scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-18 12:20:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: scip:cc03ba
Branches Tags
scip:master scip:codeberg scip:v0.3.0
scip:v0.4.1 scip:cc03ba scip:v0.4.0 scip:v0.3.0
...
compare: scip:master
Branches Tags
scip:master scip:codeberg scip:v0.3.0
scip:v0.4.1 scip:cc03ba scip:v0.4.0 scip:v0.3.0

3 Commits
cc03ba ... master

Author SHA1 Message Date
Thomas von Dein
8ecfe531a3 rm unneeded files 2025-11-24 23:16:54 +01:00
Thomas von Dein
de2e1f3f22 add badges 2025-11-24 23:11:25 +01:00
T. von Dein
913f584b76 migrate to codeberg (#21) 2025-11-24 23:02:13 +01:00
66 changed files with 1704 additions and 3305 deletions
Expand all files Collapse all files

62
.travis.yml
View File

@@ -1,62 +0,0 @@
sudo: false
language: c
os:
- linux
addons:
apt:
packages:
- python-pip
- texinfo
compiler:
- clang
- gcc
before_install:
# runtime dependency
- git clone https://github.com/jedisct1/libsodium
- cd libsodium
- ./autogen.sh
- ./configure --prefix=$HOME/usr
- make
- make install
- cd ..
#
# for debugging - just in case, uncomment this and the next if needed
#- wget http://valgrind.org/downloads/valgrind-3.10.1.tar.bz2
#- tar xvjf valgrind-3.10.1.tar.bz2
#- cd valgrind-3.10.1
#- ./configure --prefix=/usr
#- make
#- sudo make install
#- cd ..
#
# valgrind runtime dependency
#- sudo apt-get update
#- sudo apt-get install libc6-dbg
#
# python bindings runtime dependencies
#- git clone https://github.com/atgreen/libffi
#- cd libffi
#- ./autogen.sh
#- ./configure --prefix=/usr
#- make
#- sudo make install
#- cd ..
#- sudo pip install cffi
#
# finally prepare autoconf stuff
- ./autogen.sh
script:
#- ./configure --enable-python-binding
- LD_LIBRARY_PATH=$HOME/usr/lib ./configure --with-libsodium=$HOME/usr
- make
- make check
- make test
#
# upload last fuzzy testfiles in case one of them failed
- cd tests
- cat testfuzzP.pub | openssl base64 | curl -F 'sprunge=<-' http://sprunge.us
- cat testfuzzS.sec | openssl base64 | curl -F 'sprunge=<-' http://sprunge.us

29
.woodpecker/build.yaml Normal file
View File

@@ -0,0 +1,29 @@
matrix:
platform:
- linux/amd64
labels:
platform: ${platform}
steps:
build:
when:
event: [push]
image: alpine:latest
commands:
- apk update
- apk add --no-cache bash build-base gdb perl libsodium libsodium-dev libbsd libbsd-dev jansson jansson-dev db db-dev pkgconfig meson ninja
- meson setup --reconfigure build
- ninja -C build
test:
when:
event: [push]
image: alpine:latest
commands:
- apk update
- apk add --no-cache bash build-base gdb perl libsodium libsodium-dev libbsd libbsd-dev jansson jansson-dev db db-dev pkgconfig meson ninja
- meson setup --reconfigure build
- ninja -C build test

54
.woodpecker/release.sh Executable file
View File

@@ -0,0 +1,54 @@
#!/bin/bash
# This is my own simple codeberg generic releaser. It takes to
# binaries to be uploaded as arguments and takes every other args from
# env. Works on tags or normal commits (push), tags must start with v.
set -e
die() {
echo $*
exit 1
}
if test -z "$DEPLOY_TOKEN"; then
die "token DEPLOY_TOKEN not set"
fi
git fetch --all
# determine current tag or commit hash
version="$CI_COMMIT_TAG"
previous=""
log=""
if test -z "$version"; then
version="${CI_COMMIT_SHA:0:6}"
log=$(git log -1 --oneline)
else
previous=$(git tag -l | grep -E "^v" | tac | grep -A1 "$version" | tail -1)
log=$(git log -1 --oneline "${previous}..${version}" | sed 's|^|- |g')
fi
# release body
printf "# Changes\n\n %s\n" "$log" > body.txt
# create the release
https --ignore-stdin --check-status -b -A bearer -a "$DEPLOY_TOKEN" POST \
"https://codeberg.org/api/v1/repos/${CI_REPO_OWNER}/${CI_REPO_NAME}/releases" \
tag_name="$version" name="Release $version" body=@body.txt > release.json
# we need the id to upload files
ID=$(jq -r .id < release.json)
if test -z "$ID"; then
cat release.json
die "failed to create release"
fi
# actually upload
for file in "$@"; do
https --ignore-stdin --check-status -A bearer -a "$DEPLOY_TOKEN" -f POST \
"https://codeberg.org/api/v1/repos/${CI_REPO_OWNER}/${CI_REPO_NAME}/releases/$ID/assets" \
"name=${file}" "attachment@${file}"
done

28
.woodpecker/release.yaml Normal file
View File

@@ -0,0 +1,28 @@
# build release
labels:
platform: linux/amd64
steps:
dist:
when:
event: [tag,manual]
image: alpine:latest
commands:
- apk update
- apk add --no-cache bash build-base gdb perl libsodium libsodium-dev libbsd libbsd-dev jansson jansson-dev db db-dev pkgconfig meson ninja git
- meson setup --reconfigure --buildtype=release build
- meson dist -C build --formats xztar,gztar,zip --no-tests
- mv build/meson-dist/* .
release:
image: alpine:latest
when:
event: [tag,manual]
environment:
DEPLOY_TOKEN:
from_secret: DEPLOY_TOKEN
commands:
- apk update
- apk add --no-cache bash httpie jq git
- .woodpecker/release.sh pcp-*

19
.woodpecker/test.sh Executable file
View File

@@ -0,0 +1,19 @@
#!/bin/bash
yq '.steps.test-gdbm.commands' < .woodpecker/build.yaml \
| grep -- - | grep -v apk | sed 's/^\- //' \
| while read COMMAND; do
echo "$COMMAND" | bash -e > debug.log 2>&1
if test $? -ne 0; then
echo "fail - $COMMAND"
if test -s debug.log; then
cat debug.log
else
echo exit 1
fi
else
echo "ok - $COMMAND"
fi
done
rm -f debug.log

674
COPYING
View File

@@ -1,674 +0,0 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

60
FAQ
View File

@@ -1,60 +0,0 @@
= build a static binary =
./configure --disable-debug
make LDFLAGS="-all-static -s"
= choosing a strong passphrase =
A passphrase like Ahc<e3% is not really secure. First
it's difficult to memorize, second it's easy for a computer
to compute. The better aproach is to use a passphrase
you can easily memorize and which is hard for a computer
to compute (i.e. to guess) like: Phantom orchestra boredom popcorn.
Read [1] to learn more.
Pcp doesn't enforce a password policy nor does it check
the password quality. Use something like pwqcheck [2].
= supply password non-interactively without blocking stdin =
Sometimes (e.g. for tests) there's no controlling terminal from
which pcp could request a passphrase if needed. In such cases
you can use the option -X <file> so that it reads the passphrase
from that file.
However if you call -X - then it will read the passphrase from
stdin. But what if the data to be processed shall be read from
stdin as well?
Use a pipe:
mkfifo /tmp/pwpipe
chmod 600 /tmp/pwpipe
export HISTIGNORE=printf
printf "%s\n", "password" > /tmp/pwpipe &
cat cleartext | pcp1 -e -O output -X /tmp/pwpipe
rm -f /tmp/pwpipe
So, what happens here? We create a named pipe in /tmp/pwpipe and
print the passphrase into it. We use printf, because this is a
shell built-in and does not appear in any process listing or
process accounting. But note the '&' after the printf command:
we're sending it into the background. Why? Because a named pipe
is a real simple device. It blocks writing if there's no reader
and it blocks reading if there's no writer. So in our case we
put the passphrase into it, but the printf command will be blocked
until some other process reads it from the pipe, which is precisely
what happens in the next line. Pcp uses the pipe (because of -X),
reads the passphrase from there and proceeds with it's normal
business. Meanwhile the printf command exits.
[1]
https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess/
[2]
http://www.openwall.com/passwdqc/

370
INSTALL
View File

@@ -1,370 +0,0 @@
Installation Instructions
*************************
Copyright (C) 1994-1996, 1999-2002, 2004-2012 Free Software Foundation,
Inc.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved. This file is offered as-is,
without warranty of any kind.
Basic Installation
==================
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
instructions specific to this package. Some packages provide this
`INSTALL' file but do not implement all of the features documented
below. The lack of an optional feature in a given package is not
necessarily a bug. More recommendations for GNU packages can be found
in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints
some messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and
documentation. When installing into a prefix owned by root, it is
recommended that the package be configured and built as a regular
user, and only the `make install' phase executed with root
privileges.
5. Optionally, type `make installcheck' to repeat any self-tests, but
this time using the binaries in their final installed location.
This target does not install anything. Running this target as a
regular user, particularly if the prior `make install' required
root privileges, verifies that the installation completed
correctly.
6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
7. Often, you can also type `make uninstall' to remove the installed
files again. In practice, not all packages have tested that
uninstallation works correctly, even though it is required by the
GNU Coding Standards.
8. Some packages, particularly those that use Automake, provide `make
distcheck', which can by used by developers to test that all other
targets like `make install' and `make uninstall' work correctly.
This target is generally not run by end users.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. Run `./configure --help'
for details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'. This
is known as a "VPATH" build.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before
reconfiguring for another architecture.
On MacOS X 10.5 and later systems, you can create libraries and
executables that work on multiple system types--known as "fat" or
"universal" binaries--by specifying multiple `-arch' options to the
compiler but only a single `-arch' option to the preprocessor. Like
this:
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CPP="gcc -E" CXXCPP="g++ -E"
This is not guaranteed to produce working output in all cases, you
may have to build one architecture at a time and combine the results
using the `lipo' tool if you have problems.
Installation Names
==================
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
`configure' the option `--prefix=PREFIX', where PREFIX must be an
absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them. In general, the
default for these options is expressed in terms of `${prefix}', so that
specifying just `--prefix' will affect all of the other directory
specifications that were not explicitly provided.
The most portable way to affect installation locations is to pass the
correct locations to `configure'; however, many packages provide one or
both of the following shortcuts of passing variable assignments to the
`make install' command line to change installation locations without
having to reconfigure or recompile.
The first method involves providing an override variable for each
affected directory. For example, `make install
prefix=/alternate/directory' will choose an alternate location for all
directory configuration variables that were expressed in terms of
`${prefix}'. Any directories that were specified during `configure',
but not in terms of `${prefix}', must each be overridden at install
time for the entire installation to be relocated. The approach of
makefile variable overrides for each directory variable is required by
the GNU Coding Standards, and ideally causes no recompilation.
However, some platforms have known limitations with the semantics of
shared libraries that end up requiring recompilation when using this
method, particularly noticeable in packages that use GNU Libtool.
The second method involves providing the `DESTDIR' variable. For
example, `make install DESTDIR=/alternate/directory' will prepend
`/alternate/directory' before all installation names. The approach of
`DESTDIR' overrides is not required by the GNU Coding Standards, and
does not work on platforms that have drive letters. On the other hand,
it does better at avoiding recompilation issues, and works well even
when some directory options were not specified in terms of `${prefix}'
at `configure' time.
Optional Features
=================
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Some packages offer the ability to configure how verbose the
execution of `make' will be. For these packages, running `./configure
--enable-silent-rules' sets the default to minimal output, which can be
overridden with `make V=1'; while running `./configure
--disable-silent-rules' sets the default to verbose, which can be
overridden with `make V=0'.
Particular systems
==================
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
CC is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
HP-UX `make' updates targets which have the same time stamps as
their prerequisites, which makes it generally unusable when shipped
generated files such as `configure' are involved. Use GNU `make'
instead.
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
a workaround. If GNU CC is not installed, it is therefore recommended
to try
./configure CC="cc"
and if that doesn't work, try
./configure CC="cc -nodtk"
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
directory contains several dysfunctional programs; working variants of
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
in your `PATH', put it _after_ `/usr/bin'.
On Haiku, software installed for all users goes in `/boot/common',
not `/usr/local'. It is recommended to use the following options:
./configure --prefix=/boot/common
Specifying the System Type
==========================
There may be some features `configure' cannot figure out
automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the
_same_ architectures, `configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
where SYSTEM can have one of these forms:
OS
KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
an Autoconf limitation. Until the limitation is lifted, you can use
this workaround:
CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation
======================
`configure' recognizes the following options to control how it
operates.
`--help'
`-h'
Print a summary of all of the options to `configure', and exit.
`--help=short'
`--help=recursive'
Print a summary of the options unique to this package's
`configure', and exit. The `short' variant lists options used
only in the top level, while the `recursive' variant lists options
also present in any nested packages.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--prefix=DIR'
Use DIR as the installation prefix. *note Installation Names::
for more details, including other options available for fine-tuning
the installation locations.
`--no-create'
`-n'
Run the configure checks, but stop before creating any output
files.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.

37
Makefile.am
View File

@@ -1,37 +0,0 @@
#
# This file is part of Pretty Curved Privacy (pcp1).
#
# Copyright (C) 2013-2015 T.Linden.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# You can contact me by mail: <tlinden AT cpan DOT org>.
#
if BUILDPY
MAYPY=bindings/py
endif
if BUILDCPP
MAYCPP=bindings/cpp
endif
SUBDIRS = include libpcp src man tests $(MAYCPP) $(MAYPY)
ACLOCAL_AMFLAGS = -I config
test:
cd tests && make test $(CHECK)
stresstest:
cd tests && make stresstest

0
NEWS
View File

182
README
View File

@@ -1,182 +0,0 @@
DESCRIPTION
Pretty Curved Privacy (pcp1) is a commandline utility which can be used
to encrypt files. pcp1 uses eliptc curve cryptography for encryption
(CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide
accepted standard it hasn't been compromised by the NSA - which might be
better, depending on your point of view.
Caution: since CURVE25519 is no accepted standard, pcp1 has to be
considered as experimental software. In fact, I wrote it just to learn
about the curve and see how it works.
Beside some differences it works like GNUPG. So, if you already know how
to use gpg, you'll feel almost home.
QUICKSTART
Lets say, Alicia and Bobby want to exchange encrypted messages. Here's
what the've got to do.
First, both have create a secret key:
Alicia Bobby
pcp1 -k pcp1 -k
After entering their name, email address and a passphrase to protect the
key, it will be stored in their vault file (by default ~/.pcpvault).
Now, both of them have to export the public key, which has to be
imported by the other one. With pcp you can export the public part of
your primary key, but the better solution is to export a derived public
key especially for the recipient:
Alicia Bobby
pcp1 -p -r Bobby -O alicia.pub pcp1 -p -r Alicia -O bobby.pub
They've to exchange the public key somehow (which is not my problem at
the moment, use ssh, encrypted mail, whatever). Once exchanged, they
have to import it:
Alicia Bobby
pcp1 -K -I bobby.pub pcp1 -K -I alicia.pub
They will see a response as this when done:
key 0x29A323A2C295D391 added to .pcpvault.
Now, Alicia finally writes the secret message, encrypts it and sends it
to Bobby, who in turn decrypts it:
Alicia Bobby
echo "Love you, honey" > letter
pcp1 -e -r Bobby -I letter -O letter.asc
cat letter.asc | mail bobby@foo.bar
pcp1 -d -I letter.asc | less
And that's it.
Please note the big difference to GPG though: both Alicia AND Bobby have
to enter the passphrase for their secret key! That's the way CURVE25519
works: you encrypt a message using your secret key and the recipients
public key and the recipient does the opposite, he uses his secret key
and your public key to actually decrypt the message.
Oh - and if you're wondering why I named them Alicia and Bobby: I was
just sick of Alice and Bob. We're running NSA-free, so we're using other
sample names as well.
FILES AND PIPES
Pcp behaves like any other unix tool. If not otherwise specified it will
read input from standard input (STDIN) and print output to standard
output (STDOUT). For instance:
pcp1 -e -O output
will read the text to be encrypted from standard input, because -I has
not been specified. It works the same with -O:
pcp1 -e -I myfile
In this case the encrypted result will be written to standard output.
Therefore it is possible to use pcp within pipes. Another more realistic
example:
ssh remote cat file | pcp1 -ez | mailx -s 'as requested' bob@somewhere
here we encrypt a file symmetrically without downloading it from a
remote ssh server and sending the encrypted result via email to someone.
The behavior is the same with any other functionality where files are
involved like importing or exporting keys. However, there's one
exception: If the option -X (--password-file) has been used and is set
to -, then this will take precedence over any other possible use of
standard input. So if you want to encrypt something and don't specify an
input file you cannot use -X -, and vice versa. IF you use -X - the
passphrase will be read from standard input, which then can't be used
further for input files elsewhere. Pcp will exit with an error in such a
case.
INSTALLATION
There are currently no packages available, so pcp has to be compiled
from source. Follow these steps:
First, you will need libsodium:
git clone git://github.com/jedisct1/libsodium.git
cd libsodium
./autogen.sh
./configure && make check
sudo make install
sudo ldconfig
cd ..
If you want to have JSON support, you'll need to install the Jansson
library (optional):
git clone git://github.com/akheron/jansson.git
cd jansson
autoreconf -i
./configure && make
sudo make install
cd ..
In order to use the python binding, you need to install the cffi python
package.
Next, build pcp:
git clone git://github.com/tlinden/pcp.git
cd pcp
./configure
sudo make install
cd ..
Optionally, you might run the unit tests:
make test
DOCUMENTATION
To learn how to use pcp, read the manpage:
man pcp1
COPYRIGHT
Copyright (c) 2013-2015 by T.v.Dein <tom AT vondein DOT org>
ADDITIONAL COPYRIGHTS
ZeroMQ Z85 encoding routine
Copyright (c) 2007-2013 iMatix Corporation
Copyright (c) 2009-2011 250bpm s.r.o.
Copyright (c) 2010-2011 Miru Limited
Copyright (c) 2011 VMware, Inc.
Copyright (c) 2012 Spotify AB
Tarsnap readpass helpers
Copyright 2009 Colin Percival
jen_hash() hash algorithm
Bob Jenkins, Public Domain.
UTHASH hashing macros
Copyright (c) 2003-2013, Troy D. Hanson
Random art image from OpenSSH keygen
Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
Comitted by Alexander von Gernler in rev 1.7.
Every incorporated source code is opensource and licensed under the GPL
as well.
AUTHORS
*T.v.Dein <tom AT vondein DOT org*>
LICENSE
Licensed under the GNU GENERAL PUBLIC LICENSE version 3.
HOME
The homepage of Pretty Curved Privacy can be found on
http://www.daemon.de/PrettyCurvedPrivacy. The source is on Github:
https://github.com/TLINDEN/pcp

190
README.md Normal file
View File

@@ -0,0 +1,190 @@
[![status-badge](https://ci.codeberg.org/api/badges/15605/status.svg)](https://ci.codeberg.org/repos/15605)
[![License](https://img.shields.io/badge/license-GPL-blue.svg)](https://codeberg.org/scip/pcp/blob/master/LICENSE)
# Pretty Curved Privacy
Pretty Curved Privacy (pcp1) is a commandline utility which can be used
to encrypt files. pcp1 uses eliptc curve cryptography for encryption
(CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide
accepted standard it hasn't been compromised by the NSA - which might be
better, depending on your point of view.
Caution: since CURVE25519 is no accepted standard, pcp1 has to be
considered as experimental software. In fact, I wrote it just to learn
about the curve and see how it works.
Beside some differences it works like GNUPG. So, if you already know how
to use gpg, you'll feel almost home.
# QUICKSTART
Lets say, Alicia and Bobby want to exchange encrypted messages. Here's
what the've got to do.
First, both have create a secret key:
Alicia Bobby
pcp1 -k pcp1 -k
After entering their name, email address and a passphrase to protect the
key, it will be stored in their vault file (by default ~/.pcpvault).
Now, both of them have to export the public key, which has to be
imported by the other one. With pcp you can export the public part of
your primary key, but the better solution is to export a derived public
key especially for the recipient:
Alicia Bobby
pcp1 -p -r Bobby -O alicia.pub pcp1 -p -r Alicia -O bobby.pub
They've to exchange the public key somehow (which is not my problem at
the moment, use ssh, encrypted mail, whatever). Once exchanged, they
have to import it:
Alicia Bobby
pcp1 -K -I bobby.pub pcp1 -K -I alicia.pub
They will see a response as this when done:
key 0x29A323A2C295D391 added to .pcpvault.
Now, Alicia finally writes the secret message, encrypts it and sends it
to Bobby, who in turn decrypts it:
Alicia Bobby
echo "Love you, honey" > letter
pcp1 -e -r Bobby -I letter -O letter.asc
cat letter.asc | mail bobby@foo.bar
pcp1 -d -I letter.asc | less
And that's it.
Please note the big difference to GPG though: both Alicia AND Bobby have
to enter the passphrase for their secret key! That's the way CURVE25519
works: you encrypt a message using your secret key and the recipients
public key and the recipient does the opposite, he uses his secret key
and your public key to actually decrypt the message.
Oh - and if you're wondering why I named them Alicia and Bobby: I was
just sick of Alice and Bob. We're running NSA-free, so we're using other
sample names as well.
# FILES AND PIPES
Pcp behaves like any other unix tool. If not otherwise specified it will
read input from standard input (STDIN) and print output to standard
output (STDOUT). For instance:
pcp1 -e -O output
will read the text to be encrypted from standard input, because -I has
not been specified. It works the same with -O:
pcp1 -e -I myfile
In this case the encrypted result will be written to standard output.
Therefore it is possible to use pcp within pipes. Another more realistic
example:
ssh remote cat file | pcp1 -ez | mailx -s 'as requested' bob@somewhere
here we encrypt a file symmetrically without downloading it from a
remote ssh server and sending the encrypted result via email to someone.
The behavior is the same with any other functionality where files are
involved like importing or exporting keys. However, there's one
exception: If the option -X (--password-file) has been used and is set
to -, then this will take precedence over any other possible use of
standard input. So if you want to encrypt something and don't specify an
input file you cannot use -X -, and vice versa. IF you use -X - the
passphrase will be read from standard input, which then can't be used
further for input files elsewhere. Pcp will exit with an error in such a
case.
# INSTALLATION
here are currently no packages available, so pcp has to be compiled
from source. Follow these steps:
First, you will need libsodium:
git clone git://github.com/jedisct1/libsodium.git
cd libsodium
./autogen.sh
./configure && make check
sudo make install
sudo ldconfig
cd ..
If you want to have JSON support, you'll need to install the Jansson
library (optional):
git clone git://github.com/akheron/jansson.git
cd jansson
autoreconf -i
./configure && make
sudo make install
cd ..
In order to use the python binding, you need to install the cffi python
package.
Next, build pcp:
git clone git://codeberg.org/scip/pcp.git
cd pcp
meson setup build
ninja -C build
sudo ninja -C install
Optionally, you might run the unit tests:
make test
DOCUMENTATION
To learn how to use pcp, read the manpage:
man pcp1
# COPYRIGHT
Copyright (c) 2013-2015 by T.v.Dein <tom AT vondein DOT org>
## ZeroMQ Z85 encoding routine:
- Copyright (c) 2007-2013 iMatix Corporation
- Copyright (c) 2009-2011 250bpm s.r.o.
- Copyright (c) 2010-2011 Miru Limited
- Copyright (c) 2011 VMware, Inc.
- Copyright (c) 2012 Spotify AB
## Tarsnap readpass helpers
Copyright 2009 Colin Percival
## jen_hash() hash algorithm
Bob Jenkins, Public Domain.
## UTHASH hashing macros
Copyright (c) 2003-2013, Troy D. Hanson
# Random art image from OpenSSH keygen
Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
Comitted by Alexander von Gernler in rev 1.7.
# AUTHORS
*T.v.Dein <tom AT vondein DOT org*>
# LICENSE
Licensed under the GNU GENERAL PUBLIC LICENSE version 3.

