static gpgme_error_t passphrase_cb(void *opaque, const char *uid_hint,
const char *passphrase_info,
int last_was_bad, int fd)
{
log_write("info: %s\n", passphrase_info);
log_write("uid: %s\n", uid_hint);
char *passphrase = get_passphrase(passphrase_info);
if (!passphrase) {
if (write(fd, "\n", 1) != 1) {
return gpgme_error_from_errno(errno);
}
return 0;
}
const char *begin = passphrase;
size_t offset = 0;
size_t size = strlen(begin);
do {
const char *ptr = begin + offset;
int c = (int) write(fd, ptr, size - offset);
if (c <= 0) break;
offset += c;
} while (offset < size);
g_free(passphrase);
if (offset != size) {
return gpgme_error_from_errno(errno);
}
if (write(fd, "\n", 1) != 1) {
return gpgme_error_from_errno(errno);
}
return 0;
}
std::string Command::get_passphrase_arg(const std::string& prompt, const std::string& opt_name)
{
const std::string s = get_arg(opt_name);
if(s != "-")
return s;
return get_passphrase(prompt);
}
/*
* Function: main
* --------------
* Where it all begins.
*/
int
main(int argc, char *argv[])
{
unsigned char key[KEYBYTES] = {0};
unsigned char nonce[NONCEBYTES] = {0};
char passphrase[PHRASEMAX] = {0};
if (argc != 4) { usage(); }
get_passphrase(passphrase);
get_key_material(key, nonce, passphrase);
process_file(argv[1], argv[2], argv[3], key, nonce);
exit(EXIT_SUCCESS);
}
static int smime_command_passphrase(struct mailprivacy * privacy,
struct mailmessage * msg,
char * command,
char * userid,
char * stdoutfile, char * stderrfile)
{
char * passphrase;
int res;
int bad_passphrase;
bad_passphrase = 0;
passphrase = NULL;
if (userid != NULL)
passphrase = get_passphrase(privacy, userid);
res = mailprivacy_spawn_and_wait(command, passphrase, stdoutfile, stderrfile,
&bad_passphrase);
if (res != NO_ERROR_PASSPHRASE) {
switch (res) {
case ERROR_PASSPHRASE_COMMAND:
return ERROR_SMIME_COMMAND;
case ERROR_PASSPHRASE_FILE:
return ERROR_SMIME_FILE;
default:
return ERROR_SMIME_COMMAND;
}
return res;
}
if (bad_passphrase) {
if (userid != NULL) {
mailprivacy_smime_add_encryption_id(privacy, msg, userid);
return ERROR_SMIME_NOPASSPHRASE;
}
return ERROR_SMIME_CHECK;
}
return NO_ERROR_SMIME;
}
static int
key_hdl_to_zc(libzfs_handle_t *hdl, zfs_handle_t *zhp, char *keysource,
int crypt, zfs_cmd_t *zc, zfs_crypto_zckey_t cmd)
{
// CK_SESSION_HANDLE session;
int ret = 0;
key_format_t format;
key_locator_t locator;
char *uri;
//pkcs11_uri_t p11uri;
size_t keylen = zio_crypt_table[crypt].ci_keylen;
char *keydata = NULL;
size_t keydatalen = 0;
char *tmpkeydata = NULL;
size_t tmpkeydatalen = 0;
uint64_t salt;
//struct cb_arg_curl cb_curl = { 0 };
fprintf(stderr, "in key_hdl_to_zc\r\n");
zc->zc_crypto.zic_clone_newkey = hdl->libzfs_crypt.zc_clone_newkey;
if (!keysource_prop_parser(keysource, &format, &locator, &uri)) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"invalid keysource property."));
return (-1);
}
/*
* First check if there was anything in the handle already
* if so we use that and we are done with locating the data.
* Note that we may be looking at other fields
* and zic_clone_newkey even if zc_key_data_len is empty.
*
* We allow this regardless of the locator so that things
* like a PAM module can provide the passphrase but the user
* can still have "passphrase,prompt" to use zfs(1M) interactively.
*/
if (hdl->libzfs_crypt.zc_key_data_len != 0) {
keydata = zfs_alloc(hdl, hdl->libzfs_crypt.zc_key_data_len);
bcopy(hdl->libzfs_crypt.zc_key_data, keydata,
hdl->libzfs_crypt.zc_key_data_len);
keydatalen = hdl->libzfs_crypt.zc_key_data_len;
goto format_key;
}
/*
* Get the key from the URI or prompt for it.
