Commit Graph

26 Commits

Author SHA1 Message Date
Beniamino Galvani
93f85edcce libnm-core: support private keys encrypted with AES-{192,256}-CBC
https://github.com/NetworkManager/NetworkManager/pull/189
2018-08-28 11:05:01 +02:00
Thomas Haller
b7426e91db build: use default NM_BUILD_* defines for tests
Use two common defines NM_BUILD_SRCDIR and NM_BUILD_BUILDDIR
for specifying the location of srcdir and builddir.

Note that this is only relevant for tests, as they expect
a certain layout of the directories, to find files that concern
them.
2018-05-31 15:59:38 +02:00
Beniamino Galvani
0e96d23733 crypto: don't try to decrypt PKCS#8 key if no password is supplied
crypto_verify_private_key_data() must try to decrypt the key only when
a password is supplied.

Previously the decrypt test always passed because we detected an
unsupported cipher and faked success. Now since version 3.5.4 gnutls
supports PBES1-DES-CBC-MD5 and the key is actually decrypted when a
password is supplied.

Also, don't assert that a wrong password works because we're now able
to actually verify it (only with recent gnutls).

https://bugzilla.gnome.org/show_bug.cgi?id=771623
2016-09-23 18:05:54 +02:00
Thomas Haller
4b288136e1 shared: move shared files to subdirectory "shared/nm-utils/"
The "shared" directory contains files that are possibly used by all components
of NetworkManager repository.

Some of these files are even copied as-is to other projects (VPN plugins, nm-applet)
and used there without modification. Move those files to a separate directory.
By moving them to a common directory, it is clearer that they belong
together. Also, you can easier compare the copied versions to their
original via

  $ diff -r ./shared/nm-utils/ /path/to/nm-vpn-plugin/shared/nm-utils/
2016-06-16 10:45:53 +02:00
Thomas Haller
8bace23beb all: cleanup includes and let "nm-default.h" include "config.h"
- All internal source files (except "examples", which are not internal)
  should include "config.h" first. As also all internal source
  files should include "nm-default.h", let "config.h" be included
  by "nm-default.h" and include "nm-default.h" as first in every
  source file.
  We already wanted to include "nm-default.h" before other headers
  because it might contains some fixes (like "nm-glib.h" compatibility)
  that is required first.

- After including "nm-default.h", we optinally allow for including the
  corresponding header file for the source file at hand. The idea
  is to ensure that each header file is self contained.

- Don't include "config.h" or "nm-default.h" in any header file
  (except "nm-sd-adapt.h"). Public headers anyway must not include
  these headers, and internal headers are never included after
  "nm-default.h", as of the first previous point.

- Include all internal headers with quotes instead of angle brackets.
  In practice it doesn't matter, because in our public headers we must
  include other headers with angle brackets. As we use our public
  headers also to compile our interal source files, effectively the
  result must be the same. Still do it for consistency.

- Except for <config.h> itself. Include it with angle brackets as suggested by
  https://www.gnu.org/software/autoconf/manual/autoconf.html#Configuration-Headers
2016-02-19 17:53:25 +01:00
Thomas Haller
432796817e libnm/tests: convert test cases to use g_assert() instead of ASSERT() (test-crypto.c) 2016-02-14 23:48:00 +01:00
Dan Williams
80d9a43a25 tests: get rid of FAIL macro 2016-02-11 09:50:29 -06:00
Dan Winship
22e1a97e12 all: drop includes to <glib/gi18n.h> for "nm-default.h"
The localization headers are now included via "nm-default.h".

Also fixes several places, where we wrongly included <glib/gi18n-lib.h>
instead of <glib/gi18n.h>. For example under "clients/" directory.
2015-08-05 15:35:51 +02:00
Thomas Haller
19c3ea948a all: make use of new header file "nm-default.h" 2015-08-05 15:32:40 +02:00
Dan Winship
3452ee2a0e all: rename nm-glib-compat.h to nm-glib.h, use everywhere
Rather than randomly including one or more of <glib.h>,
<glib-object.h>, and <gio/gio.h> everywhere (and forgetting to include
"nm-glib-compat.h" most of the time), rename nm-glib-compat.h to
nm-glib.h, include <gio/gio.h> from there, and then change all .c
files in NM to include "nm-glib.h" rather than including the glib
headers directly.

(Public headers files still have to include the real glib headers,
since nm-glib.h isn't installed...)

Also, remove glib includes from header files that are already
including a base object header file (which must itself already include
the glib headers).
2015-07-24 13:25:47 -04:00
Lubomir Rintel
2981839bde test: initialize auto-destructed pointers
Otherwise the compiler complains that they could be left uninitialized in case
the function returns too early.

Fixes: 76745817c3
2015-02-09 15:19:30 +01:00
Thomas Haller
ae73320b8c libnm/tests: fix memleaks in tests for valgrind 2015-02-09 11:51:07 +01:00
Dan Winship
539fac8b67 libnm-util: Note that nm_utils_deinit() is a no-op
nm_utils_deinit() is a no-op, so don't suggest that people need to
call it.
2014-12-04 08:39:54 -05:00
Dan Winship
3bfb163a74 all: consistently include config.h
config.h should be included from every .c file, and it should be
included before any other include. Fix that.

(As a side effect of how I did this, this also changes us to
consistently use "config.h" rather than <config.h>. To the extent that
it matters [which is not much], quotes are more correct anyway, since
we're talking about a file in our own build tree, not a system
include.)
2014-11-13 17:18:42 -05:00
Dan Winship
964b9f3513 libnm-core, libnm-util: convert test-crypto, test-setting-8021x.c to gtestutils
Rather than having test-crypto and test-setting-8021x be programs that
you have to pass arguments to to get them to run a single test, just
have them run all of the tests themselves.

