From da70c4479edba70bfb1fd3fb3fab61a640bee6d2 Mon Sep 17 00:00:00 2001 From: "git@daemon.de" Date: Wed, 19 Aug 2015 20:53:46 +0200 Subject: [PATCH] removed support to store unencrypted secret key --- ChangeLog | 4 +++ libpcp/readpass.c | 12 ++++++++ man/options.pod | 4 +-- src/encryption.c | 68 +++++++++++++++++++++------------------------ src/keymgmt.c | 43 ++++++++++++---------------- src/pcp.c | 2 -- src/signature.c | 29 +++++++++---------- tests/unittests.cfg | 46 ++---------------------------- 8 files changed, 83 insertions(+), 125 deletions(-) diff --git a/ChangeLog b/ChangeLog index 757e0eb..1596d7f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ NEXT Added check for weak passphrases using entropy test. Used with -k. + Removed support for unencrypted secret key storage + so, pcp aims to be secure by default and fails + safely. + 0.3.0 Changed publuc key signature storage, previously I didn't add the actual signature, therefore a diff --git a/libpcp/readpass.c b/libpcp/readpass.c index 6a3ac60..65430b3 100644 --- a/libpcp/readpass.c +++ b/libpcp/readpass.c @@ -24,6 +24,9 @@ * SUCH DAMAGE. */ +/* + * Modifications (c) 2013 - 2015 by T.v.Dein, same license as this file. + */ #include "readpass.h" @@ -101,6 +104,8 @@ retry: goto err2; } + + /* Confirm the password if necessary. */ if (confirmprompt != NULL) { if (usingtty) @@ -119,6 +124,13 @@ retry: /* Terminate the string at the first "\r" or "\n" (if any). */ passbuf[strcspn(passbuf, "\r\n")] = '\0'; + /* enforce no empty passwords */ + if (strnlen(passbuf, MAXPASSLEN) == 0) { + fprintf(stderr, + "Empty password not allowed, please try again\n"); + goto retry; + } + /* If we changed terminal settings, reset them. */ if (usingtty) tcsetattr(fileno(readfrom), TCSANOW, &term_old); diff --git a/man/options.pod b/man/options.pod index 48550e4..ff81986 100644 --- a/man/options.pod +++ b/man/options.pod @@ -38,9 +38,7 @@ been specified, don't store the generated key to the vault but export it to the file instead. You will be asked for - an owner, mail and a passphrase. If you - leave the passphrase empty, the key will - be stored unencrypted. + an owner, mail and a passphrase. -l --listkeys List all keys currently stored in your vault. Only the key id's and some info about the keys will be printed, not the diff --git a/src/encryption.c b/src/encryption.c index 78cc0a9..58108a3 100644 --- a/src/encryption.c +++ b/src/encryption.c @@ -95,29 +95,27 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i goto errde3; } } - if(secret->secret[0] == 0) { - /* encrypted, decrypt it */ - char *passphrase; - if(passwd == NULL) { - pcp_readpass(ptx, &passphrase, - "Enter passphrase to decrypt your secret key", NULL, 1, NULL); - } - else { - passphrase = smalloc(strlen(passwd)+1); - memcpy(passphrase, passwd, strlen(passwd)+1); - } - secret = pcpkey_decrypt(ptx, secret, passphrase); - sfree(passphrase); - if(secret == NULL) - goto errde3; - - if(head == PCP_ASYM_CIPHER_ANON) - anon = 1; - - if(head == PCP_ASYM_CIPHER_SIG) - verify = 1; + char *passphrase; + if(passwd == NULL) { + pcp_readpass(ptx, &passphrase, + "Enter passphrase to decrypt your secret key", NULL, 1, NULL); } + else { + passphrase = smalloc(strlen(passwd)+1); + memcpy(passphrase, passwd, strlen(passwd)+1); + } + + secret = pcpkey_decrypt(ptx, secret, passphrase); + sfree(passphrase); + if(secret == NULL) + goto errde3; + + if(head == PCP_ASYM_CIPHER_ANON) + anon = 1; + + if(head == PCP_ASYM_CIPHER_SIG) + verify = 1; } else { fatal(ptx, "Could not determine input file type (got: %02x)\n", head); @@ -264,22 +262,20 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec goto erren2; } - if(secret->secret[0] == 0) { - /* encrypted, decrypt it */ - char *passphrase; - if(passwd == NULL) { - pcp_readpass(ptx, &passphrase, - "Enter passphrase to decrypt your secret key", NULL, 1, NULL); - } - else { - passphrase = smalloc(strlen(passwd)+1); - memcpy(passphrase, passwd, strlen(passwd)+1); - } - secret = pcpkey_decrypt(ptx, secret, passphrase); - sfree(passphrase); - if(secret == NULL) - goto erren2; + char *passphrase; + if(passwd == NULL) { + pcp_readpass(ptx, &passphrase, + "Enter passphrase to decrypt your secret key", NULL, 1, NULL); } + else { + passphrase = smalloc(strlen(passwd)+1); + memcpy(passphrase, passwd, strlen(passwd)+1); + } + secret = pcpkey_decrypt(ptx, secret, passphrase); + sfree(passphrase); + if(secret == NULL) + goto erren2; + } } diff --git a/src/keymgmt.c b/src/keymgmt.c index ab74194..09043e3 100644 --- a/src/keymgmt.c +++ b/src/keymgmt.c @@ -1,7 +1,7 @@ /* This file is part of Pretty Curved Privacy (pcp1). - Copyright (C) 2013-2015 T.Linden. + Copyright (C) 2013-2015 T.v.Dein. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -97,14 +97,10 @@ void pcp_keygen(char *passwd) { key = pcpkey_encrypt(ptx, k, passphrase); } else { - char *yes = pcp_getstdin("WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?"); - if(strncmp(yes, "yes", 1024) == 0) - key = k; - else { - memset(key, 0, sizeof(pcp_key_t)); - free(key); - goto errkg1; - } + /* No unencrypted secret key allowed anymore [19.08.2015, tom] */ + memset(k, 0, sizeof(pcp_key_t)); + free(k); + goto errkg1; } if(key != NULL) { @@ -239,24 +235,21 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa if(debug) pcp_dumpkey(key); - if(key->secret[0] == 0) { - /* decrypt the secret key */ - if(passwd == NULL) { - char *passphrase; - pcp_readpass(ptx, &passphrase, - "Enter passphrase to decrypt your secret key", NULL, 1, NULL); - key = pcpkey_decrypt(ptx, key, passphrase); - if(key == NULL) { - sfree(passphrase); - goto errexpse1; - } + if(passwd == NULL) { + char *passphrase; + pcp_readpass(ptx, &passphrase, + "Enter passphrase to decrypt your secret key", NULL, 1, NULL); + key = pcpkey_decrypt(ptx, key, passphrase); + if(key == NULL) { sfree(passphrase); + goto errexpse1; } - else { - key = pcpkey_decrypt(ptx, key, passwd); - if(key == NULL) { - goto errexpse1; - } + sfree(passphrase); + } + else { + key = pcpkey_decrypt(ptx, key, passwd); + if(key == NULL) { + goto errexpse1; } } diff --git a/src/pcp.c b/src/pcp.c index 0b9fc3f..fa4b881 100644 --- a/src/pcp.c +++ b/src/pcp.c @@ -270,8 +270,6 @@ int main (int argc, char **argv) { case 'x': xpass = smalloc(strlen(optarg)+1); strncpy(xpass, optarg, strlen(optarg)+1); - if(strncmp(xpass, "n/a", 3) == 0) - xpass[0] = '\0'; break; case LONG_EXTPASS: askpass = malloc(strlen(optarg)+1); diff --git a/src/signature.c b/src/signature.c index 97c16d5..5406c81 100644 --- a/src/signature.c +++ b/src/signature.c @@ -54,23 +54,20 @@ int pcpsign(char *infile, char *outfile, char *passwd, int z85, int detach) { } } - if(secret->secret[0] == 0) { - /* encrypted, decrypt it */ - char *passphrase; - if(passwd == NULL) { - pcp_readpass(ptx, &passphrase, - "Enter passphrase to decrypt your secret key", NULL, 1, NULL); - } - else { - passphrase = smalloc(strlen(passwd)+1); - memcpy(passphrase, passwd, strlen(passwd)+1); - } - - secret = pcpkey_decrypt(ptx, secret, passphrase); - sfree(passphrase); - if(secret == NULL) - goto errs1; + char *passphrase; + if(passwd == NULL) { + pcp_readpass(ptx, &passphrase, + "Enter passphrase to decrypt your secret key", NULL, 1, NULL); } + else { + passphrase = smalloc(strlen(passwd)+1); + memcpy(passphrase, passwd, strlen(passwd)+1); + } + + secret = pcpkey_decrypt(ptx, secret, passphrase); + sfree(passphrase); + if(secret == NULL) + goto errs1; Pcpstream *pin = ps_new_file(in); Pcpstream *pout = ps_new_file(out); diff --git a/tests/unittests.cfg b/tests/unittests.cfg index 99e55f1..cc854a6 100644 --- a/tests/unittests.cfg +++ b/tests/unittests.cfg @@ -2,7 +2,7 @@ # # This file is part of Pretty Curved Privacy (pcp1). # -# Copyright (C) 2013 T.Linden. +# Copyright (C) 2013-2015 T.v.Dein. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -259,55 +259,15 @@ temporarily disabled # # symetric encryption test -# FIXME: we currently use -V ve, but this one has to work without a vault - cmd = echo HELLOWORLD | $pcp -V ve -e -O testsymencrypted -x a + cmd = echo HELLOWORLD | $pcp -e -O testsymencrypted -x a expect = /symetrically/ - cmd = $pcp -V ve -d -I testsymencrypted -x a + cmd = $pcp -d -I testsymencrypted -x a expect = /HELLO/ -# -# check usage of unencrypted secret key - - prepare = rm -f vb2 vcl - - cmd = (echo dau; echo foo; echo yes) | $pcp -V vcl -k -x "n/a" - expect = /added to/ - - - - cmd = $pcp -V vcl -I key-bobby-pub -K - expect = /added/ - - - - cmd = $pcp -V vcl -p -O testkeyvcl - expect = /exported/ - - - - cmd = $pcp -V vb2 -K -I key-bobby-sec -x b - expect = /${idbobby}/ - - - - cmd = $pcp -V vb2 -K -I testkeyvcl - expect = /added/ - - - - cmd = echo HALLO | $pcp -V vcl -e -O testencrypted -i ${idbobby} - expect = /Bobby/ - - - - cmd = $pcp -V vb2 -d -I testencrypted -x b - expect = /HALLO/ - - # # signature tests