[src/trunk]: src/crypto/external/bsd/netpgp/dist Commit some changes that hav...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/crypto/external/bsd/netpgp/dist Commit some changes that hav...
From: agc <agc%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 18:09:32 +0000
details:   https://anonhg.NetBSD.org/src/rev/f334bb02efe5
branches:  trunk
changeset: 749160:f334bb02efe5
user:      agc <agc%NetBSD.org@localhost>
date:      Thu Nov 19 21:56:00 2009 +0000

description:
Commit some changes that have been in a private tree for a while:

+ add a netpgp library function - netpgp_get_key(3) - to print a
specific key
+ add functionality to call this function in netpgpkeys(1)
+ add test for netpgp_get_key
+ add a verbose switch to the tst script
+ add netpgp functions to expose the memory signing and verification
functions - netpgp_sign_memory(3) and netpgp_verify_memory(3)
+ coalesced signing and verification ops file functions

diffstat:

 crypto/external/bsd/netpgp/dist/TODO                        |    3 +
 crypto/external/bsd/netpgp/dist/include/netpgp.h            |    5 +
 crypto/external/bsd/netpgp/dist/src/lib/keyring.h           |    1 +
 crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3         |   24 +-
 crypto/external/bsd/netpgp/dist/src/lib/netpgp.c            |  124 +++-
 crypto/external/bsd/netpgp/dist/src/lib/packet-print.c      |   58 +-
 crypto/external/bsd/netpgp/dist/src/lib/signature.c         |  443 ++++-------
 crypto/external/bsd/netpgp/dist/src/lib/signature.h         |   19 +-
 crypto/external/bsd/netpgp/dist/src/lib/symmetric.c         |    6 +-
 crypto/external/bsd/netpgp/dist/src/lib/validate.c          |   14 +-
 crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c |   14 +
 crypto/external/bsd/netpgp/dist/tst                         |   17 +-
 12 files changed, 428 insertions(+), 300 deletions(-)

diffs (truncated from 1072 to 300 lines):

diff -r d2a9ea8d80d1 -r f334bb02efe5 crypto/external/bsd/netpgp/dist/TODO
--- a/crypto/external/bsd/netpgp/dist/TODO      Thu Nov 19 19:57:40 2009 +0000
+++ b/crypto/external/bsd/netpgp/dist/TODO      Thu Nov 19 21:56:00 2009 +0000
@@ -1,5 +1,8 @@
 To Do
 =====
+convert to and from ascii armored sigs
+gpgme compat lib
+--list-sigs
 make netpgpkeys work - add, import, commit, update, sign, passphrase
 return userids from successful verify, and then print id out if required
 is get_passphrase_cb needed?
diff -r d2a9ea8d80d1 -r f334bb02efe5 crypto/external/bsd/netpgp/dist/include/netpgp.h
--- a/crypto/external/bsd/netpgp/dist/include/netpgp.h  Thu Nov 19 19:57:40 2009 +0000
+++ b/crypto/external/bsd/netpgp/dist/include/netpgp.h  Thu Nov 19 21:56:00 2009 +0000
@@ -70,6 +70,7 @@
 /* key management */
 int netpgp_list_keys(netpgp_t *);
 int netpgp_find_key(netpgp_t *, char *);
+char *netpgp_get_key(netpgp_t *, const char *);
 int netpgp_export_key(netpgp_t *, char *);
 int netpgp_import_key(netpgp_t *, char *);
 int netpgp_generate_key(netpgp_t *, char *, int);
@@ -80,6 +81,10 @@
 int netpgp_sign_file(netpgp_t *, const char *, const char *, char *, int, int, int);
 int netpgp_verify_file(netpgp_t *, const char *, const char *, int);
 
+/* memory signing */
+int netpgp_sign_memory(netpgp_t *, const char *, char *, size_t, char *, size_t, const unsigned, const unsigned);
+int netpgp_verify_memory(netpgp_t *, const void *, const size_t, const int);
+
 __END_DECLS
 
