diff --git a/libnm-core/nm-crypto-gnutls.c b/libnm-core/nm-crypto-gnutls.c index 72cc0a28c0..86535ee4b1 100644 --- a/libnm-core/nm-crypto-gnutls.c +++ b/libnm-core/nm-crypto-gnutls.c @@ -37,7 +37,7 @@ static gboolean initialized = FALSE; gboolean -crypto_init (GError **error) +_nm_crypto_init (GError **error) { if (initialized) return TRUE; @@ -55,16 +55,16 @@ crypto_init (GError **error) } char * -crypto_decrypt (const char *cipher, - int key_type, - const guint8 *data, - gsize data_len, - const char *iv, - const gsize iv_len, - const char *key, - const gsize key_len, - gsize *out_len, - GError **error) +_nm_crypto_decrypt (const char *cipher, + int key_type, + const guint8 *data, + gsize data_len, + const char *iv, + const gsize iv_len, + const char *key, + const gsize key_len, + gsize *out_len, + GError **error) { gnutls_cipher_hd_t ctx; gnutls_datum_t key_dt, iv_dt; @@ -74,7 +74,7 @@ crypto_decrypt (const char *cipher, gboolean success = FALSE; gsize pad_len, real_iv_len; - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return NULL; if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) { @@ -171,15 +171,15 @@ out: } char * -crypto_encrypt (const char *cipher, - const guint8 *data, - gsize data_len, - const char *iv, - const gsize iv_len, - const char *key, - gsize key_len, - gsize *out_len, - GError **error) +_nm_crypto_encrypt (const char *cipher, + const guint8 *data, + gsize data_len, + const char *iv, + const gsize iv_len, + const char *key, + gsize key_len, + gsize *out_len, + GError **error) { gnutls_cipher_hd_t ctx; gnutls_datum_t key_dt, iv_dt; @@ -191,7 +191,7 @@ crypto_encrypt (const char *cipher, char *padded_buf = NULL; guint32 i; - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return NULL; if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) @@ -269,15 +269,15 @@ out: } NMCryptoFileFormat -crypto_verify_cert (const unsigned char *data, - gsize len, - GError **error) +_nm_crypto_verify_cert (const unsigned char *data, + gsize len, + GError **error) { gnutls_x509_crt_t der; gnutls_datum_t dt; int err; - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return NM_CRYPTO_FILE_FORMAT_UNKNOWN; err = gnutls_x509_crt_init (&der); @@ -312,10 +312,10 @@ crypto_verify_cert (const unsigned char *data, } gboolean -crypto_verify_pkcs12 (const guint8 *data, - gsize data_len, - const char *password, - GError **error) +_nm_crypto_verify_pkcs12 (const guint8 *data, + gsize data_len, + const char *password, + GError **error) { gnutls_pkcs12_t p12; gnutls_datum_t dt; @@ -324,7 +324,7 @@ crypto_verify_pkcs12 (const guint8 *data, g_return_val_if_fail (data != NULL, FALSE); - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return FALSE; dt.data = (unsigned char *) data; @@ -369,11 +369,11 @@ out: } gboolean -crypto_verify_pkcs8 (const guint8 *data, - gsize data_len, - gboolean is_encrypted, - const char *password, - GError **error) +_nm_crypto_verify_pkcs8 (const guint8 *data, + gsize data_len, + gboolean is_encrypted, + const char *password, + GError **error) { gnutls_x509_privkey_t p8; gnutls_datum_t dt; @@ -381,7 +381,7 @@ crypto_verify_pkcs8 (const guint8 *data, g_return_val_if_fail (data != NULL, FALSE); - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return FALSE; dt.data = (unsigned char *) data; @@ -424,9 +424,9 @@ crypto_verify_pkcs8 (const guint8 *data, } gboolean -crypto_randomize (void *buffer, gsize buffer_len, GError **error) +_nm_crypto_randomize (void *buffer, gsize buffer_len, GError **error) { - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return FALSE; gnutls_rnd (GNUTLS_RND_RANDOM, buffer, buffer_len); diff --git a/libnm-core/nm-crypto-impl.h b/libnm-core/nm-crypto-impl.h index 63ffb17097..93186cb6cf 100644 --- a/libnm-core/nm-crypto-impl.h +++ b/libnm-core/nm-crypto-impl.h @@ -30,32 +30,44 @@ #include "nm-crypto.h" -gboolean crypto_init (GError **error); +gboolean _nm_crypto_init (GError **error); -char * crypto_decrypt (const char *cipher, - int key_type, - const guint8 *data, - gsize data_len, - const char *iv, - const gsize iv_len, - const char *key, - const gsize key_len, - gsize *out_len, - GError **error); +gboolean _nm_crypto_randomize (void *buffer, gsize buffer_len, GError **error); -NMCryptoFileFormat crypto_verify_cert (const guint8 *data, - gsize len, - GError **error); +char *_nm_crypto_encrypt (const char *cipher, + const guint8 *data, + gsize data_len, + const char *iv, + gsize iv_len, + const char *key, + gsize key_len, + gsize *out_len, + GError **error); -gboolean crypto_verify_pkcs12 (const guint8 *data, - gsize data_len, - const char *password, - GError **error); +char *_nm_crypto_decrypt (const char *cipher, + int key_type, + const guint8 *data, + gsize data_len, + const char *iv, + const gsize iv_len, + const char *key, + const gsize key_len, + gsize *out_len, + GError **error); -gboolean crypto_verify_pkcs8 (const guint8 *data, - gsize data_len, - gboolean is_encrypted, - const char *password, - GError **error); +NMCryptoFileFormat _nm_crypto_verify_cert (const guint8 *data, + gsize len, + GError **error); + +gboolean _nm_crypto_verify_pkcs12 (const guint8 *data, + gsize data_len, + const char *password, + GError **error); + +gboolean _nm_crypto_verify_pkcs8 (const guint8 *data, + gsize data_len, + gboolean is_encrypted, + const char *password, + GError **error); #endif /* __NM_CRYPTO_IMPL_H__ */ diff --git a/libnm-core/nm-crypto-nss.c b/libnm-core/nm-crypto-nss.c index 634022b00a..df0fa58ea9 100644 --- a/libnm-core/nm-crypto-nss.c +++ b/libnm-core/nm-crypto-nss.c @@ -40,7 +40,7 @@ static gboolean initialized = FALSE; gboolean -crypto_init (GError **error) +_nm_crypto_init (GError **error) { SECStatus ret; @@ -71,16 +71,16 @@ crypto_init (GError **error) } char * -crypto_decrypt (const char *cipher, - int key_type, - const guint8 *data, - gsize data_len, - const char *iv, - const gsize iv_len, - const char *key, - const gsize key_len, - gsize *out_len, - GError **error) +_nm_crypto_decrypt (const char *cipher, + int key_type, + const guint8 *data, + gsize data_len, + const char *iv, + const gsize iv_len, + const char *key, + const gsize key_len, + gsize *out_len, + GError **error) { char *output = NULL; int decrypted_len = 0; @@ -95,7 +95,7 @@ crypto_decrypt (const char *cipher, unsigned pad_len = 0, extra = 0; guint32 i, real_iv_len = 0; - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return NULL; if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) { @@ -243,15 +243,15 @@ out: } char * -crypto_encrypt (const char *cipher, - const guint8 *data, - gsize data_len, - const char *iv, - gsize iv_len, - const char *key, - gsize key_len, - gsize *out_len, - GError **error) +_nm_crypto_encrypt (const char *cipher, + const guint8 *data, + gsize data_len, + const char *iv, + gsize iv_len, + const char *key, + gsize key_len, + gsize *out_len, + GError **error) { SECStatus ret; CK_MECHANISM_TYPE cipher_mech = CKM_DES3_CBC_PAD; @@ -267,7 +267,7 @@ crypto_encrypt (const char *cipher, gboolean success = FALSE; gsize padded_buf_len, pad_len; - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return NULL; if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) @@ -371,13 +371,13 @@ out: } NMCryptoFileFormat -crypto_verify_cert (const unsigned char *data, - gsize len, - GError **error) +_nm_crypto_verify_cert (const unsigned char *data, + gsize len, + GError **error) { CERTCertificate *cert; - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return NM_CRYPTO_FILE_FORMAT_UNKNOWN; /* Try DER/PEM first */ @@ -395,10 +395,10 @@ crypto_verify_cert (const unsigned char *data, } gboolean -crypto_verify_pkcs12 (const guint8 *data, - gsize data_len, - const char *password, - GError **error) +_nm_crypto_verify_pkcs12 (const guint8 *data, + gsize data_len, + const char *password, + GError **error) { SEC_PKCS12DecoderContext *p12ctx = NULL; SECItem pw = { 0 }; @@ -413,7 +413,7 @@ crypto_verify_pkcs12 (const guint8 *data, if (error) g_return_val_if_fail (*error == NULL, FALSE); - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return FALSE; /* PKCS#12 passwords are apparently UCS2 BIG ENDIAN, and NSS doesn't do @@ -492,15 +492,15 @@ error: } gboolean -crypto_verify_pkcs8 (const guint8 *data, - gsize data_len, - gboolean is_encrypted, - const char *password, - GError **error) +_nm_crypto_verify_pkcs8 (const guint8 *data, + gsize data_len, + gboolean is_encrypted, + const char *password, + GError **error) { g_return_val_if_fail (data != NULL, FALSE); - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return FALSE; /* NSS apparently doesn't do PKCS#8 natively, but you have to put the @@ -511,11 +511,11 @@ crypto_verify_pkcs8 (const guint8 *data, } gboolean -crypto_randomize (void *buffer, gsize buffer_len, GError **error) +_nm_crypto_randomize (void *buffer, gsize buffer_len, GError **error) { SECStatus s; - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return FALSE; s = PK11_GenerateRandom (buffer, buffer_len); diff --git a/libnm-core/nm-crypto.c b/libnm-core/nm-crypto.c index c4740f31f4..fcef7960cb 100644 --- a/libnm-core/nm-crypto.c +++ b/libnm-core/nm-crypto.c @@ -411,12 +411,12 @@ convert_iv (const char *src, } char * -crypto_make_des_aes_key (const char *cipher, - const char *salt, - const gsize salt_len, - const char *password, - gsize *out_len, - GError **error) +nm_crypto_make_des_aes_key (const char *cipher, + const char *salt, + const gsize salt_len, + const char *password, + gsize *out_len, + GError **error) { char *key; guint32 digest_len; @@ -452,12 +452,12 @@ crypto_make_des_aes_key (const char *cipher, key = g_malloc0 (digest_len + 1); - crypto_md5_hash ((guint8 *) salt, - 8, - (guint8 *) password, - strlen (password), - (guint8 *) key, - digest_len); + nm_crypto_md5_hash ((guint8 *) salt, + 8, + (guint8 *) password, + strlen (password), + (guint8 *) key, + digest_len); *out_len = digest_len; return key; @@ -497,20 +497,20 @@ decrypt_key (const char *cipher, } /* Convert the password and IV into a DES or AES key */ - key.str = crypto_make_des_aes_key (cipher, bin_iv.str, bin_iv.len, password, &key.len, error); + key.str = nm_crypto_make_des_aes_key (cipher, bin_iv.str, bin_iv.len, password, &key.len, error); if (!key.str || !key.len) return FALSE; - parsed->str = crypto_decrypt (cipher, - key_type, - data, - data_len, - bin_iv.str, - bin_iv.len, - key.str, - key.len, - &parsed->len, - error); + parsed->str = _nm_crypto_decrypt (cipher, + key_type, + data, + data_len, + bin_iv.str, + bin_iv.len, + key.str, + key.len, + &parsed->len, + error); if (!parsed->str || parsed->len == 0) { nm_secret_ptr_clear (parsed); return FALSE; @@ -535,7 +535,7 @@ nmtst_crypto_decrypt_openssl_private_key_data (const guint8 *data, NM_SET_OUT (out_key_type, NM_CRYPTO_KEY_TYPE_UNKNOWN); - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return NULL; if (!parse_old_openssl_key_file (data, data_len, &parsed, &key_type, &cipher, &iv, NULL)) { @@ -584,7 +584,7 @@ nmtst_crypto_decrypt_openssl_private_key (const char *file, { nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 }; - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return NULL; if (!file_read_contents (file, &contents, error)) @@ -645,9 +645,9 @@ extract_pem_cert_data (const guint8 *contents, } GByteArray * -crypto_load_and_verify_certificate (const char *file, - NMCryptoFileFormat *out_file_format, - GError **error) +nm_crypto_load_and_verify_certificate (const char *file, + NMCryptoFileFormat *out_file_format, + GError **error) { nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 }; @@ -656,28 +656,28 @@ crypto_load_and_verify_certificate (const char *file, *out_file_format = NM_CRYPTO_FILE_FORMAT_UNKNOWN; - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return