scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-16 19:40:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

migrate to codeberg (#21)

Browse Source
This commit is contained in:
T. von Dein
2025-11-24 23:02:13 +01:00
parent 48e87fd605
commit 913f584b76
59 changed files with 1702 additions and 2072 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
.woodpecker/build.yaml Normal file
View File

@@ -0,0 +1,29 @@
matrix:
platform:
- linux/amd64
labels:
platform: ${platform}
steps:
build:
when:
event: [push]
image: alpine:latest
commands:
- apk update
- apk add --no-cache bash build-base gdb perl libsodium libsodium-dev libbsd libbsd-dev jansson jansson-dev db db-dev pkgconfig meson ninja
- meson setup --reconfigure build
- ninja -C build
test:
when:
event: [push]
image: alpine:latest
commands:
- apk update
- apk add --no-cache bash build-base gdb perl libsodium libsodium-dev libbsd libbsd-dev jansson jansson-dev db db-dev pkgconfig meson ninja
- meson setup --reconfigure build
- ninja -C build test

54
.woodpecker/release.sh Executable file
View File

@@ -0,0 +1,54 @@
#!/bin/bash
# This is my own simple codeberg generic releaser. It takes to
# binaries to be uploaded as arguments and takes every other args from
# env. Works on tags or normal commits (push), tags must start with v.
set -e
die() {
echo $*
exit 1
}
if test -z "$DEPLOY_TOKEN"; then
die "token DEPLOY_TOKEN not set"
fi
git fetch --all
# determine current tag or commit hash
version="$CI_COMMIT_TAG"
previous=""
log=""
if test -z "$version"; then
version="${CI_COMMIT_SHA:0:6}"
log=$(git log -1 --oneline)
else
previous=$(git tag -l | grep -E "^v" | tac | grep -A1 "$version" | tail -1)
log=$(git log -1 --oneline "${previous}..${version}" | sed 's|^|- |g')
fi
# release body
printf "# Changes\n\n %s\n" "$log" > body.txt
# create the release
https --ignore-stdin --check-status -b -A bearer -a "$DEPLOY_TOKEN" POST \
"https://codeberg.org/api/v1/repos/${CI_REPO_OWNER}/${CI_REPO_NAME}/releases" \
tag_name="$version" name="Release $version" body=@body.txt > release.json
# we need the id to upload files
ID=$(jq -r .id < release.json)
if test -z "$ID"; then
cat release.json
die "failed to create release"
fi
# actually upload
for file in "$@"; do
https --ignore-stdin --check-status -A bearer -a "$DEPLOY_TOKEN" -f POST \
"https://codeberg.org/api/v1/repos/${CI_REPO_OWNER}/${CI_REPO_NAME}/releases/$ID/assets" \
"name=${file}" "attachment@${file}"
done

28
.woodpecker/release.yaml Normal file
View File

@@ -0,0 +1,28 @@
# build release
labels:
platform: linux/amd64
steps:
dist:
when:
event: [tag,manual]
image: alpine:latest
commands:
- apk update
- apk add --no-cache bash build-base gdb perl libsodium libsodium-dev libbsd libbsd-dev jansson jansson-dev db db-dev pkgconfig meson ninja git
- meson setup --reconfigure --buildtype=release build
- meson dist -C build --formats xztar,gztar,zip --no-tests
- mv build/meson-dist/* .
release:
image: alpine:latest
when:
event: [tag,manual]
environment:
DEPLOY_TOKEN:
from_secret: DEPLOY_TOKEN
commands:
- apk update
- apk add --no-cache bash httpie jq git
- .woodpecker/release.sh pcp-*

19
.woodpecker/test.sh Executable file
View File

@@ -0,0 +1,19 @@
#!/bin/bash
yq '.steps.test-gdbm.commands' < .woodpecker/build.yaml \
| grep -- - | grep -v apk | sed 's/^\- //' \
| while read COMMAND; do
echo "$COMMAND" | bash -e > debug.log 2>&1
if test $? -ne 0; then
echo "fail - $COMMAND"
if test -s debug.log; then
cat debug.log
else
echo exit 1
fi
else
echo "ok - $COMMAND"
fi
done
rm -f debug.log

182
README
View File

@@ -1,182 +0,0 @@
DESCRIPTION
Pretty Curved Privacy (pcp1) is a commandline utility which can be used
to encrypt files. pcp1 uses eliptc curve cryptography for encryption
(CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide
accepted standard it hasn't been compromised by the NSA - which might be
better, depending on your point of view.
Caution: since CURVE25519 is no accepted standard, pcp1 has to be
considered as experimental software. In fact, I wrote it just to learn
about the curve and see how it works.
Beside some differences it works like GNUPG. So, if you already know how
to use gpg, you'll feel almost home.
QUICKSTART
Lets say, Alicia and Bobby want to exchange encrypted messages. Here's
what the've got to do.
First, both have create a secret key:
Alicia Bobby
pcp1 -k pcp1 -k
After entering their name, email address and a passphrase to protect the
key, it will be stored in their vault file (by default ~/.pcpvault).
Now, both of them have to export the public key, which has to be
imported by the other one. With pcp you can export the public part of
your primary key, but the better solution is to export a derived public
key especially for the recipient:
Alicia Bobby
pcp1 -p -r Bobby -O alicia.pub pcp1 -p -r Alicia -O bobby.pub
They've to exchange the public key somehow (which is not my problem at
the moment, use ssh, encrypted mail, whatever). Once exchanged, they
have to import it:
Alicia Bobby
pcp1 -K -I bobby.pub pcp1 -K -I alicia.pub
They will see a response as this when done:
key 0x29A323A2C295D391 added to .pcpvault.
Now, Alicia finally writes the secret message, encrypts it and sends it
to Bobby, who in turn decrypts it:
Alicia Bobby
echo "Love you, honey" > letter
pcp1 -e -r Bobby -I letter -O letter.asc
cat letter.asc | mail bobby@foo.bar
pcp1 -d -I letter.asc | less
And that's it.
Please note the big difference to GPG though: both Alicia AND Bobby have
to enter the passphrase for their secret key! That's the way CURVE25519
works: you encrypt a message using your secret key and the recipients
public key and the recipient does the opposite, he uses his secret key
and your public key to actually decrypt the message.
Oh - and if you're wondering why I named them Alicia and Bobby: I was
just sick of Alice and Bob. We're running NSA-free, so we're using other
sample names as well.
FILES AND PIPES
Pcp behaves like any other unix tool. If not otherwise specified it will
read input from standard input (STDIN) and print output to standard
output (STDOUT). For instance:
pcp1 -e -O output
will read the text to be encrypted from standard input, because -I has
not been specified. It works the same with -O:
pcp1 -e -I myfile
In this case the encrypted result will be written to standard output.
Therefore it is possible to use pcp within pipes. Another more realistic
example:
ssh remote cat file | pcp1 -ez | mailx -s 'as requested' bob@somewhere
here we encrypt a file symmetrically without downloading it from a
remote ssh server and sending the encrypted result via email to someone.
The behavior is the same with any other functionality where files are
involved like importing or exporting keys. However, there's one
exception: If the option -X (--password-file) has been used and is set
to -, then this will take precedence over any other possible use of
standard input. So if you want to encrypt something and don't specify an
input file you cannot use -X -, and vice versa. IF you use -X - the
passphrase will be read from standard input, which then can't be used
further for input files elsewhere. Pcp will exit with an error in such a
case.
INSTALLATION
There are currently no packages available, so pcp has to be compiled
from source. Follow these steps:
First, you will need libsodium:
git clone git://github.com/jedisct1/libsodium.git
cd libsodium
./autogen.sh
./configure && make check
sudo make install
sudo ldconfig
cd ..
If you want to have JSON support, you'll need to install the Jansson
library (optional):
git clone git://github.com/akheron/jansson.git
cd jansson
autoreconf -i
./configure && make
sudo make install
cd ..
In order to use the python binding, you need to install the cffi python
package.
Next, build pcp:
git clone git://github.com/tlinden/pcp.git
cd pcp
./configure
sudo make install
cd ..
Optionally, you might run the unit tests:
make test
DOCUMENTATION
To learn how to use pcp, read the manpage:
man pcp1
COPYRIGHT
Copyright (c) 2013-2015 by T.v.Dein <tom AT vondein DOT org>
ADDITIONAL COPYRIGHTS
ZeroMQ Z85 encoding routine
Copyright (c) 2007-2013 iMatix Corporation
Copyright (c) 2009-2011 250bpm s.r.o.
Copyright (c) 2010-2011 Miru Limited
Copyright (c) 2011 VMware, Inc.
Copyright (c) 2012 Spotify AB
Tarsnap readpass helpers
Copyright 2009 Colin Percival
jen_hash() hash algorithm
Bob Jenkins, Public Domain.
UTHASH hashing macros
Copyright (c) 2003-2013, Troy D. Hanson
Random art image from OpenSSH keygen
Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
Comitted by Alexander von Gernler in rev 1.7.
Every incorporated source code is opensource and licensed under the GPL
as well.
AUTHORS
*T.v.Dein <tom AT vondein DOT org*>
LICENSE
Licensed under the GNU GENERAL PUBLIC LICENSE version 3.
HOME
The homepage of Pretty Curved Privacy can be found on
http://www.daemon.de/PrettyCurvedPrivacy. The source is on Github:
https://github.com/TLINDEN/pcp

187
README.md Normal file
View File

@@ -0,0 +1,187 @@
# Pretty Curved Privacy
Pretty Curved Privacy (pcp1) is a commandline utility which can be used
to encrypt files. pcp1 uses eliptc curve cryptography for encryption
(CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide
accepted standard it hasn't been compromised by the NSA - which might be
better, depending on your point of view.
Caution: since CURVE25519 is no accepted standard, pcp1 has to be
considered as experimental software. In fact, I wrote it just to learn
about the curve and see how it works.
Beside some differences it works like GNUPG. So, if you already know how
to use gpg, you'll feel almost home.
# QUICKSTART
Lets say, Alicia and Bobby want to exchange encrypted messages. Here's
what the've got to do.
First, both have create a secret key:
Alicia Bobby
pcp1 -k pcp1 -k
After entering their name, email address and a passphrase to protect the
key, it will be stored in their vault file (by default ~/.pcpvault).
Now, both of them have to export the public key, which has to be
imported by the other one. With pcp you can export the public part of
your primary key, but the better solution is to export a derived public
key especially for the recipient:
Alicia Bobby
pcp1 -p -r Bobby -O alicia.pub pcp1 -p -r Alicia -O bobby.pub
They've to exchange the public key somehow (which is not my problem at
the moment, use ssh, encrypted mail, whatever). Once exchanged, they
have to import it:
Alicia Bobby
pcp1 -K -I bobby.pub pcp1 -K -I alicia.pub
They will see a response as this when done:
key 0x29A323A2C295D391 added to .pcpvault.
Now, Alicia finally writes the secret message, encrypts it and sends it
to Bobby, who in turn decrypts it:
Alicia Bobby
echo "Love you, honey" > letter
pcp1 -e -r Bobby -I letter -O letter.asc
cat letter.asc | mail bobby@foo.bar
pcp1 -d -I letter.asc | less
And that's it.
Please note the big difference to GPG though: both Alicia AND Bobby have
to enter the passphrase for their secret key! That's the way CURVE25519
works: you encrypt a message using your secret key and the recipients
public key and the recipient does the opposite, he uses his secret key
and your public key to actually decrypt the message.
Oh - and if you're wondering why I named them Alicia and Bobby: I was
just sick of Alice and Bob. We're running NSA-free, so we're using other
sample names as well.
# FILES AND PIPES
Pcp behaves like any other unix tool. If not otherwise specified it will
read input from standard input (STDIN) and print output to standard
output (STDOUT). For instance:
pcp1 -e -O output
will read the text to be encrypted from standard input, because -I has
not been specified. It works the same with -O:
pcp1 -e -I myfile
In this case the encrypted result will be written to standard output.
Therefore it is possible to use pcp within pipes. Another more realistic
example:
ssh remote cat file | pcp1 -ez | mailx -s 'as requested' bob@somewhere
here we encrypt a file symmetrically without downloading it from a
remote ssh server and sending the encrypted result via email to someone.
The behavior is the same with any other functionality where files are
involved like importing or exporting keys. However, there's one
exception: If the option -X (--password-file) has been used and is set
to -, then this will take precedence over any other possible use of
standard input. So if you want to encrypt something and don't specify an
input file you cannot use -X -, and vice versa. IF you use -X - the
passphrase will be read from standard input, which then can't be used
further for input files elsewhere. Pcp will exit with an error in such a
case.
# INSTALLATION
here are currently no packages available, so pcp has to be compiled
from source. Follow these steps:
First, you will need libsodium:
git clone git://github.com/jedisct1/libsodium.git
cd libsodium
./autogen.sh
./configure && make check
sudo make install
sudo ldconfig
cd ..
If you want to have JSON support, you'll need to install the Jansson
library (optional):
git clone git://github.com/akheron/jansson.git
cd jansson
autoreconf -i
./configure && make
sudo make install
cd ..
In order to use the python binding, you need to install the cffi python
package.
Next, build pcp:
git clone git://codeberg.org/scip/pcp.git
cd pcp
meson setup build
ninja -C build
sudo ninja -C install
Optionally, you might run the unit tests:
make test
DOCUMENTATION
To learn how to use pcp, read the manpage:
man pcp1
# COPYRIGHT
Copyright (c) 2013-2015 by T.v.Dein <tom AT vondein DOT org>
## ZeroMQ Z85 encoding routine:
- Copyright (c) 2007-2013 iMatix Corporation
- Copyright (c) 2009-2011 250bpm s.r.o.
- Copyright (c) 2010-2011 Miru Limited
- Copyright (c) 2011 VMware, Inc.
- Copyright (c) 2012 Spotify AB
## Tarsnap readpass helpers
Copyright 2009 Colin Percival
## jen_hash() hash algorithm
Bob Jenkins, Public Domain.
## UTHASH hashing macros
Copyright (c) 2003-2013, Troy D. Hanson
# Random art image from OpenSSH keygen
Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
Comitted by Alexander von Gernler in rev 1.7.
# AUTHORS
*T.v.Dein <tom AT vondein DOT org*>
# LICENSE
Licensed under the GNU GENERAL PUBLIC LICENSE version 3.

217
README.pod
View File

@@ -1,217 +0,0 @@
=begin html
<a href="https://travis-ci.org/TLINDEN/pcp"><img
src="https://travis-ci.org/TLINDEN/pcp.svg?branch=master"
alt="build status"/></a>
<a href="https://ci.appveyor.com/project/TLINDEN/pcp"><img
src="https://ci.appveyor.com/api/projects/status/7e833vup5pqhse83?svg=true"
alt="build status"/></a>
=end html
=head1 DESCRIPTION
B<Pretty Curved Privacy> (pcp1) is a commandline utility which can
be used to encrypt files. B<pcp1> uses eliptc curve cryptography
for encryption (CURVE25519 by Dan J. Bernstein). While CURVE25519
is no worldwide accepted standard it hasn't been compromised by
the NSA - which might be better, depending on your point of view.
B<Caution>: since CURVE25519 is no accepted standard, B<pcp1> has
to be considered as experimental software. In fact, I wrote it just
to learn about the curve and see how it works.
Beside some differences it works like B<GNUPG>. So, if you already
know how to use gpg, you'll feel almost home.
=head1 QUICKSTART
Lets say, Alicia and Bobby want to exchange encrypted messages.
Here's what the've got to do.
First, both have create a secret key:
Alicia Bobby
pcp1 -k pcp1 -k
After entering their name, email address and a passphrase to protect
the key, it will be stored in their B<vault file> (by default ~/.pcpvault).
Now, both of them have to export the public key, which has to be
imported by the other one. With B<pcp> you can export the public
part of your primary key, but the better solution is to export
a derived public key especially for the recipient:
Alicia Bobby
pcp1 -p -r Bobby -O alicia.pub pcp1 -p -r Alicia -O bobby.pub
They've to exchange the public key somehow (which is not my
problem at the moment, use ssh, encrypted mail, whatever). Once exchanged,
they have to import it:
Alicia Bobby
pcp1 -K -I bobby.pub pcp1 -K -I alicia.pub
They will see a response as this when done:
key 0x29A323A2C295D391 added to .pcpvault.
Now, Alicia finally writes the secret message, encrypts it and
sends it to Bobby, who in turn decrypts it:
Alicia Bobby
echo "Love you, honey" > letter
pcp1 -e -r Bobby -I letter -O letter.asc
cat letter.asc | mail bobby@foo.bar
pcp1 -d -I letter.asc | less
And that's it.
Please note the big difference to B<GPG> though: both Alicia
AND Bobby have to enter the passphrase for their secret key!
That's the way CURVE25519 works: you encrypt a message using
your secret key and the recipients public key and the recipient
does the opposite, he uses his secret key and your public key
to actually decrypt the message.
Oh - and if you're wondering why I named them Alicia and Bobby:
I was just sick of Alice and Bob. We're running NSA-free, so we're
using other sample names as well.
=head1 FILES AND PIPES
Pcp behaves like any other unix tool. If not otherwise specified
it will read input from standard input (STDIN) and print output
to standard output (STDOUT). For instance:
pcp1 -e -O output
will read the text to be encrypted from standard input, because B<-I>
has not been specified. It works the same with B<-O>:
pcp1 -e -I myfile
In this case the encrypted result will be written to standard output.
Therefore it is possible to use pcp within pipes. Another more
realistic example:
ssh remote cat file | pcp1 -ez | mailx -s 'as requested' bob@somewhere
here we encrypt a file symmetrically without downloading it from a
remote ssh server and sending the encrypted result via email to
someone.
The behavior is the same with any other functionality where files are involved
like importing or exporting keys. However, there's one exception:
If the option B<-X> (B<--password-file>) has been used and is set
to B<->, then this will take precedence over any other possible use
of standard input. So if you want to encrypt something and don't
specify an input file you cannot use B<-X ->, and vice versa. IF
you use B<-X -> the passphrase will be read from standard input, which
then can't be used further for input files elsewhere. Pcp will exit
with an error in such a case.
=head1 INSTALLATION
There are currently no packages available, so B<pcp> has to be
compiled from source. Follow these steps:
First, you will need libsodium:
git clone git://github.com/jedisct1/libsodium.git
cd libsodium
./autogen.sh
./configure && make check
sudo make install
sudo ldconfig
cd ..
If you want to have JSON support, you'll need to install the
Jansson library (optional):
git clone git://github.com/akheron/jansson.git
cd jansson
autoreconf -i
./configure && make
sudo make install
cd ..
In order to use the python binding, you need to install the
B<cffi> python package.
Next, build pcp:
git clone git://github.com/tlinden/pcp.git
cd pcp
./configure
sudo make install
cd ..
Optionally, you might run the unit tests:
make test
=head1 DOCUMENTATION
To learn how to use B<pcp>, read the manpage:
man pcp1
=head1 COPYRIGHT
Copyright (c) 2013-2015 by T.v.Dein <tom AT vondein DOT org>
=head1 ADDITIONAL COPYRIGHTS
=over
=item B<ZeroMQ Z85 encoding routine>
Copyright (c) 2007-2013 iMatix Corporation
Copyright (c) 2009-2011 250bpm s.r.o.
Copyright (c) 2010-2011 Miru Limited
Copyright (c) 2011 VMware, Inc.
Copyright (c) 2012 Spotify AB
=item B<Tarsnap readpass helpers>
Copyright 2009 Colin Percival
=item B<jen_hash() hash algorithm>
Bob Jenkins, Public Domain.
=item B<UTHASH hashing macros>
Copyright (c) 2003-2013, Troy D. Hanson
=item B<Random art image from OpenSSH keygen>
Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
Comitted by Alexander von Gernler in rev 1.7.
=back
Every incorporated source code is opensource and licensed
under the B<GPL> as well.
=head1 AUTHORS
I<T.v.Dein <tom AT vondein DOT org>>
=head1 LICENSE
Licensed under the GNU GENERAL PUBLIC LICENSE version 3.
=head1 HOME
The homepage of Pretty Curved Privacy can be found on
http://www.daemon.de/PrettyCurvedPrivacy. The source is
on Github: https://github.com/TLINDEN/pcp
=cut

