mirror of
https://codeberg.org/scip/pcp.git
synced 2025-12-17 03:50:57 +01:00
using secure memory where applicable using sodium_malloc or sodium_mlock, where not
This commit is contained in:
TLINDEN
@@ -31,10 +31,9 @@
|
|||||||
#include "defines.h"
|
#include "defines.h"
|
||||||
#include "platform.h"
|
#include "platform.h"
|
||||||
#include "mem.h"
|
#include "mem.h"
|
||||||
#include "mac.h"
|
#include "crypto.h"
|
||||||
#include "randomart.h"
|
#include "randomart.h"
|
||||||
#include "version.h"
|
#include "version.h"
|
||||||
//#include "z85.h"
|
|
||||||
#include "uthash.h"
|
#include "uthash.h"
|
||||||
#include "jenhash.h"
|
#include "jenhash.h"
|
||||||
#include "structs.h"
|
#include "structs.h"
|
||||||
|
|||||||
@@ -25,6 +25,7 @@
|
|||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
#include <sodium.h>
|
||||||
#include "defines.h"
|
#include "defines.h"
|
||||||
#include "platform.h"
|
#include "platform.h"
|
||||||
|
|
||||||
@@ -36,13 +37,22 @@
|
|||||||
/* available. */
|
/* available. */
|
||||||
void *ucmalloc(size_t s);
|
void *ucmalloc(size_t s);
|
||||||
|
|
||||||
|
/* same as ucmalloc, but uses secure allocation */
|
||||||
|
void *smalloc(size_t s);
|
||||||
|
|
||||||
/* the same but it fills the pointer with random values */
|
/* the same but it fills the pointer with random values */
|
||||||
void *urmalloc(size_t s);
|
void *urmalloc(size_t s);
|
||||||
|
|
||||||
|
/* same as urmalloc(), but uses secure allocation using sodium_malloc() */
|
||||||
|
void *srmalloc(size_t s);
|
||||||
|
|
||||||
/* resize a a pointer and fill the added remainder with zeroes */
|
/* resize a a pointer and fill the added remainder with zeroes */
|
||||||
void *ucrealloc(void *d, size_t oldlen, size_t newlen);
|
void *ucrealloc(void *d, size_t oldlen, size_t newlen);
|
||||||
|
|
||||||
/* clear and free */
|
/* clear and free */
|
||||||
void ucfree(void *d, size_t len);
|
void ucfree(void *d, size_t len);
|
||||||
|
|
||||||
|
/* same, but free a sodium pointer */
|
||||||
|
void sfree(void *d);
|
||||||
|
|
||||||
#endif /* _HAVE_PCP_MEM */
|
#endif /* _HAVE_PCP_MEM */
|
||||||
|
|||||||
@@ -29,7 +29,7 @@
|
|||||||
* result anyway because I need a curve25519 secret.
|
* result anyway because I need a curve25519 secret.
