[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: generic crypto
From: |
Ralf Wildenhues |
Subject: |
Re: generic crypto |
Date: |
Thu, 6 Oct 2005 17:04:20 +0200 |
User-agent: |
Mutt/1.5.11 |
* Simon Josefsson wrote on Thu, Oct 06, 2005 at 03:39:20PM CEST:
>
> I'm sure there are plenty of other problems too, but this passes self
> tests in GNU SASL so it is fairly complete... Once this is installed,
> I can continue to add the modules that GnuTLS needs, which include
> encryption modules such as DES and AES.
Random notes from source code reading below.
Cheers,
Ralf
> Index: lib/gc-gnulib.c
> ===================================================================
> RCS file: lib/gc-gnulib.c
> diff -N lib/gc-gnulib.c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ lib/gc-gnulib.c 5 Oct 2005 15:46:17 -0000
> @@ -0,0 +1,149 @@
> +/* gc-gl-common.c --- Common gnulib internal crypto interface functions
> + * Copyright (C) 2002, 2003, 2004, 2005 Simon Josefsson
> + *
> + * This file is part of GC.
> + *
> + * GC is free software; you can redistribute it and/or modify it under
> + * the terms of the GNU Lesser General Public License as published by
> + * the Free Software Foundation; either version 2.1 of the License, or
> + * (at your option) any later version.
> + *
> + * GC is distributed in the hope that it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
> + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
> + * Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License License along with GC; if not, write to the Free Software
> + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
> + * USA
> + *
> + */
> +
> +/* Note: This file is only built if GC uses internal functions. */
> +
> +#if HAVE_CONFIG_H
Please use ifdef.
> +# include <config.h>
> +#endif
> +
> +#include <stdlib.h>
> +
> +/* Get prototype. */
> +#include <gc.h>
> +
> +/* For randomize. */
> +#include <unistd.h>
> +#include <sys/types.h>
> +#include <sys/stat.h>
> +#include <fcntl.h>
> +
> +#include <string.h>
> +
> +int
> +gc_init (void)
> +{
> + return 0;
> +}
> +
> +void
> +gc_done (void)
> +{
> + return;
> +}
> +
> +/* Randomness. */
> +
> +static int
> +randomize (int level, char *data, size_t datalen)
> +{
> + int fd;
> + const char *device;
> + size_t len = 0;
> + int rc;
> +
> + switch (level)
> + {
> + case 0:
> + device = NAME_OF_NONCE_DEVICE;
> + break;
> +
> + case 1:
> + device = NAME_OF_PSEUDO_RANDOM_DEVICE;
> + break;
> +
> + default:
> + device = NAME_OF_RANDOM_DEVICE;
> + break;
> + }
> +
> + fd = open (device, O_RDONLY);
> + if (fd < 0)
> + return GC_RANDOM_ERROR;
> +
> + do
> + {
> + ssize_t tmp;
> +
> + tmp = read (fd, data, datalen);
> +
> + if (tmp < 0)
> + return GC_RANDOM_ERROR;
return here will leak a file descriptor.
> +
> + len += tmp;
> + }
> + while (len < datalen);
> +
> + rc = close (fd);
> + if (rc < 0)
> + return GC_RANDOM_ERROR;
> +
> + return GC_OK;
> +}
> +
> +int
> +gc_nonce (char *data, size_t datalen)
> +{
> + return randomize (0, data, datalen);
> +}
> +
> +int
> +gc_pseudo_random (char *data, size_t datalen)
> +{
> + return randomize (1, data, datalen);
> +}
> +
> +int
> +gc_random (char *data, size_t datalen)
> +{
> + return randomize (2, data, datalen);
> +}
> +
> +/* Memory allocation. */
> +
> +void
> +gc_set_allocators (gc_malloc_t func_malloc,
> + gc_malloc_t secure_malloc,
> + gc_secure_check_t secure_check,
> + gc_realloc_t func_realloc, gc_free_t func_free)
> +{
> + return;
> +}
> +
> +#include "md5.h"
> +
> +int
> +gc_md5 (const void *in, size_t inlen, void *resbuf)
> +{
> + md5_buffer (in, inlen, resbuf);
> + return 0;
> +}
> +
> +#include "hmac.h"
> +
> +int
> +gc_hmac_md5 (const void *key, size_t keylen,
> + const void *in, size_t inlen, char *resbuf)
> +{
> + hmac_md5 (key, keylen, in, inlen, resbuf);
> + return 0;
> +}
> Index: lib/gc-libgcrypt.c
> ===================================================================
> RCS file: lib/gc-libgcrypt.c
> diff -N lib/gc-libgcrypt.c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ lib/gc-libgcrypt.c 5 Oct 2005 15:46:17 -0000
> @@ -0,0 +1,156 @@
> +/* gc-libgcrypt.c --- Crypto wrappers around Libgcrypt for GC.