2
VERSION
View File

@@ -1 +1 @@
0.4.0 0.4.1

119
autogen.sh
View File

@@ -1,119 +0,0 @@
#!/bin/sh
mode=config
case $1 in
clean)
mode=clean
;;
gen)
mode=gen
;;
-h|--help|help|\?)
echo "Usage: $0 [clean|gen]"
exit 1
;;
esac
if test "$mode" = "gen"; then
# generate the install include file
(echo "#ifndef _HAVE_PCP"; echo "#define _HAVE_PCP"; echo) > include/pcp.h
(echo "#ifdef __cplusplus"; echo "extern \"C\" {"; echo "#endif"; echo) >> include/pcp.h
echo "#include \"pcp/config.h\"" >> include/pcp.h
ls include/pcp/*.h | sed 's#include/##' | while read include; do
echo "#include \"$include\"" >> include/pcp.h
done
(echo "#ifdef __cplusplus"; echo "}"; echo "#endif"; echo) >> include/pcp.h
(echo; echo "#endif") >> include/pcp.h
# generate the version file
maj=`egrep "#define PCP_VERSION_MAJOR" include/pcp/version.h | awk '{print $3}'`
min=`egrep "#define PCP_VERSION_MINOR" include/pcp/version.h | awk '{print $3}'`
pat=`egrep "#define PCP_VERSION_PATCH" include/pcp/version.h | awk '{print $3}'`
echo -n "$maj.$min.$pat" > VERSION
# generate the manpage
echo "=head1 NAME
Pretty Curved Privacy - File encryption using eliptic curve cryptography.
=head1 SYNOPSIS
" > man/pcp1.pod
cat src/usage.txt | sed "s/^/ /g" >> man/pcp1.pod
cat man/options.pod >> man/pcp1.pod
cat man/pcp.pod >> man/pcp1.pod
cat man/details.pod >> man/pcp1.pod
cat man/footer.pod >> man/pcp1.pod
pod2man -r "PCP `cat VERSION`" -c "USER CONTRIBUTED DOCUMENTATION" man/pcp1.pod > man/pcp1.1
pod2html man/pcp1.pod > man/pcp1.html
# generate the top level readme
cat man/badges man/pcp.pod man/install.pod man/footer.pod > README.pod
pod2text README.pod > README
# generate usage.h
(cd src && ./usage.sh)
# generate pypcp types
cd bindings/py
./gencffi.pl ../../include/pcp/*.h > pypcp/raw.py
cd -
exit
fi
if test "$mode" = "config"; then
mkdir -p ./config
lt=libtoolize
case `uname` in Darwin*) lt=glibtoolize;; esac
if ! command -v $lt >/dev/null 2>&1 ; then
echo "could not find $lt." 1>&2
exit 1
fi
if ! command -v autoreconf >/dev/null 2>&1; then
echo "could not find autoreconf." 1>&2
exit 1
fi
autoreconf --install --force --verbose -I config
fi
#
# normal autogen stuff
cat <<EOF > clean.sh
#!/bin/sh
find . -name Makefile -exec rm {} \; > /dev/null 2>&1
find . -name Makefile.in -exec rm {} \; > /dev/null 2>&1
find . -name "*~" -exec rm {} \; > /dev/null 2>&1
find . -name config.h -exec rm {} \; > /dev/null 2>&1
find . -name "stamp*" -exec rm {} \; > /dev/null 2>&1
find . -name .deps -exec rm -rf {} \; > /dev/null 2>&1
find . -name .libs -exec rm -rf {} \; > /dev/null 2>&1
find . -name .o -exec rm -rf {} \; > /dev/null 2>&1
find . -name .lo -exec rm -rf {} \; > /dev/null 2>&1
find . -name .pyc -exec rm -rf {} \; > /dev/null 2>&1
find . -name .dirstamp -exec rm -rf {} \; > /dev/null 2>&1
rm -rf aclocal.m4 libtool configure config.* config autom4te.cache tests/test* tests/v* tests/stresstest/* libpcp/libpcp1.pc
rm clean.sh
EOF
chmod 700 clean.sh
rm -rf include/pcp/config.h.in~ libpcp/stamp-h1 autom4te.cache
sleep 1
touch Makefile.in configure */Makefile.in

383
configure.ac
View File

@@ -1,383 +0,0 @@
# -*-sh-*-
#
# This file is part of Pretty Curved Privacy (pcp1).
#
# Copyright (C) 2013-2015 T.Linden.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# You can contact me by mail: <tlinden AT cpan DOT org>.
#
AC_PREREQ(2.61)
define([pcpversion], esyscmd([sh -c "cat VERSION"]))dnl
AC_INIT([pcp], [pcpversion], [pcp@daemon.de])
#AC_INIT(pcp, `cat VERSION`)
AC_CONFIG_AUX_DIR(config)
AC_CONFIG_MACRO_DIR(config)
AC_CONFIG_HEADER(include/pcp/config.h)
AM_INIT_AUTOMAKE([subdir-objects])
LT_INIT
ORIG_CFLAGS="${CFLAGS:-none}"
# Checks for programs
AC_PROG_CXX
AC_PROG_CXXCPP
AC_PROG_CC
AM_PROG_CC_C_O
AC_PROG_LIBTOOL
AC_PROG_SED
AC_PROG_AWK
AC_PROG_INSTALL
# remove flags set by AC_PROG_CC (duplicates and/or invalid for clang)
# FIXME: why did I do this?!
#CFLAGS=""
#CXXFLAGS=""
# Host speciffic checks
AC_CANONICAL_HOST
# Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS(errno.h err.h stdlib.h string.h unistd.h stdio.h getopt.h\
limits.h stddef.h stdint.h sys/types.h sys/stat.h \
termios.h arpa/inet.h netinet/in.h wctype.h)
AC_TYPE_SIZE_T
# Checks for library functions.
AC_CHECK_FUNCS( \
arc4random_buf \
arc4random \
fread \
fopen \
free \
fwrite \
fseek \
ftruncate \
fprintf \
isatty \
malloc \
memset \
memcpy \
mmap \
perror \
posix_memalign \
setrlimit \
strnlen \
strnstr \
strlen \
strtol \
sizeof \
tcgetattr \
umask \
towlower \
getopt_long \
vasprintf
)
cross_compile="no"
AC_MSG_CHECKING([compiler and flags for sanity])
AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
[ AC_MSG_RESULT([yes]) ],
[
AC_MSG_RESULT([no])
AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
],
[
AC_MSG_WARN([cross compiling: not checking compiler sanity])
[cross_compile="yes"]
]
)
_havenacl=no
_ldlib=""
_have_json=no
AC_ARG_WITH([libsodium],
[AS_HELP_STRING([--with-libsodium],
[Specify libsodium prefix])],
[search_libsodium="yes"],
[])
if test "x$search_libsodium" = "xyes"; then
if test -r "${with_libsodium}/include/sodium.h"; then
CFLAGS="-I${with_libsodium}/include ${CFLAGS}"
LDFLAGS="-L${with_libsodium}/lib ${LDFLAGS}"
_havenacl=yes
_ldlib="${with_libsodium}/lib"
fi
fi
AC_ARG_WITH([libsodium-include-dir],
[AS_HELP_STRING([--with-libsodium-include-dir],
[Specify libsodium include prefix])],
[search_libsodium_include="yes"],
[])
if test "x$search_libsodium_include" = "xyes"; then
if test -r "${with_libsodium_include_dir}/sodium.h"; then
CFLAGS="-I${with_libsodium_include_dir} ${CFLAGS}"
_havenacl=yes
fi
fi
AC_ARG_WITH([libsodium_lib_dir],
[AS_HELP_STRING([--with-libsodium-lib-dir],
[Specify libsodium library prefix])],
[search_libsodium_lib="yes"],
[])
if test "x$search_libsodium_lib" = "xyes"; then
if test -r "${with_libsodium_lib_dir}/libsodium.dylib" -o -r "${with_libsodium_lib_dir}/libsodium.so" -o -r "${with_libsodium_lib_dir}/libsodium.a"; then
LDFLAGS="-L${with_libsodium_lib_dir} ${LDFLAGS}"
_havenacl=yes
_ldlib="${with_libsodium_lib_dir}"
fi
fi
if test "x${_havenacl}" = "xno"; then
AC_MSG_CHECKING([pkg-config for libsodium])
if pkg-config --exists libsodium; then
# found it
LDFLAGS="`pkg-config --libs libsodium` ${LDFLAGS}"
CFLAGS="`pkg-config --cflags libsodium` ${CFLAGS}"
_ldlib=`pkg-config --libs libsodium | cut -d ' ' -f 1 | cut -d L -f 2`
_havenacl=yes
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
fi
fi
if test "x${_havenacl}" != "xno" -a "x$cross_compile" = "xno"; then
LIBS="-lsodium" # gcc
export LDFLAGS="$LDFLAGS"
export CFLAGS="$CFLAGS"
export LIBS="$LIBS"
AC_MSG_CHECKING([libsodium version compatible])
AC_RUN_IFELSE([
AC_LANG_PROGRAM([[
#include <sodium.h>
]],[[
if (sodium_library_version_major() >= 7) { exit(0); }
else { exit(1); }
]])],
[
AC_MSG_RESULT([yes])
],
[
AC_MSG_ERROR([no, libsodium too old. please update your libsodium installation. or maybe the path in "$LDFLAGS" is not in LD_LIBRARY_PATH?])
]
)
fi
AC_ARG_WITH([json],
[AS_HELP_STRING([--with-json],
[enable JSON support])],
[search_json="yes"],
[])
if test "x$search_json" = "xyes"; then
# use pkg only
# FIXME: search
_have_json="yes"
LDFLAGS="$LDFLAGS -ljansson"
CFLAGS="$CFLAGS -DHAVE_JSON=1"
fi
AM_CONDITIONAL([BUILDJSON], [test "x$_have_json" = "xyes"])
# Check for some target-specific stuff
case "$host" in
*aix*)
# libm is required as well
CFLAGS="$CFLAGS -D_AIX_SOURCE=1"
LDFLAGS="$LDFLAGS -lm"
;;
*-*-android*) ;;
*-*-cygwin*) ;;
*-*-dgux*) ;;
*-*-darwin*) ;;
*-*-dragonfly*) ;;
*-*-haiku*) ;;
*-*-hpux*) ;;
*-*-irix5*) ;;
*-*-irix6*) ;;
*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) ;;
*-*-linux*) ;;
*-*-netbsd*) ;;
*-*-freebsd*)
# ports install to /usr/local by default, check
if test -d "/usr/local/lib" -a -d "/usr/local/include"; then
CFLAGS="$CFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
fi
;;
*-*-bsdi*) ;;
*-next-*) ;;
*-*-openbsd*) ;;
*-*-solaris*) ;;
*-*-sunos4*) ;;
*-ncr-sysv*) ;;
*-sni-sysv*) ;;
*-*-sysv4.2*) ;;
*-*-sysv5*) ;;
*-*-sysv*) ;;
*-*-sco*) ;;
*-*-unicos*) ;;
*-dec-osf*) ;;
*-*-nto-qnx*) ;;
*-*-ultrix*) ;;
*-*-lynxos) ;;
esac
AC_CHECK_LIB(sodium, sodium_init, , [AC_MSG_ERROR([cannot link with -lsodium, install libsodium.])])
if test -n "$_ldlib"; then
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${_ldlib}"
fi
if test "$cross_compile" = "no"; then
AC_MSG_CHECKING([is libsodium compiled correctly])
AC_RUN_IFELSE([
AC_LANG_PROGRAM([[
#include <sodium.h>
#include <stdlib.h>
#if crypto_box_PUBLICKEYBYTES != 32 || crypto_box_SECRETKEYBYTES != 32 || crypto_sign_PUBLICKEYBYTES != 32 || crypto_sign_PUBLICKEYBYTES != 32
# error "libsodium not built correctly"
#endif
]],[[exit(0);]])],
[
AC_MSG_RESULT([yes])
],
[
AC_MSG_ERROR([no. please check your libsodium installation, consider re-installing])
]
)
fi
# prepare FLAGS
CFLAGS="$CFLAGS -Werror -Wextra -Wall"
AC_ARG_ENABLE([debug],
AS_HELP_STRING([--disable-debug], [Disable debugging]))
AS_IF([test "x$enable_debug" != "xno"], [
CFLAGS="$CFLAGS -g -DDEBUG"
enable_debug="yes"
])
AC_ARG_ENABLE([optimize],
AS_HELP_STRING([--disable-optimize], [Disable optimization]))
AS_IF([test "x$enable_optimize" != "xno"], [
case $enable_optimize in
-O*)
CFLAGS="$CFLAGS $enable_optimize"
enable_optimize="$enable_optimize"
;;
*)
CFLAGS="$CFLAGS -O2"
enable_optimize="-O2"
;;
esac
])
CXXFLAGS="$CFLAGS"
# FIXME: check for libm
LIBS="$LIBS -lm"
# conditionals for bindings and stuff
# c++
AC_ARG_ENABLE([cpp-binding],
[AS_HELP_STRING([--disable-cpp-binding],
[Disable C++ binding])],
)
AS_IF([test "x$enable_cpp_binding" != "xno"], [
enable_cpp_binding=yes
])
AM_CONDITIONAL([BUILDCPP], [test "x$enable_cpp_binding" != "xno"])
# py
AC_ARG_ENABLE([python-binding],
[AS_HELP_STRING([--enable-python-binding],
[Enable python binding])
],
[python="yes"],
[])
if test "x$python" = "xyes"; then
if ! python -c "import cffi" > /dev/null 2>&1; then
python="no"
AC_MSG_ERROR([python or cffi is not installed])
fi
else
python="no"
fi
AM_CONDITIONAL([BUILDPY], [test "x$python" = "xyes"])
AC_SUBST(PACKAGE_VERSION)
# Specify output files
AC_CONFIG_FILES([Makefile include/Makefile libpcp/Makefile src/Makefile man/Makefile \
tests/Makefile libpcp/libpcp1.pc bindings/cpp/Makefile bindings/py/Makefile])
AC_OUTPUT
AC_MSG_RESULT([
Build configured for $PACKAGE $VERSION:
CC: ${CC}
CFLAGS: ${CFLAGS}
CXX: ${CXX}
CXXFLAGS: ${CXXFLAGS}
LDFLAGS: ${LDFLAGS}
LIBS: ${LIBS}
DEBUG: ${enable_debug}
optimize: ${enable_optimize}
prefix: ${prefix}
libdir: ${libdir}
includedir: ${includedir}
target platform: ${host}
cross compile: ${cross_compile}
build python binding: ${python}
build c++ binding: ${enable_cpp_binding}
json support: ${_have_json}
Type 'make' to build, 'make install' to install.
To execute unit tests, type 'make test'.
])

38
libpcp/Makefile.am
View File

@@ -1,38 +0,0 @@
#
# This file is part of Pretty Curved Privacy (pcp1).
#
# Copyright (C) 2013 T.Linden.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# You can contact me by mail: <tlinden AT cpan DOT org>.
#
AM_CFLAGS = -I../include/pcp
lib_LTLIBRARIES = libpcp1.la
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libpcp1.pc
libpcp1_la_SOURCES = platform.c mem.c version.c \
context.c z85.c zmq_z85.c key.c randomart.c \
vault.c jenhash.c readpass.c \
crypto.c ed.c keyhash.c scrypt.c \
util.c buffer.c mgmt.c keysig.c pcpstream.c
include_HEADERS = ../include/pcp.h
libpcp1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
--mode=link $(CCLD) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@

17
libpcp/config.h.in Normal file
View File

@@ -0,0 +1,17 @@
/* platform.h.in. Generated from configure.ac by autoheader. */
#mesondefine HAVE_SODIUM
#mesondefine HAVE_JSON
#mesondefine HAVE_GETOPT
#mesondefine HAVE_GETOPT_LONG
#mesondefine HAVE_SETRLIMIT
#mesondefine HAVE_VASPRINTF
#mesondefine HAVE_STRNLEN
#define PACKAGE "pcp"
#define VERSION "@VERSION@"
/* Define to empty if `const' does not conform to ANSI C. */
#undef const

