-
Notifications
You must be signed in to change notification settings - Fork 34
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
bf03214
commit a3ae734
Showing
1 changed file
with
138 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,138 @@ | ||
| From 0aeeb0455d0c2c815e4039ac8654db8c16fd1c54 Mon Sep 17 00:00:00 2001 | ||
| From: HiGarfield <HiGarfield@126.com> | ||
| Date: Sat, 18 Jan 2025 20:10:45 +0800 | ||
| Subject: [PATCH] fix crypto | ||
|
|
||
| --- | ||
| src/crypto/crypto.c | 69 ++++++++++++++++++++++++++++++++------------- | ||
| 1 file changed, 49 insertions(+), 20 deletions(-) | ||
|
|
||
| --- a/src/crypto/crypto.c | ||
| +++ b/src/crypto/crypto.c | ||
| @@ -2,6 +2,7 @@ | ||
| // https://github.com/vedantk/gcrypt-example/blob/master/gcry.cc | ||
|
|
||
| #include <gcrypt.h> | ||
| +#include <stdlib.h> | ||
|
|
||
| #include "utils.h" | ||
| #include "memory_utils.h" | ||
| @@ -16,6 +17,7 @@ gcry_cipher_hd_t gcry_cipher_hd; | ||
| void gcrypt_init() { | ||
| if (!gcry_check_version(GCRYPT_VERSION)) { | ||
| dawnlog_error("gcrypt: library version mismatch"); | ||
| + abort(); | ||
| } | ||
| gcry_error_t err = 0; | ||
| err = gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN); | ||
| @@ -25,6 +27,7 @@ void gcrypt_init() { | ||
|
|
||
| if (err) { | ||
| dawnlog_error("gcrypt: failed initialization"); | ||
| + abort(); | ||
| } | ||
| } | ||
|
|
||
| @@ -61,56 +64,82 @@ void gcrypt_set_key_and_iv(const char *k | ||
| } | ||
| } | ||
|
|
||
| -// free out buffer after using! | ||
| -char *gcrypt_encrypt_msg(char *msg, size_t msg_length, int *out_length) { | ||
| - if (0U != (msg_length & 0xfU)) | ||
| - msg_length += 0x10U - (msg_length & 0xfU); | ||
| +// Free out buffer after using! | ||
| +char *gcrypt_encrypt_msg(const char *msg, size_t msg_length, int *out_length) { | ||
| + size_t block_size = gcry_cipher_get_algo_blklen(GCRY_CIPHER); | ||
| + size_t padded_length = msg_length; | ||
| + | ||
| + // Calculate padded length | ||
| + if (msg_length % block_size != 0) { | ||
| + padded_length += block_size - (msg_length % block_size); | ||
| + } else { | ||
| + // If the message is a multiple of the block size, add a full block for padding | ||
| + padded_length += block_size; | ||
| + } | ||
|
|
||
| - char *out = dawn_malloc(msg_length); | ||
| - if (!out){ | ||
| + char *out = dawn_malloc(padded_length); | ||
| + if (!out) { | ||
| dawnlog_error("gcry_cipher_encrypt error: not enough memory\n"); | ||
| return NULL; | ||
| } | ||
| - gcry_error_handle = gcry_cipher_encrypt(gcry_cipher_hd, out, msg_length, msg, msg_length); | ||
| + | ||
| + // Copy the message | ||
| + memcpy(out, msg, msg_length); | ||
| + | ||
| + // Add PKCS#7 padding | ||
| + unsigned char padding_value = padded_length - msg_length; // Value of the padding bytes | ||
| + memset(out + msg_length, padding_value, padding_value); | ||
| + | ||
| + gcry_error_handle = gcry_cipher_encrypt(gcry_cipher_hd, out, padded_length, out, padded_length); | ||
| if (gcry_error_handle) { | ||
| dawnlog_error("gcry_cipher_encrypt failed: %s/%s\n", | ||
| gcry_strsource(gcry_error_handle), | ||
| gcry_strerror(gcry_error_handle)); | ||
| + dawn_free(out); | ||
| return NULL; | ||
| } | ||
| - *out_length = msg_length; | ||
| + | ||
| + *out_length = padded_length; | ||
| return out; | ||
| } | ||
|
|
||
| -// free out buffer after using! | ||
| +// Free out buffer after using! | ||
| char *gcrypt_decrypt_msg(char *msg, size_t msg_length) { | ||
| - if (0U != (msg_length & 0xfU)) | ||
| - msg_length += 0x10U - (msg_length & 0xfU); | ||
| - | ||
| char *out_buffer = dawn_malloc(msg_length); | ||
| - if (!out_buffer){ | ||
| + if (!out_buffer) { | ||
| dawnlog_error("gcry_cipher_decrypt error: not enough memory\n"); | ||
| return NULL; | ||
| } | ||
| + | ||
| gcry_error_handle = gcry_cipher_decrypt(gcry_cipher_hd, out_buffer, msg_length, msg, msg_length); | ||
| if (gcry_error_handle) { | ||
| dawnlog_error("gcry_cipher_decrypt failed: %s/%s\n", | ||
| gcry_strsource(gcry_error_handle), | ||
| gcry_strerror(gcry_error_handle)); | ||
| dawn_free(out_buffer); | ||
| - out_buffer = NULL; | ||
| return NULL; | ||
| } | ||
| - char *out = dawn_malloc(strlen(out_buffer) + 1); | ||
| - if (!out){ | ||
| + | ||
| + // Remove PKCS#7 padding | ||
| + unsigned char padding_value = out_buffer[msg_length - 1]; | ||
| + | ||
| + // Validate padding length | ||
| + if (padding_value < 1 || padding_value > gcry_cipher_get_algo_blklen(GCRY_CIPHER) || | ||
| + padding_value > msg_length) { | ||
| + dawn_free(out_buffer); | ||
| + return NULL; // Invalid padding | ||
| + } | ||
| + | ||
| + size_t out_length = msg_length - padding_value; | ||
| + char *out = dawn_malloc(out_length + 1); | ||
| + if (!out) { | ||
| dawn_free(out_buffer); | ||
| - out_buffer = NULL; | ||
| dawnlog_error("gcry_cipher_decrypt error: not enough memory\n"); | ||
| return NULL; | ||
| } | ||
| - strcpy(out, out_buffer); | ||
| + | ||
| + memcpy(out, out_buffer, out_length); | ||
| + out[out_length] = '\0'; // Null terminate the string | ||
| dawn_free(out_buffer); | ||
| - out_buffer = NULL; | ||
| return out; | ||
| } | ||
| - |