scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 20:00:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

added pcptext_infile(), used with pcp1 -t -I $file, which determines filetype

Browse Source 
by content. minor debugging changes.
This commit is contained in:
git@daemon.de
2013-11-12 16:58:59 +01:00
parent 91c9a12641
commit a76ff60d7a
8 changed files with 216 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
ChangeLog
View File

@@ -1,3 +1,36 @@
0.1.5 Fixed a segmentation fault when using pcp1 -t on a
public key. I added a double free() there by purpose
to test segfault catching I added in unittest.pl
and forgot to remove it. The good news is, that
I found the double free() immediately thanks to the
segfault catching of unittest.pl :)
Fixed use of unencrypted secret keys, added proper
unittests for this case. Note: a secret key will
be stored unencrypted if the user doesn't enter
a password when asked. In addition to the fix I
added a question if the user is sure about what
he does.
Moved config.h to include/pcp/ so it will be
installed as well. Removed the conditional include
of config.h in platform.h, that was stupid.
Added generation of a pkg-config configuration
in libpcp/libpcp1.pc.in.
Added -O support to -k. So now you can generate
a new secret key and export it directly into a
file. In this case the key will not be stored to
the vault.
The -t option now accepts an inputfile (-I) and
determines what kind of file that might be and
if it finds out, prints some info about it to
stdout. Useful if you've got a z85 encoded file
without headers and comments and don't know what
it is.
0.1.4 Changed key format (again), now the main secret 0.1.4 Changed key format (again), now the main secret
is the ED25519 secret key, which will be encrypted. is the ED25519 secret key, which will be encrypted.
Everything else will be derived from that. Thanks Everything else will be derived from that. Thanks

4
src/encryption.c
View File

@@ -255,9 +255,9 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, char *recipi
if(debug) { if(debug) {
fprintf(stderr, "Using secret key:\n"); fprintf(stderr, "Using secret key:\n");
pcpkey_printshortinfo(secret); pcp_dumpkey(secret);
fprintf(stderr, "Using publickey:\n"); fprintf(stderr, "Using publickey:\n");
pcppubkey_printshortinfo(public); pcp_dumppubkey(public);
} }
unsigned char *input = NULL; unsigned char *input = NULL;

24
src/keymgmt.c
View File

@@ -64,9 +64,9 @@ int pcp_storekey (pcp_key_t *key) {
void pcp_keygen(char *passwd) { void pcp_keygen(char *passwd, char *outfile) {
pcp_key_t *k = pcpkey_new (); pcp_key_t *k = pcpkey_new ();
pcp_key_t *key; pcp_key_t *key = NULL;
char *owner = pcp_getstdin("Enter the name of the key owner"); char *owner = pcp_getstdin("Enter the name of the key owner");
memcpy(k->owner, owner, strlen(owner) + 1); memcpy(k->owner, owner, strlen(owner) + 1);
@@ -102,9 +102,18 @@ void pcp_keygen(char *passwd) {
} }
if(key != NULL) { if(key != NULL) {
if(pcp_storekey(key) == 0) {
fprintf(stderr, "Generated new secret key:\n"); fprintf(stderr, "Generated new secret key:\n");
if(outfile != NULL) {
pcp_exportsecretkey(key, outfile);
pcpkey_printshortinfo(key); pcpkey_printshortinfo(key);
fprintf(stderr, "key stored to file %s, vault unaltered\n", outfile);
memset(key, 0, sizeof(pcp_key_t));
free(key);
}
else {
if(pcp_storekey(key) == 0) {
pcpkey_printshortinfo(key);
}
} }
} }
@@ -216,6 +225,11 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile) {
} }
if(key != NULL) { if(key != NULL) {
pcp_exportsecretkey(key, outfile);
}
}
void pcp_exportsecretkey(pcp_key_t *key, char *outfile) {
FILE *out; FILE *out;
if(outfile == NULL) { if(outfile == NULL) {
out = stdout; out = stdout;
@@ -233,11 +247,7 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile) {
else else
pcpkey_print(key, out); pcpkey_print(key, out);
} }
free(key);
} }
}
pcp_key_t *pcp_getrsk(pcp_key_t *s, char *recipient, char *passwd) { pcp_key_t *pcp_getrsk(pcp_key_t *s, char *recipient, char *passwd) {
if(recipient != NULL) { if(recipient != NULL) {

1
src/keymgmt.h
View File

@@ -45,6 +45,7 @@ int pcp_storekey (pcp_key_t *key);
void pcp_keygen(); void pcp_keygen();
void pcp_listkeys(); void pcp_listkeys();
void pcp_exportsecret(char *keyid, int useid, char *outfile); void pcp_exportsecret(char *keyid, int useid, char *outfile);
void pcp_exportsecretkey(pcp_key_t *key, char *outfile);
pcp_key_t *pcp_getrsk(pcp_key_t *s, char *recipient, char *passwd); pcp_key_t *pcp_getrsk(pcp_key_t *s, char *recipient, char *passwd);
void pcp_exportpublic(char *keyid, char *recipient, char *passwd, char *outfile); void pcp_exportpublic(char *keyid, char *recipient, char *passwd, char *outfile);
char *pcp_normalize_id(char *keyid); char *pcp_normalize_id(char *keyid);