0
include/Makefile.am → libpcp/include/Makefile.am
View File

0
include/pcp.h → libpcp/include/pcp.h
View File

0
include/pcp/buffer.h → libpcp/include/pcp/buffer.h
View File

0
include/pcp/config.h.in → libpcp/include/pcp/config.h.in
View File

0
include/pcp/context.h → libpcp/include/pcp/context.h
View File

0
include/pcp/crypto.h → libpcp/include/pcp/crypto.h
View File

0
include/pcp/defines.h → libpcp/include/pcp/defines.h
View File

0
include/pcp/ed.h → libpcp/include/pcp/ed.h
View File

0
include/pcp/getpass.h → libpcp/include/pcp/getpass.h
View File

0
include/pcp/jenhash.h → libpcp/include/pcp/jenhash.h
View File

0
include/pcp/key.h → libpcp/include/pcp/key.h
View File

0
include/pcp/keyhash.h → libpcp/include/pcp/keyhash.h
View File

0
include/pcp/keysig.h → libpcp/include/pcp/keysig.h
View File

0
include/pcp/mem.h → libpcp/include/pcp/mem.h
View File

46
include/pcp/mgmt.h → libpcp/include/pcp/mgmt.h
View File

@@ -48,28 +48,28 @@
#endif #endif
#include <sodium.h> #include <sodium.h>
#include <string.h>
#include <stdio.h> #include <stdio.h>
#include <string.h>
#include <time.h> #include <time.h>
#ifdef HAVE_JSON // #ifdef HAVE_JSON
#ifndef JANSSON_H
#include <jansson.h> #include <jansson.h>
#endif #endif
#include "buffer.h"
#include "context.h"
#include "defines.h" #include "defines.h"
#include "platform.h"
#include "structs.h"
#include "mem.h"
#include "ed.h" #include "ed.h"
#include "key.h" #include "key.h"
#include "keysig.h" #include "keysig.h"
#include "buffer.h" #include "mem.h"
#include "platform.h"
#include "scrypt.h" #include "scrypt.h"
#include "context.h" #include "structs.h"
/* key management api, export, import, and stuff */ /* key management api, export, import, and stuff */
/** /**
* \defgroup PubKeyExport KEYEXPORT * \defgroup PubKeyExport KEYEXPORT
* @{ * @{
@@ -77,10 +77,6 @@
Functions to export and import keys in various formats. Functions to export and import keys in various formats.
*/ */
/** RFC4880 alike public key export with some modifications. /** RFC4880 alike public key export with some modifications.
(Refer to the INTERNALS section of the pcp(1) manual page for details. (Refer to the INTERNALS section of the pcp(1) manual page for details.
@@ -94,8 +90,6 @@
*/ */
Buffer *pcp_export_rfc_pub(PCPCTX *ptx, pcp_key_t *sk); Buffer *pcp_export_rfc_pub(PCPCTX *ptx, pcp_key_t *sk);
/** Export a public key in PBP format. /** Export a public key in PBP format.
Export a public key in the format described at Export a public key in the format described at
https://github.com/stef/pbp/blob/master/doc/fileformats.txt https://github.com/stef/pbp/blob/master/doc/fileformats.txt
@@ -110,7 +104,8 @@ Buffer *pcp_export_pbp_pub(pcp_key_t *sk);
/** Export secret key. /** Export secret key.
Export a secret key. (refer to the INTERNALS section of the pcp(1) manual page for details). Export a secret key. (refer to the INTERNALS section of the pcp(1) manual
page for details).
\param[in] ptx context. \param[in] ptx context.
@@ -135,7 +130,8 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase);
\return the function returns a Buffer object containing the binary \return the function returns a Buffer object containing the binary
blob containing a JSON string. blob containing a JSON string.
*/ */
Buffer *pcp_export_json_pub(PCPCTX *ptx, pcp_key_t *sk, byte *sig, size_t siglen); Buffer *pcp_export_json_pub(PCPCTX *ptx, pcp_key_t *sk, byte *sig,
size_t siglen);
/** Export secret key in JSON format /** Export secret key in JSON format
@@ -148,7 +144,8 @@ Buffer *pcp_export_json_pub(PCPCTX *ptx, pcp_key_t *sk, byte *sig, size_t siglen
\return the function returns a Buffer object containing the binary \return the function returns a Buffer object containing the binary
blob containing a JSON string. blob containing a JSON string.
*/ */
Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce, byte *cipher, size_t clen); Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce,
byte *cipher, size_t clen);
/** Convert secret key struct into JSON struct /** Convert secret key struct into JSON struct
@@ -179,14 +176,19 @@ pcp_ks_bundle_t *pcp_import_pub_rfc(PCPCTX *ptx, Buffer *blob);
pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob); pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob);
/* import secret key */ /* import secret key */
pcp_key_t *pcp_import_binsecret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passphrase); pcp_key_t *pcp_import_binsecret(PCPCTX *ptx, byte *raw, size_t rawsize,
pcp_key_t *pcp_import_secret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passphrase); char *passphrase);
pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphrase); pcp_key_t *pcp_import_secret(PCPCTX *ptx, byte *raw, size_t rawsize,
char *passphrase);
pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher,
char *passphrase);
/* helpers */ /* helpers */
int _check_keysig_h(PCPCTX *ptx, Buffer *blob, rfc_pub_sig_h *h); int _check_keysig_h(PCPCTX *ptx, Buffer *blob, rfc_pub_sig_h *h);
int _check_hash_keysig(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t *sk); int _check_hash_keysig(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p,
int _check_sigsubs(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, rfc_pub_sig_s *subheader); pcp_keysig_t *sk);
int _check_sigsubs(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p,
rfc_pub_sig_s *subheader);
#endif // _HAVE_PCP_MGMT_H #endif // _HAVE_PCP_MGMT_H

0
include/pcp/pcpstream.h → libpcp/include/pcp/pcpstream.h
View File

0
include/pcp/platform.h → libpcp/include/pcp/platform.h
View File

0
include/pcp/plist.h → libpcp/include/pcp/plist.h
View File

0
include/pcp/randomart.h → libpcp/include/pcp/randomart.h
View File

0
include/pcp/readpass.h → libpcp/include/pcp/readpass.h
View File

0
include/pcp/scrypt.h → libpcp/include/pcp/scrypt.h
View File

0
include/pcp/structs.h → libpcp/include/pcp/structs.h
View File

0
include/pcp/uthash.h → libpcp/include/pcp/uthash.h
View File

0
include/pcp/util.h → libpcp/include/pcp/util.h
View File

0
include/pcp/vault.h → libpcp/include/pcp/vault.h
View File

0
include/pcp/version.h → libpcp/include/pcp/version.h
View File

0
include/pcp/z85.h → libpcp/include/pcp/z85.h
View File

0
include/pcp/zmq_z85.h → libpcp/include/pcp/zmq_z85.h
View File

116
libpcp/key.c
View File

@@ -19,7 +19,6 @@
You can contact me by mail: <tom AT vondein DOT org>. You can contact me by mail: <tom AT vondein DOT org>.
*/ */
#include "key.h" #include "key.h"
#include "context.h" #include "context.h"
@@ -48,7 +47,6 @@ byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
return key; return key;
} }
char *pcp_getkeyid(pcp_key_t *k) { char *pcp_getkeyid(pcp_key_t *k) {
uint32_t s, p; uint32_t s, p;
p = jen_hash(k->pub, LBOXPUB, JEN_PSALT); p = jen_hash(k->pub, LBOXPUB, JEN_PSALT);
@@ -68,7 +66,8 @@ char *pcp_getpubkeyid(pcp_pubkey_t *k) {
return id; return id;
} }
void pcp_keypairs(byte *msk, byte *mpk, byte *csk, byte *cpk, byte *esk, byte *epk) { void pcp_keypairs(byte *msk, byte *mpk, byte *csk, byte *cpk, byte *esk,
byte *epk) {
/* generate keypairs from random seed */ /* generate keypairs from random seed */
byte *ms = urmalloc(32); byte *ms = urmalloc(32);
byte *ss = urmalloc(32); byte *ss = urmalloc(32);
@@ -166,7 +165,8 @@ pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
buffer_add(both, key->edsecret, LEDSEC); buffer_add(both, key->edsecret, LEDSEC);
buffer_add(both, key->secret, LBOXSEC); buffer_add(both, key->secret, LBOXSEC);
es = pcp_sodium_mac(&encrypted, buffer_get(both), buffer_size(both), key->nonce, encryptkey); es = pcp_sodium_mac(&encrypted, buffer_get(both), buffer_size(both),
key->nonce, encryptkey);
buffer_free(both); buffer_free(both);
sfree(encryptkey); sfree(encryptkey);
@@ -178,8 +178,7 @@ pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
memset(key->secret, 0, LBOXSEC); memset(key->secret, 0, LBOXSEC);
memset(key->edsecret, 0, LEDSEC); memset(key->edsecret, 0, LEDSEC);
memset(key->mastersecret, 0, LEDSEC); memset(key->mastersecret, 0, LEDSEC);
} } else {
else {
fatal(ptx, "failed to encrypt the secret key!\n"); fatal(ptx, "failed to encrypt the secret key!\n");
ucfree(encrypted, es); ucfree(encrypted, es);
ucfree(key, sizeof(pcp_key_t)); ucfree(key, sizeof(pcp_key_t));
@@ -195,7 +194,8 @@ pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
byte *decrypted = ucmalloc(LSEC - crypto_secretbox_MACBYTES); byte *decrypted = ucmalloc(LSEC - crypto_secretbox_MACBYTES);
size_t es; size_t es;
es = pcp_sodium_verify_mac(&decrypted, key->encrypted, LSEC, key->nonce, encryptkey); es = pcp_sodium_verify_mac(&decrypted, key->encrypted, LSEC, key->nonce,
encryptkey);
sfree(encryptkey); sfree(encryptkey);
@@ -205,8 +205,7 @@ pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
memcpy(key->edsecret, decrypted + LEDSEC, LEDSEC); memcpy(key->edsecret, decrypted + LEDSEC, LEDSEC);
memcpy(key->secret, decrypted + LEDSEC + LEDSEC, LBOXSEC); memcpy(key->secret, decrypted + LEDSEC + LEDSEC, LBOXSEC);
ucfree(decrypted, LEDSEC + LEDSEC + LBOXSEC); ucfree(decrypted, LEDSEC + LEDSEC + LBOXSEC);
} } else {
else {
fatal(ptx, "failed to decrypt the secret key (got %d, expected 32)!\n", es); fatal(ptx, "failed to decrypt the secret key (got %d, expected 32)!\n", es);
ucfree(decrypted, LEDSEC + LEDSEC + LBOXSEC); ucfree(decrypted, LEDSEC + LEDSEC + LBOXSEC);
return NULL; return NULL;
@@ -252,7 +251,6 @@ byte *pcpkey_getchecksum(pcp_key_t *k) {
return hash; return hash;
} }
void pcp_pubkeyblob(Buffer *b, pcp_pubkey_t *k) { void pcp_pubkeyblob(Buffer *b, pcp_pubkey_t *k) {
buffer_add(b, k->masterpub, LEDPUB); buffer_add(b, k->masterpub, LEDPUB);
buffer_add(b, k->pub, LBOXPUB); buffer_add(b, k->pub, LBOXPUB);
@@ -331,35 +329,39 @@ Buffer *pcp_keyblob(void *k, int type) {
Buffer *b = buffer_new(PCP_RAW_PUBKEYSIZE, "bp"); Buffer *b = buffer_new(PCP_RAW_PUBKEYSIZE, "bp");
pcp_pubkeyblob(b, (pcp_pubkey_t *)k); pcp_pubkeyblob(b, (pcp_pubkey_t *)k);
return b; return b;
} } else {
else {
Buffer *b = buffer_new(PCP_RAW_KEYSIZE, "bs"); Buffer *b = buffer_new(PCP_RAW_KEYSIZE, "bs");
pcp_seckeyblob(b, (pcp_key_t *)k); pcp_seckeyblob(b, (pcp_key_t *)k);
return b; return b;
} }
} }
int pcp_sanitycheck_pub(PCPCTX *ptx, pcp_pubkey_t *key) { int pcp_sanitycheck_pub(PCPCTX *ptx, pcp_pubkey_t *key) {
if (key->pub[0] == 0) { if (key->pub[0] == 0) {
fatal(ptx, "Pubkey sanity check: public key contained in key seems to be empty!\n"); fatal(ptx, "Pubkey sanity check: public key contained in key seems to be "
"empty!\n");
return 1; return 1;
} }
if (key->type != PCP_KEY_TYPE_PUBLIC) { if (key->type != PCP_KEY_TYPE_PUBLIC) {
fatal(ptx, "Pubkey sanity check: key type is not PUBLIC (expected: %02x, got: %02x)!\n", fatal(ptx,
"Pubkey sanity check: key type is not PUBLIC (expected: %02x, got: "
"%02x)!\n",
PCP_KEY_TYPE_PUBLIC, key->type); PCP_KEY_TYPE_PUBLIC, key->type);
return 1; return 1;
} }
if (key->version != PCP_KEY_VERSION) { if (key->version != PCP_KEY_VERSION) {
fatal(ptx, "Pubkey sanity check: unknown key version (expected: %08X, got: %08X)!\n", fatal(ptx,
"Pubkey sanity check: unknown key version (expected: %08X, got: "
"%08X)!\n",
PCP_KEY_VERSION, key->version); PCP_KEY_VERSION, key->version);
return 1; return 1;
} }
if (key->serial <= 0) { if (key->serial <= 0) {
fatal(ptx, "Pubkey sanity check: invalid serial number: %08X!\n", key->serial); fatal(ptx, "Pubkey sanity check: invalid serial number: %08X!\n",
key->serial);
return 1; return 1;
} }
@@ -367,7 +369,9 @@ int pcp_sanitycheck_pub(PCPCTX *ptx, pcp_pubkey_t *key) {
char *got = ucmalloc(17); char *got = ucmalloc(17);
memcpy(got, key->id, 17); memcpy(got, key->id, 17);
got[16] = '\0'; got[16] = '\0';
fatal(ptx, "Pubkey sanity check: invalid key id (expected 16 bytes, got: %s)!\n", got); fatal(ptx,
"Pubkey sanity check: invalid key id (expected 16 bytes, got: %s)!\n",
got);
free(got); free(got);
return 1; return 1;
} }
@@ -377,40 +381,50 @@ int pcp_sanitycheck_pub(PCPCTX *ptx, pcp_pubkey_t *key) {
c = localtime(&t); c = localtime(&t);
if (c->tm_year <= 0 || c->tm_year > 1100) { if (c->tm_year <= 0 || c->tm_year > 1100) {
/* well, I'm perhaps overacting here :) */ /* well, I'm perhaps overacting here :) */
fatal(ptx, "Pubkey sanity check: invalid creation timestamp (got year %04d)!\n", c->tm_year + 1900); fatal(ptx,
"Pubkey sanity check: invalid creation timestamp (got year %04d)!\n",
c->tm_year + 1900);
return 1; return 1;
} }
pcp_pubkey_t *maybe = pcphash_pubkeyexists(ptx, key->id); pcp_pubkey_t *maybe = pcphash_pubkeyexists(ptx, key->id);
if (maybe != NULL) { if (maybe != NULL) {
fatal(ptx, "Pubkey sanity check: there already exists a key with the id 0x%s\n", key->id); fatal(ptx,
"Pubkey sanity check: there already exists a key with the id 0x%s\n",
key->id);
return 1; return 1;
} }
return 0; return 0;
} }
int pcp_sanitycheck_key(PCPCTX *ptx, pcp_key_t *key) { int pcp_sanitycheck_key(PCPCTX *ptx, pcp_key_t *key) {
if (key->encrypted[0] == 0) { if (key->encrypted[0] == 0) {
fatal(ptx, "Secretkey sanity check: secret key contained in key seems to be empty!\n"); fatal(ptx, "Secretkey sanity check: secret key contained in key seems to "
"be empty!\n");
return 1; return 1;
} }
if(key->type != PCP_KEY_TYPE_SECRET && key->type != PCP_KEY_TYPE_MAINSECRET) { if (key->type != PCP_KEY_TYPE_SECRET &&
fatal(ptx, "Secretkey sanity check: key type is not SECRET (expected: %02x, got: %02x)!\n", key->type != PCP_KEY_TYPE_MAINSECRET) {
fatal(ptx,
"Secretkey sanity check: key type is not SECRET (expected: %02x, "
"got: %02x)!\n",
PCP_KEY_TYPE_SECRET, key->type); PCP_KEY_TYPE_SECRET, key->type);
return 1; return 1;
} }
if (key->version != PCP_KEY_VERSION) { if (key->version != PCP_KEY_VERSION) {
fatal(ptx, "Secretkey sanity check: unknown key version (expected: %08X, got: %08X)!\n", fatal(ptx,
"Secretkey sanity check: unknown key version (expected: %08X, got: "
"%08X)!\n",
PCP_KEY_VERSION, key->version); PCP_KEY_VERSION, key->version);
return 1; return 1;
} }
if (key->serial <= 0) { if (key->serial <= 0) {
fatal(ptx, "Secretkey sanity check: invalid serial number: %08X!\n", key->serial); fatal(ptx, "Secretkey sanity check: invalid serial number: %08X!\n",
key->serial);
return 1; return 1;
} }
@@ -418,7 +432,10 @@ int pcp_sanitycheck_key(PCPCTX *ptx, pcp_key_t *key) {
char *got = ucmalloc(17); char *got = ucmalloc(17);
memcpy(got, key->id, 17); memcpy(got, key->id, 17);
got[16] = '\0'; got[16] = '\0';
fatal(ptx, "Secretkey sanity check: invalid key id (expected 16 bytes, got: %s)!\n", got); fatal(ptx,
"Secretkey sanity check: invalid key id (expected 16 bytes, got: "
"%s)!\n",
got);
free(got); free(got);
return 1; return 1;
} }
@@ -428,13 +445,19 @@ int pcp_sanitycheck_key(PCPCTX *ptx, pcp_key_t *key) {
c = localtime(&t); c = localtime(&t);
if (c->tm_year <= 70 || c->tm_year > 1100) { if (c->tm_year <= 70 || c->tm_year > 1100) {
/* well, I'm perhaps overacting here :) */ /* well, I'm perhaps overacting here :) */
fatal(ptx, "Secretkey sanity check: invalid creation timestamp (got year %04d)!\n", c->tm_year + 1900); fatal(
ptx,
"Secretkey sanity check: invalid creation timestamp (got year %04d)!\n",
c->tm_year + 1900);
return 1; return 1;
} }
pcp_key_t *maybe = pcphash_keyexists(ptx, key->id); pcp_key_t *maybe = pcphash_keyexists(ptx, key->id);
if (maybe != NULL) { if (maybe != NULL) {
fatal(ptx, "Secretkey sanity check: there already exists a key with the id 0x%s\n", key->id); fatal(
ptx,
"Secretkey sanity check: there already exists a key with the id 0x%s\n",
key->id);
return 1; return 1;
} }
@@ -447,35 +470,43 @@ void pcp_dumpkey(pcp_key_t *k) {
printf("Dumping pcp_key_t raw values:\n"); printf("Dumping pcp_key_t raw values:\n");
printf("masterpub: "); printf("masterpub: ");
for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->masterpub[i]); for (i = 0; i < LEDPUB; ++i)
printf("%02x", (unsigned int)k->masterpub[i]);
printf("\n"); printf("\n");
printf(" public: "); printf(" public: ");
for ( i = 0;i < LBOXPUB;++i) printf("%02x",(unsigned int) k->pub[i]); for (i = 0; i < LBOXPUB; ++i)
printf("%02x", (unsigned int)k->pub[i]);
printf("\n"); printf("\n");
printf(" edpub: "); printf(" edpub: ");
for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->edpub[i]); for (i = 0; i < LEDPUB; ++i)
printf("%02x", (unsigned int)k->edpub[i]);
printf("\n"); printf("\n");
printf("mastersec: "); printf("mastersec: ");
for ( i = 0;i < LEDSEC;++i) printf("%02x",(unsigned int) k->mastersecret[i]); for (i = 0; i < LEDSEC; ++i)
printf("%02x", (unsigned int)k->mastersecret[i]);
printf("\n"); printf("\n");
printf(" secret: "); printf(" secret: ");
for ( i = 0;i < LBOXPUB;++i) printf("%02x",(unsigned int) k->secret[i]); for (i = 0; i < LBOXPUB; ++i)
printf("%02x", (unsigned int)k->secret[i]);
printf("\n"); printf("\n");
printf(" edsecret: "); printf(" edsecret: ");
for ( i = 0;i < LEDSEC;++i) printf("%02x",(unsigned int) k->edsecret[i]); for (i = 0; i < LEDSEC; ++i)
printf("%02x", (unsigned int)k->edsecret[i]);
printf("\n"); printf("\n");
printf(" nonce: "); printf(" nonce: ");
for ( i = 0;i < LNONCE;++i) printf("%02x",(unsigned int) k->nonce[i]); for (i = 0; i < LNONCE; ++i)
printf("%02x", (unsigned int)k->nonce[i]);
printf("\n"); printf("\n");
printf("encrypted: "); printf("encrypted: ");
for ( i = 0;i < LSEC;++i) printf("%02x",(unsigned int) k->encrypted[i]); for (i = 0; i < LSEC; ++i)
printf("%02x", (unsigned int)k->encrypted[i]);
printf("\n"); printf("\n");
printf(" owner: %s\n", k->owner); printf(" owner: %s\n", k->owner);
@@ -493,21 +524,23 @@ void pcp_dumpkey(pcp_key_t *k) {
printf(" type: 0x%02X\n", k->type); printf(" type: 0x%02X\n", k->type);
} }
void pcp_dumppubkey(pcp_pubkey_t *k) { void pcp_dumppubkey(pcp_pubkey_t *k) {
unsigned int i; unsigned int i;
printf("Dumping pcp_pubkey_t raw values:\n"); printf("Dumping pcp_pubkey_t raw values:\n");
printf("masterpub: "); printf("masterpub: ");
for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->masterpub[i]); for (i = 0; i < LEDPUB; ++i)
printf("%02x", (unsigned int)k->masterpub[i]);
printf("\n"); printf("\n");
printf(" public: "); printf(" public: ");
for ( i = 0;i < LBOXPUB;++i) printf("%02x",(unsigned int) k->pub[i]); for (i = 0; i < LBOXPUB; ++i)
printf("%02x", (unsigned int)k->pub[i]);
printf("\n"); printf("\n");
printf(" edpub: "); printf(" edpub: ");
for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->edpub[i]); for (i = 0; i < LEDPUB; ++i)
printf("%02x", (unsigned int)k->edpub[i]);
printf("\n"); printf("\n");
printf(" owner: %s\n", k->owner); printf(" owner: %s\n", k->owner);
@@ -525,7 +558,6 @@ void pcp_dumppubkey(pcp_pubkey_t *k) {
printf(" type: 0x%02X\n", k->type); printf(" type: 0x%02X\n", k->type);
} }
/* /*
via via
http://rosettacode.org/wiki/Entropy#C http://rosettacode.org/wiki/Entropy#C

