scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 12:00:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed keysig saving (forgot the id), enhancements on cmdline

Browse Source
This commit is contained in:
TLINDEN
2014-03-02 18:05:45 +01:00
parent 0767e55e55
commit b640fe6743
16 changed files with 84 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@@ -81,6 +81,16 @@
changes. It's like a drug boosting the brain. Love changes. It's like a drug boosting the brain. Love
U, man! U, man!
Enhanded --edit-key a little, it's now possible to
make a secret the primary one.
Added new option -v (the previous -v has moved to
--version only) for verbose. Currently only supported
by --list-keys. In this mode more details will be
printed. Also added a couple of alias options for
existing ones (e.g. -a for armor which is an alias
for -z).
0.2.0 ED25519 and Curve25519 keys are now generated 0.2.0 ED25519 and Curve25519 keys are now generated
separately (previously they were generated from separately (previously they were generated from
one random seed, the curve had been derived from one random seed, the curve had been derived from

6
TODO
View File

@@ -16,14 +16,14 @@ enable formats for secret key exports as well
Add newlines to headers in define.h, so strlen() later catches the whole length. Add newlines to headers in define.h, so strlen() later catches the whole length.
Z85 Stream encode: add newline after last.
Check is_utf8 license. Check is_utf8 license.
also found in https://gd.meizo.com/_files/lpc/ext/utf8.c also found in https://gd.meizo.com/_files/lpc/ext/utf8.c
Vault checksum with global vault Vault checksum with global vault
Symmetric crypt mode tries to open vault Symmetric decrypt mode tries to open vault
pcp_find_primary_secret() makes a copy ???
Python binding, e.g.: Python binding, e.g.:
py % cdll.LoadLibrary("libsodium.so.8") py % cdll.LoadLibrary("libsodium.so.8")

1
include/pcp.h
View File

@@ -8,6 +8,7 @@ extern "C" {
#include "pcp/config.h" #include "pcp/config.h"
#include "pcp/base85.h" #include "pcp/base85.h"
#include "pcp/buffer.h" #include "pcp/buffer.h"
#include "pcp/config.h"
#include "pcp/crypto.h" #include "pcp/crypto.h"
#include "pcp/defines.h" #include "pcp/defines.h"
#include "pcp/digital_crc32.h" #include "pcp/digital_crc32.h"

3
include/pcp/defines.h
View File

@@ -196,6 +196,9 @@ void fatals_reset();
*/ */
void fatals_done(); void fatals_done();
extern int PCPVERBOSE;
#endif /* _DEFINES_H */ #endif /* _DEFINES_H */
/**@}*/ /**@}*/

2
include/pcp/keysig.h
View File

@@ -38,7 +38,7 @@
struct _pcp_keysig_t { struct _pcp_keysig_t {
uint8_t type; uint8_t type;
uint32_t size; uint32_t size;
char belongs[17]; char id[17];
byte checksum[32]; byte checksum[32];
byte *blob; byte *blob;
UT_hash_handle hh; UT_hash_handle hh;

2
include/pcp/z85.h
View File

@@ -89,6 +89,8 @@ byte *pcp_z85_decode(char *z85block, size_t *dstlen);
/** Encode data to Z85 encoding. /** Encode data to Z85 encoding.
Beside Z85 encoding it also adds a newline everiy 72 characters. Beside Z85 encoding it also adds a newline everiy 72 characters.
It allocates the memory for the returned char pointer. The caller
is responsible the free() it.
\param[in] raw Pointer to raw data. \param[in] raw Pointer to raw data.
\param[in] srclen Size of the data. \param[in] srclen Size of the data.

1
libpcp/fatal.c
View File

@@ -32,6 +32,7 @@
char *PCP_ERR; char *PCP_ERR;
byte PCP_ERRSET; byte PCP_ERRSET;
int PCP_EXIT; int PCP_EXIT;
int PCPVERBOSE;
void fatal(const char * fmt, ...) { void fatal(const char * fmt, ...) {
va_list ap; va_list ap;

2
libpcp/keyhash.c
View File

@@ -105,7 +105,7 @@ void pcphash_add(void *key, int type) {
} }
else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_PBP) { else if(type == PCP_KEYSIG_NATIVE || type == PCP_KEYSIG_PBP) {
pcp_keysig_t *keysig = (pcp_keysig_t *)key; pcp_keysig_t *keysig = (pcp_keysig_t *)key;
HASH_ADD_STR( pcpkeysig_hash, belongs, keysig); HASH_ADD_STR( pcpkeysig_hash, id, keysig);
} }
else { else {
pcp_key_t *k = (pcp_key_t *)key; pcp_key_t *k = (pcp_key_t *)key;