217
README.pod
View File

@@ -1,217 +0,0 @@
=begin html
<a href="https://travis-ci.org/TLINDEN/pcp"><img
src="https://travis-ci.org/TLINDEN/pcp.svg?branch=master"
alt="build status"/></a>
<a href="https://ci.appveyor.com/project/TLINDEN/pcp"><img
src="https://ci.appveyor.com/api/projects/status/7e833vup5pqhse83?svg=true"
alt="build status"/></a>
=end html
=head1 DESCRIPTION
B<Pretty Curved Privacy> (pcp1) is a commandline utility which can
be used to encrypt files. B<pcp1> uses eliptc curve cryptography
for encryption (CURVE25519 by Dan J. Bernstein). While CURVE25519
is no worldwide accepted standard it hasn't been compromised by
the NSA - which might be better, depending on your point of view.
B<Caution>: since CURVE25519 is no accepted standard, B<pcp1> has
to be considered as experimental software. In fact, I wrote it just
to learn about the curve and see how it works.
Beside some differences it works like B<GNUPG>. So, if you already
know how to use gpg, you'll feel almost home.
=head1 QUICKSTART
Lets say, Alicia and Bobby want to exchange encrypted messages.
Here's what the've got to do.
First, both have create a secret key:
Alicia Bobby
pcp1 -k pcp1 -k
After entering their name, email address and a passphrase to protect
the key, it will be stored in their B<vault file> (by default ~/.pcpvault).
Now, both of them have to export the public key, which has to be
imported by the other one. With B<pcp> you can export the public
part of your primary key, but the better solution is to export
a derived public key especially for the recipient:
Alicia Bobby
pcp1 -p -r Bobby -O alicia.pub pcp1 -p -r Alicia -O bobby.pub
They've to exchange the public key somehow (which is not my
problem at the moment, use ssh, encrypted mail, whatever). Once exchanged,
they have to import it:
Alicia Bobby
pcp1 -K -I bobby.pub pcp1 -K -I alicia.pub
They will see a response as this when done:
key 0x29A323A2C295D391 added to .pcpvault.
Now, Alicia finally writes the secret message, encrypts it and
sends it to Bobby, who in turn decrypts it:
Alicia Bobby
echo "Love you, honey" > letter
pcp1 -e -r Bobby -I letter -O letter.asc
cat letter.asc | mail bobby@foo.bar
pcp1 -d -I letter.asc | less
And that's it.
Please note the big difference to B<GPG> though: both Alicia
AND Bobby have to enter the passphrase for their secret key!
That's the way CURVE25519 works: you encrypt a message using
your secret key and the recipients public key and the recipient
does the opposite, he uses his secret key and your public key
to actually decrypt the message.
Oh - and if you're wondering why I named them Alicia and Bobby:
I was just sick of Alice and Bob. We're running NSA-free, so we're
using other sample names as well.
=head1 FILES AND PIPES
Pcp behaves like any other unix tool. If not otherwise specified
it will read input from standard input (STDIN) and print output
to standard output (STDOUT). For instance:
pcp1 -e -O output
will read the text to be encrypted from standard input, because B<-I>
has not been specified. It works the same with B<-O>:
pcp1 -e -I myfile
In this case the encrypted result will be written to standard output.
Therefore it is possible to use pcp within pipes. Another more
realistic example:
ssh remote cat file | pcp1 -ez | mailx -s 'as requested' bob@somewhere
here we encrypt a file symmetrically without downloading it from a
remote ssh server and sending the encrypted result via email to
someone.
The behavior is the same with any other functionality where files are involved
like importing or exporting keys. However, there's one exception:
If the option B<-X> (B<--password-file>) has been used and is set
to B<->, then this will take precedence over any other possible use
of standard input. So if you want to encrypt something and don't
specify an input file you cannot use B<-X ->, and vice versa. IF
you use B<-X -> the passphrase will be read from standard input, which
then can't be used further for input files elsewhere. Pcp will exit
with an error in such a case.
=head1 INSTALLATION
There are currently no packages available, so B<pcp> has to be
compiled from source. Follow these steps:
First, you will need libsodium:
git clone git://github.com/jedisct1/libsodium.git
cd libsodium
./autogen.sh
./configure && make check
sudo make install
sudo ldconfig
cd ..
If you want to have JSON support, you'll need to install the
Jansson library (optional):
git clone git://github.com/akheron/jansson.git
cd jansson
autoreconf -i
./configure && make
sudo make install
cd ..
In order to use the python binding, you need to install the
B<cffi> python package.
Next, build pcp:
git clone git://github.com/tlinden/pcp.git
cd pcp
./configure
sudo make install
cd ..
Optionally, you might run the unit tests:
make test
=head1 DOCUMENTATION
To learn how to use B<pcp>, read the manpage:
man pcp1
=head1 COPYRIGHT
Copyright (c) 2013-2015 by T.v.Dein <tom AT vondein DOT org>
=head1 ADDITIONAL COPYRIGHTS
=over
=item B<ZeroMQ Z85 encoding routine>
Copyright (c) 2007-2013 iMatix Corporation
Copyright (c) 2009-2011 250bpm s.r.o.
Copyright (c) 2010-2011 Miru Limited
Copyright (c) 2011 VMware, Inc.
Copyright (c) 2012 Spotify AB
=item B<Tarsnap readpass helpers>
Copyright 2009 Colin Percival
=item B<jen_hash() hash algorithm>
Bob Jenkins, Public Domain.
=item B<UTHASH hashing macros>
Copyright (c) 2003-2013, Troy D. Hanson
=item B<Random art image from OpenSSH keygen>
Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
Comitted by Alexander von Gernler in rev 1.7.
=back
Every incorporated source code is opensource and licensed
under the B<GPL> as well.
=head1 AUTHORS
I<T.v.Dein <tom AT vondein DOT org>>
=head1 LICENSE
Licensed under the GNU GENERAL PUBLIC LICENSE version 3.
=head1 HOME
The homepage of Pretty Curved Privacy can be found on
http://www.daemon.de/PrettyCurvedPrivacy. The source is
on Github: https://github.com/TLINDEN/pcp
=cut

1
VERSION
View File

@@ -1 +0,0 @@
0.4.0

30
appveyor.yml
View File

@@ -1,30 +0,0 @@
environment:
global:
CYG_ROOT: C:\cygwin
CYG_BASH: C:\cygwin\bin\bash
os: unstable
platform:
- Win32
test: off
init:
- git config --global core.autocrlf input
install:
- '%CYG_ROOT%/bin/bash -lc "git clone https://github.com/jedisct1/libsodium /tmp/libsodium"'
- '%CYG_ROOT%/bin/bash -lc "cd /tmp/libsodium; exec 0</dev/null; ./autogen.sh"'
- '%CYG_ROOT%/bin/bash -lc "cd /tmp/libsodium; exec 0</dev/null; ./configure --prefix=/usr"'
- '%CYG_ROOT%/bin/bash -lc "cd /tmp/libsodium; exec 0</dev/null; make"'
- '%CYG_ROOT%/bin/bash -lc "cd /tmp/libsodium; exec 0</dev/null; make install"'
build_script:
- '%CYG_BASH% -lc "cd $APPVEYOR_BUILD_FOLDER; exec 0</dev/null; ./autogen.sh"'
- '%CYG_BASH% -lc "cd $APPVEYOR_BUILD_FOLDER; exec 0</dev/null; ./configure"'
- '%CYG_BASH% -lc "cd $APPVEYOR_BUILD_FOLDER; exec 0</dev/null; cat config.log"'
- '%CYG_BASH% -lc "cd $APPVEYOR_BUILD_FOLDER; exec 0</dev/null; make"'
- '%CYG_BASH% -lc "cd $APPVEYOR_BUILD_FOLDER; exec 0</dev/null; make check"'
- '%CYG_BASH% -lc "cd $APPVEYOR_BUILD_FOLDER; exec 0</dev/null; make test"'

119
autogen.sh
View File

@@ -1,119 +0,0 @@
#!/bin/sh
mode=config
case $1 in
clean)
mode=clean
;;
gen)
mode=gen
;;
-h|--help|help|\?)
echo "Usage: $0 [clean|gen]"
exit 1
;;
esac
if test "$mode" = "gen"; then
# generate the install include file
(echo "#ifndef _HAVE_PCP"; echo "#define _HAVE_PCP"; echo) > include/pcp.h
(echo "#ifdef __cplusplus"; echo "extern \"C\" {"; echo "#endif"; echo) >> include/pcp.h
echo "#include \"pcp/config.h\"" >> include/pcp.h
ls include/pcp/*.h | sed 's#include/##' | while read include; do
echo "#include \"$include\"" >> include/pcp.h
done
(echo "#ifdef __cplusplus"; echo "}"; echo "#endif"; echo) >> include/pcp.h
(echo; echo "#endif") >> include/pcp.h
# generate the version file
maj=`egrep "#define PCP_VERSION_MAJOR" include/pcp/version.h | awk '{print $3}'`
min=`egrep "#define PCP_VERSION_MINOR" include/pcp/version.h | awk '{print $3}'`
pat=`egrep "#define PCP_VERSION_PATCH" include/pcp/version.h | awk '{print $3}'`
echo -n "$maj.$min.$pat" > VERSION
# generate the manpage
echo "=head1 NAME
Pretty Curved Privacy - File encryption using eliptic curve cryptography.
=head1 SYNOPSIS
" > man/pcp1.pod
cat src/usage.txt | sed "s/^/ /g" >> man/pcp1.pod
cat man/options.pod >> man/pcp1.pod
cat man/pcp.pod >> man/pcp1.pod
cat man/details.pod >> man/pcp1.pod
cat man/footer.pod >> man/pcp1.pod
pod2man -r "PCP `cat VERSION`" -c "USER CONTRIBUTED DOCUMENTATION" man/pcp1.pod > man/pcp1.1
pod2html man/pcp1.pod > man/pcp1.html
# generate the top level readme
cat man/badges man/pcp.pod man/install.pod man/footer.pod > README.pod
pod2text README.pod > README
# generate usage.h
(cd src && ./usage.sh)
# generate pypcp types
cd bindings/py
./gencffi.pl ../../include/pcp/*.h > pypcp/raw.py
cd -
exit
fi
if test "$mode" = "config"; then
mkdir -p ./config
lt=libtoolize
case `uname` in Darwin*) lt=glibtoolize;; esac
if ! command -v $lt >/dev/null 2>&1 ; then
echo "could not find $lt." 1>&2
exit 1
fi
if ! command -v autoreconf >/dev/null 2>&1; then
echo "could not find autoreconf." 1>&2
exit 1
fi
autoreconf --install --force --verbose -I config
fi
#
# normal autogen stuff
cat <<EOF > clean.sh
#!/bin/sh
find . -name Makefile -exec rm {} \; > /dev/null 2>&1
find . -name Makefile.in -exec rm {} \; > /dev/null 2>&1
find . -name "*~" -exec rm {} \; > /dev/null 2>&1
find . -name config.h -exec rm {} \; > /dev/null 2>&1
find . -name "stamp*" -exec rm {} \; > /dev/null 2>&1
find . -name .deps -exec rm -rf {} \; > /dev/null 2>&1
find . -name .libs -exec rm -rf {} \; > /dev/null 2>&1
find . -name .o -exec rm -rf {} \; > /dev/null 2>&1
find . -name .lo -exec rm -rf {} \; > /dev/null 2>&1
find . -name .pyc -exec rm -rf {} \; > /dev/null 2>&1
find . -name .dirstamp -exec rm -rf {} \; > /dev/null 2>&1
rm -rf aclocal.m4 libtool configure config.* config autom4te.cache tests/test* tests/v* tests/stresstest/* libpcp/libpcp1.pc
rm clean.sh
EOF
chmod 700 clean.sh
rm -rf include/pcp/config.h.in~ libpcp/stamp-h1 autom4te.cache
sleep 1
touch Makefile.in configure */Makefile.in

383
configure.ac
View File

@@ -1,383 +0,0 @@
# -*-sh-*-
#
# This file is part of Pretty Curved Privacy (pcp1).
#
# Copyright (C) 2013-2015 T.Linden.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# You can contact me by mail: <tlinden AT cpan DOT org>.
#
AC_PREREQ(2.61)
define([pcpversion], esyscmd([sh -c "cat VERSION"]))dnl
AC_INIT([pcp], [pcpversion], [pcp@daemon.de])
#AC_INIT(pcp, `cat VERSION`)
AC_CONFIG_AUX_DIR(config)
AC_CONFIG_MACRO_DIR(config)
AC_CONFIG_HEADER(include/pcp/config.h)
AM_INIT_AUTOMAKE([subdir-objects])
LT_INIT
ORIG_CFLAGS="${CFLAGS:-none}"
# Checks for programs
AC_PROG_CXX
AC_PROG_CXXCPP
AC_PROG_CC
AM_PROG_CC_C_O
AC_PROG_LIBTOOL
AC_PROG_SED
AC_PROG_AWK
AC_PROG_INSTALL
# remove flags set by AC_PROG_CC (duplicates and/or invalid for clang)
# FIXME: why did I do this?!
#CFLAGS=""
#CXXFLAGS=""
# Host speciffic checks
AC_CANONICAL_HOST
# Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS(errno.h err.h stdlib.h string.h unistd.h stdio.h getopt.h\
limits.h stddef.h stdint.h sys/types.h sys/stat.h \
termios.h arpa/inet.h netinet/in.h wctype.h)
AC_TYPE_SIZE_T
# Checks for library functions.
AC_CHECK_FUNCS( \
arc4random_buf \
arc4random \
fread \
fopen \
free \
fwrite \
fseek \
ftruncate \
fprintf \
isatty \
malloc \
memset \
memcpy \
mmap \
perror \
posix_memalign \
setrlimit \
strnlen \
strnstr \
strlen \
strtol \
sizeof \
tcgetattr \
umask \
towlower \
getopt_long \
vasprintf
)
cross_compile="no"
AC_MSG_CHECKING([compiler and flags for sanity])
AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
[ AC_MSG_RESULT([yes]) ],
[
AC_MSG_RESULT([no])
AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
],
[
AC_MSG_WARN([cross compiling: not checking compiler sanity])
[cross_compile="yes"]
]
)
_havenacl=no
_ldlib=""
_have_json=no
AC_ARG_WITH([libsodium],
[AS_HELP_STRING([--with-libsodium],
[Specify libsodium prefix])],
[search_libsodium="yes"],
[])
if test "x$search_libsodium" = "xyes"; then
if test -r "${with_libsodium}/include/sodium.h"; then
CFLAGS="-I${with_libsodium}/include ${CFLAGS}"
LDFLAGS="-L${with_libsodium}/lib ${LDFLAGS}"
_havenacl=yes
_ldlib="${with_libsodium}/lib"
fi
fi
AC_ARG_WITH([libsodium-include-dir],
[AS_HELP_STRING([--with-libsodium-include-dir],
[Specify libsodium include prefix])],
[search_libsodium_include="yes"],
[])
if test "x$search_libsodium_include" = "xyes"; then
if test -r "${with_libsodium_include_dir}/sodium.h"; then
CFLAGS="-I${with_libsodium_include_dir} ${CFLAGS}"
_havenacl=yes
fi
fi
AC_ARG_WITH([libsodium_lib_dir],
[AS_HELP_STRING([--with-libsodium-lib-dir],
[Specify libsodium library prefix])],
[search_libsodium_lib="yes"],
[])
if test "x$search_libsodium_lib" = "xyes"; then
if test -r "${with_libsodium_lib_dir}/libsodium.dylib" -o -r "${with_libsodium_lib_dir}/libsodium.so" -o -r "${with_libsodium_lib_dir}/libsodium.a"; then
LDFLAGS="-L${with_libsodium_lib_dir} ${LDFLAGS}"
_havenacl=yes
_ldlib="${with_libsodium_lib_dir}"
fi
fi
if test "x${_havenacl}" = "xno"; then
AC_MSG_CHECKING([pkg-config for libsodium])
if pkg-config --exists libsodium; then
# found it
LDFLAGS="`pkg-config --libs libsodium` ${LDFLAGS}"
CFLAGS="`pkg-config --cflags libsodium` ${CFLAGS}"
_ldlib=`pkg-config --libs libsodium | cut -d ' ' -f 1 | cut -d L -f 2`
_havenacl=yes
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
fi
fi
if test "x${_havenacl}" != "xno" -a "x$cross_compile" = "xno"; then
LIBS="-lsodium" # gcc
export LDFLAGS="$LDFLAGS"
export CFLAGS="$CFLAGS"
export LIBS="$LIBS"
AC_MSG_CHECKING([libsodium version compatible])
AC_RUN_IFELSE([
AC_LANG_PROGRAM([[
#include <sodium.h>
]],[[
if (sodium_library_version_major() >= 7) { exit(0); }
else { exit(1); }
]])],
[
AC_MSG_RESULT([yes])
],
[
AC_MSG_ERROR([no, libsodium too old. please update your libsodium installation. or maybe the path in "$LDFLAGS" is not in LD_LIBRARY_PATH?])
]
)
fi
AC_ARG_WITH([json],
[AS_HELP_STRING([--with-json],
[enable JSON support])],
[search_json="yes"],
[])
if test "x$search_json" = "xyes"; then
# use pkg only
# FIXME: search
_have_json="yes"
LDFLAGS="$LDFLAGS -ljansson"
CFLAGS="$CFLAGS -DHAVE_JSON=1"
fi
AM_CONDITIONAL([BUILDJSON], [test "x$_have_json" = "xyes"])
# Check for some target-specific stuff
case "$host" in
*aix*)
# libm is required as well
CFLAGS="$CFLAGS -D_AIX_SOURCE=1"
LDFLAGS="$LDFLAGS -lm"
;;
*-*-android*) ;;
*-*-cygwin*) ;;
*-*-dgux*) ;;
*-*-darwin*) ;;
*-*-dragonfly*) ;;
*-*-haiku*) ;;
*-*-hpux*) ;;
*-*-irix5*) ;;
*-*-irix6*) ;;
*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) ;;
*-*-linux*) ;;
*-*-netbsd*) ;;
*-*-freebsd*)
# ports install to /usr/local by default, check
if test -d "/usr/local/lib" -a -d "/usr/local/include"; then
CFLAGS="$CFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
fi
;;
*-*-bsdi*) ;;
*-next-*) ;;
*-*-openbsd*) ;;
*-*-solaris*) ;;
*-*-sunos4*) ;;
*-ncr-sysv*) ;;
*-sni-sysv*) ;;
*-*-sysv4.2*) ;;
*-*-sysv5*) ;;
*-*-sysv*) ;;
*-*-sco*) ;;
*-*-unicos*) ;;
*-dec-osf*) ;;
*-*-nto-qnx*) ;;
*-*-ultrix*) ;;
*-*-lynxos) ;;
esac
AC_CHECK_LIB(sodium, sodium_init, , [AC_MSG_ERROR([cannot link with -lsodium, install libsodium.])])
if test -n "$_ldlib"; then
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${_ldlib}"
fi
if test "$cross_compile" = "no"; then
AC_MSG_CHECKING([is libsodium compiled correctly])
AC_RUN_IFELSE([
AC_LANG_PROGRAM([[
#include <sodium.h>
#include <stdlib.h>
#if crypto_box_PUBLICKEYBYTES != 32 || crypto_box_SECRETKEYBYTES != 32 || crypto_sign_PUBLICKEYBYTES != 32 || crypto_sign_PUBLICKEYBYTES != 32
# error "libsodium not built correctly"
#endif
]],[[exit(0);]])],
[
AC_MSG_RESULT([yes])
],
[
AC_MSG_ERROR([no. please check your libsodium installation, consider re-installing])
]
)
fi
# prepare FLAGS
CFLAGS="$CFLAGS -Werror -Wextra -Wall"
AC_ARG_ENABLE([debug],
AS_HELP_STRING([--disable-debug], [Disable debugging]))
AS_IF([test "x$enable_debug" != "xno"], [
CFLAGS="$CFLAGS -g -DDEBUG"
enable_debug="yes"
])
AC_ARG_ENABLE([optimize],
AS_HELP_STRING([--disable-optimize], [Disable optimization]))
AS_IF([test "x$enable_optimize" != "xno"], [
case $enable_optimize in
-O*)
CFLAGS="$CFLAGS $enable_optimize"
enable_optimize="$enable_optimize"
;;
*)
CFLAGS="$CFLAGS -O2"
enable_optimize="-O2"
;;
esac
])
CXXFLAGS="$CFLAGS"
# FIXME: check for libm
LIBS="$LIBS -lm"
# conditionals for bindings and stuff
# c++
AC_ARG_ENABLE([cpp-binding],
[AS_HELP_STRING([--disable-cpp-binding],
[Disable C++ binding])],
)
AS_IF([test "x$enable_cpp_binding" != "xno"], [
enable_cpp_binding=yes
])
AM_CONDITIONAL([BUILDCPP], [test "x$enable_cpp_binding" != "xno"])
# py
AC_ARG_ENABLE([python-binding],
[AS_HELP_STRING([--enable-python-binding],
[Enable python binding])
],
[python="yes"],
[])
if test "x$python" = "xyes"; then
if ! python -c "import cffi" > /dev/null 2>&1; then
python="no"
AC_MSG_ERROR([python or cffi is not installed])
fi
else
python="no"
fi
AM_CONDITIONAL([BUILDPY], [test "x$python" = "xyes"])
AC_SUBST(PACKAGE_VERSION)
# Specify output files
AC_CONFIG_FILES([Makefile include/Makefile libpcp/Makefile src/Makefile man/Makefile \
tests/Makefile libpcp/libpcp1.pc bindings/cpp/Makefile bindings/py/Makefile])
AC_OUTPUT
AC_MSG_RESULT([
Build configured for $PACKAGE $VERSION:
CC: ${CC}
CFLAGS: ${CFLAGS}
CXX: ${CXX}
CXXFLAGS: ${CXXFLAGS}
LDFLAGS: ${LDFLAGS}
LIBS: ${LIBS}
DEBUG: ${enable_debug}
optimize: ${enable_optimize}
prefix: ${prefix}
libdir: ${libdir}
includedir: ${includedir}
target platform: ${host}
cross compile: ${cross_compile}
build python binding: ${python}
build c++ binding: ${enable_cpp_binding}
json support: ${_have_json}
Type 'make' to build, 'make install' to install.
To execute unit tests, type 'make test'.
])

