scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 12:00:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

migrated to libsodium _easy() crypto functions, thus getting rid of my hand made padding mess

Browse Source
This commit is contained in:
TLINDEN
2015-01-13 13:04:12 +01:00
parent d1200a0831
commit 54986fa6dc
6 changed files with 99 additions and 431 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
include/pcp/crypto.h
View File

@@ -116,16 +116,6 @@
of 32k, N is a nonce (new per block) and S the symmetric key. of 32k, N is a nonce (new per block) and S the symmetric key.
*/ */
size_t pcp_sodium_box(byte **cipher,
byte *cleartext,
size_t clearsize,
byte *nonce,
byte *secret,
byte *pub);
int pcp_sodium_verify_box(byte **cleartext, byte* message,
size_t messagesize, byte *nonce,
byte *secret, byte *pub);
/** Asymmetrically encrypt a message. /** Asymmetrically encrypt a message.
@@ -282,6 +272,64 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t
*/ */
size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte *symkey, pcp_rec_t *recverify); size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte *symkey, pcp_rec_t *recverify);
/** Symmetrically encrypt a message.
This function encrypts a message symmetrically
using crypto_secretbox() using the given Curve25519 raw
secret key and the nonce.
It allocates apropriate memory for the result,
which will be stored in \a cipher.
\param[out] cipher Encrypted result.
\param[in] cleartext Clear message.
\param[in] clearsize Size of message.
\param[in] nonce A random nonce (24 Bytes).
\param[in] key A Curve25519 key (32 Bytes).
\return Returns the size of \a cipher.
*/
size_t pcp_sodium_mac(byte **cipher,
byte *cleartext,
size_t clearsize,
byte *nonce,
byte *key);
/** Decrypt a symmetrically encrypted message.
This function decrypts a symmetrically encrypted message
using crypto_secretbox_open() using the given Curve25519 raw
secret key and the nonce.
It allocates apropriate memory for the result,
which will be stored in \a cleartext.
\param[out] cleartext The decrypted result.
\param[in] message The encrypted message.
\param[in] messagesize Size of message.
\param[in] nonce A random nonce (24 Bytes).
\param[in] key A Curve25519 key (32 Bytes).
\return Returns 0 in case of success of -1 in case of an error. Check fatals_if_any().
*/
int pcp_sodium_verify_mac(byte **cleartext,
byte* message,
size_t messagesize,
byte *nonce,
byte *key);
pcp_rec_t *pcp_rec_new(byte *cipher, size_t clen, pcp_key_t *secret, pcp_pubkey_t *pub); pcp_rec_t *pcp_rec_new(byte *cipher, size_t clen, pcp_key_t *secret, pcp_pubkey_t *pub);
void pcp_rec_free(pcp_rec_t *r); void pcp_rec_free(pcp_rec_t *r);

94
include/pcp/mac.h
View File

@@ -1,94 +0,0 @@
/*
This file is part of Pretty Curved Privacy (pcp1).
Copyright (C) 2013 T.Linden.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You can contact me by mail: <tlinden AT cpan DOT org>.
*/
#ifndef _HAVE_PCP_MAC
#define _HAVE_PCP_MAC
/**
* \addtogroup CRYPTO
* @{
*/
#include <strings.h>
#include <stdlib.h>
#include <errno.h>
#include <sodium.h>
#include "defines.h"
#include "pad.h"
#include "mem.h"
/* how many times do we hash the passphrase */
#define HCYCLES 128000
/** Symmetrically encrypt a message.
This function encrypts a message symmetrically
using crypto_secretbox() using the given Curve25519 raw
secret key and the nonce.
It allocates apropriate memory for the result,
which will be stored in \a cipher.
\param[out] cipher Encrypted result.
\param[in] cleartext Clear message.
\param[in] clearsize Size of message.
\param[in] nonce A random nonce (24 Bytes).
\param[in] key A Curve25519 key (32 Bytes).
\return Returns the size of \a cipher.
*/
size_t pcp_sodium_mac(byte **cipher,
byte *cleartext,
size_t clearsize,
byte *nonce,
byte *key);
/** Decrypt a symmetrically encrypted message.
This function decrypts a symmetrically encrypted message
using crypto_secretbox_open() using the given Curve25519 raw
secret key and the nonce.
It allocates apropriate memory for the result,
which will be stored in \a cleartext.
\param[out] cleartext The decrypted result.
\param[in] message The encrypted message.
\param[in] messagesize Size of message.
\param[in] nonce A random nonce (24 Bytes).
\param[in] key A Curve25519 key (32 Bytes).
\return Returns 0 in case of success of -1 in case of an error. Check fatals_if_any().
*/
int pcp_sodium_verify_mac(byte **cleartext,
byte* message,
size_t messagesize,
byte *nonce,
byte *key);
#endif /* _HAVE_PCP_MAC */
/**@}*/

