1 /* vi:set ts=8 sts=4 sw=4 noet: 2 * 3 * VIM - Vi IMproved by Bram Moolenaar 4 * 5 * Do ":help uganda" in Vim to read copying and usage conditions. 6 * Do ":help credits" in Vim to see a list of people who contributed. 7 * See README.txt for an overview of the Vim source code. 8 */ 9 10 /* 11 * crypt.c: Generic encryption support. 12 */ 13 #include "vim.h" 14 15 #if defined(FEAT_CRYPT) || defined(PROTO) 16 /* 17 * Optional encryption support. 18 * Mohsin Ahmed, [email protected], 1998-09-24 19 * Based on zip/crypt sources. 20 * Refactored by David Leadbeater, 2014. 21 * 22 * NOTE FOR USA: Since 2000 exporting this code from the USA is allowed to 23 * most countries. There are a few exceptions, but that still should not be a 24 * problem since this code was originally created in Europe and India. 25 * 26 * Blowfish addition originally made by Mohsin Ahmed, 27 * http://www.cs.albany.edu/~mosh 2010-03-14 28 * Based on blowfish by Bruce Schneier (http://www.schneier.com/blowfish.html) 29 * and sha256 by Christophe Devine. 30 */ 31 32 typedef struct { 33 char *name; /* encryption name as used in 'cryptmethod' */ 34 char *magic; /* magic bytes stored in file header */ 35 int salt_len; /* length of salt, or 0 when not using salt */ 36 int seed_len; /* length of seed, or 0 when not using salt */ 37 #ifdef CRYPT_NOT_INPLACE 38 int works_inplace; /* encryption/decryption can be done in-place */ 39 #endif 40 int whole_undofile; /* whole undo file is encrypted */ 41 42 /* Optional function pointer for a self-test. */ 43 int (* self_test_fn)(); 44 45 // Function pointer for initializing encryption/decryption. 46 int (* init_fn)(cryptstate_T *state, char_u *key, 47 char_u *salt, int salt_len, char_u *seed, int seed_len); 48 49 /* Function pointers for encoding/decoding from one buffer into another. 50 * Optional, however, these or the _buffer ones should be configured. */ 51 void (*encode_fn)(cryptstate_T *state, char_u *from, size_t len, 52 char_u *to); 53 void (*decode_fn)(cryptstate_T *state, char_u *from, size_t len, 54 char_u *to); 55 56 /* Function pointers for encoding and decoding, can buffer data if needed. 57 * Optional (however, these or the above should be configured). */ 58 long (*encode_buffer_fn)(cryptstate_T *state, char_u *from, size_t len, 59 char_u **newptr); 60 long (*decode_buffer_fn)(cryptstate_T *state, char_u *from, size_t len, 61 char_u **newptr); 62 63 /* Function pointers for in-place encoding and decoding, used for 64 * crypt_*_inplace(). "from" and "to" arguments will be equal. 65 * These may be the same as decode_fn and encode_fn above, however an 66 * algorithm may implement them in a way that is not interchangeable with 67 * the crypt_(en|de)code() interface (for example because it wishes to add 68 * padding to files). 69 * This method is used for swap and undo files which have a rigid format. 