mirror of
https://codeberg.org/scip/pcp.git
synced 2025-12-17 12:00:56 +01:00
renamed 'public' to 'pub' to avoid conflict with c++ api
This commit is contained in:
TLINDEN
@@ -38,17 +38,17 @@ size_t pcp_sodium_box(unsigned char **cipher,
|
|||||||
size_t clearsize,
|
size_t clearsize,
|
||||||
unsigned char *nonce,
|
unsigned char *nonce,
|
||||||
unsigned char *secret,
|
unsigned char *secret,
|
||||||
unsigned char *public);
|
unsigned char *pub);
|
||||||
|
|
||||||
int pcp_sodium_verify_box(unsigned char **cleartext, unsigned char* message,
|
int pcp_sodium_verify_box(unsigned char **cleartext, unsigned char* message,
|
||||||
size_t messagesize, unsigned char *nonce,
|
size_t messagesize, unsigned char *nonce,
|
||||||
unsigned char *secret, unsigned char *public);
|
unsigned char *secret, unsigned char *pub);
|
||||||
|
|
||||||
unsigned char *pcp_box_encrypt(pcp_key_t *secret, pcp_pubkey_t *public,
|
unsigned char *pcp_box_encrypt(pcp_key_t *secret, pcp_pubkey_t *pub,
|
||||||
unsigned char *message, size_t messagesize,
|
unsigned char *message, size_t messagesize,
|
||||||
size_t *csize);
|
size_t *csize);
|
||||||
|
|
||||||
unsigned char *pcp_box_decrypt(pcp_key_t *secret, pcp_pubkey_t *public,
|
unsigned char *pcp_box_decrypt(pcp_key_t *secret, pcp_pubkey_t *pub,
|
||||||
unsigned char *cipher, size_t ciphersize,
|
unsigned char *cipher, size_t ciphersize,
|
||||||
size_t *dsize);
|
size_t *dsize);
|
||||||
|
|
||||||
|
|||||||
@@ -74,7 +74,7 @@
|
|||||||
|
|
||||||
*/
|
*/
|
||||||
struct _pcp_key_t {
|
struct _pcp_key_t {
|
||||||
byte public[32];
|
byte pub[32];
|
||||||
byte secret[32];
|
byte secret[32];
|
||||||
byte edpub[32];
|
byte edpub[32];
|
||||||
byte edsecret[64];
|
byte edsecret[64];
|
||||||
@@ -91,7 +91,7 @@ struct _pcp_key_t {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct _pcp_pubkey_t {
|
struct _pcp_pubkey_t {
|
||||||
byte public[32];
|
byte pub[32];
|
||||||
byte edpub[32];
|
byte edpub[32];
|
||||||
char owner[255];
|
char owner[255];
|
||||||
char mail[255];
|
char mail[255];
|
||||||
@@ -159,4 +159,8 @@ void pcp_seckeyblob(void *blob, pcp_key_t *k);
|
|||||||
void pcp_pubkeyblob(void *blob, pcp_pubkey_t *k);
|
void pcp_pubkeyblob(void *blob, pcp_pubkey_t *k);
|
||||||
void *pcp_keyblob(void *k, int type); // allocates blob
|
void *pcp_keyblob(void *k, int type); // allocates blob
|
||||||
|
|
||||||
|
int pcp_sanitycheck_pub(pcp_pubkey_t *key);
|
||||||
|
int pcp_sanitycheck_key(pcp_key_t *key);
|
||||||
|
|
||||||
|
|
||||||
#endif // _HAVE_PCP_KEYPAIR_H
|
#endif // _HAVE_PCP_KEYPAIR_H
|
||||||
|
|||||||
@@ -27,7 +27,7 @@ size_t pcp_sodium_box(unsigned char **cipher,
|
|||||||
size_t clearsize,
|
size_t clearsize,
|
||||||
unsigned char *nonce,
|
unsigned char *nonce,
|
||||||
unsigned char *secret,
|
unsigned char *secret,
|
||||||
unsigned char *public) {
|
unsigned char *pub) {
|
||||||
|
|
||||||
unsigned char *pad_clear;
|
unsigned char *pad_clear;
|
||||||
unsigned char *pad_cipher;
|
unsigned char *pad_cipher;
|
||||||
@@ -39,7 +39,7 @@ size_t pcp_sodium_box(unsigned char **cipher,
|
|||||||
|
|
||||||
// crypto_box(c,m,mlen,n,pk,sk);
|
// crypto_box(c,m,mlen,n,pk,sk);
|
||||||
crypto_box(pad_cipher, pad_clear,
|
crypto_box(pad_cipher, pad_clear,
|
||||||
clearsize + crypto_box_ZEROBYTES, nonce, public, secret);
|
clearsize + crypto_box_ZEROBYTES, nonce, pub, secret);
|
||||||
|
|
||||||
pcp_pad_remove(cipher, pad_cipher, crypto_secretbox_BOXZEROBYTES, ciphersize);
|
pcp_pad_remove(cipher, pad_cipher, crypto_secretbox_BOXZEROBYTES, ciphersize);
|
||||||
|
|
||||||
@@ -54,7 +54,7 @@ size_t pcp_sodium_box(unsigned char **cipher,
|
|||||||
|
|
||||||
int pcp_sodium_verify_box(unsigned char **cleartext, unsigned char* message,
|
int pcp_sodium_verify_box(unsigned char **cleartext, unsigned char* message,
|
||||||
size_t messagesize, unsigned char *nonce,
|
size_t messagesize, unsigned char *nonce,
|
||||||
unsigned char *secret, unsigned char *public) {
|
unsigned char *secret, unsigned char *pub) {
|
||||||
// verify/decrypt the box
|
// verify/decrypt the box
|
