Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CHANGES 1.99.1 -> 1.99.2

Browse Source 
+ various minor cleanups
+ fix longstanding pasto where the key server preference packets are
  displayed with the correct ptag information
+ up until now, there has been an asymmetry in the command line
  options for netpgp(1) - whilst a file may have signature information
  added to it with the "--sign" command, there has been no way to
  retrieve the contents of the file without the signature.  The new
  "--cat" option does this (there are synonyms of "--verify-show" and
  "--verify-cat") - the signature is verified, and if it matches, the
  original contents of the file are sent to the output file (which
  defaults to stdout, and can be set with the --output option on the
  command line).  If the signature does not match, there is no output,
  and an EXIT_FAILURE code is returned.
+ revamped netpgp(1) to make it clear what commands are available, how
  these commands relate to each other, and which commands take custom
  options
This commit is contained in:
agc 2009-05-21 00:33:31 +00:00
parent 5f33bcda52
commit 648b5a9919
23 changed files with 396 additions and 249 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/external/bsd/netpgp/dist/TODO vendored
View File

@ -1,7 +1,8 @@
To Do
=====
64-bit offsets
separate verify program
separate from libcrypto?
64-bit offsets
need a netpgp_set_{pub,sec}key()? vs _init()?
default compression when signing?
get rid of ops_memory after used literal_data_body
@ -54,3 +55,4 @@ hash algorithm selection
detached verification
RCS Ids
Look at inefficiencies - read() etc
cat command to display a verified file without signature

18
crypto/external/bsd/netpgp/dist/configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.63 for netpgp 20090518.
# Generated by GNU Autoconf 2.63 for netpgp 20090520.
#
# Report bugs to <Alistair Crooks <agc@netbsd.org> c0596823>.
#
@ -596,8 +596,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
# Identity of this package.
PACKAGE_NAME='netpgp'
PACKAGE_TARNAME='netpgp'
PACKAGE_VERSION='20090518'
PACKAGE_STRING='netpgp 20090518'
PACKAGE_VERSION='20090520'
PACKAGE_STRING='netpgp 20090520'
PACKAGE_BUGREPORT='Alistair Crooks <agc@netbsd.org> c0596823'
ac_unique_file="src/bin/netpgp.c"
@ -1268,7 +1268,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures netpgp 20090518 to adapt to many kinds of systems.
\`configure' configures netpgp 20090520 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1338,7 +1338,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of netpgp 20090518:";;
short | recursive ) echo "Configuration of netpgp 20090520:";;
esac
cat <<\_ACEOF
@ -1418,7 +1418,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
netpgp configure 20090518
netpgp configure 20090520
generated by GNU Autoconf 2.63
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@ -1432,7 +1432,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by netpgp $as_me 20090518, which was
It was created by netpgp $as_me 20090520, which was
generated by GNU Autoconf 2.63. Invocation command line was
$ $0 $@
@ -6161,7 +6161,7 @@ exec 6>&1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by netpgp $as_me 20090518, which was
This file was extended by netpgp $as_me 20090520, which was
generated by GNU Autoconf 2.63. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -6220,7 +6220,7 @@ Report bugs to <bug-autoconf@gnu.org>."
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_version="\\
netpgp config.status 20090518
netpgp config.status 20090520
configured by $0, generated by GNU Autoconf 2.63,
with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"

4
crypto/external/bsd/netpgp/dist/configure.ac vendored
View File

@ -1,7 +1,7 @@
dnl $Id: configure.ac,v 1.8 2009/05/19 05:13:09 agc Exp $
dnl $Id: configure.ac,v 1.9 2009/05/21 00:33:31 agc Exp $
dnl Process this file with autoconf to produce a configure script.
AC_PREREQ(2.57)
AC_INIT([netpgp],[20090518],[Alistair Crooks <agc@netbsd.org> c0596823])
AC_INIT([netpgp],[20090520],[Alistair Crooks <agc@netbsd.org> c0596823])
AC_CONFIG_SRCDIR([src/bin/netpgp.c])
AC_CONFIG_HEADER(src/lib/config.h)
AC_ARG_PROGRAM

