scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 12:00:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

changed public key export format to (slightly modified) RFC4880 style (openpgp format).

Browse Source 
Current state is totally unstable, it's not yet ready.
This commit is contained in:
TLINDEN
2014-02-12 00:37:41 +01:00
parent c9e236db20
commit 6d738ccbf8
22 changed files with 5864 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
libpcp/base85.c
View File

@@ -36,7 +36,6 @@ static void prep_base85(void)
int decode_85(char *dst, const char *buffer, int len)
{
prep_base85();
int pos = 0;
say1("len: %d\n", len);
say2("decode 85 <%.*s>\n", len / 4 * 5, buffer);
while (len) {

88
libpcp/buffer.c
View File

@@ -88,24 +88,85 @@ unsigned char *buffer_get(Buffer *b) {
size_t buffer_get_chunk(Buffer *b, void *buf, size_t len) {
if(len > b->end - b->offset || len == 0) {
fatal("[buffer %s] attempt to read %ld data from buffer with size %ld %p at offset %ld",
len, b->size, b->offset);
fatal("[buffer %s] attempt to read %ld bytes data from buffer with %ld bytes left at offset %ld\n",
b->name, len, b->end - b->offset, b->offset);
return 0;
}
memcpy(buf, b->buf + b->offset, len);
b->offset += len;
return len;
}
uint8_t buffer_get8(Buffer *b) {
uint8_t i;
if(buffer_get_chunk(b, &i, 1) > 0) {
return i;
}
else
return 0;
}
uint16_t buffer_get16(Buffer *b) {
uint16_t i;
if(buffer_get_chunk(b, &i, 2) > 0) {
return i;
}
else
return 0;
}
uint32_t buffer_get32(Buffer *b) {
uint32_t i;
if(buffer_get_chunk(b, &i, 4) > 0) {
return i;
}
else
return 0;
}
uint64_t buffer_get64(Buffer *b) {
uint64_t i;
if(buffer_get_chunk(b, &i, 8) > 0) {
return i;
}
else
return 0;
}
uint16_t buffer_get16na(Buffer *b) {
uint16_t i;
if(buffer_get_chunk(b, &i, 2) > 0) {
i = be16toh(i);
return i;
}
else
return 0;
}
uint32_t buffer_get32na(Buffer *b) {
uint32_t i;
if(buffer_get_chunk(b, &i, 4) > 0) {
i = be32toh(i);
return i;
}
else
return 0;
}
uint64_t buffer_get64na(Buffer *b) {
uint64_t i;
if(buffer_get_chunk(b, &i, 8) > 0) {
i = be64toh(i);
return i;
}
else
return 0;
}
char *buffer_get_str(Buffer *b) {
buffer_resize(b, 1); /* make room for trailing zero */
return (char *)b->buf;
/*
char *out = ucmalloc(b->end+1);
memcpy(out, buffer_get(b), buffer_size(b));
out[buffer_size(b)] = '\0';
return out;
*/
}
size_t buffer_extract(Buffer *b, void *buf, size_t offset, size_t len) {
@@ -139,6 +200,17 @@ size_t buffer_size(const Buffer *b) {
return b->end;
}
size_t buffer_left(const Buffer *b) {
return b->end - b->offset;
}
int buffer_done(Buffer *b) {
if(b->offset == b->end)
return 1;
else
return 0;
}
uint8_t buffer_last8(Buffer *b) {
uint8_t i;
if(buffer_extract(b, &i, b->end - 1, 1) > 0)

