projects
/
u
/
mdw
/
catacomb
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
ba17f3e
)
Ooops, fix all the bugs.
author
mdw
<mdw>
Sun, 28 Mar 2004 01:58:26 +0000
(
01:58
+0000)
committer
mdw
<mdw>
Sun, 28 Mar 2004 01:58:26 +0000
(
01:58
+0000)
key-pass.c
patch
|
blob
|
blame
|
history
diff --git
a/key-pass.c
b/key-pass.c
index
3785765
..
d31b31f
100644
(file)
--- a/
key-pass.c
+++ b/
key-pass.c
@@
-1,6
+1,6
@@
/* -*-c-*-
*
/* -*-c-*-
*
- * $Id: key-pass.c,v 1.
3 2004/03/27 00:04:19
mdw Exp $
+ * $Id: key-pass.c,v 1.
4 2004/03/28 01:58:26
mdw Exp $
*
* Encrypting keys with passphrases
*
*
* Encrypting keys with passphrases
*
@@
-30,6
+30,9
@@
/*----- Revision history --------------------------------------------------*
*
* $Log: key-pass.c,v $
/*----- Revision history --------------------------------------------------*
*
* $Log: key-pass.c,v $
+ * Revision 1.4 2004/03/28 01:58:26 mdw
+ * Ooops, fix all the bugs.
+ *
* Revision 1.3 2004/03/27 00:04:19 mdw
* INCOMPATIBLE CHANGE. Use proper authentication on encrypted keys.
*
* Revision 1.3 2004/03/27 00:04:19 mdw
* INCOMPATIBLE CHANGE. Use proper authentication on encrypted keys.
*
@@
-167,7
+170,7
@@
int key_punlock(const char *tag, key_data *k, key_data *kt)
{
octet b[RMD160_HASHSZ * 2];
char buf[256];
{
octet b[RMD160_HASHSZ * 2];
char buf[256];
- octet *p;
+ octet *p
= 0
;
size_t sz;
/* --- Sanity check --- */
size_t sz;
/* --- Sanity check --- */
@@
-175,12
+178,11
@@
int key_punlock(const char *tag, key_data *k, key_data *kt)
assert(((void)"Key data isn't encrypted",
(k->e & KF_ENCMASK) == KENC_ENCRYPT));
assert(((void)"Key data isn't encrypted",
(k->e & KF_ENCMASK) == KENC_ENCRYPT));
- /* ---
Allocate a destination buffer
--- */
+ /* ---
Check the size
--- */
if (k->u.k.sz < RMD160_HASHSZ * 2)
if (k->u.k.sz < RMD160_HASHSZ * 2)
- return (-1);
;
+ return (-1);
sz = k->u.k.sz - RMD160_HASHSZ * 2;
sz = k->u.k.sz - RMD160_HASHSZ * 2;
- p = xmalloc(k->u.k.sz);
/* --- Fetch the passphrase --- */
/* --- Fetch the passphrase --- */
@@
-199,15
+201,6
@@
int key_punlock(const char *tag, key_data *k, key_data *kt)
BURN(buf);
}
BURN(buf);
}
- /* --- Decrypt the key data --- */
-
- {
- blowfish_cbcctx c;
- blowfish_cbcinit(&c, b, sizeof(b), 0);
- blowfish_cbcdecrypt(&c, k->u.k.k + RMD160_HASHSZ, p, sz);
- BURN(c);
- }
-
/* --- Verify the MAC --- */
{
/* --- Verify the MAC --- */
{
@@
-215,9
+208,10
@@
int key_punlock(const char *tag, key_data *k, key_data *kt)
rmd160_macctx mc;
rmd160_hmacinit(&mk, b + RMD160_HASHSZ, RMD160_HASHSZ);
rmd160_macinit(&mc, &mk);
rmd160_macctx mc;
rmd160_hmacinit(&mk, b + RMD160_HASHSZ, RMD160_HASHSZ);
rmd160_macinit(&mc, &mk);
- rmd160_machash(&mc, p, sz);
- rmd160_macdone(&mc, b);
- if (memcmp(b, k->u.k.k + RMD160_HASHSZ, RMD160_HASHSZ) != 0) {
+ rmd160_machash(&mc, k->u.k.k + RMD160_HASHSZ * 2, sz);
+ rmd160_macdone(&mc, b + RMD160_HASHSZ);
+ if (memcmp(b + RMD160_HASHSZ, k->u.k.k + RMD160_HASHSZ,
+ RMD160_HASHSZ) != 0) {
passphrase_cancel(tag);
goto fail;
}
passphrase_cancel(tag);
goto fail;
}
@@
-225,6
+219,19
@@
int key_punlock(const char *tag, key_data *k, key_data *kt)
BURN(mc);
}
BURN(mc);
}
+ /* --- Allocate a destination buffer --- */
+
+ p = xmalloc(sz);
+
+ /* --- Decrypt the key data --- */
+
+ {
+ blowfish_cbcctx c;
+ blowfish_cbcinit(&c, b, RMD160_HASHSZ, 0);
+ blowfish_cbcdecrypt(&c, k->u.k.k + RMD160_HASHSZ * 2, p, sz);
+ BURN(c);
+ }
+
/* --- Decode the key data into the destination buffer --- */
if (k == kt) {
/* --- Decode the key data into the destination buffer --- */
if (k == kt) {