|
|
@@ -120,11 +120,11 @@ static int decode_b64(unsigned char *decrypt_text,
|
|
|
int i=0, _ret = 0, r=0;
|
|
|
unsigned char *enc_b = NULL, salt[8];
|
|
|
unsigned char *key = NULL, *iv = NULL, *ciphertext_b = NULL;
|
|
|
- size_t b64_sz=0, enc_len=0, enc_size=0, ciphertext_len;
|
|
|
+ size_t enc_len=0, enc_size=0, ciphertext_len;
|
|
|
|
|
|
if ((!decrypt_text) || (!pass_key) || (!enc_b64)) { return -9; }
|
|
|
|
|
|
- enc_size = Base64decode_len(enc_b64);
|
|
|
+ enc_size = Base64decode_len((char *)enc_b64);
|
|
|
if (enc_size < 1) {
|
|
|
_ret=-1;
|
|
|
goto _decode_b64_cleanup;
|
|
|
@@ -135,7 +135,7 @@ static int decode_b64(unsigned char *decrypt_text,
|
|
|
_ret=-2;
|
|
|
goto _decode_b64_cleanup;
|
|
|
}
|
|
|
- Base64decode(enc_b, enc_b64);
|
|
|
+ Base64decode((char *)enc_b, (char *)enc_b64);
|
|
|
enc_len = enc_size-1;
|
|
|
|
|
|
// Check exmpanded string is well formed (has "Salted__" prefix, etc.)
|
|
|
@@ -145,7 +145,7 @@ static int decode_b64(unsigned char *decrypt_text,
|
|
|
_ret = -3;
|
|
|
goto _decode_b64_cleanup;
|
|
|
}
|
|
|
- if (strncmp(enc_b, "Salted__", 8)!=0) {
|
|
|
+ if (strncmp((char *)enc_b, "Salted__", 8)!=0) {
|
|
|
_ret = -4;
|
|
|
goto _decode_b64_cleanup;
|
|
|
}
|
|
|
@@ -160,7 +160,7 @@ static int decode_b64(unsigned char *decrypt_text,
|
|
|
//
|
|
|
iv = (unsigned char *)calloc(256, sizeof(char));
|
|
|
key = (unsigned char *)calloc(256, sizeof(char));
|
|
|
- r = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), salt, pass_key, strlen(pass_key), 1, key, iv);
|
|
|
+ r = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), salt, pass_key, strlen((const char *)pass_key), 1, key, iv);
|
|
|
if (!r) {
|
|
|
_ret = -5;
|
|
|
goto _decode_b64_cleanup;
|
|
|
@@ -190,8 +190,8 @@ static int encode_b64(unsigned char *enc_b64,
|
|
|
unsigned char *msg) {
|
|
|
int i=0, _ret = 0, r=0;
|
|
|
unsigned char *enc_b = NULL;
|
|
|
- unsigned char *key = NULL, *iv = NULL, *ciphertext_b = NULL;
|
|
|
- size_t b64_sz=0, enc_len=0, enc_size=0, ciphertext_len;
|
|
|
+ unsigned char *key = NULL, *iv = NULL;
|
|
|
+ size_t b64_sz=0, enc_len=0;
|
|
|
|
|
|
unsigned char salt[8];
|
|
|
char _pfx[] = "Salted__";
|
|
|
@@ -202,7 +202,7 @@ static int encode_b64(unsigned char *enc_b64,
|
|
|
|
|
|
iv = (unsigned char *)calloc(256, sizeof(char));
|
|
|
key = (unsigned char *)calloc(256, sizeof(char));
|
|
|
- r = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), salt, pass_key, strlen(pass_key), 1, key, iv);
|
|
|
+ r = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), salt, pass_key, strlen((char *)pass_key), 1, key, iv);
|
|
|
if (!r) {
|
|
|
_ret = -5;
|
|
|
goto _encode_b64_cleanup;
|
|
|
@@ -219,7 +219,7 @@ static int encode_b64(unsigned char *enc_b64,
