Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_vim / 2be795084f053928879d758443e199ef147cc07e / . / src / crypt.c
blob: 758ffb17b2813d0bbe2badad14e58f4a9b5ce106 [file] [log] [blame]
Bram Moolenaar8f4ac012014-08-10 13:38:34 +0200[diff] [blame]1/* vi:set ts=8 sts=4 sw=4:
2 *
3 * VIM - Vi IMproved by Bram Moolenaar
4 *
5 * Do ":help uganda" in Vim to read copying and usage conditions.
6 * Do ":help credits" in Vim to see a list of people who contributed.
7 * See README.txt for an overview of the Vim source code.
8 */
9
10/*
11 * crypt.c: Generic encryption support.
12 */
13#include "vim.h"
14
15#if defined(FEAT_CRYPT) || defined(PROTO)
16/*
17 * Optional encryption support.
18 * Mohsin Ahmed, mosh@sasi.com, 1998-09-24
19 * Based on zip/crypt sources.
20 * Refactored by David Leadbeater, 2014.
21 *
22 * NOTE FOR USA: Since 2000 exporting this code from the USA is allowed to
23 * most countries. There are a few exceptions, but that still should not be a
24 * problem since this code was originally created in Europe and India.
25 *
26 * Blowfish addition originally made by Mohsin Ahmed,
27 * http://www.cs.albany.edu/~mosh 2010-03-14
28 * Based on blowfish by Bruce Schneier (http://www.schneier.com/blowfish.html)
29 * and sha256 by Christophe Devine.
30 */
31
32typedef struct {
33 char *name; /* encryption name as used in 'cryptmethod' */
34 char *magic; /* magic bytes stored in file header */
35 int salt_len; /* length of salt, or 0 when not using salt */
36 int seed_len; /* length of seed, or 0 when not using salt */
37 int works_inplace; /* encryption/decryption can be done in-place */
38 int whole_undofile; /* whole undo file is encrypted */
39
40 /* Optional function pointer for a self-test. */
41 int (* self_test_fn)();
42
43 /* Function pointer for initializing encryption/decription. */
44 void (* init_fn)(cryptstate_T *state, char_u *key,
45 char_u *salt, int salt_len, char_u *seed, int seed_len);
46
47 /* Function pointers for encoding/decoding from one buffer into another.
48 * Optional, however, these or the _buffer ones should be configured. */
49 void (*encode_fn)(cryptstate_T *state, char_u *from, size_t len,
50 char_u *to);
51 void (*decode_fn)(cryptstate_T *state, char_u *from, size_t len,
52 char_u *to);
53
54 /* Function pointers for encoding and decoding, can buffer data if needed.
55 * Optional (however, these or the above should be configured). */
56 long (*encode_buffer_fn)(cryptstate_T *state, char_u *from, size_t len,
57 char_u **newptr);
58 long (*decode_buffer_fn)(cryptstate_T *state, char_u *from, size_t len,
59 char_u **newptr);
60
61 /* Function pointers for in-place encoding and decoding, used for
62 * crypt_*_inplace(). "from" and "to" arguments will be equal.
63 * These may be the same as decode_fn and encode_fn above, however an
64 * algorithm may implement them in a way that is not interchangeable with
65 * the crypt_(en|de)code() interface (for example because it wishes to add
66 * padding to files).
67 * This method is used for swap and undo files which have a rigid format.
68 */
69 void (*encode_inplace_fn)(cryptstate_T *state, char_u *p1, size_t len,
70 char_u *p2);
71 void (*decode_inplace_fn)(cryptstate_T *state, char_u *p1, size_t len,
72 char_u *p2);
73} cryptmethod_T;
74
75/* index is method_nr of cryptstate_T, CRYPT_M_* */
76static cryptmethod_T cryptmethods[CRYPT_M_COUNT] = {
77 /* PK_Zip; very weak */
78 {
79 "zip",
80 "VimCrypt~01!",
81 0,
82 0,
83 TRUE,
84 FALSE,
85 NULL,
86 crypt_zip_init,
87 crypt_zip_encode, crypt_zip_decode,
88 NULL, NULL,
89 crypt_zip_encode, crypt_zip_decode,
90 },
91
92 /* Blowfish/CFB + SHA-256 custom key derivation; implementation issues. */
93 {
94 "blowfish",
95 "VimCrypt~02!",
96 8,
97 8,
98 TRUE,
99 FALSE,
100 blowfish_self_test,
101 crypt_blowfish_init,
102 crypt_blowfish_encode, crypt_blowfish_decode,
103 NULL, NULL,
104 crypt_blowfish_encode, crypt_blowfish_decode,
105 },
106
107 /* Blowfish/CFB + SHA-256 custom key derivation; fixed. */
108 {
109 "blowfish2",
110 "VimCrypt~03!",
111 8,
112 8,
113 TRUE,
114 TRUE,
115 blowfish_self_test,
116 crypt_blowfish_init,
117 crypt_blowfish_encode, crypt_blowfish_decode,
118 NULL, NULL,
119 crypt_blowfish_encode, crypt_blowfish_decode,
120 },
121};
122
123#define CRYPT_MAGIC_LEN 12 /* cannot change */
124static char crypt_magic_head[] = "VimCrypt~";
125
126/*
127 * Return int value for crypt method name.
