CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib

Mon, 15 Nov 2010 00:03:51 -0800 

Module Name:    src
Committed By:   agc
Date:           Mon Nov 15 08:03:40 UTC 2010

Modified Files:
        src/crypto/external/bsd/netpgp/dist/src/lib: compress.c create.c
            netpgp.c packet-parse.c writer.c

Log Message:
Changes to help with netpgp key generation and interoperability:

+ use plain SHA1 for session key s2k negotiation
+ don't warn on some conditions when inflating (reading a compressed file)
  since the conditions don't hold for partial block lengths
+ prompt for a passphrase when generating a new key - used in the upcoming
  secret-sharing functionality for netpgp


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 \
    src/crypto/external/bsd/netpgp/dist/src/lib/compress.c
cvs rdiff -u -r1.37 -r1.38 \
    src/crypto/external/bsd/netpgp/dist/src/lib/create.c
cvs rdiff -u -r1.82 -r1.83 \
    src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
cvs rdiff -u -r1.47 -r1.48 \
    src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
cvs rdiff -u -r1.30 -r1.31 \
    src/crypto/external/bsd/netpgp/dist/src/lib/writer.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/external/bsd/netpgp/dist/src/lib/compress.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/compress.c:1.20 src/crypto/external/bsd/netpgp/dist/src/lib/compress.c:1.21
--- src/crypto/external/bsd/netpgp/dist/src/lib/compress.c:1.20	Thu Nov 11 00:58:04 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/compress.c	Mon Nov 15 08:03:39 2010
@@ -57,7 +57,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: compress.c,v 1.20 2010/11/11 00:58:04 agc Exp $");
+__RCSID("$NetBSD: compress.c,v 1.21 2010/11/15 08:03:39 agc Exp $");
 #endif
 
 #ifdef HAVE_ZLIB_H
@@ -133,19 +133,11 @@
 	    z->zstream.next_out == &z->out[z->offset]) {
 		return 0;
 	}
-
 	if (pgp_get_debug_level(__FILE__)) {
 		(void) fprintf(stderr,
 			"zlib_compressed_data_reader: length %" PRIsize "d\n",
 			length);
 	}
-
-	if (z->region->readc == z->region->length) {
-		if (z->inflate_ret != Z_STREAM_END) {
-			PGP_ERROR(cbinfo->errors, PGP_E_P_DECOMPRESSION_ERROR,
-			"Compressed data didn't end when region ended.");
-		}
-	}
 	for (cc = 0 ; cc < length ; cc += len) {
 		if (&z->out[z->offset] == z->zstream.next_out) {
 			int             ret;
@@ -221,17 +213,10 @@
 		(void) fprintf(stderr, "Weird type %d\n", bz->type);
 		return 0;
 	}
-
 	if (bz->inflate_ret == BZ_STREAM_END &&
 	    bz->bzstream.next_out == &bz->out[bz->offset]) {
 		return 0;
 	}
-	if (bz->region->readc == bz->region->length) {
-		if (bz->inflate_ret != BZ_STREAM_END) {
-			PGP_ERROR(cbinfo->errors, PGP_E_P_DECOMPRESSION_ERROR,
-			"Compressed data didn't end when region ended.");
-		}
-	}
 	for (cc = 0 ; cc < length ; cc += len) {
 		if (&bz->out[bz->offset] == bz->bzstream.next_out) {
 			int             ret;

Index: src/crypto/external/bsd/netpgp/dist/src/lib/create.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.37 src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.38
--- src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.37	Sun Nov  7 08:39:59 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/create.c	Mon Nov 15 08:03:39 2010
@@ -57,7 +57,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: create.c,v 1.37 2010/11/07 08:39:59 agc Exp $");
+__RCSID("$NetBSD: create.c,v 1.38 2010/11/15 08:03:39 agc Exp $");
 #endif
 
 #include <sys/types.h>
@@ -285,7 +285,7 @@
 	pgp_hash_t    hash;
 	unsigned	done = 0;
 	unsigned	i = 0;
-	uint8_t		hashed[PGP_SHA1_HASH_SIZE];
+	uint8_t		*hashed;
 	uint8_t		sesskey[CAST_KEY_LENGTH];
 
 	if (!write_pubkey_body(&key->pubkey, output)) {
@@ -360,15 +360,21 @@
 		/* RFC4880: section 3.7.1.1 and 3.7.1.2 */
 
 		for (done = 0, i = 0; done < CAST_KEY_LENGTH; i++) {
+			unsigned 	hashsize;
 			unsigned 	j;
+			unsigned	needed;
+			unsigned	size;
 			uint8_t		zero = 0;
-			int             needed;
-			int             size;
 
