/* Convert to strings */
if (ssid) {
- ssid_str = nm_utils_ssid_to_utf8 (ssid);
+ ssid_str = nm_utils_ssid_to_utf8 (ssid->data, ssid->len);
ssid_hex_str = ssid_to_hex ((const char *) ssid->data, ssid->len);
}
channel_str = g_strdup_printf ("%u", nm_utils_wifi_freq_to_channel (freq));
candidate_ssid = nm_access_point_get_ssid (candidate_ap);
if (candidate_ssid) {
- char *ssid_tmp = nm_utils_ssid_to_utf8 (candidate_ssid);
+ char *ssid_tmp = nm_utils_ssid_to_utf8 (candidate_ssid->data,
+ candidate_ssid->len);
/* Compare SSIDs */
if (strcmp (ssid, ssid_tmp) == 0) {
ssid = nm_setting_olpc_mesh_get_ssid (s_olpc_mesh);
if (ssid)
- ssid_str = nm_utils_ssid_to_utf8 (ssid);
+ ssid_str = nm_utils_ssid_to_utf8 (ssid->data, ssid->len);
return ssid_str;
}
ssid = nm_setting_wireless_get_ssid (s_wireless);
if (ssid)
- ssid_str = nm_utils_ssid_to_utf8 (ssid);
+ ssid_str = nm_utils_ssid_to_utf8 (ssid->data, ssid->len);
return ssid_str;
}
NMAccessPoint *ap;
const GPtrArray *aps;
GHashTable *seen_ssids;
+ const GByteArray *ssid;
char *ap_hash;
GSList *iter;
int i;
nmtconn = g_slice_new0 (NmtConnectConnection);
nmtconn->device = nmtdev->device;
nmtconn->ap = g_object_ref (ap);
- nmtconn->ssid = nm_utils_ssid_to_utf8 (nm_access_point_get_ssid (ap));
+ ssid = nm_access_point_get_ssid (ap);
+ nmtconn->ssid = nm_utils_ssid_to_utf8 (ssid->data, ssid->len);
for (iter = connections; iter; iter = iter->next) {
conn = iter->data;
char *utf8;
ssid = g_value_get_boxed (source_value);
- utf8 = nm_utils_ssid_to_utf8 (ssid);
+ utf8 = nm_utils_ssid_to_utf8 (ssid->data, ssid->len);
g_value_take_string (target_value, utf8);
return TRUE;
}
text = g_value_get_string (source_value);
old_ssid = nm_setting_wireless_get_ssid (s_wireless);
- utf8 = nm_utils_ssid_to_utf8 (old_ssid);
+ utf8 = nm_utils_ssid_to_utf8 (old_ssid->data, old_ssid->len);
if (!g_strcmp0 (text, utf8)) {
g_free (utf8);
if (nm_connection_is_type (request->connection, NM_SETTING_WIRELESS_SETTING_NAME)) {
NMSettingWireless *s_wireless;
- char *ssid;
+ const GByteArray *ssid;
+ char *ssid_utf8;
s_wireless = nm_connection_get_setting_wireless (request->connection);
- ssid = nm_utils_ssid_to_utf8 (nm_setting_wireless_get_ssid (s_wireless));
+ ssid = nm_setting_wireless_get_ssid (s_wireless);
+ ssid_utf8 = nm_utils_ssid_to_utf8 (ssid->data, ssid->len);
title = _("Authentication required by wireless network");
- msg = g_strdup_printf (_("Passwords or encryption keys are required to access the wireless network '%s'."), ssid);
+ msg = g_strdup_printf (_("Passwords or encryption keys are required to access the wireless network '%s'."), ssid_utf8);
ok = add_wireless_secrets (request, secrets);
} else if (nm_connection_is_type (request->connection, NM_SETTING_WIRED_SETTING_NAME)) {
strength = nm_access_point_get_strength (ap);
/* Convert to strings */
- ssid_str = nm_utils_ssid_to_utf8 (ssid);
+ ssid_str = nm_utils_ssid_to_utf8 (ssid->data, ssid->len);
freq_str = g_strdup_printf ("%u MHz", freq);
bitrate_str = g_strdup_printf ("%u Mbit/s", bitrate/1000);
strength_str = g_strdup_printf ("%u", strength);
if (nm_device_get_state (device) == NM_DEVICE_STATE_ACTIVATED) {
if ((active_ap = nm_device_wifi_get_active_access_point (NM_DEVICE_WIFI (device)))) {
active_ssid = nm_access_point_get_ssid (active_ap);
- active_ssid_str = nm_utils_ssid_to_utf8 (active_ssid);
+ active_ssid_str = nm_utils_ssid_to_utf8 (active_ssid->data, active_ssid->len);
}
}
static gboolean
find_tag (const char *tag,
- const GByteArray *array,
+ const guint8 *data,
+ gsize data_len,
gsize start_at,
gsize *out_pos)
{
gsize i, taglen;
- gsize len = array->len - start_at;
+ gsize len = data_len - start_at;
g_return_val_if_fail (out_pos != NULL, FALSE);
taglen = strlen (tag);
if (len >= taglen) {