70 */ 71 void (*encode_inplace_fn)(cryptstate_T *state, char_u *p1, size_t len, 72 char_u *p2); 73 void (*decode_inplace_fn)(cryptstate_T *state, char_u *p1, size_t len, 74 char_u *p2); 75 } cryptmethod_T; 76 77 /* index is method_nr of cryptstate_T, CRYPT_M_* */ 78 static cryptmethod_T cryptmethods[CRYPT_M_COUNT] = { 79 /* PK_Zip; very weak */ 80 { 81 "zip", 82 "VimCrypt~01!", 83 0, 84 0, 85 #ifdef CRYPT_NOT_INPLACE 86 TRUE, 87 #endif 88 FALSE, 89 NULL, 90 crypt_zip_init, 91 crypt_zip_encode, crypt_zip_decode, 92 NULL, NULL, 93 crypt_zip_encode, crypt_zip_decode, 94 }, 95 96 /* Blowfish/CFB + SHA-256 custom key derivation; implementation issues. */ 97 { 98 "blowfish", 99 "VimCrypt~02!", 100 8, 101 8, 102 #ifdef CRYPT_NOT_INPLACE 103 TRUE, 104 #endif 105 FALSE, 106 blowfish_self_test, 107 crypt_blowfish_init, 108 crypt_blowfish_encode, crypt_blowfish_decode, 109 NULL, NULL, 110 crypt_blowfish_encode, crypt_blowfish_decode, 111 }, 112 113 /* Blowfish/CFB + SHA-256 custom key derivation; fixed. */ 114 { 115 "blowfish2", 116 "VimCrypt~03!", 117 8, 118 8, 119 #ifdef CRYPT_NOT_INPLACE 120 TRUE, 121 #endif 122 TRUE, 123 blowfish_self_test, 124 crypt_blowfish_init, 125 crypt_blowfish_encode, crypt_blowfish_decode, 126 NULL, NULL, 127 crypt_blowfish_encode, crypt_blowfish_decode, 128 }, 129 130 /* NOTE: when adding a new method, use some random bytes for the magic key, 131 * to avoid that a text file is recognized as encrypted. */ 132 }; 133 134 #define CRYPT_MAGIC_LEN 12 /* cannot change */ 135 static char crypt_magic_head[] = "VimCrypt~"; 136 137 /* 138 * Return int value for crypt method name. 139 * 0 for "zip", the old method. Also for any non-valid value. 140 * 1 for "blowfish". 141 * 2 for "blowfish2". 142 */ 143 int 144 crypt_method_nr_from_name(char_u *name) 145 { 146 int i; 147 148 for (i = 0; i < CRYPT_M_COUNT; ++i) 149 if (STRCMP(name, cryptmethods[i].name) == 0) 150 return i; 151 return 0; 152 } 153 154 /* 155 * Get the crypt method used for a file from "ptr[len]", the magic text at the 156 * start of the file. 157 * Returns -1 when no encryption used. 158 */ 159 int 160 crypt_method_nr_from_magic(char *ptr, int len) 161 { 162 int i; 163 164 if (len < CRYPT_MAGIC_LEN) 165 return -1; 166 167 for (i = 0; i < CRYPT_M_COUNT; i++) 168 if (memcmp(ptr, cryptmethods[i].magic, CRYPT_MAGIC_LEN) == 0) 169 return i; 170 171 i = (int)STRLEN(crypt_magic_head); 172 if (len >= i && memcmp(ptr, crypt_magic_head, i) == 0) 173 emsg(_("E821: File is encrypted with unknown method")); 174 175 return -1; 176 } 177 178 #ifdef CRYPT_NOT_INPLACE 179 /* 180 * Return TRUE if the crypt method for "method_nr" can be done in-place. 181 */ 182 int 183 crypt_works_inplace(cryptstate_T *state) 184 { 185 return cryptmethods[state->method_nr].works_inplace; 186 } 187 #endif 188 189 /* 190 * Get the crypt method for buffer "buf" as a number. 191 */ 192 int 193 crypt_get_method_nr(buf_T *buf) 194 { 195 return crypt_method_nr_from_name(*buf->b_p_cm == NUL ? p_cm : buf->b_p_cm); 196 } 197 198 /* 199 * Return TRUE when the buffer uses an encryption method that encrypts the 200 * whole undo file, not only the text. 201 */ 202 int 203 crypt_whole_undofile(int method_nr) 204 { 205 return cryptmethods[method_nr].whole_undofile; 206 } 207 208 /* 209 * Get crypt method specifc length of the file header in bytes. 210 */ 211 int 212 crypt_get_header_len(int method_nr) 213 { 214 return CRYPT_MAGIC_LEN 215 + cryptmethods[method_nr].salt_len 216 + cryptmethods[method_nr].seed_len; 217 } 218 219 /* 220 * Set the crypt method for buffer "buf" to "method_nr" using the int value as 221 * returned by crypt_method_nr_from_name(). 