scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-16 19:40:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

using libsodiums size constants everywhere (keysizes and the likes)

Browse Source
This commit is contained in:
TLINDEN
2015-08-15 20:38:33 +02:00
parent 05741acd1a
commit c363dce7de
9 changed files with 213 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
include/pcp/defines.h
View File

@@ -57,6 +57,8 @@ typedef unsigned char byte; /* Single unsigned byte = 8 bits */
typedef unsigned short dbyte; /* Double byte = 16 bits */
typedef unsigned int qbyte; /* Quad byte = 32 bits */
/* key stuff, deprecated. */
#define PCP_ENFILE_HEADER "----- BEGIN PCP ENCRYPTED FILE -----\r\n"
#define PCP_ENFILE_FOOTER "\r\n----- END PCP ENCRYPTED FILE -----\r\n"
@@ -102,8 +104,15 @@ typedef enum _PCP_KEY_TYPES {
/** @}
*/
/* save typing, dammit */
#define PCP_ENCRYPT_MAC crypto_secretbox_ZEROBYTES + crypto_secretbox_NONCEBYTES
/* shortcuts for key lengths and stuff to save typing */
#define LEDPUB crypto_sign_PUBLICKEYBYTES
#define LEDSEC crypto_sign_SECRETKEYBYTES
#define LBOXPUB crypto_box_PUBLICKEYBYTES
#define LBOXSEC crypto_box_SECRETKEYBYTES
#define LNONCE crypto_secretbox_NONCEBYTES
#define LSEC LBOXSEC + LEDSEC + LEDSEC + crypto_secretbox_MACBYTES
#define LSHA 32 /* sha256 hash length */
/* vault id */
#define PCP_VAULT_ID 14

63
include/pcp/structs.h
View File

@@ -70,21 +70,21 @@
*/
struct _pcp_key_t {
byte masterpub[32]; /**< ED25519 master public key signing key */
byte mastersecret[64]; /**< ED25519 master secret key signing key */
byte pub[32]; /**< Curve25519 encryption public key */
byte secret[32]; /**< Curve25519 encryption secret key */
byte edpub[32]; /**< ED25519 public signing key */
byte edsecret[64]; /**< ED25519 secret signing key */
byte nonce[24]; /**< random nonce used to encrypt secret keys */
byte encrypted[176]; /**< concatenated and encrypted secret keys */
char owner[255]; /**< the key owner, string */
char mail[255]; /**< mail address of the owner, string */
char id[17]; /**< key-id, used internally only, jenhash of public keys */
uint8_t type; /**< key type: MASTER_SECRET or SECRET */
uint64_t ctime; /**< creation time, epoch */
uint32_t version; /**< key version */
uint32_t serial; /**< serial number of the key, randomly generated */
byte masterpub[LEDPUB]; /**< ED25519 master public key signing key */
byte mastersecret[LEDSEC]; /**< ED25519 master secret key signing key */
byte pub[LBOXPUB]; /**< Curve25519 encryption public key */
byte secret[LBOXSEC]; /**< Curve25519 encryption secret key */
byte edpub[LEDPUB]; /**< ED25519 public signing key */
byte edsecret[LEDSEC]; /**< ED25519 secret signing key */
byte nonce[LNONCE]; /**< random nonce used to encrypt secret keys */
byte encrypted[LSEC]; /**< concatenated and encrypted secret keys */
char owner[255]; /**< the key owner, string */
char mail[255]; /**< mail address of the owner, string */
char id[17]; /**< key-id, used internally only, jenhash of public keys */
uint8_t type; /**< key type: MASTER_SECRET or SECRET */
uint64_t ctime; /**< creation time, epoch */
uint32_t version; /**< key version */
uint32_t serial; /**< serial number of the key, randomly generated */
UT_hash_handle hh;
};
@@ -99,18 +99,17 @@ typedef struct _pcp_key_t pcp_key_t;
without the secret and nonce fields.
*/
struct _pcp_pubkey_t {
byte masterpub[32]; /**< ED25519 master public key signing key */
byte sigpub[32]; /**< ED25519 public signing key */
byte pub[32]; /**< Curve25519 encryption public key */
byte edpub[32]; /**< ED25519 public signing key (FIXME: huh? 2 of them???) */
char owner[255]; /**< the key owner, string */
char mail[255]; /**< mail address of the owner, string */
char id[17]; /**< key-id, used internally only, jenhash of public keys */
uint8_t type; /**< key type: MASTER_SECRET or SECRET */
uint64_t ctime; /**< creation time, epoch */
uint32_t version; /**< key version */
uint32_t serial; /**< serial number of the key, randomly generated */
uint8_t valid; /**< 1 if import signature verified, 0 if not */
byte masterpub[LEDPUB]; /**< ED25519 master public key signing key */
byte pub[LBOXPUB]; /**< Curve25519 encryption public key */
byte edpub[LEDPUB]; /**< ED25519 public signing key (FIXME: huh? 2 of them???) */
char owner[255]; /**< the key owner, string */
char mail[255]; /**< mail address of the owner, string */
char id[17]; /**< key-id, used internally only, jenhash of public keys */
uint8_t type; /**< key type: MASTER_SECRET or SECRET */
uint64_t ctime; /**< creation time, epoch */
uint32_t version; /**< key version */
uint32_t serial; /**< serial number of the key, randomly generated */
uint8_t valid; /**< 1 if import signature verified, 0 if not */
byte signature[crypto_generichash_BYTES_MAX + crypto_sign_BYTES]; /**< raw binary blob of pubkey export signature */
UT_hash_handle hh;
};
@@ -122,7 +121,7 @@ typedef struct _pcp_pubkey_t pcp_pubkey_t;
/* the PBP public key format */
/* keys.mp+keys.cp+keys.sp+keys.name */
struct _pbp_pubkey_t {
byte sigpub[crypto_sign_PUBLICKEYBYTES];
byte masterpub[crypto_sign_PUBLICKEYBYTES];
byte edpub[crypto_sign_PUBLICKEYBYTES];
byte pub[crypto_box_PUBLICKEYBYTES];
char iso_ctime[32];
@@ -158,7 +157,7 @@ struct _pcp_keysig_t {
uint8_t type;
uint32_t size;
char id[17];
byte checksum[32];
byte checksum[LSHA];
byte *blob;
UT_hash_handle hh;
};
@@ -229,7 +228,7 @@ struct _vault_t {
time_t modified; /**< mtime */
mode_t mode; /**< File mode */
uint32_t version; /**< Vault version */
byte checksum[32]; /**< SHA256 checksum over the whole vault */
byte checksum[LSHA]; /**< SHA256 checksum over the whole vault */
};
/** Name of the struct */
@@ -240,7 +239,7 @@ typedef struct _vault_t vault_t;
struct _vault_header_t {
uint8_t fileid; /**< File id, proprietary. Marks the vault as a vault */
uint32_t version; /**< File version */
byte checksum[32]; /**< SHA256 checksum over the whole vault */
byte checksum[LSHA]; /**< SHA256 checksum over the whole vault */
};
/** Name of the struct */
@@ -252,7 +251,7 @@ struct _vault_item_header_t {
uint8_t type; /**< Item type (secret key, public, key, keysig, \see _PCP_KEY_TYPES */
uint32_t size; /**< Size of the item */
uint32_t version; /**< Version of the item */
byte checksum[32]; /**< SHA256 checksum of the item */
byte checksum[LSHA]; /**< SHA256 checksum of the item */
};
/** Name of the struct */