38
libpcp/Makefile.am
View File

@@ -1,38 +0,0 @@
#
# This file is part of Pretty Curved Privacy (pcp1).
#
# Copyright (C) 2013 T.Linden.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# You can contact me by mail: <tlinden AT cpan DOT org>.
#
AM_CFLAGS = -I../include/pcp
lib_LTLIBRARIES = libpcp1.la
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libpcp1.pc
libpcp1_la_SOURCES = platform.c mem.c version.c \
context.c z85.c zmq_z85.c key.c randomart.c \
vault.c jenhash.c readpass.c \
crypto.c ed.c keyhash.c scrypt.c \
util.c buffer.c mgmt.c keysig.c pcpstream.c
include_HEADERS = ../include/pcp.h
libpcp1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
--mode=link $(CCLD) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@

17
libpcp/config.h.in Normal file
View File

@@ -0,0 +1,17 @@
/* platform.h.in. Generated from configure.ac by autoheader. */
#mesondefine HAVE_SODIUM
#mesondefine HAVE_JSON
#mesondefine HAVE_GETOPT
#mesondefine HAVE_GETOPT_LONG
#mesondefine HAVE_SETRLIMIT
#mesondefine HAVE_VASPRINTF
#mesondefine HAVE_STRNLEN
#define PACKAGE "pcp"
#define VERSION "@VERSION@"
/* Define to empty if `const' does not conform to ANSI C. */
#undef const

0
include/Makefile.am → libpcp/include/Makefile.am
View File

0
include/pcp.h → libpcp/include/pcp.h
View File

0
include/pcp/buffer.h → libpcp/include/pcp/buffer.h
View File

0
include/pcp/config.h.in → libpcp/include/pcp/config.h.in
View File

0
include/pcp/context.h → libpcp/include/pcp/context.h
View File

0
include/pcp/crypto.h → libpcp/include/pcp/crypto.h
View File

0
include/pcp/defines.h → libpcp/include/pcp/defines.h
View File

0
include/pcp/ed.h → libpcp/include/pcp/ed.h
View File

0
include/pcp/getpass.h → libpcp/include/pcp/getpass.h
View File

0
include/pcp/jenhash.h → libpcp/include/pcp/jenhash.h
View File

0
include/pcp/key.h → libpcp/include/pcp/key.h
View File

0
include/pcp/keyhash.h → libpcp/include/pcp/keyhash.h
View File

0
include/pcp/keysig.h → libpcp/include/pcp/keysig.h
View File

0
include/pcp/mem.h → libpcp/include/pcp/mem.h
View File

78
include/pcp/mgmt.h → libpcp/include/pcp/mgmt.h
View File

@@ -27,49 +27,49 @@
#define _HAVE_PCP_MGMT_H #define _HAVE_PCP_MGMT_H
#if defined __linux__ || defined __GNU__ || defined __GLIBC__ #if defined __linux__ || defined __GNU__ || defined __GLIBC__
# ifndef _DEFAULT_SOURCE #ifndef _DEFAULT_SOURCE
# define _DEFAULT_SOURCE 1 #define _DEFAULT_SOURCE 1
# endif #endif
# #
# ifndef _XOPEN_SOURCE #ifndef _XOPEN_SOURCE
# define _XOPEN_SOURCE 1 #define _XOPEN_SOURCE 1
# endif #endif
# #
# ifndef _GNU_SOURCE #ifndef _GNU_SOURCE
# define _GNU_SOURCE 1 #define _GNU_SOURCE 1
# endif #endif
# #
# ifndef __USE_XOPEN #ifndef __USE_XOPEN
# define __USE_XOPEN 1 #define __USE_XOPEN 1
# endif #endif
# #
#else #else
# define _BSD_SOURCE 1 #define _BSD_SOURCE 1
#endif #endif
#include <sodium.h> #include <sodium.h>
#include <string.h>
#include <stdio.h> #include <stdio.h>
#include <string.h>
#include <time.h> #include <time.h>
#ifdef HAVE_JSON // #ifdef HAVE_JSON
#ifndef JANSSON_H
#include <jansson.h> #include <jansson.h>
#endif #endif
#include "buffer.h"
#include "context.h"
#include "defines.h" #include "defines.h"
#include "platform.h"
#include "structs.h"
#include "mem.h"
#include "ed.h" #include "ed.h"
#include "key.h" #include "key.h"
#include "keysig.h" #include "keysig.h"
#include "buffer.h" #include "mem.h"
#include "platform.h"
#include "scrypt.h" #include "scrypt.h"
#include "context.h" #include "structs.h"
/* key management api, export, import, and stuff */ /* key management api, export, import, and stuff */
/** /**
* \defgroup PubKeyExport KEYEXPORT * \defgroup PubKeyExport KEYEXPORT
* @{ * @{
@@ -77,10 +77,6 @@
Functions to export and import keys in various formats. Functions to export and import keys in various formats.
*/ */
/** RFC4880 alike public key export with some modifications. /** RFC4880 alike public key export with some modifications.
(Refer to the INTERNALS section of the pcp(1) manual page for details. (Refer to the INTERNALS section of the pcp(1) manual page for details.
@@ -90,11 +86,9 @@
\return the function returns a Buffer object containing the binary \return the function returns a Buffer object containing the binary
blob in the format described above. blob in the format described above.
*/ */
Buffer *pcp_export_rfc_pub (PCPCTX *ptx, pcp_key_t *sk); Buffer *pcp_export_rfc_pub(PCPCTX *ptx, pcp_key_t *sk);
/** Export a public key in PBP format. /** Export a public key in PBP format.
Export a public key in the format described at Export a public key in the format described at
@@ -110,7 +104,8 @@ Buffer *pcp_export_pbp_pub(pcp_key_t *sk);
/** Export secret key. /** Export secret key.
Export a secret key. (refer to the INTERNALS section of the pcp(1) manual page for details). Export a secret key. (refer to the INTERNALS section of the pcp(1) manual
page for details).
\param[in] ptx context. \param[in] ptx context.
@@ -135,7 +130,8 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase);
\return the function returns a Buffer object containing the binary \return the function returns a Buffer object containing the binary
blob containing a JSON string. blob containing a JSON string.
*/ */
Buffer *pcp_export_json_pub(PCPCTX *ptx, pcp_key_t *sk, byte *sig, size_t siglen); Buffer *pcp_export_json_pub(PCPCTX *ptx, pcp_key_t *sk, byte *sig,
size_t siglen);
/** Export secret key in JSON format /** Export secret key in JSON format
@@ -148,7 +144,8 @@ Buffer *pcp_export_json_pub(PCPCTX *ptx, pcp_key_t *sk, byte *sig, size_t siglen
\return the function returns a Buffer object containing the binary \return the function returns a Buffer object containing the binary
blob containing a JSON string. blob containing a JSON string.
*/ */
Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce, byte *cipher, size_t clen); Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce,
byte *cipher, size_t clen);
/** Convert secret key struct into JSON struct /** Convert secret key struct into JSON struct
@@ -157,7 +154,7 @@ Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce, byte *ci
\return returns a json_t structure (see libjansson docs for details) \return returns a json_t structure (see libjansson docs for details)
*/ */
json_t *pcp_sk2json(pcp_key_t *sk, byte *sig,size_t siglen); json_t *pcp_sk2json(pcp_key_t *sk, byte *sig, size_t siglen);
/** Convert public key struct into JSON struct /** Convert public key struct into JSON struct
@@ -179,14 +176,19 @@ pcp_ks_bundle_t *pcp_import_pub_rfc(PCPCTX *ptx, Buffer *blob);
pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob); pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob);
/* import secret key */ /* import secret key */
pcp_key_t *pcp_import_binsecret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passphrase); pcp_key_t *pcp_import_binsecret(PCPCTX *ptx, byte *raw, size_t rawsize,
pcp_key_t *pcp_import_secret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passphrase); char *passphrase);
pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphrase); pcp_key_t *pcp_import_secret(PCPCTX *ptx, byte *raw, size_t rawsize,
char *passphrase);
pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher,
char *passphrase);
/* helpers */ /* helpers */
int _check_keysig_h(PCPCTX *ptx, Buffer *blob, rfc_pub_sig_h *h); int _check_keysig_h(PCPCTX *ptx, Buffer *blob, rfc_pub_sig_h *h);
int _check_hash_keysig(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t *sk); int _check_hash_keysig(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p,
int _check_sigsubs(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, rfc_pub_sig_s *subheader); pcp_keysig_t *sk);
int _check_sigsubs(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p,
rfc_pub_sig_s *subheader);
#endif // _HAVE_PCP_MGMT_H #endif // _HAVE_PCP_MGMT_H

