-rw-r--r-- | pwmanager/pwmanager/libgcryptif.cpp | 2 | ||||
-rw-r--r-- | pwmanager/pwmanager/libgcryptif.h | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/pwmanager/pwmanager/libgcryptif.cpp b/pwmanager/pwmanager/libgcryptif.cpp index 8175510..eafd318 100644 --- a/pwmanager/pwmanager/libgcryptif.cpp +++ b/pwmanager/pwmanager/libgcryptif.cpp | |||
@@ -1,146 +1,146 @@ | |||
1 | /*************************************************************************** | 1 | /*************************************************************************** |
2 | * * | 2 | * * |
3 | * copyright (C) 2004 by Michael Buesch * | 3 | * copyright (C) 2004 by Michael Buesch * |
4 | * email: mbuesch@freenet.de * | 4 | * email: mbuesch@freenet.de * |
5 | * * | 5 | * * |
6 | * hashPassphrase() is derived from GnuPG and is * | 6 | * hashPassphrase() is derived from GnuPG and is * |
7 | * Copyright (C) 1998, 1999, 2000, 2001, 2003 * | 7 | * Copyright (C) 1998, 1999, 2000, 2001, 2003 * |
8 | * Free Software Foundation, Inc. * | 8 | * Free Software Foundation, Inc. * |
9 | * * | 9 | * * |
10 | * This program is free software; you can redistribute it and/or modify * | 10 | * This program is free software; you can redistribute it and/or modify * |
11 | * it under the terms of the GNU General Public License version 2 * | 11 | * it under the terms of the GNU General Public License version 2 * |
12 | * as published by the Free Software Foundation. * | 12 | * as published by the Free Software Foundation. * |
13 | * * | 13 | * * |
14 | ***************************************************************************/ | 14 | ***************************************************************************/ |
15 | 15 | ||
16 | /*************************************************************************** | 16 | /*************************************************************************** |
17 | * copyright (C) 2004 by Ulf Schenk | 17 | * copyright (C) 2004 by Ulf Schenk |
18 | * This file is originaly based on version 2.0 of pwmanager | 18 | * This file is originaly based on version 1.1 of pwmanager |
19 | * and was modified to run on embedded devices that run microkde | 19 | * and was modified to run on embedded devices that run microkde |
20 | * | 20 | * |
21 | * $Id$ | 21 | * $Id$ |
22 | **************************************************************************/ | 22 | **************************************************************************/ |
23 | 23 | ||
24 | #include "libgcryptif.h" | 24 | #include "libgcryptif.h" |
25 | 25 | ||
26 | #ifdef CONFIG_PWMANAGER_GCRY | 26 | #ifdef CONFIG_PWMANAGER_GCRY |
27 | 27 | ||
28 | #include "pwmdoc.h" | 28 | #include "pwmdoc.h" |
29 | #include "randomizer.h" | 29 | #include "randomizer.h" |
30 | 30 | ||
31 | #include <gcrypt.h> | 31 | #include <gcrypt.h> |
32 | 32 | ||
33 | #ifdef PWM_EMBEDDED | 33 | #ifdef PWM_EMBEDDED |
34 | #include <pwmprefs.h> | 34 | #include <pwmprefs.h> |
35 | #endif | 35 | #endif |
36 | 36 | ||
37 | 37 | ||
38 | PwMerror LibGCryptIf::encrypt(unsigned char **outBuf, | 38 | PwMerror LibGCryptIf::encrypt(unsigned char **outBuf, |
39 | size_t *outBufLen, | 39 | size_t *outBufLen, |
40 | unsigned char *inBuf, | 40 | unsigned char *inBuf, |
41 | size_t inBufLen, | 41 | size_t inBufLen, |
42 | const unsigned char *key, | 42 | const unsigned char *key, |
