/* This file is part of Pretty Curved Privacy (pcp1). Copyright (C) 2013 T.Linden. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . You can contact me by mail: . */ #include "keymgmt.h" char *pcp_getstdin(const char *prompt) { char line[255]; char *out; fprintf(stderr, "%s: ", prompt); if (fgets(line, 255, stdin) == NULL) { fatal("Cannot read from stdin"); goto errgst; } line[strcspn(line, "\r\n")] = '\0'; if ((out = strdup(line)) == NULL) { fatal("Cannot allocate memory"); goto errgst; } return out; errgst: return NULL; } int pcp_storekey (pcp_key_t *key) { if(vault->isnew == 1 || HASH_COUNT(pcpkey_hash) == 0) { key->type = PCP_KEY_TYPE_MAINSECRET; } if(pcpvault_addkey(vault, key, key->type) == 0) { if(vault->isnew) fprintf(stderr, "new vault created, "); fprintf(stderr, "key 0x%s added to %s.\n", key->id, vault->filename); return 0; } return 1; } void pcp_keygen(char *passwd) { pcp_key_t *k = pcpkey_new (); pcp_key_t *key = NULL; char *owner = pcp_getstdin("Enter the name of the key owner"); memcpy(k->owner, owner, strlen(owner) + 1); char *mail = pcp_getstdin("Enter the email address of the key owner"); memcpy(k->mail, _lc(mail), strlen(mail) + 1); if(debug) pcp_dumpkey(k); char *passphrase; if(passwd == NULL) { pcp_readpass(&passphrase, "Enter passphrase for key encryption", "Enter the passphrase again", 1); } else { passphrase = ucmalloc(strlen(passwd)+1); strncpy(passphrase, passwd, strlen(passwd)+1); } if(strnlen(passphrase, 1024) > 0) key = pcpkey_encrypt(k, passphrase); else { char *yes = pcp_getstdin("WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?"); if(strncmp(yes, "yes", 1024) == 0) key = k; else { memset(key, 0, sizeof(pcp_key_t)); free(key); goto errkg1; } } if(key != NULL) { fprintf(stderr, "Generated new secret key:\n"); if(pcp_storekey(key) == 0) { pcpkey_printshortinfo(key); memset(key, 0, sizeof(pcp_key_t)); free(key); } } errkg1: free(mail); free(owner); } void pcp_listkeys() { pcp_key_t *k; int nkeys = HASH_COUNT(pcpkey_hash) + HASH_COUNT(pcppubkey_hash); if(nkeys > 0) { printf("Key ID Type Creation Time Owner\n"); pcphash_iterate(k) { pcpkey_printlineinfo(k); } pcp_pubkey_t *p; pcphash_iteratepub(p) { pcppubkey_printlineinfo(p); } } else { fatal("The key vault file %s doesn't contain any keys so far.\n", vault->filename); } } char *pcp_normalize_id(char *keyid) { char *id = ucmalloc(17); int len = strnlen(keyid, 24); if(len == 16) { memcpy(id, keyid, 17); } else if(len < 16) { fatal("Specified key id %s is too short!\n", keyid); free(id); return NULL; } else if(len > 18) { fatal("Specified key id %s is too long!\n", keyid); free(id); return NULL; } else { if(keyid[0] == '0' && keyid[1] == 'x' && len == 18) { int i; for(i=0; i<16; ++i) { id[i] = keyid[i+2]; } id[16] = 0; } else { fatal("Specified key id %s is too long!\n", keyid); free(id); return NULL; } } return id; } pcp_key_t *pcp_find_primary_secret() { pcp_key_t *key = NULL; pcp_key_t *k; pcphash_iterate(k) { if(k->type == PCP_KEY_TYPE_MAINSECRET) { key = ucmalloc(sizeof(pcp_key_t)); memcpy(key, k, sizeof(pcp_key_t)); return key; } } /* no primary? whoops */ int nkeys = HASH_COUNT(pcpkey_hash); if(nkeys == 1) { pcphash_iterate(k) { key = ucmalloc(sizeof(pcp_key_t)); memcpy(key, k, sizeof(pcp_key_t)); return key; } } return NULL; } void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *passwd) { pcp_key_t *key = NULL; if(useid == 1) { /* look if we've got that one */ HASH_FIND_STR(pcpkey_hash, keyid, key); if(key == NULL) { fatal("Could not find a secret key with id 0x%s in vault %s!