> + * Copyright (C) 2002, 2003, 2004, 2005 Simon Josefsson
> + *
> + * This file is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published
> + * by the Free Software Foundation; either version 2, or (at your
> + * option) any later version.
> + *
> + * This file is distributed in the hope that it will be useful, but
> + * WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this file; if not, write to the Free Software
> + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> + * 02110-1301, USA.
> + *
> + */
> +
> +/* Note: This file is only built if GC uses Libgcrypt. */
> +
> +#if HAVE_CONFIG_H
See above.
> +# include <config.h>
> +#endif
> +
> +/* Get prototype. */
> +#include "gc.h"
> +
> +/* Get libgcrypt API. */
> +#include <gcrypt.h>
> +
> +#include <assert.h>
> +
> +/* Initialization. */
> +
> +int
> +gc_init (void)
> +{
> + gcry_error_t err;
> +
> + err = gcry_control (GCRYCTL_ANY_INITIALIZATION_P);
> + if (err == GPG_ERR_NO_ERROR)
> + {
> + if (gcry_check_version (GCRYPT_VERSION) == NULL)
> + return GC_INIT_ERROR;
> +
> + err = gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
> + if (err != GPG_ERR_NO_ERROR)
> + return GC_INIT_ERROR;
> + }
> +
> + return GC_OK;
> +}
> +
> +void
> +gc_done (void)
> +{
> + return;
> +}
> +
> +/* Randomness. */
> +
> +int
> +gc_nonce (char *data, size_t datalen)
> +{
> + gcry_create_nonce ((unsigned char *) data, datalen);
> + return GC_OK;
> +}
> +
> +int
> +gc_pseudo_random (char *data, size_t datalen)
> +{
> + gcry_randomize ((unsigned char *) data, datalen, GCRY_STRONG_RANDOM);
> + return GC_OK;
> +}
> +
> +int
> +gc_random (char *data, size_t datalen)
> +{
> + gcry_randomize ((unsigned char *) data, datalen, GCRY_VERY_STRONG_RANDOM);
> + return GC_OK;
> +}
> +
> +/* Memory allocation. */
> +
> +void
> +gc_set_allocators (gc_malloc_t func_malloc,
> + gc_malloc_t secure_malloc,
> + gc_secure_check_t secure_check,
> + gc_realloc_t func_realloc, gc_free_t func_free)
> +{
> + gcry_set_allocation_handler (func_malloc, secure_malloc, secure_check,
> + func_realloc, func_free);
> +}
> +
> +/* One-call interface. */
> +
> +int
> +gc_md5 (const void *in, size_t inlen, void *resbuf)
> +{
> + size_t outlen = gcry_md_get_algo_dlen (GCRY_MD_MD5);
> + gcry_md_hd_t hd;
> + gpg_error_t err;
> + unsigned char *p;
> +
> + assert (outlen == 16);
> +
> + err = gcry_md_open (&hd, GCRY_MD_MD5, 0);
> + if (err != GPG_ERR_NO_ERROR)
> + return GC_INVALID_HASH;
> +
> + gcry_md_write (hd, in, inlen);
> +
> + p = gcry_md_read (hd, GCRY_MD_MD5);
> + if (p == NULL)
> + return GC_INVALID_HASH;
return will leak whatever gcry_md_close cleans up.
> +
> + memcpy (resbuf, p, outlen);
> +
> + gcry_md_close (hd);
> +
> + return GC_OK;
> +}
> +
> +int
> +gc_hmac_md5 (const void *key, size_t keylen,
> + const void *in, size_t inlen, char *resbuf)
> +{
> + size_t hlen = gcry_md_get_algo_dlen (GCRY_MD_MD5);
> + gcry_md_hd_t mdh;
> + unsigned char *hash;
> + gpg_error_t err;
> +
> + assert (hlen == 16);
> +
> + err = gcry_md_open (&mdh, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
> + if (err != GPG_ERR_NO_ERROR)
> + return GC_INVALID_HASH;
> +
> + err = gcry_md_setkey (mdh, key, keylen);
> + if (err != GPG_ERR_NO_ERROR)
> + return GC_INVALID_HASH;
> +
> + gcry_md_write (mdh, in, inlen);
> +
> + hash = gcry_md_read (mdh, GCRY_MD_MD5);
> + if (hash == NULL)
> + return GC_INVALID_HASH;
See above.
> +
> + memcpy (resbuf, hash, hlen);
> +
> + gcry_md_close (mdh);
> +
> + return GC_OK;
> +}
> Index: tests/test-gc.c
> ===================================================================
> RCS file: tests/test-gc.c
> diff -N tests/test-gc.c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ tests/test-gc.c 5 Oct 2005 15:46:17 -0000
> @@ -0,0 +1,104 @@
> +/*
> + * Copyright (C) 2005 Free Software Foundation
> + * Written by Simon Josefsson
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2, or (at your option)
> + * any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> + * 02110-1301, USA. */
> +
> +#if HAVE_CONFIG_H
See above.
> +# include <config.h>
> +#endif
*snip*