43 | size_t keylen, | 43 | size_t keylen, |
44 | char _algo) | 44 | char _algo) |
45 | { | 45 | { |
46 | PwMerror ret = e_success; | 46 | PwMerror ret = e_success; |
47 | gcry_error_t err; | 47 | gcry_error_t err; |
48 | gcry_cipher_hd_t handle; | 48 | gcry_cipher_hd_t handle; |
49 | size_t blklen; | 49 | size_t blklen; |
50 | size_t unpaddedLen = inBufLen; | 50 | size_t unpaddedLen = inBufLen; |
51 | size_t cipherKeylen; | 51 | size_t cipherKeylen; |
52 | unsigned char *hashedKey; | 52 | unsigned char *hashedKey; |
53 | unsigned char salt[STRING2KEY_SALTLEN]; | 53 | unsigned char salt[STRING2KEY_SALTLEN]; |
54 | int algo = mapCipherId(_algo); | 54 | int algo = mapCipherId(_algo); |
55 | 55 | ||
56 | if (!inBufLen || !keylen) | 56 | if (!inBufLen || !keylen) |
57 | return e_invalidArg; | 57 | return e_invalidArg; |
58 | 58 | ||
59 | // test if algo is ready for encryption | 59 | // test if algo is ready for encryption |
60 | err = gcry_cipher_algo_info(algo, | 60 | err = gcry_cipher_algo_info(algo, |
61 | GCRYCTL_TEST_ALGO, | 61 | GCRYCTL_TEST_ALGO, |
62 | 0, 0); | 62 | 0, 0); |
63 | if (err != GPG_ERR_NO_ERROR) { | 63 | if (err != GPG_ERR_NO_ERROR) { |
64 | printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_TEST_ALGO failed: ") | 64 | printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_TEST_ALGO failed: ") |
65 | + gcry_strerror(err)); | 65 | + gcry_strerror(err)); |
66 | ret = e_cryptNotImpl; | 66 | ret = e_cryptNotImpl; |
67 | goto out; | 67 | goto out; |
68 | } | 68 | } |
69 | // get the algo block length | 69 | // get the algo block length |
70 | err = gcry_cipher_algo_info(algo, | 70 | err = gcry_cipher_algo_info(algo, |
71 | GCRYCTL_GET_BLKLEN, | 71 | GCRYCTL_GET_BLKLEN, |
72 | 0, | 72 | 0, |
73 | &blklen); | 73 | &blklen); |
74 | if (err != GPG_ERR_NO_ERROR) { | 74 | if (err != GPG_ERR_NO_ERROR) { |
75 | printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_GET_BLKLEN failed: ") | 75 | printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_GET_BLKLEN failed: ") |
76 | + gcry_strerror(err)); | 76 | + gcry_strerror(err)); |
77 | ret = e_cryptNotImpl; | 77 | ret = e_cryptNotImpl; |
78 | goto out; | 78 | goto out; |
79 | } | 79 | } |
80 | /* double check if we have enough space. | 80 | /* double check if we have enough space. |
81 | * We have only 1024 extra bytes for padding and salt. | 81 | * We have only 1024 extra bytes for padding and salt. |
82 | */ | 82 | */ |
83 | BUG_ON(blklen > 1024 - STRING2KEY_SALTLEN); | 83 | BUG_ON(blklen > 1024 - STRING2KEY_SALTLEN); |
84 | // get the algo key length | 84 | // get the algo key length |
85 | err = gcry_cipher_algo_info(algo, | 85 | err = gcry_cipher_algo_info(algo, |
86 | GCRYCTL_GET_KEYLEN, | 86 | GCRYCTL_GET_KEYLEN, |
87 | 0, | 87 | 0, |
88 | &cipherKeylen); | 88 | &cipherKeylen); |
89 | if (err != GPG_ERR_NO_ERROR) { | 89 | if (err != GPG_ERR_NO_ERROR) { |
90 | printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_GET_KEYLEN failed: ") | 90 | printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_GET_KEYLEN failed: ") |
91 | + gcry_strerror(err)); | 91 | + gcry_strerror(err)); |
92 | ret = e_cryptNotImpl; | 92 | ret = e_cryptNotImpl; |
93 | goto out; | 93 | goto out; |
94 | } | 94 | } |
95 | // now open the algo and get a handle | 95 | // now open the algo and get a handle |
