scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 12:00:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed pbp encryption fix, no more size field in reclist

Browse Source
This commit is contained in:
TLINDEN
2014-02-13 20:21:32 +01:00
parent 738be64a79
commit db47cbd95a
1 changed files with 15 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
libpcp/crypto.c
View File

@@ -171,7 +171,7 @@ size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s, unsigned char *symkey
byte head[1]; byte head[1];
size_t cur_bufsize, rec_size; size_t cur_bufsize, rec_size;
unsigned char rec_buf[PCP_ASYM_RECIPIENT_RSIZE]; unsigned char rec_buf[PCP_ASYM_RECIPIENT_SIZE];
#ifdef PCP_ASYM_ADD_SENDER_PUB #ifdef PCP_ASYM_ADD_SENDER_PUB
unsigned char *senderpub; unsigned char *senderpub;
@@ -224,27 +224,23 @@ size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s, unsigned char *symkey
lenrec = be32toh(lenrec); lenrec = be32toh(lenrec);
if(verify) { if(verify) {
reccipher = ucmalloc(lenrec * PCP_ASYM_RECIPIENT_RSIZE); reccipher = ucmalloc(lenrec * PCP_ASYM_RECIPIENT_SIZE);
} }
/* step 4, fetch recipient list and try to decrypt it for us */ /* step 4, fetch recipient list and try to decrypt it for us */
unsigned char *recip = ucmalloc(PCP_ASYM_RECIPIENT_SIZE);
for(nrec=0; nrec<lenrec; nrec++) { for(nrec=0; nrec<lenrec; nrec++) {
cur_bufsize = fread(&rec_buf, 1, PCP_ASYM_RECIPIENT_RSIZE, in); cur_bufsize = fread(&rec_buf, 1, PCP_ASYM_RECIPIENT_SIZE, in);
if(cur_bufsize != PCP_ASYM_RECIPIENT_RSIZE && !feof(in) && !ferror(in)) { if(cur_bufsize != PCP_ASYM_RECIPIENT_SIZE && !feof(in) && !ferror(in)) {
fatal("Error: input file corrupted, incomplete or no recipients\n"); fatal("Error: input file corrupted, incomplete or no recipients\n");
goto errdef1; goto errdef1;
} }
recmatch = 0; recmatch = 0;
memcpy(recip, rec_buf, crypto_secretbox_NONCEBYTES);
memcpy(&recip[crypto_secretbox_NONCEBYTES], &rec_buf[crypto_secretbox_NONCEBYTES + 1], PCP_ASYM_RECIPIENT_SIZE - crypto_secretbox_NONCEBYTES);
pcphash_iteratepub(cur) { pcphash_iteratepub(cur) {
unsigned char *recipient; unsigned char *recipient;
recipient = pcp_box_decrypt(s, cur, recip, PCP_ASYM_RECIPIENT_SIZE, &rec_size); recipient = pcp_box_decrypt(s, cur, rec_buf, PCP_ASYM_RECIPIENT_SIZE, &rec_size);
if(recipient != NULL && rec_size == crypto_secretbox_KEYBYTES) { if(recipient != NULL && rec_size == crypto_secretbox_KEYBYTES) {
/* found a match */ /* found a match */
recmatch = 1; recmatch = 1;
@@ -256,10 +252,12 @@ size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s, unsigned char *symkey
} }
} }
if(verify) { if(verify) {
memcpy(&reccipher[nrec * PCP_ASYM_RECIPIENT_RSIZE], rec_buf, PCP_ASYM_RECIPIENT_RSIZE); size_t R = nrec * (PCP_ASYM_RECIPIENT_SIZE);
memcpy(&reccipher[R], rec_buf, PCP_ASYM_RECIPIENT_SIZE);
} }
} }
if(recmatch == 0) { if(recmatch == 0) {
fatal("Sorry, there's no matching public key in your vault for decryption\n"); fatal("Sorry, there's no matching public key in your vault for decryption\n");
goto errdef1; goto errdef1;
