*/
#include <stdint.h>
+#include <assert.h>
#include <errno.h>
#include <pthread.h>
#include <glib.h>
#include <string.h>
#include <gcrypt.h>
-#include "bluesky.h"
+#include "bluesky-private.h"
/* Cryptographic operations. The rest of the BlueSky code merely calls into
* the functions in this file, so this is the only point where we interface
* with an external cryptographic library. */
-#define CRYPTO_BLOCK_SIZE 16 /* 128-bit AES */
-#define CRYPTO_KEY_SIZE 16
+/* TODO: We ought to switch to an authenticated encryption mode like EAX. */
GCRY_THREAD_OPTION_PTHREAD_IMPL;
if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
return;
- g_print("libgcrypt not yet initialized, initializing...\n");
-
if (!gcry_check_version(GCRYPT_VERSION))
g_error("libgcrypt version mismatch\n");
gcry_randomize(buf, len, GCRY_STRONG_RANDOM);
}
+/* Hash a string down to an encryption key. */
+void bluesky_crypt_hash_key(const char *keystr, uint8_t *out)
+{
+ guint8 raw_csum[32];
+ gsize csum_len = sizeof(raw_csum);
+
+ assert(CRYPTO_KEY_SIZE == 16);
+
+ GChecksum *csum = g_checksum_new(G_CHECKSUM_SHA256);
+ g_checksum_update(csum, (const guchar *)keystr, strlen(keystr));
+ g_checksum_get_digest(csum, raw_csum, &csum_len);
+ g_checksum_free(csum);
+
+ memcpy(out, raw_csum, CRYPTO_KEY_SIZE);
+}
+
/* Encrypt a data block. */
BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key)
{
gcry_error_t status;
gcry_cipher_hd_t handle;
- status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC,
- GCRY_CIPHER_CBC_CTS);
+ status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR,
+ 0);
if (status) {
g_error("gcrypt error setting up encryption: %s\n",
gcry_strerror(status));
}
bluesky_crypt_random_bytes(out, CRYPTO_BLOCK_SIZE);
- status = gcry_cipher_setiv(handle, out, CRYPTO_BLOCK_SIZE);
+ status = gcry_cipher_setctr(handle, out, CRYPTO_BLOCK_SIZE);
if (status) {
g_error("gcrypt error setting IV: %s\n",
gcry_strerror(status));
g_return_val_if_fail(in->len > CRYPTO_BLOCK_SIZE, NULL);
- status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC,
- GCRY_CIPHER_CBC_CTS);
+ status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR,
+ 0);
if (status) {
g_error("gcrypt error setting up encryption: %s\n",
gcry_strerror(status));
gcry_strerror(status));
}
- status = gcry_cipher_setiv(handle, in->data, CRYPTO_BLOCK_SIZE);
+ status = gcry_cipher_setctr(handle, in->data, CRYPTO_BLOCK_SIZE);
if (status) {
g_error("gcrypt error setting IV: %s\n",
gcry_strerror(status));
gcry_cipher_close(handle);
- return bluesky_string_new(out, in->len + CRYPTO_BLOCK_SIZE);
+ return bluesky_string_new(out, in->len - CRYPTO_BLOCK_SIZE);
}