||||||
unsigned char *pad_cipher;
|
unsigned char *pad_cipher;
|
||||||
unsigned char *pad_clear;
|
unsigned char *pad_clear;
|
||||||
@@ -66,7 +66,7 @@ int pcp_sodium_verify_box(unsigned char **cleartext, unsigned char* message,
|
|||||||
// crypto_box_open(m,c,clen,n,pk,sk);
|
// crypto_box_open(m,c,clen,n,pk,sk);
|
||||||
if (crypto_box_open(pad_clear, pad_cipher,
|
if (crypto_box_open(pad_clear, pad_cipher,
|
||||||
messagesize + crypto_box_BOXZEROBYTES,
|
messagesize + crypto_box_BOXZEROBYTES,
|
||||||
nonce, public, secret) == 0) {
|
nonce, pub, secret) == 0) {
|
||||||
success = 0;
|
success = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -81,7 +81,7 @@ int pcp_sodium_verify_box(unsigned char **cleartext, unsigned char* message,
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
unsigned char *pcp_box_encrypt(pcp_key_t *secret, pcp_pubkey_t *public,
|
unsigned char *pcp_box_encrypt(pcp_key_t *secret, pcp_pubkey_t *pub,
|
||||||
unsigned char *message, size_t messagesize,
|
unsigned char *message, size_t messagesize,
|
||||||
size_t *csize) {
|
size_t *csize) {
|
||||||
|
|
||||||
@@ -90,7 +90,7 @@ unsigned char *pcp_box_encrypt(pcp_key_t *secret, pcp_pubkey_t *public,
|
|||||||
unsigned char *cipher;
|
unsigned char *cipher;
|
||||||
|
|
||||||
size_t es = pcp_sodium_box(&cipher, message, messagesize, nonce,
|
size_t es = pcp_sodium_box(&cipher, message, messagesize, nonce,
|
||||||
secret->secret, public->public);
|
secret->secret, pub->pub);
|
||||||
|
|
||||||
if(es <= messagesize) {
|
if(es <= messagesize) {
|
||||||
fatal("failed to encrypt message!\n");
|
fatal("failed to encrypt message!\n");
|
||||||
@@ -98,7 +98,7 @@ unsigned char *pcp_box_encrypt(pcp_key_t *secret, pcp_pubkey_t *public,
|
|||||||
}
|
}
|
||||||
|
|
||||||
// scip
|
// scip
|
||||||
//fprintf(stderr, "public: "); pcpprint_bin(stderr, public->public, 32); fprintf(stderr, "\n");
|
//fprintf(stderr, "public: "); pcpprint_bin(stderr, pub->pub, 32); fprintf(stderr, "\n");
|
||||||
//fprintf(stderr, "secret: "); pcpprint_bin(stderr, secret->secret, 32); fprintf(stderr, "\n");
|
//fprintf(stderr, "secret: "); pcpprint_bin(stderr, secret->secret, 32); fprintf(stderr, "\n");
|
||||||
//fprintf(stderr, "cipher: "); pcpprint_bin(stderr, cipher, es); fprintf(stderr, "\n");
|
//fprintf(stderr, "cipher: "); pcpprint_bin(stderr, cipher, es); fprintf(stderr, "\n");
|
||||||
//fprintf(stderr, " nonce: "); pcpprint_bin(stderr, nonce, crypto_secretbox_NONCEBYTES); fprintf(stderr, "\n");
|
//fprintf(stderr, " nonce: "); pcpprint_bin(stderr, nonce, crypto_secretbox_NONCEBYTES); fprintf(stderr, "\n");
|
||||||
@@ -124,7 +124,7 @@ unsigned char *pcp_box_encrypt(pcp_key_t *secret, pcp_pubkey_t *public,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
unsigned char *pcp_box_decrypt(pcp_key_t *secret, pcp_pubkey_t *public,
|
unsigned char *pcp_box_decrypt(pcp_key_t *secret, pcp_pubkey_t *pub,
|
||||||
unsigned char *cipher, size_t ciphersize,
|
unsigned char *cipher, size_t ciphersize,
|
||||||
size_t *dsize) {
|
size_t *dsize) {
|
||||||
|
|
||||||
@@ -139,7 +139,7 @@ unsigned char *pcp_box_decrypt(pcp_key_t *secret, pcp_pubkey_t *public,
|
|||||||
|
|
||||||
if(pcp_sodium_verify_box(&message, cipheronly,
|
if(pcp_sodium_verify_box(&message, cipheronly,
|
||||||
ciphersize - crypto_secretbox_NONCEBYTES,
|
ciphersize - crypto_secretbox_NONCEBYTES,
|
||||||
nonce, secret->secret, public->public) != 0){
|
nonce, secret->secret, pub->pub) != 0){
|
||||||
fatal("failed to decrypt message!\n");
|
fatal("failed to decrypt message!\n");
|
||||||
goto errbed;
|
goto errbed;
|
||||||
}
|
}
|
||||||
|
|||||||
126
libpcp/key.c
126
libpcp/key.c
@@ -59,7 +59,7 @@ unsigned char *pcp_derivekey(char *passphrase) {
|
|||||||
|
|
||||||
char *pcp_getkeyid(pcp_key_t *k) {
|
char *pcp_getkeyid(pcp_key_t *k) {
|
||||||
uint32_t s, p;
|
uint32_t s, p;
|
||||||
p = jen_hash(k->public, 32, JEN_PSALT);
|
p = jen_hash(k->pub, 32, JEN_PSALT);
|
||||||
s = jen_hash(k->secret, 32, JEN_SSALT);
|
s = jen_hash(k->secret, 32, JEN_SSALT);
|
||||||
char *id = ucmalloc(17);
|
