commit c2fd013035998e0bba49b82e33996a99c9cbb5a7
parent f0e15c95a339726d2f4dfdca54fb2c04a846ee85
Author: lash <dev@holbrook.no>
Date: Fri, 5 Apr 2024 10:13:33 +0100
Remove digestlength stack smash bug in digest calc
Diffstat:
6 files changed, 25 insertions(+), 71 deletions(-)
diff --git a/src/digest.c b/src/digest.c
@@ -13,9 +13,7 @@ int calculate_digest_algo(const char *in, size_t in_len, char *out, enum gcry_md
if (algo == GCRY_MD_NONE) {
algo = GCRY_MD_SHA256;
}
- if (digest_len == 0) {
- digest_len = gcry_md_get_algo_dlen(algo);
- }
+ digest_len = gcry_md_get_algo_dlen(algo);
e = gcry_md_open(&h, algo, GCRY_MD_FLAG_SECURE);
if (e) {
diff --git a/src/gpg.c b/src/gpg.c
@@ -13,7 +13,6 @@
#define BUFLEN 1024 * 1024
-//const char *gpgVersion = nullptr;
const char *gpgVersion = NULL;
@@ -35,7 +34,6 @@ static void padb(char *data, size_t outsize, size_t insize) {
gcry_randomize(data + insize, outsize - insize, GCRY_STRONG_RANDOM);
}
-//void pad(char *indata_raw, size_t outsize, std::string indata) {
static void pad(char *indata_raw, size_t outsize, const char *indata) { //std::string indata) {
int l;
@@ -91,7 +89,6 @@ int encryptb (char *ciphertext, size_t ciphertext_len, const char *indata, size_
return ERR_OK;
}
-//int encrypt(char *ciphertext, size_t ciphertext_len, std::string indata, const char *key, const char *nonce) {
int encrypt(char *ciphertext, size_t ciphertext_len, const char *indata, const char *key, const char *nonce) {
int r;
gcry_cipher_hd_t h;
@@ -135,7 +132,6 @@ int decryptb(char *outdata, const char *ciphertext, size_t ciphertext_len, const
}
-//int decrypt(std::string *outdata, const char *ciphertext, size_t ciphertext_len, const char *key, const char *nonce) {
int decrypt(char *outdata, const char *ciphertext, size_t ciphertext_len, const char *key, const char *nonce) {
int r;
gcry_cipher_hd_t h;
@@ -298,15 +294,11 @@ static int sign(gcry_sexp_t *out, gcry_sexp_t *key, const char *v) {
return 0;
}
-//char *GpgStore::get_fingerprint() {
-// return m_fingerprint;
-//}
char *gpg_store_get_fingerprint(struct gpg_store *gpg) {
return gpg->fingerprint;
}
-//int GpgStore::digest(char *out, std::string in) {
int gpg_store_digest(struct gpg_store *gpg, char *out, const char *in) {
const char *s;
size_t l;
@@ -317,9 +309,6 @@ int gpg_store_digest(struct gpg_store *gpg, char *out, const char *in) {
return calculate_digest(s, l, out); //, m_passphrase_digest_len);
}
-//GpgStore::GpgStore() {
-// m_passphrase_digest_len = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
-//}
/// \todo handle path length limit
void gpg_store_init(struct gpg_store *gpg, const char *path) {
gpg->passphrase_digest_len = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
@@ -327,8 +316,6 @@ void gpg_store_init(struct gpg_store *gpg, const char *path) {
}
-//int GpgStore::check(std::string p, std::string passphrase) {
-//int gpg_store_check(struct gpg_store *gpg, const char *p, const char *passphrase) {
int gpg_store_check(struct gpg_store *gpg, const char *passphrase) {
int r;
const char *v;
@@ -363,7 +350,7 @@ int gpg_store_check(struct gpg_store *gpg, const char *passphrase) {
char pp[2048];
//sprintf(pp, "could not decrypt key in %s/key.bin", p.c_str());
sprintf(pp, "could not decrypt key in %s/key.bin", p);
- debug_log(DEBUG_CRITICAL, pp);
+ debug_log(DEBUG_INFO, pp);
return 1;
}
if (r != ERR_OK) {
diff --git a/src/gpg.h b/src/gpg.h
@@ -25,7 +25,6 @@ struct gpg_store {
* \sa encryptb
*
*/
-//int encrypt(char *ciphertext, size_t ciphertext_len, std::string indata, const char *key, const char *nonce);
int encrypt(char *ciphertext, size_t ciphertext_len, const char *indata, const char *key, const char *nonce);
/**
@@ -52,7 +51,6 @@ int encryptb (char *ciphertext, size_t ciphertext_len, const char *indata, size_
* \sa decryptb
*
*/
-//int decrypt(std::string *outdata, const char *ciphertext, size_t ciphertext_len, const char *key, const char *nonce);
int decrypt(char *outdata, const char *ciphertext, size_t ciphertext_len, const char *key, const char *nonce);
/**
@@ -88,45 +86,5 @@ void gpg_store_init(struct gpg_store *gpg, const char *path);
int gpg_store_check(struct gpg_store *gpg, const char *passphrase);
int gpg_store_digest(struct gpg_store *gpg, char *out, const char *in);
char *gpg_store_get_fingerprint(struct gpg_store *gpg);
-//
-///**
-// *
-// * \brief Interface to the encrypted key storage for both identity public key and the key used for encryption of the identity public key.