96 | err = gcry_cipher_open(&handle, | 96 | err = gcry_cipher_open(&handle, |
97 | algo, | 97 | algo, |
98 | GCRY_CIPHER_MODE_CBC, | 98 | GCRY_CIPHER_MODE_CBC, |
99 | 0); | 99 | 0); |
100 | if (err != GPG_ERR_NO_ERROR) { | 100 | if (err != GPG_ERR_NO_ERROR) { |
101 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_open() failed: ") | 101 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_open() failed: ") |
102 | + gcry_strerror(err)); | 102 | + gcry_strerror(err)); |
103 | ret = e_cryptNotImpl; | 103 | ret = e_cryptNotImpl; |
104 | goto out; | 104 | goto out; |
105 | } | 105 | } |
106 | // hash the "key" to a fixed size hash matching "cipherKeylen" | 106 | // hash the "key" to a fixed size hash matching "cipherKeylen" |
107 | hashedKey = new unsigned char[cipherKeylen]; | 107 | hashedKey = new unsigned char[cipherKeylen]; |
108 | hashPassphrase(key, keylen, salt, hashedKey, cipherKeylen, true); | 108 | hashPassphrase(key, keylen, salt, hashedKey, cipherKeylen, true); |
109 | // so now set the hashed key | 109 | // so now set the hashed key |
110 | err = gcry_cipher_setkey(handle, hashedKey, cipherKeylen); | 110 | err = gcry_cipher_setkey(handle, hashedKey, cipherKeylen); |
111 | if (err != GPG_ERR_NO_ERROR) { | 111 | if (err != GPG_ERR_NO_ERROR) { |
112 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_setkey() failed: ") | 112 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_setkey() failed: ") |
113 | + gcry_strerror(err)); | 113 | + gcry_strerror(err)); |
114 | ret = e_cryptNotImpl; | 114 | ret = e_cryptNotImpl; |
115 | delete [] hashedKey; | 115 | delete [] hashedKey; |
116 | goto out_close; | 116 | goto out_close; |
117 | } | 117 | } |
118 | delete [] hashedKey; | 118 | delete [] hashedKey; |
119 | /* allocate a buffer for the encrypted data. | 119 | /* allocate a buffer for the encrypted data. |
120 | * The size of the buffer is the inBuf length, but blklen | 120 | * The size of the buffer is the inBuf length, but blklen |
121 | * aligned and plus the length of the salt, that is appended. | 121 | * aligned and plus the length of the salt, that is appended. |
122 | */ | 122 | */ |
123 | *outBufLen = getBufLen(unpaddedLen, blklen) + STRING2KEY_SALTLEN; | 123 | *outBufLen = getBufLen(unpaddedLen, blklen) + STRING2KEY_SALTLEN; |
124 | *outBuf = new unsigned char[*outBufLen]; | 124 | *outBuf = new unsigned char[*outBufLen]; |
125 | padData(inBuf, unpaddedLen, blklen); | 125 | padData(inBuf, unpaddedLen, blklen); |
126 | // encrypt the padded data | 126 | // encrypt the padded data |
127 | err = gcry_cipher_encrypt(handle, | 127 | err = gcry_cipher_encrypt(handle, |
128 | *outBuf, | 128 | *outBuf, |
129 | *outBufLen - STRING2KEY_SALTLEN, | 129 | *outBufLen - STRING2KEY_SALTLEN, |
130 | inBuf, | 130 | inBuf, |
131 | *outBufLen - STRING2KEY_SALTLEN); | 131 | *outBufLen - STRING2KEY_SALTLEN); |
132 | if (err != GPG_ERR_NO_ERROR) { | 132 | if (err != GPG_ERR_NO_ERROR) { |
133 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_encrypt() failed: ") | 133 | printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_encrypt() failed: ") |
134 | + gcry_strerror(err)); | 134 | + gcry_strerror(err)); |
135 | ret = e_cryptNotImpl; | 135 | ret = e_cryptNotImpl; |
136 | goto out_delete; | 136 | goto out_delete; |
137 | } | 137 | } |