for (i = 0; i < len - taglen + 1; i++) {
- if (memcmp (array->data + start_at + i, tag, taglen) == 0) {
+ if (memcmp (data + start_at + i, tag, taglen) == 0) {
*out_pos = start_at + i;
return TRUE;
}
#define PROC_TYPE_TAG "Proc-Type: "
static GByteArray *
-parse_old_openssl_key_file (const GByteArray *contents,
+parse_old_openssl_key_file (const guint8 *data,
+ gsize data_len,
int key_type,
char **out_cipher,
char **out_iv,
return NULL;
}
- if (!find_tag (start_tag, contents, 0, &start))
+ if (!find_tag (start_tag, data, data_len, 0, &start))
goto parse_error;
start += strlen (start_tag);
- if (!find_tag (end_tag, contents, start, &end)) {
+ if (!find_tag (end_tag, data, data_len, start, &end)) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_FILE_FORMAT_INVALID,
_("PEM key file had no end tag '%s'."),
goto parse_error;
}
- save_end = contents->data[end];
- contents->data[end] = '\0';
- lines = g_strsplit ((const char *) (contents->data + start), "\n", 0);
- contents->data[end] = save_end;
+ save_end = data[end];
+ ((guint8 *)data)[end] = '\0';
+ lines = g_strsplit ((const char *) (data + start), "\n", 0);
+ ((guint8 *)data)[end] = save_end;
if (!lines || g_strv_length (lines) <= 1) {
g_set_error (error, NM_CRYPTO_ERROR,
}
static GByteArray *
-parse_pkcs8_key_file (const GByteArray *contents,
+parse_pkcs8_key_file (const guint8 *data,
+ gsize data_len,
gboolean *out_encrypted,
GError **error)
{
gboolean encrypted = FALSE;
/* Try encrypted first, decrypted next */
- if (find_tag (PEM_PKCS8_ENC_KEY_BEGIN, contents, 0, &start)) {
+ if (find_tag (PEM_PKCS8_ENC_KEY_BEGIN, data, data_len, 0, &start)) {
start_tag = PEM_PKCS8_ENC_KEY_BEGIN;
end_tag = PEM_PKCS8_ENC_KEY_END;
encrypted = TRUE;
- } else if (find_tag (PEM_PKCS8_DEC_KEY_BEGIN, contents, 0, &start)) {
+ } else if (find_tag (PEM_PKCS8_DEC_KEY_BEGIN, data, data_len, 0, &start)) {
start_tag = PEM_PKCS8_DEC_KEY_BEGIN;
end_tag = PEM_PKCS8_DEC_KEY_END;
encrypted = FALSE;
}
start += strlen (start_tag);
- if (!find_tag (end_tag, contents, start, &end)) {
+ if (!find_tag (end_tag, data, data_len, start, &end)) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_FILE_FORMAT_INVALID,
_("Failed to find expected PKCS#8 end tag '%s'."),
}
/* g_base64_decode() wants a NULL-terminated string */
- save_end = contents->data[end];
- contents->data[end] = '\0';
- der = g_base64_decode ((const char *) (contents->data + start), &length);
- contents->data[end] = save_end;
+ save_end = data[end];
+ ((guint8 *)data)[end] = '\0';
+ der = g_base64_decode ((const char *) (data + start), &length);
+ ((guint8 *)data)[end] = save_end;
if (der && length) {
key = g_byte_array_sized_new (length);
static GByteArray *
decrypt_key (const char *cipher,
int key_type,
- GByteArray *data,
+ const guint8 *data,
+ gsize data_len,
const char *iv,
const char *password,
GError **error)
goto out;
output = crypto_decrypt (cipher, key_type,
- data,
+ data, data_len,
bin_iv, bin_iv_len,
key, key_len,
&decrypted_len,
}
GByteArray *
-crypto_decrypt_private_key_data (const GByteArray *contents,
+crypto_decrypt_private_key_data (const guint8 *data,
+ gsize data_len,
const char *password,
NMCryptoKeyType *out_key_type,
GError **error)
{
GByteArray *decrypted = NULL;
NMCryptoKeyType key_type = NM_CRYPTO_KEY_TYPE_RSA;
- GByteArray *data;
+ GByteArray *parsed;
char *iv = NULL;
char *cipher = NULL;
- g_return_val_if_fail (contents != NULL, NULL);
+ g_return_val_if_fail (data != NULL, NULL);
if (out_key_type)
g_return_val_if_fail (*out_key_type == NM_CRYPTO_KEY_TYPE_UNKNOWN, NULL);
/* OpenSSL non-standard legacy PEM files */
/* Try RSA keys first */
- data = parse_old_openssl_key_file (contents, key_type, &cipher, &iv, error);
- if (!data) {
