Module Name: src
Committed By: agc
Date: Thu Nov 19 21:56:01 UTC 2009
Modified Files:
src/crypto/external/bsd/netpgp/dist: TODO tst
src/crypto/external/bsd/netpgp/dist/include: netpgp.h
src/crypto/external/bsd/netpgp/dist/src/lib: keyring.h libnetpgp.3
netpgp.c packet-print.c signature.c signature.h symmetric.c
validate.c
src/crypto/external/bsd/netpgp/dist/src/netpgpkeys: netpgpkeys.c
Log Message:
Commit some changes that have been in a private tree for a while:
+ add a netpgp library function - netpgp_get_key(3) - to print a
specific key
+ add functionality to call this function in netpgpkeys(1)
+ add test for netpgp_get_key
+ add a verbose switch to the tst script
+ add netpgp functions to expose the memory signing and verification
functions - netpgp_sign_memory(3) and netpgp_verify_memory(3)
+ coalesced signing and verification ops file functions
To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/netpgp/dist/TODO
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/netpgp/dist/tst
cvs rdiff -u -r1.10 -r1.11 \
src/crypto/external/bsd/netpgp/dist/include/netpgp.h
cvs rdiff -u -r1.16 -r1.17 \
src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3 \
src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c
cvs rdiff -u -r1.29 -r1.30 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
cvs rdiff -u -r1.19 -r1.20 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
cvs rdiff -u -r1.21 -r1.22 \
src/crypto/external/bsd/netpgp/dist/src/lib/signature.c \
src/crypto/external/bsd/netpgp/dist/src/lib/validate.c
cvs rdiff -u -r1.13 -r1.14 \
src/crypto/external/bsd/netpgp/dist/src/lib/signature.h
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/netpgp/dist/TODO
diff -u src/crypto/external/bsd/netpgp/dist/TODO:1.24 src/crypto/external/bsd/netpgp/dist/TODO:1.25
--- src/crypto/external/bsd/netpgp/dist/TODO:1.24 Tue Jul 7 01:12:06 2009
+++ src/crypto/external/bsd/netpgp/dist/TODO Thu Nov 19 21:56:00 2009
@@ -1,5 +1,8 @@
To Do
=====
+convert to and from ascii armored sigs
+gpgme compat lib
+--list-sigs
make netpgpkeys work - add, import, commit, update, sign, passphrase
return userids from successful verify, and then print id out if required
is get_passphrase_cb needed?
Index: src/crypto/external/bsd/netpgp/dist/tst
diff -u src/crypto/external/bsd/netpgp/dist/tst:1.12 src/crypto/external/bsd/netpgp/dist/tst:1.13
--- src/crypto/external/bsd/netpgp/dist/tst:1.12 Tue Jul 7 01:13:07 2009
+++ src/crypto/external/bsd/netpgp/dist/tst Thu Nov 19 21:56:00 2009
@@ -1,7 +1,20 @@
#! /bin/sh
+while [ $# -gt 0 ]; do
+ case "$1" in
+ -v)
+ set -x
+ ;;
+ *)
+ break
+ ;;
+ esac
+ shift
+done
+
env USETOOLS=no MAKEOBJDIRPREFIX=/usr/obj/i386 sh -c 'cd ../lib && \
make cleandir ; \
+ su root -c "make includes"; \
make ; \
su root -c "make install"'
env USETOOLS=no MAKEOBJDIRPREFIX=/usr/obj/i386 sh -c 'cd ../netpgp && \
@@ -18,7 +31,7 @@
su root -c "make install"'
passed=0
-total=18
+total=19
echo "======> sign/verify 180938 file"
cp configure a
/usr/bin/netpgp --sign a
@@ -79,5 +92,7 @@
/usr/bin/netpgp --decrypt || passed=$(expr $passed + 1)
echo "======> version information"
/usr/bin/netpgpverify --version
+echo "======> find specific key information"
+/usr/bin/netpgpkeys --get-key c0596823 [email protected] && passed=$(expr $passed + 1)
rm -f a a.gpg b b.gpg c c.gpg d d.gpg e f f.sig a2 a3
echo "Passed ${passed}/${total} tests"
Index: src/crypto/external/bsd/netpgp/dist/include/netpgp.h
diff -u src/crypto/external/bsd/netpgp/dist/include/netpgp.h:1.10 src/crypto/external/bsd/netpgp/dist/include/netpgp.h:1.11
--- src/crypto/external/bsd/netpgp/dist/include/netpgp.h:1.10 Wed Jun 10 00:38:09 2009
+++ src/crypto/external/bsd/netpgp/dist/include/netpgp.h Thu Nov 19 21:56:00 2009
@@ -70,6 +70,7 @@
/* key management */
int netpgp_list_keys(netpgp_t *);
int netpgp_find_key(netpgp_t *, char *);
+char *netpgp_get_key(netpgp_t *, const char *);
int netpgp_export_key(netpgp_t *, char *);
int netpgp_import_key(netpgp_t *, char *);
int netpgp_generate_key(netpgp_t *, char *, int);
@@ -80,6 +81,10 @@
