5924
|
1 |
diff -urNp gnome-keyring-0.4.5/aes.c gnome-keyring-0.4.5-hacked/aes.c
|
|
2 |
--- gnome-keyring-0.4.5/aes.c 2003-11-28 04:45:09.000000000 +1300
|
|
3 |
+++ gnome-keyring-0.4.5-hacked/aes.c 2005-09-18 21:14:54.066769856 +1200
|
|
4 |
@@ -31,6 +31,9 @@
|
|
5 |
|
|
6 |
#include "config.h"
|
4395
|
7 |
|
5924
|
8 |
+/* Only build this if there is no PKCS11 support available */
|
|
9 |
+#ifndef HAVE_PKCS11
|
4395
|
10 |
+
|
5924
|
11 |
#include "aes.h"
|
|
12 |
|
|
13 |
#if defined(G_BYTE_ORDER) && defined(G_BIG_ENDIAN) && defined(G_LITTLE_ENDIAN)
|
|
14 |
@@ -333,3 +336,5 @@ guint32* aesFeedback(aesParam* ap)
|
|
15 |
{
|
|
16 |
return ap->fdback;
|
|
17 |
}
|
4395
|
18 |
+
|
5924
|
19 |
+#endif /* ! HAVE_PKCS11 */
|
7697
|
20 |
--- gnome-keyring-0.5.1/configure.in 2006-06-12 12:07:39.000000000 +0100
|
|
21 |
+++ gnome-keyring-0.5.1-hacked/configure.in 2006-07-21 14:26:36.126696000 +0100
|
|
22 |
@@ -125,6 +125,17 @@
|
5924
|
23 |
done
|
|
24 |
fi
|
7697
|
25 |
|
5924
|
26 |
+# Check for pkcs11 library
|
|
27 |
+#
|
|
28 |
+AC_CHECK_HEADERS(security/cryptoki.h)
|
|
29 |
+have_pkcs=no
|
|
30 |
+AC_CHECK_LIB(pkcs11, C_Initialize, have_pkcs=yes)
|
|
31 |
+if test $have_pkcs = yes; then
|
7697
|
32 |
+ AC_DEFINE(HAVE_PKCS11,1,[Have pkcs11 library])
|
|
33 |
+ PKCS_LIBS=-lpkcs11
|
5924
|
34 |
+fi
|
|
35 |
+AC_SUBST(PKCS_LIBS)
|
|
36 |
+
|
7697
|
37 |
# Check for /dev/random
|
|
38 |
#
|
|
39 |
AC_CHECK_FILE(/dev/random, AC_DEFINE(HAVE_DEVRANDOM,1,[Have /dev/random]))
|
5924
|
40 |
diff -urNp gnome-keyring-0.4.5/gnome-keyring-daemon.c gnome-keyring-0.4.5-hacked/gnome-keyring-daemon.c
|
|
41 |
--- gnome-keyring-0.4.5/gnome-keyring-daemon.c 2005-05-07 05:13:20.000000000 +1200
|
|
42 |
+++ gnome-keyring-0.4.5-hacked/gnome-keyring-daemon.c 2005-09-18 21:14:54.064770160 +1200
|
|
43 |
@@ -29,6 +29,7 @@
|
4395
|
44 |
#include <stdio.h>
|
5924
|
45 |
#include <string.h>
|
4395
|
46 |
#include <signal.h>
|
|
47 |
+#include <string.h>
|
|
48 |
#include <sys/types.h>
|
|
49 |
#include <sys/socket.h>
|
|
50 |
#include <sys/un.h>
|
5924
|
51 |
@@ -297,8 +298,11 @@ hash_string (const char *str)
|
4395
|
52 |
{
|
|
53 |
guchar digest[16];
|
|
54 |
|
|
55 |
- gnome_keyring_md5_string (str, digest);
|
|
56 |
- return gnome_keyring_md5_digest_to_ascii (digest);
|
|
57 |
+ (void) memset(digest, 0, sizeof(digest));
|
|
58 |
+
|
|
59 |
+ (void) gnome_keyring_md5_digest (str, strlen(str), digest, sizeof(digest));
|
|
60 |
+
|
|
61 |
+ return gnome_keyring_md5_digest_to_ascii(digest, sizeof(digest));
|
|
62 |
}
|
|
63 |
|
|
64 |
GnomeKeyringAttributeList *
|
5924
|
65 |
diff -urNp gnome-keyring-0.4.5/gnome-keyring-daemon-file.c gnome-keyring-0.4.5-hacked/gnome-keyring-daemon-file.c
|
|
66 |
--- gnome-keyring-0.4.5/gnome-keyring-daemon-file.c 2005-06-28 11:03:00.000000000 +1200
|
|
67 |
+++ gnome-keyring-0.4.5-hacked/gnome-keyring-daemon-file.c 2005-09-18 21:18:58.505609504 +1200
|
4395
|
68 |
@@ -26,6 +26,7 @@
|
|
69 |
#include <errno.h>
|
|
70 |
#include <stdlib.h>
|
|
71 |
#include <stdio.h>
|
|
72 |
+#include <string.h>
|
|
73 |
#include <sys/types.h>
|
|
74 |
#include <sys/socket.h>
|
|
75 |
#include <sys/un.h>
|
5924
|
76 |
@@ -34,20 +35,189 @@
|
4395
|
77 |
|
|
78 |
#include "gnome-keyring-daemon.h"
|
|
79 |
#include "gnome-keyring-proto.h"
|
|
80 |
-#include "md5.h"
|
|
81 |
-#include "sha256.h"
|
|
82 |
+
|
|
83 |
+#ifdef HAVE_PKCS11
|
|
84 |
+#include <security/cryptoki.h>
|
|
85 |
+#else
|
|
86 |
#include "aes.h"
|
|
87 |
+#endif /* HAVE_PKCS11 */
|
|
88 |
+#include "sha256.h"
|
|
89 |
+#include "md5.h"
|
|
90 |
|
|