\n", keyid, vault->filename); goto errexpse1; } } else { /* look for our primary key */ key = pcp_find_primary_secret(); if(key == NULL) { fatal("There's no primary secret key in the vault %s!\n", vault->filename); goto errexpse1; } } FILE *out; if(outfile == NULL) { out = stdout; } else { if((out = fopen(outfile, "wb+")) == NULL) { fatal("Could not create output file %s", outfile); goto errexpse1; } } if(out != NULL) { if(debug) pcp_dumpkey(key); if(key->secret[0] == 0) { /* decrypt the secret key */ if(passwd == NULL) { char *passphrase; pcp_readpass(&passphrase, "Enter passphrase to decrypt your secret key", NULL, 1); key = pcpkey_decrypt(key, passphrase); if(key == NULL) { memset(passphrase, 0, strlen(passphrase)); free(passphrase); goto errexpse1; } memset(passphrase, 0, strlen(passphrase)); free(passphrase); } else { key = pcpkey_decrypt(key, passwd); if(key == NULL) { goto errexpse1; } } } Buffer *exported_sk; if(passwd != NULL) { exported_sk = pcp_export_secret(key, passwd); } else { char *passphrase; pcp_readpass(&passphrase, "Enter passphrase to encrypt the exported secret key", "Repeat passphrase", 1); exported_sk = pcp_export_secret(key, passphrase); memset(passphrase, 0, strlen(passphrase)); free(passphrase); } if(exported_sk != NULL) { if(armor == 1) { size_t zlen; char *z85 = pcp_z85_encode(buffer_get(exported_sk), buffer_size(exported_sk), &zlen); fprintf(out, "%s\r\n%s\r\n%s\r\n", EXP_SK_HEADER, z85, EXP_SK_FOOTER); free(z85); } else { fwrite(buffer_get(exported_sk), 1, buffer_size(exported_sk), out); } buffer_free(exported_sk); fprintf(stderr, "secret key exported.\n"); } } errexpse1: ; } /* if id given, look if it is already a public and export this, else we look for a secret key with that id. without a given keyid we use the primary key. if no keyid has been given but a recipient instead, we try to look up the vault for a match. */ void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int armor) { FILE *out; int is_foreign = 0; pcp_pubkey_t *pk = NULL; pcp_key_t *sk = NULL; Buffer *exported_pk = NULL; if(outfile == NULL) { out = stdout; } else { if((out = fopen(outfile, "wb+")) == NULL) { fatal("Could not create output file %s", outfile); goto errpcpexpu1; } } if(keyid != NULL) { /* keyid specified, check if it exists and if yes, what type it is */ HASH_FIND_STR(pcppubkey_hash, keyid, pk); if(pk == NULL) { /* ok, so, then look for a secret key with that id */ HASH_FIND_STR(pcpkey_hash, keyid, sk); if(sk == NULL) { fatal("Could not find a key with id 0x%s in vault %s!\n", keyid, vault->filename); goto errpcpexpu1; } else { /* ok, so it's our own key */ is_foreign = 0; } } else { /* it's a foreign public key, we cannot sign it ourselfes */ is_foreign = 1; } } else { /* we use our primary key anyway */ sk = pcp_find_primary_secret(); if(sk == NULL) { fatal("There's no primary secret key in the vault %s!