diff --git a/include/pcp/defines.h b/include/pcp/defines.h index 08f205a..eaac96e 100644 --- a/include/pcp/defines.h +++ b/include/pcp/defines.h @@ -57,6 +57,8 @@ typedef unsigned char byte; /* Single unsigned byte = 8 bits */ typedef unsigned short dbyte; /* Double byte = 16 bits */ typedef unsigned int qbyte; /* Quad byte = 32 bits */ + + /* key stuff, deprecated. */ #define PCP_ENFILE_HEADER "----- BEGIN PCP ENCRYPTED FILE -----\r\n" #define PCP_ENFILE_FOOTER "\r\n----- END PCP ENCRYPTED FILE -----\r\n" @@ -102,8 +104,15 @@ typedef enum _PCP_KEY_TYPES { /** @} */ -/* save typing, dammit */ -#define PCP_ENCRYPT_MAC crypto_secretbox_ZEROBYTES + crypto_secretbox_NONCEBYTES + +/* shortcuts for key lengths and stuff to save typing */ +#define LEDPUB crypto_sign_PUBLICKEYBYTES +#define LEDSEC crypto_sign_SECRETKEYBYTES +#define LBOXPUB crypto_box_PUBLICKEYBYTES +#define LBOXSEC crypto_box_SECRETKEYBYTES +#define LNONCE crypto_secretbox_NONCEBYTES +#define LSEC LBOXSEC + LEDSEC + LEDSEC + crypto_secretbox_MACBYTES +#define LSHA 32 /* sha256 hash length */ /* vault id */ #define PCP_VAULT_ID 14 diff --git a/include/pcp/structs.h b/include/pcp/structs.h index 7c45ade..f3b5286 100644 --- a/include/pcp/structs.h +++ b/include/pcp/structs.h @@ -70,21 +70,21 @@ */ struct _pcp_key_t { - byte masterpub[32]; /**< ED25519 master public key signing key */ - byte mastersecret[64]; /**< ED25519 master secret key signing key */ - byte pub[32]; /**< Curve25519 encryption public key */ - byte secret[32]; /**< Curve25519 encryption secret key */ - byte edpub[32]; /**< ED25519 public signing key */ - byte edsecret[64]; /**< ED25519 secret signing key */ - byte nonce[24]; /**< random nonce used to encrypt secret keys */ - byte encrypted[176]; /**< concatenated and encrypted secret keys */ - char owner[255]; /**< the key owner, string */ - char mail[255]; /**< mail address of the owner, string */ - char id[17]; /**< key-id, used internally only, jenhash of public keys */ - uint8_t type; /**< key type: MASTER_SECRET or SECRET */ - uint64_t ctime; /**< creation time, epoch */ - uint32_t version; /**< key version */ - uint32_t serial; /**< serial number of the key, randomly generated */ + byte masterpub[LEDPUB]; /**< ED25519 master public key signing key */ + byte mastersecret[LEDSEC]; /**< ED25519 master secret key signing key */ + byte pub[LBOXPUB]; /**< Curve25519 encryption public key */ + byte secret[LBOXSEC]; /**< Curve25519 encryption secret key */ + byte edpub[LEDPUB]; /**< ED25519 public signing key */ + byte edsecret[LEDSEC]; /**< ED25519 secret signing key */ + byte nonce[LNONCE]; /**< random nonce used to encrypt secret keys */ + byte encrypted[LSEC]; /**< concatenated and encrypted secret keys */ + char owner[255]; /**< the key owner, string */ + char mail[255]; /**< mail address of the owner, string */ + char id[17]; /**< key-id, used internally only, jenhash of public keys */ + uint8_t type; /**< key type: MASTER_SECRET or SECRET */ + uint64_t ctime; /**< creation time, epoch */ + uint32_t version; /**< key version */ + uint32_t serial; /**< serial number of the key, randomly generated */ UT_hash_handle hh; }; @@ -99,18 +99,17 @@ typedef struct _pcp_key_t pcp_key_t; without the secret and nonce fields. */ struct _pcp_pubkey_t { - byte masterpub[32]; /**< ED25519 master public key signing key */ - byte sigpub[32]; /**< ED25519 public signing key */ - byte pub[32]; /**< Curve25519 encryption public key */ - byte edpub[32]; /**< ED25519 public signing key (FIXME: huh? 2 of them???) */ - char owner[255]; /**< the key owner, string */ - char mail[255]; /**< mail address of the owner, string */ - char id[17]; /**< key-id, used internally only, jenhash of public keys */ - uint8_t type; /**< key type: MASTER_SECRET or SECRET */ - uint64_t ctime; /**< creation time, epoch */ - uint32_t version; /**< key version */ - uint32_t serial; /**< serial number of the key, randomly generated */ - uint8_t valid; /**< 1 if import signature verified, 0 if not */ + byte masterpub[LEDPUB]; /**< ED25519 master public key signing key */ + byte pub[LBOXPUB]; /**< Curve25519 encryption public key */ + byte edpub[LEDPUB]; /**< ED25519 public signing key (FIXME: huh? 2 of them???) */ + char owner[255]; /**< the key owner, string */ + char mail[255]; /**< mail address of the owner, string */ + char id[17]; /**< key-id, used internally only, jenhash of public keys */ + uint8_t type; /**< key type: MASTER_SECRET or SECRET */ + uint64_t ctime; /**< creation time, epoch */ + uint32_t version; /**< key version */ + uint32_t serial; /**< serial number of the key, randomly generated */ + uint8_t valid; /**< 1 if import signature verified, 0 if not */ byte signature[crypto_generichash_BYTES_MAX + crypto_sign_BYTES]; /**< raw binary blob of pubkey export signature */ UT_hash_handle hh; }; @@ -122,7 +121,7 @@ typedef struct _pcp_pubkey_t pcp_pubkey_t; /* the PBP public key format */ /* keys.mp+keys.cp+keys.sp+keys.name */ struct _pbp_pubkey_t { - byte sigpub[crypto_sign_PUBLICKEYBYTES]; + byte masterpub[crypto_sign_PUBLICKEYBYTES]; byte edpub[crypto_sign_PUBLICKEYBYTES]; byte pub[crypto_box_PUBLICKEYBYTES]; char iso_ctime[32]; @@ -158,7 +157,7 @@ struct _pcp_keysig_t { uint8_t type; uint32_t size; char id[17]; - byte checksum[32]; + byte checksum[LSHA]; byte *blob; UT_hash_handle hh; }; @@ -229,7 +228,7 @@ struct _vault_t { time_t modified; /**< mtime */ mode_t mode; /**< File mode */ uint32_t version; /**< Vault version */ - byte checksum[32]; /**< SHA256 checksum over the whole vault */ + byte checksum[LSHA]; /**< SHA256 checksum over the whole vault */ }; /** Name of the struct */ @@ -240,7 +239,7 @@ typedef struct _vault_t vault_t; struct _vault_header_t { uint8_t fileid; /**< File id, proprietary. Marks the vault as a vault */ uint32_t version; /**< File version */ - byte checksum[32]; /**< SHA256 checksum over the whole vault */ + byte checksum[LSHA]; /**< SHA256 checksum over the whole vault */ }; /** Name of the struct */ @@ -252,7 +251,7 @@ struct _vault_item_header_t { uint8_t type; /**< Item type (secret key, public, key, keysig, \see _PCP_KEY_TYPES */ uint32_t size; /**< Size of the item */ uint32_t version; /**< Version of the item */ - byte checksum[32]; /**< SHA256 checksum of the item */ + byte checksum[LSHA]; /**< SHA256 checksum of the item */ }; /** Name of the struct */ diff --git a/libpcp/crypto.c b/libpcp/crypto.c index a1e0635..d8eb328 100644 --- a/libpcp/crypto.c +++ b/libpcp/crypto.c @@ -44,14 +44,14 @@ byte *pcp_box_encrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub, } /* put nonce and cipher together */ - byte *combined = ucmalloc(es + crypto_secretbox_NONCEBYTES); - memcpy(combined, nonce, crypto_secretbox_NONCEBYTES); - memcpy(&combined[crypto_secretbox_NONCEBYTES], cipher, es); + byte *combined = ucmalloc(es + LNONCE); + memcpy(combined, nonce, LNONCE); + memcpy(&combined[LNONCE], cipher, es); free(cipher); free(nonce); - *csize = es + crypto_secretbox_NONCEBYTES; + *csize = es + LNONCE; return combined; @@ -71,15 +71,15 @@ byte *pcp_box_decrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub, byte *message = NULL; - byte *nonce = ucmalloc(crypto_secretbox_NONCEBYTES); - byte *cipheronly = ucmalloc(ciphersize - crypto_secretbox_NONCEBYTES); + byte *nonce = ucmalloc(LNONCE); + byte *cipheronly = ucmalloc(ciphersize - LNONCE); - memcpy(nonce, cipher, crypto_secretbox_NONCEBYTES); - memcpy(cipheronly, &cipher[crypto_secretbox_NONCEBYTES], - ciphersize - crypto_secretbox_NONCEBYTES); + memcpy(nonce, cipher, LNONCE); + memcpy(cipheronly, &cipher[LNONCE], + ciphersize - LNONCE); - message = ucmalloc(ciphersize - crypto_secretbox_NONCEBYTES - crypto_box_MACBYTES); - if(crypto_box_open_easy(message, cipheronly, ciphersize - crypto_secretbox_NONCEBYTES, + message = ucmalloc(ciphersize - LNONCE - crypto_box_MACBYTES); + if(crypto_box_open_easy(message, cipheronly, ciphersize - LNONCE, nonce, pub->pub, secret->secret) != 0) { fatal(ptx, "failed to decrypt message!\n"); goto errbed; @@ -90,7 +90,7 @@ byte *pcp_box_decrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub, /* resulting size: */ /* ciphersize - crypto_secretbox_ZEROBYTES */ - *dsize = ciphersize - crypto_secretbox_NONCEBYTES - PCP_CRYPTO_ADD; + *dsize = ciphersize - LNONCE - PCP_CRYPTO_ADD; return message; errbed: @@ -458,15 +458,15 @@ size_t pcp_encrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, byte * buf_nonce = _gen_ctr_nonce(ctr++); es = pcp_sodium_mac(&buf_cipher, in_buf, cur_bufsize, buf_nonce, symkey); - ps_write(out, buf_nonce, crypto_secretbox_NONCEBYTES); + ps_write(out, buf_nonce, LNONCE); ps_write(out, buf_cipher, es); - out_size += crypto_secretbox_NONCEBYTES + es; + out_size += LNONCE + es; if(recsign != NULL) crypto_generichash_update(st, buf_cipher, es); - ucfree(buf_nonce, crypto_secretbox_NONCEBYTES); + ucfree(buf_nonce, LNONCE); free(buf_cipher); } @@ -489,12 +489,12 @@ size_t