int netpgp_sign_file(netpgp_t *, const char *, const char *, char *, int, int, int);
int netpgp_verify_file(netpgp_t *, const char *, const char *, int);
+/* memory signing */
+int netpgp_sign_memory(netpgp_t *, const char *, char *, size_t, char *, size_t, const unsigned, const unsigned);
+int netpgp_verify_memory(netpgp_t *, const void *, const size_t, const int);
+
__END_DECLS
#endif /* !NETPGP_H_ */
Index: src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h:1.16 src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h:1.17
--- src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h:1.16 Thu Jun 11 04:57:52 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h Thu Nov 19 21:56:00 2009
@@ -113,6 +113,7 @@
int __ops_parse_and_accumulate(__ops_keyring_t *, __ops_stream_t *);
void __ops_print_pubkeydata(__ops_io_t *, const __ops_key_t *);
+int __ops_sprint_pubkeydata(const __ops_key_t *, char **);
void __ops_print_pubkey(const __ops_pubkey_t *);
void __ops_print_seckeydata(__ops_io_t *, const __ops_key_t *);
Index: src/crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3:1.8 src/crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3:1.9
--- src/crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3:1.8 Thu May 14 09:42:09 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3 Thu Nov 19 21:56:00 2009
@@ -1,4 +1,4 @@
-.\" $NetBSD: libnetpgp.3,v 1.8 2009/05/14 09:42:09 wiz Exp $
+.\" $NetBSD: libnetpgp.3,v 1.9 2009/11/19 21:56:00 agc Exp $
.\"
.\" Copyright (c) 2009 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd May 12, 2009
+.Dd November 19, 2009
.Dt LIBNETPGP 3
.Os
.Sh NAME
@@ -84,6 +84,20 @@
.Fa "netpgp_t *netpgp" "char *f" "int armored"
.Fc
.Ft int
+.Fo netpgp_sign_memory
+.Fa "netpgp_t *netpgp" "const char *userid" "char *mem"
+.Fa "size_t size" "char *out" "size_t outsize"
+.Fa "const unsigned armored" "const unsigned cleartext"
+.Fc
+.Ft int
+.Fo netpgp_verify_memory
+.Fa "netpgp_t *netpgp" "const void *in" "const size_t size" "const int armored"
+.Fc
+.Ft char *
+.Fo netpgp_get_key
+.Fa "netpgp_t *netpgp" "const char *id"
+.Fc
+.Ft int
.Fo netpgp_set_debug
.Fa "const char *filename"
.Fc
@@ -180,6 +194,12 @@
.Fn netpgp_verify_file
function.
.Pp
+.Fn netpgp_sign_memory
+is a function which can sign an area
+of memory, and
+.Fn netpgp_verify_memory
+verifies the digital signature produced.
+.Pp
Internally, an encrypted or signed file
is made up of
.Dq packets
Index: src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c:1.8 src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c:1.9
--- src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c:1.8 Wed Oct 7 04:18:47 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c Thu Nov 19 21:56:01 2009
@@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: symmetric.c,v 1.8 2009/10/07 04:18:47 agc Exp $");
+__RCSID("$NetBSD: symmetric.c,v 1.9 2009/11/19 21:56:01 agc Exp $");
#endif
#include "crypto.h"
@@ -293,7 +293,7 @@
static void
aes_cfb_encrypt(__ops_crypt_t *crypt, void *out, const void *in, size_t count)
{
- AES_cfb128_encrypt(in, out, (unsigned long)count,
+ AES_cfb128_encrypt(in, out, (unsigned)count,
crypt->encrypt_key, crypt->iv, &crypt->num,
AES_ENCRYPT);
}
@@ -301,7 +301,7 @@
static void
aes_cfb_decrypt(__ops_crypt_t *crypt, void *out, const void *in, size_t count)
{
- AES_cfb128_encrypt(in, out, (unsigned long)count,
+ AES_cfb128_encrypt(in, out, (unsigned)count,
crypt->encrypt_key, crypt->iv, &crypt->num,
AES_DECRYPT);
}
Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.29 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.30
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.29 Wed Oct 7 04:18:47 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Thu Nov 19 21:56:00 2009
@@ -34,7 +34,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.29 2009/10/07 04:18:47 agc Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.30 2009/11/19 21:56:00 agc Exp $");
#endif
#include <sys/types.h>
@@ -374,6 +374,26 @@
return __ops_getkeybyname(netpgp->io, netpgp->pubring, id) != NULL;
}
+/* get a key in a keyring */