211
crypto/external/bsd/netpgp/dist/src/bin/netpgp.1 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: netpgp.1,v 1.9 2009/05/16 06:30:38 agc Exp $
.\" $NetBSD: netpgp.1,v 1.10 2009/05/21 00:33:31 agc Exp $
.\"
.\" Copyright (c) 2009 The NetBSD Foundation, Inc.
.\" All rights reserved.
@ -27,35 +27,78 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd May 15, 2009
.Dd May 20, 2009
.Dt NETPGP 1
.Os
.Sh NAME
.Nm netpgp
.Nd signing, verification, encryption, and decryption utility
.Sh SYNOPSIS
.Nm netpgp
.Op Fl Fl armour
.Op Fl Fl clearsign
.Op Fl Fl decrypt
.Op Fl Fl detached
.Op Fl Fl encrypt
.Op Fl Fl export-key
.Op Fl Fl find-key
.Op Fl Fl generate-key
.Op Fl Fl hash-alg Ns = Ns Ar hash-algorithm
.Op Fl Fl homedir Ns = Ns Ar home-directory
.Op Fl Fl import-key
.Op Fl Fl keyring Ns = Ns Ar keyring
.Op Fl Fl list-keys
.Op Fl Fl list-packets
.Op Fl Fl numbits Ns = Ns Ar numbits
.Op Fl Fl sign
.Op Fl Fl userid Ns = Ns Ar userid
.Op Fl Fl verbose
.Op Fl Fl verify
.Op Fl Fl version
.Nm
.Fl Fl encrypt
.Op options
.Ar file ...
.Nm
.Fl Fl decrypt
.Op options
.Ar file ...
.sp
.Nm
.Fl Fl sign
.Op Fl Fl armor
.Op Fl Fl detach
.Op Fl Fl hash Ns = Ns Ar algorithm
.Op options
.Ar file ...
.Nm
.Fl Fl verify
.Op options
.Ar file ...
.Nm
.Fl Fl cat
.Op Fl Fl output Ns = Ns Ar filename
.Op options
.Ar file ...
.Nm
.Fl Fl clearsign
.Op options
.Ar file ...
.sp
.Nm
.Fl Fl export-key ,
.Op options
.Ar file ...
.Nm
.Fl Fl find-key
.Op options
.Ar file ...
.Nm
.Fl Fl generate-key
.Op options
.Ar file ...
.Nm
.Fl Fl import-key
.Op options
.Ar file ...
.Nm
.Fl Fl list-keys
.Op options
.Ar file ...
.sp
.Nm
.Fl Fl list-packets
.Nm
.Fl Fl version
.sp
where the options for all commands are:
.sp
.Op Fl Fl homedir Ns = Ns Ar home-directory
.br
.Op Fl Fl keyring Ns = Ns Ar keyring
.br
.Op Fl Fl userid Ns = Ns Ar userid
.br
.Op Fl Fl verbose
.Sh DESCRIPTION
The
.Nm
@ -65,15 +108,41 @@ attached to files were signed by a given user identifier.
can also encrypt files using the public or private keys of
users and, in the same manner, decrypt files which were encrypted.
.Pp
For signing and encryption, a unique identity is needed.
This identity is made up of a private and public key.
The public key part is made available and known to everyone.
The private key is kept secret, and known only to the user
who created the identity.
The secret key is protected with a passphrase.
.Pp
In rough terms, a digital signature
is a digest of a file's contents,
encrypted with the user's private key.
Since together, the private and public keys identify the user
uniquely, the signature can be used to identify the exact version
of the file, and any changes made to the file will mean that the
signature no longer matches.
.Pp
As a corollary, the file can be transformed using a user's public key,
into text such that the contents can only be viewed by someone
with the corresponding private key. This is called encryption.
.Pp
The
.Nm
utility can also be used to generate a new key-pair for a user.
This key is in two parts, the public key (which can be
used by other people) and a private key.
As mentioned before,
this key is in two parts, the public key (which is known
by other people) and the private key.
.Pp
In addition to these primary uses, the third way of using
.Nm
is to maintain keyrings.
Key and keyring management commands available are:
.Fl Fl export-key ,
.Fl Fl find-key ,
.Fl Fl generate-key ,
.Fl Fl import-key , and
.Fl Fl list-keys .
Keyrings are collections of public keys belonging to other users.
By using other means of identification, it is possible to establish
the bona fides of other users.
@ -85,24 +154,51 @@ The other user will add our public key to their keyring.
Keys can be listed, exported (i.e. made available to others),
and imported (i.e. users who have signed our public key).
.Pp
One of the following commands must be present:
The
.Fl Fl list-packets
command can be used for debugging purposes.
.Pp
The following commands are used to sign and verify signatures:
.Bl -tag -width Ar
.It Fl Fl cat
The signature of the signed file named on the command line
is verified against the contents of the file itself.
If the two match, then the original contents
are sent to standard out.
If the signature does not match, no output is generated.
.It Fl Fl clearsign
The signature of the file named on the command line is calculated
in the same manner as the
.Fl Fl sign
command, but the text is added to the file such that
the text itself is not in binary format, but can be read by mere mortals.
.It Fl Fl sign
The private key is used to digitally sign the files named on the