|
|
|
enc_b[i+8] = salt[i];
|
|
|
}
|
|
|
|
|
|
- enc_len = aes_encrypt(msg, strlen(msg), key, iv, enc_b+16);
|
|
|
+ enc_len = aes_encrypt(msg, strlen((char *)msg), key, iv, enc_b+16);
|
|
|
if (enc_len<=0) {
|
|
|
_ret = -6;
|
|
|
goto _encode_b64_cleanup;
|
|
|
@@ -227,7 +227,7 @@ static int encode_b64(unsigned char *enc_b64,
|
|
|
enc_len += 16;
|
|
|
|
|
|
b64_sz = Base64encode_len(enc_len);
|
|
|
- Base64encode(enc_b64, enc_b, enc_len);
|
|
|
+ Base64encode((char *)enc_b64, (char *)enc_b, enc_len);
|
|
|
_ret = b64_sz;
|
|
|
|
|
|
_encode_b64_cleanup:
|
|
|
@@ -281,7 +281,7 @@ int fareqr_lookup_decode(char *seedfn, char *fareqr_s, char *dst_cred) {
|
|
|
if (r<0) { _ret = r; }
|
|
|
else {
|
|
|
//r = fareqr_decode(fareqr_s, pub_key, priv_key, dst_cred);
|
|
|
- r = decode_b64(dst_cred, priv_key, enc_str);
|
|
|
+ r = decode_b64((unsigned char *)dst_cred, (unsigned char *)priv_key, (unsigned char *)enc_str);
|
|
|
if (r<0) { _ret = r; }
|
|
|
}
|
|
|
|
|
|
@@ -294,59 +294,41 @@ int fareqr_lookup_decode(char *seedfn, char *fareqr_s, char *dst_cred) {
|
|
|
return _ret;
|
|
|
}
|
|
|
|
|
|
-// depreicated (doing away with one-time pads in favor of AES above)
|
|
|
-//
|
|
|
int fareqr_encode(char *tok_public, char *tok_secret, char *tok_cred, char *fareqr_str) {
|
|
|
- int i, r;
|
|
|
- uint8_t x,y,z;
|
|
|
- uint8_t *src_data = NULL, *dst_data = NULL;
|
|
|
- int src_data_n = 0;
|
|
|
- //int dst_data_n = 0;
|
|
|
+ int r=0, _ret=0;
|
|
|
+ uint8_t *dst_data = NULL;
|
|
|
|
|
|
- src_data = (uint8_t *)malloc(sizeof(uint8_t)*LINE_BUFFER_SIZE);
|
|
|
- dst_data = (uint8_t *)malloc(sizeof(uint8_t)*LINE_BUFFER_SIZE);
|
|
|
+ if ((!tok_public) || (!tok_secret) || (!tok_cred) || (!fareqr_str)) { return -9; }
|
|
|
|
|
|
- for (i=0; tok_cred[i]; i++) {
|
|
|
- x = (uint8_t)tok_secret[i];
|
|
|
- y = (uint8_t)tok_cred[i];
|
|
|
- z = x^y;
|
|
|
- src_data[i] = z;
|
|
|
- src_data_n++;
|
|
|
- }
|
|
|
+ dst_data = (uint8_t *)malloc(sizeof(uint8_t)*LINE_BUFFER_SIZE);
|
|
|
|
|
|
- for (i=0; i<src_data_n; i++) {
|
|
|
- x = (uint8_t)tok_secret[i];
|
|
|
- }
|
|
|
-
|
|
|
- //dst_data_n = Base64encode_len(src_data_n);
|
|
|
-
|
|
|
- r = Base64encode((char *)dst_data, (const char *)src_data, src_data_n);
|
|
|
- if (r<=0) {
|
|
|
- free(src_data);
|
|
|
- free(dst_data);
|
|
|
- return -1;
|
|
|
+ r = encode_b64(dst_data, (unsigned char *)tok_secret, (unsigned char *)tok_cred);
|
|
|
+ if (r < 0) {
|
|
|
+ _ret = -1;
|
|
|
+ goto _fareqr_encode_cleanup;
|
|
|
}
|
|
|
|
|
|
if (fareqr_str) {
|
|
|
snprintf(fareqr_str, LINE_BUFFER_SIZE-1, "@%s%%%s$", tok_public, dst_data);
|
|
|
}
|
|
|
|
|
|
- free(src_data);
|
|
|
- free(dst_data);