\n", vault->filename); goto errpcpexpu1; } is_foreign = 0; } if(is_foreign == 0 && sk->secret[0] == 0 && format <= EXP_FORMAT_PBP) { /* decrypt the secret key */ if(passwd != NULL) { sk = pcpkey_decrypt(sk, passwd); } else { char *passphrase; pcp_readpass(&passphrase, "Enter passphrase to decrypt your secret key", NULL, 1); sk = pcpkey_decrypt(sk, passphrase); memset(passphrase, 0, strlen(passphrase)); free(passphrase); } if(sk == NULL) { goto errpcpexpu1; } } /* now, we're ready for the actual export */ if(format == EXP_FORMAT_NATIVE) { if(is_foreign == 0) { exported_pk = pcp_export_rfc_pub(sk); if(exported_pk != NULL) { if(armor == 1) { size_t zlen; char *z85 = pcp_z85_encode(buffer_get(exported_pk), buffer_size(exported_pk), &zlen); fprintf(out, "%s\r\n%s\r\n%s\r\n", EXP_PK_HEADER, z85, EXP_PK_FOOTER); free(z85); } else fwrite(buffer_get(exported_pk), 1, buffer_size(exported_pk), out); buffer_free(exported_pk); fprintf(stderr, "public key exported.\n"); } } else { /* FIXME: export foreign keys unsupported yet */ fatal("Exporting foreign public keys in native format unsupported yet"); goto errpcpexpu1; } } else if(format == EXP_FORMAT_PBP) { if(is_foreign == 0) { exported_pk = pcp_export_pbp_pub(sk); if(exported_pk != NULL) { /* PBP format requires armoring always */ size_t zlen; char *z85pbp = pcp_z85_encode(buffer_get(exported_pk), buffer_size(exported_pk), &zlen); fprintf(out, "%s", z85pbp); free(z85pbp); buffer_free(exported_pk); fprintf(stderr, "public key exported in PBP format.\n"); } } else { fatal("Exporting foreign public keys in PBP format not possible"); goto errpcpexpu1; } } else if(format == EXP_FORMAT_YAML) { exported_pk = pcp_export_yaml_pub(sk); if(exported_pk != NULL) { fprintf(out, "%s", buffer_get_str(exported_pk)); } } else if(format == EXP_FORMAT_PERL) { exported_pk = pcp_export_perl_pub(sk); if(exported_pk != NULL) { fprintf(out, "%s", buffer_get_str(exported_pk)); } } else if(format == EXP_FORMAT_C) { exported_pk = pcp_export_c_pub(sk); if(exported_pk != NULL) { fprintf(out, "%s", buffer_get_str(exported_pk)); } } errpcpexpu1: ; } int pcp_importsecret (vault_t *vault, FILE *in, char *passwd) { byte *buf = ucmalloc(2048); size_t buflen = fread(buf, 1, 2048, in); pcp_key_t *sk = NULL; if(buflen > 0) { /* decrypt the input */ if(passwd != NULL) { sk = pcp_import_secret(buf, buflen, passwd); } else { char *passphrase; pcp_readpass(&passphrase, "Enter passphrase to decrypt the secret key file", NULL, 1); sk = pcp_import_secret(buf, buflen, passphrase); memset(passphrase, 0, strlen(passphrase)); free(passphrase); } if(sk == NULL) { goto errpcsexpu1; } if(debug) pcp_dumpkey(sk); pcp_key_t *maybe = pcphash_keyexists(sk->id); if(maybe != NULL) { fatal("Secretkey sanity check: there already exists a key with the id 0x%s\n", sk->id); goto errpcsexpu1; } /* store it */ if(passwd != NULL) { sk = pcpkey_encrypt(sk, passwd); } else { char *passphrase; pcp_readpass(&passphrase, "Enter passphrase for key encryption", "Enter the passphrase again", 1); if(strnlen(passphrase, 1024) > 0) { /* encrypt the key */ sk = pcpkey_encrypt(sk, passphrase); } else { /* ask for confirmation if we shall store it in the clear */ char *yes = pcp_getstdin( "WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?"); if(strncmp(yes, "yes", 1024) != 0) { memset(sk, 0, sizeof(pcp_key_t)); free(sk); memset(passphrase, 0, strlen(passphrase)); goto errpcsexpu1; } } } if(sk != NULL) { /* store it to the vault if we got it til here */ if(pcp_sanitycheck_key(sk) == 0) { if(pcp_storekey(sk) == 0) { pcpkey_printshortinfo(sk); memset(sk, 0, sizeof(pcp_key_t)); free(sk); return 0; } } } } else { fatal("Input file is empty!