gcrypt.c (30180B)
1 #ifdef LQ_GPG 2 3 #define GPG_MIN_VERSION "1.10.2" 4 #define GPG_KEY_TYP 1 5 6 #include <gcrypt.h> 7 #include <rerr.h> 8 #include <llog.h> 9 #include <hex.h> 10 11 #include "lq/crypto.h" 12 #include "lq/io.h" 13 #include "lq/mem.h" 14 #include "lq/config.h" 15 #include "lq/err.h" 16 #include "lq/store.h" 17 #include "lq/base.h" 18 #include "debug.h" 19 20 #define CHACHA20_KEY_LENGTH_BYTES 32 21 #define CHACHA20_NONCE_LENGTH_BYTES 12 22 #define POLY1305_MAC_LEN 16 23 #define POLY1305_MAC_KEYLEN 32 24 25 /// Lookup mode for key in store. 26 enum gpg_find_mode_e { 27 GPG_FIND_MAIN, ///< Use default key filename. 28 GPG_FIND_ORCREATE, ///< Create a new key if not found. 29 GPG_FIND_FINGERPRINT, ///< Load only the key matching the fingerprint. 30 }; 31 32 /// TODO: move create mode to lq/crypto settings 33 #ifdef GPG_NOCREATE 34 static enum gpg_find_mode_e default_mode = GPG_FIND_MAIN; 35 #else 36 static enum gpg_find_mode_e default_mode = GPG_FIND_ORCREATE; 37 #endif 38 39 extern char zeros[65]; 40 41 /** 42 * gcrypt implementation of the crypto interface. 43 * 44 * The same structure is used in both LQPrivKey and LQPubKey. 45 * 46 */ 47 struct gpg_store { 48 gcry_sexp_t k; ///< S-expression representing the current object type. 49 char fingerprint[LQ_FP_LEN]; ///< Fingerprint, used for LQPubKey. 50 char public_key[LQ_PUBKEY_LEN]; ///< Literal, uncompressed public key bytes. Used in LQPubKey. 51 char last_signature[LQ_SIGN_LEN]; ///< Stores the latest signature data generated by lq_privatekey_sign. 52 char last_data[LQ_DIGEST_LEN]; ///< Stores the last digest data that was signed using lq_privatekey_sign. 53 }; 54 55 /// store gpg library version. 56 static char *gpg_version = NULL; 57 58 /// directory holding crypto keys. 59 static int gpg_cfg_idx_dir; 60 61 /// default digest id. 62 static int gpg_passphrase_digest = GCRY_MD_SHA512; 63 64 /// zero fp value 65 const static char gpg_fingerprint_zero[LQ_FP_LEN]; 66 67 const static char gpg_default_store_key; 68 69 static LQStore *gpg_key_store; 70 71 /** 72 * Verifies that installed gpg version is supported. 73 * Sets up crypto keys dir and sets passphrase digest length. 74 * 75 * \todo replace path massage with cwalk lib 76 */ 77 int lq_crypto_init(const char *base) { 78 int r; 79 int l = 0; 80 char *p; 81 char path[LQ_PATH_MAX]; 82 83 lq_zero(path, LQ_PATH_MAX); 84 if (gpg_version == NULL) { 85 gpg_version = (char*)gcry_check_version(GPG_MIN_VERSION); 86 if (gpg_version == NULL) { 87 return debug_logerr(LLOG_ERROR, ERR_NOCRYPTO, "broken"); 88 } 89 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); 90 if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) { 91 return debug_logerr(LLOG_ERROR, ERR_NOCRYPTO, "init gcrypt"); 92 } 93 } 94 debug_x(LLOG_DEBUG, "gpg", "using gpg", 1, MORGEL_TYP_STR, 0, "version", gpg_version); 95 96 gpg_cfg_idx_dir = lq_config_register(LQ_TYP_STR, "CRYPTODIR"); 97 98 p = path; 99 l = strlen(base); 100 lq_cpy(p, base, l); 101 if (path[l] != '/') { 102 path[l] = '/'; 103 path[l+1] = 0; 104 } 105 106 r = lq_config_set(gpg_cfg_idx_dir, path); 107 if (r) { 108 return ERR_FAIL; 109 } 110 gpg_key_store = lq_store_new(path); 111 if (gpg_key_store == NULL) { 112 return ERR_STORE_AVAIL; 113 } 114 115 return ERR_OK; 116 } 117 118 size_t get_padsize(size_t insize, size_t blocksize) { 119 size_t c; 120 size_t l; 121 size_t m; 122 123 c = insize + 1; 124 l = c / blocksize; 125 m = c % blocksize; 126 if (m) { 127 l++; 128 } 129 return l * blocksize; 130 } 131 132 static void padb(char *data, size_t outsize, size_t insize) { 133 gcry_randomize(data + insize, outsize - insize, GCRY_STRONG_RANDOM); 134 } 135 136 static void pad(char *indata_raw, size_t outsize, const char *indata) { //std::string indata) { 137 int l; 138 139 strcpy(indata_raw, indata); 140 l = strlen(indata) + 1; 141 padb(indata_raw, outsize, l); 142 } 143 144 static int create_handle(gcry_cipher_hd_t *h, const char *key, const char *nonce) { 145 const char *p; 146 gcry_error_t e; 147 148 e = gcry_cipher_open(h, GCRY_CIPHER_CHACHA20, GCRY_CIPHER_MODE_POLY1305, GCRY_CIPHER_SECURE); 149 if (e) { 150 p = gcry_strerror(e); 151 return debug_logerr(LLOG_ERROR, ERR_FAIL, (char*)p); 152 } 153 e = gcry_cipher_setkey(*h, key, CHACHA20_KEY_LENGTH_BYTES); 154 if (e) { 155 return ERR_FAIL; 156 } 157 e = gcry_cipher_setiv(*h, nonce, CHACHA20_NONCE_LENGTH_BYTES); 158 if (e) { 159 return ERR_FAIL; 160 } 161 return ERR_OK; 162 } 163 164 165 static void free_handle(gcry_cipher_hd_t *h) { 166 gcry_cipher_close(*h); 167 } 168 169 // Puts mac in mac and newly generated mac key in mac_key 170 // in is a buffer of in_len which must be cipher blocksize. 