16
libpcp/ed.c
View File

@@ -21,6 +21,22 @@
#include "ed.h"
unsigned char * pcp_ed_verify_key(unsigned char *signature, size_t siglen, pcp_pubkey_t *p) {
unsigned char *message = ucmalloc(siglen - crypto_sign_BYTES);
unsigned long long mlen;
if(crypto_sign_open(message, &mlen, signature, siglen, p->masterpub) != 0) {
fatal("Failed to open the signature using the public key 0x%s!\n", p->id);
goto errve1;
}
return message;
errve1:
free(message);
return NULL;
}
unsigned char * pcp_ed_verify(unsigned char *signature, size_t siglen, pcp_pubkey_t *p) {
unsigned char *message = ucmalloc(siglen - crypto_sign_BYTES);
unsigned long long mlen;

45
libpcp/key.c
View File

@@ -208,6 +208,7 @@ pcp_key_t *pcpkey_decrypt(pcp_key_t *key, char *passphrase) {
pcp_pubkey_t *pcpkey_pub_from_secret(pcp_key_t *key) {
/* pcp_dumpkey(key); */
pcp_pubkey_t *pub = urmalloc(sizeof (pcp_pubkey_t));
memcpy(pub->masterpub, key->masterpub, 32);
memcpy(pub->pub, key->pub, 32);
memcpy(pub->edpub, key->edpub, 32);
memcpy(pub->owner, key->owner, 255);
@@ -295,6 +296,27 @@ pcp_pubkey_t *pubkey2native(pcp_pubkey_t *k) {
#endif
}
pcp_keysig_t * keysig2be(pcp_keysig_t *s) {
#ifdef __CPU_IS_BIG_ENDIAN
return s;
#else
uint32_t size = s->size;
unsigned char* p = (unsigned char*)&size;
if(p[0] != 0) {
s->size = htobe32(s->size);
}
return s;
#endif
}
pcp_keysig_t *keysig2native(pcp_keysig_t *s) {
#ifdef __CPU_IS_BIG_ENDIAN
return s;
#else
s->size = be32toh(s->size);
return s;
#endif
}
void pcp_seckeyblob(void *blob, pcp_key_t *k) {
memcpy(blob, k, PCP_RAW_KEYSIZE);
@@ -418,3 +440,26 @@ int pcp_sanitycheck_key(pcp_key_t *key) {
return 0;
}
pcp_keysig_t *pcp_keysig_new(Buffer *blob) {
/* FIXME: sanity check before actually loading it */
pcp_keysig_t *sk = ucmalloc(sizeof(pcp_keysig_t));
uint8_t type = buffer_get8(blob);
uint32_t size = buffer_get32na(blob);
byte *checksum = ucmalloc(32);
buffer_get_chunk(blob, checksum, 32);
sk->blob = ucmalloc(size);
buffer_get_chunk(blob, sk->blob, size);
sk->size = size;
sk->type = type;
memcpy(sk->checksum, checksum, 32);
ucfree(checksum, 32);
return sk;
}

