scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 03:50:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

continue to implement 4880 exports and stuff...

Browse Source
This commit is contained in:
TLINDEN
2014-02-13 00:06:55 +01:00
parent bf2500b335
commit 75cdbbe835
9 changed files with 328 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
TODO
View File

@@ -20,10 +20,44 @@ Update pod key format spec.
vault checksum: add keysigs as well vault checksum: add keysigs as well
keysig: fix struct to be even (i.e. type => uint16_t or something) OR add a keysig2blob function
Secretkey import: fill in calculated fields (keyid etc), add pcp_importsecret() wrapper to keymgmt.c Secretkey import: fill in calculated fields (keyid etc), add pcp_importsecret() wrapper to keymgmt.c
**** PUBKEY SIGSUB Put Serial as string ****
when fatals_ifany() is called multiple times:
==44663== Invalid read of size 8
==44663== at 0x102AEE1: memcpy (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==44663== by 0x17A6EB0: ??? (in /lib/libc.so.7)
==44663== by 0x1799EFA: ??? (in /lib/libc.so.7)
==44663== by 0x179B4A8: ??? (in /lib/libc.so.7)
==44663== by 0x179D7A8: ??? (in /lib/libc.so.7)
==44663== by 0x179D8DB: vfprintf (in /lib/libc.so.7)
==44663== by 0x178F3D7: fprintf (in /lib/libc.so.7)
==44663== by 0x410416: fatals_ifany (fatal.c:53)
==44663== by 0x402F37: main (pcp.c:577)
==44663== Address 0x1a11718 is 24 bytes inside a block of size 128 free'd
==44663== at 0x1028EDE: free (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==44663== by 0x410452: fatals_ifany (fatal.c:57)
==44663== by 0x41AAAD: pcp_import_secret_native (mgmt.c:585)
==44663== by 0x41A7BE: pcp_import_secret (mgmt.c:511)
==44663== by 0x404D74: pcp_importsecret (keymgmt.c:410)
==44663== by 0x402B28: main (pcp.c:427)
and
==44663== Invalid free() / delete / delete[] / realloc()
==44663== at 0x1028EDE: free (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==44663== by 0x410452: fatals_ifany (fatal.c:57)
==44663== by 0x402F37: main (pcp.c:577)
==44663== Address 0x1a11700 is 0 bytes inside a block of size 128 free'd
==44663== at 0x1028EDE: free (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==44663== by 0x410452: fatals_ifany (fatal.c:57)
==44663== by 0x41AAAD: pcp_import_secret_native (mgmt.c:585)
==44663== by 0x41A7BE: pcp_import_secret (mgmt.c:511)
==44663== by 0x404D74: pcp_importsecret (keymgmt.c:410)
==44663== by 0x402B28: main (pcp.c:427)
Python binding, e.g.: Python binding, e.g.:
py % cdll.LoadLibrary("libsodium.so.8") py % cdll.LoadLibrary("libsodium.so.8")
<CDLL 'libsodium.so.8', handle 800776c00 at 80192a3d0> <CDLL 'libsodium.so.8', handle 800776c00 at 80192a3d0>
@@ -32,10 +66,10 @@ py % hash = create_string_buffer('\000' * 64)
py % hash py % hash
<ctypes.c_char_Array_65 object at 0x80182c560> <ctypes.c_char_Array_65 object at 0x80182c560>
py % hash.raw py % hash.raw
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x...
py % key = create_string_buffer('a' * 32) py % key = create_string_buffer('a' * 32)
py % nacl.crypto_hash_sha256(pointer(hash), pointer(key), 32) py % nacl.crypto_hash_sha256(pointer(hash), pointer(key), 32)
0 0
py % hash.raw py % hash.raw
';\xa3\xf5\xf4;\x92`&\x83\xc1\x9a\xeeb\xa2\x03B\xb0\x84\xddYq\xdd\xd38\x08\xd8\x1a2\x88y\xa5G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' ';\xa3\xf5\xf4;\x92`&\x83\xc1\x9a\xeeb\xa2\x03B\xb0\x84\...
py % py %

3
include/pcp/mgmt.h
View File

@@ -211,6 +211,7 @@ pcp_ks_bundle_t *pcp_import_pub_rfc(Buffer *blob);
pcp_ks_bundle_t *pcp_import_pub_pbp(Buffer *blob); pcp_ks_bundle_t *pcp_import_pub_pbp(Buffer *blob);
/* import secret key */ /* import secret key */
pcp_key_t *pcp_import_secret(Buffer *cipher, char *passphrase); pcp_key_t *pcp_import_secret(unsigned char *raw, size_t rawsize, char *passphrase);
pcp_key_t *pcp_import_secret_native(Buffer *cipher, char *passphrase);
#endif // _HAVE_PCP_MGMT_H #endif // _HAVE_PCP_MGMT_H