4
libpcp/keysig.c
View File

@@ -48,7 +48,7 @@ Buffer *pcp_keysig2blob(pcp_keysig_t *s) {
Buffer *b = buffer_new(256, "keysig2blob"); Buffer *b = buffer_new(256, "keysig2blob");
buffer_add8(b, s->type); buffer_add8(b, s->type);
buffer_add32be(b, s->size); buffer_add32be(b, s->size);
buffer_add(b, s->belongs, 17); buffer_add(b, s->id, 17);
buffer_add(b, s->checksum, 32); buffer_add(b, s->checksum, 32);
buffer_add(b, s->blob, s->size); buffer_add(b, s->blob, s->size);
return b; return b;
@@ -60,6 +60,8 @@ pcp_keysig_t *pcp_keysig_new(Buffer *blob) {
uint8_t type = buffer_get8(blob); uint8_t type = buffer_get8(blob);
uint32_t size = buffer_get32na(blob); uint32_t size = buffer_get32na(blob);
buffer_get_chunk(blob, sk->id, 17);
byte *checksum = ucmalloc(32); byte *checksum = ucmalloc(32);
buffer_get_chunk(blob, checksum, 32); buffer_get_chunk(blob, checksum, 32);

4
libpcp/mgmt.c
View File

@@ -120,7 +120,7 @@ int _check_hash_keysig(Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t *sk) {
/* everything minus version, ctime and cipher, 1st 3 fields */ /* everything minus version, ctime and cipher, 1st 3 fields */
sk->size = blobstop - 6; sk->size = blobstop - 6;
memcpy(sk->belongs, p->id, 17); memcpy(sk->id, p->id, 17);
/* put the whole signature blob into our keysig */ /* put the whole signature blob into our keysig */
blob->offset = 6; /* woah, hack :) */ blob->offset = 6; /* woah, hack :) */
@@ -359,7 +359,7 @@ pcp_ks_bundle_t *pcp_import_pub_pbp(Buffer *blob) {
pcp_keysig_t *sk = ucmalloc(sizeof(pcp_keysig_t)); pcp_keysig_t *sk = ucmalloc(sizeof(pcp_keysig_t));
sk->type = PCP_KEYSIG_PBP; sk->type = PCP_KEYSIG_PBP;
sk->size = buffer_size(blob); sk->size = buffer_size(blob);
memcpy(sk->belongs, pub->id, 17); memcpy(sk->id, pub->id, 17);
sk->blob = ucmalloc(sk->size); sk->blob = ucmalloc(sk->size);
memcpy(sk->blob, buffer_get(blob), sk->size); memcpy(sk->blob, buffer_get(blob), sk->size);
crypto_hash_sha256(sk->checksum, sk->blob, sk->size); crypto_hash_sha256(sk->checksum, sk->blob, sk->size);

1
libpcp/z85.c
View File

@@ -123,7 +123,6 @@ size_t _buffer_is_binary(byte *buf, size_t len) {
memset(wide, 0, 4); memset(wide, 0, 4);
continue; continue;
} }
break; /* if we reach this, then it's binary and not utf8, stop checking */ break; /* if we reach this, then it's binary and not utf8, stop checking */
} }
} }

22
man/details.pod
View File

@@ -554,20 +554,22 @@ secret signing key and S the symmetric key.
=head2 Z85 ENCODING =head2 Z85 ENCODING
B<pcp1> uses Z85 to encode exported keys and armored signatures. B<pcp1> uses Z85 to encode binary data (if requested with -z) such
Comments in encoded files are surrounded by the tilde character. as encrypted data, exported keys or armored signatures.
We're using the tilde because it's not part of the Z85 base
charset. Sample:
~~~ Header ~~~ Encoded data are always enclosed by a header and a footer and may have any number
~ Version: 1 ~ of comments. Example:
----- PCP ENCRYPTED FILE -----
Version: PCP 0.2.1
246ge]+yn={<I&&Z%(pm[09lc5[dx4TZALi/6cjVe)Kx5S}7>}]Xi3*N3Xx34Y^0rz:r.5j 246ge]+yn={<I&&Z%(pm[09lc5[dx4TZALi/6cjVe)Kx5S}7>}]Xi3*N3Xx34Y^0rz:r.5j
v#6Sh/m3XKwy?VlA+h8ks]9:kVj{D[fd7]NA]T-(ne+xo!W5X5-gIUWqM v#6Sh/m3XKwy?VlA+h8ks]9:kVj{D[fd7]NA]T-(ne+xo!W5X5-gIUWqM
~~~ Footer ~~~ ----- END PCP ENCRYPTED FILE -----
Multiple tildes can be used as long as their number is uneven. However, the parser tries to be as tolerant as possible. It also accepts
Z85 encoded data without headers or without newlines, empty lines or lines
This is a proprietary PCP extension. containing a space are ignored as are comments. Empty comments are not
allowed.
=head3 Z85 BACKGROUND =head3 Z85 BACKGROUND