 #endif /* !NETPGP_H_ */
diff -r d2a9ea8d80d1 -r f334bb02efe5 crypto/external/bsd/netpgp/dist/src/lib/keyring.h
--- a/crypto/external/bsd/netpgp/dist/src/lib/keyring.h Thu Nov 19 19:57:40 2009 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/keyring.h Thu Nov 19 21:56:00 2009 +0000
@@ -113,6 +113,7 @@
 int __ops_parse_and_accumulate(__ops_keyring_t *, __ops_stream_t *);
 
 void __ops_print_pubkeydata(__ops_io_t *, const __ops_key_t *);
+int __ops_sprint_pubkeydata(const __ops_key_t *, char **);
 void __ops_print_pubkey(const __ops_pubkey_t *);
 
 void __ops_print_seckeydata(__ops_io_t *, const __ops_key_t *);
diff -r d2a9ea8d80d1 -r f334bb02efe5 crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3
--- a/crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3       Thu Nov 19 19:57:40 2009 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3       Thu Nov 19 21:56:00 2009 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: libnetpgp.3,v 1.8 2009/05/14 09:42:09 wiz Exp $
+.\" $NetBSD: libnetpgp.3,v 1.9 2009/11/19 21:56:00 agc Exp $
 .\"
 .\" Copyright (c) 2009 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd May 12, 2009
+.Dd November 19, 2009
 .Dt LIBNETPGP 3
 .Os
 .Sh NAME
@@ -84,6 +84,20 @@
 .Fa "netpgp_t *netpgp" "char *f" "int armored"
 .Fc
 .Ft int
+.Fo netpgp_sign_memory
+.Fa "netpgp_t *netpgp" "const char *userid" "char *mem"
+.Fa "size_t size" "char *out" "size_t outsize"
+.Fa "const unsigned armored" "const unsigned cleartext"
+.Fc
+.Ft int
+.Fo netpgp_verify_memory
+.Fa "netpgp_t *netpgp" "const void *in" "const size_t size" "const int armored"
+.Fc
+.Ft char *
+.Fo netpgp_get_key
+.Fa "netpgp_t *netpgp" "const char *id"
+.Fc
+.Ft int
 .Fo netpgp_set_debug
 .Fa "const char *filename"
 .Fc
@@ -180,6 +194,12 @@
 .Fn netpgp_verify_file
 function.
 .Pp
+.Fn netpgp_sign_memory
+is a function which can sign an area
+of memory, and
+.Fn netpgp_verify_memory
+verifies the digital signature produced.
+.Pp
 Internally, an encrypted or signed file
 is made up of
 .Dq packets
diff -r d2a9ea8d80d1 -r f334bb02efe5 crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c  Thu Nov 19 19:57:40 2009 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c  Thu Nov 19 21:56:00 2009 +0000
@@ -34,7 +34,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.29 2009/10/07 04:18:47 agc Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.30 2009/11/19 21:56:00 agc Exp $");
 #endif
 
 #include <sys/types.h>
@@ -374,6 +374,26 @@
        return __ops_getkeybyname(netpgp->io, netpgp->pubring, id) != NULL;
 }
 
+/* get a key in a keyring */
+char *
+netpgp_get_key(netpgp_t *netpgp, const char *id)
+{
+       const __ops_key_t       *key;
+       __ops_io_t              *io;
+       char                    *newkey;
+
+       io = netpgp->io;
+       if (id == NULL) {
+               (void) fprintf(io->errs, "NULL id to search for\n");
+               return NULL;
+       }
+       if ((key = __ops_getkeybyname(netpgp->io, netpgp->pubring, id)) == NULL) {
+               (void) fprintf(io->errs, "Can't find key '%s'\n", id);
+               return NULL;
+       }
+       return (__ops_sprint_pubkeydata(key, &newkey) > 0) ? newkey : NULL;
+}
+
 /* export a given key */
 int
 netpgp_export_key(netpgp_t *netpgp, char *userid)
@@ -567,14 +587,11 @@
        } while (seckey == NULL);
        /* sign file */
        hashalg = netpgp_getvar(netpgp, "hash");
-       if (cleartext) {
-               ret = __ops_sign_file_as_cleartext(io, f, out, seckey,
-                                               hashalg, overwrite);
-       } else if (detached) {
+       if (detached) {
                ret = __ops_sign_detached(io, f, out, seckey, hashalg);
        } else {
                ret = __ops_sign_file(io, f, out, seckey, hashalg,
-                                       (unsigned)armored, overwrite);
+                               (unsigned)armored, (unsigned)cleartext, overwrite);
        }
        __ops_forget(seckey, sizeof(*seckey));
        return ret;
@@ -611,6 +628,101 @@
        return 0;
 }
 
