Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/agc-netpgp-standalone]: src/crypto/external/bsd/netpgp Fix a tyop in the...
details: https://anonhg.NetBSD.org/src/rev/f22804092466
branches: agc-netpgp-standalone
changeset: 777820:f22804092466
user: agc <agc%NetBSD.org@localhost>
date: Tue Oct 23 15:00:56 2012 +0000
description:
Fix a tyop in the getopt string so that it specifies that -k takes an
argument - makes the specification of public keyrings work again.
Make pgpv_verify return a cookie if the signature matches, rather than
just a plain pseudo-boolean value. The cookie can be used
subsequently to retrieve the verified data
Use the cookie as input to pgp_get_verified()
Add tests for DSA key verification
diffstat:
crypto/external/bsd/netpgp/bin/netpgpverify/Makefile | 32 +++++++--
crypto/external/bsd/netpgp/bin/netpgpverify/dsa-pubring.gpg | Bin
crypto/external/bsd/netpgp/bin/netpgpverify/expected36 | 7 ++
crypto/external/bsd/netpgp/bin/netpgpverify/expected37 | 7 ++
crypto/external/bsd/netpgp/bin/netpgpverify/expected38 | 7 ++
crypto/external/bsd/netpgp/bin/netpgpverify/expected39 | 7 ++
crypto/external/bsd/netpgp/bin/netpgpverify/expected40 | 6 +
crypto/external/bsd/netpgp/bin/netpgpverify/expected41 | 6 +
crypto/external/bsd/netpgp/bin/netpgpverify/expected42 | 6 +
crypto/external/bsd/netpgp/bin/netpgpverify/expected43 | 6 +
crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3 | 17 +++-
crypto/external/bsd/netpgp/dist/src/libverify/libverify.c | 15 ++--
crypto/external/bsd/netpgp/dist/src/libverify/verify.h | 6 +-
crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c | 13 ++-
14 files changed, 105 insertions(+), 30 deletions(-)
diffs (truncated from 320 to 300 lines):
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/bin/netpgpverify/Makefile
--- a/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile Mon Oct 22 08:35:13 2012 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile Tue Oct 23 15:00:56 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.1.2.3 2012/10/20 12:22:00 agc Exp $
+# $NetBSD: Makefile,v 1.1.2.4 2012/10/23 15:00:56 agc Exp $
.include <bsd.own.mk>
@@ -14,12 +14,6 @@
CPPFLAGS+=-I${EXTDIST}/libverify
-# XXX - debugging
-#CPPFLAGS+=-g -O0
-#LDFLAGS+=-g -O0
-#CPPFLAGS+=-O3
-#LDFLAGS+=-O3
-
LIBNETPGPVERIFYDIR!= cd ${.CURDIR}/../../lib/verify && ${PRINTOBJDIR}
LDADD+= -L${LIBNETPGPVERIFYDIR} -lnetpgpverify
DPADD+= ${LIBNETPGPVERIFYDIR}/libnetpgpverify.a
@@ -90,3 +84,27 @@
env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat det.sig > output35
diff expected35 output35
rm -f output35
+ env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in1.gpg > output36
+ diff expected36 output36
+ rm -f output36
+ env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg < in1.gpg > output37
+ diff expected37 output37
+ rm -f output37
+ env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in1.asc > output38
+ diff expected38 output38
+ rm -f output38
+ env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg < in1.asc > output39
+ diff expected39 output39
+ rm -f output39
+ env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat in1.gpg > output40