|
|
|
+_fareqr_encode_cleanup:
|
|
|
|
|
|
- return 0;
|
|
|
+ if (dst_data) { free(dst_data); }
|
|
|
+ return _ret;
|
|
|
}
|
|
|
|
|
|
|
|
|
// depreicated (doing away with one-time pads in favor of AES above)
|
|
|
//
|
|
|
int fareqr_decode(char *fareqr_s, char *check_pub, char *tok_secret, char *dst_cred) {
|
|
|
- int i, n, _ret=0;
|
|
|
+ int n=0, r=0, _ret=0;
|
|
|
char *p, *stop_tok;
|
|
|
int pub_tok_read_len = 0, check_pub_len = 0;
|
|
|
|
|
|
- char *enc_str = NULL, *dec_str = NULL, *plain_str=NULL;
|
|
|
- uint8_t x,y,z;
|
|
|
+ char *enc_str = NULL;
|
|
|
+
|
|
|
+ if ((!fareqr_s) || (!dst_cred)) { return -9; }
|
|
|
|
|
|
if (fareqr_s[0] != '@') { return -1; }
|
|
|
stop_tok = strchr(fareqr_s, '%');
|
|
|
@@ -363,40 +345,20 @@ int fareqr_decode(char *fareqr_s, char *check_pub, char *tok_secret, char *dst_c
|
|
|
}
|
|
|
|
|
|
enc_str = (char *)malloc(sizeof(char)*LINE_BUFFER_SIZE);
|
|
|
- dec_str = (char *)malloc(sizeof(char)*LINE_BUFFER_SIZE);
|
|
|
- plain_str = (char *)malloc(sizeof(char)*LINE_BUFFER_SIZE);
|
|
|
for (n=0, p = (stop_tok+1); (*p) && ((*p) != '$'); p++, n++) {
|
|
|
enc_str[n] = *p;
|
|
|
}
|
|
|
enc_str[n] = '\0';
|
|
|
- Base64decode(dec_str, enc_str);
|
|
|
|
|
|
- for (i=0; dec_str[i]; i++) {
|
|
|
- if (tok_secret[i]==0) {
|
|
|
- _ret = -5;
|
|
|
- goto _fareqr_decode_cleanup;
|
|
|
- }
|
|
|
- x = (uint8_t)dec_str[i];
|
|
|
- y = (uint8_t)tok_secret[i];
|
|
|
- z = (x^y);
|
|
|
- plain_str[i] = (char)z;
|
|
|
- }
|
|
|
- plain_str[i]='\0';
|
|
|
-
|
|
|
-
|
|
|
- if (dst_cred) {
|
|
|
- for (i=0; plain_str[i]; i++) {
|
|
|
- dst_cred[i] = plain_str[i];
|
|
|
- }
|
|
|
- dst_cred[i] = '\0';
|
|
|
+ r = decode_b64((unsigned char *)dst_cred, (unsigned char *)tok_secret, (unsigned char *)enc_str);
|
|
|
+ if (r < 0) {
|
|
|
+ _ret = -1;
|
|
|
+ goto _fareqr_decode_cleanup;
|
|
|
}
|
|
|
|
|
|
_fareqr_decode_cleanup:
|
|
|
|
|
|
if (enc_str) { free(enc_str); }
|
|
|
- if (dec_str) { free(dec_str); }
|
|
|
- if (plain_str) { free(plain_str); }
|
|
|
-
|
|
|
return _ret;
|
|
|
}
|
|
|
|
|
|
@@ -495,23 +457,21 @@ void show_help(FILE *ofp) {
|
|
|
fprintf(ofp, "\n");
|
|
|
fprintf(ofp, "A fareqr string is of the form:\n");
|
|
|
fprintf(ofp, "\n");
|
|
|
- fprintf(ofp, " @<pubkey>%%<b64(xor(privkey,credential))>$\n");
|
|
|
+ fprintf(ofp, " @<pubkey>%%<aes(privkey,credential)>$\n");
|
|
|
fprintf(ofp, "\n");
|
|
|
- fprintf(ofp, "Where `<b64(xor(privkey,credential))>` is the base64 encoded XOR of the private key\n");
|
|
|
- fprintf(ofp, "and the credential to be presented. The reasoning behind the XOR is to not allow a\n");
|
|
|
- fprintf(ofp, "snooper to get credential information if exposed to the string and the base64\n");
