changed public key export format to (slightly modified) RFC4880 style (openpgp format).

Current state is totally unstable, it's not yet ready.

include/pcp.h

@@ -8,6 +8,7 @@ extern "C" {
 #include "pcp/config.h"
 #include "pcp/base85.h"
 #include "pcp/buffer.h"
+#include "pcp/config.h"
 #include "pcp/crypto.h"
 #include "pcp/defines.h"
 #include "pcp/digital_crc32.h"

include/pcp/buffer.h

@@ -54,6 +54,9 @@ typedef struct _pcp_buffer Buffer;
 /* create a new buffer, initially alloc'd to blocksize and zero-filled */
 Buffer *buffer_new(size_t blocksize, char *name);
 
+/* initialize buffer vars */
+void buffer_init(Buffer *b, size_t blocksize, char *name);
+
 /* zero the buffer and free it, if allocated */
 void buffer_free(Buffer *b);
 
@@ -72,9 +75,10 @@ void buffer_add_buf(Buffer *dst, Buffer *src);
 /* resize the buffer if necessary */
 void buffer_resize(Buffer *b, size_t len);
 
-/* get some chunk of data from the buffer, starting from offset til len,
-   it doesn't allocate the returned data (void *buf, the 2nd argument).
-*/
+/* return true if there are no more bytes to read */
+int buffer_done(Buffer *b);
+
+/* get some chunk of data from the buffer, starting from offset til len */
 size_t buffer_get_chunk(Buffer *b, void *buf, size_t len);
 
 /* return the whole buffer contents */
@@ -97,6 +101,20 @@ void buffer_info(const Buffer *b);
 /* tell how much data there is in the buffer */
 size_t buffer_size(const Buffer *b);
 
+/* tell how much data is left to read */
+size_t buffer_left(const Buffer *b);
+
+/* same as get_chunk, but return numbers directly */
+uint8_t buffer_get8(Buffer *b);
+uint16_t buffer_get16(Buffer *b);
+uint32_t buffer_get32(Buffer *b);
+uint64_t buffer_get64(Buffer *b);
+
+/* same, but convert to native endian before return */
+uint16_t buffer_get16na(Buffer *b);
+uint32_t buffer_get32na(Buffer *b);
+uint64_t buffer_get64na(Buffer *b);
+
 /* access the last byte(s) as numbers directly, save typing,
    in contrast to buffer_get() it doesn't increment offset */
 uint8_t  buffer_last8(Buffer *b);

include/pcp/defines.h

@@ -55,6 +55,8 @@ typedef unsigned int    qbyte;          /*   Quad byte = 32 bits */
 #define PCP_KEY_TYPE_MAINSECRET 1
 #define PCP_KEY_TYPE_SECRET     2
 #define PCP_KEY_TYPE_PUBLIC     3
+#define PCP_KEYSIG_NATIVE       4
+#define PCP_KEYSIG_PBP          5
 
 /*  save typing, dammit */
 #define PCP_ENCRYPT_MAC crypto_secretbox_ZEROBYTES + crypto_secretbox_NONCEBYTES

include/pcp/ed.h

@@ -49,7 +49,10 @@ unsigned char *pcp_ed_sign_key(unsigned char *message, size_t messagesize, pcp_k
 /* verify a signature of siglen size using p->edpub, if the signature verifies
    return the raw message with the signature removed (size: siglen - crypto_sign_BYTES),
    returns NULL otherwise */
-unsigned char * pcp_ed_verify(unsigned char *signature, size_t siglen, pcp_pubkey_t *p);
+unsigned char *pcp_ed_verify(unsigned char *signature, size_t siglen, pcp_pubkey_t *p);
+
+/* the same, but use the mastersecret instead, usually for keysigning */
+unsigned char *pcp_ed_verify_key(unsigned char *signature, size_t siglen, pcp_pubkey_t *p);
 
 /* same as pcp_ed_sign() but work on i/o directly, we're making a hash
    of the input 32k-wise, copy in=>out, sign the hash and append the

include/pcp/key.h

@@ -94,6 +94,7 @@ struct _pcp_key_t {
 };
 
 struct _pcp_pubkey_t {
+  byte masterpub[32];
   byte sigpub[32];
   byte pub[32];
   byte edpub[32];
@@ -141,7 +142,19 @@ typedef struct _pcp_rec_t pcp_rec_t;
 
 #define PCP_RAW_KEYSIZE    sizeof(pcp_key_t)    - sizeof(UT_hash_handle)
 #define PCP_RAW_PUBKEYSIZE sizeof(pcp_pubkey_t) - sizeof(UT_hash_handle)
+#define PCP_RAW_KEYSIGSIZE sizeof(pcp_keysig_t) - sizeof(UT_hash_handle)
 
