From c717c060ecb25d3e1f0b251ea9640d094d2b306d Mon Sep 17 00:00:00 2001 From: "git@daemon.de" Date: Thu, 23 Jan 2014 15:40:06 +0100 Subject: [PATCH] re-implemented signature system to match the standard (orinal input, including sig for full sig; or 32k blockwise hash of input and sig from hash attached to original input without the hash), verify_buffered currently not implemented, armored sig only for output. --- bindings/cpp/sign++.h | 12 ++-- bindings/cpp/sign.cpp | 77 ++++------------------ include/pcp/defines.h | 5 +- include/pcp/ed.h | 33 +++++----- libpcp/ed.c | 118 ++++++++++++++++----------------- src/encryption.c | 4 +- src/keyprint.c | 27 -------- src/pcp.c | 38 ++++++----- src/signature.c | 148 ++++++++++-------------------------------- src/signature.h | 4 +- tests/cpptest.cpp | 5 +- tests/unittests.cfg | 9 +-- 12 files changed, 161 insertions(+), 319 deletions(-) diff --git a/bindings/cpp/sign++.h b/bindings/cpp/sign++.h index 43220f3..6350be1 100644 --- a/bindings/cpp/sign++.h +++ b/bindings/cpp/sign++.h @@ -42,7 +42,7 @@ namespace pcp { PubKey P; Key S; Vault vault; - pcp_sig_t *sig; + unsigned char *sig; // constructors Signature(Key &skey); // sign only @@ -55,14 +55,12 @@ namespace pcp { // PK signature methods // sender pubkey is P - std::string sign(std::vector message); - std::string sign(std::string message); - std::string sign(unsigned char *message, size_t mlen); + unsigned char *sign(std::vector message); + unsigned char *sign(unsigned char *message, size_t mlen); // verify using P or use vault if defined - bool verify(std::string signature, std::string message); - bool verify(std::string signature, std::vector message); - bool verify(std::string signature, unsigned char *message, size_t mlen); + bool verify(std::vector message); + bool verify(unsigned char *signature, size_t mlen); }; }; diff --git a/bindings/cpp/sign.cpp b/bindings/cpp/sign.cpp index 2db88a3..4941547 100644 --- a/bindings/cpp/sign.cpp +++ b/bindings/cpp/sign.cpp @@ -55,101 +55,46 @@ Signature::~Signature() { free(sig); } -std::string Signature::sign(std::vector message) { +unsigned char *Signature::sign(std::vector message) { unsigned char *m = (unsigned char *)ucmalloc(message.size()); for(size_t i=0; i message) { +bool Signature::verify(vector message) { unsigned char *m = (unsigned char *)ucmalloc(message.size()); for(size_t i=0; iid); +bool Signature::verify(unsigned char *signature, size_t mlen) { + unsigned char *message; if(!P) { - if(havevault) { - if(vault.pubkey_exists(sigid)) { - P = vault.get_public(sigid); - } - else { - throw exception("Unable to verify, signed using an unknown key."); - } - } - else { - throw exception("No public key and no vault specified, unable to verify."); - } - } - else { - if(P.get_id() != sigid) { - throw exception("Specified public key doesn't match the signers key."); - } + throw exception("No public key specified, unable to verify."); } - if(pcp_ed_verify(message, mlen, sig, P.K) == 0) { + message = pcp_ed_verify(signature, mlen, P.K); + if(message != NULL) { return true; } else { diff --git a/include/pcp/defines.h b/include/pcp/defines.h index 741fe83..2510c31 100644 --- a/include/pcp/defines.h +++ b/include/pcp/defines.h @@ -40,8 +40,9 @@ typedef unsigned int qbyte; // Quad byte = 32 bits #define PCP_ZFILE_HEADER "----- BEGIN Z85 ENCODED FILE -----" #define PCP_ZFILE_FOOTER "------ END Z85 ENCODED FILE ------" -#define PCP_SIG_HEADER "----- BEGIN PCP SIGNATURE FILE -----" -#define PCP_SIG_FOOTER "------ END PCP SIGNATURE FILE ------" +#define PCP_SIG_HEADER "----- BEGIN PCP SIGNED MESSAGE -----" +#define PCP_SIG_START "----- BEGIN PCP SIGNATURE -----" +#define PCP_SIG_END "------ END PCP SIGNATURE ------" #define PCP_ME "Pretty Curved Privacy" diff --git a/include/pcp/ed.h b/include/pcp/ed.h index c9f6377..adeeb79 100644 --- a/include/pcp/ed.h +++ b/include/pcp/ed.h @@ -19,6 +19,10 @@ You can contact me by mail: . */ +/* + ED25519 signatures. Currently unbuffered +*/ + #ifndef _HAVE_PCP_ED_H #define _HAVE_PCP_ED_H @@ -32,24 +36,19 @@ #include "mem.h" #include "key.h" -struct _pcp_sig_t { - byte edsig[crypto_sign_BYTES]; - char id[17]; - uint64_t ctime; - uint32_t version; -}; +/* sign a message of messagesize using s->edsecret, if it works + return message+signature (size: messagesize + crypto_sign_BYTES), + returns NULL otherwise */ +unsigned char *pcp_ed_sign(unsigned char *message, size_t messagesize, pcp_key_t *s); -typedef struct _pcp_sig_t pcp_sig_t; +/* verify a signature of siglen size using p->edpub, if the signature verifies + return the raw message with the signature removed (size: siglen - crypto_sign_BYTES), + returns NULL otherwise */ +unsigned char * pcp_ed_verify(unsigned char *signature, size_t siglen, pcp_pubkey_t *p); -int pcp_ed_verify(unsigned char *input, size_t inputlen, - pcp_sig_t *sig, pcp_pubkey_t *p); - -pcp_sig_t *pcp_ed_sign(unsigned char *message, - size_t messagesize, pcp_key_t *s); - -pcp_sig_t *sig2native(pcp_sig_t *k); -pcp_sig_t *sig2be(pcp_sig_t *k); - -pcp_sig_t *pcp_ed_newsig(unsigned char *hash, char *id); +/* same as pcp_ed_sign() but work on i/o directly, we're making a hash + of the input 32k-wise, copy in=>out, sign the hash and append the + sig only to the output */ +size_t pcp_ed_sign_buffered(FILE *in, FILE *out, pcp_key_t *s, int z85); #endif // _HAVE_PCP_ED_H diff --git a/libpcp/ed.c b/libpcp/ed.c index ee38fcb..08b1c14 100644 --- a/libpcp/ed.c +++ b/libpcp/ed.c @@ -21,79 +21,81 @@ #include "ed.h" -int pcp_ed_verify(unsigned char *input, size_t inputlen, pcp_sig_t *sig, pcp_pubkey_t *p) { - unsigned char *message = ucmalloc(inputlen + crypto_sign_BYTES); - unsigned char *tmpsig = ucmalloc(inputlen + crypto_sign_BYTES); // from sig - size_t mlen = 0; +unsigned char * pcp_ed_verify(unsigned char *signature, size_t siglen, pcp_pubkey_t *p) { + unsigned char *message = ucmalloc(siglen - crypto_sign_BYTES); + size_t mlen; - memcpy(tmpsig, sig->edsig, crypto_sign_BYTES); - memcpy(&tmpsig[crypto_sign_BYTES], input, inputlen); - - if(crypto_sign_open(message, &mlen, tmpsig, inputlen + crypto_sign_BYTES, p->edpub) != 0) { + if(crypto_sign_open(message, &mlen, signature, siglen, p->edpub) != 0) { fatal("Failed to open the signature using the public key 0x%s!\n", p->id); goto errve1; } - if(memcmp(message, input, inputlen) != 0) { - fatal("Failed to verify the signature, signed messages differ!