2003-08-14 Timo Schulz <twoaday@freakmail.de>

* encrypt.c (encode_session_key): Use new Libgcrypt interface.

sm/ChangeLog

@@ -1,3 +1,7 @@
+2003-08-14  Timo Schulz  <twoaday@freakmail.de>
+
+	* encrypt.c (encode_session_key): Use new Libgcrypt interface.
+	
 2003-07-31  Werner Koch  <wk@gnupg.org>
 
 	* Makefile.am (gpgsm_LDADD): Added INTLLIBS.

sm/encrypt.c

@@ -126,81 +126,29 @@ init_dek (DEK dek)
 }
 
 
-/* Encode the session key. NBITS is the number of bits which should be
+static int
-   used for packing the session key.  returns: An mpi with the session
+encode_session_key (DEK dek, gcry_sexp_t * r_data)
-   key (caller must free) */
-static gcry_mpi_t
-encode_session_key (DEK dek, unsigned int nbits)
 {
-  int nframe = (nbits+7) / 8;
+  gcry_sexp_t data;
-  byte *p;
+  char * p, tmp[3];
-  byte *frame;
+  int i;
-  int i,n;
+  int rc;
-  gcry_mpi_t a;
 
-  if (dek->keylen + 7 > nframe || !nframe)
+  p = xmalloc (64+dek->keylen);
-    log_bug ("can't encode a %d bit key in a %d bits frame\n",
+  strcpy (p, "(data\n (flags pkcs1)\n (value #");
-             dek->keylen*8, nbits );
+  for (i=0; i < dek->keylen; i++)
-
-  /* We encode the session key in this way:
-   *
-   *	   0  2  RND(n bytes)  0  KEY(k bytes)
-   *
-   * (But how can we store the leading 0 - the external representaion
-   *	of MPIs doesn't allow leading zeroes =:-)
-   *
-   * RND are non-zero random bytes.
-   * KEY is the encryption key (session key) 
-   */
-
-  frame = gcry_xmalloc_secure (nframe);
-  n = 0;
-  frame[n++] = 0;
-  frame[n++] = 2;
-  i = nframe - 3 - dek->keylen;
-  assert (i > 0);
-  p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
-  /* replace zero bytes by new values */
-  for (;;)
     {
-      int j, k;
+      sprintf (tmp, "%02x", dek->key[i]);
-      byte *pp;
+      strcat (p, tmp);   
-
-      /* count the zero bytes */
-      for(j=k=0; j < i; j++ )
-        {
-          if( !p[j] )
-            k++;
-        }
-      if( !k )
-        break; /* okay: no zero bytes */
-
-      k += k/128; /* better get some more */
-      pp = gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM);
-      for (j=0; j < i && k; j++)
-        {
-          if( !p[j] )
-            p[j] = pp[--k];
-        }
-      xfree (pp);
     }
-  memcpy (frame+n, p, i);
+  strcat (p, "#))\n");
+  rc = gcry_sexp_sscan (&data, NULL, p, strlen (p));
   xfree (p);
-
+  *r_data = data;
-  n += i;
+  return rc;    
-  frame[n++] = 0;
-  memcpy (frame+n, dek->key, dek->keylen);
-  n += dek->keylen;
-  assert (n == nframe);
-  if (gcry_mpi_scan (&a, GCRYMPI_FMT_USG, frame, n, &nframe) )
-    BUG ();
-  gcry_free(frame);
-
-  return a;
 }
 
 
-
 /* encrypt the DEK under the key contained in CERT and return it as a
    canonical S-Exp in encval */
 static int
@@ -235,17 +183,10 @@ encrypt_dek (const DEK dek, KsbaCert cert, char **encval)
     }
 
   /* put the encoded cleartext into a simple list */
+  rc = encode_session_key (dek, &s_data);
   {
-    /* fixme: actually the pkcs-1 encoding should go into libgcrypt */
+    log_error ("encode_session_key failed: %s\n", gpg_strerror (rc));
-    gcry_mpi_t data = encode_session_key (dek, gcry_pk_get_nbits (s_pkey));
+    return rc;
-    if (!data)
-      {
-        gcry_mpi_release (data);
-        return gpg_error (GPG_ERR_GENERAL);
-      }
-    if (gcry_sexp_build (&s_data, NULL, "%m", data))
-      BUG ();
-    gcry_mpi_release (data);
   }
 
   /* pass it to libgcrypt */