171 // no data validation checking is done. 172 static int create_mac(char *mac, char *mac_key, const char *in, size_t in_len) { 173 int r; 174 char *p; 175 size_t maclen; 176 gcry_mac_hd_t h; 177 gcry_error_t e; 178 179 r = gcry_mac_open(&h, GCRY_MAC_POLY1305, 0, NULL); 180 if (r) { 181 return r; 182 } 183 184 e = gcry_mac_setkey(h, mac_key, POLY1305_MAC_KEYLEN); 185 if (e) { 186 gcry_mac_close(h); 187 p = (char*)gcry_strerror(e); 188 return debug_logerr(LLOG_ERROR, ERR_CIPHER, p); 189 } 190 191 e = gcry_mac_write(h, in, in_len); 192 if (e) { 193 gcry_mac_close(h); 194 p = (char*)gcry_strerror(e); 195 return debug_logerr(LLOG_ERROR, ERR_CIPHER, p); 196 } 197 198 maclen = POLY1305_MAC_LEN; 199 e = gcry_mac_read(h, mac, &maclen); 200 if (e) { 201 gcry_mac_close(h); 202 p = (char*)gcry_strerror(e); 203 return debug_logerr(LLOG_ERROR, ERR_CIPHER, p); 204 } 205 206 gcry_mac_close(h); 207 208 if (maclen != POLY1305_MAC_LEN) { 209 p = (char*)gcry_strerror(e); 210 return debug_logerr(LLOG_ERROR, ERR_CIPHER, p); 211 } 212 213 return ERR_OK; 214 } 215 216 static int verify_mac(char *mac, char *mac_key, const char *in, size_t in_len) { 217 int r; 218 char *p; 219 size_t maclen; 220 gcry_mac_hd_t h; 221 gcry_error_t e; 222 223 r = gcry_mac_open(&h, GCRY_MAC_POLY1305, 0, NULL); 224 if (r) { 225 return r; 226 } 227 228 e = gcry_mac_setkey(h, mac_key, POLY1305_MAC_KEYLEN); 229 if (e) { 230 gcry_mac_close(h); 231 p = (char*)gcry_strerror(e); 232 return debug_logerr(LLOG_ERROR, ERR_CIPHER, p); 233 } 234 235 e = gcry_mac_write(h, in, in_len); 236 if (e) { 237 gcry_mac_close(h); 238 p = (char*)gcry_strerror(e); 239 return debug_logerr(LLOG_ERROR, ERR_CIPHER, p); 240 } 241 242 maclen = POLY1305_MAC_LEN; 243 e = gcry_mac_read(h, mac, &maclen); 244 if (e) { 245 gcry_mac_close(h); 246 p = (char*)gcry_strerror(e); 247 return debug_logerr(LLOG_ERROR, ERR_CIPHER, p); 248 } 249 250 e = gcry_mac_verify(h, mac, maclen); 251 if (e) { 252 gcry_mac_close(h); 253 p = (char*)gcry_strerror(e); 254 return debug_logerr(LLOG_ERROR, ERR_CIPHER, p); 255 } 256 257 gcry_mac_close(h); 258 259 if (maclen != POLY1305_MAC_LEN) { 260 p = (char*)gcry_strerror(e); 261 return debug_logerr(LLOG_ERROR, ERR_CIPHER, p); 262 } 263 264 return ERR_OK; 265 } 266 int encryptb (char *ciphertext, size_t ciphertext_len, const char *indata, size_t indata_len, const char *key, const char *nonce) { 267 const char *p; 268 int r; 269 gcry_cipher_hd_t h; 270 gcry_error_t e; 271 char indata_raw[ciphertext_len]; 272 273 r = create_handle(&h, key, nonce); 274 if (r) { 275 return debug_logerr(LLOG_ERROR, ERR_CIPHER, "encrypt handle (bin)"); 276 } 277 lq_cpy(indata_raw, indata, indata_len); 278 padb(indata_raw, ciphertext_len, indata_len); 279 e = gcry_cipher_encrypt(h, (unsigned char*)ciphertext, ciphertext_len, (const unsigned char*)indata_raw, ciphertext_len); 280 if (e) { 281 free_handle(&h); 282 p = gcry_strerror(e); 283 return debug_logerr(LLOG_ERROR, ERR_CIPHER, (char*)p); 284 } 285 286 free_handle(&h); 287 288 289 return ERR_OK; 290 } 291 292 int encrypt(char *ciphertext, size_t ciphertext_len, const char *indata, const char *key, const char *nonce) { 293 char *p; 294 int r; 295 gcry_cipher_hd_t h; 296 gcry_error_t e; 297 char indata_raw[ciphertext_len]; 298 299 r = create_handle(&h, key, nonce); 300 if (r) { 301 return debug_logerr(LLOG_ERROR, ERR_CIPHER, "encrypt handle (str)"); 302 } 303 304 pad(indata_raw, ciphertext_len, indata); 305 e = gcry_cipher_encrypt(h, (unsigned char*)ciphertext, ciphertext_len, (const unsigned char*)indata_raw, ciphertext_len); 306 if (e) { 307 free_handle(&h); 308 p = (char*)gcry_strerror(e); 309 return debug_logerr(LLOG_ERROR, ERR_CIPHER, p); 310 } 311 312 free_handle(&h); 313 314 return ERR_OK; 315 } 316 317 int decryptb(char *outdata, const char *ciphertext, size_t ciphertext_len, const char *key, const