52
libpcp/crypto.c
View File

@@ -44,14 +44,14 @@ byte *pcp_box_encrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub,
}
/* put nonce and cipher together */
byte *combined = ucmalloc(es + crypto_secretbox_NONCEBYTES);
memcpy(combined, nonce, crypto_secretbox_NONCEBYTES);
memcpy(&combined[crypto_secretbox_NONCEBYTES], cipher, es);
byte *combined = ucmalloc(es + LNONCE);
memcpy(combined, nonce, LNONCE);
memcpy(&combined[LNONCE], cipher, es);
free(cipher);
free(nonce);
*csize = es + crypto_secretbox_NONCEBYTES;
*csize = es + LNONCE;
return combined;
@@ -71,15 +71,15 @@ byte *pcp_box_decrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub,
byte *message = NULL;
byte *nonce = ucmalloc(crypto_secretbox_NONCEBYTES);
byte *cipheronly = ucmalloc(ciphersize - crypto_secretbox_NONCEBYTES);
byte *nonce = ucmalloc(LNONCE);
byte *cipheronly = ucmalloc(ciphersize - LNONCE);
memcpy(nonce, cipher, crypto_secretbox_NONCEBYTES);
memcpy(cipheronly, &cipher[crypto_secretbox_NONCEBYTES],
ciphersize - crypto_secretbox_NONCEBYTES);
memcpy(nonce, cipher, LNONCE);
memcpy(cipheronly, &cipher[LNONCE],
ciphersize - LNONCE);
message = ucmalloc(ciphersize - crypto_secretbox_NONCEBYTES - crypto_box_MACBYTES);
if(crypto_box_open_easy(message, cipheronly, ciphersize - crypto_secretbox_NONCEBYTES,
message = ucmalloc(ciphersize - LNONCE - crypto_box_MACBYTES);
if(crypto_box_open_easy(message, cipheronly, ciphersize - LNONCE,
nonce, pub->pub, secret->secret) != 0) {
fatal(ptx, "failed to decrypt message!\n");
goto errbed;
@@ -90,7 +90,7 @@ byte *pcp_box_decrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub,
/* resulting size: */
/* ciphersize - crypto_secretbox_ZEROBYTES */
*dsize = ciphersize - crypto_secretbox_NONCEBYTES - PCP_CRYPTO_ADD;
*dsize = ciphersize - LNONCE - PCP_CRYPTO_ADD;
return message;
errbed:
@@ -458,15 +458,15 @@ size_t pcp_encrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, byte *
buf_nonce = _gen_ctr_nonce(ctr++);
es = pcp_sodium_mac(&buf_cipher, in_buf, cur_bufsize, buf_nonce, symkey);
ps_write(out, buf_nonce, crypto_secretbox_NONCEBYTES);
ps_write(out, buf_nonce, LNONCE);
ps_write(out, buf_cipher, es);
out_size += crypto_secretbox_NONCEBYTES + es;
out_size += LNONCE + es;
if(recsign != NULL)
crypto_generichash_update(st, buf_cipher, es);
ucfree(buf_nonce, crypto_secretbox_NONCEBYTES);
ucfree(buf_nonce, LNONCE);
free(buf_cipher);
}
@@ -489,12 +489,12 @@ size_t pcp_encrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, byte *
buf_nonce = pcp_gennonce();
es = pcp_sodium_mac(&buf_cipher, signature, siglen, buf_nonce, symkey);
ps_write(out, buf_nonce, crypto_secretbox_NONCEBYTES);
ps_write(out, buf_nonce, LNONCE);
ps_write(out, buf_cipher, es);
free(st);
free(hash);
ucfree(buf_nonce, crypto_secretbox_NONCEBYTES);
ucfree(buf_nonce, LNONCE);
free(buf_cipher);
ucfree(signature, siglen);
}
@@ -517,12 +517,12 @@ size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte *
byte *buf_cipher;
byte *buf_clear;
size_t out_size, cur_bufsize, es;
size_t ciphersize = (PCP_BLOCK_SIZE_IN) - crypto_secretbox_NONCEBYTES;
size_t ciphersize = (PCP_BLOCK_SIZE_IN) - LNONCE;
byte *in_buf = NULL;
uint64_t ctr, pastctr;
pastctr = 0;
buf_nonce = ucmalloc(crypto_secretbox_NONCEBYTES);
buf_nonce = ucmalloc(LNONCE);
buf_cipher = ucmalloc(ciphersize);
buf_clear = ucmalloc(ciphersize);
out_size = 0;
@@ -530,7 +530,7 @@ size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte *
byte *signature = NULL;
byte *signature_cr = NULL;
size_t siglen = crypto_sign_BYTES + crypto_generichash_BYTES_MAX;
size_t siglen_cr = siglen + PCP_CRYPTO_ADD + crypto_secretbox_NONCEBYTES;
size_t siglen_cr = siglen + PCP_CRYPTO_ADD + LNONCE;
crypto_generichash_state *st = NULL;
byte *hash = NULL;
@@ -556,9 +556,9 @@ size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte *
}
}
ciphersize = cur_bufsize - crypto_secretbox_NONCEBYTES;
memcpy(buf_nonce, in_buf, crypto_secretbox_NONCEBYTES);
memcpy(buf_cipher, &in_buf[crypto_secretbox_NONCEBYTES], ciphersize);
ciphersize = cur_bufsize - LNONCE;
memcpy(buf_nonce, in_buf, LNONCE);
memcpy(buf_cipher, &in_buf[LNONCE], ciphersize);
/* extract counter from nonce and check if it is in line with previous one
TODO: save unordered buffers to disk and continue writing to out if
@@ -600,10 +600,10 @@ size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte *
if(recverify != NULL) {
/* decrypt the signature */
memcpy(buf_nonce, signature_cr, crypto_secretbox_NONCEBYTES);
memcpy(buf_nonce, signature_cr, LNONCE);
es = pcp_sodium_verify_mac(&signature, &signature_cr[crypto_secretbox_NONCEBYTES],
siglen_cr - crypto_secretbox_NONCEBYTES, buf_nonce, symkey);
es = pcp_sodium_verify_mac(&signature, &signature_cr[LNONCE],
siglen_cr - LNONCE, buf_nonce, symkey);
if(es == 0) {
/* add encrypted recipient list to the hash */
crypto_generichash_update(st, recverify->cipher, recverify->ciphersize);

