commit c9f69585aefd7660382ae2cb97262851086a7326
parent acc9658a86e9ae2faec689b14ece9e0475dd0cdd
Author: lash <dev@holbrook.no>
Date: Sun, 30 Mar 2025 02:09:37 +0100
Protect key overflow in store put
Diffstat:
6 files changed, 97 insertions(+), 31 deletions(-)
diff --git a/src/crypto/gcrypt.c b/src/crypto/gcrypt.c
@@ -69,6 +69,8 @@ static int gpg_passphrase_digest_len;
/// zero fp value
const static char gpg_fingerprint_zero[LQ_FP_LEN];
+const static char gpg_default_store_key;
+
/**
* Verifies that installed gpg version is supported.
* Sets up crypto keys dir and sets passphrase digest length.
@@ -318,6 +320,12 @@ static int key_apply_public(struct gpg_store *gpg, gcry_sexp_t key) {
return debug_logerr(LLOG_ERROR, ERR_CRYPTO, NULL);
}
lq_cpy(gpg->public_key, p, LQ_PUBKEY_LEN);
+
+ p = (char*)gcry_pk_get_keygrip(key, (unsigned char*)gpg->fingerprint);
+ if (p == NULL) {
+ return debug_logerr(LLOG_ERROR, ERR_CRYPTO, NULL);
+ }
+
return ERR_OK;
}
@@ -339,12 +347,12 @@ static int key_create(struct gpg_store *gpg) {
p = gcry_strerror(e);
return debug_logerr(LLOG_ERROR, ERR_CRYPTO, (char*)p);
}
- p = (char*)gcry_pk_get_keygrip(gpg->k, (unsigned char*)gpg->fingerprint);
- if (p == NULL) {
- p = gcry_strerror(e);
- return debug_logerr(LLOG_ERROR, ERR_CRYPTO, (char*)p);
- }
-
+// p = (char*)gcry_pk_get_keygrip(gpg->k, (unsigned char*)gpg->fingerprint);
+// if (p == NULL) {
+// p = gcry_strerror(e);
+// return debug_logerr(LLOG_ERROR, ERR_CRYPTO, (char*)p);
+// }
+//
r = key_apply_public(gpg, gpg->k);
if (r) {
return debug_logerr(LLOG_ERROR, ERR_CRYPTO, NULL);
@@ -396,6 +404,7 @@ static int key_create_store(struct gpg_store *gpg, const char *passphrase) {
size_t m;
//FILE *f;
LQStore *store;
+ LQPubKey *pubk;
char nonce[CHACHA20_NONCE_LENGTH_BYTES];
char buf_key[LQ_STORE_KEY_MAX];
char buf_val[LQ_STORE_VAL_MAX];
@@ -404,7 +413,12 @@ static int key_create_store(struct gpg_store *gpg, const char *passphrase) {
//r = key_create(gpg, key);
r = key_create(gpg);
if (r) {
- return debug_logerr(LLOG_ERROR, ERR_CRYPTO, NULL);
+ return debug_logerr(LLOG_ERROR, ERR_CRYPTO, "key create");
+ }
+
+ pubk = lq_publickey_new(gpg->public_key);
+ if (pubk == NULL) {
+ return debug_logerr(LLOG_ERROR, ERR_CRYPTO, "publickey");
}
kl = gcry_sexp_sprint(gpg->k, GCRYSEXP_FMT_CANON, NULL, 0);
@@ -432,6 +446,10 @@ static int key_create_store(struct gpg_store *gpg, const char *passphrase) {
lq_cpy(buf_val, nonce, CHACHA20_NONCE_LENGTH_BYTES);
lq_cpy(buf_val + CHACHA20_NONCE_LENGTH_BYTES, ciphertext, c);
+
+ // we don't need the inner private key anymore.
+ // use the pointer for the public key now.
+ gpg = (struct gpg_store*)pubk->impl;
lq_cpy(buf_key, gpg->fingerprint, LQ_FP_LEN);
store = key_store_get();
if (store == NULL) {
@@ -440,7 +458,7 @@ static int key_create_store(struct gpg_store *gpg, const char *passphrase) {
}
l = c + CHACHA20_NONCE_LENGTH_BYTES;
- c = LQ_FP_LEN + 1;
+ c = LQ_FP_LEN;
r = store->put(LQ_CONTENT_KEY, store, buf_key, &c, buf_val, l);
if (r) {
lq_free(store);
@@ -448,7 +466,7 @@ static int key_create_store(struct gpg_store *gpg, const char *passphrase) {
}
// check if already exists default, if not, set it
- *buf_key = '_';
+ *buf_key = gpg_default_store_key;
c = LQ_STORE_VAL_MAX;
r = store->get(LQ_CONTENT_KEY, store, buf_key, 1, buf_val, &c);
if (r) {
@@ -587,7 +605,7 @@ static int gpg_key_load(struct gpg_store *gpg, const char *passphrase, size_t pa
case GPG_FIND_MAIN:
r = key_from_store(gpg, passphrase);
if (r) {
- return debug_logerr(LLOG_WARNING, ERR_CRYPTO, NULL);
+ return debug_logerr(LLOG_WARNING, ERR_CRYPTO, "default key not found");
}
break;
case GPG_FIND_ORCREATE:
@@ -595,6 +613,7 @@ static int gpg_key_load(struct gpg_store *gpg, const char *passphrase, size_t pa
if (r == ERR_OK) {
break;
}
+ // if no key could be loaded, attempt to create one.