+ diff expected40 output40
+ rm -f output40
+ env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat < in1.gpg > output41
+ diff expected41 output41
+ rm -f output41
+ env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat in1.asc > output42
+ diff expected42 output42
+ rm -f output42
+ env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat < in1.asc > output43
+ diff expected43 output43
+ rm -f output43
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/bin/netpgpverify/dsa-pubring.gpg
Binary file crypto/external/bsd/netpgp/bin/netpgpverify/dsa-pubring.gpg has changed
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/bin/netpgpverify/expected36
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected36 Tue Oct 23 15:00:56 2012 +0000
@@ -0,0 +1,7 @@
+Good signature for in1.gpg made Sun Oct 21 19:36:06 2012
+signature 3072/DSA 263fe78562e2fc7e 2012-10-21
+fingerprint: d2e5 07b6 5d59 33d3 9c8d a618 263f e785 62e2 fc7e
+uid David Armstrong (Test DSA key - do not use) <dsa%dsa.com@localhost>
+encryption 2048/Elgamal (Encrypt Only) 53d1f21240f293c6 2012-10-21 [Expiry 2014-10-21]
+fingerprint: 6a83 d4aa 791f d8af a967 5e44 53d1 f212 40f2 93c6
+
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/bin/netpgpverify/expected37
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected37 Tue Oct 23 15:00:56 2012 +0000
@@ -0,0 +1,7 @@
+Good signature for [stdin] made Sun Oct 21 19:36:06 2012
+signature 3072/DSA 263fe78562e2fc7e 2012-10-21
+fingerprint: d2e5 07b6 5d59 33d3 9c8d a618 263f e785 62e2 fc7e
+uid David Armstrong (Test DSA key - do not use) <dsa%dsa.com@localhost>
+encryption 2048/Elgamal (Encrypt Only) 53d1f21240f293c6 2012-10-21 [Expiry 2014-10-21]
+fingerprint: 6a83 d4aa 791f d8af a967 5e44 53d1 f212 40f2 93c6
+
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/bin/netpgpverify/expected38
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected38 Tue Oct 23 15:00:56 2012 +0000
@@ -0,0 +1,7 @@
+Good signature for in1.asc made Sun Oct 21 15:47:58 2012
+signature 3072/DSA 263fe78562e2fc7e 2012-10-21
+fingerprint: d2e5 07b6 5d59 33d3 9c8d a618 263f e785 62e2 fc7e
+uid David Armstrong (Test DSA key - do not use) <dsa%dsa.com@localhost>
+encryption 2048/Elgamal (Encrypt Only) 53d1f21240f293c6 2012-10-21 [Expiry 2014-10-21]
+fingerprint: 6a83 d4aa 791f d8af a967 5e44 53d1 f212 40f2 93c6
+
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/bin/netpgpverify/expected39
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected39 Tue Oct 23 15:00:56 2012 +0000
@@ -0,0 +1,7 @@
+Good signature for [stdin] made Sun Oct 21 15:47:58 2012
+signature 3072/DSA 263fe78562e2fc7e 2012-10-21
+fingerprint: d2e5 07b6 5d59 33d3 9c8d a618 263f e785 62e2 fc7e
+uid David Armstrong (Test DSA key - do not use) <dsa%dsa.com@localhost>
+encryption 2048/Elgamal (Encrypt Only) 53d1f21240f293c6 2012-10-21 [Expiry 2014-10-21]
+fingerprint: 6a83 d4aa 791f d8af a967 5e44 53d1 f212 40f2 93c6
+
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/bin/netpgpverify/expected40
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected40 Tue Oct 23 15:00:56 2012 +0000