141
libpcp/key.c
View File

@@ -33,7 +33,7 @@ byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
size_t plen = strnlen(passphrase, 255);
/* create the scrypt hash */
byte *scrypted = pcp_scrypt(ptx, passphrase, plen, nonce, crypto_secretbox_NONCEBYTES);
byte *scrypted = pcp_scrypt(ptx, passphrase, plen, nonce, LNONCE);
/* make a hash from the scrypt() result */
crypto_hash_sha256(key, (byte*)scrypted, 64);
@@ -51,8 +51,8 @@ byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
char *pcp_getkeyid(pcp_key_t *k) {
uint32_t s, p;
p = jen_hash(k->pub, 32, JEN_PSALT);
s = jen_hash(k->edpub, 32, JEN_SSALT);
p = jen_hash(k->pub, LBOXPUB, JEN_PSALT);
s = jen_hash(k->edpub, LEDPUB, JEN_SSALT);
char *id = ucmalloc(17);
snprintf(id, 17, "%08X%08X", p, s);
return id;
@@ -61,8 +61,8 @@ char *pcp_getkeyid(pcp_key_t *k) {
/* same as above but for imported pbp keys */
char *pcp_getpubkeyid(pcp_pubkey_t *k) {
uint32_t s, p;
p = jen_hash(k->pub, 32, JEN_PSALT);
s = jen_hash(k->edpub, 32, JEN_SSALT);
p = jen_hash(k->pub, LBOXPUB, JEN_PSALT);
s = jen_hash(k->edpub, LEDPUB, JEN_SSALT);
char *id = ucmalloc(17);
snprintf(id, 17, "%08X%08X", p, s);
return id;
@@ -95,24 +95,24 @@ void pcp_keypairs(byte *msk, byte *mpk, byte *csk, byte *cpk, byte *esk, byte *e
}
pcp_key_t * pcpkey_new () {
byte *mp = ucmalloc(32);
byte *ms = ucmalloc(64);
byte *sp = ucmalloc(32);
byte *ss = ucmalloc(64);
byte *cp = ucmalloc(32);
byte *cs = ucmalloc(32);
byte *mp = ucmalloc(LEDPUB);
byte *ms = ucmalloc(LEDSEC);
byte *sp = ucmalloc(LEDPUB);
byte *ss = ucmalloc(LEDSEC);
byte *cp = ucmalloc(LBOXPUB);
byte *cs = ucmalloc(LBOXSEC);
/* generate key material */
pcp_keypairs(ms, mp, cs, cp, ss, sp);
/* fill in our struct */
pcp_key_t *key = urmalloc(sizeof(pcp_key_t));
memcpy (key->masterpub, mp, 32);
memcpy (key->mastersecret, ms, 64);
memcpy (key->pub, cp, 32);
memcpy (key->secret, cs, 32);
memcpy (key->edpub, sp, 32);
memcpy (key->edsecret, ss, 64);
memcpy (key->masterpub, mp, LEDPUB);
memcpy (key->mastersecret, ms, LEDSEC);
memcpy (key->pub, cp, LBOXPUB);
memcpy (key->secret, cs, LBOXSEC);
memcpy (key->edpub, sp, LEDPUB);
memcpy (key->edsecret, ss, LEDSEC);
char *id = pcp_getkeyid(key);
memcpy (key->id, id, 17);
@@ -128,19 +128,19 @@ pcp_key_t * pcpkey_new () {
key->mail[0] = '\0';
/* clean up */
ucfree(ms, 64);
ucfree(ss, 64);
ucfree(mp, 32);
ucfree(sp, 32);
ucfree(cs, 32);
ucfree(cp, 32);
ucfree(ms, LEDSEC);
ucfree(ss, LEDSEC);
ucfree(mp, LEDPUB);
ucfree(sp, LEDPUB);
ucfree(cs, LBOXSEC);
ucfree(cp, LBOXPUB);
return key;
}
byte * pcp_gennonce() {
byte *nonce = ucmalloc(crypto_secretbox_NONCEBYTES);
arc4random_buf(nonce, crypto_secretbox_NONCEBYTES);
byte *nonce = ucmalloc(LNONCE);
arc4random_buf(nonce, LNONCE);
return nonce;
}
@@ -152,8 +152,8 @@ void pcpkey_setowner(pcp_key_t *key, char *owner, char *mail) {
pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
if(key->nonce[0] == 0) {
byte *nonce = pcp_gennonce();
memcpy (key->nonce, nonce, crypto_secretbox_NONCEBYTES);
ucfree(nonce, crypto_secretbox_NONCEBYTES);
memcpy (key->nonce, nonce, LNONCE);
ucfree(nonce, LNONCE);
}
byte *encryptkey = pcp_derivekey(ptx, passphrase, key->nonce);
@@ -162,22 +162,22 @@ pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
size_t es;
Buffer *both = buffer_new(128, "keypack");
buffer_add(both, key->mastersecret, 64);
buffer_add(both, key->edsecret, 64);
buffer_add(both, key->secret, 32);
buffer_add(both, key->mastersecret, LEDSEC);
buffer_add(both, key->edsecret, LEDSEC);
buffer_add(both, key->secret, LBOXSEC);
es = pcp_sodium_mac(&encrypted, buffer_get(both), buffer_size(both), key->nonce, encryptkey);
buffer_free(both);
sfree(encryptkey);
if(es == 176) { /* FIXME: calc! */
if(es == LSEC) {
/* success */
memcpy(key->encrypted, encrypted, 176);
memcpy(key->encrypted, encrypted, LSEC);
ucfree(encrypted, es);
memset(key->secret, 0, 32);
memset(key->edsecret, 0, 64);
memset(key->mastersecret, 0, 64);
memset(key->secret, 0, LBOXSEC);
memset(key->edsecret, 0, LEDSEC);
memset(key->mastersecret, 0, LEDSEC);
}
else {
fatal(ptx, "failed to encrypt the secret key!\n");
@@ -195,20 +195,20 @@ pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
byte *decrypted;
size_t es;
es = pcp_sodium_verify_mac(&decrypted, key->encrypted, 176, key->nonce, encryptkey);
es = pcp_sodium_verify_mac(&decrypted, key->encrypted, LSEC, key->nonce, encryptkey);
sfree(encryptkey);
if(es == 0) {
/* success */
memcpy(key->mastersecret, decrypted, 64);
memcpy(key->edsecret, decrypted + 64, 64);
memcpy(key->secret, decrypted +128, 32);
ucfree(decrypted, 160);
memcpy(key->mastersecret, decrypted, LEDSEC);
memcpy(key->edsecret, decrypted + LEDSEC, LEDSEC);