222 */ 223 void 224 crypt_set_cm_option(buf_T *buf, int method_nr) 225 { 226 free_string_option(buf->b_p_cm); 227 buf->b_p_cm = vim_strsave((char_u *)cryptmethods[method_nr].name); 228 } 229 230 /* 231 * If the crypt method for the current buffer has a self-test, run it and 232 * return OK/FAIL. 233 */ 234 int 235 crypt_self_test(void) 236 { 237 int method_nr = crypt_get_method_nr(curbuf); 238 239 if (cryptmethods[method_nr].self_test_fn == NULL) 240 return OK; 241 return cryptmethods[method_nr].self_test_fn(); 242 } 243 244 /* 245 * Allocate a crypt state and initialize it. 246 * Return NULL for failure. 247 */ 248 cryptstate_T * 249 crypt_create( 250 int method_nr, 251 char_u *key, 252 char_u *salt, 253 int salt_len, 254 char_u *seed, 255 int seed_len) 256 { 257 cryptstate_T *state = ALLOC_ONE(cryptstate_T); 258 259 if (state == NULL) 260 return state; 261 262 state->method_nr = method_nr; 263 if (cryptmethods[method_nr].init_fn( 264 state, key, salt, salt_len, seed, seed_len) == FAIL) 265 { 266 vim_free(state); 267 return NULL; 268 } 269 return state; 270 } 271 272 /* 273 * Allocate a crypt state from a file header and initialize it. 274 * Assumes that header contains at least the number of bytes that 275 * crypt_get_header_len() returns for "method_nr". 276 */ 277 cryptstate_T * 278 crypt_create_from_header( 279 int method_nr, 280 char_u *key, 281 char_u *header) 282 { 283 char_u *salt = NULL; 284 char_u *seed = NULL; 285 int salt_len = cryptmethods[method_nr].salt_len; 286 int seed_len = cryptmethods[method_nr].seed_len; 287 288 if (salt_len > 0) 289 salt = header + CRYPT_MAGIC_LEN; 290 if (seed_len > 0) 291 seed = header + CRYPT_MAGIC_LEN + salt_len; 292 293 return crypt_create(method_nr, key, salt, salt_len, seed, seed_len); 294 } 295 296 /* 297 * Read the crypt method specific header data from "fp". 298 * Return an allocated cryptstate_T or NULL on error. 299 */ 300 cryptstate_T * 301 crypt_create_from_file(FILE *fp, char_u *key) 302 { 303 int method_nr; 304 int header_len; 305 char magic_buffer[CRYPT_MAGIC_LEN]; 306 char_u *buffer; 307 cryptstate_T *state; 308 309 if (fread(magic_buffer, CRYPT_MAGIC_LEN, 1, fp) != 1) 310 return NULL; 311 method_nr = crypt_method_nr_from_magic(magic_buffer, CRYPT_MAGIC_LEN); 312 if (method_nr < 0) 313 return NULL; 314 315 header_len = crypt_get_header_len(method_nr); 316 if ((buffer = alloc(header_len)) == NULL) 317 return NULL; 318 mch_memmove(buffer, magic_buffer, CRYPT_MAGIC_LEN); 319 if (header_len > CRYPT_MAGIC_LEN 320 && fread(buffer + CRYPT_MAGIC_LEN, 321 header_len - CRYPT_MAGIC_LEN, 1, fp) != 1) 322 { 323 vim_free(buffer); 324 return NULL; 325 } 326 327 state = crypt_create_from_header(method_nr, key, buffer); 328 vim_free(buffer); 329 return state; 330 } 331 332 /* 333 * Allocate a cryptstate_T for writing and initialize it with "key". 334 * Allocates and fills in the header and stores it in "header", setting 335 * "header_len". The header may include salt and seed, depending on 336 * cryptmethod. Caller must free header. 337 * Returns the state or NULL on failure. 