138 | // append the salt to the encrypted data | 138 | // append the salt to the encrypted data |
139 | memcpy(*outBuf + *outBufLen - STRING2KEY_SALTLEN, salt, STRING2KEY_SALTLEN); | 139 | memcpy(*outBuf + *outBufLen - STRING2KEY_SALTLEN, salt, STRING2KEY_SALTLEN); |
140 | goto out_close; | 140 | goto out_close; |
141 | out_delete: | 141 | out_delete: |
142 | delete [] *outBuf; | 142 | delete [] *outBuf; |
143 | out_close: | 143 | out_close: |
144 | gcry_cipher_close(handle); | 144 | gcry_cipher_close(handle); |
145 | out: | 145 | out: |
146 | return ret; | 146 | return ret; |
diff --git a/pwmanager/pwmanager/libgcryptif.h b/pwmanager/pwmanager/libgcryptif.h index ce76675..dffd55b 100644 --- a/pwmanager/pwmanager/libgcryptif.h +++ b/pwmanager/pwmanager/libgcryptif.h | |||
@@ -1,146 +1,146 @@ | |||
1 | /*************************************************************************** | 1 | /*************************************************************************** |
2 | * * | 2 | * * |
3 | * copyright (C) 2004 by Michael Buesch * | 3 | * copyright (C) 2004 by Michael Buesch * |
4 | * email: mbuesch@freenet.de * | 4 | * email: mbuesch@freenet.de * |
5 | * * | 5 | * * |
6 | * hashPassphrase() is derived from GnuPG and is * | 6 | * hashPassphrase() is derived from GnuPG and is * |
7 | * Copyright (C) 1998, 1999, 2000, 2001, 2003 * | 7 | * Copyright (C) 1998, 1999, 2000, 2001, 2003 * |
8 | * Free Software Foundation, Inc. * | 8 | * Free Software Foundation, Inc. * |
9 | * * | 9 | * * |
10 | * This program is free software; you can redistribute it and/or modify * | 10 | * This program is free software; you can redistribute it and/or modify * |
11 | * it under the terms of the GNU General Public License version 2 * | 11 | * it under the terms of the GNU General Public License version 2 * |
12 | * as published by the Free Software Foundation. * | 12 | * as published by the Free Software Foundation. * |
13 | * * | 13 | * * |
14 | ***************************************************************************/ | 14 | ***************************************************************************/ |
15 | 15 | ||
16 | /*************************************************************************** | 16 | /*************************************************************************** |
17 | * copyright (C) 2004 by Ulf Schenk | 17 | * copyright (C) 2004 by Ulf Schenk |
18 | * This file is originaly based on version 2.0 of pwmanager | 18 | * This file is originaly based on version 1.1 of pwmanager |
19 | * and was modified to run on embedded devices that run microkde | 19 | * and was modified to run on embedded devices that run microkde |
20 | * | 20 | * |
21 | * $Id$ | 21 | * $Id$ |
22 | **************************************************************************/ | 22 | **************************************************************************/ |
23 | 23 | ||
24 | #ifndef __LIBGCRYPTIF_H | 24 | #ifndef __LIBGCRYPTIF_H |
25 | #define __LIBGCRYPTIF_H | 25 | #define __LIBGCRYPTIF_H |
26 | 26 | ||
27 | #include "pwmexception.h" | 27 | #include "pwmexception.h" |
28 | 28 | ||
29 | //#undef CONFIG_PWMANAGER_GCRY // for debugging only. | 29 | //#undef CONFIG_PWMANAGER_GCRY // for debugging only. |
30 | #ifdef CONFIG_PWMANAGER_GCRY | 30 | #ifdef CONFIG_PWMANAGER_GCRY |
31 | 31 | ||
32 | #include <stddef.h> | 32 | #include <stddef.h> |
