scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 03:50:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

re-implemented signature system to match the standard (orinal input, including sig for full sig; or 32k blockwise hash of input and sig from hash attached to original input without the hash), verify_buffered currently not implemented, armored sig only for output.

Browse Source
This commit is contained in:
git@daemon.de
2014-01-23 15:40:06 +01:00
parent f09d4774cb
commit c717c060ec
12 changed files with 161 additions and 319 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/encryption.c
View File

@@ -137,7 +137,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
pcp_pubkey_t *tmp = NULL;
pcp_pubkey_t *pub = NULL;
pcp_key_t *secret = NULL;
unsigned char *symkey;
unsigned char *symkey = NULL;
int self = 0;
if(id == NULL && recipient == NULL) {
@@ -256,7 +256,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
}
}
size_t clen;
size_t clen = 0;
if(self == 1)
pcp_encrypt_file_sym(in, out, symkey, 0);

27
src/keyprint.c
View File

@@ -102,33 +102,6 @@ int pcptext_infile(char *infile) {
}
}
if(clen == sizeof(pcp_sig_t)) {
// a signature?
pcp_sig_t *sig = (pcp_sig_t *)bin;
sig2native(sig);
if(sig->version == PCP_SIG_VERSION) {
// looks valid
fprintf(stdout, "%s is an ed25519 signature file:\n", infile);
struct tm *c;
time_t t = (time_t)sig->ctime;
c = localtime(&t);
fprintf(stdout, "Signed by key: 0x%s\n", sig->id);
fprintf(stdout, "Creation Time: %04d-%02d-%02dT%02d:%02d:%02d\n",
c->tm_year+1900, c->tm_mon+1, c->tm_mday,
c->tm_hour, c->tm_min, c->tm_sec);
fprintf(stdout, " Signature: ");
pcpprint_bin(stdout, sig->edsig, crypto_sign_BYTES);
fprintf(stdout, "\n");
free(sig);
goto tdone;
}
else {
fprintf(stdout, "%s looks like a ed255 signature but failed sanity checking.\n", infile);
free(sig);
goto errtinf1;
}
}
// still there?
fprintf(stdout, "%s looks Z85 encoded but otherwise unknown and is possibly encrypted.\n", infile);

