From 9047d936bd8bbf6acc6799e559c2766d4c487263 Mon Sep 17 00:00:00 2001 From: Michael Vrable Date: Tue, 1 Sep 2009 21:23:26 -0700 Subject: [PATCH] Implement data decryption as well. --- bluesky/bluesky.h | 1 + bluesky/crypto.c | 46 ++++++++++++++++++++++++++++++++++++++++++++-- bluesky/inode.c | 3 ++- 3 files changed, 47 insertions(+), 3 deletions(-) diff --git a/bluesky/bluesky.h b/bluesky/bluesky.h index afb2304..831d850 100644 --- a/bluesky/bluesky.h +++ b/bluesky/bluesky.h @@ -35,6 +35,7 @@ BlueSkyRCStr *bluesky_string_dup(BlueSkyRCStr *string); void bluesky_crypt_init(); void bluesky_crypt_random_bytes(guchar *buf, gint len); BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key); +BlueSkyRCStr *bluesky_crypt_decrypt(BlueSkyRCStr *in, const uint8_t *key); /* File types. The numeric values are chosen to match with those used in * NFSv3. */ diff --git a/bluesky/crypto.c b/bluesky/crypto.c index 6eec464..defe1b3 100644 --- a/bluesky/crypto.c +++ b/bluesky/crypto.c @@ -74,8 +74,8 @@ BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key) gcry_strerror(status)); } - gcry_cipher_encrypt(handle, out + CRYPTO_BLOCK_SIZE, in->len, - in->data, in->len); + status = gcry_cipher_encrypt(handle, out + CRYPTO_BLOCK_SIZE, in->len, + in->data, in->len); if (status) { g_error("gcrypt error encrypting: %s\n", gcry_strerror(status)); @@ -85,3 +85,45 @@ BlueSkyRCStr *bluesky_crypt_encrypt(BlueSkyRCStr *in, const uint8_t *key) return bluesky_string_new(out, in->len + CRYPTO_BLOCK_SIZE); } + +/* Decrypt a data block. */ +BlueSkyRCStr *bluesky_crypt_decrypt(BlueSkyRCStr *in, const uint8_t *key) +{ + gcry_error_t status; + gcry_cipher_hd_t handle; + + g_return_val_if_fail(in->len > CRYPTO_BLOCK_SIZE, NULL); + + status = gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, + GCRY_CIPHER_CBC_CTS); + if (status) { + g_error("gcrypt error setting up encryption: %s\n", + gcry_strerror(status)); + } + + uint8_t *out = g_malloc0(in->len - CRYPTO_BLOCK_SIZE); + + gcry_cipher_setkey(handle, key, CRYPTO_KEY_SIZE); + if (status) { + g_error("gcrypt error setting key: %s\n", + gcry_strerror(status)); + } + + status = gcry_cipher_setiv(handle, in->data, CRYPTO_BLOCK_SIZE); + if (status) { + g_error("gcrypt error setting IV: %s\n", + gcry_strerror(status)); + } + + status = gcry_cipher_decrypt(handle, out, in->len - CRYPTO_BLOCK_SIZE, + in->data + CRYPTO_BLOCK_SIZE, + in->len - CRYPTO_BLOCK_SIZE); + if (status) { + g_error("gcrypt error decrypting: %s\n", + gcry_strerror(status)); + } + + gcry_cipher_close(handle); + + return bluesky_string_new(out, in->len + CRYPTO_BLOCK_SIZE); +} diff --git a/bluesky/inode.c b/bluesky/inode.c index 42b045c..e4902cd 100644 --- a/bluesky/inode.c +++ b/bluesky/inode.c @@ -342,8 +342,9 @@ void bluesky_block_fetch(BlueSkyFS *fs, BlueSkyBlock *block) BlueSkyRCStr *string = s3store_get(fs->store, block->ref); bluesky_string_unref(block->data); - block->data = string; + block->data = bluesky_crypt_decrypt(string, fs->encryption_key); block->type = BLUESKY_BLOCK_CACHED; + bluesky_string_unref(string); } /* Write the given block to cloud-backed storage and mark it clean. */ -- 2.20.1