From 7b3005e7907e8d55451255c92fb09ce49cecf958 Mon Sep 17 00:00:00 2001 From: TLINDEN Date: Thu, 30 Jul 2015 11:47:03 +0200 Subject: [PATCH] added context to pcp_readpass(), rm libpcp/getpass.c --- ChangeLog | 7 ++ TODO | 22 ----- VERSION | 2 +- bindings/py/pypcp/raw.py | 189 +++++++++++++++++++-------------------- include/Makefile.am | 3 +- include/pcp.h | 2 +- include/pcp/version.h | 2 +- libpcp/Makefile.am | 4 +- src/Makefile.am | 4 +- src/encryption.c | 11 +-- src/keymgmt.c | 16 ++-- src/signature.c | 2 +- tests/Makefile.am | 4 +- 13 files changed, 122 insertions(+), 146 deletions(-) diff --git a/ChangeLog b/ChangeLog index db06365..4693a3f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,13 @@ NEXT have in place (-x and -X). Also, I don't generate an extra hash for the key anymore. + Removed libpcp/getpass.c, not used anymore. + + Added --extpass (implementation from encfs, but + somewhat modified). + + Moved src/readpass.c to libpcp/. + 0.3.0 Changed publuc key signature storage, previously I didn't add the actual signature, therefore a diff --git a/TODO b/TODO index 001f5b7..93e75b8 100644 --- a/TODO +++ b/TODO @@ -19,25 +19,3 @@ Check is_utf8 license. c++ destructor double free mess -Idea from encfs: - --extpass=program - Specify an external program to use for getting the user password. When the external program - is spawned, the environment variable "RootDir" will be set to contain the path to the root - directory. The program should print the password to standard output. - - EncFS takes everything returned from the program to be the password, except for a trailing - newline (\n) which will be removed. - - For example, specifying --extpass=/usr/lib/ssh/ssh-askpass will cause EncFS to use ssh's - password prompt program. - - Note: EncFS reads at most 2k of data from the password program, and it removes any trailing - newline. Versions before 1.4.x accepted only 64 bytes of text. - - -S, --stdinpass - Read password from standard input, without prompting. This may be useful for scripting encfs - mounts. - - Note that you should make sure the filesystem and mount points exist first. Otherwise encfs - will prompt for the filesystem creation options, which may interfere with your script. - diff --git a/VERSION b/VERSION index 9325c3c..a2268e2 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.3.0 \ No newline at end of file +0.3.1 \ No newline at end of file diff --git a/bindings/py/pypcp/raw.py b/bindings/py/pypcp/raw.py index 9e642bb..b0854b8 100644 --- a/bindings/py/pypcp/raw.py +++ b/bindings/py/pypcp/raw.py @@ -452,18 +452,6 @@ size_t pcp_ed_detachsign_buffered(Pcpstream *in, Pcpstream *out, pcp_key_t *s); /*** ./gencffi.pl: from ../../include/pcp/ed.h:202 */ pcp_pubkey_t *pcp_ed_detachverify_buffered(PCPCTX *ptx, Pcpstream *in, Pcpstream *sigfd, pcp_pubkey_t *p); -/*** ./gencffi.pl: from ../../include/pcp/getpass.h:22 */ -void pcp_echo_off(); - -/*** ./gencffi.pl: from ../../include/pcp/getpass.h:22 */ -void pcp_echo_on(); - -/*** ./gencffi.pl: from ../../include/pcp/getpass.h:22 */ -char *pcp_get_stdin(); - -/*** ./gencffi.pl: from ../../include/pcp/getpass.h:22 */ -char *pcp_get_passphrase(char *prompt); - /*** ./gencffi.pl: from ../../include/pcp/jenhash.h:25 */ unsigned jen_hash ( unsigned char *k, unsigned length, unsigned initval ); @@ -740,6 +728,9 @@ int ps_readline(Pcpstream *stream, Buffer *line); /*** ./gencffi.pl: from ../../include/pcp/randomart.h:54 */ char *key_fingerprint_randomart(unsigned char *dgst_raw, unsigned int dgst_raw_len); +/*** ./gencffi.pl: from ../../include/pcp/readpass.h:69 */ +int pcp_readpass_fromprog(PCPCTX *ptx, char **passwd, const char *askpass); + /*** ./gencffi.pl: from ../../include/pcp/scrypt.h:42 */ byte * pcp_scrypt(PCPCTX *ptx, char *passwd, size_t passwdlen, byte *nonce, size_t noncelen); @@ -867,63 +858,7 @@ uint8_t *zmq_z85_decode (uint8_t *dest, char *string); char *zmq_z85_encode (char *dest, uint8_t *data, size_t size);''' # ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_ZFILE_FOOTER = "----- END Z85 ENCODED FILE -----" - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_VAULT_ID = 14 - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_FORMAT_PBP = 2 - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_SIG_SUB_KEYFLAGS = 27 - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_SIG_END = "----- END ED25519 SIGNATURE -----" - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_SIG_CIPHER_NAME = "ED25519" - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_PK_HEADER = "----- BEGIN ED25519-CURVE29915 PUBLIC KEY -----" - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_SK_FOOTER = "----- END ED25519-CURVE29915 PRIVATE KEY -----" - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_ZFILE_HEADER = "----- BEGIN Z85 ENCODED FILE -----" - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_SIG_SUB_CTIME = 2 - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_SIG_HEADER = "----- BEGIN ED25519 SIGNED MESSAGE -----" - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_SIG_SUB_KEYEXPIRE = 9 - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -PBP_COMPAT_SALT = "qa~t](84z<1t<1oz:ik.@IRNyhG=8q(on9}4#!/_h#a7wqK{Nt$T?W>,mt8NqYq&6U,rSYI2GRDd:Bcm" - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_ASYM_CIPHER_ANON = 6 - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_SIG_TYPE = 0x1F +PCP_ENFILE_FOOTER = "\r\n----- END PCP ENCRYPTED FILE -----\r\n" # ./gencffi.pl: from ../../include/pcp/defines.h:172 @@ -931,19 +866,11 @@ EXP_SIG_SUB_NOTATION = 20 # ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_SYM_CIPHER = 23 +EXP_FORMAT_NATIVE = 1 # ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_CRYPTO_ADD = (32 - 16) - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_SIGPREFIX = "\nnacl-" - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_RFC_CIPHER = 0x21 +EXP_PK_CIPHER = 0x21 # ./gencffi.pl: from ../../include/pcp/defines.h:172 @@ -951,7 +878,19 @@ EXP_HASH_NAME = "BLAKE2" # ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_ENFILE_FOOTER = "\r\n----- END PCP ENCRYPTED FILE -----\r\n" +PCP_SYM_CIPHER = 23 + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +PCP_SIG_END = "----- END ED25519 SIGNATURE -----" + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +EXP_SK_HEADER = "----- BEGIN ED25519-CURVE29915 PRIVATE KEY -----" + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +EXP_PK_HEADER = "----- BEGIN ED25519-CURVE29915 PUBLIC KEY -----" # ./gencffi.pl: from ../../include/pcp/defines.h:172 @@ -959,13 +898,77 @@ EXP_HASH_CIPHER = 0x22 # ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_ASYM_CIPHER_SIG = 24 +EXP_SIG_SUB_KEYEXPIRE = 9 + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +EXP_PK_CIPHER_NAME = "CURVE25519-ED25519-POLY1305-SALSA20" + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +EXP_PK_FOOTER = "----- END ED25519-CURVE29915 PUBLIC KEY -----" # ./gencffi.pl: from ../../include/pcp/defines.h:172 EXP_SIG_CIPHER = 0x23 +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +PCP_SIG_HEADER = "----- BEGIN ED25519 SIGNED MESSAGE -----" + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +EXP_SIG_CIPHER_NAME = "ED25519" + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +PCP_BLOCK_SIZE = 32 * 1024 + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +PBP_COMPAT_SALT = "qa~t](84z<1t<1oz:ik.@IRNyhG=8q(on9}4#!/_h#a7wqK{Nt$T?W>,mt8NqYq&6U,rSYI2GRDd:Bcm" + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +EXP_SIG_TYPE = 0x1F + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +EXP_FORMAT_PBP = 2 + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +EXP_SIG_SUB_SIGEXPIRE = 3 + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +PCP_ASYM_CIPHER_ANON = 6 + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +EXP_SIG_SUB_CTIME = 2 + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +EXP_SIG_SUB_KEYFLAGS = 27 + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +PCP_ME = "Pretty Curved Privacy" + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +PCP_CRYPTO_ADD = (32 - 16) + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +EXP_SK_FOOTER = "----- END ED25519-CURVE29915 PRIVATE KEY -----" + + +# ./gencffi.pl: from ../../include/pcp/defines.h:172 +PCP_VAULT_ID = 14 + + # ./gencffi.pl: from ../../include/pcp/defines.h:172 PCP_ENFILE_HEADER = "----- BEGIN PCP ENCRYPTED FILE -----\r\n" @@ -975,31 +978,23 @@ PCP_ASYM_CIPHER = 5 # ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_PK_CIPHER_NAME = "CURVE25519-ED25519-POLY1305-SALSA20" +PCP_ASYM_CIPHER_SIG = 24 # ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_SIG_START = "----- BEGIN ED25519 SIGNATURE -----" +PCP_RFC_CIPHER = 0x21 # ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_BLOCK_SIZE = 32 * 1024 +PCP_ZFILE_FOOTER = "----- END Z85 ENCODED FILE -----" # ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_SIG_SUB_SIGEXPIRE = 3 +PCP_SIGPREFIX = "\nnacl-" # ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_PK_FOOTER = "----- END ED25519-CURVE29915 PUBLIC KEY -----" - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_SK_HEADER = "----- BEGIN ED25519-CURVE29915 PRIVATE KEY -----" - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_FORMAT_NATIVE = 1 +PCP_ZFILE_HEADER = "----- BEGIN Z85 ENCODED FILE -----" # ./gencffi.pl: from ../../include/pcp/defines.h:172 @@ -1007,8 +1002,4 @@ PCP_ENCRYPT_MAC = 56 # ./gencffi.pl: from ../../include/pcp/defines.h:172 -PCP_ME = "Pretty Curved Privacy" - - -# ./gencffi.pl: from ../../include/pcp/defines.h:172 -EXP_PK_CIPHER = 0x21 +PCP_SIG_START = "----- BEGIN ED25519 SIGNATURE -----" diff --git a/include/Makefile.am b/include/Makefile.am index b77f2f0..91e2677 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -2,7 +2,6 @@ PCPEXPORT = pcp.h \ pcp/crypto.h \ pcp/config.h \ pcp/defines.h \ - pcp/getpass.h \ pcp/jenhash.h \ pcp/key.h \ pcp/keyhash.h \ @@ -22,7 +21,7 @@ PCPEXPORT = pcp.h \ pcp/context.h \ pcp/structs.h \ pcp/util.h \ - pcp/plist.h \ + pcp/readpass.h \ pcp/scrypt.h nobase_include_HEADERS = $(PCPEXPORT) diff --git a/include/pcp.h b/include/pcp.h index d7def61..db842e4 100644 --- a/include/pcp.h +++ b/include/pcp.h @@ -11,7 +11,6 @@ extern "C" { #include "pcp/crypto.h" #include "pcp/defines.h" #include "pcp/ed.h" -#include "pcp/getpass.h" #include "pcp/jenhash.h" #include "pcp/key.h" #include "pcp/keyhash.h" @@ -22,6 +21,7 @@ extern "C" { #include "pcp/platform.h" #include "pcp/plist.h" #include "pcp/randomart.h" +#include "pcp/readpass.h" #include "pcp/scrypt.h" #include "pcp/structs.h" #include "pcp/uthash.h" diff --git a/include/pcp/version.h b/include/pcp/version.h index 58f1413..f34b509 100644 --- a/include/pcp/version.h +++ b/include/pcp/version.h @@ -25,7 +25,7 @@ #define PCP_VERSION_MAJOR 0 #define PCP_VERSION_MINOR 3 -#define PCP_VERSION_PATCH 0 +#define PCP_VERSION_PATCH 1 #define PCP_VERSION PCP_MAKE_VERSION(PCP_VERSION_MAJOR, PCP_VERSION_MINOR, PCP_VERSION_PATCH) #define PCP_MAKE_VERSION(major, minor, patch) ((major * 10000) + (minor * 100) + (patch)) diff --git a/libpcp/Makefile.am b/libpcp/Makefile.am index e65bd28..3a331cf 100644 --- a/libpcp/Makefile.am +++ b/libpcp/Makefile.am @@ -18,7 +18,7 @@ # # You can contact me by mail: . # -AM_CFLAGS = -I../include/pcp -Iscrypt/util +AM_CFLAGS = -I../include/pcp lib_LTLIBRARIES = libpcp1.la @@ -27,7 +27,7 @@ pkgconfig_DATA = libpcp1.pc libpcp1_la_SOURCES = platform.c mem.c version.c \ context.c z85.c zmq_z85.c key.c randomart.c \ - vault.c jenhash.c \ + vault.c jenhash.c readpass.c \ crypto.c ed.c keyhash.c scrypt.c \ util.c buffer.c mgmt.c keysig.c pcpstream.c diff --git a/src/Makefile.am b/src/Makefile.am index 1384302..4c257c3 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -20,14 +20,14 @@ # -AM_CFLAGS = -I../include/pcp -I../libpcp/scrypt/crypto +AM_CFLAGS = -I../include/pcp EXTRA_DIST = *.h bin_PROGRAMS = pcp1 pcp1_LDADD = ../libpcp/.libs/libpcp1.a -pcp1_SOURCES = pcp.c keymgmt.c keyprint.c readpass.c \ +pcp1_SOURCES = pcp.c keymgmt.c keyprint.c \ encryption.c z85util.c signature.c \ compat_getopt.c diff --git a/src/encryption.c b/src/encryption.c index 2b7b4c3..78cc0a9 100644 --- a/src/encryption.c +++ b/src/encryption.c @@ -66,7 +66,7 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i char *passphrase; if(passwd == NULL) { - pcp_readpass(&passphrase, + pcp_readpass(ptx, &passphrase, "Enter passphrase for symetric decryption", NULL, 1, NULL); } else { @@ -99,7 +99,7 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i /* encrypted, decrypt it */ char *passphrase; if(passwd == NULL) { - pcp_readpass(&passphrase, + pcp_readpass(ptx, &passphrase, "Enter passphrase to decrypt your secret key", NULL, 1, NULL); } else { @@ -135,6 +135,7 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i else { dlen = pcp_decrypt_stream(ptx, pin, pout, NULL, symkey, verify, 0); sfree(symkey); + symkey = NULL; } ps_close(pin); @@ -151,7 +152,7 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i errde3: if(symkey != NULL) - free(symkey); + sfree(symkey); return 1; } @@ -173,7 +174,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec symmode = 1; char *passphrase; if(passwd == NULL) { - pcp_readpass(&passphrase, + pcp_readpass(ptx, &passphrase, "Enter passphrase for symetric encryption", "Repeat passphrase", 1, NULL); } else { @@ -267,7 +268,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec /* encrypted, decrypt it */ char *passphrase; if(passwd == NULL) { - pcp_readpass(&passphrase, + pcp_readpass(ptx, &passphrase, "Enter passphrase to decrypt your secret key", NULL, 1, NULL); } else { diff --git a/src/keymgmt.c b/src/keymgmt.c index ed2f059..786455c 100644 --- a/src/keymgmt.c +++ b/src/keymgmt.c @@ -77,7 +77,7 @@ void pcp_keygen(char *passwd) { char *passphrase; if(passwd == NULL) { - pcp_readpass(&passphrase, + pcp_readpass(ptx, &passphrase, "Enter passphrase for key encryption", "Enter the passphrase again", 1, NULL); } @@ -230,7 +230,7 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa /* decrypt the secret key */ if(passwd == NULL) { char *passphrase; - pcp_readpass(&passphrase, + pcp_readpass(ptx, &passphrase, "Enter passphrase to decrypt your secret key", NULL, 1, NULL); key = pcpkey_decrypt(ptx, key, passphrase); if(key == NULL) { @@ -254,7 +254,7 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa } else { char *passphrase; - pcp_readpass(&passphrase, + pcp_readpass(ptx, &passphrase, "Enter passphrase to encrypt the exported secret key", "Repeat passphrase", 1, NULL); exported_sk = pcp_export_secret(ptx, key, passphrase); @@ -344,7 +344,7 @@ void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int } else { char *passphrase; - pcp_readpass(&passphrase, + pcp_readpass(ptx, &passphrase, "Enter passphrase to decrypt your secret key", NULL, 1, NULL); sk = pcpkey_decrypt(ptx, sk, passphrase); sfree(passphrase); @@ -431,7 +431,7 @@ void pcpedit_key(char *keyid) { if(key != NULL) { if(key->secret[0] == 0) { char *passphrase; - pcp_readpass(&passphrase, "Enter passphrase to decrypt the key", NULL, 1, NULL); + pcp_readpass(ptx, &passphrase, "Enter passphrase to decrypt the key", NULL, 1, NULL); key = pcpkey_decrypt(ptx, key, passphrase); sfree(passphrase); } @@ -482,7 +482,7 @@ void pcpedit_key(char *keyid) { } char *passphrase; - pcp_readpass(&passphrase, + pcp_readpass(ptx, &passphrase, "Enter new passphrase for key encryption (press enter to keep current)", "Enter the passphrase again", 1, NULL); @@ -592,7 +592,7 @@ int pcp_import (vault_t *vault, FILE *in, char *passwd) { } else { char *passphrase; - pcp_readpass(&passphrase, + pcp_readpass(ptx, &passphrase, "Enter passphrase to decrypt the secret key file", NULL, 1, NULL); sk = pcp_import_secret(ptx, buf, bufsize, passphrase); sfree(passphrase); @@ -617,7 +617,7 @@ int pcp_import (vault_t *vault, FILE *in, char *passwd) { } else { char *passphrase; - pcp_readpass(&passphrase, + pcp_readpass(ptx, &passphrase, "Enter passphrase for key encryption", "Enter the passphrase again", 1, NULL); diff --git a/src/signature.c b/src/signature.c index 3fc38cc..97c16d5 100644 --- a/src/signature.c +++ b/src/signature.c @@ -58,7 +58,7 @@ int pcpsign(char *infile, char *outfile, char *passwd, int z85, int detach) { /* encrypted, decrypt it */ char *passphrase; if(passwd == NULL) { - pcp_readpass(&passphrase, + pcp_readpass(ptx, &passphrase, "Enter passphrase to decrypt your secret key", NULL, 1, NULL); } else { diff --git a/tests/Makefile.am b/tests/Makefile.am index a3ad79d..23dfa90 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -28,7 +28,7 @@ if BUILDJSON MAYJSON=jsontest endif -AM_CFLAGS = -I../include/pcp -I../src -I../libpcp/scrypt/crypto +AM_CFLAGS = -I../include/pcp -I../src check_PROGRAMS = invalidkeys gencheader statictest $(CPPTEST) \ buffertest sample streamtest pipetest decodertest mangle @@ -68,7 +68,7 @@ mangle_LDADD = mangle_SOURCES = mangle.c invalidkeys_LDADD = ../libpcp/.libs/libpcp1.a \ - ../src/keyprint.o ../src/keymgmt.o ../src/readpass.o + ../src/keyprint.o ../src/keymgmt.o invalidkeys_SOURCES = invalidkeys.c if BUILDCPP