scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 03:50:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

put previously global error handling and key hashes into ptx (pcp context) to make libpcp threadsafe.

Browse Source
This commit is contained in:
TLINDEN
2014-05-04 17:11:03 +02:00
parent d1c87d1001
commit da9891ff81
58 changed files with 1330 additions and 958 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/Makefile.am
View File

@@ -22,6 +22,7 @@ PCPEXPORT = pcp.h \
pcp/buffer.h \
pcp/mgmt.h \
pcp/pcpstream.h \
pcp/keysig.h
pcp/keysig.h \
pcp/context.h
nobase_include_HEADERS = $(PCPEXPORT)

2
include/pcp.h
View File

@@ -9,6 +9,7 @@ extern "C" {
#include "pcp/base85.h"
#include "pcp/buffer.h"
#include "pcp/config.h"
#include "pcp/context.h"
#include "pcp/crypto.h"
#include "pcp/defines.h"
#include "pcp/digital_crc32.h"
@@ -27,6 +28,7 @@ extern "C" {
#include "pcp/plist.h"
#include "pcp/randomart.h"
#include "pcp/scrypt.h"
#include "pcp/structs.h"
#include "pcp/uthash.h"
#include "pcp/util.h"
#include "pcp/vault.h"

5
include/pcp/base85.h
View File

@@ -12,6 +12,7 @@ Licensed under the terms of the LGPL 2.1.
#include <string.h>
#include <stdio.h>
#include "defines.h"
#include "context.h"
#undef DEBUG_85
@@ -26,10 +27,10 @@ Licensed under the terms of the LGPL 2.1.
#endif
int decode_85(char *dst, const char *buffer, int len);
int decode_85(PCPCTX *ptx, char *dst, const char *buffer, int len);
void encode_85(char *buf, const unsigned char *data, int bytes);
#define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0]))
#define error(...) (fatal(__VA_ARGS__), -1)
#define error(...) (fatal(ptx, __VA_ARGS__), -1)
#endif /* HAVE_BASE85_H */

20
include/pcp/buffer.h
View File

@@ -27,6 +27,8 @@
#include "mem.h"
#include "util.h"
#include "defines.h"
#include "structs.h"
#include "context.h"
/**
* \defgroup Buffer BUFFER
@@ -44,22 +46,7 @@
*/
/** \struct _pcp_buffer
A flexible buffer object wich automatically resizes, if neccessary.
*/
struct _pcp_buffer {
char *name; /**< just for convenience in error messages and the like, so we know which buffer cause trouble */
uint8_t allocated; /**< marks the buffer as allocated */
size_t blocksize; /**< the blocksize to use when resizing, also used for initial malloc() */
size_t size; /**< stores the current allocated size of the object */
size_t offset; /**< current read position */
size_t end; /**< current write position, data end. maybe less than size. */
uint8_t isstring; /**< treat as char array/string */
void *buf; /**< the actual storage buffer */
};
/** The name used everywhere */
typedef struct _pcp_buffer Buffer;
/** Create a new buffer.
@@ -591,8 +578,7 @@ uint64_t buffer_last64(Buffer *b);
\param[in] len The number of bytes to read.
\return Returns the number of bytes read or 0 in case of an error or EOF.
Use feof() and ferror() to check this afterwards, call fatals_ifany()
in case of errors.
Use feof() and ferror() to check this afterwards.
*/
size_t buffer_fd_read(Buffer *b, FILE *in, size_t len);

95
include/pcp/context.h Normal file
View File

@@ -0,0 +1,95 @@
/*
This file is part of Pretty Curved Privacy (pcp1).
Copyright (C) 2013-2014 T.v.Dein.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You can contact me by mail: <tom AT vondein DOT org>.
*/
#ifndef _HAVE_PCP_CONTEXT_H
#define _HAVE_PCP_CONTEXT_H
#include "defines.h"
#include "platform.h"
#include "uthash.h"
#include "structs.h"
#include "mem.h"
#include "keyhash.h"
/**
* \defgroup CONTEXT CONTEXT
* @{
A couple of context functions to catch errors and display them.
The context also holds the key hashes.
*/
/** Create a new PCP Context.
Sets all context pointers to NULL.
\return the context object.
*/
PCPCTX *ptx_new();
/** Frees the memory allocated by the context.
\param[in] PCP Context object.
*/
void ptx_clean(PCPCTX *ptx);
/** Set an error message.
This function gets a printf() like error message,
which it stores in the global PCP_ERR variable
and sets PCP_ERRSET to 1.
\param[in] PCP Context object.
\param[in] fmt printf() like format description.
\param[in] ... format parameters, if any.
*/
void fatal(PCPCTX *ptx, const char * fmt, ...);
/** Prints error messages to STDERR, if there are some.
FIXME: add something like this which returns the
message.
\param[in] PCP Context object.
*/
void fatals_ifany(PCPCTX *ptx);
/** Reset the error variables.
This can be used to ignore previous errors.
Use with care.
\param[in] PCP Context object.
*/
void fatals_reset(PCPCTX *ptx);
/* same as fatal() but dies immediately */
void final(const char * fmt, ...);
#endif // _HAVE_PCP_CONTEXT_H

