From 54986fa6dcd9fc1d429003cfd19cb544aac4aeac Mon Sep 17 00:00:00 2001 From: TLINDEN Date: Tue, 13 Jan 2015 13:04:12 +0100 Subject: [PATCH] migrated to libsodium _easy() crypto functions, thus getting rid of my hand made padding mess --- include/pcp/crypto.h | 68 +++++++++++++++++++++---- include/pcp/mac.h | 94 ---------------------------------- include/pcp/pad.h | 98 ----------------------------------- libpcp/crypto.c | 119 +++++++++++++++---------------------------- libpcp/mac.c | 76 --------------------------- libpcp/pad.c | 75 --------------------------- 6 files changed, 99 insertions(+), 431 deletions(-) delete mode 100644 include/pcp/mac.h delete mode 100644 include/pcp/pad.h delete mode 100644 libpcp/mac.c delete mode 100644 libpcp/pad.c diff --git a/include/pcp/crypto.h b/include/pcp/crypto.h index fc3d680..e6b2717 100644 --- a/include/pcp/crypto.h +++ b/include/pcp/crypto.h @@ -116,16 +116,6 @@ of 32k, N is a nonce (new per block) and S the symmetric key. */ -size_t pcp_sodium_box(byte **cipher, - byte *cleartext, - size_t clearsize, - byte *nonce, - byte *secret, - byte *pub); - -int pcp_sodium_verify_box(byte **cleartext, byte* message, - size_t messagesize, byte *nonce, - byte *secret, byte *pub); /** Asymmetrically encrypt a message. @@ -282,6 +272,64 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t */ size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte *symkey, pcp_rec_t *recverify); + + + +/** Symmetrically encrypt a message. + + This function encrypts a message symmetrically + using crypto_secretbox() using the given Curve25519 raw + secret key and the nonce. + + It allocates apropriate memory for the result, + which will be stored in \a cipher. + + \param[out] cipher Encrypted result. + \param[in] cleartext Clear message. + \param[in] clearsize Size of message. + \param[in] nonce A random nonce (24 Bytes). + \param[in] key A Curve25519 key (32 Bytes). + + \return Returns the size of \a cipher. + */ +size_t pcp_sodium_mac(byte **cipher, + byte *cleartext, + size_t clearsize, + byte *nonce, + byte *key); + + +/** Decrypt a symmetrically encrypted message. + + This function decrypts a symmetrically encrypted message + using crypto_secretbox_open() using the given Curve25519 raw + secret key and the nonce. + + It allocates apropriate memory for the result, + which will be stored in \a cleartext. + + \param[out] cleartext The decrypted result. + \param[in] message The encrypted message. + \param[in] messagesize Size of message. + \param[in] nonce A random nonce (24 Bytes). + \param[in] key A Curve25519 key (32 Bytes). + + \return Returns 0 in case of success of -1 in case of an error. Check fatals_if_any(). + + */ +int pcp_sodium_verify_mac(byte **cleartext, + byte* message, + size_t messagesize, + byte *nonce, + byte *key); + + + + + + + + pcp_rec_t *pcp_rec_new(byte *cipher, size_t clen, pcp_key_t *secret, pcp_pubkey_t *pub); void pcp_rec_free(pcp_rec_t *r); diff --git a/include/pcp/mac.h b/include/pcp/mac.h deleted file mode 100644 index 38d811f..0000000 --- a/include/pcp/mac.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - This file is part of Pretty Curved Privacy (pcp1). - - Copyright (C) 2013 T.Linden. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - - You can contact me by mail: . -*/ - - -#ifndef _HAVE_PCP_MAC -#define _HAVE_PCP_MAC - -/** - * \addtogroup CRYPTO - * @{ - */ -#include -#include -#include -#include -#include "defines.h" -#include "pad.h" -#include "mem.h" - - -/* how many times do we hash the passphrase */ -#define HCYCLES 128000 - -/** Symmetrically encrypt a message. - - This function encrypts a message symmetrically - using crypto_secretbox() using the given Curve25519 raw - secret key and the nonce. - - It allocates apropriate memory for the result, - which will be stored in \a cipher. - - \param[out] cipher Encrypted result. - \param[in] cleartext Clear message. - \param[in] clearsize Size of message. - \param[in] nonce A random nonce (24 Bytes). - \param[in] key A Curve25519 key (32 Bytes). - - \return Returns the size of \a cipher. - */ -size_t pcp_sodium_mac(byte **cipher, - byte *cleartext, - size_t clearsize, - byte *nonce, - byte *key); - -/** Decrypt a symmetrically encrypted message. - - This function decrypts a symmetrically encrypted message - using crypto_secretbox_open() using the given Curve25519 raw - secret key and the nonce. - - It allocates apropriate memory for the result, - which will be stored in \a cleartext. - - \param[out] cleartext The decrypted result. - \param[in] message The encrypted message. - \param[in] messagesize Size of message. - \param[in] nonce A random nonce (24 Bytes). - \param[in] key A Curve25519 key (32 Bytes). - - \return Returns 0 in case of success of -1 in case of an error. Check fatals_if_any(). - - */ -int pcp_sodium_verify_mac(byte **cleartext, - byte* message, - size_t messagesize, - byte *nonce, - byte *key); - - - - -#endif /* _HAVE_PCP_MAC */ - -/**@}*/ diff --git a/include/pcp/pad.h b/include/pcp/pad.h deleted file mode 100644 index d12ff09..0000000 --- a/include/pcp/pad.h +++ /dev/null @@ -1,98 +0,0 @@ -/* - This file is part of Pretty Curved Privacy (pcp1). - - Copyright (C) 2013 T.Linden. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - - You can contact me by mail: . -*/ - - -#ifndef _HAVE_PCP_ZPADDING -#define _HAVE_PCP_ZPADDING - -#include -#include -#include -#include -#include - -#include "mem.h" - -#ifdef DEBUG -#define ZPADCHAR 48 -#else -#define ZPADCHAR 0 -#endif - -/* prepends a binary stream with a number of */ -/* \0's as required by the secret_box and */ -/* secret_box_open functions of libsodium. */ -/* */ -/* parameters: */ -/* */ -/* padded: destination array (ref) */ -/* unpadded: source array without padding */ -/* padlen: length of padding */ -/* unpadlen: length of source array */ -/* */ -/* turns "efa5" into "00000000efa5" with padlen 8 */ -/* */ -/* if DEBUG is set, destination will be padded with */ -/* the character '0', NOT the integer 0. */ -/* */ -/* allocates memory for padded and it is up to the */ -/* user to free it after use. */ -/* */ -/* sample call: */ -/* */ -/* char unpadded[] = {0xef, 0xa5}; */ -/* byte *padded; */ -/* pcp_pad_prepend(&padded, unpadded, 8, 2); */ -/* */ -/* the result, padded, would be 10 bytes long, 8 */ -/* bytes for the leading zeros and 2 for the content */ -/* of the original unpadded. */ -void pcp_pad_prepend(byte **padded, byte *unpadded, - size_t padlen, size_t unpadlen); - -/* removes zero's of a binary stream, which is */ -/* the reverse of pcp_pad_prepend(). */ -/* */ -/* parameters: */ -/* */ -/* unpadded: