scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 12:00:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed crypto++ recipient hash handling

Browse Source
This commit is contained in:
TLINDEN
2014-05-06 20:35:47 +02:00
parent dc457b6eb9
commit ffaf37614a
3 changed files with 33 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bindings/cpp/crypto.cpp
View File

@@ -31,6 +31,7 @@ Crypto::Crypto(PcpContext &C, Key &skey, PubKey &pkey) {
PTX = C; PTX = C;
havevault = false; havevault = false;
pcphash_add(PTX.ptx, P.K, PCP_KEY_TYPE_PUBLIC); pcphash_add(PTX.ptx, P.K, PCP_KEY_TYPE_PUBLIC);
pcphash_add(PTX.ptx, S.K, PCP_KEY_TYPE_SECRET);
} }
Crypto::Crypto(PcpContext &C, Vault &v, Key &skey, PubKey &pkey) { Crypto::Crypto(PcpContext &C, Vault &v, Key &skey, PubKey &pkey) {
@@ -43,11 +44,10 @@ Crypto::Crypto(PcpContext &C, Vault &v, Key &skey, PubKey &pkey) {
bool Crypto::encrypt(FILE *in, FILE *out, bool sign) { bool Crypto::encrypt(FILE *in, FILE *out, bool sign) {
pcp_pubkey_t *pubhash = NULL; pcp_pubkey_t *pubhash = NULL;
pcphash_add(PTX.ptx, P.K, P.K->type); HASH_ADD_STR( pubhash, id, P.K);
//HASH_ADD_STR( pubhash, id, P.K);
Pcpstream *pin = ps_new_file(in); Pcpstream *pin = ps_new_file(in);
Pcpstream *pout = ps_new_file(out); Pcpstream *pout = ps_new_file(out);
ptx_dump(PTX.ptx);
size_t clen = pcp_encrypt_stream(PTX.ptx, pin, pout, S.K, pubhash, sign); size_t clen = pcp_encrypt_stream(PTX.ptx, pin, pout, S.K, pubhash, sign);
if(clen <= 0) if(clen <= 0)
throw exception(PTX); throw exception(PTX);
@@ -59,7 +59,7 @@ bool Crypto::encrypt(FILE *in, FILE *out, bool sign) {
bool Crypto::decrypt(FILE *in, FILE *out, bool verify) { bool Crypto::decrypt(FILE *in, FILE *out, bool verify) {
Pcpstream *pin = ps_new_file(in); Pcpstream *pin = ps_new_file(in);
Pcpstream *pout = ps_new_file(out); Pcpstream *pout = ps_new_file(out);
ptx_dump(PTX.ptx);
if(pcp_decrypt_stream(PTX.ptx, pin, pout, S.K, NULL, verify) <= 0) if(pcp_decrypt_stream(PTX.ptx, pin, pout, S.K, NULL, verify) <= 0)
throw exception(PTX); throw exception(PTX);
ps_close(pin); ps_close(pin);

25
man/pcp1.pod
View File

@@ -31,8 +31,7 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography.
-R --remove-key Remove a key from the vault. -R --remove-key Remove a key from the vault.
-s --export-secret Export a secret key. -s --export-secret Export a secret key.
-p --export-public Export a public key. -p --export-public Export a public key.
-S --import-secret Import a secret key. -K --import Import a secret or public key.
-P --import-public Import a public key.
-y --export-yaml Export all keys as YAML formatted text. -y --export-yaml Export all keys as YAML formatted text.
-F --export-format <fmt> Specify exportformat, either 'pbp' or 'pcp'. -F --export-format <fmt> Specify exportformat, either 'pbp' or 'pcp'.
'pcp' is the default if unspecified. 'pcp' is the default if unspecified.
@@ -373,9 +372,11 @@ Verification by recipient:
=head1 SIGNED ENCRYPTION =head1 SIGNED ENCRYPTION
Beside pure encryption and signatures pcp1 also supports signed Beside pure encryption and signatures pcp1 also supports signed
encryption. In this mode an input file will be signed your primary encryption. In this mode an input file will be encrypted and a
secret key from a BLAKE2 hash of the file contents and the recipients signature of the encrypted content and encrypted recipients with your primary
and then encrypted. The signature is encrypted as well. secret key will be appended.
The signature is encrypted as well.
Example: Example:
@@ -384,25 +385,13 @@ Example:
Please note the additional B<-g> parameter. The recipient can Please note the additional B<-g> parameter. The recipient can
decrypt and verify the so created data like this: decrypt and verify the so created data like this:
pcp1 -d -c -I README.asc -o README.txt pcp1 -d -I README.asc -o README.txt
Please note the additional B<-c> parameter.
If decryption works, the output file will be written. If signature If decryption works, the output file will be written. If signature
verification fails you will be informed, but the decrypted verification fails you will be informed, but the decrypted
output will be left untouched. It is up to you how to react output will be left untouched. It is up to you how to react
on an invalid signature. on an invalid signature.
B<Caution: as of this writing (pcp version 0.2.0) there is
no offset marker included into the output which separates
the signature from the cipher. Therefore a recipient has to
know that the file is encrypted AND signed. If, for example,
the recpient leaves the -c parameter on such a file, the decryption
process will fail. Otherwise, if the user supplies -c on an
encrypted file without a signature, decryption will fail as well.>
Note: this behavior might change in the future.
=head1 ALTERNATIVE COMMANDLINES =head1 ALTERNATIVE COMMANDLINES
You can save typing if you supply additional arguments to You can save typing if you supply additional arguments to

