From 865be356c53afc3bdeae21c640bf0c3d5433fc4b Mon Sep 17 00:00:00 2001 From: Cyrille Bagard Date: Sat, 9 Apr 2016 17:12:06 +0200 Subject: Created user public and private RSA keys if needed. --- ChangeLog | 19 +++++ configure.ac | 15 ++++ src/analysis/Makefile.am | 1 + src/analysis/db/Makefile.am | 14 +++- src/analysis/db/keymgn.c | 166 ++++++++++++++++++++++++++++++++++++++++++++ src/analysis/db/keymgn.h | 37 ++++++++++ src/core/core.c | 10 +++ src/glibext/configuration.c | 4 -- 8 files changed, 260 insertions(+), 6 deletions(-) create mode 100644 src/analysis/db/keymgn.c create mode 100644 src/analysis/db/keymgn.h diff --git a/ChangeLog b/ChangeLog index 4b98bdc..a074ccd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,24 @@ 16-04-09 Cyrille Bagard + * configure.ac: + Check for the availability of libSSL. + + * src/analysis/Makefile.am: + Include db/libanalysiskeys.la into libanalysis_la_LIBADD. + + * src/analysis/db/Makefile.am: + Define libanalysiskeys.la. + + * src/analysis/db/keymgn.c: + * src/analysis/db/keymgn.h: + New entries: create user public and private RSA keys if needed. + + * src/core/core.c: + * src/glibext/configuration.c: + Update code. + +16-04-09 Cyrille Bagard + * .gitignore: Hide resources built by glib-compile-resources. diff --git a/configure.ac b/configure.ac index 6c7a62e..e326fe8 100644 --- a/configure.ac +++ b/configure.ac @@ -220,6 +220,20 @@ AC_SUBST(LIBSQLITE_CFLAGS) AC_SUBST(LIBSQLITE_LIBS) +#--- Checks for libssl + +PKG_CHECK_MODULES(LIBSSL,libssl >= 1.0.1k,[libssl_found=yes],[libssl_found=no]) + +if test "$libssl_found" = "yes"; then + libssl_version=`pkg-config libssl --modversion` +else + libssl_version='-' +fi + +AC_SUBST(LIBSSL_CFLAGS) +AC_SUBST(LIBSSL_LIBS) + + #--- Checks for Python if test "x$enable_debug" = "xyes"; then @@ -400,6 +414,7 @@ echo The GNU Image Manipulation Program Toolkit... : $libgtk_version echo The XML C parser and toolkit of Gnome........ : $libxml_version echo The flexible interface for archives I/O...... : $libarchive_version echo The small, fast and reliable database engine. : $libsqlite_version +echo The cryptography and SSL/TLS toolkit......... : $libssl_version echo echo Available Python programming language........ : $python3_version diff --git a/src/analysis/Makefile.am b/src/analysis/Makefile.am index 0b65bbe..c143e1b 100755 --- a/src/analysis/Makefile.am +++ b/src/analysis/Makefile.am @@ -18,6 +18,7 @@ libanalysis_la_LIBADD = \ blocks/libanalysisblocks.la \ contents/libanalysiscontents.la \ db/libanalysisdb.la \ + db/libanalysiskeys.la \ decomp/libanalysisdecomp.la \ disass/libanalysisdisass.la \ types/libanalysistypes.la diff --git a/src/analysis/db/Makefile.am b/src/analysis/db/Makefile.am index 797025c..7e9f177 100755 --- a/src/analysis/db/Makefile.am +++ b/src/analysis/db/Makefile.am @@ -1,5 +1,6 @@ -noinst_LTLIBRARIES = libanalysisdb.la +noinst_LTLIBRARIES = libanalysisdb.la libanalysiskeys.la + libanalysisdb_la_SOURCES = \ cdb.h cdb.c \ @@ -15,10 +16,19 @@ libanalysisdb_la_LIBADD = \ items/libanalysisdbitems.la \ misc/libanalysisdbmisc.la - libanalysisdb_la_LDFLAGS = +libanalysiskeys_la_SOURCES = \ + keymgn.h keymgn.c + +libanalysiskeys_la_LIBADD = + +libanalysiskeys_la_CFLAGS = $(LIBSSL_CFLAGS) + +libanalysiskeys_la_LDFLAGS = $(LIBSSL_LIBS) + + AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) $(LIBARCHIVE_CFLAGS) $(LIBSQLITE_CFLAGS) AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/src/analysis/db/keymgn.c b/src/analysis/db/keymgn.c new file mode 100644 index 0000000..bcd8d28 --- /dev/null +++ b/src/analysis/db/keymgn.c @@ -0,0 +1,166 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * keymgn.c - mise en place et gestion des clefs cryptographiques + * + * Copyright (C) 2016 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#include "keymgn.h" + + +#include +#include +#include +#include +#include +#include + + +#include + + +#include "../../common/xdg.h" + + + +/* Met en place de nouvelles clefs RSA. */ +static bool generate_user_rsa_keys(const char *, const char *); + + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : S'assure que l'utilisateur dispose de clefs RSA. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool ensure_user_has_rsa_keys(void) +{ + bool result; /* Bilan à retourner */ + char *priv; /* Chemin de la clef privée */ + char *pub; /* Chemin de la clef publique */ + int priv_check; /* Bilan d'une vérification #1 */ + int pub_check; /* Bilan d'une vérification #2 */ + + result = NULL; + + priv = get_xdg_config_dir("chrysalide" G_DIR_SEPARATOR_S "id_rsa.priv"); + pub = get_xdg_config_dir("chrysalide" G_DIR_SEPARATOR_S "id_rsa.pub"); + + priv_check = access(priv, R_OK); + pub_check = access(pub, R_OK); + + result = (priv_check == 0 && pub_check == 0); + + if (!result) + { + result = generate_user_rsa_keys(priv, pub); + + if (!result) + fprintf(stderr, _("Unable to create new user RSA key pair.")); + + } + + free(priv); + free(pub); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : priv = chemin d'accès pour la clef privée. * +* pub = chemin d'accès pour la clef publique. * +* * +* Description : Met en place de nouvelles clefs RSA. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool generate_user_rsa_keys(const char *priv, const char *pub) +{ + bool result; /* Bilan à retourner */ + EVP_PKEY_CTX *ctx; /* Contexte de génération */ + int ret; /* Bilan d'un appel */ + EVP_PKEY *pair; /* Paire de clefs RSA générée */ + char *filename; /* Chemin d'accès */ + FILE *stream; /* Flux ouvert en écriture */ + + result = false; + + /** + * Cf. https://www.openssl.org/docs/manmaster/crypto/EVP_PKEY_keygen.html + */ + + ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (ctx == NULL) goto euhrk_exit; + + ret = EVP_PKEY_keygen_init(ctx); + if (ret != 1) goto euhrk_exit; + + ret = EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048); + if (ret != 1) goto euhrk_exit; + + ret = EVP_PKEY_keygen(ctx, &pair); + if (ret != 1) goto euhrk_exit; + + /* Clef privée */ + + stream = fopen(priv, "wt"); + if (stream == NULL) goto euhrk_bad_write; + + ret = PEM_write_PrivateKey(stream, pair, NULL, NULL, 0, NULL, NULL); + if (ret != 1) goto euhrk_bad_write; + + fclose(stream); + + /* Clef publique */ + + stream = fopen(pub, "wt"); + if (stream == NULL) goto euhrk_bad_write; + + ret = PEM_write_PUBKEY(stream, pair); + if (ret != 1) goto euhrk_bad_write; + + result = true; + + euhrk_bad_write: + + fclose(stream); + + EVP_PKEY_free(pair); + + euhrk_exit: + + EVP_PKEY_CTX_free(ctx); + + return result; + +} diff --git a/src/analysis/db/keymgn.h b/src/analysis/db/keymgn.h new file mode 100644 index 0000000..4aa33db --- /dev/null +++ b/src/analysis/db/keymgn.h @@ -0,0 +1,37 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * keymgn.h - prototypes pour la mise en place et la gestion des clefs cryptographiques + * + * Copyright (C) 2016 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#ifndef _ANALYSIS_DB_KEYMGN_H +#define _ANALYSIS_DB_KEYMGN_H + + +#include + + + +/* S'assure que l'utilisateur dispose de clefs RSA. */ +bool ensure_user_has_rsa_keys(void); + + + +#endif /* _ANALYSIS_DB_KEYMGN_H */ diff --git a/src/core/core.c b/src/core/core.c index 0460a23..ec7b0fc 100644 --- a/src/core/core.c +++ b/src/core/core.c @@ -31,6 +31,9 @@ #include "formats.h" #include "params.h" #include "processors.h" +#include "../analysis/db/keymgn.h" +#include "../common/io.h" +#include "../common/xdg.h" #include "../gtkext/support.h" @@ -50,6 +53,7 @@ bool load_all_basic_components(void) { static bool result = false; /* Bilan à retourner */ + char *cfgdir; /* Répertoire de configuration */ /** * On mémorise les passages réussis. @@ -61,8 +65,14 @@ bool load_all_basic_components(void) add_pixmap_directory(PACKAGE_DATA_DIR); add_pixmap_directory(PACKAGE_SOURCE_DIR G_DIR_SEPARATOR_S "pixmaps"); + cfgdir = get_xdg_config_dir("chrysalide" G_DIR_SEPARATOR_S "chrysalide"); + result &= (ensure_path_exists(cfgdir) == 0); + free(cfgdir); + result &= load_main_config_parameters(); + result &= ensure_user_has_rsa_keys(); + result &= g_generic_config_read(get_main_configuration()); result &= load_hard_coded_processors_definitions(); diff --git a/src/glibext/configuration.c b/src/glibext/configuration.c index 069dbc3..d8547a6 100644 --- a/src/glibext/configuration.c +++ b/src/glibext/configuration.c @@ -1287,14 +1287,10 @@ bool g_generic_config_read(GGenConfig *config) bool g_generic_config_write(GGenConfig *config) { bool result; /* Bilan à retourner */ - int ret; /* Bilan de l'assurance */ xmlDocPtr xdoc; /* Document XML de configurat° */ xmlXPathContextPtr context; /* Contexte de recherche XPath */ GList *iter; /* Boucle de parcours */ - ret = ensure_path_exists(config->filename); - if (ret != 0) return false; - if (!create_new_xml_file(&xdoc, &context)) return false; -- cgit v0.11.2-87-g4458