diff options
| author | Stefan Walter <stefw@src.gnome.org> | 2009-01-22 22:53:47 +0000 |
|---|---|---|
| committer | Stefan Walter <stefw@src.gnome.org> | 2009-01-22 22:53:47 +0000 |
| commit | 83ca81ea3df493fee93c1aa934aa4b44823ddbe4 (patch) | |
| tree | d78180b77d72ffb9a190a81d0a137b7db277e653 | |
| parent | 1f05a058e9e2b81c73e9021c424ee52230fe83fc (diff) | |
Removed lots of unused code resulting from refactoring.
* common/gkr-crypto.c:
* common/gkr-crypto.h:
* common/tests/Makefile.am:
* common/tests/unit-test-crypto.c: (removed)
* daemon/Makefile.am:
* daemon/keyrings/gkr-keyring-binary.c:
* daemon/pk/gkr-pk-index.c:
* daemon/pk/gkr-pk-root-storage.c:
* daemon/pk/gkr-pk-session-storage.c:
* daemon/pkix/gkr-pkix-der.c:
* daemon/pkix/gkr-pkix-openssl.c: (removed)
* daemon/pkix/gkr-pkix-openssl.h: (removed)
* daemon/pkix/gkr-pkix-pem.c: (removed)
* daemon/pkix/gkr-pkix-pem.h: (removed)
* daemon/pkix/gkr-pkix-serialize.c:
* daemon/pkix/Makefile.am:
* daemon/pkix/tests/Makefile.am:
* daemon/pkix/tests/unit-test-pkix-openssl.c: (removed)
* daemon/ssh/*: (removed)
* daemon/ssh/tests/*: (removed)
* configure.in: Removed lots of unused code resulting from refactoring.
svn path=/trunk/; revision=1474
30 files changed, 63 insertions, 3753 deletions
@@ -1,5 +1,29 @@ 2009-01-22 Stef Walter <stef@memberwebs.com> + * common/gkr-crypto.c: + * common/gkr-crypto.h: + * common/tests/Makefile.am: + * common/tests/unit-test-crypto.c: (removed) + * daemon/Makefile.am: + * daemon/keyrings/gkr-keyring-binary.c: + * daemon/pk/gkr-pk-index.c: + * daemon/pk/gkr-pk-root-storage.c: + * daemon/pk/gkr-pk-session-storage.c: + * daemon/pkix/gkr-pkix-der.c: + * daemon/pkix/gkr-pkix-openssl.c: (removed) + * daemon/pkix/gkr-pkix-openssl.h: (removed) + * daemon/pkix/gkr-pkix-pem.c: (removed) + * daemon/pkix/gkr-pkix-pem.h: (removed) + * daemon/pkix/gkr-pkix-serialize.c: + * daemon/pkix/Makefile.am: + * daemon/pkix/tests/Makefile.am: + * daemon/pkix/tests/unit-test-pkix-openssl.c: (removed) + * daemon/ssh/*: (removed) + * daemon/ssh/tests/*: (removed) + * configure.in: Removed lots of unused code resulting from refactoring. + +2009-01-22 Stef Walter <stef@memberwebs.com> + * daemon/pkcs11/gkr-pkcs11-auth.c: * daemon/pkcs11/gkr-pkcs11-auth.h: * daemon/pkcs11/gkr-pkcs11-auth-ep.c: diff --git a/common/gkr-crypto.c b/common/gkr-crypto.c index e2593a04..ac6d7dfa 100644 --- a/common/gkr-crypto.c +++ b/common/gkr-crypto.c @@ -87,561 +87,6 @@ gkr_crypto_setup (void) srand (seed); } -static const char HEXC[] = "0123456789ABCDEF"; - -gboolean -gkr_crypto_hex_encode (const guchar *data, gsize n_data, - gchar *encoded, gsize *n_encoded) -{ - guchar j; - - g_return_val_if_fail (*n_encoded >= n_data * 2 + 1, FALSE); - - while(n_data > 0) { - j = *(data) >> 4 & 0xf; - *(encoded++) = HEXC[j]; - - j = *(data++) & 0xf; - *(encoded++) = HEXC[j]; - - n_data--; - } - - /* Null terminate */ - *encoded = 0; - return TRUE; -} - -gboolean -gkr_crypto_hex_decode (const gchar *data, gsize n_data, - guchar *decoded, gsize *n_decoded) -{ - gushort j; - gint state = 0; - const gchar* pos; - - g_assert (data); - g_assert (decoded); - g_assert (n_decoded); - - g_return_val_if_fail (*n_decoded >= n_data / 2, FALSE); - *n_decoded = 0; - - while (n_data > 0) - { - if (!isspace (*data)) { - - /* Find the position */ - pos = strchr (HEXC, toupper (*data)); - if (pos == 0) - break; - - j = pos - HEXC; - if(!state) { - *decoded = (j & 0xf) << 4; - state = 1; - } else { - *decoded |= (j & 0xf); - (*n_decoded)++; - decoded++; - state = 0; - } - } - - ++data; - --n_data; - } - - g_return_val_if_fail (state == 0, FALSE); - - return TRUE; -} - -/* ----------------------------------------------------------------------------- - * PASSWORD TO KEY/IV - */ - -gboolean -gkr_crypto_generate_symkey_simple (int cipher_algo, int hash_algo, - const gchar *password, const guchar *salt, - gsize n_salt, int iterations, guchar **key, - guchar **iv) -{ - gcry_md_hd_t mdh; - gcry_error_t gcry; - guchar *digest; - guchar *digested; - guint n_digest; - gint pass, i; - gint needed_iv, needed_key; - guchar *at_iv, *at_key; - - g_assert (cipher_algo); - g_assert (hash_algo); - - g_return_val_if_fail (iterations >= 1, FALSE); - - /* - * If cipher algo needs more bytes than hash algo has available - * then the entire hashing process is done again (with the previous - * hash bytes as extra input), and so on until satisfied. - */ - - needed_key = gcry_cipher_get_algo_keylen (cipher_algo); - needed_iv = gcry_cipher_get_algo_blklen (cipher_algo); - - gcry = gcry_md_open (&mdh, hash_algo, 0); - if (gcry) { - g_warning ("couldn't create '%s' hash context: %s", - gcry_md_algo_name (hash_algo), gcry_strerror (gcry)); - return FALSE; - } - - n_digest = gcry_md_get_algo_dlen (hash_algo); - g_return_val_if_fail (n_digest > 0, FALSE); - - digest = egg_secure_alloc (n_digest); - g_return_val_if_fail (digest, FALSE); - if (key) { - *key = egg_secure_alloc (needed_key); - g_return_val_if_fail (*key, FALSE); - } - if (iv) - *iv = g_new0 (guchar, needed_iv); - - at_key = key ? *key : NULL; - at_iv = iv ? *iv : NULL; - - for (pass = 0; TRUE; ++pass) { - gcry_md_reset (mdh); - - /* Hash in the previous buffer on later passes */ - if (pass > 0) - gcry_md_write (mdh, digest, n_digest); - - if (password) - gcry_md_write (mdh, password, strlen (password)); - if (salt && n_salt) - gcry_md_write (mdh, salt, n_salt); - gcry_md_final (mdh); - digested = gcry_md_read (mdh, 0); - g_return_val_if_fail (digested, FALSE); - memcpy (digest, digested, n_digest); - - for (i = 1; i < iterations; ++i) { - gcry_md_reset (mdh); - gcry_md_write (mdh, digest, n_digest); - gcry_md_final (mdh); - digested = gcry_md_read (mdh, 0); - g_return_val_if_fail (digested, FALSE); - memcpy (digest, digested, n_digest); - } - - /* Copy as much as possible into the destinations */ - i = 0; - while (needed_key && i < n_digest) { - if (at_key) - *(at_key++) = digest[i]; - needed_key--; - i++; - } - while (needed_iv && i < n_digest) { - if (at_iv) - *(at_iv++) = digest[i]; - needed_iv--; - i++; - } - - if (needed_key == 0 && needed_iv == 0) - break; - } - - egg_secure_free (digest); - gcry_md_close (mdh); - - return TRUE; -} - -gboolean -gkr_crypto_generate_symkey_pbe (int cipher_algo, int hash_algo, const gchar *password, - const guchar *salt, gsize n_salt, int iterations, - guchar **key, guchar **iv) -{ - gcry_md_hd_t mdh; - gcry_error_t gcry; - guchar *digest; - guchar *digested; - guint i, n_digest; - gint needed_iv, needed_key; - - g_assert (cipher_algo); - g_assert (hash_algo); - - g_return_val_if_fail (iterations >= 1, FALSE); - - /* - * We only do one pass here. - * - * The key ends up as the first needed_key bytes of the hash buffer. - * The iv ends up as the last needed_iv bytes of the hash buffer. - * - * The IV may overlap the key (which is stupid) if the wrong pair of - * hash/cipher algorithms are chosen. - */ - - n_digest = gcry_md_get_algo_dlen (hash_algo); - g_return_val_if_fail (n_digest > 0, FALSE); - - needed_key = gcry_cipher_get_algo_keylen (cipher_algo); - needed_iv = gcry_cipher_get_algo_blklen (cipher_algo); - if (needed_iv + needed_key > 16 || needed_iv + needed_key > n_digest) { - g_warning ("using PBE symkey generation with %s using an algorithm that needs " - "too many bytes of key and/or IV: %s", - gcry_cipher_algo_name (hash_algo), - gcry_cipher_algo_name (cipher_algo)); - return FALSE; - } - - gcry = gcry_md_open (&mdh, hash_algo, 0); - if (gcry) { - g_warning ("couldn't create '%s' hash context: %s", - gcry_md_algo_name (hash_algo), gcry_strerror (gcry)); - return FALSE; - } - - digest = egg_secure_alloc (n_digest); - g_return_val_if_fail (digest, FALSE); - if (key) { - *key = egg_secure_alloc (needed_key); - g_return_val_if_fail (*key, FALSE); - } - if (iv) - *iv = g_new0 (guchar, needed_iv); - - if (password) - gcry_md_write (mdh, password, strlen (password)); - if (salt && n_salt) - gcry_md_write (mdh, salt, n_salt); - gcry_md_final (mdh); - digested = gcry_md_read (mdh, 0); - g_return_val_if_fail (digested, FALSE); - memcpy (digest, digested, n_digest); - - for (i = 1; i < iterations; ++i) - gcry_md_hash_buffer (hash_algo, digest, digest, n_digest); - - /* The first x bytes are the key */ - if (key) { - g_assert (needed_key <= n_digest); - memcpy (*key, digest, needed_key); - } - - /* The last 16 - x bytes are the iv */ - if (iv) { - g_assert (needed_iv <= n_digest && n_digest >= 16); - memcpy (*iv, digest + (16 - needed_iv), needed_iv); - } - - egg_secure_free (digest); - gcry_md_close (mdh); - - return TRUE; -} - -static gboolean -generate_pkcs12 (int hash_algo, int type, const gchar *utf8_password, - const guchar *salt, gsize n_salt, int iterations, - guchar *output, gsize n_output) -{ - gcry_mpi_t num_b1, num_ij; - guchar *hash, *buf_i, *buf_b; - gcry_md_hd_t mdh; - const gchar *p2; - guchar *p; - gsize n_hash, i; - gunichar unich; - gcry_error_t gcry; - - num_b1 = num_ij = NULL; - - n_hash = gcry_md_get_algo_dlen (hash_algo); - g_return_val_if_fail (n_hash > 0, FALSE); - - gcry = gcry_md_open (&mdh, hash_algo, 0); - if (gcry) { - g_warning ("couldn't create '%s' hash context: %s", - gcry_md_algo_name (hash_algo), gcry_strerror (gcry)); - return FALSE; - } - - /* Reqisition me a buffer */ - hash = egg_secure_alloc (n_hash); - buf_i = egg_secure_alloc (128); - buf_b = egg_secure_alloc (64); - g_return_val_if_fail (hash && buf_i && buf_b, FALSE); - - /* Bring in the salt */ - p = buf_i; - if (salt) { - for (i = 0; i < 64; ++i) - *(p++) = salt[i % n_salt]; - } else { - memset (p, 0, 64); - p += 64; - } - - /* Bring in the password, as 16bits per character BMP string, ie: UCS2 */ - if (utf8_password) { - p2 = utf8_password; - for (i = 0; i < 64; i += 2) { - unich = *p2 ? g_utf8_get_char (p2) : 0; - *(p++) = (unich & 0xFF00) >> 8; - *(p++) = (unich & 0xFF); - if (*p2) /* Loop back to beginning if more bytes are needed */ - p2 = g_utf8_next_char (p2); - else - p2 = utf8_password; - } - } else { - memset (p, 0, 64); - p += 64; - } - - /* Hash and bash */ - for (;;) { - gcry_md_reset (mdh); - - /* Put in the PKCS#12 type of key */ - for (i = 0; i < 64; ++i) - gcry_md_putc (mdh, type); - - /* Bring in the password */ - gcry_md_write (mdh, buf_i, utf8_password ? 128 : 64); - - /* First iteration done */ - memcpy (hash, gcry_md_read (mdh, hash_algo), n_hash); - - /* All the other iterations */ - for (i = 1; i < iterations; i++) - gcry_md_hash_buffer (hash_algo, hash, hash, n_hash); - - /* Take out as much as we need */ - for (i = 0; i < n_hash && n_output; ++i) { - *(output++) = hash[i]; - --n_output; - } - - /* Is that enough generated keying material? */ - if (!n_output) - break; - - /* Need more bytes, do some voodoo */ - for (i = 0; i < 64; ++i) - buf_b[i] = hash[i % n_hash]; - gcry = gcry_mpi_scan (&num_b1, GCRYMPI_FMT_USG, buf_b, 64, NULL); - g_return_val_if_fail (gcry == 0, FALSE); - gcry_mpi_add_ui (num_b1, num_b1, 1); - for (i = 0; i < 128; i += 64) { - gcry = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, 64, NULL); - g_return_val_if_fail (gcry == 0, FALSE); - gcry_mpi_add (num_ij, num_ij, num_b1); - gcry_mpi_clear_highbit (num_ij, 64 * 8); - gcry = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, 64, NULL, num_ij); - g_return_val_if_fail (gcry == 0, FALSE); - gcry_mpi_release (num_ij); - } - } - - egg_secure_free (buf_i); - egg_secure_free (buf_b); - egg_secure_free (hash); - gcry_mpi_release (num_b1); - gcry_md_close (mdh); - - return TRUE; -} - -gboolean -gkr_crypto_generate_symkey_pkcs12 (int cipher_algo, int hash_algo, const gchar *password, - const guchar *salt, gsize n_salt, - int iterations, guchar **key, guchar **iv) -{ - gsize n_block, n_key; - gboolean ret = TRUE; - - g_return_val_if_fail (cipher_algo, FALSE); - g_return_val_if_fail (hash_algo, FALSE); - g_return_val_if_fail (iterations > 0, FALSE); - - n_key = gcry_cipher_get_algo_keylen (cipher_algo); - n_block = gcry_cipher_get_algo_blklen (cipher_algo); - - if (password && !g_utf8_validate (password, -1, NULL)) { - g_warning ("invalid non-UTF8 password"); - g_return_val_if_reached (FALSE); - } - - if (key) - *key = NULL; - if (iv) - *iv = NULL; - - /* Generate us an key */ - if (key) { - *key = egg_secure_alloc (n_key); - g_return_val_if_fail (*key != NULL, FALSE); - ret = generate_pkcs12 (hash_algo, 1, password, salt, n_salt, - iterations, *key, n_key); - } - - /* Generate us an iv */ - if (ret && iv) { - if (n_block > 1) { - *iv = g_malloc (n_block); - ret = generate_pkcs12 (hash_algo, 2, password, salt, n_salt, - iterations, *iv, n_block); - } else { - *iv = NULL; - } - } - - /* Cleanup in case of failure */ - if (!ret) { - g_free (iv ? *iv : NULL); - g_free (key ? *key : NULL); - } - - return ret; -} - -static gboolean -generate_pbkdf2 (int hash_algo, const gchar *password, gsize n_password, - const guchar *salt, gsize n_salt, guint iterations, - guchar *output, gsize n_output) -{ - gcry_md_hd_t mdh; - guint u, l, r, i, k; - gcry_error_t gcry; - guchar *U, *T, *buf; - gsize n_buf, n_hash; - - g_return_val_if_fail (hash_algo > 0, FALSE); - g_return_val_if_fail (iterations > 0, FALSE); - g_return_val_if_fail (n_output > 0, FALSE); - g_return_val_if_fail (n_output < G_MAXUINT32, FALSE); - - n_hash = gcry_md_get_algo_dlen (hash_algo); - g_return_val_if_fail (n_hash > 0, FALSE); - - gcry = gcry_md_open (&mdh, hash_algo, GCRY_MD_FLAG_HMAC); - if (gcry != 0) { - g_warning ("couldn't create '%s' hash context: %s", - gcry_md_algo_name (hash_algo), gcry_strerror (gcry)); - return FALSE; - } - - /* Get us a temporary buffers */ - T = egg_secure_alloc (n_hash); - U = egg_secure_alloc (n_hash); - n_buf = n_salt + 4; - buf = egg_secure_alloc (n_buf); - g_return_val_if_fail (buf && T && U, FALSE); - - /* n_hash blocks in output, rounding up */ - l = ((n_output - 1) / n_hash) + 1; - - /* number of bytes in last, rounded up, n_hash block */ - r = n_output - (l - 1) * n_hash; - - memcpy (buf, salt, n_salt); - for (i = 1; i <= l; i++) { - memset (T, 0, n_hash); - for (u = 1; u <= iterations; u++) { - gcry_md_reset (mdh); - - gcry = gcry_md_setkey (mdh, password, n_password); - g_return_val_if_fail (gcry == 0, FALSE); - - /* For first iteration on each block add 4 extra bytes */ - if (u == 1) { - buf[n_salt + 0] = (i & 0xff000000) >> 24; - buf[n_salt + 1] = (i & 0x00ff0000) >> 16; - buf[n_salt + 2] = (i & 0x0000ff00) >> 8; - buf[n_salt + 3] = (i & 0x000000ff) >> 0; - - gcry_md_write (mdh, buf, n_buf); - - /* Other iterations, any block */ - } else { - gcry_md_write (mdh, U, n_hash); - } - - memcpy (U, gcry_md_read (mdh, hash_algo), n_hash); - - for (k = 0; k < n_hash; k++) - T[k] ^= U[k]; - } - - memcpy (output + (i - 1) * n_hash, T, i == l ? r : n_hash); - } - - egg_secure_free (T); - egg_secure_free (U); - egg_secure_free (buf); - gcry_md_close (mdh); - return TRUE; -} - -gboolean -gkr_crypto_generate_symkey_pbkdf2 (int cipher_algo, int hash_algo, - const gchar *password, const guchar *salt, - gsize n_salt, int iterations, - guchar **key, guchar **iv) -{ - gsize n_key, n_block, n_password; - gboolean ret = TRUE; - - g_return_val_if_fail (hash_algo, FALSE); - g_return_val_if_fail (cipher_algo, FALSE); - g_return_val_if_fail (iterations > 0, FALSE); - - n_key = gcry_cipher_get_algo_keylen (cipher_algo); - n_block = gcry_cipher_get_algo_blklen (cipher_algo); - - if (key) - *key = NULL; - if (iv) - *iv = NULL; - - n_password = password ? strlen (password) : 0; - - /* Generate us an key */ - if (key) { - *key = egg_secure_alloc (n_key); - g_return_val_if_fail (*key != NULL, FALSE); - ret = generate_pbkdf2 (hash_algo, password, n_password, salt, n_salt, - iterations, *key, n_key); - } - - /* Generate us an iv */ - if (ret && iv) { - if (n_block > 1) { - *iv = g_malloc (n_block); - gcry_create_nonce (*iv, n_block); - } else { - *iv = NULL; - } - } - - /* Cleanup in case of failure */ - if (!ret) { - g_free (iv ? *iv : NULL); - g_free (key ? *key : NULL); - } - - return ret; -} - /* ----------------------------------------------------------------------------- * MPI HELPERS */ @@ -670,19 +115,6 @@ sexp_get_childv (gcry_sexp_t sexp, va_list va) return at; } -gcry_sexp_t -gkr_crypto_sexp_get_child (gcry_sexp_t sexp, ...) -{ - gcry_sexp_t child; - va_list va; - - va_start (va, sexp); - child = sexp_get_childv (sexp, va); - va_end (va); - - return child; -} - gboolean gkr_crypto_sexp_extract_mpi (gcry_sexp_t sexp, gcry_mpi_t *mpi, ...) { diff --git a/common/gkr-crypto.h b/common/gkr-crypto.h index 4a5b78bc..eb00e135 100644 --- a/common/gkr-crypto.h +++ b/common/gkr-crypto.h @@ -35,35 +35,6 @@ typedef guchar* (*GkrCryptoPadding) (guint n_modulus, const guchar* raw, void gkr_crypto_setup (void); -gboolean gkr_crypto_hex_encode (const guchar *data, gsize n_data, - gchar *encoded, gsize *n_encoded); - -gboolean gkr_crypto_hex_decode (const gchar *data, gsize n_data, - guchar *decoded, gsize *n_decoded); - -gboolean gkr_crypto_generate_symkey_simple (int cipher_algo, int hash_algo, - const gchar *password, const guchar *salt, - gsize n_salt, int iterations, - guchar **key, guchar **iv); - -gboolean gkr_crypto_generate_symkey_pkcs12 (int cipher_algo, int hash_algo, - const gchar *password, const guchar *salt, - gsize n_salt, int iterations, - guchar **key, guchar **iv); - -gboolean gkr_crypto_generate_symkey_pbe (int cipher_algo, int hash_algo, - const gchar *password, const guchar *salt, - gsize n_salt, int iterations, - guchar **key, guchar **iv); - -gboolean gkr_crypto_generate_symkey_pbkdf2 (int cipher_algo, int hash_algo, - const gchar *password, const guchar *salt, - gsize n_salt, int iterations, - guchar **key, guchar **iv); - -gcry_sexp_t gkr_crypto_sexp_get_child (gcry_sexp_t sexp, ...) - G_GNUC_NULL_TERMINATED; - gboolean gkr_crypto_sexp_extract_mpi (gcry_sexp_t sexp, gcry_mpi_t *mpi, ...) G_GNUC_NULL_TERMINATED; diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am index 0414b0a7..eca41c27 100644 --- a/common/tests/Makefile.am +++ b/common/tests/Makefile.am @@ -1,7 +1,6 @@ UNIT_AUTO = \ unit-test-async.c \ unit-test-unique.c \ - unit-test-crypto.c \ unit-test-cleanup.c \ unit-test-location.c \ unit-test-location-watch.c \ diff --git a/common/tests/unit-test-crypto.c b/common/tests/unit-test-crypto.c deleted file mode 100644 index bdec5481..00000000 --- a/common/tests/unit-test-crypto.c +++ /dev/null @@ -1,303 +0,0 @@ -/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ -/* unit-test-crypto.c: Test crypto stuff - - Copyright (C) 2007 Stefan Walter - - The Gnome Keyring Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - The Gnome Keyring Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the Gnome Library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. - - Author: Stef Walter <stef@memberwebs.com> -*/ - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -#include "run-auto-test.h" - -#include "common/gkr-crypto.h" - -#include <gcrypt.h> - -/* - * Each test looks like (on one line): - * void unit_test_xxxxx (CuTest* cu) - * - * Each setup looks like (on one line): - * void unit_setup_xxxxx (void); - * - * Each teardown looks like (on one line): - * void unit_teardown_xxxxx (void); - * - * Tests be run in the order specified here. - */ - -void unit_setup_crypto (void) -{ - gkr_crypto_setup (); -} - -const static struct { - const gchar *password; - int cipher_algo; - int hash_algo; - int iterations; - const gchar *salt; - - const gchar *result_simple; - const gchar *result_pkcs12; - const gchar *result_pbkdf2; - const gchar *result_pbe; -} all_generation_tests[] = { - - { /* 24 byte output */ - "booo", GCRY_CIPHER_3DES, GCRY_MD_MD5, 1, - "\x70\x4C\xFF\xD6\x2F\xBA\x03\xE9", - "\x84\x12\xBB\x34\x94\x8C\x40\xAD\x97\x57\x96\x74\x5B\x6A\xFB\xF8\xD6\x61\x33\x51\xEA\x8C\xCF\xD8", - NULL, - NULL, - NULL - }, - - { /* 5 byte output */ - "booo", GCRY_CIPHER_RFC2268_40, GCRY_MD_SHA1, 2048, - "\x8A\x58\xC2\xE8\x7C\x1D\x80\x11", - NULL, - "\xD6\xA6\xF0\x76\x66", - NULL, - NULL - }, - - { /* Null Password, 5 byte output */ - NULL, GCRY_CIPHER_RFC2268_40, GCRY_MD_SHA1, 2000, - "\x04\xE0\x1C\x3E\xF8\xF2\xE9\xFD", - NULL, - "\x98\x7F\x20\x97\x1E", - NULL, - NULL - }, - - { /* 24 byte output */ - "booo", GCRY_CIPHER_3DES, GCRY_MD_SHA1, 2048, - "\xBD\xEE\x0B\xC6\xCF\x43\xAC\x25", - NULL, - "\x3F\x38\x1B\x0E\x87\xEB\x19\xBE\xD1\x39\xDC\x5B\xC2\xD2\xB3\x3C\x35\xA8\xB8\xF9\xEE\x66\x48\x94", - "\x20\x25\x90\xD8\xD6\x98\x3E\x71\x10\x17\x1F\x51\x49\x87\x27\xCA\x97\x27\xD1\xC9\x72\xF8\x11\xBB", - NULL - }, - - { /* Empty password, 24 byte output */ - "", GCRY_CIPHER_3DES, GCRY_MD_SHA1, 2048, - "\xF7\xCF\xD9\xCF\x1F\xF3\xAD\xF6", - NULL, - NULL, - "\x53\xE3\x35\x9E\x5D\xC1\x85\x1A\x71\x3A\x67\x4E\x80\x56\x13\xD6\x4E\x3E\x89\x43\xB7\x1D\x5F\x7F", - NULL - }, - - { /* Empty password, 24 byte output */ - "", GCRY_CIPHER_3DES, GCRY_MD_SHA1, 2048, - "\xD9\xB3\x2E\xC7\xBA\x1A\x8E\x15", - NULL, - "\x39\x70\x75\x7C\xF5\xE2\x13\x0B\x5D\xC2\x9D\x96\x8B\x71\xC7\xFC\x5B\x97\x1F\x79\x9F\x06\xFC\xA2", - NULL, - NULL - }, - - { /* 8 byte output */ - "booo", GCRY_CIPHER_DES, GCRY_MD_MD5, 2048, - "\x93\x4C\x3D\x29\xA2\x42\xB0\xF5", - NULL, - NULL, - NULL, - "\x8C\x67\x19\x7F\xB9\x23\xE2\x8D" - } -}; - -#define N_GENERATION_TESTS (sizeof (all_generation_tests) / sizeof (all_generation_tests[0])) - -void unit_test_generate_key_simple (CuTest* cu) -{ - int i; - gboolean ret; - guchar *key; - - for (i = 0; i < N_GENERATION_TESTS; ++i) { - - if (!all_generation_tests[i].result_simple) - continue; - - ret = gkr_crypto_generate_symkey_simple (all_generation_tests[i].cipher_algo, - all_generation_tests[i].hash_algo, - all_generation_tests[i].password, - (guchar*)all_generation_tests[i].salt, 8, - all_generation_tests[i].iterations, - &key, NULL); - CuAssert (cu, "failed to generate simple key", ret == TRUE); - - CuAssert (cu, "invalid simple key generated", - memcmp (key, all_generation_tests[i].result_simple, - gcry_cipher_get_algo_keylen (all_generation_tests[i].cipher_algo)) == 0); - } -} - -void unit_test_generate_key_pkcs12 (CuTest* cu) -{ - int i; - gboolean ret; - guchar *key; - - for (i = 0; i < N_GENERATION_TESTS; ++i) { - - if (!all_generation_tests[i].result_pkcs12) - continue; - - ret = gkr_crypto_generate_symkey_pkcs12 (all_generation_tests[i].cipher_algo, - all_generation_tests[i].hash_algo, - all_generation_tests[i].password, - (guchar*)all_generation_tests[i].salt, 8, - all_generation_tests[i].iterations, - &key, NULL); - CuAssert (cu, "failed to generate pkcs12 key", ret == TRUE); - - CuAssert (cu, "invalid pkcs12 key generated", - memcmp (key, all_generation_tests[i].result_pkcs12, - gcry_cipher_get_algo_keylen (all_generation_tests[i].cipher_algo)) == 0); - } -} - -void unit_test_generate_key_pbkdf2 (CuTest* cu) -{ - int i; - gboolean ret; - guchar *key; - - for (i = 0; i < N_GENERATION_TESTS; ++i) { - - if (!all_generation_tests[i].result_pbkdf2) - continue; - - ret = gkr_crypto_generate_symkey_pbkdf2 (all_generation_tests[i].cipher_algo, - all_generation_tests[i].hash_algo, - all_generation_tests[i].password, - (guchar*)all_generation_tests[i].salt, 8, - all_generation_tests[i].iterations, - &key, NULL); - CuAssert (cu, "failed to generate pbkdf2 key", ret == TRUE); - - CuAssert (cu, "invalid pbkdf2 key generated", - memcmp (key, all_generation_tests[i].result_pbkdf2, - gcry_cipher_get_algo_keylen (all_generation_tests[i].cipher_algo)) == 0); - } -} - -void unit_test_generate_key_pbe (CuTest* cu) -{ - int i; - gboolean ret; - guchar *key; - - for (i = 0; i < N_GENERATION_TESTS; ++i) { - - if (!all_generation_tests[i].result_pbe) - continue; - - ret = gkr_crypto_generate_symkey_pbe (all_generation_tests[i].cipher_algo, - all_generation_tests[i].hash_algo, - all_generation_tests[i].password, - (guchar*)all_generation_tests[i].salt, 8, - all_generation_tests[i].iterations, - &key, NULL); - CuAssert (cu, "failed to generate pbe key", ret == TRUE); - - CuAssert (cu, "invalid pbe key generated", - memcmp (key, all_generation_tests[i].result_pbe, - gcry_cipher_get_algo_keylen (all_generation_tests[i].cipher_algo)) == 0); - } -} - -#define TEST_KEY \ -"(private-key (rsa " \ -"(n #00B78758D55EBFFAB61D07D0DC49B5309A6F1DA2AE51C275DFC2370959BB81AC0C39093B1C618E396161A0DECEB8768D0FFB14F197B96C3DA14190EE0F20D51315#)" \ -"(e #010001#)" \ -"(d #108BCAC5FDD35812981E6EC5957D98E2AB76E4064C47B861D27C2CC322C50792313C852B4164A035B42D261F1A09F9FFE8F477F9F78FF2EABBDA6BA875C671D7#)" \ -"(p #00C357F11B19A18C66573D25D1E466D9AB8BCDDCDFE0B2E80BD46712C4BEC18EB7#)" \ -"(q #00F0843B90A60EF7034CA4BE80414ED9497CABCC685143B388013FF989CBB0E093#)" \ -"(u #12F2555F52EB56329A991CF0404B51C68AC921AD370A797860F550415FF987BD#)" \ -"))" - -gcry_sexp_t thekey = NULL; - -void unit_test_parse_key (CuTest *cu) -{ - gcry_sexp_t sexp = NULL; - gcry_error_t gcry; - gcry_mpi_t mpi = NULL; - gboolean ret; - gboolean is_priv = FALSE; - int algorithm = 0; - - gcry = gcry_sexp_new (&sexp, TEST_KEY, strlen (TEST_KEY), 1); - g_return_if_fail (gcry == 0); - - /* Get the private key out */ - thekey = gkr_crypto_sexp_get_child (sexp, "private-key", NULL); - CuAssert (cu, "couldn't extract private key", sexp != NULL); - - ret = gkr_crypto_skey_parse (thekey, &algorithm, &is_priv, &sexp); - CuAssert (cu, "couldn't parse rsa key", ret); - CuAssert (cu, "parsed bad algorithm", algorithm == GCRY_PK_RSA); - CuAssert (cu, "not a private-key", is_priv == TRUE); - CuAssert (cu, "didn't get numbers", sexp != NULL); - - ret = gkr_crypto_sexp_extract_mpi (sexp, &mpi, "p", NULL); - CuAssert (cu, "couldn't extract mpi from key", ret); - CuAssert (cu, "no mpi returned from extract", mpi != NULL); -} - -void unit_test_make_keyid (CuTest *cu) -{ - guchar hash[20]; - gkrid id; - const guchar *p; - gsize n; - - p = gcry_pk_get_keygrip (thekey, hash); - g_return_if_fail (p == hash); - - id = gkr_crypto_skey_make_id (thekey); - CuAssert (cu, "null returned as key id", id != NULL); - - p = gkr_id_get_raw (id, &n); - CuAssert (cu, "key id is of wrong length", n == sizeof (hash)); - CuAssert (cu, "key grip doesn't match key id", memcmp (hash, p, n) == 0); -} - -void unit_test_key_to_public (CuTest *cu) -{ - gcry_sexp_t pubkey = NULL; - gboolean ret; - gkrid u1, u2; - - ret = gkr_crypto_skey_private_to_public (thekey, &pubkey); - CuAssert (cu, "couldn't make public key", ret); - CuAssert (cu, "returned null public key", pubkey != NULL); - - u1 = gkr_crypto_skey_make_id (thekey); - u2 = gkr_crypto_skey_make_id (pubkey); - CuAssert (cu, "public and private keys are not equivalent", - gkr_id_equals (u1, u2)); -} - diff --git a/configure.in b/configure.in index 7ddba6f9..0bd009ac 100644 --- a/configure.in +++ b/configure.in @@ -500,8 +500,6 @@ daemon/pk/tests/Makefile daemon/pkcs11/Makefile daemon/pkix/Makefile daemon/pkix/tests/Makefile -daemon/ssh/Makefile -daemon/ssh/tests/Makefile daemon/ui/Makefile egg/Makefile egg/tests/Makefile diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 5d3e36b6..124110a7 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -1,16 +1,9 @@ -if WITH_SSH -SSH_DIR = ssh -else -SSH_DIR = -endif - SUBDIRS = \ ui \ keyrings \ pkix \ pk \ pkcs11 \ - $(SSH_DIR) \ data bin_PROGRAMS= \ @@ -37,7 +30,6 @@ gnome_keyring_daemon_SOURCES = \ gkr-daemon-ops.c gnome_keyring_daemon_LDADD = \ - $(top_builddir)/daemon/ssh/libgkr-ssh.la \ $(top_builddir)/daemon/pkcs11/libgkr-pkcs11.la \ $(top_builddir)/daemon/pk/libgkr-pk.la \ $(top_builddir)/daemon/keyrings/libgkr-keyrings.la \ diff --git a/daemon/keyrings/gkr-keyring-binary.c b/daemon/keyrings/gkr-keyring-binary.c index ab655f02..b2704227 100644 --- a/daemon/keyrings/gkr-keyring-binary.c +++ b/daemon/keyrings/gkr-keyring-binary.c @@ -28,7 +28,7 @@ #include "gkr-keyring-item.h" #include "egg/egg-buffer.h" -#include "common/gkr-crypto.h" +#include "egg/egg-symkey.h" #include "egg/egg-secure-memory.h" #include "library/gnome-keyring-private.h" @@ -119,8 +119,8 @@ encrypt_buffer (EggBuffer *buffer, g_assert (16 == gcry_cipher_get_algo_blklen (GCRY_CIPHER_AES128)); g_assert (16 == gcry_cipher_get_algo_keylen (GCRY_CIPHER_AES128)); - if (!gkr_crypto_generate_symkey_simple (GCRY_CIPHER_AES128, GCRY_MD_SHA256, - password, salt, 8, iterations, &key, &iv)) + if (!egg_symkey_generate_simple (GCRY_CIPHER_AES128, GCRY_MD_SHA256, + password, -1, salt, 8, iterations, &key, &iv)) return FALSE; gerr = gcry_cipher_open (&cih, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0); @@ -168,8 +168,8 @@ decrypt_buffer (EggBuffer *buffer, g_assert (16 == gcry_cipher_get_algo_blklen (GCRY_CIPHER_AES128)); g_assert (16 == gcry_cipher_get_algo_keylen (GCRY_CIPHER_AES128)); - if (!gkr_crypto_generate_symkey_simple (GCRY_CIPHER_AES128, GCRY_MD_SHA256, - password, salt, 8, iterations, &key, &iv)) + if (!egg_symkey_generate_simple (GCRY_CIPHER_AES128, GCRY_MD_SHA256, + password, -1, salt, 