38
src/pcp.c
View File

@@ -44,11 +44,10 @@ char *default_vault() {
}
int main (int argc, char **argv) {
int opt, mode, usevault, useid, userec, lo;
int opt, mode, usevault, useid, userec, lo, armor;
char *vaultfile = default_vault();
char *outfile = NULL;
char *infile = NULL;
char *sigfile = NULL;
char *keyid = NULL;
char *id = NULL;
char *xpass = NULL;
@@ -63,6 +62,7 @@ int main (int argc, char **argv) {
useid = 0;
userec = 0;
lo = 0;
armor = 0;
static struct option longopts[] = {
// generics
@@ -101,11 +101,11 @@ int main (int argc, char **argv) {
// signing
{ "sign", no_argument, NULL, 'g' },
{ "check-signature", required_argument, NULL, 'c' },
{ "check-signature", no_argument, NULL, 'c' },
{ NULL, 0, NULL, 0 }
};
while ((opt = getopt_long(argc, argv, "klV:vdehsO:i:I:pSPRtEx:DzZr:gc:ym",
while ((opt = getopt_long(argc, argv, "klV:vdehsO:i:I:pSPRtEx:DzZr:gcym",
longopts, NULL)) != -1) {
switch (opt) {
@@ -166,10 +166,10 @@ int main (int argc, char **argv) {
usevault = 1;
break;
case 'z':
mode += PCP_MODE_ZENCODE;
armor = 1;
break;
case 'Z':
mode += PCP_MODE_ZDECODE;
armor = 1;
break;
case 'g':
mode += PCP_MODE_SIGN;
@@ -177,8 +177,6 @@ int main (int argc, char **argv) {
break;
case 'c':
mode += PCP_MODE_VERIFY;
sigfile = ucmalloc(strlen(optarg)+1);
strncpy(sigfile, optarg, strlen(optarg)+1);
usevault = 1;
break;
case 'y':
@@ -234,6 +232,11 @@ int main (int argc, char **argv) {
sodium_init(); // FIXME: better called from the lib?
if(mode == PCP_MODE_ENCRYPT && useid == 0 && userec == 0) {
usevault = 0;
mode = PCP_MODE_ENCRYPT_ME;
}
if(usevault == 1) {
pcphash_init();
vault = pcpvault_init(vaultfile);
@@ -340,10 +343,6 @@ int main (int argc, char **argv) {
// multiple dst
pcpencrypt(NULL, infile, outfile, xpass, recipient);
}
else if(useid == 0 && userec == 0) {
// self mode, same as -m
pcpencrypt(NULL, infile, outfile, xpass, NULL);
}
else {
// -i and -r specified
fatal("You can't specify both -i and -r, use either -i or -r!\n");
@@ -373,11 +372,20 @@ int main (int argc, char **argv) {
break;
case PCP_MODE_SIGN:
pcpsign(infile, outfile, xpass);
pcpsign(infile, outfile, xpass, armor);
break;
case PCP_MODE_VERIFY:
pcpverify(infile, sigfile);
if(useid) {
id = pcp_normalize_id(keyid);
if(id != NULL) {
pcpverify(infile, id);
free(id);
}
}
else {
pcpverify(infile, NULL);
}
break;
case PCP_MODE_YAML:
@@ -434,7 +442,7 @@ int main (int argc, char **argv) {
default:
// mode params mixed
fatal("Sorry, invalid combination of commandline parameters!\n");
fatal("Sorry, invalid combination of commandline parameters (0x%04X)!\n", mode);
break;
}
}