10
libpcp/buffer.c
View File

@@ -42,9 +42,11 @@ void buffer_init(Buffer *b, size_t blocksize, char *name) {
void buffer_free(Buffer *b) { void buffer_free(Buffer *b) {
if(b != NULL) { if(b != NULL) {
if(b->allocated > 0) { if(b->allocated == 1) {
if(b->end > 0) {
buffer_clear(b); buffer_clear(b);
free(b->buf); free(b->buf);
}
free(b); free(b);
} }
} }
@@ -99,8 +101,9 @@ size_t buffer_get_chunk(Buffer *b, void *buf, size_t len) {
} }
unsigned char *buffer_get_remainder(Buffer *b) { unsigned char *buffer_get_remainder(Buffer *b) {
void *buf; void *buf = ucmalloc(b->end - b->offset);
if(buffer_get_chunk(b, buf, b->end - b->offset) == 0) { if(buffer_get_chunk(b, buf, b->end - b->offset) == 0) {
free(buf);
return NULL; return NULL;
} }
else { else {
@@ -199,11 +202,12 @@ void buffer_dump(const Buffer *b) {
} }
void buffer_info(const Buffer *b) { void buffer_info(const Buffer *b) {
fprintf(stderr, " buffer: %s\n", b->name);
fprintf(stderr, "blocksize: %ld\n", b->blocksize); fprintf(stderr, "blocksize: %ld\n", b->blocksize);
fprintf(stderr, " size: %ld\n", b->size); fprintf(stderr, " size: %ld\n", b->size);
fprintf(stderr, " offset: %ld\n", b->offset); fprintf(stderr, " offset: %ld\n", b->offset);
fprintf(stderr, " end: %ld\n", b->end); fprintf(stderr, " end: %ld\n", b->end);
fprintf(stderr, "allocated: %d\n", b->allocated); fprintf(stderr, "allocated: %d\n\n", b->allocated);
} }
size_t buffer_size(const Buffer *b) { size_t buffer_size(const Buffer *b) {

1
libpcp/crypto.c
View File

@@ -366,7 +366,6 @@ size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p, int
/* step 5, actual encrypted data */ /* step 5, actual encrypted data */
size_t sym_size = 0; size_t sym_size = 0;
if(sign) { if(sign) {
_dump("reclist", recipients_cipher, rec_size * recipient_count);
pcp_rec_t *rec = pcp_rec_new(recipients_cipher, rec_size * recipient_count, s, NULL); pcp_rec_t *rec = pcp_rec_new(recipients_cipher, rec_size * recipient_count, s, NULL);
sym_size = pcp_encrypt_file_sym(in, out, symkey, 1, rec); sym_size = pcp_encrypt_file_sym(in, out, symkey, 1, rec);
pcp_rec_free(rec); pcp_rec_free(rec);