64
libpcp/meson.build Normal file
View File

@@ -0,0 +1,64 @@
# -*-python-*-
libincludes = include_directories('include', 'include/pcp')
# check for libraries with CMAKE or pkg-config
sodium = dependency('libsodium')
# manually check for libraries
jansson = c.find_library('jansson', required: true,
dirs : ['/usr', '/usr/local'])
conf.set('HAVE_SODIUM', sodium.found())
conf.set('HAVE_JSON', jansson.found())
math = c.find_library('m')
# add dependencies, manual libs are added directly below
pcp_deps = [
sodium, jansson, math
]
libpcp = shared_library(
'pcp',
'buffer.c',
'context.c',
'crypto.c',
'ed.c',
'getpass.c',
'jenhash.c',
'key.c',
'keyhash.c',
'keysig.c',
'mem.c',
'mgmt.c',
'pcpstream.c',
'platform.c',
'randomart.c',
'readpass.c',
'scrypt.c',
'util.c',
'vault.c',
'version.c',
'z85.c',
'zmq_z85.c',
include_directories: libincludes,
install: true,
dependencies: pcp_deps
)
libpcp_dep = declare_dependency(
include_directories: libincludes,
link_with: libpcp,
)
# write out the config header
m = configure_file(
input : 'config.h.in',
output : 'config.h',
configuration : conf,
)