char *nonce) { 318 char *p; 319 int r; 320 gcry_cipher_hd_t h; 321 gcry_error_t e; 322 323 r = create_handle(&h, key, nonce); 324 if (r) { 325 return debug_logerr(LLOG_ERROR, ERR_CIPHER, "decrypt handle (bin)"); 326 } 327 328 e = gcry_cipher_decrypt(h, outdata, ciphertext_len, ciphertext, ciphertext_len); 329 if (e) { 330 free_handle(&h); 331 p = (char*)gcry_strerror(e); 332 return debug_logerr(LLOG_ERROR, ERR_CIPHER, p); 333 } 334 335 free_handle(&h); 336 337 return ERR_OK; 338 } 339 340 int decrypt(char *outdata, const char *ciphertext, size_t ciphertext_len, const char *key, const char *nonce) { 341 char *p; 342 int r; 343 gcry_cipher_hd_t h; 344 gcry_error_t e; 345 346 r = create_handle(&h, key, nonce); 347 if (r) { 348 return debug_logerr(LLOG_ERROR, ERR_CIPHER, "decrypt handle (str)"); 349 } 350 351 e = gcry_cipher_decrypt(h, outdata, ciphertext_len, ciphertext, ciphertext_len); 352 if (e) { 353 free_handle(&h); 354 p = (char*)gcry_strerror(e); 355 return debug_logerr(LLOG_ERROR, ERR_CIPHER, p); 356 } 357 358 free_handle(&h); 359 360 return ERR_OK; 361 } 362 363 364 // DIGEST SECTION 365 366 /// Calculate a digest according to the specified algo. 367 static int calculate_digest_algo(const char *in, size_t in_len, char *out, enum gcry_md_algos algo) { 368 gcry_error_t e; 369 gcry_md_hd_t h; 370 unsigned char *v; 371 static unsigned int digest_len; 372 373 if (algo == GCRY_MD_NONE) { 374 algo = GCRY_MD_SHA512; 375 } 376 377 e = gcry_md_open(&h, algo, GCRY_MD_FLAG_SECURE); 378 if (e) { 379 return ERR_ENCODING; 380 } 381 e = gcry_md_enable(h, algo); 382 if (e) { 383 return ERR_COMPAT; 384 } 385 digest_len = gcry_md_get_algo_dlen(algo); 386 387 gcry_md_write(h, in, in_len); 388 v = gcry_md_read(h, 0); 389 lq_cpy(out, v, digest_len); 390 gcry_md_close(h); 391 return ERR_OK; 392 } 393 394 /// Calculate digest using the default hashing algorithm (SHA256) 395 /// using the gcrypt library. 396 int lq_digest(const char *in, size_t in_len, char *out) { 397 return calculate_digest_algo(in, in_len, out, GCRY_MD_NONE); 398 } 399 400 401 /// Apply public key to the gpg_store struct. 402 static int key_apply_public(struct gpg_store *gpg) { 403 char *p; 404 size_t c; 405 gcry_sexp_t one; 406 gcry_sexp_t two; 407 408 one = gcry_sexp_find_token(gpg->k, "public-key", 10); 409 if (one == NULL) { 410 return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "sexp pubkey"); 411 } 412 two = gcry_sexp_find_token(one, "q", 1); 413 if (two == NULL) { 414 gcry_sexp_release(one); 415 return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "sexp q"); 416 } 417 c = LQ_PUBKEY_LEN; 418 p = (char*)gcry_sexp_nth_data(two, 1, &c); 419 if (p == NULL) { 420 gcry_sexp_release(two); 421 gcry_sexp_release(one); 422 return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "sexp first data"); 423 } 424 425 lq_cpy(gpg->public_key, p, LQ_PUBKEY_LEN); 426 gcry_sexp_release(two); 427 gcry_sexp_release(one); 428 p = (char*)gcry_pk_get_keygrip(gpg->k, (unsigned char*)gpg->fingerprint); 429 if (p == NULL) { 430 return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "pubkey fingerprint"); 431 } 432 433 return ERR_OK; 434 } 435 436 /// Create a new gcrypt keypair. 437 static int key_create(struct gpg_store *gpg) { 438 int r; 439 const char *p; 440 const char *sexp_quick = "(genkey(ecc(flags eddsa)(curve Ed25519)))"; 441 gcry_sexp_t in; 442 gcry_error_t e; 443 444 // Set up parameters for key creation. 445 e = gcry_sexp_new(&in, (const void*)sexp_quick, strlen(sexp_quick), 0); 446 if (e) { 447 p = gcry_strerror(e); 448 return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, (char*)p); 449 } 450 451 // Generate a new key with the given parameters. 452 e = gcry_pk_genkey(&gpg->k, in); 453 if (e) { 454 gcry_sexp_release(in); 455 p = gcry_strerror(e); 456 return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, (char*)p); 457 } 458 gcry_sexp_release(in); 459 460 // Apply the public part of the key to the underlying key structure. 