[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-recutils] [PATCH] libgcrypt cipher handle leaks
From: |
Daiki Ueno |
Subject: |
Re: [bug-recutils] [PATCH] libgcrypt cipher handle leaks |
Date: |
Mon, 02 Apr 2012 18:49:10 +0900 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.0.94 (gnu/linux) |
Daiki Ueno <address@hidden> writes:
> BTW, maybe good to use random IV instead of static ones, to avoid the
> same cipher text being generated from the same key / plain text
> combination?
I'm attaching a proposed patch (apply after the previous patch), which
uses 4-byte random salt to initialize IV.
For example,
without the patch:
$ recins -t Account -s secret -f Login -v foo -f Password -v secret accounts.rec
$ recins -t Account -s secret -f Login -v bar -f Password -v secret accounts.rec
Login: foo
Password: encrypted-MHyd3Dqz+iaViL8h1m18sA== # <-- same
Login: bar
Password: encrypted-MHyd3Dqz+iaViL8h1m18sA== # <-- same
with the patch:
$ recins -t Account -s secret -f Login -v baz -f Password -v secret accounts.rec
Login: baz
Password: encrypted-uoRC8X3ODLbFKxa1gn7/Hram1J0=
data in the older format is still readable:
$ recsel -t Account -s secret -p Login,Password accounts.rec
Login: foo
Password: secret
Login: bar
Password: secret
Login: baz
Password: secret
>From 1ad58e1c0164c8ca3939a0032998f58599a5d3f5 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <address@hidden>
Date: Mon, 2 Apr 2012 18:39:57 +0900
Subject: [PATCH] Use random IV for encryption.
---
src/rec-crypt.c | 31 ++++++++++++++++++++++---------
1 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/src/rec-crypt.c b/src/rec-crypt.c
index e989257..f0f8e2b 100644
--- a/src/rec-crypt.c
+++ b/src/rec-crypt.c
@@ -37,6 +37,8 @@
#define AESV2_BLKSIZE 16
#define AESV2_KEYSIZE 16
+#define SALT_SIZE 4
+
bool
rec_encrypt (char *in,
size_t in_size,
@@ -119,7 +121,8 @@ rec_encrypt (char *in,
return false;
}
- for (i = 0; i < AESV2_BLKSIZE; i++)
+ gcry_create_nonce (iv, SALT_SIZE);
+ for (i = SALT_SIZE; i < AESV2_BLKSIZE; i++)
{
iv[i] = i;
}
@@ -130,13 +133,16 @@ rec_encrypt (char *in,
return false;
}
- /* Encrypt the data. */
- *out_size = real_in_size;
+ *out_size = real_in_size + SALT_SIZE;
*out = malloc (*out_size);
+ /* Append salt at the end of the output. */
+ memcpy (*out + real_in_size, iv, SALT_SIZE);
+
+ /* Encrypt the data. */
if (gcry_cipher_encrypt (handler,
*out,
- *out_size,
+ real_in_size,
real_in,
real_in_size) != 0)
{
@@ -163,8 +169,13 @@ rec_decrypt (char *in,
size_t password_size;
char key[AESV2_KEYSIZE];
char iv[AESV2_BLKSIZE];
-
- if ((in_size % AESV2_BLKSIZE) != 0)
+ size_t salt_size = 0;
+
+ if (((in_size - SALT_SIZE) % AESV2_BLKSIZE) == 0)
+ {
+ salt_size = SALT_SIZE;
+ }
+ else if ((in_size % AESV2_BLKSIZE) != 0)
{
return false;
}
@@ -194,7 +205,9 @@ rec_decrypt (char *in,
return false;
}
- for (i = 0; i < AESV2_BLKSIZE; i++)
+ /* Extract salt at the end of the output. */
+ memcpy (iv, in + in_size - salt_size, salt_size);
+ for (i = salt_size; i < AESV2_BLKSIZE; i++)
{
iv[i] = i;
}
@@ -206,13 +219,13 @@ rec_decrypt (char *in,
}
/* Decrypt the data. */
- *out_size = in_size;
+ *out_size = in_size - salt_size;
*out = malloc (*out_size);
if (gcry_cipher_decrypt (handler,
*out,
*out_size,
in,
- in_size) != 0)
+ in_size - salt_size) != 0)
{
/* Error. */
gcry_cipher_close (handler);
--
1.7.7.6
Regards,
--
Daiki Ueno