X-Git-Url: http://git.vrable.net/?a=blobdiff_plain;f=bluesky%2Fcrypto.c;h=2a5bf6ebf0fb36bb2e548bcee2bbc22b94c1ac5c;hb=fed8d93caec822aded82cdd96c783a9ccf156f7b;hp=1dc5e0d4a92f4584350127777f39c39bb488a956;hpb=818d00b4cceab93949aec208c8555aa8c409a0f2;p=bluesky.git

diff --git a/bluesky/crypto.c b/bluesky/crypto.c
index 1dc5e0d..2a5bf6e 100644
--- a/bluesky/crypto.c
+++ b/bluesky/crypto.c
@@ -132,6 +132,9 @@ gboolean bluesky_crypt_block_needs_encryption(uint8_t type)
 void bluesky_crypt_block_encrypt(gchar *cloud_block, size_t len,
                                  BlueSkyCryptKeys *keys)
 {
+    if (bluesky_options.disable_crypto)
+        return;
+
     gcry_error_t status;
     gcry_cipher_hd_t handle;
 
@@ -177,7 +180,7 @@ void bluesky_crypt_block_encrypt(gchar *cloud_block, size_t len,
     }
 
     bluesky_crypt_hmac((char *)&header->crypt_iv,
-                       cloud_block + len - (char *)&header->crypt_iv,
+                       cloud_block + len - (char *)&header->crypt_iv - GUINT32_FROM_LE(header->size3),
                        keys->authentication_key,
                        header->crypt_auth);
 
@@ -185,7 +188,8 @@ void bluesky_crypt_block_encrypt(gchar *cloud_block, size_t len,
 }
 
 gboolean bluesky_crypt_block_decrypt(gchar *cloud_block, size_t len,
-                                     BlueSkyCryptKeys *keys)
+                                     BlueSkyCryptKeys *keys,
+                                     gboolean allow_unauth)
 {
     gcry_error_t status;
     uint8_t hmac_check[CRYPTO_HASH_SIZE];
@@ -200,17 +204,29 @@ gboolean bluesky_crypt_block_decrypt(gchar *cloud_block, size_t len,
         g_assert(memcmp(header->magic, CLOUDLOG_MAGIC_ENCRYPTED,
                         sizeof(header->magic)) == 0);
 
+    if (bluesky_options.disable_crypto) {
+        g_assert(encrypted == FALSE);
+        return TRUE;
+    }
+
     if (encrypted != bluesky_crypt_block_needs_encryption(header->type)) {
         g_warning("Encrypted status of item does not match expected!\n");
     }
 
     bluesky_crypt_hmac((char *)&header->crypt_iv,
-                       cloud_block + len - (char *)&header->crypt_iv,
+                       cloud_block + len - (char *)&header->crypt_iv - GUINT32_FROM_LE(header->size3),
                        keys->authentication_key,
                        hmac_check);
     if (memcmp(hmac_check, header->crypt_auth, CRYPTO_HASH_SIZE) != 0) {
-        g_warning("Cloud block HMAC does not match!\n");
-        return FALSE;
+        g_warning("Cloud block HMAC does not match!");
+        if (allow_unauth
+            && (header->type == LOGTYPE_INODE_MAP + '0'
+                || header->type == LOGTYPE_CHECKPOINT + '0'))
+        {
+            g_warning("Allowing unauthenticated data from cleaner");
+        } else {
+            return FALSE;
+        }
     }
 
     if (encrypted) {
@@ -244,93 +260,10 @@ gboolean bluesky_crypt_block_decrypt(gchar *cloud_block, size_t len,
                     gcry_strerror(status));
         }
         header->magic[3] ^= 0x10;
+        memset(header->crypt_iv, 0, sizeof(header->crypt_iv));
 
         gcry_cipher_close(handle);
     }
 
     return TRUE;
 }
-
-#if 0
-/* Encrypt a data block. */
-BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key)
-{
-    gcry_error_t status;
-    gcry_cipher_hd_t handle;
-
-    status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR,
-                              0);
-    if (status) {
-        g_error("gcrypt error setting up encryption: %s\n",
-                gcry_strerror(status));
-    }
-
-    uint8_t *out = g_malloc0(in->len + CRYPTO_BLOCK_SIZE);
-
-    gcry_cipher_setkey(handle, key, CRYPTO_KEY_SIZE);
-    if (status) {
-        g_error("gcrypt error setting key: %s\n",
-                gcry_strerror(status));
-    }
-
-    bluesky_crypt_random_bytes(out, CRYPTO_BLOCK_SIZE);
-    status = gcry_cipher_setctr(handle, out, CRYPTO_BLOCK_SIZE);
-    if (status) {
-        g_error("gcrypt error setting IV: %s\n",
-                gcry_strerror(status));
-    }
-
-    status = gcry_cipher_encrypt(handle, out + CRYPTO_BLOCK_SIZE, in->len,
-                                 in->data, in->len);
-    if (status) {
-        g_error("gcrypt error encrypting: %s\n",
-                gcry_strerror(status));
-    }
-
-    gcry_cipher_close(handle);
-
-    return bluesky_string_new(out, in->len + CRYPTO_BLOCK_SIZE);
-}
-
-/* Decrypt a data block. */
-BlueSkyRCStr *bluesky_crypt_decrypt(BlueSkyRCStr *in, const uint8_t *key)
-{
-    gcry_error_t status;
-    gcry_cipher_hd_t handle;
-
-    g_return_val_if_fail(in->len > CRYPTO_BLOCK_SIZE, NULL);
-
-    status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR,
-                              0);
-    if (status) {
-        g_error("gcrypt error setting up encryption: %s\n",
-                gcry_strerror(status));
-    }
-
-    uint8_t *out = g_malloc0(in->len - CRYPTO_BLOCK_SIZE);
-
-    gcry_cipher_setkey(handle, key, CRYPTO_KEY_SIZE);
-    if (status) {
-        g_error("gcrypt error setting key: %s\n",
-                gcry_strerror(status));
-    }
-
-    status = gcry_cipher_setctr(handle, in->data, CRYPTO_BLOCK_SIZE);
-    if (status) {
-        g_error("gcrypt error setting IV: %s\n",
-                gcry_strerror(status));
-    }
-
-    status = gcry_cipher_decrypt(handle, out, in->len - CRYPTO_BLOCK_SIZE,
-                                 in->data + CRYPTO_BLOCK_SIZE,
-                                 in->len - CRYPTO_BLOCK_SIZE);
-    if (status) {
-        g_error("gcrypt error decrypting: %s\n",
-                gcry_strerror(status));
-    }
-
-    gcry_cipher_close(handle);
-
-    return bluesky_string_new(out, in->len - CRYPTO_BLOCK_SIZE);
-}
-#endif