461 r = key_apply_public(gpg); 462 if (r) { 463 return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "private create apply public"); 464 } 465 466 return ERR_OK; 467 } 468 469 static LQStore *key_store_get() { 470 return gpg_key_store; 471 } 472 473 /** 474 * \todo consistent endianness for key length in persistent storage (fwrite) 475 * \todo doc must have enough in path for path + fingerprint hex 476 * \todo check capacity in buffer for both ciphertext, nonce and mac. 477 */ 478 static int key_create_store(struct gpg_store *gpg, const char *passphrase, size_t passphrase_len) { 479 char *p; 480 int r; 481 int kl; 482 char v[LQ_CRYPTO_BUFLEN]; 483 int l; 484 size_t c; 485 size_t m; 486 LQStore *store; 487 LQPubKey *pubk; 488 char nonce[CHACHA20_NONCE_LENGTH_BYTES]; 489 char buf_key[LQ_STORE_KEY_MAX]; 490 char buf_val[LQ_STORE_VAL_MAX]; 491 char ciphertext[LQ_CRYPTO_BUFLEN]; 492 char passphrase_hash[LQ_DIGEST_LEN]; 493 char mac[POLY1305_MAC_LEN]; 494 495 // Initialize to assist debugging. 496 lq_zero(buf_key, LQ_STORE_KEY_MAX); 497 lq_zero(buf_val, LQ_STORE_VAL_MAX); 498 499 // Create the private key and corresponding public key. 500 r = key_create(gpg); 501 if (r) { 502 return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "key create"); 503 } 504 505 // Export the S-expression to a text buffer for saving, canonical formatting 506 kl = gcry_sexp_sprint(gpg->k, GCRYSEXP_FMT_CANON, NULL, 0); 507 m = (size_t)kl + 1; 508 p = (char*)v + sizeof(int); 509 c = 0; 510 kl = gcry_sexp_sprint(gpg->k, GCRYSEXP_FMT_CANON, p, LQ_CRYPTO_BUFLEN - m); 511 m -= (size_t)(kl + 1); 512 c += kl; 513 lq_cpy(v, &c, sizeof(int)); 514 515 // Pad the contents up to the blocksize boundary 516 m = c; 517 c = get_padsize(m, LQ_CRYPTO_BLOCKSIZE); 518 519 // Hash the encryption key to the expected length. 520 r = calculate_digest_algo(passphrase, passphrase_len, passphrase_hash, gpg_passphrase_digest); 521 if (r) { 522 return debug_logerr(LLOG_ERROR, ERR_DIGEST, "passphrase hash"); 523 } 524 525 // Encrypt the payload with the passphrase and nonce. 526 gcry_create_nonce(nonce, CHACHA20_NONCE_LENGTH_BYTES); 527 r = encryptb(ciphertext, c, v, m+sizeof(int), passphrase_hash, nonce); 528 if (r) { 529 return debug_logerr(LLOG_ERROR, ERR_KEY_LOCK, "encrypt private key"); 530 } 531 532 c += CHACHA20_NONCE_LENGTH_BYTES; 533 r = create_mac(mac, passphrase_hash + CHACHA20_KEY_LENGTH_BYTES, v, m+sizeof(int)); 534 if (r) { 535 return debug_logerr(LLOG_ERROR, ERR_CIPHER, "mac generation fail"); 536 return r; 537 } 538 lq_cpy(ciphertext + c, mac, POLY1305_MAC_LEN); 539 540 // Export the key (fingerprint) and value (ciphertext) to put in the store. 541 // (We don't need the inner private key pointer anymore, so we re-use it.) 542 pubk = lq_publickey_new(gpg->public_key); 543 if (pubk == NULL) { 544 return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "publickey"); 545 } 546 gpg = (struct gpg_store*)pubk->impl; 547 lq_cpy(buf_key, gpg->fingerprint, LQ_FP_LEN); 548 lq_cpy(buf_val, nonce, CHACHA20_NONCE_LENGTH_BYTES); 549 lq_cpy(buf_val + CHACHA20_NONCE_LENGTH_BYTES, ciphertext, c); 550 lq_cpy(buf_val + CHACHA20_NONCE_LENGTH_BYTES + c, mac, POLY1305_MAC_LEN); 551 lq_publickey_free(pubk); 552 553 // Retrieve the store. 554 store = key_store_get(); 555 if (store == NULL) { 556 return debug_logerr(LLOG_ERROR, ERR_KEYFILE, "create store"); 557 } 558 559 // Write the ciphertext to the store. 560 l = c + POLY1305_MAC_LEN; 561 c = LQ_FP_LEN; 562 r = store->put(LQ_CONTENT_KEY, store, buf_key, &c, buf_val, l); 563 if (r) { 564 return debug_logerr(LLOG_ERROR, ERR_KEYFILE, "put key in store"); 565 } 566 567 // Check if a main key already exists in the store. 568 // If not, set this one as main. 569 *buf_key = gpg_default_store_key; 570 c = LQ_STORE_VAL_MAX; 571 r = store->get(LQ_CONTENT_KEY, store, buf_key, 1, buf_val, &c); 572 if (r) { 573 if (r != ERR_NOENT) { 574 debug(LLOG_ERROR, "crypto.gcrypt", "no default"); 575 return debug_logerr(LLOG_ERROR, ERR_KEYFILE, "default key"); 576 } 577 c = 1; 578 r = store->put(LQ_CONTENT_KEY, store, buf_key, &c, buf_val, l); 579 if (r) { 580 debug(LLOG_ERROR, "crypto.gcrypt", "fail put default"); 581 return debug_logerr(LLOG_ERROR, ERR_KEYFILE, "write default key"); 582 } 583 } 584 585 return ERR_OK; 586 } 587 588 /// Create a new keypair, encrypted with given passphrase. 589 static LQPrivKey* privatekey_alloc(const char *passphrase, size_t passphrase_len) { 590 int r; 591 LQPrivKey *o; 592 struct gpg_store *gpg; 593 594 // Allocate private key structures. 