338 */ 339 cryptstate_T * 340 crypt_create_for_writing( 341 int method_nr, 342 char_u *key, 343 char_u **header, 344 int *header_len) 345 { 346 int len = crypt_get_header_len(method_nr); 347 char_u *salt = NULL; 348 char_u *seed = NULL; 349 int salt_len = cryptmethods[method_nr].salt_len; 350 int seed_len = cryptmethods[method_nr].seed_len; 351 cryptstate_T *state; 352 353 *header_len = len; 354 *header = alloc(len); 355 if (*header == NULL) 356 return NULL; 357 358 mch_memmove(*header, cryptmethods[method_nr].magic, CRYPT_MAGIC_LEN); 359 if (salt_len > 0 || seed_len > 0) 360 { 361 if (salt_len > 0) 362 salt = *header + CRYPT_MAGIC_LEN; 363 if (seed_len > 0) 364 seed = *header + CRYPT_MAGIC_LEN + salt_len; 365 366 /* TODO: Should this be crypt method specific? (Probably not worth 367 * it). sha2_seed is pretty bad for large amounts of entropy, so make 368 * that into something which is suitable for anything. */ 369 sha2_seed(salt, salt_len, seed, seed_len); 370 } 371 372 state = crypt_create(method_nr, key, salt, salt_len, seed, seed_len); 373 if (state == NULL) 374 VIM_CLEAR(*header); 375 return state; 376 } 377 378 /* 379 * Free the crypt state. 380 */ 381 void 382 crypt_free_state(cryptstate_T *state) 383 { 384 vim_free(state->method_state); 385 vim_free(state); 386 } 387 388 #ifdef CRYPT_NOT_INPLACE 389 /* 390 * Encode "from[len]" and store the result in a newly allocated buffer, which 391 * is stored in "newptr". 392 * Return number of bytes in "newptr", 0 for need more or -1 on error. 393 */ 394 long 395 crypt_encode_alloc( 396 cryptstate_T *state, 397 char_u *from, 398 size_t len, 399 char_u **newptr) 400 { 401 cryptmethod_T *method = &cryptmethods[state->method_nr]; 402 403 if (method->encode_buffer_fn != NULL) 404 /* Has buffer function, pass through. */ 405 return method->encode_buffer_fn(state, from, len, newptr); 406 if (len == 0) 407 /* Not buffering, just return EOF. */ 408 return (long)len; 409 410 *newptr = alloc(len); 411 if (*newptr == NULL) 412 return -1; 413 method->encode_fn(state, from, len, *newptr); 414 return (long)len; 415 } 416 417 /* 418 * Decrypt "ptr[len]" and store the result in a newly allocated buffer, which 419 * is stored in "newptr". 420 * Return number of bytes in "newptr", 0 for need more or -1 on error. 421 */ 422 long 423 crypt_decode_alloc( 424 cryptstate_T *state, 425 char_u *ptr, 426 long len, 427 char_u **newptr) 428 { 429 cryptmethod_T *method = &cryptmethods[state->method_nr]; 430 431 if (method->decode_buffer_fn != NULL) 432 /* Has buffer function, pass through. */ 433 return method->decode_buffer_fn(state, ptr, len, newptr); 434 435 if (len == 0) 436 /* Not buffering, just return EOF. */ 437 return len; 438 439 *newptr = alloc(len); 440 if (*newptr == NULL) 441 return -1; 442 method->decode_fn(state, ptr, len, *newptr); 443 return len; 444 } 445 #endif 446 447 /* 448 * Encrypting "from[len]" into "to[len]". 449 */ 450 void 451 crypt_encode( 452 cryptstate_T *state, 453 char_u *from, 454 size_t len, 455 char_u *to) 456 { 457 cryptmethods[state->method_nr].encode_fn(state, from, len, to); 458 } 459 460 #if 0 // unused 461 /* 462 * decrypting "from[len]" into "to[len]". 