mirror of
https://codeberg.org/scip/pcp.git
synced 2025-12-17 12:00:56 +01:00
added own file type for crypt+sign, now signing the encrypted result, not the clear message.
using 64bit integers for time vars in key ex/im_ports
This commit is contained in:
TLINDEN
@@ -197,6 +197,14 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t
|
||||
else if(head[0] == PCP_ASYM_CIPHER) {
|
||||
self = 0;
|
||||
}
|
||||
else if(head[0] == PCP_ASYM_CIPHER_SIG) {
|
||||
self = 0;
|
||||
verify = 1;
|
||||
}
|
||||
else {
|
||||
fatal(ptx, "Unknown file header (got: %02x)\n", head[0]);
|
||||
goto errdef1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -323,7 +331,10 @@ size_t pcp_encrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t
|
||||
}
|
||||
|
||||
/* step 1, file header */
|
||||
head[0] = PCP_ASYM_CIPHER;
|
||||
if(sign)
|
||||
head[0] = PCP_ASYM_CIPHER_SIG;
|
||||
else
|
||||
head[0] = PCP_ASYM_CIPHER;
|
||||
ps_write(out, head, 1);
|
||||
/* fwrite(head, 1, 1, out); */
|
||||
/* fprintf(stderr, "D: header - 1\n"); */
|
||||
@@ -454,7 +465,8 @@ size_t pcp_encrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, byte *
|
||||
out_size += crypto_secretbox_NONCEBYTES + es;
|
||||
|
||||
if(recsign != NULL)
|
||||
crypto_generichash_update(st, in_buf, cur_bufsize);
|
||||
crypto_generichash_update(st, buf_cipher, es);
|
||||
//crypto_generichash_update(st, in_buf, cur_bufsize);
|
||||
|
||||
#ifdef PCP_CBC
|
||||
/* make current cipher to next IV, ignore nonce and pad */
|
||||
@@ -573,7 +585,8 @@ size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte *
|
||||
/* fwrite(buf_clear, ciphersize - PCP_CRYPTO_ADD, 1, out); */
|
||||
|
||||
if(recverify != NULL)
|
||||
crypto_generichash_update(st, buf_clear, ciphersize - PCP_CRYPTO_ADD);
|
||||
crypto_generichash_update(st, buf_cipher, ciphersize);
|
||||
//crypto_generichash_update(st, buf_clear, ciphersize - PCP_CRYPTO_ADD);
|
||||
|
||||
free(buf_clear);
|
||||
|
||||
|
||||
@@ -120,7 +120,12 @@ int _check_sigsubs(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, rfc_pub_sig_s *su
|
||||
ucfree(notation, nsize);
|
||||
}
|
||||
else {
|
||||
/* unsupported or ignored sig sub */
|
||||
/* unsupported or ignored sig subs:
|
||||
we (currently) ignore sig ctime, expire and keyexpire,
|
||||
since the ctime - which is the only one we need internally -
|
||||
is already known from the key ctime. This may change in
|
||||
the future though.
|
||||
*/
|
||||
if(buffer_get_chunk(blob, ignore, subheader->size) == 0) {
|
||||
fatal(ptx, "Invalid 'unsupported' notation, expected %ld bytes, but got 0\n", subheader->size);
|
||||
return 1;
|
||||
@@ -135,6 +140,7 @@ int _check_hash_keysig(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t
|
||||
// read hash + sig
|
||||
size_t blobstop = blob->offset;
|
||||
size_t sigsize = crypto_sign_BYTES + crypto_generichash_BYTES_MAX;
|
||||
size_t phead = (2 * sizeof(uint8_t)) + sizeof(uint64_t); /* rfc_pub_h */
|
||||
|
||||
byte *signature = ucmalloc(sigsize);
|
||||
if(buffer_get_chunk(blob, signature, sigsize) == 0)
|
||||
@@ -144,11 +150,11 @@ int _check_hash_keysig(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t
|
||||
sk->type = PCP_KEYSIG_NATIVE;
|
||||
|
||||
/* everything minus version, ctime and cipher, 1st 3 fields */
|
||||
sk->size = blobstop - 6;
|
||||
sk->size = blobstop - phead;
|
||||
memcpy(sk->id, p->id, 17);
|
||||
|
||||
/* put the whole signature blob into our keysig */
|
||||
blob->offset = 6; /* woah, hack :) */
|
||||
blob->offset = phead;
|
||||
sk->blob = ucmalloc(sk->size);
|
||||
buffer_get_chunk(blob, sk->blob, sk->size);
|
||||
|
||||
@@ -262,7 +268,7 @@ pcp_ks_bundle_t *pcp_import_pub_rfc(PCPCTX *ptx, Buffer *blob) {
|
||||
rfc_pub_sig_s *subheader = ucmalloc(sizeof(rfc_pub_sig_s));
|
||||
|
||||
if(buffer_done(blob)) goto be;
|
||||
p->ctime = buffer_get32na(blob);
|
||||
p->ctime = buffer_get64na(blob);
|
||||
|
||||
uint8_t pkcipher = buffer_get8(blob);
|
||||
if(buffer_done(blob)) goto be;
|
||||
@@ -352,7 +358,7 @@ pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob) {
|
||||
date[19] = '\0';
|
||||
struct tm c;
|
||||
if(strptime(date, "%Y-%m-%dT%H:%M:%S", &c) == NULL) {
|
||||
fatal(ptx, "Failed to parse creation time in PBP public key file (<%s>)\n", date);
|
||||
fatal(ptx, "Failed to parse creation time in PBP public key file\n");
|
||||
free(date);
|
||||
goto errimp2;
|
||||
}
|
||||
@@ -594,7 +600,7 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk) {
|
||||
|
||||
/* add the header */
|
||||
buffer_add8(out, PCP_KEY_VERSION);
|
||||
buffer_add32be(out, sk->ctime);
|
||||
buffer_add64be(out, sk->ctime);
|
||||
buffer_add8(out, EXP_PK_CIPHER);
|
||||
|
||||
/* add the keys */
|
||||
@@ -619,19 +625,19 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk) {
|
||||
buffer_add16be(raw, nsubs);
|
||||
|
||||
/* add sig ctime */
|
||||
buffer_add32be(raw, 4);
|
||||
buffer_add32be(raw, 8);
|
||||
buffer_add8(raw, EXP_SIG_SUB_CTIME);
|
||||
buffer_add32be(raw, time(0));
|
||||
buffer_add64be(raw, time(0));
|
||||
|
||||
/* add sig expire time */
|
||||
buffer_add32be(raw, 4);
|
||||
buffer_add32be(raw, 8);
|
||||
buffer_add8(raw, EXP_SIG_SUB_SIGEXPIRE);
|
||||
buffer_add32be(raw, time(0) + 31536000);
|
||||
buffer_add64be(raw, time(0) + 31536000);
|
||||
|
||||
/* add key expire time */
|
||||
buffer_add32be(raw, 4);
|
||||
buffer_add32be(raw, 8);
|
||||
buffer_add8(raw, EXP_SIG_SUB_KEYEXPIRE);
|
||||
buffer_add32be(raw, sk->ctime + 31536000);
|
||||
buffer_add64be(raw, sk->ctime + 31536000);
|
||||
|
||||
size_t notation_size = 0;
|
||||
/* add serial number notation sub */
|
||||
|
||||
Reference in New Issue
Block a user