Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/netpgp/dist/src/lib Changes to help with...
details: https://anonhg.NetBSD.org/src/rev/7dbbddf455e6
branches: trunk
changeset: 758771:7dbbddf455e6
user: agc <agc%NetBSD.org@localhost>
date: Mon Nov 15 08:03:39 2010 +0000
description:
Changes to help with netpgp key generation and interoperability:
+ use plain SHA1 for session key s2k negotiation
+ don't warn on some conditions when inflating (reading a compressed file)
since the conditions don't hold for partial block lengths
+ prompt for a passphrase when generating a new key - used in the upcoming
secret-sharing functionality for netpgp
diffstat:
crypto/external/bsd/netpgp/dist/src/lib/compress.c | 17 +-----
crypto/external/bsd/netpgp/dist/src/lib/create.c | 26 ++++----
crypto/external/bsd/netpgp/dist/src/lib/netpgp.c | 51 ++++++++++++++++-
crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c | 7 +-
crypto/external/bsd/netpgp/dist/src/lib/writer.c | 11 ++-
5 files changed, 75 insertions(+), 37 deletions(-)
diffs (295 lines):
diff -r 56614088d21a -r 7dbbddf455e6 crypto/external/bsd/netpgp/dist/src/lib/compress.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/compress.c Mon Nov 15 06:32:38 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/compress.c Mon Nov 15 08:03:39 2010 +0000
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: compress.c,v 1.20 2010/11/11 00:58:04 agc Exp $");
+__RCSID("$NetBSD: compress.c,v 1.21 2010/11/15 08:03:39 agc Exp $");
#endif
#ifdef HAVE_ZLIB_H
@@ -133,19 +133,11 @@
z->zstream.next_out == &z->out[z->offset]) {
return 0;
}
-
if (pgp_get_debug_level(__FILE__)) {
(void) fprintf(stderr,
"zlib_compressed_data_reader: length %" PRIsize "d\n",
length);
}
-
- if (z->region->readc == z->region->length) {
- if (z->inflate_ret != Z_STREAM_END) {
- PGP_ERROR(cbinfo->errors, PGP_E_P_DECOMPRESSION_ERROR,
- "Compressed data didn't end when region ended.");
- }
- }
for (cc = 0 ; cc < length ; cc += len) {
if (&z->out[z->offset] == z->zstream.next_out) {
int ret;
@@ -221,17 +213,10 @@
(void) fprintf(stderr, "Weird type %d\n", bz->type);
return 0;
}
-
if (bz->inflate_ret == BZ_STREAM_END &&
bz->bzstream.next_out == &bz->out[bz->offset]) {
return 0;
}
- if (bz->region->readc == bz->region->length) {
- if (bz->inflate_ret != BZ_STREAM_END) {
- PGP_ERROR(cbinfo->errors, PGP_E_P_DECOMPRESSION_ERROR,
- "Compressed data didn't end when region ended.");
- }
- }
for (cc = 0 ; cc < length ; cc += len) {
if (&bz->out[bz->offset] == bz->bzstream.next_out) {
int ret;
diff -r 56614088d21a -r 7dbbddf455e6 crypto/external/bsd/netpgp/dist/src/lib/create.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/create.c Mon Nov 15 06:32:38 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/create.c Mon Nov 15 08:03:39 2010 +0000
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: create.c,v 1.37 2010/11/07 08:39:59 agc Exp $");
+__RCSID("$NetBSD: create.c,v 1.38 2010/11/15 08:03:39 agc Exp $");
#endif
#include <sys/types.h>
@@ -285,7 +285,7 @@
pgp_hash_t hash;
unsigned done = 0;
unsigned i = 0;
- uint8_t hashed[PGP_SHA1_HASH_SIZE];
+ uint8_t *hashed;
uint8_t sesskey[CAST_KEY_LENGTH];
if (!write_pubkey_body(&key->pubkey, output)) {
@@ -360,15 +360,21 @@
/* RFC4880: section 3.7.1.1 and 3.7.1.2 */
for (done = 0, i = 0; done < CAST_KEY_LENGTH; i++) {
+ unsigned hashsize;
