diff options
Diffstat (limited to 'g10/encr-data.c')
| -rw-r--r-- | g10/encr-data.c | 61 |
1 files changed, 39 insertions, 22 deletions
diff --git a/g10/encr-data.c b/g10/encr-data.c index 0b3accf56..1dd6e0e77 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -56,7 +56,6 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) decode_filter_ctx_t dfx; byte *p; int rc=0, c, i; - int algo_okay; byte temp[32]; int blocksize; unsigned nprefix; @@ -71,27 +70,45 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) if( opt.verbose ) log_info(_("%s encrypted data\n"), gcry_cipher_algo_name( dek->algo ) ); - blocksize = gcry_cipher_get_blklen( dek->algo ); + blocksize = gcry_cipher_get_algo_blklen( dek->algo ); if( blocksize < 1 || blocksize > 16 ) log_fatal("unsupported blocksize %u\n", blocksize ); nprefix = blocksize; if( ed->len && ed->len < (nprefix+2) ) BUG(); ---> We are currently working HERE!!!! - if( ed->mdc_method ) - dfx.mdc_hash = md_open( ed->mdc_method, 0 ); - dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); + + if( ed->mdc_method ) { + dfx.mdc_hash = gcry_md_open( ed->mdc_method, 0 ); + if( !dfx.mdc_hash ) + BUG(); + } + if( !(dfx.cipher_hd = gcry_cipher_open( dek->algo, + GCRY_CIPHER_MODE_CFB, + GCRY_CIPHER_SECURE + | (dek->algo >= 100 ? + 0 : GCRY_CIPHER_ENABLE_SYNC) )) + ) { + /* we should never get an error here cause we already checked, that + * the algorithm is available. What about a flag to let the function + * die in this case? */ + BUG(); + } + + /* log_hexdump( "thekey", dek->key, dek->keylen );*/ - rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ); - if( rc == G10ERR_WEAK_KEY ) + rc = gcry_cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ); + if( rc == GCRYERR_WEAK_KEY ) { log_info(_("WARNING: message was encrypted with " "a weak key in the symmetric cipher.\n")); + rc = 0; + } else if( rc ) { - log_error("key setup failed: %s\n", g10_errstr(rc) ); + log_error("key setup failed: %s\n", gcry_strerror(rc) ); + rc = map_gcry_rc(rc); goto leave; } - cipher_setiv( dfx.cipher_hd, NULL, 0 ); + gcry_cipher_setiv( dfx.cipher_hd, NULL, 0 ); if( ed->len ) { for(i=0; i < (nprefix+2) && ed->len; i++, ed->len-- ) { @@ -108,10 +125,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) else temp[i] = c; } - cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2); + gcry_cipher_decrypt( dfx.cipher_hd, temp, nprefix+2, NULL, 0 ); if( dfx.mdc_hash ) - md_write( dfx.mdc_hash, temp, nprefix+2 ); - cipher_sync( dfx.cipher_hd ); + gcry_md_write( dfx.mdc_hash, temp, nprefix+2 ); + gcry_cipher_sync( dfx.cipher_hd ); p = temp; /* log_hexdump( "prefix", temp, nprefix+2 ); */ if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) { @@ -127,20 +144,20 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) if( ed->mdc_method && dfx.eof_seen == 2 ) rc = G10ERR_INVALID_PACKET; else if( ed->mdc_method ) { /* check the mdc */ - int datalen = md_digest_length( ed->mdc_method ); - md_final( dfx.mdc_hash ); + int datalen = gcry_md_get_algo_dlen( ed->mdc_method ); if( datalen != 20 - || memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) ) + || memcmp(gcry_md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) ) rc = G10ERR_BAD_SIGN; - log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen); + log_hexdump("MDC calculated:", gcry_md_read( dfx.mdc_hash, 0), datalen); log_hexdump("MDC message :", dfx.defer, 20); } leave: - cipher_close(dfx.cipher_hd); - md_close( dfx.mdc_hash ); + gcry_cipher_close(dfx.cipher_hd); + gcry_md_close( dfx.mdc_hash ); return rc; } + /* I think we should merge this with cipher_filter */ static int mdc_decode_filter( void *opaque, int control, IOBUF a, @@ -198,8 +215,8 @@ mdc_decode_filter( void *opaque, int control, IOBUF a, } if( n ) { - cipher_decrypt( dfx->cipher_hd, buf, buf, n); - md_write( dfx->mdc_hash, buf, n ); + gcry_cipher_decrypt( dfx->cipher_hd, buf, n, NULL, 0); + gcry_md_write( dfx->mdc_hash, buf, n ); } else { assert( dfx->eof_seen ); @@ -225,7 +242,7 @@ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) n = iobuf_read( a, buf, size ); if( n == -1 ) n = 0; if( n ) - cipher_decrypt( fc->cipher_hd, buf, buf, n); + gcry_cipher_decrypt( fc->cipher_hd, buf, n, NULL, 0); else rc = -1; /* eof */ *ret_len = n; |