91 |
time_t keyring_dir_mtime = 0;
|
|
92 |
|
|
93 |
-static void
|
|
94 |
-generate_key (const char *password,
|
|
95 |
- guchar salt[8],
|
|
96 |
- int iterations,
|
5924
|
97 |
- guchar key[16],
|
|
98 |
- guchar iv[16])
|
4395
|
99 |
+#ifdef HAVE_PKCS11
|
|
100 |
+int
|
|
101 |
+GetCryptoSession(CK_MECHANISM_TYPE mech, CK_SESSION_HANDLE_PTR hSession)
|
5924
|
102 |
{
|
4395
|
103 |
+ CK_RV rv;
|
|
104 |
+ CK_ULONG slotcount;
|
|
105 |
+ CK_SLOT_ID_PTR slot_list;
|
|
106 |
+ CK_SLOT_ID slot_id;
|
|
107 |
+ CK_MECHANISM_INFO mech_info;
|
|
108 |
+ CK_ULONG i;
|
|
109 |
+
|
|
110 |
+ if (hSession == NULL) {
|
|
111 |
+ return (CKR_ARGUMENTS_BAD);
|
|
112 |
+ }
|
|
113 |
+
|
|
114 |
+ /* initialize PKCS #11 */
|
|
115 |
+ rv = C_Initialize(NULL);
|
|
116 |
+ if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) {
|
|
117 |
+ return (rv);
|
|
118 |
+ }
|
|
119 |
+
|
|
120 |
+ /* get slot count */
|
|
121 |
+ rv = C_GetSlotList(0, NULL, &slotcount);
|
|
122 |
+ if (rv != CKR_OK) {
|
|
123 |
+ return (rv);
|
|
124 |
+ }
|
|
125 |
+
|
|
126 |
+ if (slotcount == 0) {
|
|
127 |
+ return (CKR_FUNCTION_FAILED);
|
|
128 |
+ }
|
|
129 |
+
|
|
130 |
+ /* allocate memory for slot list */
|
|
131 |
+ slot_list = malloc(slotcount * sizeof (CK_SLOT_ID));
|
|
132 |
+ if (slot_list == NULL) {
|
|
133 |
+ return (CKR_HOST_MEMORY);
|
|
134 |
+ }
|
|
135 |
+
|
|
136 |
+ if ((rv = C_GetSlotList(0, slot_list, &slotcount)) != CKR_OK) {
|
|
137 |
+ free(slot_list);
|
|
138 |
+ return (rv);
|
|
139 |
+ }
|
|
140 |
+
|
|
141 |
+ /* find slot with matching mechanism */
|
|
142 |
+ for (i = 0; i < slotcount; i++) {
|
|
143 |
+ slot_id = slot_list[i];
|
|
144 |
+ if (C_GetMechanismInfo(slot_id, mech, &mech_info) == CKR_OK) {
|
|
145 |
+ break;
|
|
146 |
+ }
|
|
147 |
+ }
|
|
148 |
+
|
|
149 |
+ if (i == slotcount) {
|
|
150 |
+ free(slot_list);
|
|
151 |
+ return (CKR_MECHANISM_INVALID);
|
|
152 |
+ }
|
|
153 |
+
|
5924
|
154 |
+ rv = C_OpenSession(slot_id, CKF_SERIAL_SESSION, NULL, NULL, hSession);
|
4395
|
155 |
+
|
|
156 |
+ free(slot_list);
|
|
157 |
+ return (rv);
|
|
158 |
+}
|
|
159 |
+
|
|
160 |
+static int
|
4398
|
161 |
+create_key_object(CK_SESSION_HANDLE hSession, CK_KEY_TYPE ktype, guchar *keydata, guint32 keylen,
|
5924
|
162 |
+ CK_OBJECT_HANDLE *hKey)
|
|
163 |
+{
|
4395
|
164 |
+ CK_RV rv = CKR_OK;
|
|
165 |
+ CK_OBJECT_CLASS class = CKO_SECRET_KEY;
|
|
166 |
+ CK_BBOOL true = TRUE, false = FALSE;
|
|
167 |
+
|
|
168 |
+ CK_ATTRIBUTE template[] = {
|
|
169 |
+ {CKA_CLASS, NULL, sizeof (class) },
|
|
170 |
+ {CKA_KEY_TYPE, NULL, sizeof (CKA_KEY_TYPE) },
|
|
171 |
+ {CKA_TOKEN, NULL, sizeof (false) },
|
|
172 |
+ {CKA_ENCRYPT, NULL, sizeof (true) },
|
|
173 |
+ {CKA_VALUE, NULL, keylen }
|
5924
|
174 |
+ };
|
4395
|
175 |
+
|
|
176 |
+ template[0].pValue = &class;
|
|
177 |
+ template[1].pValue = &ktype;
|
|
178 |
+ template[2].pValue = &false;
|
|
179 |
+ template[3].pValue = &true;
|
|
180 |
+ template[4].pValue = keydata;
|
|
181 |
+
|
|
182 |
+ rv = C_CreateObject(hSession, template, 5, hKey);
|
|
183 |
+ if (rv != CKR_OK) {
|
|
184 |
+ g_warning ("create_key_object: C_CreateObject error 0x%0x", rv);
|
|
185 |
+ }
|
|
186 |
+
|
|
187 |
+ return (rv);
|
|
188 |
+}
|
|
189 |
+#endif /* HAVE_PKCS11 */
|
|
190 |
+
|
|
191 |
+static int
|
|
192 |
+generate_key (const char *password, guchar *salt, int iterations, char *key, char *iv)
|
|
193 |
+{
|
|
194 |
+#ifdef HAVE_PKCS11
|
|
195 |
+ /*
|
|
196 |
+ * If we have PKCS11, use the PKCS#5 PKBDF2 algorithm to derive a key
|
|
197 |
+ * from the given password and salt.