595 o = lq_alloc(sizeof(LQPrivKey)); 596 if (o == NULL) { 597 return NULL; 598 } 599 gpg = lq_alloc(sizeof(struct gpg_store)); 600 if (gpg == NULL) { 601 lq_free(o); 602 return NULL; 603 } 604 605 // Create the underlying private key. 606 r = key_create_store(gpg, passphrase, passphrase_len); 607 if (r) { 608 lq_free(gpg); 609 lq_free(o); 610 return NULL; 611 } 612 613 // Populate the internal key structure. 614 o->impl = (void*)gpg; 615 o->key_typ = GPG_KEY_TYP; 616 o->key_state = LQ_KEY_INIT; 617 618 // No cleanup = caller must free it. 619 debug_x(LLOG_INFO, "gpg", "created new private key", 1, MORGEL_TYP_BIN, LQ_FP_LEN, "fingerprint", gpg->fingerprint); 620 621 return o; 622 } 623 624 625 /// Implements the interface to create a new private key. 626 LQPrivKey* lq_privatekey_new(const char *passphrase, size_t passphrase_len) { 627 int r; 628 LQPrivKey *o; 629 if (passphrase == NULL) { 630 return NULL; 631 } 632 633 o = privatekey_alloc(passphrase, passphrase_len); 634 if (o == NULL) { 635 return NULL; 636 } 637 r = lq_privatekey_lock(o, passphrase, passphrase_len); 638 if (r) { 639 return NULL; 640 } 641 return o; 642 } 643 644 /// Parse data from buffer as S-expression text representing a key. 645 static int key_from_data(gcry_sexp_t *key, const char *indata, size_t indata_len) { 646 gcry_error_t e; 647 648 e = gcry_sexp_new(key, indata, indata_len, 0); 649 if (e != GPG_ERR_NO_ERROR) { 650 return debug_logerr(LLOG_ERROR, ERR_COMPAT, "not key data"); 651 } 652 return ERR_OK; 653 } 654 655 static int check_ciphertext(const char *buf, size_t buf_len) { 656 return buf_len % (LQ_CRYPTO_BLOCKSIZE + CHACHA20_NONCE_LENGTH_BYTES + POLY1305_MAC_LEN); 657 } 658 659 /// Load a private key from the store's crypto partition. 660 static int key_from_store(struct gpg_store *gpg, const char *passphrase, size_t passphrase_len) { 661 char *nonce; 662 char *p; 663 int r; 664 LQStore *store; 665 char inkey[LQ_FP_LEN]; 666 size_t inkey_len; 667 char out[LQ_CRYPTO_BUFLEN]; 668 char in[LQ_CRYPTO_BUFLEN]; 669 size_t in_len; 670 size_t out_len; 671 char passphrase_hash[LQ_DIGEST_LEN]; 672 673 // Instantiate the store. 674 store = key_store_get(); 675 676 // If a valid fingerprint is found in the gpg structure, 677 // retrieve the key matching that fingerprint. 678 // Otherwise, retrieve the main key. 679 // Or fail if none of them can be found. 680 inkey_len = LQ_FP_LEN; 681 in_len = LQ_CRYPTO_BUFLEN; 682 if (lq_cmp(gpg->fingerprint, gpg_fingerprint_zero, LQ_FP_LEN)) { 683 lq_cpy(inkey, gpg->fingerprint, LQ_FP_LEN); 684 } else { 685 *inkey = gpg_default_store_key; 686 inkey_len = 1; 687 } 688 r = store->get(LQ_CONTENT_KEY, store, inkey, inkey_len, in, &in_len); 689 if (r) { 690 return ERR_NOENT; 691 } 692 693 r = check_ciphertext(in, in_len); 694 if (r) { 695 return debug_logerr(LLOG_ERROR, ERR_CIPHER, "incorrect ciphertext"); 696 } 697 698 // Hash the encryption key to the expected length. 699 r = calculate_digest_algo(passphrase, passphrase_len, passphrase_hash, gpg_passphrase_digest); 700 if (r) { 701 return debug_logerr(LLOG_ERROR, ERR_DIGEST, "passphrase hash"); 702 } 703 704 // Decrypt the private key data from the store 705 // with the provided passphrase and the extracted nonce. 706 nonce = in; 707 p = (char*)in + CHACHA20_NONCE_LENGTH_BYTES; 708 in_len -= CHACHA20_NONCE_LENGTH_BYTES; 709 r = decryptb(out, p, in_len - POLY1305_MAC_LEN, passphrase_hash, nonce); 710 if (r) { 711 return ERR_KEY_UNLOCK; 712 } 713 714 r = verify_mac(p + in_len - POLY1305_MAC_LEN, passphrase_hash + CHACHA20_KEY_LENGTH_BYTES, out, in_len - POLY1305_MAC_LEN); 715 if (r) { 716 return ERR_KEY_UNLOCK; 717 } 718 719 // Attempt to parse and instantiate the key from the decrypted data. 720 out_len = (size_t)(*((int*)out)); 721 p = (char*)(out+sizeof(int)); 722 r = key_from_data(&gpg->k, p, out_len); 723 if (r) { 724 return ERR_KEYFAIL; 725 } 726 727 return ERR_OK; 728 } 729 730 static int gpg_key_load(struct gpg_store *gpg, const char *passphrase, size_t passphrase_len, enum gpg_find_mode_e mode, const void *criteria) { 731 int r; 732 733 switch(mode) { 734 case GPG_FIND_MAIN: 735 r = key_from_store(gpg, passphrase, passphrase_len); 736 if (r) { 737 return debug_logerr(LLOG_WARNING, ERR_KEYFILE, "default key not found"); 