NULL; if (!file_read_contents (file, &contents, error)) return NULL; /* Check for PKCS#12 */ - if (crypto_is_pkcs12_data (contents.bin, contents.len, NULL)) { + if (nm_crypto_is_pkcs12_data (contents.bin, contents.len, NULL)) { *out_file_format = NM_CRYPTO_FILE_FORMAT_PKCS12; return to_gbyte_array_mem (contents.bin, contents.len); } /* Check for plain DER format */ if (contents.len > 2 && contents.bin[0] == 0x30 && contents.bin[1] == 0x82) { - *out_file_format = crypto_verify_cert (contents.bin, contents.len, error); + *out_file_format = _nm_crypto_verify_cert (contents.bin, contents.len, error); } else { nm_auto_clear_secret_ptr NMSecretPtr pem_cert = { 0 }; if (!extract_pem_cert_data (contents.bin, contents.len, &pem_cert, error)) return NULL; - *out_file_format = crypto_verify_cert (pem_cert.bin, pem_cert.len, error); + *out_file_format = _nm_crypto_verify_cert (pem_cert.bin, pem_cert.len, error); } if (*out_file_format != NM_CRYPTO_FILE_FORMAT_X509) @@ -687,9 +687,9 @@ crypto_load_and_verify_certificate (const char *file, } gboolean -crypto_is_pkcs12_data (const guint8 *data, - gsize data_len, - GError **error) +nm_crypto_is_pkcs12_data (const guint8 *data, + gsize data_len, + GError **error) { GError *local = NULL; gboolean success; @@ -699,10 +699,10 @@ crypto_is_pkcs12_data (const guint8 *data, g_return_val_if_fail (data != NULL, FALSE); - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return FALSE; - success = crypto_verify_pkcs12 (data, data_len, NULL, &local); + success = _nm_crypto_verify_pkcs12 (data, data_len, NULL, &local); if (success == FALSE) { /* If the error was just a decryption error, then it's pkcs#12 */ if (local) { @@ -717,30 +717,30 @@ crypto_is_pkcs12_data (const guint8 *data, } gboolean -crypto_is_pkcs12_file (const char *file, GError **error) +nm_crypto_is_pkcs12_file (const char *file, GError **error) { nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 }; g_return_val_if_fail (file != NULL, FALSE); - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return FALSE; if (!file_read_contents (file, &contents, error)) return FALSE; - return crypto_is_pkcs12_data (contents.bin, contents.len, error); + return nm_crypto_is_pkcs12_data (contents.bin, contents.len, error); } /* Verifies that a private key can be read, and if a password is given, that * the private key can be decrypted with that password. */ NMCryptoFileFormat -crypto_verify_private_key_data (const guint8 *data, - gsize data_len, - const char *password, - gboolean *out_is_encrypted, - GError **error) +nm_crypto_verify_private_key_data (const guint8 *data, + gsize data_len, + const char *password, + gboolean *out_is_encrypted, + GError **error) { NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN; gboolean is_encrypted = FALSE; @@ -748,13 +748,14 @@ crypto_verify_private_key_data (const guint8 *data, g_return_val_if_fail (data != NULL, NM_CRYPTO_FILE_FORMAT_UNKNOWN); g_return_val_if_fail (out_is_encrypted == NULL || *out_is_encrypted == FALSE, NM_CRYPTO_FILE_FORMAT_UNKNOWN); - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return NM_CRYPTO_FILE_FORMAT_UNKNOWN; /* Check for PKCS#12 first */ - if (crypto_is_pkcs12_data (data, data_len, NULL)) { + if (nm_crypto_is_pkcs12_data (data, data_len, NULL)) { is_encrypted = TRUE; - if (!password || crypto_verify_pkcs12 (data, data_len, password, error)) + if ( !password + || _nm_crypto_verify_pkcs12 (data, data_len, password, error)) format = NM_CRYPTO_FILE_FORMAT_PKCS12; } else { nm_auto_clear_secret_ptr NMSecretPtr parsed = { 0 }; @@ -762,7 +763,7 @@ crypto_verify_private_key_data (const guint8 *data, /* Maybe it's PKCS#8 */ if (parse_pkcs8_key_file (data, data_len, &parsed, &is_encrypted, NULL)) { if ( !password - || crypto_verify_pkcs8 (parsed.bin, parsed.len, is_encrypted, password, error)) + || _nm_crypto_verify_pkcs8 (parsed.bin, parsed.len, is_encrypted, password, error)) format = NM_CRYPTO_FILE_FORMAT_RAW_KEY; } else { const char *cipher; @@ -782,31 +783,31 @@ crypto_verify_private_key_data (const guint8 *data, } NMCryptoFileFormat -crypto_verify_private_key (const char *filename, - const char *password, - gboolean *out_is_encrypted, - GError **error) +nm_crypto_verify_private_key (const char *filename, + const char *password, + gboolean *out_is_encrypted, + GError **error) { nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 }; g_return_val_if_fail (filename != NULL, NM_CRYPTO_FILE_FORMAT_UNKNOWN); - if (!crypto_init (error)) + if (!_nm_crypto_init (error)) return NM_CRYPTO_FILE_FORMAT_UNKNOWN; if (!file_read_contents (filename, &contents, error)) return NM_CRYPTO_FILE_FORMAT_UNKNOWN; - return crypto_verify_private_key_data (contents.bin, contents.len, password, out_is_encrypted, error); + return nm_crypto_verify_private_key_data (contents.bin, contents.len, password, out_is_encrypted, error); } void -crypto_md5_hash (const guint8 *salt, - gsize salt_len, - const guint8 *password, - gsize password_len, - guint8 *buffer, - gsize buflen) +nm_crypto_md5_hash (const guint8 *salt, + gsize salt_len, + const guint8 *password, + gsize password_len, + guint8 *buffer, + gsize buflen) { nm_auto_free_checksum GChecksum *ctx = NULL; #define MD5_DIGEST_LEN 16 @@ -845,3 +846,23 @@ crypto_md5_hash (const guint8 *salt, g_checksum_update (ctx, digest.ptr, MD5_DIGEST_LEN); } } + +char * +nm_crypto_encrypt (const char *cipher, + const guint8 *data, + gsize data_len, + const char *iv, + gsize iv_len, + const char *key, + gsize key_len, + gsize *out_len, + GError **error) +{ + return _nm_crypto_encrypt (cipher, data, data_len, iv, iv_len, key, key_len, out_len, error); +} + +gboolean +nm_crypto_randomize (void *buffer, gsize buffer_len, GError **error) +{ + return _nm_crypto_randomize (buffer, buffer_len, error); +} diff --git a/libnm-core/nm-crypto.h b/libnm-core/nm-crypto.h index 4e66454b81..3c073a9916 100644 --- a/libnm-core/nm-crypto.h +++ b/libnm-core/nm-crypto.h @@ -60,49 +60,49 @@ GByteArray *nmtst_crypto_decrypt_openssl_private_key (const char *file, NMCryptoKeyType *out_key_type, GError **error); -GByteArray *crypto_load_and_verify_certificate (const char *file, - NMCryptoFileFormat *out_file_format, - GError **error); - -gboolean crypto_is_pkcs12_file (const char *file, GError **error); - -gboolean crypto_is_pkcs12_data (const guint8 *data, gsize len, GError **error); - -NMCryptoFileFormat crypto_verify_private_key_data (const guint8 *data, - gsize data_len, - const char *password, - gboolean *out_is_encrypted, +GByteArray *nm_crypto_load_and_verify_certificate (const char *file, + NMCryptoFileFormat *out_file_format, GError **error); -NMCryptoFileFormat crypto_verify_private_key (const char *file, - const char *password, - gboolean *out_is_encrypted, - GError **error); +gboolean nm_crypto_is_pkcs12_file (const char *file, GError **error); -void crypto_md5_hash (const guint8 *salt, - gsize salt_len, - const guint8 *password, - gsize password_len, - guint8 *buffer, - gsize buflen); +gboolean nm_crypto_is_pkcs12_data (const guint8 *data, gsize len, GError **error); -char *crypto_make_des_aes_key (const char *cipher, - const char *salt, - const gsize salt_len, - const char *password, - gsize *out_len, - GError **error); +NMCryptoFileFormat nm_crypto_verify_private_key_data (const guint8 *data, + gsize data_len, + const char *password, + gboolean *out_is_encrypted, + GError **error); -char * crypto_encrypt (const char *cipher, - const guint8 *data, - gsize data_len, - const char *iv, - gsize iv_len, - const char *key, - gsize key_len, - gsize *out_len, - GError **error); +NMCryptoFileFormat nm_crypto_verify_private_key (const char *file, + const char *password, + gboolean *out_is_encrypted, + GError **error); -gboolean crypto_randomize (void *buffer, gsize buffer_len, GError **error); +void