Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/netpgp/dist/src/netpgpverify catch up wi...
details: https://anonhg.NetBSD.org/src/rev/458273dd9954
branches: trunk
changeset: 335929:458273dd9954
user: agc <agc%NetBSD.org@localhost>
date: Fri Jan 30 18:58:59 2015 +0000
description:
catch up with pkgsrc, update netpgpverify to 20150115:
+ add '-c dump' command to do a packet dump of the input
diffstat:
crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd | 9 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/chk.sh | 22 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c | 72 ++++++++++
crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c | 6 +
crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.c | 45 ++++++
crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.h | 1 +
crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1 | 30 +++-
crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.h | 7 +-
8 files changed, 168 insertions(+), 24 deletions(-)
diffs (truncated from 345 to 300 lines):
diff -r c8c0181f2e34 -r 458273dd9954 crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd Fri Jan 30 15:04:35 2015 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/Makefile.bsd Fri Jan 30 18:58:59 2015 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.bsd,v 1.2 2014/12/05 04:42:36 agc Exp $
+# $NetBSD: Makefile.bsd,v 1.3 2015/01/30 18:58:59 agc Exp $
PROG=netpgpverify
@@ -30,3 +30,10 @@
./${PROG} -S sshtest-20140202.pub data.sig
@echo "expected failure, to check bad signatures fail to verify"
-sed -e 's|A|B|' data.gpg | ./${PROG} -S sshtest-20140202.pub
+ @echo ""
+ @echo "expected failure, no valid key for verification"
+ -./${PROG} -k /dev/null NetBSD-6.0_RC1_hashes.gpg
+ @echo "dumping now"
+ ./${PROG} -c dump -k pubring.gpg NetBSD-6.0_RC1_hashes.asc
+ @echo "dumping ssh now"
+ ./${PROG} -c dump -S sshtest-20140202.pub data.gpg
diff -r c8c0181f2e34 -r 458273dd9954 crypto/external/bsd/netpgp/dist/src/netpgpverify/chk.sh
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/chk.sh Fri Jan 30 15:04:35 2015 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/chk.sh Fri Jan 30 18:58:59 2015 +0000
@@ -1,8 +1,8 @@
#! /bin/sh
-# $NetBSD: chk.sh,v 1.1 2014/03/09 00:15:45 agc Exp $
+# $NetBSD: chk.sh,v 1.2 2015/01/30 18:58:59 agc Exp $
-# Copyright (c) 2013,2014 Alistair Crooks <agc%NetBSD.org@localhost>
+# Copyright (c) 2013,2014,2015 Alistair Crooks <agc%NetBSD.org@localhost>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -34,12 +34,10 @@
os=EdgeBSD
osrev=6
arch=amd64
-pkgsrc=pkgsrc-2013Q2
-keyring=""
+pkgsrc=pkgsrc-2013Q1
while [ $# -gt 0 ]; do
case "$1" in
--arch|-a) arch=$2; shift ;;
- --keyring|-k) keyring=$2; shift ;;
--os|-o) os=$2; shift ;;
--pkgsrc) pkgsrc=$2; shift ;;
-v) set -x ;;
@@ -48,12 +46,8 @@
shift
done
-case "${keyring}" in
-"") keyring=$HOME/.gnupg/pubring.gpg ;;
-esac
-
#fetch file
-repo=ftp://ftp.edgebsd.org/pub/pkgsrc/packages/${os}/${arch}/${os}-${osrev}/${pkgsrc}/All/
+repo=ftp://ftp.edgebsd.org/pub/pkgsrc/packages/${os}/${os}-${osrev}/${arch}/${pkgsrc}/All/
if [ ! -f $1 ]; then
case "${repo}" in
@@ -98,9 +92,10 @@
diff ${dir}/+PKG_HASH ${dir}/calc || die "Bad hashes generated"
# use netpgpverify to verify the signature
-if [ -x /usr/pkg/bin/netpgpverify ]; then
+if [ -x /usr/bin/netpgpverify -o -x /usr/pkg/bin/netpgpverify ]; then
+ echo "=== Using netpgpverify to verify the package signature ==="
