libqaeda

Unnamed repository; edit this file 'description' to name the repository.
Info | Log | Files | Refs | README | LICENSE

gcrypt.c (25981B)


      1 #ifdef LQ_GPG
      2 
      3 #define GPG_MIN_VERSION "1.10.2"
      4 #define GPG_KEY_TYP 1
      5 
      6 #include <gcrypt.h>
      7 #include <rerr.h>
      8 #include <llog.h>
      9 #include <hex.h>
     10 
     11 #include "lq/crypto.h"
     12 #include "lq/io.h"
     13 #include "lq/mem.h"
     14 #include "lq/config.h"
     15 #include "lq/err.h"
     16 #include "lq/store.h"
     17 #include "debug.h"
     18 
     19 #define CHACHA20_KEY_LENGTH_BYTES 32
     20 #define CHACHA20_NONCE_LENGTH_BYTES 12
     21 
     22 /// Lookup mode for key in store.
     23 enum gpg_find_mode_e {
     24 	GPG_FIND_MAIN, ///< Use default key filename.
     25 	GPG_FIND_ORCREATE, ///< Create a new key if not found.
     26 	GPG_FIND_FINGERPRINT, ///< Load only the key matching the fingerprint.
     27 };
     28 
     29 /**
     30  * gcrypt implementation of the crypto interface.
     31  *
     32  * The same structure is used in both LQPrivKey and LQPubKey.
     33  *
     34  */
     35 struct gpg_store {
     36 	gcry_sexp_t k; ///< S-expression representing the current object type.
     37 	char fingerprint[LQ_FP_LEN]; ///< Fingerprint, used for LQPubKey.
     38 	char public_key[LQ_PUBKEY_LEN]; ///< Literal, uncompressed public key bytes. Used in LQPubKey.
     39 	char last_signature[LQ_SIGN_LEN]; ///< Stores the latest signature data generated by lq_privatekey_sign.
     40 	char last_data[LQ_DIGEST_LEN]; ///< Stores the last digest data that was signed using lq_privatekey_sign.
     41 };
     42 
     43 /// store gpg library version.
     44 static char *gpg_version = NULL;
     45 
     46 /// directory holding crypto keys.
     47 static int gpg_cfg_idx_dir;
     48 
     49 /// default digest id.
     50 static int gpg_passphrase_digest = GCRY_MD_SHA256;
     51 
     52 /// digest length of hashed password.
     53 static int gpg_passphrase_digest_len;
     54 
     55 /// zero fp value
     56 const static char gpg_fingerprint_zero[LQ_FP_LEN];
     57 
     58 const static char gpg_default_store_key;
     59 
     60 static LQStore *gpg_key_store;
     61 
     62 /**
     63  * Verifies that installed gpg version is supported.
     64  * Sets up crypto keys dir and sets passphrase digest length.
     65  *
     66  * \todo replace path massage with cwalk lib
     67  */
     68 int lq_crypto_init(const char *base) {
     69 	int r;
     70 	int l = 0;
     71 	char *p;
     72 	char path[LQ_PATH_MAX];
     73 
     74 	lq_zero(path, LQ_PATH_MAX);
     75 	if (gpg_version == NULL) {
     76 		gpg_version = (char*)gcry_check_version(GPG_MIN_VERSION);
     77 		if (gpg_version == NULL) {
     78 			return debug_logerr(LLOG_ERROR, ERR_NOCRYPTO, "broken");
     79 		}
     80 		gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
     81 		if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
     82 			return debug_logerr(LLOG_ERROR, ERR_NOCRYPTO, "init gcrypt");
     83 		}
     84 	}
     85 	debug_x(LLOG_DEBUG, "gpg", "using gpg", 1, MORGEL_TYP_STR, 0, "version", gpg_version);
     86 
     87 	//gpg_passphrase_digest_len = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
     88 	gpg_passphrase_digest_len = gcry_md_get_algo_dlen(GCRY_MD_SHA512);
     89 	gpg_cfg_idx_dir = lq_config_register(LQ_TYP_STR, "CRYPTODIR");
     90 
     91 	p = path;
     92 	l = strlen(base);
     93 	lq_cpy(p, base, l);
     94 	if (path[l] != '/') {
     95 		path[l] = '/';
     96 		path[l+1] = 0;
     97 	}
     98 
     99 	r = lq_config_set(gpg_cfg_idx_dir, path);
    100 	if (r) {
    101 		return ERR_FAIL;
    102 	}
    103 	gpg_key_store = lq_store_new(path);
    104 	if (gpg_key_store == NULL) {
    105 		return ERR_STORE_AVAIL;
    106 	}
    107 
    108 	return ERR_OK;
    109 }
    110 
    111 size_t get_padsize(size_t insize, size_t blocksize) {
    112 	size_t c;
    113 	size_t l;
    114 	size_t m;
    115 
    116 	c = insize + 1;
    117 	l = c / blocksize;
    118 	m = c % blocksize;
    119 	if (m) {
    120 		l++;
    121 	}
    122 	return l * blocksize;
    123 }
    124 
    125 static void padb(char *data, size_t outsize, size_t insize) {
    126 	gcry_randomize(data + insize, outsize - insize, GCRY_STRONG_RANDOM);