0
include/pcp/pcpstream.h → libpcp/include/pcp/pcpstream.h
View File

0
include/pcp/platform.h → libpcp/include/pcp/platform.h
View File

0
include/pcp/plist.h → libpcp/include/pcp/plist.h
View File

0
include/pcp/randomart.h → libpcp/include/pcp/randomart.h
View File

0
include/pcp/readpass.h → libpcp/include/pcp/readpass.h
View File

0
include/pcp/scrypt.h → libpcp/include/pcp/scrypt.h
View File

0
include/pcp/structs.h → libpcp/include/pcp/structs.h
View File

0
include/pcp/uthash.h → libpcp/include/pcp/uthash.h
View File

0
include/pcp/util.h → libpcp/include/pcp/util.h
View File

0
include/pcp/vault.h → libpcp/include/pcp/vault.h
View File

0
include/pcp/version.h → libpcp/include/pcp/version.h
View File

0
include/pcp/z85.h → libpcp/include/pcp/z85.h
View File

0
include/pcp/zmq_z85.h → libpcp/include/pcp/zmq_z85.h
View File

246
libpcp/key.c
View File

@@ -19,7 +19,6 @@
You can contact me by mail: <tom AT vondein DOT org>. You can contact me by mail: <tom AT vondein DOT org>.
*/ */
#include "key.h" #include "key.h"
#include "context.h" #include "context.h"
@@ -36,10 +35,10 @@ byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
byte *scrypted = pcp_scrypt(ptx, passphrase, plen, nonce, LNONCE); byte *scrypted = pcp_scrypt(ptx, passphrase, plen, nonce, LNONCE);
/* make a hash from the scrypt() result */ /* make a hash from the scrypt() result */
crypto_hash_sha256(key, (byte*)scrypted, 64); crypto_hash_sha256(key, (byte *)scrypted, 64);
/* turn the 32byte hash into a secret key */ /* turn the 32byte hash into a secret key */
key[0] &= 248; key[0] &= 248;
key[31] &= 127; key[31] &= 127;
key[31] |= 64; key[31] |= 64;
@@ -48,7 +47,6 @@ byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce) {
return key; return key;
} }
char *pcp_getkeyid(pcp_key_t *k) { char *pcp_getkeyid(pcp_key_t *k) {
uint32_t s, p; uint32_t s, p;
p = jen_hash(k->pub, LBOXPUB, JEN_PSALT); p = jen_hash(k->pub, LBOXPUB, JEN_PSALT);
@@ -68,7 +66,8 @@ char *pcp_getpubkeyid(pcp_pubkey_t *k) {
return id; return id;
} }
void pcp_keypairs(byte *msk, byte *mpk, byte *csk, byte *cpk, byte *esk, byte *epk) { void pcp_keypairs(byte *msk, byte *mpk, byte *csk, byte *cpk, byte *esk,
byte *epk) {
/* generate keypairs from random seed */ /* generate keypairs from random seed */
byte *ms = urmalloc(32); byte *ms = urmalloc(32);
byte *ss = urmalloc(32); byte *ss = urmalloc(32);
@@ -82,7 +81,7 @@ void pcp_keypairs(byte *msk, byte *mpk, byte *csk, byte *cpk, byte *esk, byte *e
/* curve25519 secret key */ /* curve25519 secret key */
memcpy(csk, cs, 32); memcpy(csk, cs, 32);
csk[0] &= 248; csk[0] &= 248;
csk[31] &= 63; csk[31] &= 63;
csk[31] |= 64; csk[31] |= 64;
@@ -94,7 +93,7 @@ void pcp_keypairs(byte *msk, byte *mpk, byte *csk, byte *cpk, byte *esk, byte *e
ucfree(cs, 32); ucfree(cs, 32);
} }
pcp_key_t * pcpkey_new () { pcp_key_t *pcpkey_new() {
byte *mp = ucmalloc(LEDPUB); byte *mp = ucmalloc(LEDPUB);
byte *ms = ucmalloc(LEDSEC); byte *ms = ucmalloc(LEDSEC);
byte *sp = ucmalloc(LEDPUB); byte *sp = ucmalloc(LEDPUB);
@@ -107,22 +106,22 @@ pcp_key_t * pcpkey_new () {
/* fill in our struct */ /* fill in our struct */
pcp_key_t *key = urmalloc(sizeof(pcp_key_t)); pcp_key_t *key = urmalloc(sizeof(pcp_key_t));
memcpy (key->masterpub, mp, LEDPUB); memcpy(key->masterpub, mp, LEDPUB);
memcpy (key->mastersecret, ms, LEDSEC); memcpy(key->mastersecret, ms, LEDSEC);
memcpy (key->pub, cp, LBOXPUB); memcpy(key->pub, cp, LBOXPUB);
memcpy (key->secret, cs, LBOXSEC); memcpy(key->secret, cs, LBOXSEC);
memcpy (key->edpub, sp, LEDPUB); memcpy(key->edpub, sp, LEDPUB);
memcpy (key->edsecret, ss, LEDSEC); memcpy(key->edsecret, ss, LEDSEC);
char *id = pcp_getkeyid(key); char *id = pcp_getkeyid(key);
memcpy (key->id, id, 17); memcpy(key->id, id, 17);
free(id); free(id);
key->ctime = (long)time(0); key->ctime = (long)time(0);
key->version = PCP_KEY_VERSION; key->version = PCP_KEY_VERSION;
key->serial = arc4random(); key->serial = arc4random();
key->type = PCP_KEY_TYPE_SECRET; key->type = PCP_KEY_TYPE_SECRET;
key->owner[0] = '\0'; key->owner[0] = '\0';
key->mail[0] = '\0'; key->mail[0] = '\0';
@@ -138,7 +137,7 @@ pcp_key_t * pcpkey_new () {
return key; return key;
} }
byte * pcp_gennonce() { byte *pcp_gennonce() {
byte *nonce = ucmalloc(LNONCE); byte *nonce = ucmalloc(LNONCE);
arc4random_buf(nonce, LNONCE); arc4random_buf(nonce, LNONCE);
return nonce; return nonce;
@@ -150,13 +149,13 @@ void pcpkey_setowner(pcp_key_t *key, char *owner, char *mail) {
} }
pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) { pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
if(key->nonce[0] == 0) { if (key->nonce[0] == 0) {
byte *nonce = pcp_gennonce(); byte *nonce = pcp_gennonce();
memcpy (key->nonce, nonce, LNONCE); memcpy(key->nonce, nonce, LNONCE);
ucfree(nonce, LNONCE); ucfree(nonce, LNONCE);
} }
byte *encryptkey = pcp_derivekey(ptx, passphrase, key->nonce); byte *encryptkey = pcp_derivekey(ptx, passphrase, key->nonce);
byte *encrypted; byte *encrypted;
size_t es; size_t es;
@@ -166,20 +165,20 @@ pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
buffer_add(both, key->edsecret, LEDSEC); buffer_add(both, key->edsecret, LEDSEC);
buffer_add(both, key->secret, LBOXSEC); buffer_add(both, key->secret, LBOXSEC);
es = pcp_sodium_mac(&encrypted, buffer_get(both), buffer_size(both), key->nonce, encryptkey); es = pcp_sodium_mac(&encrypted, buffer_get(both), buffer_size(both),
key->nonce, encryptkey);
buffer_free(both); buffer_free(both);
sfree(encryptkey); sfree(encryptkey);
if(es == LSEC) { if (es == LSEC) {
/* success */ /* success */
memcpy(key->encrypted, encrypted, LSEC); memcpy(key->encrypted, encrypted, LSEC);
ucfree(encrypted, es); ucfree(encrypted, es);
memset(key->secret, 0, LBOXSEC); memset(key->secret, 0, LBOXSEC);
memset(key->edsecret, 0, LEDSEC); memset(key->edsecret, 0, LEDSEC);
memset(key->mastersecret, 0, LEDSEC); memset(key->mastersecret, 0, LEDSEC);
} } else {
else {
fatal(ptx, "failed to encrypt the secret key!\n"); fatal(ptx, "failed to encrypt the secret key!\n");
ucfree(encrypted, es); ucfree(encrypted, es);
ucfree(key, sizeof(pcp_key_t)); ucfree(key, sizeof(pcp_key_t));
@@ -190,23 +189,23 @@ pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
} }
pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) { pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
byte *encryptkey = pcp_derivekey(ptx, passphrase, key->nonce); byte *encryptkey = pcp_derivekey(ptx, passphrase, key->nonce);
byte *decrypted = ucmalloc(LSEC - crypto_secretbox_MACBYTES); byte *decrypted = ucmalloc(LSEC - crypto_secretbox_MACBYTES);
size_t es; size_t es;
es = pcp_sodium_verify_mac(&decrypted, key->encrypted, LSEC, key->nonce, encryptkey); es = pcp_sodium_verify_mac(&decrypted, key->encrypted, LSEC, key->nonce,
encryptkey);
sfree(encryptkey); sfree(encryptkey);
if(es == 0) { if (es == 0) {
/* success */ /* success */
memcpy(key->mastersecret, decrypted, LEDSEC); memcpy(key->mastersecret, decrypted, LEDSEC);
memcpy(key->edsecret, decrypted + LEDSEC, LEDSEC); memcpy(key->edsecret, decrypted + LEDSEC, LEDSEC);
memcpy(key->secret, decrypted + LEDSEC + LEDSEC, LBOXSEC); memcpy(key->secret, decrypted + LEDSEC + LEDSEC, LBOXSEC);
ucfree(decrypted, LEDSEC + LEDSEC + LBOXSEC); ucfree(decrypted, LEDSEC + LEDSEC + LBOXSEC);
} } else {
else {
fatal(ptx, "failed to decrypt the secret key (got %d, expected 32)!\n", es); fatal(ptx, "failed to decrypt the secret key (got %d, expected 32)!\n", es);
ucfree(decrypted, LEDSEC + LEDSEC + LBOXSEC); ucfree(decrypted, LEDSEC + LEDSEC + LBOXSEC);
return NULL; return NULL;
@@ -216,7 +215,7 @@ pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) {
} }
pcp_pubkey_t *pcpkey_pub_from_secret(pcp_key_t *key) { pcp_pubkey_t *pcpkey_pub_from_secret(pcp_key_t *key) {
pcp_pubkey_t *pub = urmalloc(sizeof (pcp_pubkey_t)); pcp_pubkey_t *pub = urmalloc(sizeof(pcp_pubkey_t));
memcpy(pub->masterpub, key->masterpub, LEDPUB); memcpy(pub->masterpub, key->masterpub, LEDPUB);
memcpy(pub->pub, key->pub, LBOXPUB); memcpy(pub->pub, key->pub, LBOXPUB);
memcpy(pub->edpub, key->edpub, LEDSEC); memcpy(pub->edpub, key->edpub, LEDSEC);
@@ -224,9 +223,9 @@ pcp_pubkey_t *pcpkey_pub_from_secret(pcp_key_t *key) {
memcpy(pub->mail, key->mail, 255); memcpy(pub->mail, key->mail, 255);
memcpy(pub->id, key->id, 17); memcpy(pub->id, key->id, 17);
pub->version = key->version; pub->version = key->version;
pub->type = PCP_KEY_TYPE_PUBLIC; pub->type = PCP_KEY_TYPE_PUBLIC;
pub->ctime = key->ctime; pub->ctime = key->ctime;
pub->serial = key->serial; pub->serial = key->serial;
return pub; return pub;
} }
@@ -252,7 +251,6 @@ byte *pcpkey_getchecksum(pcp_key_t *k) {
return hash; return hash;
} }
void pcp_pubkeyblob(Buffer *b, pcp_pubkey_t *k) { void pcp_pubkeyblob(Buffer *b, pcp_pubkey_t *k) {
buffer_add(b, k->masterpub, LEDPUB); buffer_add(b, k->masterpub, LEDPUB);
buffer_add(b, k->pub, LBOXPUB); buffer_add(b, k->pub, LBOXPUB);
@@ -286,8 +284,8 @@ void pcp_seckeyblob(Buffer *b, pcp_key_t *k) {
} }
pcp_key_t *pcp_blob2key(Buffer *b) { pcp_key_t *pcp_blob2key(Buffer *b) {
pcp_key_t *k = ucmalloc(sizeof(pcp_key_t)); pcp_key_t *k = ucmalloc(sizeof(pcp_key_t));
buffer_get_chunk(b, k->masterpub, LEDPUB); buffer_get_chunk(b, k->masterpub, LEDPUB);
buffer_get_chunk(b, k->mastersecret, LEDSEC); buffer_get_chunk(b, k->mastersecret, LEDSEC);
buffer_get_chunk(b, k->pub, LBOXPUB); buffer_get_chunk(b, k->pub, LBOXPUB);
@@ -300,17 +298,17 @@ pcp_key_t *pcp_blob2key(Buffer *b) {
buffer_get_chunk(b, k->mail, 255); buffer_get_chunk(b, k->mail, 255);
buffer_get_chunk(b, k->id, 17); buffer_get_chunk(b, k->id, 17);
k->type = buffer_get8(b); k->type = buffer_get8(b);
k->ctime = buffer_get64na(b); k->ctime = buffer_get64na(b);
k->version = buffer_get32na(b); k->version = buffer_get32na(b);
k->serial = buffer_get32na(b); k->serial = buffer_get32na(b);
return k; return k;
} }
pcp_pubkey_t *pcp_blob2pubkey(Buffer *b) { pcp_pubkey_t *pcp_blob2pubkey(Buffer *b) {
pcp_pubkey_t *k = ucmalloc(sizeof(pcp_key_t)); pcp_pubkey_t *k = ucmalloc(sizeof(pcp_key_t));
buffer_get_chunk(b, k->masterpub, LEDPUB); buffer_get_chunk(b, k->masterpub, LEDPUB);
buffer_get_chunk(b, k->pub, LBOXPUB); buffer_get_chunk(b, k->pub, LBOXPUB);
buffer_get_chunk(b, k->edpub, LEDPUB); buffer_get_chunk(b, k->edpub, LEDPUB);
@@ -318,56 +316,62 @@ pcp_pubkey_t *pcp_blob2pubkey(Buffer *b) {
buffer_get_chunk(b, k->mail, 255); buffer_get_chunk(b, k->mail, 255);
buffer_get_chunk(b, k->id, 17); buffer_get_chunk(b, k->id, 17);
k->type = buffer_get8(b); k->type = buffer_get8(b);
k->ctime = buffer_get64na(b); k->ctime = buffer_get64na(b);
k->version = buffer_get32na(b); k->version = buffer_get32na(b);
k->serial = buffer_get32na(b); k->serial = buffer_get32na(b);
k->valid = buffer_get8(b); k->valid = buffer_get8(b);
return k; return k;
} }
Buffer *pcp_keyblob(void *k, int type) { Buffer *pcp_keyblob(void *k, int type) {
if(type == PCP_KEY_TYPE_PUBLIC) { if (type == PCP_KEY_TYPE_PUBLIC) {
Buffer *b = buffer_new(PCP_RAW_PUBKEYSIZE, "bp"); Buffer *b = buffer_new(PCP_RAW_PUBKEYSIZE, "bp");
pcp_pubkeyblob(b, (pcp_pubkey_t *)k); pcp_pubkeyblob(b, (pcp_pubkey_t *)k);
return b; return b;
} } else {
else {
Buffer *b = buffer_new(PCP_RAW_KEYSIZE, "bs"); Buffer *b = buffer_new(PCP_RAW_KEYSIZE, "bs");
pcp_seckeyblob(b, (pcp_key_t *)k); pcp_seckeyblob(b, (pcp_key_t *)k);
return b; return b;
} }
} }
int pcp_sanitycheck_pub(PCPCTX *ptx, pcp_pubkey_t *key) { int pcp_sanitycheck_pub(PCPCTX *ptx, pcp_pubkey_t *key) {
if(key->pub[0] == 0) { if (key->pub[0] == 0) {
fatal(ptx, "Pubkey sanity check: public key contained in key seems to be empty!\n"); fatal(ptx, "Pubkey sanity check: public key contained in key seems to be "
"empty!\n");
return 1; return 1;
} }
if(key->type != PCP_KEY_TYPE_PUBLIC) { if (key->type != PCP_KEY_TYPE_PUBLIC) {
fatal(ptx, "Pubkey sanity check: key type is not PUBLIC (expected: %02x, got: %02x)!\n", fatal(ptx,
"Pubkey sanity check: key type is not PUBLIC (expected: %02x, got: "
"%02x)!\n",
PCP_KEY_TYPE_PUBLIC, key->type); PCP_KEY_TYPE_PUBLIC, key->type);
return 1; return 1;
} }
if(key->version != PCP_KEY_VERSION) { if (key->version != PCP_KEY_VERSION) {
fatal(ptx, "Pubkey sanity check: unknown key version (expected: %08X, got: %08X)!\n", fatal(ptx,
"Pubkey sanity check: unknown key version (expected: %08X, got: "
"%08X)!\n",
PCP_KEY_VERSION, key->version); PCP_KEY_VERSION, key->version);
return 1; return 1;
} }
if(key->serial <= 0) { if (key->serial <= 0) {
fatal(ptx, "Pubkey sanity check: invalid serial number: %08X!\n", key->serial); fatal(ptx, "Pubkey sanity check: invalid serial number: %08X!\n",
key->serial);
return 1; return 1;
} }
if(key->id[16] != '\0') { if (key->id[16] != '\0') {
char *got = ucmalloc(17); char *got = ucmalloc(17);
memcpy(got, key->id, 17); memcpy(got, key->id, 17);
got[16] = '\0'; got[16] = '\0';
fatal(ptx, "Pubkey sanity check: invalid key id (expected 16 bytes, got: %s)!\n", got); fatal(ptx,
"Pubkey sanity check: invalid key id (expected 16 bytes, got: %s)!\n",
got);
free(got); free(got);
return 1; return 1;
} }
@@ -375,50 +379,63 @@ int pcp_sanitycheck_pub(PCPCTX *ptx, pcp_pubkey_t *key) {
struct tm *c; struct tm *c;
time_t t = (time_t)key->ctime; time_t t = (time_t)key->ctime;
c = localtime(&t); c = localtime(&t);
if(c->tm_year <= 0 || c->tm_year > 1100) { if (c->tm_year <= 0 || c->tm_year > 1100) {
/* well, I'm perhaps overacting here :) */ /* well, I'm perhaps overacting here :) */
fatal(ptx, "Pubkey sanity check: invalid creation timestamp (got year %04d)!\n", c->tm_year + 1900); fatal(ptx,
"Pubkey sanity check: invalid creation timestamp (got year %04d)!\n",
c->tm_year + 1900);
return 1; return 1;
} }
pcp_pubkey_t *maybe = pcphash_pubkeyexists(ptx, key->id); pcp_pubkey_t *maybe = pcphash_pubkeyexists(ptx, key->id);
if(maybe != NULL) { if (maybe != NULL) {
fatal(ptx, "Pubkey sanity check: there already exists a key with the id 0x%s\n", key->id); fatal(ptx,
"Pubkey sanity check: there already exists a key with the id 0x%s\n",
key->id);
return 1; return 1;
} }
return 0; return 0;
} }
int pcp_sanitycheck_key(PCPCTX *ptx, pcp_key_t *key) { int pcp_sanitycheck_key(PCPCTX *ptx, pcp_key_t *key) {
if(key->encrypted[0] == 0) { if (key->encrypted[0] == 0) {
fatal(ptx, "Secretkey sanity check: secret key contained in key seems to be empty!\n"); fatal(ptx, "Secretkey sanity check: secret key contained in key seems to "
"be empty!\n");
return 1; return 1;
} }
if(key->type != PCP_KEY_TYPE_SECRET && key->type != PCP_KEY_TYPE_MAINSECRET) { if (key->type != PCP_KEY_TYPE_SECRET &&
fatal(ptx, "Secretkey sanity check: key type is not SECRET (expected: %02x, got: %02x)!\n", key->type != PCP_KEY_TYPE_MAINSECRET) {
fatal(ptx,
"Secretkey sanity check: key type is not SECRET (expected: %02x, "
"got: %02x)!\n",
PCP_KEY_TYPE_SECRET, key->type); PCP_KEY_TYPE_SECRET, key->type);
return 1; return 1;
} }
if(key->version != PCP_KEY_VERSION) { if (key->version != PCP_KEY_VERSION) {
fatal(ptx, "Secretkey sanity check: unknown key version (expected: %08X, got: %08X)!\n", fatal(ptx,
"Secretkey sanity check: unknown key version (expected: %08X, got: "
"%08X)!\n",
PCP_KEY_VERSION, key->version); PCP_KEY_VERSION, key->version);
return 1; return 1;
} }
if(key->serial <= 0) { if (key->serial <= 0) {
fatal(ptx, "Secretkey sanity check: invalid serial number: %08X!\n", key->serial); fatal(ptx, "Secretkey sanity check: invalid serial number: %08X!\n",
key->serial);
return 1; return 1;
} }
if(key->id[16] != '\0') { if (key->id[16] != '\0') {
char *got = ucmalloc(17); char *got = ucmalloc(17);
memcpy(got, key->id, 17); memcpy(got, key->id, 17);
got[16] = '\0'; got[16] = '\0';
fatal(ptx, "Secretkey sanity check: invalid key id (expected 16 bytes, got: %s)!\n", got); fatal(ptx,
"Secretkey sanity check: invalid key id (expected 16 bytes, got: "
"%s)!\n",
got);
free(got); free(got);
return 1; return 1;
} }
@@ -426,15 +443,21 @@ int pcp_sanitycheck_key(PCPCTX *ptx, pcp_key_t *key) {
struct tm *c; struct tm *c;
time_t t = (time_t)key->ctime; time_t t = (time_t)key->ctime;
c = localtime(&t); c = localtime(&t);
if(c->tm_year <= 70 || c->tm_year > 1100) { if (c->tm_year <= 70 || c->tm_year > 1100) {
/* well, I'm perhaps overacting here :) */ /* well, I'm perhaps overacting here :) */
fatal(ptx, "Secretkey sanity check: invalid creation timestamp (got year %04d)!\n", c->tm_year + 1900); fatal(
ptx,
"Secretkey sanity check: invalid creation timestamp (got year %04d)!\n",
c->tm_year + 1900);
return 1; return 1;
} }
pcp_key_t *maybe = pcphash_keyexists(ptx, key->id); pcp_key_t *maybe = pcphash_keyexists(ptx, key->id);
if(maybe != NULL) { if (maybe != NULL) {
fatal(ptx, "Secretkey sanity check: there already exists a key with the id 0x%s\n", key->id); fatal(
ptx,
"Secretkey sanity check: there already exists a key with the id 0x%s\n",
key->id);
return 1; return 1;
} }
@@ -447,35 +470,43 @@ void pcp_dumpkey(pcp_key_t *k) {
printf("Dumping pcp_key_t raw values:\n"); printf("Dumping pcp_key_t raw values:\n");
printf("masterpub: "); printf("masterpub: ");
for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->masterpub[i]); for (i = 0; i < LEDPUB; ++i)
printf("%02x", (unsigned int)k->masterpub[i]);
printf("\n"); printf("\n");
printf(" public: "); printf(" public: ");
for ( i = 0;i < LBOXPUB;++i) printf("%02x",(unsigned int) k->pub[i]); for (i = 0; i < LBOXPUB; ++i)
printf("%02x", (unsigned int)k->pub[i]);
printf("\n"); printf("\n");
printf(" edpub: "); printf(" edpub: ");
for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->edpub[i]); for (i = 0; i < LEDPUB; ++i)
printf("%02x", (unsigned int)k->edpub[i]);
printf("\n"); printf("\n");
printf("mastersec: "); printf("mastersec: ");
for ( i = 0;i < LEDSEC;++i) printf("%02x",(unsigned int) k->mastersecret[i]); for (i = 0; i < LEDSEC; ++i)
printf("%02x", (unsigned int)k->mastersecret[i]);
printf("\n"); printf("\n");
printf(" secret: "); printf(" secret: ");
for ( i = 0;i < LBOXPUB;++i) printf("%02x",(unsigned int) k->secret[i]); for (i = 0; i < LBOXPUB; ++i)
printf("%02x", (unsigned int)k->secret[i]);
printf("\n"); printf("\n");
printf(" edsecret: "); printf(" edsecret: ");
for ( i = 0;i < LEDSEC;++i) printf("%02x",(unsigned int) k->edsecret[i]); for (i = 0; i < LEDSEC; ++i)
printf("%02x", (unsigned int)k->edsecret[i]);
printf("\n"); printf("\n");
printf(" nonce: "); printf(" nonce: ");
for ( i = 0;i < LNONCE;++i) printf("%02x",(unsigned int) k->nonce[i]); for (i = 0; i < LNONCE; ++i)
printf("%02x", (unsigned int)k->nonce[i]);
printf("\n"); printf("\n");
printf("encrypted: "); printf("encrypted: ");
for ( i = 0;i < LSEC;++i) printf("%02x",(unsigned int) k->encrypted[i]); for (i = 0; i < LSEC; ++i)
printf("%02x", (unsigned int)k->encrypted[i]);
printf("\n"); printf("\n");
printf(" owner: %s\n", k->owner); printf(" owner: %s\n", k->owner);
@@ -493,21 +524,23 @@ void pcp_dumpkey(pcp_key_t *k) {
printf(" type: 0x%02X\n", k->type); printf(" type: 0x%02X\n", k->type);
} }
void pcp_dumppubkey(pcp_pubkey_t *k) { void pcp_dumppubkey(pcp_pubkey_t *k) {
unsigned int i; unsigned int i;
printf("Dumping pcp_pubkey_t raw values:\n"); printf("Dumping pcp_pubkey_t raw values:\n");
printf("masterpub: "); printf("masterpub: ");
for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->masterpub[i]); for (i = 0; i < LEDPUB; ++i)
printf("%02x", (unsigned int)k->masterpub[i]);
printf("\n"); printf("\n");
printf(" public: "); printf(" public: ");
for ( i = 0;i < LBOXPUB;++i) printf("%02x",(unsigned int) k->pub[i]); for (i = 0; i < LBOXPUB; ++i)
printf("%02x", (unsigned int)k->pub[i]);
printf("\n"); printf("\n");
printf(" edpub: "); printf(" edpub: ");
for ( i = 0;i < LEDPUB;++i) printf("%02x",(unsigned int) k->edpub[i]); for (i = 0; i < LEDPUB; ++i)
printf("%02x", (unsigned int)k->edpub[i]);
printf("\n"); printf("\n");
printf(" owner: %s\n", k->owner); printf(" owner: %s\n", k->owner);
@@ -525,9 +558,8 @@ void pcp_dumppubkey(pcp_pubkey_t *k) {
printf(" type: 0x%02X\n", k->type); printf(" type: 0x%02X\n", k->type);
} }
/* /*
via via
http://rosettacode.org/wiki/Entropy#C http://rosettacode.org/wiki/Entropy#C
*/ */
double pcp_getentropy(char *source) { double pcp_getentropy(char *source) {
@@ -535,27 +567,27 @@ double pcp_getentropy(char *source) {
int *hist; int *hist;
double H; double H;
int wherechar[256]; int wherechar[256];
int i,histlen; int i, histlen;
histlen = 0; histlen = 0;
H = 0; H = 0;
len = (int)strlen(source); len = (int)strlen(source);
hist = (int*)calloc(len, sizeof(int)); hist = (int *)calloc(len, sizeof(int));
for(i=0; i<256; i++) for (i = 0; i < 256; i++)
wherechar[i] = -1; wherechar[i] = -1;
for(i=0; i<len; i++){ for (i = 0; i < len; i++) {
if(wherechar[(int)source[i]] == -1) { if (wherechar[(int)source[i]] == -1) {
wherechar[(int)source[i]] = histlen; wherechar[(int)source[i]] = histlen;
histlen++; histlen++;
} }
hist[wherechar[(int)source[i]]]++; hist[wherechar[(int)source[i]]]++;
} }
for(i=0; i<histlen; i++) { for (i = 0; i < histlen; i++) {
H -= (double)hist[i] / len * log2((double)hist[i] / len); H -= (double)hist[i] / len * log2((double)hist[i] / len);
} }
return H; return H;
} }

64
libpcp/meson.build Normal file
View File

@@ -0,0 +1,64 @@
# -*-python-*-
libincludes = include_directories('include', 'include/pcp')
# check for libraries with CMAKE or pkg-config
sodium = dependency('libsodium')
# manually check for libraries
jansson = c.find_library('jansson', required: true,
dirs : ['/usr', '/usr/local'])
conf.set('HAVE_SODIUM', sodium.found())
conf.set('HAVE_JSON', jansson.found())
math = c.find_library('m')
# add dependencies, manual libs are added directly below
pcp_deps = [
sodium, jansson, math
]
libpcp = shared_library(
'pcp',
'buffer.c',
'context.c',
'crypto.c',
'ed.c',
'getpass.c',
'jenhash.c',
'key.c',
'keyhash.c',
'keysig.c',
'mem.c',
'mgmt.c',
'pcpstream.c',
'platform.c',
'randomart.c',
'readpass.c',
'scrypt.c',
'util.c',
'vault.c',
'version.c',
'z85.c',
'zmq_z85.c',
include_directories: libincludes,
install: true,
dependencies: pcp_deps
)
libpcp_dep = declare_dependency(
include_directories: libincludes,
link_with: libpcp,
)
# write out the config header
m = configure_file(
input : 'config.h.in',
output : 'config.h',
configuration : conf,
)

536
libpcp/mgmt.c
View File

File diff suppressed because it is too large Load Diff

120
meson.build Normal file
View File

@@ -0,0 +1,120 @@
# -*-python-*-
project(
'pcp',
'c',
license: 'GPL',
version: '0.4.1',
meson_version: '>=1.3',
default_options: [
'warning_level=2',
'werror=true',
],
)
add_project_arguments(
[
'-Wno-unused-parameter',
'-Wno-unused-result',
'-Wno-missing-braces',
'-Wno-format-zero-length',
'-Wno-implicit-fallthrough',
#'-Wvla',
'-Wno-sign-compare',
'-Wno-narrowing'
],
language: 'c',
)
c = meson.get_compiler('c')
conf = configuration_data()
pcp_inc = include_directories('src', 'libpcp')
if host_machine.system().startswith('freebsd')
pcp_inc = include_directories('.', '/usr/local/include')
add_project_link_arguments('LDFLAGS=/usr/local/lib')
endif
# check for funcs.
foreach func : ['getopt', 'fdopen', 'fgetc', 'getenv', 'getpass', 'arc4random', 'fopen', 'fread', 'fwrite', 'ftruncate', 'fprintf', 'isatty', 'malloc', 'memset', 'memcpy', 'perror', 'posix_memalign', 'setrlimit', 'strnlen', 'strlen', 'strtol', 'tcgetattr', 'umask', 'towlower', 'getopt', 'getopt_long', 'vasprintf',]
conf.set('HAVE_'+func.to_upper(),
c.has_function(
func,
prefix : '#include <unistd.h>\n#include <stdio.h>\n#include <stdlib.h>\n#include <sys/resource.h>\n#include <string.h>\n#include <sys/stat.h>\n#include <termios.h>\n#include <wctype.h>\n#include <getopt.h>',
)
)
endforeach
if host_machine.system().startswith('freebsd')
conf.set('HAVE_STRNSTR',
c.has_function(
'strnstr',
prefix: '#include <string.h>'
))
else
bsd = c.find_library('bsd')
conf.set('HAVE_STRNSTR',
c.has_function(
'strnstr',
prefix: '#include <bsd/string.h>',
dependencies: bsd,
))
add_project_dependencies(bsd, language: 'c')
endif
# check commandline options
prefix = get_option('prefix')
if get_option('buildtype') == 'debug'
conf.set('DEBUG', '1')
endif
# setup conf map
version = '@0@'.format(meson.project_version())
conf.set('prefix', prefix)
conf.set('VERSION', version)
subdir('libpcp')
# code
pcp_sources = files(
'src/compat_getopt.c',
'src/encryption.c',
'src/keymgmt.c',
'src/keyprint.c',
'src/pcp.c',
'src/signature.c',
'src/z85util.c'
)
executable(
'pcp',
[pcp_sources],
include_directories: [pcp_inc],
dependencies: [libpcp_dep, jansson],
install: true
)
# build manual page
pod2man = find_program('pod2man', native: true)
if pod2man.found()
res = run_command(pod2man.full_path(), 'man/pcp.pod', 'pcp.1', check:true)
if res.returncode() == 0
install_man('pcp.1')
endif
endif
subdir('tests')

1
meson_options.txt Normal file
View File

@@ -0,0 +1 @@
# custom build options

20
src/compat_getopt.h
View File

@@ -26,11 +26,9 @@
#ifndef MY_GETOPT_H_INCLUDED #ifndef MY_GETOPT_H_INCLUDED
#define MY_GETOPT_H_INCLUDED #define MY_GETOPT_H_INCLUDED
#ifdef HAVE_CONFIG_H
#include "config.h" #include "config.h"
#endif
#if defined(HAVE_GETOPT_H) && defined(HAVE_GETOPT_LONG) #if defined(HAVE_GETOPT) && defined(HAVE_GETOPT_LONG)
#include <getopt.h> #include <getopt.h>
#else #else
@@ -51,7 +49,7 @@ extern "C" {
#define optarg my_optarg #define optarg my_optarg
/* UNIX-style short-argument parser */ /* UNIX-style short-argument parser */
extern int my_getopt(int argc, char * argv[], const char *opts); extern int my_getopt(int argc, char *argv[], const char *opts);
extern int my_optind, my_opterr, my_optopt; extern int my_optind, my_opterr, my_optopt;
extern char *my_optarg; extern char *my_optarg;
@@ -72,15 +70,15 @@ struct option {
#define optional_argument 2 #define optional_argument 2
/* GNU-style long-argument parsers */ /* GNU-style long-argument parsers */
extern int my_getopt_long(int argc, char * argv[], const char *shortopts, extern int my_getopt_long(int argc, char *argv[], const char *shortopts,
const struct option *longopts, int *longind); const struct option *longopts, int *longind);
extern int my_getopt_long_only(int argc, char * argv[], const char *shortopts, extern int my_getopt_long_only(int argc, char *argv[], const char *shortopts,
const struct option *longopts, int *longind); const struct option *longopts, int *longind);
extern int _my_getopt_internal(int argc, char * argv[], const char *shortopts, extern int _my_getopt_internal(int argc, char *argv[], const char *shortopts,
const struct option *longopts, int *longind, const struct option *longopts, int *longind,
int long_only); int long_only);
#ifdef __cplusplus #ifdef __cplusplus
} }