+ parsed = parse_old_openssl_key_file (data, data_len, key_type, &cipher, &iv, error);
+ if (!parsed) {
g_clear_error (error);
/* DSA next */
key_type = NM_CRYPTO_KEY_TYPE_DSA;
- data = parse_old_openssl_key_file (contents, key_type, &cipher, &iv, error);
- if (!data) {
+ parsed = parse_old_openssl_key_file (data, data_len, key_type, &cipher, &iv, error);
+ if (!parsed) {
g_clear_error (error);
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_FILE_FORMAT_INVALID,
}
}
- if (data) {
+ if (parsed) {
/* return the key type even if decryption failed */
if (out_key_type)
*out_key_type = key_type;
if (password) {
decrypted = decrypt_key (cipher,
key_type,
- data,
+ parsed->data,
+ parsed->len,
iv,
password,
error);
}
- g_byte_array_free (data, TRUE);
+ g_byte_array_free (parsed, TRUE);
}
g_free (cipher);
contents = file_to_g_byte_array (file, error);
if (contents) {
- key = crypto_decrypt_private_key_data (contents, password, out_key_type, error);
+ key = crypto_decrypt_private_key_data (contents->data, contents->len,
+ password, out_key_type, error);
g_byte_array_free (contents, TRUE);
}
return key;
guint8 save_end;
gsize length = 0;
- if (!find_tag (PEM_CERT_BEGIN, contents, 0, &start)) {
+ if (!find_tag (PEM_CERT_BEGIN, contents->data, contents->len, 0, &start)) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_FILE_FORMAT_INVALID,
_("PEM certificate had no start tag '%s'."),
}
start += strlen (PEM_CERT_BEGIN);
- if (!find_tag (PEM_CERT_END, contents, start, &end)) {
+ if (!find_tag (PEM_CERT_END, contents->data, contents->len, start, &end)) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_FILE_FORMAT_INVALID,
_("PEM certificate had no end tag '%s'."),
return NULL;
/* Check for PKCS#12 */
- if (crypto_is_pkcs12_data (contents)) {
+ if (crypto_is_pkcs12_data (contents->data, contents->len)) {
*out_file_format = NM_CRYPTO_FILE_FORMAT_PKCS12;
return contents;
}
}
gboolean
-crypto_is_pkcs12_data (const GByteArray *data)
+crypto_is_pkcs12_data (const guint8 *data,
+ gsize data_len)
{
GError *error = NULL;
gboolean success;
g_return_val_if_fail (data != NULL, FALSE);
- success = crypto_verify_pkcs12 (data, NULL, &error);
+ success = crypto_verify_pkcs12 (data, data_len, NULL, &error);
if (success == FALSE) {
/* If the error was just a decryption error, then it's pkcs#12 */
if (error) {
contents = file_to_g_byte_array (file, error);
if (contents) {
- success = crypto_is_pkcs12_data (contents);
+ success = crypto_is_pkcs12_data (contents->data, contents->len);
g_byte_array_free (contents, TRUE);
}
return success;
* the private key can be decrypted with that password.
*/
NMCryptoFileFormat
-crypto_verify_private_key_data (const GByteArray *contents,
+crypto_verify_private_key_data (const guint8 *data,
+ gsize data_len,
const char *password,
GError **error)
{
NMCryptoKeyType ktype = NM_CRYPTO_KEY_TYPE_UNKNOWN;
gboolean is_encrypted = FALSE;
- g_return_val_if_fail (contents != NULL, FALSE);
+ g_return_val_if_fail (data != NULL, FALSE);
/* Check for PKCS#12 first */
- if (crypto_is_pkcs12_data (contents)) {
- if (!password || crypto_verify_pkcs12 (contents, password, error))
+ if (crypto_is_pkcs12_data (data, data_len)) {
+ if (!password || crypto_verify_pkcs12 (data, data_len, password, error))
format = NM_CRYPTO_FILE_FORMAT_PKCS12;
} else {
/* Maybe it's PKCS#8 */
- tmp = parse_pkcs8_key_file (contents, &is_encrypted, error);
+ tmp = parse_pkcs8_key_file (data, data_len, &is_encrypted, error);
if (tmp) {
- if (crypto_verify_pkcs8 (tmp, is_encrypted, password, error))
+ if (crypto_verify_pkcs8 (tmp->data, tmp->len, is_encrypted, password, error))
format = NM_CRYPTO_FILE_FORMAT_RAW_KEY;
} else {
g_clear_error (error);
/* Or it's old-style OpenSSL */
- tmp = crypto_decrypt_private_key_data (contents, password, &ktype, error);
