LCOV - code coverage report
Current view: top level - sm - encrypt.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 0 246 0.0 %
Date: 2016-09-12 12:29:17 Functions: 0 5 0.0 %

          Line data    Source code
       1             : /* encrypt.c - Encrypt a message
       2             :  * Copyright (C) 2001, 2003, 2004, 2007, 2008,
       3             :  *               2010 Free Software Foundation, Inc.
       4             :  *
       5             :  * This file is part of GnuPG.
       6             :  *
       7             :  * GnuPG is free software; you can redistribute it and/or modify
       8             :  * it under the terms of the GNU General Public License as published by
       9             :  * the Free Software Foundation; either version 3 of the License, or
      10             :  * (at your option) any later version.
      11             :  *
      12             :  * GnuPG is distributed in the hope that it will be useful,
      13             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      14             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      15             :  * GNU General Public License for more details.
      16             :  *
      17             :  * You should have received a copy of the GNU General Public License
      18             :  * along with this program; if not, see <http://www.gnu.org/licenses/>.
      19             :  */
      20             : 
      21             : #include <config.h>
      22             : #include <stdio.h>
      23             : #include <stdlib.h>
      24             : #include <string.h>
      25             : #include <errno.h>
      26             : #include <unistd.h>
      27             : #include <time.h>
      28             : #include <assert.h>
      29             : 
      30             : #include "gpgsm.h"
      31             : #include <gcrypt.h>
      32             : #include <ksba.h>
      33             : 
      34             : #include "keydb.h"
      35             : #include "i18n.h"
      36             : 
      37             : 
      38             : struct dek_s {
      39             :   const char *algoid;
      40             :   int algo;
      41             :   gcry_cipher_hd_t chd;
      42             :   char key[32];
      43             :   int keylen;
      44             :   char iv[32];
      45             :   int ivlen;
      46             : };
      47             : typedef struct dek_s *DEK;
      48             : 
      49             : 
      50             : /* Callback parameters for the encryption.  */
      51             : struct encrypt_cb_parm_s
      52             : {
      53             :   estream_t fp;
      54             :   DEK dek;
      55             :   int eof_seen;
      56             :   int ready;
      57             :   int readerror;
      58             :   int bufsize;
      59             :   unsigned char *buffer;
      60             :   int buflen;
      61             : };
      62             : 
      63             : 
      64             : 
      65             : 
      66             : 
      67             : /* Initialize the data encryption key (session key). */
      68             : static int
      69           0 : init_dek (DEK dek)
      70             : {
      71           0 :   int rc=0, mode, i;
      72             : 
      73           0 :   dek->algo = gcry_cipher_map_name (dek->algoid);
      74           0 :   mode = gcry_cipher_mode_from_oid (dek->algoid);
      75           0 :   if (!dek->algo || !mode)
      76             :     {
      77           0 :       log_error ("unsupported algorithm '%s'\n", dek->algoid);
      78           0 :       return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
      79             :     }
      80             : 
      81             :   /* Extra check for algorithms we consider to be too weak for
      82             :      encryption, although we support them for decryption.  Note that
      83             :      there is another check below discriminating on the key length. */
      84           0 :   switch (dek->algo)
      85             :     {
      86             :     case GCRY_CIPHER_DES:
      87             :     case GCRY_CIPHER_RFC2268_40:
      88           0 :       log_error ("cipher algorithm '%s' not allowed: too weak\n",
      89             :                  gnupg_cipher_algo_name (dek->algo));
      90           0 :       return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
      91             :     default:
      92           0 :       break;
      93             :     }
      94             : 
      95           0 :   dek->keylen = gcry_cipher_get_algo_keylen (dek->algo);