8, iterations, &key, &iv)) return FALSE; gerr = gcry_cipher_open (&cih, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0); diff --git a/daemon/pk/gkr-pk-index.c b/daemon/pk/gkr-pk-index.c index ced1d599..f244a049 100644 --- a/daemon/pk/gkr-pk-index.c +++ b/daemon/pk/gkr-pk-index.c @@ -29,6 +29,8 @@ #include "common/gkr-cleanup.h" #include "common/gkr-crypto.h" #include "common/gkr-location.h" + +#include "egg/egg-hex.h" #include "egg/egg-secure-memory.h" #include "keyrings/gkr-keyring-login.h" @@ -73,8 +75,7 @@ digest_to_group (gkrconstid digest) digdata = gkr_id_get_raw (digest, &n_digdata); g_assert (digdata); n_group = (n_digdata * 2) + 1; - group = g_malloc0 (n_group); - r = gkr_crypto_hex_encode (digdata, n_digdata, group, &n_group); + group = egg_hex_encode (digdata, n_digdata); g_assert (r == TRUE); return group; @@ -593,9 +594,8 @@ gkr_pk_index_get_binary (GkrPkIndex *index, gkrconstid digest, return NULL; n_string = strlen (string); - *n_data = (n_string / 2) + 1; - data = g_malloc0 (*n_data); - if (!gkr_crypto_hex_decode (string, n_string, data, n_data)) { + data = egg_hex_decode (string, n_string, n_data); + if (data == NULL) { g_message ("invalid binary data in index under field '%s'", field); g_free (data); data = NULL; @@ -768,7 +768,7 @@ gkr_pk_index_set_binary (GkrPkIndex *index, gkrconstid digest, const gchar *field, const guchar *data, gsize n_data) { - gboolean ret, r; + gboolean ret; gchar *str; gsize n_str; @@ -782,8 +782,8 @@ gkr_pk_index_set_binary (GkrPkIndex *index, gkrconstid digest, n_str = (n_data * 2) + 1; str = g_malloc0 (n_str); - r = gkr_crypto_hex_encode (data, n_data, str, &n_str); - g_assert (r == TRUE); + str = egg_hex_encode (data, n_data); + g_assert (str); ret = write_string (index, digest, field, str); g_free (str); diff --git a/daemon/pk/gkr-pk-root-storage.c b/daemon/pk/gkr-pk-root-storage.c index 0e02a533..7fb8519a 100644 --- a/daemon/pk/gkr-pk-root-storage.c +++ b/daemon/pk/gkr-pk-root-storage.c @@ -39,8 +39,7 @@ #include "pkix/gkr-pkix-asn1.h" #include "pkix/gkr-pkix-der.h" -#include "pkix/gkr-pkix-openssl.h" -#include "pkix/gkr-pkix-pem.h" +#include "pkix/gkr-pkix-parser.h" #include "pkix/gkr-pkix-types.h" #include "ui/gkr-ask-daemon.h" diff --git a/daemon/pk/gkr-pk-session-storage.c b/daemon/pk/gkr-pk-session-storage.c index f930d739..5cf8468f 100644 --- a/daemon/pk/gkr-pk-session-storage.c +++ b/daemon/pk/gkr-pk-session-storage.c @@ -28,9 +28,11 @@ #include "gkr-pk-session-storage.h" #include "gkr-pk-util.h" -#include "egg/egg-buffer.h" #include "common/gkr-location.h" #include "common/gkr-location-watch.h" + +#include "egg/egg-buffer.h" +#include "egg/egg-openssl.h" #include "egg/egg-secure-memory.h" #include "keyrings/gkr-keyring-login.h" @@ -39,8 +41,6 @@ #include "pkix/gkr-pkix-asn1.h" #include "pkix/gkr-pkix-der.h" -#include "pkix/gkr-pkix-openssl.h" -#include "pkix/gkr-pkix-pem.h" #include "pkix/gkr-pkix-types.h" #include "ui/gkr-ask-daemon.h" diff --git a/daemon/pkix/Makefile.am b/daemon/pkix/Makefile.am index 4f854543..5b6ccce2 100644 --- a/daemon/pkix/Makefile.am +++ b/daemon/pkix/Makefile.am @@ -21,9 +21,7 @@ libgkr_pkix_la_SOURCES = \ gkr-pkix-asn1.c gkr-pkix-asn1.h \ gkr-pkix-constants.h \ gkr-pkix-der.c gkr-pkix-der.h \ - gkr-pkix-openssl.c gkr-pkix-openssl.h \ gkr-pkix-parser.c gkr-pkix-parser.h \ - gkr-pkix-pem.c gkr-pkix-pem.h \ gkr-pkix-serialize.c gkr-pkix-serialize.h \ gkr-pkix-types.h \ $(BUILT_SOURCES) diff --git a/daemon/pkix/gkr-pkix-der.c b/daemon/pkix/gkr-pkix-der.c index 629c78ae..f20340f3 100644 --- a/daemon/pkix/gkr-pkix-der.c +++ b/daemon/pkix/gkr-pkix-der.c @@ -27,6 +27,8 @@ #include "gkr-pkix-der.h" #include "common/gkr-crypto.h" + +#include "egg/egg-symkey.h" #include "egg/egg-secure-memory.h" #include <glib.h> @@ -1061,8 +1063,8 @@ gkr_pkix_der_read_cipher_pkcs5_pbe (int cipher_algo, int cipher_mode, g_return_val_if_fail (n_key > 0, GKR_PKIX_FAILURE); n_block = gcry_cipher_get_algo_blklen (cipher_algo); - if (!gkr_crypto_generate_symkey_pbe (cipher_algo, hash_algo, password, salt, - n_salt, iterations, &key, n_block > 1 ? &iv : NULL)) + if (!egg_symkey_generate_pbe (cipher_algo, hash_algo, password, -1, salt, + n_salt, iterations, &key, n_block > 1 ? &iv : NULL)) goto done; gcry = gcry_cipher_open (cih, cipher_algo, cipher_mode, 0); @@ -1182,8 +1184,8 @@ setup_pkcs5_pbkdf2_params (const gchar *password, const guchar *data, if (!salt) goto done; - if (!gkr_crypto_generate_symkey_pbkdf2 (cipher_algo, GCRY_MD_SHA1, password, - salt, n_salt, iterations, &key, NULL)) + if (!egg_symkey_generate_pbkdf2 (cipher_algo, GCRY_MD_SHA1, password, -1, + salt, n_salt, iterations, &key, NULL)) goto done; n_key = gcry_cipher_get_algo_keylen (cipher_algo); @@ -1350,9 +1352,9 @@ gkr_pkix_der_read_cipher_pkcs12_pbe (int cipher_algo, int cipher_mode, const gch n_key = gcry_cipher_get_algo_keylen (cipher_algo); /* Generate IV and key using salt read above */ - if (!gkr_crypto_generate_symkey_pkcs12 (cipher_algo, GCRY_MD_SHA1, password, - salt, n_salt, iterations, &key, - n_block > 1 ? &iv : NULL)) + if (!egg_symkey_generate_pkcs12 (cipher_algo, GCRY_MD_SHA1, password, -1, + salt, n_salt, iterations, &key, + n_block > 1 ? &iv : NULL)) goto done; gcry = gcry_cipher_open (cih, cipher_algo, cipher_mode, 0); diff --git a/daemon/pkix/gkr-pkix-openssl.c b/daemon/pkix/gkr-pkix-openssl.c deleted file mode 100644 index 98ed0622..00000000 --- a/daemon/pkix/gkr-pkix-openssl.c +++ /dev/null @@ -1,377 +0,0 @@ -/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ -/* gkr-pkix-openssl.c - OpenSSL compatibility functionality - - Copyright (C) 2007 Stefan Walter - - The Gnome Keyring Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - The Gnome Keyring Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the Gnome Library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. - - Author: Stef Walter <stef@memberwebs.com> -*/ - -#include "config.h" - -#include "gkr-pkix-openssl.h" - -#include "common/gkr-crypto.h" -#include "egg/egg-secure-memory.h" - -#include <gcrypt.h> -#include <libtasn1.h> - -#include <glib.h> - -const static struct { - const gchar *desc; - int algo; - int mode; -} openssl_algos[] = { - { "DES-ECB", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB }, - { "DES-CFB64", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CFB }, - { "DES-CFB", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CFB }, - /* DES-CFB1 */ - /* DES-CFB8 */ - /* DESX-CBC */ - /* DES-EDE */ - /* DES-EDE-CBC */ - /* DES-EDE-ECB */ - /* DES-EDE-CFB64 DES-EDE-CFB */ - /* DES-EDE-CFB1 */ - /* DES-EDE-CFB8 */ - /* DES-EDE-OFB */ - /* DES-EDE3 */ - { "DES-EDE3-ECB", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_ECB }, - { "DES-EDE3-CFB64", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CFB }, - { "DES-EDE3-CFB", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CFB }, - /* DES-EDE3-CFB1 */ - /* DES-EDE3-CFB8 */ - { "DES-OFB", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_OFB }, - { "DES-EDE3-OFB", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_OFB }, - { "DES-CBC", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC }, - { "DES-EDE3-CBC", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC }, - /* RC2-ECB */ - /* RC2-CBC */ - /* RC2-40-CBC */ - /* RC2-64-CBC */ - /* RC2-CFB64 RC2-CFB */ - /* RC2-OFB */ - { "RC4", GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM }, - { "RC4-40", GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM }, - { "IDEA-ECB", GCRY_CIPHER_IDEA, GCRY_CIPHER_MODE_ECB }, - { "IDEA-CFB64", GCRY_CIPHER_IDEA, GCRY_CIPHER_MODE_CFB }, - { "IDEA-OFB", GCRY_CIPHER_IDEA, GCRY_CIPHER_MODE_OFB }, - { "IDEA-CBC", GCRY_CIPHER_IDEA, GCRY_CIPHER_MODE_CBC }, - { "BF-ECB", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_ECB }, - { "BF-CBC", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC }, - { "BF-CFB64", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CFB }, - { "BF-CFB", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CFB }, - { "BF-OFB", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB }, - { "CAST5-ECB", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_ECB }, - { "CAST5-CBC", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CBC }, - { "CAST5-CFB64", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CFB }, - { "CAST5-CFB", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CFB }, - { "CAST5-OFB", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_OFB }, - /* RC5-32-12-16-CBC */ - /* RC5-32-12-16-ECB */ - /* RC5-32-12-16-CFB64 RC5-32-12-16-CFB */ - /* RC5-32-12-16-OFB */ - { "AES-128-ECB", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_ECB }, - { "AES-128-CBC", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC }, - /* AES-128-CFB1 */ - /* AES-128-CFB8 */ - { "AES-128-CFB128", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CFB }, - { "AES-128-CFB", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CFB }, - { "AES-128-OFB", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_OFB }, - { "AES-128-CTR", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR }, - { "AES-192-ECB", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB }, - { "AES-192-CBC", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC }, - /* AES-192-CFB1 */ - /* AES-192-CFB8 */ - { "AES-192-CFB128", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB }, - { "AES-192-CFB", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB }, - { "AES-192-OFB", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB }, - { "AES-192-CTR", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR }, - { "AES-256-ECB", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB }, - { "AES-256-CBC", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC }, - /* AES-256-CFB1 */ - /* AES-256-CFB8 */ - { "AES-256-CFB128", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB }, - { "AES-256-CFB", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB }, - { "AES-256-OFB", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB }, - { "AES-256-CTR", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR }, - /* CAMELLIA-128-ECB */ - /* CAMELLIA-128-CBC */ - /* CAMELLIA-128-CFB1 */ - /* CAMELLIA-128-CFB8 */ - /* CAMELLIA-128-CFB128 CAMELLIA-128-CFB */ - /* CAMELLIA-128-OFB */ - /* CAMELLIA-192-ECB */ - /* CAMELLIA-192-CBC */ - /* CAMELLIA-192-CFB1 */ - /* CAMELLIA-192-CFB8 */ - /* CAMELLIA-192-CFB128 CAMELLIA-192-CFB */ - /* CAMELLIA-192_OFB */ - /* CAMELLIA-256-ECB */ - /* CAMELLIA-256-CBC */ - /* CAMELLIA-256-CFB1 */ - /* CAMELLIA-256-CFB8 */ - /* CAMELLIA-256-CFB128 CAMELLIA-256-CFB */ - /* CAMELLIA-256-OFB */ -}; - -#define N_OPENSSL_ALGOS (sizeof (openssl_algos) / sizeof (openssl_algos[0])) -static GQuark openssl_quarks[N_OPENSSL_ALGOS] = { 0, }; -static gboolean openssl_quarks_inited = FALSE; - -int -gkr_pkix_openssl_parse_algo (const char *name, int *mode) -{ - GQuark q; - int i; - - if (!openssl_quarks_inited) { - for (i = 0; i < N_OPENSSL_ALGOS; ++i) - openssl_quarks[i] = g_quark_from_static_string (openssl_algos[i].desc); - openssl_quarks_inited = TRUE; - } - - q = g_quark_try_string (name); - if (q) { - for (i = 0; i < N_OPENSSL_ALGOS; ++i) { - if (q == openssl_quarks[i]) { - *mode = openssl_algos[i].mode; - return openssl_algos[i].algo; - } - } - } - - return 0; -} - -static gboolean -parse_dekinfo (const gchar *dek, int *algo, int *mode, guchar **iv) -{ - gboolean success = FALSE; - gchar **parts = NULL; - gcry_error_t gcry; - gsize ivlen, len; - - parts = g_strsplit (dek, ",", 2); - if (!parts || !parts[0] || !parts[1]) - goto done; - - /* Parse the algorithm name */ - *algo = gkr_pkix_openssl_parse_algo (parts[0], mode); - if (!*algo) - goto done; - - /* Make sure this is usable */ - gcry = gcry_cipher_test_algo (*algo); - if (gcry) - goto done; - - /* Parse the IV */ - ivlen = len = gcry_cipher_get_algo_blklen (*algo); - *iv = g_malloc (ivlen); - - if (!gkr_crypto_hex_decode (parts[1], strlen(parts[1]), *iv, &len)) { - g_free (*iv); - goto done; - } - - if (ivlen != len) { - g_free (*iv); - goto done; - } - - success = TRUE; - -done: - g_strfreev (parts); - return success; -} - -GkrPkixResult -gkr_pkix_openssl_decrypt_block (const gchar *dekinfo, const gchar *password, - const guchar *data, gsize n_data, - guchar **decrypted, gsize *n_decrypted) -{ - gcry_cipher_hd_t ch; - guchar *key = NULL; - guchar *iv = NULL; - int gcry, ivlen; - int algo = 0; - int mode = 0; - - if (!parse_dekinfo (dekinfo, &algo, &mode, &iv)) - return GKR_PKIX_UNRECOGNIZED; - - ivlen = gcry_cipher_get_algo_blklen (algo); - - /* We assume the iv is at least as long as at 8 byte salt */ - g_return_val_if_fail (ivlen >= 8, FALSE); - - /* IV is already set from the DEK info */ - if (!gkr_crypto_generate_symkey_simple (algo, GCRY_MD_MD5, password, - iv, 8, 1, &key, NULL)) { - g_free (iv); - return GKR_PKIX_FAILURE; - } - - /* TODO: Use secure memory */ - gcry = gcry_cipher_open (&ch, algo, mode, 0); - g_return_val_if_fail (!gcry, GKR_PKIX_FAILURE); - - gcry = gcry_cipher_setkey (ch, key, gcry_cipher_get_algo_keylen (algo)); - g_return_val_if_fail (!gcry, GKR_PKIX_UNRECOGNIZED); - egg_secure_free (key); - - /* 16 = 128 bits */ - gcry = gcry_cipher_setiv (ch, iv, ivlen); - g_return_val_if_fail (!gcry, GKR_PKIX_UNRECOGNIZED); - g_free (iv); - - /* Allocate output area */ - *n_decrypted = n_data; - *decrypted = egg_secure_alloc (n_data); - - gcry = gcry_cipher_decrypt (ch, *decrypted, *n_decrypted, (void*)data, n_data); - if (gcry) { - egg_secure_free (*decrypted); - g_return_val_if_reached (GKR_PKIX_FAILURE); - } - - gcry_cipher_close (ch); - - return GKR_PKIX_SUCCESS; -} - -gboolean -gkr_pkix_openssl_encrypt_block (const gchar *dekinfo, const gchar *password, - const guchar *data, gsize n_data, - guchar **encrypted, gsize *n_encrypted) -{ - gsize n_overflow, n_batch, n_padding; - gcry_cipher_hd_t ch; - guchar *key = NULL; - guchar *iv = NULL; - guchar *padded = NULL; - int gcry, ivlen; - int algo = 0; - int mode = 0; - - if (!parse_dekinfo (dekinfo, &algo, &mode, &iv)) - g_return_val_if_reached (FALSE); - - ivlen = gcry_cipher_get_algo_blklen (algo); - - /* We assume the iv is at least as long as at 8 byte salt */ - g_return_val_if_fail (ivlen >= 8, FALSE); - - /* IV is already set from the DEK info */ - if (!gkr_crypto_generate_symkey_simple (algo, GCRY_MD_MD5, password, - iv, 8, 1, &key, NULL)) - g_return_val_if_reached (FALSE); - - gcry = gcry_cipher_open (&ch, algo, mode, 0); - g_return_val_if_fail (!gcry, FALSE); - - gcry = gcry_cipher_setkey (ch, key, gcry_cipher_get_algo_keylen (algo)); - g_return_val_if_fail (!gcry, FALSE); - egg_secure_free (key); - - /* 16 = 128 bits */ - gcry = gcry_cipher_setiv (ch, iv, ivlen); - g_return_val_if_fail (!gcry, FALSE); - g_free (iv); - - /* Allocate output area */ - n_overflow = (n_data % ivlen); - n_padding = n_overflow ? (ivlen - n_overflow) : 0; - n_batch = n_data - n_overflow; - *n_encrypted = n_data + n_padding; - *encrypted = g_malloc0 (*n_encrypted); - - g_assert (*n_encrypted % ivlen == 0); - g_assert (*n_encrypted >= n_data); - g_assert (*n_encrypted == n_batch + n_overflow + n_padding); - - /* Encrypt everything but the last bit */ - gcry = gcry_cipher_encrypt (ch, *encrypted, n_batch, (void*)data, n_batch); - if (gcry) { - g_free (*encrypted); - g_return_val_if_reached (FALSE); - } - - /* Encrypt the padded block */ - if (n_overflow) { - padded = egg_secure_alloc (ivlen); - memset (padded, 0, ivlen); - memcpy (padded, data + n_batch, n_overflow); - gcry = gcry_cipher_encrypt (ch, *encrypted + n_batch, ivlen, padded, ivlen); - egg_secure_free (padded); - if (gcry) { - g_free (*encrypted); - g_return_val_if_reached (FALSE); - } - } - - gcry_cipher_close (ch); - return TRUE; -} - -const gchar* -gkr_pkix_openssl_get_dekinfo (GHashTable *headers) -{ - const gchar *val; - if (!headers) - return NULL; - val = g_hash_table_lookup (headers, "Proc-Type"); - if (!val || strcmp (val, "4,ENCRYPTED") != 0) - return NULL; - val = g_hash_table_lookup (headers, "DEK-Info"); - g_return_val_if_fail (val, NULL); - return val; -} - -const gchar* -gkr_pkix_openssl_prep_dekinfo (GHashTable *headers) -{ - gsize ivlen, len, n_encoded; - gchar buf[256]; - guchar *iv; - const gchar *dekinfo; - - strcpy (buf, "DES-EDE3-CBC,"); - - /* Create the iv */ - ivlen = gcry_cipher_get_algo_blklen (GCRY_CIPHER_3DES); - g_return_val_if_fail (ivlen, NULL); - iv = g_malloc (ivlen); - gcry_create_nonce (iv, ivlen); - - /* And encode it into the string */ - len = strlen (buf); - g_return_val_if_fail (sizeof (buf) - len > ivlen * 2, NULL); - n_encoded = (ivlen * 2) + 1; - if (!gkr_crypto_hex_encode (iv, ivlen, buf + len, &n_encoded)) - g_return_val_if_reached (NULL); - - dekinfo = g_strdup (buf); - g_hash_table_insert (headers, g_strdup ("DEK-Info"), (void*)dekinfo); - g_hash_table_insert (headers, g_strdup ("Proc-Type"), g_strdup ("4,ENCRYPTED")); - - return dekinfo; -} diff --git a/daemon/pkix/gkr-pkix-openssl.h b/daemon/pkix/gkr-pkix-openssl.h deleted file mode 100644 index 883ec0f5..00000000 --- a/daemon/pkix/gkr-pkix-openssl.h +++ /dev/null @@ -1,45 +0,0 @@ -/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ -/* gkr-pkix-openssl.h - OpenSSL compatibility functionality - - Copyright (C) 2007 Stefan Walter - - The Gnome Keyring Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - The Gnome Keyring Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the Gnome Library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. - - Author: Stef Walter <stef@memberwebs.com> -*/ - -#ifndef GKRPKIOPENSSL_H_ -#define GKRPKIOPENSSL_H_ - -#include <glib.h> - -#include "gkr-pkix-parser.h" - -int gkr_pkix_openssl_parse_algo (const gchar *name, int *mode); - -gboolean gkr_pkix_openssl_encrypt_block (const gchar *dekinfo, const gchar *password, - const guchar *data, gsize n_data, - guchar **encrypted, gsize *n_encrypted); - -GkrPkixResult gkr_pkix_openssl_decrypt_block (const gchar *dekinfo, const gchar *password, - const guchar *data, gsize n_data, - guchar **decrypted, gsize *n_decrypted); - -const gchar* gkr_pkix_openssl_get_dekinfo (GHashTable *headers); - -const gchar* gkr_pkix_openssl_prep_dekinfo (GHashTable *headers); - -#endif /*GKRPKIOPENSSL_H_*/ diff --git a/daemon/pkix/gkr-pkix-parser.c b/daemon/pkix/gkr-pkix-parser.c index 008d2601..40905d9d 100644 --- a/daemon/pkix/gkr-pkix-parser.c +++ b/daemon/pkix/gkr-pkix-parser.c @@ -34,12 +34,12 @@ #include "gkr-pkix-asn1.h" #include "gkr-pkix-der.h" #include "gkr-pkix-marshal.h" -#include "gkr-pkix-openssl.h" #include "gkr-pkix-parser.h" -#include "gkr-pkix-pem.h" #include "common/gkr-crypto.h" #include "common/gkr-location.h" + +#include "egg/egg-openssl.h" #include "egg/egg-secure-memory.h" #include "library/gnome-keyring.h" @@ -1379,8 +1379,8 @@ parse_encrypted_pem (GkrPkixParser *parser, GQuark location, gkrid digest, n_decrypted = 0; /* Decrypt, this will result in garble if invalid password */ - res = gkr_pkix_openssl_decrypt_block (val, password, data, n_data, - &decrypted, &n_decrypted); + res = egg_openssl_decrypt_block (val, password, -1, data, n_data, + &decrypted, &n_decrypted); if (!res) return GKR_PKIX_FAILURE; @@ -1446,7 +1446,7 @@ gkr_pkix_parser_pem (GkrPkixParser *parser, GQuark loc, const guchar *data, gsiz if (n_data == 0) return GKR_PKIX_UNRECOGNIZED; - found = gkr_pkix_pem_parse (data, n_data, handle_pem_data, &ctx); + found = egg_openssl_pem_parse (data, n_data, handle_pem_data, &ctx); if (found == 0) return GKR_PKIX_UNRECOGNIZED; diff --git a/daemon/pkix/gkr-pkix-pem.c b/daemon/pkix/gkr-pkix-pem.c deleted file mode 100644 index e04a7fff..00000000 --- a/daemon/pkix/gkr-pkix-pem.c +++ /dev/null @@ -1,345 +0,0 @@ -/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ -/* gkr-pkix-pem.c - PEM base64 encoding helper routines - - Copyright (C) 2007 Stefan Walter - - The Gnome Keyring Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - The Gnome Keyring Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the Gnome Library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. - - Author: Stef Walter <stef@memberwebs.com> -*/ - -#include "config.h" - -#include "gkr-pkix-pem.h" - -#include "common/gkr-async.h" -#include "egg/egg-secure-memory.h" - -#include <glib.h> - -#include <ctype.h> -#include <string.h> - -/* - * PEM looks like: - * - * -----BEGIN RSA PRIVATE KEY----- - * Proc-Type: 4,ENCRYPTED - * DEK-Info: DES-EDE3-CBC,704CFFD62FBA03E9 - * - * 4AV/g0BiTeb07hzo4/Ct47HGhHEshMhBPGJ843QzuAinpZBbg3OxwPsQsLgoPhJL - * Bg6Oxyz9M4UN1Xlx6Lyo2lRT908mBP6dl/OItLsVArqAzM+e29KHQVNjV1h7xN9F - * u84tOgZftKun+ZkQUOoRvMLLu4yV4CUraks9tgyXquugGba/tbeyj2MYsC8wwSJX - * .... - * -----END RSA PRIVATE KEY----- - */ - -#define PEM_SUFF "-----" -#define PEM_SUFF_L 5 -#define PEM_PREF_BEGIN "-----BEGIN " -#define PEM_PREF_BEGIN_L 11 -#define PEM_PREF_END "-----END " -#define PEM_PREF_END_L 9 - -static void -parse_header_lines (const gchar *hbeg, const gchar *hend, GHashTable **result) -{ - gchar **lines, **l; - gchar *line, *name, *value; - gchar *copy; - - copy = g_strndup (hbeg, hend - hbeg); - lines = g_strsplit (copy, "\n", 0); - g_free (copy); - - for (l = lines; l && *l; ++l) { - line = *l; - g_strstrip (line); - - /* Look for the break between name: value */ - value = strchr (line, ':'); - if (value == NULL) - continue; - - *value = 0; - value = g_strdup (value + 1); - g_strstrip (value); - - name = g_strdup (line); - g_strstrip (name); - - if (!*result) - *result = gkr_pkix_pem_headers_new (); - g_hash_table_replace (*result, name, value); - } - - g_strfreev (lines); -} - -static const gchar* -pem_find_begin (const gchar *data, gsize n_data, GQuark *type) -{ - const gchar *pref, *suff; - gchar *stype; - - /* Look for a prefix */ - pref = g_strstr_len ((gchar*)data, n_data, PEM_PREF_BEGIN); - if (!pref) - return NULL; - - n_data -= (pref - data) + PEM_PREF_BEGIN_L; - data = pref + PEM_PREF_BEGIN_L; - - /* Look for the end of that begin */ - suff = g_strstr_len ((gchar*)data, n_data, PEM_SUFF); - if (!suff) - return NULL; - - /* Make sure on the same line */ - if (memchr (pref, '\n', suff - pref)) - return NULL; - - if (type) { - *type = 0; - pref += PEM_PREF_BEGIN_L; - g_assert (suff > pref); - stype = g_alloca (suff - pref + 1); - memcpy (stype, pref, suff - pref); - stype[suff - pref] = 0; - *type = g_quark_from_string (stype); - } - - /* The byte after this ---BEGIN--- */ - return suff + PEM_SUFF_L; -} - -static const gchar* -pem_find_end (const gchar *data, gsize n_data, GQuark type) -{ - const gchar *stype; - const gchar *pref; - gsize n_type; - - /* Look for a prefix */ - pref = g_strstr_len (data, n_data, PEM_PREF_END); - if (!pref) - return NULL; - - n_data -= (pref - data) + PEM_PREF_END_L; - data = pref + PEM_PREF_END_L; - - /* Next comes the type string */ - stype = g_quark_to_string (type); - n_type = strlen (stype); - if (strncmp ((gchar*)data, stype, n_type) != 0) - return NULL; - - n_data -= n_type; - data += n_type; - - /* Next comes the suffix */ - if (strncmp ((gchar*)data, PEM_SUFF, PEM_SUFF_L) != 0) - return NULL; - - /* The beginning of this ---END--- */ - return pref; -} - -static gboolean -pem_parse_block (const gchar *data, gsize n_data, guchar **decoded, gsize *n_decoded, - GHashTable **headers) -{ - const gchar *x, *hbeg, *hend; - const gchar *p, *end; - gint state = 0; - guint save = 0; - - g_assert (data); - g_assert (n_data); - - g_assert (decoded); - g_assert (n_decoded); - - p = data; - end = p + n_data; - - hbeg = hend = NULL; - - /* Try and find a pair of blank lines with only white space between */ - while (hend == NULL) { - x = memchr (p, '\n', end - p); - if (!x) - break; - ++x; - while (isspace (*x)) { - /* Found a second line, with only spaces between */ - if (*x == '\n') { - hbeg = data; - hend = x; - break; - /* Found a space between two lines */ - } else { - ++x; - } - } - - /* Try next line */ - p = x; - } - - /* Headers found? */ - if (hbeg && hend) { - data = hend; - n_data = end - data; - } - - *n_decoded = (n_data * 3) / 4 + 1; - if (egg_secure_check (data)) - *decoded = egg_secure_alloc (*n_decoded); - else - *decoded = g_malloc (*n_decoded); - g_return_val_if_fail (*decoded, FALSE); - - *n_decoded = g_base64_decode_step (data, n_data, *decoded, &state, &save); - if (!*n_decoded) { - egg_secure_free (*decoded); - return FALSE; - } - - if (headers && hbeg && hend) - parse_header_lines (hbeg, hend, headers); - - return TRUE; -} - -GHashTable* -gkr_pkix_pem_headers_new (void) -{ - return g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free); -} - -guint -gkr_pkix_pem_parse (const guchar *data, gsize n_data, - GkrPkixPemCallback callback, gpointer user_data) -{ - const gchar *beg, *end; - guint nfound = 0; - guchar *decoded = NULL; - gsize n_decoded = 0; - GHashTable *headers = NULL; - GQuark type; - - g_return_val_if_fail (data, 0); - g_return_val_if_fail (n_data, 0); - g_return_val_if_fail (callback, 0); - - while (n_data > 0 && !gkr_async_is_stopping ()) { - - /* This returns the first character after the PEM BEGIN header */ - beg = pem_find_begin ((const gchar*)data, n_data, &type); - if (!beg) - break; - - g_assert (type); - - /* This returns the character position before the PEM END header */ - end = pem_find_end ((const gchar*)beg, n_data - ((const guchar*)beg - data), type); - if (!end) - break; - - if (gkr_async_is_stopping ()) - break; - - if (beg != end) { - if (pem_parse_block (beg, end - beg, &decoded, &n_decoded, &headers)) { - (callback) (type, decoded, n_decoded, headers, user_data); - ++nfound; - egg_secure_free (decoded); - if (headers) - g_hash_table_remove_all (headers); - } - } - - /* Try for another block */ - end += PEM_SUFF_L; - n_data -= (const guchar*)end - data; - data = (const guchar*)end; - } - - if (headers) - g_hash_table_destroy (headers); - - return nfound; -} - -static void -append_each_header (gpointer key, gpointer value, gpointer user_data) -{ - GString *string = (GString*)user_data; - - g_string_append (string, (gchar*)key); - g_string_append (string, ": "); - g_string_append (string, (gchar*)value); - g_string_append_c (string, '\n'); -} - -guchar* -gkr_pkix_pem_write (const guchar *data, gsize n_data, GQuark type, - GHashTable *headers, gsize *n_result) -{ - GString *string; - gint state, save; - gsize length, n_prefix; - - g_return_val_if_fail (data || !n_data, NULL); - g_return_val_if_fail (type, NULL); - g_return_val_if_fail (n_result, NULL); - - string = g_string_sized_new (4096); - - /* The prefix */ - g_string_append_len (string, PEM_PREF_BEGIN, PEM_PREF_BEGIN_L); - g_string_append (string, g_quark_to_string (type)); - g_string_append_len (string, PEM_SUFF, PEM_SUFF_L); - g_string_append_c (string, '\n'); - - /* The headers */ - if (headers && g_hash_table_size (headers) > 0) { - g_hash_table_foreach (headers, append_each_header, string); - g_string_append_c (string, '\n'); - } - - /* Resize string to fit the base64 data. Algorithm from Glib reference */ - length = n_data * 4 / 3 + n_data * 4 / (3 * 72) + 7; - n_prefix = string->len; - g_string_set_size (string, n_prefix + length); - - /* The actual base64 data */ - state = save = 0; - length = g_base64_encode_step (data, n_data, TRUE, - string->str + string->len, &state, &save); - g_string_set_size (string, n_prefix + length); - - /* The suffix */ - g_string_append_c (string, '\n'); - g_string_append_len (string, PEM_PREF_END, PEM_PREF_END_L); - g_string_append (string, g_quark_to_string (type)); - g_string_append_len (string, PEM_SUFF, PEM_SUFF_L); - g_string_append_c (string, '\n'); - - *n_result = string->len; - return (guchar*)g_string_free (string, FALSE); -} diff --git a/daemon/pkix/gkr-pkix-pem.h b/daemon/pkix/gkr-pkix-pem.h deleted file mode 100644 index a20cd4bb..00000000 --- a/daemon/pkix/gkr-pkix-pem.h +++ /dev/null @@ -1,42 +0,0 @@ -/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ -/* gkr-pkix-pem.h - PEM base64 helper routines - - Copyright (C) 2007 Stefan Walter - - The Gnome Keyring Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - The Gnome Keyring Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the Gnome Library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. - - Author: Stef Walter <stef@memberwebs.com> -*/ - -#ifndef GKRPKIPEM_H_ -#define GKRPKIPEM_H_ - -#include <glib.h> - -typedef void (*GkrPkixPemCallback) (GQuark type, const guchar *data, gsize n_data, - GHashTable *headers, gpointer user_data); - -GHashTable* gkr_pkix_pem_headers_new (void); - -guint gkr_pkix_pem_parse (const guchar *data, gsize n_data, - GkrPkixPemCallback callback, - gpointer user_data); - -guchar* gkr_pkix_pem_write (const guchar *data, gsize n_data, - GQuark type, GHashTable *headers, - gsize *n_result); - -#endif /*GKRPKIPEM_H_*/ diff --git a/daemon/pkix/gkr-pkix-serialize.c b/daemon/pkix/gkr-pkix-serialize.c index 