-// *
-// */
-//class GpgStore {
-//
-// public:
-// /// Sets correct context values for underlying \c gcrypt operations.
-// GpgStore();
-// /**
-// *
-// * Attempts to decrypt the identity public key with the given passphrase.
-// *
-// * If no public key exists, one will be created and encrypted using the passphrase.
-// *
-// * \param p path to key store
-// * \param passphrase passphrase for public key encryption
-// * \return 0 if successful, any other value indicates an error
-// *
-// */
-// int check(std::string p, std::string passphrase);
-// /**
-// *
-// * Returns the fingerprint of the identity public key.
-// *
-// * \return 160-bit fingerprint value
-// */
-// char *get_fingerprint();
-//
-// private:
-// /// calculates sha256 digest for the given string value, using secure memory
-// int digest(char *out, std::string in);
-// //const char *m_version;
-// //char *m_seckey;
-// /// cached fingerprint value, in string format with zero terminator
-// char m_fingerprint[41];
-// /// cached digest length of sha256
-// unsigned int m_passphrase_digest_len;
-//};
+
#endif
diff --git a/src/gtk/kee-key.c b/src/gtk/kee-key.c
@@ -5,17 +5,16 @@
#include "gpg.h"
#include "err.h"
-
typedef struct {
} KeeKeyPrivate;
-struct _KeeKEyClass {
+struct _KeeKeyClass {
GtkWidget parent_class;
};
struct _KeeKey {
GtkWidget parent;
- struct gpg_store gpg;
+ struct gpg_store *gpg;
};
G_DEFINE_TYPE(KeeKey, kee_key, GTK_TYPE_BOX);
@@ -25,12 +24,12 @@ static guint kee_sigs[KEE_N_KEY_SIGS] = {0,};
static void kee_key_set_property(GObject *oo, guint property_id, const GValue *value, GParamSpec *pspec) {
KeeKey *o = KEE_KEY(oo);
- gchar *s;
+ const gchar *s;
switch((enum KEE_KEY_PROPS)property_id) {
case KEE_P_KEY_STORE_PATH:
s = g_value_get_string(value);
- gpg_store_init(&o->gpg, (char*)s);
+ gpg_store_init(o->gpg, (char*)s);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID(oo, property_id, pspec);
@@ -42,7 +41,7 @@ static void kee_key_get_property(GObject *oo, guint property_id, GValue *value,
switch((enum KEE_KEY_PROPS)property_id) {
case KEE_P_KEY_STORE:
- g_value_set_pointer(value, &o->gpg);
+ g_value_set_pointer(value, o->gpg);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID(oo, property_id, pspec);
@@ -84,6 +83,11 @@ static void kee_key_class_init(KeeKeyClass *kls) {
}
static void kee_key_init(KeeKey *o) {
+ o->gpg = malloc(sizeof(struct gpg_store));
+}
+
+static void kee_key_finalize(KeeKey *o) {
+ free(o->gpg);
}
static void kee_key_handle_unlock_click(GtkWidget *button, KeeKey *o) {
@@ -100,13 +104,13 @@ static void kee_key_handle_unlock_click(GtkWidget *button, KeeKey *o) {
g_object_get_property(G_OBJECT(o), "keystore", &v);
gpg = g_value_get_pointer(&v);
+ r = gpg_store_check(gpg, passphrase);
if (r) {
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_INFO, "wrong passphrase");
return;
}
g_signal_emit(o, kee_sigs[KEE_S_KEY_UNLOCKED], 0);
-
gtk_entry_buffer_delete_text(buf, 0, gtk_entry_buffer_get_length(buf));
}
@@ -131,3 +135,8 @@ KeeKey* kee_key_new(const char *key_path) {
return o;
}
+
+const char *kee_key_get_fingerprint(KeeKey *o, char *fingerprint) {
+ strcpy(fingerprint, o->gpg->fingerprint);
+ return fingerprint;
+}
diff --git a/src/gtk/kee-key.h b/src/gtk/kee-key.h
@@ -23,7 +23,6 @@ enum KEE_KEY_SIGS {
G_END_DECLS
KeeKey* kee_key_new();
+const char *kee_key_get_fingerprint(KeeKey *o, char *fingerprint);
#endif // _GTK_KEE_KEY_H
-
-
diff --git a/src/gtk/ui.c b/src/gtk/ui.c
@@ -18,11 +18,14 @@
#include "kee-key.h"
-static void ui_handle_unlock(GtkWidget *widget, KeeMenu *menu) {
+static void ui_handle_unlock(KeeKey *o, KeeMenu *menu) {
kee_state_t state_delta;
+ char fingerprint[41];
kee_state_zero(&state_delta);
-
+ kee_key_get_fingerprint(o, fingerprint);
+ gtk_window_set_title(GTK_WINDOW(menu), fingerprint);
+
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_INFO, "key is unlocked");
kee_menu_prev(menu);
}
