diff options
Diffstat (limited to 'g10/cipher.c')
-rw-r--r-- | g10/cipher.c | 49 |
1 files changed, 35 insertions, 14 deletions
diff --git a/g10/cipher.c b/g10/cipher.c index 8fc0d3815..cad6ff664 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -1,5 +1,5 @@ /* cipher.c - En-/De-ciphering filter - * Copyright (C) 1998,1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -33,6 +33,7 @@ #include "packet.h" #include "options.h" #include "main.h" +#include "status.h" #define MIN_PARTIAL_SIZE 512 @@ -44,10 +45,18 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) PACKET pkt; PKT_encrypted ed; byte temp[18]; - int blocksize; - unsigned nprefix; - int use_mdc = opt.force_mdc; + unsigned int blocksize; + unsigned int nprefix; int rc; + int use_mdc = opt.force_mdc; + + blocksize = gcry_cipher_get_algo_blklen( cfx->dek->algo ); + if( blocksize < 8 || blocksize > 16 ) + log_fatal("unsupported blocksize %u\n", blocksize ); + if( blocksize != 8 ) + use_mdc = 1; /* enable it for all modern ciphers */ + if( opt.rfc2440 ) + use_mdc = 0; /* override - rfc2440 does not know about MDC */ memset( &ed, 0, sizeof ed ); ed.len = cfx->datalen; @@ -55,18 +64,16 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) if( use_mdc ) { ed.mdc_method = GCRY_MD_SHA1; cfx->mdc_hash = gcry_md_open( GCRY_MD_SHA1, 0 ); - /*should we check the function works, or is it better to provide - a flag which makes the function die itself ?? FIXME */ - /*md_start_debug( cfx->mdc_hash, "mdccreat" );*/ + if( !cfx->mdc_hash ) + BUG(); + if ( DBG_HASHING ) + gcry_md_start_debug( cfx->mdc_hash, "creatmdc" ); } init_packet( &pkt ); pkt.pkttype = use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED; pkt.pkt.encrypted = &ed; if( build_packet( a, &pkt )) log_bug("build_packet(ENCR_DATA) failed\n"); - blocksize = gcry_cipher_get_algo_blklen( cfx->dek->algo ); - if( blocksize < 8 || blocksize > 16 ) - log_fatal("unsupported blocksize %d\n", blocksize ); nprefix = blocksize; gcry_randomize( temp, nprefix, GCRY_STRONG_RANDOM ); temp[nprefix] = temp[nprefix-2]; @@ -75,7 +82,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) if( !(cfx->cipher_hd = gcry_cipher_open( cfx->dek->algo, GCRY_CIPHER_MODE_CFB, GCRY_CIPHER_SECURE - | (cfx->dek->algo >= 100 ? + | ((use_mdc || cfx->dek->algo >= 100) ? 0 : GCRY_CIPHER_ENABLE_SYNC))) ) { /* we should never get an error here cause we already checked, that @@ -83,6 +90,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) BUG(); } + /* log_hexdump( "thekey", cfx->dek->key, cfx->dek->keylen );*/ rc = gcry_cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen ); if( !rc ) @@ -99,6 +107,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) log_fatal("encrypt failed: %s\n", gcry_strerror(rc) ); iobuf_write(a, temp, nprefix+2); cfx->header=1; + } @@ -120,6 +129,7 @@ cipher_filter( void *opaque, int control, else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */ assert(a); if( !cfx->header ) { + write_status( STATUS_BEGIN_ENCRYPTION ); write_header( cfx, a ); } if( cfx->mdc_hash ) @@ -134,15 +144,26 @@ cipher_filter( void *opaque, int control, if( cfx->mdc_hash ) { byte *hash; int hashlen = gcry_md_get_algo_dlen( gcry_md_get_algo( cfx->mdc_hash ) ); + byte temp[22]; + + assert( hashlen == 20 ); + /* we must hash the prefix of the MDC packet here */ + temp[0] = 0xd3; + temp[1] = 0x14; + gcry_md_putc( cfx->mdc_hash, temp[0] ); + gcry_md_putc( cfx->mdc_hash, temp[1] ); + hash = gcry_md_read( cfx->mdc_hash, 0 ); - rc = gcry_cipher_encrypt( cfx->cipher_hd, hash, hashlen, NULL, 0 ); + memcpy(temp+2, hash, 20); + rc = gcry_cipher_encrypt( cfx->cipher_hd, temp, 22, NULL, 0 ); if( rc ) log_fatal("encrypt failed: %s\n", gcry_strerror(rc) ); - if( iobuf_write( a, hash, hashlen ) ) - rc = GPGERR_WRITE_FILE; gcry_md_close( cfx->mdc_hash ); cfx->mdc_hash = NULL; + if( iobuf_write( a, temp, 22 ) ) + log_error("writing MDC packet failed\n" ); } gcry_cipher_close(cfx->cipher_hd); + write_status( STATUS_END_ENCRYPTION ); } else if( control == IOBUFCTRL_DESC ) { *(char**)buf = "cipher_filter"; |