+ tmp = crypto_decrypt_private_key_data (data, data_len, password, &ktype, error);
if (tmp)
format = NM_CRYPTO_FILE_FORMAT_RAW_KEY;
else if (!password && (ktype != NM_CRYPTO_KEY_TYPE_UNKNOWN))
contents = file_to_g_byte_array (filename, error);
if (contents) {
- format = crypto_verify_private_key_data (contents, password, error);
+ format = crypto_verify_private_key_data (contents->data, contents->len, password, error);
g_byte_array_free (contents, TRUE);
}
return format;
void crypto_deinit (void);
-GByteArray *crypto_decrypt_private_key_data (const GByteArray *contents,
+GByteArray *crypto_decrypt_private_key_data (const guint8 *data,
+ gsize data_len,
const char *password,
NMCryptoKeyType *out_key_type,
GError **error);
gboolean crypto_is_pkcs12_file (const char *file, GError **error);
-gboolean crypto_is_pkcs12_data (const GByteArray *data);
+gboolean crypto_is_pkcs12_data (const guint8 *data, gsize len);
-NMCryptoFileFormat crypto_verify_private_key_data (const GByteArray *contents,
+NMCryptoFileFormat crypto_verify_private_key_data (const guint8 *data,
+ gsize data_len,
const char *password,
GError **error);
char * crypto_decrypt (const char *cipher,
int key_type,
- GByteArray *data,
+ const guint8 *data,
+ gsize data_len,
const char *iv,
const gsize iv_len,
const char *key,
GError **error);
char * crypto_encrypt (const char *cipher,
- const GByteArray *data,
+ const guint8 *data,
+ gsize data_len,
const char *iv,
gsize iv_len,
const char *key,
gboolean crypto_randomize (void *buffer, gsize buffer_len, GError **error);
-NMCryptoFileFormat crypto_verify_cert (const unsigned char *data,
+NMCryptoFileFormat crypto_verify_cert (const guint8 *data,
gsize len,
GError **error);
-gboolean crypto_verify_pkcs12 (const GByteArray *data,
+gboolean crypto_verify_pkcs12 (const guint8 *data,
+ gsize data_len,
const char *password,
GError **error);
-gboolean crypto_verify_pkcs8 (const GByteArray *data,
+gboolean crypto_verify_pkcs8 (const guint8 *data,
+ gsize data_len,
gboolean is_encrypted,
const char *password,
GError **error);
char *
crypto_decrypt (const char *cipher,
int key_type,
- GByteArray *data,
+ const guint8 *data,
+ gsize data_len,
const char *iv,
const gsize iv_len,
const char *key,
return NULL;
}
- output = g_malloc0 (data->len);
+ output = g_malloc0 (data_len);
err = gcry_cipher_open (&ctx, cipher_mech, GCRY_CIPHER_MODE_CBC, 0);
if (err) {
goto out;
}
- err = gcry_cipher_decrypt (ctx, output, data->len, data->data, data->len);
+ err = gcry_cipher_decrypt (ctx, output, data_len, data, data_len);
if (err) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
gcry_strsource (err), gcry_strerror (err));
goto out;
}
- pad_len = output[data->len - 1];
+ pad_len = output[data_len - 1];
/* Check if the padding at the end of the decrypted data is valid */
if (pad_len == 0 || pad_len > real_iv_len) {
* should contain the padding size.
*/
for (i = 1; i <= pad_len; ++i) {
- if (output[data->len - i] != pad_len) {
+ if (output[data_len - i] != pad_len) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
_("Failed to decrypt the private key."));
}
}
- *out_len = data->len - pad_len;
+ *out_len = data_len - pad_len;
success = TRUE;
out:
if (!success) {
if (output) {
/* Don't expose key material */
- memset (output, 0, data->len);
+ memset (output, 0, data_len);
g_free (output);
output = NULL;
}
char *
crypto_encrypt (const char *cipher,
- const GByteArray *data,
+ const guint8 *data,
+ gsize data_len,
const char *iv,
const gsize iv_len,
const char *key,
return NULL;
}
- /* If data->len % ivlen == 0, then we add another complete block
+ /* If data_len % ivlen == 0, then we add another complete block
* onto the end so that the decrypter knows there's padding.