28
libpcp/keyhash.c
View File

@@ -24,12 +24,16 @@
pcp_key_t *pcpkey_hash;
pcp_pubkey_t *pcppubkey_hash;
pcp_keysig_t *pcpkeysig_hash;
pcp_key_t *__k;
pcp_pubkey_t *__p;
pcp_keysig_t *__s;
void pcphash_init() {
pcpkey_hash = NULL;
pcppubkey_hash = NULL;
pcpkeysig_hash = NULL;
}
void pcphash_del(void *key, int type) {
@@ -37,6 +41,12 @@ void pcphash_del(void *key, int type) {
HASH_DEL(pcpkey_hash, (pcp_key_t *)key);
memset(key, 0, sizeof(pcp_key_t));
}
else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_PBP) {
pcp_keysig_t *keysig = (pcp_keysig_t *)key;
HASH_DEL(pcpkeysig_hash, keysig);
memset(keysig->blob, 0, keysig->size);
free(keysig->blob);
}
else {
HASH_DEL(pcppubkey_hash, (pcp_pubkey_t *)key);
memset(key, 0, sizeof(pcp_pubkey_t));
@@ -58,10 +68,24 @@ void pcphash_clean() {
pcphash_del(current_pub, PCP_KEY_TYPE_PUBLIC);
}
}
if(pcpkeysig_hash != NULL) {
pcp_keysig_t *current_keysig, *tmp;
HASH_ITER(hh, pcpkeysig_hash, current_keysig, tmp) {
pcphash_del(current_keysig, current_keysig->type);
}
}
pcphash_init();
}
pcp_keysig_t *pcphash_keysigexists(char *id) {
pcp_keysig_t *keysig = NULL;
HASH_FIND_STR(pcpkeysig_hash, id, keysig);
return keysig; /* maybe NULL! */
}
pcp_key_t *pcphash_keyexists(char *id) {
pcp_key_t *key = NULL;
HASH_FIND_STR(pcpkey_hash, id, key);
@@ -79,6 +103,10 @@ void pcphash_add(void *key, int type) {
pcp_pubkey_t *k = (pcp_pubkey_t *)key;
HASH_ADD_STR( pcppubkey_hash, id, k );
}
else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_PBP) {
pcp_keysig_t *keysig = (pcp_keysig_t *)key;
HASH_ADD_STR( pcpkeysig_hash, belongs, keysig);
}
else {
pcp_key_t *k = (pcp_key_t *)key;
HASH_ADD_STR( pcpkey_hash, id, k);