128 * 0 for "zip", the old method. Also for any non-valid value.
129 * 1 for "blowfish".
130 * 2 for "blowfish2".
131 */
132 int
133crypt_method_nr_from_name(name)
134 char_u *name;
135{
136 int i;
137
138 for (i = 0; i < CRYPT_M_COUNT; ++i)
139 if (STRCMP(name, cryptmethods[i].name) == 0)
140 return i;
141 return 0;
142}
143
144/*
145 * Get the crypt method used for a file from "ptr[len]", the magic text at the
146 * start of the file.
147 * Returns -1 when no encryption used.
148 */
149 int
150crypt_method_nr_from_magic(ptr, len)
151 char *ptr;
152 int len;
153{
154 int i;
155
156 if (len < CRYPT_MAGIC_LEN)
157 return -1;
158
159 for (i = 0; i < CRYPT_M_COUNT; i++)
160 if (memcmp(ptr, cryptmethods[i].magic, CRYPT_MAGIC_LEN) == 0)
161 return i;
162
163 i = (int)STRLEN(crypt_magic_head);
164 if (len >= i && memcmp(ptr, crypt_magic_head, i) == 0)
165 EMSG(_("E821: File is encrypted with unknown method"));
166
167 return -1;
168}
169
170/*
171 * Return TRUE if the crypt method for "method_nr" can be done in-place.
172 */
173 int
174crypt_works_inplace(state)
175 cryptstate_T *state;
176{
177 return cryptmethods[state->method_nr].works_inplace;
178}
179
180/*
181 * Get the crypt method for buffer "buf" as a number.
182 */
183 int
184crypt_get_method_nr(buf)
185 buf_T *buf;
186{
187 return crypt_method_nr_from_name(*buf->b_p_cm == NUL ? p_cm : buf->b_p_cm);
188}
189
190/*
191 * Return TRUE when the buffer uses an encryption method that encrypts the
192 * whole undo file, not only the text.
193 */
194 int
195crypt_whole_undofile(method_nr)
196 int method_nr;
197{
198 return cryptmethods[method_nr].whole_undofile;
199}
200
201/*
202 * Get crypt method specifc length of the file header in bytes.
203 */
204 int
205crypt_get_header_len(method_nr)
206 int method_nr;
207{
208 return CRYPT_MAGIC_LEN
209 + cryptmethods[method_nr].salt_len
210 + cryptmethods[method_nr].seed_len;
211}
212
213/*
214 * Set the crypt method for buffer "buf" to "method_nr" using the int value as
215 * returned by crypt_method_nr_from_name().
216 */
217 void
218crypt_set_cm_option(buf, method_nr)
219 buf_T *buf;
220 int method_nr;
221{
222 free_string_option(buf->b_p_cm);
223 buf->b_p_cm = vim_strsave((char_u *)cryptmethods[method_nr].name);
224}
225
226/*
227 * If the crypt method for the current buffer has a self-test, run it and
228 * return OK/FAIL.
229 */
230 int
231crypt_self_test()
232{
233 int method_nr = crypt_get_method_nr(curbuf);
234
235 if (cryptmethods[method_nr].self_test_fn == NULL)
236 return OK;
237 return cryptmethods[method_nr].self_test_fn();
238}
239
240/*
241 * Allocate a crypt state and initialize it.
242 */
243 cryptstate_T *
244crypt_create(method_nr, key, salt, salt_len, seed, seed_len)
245 int method_nr;
246 char_u *key;
247 char_u *salt;
248 int salt_len;
249 char_u *seed;
250 int seed_len;
251{
252 cryptstate_T *state = (cryptstate_T *)alloc((int)sizeof(cryptstate_T));
253
254 state->method_nr = method_nr;
255 cryptmethods[method_nr].init_fn(state, key, salt, salt_len, seed, seed_len);
256 return state;
257}
258
259/*
260 * Allocate a crypt state from a file header and initialize it.
261 * Assumes that header contains at least the number of bytes that
262 * crypt_get_header_len() returns for "method_nr".
