cryptif.c

Linux下的飞鸽传书

    g_free(session_key);
  if (raw_enc_body)
    g_free(raw_enc_body);
 free_peer_key_out:
  if (key_e)
    g_free(key_e);
  if (key_n)
    g_free(key_n);

 error_out:
  return rc;
}
int
ipmsg_decrypt_message(const char *peer_addr,const char *message,unsigned char **ret_str,size_t *len){
  int rc;
  unsigned long this_cap;
  unsigned char *hex_skey=NULL;
  char *skey=NULL;
  unsigned char *signed_message=NULL;
  unsigned char *end_message_body_p=NULL;
  unsigned char *enc_message=NULL;
  unsigned char *hex_sign=NULL;
  unsigned long skey_type,akey_type;
  unsigned long sign_type;
  unsigned char *enc_bin_body=NULL;
  unsigned char *peer_key_e=NULL;
  unsigned char *peer_key_n=NULL;
  unsigned long tmp_cap;
  unsigned long new_flags;
  char *plain=NULL;
  size_t plain_len;
  size_t skey_len;
  size_t enc_bin_len;
  
  if ( (!message) || (!ret_str) || (!len) )
    return -EINVAL;

  rc=parse_encoded_message(message,
			   &this_cap,
			   &hex_skey,
			   &enc_message,
			   &hex_sign);
  if (rc) {
    err_out("Can not parse message\n");
    goto error_out;
  }
  /*
   * 暗号化に使用した鍵を取得
   */
  skey_type=get_symkey_part(this_cap);  /* 共通鍵 */
  akey_type=get_asymkey_part(this_cap); /* 公開鍵 */
  sign_type=get_sign_part(this_cap);
  dbg_out("Cap:%x Skey:%x AKey:%x Sign:%x\n",this_cap,skey_type,akey_type,sign_type);
  /*
   *署名がある場合は署名を検証
   */
  g_assert(peer_addr); /* udpからの呼出しの場合はかならずいれる  */
  if ( (hostinfo_get_ipmsg_crypt_capability() & sign_type) && (hex_sign) ) {
    dbg_out("This message is signed by peer.\n");
    /*
     *相手の公開鍵を取得
     */
    rc=userdb_get_public_key_by_addr(peer_addr,&tmp_cap,(char **)&peer_key_e,(char **)&peer_key_n);
    if (rc)
      goto free_parsed_datas;

    /* 編集用にコピー  */
    signed_message=g_strdup(message);
    rc=-ENOMEM;
    if (!signed_message)
      goto free_parsed_datas;
    end_message_body_p=strrchr(signed_message,':');
    if (!end_message_body_p) /*  異常データ  */
      goto free_parsed_datas;
    *end_message_body_p='\0'; /* 本文だけを参照  */
    dbg_out("Verify:%s with %s\n",signed_message,hex_sign);
    rc=pcrypt_verify_sign(this_cap,sign_type,signed_message, 
			  hex_sign,peer_key_e,peer_key_n);
    /*  失敗した場合でも, 不要なデータを開放してからぬける  */
    if (rc) {
      err_out("Verify failed:rc=%d\n",rc);
      goto free_parsed_datas;
    }
    dbg_out("Verify OK\n");
  }

  /*
   *共通鍵をデコード
   */
  /* FIXME 鍵のバリデーション(RSAが2つ以上設定されていないか) */
  rc=pcrypt_decrypt_message(akey_type,hex_skey,&skey,&skey_len);
  if (rc)
    goto free_parsed_datas;
  dbg_out("Decrypt key len:%d\n",skey_len);
  /*
   *暗号化された本文のバイナリ化
   */
  rc=string_hex2bin(enc_message,&enc_bin_len, &enc_bin_body);
  if (rc)
    goto free_skey;

#if 0
  print_hex(skey,skey_len);
#endif

  rc=symcrypt_decrypt_message(skey_type,enc_bin_body,enc_bin_len,
			      skey,&plain,&plain_len);
  if (rc)
    goto free_enc_bin_body;
  dbg_out("Decoded:%s len=%d\n",plain,plain_len);
  *ret_str=plain;
  *len=plain_len;
  rc=0;
 free_enc_bin_body:
  if (enc_bin_body)
    g_free(enc_bin_body);
 free_skey:
  if (skey)
    g_free(skey);
 free_parsed_datas:
  if (hex_skey)
    g_free(hex_skey);
  if (enc_message)
    g_free(enc_message);
  if (hex_sign)
    g_free(hex_sign);
  if (peer_key_e)
    g_free(peer_key_e);
  if (peer_key_n)
    g_free(peer_key_n);
  if (signed_message)
    g_free(signed_message);

 error_out:
  if (rc != 0) {
    new_flags = hostinfo_get_normal_entry_flags();
    new_flags &= ~IPMSG_ENCRYPTOPT;  /* 暗号化通信不可能であることを通知する  */
    ipmsg_send_gratuitous_ans_entry(udp_con, peer_addr, new_flags);
    ipmsg_err_dialog(_("Can not decode message from %s rc = %d"), peer_addr, rc);
  }
  return rc;
}