char *id = ucmalloc(17);
|
||||||
snprintf(id, 17, "%08X%08X", p, s);
|
snprintf(id, 17, "%08X%08X", p, s);
|
||||||
@@ -98,18 +98,18 @@ void pcp_ed_keypairs(byte *csk, byte *esk) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pcp_key_t * pcpkey_new () {
|
pcp_key_t * pcpkey_new () {
|
||||||
byte public[32] = { 0 };
|
byte pub[32] = { 0 };
|
||||||
byte secret[32] = { 0 };
|
byte secret[32] = { 0 };
|
||||||
byte edpub[32] = { 0 };
|
byte edpub[32] = { 0 };
|
||||||
byte edsec[64] = { 0 };
|
byte edsec[64] = { 0 };
|
||||||
|
|
||||||
byte *seed = urmalloc(32);
|
byte *seed = urmalloc(32);
|
||||||
|
|
||||||
pcp_keypairs(secret, public, edsec, edpub, seed);
|
pcp_keypairs(secret, pub, edsec, edpub, seed);
|
||||||
|
|
||||||
// fill in our struct
|
// fill in our struct
|
||||||
pcp_key_t *key = urmalloc(sizeof(pcp_key_t));
|
pcp_key_t *key = urmalloc(sizeof(pcp_key_t));
|
||||||
memcpy (key->public, public, 32);
|
memcpy (key->pub, pub, 32);
|
||||||
memcpy (key->secret, secret, 32);
|
memcpy (key->secret, secret, 32);
|
||||||
memcpy (key->edpub, edpub, 32);
|
memcpy (key->edpub, edpub, 32);
|
||||||
memcpy (key->edsecret, edsec, 64);
|
memcpy (key->edsecret, edsec, 64);
|
||||||
@@ -192,7 +192,7 @@ pcp_key_t *pcpkey_decrypt(pcp_key_t *key, char *passphrase) {
|
|||||||
pcp_pubkey_t *pcpkey_pub_from_secret(pcp_key_t *key) {
|
pcp_pubkey_t *pcpkey_pub_from_secret(pcp_key_t *key) {
|
||||||
//pcp_dumpkey(key);
|
//pcp_dumpkey(key);
|
||||||
pcp_pubkey_t *pub = urmalloc(sizeof (pcp_pubkey_t));
|
pcp_pubkey_t *pub = urmalloc(sizeof (pcp_pubkey_t));
|
||||||
memcpy(pub->public, key->public, 32);
|
memcpy(pub->pub, key->pub, 32);
|
||||||
memcpy(pub->edpub, key->edpub, 32);
|
memcpy(pub->edpub, key->edpub, 32);
|
||||||
memcpy(pub->owner, key->owner, 255);
|
memcpy(pub->owner, key->owner, 255);
|
||||||
memcpy(pub->mail, key->mail, 255);
|
memcpy(pub->mail, key->mail, 255);
|
||||||
@@ -205,24 +205,24 @@ pcp_pubkey_t *pcpkey_pub_from_secret(pcp_key_t *key) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
char *pcppubkey_get_art(pcp_pubkey_t *k) {
|
char *pcppubkey_get_art(pcp_pubkey_t *k) {
|
||||||
char *r = key_fingerprint_randomart(k->public, sizeof(k));
|
char *r = key_fingerprint_randomart(k->pub, sizeof(k));
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
char *pcpkey_get_art(pcp_key_t *k) {
|
char *pcpkey_get_art(pcp_key_t *k) {
|
||||||
char *r = key_fingerprint_randomart(k->public, sizeof(k));
|
char *r = key_fingerprint_randomart(k->pub, sizeof(k));
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
unsigned char *pcppubkey_getchecksum(pcp_pubkey_t *k) {
|
unsigned char *pcppubkey_getchecksum(pcp_pubkey_t *k) {
|
||||||
unsigned char *hash = ucmalloc(32);
|
unsigned char *hash = ucmalloc(32);
|
||||||
crypto_hash_sha256(hash, k->public, 32);
|
crypto_hash_sha256(hash, k->pub, 32);
|
||||||
return hash;
|
return hash;
|
||||||
}
|
}
|
||||||
|
|
||||||
unsigned char *pcpkey_getchecksum(pcp_key_t *k) {
|
unsigned char *pcpkey_getchecksum(pcp_key_t *k) {
|
||||||
unsigned char *hash = ucmalloc(32);
|
unsigned char *hash = ucmalloc(32);
|
||||||
crypto_hash_sha256(hash, k->public, 32);
|
crypto_hash_sha256(hash, k->pub, 32);
|
||||||
return hash;
|
return hash;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -282,7 +282,7 @@ pcp_pubkey_t *pubkey2native(pcp_pubkey_t *k) {
|
|||||||
pcp_key_t *pcp_derive_pcpkey (pcp_key_t *ours, char *theirs) {
|
pcp_key_t *pcp_derive_pcpkey (pcp_key_t *ours, char *theirs) {
|
||||||
byte edpub[32] = { 0 };
|
byte edpub[32] = { 0 };
|
||||||
byte edsec[64] = { 0 };
|
byte edsec[64] = { 0 };
|
||||||
byte public[32] = { 0 };
|
byte pub[32] = { 0 };
|
||||||
byte secret[32] = { 0 };
|
byte secret[32] = { 0 };
|
||||||
|
|
||||||
byte *seed = ucmalloc(32);
|
byte *seed = ucmalloc(32);
|
||||||
@@ -299,14 +299,14 @@ pcp_key_t *pcp_derive_pcpkey (pcp_key_t *ours, char *theirs) {
|
|||||||
goto errdp1;
|
goto errdp1;
|
||||||
}
|
}
|
||||||
|
|
||||||
pcp_keypairs(secret, public, edsec, edpub, seed);
|
pcp_keypairs(secret, pub, edsec, edpub, seed);
|
||||||
|
|
||||||