# check the signature in +PKG_GPG_SIGNATURE
- cp ${keyring} ${dir}/pubring.gpg
+ cp ${here}/pubring.pub ${dir}/pubring.gpg
# calculate the sig file we want to verify
echo "-----BEGIN PGP SIGNED MESSAGE-----" > ${dir}/${name}.sig
echo "Hash: ${digest}" >> ${dir}/${name}.sig
@@ -108,7 +103,8 @@
cat ${dir}/+PKG_HASH ${dir}/+PKG_GPG_SIGNATURE >> ${dir}/${name}.sig
(cd ${dir} && netpgpverify -k pubring.gpg ${name}.sig) || die "Bad signature"
else
- gpg --recv 0x6F3AF5E2
+ echo "=== Using gpg to verify the package signature ==="
+ gpg --recv --keyserver pgp.mit.edu 0x6F3AF5E2
(cd ${dir} && gpg --verify --homedir=${dir} ./+PKG_GPG_SIGNATURE ./+PKG_HASH) || die "Bad signature"
fi
echo "Signatures match on ${name} package"
diff -r c8c0181f2e34 -r 458273dd9954 crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c Fri Jan 30 15:04:35 2015 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/libverify.c Fri Jan 30 18:58:59 2015 +0000
@@ -2597,6 +2597,36 @@
return match_sig(cursor, signature, pubkey, data, insize);
}
+/* return the packet type */
+static const char *
+get_packet_type(uint8_t tag)
+{
+ switch(tag) {
+ case SIGNATURE_PKT:
+ return "signature packet";
+ case ONEPASS_SIGNATURE_PKT:
+ return "onepass signature packet";
+ case PUBKEY_PKT:
+ return "pubkey packet";
+ case COMPRESSED_DATA_PKT:
+ return "compressed data packet";
+ case MARKER_PKT:
+ return "marker packet";
+ case LITDATA_PKT:
+ return "litdata packet";
+ case TRUST_PKT:
+ return "trust packet";
+ case USERID_PKT:
+ return "userid packet";
+ case PUB_SUBKEY_PKT:
+ return "public subkey packet";
+ case USER_ATTRIBUTE_PKT:
+ return "user attribute packet";
+ default:
+ return "[UNKNOWN]";
+ }
+}
+
/* get an element from the found array */
int
pgpv_get_cursor_element(pgpv_cursor_t *cursor, size_t element)
@@ -2740,3 +2770,45 @@
memcpy(*ret, data, size);
return size;
}
+
+#define KB(x) ((x) * 1024)
+
+/* dump all packets */
+size_t
+pgpv_dump(pgpv_t *pgp, char **data)
+{
+ ssize_t dumpc;
+ size_t alloc;
+ size_t pkt;
+ size_t cc;
+ size_t n;
+ char buf[800];
+ char *newdata;
+
+ cc = alloc = 0;
+ *data = NULL;
+ for (pkt = 0 ; pkt < ARRAY_COUNT(pgp->pkts) ; pkt++) {
+ if (cc + KB(64) >= alloc) {
+ if ((newdata = realloc(*data, alloc + KB(64))) == NULL) {
+ return cc;
+ }
+ alloc += KB(64);
+ *data = newdata;
+ }
+ memset(buf, 0x0, sizeof(buf));
+ dumpc = netpgp_hexdump(ARRAY_ELEMENT(pgp->pkts, pkt).s.data,
+ MIN((sizeof(buf) / 80) * 16,
+ ARRAY_ELEMENT(pgp->pkts, pkt).s.size),
+ buf, sizeof(buf));
+ n = snprintf(&(*data)[cc], alloc - cc,
+ "[%zu] off %zu, len %zu, tag %u, %s\n%.*s",
+ pkt,
+ ARRAY_ELEMENT(pgp->pkts, pkt).offset,
+ ARRAY_ELEMENT(pgp->pkts, pkt).s.size,
+ ARRAY_ELEMENT(pgp->pkts, pkt).tag,
+ get_packet_type(ARRAY_ELEMENT(pgp->pkts, pkt).tag),
+ (int)dumpc, buf);
+ cc += n;
+ }
+ return cc;
+}
diff -r c8c0181f2e34 -r 458273dd9954 crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c Fri Jan 30 15:04:35 2015 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c Fri Jan 30 18:58:59 2015 +0000
@@ -103,6 +103,12 @@
}
return 1;
}
+ } else if (strcasecmp(cmd, "dump") == 0) {
+ if ((cookie = pgpv_verify(&cursor, pgp, in, cc)) != 0) {
+ size = pgpv_dump(pgp, &data);
+ write(STDOUT_FILENO, data, size);
+ return 1;
+ }
} else if (strcasecmp(cmd, "verify") == 0 || strcasecmp(cmd, "trust") == 0) {
modifiers = (strcasecmp(cmd, "trust") == 0) ? "trust" : NULL;
