pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/netpgpverify Update to version 20150115.
details: https://anonhg.NetBSD.org/pkgsrc/rev/7ed982250d10
branches: trunk
changeset: 645592:7ed982250d10
user: agc <agc%pkgsrc.org@localhost>
date: Fri Jan 30 18:47:50 2015 +0000
description:
Update to version 20150115.
This version includes support for the '-c dump' command, which dumps
the contents of all PGP packets to stdout. Note that since we're
verifying, no private keys are involved.
diffstat:
security/netpgpverify/Makefile | 4 +-
security/netpgpverify/files/Makefile.bsd | 6 +-
security/netpgpverify/files/libnetpgpverify.3 | 18 ++++-
security/netpgpverify/files/libverify.c | 72 +++++++++++++++++++++++++++
security/netpgpverify/files/main.c | 6 ++
security/netpgpverify/files/misc.c | 45 ++++++++++++++++
security/netpgpverify/files/misc.h | 1 +
security/netpgpverify/files/netpgpverify.1 | 30 ++++++++--
security/netpgpverify/files/verify.h | 7 +-
9 files changed, 171 insertions(+), 18 deletions(-)
diffs (truncated from 338 to 300 lines):
diff -r 8ab6831e7819 -r 7ed982250d10 security/netpgpverify/Makefile
--- a/security/netpgpverify/Makefile Fri Jan 30 17:36:59 2015 +0000
+++ b/security/netpgpverify/Makefile Fri Jan 30 18:47:50 2015 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.10 2014/12/04 20:08:47 agc Exp $
+# $NetBSD: Makefile,v 1.11 2015/01/30 18:47:50 agc Exp $
-DISTNAME= netpgpverify-20141204
+DISTNAME= netpgpverify-20150115
CATEGORIES= security
MASTER_SITES= # empty
DISTFILES= # empty
diff -r 8ab6831e7819 -r 7ed982250d10 security/netpgpverify/files/Makefile.bsd
--- a/security/netpgpverify/files/Makefile.bsd Fri Jan 30 17:36:59 2015 +0000
+++ b/security/netpgpverify/files/Makefile.bsd Fri Jan 30 18:47:50 2015 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.bsd,v 1.4 2014/12/07 22:21:36 agc Exp $
+# $NetBSD: Makefile.bsd,v 1.5 2015/01/30 18:47:51 agc Exp $
PROG=netpgpverify
@@ -33,3 +33,7 @@
@echo ""
@echo "expected failure, no valid key for verification"
-./${PROG} -k /dev/null NetBSD-6.0_RC1_hashes.gpg
+ @echo "dumping now"
+ ./${PROG} -c dump -k pubring.gpg NetBSD-6.0_RC1_hashes.asc
+ @echo "dumping ssh now"
+ ./${PROG} -c dump -S sshtest-20140202.pub data.gpg
diff -r 8ab6831e7819 -r 7ed982250d10 security/netpgpverify/files/libnetpgpverify.3
--- a/security/netpgpverify/files/libnetpgpverify.3 Fri Jan 30 17:36:59 2015 +0000
+++ b/security/netpgpverify/files/libnetpgpverify.3 Fri Jan 30 18:47:50 2015 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: libnetpgpverify.3,v 1.1 2014/02/16 17:15:48 agc Exp $
+.\" $NetBSD: libnetpgpverify.3,v 1.2 2015/01/30 18:47:51 agc Exp $
.\"
.\" Copyright (c) 2014 Alistair Crooks <agc%NetBSD.org@localhost>
.\" All rights reserved.
