Etusivu Tutki
Kirjaudu sisään
clementinecomputing
/
popufare
1
0
Fork 0
Tiedostot Ongelmat 12 Pull-pyynnöt 0 Wiki
Selaa lähdekoodia

proper encoding/decoding of fareqr strings for standalone fareqr program

clementinecomputing 4 vuotta sitten
vanhempi
ea9e6841af
commit
59306dc863
2 muutettua tiedostoa jossa 39 lisäystä ja 83 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 2 2
      busunit/passdb/buildit.sh
  2. 37 81
      busunit/passdb/fareqr.c

+ 2 - 2
busunit/passdb/buildit.sh
Näytä tiedosto 

@@ -1,12 +1,12 @@
 
 #!/bin/sh
 
 
-tinyscheme_opts="-fpic  -I. -c -g -Wno-char-subscripts -O -DUSE_STRLWR=1 -DSTANDALONE=0 -DUSE_DL=0 -DUSE_MATH=0 -DUSE_ASCII_NAMES=0 -DUSE_ERROR_HOOK=1 -DUSE_TRACING=1"
 
+tinyscheme_opts="-fpic  -I. -c -g -Wno-char-subscripts -O -DUSE_STRLWR=1 -DSTANDALONE=0 -DUSE_DL=0 -DUSE_MATH=0 -DUSE_ASCII_NAMES=0 -DUSE_ERROR_HOOK=1 -DUSE_TRACING=1 "
 
 
 rm -f passdb scheme.o
 
 
 #$target_cc $tinyscheme_opts tinyscheme1.39/scheme.c
 
 $target_cc $tinyscheme_opts tinyscheme/scheme.c
 
-$target_cc $target_ccopts -g -o passdb passdb.c rfid_decoder.c pass_communication.c rules.c fareqr.c b64.c ../common/common_defs.c ../common/gpsmath.c ../commhub/commhub.c ../commhub/client_utils.c scheme.o -lm -lz
 
+$target_cc $target_ccopts -g -o passdb passdb.c rfid_decoder.c pass_communication.c rules.c fareqr.c b64.c ../common/common_defs.c ../common/gpsmath.c ../commhub/commhub.c ../commhub/client_utils.c scheme.o -lm -lz -lssl -lcrypto
 
 
 rm -f send_magstripe
 
 $target_cc $target_ccopts -o send_magstripe send_magstripe.c ../commhub/commhub.c ../common/common_defs.c

+ 37 - 81
busunit/passdb/fareqr.c
Näytä tiedosto 

@@ -120,11 +120,11 @@ static int decode_b64(unsigned char *decrypt_text,
 
   int i=0, _ret = 0, r=0;
 
   unsigned char *enc_b = NULL, salt[8];
 
   unsigned char *key = NULL, *iv = NULL, *ciphertext_b = NULL;
 
-  size_t b64_sz=0, enc_len=0, enc_size=0, ciphertext_len;
 
+  size_t enc_len=0, enc_size=0, ciphertext_len;
 
 
   if ((!decrypt_text) || (!pass_key) || (!enc_b64)) { return -9; }
 
 
-  enc_size = Base64decode_len(enc_b64);
 
+  enc_size = Base64decode_len((char *)enc_b64);
 
   if (enc_size < 1) {
 
     _ret=-1;
 
     goto _decode_b64_cleanup;
 
@@ -135,7 +135,7 @@ static int decode_b64(unsigned char *decrypt_text,
 
     _ret=-2;
 
     goto _decode_b64_cleanup;
 
   }
 
-  Base64decode(enc_b, enc_b64);
 
+  Base64decode((char *)enc_b, (char *)enc_b64);
 
   enc_len = enc_size-1;
 
 
   // Check exmpanded string is well formed (has "Salted__" prefix, etc.)
 