      96           0 :   if (!dek->keylen || dek->keylen > sizeof (dek->key))
      97           0 :     return gpg_error (GPG_ERR_BUG);
      98             : 
      99           0 :   dek->ivlen = gcry_cipher_get_algo_blklen (dek->algo);
     100           0 :   if (!dek->ivlen || dek->ivlen > sizeof (dek->iv))
     101           0 :     return gpg_error (GPG_ERR_BUG);
     102             : 
     103             :   /* Make sure we don't use weak keys. */
     104           0 :   if (dek->keylen < 100/8)
     105             :     {
     106           0 :       log_error ("key length of '%s' too small\n", dek->algoid);
     107           0 :       return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
     108             :     }
     109             : 
     110           0 :   rc = gcry_cipher_open (&dek->chd, dek->algo, mode, GCRY_CIPHER_SECURE);
     111           0 :   if (rc)
     112             :     {
     113           0 :       log_error ("failed to create cipher context: %s\n", gpg_strerror (rc));
     114           0 :       return rc;
     115             :     }
     116             : 
     117           0 :   for (i=0; i < 8; i++)
     118             :     {
     119           0 :       gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM );
     120           0 :       rc = gcry_cipher_setkey (dek->chd, dek->key, dek->keylen);
     121           0 :       if (gpg_err_code (rc) != GPG_ERR_WEAK_KEY)
     122           0 :         break;
     123           0 :       log_info(_("weak key created - retrying\n") );
     124             :     }
     125           0 :   if (rc)
     126             :     {
     127           0 :       log_error ("failed to set the key: %s\n", gpg_strerror (rc));
     128           0 :       gcry_cipher_close (dek->chd);
     129           0 :       dek->chd = NULL;
     130           0 :       return rc;
     131             :     }
     132             : 
     133           0 :   gcry_create_nonce (dek->iv, dek->ivlen);
     134           0 :   rc = gcry_cipher_setiv (dek->chd, dek->iv, dek->ivlen);
     135           0 :   if (rc)
     136             :     {
     137           0 :       log_error ("failed to set the IV: %s\n", gpg_strerror (rc));
     138           0 :       gcry_cipher_close (dek->chd);
     139           0 :       dek->chd = NULL;
     140           0 :       return rc;
     141             :     }
     142             : 
     143           0 :   return 0;
     144             : }
     145             : 
     146             : 
     147             : static int
     148           0 : encode_session_key (DEK dek, gcry_sexp_t * r_data)
     149             : {
     150             :   gcry_sexp_t data;
     151             :   char *p;
     152             :   int rc;
     153             : 
     154           0 :   p = xtrymalloc (64 + 2 * dek->keylen);
     155           0 :   if (!p)
     156           0 :     return gpg_error_from_syserror ();
     157           0 :   strcpy (p, "(data\n (flags pkcs1)\n (value #");
     158           0 :   bin2hex (dek->key, dek->keylen, p + strlen (p));
     159           0 :   strcat (p, "#))\n");
     160           0 :   rc = gcry_sexp_sscan (&data, NULL, p, strlen (p));
     161           0 :   xfree (p);
     162           0 :   *r_data = data;
     163           0 :   return rc;
     164             : }
     165             : 
     166             : 
     167             : /* Encrypt the DEK under the key contained in CERT and return it as a
     168             :    canonical S-Exp in encval. */
     169             : static int
     170           0 : encrypt_dek (const DEK dek, ksba_cert_t cert, unsigned char **encval)
     171             : {
     172             :   gcry_sexp_t s_ciph, s_data, s_pkey;
     173             :   int rc;
     174             :   ksba_sexp_t buf;
     175             :   size_t len;
     176             : 
     177           0 :   *encval = NULL;
     178             : 
     179             :   /* get the key from the cert */
     180           0 :   buf = ksba_cert_get_public_key (cert);
     181           0 :   if (!buf)
     182             :     {
     183           0 :       log_error ("no public key for recipient\n");
     184           0 :       return gpg_error (GPG_ERR_NO_PUBKEY);
     185             :     }
     186           0 :   len = gcry_sexp_canon_len (buf, 0, NULL, NULL);
     187           0 :   if (!len)
     188             :     {
     189           0 :       log_error ("libksba did not return a proper S-Exp\n");
     190           0 :       return gpg_error (GPG_ERR_BUG);
     191             :     }
     192           0 :   rc = gcry_sexp_sscan (&s_pkey, NULL, (char*)buf, len);