@@ -268,7 +266,7 @@ size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s, unsigned char *symkey
/* step 5, actually decrypt the file, finally */ /* step 5, actually decrypt the file, finally */
if(verify) { if(verify) {
pcp_rec_t *rec = pcp_rec_new(reccipher, nrec * (PCP_ASYM_RECIPIENT_SIZE + 1), NULL, cur); pcp_rec_t *rec = pcp_rec_new(reccipher, nrec * PCP_ASYM_RECIPIENT_SIZE, NULL, cur);
return pcp_decrypt_file_sym(in, out, symkey, rec); return pcp_decrypt_file_sym(in, out, symkey, rec);
pcp_rec_free(rec); pcp_rec_free(rec);
} }
@@ -304,7 +302,7 @@ size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p, int
/* B, encrypt it asymetrically for each recipient */ /* B, encrypt it asymetrically for each recipient */
recipient_count = HASH_COUNT(p); recipient_count = HASH_COUNT(p);
rec_size = PCP_ASYM_RECIPIENT_SIZE + 1; rec_size = PCP_ASYM_RECIPIENT_SIZE;
rs[0] = PCP_ASYM_RECIPIENT_SIZE - crypto_secretbox_NONCEBYTES; rs[0] = PCP_ASYM_RECIPIENT_SIZE - crypto_secretbox_NONCEBYTES;
recipients_cipher = ucmalloc(rec_size * recipient_count); recipients_cipher = ucmalloc(rec_size * recipient_count);
nrec = 0; nrec = 0;
@@ -312,20 +310,15 @@ size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p, int
HASH_ITER(hh, p, cur, t) { HASH_ITER(hh, p, cur, t) {
unsigned char *rec_cipher; unsigned char *rec_cipher;
rec_cipher = pcp_box_encrypt(s, cur, symkey, crypto_secretbox_KEYBYTES, &es); rec_cipher = pcp_box_encrypt(s, cur, symkey, crypto_secretbox_KEYBYTES, &es);
if(es != rec_size - 1) { if(es != rec_size) {
fatal("invalid rec_size, expected %dl, got %dl\n", rec_size - 1, es); fatal("invalid rec_size, expected %dl, got %dl\n", rec_size, es);
if(rec_cipher != NULL) if(rec_cipher != NULL)
free(rec_cipher); free(rec_cipher);
goto errec1; goto errec1;
} }
/* so we need to put out the reclist in pbp form which has /* put it into the recipient list, already includes the nonce */
a byte between the nonce and the cipher, for whatever reason */ memcpy(&recipients_cipher[nrec * rec_size], rec_cipher, rec_size);
memcpy(&recipients_cipher[nrec * rec_size], rec_cipher, crypto_secretbox_NONCEBYTES);
memcpy(&recipients_cipher[(nrec * rec_size) + crypto_secretbox_NONCEBYTES], rs, 1);
memcpy(&recipients_cipher[(nrec * rec_size) + crypto_secretbox_NONCEBYTES + 1],
&rec_cipher[crypto_secretbox_NONCEBYTES], rec_size - 1 - crypto_secretbox_NONCEBYTES);
nrec++; nrec++;
free(rec_cipher); free(rec_cipher);
} }
@@ -601,6 +594,7 @@ size_t pcp_decrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, pcp_rec_
if(recverify != NULL) { if(recverify != NULL) {
/* decrypt the signature */ /* decrypt the signature */
memcpy(buf_nonce, signature_cr, crypto_secretbox_NONCEBYTES); memcpy(buf_nonce, signature_cr, crypto_secretbox_NONCEBYTES);
es = pcp_sodium_verify_mac(&signature, &signature_cr[crypto_secretbox_NONCEBYTES], es = pcp_sodium_verify_mac(&signature, &signature_cr[crypto_secretbox_NONCEBYTES],
siglen_cr - crypto_secretbox_NONCEBYTES, buf_nonce, symkey); siglen_cr - crypto_secretbox_NONCEBYTES, buf_nonce, symkey);
if(es == 0) { if(es == 0) {