pcp_key_t * tmp = pcpkey_new ();
|
pcp_key_t * tmp = pcpkey_new ();
|
||||||
|
|
||||||
memcpy(tmp->secret, secret, 32);
|
memcpy(tmp->secret, secret, 32);
|
||||||
memcpy(tmp->edpub, edpub, 32);
|
memcpy(tmp->edpub, edpub, 32);
|
||||||
memcpy(tmp->edsecret, edsec, 64);
|
memcpy(tmp->edsecret, edsec, 64);
|
||||||
memcpy(tmp->public, public, 32);
|
memcpy(tmp->pub, pub, 32);
|
||||||
|
|
||||||
memcpy(tmp->owner, ours->owner, 255);
|
memcpy(tmp->owner, ours->owner, 255);
|
||||||
memcpy(tmp->mail, ours->mail, 255);
|
memcpy(tmp->mail, ours->mail, 255);
|
||||||
@@ -347,3 +347,105 @@ void *pcp_keyblob(void *k, int type) {
|
|||||||
}
|
}
|
||||||
return blob;
|
return blob;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int pcp_sanitycheck_pub(pcp_pubkey_t *key) {
|
||||||
|
if(key->pub[0] == 0) {
|
||||||
|
fatal("Pubkey sanity check: public key contained in key seems to be empty!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(key->type != PCP_KEY_TYPE_PUBLIC) {
|
||||||
|
fatal("Pubkey sanity check: key type is not PUBLIC (expected: %02x, got: %02x)!\n",
|
||||||
|
PCP_KEY_TYPE_PUBLIC, key->type);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(key->version != PCP_KEY_VERSION) {
|
||||||
|
fatal("Pubkey sanity check: unknown key version (expected: %08X, got: %08X)!\n",
|
||||||
|
PCP_KEY_VERSION, key->version);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(key->serial <= 0) {
|
||||||
|
fatal("Pubkey sanity check: invalid serial number: %08X!\n", key->serial);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(key->id[16] != '\0') {
|
||||||
|
char *got = ucmalloc(17);
|
||||||
|
memcpy(got, key->id, 17);
|
||||||
|
got[16] = '\0';
|
||||||
|
fatal("Pubkey sanity check: invalid key id (expected 16 bytes, got: %s)!\n", got);
|
||||||
|
free(got);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
struct tm *c;
|
||||||
|
time_t t = (time_t)key->ctime;
|
||||||
|
c = localtime(&t);
|
||||||
|
if(c->tm_year <= 0 || c->tm_year > 1100) {
|
||||||
|
// well, I'm perhaps overacting here :)
|
||||||
|
fatal("Pubkey sanity check: invalid creation timestamp (got year %04d)!\n", c->tm_year + 1900);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
pcp_pubkey_t *maybe = pcphash_pubkeyexists(key->id);
|
||||||
|
if(maybe != NULL) {
|
||||||
|
fatal("Pubkey sanity check: there already exists a key with the id 0x%s\n", key->id);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int pcp_sanitycheck_key(pcp_key_t *key) {
|
||||||
|
if(key->encrypted[0] == 0) {
|
||||||
|
fatal("Secretkey sanity check: secret key contained in key seems to be empty!\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(key->type != PCP_KEY_TYPE_SECRET && key->type != PCP_KEY_TYPE_MAINSECRET) {
|
||||||
|
fatal("Secretkey sanity check: key type is not SECRET (expected: %02x, got: %02x)!\n",
|
||||||
|
PCP_KEY_TYPE_SECRET, key->type);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(key->version != PCP_KEY_VERSION) {
|
||||||
|
fatal("Secretkey sanity check: unknown key version (expected: %08X, got: %08X)!\n",
|
||||||
|
PCP_KEY_VERSION, key->version);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(key->serial <= 0) {
|
||||||
|
fatal("Secretkey sanity check: invalid serial number: %08X!\n", key->serial);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(key->id[16] != '\0') {
|
||||||
|
char *got = ucmalloc(17);
|
||||||
|
memcpy(got, key->id, 17);
|
||||||
|
got[16] = '\0';
|
||||||
|
fatal("Secretkey sanity check: invalid key id (expected 16 bytes, got: %s)!\n", got);
|
||||||
|
free(got);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
struct tm *c;
|
||||||
|
time_t t = (time_t)key->ctime;
|
||||||
|
c = localtime(&t);
|
||||||
|
if(c->tm_year <= 0 || c->tm_year > 1100) {
|
||||||
|
// well, I'm perhaps overacting here :)
|
||||||
|
fatal("Secretkey sanity check: invalid creation timestamp (got year %04d)!\n", c->tm_year + 1900);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
pcp_key_t *maybe = pcphash_keyexists(key->id);
|
||||||
|
if(maybe != NULL) {
|
||||||
|
