- opmsg: making brainkey personas independent from config-file for ea…

…sier usage
stealth · Jul 6, 2021 · 0ace33d · 0ace33d
1 parent 8af6768
commit 0ace33d
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -46,12 +46,12 @@ not using the SSL/TLS proto, just the ciphering and hash algorithms.
 For standard _Linux_ distros, just type `make`.
 
 The compilation requires a C++ compiler that supports `-std=c++11`.
-This can be configured with e.g. `make CXX=eg++ LD=eg++` on _OpenBSD_.
+This can be configured with e.g. `make CXX=eg++` on _OpenBSD_.
 
 This project supports both `BN_GENCB_new` and `BN_GENCB` for big number
 generation. To disable `BN_GENCB_new`, set `HAVE_BN_GENCB_NEW` to false:
 `make DEFS=-DHAVE_BN_GENCB_NEW=0`. So on _OpenBSD_, you would run
-`make CXX=eg++ LD=eg++ DEFS=-DHAVE_BN_GENCB_NEW=0`. On _OSX_ you should install
+`make CXX=eg++ DEFS=-DHAVE_BN_GENCB_NEW=0`. On _OSX_ you should install
 your own _OpenSSL_, as Apple marks _OpenSSL_ as deprecated in favor of their own
 crypto libs. You may also set all these options in the `Makefile`.
 