unsigned j;
+ unsigned needed;
+ unsigned size;
uint8_t zero = 0;
- int needed;
- int size;
+ /* Hard-coded SHA1 for session key */
+ pgp_hash_any(&hash, PGP_HASH_SHA1);
+ hashsize = pgp_hash_size(key->hash_alg);
needed = CAST_KEY_LENGTH - done;
- size = MIN(needed, PGP_SHA1_HASH_SIZE);
-
- pgp_hash_any(&hash, key->hash_alg);
+ size = MIN(needed, hashsize);
+ if ((hashed = calloc(1, hashsize)) == NULL) {
+ (void) fprintf(stderr, "write_seckey_body: bad alloc\n");
+ return 0;
+ }
if (!hash.init(&hash)) {
(void) fprintf(stderr, "write_seckey_body: bad alloc\n");
return 0;
@@ -396,7 +402,7 @@
* if more in hash than is needed by session key, use
* the leftmost octets
*/
- (void) memcpy(&sesskey[i * PGP_SHA1_HASH_SIZE],
+ (void) memcpy(&sesskey[i * hashsize],
hashed, (unsigned)size);
done += (unsigned)size;
if (done > CAST_KEY_LENGTH) {
@@ -435,13 +441,9 @@
pgp_push_enc_crypt(output, &crypted);
switch (key->pubkey.alg) {
- /* case PGP_PKA_DSA: */
- /* return pgp_write_mpi(output, key->key.dsa.x); */
-
case PGP_PKA_RSA:
case PGP_PKA_RSA_ENCRYPT_ONLY:
case PGP_PKA_RSA_SIGN_ONLY:
-
if (!pgp_write_mpi(output, key->key.rsa.d) ||
!pgp_write_mpi(output, key->key.rsa.p) ||
!pgp_write_mpi(output, key->key.rsa.q) ||
diff -r 56614088d21a -r 7dbbddf455e6 crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Mon Nov 15 06:32:38 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Mon Nov 15 08:03:39 2010 +0000
@@ -34,7 +34,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.82 2010/11/07 21:41:38 agc Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.83 2010/11/15 08:03:39 agc Exp $");
#endif
#include <sys/types.h>
@@ -697,6 +697,45 @@
return cc;
}
+#define MAX_PASSPHRASE_ATTEMPTS 3
+
+/* get the passphrase from the user */
+static int
+find_passphrase(FILE *passfp, const char *id, char *passphrase, size_t size)
+{
+ char prompt[BUFSIZ];
+ char buf[128];
+ char *cp;
+ int cc;
+ int i;
+
+ if (passfp) {
+ if (fgets(passphrase, size, passfp) == NULL) {
+ return 0;
+ }
+ return strlen(passphrase);
+ }
+ for (i = 0 ; i < MAX_PASSPHRASE_ATTEMPTS ; i++) {
+ (void) snprintf(prompt, sizeof(prompt), "Enter passphrase for %.16s: ", id);
+ if ((cp = getpass(prompt)) == NULL) {
+ break;
+ }
+ cc = snprintf(buf, sizeof(buf), "%s", cp);
+ (void) snprintf(prompt, sizeof(prompt), "Repeat passphrase for %.16s: ", id);
+ if ((cp = getpass(prompt)) == NULL) {
+ break;
+ }
+ cc = snprintf(passphrase, size, "%s", cp);
+ if (strcmp(buf, passphrase) == 0) {
+ (void) memset(buf, 0x0, sizeof(buf));
+ return cc;
+ }
+ }
+ (void) memset(buf, 0x0, sizeof(buf));
+ (void) memset(passphrase, 0x0, size);
+ return 0;
+}
+
/***************************************************************************/
/* exported functions start here */
/***************************************************************************/
@@ -1086,6 +1125,8 @@
return pgp_keyring_list(io, netpgp->pubring, 0);
}
+#define ID_OFFSET 38
+
/* generate a new key */
int
netpgp_generate_key(netpgp_t *netpgp, char *id, int numbits)
@@ -1095,11 +1136,13 @@
pgp_key_t *key;
pgp_io_t *io;
uint8_t *uid;
+ char passphrase[128];
char newid[1024];
char filename[MAXPATHLEN];
char dir[MAXPATHLEN];
char *cp;
char *ringfile;
+ int passc;
int fd;
uid = NULL;
@@ -1123,7 +1166,7 @@
pgp_sprint_keydata(netpgp->io, NULL, key, &cp, "signature ", &key->key.seckey.pubkey, 0);