22
man/pcp1.pod
View File

@@ -802,20 +802,22 @@ secret signing key and S the symmetric key.
=head2 Z85 ENCODING =head2 Z85 ENCODING
B<pcp1> uses Z85 to encode exported keys and armored signatures. B<pcp1> uses Z85 to encode binary data (if requested with -z) such
Comments in encoded files are surrounded by the tilde character. as encrypted data, exported keys or armored signatures.
We're using the tilde because it's not part of the Z85 base
charset. Sample:
~~~ Header ~~~ Encoded data are always enclosed by a header and a footer and may have any number
~ Version: 1 ~ of comments. Example:
----- PCP ENCRYPTED FILE -----
Version: PCP 0.2.1
246ge]+yn={<I&&Z%(pm[09lc5[dx4TZALi/6cjVe)Kx5S}7>}]Xi3*N3Xx34Y^0rz:r.5j 246ge]+yn={<I&&Z%(pm[09lc5[dx4TZALi/6cjVe)Kx5S}7>}]Xi3*N3Xx34Y^0rz:r.5j
v#6Sh/m3XKwy?VlA+h8ks]9:kVj{D[fd7]NA]T-(ne+xo!W5X5-gIUWqM v#6Sh/m3XKwy?VlA+h8ks]9:kVj{D[fd7]NA]T-(ne+xo!W5X5-gIUWqM
~~~ Footer ~~~ ----- END PCP ENCRYPTED FILE -----
Multiple tildes can be used as long as their number is uneven. However, the parser tries to be as tolerant as possible. It also accepts
Z85 encoded data without headers or without newlines, empty lines or lines
This is a proprietary PCP extension. containing a space are ignored as are comments. Empty comments are not
allowed.
=head3 Z85 BACKGROUND =head3 Z85 BACKGROUND

9
tests/Makefile.am
View File

@@ -20,7 +20,8 @@
# #
AM_CFLAGS = -I../include/pcp -I../src -I../libpcp/scrypt/crypto -Wall -g AM_CFLAGS = -I../include/pcp -I../src -I../libpcp/scrypt/crypto -Wall -g
check_PROGRAMS = col invalidkeys pwhashes gencheader statictest cpptest buffertest sample streamtest pipetest check_PROGRAMS = col invalidkeys gencheader statictest cpptest \
buffertest sample streamtest pipetest decodertest
gencheader_LDADD = ../libpcp/.libs/libpcp1.a gencheader_LDADD = ../libpcp/.libs/libpcp1.a
gencheader_SOURCES = gencheader.c gencheader_SOURCES = gencheader.c
@@ -40,6 +41,9 @@ streamtest_SOURCES = streamtest.c
pipetest_LDADD = ../libpcp/.libs/libpcp1.a pipetest_LDADD = ../libpcp/.libs/libpcp1.a
pipetest_SOURCES = pipetest.c pipetest_SOURCES = pipetest.c
decodertest_LDADD = ../libpcp/.libs/libpcp1.a
decodertest_SOURCES = decodertest.c
col_LDADD = ../libpcp/.libs/libpcp1.a col_LDADD = ../libpcp/.libs/libpcp1.a
col_SOURCES = collisions.c ../src/compat_getopt.c col_SOURCES = collisions.c ../src/compat_getopt.c
@@ -47,9 +51,6 @@ invalidkeys_LDADD = ../libpcp/.libs/libpcp1.a \
../src/keyprint.o ../src/keymgmt.o ../src/readpass.o ../src/keyprint.o ../src/keymgmt.o ../src/readpass.o
invalidkeys_SOURCES = invalidkeys.c invalidkeys_SOURCES = invalidkeys.c
pwhashes_LDADD = ../libpcp/.libs/libpcp1.a
pwhashes_SOURCES = pwhashes.c
AM_CXXFLAGS = -I../include -I../bindings/cpp -I../libpcp/scrypt/crypto -Wall -g AM_CXXFLAGS = -I../include -I../bindings/cpp -I../libpcp/scrypt/crypto -Wall -g
cpptest_LDADD = ../bindings/cpp/.libs/libpcp1++.a ../libpcp/.libs/libpcp1.a cpptest_LDADD = ../bindings/cpp/.libs/libpcp1++.a ../libpcp/.libs/libpcp1.a
cpptest_SOURCES = cpptest.cpp cpptest_SOURCES = cpptest.cpp

