[libgnome-keyring] Fix problems negotiating sessions.
- From: Stefan Walter <stefw src gnome org>
- To: svn-commits-list gnome org
- Cc:
- Subject: [libgnome-keyring] Fix problems negotiating sessions.
- Date: Fri, 11 Dec 2009 01:36:23 +0000 (UTC)
commit 008b9a014041f0e97bf8d9f6cc6654e92ffd9346
Author: Stef Walter <stef memberwebs com>
Date: Fri Dec 11 00:39:54 2009 +0000
Fix problems negotiating sessions.
Initialize libgcrypt properly, and fix encoding and other
problems with sessions and secrets.
egg/Makefile.am | 1 +
egg/egg-dh.c | 2 +-
egg/egg-libgcrypt.c | 118 +++++++++++++++++++++++++++++++++++++++++++++++++
egg/egg-libgcrypt.h | 30 ++++++++++++
library/gkr-session.c | 33 ++++++++-----
5 files changed, 170 insertions(+), 14 deletions(-)
---
diff --git a/egg/Makefile.am b/egg/Makefile.am
index cf5ecd4..a765a14 100644
--- a/egg/Makefile.am
+++ b/egg/Makefile.am
@@ -14,6 +14,7 @@ libegg_la_CFLAGS = \
libegg_la_SOURCES = \
egg-dbus.c egg-dbus.h \
egg-dh.c egg-dh.h \
+ egg-libgcrypt.c egg-libgcrypt.h \
egg-secure-memory.c egg-secure-memory.h
# -------------------------------------------------------------------
diff --git a/egg/egg-dh.c b/egg/egg-dh.c
index 4a05e8f..a7808f1 100644
--- a/egg/egg-dh.c
+++ b/egg/egg-dh.c
@@ -308,7 +308,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
gcry_error_t gcry;
guchar *value;
gsize n_value;
- gsize offset;
+ gsize offset = 0;
gcry_mpi_t k;
gint bits;
diff --git a/egg/egg-libgcrypt.c b/egg/egg-libgcrypt.c
new file mode 100644
index 0000000..7918e96
--- /dev/null
+++ b/egg/egg-libgcrypt.c
@@ -0,0 +1,118 @@
+/*
+ * gnome-keyring
+ *
+ * Copyright (C) 2008 Stefan Walter
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#include "egg-libgcrypt.h"
+#include "egg-secure-memory.h"
+
+#include <glib.h>
+
+#include <gcrypt.h>
+
+static void
+log_handler (gpointer unused, int unknown, const gchar *msg, va_list va)
+{
+ /* TODO: Figure out additional arguments */
+ g_logv ("gcrypt", G_LOG_LEVEL_MESSAGE, msg, va);
+}
+
+static int
+no_mem_handler (gpointer unused, size_t sz, unsigned int unknown)
+{
+ /* TODO: Figure out additional arguments */
+ g_error ("couldn't allocate %lu bytes of memory",
+ (unsigned long int)sz);
+ return 0;
+}
+
+static void
+fatal_handler (gpointer unused, int unknown, const gchar *msg)
+{
+ /* TODO: Figure out additional arguments */
+ g_log ("gcrypt", G_LOG_LEVEL_ERROR, "%s", msg);
+}
+
+static int
+glib_thread_mutex_init (void **lock)
+{
+ *lock = g_mutex_new ();
+ return 0;
+}
+
+static int
+glib_thread_mutex_destroy (void **lock)
+{
+ g_mutex_free (*lock);
+ return 0;
+}
+
+static int
+glib_thread_mutex_lock (void **lock)
+{
+ g_mutex_lock (*lock);
+ return 0;
+}
+
+static int
+glib_thread_mutex_unlock (void **lock)
+{
+ g_mutex_unlock (*lock);
+ return 0;
+}
+
+static struct gcry_thread_cbs glib_thread_cbs = {
+ GCRY_THREAD_OPTION_USER, NULL,
+ glib_thread_mutex_init, glib_thread_mutex_destroy,
+ glib_thread_mutex_lock, glib_thread_mutex_unlock,
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+void
+egg_libgcrypt_initialize (void)
+{
+ static volatile gsize gcrypt_initialized = 0;
+ unsigned seed;
+
+ if (g_once_init_enter (&gcrypt_initialized)) {
+
+ /* Only initialize libgcrypt if it hasn't already been initialized */
+ if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
+ if (g_thread_supported())
+ gcry_control (GCRYCTL_SET_THREAD_CBS, &glib_thread_cbs);
+ gcry_check_version (LIBGCRYPT_VERSION);
+ gcry_set_log_handler (log_handler, NULL);
+ gcry_set_outofcore_handler (no_mem_handler, NULL);
+ gcry_set_fatalerror_handler (fatal_handler, NULL);
+ gcry_set_allocation_handler ((gcry_handler_alloc_t)g_malloc,
+ (gcry_handler_alloc_t)egg_secure_alloc,
+ egg_secure_check,
+ (gcry_handler_realloc_t)egg_secure_realloc,
+ egg_secure_free);
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ }
+
+ gcry_create_nonce (&seed, sizeof (seed));
+ srand (seed);
+
+ g_once_init_leave (&gcrypt_initialized, 1);
+ }
+}
diff --git a/egg/egg-libgcrypt.h b/egg/egg-libgcrypt.h
new file mode 100644
index 0000000..84bce7e
--- /dev/null
+++ b/egg/egg-libgcrypt.h
@@ -0,0 +1,30 @@
+/*
+ * gnome-keyring
+ *