19
src/encryption.h
View File

@@ -19,27 +19,28 @@
You can contact me by mail: <tlinden AT cpan DOT org>. You can contact me by mail: <tlinden AT cpan DOT org>.
*/ */
#ifndef _HAVE_ENCRYPTION_H #ifndef _HAVE_ENCRYPTION_H
#define _HAVE_ENCRYPTION_H #define _HAVE_ENCRYPTION_H
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include "context.h"
#include "crypto.h"
#include "defines.h" #include "defines.h"
#include "key.h" #include "key.h"
#include "crypto.h" #include "keyhash.h"
#include "keyprint.h"
#include "pcp.h" #include "pcp.h"
#include "pcpstream.h"
#include "plist.h"
#include "uthash.h" #include "uthash.h"
#include "z85.h" #include "z85.h"
#include "keyprint.h"
#include "keyhash.h"
#include "plist.h"
#include "pcpstream.h"
#include "context.h"
int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, int verify); int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd,
int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *recipient, int signcrypt, int armor, int anon); int verify);
int pcpencrypt(char *id, char *infile, char *outfile, char *passwd,
plist_t *recipient, int signcrypt, int armor, int anon);
void pcpchecksum(char **files, int filenum, char *key); void pcpchecksum(char **files, int filenum, char *key);
#endif /* _HAVE_ENCRYPTION_H */ #endif /* _HAVE_ENCRYPTION_H */

432
src/keymgmt.c
View File

@@ -19,10 +19,8 @@
You can contact me by mail: <tlinden AT cpan DOT org>. You can contact me by mail: <tlinden AT cpan DOT org>.
*/ */
#include "keymgmt.h" #include "keymgmt.h"
char *pcp_getstdin(const char *prompt) { char *pcp_getstdin(const char *prompt) {
char line[255]; char line[255];
char *out = NULL; char *out = NULL;
@@ -43,137 +41,127 @@ char *pcp_getstdin(const char *prompt) {
return out; return out;
errgst: errgst:
return NULL; return NULL;
} }
int pcp_storekey (pcp_key_t *key) { int pcp_storekey(pcp_key_t *key) {
if(vault->isnew == 1 || pcphash_count(ptx) == 0) { if (vault->isnew == 1 || pcphash_count(ptx) == 0) {
key->type = PCP_KEY_TYPE_MAINSECRET; key->type = PCP_KEY_TYPE_MAINSECRET;
} }
if(pcpvault_addkey(ptx, vault, key, key->type) == 0) { if (pcpvault_addkey(ptx, vault, key, key->type) == 0) {
if(vault->isnew) if (vault->isnew)
fprintf(stderr, "new vault created, "); fprintf(stderr, "new vault created, ");
fprintf(stderr, "key 0x%s added to %s.\n", key->id, vault->filename); fprintf(stderr, "key 0x%s added to %s.\n", key->id, vault->filename);
return 0; return 0;
} }
return 1; return 1;
} }
void pcp_keygen(char *passwd) { void pcp_keygen(char *passwd) {
pcp_key_t *k = pcpkey_new (); pcp_key_t *k = pcpkey_new();
pcp_key_t *key = NULL; pcp_key_t *key = NULL;
char *owner = pcp_getstdin("Enter the name of the key owner"); char *owner = pcp_getstdin("Enter the name of the key owner");
if(owner != NULL) if (owner != NULL)
memcpy(k->owner, owner, strlen(owner) + 1); memcpy(k->owner, owner, strlen(owner) + 1);
char *mail = pcp_getstdin("Enter the email address of the key owner"); char *mail = pcp_getstdin("Enter the email address of the key owner");
if(mail != NULL) if (mail != NULL)
memcpy(k->mail, _lc(mail), strlen(mail) + 1); memcpy(k->mail, _lc(mail), strlen(mail) + 1);
if(debug) if (debug)
pcp_dumpkey(k); pcp_dumpkey(k);
char *passphrase; char *passphrase;
if(passwd == NULL) { if (passwd == NULL) {
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase, "Enter passphrase for key encryption",
"Enter passphrase for key encryption",
"Enter the passphrase again", 1, NULL); "Enter the passphrase again", 1, NULL);
} } else {
else {
passphrase = passwd; passphrase = passwd;
} }
if(strnlen(passphrase, 1024) > 0) { if (strnlen(passphrase, 1024) > 0) {
double ent = pcp_getentropy(passphrase); double ent = pcp_getentropy(passphrase);
if(ent < 3.32) { if (ent < 3.32) {
fprintf(stderr, "WARNING: you are using a weak passphrase (entropy: %lf)!\n", ent); fprintf(stderr,
"WARNING: you are using a weak passphrase (entropy: %lf)!\n",
ent);
char *yes = pcp_getstdin("Are you sure to use it [yes|NO]?"); char *yes = pcp_getstdin("Are you sure to use it [yes|NO]?");
if(strncmp(yes, "yes", 1024) != 0) { if (strncmp(yes, "yes", 1024) != 0) {
goto errkg1; goto errkg1;
} }
} }
key = pcpkey_encrypt(ptx, k, passphrase); key = pcpkey_encrypt(ptx, k, passphrase);
} } else {
else {
/* No unencrypted secret key allowed anymore [19.08.2015, tom] */ /* No unencrypted secret key allowed anymore [19.08.2015, tom] */
memset(k, 0, sizeof(pcp_key_t)); memset(k, 0, sizeof(pcp_key_t));
free(k); free(k);
goto errkg1; goto errkg1;
} }
if(key != NULL) { if (key != NULL) {
fprintf(stderr, "Generated new secret key:\n"); fprintf(stderr, "Generated new secret key:\n");
if(pcp_storekey(key) == 0) { if (pcp_storekey(key) == 0) {
pcpkey_printshortinfo(key); pcpkey_printshortinfo(key);
memset(key, 0, sizeof(pcp_key_t)); memset(key, 0, sizeof(pcp_key_t));
free(key); free(key);
} }
} }
if(passwd == NULL) { if (passwd == NULL) {
/* if passwd is set, it'll be free'd in main() */ /* if passwd is set, it'll be free'd in main() */
sfree(passphrase); sfree(passphrase);
} }
errkg1: errkg1:
free(mail); free(mail);
free(owner); free(owner);
} }
void pcp_listkeys() { void pcp_listkeys() {
pcp_key_t *k; pcp_key_t *k;
int nkeys = pcphash_count(ptx) + pcphash_countpub(ptx); int nkeys = pcphash_count(ptx) + pcphash_countpub(ptx);
if(nkeys > 0) { if (nkeys > 0) {
printf("Key ID Type Creation Time Owner\n"); printf(
"Key ID Type Creation Time Owner\n");
pcphash_iterate(ptx, k) { pcphash_iterate(ptx, k) { pcpkey_printlineinfo(k); }
pcpkey_printlineinfo(k);
}
pcp_pubkey_t *p; pcp_pubkey_t *p;
pcphash_iteratepub(ptx, p) { pcphash_iteratepub(ptx, p) { pcppubkey_printlineinfo(p); }
pcppubkey_printlineinfo(p); } else {
} fatal(ptx, "The key vault file %s doesn't contain any keys so far.\n",
} vault->filename);
else {
fatal(ptx, "The key vault file %s doesn't contain any keys so far.\n", vault->filename);
} }
} }
char *pcp_normalize_id(char *keyid) { char *pcp_normalize_id(char *keyid) {
char *id = ucmalloc(17); char *id = ucmalloc(17);
int len = strnlen(keyid, 24); int len = strnlen(keyid, 24);
if(len == 16) { if (len == 16) {
memcpy(id, keyid, 17); memcpy(id, keyid, 17);
} } else if (len < 16) {
else if(len < 16) {
fatal(ptx, "Specified key id %s is too short!\n", keyid); fatal(ptx, "Specified key id %s is too short!\n", keyid);
free(id); free(id);
return NULL; return NULL;
} } else if (len > 18) {
else if(len > 18) {
fatal(ptx, "Specified key id %s is too long!\n", keyid); fatal(ptx, "Specified key id %s is too long!\n", keyid);
free(id); free(id);
return NULL; return NULL;
} } else {
else { if (keyid[0] == '0' && keyid[1] == 'x' && len == 18) {
if(keyid[0] == '0' && keyid[1] == 'x' && len == 18) {
int i; int i;
for(i=0; i<16; ++i) { for (i = 0; i < 16; ++i) {
id[i] = keyid[i+2]; id[i] = keyid[i + 2];
} }
id[16] = 0; id[16] = 0;
} } else {
else {
fatal(ptx, "Specified key id %s is too long!\n", keyid); fatal(ptx, "Specified key id %s is too long!\n", keyid);
free(id); free(id);
return NULL; return NULL;
@@ -186,253 +174,239 @@ char *pcp_normalize_id(char *keyid) {
pcp_key_t *pcp_find_primary_secret() { pcp_key_t *pcp_find_primary_secret() {
pcp_key_t *k; pcp_key_t *k;
pcphash_iterate(ptx, k) { pcphash_iterate(ptx, k) {
if(k->type == PCP_KEY_TYPE_MAINSECRET) { if (k->type == PCP_KEY_TYPE_MAINSECRET) {
return k; return k;
} }
} }
/* no primary? whoops */ /* no primary? whoops */
int nkeys = pcphash_count(ptx); int nkeys = pcphash_count(ptx);
if(nkeys == 1) { if (nkeys == 1) {
pcphash_iterate(ptx, k) { pcphash_iterate(ptx, k) { return k; }
return k;
}
} }
return NULL; return NULL;
} }
void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *passwd) { void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor,
char *passwd) {
pcp_key_t *key = NULL; pcp_key_t *key = NULL;
if(useid == 1) { if (useid == 1) {
/* look if we've got that one */ /* look if we've got that one */
key = pcphash_keyexists(ptx, keyid); key = pcphash_keyexists(ptx, keyid);
if(key == NULL) { if (key == NULL) {
fatal(ptx, "Could not find a secret key with id 0x%s in vault %s!\n", keyid, vault->filename); fatal(ptx, "Could not find a secret key with id 0x%s in vault %s!\n",
keyid, vault->filename);
goto errexpse1; goto errexpse1;
} }
} } else {
else {
/* look for our primary key */ /* look for our primary key */
key = pcp_find_primary_secret(); key = pcp_find_primary_secret();
if(key == NULL) { if (key == NULL) {
fatal(ptx, "There's no primary secret key in the vault %s!\n", vault->filename); fatal(ptx, "There's no primary secret key in the vault %s!\n",
vault->filename);
goto errexpse1; goto errexpse1;
} }
} }
FILE *out; FILE *out;
if(outfile == NULL) { if (outfile == NULL) {
out = stdout; out = stdout;
} } else {
else { if ((out = fopen(outfile, "wb+")) == NULL) {
if((out = fopen(outfile, "wb+")) == NULL) {
fatal(ptx, "Could not create output file %s\n", outfile); fatal(ptx, "Could not create output file %s\n", outfile);
goto errexpse1; goto errexpse1;
} }
} }
if(out != NULL) { if (out != NULL) {
if(debug) if (debug)
pcp_dumpkey(key); pcp_dumpkey(key);
if(passwd == NULL) { if (passwd == NULL) {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase,
"Enter passphrase to decrypt your secret key", NULL, 1, NULL); "Enter passphrase to decrypt your secret key", NULL, 1,
NULL);
key = pcpkey_decrypt(ptx, key, passphrase); key = pcpkey_decrypt(ptx, key, passphrase);
if(key == NULL) { if (key == NULL) {
sfree(passphrase); sfree(passphrase);
goto errexpse1; goto errexpse1;
} }
sfree(passphrase); sfree(passphrase);
} } else {
else {
key = pcpkey_decrypt(ptx, key, passwd); key = pcpkey_decrypt(ptx, key, passwd);
if(key == NULL) { if (key == NULL) {
goto errexpse1; goto errexpse1;
} }
} }
Buffer *exported_sk; Buffer *exported_sk;
if(passwd != NULL) { if (passwd != NULL) {
exported_sk = pcp_export_secret(ptx, key, passwd); exported_sk = pcp_export_secret(ptx, key, passwd);
} } else {
else {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase,
"Enter passphrase to encrypt the exported secret key", "Enter passphrase to encrypt the exported secret key",
"Repeat passphrase", 1, NULL); "Repeat passphrase", 1, NULL);
exported_sk = pcp_export_secret(ptx, key, passphrase); exported_sk = pcp_export_secret(ptx, key, passphrase);
sfree(passphrase); sfree(passphrase);
} }
if(exported_sk != NULL) { if (exported_sk != NULL) {
if(armor == 1) { if (armor == 1) {
size_t zlen; size_t zlen;
char *z85 = pcp_z85_encode(buffer_get(exported_sk), buffer_size(exported_sk), &zlen, 1); char *z85 = pcp_z85_encode(buffer_get(exported_sk),
buffer_size(exported_sk), &zlen, 1);
fprintf(out, "%s\r\n%s\r\n%s\r\n", EXP_SK_HEADER, z85, EXP_SK_FOOTER); fprintf(out, "%s\r\n%s\r\n%s\r\n", EXP_SK_HEADER, z85, EXP_SK_FOOTER);
free(z85); free(z85);
} } else {
else {
fwrite(buffer_get(exported_sk), 1, buffer_size(exported_sk), out); fwrite(buffer_get(exported_sk), 1, buffer_size(exported_sk), out);
} }
buffer_free(exported_sk); buffer_free(exported_sk);
fprintf(stderr, "secret key exported.\n"); fprintf(stderr, "secret key exported.\n");
} }
} }
errexpse1: errexpse1:;
;
} }
/* /*
if id given, look if it is already a public and export this, if id given, look if it is already a public and export this,
else we look for a secret key with that id. without a given else we look for a secret key with that id. without a given
keyid we use the primary key. if no keyid has been given but keyid we use the primary key. if no keyid has been given but
a recipient instead, we try to look up the vault for a match. a recipient instead, we try to look up the vault for a match.
*/ */
void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int armor) { void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format,
int armor) {
FILE *out; FILE *out;
int is_foreign = 0; int is_foreign = 0;
pcp_pubkey_t *pk = NULL; pcp_pubkey_t *pk = NULL;
pcp_key_t *sk = NULL; pcp_key_t *sk = NULL;
Buffer *exported_pk = NULL; Buffer *exported_pk = NULL;
if(outfile == NULL) { if (outfile == NULL) {
out = stdout; out = stdout;
} } else {
else { if ((out = fopen(outfile, "wb+")) == NULL) {
if((out = fopen(outfile, "wb+")) == NULL) {
fatal(ptx, "Could not create output file %s\n", outfile); fatal(ptx, "Could not create output file %s\n", outfile);
goto errpcpexpu1; goto errpcpexpu1;
} }
} }
if(keyid != NULL) { if (keyid != NULL) {
/* keyid specified, check if it exists and if yes, what type it is */ /* keyid specified, check if it exists and if yes, what type it is */
pk = pcphash_pubkeyexists(ptx, keyid); pk = pcphash_pubkeyexists(ptx, keyid);
if(pk == NULL) { if (pk == NULL) {
/* ok, so, then look for a secret key with that id */ /* ok, so, then look for a secret key with that id */
sk = pcphash_keyexists(ptx, keyid); sk = pcphash_keyexists(ptx, keyid);
if(sk == NULL) { if (sk == NULL) {
fatal(ptx, "Could not find a key with id 0x%s in vault %s!\n", fatal(ptx, "Could not find a key with id 0x%s in vault %s!\n", keyid,
keyid, vault->filename); vault->filename);
goto errpcpexpu1; goto errpcpexpu1;
} } else {
else {
/* ok, so it's our own key */ /* ok, so it's our own key */
is_foreign = 0; is_foreign = 0;
} }
} } else {
else {
/* it's a foreign public key, we cannot sign it ourselfes */ /* it's a foreign public key, we cannot sign it ourselfes */
is_foreign = 1; is_foreign = 1;
} }
} } else {
else {
/* we use our primary key anyway */ /* we use our primary key anyway */
sk = pcp_find_primary_secret(); sk = pcp_find_primary_secret();
if(sk == NULL) { if (sk == NULL) {
fatal(ptx, "There's no primary secret key in the vault %s!\n", vault->filename); fatal(ptx, "There's no primary secret key in the vault %s!\n",
vault->filename);
goto errpcpexpu1; goto errpcpexpu1;
} }
is_foreign = 0; is_foreign = 0;
} }
if (is_foreign == 0 && sk->secret[0] == 0 && format <= EXP_FORMAT_PBP) {
if(is_foreign == 0 && sk->secret[0] == 0 && format <= EXP_FORMAT_PBP) {
/* decrypt the secret key */ /* decrypt the secret key */
if(passwd != NULL) { if (passwd != NULL) {
sk = pcpkey_decrypt(ptx, sk, passwd); sk = pcpkey_decrypt(ptx, sk, passwd);
} } else {
else {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase,
"Enter passphrase to decrypt your secret key", NULL, 1, NULL); "Enter passphrase to decrypt your secret key", NULL, 1,
NULL);
sk = pcpkey_decrypt(ptx, sk, passphrase); sk = pcpkey_decrypt(ptx, sk, passphrase);
sfree(passphrase); sfree(passphrase);
} }
if(sk == NULL) { if (sk == NULL) {
goto errpcpexpu1; goto errpcpexpu1;
} }
} }
/* now, we're ready for the actual export */ /* now, we're ready for the actual export */
if(format == EXP_FORMAT_NATIVE) { if (format == EXP_FORMAT_NATIVE) {
if(is_foreign == 0) { if (is_foreign == 0) {
exported_pk = pcp_export_rfc_pub(ptx, sk); exported_pk = pcp_export_rfc_pub(ptx, sk);
if(exported_pk != NULL) { if (exported_pk != NULL) {
if(armor == 1) { if (armor == 1) {
size_t zlen; size_t zlen;
char *z85 = pcp_z85_encode(buffer_get(exported_pk), buffer_size(exported_pk), &zlen, 1); char *z85 = pcp_z85_encode(buffer_get(exported_pk),
buffer_size(exported_pk), &zlen, 1);
fprintf(out, "%s\r\n%s\r\n%s\r\n", EXP_PK_HEADER, z85, EXP_PK_FOOTER); fprintf(out, "%s\r\n%s\r\n%s\r\n", EXP_PK_HEADER, z85, EXP_PK_FOOTER);
free(z85); free(z85);
} } else
else
fwrite(buffer_get(exported_pk), 1, buffer_size(exported_pk), out); fwrite(buffer_get(exported_pk), 1, buffer_size(exported_pk), out);
buffer_free(exported_pk); buffer_free(exported_pk);
fprintf(stderr, "public key exported.\n"); fprintf(stderr, "public key exported.\n");
} }
} } else {
else {
/* FIXME: export foreign keys unsupported yet */ /* FIXME: export foreign keys unsupported yet */
fatal(ptx, "Exporting foreign public keys in native format unsupported yet\n"); fatal(ptx,
"Exporting foreign public keys in native format unsupported yet\n");
goto errpcpexpu1; goto errpcpexpu1;
} }
} } else if (format == EXP_FORMAT_PBP) {
else if(format == EXP_FORMAT_PBP) { if (is_foreign == 0) {
if(is_foreign == 0) {
exported_pk = pcp_export_pbp_pub(sk); exported_pk = pcp_export_pbp_pub(sk);
if(exported_pk != NULL) { if (exported_pk != NULL) {
/* PBP format requires armoring always */ /* PBP format requires armoring always */
size_t zlen; size_t zlen;
char *z85pbp = pcp_z85_encode(buffer_get(exported_pk), buffer_size(exported_pk), &zlen, 1); char *z85pbp = pcp_z85_encode(buffer_get(exported_pk),
buffer_size(exported_pk), &zlen, 1);
fprintf(out, "%s", z85pbp); fprintf(out, "%s", z85pbp);
free(z85pbp); free(z85pbp);
buffer_free(exported_pk); buffer_free(exported_pk);
fprintf(stderr, "public key exported in PBP format.\n"); fprintf(stderr, "public key exported in PBP format.\n");
} }
} } else {
else {
fatal(ptx, "Exporting foreign public keys in PBP format not possible\n"); fatal(ptx, "Exporting foreign public keys in PBP format not possible\n");
goto errpcpexpu1; goto errpcpexpu1;
} }
} }
errpcpexpu1: errpcpexpu1:;
;
} }
void pcpdelete_key(char *keyid) { void pcpdelete_key(char *keyid) {
pcp_pubkey_t *p = pcphash_pubkeyexists(ptx, keyid); pcp_pubkey_t *p = pcphash_pubkeyexists(ptx, keyid);
if(p != NULL) { if (p != NULL) {
/* delete public */ /* delete public */
pcp_keysig_t *sig = pcphash_keysigexists(ptx, keyid); pcp_keysig_t *sig = pcphash_keysigexists(ptx, keyid);
if(sig != NULL) { if (sig != NULL) {
/* also delete associted sig, if any */ /* also delete associted sig, if any */
pcphash_del(ptx, sig, sig->type); pcphash_del(ptx, sig, sig->type);
} }
pcphash_del(ptx, p, p->type); pcphash_del(ptx, p, p->type);
vault->unsafed = 1; vault->unsafed = 1;
fprintf(stderr, "Public key deleted.\n"); fprintf(stderr, "Public key deleted.\n");
} } else {
else {
pcp_key_t *s = pcphash_keyexists(ptx, keyid); pcp_key_t *s = pcphash_keyexists(ptx, keyid);
if(s != NULL) { if (s != NULL) {
/* delete secret */ /* delete secret */
pcphash_del(ptx, s, s->type); pcphash_del(ptx, s, s->type);
vault->unsafed = 1; vault->unsafed = 1;
fprintf(stderr, "Secret key deleted.\n"); fprintf(stderr, "Secret key deleted.\n");
} } else {
else {
fatal(ptx, "No key with id 0x%s found!\n", keyid); fatal(ptx, "No key with id 0x%s found!\n", keyid);
} }
} }
@@ -441,51 +415,56 @@ void pcpdelete_key(char *keyid) {
void pcpedit_key(char *keyid) { void pcpedit_key(char *keyid) {
pcp_key_t *key = pcphash_keyexists(ptx, keyid); pcp_key_t *key = pcphash_keyexists(ptx, keyid);
if(key != NULL) { if (key != NULL) {
if(key->secret[0] == 0) { if (key->secret[0] == 0) {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, "Enter passphrase to decrypt the key", NULL, 1, NULL); pcp_readpass(ptx, &passphrase, "Enter passphrase to decrypt the key",
NULL, 1, NULL);
key = pcpkey_decrypt(ptx, key, passphrase); key = pcpkey_decrypt(ptx, key, passphrase);
sfree(passphrase); sfree(passphrase);
} }
if(key != NULL) { if (key != NULL) {
fprintf(stderr, "Current owner: %s\n", key->owner); fprintf(stderr, "Current owner: %s\n", key->owner);
char *owner = pcp_getstdin(" enter new name or press enter to keep current"); char *owner =
if(strlen(owner) > 0) pcp_getstdin(" enter new name or press enter to keep current");
if (strlen(owner) > 0)
memcpy(key->owner, owner, strlen(owner) + 1); memcpy(key->owner, owner, strlen(owner) + 1);
fprintf(stderr, "Current mail: %s\n", key->mail); fprintf(stderr, "Current mail: %s\n", key->mail);
char *mail = pcp_getstdin(" enter new email or press enter to keep current"); char *mail =
if(strlen(mail) > 0) pcp_getstdin(" enter new email or press enter to keep current");
if (strlen(mail) > 0)
memcpy(key->mail, mail, strlen(mail) + 1); memcpy(key->mail, mail, strlen(mail) + 1);
free(owner); free(owner);
free(mail); free(mail);
if(key->type != PCP_KEY_TYPE_MAINSECRET) { if (key->type != PCP_KEY_TYPE_MAINSECRET) {
pcp_key_t *other = NULL; pcp_key_t *other = NULL;
uint8_t haveprimary = 0; uint8_t haveprimary = 0;
pcphash_iterate(ptx, other) { pcphash_iterate(ptx, other) {
if(other->type == PCP_KEY_TYPE_MAINSECRET) { if (other->type == PCP_KEY_TYPE_MAINSECRET) {
haveprimary = 1; haveprimary = 1;
break; break;
} }
} }
char *yes = NULL; char *yes = NULL;
if(! haveprimary) { if (!haveprimary) {
fprintf(stderr, "There is currently no primary secret in your vault,\n"); fprintf(stderr,
"There is currently no primary secret in your vault,\n");
yes = pcp_getstdin("want to make this one the primary [yes|NO]?"); yes = pcp_getstdin("want to make this one the primary [yes|NO]?");
} } else {
else { fprintf(stderr, "The key %s is currently the primary secret,\n",
fprintf(stderr, "The key %s is currently the primary secret,\n", other->id); other->id);
yes = pcp_getstdin("want to make this one the primary instead [yes|NO]?"); yes = pcp_getstdin(
"want to make this one the primary instead [yes|NO]?");
} }
if(strncmp(yes, "yes", 1024) == 0) { if (strncmp(yes, "yes", 1024) == 0) {
key->type = PCP_KEY_TYPE_MAINSECRET; key->type = PCP_KEY_TYPE_MAINSECRET;
if(haveprimary) { if (haveprimary) {
fprintf(stderr, "other type: %d\n", other->type); fprintf(stderr, "other type: %d\n", other->type);
other->type = PCP_KEY_TYPE_SECRET; other->type = PCP_KEY_TYPE_SECRET;
fprintf(stderr, " new type: %d\n", other->type); fprintf(stderr, " new type: %d\n", other->type);
@@ -496,40 +475,39 @@ void pcpedit_key(char *keyid) {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase,
"Enter new passphrase for key encryption (press enter to keep current)", "Enter new passphrase for key encryption (press enter to "
"keep current)",
"Enter the passphrase again", 1, NULL); "Enter the passphrase again", 1, NULL);
if(strnlen(passphrase, 1024) > 0) { if (strnlen(passphrase, 1024) > 0) {
key = pcpkey_encrypt(ptx, key, passphrase); key = pcpkey_encrypt(ptx, key, passphrase);
sfree(passphrase); sfree(passphrase);
} }
if(key != NULL) { if (key != NULL) {
if(debug) if (debug)
pcp_dumpkey(key); pcp_dumpkey(key);
vault->unsafed = 1; /* will be safed automatically */ vault->unsafed = 1; /* will be safed automatically */
fprintf(stderr, "Key %s changed.\n", key->id); fprintf(stderr, "Key %s changed.\n", key->id);
} }
} }
} } else {
else {
fatal(ptx, "No key with id 0x%s found!\n", keyid); fatal(ptx, "No key with id 0x%s found!\n", keyid);
} }
} }
char *pcp_find_id_byrec(char *recipient) { char *pcp_find_id_byrec(char *recipient) {
pcp_pubkey_t *p; pcp_pubkey_t *p;
char *id = NULL; char *id = NULL;
_lc(recipient); _lc(recipient);
pcphash_iteratepub(ptx, p) { pcphash_iteratepub(ptx, p) {
if(strncmp(p->owner, recipient, 255) == 0) { if (strncmp(p->owner, recipient, 255) == 0) {
id = ucmalloc(17); id = ucmalloc(17);
strncpy(id, p->id, 17); strncpy(id, p->id, 17);
break; break;
} }
if(strncmp(p->mail, recipient, 255) == 0) { if (strncmp(p->mail, recipient, 255) == 0) {
id = ucmalloc(17); id = ucmalloc(17);
strncpy(id, p->id, 17); strncpy(id, p->id, 17);
break; break;
@@ -538,8 +516,7 @@ char *pcp_find_id_byrec(char *recipient) {
return id; return id;
} }
int pcp_import(vault_t *vault, FILE *in, char *passwd) {
int pcp_import (vault_t *vault, FILE *in, char *passwd) {
byte *buf = ucmalloc(PCP_BLOCK_SIZE); byte *buf = ucmalloc(PCP_BLOCK_SIZE);
size_t bufsize; size_t bufsize;
pcp_pubkey_t *pub = NULL; pcp_pubkey_t *pub = NULL;
@@ -553,97 +530,95 @@ int pcp_import (vault_t *vault, FILE *in, char *passwd) {
bufsize = ps_read(pin, buf, PCP_BLOCK_SIZE); bufsize = ps_read(pin, buf, PCP_BLOCK_SIZE);
if(bufsize == 0) { if (bufsize == 0) {
fatal(ptx, "Input file is empty!\n"); fatal(ptx, "Input file is empty!\n");
goto errimp1; goto errimp1;
} }
/* first try as rfc pub key */ /* first try as rfc pub key */
bundle = pcp_import_binpub(ptx, buf, bufsize); bundle = pcp_import_binpub(ptx, buf, bufsize);
if(bundle != NULL) { if (bundle != NULL) {
keysig = bundle->s; keysig = bundle->s;
pub = bundle->p; pub = bundle->p;
if(debug) if (debug)
pcp_dumppubkey(pub); pcp_dumppubkey(pub);
if(keysig == NULL) { if (keysig == NULL) {
fatals_ifany(ptx); fatals_ifany(ptx);
char *yes = pcp_getstdin("WARNING: signature doesn't verify, import anyway [yes|NO]?"); char *yes = pcp_getstdin(
if(strncmp(yes, "yes", 1024) != 0) { "WARNING: signature doesn't verify, import anyway [yes|NO]?");
if (strncmp(yes, "yes", 1024) != 0) {
free(yes); free(yes);
goto errimp2; goto errimp2;
} }
free(yes); free(yes);
} }
if(pcp_sanitycheck_pub(ptx, pub) == 0) { if (pcp_sanitycheck_pub(ptx, pub) == 0) {
if(pcpvault_addkey(ptx, vault, (void *)pub, PCP_KEY_TYPE_PUBLIC) == 0) { if (pcpvault_addkey(ptx, vault, (void *)pub, PCP_KEY_TYPE_PUBLIC) == 0) {
fprintf(stderr, "key 0x%s added to %s.\n", pub->id, vault->filename); fprintf(stderr, "key 0x%s added to %s.\n", pub->id, vault->filename);
/* avoid double free */ /* avoid double free */
success = 0; success = 0;
} } else
else
goto errimp2; goto errimp2;
if(keysig != NULL) { if (keysig != NULL) {
if(pcpvault_addkey(ptx, vault, keysig, keysig->type) != 0) { if (pcpvault_addkey(ptx, vault, keysig, keysig->type) != 0) {
/* FIXME: remove pubkey if storing the keysig failed */ /* FIXME: remove pubkey if storing the keysig failed */
goto errimp2; goto errimp2;
} }
} }
} } else
else
goto errimp2; goto errimp2;
} } else {
else {
/* it's not public key, so let's try to interpret it as secret key */ /* it's not public key, so let's try to interpret it as secret key */
if(ptx->verbose) if (ptx->verbose)
fatals_ifany(ptx); fatals_ifany(ptx);
if(passwd != NULL) { if (passwd != NULL) {
sk = pcp_import_secret(ptx, buf, bufsize, passwd); sk = pcp_import_secret(ptx, buf, bufsize, passwd);
} } else {
else {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase,
"Enter passphrase to decrypt the secret key file", NULL, 1, NULL); "Enter passphrase to decrypt the secret key file", NULL, 1,
NULL);
sk = pcp_import_secret(ptx, buf, bufsize, passphrase); sk = pcp_import_secret(ptx, buf, bufsize, passphrase);
sfree(passphrase); sfree(passphrase);
} }
if(sk == NULL) { if (sk == NULL) {
goto errimp2; goto errimp2;
} }
if(debug) if (debug)
pcp_dumpkey(sk); pcp_dumpkey(sk);
pcp_key_t *maybe = pcphash_keyexists(ptx, sk->id); pcp_key_t *maybe = pcphash_keyexists(ptx, sk->id);
if(maybe != NULL) { if (maybe != NULL) {
fatal(ptx, "Secretkey sanity check: there already exists a key with the id 0x%s\n", sk->id); fatal(ptx,
"Secretkey sanity check: there already exists a key with the id "
"0x%s\n",
sk->id);
goto errimp2; goto errimp2;
} }
/* store it */ /* store it */
if(passwd != NULL) { if (passwd != NULL) {
sk = pcpkey_encrypt(ptx, sk, passwd); sk = pcpkey_encrypt(ptx, sk, passwd);
} } else {
else {
char *passphrase; char *passphrase;
pcp_readpass(ptx, &passphrase, pcp_readpass(ptx, &passphrase, "Enter passphrase for key encryption",
"Enter passphrase for key encryption",
"Enter the passphrase again", 1, NULL); "Enter the passphrase again", 1, NULL);
if(strnlen(passphrase, 1024) > 0) { if (strnlen(passphrase, 1024) > 0) {
/* encrypt the key */ /* encrypt the key */
sk = pcpkey_encrypt(ptx, sk, passphrase); sk = pcpkey_encrypt(ptx, sk, passphrase);
sfree(passphrase); sfree(passphrase);
} } else {
else {
/* ask for confirmation if we shall store it in the clear */ /* ask for confirmation if we shall store it in the clear */
char *yes = pcp_getstdin( char *yes = pcp_getstdin("WARNING: secret key will be stored "
"WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?"); "unencrypted. Are you sure [yes|NO]?");
if(strncmp(yes, "yes", 1024) != 0) { if (strncmp(yes, "yes", 1024) != 0) {
free(yes); free(yes);
goto errimp1; goto errimp1;
} }
@@ -651,39 +626,38 @@ int pcp_import (vault_t *vault, FILE *in, char *passwd) {
} }
} }
if(sk != NULL) { if (sk != NULL) {
/* store it to the vault if we got it til here */ /* store it to the vault if we got it til here */
if(pcp_sanitycheck_key(ptx, sk) == 0) { if (pcp_sanitycheck_key(ptx, sk) == 0) {
if(pcp_storekey(sk) == 0) { if (pcp_storekey(sk) == 0) {
pcpkey_printshortinfo(sk); pcpkey_printshortinfo(sk);
success = 0; success = 0;
} }
} }
} }
} }
errimp2: errimp2:
if(keysig != NULL) { if (keysig != NULL) {
ucfree(keysig->blob, keysig->size); ucfree(keysig->blob, keysig->size);
ucfree(keysig, sizeof(pcp_keysig_t)); ucfree(keysig, sizeof(pcp_keysig_t));
} }
if(bundle != NULL) { if (bundle != NULL) {
free(bundle); free(bundle);
} }
if(pub != NULL) { if (pub != NULL) {
ucfree(pub, sizeof(pcp_pubkey_t)); ucfree(pub, sizeof(pcp_pubkey_t));
} }
if(sk != NULL) { if (sk != NULL) {
ucfree(sk, sizeof(pcp_key_t)); ucfree(sk, sizeof(pcp_key_t));
} }
ucfree(buf, bufsize); ucfree(buf, bufsize);
errimp1: errimp1:
ps_close(pin); ps_close(pin);
return success; return success;