pcp_encrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, byte * buf_nonce = pcp_gennonce(); es = pcp_sodium_mac(&buf_cipher, signature, siglen, buf_nonce, symkey); - ps_write(out, buf_nonce, crypto_secretbox_NONCEBYTES); + ps_write(out, buf_nonce, LNONCE); ps_write(out, buf_cipher, es); free(st); free(hash); - ucfree(buf_nonce, crypto_secretbox_NONCEBYTES); + ucfree(buf_nonce, LNONCE); free(buf_cipher); ucfree(signature, siglen); } @@ -517,12 +517,12 @@ size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte * byte *buf_cipher; byte *buf_clear; size_t out_size, cur_bufsize, es; - size_t ciphersize = (PCP_BLOCK_SIZE_IN) - crypto_secretbox_NONCEBYTES; + size_t ciphersize = (PCP_BLOCK_SIZE_IN) - LNONCE; byte *in_buf = NULL; uint64_t ctr, pastctr; pastctr = 0; - buf_nonce = ucmalloc(crypto_secretbox_NONCEBYTES); + buf_nonce = ucmalloc(LNONCE); buf_cipher = ucmalloc(ciphersize); buf_clear = ucmalloc(ciphersize); out_size = 0; @@ -530,7 +530,7 @@ size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte * byte *signature = NULL; byte *signature_cr = NULL; size_t siglen = crypto_sign_BYTES + crypto_generichash_BYTES_MAX; - size_t siglen_cr = siglen + PCP_CRYPTO_ADD + crypto_secretbox_NONCEBYTES; + size_t siglen_cr = siglen + PCP_CRYPTO_ADD + LNONCE; crypto_generichash_state *st = NULL; byte *hash = NULL; @@ -556,9 +556,9 @@ size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte * } } - ciphersize = cur_bufsize - crypto_secretbox_NONCEBYTES; - memcpy(buf_nonce, in_buf, crypto_secretbox_NONCEBYTES); - memcpy(buf_cipher, &in_buf[crypto_secretbox_NONCEBYTES], ciphersize); + ciphersize = cur_bufsize - LNONCE; + memcpy(buf_nonce, in_buf, LNONCE); + memcpy(buf_cipher, &in_buf[LNONCE], ciphersize); /* extract counter from nonce and check if it is in line with previous one TODO: save unordered buffers to disk and continue writing to out if @@ -600,10 +600,10 @@ size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte * if(recverify != NULL) { /* decrypt the signature */ - memcpy(buf_nonce, signature_cr, crypto_secretbox_NONCEBYTES); + memcpy(buf_nonce, signature_cr, LNONCE); - es = pcp_sodium_verify_mac(&signature, &signature_cr[crypto_secretbox_NONCEBYTES], - siglen_cr - crypto_secretbox_NONCEBYTES, buf_nonce, symkey); + es = pcp_sodium_verify_mac(&signature, &signature_cr[LNONCE], + siglen_cr - LNONCE, buf_nonce, symkey); if(es == 0) { /* add encrypted recipient list to the hash */ crypto_generichash_update(st, recverify->cipher, recverify->ciphersize); diff --git a/libpcp/key.c b/libpcp/key.c index 392b572..f59e66e 100644 --- a/libpcp/key.c +++ b/libpcp/key.c @@ -33,7 +33,7 @@ byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) { size_t plen = strnlen(passphrase, 255); /* create the scrypt hash */ - byte *scrypted = pcp_scrypt(ptx, passphrase, plen, nonce, crypto_secretbox_NONCEBYTES); + byte *scrypted = pcp_scrypt(ptx, passphrase, plen, nonce, LNONCE); /* make a hash from the scrypt() result */ crypto_hash_sha256(key, (byte*)scrypted, 64); @@ -51,8 +51,8 @@ byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) { char *pcp_getkeyid(pcp_key_t *k) { uint32_t s, p; - p = jen_hash(k->pub, 32, JEN_PSALT); - s = jen_hash(k->edpub, 32, JEN_SSALT); + p = jen_hash(k->pub, LBOXPUB, JEN_PSALT); + s = jen_hash(k->edpub, LEDPUB, JEN_SSALT); char *id = ucmalloc(17); snprintf(id, 17, "%08X%08X", p, s); return id; @@ -61,8 +61,8 @@ char *pcp_getkeyid(pcp_key_t *k) { /* same as above but for imported pbp keys */ char *pcp_getpubkeyid(pcp_pubkey_t *k) { uint32_t s, p; - p = jen_hash(k->pub, 32, JEN_PSALT); - s = jen_hash(k->edpub, 32, JEN_SSALT); + p = jen_hash(k->pub, LBOXPUB, JEN_PSALT); + s = jen_hash(k->edpub, LEDPUB, JEN_SSALT); char *id = ucmalloc(17); snprintf(id, 17, "%08X%08X", p, s); return id; @@ -95,24 +95,24 @@ void pcp_keypairs(byte *msk, byte *mpk, byte *csk, byte *cpk, byte *esk, byte *e } pcp_key_t * pcpkey_new () { - byte *mp = ucmalloc(32); - byte *ms = ucmalloc(64); - byte *sp = ucmalloc(32); - byte *ss = ucmalloc(64); - byte *cp = ucmalloc(32); - byte *cs = ucmalloc(32); + byte *mp = ucmalloc(LEDPUB); + byte *ms = ucmalloc(LEDSEC); + byte *sp = ucmalloc(LEDPUB); + byte *ss = ucmalloc(LEDSEC); + byte *cp = ucmalloc(LBOXPUB); + byte *cs = ucmalloc(LBOXSEC); /* generate key material */ pcp_keypairs(ms, mp, cs, cp, ss, sp); /* fill in our struct */ pcp_key_t *key = urmalloc(sizeof(pcp_key_t)); - memcpy (key->masterpub, mp, 32); - memcpy (key->mastersecret, ms, 