@@ -145,7 +145,7 @@ static int decode_b64(unsigned char *decrypt_text,
 
     _ret = -3;
 
     goto _decode_b64_cleanup;
 
   }
 
-  if (strncmp(enc_b, "Salted__", 8)!=0) {
 
+  if (strncmp((char *)enc_b, "Salted__", 8)!=0) {
 
     _ret = -4;
 
     goto _decode_b64_cleanup;
 
   }
 
@@ -160,7 +160,7 @@ static int decode_b64(unsigned char *decrypt_text,
 
   //
 
   iv  = (unsigned char *)calloc(256, sizeof(char));
 
   key = (unsigned char *)calloc(256, sizeof(char));
 
-  r = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), salt, pass_key, strlen(pass_key), 1, key, iv);
 
+  r = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), salt, pass_key, strlen((const char *)pass_key), 1, key, iv);
 
   if (!r) {
 
     _ret = -5;
 
     goto _decode_b64_cleanup;
 
@@ -190,8 +190,8 @@ static int encode_b64(unsigned char *enc_b64,
 
                       unsigned char *msg) {
 
   int i=0, _ret = 0, r=0;
 
   unsigned char *enc_b = NULL;
 
-  unsigned char *key = NULL, *iv = NULL, *ciphertext_b = NULL;
 
-  size_t b64_sz=0, enc_len=0, enc_size=0, ciphertext_len;
 
+  unsigned char *key = NULL, *iv = NULL;
 
+  size_t b64_sz=0, enc_len=0;
 
 
   unsigned char salt[8];
 
   char _pfx[] = "Salted__";
 
@@ -202,7 +202,7 @@ static int encode_b64(unsigned char *enc_b64,
 
 
   iv  = (unsigned char *)calloc(256, sizeof(char));
 
   key = (unsigned char *)calloc(256, sizeof(char));
 
-  r = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), salt, pass_key, strlen(pass_key), 1, key, iv);
 
+  r = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), salt, pass_key, strlen((char *)pass_key), 1, key, iv);
 
   if (!r) {
 
     _ret = -5;
 
     goto _encode_b64_cleanup;
 
@@ -219,7 +219,7 @@ static int encode_b64(unsigned char *enc_b64,
 
     enc_b[i+8] = salt[i];
 
   }
 
 
-  enc_len = aes_encrypt(msg, strlen(msg), key, iv, enc_b+16);
 
+  enc_len = aes_encrypt(msg, strlen((char *)msg), key, iv, enc_b+16);
 
   if (enc_len<=0) {
 
     _ret = -6;
 
     goto _encode_b64_cleanup;
 
@@ -227,7 +227,7 @@ static int encode_b64(unsigned char *enc_b64,
 
   enc_len += 16;
 
 
   b64_sz = Base64encode_len(enc_len);
 
-  Base64encode(enc_b64, enc_b, enc_len);
 
+  Base64encode((char *)enc_b64, (char *)enc_b, enc_len);
 
   _ret = b64_sz;
 
 
 _encode_b64_cleanup:
 
@@ -281,7 +281,7 @@ int fareqr_lookup_decode(char *seedfn, char *fareqr_s, char *dst_cred) {
 
   if (r<0) { _ret = r; }
 
   else {
 
     //r = fareqr_decode(fareqr_s, pub_key, priv_key, dst_cred);
 
-    r = decode_b64(dst_cred, priv_key, enc_str);
 
+    r = decode_b64((unsigned char *)dst_cred, (unsigned char *)priv_key, (unsigned char *)enc_str);
 
     if (r<0) { _ret = r; }
 
   }
 
 
@@ -294,59 +294,41 @@ int fareqr_lookup_decode(char *seedfn, char *fareqr_s, char *dst_cred) {
 
   return _ret;
 
 }
 
 
-// depreicated (doing away with one-time pads in favor of AES above)
 
-//
 
 int fareqr_encode(char *tok_public, char *tok_secret, char *tok_cred, char *fareqr_str) {
 
-  int i, r;
 
-  uint8_t x,y,z;
 
-  uint8_t *src_data = NULL, *dst_data = NULL;
 
-  int src_data_n = 0;
 
-  //int dst_data_n = 0;
 
+  int r=0, _ret=0;
 
+  uint8_t *dst_data = NULL;
 
 
-  src_data = (uint8_t *)malloc(sizeof(uint8_t)*LINE_BUFFER_SIZE);
 
-  dst_data = (uint8_t *)malloc(sizeof(uint8_t)*LINE_BUFFER_SIZE);
 
+  if ((!tok_public) || (!tok_secret) || (!tok_cred) || (!fareqr_str)) { return -9; }
 
 
-  for (i=0; tok_cred[i]; i++) {
 
-    x = (uint8_t)tok_secret[i];
 
-    y = (uint8_t)tok_cred[i];
 
-    z = x^y;
 
-    src_data[i] = z;
 
-    src_data_n++;
 
-  }
 
+  dst_data = (uint8_t *)malloc(sizeof(uint8_t)*LINE_BUFFER_SIZE);
 