    127 }
    128 
    129 static void pad(char *indata_raw, size_t outsize, const char *indata) { //std::string indata) {
    130 	int l;
    131 
    132 	strcpy(indata_raw, indata);
    133 	l = strlen(indata) + 1;
    134 	padb(indata_raw, outsize, l);
    135 }
    136 
    137 static int create_handle(gcry_cipher_hd_t *h, const char *key, const char *nonce) {
    138 	const char *p;
    139 	gcry_error_t e;
    140 
    141 	e = gcry_cipher_open(h, GCRY_CIPHER_CHACHA20, GCRY_CIPHER_MODE_POLY1305, GCRY_CIPHER_SECURE);
    142 	if (e) {
    143 		p = gcry_strerror(e);
    144 		return debug_logerr(LLOG_ERROR, ERR_FAIL, (char*)p);
    145 	}
    146 	e = gcry_cipher_setkey(*h, key, CHACHA20_KEY_LENGTH_BYTES);
    147 	if (e) {
    148 		return ERR_FAIL;
    149 	}
    150 	e = gcry_cipher_setiv(*h, nonce, CHACHA20_NONCE_LENGTH_BYTES);
    151 	if (e) {
    152 		return ERR_FAIL;
    153 	}
    154 	return ERR_OK;
    155 }
    156 
    157 
    158 static void free_handle(gcry_cipher_hd_t *h) {
    159 	gcry_cipher_close(*h);
    160 }
    161 
    162 int encryptb (char *ciphertext, size_t ciphertext_len, const char *indata, size_t indata_len, const char *key, const char *nonce) {
    163 	const char *p;
    164 	int r;
    165 	gcry_cipher_hd_t h;
    166 	gcry_error_t e;
    167 	char indata_raw[ciphertext_len];
    168 
    169 	r = create_handle(&h, key, nonce);
    170 	if (r) {
    171 		return debug_logerr(LLOG_ERROR, ERR_CIPHER, "encrypt handle (bin)");
    172 	}
    173 	lq_cpy(indata_raw, indata, indata_len);
    174 	padb(indata_raw, ciphertext_len, indata_len);
    175 	e = gcry_cipher_encrypt(h, (unsigned char*)ciphertext, ciphertext_len, (const unsigned char*)indata_raw, ciphertext_len);
    176 	if (e) {
    177 		free_handle(&h);
    178 		p = gcry_strerror(e);
    179 		return debug_logerr(LLOG_ERROR, ERR_CIPHER, (char*)p);
    180 	}
    181 
    182 	free_handle(&h);
    183 
    184 	return ERR_OK;
    185 }
    186 
    187 int encrypt(char *ciphertext, size_t ciphertext_len, const char *indata, const char *key, const char *nonce) {
    188 	char *p;
    189 	int r;
    190 	gcry_cipher_hd_t h;
    191 	gcry_error_t e;
    192 	char indata_raw[ciphertext_len];
    193 
    194 	r = create_handle(&h, key, nonce);
    195 	if (r) {
    196 		return debug_logerr(LLOG_ERROR, ERR_CIPHER, "encrypt handle (str)");
    197 	}
    198 
    199 	pad(indata_raw, ciphertext_len, indata);
    200 	e = gcry_cipher_encrypt(h, (unsigned char*)ciphertext, ciphertext_len, (const unsigned char*)indata_raw, ciphertext_len);
    201 	if (e) {
    202 		free_handle(&h);
    203 		p = (char*)gcry_strerror(e);
    204 		return debug_logerr(LLOG_ERROR, ERR_CIPHER, p);
    205 	}
    206 
    207 	free_handle(&h);
    208 
    209 	return ERR_OK;
    210 }
    211 
    212 int decryptb(char *outdata, const char *ciphertext, size_t ciphertext_len, const char *key, const char *nonce) {
    213 	char *p;
    214 	int r;
    215 	gcry_cipher_hd_t h;
    216 	gcry_error_t e;
    217 
    218 	r = create_handle(&h, key, nonce);
    219 	if (r) {
    220 		return debug_logerr(LLOG_ERROR, ERR_CIPHER, "decrypt handle (bin)");
    221 	}
    222 
    223 	e = gcry_cipher_decrypt(h, outdata, ciphertext_len, ciphertext, ciphertext_len);
    224 	if (e) {
    225 		free_handle(&h);
    226 		p = (char*)gcry_strerror(e);
    227 		return debug_logerr(LLOG_ERROR, ERR_CIPHER, p);
    228 	}
    229 
    230 	free_handle(&h);
    231 
    232 	return ERR_OK;
    233 }
    234 
    235 int decrypt(char *outdata, const char *ciphertext, size_t ciphertext_len, const char *key, const char *nonce) {
    236 	char *p;
    237 	int r;
    238 	gcry_cipher_hd_t h;
    239 	gcry_error_t e;
    240 
    241 	r = create_handle(&h, key, nonce);
    242 	if (r) {
    243 		return debug_logerr(LLOG_ERROR, ERR_CIPHER, "decrypt handle (str)");
    244 	}
    245 
    246 	e = gcry_cipher_decrypt(h, outdata, ciphertext_len, ciphertext, ciphertext_len);
    247 	if (e) {
    248 		free_handle(&h);
    249 		p = (char*)gcry_strerror(e);
    250 		return debug_logerr(LLOG_ERROR, ERR_CIPHER, p);
    251 	}
    252 
    253 	free_handle(&h);
    254 
    255 	return ERR_OK;
    256 }
    257 
    258 
    259 // DIGEST SECTION
    260 
    261 /// Calculate a digest according to the specified algo.