299
libpcp/mgmt.c
View File

@@ -22,6 +22,262 @@
#include "mgmt.h"
int _get_pk(Buffer *blob, pcp_pubkey_t *p) {
if(buffer_left(blob) >= 96) {
buffer_get_chunk(blob, p->masterpub, 32);
buffer_get_chunk(blob, p->edpub, 32);
buffer_get_chunk(blob, p->pub, 32);
return 0;
}
else
return 1;
}
int _check_keysig_h(Buffer *blob, rfc_pub_sig_h *h) {
if(buffer_left(blob) >= sizeof(rfc_pub_sig_h)) {
buffer_get_chunk(blob, h, sizeof(rfc_pub_sig_h));
h->numsubs = be16toh(h->numsubs);
if(h->version != EXP_SIG_VERSION) {
fatal("Unsupported pubkey signature version %d, expected %d", h->version, EXP_SIG_VERSION);
return 1;
}
if(h->type != EXP_SIG_TYPE) {
fatal("Unsupported pubkey signature type %d, expected %d", h->type, EXP_SIG_TYPE);
return 1;
}
if(h->pkcipher != EXP_SIG_CIPHER) {
fatal("Unsupported pubkey signature cipher %d, expected %d", h->pkcipher, EXP_SIG_CIPHER);
return 1;
}
if(h->hashcipher != EXP_HASH_CIPHER) {
fatal("Unsupported pubkey signature hash cipher %d, expected %d", h->hashcipher, EXP_HASH_CIPHER);
return 1;
}
if(h->numsubs > 0 && buffer_left(blob) < sizeof(rfc_pub_sig_s) * h->numsubs) {
fatal("Signature size specification invalid (sig: %ld, bytes left: %ld, numsubs: %ld",
sizeof(rfc_pub_sig_s) * h->numsubs, buffer_left(blob), h->numsubs);
return 1;
}
return 0;
}
else {
fatal("Error: input data too small, import failed");
return 1;
}
}
int _check_sigsubs(Buffer *blob, pcp_pubkey_t *p, rfc_pub_sig_s *subheader) {
byte *ignore = ucmalloc(32);
if(subheader->type == EXP_SIG_SUB_NOTATION) {
/* mail or owner */
uint16_t nsize = buffer_get16na(blob);
uint16_t vsize = buffer_get16na(blob);
char *notation = ucmalloc(nsize);
char *value = ucmalloc(vsize);
if(buffer_get_chunk(blob, notation, nsize) == 0)
return 1;
if(buffer_get_chunk(blob, value, nsize) == 0)
return 1;
notation[nsize] = '\0';
value[nsize] = '\0';
if(strncmp(notation, "owner", 5) == 0) {
memcpy(p->owner, value, vsize);
}
else if(strncmp(notation, "mail", 4) == 0) {
memcpy(p->mail, value, vsize);
}
ucfree(notation, nsize);
ucfree(value, vsize);
}
else {
/* unsupported or ignored sig sub */
if(buffer_get_chunk(blob, ignore, subheader->size) == 0)
return 1;
}
return 0;
}
int _check_hash_keysig(Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t *sk) {
// read hash + sig
size_t blobstop = blob->offset;
size_t sigsize = crypto_sign_BYTES + crypto_generichash_BYTES_MAX;
unsigned char *signature = ucmalloc(sigsize);
if(buffer_get_chunk(blob, signature, sigsize) == 0)
goto chker1;
/* fill the keysig */
sk->type = PCP_KEYSIG_NATIVE;
/* everything minus version, ctime and cipher, 1st 3 fields */
sk->size = blobstop - 6;
memcpy(sk->belongs, p->id, 17);
/* put the whole signature blob into our keysig */
blob->offset = 6; /* woah, hack :) */
sk->blob = ucmalloc(sk->size);
buffer_get_chunk(blob, sk->blob, sk->size);
/* verify the signature */
unsigned char *verifyhash = pcp_ed_verify_key(signature, sigsize, p);
if(verifyhash == NULL)
goto chker1;
/* re-calculate the hash */
