changed internal key format again, now we've got a master-key-signing keypair as well, used for exports. also, fixed a security hole in pcp_keynew(): the actual key material, unencrypted, have been stored on heap and not zeroed after exit.

2025-12-17 03:50:57 +01:00 · 2014-02-10 11:34:05 +01:00
parent b5e8e0de03
commit a3468a45cf
5 changed files with 76 additions and 36 deletions
--- a/include/pcp/defines.h
+++ b/include/pcp/defines.h
@@ -49,7 +49,7 @@ typedef unsigned int    qbyte;          /*   Quad byte = 32 bits */

 #define PCP_ME "Pretty Curved Privacy"

-#define PCP_KEY_VERSION 5
+#define PCP_KEY_VERSION 6
 #define PCP_KEY_PRIMITIVE "CURVE25519-ED25519-SALSA20-POLY1305"

 #define PCP_KEY_TYPE_MAINSECRET 1
@@ -57,7 +57,7 @@ typedef unsigned int    qbyte;          /*   Quad byte = 32 bits */
 #define PCP_KEY_TYPE_PUBLIC     3

 /*  save typing, dammit */
-#define PCP_ENCRYPT_PAD crypto_secretbox_ZEROBYTES + crypto_secretbox_NONCEBYTES
+#define PCP_ENCRYPT_MAC crypto_secretbox_ZEROBYTES + crypto_secretbox_NONCEBYTES

 /*  vault id */
 #define PCP_VAULT_ID 14
--- a/include/pcp/ed.h
+++ b/include/pcp/ed.h
@@ -43,6 +43,9 @@
   returns NULL otherwise */
 unsigned char *pcp_ed_sign(unsigned char *message, size_t messagesize, pcp_key_t *s);

+/* the same, but use the mastersecret instead, usually for keysigning */
+unsigned char *pcp_ed_sign_key(unsigned char *message, size_t messagesize, pcp_key_t *s);
+
 /* verify a signature of siglen size using p->edpub, if the signature verifies
   return the raw message with the signature removed (size: siglen - crypto_sign_BYTES),
   returns NULL otherwise */
--- a/include/pcp/key.h
+++ b/include/pcp/key.h
@@ -75,12 +75,14 @@

 */
 struct _pcp_key_t {
+  byte masterpub[32];
+  byte mastersecret[64];
  byte pub[32];
  byte secret[32];
  byte edpub[32];
  byte edsecret[64];
  byte nonce[24];
-  byte encrypted[112]; /*  both ed+curve encrypted */
+  byte encrypted[176]; /*  both sign+ed+curve encrypted */
  char owner[255];
  char mail[255];
  char id[17];
@@ -92,6 +94,7 @@ struct _pcp_key_t {
 };

 struct _pcp_pubkey_t {
+  byte sigpub[32];
  byte pub[32];
  byte edpub[32];
  char owner[255];
@@ -101,6 +104,8 @@ struct _pcp_pubkey_t {
  uint64_t ctime;
  uint32_t version;
  uint32_t serial;
+  uint8_t valid;
+  byte signature[crypto_generichash_BYTES_MAX + crypto_sign_BYTES];
  UT_hash_handle hh;
 };

@@ -146,8 +151,7 @@ typedef struct _pcp_rec_t pcp_rec_t;
 void pcp_cleanhashes();
 pcp_key_t *pcpkey_new ();

-void pcp_keypairs(byte *csk, byte *cpk, byte *esk, byte *epk);
-void pcp_ed_keypairs(byte *csk, byte *esk);
+void pcp_keypairs(byte *msk, byte *mpk, byte *csk, byte *cpk, byte *esk, byte *epk);

 char *pcppubkey_get_art(pcp_pubkey_t *k);
 char *pcpkey_get_art(pcp_key_t *k);