*/
- pad_len = iv_len - (data->len % iv_len);
- output_len = padded_buf_len = data->len + pad_len;
+ pad_len = iv_len - (data_len % iv_len);
+ output_len = padded_buf_len = data_len + pad_len;
padded_buf = g_malloc0 (padded_buf_len);
- memcpy (padded_buf, data->data, data->len);
+ memcpy (padded_buf, data, data_len);
for (i = 0; i < pad_len; i++)
- padded_buf[data->len + i] = (guint8) (pad_len & 0xFF);
+ padded_buf[data_len + i] = (guint8) (pad_len & 0xFF);
output = g_malloc0 (output_len);
}
gboolean
-crypto_verify_pkcs12 (const GByteArray *data,
+crypto_verify_pkcs12 (const guint8 *data,
+ gsize data_len,
const char *password,
GError **error)
{
g_return_val_if_fail (data != NULL, FALSE);
- dt.data = (unsigned char *) data->data;
- dt.size = data->len;
+ dt.data = (unsigned char *) data;
+ dt.size = data_len;
err = gnutls_pkcs12_init (&p12);
if (err < 0) {
}
gboolean
-crypto_verify_pkcs8 (const GByteArray *data,
+crypto_verify_pkcs8 (const guint8 *data,
+ gsize data_len,
gboolean is_encrypted,
const char *password,
GError **error)
g_return_val_if_fail (data != NULL, FALSE);
- dt.data = (unsigned char *) data->data;
- dt.size = data->len;
+ dt.data = (unsigned char *) data;
+ dt.size = data_len;
err = gnutls_x509_privkey_init (&p8);
if (err < 0) {
char *
crypto_decrypt (const char *cipher,
int key_type,
- GByteArray *data,
+ const guint8 *data,
+ gsize data_len,
const char *iv,
const gsize iv_len,
const char *key,
return NULL;
}
- output = g_malloc0 (data->len);
+ output = g_malloc0 (data_len);
slot = PK11_GetBestSlot (cipher_mech, NULL);
if (!slot) {
s = PK11_CipherOp (ctx,
(unsigned char *) output,
&decrypted_len,
- data->len,
- data->data,
- data->len);
+ data_len,
+ data,
+ data_len);
if (s != SECSuccess) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
goto out;
}
- if (decrypted_len > data->len) {
+ if (decrypted_len > data_len) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
_("Failed to decrypt the private key: decrypted data too large."));
s = PK11_DigestFinal (ctx,
(unsigned char *) (output + decrypted_len),
&extra,
- data->len - decrypted_len);
+ data_len - decrypted_len);
if (s != SECSuccess) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
goto out;
}
decrypted_len += extra;
- pad_len = data->len - decrypted_len;
+ pad_len = data_len - decrypted_len;
/* Check if the padding at the end of the decrypted data is valid */
if (pad_len == 0 || pad_len > real_iv_len) {
* should contain the padding size.
*/
for (i = pad_len; i > 0; i--) {
- if (output[data->len - i] != pad_len) {
+ if (output[data_len - i] != pad_len) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
_("Failed to decrypt the private key."));
if (!success) {
if (output) {
/* Don't expose key material */
- memset (output, 0, data->len);
+ memset (output, 0, data_len);
g_free (output);
output = NULL;
}
char *
crypto_encrypt (const char *cipher,
- const GByteArray *data,
+ const guint8 *data,
+ gsize data_len,
const char *iv,
gsize iv_len,
const char *key,
/* If data->len % ivlen == 0, then we add another complete block
* onto the end so that the decrypter knows there's padding.
*/
- pad_len = iv_len - (data->len % iv_len);
- output_len = padded_buf_len = data->len + pad_len;
+ pad_len = iv_len - (data_len % iv_len);
+ output_len = padded_buf_len = data_len + pad_len;
padded_buf = g_malloc0 (padded_buf_len);
- memcpy (padded_buf, data->data, data->len);
+ memcpy (padded_buf, data, data_len);
for (i = 0; i < pad_len; i++)
- padded_buf[data->len + i] = (guint8) (pad_len & 0xFF);
+ padded_buf[data_len + i] = (guint8) (pad_len & 0xFF);
output = g_malloc0 (output_len);
}
gboolean
-crypto_verify_pkcs12 (const GByteArray *data,
+crypto_verify_pkcs12 (const guint8 *data,
+ gsize data_len,
const char *password,
GError **error)
{
goto error;
}
- s = SEC_PKCS12DecoderUpdate (p12ctx, data->data, data->len);
+ s = SEC_PKCS12DecoderUpdate (p12ctx, (guint8 *)data, data_len);
if (s != SECSuccess) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_FILE_FORMAT_INVALID,
}
gboolean
-crypto_verify_pkcs8 (const GByteArray *data,
+crypto_verify_pkcs8 (const guint8 *data,
+ gsize data_len,
gboolean is_encrypted,
const char *password,
GError **error)
switch (nm_setting_802_1x_get_private_key_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
- if (crypto_is_pkcs12_data (priv->private_key))
+ if (crypto_is_pkcs12_data (priv->private_key->data, priv->private_key->len))
return NM_SETTING_802_1X_CK_FORMAT_PKCS12;
return NM_SETTING_802_1X_CK_FORMAT_RAW_KEY;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
switch (nm_setting_802_1x_get_phase2_private_key_scheme (setting)) {
case NM_SETTING_802_1X_CK_SCHEME_BLOB:
- if (crypto_is_pkcs12_data (priv->phase2_private_key))
+ if (crypto_is_pkcs12_data (priv->phase2_private_key->data,
+ priv->phase2_private_key->len))
return NM_SETTING_802_1X_CK_FORMAT_PKCS12;
return NM_SETTING_802_1X_CK_FORMAT_RAW_KEY;
case NM_SETTING_802_1X_CK_SCHEME_PATH:
if (path)
format = crypto_verify_private_key (path, password, NULL);
else if (blob)
- format = crypto_verify_private_key_data (blob, password, NULL);
+ format = crypto_verify_private_key_data (blob->data, blob->len,
+ password, NULL);
else
g_warning ("%s: unknown private key password scheme", __func__);
}
}
/* If the private key is PKCS#12, check that it matches the client cert */
- if (crypto_is_pkcs12_data (priv->phase2_private_key)) {
+ if (crypto_is_pkcs12_data (priv->phase2_private_key->data,
+ priv->phase2_private_key->len)) {
if (priv->phase2_private_key->len != priv->phase2_client_cert->len) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
}
/* If the private key is PKCS#12, check that it matches the client cert */
- if (crypto_is_pkcs12_data (priv->private_key)) {
+ if (crypto_is_pkcs12_data (priv->private_key->data,
+ priv->private_key->len)) {
if (priv->private_key->len != priv->client_cert->len) {
g_set_error (error,
NM_SETTING_802_1X_ERROR,
/**
* nm_utils_ssid_to_utf8:
- * @ssid: a byte array containing the SSID data
+ * @ssid: pointer to a buffer containing the SSID data
+ * @len: length of the SSID data in @ssid
*
* Wi-Fi SSIDs are byte arrays, they are _not_ strings. Thus, an SSID may
* contain embedded NULLs and other unprintable characters. Often it is
* Returns %NULL on errors.
