bug-recutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-recutils] [PATCH] libgcrypt cipher handle leaks


From: Daiki Ueno
Subject: Re: [bug-recutils] [PATCH] libgcrypt cipher handle leaks
Date: Mon, 02 Apr 2012 18:49:10 +0900
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.94 (gnu/linux)

Daiki Ueno <address@hidden> writes:

> BTW, maybe good to use random IV instead of static ones, to avoid the
> same cipher text being generated from the same key / plain text
> combination?

I'm attaching a proposed patch (apply after the previous patch), which
uses 4-byte random salt to initialize IV.

For example,

without the patch:

$ recins -t Account -s secret -f Login -v foo -f Password -v secret accounts.rec
$ recins -t Account -s secret -f Login -v bar -f Password -v secret accounts.rec

 Login: foo
 Password: encrypted-MHyd3Dqz+iaViL8h1m18sA==  # <-- same

 Login: bar
 Password: encrypted-MHyd3Dqz+iaViL8h1m18sA==  # <-- same

with the patch:

$ recins -t Account -s secret -f Login -v baz -f Password -v secret accounts.rec

 Login: baz
 Password: encrypted-uoRC8X3ODLbFKxa1gn7/Hram1J0=

data in the older format is still readable:

$ recsel -t Account -s secret -p Login,Password accounts.rec

Login: foo
Password: secret

Login: bar
Password: secret

Login: baz
Password: secret

>From 1ad58e1c0164c8ca3939a0032998f58599a5d3f5 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <address@hidden>
Date: Mon, 2 Apr 2012 18:39:57 +0900
Subject: [PATCH] Use random IV for encryption.

---
 src/rec-crypt.c |   31 ++++++++++++++++++++++---------
 1 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/src/rec-crypt.c b/src/rec-crypt.c
index e989257..f0f8e2b 100644
--- a/src/rec-crypt.c
+++ b/src/rec-crypt.c
@@ -37,6 +37,8 @@
 #define AESV2_BLKSIZE 16
 #define AESV2_KEYSIZE 16
 
+#define SALT_SIZE 4
+
 bool
 rec_encrypt (char   *in,
              size_t  in_size,
@@ -119,7 +121,8 @@ rec_encrypt (char   *in,
       return false;
     }
 
-  for (i = 0; i < AESV2_BLKSIZE; i++)
+  gcry_create_nonce (iv, SALT_SIZE);
+  for (i = SALT_SIZE; i < AESV2_BLKSIZE; i++)
     {
       iv[i] = i;
     }
@@ -130,13 +133,16 @@ rec_encrypt (char   *in,
       return false;
     }
 
-  /* Encrypt the data.  */
-  *out_size = real_in_size;
+  *out_size = real_in_size + SALT_SIZE;
   *out = malloc (*out_size);
 
+  /* Append salt at the end of the output.  */
+  memcpy (*out + real_in_size, iv, SALT_SIZE);
+
+  /* Encrypt the data.  */
   if (gcry_cipher_encrypt (handler,
                            *out,
-                           *out_size,
+                           real_in_size,
                            real_in,
                            real_in_size) != 0)
     {
@@ -163,8 +169,13 @@ rec_decrypt (char   *in,
   size_t password_size;
   char key[AESV2_KEYSIZE];
   char iv[AESV2_BLKSIZE];
-  
-  if ((in_size % AESV2_BLKSIZE) != 0)
+  size_t salt_size = 0;
+
+  if (((in_size - SALT_SIZE) % AESV2_BLKSIZE) == 0)
+    {
+      salt_size = SALT_SIZE;
+    }
+  else if ((in_size % AESV2_BLKSIZE) != 0)
     {
       return false;
     }
@@ -194,7 +205,9 @@ rec_decrypt (char   *in,
       return false;
     }
 
-  for (i = 0; i < AESV2_BLKSIZE; i++)
+  /* Extract salt at the end of the output.  */
+  memcpy (iv, in + in_size - salt_size, salt_size);
+  for (i = salt_size; i < AESV2_BLKSIZE; i++)
     {
       iv[i] = i;
     }
@@ -206,13 +219,13 @@ rec_decrypt (char   *in,
     }
 
   /* Decrypt the data.  */
-  *out_size = in_size;
+  *out_size = in_size - salt_size;
   *out = malloc (*out_size);
   if (gcry_cipher_decrypt (handler,
                            *out,
                            *out_size,
                            in,
-                           in_size) != 0)
+                           in_size - salt_size) != 0)
     {
       /* Error.  */
       gcry_cipher_close (handler);
-- 
1.7.7.6

Regards,
-- 
Daiki Ueno

reply via email to

[Prev in Thread] Current Thread [Next in Thread]