    262 static int calculate_digest_algo(const char *in, size_t in_len, char *out, enum gcry_md_algos algo) {
    263 	gcry_error_t e;
    264 	gcry_md_hd_t h;
    265 	unsigned char *v;
    266 	static unsigned int digest_len;
    267 
    268 	if (algo == GCRY_MD_NONE) {
    269 		algo = GCRY_MD_SHA512;
    270 	}
    271 
    272 	e = gcry_md_open(&h, algo, GCRY_MD_FLAG_SECURE);
    273 	if (e) {
    274 		return ERR_ENCODING;
    275 	}
    276 	e = gcry_md_enable(h, algo);
    277 	if (e) {
    278 		return ERR_COMPAT;
    279 	}
    280 	digest_len = gcry_md_get_algo_dlen(algo);
    281 
    282 	gcry_md_write(h, in, in_len);
    283 	v = gcry_md_read(h, 0);
    284 	lq_cpy(out, v, digest_len);
    285 	gcry_md_close(h);
    286 	return ERR_OK;
    287 }
    288 
    289 /// Calculate digest using the default hashing algorithm (SHA256)
    290 /// using the gcrypt library.
    291 int lq_digest(const char *in, size_t in_len, char *out) {
    292 	return calculate_digest_algo(in, in_len, out, GCRY_MD_NONE);
    293 }
    294 
    295 
    296 /// Apply public key to the gpg_store struct.
    297 static int key_apply_public(struct gpg_store *gpg) {
    298 	char *p;
    299 	size_t c;
    300 	gcry_sexp_t one;
    301 	gcry_sexp_t two;
    302 
    303 	one = gcry_sexp_find_token(gpg->k, "public-key", 10);
    304 	if (one == NULL) {
    305 		return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "sexp pubkey");
    306 	}
    307 	two = gcry_sexp_find_token(one, "q", 1);
    308 	if (two == NULL) {
    309 		gcry_sexp_release(one);
    310 		return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "sexp q");
    311 	}
    312 	c = LQ_PUBKEY_LEN;
    313 	p = (char*)gcry_sexp_nth_data(two, 1, &c);
    314 	if (p == NULL) {
    315 		gcry_sexp_release(two);
    316 		gcry_sexp_release(one);
    317 		return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "sexp first data");
    318 	}
    319 
    320 	lq_cpy(gpg->public_key, p, LQ_PUBKEY_LEN);
    321 	gcry_sexp_release(two);
    322 	gcry_sexp_release(one);
    323 	p = (char*)gcry_pk_get_keygrip(gpg->k, (unsigned char*)gpg->fingerprint);
    324 	if (p == NULL) {
    325 		return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "pubkey fingerprint");
    326 	}
    327 
    328 	return ERR_OK;
    329 }
    330 
    331 /// Create a new gcrypt keypair.
    332 static int key_create(struct gpg_store *gpg) {
    333 	int r;
    334 	const char *p;
    335 	const char *sexp_quick = "(genkey(ecc(flags eddsa)(curve Ed25519)))";
    336 	gcry_sexp_t in;
    337 	gcry_error_t e;
    338 
    339 	// Set up parameters for key creation.
    340 	e = gcry_sexp_new(&in, (const void*)sexp_quick, strlen(sexp_quick), 0);
    341 	if (e) {
    342 		p = gcry_strerror(e);
    343 		return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, (char*)p);
    344 	}
    345 
    346 	// Generate a new key with the given parameters.
    347 	e = gcry_pk_genkey(&gpg->k, in);
    348 	if (e) {
    349 		gcry_sexp_release(in);
    350 		p = gcry_strerror(e);
    351 		return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, (char*)p);
    352 	}
    353 	gcry_sexp_release(in);
    354 
    355 	// Apply the public part of the key to the underlying key structure.
    356 	r = key_apply_public(gpg);
    357 	if (r) {
    358 		return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "private create apply public");
    359 	}
    360 
    361 	return ERR_OK;
    362 }
    363 
    364 // Create a new store instance using the crypto partition path
    365 // set in the configuration.
    366 // Caller must free it.
    367 LQStore *key_store_get() {
    368 //	int r;
    369 //	char *p;
    370 
    371 //	r = lq_config_get(gpg_cfg_idx_dir, (void**)&p);
    372 //	if (r) {
    373 //		return NULL;
    374 //	}
    375 //	return lq_store_new(p);
    376 	return gpg_key_store;
    377 }
    378 
    379 /**
    380  * \todo consistent endianness for key length in persistent storage (fwrite)
    381  * \todo doc must have enough in path for path + fingerprint hex
    382  *
    383  */
    384 static int key_create_store(struct gpg_store *gpg, const char *passphrase, size_t passphrase_len) {
    385 	char *p;
    386 	int r;
    387 	int kl;
    388 	char v[LQ_CRYPTO_BUFLEN];
    389 	int l;
    390 	size_t c;
    391 	size_t m;
    392 	LQStore *store;
    393 	LQPubKey *pubk;
    394 	char nonce[CHACHA20_NONCE_LENGTH_BYTES];
    395 	char buf_key[LQ_STORE_KEY_MAX];
    396 	char buf_val[LQ_STORE_VAL_MAX];
    397 	char ciphertext[LQ_CRYPTO_BUFLEN];
    398 	char passphrase_hash[LQ_DIGEST_LEN];
    399 
    400 	// Create the private key and corresponding public key.