33 | #include <sys/types.h> | 33 | #include <sys/types.h> |
34 | #include <stdint.h> | 34 | #include <stdint.h> |
35 | 35 | ||
36 | #define STRING2KEY_SALTLEN8 | 36 | #define STRING2KEY_SALTLEN8 |
37 | 37 | ||
38 | /** interface class for the libgcrypt cipher and hash algorithms | 38 | /** interface class for the libgcrypt cipher and hash algorithms |
39 | * NOTE: Always allocate 1024 extra bytes for the inBuf (for padding) | 39 | * NOTE: Always allocate 1024 extra bytes for the inBuf (for padding) |
40 | */ | 40 | */ |
41 | class LibGCryptIf | 41 | class LibGCryptIf |
42 | { | 42 | { |
43 | protected: | 43 | protected: |
44 | struct STRING2KEY | 44 | struct STRING2KEY |
45 | { | 45 | { |
46 | int mode; | 46 | int mode; |
47 | int hash_algo; | 47 | int hash_algo; |
48 | uint8_t salt[STRING2KEY_SALTLEN]; | 48 | uint8_t salt[STRING2KEY_SALTLEN]; |
49 | uint32_t count; | 49 | uint32_t count; |
50 | }; | 50 | }; |
51 | struct DEK | 51 | struct DEK |
52 | { | 52 | { |
53 | size_t keylen; | 53 | size_t keylen; |
54 | uint8_t key[32]; // this is the largest used keylen (256 bit) | 54 | uint8_t key[32]; // this is the largest used keylen (256 bit) |
55 | }; | 55 | }; |
56 | 56 | ||
57 | public: | 57 | public: |
58 | LibGCryptIf() { } | 58 | LibGCryptIf() { } |
59 | /** is libgcrypt available? */ | 59 | /** is libgcrypt available? */ |
60 | static bool available() | 60 | static bool available() |
61 | { return true; } | 61 | { return true; } |
62 | /** encrypt data. _algo is the PWM_CRYPT_* ID | 62 | /** encrypt data. _algo is the PWM_CRYPT_* ID |
63 | * of the algorithm. | 63 | * of the algorithm. |
64 | */ | 64 | */ |
65 | PwMerror encrypt(unsigned char **outBuf, | 65 | PwMerror encrypt(unsigned char **outBuf, |
66 | size_t *outBufLen, | 66 | size_t *outBufLen, |
67 | unsigned char *inBuf, | 67 | unsigned char *inBuf, |
68 | size_t inBufLen, | 68 | size_t inBufLen, |
69 | const unsigned char *key, | 69 | const unsigned char *key, |
70 | size_t keylen, | 70 | size_t keylen, |
71 | char _algo); | 71 | char _algo); |
72 | /** decrypt data. _algo is the PWM_CRYPT_* ID | 72 | /** decrypt data. _algo is the PWM_CRYPT_* ID |
73 | * of the algorithm. | 73 | * of the algorithm. |
74 | */ | 74 | */ |
75 | PwMerror decrypt(unsigned char **outBuf, | 75 | PwMerror decrypt(unsigned char **outBuf, |
76 | size_t *outBufLen, | 76 | size_t *outBufLen, |
77 | const unsigned char *inBuf, | 77 | const unsigned char *inBuf, |
78 | size_t inBufLen, | 78 | size_t inBufLen, |
79 | const unsigned char *key, | 79 | const unsigned char *key, |
80 | size_t keylen, | 80 | size_t keylen, |
81 | char _algo); | 81 | char _algo); |
82 | /** hash data. _algo is the PWM_HASH_* ID of the hash */ | 82 | /** hash data. _algo is the PWM_HASH_* ID of the hash */ |
83 | PwMerror hash(unsigned char **outBuf, | 83 | PwMerror hash(unsigned char **outBuf, |
84 | size_t *outBufLen, | 84 | size_t *outBufLen, |
85 | const unsigned char *inBuf, | 85 | const unsigned char *inBuf, |
86 | size_t inBufLen, | 86 | size_t inBufLen, |
87 | char _algo); | 87 | char _algo); |
88 | /** returns the length of the hash. _algo is the PWM_HASH_* | 88 | /** returns the length of the hash. _algo is the PWM_HASH_* |
89 | * id of the hash. returns 0 on error. | 89 | * id of the hash. returns 0 on error. |
90 | */ | 90 | */ |