187
libpcp/mgmt.c
View File

@@ -87,6 +87,8 @@ int _check_sigsubs(Buffer *blob, pcp_pubkey_t *p, rfc_pub_sig_s *subheader) {
notation[nsize] = '\0'; notation[nsize] = '\0';
value[nsize] = '\0'; value[nsize] = '\0';
fprintf(stderr, "got notation %s with value %s\n", notation, value);
if(strncmp(notation, "owner", 5) == 0) { if(strncmp(notation, "owner", 5) == 0) {
memcpy(p->owner, value, vsize); memcpy(p->owner, value, vsize);
} }
@@ -96,18 +98,19 @@ int _check_sigsubs(Buffer *blob, pcp_pubkey_t *p, rfc_pub_sig_s *subheader) {
else if(strncmp(notation, "serial", 6) == 0) { else if(strncmp(notation, "serial", 6) == 0) {
uint32_t serial; uint32_t serial;
memcpy(&serial, value, 4); memcpy(&serial, value, 4);
p->serial = htobe32(serial); p->serial = be32toh(serial);
} }
ucfree(notation, nsize); ucfree(notation, nsize);
ucfree(value, vsize); ucfree(value, vsize);
} }
else { else {
/* unsupported or ignored sig sub */ /* unsupported or ignored sig sub */
fprintf(stderr, "ignore sub %ld bytes\n", subheader->size);
if(buffer_get_chunk(blob, ignore, subheader->size) == 0) if(buffer_get_chunk(blob, ignore, subheader->size) == 0)
return 1; return 1;
} }
return 0; return 0;
} }
@@ -178,10 +181,14 @@ int _check_hash_keysig(Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t *sk) {
pcp_ks_bundle_t *pcp_import_pub(unsigned char *raw, size_t rawsize) { pcp_ks_bundle_t *pcp_import_pub(unsigned char *raw, size_t rawsize) {
size_t clen; size_t clen;
unsigned char *bin = NULL; unsigned char *bin = NULL;
char *z85 = NULL;
Buffer *blob = buffer_new(512, "importblob"); Buffer *blob = buffer_new(512, "importblob");
/* first, try to decode the input */ /* first, try to decode the input */
bin = pcp_z85_decode((char *)raw, &clen); z85 = pcp_readz85string(raw, rawsize);
if(z85 != NULL)
bin = pcp_z85_decode(z85, &clen);
if(bin == NULL) { if(bin == NULL) {
/* treat as binary blob */ /* treat as binary blob */
@@ -190,7 +197,7 @@ pcp_ks_bundle_t *pcp_import_pub(unsigned char *raw, size_t rawsize) {
} }
else { else {
/* use decoded */ /* use decoded */
buffer_add(blob, bin, rawsize); buffer_add(blob, bin, clen);
ucfree(bin, clen); ucfree(bin, clen);
} }
@@ -235,9 +242,12 @@ pcp_ks_bundle_t *pcp_import_pub_rfc(Buffer *blob) {
/* iterate over subs, if any */ /* iterate over subs, if any */
int i; int i;
fprintf(stderr, "numsubs in: %ld\n", sigheader->numsubs);
for (i=0; i<sigheader->numsubs; i++) { for (i=0; i<sigheader->numsubs; i++) {
subheader->size = buffer_get32na(blob); subheader->size = buffer_get32na(blob);
subheader->type = buffer_get8(blob); subheader->type = buffer_get8(blob);
fprintf(stderr, "read sub type %02x, size %08x %ld\n", subheader->type, subheader->size, subheader->size );
fprintf(stderr, "bytes left: %ld\n", buffer_left(blob));
_check_sigsubs(blob, p, subheader); _check_sigsubs(blob, p, subheader);
} }
@@ -263,6 +273,8 @@ pcp_ks_bundle_t *pcp_import_pub_rfc(Buffer *blob) {
b->s = sk; b->s = sk;
} }
_dump("sk in", sk->blob, sk->size);
return b; return b;
@@ -278,6 +290,89 @@ pcp_ks_bundle_t *pcp_import_pub_rfc(Buffer *blob) {
} }
pcp_ks_bundle_t *pcp_import_pub_pbp(Buffer *blob) { pcp_ks_bundle_t *pcp_import_pub_pbp(Buffer *blob) {
char *date = ucmalloc(19);
char *ignore = ucmalloc(46);
char *parts = NULL;
unsigned char *sig;
int pnum;
pbp_pubkey_t *b = ucmalloc(sizeof(pbp_pubkey_t));
pcp_pubkey_t *tmp = ucmalloc(sizeof(pcp_pubkey_t));
pcp_pubkey_t *pub = ucmalloc(sizeof(pcp_pubkey_t));
buffer_get_chunk(blob, sig, crypto_sign_BYTES);
buffer_get_chunk(blob, b->sigpub, crypto_sign_PUBLICKEYBYTES);
buffer_get_chunk(blob, b->edpub, crypto_sign_PUBLICKEYBYTES);
buffer_get_chunk(blob, b->pub, crypto_box_PUBLICKEYBYTES);
buffer_get_chunk(blob, date, 18);
date[19] = '\0';
struct tm c;
if(strptime(date, "%Y-%m-%dT%H:%M:%S", &c) == NULL) {
fatal("Failed to parse creation time in PBP public key file (<%s>)\n", date);
free(date);
goto errimp2;
}
buffer_get_chunk(blob, ignore, 46);
free(ignore);
memcpy(b->name, buffer_get(blob), buffer_left(blob));