command line.
The file and its attached signature are created with a
.Dq Pa .gpg
extension to the original file name.
The user will be prompted for their pass phrase using
.Xr getpass 3 .
.It Fl Fl verify
For each of the files named on the command line, the signature of the file
is verified, checking the contents against the user's public signature.
.El
.Pp
The following commands can be used to encrypt and decrypt files:
.Bl -tag -width Ar
.It Fl Fl decrypt
Decrypt the file using the user's private key.
The pass phrase will be optained by prompting the user
to type it in, using
.Xr getpass 3 .
.It Fl Fl detached
when signing a file, place the resulting signature in a separate
file from the one being signed.
.It Fl Fl encrypt
Use the user's public key to encrypt the files named on the command line.
.El
.Pp
In addition, key and keyring management can be done with the
following commands:
.Bl -tag -width Ar
.It Fl Fl export-key
Display the current public key in a format suitable for export.
This can be used to place the keyring on one of the
@ -130,24 +226,6 @@ Internally,
splits an encrypted or signed file into separate packets, and
this option is used to give a verbose representation
of these packets on standard output.
.It Fl Fl sign
The private key is used to digitally sign the files named on the
command line.
Extra text is added to the file.
In rough terms, this text is a digest of the file's contents,
encrypted with the user's private key.
Since together, the private and public keys identify the user
uniquely, the added text can be used to identify the exact version
of the file, and any changes made to the file will mean that the
signature no longer matches.
The file and its attached signature are created with a
.Dq Pa .gpg
extension to the original file name.
The user will be prompted for their pass phrase using
.Xr getpass 3 .
.It Fl Fl verify
For each of the files named on the command line, the signature of the file
is verified, checking the contents against the user's public signature.
.It Fl Fl version
Print the version information from the
.Xr libnetpgp 3
@ -160,6 +238,9 @@ or options may be given.
.It Fl Fl armour , Fl armor
This option, however it is spelled, wraps the signature as an
ASCII-encoded piece of text, for ease of use.
.It Fl Fl detached
when signing a file, place the resulting signature in a separate
file from the one being signed.
.It Fl Fl hash-alg Ar hash-algorithm
can be used to specify the hash algorithm (sometimes called
a digest algorithm) which is used with RSA keys when signing
@ -189,6 +270,13 @@ minimum which should be chosen at the time of writing (2009).
Due to advances in computing power every year, this number should
be reviewed, and increased when it becomes easier to factor 2048
bit numbers.
.It Fl Fl output
specifies a filename to which verified otuput from a signed file
may be redirected.
The default is to send the verified output to stdout,
and this may also be specified using the
.Dq -
value.
.It Fl Fl userid Ar userid
This option specifies the user identity to be used for all operations.
This identity can either be in the form of the full name, or as an
@ -233,10 +321,6 @@ a person's identity, and since identity theft can have
far-reaching consequences, users are strongly encouraged to
enter their pass phrases only when prompted by the application.
.Pp
The
.Fl Fl passphrase
option is deprecated, and will be removed in future versions
of the tool.
.Sh SIGNING AND VERIFICATION
Signing and verification of a file is best viewed using the following example:
.Bd -literal
@ -274,6 +358,31 @@ taking place.
The time and user identity of the signatory is displayed, followed
by a fuller description of the public key of the signatory.
In both cases, the exit value from the utility was a successful one.
.Pp
If a detached signature of a file called
.Dq a
is requested, the signature would be placed
in a file called
.Dq a.sig .
.Pp
To encrypt a file, the user's public key is used.
Subsequent decryption of the file requires that the secret
key is known.
When decrypting, the key is displayed,
and the passphrase protecting
the secret key must be typed in to access the data in the encrypted file.
.Bd -literal
% netpgp --encrypt --userid=c0596823 a
% netpgp --decrypt a.gpg
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks \*[Lt]agc@netbsd.org\*[Gt]
uid Alistair Crooks \*[Lt]agc@pkgsrc.org\*[Gt]
uid Alistair Crooks \*[Lt]agc@alistaircrooks.com\*[Gt]
uid Alistair Crooks \*[Lt]alistair@hockley-crooks.com\*[Gt]
netpgp passphrase:
%
.Ed
.Sh RETURN VALUES
The
.Nm