+ * Copyright (C) 2008 Stefan Walter
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#ifndef EGG_LIBGCRYPT_H_
+#define EGG_LIBGCRYPT_H_
+
+/* Initializes libgcrypt for use in a glib program */
+void egg_libgcrypt_initialize (void);
+
+#endif /* EGG_LIBGCRYPT_H_ */
diff --git a/library/gkr-session.c b/library/gkr-session.c
index bb23a3f..cc2e178 100644
--- a/library/gkr-session.c
+++ b/library/gkr-session.c
@@ -29,6 +29,7 @@
#include <gcrypt.h>
#include "egg/egg-dh.h"
+#include "egg/egg-libgcrypt.h"
#include "egg/egg-secure-memory.h"
struct _GkrSession {
@@ -223,7 +224,7 @@ decode_open_session_aes (DBusMessage *message, gcry_mpi_t *peer, const char **pa
g_assert (path);
/* Parse the incomming message */
- if (dbus_message_has_signature (message, "vo"))
+ if (!dbus_message_has_signature (message, "vo"))
return FALSE;
if (!dbus_message_iter_init (message, &iter))
g_return_val_if_reached (FALSE);
@@ -234,10 +235,10 @@ decode_open_session_aes (DBusMessage *message, gcry_mpi_t *peer, const char **pa
dbus_message_iter_get_fixed_array (&array, &buffer, &n_buffer);
if (!dbus_message_iter_next (&iter))
g_return_val_if_reached (FALSE);
- dbus_message_iter_get_basic (&iter, &path);
+ dbus_message_iter_get_basic (&iter, path);
gcry = gcry_mpi_scan (peer, GCRYMPI_FMT_USG, buffer, n_buffer, NULL);
- return (gcry != 0);
+ return (gcry == 0);
}
static void
@@ -303,7 +304,7 @@ on_open_session_aes (GkrOperation *op, DBusMessage *reply, gpointer user_data)
static void
session_negotiate_aes (GkrOperation *op)
{
- DBusMessageIter iter, variant;
+ DBusMessageIter iter, variant, array;
gcry_mpi_t prime, base, pub, priv;
const char *algorithm = "dh-ietf1024-aes128-cbc-pkcs7";
gboolean ret;
@@ -314,6 +315,8 @@ session_negotiate_aes (GkrOperation *op)
g_assert (op);
+ egg_libgcrypt_initialize ();
+
prime = base = pub = priv = NULL;
ret = egg_dh_default_params ("ietf-ike-grp-modp-1024", &prime, &base) &&
egg_dh_gen_pair (prime, base, 0, &pub, &priv);
@@ -328,12 +331,14 @@ session_negotiate_aes (GkrOperation *op)
dbus_message_iter_init_append (req, &iter);
dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &algorithm);
dbus_message_iter_open_container (&iter, DBUS_TYPE_VARIANT, "ay", &variant);
+ dbus_message_iter_open_container (&variant, DBUS_TYPE_ARRAY, "y", &array);
gcry = gcry_mpi_aprint (GCRYMPI_FMT_USG, &buffer, &n_buffer, pub);
g_return_if_fail (gcry == 0);
- dbus_message_iter_append_fixed_array (&variant, DBUS_TYPE_BYTE, &buffer, n_buffer);
+ dbus_message_iter_append_fixed_array (&array, DBUS_TYPE_BYTE, &buffer, n_buffer);
gcry_free (buffer);
+ dbus_message_iter_close_container (&variant, &array);
dbus_message_iter_close_container (&iter, &variant);
gkr_operation_push (op, on_open_session_aes, GKR_CALLBACK_OP_MSG,
@@ -379,16 +384,18 @@ static gboolean
session_encode_secret (DBusMessageIter *iter, const gchar *path, gconstpointer parameter,
gsize n_parameter, gconstpointer secret, gsize n_secret)
{
- DBusMessageIter struc;
+ DBusMessageIter struc, array;
/* Write out the result message */
- if (!dbus_message_iter_open_container (iter, DBUS_TYPE_STRUCT, NULL, &struc))
- g_return_val_if_reached (FALSE);
- dbus_message_iter_append_basic (iter, DBUS_TYPE_STRING, &path);
- dbus_message_iter_append_fixed_array (iter, DBUS_TYPE_BYTE, ¶meter, n_parameter);
- dbus_message_iter_append_fixed_array (iter, DBUS_TYPE_BYTE, &secret, n_secret);
- if (!dbus_message_iter_close_container (iter, &struc))
- g_return_val_if_reached (FALSE);
+ dbus_message_iter_open_container (iter, DBUS_TYPE_STRUCT, NULL, &struc);
+ dbus_message_iter_append_basic (&struc, DBUS_TYPE_OBJECT_PATH, &path);
+ dbus_message_iter_open_container (&struc, DBUS_TYPE_ARRAY, "y", &array);
+ dbus_message_iter_append_fixed_array (&array, DBUS_TYPE_BYTE, ¶meter, n_parameter);
+ dbus_message_iter_close_container (&struc, &array);
+ dbus_message_iter_open_container (&struc, DBUS_TYPE_ARRAY, "y", &array);
+ dbus_message_iter_append_fixed_array (&array, DBUS_TYPE_BYTE, &secret, n_secret);
+ dbus_message_iter_close_container (&struc, &array);
+ dbus_message_iter_close_container (iter, &struc);
return TRUE;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