738 } 739 break; 740 case GPG_FIND_ORCREATE: 741 r = key_from_store(gpg, passphrase, passphrase_len); 742 if (r == ERR_OK) { 743 break; 744 } 745 if (r != ERR_NOENT) { 746 debug(LLOG_INFO, "gpg", "default decrypt failed"); 747 break; 748 } 749 // if no key could be loaded, attempt to create one. 750 if (!lq_cmp(gpg_fingerprint_zero, gpg->fingerprint, LQ_FP_LEN)) { 751 debug(LLOG_DEBUG, "gpg", "default private key not found, attempting create new"); 752 r = key_create_store(gpg, passphrase, passphrase_len); 753 if (r) { 754 return debug_logerr(LLOG_WARNING, ERR_KEYFILE, "create key when no default found"); 755 } 756 } 757 break; 758 case GPG_FIND_FINGERPRINT: 759 r = key_from_store(gpg, passphrase, passphrase_len); 760 if (r) { 761 return debug_logerr(LLOG_WARNING, ERR_KEYFILE, "fingerprint key not found"); 762 } 763 break; 764 default: 765 return debug_logerr(LLOG_WARNING, ERR_FAIL, NULL); 766 } 767 768 r = key_apply_public(gpg); 769 if (r) { 770 return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "apply public key"); 771 } 772 debug_x(LLOG_INFO, "gpg", "loaded private key", 1, MORGEL_TYP_BIN, LQ_FP_LEN, "fingerprint", gpg->fingerprint); 773 774 return ERR_OK; 775 } 776 777 778 /// Implements the interface to load a private key from storage. 779 LQPrivKey* lq_privatekey_load(const char *passphrase, size_t passphrase_len, const char *fingerprint) { 780 LQPrivKey *pk; 781 enum gpg_find_mode_e m; 782 struct gpg_store *gpg; 783 int r; 784 785 pk = lq_alloc(sizeof(LQPrivKey)); 786 if (pk == NULL) { 787 debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "allocate object"); 788 return NULL; 789 } 790 pk->impl = (struct gpg_store*)lq_alloc(sizeof(struct gpg_store)); 791 if (pk->impl == NULL) { 792 lq_free(pk); 793 debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "allocate internal structure"); 794 return NULL; 795 } 796 lq_zero(pk->impl, sizeof(struct gpg_store)); 797 gpg = (struct gpg_store*)pk->impl; 798 m = default_mode; 799 if (fingerprint != NULL) { 800 lq_cpy(gpg->fingerprint, fingerprint, LQ_FP_LEN); 801 m = GPG_FIND_FINGERPRINT; 802 } 803 r = gpg_key_load(gpg, passphrase, passphrase_len, m, NULL); 804 if (r) { 805 lq_free(pk->impl); 806 lq_free(pk); 807 debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "key load fail"); 808 return NULL; 809 } 810 pk->key_typ = GPG_KEY_TYP; 811 pk->key_state = LQ_KEY_INIT; 812 813 return pk; 814 } 815 816 size_t lq_publickey_bytes(LQPubKey *pubk, char **out) { 817 struct gpg_store *gpg; 818 819 gpg = (struct gpg_store*)pubk->impl; 820 *out = gpg->public_key; 821 return LQ_PUBKEY_LEN; 822 } 823 824 int lq_privatekey_lock(LQPrivKey *pk, const char *passphrase, size_t passphrase_len) { 825 if (pk == NULL) { 826 return ERR_INIT; 827 } 828 if ((pk->key_state & LQ_KEY_LOCK) > 0) { 829 return ERR_NOOP; 830 } 831 pk->key_state |= LQ_KEY_LOCK; 832 return ERR_OK; 833 } 834 835 int lq_privatekey_unlock(LQPrivKey *pk, const char *passphrase, size_t passphrase_len) { 836 char b; 837 838 if (pk == NULL) { 839 return ERR_INIT; 840 } 841 if ((pk->key_state & LQ_KEY_LOCK) == 0) { 842 return ERR_NOOP; 843 } 844 b = LQ_KEY_LOCK; 845 pk->key_state &= ~b; 846 return ERR_OK; 847 } 848 849 // SIGNATURE SECTION 850 // 851 //int sign_with(struct gpg_store *gpg, char *data, size_t data_len, const char *passphrase, const char *fingerprint) { 852 // int r; 853 // size_t c; 854 // gcry_sexp_t pnt; 855 // gcry_sexp_t msg; 856 // gcry_sexp_t sig; 857 // gcry_error_t e; 858 // char *p; 859 // 860 // 861 // if (fingerprint == NULL) { 862 // r = gpg_key_load(gpg, passphrase, KEE_GPG_FIND_MAIN, NULL); 863 // } else { 864 // r = gpg_key_load(gpg, passphrase, KEE_GPG_FIND_FINGERPRINT, fingerprint); 865 // } 866 // if (r) { 867 // return 1; 868 // } 869 // 870 // c = 0; 871 // e = gcry_sexp_build(&msg, &c, "(data(flags eddsa)(hash-algo sha512)(value %b))", 64, gpg->last_data); 872 // if (e != GPG_ERR_NO_ERROR) { 873 // return 1; 874 // } 875 //} 876 877 static int sign(struct gpg_store *gpg, const char *data, size_t data_len, const char *salt) { 878 int r; 879 size_t c; 880 char *p; 881 gcry_sexp_t pnt; 882 gcry_sexp_t msg; 883 gcry_sexp_t sig; 884 gcry_error_t e; 885 886 lq_zero(&e, sizeof(gcry_error_t)); 887 r = calculate_digest_algo(data, data_len, gpg->last_data, GCRY_MD_SHA512); 