* If the format is raw then prompting is a simple read(2)
* otherwise we put up a prompt saying what we are asking for.
* We can't do this with the 'zfs mount -a' that is in
* sys:/system/filesystem/local:default but we shouldn't
* cause errors or warnings there either.
*/
switch (locator) {
case KEY_LOCATOR_PROMPT:
if (format == KEY_FORMAT_RAW) {
keydata = zfs_alloc(hdl, keylen);
errno = 0;
keydatalen = read(STDIN_FILENO, keydata, keylen);
if (keydatalen != keylen) {
free(keydata);
return (-1);
}
} else {
int tries = 0;
do {
/* get_passphrase allocates keydata */
ret = get_passphrase(hdl, &keydata,
&keydatalen, format, zc, cmd);
} while (ret != 0 && ++tries < 3);
if (ret)
return (-1);
}
break;
case KEY_LOCATOR_FILE_URI:
/*
* Need to tell pkcs11_read_data() how big of a key
* we want in case the locator URI is a device (eg, /dev/random)
* to be read from and not a file.
*
* Note that pkcs11_read_data allocates memory with malloc
* that we need to free.
*/
#if 0 // FIXME
keydatalen = keylen;
ret = pkcs11_read_data(&(uri[7]),
(void **)&keydata, &keydatalen);
if (ret != 0) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"failed to read key file: %s"), strerror(ret));
errno = ret;
return (-1);
}
#endif
break;
case KEY_LOCATOR_PKCS11_URI:
#if 0 // FIXME
keydatalen = keylen;
/*
* Parse out the PKCS#11 URI and
* get the value of the wrapping key.
*/
if (pkcs11_parse_uri(uri, &p11uri) != PK11_URI_OK) {
errno = EINVAL;
return (-1);
}
ret = get_pkcs11_key_value(hdl, zc, cmd, &p11uri,
&keydata, &keydatalen);
pkcs11_free_uri(&p11uri);
if (ret != 0) {
return (-1);
}
#endif
break;
case KEY_LOCATOR_HTTPS_URI: {
#if 0
CURL *curl_hdl = curl_easy_init();
CURLcode cerr;
cerr = curl_easy_setopt(curl_hdl, CURLOPT_URL, uri);
if (cerr != CURLE_OK)
goto curl_fail;
cerr = curl_easy_setopt(curl_hdl, CURLOPT_FAILONERROR, 1L);
if (cerr != CURLE_OK)
goto curl_fail;
cerr = curl_easy_setopt(curl_hdl, CURLOPT_WRITEFUNCTION,
get_keydata_curl);
if (cerr != CURLE_OK)
goto curl_fail;
cb_curl.cb_hdl = hdl;
cerr = curl_easy_setopt(curl_hdl, CURLOPT_WRITEDATA,
&cb_curl);
if (cerr != CURLE_OK)
goto curl_fail;
cerr = curl_easy_perform(curl_hdl);
curl_fail:
/*
* Just deal with libcurl errors here, reading the wrong key
* size is dealt with generically in the format_key section.
*/
if (cerr != 0) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"failed to retreive key from '%s': '%s'"),
uri, curl_easy_strerror(cerr));
return (-1);
}
keydata = cb_curl.cb_keydata;
keydatalen = cb_curl.cb_keydatalen;
curl_easy_cleanup(curl_hdl);
#endif
break;
case KEY_LOCATOR_NONE: // Avoid Warning
break;
}
}
format_key:
if (keydata == NULL || keydatalen == 0) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"key can not be of zero size"));
errno = ret;
return (-1);
}
/*
* Now that we have the key do any transform that is necessary
* such as turning the hex format into raw or in the case of
* a passphrase running it through PKCS#5 to get the raw key.
*
* Note that zic_keydata is not malloc'd memory so that we
* don't have to worry about our caller freeing it.
*/
switch (format) {
case KEY_FORMAT_RAW:
bcopy(keydata, zc->zc_crypto.zic_keydata, keydatalen);
zc->zc_crypto.zic_keydatalen = keydatalen;
zc->zc_crypto.zic_salt = 0;
break;
case KEY_FORMAT_HEX:
/*
* If the keylen is not on the byte boundary, in terms of hex
* format, and that extra char is a linefeed, we can trim it
*/
if (keydatalen == (keylen * 2) + 1 &&
keydata[keydatalen] == '\n') {
keydatalen--;
}
/*
* hexstr_to_bytes allocates memory with malloc
* but we want the data in zic_keydata which isn't malloc'd
* so to avoid a memory leak we use a tmpkeydata buffer
* and bcopy it.
