Remove deprecated Nettle API calls

crypt.c

@@ -11,26 +11,32 @@
 
 #ifdef HAVE_LIBNETTLE
 #include <nettle/aes.h>
+#include <nettle/pbkdf2.h>
 
 extern guint opt_verbose;
 
 /**
  * init the cryto
  * with key  *key
- * and length length
- * lenght MUST be 16, 24 or 32
- * anything short will be zero padded to
+ * anything short will be padded to
  * create a correct key
  * return aes context
  */
-struct aes_ctx *crypt_init(gchar * key, gboolean crypt)
+struct aes256_ctx *crypt_init(gchar * key, gboolean crypt)
 {
-	guint length = strlen(key);
-	struct aes_ctx *ctx = g_malloc(sizeof(struct aes_ctx));
+	struct aes256_ctx *ctx = g_malloc(sizeof(*ctx));
+	guint iter_count = 10000;  /* TODO: Maybe this should be given by the user? */
+	gchar *salt = "this_probably_shouldnt_be_static";  /* Ditto */
+	gchar new_key[AES256_KEY_SIZE];
+
+	pbkdf2_hmac_sha256(strlen(key), (uint8_t *)key, iter_count, strlen(salt),
+		(uint8_t *)salt, AES256_KEY_SIZE, (uint8_t *)new_key);
+
 	if (crypt)
-		aes_set_encrypt_key(ctx, length, (uint8_t *) key);
+		aes256_set_encrypt_key(ctx, (uint8_t *)new_key);
 	else
-		aes_set_decrypt_key(ctx, length, (uint8_t *) key);
+		aes256_set_decrypt_key(ctx, (uint8_t *)new_key);
+
 	return ctx;
 }
 
@@ -70,7 +76,7 @@ gchar *dot_dotdot(gchar * q, gchar * p, gboolean abs)
 /* encrypt and base64 encode path element
  * return the result
  */
-gchar *crypt_path_ele(struct aes_ctx * ctx, gchar * elem, GHashTable * tr)
+static gchar *crypt_path_ele(void * ctx, gchar * elem, GHashTable * tr)
 {
 	guint aes_size, len;
 	guchar *source;
@@ -89,7 +95,7 @@ gchar *crypt_path_ele(struct aes_ctx * ctx, gchar * elem, GHashTable * tr)
 	dest = g_malloc0(aes_size);
 
 	memmove(source, elem, len);
-	aes_encrypt(ctx, aes_size, dest, source);
+	aes256_encrypt(ctx, aes_size, dest, source);
 
 	b64 = encode_base64(aes_size, dest);
 	g_free(source);
@@ -111,7 +117,7 @@ gchar *crypt_path_ele(struct aes_ctx * ctx, gchar * elem, GHashTable * tr)
 /* decrypt and base64 decode path element
  * return the result
  */
-gchar *decrypt_path_ele(struct aes_ctx * ctx, char *b64, GHashTable * tr)
+static gchar *decrypt_path_ele(void * ctx, char *b64, GHashTable * tr)
 {
 	guint aes_size, len;
 	guchar *source;
@@ -137,7 +143,7 @@ gchar *decrypt_path_ele(struct aes_ctx * ctx, char *b64, GHashTable * tr)
 	dest = g_malloc0(aes_size);
 
 	memmove(source, crypt, crypt_size);
-	aes_decrypt(ctx, aes_size, dest, source);
+	aes256_decrypt(ctx, aes_size, dest, source);
 
 	g_free(source);
 	g_free(crypt);
@@ -160,7 +166,7 @@ gchar *decrypt_path_ele(struct aes_ctx * ctx, char *b64, GHashTable * tr)
 /**
  * encrypt an entire path
  */
-gchar *crypt_path(struct aes_ctx * ctx, gchar * p, GHashTable * tr)
+gchar *crypt_path(struct aes256_ctx * ctx, gchar * p, GHashTable * tr)
 {
 	gchar *q, *c, *t, *crypt, *xpath, *temp, d;
 	gboolean abs;
@@ -221,7 +227,7 @@ gchar *crypt_path(struct aes_ctx * ctx, gchar * p, GHashTable * tr)
 /**
  * decrypt an entire path
  */
-gchar *decrypt_path(struct aes_ctx * ctx, gchar * x, GHashTable * tr)
+gchar *decrypt_path(struct aes256_ctx * ctx, gchar * x, GHashTable * tr)
 {
 
 	gchar *path, *q, *c, *t, *plain, *temp, d;

rdup-tr.c

@@ -21,7 +21,7 @@ gboolean opt_tty = FALSE;	/* force write to tty */
 #ifdef HAVE_LIBNETTLE
 gchar *opt_crypt_key = NULL;	/* encryption key */
 gchar *opt_decrypt_key = NULL;	/* decryption key */
-struct aes_ctx *aes_ctx = NULL;
+struct aes256_ctx *aes_ctx = NULL;
 #endif				/* HAVE_LIBNETTLE */
 gint opt_verbose = 0;		/* be more verbose */
 gint opt_output = O_RDUP;	/* default output */
@@ -46,6 +46,7 @@ void entry_free(struct rdup *f);
 static struct rdup *crypt_entry(struct rdup *e, GHashTable * tr)
 {
 	gchar *crypt, *dest;
+
 	if (!(crypt = crypt_path(aes_ctx, e->f_name, tr))) {
 		msg(_("Failed to encrypt path `%s\'"), e->f_name);
 		return NULL;
@@ -475,8 +476,7 @@ int main(int argc, char **argv)
 			if (!(opt_crypt_key = crypt_key(optarg)))
 				exit(EXIT_FAILURE);
 
-			aes_ctx = crypt_init(opt_crypt_key, TRUE);
-			if (!aes_ctx)
+			if (!(aes_ctx = crypt_init(opt_crypt_key, TRUE)))
 				exit(EXIT_FAILURE);
 #else
 			msg(_("Compiled without encryption, can not encrypt"));
@@ -493,8 +493,7 @@ int main(int argc, char **argv)
 			if (!(opt_decrypt_key = crypt_key(optarg)))
 				exit(EXIT_FAILURE);
 
-			aes_ctx = crypt_init(opt_decrypt_key, FALSE);
-			if (!aes_ctx)
+			if (!(aes_ctx = crypt_init(opt_decrypt_key, FALSE)))
 				exit(EXIT_FAILURE);
 #else
 			msg(_("Compiled without encryption, can not decrypt"));

rdup-tr.h.in

@@ -88,10 +88,8 @@ gint rdup_write_table(struct rdup *, FILE *);
 gchar *slink(struct rdup *);
 
 /* crypt.c */
-struct aes_ctx * crypt_init(gchar *, gboolean);
-gchar * crypt_path_ele(struct aes_ctx *, gchar *, GHashTable *);
-gchar * decrypt_path_ele(struct aes_ctx *, gchar *, GHashTable *);
-gchar * crypt_path(struct aes_ctx *, gchar *, GHashTable *);
-gchar * decrypt_path(struct aes_ctx *, gchar *, GHashTable *);
+struct aes256_ctx *crypt_init(gchar *, gboolean);
+gchar * crypt_path(struct aes256_ctx *, gchar *, GHashTable *);
+gchar * decrypt_path(struct aes256_ctx *, gchar *, GHashTable *);
 char *  crypt_key(gchar *);
 #endif  /* _RDUP_TR_H */