Line | Count | Source (jump to first uncovered line) |
1 | | /* encrypt.c - Main encryption driver |
2 | | * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, |
3 | | * 2006, 2009 Free Software Foundation, Inc. |
4 | | * Copyright (C) 2016 g10 Code GmbH |
5 | | * |
6 | | * This file is part of GnuPG. |
7 | | * |
8 | | * GnuPG is free software; you can redistribute it and/or modify |
9 | | * it under the terms of the GNU General Public License as published by |
10 | | * the Free Software Foundation; either version 3 of the License, or |
11 | | * (at your option) any later version. |
12 | | * |
13 | | * GnuPG is distributed in the hope that it will be useful, |
14 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | | * GNU General Public License for more details. |
17 | | * |
18 | | * You should have received a copy of the GNU General Public License |
19 | | * along with this program; if not, see <https://www.gnu.org/licenses/>. |
20 | | */ |
21 | | |
22 | | #include <config.h> |
23 | | #include <stdio.h> |
24 | | #include <stdlib.h> |
25 | | #include <string.h> |
26 | | #include <errno.h> |
27 | | |
28 | | #include "gpg.h" |
29 | | #include "options.h" |
30 | | #include "packet.h" |
31 | | #include "../common/status.h" |
32 | | #include "../common/iobuf.h" |
33 | | #include "keydb.h" |
34 | | #include "../common/util.h" |
35 | | #include "main.h" |
36 | | #include "filter.h" |
37 | | #include "trustdb.h" |
38 | | #include "../common/i18n.h" |
39 | | #include "../common/status.h" |
40 | | #include "pkglue.h" |
41 | | #include "../common/compliance.h" |
42 | | |
43 | | |
44 | | static int encrypt_simple( const char *filename, int mode, int use_seskey ); |
45 | | static int write_pubkey_enc_from_list (ctrl_t ctrl, |
46 | | PK_LIST pk_list, DEK *dek, iobuf_t out); |
47 | | |
48 | | /**************** |
49 | | * Encrypt FILENAME with only the symmetric cipher. Take input from |
50 | | * stdin if FILENAME is NULL. If --force-aead is used we use an SKESK. |
51 | | */ |
52 | | int |
53 | | encrypt_symmetric (const char *filename) |
54 | 0 | { |
55 | 0 | return encrypt_simple( filename, 1, opt.force_aead); |
56 | 0 | } |
57 | | |
58 | | |
59 | | /**************** |
60 | | * Encrypt FILENAME as a literal data packet only. Take input from |
61 | | * stdin if FILENAME is NULL. |
62 | | */ |
63 | | int |
64 | | encrypt_store (const char *filename) |
65 | 0 | { |
66 | 0 | return encrypt_simple( filename, 0, 0 ); |
67 | 0 | } |
68 | | |
69 | | |
70 | | /* Create and setup a DEK structure and print approriate warnings. |
71 | | * PK_LIST gives the list of public keys. Always returns a DEK. The |
72 | | * actual session needs to be added later. */ |
73 | | static DEK * |
74 | | create_dek_with_warnings (pk_list_t pk_list) |
75 | 0 | { |
76 | 0 | DEK *dek; |
77 | |
|
78 | 0 | dek = xmalloc_secure_clear (sizeof *dek); |
79 | 0 | if (!opt.def_cipher_algo) |
80 | 0 | { |
81 | | /* Try to get it from the prefs. */ |
82 | 0 | dek->algo = select_algo_from_prefs (pk_list, PREFTYPE_SYM, -1, NULL); |
83 | 0 | if (dek->algo == -1) |
84 | 0 | { |
85 | | /* If does not make sense to fallback to the rfc4880 |
86 | | * required 3DES if we will reject that algo later. Thus we |
87 | | * fallback to AES anticipating RFC4880bis rules. */ |
88 | 0 | if (opt.flags.allow_old_cipher_algos) |
89 | 0 | dek->algo = CIPHER_ALGO_3DES; |
90 | 0 | else |
91 | 0 | dek->algo = CIPHER_ALGO_AES; |
92 | 0 | } |
93 | | |
94 | | /* In case 3DES has been selected, print a warning if any key |
95 | | * does not have a preference for AES. This should help to |
96 | | * indentify why encrypting to several recipients falls back to |
97 | | * 3DES. */ |
98 | 0 | if (opt.verbose && dek->algo == CIPHER_ALGO_3DES) |
99 | 0 | warn_missing_aes_from_pklist (pk_list); |
100 | 0 | } |
101 | 0 | else |
102 | 0 | { |
103 | 0 | if (!opt.expert |
104 | 0 | && (select_algo_from_prefs (pk_list, PREFTYPE_SYM, |
105 | 0 | opt.def_cipher_algo, NULL) |
106 | 0 | != opt.def_cipher_algo)) |
107 | 0 | { |
108 | 0 | log_info(_("WARNING: forcing symmetric cipher %s (%d)" |
109 | 0 | " violates recipient preferences\n"), |
110 | 0 | openpgp_cipher_algo_name (opt.def_cipher_algo), |
111 | 0 | opt.def_cipher_algo); |
112 | 0 | } |
113 | |
|
114 | 0 | dek->algo = opt.def_cipher_algo; |
115 | 0 | } |
116 | |
|
117 | 0 | return dek; |
118 | 0 | } |
119 | | |
120 | | |
121 | | /* Check whether all encryption keys are compliant with the current |
122 | | * mode and issue respective status lines. DEK has the info about the |
123 | | * session key and PK_LIST the list of public keys. */ |
124 | | static gpg_error_t |
125 | | check_encryption_compliance (DEK *dek, pk_list_t pk_list) |
126 | 0 | { |
127 | 0 | gpg_error_t err = 0; |
128 | 0 | pk_list_t pkr; |
129 | 0 | int compliant; |
130 | | |
131 | | /* First check whether we should use the algo at all. */ |
132 | 0 | if (openpgp_cipher_blocklen (dek->algo) < 16 |
133 | 0 | && !opt.flags.allow_old_cipher_algos) |
134 | 0 | { |
135 | 0 | log_error (_("cipher algorithm '%s' may not be used for encryption\n"), |
136 | 0 | openpgp_cipher_algo_name (dek->algo)); |
137 | 0 | if (!opt.quiet) |
138 | 0 | log_info (_("(use option \"%s\" to override)\n"), |
139 | 0 | "--allow-old-cipher-algos"); |
140 | 0 | err = gpg_error (GPG_ERR_CIPHER_ALGO); |
141 | 0 | goto leave; |
142 | 0 | } |
143 | | |
144 | | /* Now check the compliance. */ |
145 | 0 | if (! gnupg_cipher_is_allowed (opt.compliance, 1, dek->algo, |
146 | 0 | GCRY_CIPHER_MODE_CFB)) |
147 | 0 | { |
