1 /* encrypt.c - Encrypt a message
2 * Copyright (C) 2001, 2003, 2004, 2007, 2008,
3 * 2010 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
47 typedef struct dek_s *DEK;
50 /* Callback parameters for the encryption. */
51 struct encrypt_cb_parm_s
59 unsigned char *buffer;
67 /* Initialize the data encryption key (session key). */
73 dek->algo = gcry_cipher_map_name (dek->algoid);
74 mode = gcry_cipher_mode_from_oid (dek->algoid);
75 if (!dek->algo || !mode)
77 log_error ("unsupported algorithm '%s'\n", dek->algoid);
78 return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
81 /* Extra check for algorithms we consider to be too weak for
82 encryption, although we support them for decryption. Note that
83 there is another check below discriminating on the key length. */
87 case GCRY_CIPHER_RFC2268_40:
88 log_error ("cipher algorithm '%s' not allowed: too weak\n",
89 gnupg_cipher_algo_name (dek->algo));
90 return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
95 dek->keylen = gcry_cipher_get_algo_keylen (dek->algo);
96 if (!dek->keylen || dek->keylen > sizeof (dek->key))
97 return gpg_error (GPG_ERR_BUG);
99 dek->ivlen = gcry_cipher_get_algo_blklen (dek->algo);
100 if (!dek->ivlen || dek->ivlen > sizeof (dek->iv))
101 return gpg_error (GPG_ERR_BUG);
103 /* Make sure we don't use weak keys. */
104 if (dek->keylen < 100/8)
106 log_error ("key length of '%s' too small\n", dek->algoid);
107 return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
110 rc = gcry_cipher_open (&dek->chd, dek->algo, mode, GCRY_CIPHER_SECURE);
113 log_error ("failed to create cipher context: %s\n", gpg_strerror (rc));
117 for (i=0; i < 8; i++)
119 gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM );
120 rc = gcry_cipher_setkey (dek->chd, dek->key, dek->keylen);
121 if (gpg_err_code (rc) != GPG_ERR_WEAK_KEY)
123 log_info(_("weak key created - retrying\n") );
127 log_error ("failed to set the key: %s\n", gpg_strerror (rc));
128 gcry_cipher_close (dek->chd);
133 gcry_create_nonce (dek->iv, dek->ivlen);
134 rc = gcry_cipher_setiv (dek->chd, dek->iv, dek->ivlen);
137 log_error ("failed to set the IV: %s\n", gpg_strerror (rc));
138 gcry_cipher_close (dek->chd);
148 encode_session_key (DEK dek, gcry_sexp_t * r_data)
154 p = xtrymalloc (64 + 2 * dek->keylen);
156 return gpg_error_from_syserror ();
157 strcpy (p, "(data\n (flags pkcs1)\n (value #");
158 bin2hex (dek->key, dek->keylen, p + strlen (p));
160 rc = gcry_sexp_sscan (&data, NULL, p, strlen (p));
167 /* Encrypt the DEK under the key contained in CERT and return it as a
168 canonical S-Exp in encval. */
170 encrypt_dek (const DEK dek, ksba_cert_t cert, unsigned char **encval)
172 gcry_sexp_t s_ciph, s_data, s_pkey;
179 /* get the key from the cert */
180 buf = ksba_cert_get_public_key (cert);
183 log_error ("no public key for recipient\n");
184 return gpg_error (GPG_ERR_NO_PUBKEY);
186 len = gcry_sexp_canon_len (buf, 0, NULL, NULL);
189 log_error ("libksba did not return a proper S-Exp\n");
190 return gpg_error (GPG_ERR_BUG);
192 rc = gcry_sexp_sscan (&s_pkey, NULL, (char*)buf, len);
193 xfree (buf); buf = NULL;
196 log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
200 /* Put the encoded cleartext into a simple list. */
201 s_data = NULL; /* (avoid compiler warning) */
202 rc = encode_session_key (dek, &s_data);
205 log_error ("encode_session_key failed: %s\n", gpg_strerror (rc));
209 /* pass it to libgcrypt */
210 rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
211 gcry_sexp_release (s_data);
212 gcry_sexp_release (s_pkey);
217 rc = make_canon_sexp (s_ciph, encval, NULL);
218 gcry_sexp_release (s_ciph);
225 /* do the actual encryption */
227 encrypt_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
229 struct encrypt_cb_parm_s *parm = cb_value;
230 int blklen = parm->dek->ivlen;
236 return -1; /* not supported */
245 { /* fillup the buffer */
247 for (n=parm->buflen; n < parm->bufsize; n++)
249 int c = es_getc (parm->fp);
252 if (es_ferror (parm->fp))
254 parm->readerror = errno;
265 n = parm->buflen < count? parm->buflen : count;
266 n = n/blklen * blklen;
268 { /* encrypt the stuff */
269 gcry_cipher_encrypt (parm->dek->chd, buffer, n, parm->buffer, n);
271 /* Who cares about cycles, take the easy way and shift the buffer */
273 memmove (parm->buffer, parm->buffer+n, parm->buflen);
275 else if (parm->eof_seen)
276 { /* no complete block but eof: add padding */
277 /* fixme: we should try to do this also in the above code path */
278 int i, npad = blklen - (parm->buflen % blklen);
280 for (n=parm->buflen, i=0; n < parm->bufsize && i < npad; n++, i++)
282 gcry_cipher_encrypt (parm->dek->chd, buffer, n, parm->buffer, n);
293 /* Perform an encrypt operation.