memcpy(key->secret, decrypted + LEDSEC + LEDSEC, LBOXSEC);
ucfree(decrypted, LEDSEC + LEDSEC + LBOXSEC);
}
else {
fatal(ptx, "failed to decrypt the secret key (got %d, expected 32)!\n", es);
ucfree(decrypted, 160);
ucfree(decrypted, LEDSEC + LEDSEC + LBOXSEC);
return NULL;
}
@@ -217,9 +217,9 @@ pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
pcp_pubkey_t *pcpkey_pub_from_secret(pcp_key_t *key) {
pcp_pubkey_t *pub = urmalloc(sizeof (pcp_pubkey_t));
memcpy(pub->masterpub, key->masterpub, 32);
memcpy(pub->pub, key->pub, 32);
memcpy(pub->edpub, key->edpub, 32);
memcpy(pub->masterpub, key->masterpub, LEDPUB);
memcpy(pub->pub, key->pub, LBOXPUB);
memcpy(pub->edpub, key->edpub, LEDSEC);
memcpy(pub->owner, key->owner, 255);
memcpy(pub->mail, key->mail, 255);
memcpy(pub->id, key->id, 17);
@@ -242,13 +242,13 @@ char *pcpkey_get_art(pcp_key_t *k) {
byte *pcppubkey_getchecksum(pcp_pubkey_t *k) {
byte *hash = ucmalloc(32);
crypto_hash_sha256(hash, k->pub, 32);
crypto_hash_sha256(hash, k->pub, LBOXPUB);
return hash;
}
byte *pcpkey_getchecksum(pcp_key_t *k) {
byte *hash = ucmalloc(32);
crypto_hash_sha256(hash, k->pub, 32);
crypto_hash_sha256(hash, k->pub, LBOXPUB);
return hash;
}
@@ -306,18 +306,18 @@ pcp_pubkey_t *pubkey2native(pcp_pubkey_t *k) {
}
void pcp_seckeyblob(Buffer *b, pcp_key_t *k) {
buffer_add(b, k->masterpub, 32);
buffer_add(b, k->mastersecret, 64);
buffer_add(b, k->masterpub, LEDPUB);
buffer_add(b, k->mastersecret, LEDSEC);
buffer_add(b, k->pub, 32);
buffer_add(b, k->secret, 32);
buffer_add(b, k->pub, LBOXPUB);
buffer_add(b, k->secret, LBOXPUB);
buffer_add(b, k->edpub, 32);
buffer_add(b, k->edsecret, 64);
buffer_add(b, k->edpub, LEDPUB);
buffer_add(b, k->edsecret, LEDSEC);
buffer_add(b, k->nonce, 24);
buffer_add(b, k->nonce, LNONCE);
buffer_add(b, k->encrypted, 176);
buffer_add(b, k->encrypted, LSEC);
buffer_add(b, k->owner, 255);
buffer_add(b, k->mail, 255);
@@ -330,10 +330,9 @@ void pcp_seckeyblob(Buffer *b, pcp_key_t *k) {
}
void pcp_pubkeyblob(Buffer *b, pcp_pubkey_t *k) {
buffer_add(b, k->masterpub, 32);
buffer_add(b, k->sigpub, 32);
buffer_add(b, k->pub, 32);
buffer_add(b, k->edpub, 32);
buffer_add(b, k->masterpub, LEDPUB);
buffer_add(b, k->pub, LBOXPUB);
buffer_add(b, k->edpub, LEDPUB);
buffer_add(b, k->owner, 255);
buffer_add(b, k->mail, 255);
@@ -462,40 +461,40 @@ int pcp_sanitycheck_key(PCPCTX *ptx, pcp_key_t *key) {
}
void pcp_dumpkey(pcp_key_t *k) {
int i;
unsigned int i;
printf("Dumping pcp_key_t raw values:\n");
printf("masterpub: ");
for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->masterpub[i]);
for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->masterpub[i]);
printf("\n");
printf(" public: ");
for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->pub[i]);
for ( i = 0;i < LBOXPUB;++i) printf("%02x",(unsigned int) k->pub[i]);
printf("\n");
printf(" edpub: ");
for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->edpub[i]);
for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->edpub[i]);
printf("\n");
printf("mastersec: ");
for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->mastersecret[i]);
for ( i = 0;i < LEDSEC;++i) printf("%02x",(unsigned int) k->mastersecret[i]);
printf("\n");
printf(" secret: ");
for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->secret[i]);
for ( i = 0;i < LBOXPUB;++i) printf("%02x",(unsigned int) k->secret[i]);
printf("\n");
printf(" edsecret: ");
for ( i = 0;i < 64;++i) printf("%02x",(unsigned int) k->edsecret[i]);
for ( i = 0;i < LEDSEC;++i) printf("%02x",(unsigned int) k->edsecret[i]);
printf("\n");
printf(" nonce: ");
for ( i = 0;i < 24;++i) printf("%02x",(unsigned int) k->nonce[i]);
for ( i = 0;i < LNONCE;++i) printf("%02x",(unsigned int) k->nonce[i]);
printf("\n");
printf("encrypted: ");
for ( i = 0;i < 80;++i) printf("%02x",(unsigned int) k->encrypted[i]);
for ( i = 0;i < LSEC;++i) printf("%02x",(unsigned int) k->encrypted[i]);
printf("\n");
printf(" owner: %s\n", k->owner);
@@ -515,19 +514,19 @@ void pcp_dumpkey(pcp_key_t *k) {
void pcp_dumppubkey(pcp_pubkey_t *k) {
int i;
unsigned int i;
printf("Dumping pcp_pubkey_t raw values:\n");
printf("masterpub: ");
for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->masterpub[i]);
for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->masterpub[i]);
printf("\n");
printf(" public: ");
for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->pub[i]);
for ( i = 0;i < LBOXPUB;++i) printf("%02x",(unsigned int) k->pub[i]);
printf("\n");
printf(" edpub: ");
for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->edpub[i]);
for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->edpub[i]);
printf("\n");
printf(" owner: %s\n", k->owner);