+			/* Hard-coded SHA1 for session key */
+			pgp_hash_any(&hash, PGP_HASH_SHA1);
+			hashsize = pgp_hash_size(key->hash_alg);
 			needed = CAST_KEY_LENGTH - done;
-			size = MIN(needed, PGP_SHA1_HASH_SIZE);
-
-			pgp_hash_any(&hash, key->hash_alg);
+			size = MIN(needed, hashsize);
+			if ((hashed = calloc(1, hashsize)) == NULL) {
+				(void) fprintf(stderr, "write_seckey_body: bad alloc\n");
+				return 0;
+			}
 			if (!hash.init(&hash)) {
 				(void) fprintf(stderr, "write_seckey_body: bad alloc\n");
 				return 0;
@@ -396,7 +402,7 @@
 			 * if more in hash than is needed by session key, use
 			 * the leftmost octets
 			 */
-			(void) memcpy(&sesskey[i * PGP_SHA1_HASH_SIZE],
+			(void) memcpy(&sesskey[i * hashsize],
 					hashed, (unsigned)size);
 			done += (unsigned)size;
 			if (done > CAST_KEY_LENGTH) {
@@ -435,13 +441,9 @@
 	pgp_push_enc_crypt(output, &crypted);
 
 	switch (key->pubkey.alg) {
-		/* case PGP_PKA_DSA: */
-		/* return pgp_write_mpi(output, key->key.dsa.x); */
-
 	case PGP_PKA_RSA:
 	case PGP_PKA_RSA_ENCRYPT_ONLY:
 	case PGP_PKA_RSA_SIGN_ONLY:
-
 		if (!pgp_write_mpi(output, key->key.rsa.d) ||
 		    !pgp_write_mpi(output, key->key.rsa.p) ||
 		    !pgp_write_mpi(output, key->key.rsa.q) ||

Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.82 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.83
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.82	Sun Nov  7 21:41:38 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c	Mon Nov 15 08:03:39 2010
@@ -34,7 +34,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.82 2010/11/07 21:41:38 agc Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.83 2010/11/15 08:03:39 agc Exp $");
 #endif
 
 #include <sys/types.h>
@@ -697,6 +697,45 @@
 	return cc;
 }
 
+#define MAX_PASSPHRASE_ATTEMPTS	3
+
+/* get the passphrase from the user */
+static int
+find_passphrase(FILE *passfp, const char *id, char *passphrase, size_t size)
+{
+	char	 prompt[BUFSIZ];
+	char	 buf[128];
+	char	*cp;
+	int	 cc;
+	int	 i;
+
+	if (passfp) {
+		if (fgets(passphrase, size, passfp) == NULL) {
+			return 0;
+		}
+		return strlen(passphrase);
+	}
+	for (i = 0 ; i < MAX_PASSPHRASE_ATTEMPTS ; i++) {
+		(void) snprintf(prompt, sizeof(prompt), "Enter passphrase for %.16s: ", id);
+		if ((cp = getpass(prompt)) == NULL) {
+			break;
+		}
+		cc = snprintf(buf, sizeof(buf), "%s", cp);
+		(void) snprintf(prompt, sizeof(prompt), "Repeat passphrase for %.16s: ", id);
+		if ((cp = getpass(prompt)) == NULL) {
+			break;
+		}
+		cc = snprintf(passphrase, size, "%s", cp);
+		if (strcmp(buf, passphrase) == 0) {
+			(void) memset(buf, 0x0, sizeof(buf));
+			return cc;
+		}
+	}
+	(void) memset(buf, 0x0, sizeof(buf));
+	(void) memset(passphrase, 0x0, size);
+	return 0;
+}
+
 /***************************************************************************/
 /* exported functions start here */
 /***************************************************************************/
@@ -1086,6 +1125,8 @@
 	return pgp_keyring_list(io, netpgp->pubring, 0);
 }
 
+#define ID_OFFSET	38
+
 /* generate a new key */
 int
 netpgp_generate_key(netpgp_t *netpgp, char *id, int numbits)
@@ -1095,11 +1136,13 @@
 	pgp_key_t		*key;
 	pgp_io_t		*io;
 	uint8_t			*uid;
+	char			 passphrase[128];
 	char			 newid[1024];
 	char			 filename[MAXPATHLEN];
 	char			 dir[MAXPATHLEN];
 	char			*cp;
 	char			*ringfile;
+	int             	 passc;
 	int             	 fd;
 