crypto_generichash_state *st = ucmalloc(sizeof(crypto_generichash_state));
unsigned char *hash = ucmalloc(crypto_generichash_BYTES_MAX);
crypto_generichash_init(st, NULL, 0, 0);
crypto_generichash_update(st, sk->blob, sk->size);
crypto_generichash_final(st, hash, crypto_generichash_BYTES_MAX);
/* compare them */
if(memcmp(hash, verifyhash, crypto_generichash_BYTES_MAX) != 0) {
fatal("Signature verifies but signed hash doesn't match signature contents\n");
goto chker2;
}
/* calculate the checksum */
crypto_hash_sha256(sk->checksum, sk->blob, sk->size);
/* we got here, so everything is good */
p->valid = 1;
ucfree(verifyhash, crypto_generichash_BYTES_MAX);
ucfree(hash, crypto_generichash_BYTES_MAX);
free(st);
ucfree(signature, sigsize);
return 0;
chker2:
ucfree(verifyhash, crypto_generichash_BYTES_MAX);
ucfree(hash, crypto_generichash_BYTES_MAX);
free(st);
chker1:
ucfree(signature, sigsize);
return 1;
}
pcp_ks_bundle_t *pcp_import_pub(unsigned char *raw, size_t rawsize) {
size_t clen;
unsigned char *bin = NULL;
Buffer *blob = buffer_new(512, "importblob");
/* first, try to decode the input */
bin = pcp_z85_decode((char *)raw, &clen);
if(bin == NULL) {
/* treat as binary blob */
fatals_reset();
buffer_add(blob, raw, rawsize);
}
else {
/* use decoded */
buffer_add(blob, bin, rawsize);
ucfree(bin, clen);
}
/* now, try to disassemble, if it fails, assume pbp format */
uint8_t version = buffer_get8(blob);
if(version == PCP_KEY_VERSION) {
/* ah, homerun */
pcp_ks_bundle_t *b = pcp_import_pub_rfc(blob);
pcp_keysig_t *sk = b->s;
return b;
}
else {
/* nope, it's probably pbp */
return pcp_import_pub_pbp(blob);
}
}
pcp_ks_bundle_t *pcp_import_pub_rfc(Buffer *blob) {
pcp_pubkey_t *p = ucmalloc(sizeof(pcp_pubkey_t));
pcp_keysig_t *sk = ucmalloc(sizeof(pcp_keysig_t));
rfc_pub_sig_h *sigheader = ucmalloc(sizeof(rfc_pub_sig_h));
rfc_pub_sig_s *subheader = ucmalloc(sizeof(rfc_pub_sig_s));
if(buffer_done(blob)) goto be;
p->ctime = buffer_get32na(blob);
uint8_t pkcipher = buffer_get8(blob);
if(buffer_done(blob)) goto be;
if(pkcipher != EXP_PK_CIPHER) {
fatal("Unsupported pk cipher %d, expected %d", pkcipher, EXP_PK_CIPHER);
goto bef;
}
/* fetch pk material */
if(_get_pk(blob, p) != 0)
goto be;
/* check sig header.
currently not stored anywhere, but we could sometimes */
if(_check_keysig_h(blob, sigheader) != 0)
goto bef;
/* iterate over subs, if any */
int i;
for (i=0; i<sigheader->numsubs; i++) {
subheader->size = buffer_get32na(blob);
subheader->type = buffer_get8(blob);
_check_sigsubs(blob, p, subheader);
}
/* calc id */
char *id = pcp_getpubkeyid(p);
memcpy(p->id, id, 17);
free(id);
/* fill */
p->type = PCP_KEY_TYPE_PUBLIC;
p->version = PCP_KEY_VERSION;
p->serial = arc4random(); /* FIXME: maybe add this as a sig sub? */
pcp_ks_bundle_t *b = ucmalloc(sizeof(pcp_ks_bundle_t));
/* retrieve signature, store and verify it */
if(_check_hash_keysig(blob, p, sk) != 0) {
b->p = p;
b->s = NULL;
}
else {
b->p = p;
b->s = sk;
}
return b;
be:
