updated for version 7.4.399v7.4.399

Problem:    Encryption implementation is messy.  Blowfish encryption has a
            weakness.
Solution:   Refactor the encryption, store the state in an allocated struct
            instead of using a save/restore mechanism.  Introduce the
            "blowfish2" method, which does not have the weakness and encrypts
            the whole undo file. (largely by David Leadbeater)

1 files changed, 585 insertions, 0 deletions

diff --git a/src/crypt.c b/src/crypt.c
new file mode 100644
index 0000000000..758ffb17b2
--- /dev/null
+++ b/src/crypt.c
@@ -0,0 +1,585 @@
+/* vi:set ts=8 sts=4 sw=4:
+ *
+ * VIM - Vi IMproved	by Bram Moolenaar
+ *
+ * Do ":help uganda"  in Vim to read copying and usage conditions.
+ * Do ":help credits" in Vim to see a list of people who contributed.
+ * See README.txt for an overview of the Vim source code.
+ */
+
+/*
+ * crypt.c: Generic encryption support.
+ */
+#include "vim.h"
+
+#if defined(FEAT_CRYPT) || defined(PROTO)
+/*
+ * Optional encryption support.
+ * Mohsin Ahmed, mosh@sasi.com, 1998-09-24
+ * Based on zip/crypt sources.
+ * Refactored by David Leadbeater, 2014.
+ *
+ * NOTE FOR USA: Since 2000 exporting this code from the USA is allowed to
+ * most countries.  There are a few exceptions, but that still should not be a
+ * problem since this code was originally created in Europe and India.
+ *
+ * Blowfish addition originally made by Mohsin Ahmed,
+ * http://www.cs.albany.edu/~mosh 2010-03-14
+ * Based on blowfish by Bruce Schneier (http://www.schneier.com/blowfish.html)
+ * and sha256 by Christophe Devine.
+ */
+
+typedef struct {
+    char    *name;	/* encryption name as used in 'cryptmethod' */
+    char    *magic;	/* magic bytes stored in file header */
+    int	    salt_len;	/* length of salt, or 0 when not using salt */
+    int	    seed_len;	/* length of seed, or 0 when not using salt */
+    int	    works_inplace; /* encryption/decryption can be done in-place */
+    int	    whole_undofile; /* whole undo file is encrypted */
+
+    /* Optional function pointer for a self-test. */
+    int (* self_test_fn)();
+
+    /* Function pointer for initializing encryption/decription. */
+    void (* init_fn)(cryptstate_T *state, char_u *key,
+		      char_u *salt, int salt_len, char_u *seed, int seed_len);
+
+    /* Function pointers for encoding/decoding from one buffer into another.
+     * Optional, however, these or the _buffer ones should be configured. */
+    void (*encode_fn)(cryptstate_T *state, char_u *from, size_t len,
+								  char_u *to);
+    void (*decode_fn)(cryptstate_T *state, char_u *from, size_t len,
+								  char_u *to);
+
+    /* Function pointers for encoding and decoding, can buffer data if needed.
+     * Optional (however, these or the above should be configured). */
+    long (*encode_buffer_fn)(cryptstate_T *state, char_u *from, size_t len,
+							     char_u **newptr);
+    long (*decode_buffer_fn)(cryptstate_T *state, char_u *from, size_t len,
+							     char_u **newptr);
+
+    /* Function pointers for in-place encoding and decoding, used for
+     * crypt_*_inplace(). "from" and "to" arguments will be equal.
+     * These may be the same as decode_fn and encode_fn above, however an
+     * algorithm may implement them in a way that is not interchangeable with
+     * the crypt_(en|de)code() interface (for example because it wishes to add
+     * padding to files).
+     * This method is used for swap and undo files which have a rigid format.