23
include/pcp/crypto.h
View File

@@ -35,6 +35,7 @@
#include "keyhash.h"
#include "ed.h"
#include "pcpstream.h"
#include "context.h"
/**
\defgroup CRYPTO CRYPTO
@@ -146,7 +147,7 @@ int pcp_sodium_verify_box(byte **cleartext, byte* message,
\return Returns an allocated byte array of the size csize which contains the encrypted result.
In case of an error, it returns NULL sets csize to 0. Use fatals_ifany() to check for errors.
*/
byte *pcp_box_encrypt(pcp_key_t *secret, pcp_pubkey_t *pub,
byte *pcp_box_encrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub,
byte *message, size_t messagesize,
size_t *csize);
@@ -157,6 +158,8 @@ byte *pcp_box_encrypt(pcp_key_t *secret, pcp_pubkey_t *pub,
requirement to work with raw NaCL crypto_box() output. This
function adds the neccessary padding and it uses PCP key structures.
\param[in] pcp context.
\param[in] secret The secret key structure from the sender.
\param[in] pub The public key structure from the recipient.
@@ -170,7 +173,7 @@ byte *pcp_box_encrypt(pcp_key_t *secret, pcp_pubkey_t *pub,
\return Returns an allocated byte array of the size csize which contains the encrypted result.
In case of an error, it returns NULL sets csize to 0. Use fatals_ifany() to check for errors.
*/
byte *pcp_box_decrypt(pcp_key_t *secret, pcp_pubkey_t *pub,
byte *pcp_box_decrypt(PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub,
byte *cipher, size_t ciphersize,
size_t *dsize);
@@ -182,6 +185,8 @@ byte *pcp_box_decrypt(pcp_key_t *secret, pcp_pubkey_t *pub,
Calls pcp_encrypt_stream_sym() after assembling the encrypted recipient list.
\param[in] pcp context.
\param[in] in Stream to read the data to encrypt from.
\param[out] out Stream to write encrypted result to.
@@ -194,7 +199,7 @@ byte *pcp_box_decrypt(pcp_key_t *secret, pcp_pubkey_t *pub,
\return Returns the size of the output written to the output stream or 0 in case of errors.
*/
size_t pcp_encrypt_stream(Pcpstream *in, Pcpstream* out, pcp_key_t *s, pcp_pubkey_t *p, int signcrypt);
size_t pcp_encrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t *s, pcp_pubkey_t *p, int signcrypt);
/** Symmetrically encrypt a file or a buffer stream.
@@ -204,6 +209,8 @@ size_t pcp_encrypt_stream(Pcpstream *in, Pcpstream* out, pcp_key_t *s, pcp_pubke
Uses crypto_secret_box() for each 32k-block with a random nonce for each.
\param[in] pcp context.
\param[in] in Stream to read the data to encrypt from.
\param[out] out Stream to write encrypted result to.
@@ -217,7 +224,7 @@ size_t pcp_encrypt_stream(Pcpstream *in, Pcpstream* out, pcp_key_t *s, pcp_pubke
\return Returns the size of the output written to the output stream or 0 in case of errors.
*/
size_t pcp_encrypt_stream_sym(Pcpstream *in, Pcpstream* out, byte *symkey, int havehead, pcp_rec_t *recsign);
size_t pcp_encrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte *symkey, int havehead, pcp_rec_t *recsign);
/** Asymmetrically decrypt a file or a buffer stream.
@@ -229,6 +236,8 @@ size_t pcp_encrypt_stream_sym(Pcpstream *in, Pcpstream* out, byte *symkey, int h
FIXME: should return the pcp_rec_t structure upon successfull verification somehow.
\param[in] pcp context.
\param[in] in Stream to read the data to decrypt from.
\param[out] out Stream to write decrypted result to.
@@ -241,7 +250,7 @@ size_t pcp_encrypt_stream_sym(Pcpstream *in, Pcpstream* out, byte *symkey, int h
\return Returns the size of the output written to the output stream or 0 in case of errors.
*/
size_t pcp_decrypt_stream(Pcpstream *in, Pcpstream* out, pcp_key_t *s, byte *symkey, int verify);
size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t *s, byte *symkey, int verify);
/** Symmetrically decrypt a file or a buffer stream.
@@ -253,6 +262,8 @@ size_t pcp_decrypt_stream(Pcpstream *in, Pcpstream* out, pcp_key_t *s, byte *sym
Uses crypto_secret_box_open() for each 32k+16-block with a random nonce for each.
\param[in] pcp context.
\param[in] in Stream to read the data to decrypt from.
\param[out] out Stream to write decrypted result to.
@@ -263,7 +274,7 @@ size_t pcp_decrypt_stream(Pcpstream *in, Pcpstream* out, pcp_key_t *s, byte *sym
\return Returns the size of the output written to the output stream or 0 in case of errors.
*/
size_t pcp_decrypt_stream_sym(Pcpstream *in, Pcpstream* out, byte *symkey, pcp_rec_t *recverify);
size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, byte *symkey, pcp_rec_t *recverify);
pcp_rec_t *pcp_rec_new(byte *cipher, size_t clen, pcp_key_t *secret, pcp_pubkey_t *pub);
void pcp_rec_free(pcp_rec_t *r);

75
include/pcp/defines.h
View File

@@ -137,66 +137,45 @@ typedef enum _PCP_KEY_TYPES {
#define PCP_RFC_CIPHER 0x21 /* curve25519+ed25519+poly1305+salsa20+blake2 */
/**
* \defgroup FATALS FATALS
* @{
A couple of functions to catch errors and display them.
*/
/* defines for key management (mgmt.c) */
#define EXP_PK_CIPHER 0x21
#define EXP_PK_CIPHER_NAME "CURVE25519-ED25519-POLY1305-SALSA20"
/* error handling */
#define EXP_HASH_CIPHER 0x22
#define EXP_HASH_NAME "BLAKE2"
/** \var PCP_ERR
#define EXP_SIG_CIPHER 0x23
#define EXP_SIG_CIPHER_NAME "ED25519"
Global variable holding the last error message.
Can be retrieved with fatals_ifany().
*/
extern char *PCP_ERR;
#define EXP_SIG_VERSION 0x01
#define EXP_SIG_TYPE 0x1F /* self signed */
/** \var PCP_ERRSET
/* sig sub notiation we support */
#define EXP_SIG_SUB_CTIME 2
#define EXP_SIG_SUB_SIGEXPIRE 3
#define EXP_SIG_SUB_KEYEXPIRE 9
#define EXP_SIG_SUB_NOTATION 20
#define EXP_SIG_SUB_KEYFLAGS 27
Global variable indicating if an error occurred.
*/
extern byte PCP_ERRSET;
/* in armored mode, we're using the usual head+foot */
#define EXP_PK_HEADER "----- BEGIN ED25519-CURVE29915 PUBLIC KEY -----"
#define EXP_PK_FOOTER "----- END ED25519-CURVE29915 PUBLIC KEY -----"
#define EXP_SK_HEADER "----- BEGIN ED25519-CURVE29915 PRIVATE KEY -----"
#define EXP_SK_FOOTER "----- END ED25519-CURVE29915 PRIVATE KEY -----"
/** \var PCP_EXIT
Exitcode for the pcp commandline utility.
*/
extern int PCP_EXIT;
/* pubkey export formats */
#define EXP_FORMAT_NATIVE 1
#define EXP_FORMAT_PBP 2
#define EXP_FORMAT_YAML 3
#define EXP_FORMAT_C 4
#define EXP_FORMAT_PY 5
#define EXP_FORMAT_PERL 6
/** Set an error message.
This function gets a printf() like error message,
which it stores in the global PCP_ERR variable
and sets PCP_ERRSET to 1.
\param[in] fmt printf() like format description.
\param[in] ... format parameters, if any.
*/
void fatal(const char * fmt, ...);
/** Prints error messages to STDERR, if there are some.
FIXME: add something like this which returns the
message.
*/
void fatals_ifany();
/** Reset the error variables.
This can be used to ignore previous errors.
Use with care.
*/
void fatals_reset();
/** Cleans up memory allocation of global error variables.
*/
void fatals_done();
extern int PCPVERBOSE;
#endif /* _DEFINES_H */

