diff options
author | Stefan Walter <stefw@src.gnome.org> | 2007-06-15 22:15:24 +0000 |
---|---|---|
committer | Stefan Walter <stefw@src.gnome.org> | 2007-06-15 22:15:24 +0000 |
commit | cc939cdfaf03abf3b6d1c323d4f4f8baf4ceacb7 (patch) | |
tree | 9356ac60cc9441687f7fc66cfe4b3c2818a266e4 /keyrings | |
parent | 3ed3fdc607c9a61d858a96e81c5de18d684764fa (diff) | |
download | gnome-keyring-cc939cdfaf03abf3b6d1c323d4f4f8baf4ceacb7.tar.gz |
gnome-keyring-daemon and libgnome-keyring now use non-pageable secure
* common/Makefile.am:
* common/gkr-buffer.c:
* common/gkr-buffer.h:
* common/gkr-secure-memory.c: (added)
* common/gkr-secure-memory.h: (added)
* daemon/Makefile.am:
* daemon/gnome-keyring-daemon-io.c:
* daemon/gnome-keyring-daemon.c:
* keyrings/gkr-keyring-item.c:
* keyrings/gkr-keyring.c:
* library/Makefile.am:
* library/gnome-keyring-memory.c:
* library/gnome-keyring-memory.h:
* library/gnome-keyring-proto.c:
* library/gnome-keyring-proto.h:
* library/gnome-keyring-utils.c:
* library/gnome-keyring.c:
* reference/Makefile.am:
* reference/gnome-keyring-docs.sgml:
* reference/gnome-keyring-sections.txt:
* tests/Makefile.am:
* tests/unit-test-keyrings-prompt.c:
* tests/unit-test-keyrings.c:
* tests/unit-test-memory.c:
* tests-unit-test-other.c:
* tests/unit-test-secmem.c:
* ui/gkr-ask-request.c:
* ui/gkr-ask-tool.c: gnome-keyring-daemon and libgnome-keyring
now use non-pageable secure memory for secrets and passwords.
Fixes bug #419981
svn path=/trunk/; revision=633
Diffstat (limited to 'keyrings')
-rw-r--r-- | keyrings/gkr-keyring-item.c | 7 | ||||
-rw-r--r-- | keyrings/gkr-keyring.c | 87 |
2 files changed, 55 insertions, 39 deletions
diff --git a/keyrings/gkr-keyring-item.c b/keyrings/gkr-keyring-item.c index a9c06d58..9b9d7867 100644 --- a/keyrings/gkr-keyring-item.c +++ b/keyrings/gkr-keyring-item.c @@ -28,6 +28,8 @@ #include "gkr-keyring-item.h" #include "gkr-keyring.h" +#include "library/gnome-keyring-memory.h" + G_DEFINE_TYPE (GkrKeyringItem, gkr_keyring_item, G_TYPE_OBJECT); /* ----------------------------------------------------------------------------- @@ -63,9 +65,8 @@ gkr_keyring_item_finalize (GObject *obj) gnome_keyring_attribute_list_free (item->attributes); if (item->acl != NULL) gnome_keyring_acl_free (item->acl); - gnome_keyring_free_password (item->display_name); - /* TODO: Secure memory item->secret */ - gnome_keyring_free_password (item->secret); + g_free (item->display_name); + gnome_keyring_memory_free (item->secret); G_OBJECT_CLASS (gkr_keyring_item_parent_class)->finalize (obj); } diff --git a/keyrings/gkr-keyring.c b/keyrings/gkr-keyring.c index 7675a8e7..ca91d8f9 100644 --- a/keyrings/gkr-keyring.c +++ b/keyrings/gkr-keyring.c @@ -32,6 +32,7 @@ #include "daemon/gnome-keyring-daemon.h" +#include "library/gnome-keyring-memory.h" #include "library/gnome-keyring-proto.h" #include <glib.h> @@ -123,15 +124,12 @@ generate_key (const char *password, { gcry_md_hd_t mdh; gcry_error_t gerr; - /* TODO: Secure memory digest */ - guchar digest[32]; + guchar *digest; guchar *digested; + guint n_digest; g_assert (iterations >= 1); - - /* In case the world changes on us... */ - g_return_val_if_fail (gcry_md_get_algo_dlen (GCRY_MD_SHA256) == sizeof (digest), FALSE); - + gerr = gcry_md_open (&mdh, GCRY_MD_SHA256, 0); if (gerr) { g_warning ("couldn't create sha256 hash context: %s", @@ -139,28 +137,35 @@ generate_key (const char *password, return FALSE; } + n_digest = gcry_md_get_algo_dlen (GCRY_MD_SHA256); + g_return_val_if_fail (n_digest >= 32, FALSE); + + digest = gnome_keyring_memory_new (guchar, n_digest); + gcry_md_write (mdh, password, strlen (password)); gcry_md_write (mdh, salt, 8); gcry_md_final (mdh); digested = gcry_md_read (mdh, 0); g_return_val_if_fail (digested, FALSE); - memcpy (digest, digested, sizeof (digest)); + memcpy (digest, digested, n_digest); iterations--; while (iterations != 0) { gcry_md_reset (mdh); - gcry_md_write (mdh, digest, sizeof (digest)); + gcry_md_write (mdh, digest, n_digest); gcry_md_final (mdh); digested = gcry_md_read (mdh, 0); g_return_val_if_fail (digested, FALSE); - memcpy (digest, digested, sizeof (digest)); + memcpy (digest, digested, n_digest); iterations--; } memcpy (key, digest, 16); memcpy (iv, digest+16, 16); + gnome_keyring_memory_free (digest); gcry_md_close (mdh); + return TRUE; } @@ -172,20 +177,24 @@ encrypt_buffer (GkrBuffer *buffer, { gcry_cipher_hd_t cih; gcry_error_t gerr; - /* TODO: Secure memory key */ - guchar key[16]; + guchar *key; guchar iv[16]; size_t pos; g_assert (buffer->len % 16 == 0); + + key = gnome_keyring_memory_new (guchar, 16); - if (!generate_key (password, salt, iterations, key, iv)) + if (!generate_key (password, salt, iterations, key, iv)) { + gnome_keyring_memory_free (key); return FALSE; + } gerr = gcry_cipher_open (&cih, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0); if (gerr) { g_warning ("couldn't create aes cipher context: %s", gcry_strerror (gerr)); + gnome_keyring_memory_free (key); return FALSE; } @@ -203,7 +212,9 @@ encrypt_buffer (GkrBuffer *buffer, g_return_val_if_fail (!gerr, FALSE); } + gnome_keyring_memory_free (key); gcry_cipher_close (cih); + return TRUE; } @@ -215,20 +226,24 @@ decrypt_buffer (GkrBuffer *buffer, { gcry_cipher_hd_t cih; gcry_error_t gerr; - /* TODO: Secure memory key */ - guchar key[16]; + guchar *key; guchar iv[16]; size_t pos; g_assert (buffer->len % 16 == 0); + + key = gnome_keyring_memory_new (guchar, 16); - if (!generate_key (password, salt, iterations, key, iv)) + if (!generate_key (password, salt, iterations, key, iv)) { + gnome_keyring_memory_free (key); return FALSE; + } gerr = gcry_cipher_open (&cih, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0); if (gerr) { g_warning ("couldn't create aes cipher context: %s", gcry_strerror (gerr)); + gnome_keyring_memory_free (key); return FALSE; } @@ -246,7 +261,9 @@ decrypt_buffer (GkrBuffer *buffer, g_return_val_if_fail (!gerr, FALSE); } + gnome_keyring_memory_free (key); gcry_cipher_close (cih); + return TRUE; } @@ -300,13 +317,16 @@ generate_encrypted_data (GkrBuffer *buffer, GkrKeyring *keyring) GList *l; int i; GkrKeyringItem *item; - /* TODO: Secure memory buffer */ + + /* Make sure we're using non-pageable memory */ + gnome_keyring_proto_go_secure (buffer); + for (l = keyring->items; l != NULL; l = l->next) { item = l->data; if (!gnome_keyring_proto_add_utf8_string (buffer, item->display_name)) { return FALSE; } - if (!gnome_keyring_proto_add_utf8_string (buffer, item->secret)) { + if (!gnome_keyring_proto_add_utf8_secret (buffer, item->secret)) { return FALSE; } gnome_keyring_proto_add_time (buffer, item->ctime); @@ -337,7 +357,6 @@ generate_file (GkrBuffer *buffer, GkrKeyring *keyring) GList *l; GkrKeyringItem *item; GnomeKeyringAttributeList *hashed; - /* TODO: Secure memory to_encrypt */ GkrBuffer to_encrypt; guchar digest[16]; int i; @@ -391,9 +410,8 @@ generate_file (GkrBuffer *buffer, GkrKeyring *keyring) gnome_keyring_attribute_list_free (hashed); } - /* Encrypted data: */ - /* TODO: Secure memory to_encrypt */ - gkr_buffer_init_full (&to_encrypt, 4096, g_realloc); + /* Encrypted data. Use non-pageable memory */ + gkr_buffer_init_full (&to_encrypt, 4096, gnome_keyring_memory_realloc); gkr_buffer_append (&to_encrypt, (guchar*)digest, 16); /* Space for hash */ @@ -522,7 +540,10 @@ update_keyring_from_data (GkrKeyring *keyring, GkrBuffer *buffer) display_name = NULL; items = 0; - + + /* We're decrypting this, so use secure memory */ + gkr_buffer_set_allocator (&to_decrypt, gnome_keyring_memory_realloc); + if (buffer->len < KEYRING_FILE_HEADER_LEN) { return FALSE; } @@ -604,17 +625,17 @@ update_keyring_from_data (GkrKeyring *keyring, GkrBuffer *buffer) goto bail; } - /* TODO: secure memory to_decrypt */ + /* Copy the data into to_decrypt into non-pageable memory */ gkr_buffer_init_static (&to_decrypt, buffer->buf + offset, crypto_size); locked = TRUE; - /* TODO: secure memory keyring->password */ if (keyring->password != NULL) { + if (!decrypt_buffer (&to_decrypt, keyring->password, salt, hash_iterations)) { goto bail; } if (!verify_decrypted_buffer (&to_decrypt)) { - g_free (keyring->password); + gnome_keyring_memory_free (keyring->password); keyring->password = NULL; } else { locked = FALSE; @@ -624,8 +645,7 @@ update_keyring_from_data (GkrKeyring *keyring, GkrBuffer *buffer) &items[i].display_name)) { goto bail; } - /* TODO: secure memory items[i].secret */ - if (!gnome_keyring_proto_get_utf8_string (buffer, offset, &offset, + if (!gnome_keyring_proto_get_utf8_secret (buffer, offset, &offset, &items[i].secret)) { goto bail; } @@ -703,8 +723,7 @@ update_keyring_from_data (GkrKeyring *keyring, GkrBuffer *buffer) g_free (item->display_name); item->display_name = NULL; - /* TODO: secure memory item->secret */ - gnome_keyring_free_password (item->secret); + gnome_keyring_memory_free (item->secret); item->secret = NULL; if (item->acl) { gnome_keyring_acl_free (item->acl); @@ -721,7 +740,6 @@ update_keyring_from_data (GkrKeyring *keyring, GkrBuffer *buffer) item->attributes = items[i].attributes; gnome_keyring_attribute_list_free (items[i].hashed_attributes); item->display_name = items[i].display_name; - /* TODO: secure memory item->secret */ item->secret = items[i].secret; item->acl = items[i].acl; item->mtime = items[i].mtime; @@ -742,8 +760,7 @@ update_keyring_from_data (GkrKeyring *keyring, GkrBuffer *buffer) if (items != NULL) { for (i = 0; i < num_items; i++) { g_free (items[i].display_name); - /* TODO: Secure memory items[i].secret */ - g_free (items[i].secret); + gnome_keyring_memory_free (items[i].secret); gnome_keyring_attribute_list_free (items[i].hashed_attributes); gnome_keyring_attribute_list_free (items[i].attributes); gnome_keyring_acl_free (items[i].acl); @@ -845,8 +862,7 @@ gkr_keyring_dispose (GObject *obj) g_list_free (keyring->items); keyring->items = NULL; - /* TODO: Secure memory keyring->password */ - gnome_keyring_free_password (keyring->password); + gnome_keyring_memory_free (keyring->password); keyring->password = NULL; G_OBJECT_CLASS (gkr_keyring_parent_class)->dispose (obj); @@ -913,8 +929,7 @@ gkr_keyring_create (const gchar *keyring_name, const gchar *password) if (keyring != NULL) { keyring->file = get_default_keyring_file_for_name (keyring_name); keyring->locked = FALSE; - /* TODO: Secure Memory keyring->password */ - keyring->password = g_strdup (password); + keyring->password = gnome_keyring_memory_strdup (password); gkr_keyring_save_to_disk (keyring); } return keyring; |