148 | 0 | log_error (_("cipher algorithm '%s' may not be used in %s mode\n"), |
149 | 0 | openpgp_cipher_algo_name (dek->algo), |
150 | 0 | gnupg_compliance_option_string (opt.compliance)); |
151 | 0 | err = gpg_error (GPG_ERR_CIPHER_ALGO); |
152 | 0 | goto leave; |
153 | 0 | } |
154 | | |
155 | 0 | if (!gnupg_rng_is_compliant (opt.compliance)) |
156 | 0 | { |
157 | 0 | err = gpg_error (GPG_ERR_FORBIDDEN); |
158 | 0 | log_error (_("%s is not compliant with %s mode\n"), |
159 | 0 | "RNG", |
160 | 0 | gnupg_compliance_option_string (opt.compliance)); |
161 | 0 | write_status_error ("random-compliance", err); |
162 | 0 | goto leave; |
163 | 0 | } |
164 | | |
165 | | /* From here on we only test for CO_DE_VS - if we ever want to |
166 | | * return other compliance mode values we need to change this to |
167 | | * loop over all those values. */ |
168 | 0 | compliant = gnupg_gcrypt_is_compliant (CO_DE_VS); |
169 | |
|
170 | 0 | if (!gnupg_cipher_is_compliant (CO_DE_VS, dek->algo, GCRY_CIPHER_MODE_CFB)) |
171 | 0 | compliant = 0; |
172 | |
|
173 | 0 | for (pkr = pk_list; pkr; pkr = pkr->next) |
174 | 0 | { |
175 | 0 | PKT_public_key *pk = pkr->pk; |
176 | 0 | unsigned int nbits = nbits_from_pk (pk); |
177 | |
|
178 | 0 | if (!gnupg_pk_is_compliant (opt.compliance, pk->pubkey_algo, 0, |
179 | 0 | pk->pkey, nbits, NULL)) |
180 | 0 | log_info (_("WARNING: key %s is not suitable for encryption" |
181 | 0 | " in %s mode\n"), |
182 | 0 | keystr_from_pk (pk), |
183 | 0 | gnupg_compliance_option_string (opt.compliance)); |
184 | |
|
185 | 0 | if (compliant |
186 | 0 | && !gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0, pk->pkey, |
187 | 0 | nbits, NULL)) |
188 | 0 | compliant = 0; /* Not compliant - reset flag. */ |
189 | 0 | } |
190 | | |
191 | | /* If we are compliant print the status for de-vs compliance. */ |
192 | 0 | if (compliant) |
193 | 0 | write_status_strings (STATUS_ENCRYPTION_COMPLIANCE_MODE, |
194 | 0 | gnupg_status_compliance_flag (CO_DE_VS), |
195 | 0 | NULL); |
196 | | |
197 | | /* Check whether we should fail the operation. */ |
198 | 0 | if (opt.flags.require_compliance |
199 | 0 | && opt.compliance == CO_DE_VS |
200 | 0 | && !compliant) |
201 | 0 | { |
202 | 0 | compliance_failure (); |
203 | 0 | err = gpg_error (GPG_ERR_FORBIDDEN); |
204 | 0 | goto leave; |
205 | 0 | } |
206 | | |
207 | 0 | leave: |
208 | 0 | return err; |
209 | 0 | } |
210 | | |
211 | | |
212 | | /* Encrypt a session key using DEK and store a pointer to the result |
213 | | * at R_ENCKEY and its length at R_ENCKEYLEN. |
214 | | * |
215 | | * R_SESKEY points to the unencrypted session key (.KEY, .KEYLEN) and |
216 | | * the algorithm that will be used to encrypt the contents of the |
217 | | * SKESK packet (.ALGO). If R_SESKEY points to NULL, then a random |
218 | | * session key that is appropriate for DEK->ALGO is generated and |
219 | | * stored at R_SESKEY. If AEAD_ALGO is not 0 the given AEAD algorithm |
220 | | * is used for encryption. |
221 | | */ |
222 | | static gpg_error_t |
223 | | encrypt_seskey (DEK *dek, aead_algo_t aead_algo, |
224 | | DEK **r_seskey, void **r_enckey, size_t *r_enckeylen) |
225 | 0 | { |
226 | 0 | gpg_error_t err; |
227 | 0 | gcry_cipher_hd_t hd = NULL; |
228 | 0 | byte *buf = NULL; |
229 | 0 | DEK *seskey; |
230 | |
|
231 | 0 | *r_enckey = NULL; |
232 | 0 | *r_enckeylen = 0; |
233 | |
|
234 | 0 | if (*r_seskey) |
235 | 0 | seskey = *r_seskey; |
236 | 0 | else |
237 | 0 | { |
238 | 0 | seskey = xtrycalloc (1, sizeof(DEK)); |
239 | 0 | if (!seskey) |
240 | 0 | { |
241 | 0 | err = gpg_error_from_syserror (); |
242 | 0 | goto leave; |
243 | 0 | } |
244 | 0 | seskey->algo = dek->algo; |
245 | 0 | make_session_key (seskey); |
246 | | /*log_hexdump( "thekey", c->key, c->keylen );*/ |
247 | 0 | } |
248 | | |
249 | | |
250 | 0 | if (aead_algo) |
251 | 0 | { |
252 | 0 | unsigned int noncelen; |
253 | 0 | enum gcry_cipher_modes ciphermode; |
254 | 0 | byte ad[4]; |
255 | |
|
256 | 0 | err = openpgp_aead_algo_info (aead_algo, &ciphermode, &noncelen); |
257 | 0 | if (err) |
258 | 0 | goto leave; |
259 | | |
260 | | /* Allocate space for the nonce, the key, and the authentication |
261 | | * tag (16). */ |
262 | 0 | buf = xtrymalloc_secure (noncelen + seskey->keylen + 16); |
263 | 0 | if (!buf) |
264 | 0 | { |
265 | 0 | err = gpg_error_from_syserror (); |
266 | 0 | goto leave; |
267 | 0 | } |
268 | | |
269 | 0 | gcry_randomize (buf, noncelen, GCRY_STRONG_RANDOM); |
270 | |
|
271 | 0 | err = openpgp_cipher_open (&hd, dek->algo, |
272 | 0 | ciphermode, GCRY_CIPHER_SECURE); |
273 | 0 | if (!err) |
274 | 0 | err = gcry_cipher_setkey (hd, dek->key, dek->keylen); |
275 | 0 | if (!err) |
276 | 0 | err = gcry_cipher_setiv (hd, buf, noncelen); |
277 | 0 | if (err) |
278 | 0 | goto leave; |
279 | | |
280 | 0 | ad[0] = (0xc0 | PKT_SYMKEY_ENC); |
281 | 0 | ad[1] = 5; |
282 | 0 | ad[2] = dek->algo; |
283 | 0 | ad[3] = aead_algo; |
284 | 0 | err = gcry_cipher_authenticate (hd, ad, 4); |
285 | 0 | if (err) |
286 | 0 | goto leave; |
287 | | |
288 | 0 | memcpy (buf + noncelen, seskey->key, seskey->keylen); |
289 | 0 | gcry_cipher_final (hd); |
290 | 0 | err = gcry_cipher_encrypt (hd, buf + noncelen, seskey->keylen, NULL,0); |
291 | 0 | if (err) |
292 | 0 | goto leave; |
293 | 0 | err = gcry_cipher_gettag (hd, buf + noncelen + seskey->keylen, 16); |
294 | 0 | if (err) |
295 | 0 | goto leave; |
296 | 0 | *r_enckeylen = noncelen + seskey->keylen + 16; |
297 | 0 | *r_enckey = buf; |
298 | 0 | buf = NULL; |
299 | 0 | } |
300 | 0 | else |
