Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/netpgp/dist Changes to 3.99.12/20100907
details: https://anonhg.NetBSD.org/src/rev/bf46993d3ab1
branches: trunk
changeset: 757621:bf46993d3ab1
user: agc <agc%NetBSD.org@localhost>
date: Wed Sep 08 03:21:21 2010 +0000
description:
Changes to 3.99.12/20100907
+ add a pretty print function mj_pretty(3) to libmj
+ added netpgp_write_sshkey(3) to libnetpgp
+ added pgp2ssh(1)
+ added preliminary support for ElGamal decryption, needed for DSA keys
as yet untested, unworking, and a WIP
+ add support for using all ssh keys, even those protected by a passphrase,
for decryption and signing. This rounds off ssh key file support in netpgp.
+ add a single character alias [-S file] for [--sshkeyfile file] to
netpgpkeys(1) and netpgp(1)
As far as ssh key file support goes, see the following example:
% cp configure a
% netpgp -S ~/.ssh/id_rsa.pub -e a
% netpgp -S ~/.ssh/id_rsa.pub -d a.gpg
Enter PEM pass phrase:
% ls -al a a.gpg
-rwxr-xr-x 1 agc agc 758398 Sep 7 05:38 a
-rw------- 1 agc agc 156886 Sep 7 05:38 a.gpg
%
diffstat:
crypto/external/bsd/netpgp/dist/TODO | 4 +-
crypto/external/bsd/netpgp/dist/src/lib/crypto.c | 49 ++++++-
crypto/external/bsd/netpgp/dist/src/lib/crypto.h | 6 +
crypto/external/bsd/netpgp/dist/src/lib/netpgp.c | 17 +-
crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c | 99 +++++++++++-
crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c | 4 +-
crypto/external/bsd/netpgp/dist/src/lib/ssh2pgp.c | 7 +
crypto/external/bsd/netpgp/dist/src/lib/version.h | 2 +-
crypto/external/bsd/netpgp/dist/src/libmj/libmj.3 | 25 ++-
crypto/external/bsd/netpgp/dist/src/libmj/mj.c | 54 +++++++
crypto/external/bsd/netpgp/dist/src/libmj/mj.h | 1 +
crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c | 8 +-
crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c | 6 +-
13 files changed, 256 insertions(+), 26 deletions(-)
diffs (truncated from 609 to 300 lines):
diff -r d617745ab415 -r bf46993d3ab1 crypto/external/bsd/netpgp/dist/TODO
--- a/crypto/external/bsd/netpgp/dist/TODO Wed Sep 08 00:47:44 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/TODO Wed Sep 08 03:21:21 2010 +0000
@@ -6,7 +6,6 @@
convert to and from ascii armored sigs
gpgme compat lib
get rid of public key free as part of seckey
-return userids from successful verify, and then print id out if required
is get_passphrase_cb needed?
error logging
separate from libcrypto?
@@ -97,3 +96,6 @@
make netpgpkeys work - add, import, commit, update, sign, passphrase
fix ssh fingerprints not matching netpgp
json/yaml output
+return userids from successful verify, and then print id out if required
+convert between pgp and ssh key formats
+PEM ssh keys and passphrases
diff -r d617745ab415 -r bf46993d3ab1 crypto/external/bsd/netpgp/dist/src/lib/crypto.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/crypto.c Wed Sep 08 00:47:44 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/crypto.c Wed Sep 08 03:21:21 2010 +0000
@@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: crypto.c,v 1.27 2010/08/15 07:52:26 agc Exp $");
+__RCSID("$NetBSD: crypto.c,v 1.28 2010/09/08 03:21:22 agc Exp $");
#endif
#include <sys/types.h>
@@ -143,8 +143,43 @@
return n - i;
case OPS_PKA_DSA:
case OPS_PKA_ELGAMAL:
- (void) fprintf(stderr, "XXX - no support for DSA/Elgamal yet\n");
- return 0;
+ (void) fprintf(stderr, "XXX - preliminary support for DSA/Elgamal\n");
+ if (__ops_get_debug_level(__FILE__)) {
+ hexdump(stderr, "encrypted", encmpibuf, 16);
+ }
+ n = __ops_elgamal_private_decrypt(mpibuf, encmpibuf,