*/
#if 0 // FIXME
ret = hexstr_to_bytes(keydata, keydatalen,
(uchar_t **)&tmpkeydata, &tmpkeydatalen);
#endif
if (ret) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"invalid hex format key."));
errno = EACCES;
ret = -1;
goto out;
}
bcopy(tmpkeydata, zc->zc_crypto.zic_keydata, tmpkeydatalen);
bzero(tmpkeydata, tmpkeydatalen);
free(tmpkeydata);
zc->zc_crypto.zic_keydatalen = tmpkeydatalen;
zc->zc_crypto.zic_salt = 0;
break;
case KEY_FORMAT_PASSPHRASE:
/* Remove any extra linefeed that may be on the end */
if (keydata[keydatalen - 1] == '\n')
keydatalen--;
if (cmd == ZFS_CRYPTO_KEY_LOAD) {
salt = zfs_prop_get_int(zhp, ZFS_PROP_SALT);
} else {
#if 0 // FIXME
ret = pkcs11_get_random(&salt, sizeof (uint64_t));
if (ret) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"failed to obtain salt: %s."),
pkcs11_strerror(ret));
errno = EINVAL;
ret = -1;
goto out;
}
#endif
}
fprintf(stderr, "Key is '%s' and is len %u\r\n",
keydata, keydatalen);
// FIXME
tmpkeydata = strdup(keydata);
tmpkeydatalen = keydatalen;
salt = 0x1234;
#if 0 // FIXME
ret = SUNW_C_GetMechSession(CKM_PKCS5_PBKD2, &session);
if (ret) {
zfs_error_aux(hdl,
dgettext(TEXT_DOMAIN,
"failed to access CKM_PKCS5_PBKD2: %s."),
pkcs11_strerror(ret));
errno = EINVAL;
ret = -1;
goto out;
}
/*
* pkcs11_PasswdToKey allocates memory with malloc
* but we want the data in zic_keydata which isn't malloc'd
* so to avoid a memory leak we use a tmpkeydata buffer
* and bcopy it.
*/
ret = pkcs11_PasswdToKey(session, keydata, keydatalen,
(void *)&salt, sizeof (uint64_t), CKK_AES,
keylen, (void **)&tmpkeydata, &tmpkeydatalen);
(void) C_CloseSession(session);
if (ret) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"failed to generate key: %s."),
pkcs11_strerror(ret));
errno = EINVAL;
ret = -1;
goto out;
}
#endif
bcopy(tmpkeydata, zc->zc_crypto.zic_keydata, tmpkeydatalen);
bzero(tmpkeydata, tmpkeydatalen);
free(tmpkeydata);
zc->zc_crypto.zic_keydatalen = tmpkeydatalen;
zc->zc_crypto.zic_salt = salt;
break;
default:
ASSERT(format);
}
if (zc->zc_crypto.zic_keydatalen != keylen) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"key length invalid. expected %lu bytes have %lu"),
keylen, zc->zc_crypto.zic_keydatalen);
errno = EIO;
ret = -1;
}
if (tmpkeydatalen) // Only decrease if NOT zero.
