* the functions in this file, so this is the only point where we interface
* with an external cryptographic library. */
+/* TODO: We ought to switch to an authenticated encryption mode like EAX. */
+
GCRY_THREAD_OPTION_PTHREAD_IMPL;
void bluesky_crypt_init()
gcry_error_t status;
gcry_cipher_hd_t handle;
- status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC,
- GCRY_CIPHER_CBC_CTS);
+ status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR,
+ 0);
if (status) {
g_error("gcrypt error setting up encryption: %s\n",
gcry_strerror(status));
}
bluesky_crypt_random_bytes(out, CRYPTO_BLOCK_SIZE);
- status = gcry_cipher_setiv(handle, out, CRYPTO_BLOCK_SIZE);
+ status = gcry_cipher_setctr(handle, out, CRYPTO_BLOCK_SIZE);
if (status) {
g_error("gcrypt error setting IV: %s\n",
gcry_strerror(status));
g_return_val_if_fail(in->len > CRYPTO_BLOCK_SIZE, NULL);
- status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC,
- GCRY_CIPHER_CBC_CTS);
+ status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR,
+ 0);
if (status) {
g_error("gcrypt error setting up encryption: %s\n",
gcry_strerror(status));
gcry_strerror(status));
}
- status = gcry_cipher_setiv(handle, in->data, CRYPTO_BLOCK_SIZE);
+ status = gcry_cipher_setctr(handle, in->data, CRYPTO_BLOCK_SIZE);
if (status) {
g_error("gcrypt error setting IV: %s\n",
gcry_strerror(status));
projects / bluesky.git / commitdiff