summaryrefslogtreecommitdiffabout
Unidiff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--pwmanager/pwmanager/libgcryptif.cpp2
-rw-r--r--pwmanager/pwmanager/libgcryptif.h2
2 files changed, 2 insertions, 2 deletions
diff --git a/pwmanager/pwmanager/libgcryptif.cpp b/pwmanager/pwmanager/libgcryptif.cpp
index 8175510..eafd318 100644
--- a/pwmanager/pwmanager/libgcryptif.cpp
+++ b/pwmanager/pwmanager/libgcryptif.cpp
@@ -1,146 +1,146 @@
1/*************************************************************************** 1/***************************************************************************
2 * * 2 * *
3 * copyright (C) 2004 by Michael Buesch * 3 * copyright (C) 2004 by Michael Buesch *
4 * email: mbuesch@freenet.de * 4 * email: mbuesch@freenet.de *
5 * * 5 * *
6 * hashPassphrase() is derived from GnuPG and is * 6 * hashPassphrase() is derived from GnuPG and is *
7 * Copyright (C) 1998, 1999, 2000, 2001, 2003 * 7 * Copyright (C) 1998, 1999, 2000, 2001, 2003 *
8 * Free Software Foundation, Inc. * 8 * Free Software Foundation, Inc. *
9 * * 9 * *
10 * This program is free software; you can redistribute it and/or modify * 10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License version 2 * 11 * it under the terms of the GNU General Public License version 2 *
12 * as published by the Free Software Foundation. * 12 * as published by the Free Software Foundation. *
13 * * 13 * *
14 ***************************************************************************/ 14 ***************************************************************************/
15 15
16/*************************************************************************** 16/***************************************************************************
17 * copyright (C) 2004 by Ulf Schenk 17 * copyright (C) 2004 by Ulf Schenk
18 * This file is originaly based on version 2.0 of pwmanager 18 * This file is originaly based on version 1.1 of pwmanager
19 * and was modified to run on embedded devices that run microkde 19 * and was modified to run on embedded devices that run microkde
20 * 20 *
21 * $Id$ 21 * $Id$
22 **************************************************************************/ 22 **************************************************************************/
23 23
24#include "libgcryptif.h" 24#include "libgcryptif.h"
25 25
26#ifdef CONFIG_PWMANAGER_GCRY 26#ifdef CONFIG_PWMANAGER_GCRY
27 27
28#include "pwmdoc.h" 28#include "pwmdoc.h"
29#include "randomizer.h" 29#include "randomizer.h"
30 30
31#include <gcrypt.h> 31#include <gcrypt.h>
32 32
33#ifdef PWM_EMBEDDED 33#ifdef PWM_EMBEDDED
34#include <pwmprefs.h> 34#include <pwmprefs.h>
35#endif 35#endif
36 36
37 37
38PwMerror LibGCryptIf::encrypt(unsigned char **outBuf, 38PwMerror LibGCryptIf::encrypt(unsigned char **outBuf,
39 size_t *outBufLen, 39 size_t *outBufLen,
40 unsigned char *inBuf, 40 unsigned char *inBuf,
41 size_t inBufLen, 41 size_t inBufLen,
42 const unsigned char *key, 42 const unsigned char *key,
43 size_t keylen, 43 size_t keylen,
44 char _algo) 44 char _algo)
45{ 45{
46 PwMerror ret = e_success; 46 PwMerror ret = e_success;
47 gcry_error_t err; 47 gcry_error_t err;
48 gcry_cipher_hd_t handle; 48 gcry_cipher_hd_t handle;
49 size_t blklen; 49 size_t blklen;
50 size_t unpaddedLen = inBufLen; 50 size_t unpaddedLen = inBufLen;
51 size_t cipherKeylen; 51 size_t cipherKeylen;
52 unsigned char *hashedKey; 52 unsigned char *hashedKey;
53 unsigned char salt[STRING2KEY_SALTLEN]; 53 unsigned char salt[STRING2KEY_SALTLEN];
54 int algo = mapCipherId(_algo); 54 int algo = mapCipherId(_algo);
55 55
56 if (!inBufLen || !keylen) 56 if (!inBufLen || !keylen)
57 return e_invalidArg; 57 return e_invalidArg;
58 58
59 // test if algo is ready for encryption 59 // test if algo is ready for encryption