+char *
+netpgp_get_key(netpgp_t *netpgp, const char *id)
+{
+ const __ops_key_t *key;
+ __ops_io_t *io;
+ char *newkey;
+
+ io = netpgp->io;
+ if (id == NULL) {
+ (void) fprintf(io->errs, "NULL id to search for\n");
+ return NULL;
+ }
+ if ((key = __ops_getkeybyname(netpgp->io, netpgp->pubring, id)) == NULL) {
+ (void) fprintf(io->errs, "Can't find key '%s'\n", id);
+ return NULL;
+ }
+ return (__ops_sprint_pubkeydata(key, &newkey) > 0) ? newkey : NULL;
+}
+
/* export a given key */
int
netpgp_export_key(netpgp_t *netpgp, char *userid)
@@ -567,14 +587,11 @@
} while (seckey == NULL);
/* sign file */
hashalg = netpgp_getvar(netpgp, "hash");
- if (cleartext) {
- ret = __ops_sign_file_as_cleartext(io, f, out, seckey,
- hashalg, overwrite);
- } else if (detached) {
+ if (detached) {
ret = __ops_sign_detached(io, f, out, seckey, hashalg);
} else {
ret = __ops_sign_file(io, f, out, seckey, hashalg,
- (unsigned)armored, overwrite);
+ (unsigned)armored, (unsigned)cleartext, overwrite);
}
__ops_forget(seckey, sizeof(*seckey));
return ret;
@@ -611,6 +628,101 @@
return 0;
}
+/* sign some memory */
+int
+netpgp_sign_memory(netpgp_t *netpgp,
+ const char *userid,
+ char *mem,
+ size_t size,
+ char *out,
+ size_t outsize,
+ const unsigned armored,
+ const unsigned cleartext)
+{
+ const __ops_key_t *keypair;
+ __ops_seckey_t *seckey;
+ __ops_memory_t *signedmem;
+ __ops_io_t *io;
+ char *hashalg;
+ int ret;
+
+ io = netpgp->io;
+ if (mem == NULL) {
+ (void) fprintf(io->errs,
+ "netpgp_sign_memory: no memory to sign\n");
+ return 0;
+ }
+ if (userid == NULL) {
+ userid = netpgp_getvar(netpgp, "userid");
+ }
+ /* get key with which to sign */
+ keypair = __ops_getkeybyname(io, netpgp->secring, userid);
+ if (keypair == NULL) {
+ (void) fprintf(io->errs, "Userid '%s' not found in keyring\n",
+ userid);
+ return 0;
+ }
+ ret = 1;
+ do {
+ /* print out the user id */
+ __ops_print_pubkeydata(io, keypair);
+ /* now decrypt key */
+ seckey = __ops_decrypt_seckey(keypair);
+ if (seckey == NULL) {
+ (void) fprintf(io->errs, "Bad passphrase\n");
+ }
+ } while (seckey == NULL);
+ /* sign file */
+ hashalg = netpgp_getvar(netpgp, "hash");
+ signedmem = __ops_sign_buf(io, mem, size, seckey, hashalg,
+ armored, cleartext);
+ if (signedmem) {
+ size_t m;
+
+ m = MIN(__ops_mem_len(signedmem), outsize);
+ (void) memcpy(out, __ops_mem_data(signedmem), m);
+ __ops_memory_free(signedmem);
+ }
+ __ops_forget(seckey, sizeof(*seckey));
+ return ret;
+}
+
+/* verify memory */
+int
+netpgp_verify_memory(netpgp_t *netpgp, const void *in, const size_t size, const int armored)
+{
+ __ops_validation_t result;
+ __ops_memory_t *signedmem;
+ __ops_io_t *io;
+ int ret;
+
+ (void) memset(&result, 0x0, sizeof(result));
+ io = netpgp->io;
+ if (in == NULL) {
+ (void) fprintf(io->errs,
+ "netpgp_verify_memory: no memory to verify\n");
+ return 0;
+ }
+ signedmem = __ops_memory_new();
+ __ops_memory_add(signedmem, in, size);
+ ret = __ops_validate_mem(io, &result, signedmem, armored,
+ netpgp->pubring);
+ __ops_memory_free(signedmem);
+ if (ret) {
+ resultp(io, in, &result, netpgp->pubring);
+ return 1;
+ }
+ if (result.validc + result.invalidc + result.unknownc == 0) {
+ (void) fprintf(io->errs,
+ "No signatures found - is this memory signed?\n");
+ } else {
+ (void) fprintf(io->errs,
+"memory verification failure: %u invalid signatures, %u unknown signatures\n",
+ result.invalidc, result.unknownc);
+ }
+ return 0;
+}
+
/* wrappers for the ops_debug_level functions we added to openpgpsdk */
/* set the debugging level per filename */
Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c:1.19 src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c:1.20
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c:1.19 Wed Oct 7 04:18:47 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c Thu Nov 19 21:56:00 2009
@@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: packet-print.c,v 1.19 2009/10/07 04:18:47 agc Exp $");
+__RCSID("$NetBSD: packet-print.c,v 1.20 2009/11/19 21:56:00 agc Exp $");
#endif
#include <string.h>
@@ -396,6 +396,62 @@