destination array (ref), with padding removed */ -/* padded: source array with padding */ -/* padlen: length of padding */ -/* unpadlen: length of source array */ -/* */ -/* turns "00000000efa5" into "efa5" with padlen 8 */ -/* */ -/* allocates memory for unpadded and it is up to the */ -/* user to free it after use. */ -/* */ -/* sample call: */ -/* */ -/* char padded[] = {0x0, 0x0, 0x0, 0x0, 0xef, 0xa5}; */ -/* byte *unpadded; */ -/* pcp_pad_remove(unpadded, padded, 4, 2); */ -/* */ -/* the result, unpadded would be 2 bytes long containing */ -/* only the 2 bytes we want to have with zeros removed. */ -void pcp_pad_remove(byte **unpadded, byte *padded, - size_t padlen, size_t unpadlen); - - -#endif /* _HAVE_PCP_ZPADDING */ diff --git a/libpcp/crypto.c b/libpcp/crypto.c index 6a2e035..7311d11 100644 --- a/libpcp/crypto.c +++ b/libpcp/crypto.c @@ -22,87 +22,27 @@ #include "crypto.h" -size_t pcp_sodium_box(byte **cipher, - byte *cleartext, - size_t clearsize, - byte *nonce, - byte *secret, - byte *pub) { - - byte *pad_clear; - byte *pad_cipher; - - size_t ciphersize = (clearsize + crypto_box_ZEROBYTES) - crypto_box_BOXZEROBYTES; - - pad_cipher = ucmalloc(crypto_box_ZEROBYTES + clearsize); - pcp_pad_prepend(&pad_clear, cleartext, crypto_box_ZEROBYTES, clearsize); - - /* crypto_box(c,m,mlen,n,pk,sk); */ - crypto_box(pad_cipher, pad_clear, - clearsize + crypto_box_ZEROBYTES, nonce, pub, secret); - - pcp_pad_remove(cipher, pad_cipher, crypto_secretbox_BOXZEROBYTES, ciphersize); - - free(pad_clear); - free(pad_cipher); - - return ciphersize; -} - - - - -int pcp_sodium_verify_box(byte **cleartext, byte* message, - size_t messagesize, byte *nonce, - byte *secret, byte *pub) { - /* verify/decrypt the box */ - byte *pad_cipher; - byte *pad_clear; - int success = -1; - - pcp_pad_prepend(&pad_cipher, message, crypto_box_BOXZEROBYTES, messagesize); - pad_clear = (byte *)ucmalloc((crypto_box_ZEROBYTES+ messagesize)); - - /* crypto_box_open(m,c,clen,n,pk,sk); */ - if (crypto_box_open(pad_clear, pad_cipher, - messagesize + crypto_box_BOXZEROBYTES, - nonce, pub, secret) == 0) { - success = 0; - } - - pcp_pad_remove(cleartext, pad_clear, crypto_box_ZEROBYTES, messagesize); - - free(pad_clear); - free(pad_cipher); - - return success; -} - +/* asym encr */ byte *pcp_box_encrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub, byte *message, size_t messagesize, size_t *csize) { byte *nonce = pcp_gennonce(); - byte *cipher; + size_t es = messagesize + crypto_box_MACBYTES; + byte *cipher = ucmalloc(es); - size_t es = pcp_sodium_box(&cipher, message, messagesize, nonce, - secret->secret, pub->pub); + if(crypto_box_easy(cipher, message, messagesize, nonce, pub->pub, secret->secret) != 0) + es = 0; /* signal sodium error */ if(es <= messagesize) { fatal(ptx, "failed to encrypt message!