21
include/pcp/ed.h
View File

@@ -41,6 +41,7 @@
#include "keyhash.h"
#include "util.h"
#include "pcpstream.h"
#include "context.h"
/** Sign a raw message.
@@ -80,6 +81,8 @@ byte *pcp_ed_sign(byte *message, size_t messagesize, pcp_key_t *s);
The signature must contain the message+nacl signature (with size crypto_sign_BYTES).
\param[in] pcp context.
\param[in] signature Message+signature.
\param[in] siglen Size of message+signature.
@@ -89,7 +92,7 @@ byte *pcp_ed_sign(byte *message, size_t messagesize, pcp_key_t *s);
\return If the signature verifies return the raw message with the signature removed (size: siglen - crypto_sign_BYTES),
returns NULL in case of errors. Check fatals_if_any().
*/
byte *pcp_ed_verify(byte *signature, size_t siglen, pcp_pubkey_t *p);
byte *pcp_ed_verify(PCPCTX *ptx, byte *signature, size_t siglen, pcp_pubkey_t *p);
/** Verify a signature using the mastersecret.
@@ -97,6 +100,8 @@ byte *pcp_ed_verify(byte *signature, size_t siglen, pcp_pubkey_t *p);
The signature must contain the message+nacl signature (with size crypto_sign_BYTES).
\param[in] pcp context.
\param[in] signature Message+signature.
\param[in] siglen Size of message+signature.
@@ -106,7 +111,7 @@ byte *pcp_ed_verify(byte *signature, size_t siglen, pcp_pubkey_t *p);
\return If the signature verifies return the raw message with the signature removed (size: siglen - crypto_sign_BYTES),
returns NULL in case of errors. Check fatals_if_any().
*/
byte *pcp_ed_verify_key(byte *signature, size_t siglen, pcp_pubkey_t *p);
byte *pcp_ed_verify_key(PCPCTX *ptx, byte *signature, size_t siglen, pcp_pubkey_t *p);
/** Sign a stream in 32k block mode.
@@ -114,6 +119,8 @@ byte *pcp_ed_verify_key(byte *signature, size_t siglen, pcp_pubkey_t *p);
of the contents of the stream. It outputs the stream to \a out, also blockwise
and appends the signature afterwards, which consists of the hash+nacl-signature.
\param[in] pcp context.
\param[in] in Stream to read from.
\param[out] out Stream to write to.
@@ -125,7 +132,7 @@ byte *pcp_ed_verify_key(byte *signature, size_t siglen, pcp_pubkey_t *p);
\return Returns the number of bytes written to the output stream.
*/
size_t pcp_ed_sign_buffered(Pcpstream *in, Pcpstream *out, pcp_key_t *s, int z85);
size_t pcp_ed_sign_buffered(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t *s, int z85);
/** Verify a signature from a stream in 32k block mode.
@@ -140,6 +147,8 @@ size_t pcp_ed_sign_buffered(Pcpstream *in, Pcpstream *out, pcp_key_t *s, int z85
the global public key hash pcppubkey_hash to find a public key which is able to verify
the signature.
\param[in] pcp context.
\param[in] in Stream to read from.
\param[in] p Pointer to public key structure.
@@ -147,7 +156,7 @@ size_t pcp_ed_sign_buffered(Pcpstream *in, Pcpstream *out, pcp_key_t *s, int z85
\return Returns a pointer to a public key which were used to verify the signature or NULL if
an error occurred. Check fatals_if_any().
*/
pcp_pubkey_t *pcp_ed_verify_buffered(Pcpstream *in, pcp_pubkey_t *p);
pcp_pubkey_t *pcp_ed_verify_buffered(PCPCTX *ptx, Pcpstream *in, pcp_pubkey_t *p);
/** Generate a detached signature from a stream in 32k block mode.
@@ -174,6 +183,8 @@ size_t pcp_ed_detachsign_buffered(Pcpstream *in, Pcpstream *out, pcp_key_t *s);
the signature hash with the hash it calculated
from the signed content.
\param[in] pcp context.
\param[in] in Stream to read from.
\param[in] sigfd Stream containing the detached signature.
@@ -184,7 +195,7 @@ size_t pcp_ed_detachsign_buffered(Pcpstream *in, Pcpstream *out, pcp_key_t *s);
an error occurred. Check fatals_if_any().
*/
pcp_pubkey_t *pcp_ed_detachverify_buffered(Pcpstream *in, Pcpstream *sigfd, pcp_pubkey_t *p);
pcp_pubkey_t *pcp_ed_detachverify_buffered(PCPCTX *ptx, Pcpstream *in, Pcpstream *sigfd, pcp_pubkey_t *p);
#endif /* _HAVE_PCP_ED_H */

