From 0811957a467de8808044183c5651245951dc262c Mon Sep 17 00:00:00 2001
From: "git@daemon.de" <git@daemon.de>
Date: Fri, 17 Jul 2015 16:22:12 +0200
Subject: [PATCH] added -C to generate a blake2 checksum of one or more files

---
 ChangeLog            |  6 ++++++
 INSTALL              |  6 +++---
 TODO                 |  8 --------
 include/pcp.h        |  1 +
 include/pcp/crypto.h |  8 ++++++++
 libpcp/crypto.c      | 26 ++++++++++++++++++++++++++
 man/options.pod      |  5 +++++
 src/encryption.c     | 27 +++++++++++++++++++++++++++
 src/encryption.h     |  1 +
 src/pcp.c            | 33 +++++++++++++++++++++++++++++++--
 src/pcp.h            |  2 +-
 src/usage.txt        |  5 +++++
 12 files changed, 114 insertions(+), 14 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f7cb901..86b4576 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -66,6 +66,12 @@ NEXT
 
 	added option -X (read passphrase from file).
 
+	Symmetric decryption doesn't require a vault
+	anymore.
+
+	Added -C: create a blake2 checksum of one or
+	more files.
+
 0.2.4	fixed compiler macro misplacement (github#4).
 
 	fixed invalid free (github#5).
diff --git a/INSTALL b/INSTALL
index 2099840..6e90e07 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,7 +1,7 @@
 Installation Instructions
 *************************
 
-Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
+Copyright (C) 1994-1996, 1999-2002, 2004-2012 Free Software Foundation,
 Inc.
 
    Copying and distribution of this file, with or without modification,
@@ -12,8 +12,8 @@ without warranty of any kind.
 Basic Installation
 ==================
 
-   Briefly, the shell command `./configure && make && make install'
-should configure, build, and install this package.  The following
+   Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package.  The following
 more-detailed instructions are generic; see the `README' file for
 instructions specific to this package.  Some packages provide this
 `INSTALL' file but do not implement all of the features documented
diff --git a/TODO b/TODO
index d1540d5..93e75b8 100644
--- a/TODO
+++ b/TODO
@@ -10,8 +10,6 @@ malloc() new pointers in functions only if not NULL, e.g. pcp_gennonce()
 
 check pub key count in pcp.c before calling verify signature, croak if count==0
 
-Update pod key format spec.
-
 vault checksum: add keysigs as well
 
 Add newlines to headers in define.h, so strlen() later catches the whole length.
@@ -19,11 +17,5 @@ Add newlines to headers in define.h, so strlen() later catches the whole length.
 Check is_utf8 license.
   also found in https://gd.meizo.com/_files/lpc/ext/utf8.c
 
-Symmetric decrypt mode tries to open vault
-
-pcp_find_primary_secret() makes a copy ???
-
 c++ destructor double free mess
 
-cpptest 0 uses same Context for encryptor and decryptor,
-must be another one for the latter!
\ No newline at end of file
diff --git a/include/pcp.h b/include/pcp.h
index d7def61..ed4bb53 100644
--- a/include/pcp.h
+++ b/include/pcp.h
@@ -7,6 +7,7 @@ extern "C" {
 
 #include "pcp/config.h"
 #include "pcp/buffer.h"
+#include "pcp/config.h"
 #include "pcp/context.h"
 #include "pcp/crypto.h"
 #include "pcp/defines.h"
diff --git a/include/pcp/crypto.h b/include/pcp/crypto.h
index 07ea2bc..80b021c 100644
--- a/include/pcp/crypto.h
+++ b/include/pcp/crypto.h
@@ -325,7 +325,15 @@ int pcp_sodium_verify_mac(byte **cleartext,
 
 
 
+/** Create a blake2 checksum of an input stream.
 
+    \param[in] ptx pcp context.
+    \param[in] in stream to read data from.
+    \param[out] checksum output buffer containing resulting checksum.
+  
+    \return Returns 0 on error.
+*/
+int pcp_checksum(PCPCTX *ptx, Pcpstream *in, byte *checksum);
 
 
 
diff --git a/libpcp/crypto.c b/libpcp/crypto.c
index 6d7b620..174fe29 100644
--- a/libpcp/crypto.c
+++ b/libpcp/crypto.c
@@ -811,3 +811,29 @@ TODO: how to go past 64 bits:
 http://mrob.com/pub/math/int128.c.txt
 http://locklessinc.com/articles/256bit_arithmetic/
 */
+
+int pcp_checksum(PCPCTX *ptx, Pcpstream *in, byte *checksum) {
+  crypto_generichash_state *st = ucmalloc(sizeof(crypto_generichash_state));
+  byte *buf = ucmalloc(PCP_BLOCK_SIZE);
+  size_t bufsize = 0;
+  int ret = 1;
+  
+  crypto_generichash_init(st, NULL, 0, 0);
+  
+  while(!ps_end(in)) {
+    bufsize = ps_read(in, buf, PCP_BLOCK_SIZE);
+    crypto_generichash_update(st, buf, bufsize);
+  }
+  
+  crypto_generichash_final(st, checksum, crypto_generichash_BYTES_MAX);
+
+  if(ps_err(in)) {
+    ret = 0;
+    fatal(ptx, "Error while reading file!\n");
+  }
+  
+  free(st);
+  free(buf);
+
+  return ret;
+}
diff --git a/man/options.pod b/man/options.pod
index 894ea61..76b70c2 100644
--- a/man/options.pod
+++ b/man/options.pod
@@ -131,4 +131,9 @@
                            Use -I and -O respectively, otherwise it
                            uses stdin/stdout
  