12
libpcp/keysig.c
View File

@@ -49,7 +49,7 @@ Buffer *pcp_keysig2blob(pcp_keysig_t *s) {
buffer_add8(b, s->type);
buffer_add32be(b, s->size);
buffer_add(b, s->id, 17);
buffer_add(b, s->checksum, 32);
buffer_add(b, s->checksum, LSHA);
buffer_add(b, s->blob, s->size);
return b;
}
@@ -62,17 +62,17 @@ pcp_keysig_t *pcp_keysig_new(Buffer *blob) {
buffer_get_chunk(blob, sk->id, 17);
byte *checksum = ucmalloc(32);
buffer_get_chunk(blob, checksum, 32);
byte *checksum = ucmalloc(LSHA);
buffer_get_chunk(blob, checksum, LSHA);
sk->blob = ucmalloc(size);
buffer_get_chunk(blob, sk->blob, size);
sk->size = size;
sk->type = type;
memcpy(sk->checksum, checksum, 32);
memcpy(sk->checksum, checksum, LSHA);
ucfree(checksum, 32);
ucfree(checksum, LSHA);
return sk;
}
@@ -86,7 +86,7 @@ void pcp_dumpkeysig(pcp_keysig_t *s) {
printf(" size: %ld\n", (long int)s->size);
printf(" checksum: ");
for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) s->checksum[i]);
for ( i = 0;i < LSHA;++i) printf("%02x",(unsigned int) s->checksum[i]);
printf("\n");
_dump(" blob:", s->blob, s->size);