301 | 0 | { |
302 | | /* In the old version 4 SKESK the encrypted session key is |
303 | | * prefixed with a one-octet algorithm id. */ |
304 | 0 | buf = xtrymalloc_secure (1 + seskey->keylen); |
305 | 0 | if (!buf) |
306 | 0 | { |
307 | 0 | err = gpg_error_from_syserror (); |
308 | 0 | goto leave; |
309 | 0 | } |
310 | 0 | buf[0] = seskey->algo; |
311 | 0 | memcpy (buf + 1, seskey->key, seskey->keylen); |
312 | |
|
313 | 0 | err = openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1); |
314 | 0 | if (!err) |
315 | 0 | err = gcry_cipher_setkey (hd, dek->key, dek->keylen); |
316 | 0 | if (!err) |
317 | 0 | err = gcry_cipher_setiv (hd, NULL, 0); |
318 | 0 | if (!err) |
319 | 0 | err = gcry_cipher_encrypt (hd, buf, seskey->keylen + 1, NULL, 0); |
320 | 0 | if (err) |
321 | 0 | goto leave; |
322 | 0 | *r_enckeylen = seskey->keylen + 1; |
323 | 0 | *r_enckey = buf; |
324 | 0 | buf = NULL; |
325 | 0 | } |
326 | | |
327 | | /* Return the session key in case we allocated it. */ |
328 | 0 | *r_seskey = seskey; |
329 | 0 | seskey = NULL; |
330 | |
|
331 | 0 | leave: |
332 | 0 | gcry_cipher_close (hd); |
333 | 0 | if (seskey != *r_seskey) |
334 | 0 | xfree (seskey); |
335 | 0 | xfree (buf); |
336 | 0 | return err; |
337 | 0 | } |
338 | | |
339 | | |
340 | | /* Return the AEAD algo if we shall use AEAD mode. Returns 0 if AEAD |
341 | | * shall not be used. */ |
342 | | aead_algo_t |
343 | | use_aead (pk_list_t pk_list, int algo) |
344 | 0 | { |
345 | 0 | int can_use; |
346 | |
|
347 | 0 | can_use = openpgp_cipher_get_algo_blklen (algo) == 16; |
348 | | |
349 | | /* With --force-aead we want AEAD. */ |
350 | 0 | if (opt.force_aead) |
351 | 0 | { |
352 | 0 | if (!can_use) |
353 | 0 | { |
354 | 0 | log_info ("Warning: request to use OCB ignored for cipher '%s'\n", |
355 | 0 | openpgp_cipher_algo_name (algo)); |
356 | 0 | return 0; |
357 | 0 | } |
358 | 0 | return AEAD_ALGO_OCB; |
359 | 0 | } |
360 | | |
361 | | /* AEAD does only work with 128 bit cipher blocklength. */ |
362 | 0 | if (!can_use) |
363 | 0 | return 0; |
364 | | |
365 | | /* Note the user which keys have no AEAD feature flag set. */ |
366 | 0 | if (opt.verbose) |
367 | 0 | warn_missing_aead_from_pklist (pk_list); |
368 | | |
369 | | /* If all keys support AEAD we can use it. */ |
370 | 0 | return select_aead_from_pklist (pk_list); |
371 | 0 | } |
372 | | |
373 | | |
374 | | /* Shall we use the MDC? Yes - unless rfc-2440 compatibility is |
375 | | * requested. */ |
376 | | int |
377 | | use_mdc (pk_list_t pk_list,int algo) |
378 | 0 | { |
379 | 0 | (void)pk_list; |
380 | 0 | (void)algo; |
381 | | |
382 | | /* RFC-2440 don't has MDC - this is the only way to create a legacy |
383 | | * non-MDC encryption packet. */ |
384 | 0 | if (RFC2440) |
385 | 0 | return 0; |
386 | | |
387 | 0 | return 1; /* In all other cases we use the MDC */ |
388 | 0 | } |
389 | | |
390 | | |
391 | | /* We don't want to use use_seskey yet because older gnupg versions |
392 | | can't handle it, and there isn't really any point unless we're |
393 | | making a message that can be decrypted by a public key or |
394 | | passphrase. */ |
395 | | static int |
396 | | encrypt_simple (const char *filename, int mode, int use_seskey) |
397 | 0 | { |
398 | 0 | iobuf_t inp, out; |
399 | 0 | PACKET pkt; |
400 | 0 | PKT_plaintext *pt = NULL; |
401 | 0 | STRING2KEY *s2k = NULL; |
402 | 0 | void *enckey = NULL; |
403 | 0 | size_t enckeylen = 0; |
404 | 0 | int rc = 0; |
405 | 0 | u32 filesize; |
406 | 0 | cipher_filter_context_t cfx; |
407 | 0 | armor_filter_context_t *afx = NULL; |
408 | 0 | compress_filter_context_t zfx; |
409 | 0 | text_filter_context_t tfx; |
410 | 0 | progress_filter_context_t *pfx; |
411 | 0 | int do_compress = !!default_compress_algo(); |
412 | |
|
413 | 0 | if (!gnupg_rng_is_compliant (opt.compliance)) |
414 | 0 | { |
415 | 0 | rc = gpg_error (GPG_ERR_FORBIDDEN); |
416 | 0 | log_error (_("%s is not compliant with %s mode\n"), |
417 | 0 | "RNG", |
418 | 0 | gnupg_compliance_option_string (opt.compliance)); |
419 | 0 | write_status_error ("random-compliance", rc); |
420 | 0 | return rc; |
421 | 0 | } |
422 | | |
423 | 0 | pfx = new_progress_context (); |
424 | 0 | memset( &cfx, 0, sizeof cfx); |
425 | 0 | memset( &zfx, 0, sizeof zfx); |
426 | 0 | memset( &tfx, 0, sizeof tfx); |
427 | 0 | init_packet(&pkt); |
428 | | |
429 | | /* Prepare iobufs. */ |
430 | 0 | inp = iobuf_open(filename); |
431 | 0 | if (inp) |
432 | 0 | iobuf_ioctl (inp, IOBUF_IOCTL_NO_CACHE, 1, NULL); |
433 | 0 | if (inp && is_secured_file (iobuf_get_fd (inp))) |
434 | 0 | { |
435 | 0 | iobuf_close (inp); |
436 | 0 | inp = NULL; |
437 | 0 | gpg_err_set_errno (EPERM); |
438 | 0 | } |
439 | 0 | if (!inp) |
440 | 0 | { |
441 | 0 | rc = gpg_error_from_syserror (); |
442 | 0 | log_error(_("can't open '%s': %s\n"), filename? filename: "[stdin]", |
443 | 0 | strerror(errno) ); |
444 | 0 | release_progress_context (pfx); |
445 | 0 | return rc; |
446 | 0 | } |
447 | | |
448 | 0 | handle_progress (pfx, inp, filename); |
449 | |
|
450 | 0 | if (opt.textmode) |
451 | 0 | iobuf_push_filter( inp, text_filter, &tfx ); |
452 | |
|
453 | 0 | cfx.dek = NULL; |
454 | 0 | if ( mode ) |
455 | 0 | { |
456 | 0 | aead_algo_t aead_algo; |
457 | |
|
458 | 0 | rc = setup_symkey (&s2k, &cfx.dek); |
459 | 0 | if (rc) |
460 | 0 | { |
461 | 0 | iobuf_close (inp); |
462 | 0 | if (gpg_err_code (rc) == GPG_ERR_CIPHER_ALGO |
463 | 0 | || gpg_err_code (rc) == GPG_ERR_DIGEST_ALGO) |
464 | 0 | ; /* Error has already been printed. */ |