+ Misc Options:
+ -C --checksum             Calculate a Blake2 checksum of one or more files.
+                           Use -I to specify one file or put multiple file
+                           names after -C like "pcp1 -C file1 file2 file3".
+ 
 
diff --git a/src/encryption.c b/src/encryption.c
index 666f0f8..424bdd0 100644
--- a/src/encryption.c
+++ b/src/encryption.c
@@ -359,3 +359,30 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
 
   return 1;
 }
+
+void pcpchecksum(char **files, int filenum) {
+  int i;
+  byte *checksum = ucmalloc(crypto_generichash_BYTES_MAX);
+  
+  for(i=0; i<filenum; i++) {
+    FILE *in;
+    if(files[i] == NULL)
+      in = stdin;
+    else {
+      if((in = fopen(files[i], "rb")) == NULL) {
+	fatal(ptx, "Could not open input file %s\n", files[i]);
+	break;
+      }
+    }
+    Pcpstream *pin = ps_new_file(in);
+    if(pcp_checksum(ptx, pin, checksum) > 0) {
+      char *hex = _bin2hex(checksum, crypto_generichash_BYTES_MAX);
+      fprintf(stdout, "BLAKE2 (%s) = %s\n", files[i], hex);
+      free(hex);
+    }
+    else
+      break;
+  }
+
+  free(checksum);
+}
diff --git a/src/encryption.h b/src/encryption.h
index d1377cc..529f875 100644
--- a/src/encryption.h
+++ b/src/encryption.h
@@ -40,5 +40,6 @@
 
 int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, int verify);
 int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *recipient, int signcrypt, int armor, int anon);
+void pcpchecksum(char **files, int filenum);
 
 #endif /*  _HAVE_ENCRYPTION_H */
diff --git a/src/pcp.c b/src/pcp.c
index a3370f5..64d3981 100644
--- a/src/pcp.c
+++ b/src/pcp.c
@@ -114,6 +114,7 @@ int main (int argc, char **argv)  {
     { "decrypt",         no_argument,       NULL,           'd' },
     { "anonymous",       no_argument,       NULL,           'A' },
     { "add-myself",      no_argument,       NULL,           'M' },
+    { "checksum",        no_argument,       NULL,           'C' },
 
     /*  encoding */
     { "z85-encode",      no_argument,       NULL,           'z' },
@@ -135,7 +136,7 @@ int main (int argc, char **argv)  {
     { NULL,              0,                 NULL,            0 }
   };
 
-  while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcmf:b1F:0KAMX:j",
+  while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcmf:b1F:0KAMX:jC",
 			    longopts, NULL)) != -1) {
   
     switch (opt)  {
@@ -230,6 +231,9 @@ int main (int argc, char **argv)  {
 	mode += PCP_MODE_VERIFY;
 	usevault = 1;
 	break;
+      case 'C':
+	mode += PCP_MODE_CHECKSUM;
+	break;	
       case 'f':
 	sigfile = ucmalloc(strlen(optarg)+1);
 	strncpy(sigfile, optarg, strlen(optarg)+1);
@@ -433,6 +437,14 @@ int main (int argc, char **argv)  {
 
   if(usevault == 1) {
     vault = pcpvault_init(ptx, vaultfile);
+    /* special case: ignore vault error in decrypt mode. sym decrypt doesn't
+       need it and asym will just fail without keys. */
+    if(vault == NULL && mode == PCP_MODE_DECRYPT) {
+      /* use an empty one */
+      vault = pcpvault_init(ptx, "/dev/null");
+      fatals_reset(ptx);
+    }
+    
     if(vault != NULL) {
       switch (mode) {
       case  PCP_MODE_KEYGEN:
@@ -595,7 +607,24 @@ int main (int argc, char **argv)  {
 	pcpvault_close(ptx, vault);
       }
       break;
-
+    case PCP_MODE_CHECKSUM:
+      if(infile == NULL) {
+	if(argc == 0) {
+	  char *list[1];
+	  list[0] = NULL;
+	  pcpchecksum(list, 1);
+	}
+	else {
+	  pcpchecksum(argv, argc);
+	}
+      }
+      else {
+	char *list[1];
+	list[0] = infile;
+	pcpchecksum(list, 1);
+      }
+      break;
+      
     default:
       /*  mode params mixed */
       fatal(ptx, "Sorry, invalid combination of commandline parameters (0x%04X)!\n", mode);
diff --git a/src/pcp.h b/src/pcp.h
index c24f2ff..6dc1ce4 100644
--- a/src/pcp.h
+++ b/src/pcp.h
@@ -70,7 +70,7 @@
 #define PCP_MODE_ZDECODE       0x00000962
 #define PCP_MODE_SIGN          0x00000FF6
 #define PCP_MODE_VERIFY        0x00001B25
-#define PCP_MODE_YAML          0x00002E27
+#define PCP_MODE_CHECKSUM      0x00002E27
 
 /*
 0x00001B25
diff --git a/src/usage.txt b/src/usage.txt
index 3ebc0b9..9cb2cb7 100644
--- a/src/usage.txt
+++ b/src/usage.txt
@@ -45,6 +45,11 @@ Signature Options:
 
 Encoding Options:
 -z --z85-encode           Armor with Z85 encoding.
+-Z --z85-decode           Decode Z85 encodeded input.
+-a --armor --textmode     same as -z
+
+Misc Options:
+-C --checksum             calculate a Blake2 checksum of one or more files.
 
 Arguments:
 Extra arguments after options are treated as filenames or