scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 12:00:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

add entropy check for entered passphrases

Browse Source
This commit is contained in:
TLINDEN
2015-08-16 21:35:06 +02:00
parent 32030afd62
commit 0d7282ad35
4 changed files with 55 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@@ -360,6 +360,8 @@ AS_IF([test "x$enable_optimize" != "xno"], [
CXXFLAGS="$CFLAGS" CXXFLAGS="$CFLAGS"
# FIXME: check for libm
LIBS="$LIBS -lm"
# conditionals for bindings and stuff # conditionals for bindings and stuff

6
include/pcp/key.h
View File

@@ -28,6 +28,10 @@
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
#include <math.h>
#include <stdlib.h>
#include <stdbool.h>
#include "defines.h" #include "defines.h"
#include "platform.h" #include "platform.h"
#include "mem.h" #include "mem.h"
@@ -309,6 +313,8 @@ void pcp_dumppubkey(pcp_pubkey_t *k);
*/ */
void pcpkey_setowner(pcp_key_t *key, char *owner, char *mail); void pcpkey_setowner(pcp_key_t *key, char *owner, char *mail);
double pcp_getentropy(char *source);
#endif /* _HAVE_PCP_KEYPAIR_H */ #endif /* _HAVE_PCP_KEYPAIR_H */
/**@}*/ /**@}*/

35
libpcp/key.c
View File

@@ -543,3 +543,38 @@ void pcp_dumppubkey(pcp_pubkey_t *k) {
printf(" type: 0x%02X\n", k->type); printf(" type: 0x%02X\n", k->type);
} }
/*
via
http://rosettacode.org/wiki/Entropy#C
*/
double pcp_getentropy(char *source) {
int len;
int *hist;
double H;
int wherechar[256];
int i,histlen;
histlen = 0;
H = 0;
len = (int)strlen(source);
hist = (int*)calloc(len, sizeof(int));
for(i=0; i<256; i++)
wherechar[i] =- 1;
for(i=0; i<len; i++){
if(wherechar[(int)source[i]] == -1) {
wherechar[(int)source[i]] = histlen;
histlen++;
}
hist[wherechar[(int)source[i]]]++;
}
for(i=0; i<histlen; i++) {
H -= (double)hist[i] / len * log2((double)hist[i] / len);
}
return H;
}

15
src/keymgmt.c
View File

@@ -82,12 +82,16 @@ void pcp_keygen(char *passwd) {
"Enter the passphrase again", 1, NULL); "Enter the passphrase again", 1, NULL);
} }
else { else {
passphrase = ucmalloc(strlen(passwd)+1); passphrase = passwd;
memcpy(passphrase, passwd, strlen(passwd)+1);
} }
if(strnlen(passphrase, 1024) > 0) if(strnlen(passphrase, 1024) > 0) {
double ent = pcp_getentropy(passphrase);
if(ent < 3) {
fprintf(stderr, "WARNING: you are using a weak passphrase (entropy: %lf)\n", ent);
}
key = pcpkey_encrypt(ptx, k, passphrase); key = pcpkey_encrypt(ptx, k, passphrase);
}
else { else {
char *yes = pcp_getstdin("WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?"); char *yes = pcp_getstdin("WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?");
if(strncmp(yes, "yes", 1024) == 0) if(strncmp(yes, "yes", 1024) == 0)
@@ -108,6 +112,11 @@ void pcp_keygen(char *passwd) {
} }
} }
if(passwd == NULL) {
/* if passwd is set, it'll be free'd in main() */
sfree(passphrase);
}
errkg1: errkg1:
free(mail); free(mail);
free(owner); free(owner);