1 /* encrypt.c - Encrypt a message
2 * Copyright (C) 2001, 2003, 2004, 2007, 2008,
3 * 2010 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
47 typedef struct dek_s *DEK;
50 /* Callback parameters for the encryption. */
51 struct encrypt_cb_parm_s
59 unsigned char *buffer;
67 /* Initialize the data encryption key (session key). */
73 dek->algo = gcry_cipher_map_name (dek->algoid);
74 mode = gcry_cipher_mode_from_oid (dek->algoid);
75 if (!dek->algo || !mode)
77 log_error ("unsupported algorithm '%s'\n", dek->algoid);
78 return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
81 /* Extra check for algorithms we consider to be too weak for
82 encryption, although we support them for decryption. Note that
83 there is another check below discriminating on the key length. */
87 case GCRY_CIPHER_RFC2268_40:
88 log_error ("cipher algorithm '%s' not allowed: too weak\n",
89 gnupg_cipher_algo_name (dek->algo));
90 return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
95 dek->keylen = gcry_cipher_get_algo_keylen (dek->algo);
96 if (!dek->keylen || dek->keylen > sizeof (dek->key))
97 return gpg_error (GPG_ERR_BUG);
99 dek->ivlen = gcry_cipher_get_algo_blklen (dek->algo);
100 if (!dek->ivlen || dek->ivlen > sizeof (dek->iv))
101 return gpg_error (GPG_ERR_BUG);
103 /* Make sure we don't use weak keys. */
104 if (dek->keylen < 100/8)
106 log_error ("key length of '%s' too small\n", dek->algoid);
107 return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
110 rc = gcry_cipher_open (&dek->chd, dek->algo, mode, GCRY_CIPHER_SECURE);
113 log_error ("failed to create cipher context: %s\n", gpg_strerror (rc));
117 for (i=0; i < 8; i++)
119 gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM );
120 rc = gcry_cipher_setkey (dek->chd, dek->key, dek->keylen);
121 if (gpg_err_code (rc) != GPG_ERR_WEAK_KEY)
123 log_info(_("weak key created - retrying\n") );
127 log_error ("failed to set the key: %s\n", gpg_strerror (rc));
128 gcry_cipher_close (dek->chd);
133 gcry_create_nonce (dek->iv, dek->ivlen);
134 rc = gcry_cipher_setiv (dek->chd, dek->iv, dek->ivlen);
137 log_error ("failed to set the IV: %s\n", gpg_strerror (rc));
138 gcry_cipher_close (dek->chd);
148 encode_session_key (DEK dek, gcry_sexp_t * r_data)
154 p = xtrymalloc (64 + 2 * dek->keylen);
156 return gpg_error_from_syserror ();
157 strcpy (p, "(data\n (flags pkcs1)\n (value #");
158 bin2hex (dek->key, dek->keylen, p + strlen (p));
160 rc = gcry_sexp_sscan (&data, NULL, p, strlen (p));
167 /* Encrypt the DEK under the key contained in CERT and return it as a
168 canonical S-Exp in encval. */
170 encrypt_dek (const DEK dek, ksba_cert_t cert, unsigned char **encval)
172 gcry_sexp_t s_ciph, s_data, s_pkey;
179 /* get the key from the cert */
180 buf = ksba_cert_get_public_key (cert);
183 log_error ("no public key for recipient\n");
184 return gpg_error (GPG_ERR_NO_PUBKEY);
186 len = gcry_sexp_canon_len (buf, 0, NULL, NULL);
189 log_error ("libksba did not return a proper S-Exp\n");
190 return gpg_error (GPG_ERR_BUG);
192 rc = gcry_sexp_sscan (&s_pkey, NULL, (char*)buf, len);
193 xfree (buf); buf = NULL;
196 log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
200 /* Put the encoded cleartext into a simple list. */
201 s_data = NULL; /* (avoid compiler warning) */
202 rc = encode_session_key (dek, &s_data);
205 log_error ("encode_session_key failed: %s\n", gpg_strerror (rc));
209 /* pass it to libgcrypt */
210 rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
211 gcry_sexp_release (s_data);
212 gcry_sexp_release (s_pkey);
217 rc = make_canon_sexp (s_ciph, encval, NULL);
218 gcry_sexp_release (s_ciph);
225 /* do the actual encryption */
227 encrypt_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
229 struct encrypt_cb_parm_s *parm = cb_value;
230 int blklen = parm->dek->ivlen;
236 return -1; /* not supported */
245 { /* fillup the buffer */
247 for (n=parm->buflen; n < parm->bufsize; n++)
249 int c = es_getc (parm->fp);
252 if (es_ferror (parm->fp))
254 parm->readerror = errno;
265 n = parm->buflen < count? parm->buflen : count;
266 n = n/blklen * blklen;
268 { /* encrypt the stuff */
269 gcry_cipher_encrypt (parm->dek->chd, buffer, n, parm->buffer, n);
271 /* Who cares about cycles, take the easy way and shift the buffer */
273 memmove (parm->buffer, parm->buffer+n, parm->buflen);
275 else if (parm->eof_seen)
276 { /* no complete block but eof: add padding */
277 /* fixme: we should try to do this also in the above code path */
278 int i, npad = blklen - (parm->buflen % blklen);
280 for (n=parm->buflen, i=0; n < parm->bufsize && i < npad; n++, i++)
282 gcry_cipher_encrypt (parm->dek->chd, buffer, n, parm->buffer, n);
293 /* Perform an encrypt operation.
