From 8e580e354109b877fe51a89b87c74a824563d8d4 Mon Sep 17 00:00:00 2001
Message-Id: <8e580e354109b877fe51a89b87c74a824563d8d4.1713558273.git.mdw@distorted.org.uk>
From: Mark Wooding <mdw@chiark.greenend.org.uk>
Date: Sat, 2 May 2015 17:05:20 +0100
Subject: [PATCH] New key type `reop'.
Organization: Straylight/Edgeware

From: Mark Wooding <mdw@distorted.org.uk>

Depends on Ted Unangst's `Reasonable Expectation of Privacy', available
from <https://github.com/tedu/reop/>, and libsodium.
---
 Makefile.am      |  3 ++
 ktype.reop       | 74 ++++++++++++++++++++++++++++++++++++++++++++++++
 profile.d/01reop | 59 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 136 insertions(+)
 create mode 100644 ktype.reop
 create mode 100644 profile.d/01reop

diff --git a/Makefile.am b/Makefile.am
index ce04560..dcab1ba 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -147,6 +147,9 @@ dist_profile_DATA	+= profile.d/01gnupg
 dist_pkgdata_DATA	+= ktype.seccure
 dist_profile_DATA	+= profile.d/01seccure
 
+dist_pkgdata_DATA	+= ktype.reop
+dist_profile_DATA	+= profile.d/01reop
+
 ## Commands.
 dist_pkgdata_SCRIPTS	+= cryptop.archive
 dist_pkgdata_SCRIPTS	+= cryptop.genkey
diff --git a/ktype.reop b/ktype.reop
new file mode 100644
index 0000000..e9360f6
--- /dev/null
+++ b/ktype.reop
@@ -0,0 +1,74 @@
+### -*-sh-*-
+###
+### Key type for REOP
+###
+### (c) 2015 Mark Wooding
+###
+
+###----- Licensing notice ---------------------------------------------------
+###
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
+### it under the terms of the GNU General Public License as published by
+### the Free Software Foundation; either version 2 of the License, or
+### (at your option) any later version.
+###
+### distorted-keys is distributed in the hope that it will be useful,
+### but WITHOUT ANY WARRANTY; without even the implied warranty of
+### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+### GNU General Public License for more details.
+###
+### You should have received a copy of the GNU General Public License
+### along with distorted-keys; if not, write to the Free Software Foundation,
+### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+defprops k_props <<EOF
+identity		t	$R_LINE
+EOF
+
+: ${kprop_label=%{label\}}
+
+k_generate () {
+  base=$1 nub=$2
+
+  ident=$(subst "\`identity' value" "$kprop_identity" kopt_ "$R_LINE")
+  REOP_PASSPHRASE=$(cat "$nub") \
+    reop -G -i"$ident" -s"$base/sec" -p"$base/pub"
+}
+
+k_encrypt () {
+  base=$1
+
+  reop -Gn -idistorted-keys.tmp -s$tmp/sec -p$tmp/ct
+  reop -E -s$tmp/sec -p"$base/pub" -m- -x- >>$tmp/ct
+  cat $tmp/ct
+}
+
+k_decrypt () {
+  base=$1 nub=$2
+
+  sed -n "
+    /^-----BEGIN REOP PUBLIC KEY-----\$/,/^-----END REOP PUBLIC KEY-----\$/ \
+	w $tmp/pub
+    /^-----BEGIN REOP ENCRYPTED MESSAGE-----\$/,/^-----END REOP ENCRYPTED MESSAGE-----\$/ \
+	w $tmp/ct"
+  REOP_PASSPHRASE=$(cat "$nub") \
+    reop -D -s"$base/sec" -p$tmp/pub -m- -x$tmp/ct
+}
+
+k_sign () {
+  base=$1 nub=$2
+
+  REOP_PASSPHRASE=$(cat "$nub") \
+    reop -S -s"$base/sec" -m- -x-
+}
+
+k_verify () {
+  base=$1 sig=$3
+
+  echo "$sig" >$tmp/sig
+  reop -Vq -p"$base/pub" -m- -x$tmp/sig
+}
+
+###----- That's all, folks --------------------------------------------------
diff --git a/profile.d/01reop b/profile.d/01reop
new file mode 100644
index 0000000..ab02190
--- /dev/null
+++ b/profile.d/01reop
@@ -0,0 +1,59 @@
+;;; -*-conf-*-
+;;;
+;;; Default configuration for REOP keys
+;;;
+;;; (c) 2015 Mark Wooding
+;;;
+
+;;;----- Licensing notice ---------------------------------------------------
+;;;
+;;; This file is part of the distorted.org.uk key management suite.
+;;;
+;;; distorted-keys is free software; you can redistribute it and/or modify
+;;; it under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 2 of the License, or
+;;; (at your option) any later version.
+;;;
+;;; distorted-keys is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with distorted-keys; if not, write to the Free Software Foundation,
+;;; Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+;;;--------------------------------------------------------------------------
+;;; REOP configuration.
+;;;
+;;; Important note!  REOP tries to provide (deniable) authenticity of
+;;; ciphertexts.  This implementation subverts that property by generating an
+;;; ephemeral sending key.
+;;;
+;;; Properties defined by the key-type are as follows.  All the properties
+;;; are optional.
+;;;
+;;; identity		The identity to store in the key data.  A %{PARAM}
+;;;			placeholder is replaced by the value of the named
+;;;			key-generation parameter PARAM, and an error is
+;;;			reported if no such parameter is provided; a
+;;;			%{PARAM-DEFAULT} placeholder is replaced by the value
+;;;			of the parameter PARAM, or the string DEFAULT is no
+;;;			such parameter is provided.
+
+[%reop]
+type = reop
+
+;; Identity string.
+identity = %{identity}
+
+[reop-integrity]
+@include = %reop %asymmetric-integrity
+
+[reop-secrecy]
+@include = %reop %asymmetric-secrecy
+
+[%seccure-infra]
+@include = %seccure
+
+;;;----- That's all, folks --------------------------------------------------
-- 
[mdw]