tmpkeydatalen--;
while (zc->zc_crypto.zic_keydata[tmpkeydatalen] == 0 &&
tmpkeydatalen > 0)
tmpkeydatalen--;
if (tmpkeydatalen == 0) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"invalid all zeros key %lu"), tmpkeydatalen);
errno = EIO;
ret = -1;
}
out:
if (keydata) {
bzero(keydata, keydatalen);
free(keydata);
}
return (ret);
}
int
main (int argc, char **argv)
{
char *args;
char *logfile;
char *passphrasefile;
char *passphrase;
/* We get our options via PINENTRY_USER_DATA. */
(void) argc, (void) argv;
setvbuf (stdin, NULL, _IOLBF, BUFSIZ);
setvbuf (stdout, NULL, _IOLBF, BUFSIZ);
args = getenv ("PINENTRY_USER_DATA");
if (! args)
args = "";
logfile = option_value (args, "--logfile");
if (logfile)
{
char *p = logfile, more;
while (*p && ! spacep (p))
p++;
more = !! *p;
*p = 0;
args = more ? p+1 : p;
log_stream = fopen (logfile, "a");
if (! log_stream)
{
perror (logfile);
return 1;
}
}
passphrasefile = option_value (args, "--passphrasefile");
if (passphrasefile)
{
char *p = passphrasefile, more;
while (*p && ! spacep (p))
p++;
more = !! *p;
*p = 0;
args = more ? p+1 : p;
passphrase = get_passphrase (passphrasefile);
if (! passphrase)
{
reply ("# Passphrasefile '%s' is empty. Terminating.\n",
passphrasefile);
return 1;
}
p = passphrase + strlen (passphrase) - 1;
if (*p == '\n')
*p = 0;
}
else
passphrase = skip_options (args);
reply ("# fake-pinentry started. Passphrase='%s'.\n", passphrase);
reply ("OK - what's up?\n");
while (! feof (stdin))
{
char buffer[1024];
if (fgets (buffer, sizeof buffer, stdin) == NULL)
break;
if (log_stream)
fprintf (log_stream, "< %s", buffer);
if (strncmp (buffer, "GETPIN", 6) == 0)
reply ("D %s\n", passphrase);
else if (strncmp (buffer, "BYE", 3) == 0)
{
reply ("OK\n");
break;
}
reply ("OK\n");
}
reply ("# Connection terminated.\n");
if (log_stream)
fclose (log_stream);
return 0;
}
// FUNCTION : generate a public key
//
// Input : username,
// a4, a6 -> elliptic curve constants
// xp, yp -> point's coordinate
// prime field
// passphrase
// Output : file username.pkf which contains all
// of those information
//
// AUTHOR : TH <*****@*****.**>, Jan 2000
//
void gen_pubkey(const char* pkfilename, int blocksize)
{
// declaration of variables
char username[MAX];
point P,H;
bigmod a4,a6,xp,yp;
bigint xdp,ydp,q;
banner();
cout<<"Before you can use encryption/decryption you must generate your public key.";
cout<<"\nThe following process will guide you through generating your public key.";
cout<<"\n\nTo achieve a cryptographically secure elliptic curve cryptosystem, you must ";
cout<<"\nsupply a relatively big prime finite field (q), a good a, b";
cout<<"\nfor elliptic curve equation and a point that lies on the curve.";
//get EC parameters from user
cout<<"\n\nGENERATE PUBLIC KEY\n";
cout<<"-------------------";
cout<<"\nPlease enter your user name : ";cin>>username;
get_ecparm(a4,a6,xp,yp,q);
// EC initialization
P.init_curve(a4,a6);
P.set_point(xp,yp);
if (pkfilename==" ")
pkfilename=PKFILENAME;
// open public key file
FILE* pkfile;
pkfile=fopen(pkfilename,"a+");
if(!pkfile)
{
cout<<"\nAZTECC ERROR : Error writing file ["<<pkfilename<<"]"<<endl;
exit(1);
}
bigint d;
get_passphrase(d,blocksize,username);
// multiply the private key with EC point
mul_point(H,d,P);
// compute hash(d)
char* sd=new char[MAX];
bigint_to_string(d,sd);
char* hash_d=new char[MAX];
hash_d=MD5_hex_digest(sd);
// convert the EC coordinate to string
get_x(xdp,H);
char* sxdp=new char[MAX];
bigint_to_string(xdp,sxdp);
get_y(ydp,H);
char* sydp=new char[MAX];
bigint_to_string(ydp,sydp);
// convert a4, a6, xp, yp to string
char* sa4=new char[MAX];
bigmod_to_string(a4,sa4);
char* sa6=new char[MAX];
bigmod_to_string(a6,sa6);
char* sxp=new char[MAX];
bigmod_to_string(xp,sxp);
char* syp=new char[MAX];
bigmod_to_string(yp,syp);
char* sq=new char[MAX];
bigint_to_string(q,sq);
// save all the info to public key file
fputc('\n',pkfile);
fprintf(pkfile,"%s#%s#%s#%s#%s#%s#%s#%s#%s",username,hash_d,sa4,sa6,sxp,syp,sxdp,sydp,sq);
fclose(pkfile);
cout<<"\nDone saving your public key to ["<<pkfilename<<"]"<<endl;
//cleaning up
delete[] sd;
delete[] sxdp;
delete[] sydp;
delete[] sa4;
delete[] sa6;
delete[] sxp;
delete[] syp;
delete[] sq;
}