147
include/pcp/key.h
View File

@@ -31,16 +31,16 @@
#include "defines.h"
#include "platform.h"
#include "mem.h"
#include "buffer.h"
#include "mac.h"
#include "randomart.h"
#include "version.h"
#include "z85.h"
//#include "z85.h"
#include "uthash.h"
#include "jenhash.h"
#include "scrypt.h"
#include "structs.h"
#include "buffer.h"
#include "keysig.h"
#include "scrypt.h"
/**
* \defgroup KEYS KEYS
@@ -53,126 +53,7 @@
*/
/** \struct _pcp_key_t
PCP private key structure. Most fields are self explanatory.
Some notes:
'encrypted' contains the encrypted secret keys (contatenated mastersecret,
secret and edsecret). If it's set,
the field 'secret' which contains the clear secret key will
be zeroed with random values, the first byte will be 0. Same
for the field 'edsecret'.
'nonce' contains the nonce required to decrypt the encrypted
secret, if set.
'serial' is a random number.
'id' is a string containing the hex values of the CRC32 checksum
of the public and secret key.
Upon creation everything will be filled with random bytes.
String fields will contain a string followed by 0 followed
by the rest of the pre-filled random bytes. To denote a string
field as empty, the first byte will be set to 0.
There are dynamically calculated attributes as well:
'checksum' is a 256 bit SHA hash of the public key returned
by pcpkey_getchecksum() or pcppubkey_getchecksum().
'random id' is a random art ascii image returned by
pcppubkey_get_art() or pcpkey_get_art(), calculated from
the public key.
If exported to a single file or printed, the structure will
be encoded using Z85 encoding.
*/
struct _pcp_key_t {
byte masterpub[32]; /**< ED25519 master public key signing key */
byte mastersecret[64]; /**< ED25519 master secret key signing key */
byte pub[32]; /**< Curve25519 encryption public key */
byte secret[32]; /**< Curve25519 encryption secret key */
byte edpub[32]; /**< ED25519 public signing key */
byte edsecret[64]; /**< ED25519 secret signing key */
byte nonce[24]; /**< random nonce used to encrypt secret keys */
byte encrypted[176]; /**< concatenated and encrypted secret keys */
char owner[255]; /**< the key owner, string */
char mail[255]; /**< mail address of the owner, string */
char id[17]; /**< key-id, used internally only, jenhash of public keys */
uint8_t type; /**< key type: MASTER_SECRET or SECRET */
uint64_t ctime; /**< creation time, epoch */
uint32_t version; /**< key version */
uint32_t serial; /**< serial number of the key, randomly generated */
UT_hash_handle hh;
};
/** Typedef for secret keys */
typedef struct _pcp_key_t pcp_key_t;
/** \struct _pcp_pubkey_t
PCP public key structure.
This structure contains a subset of the pcp_key_t structure
without the secret and nonce fields.
*/
struct _pcp_pubkey_t {
byte masterpub[32]; /**< ED25519 master public key signing key */
byte sigpub[32]; /**< ED25519 public signing key */
byte pub[32]; /**< Curve25519 encryption public key */
byte edpub[32]; /**< ED25519 public signing key (FIXME: huh? 2 of them???) */
char owner[255]; /**< the key owner, string */
char mail[255]; /**< mail address of the owner, string */
char id[17]; /**< key-id, used internally only, jenhash of public keys */
uint8_t type; /**< key type: MASTER_SECRET or SECRET */
uint64_t ctime; /**< creation time, epoch */
uint32_t version; /**< key version */
uint32_t serial; /**< serial number of the key, randomly generated */
uint8_t valid; /**< 1 if import signature verified, 0 if not */
byte signature[crypto_generichash_BYTES_MAX + crypto_sign_BYTES]; /**< raw binary blob of pubkey export signature */
UT_hash_handle hh;
};
/** Typedef for public keys */
typedef struct _pcp_pubkey_t pcp_pubkey_t;
/* the PBP public key format */
/* keys.mp+keys.cp+keys.sp+keys.name */
struct _pbp_pubkey_t {
byte sigpub[crypto_sign_PUBLICKEYBYTES];
byte edpub[crypto_sign_PUBLICKEYBYTES];
byte pub[crypto_box_PUBLICKEYBYTES];
char iso_ctime[32];
char iso_expire[32];
char name[1024];
};
typedef struct _pbp_pubkey_t pbp_pubkey_t;
/** \struct _pcp_rec_t
Encrypted recipient list.
Encrypted recipient list, required for crypt+sign
contains the encrypted recipients and the secret
key required for signing the message+recipients.
Used internally only.
*/
struct _pcp_rec_t {
size_t ciphersize; /**< the size of the encrypted recipient list */
byte *cipher; /**< contains the whole encrypted recipient list */
pcp_key_t *secret; /**< the secret key of the recipient for signing */
pcp_pubkey_t *pub; /**< if verification were ok, contains the public key of the signer */
};
/** Typedef for public keys */
typedef struct _pcp_rec_t pcp_rec_t;
#define PCP_RAW_KEYSIZE sizeof(pcp_key_t) - sizeof(UT_hash_handle)
#define PCP_RAW_PUBKEYSIZE sizeof(pcp_pubkey_t) - sizeof(UT_hash_handle)
@@ -253,6 +134,8 @@ char *pcpkey_get_art(pcp_key_t *k);
The caller is responsible to clear the passphrase right after
use and free() it as soon as possible.
\param[in] pcp context.
\param[in,out] key The secret key structure.
\param[in] passphrase The passphrase used to encrypt the key.
@@ -260,7 +143,7 @@ char *pcpkey_get_art(pcp_key_t *k);
\return Returns a pointer to the encrypted key structure or NULL
in case of an error. Use fatals_ifany() to catch them.
*/
pcp_key_t *pcpkey_encrypt(pcp_key_t *key, char *passphrase);
pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase);
/** Decrypt a secret key structure.
@@ -277,6 +160,8 @@ pcp_key_t *pcpkey_encrypt(pcp_key_t *key, char *passphrase);
The caller is responsible to clear the passphrase right after
use and free() it as soon as possible.
\param[in] pcp context.
\param[in,out] key The secret key structure.
\param[in] passphrase The passphrase used to decrypt the key.
@@ -285,7 +170,7 @@ pcp_key_t *pcpkey_encrypt(pcp_key_t *key, char *passphrase);
in case of an error. Use fatals_ifany() to catch them.
*/
pcp_key_t *pcpkey_decrypt(pcp_key_t *key, char *passphrase);
pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase);
/** Generate a public key structure from a given secret key structure.
@@ -294,6 +179,8 @@ pcp_key_t *pcpkey_decrypt(pcp_key_t *key, char *passphrase);
The caller is responsible to clear and free() it after use.
\param[in] pcp context.
\param[in] key The secret key structure.
\return Returns a new pcp_pubkey_t structure.
@@ -404,7 +291,7 @@ byte * pcp_gennonce();
/* use scrypt() to create a key from a passphrase and a nonce
this is a wrapper around pcp_scrypt()
*/
byte *pcp_derivekey(char *passphrase, byte *nonce);
byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce);
/* convert the key struct into a binary blob */
void pcp_seckeyblob(Buffer *b, pcp_key_t *k);
@@ -418,19 +305,23 @@ Buffer *pcp_keyblob(void *k, int type); /* allocates blob */
\return Returns 1 if the sanity check succeeds, 0 otherwise.
Use fatals_ifany() to check why.
*/
int pcp_sanitycheck_pub(pcp_pubkey_t *key);
int pcp_sanitycheck_pub(PCPCTX *ptx, pcp_pubkey_t *key);
/** Make a sanity check of the given secret key structure.
\param[in] pcp context.
\param[in] key The secret key structure.
\return Returns 1 if the sanity check succeeds, 0 otherwise.
Use fatals_ifany() to check why.
*/
int pcp_sanitycheck_key(pcp_key_t *key);
int pcp_sanitycheck_key(PCPCTX *ptx, pcp_key_t *key);
/** Dump a secret key structure to stderr.
\param[in] pcp context.
\param[in] k Secret key to dump.
*/
void pcp_dumpkey(pcp_key_t *k);

83
include/pcp/keyhash.h
View File

@@ -22,6 +22,10 @@
#ifndef _HAVE_KEYHASH_H
#define _HAVE_KEYHASH_H
#include "structs.h"
/** \defgroup KEYHASH KEYHASH
@{
@@ -29,22 +33,11 @@
Libpcp uses the <a href="http://troydhanson.github.io/uthash/">uthash</a>
system to maintain lists of keys. There's one hash per key type. The
hash has the same type as the key structure itself, but is global.
hash has the same type as the key structure itself, and is stored in
the PCP Context object.
*/
#include "uthash.h"
#include "key.h"
/* storage of keys in a global hash */
/** Global hash for secret keys. */
extern pcp_key_t *pcpkey_hash;
/** Global hash for public keys. */
extern pcp_pubkey_t *pcppubkey_hash;
extern pcp_key_t *__k;
extern pcp_pubkey_t *__p;
/* wrapper for HASH_ITER */
/** Iterate over the list of secret keys.
@@ -53,7 +46,7 @@ extern pcp_pubkey_t *__p;
@code
pcp_key_t k = NULL;
pcphash_iterate(k) {
pcphash_iterate(ptx, k) {
pcp_dumpkey(k);
}
@endcode
@@ -61,9 +54,9 @@ extern pcp_pubkey_t *__p;
Also, don't free() the keyhash or the temporary key pointer
yourself. Use pcphash_clean() instead when done.
*/
#define pcphash_iterate(key) \
__k = NULL; \
HASH_ITER(hh, pcpkey_hash, key, __k)
#define pcphash_iterate(ptx, key) \
pcp_key_t *__k = NULL; \
HASH_ITER(hh, ptx->pcpkey_hash, key, __k)
/** Iterate over the list of public keys.
@@ -72,7 +65,7 @@ extern pcp_pubkey_t *__p;
@code
pcp_pubkey_t k = NULL;
pcphash_iteratepub(k) {
pcphash_iteratepub(ptx, k) {
pcp_dumppubkey(k);
}
@endcode
@@ -80,75 +73,77 @@ extern pcp_pubkey_t *__p;
Also, don't free() the keyhash or the temporary key pointer
yourself. Use pcphash_clean() instead when done.
*/
#define pcphash_iteratepub(key) \
__p = NULL; \
HASH_ITER(hh, pcppubkey_hash, key, __p)
/** Initialize the global hashes. */
void pcphash_init();
#define pcphash_iteratepub(ptx, key) \
pcp_pubkey_t *__p = NULL; \
HASH_ITER(hh, ptx->pcppubkey_hash, key, __p)
/** Delete an entry from a hash.
\param[in] PCP Context object.
\param[in] key A pointer to the key structure to delete.
\param[in] type An integer specifying the key type to delete. \see _PCP_KEY_TYPES.
*/
void pcphash_del(void *key, int type);
void pcphash_del(PCPCTX *ptx, void *key, int type);
/** Frees the memory allocated by the hashes.
Clears and frees memory of all keys in the hash lists
and the hashes themselfes.
*/
void pcphash_clean();
/** Free memory used by key hashes. */
void pcphash_clean(PCPCTX *ptx);
/** Check if a secret key with a given key-id exists in the hash.
\param[in] PCP Context object.
\param[in] id A string with the key-id (max 17 chars incl 0).
\return Returns a pointer to the matching key or NULL if the id doesn't match.
*/
pcp_key_t *pcphash_keyexists(char *id);
pcp_key_t *pcphash_keyexists(PCPCTX *ptx, char *id);
/** Check if a publickey with a given key-id exists in the hash.
\param[in] PCP Context object.
\param[in] id A string with the key-id (max 17 chars incl 0).
\return Returns a pointer to the matching key or NULL if the id doesn't match.
*/
pcp_pubkey_t *pcphash_pubkeyexists(char *id);
pcp_pubkey_t *pcphash_pubkeyexists(PCPCTX *ptx, char *id);
/** Add a key structure to the hash list.
\param[in] PCP Context object.
\param[in] key A pointer to the key structure to delete.
\param[in] type An integer specifying the key type to delete. \see _PCP_KEY_TYPES.
*/
void pcphash_add(void *key, int type);
void pcphash_add(PCPCTX *ptx, void *key, int type);
/** Returns the number of secret keys in the hash.
\param[in] PCP Context object.
\return Number of keys.
*/
int pcphash_count();
int pcphash_count(PCPCTX *ptx);
/** Returns the number of public keys in the hash.
\param[in] PCP Context object.
\return Number of keys.
*/
int pcphash_countpub();
int pcphash_countpub(PCPCTX *ptx);
/** Global hash for key signatures. */
extern pcp_keysig_t *pcpkeysig_hash;
extern pcp_keysig_t *__s;
#define pcphash_iteratekeysig(key) \
__s = NULL; \
HASH_ITER(hh, pcpkeysig_hash, key, __s)
pcp_keysig_t *pcphash_keysigexists(char *id);
#define pcphash_iteratekeysig(ptx, key) \
pcp_keysig_t *__s = NULL; \
HASH_ITER(hh, ptx->pcpkeysig_hash, key, __s)
pcp_keysig_t *pcphash_keysigexists(PCPCTX *ptx, char *id);
#endif /* _HAVE_KEYHASH_H */