GtkWidget *
internal_create_crypt_config_window(void){
  int rc;
  GtkWidget *configWindow;
  GtkWidget *sendHostListChkBtn;
  GtkWidget *obtainHostlistChkBtn;
  GtkWidget *configRC2Bit40Btn;
  GtkWidget *configRC2Bit128Btn;
  GtkWidget *configRC2Bit256Btn;
  GtkWidget *configBFBit128Btn;
  GtkWidget *configBFBit256Btn;
  GtkWidget *configRSABit512Btn;
  GtkWidget *configRSABit1024Btn;
  GtkWidget *configRSABit2048Btn;
  GtkWidget *configMD5Btn;
  GtkWidget *configSHA1Btn;
  GtkWidget *keySelectAlgoCBtn;
  GtkWidget *RSAKeyEncryptionCBtn;
  GtkWidget *useLockCBtn;
  unsigned long state;
  
  configWindow=create_securityConfig ();
  g_assert(configWindow);

  sendHostListChkBtn=lookup_widget(configWindow,"sendHostListChkBtn");
  obtainHostlistChkBtn=lookup_widget(configWindow,"obtainHostlistChkBtn");
  configRC2Bit40Btn=lookup_widget(configWindow,"configRC2Bit40Btn");
  configRC2Bit128Btn=lookup_widget(configWindow, "configRC2Bit128Btn");
  configRC2Bit256Btn=lookup_widget(configWindow, "configRC2Bit256Btn");
  configBFBit128Btn=lookup_widget(configWindow, "configBFBit128Btn");
  configBFBit256Btn=lookup_widget(configWindow, "configBFBit256Btn");
  configRSABit512Btn=lookup_widget(configWindow, "configRSABit512Btn");
  configRSABit1024Btn=lookup_widget(configWindow, "configRSABit1024Btn");
  configRSABit2048Btn=lookup_widget(configWindow, "configRSABit2048Btn");
  configMD5Btn=lookup_widget(configWindow, "configMD5Btn");
  configSHA1Btn=lookup_widget(configWindow, "configSHA1Btn");
  keySelectAlgoCBtn=lookup_widget(configWindow, "keySelectAlgoCBtn");
  RSAKeyEncryptionCBtn=lookup_widget(configWindow, "RSAKeyEncryptionCBtn");
  useLockCBtn=lookup_widget(configWindow, "useLockCBtn");


  rc=hostinfo_refer_ipmsg_cipher(&state);
  if (rc)
    return;

  /*
   *ホストリスト制御
   */
  if (hostinfo_refer_ipmsg_is_allow_hlist())
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(sendHostListChkBtn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(sendHostListChkBtn),FALSE);

  if (hostinfo_refer_ipmsg_is_get_hlist())
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(obtainHostlistChkBtn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(obtainHostlistChkBtn),FALSE);

  /*
   *暗号選択
   */
  if (state & IPMSG_RC2_40)
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configRC2Bit40Btn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configRC2Bit40Btn),FALSE);

  if (state & IPMSG_RC2_128)
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configRC2Bit128Btn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configRC2Bit128Btn),FALSE);

  if (state & IPMSG_RC2_256)
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configRC2Bit256Btn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configRC2Bit256Btn),FALSE);

  if (state & IPMSG_BLOWFISH_128)
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configBFBit128Btn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configBFBit128Btn),FALSE);

  if (state & IPMSG_BLOWFISH_256)
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configBFBit256Btn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configBFBit256Btn),FALSE);

  if (state & IPMSG_RSA_512)
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configRSABit512Btn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configRSABit512Btn),FALSE);

  if (state & IPMSG_RSA_1024)
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configRSABit1024Btn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configRSABit1024Btn),FALSE);

  if (state & IPMSG_RSA_2048)
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configRSABit2048Btn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configRSABit2048Btn),FALSE);

  if (state & IPMSG_SIGN_MD5)
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configMD5Btn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configMD5Btn),FALSE);

  if (state & IPMSG_SIGN_SHA1)
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configSHA1Btn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(configSHA1Btn),FALSE);

  if (hostinfo_refer_ipmsg_crypt_policy_is_speed())
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(keySelectAlgoCBtn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(keySelectAlgoCBtn),FALSE);

  if (hostinfo_refer_ipmsg_encrypt_public_key())
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(RSAKeyEncryptionCBtn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(RSAKeyEncryptionCBtn),FALSE);
  if (hostinfo_refer_ipmsg_use_lock())
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(useLockCBtn),TRUE);
  else
    gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(useLockCBtn),FALSE);