}
}
+/* return the hexdump as a string */
+static char *
+strhexdump(char *dest, const unsigned char *src, size_t length, const char *sep)
+{
+ unsigned i;
+ int n;
+
+ for (n = 0, i = 0 ; i < length ; i += 2) {
+ n += snprintf(&dest[n], 3, "%02x", *src++);
+ n += snprintf(&dest[n], 10, "%02x%s", *src++, sep);
+ }
+ return dest;
+}
+
+/* return the time as a string */
+static char *
+ptimestr(char *dest, size_t size, time_t t)
+{
+ struct tm *tm;
+
+ tm = gmtime(&t);
+ (void) snprintf(dest, size, "%04d-%02d-%02d",
+ tm->tm_year + 1900,
+ tm->tm_mon + 1,
+ tm->tm_mday);
+ return dest;
+}
+
+#ifndef KB
+#define KB(x) ((x) * 1024)
+#endif
+
+/* print into a string (malloc'ed) the pubkeydata */
+int
+__ops_sprint_pubkeydata(const __ops_key_t *key, char **buf)
+{
+ unsigned i;
+ char uidbuf[KB(128)];
+ char keyid[OPS_KEY_ID_SIZE * 3];
+ char fp[(OPS_FINGERPRINT_SIZE * 3) + 1];
+ char t[32];
+ int n;
+
+ for (i = 0, n = 0; i < key->uidc; i++) {
+ n += snprintf(&uidbuf[n], sizeof(uidbuf) - n,
+ "uid %s\n", key->uids[i].userid);
+ }
+ return asprintf(buf, "pub %d/%s %s %s\nKey fingerprint: %s\n%s",
+ numkeybits(&key->key.pubkey),
+ __ops_show_pka(key->key.pubkey.alg),
+ strhexdump(keyid, key->key_id, OPS_KEY_ID_SIZE, ""),
+ ptimestr(t, sizeof(t), key->key.pubkey.birthtime),
+ strhexdump(fp, key->fingerprint.fingerprint, OPS_FINGERPRINT_SIZE, " "),
+ uidbuf);
+}
+
/**
\ingroup Core_Print
\param pubkey
Index: src/crypto/external/bsd/netpgp/dist/src/lib/signature.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.21 src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.22
--- src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.21 Wed Oct 7 16:19:51 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c Thu Nov 19 21:56:00 2009
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: signature.c,v 1.21 2009/10/07 16:19:51 agc Exp $");
+__RCSID("$NetBSD: signature.c,v 1.22 2009/11/19 21:56:00 agc Exp $");
#endif
#include <sys/types.h>
@@ -943,177 +943,6 @@
}
/**
- \ingroup HighLevel_Sign
- \brief Sign a file with a Cleartext Signature
- \param inname Name of file to be signed
- \param outname Filename to be created. If NULL, filename will be constructed from the inname.
- \param seckey Secret Key to sign with
- \param overwrite Allow output file to be overwritten, if set
- \return 1 if OK, else 0
-
-*/
-unsigned
-__ops_sign_file_as_cleartext(__ops_io_t *io,
- const char *inname,
- const char *outname,
- const __ops_seckey_t *seckey,
- const char *hashname,
- const unsigned overwrite)
-{
- __ops_create_sig_t *sig = NULL;
- __ops_sig_type_t sig_type = OPS_SIG_BINARY;
- __ops_hash_alg_t hash_alg;
- __ops_output_t *output = NULL;
- unsigned char keyid[OPS_KEY_ID_SIZE];
- unsigned ret = 0;
- unsigned armored = 1;
- int fd_out = 0;
- __ops_memory_t *mem;
-
- /* check the hash algorithm */
- hash_alg = __ops_str_to_hash_alg(hashname);
- if (hash_alg == OPS_HASH_UNKNOWN) {
- (void) fprintf(io->errs,
- "__ops_sign_file_as_cleartext: unknown hash algorithm"
- ": \"%s\"\n", hashname);
- return 0;
- }
-
- /* read the file to be signed */
- mem = __ops_memory_new();
- if (!__ops_mem_readfile(mem, inname)) {
- return 0;
- }
-
- /* set up output file */
- fd_out = open_output_file(&output, inname, outname, armored, overwrite);
- if (fd_out < 0) {
- __ops_memory_free(mem);
- return 0;
- }
-
- /* set up signature */
- sig = __ops_create_sig_new();
- if (!sig) {
- __ops_memory_free(mem);
- __ops_teardown_file_write(output, fd_out);
- return 0;
- }
-
- /* \todo could add more error detection here */
- __ops_start_sig(sig, seckey, hash_alg, sig_type);
- if (__ops_writer_push_clearsigned(output, sig) != 1) {
- return 0;
- }
-
- /* Do the signing */
- __ops_write(output, __ops_mem_data(mem), __ops_mem_len(mem));
- __ops_memory_free(mem);
-
- /* add signature with subpackets: */
- /* - creation time */
- /* - key id */
- ret = __ops_writer_use_armored_sig(output) &&
- __ops_add_birthtime(sig, time(NULL));
- if (ret == 0) {
- __ops_teardown_file_write(output, fd_out);
- return 0;
- }
-