/* parse the name */
parts = strtok (b->name, "<>");
pnum = 0;
while (parts != NULL) {
if(pnum == 0)
memcpy(pub->owner, parts, strlen(parts));
else if (pnum == 1)
memcpy(pub->mail, parts, strlen(parts));
parts = strtok(NULL, "<>");
pnum++;
}
free(parts);
if(strlen(b->name) == 0) {
memcpy(pub->owner, "N/A", 3);
}
/* fill in the fields */
pub->ctime = (long)mktime(&c);
pub->type = PCP_KEY_TYPE_PUBLIC;
pub->version = PCP_KEY_VERSION;
pub->serial = arc4random();
memcpy(pub->pub, b->pub, crypto_box_PUBLICKEYBYTES);
memcpy(pub->edpub, b->edpub, crypto_sign_PUBLICKEYBYTES);
memcpy(pub->id, pcp_getpubkeyid(pub), 17);
_lc(pub->owner);
/* edpub used for signing, might differ */
memcpy(tmp->edpub, b->sigpub, crypto_sign_PUBLICKEYBYTES);
unsigned char *verify = pcp_ed_verify(buffer_get(blob), buffer_size(blob), tmp);
free(tmp);
pcp_ks_bundle_t *bundle = ucmalloc(sizeof(pcp_ks_bundle_t));
bundle->p = pub;
if(verify == NULL) {
bundle->p = pub;
bundle->s = NULL;
}
else {
pcp_keysig_t *sk = ucmalloc(sizeof(pcp_keysig_t));
sk->type = PCP_KEYSIG_PBP;
sk->size = buffer_size(blob);
memcpy(sk->belongs, pub->id, 17);
sk->blob = ucmalloc(sk->size);
memcpy(sk->blob, buffer_get(blob), sk->size);
crypto_hash_sha256(sk->checksum, sk->blob, sk->size);
pub->valid = 1;
bundle->s = sk;
bundle->p = pub;
}
return bundle;
errimp2:
return NULL; return NULL;
} }
@@ -353,7 +448,18 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk) {
buffer_add8(raw, EXP_SIG_TYPE); buffer_add8(raw, EXP_SIG_TYPE);
buffer_add8(raw, EXP_SIG_CIPHER); buffer_add8(raw, EXP_SIG_CIPHER);
buffer_add8(raw, EXP_HASH_CIPHER); buffer_add8(raw, EXP_HASH_CIPHER);
buffer_add16be(raw, 5); /* we add 5 sub sigs always */
/* we add 5-7 subs:
ctime, sigexpire, keyexpire, serial, keyflags
optional: owner, mail */
uint16_t nsubs = 5;
if(strlen(sk->owner) > 0)
nsubs++;
if(strlen(sk->mail) > 0)
nsubs++;
buffer_add16be(raw, nsubs);
fprintf(stderr, "numsubs out: %ld\n", nsubs);
/* add sig ctime */ /* add sig ctime */
buffer_add32be(raw, 4); buffer_add32be(raw, 4);
@@ -371,6 +477,17 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk) {
buffer_add32be(raw, sk->ctime + 31536000); buffer_add32be(raw, sk->ctime + 31536000);
size_t notation_size = 0; size_t notation_size = 0;
/* add serial number notation sub */
notation_size = 6 + 4 + 4;
buffer_add32be(raw, notation_size);
buffer_add8(raw, EXP_SIG_SUB_NOTATION);
buffer_add16be(raw, 6);
buffer_add16be(raw, 4);
buffer_add(raw, "serial", 6);
//buffer_add32be(raw, sk->serial);
buffer_add32be(raw, 1);
fprintf(stderr, "put serial notation %ld\n", notation_size);
/* add name notation sub*/ /* add name notation sub*/
if(strlen(sk->owner) > 0) { if(strlen(sk->owner) > 0) {
size_t notation_size = strlen(sk->owner) + 4 + 5; size_t notation_size = strlen(sk->owner) + 4 + 5;
@@ -380,6 +497,7 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk) {
buffer_add16be(raw, strlen(sk->owner)); buffer_add16be(raw, strlen(sk->owner));
buffer_add(raw, "owner", 5); buffer_add(raw, "owner", 5);
buffer_add(raw, sk->owner, strlen(sk->owner)); buffer_add(raw, sk->owner, strlen(sk->owner));
fprintf(stderr, "put owner notation %ld\n", notation_size);
} }
/* add mail notation sub */ /* add mail notation sub */
@@ -391,20 +509,14 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk) {
buffer_add16be(raw, strlen(sk->mail)); buffer_add16be(raw, strlen(sk->mail));
buffer_add(raw, "mail", 4); buffer_add(raw, "mail", 4);
buffer_add(raw, sk->mail, strlen(sk->mail)); buffer_add(raw, sk->mail, strlen(sk->mail));
fprintf(stderr, "put mail notation %ld\n", notation_size);
} }
/* add serial number notation sub */
notation_size = 6 + 4 + 4;
buffer_add32be(raw, notation_size);
buffer_add8(raw, EXP_SIG_SUB_NOTATION);
buffer_add16be(raw, 6);
buffer_add16be(raw, 4);
buffer_add(raw, "serial", 6);
buffer_add32be(raw, sk->serial);
/* add key flags */ /* add key flags */
buffer_add32be(raw, 1); buffer_add32be(raw, 1);
buffer_add8(raw, 27); buffer_add8(raw, EXP_SIG_SUB_KEYFLAGS);