if (!lq_cmp(gpg_fingerprint_zero, gpg->fingerprint, LQ_FP_LEN)) {
debug(LLOG_DEBUG, "gpg", "default private key not found, attempting create new");
r = key_create_store(gpg, passphrase);
@@ -603,6 +622,12 @@ static int gpg_key_load(struct gpg_store *gpg, const char *passphrase, size_t pa
}
}
break;
+ case GPG_FIND_FINGERPRINT:
+ r = key_from_store(gpg, passphrase);
+ if (r) {
+ return debug_logerr(LLOG_WARNING, ERR_CRYPTO, "fingerprint key not found");
+ }
+ break;
// case GPG_FIND_FINGERPRINT:
// strcpy(path, store->userdata);
@@ -633,11 +658,11 @@ static int gpg_key_load(struct gpg_store *gpg, const char *passphrase, size_t pa
/// Implements the interface to load a private key from storage.
-LQPrivKey* lq_privatekey_load(const char *passphrase, size_t passphrase_len) {
+LQPrivKey* lq_privatekey_load(const char *passphrase, size_t passphrase_len, const char *fingerprint) {
LQStore *store;
LQPrivKey *pk;
char *p;
-
+ enum gpg_find_mode_e m;
struct gpg_store *gpg;
int r;
@@ -649,8 +674,13 @@ LQPrivKey* lq_privatekey_load(const char *passphrase, size_t passphrase_len) {
gpg = lq_alloc(sizeof(struct gpg_store));
lq_zero(gpg, sizeof(struct gpg_store));
+ m = GPG_FIND_ORCREATE;
+ if (fingerprint != NULL) {
+ lq_cpy(gpg->fingerprint, fingerprint, LQ_FP_LEN);
+ m = GPG_FIND_FINGERPRINT;
+ }
//r = gpg_key_load(gpg, passphrase_hash, GPG_FIND_MAIN, NULL);
- r = gpg_key_load(gpg, passphrase, passphrase_len, GPG_FIND_ORCREATE, NULL);
+ r = gpg_key_load(gpg, passphrase, passphrase_len, m, NULL);
if (r) {
return NULL;
}
@@ -894,14 +924,6 @@ void lq_signature_free(LQSig *sig) {
lq_free(sig);
}
-char *lq_publickey_fingerprint(LQPubKey *pubk) {
- struct gpg_store *gpg;
- char *p;
-
- gpg = (struct gpg_store*)pubk->impl;
- return gpg->fingerprint;
-}
-
LQPubKey* lq_publickey_from_privatekey(LQPrivKey *pk) {
struct gpg_store *gpg;
LQPubKey *pubk;
@@ -942,4 +964,13 @@ LQPubKey* lq_publickey_new(const char *full) {
return pubk;
}
+size_t lq_publickey_fingerprint(LQPubKey* pubk, char **out) {
+ size_t c;
+ struct gpg_store *gpg;
+
+ gpg = (struct gpg_store*)pubk->impl;
+ *out = gpg->fingerprint;
+ return LQ_FP_LEN;
+}
+
#endif
diff --git a/src/lq/crypto.h b/src/lq/crypto.h
@@ -12,7 +12,7 @@
#endif
#ifndef LQ_PUBKEY_LEN
-#define LQ_PUBKEY_LEN 64
+#define LQ_PUBKEY_LEN 32
#endif
#ifndef LQ_PRIVKEY_LEN
@@ -143,7 +143,7 @@ LQPrivKey* lq_privatekey_new(const char *seed, size_t seed_len, const char *pass
* \see lq_privatekey_free
*/
-LQPrivKey* lq_privatekey_load(const char *passphrase, size_t passphrase_len);
+LQPrivKey* lq_privatekey_load(const char *passphrase, size_t passphrase_len, const char *fingerprint);
/**
* \brief Get raw private key bytes
*
@@ -172,7 +172,7 @@ LQPubKey* lq_publickey_new(const char *full);
LQPubKey* lq_publickey_from_privatekey(LQPrivKey *pk);
/**
- * \brief Get raw public key bytes
+ * \brief Get raw public key bytes.
