X-Git-Url: http://git.tuebingen.mpg.de/?a=blobdiff_plain;f=crypt.c;h=cae47046fe0c8e3f0ebf2c1a479d3343c3955465;hb=dbf829aac09a69f4b51a6a1f9fe15873b99fbdcf;hp=06ae6265010a946bd51a1e64b1c620f0e4c89fc3;hpb=698178774b857a8959fe70e360ae6ff755eacf8e;p=paraslash.git diff --git a/crypt.c b/crypt.c index 06ae6265..cae47046 100644 --- a/crypt.c +++ b/crypt.c @@ -11,7 +11,6 @@ #include #include #include -#include #include #include #include @@ -23,6 +22,7 @@ #include "crypt.h" #include "fd.h" #include "crypt_backend.h" +#include "base64.h" struct asymmetric_key { RSA *rsa; @@ -133,18 +133,25 @@ static int read_rsa_bignums(const unsigned char *blob, int blen, RSA **result) { int ret; RSA *rsa; + BIGNUM *n, *e; const unsigned char *p = blob, *end = blob + blen; rsa = RSA_new(); if (!rsa) return -E_BIGNUM; - ret = read_bignum(p, end - p, &rsa->e); + ret = read_bignum(p, end - p, &e); if (ret < 0) goto fail; p += ret; - ret = read_bignum(p, end - p, &rsa->n); + ret = read_bignum(p, end - p, &n); if (ret < 0) goto fail; +#ifdef HAVE_RSA_SET0_KEY + RSA_set0_key(rsa, n, e, NULL); +#else + rsa->n = n; + rsa->e = e; +#endif *result = rsa; return 1; fail: @@ -158,7 +165,7 @@ int get_asymmetric_key(const char *key_file, int private, struct asymmetric_key *key = NULL; void *map = NULL; unsigned char *blob = NULL; - size_t map_size, blob_size, decoded_size; + size_t map_size, encoded_size, decoded_size; int ret, ret2; char *cp; @@ -180,16 +187,11 @@ int get_asymmetric_key(const char *key_file, int private, goto out; } cp = map + ret; + encoded_size = map_size - ret; PARA_INFO_LOG("decoding public rsa-ssh key %s\n", key_file); - ret = -ERRNO_TO_PARA_ERROR(EOVERFLOW); - if (map_size > INT_MAX / 4) - goto out_unmap; - blob_size = 2 * map_size; - blob = para_malloc(blob_size); - ret = uudecode(cp, blob, blob_size); + ret = uudecode(cp, encoded_size, (char **)&blob, &decoded_size); if (ret < 0) goto out_unmap; - decoded_size = ret; ret = check_ssh_key_header(blob, decoded_size); if (ret < 0) goto out_unmap; @@ -261,26 +263,16 @@ int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf, } struct stream_cipher { - bool use_aes; - union { - RC4_KEY rc4_key; - EVP_CIPHER_CTX *aes; - } context; + EVP_CIPHER_CTX *aes; }; -struct stream_cipher *sc_new(const unsigned char *data, int len, - bool use_aes) +struct stream_cipher *sc_new(const unsigned char *data, int len) { struct stream_cipher *sc = para_malloc(sizeof(*sc)); - sc->use_aes = use_aes; - if (!use_aes) { - RC4_set_key(&sc->context.rc4_key, len, data); - return sc; - } assert(len >= 2 * AES_CRT128_BLOCK_SIZE); - sc->context.aes = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(sc->context.aes, EVP_aes_128_ctr(), NULL, data, + sc->aes = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(sc->aes, EVP_aes_128_ctr(), NULL, data, data + AES_CRT128_BLOCK_SIZE); return sc; } @@ -289,40 +281,10 @@ void sc_free(struct stream_cipher *sc) { if (!sc) return; - EVP_CIPHER_CTX_free(sc->context.aes); + EVP_CIPHER_CTX_free(sc->aes); free(sc); } -/** - * The RC4() implementation of openssl apparently reads and writes data in - * blocks of 8 bytes. So we have to make sure our buffer sizes are a multiple - * of this. - */ -#define RC4_ALIGN 8 - -static void rc4_crypt(RC4_KEY *key, struct iovec *src, struct iovec *dst) -{ - size_t len = src->iov_len, l1, l2; - - assert(len > 0); - assert(len < ((typeof(src->iov_len))-1) / 2); - l1 = ROUND_DOWN(len, RC4_ALIGN); - l2 = ROUND_UP(len, RC4_ALIGN); - - *dst = (typeof(*dst)) { - /* Add one for the terminating zero byte. */ - .iov_base = para_malloc(l2 + 1), - .iov_len = len - }; - RC4(key, l1, src->iov_base, dst->iov_base); - if (len > l1) { - unsigned char remainder[RC4_ALIGN] = ""; - memcpy(remainder, src->iov_base + l1, len - l1); - RC4(key, len - l1, remainder, dst->iov_base + l1); - } - ((char *)dst->iov_base)[len] = '\0'; -} - static void aes_ctr128_crypt(EVP_CIPHER_CTX *ctx, struct iovec *src, struct iovec *dst) { @@ -344,9 +306,7 @@ static void aes_ctr128_crypt(EVP_CIPHER_CTX *ctx, struct iovec *src, void sc_crypt(struct stream_cipher *sc, struct iovec *src, struct iovec *dst) { - if (sc->use_aes) - return aes_ctr128_crypt(sc->context.aes, src, dst); - return rc4_crypt(&sc->context.rc4_key, src, dst); + return aes_ctr128_crypt(sc->aes, src, dst); } void hash_function(const char *data, unsigned long len, unsigned char *hash)