+ (unsigned)(BN_num_bits(encmpi) + 7) / 8,
+ &seckey->key.elgamal, &seckey->pubkey.key.elgamal);
+ if (n == -1) {
+ (void) fprintf(stderr, "ops_elgamal_private_decrypt failure\n");
+ return -1;
+ }
+ if (__ops_get_debug_level(__FILE__)) {
+ hexdump(stderr, "decrypted", mpibuf, 16);
+ }
+ if (n <= 0) {
+ return -1;
+ }
+ /* Decode EME-PKCS1_V1_5 (RFC 2437). */
+ if (mpibuf[0] != 0 || mpibuf[1] != 2) {
+ return -1;
+ }
+ /* Skip the random bytes. */
+ for (i = 2; i < n && mpibuf[i]; ++i) {
+ }
+ if (i == n || i < 10) {
+ return -1;
+ }
+ /* Skip the zero */
+ i += 1;
+ /* this is the unencoded m buf */
+ if ((unsigned) (n - i) <= buflen) {
+ (void) memcpy(buf, mpibuf + i, (unsigned)(n - i)); /* XXX - Flexelint */
+ }
+ if (__ops_get_debug_level(__FILE__)) {
+ hexdump(stderr, "decoded m", buf, (size_t)(n - i));
+ }
+ return n - i;
default:
(void) fprintf(stderr, "pubkey algorithm wrong\n");
return -1;
@@ -216,6 +251,10 @@
return __ops_pk_sesskey_cb(pkt, cbinfo);
case OPS_GET_SECKEY:
+ if (cbinfo->sshseckey) {
+ *content->get_seckey.seckey = cbinfo->sshseckey;
+ return OPS_KEEP_MEMORY;
+ }
return __ops_get_seckey_cb(pkt, cbinfo);
case OPS_GET_PASSPHRASE:
@@ -361,6 +400,7 @@
__ops_keyring_t *pubring,
const unsigned use_armour,
const unsigned allow_overwrite,
+ const unsigned sshkeys,
void *passfp,
__ops_cbfunc_t *getpassfunc)
{
@@ -424,6 +464,7 @@
parse->cbinfo.passfp = passfp;
parse->cbinfo.cryptinfo.getpassphrase = getpassfunc;
parse->cbinfo.cryptinfo.pubring = pubring;
+ parse->cbinfo.sshseckey = (sshkeys) ? &secring->keys[0].key.seckey : NULL;
/* Set up armour/passphrase options */
if (use_armour) {
@@ -456,6 +497,7 @@
__ops_keyring_t *secring,
__ops_keyring_t *pubring,
const unsigned use_armour,
+ const unsigned sshkeys,
void *passfp,
__ops_cbfunc_t *getpassfunc)
{
@@ -487,6 +529,7 @@
parse->cbinfo.cryptinfo.pubring = pubring;
parse->cbinfo.passfp = passfp;
parse->cbinfo.cryptinfo.getpassphrase = getpassfunc;
+ parse->cbinfo.sshseckey = (sshkeys) ? &secring->keys[0].key.seckey : NULL;
/* Set up armour/passphrase options */
if (use_armour) {
diff -r d617745ab415 -r bf46993d3ab1 crypto/external/bsd/netpgp/dist/src/lib/crypto.h
--- a/crypto/external/bsd/netpgp/dist/src/lib/crypto.h Wed Sep 08 00:47:44 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/crypto.h Wed Sep 08 03:21:21 2010 +0000
@@ -145,6 +145,9 @@
int __ops_rsa_private_decrypt(uint8_t *, const uint8_t *, size_t,
const __ops_rsa_seckey_t *, const __ops_rsa_pubkey_t *);
+int __ops_elgamal_private_decrypt(uint8_t *, const uint8_t *, size_t,
+ const __ops_elgamal_seckey_t *, const __ops_elgamal_pubkey_t *);
+
unsigned __ops_block_size(__ops_symm_alg_t);
unsigned __ops_key_size(__ops_symm_alg_t);
@@ -189,6 +192,7 @@
__ops_keyring_t *,
const unsigned,
const unsigned,
+ const unsigned,
void *,
__ops_cbfunc_t *);
@@ -205,6 +209,7 @@
__ops_keyring_t *,
__ops_keyring_t *,
const unsigned,
+ const unsigned,
void *,
__ops_cbfunc_t *);
@@ -256,6 +261,7 @@
void *passfp; /* fp for passphrase input */
__ops_cryptinfo_t cryptinfo; /* used when decrypting */
__ops_printstate_t printstate; /* used to keep state when printing */
+ __ops_seckey_t *sshseckey; /* secret key for ssh */
};
/** __ops_hashtype_t */
diff -r d617745ab415 -r bf46993d3ab1 crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Wed Sep 08 00:47:44 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Wed Sep 08 03:21:21 2010 +0000
@@ -34,7 +34,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.74 2010/09/06 18:19:38 agc Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.75 2010/09/08 03:21:22 agc Exp $");
#endif