897b7305..aa9e7ba1 100644 --- a/daemon/pkix/gkr-pkix-serialize.c +++ b/daemon/pkix/gkr-pkix-serialize.c @@ -8,6 +8,8 @@ #include "common/gkr-crypto.h" #include "common/gkr-location.h" + +#include "egg/egg-symkey.h" #include "egg/egg-secure-memory.h" #include <glib/gi18n.h> @@ -129,9 +131,9 @@ prepare_and_encode_pkcs8_cipher (ASN1_TYPE asn, const gchar *password, gsize *n_ *n_block = gcry_cipher_get_algo_blklen (GCRY_MD_SHA1); g_return_val_if_fail (n_key && *n_block, NULL); - if (!gkr_crypto_generate_symkey_pkcs12 (GCRY_CIPHER_3DES, GCRY_MD_SHA1, - password, salt, sizeof (salt), - iterations, &key, &iv)) + if (!egg_symkey_generate_pkcs12 (GCRY_CIPHER_3DES, GCRY_MD_SHA1, + password, -1, salt, sizeof (salt), + iterations, &key, &iv)) g_return_val_if_reached (NULL); /* Now write out the parameters */ diff --git a/daemon/pkix/tests/Makefile.am b/daemon/pkix/tests/Makefile.am index 8c4b1cea..7c88e069 100644 --- a/daemon/pkix/tests/Makefile.am +++ b/daemon/pkix/tests/Makefile.am @@ -9,7 +9,6 @@ UNIT_AUTO = \ unit-test-gcrypt-setup.c \ unit-test-pkix-asn1.c \ unit-test-pkix-der.c \ - unit-test-pkix-openssl.c \ unit-test-pkix-parser.c \ unit-test-pkix-serialize.c \ $(BUILT_SOURCES) diff --git a/daemon/pkix/tests/unit-test-pkix-openssl.c b/daemon/pkix/tests/unit-test-pkix-openssl.c deleted file mode 100644 index 4f3bed7d..00000000 --- a/daemon/pkix/tests/unit-test-pkix-openssl.c +++ /dev/null @@ -1,168 +0,0 @@ -/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ -/* unit-test-pkix-openssl.c: Test PKIX openssl - - Copyright (C) 2008 Stefan Walter - - The Gnome Keyring Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - The Gnome Keyring Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the Gnome Library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. - - Author: Stef Walter <stef@memberwebs.com> -*/ - -#include "config.h" - -#include "run-auto-test.h" - -#include "common/gkr-location.h" -#include "common/gkr-crypto.h" -#include "egg/egg-secure-memory.h" - -#include "pkix/gkr-pkix-openssl.h" -#include "pkix/gkr-pkix-pem.h" - -#include <glib.h> - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -/* - * Each test looks like (on one line): - * void unit_test_xxxxx (CuTest* cu) - * - * Each setup looks like (on one line): - * void unit_setup_xxxxx (void); - * - * Each teardown looks like (on one line): - * void unit_teardown_xxxxx (void); - * - * Tests be run in the order specified here. - */ - -static void -read_file (CuTest *cu, const gchar *filename, guchar **contents, gsize *len) -{ - gchar *path; - gboolean ret; - - path = g_build_filename (g_get_current_dir (), "test-data", filename, NULL); - ret = g_file_get_contents (path, (gchar**)contents, len, NULL); - CuAssert (cu, "couldn't read in file", ret); - - g_free (path); -} - -guchar *refenc = NULL; -guchar *refdata = NULL; -gsize n_refenc = 0; -gsize n_refdata = 0; -GHashTable *refheaders = NULL; - -static void -copy_each_key_value (gpointer key, gpointer value, gpointer user_data) -{ - g_hash_table_insert ((GHashTable*)user_data, g_strdup ((gchar*)key), g_strdup ((gchar*)value)); -} - -static void -parse_reference (GQuark type, const guchar *data, gsize n_data, - GHashTable *headers, gpointer user_data) -{ - CuTest *cu = (CuTest*)user_data; - GkrPkixResult res; - const gchar *dekinfo; - - CuAssert (cu, "no data in PEM callback", data != NULL); - CuAssert (cu, "no data in PEM callback", n_data > 0); - refenc = g_memdup (data, n_data); - n_refenc = n_data; - - CuAssert (cu, "no headers present in file", headers != NULL); - refheaders = gkr_pkix_pem_headers_new (); - g_hash_table_foreach (headers, copy_each_key_value, refheaders); - dekinfo = gkr_pkix_openssl_get_dekinfo (headers); - CuAssert (cu, "no dekinfo in headers", dekinfo != NULL); - - res = gkr_pkix_openssl_decrypt_block (dekinfo, "booo", data, n_data, &refdata, &n_refdata); - CuAssert (cu, "couldn't openssl decrypt block", res == GKR_PKIX_SUCCESS); - CuAssert (cu, "no data returned from openssl decrypt", refdata != NULL); - CuAssert (cu, "invalid amount of data returned from openssl decrypt", n_refdata == n_data); -} - -void unit_test_openssl_parse_reference (CuTest* cu) -{ - guchar *input; - gsize n_input; - guint num; - - read_file (cu, "pem-rsa-enc.key", &input, &n_input); - - num = gkr_pkix_pem_parse (input, n_input, parse_reference, NULL); - CuAssert (cu, "couldn't PEM block in reference data", num == 1); - - CuAssert (cu, "parse_reference() wasn't called", refdata != NULL); -} - -void unit_test_openssl_write_reference (CuTest* cu) -{ - const gchar *dekinfo; - guchar *encrypted; - gsize n_encrypted; - gboolean ret; - - dekinfo = gkr_pkix_openssl_get_dekinfo (refheaders); - CuAssert (cu, "no dekinfo in headers", dekinfo != NULL); - - ret = gkr_pkix_openssl_encrypt_block (dekinfo, "booo", refdata, n_refdata, &encrypted, &n_encrypted); - CuAssert (cu, "couldn't openssl encrypt block", ret == TRUE); - CuAssert (cu, "no data returned from openssl encrypt", encrypted != NULL); - CuAssert (cu, "invalid amount of data returned from openssl encrypt", n_refdata <= n_encrypted); - - CuAssert (cu, "data length doesn't match input length", n_encrypted == n_refenc); - CuAssert (cu, "data doesn't match input", memcmp (encrypted, refenc, n_encrypted) == 0); -} - -/* 29 bytes (prime number, so block length has bad chance of matching */ -const static guchar *TEST_DATA = (guchar*)"ABCDEFGHIJKLMNOPQRSTUVWXYZ123"; -const gsize TEST_DATA_L = 29; - -void unit_test_openssl_roundtrip (CuTest* cu) -{ - const gchar *dekinfo; - GkrPkixResult res; - gboolean ret; - guchar *encrypted, *decrypted; - gsize n_encrypted, n_decrypted; - int i; - - dekinfo = gkr_pkix_openssl_prep_dekinfo (refheaders); - - ret = gkr_pkix_openssl_encrypt_block (dekinfo, "password", TEST_DATA, TEST_DATA_L, &encrypted, &n_encrypted); - CuAssert (cu, "couldn't openssl encrypt block", ret == TRUE); - CuAssert (cu, "no data returned from openssl encrypt", encrypted != NULL); - CuAssert (cu, "invalid amount of data returned from openssl encrypt", TEST_DATA_L <= n_encrypted); - - res = gkr_pkix_openssl_decrypt_block (dekinfo, "password", encrypted, n_encrypted, &decrypted, &n_decrypted); - CuAssert (cu, "couldn't openssl decrypt block", res == GKR_PKIX_SUCCESS); - CuAssert (cu, "no data returned from openssl decrypt", decrypted != NULL); - - /* Check that the data was decrypted properly */ - CuAssert (cu, "decrypted data doesn't match length", n_decrypted >= TEST_DATA_L); - CuAssert (cu, "decrypted data doesn't match", memcmp (TEST_DATA, decrypted, TEST_DATA_L) == 0); - - /* Check that the remainder is all zeros */ - for (i = TEST_DATA_L; i < n_decrypted; ++i) - CuAssert (cu, "non null byte in padding", decrypted[i] == 0); -} diff --git a/daemon/ssh/Makefile.am b/daemon/ssh/Makefile.am deleted file mode 100644 index 2a217e6c..00000000 --- a/daemon/ssh/Makefile.am +++ /dev/null @@ -1,30 +0,0 @@ -noinst_LTLIBRARIES=libgkr-ssh.la - -INCLUDES= \ - -DPREFIX=\""$(prefix)"\" \ - -DBINDIR=\""$(bindir)"\" \ - -DLIBEXECDIR=\""$(libexecdir)"\" \ - -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \ - -I$(top_srcdir) \ - -I$(top_srcdir)/daemon \ - -I$(top_builddir) \ - $(DAEMON_CFLAGS) \ - $(GOBJECT_CFLAGS) \ - $(GLIB_CFLAGS) - -libgkr_ssh_la_SOURCES = \ - gkr-ssh-private.h \ - gkr-ssh-proto.c \ - gkr-ssh-storage.c gkr-ssh-storage.h - -libgkr_ssh_la_LIBADD = \ - $(GLIB_LIBS) \ - $(GOBJECT_LIBS) - -if WITH_TESTS -TESTS_DIR = tests -else -TESTS_DIR = -endif - -SUBDIRS = . $(TESTS_DIR) diff --git a/daemon/ssh/gkr-ssh-private.h b/daemon/ssh/gkr-ssh-private.h deleted file mode 100644 index 9e4c0b8f..00000000 --- a/daemon/ssh/gkr-ssh-private.h +++ /dev/null @@ -1,124 +0,0 @@ -/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ -/* gkr-ssh-private.h - Private SSH agent declarations - - Copyright (C) 2007 Stefan Walter - - Gnome keyring is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - Gnome keyring is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - Author: Stef Walter <stef@memberwebs.com> -*/ - -#ifndef GKRSSHPRIVATE_H_ -#define GKRSSHPRIVATE_H_ - -#include "egg/egg-buffer.h" - -#include <gcrypt.h> - -#include <glib.h> - -/* ----------------------------------------------------------------------------- - * SSH OPERATIONS and CONSTANTS - */ - -/* Requests from client to daemon */ -#define GKR_SSH_OP_REQUEST_RSA_IDENTITIES 1 -#define GKR_SSH_OP_RSA_CHALLENGE 3 -#define GKR_SSH_OP_ADD_RSA_IDENTITY 7 -#define GKR_SSH_OP_REMOVE_RSA_IDENTITY 8 -#define GKR_SSH_OP_REMOVE_ALL_RSA_IDENTITIES 9 -#define GKR_SSH_OP_REQUEST_IDENTITIES 11 -#define GKR_SSH_OP_SIGN_REQUEST 13 -#define GKR_SSH_OP_ADD_IDENTITY 17 -#define GKR_SSH_OP_REMOVE_IDENTITY 18 -#define GKR_SSH_OP_REMOVE_ALL_IDENTITIES 19 -#define GKR_SSH_OP_ADD_SMARTCARD_KEY 20 -#define GKR_SSH_OP_REMOVE_SMARTCARD_KEY 21 -#define GKR_SSH_OP_LOCK 22 -#define GKR_SSH_OP_UNLOCK 23 -#define GKR_SSH_OP_ADD_RSA_ID_CONSTRAINED 24 -#define GKR_SSH_OP_ADD_ID_CONSTRAINED 25 -#define GKR_SSH_OP_ADD_SMARTCARD_KEY_CONSTRAINED 26 - -#define GKR_SSH_OP_MAX 27 - -/* Responses from daemon to client */ -#define GKR_SSH_RES_RSA_IDENTITIES_ANSWER 2 -#define GKR_SSH_RES_RSA_RESPONSE 4 -#define GKR_SSH_RES_FAILURE 5 -#define GKR_SSH_RES_SUCCESS 6 -#define GKR_SSH_RES_IDENTITIES_ANSWER 12 -#define GKR_SSH_RES_SIGN_RESPONSE 14 -#define GKR_SSH_RES_EXTENDED_FAILURE 30 -#define GKR_SSH_RES_SSHCOM_FAILURE 102 - - -#define GKR_SSH_FLAG_CONSTRAIN_LIFETIME 1 -#define GKR_SSH_FLAG_CONSTRAIN_CONFIRM 2 - -#define GKR_SSH_DSA_SIGNATURE_PADDING 20 -#define GKR_SSH_FLAG_OLD_SIGNATURE 0x01 - -/* ----------------------------------------------------------------------------- - * gkr-ssh-daemon-io.c - */ - -typedef gboolean (*GkrSshOperation) (EggBuffer *req, EggBuffer *resp); -extern const GkrSshOperation gkr_ssh_operations[GKR_SSH_OP_MAX]; - -/* ----------------------------------------------------------------------------- - * gkr-ssh-proto.c - */ - -int gkr_ssh_proto_keytype_to_algo (const gchar *salgo); - -const gchar* gkr_ssh_proto_algo_to_keytype (int algo); - -gboolean gkr_ssh_proto_read_mpi (EggBuffer *req, gsize *offset, gcry_mpi_t *mpi); - -gboolean gkr_ssh_proto_read_mpi_v1 (EggBuffer *req, gsize *offset, gcry_mpi_t *mpi); - -gboolean gkr_ssh_proto_write_mpi (EggBuffer *resp, gcry_mpi_t mpi, int format); - -gboolean gkr_ssh_proto_write_mpi_v1 (EggBuffer *resp, gcry_mpi_t mpi); - -gboolean gkr_ssh_proto_read_public (EggBuffer *req, gsize *offset, gcry_sexp_t *key, int *algo); - -gboolean gkr_ssh_proto_read_public_rsa (EggBuffer *req, gsize *offset, gcry_sexp_t *sexp); - -gboolean gkr_ssh_proto_read_public_dsa (EggBuffer *req, gsize *offset, gcry_sexp_t *sexp); - -gboolean gkr_ssh_proto_read_public_v1 (EggBuffer *req, gsize *offset, gcry_sexp_t *sexp); - -gboolean gkr_ssh_proto_read_private_rsa (EggBuffer *req, gsize *offset, gcry_sexp_t *sexp); - -gboolean gkr_ssh_proto_read_private_dsa (EggBuffer *req, gsize *offset, gcry_sexp_t *sexp); - -gboolean gkr_ssh_proto_read_private_v1 (EggBuffer *req, gsize *offset, gcry_sexp_t *sexp); - -gboolean gkr_ssh_proto_write_public (EggBuffer *resp, int algorithm, gcry_sexp_t key); - -gboolean gkr_ssh_proto_write_public_rsa (EggBuffer *resp, gcry_sexp_t key); - -gboolean gkr_ssh_proto_write_public_dsa (EggBuffer *resp, gcry_sexp_t key); - -gboolean gkr_ssh_proto_write_public_v1 (EggBuffer *resp, gcry_sexp_t key); - -gboolean gkr_ssh_proto_write_signature_rsa (EggBuffer *resp, gcry_sexp_t ssig); - -gboolean gkr_ssh_proto_write_signature_dsa (EggBuffer *resp, gcry_sexp_t ssig); - - -#endif /*GKRSSHPRIVATE_H_*/ diff --git a/daemon/ssh/gkr-ssh-proto.c b/daemon/ssh/gkr-ssh-proto.c deleted file mode 100644 index 1984b6d6..00000000 --- a/daemon/ssh/gkr-ssh-proto.c +++ /dev/null @@ -1,575 +0,0 @@ -/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ -/* gkr-ssh-proto.c - SSH agent protocol helpers - - Copyright (C) 2007 Stefan Walter - - Gnome keyring is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - Gnome keyring is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - Author: Stef Walter <stef@memberwebs.com> -*/ - -#include "config.h" - -#include "gkr-ssh-private.h" - -#include "egg/egg-buffer.h" -#include "common/gkr-crypto.h" - -#include <gcrypt.h> - -#include <glib.h> - -int -gkr_ssh_proto_keytype_to_algo (const gchar *salgo) -{ - g_return_val_if_fail (salgo, 0); - if (strcmp (salgo, "ssh-rsa") == 0) - return GCRY_PK_RSA; - else if (strcmp (salgo, "ssh-dss") == 0) - return GCRY_PK_DSA; - return 0; -} - -const gchar* -gkr_ssh_proto_algo_to_keytype (int algo) -{ - g_return_val_if_fail (algo, NULL); - if (algo == GCRY_PK_RSA) - return "ssh-rsa"; - else if (algo == GCRY_PK_DSA) - return "ssh-dss"; - return NULL; -} - -gboolean -gkr_ssh_proto_read_mpi (EggBuffer *req, gsize *offset, gcry_mpi_t *mpi) -{ - const guchar *data; - gsize len; - gcry_error_t gcry; - - if (!egg_buffer_get_byte_array (req, *offset, offset, &data, &len)) - return FALSE; - - gcry = gcry_mpi_scan (mpi, GCRYMPI_FMT_USG, data, len, NULL); - if (gcry) - return FALSE; - - return TRUE; -} - -gboolean -gkr_ssh_proto_read_mpi_v1 (EggBuffer *req, gsize *offset, gcry_mpi_t *mpi) -{ - const guchar *data; - gsize bytes; - gcry_error_t gcry; - guint16 bits; - - /* Get the number of bits */ - if (!egg_buffer_get_uint16 (req, *offset, offset, &bits)) - return FALSE; - - /* Figure out the number of binary bytes following */ - bytes = (bits + 7) / 8; - if (bytes > 8 * 1024) - return FALSE; - - /* Pull these out directly */ - if (req->len < *offset + bytes) - return FALSE; - data = req->buf + *offset; - *offset += bytes; - - gcry = gcry_mpi_scan (mpi, GCRYMPI_FMT_USG, data, bytes, NULL); - if (gcry) - return FALSE; - - return TRUE; -} - -gboolean -gkr_ssh_proto_write_mpi (EggBuffer *resp, gcry_mpi_t mpi, int format) -{ - guchar *buf; - size_t len; - gcry_error_t gcry; - - /* Get the size */ - gcry = gcry_mpi_print (format, NULL, 0, &len, mpi); - g_return_val_if_fail (gcry == 0, FALSE); - - /* Make a space for it in the buffer */ - buf = egg_buffer_add_byte_array_empty (resp, len); - if (!buf) - return FALSE; - - /* Write in directly to buffer */ - gcry = gcry_mpi_print (format, buf, len, &len, mpi); - g_return_val_if_fail (gcry == 0, FALSE); - - return TRUE; -} - -gboolean -gkr_ssh_proto_write_mpi_v1 (EggBuffer *resp, gcry_mpi_t mpi) -{ - gcry_error_t gcry; - guchar *buf; - gsize bits; - gsize bytes, len; - - bits = gcry_mpi_get_nbits (mpi); - g_return_val_if_fail (bits <= G_MAXUSHORT, FALSE); - - bytes = (bits + 7) / 8; - - /* Get the size */ - gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &len, mpi); - g_return_val_if_fail (gcry == 0, FALSE); - g_return_val_if_fail (bytes == len, FALSE); - - if (!egg_buffer_add_uint16 (resp, bits)) - return FALSE; - - /* Make a space for it in the buffer */ - buf = egg_buffer_add_empty (resp, len); - if (!buf) - return FALSE; - - /* Write in directly to buffer */ - gcry = gcry_mpi_print (GCRYMPI_FMT_USG, buf, bytes, &len, mpi); - g_return_val_if_fail (gcry == 0, FALSE); - - return TRUE; -} - -gboolean -gkr_ssh_proto_read_public (EggBuffer *req, gsize *offset, gcry_sexp_t *key, int *algo) -{ - gboolean ret; - gchar *stype; - int alg; - - /* The string algorithm */ - if (!egg_buffer_get_string (req, *offset, offset, &stype, (EggBufferAllocator)g_realloc)) - return FALSE; - - alg = gkr_ssh_proto_keytype_to_algo (stype); - g_free (stype); - - if (!alg) { - g_warning ("unsupported algorithm from SSH: %s", stype); - return FALSE; - } - - switch (alg) { - case GCRY_PK_RSA: - ret = gkr_ssh_proto_read_public_rsa (req, offset, key); - break; - case GCRY_PK_DSA: - ret = gkr_ssh_proto_read_public_dsa (req, offset, key); - break; - default: - g_assert_not_reached (); - return FALSE; - } - - if (!ret) { - g_warning ("couldn't read incoming SSH private key"); - return FALSE; - } - - if (algo) - *algo = alg; - return TRUE; -} - -#define SEXP_PRIVATE_RSA \ - "(private-key" \ - " (rsa" \ - " (n %m)" \ - " (e %m)" \ - " (d %m)" \ - " (p %m)" \ - " (q %m)" \ - " (u %m)))" - -gboolean -gkr_ssh_proto_read_private_rsa (EggBuffer *req, gsize *offset, gcry_sexp_t *sexp) -{ - gcry_mpi_t n, e, d, p, q, u; - gcry_mpi_t tmp; - int gcry; - - if (!gkr_ssh_proto_read_mpi (req, offset, &n) || - !gkr_ssh_proto_read_mpi (req, offset, &e) || - !gkr_ssh_proto_read_mpi (req, offset, &d) || - !gkr_ssh_proto_read_mpi (req, offset, &u) || - !gkr_ssh_proto_read_mpi (req, offset, &p) || - !gkr_ssh_proto_read_mpi (req, offset, &q)) - return FALSE; - - /* Fix up the incoming key so gcrypt likes it */ - if (gcry_mpi_cmp (p, q) > 0) { - /* P shall be smaller then Q! Swap primes. iqmp becomes u. */ - tmp = p; - p = q; - q = tmp; - } else { - /* U needs to be recomputed. */ - gcry_mpi_invm (u, p, q); - } - - gcry = gcry_sexp_build (sexp, NULL, SEXP_PRIVATE_RSA, n, e, d, p, q, u); - if (gcry) { - g_warning ("couldn't parse incoming private RSA key: %s", gcry_strerror (gcry)); - return FALSE; - } - - gcry_mpi_release (n); - gcry_mpi_release (e); - gcry_mpi_release (d); - gcry_mpi_release (p); - gcry_mpi_release (q); - gcry_mpi_release (u); - - return TRUE; -} - -gboolean -gkr_ssh_proto_read_private_v1 (EggBuffer *req, gsize *offset, gcry_sexp_t *sexp) -{ - gcry_mpi_t n, e, d, p, q, u; - gcry_mpi_t tmp; - int gcry; - - if (!gkr_ssh_proto_read_mpi_v1 (req, offset, &n) || - !gkr_ssh_proto_read_mpi_v1 (req, offset, &e) || - !gkr_ssh_proto_read_mpi_v1 (req, offset, &d) || - !gkr_ssh_proto_read_mpi_v1 (req, offset, &u) || - !gkr_ssh_proto_read_mpi_v1 (req, offset, &p) || - !gkr_ssh_proto_read_mpi_v1 (req, offset, &q)) - return FALSE; - - /* Fix up the incoming key so gcrypt likes it */ - if (gcry_mpi_cmp (p, q) > 0) { - /* P shall be smaller then Q! Swap primes. iqmp becomes u. */ - tmp = p; - p = q; - q = tmp; - } else { - /* U needs to be recomputed. */ - gcry_mpi_invm (u, p, q); - } - - gcry = gcry_sexp_build (sexp, NULL, SEXP_PRIVATE_RSA, n, e, d, p, q, u); - if (gcry) { - g_warning ("couldn't parse incoming private RSA key: %s", gcry_strerror (gcry)); - return FALSE; - } - - gcry_mpi_release (n); - gcry_mpi_release (e); - gcry_mpi_release (d); - gcry_mpi_release (p); - gcry_mpi_release (q); - gcry_mpi_release (u); - - return TRUE; -} - -#define SEXP_PUBLIC_RSA \ - "(public-key" \ - " (rsa" \ - " (n %m)" \ - " (e %m)))" - -gboolean -gkr_ssh_proto_read_public_rsa (EggBuffer *req, gsize *offset, gcry_sexp_t *sexp) -{ - gcry_mpi_t n, e; - int gcry; - - if (!gkr_ssh_proto_read_mpi (req, offset, &e) || - !gkr_ssh_proto_read_mpi (req, offset, &n)) - return FALSE; - - gcry = gcry_sexp_build (sexp, NULL, SEXP_PUBLIC_RSA, n, e); - if (gcry) { - g_warning ("couldn't parse incoming public RSA key: %s", gcry_strerror (gcry)); - return FALSE; - } - - gcry_mpi_release (n); - gcry_mpi_release (e); - - return TRUE; -} - -gboolean -gkr_ssh_proto_read_public_v1 (EggBuffer *req, gsize *offset, gcry_sexp_t *sexp) -{ - gcry_mpi_t n, e; - guint32 bits; - int gcry; - - if (!egg_buffer_get_uint32 (req, *offset, offset, &bits)) - return FALSE; - - if (!gkr_ssh_proto_read_mpi_v1 (req, offset, &e) || - !gkr_ssh_proto_read_mpi_v1 (req, offset, &n)) - return FALSE; - - gcry = gcry_sexp_build (sexp, NULL, SEXP_PUBLIC_RSA, n, e); - if (gcry) { - g_warning ("couldn't parse incoming public RSA key: %s", gcry_strerror (gcry)); - return FALSE; - } - - gcry_mpi_release (n); - gcry_mpi_release (e); - - return TRUE; -} - -#define SEXP_PRIVATE_DSA \ - "(private-key" \ - " (dsa" \ - " (p %m)" \ - " (q %m)" \ - " (g %m)" \ - " (y %m)" \ - " (x %m)))" - -gboolean -gkr_ssh_proto_read_private_dsa (EggBuffer *req, gsize *offset, gcry_sexp_t *sexp) -{ - gcry_mpi_t p, q, g, y, x; - int gcry; - - if (!gkr_ssh_proto_read_mpi (req, offset, &p) || - !gkr_ssh_proto_read_mpi (req, offset, &q) || - !gkr_ssh_proto_read_mpi (req, offset, &g) || - !gkr_ssh_proto_read_mpi (req, offset, &y) || - !gkr_ssh_proto_read_mpi (req, offset, &x)) - return FALSE; - - gcry = gcry_sexp_build (sexp, NULL, SEXP_PRIVATE_DSA, p, q, g, y, x); - if (gcry) { - g_warning ("couldn't parse incoming DSA key: %s", gcry_strerror (gcry)); - return FALSE; - } - - gcry_mpi_release (p); - gcry_mpi_release (q); - gcry_mpi_release (g); - gcry_mpi_release (y); - gcry_mpi_release (x); - - return TRUE; -} - -#define SEXP_PUBLIC_DSA \ - "(public-key" \ - " (dsa" \ - " (p %m)" \ - " (q %m)" \ - " (g %m)" \ - " (y %m)))" - -gboolean -gkr_ssh_proto_read_public_dsa (EggBuffer *req, gsize *offset, gcry_sexp_t *sexp) -{ - gcry_mpi_t p, q, g, y; - int gcry; - - if (!gkr_ssh_proto_read_mpi (req, offset, &p) || - !gkr_ssh_proto_read_mpi (req, offset, &q) || - !gkr_ssh_proto_read_mpi (req, offset, &g) || - !gkr_ssh_proto_read_mpi (req, offset, &y)) - return FALSE; - - gcry = gcry_sexp_build (sexp, NULL, SEXP_PUBLIC_DSA, p, q, g, y); - if (gcry) { - g_warning ("couldn't parse incoming public DSA key: %s", gcry_strerror (gcry)); - return FALSE; - } - - gcry_mpi_release (p); - gcry_mpi_release (q); - gcry_mpi_release (g); - gcry_mpi_release (y); - - return TRUE; -} - -gboolean -gkr_ssh_proto_write_public (EggBuffer *resp, int algo, gcry_sexp_t key) -{ - gboolean ret = FALSE; - const gchar *salgo; - - salgo = gkr_ssh_proto_algo_to_keytype (algo); - g_assert (salgo); - egg_buffer_add_string (resp, salgo); - - switch (algo) { - case GCRY_PK_RSA: - ret = gkr_ssh_proto_write_public_rsa (resp, key); - break; - - case GCRY_PK_DSA: - ret = gkr_ssh_proto_write_public_dsa (resp, key); - break; - - default: - g_return_val_if_reached (FALSE); - break; - } - - return ret; -} - -gboolean -gkr_ssh_proto_write_public_rsa (EggBuffer *resp, gcry_sexp_t key) -{ - gcry_mpi_t mpi; - gboolean ret; - - ret = gkr_crypto_sexp_extract_mpi (key, &mpi, "rsa", "e", NULL); - g_return_val_if_fail (ret, FALSE); - - ret = gkr_ssh_proto_write_mpi (resp, mpi, GCRYMPI_FMT_STD); - gcry_mpi_release (mpi); - - if (!ret) - return ret; - - ret = gkr_crypto_sexp_extract_mpi (key, &mpi, "rsa", "n", NULL); - g_return_val_if_fail (ret, FALSE); - - ret = gkr_ssh_proto_write_mpi (resp, mpi, GCRYMPI_FMT_STD); - gcry_mpi_release (mpi); - - return ret; -} - -gboolean -gkr_ssh_proto_write_public_dsa (EggBuffer *resp, gcry_sexp_t key) -{ - gcry_mpi_t mpi; - gboolean ret; - - ret = gkr_crypto_sexp_extract_mpi (key, &mpi, "dsa", "p", NULL); - g_return_val_if_fail (ret, FALSE); - - ret = gkr_ssh_proto_write_mpi (resp, mpi, GCRYMPI_FMT_STD); - gcry_mpi_release (mpi); - - if (!ret) - return ret; - - ret = gkr_crypto_sexp_extract_mpi (key, &mpi, "dsa", "q", NULL); - g_return_val_if_fail (ret, FALSE); - - ret = gkr_ssh_proto_write_mpi (resp, mpi, GCRYMPI_FMT_STD); - gcry_mpi_release (mpi); - - if (!ret) - return ret; - - ret = gkr_crypto_sexp_extract_mpi (key, &mpi, "dsa", "g", NULL); - g_return_val_if_fail (ret, FALSE); - - ret = gkr_ssh_proto_write_mpi (resp, mpi, GCRYMPI_FMT_STD); - gcry_mpi_release (mpi); - - if (!ret) - return ret; - - ret = gkr_crypto_sexp_extract_mpi (key, &mpi, "dsa", "y", NULL); - g_return_val_if_fail (ret, FALSE); - - ret = gkr_ssh_proto_write_mpi (resp, mpi, GCRYMPI_FMT_STD); - gcry_mpi_release (mpi); - - return ret; -} - -gboolean -gkr_ssh_proto_write_public_v1 (EggBuffer *resp, gcry_sexp_t key) -{ - gboolean ret = FALSE; - gcry_mpi_t mpi; - unsigned int bits; - - /* This is always an RSA key. */ - - /* Write out the number of bits of the key */ - bits = gcry_pk_get_nbits (key); - g_return_val_if_fail (bits > 0, FALSE); - egg_buffer_add_uint32 (resp, bits); - - /* Write out the exponent */ - ret = gkr_crypto_sexp_extract_mpi (key, &mpi, "rsa", "e", NULL); - g_return_val_if_fail (ret, FALSE); - ret = gkr_ssh_proto_write_mpi_v1 (resp, mpi); - gcry_mpi_release (mpi); - - if (!ret) - return ret; - - /* Write out the public value */ - ret = gkr_crypto_sexp_extract_mpi (key, &mpi, "rsa", "n", NULL); - g_return_val_if_fail (ret, FALSE); - ret = gkr_ssh_proto_write_mpi_v1 (resp, mpi); - gcry_mpi_release (mpi); - - return ret; -} - -gboolean -gkr_ssh_proto_write_signature_rsa (EggBuffer *resp, gcry_sexp_t ssig) -{ - gboolean ret; - gcry_mpi_t mpi; - - ret = gkr_crypto_sexp_extract_mpi (ssig, &mpi, "rsa", "s", NULL); - g_return_val_if_fail (ret, FALSE); - - ret = gkr_ssh_proto_write_mpi (resp, mpi, GCRYMPI_FMT_USG); - gcry_mpi_release (mpi); - - return ret; -} - -gboolean -gkr_ssh_proto_write_signature_dsa (EggBuffer *resp, gcry_sexp_t ssig) -{ - guchar buffer[GKR_SSH_DSA_SIGNATURE_PADDING * 2]; - gboolean ret; - - ret = gkr_crypto_sexp_extract_mpi_aligned (ssig, buffer, GKR_SSH_DSA_SIGNATURE_PADDING, - "dsa", "r", NULL); - g_return_val_if_fail (ret, FALSE); - - ret = gkr_crypto_sexp_extract_mpi_aligned (ssig, buffer + GKR_SSH_DSA_SIGNATURE_PADDING, - GKR_SSH_DSA_SIGNATURE_PADDING, "dsa", "s", NULL); - g_return_val_if_fail (ret, FALSE); - - return egg_buffer_add_byte_array (resp, buffer, sizeof (buffer)); -} - diff --git a/daemon/ssh/gkr-ssh-storage.c b/daemon/ssh/gkr-ssh-storage.c deleted file mode 100644 index 37025daa..00000000 --- a/daemon/ssh/gkr-ssh-storage.c +++ /dev/null @@ -1,918 +0,0 @@ -/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ -/* gkr-ssh-storage.c - Storage of SSH keys - - Copyright (C) 2008 Stefan Walter - - The Gnome Keyring Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - The Gnome Keyring Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the Gnome Library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. - - Author: Stef Walter <stef@memberwebs.com> -*/ - -#include "config.h" - -#include "gkr-ssh-private.h" -#include "gkr-ssh-storage.h" - -#include "egg/egg-buffer.h" -#include "common/gkr-crypto.h" -#include "common/gkr-location.h" -#include "common/gkr-location-watch.h" -#include "egg/egg-secure-memory.h" - -#include "keyrings/gkr-keyring-login.h" - -#include "pkcs11/pkcs11.h" - -#include "pk/gkr-pk-privkey.h" -#include "pk/gkr-pk-manager.h" -#include "pk/gkr-pk-util.h" - -#include "pkix/gkr-pkix-asn1.h" -#include "pkix/gkr-pkix-der.h" -#include "pkix/gkr-pkix-openssl.h" -#include "pkix/gkr-pkix-pem.h" -#include "pkix/gkr-pkix-types.h" - -#include "ui/gkr-ask-daemon.h" -#include "ui/gkr-ask-request.h" - -#include <glib.h> -#include <glib/gi18n.h> - -#include <stdarg.h> - -typedef struct _GkrSshStoragePrivate GkrSshStoragePrivate; - -struct _GkrSshStoragePrivate { - gkrid specific_load_request; - GQuark home_location; - GkrPkIndex *index; - GkrLocationWatch *watch; -}; - -#define GKR_SSH_STORAGE_GET_PRIVATE(o) \ - (G_TYPE_INSTANCE_GET_PRIVATE((o), GKR_TYPE_SSH_STORAGE, GkrSshStoragePrivate)) - -G_DEFINE_TYPE(GkrSshStorage, gkr_ssh_storage, GKR_TYPE_PK_STORAGE); - -static GQuark PEM_RSA_PRIVATE_KEY; -static GQuark PEM_DSA_PRIVATE_KEY; - -static GkrPkIndex* gkr_ssh_storage_index (GkrPkStorage *storage, GQuark unused); - -/* ----------------------------------------------------------------------------- - * HELPERS - */ - -static GQuark -location_for_storing_private_key (GkrSshStorage *storage, gcry_sexp_t sexp) -{ - GkrSshStoragePrivate *pv = GKR_SSH_STORAGE_GET_PRIVATE (storage); - const gchar *pref; - gchar *name; - GQuark loc = 0; - int algo, i; - - /* What kind of key is it? */ - algo = gkr_crypto_skey_parse (sexp, &algo, NULL, NULL); - switch (algo) { - case GCRY_PK_RSA: - pref = "id_rsa"; - break; - case GCRY_PK_DSA: - pref = "id_dsa"; - break; - default: - pref = "id_xsa"; - break; - }; - - /* Find a file that's unique */ - for (i = 0; i < ~0; i++) { - name = (i == 0) ? g_strdup (pref) : g_strdup_printf ("%s.%d", pref, i); - loc = gkr_location_from_child (pv->home_location, name); - if (!gkr_location_test_file(loc, G_FILE_TEST_EXISTS)) - break; - g_free (name); - loc = 0; - } - - return loc; -} - -static GkrPkObject* -prepare_object (GkrSshStorage *storage, GQuark location, gkrconstid digest) -{ - GkrPkManager *manager; - GkrPkObject *object; - - manager = gkr_pk_manager_for_token (); - object = gkr_pk_manager_find_by_digest (manager, digest); - - /* The object already exists just reference it */ - if (object) { - gkr_pk_storage_add_object (GKR_PK_STORAGE (storage), object); - return object; - } - - object = g_object_new (GKR_TYPE_PK_PRIVKEY, "manager", manager, "location", location, - "digest", digest, NULL); - gkr_pk_storage_add_object (GKR_PK_STORAGE (storage), object); - - /* Object was reffed */ - g_object_unref (object); - return object; -} - -static GQuark -public_location_for_private (GQuark loc) -{ - gchar *pstr; - GQuark ploc; - - pstr = g_strdup_printf ("%s.pub", gkr_location_to_string (loc)); - ploc = gkr_location_from_string (pstr); - g_free (pstr); - - return ploc; -} - -static gboolean -storage_write_public_key (GkrSshStorage *storage, gcry_sexp_t sexp, - const gchar *comment, GQuark loc, GError **err) -{ - guchar *data; - gsize n_data; - gboolean ret; - - g_return_val_if_fail (loc, FALSE); - g_return_val_if_fail (!err || !