diff --git a/g10/ChangeLog b/g10/ChangeLog index cdc62aa35..66d13ebe4 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2002-06-05 Timo Schulz + + * mainproc.c (symkey_decrypt_sesskey): New. + (proc_symkey_enc): Support for encrypted session keys. + 2002-06-04 David Shaw * sign.c (hash_for, sign_file): When encrypting and signing at the diff --git a/g10/mainproc.c b/g10/mainproc.c index e8f30e1ce..72caee56d 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -237,6 +237,31 @@ add_signature( CTX c, PACKET *pkt ) return 1; } +static void +symkey_decrypt_sesskey( DEK *dek, byte *sesskey, size_t slen ) +{ + CIPHER_HANDLE hd; + + if ( slen > 33 ) { + log_error( "weird size for an encrypted session key" ); + return; + } + hd = cipher_open( dek->algo, CIPHER_MODE_CFB, 1 ); + cipher_setkey( hd, dek->key, dek->keylen ); + cipher_setiv( hd, NULL, 0 ); + cipher_decrypt( hd, sesskey, sesskey, slen ); + cipher_close( hd ); + /* check first byte (the cipher algo) */ + if ( sesskey[0] > 10 ) { + log_error( "invalid symkey algorithm detected\n" ); + return; + } + /* now we replace the dek components with the real session key + to decrypt the contents of the sequencing packet. */ + dek->keylen = cipher_get_keylen( sesskey[0] ); + dek->algo = sesskey[0]; + memcpy( dek->key, sesskey + 1, dek->keylen ); +} static void proc_symkey_enc( CTX c, PACKET *pkt ) @@ -264,6 +289,8 @@ proc_symkey_enc( CTX c, PACKET *pkt ) c->dek = passphrase_to_dek( NULL, 0, algo, &enc->s2k, 0, NULL ); if (c->dek) c->dek->algo_info_printed = 1; + if ( c->dek && enc->seskeylen ) + symkey_decrypt_sesskey( c->dek, enc->seskey, enc->seskeylen ); } leave: free_packet(pkt);