X-Git-Url: http://git.vrable.net/?a=blobdiff_plain;f=bluesky%2Fcrypto.c;h=5b2235736019c7264c5d41810918cdbd04ee3df0;hb=83fd6b61a6e092a22d4d5e59ed95f05f5e287f11;hp=6eec4643e380b13626a2da9b9b92e18cd83c0762;hpb=c83d8b650786b8e7d6a9d41c9449c203929c7215;p=bluesky.git diff --git a/bluesky/crypto.c b/bluesky/crypto.c index 6eec464..5b22357 100644 --- a/bluesky/crypto.c +++ b/bluesky/crypto.c @@ -7,20 +7,20 @@ */ #include +#include #include #include #include #include #include -#include "bluesky.h" +#include "bluesky-private.h" /* Cryptographic operations. The rest of the BlueSky code merely calls into * the functions in this file, so this is the only point where we interface * with an external cryptographic library. */ -#define CRYPTO_BLOCK_SIZE 16 /* 128-bit AES */ -#define CRYPTO_KEY_SIZE 16 +/* TODO: We ought to switch to an authenticated encryption mode like EAX. */ GCRY_THREAD_OPTION_PTHREAD_IMPL; @@ -31,8 +31,6 @@ void bluesky_crypt_init() if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) return; - g_print("libgcrypt not yet initialized, initializing...\n"); - if (!gcry_check_version(GCRYPT_VERSION)) g_error("libgcrypt version mismatch\n"); @@ -46,14 +44,30 @@ void bluesky_crypt_random_bytes(guchar *buf, gint len) gcry_randomize(buf, len, GCRY_STRONG_RANDOM); } +/* Hash a string down to an encryption key. */ +void bluesky_crypt_hash_key(const char *keystr, uint8_t *out) +{ + guint8 raw_csum[32]; + gsize csum_len = sizeof(raw_csum); + + assert(CRYPTO_KEY_SIZE == 16); + + GChecksum *csum = g_checksum_new(G_CHECKSUM_SHA256); + g_checksum_update(csum, (const guchar *)keystr, strlen(keystr)); + g_checksum_get_digest(csum, raw_csum, &csum_len); + g_checksum_free(csum); + + memcpy(out, raw_csum, CRYPTO_KEY_SIZE); +} + /* Encrypt a data block. */ BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key) { gcry_error_t status; gcry_cipher_hd_t handle; - status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, - GCRY_CIPHER_CBC_CTS); + status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR, + 0); if (status) { g_error("gcrypt error setting up encryption: %s\n", gcry_strerror(status)); @@ -68,14 +82,14 @@ BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key) } bluesky_crypt_random_bytes(out, CRYPTO_BLOCK_SIZE); - status = gcry_cipher_setiv(handle, out, CRYPTO_BLOCK_SIZE); + status = gcry_cipher_setctr(handle, out, CRYPTO_BLOCK_SIZE); if (status) { g_error("gcrypt error setting IV: %s\n", gcry_strerror(status)); } - gcry_cipher_encrypt(handle, out + CRYPTO_BLOCK_SIZE, in->len, - in->data, in->len); + status = gcry_cipher_encrypt(handle, out + CRYPTO_BLOCK_SIZE, in->len, + in->data, in->len); if (status) { g_error("gcrypt error encrypting: %s\n", gcry_strerror(status)); @@ -85,3 +99,45 @@ BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key) return bluesky_string_new(out, in->len + CRYPTO_BLOCK_SIZE); } + +/* Decrypt a data block. */ +BlueSkyRCStr *bluesky_crypt_decrypt(BlueSkyRCStr *in, const uint8_t *key) +{ + gcry_error_t status; + gcry_cipher_hd_t handle; + + g_return_val_if_fail(in->len > CRYPTO_BLOCK_SIZE, NULL); + + status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR, + 0); + if (status) { + g_error("gcrypt error setting up encryption: %s\n", + gcry_strerror(status)); + } + + uint8_t *out = g_malloc0(in->len - CRYPTO_BLOCK_SIZE); + + gcry_cipher_setkey(handle, key, CRYPTO_KEY_SIZE); + if (status) { + g_error("gcrypt error setting key: %s\n", + gcry_strerror(status)); + } + + status = gcry_cipher_setctr(handle, in->data, CRYPTO_BLOCK_SIZE); + if (status) { + g_error("gcrypt error setting IV: %s\n", + gcry_strerror(status)); + } + + status = gcry_cipher_decrypt(handle, out, in->len - CRYPTO_BLOCK_SIZE, + in->data + CRYPTO_BLOCK_SIZE, + in->len - CRYPTO_BLOCK_SIZE); + if (status) { + g_error("gcrypt error decrypting: %s\n", + gcry_strerror(status)); + } + + gcry_cipher_close(handle); + + return bluesky_string_new(out, in->len - CRYPTO_BLOCK_SIZE); +}