60 err = gcry_cipher_algo_info(algo, 60 err = gcry_cipher_algo_info(algo,
61 GCRYCTL_TEST_ALGO, 61 GCRYCTL_TEST_ALGO,
62 0, 0); 62 0, 0);
63 if (err != GPG_ERR_NO_ERROR) { 63 if (err != GPG_ERR_NO_ERROR) {
64 printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_TEST_ALGO failed: ") 64 printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_TEST_ALGO failed: ")
65 + gcry_strerror(err)); 65 + gcry_strerror(err));
66 ret = e_cryptNotImpl; 66 ret = e_cryptNotImpl;
67 goto out; 67 goto out;
68 } 68 }
69 // get the algo block length 69 // get the algo block length
70 err = gcry_cipher_algo_info(algo, 70 err = gcry_cipher_algo_info(algo,
71 GCRYCTL_GET_BLKLEN, 71 GCRYCTL_GET_BLKLEN,
72 0, 72 0,
73 &blklen); 73 &blklen);
74 if (err != GPG_ERR_NO_ERROR) { 74 if (err != GPG_ERR_NO_ERROR) {
75 printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_GET_BLKLEN failed: ") 75 printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_GET_BLKLEN failed: ")
76 + gcry_strerror(err)); 76 + gcry_strerror(err));
77 ret = e_cryptNotImpl; 77 ret = e_cryptNotImpl;
78 goto out; 78 goto out;
79 } 79 }
80 /* double check if we have enough space. 80 /* double check if we have enough space.
81 * We have only 1024 extra bytes for padding and salt. 81 * We have only 1024 extra bytes for padding and salt.
82 */ 82 */
83 BUG_ON(blklen > 1024 - STRING2KEY_SALTLEN); 83 BUG_ON(blklen > 1024 - STRING2KEY_SALTLEN);
84 // get the algo key length 84 // get the algo key length
85 err = gcry_cipher_algo_info(algo, 85 err = gcry_cipher_algo_info(algo,
86 GCRYCTL_GET_KEYLEN, 86 GCRYCTL_GET_KEYLEN,
87 0, 87 0,
88 &cipherKeylen); 88 &cipherKeylen);
89 if (err != GPG_ERR_NO_ERROR) { 89 if (err != GPG_ERR_NO_ERROR) {
90 printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_GET_KEYLEN failed: ") 90 printDebug(string("LibGCryptIf::doEncrypt(): GCRYCTL_GET_KEYLEN failed: ")
91 + gcry_strerror(err)); 91 + gcry_strerror(err));
92 ret = e_cryptNotImpl; 92 ret = e_cryptNotImpl;
93 goto out; 93 goto out;
94 } 94 }
95 // now open the algo and get a handle 95 // now open the algo and get a handle
96 err = gcry_cipher_open(&handle, 96 err = gcry_cipher_open(&handle,
97 algo, 97 algo,
98 GCRY_CIPHER_MODE_CBC, 98 GCRY_CIPHER_MODE_CBC,
99 0); 99 0);
100 if (err != GPG_ERR_NO_ERROR) { 100 if (err != GPG_ERR_NO_ERROR) {
101 printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_open() failed: ") 101 printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_open() failed: ")
102 + gcry_strerror(err)); 102 + gcry_strerror(err));
103 ret = e_cryptNotImpl; 103 ret = e_cryptNotImpl;
104 goto out; 104 goto out;
105 } 105 }
106 // hash the "key" to a fixed size hash matching "cipherKeylen" 106 // hash the "key" to a fixed size hash matching "cipherKeylen"
107 hashedKey = new unsigned char[cipherKeylen]; 107 hashedKey = new unsigned char[cipherKeylen];
108 hashPassphrase(key, keylen, salt, hashedKey, cipherKeylen, true); 108 hashPassphrase(key, keylen, salt, hashedKey, cipherKeylen, true);
109 // so now set the hashed key 109 // so now set the hashed key
110 err = gcry_cipher_setkey(handle, hashedKey, cipherKeylen); 110 err = gcry_cipher_setkey(handle, hashedKey, cipherKeylen);
111 if (err != GPG_ERR_NO_ERROR) { 111 if (err != GPG_ERR_NO_ERROR) {
112 printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_setkey() failed: ") 112 printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_setkey() failed: ")
113 + gcry_strerror(err)); 113 + gcry_strerror(err));
114 ret = e_cryptNotImpl; 114 ret = e_cryptNotImpl;
115 delete [] hashedKey; 115 delete [] hashedKey;
116 goto out_close; 116 goto out_close;
117 } 117 }
118 delete [] hashedKey; 118 delete [] hashedKey;
119 /* allocate a buffer for the encrypted data. 119 /* allocate a buffer for the encrypted data.