465 | 0 | else |
466 | 0 | log_error (_("error creating passphrase: %s\n"), gpg_strerror (rc)); |
467 | 0 | release_progress_context (pfx); |
468 | 0 | return rc; |
469 | 0 | } |
470 | 0 | if (use_seskey && s2k->mode != 1 && s2k->mode != 3) |
471 | 0 | { |
472 | 0 | use_seskey = 0; |
473 | 0 | log_info (_("can't use a SKESK packet" |
474 | 0 | "due to the S2K mode\n")); |
475 | 0 | } |
476 | | |
477 | | /* See whether we want to use AEAD. */ |
478 | 0 | aead_algo = use_aead (NULL, cfx.dek->algo); |
479 | |
|
480 | 0 | if ( use_seskey ) |
481 | 0 | { |
482 | 0 | DEK *dek = NULL; |
483 | |
|
484 | 0 | rc = encrypt_seskey (cfx.dek, aead_algo, &dek, &enckey, &enckeylen); |
485 | 0 | if (rc) |
486 | 0 | { |
487 | 0 | xfree (cfx.dek); |
488 | 0 | xfree (s2k); |
489 | 0 | iobuf_close (inp); |
490 | 0 | release_progress_context (pfx); |
491 | 0 | return rc; |
492 | 0 | } |
493 | | /* Replace key in DEK. */ |
494 | 0 | xfree (cfx.dek); |
495 | 0 | cfx.dek = dek; |
496 | 0 | } |
497 | | |
498 | 0 | if (aead_algo) |
499 | 0 | cfx.dek->use_aead = aead_algo; |
500 | 0 | else |
501 | 0 | cfx.dek->use_mdc = !!use_mdc (NULL, cfx.dek->algo); |
502 | |
|
503 | 0 | if (opt.verbose) |
504 | 0 | log_info(_("using cipher %s.%s\n"), |
505 | 0 | openpgp_cipher_algo_name (cfx.dek->algo), |
506 | 0 | cfx.dek->use_aead? openpgp_aead_algo_name (cfx.dek->use_aead) |
507 | 0 | /**/ : "CFB"); |
508 | 0 | } |
509 | | |
510 | 0 | if (do_compress |
511 | 0 | && cfx.dek |
512 | 0 | && (cfx.dek->use_mdc || cfx.dek->use_aead) |
513 | 0 | && is_file_compressed(filename, &rc)) |
514 | 0 | { |
515 | 0 | if (opt.verbose) |
516 | 0 | log_info(_("'%s' already compressed\n"), filename); |
517 | 0 | do_compress = 0; |
518 | 0 | } |
519 | |
|
520 | 0 | if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out ))) |
521 | 0 | { |
522 | 0 | iobuf_cancel (inp); |
523 | 0 | xfree (cfx.dek); |
524 | 0 | xfree (s2k); |
525 | 0 | release_progress_context (pfx); |
526 | 0 | return rc; |
527 | 0 | } |
528 | | |
529 | 0 | if ( opt.armor ) |
530 | 0 | { |
531 | 0 | afx = new_armor_context (); |
532 | 0 | push_armor_filter (afx, out); |
533 | 0 | } |
534 | |
|
535 | 0 | if ( s2k ) |
536 | 0 | { |
537 | | /* Fixme: This is quite similar to write_symkey_enc. */ |
538 | 0 | PKT_symkey_enc *enc = xmalloc_clear (sizeof *enc + enckeylen); |
539 | 0 | enc->version = cfx.dek->use_aead ? 5 : 4; |
540 | 0 | enc->cipher_algo = cfx.dek->algo; |
541 | 0 | enc->aead_algo = cfx.dek->use_aead; |
542 | 0 | enc->s2k = *s2k; |
543 | 0 | if (enckeylen) |
544 | 0 | { |
545 | 0 | enc->seskeylen = enckeylen; |
546 | 0 | memcpy (enc->seskey, enckey, enckeylen); |
547 | 0 | } |
548 | 0 | pkt.pkttype = PKT_SYMKEY_ENC; |
549 | 0 | pkt.pkt.symkey_enc = enc; |
550 | 0 | if ((rc = build_packet( out, &pkt ))) |
551 | 0 | log_error("build symkey packet failed: %s\n", gpg_strerror (rc) ); |
552 | 0 | xfree (enc); |
553 | 0 | xfree (enckey); |
554 | 0 | enckey = NULL; |
555 | 0 | } |
556 | |
|
557 | 0 | if (!opt.no_literal) |
558 | 0 | pt = setup_plaintext_name (filename, inp); |
559 | | |
560 | | /* Note that PGP 5 has problems decrypting symmetrically encrypted |
561 | | data if the file length is in the inner packet. It works when |
562 | | only partial length headers are use. In the past, we always used |
563 | | partial body length here, but since PGP 2, PGP 6, and PGP 7 need |
564 | | the file length, and nobody should be using PGP 5 nowadays |
565 | | anyway, this is now set to the file length. Note also that this |
566 | | only applies to the RFC-1991 style symmetric messages, and not |
567 | | the RFC-2440 style. PGP 6 and 7 work with either partial length |
568 | | or fixed length with the new style messages. */ |
569 | |
|
570 | 0 | if ( !iobuf_is_pipe_filename (filename) && *filename && !opt.textmode ) |
571 | 0 | { |
572 | 0 | off_t tmpsize; |
573 | 0 | int overflow; |
574 | |
|
575 | 0 | if ( !(tmpsize = iobuf_get_filelength(inp, &overflow)) |
576 | 0 | && !overflow && opt.verbose) |
577 | 0 | log_info(_("WARNING: '%s' is an empty file\n"), filename ); |
578 | | /* We can't encode the length of very large files because |
579 | | OpenPGP uses only 32 bit for file sizes. So if the |
580 | | size of a file is larger than 2^32 minus some bytes for |
581 | | packet headers, we switch to partial length encoding. */ |
582 | 0 | if ( tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536) ) |
583 | 0 | filesize = tmpsize; |
584 | 0 | else |
585 | 0 | filesize = 0; |
586 | 0 | } |
587 | 0 | else |
588 | 0 | filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */ |
589 | |
|
590 | 0 | if (!opt.no_literal) |
591 | 0 | { |
592 | | /* Note that PT has been initialized above in !no_literal mode. */ |
593 | 0 | pt->timestamp = make_timestamp(); |
594 | 0 | pt->mode = opt.mimemode? 'm' : opt.textmode? 't' : 'b'; |
595 | 0 | pt->len = filesize; |
596 | 0 | pt->new_ctb = !pt->len; |
597 | 0 | pt->buf = inp; |
598 | 0 | pkt.pkttype = PKT_PLAINTEXT; |
599 | 0 | pkt.pkt.plaintext = pt; |
600 | 0 | cfx.datalen = filesize && !do_compress ? calc_packet_length( &pkt ) : 0; |
601 | 0 | } |
602 | 0 | else |
603 | 0 | { |
604 | 0 | cfx.datalen = filesize && !do_compress ? filesize : 0; |
605 | 0 | pkt.pkttype = 0; |
606 | 0 | pkt.pkt.generic = NULL; |
607 | 0 | } |
608 | | |
609 | | /* Register the cipher filter. */ |
610 | 0 | if (mode) |
611 | 0 | iobuf_push_filter (out, |
612 | 0 | cfx.dek->use_aead? cipher_filter_aead |
613 | 0 | /**/ : cipher_filter_cfb, |
614 | 0 | &cfx ); |
615 | | |
616 | | /* Register the compress filter. */ |