@@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd February 16, 2014
+.Dd January 15, 2015
.Dt LIBNETPGPVERIFY 3
.Os
.Sh NAME
@@ -32,7 +32,7 @@
.Sh LIBRARY
.Lb libnetpgpverify
.Sh SYNOPSIS
-.In netpgpverify.h
+.In netpgp/verify.h
.Ft int
.Fo pgpv_read_pubring
.Fa "pgpv_t *pgp" "const void *keyring" "ssize_t size"
@@ -47,11 +47,19 @@
.Fc
.Ft size_t
.Fo pgpv_get_verified
-.Fa "pgpv_cursor_t *cursor" "size_t cookie " "char **ret"
+.Fa "pgpv_cursor_t *cursor" "size_t cookie" "char **ret"
+.Fc
+.Ft size_t
+.Fo pgpv_get_cursor_element
+.Fa "pgpv_cursor_t *cursor" "size_t element"
+.Fc
+.Ft size_t
+.Fo pgpv_dump
+.Fa "pgpv_t *pgp" "char **data"
.Fc
.Ft size_t
.Fo pgpv_get_entry
-.Fa "pgpv_t *pgp" "unsigned ent" "char **ret"
+.Fa "pgpv_t *pgp" "unsigned ent" "char **ret" "const char *modifiers"
.Fc
.Ft int
.Fo pgpv_close
diff -r 8ab6831e7819 -r 7ed982250d10 security/netpgpverify/files/libverify.c
--- a/security/netpgpverify/files/libverify.c Fri Jan 30 17:36:59 2015 +0000
+++ b/security/netpgpverify/files/libverify.c Fri Jan 30 18:47:50 2015 +0000
@@ -2597,6 +2597,36 @@
return match_sig(cursor, signature, pubkey, data, insize);
}
+/* return the packet type */
+static const char *
+get_packet_type(uint8_t tag)
+{
+ switch(tag) {
+ case SIGNATURE_PKT:
+ return "signature packet";
+ case ONEPASS_SIGNATURE_PKT:
+ return "onepass signature packet";
+ case PUBKEY_PKT:
+ return "pubkey packet";
+ case COMPRESSED_DATA_PKT:
+ return "compressed data packet";
+ case MARKER_PKT:
+ return "marker packet";
+ case LITDATA_PKT:
+ return "litdata packet";
+ case TRUST_PKT:
+ return "trust packet";
+ case USERID_PKT:
+ return "userid packet";
+ case PUB_SUBKEY_PKT:
+ return "public subkey packet";
+ case USER_ATTRIBUTE_PKT:
+ return "user attribute packet";
+ default:
+ return "[UNKNOWN]";
+ }
+}
+
/* get an element from the found array */
int
pgpv_get_cursor_element(pgpv_cursor_t *cursor, size_t element)
@@ -2740,3 +2770,45 @@
memcpy(*ret, data, size);
return size;
}
+
+#define KB(x) ((x) * 1024)
+
+/* dump all packets */
+size_t
+pgpv_dump(pgpv_t *pgp, char **data)
+{
+ ssize_t dumpc;
+ size_t alloc;
+ size_t pkt;
+ size_t cc;
+ size_t n;
+ char buf[800];
+ char *newdata;
+
+ cc = alloc = 0;
+ *data = NULL;
+ for (pkt = 0 ; pkt < ARRAY_COUNT(pgp->pkts) ; pkt++) {
+ if (cc + KB(64) >= alloc) {
+ if ((newdata = realloc(*data, alloc + KB(64))) == NULL) {
+ return cc;
+ }
+ alloc += KB(64);
+ *data = newdata;
+ }
+ memset(buf, 0x0, sizeof(buf));
+ dumpc = netpgp_hexdump(ARRAY_ELEMENT(pgp->pkts, pkt).s.data,
+ MIN((sizeof(buf) / 80) * 16,
+ ARRAY_ELEMENT(pgp->pkts, pkt).s.size),
+ buf, sizeof(buf));
+ n = snprintf(&(*data)[cc], alloc - cc,
+ "[%zu] off %zu, len %zu, tag %u, %s\n%.*s",
+ pkt,
+ ARRAY_ELEMENT(pgp->pkts, pkt).offset,
+ ARRAY_ELEMENT(pgp->pkts, pkt).s.size,
+ ARRAY_ELEMENT(pgp->pkts, pkt).tag,
+ get_packet_type(ARRAY_ELEMENT(pgp->pkts, pkt).tag),
+ (int)dumpc, buf);
+ cc += n;
+ }
+ return cc;
+}
diff -r 8ab6831e7819 -r 7ed982250d10 security/netpgpverify/files/main.c
--- a/security/netpgpverify/files/main.c Fri Jan 30 17:36:59 2015 +0000
+++ b/security/netpgpverify/files/main.c Fri Jan 30 18:47:50 2015 +0000
@@ -103,6 +103,12 @@
}
return 1;
}
+ } else if (strcasecmp(cmd, "dump") == 0) {
+ if ((cookie = pgpv_verify(&cursor, pgp, in, cc)) != 0) {
+ size = pgpv_dump(pgp, &data);
+ write(STDOUT_FILENO, data, size);
+ return 1;
+ }
} else if (strcasecmp(cmd, "verify") == 0 || strcasecmp(cmd, "trust") == 0) {
modifiers = (strcasecmp(cmd, "trust") == 0) ? "trust" : NULL;
