diff --git a/crypt.c b/crypt.c index fd9a74b..b413950 100644 --- a/crypt.c +++ b/crypt.c @@ -11,26 +11,32 @@ #ifdef HAVE_LIBNETTLE #include +#include extern guint opt_verbose; /** * init the cryto * with key *key - * and length length - * lenght MUST be 16, 24 or 32 - * anything short will be zero padded to + * anything short will be padded to * create a correct key * return aes context */ -struct aes_ctx *crypt_init(gchar * key, gboolean crypt) +struct aes256_ctx *crypt_init(gchar * key, gboolean crypt) { - guint length = strlen(key); - struct aes_ctx *ctx = g_malloc(sizeof(struct aes_ctx)); + struct aes256_ctx *ctx = g_malloc(sizeof(*ctx)); + guint iter_count = 10000; /* TODO: Maybe this should be given by the user? */ + gchar *salt = "this_probably_shouldnt_be_static"; /* Ditto */ + gchar new_key[AES256_KEY_SIZE]; + + pbkdf2_hmac_sha256(strlen(key), (uint8_t *)key, iter_count, strlen(salt), + (uint8_t *)salt, AES256_KEY_SIZE, (uint8_t *)new_key); + if (crypt) - aes_set_encrypt_key(ctx, length, (uint8_t *) key); + aes256_set_encrypt_key(ctx, (uint8_t *)new_key); else - aes_set_decrypt_key(ctx, length, (uint8_t *) key); + aes256_set_decrypt_key(ctx, (uint8_t *)new_key); + return ctx; } @@ -70,7 +76,7 @@ gchar *dot_dotdot(gchar * q, gchar * p, gboolean abs) /* encrypt and base64 encode path element * return the result */ -gchar *crypt_path_ele(struct aes_ctx * ctx, gchar * elem, GHashTable * tr) +static gchar *crypt_path_ele(void * ctx, gchar * elem, GHashTable * tr) { guint aes_size, len; guchar *source; @@ -89,7 +95,7 @@ gchar *crypt_path_ele(struct aes_ctx * ctx, gchar * elem, GHashTable * tr) dest = g_malloc0(aes_size); memmove(source, elem, len); - aes_encrypt(ctx, aes_size, dest, source); + aes256_encrypt(ctx, aes_size, dest, source); b64 = encode_base64(aes_size, dest); g_free(source); @@ -111,7 +117,7 @@ gchar *crypt_path_ele(struct aes_ctx * ctx, gchar * elem, GHashTable * tr) /* decrypt and base64 decode path element * return the result */ -gchar *decrypt_path_ele(struct aes_ctx * ctx, char *b64, GHashTable * tr) +static gchar *decrypt_path_ele(void * ctx, char *b64, GHashTable * tr) { guint aes_size, len; guchar *source; @@ -137,7 +143,7 @@ gchar *decrypt_path_ele(struct aes_ctx * ctx, char *b64, GHashTable * tr) dest = g_malloc0(aes_size); memmove(source, crypt, crypt_size); - aes_decrypt(ctx, aes_size, dest, source); + aes256_decrypt(ctx, aes_size, dest, source); g_free(source); g_free(crypt); @@ -160,7 +166,7 @@ gchar *decrypt_path_ele(struct aes_ctx * ctx, char *b64, GHashTable * tr) /** * encrypt an entire path */ -gchar *crypt_path(struct aes_ctx * ctx, gchar * p, GHashTable * tr) +gchar *crypt_path(struct aes256_ctx * ctx, gchar * p, GHashTable * tr) { gchar *q, *c, *t, *crypt, *xpath, *temp, d; gboolean abs; @@ -221,7 +227,7 @@ gchar *crypt_path(struct aes_ctx * ctx, gchar * p, GHashTable * tr) /** * decrypt an entire path */ -gchar *decrypt_path(struct aes_ctx * ctx, gchar * x, GHashTable * tr) +gchar *decrypt_path(struct aes256_ctx * ctx, gchar * x, GHashTable * tr) { gchar *path, *q, *c, *t, *plain, *temp, d; diff --git a/rdup-tr.c b/rdup-tr.c index 54cfa65..24beb92 100644 --- a/rdup-tr.c +++ b/rdup-tr.c @@ -21,7 +21,7 @@ gboolean opt_tty = FALSE; /* force write to tty */ #ifdef HAVE_LIBNETTLE gchar *opt_crypt_key = NULL; /* encryption key */ gchar *opt_decrypt_key = NULL; /* decryption key */ -struct aes_ctx *aes_ctx = NULL; +struct aes256_ctx *aes_ctx = NULL; #endif /* HAVE_LIBNETTLE */ gint opt_verbose = 0; /* be more verbose */ gint opt_output = O_RDUP; /* default output */ @@ -46,6 +46,7 @@ void entry_free(struct rdup *f); static struct rdup *crypt_entry(struct rdup *e, GHashTable * tr) { gchar *crypt, *dest; + if (!(crypt = crypt_path(aes_ctx, e->f_name, tr))) { msg(_("Failed to encrypt path `%s\'"), e->f_name); return NULL; @@ -475,8 +476,7 @@ int main(int argc, char **argv) if (!(opt_crypt_key = crypt_key(optarg))) exit(EXIT_FAILURE); - aes_ctx = crypt_init(opt_crypt_key, TRUE); - if (!aes_ctx) + if (!(aes_ctx = crypt_init(opt_crypt_key, TRUE))) exit(EXIT_FAILURE); #else msg(_("Compiled without encryption, can not encrypt")); @@ -493,8 +493,7 @@ int main(int argc, char **argv) if (!(opt_decrypt_key = crypt_key(optarg))) exit(EXIT_FAILURE); - aes_ctx = crypt_init(opt_decrypt_key, FALSE); - if (!aes_ctx) + if (!(aes_ctx = crypt_init(opt_decrypt_key, FALSE))) exit(EXIT_FAILURE); #else msg(_("Compiled without encryption, can not decrypt")); diff --git a/rdup-tr.h.in b/rdup-tr.h.in index 92a0a01..bf25e82 100644 --- a/rdup-tr.h.in +++ b/rdup-tr.h.in @@ -88,10 +88,8 @@ gint rdup_write_table(struct rdup *, FILE *); gchar *slink(struct rdup *); /* crypt.c */ -struct aes_ctx * crypt_init(gchar *, gboolean); -gchar * crypt_path_ele(struct aes_ctx *, gchar *, GHashTable *); -gchar * decrypt_path_ele(struct aes_ctx *, gchar *, GHashTable *); -gchar * crypt_path(struct aes_ctx *, gchar *, GHashTable *); -gchar * decrypt_path(struct aes_ctx *, gchar *, GHashTable *); +struct aes256_ctx *crypt_init(gchar *, gboolean); +gchar * crypt_path(struct aes256_ctx *, gchar *, GHashTable *); +gchar * decrypt_path(struct aes256_ctx *, gchar *, GHashTable *); char * crypt_key(gchar *); #endif /* _RDUP_TR_H */