|
||||||
*/
|
*/
|
||||||
byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
|
byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
|
||||||
byte *key = ucmalloc(crypto_secretbox_KEYBYTES);
|
byte *key = smalloc(crypto_secretbox_KEYBYTES);
|
||||||
size_t plen = strnlen(passphrase, 255);
|
size_t plen = strnlen(passphrase, 255);
|
||||||
|
|
||||||
/* create the scrypt hash */
|
/* create the scrypt hash */
|
||||||
@@ -44,7 +44,7 @@ byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
|
|||||||
key[31] |= 64;
|
key[31] |= 64;
|
||||||
|
|
||||||
/* done */
|
/* done */
|
||||||
ucfree(scrypted, 64);
|
sfree(scrypted);
|
||||||
return key;
|
return key;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -168,9 +168,8 @@ pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
|
|||||||
|
|
||||||
es = pcp_sodium_mac(&encrypted, buffer_get(both), buffer_size(both), key->nonce, encryptkey);
|
es = pcp_sodium_mac(&encrypted, buffer_get(both), buffer_size(both), key->nonce, encryptkey);
|
||||||
|
|
||||||
memset(encryptkey, 0, 32);
|
|
||||||
buffer_free(both);
|
buffer_free(both);
|
||||||
free(encryptkey);
|
sfree(encryptkey);
|
||||||
|
|
||||||
if(es == 176) { /* FIXME: calc! */
|
if(es == 176) { /* FIXME: calc! */
|
||||||
/* success */
|
/* success */
|
||||||
@@ -201,7 +200,7 @@ pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
|
|||||||
|
|
||||||
es = pcp_sodium_verify_mac(&decrypted, key->encrypted, 176, key->nonce, encryptkey);
|
es = pcp_sodium_verify_mac(&decrypted, key->encrypted, 176, key->nonce, encryptkey);
|
||||||
|
|
||||||
ucfree(encryptkey, 32);
|
sfree(encryptkey);
|
||||||
|
|
||||||
if(es == 0) {
|
if(es == 0) {
|
||||||
/* success */
|
/* success */
|
||||||
|
|||||||
@@ -27,6 +27,7 @@ void pcphash_del(PCPCTX *ptx, void *key, int type) {
|
|||||||
if(type == PCP_KEY_TYPE_SECRET) {
|
if(type == PCP_KEY_TYPE_SECRET) {
|
||||||
HASH_DEL(ptx->pcpkey_hash, (pcp_key_t *)key);
|
HASH_DEL(ptx->pcpkey_hash, (pcp_key_t *)key);
|
||||||
memset(key, 0, sizeof(pcp_key_t));
|
memset(key, 0, sizeof(pcp_key_t));
|
||||||
|
sodium_munlock(key, sizeof(pcp_key_t));
|
||||||
}
|
}
|
||||||
else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_PBP) {
|
else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_PBP) {
|
||||||
pcp_keysig_t *keysig = (pcp_keysig_t *)key;
|
pcp_keysig_t *keysig = (pcp_keysig_t *)key;
|
||||||
@@ -37,6 +38,7 @@ void pcphash_del(PCPCTX *ptx, void *key, int type) {
|
|||||||
else {
|
else {
|
||||||
HASH_DEL(ptx->pcppubkey_hash, (pcp_pubkey_t *)key);
|
HASH_DEL(ptx->pcppubkey_hash, (pcp_pubkey_t *)key);
|
||||||
memset(key, 0, sizeof(pcp_pubkey_t));
|
memset(key, 0, sizeof(pcp_pubkey_t));
|
||||||
|
sodium_munlock(key, sizeof(pcp_pubkey_t));
|
||||||
}
|
}
|
||||||
free(key);
|
free(key);
|
||||||
}
|
}
|
||||||
@@ -94,6 +96,7 @@ pcp_pubkey_t *pcphash_pubkeyexists(PCPCTX *ptx, char *id) {
|
|||||||
void pcphash_add(PCPCTX *ptx, void *key, int type) {
|
void pcphash_add(PCPCTX *ptx, void *key, int type) {
|
||||||
if(type == PCP_KEY_TYPE_PUBLIC) {
|
if(type == PCP_KEY_TYPE_PUBLIC) {
|
||||||
pcp_pubkey_t *k = (pcp_pubkey_t *)key;
|
pcp_pubkey_t *k = (pcp_pubkey_t *)key;
|
||||||
|
sodium_mlock(key, sizeof(pcp_pubkey_t));
|
||||||
HASH_ADD_STR( ptx->pcppubkey_hash, id, k );
|
HASH_ADD_STR( ptx->pcppubkey_hash, id, k );
|
||||||
}
|
}
|
||||||
else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_PBP) {
|
