From f0494385e1c87c14207779312302a3cd58bafae5 Mon Sep 17 00:00:00 2001 From: TLINDEN Date: Tue, 13 Jan 2015 13:06:20 +0100 Subject: [PATCH] now using setrlimit() if present and if not in debug mode; applied changes for removed files --- ChangeLog | 7 +++++++ TODO | 35 +++++++++++++++++++---------------- autogen.sh | 2 +- configure.ac | 25 ++++++++++++++++++++++++- include/Makefile.am | 2 -- include/pcp.h | 2 -- include/pcp/config.h.in | 3 +++ libpcp/Makefile.am | 2 +- src/pcp.c | 7 +++++++ src/pcp.h | 8 ++++++++ 10 files changed, 70 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index c615421..7424a63 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +NEXT + removed hand-written padding stuff and using + libsodiums _easy() functions for crypto now + instead of the raw nacl ones. + + using secure memory where applicable. + 0.2.4 fixed compiler macro misplacement (github#4). fixed invalid free (github#5). diff --git a/TODO b/TODO index 5551322..d56f835 100644 --- a/TODO +++ b/TODO @@ -26,22 +26,25 @@ c++ destructor double free mess cpptest 0 uses same Context for encryptor and decryptor, must be another one for the latter! -Python binding, e.g.: -py % cdll.LoadLibrary("libsodium.so.8") - -py % nacl = CDLL("libsodium.so.8") -py % hash = create_string_buffer('\000' * 64) -py % hash - -py % hash.raw -'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x... -py % key = create_string_buffer('a' * 32) -py % nacl.crypto_hash_sha256(pointer(hash), pointer(key), 32) -0 -py % hash.raw -';\xa3\xf5\xf4;\x92`&\x83\xc1\x9a\xeeb\xa2\x03B\xb0\x84\... -py % - after new z85 padding scheme: write z85 blocksize to output as well? if a reader doesn't know the blocksize it won't be able to decode it properly. Or no issue? Not sure yet... + + +(gdb) set args -V v1 -p -x xxx -z -i 0x8671F4264E20F179 +(gdb) r +Starting program: /usr/home/sciplocal/D/github/pcp/src/pcp1 -V v1 -p -x xxx -z -i 0x8671F4264E20F179 +failed to decrypt the secret key (got -1, expected 32)! +Error: Operation not permitted + +Program received signal SIGSEGV, Segmentation fault. +0x000000000040f8e8 in pcphash_del (ptx=0x801017040, key=0x80107b100, type=Variable "type" is not available. +) at keyhash.c:28 +28 HASH_DEL(ptx->pcpkey_hash, (pcp_key_t *)key); +(gdb) bt +#0 0x000000000040f8e8 in pcphash_del (ptx=0x801017040, key=0x80107b100, type=Variable "type" is not available. +) at keyhash.c:28 +#1 0x000000000040fba7 in pcphash_clean (ptx=0x801017040) at keyhash.c:50 +#2 0x00000000004084ff in ptx_clean (ptx=0x801017040) at context.c:52 +#3 0x0000000000402557 in main (argc=Variable "argc" is not available. +) at pcp.c:593 diff --git a/autogen.sh b/autogen.sh index a70bbae..84dcdd9 100755 --- a/autogen.sh +++ b/autogen.sh @@ -61,7 +61,7 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography. # generate pypcp types bindings/py/gencffi.pl include/pcp/defines.h include/pcp/structs.h include/pcp/key.h \ - include/pcp/buffer.h include/pcp/context.h include/pcp/mac.h \ + include/pcp/buffer.h include/pcp/context.h \ include/pcp/ed.h include/pcp/crypto.h include/pcp/vault.h \ include/pcp/mgmt.h include/pcp/keyhash.h include/pcp/scrypt.h \ include/pcp/pcpstream.h include/pcp/z85.h > bindings/py/pypcp/raw.py diff --git a/configure.ac b/configure.ac index 0b4df96..370ca64 100755 --- a/configure.ac +++ b/configure.ac @@ -78,6 +78,7 @@ AC_CHECK_FUNCS( \ memset \ memcpy \ perror \ + setrlimit \ strnlen \ strnstr \ strlen \ @@ -192,12 +193,31 @@ if test "x${_havenacl}" = "xno"; then LDFLAGS=`pkg-config --libs libsodium` CFLAGS=`pkg-config --cflags libsodium` _ldlib=`pkg-config --libs libsodium | cut -d ' ' -f 1 | cut -d L -f 