98
include/pcp/pad.h
View File

@@ -1,98 +0,0 @@
/*
This file is part of Pretty Curved Privacy (pcp1).
Copyright (C) 2013 T.Linden.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You can contact me by mail: <tlinden AT cpan DOT org>.
*/
#ifndef _HAVE_PCP_ZPADDING
#define _HAVE_PCP_ZPADDING
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdlib.h>
#include <limits.h>
#include "mem.h"
#ifdef DEBUG
#define ZPADCHAR 48
#else
#define ZPADCHAR 0
#endif
/* prepends a binary stream with a number of */
/* \0's as required by the secret_box and */
/* secret_box_open functions of libsodium. */
/* */
/* parameters: */
/* */
/* padded: destination array (ref) */
/* unpadded: source array without padding */
/* padlen: length of padding */
/* unpadlen: length of source array */
/* */
/* turns "efa5" into "00000000efa5" with padlen 8 */
/* */
/* if DEBUG is set, destination will be padded with */
/* the character '0', NOT the integer 0. */
/* */
/* allocates memory for padded and it is up to the */
/* user to free it after use. */
/* */
/* sample call: */
/* */
/* char unpadded[] = {0xef, 0xa5}; */
/* byte *padded; */
/* pcp_pad_prepend(&padded, unpadded, 8, 2); */
/* */
/* the result, padded, would be 10 bytes long, 8 */
/* bytes for the leading zeros and 2 for the content */
/* of the original unpadded. */
void pcp_pad_prepend(byte **padded, byte *unpadded,
size_t padlen, size_t unpadlen);
/* removes zero's of a binary stream, which is */
/* the reverse of pcp_pad_prepend(). */
/* */
/* parameters: */
/* */
/* unpadded: destination array (ref), with padding removed */
/* padded: source array with padding */
/* padlen: length of padding */
/* unpadlen: length of source array */
/* */
/* turns "00000000efa5" into "efa5" with padlen 8 */
/* */
/* allocates memory for unpadded and it is up to the */
/* user to free it after use. */
/* */
/* sample call: */
/* */
/* char padded[] = {0x0, 0x0, 0x0, 0x0, 0xef, 0xa5}; */
/* byte *unpadded; */
/* pcp_pad_remove(unpadded, padded, 4, 2); */
/* */
/* the result, unpadded would be 2 bytes long containing */
/* only the 2 bytes we want to have with zeros removed. */
void pcp_pad_remove(byte **unpadded, byte *padded,
size_t padlen, size_t unpadlen);
#endif /* _HAVE_PCP_ZPADDING */