\n"); - goto errve1; - } - - free(tmpsig); - free(message); - return 0; + return message; errve1: free(message); - free(tmpsig); - return 1; + return NULL; } - - -pcp_sig_t *pcp_ed_sign(unsigned char *message, size_t messagesize, pcp_key_t *s) { +unsigned char *pcp_ed_sign(unsigned char *message, size_t messagesize, pcp_key_t *s) { size_t mlen = messagesize + crypto_sign_BYTES; - unsigned char *tmp = ucmalloc(mlen); - unsigned char *signature = ucmalloc(crypto_sign_BYTES); + unsigned char *signature = ucmalloc(mlen); - crypto_sign(tmp, &mlen, message, messagesize, s->edsecret); + crypto_sign(signature, &mlen, message, messagesize, s->edsecret); - memcpy(signature, tmp, crypto_sign_BYTES); - - pcp_sig_t *sig = pcp_ed_newsig(signature, s->id); - - memset(tmp, 0, mlen); - free(tmp); - - return sig; + return signature; } -pcp_sig_t *pcp_ed_newsig(unsigned char *hash, char *id) { - pcp_sig_t *sig = ucmalloc(sizeof(pcp_sig_t)); - sig->version = PCP_SIG_VERSION; - sig->ctime = (long)time(0); - memcpy(sig->edsig, hash, crypto_sign_BYTES); - memcpy(sig->id, id, 17); - return sig; -} +size_t pcp_ed_sign_buffered(FILE *in, FILE *out, pcp_key_t *s, int z85) { + unsigned char in_buf[PCP_BLOCK_SIZE]; + size_t cur_bufsize = 0; + crypto_generichash_state *st = ucmalloc(sizeof(crypto_generichash_state)); + unsigned char hash[crypto_generichash_BYTES_MAX]; -pcp_sig_t *sig2native(pcp_sig_t *s) { -#ifdef __CPU_IS_BIG_ENDIAN - return s; -#else - s->version = be32toh(s->version); - s->ctime = be64toh(s->ctime); - return s; -#endif -} + crypto_generichash_init(st, NULL, 0, 0); -pcp_sig_t *sig2be(pcp_sig_t *s) { -#ifdef __CPU_IS_BIG_ENDIAN - return s; -#else - s->version = htobe32(s->version); - s->ctime = htobe64(s->ctime); - return s; -#endif -} + if(z85) + fprintf(out, "%s\nHash: Blake2\n\n", PCP_SIG_HEADER); + while(!feof(in)) { + cur_bufsize = fread(&in_buf, 1, PCP_BLOCK_SIZE, in); + if(cur_bufsize <= 0) + break; + + crypto_generichash_update(st, in_buf, cur_bufsize); + fwrite(in_buf, cur_bufsize, 1, out); + } + + if(ferror(out) != 0) { + fatal("Failed to write encrypted output!\n"); + free(st); + return 0; + } + + crypto_generichash_final(st, hash, crypto_generichash_BYTES_MAX); + + size_t mlen = + crypto_sign_BYTES + crypto_generichash_BYTES_MAX; + unsigned char *signature = ucmalloc(mlen); + crypto_sign(signature, &mlen, hash, crypto_generichash_BYTES_MAX, s->edsecret); + + if(z85) { + if(in_buf[cur_bufsize] != '\n') + fprintf(out, "\n"); + fprintf(out, "%s\nVersion: PCP v%d.%d.%d\n\n", PCP_SIG_START, PCP_VERSION_MAJOR, PCP_VERSION_MINOR, PCP_VERSION_PATCH); + size_t zlen; + char *z85encoded = pcp_z85_encode((unsigned char*)signature, crypto_sign_BYTES, &zlen); + fprintf(out, "%s\n%s\n", z85encoded, PCP_SIG_END); + } + else { + fwrite(signature, crypto_sign_BYTES, 1, out); + } + + if(fileno(in) != 0) + fclose(in); + if(fileno(out) != 1) + fclose(out); + + free(st); + + return mlen; // ??? +} diff --git a/src/encryption.c b/src/encryption.c index b25b766..6bf5cf3 100644 --- a/src/encryption.c +++ b/src/encryption.c @@ -137,7 +137,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec pcp_pubkey_t *tmp = NULL; pcp_pubkey_t *pub = NULL; pcp_key_t *secret = NULL; - unsigned char *symkey; + unsigned char *symkey = NULL; int self = 0; if(id == NULL && recipient == NULL) { @@ -256,7 +256,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec } } - size_t clen; + size_t clen = 0; if(self == 1) pcp_encrypt_file_sym(in, out, symkey, 0); diff --git a/src/keyprint.c b/src/keyprint.c