fatal("Secretkey sanity check: there already exists a key with the id 0x%s\n", key->id);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|||||||
@@ -25,7 +25,7 @@
|
|||||||
int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd) {
|
int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd) {
|
||||||
FILE *in = NULL;
|
FILE *in = NULL;
|
||||||
FILE *out = NULL;
|
FILE *out = NULL;
|
||||||
pcp_pubkey_t *public = NULL;
|
pcp_pubkey_t *pub = NULL;
|
||||||
pcp_key_t *secret = NULL;
|
pcp_key_t *secret = NULL;
|
||||||
|
|
||||||
if(useid) {
|
if(useid) {
|
||||||
@@ -93,24 +93,24 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd) {
|
|||||||
unsigned char *check = ucmalloc(crypto_hash_BYTES);
|
unsigned char *check = ucmalloc(crypto_hash_BYTES);
|
||||||
memcpy(hash, combined, crypto_hash_BYTES);
|
memcpy(hash, combined, crypto_hash_BYTES);
|
||||||
|
|
||||||
pcphash_iteratepub(public) {
|
pcphash_iteratepub(pub) {
|
||||||
crypto_hash(check, (unsigned char*)public->id, 16);
|
crypto_hash(check, (unsigned char*)pub->id, 16);
|
||||||
if(memcmp(check, hash, crypto_hash_BYTES) == 0) {
|
if(memcmp(check, hash, crypto_hash_BYTES) == 0) {
|
||||||
// found one
|
// found one
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(public == NULL) {
|
if(pub == NULL) {
|
||||||
// maybe self encryption, try secrets
|
// maybe self encryption, try secrets
|
||||||
pcp_key_t *s = NULL;
|
pcp_key_t *s = NULL;
|
||||||
pcphash_iterate(s) {
|
pcphash_iterate(s) {
|
||||||
crypto_hash(check, (unsigned char*)s->id, 16);
|
crypto_hash(check, (unsigned char*)s->id, 16);
|
||||||
if(memcmp(check, hash, crypto_hash_BYTES) == 0) {
|
if(memcmp(check, hash, crypto_hash_BYTES) == 0) {
|
||||||
// matching secret
|
// matching secret
|
||||||
public = pcpkey_pub_from_secret(s);
|
pub = pcpkey_pub_from_secret(s);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(public == NULL) {
|
if(pub == NULL) {
|
||||||
fatal("Could not find a usable public key in vault %s!\n",
|
fatal("Could not find a usable public key in vault %s!\n",
|
||||||
vault->filename);
|
vault->filename);
|
||||||
goto errde0;
|
goto errde0;
|
||||||
@@ -121,33 +121,33 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd) {
|
|||||||
fprintf(stderr, "Using secret key:\n");
|
fprintf(stderr, "Using secret key:\n");
|
||||||
pcpkey_printshortinfo(secret);
|
pcpkey_printshortinfo(secret);
|
||||||
fprintf(stderr, "Using publickey:\n");
|
fprintf(stderr, "Using publickey:\n");
|
||||||
pcppubkey_printshortinfo(public);
|
pcppubkey_printshortinfo(pub);
|
||||||
}
|
}
|
||||||
|
|
||||||
unsigned char *encrypted = ucmalloc(clen - crypto_hash_BYTES);
|
unsigned char *encrypted = ucmalloc(clen - crypto_hash_BYTES);
|
||||||
memcpy(encrypted, &combined[crypto_hash_BYTES], clen - crypto_hash_BYTES);
|
memcpy(encrypted, &combined[crypto_hash_BYTES], clen - crypto_hash_BYTES);
|
||||||
|
|
||||||
size_t dlen;
|
size_t dlen;
|
||||||
unsigned char *decrypted = pcp_box_decrypt(secret, public,
|
unsigned char *decrypted = pcp_box_decrypt(secret, pub,
|
||||||
encrypted,
|
encrypted,
|
||||||
clen - crypto_hash_BYTES, &dlen);
|
clen - crypto_hash_BYTES, &dlen);
|
||||||
|
|
||||||
if(decrypted == NULL) {
|
if(decrypted == NULL) {
|
||||||
// try it with a derived secret from the sender id
|
// try it with a derived secret from the sender id
|
||||||
pcp_key_t *s = pcp_derive_pcpkey(secret, public->id);
|
pcp_key_t *s = pcp_derive_pcpkey(secret, pub->id);
|
||||||
decrypted = pcp_box_decrypt(s, public,
|
decrypted = pcp_box_decrypt(s, pub,
|
||||||
encrypted,
|
encrypted,
|
||||||
clen - crypto_hash_BYTES, &dlen);
|
clen - crypto_hash_BYTES, &dlen);
|
||||||
if(decrypted == NULL) {
|
if(decrypted == NULL) {
|
||||||
// now try the senders key mail address
|
// now try the senders key mail address
|
||||||
s = pcp_derive_pcpkey(secret, public->mail);
|
s = pcp_derive_pcpkey(secret, pub->mail);
|
||||||
decrypted = pcp_box_decrypt(s, public,
|
decrypted = pcp_box_decrypt(s, pub,
|
||||||
encrypted,
|
encrypted,
|
||||||
clen - crypto_hash_BYTES, &dlen);
|
clen - crypto_hash_BYTES, &dlen);
|
||||||
