mirror of
https://codeberg.org/scip/pcp.git
synced 2026-02-04 15:10:59 +01:00
finally got pbp key export/import to work. in order to make it happen, pbp needs to be patched (see pbp issue#10 for details!) to enable padding.
This commit is contained in:
git@daemon.de
@@ -376,9 +376,11 @@ int pcp_importsecret (vault_t *vault, FILE *in) {
|
||||
int pcp_importpublic (vault_t *vault, FILE *in, int pbpcompat) {
|
||||
pcp_pubkey_t *pub = NULL;
|
||||
if(pbpcompat == 1) {
|
||||
char *date = NULL;
|
||||
char *parts = NULL;
|
||||
int pnum;
|
||||
pbp_pubkey_t *b = ucmalloc(sizeof(pbp_pubkey_t));
|
||||
pcp_pubkey_t *tmp = ucmalloc(sizeof(pcp_pubkey_t));
|
||||
pub = ucmalloc(sizeof(pcp_pubkey_t));
|
||||
unsigned char *buf = ucmalloc(2048);
|
||||
unsigned char *bin = ucmalloc(2048);
|
||||
@@ -396,7 +398,8 @@ int pcp_importpublic (vault_t *vault, FILE *in, int pbpcompat) {
|
||||
nlen -= 1;
|
||||
}
|
||||
}
|
||||
klen = (nlen / 5) * 4;
|
||||
|
||||
klen = nlen /5 * 4; /*((nlen + (5 - (nlen % 5))) / 5) * 4;*/
|
||||
|
||||
if(decode_85((char *)bin, (char *)buf, klen) != 0)
|
||||
goto errimp1;
|
||||
@@ -407,6 +410,9 @@ int pcp_importpublic (vault_t *vault, FILE *in, int pbpcompat) {
|
||||
goto errimp1;
|
||||
}
|
||||
|
||||
if(debug)
|
||||
_dump("sig", bin, nlen);
|
||||
|
||||
/* unpad result, if any */
|
||||
for(i=klen; i>0; --i) {
|
||||
if(bin[i] != '\0' && i < klen) {
|
||||
@@ -418,6 +424,19 @@ int pcp_importpublic (vault_t *vault, FILE *in, int pbpcompat) {
|
||||
/* use first part as sig and verify */
|
||||
memcpy(b, &bin[crypto_sign_BYTES], klen - crypto_sign_BYTES);
|
||||
|
||||
if(debug)
|
||||
_dump("sig", bin, klen);
|
||||
|
||||
/* parse the date */
|
||||
date = ucmalloc(19);
|
||||
memcpy(date, b->iso_ctime, 18);
|
||||
date[19] = '\0';
|
||||
struct tm c;
|
||||
if(strptime(date, "%Y-%m-%dT%H:%M:%S", &c) == NULL) {
|
||||
fatal("Failed to parse creation time in PBP public key file (<%s>)\n", date);
|
||||
goto errimp2;
|
||||
}
|
||||
|
||||
/* parse the name */
|
||||
parts = strtok (b->name, "<>");
|
||||
pnum = 0;
|
||||
@@ -433,22 +452,35 @@ int pcp_importpublic (vault_t *vault, FILE *in, int pbpcompat) {
|
||||
|
||||
if(strlen(b->name) == 0) {
|
||||
char *owner = pcp_getstdin("Enter the name of the key owner");
|
||||
memcpy(b->name, owner, strlen(owner) + 1);
|
||||
memcpy(pub->owner, owner, strlen(owner) + 1);
|
||||
free(owner);
|
||||
}
|
||||
|
||||
/* fill in the fields */
|
||||
pub->ctime = (long)time(0); /* pbp exports no ctime */
|
||||
pub->ctime = (long)mktime(&c);
|
||||
pub->type = PCP_KEY_TYPE_PUBLIC;
|
||||
pub->version = PCP_KEY_VERSION;
|
||||
pub->serial = arc4random();
|
||||
memcpy(pub->id, pcp_getpubkeyid(pub), 17);
|
||||
memcpy(pub->pub, b->pub, crypto_box_PUBLICKEYBYTES);
|
||||
memcpy(pub->edpub, b->edpub, crypto_sign_PUBLICKEYBYTES);
|
||||
memcpy(pub->id, pcp_getpubkeyid(pub), 17);
|
||||
|
||||
/* edpub used for signing, might differ */
|
||||
memcpy(tmp->edpub, b->sigpub, crypto_sign_PUBLICKEYBYTES);
|
||||
|
||||
if(debug) {
|
||||
_dump(" mp", tmp->edpub, crypto_sign_PUBLICKEYBYTES);
|
||||
_dump(" cp", pub->pub, crypto_sign_PUBLICKEYBYTES);
|
||||
_dump(" sp", pub->edpub, crypto_sign_PUBLICKEYBYTES);
|
||||
_dump("name", (unsigned char *)pub->owner, strlen(pub->owner));
|
||||
_dump(" sig", bin, klen);
|
||||
fprintf(stderr, "<%s>\n", (unsigned char *)pub->owner);
|
||||
pcp_dumppubkey(pub);
|
||||
}
|
||||
|
||||
unsigned char *sig = pcp_ed_verify(bin, klen, tmp);
|
||||
free(tmp);
|
||||
|
||||
fprintf(stderr, "edpub: "); pcpprint_bin(stderr, pub->edpub, crypto_sign_PUBLICKEYBYTES); fprintf(stderr, "\n");
|
||||