This lets us get rid of the big "check-local" rule in Makefile.am and
just use TESTS to run everything.

https://bugzilla.gnome.org/show_bug.cgi?id=734388
2014-08-07 15:57:19 -04:00
Dan Winship
2570c5a17c libnm-util, libnm-glib: whitespace fixes
Fix indentation, kill trailing whitespace, split some long lines.
2014-07-15 09:44:55 -04:00
Dan Winship
cb7e1893e7 libnm-util, libnm-glib: standardize copyright/license headers
- Remove list of authors from files that had them; these serve no
  purpose except to quickly get out of date (and were only used in
  libnm-util and not libnm-glib anyway).

- Just say "Copyright", not "(C) Copyright" or "Copyright (C)"

- Put copyright statement after the license, not before

- Remove "NetworkManager - Network link manager" from the few files
  that contained it, and "libnm_glib -- Access network status &
  information from glib applications" from the many files that
  contained it.

- Remove vim modeline from nm-device-olpc-mesh.[ch], add emacs modeline
  to files that were missing it.
2014-07-15 09:44:54 -04:00
Thomas Haller
8af001eae4 nmtst: combine files nm-test-helpers.h and nm-test-utils.h
Move the content of nm-test-helpers.h to nm-test-utils.h
which completly replaces the older file.

Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-06-05 18:12:56 +02:00
Jiří Klimeš
810e934892 libnm-util: add nm_utils_rsa_key_encrypt_aes() encrypting RSA key with AES 2014-05-12 10:46:41 +02:00
Dan Winship
d04f286327 all: remove pointless NULL checks
g_malloc(), etc, never return NULL, by API contract. Likewise, by
extension, no other glib function ever returns NULL due to lack of
memory. So remove lots of unnecessary checks (the vast majority of
which would have immediately crashed had they ever run anyway, since
g_set_error(), g_warning(), and nm_log_*() all need to allocate
memory).

https://bugzilla.gnome.org/show_bug.cgi?id=693678
2013-02-13 13:38:13 -05:00
Dan Williams
5deb993ff6 libnm-util: recognize PKCS#8 private keys and check passwords (bgo #649326)
Neither gnutls nor NSS fully support PKCS#8 so we don't have complete
support here, but at least recognize the keys and make an attempt to
check the private key if we can.
2011-05-13 14:22:06 -05:00
Dan Williams
28e6523b8d libnm-util: rework certificate and private key handling
First, it was not easily possible to set a private key without
also providing a password.  This used to be OK, but now with
secret flags it may be the case that when the connection is read,
there's no private key password.  So functions that set the
private key must account for NULL passwords.

Unfortunately, the crytpo code did not handle this case well.
We need to be able to independently (a) verify that a file looks
like a certificate or private key and (b) that a given password
decrypts a private key.  Previously the crypto code would fail
to verify the file when the password was NULL.

So this change fixes up the crytpo code for a more distinct
split between these two operations, such that if no password is
given, the file is still checked to ensure that it's a private
key or a certificate.  If a password is given, the password is
checked against the private key file.

This commit also changes how private keys and certificates were
handled with the BLOB scheme.  Previously only the first certificate
or first private key was included in the property data, while now
the entire file is encoded in the data.  This is intended to fix
cases where multiple private keys or certificates are present in
a PEM file.  It also allows clients to push certificate data to
NetworkManager for storage in system settings locations, which was
not as flexible before when only part of the certificate or key
was sent as the data.
2011-03-02 12:00:47 -06:00
Dan Williams
15497fd10f libnm-util: handle PEM files without an ending newline (rh #507315)
Due to an off-by-one bug if the ending PEM tag was the last thing
in the file, it would get missed.  Add some testcases for that too.
2009-11-18 16:29:48 -08:00
Dan Williams
8c35e96b60 libnm-util: add nm_utils_rsa_key_encrypt() and fix crypto padding mixups
To be backwards compatible clients need to handle both paths to private
keys and the decrypted private key data, which is what used to get passed
in the private-key and phase2-private-key attributes of the 802.1x setting.
When moving a connection around between system-settings and user-settings,
if the private key is decrypted data, the settings service needs to store
that decrypted data somewhere so that the key can be sent to NM during
the connection process.

But we don't want to store the decrypted private key data, so we have to
re-encrypt it (possibly generating a private key password if one wasn't
sent with the decrypted data) and save it to disk, then send NM a path
to that private key during connection.

To help clients do this, and so that they don't have to carry around
multiple crypto implementations depending on whether they want to use
NSS or gnutls/gcrypt, add a helper to libnm-util.

Furthermore, I misunderstood a bunch of stuff with crypto padding when
writing the encrypt/decrypt functions long ago, so fix that up.  Don't
return padding as part of the decrypted data, and make sure to verify
the padding's expected lengths and values when decrypting.  Many thanks
to Nalin Dahyabhai for pointing me in the right direction.
2009-09-15 16:01:50 -07:00
Dan Williams
e5ed391f28 libnm-util: allow certificate/key paths
Overload the certificate and key properties to allow paths to the
certificates and keys using a special prefix for the property data.
Add API to libnm-util for easy certificate path handling, and
documentation for NMSetting8021x.
2009-09-04 09:07:00 -05:00
Dan Williams
203cff4d83 libnm-util: move crypto tests to libnm-util/tests/
Add testing certs and keys; run crypto tests on 'make check'
2009-02-02 01:03:15 -05:00