X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=gcrypt.c;h=751c1a4a65d4d0b3b9e5a90242462a83d3fc6cf1;hp=b40b7b6e818ad387da3f2dffa96c06615eae5c10;hb=5f511d41a111aa04189b32fd77d02e16f90ff2cc;hpb=c13f9045d75565f517a4e73cade098da7cc46fcc

diff --git a/gcrypt.c b/gcrypt.c
index b40b7b6e..751c1a4a 100644
--- a/gcrypt.c
+++ b/gcrypt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011 Andre Noll <maan@systemlinux.org>
+ * Copyright (C) 2011-2014 Andre Noll <maan@systemlinux.org>
  *
  * Licensed under the GPL v2. For licencing details see COPYING.
  */
@@ -7,7 +7,6 @@
 /** \file gcrypt.c Libgrcypt-based encryption/decryption routines. */
 
 #include <regex.h>
-#include <stdbool.h>
 #include <gcrypt.h>
 
 #include "para.h"
@@ -98,7 +97,7 @@ static void mgf1(unsigned char *seed, size_t seed_len, unsigned result_len,
 {
 	gcry_error_t gret;
 	gcry_md_hd_t handle;
-	size_t n;;
+	size_t n;
 	unsigned char *md;
 	unsigned char octet_string[4], *rp = result, *end = rp + result_len;
 
@@ -164,7 +163,7 @@ static void pad_oaep(unsigned char *in, size_t in_len, unsigned char *out,
 /* rfc 3447, section 7.1.2 */
 static int unpad_oaep(unsigned char *in, size_t in_len, unsigned char *out,
 		size_t *out_len)
-{	int ret;
+{
 	unsigned char *masked_seed = in + 1;
 	unsigned char *db = in + 1 + HASH_SIZE;
 	unsigned char seed[HASH_SIZE], seed_mask[HASH_SIZE];
@@ -189,7 +188,7 @@ static int unpad_oaep(unsigned char *in, size_t in_len, unsigned char *out,
 	p++;
 	*out_len = in + in_len - p;
 	memcpy(out, p, *out_len);
-	return ret;
+	return 1;
 }
 
 struct asymmetric_key {
@@ -500,7 +499,6 @@ static int get_private_key(const char *key_file, struct asymmetric_key **result)
 	ret = read_bignum(cp, end, &u, NULL);
 	if (ret < 0)
 		goto release_q;
-	cp += ret;
 	/*
 	 * OpenSSL uses slightly different parameters than gcrypt. To use these
 	 * parameters we need to swap the values of p and q and recompute u.
@@ -575,7 +573,6 @@ static int get_asn_public_key(const char *key_file, struct asymmetric_key **resu
 	ret = read_bignum(cp, end, &e, NULL);
 	if (ret < 0)
 		goto release_n;
-	cp += ret;
 
 	gret = gcry_sexp_build(&sexp, &erroff, RSA_PUBKEY_SEXP, n, e);
 	if (gret) {
@@ -698,7 +695,6 @@ int get_asymmetric_key(const char *key_file, int private,
 	key->num_bytes = ret;
 	key->sexp = sexp;
 	*result = key;
-	ret = key->num_bytes;
 unmap:
 	ret2 = para_munmap(map, map_size);
 	if (ret >= 0 && ret2 < 0)
@@ -762,11 +758,13 @@ static int decode_rsa(gcry_sexp_t sexp, int key_size, unsigned char *outbuf,
 
 	PARA_DEBUG_LOG("decrypted buffer before unpad (%d bytes):\n",
 		key_size);
-	dump_buffer("non-unpadded decrypted buffer", oaep_buf, key_size);;
-	unpad_oaep(oaep_buf, key_size, outbuf, nbytes);
+	dump_buffer("non-unpadded decrypted buffer", oaep_buf, key_size);
+	ret = unpad_oaep(oaep_buf, key_size, outbuf, nbytes);
+	if (ret < 0)
+		goto out_mpi_release;
 	PARA_DEBUG_LOG("decrypted buffer after unpad (%zu bytes):\n",
 		*nbytes);
-	dump_buffer("unpadded decrypted buffer", outbuf, *nbytes);;
+	dump_buffer("unpadded decrypted buffer", outbuf, *nbytes);
 	ret = 1;
 out_mpi_release:
 	gcry_mpi_release(out_mpi);
@@ -914,11 +912,25 @@ struct stream_cipher {
 	gcry_cipher_hd_t handle;
 };
 
-struct stream_cipher *sc_new(const unsigned char *data, int len)
+struct stream_cipher *sc_new(const unsigned char *data, int len,
+		bool use_aes)
 {
 	gcry_error_t gret;
-
 	struct stream_cipher *sc = para_malloc(sizeof(*sc));
+
+	if (use_aes) {
+		assert(len >= 2 * AES_CRT128_BLOCK_SIZE);
+		gret = gcry_cipher_open(&sc->handle, GCRY_CIPHER_AES128,
+			GCRY_CIPHER_MODE_CTR, 0);
+		assert(gret == 0);
+		gret = gcry_cipher_setkey(sc->handle, data,
+			AES_CRT128_BLOCK_SIZE);
+		assert(gret == 0);
+		gret = gcry_cipher_setctr(sc->handle,
+			data + AES_CRT128_BLOCK_SIZE, AES_CRT128_BLOCK_SIZE);
+		assert(gret == 0);
+		return sc;
+	}
 	gret = gcry_cipher_open(&sc->handle, GCRY_CIPHER_ARCFOUR,
 		GCRY_CIPHER_MODE_STREAM, 0);
 	if (gret) {
@@ -939,35 +951,14 @@ void sc_free(struct stream_cipher *sc)
 	free(sc);
 }
 
-int sc_send_bin_buffer(struct stream_cipher_context *scc, char *buf,
-		size_t size)
-{
-	gcry_error_t gret;
-	int ret;
-	unsigned char *tmp = para_malloc(size);
-
-	assert(size);
-	gret = gcry_cipher_encrypt(scc->send->handle, tmp, size,
-		(unsigned char *)buf, size);
-	assert(gret == 0);
-	ret = write_all(scc->fd, (char *)tmp, &size);
-	free(tmp);
-	return ret;
-}
-
-int sc_recv_bin_buffer(struct stream_cipher_context *scc, char *buf,
-		size_t size)
+void sc_crypt(struct stream_cipher *sc, struct iovec *src, struct iovec *dst)
 {
+	gcry_cipher_hd_t handle = sc->handle;
 	gcry_error_t gret;
-	ssize_t ret = recv(scc->fd, buf, size, 0);
 
-	if (ret < 0)
-		ret = -ERRNO_TO_PARA_ERROR(errno);
-	if (ret <= 0)
-		return ret;
 	/* perform in-place encryption */
-	gret = gcry_cipher_encrypt(scc->recv->handle, (unsigned char *)buf, ret,
+	*dst = *src;
+	gret = gcry_cipher_encrypt(handle, src->iov_base, src->iov_len,
 		NULL, 0);
 	assert(gret == 0);
-	return ret;
 }