    401 	r = key_create(gpg);
    402 	if (r) {
    403 		return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "key create");
    404 	}
    405 	
    406 	// Export the S-expression to a text buffer for saving, canonical formatting
    407 	kl = gcry_sexp_sprint(gpg->k, GCRYSEXP_FMT_CANON, NULL, 0);
    408 	m = (size_t)kl + 1;
    409 	p = (char*)v + sizeof(int);
    410 	c = 0;
    411 	kl = gcry_sexp_sprint(gpg->k, GCRYSEXP_FMT_CANON, p, LQ_CRYPTO_BUFLEN - m);
    412 	m -= (size_t)(kl + 1);
    413 	c += kl;
    414 	lq_cpy(v, &c, sizeof(int));
    415 
    416 	// Pad the contents up to the blocksize boundary
    417 	m = c;
    418 	c = get_padsize(m, LQ_CRYPTO_BLOCKSIZE);
    419 
    420 	// Hash the encryption key to the expected length.
    421 	r = calculate_digest_algo(passphrase, passphrase_len, passphrase_hash, gpg_passphrase_digest);
    422 	if (r) {
    423 		return debug_logerr(LLOG_ERROR, ERR_DIGEST, "passphrase hash");
    424 	}
    425 
    426 	// Encrypt the payload with the passphrase and nonce.
    427 	gcry_create_nonce(nonce, CHACHA20_NONCE_LENGTH_BYTES);
    428 	r = encryptb(ciphertext, c, v, m+sizeof(int), passphrase_hash, nonce);
    429 	if (r) {
    430 		return debug_logerr(LLOG_ERROR, ERR_KEY_LOCK, "encrypt private key");
    431 	}
    432 
    433 	// Export the key (fingerprint) and value (ciphertext) to put in the store.
    434 	// (We don't need the inner private key pointer anymore, so we re-use it.)
    435 	pubk = lq_publickey_new(gpg->public_key);
    436 	if (pubk == NULL) {
    437 		return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "publickey");
    438 	}
    439 	gpg = (struct gpg_store*)pubk->impl;
    440 	lq_cpy(buf_key, gpg->fingerprint, LQ_FP_LEN);
    441 	lq_cpy(buf_val, nonce, CHACHA20_NONCE_LENGTH_BYTES);
    442 	lq_cpy(buf_val + CHACHA20_NONCE_LENGTH_BYTES, ciphertext, c);
    443 	lq_publickey_free(pubk);
    444 
    445 	// Retrieve the store.
    446 	store = key_store_get();
    447 	if (store == NULL) {
    448 		return debug_logerr(LLOG_ERROR, ERR_KEYFILE, "create store");
    449 	}
    450 
    451 	// Write the ciphertext to the store.	
    452 	l = c + CHACHA20_NONCE_LENGTH_BYTES;
    453 	c = LQ_FP_LEN;
    454 	r = store->put(LQ_CONTENT_KEY, store, buf_key, &c, buf_val, l);
    455 	if (r) {
    456 		return debug_logerr(LLOG_ERROR, ERR_KEYFILE, "put key in store");
    457 	}
    458 
    459 	// Check if a main key already exists in the store.
    460 	// If not, set this one as main.
    461 	*buf_key = gpg_default_store_key;
    462 	c = LQ_STORE_VAL_MAX; 
    463 	r = store->get(LQ_CONTENT_KEY, store, buf_key, 1, buf_val, &c);
    464 	if (r) {
    465 		if (r != ERR_NOENT) {
    466 			debug(LLOG_ERROR, "crypto.gcrypt", "no default");
    467 			return debug_logerr(LLOG_ERROR, ERR_KEYFILE, "default key");
    468 		}
    469 		c = 1;
    470 		r = store->put(LQ_CONTENT_KEY, store, buf_key, &c, buf_val, l);
    471 		if (r) {
    472 			debug(LLOG_ERROR, "crypto.gcrypt", "fail put default");
    473 			return debug_logerr(LLOG_ERROR, ERR_KEYFILE, "write default key");
    474 		}
    475 	}
    476 
    477 	return ERR_OK;
    478 }
    479 
    480 /// Create a new keypair, encrypted with given passphrase.
    481 static LQPrivKey* privatekey_alloc(const char *passphrase, size_t passphrase_len) {
    482 	int r;
    483 	LQPrivKey *o;
    484 	struct gpg_store *gpg;
    485 
    486 	// Allocate private key structures.
    487 	o = lq_alloc(sizeof(LQPrivKey));
    488 	if (o == NULL) {
    489 		return NULL;
    490 	}
    491 	gpg = lq_alloc(sizeof(struct gpg_store));
    492 	if (gpg == NULL) {
    493 		lq_free(o);
    494 		return NULL;
    495 	}
    496 
    497 	// Create the underlying private key.
    498 	r = key_create_store(gpg, passphrase, passphrase_len);
    499 	if (r) {
    500 		lq_free(gpg);
    501 		lq_free(o);
    502 		return NULL;
    503 	}
    504 
    505 	// Populate the internal key structure.
    506 	o->impl = (void*)gpg;
    507 	o->key_typ = GPG_KEY_TYP;
    508 	o->key_state = LQ_KEY_INIT;
    509 
    510 	// No cleanup = caller must free it.
    511 	debug_x(LLOG_INFO, "gpg", "created new private key", 1, MORGEL_TYP_BIN, LQ_FP_LEN, "fingerprint", gpg->fingerprint);
    512 
    513 	return o;
    514 }
    515 
    516 
    517 /// Implements the interface to create a new private key.
    518 LQPrivKey* lq_privatekey_new(const char *passphrase, size_t passphrase_len) {
    519 	int r;
    520 	LQPrivKey *o;
    521 	if (passphrase == NULL) {
    522 		return NULL;
    523 	}
    524 
    525 	o = privatekey_alloc(passphrase, passphrase_len);
    526 	if (o == NULL) {
    527 		return NULL;
    528 	}
    529 	r = lq_privatekey_lock(o, passphrase, passphrase_len);
    530 	if (r) {
    531 		return NULL;
    532 	}
    533 	return o;	
    534 }
    535 
    536 /// Parse data from buffer as S-expression text representing a key.