212
libpcp/mgmt.c
View File

@@ -29,14 +29,14 @@ int _get_pk(Buffer *blob, pcp_pubkey_t *p) {
buffer_get_chunk(blob, p->edpub, LEDPUB); buffer_get_chunk(blob, p->edpub, LEDPUB);
buffer_get_chunk(blob, p->pub, LBOXPUB); buffer_get_chunk(blob, p->pub, LBOXPUB);
return 0; return 0;
} } else
else
return 1; return 1;
} }
int _check_keysig_h(PCPCTX *ptx, Buffer *blob, rfc_pub_sig_h *h) { int _check_keysig_h(PCPCTX *ptx, Buffer *blob, rfc_pub_sig_h *h) {
if (buffer_left(blob) >= sizeof(rfc_pub_sig_h)) { if (buffer_left(blob) >= sizeof(rfc_pub_sig_h)) {
buffer_get_chunk(blob, h, sizeof(rfc_pub_sig_h)); /* FIXME: blog 2 struct? thafck */ buffer_get_chunk(blob, h,
sizeof(rfc_pub_sig_h)); /* FIXME: blog 2 struct? thafck */
h->numsubs = _wireto16((byte *)&h->numsubs); h->numsubs = _wireto16((byte *)&h->numsubs);
@@ -46,8 +46,8 @@ int _check_keysig_h(PCPCTX *ptx, Buffer *blob, rfc_pub_sig_h *h) {
return 1; return 1;
} }
if (h->type != EXP_SIG_TYPE) { if (h->type != EXP_SIG_TYPE) {
fatal(ptx, "Unsupported pubkey signature type %d, expected %d\n", fatal(ptx, "Unsupported pubkey signature type %d, expected %d\n", h->type,
h->type, EXP_SIG_TYPE); EXP_SIG_TYPE);
return 1; return 1;
} }
if (h->pkcipher != EXP_SIG_CIPHER) { if (h->pkcipher != EXP_SIG_CIPHER) {
@@ -56,28 +56,33 @@ int _check_keysig_h(PCPCTX *ptx, Buffer *blob, rfc_pub_sig_h *h) {
return 1; return 1;
} }
if (h->hashcipher != EXP_HASH_CIPHER) { if (h->hashcipher != EXP_HASH_CIPHER) {
fatal(ptx, "Unsupported pubkey signature hash cipher %d, expected %d\n", h->hashcipher, EXP_HASH_CIPHER); fatal(ptx, "Unsupported pubkey signature hash cipher %d, expected %d\n",
h->hashcipher, EXP_HASH_CIPHER);
return 1; return 1;
} }
if(h->numsubs > 0 && buffer_left(blob) < sizeof(rfc_pub_sig_s) * h->numsubs) { if (h->numsubs > 0 &&
fatal(ptx, "Signature size specification invalid (sig: %ld, bytes left: %ld, numsubs: %ld\n", buffer_left(blob) < sizeof(rfc_pub_sig_s) * h->numsubs) {
fatal(ptx,
"Signature size specification invalid (sig: %ld, bytes left: %ld, "
"numsubs: %ld\n",
sizeof(rfc_pub_sig_s) * h->numsubs, buffer_left(blob), h->numsubs); sizeof(rfc_pub_sig_s) * h->numsubs, buffer_left(blob), h->numsubs);
return 1; return 1;
} }
return 0; return 0;
} } else {
else {
fatal(ptx, "Error: input data too small, import failed\n"); fatal(ptx, "Error: input data too small, import failed\n");
return 1; return 1;
} }
} }
int _check_sigsubs(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, rfc_pub_sig_s *subheader) { int _check_sigsubs(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p,
rfc_pub_sig_s *subheader) {
uint16_t nsize, vsize; uint16_t nsize, vsize;
char *notation = NULL; char *notation = NULL;
if (subheader->size > buffer_left(blob)) { if (subheader->size > buffer_left(blob)) {
fatal(ptx, "Invalid header size %ld specified in source\n", subheader->size); fatal(ptx, "Invalid header size %ld specified in source\n",
subheader->size);
return 1; return 1;
} }
@@ -94,35 +99,36 @@ int _check_sigsubs(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, rfc_pub_sig_s *su
notation = ucmalloc(nsize + 1); notation = ucmalloc(nsize + 1);
if (buffer_get_chunk(blob, notation, nsize) == 0) { if (buffer_get_chunk(blob, notation, nsize) == 0) {
fatal(ptx, "Invalid notation size, expected %ld bytes, but got 0\n", nsize); fatal(ptx, "Invalid notation size, expected %ld bytes, but got 0\n",
nsize);
goto sgcerr; goto sgcerr;
} }
notation[nsize] = '\0'; notation[nsize] = '\0';
if (vsize > buffer_left(blob) || vsize > 255) { if (vsize > buffer_left(blob) || vsize > 255) {
fatal(ptx, "Invalid notation value size %ld specified in source\n", vsize); fatal(ptx, "Invalid notation value size %ld specified in source\n",
vsize);
goto sgcerr; goto sgcerr;
} }
if (strncmp(notation, "owner", 5) == 0) { if (strncmp(notation, "owner", 5) == 0) {
if (buffer_get_chunk(blob, p->owner, vsize) == 0) { if (buffer_get_chunk(blob, p->owner, vsize) == 0) {
fatal(ptx, "Invalid 'owner' notation, expected %ld bytes, but got 0\n", vsize); fatal(ptx, "Invalid 'owner' notation, expected %ld bytes, but got 0\n",
vsize);
goto sgcerr; goto sgcerr;
} }
} } else if (strncmp(notation, "mail", 4) == 0) {
else if(strncmp(notation, "mail", 4) == 0) {
if (buffer_get_chunk(blob, p->mail, vsize) == 0) { if (buffer_get_chunk(blob, p->mail, vsize) == 0) {
fatal(ptx, "Invalid 'mail' notation, expected %ld bytes, but got 0\n", vsize); fatal(ptx, "Invalid 'mail' notation, expected %ld bytes, but got 0\n",
vsize);
goto sgcerr; goto sgcerr;
} }
} } else if (strncmp(notation, "serial", 6) == 0) {
else if(strncmp(notation, "serial", 6) == 0) {
p->serial = buffer_get32na(blob); p->serial = buffer_get32na(blob);
} }
ucfree(notation, nsize + 1); ucfree(notation, nsize + 1);
} } else {
else {
/* unsupported or ignored sig subs: /* unsupported or ignored sig subs:
we (currently) ignore sig ctime, expire and keyexpire, we (currently) ignore sig ctime, expire and keyexpire,
since the ctime - which is the only one we need internally - since the ctime - which is the only one we need internally -
@@ -130,7 +136,9 @@ int _check_sigsubs(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, rfc_pub_sig_s *su
the future though. the future though.
*/ */
if (buffer_fwd_offset(blob, subheader->size) == 0) { if (buffer_fwd_offset(blob, subheader->size) == 0) {
fatal(ptx, "Invalid 'unsupported' notation, expected %ld bytes, but got 0\n", subheader->size); fatal(ptx,
"Invalid 'unsupported' notation, expected %ld bytes, but got 0\n",
subheader->size);
return 1; return 1;
} }
} }
@@ -142,8 +150,8 @@ int _check_sigsubs(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, rfc_pub_sig_s *su
return 1; return 1;
} }
int _check_hash_keysig(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p,
int _check_hash_keysig(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t *sk) { pcp_keysig_t *sk) {
// read hash + sig // read hash + sig
size_t blobstop = blob->offset; /* key header + mp,sp,cp */ size_t blobstop = blob->offset; /* key header + mp,sp,cp */
size_t sigsize = crypto_sign_BYTES + crypto_generichash_BYTES_MAX; size_t sigsize = crypto_sign_BYTES + crypto_generichash_BYTES_MAX;
@@ -182,7 +190,8 @@ int _check_hash_keysig(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t
/* compare them */ /* compare them */
if (cst_time_memcmp(hash, verifyhash, crypto_generichash_BYTES_MAX) != 0) { if (cst_time_memcmp(hash, verifyhash, crypto_generichash_BYTES_MAX) != 0) {
fatal(ptx, "Signature verifies but signed hash doesn't match signature contents\n"); fatal(ptx, "Signature verifies but signed hash doesn't match signature "
"contents\n");
goto chker2; goto chker2;
} }
@@ -212,10 +221,8 @@ int _check_hash_keysig(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t
ucfree(signature, sigsize); ucfree(signature, sigsize);
return 1; return 1;
} }
pcp_ks_bundle_t *pcp_import_pub(PCPCTX *ptx, byte *raw, size_t rawsize) { pcp_ks_bundle_t *pcp_import_pub(PCPCTX *ptx, byte *raw, size_t rawsize) {
size_t clen; size_t clen;
byte *bin = NULL; byte *bin = NULL;
@@ -238,8 +245,7 @@ pcp_ks_bundle_t *pcp_import_pub(PCPCTX *ptx, byte *raw, size_t rawsize) {
/* treat as binary blob */ /* treat as binary blob */
fatals_reset(ptx); fatals_reset(ptx);
buffer_add(blob, raw, rawsize); buffer_add(blob, raw, rawsize);
} } else {
else {
/* use decoded */ /* use decoded */
buffer_add(blob, bin, clen); buffer_add(blob, bin, clen);
ucfree(bin, clen); ucfree(bin, clen);
@@ -251,8 +257,7 @@ pcp_ks_bundle_t *pcp_import_pub(PCPCTX *ptx, byte *raw, size_t rawsize) {
if (version == PCP_KEY_VERSION) { if (version == PCP_KEY_VERSION) {
/* ah, homerun */ /* ah, homerun */
return pcp_import_pub_rfc(ptx, blob); return pcp_import_pub_rfc(ptx, blob);
} } else {
else {
/* nope, it's probably pbp */ /* nope, it's probably pbp */
return pcp_import_pub_pbp(ptx, blob); return pcp_import_pub_pbp(ptx, blob);
} }
@@ -265,8 +270,7 @@ pcp_ks_bundle_t *pcp_import_binpub(PCPCTX *ptx, byte *raw, size_t rawsize) {
#ifdef HAVE_JSON #ifdef HAVE_JSON
if (ptx->json) { if (ptx->json) {
bundle = pcp_import_pub_json(ptx, raw, rawsize); bundle = pcp_import_pub_json(ptx, raw, rawsize);
} } else {
else {
#endif #endif
buffer_add(blob, raw, rawsize); buffer_add(blob, raw, rawsize);
@@ -277,8 +281,7 @@ pcp_ks_bundle_t *pcp_import_binpub(PCPCTX *ptx, byte *raw, size_t rawsize) {
if (version == PCP_KEY_VERSION) { if (version == PCP_KEY_VERSION) {
/* ah, homerun */ /* ah, homerun */
bundle = pcp_import_pub_rfc(ptx, blob); bundle = pcp_import_pub_rfc(ptx, blob);
} } else {
else {
/* nope, it's probably pbp */ /* nope, it's probably pbp */
bundle = pcp_import_pub_pbp(ptx, blob); bundle = pcp_import_pub_pbp(ptx, blob);
} }
@@ -289,7 +292,6 @@ pcp_ks_bundle_t *pcp_import_binpub(PCPCTX *ptx, byte *raw, size_t rawsize) {
buffer_free(blob); buffer_free(blob);
return bundle; return bundle;
} }
pcp_ks_bundle_t *pcp_import_pub_rfc(PCPCTX *ptx, Buffer *blob) { pcp_ks_bundle_t *pcp_import_pub_rfc(PCPCTX *ptx, Buffer *blob) {
@@ -299,14 +301,17 @@ pcp_ks_bundle_t *pcp_import_pub_rfc(PCPCTX *ptx, Buffer *blob) {
rfc_pub_sig_s *subheader = ucmalloc(sizeof(rfc_pub_sig_s)); rfc_pub_sig_s *subheader = ucmalloc(sizeof(rfc_pub_sig_s));
pcp_pubkey_t *p = ucmalloc(sizeof(pcp_pubkey_t)); pcp_pubkey_t *p = ucmalloc(sizeof(pcp_pubkey_t));
if(buffer_done(blob)) goto be; if (buffer_done(blob))
goto be;
p->ctime = buffer_get64na(blob); p->ctime = buffer_get64na(blob);
uint8_t pkcipher = buffer_get8(blob); uint8_t pkcipher = buffer_get8(blob);
if(buffer_done(blob)) goto be; if (buffer_done(blob))
goto be;
if (pkcipher != EXP_PK_CIPHER) { if (pkcipher != EXP_PK_CIPHER) {
fatal(ptx, "Unsupported pk cipher %d, expected %d\n", pkcipher, EXP_PK_CIPHER); fatal(ptx, "Unsupported pk cipher %d, expected %d\n", pkcipher,
EXP_PK_CIPHER);
goto bef; goto bef;
} }
@@ -345,15 +350,13 @@ pcp_ks_bundle_t *pcp_import_pub_rfc(PCPCTX *ptx, Buffer *blob) {
if (_check_hash_keysig(ptx, blob, p, sk) != 0) { if (_check_hash_keysig(ptx, blob, p, sk) != 0) {
b->p = p; b->p = p;
b->s = NULL; b->s = NULL;
} } else {
else {
b->p = p; b->p = p;
b->s = sk; b->s = sk;
} }
return b; return b;
be: be:
fatal(ptx, "Error: input data too small, import failed\n"); fatal(ptx, "Error: input data too small, import failed\n");
@@ -392,8 +395,8 @@ pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob) {
date[19] = '\0'; date[19] = '\0';
struct tm c; struct tm c;
c.tm_isdst = -1; c.tm_isdst = -1;
int tmok = sscanf(date, "%4d-%2d-%2dT%2d:%2d:%2d", int tmok = sscanf(date, "%4d-%2d-%2dT%2d:%2d:%2d", &c.tm_year, &c.tm_mon,
&c.tm_year, &c.tm_mon, &c.tm_mday, &c.tm_hour, &c.tm_min, &c.tm_sec); &c.tm_mday, &c.tm_hour, &c.tm_min, &c.tm_sec);
if (tmok <= 0 || c.tm_hour >= 24 || c.tm_mon >= 59 || c.tm_sec >= 59) { if (tmok <= 0 || c.tm_hour >= 24 || c.tm_mon >= 59 || c.tm_sec >= 59) {
/* check returned tm values, which will look like this when input /* check returned tm values, which will look like this when input
@@ -451,8 +454,7 @@ pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob) {
if (verify == NULL) { if (verify == NULL) {
bundle->p = pub; bundle->p = pub;
bundle->s = NULL; bundle->s = NULL;
} } else {
else {
pcp_keysig_t *sk = ucmalloc(sizeof(pcp_keysig_t)); pcp_keysig_t *sk = ucmalloc(sizeof(pcp_keysig_t));
sk->type = PCP_KEYSIG_PBP; sk->type = PCP_KEYSIG_PBP;
sk->size = buffer_size(blob); sk->size = buffer_size(blob);
@@ -474,7 +476,6 @@ pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob) {
return NULL; return NULL;
} }
Buffer *pcp_export_pbp_pub(pcp_key_t *sk) { Buffer *pcp_export_pbp_pub(pcp_key_t *sk) {
struct tm *v, *c; struct tm *v, *c;
byte *signature = NULL; byte *signature = NULL;
@@ -494,11 +495,12 @@ Buffer *pcp_export_pbp_pub(pcp_key_t *sk) {
time_t vt = t + 31536000; time_t vt = t + 31536000;
v = localtime(&vt); v = localtime(&vt);
date = ucmalloc(65); date = ucmalloc(65);
sprintf(date, "%04d-%02d-%02dT%02d:%02d:%02d.000000 %04d-%02d-%02dT%02d:%02d:%02d.000000 ", sprintf(date,
"%04d-%02d-%02dT%02d:%02d:%02d.000000 "
"%04d-%02d-%02dT%02d:%02d:%02d.000000 ",
c->tm_year + 1900 - 1, c->tm_mon + 1, c->tm_mday, // wtf? why -1? c->tm_year + 1900 - 1, c->tm_mon + 1, c->tm_mday, // wtf? why -1?
c->tm_hour, c->tm_min, c->tm_sec, c->tm_hour, c->tm_min, c->tm_sec, v->tm_year + 1900 - 1,
v->tm_year+1900-1, v->tm_mon+1, v->tm_mday, v->tm_mon + 1, v->tm_mday, v->tm_hour, v->tm_min, v->tm_sec);
v->tm_hour, v->tm_min, v->tm_sec);
buffer_add(sig, date, 64); buffer_add(sig, date, 64);
/* add owner */ /* add owner */
@@ -517,7 +519,6 @@ Buffer *pcp_export_pbp_pub(pcp_key_t *sk) {
buffer_free(sig); buffer_free(sig);
return out; return out;
exppbperr01: exppbperr01:
buffer_free(sig); buffer_free(sig);
buffer_free(out); buffer_free(out);
@@ -526,7 +527,6 @@ Buffer *pcp_export_pbp_pub(pcp_key_t *sk) {
return NULL; return NULL;
} }
Buffer *pcp_export_rfc_pub(PCPCTX *ptx, pcp_key_t *sk) { Buffer *pcp_export_rfc_pub(PCPCTX *ptx, pcp_key_t *sk) {
Buffer *out = buffer_new(320, "exportbuf"); Buffer *out = buffer_new(320, "exportbuf");
Buffer *raw = buffer_new(256, "keysigbuf"); Buffer *raw = buffer_new(256, "keysigbuf");
@@ -674,15 +674,13 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) {
if (strlen(sk->owner) > 0) { if (strlen(sk->owner) > 0) {
buffer_add16be(raw, strlen(sk->owner)); buffer_add16be(raw, strlen(sk->owner));
buffer_add(raw, sk->owner, strlen(sk->owner)); buffer_add(raw, sk->owner, strlen(sk->owner));
} } else
else
buffer_add16be(raw, 0); buffer_add16be(raw, 0);
if (strlen(sk->mail) > 0) { if (strlen(sk->mail) > 0) {
buffer_add16be(raw, strlen(sk->mail)); buffer_add16be(raw, strlen(sk->mail));
buffer_add(raw, sk->mail, strlen(sk->mail)); buffer_add(raw, sk->mail, strlen(sk->mail));
} } else
else
buffer_add16be(raw, 0); buffer_add16be(raw, 0);
buffer_add64be(raw, sk->ctime); buffer_add64be(raw, sk->ctime);
@@ -693,15 +691,15 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) {
arc4random_buf(nonce, LNONCE); arc4random_buf(nonce, LNONCE);
symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), nonce, LNONCE); symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), nonce, LNONCE);
es = pcp_sodium_mac(&cipher, buffer_get(raw), buffer_size(raw), nonce, symkey); es =
pcp_sodium_mac(&cipher, buffer_get(raw), buffer_size(raw), nonce, symkey);
#ifdef HAVE_JSON #ifdef HAVE_JSON
if (ptx->json) { if (ptx->json) {
Buffer *jout = pcp_export_json_secret(ptx, sk, nonce, cipher, es); Buffer *jout = pcp_export_json_secret(ptx, sk, nonce, cipher, es);
buffer_free(out); buffer_free(out);
out = jout; out = jout;
} } else {
else {
#endif #endif
buffer_add(out, nonce, LNONCE); buffer_add(out, nonce, LNONCE);
@@ -719,14 +717,15 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) {
return out; return out;
} }
pcp_key_t *pcp_import_binsecret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passphrase) { pcp_key_t *pcp_import_binsecret(PCPCTX *ptx, byte *raw, size_t rawsize,
char *passphrase) {
Buffer *blob = buffer_new(512, "importskblob"); Buffer *blob = buffer_new(512, "importskblob");
buffer_add(blob, raw, rawsize); buffer_add(blob, raw, rawsize);
return pcp_import_secret_native(ptx, blob, passphrase); return pcp_import_secret_native(ptx, blob, passphrase);
} }
pcp_key_t *pcp_import_secret(PCPCTX *ptx, byte *raw, size_t rawsize,
pcp_key_t *pcp_import_secret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passphrase) { char *passphrase) {
size_t clen; size_t clen;
byte *bin = NULL; byte *bin = NULL;
char *z85 = NULL; char *z85 = NULL;
@@ -747,8 +746,7 @@ pcp_key_t *pcp_import_secret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passp
/* treat as binary blob */ /* treat as binary blob */
fatals_reset(ptx); fatals_reset(ptx);
buffer_add(blob, raw, rawsize); buffer_add(blob, raw, rawsize);
} } else {
else {
/* use decoded */ /* use decoded */
buffer_add(blob, bin, clen); buffer_add(blob, bin, clen);
ucfree(bin, clen); ucfree(bin, clen);
@@ -761,13 +759,15 @@ pcp_key_t *pcp_import_secret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passp
return sk; return sk;
} }
pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphrase) { pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher,
char *passphrase) {
pcp_key_t *sk = ucmalloc(sizeof(pcp_key_t)); pcp_key_t *sk = ucmalloc(sizeof(pcp_key_t));
byte *nonce = ucmalloc(LNONCE); byte *nonce = ucmalloc(LNONCE);
byte *symkey = NULL; byte *symkey = NULL;
byte *clear = NULL; byte *clear = NULL;
size_t cipherlen = 0; size_t cipherlen = 0;
size_t minlen = (LEDSEC * 2) + (LBOXPUB * 2) + (LEDPUB * 2) + 8 + 4 + 4; /* key material and mandatory field sizes */ size_t minlen = (LEDSEC * 2) + (LBOXPUB * 2) + (LEDPUB * 2) + 8 + 4 +
4; /* key material and mandatory field sizes */
uint16_t notationlen = 0; uint16_t notationlen = 0;
Buffer *blob = buffer_new(512, "secretdecryptbuf"); Buffer *blob = buffer_new(512, "secretdecryptbuf");
@@ -789,7 +789,9 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras
cipherlen = buffer_left(cipher); cipherlen = buffer_left(cipher);
if (cipherlen < minlen) { if (cipherlen < minlen) {
fatal(ptx, "failed to decrypt the secret key file:\n" fatal(
ptx,
"failed to decrypt the secret key file:\n"
"expected encrypted secret key size %ld is less than minimum len %ld\n", "expected encrypted secret key size %ld is less than minimum len %ld\n",
cipherlen, minlen); cipherlen, minlen);
goto impserr1; goto impserr1;
@@ -797,8 +799,8 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras
/* decrypt the blob */ /* decrypt the blob */
clear = ucmalloc(cipherlen - LMAC); clear = ucmalloc(cipherlen - LMAC);
if(pcp_sodium_verify_mac(&clear, buffer_get_remainder(cipher), if (pcp_sodium_verify_mac(&clear, buffer_get_remainder(cipher), cipherlen,
cipherlen, nonce, symkey) != 0) { nonce, symkey) != 0) {
fatal(ptx, "failed to decrypt the secret key file\n"); fatal(ptx, "failed to decrypt the secret key file\n");
goto impserr2; goto impserr2;
@@ -818,20 +820,20 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras
notationlen = buffer_get16na(blob); notationlen = buffer_get16na(blob);
if (notationlen > 255) { if (notationlen > 255) {
fatal(ptx, "Invalid notation value size for owner (got: %ld, expected: 255)\n", fatal(ptx,
"Invalid notation value size for owner (got: %ld, expected: 255)\n",
notationlen); notationlen);
goto impserr2; goto impserr2;
} } else if (notationlen > 0)
else if(notationlen > 0)
buffer_get_chunk(blob, sk->owner, notationlen); buffer_get_chunk(blob, sk->owner, notationlen);
notationlen = buffer_get16na(blob); notationlen = buffer_get16na(blob);
if (notationlen > 255) { if (notationlen > 255) {
fatal(ptx, "Invalid notation value size for mail (got: %ld, expected: 255)\n", fatal(ptx,
"Invalid notation value size for mail (got: %ld, expected: 255)\n",
notationlen); notationlen);
goto impserr2; goto impserr2;
} } else if (notationlen > 0)
else if(notationlen > 0)
buffer_get_chunk(blob, sk->mail, notationlen); buffer_get_chunk(blob, sk->mail, notationlen);
if (buffer_done(blob) == 1) if (buffer_done(blob) == 1)
@@ -841,7 +843,6 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras
sk->version = buffer_get32na(blob); sk->version = buffer_get32na(blob);
sk->serial = buffer_get32na(blob); sk->serial = buffer_get32na(blob);
/* fill in the calculated fields */ /* fill in the calculated fields */
char *id = pcp_getkeyid(sk); char *id = pcp_getkeyid(sk);
memcpy(sk->id, id, 17); memcpy(sk->id, id, 17);
@@ -868,13 +869,6 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras
return NULL; return NULL;
} }
#ifdef HAVE_JSON #ifdef HAVE_JSON
json_t *pcp_pk2json(pcp_pubkey_t *pk) { json_t *pcp_pk2json(pcp_pubkey_t *pk) {
@@ -915,28 +909,18 @@ json_t *pcp_sk2json(pcp_key_t *sk, byte *sig, size_t siglen) {
if (sig != NULL) { if (sig != NULL) {
ssig = _bin2hex(sig, siglen); ssig = _bin2hex(sig, siglen);
} } else {
else {
ssig = malloc(1); ssig = malloc(1);
ssig[0] = '\0'; ssig[0] = '\0';
jformat = "{sssssssIsIsIsIssssssssss}"; jformat = "{sssssssIsIsIsIssssssssss}";
} }
jout = json_pack(jformat, jout = json_pack(
"id" , sk->id, jformat, "id", sk->id, "owner", sk->owner, "mail", sk->mail, "ctime",
"owner" , sk->owner, (json_int_t)sk->ctime, "expire", (json_int_t)sk->ctime + 31536000,
"mail" , sk->mail, "version", (json_int_t)sk->version, "serial", (json_int_t)sk->serial,
"ctime" , (json_int_t)sk->ctime, "type", "public", "cipher", EXP_PK_CIPHER_NAME, "cryptpub", cryptpub,
"expire" , (json_int_t)sk->ctime+31536000, "sigpub", sigpub, "masterpub", masterpub, "signature", ssig);
"version" , (json_int_t)sk->version,
"serial" , (json_int_t)sk->serial,
"type" , "public",
"cipher" , EXP_PK_CIPHER_NAME,
"cryptpub" , cryptpub,
"sigpub" , sigpub,
"masterpub" , masterpub,
"signature" , ssig
);
free(cryptpub); free(cryptpub);
free(sigpub); free(sigpub);
@@ -947,7 +931,8 @@ json_t *pcp_sk2json(pcp_key_t *sk, byte *sig, size_t siglen) {
return jout; return jout;
} }
Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce, byte *cipher, size_t clen) { Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce,
byte *cipher, size_t clen) {
Buffer *b = buffer_new_str("jsonbuf"); Buffer *b = buffer_new_str("jsonbuf");
char *jdump, *xcipher, *xnonce; char *jdump, *xcipher, *xnonce;
json_t *jout; json_t *jout;
@@ -968,8 +953,7 @@ Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce, byte *ci
if (jdump != NULL) { if (jdump != NULL) {
buffer_add(b, jdump, strlen(jdump)); buffer_add(b, jdump, strlen(jdump));
free(jdump); free(jdump);
} } else {
else {
fatal(ptx, "JSON encoding error: %s", jerror.text); fatal(ptx, "JSON encoding error: %s", jerror.text);
} }
@@ -978,7 +962,8 @@ Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce, byte *ci
return b; return b;
} }
Buffer *pcp_export_json_pub(PCPCTX *ptx, pcp_key_t *sk, byte *sig, size_t siglen) { Buffer *pcp_export_json_pub(PCPCTX *ptx, pcp_key_t *sk, byte *sig,
size_t siglen) {
Buffer *b = buffer_new_str("jsonbuf"); Buffer *b = buffer_new_str("jsonbuf");
char *jdump; char *jdump;
json_t *jout; json_t *jout;
@@ -992,8 +977,7 @@ Buffer *pcp_export_json_pub(PCPCTX *ptx, pcp_key_t *sk, byte *sig, size_t siglen
if (jdump != NULL) { if (jdump != NULL) {
buffer_add(b, jdump, strlen(jdump)); buffer_add(b, jdump, strlen(jdump));
free(jdump); free(jdump);
} } else {
else {
fatal(ptx, "JSON encoding error: %s", jerror.text); fatal(ptx, "JSON encoding error: %s", jerror.text);
} }
@@ -1009,7 +993,8 @@ Buffer *pcp_import_secret_json(PCPCTX *ptx, Buffer *json) {
size_t binlen; size_t binlen;
char *hexerr = "failed to decode hex string"; char *hexerr = "failed to decode hex string";
jin = json_loadb((char *)buffer_get(json), buffer_size(json), JSON_DISABLE_EOF_CHECK, &jerror); jin = json_loadb((char *)buffer_get(json), buffer_size(json),
JSON_DISABLE_EOF_CHECK, &jerror);
if (jin == NULL) if (jin == NULL)
goto jirr1; goto jirr1;
@@ -1174,17 +1159,16 @@ pcp_ks_bundle_t *pcp_import_pub_json(PCPCTX *ptx, byte *raw, size_t rawsize) {
buffer_add(btmp, blob, siglen); buffer_add(btmp, blob, siglen);
btmp->offset = buffer_size(btmp) - btmp->offset = buffer_size(btmp) -
(crypto_sign_BYTES + crypto_generichash_BYTES_MAX); /* 32*3 keys + 10 header */ (crypto_sign_BYTES +
crypto_generichash_BYTES_MAX); /* 32*3 keys + 10 header */
if (_check_hash_keysig(ptx, btmp, p, s) != 0) { if (_check_hash_keysig(ptx, btmp, p, s) != 0) {
b->s = NULL; b->s = NULL;
} } else {
else {
b->s = s; b->s = s;
} }
buffer_free(btmp); buffer_free(btmp);
} } else {
else {
strcpy(jerror.text, "sigerr"); strcpy(jerror.text, "sigerr");
goto jerr2; goto jerr2;
} }

120
meson.build Normal file
View File

@@ -0,0 +1,120 @@
# -*-python-*-
project(
'pcp',
'c',
license: 'GPL',
version: '0.4.1',
meson_version: '>=1.3',
default_options: [
'warning_level=2',
'werror=true',
],
)
add_project_arguments(
[
'-Wno-unused-parameter',
'-Wno-unused-result',
'-Wno-missing-braces',
'-Wno-format-zero-length',
'-Wno-implicit-fallthrough',
#'-Wvla',
'-Wno-sign-compare',
'-Wno-narrowing'
],
language: 'c',
)
c = meson.get_compiler('c')
conf = configuration_data()
pcp_inc = include_directories('src', 'libpcp')
if host_machine.system().startswith('freebsd')
pcp_inc = include_directories('.', '/usr/local/include')
add_project_link_arguments('LDFLAGS=/usr/local/lib')
endif
# check for funcs.
foreach func : ['getopt', 'fdopen', 'fgetc', 'getenv', 'getpass', 'arc4random', 'fopen', 'fread', 'fwrite', 'ftruncate', 'fprintf', 'isatty', 'malloc', 'memset', 'memcpy', 'perror', 'posix_memalign', 'setrlimit', 'strnlen', 'strlen', 'strtol', 'tcgetattr', 'umask', 'towlower', 'getopt', 'getopt_long', 'vasprintf',]
conf.set('HAVE_'+func.to_upper(),
c.has_function(
func,
prefix : '#include <unistd.h>\n#include <stdio.h>\n#include <stdlib.h>\n#include <sys/resource.h>\n#include <string.h>\n#include <sys/stat.h>\n#include <termios.h>\n#include <wctype.h>\n#include <getopt.h>',
)
)
endforeach
if host_machine.system().startswith('freebsd')
conf.set('HAVE_STRNSTR',
c.has_function(
'strnstr',
prefix: '#include <string.h>'
))
else
bsd = c.find_library('bsd')
conf.set('HAVE_STRNSTR',
c.has_function(
'strnstr',
prefix: '#include <bsd/string.h>',
dependencies: bsd,
))
add_project_dependencies(bsd, language: 'c')
endif
# check commandline options
prefix = get_option('prefix')
if get_option('buildtype') == 'debug'
conf.set('DEBUG', '1')
endif
# setup conf map
version = '@0@'.format(meson.project_version())
conf.set('prefix', prefix)
conf.set('VERSION', version)
subdir('libpcp')
# code
pcp_sources = files(
'src/compat_getopt.c',
'src/encryption.c',
'src/keymgmt.c',
'src/keyprint.c',
'src/pcp.c',
'src/signature.c',
'src/z85util.c'
)
executable(
'pcp',
[pcp_sources],
include_directories: [pcp_inc],
dependencies: [libpcp_dep, jansson],
install: true
)
# build manual page
pod2man = find_program('pod2man', native: true)
if pod2man.found()
res = run_command(pod2man.full_path(), 'man/pcp.pod', 'pcp.1', check:true)
if res.returncode() == 0
install_man('pcp.1')
endif
endif
subdir('tests')

1
meson_options.txt Normal file
View File

@@ -0,0 +1 @@
# custom build options

4
src/compat_getopt.h
View File

@@ -26,11 +26,9 @@
#ifndef MY_GETOPT_H_INCLUDED #ifndef MY_GETOPT_H_INCLUDED
#define MY_GETOPT_H_INCLUDED #define MY_GETOPT_H_INCLUDED
#ifdef HAVE_CONFIG_H
#include "config.h" #include "config.h"
#endif
#if defined(HAVE_GETOPT_H) && defined(HAVE_GETOPT_LONG) #if defined(HAVE_GETOPT) && defined(HAVE_GETOPT_LONG)
#include <getopt.h> #include <getopt.h>
#else #else