 
-  for (i=0; i<src_data_n; i++) {
 
-    x = (uint8_t)tok_secret[i];
 
-  }
 
-
 
-  //dst_data_n = Base64encode_len(src_data_n);
 
-
 
-  r = Base64encode((char *)dst_data, (const char *)src_data, src_data_n);
 
-  if (r<=0) {
 
-    free(src_data);
 
-    free(dst_data);
 
-    return -1;
 
+  r = encode_b64(dst_data, (unsigned char *)tok_secret, (unsigned char *)tok_cred);
 
+  if (r < 0) {
 
+    _ret = -1;
 
+    goto _fareqr_encode_cleanup;
 
   }
 
 
   if (fareqr_str) {
 
     snprintf(fareqr_str, LINE_BUFFER_SIZE-1, "@%s%%%s$", tok_public, dst_data);
 
   }
 
 
-  free(src_data);
 
-  free(dst_data);
 
+_fareqr_encode_cleanup:
 
 
-  return 0;
 
+  if (dst_data) { free(dst_data); }
 
+  return _ret;
 
 }
 
 
 
 // depreicated (doing away with one-time pads in favor of AES above)
 
 //
 
 int fareqr_decode(char *fareqr_s, char *check_pub, char *tok_secret, char *dst_cred) {
 
-  int i, n, _ret=0;
 
+  int n=0, r=0, _ret=0;
 
   char *p, *stop_tok;
 
   int pub_tok_read_len = 0, check_pub_len = 0;
 
 
-  char *enc_str = NULL, *dec_str = NULL, *plain_str=NULL;
 
-  uint8_t x,y,z;
 
+  char *enc_str = NULL;
 
+
 
+  if ((!fareqr_s) || (!dst_cred)) { return -9; }
 
 
   if (fareqr_s[0] != '@') { return -1; }
 
   stop_tok = strchr(fareqr_s, '%');
 
@@ -363,40 +345,20 @@ int fareqr_decode(char *fareqr_s, char *check_pub, char *tok_secret, char *dst_c
 
   }
 
 
   enc_str = (char *)malloc(sizeof(char)*LINE_BUFFER_SIZE);
 
-  dec_str = (char *)malloc(sizeof(char)*LINE_BUFFER_SIZE);
 
-  plain_str = (char *)malloc(sizeof(char)*LINE_BUFFER_SIZE);
 
   for (n=0, p = (stop_tok+1); (*p) && ((*p) != '$'); p++, n++) {
 
     enc_str[n] = *p;
 
   }
 
   enc_str[n] = '\0';
 
-  Base64decode(dec_str, enc_str);
 
 
-  for (i=0; dec_str[i]; i++) {
 
-    if (tok_secret[i]==0) {
 
-      _ret = -5;
 
-      goto _fareqr_decode_cleanup;
 
-    }
 
-    x = (uint8_t)dec_str[i];
 
-    y = (uint8_t)tok_secret[i];
 
-    z = (x^y);
 
-    plain_str[i] = (char)z;
 
-  }
 
-  plain_str[i]='\0';
 
-
 
-
 
-  if (dst_cred) {
 
-    for (i=0; plain_str[i]; i++) {
 
-      dst_cred[i] = plain_str[i];
 
-    }
 
-    dst_cred[i] = '\0';
 
+  r = decode_b64((unsigned char *)dst_cred, (unsigned char *)tok_secret, (unsigned char *)enc_str);
 
+  if (r < 0) {
 
+    _ret = -1;
 
+    goto _fareqr_decode_cleanup;
 
   }
 
 
 _fareqr_decode_cleanup:
 
 
   if (enc_str) { free(enc_str); }
 
-  if (dec_str) { free(dec_str); }
 
-  if (plain_str) { free(plain_str); }
 
-
 
   return _ret;
 
 }
 
 
@@ -495,23 +457,21 @@ void show_help(FILE *ofp) {
 
   fprintf(ofp, "\n");
 
   fprintf(ofp, "A fareqr string is of the form:\n");
 
   fprintf(ofp, "\n");
 
-  fprintf(ofp, "  @<pubkey>%%<b64(xor(privkey,credential))>$\n");
 
+  fprintf(ofp, "  @<pubkey>%%<aes(privkey,credential)>$\n");
 
   fprintf(ofp, "\n");
 
-  fprintf(ofp, "Where `<b64(xor(privkey,credential))>` is the base64 encoded XOR of the private key\n");
 