\n"); goto errbec; } - /* scip */ - /* fprintf(stderr, "public: "); pcpprint_bin(stderr, pub->pub, 32); fprintf(stderr, "\n"); */ - /* fprintf(stderr, "secret: "); pcpprint_bin(stderr, secret->secret, 32); fprintf(stderr, "\n"); */ - /* fprintf(stderr, "cipher: "); pcpprint_bin(stderr, cipher, es); fprintf(stderr, "\n"); */ - /* fprintf(stderr, " nonce: "); pcpprint_bin(stderr, nonce, crypto_secretbox_NONCEBYTES); fprintf(stderr, "\n"); */ - /* put nonce and cipher together */ byte *combined = ucmalloc(es + crypto_secretbox_NONCEBYTES); memcpy(combined, nonce, crypto_secretbox_NONCEBYTES); @@ -124,6 +64,7 @@ byte *pcp_box_encrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub, } +/* asym decr */ byte *pcp_box_decrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub, byte *cipher, size_t ciphersize, size_t *dsize) { @@ -137,9 +78,9 @@ byte *pcp_box_decrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub, memcpy(cipheronly, &cipher[crypto_secretbox_NONCEBYTES], ciphersize - crypto_secretbox_NONCEBYTES); - if(pcp_sodium_verify_box(&message, cipheronly, - ciphersize - crypto_secretbox_NONCEBYTES, - nonce, secret->secret, pub->pub) != 0){ + message = ucmalloc(ciphersize - crypto_secretbox_NONCEBYTES - crypto_box_MACBYTES); + if(crypto_box_open_easy(message, cipheronly, ciphersize - crypto_secretbox_NONCEBYTES, + nonce, pub->pub, secret->secret) != 0) { fatal(ptx, "failed to decrypt message!\n"); goto errbed; } @@ -161,6 +102,29 @@ byte *pcp_box_decrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub, return NULL; } +/* sym encr */ +size_t pcp_sodium_mac(byte **cipher, + byte *cleartext, + size_t clearsize, + byte *nonce, + byte *key) { + + *cipher = ucmalloc(clearsize + crypto_secretbox_MACBYTES); + crypto_secretbox_easy(*cipher, cleartext, clearsize, nonce, key); + + return clearsize + crypto_secretbox_MACBYTES; +} + +/* sym decr */ +int pcp_sodium_verify_mac(byte **cleartext, byte* message, + size_t messagesize, byte *nonce, + byte *key) { + + *cleartext = ucmalloc(messagesize - crypto_secretbox_MACBYTES); + return crypto_secretbox_open_easy(*cleartext, message, messagesize, nonce, key); +} + + size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t *s, byte *symkey, int verify, int anon) { pcp_pubkey_t *cur = NULL; byte *reccipher = NULL; @@ -255,7 +219,7 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t if(recipient != NULL && rec_size == crypto_secretbox_KEYBYTES) { /* found a match */ recmatch = 1; - symkey = ucmalloc(crypto_secretbox_KEYBYTES); + symkey = smalloc(crypto_secretbox_KEYBYTES); memcpy(symkey, recipient, crypto_secretbox_KEYBYTES); free(recipient); ucfree(senderpub, sizeof(pcp_pubkey_t)); @@ -271,7 +235,7 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t if(recipient != NULL && rec_size == crypto_secretbox_KEYBYTES) { /* found a match */ recmatch = 1; - symkey = ucmalloc(crypto_secretbox_KEYBYTES); + symkey = smalloc(crypto_secretbox_KEYBYTES); memcpy(symkey, recipient, crypto_secretbox_KEYBYTES); free(recipient); break; @@ -296,17 +260,17 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t pcp_rec_t *rec = pcp_rec_new(reccipher, nrec * PCP_ASYM_RECIPIENT_SIZE, NULL, cur); size_t s = pcp_decrypt_stream_sym(ptx, in, out, symkey, rec); pcp_rec_free(rec); - ucfree(symkey, crypto_secretbox_KEYBYTES); + sfree(symkey); return s; } else { size_t s = pcp_decrypt_stream_sym(ptx, in, out, symkey, NULL); - ucfree(symkey, crypto_secretbox_KEYBYTES); + sfree(symkey); return s; } errdef1: - ucfree(symkey, crypto_secretbox_KEYBYTES); + sfree(symkey); return 0; } @@ -329,7 +293,7 @@ size_t pcp_encrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t /* preparation */ /* A, generate sym key */ - symkey = urmalloc(crypto_secretbox_KEYBYTES); + symkey = srmalloc(crypto_secretbox_KEYBYTES); /* B, encrypt