@@ -0,0 +1,6 @@
+# $NetBSD: expected40,v 1.1.2.1 2012/10/23 15:00:57 agc Exp $
+
+SUBDIR+= lib .WAIT
+SUBDIR+= bin
+
+.include <bsd.subdir.mk>
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/bin/netpgpverify/expected41
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected41 Tue Oct 23 15:00:56 2012 +0000
@@ -0,0 +1,6 @@
+# $NetBSD: expected41,v 1.1.2.1 2012/10/23 15:00:57 agc Exp $
+
+SUBDIR+= lib .WAIT
+SUBDIR+= bin
+
+.include <bsd.subdir.mk>
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/bin/netpgpverify/expected42
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected42 Tue Oct 23 15:00:56 2012 +0000
@@ -0,0 +1,6 @@
+# $NetBSD: expected42,v 1.1.2.1 2012/10/23 15:00:57 agc Exp $
+
+SUBDIR+= lib .WAIT
+SUBDIR+= bin
+
+.include <bsd.subdir.mk>
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/bin/netpgpverify/expected43
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/netpgp/bin/netpgpverify/expected43 Tue Oct 23 15:00:56 2012 +0000
@@ -0,0 +1,6 @@
+# $NetBSD: expected43,v 1.1.2.1 2012/10/23 15:00:57 agc Exp $
+
+SUBDIR+= lib .WAIT
+SUBDIR+= bin
+
+.include <bsd.subdir.mk>
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3
--- a/crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3 Mon Oct 22 08:35:13 2012 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3 Tue Oct 23 15:00:56 2012 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: libnetpgpverify.3,v 1.1.2.3 2012/10/20 06:01:57 agc Exp $
+.\" $NetBSD: libnetpgpverify.3,v 1.1.2.4 2012/10/23 15:00:56 agc Exp $
.\"
.\" Copyright (c) 2012 Alistair Crooks <agc%NetBSD.org@localhost>
.\" All rights reserved.
@@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd October 20, 2012
+.Dd October 21, 2012
.Dt LIBNETPGPVERIFY 3
.Os
.Sh NAME
@@ -37,13 +37,13 @@
.Fo pgpv_read_pubring
.Fa "pgpv_t *pgp" "const char *keyring"
.Fc
-.Ft int
+.Ft size_t
.Fo pgpv_verify
.Fa "pgpv_cursor_t *cursor" "pgpv_t *pgp" "const void *ptr" "ssize_t size"
.Fc
.Ft size_t
.Fo pgpv_get_verified
-.Fa "pgpv_cursor_t *cursor" "unsigned entry" "char **ret"
+.Fa "pgpv_cursor_t *cursor" "size_t cookie " "char **ret"
.Fc
.Ft size_t
.Fo pgpv_get_entry
@@ -79,9 +79,13 @@
.Dv -1
whilst a positive size signals that the pointer value should be that
of signed memory.
+.Fn pgpv_verify
+returns a cookie if the ignature was verified, or 0 if it did not.
+This cookie can subsequently be used to retrieve the data which
+was verified.
.Pp
If the signature does match, then the file or memory can be considered as being
-verified as being unmodified.
+verified as being unmodified and unchanged, integrally sound.
.Pp
Signatures have validity dates on them, and it is possible for a signature to
have expired when it is being checked.
@@ -99,7 +103,8 @@
function is used.
Arguments to
.Fn pgpv_get_verified
-are the entry number of the verification, and the returned data and its size.
+are the cookie returned from the verification, and a buffer
+allocated for the returned data and its size.
If an error occurs, or the signature is not verified, a zero value is returned
for the size.
