aboutsummaryrefslogtreecommitdiff
path: root/src/crypt.c
blob: defc958d547509f3ca67e8765c697c20194e598c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
/*
 * Copyright © 2012 Canonical Ltd.
 * Copyright © 2015 The Arctica Project
 *
 * This program is free software: you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 3, as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranties of
 * MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
 * PURPOSE.  See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

#include <glib.h>

#include <gcrypt.h>
#include <math.h>

#include "crypt.h"

static gcry_cipher_hd_t
setup_cipher (const gchar * password)
{
	gcry_error_t     gcryError;
	gcry_cipher_hd_t gcryHandle;

	const size_t keyLength = gcry_cipher_get_algo_keylen(GCRY_CIPHER_AES);
	const size_t blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER_AES);

	// We are assuming keyLength and blkLength are the same, check it
	if (keyLength != blkLength)
		return NULL;

	char * aesSymKey = malloc(blkLength);
	const size_t passwordLength = strlen(password);
	strncpy(aesSymKey, password, blkLength);
	size_t i;
	for (i = passwordLength; i < blkLength; ++i)
		aesSymKey[i] = 0;

	gcryError = gcry_cipher_open(&gcryHandle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
	if (gcryError) {
		g_warning("gcry_cipher_open failed: %s/%s\n", gcry_strsource(gcryError), gcry_strerror(gcryError));
		return NULL;
	}

	gcryError = gcry_cipher_setkey(gcryHandle, aesSymKey, keyLength);
	if (gcryError) {
		g_warning("gcry_cipher_setkey failed: %s/%s\n", gcry_strsource(gcryError), gcry_strerror(gcryError));
		gcry_cipher_close(gcryHandle);
		return NULL;
	}

	// Use the key as IV too
	gcryError = gcry_cipher_setiv(gcryHandle, aesSymKey, blkLength);
	if (gcryError) {
		g_warning("gcry_cipher_setiv failed: %s/%s\n", gcry_strsource(gcryError), gcry_strerror(gcryError));
		gcry_cipher_close(gcryHandle);
		return NULL;
	}

	return gcryHandle;
}

/**
 * do_aes_encrypt:
 * @origBuffer: text to encrypt. Needs to be null terminated
 * @password: password to use. Will be cut/padded with 0 if it exceeds/does not reach the needed length
 * @outBufferLength: (out) On success contains the length of the returned buffer
 *
 * Returns the AES encrypted version of the text. It is responsability of the caller to free it
 */
gchar *
do_aes_encrypt(const gchar *origBuffer, const gchar * password, size_t *outBufferLength)
{
	gcry_error_t     gcryError;
	gcry_cipher_hd_t gcryHandle;

	gcryHandle = setup_cipher (password);
	if (gcryHandle == NULL) {
		return NULL;
	}

	const size_t blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER_AES);
	const size_t origBufferLength = strlen(origBuffer);
	const size_t bufferLength = ceil((double)origBufferLength / blkLength) * blkLength;
	gchar *buffer = malloc(bufferLength);
	memcpy(buffer, origBuffer, origBufferLength);
	size_t i;
	for (i = origBufferLength; i < bufferLength; ++i)
		buffer[i] = 0;

	char * encBuffer = malloc(bufferLength);
	size_t lengthDone = 0;
	while (lengthDone < bufferLength) {
		gcryError = gcry_cipher_encrypt(gcryHandle, &encBuffer[lengthDone], blkLength, &buffer[lengthDone], blkLength);
		if (gcryError) {
			g_warning("gcry_cipher_encrypt failed: %s/%s\n", gcry_strsource(gcryError), gcry_strerror(gcryError));
			gcry_cipher_close(gcryHandle);
			free(encBuffer);
			return NULL;
		}
		lengthDone += blkLength;
	}

	gcry_cipher_close(gcryHandle);

	*outBufferLength = bufferLength;
	return encBuffer;
}

/**
 * do_aes_encrypt:
 * @encBuffer: encrypted data
 * @password: password to use. Will be cut/padded with 0 if it exceeds/does not reach the needed length
 * @encBufferLength: Length of encBuffer
 *
 * Returns the AES decrypted version of the data. It is null terminated. It is responsability of the caller to free it
 */
gchar *
do_aes_decrypt(const gchar *encBuffer, const gchar * password, const size_t encBufferLength)
{
	gcry_error_t     gcryError;
	gcry_cipher_hd_t gcryHandle;

	gcryHandle = setup_cipher (password);
	if (gcryHandle == NULL) {
		return NULL;
	}

	const size_t blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER_AES128);
	const size_t bufferLength = encBufferLength;
	char * outBuffer = malloc(bufferLength);
	size_t lengthDone = 0;
	while (lengthDone < bufferLength) {
		gcryError = gcry_cipher_decrypt(gcryHandle, &outBuffer[lengthDone], 16, &encBuffer[lengthDone], 16);
		if (gcryError)
		{
			g_warning("gcry_cipher_decrypt failed: %s/%s\n", gcry_strsource(gcryError), gcry_strerror(gcryError));
			return NULL;
		}
		lengthDone += blkLength;
	}

	gcry_cipher_close(gcryHandle);
	char *result = g_strndup(outBuffer, bufferLength);
	free(outBuffer);
	return result;
}