summaryrefslogtreecommitdiff
path: root/src/core/wee-secure.c
diff options
context:
space:
mode:
authorSebastien Helleu <flashcode@flashtux.org>2013-08-02 23:15:21 +0200
committerSebastien Helleu <flashcode@flashtux.org>2013-08-02 23:15:21 +0200
commit5a07051f207d21cf8987e0ce2ed25363a4ab6e53 (patch)
treeb541efd2f38351aaf3c1cf509369ca8c220619e0 /src/core/wee-secure.c
parentd6a19adc5418fb885ae7dd2ce0d7cdb3fecaac47 (diff)
downloadweechat-5a07051f207d21cf8987e0ce2ed25363a4ab6e53.zip
core: remove use of function gcry_kdf_derive so that it compiles with libgcrypt < 1.5.0
The key built with salt + passphrase has changed, so old encrypted data in file sec.conf can not be decrypted with this new version.
Diffstat (limited to 'src/core/wee-secure.c')
-rw-r--r--src/core/wee-secure.c64
1 files changed, 57 insertions, 7 deletions
diff --git a/src/core/wee-secure.c b/src/core/wee-secure.c
index ddab7b8ed..d6935984f 100644
--- a/src/core/wee-secure.c
+++ b/src/core/wee-secure.c
@@ -132,6 +132,59 @@ secure_search_cipher (const char *cipher)
}
/*
+ * Derives a key from salt + passphrase (using a hash).
+ *
+ * Returns:
+ * 1: OK
+ * 0: error
+ */
+
+int
+secure_derive_key (const char *salt, const char *passphrase,
+ unsigned char *key, int length_key)
+{
+ unsigned char *buffer, *ptr_hash;
+ int length, length_hash;
+ gcry_md_hd_t hd_md;
+
+ memset (key, 0, length_key);
+
+ length = SALT_SIZE + strlen (passphrase);
+ buffer = malloc (length);
+ if (!buffer)
+ return 0;
+
+ /* build a buffer with salt + passphrase */
+ memcpy (buffer, salt, SALT_SIZE);
+ memcpy (buffer + SALT_SIZE, passphrase, strlen (passphrase));
+
+ /* compute hash of buffer */
+ if (gcry_md_open (&hd_md, GCRY_MD_SHA512, 0) != 0)
+ {
+ free (buffer);
+ return 0;
+ }
+ length_hash = gcry_md_get_algo_dlen (GCRY_MD_SHA512);
+ gcry_md_write (hd_md, buffer, length);
+ ptr_hash = gcry_md_read (hd_md, GCRY_MD_SHA512);
+ if (!ptr_hash)
+ {
+ gcry_md_close (hd_md);
+ free (buffer);
+ return 0;
+ }
+
+ /* copy beginning of hash (or full hash) in the key */
+ memcpy (key, ptr_hash,
+ (length_hash > length_key) ? length_key : length_hash);
+
+ gcry_md_close (hd_md);
+ free (buffer);
+
+ return 1;
+}
+
+/*
* Encrypts data using a hash algorithm + cipher + passphrase.
*
* Following actions are performed:
@@ -173,7 +226,8 @@ secure_encrypt_data (const char *data, int length_data,
int rc, length_salt, length_hash, length_hash_data, length_key;
gcry_md_hd_t *hd_md;
gcry_cipher_hd_t *hd_cipher;
- unsigned char salt[SALT_SIZE], *ptr_hash, *key, *hash_and_data;
+ char salt[SALT_SIZE];
+ unsigned char *ptr_hash, *key, *hash_and_data;
rc = -1;
@@ -207,9 +261,7 @@ secure_encrypt_data (const char *data, int length_data,
memcpy (salt, SECURE_SALT_DEFAULT,
(length_salt <= SALT_SIZE) ? length_salt : SALT_SIZE);
}
- if (gcry_kdf_derive (passphrase, strlen (passphrase),
- GCRY_KDF_ITERSALTED_S2K, GCRY_MD_SHA256,
- salt, SALT_SIZE, 65536, length_key, key) != 0)
+ if (!secure_derive_key (salt, passphrase, key, length_key))
{
rc = -2;
goto encend;
@@ -352,9 +404,7 @@ secure_decrypt_data (const char *buffer, int length_buffer,
key = malloc (length_key);
if (!key)
goto decend;
- if (gcry_kdf_derive (passphrase, strlen (passphrase),
- GCRY_KDF_ITERSALTED_S2K, GCRY_MD_SHA256,
- buffer, SALT_SIZE, 65536, length_key, key) != 0)
+ if (!secure_derive_key (buffer, passphrase, key, length_key))
{
rc = -3;
goto decend;