1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

2003-08-14 Timo Schulz <twoaday@freakmail.de>

* encrypt.c (encode_session_key): Use new Libgcrypt interface.
This commit is contained in:
Timo Schulz 2003-08-14 19:39:30 +00:00
parent aa6e3f7d28
commit 81a0683e21
2 changed files with 22 additions and 77 deletions

View File

@ -1,3 +1,7 @@
2003-08-14 Timo Schulz <twoaday@freakmail.de>
* encrypt.c (encode_session_key): Use new Libgcrypt interface.
2003-07-31 Werner Koch <wk@gnupg.org> 2003-07-31 Werner Koch <wk@gnupg.org>
* Makefile.am (gpgsm_LDADD): Added INTLLIBS. * Makefile.am (gpgsm_LDADD): Added INTLLIBS.

View File

@ -126,81 +126,29 @@ init_dek (DEK dek)
} }
/* Encode the session key. NBITS is the number of bits which should be static int
used for packing the session key. returns: An mpi with the session encode_session_key (DEK dek, gcry_sexp_t * r_data)
key (caller must free) */
static gcry_mpi_t
encode_session_key (DEK dek, unsigned int nbits)
{ {
int nframe = (nbits+7) / 8; gcry_sexp_t data;
byte *p; char * p, tmp[3];
byte *frame; int i;
int i,n; int rc;
gcry_mpi_t a;
if (dek->keylen + 7 > nframe || !nframe) p = xmalloc (64+dek->keylen);
log_bug ("can't encode a %d bit key in a %d bits frame\n", strcpy (p, "(data\n (flags pkcs1)\n (value #");
dek->keylen*8, nbits ); for (i=0; i < dek->keylen; i++)
/* We encode the session key in this way:
*
* 0 2 RND(n bytes) 0 KEY(k bytes)
*
* (But how can we store the leading 0 - the external representaion
* of MPIs doesn't allow leading zeroes =:-)
*
* RND are non-zero random bytes.
* KEY is the encryption key (session key)
*/
frame = gcry_xmalloc_secure (nframe);
n = 0;
frame[n++] = 0;
frame[n++] = 2;
i = nframe - 3 - dek->keylen;
assert (i > 0);
p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
/* replace zero bytes by new values */
for (;;)
{ {
int j, k; sprintf (tmp, "%02x", dek->key[i]);
byte *pp; strcat (p, tmp);
/* count the zero bytes */
for(j=k=0; j < i; j++ )
{
if( !p[j] )
k++;
}
if( !k )
break; /* okay: no zero bytes */
k += k/128; /* better get some more */
pp = gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM);
for (j=0; j < i && k; j++)
{
if( !p[j] )
p[j] = pp[--k];
}
xfree (pp);
} }
memcpy (frame+n, p, i); strcat (p, "#))\n");
rc = gcry_sexp_sscan (&data, NULL, p, strlen (p));
xfree (p); xfree (p);
*r_data = data;
n += i; return rc;
frame[n++] = 0;
memcpy (frame+n, dek->key, dek->keylen);
n += dek->keylen;
assert (n == nframe);
if (gcry_mpi_scan (&a, GCRYMPI_FMT_USG, frame, n, &nframe) )
BUG ();
gcry_free(frame);
return a;
} }
/* encrypt the DEK under the key contained in CERT and return it as a /* encrypt the DEK under the key contained in CERT and return it as a
canonical S-Exp in encval */ canonical S-Exp in encval */
static int static int
@ -235,17 +183,10 @@ encrypt_dek (const DEK dek, KsbaCert cert, char **encval)
} }
/* put the encoded cleartext into a simple list */ /* put the encoded cleartext into a simple list */
rc = encode_session_key (dek, &s_data);
{ {
/* fixme: actually the pkcs-1 encoding should go into libgcrypt */ log_error ("encode_session_key failed: %s\n", gpg_strerror (rc));
gcry_mpi_t data = encode_session_key (dek, gcry_pk_get_nbits (s_pkey)); return rc;
if (!data)
{
gcry_mpi_release (data);
return gpg_error (GPG_ERR_GENERAL);
}
if (gcry_sexp_build (&s_data, NULL, "%m", data))
BUG ();
gcry_mpi_release (data);
} }
/* pass it to libgcrypt */ /* pass it to libgcrypt */