120 * The size of the buffer is the inBuf length, but blklen 120 * The size of the buffer is the inBuf length, but blklen
121 * aligned and plus the length of the salt, that is appended. 121 * aligned and plus the length of the salt, that is appended.
122 */ 122 */
123 *outBufLen = getBufLen(unpaddedLen, blklen) + STRING2KEY_SALTLEN; 123 *outBufLen = getBufLen(unpaddedLen, blklen) + STRING2KEY_SALTLEN;
124 *outBuf = new unsigned char[*outBufLen]; 124 *outBuf = new unsigned char[*outBufLen];
125 padData(inBuf, unpaddedLen, blklen); 125 padData(inBuf, unpaddedLen, blklen);
126 // encrypt the padded data 126 // encrypt the padded data
127 err = gcry_cipher_encrypt(handle, 127 err = gcry_cipher_encrypt(handle,
128 *outBuf, 128 *outBuf,
129 *outBufLen - STRING2KEY_SALTLEN, 129 *outBufLen - STRING2KEY_SALTLEN,
130 inBuf, 130 inBuf,
131 *outBufLen - STRING2KEY_SALTLEN); 131 *outBufLen - STRING2KEY_SALTLEN);
132 if (err != GPG_ERR_NO_ERROR) { 132 if (err != GPG_ERR_NO_ERROR) {
133 printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_encrypt() failed: ") 133 printDebug(string("LibGCryptIf::doEncrypt(): gcry_cipher_encrypt() failed: ")
134 + gcry_strerror(err)); 134 + gcry_strerror(err));
135 ret = e_cryptNotImpl; 135 ret = e_cryptNotImpl;
136 goto out_delete; 136 goto out_delete;
137 } 137 }
138 // append the salt to the encrypted data 138 // append the salt to the encrypted data
139 memcpy(*outBuf + *outBufLen - STRING2KEY_SALTLEN, salt, STRING2KEY_SALTLEN); 139 memcpy(*outBuf + *outBufLen - STRING2KEY_SALTLEN, salt, STRING2KEY_SALTLEN);
140 goto out_close; 140 goto out_close;
141out_delete: 141out_delete:
142 delete [] *outBuf; 142 delete [] *outBuf;
143out_close: 143out_close:
144 gcry_cipher_close(handle); 144 gcry_cipher_close(handle);
145out: 145out:
146 return ret; 146 return ret;
diff --git a/pwmanager/pwmanager/libgcryptif.h b/pwmanager/pwmanager/libgcryptif.h
index ce76675..dffd55b 100644
--- a/pwmanager/pwmanager/libgcryptif.h
+++ b/pwmanager/pwmanager/libgcryptif.h
@@ -1,146 +1,146 @@
1/*************************************************************************** 1/***************************************************************************
2 * * 2 * *
3 * copyright (C) 2004 by Michael Buesch * 3 * copyright (C) 2004 by Michael Buesch *
4 * email: mbuesch@freenet.de * 4 * email: mbuesch@freenet.de *
5 * * 5 * *
6 * hashPassphrase() is derived from GnuPG and is * 6 * hashPassphrase() is derived from GnuPG and is *
7 * Copyright (C) 1998, 1999, 2000, 2001, 2003 * 7 * Copyright (C) 1998, 1999, 2000, 2001, 2003 *
8 * Free Software Foundation, Inc. * 8 * Free Software Foundation, Inc. *
9 * * 9 * *
10 * This program is free software; you can redistribute it and/or modify * 10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License version 2 * 11 * it under the terms of the GNU General Public License version 2 *
12 * as published by the Free Software Foundation. * 12 * as published by the Free Software Foundation. *
13 * * 13 * *
14 ***************************************************************************/ 14 ***************************************************************************/
15 15
16/*************************************************************************** 16/***************************************************************************
17 * copyright (C) 2004 by Ulf Schenk 17 * copyright (C) 2004 by Ulf Schenk
18 * This file is originaly based on version 2.0 of pwmanager 18 * This file is originaly based on version 1.1 of pwmanager
19 * and was modified to run on embedded devices that run microkde 19 * and was modified to run on embedded devices that run microkde
20 * 20 *
21 * $Id$ 21 * $Id$
22 **************************************************************************/ 22 **************************************************************************/
23 23
24#ifndef __LIBGCRYPTIF_H 24#ifndef __LIBGCRYPTIF_H
25#define __LIBGCRYPTIF_H 25#define __LIBGCRYPTIF_H
26 26
27#include "pwmexception.h" 27#include "pwmexception.h"
28 28
29//#undef CONFIG_PWMANAGER_GCRY // for debugging only. 29//#undef CONFIG_PWMANAGER_GCRY // for debugging only.
30#ifdef CONFIG_PWMANAGER_GCRY 30#ifdef CONFIG_PWMANAGER_GCRY
31 31
32#include <stddef.h> 32#include <stddef.h>
33#include <sys/types.h> 33#include <sys/types.h>
34#include <stdint.h> 34#include <stdint.h>
35 35
36 #define STRING2KEY_SALTLEN8 36 #define STRING2KEY_SALTLEN8
37 37
38/** interface class for the libgcrypt cipher and hash algorithms 38/** interface class for the libgcrypt cipher and hash algorithms
39 * NOTE: Always allocate 1024 extra bytes for the inBuf (for padding) 39 * NOTE: Always allocate 1024 extra bytes for the inBuf (for padding)
40 */ 40 */
41class LibGCryptIf 41class LibGCryptIf
42{ 42{
43protected: 43protected:
44 struct STRING2KEY 44 struct STRING2KEY
45 { 45 {
46 int mode; 46 int mode;
47 int hash_algo; 47 int hash_algo;
48 uint8_t salt[STRING2KEY_SALTLEN]; 48 uint8_t salt[STRING2KEY_SALTLEN];
49 uint32_t count; 49 uint32_t count;
50 }; 50 };
51 struct DEK 51 struct DEK
52 { 52 {
53 size_t keylen; 53 size_t keylen;
54 uint8_t key[32]; // this is the largest used keylen (256 bit) 54 uint8_t key[32]; // this is the largest used keylen (256 bit)
55 }; 55 };
56 56
57public: 57public:
58 LibGCryptIf() { } 58 LibGCryptIf() { }
59 /** is libgcrypt available? */ 59 /** is libgcrypt available? */
60 static bool available() 60 static bool available()
61 { return true; } 61 { return true; }
62 /** encrypt data. _algo is the PWM_CRYPT_* ID 62 /** encrypt data. _algo is the PWM_CRYPT_* ID
63 * of the algorithm. 63 * of the algorithm.
64 */ 64 */
65 PwMerror encrypt(unsigned char **outBuf, 65 PwMerror encrypt(unsigned char **outBuf,
66 size_t *outBufLen, 66 size_t *outBufLen,
67 unsigned char *inBuf, 67 unsigned char *inBuf,
68 size_t inBufLen, 68 size_t inBufLen,
69 const unsigned char *key, 69 const unsigned char *key,
70 size_t keylen, 70 size_t keylen,
71 char _algo); 71 char _algo);
72 /** decrypt data. _algo is the PWM_CRYPT_* ID 72 /** decrypt data. _algo is the PWM_CRYPT_* ID
73 * of the algorithm. 73 * of the algorithm.
74 */ 74 */
75 PwMerror decrypt(unsigned char **outBuf, 75 PwMerror decrypt(unsigned char **outBuf,
76 size_t *outBufLen, 76 size_t *outBufLen,
77 const unsigned char *inBuf, 77 const unsigned char *inBuf,
78 size_t inBufLen, 78 size_t inBufLen,
79 const unsigned char *key, 79 const unsigned char *key,
80 size_t keylen, 80 size_t keylen,
81 char _algo); 81 char _algo);
82 /** hash data. _algo is the PWM_HASH_* ID of the hash */ 82 /** hash data. _algo is the PWM_HASH_* ID of the hash */
83 PwMerror hash(unsigned char **outBuf, 83 PwMerror hash(unsigned char **outBuf,
84 size_t *outBufLen, 84 size_t *outBufLen,
85 const unsigned char *inBuf, 85 const unsigned char *inBuf,
86 size_t inBufLen, 86 size_t inBufLen,
87 char _algo); 87 char _algo);
88 /** returns the length of the hash. _algo is the PWM_HASH_* 88 /** returns the length of the hash. _algo is the PWM_HASH_*
89 * id of the hash. returns 0 on error. 89 * id of the hash. returns 0 on error.
90 */ 90 */
91 unsigned int hashLength(char _algo); 91 unsigned int hashLength(char _algo);
92 92
93protected: 93protected:
94 /** returns the total buffer length */ 94 /** returns the total buffer length */
95 size_t getBufLen(size_t inBufLen, size_t boundary) 95 size_t getBufLen(size_t inBufLen, size_t boundary)
96 { 96 {
97 return ((boundary - (inBufLen % boundary)) + inBufLen); 97 return ((boundary - (inBufLen % boundary)) + inBufLen);
98 } 98 }
99 /** pad the data up to the given boundary. 99 /** pad the data up to the given boundary.
100 * "buf" has to be big enough! 100 * "buf" has to be big enough!
101 */ 101 */
102 void padData(unsigned char *buf, 102 void padData(unsigned char *buf,
103 size_t bufLen, 103 size_t bufLen,
104 size_t boundary); 104 size_t boundary);
105 /** unpad the data */ 105 /** unpad the data */
106 void unpadData(const unsigned char *buf, 106 void unpadData(const unsigned char *buf,
107 size_t *bufLen); 107 size_t *bufLen);
108 /** maps the PWM_CRYPT_* ID of an algorithm 108 /** maps the PWM_CRYPT_* ID of an algorithm
109 * to the libgcrypt GCRY_CIPHER_* ID 109 * to the libgcrypt GCRY_CIPHER_* ID
110 */ 110 */
111 int mapCipherId(char algo); 111 int mapCipherId(char algo);
112 /** maps the PWM_HASH_* ID of an algorithm 112 /** maps the PWM_HASH_* ID of an algorithm
113 * to the libgcrypt GCRY_MD_* ID 113 * to the libgcrypt GCRY_MD_* ID
114 */ 114 */
115 int mapHashId(char algo); 115 int mapHashId(char algo);
116 /** hash a passphrase to a cipher key */ 116 /** hash a passphrase to a cipher key */
117 bool hashPassphrase(const unsigned char *pw, 117 bool hashPassphrase(const unsigned char *pw,
118 size_t pwlen, 118 size_t pwlen,
119 unsigned char *salt, 119 unsigned char *salt,
120 unsigned char *key, 120 unsigned char *key,
121 size_t keylen, 121 size_t keylen,
122 bool create); 122 bool create);
123 /** hash a passphrase to a cipher key */ 123 /** hash a passphrase to a cipher key */
124 bool doHashPassphrase(DEK *dek, 124 bool doHashPassphrase(DEK *dek,
125 const unsigned char *pw, 125 const unsigned char *pw,
126 size_t pwlen, 126 size_t pwlen,
127 STRING2KEY *s2k, 127 STRING2KEY *s2k,
128 bool create); 128 bool create);
129}; 129};
130 130
131 131
132#else // CONFIG_PWMANAGER_GCRY 132#else // CONFIG_PWMANAGER_GCRY
133/** libgcrypt is not installed. This is a NOP wrapper. */ 133/** libgcrypt is not installed. This is a NOP wrapper. */
134class LibGCryptIf 134class LibGCryptIf
135{ 135{
136public: 136public:
137 LibGCryptIf() { } 137 LibGCryptIf() { }
138 static bool available() 138 static bool available()
139 { return false; } 139 { return false; }
140 PwMerror encrypt(unsigned char **, 140 PwMerror encrypt(unsigned char **,
141 size_t *, 141 size_t *,
142 unsigned char *, 142 unsigned char *,
143 size_t, 143 size_t,
144 const unsigned char *, 144 const unsigned char *,
145 size_t, 145 size_t,
146 char) 146 char)