116
src/keyprint.c
View File

@@ -23,6 +23,122 @@
#include "keyprint.h" #include "keyprint.h"
int pcptext_infile(char *infile) {
FILE *in;
int insize;
if((in = fopen(infile, "rb")) == NULL) {
fatal("Could not open input file %s\n", infile);
goto errtinf1;
}
fseek(in, 0, SEEK_END);
insize = ftell(in);
fseek(in, 0, SEEK_SET);
if(insize == 40) {
fprintf(stdout, "%s seems to be an empty vault file\n", infile);
goto tdone;
}
// maybe a vault?
vault_t *v = pcpvault_init(infile);
if(v != NULL) {
fprintf(stdout, "%s is a vault file\n", infile);
pcptext_vault(v);
goto tdone;
}
// try z85ing it
char *z85 = pcp_readz85file(in);
if(z85 == NULL) {
fprintf(stdout, "Can't handle %s - unknown file type.\n", infile);
goto errtinf1;
}
size_t clen;
unsigned char *bin = pcp_z85_decode((char *)z85, &clen);
free(z85);
if(bin == NULL) {
fprintf(stdout, "%s isn't properly Z85 encoded - unknown file type.\n", infile);
goto errtinf1;
}
if(clen == sizeof(pcp_key_t)) {
// secret key?
pcp_key_t *key = (pcp_key_t *)bin;
key2native(key);
if(pcp_sanitycheck_key(key) == 0) {
fprintf(stdout, "%s is a secret key file:\n", infile);
pcpkey_print(key, stdout);
free(key);
goto tdone;
}
else {
fprintf(stdout, "%s looks like a secret key but failed sanity checking.\n", infile);
free(key);
goto errtinf1;
}
}
if(clen == sizeof(pcp_pubkey_t)) {
// public key?
pcp_pubkey_t *key = (pcp_pubkey_t *)bin;
pubkey2native(key);
if(pcp_sanitycheck_pub(key) == 0) {
fprintf(stdout, "%s is a public key file:\n", infile);
pcppubkey_print(key, stdout);
free(key);
goto tdone;
}
else {
fprintf(stdout, "%s looks like a publickey but failed sanity checking.\n", infile);
free(key);
goto errtinf1;
}
}
if(clen == sizeof(pcp_sig_t)) {
// a signature?
pcp_sig_t *sig = (pcp_sig_t *)bin;
sig2native(sig);
if(sig->version == PCP_SIG_VERSION) {
// looks valid
fprintf(stdout, "%s is an ed25519 signature file:\n", infile);
struct tm *c;
time_t t = (time_t)sig->ctime;
c = localtime(&t);
fprintf(stdout, "Signed by key: 0x%s\n", sig->id);
fprintf(stdout, "Creation Time: %04d-%02d-%02dT%02d:%02d:%02d\n",
c->tm_year+1900, c->tm_mon+1, c->tm_mday,
c->tm_hour, c->tm_min, c->tm_sec);
fprintf(stdout, " Signature: ");
pcpprint_bin(stdout, sig->edsig, crypto_sign_BYTES);
fprintf(stdout, "\n");
free(sig);
goto tdone;
}
else {
fprintf(stdout, "%s looks like a ed255 signature but failed sanity checking.\n", infile);
free(sig);
goto errtinf1;
}
}
// still there?
fprintf(stdout, "%s looks Z85 encoded but otherwise unknown and is possibly encrypted.\n", infile);
tdone:
fatals_reset();
return 0;
errtinf1:
fatals_reset();
return 1;
}
void pcptext_key(char *keyid) { void pcptext_key(char *keyid) {
pcp_key_t *s = pcpkey_exists(keyid); pcp_key_t *s = pcpkey_exists(keyid);
if(s != NULL) { if(s != NULL) {

1
src/keyprint.h
View File

@@ -42,6 +42,7 @@ void pcppubkey_printlineinfo(pcp_pubkey_t *key);
void pcptext_key(char *keyid); void pcptext_key(char *keyid);
void pcptext_vault(vault_t *vault); void pcptext_vault(vault_t *vault);
int pcptext_infile(char *infile);
void pcpexport_yaml(char *outfile); void pcpexport_yaml(char *outfile);
void pcpprint_bin(FILE *out, unsigned char *data, size_t len); void pcpprint_bin(FILE *out, unsigned char *data, size_t len);

7
src/pcp.c
View File

@@ -234,7 +234,7 @@ int main (int argc, char **argv) {
if(vault != NULL) { if(vault != NULL) {
switch (mode) { switch (mode) {
case PCP_MODE_KEYGEN: case PCP_MODE_KEYGEN:
pcp_keygen(xpass); pcp_keygen(xpass, outfile);
if(xpass != NULL) if(xpass != NULL)
free(xpass); free(xpass);
break; break;
@@ -309,9 +309,12 @@ int main (int argc, char **argv) {
break; break;
case PCP_MODE_TEXT: case PCP_MODE_TEXT:
if(! useid) { if(! useid && infile == NULL) {
pcptext_vault(vault); pcptext_vault(vault);
} }
else if(infile != NULL) {
pcptext_infile(infile);
}
else { else {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if(id != NULL) {

24
tests/unittests.cfg
View File

@@ -209,6 +209,30 @@ dxmorg@florida.cops.gov
</test> </test>
</test> </test>
#
# check usage of unencrypted secret key
<test check-crypto-unencrypted-secret>
cmd = (echo dau; echo foo; echo yes) | $pcp -V vcl -k -x ""
expect = /added to/
</test>
<test check-crypto-unencrypted-secret-yaml>
cmd = $pcp -V vcl -y
expect = /encrypted: no/
</test>
<test check-crypto-unencrypted-secret-message>
prepare = $pcp -V vcl -I key-bobby-pub -P
cmd = echo HALLO | $pcp -V vcl -e -O testencrypted -i ${idbobby}
expect = /success/
</test>
<test check-crypto-unencrypted-secret-read>
prepare = $pcp -V vcl -p | $pcp -V vb -P
cmd = $pcp -V vb -d -I testencrypted -x b
expect = /HALLO/
</test>
# #
# signature test # signature test
<test check-sign-to-bobby> <test check-sign-to-bobby>