projects / u / mdw / catacomb / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
hashsum.c: Document `--progress' in the `--help' display.
[u/mdw/catacomb] / key-pass.c
1 /* -*-c-*-
2 *
3 * $Id$
4 *
5 * Encrypting keys with passphrases
6 *
7 * (c) 1999 Straylight/Edgeware
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of Catacomb.
13 *
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
18 *
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
23 *
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
27 * MA 02111-1307, USA.
28 */
29
30 /*----- Header files ------------------------------------------------------*/
31
32 #include <mLib/dstr.h>
33
34 #include "key.h"
35 #include "paranoia.h"
36 #include "passphrase.h"
37 #include "rand.h"
38
39 #include "blowfish-cbc.h"
40 #include "rmd160.h"
41 #include "rmd160-mgf.h"
42 #include "rmd160-hmac.h"
43
44 /*----- Main code ---------------------------------------------------------*/
45
46 /* --- Format --- *
47 *
48 * Choose a random 160-bit string %$R$%. Take the passphrase %$P$%, and
49 * the message %$m$%. Now, compute %$K_E \cat K_T = H(R \cat P)$%,
50 * %$y_0 = E_{K_E}(m)$% and %$\tau = T_{K_T}(y_0)$%. The ciphertext is
51 * %$y = N \cat \tau \cat y_0$%.
52 *
53 * This is not the original format. The original format was insecure, and
54 * has been replaced incompatibly.
55 */
56
57 /* --- @key_lock@ --- *
58 *
59 * Arguments: @key_data **kt@ = where to store the destination pointer
60 * @key_data *k@ = source key data block or null to use @*kt@
61 * @const void *e@ = secret to encrypt key with
62 * @size_t esz@ = size of the secret
63 *
64 * Returns: ---
65 *
66 * Use: Encrypts a key data block using a secret.
67 */
68
69 void key_lock(key_data **kt, key_data *k, const void *e, size_t esz)
70 {
71 dstr d = DSTR_INIT;
72 octet b[RMD160_HASHSZ * 2];
73 octet *m;
74 size_t msz;
75 rmd160_mgfctx r;
76 blowfish_cbcctx c;
77 rmd160_mackey mk;
78 rmd160_macctx mc;
79
80 /* --- Sanity check --- */
81
82 if (k) key_incref(k); else k = *kt;
83 assert(((void)"Key data is already encrypted",
84 (k->e & KF_ENCMASK) != KENC_ENCRYPT));
85
86 /* --- Format the stuff in the buffer --- */
87
88 DENSURE(&d, RMD160_HASHSZ * 2);
89 rand_get(RAND_GLOBAL, d.buf, RMD160_HASHSZ);
90 d.len += RMD160_HASHSZ * 2;
91 key_encode(k, &d, 0);
92 m = (octet *)d.buf + RMD160_HASHSZ * 2;
93 msz = d.len - RMD160_HASHSZ * 2;
94
95 /* --- Hash the passphrase to make a key --- */
96
97 rmd160_mgfkeybegin(&r);
98 rmd160_mgfkeyadd(&r, d.buf, RMD160_HASHSZ);
99 rmd160_mgfkeyadd(&r, e, esz);
100 rmd160_mgfencrypt(&r, 0, b, sizeof(b));
101 BURN(r);
102
103 /* --- Encrypt the plaintext --- */
104
105 blowfish_cbcinit(&c, b, RMD160_HASHSZ, 0);
106 blowfish_cbcencrypt(&c, m, m, msz);
107 BURN(c);
108
109 /* --- MAC the ciphertext --- */
110
111 rmd160_hmacinit(&mk, b + RMD160_HASHSZ, RMD160_HASHSZ);
112 rmd160_macinit(&mc, &mk);
113 rmd160_machash(&mc, m, msz);
114 rmd160_macdone(&mc, d.buf + RMD160_HASHSZ);
115 BURN(mk);
116 BURN(mc);
117
118 /* --- Done --- */
119
120 BURN(b);
121 *kt = key_newencrypted(0, d.buf, d.len);
122 key_drop(k);
123 dstr_destroy(&d);
124 }
125
126 /* --- @key_unlock@ --- *
127 *
128 * Arguments: @key_data **kt@ = where to store the destination pointer
129 * @key_data *k@ = source key data block or null to use @*kt@
130 * @const void *e@ = secret to decrypt the block with
131 * @size_t esz@ = size of the secret
132 *
133 * Returns: Zero for success, or a @KERR_@ error code.
134 *
135 * Use: Unlocks a key using a secret.
