X-Git-Url: http://git.vrable.net/?a=blobdiff_plain;f=bluesky%2Fcrypto.c;h=492e4ff71a5efde9dfd47a2aa1f04744a18d5ac1;hb=HEAD;hp=89f6b12aa2d79c23aac19a77b8634cc02c0930eb;hpb=ebcc59dc78483b9e9ee7aa33705974f386d12383;p=bluesky.git diff --git a/bluesky/crypto.c b/bluesky/crypto.c index 89f6b12..492e4ff 100644 --- a/bluesky/crypto.c +++ b/bluesky/crypto.c @@ -3,7 +3,29 @@ * Copyright (C) 2009 The Regents of the University of California * Written by Michael Vrable * - * TODO: Licensing + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include @@ -132,6 +154,9 @@ gboolean bluesky_crypt_block_needs_encryption(uint8_t type) void bluesky_crypt_block_encrypt(gchar *cloud_block, size_t len, BlueSkyCryptKeys *keys) { + if (bluesky_options.disable_crypto) + return; + gcry_error_t status; gcry_cipher_hd_t handle; @@ -177,7 +202,7 @@ void bluesky_crypt_block_encrypt(gchar *cloud_block, size_t len, } bluesky_crypt_hmac((char *)&header->crypt_iv, - cloud_block + len - (char *)&header->crypt_iv, + cloud_block + len - (char *)&header->crypt_iv - GUINT32_FROM_LE(header->size3), keys->authentication_key, header->crypt_auth); @@ -185,7 +210,8 @@ void bluesky_crypt_block_encrypt(gchar *cloud_block, size_t len, } gboolean bluesky_crypt_block_decrypt(gchar *cloud_block, size_t len, - BlueSkyCryptKeys *keys) + BlueSkyCryptKeys *keys, + gboolean allow_unauth) { gcry_error_t status; uint8_t hmac_check[CRYPTO_HASH_SIZE]; @@ -200,17 +226,29 @@ gboolean bluesky_crypt_block_decrypt(gchar *cloud_block, size_t len, g_assert(memcmp(header->magic, CLOUDLOG_MAGIC_ENCRYPTED, sizeof(header->magic)) == 0); + if (bluesky_options.disable_crypto) { + g_assert(encrypted == FALSE); + return TRUE; + } + if (encrypted != bluesky_crypt_block_needs_encryption(header->type)) { g_warning("Encrypted status of item does not match expected!\n"); } bluesky_crypt_hmac((char *)&header->crypt_iv, - cloud_block + len - (char *)&header->crypt_iv, + cloud_block + len - (char *)&header->crypt_iv - GUINT32_FROM_LE(header->size3), keys->authentication_key, hmac_check); if (memcmp(hmac_check, header->crypt_auth, CRYPTO_HASH_SIZE) != 0) { - g_warning("Cloud block HMAC does not match!\n"); - return FALSE; + g_warning("Cloud block HMAC does not match!"); + if (allow_unauth + && (header->type == LOGTYPE_INODE_MAP + '0' + || header->type == LOGTYPE_CHECKPOINT + '0')) + { + g_warning("Allowing unauthenticated data from cleaner"); + } else { + return FALSE; + } } if (encrypted) {