29
crypto/external/bsd/netpgp/dist/src/bin/netpgp.c vendored
View File

@ -103,7 +103,7 @@ enum optdefs {
SIGN,
CLEARSIGN,
VERIFY,
VERIFY_SHOW,
VERIFY_CAT,
LIST_PACKETS,
VERSION_CMD,
HELP_CMD,
@ -116,6 +116,7 @@ enum optdefs {
NUMBITS,
DETACHED,
HASH_ALG,
OUTPUT,
VERBOSE,
/* debug */
@ -139,8 +140,11 @@ static struct option options[] = {
{"sign", no_argument, NULL, SIGN},
{"clearsign", no_argument, NULL, CLEARSIGN},
{"verify", no_argument, NULL, VERIFY},
{"verify-show", no_argument, NULL, VERIFY_SHOW},
{"verifyshow", no_argument, NULL, VERIFY_SHOW},
{"cat", no_argument, NULL, VERIFY_CAT},
{"vericat", no_argument, NULL, VERIFY_CAT},
{"verify-cat", no_argument, NULL, VERIFY_CAT},
{"verify-show", no_argument, NULL, VERIFY_CAT},
{"verifyshow", no_argument, NULL, VERIFY_CAT},
{"list-packets", no_argument, NULL, LIST_PACKETS},
@ -161,6 +165,7 @@ static struct option options[] = {
{"hash", required_argument, NULL, HASH_ALG},
{"algorithm", required_argument, NULL, HASH_ALG},
{"verbose", no_argument, NULL, VERBOSE},
{"output", required_argument, NULL, OUTPUT},
/* debug */
{"debug", required_argument, NULL, OPS_DEBUG},
@ -176,6 +181,7 @@ typedef struct prog_t {
char pubring_name[MAXBUF + 1]; /* pubring filename */
char secring_name[MAXBUF + 1]; /* secret ring file */
char *progname; /* program name */
char *output; /* output file name */
int overwrite; /* overwrite files? */
int numbits; /* # of bits */
int armour; /* ASCII armor */
@ -224,8 +230,8 @@ netpgp_cmd(netpgp_t *netpgp, prog_t *p, char *f)
1, p->detached);
case VERIFY:
return netpgp_verify_file(netpgp, f, NULL, p->armour);
case VERIFY_SHOW:
return netpgp_verify_file(netpgp, f, "-", p->armour);
case VERIFY_CAT:
return netpgp_verify_file(netpgp, f, p->output, p->armour);
case LIST_PACKETS:
return netpgp_list_packets(netpgp, f, p->armour, NULL);
case HELP_CMD:
@ -268,6 +274,7 @@ main(int argc, char **argv)
p.progname = argv[0];
p.numbits = DEFAULT_NUMBITS;
p.overwrite = 1;
p.output = strdup("-"); /* default --cat to stdout */
if (argc < 2) {
print_usage(usage, p.progname);
exit(EXIT_ERROR);
@ -293,7 +300,7 @@ main(int argc, char **argv)
case SIGN:
case CLEARSIGN:
case VERIFY:
case VERIFY_SHOW:
case VERIFY_CAT:
case LIST_PACKETS:
case HELP_CMD:
p.cmd = options[optindex].val;
@ -368,6 +375,16 @@ main(int argc, char **argv)
netpgp_setvar(&netpgp, "hash", optarg);
break;
case OUTPUT:
if (optarg == NULL) {
(void) fprintf(stderr,
"No output filename argument provided\n");
exit(EXIT_ERROR);
}
(void) free(p.output);
p.output = strdup(optarg);
break;
case OPS_DEBUG:
netpgp_set_debug(optarg);
break;