|
|
|
- fprintf(ofp, "encoding is to make it easily transportable.\n");
|
|
|
+ fprintf(ofp, "Where `<aes(privkey,credential)>` is the base64 encoded AES encrypted string\n");
|
|
|
+ fprintf(ofp, "of the credential, encrypted with the privkey.\n");
|
|
|
fprintf(ofp, "\n");
|
|
|
fprintf(ofp, "The <qrseedfile> is a text file of <pubkey> <privkey> pairs.\n");
|
|
|
fprintf(ofp, "\n");
|
|
|
fprintf(ofp, "Here is some example usage:\n");
|
|
|
fprintf(ofp, "\n");
|
|
|
fprintf(ofp, " $ fareqr encode 'wu9XouSh' 'ohNgizahkephain3aosoh2AeH1aethoo4cie6oiSaezimaighai2eiVaefahfien' ';123456789060535?'\n");
|
|
|
- fprintf(ofp, " @wu9XouSh%%VFl8VF1PV19TXEBeUVxdBl4=\n");
|
|
|
- fprintf(ofp, " $ fareqr decode 'ohNgizahkephain3aosoh2AeH1aethoo4cie6oiSaezimaighai2eiVaefahfien' '@wu9XouSh%%VFl8VF1PV19TXEBeUVxdBl4=$'\n");
|
|
|
+ fprintf(ofp, " @wu9XouSh%%U2FsdGVkX19nxmlzUf9K7GAgplhbmU4tcFYYa/Xz6oq0XrxSYTbBOA2yffAi7A0z$\n");
|
|
|
+ fprintf(ofp, " $ fareqr decode 'ohNgizahkephain3aosoh2AeH1aethoo4cie6oiSaezimaighai2eiVaefahfien' '@wu9XouSh%%U2FsdGVkX19nxmlzUf9K7GAgplhbmU4tcFYYa/Xz6oq0XrxSYTbBOA2yffAi7A0z$'\n");
|
|
|
fprintf(ofp, " ;123456789060535?\n");
|
|
|
fprintf(ofp, " $ echo 'wu9XouSh ohNgizahkephain3aosoh2AeH1aethoo4cie6oiSaezimaighai2eiVaefahfien' > ./qr.seed\n");
|
|
|
- fprintf(ofp, " $ fareqr dbdecode ./qr.seed '@wu9XouSh%%VFl8VF1PV19TXEBeUVxdBl4=$'\n");
|
|
|
+ fprintf(ofp, " $ fareqr dbdecode ./qr.seed '@wu9XouSh%%U2FsdGVkX19nxmlzUf9K7GAgplhbmU4tcFYYa/Xz6oq0XrxSYTbBOA2yffAi7A0z$'\n");
|
|
|
fprintf(ofp, " ;123456789060535?\n");
|
|
|
fprintf(ofp, "\n");
|
|
|
fprintf(ofp, "Where 'wu9XouSh' is the public key, 'ohNgizahkephain3aosoh2AeH1aethoo4cie6oiSaezimaighai2eiVaefahfien' is the private key and\n");
|
|
|
@@ -611,7 +571,7 @@ int main(int argc, char **argv) {
|
|
|
tok_cred[0] = '0';
|
|
|
r = fareqr_lookup_decode(fn, fareqr_str, tok_cred);
|
|
|
if (r<0) {
|
|
|
- fprintf(stderr, "could not decode '%s' with db '%s', exiting (got %i)\n",
|
|
|
+ fprintf(stderr, "could not decode '%s' with db file '%s', exiting (got %i)\n",
|
|
|
fareqr_str, fn, r);
|
|
|
}
|
|
|
else {
|
|
|
@@ -630,7 +590,6 @@ int main(int argc, char **argv) {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-
|
|
|
tok_cred = (unsigned char *)calloc(LINE_BUFFER_SIZE, sizeof(char));
|
|
|
r = decode_b64(tok_cred, tok_secret, fareqr_str);
|
|
|
if (r<0) {
|
|
|
@@ -652,9 +611,6 @@ int main(int argc, char **argv) {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- printf(">>> '%s' '%s'\n", tok_secret, tok_cred);
|
|
|
-
|
|
|
-
|
|
|
fareqr_str = (unsigned char *)calloc(2*LINE_BUFFER_SIZE, sizeof(char));
|
|
|
r = encode_b64(fareqr_str, tok_secret, tok_cred);
|
|
|
if (r<0) {
|