888 if (r) { 889 return 1; 890 } 891 892 c = 0; 893 e = gcry_sexp_build(&msg, &c, "(data(flags eddsa)(hash-algo sha512)(value %b))", 64, gpg->last_data); 894 if (e != GPG_ERR_NO_ERROR) { 895 return 1; 896 } 897 898 e = gcry_pk_sign(&sig, msg, gpg->k); 899 if (e != GPG_ERR_NO_ERROR) { 900 gcry_sexp_release(msg); 901 return 1; 902 } 903 904 // retrieve r and write it 905 pnt = NULL; 906 pnt = gcry_sexp_find_token(sig, "r", 1); 907 if (pnt == NULL) { 908 gcry_sexp_release(sig); 909 gcry_sexp_release(msg); 910 return ERR_FAIL; 911 } 912 c = LQ_POINT_LEN; 913 p = (char*)gcry_sexp_nth_data(pnt, 1, &c); 914 if (p == NULL) { 915 gcry_sexp_release(pnt); 916 gcry_sexp_release(sig); 917 gcry_sexp_release(msg); 918 return ERR_SIGVALID; 919 } 920 lq_cpy(gpg->last_signature, p, c); 921 922 // retrieve s and write it 923 gcry_sexp_release(pnt); 924 pnt = NULL; 925 pnt = gcry_sexp_find_token(sig, "s", 1); 926 if (pnt == NULL) { 927 gcry_sexp_release(sig); 928 gcry_sexp_release(msg); 929 return ERR_FAIL; 930 } 931 c = LQ_POINT_LEN; 932 p = (char*)gcry_sexp_nth_data(pnt, 1, &c); 933 if (p == NULL) { 934 gcry_sexp_release(pnt); 935 gcry_sexp_release(sig); 936 gcry_sexp_release(msg); 937 return ERR_SIGVALID; 938 } 939 lq_cpy(gpg->last_signature + LQ_POINT_LEN, p, c); 940 gcry_sexp_release(pnt); 941 gcry_sexp_release(sig); 942 gcry_sexp_release(msg); 943 944 return ERR_OK; 945 } 946 947 LQSig* lq_privatekey_sign(LQPrivKey *pk, const char *data, size_t data_len, const char *salt) { 948 int r; 949 struct gpg_store *gpg; 950 LQSig *sig; 951 952 if ((pk->key_state & LQ_KEY_LOCK) > 0) { 953 debug_logerr(LLOG_INFO, ERR_KEY_LOCK, "key locked"); 954 return NULL; 955 } 956 957 gpg = (struct gpg_store*)pk->impl; 958 959 r = sign(gpg, data, data_len, salt); 960 if (r != ERR_OK) { 961 return NULL; 962 } 963 964 sig = lq_alloc(sizeof(LQSig)); 965 sig->pubkey = lq_publickey_from_privatekey(pk); 966 if (sig->pubkey == NULL) { 967 lq_signature_free(sig); 968 return NULL; 969 } 970 sig->impl = lq_alloc(LQ_SIGN_LEN); 971 lq_cpy(sig->impl, gpg->last_signature, LQ_SIGN_LEN); 972 return sig; 973 } 974 975 LQSig* lq_signature_from_bytes(const char *sig_data, size_t sig_len, LQPubKey *pubkey) { 976 size_t r; 977 LQSig *sig; 978 char *pubkey_out; 979 980 if (!lq_cmp(sig_data, zeros, LQ_SIGN_LEN)) { 981 return NULL; 982 } 983 984 sig = lq_alloc(sizeof(LQSig)); 985 lq_zero(sig, sizeof(LQSig)); 986 sig->impl = lq_alloc(LQ_SIGN_LEN); 987 lq_cpy(sig->impl, sig_data, LQ_SIGN_LEN); 988 989 if (pubkey != NULL) { 990 r = lq_publickey_bytes(pubkey, &pubkey_out); 991 if (!r) { 992 return NULL; 993 } 994 sig->pubkey = lq_publickey_new(pubkey_out); 995 } 996 return sig; 997 } 998 999 size_t lq_signature_bytes(LQSig *sig, char **out) { 1000 *out = sig->impl; 1001 return LQ_SIGN_LEN; 1002 } 1003 1004 int lq_signature_verify(LQSig *sig, const char *data, size_t data_len) { 1005 const char *p; 1006 int r; 1007 size_t c; 1008 gcry_mpi_t sig_r; 1009 gcry_mpi_t sig_s; 1010 gcry_error_t e; 1011 gcry_sexp_t sigx; 1012 gcry_sexp_t msgx; 1013 gcry_sexp_t pubkey; 1014 struct gpg_store *gpg; 1015 char digest[LQ_DIGEST_LEN]; 1016 1017 if (sig->pubkey == NULL) { 1018 return ERR_NOENT; 1019 } 1020 1021 gpg = (struct gpg_store*)sig->pubkey->impl; 1022 c = 0; 1023 e = gcry_sexp_build(&pubkey, &c, "(key-data(public-key(ecc(curve Ed25519)(q %b))))", LQ_PUBKEY_LEN, gpg->public_key); 1024 if (e != GPG_ERR_NO_ERROR) { 1025 return ERR_KEYFAIL; 1026 } 1027 1028 c = 0; 1029 e = gcry_mpi_scan(&sig_r, GCRYMPI_FMT_STD, sig->impl, LQ_POINT_LEN, &c); 1030 if (e != GPG_ERR_NO_ERROR) { 1031 p = gcry_strerror(e); 1032 gcry_sexp_release(pubkey); 1033 return debug_logerr(LLOG_INFO, ERR_KEYFAIL, (char*)p); 1034 } 1035 if (c != 32) { 1036 p = gcry_strerror(e); 1037 gcry_mpi_release(sig_r); 1038 gcry_sexp_release(pubkey); 1039 return debug_logerr(LLOG_INFO, ERR_KEYFAIL, (char*)p); 1040 } 1041 1042 c = 0; 1043 e = gcry_mpi_scan(&sig_s, GCRYMPI_FMT_STD, sig->impl + LQ_POINT_LEN, LQ_POINT_LEN, &c); 1044 if (e != GPG_ERR_NO_ERROR) { 1045 p = gcry_strerror(e); 1046 gcry_mpi_release(sig_r); 1047 gcry_sexp_release(pubkey); 1048 return debug_logerr(LLOG_INFO, ERR_KEYFAIL, (char*)p); 1049 } 1050 if (c != 32) { 1051 p = gcry_strerror(e); 1052 