- __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey);
- ret = __ops_add_issuer_keyid(sig, keyid) &&
- __ops_end_hashed_subpkts(sig) &&
- __ops_write_sig(output, sig, &seckey->pubkey, seckey);
-
- __ops_teardown_file_write(output, fd_out);
-
- if (ret == 0) {
- OPS_ERROR(&output->errors, OPS_E_W,
- "Cannot sign file as cleartext");
- }
- return ret;
-}
-
-/**
- * \ingroup HighLevel_Sign
- * \brief Sign a buffer with a Cleartext signature
- * \param cleartext Text to be signed
- * \param len Length of text
- * \param signed __ops_memory_t struct in which to write the signed cleartext
- * \param seckey Secret key with which to sign the cleartext
- * \return 1 if OK; else 0
-
- * \note It is the calling function's responsibility to free signed
- * \note signed should be a NULL pointer when passed in
-
- */
-unsigned
-__ops_sign_buf_as_cleartext(const char *cleartext,
- const size_t len,
- __ops_memory_t **signedtext,
- const __ops_seckey_t *seckey,
- const char *hashname)
-{
- __ops_create_sig_t *sig = NULL;
- __ops_sig_type_t sig_type = OPS_SIG_BINARY;
- __ops_hash_alg_t hash_alg;
- __ops_output_t *output = NULL;
- unsigned char keyid[OPS_KEY_ID_SIZE];
- unsigned ret = 0;
-
- /* check the hash algorithm */
- hash_alg = __ops_str_to_hash_alg(hashname);
- if (hash_alg == OPS_HASH_UNKNOWN) {
- (void) fprintf(stderr,
- "__ops_sign_buf_as_cleartext: unknown hash algorithm"
- ": \"%s\"\n", hashname);
- return 0;
- }
-
-
- if (*signedtext != 0x0) {
- (void) fprintf(stderr,
- "__ops_sign_buf_as_cleartext: non-null cleartext\n");
- return 0;
- }
-
- /* set up signature */
- sig = __ops_create_sig_new();
- if (!sig) {
- return 0;
- }
- /* \todo could add more error detection here */
- __ops_start_sig(sig, seckey, hash_alg, sig_type);
-
- /* set up output file */
- __ops_setup_memory_write(&output, signedtext, len);
-
- /* Do the signing */
- /* add signature with subpackets: */
- /* - creation time */
- /* - key id */
- ret = __ops_writer_push_clearsigned(output, sig) &&
- __ops_write(output, cleartext, len) &&
- __ops_writer_use_armored_sig(output) &&
- __ops_add_birthtime(sig, time(NULL));
-
- if (ret == 0) {
- return 0;
- }
- __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey);
-
- ret = __ops_add_issuer_keyid(sig, keyid) &&
- __ops_end_hashed_subpkts(sig) &&
- __ops_write_sig(output, sig, &seckey->pubkey, seckey) &&
- __ops_writer_close(output);
-
- /* Note: the calling function must free signed */
- __ops_output_delete(output);
-
- return ret;
-}
-
-/**
\ingroup HighLevel_Sign
\brief Sign a file
\param inname Input filename
@@ -1131,20 +960,27 @@
const __ops_seckey_t *seckey,
const char *hashname,
const unsigned armored,
+ const unsigned cleartext,
const unsigned overwrite)
{
- /* \todo allow choice of hash algorithams */
- /* enforce use of SHA1 for now */
-
- __ops_create_sig_t *sig = NULL;
+ __ops_create_sig_t *sig;
+ __ops_sig_type_t sig_type;
__ops_hash_alg_t hash_alg;
- __ops_sig_type_t sig_type = OPS_SIG_BINARY;
- __ops_memory_t *infile = NULL;
- __ops_output_t *output = NULL;
+ __ops_memory_t *infile;
+ __ops_output_t *output;
unsigned char keyid[OPS_KEY_ID_SIZE];
- __ops_hash_t *hash = NULL;
- int fd = 0;
+ __ops_hash_t *hash;
+ unsigned ret;
+ int fd_out;
+
+ sig = NULL;
+ sig_type = OPS_SIG_BINARY;
+ infile = NULL;
+ output = NULL;
+ hash = NULL;
+ fd_out = 0;
+ /* find the hash algorithm */
hash_alg = __ops_str_to_hash_alg(hashname);
if (hash_alg == OPS_HASH_UNKNOWN) {
(void) fprintf(io->errs,
@@ -1160,56 +996,93 @@
}
/* setup output file */
- fd = open_output_file(&output, inname, outname, armored, overwrite);
- if (fd < 0) {
+ fd_out = open_output_file(&output, inname, outname, armored, overwrite);
+ if (fd_out < 0) {
__ops_memory_free(infile);
return 0;
}
/* set up signature */
sig = __ops_create_sig_new();
+ if (!sig) {
+ __ops_memory_free(infile);
+ __ops_teardown_file_write(output, fd_out);
+ return 0;
+ }
+
__ops_start_sig(sig, seckey, hash_alg, sig_type);
- /* set armoured/not armoured here */
- if (armored) {
- __ops_writer_push_armor_msg(output);
- }
+ if (cleartext) {
