GVM: Utilities for LSC credential encryption.
More...
#include <glib.h>
#include <glib/gstdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <stdint.h>
#include <gvm/base/gvm_sentry.h>
#include <gvm/util/gpgmeutils.h>
#include "lsc_crypt.h"
|
static G_GNUC_CONST const char * | nonnull (const char *s) |
| Return a fixed string instead of NULL. More...
|
|
static void | put32 (GString *buffer, uint32_t value) |
| Append a 32 bit unsigned integer to a GString. More...
|
|
static G_GNUC_PURE uint32_t | get32 (const void *buffer) |
| Extract a 32 bit unsigned integer from a buffer. More...
|
|
static int | create_the_key (lsc_crypt_ctx_t ctx) |
| Create the credential encryption key. More...
|
|
static gpgme_key_t | find_the_key (lsc_crypt_ctx_t ctx, gboolean no_create) |
| Locate the encryption key. More...
|
|
static char * | do_encrypt (lsc_crypt_ctx_t ctx, const void *plaintext, size_t plaintextlen) |
| Encrypt data using the standard key. More...
|
|
static char * | do_decrypt (lsc_crypt_ctx_t ctx, const char *cipherstring, size_t *r_plaintextlen) |
| Decrypt data encrypted to the standard key. More...
|
|
lsc_crypt_ctx_t | lsc_crypt_new () |
| Return a new context for LSC encryption. More...
|
|
void | lsc_crypt_release (lsc_crypt_ctx_t ctx) |
| Release an LSC encryption context. More...
|
|
void | lsc_crypt_flush (lsc_crypt_ctx_t ctx) |
| Flush an LSC encryption context. More...
|
|
char * | lsc_crypt_encrypt (lsc_crypt_ctx_t ctx, const char *first_name,...) |
| Encrypt a list of name/value pairs. More...
|
|
const char * | lsc_crypt_decrypt (lsc_crypt_ctx_t ctx, const char *ciphertext, const char *name) |
| Return an encrypted value in the clear. More...
|
|
const char * | lsc_crypt_get_password (lsc_crypt_ctx_t ctx, const char *ciphertext) |
| Return an encrypted password in the clear. More...
|
|
const char * | lsc_crypt_get_private_key (lsc_crypt_ctx_t ctx, const char *ciphertext) |
| Return an encrypted private key in the clear. More...
|
|
GVM: Utilities for LSC credential encryption.
This file provides support for encrypting LSC credentials.
◆ ENCRYPTION_KEY_UID
#define ENCRYPTION_KEY_UID "GVM Credential Encryption" |
The name of the encryption key.
Note that the code will use the "=" prefix flag to indicate an exact search. Thus when creating the key it should not have a comment or email address part.
◆ MAX_VALUE_LENGTH
#define MAX_VALUE_LENGTH (128 * 1024) |
The maximum size of an encrypted value.
To avoid excessive memory allocations we put a limit on the size of values stored in a name/value pair.
◆ create_the_key()
Create the credential encryption key.
This should only be called if the key does not yet exist.
- Parameters
-
ctx | The initialized encryption context |
- Returns
- On success 0 is returned; any other value indicates an error.
◆ do_decrypt()
static char* do_decrypt |
( |
lsc_crypt_ctx_t |
ctx, |
|
|
const char * |
cipherstring, |
|
|
size_t * |
r_plaintextlen |
|
) |
| |
|
static |
Decrypt data encrypted to the standard key.
Decrypt the base64 encoded ciphersting. On success store the size of the plaintext at R_PLAINTEXTSIZE and return an allocated buffer with the PLAINTEXT. The caller must release the result. Returns NULL on error.
- Parameters
-
| ctx | An initialized encryption context |
[in] | cipherstring | The base64 encoded input |
[out] | r_plaintextlen | The address of variable to receive the length in bytes of the decrypted plaintext. On error that value is not defined. |
- Returns
- An allocated buffer it the decrypten result (ie. the plaintext). The caller must release this buffer. NULL is returned on error.
◆ do_encrypt()
static char* do_encrypt |
( |
lsc_crypt_ctx_t |
ctx, |
|
|
const void * |
plaintext, |
|
|
size_t |
plaintextlen |
|
) |
| |
|
static |
Encrypt data using the standard key.
Encrypt the given plaintext using the standard credential key and return a base 64 encoded ciphertext.
- Parameters
-
[in] | ctx | An initialized encryption context |
[in] | plaintext | The data to be encrypted |
[in] | plaintextlen | The length in bytes of plaintext |
- Returns
- A base64 encoded ciphertext to be released by the caller. NULL is returned on error.
◆ find_the_key()
static gpgme_key_t find_the_key |
( |
lsc_crypt_ctx_t |
ctx, |
|
|
gboolean |
no_create |
|
) |
| |
|
static |
Locate the encryption key.
This function is used to find and return the standard encryption key.