**/
char *
-nm_utils_ssid_to_utf8 (const GByteArray *ssid)
+nm_utils_ssid_to_utf8 (const guint8 *ssid, gsize len)
{
char *converted = NULL;
char *lang, *e1 = NULL, *e2 = NULL, *e3 = NULL;
g_return_val_if_fail (ssid != NULL, NULL);
- if (g_utf8_validate ((const gchar *) ssid->data, ssid->len, NULL))
- return g_strndup ((const gchar *) ssid->data, ssid->len);
+ if (g_utf8_validate ((const gchar *) ssid, len, NULL))
+ return g_strndup ((const gchar *) ssid, len);
/* LANG may be a good encoding hint */
g_get_charset ((const char **)(&e1));
g_free (lang);
}
- converted = g_convert ((const gchar *) ssid->data, ssid->len, "UTF-8", e1, NULL, NULL, NULL);
+ converted = g_convert ((const gchar *) ssid, len, "UTF-8", e1, NULL, NULL, NULL);
if (!converted && e2)
- converted = g_convert ((const gchar *) ssid->data, ssid->len, "UTF-8", e2, NULL, NULL, NULL);
+ converted = g_convert ((const gchar *) ssid, len, "UTF-8", e2, NULL, NULL, NULL);
if (!converted && e3)
- converted = g_convert ((const gchar *) ssid->data, ssid->len, "UTF-8", e3, NULL, NULL, NULL);
+ converted = g_convert ((const gchar *) ssid, len, "UTF-8", e3, NULL, NULL, NULL);
if (!converted) {
- converted = g_convert_with_fallback ((const gchar *) ssid->data, ssid->len,
+ converted = g_convert_with_fallback ((const gchar *) ssid, len,
"UTF-8", e1, "?", NULL, NULL, NULL);
}
* Returns: %TRUE if the SSID is "empty", %FALSE if it is not
**/
gboolean
-nm_utils_is_empty_ssid (const guint8 * ssid, int len)
+nm_utils_is_empty_ssid (const guint8 *ssid, gsize len)
{
/* Single white space is for Linksys APs */
if (len == 1 && ssid[0] == ' ')
* and will be overwritten by subsequent calls to this function
**/
const char *
-nm_utils_escape_ssid (const guint8 * ssid, guint32 len)
+nm_utils_escape_ssid (const guint8 *ssid, gsize len)
{
static char escaped[ESSID_MAX_SIZE * 2 + 1];
const guint8 *s = ssid;
/**
* nm_utils_same_ssid:
- * @ssid1: first SSID data to compare
- * @ssid2: second SSID data to compare
+ * @ssid1: the first SSID to compare
+ * @len1: length of the SSID data in @ssid1
+ * @ssid2: the second SSID to compare
+ * @len2: length of the SSID data in @ssid2
* @ignore_trailing_null: %TRUE to ignore one trailing NULL byte
*
* Earlier versions of the Linux kernel added a NULL byte to the end of the
* Returns: %TRUE if the SSIDs are the same, %FALSE if they are not
**/
gboolean
-nm_utils_same_ssid (const GByteArray * ssid1,
- const GByteArray * ssid2,
+nm_utils_same_ssid (const guint8 *ssid1, gsize len1,
+ const guint8 *ssid2, gsize len2,
gboolean ignore_trailing_null)
{
- guint32 ssid1_len, ssid2_len;
+ g_return_val_if_fail (ssid1 != NULL || len1 == 0, FALSE);
+ g_return_val_if_fail (ssid2 != NULL || len2 == 0, FALSE);
- if (ssid1 == ssid2)
+ if (ssid1 == ssid2 && len1 == len2)
return TRUE;
if (!ssid1 || !ssid2)
return FALSE;
- ssid1_len = ssid1->len;
- ssid2_len = ssid2->len;
- if (ssid1_len && ssid2_len && ignore_trailing_null) {
- if (ssid1->data[ssid1_len - 1] == '\0')
- ssid1_len--;
- if (ssid2->data[ssid2_len - 1] == '\0')
- ssid2_len--;
+ if (ignore_trailing_null) {
+ if (len1 && ssid1[len1 - 1] == '\0')
+ len1--;
+ if (len2 && ssid2[len2 - 1] == '\0')
+ len2--;
}
- if (ssid1_len != ssid2_len)
+ if (len1 != len2)
return FALSE;
- return memcmp (ssid1->data, ssid2->data, ssid1_len) == 0 ? TRUE : FALSE;
+ return memcmp (ssid1, ssid2, len1) == 0 ? TRUE : FALSE;
}
static void
* nm_utils_rsa_key_encrypt_helper:
* @cipher: cipher to use for encryption ("DES-EDE3-CBC" or "AES-128-CBC")