    537 static int key_from_data(gcry_sexp_t *key, const char *indata, size_t indata_len) {
    538 	gcry_error_t e;
    539 
    540 	e = gcry_sexp_new(key, indata, indata_len, 0);
    541 	if (e != GPG_ERR_NO_ERROR) {
    542 		return debug_logerr(LLOG_ERROR, ERR_COMPAT, "not key data");
    543 	}
    544 	return ERR_OK;
    545 }
    546 
    547 /// Load a private key from the store's crypto partition.
    548 static int key_from_store(struct gpg_store *gpg, const char *passphrase, size_t passphrase_len) {
    549 	char *nonce;
    550 	char *p;
    551 	int r;
    552 	LQStore *store;
    553 	char inkey[LQ_FP_LEN];
    554 	size_t inkey_len;
    555 	char out[LQ_CRYPTO_BUFLEN];
    556 	char in[LQ_CRYPTO_BUFLEN];
    557 	size_t in_len;
    558 	size_t out_len;
    559 	char passphrase_hash[LQ_DIGEST_LEN];
    560 
    561 	// Instantiate the store.
    562 	store = key_store_get();
    563 
    564 	// If a valid fingerprint is found in the gpg structure,
    565 	// retrieve the key matching that fingerprint.
    566 	// Otherwise, retrieve the main key.
    567 	// Or fail if none of them can be found.
    568 	inkey_len = LQ_FP_LEN;
    569 	in_len = LQ_CRYPTO_BUFLEN;
    570 	if (lq_cmp(gpg->fingerprint, gpg_fingerprint_zero, LQ_FP_LEN)) {
    571 		lq_cpy(inkey, gpg->fingerprint, LQ_FP_LEN);	
    572 	} else {
    573 		*inkey = gpg_default_store_key;
    574 		inkey_len = 1;
    575 	}
    576 	r = store->get(LQ_CONTENT_KEY, store, inkey, inkey_len, in, &in_len);
    577 	if (r) {
    578 		return ERR_NOENT;
    579 	}
    580 
    581 	// Hash the encryption key to the expected length.
    582 	r = calculate_digest_algo(passphrase, passphrase_len, passphrase_hash, gpg_passphrase_digest);
    583 	if (r) {
    584 		return debug_logerr(LLOG_ERROR, ERR_DIGEST, "passphrase hash");
    585 	}
    586 
    587 	// Decrypt the private key data from the store
    588 	// with the provided passphrase and the extracted nonce.
    589 	nonce = in;
    590 	p = (char*)in + CHACHA20_NONCE_LENGTH_BYTES;
    591 	in_len -= CHACHA20_NONCE_LENGTH_BYTES;
    592 	r = decryptb(out, p, in_len, passphrase_hash, nonce);
    593 	if (r) {
    594 		return ERR_KEY_UNLOCK;
    595 	}
    596 
    597 	// Attempt to parse and instantiate the key from the decrypted data.
    598 	out_len = (size_t)(*((int*)out));
    599 	p = (char*)(out+sizeof(int));
    600 	r = key_from_data(&gpg->k, p, out_len);
    601 	if (r) {
    602 		return ERR_KEYFAIL;
    603 	}
    604 
    605 	return ERR_OK;
    606 }
    607 
    608 static int gpg_key_load(struct gpg_store *gpg, const char *passphrase, size_t passphrase_len, enum gpg_find_mode_e mode, const void *criteria) {
    609 	int r;
    610 
    611 	switch(mode) {
    612 		case GPG_FIND_MAIN:
    613 			r = key_from_store(gpg, passphrase, passphrase_len);
    614 			if (r) {
    615 				return debug_logerr(LLOG_WARNING, ERR_KEYFILE, "default key not found");
    616 			}
    617 			break;
    618 		case GPG_FIND_ORCREATE:
    619 			r = key_from_store(gpg, passphrase, passphrase_len);
    620 			if (r == ERR_OK) {
    621 				break;
    622 			}
    623 			// if no key could be loaded, attempt to create one.
    624 			if (!lq_cmp(gpg_fingerprint_zero, gpg->fingerprint, LQ_FP_LEN)) {
    625 				debug(LLOG_DEBUG, "gpg", "default private key not found, attempting create new");
    626 				r = key_create_store(gpg, passphrase, passphrase_len);
    627 				if (r) {
    628 					return debug_logerr(LLOG_WARNING, ERR_KEYFILE, "create key when no default found");
    629 				}
    630 			}
    631 			break;
    632 		case GPG_FIND_FINGERPRINT:
    633 			r = key_from_store(gpg, passphrase, passphrase_len);
    634 			if (r) {
    635 				return debug_logerr(LLOG_WARNING, ERR_KEYFILE, "fingerprint key not found");
    636 			}
    637 			break;
    638 		default:
    639 			return debug_logerr(LLOG_WARNING, ERR_FAIL, NULL);
    640 	}
    641 
    642 	r = key_apply_public(gpg);
    643 	if (r) {
    644 		return debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "apply public key");
    645 	}
    646 	debug_x(LLOG_INFO, "gpg", "loaded private key", 1, MORGEL_TYP_BIN, LQ_FP_LEN, "fingerprint", gpg->fingerprint);
    647 	
    648 	return ERR_OK;
    649 }
    650 
    651 
    652 /// Implements the interface to load a private key from storage.