buffer_add8(raw, 0x02 & 0x08 & 0x80); buffer_add8(raw, 0x02 & 0x08 & 0x80);
/* create a hash from the PK material and the raw signature packet */ /* create a hash from the PK material and the raw signature packet */
@@ -418,14 +530,14 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk) {
/* sign the hash */ /* sign the hash */
unsigned char *sig = pcp_ed_sign_key(hash, crypto_generichash_BYTES_MAX, sk); unsigned char *sig = pcp_ed_sign_key(hash, crypto_generichash_BYTES_MAX, sk);
buffer_dump(raw);
buffer_info(raw);
/* append the signature packet to the output */ /* append the signature packet to the output */
buffer_add(out, buffer_get(raw), buffer_size(raw)); buffer_add(out, buffer_get(raw), buffer_size(raw));
/* append the signed hash */ /* append the signed hash */
buffer_add(out, sig, crypto_sign_BYTES + crypto_generichash_BYTES_MAX); buffer_add(out, sig, crypto_sign_BYTES + crypto_generichash_BYTES_MAX);
_dump("raw", buffer_get(raw), buffer_size(raw));
/* and that's it. wasn't that easy? :) */ /* and that's it. wasn't that easy? :) */
buffer_free(raw); buffer_free(raw);
memset(hash, 0, crypto_generichash_BYTES_MAX); memset(hash, 0, crypto_generichash_BYTES_MAX);
@@ -488,13 +600,40 @@ Buffer *pcp_export_secret(pcp_key_t *sk, char *passphrase) {
return out; return out;
} }
pcp_key_t *pcp_import_secret(Buffer *cipher, char *passphrase) { pcp_key_t *pcp_import_secret(unsigned char *raw, size_t rawsize, char *passphrase) {
size_t clen;
unsigned char *bin = NULL;
char *z85 = NULL;
Buffer *blob = buffer_new(512, "importskblob");
/* first, try to decode the input */
z85 = pcp_readz85string(raw, rawsize);
if(z85 != NULL)
bin = pcp_z85_decode(z85, &clen);
if(bin == NULL) {
/* treat as binary blob */
fatals_reset();
buffer_add(blob, raw, rawsize);
}
else {
/* use decoded */
buffer_add(blob, bin, clen);
ucfree(bin, clen);
}
/* now we've got the blob, parse it */
return pcp_import_secret_native(blob, passphrase);
}
pcp_key_t *pcp_import_secret_native(Buffer *cipher, char *passphrase) {
pcp_key_t *sk = ucmalloc(sizeof(pcp_key_t)); pcp_key_t *sk = ucmalloc(sizeof(pcp_key_t));
unsigned char *nonce = ucmalloc(crypto_secretbox_NONCEBYTES); unsigned char *nonce = ucmalloc(crypto_secretbox_NONCEBYTES);
unsigned char *symkey = NULL; unsigned char *symkey = NULL;
unsigned char *clear = NULL; unsigned char *clear = NULL;
size_t cipherlen = 0; size_t cipherlen = 0;
size_t minlen = (64 * 2) * (32 * 4) + 8 + 4 + 4; size_t minlen = (64 * 2) + (32 * 4) + 8 + 4 + 4;
uint16_t notationlen = 0; uint16_t notationlen = 0;
Buffer *blob = buffer_new(512, "secretdecryptbuf"); Buffer *blob = buffer_new(512, "secretdecryptbuf");
@@ -510,12 +649,17 @@ pcp_key_t *pcp_import_secret(Buffer *cipher, char *passphrase) {
goto impserr1; goto impserr1;
} }
/* decrypt the blob */
if(pcp_sodium_verify_mac(&clear, buffer_get_remainder(cipher), if(pcp_sodium_verify_mac(&clear, buffer_get_remainder(cipher),
cipherlen, nonce, symkey) != 0) cipherlen, nonce, symkey) != 0) {
fatal("failed to decrypt the secret key file\n");
goto impserr1; goto impserr1;
}
/* prepare the extraction buffer */
buffer_add(blob, clear, cipherlen - PCP_CRYPTO_ADD); buffer_add(blob, clear, cipherlen - PCP_CRYPTO_ADD);
/* extract the raw data into the structure */
buffer_get_chunk(blob, sk->mastersecret, 64); buffer_get_chunk(blob, sk->mastersecret, 64);
buffer_get_chunk(blob, sk->secret, 32); buffer_get_chunk(blob, sk->secret, 32);
buffer_get_chunk(blob, sk->edsecret, 64); buffer_get_chunk(blob, sk->edsecret, 64);
@@ -542,9 +686,12 @@ pcp_key_t *pcp_import_secret(Buffer *cipher, char *passphrase) {
/* ready */ /* ready */
ucfree(clear, cipherlen - PCP_CRYPTO_ADD); ucfree(clear, cipherlen - PCP_CRYPTO_ADD);
ucfree(nonce, crypto_secretbox_NONCEBYTES); ucfree(nonce, crypto_secretbox_NONCEBYTES);
ucfree(sk, sizeof(pcp_key_t));
buffer_free(blob); buffer_free(blob);
/* fill in the calculated fields */
memcpy (sk->id, pcp_getkeyid(sk), 17);
sk->type = PCP_KEY_TYPE_SECRET;
return sk; return sk;
impserr2: impserr2:

2
libpcp/z85.c
View File

@@ -63,7 +63,7 @@ unsigned char *pcp_z85_decode(char *z85block, size_t *dstlen) {
bin = ucmalloc(binlen); bin = ucmalloc(binlen);
if(zmq_z85_decode(bin, z85block) == NULL) { if(zmq_z85_decode(bin, z85block) == NULL) {
fatal("zmq_z85_decode() failed, input size ! % 5"); fatal("zmq_z85_decode() failed, input size ! mod 5 (got %ld)", strlen(z85block));
return NULL; return NULL;
} }

306
src/keymgmt.c
View File

@@ -196,7 +196,7 @@ pcp_key_t *pcp_find_primary_secret() {
return NULL; return NULL;
} }
void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor) { void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *passwd) {
pcp_key_t *key = NULL; pcp_key_t *key = NULL;
if(useid == 1) { if(useid == 1) {
@@ -233,26 +233,40 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor) {
if(key->secret[0] == 0) { if(key->secret[0] == 0) {
/* decrypt the secret key */ /* decrypt the secret key */
if(passwd == NULL) {
char *passphrase; char *passphrase;
pcp_readpass(&passphrase, pcp_readpass(&passphrase,
"Enter passphrase to decrypt your secret key", NULL, 1); "Enter passphrase to decrypt your secret key", NULL, 1);
key = pcpkey_decrypt(key, passphrase); key = pcpkey_decrypt(key, passphrase);
if(key == NULL) { if(key == NULL) {
memset(passphrase, 0, strlen(passphrase)); memset(passphrase, 0, strlen(passphrase));
free(passphrase); free(passphrase);
goto errexpse1; goto errexpse1;
} }
memset(passphrase, 0, strlen(passphrase)); memset(passphrase, 0, strlen(passphrase));
free(passphrase); free(passphrase);
} }
else {
key = pcpkey_decrypt(key, passwd);
if(key == NULL) {
goto errexpse1;
}
}
}
Buffer *exported_sk;
if(passwd != NULL) {
exported_sk = pcp_export_secret(key, passwd);
}
else {
char *passphrase; char *passphrase;
pcp_readpass(&passphrase, pcp_readpass(&passphrase,
"Enter passphrase to encrypt the exported secret key", "Repeat passphrase", 1); "Enter passphrase to encrypt the exported secret key", "Repeat passphrase", 1);
exported_sk = pcp_export_secret(key, passphrase);
Buffer *exported_sk = pcp_export_secret(key, passphrase); memset(passphrase, 0, strlen(passphrase));
free(passphrase);
}
if(exported_sk != NULL) { if(exported_sk != NULL) {
if(armor == 1) { if(armor == 1) {
@@ -268,8 +282,6 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor) {
fprintf(stderr, "secret key exported.\n"); fprintf(stderr, "secret key exported.\n");
} }
memset(passphrase, 0, strlen(passphrase));
free(passphrase);
} }
errexpse1: errexpse1:
@@ -335,17 +347,20 @@ void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int
if(is_foreign == 0) { if(is_foreign == 0) {
/* decrypt the secret key */ /* decrypt the secret key */
if(passwd != NULL) {
sk = pcpkey_decrypt(sk, passwd);
}
else {
char *passphrase; char *passphrase;
pcp_readpass(&passphrase, pcp_readpass(&passphrase,
"Enter passphrase to decrypt your secret key", NULL, 1); "Enter passphrase to decrypt your secret key", NULL, 1);
sk = pcpkey_decrypt(sk, passphrase); sk = pcpkey_decrypt(sk, passphrase);
if(sk == NULL) {
memset(passphrase, 0, strlen(passphrase)); memset(passphrase, 0, strlen(passphrase));
free(passphrase); free(passphrase);
}
if(sk == NULL) {
goto errpcpexpu1; goto errpcpexpu1;
} }
memset(passphrase, 0, strlen(passphrase));
free(passphrase);
} }
/* now, we're ready for the actual export */ /* now, we're ready for the actual export */
@@ -396,56 +411,79 @@ errpcpexpu1:
int pcp_importsecret (vault_t *vault, FILE *in) { int pcp_importsecret (vault_t *vault, FILE *in, char *passwd) {
fprintf(stderr, " pcp_importsecret line 400, port to new format\n");exit(1); unsigned char *buf = ucmalloc(2048);
size_t clen; size_t buflen = fread(buf, 1, 2048, in);
char *z85 = pcp_readz85file(in); pcp_key_t *sk = NULL;
if(z85 == NULL) if(buflen > 0) {
return 1; /* decrypt the input */
if(passwd != NULL) {
unsigned char *z85decoded = pcp_z85_decode((char *)z85, &clen); sk = pcp_import_secret(buf, buflen, passwd);
free(z85);
if(z85decoded == NULL) {
fatal("Error: could not decode input - it's probably not Z85.\n");
return 1;
} }
else {
if(clen != PCP_RAW_KEYSIZE) { char *passphrase;
fatal("Error: decoded input didn't result to a proper sized key! (got %ld bytes, expected %ld)\n", clen, PCP_RAW_KEYSIZE); pcp_readpass(&passphrase,
free(z85decoded); "Enter passphrase to decrypt the secret key file", NULL, 1);
return 1; sk = pcp_import_secret(buf, buflen, passphrase);
memset(passphrase, 0, strlen(passphrase));
free(passphrase);
}
if(sk == NULL) {
goto errpcsexpu1;
} }
/* all good now, import the blob */
pcp_key_t *key = ucmalloc(sizeof(pcp_key_t));
memcpy(key, z85decoded, PCP_RAW_KEYSIZE);
key2native(key);
if(debug) if(debug)
pcp_dumpkey(key); pcp_dumpkey(sk);
if(pcp_sanitycheck_key(key) == 0) { pcp_key_t *maybe = pcphash_keyexists(sk->id);
if(key->secret[0] != 0) { if(maybe != NULL) {
/* unencrypted, encrypt it */ fatal("Secretkey sanity check: there already exists a key with the id 0x%s\n", sk->id);
fprintf(stderr, "Key to be imported is unencrypted.\n"); goto errpcsexpu1;
char *passphrase;
pcp_readpass(&passphrase, "Enter passphrase for key encryption", NULL, 1);
key = pcpkey_encrypt(key, passphrase);