- Parameters
-
ctx | An initialized encryption context |
no_create | If TRUE, do not try to create a missing encryption key. |
- Returns
- A gpgme key object or NULL on error.
◆ get32()
static G_GNUC_PURE uint32_t get32 |
( |
const void * |
buffer | ) |
|
|
static |
Extract a 32 bit unsigned integer from a buffer.
- Parameters
-
buffer | Pointer to an arbitrary buffer with a length of at least 4 bytes. |
- Returns
- An unsigned 32 bit integer value taken from the first 4 bytes of the buffer which is assumed to be in big-endian encoding.
◆ lsc_crypt_decrypt()
const char* lsc_crypt_decrypt |
( |
lsc_crypt_ctx_t |
ctx, |
|
|
const char * |
ciphertext, |
|
|
const char * |
name |
|
) |
| |
Return an encrypted value in the clear.
This function returns the encrypted value in the clear. The clear value may also be NULL , if no value is available. If a decryption has not yet been done, the passed ciphertext value is first decrypted. Thus a changed value of ciphertext may not have an effect. To force a decryption a call to lsc_crypt_flush is required.
- Parameters
-
[in] | ctx | The context |
[in] | ciphertext | The base64 encoded ciphertext. |
[in] | name | Name of the value to get. |
- Returns
- A const pointer to a string object. This pointer is valid as long as the context is valid and lsc_crypt_flush has not been called. If no value is available NULL is returned.
◆ lsc_crypt_encrypt()
char* lsc_crypt_encrypt |
( |
lsc_crypt_ctx_t |
ctx, |
|
|
const char * |
first_name, |
|
|
|
... |
|
) |
| |
Encrypt a list of name/value pairs.
- Parameters
-
[in] | ctx | The context |
[in] | first_name | The name of the first name/value pair. This must be followed by a string value and optionally followed by more name and value pairs. This list is terminated by a single NULL instead of a name. |
- Returns
- A pointer to a freshly allocated string in base64 encoding. Caller must free. On error NULL is returned.
◆ lsc_crypt_flush()
Flush an LSC encryption context.
This function is used to flush the context. The flushing invalidates returned strings and internal caches. Basically this is the same as releasing and creating the context but it is optimized to keep some internal state.
- Parameters
-
[in] | ctx | The context or NULL |
◆ lsc_crypt_get_password()
const char* lsc_crypt_get_password |
( |
lsc_crypt_ctx_t |
ctx, |
|
|
const char * |
ciphertext |
|
) |
| |
Return an encrypted password in the clear.
This function returns the encrypted password in the clear. The clear value may also be NULL , if no password is available. If a decryption has not yet been done, the passed ciphertext value is first decrypted. Thus a changed value of ciphertext may not have an effect. To force a decryption a call to lsc_crypt_flush is required.
- Parameters
-
[in] | ctx | The context |
[in] | ciphertext | The base64 encoded ciphertext. |
- Returns
- A const pointer to a string object. This pointer is valid as long as the context is valid and lsc_crypt_flush has not been called. If no password is available NULL is returned.
◆ lsc_crypt_get_private_key()
const char* lsc_crypt_get_private_key |
( |
lsc_crypt_ctx_t |
ctx, |
|
|
const char * |
ciphertext |
|
) |
| |
Return an encrypted private key in the clear.
This function returns the encrypted private key in the clear. The clear value may also be NULL , if no private key is available. If a decryption has not yet been done, the passed ciphertext value is first decrypted. Thus a changed value of ciphertext may not have an effect. To force a decryption a call to lsc_crypt_flush is required.
- Parameters
-
[in] | ctx | The context |
[in] | ciphertext | The base64 encoded ciphertext. |
- Returns
- A const pointer to a string object. This pointer is valid as long as the context is valid and lsc_crypt_flush has not been called. If no private key is available NULL is returned.
◆ lsc_crypt_new()
Return a new context for LSC encryption.
- Returns
- A new context object to be released with lsc_crypt_release.
◆ lsc_crypt_release()
Release an LSC encryption context.
- Parameters
-
[in] | ctx | The context or NULL |
◆ nonnull()
static G_GNUC_CONST const char* nonnull |
( |
const char * |
s | ) |
|
|
static |
Return a fixed string instead of NULL.
This is a convenience functions to return a descriptive string for a NULL pointer. Some printf implementations already do that for the "s" format but it is not a standard. Thus we use this little helper.
- Parameters
-
- Returns
- "[none]" if
s
is NULL, else s
.
◆ put32()
static void put32 |
( |
GString * |
buffer, |
|
|
uint32_t |
value |
|
) |
| |
|
static |
Append a 32 bit unsigned integer to a GString.
This function is used to append a 32 bit unsigned value to a GString in network byte order (big endian).
- Parameters
-
buffer | GString as destination |
value | The 32 bit unsigned value |