index cfa3783..227f6c5 100644 --- a/src/keyprint.c +++ b/src/keyprint.c @@ -102,33 +102,6 @@ int pcptext_infile(char *infile) { } } - if(clen == sizeof(pcp_sig_t)) { - // a signature? - pcp_sig_t *sig = (pcp_sig_t *)bin; - sig2native(sig); - if(sig->version == PCP_SIG_VERSION) { - // looks valid - fprintf(stdout, "%s is an ed25519 signature file:\n", infile); - struct tm *c; - time_t t = (time_t)sig->ctime; - c = localtime(&t); - fprintf(stdout, "Signed by key: 0x%s\n", sig->id); - fprintf(stdout, "Creation Time: %04d-%02d-%02dT%02d:%02d:%02d\n", - c->tm_year+1900, c->tm_mon+1, c->tm_mday, - c->tm_hour, c->tm_min, c->tm_sec); - fprintf(stdout, " Signature: "); - pcpprint_bin(stdout, sig->edsig, crypto_sign_BYTES); - fprintf(stdout, "\n"); - free(sig); - goto tdone; - } - else { - fprintf(stdout, "%s looks like a ed255 signature but failed sanity checking.\n", infile); - free(sig); - goto errtinf1; - } - } - // still there? fprintf(stdout, "%s looks Z85 encoded but otherwise unknown and is possibly encrypted.\n", infile); diff --git a/src/pcp.c b/src/pcp.c index 660830a..c2dafb5 100644 --- a/src/pcp.c +++ b/src/pcp.c @@ -44,11 +44,10 @@ char *default_vault() { } int main (int argc, char **argv) { - int opt, mode, usevault, useid, userec, lo; + int opt, mode, usevault, useid, userec, lo, armor; char *vaultfile = default_vault(); char *outfile = NULL; char *infile = NULL; - char *sigfile = NULL; char *keyid = NULL; char *id = NULL; char *xpass = NULL; @@ -63,6 +62,7 @@ int main (int argc, char **argv) { useid = 0; userec = 0; lo = 0; + armor = 0; static struct option longopts[] = { // generics @@ -101,11 +101,11 @@ int main (int argc, char **argv) { // signing { "sign", no_argument, NULL, 'g' }, - { "check-signature", required_argument, NULL, 'c' }, + { "check-signature", no_argument, NULL, 'c' }, { NULL, 0, NULL, 0 } }; - while ((opt = getopt_long(argc, argv, "klV:vdehsO:i:I:pSPRtEx:DzZr:gc:ym", + while ((opt = getopt_long(argc, argv, "klV:vdehsO:i:I:pSPRtEx:DzZr:gcym", longopts, NULL)) != -1) { switch (opt) { @@ -166,10 +166,10 @@ int main (int argc, char **argv) { usevault = 1; break; case 'z': - mode += PCP_MODE_ZENCODE; + armor = 1; break; case 'Z': - mode += PCP_MODE_ZDECODE; + armor = 1; break; case 'g': mode += PCP_MODE_SIGN; @@ -177,8 +177,6 @@ int main (int argc, char **argv) { break; case 'c': mode += PCP_MODE_VERIFY; - sigfile = ucmalloc(strlen(optarg)+1); - strncpy(sigfile, optarg, strlen(optarg)+1); usevault = 1; break; case 'y': @@ -234,6 +232,11 @@ int main (int argc, char **argv) { sodium_init(); // FIXME: better called from the lib? + if(mode == PCP_MODE_ENCRYPT && useid == 0 && userec == 0) { + usevault = 0; + mode = PCP_MODE_ENCRYPT_ME; + } + if(usevault == 1) { pcphash_init(); vault = pcpvault_init(vaultfile); @@ -340,10 +343,6 @@ int main (int argc, char **argv) { // multiple dst pcpencrypt(NULL, infile, outfile, xpass, recipient); } - else if(useid == 0 && userec == 0) { - // self mode, same as -m - pcpencrypt(NULL, infile, outfile, xpass, NULL); - } else { // -i and -r specified fatal("You can't specify both -i and -r, use either -i or -r!