|
|
198 |
+ */
|
5924
|
199 |
+ CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
|
4395
|
200 |
+ CK_PKCS5_PBKD2_PARAMS params;
|
|
201 |
+ CK_OBJECT_CLASS class = CKO_SECRET_KEY;
|
|
202 |
+ CK_ATTRIBUTE tmpl[3];
|
|
203 |
+ CK_KEY_TYPE keytype = CKK_AES;
|
|
204 |
+ CK_OBJECT_HANDLE hKey;
|
5924
|
205 |
+ CK_MECHANISM mech;
|
|
206 |
+ CK_RV rv = CKR_OK;
|
4395
|
207 |
+ CK_BYTE fullkey[32];
|
|
208 |
+ CK_ULONG keylen = 32, passlen = strlen(password);
|
|
209 |
+ int attrs = 0;
|
|
210 |
+
|
|
211 |
+ g_assert (iterations >= 1);
|
5924
|
212 |
+ if (GetCryptoSession(CKM_PKCS5_PBKD2, &hSession) == CKR_OK) {
|
4395
|
213 |
+ tmpl[attrs].type = CKA_CLASS;
|
|
214 |
+ tmpl[attrs].pValue = &class;
|
|
215 |
+ tmpl[attrs].ulValueLen = sizeof (class);
|
|
216 |
+ attrs++;
|
|
217 |
+
|
|
218 |
+ tmpl[attrs].type = CKA_KEY_TYPE;
|
|
219 |
+ tmpl[attrs].pValue = &keytype;
|
|
220 |
+ tmpl[attrs].ulValueLen = sizeof (keytype);
|
|
221 |
+ attrs++;
|
|
222 |
+
|
|
223 |
+ tmpl[attrs].type = CKA_VALUE_LEN;
|
|
224 |
+ tmpl[attrs].pValue = (void *)&keylen;
|
|
225 |
+ tmpl[attrs].ulValueLen = keylen;
|
|
226 |
+ attrs++;
|
|
227 |
+
|
|
228 |
+ params.saltSource = CKZ_SALT_SPECIFIED;
|
|
229 |
+ params.pSaltSourceData = (void *)salt;
|
|
230 |
+ params.ulSaltSourceDataLen = 8;
|
|
231 |
+ params.iterations = iterations;
|
|
232 |
+ params.prf = CKP_PKCS5_PBKD2_HMAC_SHA1;
|
|
233 |
+ params.pPrfData = NULL;
|
|
234 |
+ params.ulPrfDataLen = 0;
|
|
235 |
+ params.pPassword = (CK_UTF8CHAR_PTR)password;
|
|
236 |
+ params.ulPasswordLen = (CK_ULONG *)&passlen;
|
|
237 |
+
|
|
238 |
+ mech.mechanism = CKM_PKCS5_PBKD2;
|
|
239 |
+ mech.pParameter = ¶ms;
|
|
240 |
+ mech.ulParameterLen = sizeof (params);
|
|
241 |
+
|
|
242 |
+ rv = C_GenerateKey(hSession, &mech, tmpl, attrs, &hKey);
|
|
243 |
+ if (rv != CKR_OK) {
|
|
244 |
+ g_warning ("generate_key: C_GenerateKey error 0x%0x", rv);
|
|
245 |
+ goto cleanup;
|
|
246 |
+ }
|
5924
|
247 |
+
|
4395
|
248 |
+ tmpl[0].type = CKA_VALUE;
|
|
249 |
+ tmpl[0].pValue = fullkey;
|
|
250 |
+ tmpl[0].ulValueLen = sizeof(fullkey);
|
|
251 |
+ rv = C_GetAttributeValue(hSession, hKey, tmpl, 1);
|
|
252 |
+ if (rv != CKR_OK) {
|
|
253 |
+ g_warning ("generate_key: C_GenerateKey error 0x%0x", rv);
|
|
254 |
+ goto cleanup;
|
|
255 |
+ }
|
5924
|
256 |
+
|
4395
|
257 |
+ /*
|
|
258 |
+ * We copied the key data from the object, now destroy it.