463 */ 464 void 465 crypt_decode( 466 cryptstate_T *state, 467 char_u *from, 468 size_t len, 469 char_u *to) 470 { 471 cryptmethods[state->method_nr].decode_fn(state, from, len, to); 472 } 473 #endif 474 475 /* 476 * Simple inplace encryption, modifies "buf[len]" in place. 477 */ 478 void 479 crypt_encode_inplace( 480 cryptstate_T *state, 481 char_u *buf, 482 size_t len) 483 { 484 cryptmethods[state->method_nr].encode_inplace_fn(state, buf, len, buf); 485 } 486 487 /* 488 * Simple inplace decryption, modifies "buf[len]" in place. 489 */ 490 void 491 crypt_decode_inplace( 492 cryptstate_T *state, 493 char_u *buf, 494 size_t len) 495 { 496 cryptmethods[state->method_nr].decode_inplace_fn(state, buf, len, buf); 497 } 498 499 /* 500 * Free an allocated crypt key. Clear the text to make sure it doesn't stay 501 * in memory anywhere. 502 */ 503 void 504 crypt_free_key(char_u *key) 505 { 506 char_u *p; 507 508 if (key != NULL) 509 { 510 for (p = key; *p != NUL; ++p) 511 *p = 0; 512 vim_free(key); 513 } 514 } 515 516 /* 517 * Check the crypt method and give a warning if it's outdated. 518 */ 519 void 520 crypt_check_method(int method) 521 { 522 if (method < CRYPT_M_BF2) 523 { 524 msg_scroll = TRUE; 525 msg(_("Warning: Using a weak encryption method; see :help 'cm'")); 526 } 527 } 528 529 void 530 crypt_check_current_method(void) 531 { 532 crypt_check_method(crypt_get_method_nr(curbuf)); 533 } 534 535 /* 536 * Ask the user for a crypt key. 537 * When "store" is TRUE, the new key is stored in the 'key' option, and the 538 * 'key' option value is returned: Don't free it. 539 * When "store" is FALSE, the typed key is returned in allocated memory. 540 * Returns NULL on failure. 541 */ 542 char_u * 543 crypt_get_key( 544 int store, 545 int twice) /* Ask for the key twice. */ 546 { 547 char_u *p1, *p2 = NULL; 548 int round; 549 550 for (round = 0; ; ++round) 551 { 552 cmdline_star = TRUE; 553 cmdline_row = msg_row; 554 p1 = getcmdline_prompt(NUL, round == 0 555 ? (char_u *)_("Enter encryption key: ") 556 : (char_u *)_("Enter same key again: "), 0, EXPAND_NOTHING, 557 NULL); 558 cmdline_star = FALSE; 559 560 if (p1 == NULL) 561 break; 562 563 if (round == twice) 564 { 565 if (p2 != NULL && STRCMP(p1, p2) != 0) 566 { 567 msg(_("Keys don't match!")); 568 crypt_free_key(p1); 569 crypt_free_key(p2); 570 p2 = NULL; 571 round = -1; /* do it again */ 572 continue; 573 } 574 575 if (store) 576 { 577 set_option_value((char_u *)"key", 0L, p1, OPT_LOCAL); 578 crypt_free_key(p1); 579 p1 = curbuf->b_p_key; 580 } 581 break; 582 } 583 p2 = p1; 584 } 585 586 /* since the user typed this, no need to wait for return */ 587 if (msg_didout) 588 msg_putchar('\n'); 589 need_wait_return = FALSE; 590 msg_didout = FALSE; 591 592 crypt_free_key(p2); 593 return p1; 594 } 595 596 597 /* 598 * Append a message to IObuff for the encryption/decryption method being used. 599 */ 600 void 601 crypt_append_msg( 602 buf_T *buf) 603 { 604 if (crypt_get_method_nr(buf) == 0) 605 STRCAT(IObuff, _("[crypted]")); 606 else 607 { 608 STRCAT(IObuff, "["); 609 STRCAT(IObuff, *buf->b_p_cm == NUL ? p_cm : buf->b_p_cm); 610 STRCAT(IObuff, "]"); 611 } 612 } 613 614 #endif /* FEAT_CRYPT */ 615