X-Git-Url: http://git.vrable.net/?a=blobdiff_plain;f=bluesky%2Fcrypto.c;h=5b2235736019c7264c5d41810918cdbd04ee3df0;hb=8a2da0db5d5f4f599486876396883f6207ebec6a;hp=6981f45be9b0c8f197e5b1e03aa2132f530f7e56;hpb=98effa493bca2b6e97d98035be602993da27d26b;p=bluesky.git

diff --git a/bluesky/crypto.c b/bluesky/crypto.c
index 6981f45..5b22357 100644
--- a/bluesky/crypto.c
+++ b/bluesky/crypto.c
@@ -20,6 +20,8 @@
  * the functions in this file, so this is the only point where we interface
  * with an external cryptographic library. */
 
+/* TODO: We ought to switch to an authenticated encryption mode like EAX. */
+
 GCRY_THREAD_OPTION_PTHREAD_IMPL;
 
 void bluesky_crypt_init()
@@ -51,7 +53,7 @@ void bluesky_crypt_hash_key(const char *keystr, uint8_t *out)
     assert(CRYPTO_KEY_SIZE == 16);
 
     GChecksum *csum = g_checksum_new(G_CHECKSUM_SHA256);
-    g_checksum_update(csum, keystr, strlen(keystr));
+    g_checksum_update(csum, (const guchar *)keystr, strlen(keystr));
     g_checksum_get_digest(csum, raw_csum, &csum_len);
     g_checksum_free(csum);
 
@@ -64,8 +66,8 @@ BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key)
     gcry_error_t status;
     gcry_cipher_hd_t handle;
 
-    status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC,
-                              GCRY_CIPHER_CBC_CTS);
+    status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR,
+                              0);
     if (status) {
         g_error("gcrypt error setting up encryption: %s\n",
                 gcry_strerror(status));
@@ -80,7 +82,7 @@ BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key)
     }
 
     bluesky_crypt_random_bytes(out, CRYPTO_BLOCK_SIZE);
-    status = gcry_cipher_setiv(handle, out, CRYPTO_BLOCK_SIZE);
+    status = gcry_cipher_setctr(handle, out, CRYPTO_BLOCK_SIZE);
     if (status) {
         g_error("gcrypt error setting IV: %s\n",
                 gcry_strerror(status));
@@ -106,8 +108,8 @@ BlueSkyRCStr *bluesky_crypt_decrypt(BlueSkyRCStr *in, const uint8_t *key)
 
     g_return_val_if_fail(in->len > CRYPTO_BLOCK_SIZE, NULL);
 
-    status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC,
-                              GCRY_CIPHER_CBC_CTS);
+    status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR,
+                              0);
     if (status) {
         g_error("gcrypt error setting up encryption: %s\n",
                 gcry_strerror(status));
@@ -121,7 +123,7 @@ BlueSkyRCStr *bluesky_crypt_decrypt(BlueSkyRCStr *in, const uint8_t *key)
                 gcry_strerror(status));
     }
 
-    status = gcry_cipher_setiv(handle, in->data, CRYPTO_BLOCK_SIZE);
+    status = gcry_cipher_setctr(handle, in->data, CRYPTO_BLOCK_SIZE);
     if (status) {
         g_error("gcrypt error setting IV: %s\n",
                 gcry_strerror(status));
@@ -137,5 +139,5 @@ BlueSkyRCStr *bluesky_crypt_decrypt(BlueSkyRCStr *in, const uint8_t *key)
 
     gcry_cipher_close(handle);
 
-    return bluesky_string_new(out, in->len + CRYPTO_BLOCK_SIZE);
+    return bluesky_string_new(out, in->len - CRYPTO_BLOCK_SIZE);
 }