|
|
259 |
+ */
|
|
260 |
+ (void) C_DestroyObject(hSession, hKey);
|
|
261 |
+ memcpy (key, fullkey, 16);
|
|
262 |
+ memcpy (iv, fullkey+16, 16);
|
5924
|
263 |
+ }
|
4395
|
264 |
+cleanup:
|
5924
|
265 |
+ if (hSession != CK_INVALID_HANDLE)
|
|
266 |
+ C_CloseSession(hSession);
|
4395
|
267 |
+
|
|
268 |
+#else
|
|
269 |
sha256Param sha;
|
|
270 |
+ int rv = 0;
|
|
271 |
guchar digest[32];
|
|
272 |
|
|
273 |
g_assert (iterations >= 1);
|
5924
|
274 |
@@ -67,6 +237,8 @@ generate_key (const char *password,
|
4395
|
275 |
|
|
276 |
memcpy (key, digest, 16);
|
|
277 |
memcpy (iv, digest+16, 16);
|
5924
|
278 |
+
|
4395
|
279 |
+#endif /* HAVE_PKCS11 */
|
|
280 |
}
|
|
281 |
|
|
282 |
static gboolean
|
5924
|
283 |
@@ -77,17 +249,61 @@ encrypt_buffer (GString *buffer,
|
4395
|
284 |
{
|
|
285 |
guchar key[16];
|
|
286 |
guchar iv[16];
|
|
287 |
+#ifdef HAVE_PKCS11
|
|
288 |
+ CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
|
|
289 |
+ CK_MECHANISM mechanism;
|
|
290 |
+ CK_OBJECT_HANDLE hKey;
|
|
291 |
+ CK_RV rv;
|
|
292 |
+ CK_ULONG cipherlen;
|
|
293 |
+#else
|
5924
|
294 |
aesParam param;
|
4395
|
295 |
guchar dst[16];
|
|
296 |
guchar src[16];
|
|
297 |
size_t pos;
|
|
298 |
int i;
|
|
299 |
+#endif
|
|
300 |
|
|
301 |
g_assert (buffer->len % 16 == 0);
|
|
302 |
|
|
303 |
- generate_key (password, salt, iterations,
|
|
304 |
- key, iv);
|
5924
|
305 |
-
|
|
306 |
+ if (generate_key (password, salt, iterations, (char *)key, (char *)iv) != 0)
|
|
307 |
+ return (FALSE);
|
4395
|
308 |
+#ifdef HAVE_PKCS11
|
5924
|
309 |
+ rv = GetCryptoSession(CKM_AES_CBC, &hSession);
|
|
310 |
+ if (rv != CKR_OK) {
|
|
311 |
+ g_warning ("encrypt_buffer: GetCryptoSession error 0x%0x", rv);
|
|
312 |
+ return (FALSE);
|
|
313 |
+ }
|
|
314 |
+
|
|
315 |
+ rv = create_key_object(hSession, CKK_AES, key, sizeof(key), &hKey);
|
|
316 |
+ if (rv != CKR_OK) {
|
|
317 |
+ (void)C_CloseSession(hSession);
|
|
318 |
+ return (FALSE);
|
|
319 |
+ }
|
|
320 |
+
|
|
321 |
+ /* Setup to do AES CBC mode with the given IV */
|
|
322 |
+ mechanism.mechanism = CKM_AES_CBC;
|
|
323 |
+ mechanism.pParameter = iv;
|
4395
|
324 |
+ mechanism.ulParameterLen = sizeof (iv);
|
|
325 |
+
|
|
326 |
+ rv = C_EncryptInit(hSession, &mechanism, hKey);
|
|
327 |
+ if (rv != CKR_OK) {
|
|
328 |
+ g_warning ("encrypt_buffer: C_EncryptInit error 0x%0x", rv);
|
|
329 |
+ goto cleanup;
|
|
330 |
+ }
|
|
331 |
+
|
|
332 |
+ cipherlen = buffer->len;
|
|
333 |
+ /* encrypt the whole buffer in-place. */
|
5924
|
334 |
+ if ((rv = C_Encrypt(hSession, (CK_BYTE_PTR)buffer->str, buffer->len, (CK_BYTE_PTR)buffer->str, &cipherlen)) != CKR_OK)
|
|
335 |
+ g_warning ("encrypt_buffer: C_Encrypt error 0x%0x", rv);
|
4395
|
336 |
+
|
|
337 |
+cleanup:
|
|
338 |
+ (void)C_DestroyObject(hSession, hKey);
|
|
339 |
+ (void)C_CloseSession(hSession);
|
|
340 |
+ if (rv != CKR_OK) {
|
|
341 |
+ return (FALSE);
|
|
342 |
+ }
|
5924
|
343 |
+
|
4395
|
344 |
+#else
|
|
345 |
if (aesSetup(¶m, key, 128, ENCRYPT)) {
|
|
346 |
return FALSE;
|
|
347 |
}
|
5924
|
348 |
@@ -103,6 +319,8 @@ encrypt_buffer (GString *buffer,
|
4395
|
349 |
memcpy (buffer->str + pos, dst, 16);
|
|
350 |
}
|
5924
|
351 |
|
4395
|
352 |
+#endif /* HAVE_PKCS11 */
|
5924
|
353 |
+
|
4395
|
354 |
return TRUE;
|
|
355 |
}
|
5924
|
356 |
|
|
357 |
@@ -114,23 +332,79 @@ decrypt_buffer (GString *buffer,
|
4395
|
358 |
{
|
|
359 |
guchar key[16];
|
|
360 |
guchar iv[16];
|
|
361 |
+#ifdef HAVE_PKCS11
|
5924
|
362 |
+ CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
|
|
363 |
+ CK_MECHANISM mechanism;
|
|
364 |
+ CK_OBJECT_HANDLE hKey;
|
|
365 |
+ CK_RV rv;
|
|
366 |
+ CK_ULONG cipherlen;
|
|
367 |
+ CK_BYTE dst[16];
|
4395
|
368 |
+#else
|
|
369 |
aesParam param;
|
|
370 |
- guchar dst[16];
|
5924
|
371 |
+ guchar *dst;
|
|
372 |
+ guint32 dstint[4];
|
|
373 |
+ guint32 srcint[4];
|
4395
|