19
src/encryption.h
View File

@@ -19,27 +19,28 @@
You can contact me by mail: <tlinden AT cpan DOT org>. You can contact me by mail: <tlinden AT cpan DOT org>.
*/ */
#ifndef _HAVE_ENCRYPTION_H #ifndef _HAVE_ENCRYPTION_H
#define _HAVE_ENCRYPTION_H #define _HAVE_ENCRYPTION_H
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include "context.h"
#include "crypto.h"
#include "defines.h" #include "defines.h"
#include "key.h" #include "key.h"
#include "crypto.h" #include "keyhash.h"
#include "keyprint.h"
#include "pcp.h" #include "pcp.h"
#include "pcpstream.h"
#include "plist.h"
#include "uthash.h" #include "uthash.h"
#include "z85.h" #include "z85.h"
#include "keyprint.h"
#include "keyhash.h"
#include "plist.h"
#include "pcpstream.h"
#include "context.h"
int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, int verify); int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd,
int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *recipient, int signcrypt, int armor, int anon); int verify);
int pcpencrypt(char *id, char *infile, char *outfile, char *passwd,
plist_t *recipient, int signcrypt, int armor, int anon);
void pcpchecksum(char **files, int filenum, char *key); void pcpchecksum(char **files, int filenum, char *key);
#endif /* _HAVE_ENCRYPTION_H */ #endif /* _HAVE_ENCRYPTION_H */

212
src/keymgmt.c
View File

@@ -19,10 +19,8 @@
You can contact me by mail: <tlinden AT cpan DOT org>. You can contact me by mail: <tlinden AT cpan DOT org>.
*/ */
#include "keymgmt.h" #include "keymgmt.h"
char *pcp_getstdin(const char *prompt) { char *pcp_getstdin(const char *prompt) {
char line[255]; char line[255];
char *out = NULL; char *out = NULL;
@@ -79,26 +77,25 @@ void pcp_keygen(char *passwd) {
char *passphrase; char *passphrase;
if (passwd == NULL) { if (passwd == NULL) {
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase, "Enter passphrase for key encryption",
"Enter passphrase for key encryption",
"Enter the passphrase again", 1, NULL); "Enter the passphrase again", 1, NULL);
} } else {
else {
passphrase = passwd; passphrase = passwd;
} }
if (strnlen(passphrase, 1024) > 0) { if (strnlen(passphrase, 1024) > 0) {
double ent = pcp_getentropy(passphrase); double ent = pcp_getentropy(passphrase);
if (ent < 3.32) { if (ent < 3.32) {
fprintf(stderr, "WARNING: you are using a weak passphrase (entropy: %lf)!\n", ent); fprintf(stderr,
"WARNING: you are using a weak passphrase (entropy: %lf)!\n",
ent);
char *yes = pcp_getstdin("Are you sure to use it [yes|NO]?"); char *yes = pcp_getstdin("Are you sure to use it [yes|NO]?");
if (strncmp(yes, "yes", 1024) != 0) { if (strncmp(yes, "yes", 1024) != 0) {
goto errkg1; goto errkg1;
} }
} }
key = pcpkey_encrypt(ptx, k, passphrase); key = pcpkey_encrypt(ptx, k, passphrase);
} } else {
else {
/* No unencrypted secret key allowed anymore [19.08.2015, tom] */ /* No unencrypted secret key allowed anymore [19.08.2015, tom] */
memset(k, 0, sizeof(pcp_key_t)); memset(k, 0, sizeof(pcp_key_t));
free(k); free(k);
@@ -124,29 +121,24 @@ void pcp_keygen(char *passwd) {
free(owner); free(owner);
} }
void pcp_listkeys() { void pcp_listkeys() {
pcp_key_t *k; pcp_key_t *k;
int nkeys = pcphash_count(ptx) + pcphash_countpub(ptx); int nkeys = pcphash_count(ptx) + pcphash_countpub(ptx);
if (nkeys > 0) { if (nkeys > 0) {
printf("Key ID Type Creation Time Owner\n"); printf(
"Key ID Type Creation Time Owner\n");
pcphash_iterate(ptx, k) { pcphash_iterate(ptx, k) { pcpkey_printlineinfo(k); }
pcpkey_printlineinfo(k);
}
pcp_pubkey_t *p; pcp_pubkey_t *p;
pcphash_iteratepub(ptx, p) { pcphash_iteratepub(ptx, p) { pcppubkey_printlineinfo(p); }
pcppubkey_printlineinfo(p); } else {
fatal(ptx, "The key vault file %s doesn't contain any keys so far.\n",
vault->filename);
} }
} }
else {
fatal(ptx, "The key vault file %s doesn't contain any keys so far.\n", vault->filename);
}
}
char *pcp_normalize_id(char *keyid) { char *pcp_normalize_id(char *keyid) {
char *id = ucmalloc(17); char *id = ucmalloc(17);
@@ -154,26 +146,22 @@ char *pcp_normalize_id(char *keyid) {
if (len == 16) { if (len == 16) {
memcpy(id, keyid, 17); memcpy(id, keyid, 17);
} } else if (len < 16) {
else if(len < 16) {
fatal(ptx, "Specified key id %s is too short!\n", keyid); fatal(ptx, "Specified key id %s is too short!\n", keyid);
free(id); free(id);
return NULL; return NULL;
} } else if (len > 18) {
else if(len > 18) {
fatal(ptx, "Specified key id %s is too long!\n", keyid); fatal(ptx, "Specified key id %s is too long!\n", keyid);
free(id); free(id);
return NULL; return NULL;
} } else {
else {
if (keyid[0] == '0' && keyid[1] == 'x' && len == 18) { if (keyid[0] == '0' && keyid[1] == 'x' && len == 18) {
int i; int i;
for (i = 0; i < 16; ++i) { for (i = 0; i < 16; ++i) {
id[i] = keyid[i + 2]; id[i] = keyid[i + 2];
} }
id[16] = 0; id[16] = 0;
} } else {
else {
fatal(ptx, "Specified key id %s is too long!\n", keyid); fatal(ptx, "Specified key id %s is too long!\n", keyid);
free(id); free(id);
return NULL; return NULL;
@@ -194,30 +182,30 @@ pcp_key_t *pcp_find_primary_secret() {
/* no primary? whoops */ /* no primary? whoops */
int nkeys = pcphash_count(ptx); int nkeys = pcphash_count(ptx);
if (nkeys == 1) { if (nkeys == 1) {
pcphash_iterate(ptx, k) { pcphash_iterate(ptx, k) { return k; }
return k;
}
} }
return NULL; return NULL;
} }
void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *passwd) { void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor,
char *passwd) {
pcp_key_t *key = NULL; pcp_key_t *key = NULL;
if (useid == 1) { if (useid == 1) {
/* look if we've got that one */ /* look if we've got that one */
key = pcphash_keyexists(ptx, keyid); key = pcphash_keyexists(ptx, keyid);
if (key == NULL) { if (key == NULL) {
fatal(ptx, "Could not find a secret key with id 0x%s in vault %s!\n", keyid, vault->filename); fatal(ptx, "Could not find a secret key with id 0x%s in vault %s!\n",
keyid, vault->filename);
goto errexpse1; goto errexpse1;
} }
} } else {
else {
/* look for our primary key */ /* look for our primary key */
key = pcp_find_primary_secret(); key = pcp_find_primary_secret();
if (key == NULL) { if (key == NULL) {
fatal(ptx, "There's no primary secret key in the vault %s!\n", vault->filename); fatal(ptx, "There's no primary secret key in the vault %s!\n",
vault->filename);
goto errexpse1; goto errexpse1;
} }
} }
@@ -225,8 +213,7 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa
FILE *out; FILE *out;
if (outfile == NULL) { if (outfile == NULL) {
out = stdout; out = stdout;
} } else {
else {
if ((out = fopen(outfile, "wb+")) == NULL) { if ((out = fopen(outfile, "wb+")) == NULL) {
fatal(ptx, "Could not create output file %s\n", outfile); fatal(ptx, "Could not create output file %s\n", outfile);
goto errexpse1; goto errexpse1;
@@ -240,15 +227,15 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa
if (passwd == NULL) { if (passwd == NULL) {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase,
"Enter passphrase to decrypt your secret key", NULL, 1, NULL); "Enter passphrase to decrypt your secret key", NULL, 1,
NULL);
key = pcpkey_decrypt(ptx, key, passphrase); key = pcpkey_decrypt(ptx, key, passphrase);
if (key == NULL) { if (key == NULL) {
sfree(passphrase); sfree(passphrase);
goto errexpse1; goto errexpse1;
} }
sfree(passphrase); sfree(passphrase);
} } else {
else {
key = pcpkey_decrypt(ptx, key, passwd); key = pcpkey_decrypt(ptx, key, passwd);
if (key == NULL) { if (key == NULL) {
goto errexpse1; goto errexpse1;
@@ -259,8 +246,7 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa
if (passwd != NULL) { if (passwd != NULL) {
exported_sk = pcp_export_secret(ptx, key, passwd); exported_sk = pcp_export_secret(ptx, key, passwd);
} } else {
else {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase,
"Enter passphrase to encrypt the exported secret key", "Enter passphrase to encrypt the exported secret key",
@@ -272,31 +258,29 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa
if (exported_sk != NULL) { if (exported_sk != NULL) {
if (armor == 1) { if (armor == 1) {
size_t zlen; size_t zlen;
char *z85 = pcp_z85_encode(buffer_get(exported_sk), buffer_size(exported_sk), &zlen, 1); char *z85 = pcp_z85_encode(buffer_get(exported_sk),
buffer_size(exported_sk), &zlen, 1);
fprintf(out, "%s\r\n%s\r\n%s\r\n", EXP_SK_HEADER, z85, EXP_SK_FOOTER); fprintf(out, "%s\r\n%s\r\n%s\r\n", EXP_SK_HEADER, z85, EXP_SK_FOOTER);
free(z85); free(z85);
} } else {
else {
fwrite(buffer_get(exported_sk), 1, buffer_size(exported_sk), out); fwrite(buffer_get(exported_sk), 1, buffer_size(exported_sk), out);
} }
buffer_free(exported_sk); buffer_free(exported_sk);
fprintf(stderr, "secret key exported.\n"); fprintf(stderr, "secret key exported.\n");
} }
} }
errexpse1: errexpse1:;
;
} }
/* /*
if id given, look if it is already a public and export this, if id given, look if it is already a public and export this,
else we look for a secret key with that id. without a given else we look for a secret key with that id. without a given
keyid we use the primary key. if no keyid has been given but keyid we use the primary key. if no keyid has been given but
a recipient instead, we try to look up the vault for a match. a recipient instead, we try to look up the vault for a match.
*/ */
void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int armor) { void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format,
int armor) {
FILE *out; FILE *out;
int is_foreign = 0; int is_foreign = 0;
pcp_pubkey_t *pk = NULL; pcp_pubkey_t *pk = NULL;
@@ -305,8 +289,7 @@ void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int
if (outfile == NULL) { if (outfile == NULL) {
out = stdout; out = stdout;
} } else {
else {
if ((out = fopen(outfile, "wb+")) == NULL) { if ((out = fopen(outfile, "wb+")) == NULL) {
fatal(ptx, "Could not create output file %s\n", outfile); fatal(ptx, "Could not create output file %s\n", outfile);
goto errpcpexpu1; goto errpcpexpu1;
@@ -320,40 +303,37 @@ void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int
/* ok, so, then look for a secret key with that id */ /* ok, so, then look for a secret key with that id */
sk = pcphash_keyexists(ptx, keyid); sk = pcphash_keyexists(ptx, keyid);
if (sk == NULL) { if (sk == NULL) {
fatal(ptx, "Could not find a key with id 0x%s in vault %s!\n", fatal(ptx, "Could not find a key with id 0x%s in vault %s!\n", keyid,
keyid, vault->filename); vault->filename);
goto errpcpexpu1; goto errpcpexpu1;
} } else {
else {
/* ok, so it's our own key */ /* ok, so it's our own key */
is_foreign = 0; is_foreign = 0;
} }
} } else {
else {
/* it's a foreign public key, we cannot sign it ourselfes */ /* it's a foreign public key, we cannot sign it ourselfes */
is_foreign = 1; is_foreign = 1;
} }
} } else {
else {
/* we use our primary key anyway */ /* we use our primary key anyway */
sk = pcp_find_primary_secret(); sk = pcp_find_primary_secret();
if (sk == NULL) { if (sk == NULL) {
fatal(ptx, "There's no primary secret key in the vault %s!\n", vault->filename); fatal(ptx, "There's no primary secret key in the vault %s!\n",
vault->filename);
goto errpcpexpu1; goto errpcpexpu1;
} }
is_foreign = 0; is_foreign = 0;
} }
if (is_foreign == 0 && sk->secret[0] == 0 && format <= EXP_FORMAT_PBP) { if (is_foreign == 0 && sk->secret[0] == 0 && format <= EXP_FORMAT_PBP) {
/* decrypt the secret key */ /* decrypt the secret key */
if (passwd != NULL) { if (passwd != NULL) {
sk = pcpkey_decrypt(ptx, sk, passwd); sk = pcpkey_decrypt(ptx, sk, passwd);
} } else {
else {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase,
"Enter passphrase to decrypt your secret key", NULL, 1, NULL); "Enter passphrase to decrypt your secret key", NULL, 1,
NULL);
sk = pcpkey_decrypt(ptx, sk, passphrase); sk = pcpkey_decrypt(ptx, sk, passphrase);
sfree(passphrase); sfree(passphrase);
} }
@@ -369,47 +349,43 @@ void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int
if (exported_pk != NULL) { if (exported_pk != NULL) {
if (armor == 1) { if (armor == 1) {
size_t zlen; size_t zlen;
char *z85 = pcp_z85_encode(buffer_get(exported_pk), buffer_size(exported_pk), &zlen, 1); char *z85 = pcp_z85_encode(buffer_get(exported_pk),
buffer_size(exported_pk), &zlen, 1);
fprintf(out, "%s\r\n%s\r\n%s\r\n", EXP_PK_HEADER, z85, EXP_PK_FOOTER); fprintf(out, "%s\r\n%s\r\n%s\r\n", EXP_PK_HEADER, z85, EXP_PK_FOOTER);
free(z85); free(z85);
} } else
else
fwrite(buffer_get(exported_pk), 1, buffer_size(exported_pk), out); fwrite(buffer_get(exported_pk), 1, buffer_size(exported_pk), out);
buffer_free(exported_pk); buffer_free(exported_pk);
fprintf(stderr, "public key exported.\n"); fprintf(stderr, "public key exported.\n");
} }
} } else {
else {
/* FIXME: export foreign keys unsupported yet */ /* FIXME: export foreign keys unsupported yet */
fatal(ptx, "Exporting foreign public keys in native format unsupported yet\n"); fatal(ptx,
"Exporting foreign public keys in native format unsupported yet\n");
goto errpcpexpu1; goto errpcpexpu1;
} }
} } else if (format == EXP_FORMAT_PBP) {
else if(format == EXP_FORMAT_PBP) {
if (is_foreign == 0) { if (is_foreign == 0) {
exported_pk = pcp_export_pbp_pub(sk); exported_pk = pcp_export_pbp_pub(sk);
if (exported_pk != NULL) { if (exported_pk != NULL) {
/* PBP format requires armoring always */ /* PBP format requires armoring always */
size_t zlen; size_t zlen;
char *z85pbp = pcp_z85_encode(buffer_get(exported_pk), buffer_size(exported_pk), &zlen, 1); char *z85pbp = pcp_z85_encode(buffer_get(exported_pk),
buffer_size(exported_pk), &zlen, 1);
fprintf(out, "%s", z85pbp); fprintf(out, "%s", z85pbp);
free(z85pbp); free(z85pbp);
buffer_free(exported_pk); buffer_free(exported_pk);
fprintf(stderr, "public key exported in PBP format.\n"); fprintf(stderr, "public key exported in PBP format.\n");
} }
} } else {
else {
fatal(ptx, "Exporting foreign public keys in PBP format not possible\n"); fatal(ptx, "Exporting foreign public keys in PBP format not possible\n");
goto errpcpexpu1; goto errpcpexpu1;
} }
} }
errpcpexpu1: errpcpexpu1:;
;
} }
void pcpdelete_key(char *keyid) { void pcpdelete_key(char *keyid) {
pcp_pubkey_t *p = pcphash_pubkeyexists(ptx, keyid); pcp_pubkey_t *p = pcphash_pubkeyexists(ptx, keyid);
@@ -423,16 +399,14 @@ void pcpdelete_key(char *keyid) {
pcphash_del(ptx, p, p->type); pcphash_del(ptx, p, p->type);
vault->unsafed = 1; vault->unsafed = 1;
fprintf(stderr, "Public key deleted.\n"); fprintf(stderr, "Public key deleted.\n");
} } else {
else {
pcp_key_t *s = pcphash_keyexists(ptx, keyid); pcp_key_t *s = pcphash_keyexists(ptx, keyid);
if (s != NULL) { if (s != NULL) {
/* delete secret */ /* delete secret */
pcphash_del(ptx, s, s->type); pcphash_del(ptx, s, s->type);
vault->unsafed = 1; vault->unsafed = 1;
fprintf(stderr, "Secret key deleted.\n"); fprintf(stderr, "Secret key deleted.\n");
} } else {
else {
fatal(ptx, "No key with id 0x%s found!\n", keyid); fatal(ptx, "No key with id 0x%s found!\n", keyid);
} }
} }
@@ -444,19 +418,22 @@ void pcpedit_key(char *keyid) {
if (key != NULL) { if (key != NULL) {
if (key->secret[0] == 0) { if (key->secret[0] == 0) {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, "Enter passphrase to decrypt the key", NULL, 1, NULL); pcp_readpass(ptx, &passphrase, "Enter passphrase to decrypt the key",
NULL, 1, NULL);
key = pcpkey_decrypt(ptx, key, passphrase); key = pcpkey_decrypt(ptx, key, passphrase);
sfree(passphrase); sfree(passphrase);
} }
if (key != NULL) { if (key != NULL) {
fprintf(stderr, "Current owner: %s\n", key->owner); fprintf(stderr, "Current owner: %s\n", key->owner);
char *owner = pcp_getstdin(" enter new name or press enter to keep current"); char *owner =
pcp_getstdin(" enter new name or press enter to keep current");
if (strlen(owner) > 0) if (strlen(owner) > 0)
memcpy(key->owner, owner, strlen(owner) + 1); memcpy(key->owner, owner, strlen(owner) + 1);
fprintf(stderr, "Current mail: %s\n", key->mail); fprintf(stderr, "Current mail: %s\n", key->mail);
char *mail = pcp_getstdin(" enter new email or press enter to keep current"); char *mail =
pcp_getstdin(" enter new email or press enter to keep current");
if (strlen(mail) > 0) if (strlen(mail) > 0)
memcpy(key->mail, mail, strlen(mail) + 1); memcpy(key->mail, mail, strlen(mail) + 1);
@@ -475,12 +452,14 @@ void pcpedit_key(char *keyid) {
char *yes = NULL; char *yes = NULL;
if (!haveprimary) { if (!haveprimary) {
fprintf(stderr, "There is currently no primary secret in your vault,\n"); fprintf(stderr,
"There is currently no primary secret in your vault,\n");
yes = pcp_getstdin("want to make this one the primary [yes|NO]?"); yes = pcp_getstdin("want to make this one the primary [yes|NO]?");
} } else {
else { fprintf(stderr, "The key %s is currently the primary secret,\n",
fprintf(stderr, "The key %s is currently the primary secret,\n", other->id); other->id);
yes = pcp_getstdin("want to make this one the primary instead [yes|NO]?"); yes = pcp_getstdin(
"want to make this one the primary instead [yes|NO]?");
} }
if (strncmp(yes, "yes", 1024) == 0) { if (strncmp(yes, "yes", 1024) == 0) {
@@ -496,7 +475,8 @@ void pcpedit_key(char *keyid) {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase,
"Enter new passphrase for key encryption (press enter to keep current)", "Enter new passphrase for key encryption (press enter to "
"keep current)",
"Enter the passphrase again", 1, NULL); "Enter the passphrase again", 1, NULL);
if (strnlen(passphrase, 1024) > 0) { if (strnlen(passphrase, 1024) > 0) {
@@ -512,13 +492,11 @@ void pcpedit_key(char *keyid) {
fprintf(stderr, "Key %s changed.\n", key->id); fprintf(stderr, "Key %s changed.\n", key->id);
} }
} }
} } else {
else {
fatal(ptx, "No key with id 0x%s found!\n", keyid); fatal(ptx, "No key with id 0x%s found!\n", keyid);
} }
} }
char *pcp_find_id_byrec(char *recipient) { char *pcp_find_id_byrec(char *recipient) {
pcp_pubkey_t *p; pcp_pubkey_t *p;
char *id = NULL; char *id = NULL;
@@ -538,7 +516,6 @@ char *pcp_find_id_byrec(char *recipient) {
return id; return id;
} }
int pcp_import(vault_t *vault, FILE *in, char *passwd) { int pcp_import(vault_t *vault, FILE *in, char *passwd) {
byte *buf = ucmalloc(PCP_BLOCK_SIZE); byte *buf = ucmalloc(PCP_BLOCK_SIZE);
size_t bufsize; size_t bufsize;
@@ -569,7 +546,8 @@ int pcp_import (vault_t *vault, FILE *in, char *passwd) {
if (keysig == NULL) { if (keysig == NULL) {
fatals_ifany(ptx); fatals_ifany(ptx);
char *yes = pcp_getstdin("WARNING: signature doesn't verify, import anyway [yes|NO]?"); char *yes = pcp_getstdin(
"WARNING: signature doesn't verify, import anyway [yes|NO]?");
if (strncmp(yes, "yes", 1024) != 0) { if (strncmp(yes, "yes", 1024) != 0) {
free(yes); free(yes);
goto errimp2; goto errimp2;
@@ -582,8 +560,7 @@ int pcp_import (vault_t *vault, FILE *in, char *passwd) {
fprintf(stderr, "key 0x%s added to %s.\n", pub->id, vault->filename); fprintf(stderr, "key 0x%s added to %s.\n", pub->id, vault->filename);
/* avoid double free */ /* avoid double free */
success = 0; success = 0;
} } else
else
goto errimp2; goto errimp2;
if (keysig != NULL) { if (keysig != NULL) {
@@ -592,21 +569,19 @@ int pcp_import (vault_t *vault, FILE *in, char *passwd) {
goto errimp2; goto errimp2;
} }
} }
} } else
else
goto errimp2; goto errimp2;
} } else {
else {
/* it's not public key, so let's try to interpret it as secret key */ /* it's not public key, so let's try to interpret it as secret key */
if (ptx->verbose) if (ptx->verbose)
fatals_ifany(ptx); fatals_ifany(ptx);
if (passwd != NULL) { if (passwd != NULL) {
sk = pcp_import_secret(ptx, buf, bufsize, passwd); sk = pcp_import_secret(ptx, buf, bufsize, passwd);
} } else {
else {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase,
"Enter passphrase to decrypt the secret key file", NULL, 1, NULL); "Enter passphrase to decrypt the secret key file", NULL, 1,
NULL);
sk = pcp_import_secret(ptx, buf, bufsize, passphrase); sk = pcp_import_secret(ptx, buf, bufsize, passphrase);
sfree(passphrase); sfree(passphrase);
} }
@@ -620,29 +595,29 @@ int pcp_import (vault_t *vault, FILE *in, char *passwd) {
pcp_key_t *maybe = pcphash_keyexists(ptx, sk->id); pcp_key_t *maybe = pcphash_keyexists(ptx, sk->id);
if (maybe != NULL) { if (maybe != NULL) {
fatal(ptx, "Secretkey sanity check: there already exists a key with the id 0x%s\n", sk->id); fatal(ptx,
"Secretkey sanity check: there already exists a key with the id "
"0x%s\n",
sk->id);
goto errimp2; goto errimp2;
} }
/* store it */ /* store it */
if (passwd != NULL) { if (passwd != NULL) {
sk = pcpkey_encrypt(ptx, sk, passwd); sk = pcpkey_encrypt(ptx, sk, passwd);
} } else {
else {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase, "Enter passphrase for key encryption",
"Enter passphrase for key encryption",
"Enter the passphrase again", 1, NULL); "Enter the passphrase again", 1, NULL);
if (strnlen(passphrase, 1024) > 0) { if (strnlen(passphrase, 1024) > 0) {
/* encrypt the key */ /* encrypt the key */
sk = pcpkey_encrypt(ptx, sk, passphrase); sk = pcpkey_encrypt(ptx, sk, passphrase);
sfree(passphrase); sfree(passphrase);
} } else {
else {
/* ask for confirmation if we shall store it in the clear */ /* ask for confirmation if we shall store it in the clear */
char *yes = pcp_getstdin( char *yes = pcp_getstdin("WARNING: secret key will be stored "
"WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?"); "unencrypted. Are you sure [yes|NO]?");
if (strncmp(yes, "yes", 1024) != 0) { if (strncmp(yes, "yes", 1024) != 0) {
free(yes); free(yes);
goto errimp1; goto errimp1;
@@ -662,7 +637,6 @@ int pcp_import (vault_t *vault, FILE *in, char *passwd) {
} }
} }
errimp2: errimp2:
if (keysig != NULL) { if (keysig != NULL) {
ucfree(keysig->blob, keysig->size); ucfree(keysig->blob, keysig->size);

