From ffaf37614a933cb4812279b8cef3654dfc6fce6e Mon Sep 17 00:00:00 2001 From: TLINDEN Date: Tue, 6 May 2014 20:35:47 +0200 Subject: [PATCH] fixed crypto++ recipient hash handling --- bindings/cpp/crypto.cpp | 8 ++++---- man/pcp1.pod | 25 +++++++------------------ tests/cpptest.cpp | 40 ++++++++++++++++++++++------------------ 3 files changed, 33 insertions(+), 40 deletions(-) diff --git a/bindings/cpp/crypto.cpp b/bindings/cpp/crypto.cpp index e07b5f6..0487b55 100644 --- a/bindings/cpp/crypto.cpp +++ b/bindings/cpp/crypto.cpp @@ -31,6 +31,7 @@ Crypto::Crypto(PcpContext &C, Key &skey, PubKey &pkey) { PTX = C; havevault = false; pcphash_add(PTX.ptx, P.K, PCP_KEY_TYPE_PUBLIC); + pcphash_add(PTX.ptx, S.K, PCP_KEY_TYPE_SECRET); } Crypto::Crypto(PcpContext &C, Vault &v, Key &skey, PubKey &pkey) { @@ -43,11 +44,10 @@ Crypto::Crypto(PcpContext &C, Vault &v, Key &skey, PubKey &pkey) { bool Crypto::encrypt(FILE *in, FILE *out, bool sign) { pcp_pubkey_t *pubhash = NULL; - pcphash_add(PTX.ptx, P.K, P.K->type); - //HASH_ADD_STR( pubhash, id, P.K); + HASH_ADD_STR( pubhash, id, P.K); Pcpstream *pin = ps_new_file(in); Pcpstream *pout = ps_new_file(out); - ptx_dump(PTX.ptx); + size_t clen = pcp_encrypt_stream(PTX.ptx, pin, pout, S.K, pubhash, sign); if(clen <= 0) throw exception(PTX); @@ -59,7 +59,7 @@ bool Crypto::encrypt(FILE *in, FILE *out, bool sign) { bool Crypto::decrypt(FILE *in, FILE *out, bool verify) { Pcpstream *pin = ps_new_file(in); Pcpstream *pout = ps_new_file(out); - ptx_dump(PTX.ptx); + if(pcp_decrypt_stream(PTX.ptx, pin, pout, S.K, NULL, verify) <= 0) throw exception(PTX); ps_close(pin); diff --git a/man/pcp1.pod b/man/pcp1.pod index 365099b..c334088 100644 --- a/man/pcp1.pod +++ b/man/pcp1.pod @@ -31,8 +31,7 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography. -R --remove-key Remove a key from the vault. -s --export-secret Export a secret key. -p --export-public Export a public key. - -S --import-secret Import a secret key. - -P --import-public Import a public key. + -K --import Import a secret or public key. -y --export-yaml Export all keys as YAML formatted text. -F --export-format Specify exportformat, either 'pbp' or 'pcp'. 'pcp' is the default if unspecified. @@ -373,9 +372,11 @@ Verification by recipient: =head1 SIGNED ENCRYPTION Beside pure encryption and signatures pcp1 also supports signed -encryption. In this mode an input file will be signed your primary -secret key from a BLAKE2 hash of the file contents and the recipients -and then encrypted. The signature is encrypted as well. +encryption. In this mode an input file will be encrypted and a +signature of the encrypted content and encrypted recipients with your primary +secret key will be appended. + +The signature is encrypted as well. Example: @@ -384,25 +385,13 @@ Example: Please note the additional B<-g> parameter. The recipient can decrypt and verify the so created data like this: - pcp1 -d -c -I README.asc -o README.txt - -Please note the additional B<-c> parameter. + pcp1 -d -I README.asc -o README.txt If decryption works, the output file will be written. If signature verification fails you will be informed, but the decrypted output will be left untouched. It is up to you how to react on an invalid signature. -B - -Note: this behavior might change in the future. - =head1 ALTERNATIVE COMMANDLINES You can save typing if you supply additional arguments to diff --git a/tests/cpptest.cpp b/tests/cpptest.cpp index 6a366cc..032cb84 100644 --- a/tests/cpptest.cpp +++ b/tests/cpptest.cpp @@ -30,52 +30,56 @@ FILE *_openrd(string file, PcpContext &ptx) { return fd; } -void test0(PcpContext &ptx) { +void test0() { // test keygen and crypto + PcpContext CA; // we need different contexts for sender and recipient! + PcpContext CB; + FILE *CLEAR, *CIPHER, *DECRYPTED; - Key A = Key(ptx, "a", "alicia", "alicia@local"); - Key B = Key(ptx, "b", "bobby", "bobby@local"); + Key A = Key(CA, "a", "alicia", "alicia@local"); + Key B = Key(CA, "b", "bobby", "bobby@local"); PubKey PA = A.get_public(); PubKey PB = B.get_public(); A.decrypt("a"); B.decrypt("b"); - Crypto A2B(ptx, A, PB); - Crypto B2A(ptx, B, PA); + Crypto A2B(CA, A, PB); + Crypto B2A(CB, B, PA); - CLEAR = _openwr("testcppclear", ptx); + CLEAR = _openwr("testcppclear", CA); fprintf(CLEAR, "HALLO\n"); fclose(CLEAR); - CIPHER = _openwr("testcpcipher", ptx); - CLEAR = _openrd("testcppclear", ptx); + CIPHER = _openwr("testcpcipher", CA); + CLEAR = _openrd("testcppclear", CA); - cerr << "A=>B encrypt using " << PB.get_id() << endl; if(A2B.encrypt(CLEAR, CIPHER, false)) { - CIPHER = _openrd("testcpcipher", ptx); - DECRYPTED = _openwr("testcppdecrypted", ptx); + CIPHER = _openrd("testcpcipher", CA); + DECRYPTED = _openwr("testcppdecrypted", CA); - cerr << "B=>A decrypt using " << PA.get_id() << endl; if(B2A.decrypt(CIPHER, DECRYPTED, false)) { - DECRYPTED = _openrd("testcppdecrypted", ptx); + DECRYPTED = _openrd("testcppdecrypted", CA); char *got = (char *)ucmalloc(10); if(fread(got, 1, 6, DECRYPTED) < 6) { - throw pcp::exception(ptx, "read error, could not read decrypted content"); + throw pcp::exception(CA, "read error, could not read decrypted content"); } if(strncmp(got, "HALLO", 5) != 0) { - throw pcp::exception(ptx); + throw pcp::exception(CA); } } else - throw pcp::exception(ptx, "failed to decrypt"); + throw pcp::exception(CA, "failed to decrypt"); } else - throw pcp::exception(ptx, "failed to encrypt"); + throw pcp::exception(CA, "failed to encrypt"); cout << "0 ok" << endl; + + CA.done(); + CB.done(); } void test1(PcpContext &ptx) { @@ -167,7 +171,7 @@ int main(int argc, char **argv) { throw pcp::exception(ptx, "usage: cpptest N"); switch(argv[1][0]) { case '0': - test0(ptx); + test0(); break; case '1':