Up to [cvs.NetBSD.org] / src / crypto / external / bsd / netpgp / dist / src / lib
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
adding initial support for ECDSA (19) to netpgp. tested using p256/sha256, p384/sha384, and p521/sha512
Fix PR 44075 from Peter Pentchev, but do this by adding a --numtries=<attempts> option to netpgp(1) to provide the maximum number of attempts to retrieve the correct passphrase when signing or decrypting, and use it in libnetpgp(3). The default number of attempts is 3, and a value of "unlimited" will loop until the correct passphrase has been entered.
There were still some throwbacks with the prefix '_ops' - rectify that to be the standard "pgp_" - no functional change.
Changes to 3.99.15/20101110 + add support for partial blocks, defined in rfc 4880, and used fairly extensively by gnupg where the input size may not be known in advance (e.g. for encrypted compressed data, as produced by default by gpg -e)
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
Add Elgamal decryption to netpgp. Inspired by (BSD-licensed) the Elgamal decryption code from Postgresql by Marko Kreen. % cp config.h f % netpgp -e f netpgp: default key set to "d4a643c5" % netpgp -d < f.gpg > f.netpgp netpgp: default key set to "d4a643c5" signature 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18] Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5 uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org> encryption 2048/Elgamal (Encrypt-Only) a97a7db6d727bc1e 2010-05-19 [EXPIRES 2013-05-18] netpgp passphrase: % ls -al f* -rw-r--r-- 1 agc agc 5730 Nov 6 23:53 f -rw------- 1 agc agc 1727 Nov 6 23:53 f.gpg -rw-r--r-- 1 agc agc 5730 Nov 6 23:54 f.netpgp % diff f f.netpgp % This makes DSA keys into first class citizens, since encryption and decryption using DSA/Elgamal is now supported.
Add the ability to perform Elgamal encryption to netpgp. Some of this code is inspired by the (BSD-licensed) Elgamal crypto code in Postgresql by Marko Kreen, but netpgp uses BIGNUM numbers instead of MPIs, and its keys have a completely different structure, so much has changed. % cp config.h f % netpgp -e f netpgp: default key set to "d4a643c5" % gpg -d f.gpg > f2 You need a passphrase to unlock the secret key for user: "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>" 2048-bit ELG-E key, ID D727BC1E, created 2010-05-19 (main key ID D4A643C5) gpg: encrypted with 2048-bit ELG-E key, ID D727BC1E, created 2010-05-19 "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>" % diff f f2 % ls -al f* -rw-r--r-- 1 agc agc 5730 Nov 6 05:40 f -rw------- 1 agc agc 1727 Nov 6 05:40 f.gpg -rw-r--r-- 1 agc agc 5730 Nov 6 05:41 f2 %
allow user-specification of cipher to be used when encrypting packets. preserve the CAST5 default for now. at the user level, this is specified using the --cipher=<ciphername> option.
Update to version 3.99.13: + add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm) as specified in RFC 5581 + add the camellia cipher implementation from openssl
check return values from memory allocation routines in symmetric key initialisation. return an error if allocation failed. modify symmetric key initialisation function signature to return an indication of success or failure. get rid of one-time typedef for function definitions; their indirection does not add any extra insight, and just obfuscates the declarations.
Changes to 3.99.12/20100907 + add a pretty print function mj_pretty(3) to libmj + added netpgp_write_sshkey(3) to libnetpgp + added pgp2ssh(1) + added preliminary support for ElGamal decryption, needed for DSA keys as yet untested, unworking, and a WIP + add support for using all ssh keys, even those protected by a passphrase, for decryption and signing. This rounds off ssh key file support in netpgp. + add a single character alias [-S file] for [--sshkeyfile file] to netpgpkeys(1) and netpgp(1) As far as ssh key file support goes, see the following example: % cp configure a % netpgp -S ~/.ssh/id_rsa.pub -e a % netpgp -S ~/.ssh/id_rsa.pub -d a.gpg Enter PEM pass phrase: % ls -al a a.gpg -rwxr-xr-x 1 agc agc 758398 Sep 7 05:38 a -rw------- 1 agc agc 156886 Sep 7 05:38 a.gpg %
Simplify and shorten the internals of packet processing by getting rid of the intermediate pseudo-abstraction layer, which detracted from understanding and had no benefit whatsoever. Rename some enums and some definitions.
use hexdump() where possible. get rid of all traces of dmalloc - it's not used anymore. we can now g/c initialisation functions which do not do anything. also get rid of the pkeyid() functions, which just prints a hexadecimal string
allow the desired hash algorithm to be passed down from the user to the place where it matters - change the required prototype.