@@ -290,12 +290,14 @@ Brainkey Personas
 
 Brainkey personas are deniable personas whose key was not generated via RNG
 input, but which are derived from a passphrase. They are very similar to the
-concept of BTC brainwallets:
+concept of BTC brainwallets. When generating brainkey personas, the commandline
+should be as explicit as possible in order to have matching personas on both sides
+despite potentially different config-file settings for EC curves or hash algos:
 
 ```
-$ opmsg --name nobrainer --deniable --salt1 1234 --brainkey1 --newecp
+$ opmsg --name=nobrainer --deniable --salt1 1234 --brainkey1 --newecp=secp521r1 --phash=sha256
 
-opmsg: version=1.79 (C) 2019 Sebastian Krahmer: https://github.com/stealth/opmsg
+opmsg: version=1.80 (C) 2021 Sebastian Krahmer: https://github.com/stealth/opmsg
 
 opmsg: Enter the brainkey, 16 chars minimum (echoed): mysupersecretnobodyknows
 opmsg: creating new EC persona (curve secp521r1)
@@ -316,14 +318,11 @@ Ofcorse, you should use a secret that nobody can guess or bruteforce, including
 upper and lower-case, digits and so on. The idea behind brainkey personas is,
 that you share a secret with your peer once you meet, and both sides can
 then generate the same personas independently afterwards. There's no need to verify
-finger prints or exchange keys. You should use a default config, because
-the EC curve that is being used has to be the same on both sides. As well as
-the persona hash algorithm and the salt. Both sides may ommit the `--salt` switch if they
-don't fear that folks with a huge hardware budget are going to precompute databases
-of brainkey personas to break your key. If you are certain that no other users
+finger prints or exchange keys. The salt parameter doesn't need to be secret and may
+also be omitted. But it is a safety measure to chose a salt in order to make attacks
+with rainbow tables unfeasable. If you are certain that no other users
 are on your box, you may also pass the passphrase as `--brainkey1=mysupersecretnobodyknows`
-on the commandline instead of typing it on `stdin`. The salt may be known to the public,
-its only purpose is to make precomputation infeasable.
+on the commandline instead of typing it on `stdin`.
 Brainkeys will only be used for deniable EC personas. The Kex (aka Session) keys
 will nevertheless be generated randomly, just as for other personas.
 Brainkey personas can then be used just as normal. Once created, you may just

diff --git a/src/Makefile b/src/Makefile
@@ -59,7 +59,7 @@ INC=
 
 CXXFLAGS=-Wall -O2 -pedantic -std=c++11 $(INC) $(DEFS)
 
-LD=c++
+LD=$(CXX)
 LDFLAGS=
 LIBS+=-lcrypto
 

diff --git a/src/message.h b/src/message.h
@@ -35,12 +35,6 @@ extern "C" {
 
 namespace opmsg {
 
-namespace marker {
-
-extern std::string rsa_kex_id;
-
-}
-
 
 enum {
 	OPMSG_RSA_ENCRYPTED_KEYLEN	= 64,

diff --git a/src/misc.cc b/src/misc.cc
@@ -203,6 +203,28 @@ bool is_valid_halgo(const string &s)
 }
 
 
+int curve2nid(const string &name)
+{
+	map<string, int> ec{
+	        {"secp384r1", NID_secp384r1}, {"secp521r1", NID_secp521r1},
+	        {"secp256k1", NID_secp256k1},	// BTC curve
+	        {"sect283k1", NID_sect283k1}, {"sect283r1", NID_sect283r1},
+	        {"sect409k1", NID_sect409k1}, {"sect409r1", NID_sect409r1},
+	        {"sect571k1", NID_sect571k1}, {"sect571r1", NID_sect571r1},
+#ifdef NID_brainpoolP512t1
+	        {"brainpoolP320r1", NID_brainpoolP320r1}, {"brainpoolP384r1", NID_brainpoolP384r1}, {"brainpoolP512r1", NID_brainpoolP512r1},
+	        {"brainpoolP320t1", NID_brainpoolP320t1}, {"brainpoolP384t1", NID_brainpoolP384t1}, {"brainpoolP512t1", NID_brainpoolP512t1}
+#endif
+	};
+
+	auto it = ec.find(name);
+	if (it == ec.end())
+		return -1;
+
+	return it->second;
+}
+
+
 void rlockf(int fd)
 {
 	struct flock fl;

diff --git a/src/misc.h b/src/misc.h
@@ -46,6 +46,8 @@ void print_halgos(std::ostringstream &);
 
 const EVP_CIPHER *algo2cipher(const std::string &);
 
+int curve2nid(const std::string &);
+
 const EVP_MD *algo2md(const std::string &);
 
 std::string build_error(const std::string &msg);

diff --git a/src/opmsg.cc b/src/opmsg.cc
@@ -1,7 +1,7 @@
 /*
  * This file is part of the opmsg crypto message framework.
  *
- * (C) 2015-2019 by Sebastian Krahmer,
+ * (C) 2015-2021 by Sebastian Krahmer,
  *               sebastian [dot] krahmer [at] gmail [dot] com
  *
  * opmsg is free software: you can redistribute it and/or modify
@@ -79,7 +79,7 @@ enum {
 };
 
 
-const string banner = "\nopmsg: version=1.79 (C) 2019 Sebastian Krahmer: https://github.com/stealth/opmsg\n\n";
+const string banner = "\nopmsg: version=1.80 (C) 2021 Sebastian Krahmer: https://github.com/stealth/opmsg\n\n";
 
 /* The iostream lib works not very well wrt customized buffering and flushing
  * (unlike C's setbuffer), so we use string streams and flush ourself when we need to.
@@ -927,7 +927,7 @@ int main(int argc, char **argv)
 	        {"long", no_argument, nullptr, ID_FORMAT_LONG},
 	        {"split", no_argument, nullptr, ID_FORMAT_SPLIT},
 	        {"newp", no_argument, nullptr, 'N'},
-		{"newecp", no_argument, nullptr, NEWECP},
+		{"newecp", optional_argument, nullptr, NEWECP},
 		{"newdhp", no_argument, nullptr, NEWDHP},
 		{"deniable", no_argument, nullptr, DENIABLE},
 	        {"calgo", required_argument, nullptr, 'C'},
@@ -1089,6 +1089,24 @@ int main(int argc, char **argv)
 			break;
 		case NEWECP:
 			cmode |= CMODE_NEWECP;
+
+			// the curve name may be overriden to config file,
+			// in order to have config-independent one-liners for
+			// brainkey personas
+			if (optarg) {
+				int nid = curve2nid(optarg);
+				if (nid == -1) {
+					estr<<prefix<<"Invalid curve name. Valid algorithms are:\n\n";
+					print_calgos(estr);
+					estr<<"\n"<<prefix<<"FAILED.\n";
+					eflush();
+					return -1;
+				}
+				config::curve_nids.clear();
+				config::curves.clear();
+				config::curve_nids.push_back(nid);
+				config::curves.push_back(optarg);
+			}
 			break;
 		case ID_FORMAT_LONG:
 			config::idformat = "long";