119
libpcp/crypto.c
View File

@@ -22,87 +22,27 @@
#include "crypto.h" #include "crypto.h"
size_t pcp_sodium_box(byte **cipher,
byte *cleartext,
size_t clearsize,
byte *nonce,
byte *secret,
byte *pub) {
byte *pad_clear;
byte *pad_cipher;
size_t ciphersize = (clearsize + crypto_box_ZEROBYTES) - crypto_box_BOXZEROBYTES;
pad_cipher = ucmalloc(crypto_box_ZEROBYTES + clearsize);
pcp_pad_prepend(&pad_clear, cleartext, crypto_box_ZEROBYTES, clearsize);
/* crypto_box(c,m,mlen,n,pk,sk); */
crypto_box(pad_cipher, pad_clear,
clearsize + crypto_box_ZEROBYTES, nonce, pub, secret);
pcp_pad_remove(cipher, pad_cipher, crypto_secretbox_BOXZEROBYTES, ciphersize);
free(pad_clear);
free(pad_cipher);
return ciphersize;
}
int pcp_sodium_verify_box(byte **cleartext, byte* message,
size_t messagesize, byte *nonce,
byte *secret, byte *pub) {
/* verify/decrypt the box */
byte *pad_cipher;
byte *pad_clear;
int success = -1;
pcp_pad_prepend(&pad_cipher, message, crypto_box_BOXZEROBYTES, messagesize);
pad_clear = (byte *)ucmalloc((crypto_box_ZEROBYTES+ messagesize));
/* crypto_box_open(m,c,clen,n,pk,sk); */
if (crypto_box_open(pad_clear, pad_cipher,
messagesize + crypto_box_BOXZEROBYTES,
nonce, pub, secret) == 0) {
success = 0;
}
pcp_pad_remove(cleartext, pad_clear, crypto_box_ZEROBYTES, messagesize);
free(pad_clear);
free(pad_cipher);
return success;
}
/* asym encr */
byte *pcp_box_encrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub, byte *pcp_box_encrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub,
byte *message, size_t messagesize, byte *message, size_t messagesize,
size_t *csize) { size_t *csize) {
byte *nonce = pcp_gennonce(); byte *nonce = pcp_gennonce();
byte *cipher; size_t es = messagesize + crypto_box_MACBYTES;
byte *cipher = ucmalloc(es);
size_t es = pcp_sodium_box(&cipher, message, messagesize, nonce, if(crypto_box_easy(cipher, message, messagesize, nonce, pub->pub, secret->secret) != 0)
secret->secret, pub->pub); es = 0; /* signal sodium error */
if(es <= messagesize) { if(es <= messagesize) {
fatal(ptx, "failed to encrypt message!\n"); fatal(ptx, "failed to encrypt message!\n");
goto errbec; goto errbec;
} }
/* scip */
/* fprintf(stderr, "public: "); pcpprint_bin(stderr, pub->pub, 32); fprintf(stderr, "\n"); */
/* fprintf(stderr, "secret: "); pcpprint_bin(stderr, secret->secret, 32); fprintf(stderr, "\n"); */
/* fprintf(stderr, "cipher: "); pcpprint_bin(stderr, cipher, es); fprintf(stderr, "\n"); */
/* fprintf(stderr, " nonce: "); pcpprint_bin(stderr, nonce, crypto_secretbox_NONCEBYTES); fprintf(stderr, "\n"); */
/* put nonce and cipher together */ /* put nonce and cipher together */
byte *combined = ucmalloc(es + crypto_secretbox_NONCEBYTES); byte *combined = ucmalloc(es + crypto_secretbox_NONCEBYTES);
memcpy(combined, nonce, crypto_secretbox_NONCEBYTES); memcpy(combined, nonce, crypto_secretbox_NONCEBYTES);
@@ -124,6 +64,7 @@ byte *pcp_box_encrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub,
} }
/* asym decr */
byte *pcp_box_decrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub, byte *pcp_box_decrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub,
byte *cipher, size_t ciphersize, byte *cipher, size_t ciphersize,
size_t *dsize) { size_t *dsize) {
@@ -137,9 +78,9 @@ byte *pcp_box_decrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub,
memcpy(cipheronly, &cipher[crypto_secretbox_NONCEBYTES], memcpy(cipheronly, &cipher[crypto_secretbox_NONCEBYTES],
ciphersize - crypto_secretbox_NONCEBYTES); ciphersize - crypto_secretbox_NONCEBYTES);
if(pcp_sodium_verify_box(&message, cipheronly, message = ucmalloc(ciphersize - crypto_secretbox_NONCEBYTES - crypto_box_MACBYTES);
ciphersize - crypto_secretbox_NONCEBYTES, if(crypto_box_open_easy(message, cipheronly, ciphersize - crypto_secretbox_NONCEBYTES,
nonce, secret->secret, pub->pub) != 0){ nonce, pub->pub, secret->secret) != 0) {
fatal(ptx, "failed to decrypt message!\n"); fatal(ptx, "failed to decrypt message!\n");
goto errbed; goto errbed;
} }