11
include/pcp/keysig.h
View File

@@ -29,22 +29,13 @@
#include "defines.h"
#include "platform.h"
#include "mem.h"
#include "structs.h"
#include "buffer.h"
#include "key.h"
#define PCP_RAW_KEYSIGSIZE sizeof(pcp_keysig_t) - sizeof(UT_hash_handle)
/* holds a public key signature */
struct _pcp_keysig_t {
uint8_t type;
uint32_t size;
char id[17];
byte checksum[32];
byte *blob;
UT_hash_handle hh;
};
typedef struct _pcp_keysig_t pcp_keysig_t;
pcp_keysig_t *keysig2be(pcp_keysig_t *s);
pcp_keysig_t *keysig2native(pcp_keysig_t *s);

93
include/pcp/mgmt.h
View File

@@ -33,12 +33,14 @@
#include "defines.h"
#include "platform.h"
#include "structs.h"
#include "mem.h"
#include "ed.h"
#include "key.h"
#include "keysig.h"
#include "buffer.h"
#include "scrypt.h"
#include "context.h"
/* key management api, export, import, yaml and stuff */
@@ -52,76 +54,7 @@
/* various helper structs, used internally only */
struct _pcp_rfc_pubkey_header_t {
uint8_t version;
uint32_t ctime;
uint8_t cipher;
};
struct _pcp_rfc_pubkey_0x21_t {
byte sig_ed25519_pub[crypto_sign_PUBLICKEYBYTES];
byte ed25519_pub[crypto_sign_PUBLICKEYBYTES];
byte curve25519_pub[crypto_box_PUBLICKEYBYTES];
};
struct _pcp_rfc_pubkey_sigheader_0x21_t {
uint8_t version;
uint8_t type;
uint8_t pkcipher;
uint8_t hashcipher;
uint16_t numsubs;
};
struct _pcp_rfc_pubkey_sigsub_0x21_t {
uint32_t size;
uint8_t type;
};
typedef struct _pcp_rfc_pubkey_header_t rfc_pub_h;
typedef struct _pcp_rfc_pubkey_0x21_t rfc_pub_k;
typedef struct _pcp_rfc_pubkey_sigheader_0x21_t rfc_pub_sig_h;
typedef struct _pcp_rfc_pubkey_sigsub_0x21_t rfc_pub_sig_s;
struct _pcp_ks_bundle_t {
pcp_pubkey_t *p;
pcp_keysig_t *s;
};
typedef struct _pcp_ks_bundle_t pcp_ks_bundle_t;
#define EXP_PK_CIPHER 0x21
#define EXP_PK_CIPHER_NAME "CURVE25519-ED25519-POLY1305-SALSA20"
#define EXP_HASH_CIPHER 0x22
#define EXP_HASH_NAME "BLAKE2"
#define EXP_SIG_CIPHER 0x23
#define EXP_SIG_CIPHER_NAME "ED25519"
#define EXP_SIG_VERSION 0x01
#define EXP_SIG_TYPE 0x1F /* self signed */
/* sig sub notiation we support */
#define EXP_SIG_SUB_CTIME 2
#define EXP_SIG_SUB_SIGEXPIRE 3
#define EXP_SIG_SUB_KEYEXPIRE 9
#define EXP_SIG_SUB_NOTATION 20
#define EXP_SIG_SUB_KEYFLAGS 27
/* in armored mode, we're using the usual head+foot */
#define EXP_PK_HEADER "----- BEGIN ED25519-CURVE29915 PUBLIC KEY -----"
#define EXP_PK_FOOTER "----- END ED25519-CURVE29915 PUBLIC KEY -----"
#define EXP_SK_HEADER "----- BEGIN ED25519-CURVE29915 PRIVATE KEY -----"
#define EXP_SK_FOOTER "----- END ED25519-CURVE29915 PRIVATE KEY -----"
/* pubkey export formats */
#define EXP_FORMAT_NATIVE 1
#define EXP_FORMAT_PBP 2
#define EXP_FORMAT_YAML 3
#define EXP_FORMAT_C 4
#define EXP_FORMAT_PY 5
#define EXP_FORMAT_PERL 6
/** RFC4880 alike public key export with some modifications.
@@ -287,6 +220,8 @@ Buffer *pcp_export_c_pub(pcp_key_t *sk);
Nonce | Cipher
\param[in] ptx context.
\param sk a secret key structure of type pcp_key_t. The secret keys
in there have to be already decrypted.
@@ -296,17 +231,21 @@ Buffer *pcp_export_c_pub(pcp_key_t *sk);
\return the function returns a Buffer object containing the binary
blob in the format described above.
*/
Buffer *pcp_export_secret(pcp_key_t *sk, char *passphrase);
Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase);
pcp_ks_bundle_t *pcp_import_binpub(byte *raw, size_t rawsize);
pcp_ks_bundle_t *pcp_import_pub(byte *raw, size_t rawsize); /* FIXME: deprecate */
pcp_ks_bundle_t *pcp_import_pub_rfc(Buffer *blob);
pcp_ks_bundle_t *pcp_import_pub_pbp(Buffer *blob);
pcp_ks_bundle_t *pcp_import_binpub(PCPCTX *ptx, byte *raw, size_t rawsize);
pcp_ks_bundle_t *pcp_import_pub(PCPCTX *ptx, byte *raw, size_t rawsize); /* FIXME: deprecate */
pcp_ks_bundle_t *pcp_import_pub_rfc(PCPCTX *ptx, Buffer *blob);
pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob);
/* import secret key */
pcp_key_t *pcp_import_binsecret(byte *raw, size_t rawsize, char *passphrase);
pcp_key_t *pcp_import_secret(byte *raw, size_t rawsize, char *passphrase);
pcp_key_t *pcp_import_secret_native(Buffer *cipher, char *passphrase);
pcp_key_t *pcp_import_binsecret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passphrase);
pcp_key_t *pcp_import_secret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passphrase);
pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphrase);
/* helpers */
int _check_keysig_h(PCPCTX *ptx, Buffer *blob, rfc_pub_sig_h *h);
int _check_hash_keysig(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t *sk);
#endif // _HAVE_PCP_MGMT_H

