/* --- @key_lock@ --- *
*
- * Arguments: @key_data *kt@ = destination block
- * @key_data *k@ = source key data block
+ * Arguments: @key_data **kt@ = where to store the destination pointer
+ * @key_data *k@ = source key data block or null to use @*kt@
* @const void *e@ = secret to encrypt key with
* @size_t esz@ = size of the secret
*
* Use: Encrypts a key data block using a secret.
*/
-void key_lock(key_data *kt, key_data *k, const void *e, size_t esz)
+void key_lock(key_data **kt, key_data *k, const void *e, size_t esz)
{
dstr d = DSTR_INIT;
octet b[RMD160_HASHSZ * 2];
/* --- Sanity check --- */
+ if (k) key_incref(k); else k = *kt;
assert(((void)"Key data is already encrypted",
(k->e & KF_ENCMASK) != KENC_ENCRYPT));
rand_get(RAND_GLOBAL, d.buf, RMD160_HASHSZ);
d.len += RMD160_HASHSZ * 2;
key_encode(k, &d, 0);
- if (k == kt)
- key_destroy(k);
m = (octet *)d.buf + RMD160_HASHSZ * 2;
msz = d.len - RMD160_HASHSZ * 2;
/* --- Done --- */
BURN(b);
- key_encrypted(kt, d.buf, d.len);
+ *kt = key_newencrypted(0, d.buf, d.len);
+ key_drop(k);
dstr_destroy(&d);
}
/* --- @key_unlock@ --- *
*
- * Arguments: @key_data *kt@ = target block
- * @key_data *k@ = source key data block
+ * Arguments: @key_data **kt@ = where to store the destination pointer
+ * @key_data *k@ = source key data block or null to use @*kt@
* @const void *e@ = secret to decrypt the block with
* @size_t esz@ = size of the secret
*
* Use: Unlocks a key using a secret.
*/
-int key_unlock(key_data *kt, key_data *k, const void *e, size_t esz)
+int key_unlock(key_data **kt, key_data *k, const void *e, size_t esz)
{
octet b[RMD160_HASHSZ * 2];
octet *p = 0;
int rc;
+ int drop = 0;
+ key_data *kd;
rmd160_mgfctx r;
blowfish_cbcctx c;
rmd160_mackey mk;
/* --- Sanity check --- */
+ if (!k) { k = *kt; drop = 1; }
assert(((void)"Key data isn't encrypted",
(k->e & KF_ENCMASK) == KENC_ENCRYPT));
/* --- Decode the key data into the destination buffer --- */
- if (k == kt)
- key_destroy(k);
- if (key_decode(p, sz, kt)) {
+ if ((kd = key_decode(p, sz)) == 0) {
rc = KERR_MALFORMED;
goto fail;
}
+ *kt = kd;
/* --- Done --- */
xfree(p);
+ if (drop) key_drop(k);
return (0);
/* --- Tidy up if things went wrong --- */
/* --- @key_plock@ --- *
*
- * Arguments: @const char *tag@ = tag to use for passphrase
- * @key_data *k@ = source key data block
- * @key_data *kt@ = target key data block
+ * Arguments: @key_data **kt@ = where to store the destination pointer
+ * @key_data *k@ = source key data block or null to use @*kt@
+ * @const char *tag@ = tag to use for passphrase
*
* Returns: Zero if successful, a @KERR@ error code on failure.
*
* Use: Locks a key by encrypting it with a passphrase.
*/
-int key_plock(const char *tag, key_data *k, key_data *kt)
+int key_plock(key_data **kt, key_data *k, const char *tag)
{
char buf[256];
/* --- @key_punlock@ --- *
*
- * Arguments: @const char *tag@ = tag to use for passphrase
- * @key_data *k@ = source key data block
- * @key_data *kt@ = target key data block
+ * Arguments: @key_data **kt@ = where to store the destination pointer
+ * @key_data *k@ = source key data block or null to use @*kt@
+ * @const char *tag@ = tag to use for passphrase
*
* Returns: Zero if it worked, a @KERR_@ error code on failure.
*
* Use: Unlocks a passphrase-locked key.
*/
-int key_punlock(const char *tag, key_data *k, key_data *kt)
+int key_punlock(key_data **kt, key_data *k, const char *tag)
{
char buf[256];
int rc;
return (KERR_IO);
rc = key_unlock(kt, k, buf, strlen(buf));
BURN(buf);
- if (rc == KERR_BADPASS || k == kt)
+ if (rc == KERR_BADPASS || !k)
passphrase_cancel(tag);
return (rc);
}