mirror of
https://github.com/weechat/weechat.git
synced 2026-07-03 08:13:14 +02:00
core: remove use of function gcry_kdf_derive so that it compiles with libgcrypt < 1.5.0
The key built with salt + passphrase has changed, so old encrypted data in file sec.conf can not be decrypted with this new version.
This commit is contained in:
+57
-7
@@ -131,6 +131,59 @@ secure_search_cipher (const char *cipher)
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Derives a key from salt + passphrase (using a hash).
|
||||
*
|
||||
* Returns:
|
||||
* 1: OK
|
||||
* 0: error
|
||||
*/
|
||||
|
||||
int
|
||||
secure_derive_key (const char *salt, const char *passphrase,
|
||||
unsigned char *key, int length_key)
|
||||
{
|
||||
unsigned char *buffer, *ptr_hash;
|
||||
int length, length_hash;
|
||||
gcry_md_hd_t hd_md;
|
||||
|
||||
memset (key, 0, length_key);
|
||||
|
||||
length = SALT_SIZE + strlen (passphrase);
|
||||
buffer = malloc (length);
|
||||
if (!buffer)
|
||||
return 0;
|
||||
|
||||
/* build a buffer with salt + passphrase */
|
||||
memcpy (buffer, salt, SALT_SIZE);
|
||||
memcpy (buffer + SALT_SIZE, passphrase, strlen (passphrase));
|
||||
|
||||
/* compute hash of buffer */
|
||||
if (gcry_md_open (&hd_md, GCRY_MD_SHA512, 0) != 0)
|
||||
{
|
||||
free (buffer);
|
||||
return 0;
|
||||
}
|
||||
length_hash = gcry_md_get_algo_dlen (GCRY_MD_SHA512);
|
||||
gcry_md_write (hd_md, buffer, length);
|
||||
ptr_hash = gcry_md_read (hd_md, GCRY_MD_SHA512);
|
||||
if (!ptr_hash)
|
||||
{
|
||||
gcry_md_close (hd_md);
|
||||
free (buffer);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* copy beginning of hash (or full hash) in the key */
|
||||
memcpy (key, ptr_hash,
|
||||
(length_hash > length_key) ? length_key : length_hash);
|
||||
|
||||
gcry_md_close (hd_md);
|
||||
free (buffer);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Encrypts data using a hash algorithm + cipher + passphrase.
|
||||
*
|
||||
@@ -173,7 +226,8 @@ secure_encrypt_data (const char *data, int length_data,
|
||||
int rc, length_salt, length_hash, length_hash_data, length_key;
|
||||
gcry_md_hd_t *hd_md;
|
||||
gcry_cipher_hd_t *hd_cipher;
|
||||
unsigned char salt[SALT_SIZE], *ptr_hash, *key, *hash_and_data;
|
||||
char salt[SALT_SIZE];
|
||||
unsigned char *ptr_hash, *key, *hash_and_data;
|
||||
|
||||
rc = -1;
|
||||
|
||||
@@ -207,9 +261,7 @@ secure_encrypt_data (const char *data, int length_data,
|
||||
memcpy (salt, SECURE_SALT_DEFAULT,
|
||||
(length_salt <= SALT_SIZE) ? length_salt : SALT_SIZE);
|
||||
}
|
||||
if (gcry_kdf_derive (passphrase, strlen (passphrase),
|
||||
GCRY_KDF_ITERSALTED_S2K, GCRY_MD_SHA256,
|
||||
salt, SALT_SIZE, 65536, length_key, key) != 0)
|
||||
if (!secure_derive_key (salt, passphrase, key, length_key))
|
||||
{
|
||||
rc = -2;
|
||||
goto encend;
|
||||
@@ -352,9 +404,7 @@ secure_decrypt_data (const char *buffer, int length_buffer,
|
||||
key = malloc (length_key);
|
||||
if (!key)
|
||||
goto decend;
|
||||
if (gcry_kdf_derive (passphrase, strlen (passphrase),
|
||||
GCRY_KDF_ITERSALTED_S2K, GCRY_MD_SHA256,
|
||||
buffer, SALT_SIZE, 65536, length_key, key) != 0)
|
||||
if (!secure_derive_key (buffer, passphrase, key, length_key))
|
||||
{
|
||||
rc = -3;
|
||||
goto decend;
|
||||
|
||||
Reference in New Issue
Block a user