Mailing List Archive: LibGCrypt Examples

LibGCrypt Examples

cplusplushelp at gmx

Apr 17, 2002, 1:39 PM

Post #1 of 9 (6406 views)

hi,
I have some problems using the LibGCrypt. I wrote a short demo program. But I
alwas get this message

operation is not possible without initialized secure memory
(you may have used the wrong program for this task)

I don't know what to do. I don't find any hind in the reference.

Can you give me some examples how to use the LibGCrypt please?

thanks

P.S.
I couldn't compile any program including the gcrypt.h until I included the
stdlib.c in it! (GCC 2.9.5 and GCC 3.0.1)

Re: LibGCrypt Examples [ In reply to ]

twoaday at freakmail

Apr 17, 2002, 1:55 PM

Post #2 of 9 (6378 views)

On Wed Apr 17 2002; 22:39, Rüdiger Sonderfeld wrote:

Hi,

I'm not the author but maybe I can also help you.

> operation is not possible without initialized secure memory
> (you may have used the wrong program for this task)

You need to initialize the secret memory first:

gcry_control( GCRYCTL_INIT_SECMEM, 16384, 0 );

with this you drop the privilegs/terminate the secure pool:

gcry_control( GCRYCTL_DROP_PRIVS );
gcry_control( GCRYCTL_TERM_SECMEM );

> Can you give me some examples how to use the LibGCrypt please?

Did you check the src/testapi.c, tests/*.c?

Timo

Re: LibGCrypt Examples [ In reply to ]

cplusplushelp at gmx

Apr 17, 2002, 2:07 PM

Post #3 of 9 (6368 views)

> gcry_control( GCRYCTL_INIT_SECMEM, 16384, 0 );

now I get this message

Warning: using insecure memory!
#include <gcrypt.h>
#include <stdio.h>

int main(int argc,char **argv)
{
GCRY_MD_HD md5;
FILE *fd;
unsigned char buffer[500];
size_t len;
int a;

if(argc<2)
{
fprintf(stderr,"usage: %s <file>\n",*argv);
return 1;
}
if( (fd=fopen(*(argv+1),"r")) ==NULL)
{
perror("Couldn't open file!\n");
return 1;
}

gcry_control( GCRYCTL_INIT_SECMEM, 16384, 0 );
md5=gcry_md_open(GCRY_MD_MD5,GCRY_MD_FLAG_HMAC);
if( (len=fread(buffer,sizeof(unsigned char),500,fd)) ==0)
Hûÿ¿Èøš

Re: Re: Re: LibGCrypt Examples [ In reply to ]

cplusplushelp at gmx

Apr 17, 2002, 2:17 PM

Post #4 of 9 (6370 views)

Am Mittwoch, 17. April 2002 23:07 schrieb Rüdiger Sonderfeld:
> Warning: using insecure memory!

I also recive this warning while using the testapi example :(

My system

Debian GNU/Linux Woody
GCC 3.01
256MB RAM

Re: Re: Re: LibGCrypt Examples [ In reply to ]

twoaday at freakmail

Apr 17, 2002, 2:22 PM

Post #5 of 9 (6371 views)

On Wed Apr 17 2002; 23:17, Rüdiger Sonderfeld wrote:

> > Warning: using insecure memory!
>
> I also recive this warning while using the testapi example :(

You can disable it with:

gcry_control( GCRYCTL_DISABLE_SECMEM_WARN )

or you can set your program set uid. It's the same with the
GNU Privacy Guard, to use the secure memory you need root privileges.

Timo

Re: Re: Re: LibGCrypt Examples [ In reply to ]

Apr 17, 2002, 2:30 PM

Post #6 of 9 (6377 views)

On Wed, Apr 17, 2002 at 11:17:00PM +0200, Rüdiger Sonderfeld wrote:
> Am Mittwoch, 17. April 2002 23:07 schrieb Rüdiger Sonderfeld:
> > Warning: using insecure memory!
> I also recive this warning while using the testapi example :(
> My system
>
> Debian GNU/Linux Woody
> GCC 3.01
> 256MB RAM

the latter two things are unimportant. What is is the availability of the
mlock(2) call to non-root. On my BSD system, the man page for mlock(2) says:
| These calls are only available to the super-user.