\n"); goto errpcsexpu1; } errpcsexpu1: ucfree(buf, 2048); return 1; } int pcp_importpublic (vault_t *vault, FILE *in) { byte *buf = ucmalloc(2048); size_t buflen = fread(buf, 1, 2048, in); pcp_keysig_t *sk = NULL; pcp_pubkey_t *pub = NULL; if(buflen > 0) { pcp_ks_bundle_t *bundle = pcp_import_pub(buf, buflen); if(bundle == NULL) goto errip1; pcp_keysig_t *sk = bundle->s; if(bundle != NULL) { pcp_pubkey_t *pub = bundle->p; if(debug) pcp_dumppubkey(pub); if(sk == NULL) { fatals_ifany(); char *yes = pcp_getstdin("WARNING: signature doesn't verify, import anyway [yes|NO]?"); if(strncmp(yes, "yes", 1024) != 0) { free(yes); goto errip1; } free(yes); } if(pcp_sanitycheck_pub(pub) == 0) { if(pcpvault_addkey(vault, (void *)pub, PCP_KEY_TYPE_PUBLIC) == 0) { fprintf(stderr, "key 0x%s added to %s.\n", pub->id, vault->filename); } else goto errip2; if(sk != NULL) { if(pcpvault_addkey(vault, sk, sk->type) != 0) goto errip2; } } else goto errip2; } } else { fatal("Input file is empty!\n"); goto errip1; } errip2: ucfree(pub, sizeof(pcp_pubkey_t)); errip1: if(sk != NULL) { ucfree(sk->blob, sk->size); ucfree(sk, sizeof(pcp_keysig_t)); } ucfree(buf, 2048); return 1; } void pcpdelete_key(char *keyid) { pcp_pubkey_t *p = pcphash_pubkeyexists(keyid); if(p != NULL) { /* delete public */ HASH_DEL(pcppubkey_hash, p); free(p); vault->unsafed = 1; fprintf(stderr, "Public key deleted.\n"); } else { pcp_key_t *s = pcphash_keyexists(keyid); if(s != NULL) { /* delete secret */ HASH_DEL(pcpkey_hash, s); free(s); vault->unsafed = 1; fprintf(stderr, "Secret key deleted.\n"); } else { fatal("No key with id 0x%s found!\n", keyid); } } } void pcpedit_key(char *keyid) { pcp_key_t *key = pcphash_keyexists(keyid); if(key != NULL) { if(key->secret[0] == 0) { char *passphrase; pcp_readpass(&passphrase, "Enter passphrase to decrypt the key", NULL, 1); key = pcpkey_decrypt(key, passphrase); } if(key != NULL) { char *owner = pcp_getstdin("Enter the name of the key owner"); memcpy(key->owner, owner, strlen(owner) + 1); char *mail = pcp_getstdin("Enter the email address of the key owner"); memcpy(key->mail, mail, strlen(mail) + 1); char *passphrase; pcp_readpass(&passphrase, "Enter passphrase for key encryption", NULL, 1); key = pcpkey_encrypt(key, passphrase); if(key != NULL) { if(debug) pcp_dumpkey(key); vault->unsafed = 1; /* will be safed automatically */ fprintf(stderr, "Key key changed.\n"); } } } else { fatal("No key with id 0x%s found!\n", keyid); } } char *pcp_find_id_byrec(char *recipient) { pcp_pubkey_t *p; char *id = NULL; _lc(recipient); pcphash_iteratepub(p) { if(strncmp(p->owner, recipient, 255) == 0) { id = ucmalloc(17); strncpy(id, p->id, 17); break; } if(strncmp(p->mail, recipient, 255) == 0) { id = ucmalloc(17); strncpy(id, p->id, 17); break; } } return id; }