    653 LQPrivKey* lq_privatekey_load(const char *passphrase, size_t passphrase_len, const char *fingerprint) {
    654 	LQPrivKey *pk;
    655 	enum gpg_find_mode_e m;
    656 	struct gpg_store *gpg;
    657 	int r;
    658 	
    659 	pk = lq_alloc(sizeof(LQPrivKey));
    660 	if (pk == NULL) {
    661 		debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "allocate object");
    662 		return NULL;
    663 	}
    664 	pk->impl = (struct gpg_store*)lq_alloc(sizeof(struct gpg_store));
    665 	if (pk->impl == NULL) {
    666 		lq_free(pk);
    667 		debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "allocate internal structure");
    668 		return NULL;
    669 	}
    670 	lq_zero(pk->impl, sizeof(struct gpg_store));
    671 	gpg = (struct gpg_store*)pk->impl;
    672 	m = GPG_FIND_ORCREATE;
    673 	if (fingerprint != NULL) {
    674 		lq_cpy(gpg->fingerprint, fingerprint, LQ_FP_LEN);
    675 		m = GPG_FIND_FINGERPRINT;
    676 	}
    677 	r = gpg_key_load(gpg, passphrase, passphrase_len, m, NULL);
    678 	if (r) {
    679 		lq_free(pk->impl);
    680 		lq_free(pk);
    681 		debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "key load fail");
    682 		return NULL;	
    683 	}
    684 	pk->key_typ = GPG_KEY_TYP;
    685 	pk->key_state = LQ_KEY_INIT;
    686 
    687 	return pk;
    688 }
    689 
    690 size_t lq_publickey_bytes(LQPubKey *pubk, char **out) {
    691 	struct gpg_store *gpg;
    692 
    693 	gpg = (struct gpg_store*)pubk->impl;
    694 	*out = gpg->public_key;
    695 	return LQ_PUBKEY_LEN;
    696 }
    697 
    698 int lq_privatekey_lock(LQPrivKey *pk, const char *passphrase, size_t passphrase_len) {
    699 	if (pk == NULL) {
    700 		return ERR_INIT;
    701 	}
    702 	if ((pk->key_state & LQ_KEY_LOCK) > 0) {
    703 		return ERR_NOOP;
    704 	}
    705 	pk->key_state |= LQ_KEY_LOCK;
    706 	return ERR_OK;
    707 }
    708 
    709 int lq_privatekey_unlock(LQPrivKey *pk, const char *passphrase, size_t passphrase_len) {
    710 	char b;
    711 
    712 	if (pk == NULL) {
    713 		return ERR_INIT;
    714 	}
    715 	if ((pk->key_state & LQ_KEY_LOCK) == 0) {
    716 		return ERR_NOOP;
    717 	}
    718 	b = LQ_KEY_LOCK;
    719 	pk->key_state &= ~b;
    720 	return ERR_OK;
    721 }
    722 
    723 // SIGNATURE SECTION
    724 //
    725 //int sign_with(struct gpg_store *gpg, char *data, size_t data_len, const char *passphrase, const char *fingerprint) {
    726 //	int r;
    727 //	size_t c;
    728 //	gcry_sexp_t pnt;
    729 //	gcry_sexp_t msg;
    730 //	gcry_sexp_t sig;
    731 //	gcry_error_t e;
    732 //	char *p;
    733 //
    734 //
    735 //	if (fingerprint == NULL) {
    736 //		r = gpg_key_load(gpg, passphrase, KEE_GPG_FIND_MAIN, NULL);
    737 //	} else {
    738 //		r = gpg_key_load(gpg, passphrase, KEE_GPG_FIND_FINGERPRINT, fingerprint);
    739 //	}
    740 //	if (r) {
    741 //		return 1;
    742 //	}
    743 //		 
    744 //	c = 0;
    745 //	e = gcry_sexp_build(&msg, &c, "(data(flags eddsa)(hash-algo sha512)(value %b))", 64, gpg->last_data);
    746 //	if (e != GPG_ERR_NO_ERROR) {
    747 //		return 1;
    748 //	}
    749 //}
    750 
    751 static int sign(struct gpg_store *gpg, const char *data, size_t data_len, const char *salt) {
    752 	int r;
    753 	size_t c;
    754 	char *p;
    755 	gcry_sexp_t pnt;
    756 	gcry_sexp_t msg;
    757 	gcry_sexp_t sig;
    758 	gcry_error_t e;
    759 
    760 	lq_zero(&e, sizeof(gcry_error_t));
    761 	r = calculate_digest_algo(data, data_len, gpg->last_data, GCRY_MD_SHA512);
    762 	if (r) {
    763 		return 1;
    764 	}
    765 
    766 	c = 0;
    767 	e = gcry_sexp_build(&msg, &c, "(data(flags eddsa)(hash-algo sha512)(value %b))", 64, gpg->last_data);
    768 	if (e != GPG_ERR_NO_ERROR) {
    769 		return 1;
    770 	}
    771 
    772 	e = gcry_pk_sign(&sig, msg, gpg->k);
    773 	if (e != GPG_ERR_NO_ERROR) {
    774 		gcry_sexp_release(msg);
    775 		return 1;
    776 	}
    777 