-  fprintf(ofp, "and the credential to be presented. The reasoning behind the XOR is to not allow a\n");
 
-  fprintf(ofp, "snooper to get credential information if exposed to the string and the base64\n");
 
-  fprintf(ofp, "encoding is to make it easily transportable.\n");
 
+  fprintf(ofp, "Where `<aes(privkey,credential)>` is the base64 encoded AES encrypted string\n");
 
+  fprintf(ofp, "of the credential, encrypted with the privkey.\n");
 
   fprintf(ofp, "\n");
 
   fprintf(ofp, "The <qrseedfile> is a text file of <pubkey> <privkey> pairs.\n");
 
   fprintf(ofp, "\n");
 
   fprintf(ofp, "Here is some example usage:\n");
 
   fprintf(ofp, "\n");
 
   fprintf(ofp, "  $ fareqr encode 'wu9XouSh' 'ohNgizahkephain3aosoh2AeH1aethoo4cie6oiSaezimaighai2eiVaefahfien' ';123456789060535?'\n");
 
-  fprintf(ofp, "  @wu9XouSh%%VFl8VF1PV19TXEBeUVxdBl4=\n");
 
-  fprintf(ofp, "  $ fareqr decode 'ohNgizahkephain3aosoh2AeH1aethoo4cie6oiSaezimaighai2eiVaefahfien' '@wu9XouSh%%VFl8VF1PV19TXEBeUVxdBl4=$'\n");
 
+  fprintf(ofp, "  @wu9XouSh%%U2FsdGVkX19nxmlzUf9K7GAgplhbmU4tcFYYa/Xz6oq0XrxSYTbBOA2yffAi7A0z$\n");
 
+  fprintf(ofp, "  $ fareqr decode 'ohNgizahkephain3aosoh2AeH1aethoo4cie6oiSaezimaighai2eiVaefahfien' '@wu9XouSh%%U2FsdGVkX19nxmlzUf9K7GAgplhbmU4tcFYYa/Xz6oq0XrxSYTbBOA2yffAi7A0z$'\n");
 
   fprintf(ofp, "  ;123456789060535?\n");
 
   fprintf(ofp, "  $ echo 'wu9XouSh ohNgizahkephain3aosoh2AeH1aethoo4cie6oiSaezimaighai2eiVaefahfien' > ./qr.seed\n");
 
-  fprintf(ofp, "  $ fareqr dbdecode ./qr.seed '@wu9XouSh%%VFl8VF1PV19TXEBeUVxdBl4=$'\n");
 
+  fprintf(ofp, "  $ fareqr dbdecode ./qr.seed '@wu9XouSh%%U2FsdGVkX19nxmlzUf9K7GAgplhbmU4tcFYYa/Xz6oq0XrxSYTbBOA2yffAi7A0z$'\n");
 
   fprintf(ofp, "  ;123456789060535?\n");
 
   fprintf(ofp, "\n");
 
   fprintf(ofp, "Where 'wu9XouSh' is the public key, 'ohNgizahkephain3aosoh2AeH1aethoo4cie6oiSaezimaighai2eiVaefahfien' is the private key and\n");
 
@@ -611,7 +571,7 @@ int main(int argc, char **argv) {
 
     tok_cred[0] = '0';
 
     r = fareqr_lookup_decode(fn, fareqr_str, tok_cred);
 
     if (r<0) {
 
-      fprintf(stderr, "could not decode '%s' with db '%s', exiting (got %i)\n",
 
+      fprintf(stderr, "could not decode '%s' with db file '%s', exiting (got %i)\n",
 
           fareqr_str, fn, r);
 
     }
 
     else {
 
@@ -630,7 +590,6 @@ int main(int argc, char **argv) {
 
       }
 
     }
 
 
-
 
     tok_cred = (unsigned char *)calloc(LINE_BUFFER_SIZE, sizeof(char));
 
     r = decode_b64(tok_cred, tok_secret, fareqr_str);
 
     if (r<0) {
 
@@ -652,9 +611,6 @@ int main(int argc, char **argv) {
 
       }
 
     }
 
 
-    printf(">>> '%s' '%s'\n", tok_secret, tok_cred);
 
-
 
-
 
     fareqr_str = (unsigned char *)calloc(2*LINE_BUFFER_SIZE, sizeof(char));
 
     r = encode_b64(fareqr_str, tok_secret, tok_cred);
 
     if (r<0) {