/*
* Convert string to big-endian ucs2.
*/
void *ucs2be_str(pool_t pool, const char *str, size_t *size)
{
buffer_t *buf = buffer_create_dynamic(pool, 32);
while (*str != '\0') {
buffer_append_c(buf, '\0');
buffer_append_c(buf, *str++);
}
*size = buf->used;
return buffer_free_without_data(&buf);
}
static unsigned char *
t_unicode_str(const char *src, bool ucase, size_t *size)
{
buffer_t *wstr;
wstr = buffer_create_dynamic(unsafe_data_stack_pool, 32);
for ( ; *src; src++) {
buffer_append_c(wstr, ucase ? i_toupper(*src) : *src);
buffer_append_c(wstr, '\0');
}
*size = buffer_get_used_size(wstr);
return buffer_free_without_data(&wstr);
}
char *str_free_without_data(string_t **str)
{
str_add_nul(*str);
return buffer_free_without_data(str);
}
static
int o_stream_encrypt_keydata_create_v2(struct encrypt_ostream *stream, const char *malg)
{
const struct hash_method *hash = hash_method_lookup(malg);
const char *error;
size_t tagsize;
const unsigned char *ptr;
size_t kl;
unsigned int val;
buffer_t *keydata, *res;
if (hash == NULL) {
io_stream_set_error(&stream->ostream.iostream,
"Encryption init error: Hash algorithm '%s' not supported", malg);
return -1;
}
/* key data length for internal use */
if ((stream->flags & IO_STREAM_ENC_INTEGRITY_HMAC) == IO_STREAM_ENC_INTEGRITY_HMAC) {
tagsize = IOSTREAM_TAG_SIZE;
} else if ((stream->flags & IO_STREAM_ENC_INTEGRITY_AEAD) == IO_STREAM_ENC_INTEGRITY_AEAD) {
tagsize = IOSTREAM_TAG_SIZE;
} else {
/* do not include MAC */
tagsize = 0;
}
/* generate keydata length of random data for key/iv/mac */
kl = dcrypt_ctx_sym_get_key_length(stream->ctx_sym) + dcrypt_ctx_sym_get_iv_length(stream->ctx_sym) + tagsize;
keydata = buffer_create_dynamic(pool_datastack_create(), kl);
random_fill(buffer_append_space_unsafe(keydata, kl), kl);
buffer_set_used_size(keydata, kl);
ptr = keydata->data;
res = buffer_create_dynamic(default_pool, 256);
/* store number of public key(s) */
buffer_append(res, "\1", 1); /* one key for now */
/* we can do multiple keys at this point, but do it only once now */
if (o_stream_encrypt_key_for_pubkey_v2(stream, malg, ptr, kl, stream->pub, res) != 0) {
buffer_free(&res);
return -1;
}
/* create hash of the key data */
unsigned char hctx[hash->context_size];
unsigned char hres[hash->digest_size];
hash->init(hctx);
hash->loop(hctx, ptr, kl);
hash->result(hctx, hres);
for(int i = 1; i < 2049; i++) {
uint32_t i_msb = htonl(i);
hash->init(hctx);
hash->loop(hctx, hres, sizeof(hres));
hash->loop(hctx, &i_msb, sizeof(i_msb));
hash->result(hctx, hres);
}
/* store key data hash */
val = htonl(sizeof(hres));
buffer_append(res, &val, 4);
buffer_append(res, hres, sizeof(hres));
/* pick up key data that goes into stream */
stream->key_data_len = res->used;
stream->key_data = buffer_free_without_data(&res);
/* prime contexts */
dcrypt_ctx_sym_set_key(stream->ctx_sym, ptr, dcrypt_ctx_sym_get_key_length(stream->ctx_sym));
ptr += dcrypt_ctx_sym_get_key_length(stream->ctx_sym);
dcrypt_ctx_sym_set_iv(stream->ctx_sym, ptr, dcrypt_ctx_sym_get_iv_length(stream->ctx_sym));
ptr += dcrypt_ctx_sym_get_iv_length(stream->ctx_sym);
if ((stream->flags & IO_STREAM_ENC_INTEGRITY_HMAC) == IO_STREAM_ENC_INTEGRITY_HMAC) {
dcrypt_ctx_hmac_set_key(stream->ctx_mac, ptr, tagsize);
dcrypt_ctx_hmac_init(stream->ctx_mac, &error);
} else if ((stream->flags & IO_STREAM_ENC_INTEGRITY_AEAD) == IO_STREAM_ENC_INTEGRITY_AEAD) {
dcrypt_ctx_sym_set_aad(stream->ctx_sym, ptr, tagsize);
}
/* clear out private key data */
safe_memset(buffer_get_modifiable_data(keydata, 0), 0, keydata->used);
if (!dcrypt_ctx_sym_init(stream->ctx_sym, &error)) {