else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_PBP) {
|
||||||
@@ -102,6 +105,7 @@ void pcphash_add(PCPCTX *ptx, void *key, int type) {
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
pcp_key_t *k = (pcp_key_t *)key;
|
pcp_key_t *k = (pcp_key_t *)key;
|
||||||
|
sodium_mlock(key, sizeof(pcp_key_t));
|
||||||
HASH_ADD_STR( ptx->pcpkey_hash, id, k);
|
HASH_ADD_STR( ptx->pcpkey_hash, id, k);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
29
libpcp/mem.c
29
libpcp/mem.c
@@ -36,13 +36,28 @@ void *ucmalloc(size_t s) {
|
|||||||
exit(-1);
|
exit(-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
memset (value, 0, size);
|
sodium_memzero(value, size);
|
||||||
|
|
||||||
/* printf("allocated %ld bytes at %p\n", size, value); */
|
/* printf("allocated %ld bytes at %p\n", size, value); */
|
||||||
|
|
||||||
return value;
|
return value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void *smalloc(size_t s) {
|
||||||
|
if (s == 0)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
size_t size = s * sizeof(byte);
|
||||||
|
void *value = sodium_malloc (size);
|
||||||
|
|
||||||
|
if (value == NULL) {
|
||||||
|
err(errno, "Cannot allocate %d bytes of memory", (int)s);
|
||||||
|
exit(-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
|
||||||
void *urmalloc(size_t s) {
|
void *urmalloc(size_t s) {
|
||||||
void *value = ucmalloc (s);
|
void *value = ucmalloc (s);
|
||||||
|
|
||||||
@@ -51,6 +66,14 @@ void *urmalloc(size_t s) {
|
|||||||
return value;
|
return value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void *srmalloc(size_t s) {
|
||||||
|
void *value = sodium_malloc (s);
|
||||||
|
|
||||||
|
arc4random_buf(value, s);
|
||||||
|
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
void *ucrealloc(void *d, size_t oldlen, size_t newlen) {
|
void *ucrealloc(void *d, size_t oldlen, size_t newlen) {
|
||||||
newlen = newlen * sizeof(byte);
|
newlen = newlen * sizeof(byte);
|
||||||
@@ -75,3 +98,7 @@ void ucfree(void *d, size_t len) {
|
|||||||
free(d);
|
free(d);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void sfree(void *d) {
|
||||||
|
sodium_free(d);
|
||||||
|
}
|
||||||
|
|||||||
@@ -761,7 +761,7 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) {
|
|||||||
|
|
||||||
buffer_free(raw);
|
buffer_free(raw);
|
||||||
ucfree(nonce, crypto_secretbox_NONCEBYTES);
|
ucfree(nonce, crypto_secretbox_NONCEBYTES);
|
||||||
ucfree(symkey, 64);
|
sfree(symkey);
|
||||||
ucfree(cipher, es);
|
ucfree(cipher, es);
|
||||||
|
|
||||||
return out;
|
return out;
|
||||||
@@ -877,7 +877,7 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras
|
|||||||
ucfree(clear, cipherlen - PCP_CRYPTO_ADD);
|
ucfree(clear, cipherlen - PCP_CRYPTO_ADD);
|
||||||
ucfree(nonce, crypto_secretbox_NONCEBYTES);
|
ucfree(nonce, crypto_secretbox_NONCEBYTES);
|
||||||
buffer_free(blob);
|
buffer_free(blob);
|
||||||
ucfree(symkey, 64);
|
sfree(symkey);
|
||||||
free(id);
|
free(id);
|
||||||
|
|
||||||
return sk;
|
return sk;
|
||||||
@@ -890,6 +890,6 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras
|
|||||||
ucfree(sk, sizeof(pcp_key_t));
|
ucfree(sk, sizeof(pcp_key_t));
|
||||||
buffer_free(blob);
|
buffer_free(blob);
|
||||||
if(symkey != NULL)
|
if(symkey != NULL)
|
||||||
ucfree(symkey, 64);
|
sfree(symkey);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -22,7 +22,7 @@
|
|||||||
#include "scrypt.h"
|
#include "scrypt.h"
|
||||||
|
|
||||||