91 | unsigned int hashLength(char _algo); | 91 | unsigned int hashLength(char _algo); |
92 | 92 | ||
93 | protected: | 93 | protected: |
94 | /** returns the total buffer length */ | 94 | /** returns the total buffer length */ |
95 | size_t getBufLen(size_t inBufLen, size_t boundary) | 95 | size_t getBufLen(size_t inBufLen, size_t boundary) |
96 | { | 96 | { |
97 | return ((boundary - (inBufLen % boundary)) + inBufLen); | 97 | return ((boundary - (inBufLen % boundary)) + inBufLen); |
98 | } | 98 | } |
99 | /** pad the data up to the given boundary. | 99 | /** pad the data up to the given boundary. |
100 | * "buf" has to be big enough! | 100 | * "buf" has to be big enough! |
101 | */ | 101 | */ |
102 | void padData(unsigned char *buf, | 102 | void padData(unsigned char *buf, |
103 | size_t bufLen, | 103 | size_t bufLen, |
104 | size_t boundary); | 104 | size_t boundary); |
105 | /** unpad the data */ | 105 | /** unpad the data */ |
106 | void unpadData(const unsigned char *buf, | 106 | void unpadData(const unsigned char *buf, |
107 | size_t *bufLen); | 107 | size_t *bufLen); |
108 | /** maps the PWM_CRYPT_* ID of an algorithm | 108 | /** maps the PWM_CRYPT_* ID of an algorithm |
109 | * to the libgcrypt GCRY_CIPHER_* ID | 109 | * to the libgcrypt GCRY_CIPHER_* ID |
110 | */ | 110 | */ |
111 | int mapCipherId(char algo); | 111 | int mapCipherId(char algo); |
112 | /** maps the PWM_HASH_* ID of an algorithm | 112 | /** maps the PWM_HASH_* ID of an algorithm |
113 | * to the libgcrypt GCRY_MD_* ID | 113 | * to the libgcrypt GCRY_MD_* ID |
114 | */ | 114 | */ |
115 | int mapHashId(char algo); | 115 | int mapHashId(char algo); |
116 | /** hash a passphrase to a cipher key */ | 116 | /** hash a passphrase to a cipher key */ |
117 | bool hashPassphrase(const unsigned char *pw, | 117 | bool hashPassphrase(const unsigned char *pw, |
118 | size_t pwlen, | 118 | size_t pwlen, |
119 | unsigned char *salt, | 119 | unsigned char *salt, |
120 | unsigned char *key, | 120 | unsigned char *key, |
121 | size_t keylen, | 121 | size_t keylen, |
122 | bool create); | 122 | bool create); |
123 | /** hash a passphrase to a cipher key */ | 123 | /** hash a passphrase to a cipher key */ |
124 | bool doHashPassphrase(DEK *dek, | 124 | bool doHashPassphrase(DEK *dek, |
125 | const unsigned char *pw, | 125 | const unsigned char *pw, |
126 | size_t pwlen, | 126 | size_t pwlen, |
127 | STRING2KEY *s2k, | 127 | STRING2KEY *s2k, |
128 | bool create); | 128 | bool create); |
129 | }; | 129 | }; |
130 | 130 | ||
131 | 131 | ||
132 | #else // CONFIG_PWMANAGER_GCRY | 132 | #else // CONFIG_PWMANAGER_GCRY |
133 | /** libgcrypt is not installed. This is a NOP wrapper. */ | 133 | /** libgcrypt is not installed. This is a NOP wrapper. */ |
134 | class LibGCryptIf | 134 | class LibGCryptIf |
135 | { | 135 | { |
136 | public: | 136 | public: |
137 | LibGCryptIf() { } | 137 | LibGCryptIf() { } |
138 | static bool available() | 138 | static bool available() |
139 | { return false; } | 139 | { return false; } |
140 | PwMerror encrypt(unsigned char **, | 140 | PwMerror encrypt(unsigned char **, |
141 | size_t *, | 141 | size_t *, |
142 | unsigned char *, | 142 | unsigned char *, |
143 | size_t, | 143 | size_t, |
144 | const unsigned char *, | 144 | const unsigned char *, |
145 | size_t, | 145 | size_t, |
146 | char) | 146 | char) |