     193           0 :   xfree (buf); buf = NULL;
     194           0 :   if (rc)
     195             :     {
     196           0 :       log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
     197           0 :       return rc;
     198             :     }
     199             : 
     200             :   /* Put the encoded cleartext into a simple list. */
     201           0 :   s_data = NULL; /* (avoid compiler warning) */
     202           0 :   rc = encode_session_key (dek, &s_data);
     203           0 :   if (rc)
     204             :     {
     205           0 :       log_error ("encode_session_key failed: %s\n", gpg_strerror (rc));
     206           0 :       return rc;
     207             :     }
     208             : 
     209             :   /* pass it to libgcrypt */
     210           0 :   rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
     211           0 :   gcry_sexp_release (s_data);
     212           0 :   gcry_sexp_release (s_pkey);
     213             : 
     214             :   /* Reformat it. */
     215           0 :   if (!rc)
     216             :     {
     217           0 :       rc = make_canon_sexp (s_ciph, encval, NULL);
     218           0 :       gcry_sexp_release (s_ciph);
     219             :     }
     220           0 :   return rc;
     221             : }
     222             : 
     223             : 
     224             : 
     225             : /* do the actual encryption */
     226             : static int
     227           0 : encrypt_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
     228             : {
     229           0 :   struct encrypt_cb_parm_s *parm = cb_value;
     230           0 :   int blklen = parm->dek->ivlen;
     231             :   unsigned char *p;
     232             :   size_t n;
     233             : 
     234           0 :   *nread = 0;
     235           0 :   if (!buffer)
     236           0 :     return -1; /* not supported */
     237             : 
     238           0 :   if (parm->ready)
     239           0 :     return -1;
     240             : 
     241           0 :   if (count < blklen)
     242           0 :     BUG ();
     243             : 
     244           0 :   if (!parm->eof_seen)
     245             :     { /* fillup the buffer */
     246           0 :       p = parm->buffer;
     247           0 :       for (n=parm->buflen; n < parm->bufsize; n++)
     248             :         {
     249           0 :           int c = es_getc (parm->fp);
     250           0 :           if (c == EOF)
     251             :             {
     252           0 :               if (es_ferror (parm->fp))
     253             :                 {
     254           0 :                   parm->readerror = errno;
     255           0 :                   return -1;
     256             :                 }
     257           0 :               parm->eof_seen = 1;
     258           0 :               break;
     259             :             }
     260           0 :           p[n] = c;
     261             :         }
     262           0 :       parm->buflen = n;
     263             :     }
     264             : 
     265           0 :   n = parm->buflen < count? parm->buflen : count;
     266           0 :   n = n/blklen * blklen;
     267           0 :   if (n)
     268             :     { /* encrypt the stuff */
     269           0 :       gcry_cipher_encrypt (parm->dek->chd, buffer, n, parm->buffer, n);
     270           0 :       *nread = n;
     271             :       /* Who cares about cycles, take the easy way and shift the buffer */
     272           0 :       parm->buflen -= n;
     273           0 :       memmove (parm->buffer, parm->buffer+n, parm->buflen);
     274             :     }
     275           0 :   else if (parm->eof_seen)
     276             :     { /* no complete block but eof: add padding */
     277             :       /* fixme: we should try to do this also in the above code path */
     278           0 :       int i, npad = blklen - (parm->buflen % blklen);
     279           0 :       p = parm->buffer;
     280           0 :       for (n=parm->buflen, i=0; n < parm->bufsize && i < npad; n++, i++)
     281           0 :         p[n] = npad;
     282           0 :       gcry_cipher_encrypt (parm->dek->chd, buffer, n, parm->buffer, n);
     283           0 :       *nread = n;
     284           0 :       parm->ready = 1;
     285             :     }
     286             : 
     287           0 :   return 0;
     288             : }
     289             : 
     290             : 
     291             : 
     292             : 
     293             : /* Perform an encrypt operation.