Update netpgp to version 1.99.20/20100304 - portability improvements, and bug fixes: Changes to 1.99.20/20100304 + move args to some functions around to be consistent + use uint*_t where appropriate + fix bug in verify memory + add documentation to manual pages to show how to do combined signing/encryption and decryption/verification + make verification of ascii-armoured memory work the same as binary + eliminate use of strdup(3), strcasecmp(3), and strptime(3). NetBSD/pkgsrc PR 42922 applies - need to define _XOPEN_SOURCE and _BSD_SOURCE for newer linux platforms with glibc 2.10.1. solved a bit differently, by implementing strdup(3) and strcasecmp(3) independently, and using regexps to avoid calling strptime(3).
Changes to 1.99.19/20100212 + plug some memory leaks, from cppcheck via Thomas Klausner (thanks!) + make the singular of time units read correctly + print decryption key info properly when prompting for passphrase
Update netpgp to version 1.99.17/20100208 Changes to 1.99.17/20100208 + get rid of last 2 static variables - use the __ops_printstate_t struct passed down, and add the indent variable here too + get rid of 3 occurrences in reader.c where an automatic buffer was addressed (as part of a subsequent callback) by a struct field from a calling scope, and only valid within the callback. Found by Flexelint and phk - many thanks. + print filename/"memory" when time problems occur when validating signatures
Changes to 1.99.16/20100205 + minor simplifications to netpgp(1) internally + fix a bug in netpgp_verify_file where a non-existent file while listing packets would cause a SIGSEGV + add duration arg to netpgp(1), and check for validity when verifying signatures + add birthtime arg to netpgp(1), and check for validity when verifying signatures + add netpgp commands to print pubkey, if desired + allow the passphrase for the signature to be taken from --pass-fd + get rid of static indent value when printing packet contents + print signature validity times when verifying a file's signature
Netpgp changes to 1.99.15/20091221 + some ssh host keys do not have the username of the generator included in the key itself. If there is no username in there, create one. + added netpgp_encrypt_memory() and netpgp_decrypt_memory() + overhaul netpgp(1) to work with stdin/stdout if no filenames specified: % netpgp --encrypt < a | netpgp --decrypt > b netpgp: default key set to "C0596823" netpgp: default key set to "C0596823" pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 uid Alistair Crooks <agc@netbsd.org> uid Alistair Crooks <agc@pkgsrc.org> uid Alistair Crooks <agc@alistaircrooks.com> uid Alistair Crooks <alistair@hockley-crooks.com> netpgp passphrase: % diff a b % ls -al a b -rw-r--r-- 1 agc agc 15243 Dec 20 08:55 a -rw-r--r-- 1 agc agc 15243 Dec 21 17:15 b % % netpgp --sign < a | netpgp --cat > b netpgp: default key set to "C0596823" netpgp: default key set to "C0596823" pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 uid Alistair Crooks <agc@netbsd.org> uid Alistair Crooks <agc@pkgsrc.org> uid Alistair Crooks <agc@alistaircrooks.com> uid Alistair Crooks <alistair@hockley-crooks.com> netpgp passphrase: Good signature for <stdin> made Mon Dec 21 18:25:02 2009 using RSA (Encrypt or Sign) key 1b68dcfcc0596823 pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 uid Alistair Crooks <alistair@hockley-crooks.com> uid Alistair Crooks <agc@pkgsrc.org> uid Alistair Crooks <agc@netbsd.org> uid Alistair Crooks <agc@alistaircrooks.com> uid Alistair Crooks (Yahoo!) <agcrooks@yahoo-inc.com> % + add explanations of memory-based operations to manual pages
Add the ability to use ssh host keys (on the fly) to provide RSA keys. These keys can be used in the same way as normal PGP keys - to sign, verify, encrypt and decrypt files and data. % cp configure a % sudo netpgp --ssh-keys --sign --userid 1e00404a a Password: pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11 Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a % sudo chmod 644 a.gpg % netpgp --ssh-keys --verify a.gpg netpgp: default key set to "C0596823" can't open '/etc/ssh/ssh_host_rsa_key' Good signature for a.gpg made Fri Dec 4 23:04:36 2009 using RSA (Encrypt or Sign) key 040180871e00404a pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11 Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk> % uname -a NetBSD osx-vm1.crowthorne.alistaircrooks.co.uk 5.99.20 NetBSD 5.99.20 (ISCSI) #0: Wed Oct 7 17:16:33 PDT 2009 agc@osx-vm1.crowthorne.alistaircrooks.co.uk:/usr/obj/i386/usr/src/sys/arch/i386/compile/ISCSI i386 % The ssh host keys do not need to be manipulated in any way - the information is read from existing files.
More checking of allocation return values where not already done. Revamp hash initialisation to return a success/failure error code. Document places where we prefer to continue with a NULL buffer, rather than silently continue with possibly erroneous results.
Don't complain if $HOME/.gnupg does not exist (and using --homedir). Don't require a userid to be set in the gpg.conf file - it can be set on the command line when it's needed (for signing and encryption, the other operations in netpgp(1) will take the userid from the signed/encrypted file). Add tests for the lack of a default userid in the config file.