28
src/keymgmt.h
View File

@@ -19,28 +19,26 @@
You can contact me by mail: <tlinden AT cpan DOT org>. You can contact me by mail: <tlinden AT cpan DOT org>.
*/ */
#ifndef _HAVE_KEYMGMT_H #ifndef _HAVE_KEYMGMT_H
#define _HAVE_KEYMGMT_H #define _HAVE_KEYMGMT_H
#include <unistd.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <time.h> #include <time.h>
#include <unistd.h>
#include <wctype.h> #include <wctype.h>
#include "randomart.h"
#include "key.h"
#include "pcp.h"
#include "vault.h"
#include "defines.h"
#include "readpass.h"
#include "keyprint.h"
#include "keyhash.h"
#include "util.h"
#include "buffer.h" #include "buffer.h"
#include "mgmt.h"
#include "context.h" #include "context.h"
#include "defines.h"
#include "key.h"
#include "keyhash.h"
#include "keyprint.h"
#include "mgmt.h"
#include "randomart.h"
#include "readpass.h"
#include "util.h"
#include "vault.h"
#define _WITH_GETLINE #define _WITH_GETLINE
@@ -49,8 +47,10 @@ int pcp_storekey (pcp_key_t *key);
void pcp_keygen(char *passwd); void pcp_keygen(char *passwd);
void pcp_listkeys(); void pcp_listkeys();
void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *passwd); void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor,
void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int armor); char *passwd);
void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format,
int armor);
pcp_key_t *pcp_getrsk(pcp_key_t *s, char *recipient, char *passwd); pcp_key_t *pcp_getrsk(pcp_key_t *s, char *recipient, char *passwd);
char *pcp_normalize_id(char *keyid); char *pcp_normalize_id(char *keyid);

121
src/pcp.c
View File

@@ -19,10 +19,13 @@
You can contact me by mail: <tlinden AT cpan DOT org>. You can contact me by mail: <tlinden AT cpan DOT org>.
*/ */
#include "pcp.h" #include "pcp.h"
#include "defines.h" #include "defines.h"
vault_t *vault;
PCPCTX *ptx;
int debug;
void usage(int error) { void usage(int error) {
fprintf(stderr, PCP_HELP_INTRO); fprintf(stderr, PCP_HELP_INTRO);
if (error == 0) if (error == 0)
@@ -31,16 +34,15 @@ void usage(int error) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
void version() { void version() {
fprintf(stderr, "pcp version %d.%d.%d, use --help to learn how to use.\n", fprintf(stderr, "pcp version %d.%d.%d, use --help to learn how to use.\n",
PCP_VERSION_MAJOR, PCP_VERSION_MINOR, PCP_VERSION_PATCH); PCP_VERSION_MAJOR, PCP_VERSION_MINOR, PCP_VERSION_PATCH);
exit(0); exit(0);
} }
char *default_vault() { char *default_vault() {
char *path = ucmalloc(1024);; char *path = ucmalloc(1024);
;
snprintf(path, 1024, "%s/.pcpvault", getenv("HOME")); snprintf(path, 1024, "%s/.pcpvault", getenv("HOME"));
return path; return path;
} }
@@ -54,8 +56,8 @@ char *altin(char *infile, int stdinused) {
} }
int main(int argc, char **argv) { int main(int argc, char **argv) {
int opt, mode, usevault, useid, userec, lo, armor, detach, \ int opt, mode, usevault, useid, userec, lo, armor, detach, signcrypt,
signcrypt, exportformat, anon, xpf; exportformat, anon, xpf;
char *vaultfile = default_vault(); char *vaultfile = default_vault();
char *outfile = NULL; char *outfile = NULL;
char *infile = NULL; char *infile = NULL;
@@ -127,7 +129,8 @@ int main (int argc, char **argv) {
/* globals */ /* globals */
{"help", no_argument, NULL, 'h'}, {"help", no_argument, NULL, 'h'},
{ "version", no_argument, NULL, '0' }, /* no short opt, FIXME: how to avoid? */ {"version", no_argument, NULL,
'0'}, /* no short opt, FIXME: how to avoid? */
{"verbose", no_argument, NULL, 'v'}, {"verbose", no_argument, NULL, 'v'},
{"debug", no_argument, NULL, 'D'}, {"debug", no_argument, NULL, 'D'},
@@ -135,10 +138,10 @@ int main (int argc, char **argv) {
{"sign", no_argument, NULL, 'g'}, {"sign", no_argument, NULL, 'g'},
{"check-signature", no_argument, NULL, 'c'}, {"check-signature", no_argument, NULL, 'c'},
{"sigfile", required_argument, NULL, 'f'}, {"sigfile", required_argument, NULL, 'f'},
{ NULL, 0, NULL, 0 } {NULL, 0, NULL, 0}};
};
while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcmf:b1F:0KAMX:jC", while ((opt = getopt_long(argc, argv,
"klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcmf:b1F:0KAMX:jC",
longopts, NULL)) != -1) { longopts, NULL)) != -1) {
switch (opt) { switch (opt) {
@@ -209,12 +212,11 @@ int main (int argc, char **argv) {
case 'F': case 'F':
if (strncmp(optarg, "pbp", 3) == 0) { if (strncmp(optarg, "pbp", 3) == 0) {
exportformat = EXP_FORMAT_PBP; exportformat = EXP_FORMAT_PBP;
} } else if (strncmp(optarg, "pcp", 3) == 0) {
else if(strncmp(optarg, "pcp", 3) == 0) {
exportformat = EXP_FORMAT_NATIVE; exportformat = EXP_FORMAT_NATIVE;
} } else {
else { fprintf(stderr,
fprintf(stderr, "WARN: Unknown export format specified, using native\n"); "WARN: Unknown export format specified, using native\n");
exportformat = EXP_FORMAT_NATIVE; exportformat = EXP_FORMAT_NATIVE;
} }
break; break;
@@ -222,7 +224,8 @@ int main (int argc, char **argv) {
#ifdef HAVE_JSON #ifdef HAVE_JSON
ptx->json = 1; ptx->json = 1;
#else #else
fprintf(stderr, "WARN: -j set, but no JSON support compiled in. Recompile with --with-json\n"); fprintf(stderr, "WARN: -j set, but no JSON support compiled in. "
"Recompile with --with-json\n");
#endif #endif
break; break;
case 'g': case 'g':
@@ -305,11 +308,9 @@ int main (int argc, char **argv) {
/* turn -z|-Z into a mode if there's nothing else specified */ /* turn -z|-Z into a mode if there's nothing else specified */
if (armor == 1) { if (armor == 1) {
mode = PCP_MODE_ZENCODE; mode = PCP_MODE_ZENCODE;
} } else if (armor == 2) {
else if(armor == 2) {
mode = PCP_MODE_ZDECODE; mode = PCP_MODE_ZDECODE;
} } else {
else {
version(); version();
return 1; return 1;
} }
@@ -324,14 +325,14 @@ int main (int argc, char **argv) {
signcrypt = 1; signcrypt = 1;
} }
#ifndef DEBUG #ifndef DEBUG
#ifdef HAVE_SETRLIMIT #ifdef HAVE_SETRLIMIT
setrlimit(RLIMIT_CORE, &(struct rlimit){0, 0}); setrlimit(RLIMIT_CORE, &(struct rlimit){0, 0});
#endif #endif
#endif #endif
errno = 0; /* FIXME: workaround for https://github.com/jedisct1/libsodium/issues/114 */ errno = 0; /* FIXME: workaround for
https://github.com/jedisct1/libsodium/issues/114 */
if (mode == PCP_MODE_ENCRYPT && useid == 0 && userec == 0) { if (mode == PCP_MODE_ENCRYPT && useid == 0 && userec == 0) {
usevault = 0; usevault = 0;
@@ -358,8 +359,7 @@ int main (int argc, char **argv) {
if (infile == NULL) { if (infile == NULL) {
infile = extra; infile = extra;
useex = 1; useex = 1;
} } else if (userec == 0 && useid == 0) {
else if(userec == 0 && useid == 0) {
userec = 1; userec = 1;
int i; int i;
for (i = 0; i < argc; i++) { for (i = 0; i < argc; i++) {
@@ -380,8 +380,7 @@ int main (int argc, char **argv) {
if (outfile == NULL) { if (outfile == NULL) {
outfile = extra; outfile = extra;
useex = 1; useex = 1;
} } else if (useid == 0 && userec == 0) {
else if(useid == 0 && userec == 0) {
p_add(&recipient, extra); p_add(&recipient, extra);
useex = 1; useex = 1;
userec = 1; userec = 1;
@@ -392,8 +391,7 @@ int main (int argc, char **argv) {
if (infile == NULL) { if (infile == NULL) {
infile = extra; infile = extra;
useex = 1; useex = 1;
} } else if (useid == 0) {
else if (useid == 0) {
id = extra; id = extra;
useid = 1; useid = 1;
useex = 1; useex = 1;
@@ -404,8 +402,7 @@ int main (int argc, char **argv) {
if (infile == NULL) { if (infile == NULL) {
infile = extra; infile = extra;
useex = 1; useex = 1;
} } else if (outfile == NULL && detach == 0) {
else if(outfile == NULL && detach == 0) {
outfile = extra; outfile = extra;
useex = 1; useex = 1;
} }
@@ -469,8 +466,7 @@ int main (int argc, char **argv) {
if (id != NULL) { if (id != NULL) {
pcp_exportsecret(id, useid, outfile, armor, xpass); pcp_exportsecret(id, useid, outfile, armor, xpass);
} }
} } else {
else {
pcp_exportsecret(NULL, useid, outfile, armor, xpass); pcp_exportsecret(NULL, useid, outfile, armor, xpass);
} }
break; break;
@@ -488,8 +484,7 @@ int main (int argc, char **argv) {
if (infile == NULL) { if (infile == NULL) {
altin(NULL, xpf); altin(NULL, xpf);
in = stdin; in = stdin;
} } else {
else {
if ((in = fopen(infile, "rb")) == NULL) { if ((in = fopen(infile, "rb")) == NULL) {
fatal(ptx, "Could not open input file %s\n", infile); fatal(ptx, "Could not open input file %s\n", infile);
break; break;
@@ -504,8 +499,7 @@ int main (int argc, char **argv) {
if (id != NULL) { if (id != NULL) {
pcpdelete_key(id); pcpdelete_key(id);
} }
} } else {
else {
fatal(ptx, "You need to specify a key id (--keyid)!\n"); fatal(ptx, "You need to specify a key id (--keyid)!\n");
} }
break; break;
@@ -516,8 +510,7 @@ int main (int argc, char **argv) {
if (id != NULL) { if (id != NULL) {
pcpedit_key(id); pcpedit_key(id);
} }
} } else {
else {
fatal(ptx, "You need to specify a key id (--keyid)!\n"); fatal(ptx, "You need to specify a key id (--keyid)!\n");
} }
break; break;
@@ -526,15 +519,16 @@ int main (int argc, char **argv) {
if (useid == 1 && userec == 0) { if (useid == 1 && userec == 0) {
/* one dst, FIXME: make id a list as well */ /* one dst, FIXME: make id a list as well */
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
pcpencrypt(id, altin(infile, xpf), outfile, xpass, NULL, signcrypt, armor, anon); pcpencrypt(id, altin(infile, xpf), outfile, xpass, NULL, signcrypt,
} armor, anon);
else if(useid == 0 && userec == 1) { } else if (useid == 0 && userec == 1) {
/* multiple dst */ /* multiple dst */
pcpencrypt(NULL, altin(infile, xpf), outfile, xpass, recipient, signcrypt, armor, anon); pcpencrypt(NULL, altin(infile, xpf), outfile, xpass, recipient,
} signcrypt, armor, anon);
else { } else {
/* -i and -r specified */ /* -i and -r specified */
fatal(ptx, "You can't specify both -i and -r, use either -i or -r!\n"); fatal(ptx,
"You can't specify both -i and -r, use either -i or -r!\n");
} }
break; break;
@@ -543,22 +537,23 @@ int main (int argc, char **argv) {
if (useid) { if (useid) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if (id != NULL) { if (id != NULL) {
pcpdecrypt(id, useid, altin(infile, xpf), outfile, xpass, signcrypt); pcpdecrypt(id, useid, altin(infile, xpf), outfile, xpass,
signcrypt);
} }
} } else {
else { pcpdecrypt(NULL, useid, altin(infile, xpf), outfile, xpass,
pcpdecrypt(NULL, useid, altin(infile, xpf), outfile, xpass, signcrypt); signcrypt);
} }
break; break;
case PCP_MODE_SIGN: case PCP_MODE_SIGN:
if (detach) { if (detach) {
if (outfile != NULL && sigfile != NULL) if (outfile != NULL && sigfile != NULL)
fatal(ptx, "You can't both specify -O and -f, use -O for std signatures and -f for detached ones\n"); fatal(ptx, "You can't both specify -O and -f, use -O for std "
"signatures and -f for detached ones\n");
else else
pcpsign(altin(infile, xpf), sigfile, xpass, armor, detach); pcpsign(altin(infile, xpf), sigfile, xpass, armor, detach);
} } else
else
pcpsign(altin(infile, xpf), outfile, xpass, armor, detach); pcpsign(altin(infile, xpf), outfile, xpass, armor, detach);
break; break;
@@ -568,8 +563,7 @@ int main (int argc, char **argv) {
if (id != NULL) { if (id != NULL) {
pcpverify(altin(infile, xpf), sigfile, id, detach); pcpverify(altin(infile, xpf), sigfile, id, detach);
} }
} } else {
else {
pcpverify(altin(infile, xpf), sigfile, NULL, detach); pcpverify(altin(infile, xpf), sigfile, NULL, detach);
} }
break; break;
@@ -581,8 +575,7 @@ int main (int argc, char **argv) {
} }
pcpvault_close(ptx, vault); pcpvault_close(ptx, vault);
} }
} } else {
else {
ELSEMODE: ELSEMODE:
switch (mode) { switch (mode) {
case PCP_MODE_ZENCODE: case PCP_MODE_ZENCODE:
@@ -600,13 +593,11 @@ int main (int argc, char **argv) {
case PCP_MODE_TEXT: case PCP_MODE_TEXT:
if (infile != NULL) { if (infile != NULL) {
pcptext_infile(infile); pcptext_infile(infile);
} } else {
else {
vault = pcpvault_init(ptx, vaultfile); vault = pcpvault_init(ptx, vaultfile);
if (!useid && infile == NULL) { if (!useid && infile == NULL) {
pcptext_vault(vault); pcptext_vault(vault);
} } else {
else {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if (id != NULL) { if (id != NULL) {
pcptext_key(id); pcptext_key(id);
@@ -621,12 +612,10 @@ int main (int argc, char **argv) {
char *list[1]; char *list[1];
list[0] = NULL; list[0] = NULL;
pcpchecksum(list, 1, xpass); pcpchecksum(list, 1, xpass);
} } else {
else {
pcpchecksum(argv, argc, xpass); pcpchecksum(argv, argc, xpass);
} }
} } else {
else {
char *list[1]; char *list[1];
list[0] = infile; list[0] = infile;
pcpchecksum(list, 1, xpass); pcpchecksum(list, 1, xpass);
@@ -635,7 +624,9 @@ int main (int argc, char **argv) {
default: default:
/* mode params mixed */ /* mode params mixed */
fatal(ptx, "Sorry, invalid combination of commandline parameters (0x%04X)!\n", mode); fatal(ptx,
"Sorry, invalid combination of commandline parameters (0x%04X)!\n",
mode);
break; break;
} }
} }