+ if (__ops_writer_push_clearsigned(output, sig) != 1) {
+ return 0;
+ }
- /* write one_pass_sig */
- __ops_write_one_pass_sig(output, seckey, hash_alg, sig_type);
+ /* Do the signing */
+ __ops_write(output, __ops_mem_data(infile), __ops_mem_len(infile));
+ __ops_memory_free(infile);
- /* hash file contents */
- hash = __ops_sig_get_hash(sig);
- hash->add(hash, __ops_mem_data(infile), __ops_mem_len(infile));
+ /* add signature with subpackets: */
+ /* - creation time */
+ /* - key id */
+ ret = __ops_writer_use_armored_sig(output) &&
+ __ops_add_birthtime(sig, time(NULL));
+ if (ret == 0) {
+ __ops_teardown_file_write(output, fd_out);
+ return 0;
+ }
- /* output file contents as Literal Data packet */
- if (__ops_get_debug_level(__FILE__)) {
- fprintf(io->errs, "** Writing out data now\n");
- }
- __ops_write_litdata(output, __ops_mem_data(infile),
- (const int)__ops_mem_len(infile),
- OPS_LDT_BINARY);
+ __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey);
+ ret = __ops_add_issuer_keyid(sig, keyid) &&
+ __ops_end_hashed_subpkts(sig) &&
+ __ops_write_sig(output, sig, &seckey->pubkey, seckey);
- if (__ops_get_debug_level(__FILE__)) {
- fprintf(io->errs, "** After Writing out data now\n");
- }
+ __ops_teardown_file_write(output, fd_out);
- /* add creation time to signature */
- __ops_add_birthtime(sig, time(NULL));
- /* add key id to signature */
- __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey);
- __ops_add_issuer_keyid(sig, keyid);
- __ops_end_hashed_subpkts(sig);
+ if (ret == 0) {
+ OPS_ERROR(&output->errors, OPS_E_W,
+ "Cannot sign file as cleartext");
+ }
+ } else {
+ /* set armoured/not armoured here */
+ if (armored) {
+ __ops_writer_push_armor_msg(output);
+ }
- /* write out sig */
- __ops_write_sig(output, sig, &seckey->pubkey, seckey);
+ /* write one_pass_sig */
+ __ops_write_one_pass_sig(output, seckey, hash_alg, sig_type);
+
+ /* hash file contents */
+ hash = __ops_sig_get_hash(sig);
+ hash->add(hash, __ops_mem_data(infile), __ops_mem_len(infile));
+
+ /* output file contents as Literal Data packet */
+ if (__ops_get_debug_level(__FILE__)) {
+ fprintf(io->errs, "** Writing out data now\n");
+ }
+ __ops_write_litdata(output, __ops_mem_data(infile),
+ (const int)__ops_mem_len(infile),
+ OPS_LDT_BINARY);
- /* tidy up */
- __ops_teardown_file_write(output, fd);
- __ops_create_sig_delete(sig);
- __ops_memory_free(infile);
+ if (__ops_get_debug_level(__FILE__)) {
+ fprintf(io->errs, "** After Writing out data now\n");
+ }
- return 1;
+ /* add creation time to signature */
+ __ops_add_birthtime(sig, time(NULL));
+ /* add key id to signature */
+ __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey);
+ ret = __ops_add_issuer_keyid(sig, keyid) &&
+ __ops_end_hashed_subpkts(sig) &&
+ __ops_write_sig(output, sig, &seckey->pubkey, seckey);
+
+ /* tidy up */
+ __ops_teardown_file_write(output, fd_out);
+
+ __ops_create_sig_delete(sig);
+ __ops_memory_free(infile);
+ }
+
+ return ret;
}
/**
@@ -1224,71 +1097,109 @@
\note It is the caller's responsibility to call __ops_memory_free(me)
*/
-__ops_memory_t *
-__ops_sign_buf(const void *input,
- const size_t input_len,
- const __ops_sig_type_t sig_type,
+__ops_memory_t *
+__ops_sign_buf(__ops_io_t *io,
+ const void *input,
+ const size_t insize,
const __ops_seckey_t *seckey,
- const unsigned armored)
+ const char *hashname,
+ const unsigned armored,
+ const unsigned cleartext)
{
__ops_litdata_type_t ld_type;
- __ops_create_sig_t *sig = NULL;
- __ops_hash_alg_t hash_alg = OPS_HASH_SHA1;
- __ops_output_t *output = NULL;
- __ops_memory_t *mem = __ops_memory_new();
+ __ops_create_sig_t *sig;
+ __ops_sig_type_t sig_type;
+ __ops_hash_alg_t hash_alg;
+ __ops_output_t *output;
+ __ops_memory_t *mem;
unsigned char keyid[OPS_KEY_ID_SIZE];
- __ops_hash_t *hash = NULL;
+ __ops_hash_t *hash;
+ unsigned ret;
- /* setup literal data packet type */
- ld_type = (sig_type == OPS_SIG_BINARY) ? OPS_LDT_BINARY : OPS_LDT_TEXT;
+ sig = NULL;
+ sig_type = OPS_SIG_BINARY;
+ output = NULL;
+ mem = __ops_memory_new();
+ hash = NULL;
+ ret = 0;
- /* set up signature */