617 | 0 | if ( do_compress ) |
618 | 0 | { |
619 | 0 | if (cfx.dek && (cfx.dek->use_mdc || cfx.dek->use_aead)) |
620 | 0 | zfx.new_ctb = 1; |
621 | 0 | push_compress_filter (out, &zfx, default_compress_algo()); |
622 | 0 | } |
623 | | |
624 | | /* Do the work. */ |
625 | 0 | if (!opt.no_literal) |
626 | 0 | { |
627 | 0 | if ( (rc = build_packet( out, &pkt )) ) |
628 | 0 | log_error("build_packet failed: %s\n", gpg_strerror (rc) ); |
629 | 0 | } |
630 | 0 | else |
631 | 0 | { |
632 | | /* User requested not to create a literal packet, so we copy the |
633 | | plain data. */ |
634 | 0 | rc = iobuf_copy (out, inp); |
635 | 0 | if (rc) |
636 | 0 | log_error ("copying input to output failed: %s\n", gpg_strerror (rc)); |
637 | 0 | } |
638 | | |
639 | | /* Finish the stuff. */ |
640 | 0 | iobuf_close (inp); |
641 | 0 | if (rc) |
642 | 0 | iobuf_cancel(out); |
643 | 0 | else |
644 | 0 | { |
645 | 0 | iobuf_close (out); /* fixme: check returncode */ |
646 | 0 | if (mode) |
647 | 0 | write_status ( STATUS_END_ENCRYPTION ); |
648 | 0 | } |
649 | 0 | if (pt) |
650 | 0 | pt->buf = NULL; |
651 | 0 | free_packet (&pkt, NULL); |
652 | 0 | xfree (enckey); |
653 | 0 | xfree (cfx.dek); |
654 | 0 | xfree (s2k); |
655 | 0 | release_armor_context (afx); |
656 | 0 | release_progress_context (pfx); |
657 | 0 | return rc; |
658 | 0 | } |
659 | | |
660 | | |
661 | | gpg_error_t |
662 | | setup_symkey (STRING2KEY **symkey_s2k, DEK **symkey_dek) |
663 | 0 | { |
664 | 0 | int canceled; |
665 | 0 | int defcipher; |
666 | 0 | int s2kdigest; |
667 | |
|
668 | 0 | defcipher = default_cipher_algo (); |
669 | 0 | if (openpgp_cipher_blocklen (defcipher) < 16 |
670 | 0 | && !opt.flags.allow_old_cipher_algos) |
671 | 0 | { |
672 | 0 | log_error (_("cipher algorithm '%s' may not be used for encryption\n"), |
673 | 0 | openpgp_cipher_algo_name (defcipher)); |
674 | 0 | if (!opt.quiet) |
675 | 0 | log_info (_("(use option \"%s\" to override)\n"), |
676 | 0 | "--allow-old-cipher-algos"); |
677 | 0 | return gpg_error (GPG_ERR_CIPHER_ALGO); |
678 | 0 | } |
679 | | |
680 | 0 | if (!gnupg_cipher_is_allowed (opt.compliance, 1, defcipher, |
681 | 0 | GCRY_CIPHER_MODE_CFB)) |
682 | 0 | { |
683 | 0 | log_error (_("cipher algorithm '%s' may not be used in %s mode\n"), |
684 | 0 | openpgp_cipher_algo_name (defcipher), |
685 | 0 | gnupg_compliance_option_string (opt.compliance)); |
686 | 0 | return gpg_error (GPG_ERR_CIPHER_ALGO); |
687 | 0 | } |
688 | | |
689 | 0 | s2kdigest = S2K_DIGEST_ALGO; |
690 | 0 | if (!gnupg_digest_is_allowed (opt.compliance, 1, s2kdigest)) |
691 | 0 | { |
692 | 0 | log_error (_("digest algorithm '%s' may not be used in %s mode\n"), |
693 | 0 | gcry_md_algo_name (s2kdigest), |
694 | 0 | gnupg_compliance_option_string (opt.compliance)); |
695 | 0 | return gpg_error (GPG_ERR_DIGEST_ALGO); |
696 | 0 | } |
697 | | |
698 | 0 | *symkey_s2k = xmalloc_clear (sizeof **symkey_s2k); |
699 | 0 | (*symkey_s2k)->mode = opt.s2k_mode; |
700 | 0 | (*symkey_s2k)->hash_algo = s2kdigest; |
701 | |
|
702 | 0 | *symkey_dek = passphrase_to_dek (defcipher, |
703 | 0 | *symkey_s2k, 1, 0, NULL, 0, &canceled); |
704 | 0 | if (!*symkey_dek || !(*symkey_dek)->keylen) |
705 | 0 | { |
706 | 0 | xfree(*symkey_dek); |
707 | 0 | xfree(*symkey_s2k); |
708 | 0 | return gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_INV_PASSPHRASE); |
709 | 0 | } |
710 | | |
711 | 0 | return 0; |
712 | 0 | } |
713 | | |
714 | | |
715 | | static int |
716 | | write_symkey_enc (STRING2KEY *symkey_s2k, aead_algo_t aead_algo, |
717 | | DEK *symkey_dek, DEK *dek, iobuf_t out) |
718 | 0 | { |
719 | 0 | int rc; |
720 | 0 | void *enckey; |
721 | 0 | size_t enckeylen; |
722 | 0 | PKT_symkey_enc *enc; |
723 | 0 | PACKET pkt; |
724 | |
|
725 | 0 | rc = encrypt_seskey (symkey_dek, aead_algo, &dek, &enckey, &enckeylen); |
726 | 0 | if (rc) |
727 | 0 | return rc; |
728 | 0 | enc = xtrycalloc (1, sizeof (PKT_symkey_enc) + enckeylen); |
729 | 0 | if (!enc) |
730 | 0 | { |
731 | 0 | rc = gpg_error_from_syserror (); |
732 | 0 | xfree (enckey); |
733 | 0 | return rc; |
734 | 0 | } |
735 | | |
736 | 0 | enc->version = aead_algo? 5 : 4; |
737 | 0 | enc->cipher_algo = opt.s2k_cipher_algo; |
738 | 0 | enc->aead_algo = aead_algo; |
739 | 0 | enc->s2k = *symkey_s2k; |
740 | 0 | enc->seskeylen = enckeylen; |
741 | 0 | memcpy (enc->seskey, enckey, enckeylen); |
742 | 0 | xfree (enckey); |
743 | |
|
744 | 0 | pkt.pkttype = PKT_SYMKEY_ENC; |
745 | 0 | pkt.pkt.symkey_enc = enc; |
746 | |
|
747 | 0 | if ((rc=build_packet(out,&pkt))) |
748 | 0 | log_error("build symkey_enc packet failed: %s\n",gpg_strerror (rc)); |
749 | |
|
750 | 0 | xfree (enc); |
751 | 0 | return rc; |
752 | 0 | } |
753 | | |
754 | | |
755 | | /* |
756 | | * Encrypt the file with the given userids (or ask if none is |
757 | | * supplied). Either FILENAME or FILEFD must be given, but not both. |
758 | | * The caller may provide a checked list of public keys in |
759 | | * PROVIDED_PKS; if not the function builds a list of keys on its own. |
760 | | * |
761 | | * Note that FILEFD is currently only used by cmd_encrypt in the |
762 | | * not yet finished server.c. |
763 | | */ |
764 | | int |
765 | | encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, |
766 | | strlist_t remusr, int use_symkey, pk_list_t provided_keys, |
767 | | int outputfd) |
768 | 0 | { |
769 | 0 | iobuf_t inp = NULL; |
770 | 0 | iobuf_t out = NULL; |
771 | 0 | PACKET pkt; |
772 | 0 | PKT_plaintext *pt = NULL; |
773 | 0 | DEK *symkey_dek = NULL; |