\n"); @@ -373,11 +372,20 @@ int main (int argc, char **argv) { break; case PCP_MODE_SIGN: - pcpsign(infile, outfile, xpass); + pcpsign(infile, outfile, xpass, armor); break; case PCP_MODE_VERIFY: - pcpverify(infile, sigfile); + if(useid) { + id = pcp_normalize_id(keyid); + if(id != NULL) { + pcpverify(infile, id); + free(id); + } + } + else { + pcpverify(infile, NULL); + } break; case PCP_MODE_YAML: @@ -434,7 +442,7 @@ int main (int argc, char **argv) { default: // mode params mixed - fatal("Sorry, invalid combination of commandline parameters!\n"); + fatal("Sorry, invalid combination of commandline parameters (0x%04X)!\n", mode); break; } } diff --git a/src/signature.c b/src/signature.c index 5398f07..6447767 100644 --- a/src/signature.c +++ b/src/signature.c @@ -23,7 +23,7 @@ #include "signature.h" #include "defines.h" -int pcpsign(char *infile, char *outfile, char *passwd) { +int pcpsign(char *infile, char *outfile, char *passwd, int z85) { FILE *in = NULL; FILE *out = NULL; pcp_key_t *secret = NULL; @@ -33,15 +33,13 @@ int pcpsign(char *infile, char *outfile, char *passwd) { fatal("Could not find a secret key in vault %s!\n", vault->filename); goto errs1; } - - if(infile == NULL) in = stdin; else { if((in = fopen(infile, "rb")) == NULL) { fatal("Could not open input file %s\n", infile); - goto errs2; + goto errs1; } } @@ -50,7 +48,7 @@ int pcpsign(char *infile, char *outfile, char *passwd) { else { if((out = fopen(outfile, "wb+")) == NULL) { fatal("Could not open output file %s\n", outfile); - goto errs2; + goto errs1; } } @@ -68,82 +66,26 @@ int pcpsign(char *infile, char *outfile, char *passwd) { secret = pcpkey_decrypt(secret, passphrase); if(secret == NULL) - goto errs3; + goto errs1; } - unsigned char *input = NULL; - size_t inputBufSize = 0; - unsigned char byte[1]; - - while(!feof(in)) { - if(!fread(&byte, 1, 1, in)) - break; - unsigned char *tmp = realloc(input, inputBufSize + 1); - input = tmp; - memmove(&input[inputBufSize], byte, 1); - inputBufSize ++; - } - fclose(in); + size_t sigsize = pcp_ed_sign_buffered(in, out, secret, z85); - if(inputBufSize == 0) { - fatal("Input file is empty!\n"); - goto errs4; - } + if(sigsize == 0) + goto errs1; - size_t zlen; - pcp_sig_t *signature = pcp_ed_sign(input, inputBufSize, secret); - - // scip - //printf("sigsize: %d\n", (int)sizeof(pcp_sig_t)); - //pcp_dumpsig(signature); - - if(signature == NULL) - goto errs5; - - sig2be(signature); - char *encoded = pcp_z85_encode((unsigned char *)signature, sizeof(pcp_sig_t), &zlen); - - if(encoded == NULL) - goto errs6; - - fprintf(out, "%s\n%s\n%s\n", PCP_SIG_HEADER, encoded, PCP_SIG_FOOTER); - if(ferror(out) != 0) { - fatal("Failed to write encrypted output!\n"); - goto errs7; - } - - fprintf(stderr, "Signed %d bytes successfully\n", - (int)inputBufSize); - - fclose(out); - free(encoded); - free(signature); + fprintf(stderr, "Signed %ld bytes successfully\n", sigsize); return 0; - errs7: - free(encoded); - - errs6: - free(signature); - - errs5: - - errs4: - free(input); - - errs3: - - errs2: - errs1: return 1; } -int pcpverify(char *infile, char *sigfile) { +int pcpverify(char *infile, char *id) { FILE *in = NULL; - FILE *sigin = NULL; pcp_pubkey_t *pub = NULL; + unsigned char *message = NULL; if(infile == NULL) in = stdin; @@ -154,36 +96,16 @@ int pcpverify(char *infile, char *sigfile) { } } - if((sigin = fopen(sigfile, "rb")) == NULL) { - fatal("Could not open signature file %s\n", sigfile); - goto errv1; - } - - char *encoded = pcp_readz85file(sigin); - if(encoded == NULL) - goto errv1; - - size_t clen; - unsigned char *decoded = pcp_z85_decode((char *)encoded, &clen); - - if(decoded == NULL) - goto errv2; - - if(clen != sizeof(pcp_sig_t)) { - fatal("Error: decoded signature file didn't result to a proper sized sig! (got %d bytes)\n", clen); - goto errv2; - } - - pcp_sig_t *sig = (pcp_sig_t *)decoded; - sig2native(sig); - - HASH_FIND_STR(pcppubkey_hash, sig->id, pub); + if(id != NULL) + HASH_FIND_STR(pcppubkey_hash, id, pub); + /* if(pub == NULL) { fatal("Could not find a usable public key in vault %s!\n", vault->filename); goto errv3; } + */ unsigned char *input = NULL; size_t inputBufSize = 0; @@ -204,37 +126,35 @@ int pcpverify(char *infile, char *sigfile) { goto errv4; } - - if(pcp_ed_verify(input, inputBufSize, sig, pub) == 0) { - fprintf(stderr, "Signature verified.\n"); + if(pub != NULL) { + message = pcp_ed_verify(input, inputBufSize, pub); + if(message != NULL) { + fprintf(stderr, "Signature verified (signed by %s <%s>).\n", pub->owner, pub->mail); + } + } + else { + pcphash_iteratepub(pub) { + message = pcp_ed_verify(input, inputBufSize, pub); + if(message != NULL) { + fprintf(stderr, "Signature verified (signed by %s <%s>).\n", pub->owner, pub->mail); + break; + } + } } - free(decoded); - free(encoded); + if(message == NULL) { + fprintf(stderr, "Could not verify ignature\n"); + } + else + free(message); + free(input); return 0; errv4: free(input); - errv3: - free(decoded); - - errv2: - // free(encoded); why??? - errv1: return 1; } -void pcp_dumpsig(pcp_sig_t *sig) { - printf(" ed: "); - pcpprint_bin(stdout, sig->edsig, crypto_sign_BYTES);printf("\n"); - - printf(" id: %s\n", sig->id); - - printf(" ctime: %ld\n", sig->ctime); - - printf("version: %04x\n", sig->version); - -} diff --git a/src/signature.h b/src/signature.h index cc6bf4a..1ba3c12 100644 --- a/src/signature.h +++ b/src/signature.h @@ -32,8 +32,8 @@ #include "uthash.h" #include "z85.h" -int pcpsign(char *infile, char *outfile, char *passwd); -int pcpverify(char *infile, char *sigfile); +int pcpsign(char *infile, char *outfile, char *passwd, int z85); +int pcpverify(char *infile, char *id); diff --git a/tests/cpptest.cpp b/tests/cpptest.cpp index 145f23e..a580ae2 100644 --- a/tests/cpptest.cpp +++ b/tests/cpptest.cpp @@ -95,9 +95,10 @@ void test3() { Signature SigA(A); Signature SigB(PA); - string sig = SigA.sign(message); + unsigned char *sig = SigA.sign((unsigned char*)message.c_str(), message.length()); - if(SigB.verify(sig, message) ) + // FIXME: bad api here + if(SigB.verify(sig, message.length() + crypto_sign_BYTES) ) cout << "3 ok" << endl; } diff --git a/tests/unittests.cfg b/tests/unittests.cfg index 9dd5596..911c395 100644 --- a/tests/unittests.cfg +++ b/tests/unittests.cfg @@ -129,11 +129,6 @@ dxmorg@florida.cops.gov expect = /encrypted/ - - cmd = $pcp -t -I unknown5 - expect = /ed25519/ - - # # encryption tests @@ -221,7 +216,7 @@ dxmorg@florida.cops.gov expect-file testsig - cmd = $pcp -V vb -c testsig -I README + cmd = $pcp -V vb -c -I testsig -i $idalicia expect = /verified/ @@ -393,7 +388,7 @@ dxmorg@florida.cops.gov prepare = ./invalidkeys cmd = $pcp -V $vault -P -I testpubkey-invalid-id - expect = /nvalid key id/ + expect = /(invalid key id|could not decode input)/