374 |
size_t pos;
|
|
375 |
int i;
|
|
376 |
+#endif
|
|
377 |
|
|
378 |
g_assert (buffer->len % 16 == 0);
|
|
379 |
|
|
380 |
- generate_key (password, salt, iterations,
|
|
381 |
- key, iv);
|
5924
|
382 |
+ if (generate_key (password, salt, iterations, (char *)key, (char *)iv))
|
|
383 |
+ return FALSE;
|
|
384 |
+
|
4395
|
385 |
+#ifdef HAVE_PKCS11
|
5924
|
386 |
+ rv = GetCryptoSession(CKM_AES_CBC, &hSession);
|
|
387 |
+ if (rv != CKR_OK) {
|
|
388 |
+ g_warning ("decrypt_buffer: GetCryptoSession error 0x%0x", rv);
|
|
389 |
+ return (FALSE);
|
|
390 |
+ }
|
|
391 |
+
|
|
392 |
+ rv = create_key_object(hSession, CKK_AES, key, sizeof(key), &hKey);
|
|
393 |
+ if (rv != CKR_OK) {
|
|
394 |
+ (void)C_CloseSession(hSession);
|
|
395 |
+ return (FALSE);
|
|
396 |
+ }
|
|
397 |
+
|
|
398 |
+ mechanism.mechanism = CKM_AES_CBC;
|
|
399 |
+ mechanism.pParameter = iv;
|
|
400 |
+ mechanism.ulParameterLen = sizeof(iv);
|
|
401 |
+
|
|
402 |
+ rv = C_DecryptInit(hSession, &mechanism, hKey);
|
|
403 |
+ if (rv != CKR_OK) {
|
|
404 |
+ g_warning ("decrypt_buffer: C_DecryptInit error 0x%0x", rv);
|
|
405 |
+ goto cleanup;
|
|
406 |
+ }
|
|
407 |
+
|
|
408 |
+ cipherlen = buffer->len;
|
|
409 |
+ /* decrypt the entire buffer in-place */
|
|
410 |
+ if ((rv = C_Decrypt(hSession, (CK_BYTE *)buffer->str, buffer->len,
|
|
411 |
+ (CK_BYTE *)buffer->str, &cipherlen))) {
|
|
412 |
+ g_warning ("decrypt_buffer: C_Decrypt error 0x%0x", rv);
|
|
413 |
+ }
|
|
414 |
+
|
|
415 |
+cleanup:
|
|
416 |
+ (void)C_DestroyObject(hSession, hKey);
|
|
417 |
+ (void)C_CloseSession(hSession);
|
|
418 |
+
|
|
419 |
+ if (rv != CKR_OK)
|
|
420 |
+ return (FALSE);
|
|
421 |
+
|
|
422 |
+#else
|
4395
|
423 |
+
|
|
424 |
|
|
425 |
if (aesSetup(¶m, key, 128, DECRYPT)) {
|
|
426 |
return FALSE;
|
|
427 |
}
|
|
428 |
for (pos = 0; pos < buffer->len; pos += 16) {
|
|
429 |
- if (aesDecrypt (¶m, (guint32*) dst, (guint32*) (buffer->str + pos))) {
|
5924
|
430 |
+ /* Copy the data to a properly aligned data struct before the AES operation */
|
|
431 |
+ memcpy((void *)srcint, buffer->str+pos, 16);
|
|
432 |
+ if (aesDecrypt (¶m, (guint32*) dstint, (guint32 *)srcint)) {
|
4395
|
433 |
+
|
|
434 |
return FALSE;
|
|
435 |
}
|
5924
|
436 |
+ dst = (guchar *)dstint;
|
4395
|
437 |
+
|
|
438 |
for (i = 0; i < 16; i++) {
|
|
439 |
dst[i] = iv[i] ^ dst[i];
|
|
440 |
}
|
5924
|
441 |
@@ -138,21 +412,19 @@ decrypt_buffer (GString *buffer,
|
4395
|
442 |
memcpy (buffer->str + pos, dst, 16);
|
|
443 |
}
|
5924
|
444 |
|
4395
|
445 |
+#endif /* HAVE_PKCS11 */
|
|
446 |
return TRUE;
|
|
447 |
}
|
5924
|
448 |
|
4395
|
449 |
static gboolean
|
|
450 |
verify_decrypted_buffer (GString *buffer)
|
|
451 |
{
|
|
452 |
- struct GnomeKeyringMD5Context md5_context;
|
|
453 |
guchar digest[16];
|
|
454 |
-
|
|
455 |
- gnome_keyring_md5_init (&md5_context);
|
|
456 |
- gnome_keyring_md5_update (&md5_context,
|
5924
|
457 |
- (guchar *)buffer->str + 16, buffer->len - 16);
|
4395
|
458 |
- gnome_keyring_md5_final (digest, &md5_context);
|
|
459 |
-
|
|
460 |
- return memcmp (buffer->str, digest, 16) == 0;
|
5924
|
461 |
+
|
|
462 |
+ if (gnome_keyring_md5_digest((guchar *)(buffer->str + 16), buffer->len - 16,
|
|
463 |
+ digest, sizeof (digest)))
|
|
464 |
+ return (FALSE);
|
|
465 |
+ return (memcmp (buffer->str, digest, 16) == 0);
|
4395
|
466 |
}
|
|
467 |
|
|
468 |
static char *
|
5924
|
469 |
@@ -278,7 +550,6 @@ generate_file (GString *buffer, GnomeKey
|
4395
|
470 |
GnomeKeyringItem *item;
|
|
471 |
GnomeKeyringAttributeList *hashed;
|
|
472 |
GString *to_encrypt;
|
|
473 |
- struct GnomeKeyringMD5Context md5_context;
|
|
474 |
guchar digest[16];
|
|
475 |
int i;
|
|
476 |
|
5924
|
477 |
@@ -342,11 +613,10 @@ generate_file (GString *buffer, GnomeKey
|
4395
|
478 |
g_string_append_c (to_encrypt, 0);
|
|
479 |
}
|
|
480 |
|
|
481 |
- gnome_keyring_md5_init (&md5_context);