148
src/signature.c
View File

@@ -23,7 +23,7 @@
#include "signature.h"
#include "defines.h"
int pcpsign(char *infile, char *outfile, char *passwd) {
int pcpsign(char *infile, char *outfile, char *passwd, int z85) {
FILE *in = NULL;
FILE *out = NULL;
pcp_key_t *secret = NULL;
@@ -33,15 +33,13 @@ int pcpsign(char *infile, char *outfile, char *passwd) {
fatal("Could not find a secret key in vault %s!\n", vault->filename);
goto errs1;
}
if(infile == NULL)
in = stdin;
else {
if((in = fopen(infile, "rb")) == NULL) {
fatal("Could not open input file %s\n", infile);
goto errs2;
goto errs1;
}
}
@@ -50,7 +48,7 @@ int pcpsign(char *infile, char *outfile, char *passwd) {
else {
if((out = fopen(outfile, "wb+")) == NULL) {
fatal("Could not open output file %s\n", outfile);
goto errs2;
goto errs1;
}
}
@@ -68,82 +66,26 @@ int pcpsign(char *infile, char *outfile, char *passwd) {
secret = pcpkey_decrypt(secret, passphrase);
if(secret == NULL)
goto errs3;
goto errs1;
}
unsigned char *input = NULL;
size_t inputBufSize = 0;
unsigned char byte[1];
while(!feof(in)) {
if(!fread(&byte, 1, 1, in))
break;
unsigned char *tmp = realloc(input, inputBufSize + 1);
input = tmp;
memmove(&input[inputBufSize], byte, 1);
inputBufSize ++;
}
fclose(in);
size_t sigsize = pcp_ed_sign_buffered(in, out, secret, z85);
if(inputBufSize == 0) {
fatal("Input file is empty!\n");
goto errs4;
}
if(sigsize == 0)
goto errs1;
size_t zlen;
pcp_sig_t *signature = pcp_ed_sign(input, inputBufSize, secret);
// scip
//printf("sigsize: %d\n", (int)sizeof(pcp_sig_t));
//pcp_dumpsig(signature);
if(signature == NULL)
goto errs5;
sig2be(signature);
char *encoded = pcp_z85_encode((unsigned char *)signature, sizeof(pcp_sig_t), &zlen);
if(encoded == NULL)
goto errs6;
fprintf(out, "%s\n%s\n%s\n", PCP_SIG_HEADER, encoded, PCP_SIG_FOOTER);
if(ferror(out) != 0) {
fatal("Failed to write encrypted output!\n");
goto errs7;
}
fprintf(stderr, "Signed %d bytes successfully\n",
(int)inputBufSize);
fclose(out);
free(encoded);
free(signature);
fprintf(stderr, "Signed %ld bytes successfully\n", sigsize);
return 0;
errs7:
free(encoded);
errs6:
free(signature);
errs5:
errs4:
free(input);
errs3:
errs2:
errs1:
return 1;
}
int pcpverify(char *infile, char *sigfile) {
int pcpverify(char *infile, char *id) {
FILE *in = NULL;
FILE *sigin = NULL;
pcp_pubkey_t *pub = NULL;
unsigned char *message = NULL;
if(infile == NULL)
in = stdin;
@@ -154,36 +96,16 @@ int pcpverify(char *infile, char *sigfile) {
}
}
if((sigin = fopen(sigfile, "rb")) == NULL) {
fatal("Could not open signature file %s\n", sigfile);
goto errv1;
}
char *encoded = pcp_readz85file(sigin);
if(encoded == NULL)
goto errv1;
size_t clen;
unsigned char *decoded = pcp_z85_decode((char *)encoded, &clen);
if(decoded == NULL)
goto errv2;
if(clen != sizeof(pcp_sig_t)) {
fatal("Error: decoded signature file didn't result to a proper sized sig! (got %d bytes)\n", clen);
goto errv2;
}
pcp_sig_t *sig = (pcp_sig_t *)decoded;
sig2native(sig);
HASH_FIND_STR(pcppubkey_hash, sig->id, pub);
if(id != NULL)
HASH_FIND_STR(pcppubkey_hash, id, pub);
/*
if(pub == NULL) {
fatal("Could not find a usable public key in vault %s!\n",
vault->filename);
goto errv3;
}
*/
unsigned char *input = NULL;
size_t inputBufSize = 0;
@@ -204,37 +126,35 @@ int pcpverify(char *infile, char *sigfile) {
goto errv4;
}
if(pcp_ed_verify(input, inputBufSize, sig, pub) == 0) {
fprintf(stderr, "Signature verified.\n");
if(pub != NULL) {
message = pcp_ed_verify(input, inputBufSize, pub);
if(message != NULL) {
fprintf(stderr, "Signature verified (signed by %s <%s>).\n", pub->owner, pub->mail);
}
}
else {
pcphash_iteratepub(pub) {
message = pcp_ed_verify(input, inputBufSize, pub);
if(message != NULL) {
fprintf(stderr, "Signature verified (signed by %s <%s>).\n", pub->owner, pub->mail);
break;
}
}
}
free(decoded);
free(encoded);
if(message == NULL) {
fprintf(stderr, "Could not verify ignature\n");
}
else
free(message);
free(input);
return 0;
errv4:
free(input);
errv3:
free(decoded);
errv2:
// free(encoded); why???
errv1:
return 1;
}
void pcp_dumpsig(pcp_sig_t *sig) {
printf(" ed: ");
pcpprint_bin(stdout, sig->edsig, crypto_sign_BYTES);printf("\n");
printf(" id: %s\n", sig->id);
printf(" ctime: %ld\n", sig->ctime);
printf("version: %04x\n", sig->version);
}

4
src/signature.h
View File

@@ -32,8 +32,8 @@
#include "uthash.h"
#include "z85.h"
int pcpsign(char *infile, char *outfile, char *passwd);
int pcpverify(char *infile, char *sigfile);
int pcpsign(char *infile, char *outfile, char *passwd, int z85);
int pcpverify(char *infile, char *id);