    778 	// retrieve r and write it
    779 	pnt = NULL;
    780 	pnt = gcry_sexp_find_token(sig, "r", 1);
    781 	if (pnt == NULL) {
    782 		gcry_sexp_release(sig);
    783 		gcry_sexp_release(msg);
    784 		return ERR_FAIL;
    785 	}
    786 	c = LQ_POINT_LEN;
    787 	p = (char*)gcry_sexp_nth_data(pnt, 1, &c);
    788 	if (p == NULL) {
    789 		gcry_sexp_release(pnt);
    790 		gcry_sexp_release(sig);
    791 		gcry_sexp_release(msg);
    792 		return ERR_SIGVALID;
    793 	}
    794 	lq_cpy(gpg->last_signature, p, c);
    795 
    796 	// retrieve s and write it
    797 	gcry_sexp_release(pnt);
    798 	pnt = NULL;
    799 	pnt = gcry_sexp_find_token(sig, "s", 1);
    800 	if (pnt == NULL) {
    801 		gcry_sexp_release(sig);
    802 		gcry_sexp_release(msg);
    803 		return ERR_FAIL;
    804 	}
    805 	c = LQ_POINT_LEN;
    806 	p = (char*)gcry_sexp_nth_data(pnt, 1, &c);
    807 	if (p == NULL) {
    808 		gcry_sexp_release(pnt);
    809 		gcry_sexp_release(sig);
    810 		gcry_sexp_release(msg);
    811 		return ERR_SIGVALID;
    812 	}
    813 	lq_cpy(gpg->last_signature + LQ_POINT_LEN, p, c);
    814 	gcry_sexp_release(pnt);
    815 	gcry_sexp_release(sig);
    816 	gcry_sexp_release(msg);
    817 
    818 	return ERR_OK;
    819 }
    820 
    821 LQSig* lq_privatekey_sign(LQPrivKey *pk, const char *data, size_t data_len, const char *salt) {
    822 	int r;
    823 	struct gpg_store *gpg;
    824 	LQSig *sig;
    825 	char digest[LQ_DIGEST_LEN];
    826 
    827 	if ((pk->key_state & LQ_KEY_LOCK) > 0) {
    828 		return NULL;
    829 	}
    830 
    831 	lq_digest(data, strlen(data), (char*)digest);
    832 	gpg = (struct gpg_store*)pk->impl;
    833 
    834 	r = sign(gpg, digest, LQ_DIGEST_LEN, salt);
    835 	if (r != ERR_OK) {
    836 		return NULL;
    837 	}
    838 
    839 	sig = lq_alloc(sizeof(LQSig));
    840 	sig->pubkey = lq_publickey_from_privatekey(pk);
    841 	if (sig->pubkey == NULL) {
    842 		lq_signature_free(sig);
    843 		return NULL;
    844 	}
    845 	sig->impl = lq_alloc(LQ_SIGN_LEN);
    846 	lq_cpy(sig->impl, gpg->last_signature, LQ_SIGN_LEN);
    847 	return sig;
    848 }
    849 
    850 LQSig* lq_signature_from_bytes(const char *sig_data, size_t sig_len, LQPubKey *pubkey) {
    851 	LQSig *sig;
    852 
    853 	sig = lq_alloc(sizeof(LQSig));
    854 	lq_zero(sig, sizeof(LQSig));
    855 	sig->impl = lq_alloc(sizeof(LQ_SIGN_LEN));
    856 	lq_cpy(sig->impl, sig_data, sig_len);
    857 	return sig;
    858 }
    859 
    860 size_t lq_signature_bytes(LQSig *sig, char **out) {
    861 	*out = sig->impl;
    862 	return LQ_SIGN_LEN;
    863 }
    864 
    865 int lq_signature_verify(LQSig *sig, const char *data, size_t data_len) {
    866 	int r;
    867 	size_t c;
    868 	gcry_mpi_t sig_r;
    869 	gcry_mpi_t sig_s;
    870 	gcry_error_t err;
    871 	gcry_sexp_t sigx;
    872 	gcry_sexp_t msgx;
    873 	gcry_sexp_t pubkey;
    874 	struct gpg_store *gpg;
    875 	char digest[LQ_DIGEST_LEN];
    876 
    877 	if (sig->pubkey == NULL) {
    878 		return ERR_NOENT;
    879 	}
    880 
    881 	gpg = (struct gpg_store*)sig->pubkey->impl;
    882 	c = 0;
    883 	err = gcry_sexp_build(&pubkey, &c, "(key-data(public-key(ecc(curve Ed25519)(q %b))))", LQ_PUBKEY_LEN, gpg->public_key);
    884 	if (err != GPG_ERR_NO_ERROR) {
    885 		return ERR_KEYFAIL;
    886 	}
    887 
    888 	c = 0;
    889 	err = gcry_mpi_scan(&sig_r, GCRYMPI_FMT_STD, sig->impl, LQ_POINT_LEN, &c);
    890 	if (err != GPG_ERR_NO_ERROR) {
    891 		gcry_sexp_release(pubkey);
    892 		return ERR_KEYFAIL;
    893 	}
    894 	if (c != 32) {
    895 		gcry_mpi_release(sig_r);
    896 		gcry_sexp_release(pubkey);
    897 		return ERR_KEYFAIL;
    898 	}
    899 
    900 	c = 0;
    901 	err = gcry_mpi_scan(&sig_s, GCRYMPI_FMT_STD, sig->impl + LQ_POINT_LEN, LQ_POINT_LEN, &c);
    902 	if (err != GPG_ERR_NO_ERROR) {
    903 		gcry_mpi_release(sig_r);
    904 		gcry_sexp_release(pubkey);