|
|
482 |
- gnome_keyring_md5_update (&md5_context,
|
5924
|
483 |
- (guchar *)to_encrypt->str + 16, to_encrypt->len - 16);
|
4395
|
484 |
- gnome_keyring_md5_final (digest, &md5_context);
|
|
485 |
- memcpy (to_encrypt->str, digest, 16);
|
5924
|
486 |
+
|
|
487 |
+ if (gnome_keyring_md5_digest((guchar *)(to_encrypt->str + 16), to_encrypt->len - 16,
|
|
488 |
+ digest, 16) == 0)
|
|
489 |
+ (void) memcpy (to_encrypt->str, digest, 16);
|
4395
|
490 |
|
|
491 |
if (!encrypt_buffer (to_encrypt, keyring->password, keyring->salt, keyring->hash_iterations)) {
|
|
492 |
g_string_free (to_encrypt, TRUE);
|
5924
|
493 |
diff -urNp gnome-keyring-0.4.5/gnome-keyring-daemon-io.c gnome-keyring-0.4.5-hacked/gnome-keyring-daemon-io.c
|
|
494 |
--- gnome-keyring-0.4.5/gnome-keyring-daemon-io.c 2005-09-15 01:58:30.000000000 +1200
|
|
495 |
+++ gnome-keyring-0.4.5-hacked/gnome-keyring-daemon-io.c 2005-09-18 21:14:54.061770616 +1200
|
|
496 |
@@ -371,10 +386,15 @@ gnome_keyring_client_state_machine (Gnom
|
|
497 |
gnome_keyring_client_free (client);
|
|
498 |
return;
|
|
499 |
}
|
|
500 |
+ if (str != NULL) {
|
|
501 |
debug_print (("got name: %s\n", str));
|
|
502 |
client->app_ref->display_name = str;
|
|
503 |
client->input_pos = 0;
|
|
504 |
client->state = GNOME_CLIENT_STATE_READ_PACKET;
|
|
505 |
+ } else {
|
|
506 |
+ gnome_keyring_client_free (client);
|
|
507 |
+ return;
|
|
508 |
+ }
|
|
509 |
}
|
|
510 |
break;
|
|
511 |
case GNOME_CLIENT_STATE_READ_PACKET:
|
|
512 |
diff -urNp gnome-keyring-0.4.5/gnome-keyring-proto.c gnome-keyring-0.4.5-hacked/gnome-keyring-proto.c
|
|
513 |
--- gnome-keyring-0.4.5/gnome-keyring-proto.c 2005-05-07 05:13:20.000000000 +1200
|
|
514 |
+++ gnome-keyring-0.4.5-hacked/gnome-keyring-proto.c 2005-09-18 21:14:54.062770464 +1200
|
|
515 |
@@ -276,7 +276,6 @@ gnome_keyring_proto_start_operation (GSt
|
|
516 |
return FALSE;
|
|
517 |
}
|
4395
|
518 |
|
5924
|
519 |
-
|
|
520 |
/* Make space for packet size */
|
|
521 |
*op_start = buffer->len;
|
|
522 |
gnome_keyring_proto_add_uint32 (buffer, 0);
|
|
523 |
@@ -340,8 +339,7 @@ gnome_keyring_proto_encode_op_string (GS
|
|
524 |
if (!gnome_keyring_proto_start_operation (buffer, op, &op_start)) {
|
|
525 |
return FALSE;
|
|
526 |
}
|
|
527 |
- if (!gnome_keyring_proto_add_utf8_string (buffer,
|
|
528 |
- str)) {
|
|
529 |
+ if (!gnome_keyring_proto_add_utf8_string (buffer, str)) {
|
|
530 |
return FALSE;
|
|
531 |
}
|
|
532 |
if (!gnome_keyring_proto_end_operation (buffer, op_start)) {
|
|
533 |
diff -urNp gnome-keyring-0.4.5/Makefile.am gnome-keyring-0.4.5-hacked/Makefile.am
|
|
534 |
--- gnome-keyring-0.4.5/Makefile.am 2004-07-21 06:42:50.000000000 +1200
|
|
535 |
+++ gnome-keyring-0.4.5-hacked/Makefile.am 2005-09-18 21:14:54.067769704 +1200
|
|
536 |
@@ -72,27 +72,31 @@ gnome_keyring_daemon_SOURCES = \
|
4395
|
537 |
gnome_keyring_daemon_LDADD = \
|
|
538 |
libgnome-keyring-common.la \
|
|
539 |
@LIBOBJS@ \
|
|
540 |
- $(GLIB_LIBS)
|
|
541 |
+ $(GLIB_LIBS) \
|
|
542 |
+ $(PKCS_LIBS)
|
|
543 |
|
|
544 |
gnome_keyring_ask_SOURCES = \
|
|
545 |
gnome-keyring-ask.c
|
|
546 |
|
|
547 |
gnome_keyring_ask_LDADD = \
|
|
548 |
- $(GTK_LIBS)
|
|
549 |
+ $(GTK_LIBS) \
|
|
550 |
+ $(PKCS_LIBS)
|
|
551 |
|
|
552 |
list_keyrings_SOURCES = \
|
|
553 |
list-keyrings.c
|
|
554 |
|
|
555 |
list_keyrings_LDADD = \
|
|
556 |
libgnome-keyring.la \
|
|
557 |
- $(GTK_LIBS)
|
|
558 |
+ $(GTK_LIBS) \
|
|
559 |
+ $(PKCS_LIBS)
|
|
560 |
|
|
561 |
test_keyring_SOURCES = \
|
|
562 |
test.c
|
|
563 |
|
|
564 |
test_keyring_LDADD = \
|
|
565 |
libgnome-keyring.la \
|
|
566 |
- $(GTK_LIBS)
|
|
567 |
+ $(GTK_LIBS) \
|
|
568 |
+ $(PKCS_LIBS)
|
|
569 |
|
|
570 |
pkgconfigdir = $(libdir)/pkgconfig
|
|
571 |
pkgconfig_DATA = gnome-keyring-1.pc
|
5924
|
572 |
diff -urNp gnome-keyring-0.4.5/md5.c gnome-keyring-0.4.5-hacked/md5.c
|
|
573 |