if (pgpv_verify(&cursor, pgp, in, cc)) {
diff -r 8ab6831e7819 -r 7ed982250d10 security/netpgpverify/files/misc.c
--- a/security/netpgpverify/files/misc.c Fri Jan 30 17:36:59 2015 +0000
+++ b/security/netpgpverify/files/misc.c Fri Jan 30 18:47:50 2015 +0000
@@ -65,3 +65,48 @@
free(ptr);
#endif
}
+
+#define HEXDUMP_LINELEN 16
+
+#ifndef PRIsize
+#define PRIsize "z"
+#endif
+
+/* show hexadecimal/ascii dump */
+ssize_t
+netpgp_hexdump(const void *vin, const size_t len, void *outvp, size_t size)
+{
+ const char *in = (const char *)vin;
+ size_t i;
+ char line[HEXDUMP_LINELEN + 1];
+ char *out = (char *)outvp;
+ int o;
+
+ for (i = 0, o = 0 ; i < len ; i++) {
+ if (i % HEXDUMP_LINELEN == 0) {
+ o += snprintf(&out[o], size - o,
+ "%.5" PRIsize "u | ", i);
+ } else if (i % (HEXDUMP_LINELEN / 2) == 0) {
+ o += snprintf(&out[o], size - o, " ");
+ }
+ o += snprintf(&out[o], size - o, "%.02x ", (uint8_t)in[i]);
+ line[i % HEXDUMP_LINELEN] =
+ (isprint((uint8_t)in[i])) ? in[i] : '.';
+ if (i % HEXDUMP_LINELEN == HEXDUMP_LINELEN - 1) {
+ line[HEXDUMP_LINELEN] = 0x0;
+ o += snprintf(&out[o], size - o, " | %s\n", line);
+ }
+ }
+ if (i % HEXDUMP_LINELEN != 0) {
+ for ( ; i % HEXDUMP_LINELEN != 0 ; i++) {
+ o += snprintf(&out[o], size - o, " ");
+ if (i % (HEXDUMP_LINELEN / 2) == 0) {
+ o += snprintf(&out[o], size - o, " ");
+ }
+ line[i % HEXDUMP_LINELEN] = ' ';
+ }
+ line[HEXDUMP_LINELEN] = 0x0;
+ o += snprintf(&out[o], size - o, " | %s\n", line);
+ }
+ return (ssize_t)o;
+}
diff -r 8ab6831e7819 -r 7ed982250d10 security/netpgpverify/files/misc.h
--- a/security/netpgpverify/files/misc.h Fri Jan 30 17:36:59 2015 +0000
+++ b/security/netpgpverify/files/misc.h Fri Jan 30 18:47:50 2015 +0000
@@ -43,6 +43,7 @@
void *netpgp_allocate(size_t /*n*/, size_t /*nels*/);
void netpgp_deallocate(void */*ptr*/, size_t /*size*/);
+ssize_t netpgp_hexdump(const void */*in*/, const size_t /*inlen*/, void */*out*/, size_t /*outsize*/);
__END_DECLS
diff -r 8ab6831e7819 -r 7ed982250d10 security/netpgpverify/files/netpgpverify.1
--- a/security/netpgpverify/files/netpgpverify.1 Fri Jan 30 17:36:59 2015 +0000
+++ b/security/netpgpverify/files/netpgpverify.1 Fri Jan 30 18:47:50 2015 +0000
@@ -1,6 +1,6 @@
-.\" $NetBSD: netpgpverify.1,v 1.3 2014/02/04 02:11:18 agc Exp $
+.\" $NetBSD: netpgpverify.1,v 1.4 2015/01/30 18:47:51 agc Exp $
.\"
-.\" Copyright (c) 2013,2014 Alistair Crooks <agc%NetBSD.org@localhost>
+.\" Copyright (c) 2013,2014,2015 Alistair Crooks <agc%NetBSD.org@localhost>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd February 2, 2014
+.Dd January 15, 2015
.Dt NETPGPVERIFY 1
.Os
.Sh NAME
@@ -71,15 +71,21 @@
The
.Fl k
command line argument allows a keyring to be specified.
+.Pp
The
.Fl v
command line argument prints the version of the
.Nm
command and then exits.
-Finally, the
+.Pp
+The
.Fl c
-command specified the command which may be given.
-This can take one of two values:
+argument allows a
+.Dq command
+to be given, modifying the behaviour of the
+.Nm
+command.
+This command can take one of three values:
.Dq verify
which is also the default, which verifies the signature
on the data;
@@ -87,7 +93,17 @@
will also verify the signature on the data, and, if
successfully verified, will display the verified
data on
-.Dv stdout .
+.Dv stdout ;
+and
+.Dq dump
+which will dump the individual PGP packets to standard out, along
+with a hexadecimal dump of the first part of the contents of each
+packet.
Home |
Main Index |
Thread Index |
Old Index