     294             : 
     295             :    Encrypt the data received on DATA-FD and write it to OUT_FP.  The
     296             :    recipients are take from the certificate given in recplist; if this
     297             :    is NULL it will be encrypted for a default recipient */
     298             : int
     299           0 : gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
     300             : {
     301           0 :   int rc = 0;
     302           0 :   Base64Context b64writer = NULL;
     303             :   gpg_error_t err;
     304             :   ksba_writer_t writer;
     305           0 :   ksba_reader_t reader = NULL;
     306           0 :   ksba_cms_t cms = NULL;
     307             :   ksba_stop_reason_t stopreason;
     308           0 :   KEYDB_HANDLE kh = NULL;
     309             :   struct encrypt_cb_parm_s encparm;
     310           0 :   DEK dek = NULL;
     311             :   int recpno;
     312           0 :   estream_t data_fp = NULL;
     313             :   certlist_t cl;
     314             :   int count;
     315             : 
     316           0 :   memset (&encparm, 0, sizeof encparm);
     317             : 
     318           0 :   audit_set_type (ctrl->audit, AUDIT_TYPE_ENCRYPT);
     319             : 
     320             :   /* Check that the certificate list is not empty and that at least
     321             :      one certificate is not flagged as encrypt_to; i.e. is a real
     322             :      recipient. */
     323           0 :   for (cl = recplist; cl; cl = cl->next)
     324           0 :     if (!cl->is_encrypt_to)
     325           0 :       break;
     326           0 :   if (!cl)
     327             :     {
     328           0 :       log_error(_("no valid recipients given\n"));
     329           0 :       gpgsm_status (ctrl, STATUS_NO_RECP, "0");
     330           0 :       audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, 0);
     331           0 :       rc = gpg_error (GPG_ERR_NO_PUBKEY);
     332           0 :       goto leave;
     333             :     }
     334             : 
     335           0 :   for (count = 0, cl = recplist; cl; cl = cl->next)
     336           0 :     count++;
     337           0 :   audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, count);
     338             : 
     339           0 :   kh = keydb_new (0);
     340           0 :   if (!kh)
     341             :     {
     342           0 :       log_error (_("failed to allocate keyDB handle\n"));
     343           0 :       rc = gpg_error (GPG_ERR_GENERAL);
     344           0 :       goto leave;
     345             :     }
     346             : 
     347             :   /* Fixme:  We should use the unlocked version of the es functions.  */
     348           0 :   data_fp = es_fdopen_nc (data_fd, "rb");
     349           0 :   if (!data_fp)
     350             :     {
     351           0 :       rc = gpg_error_from_syserror ();
     352           0 :       log_error ("fdopen() failed: %s\n", strerror (errno));
     353           0 :       goto leave;
     354             :     }
     355             : 
     356           0 :   err = ksba_reader_new (&reader);
     357           0 :   if (err)
     358           0 :       rc = err;
     359           0 :   if (!rc)
     360           0 :     rc = ksba_reader_set_cb (reader, encrypt_cb, &encparm);
     361           0 :   if (rc)
     362           0 :       goto leave;
     363             : 
     364           0 :   encparm.fp = data_fp;
     365             : 
     366           0 :   ctrl->pem_name = "ENCRYPTED MESSAGE";
     367           0 :   rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
     368           0 :   if (rc)
     369             :     {
     370           0 :       log_error ("can't create writer: %s\n", gpg_strerror (rc));
     371           0 :       goto leave;
     372             :     }
     373             : 
     374           0 :   err = ksba_cms_new (&cms);
     375           0 :   if (err)
     376             :     {
     377           0 :       rc = err;
     378           0 :       goto leave;
     379             :     }
     380             : 
     381           0 :   err = ksba_cms_set_reader_writer (cms, reader, writer);
     382           0 :   if (err)
     383             :     {
     384           0 :       log_debug ("ksba_cms_set_reader_writer failed: %s\n",
     385             :                  gpg_strerror (err));
     386           0 :       rc = err;
     387           0 :       goto leave;
     388             :     }
     389             : 
     390           0 :   audit_log (ctrl->audit, AUDIT_GOT_DATA);
     391             : 
     392             :   /* We are going to create enveloped data with uninterpreted data as
     393             :      inner content */
     394           0 :   err = ksba_cms_set_content_type (cms, 0, KSBA_CT_ENVELOPED_DATA);
     395           0 :   if (!err)
     396           0 :     err = ksba_cms_set_content_type (cms, 1, KSBA_CT_DATA);
     397           0 :   if (err)
     398             :     {
     399           0 :       log_debug ("ksba_cms_set_content_type failed: %s\n",
     400             :                  gpg_strerror (err));
     401           0 :       rc = err;
     402           0 :       goto leave;
     403             :     }
     404             : 
     405             :   /* Create a session key */
     406           0 :   dek = xtrycalloc_secure (1, sizeof *dek);