nm_crypto_md5_hash (const guint8 *salt, + gsize salt_len, + const guint8 *password, + gsize password_len, + guint8 *buffer, + gsize buflen); + +char *nm_crypto_make_des_aes_key (const char *cipher, + const char *salt, + const gsize salt_len, + const char *password, + gsize *out_len, + GError **error); + +char * nm_crypto_encrypt (const char *cipher, + const guint8 *data, + gsize data_len, + const char *iv, + gsize iv_len, + const char *key, + gsize key_len, + gsize *out_len, + GError **error); + +gboolean nm_crypto_randomize (void *buffer, gsize buffer_len, GError **error); #endif /* __NM_CRYPTO_H__ */ diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c index 583f98f201..30f4537e9c 100644 --- a/libnm-core/nm-setting-8021x.c +++ b/libnm-core/nm-setting-8021x.c @@ -529,7 +529,7 @@ load_and_verify_certificate (const char *cert_path, NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN; GByteArray *array; - array = crypto_load_and_verify_certificate (cert_path, &format, error); + array = nm_crypto_load_and_verify_certificate (cert_path, &format, error); if (!array || !array->len || format == NM_CRYPTO_FILE_FORMAT_UNKNOWN) { /* the array is empty or the format is already unknown. */ @@ -2264,7 +2264,7 @@ nm_setting_802_1x_set_private_key (NMSetting8021x *setting, * given, that it decrypts the private key. */ if (value && scheme != NM_SETTING_802_1X_CK_SCHEME_PKCS11) { - format = crypto_verify_private_key (value, password, NULL, &local_err); + format = nm_crypto_verify_private_key (value, password, NULL, &local_err); if (format == NM_CRYPTO_FILE_FORMAT_UNKNOWN) { g_set_error_literal (error, NM_CONNECTION_ERROR, @@ -2379,14 +2379,14 @@ nm_setting_802_1x_get_private_key_format (NMSetting8021x *setting) switch (nm_setting_802_1x_get_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: - if (crypto_is_pkcs12_data (g_bytes_get_data (priv->private_key, NULL), - g_bytes_get_size (priv->private_key), - NULL)) + if (nm_crypto_is_pkcs12_data (g_bytes_get_data (priv->private_key, NULL), + g_bytes_get_size (priv->private_key), + NULL)) return NM_SETTING_802_1X_CK_FORMAT_PKCS12; return NM_SETTING_802_1X_CK_FORMAT_RAW_KEY; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_private_key_path (setting); - if (crypto_is_pkcs12_file (path, &error)) + if (nm_crypto_is_pkcs12_file (path, &error)) return NM_SETTING_802_1X_CK_FORMAT_PKCS12; if (error && error->domain == G_FILE_ERROR) { g_error_free (error); @@ -2606,7 +2606,7 @@ nm_setting_802_1x_set_phase2_private_key (NMSetting8021x *setting, * given, that it decrypts the private key. */ if (value && scheme != NM_SETTING_802_1X_CK_SCHEME_PKCS11) { - format = crypto_verify_private_key (value, password, NULL, &local_err); + format = nm_crypto_verify_private_key (value, password, NULL, &local_err); if (format == NM_CRYPTO_FILE_FORMAT_UNKNOWN) { g_set_error_literal (error, NM_CONNECTION_ERROR, @@ -2691,14 +2691,14 @@ nm_setting_802_1x_get_phase2_private_key_format (NMSetting8021x *setting) switch (nm_setting_802_1x_get_phase2_private_key_scheme (setting)) { case NM_SETTING_802_1X_CK_SCHEME_BLOB: - if (crypto_is_pkcs12_data (g_bytes_get_data (priv->phase2_private_key, NULL), - g_bytes_get_size (priv->phase2_private_key), - NULL)) + if (nm_crypto_is_pkcs12_data (g_bytes_get_data (priv->phase2_private_key, NULL), + g_bytes_get_size (priv->phase2_private_key), + NULL)) return NM_SETTING_802_1X_CK_FORMAT_PKCS12; return NM_SETTING_802_1X_CK_FORMAT_RAW_KEY; case NM_SETTING_802_1X_CK_SCHEME_PATH: path = nm_setting_802_1x_get_phase2_private_key_path (setting); - if (crypto_is_pkcs12_file (path, &error)) + if (nm_crypto_is_pkcs12_file (path, &error)) return NM_SETTING_802_1X_CK_FORMAT_PKCS12; if (error && error->domain == G_FILE_ERROR) { g_error_free (error); @@ -2776,11 +2776,11 @@ need_private_key_password (GBytes *blob, /* Private key password is required */ if (password) { if (path) - format = crypto_verify_private_key (path, password, NULL, NULL); + format = nm_crypto_verify_private_key (path, password, NULL, NULL); else if (blob) - format = crypto_verify_private_key_data (g_bytes_get_data (blob, NULL), - g_bytes_get_size (blob), - password, NULL, NULL); + format = nm_crypto_verify_private_key_data (g_bytes_get_data (blob, NULL), + g_bytes_get_size (blob), + password, NULL, NULL); else return FALSE; } @@ -2895,9 +2895,9 @@ verify_tls (NMSetting8021x *self, gboolean phase2, GError **error) } /* If the private key is PKCS#12, check that it matches the client cert */ - if (crypto_is_pkcs12_data (g_bytes_get_data (priv->phase2_private_key, NULL), - g_bytes_get_size (priv->phase2_private_key), - NULL)) { + if (nm_crypto_is_pkcs12_data (g_bytes_get_data (priv->phase2_private_key, NULL), + g_bytes_get_size (priv->phase2_private_key), + NULL)) { if (!g_bytes_equal (priv->phase2_private_key, priv->phase2_client_cert)) { g_set_error (error, NM_CONNECTION_ERROR, @@ -2943,9 +2943,9 @@ verify_tls (NMSetting8021x *self, gboolean phase2, GError **error) } /* If the private key is PKCS#12, check that it matches the client cert */ - if (crypto_is_pkcs12_data (g_bytes_get_data (priv->private_key, NULL), - g_bytes_get_size (priv->private_key), - NULL)) { + if (nm_crypto_is_pkcs12_data (g_bytes_get_data (priv->private_key, NULL), + g_bytes_get_size (priv->private_key), + NULL)) { if (!g_bytes_equal (priv->private_key, priv->client_cert)) { g_set_error (error, NM_CONNECTION_ERROR, diff --git a/libnm-core/nm-utils.c b/libnm-core/nm-utils.c index 253606ddcc..21de5624a8 100644 --- a/libnm-core/nm-utils.c +++ b/libnm-core/nm-utils.c @@ -2843,12 +2843,12 @@ nm_utils_uuid_generate_from_string (const char *s, gssize slen, int uuid_type, g switch (uuid_type) { case NM_UTILS_UUID_TYPE_LEGACY: - crypto_md5_hash (NULL, - 0, - (guint8 *) s, - slen, - (guint8 *) uuid, - sizeof (uuid)); + nm_crypto_md5_hash (NULL, + 0, + (guint8 *) s, + slen, + (guint8 *) uuid, + sizeof (uuid)); break; case NM_UTILS_UUID_TYPE_VARIANT3: { uuid_t ns_uuid = { 0 }; @@ -2859,12 +2859,12 @@ nm_utils_uuid_generate_from_string (const char *s, gssize slen, int uuid_type, g g_return_val_if_reached (NULL); } - crypto_md5_hash ((guint8 *) s, - slen, - (guint8 *) ns_uuid, - sizeof (ns_uuid), - (guint8 *) uuid, - sizeof (uuid)); + nm_crypto_md5_hash ((guint8 *) s, + slen, + (guint8 *) ns_uuid, + sizeof (ns_uuid), + (guint8 *) uuid, + sizeof (uuid)); uuid[6] = (uuid[6] & 0x0F) | 0x30; uuid[8] = (uuid[8] & 0x3F) | 0x80; @@ -2964,20 +2964,20 @@ nm_utils_rsa_key_encrypt (const guint8 *data, /* Make the password if needed */ if (!in_password) { - if (!crypto_randomize (pw_buf, sizeof (pw_buf), error)) + if (!nm_crypto_randomize (pw_buf, sizeof (pw_buf), error)) return NULL; in_password = tmp_password = nm_utils_bin2hexstr (pw_buf, sizeof (pw_buf), -1); } salt_len = 8; - if (!crypto_randomize (salt, salt_len, error)) + if (!nm_crypto_randomize (salt, salt_len, error)) goto out; - key = crypto_make_des_aes_key (CIPHER_DES_EDE3_CBC, &salt[0], salt_len, in_password, &key_len, NULL); + key = nm_crypto_make_des_aes_key (CIPHER_DES_EDE3_CBC, &salt[0], salt_len, in_password, &key_len, NULL); if (!key) g_return_val_if_reached (NULL); - enc = crypto_encrypt (CIPHER_DES_EDE3_CBC, data, len, salt, salt_len, key, key_len, &enc_len, error); + enc = nm_crypto_encrypt (CIPHER_DES_EDE3_CBC, data, len, salt, salt_len, key, key_len, &enc_len, error); if (!enc) goto out; @@ -3068,7 +3068,7 @@ nm_utils_file_is_certificate (const char *filename) if (!file_has_extension (filename, extensions)) return FALSE; - cert = crypto_load_and_verify_certificate (filename, &file_format, NULL); + cert = nm_crypto_load_and_verify_certificate (filename, &file_format, NULL); if (cert) g_byte_array_unref (cert); @@ -3097,7 +3097,7 @@ nm_utils_file_is_private_key (const char *filename, gboolean *out_encrypted) if (!file_has_extension (filename, extensions)) return FALSE; - return crypto_verify_private_key (filename, NULL, out_encrypted, NULL) != NM_CRYPTO_FILE_FORMAT_UNKNOWN; + return nm_crypto_verify_private_key (filename, NULL, out_encrypted, NULL) != NM_CRYPTO_FILE_FORMAT_UNKNOWN; } /** @@ -3113,7 +3113,7 @@ nm_utils_file_is_pkcs12 (const char *filename) { g_return_val_if_fail (filename != NULL, FALSE); - return crypto_is_pkcs12_file (filename, NULL); + return nm_crypto_is_pkcs12_file (filename, NULL); } /*****************************************************************************/ diff --git a/libnm-core/tests/test-crypto.c b/libnm-core/tests/test-crypto.c index c180b987f3..937fc6c3b0 100644 --- a/libnm-core/tests/test-crypto.c +++ b/libnm-core/tests/test-crypto.c @@ -105,7 +105,7 @@ test_cert (gconstpointer test_data) path = g_build_filename (TEST_CERT_DIR, (const char *) test_data, NULL); - array = crypto_load_and_verify_certificate (path, &format, &error); + array = nm_crypto_load_and_verify_certificate (path, &format, &error); g_assert_no_error (error); g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_X509); @@ -187,7 +187,7 @@ test_load_pkcs12 (const char *path, g_assert (nm_utils_file_is_private_key (path, NULL)); - format = crypto_verify_private_key (path, password, &is_encrypted, &error); + format = nm_crypto_verify_private_key (path, password, &is_encrypted, &error); if (expected_error != -1) { g_assert_error (error, NM_CRYPTO_ERROR, expected_error); g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_UNKNOWN); @@ -209,7 +209,7 @@ test_load_pkcs12_no_password (const char *path) g_assert (nm_utils_file_is_private_key (path, NULL)); /* We should still get a valid returned crypto file format */ - format = crypto_verify_private_key (path, NULL, &is_encrypted, &error); + format = nm_crypto_verify_private_key (path, NULL, &is_encrypted, &error); g_assert_no_error (error); g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_PKCS12); g_assert (is_encrypted); @@ -221,7 +221,7 @@ test_is_pkcs12 (const char *path, gboolean expect_fail) gboolean is_pkcs12; GError *error = NULL; - is_pkcs12 = crypto_is_pkcs12_file (path, &error); + is_pkcs12 = nm_crypto_is_pkcs12_file (path, &error); if (expect_fail) { g_assert_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA); @@ -244,7 +244,7 @@ test_load_pkcs8 (const char *path, g_assert (nm_utils_file_is_private_key (path, NULL)); - format = crypto_verify_private_key (path, password, &is_encrypted, &error); + format = nm_crypto_verify_private_key (path, password, &is_encrypted, &error); if (expected_error != -1) { g_assert_error (error, NM_CRYPTO_ERROR, expected_error); g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_UNKNOWN); @@ -417,16 +417,16 @@ test_md5 (void) for (i = 0; i < G_N_ELEMENTS (md5_tests); i++) { memset (digest, 0, sizeof (digest)); - crypto_md5_hash ((const guint8 *) md5_tests[i].salt, - /* crypto_md5_hash() used to clamp salt_len to 8. It - * doesn't any more, so we need to do it here now to - * get output that matches md5_tests[i].result. - */ - md5_tests[i].salt ? 8 : 0, - (const guint8 *) md5_tests[i].password, - strlen (md5_tests[i].password), - (guint8 *) digest, - md5_tests[i].digest_size); + nm_crypto_md5_hash ((const guint8 *) md5_tests[i].salt, + /* nm_crypto_md5_hash() used to clamp salt_len to 8. It + * doesn't any more, so we need to do it here now to + * get output that matches md5_tests[i].result. + */ + md5_tests[i].salt ? 8 : 0, + (const guint8 *) md5_tests[i].password, + strlen (md5_tests[i].password), + (guint8 *) digest, + md5_tests[i].digest_size); hex = nm_utils_bin2hexstr (digest, md5_tests[i].digest_size, -1); g_assert_cmpstr (hex, ==, md5_tests[i].result); @@ -445,7 +445,7 @@ main (int argc, char **argv) nmtst_init (&argc, &argv, TRUE); - success = crypto_init (&error); + success = _nm_crypto_init (&error); g_assert_no_error (error); g_assert (success);