+     */
+    void (*encode_inplace_fn)(cryptstate_T *state, char_u *p1, size_t len,
+								  char_u *p2);
+    void (*decode_inplace_fn)(cryptstate_T *state, char_u *p1, size_t len,
+								  char_u *p2);
+} cryptmethod_T;
+
+/* index is method_nr of cryptstate_T, CRYPT_M_* */
+static cryptmethod_T cryptmethods[CRYPT_M_COUNT] = {
+    /* PK_Zip; very weak */
+    {
+	"zip",
+	"VimCrypt~01!",
+	0,
+	0,
+	TRUE,
+	FALSE,
+	NULL,
+	crypt_zip_init,
+	crypt_zip_encode, crypt_zip_decode,
+	NULL, NULL,
+	crypt_zip_encode, crypt_zip_decode,
+    },
+
+    /* Blowfish/CFB + SHA-256 custom key derivation; implementation issues. */
+    {
+	"blowfish",
+	"VimCrypt~02!",
+	8,
+	8,
+	TRUE,
+	FALSE,
+	blowfish_self_test,
+	crypt_blowfish_init,
+	crypt_blowfish_encode, crypt_blowfish_decode,
+	NULL, NULL,
+	crypt_blowfish_encode, crypt_blowfish_decode,
+    },
+
+    /* Blowfish/CFB + SHA-256 custom key derivation; fixed. */
+    {
+	"blowfish2",
+	"VimCrypt~03!",
+	8,
+	8,
+	TRUE,
+	TRUE,
+	blowfish_self_test,
+	crypt_blowfish_init,
+	crypt_blowfish_encode, crypt_blowfish_decode,
+	NULL, NULL,
+	crypt_blowfish_encode, crypt_blowfish_decode,
+    },
+};
+
+#define CRYPT_MAGIC_LEN	12	/* cannot change */
+static char	crypt_magic_head[] = "VimCrypt~";
+
+/*
+ * Return int value for crypt method name.
+ * 0 for "zip", the old method.  Also for any non-valid value.
+ * 1 for "blowfish".
+ * 2 for "blowfish2".
+ */
+    int
+crypt_method_nr_from_name(name)
+    char_u  *name;
+{
+    int i;
+
+    for (i = 0; i < CRYPT_M_COUNT; ++i)
+	if (STRCMP(name, cryptmethods[i].name) == 0)
+	    return i;
+    return 0;
+}
+
+/*
+ * Get the crypt method used for a file from "ptr[len]", the magic text at the
+ * start of the file.
+ * Returns -1 when no encryption used.
+ */
+    int
+crypt_method_nr_from_magic(ptr, len)
+    char  *ptr;
+    int   len;
+{
+    int i;
+
+    if (len < CRYPT_MAGIC_LEN)
+	return -1;
+
+    for (i = 0; i < CRYPT_M_COUNT; i++)
+	if (memcmp(ptr, cryptmethods[i].magic, CRYPT_MAGIC_LEN) == 0)
+	    return i;
+
+    i = (int)STRLEN(crypt_magic_head);
+    if (len >= i && memcmp(ptr, crypt_magic_head, i) == 0)
+	EMSG(_("E821: File is encrypted with unknown method"));
+
+    return -1;
+}
+
+/*
+ * Return TRUE if the crypt method for "method_nr" can be done in-place.
+ */
+    int
+crypt_works_inplace(state)
+    cryptstate_T *state;
+{
+    return cryptmethods[state->method_nr].works_inplace;
+}
+
+/*
+ * Get the crypt method for buffer "buf" as a number.
+ */
+    int
+crypt_get_method_nr(buf)
+    buf_T *buf;
+{
+    return crypt_method_nr_from_name(*buf->b_p_cm == NUL ? p_cm : buf->b_p_cm);
+}
+
+/*
+ * Return TRUE when the buffer uses an encryption method that encrypts the
+ * whole undo file, not only the text.
+ */
+    int
+crypt_whole_undofile(method_nr)
+    int method_nr;
+{
+    return cryptmethods[method_nr].whole_undofile;
+}
+
+/*
+ * Get crypt method specifc length of the file header in bytes.
