changed internal key format again, now we've got a master-key-signing keypair as well, used for exports. also, fixed a security hole in pcp_keynew(): the actual key material, unencrypted, have been stored on heap and not zeroed after exit.

2025-12-19 12:40:58 +01:00 · 2014-02-10 11:34:05 +01:00
parent b5e8e0de03
commit a3468a45cf
5 changed files with 76 additions and 36 deletions
--- a/include/pcp/key.h
+++ b/include/pcp/key.h
@@ -75,12 +75,14 @@

 */
 struct _pcp_key_t {
+  byte masterpub[32];
+  byte mastersecret[64];
  byte pub[32];
  byte secret[32];
  byte edpub[32];
  byte edsecret[64];
  byte nonce[24];
-  byte encrypted[112]; /*  both ed+curve encrypted */
+  byte encrypted[176]; /*  both sign+ed+curve encrypted */
  char owner[255];
  char mail[255];
  char id[17];
@@ -92,6 +94,7 @@ struct _pcp_key_t {
 };

 struct _pcp_pubkey_t {
+  byte sigpub[32];
  byte pub[32];
  byte edpub[32];
  char owner[255];
@@ -101,6 +104,8 @@ struct _pcp_pubkey_t {
  uint64_t ctime;
  uint32_t version;
  uint32_t serial;
+  uint8_t valid;
+  byte signature[crypto_generichash_BYTES_MAX + crypto_sign_BYTES];
  UT_hash_handle hh;
 };

@@ -146,8 +151,7 @@ typedef struct _pcp_rec_t pcp_rec_t;
 void pcp_cleanhashes();
 pcp_key_t *pcpkey_new ();

-void pcp_keypairs(byte *csk, byte *cpk, byte *esk, byte *epk);
-void pcp_ed_keypairs(byte *csk, byte *esk);
+void pcp_keypairs(byte *msk, byte *mpk, byte *csk, byte *cpk, byte *esk, byte *epk);

 char *pcppubkey_get_art(pcp_pubkey_t *k);
 char *pcpkey_get_art(pcp_key_t *k);