@@ -161,6 +102,29 @@ byte *pcp_box_decrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub,
return NULL; return NULL;
} }
/* sym encr */
size_t pcp_sodium_mac(byte **cipher,
byte *cleartext,
size_t clearsize,
byte *nonce,
byte *key) {
*cipher = ucmalloc(clearsize + crypto_secretbox_MACBYTES);
crypto_secretbox_easy(*cipher, cleartext, clearsize, nonce, key);
return clearsize + crypto_secretbox_MACBYTES;
}
/* sym decr */
int pcp_sodium_verify_mac(byte **cleartext, byte* message,
size_t messagesize, byte *nonce,
byte *key) {
*cleartext = ucmalloc(messagesize - crypto_secretbox_MACBYTES);
return crypto_secretbox_open_easy(*cleartext, message, messagesize, nonce, key);
}
size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t *s, byte *symkey, int verify, int anon) { size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t *s, byte *symkey, int verify, int anon) {
pcp_pubkey_t *cur = NULL; pcp_pubkey_t *cur = NULL;
byte *reccipher = NULL; byte *reccipher = NULL;
@@ -255,7 +219,7 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t
if(recipient != NULL && rec_size == crypto_secretbox_KEYBYTES) { if(recipient != NULL && rec_size == crypto_secretbox_KEYBYTES) {
/* found a match */ /* found a match */
recmatch = 1; recmatch = 1;
symkey = ucmalloc(crypto_secretbox_KEYBYTES); symkey = smalloc(crypto_secretbox_KEYBYTES);
memcpy(symkey, recipient, crypto_secretbox_KEYBYTES); memcpy(symkey, recipient, crypto_secretbox_KEYBYTES);
free(recipient); free(recipient);
ucfree(senderpub, sizeof(pcp_pubkey_t)); ucfree(senderpub, sizeof(pcp_pubkey_t));
@@ -271,7 +235,7 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t
if(recipient != NULL && rec_size == crypto_secretbox_KEYBYTES) { if(recipient != NULL && rec_size == crypto_secretbox_KEYBYTES) {
/* found a match */ /* found a match */
recmatch = 1; recmatch = 1;
symkey = ucmalloc(crypto_secretbox_KEYBYTES); symkey = smalloc(crypto_secretbox_KEYBYTES);
memcpy(symkey, recipient, crypto_secretbox_KEYBYTES); memcpy(symkey, recipient, crypto_secretbox_KEYBYTES);
free(recipient); free(recipient);
break; break;
@@ -296,17 +260,17 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t
pcp_rec_t *rec = pcp_rec_new(reccipher, nrec * PCP_ASYM_RECIPIENT_SIZE, NULL, cur); pcp_rec_t *rec = pcp_rec_new(reccipher, nrec * PCP_ASYM_RECIPIENT_SIZE, NULL, cur);
size_t s = pcp_decrypt_stream_sym(ptx, in, out, symkey, rec); size_t s = pcp_decrypt_stream_sym(ptx, in, out, symkey, rec);
pcp_rec_free(rec); pcp_rec_free(rec);
ucfree(symkey, crypto_secretbox_KEYBYTES); sfree(symkey);
return s; return s;
} }
else { else {
size_t s = pcp_decrypt_stream_sym(ptx, in, out, symkey, NULL); size_t s = pcp_decrypt_stream_sym(ptx, in, out, symkey, NULL);
ucfree(symkey, crypto_secretbox_KEYBYTES); sfree(symkey);
return s; return s;
} }
errdef1: errdef1:
ucfree(symkey, crypto_secretbox_KEYBYTES); sfree(symkey);
return 0; return 0;
} }
@@ -329,7 +293,7 @@ size_t pcp_encrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t
/* preparation */ /* preparation */
/* A, generate sym key */ /* A, generate sym key */
symkey = urmalloc(crypto_secretbox_KEYBYTES); symkey = srmalloc(crypto_secretbox_KEYBYTES);
/* B, encrypt it asymetrically for each recipient */ /* B, encrypt it asymetrically for each recipient */
recipient_count = HASH_COUNT(p); recipient_count = HASH_COUNT(p);
@@ -408,8 +372,7 @@ size_t pcp_encrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t
goto errec1; goto errec1;
memset(symkey, 0, crypto_secretbox_KEYBYTES); sfree(symkey);
free(symkey);
free(recipients_cipher); free(recipients_cipher);
return out_size + sym_size; return out_size + sym_size;
@@ -709,12 +672,12 @@ void pcp_rec_free(pcp_rec_t *r) {
free(r->cipher); free(r->cipher);
if(r->secret != NULL) { if(r->secret != NULL) {
memset(r->secret, 0, sizeof(pcp_key_t)); sodium_memzero(r->secret, sizeof(pcp_key_t));
free(r->secret); free(r->secret);
} }
if(r->pub != NULL) { if(r->pub != NULL) {
memset(r->pub, 0, sizeof(pcp_pubkey_t)); sodium_memzero(r->pub, sizeof(pcp_pubkey_t));
free(r->pub); free(r->pub);
} }

