Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/netpgp/dist Changes to 3.99.5
details: https://anonhg.NetBSD.org/src/rev/5a73f0cc35b3
branches: trunk
changeset: 755847:5a73f0cc35b3
user: agc <agc%NetBSD.org@localhost>
date: Fri Jun 25 03:37:27 2010 +0000
description:
Changes to 3.99.5
+ make ssh fingerprints (md5) match netpgp listing
+ use the more functional hexdump function from ssh2pgp in place of the
older hexdump function from openpgpsdk
+ pass hash type down from command line where needed
+ add test for netpgp/ssh key fingerprint matching
+ make netpgpkeys(1) take a --hash= option
With these changes, netpgp can be made to generate the same fingerprint as
openssh (by default, ssh-keygen(1) uses an md5 digest)
% /usr/bin/netpgpkeys --ssh-keys --sshkeyfile=/etc/ssh/ssh_host_rsa_key.pub --list-keys --hash=md5
1 key
pub 1024/RSA (Encrypt or Sign) fcdd1c608bef4c4b 2008-08-11
Key fingerprint: e935 902d ebf1 76ba fcdd 1c60 8bef 4c4b
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root%osx-vm1.crowthorne.alistaircrooks.co.uk@localhost>
% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
1024 e9:35:90:2d:eb:f1:76:ba:fc:dd:1c:60:8b:ef:4c:4b /etc/ssh/ssh_host_rsa_key.pub (RSA)
%
diffstat:
crypto/external/bsd/netpgp/dist/TODO | 1 +
crypto/external/bsd/netpgp/dist/src/lib/create.c | 32 +-
crypto/external/bsd/netpgp/dist/src/lib/crypto.c | 24 +-
crypto/external/bsd/netpgp/dist/src/lib/keyring.c | 20 +-
crypto/external/bsd/netpgp/dist/src/lib/keyring.h | 1 +
crypto/external/bsd/netpgp/dist/src/lib/misc.c | 223 +++++++----
crypto/external/bsd/netpgp/dist/src/lib/netpgp.c | 20 +-
crypto/external/bsd/netpgp/dist/src/lib/netpgpdefs.h | 2 +-
crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c | 10 +-
crypto/external/bsd/netpgp/dist/src/lib/ops-ssh.h | 6 +-
crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c | 17 +-
crypto/external/bsd/netpgp/dist/src/lib/packet-print.c | 47 +--
crypto/external/bsd/netpgp/dist/src/lib/packet.h | 10 +-
crypto/external/bsd/netpgp/dist/src/lib/reader.c | 27 +-
crypto/external/bsd/netpgp/dist/src/lib/signature.c | 34 +-
crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c | 79 +--
crypto/external/bsd/netpgp/dist/src/lib/validate.c | 28 +-
crypto/external/bsd/netpgp/dist/src/lib/version.h | 2 +-
crypto/external/bsd/netpgp/dist/src/lib/writer.c | 20 +-
crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.1 | 23 +-
crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c | 16 +
crypto/external/bsd/netpgp/dist/tst | 7 +-
22 files changed, 329 insertions(+), 320 deletions(-)
diffs (truncated from 1459 to 300 lines):
diff -r ed56ba24f8a4 -r 5a73f0cc35b3 crypto/external/bsd/netpgp/dist/TODO
--- a/crypto/external/bsd/netpgp/dist/TODO Thu Jun 24 21:20:23 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/TODO Fri Jun 25 03:37:27 2010 +0000
@@ -95,3 +95,4 @@
--list-sigs - these come out in __ops_check_subkey_sig()
hkp to include sigs too
make netpgpkeys work - add, import, commit, update, sign, passphrase
+fix ssh fingerprints not matching netpgp
diff -r ed56ba24f8a4 -r 5a73f0cc35b3 crypto/external/bsd/netpgp/dist/src/lib/create.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/create.c Thu Jun 24 21:20:23 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/create.c Fri Jun 25 03:37:27 2010 +0000
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: create.c,v 1.28 2010/05/25 01:05:10 agc Exp $");
+__RCSID("$NetBSD: create.c,v 1.29 2010/06/25 03:37:27 agc Exp $");
#endif
#include <sys/types.h>
@@ -422,10 +422,8 @@
__ops_encrypt_init(&crypted);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "\nWRITING:\niv=");
- hexdump(stderr, key->iv, __ops_block_size(key->alg), " ");
- (void) fprintf(stderr, "\nkey=");
- hexdump(stderr, sesskey, CAST_KEY_LENGTH, " ");
+ hexdump(stderr, "writing: iv=", key->iv, __ops_block_size(key->alg));
+ hexdump(stderr, "key= ", sesskey, CAST_KEY_LENGTH);
(void) fprintf(stderr, "\nturning encryption on...\n");
}
__ops_push_enc_crypt(output, &crypted);
@@ -838,9 +836,7 @@