30
include/pcp/pcpstream.h
View File

@@ -26,8 +26,10 @@
#include <stdio.h>
#include <assert.h>
#include "mem.h"
#include "structs.h"
#include "util.h"
#include "defines.h"
#include "context.h"
#include "buffer.h"
#include "z85.h"
@@ -54,35 +56,7 @@
*/
/** \struct _pcp_stream_t
An I/O wrapper object backed by a file or a buffer.
*/
struct _pcp_stream_t {
FILE *fd; /**< The backend FILE stream */
Buffer *b; /**< The backend Buffer object */
Buffer *cache; /**< The caching Buffer object (for look ahead read) */
Buffer *next; /**< The caching Next-Buffer object (for look ahead read) */
Buffer *save; /**< Temporary buffer to backup overflow data */
uint8_t is_buffer; /**< Set to 1 if the backend is a Buffer */
uint8_t eof; /**< Set to 1 if EOF reached */
uint8_t err; /**< Set to 1 if an error occured */
uint8_t armor; /**< Set to 1 if Z85 en/de-coding is requested */
uint8_t determine; /**< Set to 1 to automatically determine armor mode */
uint8_t firstread; /**< Internal flag, will be set after first read() */
size_t linewr; /**< Used for Z85 writing, number of chars written on last line */
size_t blocksize; /**< Blocksize used for z85, if requested */
uint8_t is_output; /**< marks the stream as output stream */
uint8_t have_begin; /**< flag to indicate we already got the begin header, if any */
size_t pos; /**< remember i/o position */
};
typedef enum _PSVARS {
PSMAXLINE = 20000
} PSVARS;
/** The name used everywhere */
typedef struct _pcp_stream_t Pcpstream;
/* initialize a new empty stream */
Pcpstream *ps_init(void);

3
include/pcp/scrypt.h
View File

@@ -35,8 +35,9 @@
#include "crypto_scrypt.h"
#include "mem.h"
#include "defines.h"
#include "context.h"
byte * pcp_scrypt(char *passwd, size_t passwdlen, byte *nonce, size_t noncelen);
byte * pcp_scrypt(PCPCTX *ptx, char *passwd, size_t passwdlen, byte *nonce, size_t noncelen);
#endif /* _HAVE_PCP_SCRYPT_H */