40
tests/cpptest.cpp
View File

@@ -30,52 +30,56 @@ FILE *_openrd(string file, PcpContext &ptx) {
return fd; return fd;
} }
void test0(PcpContext &ptx) { void test0() {
// test keygen and crypto // test keygen and crypto
PcpContext CA; // we need different contexts for sender and recipient!
PcpContext CB;
FILE *CLEAR, *CIPHER, *DECRYPTED; FILE *CLEAR, *CIPHER, *DECRYPTED;
Key A = Key(ptx, "a", "alicia", "alicia@local"); Key A = Key(CA, "a", "alicia", "alicia@local");
Key B = Key(ptx, "b", "bobby", "bobby@local"); Key B = Key(CA, "b", "bobby", "bobby@local");
PubKey PA = A.get_public(); PubKey PA = A.get_public();
PubKey PB = B.get_public(); PubKey PB = B.get_public();
A.decrypt("a"); A.decrypt("a");
B.decrypt("b"); B.decrypt("b");
Crypto A2B(ptx, A, PB); Crypto A2B(CA, A, PB);
Crypto B2A(ptx, B, PA); Crypto B2A(CB, B, PA);
CLEAR = _openwr("testcppclear", ptx); CLEAR = _openwr("testcppclear", CA);
fprintf(CLEAR, "HALLO\n"); fprintf(CLEAR, "HALLO\n");
fclose(CLEAR); fclose(CLEAR);
CIPHER = _openwr("testcpcipher", ptx); CIPHER = _openwr("testcpcipher", CA);
CLEAR = _openrd("testcppclear", ptx); CLEAR = _openrd("testcppclear", CA);
cerr << "A=>B encrypt using " << PB.get_id() << endl;
if(A2B.encrypt(CLEAR, CIPHER, false)) { if(A2B.encrypt(CLEAR, CIPHER, false)) {
CIPHER = _openrd("testcpcipher", ptx); CIPHER = _openrd("testcpcipher", CA);
DECRYPTED = _openwr("testcppdecrypted", ptx); DECRYPTED = _openwr("testcppdecrypted", CA);
cerr << "B=>A decrypt using " << PA.get_id() << endl;
if(B2A.decrypt(CIPHER, DECRYPTED, false)) { if(B2A.decrypt(CIPHER, DECRYPTED, false)) {
DECRYPTED = _openrd("testcppdecrypted", ptx); DECRYPTED = _openrd("testcppdecrypted", CA);
char *got = (char *)ucmalloc(10); char *got = (char *)ucmalloc(10);
if(fread(got, 1, 6, DECRYPTED) < 6) { if(fread(got, 1, 6, DECRYPTED) < 6) {
throw pcp::exception(ptx, "read error, could not read decrypted content"); throw pcp::exception(CA, "read error, could not read decrypted content");
} }
if(strncmp(got, "HALLO", 5) != 0) { if(strncmp(got, "HALLO", 5) != 0) {
throw pcp::exception(ptx); throw pcp::exception(CA);
} }
} }
else else
throw pcp::exception(ptx, "failed to decrypt"); throw pcp::exception(CA, "failed to decrypt");
} }
else else
throw pcp::exception(ptx, "failed to encrypt"); throw pcp::exception(CA, "failed to encrypt");
cout << "0 ok" << endl; cout << "0 ok" << endl;
CA.done();
CB.done();
} }
void test1(PcpContext &ptx) { void test1(PcpContext &ptx) {
@@ -167,7 +171,7 @@ int main(int argc, char **argv) {
throw pcp::exception(ptx, "usage: cpptest N"); throw pcp::exception(ptx, "usage: cpptest N");
switch(argv[1][0]) { switch(argv[1][0]) {
case '0': case '0':
test0(ptx); test0();
break; break;
case '1': case '1':