--- gnome-keyring-0.4.5/md5.c 2005-05-07 05:13:20.000000000 +1200
|
|
574 |
+++ gnome-keyring-0.4.5-hacked/md5.c 2005-09-18 20:49:10.348450712 +1200
|
|
575 |
@@ -20,19 +20,72 @@
|
|
576 |
#include "md5.h"
|
|
577 |
#include <string.h>
|
|
578 |
|
|
579 |
-static void gnome_keyring_md5_transform (guint32 buf[4],
|
|
580 |
- guint32 const in[16]);
|
|
581 |
+#ifdef HAVE_PKCS11
|
|
582 |
+#include <security/cryptoki.h>
|
|
583 |
+int GetCryptoSession(CK_MECHANISM_TYPE, CK_SESSION_HANDLE_PTR);
|
|
584 |
+#endif
|
|
585 |
+
|
|
586 |
+char *
|
|
587 |
+gnome_keyring_md5_digest_to_ascii (unsigned char *digest, guint32 digestlen)
|
|
588 |
+{
|
|
589 |
+ static char hex_digits[] = "0123456789abcdef";
|
|
590 |
+ unsigned char *res;
|
|
591 |
+ int i;
|
|
592 |
+
|
|
593 |
+ res = g_malloc (33);
|
|
594 |
+
|
|
595 |
+ for (i = 0; i < digestlen; i++) {
|
|
596 |
+ res[2*i] = hex_digits[digest[i] >> 4];
|
|
597 |
+ res[2*i+1] = hex_digits[digest[i] & 0xf];
|
|
598 |
+ }
|
|
599 |
+
|
|
600 |
+ res[32] = 0;
|
4395
|
601 |
|
5924
|
602 |
-void
|
|
603 |
-gnome_keyring_md5_string (const char *string, unsigned char digest[16])
|
|
604 |
+ return (char *)res;
|
|
605 |
+}
|
|
606 |
+
|
|
607 |
+int
|
|
608 |
+gnome_keyring_md5_digest(guchar *buffer, guint32 len, guchar *digest, guint32 digestlen)
|
|
609 |
{
|
|
610 |
+ guchar md5digest[16];
|
|
611 |
+#ifdef HAVE_PKCS11
|
|
612 |
+ CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
|
|
613 |
+ CK_MECHANISM mech = { CKM_MD5, NULL, 0 };
|
|
614 |
+ CK_RV rv = CKR_OK;
|
|
615 |
+
|
|
616 |
+ if (GetCryptoSession(CKM_MD5, &hSession) == CKR_OK) {
|
|
617 |
+ if ((rv = C_DigestInit(hSession, &mech)) != CKR_OK) {
|
|
618 |
+ /* Report an error */
|
|
619 |
+ g_warning("gnome_keyring_md5_digest: C_DigestInit failed - 0x%0x", rv);
|
|
620 |
+ goto cleanup;
|
|
621 |
+ }
|
|
622 |
+ rv = C_Digest(hSession, (CK_BYTE_PTR)buffer, len, (CK_BYTE_PTR)md5digest, &digestlen);
|
|
623 |
+ if (rv != CKR_OK) {
|
|
624 |
+ /* Report an error */
|
|
625 |
+ g_warning("gnome_keyring_md5_digest: C_Digest failed - 0x%0x", rv);
|
|
626 |
+ goto cleanup;
|
|
627 |
+ }
|
|
628 |
+ }
|
|
629 |
+cleanup:
|
|
630 |
+ if (hSession != CK_INVALID_HANDLE)
|
|
631 |
+ C_CloseSession(hSession);
|
|
632 |
+#else
|
|
633 |
+ int rv = 0;
|
|
634 |
struct GnomeKeyringMD5Context md5_context;
|
|
635 |
|
|
636 |
gnome_keyring_md5_init (&md5_context);
|
|
637 |
- gnome_keyring_md5_update (&md5_context, (const unsigned char *)string, strlen (string));
|
|
638 |
- gnome_keyring_md5_final (digest, &md5_context);
|
|
639 |
+ gnome_keyring_md5_update (&md5_context, buffer, len);
|
|
640 |
+ gnome_keyring_md5_final (md5digest, &md5_context);
|
|
641 |
+#endif /* HAVE_PKCS211 */
|
|
642 |
+
|
|
643 |
+ (void)memcpy(digest, md5digest, digestlen);
|
|
644 |
+ return (rv);
|
|
645 |
}
|
|
646 |
|
|
647 |
+#ifndef HAVE_PKCS11
|
|
648 |
+static void gnome_keyring_md5_transform (guint32 buf[4],
|
|
649 |
+ guint32 const in[16]);
|
4395
|
650 |
+
|
5924
|
651 |
#if G_BYTE_ORDER == G_LITTLE_ENDIAN
|
|
652 |
#define byteReverse(buf, len) /* Nothing */
|
|
653 |
#else
|
|
654 |
@@ -54,26 +107,6 @@ byteReverse(unsigned char *buf, unsigned
|
|
655 |
|
|
656 |
#endif
|
|
657 |
|
|
658 |
-char *
|
|
659 |
-gnome_keyring_md5_digest_to_ascii (unsigned char digest[16])
|
|
660 |
-{
|
|
661 |
- static char hex_digits[] = "0123456789abcdef";
|
|
662 |
- char *res;
|
|
663 |
- int i;
|
|
664 |
-
|
|
665 |
- res = g_malloc (33);
|
|
666 |
-
|
|
667 |
- for (i = 0; i < 16; i++) {
|
|
668 |
- res[2*i] = hex_digits[digest[i] >> 4];
|
|
669 |
- res[2*i+1] = hex_digits[digest[i] & 0xf];
|
|
670 |
- }
|
|
671 |
-
|
|
672 |
- res[32] = 0;
|
|
673 |
-
|
|
674 |
- return res;
|
|
675 |
-}
|
|
676 |
-
|
|
677 |
-
|
|
678 |
/*
|
|
679 |
* Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
|
|
680 |
* initialization constants.
|
|
681 |
@@ -289,3 +322,4 @@ gnome_keyring_md5_transform (guint32 buf
|
|
682 |
buf[3] += d;
|
|
683 |
}
|
|
684 |
|
|
685 |
+#endif /* HAVE_PKCS11 */
|
|
686 |
diff -urNp gnome-keyring-0.4.5/md5.h gnome-keyring-0.4.5-hacked/md5.h
|
|
687 |
--- gnome-keyring-0.4.5/md5.h 2003-12-02 00:25:55.000000000 +1300
|
|
688 |
+++ gnome-keyring-0.4.5-hacked/md5.h 2005-09-18 21:14:54.065770008 +1200
|
|
689 |
@@ -2,14 +2,18 @@
|
|
690 |
#define MD5_H
|
|
691 |
|
|
692 |
#include <glib.h>
|
|
693 |
+#include "config.h"
|
|
694 |
|
|
695 |
+char *gnome_keyring_md5_digest_to_ascii (unsigned char *, guint32);
|
|
696 |
+int gnome_keyring_md5_digest(guchar *, guint32 , guchar *, guint32 );
|
4395
|
697 |
+
|
5924
|
698 |
+#ifndef HAVE_PKCS11
|
|
699 |
struct GnomeKeyringMD5Context {
|
|
700 |
guint32 buf[4];
|
|
701 |
guint32 bits[2];
|
|
702 |
unsigned char in[64];
|
|
703 |
};
|
|
704 |
|
|
705 |
-char *gnome_keyring_md5_digest_to_ascii (unsigned char digest[16]);
|
|
706 |
void gnome_keyring_md5_string (const char *string,
|
|
707 |
unsigned char digest[16]);
|
|
708 |
void gnome_keyring_md5_init (struct GnomeKeyringMD5Context *ctx);
|
|
709 |
@@ -19,4 +23,6 @@ void gnome_keyring_md5_update
|
|
710 |
void gnome_keyring_md5_final (unsigned char digest[16],
|
|
711 |
struct GnomeKeyringMD5Context *ctx);
|
|
712 |
|
|
713 |
+#endif /* HAVE_PKCS11 */
|
4395
|
714 |
+
|
5924
|
715 |
#endif /* MD5_h */
|
|
716 |
diff -urNp gnome-keyring-0.4.5/sha256.c gnome-keyring-0.4.5-hacked/sha256.c
|
|
717 |
--- gnome-keyring-0.4.5/sha256.c 2003-12-05 23:34:36.000000000 +1300
|
|
718 |
+++ gnome-keyring-0.4.5-hacked/sha256.c 2005-09-18 21:14:54.066769856 +1200
|
|
719 |
@@ -30,6 +30,7 @@
|
|
720 |
# include "config.h"
|
|
721 |
#endif
|
|
722 |
|
|
723 |
+#ifndef HAVE_PKCS11
|
|
724 |
#include "sha256.h"
|
|
725 |
|
|
726 |
static void
|
|
727 |
@@ -381,3 +382,5 @@ int sha256Digest(register sha256Param* s
|
|
728 |
|
|
729 |
/*!\}
|
|
730 |
*/
|
|
731 |
+
|
|
732 |
+#endif /* !HAVE_PKCS11 */
|
|
733 |
diff -urNp gnome-keyring-0.4.5/sha256.h gnome-keyring-0.4.5-hacked/sha256.h
|
|
734 |
--- gnome-keyring-0.4.5/sha256.h 2003-12-05 23:34:36.000000000 +1300
|
|
735 |
+++ gnome-keyring-0.4.5-hacked/sha256.h 2005-09-18 21:14:54.066769856 +1200
|
|
736 |
@@ -26,6 +26,10 @@
|
|
737 |
#ifndef _SHA256_H
|
|
738 |
#define _SHA256_H
|
4395
|
739 |
|
5924
|
740 |
+#include "config.h"
|
|
741 |
+
|
|
742 |
+#ifndef HAVE_PKCS11
|
|
743 |
+
|
|
744 |
#include <glib.h>
|
|
745 |
#include "beecrypt_compat.h"
|
|
746 |
|
|
747 |
@@ -105,3 +109,5 @@ int sha256Digest (sha256Param* sp, byte
|
|
748 |
#endif
|
|
749 |
|
|
750 |
#endif
|
|
751 |
+
|
|
752 |
+#endif /* !HAVE_PKCS11 */
|