+/* holds a public key signature */
+struct _pcp_keysig_t {
+  uint8_t type;
+  uint32_t size;
+  char belongs[17];
+  byte checksum[32];
+  byte *blob;
+  UT_hash_handle hh;
+};
+
+typedef struct _pcp_keysig_t pcp_keysig_t;
 
 
 
@@ -173,6 +186,10 @@ pcp_key_t *key2native(pcp_key_t *k);
 pcp_pubkey_t * pubkey2be(pcp_pubkey_t *k);
 pcp_pubkey_t *pubkey2native(pcp_pubkey_t *k);
 
+pcp_keysig_t *keysig2be(pcp_keysig_t *s);
+pcp_keysig_t *keysig2native(pcp_keysig_t *s);
+
+
 unsigned char * pcp_gennonce();
 
 void pcpedit_key(char *keyid);
@@ -182,6 +199,7 @@ unsigned char *pcp_derivekey(char *passphrase, unsigned char *nonce);
 
 pcp_key_t *pcp_derive_pcpkey (pcp_key_t *ours, char *theirs);
 
+/* FIXME: abandon and use Buffer instead */
 void pcp_seckeyblob(void *blob, pcp_key_t *k);
 void pcp_pubkeyblob(void *blob, pcp_pubkey_t *k);
 void *pcp_keyblob(void *k, int type); /*  allocates blob */
@@ -189,6 +207,8 @@ void *pcp_keyblob(void *k, int type); /*  allocates blob */
 int pcp_sanitycheck_pub(pcp_pubkey_t *key);
 int pcp_sanitycheck_key(pcp_key_t *key);
 
+/* fetch a keysig from a buffer, usually loaded from vault */
+pcp_keysig_t *pcp_keysig_new(Buffer *blob);
 
 
 #endif /*  _HAVE_PCP_KEYPAIR_H */

include/pcp/keyhash.h

@@ -25,6 +25,7 @@
 #include "uthash.h"
 #include "key.h"
 
+/* storage of keys in a global hash */
 extern pcp_key_t *pcpkey_hash;
 extern pcp_pubkey_t *pcppubkey_hash;
 extern pcp_key_t *__k;
@@ -47,9 +48,18 @@ void pcphash_clean();
 pcp_key_t *pcphash_keyexists(char *id);
 pcp_pubkey_t *pcphash_pubkeyexists(char *id);
 
-
 void pcphash_add(void *key, int type);
 int pcphash_count();
 int pcphash_countpub();
 
+/* the same, for keysigs */
+extern pcp_keysig_t *pcpkeysig_hash;
+extern pcp_keysig_t *__s;
+
+#define pcphash_iteratekeysig(key) \
+  __s = NULL; \
+  HASH_ITER(hh, pcpkeysig_hash, key, __s)
+
+pcp_keysig_t *pcphash_keysigexists(char *id);
+
 #endif /*  _HAVE_KEYHASH_H */

include/pcp/mgmt.h

@@ -95,15 +95,16 @@ struct _pcp_rfc_pubkey_sigsub_0x21_t {
   uint8_t type;
 };
 
-struct _pcp_rfc_pubkey_sig_0x21_t {
-  byte signature[crypto_generichash_BYTES_MAX + crypto_sign_BYTES];
-};
-
 typedef struct _pcp_rfc_pubkey_header_t rfc_pub_h;
 typedef struct _pcp_rfc_pubkey_0x21_t  rfc_pub_k;
 typedef struct _pcp_rfc_pubkey_sigheader_0x21_t rfc_pub_sig_h;
 typedef struct _pcp_rfc_pubkey_sigsub_0x21_t rfc_pub_sig_s;
-typedef struct _pcp_rfc_pubkey_sig_0x21_t rfc_pub_sig;
+
+struct _pcp_ks_bundle_t {
+  pcp_pubkey_t *p;
+  pcp_keysig_t *s;
+};
+typedef struct _pcp_ks_bundle_t pcp_ks_bundle_t;
 
 #define EXP_PK_CIPHER        0x21
 #define EXP_PK_CIPHER_NAME  "CURVE25519-ED25519-POLY1305-SALSA20"
@@ -140,4 +141,10 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk);
 /* export public key in pbp format */
 Buffer *pcp_export_pbp_pub(pcp_key_t *sk);
 
+/* import public keys */
+pcp_ks_bundle_t *pcp_import_pub(unsigned char *raw, size_t rawsize);
+pcp_ks_bundle_t *pcp_import_pub_rfc(Buffer *blob);
+pcp_ks_bundle_t *pcp_import_pub_pbp(Buffer *blob);
+
+
 #endif // _HAVE_PCP_MGMT_H

include/pcp/vault.h

@@ -34,7 +34,7 @@
 #include "mem.h"
 #include "key.h"
 #include "uthash.h"
-
+#include "buffer.h"
 
 struct _vault_t {
   char *filename;