+ */
+    int
+crypt_get_header_len(method_nr)
+    int method_nr;
+{
+    return CRYPT_MAGIC_LEN
+	+ cryptmethods[method_nr].salt_len
+	+ cryptmethods[method_nr].seed_len;
+}
+
+/*
+ * Set the crypt method for buffer "buf" to "method_nr" using the int value as
+ * returned by crypt_method_nr_from_name().
+ */
+    void
+crypt_set_cm_option(buf, method_nr)
+    buf_T   *buf;
+    int	    method_nr;
+{
+    free_string_option(buf->b_p_cm);
+    buf->b_p_cm = vim_strsave((char_u *)cryptmethods[method_nr].name);
+}
+
+/*
+ * If the crypt method for the current buffer has a self-test, run it and
+ * return OK/FAIL.
+ */
+    int
+crypt_self_test()
+{
+    int method_nr = crypt_get_method_nr(curbuf);
+
+    if (cryptmethods[method_nr].self_test_fn == NULL)
+	return OK;
+    return cryptmethods[method_nr].self_test_fn();
+}
+
+/*
+ * Allocate a crypt state and initialize it.
+ */
+    cryptstate_T *
+crypt_create(method_nr, key, salt, salt_len, seed, seed_len)
+    int		method_nr;
+    char_u	*key;
+    char_u	*salt;
+    int		salt_len;
+    char_u	*seed;
+    int		seed_len;
+{
+    cryptstate_T *state = (cryptstate_T *)alloc((int)sizeof(cryptstate_T));
+
+    state->method_nr = method_nr;
+    cryptmethods[method_nr].init_fn(state, key, salt, salt_len, seed, seed_len);
+    return state;
+}
+
+/*
+ * Allocate a crypt state from a file header and initialize it.
+ * Assumes that header contains at least the number of bytes that
+ * crypt_get_header_len() returns for "method_nr".
+ */
+    cryptstate_T *
+crypt_create_from_header(method_nr, key, header)
+    int		method_nr;
+    char_u	*key;
+    char_u	*header;
+{
+    char_u	*salt = NULL;
+    char_u	*seed = NULL;
+    int		salt_len = cryptmethods[method_nr].salt_len;
+    int		seed_len = cryptmethods[method_nr].seed_len;
+
+    if (salt_len > 0)
+	salt = header + CRYPT_MAGIC_LEN;
+    if (seed_len > 0)
+	seed = header + CRYPT_MAGIC_LEN + salt_len;
+
+    return crypt_create(method_nr, key, salt, salt_len, seed, seed_len);
+}
+
+/*
+ * Read the crypt method specific header data from "fp".
+ * Return an allocated cryptstate_T or NULL on error.
+ */
+    cryptstate_T *
+crypt_create_from_file(fp, key)
+    FILE    *fp;
+    char_u  *key;
+{
+    int		method_nr;
+    int		header_len;
+    char	magic_buffer[CRYPT_MAGIC_LEN];
+    char_u	*buffer;
+    cryptstate_T *state;
+
+    if (fread(magic_buffer, CRYPT_MAGIC_LEN, 1, fp) != 1)
+	return NULL;
+    method_nr = crypt_method_nr_from_magic(magic_buffer, CRYPT_MAGIC_LEN);
+    if (method_nr < 0)
+	return NULL;
+
+    header_len = crypt_get_header_len(method_nr);
+    if ((buffer = alloc(header_len)) == NULL)
+	return NULL;
+    mch_memmove(buffer, magic_buffer, CRYPT_MAGIC_LEN);
+    if (header_len > CRYPT_MAGIC_LEN
+	    && fread(buffer + CRYPT_MAGIC_LEN,
+				    header_len - CRYPT_MAGIC_LEN, 1, fp) != 1)
+    {
+	vim_free(buffer);
+	return NULL;
+    }
+
+    state = crypt_create_from_header(method_nr, key, buffer);
+    vim_free(buffer);
+    return state;
+}
+
+/*
+ * Allocate a cryptstate_T for writing and initialize it with "key".
+ * Allocates and fills in the header and stores it in "header", setting
+ * "header_len".  The header may include salt and seed, depending on
+ * cryptmethod.  Caller must free header.
+ * Returns the state or NULL on failure.
+ */
+    cryptstate_T *
+crypt_create_for_writing(method_nr, key, header, header_len)
+    int	    method_nr;
+    char_u  *key;
+    char_u  **header;
+    int	    *header_len;
+{
+    int	    len = crypt_get_header_len(method_nr);
+    char_u  *salt = NULL;
+    char_u  *seed = NULL;
+    int	    salt_len = cryptmethods[method_nr].salt_len;
+    int	    seed_len = cryptmethods[method_nr].seed_len;
+    cryptstate_T *state;
+
+    *header_len = len;
+    *header = alloc(len);
+    if (*header == NULL)
+	return NULL;
+
+    mch_memmove(*header, cryptmethods[method_nr].magic, CRYPT_MAGIC_LEN);
+    if (salt_len > 0 || seed_len > 0)
+    {
+	if (salt_len > 0)
+	    salt = *header + CRYPT_MAGIC_LEN;
+	if (seed_len > 0)
+	    seed = *header + CRYPT_MAGIC_LEN + salt_len;
+
+	/* TODO: Should this be crypt method specific? (Probably not worth
+	 * it).  sha2_seed is pretty bad for large amounts of entropy, so make
+	 * that into something which is suitable for anything. */
+	sha2_seed(salt, salt_len, seed, seed_len);
+    }
+
+    state = crypt_create(method_nr, key, salt, salt_len, seed, seed_len);
+    if (state == NULL)
+    {
+	vim_free(*header);
+	*header = NULL;
+    }
+    return state;
+}
+
+/*
+ * Free the crypt state.
+ */
+    void
+crypt_free_state(state)
+    cryptstate_T	*state;
+{
+    vim_free(state->method_state);
+    vim_free(state);
+}
+
+/*
+ * Encode "from[len]" and store the result in a newly allocated buffer, which
+ * is stored in "newptr".
+ * Return number of bytes in "newptr", 0 for need more or -1 on error.
+ */
+    long
+crypt_encode_alloc(state, from, len, newptr)
+    cryptstate_T *state;
+    char_u	*from;
+    size_t	len;
+    char_u	**newptr;
+{
+    cryptmethod_T *method = &cryptmethods[state->method_nr];
+
+    if (method->encode_buffer_fn != NULL)
+	/* Has buffer function, pass through. */
+	return method->encode_buffer_fn(state, from, len, newptr);
+    if (len == 0)
+	/* Not buffering, just return EOF. */
+	return len;
+
+    *newptr = alloc(len);
+    if (*newptr == NULL)
+	return -1;
+    method->encode_fn(state, from, len, *newptr);
+    return len;
+}
+
+/*
+ * Decrypt "ptr[len]" and store the result in a newly allocated buffer, which
+ * is stored in "newptr".
+ * Return number of bytes in "newptr", 0 for need more or -1 on error.
+ */
+    long
+crypt_decode_alloc(state, ptr, len, newptr)
+    cryptstate_T *state;
+    char_u	*ptr;
+    long	len;
+    char_u      **newptr;
+{
+    cryptmethod_T *method = &cryptmethods[state->method_nr];
+
+    if (method->decode_buffer_fn != NULL)
+	/* Has buffer function, pass through. */
+	return method->decode_buffer_fn(state, ptr, len, newptr);
+
+    if (len == 0)
+	/* Not buffering, just return EOF. */
+	return len;
+
+    *newptr = alloc(len);
+    if (*newptr == NULL)
+	return -1;
+    method->decode_fn(state, ptr, len, *newptr);
+    return len;
+}
+
+/*
+ * Encrypting "from[len]" into "to[len]".