105
libpcp/mgmt.c
View File

@@ -25,9 +25,9 @@
int _get_pk(Buffer *blob, pcp_pubkey_t *p) {
if(buffer_left(blob) >= 96) {
buffer_get_chunk(blob, p->masterpub, 32);
buffer_get_chunk(blob, p->edpub, 32);
buffer_get_chunk(blob, p->pub, 32);
buffer_get_chunk(blob, p->masterpub, LEDPUB);
buffer_get_chunk(blob, p->edpub, LEDPUB);
buffer_get_chunk(blob, p->pub, LBOXPUB);
return 0;
}
else
@@ -41,15 +41,18 @@ int _check_keysig_h(PCPCTX *ptx, Buffer *blob, rfc_pub_sig_h *h) {
h->numsubs = be16toh(h->numsubs);
if(h->version != EXP_SIG_VERSION) {
fatal(ptx, "Unsupported pubkey signature version %d, expected %d\n", h->version, EXP_SIG_VERSION);
fatal(ptx, "Unsupported pubkey signature version %d, expected %d\n",
h->version, EXP_SIG_VERSION);
return 1;
}
if(h->type != EXP_SIG_TYPE) {
fatal(ptx, "Unsupported pubkey signature type %d, expected %d\n", h->type, EXP_SIG_TYPE);
fatal(ptx, "Unsupported pubkey signature type %d, expected %d\n",
h->type, EXP_SIG_TYPE);
return 1;
}
if(h->pkcipher != EXP_SIG_CIPHER) {
fatal(ptx, "Unsupported pubkey signature cipher %d, expected %d\n", h->pkcipher, EXP_SIG_CIPHER);
fatal(ptx, "Unsupported pubkey signature cipher %d, expected %d\n",
h->pkcipher, EXP_SIG_CIPHER);
return 1;
}
if(h->hashcipher != EXP_HASH_CIPHER) {
@@ -381,7 +384,7 @@ pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob) {
}
b = ucmalloc(sizeof(pbp_pubkey_t)); /* FIXME: separate type really needed? */
buffer_get_chunk(blob, b->sigpub, crypto_sign_PUBLICKEYBYTES);
buffer_get_chunk(blob, b->masterpub, crypto_sign_PUBLICKEYBYTES);
buffer_get_chunk(blob, b->edpub, crypto_sign_PUBLICKEYBYTES);
buffer_get_chunk(blob, b->pub, crypto_box_PUBLICKEYBYTES);
buffer_get_chunk(blob, date, 18);
@@ -427,9 +430,9 @@ pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob) {
_lc(pub->owner);
ucfree(b, sizeof(pbp_pubkey_t));
/* edpub used for signing, might differ */
/* masterpub used for signing, might differ */
tmp = ucmalloc(sizeof(pcp_pubkey_t));
memcpy(tmp->edpub, b->sigpub, crypto_sign_PUBLICKEYBYTES);
memcpy(tmp->masterpub, b->masterpub, crypto_sign_PUBLICKEYBYTES);
byte *verify = pcp_ed_verify(ptx, buffer_get(blob), buffer_size(blob), tmp);
free(tmp);
@@ -473,9 +476,9 @@ Buffer *pcp_export_pbp_pub(pcp_key_t *sk) {
Buffer *sig = buffer_new(320, "pbsig01");
/* add raw key material */
buffer_add(sig, sk->edpub, crypto_sign_PUBLICKEYBYTES);
buffer_add(sig, sk->edpub, crypto_sign_PUBLICKEYBYTES);
buffer_add(sig, sk->pub, crypto_box_PUBLICKEYBYTES);
buffer_add(sig, sk->edpub, LEDPUB);
buffer_add(sig, sk->masterpub, LEDPUB);
buffer_add(sig, sk->pub, LBOXPUB);
/* add creatioin and expire time as 32byte iso time string */
time_t t = (time_t)sk->ctime;
@@ -527,9 +530,9 @@ Buffer *pcp_export_rfc_pub (PCPCTX *ptx, pcp_key_t *sk) {
buffer_add8(out, EXP_PK_CIPHER);
/* add the keys */
buffer_add(raw, sk->masterpub, 32);
buffer_add(raw, sk->edpub, 32);
buffer_add(raw, sk->pub, 32);
buffer_add(raw, sk->masterpub, LEDPUB);
buffer_add(raw, sk->edpub, LEDPUB);
buffer_add(raw, sk->pub, LBOXPUB);
/* add the sig header */
buffer_add8(raw, EXP_SIG_VERSION);
@@ -652,13 +655,13 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) {
Buffer *raw = buffer_new(512, "secretbuf");
Buffer *out = buffer_new(512, "secretcipherblob");
buffer_add(raw, sk->mastersecret, 64);
buffer_add(raw, sk->secret, 32);
buffer_add(raw, sk->edsecret, 64);
buffer_add(raw, sk->mastersecret, LEDSEC);
buffer_add(raw, sk->secret, LBOXSEC);
buffer_add(raw, sk->edsecret, LEDSEC);
buffer_add(raw, sk->masterpub, 32);
buffer_add(raw, sk->pub, 32);
buffer_add(raw, sk->edpub, 32);
buffer_add(raw, sk->masterpub, LEDPUB);
buffer_add(raw, sk->pub, LBOXPUB);
buffer_add(raw, sk->edpub, LEDPUB);
if(strlen(sk->owner) > 0) {
buffer_add16be(raw, strlen(sk->owner));
@@ -678,9 +681,9 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) {
buffer_add32be(raw, sk->version);
buffer_add32be(raw, sk->serial);
nonce = ucmalloc(crypto_secretbox_NONCEBYTES);
arc4random_buf(nonce, crypto_secretbox_NONCEBYTES);
symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), nonce, crypto_secretbox_NONCEBYTES);
nonce = ucmalloc(LNONCE);
arc4random_buf(nonce, LNONCE);
symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), nonce, LNONCE);
es = pcp_sodium_mac(&cipher, buffer_get(raw), buffer_size(raw), nonce, symkey);
@@ -693,7 +696,7 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) {
else {
#endif
buffer_add(out, nonce, crypto_secretbox_NONCEBYTES);
buffer_add(out, nonce, LNONCE);
buffer_add(out, cipher, es);
#ifdef HAVE_JSON
@@ -701,7 +704,7 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) {
#endif
buffer_free(raw);
ucfree(nonce, crypto_secretbox_NONCEBYTES);
ucfree(nonce, LNONCE);
sfree(symkey);
ucfree(cipher, es);
