diff --git a/ChangeLog b/ChangeLog index 40827bb..355a806 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,9 @@ NEXT secret key, so that the recipient will be able to verify the signature. + Added -v support for -d and -e. + + 0.3.0 Changed publuc key signature storage, previously I didn't add the actual signature, therefore a diff --git a/libpcp/crypto.c b/libpcp/crypto.c index f4468d3..3f360e1 100644 --- a/libpcp/crypto.c +++ b/libpcp/crypto.c @@ -175,6 +175,10 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t } } + if(ptx->verbose) { + fprintf(stderr, "crypto.c: header <= self: %d, anon: %d, verify:%d\n", + self, anon, verify); + } if(self) { /* just decrypt symetrically and go outa here */ @@ -189,6 +193,12 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t fatal(ptx, "Error: input file doesn't contain senders public key\n"); goto errdef1; } + + if(ptx->verbose) { + fprintf(stderr, "crypto.c: <= sender anon pub key:\n"); + pcp_dumppubkey(senderpub); + } + } /* step 3, check len recipients */ @@ -200,15 +210,13 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t lenrec = be32toh(lenrec); if (ptx->verbose) { - fprintf(stderr, "DEBUG: input is encrypted for %ld recipients\n", (long int)lenrec); + fprintf(stderr, "crypto.c: input is encrypted for %ld recipients\n", (long int)lenrec); } if(verify) { reccipher = ucmalloc(lenrec * PCP_ASYM_RECIPIENT_SIZE); } - - /* step 4, fetch recipient list and try to decrypt it for us */ rec_buf = ucmalloc(PCP_ASYM_RECIPIENT_SIZE); for(nrec=0; nrecverbose) { + fprintf(stderr, "crypto.c: <= rec_cipher:\n"); + _dump("crypto.c: encrypted rec cipher", rec_buf, cur_bufsize); + } if(anon) { /* anonymous sender */ byte *recipient; @@ -236,6 +248,11 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t memcpy(reccipher, rec_buf, PCP_ASYM_RECIPIENT_SIZE); } nrec++; /* otherwise missing */ + + if(ptx->verbose) { + _dump("crypto.c: got anon symkey", symkey, crypto_secretbox_KEYBYTES); + } + break; } free(recipient); @@ -250,8 +267,14 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t recmatch = 1; symkey = smalloc(crypto_secretbox_KEYBYTES); memcpy(symkey, recipient, crypto_secretbox_KEYBYTES); - free(recipient); + + if(ptx->verbose) { + fprintf(stderr, "crypto.c: matching pub key:\n"); + pcp_dumppubkey(cur); + _dump("crypto.c: got recipient symkey", symkey, crypto_secretbox_KEYBYTES); + } + break; } free(recipient); @@ -275,6 +298,10 @@ size_t pcp_decrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, pcp_key_t memcpy(symkey, recipient, crypto_secretbox_KEYBYTES); free(recipient); cur = fromsec; + + if(ptx->verbose) { + _dump("crypto.c: got my own sec symkey", symkey, crypto_secretbox_KEYBYTES); + } break; } } @@ -340,12 +367,20 @@ size_t pcp_encrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t /* A, generate sym key */ symkey = srmalloc(crypto_secretbox_KEYBYTES); + if(ptx->verbose) { + _dump("crypto.c: new symkey", symkey, crypto_secretbox_KEYBYTES); + } + /* B, encrypt it asymetrically for each recipient */ recipient_count = HASH_COUNT(p); rec_size = PCP_ASYM_RECIPIENT_SIZE; recipients_cipher = ucmalloc(rec_size * recipient_count); nrec = 0; + if(ptx->verbose) { + fprintf(stderr, "crypto.c: async recipients: %d\n", recipient_count); + } + HASH_ITER(hh, p, cur, t) { byte *rec_cipher; rec_cipher = pcp_box_encrypt(ptx, secret, cur, symkey, crypto_secretbox_KEYBYTES, &es); @@ -356,6 +391,12 @@ size_t pcp_encrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t goto errec1; } + if(ptx->verbose) { + fprintf(stderr, "crypto.c: recipient pub key:\n"); + pcp_dumppubkey(cur); + _dump("crypto.c: encrypted rec cipher", rec_cipher, rec_size); + } + /* put it into the recipient list, already includes the nonce */ memcpy(&recipients_cipher[nrec * rec_size], rec_cipher, rec_size); nrec++; @@ -363,6 +404,11 @@ size_t pcp_encrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t } /* step 1, file header */ + if(ptx->verbose) { + fprintf(stderr, "crypto.c: header => anon: %d, verify:%d\n", + anon, sign); + } + if(sign && anon) head[0] = PCP_ASYM_CIPHER_ANON_SIG; else if(sign) @@ -383,6 +429,11 @@ size_t pcp_encrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t ps_write(out, secret->pub, crypto_box_PUBLICKEYBYTES); if(ps_err(out) != 0) goto errec1; + + if(ptx->verbose) { + fprintf(stderr, "crypto.c: => anon pub key:\n"); + _dump("crypto.c: => anon pub key", secret->pub, 32); + } } /* step 3, len recipients, big endian */ @@ -394,7 +445,6 @@ size_t pcp_encrypt_stream(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t /* step 4, recipient list */ ps_write(out, recipients_cipher, rec_size * recipient_count); - /* fprintf(stderr, "D: recipients - %ld * %d\n", rec_size, recipient_count); */ if(ps_err(out) != 0) goto errec1; @@ -460,11 +510,13 @@ size_t pcp_encrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, byte * if(havehead == 0) { head[0] = PCP_SYM_CIPHER; es = ps_write(out, head, 1); - /* es = fwrite(head, 1, 1, out); */ if(ps_err(out) != 0) { fatal(ptx, "Failed to write encrypted output!\n"); return 0; } + if(ptx->verbose) { + fprintf(stderr, "crypto.c: => header: self: 1\n"); + } } /* 32k-Block-mode. */ @@ -499,11 +551,11 @@ size_t pcp_encrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, byte * if(recsign != NULL) { /* add encrypted recipient list to the hash */ crypto_generichash_update(st, recsign->cipher, recsign->ciphersize); - crypto_generichash_final(st, hash, crypto_generichash_BYTES_MAX); + crypto_generichash_final(st, hash, LHASH); /* generate the actual signature */ - byte *signature = pcp_ed_sign(hash, crypto_generichash_BYTES_MAX, recsign->secret); - size_t siglen = crypto_sign_BYTES + crypto_generichash_BYTES_MAX; + byte *signature = pcp_ed_sign(hash, LHASH, recsign->secret); + size_t siglen = LSIG + LHASH; /* encrypt it as well */ buf_nonce = pcp_gennonce(); @@ -512,13 +564,19 @@ size_t pcp_encrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream *out, byte * ps_write(out, buf_nonce, LNONCE); ps_write(out, buf_cipher, es); + if(ptx->verbose) { + _dump("crypto.c: => sig", signature, siglen); + _dump("crypto.c: => nonce", buf_nonce, LNONCE); + _dump("crypto.c: => enc sig", buf_cipher, es); + } + free(st); free(hash); ucfree(buf_nonce, LNONCE); free(buf_cipher); ucfree(signature, siglen); } - + ucfree(in_buf, PCP_BLOCK_SIZE); return out_size; @@ -657,6 +715,12 @@ size_t pcp_decrypt_stream_sym(PCPCTX *ptx, Pcpstream *in, Pcpstream* out, } free(verifiedhash); } + + if(ptx->verbose) { + _dump("crypto.c: <= sig", signature, siglen); + _dump("crypto.c: <= nonce", buf_nonce, LNONCE); + _dump("crypto.c: <= enc sig", &signature_cr[LNONCE], siglen_cr - LNONCE); + } } else { fatal(ptx, "Failed to decrypt signature!\n");