  return configWindow;
}

int 
apply_crypt_config_window(GtkWindow *configWindow){
  int rc;
  GtkWidget *sendHostListChkBtn;
  GtkWidget *obtainHostlistChkBtn;
  GtkWidget *configRC2Bit40Btn;
  GtkWidget *configRC2Bit128Btn;
  GtkWidget *configRC2Bit256Btn;
  GtkWidget *configBFBit128Btn;
  GtkWidget *configBFBit256Btn;
  GtkWidget *configRSABit512Btn;
  GtkWidget *configRSABit1024Btn;
  GtkWidget *configRSABit2048Btn;
  GtkWidget *configMD5Btn;
  GtkWidget *configSHA1Btn;
  GtkWidget *keySelectAlgoCBtn;
  GtkWidget *RSAKeyEncryptionCBtn;
  GtkWidget *useLockCBtn;
  unsigned long state;
  
  if (!configWindow)
    return -EINVAL;

  sendHostListChkBtn=lookup_widget(GTK_WIDGET(configWindow),"sendHostListChkBtn");
  obtainHostlistChkBtn=lookup_widget(GTK_WIDGET(configWindow),"obtainHostlistChkBtn");
  configRC2Bit40Btn=lookup_widget(GTK_WIDGET(configWindow),"configRC2Bit40Btn");
  configRC2Bit128Btn=lookup_widget(GTK_WIDGET(configWindow), "configRC2Bit128Btn");
  configRC2Bit256Btn=lookup_widget(GTK_WIDGET(configWindow), "configRC2Bit256Btn");
  configBFBit128Btn=lookup_widget(GTK_WIDGET(configWindow), "configBFBit128Btn");
  configBFBit256Btn=lookup_widget(GTK_WIDGET(configWindow), "configBFBit256Btn");
  configRSABit512Btn=lookup_widget(GTK_WIDGET(configWindow), "configRSABit512Btn");
  configRSABit1024Btn=lookup_widget(GTK_WIDGET(configWindow), "configRSABit1024Btn");
  configRSABit2048Btn=lookup_widget(GTK_WIDGET(configWindow), "configRSABit2048Btn");
  configMD5Btn=lookup_widget(GTK_WIDGET(configWindow), "configMD5Btn");
  configSHA1Btn=lookup_widget(GTK_WIDGET(configWindow), "configSHA1Btn");
  keySelectAlgoCBtn=lookup_widget(GTK_WIDGET(configWindow), "keySelectAlgoCBtn");
  RSAKeyEncryptionCBtn=lookup_widget(GTK_WIDGET(configWindow), "RSAKeyEncryptionCBtn");
  useLockCBtn=lookup_widget(GTK_WIDGET(configWindow), "useLockCBtn");

  /*
   *ホストリスト制御
   */
  hostinfo_set_ipmsg_is_allow_hlist(gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(sendHostListChkBtn))); 
  hostinfo_set_ipmsg_is_get_hlist(gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(obtainHostlistChkBtn)));

  /*
   *暗号選択
   */

  /*
   * 共通鍵
   */
  state=0;
  if (gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(configRC2Bit40Btn)))
    state |= IPMSG_RC2_40;
  if (gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(configRC2Bit128Btn)))
    state |= IPMSG_RC2_128;
  if (gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(configRC2Bit256Btn)))
    state |= IPMSG_RC2_256;

  if (gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(configBFBit128Btn)))
    state |= IPMSG_BLOWFISH_128;
  if (gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(configBFBit256Btn)))
    state |= IPMSG_BLOWFISH_256;

  /*
   * RSA
   */
  if (gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(configRSABit512Btn)))
    state |= IPMSG_RSA_512;
  if (gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(configRSABit1024Btn)))
    state |= IPMSG_RSA_1024;
  if (gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(configRSABit2048Btn)))
    state |= IPMSG_RSA_2048;

  /*
   * 署名
   */
  if (gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(configMD5Btn)))
    state |= IPMSG_SIGN_MD5;
  if (gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(configSHA1Btn)))
    state |= IPMSG_SIGN_SHA1;

  hostinfo_set_ipmsg_cipher(state);

  /*
   * セキュリティ設定
   */
  hostinfo_set_ipmsg_crypt_policy_as_speed(gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(keySelectAlgoCBtn)));
  hostinfo_set_ipmsg_encrypt_public_key(gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(RSAKeyEncryptionCBtn)));
  hostinfo_set_ipmsg_use_lock(gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(useLockCBtn)));

  return 0;
}
static int
enter_password(void){
  int rc;
  GtkWidget *window=NULL;
  gint result;

  window=create_passwdWindow();
  g_assert(window);

  
  return 0;
}