* @data: RSA private key data to be encrypted
+ * @len: length of @data
* @in_password: (allow-none): existing password to use, if any
* @out_password: (out) (allow-none): if @in_password was %NULL, a random password will be generated
* and returned in this argument
**/
static GByteArray *
nm_utils_rsa_key_encrypt_helper (const char *cipher,
- const GByteArray *data,
+ const guint8 *data,
+ gsize len,
const char *in_password,
char **out_password,
GError **error)
g_return_val_if_fail (!g_strcmp0 (cipher, CIPHER_DES_EDE3_CBC) || !g_strcmp0 (cipher, CIPHER_AES_CBC), NULL);
g_return_val_if_fail (data != NULL, NULL);
- g_return_val_if_fail (data->len > 0, NULL);
+ g_return_val_if_fail (len > 0, NULL);
if (out_password)
g_return_val_if_fail (*out_password == NULL, NULL);
if (!key)
goto out;
- enc = crypto_encrypt (cipher, data, salt, salt_len, key, key_len, &enc_len, error);
+ enc = crypto_encrypt (cipher, data, len, salt, salt_len, key, key_len, &enc_len, error);
if (!enc)
goto out;
/**
* nm_utils_rsa_key_encrypt:
* @data: RSA private key data to be encrypted
+ * @len: length of @data
* @in_password: (allow-none): existing password to use, if any
* @out_password: (out) (allow-none): if @in_password was %NULL, a random password will be generated
* and returned in this argument
* certificate/private key file.
**/
GByteArray *
-nm_utils_rsa_key_encrypt (const GByteArray *data,
+nm_utils_rsa_key_encrypt (const guint8 *data,
+ gsize len,
const char *in_password,
char **out_password,
GError **error)
return nm_utils_rsa_key_encrypt_helper (CIPHER_DES_EDE3_CBC,
- data,
+ data, len,
in_password,
out_password,
error);
/**
* nm_utils_rsa_key_encrypt_aes:
* @data: RSA private key data to be encrypted
+ * @len: length of @data
* @in_password: (allow-none): existing password to use, if any
* @out_password: (out) (allow-none): if @in_password was %NULL, a random password will be generated
* and returned in this argument
* certificate/private key file.
**/
GByteArray *
-nm_utils_rsa_key_encrypt_aes (const GByteArray *data,
+nm_utils_rsa_key_encrypt_aes (const guint8 *data,
+ gsize len,
const char *in_password,
char **out_password,
GError **error)
{
return nm_utils_rsa_key_encrypt_helper (CIPHER_AES_CBC,
- data,
+ data, len,
in_password,
out_password,
error);
void nm_utils_deinit (void);
/* SSID helpers */
-gboolean nm_utils_is_empty_ssid (const guint8 *ssid, int len);
-const char *nm_utils_escape_ssid (const guint8 *ssid, guint32 len);
-gboolean nm_utils_same_ssid (const GByteArray *ssid1,
- const GByteArray *ssid2,
+gboolean nm_utils_is_empty_ssid (const guint8 *ssid, gsize len);
+const char *nm_utils_escape_ssid (const guint8 *ssid, gsize len);
+gboolean nm_utils_same_ssid (const guint8 *ssid1, gsize len1,
+ const guint8 *ssid2, gsize len2,
gboolean ignore_trailing_null);
-char * nm_utils_ssid_to_utf8 (const GByteArray *ssid);
+char * nm_utils_ssid_to_utf8 (const guint8 *ssid, gsize len);
GHashTable *nm_utils_gvalue_hash_dup (GHashTable *hash);
char *nm_utils_uuid_generate (void);
char *nm_utils_uuid_generate_from_string (const char *s);
-GByteArray *nm_utils_rsa_key_encrypt (const GByteArray *data,
+GByteArray *nm_utils_rsa_key_encrypt (const guint8 *data,
+ gsize len,
const char *in_password,
char **out_password,
GError **error);
-GByteArray *nm_utils_rsa_key_encrypt_aes (const GByteArray *data,
+GByteArray *nm_utils_rsa_key_encrypt_aes (const guint8 *data,
+ gsize len,
const char *in_password,