 	uid = NULL;
@@ -1123,7 +1166,7 @@
 	pgp_sprint_keydata(netpgp->io, NULL, key, &cp, "signature ", &key->key.seckey.pubkey, 0);
 	(void) fprintf(stdout, "%s", cp);
 	/* write public key */
-	(void) snprintf(dir, sizeof(dir), "%s/%.16s", netpgp_getvar(netpgp, "homedir"), &cp[38]);
+	(void) snprintf(dir, sizeof(dir), "%s/%.16s", netpgp_getvar(netpgp, "homedir"), &cp[ID_OFFSET]);
 	if (mkdir(dir, 0700) < 0) {
 		(void) fprintf(io->errs, "can't mkdir '%s'\n", dir);
 		return 0;
@@ -1146,7 +1189,9 @@
 		(void) fprintf(io->errs, "can't append secring '%s'\n", ringfile);
 		return 0;
 	}
-	if (!pgp_write_xfer_seckey(create, key, NULL, 0, noarmor)) {
+	/* get the passphrase */
+	passc = find_passphrase(netpgp->passfp, &cp[ID_OFFSET], passphrase, sizeof(passphrase));
+	if (!pgp_write_xfer_seckey(create, key, (uint8_t *)passphrase, passc, noarmor)) {
 		(void) fprintf(io->errs, "Cannot write seckey\n");
 		return 0;
 	}

Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.47 src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.48
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.47	Thu Nov 11 01:08:26 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c	Mon Nov 15 08:03:40 2010
@@ -58,7 +58,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: packet-parse.c,v 1.47 2010/11/11 01:08:26 agc Exp $");
+__RCSID("$NetBSD: packet-parse.c,v 1.48 2010/11/15 08:03:40 agc Exp $");
 #endif
 
 #include <sys/types.h>
@@ -2468,6 +2468,8 @@
 			return 0;
 		}
 
+		/* Hardcoded SHA1 for just now */
+		pkt.u.seckey.hash_alg = PGP_HASH_SHA1;
 		hashsize = pgp_hash_size(pkt.u.seckey.hash_alg);
 		if (hashsize == 0 || hashsize > PGP_MAX_HASH_SIZE) {
 			(void) fprintf(stderr,
@@ -2573,7 +2575,8 @@
 		fprintf(stderr, "parse_seckey: end of crypted passphrase\n");
 	}
 	if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) {
-		pkt.u.seckey.checkhash = calloc(1, PGP_CHECKHASH_SIZE);
+		/* XXX - Hard-coded SHA1 here ?? Check */
+		pkt.u.seckey.checkhash = calloc(1, PGP_SHA1_HASH_SIZE);
 		if (pkt.u.seckey.checkhash == NULL) {
 			(void) fprintf(stderr, "parse_seckey: bad alloc\n");
 			return 0;

Index: src/crypto/external/bsd/netpgp/dist/src/lib/writer.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/writer.c:1.30 src/crypto/external/bsd/netpgp/dist/src/lib/writer.c:1.31
--- src/crypto/external/bsd/netpgp/dist/src/lib/writer.c:1.30	Sun Nov  7 08:40:00 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/writer.c	Mon Nov 15 08:03:40 2010
@@ -58,7 +58,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: writer.c,v 1.30 2010/11/07 08:40:00 agc Exp $");
+__RCSID("$NetBSD: writer.c,v 1.31 2010/11/15 08:03:40 agc Exp $");
 #endif
 
 #include <sys/types.h>
@@ -1171,7 +1171,7 @@
 
 	/* now construct MDC packet and add to the end of the buffer */
 	pgp_setup_memory_write(&mdcoutput, &mdc, mdcsize);
-	pgp_calc_mdc_hash(preamble, preamblesize, data, len, &hashed[0]);
+	pgp_calc_mdc_hash(preamble, preamblesize, data, len, hashed);
 	pgp_write_mdc(mdcoutput, hashed);
 
 	if (pgp_get_debug_level(__FILE__)) {
@@ -1351,15 +1351,18 @@
 {
 	/* XXX: push a SHA-1 checksum writer (and change s2k to 254). */
 	skey_checksum_t *sum;
+	unsigned	 hashsize;
 
 	if ((sum = calloc(1, sizeof(*sum))) == NULL) {
 		(void) fprintf(stderr,
 			"pgp_push_checksum_writer: bad alloc\n");
 	} else {
 		/* configure the arg */
-		sum->hash_alg = seckey->hash_alg;
+		/* Hardcoded SHA1 for just now */
+		sum->hash_alg = PGP_HASH_SHA1;
+		hashsize = pgp_hash_size(sum->hash_alg);
 		if ((sum->hashed = seckey->checkhash) == NULL) {
-			sum->hashed = seckey->checkhash = calloc(1, PGP_CHECKHASH_SIZE);
+			sum->hashed = seckey->checkhash = calloc(1, hashsize);
 		}
 		/* init the hash */
 		pgp_hash_any(&sum->hash, sum->hash_alg);

Reply via email to