mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
2003-08-14 Timo Schulz <twoaday@freakmail.de>
* encrypt.c (encode_session_key): Use new Libgcrypt interface.
This commit is contained in:
parent
aa6e3f7d28
commit
81a0683e21
@ -1,3 +1,7 @@
|
|||||||
|
2003-08-14 Timo Schulz <twoaday@freakmail.de>
|
||||||
|
|
||||||
|
* encrypt.c (encode_session_key): Use new Libgcrypt interface.
|
||||||
|
|
||||||
2003-07-31 Werner Koch <wk@gnupg.org>
|
2003-07-31 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
* Makefile.am (gpgsm_LDADD): Added INTLLIBS.
|
* Makefile.am (gpgsm_LDADD): Added INTLLIBS.
|
||||||
|
95
sm/encrypt.c
95
sm/encrypt.c
@ -126,81 +126,29 @@ init_dek (DEK dek)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Encode the session key. NBITS is the number of bits which should be
|
static int
|
||||||
used for packing the session key. returns: An mpi with the session
|
encode_session_key (DEK dek, gcry_sexp_t * r_data)
|
||||||
key (caller must free) */
|
|
||||||
static gcry_mpi_t
|
|
||||||
encode_session_key (DEK dek, unsigned int nbits)
|
|
||||||
{
|
{
|
||||||
int nframe = (nbits+7) / 8;
|
gcry_sexp_t data;
|
||||||
byte *p;
|
char * p, tmp[3];
|
||||||
byte *frame;
|
int i;
|
||||||
int i,n;
|
int rc;
|
||||||
gcry_mpi_t a;
|
|
||||||
|
|
||||||
if (dek->keylen + 7 > nframe || !nframe)
|
p = xmalloc (64+dek->keylen);
|
||||||
log_bug ("can't encode a %d bit key in a %d bits frame\n",
|
strcpy (p, "(data\n (flags pkcs1)\n (value #");
|
||||||
dek->keylen*8, nbits );
|
for (i=0; i < dek->keylen; i++)
|
||||||
|
|
||||||
/* We encode the session key in this way:
|
|
||||||
*
|
|
||||||
* 0 2 RND(n bytes) 0 KEY(k bytes)
|
|
||||||
*
|
|
||||||
* (But how can we store the leading 0 - the external representaion
|
|
||||||
* of MPIs doesn't allow leading zeroes =:-)
|
|
||||||
*
|
|
||||||
* RND are non-zero random bytes.
|
|
||||||
* KEY is the encryption key (session key)
|
|
||||||
*/
|
|
||||||
|
|
||||||
frame = gcry_xmalloc_secure (nframe);
|
|
||||||
n = 0;
|
|
||||||
frame[n++] = 0;
|
|
||||||
frame[n++] = 2;
|
|
||||||
i = nframe - 3 - dek->keylen;
|
|
||||||
assert (i > 0);
|
|
||||||
p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
|
|
||||||
/* replace zero bytes by new values */
|
|
||||||
for (;;)
|
|
||||||
{
|
{
|
||||||
int j, k;
|
sprintf (tmp, "%02x", dek->key[i]);
|
||||||
byte *pp;
|
strcat (p, tmp);
|
||||||
|
|
||||||
/* count the zero bytes */
|
|
||||||
for(j=k=0; j < i; j++ )
|
|
||||||
{
|
|
||||||
if( !p[j] )
|
|
||||||
k++;
|
|
||||||
}
|
}
|
||||||
if( !k )
|
strcat (p, "#))\n");
|
||||||
break; /* okay: no zero bytes */
|
rc = gcry_sexp_sscan (&data, NULL, p, strlen (p));
|
||||||
|
|
||||||
k += k/128; /* better get some more */
|
|
||||||
pp = gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM);
|
|
||||||
for (j=0; j < i && k; j++)
|
|
||||||
{
|
|
||||||
if( !p[j] )
|
|
||||||
p[j] = pp[--k];
|
|
||||||
}
|
|
||||||
xfree (pp);
|
|
||||||
}
|
|
||||||
memcpy (frame+n, p, i);
|
|
||||||
xfree (p);
|
xfree (p);
|
||||||
|
*r_data = data;
|
||||||
n += i;
|
return rc;
|
||||||
frame[n++] = 0;
|
|
||||||
memcpy (frame+n, dek->key, dek->keylen);
|
|
||||||
n += dek->keylen;
|
|
||||||
assert (n == nframe);
|
|
||||||
if (gcry_mpi_scan (&a, GCRYMPI_FMT_USG, frame, n, &nframe) )
|
|
||||||
BUG ();
|
|
||||||
gcry_free(frame);
|
|
||||||
|
|
||||||
return a;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* encrypt the DEK under the key contained in CERT and return it as a
|
/* encrypt the DEK under the key contained in CERT and return it as a
|
||||||
canonical S-Exp in encval */
|
canonical S-Exp in encval */
|
||||||
static int
|
static int
|
||||||
@ -235,17 +183,10 @@ encrypt_dek (const DEK dek, KsbaCert cert, char **encval)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* put the encoded cleartext into a simple list */
|
/* put the encoded cleartext into a simple list */
|
||||||
|
rc = encode_session_key (dek, &s_data);
|
||||||
{
|
{
|
||||||
/* fixme: actually the pkcs-1 encoding should go into libgcrypt */
|
log_error ("encode_session_key failed: %s\n", gpg_strerror (rc));
|
||||||
gcry_mpi_t data = encode_session_key (dek, gcry_pk_get_nbits (s_pkey));
|
return rc;
|
||||||
if (!data)
|
|
||||||
{
|
|
||||||
gcry_mpi_release (data);
|
|
||||||
return gpg_error (GPG_ERR_GENERAL);
|
|
||||||
}
|
|
||||||
if (gcry_sexp_build (&s_data, NULL, "%m", data))
|
|
||||||
BUG ();
|
|
||||||
gcry_mpi_release (data);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* pass it to libgcrypt */
|
/* pass it to libgcrypt */
|
||||||
|
Loading…
x
Reference in New Issue
Block a user