32
src/keymgmt.h
View File

@@ -19,44 +19,44 @@
You can contact me by mail: <tlinden AT cpan DOT org>. You can contact me by mail: <tlinden AT cpan DOT org>.
*/ */
#ifndef _HAVE_KEYMGMT_H #ifndef _HAVE_KEYMGMT_H
#define _HAVE_KEYMGMT_H #define _HAVE_KEYMGMT_H
#include <unistd.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <time.h> #include <time.h>
#include <unistd.h>
#include <wctype.h> #include <wctype.h>
#include "randomart.h"
#include "key.h"
#include "pcp.h"
#include "vault.h"
#include "defines.h"
#include "readpass.h"
#include "keyprint.h"
#include "keyhash.h"
#include "util.h"
#include "buffer.h" #include "buffer.h"
#include "mgmt.h"
#include "context.h" #include "context.h"
#include "defines.h"
#include "key.h"
#include "keyhash.h"
#include "keyprint.h"
#include "mgmt.h"
#include "randomart.h"
#include "readpass.h"
#include "util.h"
#include "vault.h"
#define _WITH_GETLINE #define _WITH_GETLINE
char *pcp_getstdin(const char *prompt); char *pcp_getstdin(const char *prompt);
int pcp_storekey (pcp_key_t *key); int pcp_storekey(pcp_key_t *key);
void pcp_keygen(char *passwd); void pcp_keygen(char *passwd);
void pcp_listkeys(); void pcp_listkeys();
void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *passwd); void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor,
void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int armor); char *passwd);
void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format,
int armor);
pcp_key_t *pcp_getrsk(pcp_key_t *s, char *recipient, char *passwd); pcp_key_t *pcp_getrsk(pcp_key_t *s, char *recipient, char *passwd);
char *pcp_normalize_id(char *keyid); char *pcp_normalize_id(char *keyid);
pcp_key_t *pcp_find_primary_secret(); pcp_key_t *pcp_find_primary_secret();
int pcp_import (vault_t *vault, FILE *in, char *passwd); int pcp_import(vault_t *vault, FILE *in, char *passwd);
void pcpdelete_key(char *keyid); void pcpdelete_key(char *keyid);
char *pcp_find_id_byrec(char *recipient); char *pcp_find_id_byrec(char *recipient);