+/* sign some memory */
+int
+netpgp_sign_memory(netpgp_t *netpgp,
+               const char *userid,
+               char *mem,
+               size_t size,
+               char *out,
+               size_t outsize,
+               const unsigned armored,
+               const unsigned cleartext)
+{
+       const __ops_key_t       *keypair;
+       __ops_seckey_t          *seckey;
+       __ops_memory_t          *signedmem;
+       __ops_io_t              *io;
+       char                    *hashalg;
+       int                      ret;
+
+       io = netpgp->io;
+       if (mem == NULL) {
+               (void) fprintf(io->errs,
+                       "netpgp_sign_memory: no memory to sign\n");
+               return 0;
+       }
+       if (userid == NULL) {
+               userid = netpgp_getvar(netpgp, "userid");
+       }
+       /* get key with which to sign */
+       keypair = __ops_getkeybyname(io, netpgp->secring, userid);
+       if (keypair == NULL) {
+               (void) fprintf(io->errs, "Userid '%s' not found in keyring\n",
+                               userid);
+               return 0;
+       }
+       ret = 1;
+       do {
+               /* print out the user id */
+               __ops_print_pubkeydata(io, keypair);
+               /* now decrypt key */
+               seckey = __ops_decrypt_seckey(keypair);
+               if (seckey == NULL) {
+                       (void) fprintf(io->errs, "Bad passphrase\n");
+               }
+       } while (seckey == NULL);
+       /* sign file */
+       hashalg = netpgp_getvar(netpgp, "hash");
+       signedmem = __ops_sign_buf(io, mem, size, seckey, hashalg,
+                                               armored, cleartext);
+       if (signedmem) {
+               size_t  m;
+
+               m = MIN(__ops_mem_len(signedmem), outsize);
+               (void) memcpy(out, __ops_mem_data(signedmem), m);
+               __ops_memory_free(signedmem);
+       }
+       __ops_forget(seckey, sizeof(*seckey));
+       return ret;
+}
+
+/* verify memory */
+int
+netpgp_verify_memory(netpgp_t *netpgp, const void *in, const size_t size, const int armored)
+{
+       __ops_validation_t       result;
+       __ops_memory_t          *signedmem;
+       __ops_io_t              *io;
+       int                      ret;
+
+       (void) memset(&result, 0x0, sizeof(result));
+       io = netpgp->io;
+       if (in == NULL) {
+               (void) fprintf(io->errs,
+                       "netpgp_verify_memory: no memory to verify\n");
+               return 0;
+       }
+       signedmem = __ops_memory_new();
+       __ops_memory_add(signedmem, in, size);
+       ret = __ops_validate_mem(io, &result, signedmem, armored,
+                                               netpgp->pubring);
+       __ops_memory_free(signedmem);
+       if (ret) {
+               resultp(io, in, &result, netpgp->pubring);
+               return 1;
+       }
+       if (result.validc + result.invalidc + result.unknownc == 0) {
+               (void) fprintf(io->errs,
+               "No signatures found - is this memory signed?\n");
+       } else {
+               (void) fprintf(io->errs,
+"memory verification failure: %u invalid signatures, %u unknown signatures\n",
+                       result.invalidc, result.unknownc);
+       }
+       return 0;
+}
+
 /* wrappers for the ops_debug_level functions we added to openpgpsdk */
 
 /* set the debugging level per filename */
diff -r d2a9ea8d80d1 -r f334bb02efe5 crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c    Thu Nov 19 19:57:40 2009 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c    Thu Nov 19 21:56:00 2009 +0000
@@ -58,7 +58,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: packet-print.c,v 1.19 2009/10/07 04:18:47 agc Exp $");
+__RCSID("$NetBSD: packet-print.c,v 1.20 2009/11/19 21:56:00 agc Exp $");
 #endif
 
 #include <string.h>
@@ -396,6 +396,62 @@
        }
 }
 
+/* return the hexdump as a string */
+static char *
+strhexdump(char *dest, const unsigned char *src, size_t length, const char *sep)
+{
+       unsigned i;
+       int     n;
+
+       for (n = 0, i = 0 ; i < length ; i += 2) {
+               n += snprintf(&dest[n], 3, "%02x", *src++);
+               n += snprintf(&dest[n], 10, "%02x%s", *src++, sep);
+       }
+       return dest;
+}
+
+/* return the time as a string */
+static char * 
+ptimestr(char *dest, size_t size, time_t t)
+{
+       struct tm      *tm;
+
+       tm = gmtime(&t);
+       (void) snprintf(dest, size, "%04d-%02d-%02d",
+               tm->tm_year + 1900,
+               tm->tm_mon + 1,
+               tm->tm_mday);
+       return dest;
+}
+
+#ifndef KB
Prev by Date: [src/trunk]: src/sys/arch/i386/stand/lib Shorten slightly
Next by Date: [src/trunk]: src/sys/arch/i386/stand/lib Add 32 bit versions of message and d...
Previous by Thread: [src/trunk]: src/sys/arch/i386/stand/lib Shorten slightly
Next by Thread: [src/trunk]: src/sys/arch/i386/stand/lib Add 32 bit versions of message and d...
Indexes:
Home | Main Index | Thread Index | Old Index