774 | 0 | STRING2KEY *symkey_s2k = NULL; |
775 | 0 | int rc = 0, rc2 = 0; |
776 | 0 | u32 filesize; |
777 | 0 | cipher_filter_context_t cfx; |
778 | 0 | armor_filter_context_t *afx = NULL; |
779 | 0 | compress_filter_context_t zfx; |
780 | 0 | text_filter_context_t tfx; |
781 | 0 | progress_filter_context_t *pfx; |
782 | 0 | PK_LIST pk_list; |
783 | 0 | int do_compress; |
784 | |
|
785 | 0 | if (filefd != -1 && filename) |
786 | 0 | return gpg_error (GPG_ERR_INV_ARG); /* Both given. */ |
787 | | |
788 | 0 | do_compress = !!opt.compress_algo; |
789 | |
|
790 | 0 | pfx = new_progress_context (); |
791 | 0 | memset( &cfx, 0, sizeof cfx); |
792 | 0 | memset( &zfx, 0, sizeof zfx); |
793 | 0 | memset( &tfx, 0, sizeof tfx); |
794 | 0 | init_packet(&pkt); |
795 | |
|
796 | 0 | if (use_symkey |
797 | 0 | && (rc=setup_symkey(&symkey_s2k,&symkey_dek))) |
798 | 0 | { |
799 | 0 | release_progress_context (pfx); |
800 | 0 | return rc; |
801 | 0 | } |
802 | | |
803 | 0 | if (provided_keys) |
804 | 0 | pk_list = provided_keys; |
805 | 0 | else |
806 | 0 | { |
807 | 0 | if ((rc = build_pk_list (ctrl, remusr, &pk_list))) |
808 | 0 | { |
809 | 0 | release_progress_context (pfx); |
810 | 0 | return rc; |
811 | 0 | } |
812 | 0 | } |
813 | | |
814 | | /* Prepare iobufs. */ |
815 | | #ifdef HAVE_W32_SYSTEM |
816 | | if (filefd == -1) |
817 | | inp = iobuf_open (filename); |
818 | | else |
819 | | { |
820 | | inp = NULL; |
821 | | gpg_err_set_errno (ENOSYS); |
822 | | } |
823 | | #else |
824 | 0 | if (filefd == -1) |
825 | 0 | inp = iobuf_open (filename); |
826 | 0 | else |
827 | 0 | inp = iobuf_fdopen_nc (filefd, "rb"); |
828 | 0 | #endif |
829 | 0 | if (inp) |
830 | 0 | iobuf_ioctl (inp, IOBUF_IOCTL_NO_CACHE, 1, NULL); |
831 | 0 | if (inp && is_secured_file (iobuf_get_fd (inp))) |
832 | 0 | { |
833 | 0 | iobuf_close (inp); |
834 | 0 | inp = NULL; |
835 | 0 | gpg_err_set_errno (EPERM); |
836 | 0 | } |
837 | 0 | if (!inp) |
838 | 0 | { |
839 | 0 | char xname[64]; |
840 | |
|
841 | 0 | rc = gpg_error_from_syserror (); |
842 | 0 | if (filefd != -1) |
843 | 0 | snprintf (xname, sizeof xname, "[fd %d]", filefd); |
844 | 0 | else if (!filename) |
845 | 0 | strcpy (xname, "[stdin]"); |
846 | 0 | else |
847 | 0 | *xname = 0; |
848 | 0 | log_error (_("can't open '%s': %s\n"), |
849 | 0 | *xname? xname : filename, gpg_strerror (rc) ); |
850 | 0 | goto leave; |
851 | 0 | } |
852 | | |
853 | 0 | if (opt.verbose) |
854 | 0 | log_info (_("reading from '%s'\n"), iobuf_get_fname_nonnull (inp)); |
855 | |
|
856 | 0 | handle_progress (pfx, inp, filename); |
857 | |
|
858 | 0 | if (opt.textmode) |
859 | 0 | iobuf_push_filter (inp, text_filter, &tfx); |
860 | |
|
861 | 0 | rc = open_outfile (outputfd, filename, opt.armor? 1:0, 0, &out); |
862 | 0 | if (rc) |
863 | 0 | goto leave; |
864 | | |
865 | 0 | if (opt.armor) |
866 | 0 | { |
867 | 0 | afx = new_armor_context (); |
868 | 0 | push_armor_filter (afx, out); |
869 | 0 | } |
870 | | |
871 | | /* Create a session key. */ |
872 | 0 | cfx.dek = create_dek_with_warnings (pk_list); |
873 | |
|
874 | 0 | rc = check_encryption_compliance (cfx.dek, pk_list); |
875 | 0 | if (rc) |
876 | 0 | goto leave; |
877 | | |
878 | 0 | cfx.dek->use_aead = use_aead (pk_list, cfx.dek->algo); |
879 | 0 | if (!cfx.dek->use_aead) |
880 | 0 | cfx.dek->use_mdc = !!use_mdc (pk_list, cfx.dek->algo); |
881 | | |
882 | | /* Only do the is-file-already-compressed check if we are using a |
883 | | * MDC or AEAD. This forces compressed files to be re-compressed if |
884 | | * we do not have a MDC to give some protection against chosen |
885 | | * ciphertext attacks. */ |
886 | 0 | if (do_compress |
887 | 0 | && (cfx.dek->use_mdc || cfx.dek->use_aead) |
888 | 0 | && is_file_compressed (filename, &rc2)) |
889 | 0 | { |
890 | 0 | if (opt.verbose) |
891 | 0 | log_info(_("'%s' already compressed\n"), filename); |
892 | 0 | do_compress = 0; |
893 | 0 | } |
894 | 0 | if (rc2) |
895 | 0 | { |
896 | 0 | rc = rc2; |
897 | 0 | goto leave; |
898 | 0 | } |
899 | | |
900 | 0 | make_session_key (cfx.dek); |
901 | 0 | if (DBG_CRYPTO) |
902 | 0 | log_printhex (cfx.dek->key, cfx.dek->keylen, "DEK is: "); |
903 | |
|
904 | 0 | rc = write_pubkey_enc_from_list (ctrl, pk_list, cfx.dek, out); |
905 | 0 | if (rc) |
906 | 0 | goto leave; |
907 | | |
908 | | /* We put the passphrase (if any) after any public keys as this |
909 | | * seems to be the most useful on the recipient side - there is no |
910 | | * point in prompting a user for a passphrase if they have the |
911 | | * secret key needed to decrypt. */ |
912 | 0 | if (use_symkey && (rc = write_symkey_enc (symkey_s2k, cfx.dek->use_aead, |
913 | 0 | symkey_dek, cfx.dek, out))) |
914 | 0 | goto leave; |
915 | | |
916 | 0 | if (!opt.no_literal) |
917 | 0 | pt = setup_plaintext_name (filename, inp); |
918 | | |
919 | | /* Get the size of the file if possible, i.e., if it is a real file. */ |
920 | 0 | if (filename && *filename |
921 | 0 | && !iobuf_is_pipe_filename (filename) && !opt.textmode ) |
922 | 0 | { |
923 | 0 | off_t tmpsize; |
924 | 0 | int overflow; |
925 | |
|
926 | 0 | if ( !(tmpsize = iobuf_get_filelength(inp, &overflow)) |
927 | 0 | && !overflow && opt.verbose) |
928 | 0 | log_info(_("WARNING: '%s' is an empty file\n"), filename ); |
929 | | /* We can't encode the length of very large files because |
930 | | OpenPGP uses only 32 bit for file sizes. So if the size |
931 | | of a file is larger than 2^32 minus some bytes for packet |
932 | | headers, we switch to partial length encoding. */ |