if(decrypted == NULL) {
|
if(decrypted == NULL) {
|
||||||
// try the name
|
// try the name
|
||||||
s = pcp_derive_pcpkey(secret, public->owner);
|
s = pcp_derive_pcpkey(secret, pub->owner);
|
||||||
decrypted = pcp_box_decrypt(s, public,
|
decrypted = pcp_box_decrypt(s, pub,
|
||||||
encrypted,
|
encrypted,
|
||||||
clen - crypto_hash_BYTES, &dlen);
|
clen - crypto_hash_BYTES, &dlen);
|
||||||
}
|
}
|
||||||
@@ -164,7 +164,7 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd) {
|
|||||||
free(decrypted);
|
free(decrypted);
|
||||||
|
|
||||||
fprintf(stderr, "Decrypted %d bytes from 0x%s successfully\n",
|
fprintf(stderr, "Decrypted %d bytes from 0x%s successfully\n",
|
||||||
(int)dlen, public->id);
|
(int)dlen, pub->id);
|
||||||
}
|
}
|
||||||
|
|
||||||
free(encrypted);
|
free(encrypted);
|
||||||
@@ -186,17 +186,17 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd) {
|
|||||||
int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, char *recipient) {
|
int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, char *recipient) {
|
||||||
FILE *in = NULL;
|
FILE *in = NULL;
|
||||||
FILE *out = NULL;
|
FILE *out = NULL;
|
||||||
pcp_pubkey_t *public = NULL;
|
pcp_pubkey_t *pub = NULL;
|
||||||
pcp_key_t *secret = NULL;
|
pcp_key_t *secret = NULL;
|
||||||
|
|
||||||
// look if we've got that key
|
// look if we've got that key
|
||||||
HASH_FIND_STR(pcppubkey_hash, id, public);
|
HASH_FIND_STR(pcppubkey_hash, id, pub);
|
||||||
if(public == NULL) {
|
if(pub == NULL) {
|
||||||
// self-encryption: look if its a secret one
|
// self-encryption: look if its a secret one
|
||||||
pcp_key_t *s = NULL;
|
pcp_key_t *s = NULL;
|
||||||
HASH_FIND_STR(pcpkey_hash, id, s);
|
HASH_FIND_STR(pcpkey_hash, id, s);
|
||||||
if(s != NULL) {
|
if(s != NULL) {
|
||||||
public = pcpkey_pub_from_secret(s);
|
pub = pcpkey_pub_from_secret(s);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
fatal("Could not find a public key with id 0x%s in vault %s!\n",
|
fatal("Could not find a public key with id 0x%s in vault %s!\n",
|
||||||
@@ -255,7 +255,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, char *recipi
|
|||||||
fprintf(stderr, "Using secret key:\n");
|
fprintf(stderr, "Using secret key:\n");
|
||||||
pcp_dumpkey(secret);
|
pcp_dumpkey(secret);
|
||||||
fprintf(stderr, "Using publickey:\n");
|
fprintf(stderr, "Using publickey:\n");
|
||||||
pcp_dumppubkey(public);
|
pcp_dumppubkey(pub);
|
||||||
}
|
}
|
||||||
|
|
||||||
unsigned char *input = NULL;
|
unsigned char *input = NULL;
|
||||||
@@ -278,7 +278,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, char *recipi
|
|||||||
}
|
}
|
||||||
|
|
||||||
size_t ciphersize;
|
size_t ciphersize;
|
||||||
unsigned char *cipher = pcp_box_encrypt(secret, public, input,
|
unsigned char *cipher = pcp_box_encrypt(secret, pub, input,
|
||||||
inputBufSize, &ciphersize);
|
inputBufSize, &ciphersize);
|
||||||
if(cipher == NULL)
|
if(cipher == NULL)
|
||||||
goto erren1;
|
goto erren1;
|
||||||
|
|||||||
101
src/keymgmt.c
101
src/keymgmt.c
@@ -444,107 +444,6 @@ int pcp_importpublic (vault_t *vault, FILE *in) {
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int pcp_sanitycheck_pub(pcp_pubkey_t *key) {
|
|
||||||
if(key->public[0] == 0) {
|
|
||||||
fatal("Pubkey sanity check: public key contained in key seems to be empty!\n");
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(key->type != PCP_KEY_TYPE_PUBLIC) {
|
|
||||||
fatal("Pubkey sanity check: key type is not PUBLIC (expected: %02x, got: %02x)!\n",
|
|
||||||
PCP_KEY_TYPE_PUBLIC, key->type);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(key->version != PCP_KEY_VERSION) {
|
|
||||||
fatal("Pubkey sanity check: unknown key version (expected: %08X, got: %08X)!\n",
|
|
||||||
PCP_KEY_VERSION, key->version);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(key->serial <= 0) {
|
|
||||||
fatal("Pubkey sanity check: invalid serial number: %08X!\n", key->serial);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(key->id[16] != '\0') {
|
|
||||||
char *got = ucmalloc(17);
|
|
||||||
memcpy(got, key->id, 17);
|