#include <sys/types.h>
@@ -264,6 +264,12 @@
if ((filename = netpgp_getvar(netpgp, "sshkeyfile")) == NULL) {
(void) snprintf(f, sizeof(f), "%s/id_rsa.pub", homedir);
filename = f;
+ } else {
+ /* got ssh keys, check for pub file name */
+ if (strcmp(&filename[strlen(filename) - 4], ".pub") != 0) {
+ (void) fprintf(stderr, "readsshkeys: bad pubkey filename '%s'\n", filename);
+ return 0;
+ }
}
if ((pubring = calloc(1, sizeof(*pubring))) == NULL) {
(void) fprintf(stderr, "readsshkeys: bad alloc\n");
@@ -1185,6 +1191,7 @@
const unsigned overwrite = 1;
__ops_io_t *io;
unsigned realarmor;
+ unsigned sshkeys;
__OPS_USED(armored);
io = netpgp->io;
@@ -1194,9 +1201,10 @@
return 0;
}
realarmor = isarmoured(io, f, NULL, ARMOR_HEAD);
+ sshkeys = (unsigned)(netpgp_getvar(netpgp, "ssh keys") != NULL);
return __ops_decrypt_file(netpgp->io, f, out, netpgp->secring,
netpgp->pubring,
- realarmor, overwrite,
+ realarmor, overwrite, sshkeys,
netpgp->passfp, get_passphrase_cb);
}
@@ -1491,6 +1499,7 @@
__ops_memory_t *mem;
__ops_io_t *io;
unsigned realarmour;
+ unsigned sshkeys;
size_t m;
__OPS_USED(armored);
@@ -1501,9 +1510,11 @@
return 0;
}
realarmour = isarmoured(io, NULL, input, ARMOR_HEAD);
+ sshkeys = (unsigned)(netpgp_getvar(netpgp, "ssh keys") != NULL);
mem = __ops_decrypt_buf(netpgp->io, input, insize, netpgp->secring,
netpgp->pubring,
- realarmour, netpgp->passfp,
+ realarmour, sshkeys,
+ netpgp->passfp,
get_passphrase_cb);
m = MIN(__ops_mem_len(mem), outsize);
(void) memcpy(out, __ops_mem_data(mem), m);
diff -r d617745ab415 -r bf46993d3ab1 crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c Wed Sep 08 00:47:44 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c Wed Sep 08 03:21:21 2010 +0000
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: openssl_crypto.c,v 1.28 2010/09/07 00:25:37 agc Exp $");
+__RCSID("$NetBSD: openssl_crypto.c,v 1.29 2010/09/08 03:21:22 agc Exp $");
#endif
#ifdef HAVE_OPENSSL_DSA_H
@@ -77,7 +77,10 @@
#include <stdlib.h>
#include <string.h>
-/* Hash size for secret key check */
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
#include "crypto.h"
#include "keyring.h"
@@ -834,10 +837,13 @@
openssl_read_pem_seckey(const char *f, __ops_key_t *key, const char *type, int verbose)
{
FILE *fp;
+ char prompt[BUFSIZ];
+ char *pass;
DSA *dsa;
RSA *rsa;
int ok;
+ OpenSSL_add_all_algorithms();
if ((fp = fopen(f, "r")) == NULL) {
if (verbose) {
(void) fprintf(stderr, "can't open '%s'\n", f);
@@ -847,13 +853,16 @@
ok = 1;
if (strcmp(type, "ssh-rsa") == 0) {
if ((rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL)) == NULL) {
- ok = 0;
- } else {
- key->key.seckey.key.rsa.d = rsa->d;
- key->key.seckey.key.rsa.p = rsa->p;
- key->key.seckey.key.rsa.q = rsa->q;
- key->key.seckey.key.rsa.d = rsa->d;
+ (void) snprintf(prompt, sizeof(prompt), "netpgp PEM %s passphrase: ", f);
+ do {
+ pass = getpass(prompt);
+ rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, pass);
+ } while (rsa == NULL);
}
+ key->key.seckey.key.rsa.d = rsa->d;
+ key->key.seckey.key.rsa.p = rsa->p;
+ key->key.seckey.key.rsa.q = rsa->q;
+ key->key.seckey.key.rsa.d = rsa->d;
} else if (strcmp(type, "ssh-dss") == 0) {
if ((dsa = PEM_read_DSAPrivateKey(fp, NULL, NULL, NULL)) == NULL) {
ok = 0;
@@ -866,3 +875,77 @@
(void) fclose(fp);
return ok;
}
+
+int
+__ops_elgamal_private_decrypt(uint8_t *out,
+ const uint8_t *in,
+ size_t length,
+ const __ops_elgamal_seckey_t *seckey,
+ const __ops_elgamal_pubkey_t *pubkey)
+{
+ BIGNUM *bndiv;
+ BIGNUM *c1x;
+ BN_CTX *tmp;
+ BIGNUM *c1;
+ BIGNUM *c2;
Home |
Main Index |
Thread Index |
Old Index