76
libpcp/mac.c
View File

@@ -1,76 +0,0 @@
/*
This file is part of Pretty Curved Privacy (pcp1).
Copyright (C) 2013 T.Linden.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You can contact me by mail: <tlinden AT cpan DOT org>.
*/
#include "mac.h"
size_t pcp_sodium_mac(byte **cipher,
byte *cleartext,
size_t clearsize,
byte *nonce,
byte *key) {
byte *pad_clear;
byte *pad_cipher;
pad_cipher = ucmalloc(crypto_secretbox_ZEROBYTES + clearsize);
pcp_pad_prepend(&pad_clear, cleartext, crypto_secretbox_ZEROBYTES, clearsize);
crypto_secretbox(pad_cipher, pad_clear,
clearsize + crypto_secretbox_ZEROBYTES, nonce, key);
pcp_pad_remove(cipher, pad_cipher, crypto_secretbox_BOXZEROBYTES,
(clearsize + crypto_secretbox_ZEROBYTES) - crypto_secretbox_BOXZEROBYTES);
free(pad_clear);
free(pad_cipher);
return (clearsize + crypto_secretbox_ZEROBYTES) - crypto_secretbox_BOXZEROBYTES;
}
int pcp_sodium_verify_mac(byte **cleartext, byte* message,
size_t messagesize, byte *nonce,
byte *key) {
/* verify the mac */
byte *pad_cipher;
byte *pad_clear;
int success = -1;
pcp_pad_prepend(&pad_cipher, message, crypto_secretbox_BOXZEROBYTES, messagesize);
pad_clear = (byte *)ucmalloc((crypto_secretbox_ZEROBYTES + messagesize));
if (crypto_secretbox_open(pad_clear,
pad_cipher,
messagesize + crypto_secretbox_BOXZEROBYTES,
nonce, key) == 0) {
success = 0;
}
pcp_pad_remove(cleartext, pad_clear, crypto_secretbox_ZEROBYTES, messagesize);
free(pad_clear);
free(pad_cipher);
return success;
}

75
libpcp/pad.c
View File

@@ -1,75 +0,0 @@
/*
This file is part of Pretty Curved Privacy (pcp1).
Copyright (C) 2013 T.Linden.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You can contact me by mail: <tlinden AT cpan DOT org>.
*/
#include "pad.h"
void pcp_pad_prepend(byte **padded, byte *unpadded,
size_t padlen, size_t unpadlen) {
*padded = ucmalloc(unpadlen + padlen);
byte *tmp = ucmalloc(unpadlen + padlen);
/* pcp_append orig */
size_t i;
for(i=0; i<unpadlen; ++i) {
tmp[i + padlen] = unpadded[i];
}
memcpy(*padded, tmp, unpadlen + padlen);
free(tmp);
}
void pcp_pad_remove(byte **unpadded, byte *padded,
size_t padlen, size_t unpadlen) {
*unpadded = ucmalloc(unpadlen * sizeof(byte));
byte *tmp = ucmalloc(unpadlen);
size_t i;
for(i=0; i<unpadlen; ++i) {
tmp[i] = padded[padlen + i];
}
memcpy(*unpadded, tmp, unpadlen);
free(tmp);
}
#ifdef _MK_ZPAD_MAIN
int main(int argc, char **argv) {
if(argc >= 2) {
size_t unpadlen;
int padlen = strtol(argv[2], NULL, 0);
unpadlen = strlen(argv[1]);
byte *dst;
pcp_pad_prepend(&dst, argv[1], padlen, unpadlen);
/* printf(" prev: %s\n after: %s\n", argv[1], dst); */
byte *reverse;
pcp_pad_remove(&reverse, dst, padlen, unpadlen);
/* printf("reverse: %s\n", reverse); */
return 0;
}
/* fprintf(stderr, "Usage: pad <string> <padlen>\n"); */
return -1;
}
#endif