cs[1] = (uint8_t)(checksum & 0xff);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr,"\nm buf checksum: ");
- hexdump(stderr, cs, 2, " ");
- (void) fprintf(stderr,"\n");
+ hexdump(stderr, "nm buf checksum:", cs, 2);
}
return 1;
}
@@ -922,9 +918,7 @@
(void) memcpy(EM + i, M, mLen);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "Encoded Message: \n");
- hexdump(stderr, EM, mLen, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "Encoded Message:", EM, mLen);
}
return 1;
}
@@ -984,9 +978,7 @@
sizeof(sesskey->key_id));
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "Encrypting for RSA key id : ");
- hexdump(stderr, key->key_id, sizeof(sesskey->key_id), " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "Encrypting for RSA keyid", key->key_id, sizeof(sesskey->key_id));
}
if (key->key.pubkey.alg != OPS_PKA_RSA) {
(void) fprintf(stderr,
@@ -1002,11 +994,7 @@
__ops_random(sesskey->key, CAST_KEY_LENGTH);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr,
- "CAST5 session key created (len=%d):\n ",
- CAST_KEY_LENGTH);
- hexdump(stderr, sesskey->key, CAST_KEY_LENGTH, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "CAST5 sesskey created", sesskey->key, CAST_KEY_LENGTH);
}
if (create_unencoded_m_buf(sesskey, &unencoded_m_buf[0]) == 0) {
free(encoded_m_buf);
@@ -1014,9 +1002,7 @@
return NULL;
}
if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "unencoded m buf:\n");
- hexdump(stderr, unencoded_m_buf, SZ_UNENCODED_M_BUF, " ");
- fprintf(stderr, "\n");
+ hexdump(stderr, "uuencoded m buf", unencoded_m_buf, SZ_UNENCODED_M_BUF);
}
encode_m_buf(unencoded_m_buf, SZ_UNENCODED_M_BUF, pubkey, encoded_m_buf);
@@ -1238,7 +1224,7 @@
{
uint8_t keyid[OPS_KEY_ID_SIZE];
- __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey);
+ __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey, OPS_HASH_SHA1); /* XXX - hardcoded */
return __ops_write_ptag(output, OPS_PTAG_CT_1_PASS_SIG) &&
__ops_write_length(output, 1 + 1 + 1 + 1 + 8 + 1) &&
__ops_write_scalar(output, 3, 1) /* version */ &&
diff -r ed56ba24f8a4 -r 5a73f0cc35b3 crypto/external/bsd/netpgp/dist/src/lib/crypto.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/crypto.c Thu Jun 24 21:20:23 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/crypto.c Fri Jun 25 03:37:27 2010 +0000
@@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: crypto.c,v 1.23 2010/05/16 02:46:25 agc Exp $");
+__RCSID("$NetBSD: crypto.c,v 1.24 2010/06/25 03:37:27 agc Exp $");
#endif
#include <sys/types.h>
@@ -109,9 +109,7 @@
}
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "\nDECRYPTING\nencrypted data : ");
- hexdump(stderr, encmpibuf, 16, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "encrypted", encmpibuf, 16);
}
n = __ops_rsa_private_decrypt(mpibuf, encmpibuf,
(unsigned)(BN_num_bits(encmpi) + 7) / 8,
@@ -122,21 +120,13 @@
}
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "decrypted encoded m buf : ");
- hexdump(stderr, mpibuf, 16, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "decrypted", mpibuf, 16);
}
if (n <= 0) {
return -1;
}
- if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, " decrypted=%d ", n);
- hexdump(stderr, mpibuf, (unsigned)n, "");
- fprintf(stderr, "\n");
- }
/* Decode EME-PKCS1_V1_5 (RFC 2437). */
-
if (mpibuf[0] != 0 || mpibuf[1] != 2) {
return -1;
}
@@ -158,9 +148,7 @@
}
if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "decoded m buf:\n");
- hexdump(stderr, buf, (size_t)(n - i), " ");
- fprintf(stderr, "\n");
+ hexdump(stderr, "decoded m", buf, (size_t)(n - i));
}
return n - i;
}
@@ -197,9 +185,7 @@
skp->rsa.encrypted_m = BN_bin2bn(encmpibuf, n, NULL);
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "encrypted mpi buf : ");
- hexdump(stderr, encmpibuf, 16, " ");
- (void) fprintf(stderr, "\n");
+ hexdump(stderr, "encrypted mpi", encmpibuf, 16);
}
return 1;
}
diff -r ed56ba24f8a4 -r 5a73f0cc35b3 crypto/external/bsd/netpgp/dist/src/lib/keyring.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/keyring.c Thu Jun 24 21:20:23 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/keyring.c Fri Jun 25 03:37:27 2010 +0000