|
||||||
got[16] = '\0';
|
|
||||||
fatal("Pubkey sanity check: invalid key id (expected 16 bytes, got: %s)!\n", got);
|
|
||||||
free(got);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
struct tm *c;
|
|
||||||
time_t t = (time_t)key->ctime;
|
|
||||||
c = localtime(&t);
|
|
||||||
if(c->tm_year <= 0 || c->tm_year > 1100) {
|
|
||||||
// well, I'm perhaps overacting here :)
|
|
||||||
fatal("Pubkey sanity check: invalid creation timestamp (got year %04d)!\n", c->tm_year + 1900);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
pcp_pubkey_t *maybe = pcphash_pubkeyexists(key->id);
|
|
||||||
if(maybe != NULL) {
|
|
||||||
fatal("Pubkey sanity check: there already exists a key with the id 0x%s\n", key->id);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int pcp_sanitycheck_key(pcp_key_t *key) {
|
|
||||||
if(key->encrypted[0] == 0) {
|
|
||||||
fatal("Secretkey sanity check: secret key contained in key seems to be empty!\n");
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(key->type != PCP_KEY_TYPE_SECRET && key->type != PCP_KEY_TYPE_MAINSECRET) {
|
|
||||||
fatal("Secretkey sanity check: key type is not SECRET (expected: %02x, got: %02x)!\n",
|
|
||||||
PCP_KEY_TYPE_SECRET, key->type);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(key->version != PCP_KEY_VERSION) {
|
|
||||||
fatal("Secretkey sanity check: unknown key version (expected: %08X, got: %08X)!\n",
|
|
||||||
PCP_KEY_VERSION, key->version);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(key->serial <= 0) {
|
|
||||||
fatal("Secretkey sanity check: invalid serial number: %08X!\n", key->serial);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(key->id[16] != '\0') {
|
|
||||||
char *got = ucmalloc(17);
|
|
||||||
memcpy(got, key->id, 17);
|
|
||||||
got[16] = '\0';
|
|
||||||
fatal("Secretkey sanity check: invalid key id (expected 16 bytes, got: %s)!\n", got);
|
|
||||||
free(got);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
struct tm *c;
|
|
||||||
time_t t = (time_t)key->ctime;
|
|
||||||
c = localtime(&t);
|
|
||||||
if(c->tm_year <= 0 || c->tm_year > 1100) {
|
|
||||||
// well, I'm perhaps overacting here :)
|
|
||||||
fatal("Secretkey sanity check: invalid creation timestamp (got year %04d)!\n", c->tm_year + 1900);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
pcp_key_t *maybe = pcphash_keyexists(key->id);
|
|
||||||
if(maybe != NULL) {
|
|
||||||
fatal("Secretkey sanity check: there already exists a key with the id 0x%s\n", key->id);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
void pcpdelete_key(char *keyid) {
|
void pcpdelete_key(char *keyid) {
|
||||||
pcp_pubkey_t *p = pcphash_pubkeyexists(keyid);
|
pcp_pubkey_t *p = pcphash_pubkeyexists(keyid);
|
||||||
|
|
||||||
|
|||||||
@@ -52,9 +52,7 @@ void pcp_exportpublic(char *keyid, char *recipient, char *passwd, char *outfile)
|
|||||||
char *pcp_normalize_id(char *keyid);
|
char *pcp_normalize_id(char *keyid);
|
||||||
pcp_key_t *pcp_find_primary_secret();
|
pcp_key_t *pcp_find_primary_secret();
|
||||||
int pcp_importpublic (vault_t *vault, FILE *in);
|
int pcp_importpublic (vault_t *vault, FILE *in);
|
||||||
int pcp_sanitycheck_pub(pcp_pubkey_t *key);
|
|
||||||
int pcp_importsecret (vault_t *vault, FILE *in);
|
int pcp_importsecret (vault_t *vault, FILE *in);
|
||||||
int pcp_sanitycheck_key(pcp_key_t *key);
|
|
||||||
void pcpdelete_key(char *keyid);
|
void pcpdelete_key(char *keyid);
|
||||||
char *pcp_find_id_byrec(char *recipient);
|
char *pcp_find_id_byrec(char *recipient);
|
||||||
char *_lc(char *in);
|
char *_lc(char *in);
|
||||||
|
|||||||
@@ -270,7 +270,7 @@ void pcppubkey_print(pcp_pubkey_t *key, FILE* out) {
|
|||||||
fprintf(out, " Mail: %s\n", key->mail);
|
fprintf(out, " Mail: %s\n", key->mail);
|
||||||
|
|
||||||
fprintf(out, " Key-ID: 0x%s\n", key->id);
|
fprintf(out, " Key-ID: 0x%s\n", key->id);
|
||||||
fprintf(out, " Public-Key: %s\n", pcp_z85_encode(key->public, 32, &zlen));
|
fprintf(out, " Public-Key: %s\n", pcp_z85_encode(key->pub, 32, &zlen));
|
||||||
|
|
||||||
//2004-06-14T23:34:30.
|
//2004-06-14T23:34:30.