933 | 0 | if (tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536) ) |
934 | 0 | filesize = tmpsize; |
935 | 0 | else |
936 | 0 | filesize = 0; |
937 | 0 | } |
938 | 0 | else |
939 | 0 | filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */ |
940 | |
|
941 | 0 | if (!opt.no_literal) |
942 | 0 | { |
943 | 0 | pt->timestamp = make_timestamp(); |
944 | 0 | pt->mode = opt.mimemode? 'm' : opt.textmode ? 't' : 'b'; |
945 | 0 | pt->len = filesize; |
946 | 0 | pt->new_ctb = !pt->len; |
947 | 0 | pt->buf = inp; |
948 | 0 | pkt.pkttype = PKT_PLAINTEXT; |
949 | 0 | pkt.pkt.plaintext = pt; |
950 | 0 | cfx.datalen = filesize && !do_compress? calc_packet_length( &pkt ) : 0; |
951 | 0 | } |
952 | 0 | else |
953 | 0 | cfx.datalen = filesize && !do_compress ? filesize : 0; |
954 | | |
955 | | /* Register the cipher filter. */ |
956 | 0 | iobuf_push_filter (out, |
957 | 0 | cfx.dek->use_aead? cipher_filter_aead |
958 | 0 | /**/ : cipher_filter_cfb, |
959 | 0 | &cfx); |
960 | | |
961 | | /* Register the compress filter. */ |
962 | 0 | if (do_compress) |
963 | 0 | { |
964 | 0 | int compr_algo = opt.compress_algo; |
965 | |
|
966 | 0 | if (compr_algo == -1) |
967 | 0 | { |
968 | 0 | compr_algo = select_algo_from_prefs (pk_list, PREFTYPE_ZIP, -1, NULL); |
969 | 0 | if (compr_algo == -1) |
970 | 0 | compr_algo = DEFAULT_COMPRESS_ALGO; |
971 | | /* Theoretically impossible to get here since uncompressed |
972 | | is implicit. */ |
973 | 0 | } |
974 | 0 | else if (!opt.expert |
975 | 0 | && select_algo_from_prefs(pk_list, PREFTYPE_ZIP, |
976 | 0 | compr_algo, NULL) != compr_algo) |
977 | 0 | { |
978 | 0 | log_info (_("WARNING: forcing compression algorithm %s (%d)" |
979 | 0 | " violates recipient preferences\n"), |
980 | 0 | compress_algo_to_string(compr_algo), compr_algo); |
981 | 0 | } |
982 | | |
983 | | /* Algo 0 means no compression. */ |
984 | 0 | if (compr_algo) |
985 | 0 | { |
986 | 0 | if (cfx.dek && (cfx.dek->use_mdc || cfx.dek->use_aead)) |
987 | 0 | zfx.new_ctb = 1; |
988 | 0 | push_compress_filter (out,&zfx,compr_algo); |
989 | 0 | } |
990 | 0 | } |
991 | | |
992 | | /* Do the work. */ |
993 | 0 | if (!opt.no_literal) |
994 | 0 | { |
995 | 0 | if ((rc = build_packet( out, &pkt ))) |
996 | 0 | log_error ("build_packet failed: %s\n", gpg_strerror (rc)); |
997 | 0 | } |
998 | 0 | else |
999 | 0 | { |
1000 | | /* User requested not to create a literal packet, so we copy the |
1001 | | plain data. */ |
1002 | 0 | byte copy_buffer[4096]; |
1003 | 0 | int bytes_copied; |
1004 | 0 | while ((bytes_copied = iobuf_read (inp, copy_buffer, 4096)) != -1) |
1005 | 0 | { |
1006 | 0 | rc = iobuf_write (out, copy_buffer, bytes_copied); |
1007 | 0 | if (rc) |
1008 | 0 | { |
1009 | 0 | log_error ("copying input to output failed: %s\n", |
1010 | 0 | gpg_strerror (rc)); |
1011 | 0 | break; |
1012 | 0 | } |
1013 | 0 | } |
1014 | 0 | wipememory (copy_buffer, 4096); /* Burn the buffer. */ |
1015 | 0 | } |
1016 | | |
1017 | | /* Finish the stuff. */ |
1018 | 0 | leave: |
1019 | 0 | iobuf_close (inp); |
1020 | 0 | if (rc) |
1021 | 0 | iobuf_cancel (out); |
1022 | 0 | else |
1023 | 0 | { |
1024 | 0 | iobuf_close (out); /* fixme: check returncode */ |
1025 | 0 | write_status (STATUS_END_ENCRYPTION); |
1026 | 0 | } |
1027 | 0 | if (pt) |
1028 | 0 | pt->buf = NULL; |
1029 | 0 | free_packet (&pkt, NULL); |
1030 | 0 | xfree (cfx.dek); |
1031 | 0 | xfree (symkey_dek); |
1032 | 0 | xfree (symkey_s2k); |
1033 | 0 | if (!provided_keys) |
1034 | 0 | release_pk_list (pk_list); |
1035 | 0 | release_armor_context (afx); |
1036 | 0 | release_progress_context (pfx); |
1037 | 0 | return rc; |
1038 | 0 | } |
1039 | | |
1040 | | |
1041 | | /* |
1042 | | * Filter to do a complete public key encryption. |
1043 | | */ |
1044 | | int |
1045 | | encrypt_filter (void *opaque, int control, |
1046 | | iobuf_t a, byte *buf, size_t *ret_len) |
1047 | 0 | { |
1048 | 0 | size_t size = *ret_len; |
1049 | 0 | encrypt_filter_context_t *efx = opaque; |
1050 | 0 | int rc = 0; |
1051 | |
|
1052 | 0 | if (control == IOBUFCTRL_UNDERFLOW) /* decrypt */ |
1053 | 0 | { |
1054 | 0 | BUG(); /* not used */ |
1055 | 0 | } |
1056 | 0 | else if ( control == IOBUFCTRL_FLUSH ) /* encrypt */ |
1057 | 0 | { |
1058 | 0 | if ( !efx->header_okay ) |
1059 | 0 | { |
1060 | 0 | efx->header_okay = 1; |
1061 | |
|
1062 | 0 | efx->cfx.dek = create_dek_with_warnings (efx->pk_list); |
1063 | |
|
1064 | 0 | rc = check_encryption_compliance (efx->cfx.dek, efx->pk_list); |
1065 | 0 | if (rc) |
1066 | 0 | return rc; |
1067 | | |
1068 | 0 | efx->cfx.dek->use_aead = use_aead (efx->pk_list, efx->cfx.dek->algo); |
1069 | 0 | if (!efx->cfx.dek->use_aead) |
1070 | 0 | efx->cfx.dek->use_mdc = !!use_mdc (efx->pk_list,efx->cfx.dek->algo); |
1071 | |
|
1072 | 0 | make_session_key ( efx->cfx.dek ); |
1073 | 0 | if (DBG_CRYPTO) |
1074 | 0 | log_printhex (efx->cfx.dek->key, efx->cfx.dek->keylen, "DEK is: "); |
1075 | |
|
1076 | 0 | rc = write_pubkey_enc_from_list (efx->ctrl, |
1077 | 0 | efx->pk_list, efx->cfx.dek, a); |
1078 | 0 | if (rc) |
1079 | 0 | return rc; |
1080 | | |
1081 | 0 | if(efx->symkey_s2k && efx->symkey_dek) |
1082 | 0 | { |
1083 | 0 | rc = write_symkey_enc (efx->symkey_s2k, efx->cfx.dek->use_aead, |
1084 | 0 | efx->symkey_dek, efx->cfx.dek, a); |
1085 | 0 | if (rc) |
1086 | 0 | return rc; |
1087 | 0 | } |
1088 | | |
1089 | 0 | iobuf_push_filter (a, |
1090 | 0 | efx->cfx.dek->use_aead? cipher_filter_aead |
1091 | 0 | /**/ : cipher_filter_cfb, |
1092 | 0 | &efx->cfx); |
1093 | |
|
1094 | 0 | } |
1095 | 0 | rc = iobuf_write (a, buf, size); |
1096 | |
|
1097 | 0 | } |
1098 | 0 | else if (control == IOBUFCTRL_FREE) |
1099 | 0 | { |
1100 | 0 | xfree (efx->symkey_dek); |
1101 | 0 | xfree (efx->symkey_s2k); |
1102 | 0 | } |
1103 | 0 | else if ( control == IOBUFCTRL_DESC ) |
1104 | 0 | { |
1105 | 0 | mem2str (buf, "encrypt_filter", *ret_len); |
1106 | 0 | } |
1107 | 0 | return rc; |
1108 | 0 | } |
1109 | | |
1110 | | |
1111 | | /* |
1112 | | * Write a pubkey-enc packet for the public key PK to OUT. |
1113 | | */ |
1114 | | int |
1115 | | write_pubkey_enc (ctrl_t ctrl, |
1116 | | PKT_public_key *pk, int throw_keyid, DEK *dek, iobuf_t out) |
1117 | 0 | { |
1118 | 0 | PACKET pkt; |
1119 | 0 | PKT_pubkey_enc *enc; |
1120 | 0 | int rc; |
1121 | 0 | gcry_mpi_t frame; |
1122 | |
|
1123 | 0 | print_pubkey_algo_note ( pk->pubkey_algo ); |
1124 | 0 | enc = xmalloc_clear ( sizeof *enc ); |
1125 | 0 | enc->pubkey_algo = pk->pubkey_algo; |
1126 | 0 | keyid_from_pk( pk, enc->keyid ); |
1127 | 0 | enc->throw_keyid = throw_keyid; |
1128 | | |
1129 | | /* Okay, what's going on: We have the session key somewhere in |
1130 | | * the structure DEK and want to encode this session key in an |
1131 | | * integer value of n bits. pubkey_nbits gives us the number of |
1132 | | * bits we have to use. We then encode the session key in some |
1133 | | * way and we get it back in the big intger value FRAME. Then |
1134 | | * we use FRAME, the public key PK->PKEY and the algorithm |
1135 | | * number PK->PUBKEY_ALGO and pass it to pubkey_encrypt which |
1136 | | * returns the encrypted value in the array ENC->DATA. This |
1137 | | * array has a size which depends on the used algorithm (e.g. 2 |
1138 | | * for Elgamal). We don't need frame anymore because we have |
1139 | | * everything now in enc->data which is the passed to |
1140 | | * build_packet(). */ |
1141 | 0 | frame = encode_session_key (pk->pubkey_algo, dek, |
1142 | 0 | pubkey_nbits (pk->pubkey_algo, pk->pkey)); |
1143 | 0 | rc = pk_encrypt (pk->pubkey_algo, enc->data, frame, pk, pk->pkey); |
1144 | 0 | gcry_mpi_release (frame); |
1145 | 0 | if (rc) |
1146 | 0 | log_error ("pubkey_encrypt failed: %s\n", gpg_strerror (rc) ); |
1147 | 0 | else |
1148 | 0 | { |
1149 | 0 | if ( opt.verbose ) |
1150 | 0 | { |
1151 | 0 | char *ustr = get_user_id_string_native (ctrl, enc->keyid); |
1152 | 0 | log_info (_("%s/%s.%s encrypted for: \"%s\"\n"), |
1153 | 0 | openpgp_pk_algo_name (enc->pubkey_algo), |
1154 | 0 | openpgp_cipher_algo_name (dek->algo), |
1155 | 0 | dek->use_aead? openpgp_aead_algo_name (dek->use_aead) |
1156 | 0 | /**/ : "CFB", |
1157 | 0 | ustr ); |
1158 | 0 | xfree (ustr); |
1159 | 0 | } |
1160 | | /* And write it. */ |
1161 | 0 | init_packet (&pkt); |
1162 | 0 | pkt.pkttype = PKT_PUBKEY_ENC; |
1163 | 0 | pkt.pkt.pubkey_enc = enc; |
1164 | 0 | rc = build_packet (out, &pkt); |
1165 | 0 | if (rc) |
1166 | 0 | log_error ("build_packet(pubkey_enc) failed: %s\n", |
1167 | 0 | gpg_strerror (rc)); |
1168 | 0 | } |
1169 | 0 | free_pubkey_enc(enc); |
1170 | 0 | return rc; |
1171 | 0 | } |
1172 | | |
1173 | | |
1174 | | /* |
1175 | | * Write pubkey-enc packets from the list of PKs to OUT. |
1176 | | */ |
1177 | | static int |
1178 | | write_pubkey_enc_from_list (ctrl_t ctrl, PK_LIST pk_list, DEK *dek, iobuf_t out) |
1179 | 0 | { |
1180 | 0 | if (opt.throw_keyids && (PGP7 || PGP8)) |
1181 | 0 | { |
1182 | 0 | log_info(_("option '%s' may not be used in %s mode\n"), |
1183 | 0 | "--throw-keyids", |
1184 | 0 | gnupg_compliance_option_string (opt.compliance)); |
1185 | 0 | compliance_failure(); |
1186 | 0 | } |
1187 | |
|
1188 | 0 | for ( ; pk_list; pk_list = pk_list->next ) |
1189 | 0 | { |
1190 | 0 | PKT_public_key *pk = pk_list->pk; |
1191 | 0 | int throw_keyid = (opt.throw_keyids || (pk_list->flags&1)); |
1192 | 0 | int rc = write_pubkey_enc (ctrl, pk, throw_keyid, dek, out); |
1193 | 0 | if (rc) |
1194 | 0 | return rc; |
1195 | 0 | } |
1196 | | |
1197 | 0 | return 0; |
1198 | 0 | } |
1199 | | |
1200 | | void |
1201 | | encrypt_crypt_files (ctrl_t ctrl, int nfiles, char **files, strlist_t remusr) |
1202 | 0 | { |
1203 | 0 | int rc = 0; |
1204 | |
|
1205 | 0 | if (opt.outfile) |
1206 | 0 | { |
1207 | 0 | log_error(_("--output doesn't work for this command\n")); |
1208 | 0 | return; |
1209 | 0 | } |
1210 | | |
1211 | 0 | if (!nfiles) |
1212 | 0 | { |
1213 | 0 | char line[2048]; |
1214 | 0 | unsigned int lno = 0; |
1215 | 0 | while ( fgets(line, DIM(line), stdin) ) |
1216 | 0 | { |
1217 | 0 | lno++; |
1218 | 0 | if (!*line || line[strlen(line)-1] != '\n') |
1219 | 0 | { |
1220 | 0 | log_error("input line %u too long or missing LF\n", lno); |
1221 | 0 | return; |
1222 | 0 | } |
1223 | 0 | line[strlen(line)-1] = '\0'; |
1224 | 0 | print_file_status(STATUS_FILE_START, line, 2); |
1225 | 0 | rc = encrypt_crypt (ctrl, -1, line, remusr, 0, NULL, -1); |
1226 | 0 | if (rc) |
1227 | 0 | log_error ("encryption of '%s' failed: %s\n", |
1228 | 0 | print_fname_stdin(line), gpg_strerror (rc) ); |
1229 | 0 | write_status( STATUS_FILE_DONE ); |
1230 | 0 | } |
1231 | 0 | } |
1232 | 0 | else |
1233 | 0 | { |
1234 | 0 | while (nfiles--) |
1235 | 0 | { |
1236 | 0 | print_file_status(STATUS_FILE_START, *files, 2); |
1237 | 0 | if ( (rc = encrypt_crypt (ctrl, -1, *files, remusr, 0, NULL, -1)) ) |
1238 | 0 | log_error("encryption of '%s' failed: %s\n", |
1239 | 0 | print_fname_stdin(*files), gpg_strerror (rc) ); |
1240 | 0 | write_status( STATUS_FILE_DONE ); |
1241 | 0 | files++; |
1242 | 0 | } |
1243 | 0 | } |
1244 | 0 | } |