+ */
+    void
+crypt_encode(state, from, len, to)
+    cryptstate_T *state;
+    char_u	*from;
+    size_t	len;
+    char_u	*to;
+{
+    cryptmethods[state->method_nr].encode_fn(state, from, len, to);
+}
+
+/*
+ * decrypting "from[len]" into "to[len]".
+ */
+    void
+crypt_decode(state, from, len, to)
+    cryptstate_T *state;
+    char_u	*from;
+    size_t	len;
+    char_u	*to;
+{
+    cryptmethods[state->method_nr].decode_fn(state, from, len, to);
+}
+
+/*
+ * Simple inplace encryption, modifies "buf[len]" in place.
+ */
+    void
+crypt_encode_inplace(state, buf, len)
+    cryptstate_T *state;
+    char_u	*buf;
+    size_t	len;
+{
+    cryptmethods[state->method_nr].encode_inplace_fn(state, buf, len, buf);
+}
+
+/*
+ * Simple inplace decryption, modifies "buf[len]" in place.
+ */
+    void
+crypt_decode_inplace(state, buf, len)
+    cryptstate_T *state;
+    char_u	*buf;
+    size_t	len;
+{
+    cryptmethods[state->method_nr].decode_inplace_fn(state, buf, len, buf);
+}
+
+/*
+ * Free an allocated crypt key.  Clear the text to make sure it doesn't stay
+ * in memory anywhere.
+ */
+    void
+crypt_free_key(key)
+    char_u *key;
+{
+    char_u *p;
+
+    if (key != NULL)
+    {
+	for (p = key; *p != NUL; ++p)
+	    *p = 0;
+	vim_free(key);
+    }
+}
+
+/*
+ * Ask the user for a crypt key.
+ * When "store" is TRUE, the new key is stored in the 'key' option, and the
+ * 'key' option value is returned: Don't free it.
+ * When "store" is FALSE, the typed key is returned in allocated memory.
+ * Returns NULL on failure.
+ */
+    char_u *
+crypt_get_key(store, twice)
+    int		store;
+    int		twice;	    /* Ask for the key twice. */
+{
+    char_u	*p1, *p2 = NULL;
+    int		round;
+
+    for (round = 0; ; ++round)
+    {
+	cmdline_star = TRUE;
+	cmdline_row = msg_row;
+	p1 = getcmdline_prompt(NUL, round == 0
+		? (char_u *)_("Enter encryption key: ")
+		: (char_u *)_("Enter same key again: "), 0, EXPAND_NOTHING,
+		NULL);
+	cmdline_star = FALSE;
+
+	if (p1 == NULL)
+	    break;
+
+	if (round == twice)
+	{
+	    if (p2 != NULL && STRCMP(p1, p2) != 0)
+	    {
+		MSG(_("Keys don't match!"));
+		crypt_free_key(p1);
+		crypt_free_key(p2);
+		p2 = NULL;
+		round = -1;		/* do it again */
+		continue;
+	    }
+
+	    if (store)
+	    {
+		set_option_value((char_u *)"key", 0L, p1, OPT_LOCAL);
+		crypt_free_key(p1);
+		p1 = curbuf->b_p_key;
+	    }
+	    break;
+	}
+	p2 = p1;
+    }
+
+    /* since the user typed this, no need to wait for return */
+    if (msg_didout)
+	msg_putchar('\n');
+    need_wait_return = FALSE;
+    msg_didout = FALSE;
+
+    crypt_free_key(p2);
+    return p1;
+}
+
+
+/*
+ * Append a message to IObuff for the encryption/decryption method being used.
+ */
+    void
+crypt_append_msg(buf)
+    buf_T *buf;
+{
+    if (crypt_get_method_nr(buf) == 0)
+	STRCAT(IObuff, _("[crypted]"));
+    else
+    {
+	STRCAT(IObuff, "[");
+	STRCAT(IObuff, *buf->b_p_cm == NUL ? p_cm : buf->b_p_cm);
+	STRCAT(IObuff, "]");
+    }
+}
+
+#endif /* FEAT_CRYPT */