paraslash 0.7.3

[paraslash.git] / gcrypt.c

diff --git a/gcrypt.c b/gcrypt.c
index 69c2c34f0b4e87fd57b0c22f2a6d7725eaaaa043..b46f8f9555824eb86b7bbf600b4352558ed2db26 100644 (file)
--- a/gcrypt.c
+++ b/gcrypt.c
@@ -12,7 +12,6 @@
 #include "crypt_backend.h"
 #include "fd.h"
 #include "base64.h"
-#include "portable_io.h"
 
 //#define GCRYPT_DEBUG 1
 
@@ -47,6 +46,22 @@ void hash_function(const char *data, unsigned long len, unsigned char *hash)
        gcry_md_close(handle);
 }
 
+void hash2_function(const char *data, unsigned long len, unsigned char *hash)
+{
+       gcry_error_t gret;
+       gcry_md_hd_t handle;
+       unsigned char *md;
+
+       gret = gcry_md_open(&handle, GCRY_MD_SHA256, 0);
+       assert(gret == 0);
+       gcry_md_write(handle, data, (size_t)len);
+       gcry_md_final(handle);
+       md = gcry_md_read(handle, GCRY_MD_SHA256);
+       assert(md);
+       memcpy(hash, md, HASH2_SIZE);
+       gcry_md_close(handle);
+}
+
 void get_random_bytes_or_die(unsigned char *buf, int num)
 {
        gcry_randomize(buf, (size_t)num, GCRY_STRONG_RANDOM);
@@ -99,7 +114,6 @@ void crypt_shutdown(void)
 
 struct asymmetric_key {
        gcry_sexp_t sexp;
-       int num_bytes;
 };
 
 static const char *gcrypt_strerror(gcry_error_t gret)
@@ -107,84 +121,6 @@ static const char *gcrypt_strerror(gcry_error_t gret)
        return gcry_strerror(gcry_err_code(gret));
 }
 
-/** Private PEM keys (legacy format) start with this header. */
-#define PRIVATE_PEM_KEY_HEADER "-----BEGIN RSA PRIVATE KEY-----"
-/** Private OPENSSH keys (RFC4716) start with this header. */
-#define PRIVATE_OPENSSH_KEY_HEADER "-----BEGIN OPENSSH PRIVATE KEY-----"
-/** Private PEM keys (legacy format) end with this footer. */
-#define PRIVATE_PEM_KEY_FOOTER "-----END RSA PRIVATE KEY-----"
-/** Private OPENSSH keys (RFC4716) end with this footer. */
-#define PRIVATE_OPENSSH_KEY_FOOTER "-----END OPENSSH PRIVATE KEY-----"
-/** Legacy PEM keys (openssh-7.7 and earlier, paraslash.0.6.2 and earlier) */
-#define PKT_PEM (0)
-/** OPENSSH keys (since openssh-7.8, paraslash.0.6.3) */
-#define PKT_OPENSSH (1)
-
-static int decode_private_key(const char *key_file, unsigned char **result,
-               size_t *blob_size)
-{
-       int ret, ret2, i, j, key_type;
-       void *map;
-       size_t map_size, key_size;
-       unsigned char *blob = NULL;
-       char *begin, *footer, *key;
-
-       ret = mmap_full_file(key_file, O_RDONLY, &map, &map_size, NULL);
-       if (ret < 0)
-               goto out;
-       ret = -E_KEY_MARKER;
-       if (strncmp(map, PRIVATE_PEM_KEY_HEADER,
-                       strlen(PRIVATE_PEM_KEY_HEADER)) == 0) {
-               key_type = PKT_PEM;
-               begin = map + strlen(PRIVATE_PEM_KEY_HEADER);
-               footer = strstr(map, PRIVATE_PEM_KEY_FOOTER);
-               PARA_INFO_LOG("detected legacy PEM key %s\n", key_file);
-       } else if (strncmp(map, PRIVATE_OPENSSH_KEY_HEADER,
-                       strlen(PRIVATE_OPENSSH_KEY_HEADER)) == 0) {
-               key_type = PKT_OPENSSH;
-               begin = map + strlen(PRIVATE_OPENSSH_KEY_HEADER);
-               footer = strstr(map, PRIVATE_OPENSSH_KEY_FOOTER);
-               PARA_INFO_LOG("detected openssh key %s\n", key_file);
-       } else
-               goto unmap;
-       if (!footer)
-               goto unmap;
-       /* skip whitespace at the beginning */
-       for (; begin < footer; begin++) {
-               if (para_isspace(*begin))
-                       continue;
-               break;
-       }
-       ret = -E_KEY_MARKER;
-       if (begin >= footer)
-               goto unmap;
-
-       key_size = footer - begin;
-       key = para_malloc(key_size + 1);
-       for (i = 0, j = 0; begin + i < footer; i++) {
-               if (para_isspace(begin[i]))
-                       continue;
-               key[j++] = begin[i];
-       }
-       key[j] = '\0';
-       ret = base64_decode(key, j, (char **)&blob, blob_size);
-       free(key);
-       if (ret < 0)
-               goto unmap;
-       ret = key_type;
-unmap:
-       ret2 = para_munmap(map, map_size);
-       if (ret >= 0 && ret2 < 0)
-               ret = ret2;
-       if (ret < 0) {
-               free(blob);
-               blob = NULL;
-       }
-out:
-       *result = blob;
-       return ret;
-}
-
 /** ASN Types and their code. */
 enum asn1_types {
        /** The next object is an integer. */
@@ -469,7 +405,7 @@ static int get_private_key(const char *key_file, struct asymmetric_key **result)
                ret = -E_SEXP_BUILD;
                goto free_params;
        }
-       key = para_malloc(sizeof(*key));
+       key = alloc(sizeof(*key));
        key->sexp = sexp;
        *result = key;
        ret = bits;
@@ -519,11 +455,10 @@ int apc_get_pubkey(const char *key_file, struct asymmetric_key **result)
                goto release_n;
        }
        PARA_INFO_LOG("successfully read %u bit ssh public key\n", bits);
-       key = para_malloc(sizeof(*key));
-       key->num_bytes = ret;
+       key = alloc(sizeof(*key));
        key->sexp = sexp;
        *result = key;
-       ret = bits;
+       ret = bits / 8;
 release_n:
        gcry_mpi_release(n);
 release_e:
@@ -627,8 +562,6 @@ int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
        size_t nbytes;
        int ret;
 
-       PARA_INFO_LOG("encrypting %u byte input with %d-byte key\n", len, pub->num_bytes);
-
        /* get pub key */
        pub_key = gcry_sexp_find_token(pub->sexp, "public-key", 0);
        if (!pub_key)
@@ -687,7 +620,7 @@ struct stream_cipher {
 struct stream_cipher *sc_new(const unsigned char *data, int len)
 {
        gcry_error_t gret;
-       struct stream_cipher *sc = para_malloc(sizeof(*sc));
+       struct stream_cipher *sc = alloc(sizeof(*sc));
 
        assert(len >= 2 * AES_CRT128_BLOCK_SIZE);
        gret = gcry_cipher_open(&sc->handle, GCRY_CIPHER_AES128,