From 770d8cb234a2a19b90cd38ea697d6fd7b4d6ed49 Mon Sep 17 00:00:00 2001 From: "git@daemon.de" Date: Mon, 27 Jan 2014 16:12:43 +0100 Subject: [PATCH] added crypt+sign support --- include/pcp.h | 2 + include/pcp/crypto.h | 9 ++-- libpcp/crypto.c | 107 +++++++++++++++++++++++++++++++++++++------ src/encryption.c | 20 ++++---- src/encryption.h | 4 +- src/pcp.c | 33 +++++++++---- 6 files changed, 137 insertions(+), 38 deletions(-) diff --git a/include/pcp.h b/include/pcp.h index cb58810..b3b0a66 100644 --- a/include/pcp.h +++ b/include/pcp.h @@ -17,9 +17,11 @@ extern "C" { #include "pcp/mem.h" #include "pcp/pad.h" #include "pcp/platform.h" +#include "pcp/plist.h" #include "pcp/randomart.h" #include "pcp/scrypt.h" #include "pcp/uthash.h" +#include "pcp/util.h" #include "pcp/vault.h" #include "pcp/version.h" #include "pcp/z85.h" diff --git a/include/pcp/crypto.h b/include/pcp/crypto.h index a369be5..9a9ed1f 100644 --- a/include/pcp/crypto.h +++ b/include/pcp/crypto.h @@ -33,6 +33,7 @@ #include "mem.h" #include "key.h" #include "keyhash.h" +#include "ed.h" size_t pcp_sodium_box(unsigned char **cipher, unsigned char *cleartext, @@ -53,12 +54,12 @@ unsigned char *pcp_box_decrypt(pcp_key_t *secret, pcp_pubkey_t *pub, unsigned char *cipher, size_t ciphersize, size_t *dsize); -size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p); +size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p, int signcrypt); -size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s, unsigned char *symkey); +size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s, unsigned char *symkey, int verify); -size_t pcp_encrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, int havehead); +size_t pcp_encrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, int havehead, pcp_key_t *signkey); -size_t pcp_decrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey); +size_t pcp_decrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, pcp_pubkey_t *verifykey); #endif // _HAVE_PCP_CRYPTO_H diff --git a/libpcp/crypto.c b/libpcp/crypto.c index ac63c71..4453f93 100644 --- a/libpcp/crypto.c +++ b/libpcp/crypto.c @@ -162,8 +162,9 @@ unsigned char *pcp_box_decrypt(pcp_key_t *secret, pcp_pubkey_t *pub, } -size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s, unsigned char *symkey) { - pcp_pubkey_t *cur, *sender; +size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s, unsigned char *symkey, int verify) { + pcp_pubkey_t *cur = NULL; + pcp_pubkey_t *sender = NULL; int nrec, recmatch; uint32_t lenrec; uint8_t head; @@ -201,7 +202,7 @@ size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s, unsigned char *symkey if(self) { // just decrypt symetrically and go outa here - return pcp_decrypt_file_sym(in, out, symkey); + return pcp_decrypt_file_sym(in, out, symkey, NULL); } #ifdef PCP_ASYM_ADD_SENDER_PUB @@ -249,14 +250,17 @@ size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s, unsigned char *symkey } // step 5, actually decrypt the file, finally - return pcp_decrypt_file_sym(in, out, symkey); + if(verify) + return pcp_decrypt_file_sym(in, out, symkey, cur); + else + return pcp_decrypt_file_sym(in, out, symkey, NULL); errdef1: return 0; } -size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p) { +size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p, int sign) { unsigned char *symkey; int recipient_count; unsigned char *recipients_cipher; @@ -266,10 +270,7 @@ size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p) { uint32_t lenrec; size_t rec_size, out_size; - - /* - Correct format should be: 6[1]|temp_keypair.pubkey|len(recipients)[4]|(recipients...)