@@ -752,11 +755,11 @@ pcp_key_t *pcp_import_secret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passp
pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphrase) {
pcp_key_t *sk = ucmalloc(sizeof(pcp_key_t));
byte *nonce = ucmalloc(crypto_secretbox_NONCEBYTES);
byte *nonce = ucmalloc(LNONCE);
byte *symkey = NULL;
byte *clear = NULL;
size_t cipherlen = 0;
size_t minlen = (64 * 2) + (32 * 4) + 8 + 4 + 4; /* key material and mandatory field sizes */
size_t minlen = (LEDSEC * 2) + (LBOXPUB * 2) + (LEDPUB * 2) + 8 + 4 + 4; /* key material and mandatory field sizes */
uint16_t notationlen = 0;
Buffer *blob = buffer_new(512, "secretdecryptbuf");
@@ -771,10 +774,10 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras
}
#endif
if(buffer_get_chunk(cipher, nonce, crypto_secretbox_NONCEBYTES) == 0)
if(buffer_get_chunk(cipher, nonce, LNONCE) == 0)
goto impserr1;
symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), nonce, crypto_secretbox_NONCEBYTES);
symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), nonce, LNONCE);
cipherlen = buffer_left(cipher);
if(cipherlen < minlen) {
@@ -796,13 +799,13 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras
buffer_add(blob, clear, cipherlen - PCP_CRYPTO_ADD);
/* extract the raw data into the structure */
buffer_get_chunk(blob, sk->mastersecret, 64);
buffer_get_chunk(blob, sk->secret, 32);
buffer_get_chunk(blob, sk->edsecret, 64);
buffer_get_chunk(blob, sk->mastersecret, LEDSEC);
buffer_get_chunk(blob, sk->secret, LBOXSEC);
buffer_get_chunk(blob, sk->edsecret, LEDSEC);
buffer_get_chunk(blob, sk->masterpub, 32);
buffer_get_chunk(blob, sk->pub, 32);
buffer_get_chunk(blob, sk->edpub, 32);
buffer_get_chunk(blob, sk->masterpub, LEDPUB);
buffer_get_chunk(blob, sk->pub, LBOXPUB);
buffer_get_chunk(blob, sk->edpub, LEDPUB);
notationlen = buffer_get16na(blob);
if(notationlen > 255) {
@@ -835,7 +838,7 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras
/* ready */
ucfree(clear, cipherlen - PCP_CRYPTO_ADD);
ucfree(nonce, crypto_secretbox_NONCEBYTES);
ucfree(nonce, LNONCE);
buffer_free(blob);
sfree(symkey);
free(id);
@@ -846,7 +849,7 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras
ucfree(clear, cipherlen - PCP_CRYPTO_ADD);
impserr1:
ucfree(nonce, crypto_secretbox_NONCEBYTES);
ucfree(nonce, LNONCE);
ucfree(sk, sizeof(pcp_key_t));
buffer_free(blob);
if(symkey != NULL)
@@ -874,9 +877,9 @@ json_t *pcp_pk2json(pcp_pubkey_t *pk) {
pcp_key_t *sk = malloc(sizeof(pcp_key_t));
memcpy(sk->masterpub, pk->masterpub, 32);
memcpy(sk->pub, pk->pub, 32);
memcpy(sk->edpub, pk->edpub, 32);
memcpy(sk->masterpub, pk->masterpub, LEDPUB);
memcpy(sk->pub, pk->pub, LBOXPUB);
memcpy(sk->edpub, pk->edpub, LEDPUB);
memcpy(sk->owner, pk->owner, 255);
memcpy(sk->mail, pk->mail, 255);
memcpy(sk->id, pk->id, 17);
@@ -897,9 +900,9 @@ json_t *pcp_sk2json(pcp_key_t *sk, byte *sig, size_t siglen) {
char *jformat = "{sssssssisisisissssssssssss}";
cryptpub = _bin2hex(sk->pub, 32);
sigpub = _bin2hex(sk->edpub, 32);
masterpub= _bin2hex(sk->masterpub, 32);
cryptpub = _bin2hex(sk->pub, LBOXPUB);
sigpub = _bin2hex(sk->edpub, LEDPUB);
masterpub= _bin2hex(sk->masterpub, LEDPUB);
if(sig != NULL) {
ssig = _bin2hex(sig, siglen);
@@ -946,7 +949,7 @@ Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce, byte *ci
jout = pcp_sk2json(sk, NULL, 0);
xcipher = _bin2hex(cipher, clen);
xnonce = _bin2hex(nonce, crypto_secretbox_NONCEBYTES);
xnonce = _bin2hex(nonce, LNONCE);
json_object_set(jout, "type", json_string("secret"));
json_object_set(jout, "secrets", json_string(xcipher));
@@ -1070,8 +1073,8 @@ pcp_ks_bundle_t *pcp_import_pub_json(PCPCTX *ptx, byte *raw, size_t rawsize) {
jtmp = json_object_get(jin, "cryptpub");
if(jtmp == NULL)
goto jerr2;
if(_hex2bin(json_string_value(jtmp), blob, maxblob) == 32)
memcpy(p->pub, blob, 32);
if(_hex2bin(json_string_value(jtmp), blob, maxblob) == LBOXPUB)
memcpy(p->pub, blob, LBOXPUB);
else {
strcpy(jerror.text, hexerr);
goto jerr2;
@@ -1080,8 +1083,8 @@ pcp_ks_bundle_t *pcp_import_pub_json(PCPCTX *ptx, byte *raw, size_t rawsize) {
jtmp = json_object_get(jin, "sigpub");
if(jtmp == NULL)
goto jerr2;
if(_hex2bin(json_string_value(jtmp), blob, maxblob) == 32)
memcpy(p->edpub, blob, 32);
if(_hex2bin(json_string_value(jtmp), blob, maxblob) == LEDPUB)
memcpy(p->edpub, blob, LEDPUB);
else {
strcpy(jerror.text, hexerr);
goto jerr2;
@@ -1090,8 +1093,8 @@ pcp_ks_bundle_t *pcp_import_pub_json(PCPCTX *ptx, byte *raw, size_t rawsize) {
jtmp = json_object_get(jin, "masterpub");
if(jtmp == NULL)
goto jerr2;
if(_hex2bin(json_string_value(jtmp), blob, maxblob) == 32)
memcpy(p->masterpub, blob, 32);
if(_hex2bin(json_string_value(jtmp), blob, maxblob) == LEDPUB)
memcpy(p->masterpub, blob, LEDPUB);
else {
strcpy(jerror.text, hexerr);
goto jerr2;