34
tests/streamtest.c
View File

@@ -4,36 +4,9 @@
#include <pcp.h> #include <pcp.h>
int linetest() {
FILE *in;
if((in = fopen("x", "rb")) == NULL) {
fprintf(stderr, "oops, could not open file!\n");
return 1;
}
Pcpstream *pin = ps_new_file(in);
ps_setdetermine(pin, 8);
size_t got;
byte data[9] = {0};
while(!ps_end(pin)) {
if((got = ps_read(pin, data, 8)) > 0) {
fprintf(stderr, "######## <");
fwrite(data, 1, got, stderr);
fprintf(stderr, "> ##### %ld\n", got);
}
else break;
}
ps_close(pin);
return 0;
}
int main() { int main() {
/* create a file with "encrypted" data */ /* create a file with "encrypted" data */
return linetest();
FILE *out, *in; FILE *out, *in;
unsigned char clear[8] = "ABCDEFGH"; unsigned char clear[8] = "ABCDEFGH";
unsigned char key[8] = "IxD8Lq1K"; unsigned char key[8] = "IxD8Lq1K";
@@ -49,14 +22,13 @@ int main() {
/* out output stream, z85 encoded, use z85 blocksize 8 */ /* out output stream, z85 encoded, use z85 blocksize 8 */
Pcpstream *pout = ps_new_file(out); Pcpstream *pout = ps_new_file(out);
ps_print(pout, "~~~~~ BEGIN ~~~~~\r\n"); ps_print(pout, "----- BEGIN -----\r\n");
ps_armor(pout, blocksize); ps_armor(pout, blocksize);
/* "encrypt" a couple of times into the output stream */ /* "encrypt" a couple of times into the output stream */
for(i=0; i<blocks; i++) { for(i=0; i<blocks; i++) {
memcpy(crypt, clear, 8); memcpy(crypt, clear, 8);
_xorbuf(key, crypt, 8); _xorbuf(key, crypt, 8);
//_dump("crypt", crypt, 8);
ps_write(pout, crypt, 8); ps_write(pout, crypt, 8);
} }
@@ -64,7 +36,7 @@ int main() {
ps_finish(pout); ps_finish(pout);
pout->armor = 0; pout->armor = 0;
ps_print(pout, "\r\n~~~~~ END ~~~~~\r\n"); ps_print(pout, "\r\n----- END -----\r\n");
ps_close(pout); ps_close(pout);
fclose(out); fclose(out);
@@ -86,7 +58,6 @@ int main() {
for(i=0; i<blocks; i++) { for(i=0; i<blocks; i++) {
ps_read(pin, crypt, 8); ps_read(pin, crypt, 8);
_xorbuf(key, crypt, 8); _xorbuf(key, crypt, 8);
//_dump("got", crypt, 8);
ps_write(pclear, crypt, 8); ps_write(pclear, crypt, 8);
memset(crypt,0,8); memset(crypt,0,8);
} }
@@ -99,7 +70,6 @@ int main() {
/* and verify if it's "decrypted" (re-use crypt) */ /* and verify if it's "decrypted" (re-use crypt) */
for(i=0; i<blocks; i++) { for(i=0; i<blocks; i++) {
buffer_get_chunk(result, crypt, 8); buffer_get_chunk(result, crypt, 8);
//_dump("result", crypt, 8);
if(memcmp(crypt, clear, 8) != 0) { if(memcmp(crypt, clear, 8) != 0) {
fprintf(stderr, "Oops, block %d doesn't match\n", i); fprintf(stderr, "Oops, block %d doesn't match\n", i);
goto error; goto error;

30
tests/unittests.cfg
View File

@@ -68,6 +68,32 @@ include keys.cfg
</test> </test>
</test> </test>
<test check-z85>
<test check-z85-1-compliant>
cmd = ./decodertest 1
expect = /ok/
</test>
<test check-z85-2-compliant-no-newlines>
cmd = ./decodertest 2
expect = /ok/
</test>
<test check-z85-3-compliant-no-begin-header>
cmd = ./decodertest 3
expect = /ok/
</test>
<test check-z85-4-uncompliant-empty-comment>
cmd = ./decodertest 4
expect = /ok/
</test>
<test check-z85-5-uncompliant-missing-char>
cmd = ./decodertest 5
expect = /ok/
</test>
</test>
<test check-show-help> <test check-show-help>
cmd = $pcp -h cmd = $pcp -h
@@ -491,10 +517,6 @@ temporarily disabled
expect = /contain any keys so far./ expect = /contain any keys so far./
</test> </test>
<test check-encryptionkeys-dont-collide>
cmd = ./pwhashes
expect = /ok/
</test>