char **out_password,
GError **error);
/* Now re-encrypt the private key */
if (is_cipher_aes (path))
- encrypted = nm_utils_rsa_key_encrypt_aes (array, password, NULL, &error);
+ encrypted = nm_utils_rsa_key_encrypt_aes (array->data, array->len, password, NULL, &error);
else
- encrypted = nm_utils_rsa_key_encrypt (array, password, NULL, &error);
+ encrypted = nm_utils_rsa_key_encrypt (array->data, array->len, password, NULL, &error);
ASSERT (encrypted != NULL, desc,
"couldn't re-encrypt private key file '%s': %d %s",
path, error->code, error->message);
/* Then re-decrypt the private key */
key_type = NM_CRYPTO_KEY_TYPE_UNKNOWN;
- re_decrypted = crypto_decrypt_private_key_data (encrypted, password, &key_type, &error);
+ re_decrypted = crypto_decrypt_private_key_data (encrypted->data, encrypted->len,
+ password, &key_type, &error);
ASSERT (re_decrypted != NULL, desc,
"couldn't read private key file '%s': %d %s",
path, error->code, error->message);
continue;
}
- if ((i == 0) && !nm_utils_same_ssid (ssid, ap_ssid, TRUE)) {
- _LOGD (LOGD_WIFI, " SSID mismatch");
- continue;
+ if (i == 0) {
+ if ( (ssid && !ap_ssid)
+ || (ap_ssid && !ssid)
+ || (ssid && ap_ssid && !nm_utils_same_ssid (ssid->data, ssid->len,
+ ap_ssid->data, ap_ssid->len,
+ TRUE))) {
+ _LOGD (LOGD_WIFI, " SSID mismatch");
+ continue;
+ }
}
apmode = nm_ap_get_mode (ap);
}
g_assert (ssid);
- str_ssid = nm_utils_ssid_to_utf8 (ssid);
+ str_ssid = nm_utils_ssid_to_utf8 (ssid->data, ssid->len);
nm_utils_complete_generic (connection,
NM_SETTING_WIRELESS_SETTING_NAME,
if (nm_logging_enabled (LOGL_DEBUG, LOGD_WIFI_SCAN)) {
if (ssids) {
+ const GByteArray *ssid;
guint i;
char *foo;
for (i = 0; i < ssids->len; i++) {
- foo = nm_utils_ssid_to_utf8 (g_ptr_array_index (ssids, i));
+ ssid = g_ptr_array_index (ssids, i);
+ foo = nm_utils_ssid_to_utf8 (ssid->data, ssid->len);
_LOGD (LOGD_WIFI_SCAN, "(%d) probe scanning SSID '%s'",
i, foo ? foo : "<hidden>");
g_free (foo);
NMAccessPointPrivate *priv;
NMSettingWireless *s_wireless;
NMSettingWirelessSecurity *s_wireless_sec;
+ const GByteArray *ssid;
const char *mode;
const char *band;
const char *bssid;
if (s_wireless == NULL)
return FALSE;
- if (!nm_utils_same_ssid (nm_setting_wireless_get_ssid (s_wireless), priv->ssid, TRUE))
+ ssid = nm_setting_wireless_get_ssid (s_wireless);
+ if ( (ssid && !priv->ssid)
+ || (priv->ssid && !ssid))
+ return FALSE;
+
+ if ( ssid && priv->ssid &&
+ !nm_utils_same_ssid (ssid->data, ssid->len,
+ priv->ssid->data, priv->ssid->len,
+ TRUE))
return FALSE;
bssid = nm_setting_wireless_get_bssid (s_wireless);
* let matching continue on BSSID and other properties
*/
if ( (!list_ssid && find_ssid)
- || (list_ssid && !find_ssid)
- || !nm_utils_same_ssid (list_ssid, find_ssid, TRUE))
+ || (list_ssid && !find_ssid))
+ continue;
+ if ( list_ssid
+ && find_ssid
+ && !nm_utils_same_ssid (list_ssid->data, list_ssid->len,
+ find_ssid->data, find_ssid->len,
+ TRUE))
continue;
/* BSSID match */
ssid = nm_setting_wireless_get_ssid (NM_SETTING_WIRELESS (wireless_setting));
if (ssid)
- printable_ssid = nm_utils_ssid_to_utf8 (ssid);
+ printable_ssid = nm_utils_ssid_to_utf8 (ssid->data, ssid->len);
else
printable_ssid = g_strdup_printf ("unmanaged");
if (blob && !is_pkcs12) {
/* Encrypt the unencrypted private key with the fake password */
enc_key =
- nm_utils_rsa_key_encrypt (blob, password, &generated_pw,
+ nm_utils_rsa_key_encrypt (blob->data, blob->len, password, &generated_pw,
error);
if (!enc_key)
goto out;