- sig = __ops_create_sig_new();
- __ops_start_sig(sig, seckey, hash_alg, sig_type);
+ hash_alg = __ops_str_to_hash_alg(hashname);
+ if (hash_alg == OPS_HASH_UNKNOWN) {
+ (void) fprintf(io->errs,
+ "__ops_sign_buf: unknown hash algorithm: \"%s\"\n",
+ hashname);
+ return NULL;
+ }
- /* setup writer */
- __ops_setup_memory_write(&output, &mem, input_len);
+ /* setup literal data packet type */
+ ld_type = (cleartext) ? OPS_LDT_TEXT : OPS_LDT_BINARY;
- /* set armoured/not armoured here */
- if (armored) {
- __ops_writer_push_armor_msg(output);
+ if (input == NULL) {
+ (void) fprintf(io->errs,
+ "__ops_sign_buf_as_cleartext: null cleartext\n");
+ return 0;
}
- if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "** Writing out one pass sig\n");
+ /* set up signature */
+ if ((sig = __ops_create_sig_new()) == NULL) {
+ return NULL;
}
- /* write one_pass_sig */
- __ops_write_one_pass_sig(output, seckey, hash_alg, sig_type);
-
- /* hash file contents */
- hash = __ops_sig_get_hash(sig);
- hash->add(hash, input, input_len);
-
- /* output file contents as Literal Data packet */
+ __ops_start_sig(sig, seckey, hash_alg, sig_type);
- if (__ops_get_debug_level(__FILE__)) {
- (void) fprintf(stderr, "** Writing out data now\n");
- }
- __ops_write_litdata(output, input, (const int)input_len, ld_type);
+ /* setup writer */
+ __ops_setup_memory_write(&output, &mem, insize);
- if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "** After Writing out data now\n");
- }
+ if (cleartext) {
+ /* Do the signing */
+ /* add signature with subpackets: */
+ /* - creation time */
+ /* - key id */
+ ret = __ops_writer_push_clearsigned(output, sig) &&
+ __ops_write(output, input, insize) &&
+ __ops_writer_use_armored_sig(output) &&
+ __ops_add_birthtime(sig, time(NULL));
+ if (ret == 0) {
+ return NULL;
+ }
+ __ops_output_delete(output);
+ } else {
+ /* set armoured/not armoured here */
+ if (armored) {
+ __ops_writer_push_armor_msg(output);
+ }
+ if (__ops_get_debug_level(__FILE__)) {
+ fprintf(io->errs, "** Writing out one pass sig\n");
+ }
+ /* write one_pass_sig */
+ __ops_write_one_pass_sig(output, seckey, hash_alg, sig_type);
- /* add creation time to signature */
- __ops_add_birthtime(sig, time(NULL));
- /* add key id to signature */
- __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey);
- __ops_add_issuer_keyid(sig, keyid);
- __ops_end_hashed_subpkts(sig);
+ /* hash memory */
+ hash = __ops_sig_get_hash(sig);
+ hash->add(hash, input, insize);
+
+ /* output file contents as Literal Data packet */
+ if (__ops_get_debug_level(__FILE__)) {
+ (void) fprintf(stderr, "** Writing out data now\n");
+ }
+ __ops_write_litdata(output, input, (const int)insize, ld_type);
+ if (__ops_get_debug_level(__FILE__)) {
+ fprintf(stderr, "** After Writing out data now\n");
+ }
- /* write out sig */
- __ops_write_sig(output, sig, &seckey->pubkey, seckey);
+ /* add creation time to signature */
+ __ops_add_birthtime(sig, time(NULL));
+ /* add key id to signature */
+ __ops_keyid(keyid, OPS_KEY_ID_SIZE, &seckey->pubkey);
+ __ops_add_issuer_keyid(sig, keyid);
+ __ops_end_hashed_subpkts(sig);
- /* tidy up */
- __ops_writer_close(output);
- __ops_create_sig_delete(sig);
+ /* write out sig */
+ __ops_write_sig(output, sig, &seckey->pubkey, seckey);
+ /* tidy up */
+ __ops_writer_close(output);
+ __ops_create_sig_delete(sig);
+ }
return mem;
}
Index: src/crypto/external/bsd/netpgp/dist/src/lib/validate.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.21 src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.22
--- src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.21 Wed Oct 7 16:19:51 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/validate.c Thu Nov 19 21:56:01 2009
@@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: validate.c,v 1.21 2009/10/07 16:19:51 agc Exp $");
+__RCSID("$NetBSD: validate.c,v 1.22 2009/11/19 21:56:01 agc Exp $");
#endif
#include <sys/types.h>
@@ -91,8 +91,8 @@
/* Does the signed hash match the given hash? */
static unsigned
-check_binary_sig(const unsigned len,