2` + _havenacl=yes AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi fi +if test "x${_havenacl}" != "xno" -a "x$cross_compile" = "xno"; then + AC_MSG_CHECKING([libsodium version compatible]) + AC_RUN_IFELSE([ + AC_LANG_PROGRAM([[ +#include + ]],[[ + if (sodium_library_version_major() >= 7) { exit(0); } + else { exit(1); } + ]])], + [ + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_ERROR([no, libsodium too old. please update your libsodium installation]) + ] + ) +fi + AC_ARG_ENABLE([cbc], [AS_HELP_STRING([--enable-cbc], [Enable CBC@1k encryption mode (default: EBC @32k)])], @@ -260,6 +280,7 @@ AC_MSG_CHECKING([is libsodium compiled correctly]) AC_RUN_IFELSE([ AC_LANG_PROGRAM([[ #include +#include #if crypto_box_PUBLICKEYBYTES != 32 || crypto_box_SECRETKEYBYTES != 32 || crypto_sign_PUBLICKEYBYTES != 32 || crypto_sign_PUBLICKEYBYTES != 32 # error "libsodium not built correctly" #endif @@ -301,7 +322,7 @@ AC_ARG_ENABLE([debug], AS_HELP_STRING([--disable-debug], [Disable debugging])) AS_IF([test "x$enable_debug" != "xno"], [ - CFLAGS="$CFLAGS -g" + CFLAGS="$CFLAGS -g -DDEBUG" enable_debug="yes" ]) @@ -388,6 +409,8 @@ AC_MSG_RESULT([ target platform: ${host} big endian cpu: ${bigendian} + cross compile: ${cross_compile} + have nacl: ${_havenacl} build python binding: ${python} build c++ binding: ${enable_cpp_binding} diff --git a/include/Makefile.am b/include/Makefile.am index b5e95aa..518c1a5 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -7,9 +7,7 @@ PCPEXPORT = pcp.h \ pcp/jenhash.h \ pcp/key.h \ pcp/keyhash.h \ - pcp/mac.h \ pcp/mem.h \ - pcp/pad.h \ pcp/platform.h \ pcp/randomart.h \ pcp/uthash.h \ diff --git a/include/pcp.h b/include/pcp.h index 45255d0..fe070bf 100644 --- a/include/pcp.h +++ b/include/pcp.h @@ -19,10 +19,8 @@ extern "C" { #include "pcp/key.h" #include "pcp/keyhash.h" #include "pcp/keysig.h" -#include "pcp/mac.h" #include "pcp/mem.h" #include "pcp/mgmt.h" -#include "pcp/pad.h" #include "pcp/pcpstream.h" #include "pcp/platform.h" #include "pcp/plist.h" diff --git a/include/pcp/config.h.in b/include/pcp/config.h.in index 6a08a31..4e6cca1 100644 --- a/include/pcp/config.h.in +++ b/include/pcp/config.h.in @@ -91,6 +91,9 @@ /* Define to 1 if you have the `posix_memalign' function. */ #undef HAVE_POSIX_MEMALIGN +/* Define to 1 if you have the `setrlimit' function. */ +#undef HAVE_SETRLIMIT + /* Define to 1 if you have the `sizeof' function. */ #undef HAVE_SIZEOF diff --git a/libpcp/Makefile.am b/libpcp/Makefile.am index b3922f2..5c968d3 100644 --- a/libpcp/Makefile.am +++ b/libpcp/Makefile.am @@ -26,7 +26,7 @@ lib_LTLIBRARIES = libpcp1.la pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libpcp1.pc -libpcp1_la_SOURCES = platform.c mac.c mem.c pad.c version.c \ +libpcp1_la_SOURCES = platform.c mem.c version.c \ context.c z85.c zmq_z85.c key.c randomart.c \ vault.c jenhash.c digital_crc32.c \ crypto.c ed.c keyhash.c scrypt.c \ diff --git a/src/pcp.c b/src/pcp.c index 37d16cc..69f56bd 100644 --- a/src/pcp.c +++ b/src/pcp.c @@ -309,6 +309,13 @@ int main (int argc, char **argv) { sodium_init(); /* FIXME: better called from the lib? */ + +#ifndef DEBUG +# ifdef HAVE_SETRLIMIT + setrlimit(RLIMIT_CORE, &(struct rlimit) {0, 0}); +# endif +#endif + errno = 0; /* FIXME: workaround for https://github.com/jedisct1/libsodium/issues/114 */ if(mode == PCP_MODE_ENCRYPT && useid == 0 && userec == 0) { diff --git a/src/pcp.h b/src/pcp.h index e5bb9f8..c24f2ff 100644 --- a/src/pcp.h +++ b/src/pcp.h @@ -28,6 +28,14 @@ #include #include +#ifndef DEBUG +# ifdef HAVE_SETRLIMIT +# include +# include +# include +# endif +#endif + /* lib */ #include "mem.h" #include "z85.h"