384
include/pcp/structs.h Normal file
View File

@@ -0,0 +1,384 @@
/*
This file is part of Pretty Curved Privacy (pcp1).
Copyright (C) 2013-2014 T.v.Dein.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You can contact me by mail: <tom AT vondein DOT org>.
*/
#ifndef _HAVE_PCP_STRUCTS_H
#define _HAVE_PCP_STRUCTS_H
#include "defines.h"
#include "uthash.h"
#include <sodium.h>
/**
\addtogroup KEYS
@{
*/
/** \struct _pcp_key_t
PCP private key structure. Most fields are self explanatory.
Some notes:
'encrypted' contains the encrypted secret keys (contatenated mastersecret,
secret and edsecret). If it's set,
the field 'secret' which contains the clear secret key will
be zeroed with random values, the first byte will be 0. Same
for the field 'edsecret'.
'nonce' contains the nonce required to decrypt the encrypted
secret, if set.
'serial' is a random number.
'id' is a string containing the hex values of the CRC32 checksum
of the public and secret key.
Upon creation everything will be filled with random bytes.
String fields will contain a string followed by 0 followed
by the rest of the pre-filled random bytes. To denote a string
field as empty, the first byte will be set to 0.
There are dynamically calculated attributes as well:
'checksum' is a 256 bit SHA hash of the public key returned
by pcpkey_getchecksum() or pcppubkey_getchecksum().
'random id' is a random art ascii image returned by
pcppubkey_get_art() or pcpkey_get_art(), calculated from
the public key.
If exported to a single file or printed, the structure will
be encoded using Z85 encoding.
*/
struct _pcp_key_t {
byte masterpub[32]; /**< ED25519 master public key signing key */
byte mastersecret[64]; /**< ED25519 master secret key signing key */
byte pub[32]; /**< Curve25519 encryption public key */
byte secret[32]; /**< Curve25519 encryption secret key */
byte edpub[32]; /**< ED25519 public signing key */
byte edsecret[64]; /**< ED25519 secret signing key */
byte nonce[24]; /**< random nonce used to encrypt secret keys */
byte encrypted[176]; /**< concatenated and encrypted secret keys */
char owner[255]; /**< the key owner, string */
char mail[255]; /**< mail address of the owner, string */
char id[17]; /**< key-id, used internally only, jenhash of public keys */
uint8_t type; /**< key type: MASTER_SECRET or SECRET */
uint64_t ctime; /**< creation time, epoch */
uint32_t version; /**< key version */
uint32_t serial; /**< serial number of the key, randomly generated */
UT_hash_handle hh;
};
/** Typedef for secret keys */
typedef struct _pcp_key_t pcp_key_t;
/** \struct _pcp_pubkey_t
PCP public key structure.
This structure contains a subset of the pcp_key_t structure
without the secret and nonce fields.
*/
struct _pcp_pubkey_t {
byte masterpub[32]; /**< ED25519 master public key signing key */
byte sigpub[32]; /**< ED25519 public signing key */
byte pub[32]; /**< Curve25519 encryption public key */
byte edpub[32]; /**< ED25519 public signing key (FIXME: huh? 2 of them???) */
char owner[255]; /**< the key owner, string */
char mail[255]; /**< mail address of the owner, string */
char id[17]; /**< key-id, used internally only, jenhash of public keys */
uint8_t type; /**< key type: MASTER_SECRET or SECRET */
uint64_t ctime; /**< creation time, epoch */
uint32_t version; /**< key version */
uint32_t serial; /**< serial number of the key, randomly generated */
uint8_t valid; /**< 1 if import signature verified, 0 if not */
byte signature[crypto_generichash_BYTES_MAX + crypto_sign_BYTES]; /**< raw binary blob of pubkey export signature */
UT_hash_handle hh;
};
/** Typedef for public keys */
typedef struct _pcp_pubkey_t pcp_pubkey_t;
/* the PBP public key format */
/* keys.mp+keys.cp+keys.sp+keys.name */
struct _pbp_pubkey_t {
byte sigpub[crypto_sign_PUBLICKEYBYTES];
byte edpub[crypto_sign_PUBLICKEYBYTES];
byte pub[crypto_box_PUBLICKEYBYTES];
char iso_ctime[32];
char iso_expire[32];
char name[1024];
};
typedef struct _pbp_pubkey_t pbp_pubkey_t;
/** \struct _pcp_rec_t
Encrypted recipient list.
Encrypted recipient list, required for crypt+sign
contains the encrypted recipients and the secret
key required for signing the message+recipients.
Used internally only.
*/
struct _pcp_rec_t {
size_t ciphersize; /**< the size of the encrypted recipient list */
byte *cipher; /**< contains the whole encrypted recipient list */
pcp_key_t *secret; /**< the secret key of the recipient for signing */
pcp_pubkey_t *pub; /**< if verification were ok, contains the public key of the signer */
};
/** Typedef for public keys */
typedef struct _pcp_rec_t pcp_rec_t;
/* holds a public key signature */
struct _pcp_keysig_t {
uint8_t type;
uint32_t size;
char id[17];
byte checksum[32];
byte *blob;
UT_hash_handle hh;
};
typedef struct _pcp_keysig_t pcp_keysig_t;
/** @}
*/
/**
\addtogroup CONTEXT
@{
*/
/** \struct _pcp_ctx_t
PCP context object.
Holds error state and key hashes.
*/
struct _pcp_ctx_t {
char *pcp_err; /**< last error message. retrieve with fatals_ifany() */
byte pcp_errset; /**< indicates if an error occurred. */
int pcp_exit; /**< exit code for pcp commandline utility */
int verbose; /**< enable verbose output */
pcp_key_t *pcpkey_hash; /**< hash containing for keys */
pcp_pubkey_t *pcppubkey_hash; /**< hash for keys. */
pcp_keysig_t *pcpkeysig_hash; /**< hash for key sigs */
};
typedef struct _pcp_ctx_t PCPCTX;
/** @}
*/
/**
\addtogroup VAULT
@{
*/
/** \struct _vault_t
This structure represents a vault. */
struct _vault_t {
char *filename; /**< The filename of the vault (full path) */
FILE *fd; /**< Filehandle if opened */
uint8_t unsafed; /**< Flag to tell if the file needs to be written */
uint8_t isnew; /**< Flag to tell if the vault has been newly created */
uint32_t size; /**< Filesize */
time_t modified; /**< mtime */
mode_t mode; /**< File mode */
uint32_t version; /**< Vault version */
byte checksum[32]; /**< SHA256 checksum over the whole vault */
};
/** Name of the struct */
typedef struct _vault_t vault_t;
/** \struct _vault_header_t
Defines the vault header. */
struct _vault_header_t {
uint8_t fileid; /**< File id, proprietary. Marks the vault as a vault */
uint32_t version; /**< File version */
byte checksum[32]; /**< SHA256 checksum over the whole vault */
};
/** Name of the struct */
typedef struct _vault_header_t vault_header_t;
/** \struct _vault_item_header_t
An item header. */
struct _vault_item_header_t {
uint8_t type; /**< Item type (secret key, public, key, keysig, \see _PCP_KEY_TYPES */
uint32_t size; /**< Size of the item */
uint32_t version; /**< Version of the item */
byte checksum[32]; /**< SHA256 checksum of the item */
};
/** Name of the struct */
typedef struct _vault_item_header_t vault_item_header_t;
/** @}
*/
/**
\addtogroup BUFFER
@{
*/
/** \struct _pcp_buffer
A flexible buffer object wich automatically resizes, if neccessary.
*/
struct _pcp_buffer {
char *name; /**< just for convenience in error messages and the like, so we know which buffer cause trouble */
uint8_t allocated; /**< marks the buffer as allocated */
size_t blocksize; /**< the blocksize to use when resizing, also used for initial malloc() */
size_t size; /**< stores the current allocated size of the object */
size_t offset; /**< current read position */
size_t end; /**< current write position, data end. maybe less than size. */
uint8_t isstring; /**< treat as char array/string */
void *buf; /**< the actual storage buffer */
};
/** The name used everywhere */
typedef struct _pcp_buffer Buffer;
/** @}
*/
/**
\addtogroup PCPSTREAMS
@{
*/
/** \struct _pcp_stream_t
An I/O wrapper object backed by a file or a buffer.
*/
struct _pcp_stream_t {
FILE *fd; /**< The backend FILE stream */
Buffer *b; /**< The backend Buffer object */
Buffer *cache; /**< The caching Buffer object (for look ahead read) */
Buffer *next; /**< The caching Next-Buffer object (for look ahead read) */
Buffer *save; /**< Temporary buffer to backup overflow data */
uint8_t is_buffer; /**< Set to 1 if the backend is a Buffer */
uint8_t eof; /**< Set to 1 if EOF reached */
uint8_t err; /**< Set to 1 if an error occured */
uint8_t armor; /**< Set to 1 if Z85 en/de-coding is requested */
uint8_t determine; /**< Set to 1 to automatically determine armor mode */
uint8_t firstread; /**< Internal flag, will be set after first read() */
size_t linewr; /**< Used for Z85 writing, number of chars written on last line */
size_t blocksize; /**< Blocksize used for z85, if requested */
uint8_t is_output; /**< marks the stream as output stream */
uint8_t have_begin; /**< flag to indicate we already got the begin header, if any */
size_t pos; /**< remember i/o position */
};
typedef enum _PSVARS {
PSMAXLINE = 20000
} PSVARS;
/** The name used everywhere */
typedef struct _pcp_stream_t Pcpstream;
/** @}
*/
/* various helper structs for mgmt.c, used internally only */
struct _pcp_rfc_pubkey_header_t {
uint8_t version;
uint32_t ctime;
uint8_t cipher;
};
struct _pcp_rfc_pubkey_0x21_t {
byte sig_ed25519_pub[crypto_sign_PUBLICKEYBYTES];
byte ed25519_pub[crypto_sign_PUBLICKEYBYTES];
byte curve25519_pub[crypto_box_PUBLICKEYBYTES];
};
struct _pcp_rfc_pubkey_sigheader_0x21_t {
uint8_t version;
uint8_t type;
uint8_t pkcipher;
uint8_t hashcipher;
uint16_t numsubs;
};
struct _pcp_rfc_pubkey_sigsub_0x21_t {
uint32_t size;
uint8_t type;
};
typedef struct _pcp_rfc_pubkey_header_t rfc_pub_h;
typedef struct _pcp_rfc_pubkey_0x21_t rfc_pub_k;
typedef struct _pcp_rfc_pubkey_sigheader_0x21_t rfc_pub_sig_h;
typedef struct _pcp_rfc_pubkey_sigsub_0x21_t rfc_pub_sig_s;
struct _pcp_ks_bundle_t {
pcp_pubkey_t *p;
pcp_keysig_t *s;
};
typedef struct _pcp_ks_bundle_t pcp_ks_bundle_t;
#endif //_HAVE_PCP_STRUCTS_H