    905 		return ERR_KEYFAIL;
    906 	}
    907 	if (c != 32) {
    908 		gcry_mpi_release(sig_s);
    909 		gcry_mpi_release(sig_r);
    910 		gcry_sexp_release(pubkey);
    911 		return ERR_KEYFAIL;
    912 	}
    913 
    914 	c = 0;
    915 	err = gcry_sexp_build(&sigx, &c, "(sig-val(eddsa(r %m)(s %m)))", sig_r, sig_s);
    916 	if (err != GPG_ERR_NO_ERROR) {
    917 		gcry_mpi_release(sig_s);
    918 		gcry_mpi_release(sig_r);
    919 		gcry_sexp_release(pubkey);
    920 		return ERR_SIGFAIL;
    921 	}
    922 	gcry_mpi_release(sig_s);
    923 	gcry_mpi_release(sig_r);
    924 
    925 	r = calculate_digest_algo(data, data_len, digest, GCRY_MD_SHA512);
    926 	if (r) {
    927 		gcry_sexp_release(sigx);
    928 		gcry_sexp_release(pubkey);
    929 		return ERR_DIGEST;
    930 	}
    931 
    932 	c = 0;
    933 	err = gcry_sexp_build(&msgx, &c, "(data(flags eddsa)(hash-algo sha512)(value %b))", LQ_DIGEST_LEN, digest);
    934 	if (err != GPG_ERR_NO_ERROR) {
    935 		gcry_sexp_release(sigx);
    936 		gcry_sexp_release(pubkey);
    937 		return ERR_DIGEST;
    938 	}
    939 
    940 	err = gcry_pk_verify(sigx, msgx, pubkey);
    941 	if (err != GPG_ERR_NO_ERROR) {
    942 		gcry_sexp_release(msgx);
    943 		gcry_sexp_release(sigx);
    944 		gcry_sexp_release(pubkey);
    945 		return ERR_SIGVALID;
    946 	}
    947 
    948 	gcry_sexp_release(msgx);
    949 	gcry_sexp_release(sigx);
    950 	gcry_sexp_release(pubkey);
    951 
    952 	return ERR_OK;
    953 }
    954 
    955 void lq_privatekey_free(LQPrivKey *pk) {
    956 	struct gpg_store *gpg;
    957 
    958 	gpg = (struct gpg_store*)pk->impl;
    959 	gcry_sexp_release(gpg->k);
    960 	lq_free(pk->impl);
    961 	lq_free(pk);
    962 }
    963 
    964 void lq_publickey_free(LQPubKey *pubk) {
    965 	struct gpg_store *gpg;
    966 
    967 	gpg = (struct gpg_store*)pubk->impl;
    968 	gcry_sexp_release(gpg->k);
    969 	lq_free(pubk->impl);
    970 	lq_free(pubk);
    971 }
    972 
    973 void lq_signature_free(LQSig *sig) {
    974 	if (sig->pubkey != NULL) {
    975 		lq_publickey_free(sig->pubkey);
    976 	}
    977 	lq_free(sig);
    978 }
    979 
    980 LQPubKey* lq_publickey_from_privatekey(LQPrivKey *pk) {
    981 	struct gpg_store *gpg;
    982 	LQPubKey *pubk;
    983 
    984 	gpg = (struct gpg_store*)pk->impl;
    985 	pubk = lq_publickey_new(gpg->public_key);
    986 
    987 	return pubk;
    988 }
    989 
    990 LQPubKey* lq_publickey_new(const char *full) {
    991 	const char *p;
    992 	const char *r;
    993 	gcry_error_t e;
    994 	size_t c;
    995 	LQPubKey *pubk;
    996 	struct gpg_store *gpg;
    997 
    998 	pubk = lq_alloc(sizeof(LQPubKey));
    999 	gpg = lq_alloc(sizeof(struct gpg_store));
   1000 
   1001 	lq_zero(gpg, sizeof(struct gpg_store));
   1002 	c = 0;
   1003 	e = gcry_sexp_build(&gpg->k, &c, "(key-data(public-key(ecc(curve Ed25519)(q %b))))", LQ_PUBKEY_LEN, full);
   1004 	if (e != GPG_ERR_NO_ERROR) {
   1005 		p = gcry_strerror(e);
   1006 		debug_logerr(LLOG_DEBUG, ERR_KEYFAIL, (char*)p);
   1007 		return NULL;
   1008 	}
   1009 	lq_cpy(gpg->public_key, full, LQ_PUBKEY_LEN);
   1010 
   1011 	r = (char*)gcry_pk_get_keygrip(gpg->k, (unsigned char*)gpg->fingerprint);
   1012 	if (r == NULL) {
   1013 		debug_logerr(LLOG_ERROR, ERR_KEYFAIL, "fingerprint fail");
   1014 		return NULL;
   1015 	}
   1016 
   1017 	pubk->impl = (void*)gpg;
   1018 	pubk->key_typ = GPG_KEY_TYP;
   1019 	pubk->pk = NULL;
   1020 
   1021 	return pubk;
   1022 }
   1023 
   1024 size_t lq_publickey_fingerprint(LQPubKey* pubk, char **out) {
   1025 	struct gpg_store *gpg;
   1026 
   1027 	gpg = (struct gpg_store*)pubk->impl;
   1028 	*out = gpg->fingerprint;
   1029 	return LQ_FP_LEN;
   1030 }
   1031 
   1032 void lq_crypto_free() {
   1033 	//lq_store_free((void*)gpg_key_store);
   1034 	gpg_key_store->free(gpg_key_store);
   1035 	gpg_key_store = NULL;
   1036 	gpg_version = NULL;
   1037 }
   1038 
   1039 #endif