CHANGES 1.99.8 -> 1.99.9 + make more use of __ops_io_t structure + addition of standalone, stripped-down netpgpverify utility + addition of test for --list-packets on an empty file + bring forward some simplifications from netpgpverify + some name changes + get rid of the increment and then decrement keycount around accumulated data ("it's to do with counting") + then use unsigned integers for the size and counts for the dynamic array of keys, and use the common dynamic array macros for keys in a keyring + if it's a union, let's use it as a union, not a struct + modified documentation to correct the --list-packets command (sorry, ver) + add a new directory structure for both the distribution and the reachover Makefiles. The autotest framework has been partially overhauled but more TLC is needed here. + add a --pass-fd=n option so that external programs can provide the passphrase on a file descriptor without going through the callback, requested by joerg
CHANGES 1.99.7 -> 1.99.8 + get rid of __ops_malloc_passphrase() - strdup() works just as well + generalise __ops_seckey_forget() to become __ops_forget(), give it a size parameter, and make it work on things other than secret keys (passphrases for instance) + minor struct field enum renaming + minor function call renaming + add ops_io_t struct to hold pointers to IO streams, and pass it down where necessary
CHANGES 1.0.0 -> 1.99.1 + released and tagged version 1.0.0; development version now 1.99.1 + get rid of some fields which are no longer needed + minor name changes + add mmapped field to ops_data_t struct to denote that the array needs an munmap(2) and not a free(3) + add an __ops_mem_readfile() function, and use it for reading files. The function does mmap(2), and then falls back to read(2) if that fails. Retire unused __ops_fileread() which had an unusual interface + drop sign_detached() from netpgp.c down into signature.c as __ops_sign_detached()
+ some more name changes + we've had the ability to sign files with a detached signature for a while now. We can now verify the files using the detached signature file. + in honour of this, update version numbers - 1.0.0/20090517
+ don't use arrays of length 1 to hold single instances of characters, unsigned or not - just use a single character itself + misc cleanup + rename cinfo to "output" and ops_createinfo_t to "ops_output_t" to be a bit more descriptive + shorten some long names + get rid of test for libgen.h - it's not needed anymore + bump to version 0.99.4, and 20090515 sources, regenerate configure and co + numerous name changes to be more consistent and more concise + add verbosity level to the variables that can be set and retrieved by netpgp_setvar() and netpgp_getvar() + added --verbose option to netpgp(1) + add __RCSID() to all files
+ got rid of "local" header files. These aren't necessary since the openpgpsdk code was modified to all be in the same directory + added netpgp_getvar() and netpgp_setvar(), and use them to get and set the user id and hash algorithm preference + get rid of <stdbool.h> usage - I'm still not sure this is the way we should be going long term, but the bool changes got integrated with the others, and are there in cvs history if we want to resurrect them. Correct autoconf accordingly. Bump netpgp minimus version, and autoconf-based date version. + updated documentation to reflect these changes
Sync with HEAD. Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
file crypto.h was added on branch jym-xensuspend on 2009-05-13 19:16:05 +0000
Commit the weekend's changes: + minor name changes + remove duplicated code (commented out) in packet-print.c + original code contained abstraction violations for hash size - fix them + get rid of some magic constants related to length of hash arrays + allow a choice of hash algorithms for the signature digest (rather than hardcoding SHA1 - it is looking as though collisions are easier to manufacture based on recent findings) + move default signature RSA hash algorithm to SHA256 (from SHA1). This is passed as a string parameter from the high-level interface. We'll revisit this later after a good way to specify the algorithm has been found. + display the size of the keys in --list-packets + display the keydata prior to file decryption
Change some names to something a bit less obscure. e.g. For some unfathomable reason, I find "__ops_write_mem_from_file" a bit counterintuitive - replace that by "__ops_fileread"
Import netpgp source into crypto/external - this is a heavily-modified version of openpgpsdk, and will replace it. Differences between netpgp and the NetBSD repository version of openpgpsdk are: + Wrap source code in GNU autoconf/configure + New high-level interface for libnetpgp(3) and netpgp(1) + Hide prolifery of local headers in the internal lib directory - there is now one exported header called netpgp.h + Hide all ops_* functions and structs behind __ops_* names + Fix long-standing bug - make decryption work with files > 8192 bytes (fix for signature verification of signed files > 8192 bytes was already brought forward from the NetBSD repository of openpgpsdk) + Use mmap(2) to read files, falls back to read(2) if can't do mmap + Compile portable package using libtool + Rationalise the number of source files - merge a number of smaller ones + Case-insensitive matching of key ids + Use PRIsize throughout + Use calloc(3) throughout to zero memory + Get rid of global symbols which abused a macro + Use more descriptive names - remove "_arg_" components, name things for their purpose, rather than what they are (their type) + No more --passphrase= argument to netpgp(1) - this is now always done through callbacks + Report source code date and build date in version number, as well as the version number itself This will form the basis of the portable netpgp package.
Initial revision