if (pgpv_verify(&cursor, pgp, in, cc)) {
diff -r c8c0181f2e34 -r 458273dd9954 crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.c
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.c Fri Jan 30 15:04:35 2015 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.c Fri Jan 30 18:58:59 2015 +0000
@@ -65,3 +65,48 @@
free(ptr);
#endif
}
+
+#define HEXDUMP_LINELEN 16
+
+#ifndef PRIsize
+#define PRIsize "z"
+#endif
+
+/* show hexadecimal/ascii dump */
+ssize_t
+netpgp_hexdump(const void *vin, const size_t len, void *outvp, size_t size)
+{
+ const char *in = (const char *)vin;
+ size_t i;
+ char line[HEXDUMP_LINELEN + 1];
+ char *out = (char *)outvp;
+ int o;
+
+ for (i = 0, o = 0 ; i < len ; i++) {
+ if (i % HEXDUMP_LINELEN == 0) {
+ o += snprintf(&out[o], size - o,
+ "%.5" PRIsize "u | ", i);
+ } else if (i % (HEXDUMP_LINELEN / 2) == 0) {
+ o += snprintf(&out[o], size - o, " ");
+ }
+ o += snprintf(&out[o], size - o, "%.02x ", (uint8_t)in[i]);
+ line[i % HEXDUMP_LINELEN] =
+ (isprint((uint8_t)in[i])) ? in[i] : '.';
+ if (i % HEXDUMP_LINELEN == HEXDUMP_LINELEN - 1) {
+ line[HEXDUMP_LINELEN] = 0x0;
+ o += snprintf(&out[o], size - o, " | %s\n", line);
+ }
+ }
+ if (i % HEXDUMP_LINELEN != 0) {
+ for ( ; i % HEXDUMP_LINELEN != 0 ; i++) {
+ o += snprintf(&out[o], size - o, " ");
+ if (i % (HEXDUMP_LINELEN / 2) == 0) {
+ o += snprintf(&out[o], size - o, " ");
+ }
+ line[i % HEXDUMP_LINELEN] = ' ';
+ }
+ line[HEXDUMP_LINELEN] = 0x0;
+ o += snprintf(&out[o], size - o, " | %s\n", line);
+ }
+ return (ssize_t)o;
+}
diff -r c8c0181f2e34 -r 458273dd9954 crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.h
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.h Fri Jan 30 15:04:35 2015 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/misc.h Fri Jan 30 18:58:59 2015 +0000
@@ -43,6 +43,7 @@
void *netpgp_allocate(size_t /*n*/, size_t /*nels*/);
void netpgp_deallocate(void */*ptr*/, size_t /*size*/);
+ssize_t netpgp_hexdump(const void */*in*/, const size_t /*inlen*/, void */*out*/, size_t /*outsize*/);
__END_DECLS
diff -r c8c0181f2e34 -r 458273dd9954 crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1 Fri Jan 30 15:04:35 2015 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1 Fri Jan 30 18:58:59 2015 +0000
@@ -1,6 +1,6 @@
-.\" $NetBSD: netpgpverify.1,v 1.8 2014/03/09 00:15:45 agc Exp $
+.\" $NetBSD: netpgpverify.1,v 1.9 2015/01/30 18:58:59 agc Exp $
.\"
-.\" Copyright (c) 2013,2014 Alistair Crooks <agc%NetBSD.org@localhost>
+.\" Copyright (c) 2013,2014,2015 Alistair Crooks <agc%NetBSD.org@localhost>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd February 2, 2014
+.Dd January 15, 2015
.Dt NETPGPVERIFY 1
.Os
.Sh NAME
@@ -71,15 +71,21 @@
The
.Fl k
command line argument allows a keyring to be specified.
+.Pp
The
.Fl v
command line argument prints the version of the
.Nm
command and then exits.
-Finally, the
+.Pp
+The
.Fl c
-command specified the command which may be given.
-This can take one of two values:
+argument allows a
+.Dq command
+to be given, modifying the behaviour of the
+.Nm
+command.
+This command can take one of three values:
.Dq verify
which is also the default, which verifies the signature
on the data;
@@ -87,7 +93,17 @@
will also verify the signature on the data, and, if
successfully verified, will display the verified
data on
Home |
Main Index |
Thread Index |
Old Index