295 Encrypt the data received on DATA-FD and write it to OUT_FP. The
296 recipients are take from the certificate given in recplist; if this
297 is NULL it will be encrypted for a default recipient */
299 gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
302 gnupg_ksba_io_t b64writer = NULL;
304 ksba_writer_t writer;
305 ksba_reader_t reader = NULL;
306 ksba_cms_t cms = NULL;
307 ksba_stop_reason_t stopreason;
308 KEYDB_HANDLE kh = NULL;
309 struct encrypt_cb_parm_s encparm;
312 estream_t data_fp = NULL;
316 memset (&encparm, 0, sizeof encparm);
318 audit_set_type (ctrl->audit, AUDIT_TYPE_ENCRYPT);
320 /* Check that the certificate list is not empty and that at least
321 one certificate is not flagged as encrypt_to; i.e. is a real
323 for (cl = recplist; cl; cl = cl->next)
324 if (!cl->is_encrypt_to)
328 log_error(_("no valid recipients given\n"));
329 gpgsm_status (ctrl, STATUS_NO_RECP, "0");
330 audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, 0);
331 rc = gpg_error (GPG_ERR_NO_PUBKEY);
335 for (count = 0, cl = recplist; cl; cl = cl->next)
337 audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, count);
342 log_error (_("failed to allocate keyDB handle\n"));
343 rc = gpg_error (GPG_ERR_GENERAL);
347 /* Fixme: We should use the unlocked version of the es functions. */
348 data_fp = es_fdopen_nc (data_fd, "rb");
351 rc = gpg_error_from_syserror ();
352 log_error ("fdopen() failed: %s\n", strerror (errno));
356 err = ksba_reader_new (&reader);
360 rc = ksba_reader_set_cb (reader, encrypt_cb, &encparm);
364 encparm.fp = data_fp;
366 ctrl->pem_name = "ENCRYPTED MESSAGE";
367 rc = gnupg_ksba_create_writer
368 (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
369 | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
370 ctrl->pem_name, out_fp, &writer);
373 log_error ("can't create writer: %s\n", gpg_strerror (rc));
377 err = ksba_cms_new (&cms);
384 err = ksba_cms_set_reader_writer (cms, reader, writer);
387 log_debug ("ksba_cms_set_reader_writer failed: %s\n",
393 audit_log (ctrl->audit, AUDIT_GOT_DATA);
395 /* We are going to create enveloped data with uninterpreted data as
397 err = ksba_cms_set_content_type (cms, 0, KSBA_CT_ENVELOPED_DATA);
399 err = ksba_cms_set_content_type (cms, 1, KSBA_CT_DATA);
402 log_debug ("ksba_cms_set_content_type failed: %s\n",
408 /* Create a session key */
409 dek = xtrycalloc_secure (1, sizeof *dek);
414 dek->algoid = opt.def_cipher_algoid;
419 log_error ("failed to create the session key: %s\n",
424 err = ksba_cms_set_content_enc_algo (cms, dek->algoid, dek->iv, dek->ivlen);
427 log_error ("ksba_cms_set_content_enc_algo failed: %s\n",
434 /* Use a ~8k (AES) or ~4k (3DES) buffer */
435 encparm.bufsize = 500 * dek->ivlen;
436 encparm.buffer = xtrymalloc (encparm.bufsize);
443 audit_log_s (ctrl->audit, AUDIT_SESSION_KEY, dek->algoid);
445 /* Gather certificates of recipients, encrypt the session key for
446 each and store them in the CMS object */
447 for (recpno = 0, cl = recplist; cl; recpno++, cl = cl->next)
449 unsigned char *encval;
451 rc = encrypt_dek (dek, cl->cert, &encval);
454 audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, rc);
455 log_error ("encryption failed for recipient no. %d: %s\n",
456 recpno, gpg_strerror (rc));
460 err = ksba_cms_add_recipient (cms, cl->cert);
463 audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
464 log_error ("ksba_cms_add_recipient failed: %s\n",
471 err = ksba_cms_set_enc_val (cms, recpno, encval);
473 audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
476 log_error ("ksba_cms_set_enc_val failed: %s\n",
483 /* Main control loop for encryption. */
487 err = ksba_cms_build (cms, &stopreason);
490 log_debug ("ksba_cms_build failed: %s\n", gpg_strerror (err));
495 while (stopreason != KSBA_SR_READY);
497 if (encparm.readerror)
499 log_error ("error reading input: %s\n", strerror (encparm.readerror));
500 rc = gpg_error (gpg_err_code_from_errno (encparm.readerror));
505 rc = gnupg_ksba_finish_writer (b64writer);
508 log_error ("write failed: %s\n", gpg_strerror (rc));
511 audit_log (ctrl->audit, AUDIT_ENCRYPTION_DONE);
512 log_info ("encrypted data created\n");
515 ksba_cms_release (cms);
516 gnupg_ksba_destroy_writer (b64writer);
517 ksba_reader_release (reader);
521 xfree (encparm.buffer);
projects / gnupg.git / blob