gcry_mpi_release(sig_s); 1053 gcry_mpi_release(sig_r); 1054 gcry_sexp_release(pubkey); 1055 return debug_logerr(LLOG_INFO, ERR_KEYFAIL, (char*)p); 1056 } 1057 1058 c = 0; 1059 e = gcry_sexp_build(&sigx, &c, "(sig-val(eddsa(r %m)(s %m)))", sig_r, sig_s); 1060 if (e != GPG_ERR_NO_ERROR) { 1061 p = gcry_strerror(e); 1062 gcry_mpi_release(sig_s); 1063 gcry_mpi_release(sig_r); 1064 gcry_sexp_release(pubkey); 1065 return debug_logerr(LLOG_INFO, ERR_SIGFAIL, (char*)p); 1066 } 1067 gcry_mpi_release(sig_s); 1068 gcry_mpi_release(sig_r); 1069 1070 r = calculate_digest_algo(data, data_len, digest, GCRY_MD_SHA512); 1071 if (r) { 1072 p = gcry_strerror(e); 1073 gcry_sexp_release(sigx); 1074 gcry_sexp_release(pubkey); 1075 return debug_logerr(LLOG_INFO, ERR_DIGEST, (char*)p); 1076 } 1077 1078 c = 0; 1079 e = gcry_sexp_build(&msgx, &c, "(data(flags eddsa)(hash-algo sha512)(value %b))", LQ_DIGEST_LEN, digest); 1080 if (e != GPG_ERR_NO_ERROR) { 1081 p = gcry_strerror(e); 1082 gcry_sexp_release(sigx); 1083 gcry_sexp_release(pubkey); 1084 return debug_logerr(LLOG_INFO, ERR_DIGEST, (char*)p); 1085 } 1086 1087 e = gcry_pk_verify(sigx, msgx, pubkey); 1088 if (e != GPG_ERR_NO_ERROR) { 1089 p = gcry_strerror(e); 1090 gcry_sexp_release(msgx); 1091 gcry_sexp_release(sigx); 1092 gcry_sexp_release(pubkey); 1093 return debug_logerr(LLOG_INFO, ERR_SIGVALID, (char*)p); 1094 } 1095 1096 gcry_sexp_release(msgx); 1097 gcry_sexp_release(sigx); 1098 gcry_sexp_release(pubkey); 1099 1100 return ERR_OK; 1101 } 1102 1103 void lq_privatekey_free(LQPrivKey *pk) { 1104 struct gpg_store *gpg; 1105 1106 gpg = (struct gpg_store*)pk->impl; 1107 gcry_sexp_release(gpg->k); 1108 lq_free(pk->impl); 1109 lq_free(pk); 1110 } 1111 1112 void lq_publickey_free(LQPubKey *pubk) { 1113 struct gpg_store *gpg; 1114 1115 gpg = (struct gpg_store*)pubk->impl; 1116 gcry_sexp_release(gpg->k); 1117 lq_free(pubk->impl); 1118 lq_free(pubk); 1119 } 1120 1121 void lq_signature_free(LQSig *sig) { 1122 if (sig->pubkey != NULL) { 1123 lq_publickey_free(sig->pubkey); 1124 } 1125 if (sig->impl != NULL) { 1126 lq_free(sig->impl); 1127 } 1128 lq_free(sig); 1129 } 1130 1131 LQPubKey* lq_publickey_from_privatekey(LQPrivKey *pk) { 1132 struct gpg_store *gpg; 1133 LQPubKey *pubk; 1134 1135 gpg = (struct gpg_store*)pk->impl; 1136 pubk = lq_publickey_new(gpg->public_key); 1137 1138 return pubk; 1139 } 1140 1141 LQPubKey* lq_publickey_new(const char *full) { 1142 const char *p; 1143 const char *r; 1144 gcry_error_t e; 1145 size_t c; 1146 LQPubKey *pubk; 1147 struct gpg_store *gpg; 1148 1149 gpg = lq_alloc(sizeof(struct gpg_store)); 1150 lq_zero(gpg, sizeof(struct gpg_store)); 1151 lq_cpy(gpg->public_key, full, LQ_PUBKEY_LEN); 1152 1153 pubk = lq_alloc(sizeof(LQPubKey)); 1154 lq_zero(pubk, sizeof(LQPubKey)); 1155 1156 c = 0; 1157 e = gcry_sexp_build(&gpg->k, &c, "(key-data(public-key(ecc(curve Ed25519)(q %b))))", LQ_PUBKEY_LEN, full); 1158 if (e != GPG_ERR_NO_ERROR) { 1159 p = gcry_strerror(e); 1160 debug_logerr(LLOG_DEBUG, ERR_KEYFAIL, (char*)p); 1161 return NULL; 1162 } 1163 1164 r = (char*)gcry_pk_get_keygrip(gpg->k, (unsigned char*)gpg->fingerprint); 1165 if (r == NULL) { 1166 debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "fingerprint fail"); 1167 return NULL; 1168 } 1169 1170 pubk->impl = (void*)gpg; 1171 pubk->key_typ = GPG_KEY_TYP; 1172 pubk->pk = NULL; 1173 1174 return pubk; 1175 } 1176 1177 int lq_publickey_match(LQPubKey *left, LQPubKey *right) { 1178 struct gpg_store *lstore; 1179 struct gpg_store *rstore; 1180 1181 if (left == NULL) { 1182 return ERR_NONSENSE; 1183 } 1184 if (right == NULL) { 1185 return ERR_NONSENSE; 1186 } 1187 lstore = (struct gpg_store*)left->impl; 1188 rstore = (struct gpg_store*)right->impl; 1189 1190 if (lq_cmp(lstore->fingerprint, rstore->fingerprint, LQ_PUBKEY_LEN)) { 1191 return ERR_FAIL; 1192 } 1193 1194 return ERR_OK; 1195 } 1196 1197 size_t lq_publickey_fingerprint(LQPubKey* pubk, char **out) { 1198 struct gpg_store *gpg; 1199 1200 gpg = (struct gpg_store*)pubk->impl; 1201 *out = gpg->fingerprint; 1202 return LQ_FP_LEN; 1203 } 1204 1205 void lq_crypto_free() { 1206 //lq_store_free((void*)gpg_key_store); 1207 gpg_key_store->free(gpg_key_store); 1208 gpg_key_store = NULL; 1209 gpg_version = NULL; 1210 } 1211 1212 #endif