io_stream_set_error(&stream->ostream.iostream, "Encryption init error: %s", error);
return -1;
}
return 0;
}
static
int o_stream_encrypt_keydata_create_v1(struct encrypt_ostream *stream)
{
buffer_t *encrypted_key, *ephemeral_key, *secret, *res, buf;
const char *error = NULL;
const struct hash_method *hash = &hash_method_sha256;
/* various temporary buffers */
unsigned char seed[IO_STREAM_ENCRYPT_SEED_SIZE];
unsigned char pkhash[hash->digest_size];
unsigned char ekhash[hash->digest_size];
unsigned char hres[hash->digest_size];
unsigned char hctx[hash->context_size];
/* hash the public key first */
buffer_create_from_data(&buf, pkhash, sizeof(pkhash));
if (!dcrypt_key_id_public_old(stream->pub, &buf, &error)) {
io_stream_set_error(&stream->ostream.iostream, "Key hash failed: %s", error);
return -1;
}
/* hash the key base */
hash->init(hctx);
hash->loop(hctx, seed, sizeof(seed));
hash->result(hctx, ekhash);
ephemeral_key = buffer_create_dynamic(pool_datastack_create(), 256);
encrypted_key = buffer_create_dynamic(pool_datastack_create(), 256);
secret = buffer_create_dynamic(pool_datastack_create(), 256);
if (!dcrypt_ecdh_derive_secret_peer(stream->pub, ephemeral_key, secret, &error)) {
io_stream_set_error(&stream->ostream.iostream, "Cannot perform ECDH: %s", error);
return -1;
}
/* hash the secret data */
hash->init(hctx);
hash->loop(hctx, secret->data, secret->used);
hash->result(hctx, hres);
safe_memset(buffer_get_modifiable_data(secret, 0), 0, secret->used);
/* use it to encrypt the actual encryption key */
struct dcrypt_context_symmetric *dctx;
if (!dcrypt_ctx_sym_create("aes-256-ctr", DCRYPT_MODE_ENCRYPT, &dctx, &error)) {
io_stream_set_error(&stream->ostream.iostream, "Key encryption error: %s", error);
return -1;
}
random_fill(seed, sizeof(seed));
hash->init(hctx);
hash->loop(hctx, seed, sizeof(seed));
hash->result(hctx, ekhash);
int ec = 0;
/* NB! The old code was broken and used this kind of IV - it is not correct, but
we need to stay compatible with old data */
dcrypt_ctx_sym_set_iv(dctx, (const unsigned char*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16);
dcrypt_ctx_sym_set_key(dctx, hres, sizeof(hres));
if (!dcrypt_ctx_sym_init(dctx, &error) ||
!dcrypt_ctx_sym_update(dctx, seed, sizeof(seed), encrypted_key, &error) ||
!dcrypt_ctx_sym_final(dctx, encrypted_key, &error)) {
ec = -1;
}
dcrypt_ctx_sym_destroy(&dctx);
if (ec != 0) {
safe_memset(seed, 0, sizeof(seed));
io_stream_set_error(&stream->ostream.iostream, "Key encryption error: %s", error);
return -1;
}
/* same as above */
dcrypt_ctx_sym_set_iv(stream->ctx_sym, (const unsigned char*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16);
dcrypt_ctx_sym_set_key(stream->ctx_sym, seed, sizeof(seed));
safe_memset(seed, 0, sizeof(seed));
if (!dcrypt_ctx_sym_init(stream->ctx_sym, &error)) {
io_stream_set_error(&stream->ostream.iostream, "Encryption init error: %s", error);
return -1;
}
res = buffer_create_dynamic(default_pool, 256);
/* ephemeral key */
unsigned short s;
s = htons(ephemeral_key->used);
buffer_append(res, &s, 2);
buffer_append(res, ephemeral_key->data, ephemeral_key->used);
/* public key hash */
s = htons(sizeof(pkhash));
buffer_append(res, &s, 2);
buffer_append(res, pkhash, sizeof(pkhash));
/* encrypted key hash */
s = htons(sizeof(ekhash));
buffer_append(res, &s, 2);
buffer_append(res, ekhash, sizeof(ekhash));
/* encrypted key */
s = htons(encrypted_key->used);
buffer_append(res, &s, 2);
buffer_append(res, encrypted_key->data, encrypted_key->used);
stream->key_data_len = res->used;
stream->key_data = buffer_free_without_data(&res);
return 0;
}
