5 * Encrypting keys with passphrases
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Catacomb.
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
30 /*----- Header files ------------------------------------------------------*/
32 #include <mLib/dstr.h>
36 #include "passphrase.h"
39 #include "blowfish-cbc.h"
41 #include "rmd160-mgf.h"
42 #include "rmd160-hmac.h"
44 /*----- Main code ---------------------------------------------------------*/
48 * Choose a random 160-bit string %$R$%. Take the passphrase %$P$%, and
49 * the message %$m$%. Now, compute %$K_E \cat K_T = H(R \cat P)$%,
50 * %$y_0 = E_{K_E}(m)$% and %$\tau = T_{K_T}(y_0)$%. The ciphertext is
51 * %$y = N \cat \tau \cat y_0$%.
53 * This is not the original format. The original format was insecure, and
54 * has been replaced incompatibly.
57 /* --- @key_lock@ --- *
59 * Arguments: @key_data **kt@ = where to store the destination pointer
60 * @key_data *k@ = source key data block or null to use @*kt@
61 * @const void *e@ = secret to encrypt key with
62 * @size_t esz@ = size of the secret
66 * Use: Encrypts a key data block using a secret.
69 void key_lock(key_data
**kt
, key_data
*k
, const void *e
, size_t esz
)
72 octet b
[RMD160_HASHSZ
* 2];
80 /* --- Sanity check --- */
82 if (k
) key_incref(k
); else k
= *kt
;
83 assert(((void)"Key data is already encrypted",
84 (k
->e
& KF_ENCMASK
) != KENC_ENCRYPT
));
86 /* --- Format the stuff in the buffer --- */
88 DENSURE(&d
, RMD160_HASHSZ
* 2);
89 rand_get(RAND_GLOBAL
, d
.buf
, RMD160_HASHSZ
);
90 d
.len
+= RMD160_HASHSZ
* 2;
92 m
= (octet
*)d
.buf
+ RMD160_HASHSZ
* 2;
93 msz
= d
.len
- RMD160_HASHSZ
* 2;
95 /* --- Hash the passphrase to make a key --- */
97 rmd160_mgfkeybegin(&r
);
98 rmd160_mgfkeyadd(&r
, d
.buf
, RMD160_HASHSZ
);
99 rmd160_mgfkeyadd(&r
, e
, esz
);
100 rmd160_mgfencrypt(&r
, 0, b
, sizeof(b
));
103 /* --- Encrypt the plaintext --- */
105 blowfish_cbcinit(&c
, b
, RMD160_HASHSZ
, 0);
106 blowfish_cbcencrypt(&c
, m
, m
, msz
);
109 /* --- MAC the ciphertext --- */
111 rmd160_hmacinit(&mk
, b
+ RMD160_HASHSZ
, RMD160_HASHSZ
);
112 rmd160_macinit(&mc
, &mk
);
113 rmd160_machash(&mc
, m
, msz
);
114 rmd160_macdone(&mc
, d
.buf
+ RMD160_HASHSZ
);
121 *kt
= key_newencrypted(0, d
.buf
, d
.len
);
126 /* --- @key_unlock@ --- *
128 * Arguments: @key_data **kt@ = where to store the destination pointer
129 * @key_data *k@ = source key data block or null to use @*kt@
130 * @const void *e@ = secret to decrypt the block with
131 * @size_t esz@ = size of the secret
133 * Returns: Zero for success, or a @KERR_@ error code.
135 * Use: Unlocks a key using a secret.
138 int key_unlock(key_data
**kt
, key_data
*k
, const void *e
, size_t esz
)
140 octet b
[RMD160_HASHSZ
* 2];
151 /* --- Sanity check --- */
153 if (!k
) { k
= *kt
; drop
= 1; }
154 assert(((void)"Key data isn't encrypted",
155 (k
->e
& KF_ENCMASK
) == KENC_ENCRYPT
));
157 /* --- Check the size --- */
159 if (k
->u
.k
.sz
< RMD160_HASHSZ
* 2)
160 return (KERR_MALFORMED
);
161 sz
= k
->u
.k
.sz
- RMD160_HASHSZ
* 2;
163 /* --- Hash the passphrase to make a key --- */
165 rmd160_mgfkeybegin(&r
);
166 rmd160_mgfkeyadd(&r
, k
->u
.k
.k
, RMD160_HASHSZ
);
167 rmd160_mgfkeyadd(&r
, e
, esz
);
168 rmd160_mgfencrypt(&r
, 0, b
, sizeof(b
));
171 /* --- Verify the MAC --- */
173 rmd160_hmacinit(&mk
, b
+ RMD160_HASHSZ
, RMD160_HASHSZ
);
174 rmd160_macinit(&mc
, &mk
);
175 rmd160_machash(&mc
, k
->u
.k
.k
+ RMD160_HASHSZ
* 2, sz
);
176 rmd160_macdone(&mc
, b
+ RMD160_HASHSZ
);
177 if (memcmp(b
+ RMD160_HASHSZ
, k
->u
.k
.k
+ RMD160_HASHSZ
,
178 RMD160_HASHSZ
) != 0) {
185 /* --- Allocate a destination buffer --- */
189 /* --- Decrypt the key data --- */
191 blowfish_cbcinit(&c
, b
, RMD160_HASHSZ
, 0);
192 blowfish_cbcdecrypt(&c
, k
->u
.k
.k
+ RMD160_HASHSZ
* 2, p
, sz
);
195 /* --- Decode the key data into the destination buffer --- */
197 if ((kd
= key_decode(p
, sz
)) == 0) {
206 if (drop
) key_drop(k
);
209 /* --- Tidy up if things went wrong --- */
217 /* --- @key_plock@ --- *
219 * Arguments: @key_data **kt@ = where to store the destination pointer
220 * @key_data *k@ = source key data block or null to use @*kt@
221 * @const char *tag@ = tag to use for passphrase
223 * Returns: Zero if successful, a @KERR@ error code on failure.
225 * Use: Locks a key by encrypting it with a passphrase.
228 int key_plock(key_data
**kt
, key_data
*k
, const char *tag
)
232 if (passphrase_read(tag
, PMODE_VERIFY
, buf
, sizeof(buf
)))
234 key_lock(kt
, k
, buf
, strlen(buf
));
239 /* --- @key_punlock@ --- *
241 * Arguments: @key_data **kt@ = where to store the destination pointer
242 * @key_data *k@ = source key data block or null to use @*kt@
243 * @const char *tag@ = tag to use for passphrase
245 * Returns: Zero if it worked, a @KERR_@ error code on failure.
247 * Use: Unlocks a passphrase-locked key.
250 int key_punlock(key_data
**kt
, key_data
*k
, const char *tag
)
255 if (passphrase_read(tag
, PMODE_READ
, buf
, sizeof(buf
)))
257 rc
= key_unlock(kt
, k
, buf
, strlen(buf
));
259 if (rc
== KERR_BADPASS
|| !k
)
260 passphrase_cancel(tag
);
264 /*----- That's all, folks -------------------------------------------------*/