655
src/pcp.c
View File

@@ -19,43 +19,45 @@
You can contact me by mail: <tlinden AT cpan DOT org>. You can contact me by mail: <tlinden AT cpan DOT org>.
*/ */
#include "pcp.h" #include "pcp.h"
#include "defines.h" #include "defines.h"
vault_t *vault;
PCPCTX *ptx;
int debug;
void usage(int error) { void usage(int error) {
fprintf(stderr, PCP_HELP_INTRO); fprintf(stderr, PCP_HELP_INTRO);
if(error == 0) if (error == 0)
fprintf(stderr, PCP_HELP); fprintf(stderr, PCP_HELP);
version(); version();
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
void version() { void version() {
fprintf(stderr, "pcp version %d.%d.%d, use --help to learn how to use.\n", fprintf(stderr, "pcp version %d.%d.%d, use --help to learn how to use.\n",
PCP_VERSION_MAJOR, PCP_VERSION_MINOR, PCP_VERSION_PATCH); PCP_VERSION_MAJOR, PCP_VERSION_MINOR, PCP_VERSION_PATCH);
exit(0); exit(0);
} }
char *default_vault() { char *default_vault() {
char *path = ucmalloc(1024);; char *path = ucmalloc(1024);
;
snprintf(path, 1024, "%s/.pcpvault", getenv("HOME")); snprintf(path, 1024, "%s/.pcpvault", getenv("HOME"));
return path; return path;
} }
char *altin(char *infile, int stdinused) { char *altin(char *infile, int stdinused) {
if(infile == NULL && stdinused == 1) { if (infile == NULL && stdinused == 1) {
fprintf(stderr, "Error: cannot use <stdin> because -X had precedence!\n"); fprintf(stderr, "Error: cannot use <stdin> because -X had precedence!\n");
exit(1); exit(1);
} }
return infile; return infile;
} }
int main (int argc, char **argv) { int main(int argc, char **argv) {
int opt, mode, usevault, useid, userec, lo, armor, detach, \ int opt, mode, usevault, useid, userec, lo, armor, detach, signcrypt,
signcrypt, exportformat, anon, xpf; exportformat, anon, xpf;
char *vaultfile = default_vault(); char *vaultfile = default_vault();
char *outfile = NULL; char *outfile = NULL;
char *infile = NULL; char *infile = NULL;
@@ -86,290 +88,288 @@ int main (int argc, char **argv) {
ptx = ptx_new(); ptx = ptx_new();
static struct option longopts[] = { static struct option longopts[] = {
/* generics */ /* generics */
{ "vault", required_argument, NULL, 'V' }, {"vault", required_argument, NULL, 'V'},
{ "outfile", required_argument, NULL, 'O' }, {"outfile", required_argument, NULL, 'O'},
{ "infile", required_argument, NULL, 'I' }, {"infile", required_argument, NULL, 'I'},
{ "keyid", required_argument, NULL, 'i' }, {"keyid", required_argument, NULL, 'i'},
{ "text", required_argument, NULL, 't' }, {"text", required_argument, NULL, 't'},
{ "xpass", required_argument, NULL, 'x' }, {"xpass", required_argument, NULL, 'x'},
{ "password-file", required_argument, NULL, 'X' }, {"password-file", required_argument, NULL, 'X'},
{ "extpass", required_argument, NULL, LONG_EXTPASS }, {"extpass", required_argument, NULL, LONG_EXTPASS},
{ "recipient", required_argument, NULL, 'r' }, {"recipient", required_argument, NULL, 'r'},
/* key management */ /* key management */
{ "keygen", no_argument, NULL, 'k' }, {"keygen", no_argument, NULL, 'k'},
{ "listkeys", no_argument, NULL, 'l' }, {"listkeys", no_argument, NULL, 'l'},
{ "listkeys-verbose",no_argument, NULL, 'L' }, /* alias for -l -v */ {"listkeys-verbose", no_argument, NULL, 'L'}, /* alias for -l -v */
{ "export-secret", no_argument, NULL, 's' }, {"export-secret", no_argument, NULL, 's'},
{ "export-public", no_argument, NULL, 'p' }, {"export-public", no_argument, NULL, 'p'},
{ "export", no_argument, NULL, 'p' }, /* alias -p */ {"export", no_argument, NULL, 'p'}, /* alias -p */
{ "import", no_argument, NULL, 'K' }, /* alias -P */ {"import", no_argument, NULL, 'K'}, /* alias -P */
{ "import-key", no_argument, NULL, 'K' }, /* alias -K */ {"import-key", no_argument, NULL, 'K'}, /* alias -K */
{ "remove-key", no_argument, NULL, 'R' }, {"remove-key", no_argument, NULL, 'R'},
{ "edit-key", no_argument, NULL, 'E' }, {"edit-key", no_argument, NULL, 'E'},
{ "export-format", required_argument, NULL, 'F' }, {"export-format", required_argument, NULL, 'F'},
/* crypto */ /* crypto */
{ "encrypt", no_argument, NULL, 'e' }, {"encrypt", no_argument, NULL, 'e'},
{ "encrypt-sym", no_argument, NULL, 'm' }, {"encrypt-sym", no_argument, NULL, 'm'},
{ "decrypt", no_argument, NULL, 'd' }, {"decrypt", no_argument, NULL, 'd'},
{ "anonymous", no_argument, NULL, 'A' }, {"anonymous", no_argument, NULL, 'A'},
{ "add-myself", no_argument, NULL, 'M' }, {"add-myself", no_argument, NULL, 'M'},
{ "checksum", no_argument, NULL, 'C' }, {"checksum", no_argument, NULL, 'C'},
/* encoding */ /* encoding */
{ "z85-encode", no_argument, NULL, 'z' }, {"z85-encode", no_argument, NULL, 'z'},
{ "armor", no_argument, NULL, 'a' }, /* alias -z */ {"armor", no_argument, NULL, 'a'}, /* alias -z */
{ "textmode", no_argument, NULL, 'a' }, /* alias -z */ {"textmode", no_argument, NULL, 'a'}, /* alias -z */
{ "z85-decode", no_argument, NULL, 'Z' }, {"z85-decode", no_argument, NULL, 'Z'},
{ "json-io", no_argument, NULL, 'j' }, {"json-io", no_argument, NULL, 'j'},
/* globals */ /* globals */
{ "help", no_argument, NULL, 'h' }, {"help", no_argument, NULL, 'h'},
{ "version", no_argument, NULL, '0' }, /* no short opt, FIXME: how to avoid? */ {"version", no_argument, NULL,
{ "verbose", no_argument, NULL, 'v' }, '0'}, /* no short opt, FIXME: how to avoid? */
{ "debug", no_argument, NULL, 'D' }, {"verbose", no_argument, NULL, 'v'},
{"debug", no_argument, NULL, 'D'},
/* signing */ /* signing */
{ "sign", no_argument, NULL, 'g' }, {"sign", no_argument, NULL, 'g'},
{ "check-signature", no_argument, NULL, 'c' }, {"check-signature", no_argument, NULL, 'c'},
{ "sigfile", required_argument, NULL, 'f' }, {"sigfile", required_argument, NULL, 'f'},
{ NULL, 0, NULL, 0 } {NULL, 0, NULL, 0}};
};
while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcmf:b1F:0KAMX:jC", while ((opt = getopt_long(argc, argv,
"klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcmf:b1F:0KAMX:jC",
longopts, NULL)) != -1) { longopts, NULL)) != -1) {
switch (opt) {
case 0:
switch(lo) {
case 's':
printf("sign\n");
break;
}
break;
case 'k':
mode += PCP_MODE_KEYGEN;
usevault = 1;
break;
case 'L':
ptx->verbose = 1; /* no break by purpose, turn on -l */
case 'l':
mode += PCP_MODE_LISTKEYS;
usevault = 1;
break;
switch (opt) {
case 0:
switch (lo) {
case 's': case 's':
mode += PCP_MODE_EXPORT_SECRET; printf("sign\n");
usevault = 1;
break;
case 'p':
mode += PCP_MODE_EXPORT_PUBLIC;
usevault = 1;
break;
case 'K':
mode += PCP_MODE_IMPORT;
usevault = 1;
break;
case 'R':
mode += PCP_MODE_DELETE_KEY;
usevault = 1;
break;
case 't':
mode += PCP_MODE_TEXT;
usevault = 0;
break;
case 'E':
mode += PCP_MODE_EDIT;
usevault = 1;
break;
case 'e':
mode += PCP_MODE_ENCRYPT;
usevault = 1;
break;
case 'm':
mode += PCP_MODE_ENCRYPT_ME;
break;
case 'd':
mode += PCP_MODE_DECRYPT;
usevault = 1;
break;
case 'z':
case 'a':
armor = 1;
break;
case 'Z':
armor = 2;
break;
case 'A':
anon = 1;
break;
case 'F':
if(strncmp(optarg, "pbp", 3) == 0) {
exportformat = EXP_FORMAT_PBP;
}
else if(strncmp(optarg, "pcp", 3) == 0) {
exportformat = EXP_FORMAT_NATIVE;
}
else {
fprintf(stderr, "WARN: Unknown export format specified, using native\n");
exportformat = EXP_FORMAT_NATIVE;
}
break;
case 'j':
#ifdef HAVE_JSON
ptx->json = 1;
#else
fprintf(stderr, "WARN: -j set, but no JSON support compiled in. Recompile with --with-json\n");
#endif
break;
case 'g':
mode += PCP_MODE_SIGN;
usevault = 1;
break;
case 'c':
mode += PCP_MODE_VERIFY;
usevault = 1;
break;
case 'C':
mode += PCP_MODE_CHECKSUM;
break;
case 'f':
sigfile = ucmalloc(strlen(optarg)+1);
strncpy(sigfile, optarg, strlen(optarg)+1);
detach = 1;
break; break;
}
break;
case 'V': case 'k':
strncpy(vaultfile, optarg, 1024); mode += PCP_MODE_KEYGEN;
break; usevault = 1;
case 'O': break;
if(strncmp(optarg, "-", 2) > 0) { case 'L':
outfile = ucmalloc(strlen(optarg)+1); ptx->verbose = 1; /* no break by purpose, turn on -l */
strncpy(outfile, optarg, strlen(optarg)+1); case 'l':
} mode += PCP_MODE_LISTKEYS;
break; usevault = 1;
case 'I': break;
if(strncmp(optarg, "-", 2) > 0) {
infile = ucmalloc(strlen(optarg)+1); case 's':
strncpy(infile, optarg, strlen(optarg)+1); mode += PCP_MODE_EXPORT_SECRET;
} usevault = 1;
break; break;
case 'X': case 'p':
xpassfile = ucmalloc(strlen(optarg)+1); mode += PCP_MODE_EXPORT_PUBLIC;
strncpy(xpassfile, optarg, strlen(optarg)+1); usevault = 1;
xpf = 1; break;
break; case 'K':
case 'i': mode += PCP_MODE_IMPORT;
keyid = ucmalloc(19); usevault = 1;
strncpy(keyid, optarg, 19); break;
useid = 1; case 'R':
break; mode += PCP_MODE_DELETE_KEY;
case 'x': usevault = 1;
xpass = smalloc(strlen(optarg)+1); break;
strncpy(xpass, optarg, strlen(optarg)+1); case 't':
break; mode += PCP_MODE_TEXT;
case LONG_EXTPASS: usevault = 0;
askpass = malloc(strlen(optarg)+1); break;
strncpy(askpass, optarg, strlen(optarg)+1); case 'E':
break; mode += PCP_MODE_EDIT;
case 'r': usevault = 1;
p_add(&recipient, optarg); break;
userec = 1; case 'e':
break; mode += PCP_MODE_ENCRYPT;
case 'M': usevault = 1;
p_add_me(&recipient); break;
userec = 1; case 'm':
break; mode += PCP_MODE_ENCRYPT_ME;
case 'D': break;
debug = 1; case 'd':
break; mode += PCP_MODE_DECRYPT;
case '0': usevault = 1;
version(); break;
case 'v': case 'z':
ptx->verbose = 1; case 'a':
break; armor = 1;
case 'h': break;
usage(0); case 'Z':
default: armor = 2;
usage(1); break;
case 'A':
anon = 1;
break;
case 'F':
if (strncmp(optarg, "pbp", 3) == 0) {
exportformat = EXP_FORMAT_PBP;
} else if (strncmp(optarg, "pcp", 3) == 0) {
exportformat = EXP_FORMAT_NATIVE;
} else {
fprintf(stderr,
"WARN: Unknown export format specified, using native\n");
exportformat = EXP_FORMAT_NATIVE;
}
break;
case 'j':
#ifdef HAVE_JSON
ptx->json = 1;
#else
fprintf(stderr, "WARN: -j set, but no JSON support compiled in. "
"Recompile with --with-json\n");
#endif
break;
case 'g':
mode += PCP_MODE_SIGN;
usevault = 1;
break;
case 'c':
mode += PCP_MODE_VERIFY;
usevault = 1;
break;
case 'C':
mode += PCP_MODE_CHECKSUM;
break;
case 'f':
sigfile = ucmalloc(strlen(optarg) + 1);
strncpy(sigfile, optarg, strlen(optarg) + 1);
detach = 1;
break;
case 'V':
strncpy(vaultfile, optarg, 1024);
break;
case 'O':
if (strncmp(optarg, "-", 2) > 0) {
outfile = ucmalloc(strlen(optarg) + 1);
strncpy(outfile, optarg, strlen(optarg) + 1);
}
break;
case 'I':
if (strncmp(optarg, "-", 2) > 0) {
infile = ucmalloc(strlen(optarg) + 1);
strncpy(infile, optarg, strlen(optarg) + 1);
}
break;
case 'X':
xpassfile = ucmalloc(strlen(optarg) + 1);
strncpy(xpassfile, optarg, strlen(optarg) + 1);
xpf = 1;
break;
case 'i':
keyid = ucmalloc(19);
strncpy(keyid, optarg, 19);
useid = 1;
break;
case 'x':
xpass = smalloc(strlen(optarg) + 1);
strncpy(xpass, optarg, strlen(optarg) + 1);
break;
case LONG_EXTPASS:
askpass = malloc(strlen(optarg) + 1);
strncpy(askpass, optarg, strlen(optarg) + 1);
break;
case 'r':
p_add(&recipient, optarg);
userec = 1;
break;
case 'M':
p_add_me(&recipient);
userec = 1;
break;
case 'D':
debug = 1;
break;
case '0':
version();
case 'v':
ptx->verbose = 1;
break;
case 'h':
usage(0);
default:
usage(1);
} }
} }
argc -= optind; argc -= optind;
argv += optind; argv += optind;
if(mode == 0) { if (mode == 0) {
/* turn -z|-Z into a mode if there's nothing else specified */ /* turn -z|-Z into a mode if there's nothing else specified */
if(armor == 1) { if (armor == 1) {
mode = PCP_MODE_ZENCODE; mode = PCP_MODE_ZENCODE;
} } else if (armor == 2) {
else if(armor == 2) {
mode = PCP_MODE_ZDECODE; mode = PCP_MODE_ZDECODE;
} } else {
else {
version(); version();
return 1; return 1;
} }
} }
if(mode == PCP_MODE_ENCRYPT + PCP_MODE_SIGN) { if (mode == PCP_MODE_ENCRYPT + PCP_MODE_SIGN) {
mode = PCP_MODE_ENCRYPT; mode = PCP_MODE_ENCRYPT;
signcrypt = 1; signcrypt = 1;
} }
if(mode == PCP_MODE_DECRYPT + PCP_MODE_VERIFY) { if (mode == PCP_MODE_DECRYPT + PCP_MODE_VERIFY) {
mode = PCP_MODE_DECRYPT; mode = PCP_MODE_DECRYPT;
signcrypt = 1; signcrypt = 1;
} }
#ifndef DEBUG #ifndef DEBUG
# ifdef HAVE_SETRLIMIT #ifdef HAVE_SETRLIMIT
setrlimit(RLIMIT_CORE, &(struct rlimit) {0, 0}); setrlimit(RLIMIT_CORE, &(struct rlimit){0, 0});
# endif #endif
#endif #endif
errno = 0; /* FIXME: workaround for https://github.com/jedisct1/libsodium/issues/114 */ errno = 0; /* FIXME: workaround for
https://github.com/jedisct1/libsodium/issues/114 */
if(mode == PCP_MODE_ENCRYPT && useid == 0 && userec == 0) { if (mode == PCP_MODE_ENCRYPT && useid == 0 && userec == 0) {
usevault = 0; usevault = 0;
mode = PCP_MODE_ENCRYPT_ME; mode = PCP_MODE_ENCRYPT_ME;
} }
if(argc >= 1) { if (argc >= 1) {
/* ok, there are arguments left on the commandline. /* ok, there are arguments left on the commandline.
treat it as filename or recipient, depending on treat it as filename or recipient, depending on
current mode and other given parameters */ current mode and other given parameters */
extra = ucmalloc(strlen(argv[0])+1); extra = ucmalloc(strlen(argv[0]) + 1);
strncpy(extra, argv[0], strlen(argv[0])+1); strncpy(extra, argv[0], strlen(argv[0]) + 1);
int useex = 0; int useex = 0;
switch (mode) { switch (mode) {
case PCP_MODE_DECRYPT: case PCP_MODE_DECRYPT:
if(infile == NULL) { if (infile == NULL) {
infile = extra; infile = extra;
useex = 1; useex = 1;
} }
break; break;
case PCP_MODE_ENCRYPT: case PCP_MODE_ENCRYPT:
if(infile == NULL) { if (infile == NULL) {
infile = extra; infile = extra;
useex = 1; useex = 1;
} } else if (userec == 0 && useid == 0) {
else if(userec == 0 && useid == 0) {
userec = 1; userec = 1;
int i; int i;
for (i=0; i<argc; i++) { for (i = 0; i < argc; i++) {
p_add(&recipient, argv[i]); p_add(&recipient, argv[i]);
} }
} }
break; break;
case PCP_MODE_IMPORT: case PCP_MODE_IMPORT:
if(infile == NULL) { if (infile == NULL) {
infile = extra; infile = extra;
useex = 1; useex = 1;
} }
@@ -377,11 +377,10 @@ int main (int argc, char **argv) {
case PCP_MODE_EXPORT_SECRET: case PCP_MODE_EXPORT_SECRET:
case PCP_MODE_EXPORT_PUBLIC: case PCP_MODE_EXPORT_PUBLIC:
if(outfile == NULL) { if (outfile == NULL) {
outfile = extra; outfile = extra;
useex = 1; useex = 1;
} } else if (useid == 0 && userec == 0) {
else if(useid == 0 && userec == 0) {
p_add(&recipient, extra); p_add(&recipient, extra);
useex = 1; useex = 1;
userec = 1; userec = 1;
@@ -389,11 +388,10 @@ int main (int argc, char **argv) {
break; break;
case PCP_MODE_VERIFY: case PCP_MODE_VERIFY:
if(infile == NULL) { if (infile == NULL) {
infile = extra; infile = extra;
useex = 1; useex = 1;
} } else if (useid == 0) {
else if (useid == 0) {
id = extra; id = extra;
useid = 1; useid = 1;
useex = 1; useex = 1;
@@ -401,61 +399,60 @@ int main (int argc, char **argv) {
break; break;
case PCP_MODE_SIGN: case PCP_MODE_SIGN:
if(infile == NULL) { if (infile == NULL) {
infile = extra; infile = extra;
useex = 1; useex = 1;
} } else if (outfile == NULL && detach == 0) {
else if(outfile == NULL && detach == 0) {
outfile = extra; outfile = extra;
useex = 1; useex = 1;
} }
break; break;
} }
if(! useex) if (!useex)
free(extra); free(extra);
} }
if(xpassfile != NULL) { if (xpassfile != NULL) {
if(pcp_readpass(ptx, &xpass, "passphrase", NULL, 0, xpassfile) != 0) if (pcp_readpass(ptx, &xpass, "passphrase", NULL, 0, xpassfile) != 0)
goto perr1; goto perr1;
if(xpassfile[0] != '-') if (xpassfile[0] != '-')
xpf = 0; xpf = 0;
free(xpassfile); free(xpassfile);
} }
if(askpass != NULL) { if (askpass != NULL) {
if(pcp_readpass_fromprog(ptx, &xpass, askpass) != 0) if (pcp_readpass_fromprog(ptx, &xpass, askpass) != 0)
goto perr1; goto perr1;
} }
/* check if there's some enviroment we could use */ /* check if there's some enviroment we could use */
if(usevault == 1) { if (usevault == 1) {
char *_vaultfile = getenv("PCP_VAULT"); char *_vaultfile = getenv("PCP_VAULT");
if(_vaultfile != NULL) { if (_vaultfile != NULL) {
strncpy(vaultfile, _vaultfile, strlen(_vaultfile)+1); strncpy(vaultfile, _vaultfile, strlen(_vaultfile) + 1);
} }
} }
if(debug == 0) { if (debug == 0) {
char *_debug = getenv("PCP_DEBUG"); char *_debug = getenv("PCP_DEBUG");
if(_debug != NULL) { if (_debug != NULL) {
debug = 1; debug = 1;
} }
} }
if(usevault == 1) { if (usevault == 1) {
vault = pcpvault_init(ptx, vaultfile); vault = pcpvault_init(ptx, vaultfile);
/* special case: ignore vault error in decrypt mode. sym decrypt doesn't /* special case: ignore vault error in decrypt mode. sym decrypt doesn't
need it and asym will just fail without keys. */ need it and asym will just fail without keys. */
if(vault == NULL && mode == PCP_MODE_DECRYPT) { if (vault == NULL && mode == PCP_MODE_DECRYPT) {
/* use an empty one */ /* use an empty one */
vault = pcpvault_init(ptx, "/dev/null"); vault = pcpvault_init(ptx, "/dev/null");
fatals_reset(ptx); fatals_reset(ptx);
} }
if(vault != NULL) { if (vault != NULL) {
switch (mode) { switch (mode) {
case PCP_MODE_KEYGEN: case PCP_MODE_KEYGEN:
pcp_keygen(xpass); pcp_keygen(xpass);
break; break;
@@ -464,33 +461,31 @@ int main (int argc, char **argv) {
break; break;
case PCP_MODE_EXPORT_SECRET: case PCP_MODE_EXPORT_SECRET:
if(useid) { if (useid) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if (id != NULL) {
pcp_exportsecret(id, useid, outfile, armor, xpass); pcp_exportsecret(id, useid, outfile, armor, xpass);
} }
} } else {
else {
pcp_exportsecret(NULL, useid, outfile, armor, xpass); pcp_exportsecret(NULL, useid, outfile, armor, xpass);
} }
break; break;
case PCP_MODE_EXPORT_PUBLIC: case PCP_MODE_EXPORT_PUBLIC:
if(useid) { if (useid) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id == NULL) if (id == NULL)
break; break;
} }
pcp_exportpublic(id, xpass, outfile, exportformat, armor); pcp_exportpublic(id, xpass, outfile, exportformat, armor);
break; break;
case PCP_MODE_IMPORT: case PCP_MODE_IMPORT:
if(infile == NULL) { if (infile == NULL) {
altin(NULL, xpf); altin(NULL, xpf);
in = stdin; in = stdin;
} } else {
else { if ((in = fopen(infile, "rb")) == NULL) {
if((in = fopen(infile, "rb")) == NULL) {
fatal(ptx, "Could not open input file %s\n", infile); fatal(ptx, "Could not open input file %s\n", infile);
break; break;
} }
@@ -499,77 +494,76 @@ int main (int argc, char **argv) {
break; break;
case PCP_MODE_DELETE_KEY: case PCP_MODE_DELETE_KEY:
if(useid) { if (useid) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if (id != NULL) {
pcpdelete_key(id); pcpdelete_key(id);
} }
} } else {
else {
fatal(ptx, "You need to specify a key id (--keyid)!\n"); fatal(ptx, "You need to specify a key id (--keyid)!\n");
} }
break; break;
case PCP_MODE_EDIT: case PCP_MODE_EDIT:
if(useid) { if (useid) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if (id != NULL) {
pcpedit_key(id); pcpedit_key(id);
} }
} } else {
else {
fatal(ptx, "You need to specify a key id (--keyid)!\n"); fatal(ptx, "You need to specify a key id (--keyid)!\n");
} }
break; break;
case PCP_MODE_ENCRYPT: case PCP_MODE_ENCRYPT:
if(useid == 1 && userec == 0) { if (useid == 1 && userec == 0) {
/* one dst, FIXME: make id a list as well */ /* one dst, FIXME: make id a list as well */
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
pcpencrypt(id, altin(infile, xpf), outfile, xpass, NULL, signcrypt, armor, anon); pcpencrypt(id, altin(infile, xpf), outfile, xpass, NULL, signcrypt,
} armor, anon);
else if(useid == 0 && userec == 1) { } else if (useid == 0 && userec == 1) {
/* multiple dst */ /* multiple dst */
pcpencrypt(NULL, altin(infile, xpf), outfile, xpass, recipient, signcrypt, armor, anon); pcpencrypt(NULL, altin(infile, xpf), outfile, xpass, recipient,
} signcrypt, armor, anon);
else { } else {
/* -i and -r specified */ /* -i and -r specified */
fatal(ptx, "You can't specify both -i and -r, use either -i or -r!\n"); fatal(ptx,
"You can't specify both -i and -r, use either -i or -r!\n");
} }
break; break;
case PCP_MODE_DECRYPT: case PCP_MODE_DECRYPT:
if(useid) { if (useid) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if (id != NULL) {
pcpdecrypt(id, useid, altin(infile, xpf), outfile, xpass, signcrypt); pcpdecrypt(id, useid, altin(infile, xpf), outfile, xpass,
signcrypt);
} }
} } else {
else { pcpdecrypt(NULL, useid, altin(infile, xpf), outfile, xpass,
pcpdecrypt(NULL, useid, altin(infile, xpf), outfile, xpass, signcrypt); signcrypt);
} }
break; break;
case PCP_MODE_SIGN: case PCP_MODE_SIGN:
if(detach) { if (detach) {
if(outfile != NULL && sigfile != NULL) if (outfile != NULL && sigfile != NULL)
fatal(ptx, "You can't both specify -O and -f, use -O for std signatures and -f for detached ones\n"); fatal(ptx, "You can't both specify -O and -f, use -O for std "
"signatures and -f for detached ones\n");
else else
pcpsign(altin(infile, xpf), sigfile, xpass, armor, detach); pcpsign(altin(infile, xpf), sigfile, xpass, armor, detach);
} } else
else
pcpsign(altin(infile, xpf), outfile, xpass, armor, detach); pcpsign(altin(infile, xpf), outfile, xpass, armor, detach);
break; break;
case PCP_MODE_VERIFY: case PCP_MODE_VERIFY:
if(useid) { if (useid) {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if (id != NULL) {
pcpverify(altin(infile, xpf), sigfile, id, detach); pcpverify(altin(infile, xpf), sigfile, id, detach);
} }
} } else {
else {
pcpverify(altin(infile, xpf), sigfile, NULL, detach); pcpverify(altin(infile, xpf), sigfile, NULL, detach);
} }
break; break;
@@ -581,14 +575,13 @@ int main (int argc, char **argv) {
} }
pcpvault_close(ptx, vault); pcpvault_close(ptx, vault);
} }
} } else {
else {
ELSEMODE: ELSEMODE:
switch (mode) { switch (mode) {
case PCP_MODE_ZENCODE: case PCP_MODE_ZENCODE:
pcpz85_encode(infile, outfile); pcpz85_encode(infile, outfile);
break; break;
case PCP_MODE_ZDECODE: case PCP_MODE_ZDECODE:
pcpz85_decode(infile, outfile); pcpz85_decode(infile, outfile);
break; break;
@@ -598,17 +591,15 @@ int main (int argc, char **argv) {
break; break;
case PCP_MODE_TEXT: case PCP_MODE_TEXT:
if(infile != NULL) { if (infile != NULL) {
pcptext_infile(infile); pcptext_infile(infile);
} } else {
else {
vault = pcpvault_init(ptx, vaultfile); vault = pcpvault_init(ptx, vaultfile);
if(! useid && infile == NULL) { if (!useid && infile == NULL) {
pcptext_vault(vault); pcptext_vault(vault);
} } else {
else {
id = pcp_normalize_id(keyid); id = pcp_normalize_id(keyid);
if(id != NULL) { if (id != NULL) {
pcptext_key(id); pcptext_key(id);
} }
} }
@@ -616,54 +607,54 @@ int main (int argc, char **argv) {
} }
break; break;
case PCP_MODE_CHECKSUM: case PCP_MODE_CHECKSUM:
if(infile == NULL) { if (infile == NULL) {
if(argc == 0) { if (argc == 0) {
char *list[1]; char *list[1];
list[0] = NULL; list[0] = NULL;
pcpchecksum(list, 1, xpass); pcpchecksum(list, 1, xpass);
} } else {
else {
pcpchecksum(argv, argc, xpass); pcpchecksum(argv, argc, xpass);
} }
} } else {
else {
char *list[1]; char *list[1];
list[0] = infile; list[0] = infile;
pcpchecksum(list, 1, xpass); pcpchecksum(list, 1, xpass);
} }
break; break;
default: default:
/* mode params mixed */ /* mode params mixed */
fatal(ptx, "Sorry, invalid combination of commandline parameters (0x%04X)!\n", mode); fatal(ptx,
break; "Sorry, invalid combination of commandline parameters (0x%04X)!\n",
mode);
break;
} }
} }
perr1: perr1:
fatals_ifany(ptx); fatals_ifany(ptx);
int e = ptx->pcp_exit; int e = ptx->pcp_exit;
ptx_clean(ptx); ptx_clean(ptx);
if(infile != NULL) if (infile != NULL)
free(infile); free(infile);
if(outfile != NULL) if (outfile != NULL)
free(outfile); free(outfile);
if(vaultfile != NULL) if (vaultfile != NULL)
free(vaultfile); free(vaultfile);
if(sigfile != NULL) if (sigfile != NULL)
free(sigfile); free(sigfile);
if(xpass != NULL) if (xpass != NULL)
sfree(xpass); sfree(xpass);
if(askpass != NULL) if (askpass != NULL)
free(askpass); free(askpass);
if(xpassfile != NULL) if (xpassfile != NULL)
free(xpassfile); free(xpassfile);
if(recipient != NULL) if (recipient != NULL)
p_clean(recipient); p_clean(recipient);
if(id != NULL) if (id != NULL)
free(id); free(id);
if(keyid != NULL) if (keyid != NULL)
free(keyid); free(keyid);
return e; return e;
} }