*err, FALSE); - - data = gkr_ssh_storage_write_public_key (sexp, comment, &n_data); - if (!data) { - g_set_error (err, GKR_PK_STORAGE_ERROR, 0, _("Couldn't encode secure shell public key.")); - return FALSE; - } - - /* And write that to disk */ - ret = gkr_location_write_file (loc, data, n_data, err); - g_free (data); - return ret; -} - -static gboolean -store_public_key_for_private (GkrSshStorage *storage, GkrPkObject *priv, GError **err) -{ - gcry_sexp_t sexp, psexp; - gchar *label; - gboolean ret; - GQuark ploc; - - g_return_val_if_fail (GKR_IS_PK_PRIVKEY (priv), FALSE); - g_return_val_if_fail (priv->location, FALSE); - - /* Don't have a key to write out :( */ - g_object_get (priv, "gcrypt-sexp", &sexp, NULL); - if (!sexp) - return TRUE; - - /* Convert to a public key */ - if (!gkr_crypto_skey_private_to_public (sexp, &psexp)) - g_return_val_if_reached (FALSE); - - /* And then store that public key next to the private */ - ploc = public_location_for_private (priv->location); - g_object_get (priv, "orig-label", &label, NULL); - ret = storage_write_public_key (storage, psexp, label, ploc, err); - g_free (label); - gcry_sexp_release (psexp); - - return ret; -} - -static GkrPkixResult -load_encrypted_key (GkrSshStorage *storage, gkrid digest, GQuark location, - const gchar *dekinfo, const guchar *data, gsize n_data, - gcry_sexp_t *skey) -{ - GkrPkixResult ret; - gchar *password; - guchar *decrypted; - gsize n_decrypted; - gboolean res; - gint l, state; - - state = GKR_PK_STORAGE_PASSWD_STATE; - while (!gkr_async_is_stopping ()) { - - /* Get the password to try */ - if (!gkr_pk_storage_get_load_password (GKR_PK_STORAGE (storage), location, - digest, GKR_PKIX_PRIVATE_KEY, NULL, - &state, &password)) - return GKR_PKIX_SUCCESS; - - decrypted = NULL; - n_decrypted = 0; - - /* Decrypt, this will result in garble if invalid password */ - res = gkr_pkix_openssl_decrypt_block (dekinfo, password, data, n_data, - &decrypted, &n_decrypted); - egg_secure_free (password); - - if (!res) - return GKR_PKIX_UNRECOGNIZED; - - g_assert (decrypted); - - /* Unpad the DER data */ - l = gkr_pkix_asn1_element_length (decrypted, n_decrypted); - if (l > 0) - n_decrypted = l; - - /* Try to parse */ - ret = gkr_pkix_der_read_private_key (decrypted, n_decrypted, skey); - egg_secure_free (decrypted); - - if (ret != GKR_PKIX_UNRECOGNIZED) - return ret; - } - - return GKR_PKIX_FAILURE; -} - -static void -index_correspending_public_key (GkrSshStorage *storage, GQuark loc, gkrconstid digest, - gchar **comment) -{ - GError *err = NULL; - GkrPkixResult res; - GkrPkIndex *index; - gcry_sexp_t sexp; - guchar *data; - gsize n_data; - GQuark ploc; - - *comment = NULL; - - g_return_if_fail (loc); - - ploc = public_location_for_private (loc); - g_return_if_fail (ploc); - - /* Does the file even exist? */ - if (!gkr_location_test_file (ploc, G_FILE_TEST_IS_REGULAR)) - return; - - if (!gkr_location_read_file (ploc, &data, &n_data, &err)) { - g_message ("couldn't read public key file: %s: %s", g_quark_to_string (ploc), - err && err->message ? err->message : ""); - g_clear_error (&err); - return; - } - - res = gkr_ssh_storage_load_public_key (data, n_data, &sexp, comment); - g_free (data); - - if (res == GKR_PKIX_FAILURE) { - g_message ("couldn't parse public key file: %s", g_quark_to_string (ploc)); - g_free (*comment); - *comment = NULL; - return; - } else if (res == GKR_PKIX_UNRECOGNIZED) { - g_message ("invalid secure shell public key file: %s", g_quark_to_string (ploc)); - g_free (*comment); - *comment = NULL; - return; - } - - /* Write key to the indexes */ - index = gkr_ssh_storage_index (GKR_PK_STORAGE (storage), loc); - if (!gkr_pk_index_has_value (index, digest, GKR_PK_INDEX_PUBLIC_KEY)) { - data = gkr_pkix_der_write_public_key (sexp, &n_data); - g_return_if_fail (data != NULL); - gkr_pk_index_set_binary (index, digest, GKR_PK_INDEX_PUBLIC_KEY, data, n_data); - } - - gcry_sexp_release (sexp); -} - -typedef struct _Load { - GkrSshStorage *storage; - GQuark location; - gboolean seen; - GkrPkixResult result; -} Load; - -static void -parsed_pem_block (GQuark type, const guchar *data, gsize n_data, - GHashTable *headers, gpointer user_data) -{ - Load *ctx = (Load*)user_data; - GkrSshStoragePrivate *pv = GKR_SSH_STORAGE_GET_PRIVATE (ctx->storage); - gcry_sexp_t sexp = NULL; - GkrPkObject *object; - const gchar *dekinfo; - gchar *comment; - gkrid digest; - - /* Only handle SSHv2 private keys */ - if (type != PEM_RSA_PRIVATE_KEY && type != PEM_DSA_PRIVATE_KEY) - return; - - /* Only parse first key in the file */ - if (ctx->seen) - return; - - digest = gkr_id_new_digest (data, n_data); - ctx->seen = TRUE; - - /* If it's encrypted ... */ - dekinfo = gkr_pkix_openssl_get_dekinfo (headers); - if (dekinfo) { - /* This key was specifically requested to be loaded */ - if (gkr_id_equals (digest, pv->specific_load_request)) { - ctx->result = load_encrypted_key (ctx->storage, digest, ctx->location, - dekinfo, data, n_data, &sexp); - - /* Nobody's asking us to load this key just yet */ - } else { - ctx->result = GKR_PKIX_SUCCESS; - sexp = NULL; - } - - /* not encryted, just load the data */ - } else { - ctx->result = gkr_pkix_der_read_private_key (data, n_data, &sexp); - } - - if (ctx->result != GKR_PKIX_SUCCESS) { - gkr_id_free (digest); - return; - } - - /* - * Now that we have a digest, and we know the key parses, let's be helpful - * and check whether we have the public key in our indexes. If not, load it up. - * It's important that we do this before the private key object is instantiated - */ - index_correspending_public_key (ctx->storage, ctx->location, digest, &comment); - - if (gkr_id_equals (pv->specific_load_request, digest)) - pv->specific_load_request = NULL; - - /* Prepare and setup the object */ - object = prepare_object (ctx->storage, ctx->location, digest); - if (sexp) - g_object_set (object, "gcrypt-sexp", sexp, NULL); - if (comment) - g_object_set (object, "orig-label", comment, NULL); - - g_free (comment); - gkr_id_free (digest); -} - -static gboolean -storage_load_private_key (GkrSshStorage *storage, GQuark loc, GError **err) -{ - Load ctx; - guchar *data; - gsize n_data; - guint num; - - g_return_val_if_fail (loc, FALSE); - g_return_val_if_fail (!err || !*err, FALSE); - - if (!gkr_location_read_file (loc, &data, &n_data, err)) - return FALSE; - - memset (&ctx, 0, sizeof (ctx)); - ctx.storage = storage; - ctx.location = loc; - - num = gkr_pkix_pem_parse (data, n_data, parsed_pem_block, &ctx); - - /* Didn't find any private key there */ - if (num == 0) - return TRUE; - - if (ctx.result == GKR_PKIX_FAILURE) { - g_set_error (err, GKR_PK_STORAGE_ERROR, 0, _("Couldn't read secure shell private key: %s"), - g_quark_to_string (loc)); - return FALSE; - } else if (ctx.result == GKR_PKIX_UNRECOGNIZED) { - g_set_error (err, GKR_PK_STORAGE_ERROR, 0, _("Invalid secure shell private key at: %s"), - g_quark_to_string (loc)); - return FALSE; - } - - return TRUE; -} - -static gkrid -storage_write_private_key (GkrSshStorage *storage, gcry_sexp_t sexp, - GQuark loc, const gchar *password, GError **err) -{ - GHashTable *headers; - const gchar *dekinfo; - GQuark type; - guchar *data, *encrypted, *result; - gsize n_data, n_encrypted, n_result; - gboolean is_priv; - gkrid digest = NULL; - int algo; - - data = encrypted = result = NULL; - headers = NULL; - - /* What kind of key is it? */ - algo = gkr_crypto_skey_parse (sexp, &algo, &is_priv, NULL); - g_return_val_if_fail (is_priv == TRUE, NULL); - g_return_val_if_fail (algo != 0, NULL); - - /* Figure out what kind of BEGIN/END PEM we need */ - if (algo == GCRY_PK_RSA) - type = PEM_RSA_PRIVATE_KEY; - else if (algo == GCRY_PK_DSA) - type = PEM_DSA_PRIVATE_KEY; - else - g_return_val_if_reached (NULL); - - /* Write out the raw key to memory */ - data = gkr_pkix_der_write_private_key (sexp, &n_data); - g_return_val_if_fail (data, NULL); - - /* Write an encrypted private key */ - if (password) { - headers = gkr_pkix_pem_headers_new (); - dekinfo = gkr_pkix_openssl_prep_dekinfo (headers); - - if (!gkr_pkix_openssl_encrypt_block (dekinfo, password, data, n_data, - &encrypted, &n_encrypted)) { - g_set_error (err, GKR_PK_STORAGE_ERROR, 0, - _("Couldn't encrypt the SSH key to store it.")); - goto done; - } - digest = gkr_id_new_digest (encrypted, n_encrypted); - result = gkr_pkix_pem_write (encrypted, n_encrypted, type, headers, &n_result); - g_free (encrypted); - - /* Write a non-encrypted private key */ - } else { - digest = gkr_id_new_digest (data, n_data); - result = gkr_pkix_pem_write (data, n_data, type, headers, &n_result); - } - - /* Make sure it worked */ - if (!result) { - g_set_error (err, GKR_PK_STORAGE_ERROR, 0, - _("Couldn't encode the SSH key to store it.")); - gkr_id_free (digest); - digest = NULL; - goto done; - } - - /* Now write it to the file */ - if (gkr_location_write_file (loc, result, n_result, err)) { - gkr_id_free (digest); - digest = NULL; - } - -done: - if (headers) - g_hash_table_destroy (headers); - egg_secure_free (data); - g_free (result); - g_free (encrypted); - - return digest; -} - -static void -location_load (GkrLocationWatch *watch, GQuark loc, GkrSshStorage *storage) -{ - GError *err = NULL; - - /* We only get notified for private keys */ - if (!storage_load_private_key (storage, loc, &err)) { - g_message ("couldn't parse data: %s: %s", g_quark_to_string (loc), - err && err->message ? err->message : ""); - g_clear_error (&err); - } -} - -static void -location_remove (GkrLocationWatch *watch, GQuark loc, GkrSshStorage *storage) -{ - /* Remove key that is at that location */ - gkr_pk_storage_clr_objects (GKR_PK_STORAGE (storage), loc); - - /* We only watch private keys, so try and clear out the public */ - gkr_pk_storage_clr_objects (GKR_PK_STORAGE (storage), - public_location_for_private (loc)); -} - -/* ----------------------------------------------------------------------------- - * OBJECT - */ - -static void -gkr_ssh_storage_refresh (GkrPkStorage *storage) -{ - GkrSshStoragePrivate *pv = GKR_SSH_STORAGE_GET_PRIVATE (storage); - gkr_location_watch_refresh (pv->watch, FALSE); -} - -static gboolean -gkr_ssh_storage_load (GkrPkStorage *storage, GkrPkObject *obj, GError **err) -{ - GkrSshStoragePrivate *pv = GKR_SSH_STORAGE_GET_PRIVATE (storage); - gboolean ret = FALSE; - - g_return_val_if_fail (GKR_IS_PK_OBJECT (obj), FALSE); - g_return_val_if_fail (obj->storage == storage, FALSE); - g_return_val_if_fail (obj->location, FALSE); - g_return_val_if_fail (pv->specific_load_request == NULL, FALSE); - - g_object_ref (obj); - - /* Make note of the specific load request */ - pv->specific_load_request = obj->digest; - - /* Load a private key from this location */ - if (GKR_IS_PK_PRIVKEY (obj)) - storage_load_private_key (GKR_SSH_STORAGE (storage), obj->location, err); - - else - g_return_val_if_reached (FALSE); - - /* See if it was seen */ - if (pv->specific_load_request != NULL) { - g_set_error (err, GKR_PK_STORAGE_ERROR, 0, "The object was not found at: %s", - g_quark_to_string (obj->location)); - pv->specific_load_request = NULL; - goto done; - } - - /* - * At this point, if we were loading a public key, it should be all loaded, - * including encrypted parts. Write out the public key if needed. - */ - if (GKR_IS_PK_PRIVKEY (obj) && - !gkr_location_test_file (public_location_for_private (obj->location), G_FILE_TEST_EXISTS)) - store_public_key_for_private (GKR_SSH_STORAGE (storage), obj, NULL); - - ret = TRUE; - -done: - g_object_unref (obj); - return ret; -} - -static gboolean -gkr_ssh_storage_store (GkrPkStorage *stor, GkrPkObject *obj, GError **err) -{ - GkrSshStorage *storage; - gcry_sexp_t sexp; - gchar *password; - gkrid digest; - gboolean ret; - GQuark loc; - - g_return_val_if_fail (!err || !*err, FALSE); - g_return_val_if_fail (GKR_IS_SSH_STORAGE (stor), FALSE); - g_return_val_if_fail (obj->storage == NULL, FALSE); - g_return_val_if_fail (obj->location == 0, FALSE); - - storage = GKR_SSH_STORAGE (stor); - - /* We don't yet support storing arbitrary public keys */ - g_return_val_if_fail (GKR_IS_PK_PRIVKEY (obj), FALSE); - - /* Pull out the actual part of the key */ - g_object_get (obj, "gcrypt-sexp", &sexp, NULL); - g_return_val_if_fail (sexp, FALSE); - - /* Find a good location to store this key */ - loc = location_for_storing_private_key (storage, sexp); - g_return_val_if_fail (loc, FALSE); - - /* Get a password for this key, determines whether encrypted or not */ - ret = gkr_pk_storage_get_store_password (stor, loc, obj->digest, GKR_PKIX_PRIVATE_KEY, - gkr_pk_object_get_label (obj), - &password); - - /* Prompt for a password was denied */ - if (!ret) - return TRUE; - - /* Store the private key */ - digest = storage_write_private_key (storage, sexp, loc, password, err); - egg_secure_strfree (password); - - if (!digest) - return FALSE; - - /* The object now has a (possibly new) location */ - g_object_set (obj, "location", loc, "storage", stor, "digest", digest, NULL); - gkr_pk_storage_add_object (stor, obj); - gkr_id_free (digest); - - /* Now store the public key in place if possible */ - return store_public_key_for_private (storage, obj, err); -} - -static gboolean -gkr_ssh_storage_remove (GkrPkStorage *storage, GkrPkObject *obj, GError **err) -{ - GQuark ploc; - - g_return_val_if_fail (!err || !