fatal("Error: input data too small, import failed");
bef:
buffer_free(blob);
ucfree(sigheader, sizeof(rfc_pub_sig_h));
ucfree(subheader, sizeof(rfc_pub_sig_s));
ucfree(p, sizeof(pcp_pubkey_t));
return NULL;
}
pcp_ks_bundle_t *pcp_import_pub_pbp(Buffer *blob) {
return NULL;
}
Buffer *pcp_export_pbp_pub(pcp_key_t *sk) {
struct tm *v, *c;
unsigned char *signature = NULL;
@@ -81,7 +337,7 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk) {
/* add the header */
buffer_add8(out, PCP_KEY_VERSION);
buffer_add32(out, sk->ctime);
buffer_add32be(out, sk->ctime);
buffer_add8(out, EXP_PK_CIPHER);
/* add the keys */
@@ -94,7 +350,7 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk) {
buffer_add8(raw, EXP_SIG_TYPE);
buffer_add8(raw, EXP_SIG_CIPHER);
buffer_add8(raw, EXP_HASH_CIPHER);
buffer_add16(raw, 5); /* we add 5 sub sigs always */
buffer_add16be(raw, 5); /* we add 5 sub sigs always */
/* add sig ctime */
buffer_add32be(raw, 4);
@@ -111,23 +367,28 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk) {
buffer_add8(raw, EXP_SIG_SUB_KEYEXPIRE);
buffer_add32be(raw, sk->ctime + 31536000);
size_t notation_size = 0;
/* add name notation sub*/
size_t notation_size = strlen(sk->owner) + 4 + 5;
buffer_add32be(raw, notation_size);
buffer_add8(raw, EXP_SIG_SUB_NOTATION);
buffer_add16be(raw, 5);
buffer_add16be(raw, strlen(sk->owner));
buffer_add(raw, "owner", 5);
buffer_add(raw, sk->owner, strlen(sk->owner));
if(strlen(sk->owner) > 0) {
size_t notation_size = strlen(sk->owner) + 4 + 5;
buffer_add32be(raw, notation_size);
buffer_add8(raw, EXP_SIG_SUB_NOTATION);
buffer_add16be(raw, 5);
buffer_add16be(raw, strlen(sk->owner));
buffer_add(raw, "owner", 5);
buffer_add(raw, sk->owner, strlen(sk->owner));
}
/* add mail notation sub */
notation_size = strlen(sk->mail) + 4 + 4;
buffer_add32be(raw, notation_size);
buffer_add8(raw, EXP_SIG_SUB_NOTATION);
buffer_add16be(raw, 4);
buffer_add16be(raw, strlen(sk->mail));
buffer_add(raw, "mail", 4);
buffer_add(raw, sk->mail, strlen(sk->mail));
if(strlen(sk->mail) > 0) {
notation_size = strlen(sk->mail) + 4 + 4;
buffer_add32be(raw, notation_size);
buffer_add8(raw, EXP_SIG_SUB_NOTATION);
buffer_add16be(raw, 4);
buffer_add16be(raw, strlen(sk->mail));
buffer_add(raw, "mail", 4);
buffer_add(raw, sk->mail, strlen(sk->mail));
}
/* add key flags */
buffer_add32be(raw, 1);
@@ -149,13 +410,15 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk) {
buffer_add(out, buffer_get(raw), buffer_size(raw));
/* append the signed hash */
buffer_add(out, sig, crypto_generichash_BYTES_MAX + crypto_generichash_BYTES_MAX);
buffer_add(out, sig, crypto_sign_BYTES + crypto_generichash_BYTES_MAX);
_dump("raw", buffer_get(raw), buffer_size(raw));
/* and that's it. wasn't that easy? :) */
buffer_free(raw);
memset(hash, 0, crypto_generichash_BYTES_MAX);
free(hash);
memset(sig, 0, crypto_generichash_BYTES_MAX + crypto_generichash_BYTES_MAX);
memset(sig, 0, crypto_sign_BYTES + crypto_generichash_BYTES_MAX);
free(sig);
return out;