263 */
264 cryptstate_T *
265crypt_create_from_header(method_nr, key, header)
266 int method_nr;
267 char_u *key;
268 char_u *header;
269{
270 char_u *salt = NULL;
271 char_u *seed = NULL;
272 int salt_len = cryptmethods[method_nr].salt_len;
273 int seed_len = cryptmethods[method_nr].seed_len;
274
275 if (salt_len > 0)
276 salt = header + CRYPT_MAGIC_LEN;
277 if (seed_len > 0)
278 seed = header + CRYPT_MAGIC_LEN + salt_len;
279
280 return crypt_create(method_nr, key, salt, salt_len, seed, seed_len);
281}
282
283/*
284 * Read the crypt method specific header data from "fp".
285 * Return an allocated cryptstate_T or NULL on error.
286 */
287 cryptstate_T *
288crypt_create_from_file(fp, key)
289 FILE *fp;
290 char_u *key;
291{
292 int method_nr;
293 int header_len;
294 char magic_buffer[CRYPT_MAGIC_LEN];
295 char_u *buffer;
296 cryptstate_T *state;
297
298 if (fread(magic_buffer, CRYPT_MAGIC_LEN, 1, fp) != 1)
299 return NULL;
300 method_nr = crypt_method_nr_from_magic(magic_buffer, CRYPT_MAGIC_LEN);
301 if (method_nr < 0)
302 return NULL;
303
304 header_len = crypt_get_header_len(method_nr);
305 if ((buffer = alloc(header_len)) == NULL)
306 return NULL;
307 mch_memmove(buffer, magic_buffer, CRYPT_MAGIC_LEN);
308 if (header_len > CRYPT_MAGIC_LEN
309 && fread(buffer + CRYPT_MAGIC_LEN,
310 header_len - CRYPT_MAGIC_LEN, 1, fp) != 1)
311 {
312 vim_free(buffer);
313 return NULL;
314 }
315
316 state = crypt_create_from_header(method_nr, key, buffer);
317 vim_free(buffer);
318 return state;
319}
320
321/*
322 * Allocate a cryptstate_T for writing and initialize it with "key".
323 * Allocates and fills in the header and stores it in "header", setting
324 * "header_len". The header may include salt and seed, depending on
325 * cryptmethod. Caller must free header.
326 * Returns the state or NULL on failure.
327 */
328 cryptstate_T *
329crypt_create_for_writing(method_nr, key, header, header_len)
330 int method_nr;
331 char_u *key;
332 char_u **header;
333 int *header_len;
334{
335 int len = crypt_get_header_len(method_nr);
336 char_u *salt = NULL;
337 char_u *seed = NULL;
338 int salt_len = cryptmethods[method_nr].salt_len;
339 int seed_len = cryptmethods[method_nr].seed_len;
340 cryptstate_T *state;
341
342 *header_len = len;
343 *header = alloc(len);
344 if (*header == NULL)
345 return NULL;
346
347 mch_memmove(*header, cryptmethods[method_nr].magic, CRYPT_MAGIC_LEN);
348 if (salt_len > 0 || seed_len > 0)
349 {
350 if (salt_len > 0)
351 salt = *header + CRYPT_MAGIC_LEN;
352 if (seed_len > 0)
353 seed = *header + CRYPT_MAGIC_LEN + salt_len;
354
355 /* TODO: Should this be crypt method specific? (Probably not worth
356 * it). sha2_seed is pretty bad for large amounts of entropy, so make
357 * that into something which is suitable for anything. */
358 sha2_seed(salt, salt_len, seed, seed_len);
359 }
360
361 state = crypt_create(method_nr, key, salt, salt_len, seed, seed_len);
362 if (state == NULL)
363 {
364 vim_free(*header);
365 *header = NULL;
366 }
367 return state;
368}
369
370/*
371 * Free the crypt state.
372 */
373 void
374crypt_free_state(state)
375 cryptstate_T *state;
376{
377 vim_free(state->method_state);
378 vim_free(state);
379}
380
381/*
382 * Encode "from[len]" and store the result in a newly allocated buffer, which
383 * is stored in "newptr".
384 * Return number of bytes in "newptr", 0 for need more or -1 on error.
385 */
386 long
387crypt_encode_alloc(state, from, len, newptr)
388 cryptstate_T *state;
389 char_u *from;
390 size_t len;
391 char_u **newptr;
392{
393 cryptmethod_T *method = &cryptmethods[state->method_nr];
394
395 if (method->encode_buffer_fn != NULL)
396 /* Has buffer function, pass through. */
397 return method->encode_buffer_fn(state, from, len, newptr);
398 if (len == 0)
399 /* Not buffering, just return EOF. */
400 return len;
401
402 *newptr = alloc(len);
403 if (*newptr == NULL)
404 return -1;
405 method->encode_fn(state, from, len, *newptr);
406 return len;
407}
408
409/*
410 * Decrypt "ptr[len]" and store the result in a newly allocated buffer, which
411 * is stored in "newptr".
412 * Return number of bytes in "newptr", 0 for need more or -1 on error.