|
||||||
fprintf(out, " Creation Time: %04d-%02d-%02dT%02d:%02d:%02d\n",
|
fprintf(out, " Creation Time: %04d-%02d-%02dT%02d:%02d:%02d\n",
|
||||||
@@ -317,7 +317,7 @@ void pcp_dumpkey(pcp_key_t *k) {
|
|||||||
|
|
||||||
printf("Dumping pcp_key_t raw values:\n");
|
printf("Dumping pcp_key_t raw values:\n");
|
||||||
printf(" public: ");
|
printf(" public: ");
|
||||||
for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->public[i]);
|
for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->pub[i]);
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
|
||||||
printf(" secret: ");
|
printf(" secret: ");
|
||||||
@@ -360,7 +360,7 @@ void pcp_dumppubkey(pcp_pubkey_t *k) {
|
|||||||
int i;
|
int i;
|
||||||
printf("Dumping pcp_pubkey_t raw values:\n");
|
printf("Dumping pcp_pubkey_t raw values:\n");
|
||||||
printf(" public: ");
|
printf(" public: ");
|
||||||
for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->public[i]);
|
for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->pub[i]);
|
||||||
printf("\n");
|
printf("\n");
|
||||||
|
|
||||||
printf(" edpub: ");
|
printf(" edpub: ");
|
||||||
@@ -456,7 +456,7 @@ void pcpexport_yaml(char *outfile) {
|
|||||||
fprintf(out, " serial: %08x\n", s->serial);
|
fprintf(out, " serial: %08x\n", s->serial);
|
||||||
fprintf(out, " type: %s\n",
|
fprintf(out, " type: %s\n",
|
||||||
(s->type == PCP_KEY_TYPE_MAINSECRET) ? "primary" : " secret");
|
(s->type == PCP_KEY_TYPE_MAINSECRET) ? "primary" : " secret");
|
||||||
fprintf(out, " public: "); pcpprint_bin(out, s->public, 32); fprintf(out, "\n");
|
fprintf(out, " public: "); pcpprint_bin(out, s->pub, 32); fprintf(out, "\n");
|
||||||
if(s->secret[0] == 0) {
|
if(s->secret[0] == 0) {
|
||||||
fprintf(out, " encrypted: yes\n");
|
fprintf(out, " encrypted: yes\n");
|
||||||
fprintf(out, " nonce: "); pcpprint_bin(out, s->nonce, 24); fprintf(out, "\n");
|
fprintf(out, " nonce: "); pcpprint_bin(out, s->nonce, 24); fprintf(out, "\n");
|
||||||
@@ -480,7 +480,7 @@ void pcpexport_yaml(char *outfile) {
|
|||||||
fprintf(out, " version: %08x\n", p->version);
|
fprintf(out, " version: %08x\n", p->version);
|
||||||
fprintf(out, " serial: %08x\n", p->serial);
|
fprintf(out, " serial: %08x\n", p->serial);
|
||||||
fprintf(out, " type: public\n");
|
fprintf(out, " type: public\n");
|
||||||
fprintf(out, " public: "); pcpprint_bin(out, p->public, 32); fprintf(out, "\n");
|
fprintf(out, " public: "); pcpprint_bin(out, p->pub, 32); fprintf(out, "\n");
|
||||||
fprintf(out, " edpub: "); pcpprint_bin(out, p->edpub, 32); fprintf(out, "\n");
|
fprintf(out, " edpub: "); pcpprint_bin(out, p->edpub, 32); fprintf(out, "\n");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -147,7 +147,7 @@ int pcpsign(char *infile, char *outfile, char *recipient, char *passwd) {
|
|||||||
int pcpverify(char *infile, char *sigfile) {
|
int pcpverify(char *infile, char *sigfile) {
|
||||||
FILE *in = NULL;
|
FILE *in = NULL;
|
||||||
FILE *sigin = NULL;
|
FILE *sigin = NULL;
|
||||||
pcp_pubkey_t *public = NULL;
|
pcp_pubkey_t *pub = NULL;
|
||||||
|
|
||||||
if(infile == NULL)
|
if(infile == NULL)
|
||||||
in = stdin;
|
in = stdin;
|
||||||
@@ -181,9 +181,9 @@ int pcpverify(char *infile, char *sigfile) {
|
|||||||
pcp_sig_t *sig = (pcp_sig_t *)decoded;
|
pcp_sig_t *sig = (pcp_sig_t *)decoded;
|
||||||
sig2native(sig);
|
sig2native(sig);
|
||||||
|
|
||||||
HASH_FIND_STR(pcppubkey_hash, sig->id, public);
|
HASH_FIND_STR(pcppubkey_hash, sig->id, pub);
|
||||||
|
|
||||||
if(public == NULL) {
|
if(pub == NULL) {
|
||||||
fatal("Could not find a usable public key in vault %s!\n",
|
fatal("Could not find a usable public key in vault %s!\n",
|
||||||
vault->filename);
|
vault->filename);
|
||||||
goto errv3;
|
goto errv3;
|
||||||
@@ -209,7 +209,7 @@ int pcpverify(char *infile, char *sigfile) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if(pcp_ed_verify(input, inputBufSize, sig, public) == 0) {
|
if(pcp_ed_verify(input, inputBufSize, sig, pub) == 0) {
|
||||||
fprintf(stderr, "Signature verified.\n");
|
fprintf(stderr, "Signature verified.\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -25,9 +25,9 @@ int main() {
|
|||||||
memcpy(n, c, 24);
|
memcpy(n, c, 24);
|
||||||
|
|
||||||
pr("secret_a", a->secret, 32);
|
pr("secret_a", a->secret, 32);
|
||||||
pr("public_a", a->public, 32);
|
pr("public_a", a->pub, 32);
|
||||||
pr("secret_b", b->secret, 32);
|
pr("secret_b", b->secret, 32);
|
||||||
pr("public_b", b->public, 32);
|
pr("public_b", b->pub, 32);
|
||||||
pr("message", m, 12);
|
pr("message", m, 12);
|
||||||
pr("nonce", n, 24);
|
pr("nonce", n, 24);
|
||||||
pr("cipher", &c[24], clen - 24);
|
pr("cipher", &c[24], clen - 24);
|
||||||
|
|||||||
Reference in New Issue
Block a user