136 */
137
138 int key_unlock(key_data **kt, key_data *k, const void *e, size_t esz)
139 {
140 octet b[RMD160_HASHSZ * 2];
141 octet *p = 0;
142 int rc;
143 int drop = 0;
144 key_data *kd;
145 rmd160_mgfctx r;
146 blowfish_cbcctx c;
147 rmd160_mackey mk;
148 rmd160_macctx mc;
149 size_t sz;
150
151 /* --- Sanity check --- */
152
153 if (!k) { k = *kt; drop = 1; }
154 assert(((void)"Key data isn't encrypted",
155 (k->e & KF_ENCMASK) == KENC_ENCRYPT));
156
157 /* --- Check the size --- */
158
159 if (k->u.k.sz < RMD160_HASHSZ * 2)
160 return (KERR_MALFORMED);
161 sz = k->u.k.sz - RMD160_HASHSZ * 2;
162
163 /* --- Hash the passphrase to make a key --- */
164
165 rmd160_mgfkeybegin(&r);
166 rmd160_mgfkeyadd(&r, k->u.k.k, RMD160_HASHSZ);
167 rmd160_mgfkeyadd(&r, e, esz);
168 rmd160_mgfencrypt(&r, 0, b, sizeof(b));
169 BURN(r);
170
171 /* --- Verify the MAC --- */
172
173 rmd160_hmacinit(&mk, b + RMD160_HASHSZ, RMD160_HASHSZ);
174 rmd160_macinit(&mc, &mk);
175 rmd160_machash(&mc, k->u.k.k + RMD160_HASHSZ * 2, sz);
176 rmd160_macdone(&mc, b + RMD160_HASHSZ);
177 if (memcmp(b + RMD160_HASHSZ, k->u.k.k + RMD160_HASHSZ,
178 RMD160_HASHSZ) != 0) {
179 rc = KERR_BADPASS;
180 goto fail;
181 }
182 BURN(mk);
183 BURN(mc);
184
185 /* --- Allocate a destination buffer --- */
186
187 p = xmalloc(sz);
188
189 /* --- Decrypt the key data --- */
190
191 blowfish_cbcinit(&c, b, RMD160_HASHSZ, 0);
192 blowfish_cbcdecrypt(&c, k->u.k.k + RMD160_HASHSZ * 2, p, sz);
193 BURN(c);
194
195 /* --- Decode the key data into the destination buffer --- */
196
197 if ((kd = key_decode(p, sz)) == 0) {
198 rc = KERR_MALFORMED;
199 goto fail;
200 }
201 *kt = kd;
202
203 /* --- Done --- */
204
205 xfree(p);
206 if (drop) key_drop(k);
207 return (0);
208
209 /* --- Tidy up if things went wrong --- */
210
211 fail:
212 BURN(b);
213 xfree(p);
214 return (rc);
215 }
216
217 /* --- @key_plock@ --- *
218 *
219 * Arguments: @key_data **kt@ = where to store the destination pointer
220 * @key_data *k@ = source key data block or null to use @*kt@
221 * @const char *tag@ = tag to use for passphrase
222 *
223 * Returns: Zero if successful, a @KERR@ error code on failure.
224 *
225 * Use: Locks a key by encrypting it with a passphrase.
226 */
227
228 int key_plock(key_data **kt, key_data *k, const char *tag)
229 {
230 char buf[256];
231
232 if (passphrase_read(tag, PMODE_VERIFY, buf, sizeof(buf)))
233 return (KERR_IO);
234 key_lock(kt, k, buf, strlen(buf));
235 BURN(buf);
236 return (0);
237 }
238
239 /* --- @key_punlock@ --- *
240 *
241 * Arguments: @key_data **kt@ = where to store the destination pointer
242 * @key_data *k@ = source key data block or null to use @*kt@
243 * @const char *tag@ = tag to use for passphrase
244 *
245 * Returns: Zero if it worked, a @KERR_@ error code on failure.
246 *
247 * Use: Unlocks a passphrase-locked key.
248 */
249
250 int key_punlock(key_data **kt, key_data *k, const char *tag)
251 {
252 char buf[256];
253 int rc;
254
255 if (passphrase_read(tag, PMODE_READ, buf, sizeof(buf)))
256 return (KERR_IO);
257 rc = key_unlock(kt, k, buf, strlen(buf));
258 BURN(buf);
259 if (rc == KERR_BADPASS || !k)
260 passphrase_cancel(tag);
261 return (rc);
262 }
263
264 /*----- That's all, folks -------------------------------------------------*/
Catacomb cryptographic library (downstream of http://git.distorted.org.uk/~mdw/catacomb/)