(void) fprintf(stdout, "%s", cp);
/* write public key */
- (void) snprintf(dir, sizeof(dir), "%s/%.16s", netpgp_getvar(netpgp, "homedir"), &cp[38]);
+ (void) snprintf(dir, sizeof(dir), "%s/%.16s", netpgp_getvar(netpgp, "homedir"), &cp[ID_OFFSET]);
if (mkdir(dir, 0700) < 0) {
(void) fprintf(io->errs, "can't mkdir '%s'\n", dir);
return 0;
@@ -1146,7 +1189,9 @@
(void) fprintf(io->errs, "can't append secring '%s'\n", ringfile);
return 0;
}
- if (!pgp_write_xfer_seckey(create, key, NULL, 0, noarmor)) {
+ /* get the passphrase */
+ passc = find_passphrase(netpgp->passfp, &cp[ID_OFFSET], passphrase, sizeof(passphrase));
+ if (!pgp_write_xfer_seckey(create, key, (uint8_t *)passphrase, passc, noarmor)) {
(void) fprintf(io->errs, "Cannot write seckey\n");
return 0;
}
diff -r 56614088d21a -r 7dbbddf455e6 crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c Mon Nov 15 06:32:38 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c Mon Nov 15 08:03:39 2010 +0000
@@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: packet-parse.c,v 1.47 2010/11/11 01:08:26 agc Exp $");
+__RCSID("$NetBSD: packet-parse.c,v 1.48 2010/11/15 08:03:40 agc Exp $");
#endif
#include <sys/types.h>
@@ -2468,6 +2468,8 @@
return 0;
}
+ /* Hardcoded SHA1 for just now */
+ pkt.u.seckey.hash_alg = PGP_HASH_SHA1;
hashsize = pgp_hash_size(pkt.u.seckey.hash_alg);
if (hashsize == 0 || hashsize > PGP_MAX_HASH_SIZE) {
(void) fprintf(stderr,
@@ -2573,7 +2575,8 @@
fprintf(stderr, "parse_seckey: end of crypted passphrase\n");
}
if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) {
- pkt.u.seckey.checkhash = calloc(1, PGP_CHECKHASH_SIZE);
+ /* XXX - Hard-coded SHA1 here ?? Check */
+ pkt.u.seckey.checkhash = calloc(1, PGP_SHA1_HASH_SIZE);
if (pkt.u.seckey.checkhash == NULL) {
(void) fprintf(stderr, "parse_seckey: bad alloc\n");
return 0;
diff -r 56614088d21a -r 7dbbddf455e6 crypto/external/bsd/netpgp/dist/src/lib/writer.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/writer.c Mon Nov 15 06:32:38 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/writer.c Mon Nov 15 08:03:39 2010 +0000
@@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: writer.c,v 1.30 2010/11/07 08:40:00 agc Exp $");
+__RCSID("$NetBSD: writer.c,v 1.31 2010/11/15 08:03:40 agc Exp $");
#endif
#include <sys/types.h>
@@ -1171,7 +1171,7 @@
/* now construct MDC packet and add to the end of the buffer */
pgp_setup_memory_write(&mdcoutput, &mdc, mdcsize);
- pgp_calc_mdc_hash(preamble, preamblesize, data, len, &hashed[0]);
+ pgp_calc_mdc_hash(preamble, preamblesize, data, len, hashed);
pgp_write_mdc(mdcoutput, hashed);
if (pgp_get_debug_level(__FILE__)) {
@@ -1351,15 +1351,18 @@
{
/* XXX: push a SHA-1 checksum writer (and change s2k to 254). */
skey_checksum_t *sum;
+ unsigned hashsize;
if ((sum = calloc(1, sizeof(*sum))) == NULL) {
(void) fprintf(stderr,
"pgp_push_checksum_writer: bad alloc\n");
} else {
/* configure the arg */
- sum->hash_alg = seckey->hash_alg;
+ /* Hardcoded SHA1 for just now */
+ sum->hash_alg = PGP_HASH_SHA1;
+ hashsize = pgp_hash_size(sum->hash_alg);
if ((sum->hashed = seckey->checkhash) == NULL) {
- sum->hashed = seckey->checkhash = calloc(1, PGP_CHECKHASH_SIZE);
+ sum->hashed = seckey->checkhash = calloc(1, hashsize);
}
/* init the hash */
pgp_hash_any(&sum->hash, sum->hash_alg);
Home |
Main Index |
Thread Index |
Old Index