0
0
mirror of https://github.com/vim/vim.git synced 2025-10-13 06:54:15 -04:00

patch 9.0.1481: decrypting with libsodium may fail if the library changes

Problem:    Decrypting with libsodium may fail if the library changes.
Solution:   Add parameters used to the encrypted file header. (Christian
            Brabandt, closes #12279)
This commit is contained in:
Christian Brabandt
2023-04-23 17:50:22 +01:00
committed by Bram Moolenaar
parent dcd40cfca0
commit aae583441b
16 changed files with 422 additions and 121 deletions

View File

@@ -436,7 +436,7 @@ ml_set_mfp_crypt(buf_T *buf)
sha2_seed(buf->b_ml.ml_mfp->mf_seed, MF_SEED_LEN, NULL, 0);
}
#ifdef FEAT_SODIUM
else if (method_nr == CRYPT_M_SOD)
else if (crypt_method_is_sodium(method_nr))
crypt_sodium_randombytes_buf(buf->b_ml.ml_mfp->mf_seed,
MF_SEED_LEN);
#endif
@@ -495,7 +495,7 @@ ml_set_crypt_key(
old_method = crypt_method_nr_from_name(old_cm);
// Swapfile encryption not supported by XChaCha20
if (crypt_get_method_nr(buf) == CRYPT_M_SOD && *buf->b_p_key != NUL)
if (crypt_method_is_sodium(crypt_get_method_nr(buf)) && *buf->b_p_key != NUL)
{
// close the swapfile
mf_close_file(buf, TRUE);
@@ -5512,6 +5512,7 @@ ml_decrypt_data(
/*
* Prepare for encryption/decryption, using the key, seed and offset.
* Return an allocated cryptstate_T *.
* Note: Encryption not supported for SODIUM
*/
static cryptstate_T *
ml_crypt_prepare(memfile_T *mfp, off_T offset, int reading)
@@ -5520,21 +5521,23 @@ ml_crypt_prepare(memfile_T *mfp, off_T offset, int reading)
char_u salt[50];
int method_nr;
char_u *key;
char_u *seed;
crypt_arg_T arg;
CLEAR_FIELD(arg);
if (reading && mfp->mf_old_key != NULL)
{
// Reading back blocks with the previous key/method/seed.
method_nr = mfp->mf_old_cm;
key = mfp->mf_old_key;
seed = mfp->mf_old_seed;
arg.cat_seed = mfp->mf_old_seed;
}
else
{
method_nr = crypt_get_method_nr(buf);
key = buf->b_p_key;
seed = mfp->mf_seed;
arg.cat_seed = mfp->mf_seed;
}
if (*key == NUL)
return NULL;
@@ -5543,14 +5546,24 @@ ml_crypt_prepare(memfile_T *mfp, off_T offset, int reading)
// For PKzip: Append the offset to the key, so that we use a different
// key for every block.
vim_snprintf((char *)salt, sizeof(salt), "%s%ld", key, (long)offset);
return crypt_create(method_nr, salt, NULL, 0, NULL, 0);
arg.cat_seed = NULL;
arg.cat_init_from_file = FALSE;
return crypt_create(method_nr, salt, &arg);
}
// Using blowfish or better: add salt and seed. We use the byte offset
// of the block for the salt.
vim_snprintf((char *)salt, sizeof(salt), "%ld", (long)offset);
return crypt_create(method_nr, key, salt, (int)STRLEN(salt),
seed, MF_SEED_LEN);
arg.cat_salt = salt;
arg.cat_salt_len = (int)STRLEN(salt);
arg.cat_seed_len = MF_SEED_LEN;
arg.cat_add_len = 0;
arg.cat_add = NULL;
arg.cat_init_from_file = FALSE;
return crypt_create(method_nr, key, &arg);
}
#endif