25
libpcp/vault.c
View File

@@ -111,7 +111,7 @@ int pcpvault_create(PCPCTX *ptx, vault_t *vault) {
header->version = PCP_VAULT_VERSION;
vault->version = header->version;
memcpy(vault->checksum, header->checksum, 32);
memcpy(vault->checksum, header->checksum, LSHA);
vh2be(header);
@@ -268,9 +268,9 @@ void pcpvault_update_checksum(PCPCTX *ptx, vault_t *vault) {
vault_header_t *header = ucmalloc(sizeof(vault_header_t));
header->fileid = PCP_VAULT_ID;
header->version = PCP_VAULT_VERSION;
memcpy(header->checksum, checksum, 32);
memcpy(vault->checksum, checksum, 32);
ucfree(checksum, 32);
memcpy(header->checksum, checksum, LSHA);
memcpy(vault->checksum, checksum, LSHA);
ucfree(checksum, LSHA);
vh2be(header);
@@ -292,7 +292,7 @@ byte *pcpvault_create_checksum(PCPCTX *ptx) {
size_t datasize = ((PCP_RAW_KEYSIZE) * numskeys) +
((PCP_RAW_PUBKEYSIZE) * numpkeys);
byte *data = ucmalloc(datasize);
byte *checksum = ucmalloc(32);
byte *checksum = ucmalloc(LSHA);
pcphash_iterate(ptx, k) {
key2be(k);
@@ -316,12 +316,6 @@ byte *pcpvault_create_checksum(PCPCTX *ptx) {
buffer_free(blob);
/*
printf("PUB: %d, SEC: %d\n", PCP_RAW_PUBKEYSIZE, PCP_RAW_KEYSIZE);
printf("DATA (%d) (s: %d, p: %d):\n", (int)datasize, numskeys, numpkeys);
_dump("data", data, datasize);
*/
crypto_hash_sha256(checksum, data, datasize);
memset(data, 0, datasize);
@@ -457,7 +451,7 @@ int pcpvault_fetchall(PCPCTX *ptx, vault_t *vault) {
int ksize = PCP_RAW_KEYSIGSIZE; /* smallest possbile item */
vault->version = header->version;
memcpy(vault->checksum, header->checksum, 32);
memcpy(vault->checksum, header->checksum, LSHA);
for(;;) {
readpos = ftell(vault->fd);
@@ -526,14 +520,9 @@ int pcpvault_fetchall(PCPCTX *ptx, vault_t *vault) {
byte *checksum = NULL;
checksum = pcpvault_create_checksum(ptx);
/*
_dump(" calc checksum", checksum, 32);
_dump("vault checksum", vault->checksum, 32);
*/
if(pcphash_count(ptx) + pcphash_countpub(ptx) > 0) {
/* only validate the checksum if there are keys */
if(memcmp(checksum, vault->checksum, 32) != 0) {
if(memcmp(checksum, vault->checksum, LSHA) != 0) {
fatal(ptx, "Error: the checksum of the key vault doesn't match its contents!\n");
goto err;
}

10
src/keyprint.c
View File

@@ -117,7 +117,7 @@ void pcptext_vault(vault_t *vault) {
pcp_key_t *k;
pcp_pubkey_t *p;
checksum = _bin2hex(vault->checksum, 32);
checksum = _bin2hex(vault->checksum, LSHA);
jout = json_pack("{sssisssisi}",
"keyvaultfile", vault->filename,
"version", vault->version,
@@ -184,7 +184,7 @@ void pcpkey_printlineinfo(pcp_key_t *key) {
printf(" ");
byte *hash = pcpkey_getchecksum(key);
int i, y;
for(i=0; i<32; i+=4) {
for(i=0; i<LSHA; i+=4) {
for(y=0; y<4; y++) {
printf("%02x", hash[i+y]);
}
@@ -213,7 +213,7 @@ void pcppubkey_printlineinfo(pcp_pubkey_t *key) {
printf(" ");
byte *hash = pcppubkey_getchecksum(key);
int i, y;
for(i=0; i<32; i+=4) {
for(i=0; i<LSHA; i+=4) {
for(y=0; y<4; y++) {
printf("%02x", hash[i+y]);
}
@@ -227,7 +227,7 @@ void pcppubkey_printlineinfo(pcp_pubkey_t *key) {
if(sig != NULL) {
printf("signature fingerprint:\n ");
byte *checksum = sig->checksum;
for(i=0; i<32; i+=4) {
for(i=0; i<LSHA; i+=4) {
for(y=0; y<4; y++) {
printf("%02x", checksum[i+y]);
}
@@ -274,7 +274,7 @@ void pcppubkey_print(pcp_pubkey_t *key, FILE* out) {
fprintf(out, " Mail: %s\n", key->mail);
fprintf(out, " Key-ID: 0x%s\n", key->id);
fprintf(out, " Public-Key: %s\n", pcp_z85_encode(key->pub, 32, &zlen, 1));
fprintf(out, " Public-Key: %s\n", pcp_z85_encode(key->pub, LBOXPUB, &zlen, 1));
/* 2004-06-14T23:34:30. */
fprintf(out, " Creation Time: %04d-%02d-%02dT%02d:%02d:%02d\n",

4
tests/sample.c
View File

@@ -7,7 +7,7 @@ int main() {
Pcpstream *clear_in, *crypt_out, *clear_out;
PCPCTX *ptx;
char message[] = "hello world";
printf("hh: %ld\n", sizeof(UT_hash_handle));
/* we always need a context */
ptx = ptx_new();
@@ -72,5 +72,7 @@ int main() {
free(bob);
free(bobpub);
return 0;
}