X-Git-Url: http://git.vrable.net/?a=blobdiff_plain;f=bluesky%2Fcrypto.c;h=b79cfa35b331d746f1c7cba0521437fb645aee07;hb=59dcd584eb785bf5345ce8f4c6468c8f2f05630d;hp=89f6b12aa2d79c23aac19a77b8634cc02c0930eb;hpb=ebcc59dc78483b9e9ee7aa33705974f386d12383;p=bluesky.git diff --git a/bluesky/crypto.c b/bluesky/crypto.c index 89f6b12..b79cfa3 100644 --- a/bluesky/crypto.c +++ b/bluesky/crypto.c @@ -177,7 +177,7 @@ void bluesky_crypt_block_encrypt(gchar *cloud_block, size_t len, } bluesky_crypt_hmac((char *)&header->crypt_iv, - cloud_block + len - (char *)&header->crypt_iv, + cloud_block + len - (char *)&header->crypt_iv - GUINT32_FROM_LE(header->size3), keys->authentication_key, header->crypt_auth); @@ -185,7 +185,8 @@ void bluesky_crypt_block_encrypt(gchar *cloud_block, size_t len, } gboolean bluesky_crypt_block_decrypt(gchar *cloud_block, size_t len, - BlueSkyCryptKeys *keys) + BlueSkyCryptKeys *keys, + gboolean allow_unauth) { gcry_error_t status; uint8_t hmac_check[CRYPTO_HASH_SIZE]; @@ -205,12 +206,19 @@ gboolean bluesky_crypt_block_decrypt(gchar *cloud_block, size_t len, } bluesky_crypt_hmac((char *)&header->crypt_iv, - cloud_block + len - (char *)&header->crypt_iv, + cloud_block + len - (char *)&header->crypt_iv - GUINT32_FROM_LE(header->size3), keys->authentication_key, hmac_check); if (memcmp(hmac_check, header->crypt_auth, CRYPTO_HASH_SIZE) != 0) { - g_warning("Cloud block HMAC does not match!\n"); - return FALSE; + g_warning("Cloud block HMAC does not match!"); + if (allow_unauth + && (header->type == LOGTYPE_INODE_MAP + '0' + || header->type == LOGTYPE_CHECKPOINT + '0')) + { + g_warning("Allowing unauthenticated data from cleaner"); + } else { + return FALSE; + } } if (encrypted) {