byte* pcp_scrypt(PCPCTX *ptx, char *passwd, size_t passwdlen, byte *nonce, size_t noncelen) {
|
byte* pcp_scrypt(PCPCTX *ptx, char *passwd, size_t passwdlen, byte *nonce, size_t noncelen) {
|
||||||
uint8_t *dk = ucmalloc(64); /* resulting hash */
|
uint8_t *dk = smalloc(64); /* resulting hash */
|
||||||
|
|
||||||
/* constants */
|
/* constants */
|
||||||
uint64_t N = 1 << 14;
|
uint64_t N = 1 << 14;
|
||||||
|
|||||||
@@ -442,7 +442,8 @@ int pcpvault_fetchall(PCPCTX *ptx, vault_t *vault) {
|
|||||||
vault_item_header_t *item = ucmalloc(sizeof(vault_item_header_t));
|
vault_item_header_t *item = ucmalloc(sizeof(vault_item_header_t));
|
||||||
got = fread(header, 1, sizeof(vault_header_t), vault->fd);
|
got = fread(header, 1, sizeof(vault_header_t), vault->fd);
|
||||||
if(got < sizeof(vault_header_t)) {
|
if(got < sizeof(vault_header_t)) {
|
||||||
fatal(ptx, "empty or invalid vault header size (got %ld, expected %ld)\n", got, sizeof(vault_header_t));
|
fatal(ptx, "empty or invalid vault header size (got %ld, expected %ld)\n",
|
||||||
|
got, sizeof(vault_header_t));
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
vh2native(header);
|
vh2native(header);
|
||||||
@@ -494,12 +495,14 @@ int pcpvault_fetchall(PCPCTX *ptx, vault_t *vault) {
|
|||||||
buffer_free(rawks);
|
buffer_free(rawks);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
fatal(ptx, "Failed to read vault - invalid key type: %02X! at %d\n", item->type, readpos);
|
fatal(ptx, "Failed to read vault - invalid key type: %02X! at %d\n",
|
||||||
|
item->type, readpos);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
fatal(ptx, "Failed to read vault - that's no pcp key at %d (size %ld)!\n", readpos, bytesleft);
|
fatal(ptx, "Failed to read vault - that's no pcp key at %d (size %ld)!\n",
|
||||||
|
readpos, bytesleft);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -70,12 +70,12 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i
|
|||||||
"Enter passphrase for symetric decryption", NULL, 1);
|
"Enter passphrase for symetric decryption", NULL, 1);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
passphrase = ucmalloc(strlen(passwd)+1);
|
passphrase = smalloc(strlen(passwd)+1);
|
||||||
strncpy(passphrase, passwd, strlen(passwd));
|
memcpy(passphrase, passwd, strlen(passwd) + 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), salt, 90);
|
symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), salt, 90);
|
||||||
ucfree(passphrase, strlen(passphrase));
|
sfree(passphrase);
|
||||||
free(salt);
|
free(salt);
|
||||||
}
|
}
|
||||||
else if(head == PCP_ASYM_CIPHER || head == PCP_ASYM_CIPHER_SIG || head == PCP_ASYM_CIPHER_ANON) {
|
else if(head == PCP_ASYM_CIPHER || head == PCP_ASYM_CIPHER_SIG || head == PCP_ASYM_CIPHER_ANON) {
|
||||||
@@ -103,12 +103,12 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i
|
|||||||
"Enter passphrase to decrypt your secret key", NULL, 1);
|
"Enter passphrase to decrypt your secret key", NULL, 1);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
passphrase = ucmalloc(strlen(passwd)+1);
|
passphrase = smalloc(strlen(passwd)+1);
|
||||||
strncpy(passphrase, passwd, strlen(passwd)+1);
|
memcpy(passphrase, passwd, strlen(passwd)+1);
|
||||||
}
|
}
|
||||||
|
|
||||||
secret = pcpkey_decrypt(ptx, secret, passphrase);
|
secret = pcpkey_decrypt(ptx, secret, passphrase);
|
||||||
ucfree(passphrase, strlen(passphrase));
|
sfree(passphrase);
|
||||||
if(secret == NULL)
|
if(secret == NULL)