fprintf(stderr, " sig: "); pcpprint_bin(stderr, bin, klen); fprintf(stderr, "\n");
|
||||
unsigned char *sig = pcp_ed_verify(bin, klen, pub);
|
||||
if(sig == NULL)
|
||||
goto errimp1;
|
||||
|
||||
@@ -458,6 +490,8 @@ int pcp_importpublic (vault_t *vault, FILE *in, int pbpcompat) {
|
||||
free(bin);
|
||||
goto kimp;
|
||||
|
||||
errimp2:
|
||||
free(date);
|
||||
|
||||
errimp1:
|
||||
free(bin);
|
||||
|
||||
@@ -233,23 +233,52 @@ void pcppubkey_print(pcp_pubkey_t *key, FILE* out, int pbpcompat) {
|
||||
|
||||
secret = pcpkey_decrypt(secret, passphrase);
|
||||
if(secret != NULL) {
|
||||
size_t pbplen = crypto_sign_PUBLICKEYBYTES+crypto_box_PUBLICKEYBYTES+crypto_sign_PUBLICKEYBYTES+strlen(key->owner);
|
||||
size_t pbplen = crypto_sign_PUBLICKEYBYTES+crypto_box_PUBLICKEYBYTES+crypto_sign_PUBLICKEYBYTES+strlen(key->owner)+64;
|
||||
|
||||
/* we need to do the padding here, since pbp verifies the sig including the pad */
|
||||
/*
|
||||
int pad = pbplen % 4;
|
||||
if(pad > 0) {
|
||||
pad = 4 - pad;
|
||||
pbplen += pad;
|
||||
}
|
||||
*/
|
||||
|
||||
unsigned char *blob = ucmalloc(pbplen);
|
||||
|
||||
fprintf(stderr, "edpub: "); pcpprint_bin(stderr, key->edpub, crypto_sign_PUBLICKEYBYTES); fprintf(stderr, "\n");
|
||||
fprintf(stderr, " pub: "); pcpprint_bin(stderr, key->pub, crypto_box_PUBLICKEYBYTES); fprintf(stderr, "\n");
|
||||
fprintf(stderr, "edpub: "); pcpprint_bin(stderr, key->edpub, crypto_sign_PUBLICKEYBYTES); fprintf(stderr, "\n");
|
||||
if(debug) {
|
||||
_dump(" mp", secret->edpub, crypto_sign_PUBLICKEYBYTES);
|
||||
_dump(" cp", key->pub, crypto_sign_PUBLICKEYBYTES);
|
||||
_dump(" sp", key->edpub, crypto_sign_PUBLICKEYBYTES);
|
||||
_dump("name", (unsigned char *)key->owner, strlen(key->owner));
|
||||
}
|
||||
|
||||
memcpy(blob, key->edpub, crypto_sign_PUBLICKEYBYTES);
|
||||
memcpy(&blob[crypto_sign_PUBLICKEYBYTES], key->pub, crypto_box_PUBLICKEYBYTES);
|
||||
memcpy(&blob[crypto_sign_PUBLICKEYBYTES+crypto_box_PUBLICKEYBYTES], key->edpub, crypto_sign_PUBLICKEYBYTES);
|
||||
memcpy(&blob[crypto_sign_PUBLICKEYBYTES+crypto_box_PUBLICKEYBYTES+crypto_sign_PUBLICKEYBYTES],
|
||||
key->owner, strlen(key->owner));
|
||||
/* pkt = keys.sign(keys.mp+keys.sp+keys.cp+dates+keys.name, master=True) */
|
||||
memcpy(blob, secret->edpub, crypto_sign_PUBLICKEYBYTES);
|
||||
memcpy(&blob[crypto_sign_PUBLICKEYBYTES], key->edpub, crypto_sign_PUBLICKEYBYTES);
|
||||
memcpy(&blob[crypto_sign_PUBLICKEYBYTES*2], key->pub, crypto_box_PUBLICKEYBYTES);
|
||||
|
||||
struct tm *v;
|
||||
time_t vt = t + 31536000;
|
||||
v = localtime(&vt);
|
||||
|
||||
char *date = ucmalloc(65);
|
||||
|
||||
sprintf(date, "%04d-%02d-%02dT%02d:%02d:%02d.000000 %04d-%02d-%02dT%02d:%02d:%02d.000000 ",
|
||||
c->tm_year+1900-1, c->tm_mon+1, c->tm_mday, // wtf? why -1?
|
||||
c->tm_hour, c->tm_min, c->tm_sec,
|
||||
v->tm_year+1900-1, v->tm_mon+1, v->tm_mday,
|
||||
v->tm_hour, v->tm_min, v->tm_sec);
|
||||
|
||||
memcpy(&blob[crypto_sign_PUBLICKEYBYTES+crypto_box_PUBLICKEYBYTES*2], date, 64);
|
||||
|
||||
memcpy(&blob[crypto_sign_PUBLICKEYBYTES+crypto_box_PUBLICKEYBYTES*2+64], key->owner, strlen(key->owner));
|
||||
|
||||
unsigned char *sig = pcp_ed_sign(blob, pbplen, secret);
|
||||
fprintf(stderr, " sig: "); pcpprint_bin(stderr, sig, pbplen+crypto_sign_BYTES); fprintf(stderr, "\n");
|
||||
fprintf(stderr, "siglen: %d, inlen: %ld\n", crypto_sign_BYTES, pbplen);
|
||||
|
||||
if(debug)
|
||||
_dump(" sig", sig, crypto_sign_BYTES+pbplen);
|
||||
|
||||
if(sig != NULL) {
|
||||
size_t siglen = pbplen + crypto_sign_BYTES;
|
||||
size_t blen = ((siglen / 4) * 5) + siglen;
|
||||
|
||||
Reference in New Issue
Block a user