|(secretboxes...) where recipients is a concatenated list of random_nonce|box(temp_keypair.privkey, recipient crypto pk, random_nonce, packet key) @@ -332,7 +333,12 @@ size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p) { out_size = 5 + (rec_size * recipient_count) + crypto_box_PUBLICKEYBYTES; // step 5, actual encrypted data - size_t sym_size = pcp_encrypt_file_sym(in, out, symkey, 1); + size_t sym_size = 0; + if(sign) + sym_size = pcp_encrypt_file_sym(in, out, symkey, 1, s); + else + sym_size = pcp_encrypt_file_sym(in, out, symkey, 1, NULL); + if(sym_size == 0) goto errec1; @@ -354,7 +360,7 @@ size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p) { return 0; } -size_t pcp_encrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, int havehead) { +size_t pcp_encrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, int havehead, pcp_key_t *signkey) { /* havehead = 0: write the whole thing from here havehead = 1: no header, being called from asym... @@ -366,6 +372,14 @@ size_t pcp_encrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, int have size_t cur_bufsize = 0; size_t out_size = 0; size_t es; + crypto_generichash_state *st = NULL; + unsigned char *hash = NULL; + + if(signkey != NULL) { + st = ucmalloc(sizeof(crypto_generichash_state)); + hash = ucmalloc(crypto_generichash_BYTES_MAX); + crypto_generichash_init(st, NULL, 0, 0); + } if(havehead == 0) { uint8_t head = PCP_SYM_CIPHER; @@ -376,8 +390,7 @@ size_t pcp_encrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, int have } } - - + // 32k-ECB-mode. FIXME: maybe support CBC as well or only use CBC? while(!feof(in)) { cur_bufsize = fread(&in_buf, 1, PCP_BLOCK_SIZE, in); if(cur_bufsize <= 0) @@ -385,17 +398,31 @@ size_t pcp_encrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, int have buf_nonce = pcp_gennonce(); es = pcp_sodium_mac(&buf_cipher, in_buf, cur_bufsize, buf_nonce, symkey); fwrite(buf_nonce, crypto_secretbox_NONCEBYTES, 1, out); + //fprintf(stderr, "D: 32k buf nonce - %d\n", crypto_secretbox_NONCEBYTES); fwrite(buf_cipher, es, 1, out); //fprintf(stderr, "D: 32k buf cipher - %ld\n", es); free(buf_nonce); free(buf_cipher); out_size += crypto_secretbox_NONCEBYTES + es; + + if(signkey != NULL) + crypto_generichash_update(st, in_buf, cur_bufsize); } if(ferror(out) != 0) { fatal("Failed to write encrypted output!\n"); - return 0; + goto errsym1; + } + + if(signkey != NULL) { + crypto_generichash_final(st, hash, crypto_generichash_BYTES_MAX); + unsigned char *signature = pcp_ed_sign(hash, crypto_generichash_BYTES_MAX, signkey); + size_t siglen = crypto_sign_BYTES + crypto_generichash_BYTES_MAX; + fwrite(signature, siglen, 1, out); + free(st); + free(signature); + free(hash); } if(fileno(in) != 0) @@ -404,9 +431,16 @@ size_t pcp_encrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, int have fclose(out); return out_size; + + errsym1: + if(symkey != NULL) { + free(st); + free(hash); + } + return 0; } -size_t pcp_decrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey) { +size_t pcp_decrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, pcp_pubkey_t *verifykey) { unsigned char *buf_nonce; unsigned char *buf_cipher; unsigned char *buf_clear; @@ -418,11 +452,31 @@ size_t pcp_decrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey) { buf_cipher = ucmalloc(ciphersize); out_size = 0; + unsigned char *signature = NULL; + size_t siglen = crypto_sign_BYTES + crypto_generichash_BYTES_MAX; + crypto_generichash_state *st = NULL; + unsigned char *hash = NULL; + + if(verifykey != NULL) { + st = ucmalloc(sizeof(crypto_generichash_state)); + hash = ucmalloc(crypto_generichash_BYTES_MAX); + crypto_generichash_init(st, NULL, 0, 0); + signature = ucmalloc(siglen); + } + while(!feof(in)) { cur_bufsize = fread(&in_buf, 1, PCP_BLOCK_SIZE_IN, in); if(cur_bufsize <= PCP_CRYPTO_ADD) break; // no valid cipher block + if(verifykey != NULL) { + if(cur_bufsize < PCP_BLOCK_SIZE_IN || feof(in)) { + // pull out signature + memcpy(signature, &in_buf[cur_bufsize - siglen], siglen); + cur_bufsize -= siglen; + } + } + ciphersize = cur_bufsize - crypto_secretbox_NONCEBYTES; memcpy(buf_nonce, in_buf, crypto_secretbox_NONCEBYTES); memcpy(buf_cipher, &in_buf[crypto_secretbox_NONCEBYTES], ciphersize); @@ -432,7 +486,12 @@ size_t pcp_decrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey) { if(es == 0) { fwrite(buf_clear, ciphersize - PCP_CRYPTO_ADD, 1, out); + + if(verifykey != NULL) + crypto_generichash_update(st, buf_clear, ciphersize - PCP_CRYPTO_ADD); + free(buf_clear); + if(ferror(out) != 0) { fatal("Failed to write decrypted output!\n"); out_size = 0; @@ -450,10 +509,30 @@ size_t pcp_decrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey) { free(buf_nonce); free(buf_cipher); + if(verifykey != NULL) { + crypto_generichash_final(st, hash, crypto_generichash_BYTES_MAX); + unsigned char *verifiedhash = NULL; + verifiedhash = pcp_ed_verify(signature, siglen, verifykey); + if(verifiedhash == NULL) + out_size = 0; + else { + if(memcmp(verifiedhash, hash, crypto_generichash_BYTES_MAX) != 0) { + // sig verified, but the hash doesn't match + fatal("signed hash doesn't match actual hash of signed decrypted file content\n"); + out_size = 0; + } + free(verifiedhash); + } + free(st); + free(hash); + free(signature); + } + if(fileno(in) != 0) fclose(in); if(fileno(out) != 1) fclose(out); return out_size; + } diff --git a/src/encryption.c b/src/encryption.c index 71a0bb0..1f8b7f0 100644 --- a/src/encryption.c +++ b/src/encryption.c @@ -22,7 +22,7 @@ #include "encryption.h" -int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd) { +int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, int verify) { FILE *in = NULL; FILE *out = NULL; pcp_key_t *secret = NULL; @@ -113,13 +113,15 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd) { } if(symkey == NULL) - dlen = pcp_decrypt_file(in, out, secret, NULL); + dlen = pcp_decrypt_file(in, out, secret, NULL, verify); else - dlen = pcp_decrypt_file(in, out, NULL, symkey); + dlen = pcp_decrypt_file(in, out, NULL, symkey, verify); if(dlen > 0) { - fprintf(stderr, "Decrypted %d bytes successfully\n", - (int)dlen); + if(verify) + fprintf(stderr, "Decrypted and Verified %ld bytes successfully\n", dlen); + else + fprintf(stderr, "Decrypted %ld bytes successfully\n", dlen); return 0; } @@ -130,7 +132,7 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd) { -int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *recipient) { +int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *recipient, int signcrypt) { FILE *in = NULL; FILE *out = NULL; pcp_pubkey_t *pubhash = NULL; // FIXME: add free() @@ -259,9 +261,9 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec size_t clen = 0; if(self == 1) - clen = pcp_encrypt_file_sym(in, out, symkey, 0); + clen = pcp_encrypt_file_sym(in, out, symkey, 0, NULL); else - clen = pcp_encrypt_file(in, out, secret, pubhash); + clen = pcp_encrypt_file(in, out, secret, pubhash, signcrypt); if(clen > 0) { if(id == NULL && recipient == NULL) @@ -277,6 +279,8 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec free(t); free(cur); } + if(signcrypt) + fprintf(stderr, "Signed encrypted file successfully\n"); return 0; } diff --git a/src/encryption.h b/src/encryption.h index cfbee84..b1cb54f 100644 --- a/src/encryption.h +++ b/src/encryption.h @@ -36,7 +36,7 @@ #include "keyhash.h" #include "plist.h" -int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd); -int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *recipient); +int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, int verify); +int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *recipient, int signcrypt); #endif // _HAVE_ENCRYPTION_H diff --git a/src/pcp.c b/src/pcp.c index 021dad3..7f533df 100644 --- a/src/pcp.c +++ b/src/pcp.c @@ -44,7 +44,7 @@ char *default_vault() { } int main (int argc, char **argv) { - int opt, mode, usevault, useid, userec, lo, armor, detach; + int opt, mode, usevault, useid, userec, lo, armor, detach, signcrypt; char *vaultfile = default_vault(); char *outfile = NULL; char *infile = NULL; @@ -65,6 +65,7 @@ int main (int argc, char **argv) { lo = 0; armor = 0; detach = 0; + signcrypt = 0; static struct option longopts[] = { // generics @@ -103,12 +104,12 @@ int main (int argc, char **argv) { // signing { "sign", no_argument, NULL, 'g' }, - { "check-signature", required_argument, NULL, 'c' }, + { "check-signature", optional_argument, NULL, 'c' }, { "detach", no_argument, NULL, 'a' }, { NULL, 0, NULL, 0 } }; - while ((opt = getopt_long(argc, argv, "klV:vdehsO:i:I:pSPRtEx:DzZr:gc:yma", + while ((opt = getopt_long(argc, argv, "klV:vdehsO:i:I:pSPRtEx:DzZr:gc::yma", longopts, NULL)) != -1) { switch (opt) { @@ -183,8 +184,10 @@ int main (int argc, char **argv) { break; case 'c': mode += PCP_MODE_VERIFY; - sigfile = ucmalloc(strlen(optarg)+1); - strncpy(sigfile, optarg, strlen(optarg)+1); + if(optarg) { + sigfile = ucmalloc(strlen(optarg)+1); + strncpy(sigfile, optarg, strlen(optarg)+1); + } usevault = 1; break; case 'y': @@ -238,6 +241,16 @@ int main (int argc, char **argv) { return 1; } + if(mode == PCP_MODE_ENCRYPT + PCP_MODE_SIGN) { + mode = PCP_MODE_ENCRYPT; + signcrypt = 1; + } + if(mode == PCP_MODE_DECRYPT + PCP_MODE_VERIFY) { + mode = PCP_MODE_DECRYPT; + signcrypt = 1; + } + + sodium_init(); // FIXME: better called from the lib? if(mode == PCP_MODE_ENCRYPT && useid == 0 && userec == 0) { @@ -345,11 +358,11 @@ int main (int argc, char **argv) { if(useid == 1 && userec == 0) { // one dst, FIXME: make id a list as well id = pcp_normalize_id(keyid); - pcpencrypt(id, infile, outfile, xpass, NULL); + pcpencrypt(id, infile, outfile, xpass, NULL, signcrypt); } else if(useid == 0 && userec == 1) { // multiple dst - pcpencrypt(NULL, infile, outfile, xpass, recipient); + pcpencrypt(NULL, infile, outfile, xpass, recipient, signcrypt); } else { // -i and -r specified @@ -368,12 +381,12 @@ int main (int argc, char **argv) { if(useid) { id = pcp_normalize_id(keyid); if(id != NULL) { - pcpdecrypt(id, useid, infile, outfile, xpass); + pcpdecrypt(id, useid, infile, outfile, xpass, signcrypt); free(id); } } else { - pcpdecrypt(NULL, useid, infile, outfile, xpass); + pcpdecrypt(NULL, useid, infile, outfile, xpass, signcrypt); } if(xpass != NULL) free(xpass); @@ -422,7 +435,7 @@ int main (int argc, char **argv) { break; case PCP_MODE_ENCRYPT_ME: - pcpencrypt(NULL, infile, outfile, xpass, NULL); + pcpencrypt(NULL, infile, outfile, xpass, NULL, 0); break; case PCP_MODE_TEXT: