X-Git-Url: http://git.tuebingen.mpg.de/?a=blobdiff_plain;f=gcrypt.c;h=763fa6de3252d2f5f188fc3f447f2029d0f5775a;hb=9055c71be97f1095dcdbd83da305b600f204f763;hp=69c2c34f0b4e87fd57b0c22f2a6d7725eaaaa043;hpb=74f74cde7afdba9cfe316998aba9286764bb5d34;p=paraslash.git diff --git a/gcrypt.c b/gcrypt.c index 69c2c34f..763fa6de 100644 --- a/gcrypt.c +++ b/gcrypt.c @@ -12,7 +12,6 @@ #include "crypt_backend.h" #include "fd.h" #include "base64.h" -#include "portable_io.h" //#define GCRYPT_DEBUG 1 @@ -47,6 +46,22 @@ void hash_function(const char *data, unsigned long len, unsigned char *hash) gcry_md_close(handle); } +void hash2_function(const char *data, unsigned long len, unsigned char *hash) +{ + gcry_error_t gret; + gcry_md_hd_t handle; + unsigned char *md; + + gret = gcry_md_open(&handle, GCRY_MD_SHA256, 0); + assert(gret == 0); + gcry_md_write(handle, data, (size_t)len); + gcry_md_final(handle); + md = gcry_md_read(handle, GCRY_MD_SHA256); + assert(md); + memcpy(hash, md, HASH2_SIZE); + gcry_md_close(handle); +} + void get_random_bytes_or_die(unsigned char *buf, int num) { gcry_randomize(buf, (size_t)num, GCRY_STRONG_RANDOM); @@ -107,84 +122,6 @@ static const char *gcrypt_strerror(gcry_error_t gret) return gcry_strerror(gcry_err_code(gret)); } -/** Private PEM keys (legacy format) start with this header. */ -#define PRIVATE_PEM_KEY_HEADER "-----BEGIN RSA PRIVATE KEY-----" -/** Private OPENSSH keys (RFC4716) start with this header. */ -#define PRIVATE_OPENSSH_KEY_HEADER "-----BEGIN OPENSSH PRIVATE KEY-----" -/** Private PEM keys (legacy format) end with this footer. */ -#define PRIVATE_PEM_KEY_FOOTER "-----END RSA PRIVATE KEY-----" -/** Private OPENSSH keys (RFC4716) end with this footer. */ -#define PRIVATE_OPENSSH_KEY_FOOTER "-----END OPENSSH PRIVATE KEY-----" -/** Legacy PEM keys (openssh-7.7 and earlier, paraslash.0.6.2 and earlier) */ -#define PKT_PEM (0) -/** OPENSSH keys (since openssh-7.8, paraslash.0.6.3) */ -#define PKT_OPENSSH (1) - -static int decode_private_key(const char *key_file, unsigned char **result, - size_t *blob_size) -{ - int ret, ret2, i, j, key_type; - void *map; - size_t map_size, key_size; - unsigned char *blob = NULL; - char *begin, *footer, *key; - - ret = mmap_full_file(key_file, O_RDONLY, &map, &map_size, NULL); - if (ret < 0) - goto out; - ret = -E_KEY_MARKER; - if (strncmp(map, PRIVATE_PEM_KEY_HEADER, - strlen(PRIVATE_PEM_KEY_HEADER)) == 0) { - key_type = PKT_PEM; - begin = map + strlen(PRIVATE_PEM_KEY_HEADER); - footer = strstr(map, PRIVATE_PEM_KEY_FOOTER); - PARA_INFO_LOG("detected legacy PEM key %s\n", key_file); - } else if (strncmp(map, PRIVATE_OPENSSH_KEY_HEADER, - strlen(PRIVATE_OPENSSH_KEY_HEADER)) == 0) { - key_type = PKT_OPENSSH; - begin = map + strlen(PRIVATE_OPENSSH_KEY_HEADER); - footer = strstr(map, PRIVATE_OPENSSH_KEY_FOOTER); - PARA_INFO_LOG("detected openssh key %s\n", key_file); - } else - goto unmap; - if (!footer) - goto unmap; - /* skip whitespace at the beginning */ - for (; begin < footer; begin++) { - if (para_isspace(*begin)) - continue; - break; - } - ret = -E_KEY_MARKER; - if (begin >= footer) - goto unmap; - - key_size = footer - begin; - key = para_malloc(key_size + 1); - for (i = 0, j = 0; begin + i < footer; i++) { - if (para_isspace(begin[i])) - continue; - key[j++] = begin[i]; - } - key[j] = '\0'; - ret = base64_decode(key, j, (char **)&blob, blob_size); - free(key); - if (ret < 0) - goto unmap; - ret = key_type; -unmap: - ret2 = para_munmap(map, map_size); - if (ret >= 0 && ret2 < 0) - ret = ret2; - if (ret < 0) { - free(blob); - blob = NULL; - } -out: - *result = blob; - return ret; -} - /** ASN Types and their code. */ enum asn1_types { /** The next object is an integer. */ @@ -469,7 +406,7 @@ static int get_private_key(const char *key_file, struct asymmetric_key **result) ret = -E_SEXP_BUILD; goto free_params; } - key = para_malloc(sizeof(*key)); + key = alloc(sizeof(*key)); key->sexp = sexp; *result = key; ret = bits; @@ -519,7 +456,7 @@ int apc_get_pubkey(const char *key_file, struct asymmetric_key **result) goto release_n; } PARA_INFO_LOG("successfully read %u bit ssh public key\n", bits); - key = para_malloc(sizeof(*key)); + key = alloc(sizeof(*key)); key->num_bytes = ret; key->sexp = sexp; *result = key; @@ -687,7 +624,7 @@ struct stream_cipher { struct stream_cipher *sc_new(const unsigned char *data, int len) { gcry_error_t gret; - struct stream_cipher *sc = para_malloc(sizeof(*sc)); + struct stream_cipher *sc = alloc(sizeof(*sc)); assert(len >= 2 * AES_CRT128_BLOCK_SIZE); gret = gcry_cipher_open(&sc->handle, GCRY_CIPHER_AES128,