64); - memcpy (key->pub, cp, 32); - memcpy (key->secret, cs, 32); - memcpy (key->edpub, sp, 32); - memcpy (key->edsecret, ss, 64); + memcpy (key->masterpub, mp, LEDPUB); + memcpy (key->mastersecret, ms, LEDSEC); + memcpy (key->pub, cp, LBOXPUB); + memcpy (key->secret, cs, LBOXSEC); + memcpy (key->edpub, sp, LEDPUB); + memcpy (key->edsecret, ss, LEDSEC); char *id = pcp_getkeyid(key); memcpy (key->id, id, 17); @@ -128,19 +128,19 @@ pcp_key_t * pcpkey_new () { key->mail[0] = '\0'; /* clean up */ - ucfree(ms, 64); - ucfree(ss, 64); - ucfree(mp, 32); - ucfree(sp, 32); - ucfree(cs, 32); - ucfree(cp, 32); + ucfree(ms, LEDSEC); + ucfree(ss, LEDSEC); + ucfree(mp, LEDPUB); + ucfree(sp, LEDPUB); + ucfree(cs, LBOXSEC); + ucfree(cp, LBOXPUB); return key; } byte * pcp_gennonce() { - byte *nonce = ucmalloc(crypto_secretbox_NONCEBYTES); - arc4random_buf(nonce, crypto_secretbox_NONCEBYTES); + byte *nonce = ucmalloc(LNONCE); + arc4random_buf(nonce, LNONCE); return nonce; } @@ -152,8 +152,8 @@ void pcpkey_setowner(pcp_key_t *key, char *owner, char *mail) { pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) { if(key->nonce[0] == 0) { byte *nonce = pcp_gennonce(); - memcpy (key->nonce, nonce, crypto_secretbox_NONCEBYTES); - ucfree(nonce, crypto_secretbox_NONCEBYTES); + memcpy (key->nonce, nonce, LNONCE); + ucfree(nonce, LNONCE); } byte *encryptkey = pcp_derivekey(ptx, passphrase, key->nonce); @@ -162,22 +162,22 @@ pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) { size_t es; Buffer *both = buffer_new(128, "keypack"); - buffer_add(both, key->mastersecret, 64); - buffer_add(both, key->edsecret, 64); - buffer_add(both, key->secret, 32); + buffer_add(both, key->mastersecret, LEDSEC); + buffer_add(both, key->edsecret, LEDSEC); + buffer_add(both, key->secret, LBOXSEC); es = pcp_sodium_mac(&encrypted, buffer_get(both), buffer_size(both), key->nonce, encryptkey); buffer_free(both); sfree(encryptkey); - if(es == 176) { /* FIXME: calc! */ + if(es == LSEC) { /* success */ - memcpy(key->encrypted, encrypted, 176); + memcpy(key->encrypted, encrypted, LSEC); ucfree(encrypted, es); - memset(key->secret, 0, 32); - memset(key->edsecret, 0, 64); - memset(key->mastersecret, 0, 64); + memset(key->secret, 0, LBOXSEC); + memset(key->edsecret, 0, LEDSEC); + memset(key->mastersecret, 0, LEDSEC); } else { fatal(ptx, "failed to encrypt the secret key!\n"); @@ -195,20 +195,20 @@ pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) { byte *decrypted; size_t es; - es = pcp_sodium_verify_mac(&decrypted, key->encrypted, 176, key->nonce, encryptkey); + es = pcp_sodium_verify_mac(&decrypted, key->encrypted, LSEC, key->nonce, encryptkey); sfree(encryptkey); if(es == 0) { /* success */ - memcpy(key->mastersecret, decrypted, 64); - memcpy(key->edsecret, decrypted + 64, 64); - memcpy(key->secret, decrypted +128, 32); - ucfree(decrypted, 160); + memcpy(key->mastersecret, decrypted, LEDSEC); + memcpy(key->edsecret, decrypted + LEDSEC, LEDSEC); + memcpy(key->secret, decrypted + LEDSEC + LEDSEC, LBOXSEC); + ucfree(decrypted, LEDSEC + LEDSEC + LBOXSEC); } else { fatal(ptx, "failed to decrypt the secret key (got %d, expected 32)!\n", es); - ucfree(decrypted, 160); + ucfree(decrypted, LEDSEC + LEDSEC + LBOXSEC); return NULL; } @@ -217,9 +217,9 @@ pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) { pcp_pubkey_t *pcpkey_pub_from_secret(pcp_key_t *key) { pcp_pubkey_t *pub = urmalloc(sizeof (pcp_pubkey_t)); - memcpy(pub->masterpub, key->masterpub, 32); - memcpy(pub->pub, key->pub, 32); - memcpy(pub->edpub, key->edpub, 32); + memcpy(pub->masterpub, key->masterpub, LEDPUB); + memcpy(pub->pub, key->pub, LBOXPUB); + memcpy(pub->edpub, key->edpub, LEDSEC); memcpy(pub->owner, key->owner, 255); memcpy(pub->mail, key->mail, 255); memcpy(pub->id, key->id, 17); @@ -242,13 +242,13 @@ char *pcpkey_get_art(pcp_key_t *k) { byte *pcppubkey_getchecksum(pcp_pubkey_t *k) { byte *hash = ucmalloc(32); - crypto_hash_sha256(hash, k->pub, 32); + crypto_hash_sha256(hash, k->pub, LBOXPUB); return hash; } byte *pcpkey_getchecksum(pcp_key_t *k) { byte *hash = ucmalloc(32); - crypto_hash_sha256(hash, k->pub, 32); + crypto_hash_sha256(hash, k->pub, LBOXPUB); return hash; } @@ -306,18 +306,18 @@ pcp_pubkey_t *pubkey2native(pcp_pubkey_t *k) { } void pcp_seckeyblob(Buffer *b, pcp_key_t *k) { - buffer_add(b, k->masterpub, 32); - buffer_add(b, k->mastersecret, 64); + buffer_add(b, k->masterpub, LEDPUB); + buffer_add(b, k->mastersecret, LEDSEC); - buffer_add(b, k->pub, 