|
||||||
goto errde3;
|
goto errde3;
|
||||||
|
|
||||||
@@ -134,7 +134,7 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
dlen = pcp_decrypt_stream(ptx, pin, pout, NULL, symkey, verify, 0);
|
dlen = pcp_decrypt_stream(ptx, pin, pout, NULL, symkey, verify, 0);
|
||||||
ucfree(symkey, 64);
|
sfree(symkey);
|
||||||
}
|
}
|
||||||
|
|
||||||
ps_close(pin);
|
ps_close(pin);
|
||||||
@@ -151,7 +151,7 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i
|
|||||||
|
|
||||||
errde3:
|
errde3:
|
||||||
if(symkey != NULL)
|
if(symkey != NULL)
|
||||||
ucfree(symkey, 64);
|
free(symkey);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -177,15 +177,15 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
|
|||||||
"Enter passphrase for symetric encryption", "Repeat passphrase", 1);
|
"Enter passphrase for symetric encryption", "Repeat passphrase", 1);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
passphrase = ucmalloc(strlen(passwd)+1);
|
passphrase = smalloc(strlen(passwd)+1);
|
||||||
strncpy(passphrase, passwd, strlen(passwd));
|
memcpy(passphrase, passwd, strlen(passwd)+1);
|
||||||
}
|
}
|
||||||
byte *salt = ucmalloc(90); /* FIXME: use random salt, concat it with result afterwards */
|
byte *salt = ucmalloc(90); /* FIXME: use random salt, concat it with result afterwards */
|
||||||
char stsalt[] = PBP_COMPAT_SALT;
|
char stsalt[] = PBP_COMPAT_SALT;
|
||||||
memcpy(salt, stsalt, 90);
|
memcpy(salt, stsalt, 90);
|
||||||
symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), salt, 90);
|
symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), salt, 90);
|
||||||
free(salt);
|
free(salt);
|
||||||
ucfree(passphrase, strlen(passphrase));
|
sfree(passphrase);
|
||||||
}
|
}
|
||||||
else if(id != NULL && recipient == NULL) {
|
else if(id != NULL && recipient == NULL) {
|
||||||
/* lookup by id */
|
/* lookup by id */
|
||||||
@@ -256,11 +256,11 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
|
|||||||
"Enter passphrase to decrypt your secret key", NULL, 1);
|
"Enter passphrase to decrypt your secret key", NULL, 1);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
passphrase = ucmalloc(strlen(passwd)+1);
|
passphrase = smalloc(strlen(passwd)+1);
|
||||||
strncpy(passphrase, passwd, strlen(passwd)+1);
|
memcpy(passphrase, passwd, strlen(passwd)+1);
|
||||||
}
|
}
|
||||||
secret = pcpkey_decrypt(ptx, secret, passphrase);
|
secret = pcpkey_decrypt(ptx, secret, passphrase);
|
||||||
ucfree(passphrase, strlen(passphrase));
|
sfree(passphrase);
|
||||||
if(secret == NULL)
|
if(secret == NULL)
|
||||||
goto erren2;
|
goto erren2;
|
||||||
}
|
}
|
||||||
@@ -297,7 +297,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
|
|||||||
|
|
||||||
if(self == 1) {
|
if(self == 1) {
|
||||||
clen = pcp_encrypt_stream_sym(ptx, pin, pout, symkey, 0, NULL);
|
clen = pcp_encrypt_stream_sym(ptx, pin, pout, symkey, 0, NULL);
|
||||||
ucfree(symkey, 64);
|
sfree(symkey);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
clen = pcp_encrypt_stream(ptx, pin, pout, secret, pubhash, signcrypt, anon);
|
clen = pcp_encrypt_stream(ptx, pin, pout, secret, pubhash, signcrypt, anon);
|
||||||
@@ -335,7 +335,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
|
|||||||
pcphash_cleanpub(pubhash);
|
pcphash_cleanpub(pubhash);
|
||||||
|
|
||||||
if(symkey != NULL)
|
if(symkey != NULL)
|
||||||
ucfree(symkey, 64);
|
sfree(symkey);
|
||||||
|
|
||||||
erren3:
|
erren3:
|