} }
int nkeys = HASH_COUNT(pcpkey_hash);
if(nkeys == 0)
key->type = PCP_KEY_TYPE_MAINSECRET;
if(pcpvault_addkey(vault, (void *)key, PCP_KEY_TYPE_SECRET) == 0) {
fprintf(stderr, "key 0x%s added to %s.\n", key->id, vault->filename); /* store it */
free(key); if(passwd != NULL) {
sk = pcpkey_encrypt(sk, passwd);
}
else {
char *passphrase;
pcp_readpass(&passphrase,
"Enter passphrase for key encryption",
"Enter the passphrase again", 1);
if(strnlen(passphrase, 1024) > 0) {
/* encrypt the key */
sk = pcpkey_encrypt(sk, passphrase);
}
else {
/* ask for confirmation if we shall store it in the clear */
char *yes = pcp_getstdin(
"WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?");
if(strncmp(yes, "yes", 1024) != 0) {
memset(sk, 0, sizeof(pcp_key_t));
free(sk);
memset(passphrase, 0, strlen(passphrase));
goto errpcsexpu1;
}
}
}
if(sk != NULL) {
/* store it to the vault if we got it til here */
if(pcp_sanitycheck_key(sk) == 0) {
if(pcp_storekey(sk) == 0) {
pcpkey_printshortinfo(sk);
memset(sk, 0, sizeof(pcp_key_t));
free(sk);
return 0; return 0;
} }
} }
}
}
free(key); errpcsexpu1:
return 1; return 1;
} }
@@ -504,178 +542,6 @@ int pcp_importpublic (vault_t *vault, FILE *in) {
return 1; return 1;
} }
int pcp_importpublicOLD (vault_t *vault, FILE *in) {
pcp_pubkey_t *pub = NULL;
int pbpcompat = 0;
if(pbpcompat == 1) {
char *date = NULL;
char *parts = NULL;
int pnum;
pbp_pubkey_t *b = ucmalloc(sizeof(pbp_pubkey_t));
pcp_pubkey_t *tmp = ucmalloc(sizeof(pcp_pubkey_t));
pub = ucmalloc(sizeof(pcp_pubkey_t));
unsigned char *buf = ucmalloc(2048);
unsigned char *bin = ucmalloc(2048);
size_t buflen;
size_t klen;
buflen = fread(buf, 1, 2048, in); /* base85 encoded */
/* remove trailing newline, if any */
size_t i, nlen;
nlen = buflen;
for(i=buflen; i>0; --i) {
if(buf[i] == '\n' || buf[i] == '\r') {
buf[i] = '\0';
nlen -= 1;
}
}
klen = nlen /5 * 4; /*((nlen + (5 - (nlen % 5))) / 5) * 4;*/
if(decode_85((char *)bin, (char *)buf, klen) != 0)
goto errimp1;
if(klen < sizeof(pbp_pubkey_t) - 1024 - crypto_sign_BYTES) {
fatal("PBP key seems to be too small, maybe it's not a PBP key (got %ld, expected %ld)\n",
klen, sizeof(pbp_pubkey_t) - 1024);
goto errimp1;
}
if(debug)
_dump("sig", bin, nlen);
/* unpad result, if any */
for(i=klen; i>0; --i) {
if(bin[i] != '\0' && i < klen) {
klen = i + 1;
break;
}
}
/* use first part as sig and verify */
memcpy(b, &bin[crypto_sign_BYTES], klen - crypto_sign_BYTES);
if(debug)
_dump("sig", bin, klen);
/* parse the date */
date = ucmalloc(19);
memcpy(date, b->iso_ctime, 18);
date[19] = '\0';
struct tm c;
if(strptime(date, "%Y-%m-%dT%H:%M:%S", &c) == NULL) {
fatal("Failed to parse creation time in PBP public key file (<%s>)\n", date);
goto errimp2;
}
/* parse the name */
parts = strtok (b->name, "<>");
pnum = 0;
while (parts != NULL) {
if(pnum == 0)
memcpy(pub->owner, parts, strlen(parts));
else if (pnum == 1)
memcpy(pub->mail, parts, strlen(parts));
parts = strtok(NULL, "<>");
pnum++;
}
free(parts);
if(strlen(b->name) == 0) {
char *owner = pcp_getstdin("Enter the name of the key owner");
memcpy(pub->owner, owner, strlen(owner) + 1);
free(owner);
}
/* fill in the fields */
pub->ctime = (long)mktime(&c);
pub->type = PCP_KEY_TYPE_PUBLIC;
pub->version = PCP_KEY_VERSION;
pub->serial = arc4random();
memcpy(pub->pub, b->pub, crypto_box_PUBLICKEYBYTES);
memcpy(pub->edpub, b->edpub, crypto_sign_PUBLICKEYBYTES);
memcpy(pub->id, pcp_getpubkeyid(pub), 17);
_lc(pub->owner);
/* edpub used for signing, might differ */
memcpy(tmp->edpub, b->sigpub, crypto_sign_PUBLICKEYBYTES);
if(debug) {
_dump(" mp", tmp->edpub, crypto_sign_PUBLICKEYBYTES);
_dump(" cp", pub->pub, crypto_sign_PUBLICKEYBYTES);
_dump(" sp", pub->edpub, crypto_sign_PUBLICKEYBYTES);
_dump("name", (unsigned char *)pub->owner, strlen(pub->owner));
_dump(" sig", bin, klen);
fprintf(stderr, "<%s>\n", (unsigned char *)pub->owner);
pcp_dumppubkey(pub);
}
unsigned char *sig = pcp_ed_verify(bin, klen, tmp);
free(tmp);
if(sig == NULL)
goto errimp1;
free(sig);
free(b);
free(buf);
free(bin);
goto kimp;
errimp2:
free(date);
errimp1:
free(bin);
free(pub);
free(b);
free(buf);
return 1;
}
else {
size_t clen;
char *z85 = pcp_readz85file(in);
if(z85 == NULL)
return 1;
unsigned char *z85decoded = pcp_z85_decode((char *)z85, &clen);
free(z85);
if(z85decoded == NULL) {
fatal("Error: could not decode input - it's probably not Z85 (got %d bytes)\n", clen);
return 1;
}
if(clen != PCP_RAW_PUBKEYSIZE) {
fatal("Error: decoded input didn't result to a proper sized key (got %d, expected %d)!\n", clen, PCP_RAW_PUBKEYSIZE);
free(z85decoded);
return 1;
}
/* all good now */
pub = ucmalloc(sizeof(pcp_pubkey_t));
memcpy(pub, z85decoded, PCP_RAW_PUBKEYSIZE);
pubkey2native(pub);
}
kimp:
if(debug)
pcp_dumppubkey(pub);
if(pcp_sanitycheck_pub(pub) == 0) {
if(pcpvault_addkey(vault, (void *)pub, PCP_KEY_TYPE_PUBLIC) == 0) {
fprintf(stderr, "key 0x%s added to %s.\n", pub->id, vault->filename);
free(pub);
return 0;
}
}
free(pub);
return 1;
}
void pcpdelete_key(char *keyid) { void pcpdelete_key(char *keyid) {
pcp_pubkey_t *p = pcphash_pubkeyexists(keyid); pcp_pubkey_t *p = pcphash_pubkeyexists(keyid);

4
src/keymgmt.h
View File

@@ -50,7 +50,7 @@ int pcp_storekey (pcp_key_t *key);
void pcp_keygen(char *passwd); void pcp_keygen(char *passwd);
void pcp_listkeys(); void pcp_listkeys();
void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor); void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *passwd);
void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int armor); void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int armor);
pcp_key_t *pcp_getrsk(pcp_key_t *s, char *recipient, char *passwd); pcp_key_t *pcp_getrsk(pcp_key_t *s, char *recipient, char *passwd);
@@ -58,7 +58,7 @@ char *pcp_normalize_id(char *keyid);
pcp_key_t *pcp_find_primary_secret(); pcp_key_t *pcp_find_primary_secret();
int pcp_importpublic (vault_t *vault, FILE *in); int pcp_importpublic (vault_t *vault, FILE *in);
int pcp_importsecret (vault_t *vault, FILE *in); int pcp_importsecret (vault_t *vault, FILE *in, char *passwd);
void pcpdelete_key(char *keyid); void pcpdelete_key(char *keyid);
char *pcp_find_id_byrec(char *recipient); char *pcp_find_id_byrec(char *recipient);

6
src/pcp.c
View File

@@ -379,12 +379,12 @@ int main (int argc, char **argv) {
if(useid) { if(useid) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if(id != NULL) {
pcp_exportsecret(id, useid, outfile, armor); pcp_exportsecret(id, useid, outfile, armor, xpass);
free(id); free(id);
} }
} }
else { else {
pcp_exportsecret(NULL, useid, outfile, armor); pcp_exportsecret(NULL, useid, outfile, armor, xpass);
} }
break; break;
@@ -424,7 +424,7 @@ int main (int argc, char **argv) {
break; break;
} }
} }
pcp_importsecret(vault, in); pcp_importsecret(vault, in, xpass);
break; break;
case PCP_MODE_DELETE_KEY: case PCP_MODE_DELETE_KEY: