Only decrease if NOT zero. tmpkeydatalen--; while (zc->zc_crypto.zic_keydata[tmpkeydatalen] == 0 && tmpkeydatalen > 0) tmpkeydatalen--; if (tmpkeydatalen == 0) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid all zeros key %lu"), tmpkeydatalen); errno = EIO; ret = -1; } out: if (keydata) { bzero(keydata, keydatalen); free(keydata); } return (ret); }
int main (int argc, char **argv) { char *args; char *logfile; char *passphrasefile; char *passphrase; /* We get our options via PINENTRY_USER_DATA. */ (void) argc, (void) argv; setvbuf (stdin, NULL, _IOLBF, BUFSIZ); setvbuf (stdout, NULL, _IOLBF, BUFSIZ); args = getenv ("PINENTRY_USER_DATA"); if (! args) args = ""; logfile = option_value (args, "--logfile"); if (logfile) { char *p = logfile, more; while (*p && ! spacep (p)) p++; more = !! *p; *p = 0; args = more ? p+1 : p; log_stream = fopen (logfile, "a"); if (! log_stream) { perror (logfile); return 1; } } passphrasefile = option_value (args, "--passphrasefile"); if (passphrasefile) { char *p = passphrasefile, more; while (*p && ! spacep (p)) p++; more = !! *p; *p = 0; args = more ? p+1 : p; passphrase = get_passphrase (passphrasefile); if (! passphrase) { reply ("# Passphrasefile '%s' is empty. Terminating.\n", passphrasefile); return 1; } p = passphrase + strlen (passphrase) - 1; if (*p == '\n') *p = 0; } else passphrase = skip_options (args); reply ("# fake-pinentry started. Passphrase='%s'.\n", passphrase); reply ("OK - what's up?\n"); while (! feof (stdin)) { char buffer[1024]; if (fgets (buffer, sizeof buffer, stdin) == NULL) break; if (log_stream) fprintf (log_stream, "< %s", buffer); if (strncmp (buffer, "GETPIN", 6) == 0) reply ("D %s\n", passphrase); else if (strncmp (buffer, "BYE", 3) == 0) { reply ("OK\n"); break; } reply ("OK\n"); } reply ("# Connection terminated.\n"); if (log_stream) fclose (log_stream); return 0; }
// FUNCTION : generate a public key // // Input : username, // a4, a6 -> elliptic curve constants // xp, yp -> point's coordinate // prime field // passphrase // Output : file username.pkf which contains all // of those information // // AUTHOR : TH <*****@*****.**>, Jan 2000 // void gen_pubkey(const char* pkfilename, int blocksize) { // declaration of variables char username[MAX]; point P,H; bigmod a4,a6,xp,yp; bigint xdp,ydp,q; banner(); cout<<"Before you can use encryption/decryption you must generate your public key."; cout<<"\nThe following process will guide you through generating your public key."; cout<<"\n\nTo achieve a cryptographically secure elliptic curve cryptosystem, you must "; cout<<"\nsupply a relatively big prime finite field (q), a good a, b"; cout<<"\nfor elliptic curve equation and a point that lies on the curve."; //get EC parameters from user cout<<"\n\nGENERATE PUBLIC KEY\n"; cout<<"-------------------"; cout<<"\nPlease enter your user name : ";cin>>username; get_ecparm(a4,a6,xp,yp,q); // EC initialization P.init_curve(a4,a6); P.set_point(xp,yp); if (pkfilename==" ") pkfilename=PKFILENAME; // open public key file FILE* pkfile; pkfile=fopen(pkfilename,"a+"); if(!pkfile) { cout<<"\nAZTECC ERROR : Error writing file ["<<pkfilename<<"]"<<endl; exit(1); } bigint d; get_passphrase(d,blocksize,username); // multiply the private key with EC point mul_point(H,d,P); // compute hash(d) char* sd=new char[MAX]; bigint_to_string(d,sd); char* hash_d=new char[MAX]; hash_d=MD5_hex_digest(sd); // convert the EC coordinate to string get_x(xdp,H); char* sxdp=new char[MAX]; bigint_to_string(xdp,sxdp); get_y(ydp,H); char* sydp=new char[MAX]; bigint_to_string(ydp,sydp); // convert a4, a6, xp, yp to string char* sa4=new char[MAX]; bigmod_to_string(a4,sa4); char* sa6=new char[MAX]; bigmod_to_string(a6,sa6); char* sxp=new char[MAX]; bigmod_to_string(xp,sxp); char* syp=new char[MAX]; bigmod_to_string(yp,syp); char* sq=new char[MAX]; bigint_to_string(q,sq); // save all the info to public key file fputc('\n',pkfile); fprintf(pkfile,"%s#%s#%s#%s#%s#%s#%s#%s#%s",username,hash_d,sa4,sa6,sxp,syp,sxdp,sydp,sq); fclose(pkfile); cout<<"\nDone saving your public key to ["<<pkfilename<<"]"<<endl; //cleaning up delete[] sd; delete[] sxdp; delete[] sydp; delete[] sa4; delete[] sa6; delete[] sxp; delete[] syp; delete[] sq; }