.Nm
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/dist/src/libverify/libverify.c
--- a/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c Mon Oct 22 08:35:13 2012 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c Tue Oct 23 15:00:56 2012 +0000
@@ -1105,7 +1105,7 @@
pkt.mement = (uint8_t)(mem - ARRAY_ARRAY(pgp->areas));
pkt.s.data = &mem->mem[mem->cc];
if (strchr(mem->allowed, pkt.tag) == NULL) {
- printf("packet %d not allowed\n", pkt.tag);
+ printf("packet %d not allowed for operation %s\n", pkt.tag, pgp->op);
return 0;
}
size = pkt.s.size;
@@ -2010,7 +2010,7 @@
}
/* verify the signed packets we have */
-int
+size_t
pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size)
{
pgpv_signature_t *signature;
@@ -2101,9 +2101,9 @@
if (key_expired(pubkey, cursor->why, sizeof(cursor->why))) {
return 0;
}
- ARRAY_APPEND(cursor->datacookies, (unsigned)pkt);
+ ARRAY_APPEND(cursor->datacookies, pkt);
ARRAY_APPEND(cursor->found, primary);
- return 1;
+ return pkt + 1;
}
/* set up the pubkey keyring */
@@ -2118,7 +2118,7 @@
/* get verified data as a string, return its size */
size_t
-pgpv_get_verified(pgpv_cursor_t *cursor, unsigned ent, char **ret)
+pgpv_get_verified(pgpv_cursor_t *cursor, size_t cookie, char **ret)
{
pgpv_litdata_t *litdata;
uint8_t *data;
@@ -2126,11 +2126,10 @@
size_t pkt;
*ret = NULL;
- if (cursor == NULL || ent >= ARRAY_COUNT(cursor->datacookies)) {
+ if (cursor == NULL || cookie == 0) {
return 0;
}
- pkt = ARRAY_ELEMENT(cursor->datacookies, ent);
- if ((pkt = find_onepass(cursor, pkt)) == 0) {
+ if ((pkt = find_onepass(cursor, cookie - 1)) == 0) {
return 0;
}
litdata = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt).u.litdata;
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/dist/src/libverify/verify.h
--- a/crypto/external/bsd/netpgp/dist/src/libverify/verify.h Mon Oct 22 08:35:13 2012 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/libverify/verify.h Tue Oct 23 15:00:56 2012 +0000
@@ -247,7 +247,7 @@
char *value; /* value we're searching for */
void *ptr; /* for regexps etc */
PGPV_ARRAY(uint32_t, found); /* array of matched subscripts */
- PGPV_ARRAY(uint32_t, datacookies); /* cookies to retrieve matched data */
+ PGPV_ARRAY(size_t, datacookies); /* cookies to retrieve matched data */
int64_t sigtime; /* time of signature */
char why[128]; /* reason for bad signature */
} pgpv_cursor_t;
@@ -266,8 +266,8 @@
int pgpv_read_pubring(pgpv_t */*pgp*/, const char */*keyring*/);
-int pgpv_verify(pgpv_cursor_t */*cursor*/, pgpv_t */*pgp*/, const void */*mem/file*/, ssize_t /*size*/);
-size_t pgpv_get_verified(pgpv_cursor_t */*cursor*/, unsigned /*ent*/, char **/*ret*/);
+size_t pgpv_verify(pgpv_cursor_t */*cursor*/, pgpv_t */*pgp*/, const void */*mem/file*/, ssize_t /*size*/);
+size_t pgpv_get_verified(pgpv_cursor_t */*cursor*/, size_t /*cookie*/, char **/*ret*/);
size_t pgpv_get_entry(pgpv_t */*pgp*/, unsigned /*ent*/, char **/*ret*/);
diff -r 120240fb9716 -r f22804092466 crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c Mon Oct 22 08:35:13 2012 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/main.c Tue Oct 23 15:00:56 2012 +0000
@@ -87,16 +87,17 @@
/* verify memory or file */
static int
-verify_data(pgpv_t *pgp, const char *cmd, const char *inname, char *in, size_t cc, unsigned n)
+verify_data(pgpv_t *pgp, const char *cmd, const char *inname, char *in, ssize_t cc)
{
pgpv_cursor_t cursor;
size_t size;
+ size_t cookie;
char *data;
memset(&cursor, 0x0, sizeof(cursor));
if (strcasecmp(cmd, "cat") == 0) {
- if (pgpv_verify(&cursor, pgp, in, cc)) {
- if ((size = pgpv_get_verified(&cursor, ARRAY_ELEMENT(cursor.datacookies, n), &data)) > 0) {
+ if ((cookie = pgpv_verify(&cursor, pgp, in, cc)) != 0) {
+ if ((size = pgpv_get_verified(&cursor, cookie, &data)) > 0) {
printf("%.*s", (int)size, data);
}
return 1;
@@ -131,7 +132,7 @@
cmd = NULL;
Home |
Main Index |
Thread Index |
Old Index