||||||
|
|
||||||
|
|||||||
@@ -83,7 +83,7 @@ void pcp_keygen(char *passwd) {
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
passphrase = ucmalloc(strlen(passwd)+1);
|
passphrase = ucmalloc(strlen(passwd)+1);
|
||||||
strncpy(passphrase, passwd, strlen(passwd)+1);
|
memcpy(passphrase, passwd, strlen(passwd)+1);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(strnlen(passphrase, 1024) > 0)
|
if(strnlen(passphrase, 1024) > 0)
|
||||||
@@ -234,12 +234,10 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa
|
|||||||
"Enter passphrase to decrypt your secret key", NULL, 1);
|
"Enter passphrase to decrypt your secret key", NULL, 1);
|
||||||
key = pcpkey_decrypt(ptx, key, passphrase);
|
key = pcpkey_decrypt(ptx, key, passphrase);
|
||||||
if(key == NULL) {
|
if(key == NULL) {
|
||||||
memset(passphrase, 0, strlen(passphrase));
|
sfree(passphrase);
|
||||||
free(passphrase);
|
|
||||||
goto errexpse1;
|
goto errexpse1;
|
||||||
}
|
}
|
||||||
memset(passphrase, 0, strlen(passphrase));
|
sfree(passphrase);
|
||||||
free(passphrase);
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
key = pcpkey_decrypt(ptx, key, passwd);
|
key = pcpkey_decrypt(ptx, key, passwd);
|
||||||
@@ -259,8 +257,7 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa
|
|||||||
pcp_readpass(&passphrase,
|
pcp_readpass(&passphrase,
|
||||||
"Enter passphrase to encrypt the exported secret key", "Repeat passphrase", 1);
|
"Enter passphrase to encrypt the exported secret key", "Repeat passphrase", 1);
|
||||||
exported_sk = pcp_export_secret(ptx, key, passphrase);
|
exported_sk = pcp_export_secret(ptx, key, passphrase);
|
||||||
memset(passphrase, 0, strlen(passphrase));
|
sfree(passphrase);
|
||||||
free(passphrase);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(exported_sk != NULL) {
|
if(exported_sk != NULL) {
|
||||||
@@ -349,8 +346,7 @@ void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int
|
|||||||
pcp_readpass(&passphrase,
|
pcp_readpass(&passphrase,
|
||||||
"Enter passphrase to decrypt your secret key", NULL, 1);
|
"Enter passphrase to decrypt your secret key", NULL, 1);
|
||||||
sk = pcpkey_decrypt(ptx, sk, passphrase);
|
sk = pcpkey_decrypt(ptx, sk, passphrase);
|
||||||
memset(passphrase, 0, strlen(passphrase));
|
sfree(passphrase);
|
||||||
free(passphrase);
|
|
||||||
}
|
}
|
||||||
if(sk == NULL) {
|
if(sk == NULL) {
|
||||||
goto errpcpexpu1;
|
goto errpcpexpu1;
|
||||||
@@ -454,7 +450,7 @@ void pcpedit_key(char *keyid) {
|
|||||||
char *passphrase;
|
char *passphrase;
|
||||||
pcp_readpass(&passphrase, "Enter passphrase to decrypt the key", NULL, 1);
|
pcp_readpass(&passphrase, "Enter passphrase to decrypt the key", NULL, 1);
|
||||||
key = pcpkey_decrypt(ptx, key, passphrase);
|
key = pcpkey_decrypt(ptx, key, passphrase);
|
||||||
ucfree(passphrase, strlen(passphrase));
|
sfree(passphrase);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(key != NULL) {
|
if(key != NULL) {
|
||||||
@@ -509,7 +505,7 @@ void pcpedit_key(char *keyid) {
|
|||||||
|
|
||||||
if(strnlen(passphrase, 1024) > 0) {
|
if(strnlen(passphrase, 1024) > 0) {
|
||||||
key = pcpkey_encrypt(ptx, key, passphrase);
|
key = pcpkey_encrypt(ptx, key, passphrase);
|
||||||
ucfree(passphrase, strlen(passphrase));
|
sfree(passphrase);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(key != NULL) {
|
if(key != NULL) {
|
||||||
@@ -616,7 +612,7 @@ int pcp_import (vault_t *vault, FILE *in, char *passwd) {