     407           0 :   if (!dek)
     408           0 :     rc = out_of_core ();
     409             :   else
     410             :   {
     411           0 :     dek->algoid = opt.def_cipher_algoid;
     412           0 :     rc = init_dek (dek);
     413             :   }
     414           0 :   if (rc)
     415             :     {
     416           0 :       log_error ("failed to create the session key: %s\n",
     417             :                  gpg_strerror (rc));
     418           0 :       goto leave;
     419             :     }
     420             : 
     421           0 :   err = ksba_cms_set_content_enc_algo (cms, dek->algoid, dek->iv, dek->ivlen);
     422           0 :   if (err)
     423             :     {
     424           0 :       log_error ("ksba_cms_set_content_enc_algo failed: %s\n",
     425             :                  gpg_strerror (err));
     426           0 :       rc = err;
     427           0 :       goto leave;
     428             :     }
     429             : 
     430           0 :   encparm.dek = dek;
     431             :   /* Use a ~8k (AES) or ~4k (3DES) buffer */
     432           0 :   encparm.bufsize = 500 * dek->ivlen;
     433           0 :   encparm.buffer = xtrymalloc (encparm.bufsize);
     434           0 :   if (!encparm.buffer)
     435             :     {
     436           0 :       rc = out_of_core ();
     437           0 :       goto leave;
     438             :     }
     439             : 
     440           0 :   audit_log_s (ctrl->audit, AUDIT_SESSION_KEY, dek->algoid);
     441             : 
     442             :   /* Gather certificates of recipients, encrypt the session key for
     443             :      each and store them in the CMS object */
     444           0 :   for (recpno = 0, cl = recplist; cl; recpno++, cl = cl->next)
     445             :     {
     446             :       unsigned char *encval;
     447             : 
     448           0 :       rc = encrypt_dek (dek, cl->cert, &encval);
     449           0 :       if (rc)
     450             :         {
     451           0 :           audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, rc);
     452           0 :           log_error ("encryption failed for recipient no. %d: %s\n",
     453             :                      recpno, gpg_strerror (rc));
     454           0 :           goto leave;
     455             :         }
     456             : 
     457           0 :       err = ksba_cms_add_recipient (cms, cl->cert);
     458           0 :       if (err)
     459             :         {
     460           0 :           audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
     461           0 :           log_error ("ksba_cms_add_recipient failed: %s\n",
     462             :                      gpg_strerror (err));
     463           0 :           rc = err;
     464           0 :           xfree (encval);
     465           0 :           goto leave;
     466             :         }
     467             : 
     468           0 :       err = ksba_cms_set_enc_val (cms, recpno, encval);
     469           0 :       xfree (encval);
     470           0 :       audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
     471           0 :       if (err)
     472             :         {
     473           0 :           log_error ("ksba_cms_set_enc_val failed: %s\n",
     474             :                      gpg_strerror (err));
     475           0 :           rc = err;
     476           0 :           goto leave;
     477             :         }
     478             :     }
     479             : 
     480             :   /* Main control loop for encryption. */
     481           0 :   recpno = 0;
     482             :   do
     483             :     {
     484           0 :       err = ksba_cms_build (cms, &stopreason);
     485           0 :       if (err)
     486             :         {
     487           0 :           log_debug ("ksba_cms_build failed: %s\n", gpg_strerror (err));
     488           0 :           rc = err;
     489           0 :           goto leave;
     490             :         }
     491             :     }
     492           0 :   while (stopreason != KSBA_SR_READY);
     493             : 
     494           0 :   if (encparm.readerror)
     495             :     {
     496           0 :       log_error ("error reading input: %s\n", strerror (encparm.readerror));
     497           0 :       rc = gpg_error (gpg_err_code_from_errno (encparm.readerror));
     498           0 :       goto leave;
     499             :     }
     500             : 
     501             : 
     502           0 :   rc = gpgsm_finish_writer (b64writer);
     503           0 :   if (rc)
     504             :     {
     505           0 :       log_error ("write failed: %s\n", gpg_strerror (rc));
     506           0 :       goto leave;
     507             :     }
     508           0 :   audit_log (ctrl->audit, AUDIT_ENCRYPTION_DONE);
     509           0 :   log_info ("encrypted data created\n");
     510             : 
     511             :  leave:
     512           0 :   ksba_cms_release (cms);
     513           0 :   gpgsm_destroy_writer (b64writer);
     514           0 :   ksba_reader_release (reader);
     515           0 :   keydb_release (kh);
     516           0 :   xfree (dek);
     517           0 :   es_fclose (data_fp);
     518           0 :   xfree (encparm.buffer);
     519           0 :   return rc;
     520             : }

Generated by: LCOV version 1.11