75
src/pcp.h
View File

@@ -19,58 +19,58 @@
You can contact me by mail: <tlinden AT cpan DOT org>. You can contact me by mail: <tlinden AT cpan DOT org>.
*/ */
#ifndef _HAVE_PCP_H #ifndef _HAVE_PCP_H
#define _HAVE_PCP_H #define _HAVE_PCP_H
#include <unistd.h> #include <compat_getopt.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <compat_getopt.h> #include <unistd.h>
#ifndef DEBUG #ifndef DEBUG
# ifdef HAVE_SETRLIMIT #ifdef HAVE_SETRLIMIT
# include <sys/types.h> #include <sys/resource.h>
# include <sys/time.h> #include <sys/time.h>
# include <sys/resource.h> #include <sys/types.h>
# endif #endif
#endif #endif
/* lib */ /* lib */
#include "mem.h"
#include "z85.h"
#include "zmq_z85.h"
#include "z85util.h"
#include "version.h"
#include "vault.h"
#include "context.h" #include "context.h"
#include "mem.h"
#include "vault.h"
#include "version.h"
#include "z85.h"
#include "z85util.h"
#include "zmq_z85.h"
/* subs */ /* subs */
#include "keymgmt.h"
#include "usage.h"
#include "encryption.h" #include "encryption.h"
#include "signature.h"
#include "keyhash.h" #include "keyhash.h"
#include "keymgmt.h"
#include "plist.h" #include "plist.h"
#include "signature.h"
#include "usage.h"
/* operation modi */ /* operation modi */
/* perl -e '$x=0; while ($x<100000) { $x++; $x *= 1.7; printf "0x%08X: %d\n", $x, $x }' */ /* perl -e '$x=0; while ($x<100000) { $x++; $x *= 1.7; printf "0x%08X: %d\n",
#define PCP_MODE_KEYGEN 0x00000001 * $x, $x }' */
#define PCP_MODE_LISTKEYS 0x00000004 #define PCP_MODE_KEYGEN 0x00000001
#define PCP_MODE_LISTKEYS 0x00000004
#define PCP_MODE_EXPORT_SECRET 0x00000009 #define PCP_MODE_EXPORT_SECRET 0x00000009
#define PCP_MODE_EXPORT_PUBLIC 0x00000011 #define PCP_MODE_EXPORT_PUBLIC 0x00000011
#define PCP_MODE_IMPORT 0x00000020 #define PCP_MODE_IMPORT 0x00000020
#define PCP_MODE_ENCRYPT_ME 0x00000038 #define PCP_MODE_ENCRYPT_ME 0x00000038
#define PCP_MODE_DELETE_KEY 0x00000061 #define PCP_MODE_DELETE_KEY 0x00000061
#define PCP_MODE_TEXT 0x000000A6 #define PCP_MODE_TEXT 0x000000A6
#define PCP_MODE_EDIT 0x0000011D #define PCP_MODE_EDIT 0x0000011D
#define PCP_MODE_ENCRYPT 0x000001E7 #define PCP_MODE_ENCRYPT 0x000001E7
#define PCP_MODE_DECRYPT 0x0000033D #define PCP_MODE_DECRYPT 0x0000033D
#define PCP_MODE_ZENCODE 0x00000584 #define PCP_MODE_ZENCODE 0x00000584
#define PCP_MODE_ZDECODE 0x00000962 #define PCP_MODE_ZDECODE 0x00000962
#define PCP_MODE_SIGN 0x00000FF6 #define PCP_MODE_SIGN 0x00000FF6
#define PCP_MODE_VERIFY 0x00001B25 #define PCP_MODE_VERIFY 0x00001B25
#define PCP_MODE_CHECKSUM 0x00002E27 #define PCP_MODE_CHECKSUM 0x00002E27
/* /*
0x00001B25 0x00001B25
@@ -82,15 +82,16 @@
0x00028F70 0x00028F70
*/ */
#define PCP_HELP_INTRO "This is Pretty Curved Privacy. Licensed under the GPLv3. This is\n" \ #define PCP_HELP_INTRO \
"BETA software. Use with care. NOT intended for production use.\n" "This is Pretty Curved Privacy. Licensed under the GPLv3. This is\n" \
"BETA software. Use with care. NOT intended for production use.\n"
#define LONG_EXTPASS 515 #define LONG_EXTPASS 515
/* some globals */ /* some globals */
vault_t *vault; extern vault_t *vault;
PCPCTX *ptx; extern PCPCTX *ptx;
int debug; extern int debug;
void version(); void version();
void usage(); void usage();

55
src/z85util.c
View File

@@ -19,26 +19,25 @@
You can contact me by mail: <tlinden AT cpan DOT org>. You can contact me by mail: <tlinden AT cpan DOT org>.
*/ */
#include "z85util.h" #include "z85util.h"
int pcpz85_encode(char *infile, char *outfile) { int pcpz85_encode(char *infile, char *outfile) {
FILE *in; FILE *in;
FILE *out; FILE *out;
if(infile == NULL) if (infile == NULL)
in = stdin; in = stdin;
else { else {
if((in = fopen(infile, "rb")) == NULL) { if ((in = fopen(infile, "rb")) == NULL) {
fatal(ptx, "Could not open input file %s\n", infile); fatal(ptx, "Could not open input file %s\n", infile);
goto errz1; goto errz1;
} }
} }
if(outfile == NULL) if (outfile == NULL)
out = stdout; out = stdout;
else { else {
if((out = fopen(outfile, "wb+")) == NULL) { if ((out = fopen(outfile, "wb+")) == NULL) {
fatal(ptx, "Could not open output file %s\n", outfile); fatal(ptx, "Could not open output file %s\n", outfile);
goto errz1; goto errz1;
} }
@@ -47,18 +46,18 @@ int pcpz85_encode(char *infile, char *outfile) {
byte *input = NULL; byte *input = NULL;
size_t inputBufSize = 0; size_t inputBufSize = 0;
byte onebyte[1]; byte onebyte[1];
while(!feof(in)) { while (!feof(in)) {
if(!fread(&onebyte, 1, 1, in)) if (!fread(&onebyte, 1, 1, in))
break; break;
byte *tmp = realloc(input, inputBufSize + 1); byte *tmp = realloc(input, inputBufSize + 1);
input = tmp; input = tmp;
memmove(&input[inputBufSize], onebyte, 1); memmove(&input[inputBufSize], onebyte, 1);
inputBufSize ++; inputBufSize++;
} }
fclose(in); fclose(in);
if(inputBufSize == 0) { if (inputBufSize == 0) {
fatal(ptx, "Input file is empty!\n"); fatal(ptx, "Input file is empty!\n");
goto errz2; goto errz2;
} }
@@ -66,9 +65,9 @@ int pcpz85_encode(char *infile, char *outfile) {
size_t zlen; size_t zlen;
char *encoded = pcp_z85_encode(input, inputBufSize, &zlen, 1); char *encoded = pcp_z85_encode(input, inputBufSize, &zlen, 1);
if(encoded != NULL) { if (encoded != NULL) {
fprintf(out, "%s\n%s\n%s\n", PCP_ZFILE_HEADER, encoded, PCP_ZFILE_FOOTER); fprintf(out, "%s\n%s\n%s\n", PCP_ZFILE_HEADER, encoded, PCP_ZFILE_FOOTER);
if(ferror(out) != 0) { if (ferror(out) != 0) {
fatal(ptx, "Failed to write z85 output!\n"); fatal(ptx, "Failed to write z85 output!\n");
} }
free(encoded); free(encoded);
@@ -77,33 +76,30 @@ int pcpz85_encode(char *infile, char *outfile) {
return 0; return 0;
errz2: errz2:
free(input); free(input);
errz1: errz1:
return 1; return 1;
} }
int pcpz85_decode(char *infile, char *outfile) { int pcpz85_decode(char *infile, char *outfile) {
FILE *in; FILE *in;
FILE *out; FILE *out;
if(infile == NULL) if (infile == NULL)
in = stdin; in = stdin;
else { else {
if((in = fopen(infile, "rb")) == NULL) { if ((in = fopen(infile, "rb")) == NULL) {
fatal(ptx, "Could not open input file %s\n", infile); fatal(ptx, "Could not open input file %s\n", infile);
goto errdz1; goto errdz1;
} }
} }
if(outfile == NULL) if (outfile == NULL)
out = stdout; out = stdout;
else { else {
if((out = fopen(outfile, "wb+")) == NULL) { if ((out = fopen(outfile, "wb+")) == NULL) {
fatal(ptx, "Could not open output file %s\n", outfile); fatal(ptx, "Could not open output file %s\n", outfile);
goto errdz1; goto errdz1;
} }
@@ -111,20 +107,17 @@ int pcpz85_decode(char *infile, char *outfile) {
char *encoded = pcp_readz85file(ptx, in); char *encoded = pcp_readz85file(ptx, in);
if(encoded == NULL) if (encoded == NULL)
goto errdz1; goto errdz1;
size_t clen; size_t clen;
byte *decoded = pcp_z85_decode(ptx, encoded, &clen); byte *decoded = pcp_z85_decode(ptx, encoded, &clen);
if (decoded == NULL)
if(decoded == NULL)
goto errdz2; goto errdz2;
fwrite(decoded, clen, 1, out); fwrite(decoded, clen, 1, out);
fclose(out); if (fclose(out) != 0) {
if(ferror(out) != 0) {
fatal(ptx, "Failed to write decoded output!\n"); fatal(ptx, "Failed to write decoded output!\n");
goto errdz3; goto errdz3;
} }
@@ -133,12 +126,12 @@ int pcpz85_decode(char *infile, char *outfile) {
free(decoded); free(decoded);
return 0; return 0;
errdz3: errdz3:
free(decoded); free(decoded);
errdz2: errdz2:
free(encoded); free(encoded);
errdz1: errdz1:
return 1; return 1;
} }

27
tests/iotests.cfg
View File

@@ -20,17 +20,20 @@
# You can contact me by mail: <tlinden AT cpan DOT org>. # You can contact me by mail: <tlinden AT cpan DOT org>.
# #
pcp=../src/pcp1 pcp=../pcp
vault=v1 vault=v1
passwd=xxx passwd=xxx
md5msg=66b8c4ca9e5d2a7e3c0559c3cdea3d50 md5msg=66b8c4ca9e5d2a7e3c0559c3cdea3d50
os=$(uname)
. ./keys.cfg . ./keys.cfg
check_dependencies_shell () { check_dependencies_shell () {
cmd="which mdmfs" if test "$os" = "FreeBSD"; then
expect="/mdmfs/" cmd="which mdmfs"
check "$cmd" "$expect" "$input" expect="/mdmfs/"
check "$cmd" "$expect" "$input"
fi
} }
check_dependencies_pcp () { check_dependencies_pcp () {
@@ -39,10 +42,16 @@ check_dependencies_pcp () {
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
# this one only works on freebsd for my user. sorrry # this one only works on freebsd for my user. sorry
check_vault_disk_full () { check_vault_disk_full () {
sudo mdmfs -s 1M -w 1001:1001 md env && dd if=/dev/zero of=env/b bs=1024 count=700 if test "$os" = "FreeBSD"; then
cmd="./jot 100 | while read N; do if ! (echo a; echo b) | $pcp -V env/v1 -k -x x; then break; fi; done" sudo mdmfs -s 1M -w 1001:1001 md env && dd if=/dev/zero of=env/b bs=1024 count=700
expect="/Failed to copy/" cmd="./jot 100 | while read N; do if ! (echo a; echo b) | $pcp -V env/v1 -k -x x; then break; fi; done"
check "$cmd" "$expect" "$input" expect="/Failed to copy/"
check "$cmd" "$expect" "$input"
fi
}
prepare() {
:
} }

2
tests/jsonunittests.cfg
View File

@@ -20,7 +20,7 @@
# You can contact me by mail: <tlinden AT cpan DOT org>. # You can contact me by mail: <tlinden AT cpan DOT org>.
# #
pcp=../src/pcp1 pcp=../pcp
passwd=xxx passwd=xxx
verbose=1 verbose=1

2
tests/md5
View File

@@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
file=$1 file=$1
../src/pcp1 -C $file | awk '{print $4}' ../pcp -C $file | awk '{print $4}'

54
tests/meson.build Normal file
View File

@@ -0,0 +1,54 @@
# -*-python-*-
# genheader statictest buffertest sample pipetest decodertest
fs = import('fs')
binaries = [
'gencheader',
'statictest',
'buffertest',
'sample',
'pipetest',
'decodertest',
'mangle',
'invalidkeys',
'pwhashes',
'streamtest',
]
configs = [
'cppunittests.cfg',
'iotests.cfg',
'jsonunittests.cfg',
'keys.cfg',
'pyunittests.cfg',
'stresstests.cfg',
'unittests.cfg',
'md5',
'jot',
'bart.pub',
'key-alicia-pub',
'key-alicia-sec',
'key-bobby-pub',
'key-bobby-sec'
]
foreach binary: binaries
executable(
binary,
binary + '.c',
include_directories: [pcp_inc],
dependencies: [libpcp_dep, pcp_deps],
)
endforeach
foreach config: configs
cp = fs.copyfile(config)
endforeach
unittest = find_program('unittests.sh', '.')
test('C tests', unittest, args : ['unittests.cfg'])
test('IO tests', unittest, args : ['iotests.cfg'])
test('JSON tests', unittest, args : ['jsonunittests.cfg'])

29
tests/pwhashes.c
View File

@@ -1,13 +1,13 @@
#include <unistd.h> #include <limits.h>
#include <sodium.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <sodium.h> #include <unistd.h>
#include <limits.h>
#include "mem.h"
#include "defines.h" #include "defines.h"
#include "keyprint.h"
#include "key.h" #include "key.h"
#include "keyprint.h"
#include "mem.h"
struct _pw_t { struct _pw_t {
char hash[65]; char hash[65];
@@ -24,28 +24,29 @@ int main() {
pw *list = NULL; pw *list = NULL;
pw *have = NULL; pw *have = NULL;
unsigned char nonce[32] = {1}; unsigned char nonce[32] = {1};
PCPCTX *ptx = ptx_new();
if(sodium_init() == -1) return 1; if (sodium_init() == -1)
return 1;
for(i=97; i<126; ++i) { for (i = 97; i < 126; ++i) {
pass[0] = i; pass[0] = i;
pass[1] = 0; pass[1] = 0;
h = pcp_derivekey(pass, nonce); h = pcp_derivekey(ptx, pass, nonce);
p =0; p = 0;
for(t=0; t<32; ++t) { for (t = 0; t < 32; ++t) {
sprintf(&tmp[p], "%02x", h[t]); sprintf(&tmp[p], "%02x", h[t]);
p += 2; p += 2;
} }
have = NULL; have = NULL;
HASH_FIND_STR(list, tmp, have); HASH_FIND_STR(list, tmp, have);
if(have == NULL) { if (have == NULL) {
item = ucmalloc(sizeof(pw)); item = ucmalloc(sizeof(pw));
memcpy(item->hash, tmp, 65); memcpy(item->hash, tmp, 65);
HASH_ADD_STR( list, hash, item ); HASH_ADD_STR(list, hash, item);
} } else {
else {
fprintf(stderr, "Error: collision found: %s!\n", have->hash); fprintf(stderr, "Error: collision found: %s!\n", have->hash);
return 1; return 1;
} }

40
tests/unittests.cfg
View File

@@ -20,7 +20,7 @@
# You can contact me by mail: <tlinden AT cpan DOT org>. # You can contact me by mail: <tlinden AT cpan DOT org>.
# #
pcp=../src/pcp1 pcp=../pcp
vault=v1 vault=v1
passwd=ech9xeiT%CuxuH1ch-is2ies1R passwd=ech9xeiT%CuxuH1ch-is2ies1R
md5msg=66b8c4ca9e5d2a7e3c0559c3cdea3d50 md5msg=66b8c4ca9e5d2a7e3c0559c3cdea3d50
@@ -40,29 +40,29 @@ check_dependencies_pcp () {
} }
check_streams_8 () { check_streams_8 () {
md5=`./md5 ../COPYING` md5=`./md5 ../../COPYING`
cmd="./pipetest 8 e < ../COPYING | ./pipetest 8 d | ./md5" cmd="./pipetest 8 e < ../../COPYING | ./pipetest 8 d | ./md5"
expect="/$md5/" expect="/$md5/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_streams_16 () { check_streams_16 () {
md5=`./md5 ../COPYING` md5=`./md5 ../../COPYING`
cmd="./pipetest 16 e < ../COPYING | ./pipetest 16 d | ./md5" cmd="./pipetest 16 e < ../../COPYING | ./pipetest 16 d | ./md5"
expect="/$md5/" expect="/$md5/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_streams_32 () { check_streams_32 () {
md5=`./md5 ../COPYING` md5=`./md5 ../../COPYING`
cmd="./pipetest 32 e < ../COPYING | ./pipetest 32 d | ./md5" cmd="./pipetest 32 e < ../../COPYING | ./pipetest 32 d | ./md5"
expect="/$md5/" expect="/$md5/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_streams_64 () { check_streams_64 () {
md5=`./md5 ../COPYING` md5=`./md5 ../../COPYING`
cmd="./pipetest 64 e < ../COPYING | ./pipetest 64 d | ./md5" cmd="./pipetest 64 e < ../../COPYING | ./pipetest 64 d | ./md5"
expect="/$md5/" expect="/$md5/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
@@ -284,27 +284,27 @@ check_sym_decrypt () {
# #
# signature tests # signature tests
check_sign_detached_to_bobby () { check_sign_detached_to_bobby () {
cmd="$pcp -V va -g -I README -f testsig -x a" cmd="$pcp -V va -g -I ../../COPYING -f testsig -x a"
expectfile="testsig" expectfile="testsig"
expect="" expect=""
check "$cmd" "$expect" "$input" "$expectfile" check "$cmd" "$expect" "$input" "$expectfile"
} }
check_verify_detached_signature () { check_verify_detached_signature () {
cmd="$pcp -V vb -c -f testsig -I README -i $idalicia" cmd="$pcp -V vb -c -f testsig -I ../../COPYING -i $idalicia"
expect="/verified/" expect="/verified/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_verify_detached_signature_self () { check_verify_detached_signature_self () {
cmd="$pcp -V va -c -f testsig -I README" cmd="$pcp -V va -c -f testsig -I ../../COPYING"
expect="/verified/" expect="/verified/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_sign_armored_to_bobby () { check_sign_armored_to_bobby () {
rm -f testsig rm -f testsig
cmd="$pcp -V va -g -I README -O testsig -x a -z" cmd="$pcp -V va -g -I ../../COPYING -O testsig -x a -z"
expectfile="testsig" expectfile="testsig"
expect="" expect=""
check "$cmd" "$expect" "$input" "$expectfile" check "$cmd" "$expect" "$input" "$expectfile"
@@ -324,7 +324,7 @@ check_verify_armored_signature_self () {
check_sign_bin_to_bobby () { check_sign_bin_to_bobby () {
rm -f testsig rm -f testsig
cmd="$pcp -V va -g -I README -O testsig -x a" cmd="$pcp -V va -g -I ../../COPYING -O testsig -x a"
expectfile="testsig" expectfile="testsig"
expect="" expect=""
check "$cmd" "$expect" "$input" "$expectfile" check "$cmd" "$expect" "$input" "$expectfile"
@@ -345,7 +345,7 @@ check_verify_bin_signature_self () {
# #
# sign+encrypt tests # sign+encrypt tests
check_sign_crypt_to_bobby () { check_sign_crypt_to_bobby () {
cmd="$pcp -V va -g -e -I README -O testsig -r Bobby -x a" cmd="$pcp -V va -g -e -I ../../COPYING -O testsig -r Bobby -x a"
expect="/Encrypted/" expect="/Encrypted/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
@@ -572,26 +572,26 @@ check_fuzz_binary_seckey () {
# checksum tests # checksum tests
check_checksum_copying () { check_checksum_copying () {
cmd="$pcp -C ../COPYING" cmd="$pcp -C ../../COPYING"
expect="/$blake2/" expect="/$blake2/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_checksum_authenticated_copying () { check_checksum_authenticated_copying () {
cmd="$pcp -x $key -C ../COPYING" cmd="$pcp -x $key -C ../../COPYING"
expect="/$blake2auth/" expect="/$blake2auth/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_checksum_copying_stdin () { check_checksum_copying_stdin () {
cmd="$pcp -C < ../COPYING" cmd="$pcp -C < ../../COPYING"
expect="/$blake2/" expect="/$blake2/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }
check_checksum_multiple () { check_checksum_multiple () {
cmd="$pcp -C ../COPYING ../README" cmd="$pcp -C ../../COPYING ../../../COPYING"
expect="/README/" expect="/../../COPYING/"
check "$cmd" "$expect" "$input" check "$cmd" "$expect" "$input"
} }

12
tests/unittests.sh
View File

@@ -106,13 +106,23 @@ callcheck () {
cfg="$1" cfg="$1"
check="$2" check="$2"
pwd=$(pwd)
base=$(basename "$pwd")
if test "$base" != "test"; then
cd tests
fi
echo "PWD: $(pwd)"
if test -z "$cfg"; then if test -z "$cfg"; then
echo "Usage: $0 <config> [check]" echo "Usage: $0 <config> [check]"
exit 1 exit 1
fi fi
if ! test -e "$cfg"; then if ! test -e "$cfg"; then
echo "$cfg doesn't exist!" echo "$cfg doesn't exist ($(pwd))!"
exit 1 exit 1
fi fi