39
src/pcp.h
View File

@@ -19,42 +19,42 @@
You can contact me by mail: <tlinden AT cpan DOT org>. You can contact me by mail: <tlinden AT cpan DOT org>.
*/ */
#ifndef _HAVE_PCP_H #ifndef _HAVE_PCP_H
#define _HAVE_PCP_H #define _HAVE_PCP_H
#include <unistd.h> #include <compat_getopt.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <compat_getopt.h> #include <unistd.h>
#ifndef DEBUG #ifndef DEBUG
#ifdef HAVE_SETRLIMIT #ifdef HAVE_SETRLIMIT
# include <sys/types.h>
# include <sys/time.h>
#include <sys/resource.h> #include <sys/resource.h>
#include <sys/time.h>
#include <sys/types.h>
#endif #endif
#endif #endif
/* lib */ /* lib */
#include "mem.h"
#include "z85.h"
#include "zmq_z85.h"
#include "z85util.h"
#include "version.h"
#include "vault.h"
#include "context.h" #include "context.h"
#include "mem.h"
#include "vault.h"
#include "version.h"
#include "z85.h"
#include "z85util.h"
#include "zmq_z85.h"
/* subs */ /* subs */
#include "keymgmt.h"
#include "usage.h"
#include "encryption.h" #include "encryption.h"
#include "signature.h"
#include "keyhash.h" #include "keyhash.h"
#include "keymgmt.h"
#include "plist.h" #include "plist.h"
#include "signature.h"
#include "usage.h"
/* operation modi */ /* operation modi */
/* perl -e '$x=0; while ($x<100000) { $x++; $x *= 1.7; printf "0x%08X: %d\n", $x, $x }' */ /* perl -e '$x=0; while ($x<100000) { $x++; $x *= 1.7; printf "0x%08X: %d\n",
* $x, $x }' */
#define PCP_MODE_KEYGEN 0x00000001 #define PCP_MODE_KEYGEN 0x00000001
#define PCP_MODE_LISTKEYS 0x00000004 #define PCP_MODE_LISTKEYS 0x00000004
#define PCP_MODE_EXPORT_SECRET 0x00000009 #define PCP_MODE_EXPORT_SECRET 0x00000009
@@ -82,15 +82,16 @@
0x00028F70 0x00028F70
*/ */
#define PCP_HELP_INTRO "This is Pretty Curved Privacy. Licensed under the GPLv3. This is\n" \ #define PCP_HELP_INTRO \
"This is Pretty Curved Privacy. Licensed under the GPLv3. This is\n" \
"BETA software. Use with care. NOT intended for production use.\n" "BETA software. Use with care. NOT intended for production use.\n"
#define LONG_EXTPASS 515 #define LONG_EXTPASS 515
/* some globals */ /* some globals */
vault_t *vault; extern vault_t *vault;
PCPCTX *ptx; extern PCPCTX *ptx;
int debug; extern int debug;
void version(); void version();
void usage(); void usage();

9
src/z85util.c
View File

@@ -19,7 +19,6 @@
You can contact me by mail: <tlinden AT cpan DOT org>. You can contact me by mail: <tlinden AT cpan DOT org>.
*/ */
#include "z85util.h" #include "z85util.h"
int pcpz85_encode(char *infile, char *outfile) { int pcpz85_encode(char *infile, char *outfile) {
@@ -84,9 +83,6 @@ int pcpz85_encode(char *infile, char *outfile) {
return 1; return 1;
} }
int pcpz85_decode(char *infile, char *outfile) { int pcpz85_decode(char *infile, char *outfile) {
FILE *in; FILE *in;
FILE *out; FILE *out;
@@ -117,14 +113,11 @@ int pcpz85_decode(char *infile, char *outfile) {
size_t clen; size_t clen;
byte *decoded = pcp_z85_decode(ptx, encoded, &clen); byte *decoded = pcp_z85_decode(ptx, encoded, &clen);
if (decoded == NULL) if (decoded == NULL)
goto errdz2; goto errdz2;
fwrite(decoded, clen, 1, out); fwrite(decoded, clen, 1, out);
fclose(out); if (fclose(out) != 0) {
if(ferror(out) != 0) {
fatal(ptx, "Failed to write decoded output!\n"); fatal(ptx, "Failed to write decoded output!\n");
goto errdz3; goto errdz3;
} }

13
tests/iotests.cfg
View File

@@ -20,17 +20,20 @@
# You can contact me by mail: <tlinden AT cpan DOT org>. # You can contact me by mail: <tlinden AT cpan DOT org>.
# #
pcp=../src/pcp1 pcp=../pcp
vault=v1 vault=v1
passwd=xxx passwd=xxx
md5msg=66b8c4ca9e5d2a7e3c0559c3cdea3d50 md5msg=66b8c4ca9e5d2a7e3c0559c3cdea3d50
os=$(uname)
. ./keys.cfg . ./keys.cfg
check_dependencies_shell () { check_dependencies_shell () {
if test "$os" = "FreeBSD"; then
cmd="which mdmfs" cmd="which mdmfs"
expect="/mdmfs/" expect="/mdmfs/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
fi
} }
check_dependencies_pcp () { check_dependencies_pcp () {
@@ -39,10 +42,16 @@ check_dependencies_pcp () {
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
# this one only works on freebsd for my user. sorrry # this one only works on freebsd for my user. sorry
check_vault_disk_full () { check_vault_disk_full () {
if test "$os" = "FreeBSD"; then
sudo mdmfs -s 1M -w 1001:1001 md env && dd if=/dev/zero of=env/b bs=1024 count=700 sudo mdmfs -s 1M -w 1001:1001 md env && dd if=/dev/zero of=env/b bs=1024 count=700
cmd="./jot 100 | while read N; do if ! (echo a; echo b) | $pcp -V env/v1 -k -x x; then break; fi; done" cmd="./jot 100 | while read N; do if ! (echo a; echo b) | $pcp -V env/v1 -k -x x; then break; fi; done"
expect="/Failed to copy/" expect="/Failed to copy/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
fi
}
prepare() {
:
} }

2
tests/jsonunittests.cfg
View File

@@ -20,7 +20,7 @@
# You can contact me by mail: <tlinden AT cpan DOT org>. # You can contact me by mail: <tlinden AT cpan DOT org>.
# #
pcp=../src/pcp1 pcp=../pcp
passwd=xxx passwd=xxx
verbose=1 verbose=1

2
tests/md5
View File

@@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
file=$1 file=$1
../src/pcp1 -C $file | awk '{print $4}' ../pcp -C $file | awk '{print $4}'

54
tests/meson.build Normal file
View File

@@ -0,0 +1,54 @@
# -*-python-*-
# genheader statictest buffertest sample pipetest decodertest
fs = import('fs')
binaries = [
'gencheader',
'statictest',
'buffertest',
'sample',
'pipetest',
'decodertest',
'mangle',
'invalidkeys',
'pwhashes',
'streamtest',
]
configs = [
'cppunittests.cfg',
'iotests.cfg',
'jsonunittests.cfg',
'keys.cfg',
'pyunittests.cfg',
'stresstests.cfg',
'unittests.cfg',
'md5',
'jot',
'bart.pub',
'key-alicia-pub',
'key-alicia-sec',
'key-bobby-pub',
'key-bobby-sec'
]
foreach binary: binaries
executable(
binary,
binary + '.c',
include_directories: [pcp_inc],
dependencies: [libpcp_dep, pcp_deps],
)
endforeach
foreach config: configs
cp = fs.copyfile(config)
endforeach
unittest = find_program('unittests.sh', '.')
test('C tests', unittest, args : ['unittests.cfg'])
test('IO tests', unittest, args : ['iotests.cfg'])
test('JSON tests', unittest, args : ['jsonunittests.cfg'])

19
tests/pwhashes.c
View File

@@ -1,13 +1,13 @@
#include <unistd.h> #include <limits.h>
#include <sodium.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <sodium.h> #include <unistd.h>
#include <limits.h>
#include "mem.h"
#include "defines.h" #include "defines.h"
#include "keyprint.h"
#include "key.h" #include "key.h"
#include "keyprint.h"
#include "mem.h"
struct _pw_t { struct _pw_t {
char hash[65]; char hash[65];
@@ -24,13 +24,15 @@ int main() {
pw *list = NULL; pw *list = NULL;
pw *have = NULL; pw *have = NULL;
unsigned char nonce[32] = {1}; unsigned char nonce[32] = {1};
PCPCTX *ptx = ptx_new();
if(sodium_init() == -1) return 1; if (sodium_init() == -1)
return 1;
for (i = 97; i < 126; ++i) { for (i = 97; i < 126; ++i) {
pass[0] = i; pass[0] = i;
pass[1] = 0; pass[1] = 0;
h = pcp_derivekey(pass, nonce); h = pcp_derivekey(ptx, pass, nonce);
p = 0; p = 0;
for (t = 0; t < 32; ++t) { for (t = 0; t < 32; ++t) {
@@ -44,8 +46,7 @@ int main() {
item = ucmalloc(sizeof(pw)); item = ucmalloc(sizeof(pw));
memcpy(item->hash, tmp, 65); memcpy(item->hash, tmp, 65);
HASH_ADD_STR(list, hash, item); HASH_ADD_STR(list, hash, item);
} } else {
else {
fprintf(stderr, "Error: collision found: %s!\n", have->hash); fprintf(stderr, "Error: collision found: %s!\n", have->hash);
return 1; return 1;
} }

40
tests/unittests.cfg
View File

@@ -20,7 +20,7 @@
# You can contact me by mail: <tlinden AT cpan DOT org>. # You can contact me by mail: <tlinden AT cpan DOT org>.
# #
pcp=../src/pcp1 pcp=../pcp
vault=v1 vault=v1
passwd=ech9xeiT%CuxuH1ch-is2ies1R passwd=ech9xeiT%CuxuH1ch-is2ies1R
md5msg=66b8c4ca9e5d2a7e3c0559c3cdea3d50 md5msg=66b8c4ca9e5d2a7e3c0559c3cdea3d50
@@ -40,29 +40,29 @@ check_dependencies_pcp () {
} }
check_streams_8 () { check_streams_8 () {
md5=`./md5 ../COPYING` md5=`./md5 ../../COPYING`
cmd="./pipetest 8 e < ../COPYING | ./pipetest 8 d | ./md5" cmd="./pipetest 8 e < ../../COPYING | ./pipetest 8 d | ./md5"
expect="/$md5/" expect="/$md5/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_streams_16 () { check_streams_16 () {
md5=`./md5 ../COPYING` md5=`./md5 ../../COPYING`
cmd="./pipetest 16 e < ../COPYING | ./pipetest 16 d | ./md5" cmd="./pipetest 16 e < ../../COPYING | ./pipetest 16 d | ./md5"
expect="/$md5/" expect="/$md5/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_streams_32 () { check_streams_32 () {
md5=`./md5 ../COPYING` md5=`./md5 ../../COPYING`
cmd="./pipetest 32 e < ../COPYING | ./pipetest 32 d | ./md5" cmd="./pipetest 32 e < ../../COPYING | ./pipetest 32 d | ./md5"
expect="/$md5/" expect="/$md5/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_streams_64 () { check_streams_64 () {
md5=`./md5 ../COPYING` md5=`./md5 ../../COPYING`
cmd="./pipetest 64 e < ../COPYING | ./pipetest 64 d | ./md5" cmd="./pipetest 64 e < ../../COPYING | ./pipetest 64 d | ./md5"
expect="/$md5/" expect="/$md5/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
@@ -284,27 +284,27 @@ check_sym_decrypt () {
# #
# signature tests # signature tests
check_sign_detached_to_bobby () { check_sign_detached_to_bobby () {
cmd="$pcp -V va -g -I README -f testsig -x a" cmd="$pcp -V va -g -I ../../COPYING -f testsig -x a"
expectfile="testsig" expectfile="testsig"
expect="" expect=""
check "$cmd" "$expect" "$input" "$expectfile" check "$cmd" "$expect" "$input" "$expectfile"
} }
check_verify_detached_signature () { check_verify_detached_signature () {
cmd="$pcp -V vb -c -f testsig -I README -i $idalicia" cmd="$pcp -V vb -c -f testsig -I ../../COPYING -i $idalicia"
expect="/verified/" expect="/verified/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_verify_detached_signature_self () { check_verify_detached_signature_self () {
cmd="$pcp -V va -c -f testsig -I README" cmd="$pcp -V va -c -f testsig -I ../../COPYING"
expect="/verified/" expect="/verified/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_sign_armored_to_bobby () { check_sign_armored_to_bobby () {
rm -f testsig rm -f testsig
cmd="$pcp -V va -g -I README -O testsig -x a -z" cmd="$pcp -V va -g -I ../../COPYING -O testsig -x a -z"
expectfile="testsig" expectfile="testsig"
expect="" expect=""
check "$cmd" "$expect" "$input" "$expectfile" check "$cmd" "$expect" "$input" "$expectfile"
@@ -324,7 +324,7 @@ check_verify_armored_signature_self () {
check_sign_bin_to_bobby () { check_sign_bin_to_bobby () {
rm -f testsig rm -f testsig
cmd="$pcp -V va -g -I README -O testsig -x a" cmd="$pcp -V va -g -I ../../COPYING -O testsig -x a"
expectfile="testsig" expectfile="testsig"
expect="" expect=""
check "$cmd" "$expect" "$input" "$expectfile" check "$cmd" "$expect" "$input" "$expectfile"
@@ -345,7 +345,7 @@ check_verify_bin_signature_self () {
# #
# sign+encrypt tests # sign+encrypt tests
check_sign_crypt_to_bobby () { check_sign_crypt_to_bobby () {
cmd="$pcp -V va -g -e -I README -O testsig -r Bobby -x a" cmd="$pcp -V va -g -e -I ../../COPYING -O testsig -r Bobby -x a"
expect="/Encrypted/" expect="/Encrypted/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
@@ -572,26 +572,26 @@ check_fuzz_binary_seckey () {
# checksum tests # checksum tests
check_checksum_copying () { check_checksum_copying () {
cmd="$pcp -C ../COPYING" cmd="$pcp -C ../../COPYING"
expect="/$blake2/" expect="/$blake2/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_checksum_authenticated_copying () { check_checksum_authenticated_copying () {
cmd="$pcp -x $key -C ../COPYING" cmd="$pcp -x $key -C ../../COPYING"
expect="/$blake2auth/" expect="/$blake2auth/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_checksum_copying_stdin () { check_checksum_copying_stdin () {
cmd="$pcp -C < ../COPYING" cmd="$pcp -C < ../../COPYING"
expect="/$blake2/" expect="/$blake2/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_checksum_multiple () { check_checksum_multiple () {
cmd="$pcp -C ../COPYING ../README" cmd="$pcp -C ../../COPYING ../../../COPYING"
expect="/README/" expect="/../../COPYING/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }

12
tests/unittests.sh
View File

@@ -106,13 +106,23 @@ callcheck () {
cfg="$1" cfg="$1"
check="$2" check="$2"
pwd=$(pwd)
base=$(basename "$pwd")
if test "$base" != "test"; then
cd tests
fi
echo "PWD: $(pwd)"
if test -z "$cfg"; then if test -z "$cfg"; then
echo "Usage: $0 <config> [check]" echo "Usage: $0 <config> [check]"
exit 1 exit 1
fi fi
if ! test -e "$cfg"; then if ! test -e "$cfg"; then
echo "$cfg doesn't exist!" echo "$cfg doesn't exist ($(pwd))!"
exit 1 exit 1
fi fi