295 Encrypt the data received on DATA-FD and write it to OUT_FP. The
296 recipients are take from the certificate given in recplist; if this
297 is NULL it will be encrypted for a default recipient */
299 gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
302 Base64Context b64writer = NULL;
304 ksba_writer_t writer;
305 ksba_reader_t reader = NULL;
306 ksba_cms_t cms = NULL;
307 ksba_stop_reason_t stopreason;
308 KEYDB_HANDLE kh = NULL;
309 struct encrypt_cb_parm_s encparm;
312 estream_t data_fp = NULL;
316 memset (&encparm, 0, sizeof encparm);
318 audit_set_type (ctrl->audit, AUDIT_TYPE_ENCRYPT);
320 /* Check that the certificate list is not empty and that at least
321 one certificate is not flagged as encrypt_to; i.e. is a real
323 for (cl = recplist; cl; cl = cl->next)
324 if (!cl->is_encrypt_to)
328 log_error(_("no valid recipients given\n"));
329 gpgsm_status (ctrl, STATUS_NO_RECP, "0");
330 audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, 0);
331 rc = gpg_error (GPG_ERR_NO_PUBKEY);
335 for (count = 0, cl = recplist; cl; cl = cl->next)
337 audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, count);
342 log_error (_("failed to allocate keyDB handle\n"));
343 rc = gpg_error (GPG_ERR_GENERAL);
347 /* Fixme: We should use the unlocked version of the es functions. */
348 data_fp = es_fdopen_nc (data_fd, "rb");
351 rc = gpg_error_from_syserror ();
352 log_error ("fdopen() failed: %s\n", strerror (errno));
356 err = ksba_reader_new (&reader);
360 rc = ksba_reader_set_cb (reader, encrypt_cb, &encparm);
364 encparm.fp = data_fp;
366 ctrl->pem_name = "ENCRYPTED MESSAGE";
367 rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
370 log_error ("can't create writer: %s\n", gpg_strerror (rc));
374 err = ksba_cms_new (&cms);
381 err = ksba_cms_set_reader_writer (cms, reader, writer);
384 log_debug ("ksba_cms_set_reader_writer failed: %s\n",
390 audit_log (ctrl->audit, AUDIT_GOT_DATA);
392 /* We are going to create enveloped data with uninterpreted data as
394 err = ksba_cms_set_content_type (cms, 0, KSBA_CT_ENVELOPED_DATA);
396 err = ksba_cms_set_content_type (cms, 1, KSBA_CT_DATA);
399 log_debug ("ksba_cms_set_content_type failed: %s\n",
405 /* Create a session key */
406 dek = xtrycalloc_secure (1, sizeof *dek);
411 dek->algoid = opt.def_cipher_algoid;
416 log_error ("failed to create the session key: %s\n",
421 err = ksba_cms_set_content_enc_algo (cms, dek->algoid, dek->iv, dek->ivlen);
424 log_error ("ksba_cms_set_content_enc_algo failed: %s\n",
431 /* Use a ~8k (AES) or ~4k (3DES) buffer */
432 encparm.bufsize = 500 * dek->ivlen;
433 encparm.buffer = xtrymalloc (encparm.bufsize);
440 audit_log_s (ctrl->audit, AUDIT_SESSION_KEY, dek->algoid);
442 /* Gather certificates of recipients, encrypt the session key for
443 each and store them in the CMS object */
444 for (recpno = 0, cl = recplist; cl; recpno++, cl = cl->next)
446 unsigned char *encval;
448 rc = encrypt_dek (dek, cl->cert, &encval);
451 audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, rc);
452 log_error ("encryption failed for recipient no. %d: %s\n",
453 recpno, gpg_strerror (rc));
457 err = ksba_cms_add_recipient (cms, cl->cert);
460 audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
461 log_error ("ksba_cms_add_recipient failed: %s\n",
468 err = ksba_cms_set_enc_val (cms, recpno, encval);
470 audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
473 log_error ("ksba_cms_set_enc_val failed: %s\n",
480 /* Main control loop for encryption. */
484 err = ksba_cms_build (cms, &stopreason);
487 log_debug ("ksba_cms_build failed: %s\n", gpg_strerror (err));
492 while (stopreason != KSBA_SR_READY);
494 if (encparm.readerror)
496 log_error ("error reading input: %s\n", strerror (encparm.readerror));
497 rc = gpg_error (gpg_err_code_from_errno (encparm.readerror));
502 rc = gpgsm_finish_writer (b64writer);
505 log_error ("write failed: %s\n", gpg_strerror (rc));
508 audit_log (ctrl->audit, AUDIT_ENCRYPTION_DONE);
509 log_info ("encrypted data created\n");
512 ksba_cms_release (cms);
513 gpgsm_destroy_writer (b64writer);
514 ksba_reader_release (reader);
518 xfree (encparm.buffer);