*
* \param[in] Public key object.
* \param[out] Pointer to start of data.
@@ -181,6 +181,15 @@ LQPubKey* lq_publickey_from_privatekey(LQPrivKey *pk);
size_t lq_publickey_bytes(LQPubKey *pubk, char **out);
/**
+ * \brief Get the public key fingerprint bytes.
+ *
+ * \param[in] Public key object
+ * \param[out] Pointer to start of data.
+ * \return Length of fingerprint data. If 0, no fingerprint could be found.
+ */
+size_t lq_publickey_fingerprint(LQPubKey *pubk, char **out);
+
+/**
* \brief Encrypt private key in place.
*
* Must clear sensistive memory.
diff --git a/src/lq/store.h b/src/lq/store.h
@@ -4,7 +4,7 @@
#include <stddef.h>
#ifndef LQ_STORE_KEY_MAX
-#define LQ_STORE_KEY_MAX 64
+#define LQ_STORE_KEY_MAX 256
#endif
#ifndef LQ_STORE_VAL_MAX
diff --git a/src/store/file.c b/src/store/file.c
@@ -85,11 +85,14 @@ int lq_file_content_put(enum payload_e typ, LQStore *store, const char *key, siz
int r;
size_t c;
size_t l;
- char buf[LQ_DIGEST_LEN * 2 + 1];
+ char buf[LQ_STORE_KEY_MAX - 1];
char path[1024];
char *p;
int f;
+ if (*key_len > (LQ_STORE_KEY_MAX / 2) - 1) {
+ return ERR_OVERFLOW;
+ }
if (store->store_typ != store_typ_file) {
return ERR_COMPAT;
}
@@ -97,7 +100,7 @@ int lq_file_content_put(enum payload_e typ, LQStore *store, const char *key, siz
lq_cpy(path, p, strlen(p) + 1);
p = path + strlen(path);
b2h((const unsigned char*)key, (int)*key_len, (unsigned char*)buf);
- sprintf(p, "%d%s", (char)typ, buf);
+ sprintf(p, "%d%s", (char)typ, (unsigned char*)buf);
f = lq_open(path, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR);
if (f < 0) {
return ERR_NOENT;
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
@@ -122,7 +122,27 @@ START_TEST(check_create_load) {
pk = lq_privatekey_new(privkeydata, LQ_PRIVKEY_LEN, passphrase, passphrase_len);
ck_assert_ptr_nonnull(pk);
- pk_load = lq_privatekey_load(passphrase, passphrase_len);
+ pk_load = lq_privatekey_load(passphrase, passphrase_len, NULL);
+ ck_assert_ptr_nonnull(pk_load);
+
+ lq_privatekey_free(pk);
+}
+END_TEST
+
+START_TEST(check_load_specific) {
+ LQPrivKey *pk;
+ LQPubKey *pubk;
+ LQPrivKey *pk_load;
+ char *p;
+ size_t c;
+
+ pk = lq_privatekey_new(privkeydata, LQ_PRIVKEY_LEN, passphrase, passphrase_len);
+ ck_assert_ptr_nonnull(pk);
+ pubk = lq_publickey_from_privatekey(pk);
+ ck_assert_ptr_nonnull(pubk);
+ c = lq_publickey_fingerprint(pubk, &p);
+ ck_assert_int_gt(c, 0);
+ pk_load = lq_privatekey_load(passphrase, passphrase_len, p);
ck_assert_ptr_nonnull(pk_load);
lq_privatekey_free(pk);
@@ -142,6 +162,7 @@ Suite * common_suite(void) {
tcase_add_test(tc, check_signature);
tcase_add_test(tc, check_verify);
tcase_add_test(tc, check_create_load);
+ tcase_add_test(tc, check_load_specific);
suite_add_tcase(s, tc);
return s;
diff --git a/src/test/test_msg.c b/src/test/test_msg.c
@@ -17,15 +17,17 @@ START_TEST(check_msg_symmetric) {
size_t c;
char buf[4096];
char path[1024];
+ char *p;
LQMsg *msg;
LQResolve resolve;
LQResolve resolve_dummy;
LQStore *store;
- //lq_cpy(&store, &LQFileContent, sizeof(LQStore));
lq_cpy(path, "/tmp/lqstore_file_XXXXXX", 25);
- //store.userdata = (void*)mktempdir(path);
- store = lq_store_new(mktempdir(path));
+ p = mktempdir(path);
+ *(p+24) = '/';
+ *(p+25) = 0x0;
+ store = lq_store_new(p);
ck_assert_ptr_nonnull(store->userdata);
resolve_dummy.store = &LQDummyContent;