it asymetrically for each recipient */ recipient_count = HASH_COUNT(p); @@ -408,8 +372,7 @@ size_t pcp_encrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t goto errec1; - memset(symkey, 0, crypto_secretbox_KEYBYTES); - free(symkey); + sfree(symkey); free(recipients_cipher); return out_size + sym_size; @@ -709,12 +672,12 @@ void pcp_rec_free(pcp_rec_t *r) { free(r->cipher); if(r->secret != NULL) { - memset(r->secret, 0, sizeof(pcp_key_t)); + sodium_memzero(r->secret, sizeof(pcp_key_t)); free(r->secret); } if(r->pub != NULL) { - memset(r->pub, 0, sizeof(pcp_pubkey_t)); + sodium_memzero(r->pub, sizeof(pcp_pubkey_t)); free(r->pub); } diff --git a/libpcp/mac.c b/libpcp/mac.c deleted file mode 100644 index d66228c..0000000 --- a/libpcp/mac.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - This file is part of Pretty Curved Privacy (pcp1). - - Copyright (C) 2013 T.Linden. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - - You can contact me by mail: . -*/ - - -#include "mac.h" - - - -size_t pcp_sodium_mac(byte **cipher, - byte *cleartext, - size_t clearsize, - byte *nonce, - byte *key) { - byte *pad_clear; - byte *pad_cipher; - - pad_cipher = ucmalloc(crypto_secretbox_ZEROBYTES + clearsize); - - pcp_pad_prepend(&pad_clear, cleartext, crypto_secretbox_ZEROBYTES, clearsize); - - crypto_secretbox(pad_cipher, pad_clear, - clearsize + crypto_secretbox_ZEROBYTES, nonce, key); - - pcp_pad_remove(cipher, pad_cipher, crypto_secretbox_BOXZEROBYTES, - (clearsize + crypto_secretbox_ZEROBYTES) - crypto_secretbox_BOXZEROBYTES); - - free(pad_clear); - free(pad_cipher); - - return (clearsize + crypto_secretbox_ZEROBYTES) - crypto_secretbox_BOXZEROBYTES; -} - -int pcp_sodium_verify_mac(byte **cleartext, byte* message, - size_t messagesize, byte *nonce, - byte *key) { - /* verify the mac */ - byte *pad_cipher; - byte *pad_clear; - int success = -1; - - pcp_pad_prepend(&pad_cipher, message, crypto_secretbox_BOXZEROBYTES, messagesize); - - pad_clear = (byte *)ucmalloc((crypto_secretbox_ZEROBYTES + messagesize)); - - if (crypto_secretbox_open(pad_clear, - pad_cipher, - messagesize + crypto_secretbox_BOXZEROBYTES, - nonce, key) == 0) { - success = 0; - } - - pcp_pad_remove(cleartext, pad_clear, crypto_secretbox_ZEROBYTES, messagesize); - - free(pad_clear); - free(pad_cipher); - - return success; -} diff --git a/libpcp/pad.c b/libpcp/pad.c deleted file mode 100644 index fced620..0000000 --- a/libpcp/pad.c +++ /dev/null @@ -1,75 +0,0 @@ -/* - This file is part of Pretty Curved Privacy (pcp1). - - Copyright (C) 2013 T.Linden. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - - You can contact me by mail: . -*/ - - -#include "pad.h" - -void pcp_pad_prepend(byte **padded, byte *unpadded, - size_t padlen, size_t unpadlen) { - *padded = ucmalloc(unpadlen + padlen); - byte *tmp = ucmalloc(unpadlen + padlen); - - /* pcp_append orig */ - size_t i; - for(i=0; i= 2) { - size_t unpadlen; - int padlen = strtol(argv[2], NULL, 0); - unpadlen = strlen(argv[1]); - byte *dst; - - pcp_pad_prepend(&dst, argv[1], padlen, unpadlen); - /* printf(" prev: %s\n after: %s\n", argv[1], dst); */ - - byte *reverse; - pcp_pad_remove(&reverse, dst, padlen, unpadlen); - /* printf("reverse: %s\n", reverse); */ - - return 0; - } - /* fprintf(stderr, "Usage: pad \n"); */ - return -1; -} -#endif -