32); - buffer_add(b, k->secret, 32); + buffer_add(b, k->pub, LBOXPUB); + buffer_add(b, k->secret, LBOXPUB); - buffer_add(b, k->edpub, 32); - buffer_add(b, k->edsecret, 64); + buffer_add(b, k->edpub, LEDPUB); + buffer_add(b, k->edsecret, LEDSEC); - buffer_add(b, k->nonce, 24); + buffer_add(b, k->nonce, LNONCE); - buffer_add(b, k->encrypted, 176); + buffer_add(b, k->encrypted, LSEC); buffer_add(b, k->owner, 255); buffer_add(b, k->mail, 255); @@ -330,10 +330,9 @@ void pcp_seckeyblob(Buffer *b, pcp_key_t *k) { } void pcp_pubkeyblob(Buffer *b, pcp_pubkey_t *k) { - buffer_add(b, k->masterpub, 32); - buffer_add(b, k->sigpub, 32); - buffer_add(b, k->pub, 32); - buffer_add(b, k->edpub, 32); + buffer_add(b, k->masterpub, LEDPUB); + buffer_add(b, k->pub, LBOXPUB); + buffer_add(b, k->edpub, LEDPUB); buffer_add(b, k->owner, 255); buffer_add(b, k->mail, 255); @@ -462,40 +461,40 @@ int pcp_sanitycheck_key(PCPCTX *ptx, pcp_key_t *key) { } void pcp_dumpkey(pcp_key_t *k) { - int i; + unsigned int i; printf("Dumping pcp_key_t raw values:\n"); printf("masterpub: "); - for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->masterpub[i]); + for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->masterpub[i]); printf("\n"); printf(" public: "); - for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->pub[i]); + for ( i = 0;i < LBOXPUB;++i) printf("%02x",(unsigned int) k->pub[i]); printf("\n"); printf(" edpub: "); - for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->edpub[i]); + for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->edpub[i]); printf("\n"); printf("mastersec: "); - for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->mastersecret[i]); + for ( i = 0;i < LEDSEC;++i) printf("%02x",(unsigned int) k->mastersecret[i]); printf("\n"); printf(" secret: "); - for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->secret[i]); + for ( i = 0;i < LBOXPUB;++i) printf("%02x",(unsigned int) k->secret[i]); printf("\n"); printf(" edsecret: "); - for ( i = 0;i < 64;++i) printf("%02x",(unsigned int) k->edsecret[i]); + for ( i = 0;i < LEDSEC;++i) printf("%02x",(unsigned int) k->edsecret[i]); printf("\n"); printf(" nonce: "); - for ( i = 0;i < 24;++i) printf("%02x",(unsigned int) k->nonce[i]); + for ( i = 0;i < LNONCE;++i) printf("%02x",(unsigned int) k->nonce[i]); printf("\n"); printf("encrypted: "); - for ( i = 0;i < 80;++i) printf("%02x",(unsigned int) k->encrypted[i]); + for ( i = 0;i < LSEC;++i) printf("%02x",(unsigned int) k->encrypted[i]); printf("\n"); printf(" owner: %s\n", k->owner); @@ -515,19 +514,19 @@ void pcp_dumpkey(pcp_key_t *k) { void pcp_dumppubkey(pcp_pubkey_t *k) { - int i; + unsigned int i; printf("Dumping pcp_pubkey_t raw values:\n"); printf("masterpub: "); - for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->masterpub[i]); + for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->masterpub[i]); printf("\n"); printf(" public: "); - for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->pub[i]); + for ( i = 0;i < LBOXPUB;++i) printf("%02x",(unsigned int) k->pub[i]); printf("\n"); printf(" edpub: "); - for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->edpub[i]); + for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->edpub[i]); printf("\n"); printf(" owner: %s\n", k->owner); diff --git a/libpcp/keysig.c b/libpcp/keysig.c index d7d8bb1..a094998 100644 --- a/libpcp/keysig.c +++ b/libpcp/keysig.c @@ -49,7 +49,7 @@ Buffer *pcp_keysig2blob(pcp_keysig_t *s) { buffer_add8(b, s->type); buffer_add32be(b, s->size); buffer_add(b, s->id, 17); - buffer_add(b, s->checksum, 32); + buffer_add(b, s->checksum, LSHA); buffer_add(b, s->blob, s->size); return b; } @@ -62,17 +62,17 @@ pcp_keysig_t *pcp_keysig_new(Buffer *blob) { buffer_get_chunk(blob, sk->id, 17); - byte *checksum = ucmalloc(32); - buffer_get_chunk(blob, checksum, 32); + byte *checksum = ucmalloc(LSHA); + buffer_get_chunk(blob, checksum, LSHA); sk->blob = ucmalloc(size); buffer_get_chunk(blob, sk->blob, size); sk->size = size; sk->type = type; - memcpy(sk->checksum, checksum, 32); + memcpy(sk->checksum, checksum, LSHA); - ucfree(checksum, 32); + ucfree(checksum, LSHA); return sk; } @@ -86,7 +86,7 @@ void pcp_dumpkeysig(pcp_keysig_t *s) { printf(" size: %ld\n", (long int)s->size); printf(" checksum: "); - for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) s->checksum[i]); + for ( i = 0;i < LSHA;++i) printf("%02x",(unsigned int) s->checksum[i]); printf("\n"); _dump(" blob:", s->blob, s->size); diff --git a/libpcp/mgmt.c b/libpcp/mgmt.c index e2ec346..95ce44f 100644 --- a/libpcp/mgmt.c +++ b/libpcp/mgmt.c @@ -25,9 +25,9 @@ int _get_pk(Buffer *blob, pcp_pubkey_t *p) { if(buffer_left(blob) >= 96) { - buffer_get_chunk(blob, p->masterpub, 32); - buffer_get_chunk(blob, p->edpub, 32); - buffer_get_chunk(blob, p->pub, 32); + buffer_get_chunk(blob, p->masterpub, LEDPUB); + buffer_get_chunk(blob, p->edpub, LEDPUB); + buffer_get_chunk(blob, p->pub, LBOXPUB); return 0; } else @@ -41,15 +41,18 @@ int _check_keysig_h(PCPCTX *ptx, Buffer *blob, rfc_pub_sig_h *h) { h->numsubs = be16toh(h->numsubs); if(h->version != EXP_SIG_VERSION) { - fatal(ptx, "Unsupported pubkey signature version %d, expected %d\n", h->version, EXP_SIG_VERSION); + fatal(ptx, "Unsupported pubkey signature version %d, expected %d\n", + h->version, EXP_SIG_VERSION); return 1; } if(h->type != EXP_SIG_TYPE) { - fatal(ptx, "Unsupported pubkey signature type %d, expected %d\n", h->type, EXP_SIG_TYPE); + fatal(ptx, "Unsupported pubkey signature type %d, expected %d\n", + h->type, EXP_SIG_TYPE); return 1; } if(h->pkcipher != EXP_SIG_CIPHER) { - fatal(ptx, "Unsupported pubkey signature cipher %d, expected %d\n", h->pkcipher, EXP_SIG_CIPHER); + fatal(ptx, "Unsupported pubkey signature cipher %d, expected %d\n", + h->pkcipher, EXP_SIG_CIPHER); return 1; } if(h->hashcipher != EXP_HASH_CIPHER) { @@ -381,7 +384,7 @@ pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob) { } b = ucmalloc(sizeof(pbp_pubkey_t)); /* FIXME: separate type really needed? */ - buffer_get_chunk(blob, b->sigpub, crypto_sign_PUBLICKEYBYTES); + buffer_get_chunk(blob, b->masterpub, crypto_sign_PUBLICKEYBYTES); buffer_get_chunk(blob, b->edpub, crypto_sign_PUBLICKEYBYTES); buffer_get_chunk(blob, b->pub, crypto_box_PUBLICKEYBYTES); buffer_get_chunk(blob, date, 18); @@ -427,9 +430,9 @@ pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob) { _lc(pub->owner); ucfree(b, sizeof(pbp_pubkey_t)); - /* edpub used for signing, might differ */ + /* masterpub used for signing, might differ */ tmp = ucmalloc(sizeof(pcp_pubkey_t)); - memcpy(tmp->edpub, b->sigpub, crypto_sign_PUBLICKEYBYTES); + memcpy(tmp->masterpub, b->masterpub, crypto_sign_PUBLICKEYBYTES); byte *verify = pcp_ed_verify(ptx, buffer_get(blob), buffer_size(blob), tmp); free(tmp); @@ -473,9 +476,9 @@ Buffer *pcp_export_pbp_pub(pcp_key_t *sk) { Buffer *sig = buffer_new(320, "pbsig01"); /* add raw key material */ - buffer_add(sig, sk->edpub, crypto_sign_PUBLICKEYBYTES); - buffer_add(sig, sk->edpub, crypto_sign_PUBLICKEYBYTES); - buffer_add(sig, sk->pub, crypto_box_PUBLICKEYBYTES); + buffer_add(sig, sk->edpub, LEDPUB); + buffer_add(sig, sk->masterpub, LEDPUB); + buffer_add(sig, sk->pub, LBOXPUB); /* add creatioin and expire time as 32byte iso time string */ time_t t = (time_t)sk->ctime; @@ -527,9 +530,9 @@ Buffer *pcp_export_rfc_pub (PCPCTX *ptx, pcp_key_t *sk) { buffer_add8(out, EXP_PK_CIPHER); /* add the keys */ - buffer_add(raw, sk->masterpub, 32); - buffer_add(raw, sk->edpub, 32); - buffer_add(raw, sk->pub, 32); + buffer_add(raw, sk->masterpub, LEDPUB); + buffer_add(raw, sk->edpub, LEDPUB); + buffer_add(raw, sk->pub, LBOXPUB); /* add the sig header */ buffer_add8(raw, EXP_SIG_VERSION); @@ -652,13 +655,13 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) { Buffer *raw = buffer_new(512, "secretbuf"); Buffer *out = buffer_new(512, "secretcipherblob"); - buffer_add(raw, sk->mastersecret, 64); - buffer_add(raw, sk->secret, 32); - buffer_add(raw, sk->edsecret, 64); + buffer_add(raw, sk->mastersecret, LEDSEC); + buffer_add(raw, sk->secret, LBOXSEC); + buffer_add(raw, sk->edsecret, LEDSEC); - buffer_add(raw, sk->masterpub, 32); - buffer_add(raw, sk->pub, 32); - buffer_add(raw, sk->edpub, 32); + buffer_add(raw, sk->masterpub, LEDPUB); + buffer_add(raw, sk->pub, LBOXPUB); + buffer_add(raw, sk->edpub, LEDPUB); if(strlen(sk->owner) > 0) { buffer_add16be(raw, strlen(sk->owner)); @@ -678,9 +681,9 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) { buffer_add32be(raw, sk->version); buffer_add32be(raw, sk->serial); - nonce = ucmalloc(crypto_secretbox_NONCEBYTES); - arc4random_buf(nonce, crypto_secretbox_NONCEBYTES); - symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), nonce, crypto_secretbox_NONCEBYTES); + nonce = ucmalloc(LNONCE); + arc4random_buf(nonce, LNONCE); + symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), nonce, LNONCE); es = pcp_sodium_mac(&cipher, buffer_get(raw), buffer_size(raw), nonce, symkey); @@ -693,7 +696,7 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) { else { #endif - buffer_add(out, nonce, crypto_secretbox_NONCEBYTES); + buffer_add(out, nonce, LNONCE); buffer_add(out, cipher, es); #ifdef HAVE_JSON @@ -701,7 +704,7 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) { #endif buffer_free(raw); - ucfree(nonce, crypto_secretbox_NONCEBYTES); + ucfree(nonce, LNONCE); sfree(symkey); ucfree(cipher, es); @@ -752,11 +755,11 @@ pcp_key_t *pcp_import_secret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passp pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphrase) { pcp_key_t *sk = ucmalloc(sizeof(pcp_key_t)); - byte *nonce = ucmalloc(crypto_secretbox_NONCEBYTES); + byte *nonce = ucmalloc(LNONCE); byte *symkey = NULL; byte *clear = NULL; size_t cipherlen = 0; - size_t minlen = (64 * 2) + (32 * 4) + 8 + 4 + 4; /* key material and mandatory field sizes */ + size_t minlen = (LEDSEC * 2) + (LBOXPUB * 2) + (LEDPUB * 2) + 8 + 4 + 4; /* key material and mandatory field sizes */ uint16_t notationlen = 0; Buffer *blob = buffer_new(512, "secretdecryptbuf"); @@ -771,10 +774,10 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras } #endif - if(buffer_get_chunk(cipher, nonce, crypto_secretbox_NONCEBYTES) == 0) + if(buffer_get_chunk(cipher, nonce, LNONCE) == 0) goto impserr1; - symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), nonce, crypto_secretbox_NONCEBYTES); + symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), nonce, LNONCE); cipherlen = buffer_left(cipher); if(cipherlen < minlen) { @@ -796,13 +799,13 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras buffer_add(blob, clear, cipherlen - PCP_CRYPTO_ADD); /* extract the raw data into the structure */ - buffer_get_chunk(blob, sk->mastersecret, 64); - buffer_get_chunk(blob, sk->secret, 32); - buffer_get_chunk(blob, sk->edsecret, 64); + buffer_get_chunk(blob, sk->mastersecret, LEDSEC); + buffer_get_chunk(blob, sk->secret, LBOXSEC); + buffer_get_chunk(blob, sk->edsecret, LEDSEC); - buffer_get_chunk(blob, sk->masterpub, 32); - buffer_get_chunk(blob, sk->pub, 32); - buffer_get_chunk(blob, sk->edpub, 32); + buffer_get_chunk(blob, sk->masterpub, LEDPUB); + buffer_get_chunk(blob, sk->pub, LBOXPUB); + buffer_get_chunk(blob, sk->edpub, LEDPUB); notationlen = buffer_get16na(blob); if(notationlen > 255) { @@ -835,7 +838,7 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras /* ready */ ucfree(clear, cipherlen - PCP_CRYPTO_ADD); - ucfree(nonce, crypto_secretbox_NONCEBYTES); + ucfree(nonce, LNONCE); buffer_free(blob); sfree(symkey); free(id); @@ -846,7 +849,7 @@ pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphras ucfree(clear, cipherlen - PCP_CRYPTO_ADD); impserr1: - ucfree(nonce, crypto_secretbox_NONCEBYTES); + ucfree(nonce, LNONCE); ucfree(sk, sizeof(pcp_key_t)); buffer_free(blob); if(symkey != NULL) @@ -874,9 +877,9 @@ json_t *pcp_pk2json(pcp_pubkey_t *pk) { pcp_key_t *sk = malloc(sizeof(pcp_key_t)); - memcpy(sk->masterpub, pk->masterpub, 32); - memcpy(sk->pub, pk->pub, 32); - memcpy(sk->edpub, pk->edpub, 32); + memcpy(sk->masterpub, pk->masterpub, LEDPUB); + memcpy(sk->pub, pk->pub, LBOXPUB); + memcpy(sk->edpub, pk->edpub, LEDPUB); memcpy(sk->owner, pk->owner, 255); memcpy(sk->mail, pk->mail, 255); memcpy(sk->id, pk->id, 17); @@ -897,9 +900,9 @@ json_t *pcp_sk2json(pcp_key_t *sk, byte *sig, size_t siglen) { char *jformat = "{sssssssisisisissssssssssss}"; - cryptpub = _bin2hex(sk->pub, 32); - sigpub = _bin2hex(sk->edpub, 32); - masterpub= _bin2hex(sk->masterpub, 32); + cryptpub = _bin2hex(sk->pub, LBOXPUB); + sigpub = _bin2hex(sk->edpub, LEDPUB); + masterpub= _bin2hex(sk->masterpub, LEDPUB); if(sig != NULL) { ssig = _bin2hex(sig, siglen); @@ -946,7 +949,7 @@ Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce, byte *ci jout = pcp_sk2json(sk, NULL, 0); xcipher = _bin2hex(cipher, clen); - xnonce = _bin2hex(nonce, crypto_secretbox_NONCEBYTES); + xnonce = _bin2hex(nonce, LNONCE); json_object_set(jout, "type", json_string("secret")); json_object_set(jout, "secrets", json_string(xcipher)); @@ -1070,8 +1073,8 @@ pcp_ks_bundle_t *pcp_import_pub_json(PCPCTX *ptx, byte *raw, size_t rawsize) { jtmp = json_object_get(jin, "cryptpub"); if(jtmp == NULL) goto jerr2; - if(_hex2bin(json_string_value(jtmp), blob, maxblob) == 32) - memcpy(p->pub, blob, 32); + if(_hex2bin(json_string_value(jtmp), blob, maxblob) == LBOXPUB) + memcpy(p->pub, blob, LBOXPUB); else { strcpy(jerror.text, hexerr); goto jerr2; @@ -1080,8 +1083,8 @@ pcp_ks_bundle_t *pcp_import_pub_json(PCPCTX *ptx, byte *raw, size_t rawsize) { jtmp = json_object_get(jin, "sigpub"); if(jtmp == NULL) goto jerr2; - if(_hex2bin(json_string_value(jtmp), blob, maxblob) == 32) - memcpy(p->edpub, blob, 32); + if(_hex2bin(json_string_value(jtmp), blob, maxblob) == LEDPUB) + memcpy(p->edpub, blob, LEDPUB); else { strcpy(jerror.text, hexerr); goto jerr2; @@ -1090,8 +1093,8 @@ pcp_ks_bundle_t *pcp_import_pub_json(PCPCTX *ptx, byte *raw, size_t rawsize) { jtmp = json_object_get(jin, "masterpub"); if(jtmp == NULL) goto jerr2; - if(_hex2bin(json_string_value(jtmp), blob, maxblob) == 32) - memcpy(p->masterpub, blob, 32); + if(_hex2bin(json_string_value(jtmp), blob, maxblob) == LEDPUB) + memcpy(p->masterpub, blob, LEDPUB); else { strcpy(jerror.text, hexerr); goto jerr2; diff --git a/libpcp/vault.c b/libpcp/vault.c index 84c07a6..b290660 100644 --- a/libpcp/vault.c +++ b/libpcp/vault.c @@ -111,7 +111,7 @@ int pcpvault_create(PCPCTX *ptx, vault_t *vault) { header->version = PCP_VAULT_VERSION; vault->version = header->version; - memcpy(vault->checksum, header->checksum, 32); + memcpy(vault->checksum, header->checksum, LSHA); vh2be(header); @@ -268,9 +268,9 @@ void pcpvault_update_checksum(PCPCTX *ptx, vault_t *vault) { vault_header_t *header = ucmalloc(sizeof(vault_header_t)); header->fileid = PCP_VAULT_ID; header->version = PCP_VAULT_VERSION; - memcpy(header->checksum, checksum, 32); - memcpy(vault->checksum, checksum, 32); - ucfree(checksum, 32); + memcpy(header->checksum, checksum, LSHA); + memcpy(vault->checksum, checksum, LSHA); + ucfree(checksum, LSHA); vh2be(header); @@ -292,7 +292,7 @@ byte *pcpvault_create_checksum(PCPCTX *ptx) { size_t datasize = ((PCP_RAW_KEYSIZE) * numskeys) + ((PCP_RAW_PUBKEYSIZE) * numpkeys); byte *data = ucmalloc(datasize); - byte *checksum = ucmalloc(32); + byte *checksum = ucmalloc(LSHA); pcphash_iterate(ptx, k) { key2be(k); @@ -316,12 +316,6 @@ byte *pcpvault_create_checksum(PCPCTX *ptx) { buffer_free(blob); - /* - printf("PUB: %d, SEC: %d\n", PCP_RAW_PUBKEYSIZE, PCP_RAW_KEYSIZE); - printf("DATA (%d) (s: %d, p: %d):\n", (int)datasize, numskeys, numpkeys); - _dump("data", data, datasize); - */ - crypto_hash_sha256(checksum, data, datasize); memset(data, 0, datasize); @@ -457,7 +451,7 @@ int pcpvault_fetchall(PCPCTX *ptx, vault_t *vault) { int ksize = PCP_RAW_KEYSIGSIZE; /* smallest possbile item */ vault->version = header->version; - memcpy(vault->checksum, header->checksum, 32); + memcpy(vault->checksum, header->checksum, LSHA); for(;;) { readpos = ftell(vault->fd); @@ -526,14 +520,9 @@ int pcpvault_fetchall(PCPCTX *ptx, vault_t *vault) { byte *checksum = NULL; checksum = pcpvault_create_checksum(ptx); - /* - _dump(" calc checksum", checksum, 32); - _dump("vault checksum", vault->checksum, 32); - */ - if(pcphash_count(ptx) + pcphash_countpub(ptx) > 0) { /* only validate the checksum if there are keys */ - if(memcmp(checksum, vault->checksum, 32) != 0) { + if(memcmp(checksum, vault->checksum, LSHA) != 0) { fatal(ptx, "Error: the checksum of the key vault doesn't match its contents!\n"); goto err; } diff --git a/src/keyprint.c b/src/keyprint.c index d82b5e3..16ce0b4 100644 --- a/src/keyprint.c +++ b/src/keyprint.c @@ -117,7 +117,7 @@ void pcptext_vault(vault_t *vault) { pcp_key_t *k; pcp_pubkey_t *p; - checksum = _bin2hex(vault->checksum, 32); + checksum = _bin2hex(vault->checksum, LSHA); jout = json_pack("{sssisssisi}", "keyvaultfile", vault->filename, "version", vault->version, @@ -184,7 +184,7 @@ void pcpkey_printlineinfo(pcp_key_t *key) { printf(" "); byte *hash = pcpkey_getchecksum(key); int i, y; - for(i=0; i<32; i+=4) { + for(i=0; ichecksum; - for(i=0; i<32; i+=4) { + for(i=0; imail); fprintf(out, " Key-ID: 0x%s\n", key->id); - fprintf(out, " Public-Key: %s\n", pcp_z85_encode(key->pub, 32, &zlen, 1)); + fprintf(out, " Public-Key: %s\n", pcp_z85_encode(key->pub, LBOXPUB, &zlen, 1)); /* 2004-06-14T23:34:30. */ fprintf(out, " Creation Time: %04d-%02d-%02dT%02d:%02d:%02d\n", diff --git a/tests/sample.c b/tests/sample.c index 179c5cf..4ce2952 100644 --- a/tests/sample.c +++ b/tests/sample.c @@ -7,7 +7,7 @@ int main() { Pcpstream *clear_in, *crypt_out, *clear_out; PCPCTX *ptx; char message[] = "hello world"; - printf("hh: %ld\n", sizeof(UT_hash_handle)); + /* we always need a context */ ptx = ptx_new(); @@ -72,5 +72,7 @@ int main() { free(bob); free(bobpub); + + return 0; }