413 */
414 long
415crypt_decode_alloc(state, ptr, len, newptr)
416 cryptstate_T *state;
417 char_u *ptr;
418 long len;
419 char_u **newptr;
420{
421 cryptmethod_T *method = &cryptmethods[state->method_nr];
422
423 if (method->decode_buffer_fn != NULL)
424 /* Has buffer function, pass through. */
425 return method->decode_buffer_fn(state, ptr, len, newptr);
426
427 if (len == 0)
428 /* Not buffering, just return EOF. */
429 return len;
430
431 *newptr = alloc(len);
432 if (*newptr == NULL)
433 return -1;
434 method->decode_fn(state, ptr, len, *newptr);
435 return len;
436}
437
438/*
439 * Encrypting "from[len]" into "to[len]".
440 */
441 void
442crypt_encode(state, from, len, to)
443 cryptstate_T *state;
444 char_u *from;
445 size_t len;
446 char_u *to;
447{
448 cryptmethods[state->method_nr].encode_fn(state, from, len, to);
449}
450
451/*
452 * decrypting "from[len]" into "to[len]".
453 */
454 void
455crypt_decode(state, from, len, to)
456 cryptstate_T *state;
457 char_u *from;
458 size_t len;
459 char_u *to;
460{
461 cryptmethods[state->method_nr].decode_fn(state, from, len, to);
462}
463
464/*
465 * Simple inplace encryption, modifies "buf[len]" in place.
466 */
467 void
468crypt_encode_inplace(state, buf, len)
469 cryptstate_T *state;
470 char_u *buf;
471 size_t len;
472{
473 cryptmethods[state->method_nr].encode_inplace_fn(state, buf, len, buf);
474}
475
476/*
477 * Simple inplace decryption, modifies "buf[len]" in place.
478 */
479 void
480crypt_decode_inplace(state, buf, len)
481 cryptstate_T *state;
482 char_u *buf;
483 size_t len;
484{
485 cryptmethods[state->method_nr].decode_inplace_fn(state, buf, len, buf);
486}
487
488/*
489 * Free an allocated crypt key. Clear the text to make sure it doesn't stay
490 * in memory anywhere.
491 */
492 void
493crypt_free_key(key)
494 char_u *key;
495{
496 char_u *p;
497
498 if (key != NULL)
499 {
500 for (p = key; *p != NUL; ++p)
501 *p = 0;
502 vim_free(key);
503 }
504}
505
506/*
507 * Ask the user for a crypt key.
508 * When "store" is TRUE, the new key is stored in the 'key' option, and the
509 * 'key' option value is returned: Don't free it.
510 * When "store" is FALSE, the typed key is returned in allocated memory.
511 * Returns NULL on failure.
512 */
513 char_u *
514crypt_get_key(store, twice)
515 int store;
516 int twice; /* Ask for the key twice. */
517{
518 char_u *p1, *p2 = NULL;
519 int round;
520
521 for (round = 0; ; ++round)
522 {
523 cmdline_star = TRUE;
524 cmdline_row = msg_row;
525 p1 = getcmdline_prompt(NUL, round == 0
526 ? (char_u *)_("Enter encryption key: ")
527 : (char_u *)_("Enter same key again: "), 0, EXPAND_NOTHING,
528 NULL);
529 cmdline_star = FALSE;
530
531 if (p1 == NULL)
532 break;
533
534 if (round == twice)
535 {
536 if (p2 != NULL && STRCMP(p1, p2) != 0)
537 {
538 MSG(_("Keys don't match!"));
539 crypt_free_key(p1);
540 crypt_free_key(p2);
541 p2 = NULL;
542 round = -1; /* do it again */
543 continue;
544 }
545
546 if (store)
547 {
548 set_option_value((char_u *)"key", 0L, p1, OPT_LOCAL);
549 crypt_free_key(p1);
550 p1 = curbuf->b_p_key;
551 }
552 break;
553 }
554 p2 = p1;
555 }
556
557 /* since the user typed this, no need to wait for return */
558 if (msg_didout)
559 msg_putchar('\n');
560 need_wait_return = FALSE;
561 msg_didout = FALSE;
562
563 crypt_free_key(p2);
564 return p1;
565}
566
567
568/*
569 * Append a message to IObuff for the encryption/decryption method being used.
570 */
571 void
572crypt_append_msg(buf)
573 buf_T *buf;
574{
575 if (crypt_get_method_nr(buf) == 0)
576 STRCAT(IObuff, _("[crypted]"));
577 else
578 {
579 STRCAT(IObuff, "[");
580 STRCAT(IObuff, *buf->b_p_cm == NUL ? p_cm : buf->b_p_cm);
581 STRCAT(IObuff, "]");
582 }
583}
584
585#endif /* FEAT_CRYPT */