- const unsigned char *data,
+check_binary_sig(const unsigned char *data,
+ const unsigned len,
const __ops_sig_t *sig,
const __ops_pubkey_t *signer)
{
@@ -116,7 +116,7 @@
trailer[2] = (unsigned)(sig->info.birthtime) >> 16;
trailer[3] = (unsigned)(sig->info.birthtime) >> 8;
trailer[4] = (unsigned char)(sig->info.birthtime);
- hash.add(&hash, &trailer[0], 5);
+ hash.add(&hash, trailer, 5);
break;
case OPS_V4:
@@ -479,8 +479,8 @@
data->mem = __ops_memory_new();
__ops_mem_readfile(data->mem, data->detachname);
}
- valid = check_binary_sig(__ops_mem_len(data->mem),
- __ops_mem_data(data->mem),
+ valid = check_binary_sig(__ops_mem_data(data->mem),
+ __ops_mem_len(data->mem),
&content->sig,
__ops_get_pubkey(signer));
break;
@@ -813,7 +813,7 @@
__ops_stream_t *stream = NULL;
const int printerrors = 1;
- __ops_setup_memory_read(io, &stream, mem, &validation, validate_data_cb, 1);
+ __ops_setup_memory_read(io, &stream, mem, &validation, validate_data_cb, 1);
/* Set verification reader and handling options */
(void) memset(&validation, 0x0, sizeof(validation));
validation.result = result;
Index: src/crypto/external/bsd/netpgp/dist/src/lib/signature.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/signature.h:1.13 src/crypto/external/bsd/netpgp/dist/src/lib/signature.h:1.14
--- src/crypto/external/bsd/netpgp/dist/src/lib/signature.h:1.13 Sun Oct 4 21:57:09 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/signature.h Thu Nov 19 21:56:01 2009
@@ -104,18 +104,13 @@
void __ops_add_primary_userid(__ops_create_sig_t *, unsigned);
/* Standard Interface */
-unsigned __ops_sign_file_as_cleartext(__ops_io_t *,
- const char *,
- const char *,
- const __ops_seckey_t *,
- const char *,
- const unsigned);
unsigned __ops_sign_file(__ops_io_t *,
const char *,
const char *,
const __ops_seckey_t *,
const char *,
const unsigned,
+ const unsigned,
const unsigned);
int __ops_sign_detached(__ops_io_t *,
@@ -148,16 +143,12 @@
void __ops_writer_push_armoured(__ops_output_t *, __ops_armor_type_t);
-unsigned __ops_sign_buf_as_cleartext(const char *,
+__ops_memory_t *__ops_sign_buf(__ops_io_t *,
+ const void *,
const size_t,
- __ops_memory_t **,
- const __ops_seckey_t *,
- const char *);
-
-__ops_memory_t *__ops_sign_buf(const void *,
- const size_t,
- const __ops_sig_type_t,
const __ops_seckey_t *,
+ const char *,
+ const unsigned,
const unsigned);
unsigned __ops_keyring_read_from_mem(__ops_io_t *,
Index: src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c
diff -u src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c:1.2 src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c:1.3
--- src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c:1.2 Wed Jun 10 16:37:42 2009
+++ src/crypto/external/bsd/netpgp/dist/src/netpgpkeys/netpgpkeys.c Thu Nov 19 21:56:01 2009
@@ -53,6 +53,7 @@
"\t--generate-key [options] OR\n"
"\t--import-key [options] OR\n"
"\t--list-keys [options] OR\n"
+ "\t--get-key keyid [options] OR\n"
"\t--version\n"
"where options are:\n"
"\t[--coredumps] AND/OR\n"
@@ -70,6 +71,7 @@
GENERATE_KEY,
VERSION_CMD,
HELP_CMD,
+ GET_KEY,
/* options */
KEYRING,
@@ -95,6 +97,7 @@
{"export-key", no_argument, NULL, EXPORT_KEY},
{"import-key", no_argument, NULL, IMPORT_KEY},
{"generate-key", no_argument, NULL, GENERATE_KEY},
+ {"get-key", no_argument, NULL, GET_KEY},
/* debugging commands */
{"help", no_argument, NULL, HELP_CMD},
{"version", no_argument, NULL, VERSION_CMD},
@@ -137,6 +140,8 @@
static int
netpgp_cmd(netpgp_t *netpgp, prog_t *p, char *f)
{
+ char *key;
+
switch (p->cmd) {
case LIST_KEYS:
return netpgp_list_keys(netpgp);
@@ -150,6 +155,14 @@
case GENERATE_KEY:
return netpgp_generate_key(netpgp,
netpgp_getvar(netpgp, "userid"), p->numbits);
+ case GET_KEY:
+ key = netpgp_get_key(netpgp, f);
+ if (key) {
+ printf("%s", key);
+ return 1;
+ }
+ (void) fprintf(stderr, "key '%s' not found\n", f);
+ return 0;
case HELP_CMD:
default:
print_usage(usage, p->progname);
@@ -237,6 +250,7 @@
case FIND_KEY:
case EXPORT_KEY:
case IMPORT_KEY:
+ case GET_KEY:
case HELP_CMD:
p.cmd = options[optindex].val;
break;