*err, FALSE); - g_return_val_if_fail (GKR_IS_SSH_STORAGE (storage), FALSE); - g_return_val_if_fail (obj->storage == storage, FALSE); - g_return_val_if_fail (obj->location, FALSE); - - /* Delete the public key along with the private */ - if (GKR_IS_PK_PRIVKEY (obj)) { - ploc = public_location_for_private (obj->location); - if (!gkr_location_delete_file (ploc, err)) - return FALSE; - } - - /* Delete the object itself */ - if (!gkr_location_delete_file (obj->location, err)) - return FALSE; - - gkr_ssh_storage_refresh (storage); - return TRUE; -} - -static GkrPkIndex* -gkr_ssh_storage_index (GkrPkStorage *storage, GQuark unused) -{ - GkrSshStoragePrivate *pv = GKR_SSH_STORAGE_GET_PRIVATE (storage); - GnomeKeyringAttributeList *attrs; - - if (!pv->index) { - /* Default attributes for our index */ - attrs = gnome_keyring_attribute_list_new (); - gnome_keyring_attribute_list_append_string (attrs, "purposes", "ssh-authentication"); - - pv->index = gkr_pk_index_open_login (attrs); - if (!pv->index) - pv->index = gkr_pk_index_open_session (attrs); - - gnome_keyring_attribute_list_free (attrs); - } - - return pv->index; -} - - -static void -gkr_ssh_storage_init (GkrSshStorage *storage) -{ - GkrSshStoragePrivate *pv = GKR_SSH_STORAGE_GET_PRIVATE (storage); - - pv->specific_load_request = NULL; - pv->home_location = gkr_location_from_child (GKR_LOCATION_VOLUME_HOME, ".ssh/"); - - /* Watch all ~/.ssh/id_?sa* except for *.pub files */ - pv->watch = gkr_location_watch_new (NULL, GKR_LOCATION_VOLUME_HOME, ".ssh", - "id_?sa*", "*.pub"); - g_return_if_fail (pv->watch); - - g_signal_connect (pv->watch, "location-added", G_CALLBACK (location_load), storage); - g_signal_connect (pv->watch, "location-changed", G_CALLBACK (location_load), storage); - g_signal_connect (pv->watch, "location-removed", G_CALLBACK (location_remove), storage); -} - -static void -gkr_ssh_storage_dispose (GObject *obj) -{ - GkrSshStorage *storage = GKR_SSH_STORAGE (obj); - GkrSshStoragePrivate *pv = GKR_SSH_STORAGE_GET_PRIVATE (obj); - - g_signal_handlers_disconnect_by_func (pv->watch, location_load, storage); - g_signal_handlers_disconnect_by_func (pv->watch, location_remove, storage); - - if (pv->index) - g_object_unref (pv->index); - pv->index = NULL; - - G_OBJECT_CLASS (gkr_ssh_storage_parent_class)->dispose (obj); -} - -static void -gkr_ssh_storage_finalize (GObject *obj) -{ - GkrSshStoragePrivate *pv = GKR_SSH_STORAGE_GET_PRIVATE (obj); - - g_object_unref (pv->watch); - pv->watch = NULL; - - g_assert (pv->index == NULL); - - G_OBJECT_CLASS (gkr_ssh_storage_parent_class)->finalize (obj); -} - -static void -gkr_ssh_storage_class_init (GkrSshStorageClass *klass) -{ - GkrPkStorageClass *storage_class = GKR_PK_STORAGE_CLASS (klass); - GObjectClass *gobject_class; - - gobject_class = (GObjectClass*)klass; - gobject_class->dispose = gkr_ssh_storage_dispose; - gobject_class->finalize = gkr_ssh_storage_finalize; - - storage_class->refresh = gkr_ssh_storage_refresh; - storage_class->load = gkr_ssh_storage_load; - storage_class->store = gkr_ssh_storage_store; - storage_class->remove = gkr_ssh_storage_remove; - storage_class->index = gkr_ssh_storage_index; - - gkr_ssh_storage_parent_class = g_type_class_peek_parent (klass); - - PEM_RSA_PRIVATE_KEY = g_quark_from_static_string ("RSA PRIVATE KEY"); - PEM_DSA_PRIVATE_KEY = g_quark_from_static_string ("DSA PRIVATE KEY"); - - g_type_class_add_private (gobject_class, sizeof (GkrSshStoragePrivate)); -} - -/* ------------------------------------------------------------------------------- - * PUBLIC FUNCTIONS - */ - -gboolean -gkr_ssh_storage_initialize (void) -{ - GkrPkStorage *storage; - - storage = g_object_new (GKR_TYPE_SSH_STORAGE, NULL); - gkr_pk_storage_register (storage, FALSE); - g_object_unref (storage); - - return TRUE; -} - -GkrPkixResult -gkr_ssh_storage_load_public_key (const guchar *data, gsize n_data, - gcry_sexp_t *sexp, gchar **comment) -{ - EggBuffer buf; - const guchar *at; - guchar *decoded; - gsize n_decoded; - gsize offset; - gchar *val; - gboolean ret; - gint state, algo; - guint save; - - g_return_val_if_fail (data, GKR_PKIX_FAILURE); - g_return_val_if_fail (sexp, GKR_PKIX_FAILURE); - - /* Look for a key line */ - for (;;) { - /* Eat space at the front */ - while (n_data > 0 && g_ascii_isspace (data[0])) { - ++data; - --n_data; - } - - /* Not a comment or blank line? Then parse... */ - if (data[0] != '#') - break; - - /* Skip to the next line */ - at = memchr (data, '\n', n_data); - if (!at) - return GKR_PKIX_UNRECOGNIZED; - at += 1; - n_data -= (at - data); - data = at; - } - - /* Limit to use only the first line */ - at = memchr (data, '\n', n_data); - if (at != NULL) - n_data = at - data; - - /* Find the first space */ - at = memchr (data, ' ', n_data); - if (!at) { - g_message ("SSH public key missing space"); - return GKR_PKIX_UNRECOGNIZED; - } - - /* Parse the key type */ - val = g_strndup ((gchar*)data, at - data); - algo = gkr_ssh_proto_keytype_to_algo (val); - if (!algo) - g_message ("Unsupported or unknown SSH key algorithm: %s", val); - g_free (val); - if (!algo) - return GKR_PKIX_UNRECOGNIZED; - - /* Skip more whitespace */ - n_data -= (at - data); - data = at; - while (n_data > 0 && (data[0] == ' ' || data[0] == '\t')) { - ++data; - --n_data; - } - - /* Find the next whitespace, or the end */ - at = memchr (data, ' ', n_data); - if (at == NULL) - at = data + n_data; - - /* Decode the base64 key */ - save = state = 0; - decoded = g_malloc (n_data * 3 / 4); - n_decoded = g_base64_decode_step ((gchar*)data, n_data, decoded, &state, &save); - - /* Parse the actual key */ - egg_buffer_init_static (&buf, decoded, n_decoded); - offset = 0; - ret = gkr_ssh_proto_read_public (&buf, &offset, sexp, NULL); - g_free (decoded); - if (!ret) { - g_message ("failed to parse base64 part of SSH key"); - return GKR_PKIX_FAILURE; - } - - /* Skip more whitespace */ - n_data -= (at - data); - data = at; - while (n_data > 0 && (data[0] == ' ' || data[0] == '\t')) { - ++data; - --n_data; - } - - /* If there's data left, its the comment */ - if (comment) - *comment = n_data ? g_strndup ((gchar*)data, n_data) : NULL; - - return GKR_PKIX_SUCCESS; -} - -guchar* -gkr_ssh_storage_write_public_key (gcry_sexp_t sexp, const gchar *comment, - gsize *n_data) -{ - GString *result; - EggBuffer buffer; - const gchar *type; - gchar *encoded; - gboolean is_priv; - int algo; - - g_return_val_if_fail (n_data, NULL); - g_return_val_if_fail (sexp, NULL); - - result = g_string_sized_new (4096); - - if (!gkr_crypto_skey_parse (sexp, &algo, &is_priv, NULL)) - g_return_val_if_reached (NULL); - g_return_val_if_fail (is_priv == FALSE, NULL); - g_return_val_if_fail (algo != 0, NULL); - - type = gkr_ssh_proto_algo_to_keytype (algo); - g_return_val_if_fail (type, NULL); - - g_string_append (result, type); - g_string_append_c (result, ' '); - - egg_buffer_init_full (&buffer, 4096, (EggBufferAllocator)g_realloc); - gkr_ssh_proto_write_public (&buffer, algo, sexp); - - encoded = g_base64_encode (buffer.buf, buffer.len); - egg_buffer_uninit (&buffer); - - g_return_val_if_fail (encoded, NULL); - g_string_append (result, encoded); - - if (comment) { - g_string_append_c (result, ' '); - g_string_append (result, comment); - } - - g_string_append_c (result, '\n'); - - *n_data = result->len; - return (guchar*)g_string_free (result, FALSE); -} diff --git a/daemon/ssh/gkr-ssh-storage.h b/daemon/ssh/gkr-ssh-storage.h deleted file mode 100644 index e3bb5b71..00000000 --- a/daemon/ssh/gkr-ssh-storage.h +++ /dev/null @@ -1,42 +0,0 @@ -#ifndef __GKR_SSH_STORAGE_H__ -#define __GKR_SSH_STORAGE_H__ - -#include <glib-object.h> - -#include "pk/gkr-pk-storage.h" - -#include "pkix/gkr-pkix-types.h" - -G_BEGIN_DECLS - -#define GKR_TYPE_SSH_STORAGE (gkr_ssh_storage_get_type ()) -#define GKR_SSH_STORAGE(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GKR_TYPE_SSH_STORAGE, GkrSshStorage)) -#define GKR_SSH_STORAGE_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), GKR_TYPE_SSH_STORAGE, GObject)) -#define GKR_IS_SSH_STORAGE(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GKR_TYPE_SSH_STORAGE)) -#define GKR_IS_SSH_STORAGE_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GKR_TYPE_SSH_STORAGE)) -#define GKR_SSH_STORAGE_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), GKR_TYPE_SSH_STORAGE, GkrSshStorageClass)) - -typedef struct _GkrSshStorage GkrSshStorage; -typedef struct _GkrSshStorageClass GkrSshStorageClass; - -struct _GkrSshStorage { - GkrPkStorage parent; -}; - -struct _GkrSshStorageClass { - GkrPkStorageClass parent_class; -}; - -GType gkr_ssh_storage_get_type (void) G_GNUC_CONST; - -gboolean gkr_ssh_storage_initialize (void); - -GkrPkixResult gkr_ssh_storage_load_public_key (const guchar *data, gsize n_data, - gcry_sexp_t *sexp, gchar **comment); - -guchar* gkr_ssh_storage_write_public_key (gcry_sexp_t sexp, const gchar *comment, - gsize *n_data); - -G_END_DECLS - -#endif /* __GKR_SSH_STORAGE_H__ */ diff --git a/daemon/ssh/tests/Makefile.am b/daemon/ssh/tests/Makefile.am deleted file mode 100644 index 2a5a7bf2..00000000 --- a/daemon/ssh/tests/Makefile.am +++ /dev/null @@ -1,16 +0,0 @@ - -UNIT_AUTO = \ - unit-test-ssh-storage.c - -UNIT_PROMPT = - -UNIT_LIBS = \ - $(top_builddir)/daemon/ssh/libgkr-ssh.la \ - $(top_builddir)/daemon/pk/libgkr-pk.la \ - $(top_builddir)/daemon/keyrings/libgkr-keyrings.la \ - $(top_builddir)/daemon/pkix/libgkr-pkix.la \ - $(top_builddir)/library/libgnome-keyring-common.la \ - $(top_builddir)/common/libgkr-common.la - -include $(top_srcdir)/tests/test.make - diff --git a/daemon/ssh/tests/unit-test-ssh-storage.c b/daemon/ssh/tests/unit-test-ssh-storage.c deleted file mode 100644 index 7ff56428..00000000 --- a/daemon/ssh/tests/unit-test-ssh-storage.c +++ /dev/null @@ -1,122 +0,0 @@ -/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ -/* unit-test-ssh-storage.c: Test SSH storage - - Copyright (C) 2008 Stefan Walter - - The Gnome Keyring Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. - - The Gnome Keyring Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the Gnome Library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. - - Author: Stef Walter <stef@memberwebs.com> -*/ - -#include "config.h" - -#include "run-auto-test.h" - -#include "common/gkr-location.h" -#include "common/gkr-crypto.h" -#include "egg/egg-secure-memory.h" - -#include "ssh/gkr-ssh-storage.h" - -#include <glib.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -/* - * Each test looks like (on one line): - * void unit_test_xxxxx (CuTest* cu) - * - * Each setup looks like (on one line): - * void unit_setup_xxxxx (void); - * - * Each teardown looks like (on one line): - * void unit_teardown_xxxxx (void); - * - * Tests be run in the order specified here. - */ - -static const gchar *TEST_DSA_KEY = "ssh-dss AAAAB3NzaC1kc3MAAACBAJhgJycWojhw+UkvgFTdrBnCyVAZZPbbGCJ9bvoVb8N75MAmsPZugNInz6j6Iz+sa1nsYlBZnrhg4mXfxeWOTiI6/YDbPdA65P/q4oNDjKIjgBiC135un40+Qz8JGq2JPrU5pElH4jb8NYA4PymuIL7vingUvFK3XJiWSb2ZepNXAAAAFQCWBBXsX/Vi3GpSlG88Z+P8NQqmQQAAAIB0JOhEstQgJKic5Vx+C1MtBS2DX8dQ1TLo4bgzDTbYU4mbqJDUkhhYP2IGFEpuWFxLaCGsWoBfWi98Wz9o1P9TYkbmCiDd8mt7Px5bUR09orMUvHiNaLM9kH0KxUxAifGcrAsATloLJ8ReNJkypB9frjjbN1b/7YDyEP0zSiwDwwAAAIA9syAP6aY0kIdv7yqC5biGJqY170cpJYOE/vFHDVUXrXaTgPsoEQuRMFwHZbhgrVcUTKLJsmIyrpqWZ41PxDHgk1SC9GYDLmb65Pn23NvUDAZKft6E09KGL49LNpitfzLxvZAMLcU+YVCrUJwT/NgPTJ70GFrLs3z8UsKeFFxEUA== Test Comment\n"; -static const gchar *TEST_RSA_KEY = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAz8Ji7Z1/NK7tvHETqSuLWPyn4l0fF6lTTbYf9Jx21RtaNwmaCi9u1Id3wVQMtuuR+0NLoBPyVdDrWi6ap9TkKdNQnnqW4Ang+GZc+9sXzbgWmgXnjKTXo+EcpMJLqpTLXPcaxYtwGIL/K/BE7NJ9i43HPqUG5z8ezE1/iHkfHMk= stef@memberwebs.com\n"; -static const gchar *TEST_COMMENT_KEY = "# a line that shouldn't be parsed \n\nssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAz8Ji7Z1/NK7tvHETqSuLWPyn4l0fF6lTTbYf9Jx21RtaNwmaCi9u1Id3wVQMtuuR+0NLoBPyVdDrWi6ap9TkKdNQnnqW4Ang+GZc+9sXzbgWmgXnjKTXo+EcpMJLqpTLXPcaxYtwGIL/K/BE7NJ9i43HPqUG5z8ezE1/iHkfHMk= stef@memberwebs.com\n# \n"; - -void unit_test_ssh_public_dsa (CuTest* cu) -{ - GkrPkixResult res; - gcry_sexp_t sexp; - gchar *comment; - int algo; - guchar *data; - gsize n_data; - gboolean ret, is_priv; - - res = gkr_ssh_storage_load_public_key ((guchar*)TEST_DSA_KEY, strlen (TEST_DSA_KEY), &sexp, &comment); - CuAssert (cu, "couldn't parse public SSH DSA key", res == GKR_PKIX_SUCCESS); - CuAssert (cu, "Bad comment on public SSH DSA key", comment && strcmp (comment, "Test Comment") == 0); - - ret = gkr_crypto_skey_parse (sexp, &algo, &is_priv, NULL); - CuAssert (cu, "bad SSH DSA key parsed", ret == TRUE); - CuAssert (cu, "wrong algorithm in SSH DSA key parsed", algo == GCRY_PK_DSA); - CuAssert (cu, "bad key type in SSH DSA key parsed", is_priv == FALSE); - - gkr_crypto_sexp_dump (sexp); - - data = gkr_ssh_storage_write_public_key (sexp, comment, &n_data); - CuAssert (cu, "Couldn't write SSH DSA key", data != NULL); - CuAssert (cu, "Written SSH key invalid length", n_data == strlen (TEST_DSA_KEY)); - CuAssert (cu, "Wrote invalid SSH DSA key", strncmp (TEST_DSA_KEY, (gchar*)data, n_data) == 0); -} - -void unit_test_ssh_public_rsa (CuTest *cu) -{ - GkrPkixResult res; - gcry_sexp_t sexp; - gchar *comment; - int algo; - guchar *data, *data2; - gsize n_data, n_data2; - gboolean ret, is_priv; - - /* RSA */ - - res = gkr_ssh_storage_load_public_key ((guchar*)TEST_RSA_KEY, strlen (TEST_RSA_KEY), &sexp, &comment); - CuAssert (cu, "couldn't parse public SSH RSA key", res == GKR_PKIX_SUCCESS); - CuAssert (cu, "Bad comment on public SSH RSA key", comment && strcmp (comment, "stef@memberwebs.com") == 0); - - ret = gkr_crypto_skey_parse (sexp, &algo, &is_priv, NULL); - CuAssert (cu, "bad SSH RSA key parsed", ret == TRUE); - CuAssert (cu, "wrong algorithm in SSH RSA key parsed", algo == GCRY_PK_RSA); - CuAssert (cu, "bad key type in SSH RSA key parsed", is_priv == FALSE); - - gkr_crypto_sexp_dump (sexp); - - data = gkr_ssh_storage_write_public_key (sexp, comment, &n_data); - CuAssert (cu, "Couldn't write SSH RSA key", data != NULL); - CuAssert (cu, "Written SSH key invalid length", n_data == strlen (TEST_RSA_KEY)); - CuAssert (cu, "Wrote invalid SSH RSA key", memcmp (TEST_RSA_KEY, data, n_data) == 0); - - /* The same RSA key with comments */ - - res = gkr_ssh_storage_load_public_key ((guchar*)TEST_COMMENT_KEY, strlen (TEST_COMMENT_KEY), &sexp, &comment); - CuAssert (cu, "couldn't parse public SSH RSA key", res == GKR_PKIX_SUCCESS); - - gkr_crypto_sexp_dump (sexp); - - data2 = gkr_ssh_storage_write_public_key (sexp, comment, &n_data2); - CuAssert (cu, "Couldn't write SSH RSA key", data != NULL); - CuAssert (cu, "Written SSH key invalid length", n_data == n_data2); - CuAssert (cu, "Wrote invalid SSH RSA key", memcmp (data, data2, n_data) == 0); -} diff --git a/po/ChangeLog b/po/ChangeLog index 15bc122e..54d64d4a 100644 --- a/po/ChangeLog +++ b/po/ChangeLog @@ -1,5 +1,6 @@ -2009-01-21 Stef Walter <stef@memberwebs.com> +2009-01-22 Stef Walter <stef@memberwebs.com> + * POTFILES.in: Removed daemon/ssh/gkr-ssh-storage.c * POTFILES.in: Added gcr/gcr-importer.c 2009-01-20 Jorge Gonzalez <jorgegonz@svn.gnome.org> diff --git a/po/POTFILES.in b/po/POTFILES.in index 3fd95b42..bad908b3 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -14,9 +14,9 @@ daemon/pk/gkr-pk-storage.c daemon/pkcs11/gkr-pkcs11-auth.c daemon/pkix/gkr-pkix-parser.c daemon/pkix/gkr-pkix-serialize.c -daemon/ssh/gkr-ssh-storage.c daemon/ui/gkr-ask-tool.c gcr/gcr-import-dialog.glade +gcr/gcr-importer.c gcr/gcr-parser.c gp11/gp11-misc.c library/gnome-keyring-utils.c |