Rework the checkpoint record format to include a version vector.

[bluesky.git] / bluesky / crypto.c

diff --git a/bluesky/crypto.c b/bluesky/crypto.c
index 1dc5e0d..fd47491 100644 (file)
--- a/bluesky/crypto.c
+++ b/bluesky/crypto.c
@@ -177,7 +177,7 @@ void bluesky_crypt_block_encrypt(gchar *cloud_block, size_t len,
     }
 
     bluesky_crypt_hmac((char *)&header->crypt_iv,
-                       cloud_block + len - (char *)&header->crypt_iv,
+                       cloud_block + len - (char *)&header->crypt_iv - GUINT32_FROM_LE(header->size3),
                        keys->authentication_key,
                        header->crypt_auth);
 
@@ -205,7 +205,7 @@ gboolean bluesky_crypt_block_decrypt(gchar *cloud_block, size_t len,
     }
 
     bluesky_crypt_hmac((char *)&header->crypt_iv,
-                       cloud_block + len - (char *)&header->crypt_iv,
+                       cloud_block + len - (char *)&header->crypt_iv - GUINT32_FROM_LE(header->size3),
                        keys->authentication_key,
                        hmac_check);
     if (memcmp(hmac_check, header->crypt_auth, CRYPTO_HASH_SIZE) != 0) {
@@ -244,93 +244,10 @@ gboolean bluesky_crypt_block_decrypt(gchar *cloud_block, size_t len,
                     gcry_strerror(status));
         }
         header->magic[3] ^= 0x10;
+        memset(header->crypt_iv, 0, sizeof(header->crypt_iv));
 
         gcry_cipher_close(handle);
     }
 
     return TRUE;
 }
-
-#if 0
-/* Encrypt a data block. */
-BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key)
-{
-    gcry_error_t status;
-    gcry_cipher_hd_t handle;
-
-    status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR,
-                              0);
-    if (status) {
-        g_error("gcrypt error setting up encryption: %s\n",
-                gcry_strerror(status));
-    }
-
-    uint8_t *out = g_malloc0(in->len + CRYPTO_BLOCK_SIZE);
-
-    gcry_cipher_setkey(handle, key, CRYPTO_KEY_SIZE);
-    if (status) {
-        g_error("gcrypt error setting key: %s\n",
-                gcry_strerror(status));
-    }
-
-    bluesky_crypt_random_bytes(out, CRYPTO_BLOCK_SIZE);
-    status = gcry_cipher_setctr(handle, out, CRYPTO_BLOCK_SIZE);
-    if (status) {
-        g_error("gcrypt error setting IV: %s\n",
-                gcry_strerror(status));
-    }
-
-    status = gcry_cipher_encrypt(handle, out + CRYPTO_BLOCK_SIZE, in->len,
-                                 in->data, in->len);
-    if (status) {
-        g_error("gcrypt error encrypting: %s\n",
-                gcry_strerror(status));
-    }
-
-    gcry_cipher_close(handle);
-
-    return bluesky_string_new(out, in->len + CRYPTO_BLOCK_SIZE);
-}
-
-/* Decrypt a data block. */
-BlueSkyRCStr *bluesky_crypt_decrypt(BlueSkyRCStr *in, const uint8_t *key)
-{
-    gcry_error_t status;
-    gcry_cipher_hd_t handle;
-
-    g_return_val_if_fail(in->len > CRYPTO_BLOCK_SIZE, NULL);
-
-    status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR,
-                              0);
-    if (status) {
-        g_error("gcrypt error setting up encryption: %s\n",
-                gcry_strerror(status));
-    }
-
-    uint8_t *out = g_malloc0(in->len - CRYPTO_BLOCK_SIZE);
-
-    gcry_cipher_setkey(handle, key, CRYPTO_KEY_SIZE);
-    if (status) {
-        g_error("gcrypt error setting key: %s\n",
-                gcry_strerror(status));
-    }
-
-    status = gcry_cipher_setctr(handle, in->data, CRYPTO_BLOCK_SIZE);
-    if (status) {
-        g_error("gcrypt error setting IV: %s\n",
-                gcry_strerror(status));
-    }
-
-    status = gcry_cipher_decrypt(handle, out, in->len - CRYPTO_BLOCK_SIZE,
-                                 in->data + CRYPTO_BLOCK_SIZE,
-                                 in->len - CRYPTO_BLOCK_SIZE);
-    if (status) {
-        g_error("gcrypt error decrypting: %s\n",
-                gcry_strerror(status));
-    }
-
-    gcry_cipher_close(handle);
-
-    return bluesky_string_new(out, in->len - CRYPTO_BLOCK_SIZE);
-}
-#endif