|
|||||||
pcp_readpass(&passphrase,
|
pcp_readpass(&passphrase,
|
||||||
"Enter passphrase to decrypt the secret key file", NULL, 1);
|
"Enter passphrase to decrypt the secret key file", NULL, 1);
|
||||||
sk = pcp_import_secret(ptx, buf, bufsize, passphrase);
|
sk = pcp_import_secret(ptx, buf, bufsize, passphrase);
|
||||||
ucfree(passphrase, strlen(passphrase));
|
sfree(passphrase);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(sk == NULL) {
|
if(sk == NULL) {
|
||||||
@@ -645,7 +641,7 @@ int pcp_import (vault_t *vault, FILE *in, char *passwd) {
|
|||||||
if(strnlen(passphrase, 1024) > 0) {
|
if(strnlen(passphrase, 1024) > 0) {
|
||||||
/* encrypt the key */
|
/* encrypt the key */
|
||||||
sk = pcpkey_encrypt(ptx, sk, passphrase);
|
sk = pcpkey_encrypt(ptx, sk, passphrase);
|
||||||
ucfree(passphrase, strlen(passphrase));
|
sfree(passphrase);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
/* ask for confirmation if we shall store it in the clear */
|
/* ask for confirmation if we shall store it in the clear */
|
||||||
|
|||||||
@@ -30,7 +30,6 @@
|
|||||||
#include <wctype.h>
|
#include <wctype.h>
|
||||||
|
|
||||||
#include "randomart.h"
|
#include "randomart.h"
|
||||||
#include "mac.h"
|
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "pcp.h"
|
#include "pcp.h"
|
||||||
#include "vault.h"
|
#include "vault.h"
|
||||||
|
|||||||
@@ -107,10 +107,15 @@ retry:
|
|||||||
fclose(readfrom);
|
fclose(readfrom);
|
||||||
|
|
||||||
/* Copy the password out. */
|
/* Copy the password out. */
|
||||||
|
char *p = smalloc(strlen(passbuf) + 1);
|
||||||
|
memcpy(p, passbuf, strlen(passbuf) + 1 );
|
||||||
|
*passwd = p;
|
||||||
|
/*
|
||||||
if ((*passwd = strdup(passbuf)) == NULL) {
|
if ((*passwd = strdup(passbuf)) == NULL) {
|
||||||
fatal(ptx, "Cannot allocate memory\n");
|
fatal(ptx, "Cannot allocate memory\n");
|
||||||
goto err1;
|
goto err1;
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
/* Zero any stored passwords. */
|
/* Zero any stored passwords. */
|
||||||
memset(passbuf, 0, MAXPASSLEN);
|
memset(passbuf, 0, MAXPASSLEN);
|
||||||
|
|||||||
@@ -62,12 +62,12 @@ int pcpsign(char *infile, char *outfile, char *passwd, int z85, int detach) {
|
|||||||
"Enter passphrase to decrypt your secret key", NULL, 1);
|
"Enter passphrase to decrypt your secret key", NULL, 1);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
passphrase = ucmalloc(strlen(passwd)+1);
|
passphrase = smalloc(strlen(passwd)+1);
|
||||||
strncpy(passphrase, passwd, strlen(passwd)+1);
|
memcpy(passphrase, passwd, strlen(passwd)+1);
|
||||||
}
|
}
|
||||||
|
|
||||||
secret = pcpkey_decrypt(ptx, secret, passphrase);
|
secret = pcpkey_decrypt(ptx, secret, passphrase);
|
||||||
ucfree(passphrase, strlen(passwd)+1);
|
sfree(passphrase);
|
||||||
if(secret == NULL)
|
if(secret == NULL)
|
||||||
goto errs1;
|
goto errs1;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
int main() {
|
int main() {
|
||||||
sodium_init();
|
sodium_init();
|
||||||
unsigned char *t = ucmalloc(12);
|
unsigned char *t = ucmalloc(12);
|
||||||
if(pcp_sodium_verify_box(&t, cipher, cipher_len, nonce, secret_b, public_a) == 0) {
|
if(crypto_box_open_easy(t, cipher, cipher_len, nonce, public_a, secret_b) == 0) {
|
||||||
if(memcmp(t, message, message_len) == 0) {
|
if(memcmp(t, message, message_len) == 0) {
|
||||||
printf("ok\n");
|
printf("ok\n");
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user