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: keyring.c,v 1.37 2010/05/25 01:05:10 agc Exp $");
+__RCSID("$NetBSD: keyring.c,v 1.38 2010/06/25 03:37:27 agc Exp $");
#endif
#ifdef HAVE_FCNTL_H
@@ -822,12 +822,8 @@
{
for ( ; keyring && *from < keyring->keyc; *from += 1) {
if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(io->errs,
- "__ops_getkeybyid: keyring keyid ");
- hexdump(io->errs, keyring->keys[*from].key_id, OPS_KEY_ID_SIZE, "");
- (void) fprintf(io->errs, ", keyid ");
- hexdump(io->errs, keyid, OPS_KEY_ID_SIZE, "");
- (void) fprintf(io->errs, "\n");
+ hexdump(io->errs, "keyring keyid", keyring->keys[*from].key_id, OPS_KEY_ID_SIZE);
+ hexdump(io->errs, "keyid", keyid, OPS_KEY_ID_SIZE);
}
if (memcmp(keyring->keys[*from].key_id, keyid,
OPS_KEY_ID_SIZE) == 0) {
@@ -904,7 +900,7 @@
(void) memset(keyid, 0x0, sizeof(keyid));
str2keyid(name, keyid, sizeof(keyid));
if (__ops_get_debug_level(__FILE__)) {
- hexdump(io->outs, keyid, 4, "");
+ hexdump(io->outs, "keyid", keyid, 4);
}
savedstart = *from;
if ((kp = __ops_getkeybyid(io, keyring, keyid, from)) != NULL) {
@@ -1031,8 +1027,8 @@
key = &keyring->keys[keyring->keyc++];
duration = key->key.pubkey.duration;
(void) memset(key, 0x0, sizeof(*key));
- __ops_keyid(key->key_id, OPS_KEY_ID_SIZE, pubkey);
- __ops_fingerprint(&key->fingerprint, pubkey);
+ __ops_keyid(key->key_id, OPS_KEY_ID_SIZE, pubkey, keyring->hashtype);
+ __ops_fingerprint(&key->fingerprint, pubkey, keyring->hashtype);
key->type = OPS_PTAG_CT_PUBLIC_KEY;
key->key.pubkey = *pubkey;
key->key.pubkey.duration = duration;
@@ -1050,8 +1046,8 @@
key = &keyring->keys[keyring->keyc++];
(void) memset(key, 0x0, sizeof(*key));
pubkey = &seckey->pubkey;
- __ops_keyid(key->key_id, OPS_KEY_ID_SIZE, pubkey);
- __ops_fingerprint(&key->fingerprint, pubkey);
+ __ops_keyid(key->key_id, OPS_KEY_ID_SIZE, pubkey, keyring->hashtype);
+ __ops_fingerprint(&key->fingerprint, pubkey, keyring->hashtype);
key->type = OPS_PTAG_CT_SECRET_KEY;
key->key.seckey = *seckey;
return 1;
diff -r ed56ba24f8a4 -r 5a73f0cc35b3 crypto/external/bsd/netpgp/dist/src/lib/keyring.h
--- a/crypto/external/bsd/netpgp/dist/src/lib/keyring.h Thu Jun 24 21:20:23 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/keyring.h Fri Jun 25 03:37:27 2010 +0000
@@ -68,6 +68,7 @@
*/
typedef struct __ops_keyring_t {
DYNARRAY(__ops_key_t, key);
+ __ops_hash_alg_t hashtype;
} __ops_keyring_t;
const __ops_key_t *__ops_getkeybyid(__ops_io_t *,
diff -r ed56ba24f8a4 -r 5a73f0cc35b3 crypto/external/bsd/netpgp/dist/src/lib/misc.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/misc.c Thu Jun 24 21:20:23 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/misc.c Fri Jun 25 03:37:27 2010 +0000
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: misc.c,v 1.30 2010/05/25 01:05:10 agc Exp $");
+__RCSID("$NetBSD: misc.c,v 1.31 2010/06/25 03:37:27 agc Exp $");
#endif
#include <sys/types.h>
@@ -98,7 +98,7 @@
typedef struct {
- __ops_keyring_t *keyring;
+ __ops_keyring_t *keyring;
} accumulate_t;
/**
@@ -402,6 +402,60 @@
}
}
+/* hash a 32-bit integer */
+static int
+hash_uint32(__ops_hash_t *hash, uint32_t n)
+{
+ uint8_t ibuf[4];
+
+ ibuf[0] = (uint8_t)(n >> 24) & 0xff;
+ ibuf[1] = (uint8_t)(n >> 16) & 0xff;
+ ibuf[2] = (uint8_t)(n >> 8) & 0xff;
+ ibuf[3] = (uint8_t)n & 0xff;
+ (*hash->add)(hash, (const uint8_t *)(void *)ibuf, sizeof(ibuf));
+ return sizeof(ibuf);
+}
+
+/* hash a string - first length, then string itself */
+static int
+hash_string(__ops_hash_t *hash, const uint8_t *buf, uint32_t len)
+{
+ if (__ops_get_debug_level(__FILE__)) {
+ hexdump(stderr, "hash_string", buf, len);
+ }
+ hash_uint32(hash, len);
+ (*hash->add)(hash, buf, len);
+ return sizeof(len) + (int)len;
+}
+
+/* hash a bignum, possibly padded - first length, then string itself */
+static int
+hash_bignum(__ops_hash_t *hash, BIGNUM *bignum)
+{
+ uint8_t *bn;
+ size_t len;
+ int padbyte;
+
+ if (BN_is_zero(bignum)) {
+ hash_uint32(hash, 0);
+ return sizeof(len);
+ }
+ if ((len = (size_t) BN_num_bytes(bignum)) < 1) {
Home |
Main Index |
Thread Index |
Old Index