71
include/pcp/vault.h
View File

@@ -89,66 +89,30 @@
#include "uthash.h"
#include "buffer.h"
#include "keysig.h"
#include "structs.h"
#include "context.h"
/** \struct _vault_t
This structure represents a vault. */
struct _vault_t {
char *filename; /**< The filename of the vault (full path) */
FILE *fd; /**< Filehandle if opened */
uint8_t unsafed; /**< Flag to tell if the file needs to be written */
uint8_t isnew; /**< Flag to tell if the vault has been newly created */
uint32_t size; /**< Filesize */
time_t modified; /**< mtime */
mode_t mode; /**< File mode */
uint32_t version; /**< Vault version */
byte checksum[32]; /**< SHA256 checksum over the whole vault */
};
/** Name of the struct */
typedef struct _vault_t vault_t;
/** \struct _vault_header_t
Defines the vault header. */
struct _vault_header_t {
uint8_t fileid; /**< File id, proprietary. Marks the vault as a vault */
uint32_t version; /**< File version */
byte checksum[32]; /**< SHA256 checksum over the whole vault */
};
/** Name of the struct */
typedef struct _vault_header_t vault_header_t;
/** \struct _vault_item_header_t
An item header. */
struct _vault_item_header_t {
uint8_t type; /**< Item type (secret key, public, key, keysig, \see _PCP_KEY_TYPES */
uint32_t size; /**< Size of the item */
uint32_t version; /**< Version of the item */
byte checksum[32]; /**< SHA256 checksum of the item */
};
/** Name of the struct */
typedef struct _vault_item_header_t vault_item_header_t;
/** Open a vault file.
If the file doesn't exist, it will be created.
\param[in] pcp context.
\param[in] filename The filename of the vault file.
\return Returns a vault object.
*/
vault_t *pcpvault_init(char *filename);
vault_t *pcpvault_init(PCPCTX *ptx, char *filename);
/* Creates a new vault file. Called internally only.
If is_tmp If set to 1, create a temporary vault file.
*/
vault_t *pcpvault_new(char *filename, int is_tmp);
vault_t *pcpvault_new(PCPCTX *ptx, char *filename, int is_tmp);
/* Writes the initial vault header to the vault.
Called internally only. */
int pcpvault_create(vault_t *vault);
int pcpvault_create(PCPCTX *ptx, vault_t *vault);
/** Add an item to the vault.
@@ -160,6 +124,7 @@ int pcpvault_create(vault_t *vault);
This function writes directly into the vault file. Use
with care. To be safe, use pcpvault_addkey() instead.
\param[in] pcp context.
\param[out] vault The vault object.
\param[in] item The item to write.
\param[in] itemsize Size of the item.
@@ -168,7 +133,7 @@ int pcpvault_create(vault_t *vault);
\return Returns the number of bytes written or 0 in case of
an error. Check fatals_if_any().
*/
int pcpvault_additem(vault_t *vault, void *item, size_t itemsize, uint8_t type);
int pcpvault_additem(PCPCTX *ptx, vault_t *vault, void *item, size_t itemsize, uint8_t type);
/** Add a key to the vault.
@@ -183,13 +148,14 @@ int pcpvault_additem(vault_t *vault, void *item, size_t itemsize, uint8_t type);
back to the original location. It then re-calculates the
vault checksum and puts it into the vault header.
\param[in] pcp context.
\param[out] vault The vault object.
\param[in] item The item to write (a key or keysig)
\param[in] type Type of the item. \see _PCP_KEY_TYPES.
\return Returns 0 on success or 1 in case of errors. Check fatals_if_any().
*/
int pcpvault_addkey(vault_t *vault, void *item, uint8_t type);
int pcpvault_addkey(PCPCTX *ptx, vault_t *vault, void *item, uint8_t type);
/** Close a vault file.
@@ -201,12 +167,13 @@ int pcpvault_addkey(vault_t *vault, void *item, uint8_t type);
contain the filename of the backup file, so that the user
doesn't loose data.
\param[in] pcp context.
\param[out] vault The vault object.
\return Returns 0. Check fatals_if_any() anyway.
*/
int pcpvault_close(vault_t *vault);
int pcpvault_close(PCPCTX *ptx, vault_t *vault);
/** Reads in the vault contents.
@@ -223,27 +190,29 @@ int pcpvault_close(vault_t *vault);
contents and compares it with the one stored in the vault
header. If it doesn't match an error will be thrown.
\param[in] pcp context.
\param[out] vault The vault object.
\return Returns 0 on success or -1 in case of errors. Check fatals_if_any().
*/
int pcpvault_fetchall(vault_t *vault);
int pcpvault_fetchall(PCPCTX *ptx, vault_t *vault);
/* Write everything back to disk. */
int pcpvault_writeall(vault_t *vault);
int pcpvault_writeall(PCPCTX *ptx, vault_t *vault);
/* copy a vault to another file */
int pcpvault_copy(vault_t *tmp, vault_t *vault);
int pcpvault_copy(PCPCTX *ptx, vault_t *tmp, vault_t *vault);
/* delete a vault file */
void pcpvault_unlink(vault_t *tmp);
/* calculate the checksum of the current vault */
byte *pcpvault_create_checksum();
/* calculate the checksum of the current vault (that is, from the
list of keys in the current context */
byte *pcpvault_create_checksum(PCPCTX *ptx);
/* write the new checksum to the header of the current vault */
void pcpvault_update_checksum(vault_t *vault);
void pcpvault_update_checksum(PCPCTX *ptx, vault_t *vault);
/* bigendian converters */
vault_header_t * vh2be(vault_header_t *h);

11
include/pcp/z85.h
View File

@@ -43,6 +43,8 @@ we pad the input with zeroes and remove them after decoding.
#include "defines.h"
#include "zmq_z85.h"
#include "mem.h"
#include "structs.h"
#include "context.h"
#include "buffer.h"
/** Zero-pad some input data.
@@ -76,6 +78,7 @@ size_t pcp_unpadfour(byte *src, size_t srclen);
The input \a z85block may contain newlines which will be removed.
\param[in] the pcp context object.
\param[in] z85block The Z85 encoded string.
\param[in] dstlen Returned size of decoded data (pointer to int).
@@ -83,7 +86,7 @@ size_t pcp_unpadfour(byte *src, size_t srclen);
returns NULL. Check fatals_if_any().
*/
byte *pcp_z85_decode(char *z85block, size_t *dstlen);
byte *pcp_z85_decode(PCPCTX *ptx, char *z85block, size_t *dstlen);
/** Encode data to Z85 encoding.
@@ -105,24 +108,26 @@ char *pcp_z85_encode(byte *raw, size_t srclen, size_t *dstlen);
Reads a file and returns the raw Z85 encoded string.
It ignores newlines, comments and Headerstrings.
\param[in] the pcp context object.
\param[in] infile FILE stream to read from.
\return Raw Z85 encoded string with comments, headers and newlines removed.
*/
char *pcp_readz85file(FILE *infile);
char *pcp_readz85file(PCPCTX *ptx, FILE *infile);
/** Read a Z85 encoded string.
Parses the given input string and returns the raw Z85 encoded string.
It ignores newlines, comments and Headerstrings.
\param[in] the pcp context object.
\param[in] input Z85 encoded string.
\param[in] bufsize Size of the string.
\return Raw Z85 encoded string with comments, headers and newlines removed.
*/
char *pcp_readz85string(byte *input, size_t bufsize);
char *pcp_readz85string(PCPCTX *ptx, byte *input, size_t bufsize);
/** Check if a binary array is utf8.