Thus gpg (and probably the binary linked against gcrypt (I'm not sure whether
gcrypt is a wrapper to invoke gpg or not)) should be setuid to root. The
amount of code in gpg before it drops privilege is very small and easily
auditable.

MBM

--
Matthew Byng-Maddick <mbm@colondot.net> http://colondot.net/

Re: Re: Re: LibGCrypt Examples [ In reply to ]

cplusplushelp at gmx

Apr 17, 2002, 2:40 PM

Post #7 of 9 (6360 views)

> You can disable it with:
>
> gcry_control( GCRYCTL_DISABLE_SECMEM_WARN )
>
> or you can set your program set uid. It's the same with the
> GNU Privacy Guard, to use the secure memory you need root privileges.

now it works! But the output doesn't look like a md5 checksum :(

here is my source

#include <gcrypt.h>
#include <stdio.h>

int main(int argc,char **argv)
{
GCRY_MD_HD md5;
FILE *fd;
unsigned char buffer[500];
size_t len;
int a;

if(argc<2)
{
fprintf(stderr,"usage: %s <file>\n",*argv);
return 1;
}
if( (fd=fopen(*(argv+1),"r")) ==NULL)
{
perror("Couldn't open file!\n");
return 1;
}

gcry_control( GCRYCTL_DISABLE_SECMEM_WARN );
gcry_control( GCRYCTL_INIT_SECMEM, 16384, 0 );
md5=gcry_md_open(GCRY_MD_MD5,GCRY_MD_FLAG_HMAC);
if( (len=fread(buffer,sizeof(unsigned char),500,fd)) ==0)
{
if(ferror(fd))
{
perror("Couldn't read file!\n");
return 1;
}
}
gcry_md_write(md5,buffer,len); /*<-- this should create the checksum*/
printf("%s\n",buffer);
gcry_md_close(md5);
return 0;
}

sorry that I ask this simple questions but I didn't understood the reference

Re: Re: Re: LibGCrypt Examples [ In reply to ]

twoaday at freakmail

Apr 17, 2002, 2:59 PM

Post #8 of 9 (6366 views)

On Wed Apr 17 2002; 23:40, kingruedi wrote:

> gcry_md_write(md5,buffer,len); /*<-- this should create the checksum*/
> printf("%s\n",buffer);
> gcry_md_close(md5);

No, you can't use it like this, try this instead:

gcry_md_write( md5, buffer, len );
gcry_md_final( md5 );
{
byte *digest = gcry_md_read( md5, GCRY_MD_MD5 );
int i = 0;
for ( i=0; i<gcry_md_get_algo_dlen( GCRY_MD_MD5 ); i++ )
printf("%02X", digest[i]);
}

Timo

Re: Re: Re: LibGCrypt Examples [ In reply to ]

cplusplushelp at gmx

Apr 17, 2002, 3:19 PM

Post #9 of 9 (6363 views)

Am Mittwoch, 17. April 2002 23:59 schrieben Sie:
> On Wed Apr 17 2002; 23:40, kingruedi wrote:
> > gcry_md_write(md5,buffer,len); /*<-- this should create the checksum*/
> > printf("%s\n",buffer);
> > gcry_md_close(md5);
>
> No, you can't use it like this, try this instead:
>
> gcry_md_write( md5, buffer, len );
> gcry_md_final( md5 );
> {
> byte *digest = gcry_md_read( md5, GCRY_MD_MD5 );
> int i = 0;
> for ( i=0; i<gcry_md_get_algo_dlen( GCRY_MD_MD5 ); i++ )
> printf("%02X", digest[i]);
> }

I think I understood how to use this lib now.

thanks a lot