62
libpcp/vault.c
View File

@@ -22,6 +22,7 @@
#include "vault.h"
#include "keyhash.h"
#include "defines.h"
vault_t *pcpvault_init(char *filename) {
vault_t *vault = pcpvault_new(filename, 0);
@@ -154,27 +155,45 @@ int pcpvault_addkey(vault_t *vault, void *item, uint8_t type) {
vault_t *tmp = pcpvault_new(vault->filename, 1);
size_t itemsize;
void *saveitem;
void *saveitem = NULL;
void *blob = NULL;
if(type == PCP_KEY_TYPE_PUBLIC) {
itemsize = PCP_RAW_PUBKEYSIZE;
saveitem = ucmalloc(sizeof(pcp_pubkey_t));
memcpy(saveitem, item, sizeof(pcp_pubkey_t));
pubkey2be((pcp_pubkey_t *)item);
/* pcp_dumppubkey((pcp_pubkey_t *)saveitem); */
blob = pcp_keyblob(item, type);
}
else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_NATIVE) {
pcp_keysig_t *sk = (pcp_keysig_t *)item;
itemsize = PCP_RAW_KEYSIGSIZE + sk->size;
size_t blobsize = sk->size;
blob = ucmalloc(itemsize);
sk = keysig2be(sk);
/* FIXME: use Buffer or function */
uint8_t t = sk->type;
uint32_t s = sk->size;
memcpy(blob, &t, 1);
memcpy(blob+1, &s, 4);
memcpy(blob+5, sk->belongs, 17);
memcpy(blob+5+17, sk->checksum, 32);
memcpy(blob+5+17+32, sk->blob, blobsize);
sk = keysig2native(sk);
saveitem = (void *)sk;
}
else {
itemsize = PCP_RAW_KEYSIZE;
saveitem = ucmalloc(sizeof(pcp_key_t));
memcpy(saveitem, item, sizeof(pcp_key_t));
key2be((pcp_key_t *)item);
blob = pcp_keyblob(item, type);
}
void *blob = pcp_keyblob(item, type);
/* scip */
/* printf("BLOB (%d):\n", (int)itemsize); */
/* pcpprint_bin(stdout, saveitem, itemsize); printf("\n"); */
if(tmp != NULL) {
if(pcpvault_copy(vault, tmp) != 0)
@@ -253,8 +272,6 @@ void pcpvault_update_checksum(vault_t *vault) {
memcpy(header->checksum, checksum, 32);
memcpy(vault->checksum, checksum, 32);
/* printf("write checksum: "); pcpprint_bin(stdout, checksum, 32); printf("\n"); */
vh2be(header);
fseek(vault->fd, 0, SEEK_SET);
@@ -289,9 +306,11 @@ unsigned char *pcpvault_create_checksum(vault_t *vault) {
datapos += PCP_RAW_PUBKEYSIZE;
}
/* scip */
/* printf("DATA (%d) (s: %d, p: %d):\n", (int)datasize, numskeys, numpkeys); */
/* pcpprint_bin(stdout, data, datasize); printf("\n"); */
/* scip
printf("PUB: %d, SEC: %d\n", PCP_RAW_PUBKEYSIZE, PCP_RAW_KEYSIZE);
printf("DATA (%d) (s: %d, p: %d):\n", (int)datasize, numskeys, numpkeys);
pcpprint_bin(stdout, data, datasize); printf("\n");
*/
crypto_hash_sha256(checksum, data, datasize);
@@ -410,7 +429,7 @@ int pcpvault_fetchall(vault_t *vault) {
pcp_key_t *key;
pcp_pubkey_t *pubkey;
int bytesleft = 0;
int ksize = PCP_RAW_PUBKEYSIZE; /* smallest possbile item */
int ksize = PCP_RAW_KEYSIGSIZE; /* smallest possbile item */
pcphash_init();
@@ -436,8 +455,6 @@ int pcpvault_fetchall(vault_t *vault) {
key = ucmalloc(sizeof(pcp_key_t));
fread(key, PCP_RAW_KEYSIZE, 1, vault->fd);
key2native(key);
/* pcp_dumpkey(key); */
/* pcpprint_bin(stdout, key, sizeof(pcp_key_t));printf("\n"); */
pcphash_add((void *)key, item->type);
}
else if(item->type == PCP_KEY_TYPE_PUBLIC) {
@@ -447,13 +464,20 @@ int pcpvault_fetchall(vault_t *vault) {
pubkey2native(pubkey);
pcphash_add((void *)pubkey, item->type);
}
else if(item->type == PCP_KEYSIG_NATIVE || item->type == PCP_KEYSIG_PBP) {
Buffer *rawks = buffer_new(256, "keysig");
buffer_fd_read(rawks, vault->fd, item->size);
pcp_keysig_t *s = pcp_keysig_new(rawks);
pcphash_add((void *)s, item->type);
buffer_free(rawks);
}
else {
fatal("Failed to read vault - invalid key type: %02X! at %d\n", item->type, readpos);
goto err;
}
}
else {
fatal("Failed to read vault - that's no pcp key at %d!\n", readpos);
fatal("Failed to read vault - that's no pcp key at %d (size %ld)!\n", readpos, bytesleft);
goto err;
}
}
@@ -476,7 +500,11 @@ int pcpvault_fetchall(vault_t *vault) {
unsigned char *checksum = NULL;
checksum = pcpvault_create_checksum(vault);
/* printf(" calc checksum: "); pcpprint_bin(stdout, checksum, 32); printf("\n"); */
/*
printf(" calc checksum: "); pcpprint_bin(stdout, checksum, 32); printf("\n");
printf("vault checksum: "); pcpprint_bin(stdout, vault->checksum, 32); printf("\n");
*/
if(pcphash_count() + pcphash_countpub() > 0) {
/* only validate the checksum if there are keys */
if(memcmp(checksum, vault->checksum, 32) != 0) {