* the functions in this file, so this is the only point where we interface
* with an external cryptographic library. */
+/* TODO: We ought to switch to an authenticated encryption mode like EAX. */
+
GCRY_THREAD_OPTION_PTHREAD_IMPL;
void bluesky_crypt_init()
assert(CRYPTO_KEY_SIZE == 16);
GChecksum *csum = g_checksum_new(G_CHECKSUM_SHA256);
- g_checksum_update(csum, keystr, strlen(keystr));
+ g_checksum_update(csum, (const guchar *)keystr, strlen(keystr));
g_checksum_get_digest(csum, raw_csum, &csum_len);
g_checksum_free(csum);
gcry_error_t status;
gcry_cipher_hd_t handle;
- status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC,
- GCRY_CIPHER_CBC_CTS);
+ status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR,
+ 0);
if (status) {
g_error("gcrypt error setting up encryption: %s\n",
gcry_strerror(status));
}
bluesky_crypt_random_bytes(out, CRYPTO_BLOCK_SIZE);
- status = gcry_cipher_setiv(handle, out, CRYPTO_BLOCK_SIZE);
+ status = gcry_cipher_setctr(handle, out, CRYPTO_BLOCK_SIZE);
if (status) {
g_error("gcrypt error setting IV: %s\n",
gcry_strerror(status));
g_return_val_if_fail(in->len > CRYPTO_BLOCK_SIZE, NULL);
- status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC,
- GCRY_CIPHER_CBC_CTS);
+ status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR,
+ 0);
if (status) {
g_error("gcrypt error setting up encryption: %s\n",
gcry_strerror(status));
gcry_strerror(status));
}
- status = gcry_cipher_setiv(handle, in->data, CRYPTO_BLOCK_SIZE);
+ status = gcry_cipher_setctr(handle, in->data, CRYPTO_BLOCK_SIZE);
if (status) {
g_error("gcrypt error setting IV: %s\n",
gcry_strerror(status));
gcry_cipher_close(handle);
- return bluesky_string_new(out, in->len + CRYPTO_BLOCK_SIZE);
+ return bluesky_string_new(out, in->len - CRYPTO_BLOCK_SIZE);
}
projects / bluesky.git / blobdiff