4
crypto/external/bsd/netpgp/dist/src/lib/config.h vendored
View File

@ -122,13 +122,13 @@
#define PACKAGE_NAME "netpgp"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "netpgp 20090518"
#define PACKAGE_STRING "netpgp 20090520"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "netpgp"
/* Define to the version of this package. */
#define PACKAGE_VERSION "20090518"
#define PACKAGE_VERSION "20090520"
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1

6
crypto/external/bsd/netpgp/dist/src/lib/create.c vendored
View File

@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
__RCSID("$NetBSD: create.c,v 1.12 2009/05/19 05:13:10 agc Exp $");
__RCSID("$NetBSD: create.c,v 1.13 2009/05/21 00:33:31 agc Exp $");
#endif
#include <sys/types.h>
@ -103,7 +103,7 @@ __ops_write_ss_header(__ops_output_t *output,
{
return __ops_write_length(output, length) &&
__ops_write_scalar(output, (unsigned)(type -
OPS_PTAG_SIGNATURE_SUBPACKET_BASE), 1);
OPS_PTAG_SIG_SUBPKT_BASE), 1);
}
/*
@ -1273,7 +1273,7 @@ __ops_write_one_pass_sig(__ops_output_t *output,
unsigned char keyid[OPS_KEY_ID_SIZE];
__ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &seckey->pubkey);
return __ops_write_ptag(output, OPS_PTAG_CT_ONE_PASS_SIGNATURE) &&
return __ops_write_ptag(output, OPS_PTAG_CT_1_PASS_SIG) &&
__ops_write_length(output, 1 + 1 + 1 + 1 + 8 + 1) &&
__ops_write_scalar(output, 3, 1) /* version */ &&
__ops_write_scalar(output, (unsigned)sig_type, 1) &&

4
crypto/external/bsd/netpgp/dist/src/lib/crypto.c vendored
View File

@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
__RCSID("$NetBSD: crypto.c,v 1.11 2009/05/19 05:13:10 agc Exp $");
__RCSID("$NetBSD: crypto.c,v 1.12 2009/05/21 00:33:31 agc Exp $");
#endif
#include <sys/types.h>
@ -140,7 +140,7 @@ __ops_decrypt_decode_mpi(unsigned char *buf,
if (__ops_get_debug_level(__FILE__)) {
printf(" decrypted=%d ", n);
hexdump(mpibuf, (unsigned)n, "");
hexdump(stdout, mpibuf, (unsigned)n, "");
printf("\n");
}
/* Decode EME-PKCS1_V1_5 (RFC 2437). */

4
crypto/external/bsd/netpgp/dist/src/lib/keyring.c vendored
View File

@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
__RCSID("$NetBSD: keyring.c,v 1.10 2009/05/19 05:13:10 agc Exp $");
__RCSID("$NetBSD: keyring.c,v 1.11 2009/05/21 00:33:31 agc Exp $");
#endif
#ifdef HAVE_FCNTL_H
@ -947,7 +947,7 @@ __ops_keyring_list(const __ops_keyring_t * keyring)
if (__ops_is_key_secret(key)) {
__ops_print_seckeydata(key);
} else {
__ops_print_pubkeydata(key);
__ops_print_pubkeydata(stdout, key);
}
(void) fputc('\n', stdout);
}

2
crypto/external/bsd/netpgp/dist/src/lib/keyring.h vendored
View File

@ -113,7 +113,7 @@ void __ops_copy_packet(__ops_subpacket_t *, const __ops_subpacket_t *);
int __ops_parse_and_accumulate(__ops_keyring_t *, __ops_parseinfo_t *);
void __ops_print_pubkeydata(const __ops_keydata_t *);
void __ops_print_pubkeydata(FILE *, const __ops_keydata_t *);
void __ops_print_pubkey(const __ops_pubkey_t *);
void __ops_print_seckeydata(const __ops_keydata_t *);

14
crypto/external/bsd/netpgp/dist/src/lib/misc.c vendored
View File

@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
__RCSID("$NetBSD: misc.c,v 1.10 2009/05/19 05:13:10 agc Exp $");
__RCSID("$NetBSD: misc.c,v 1.11 2009/05/21 00:33:31 agc Exp $");
#endif
#include <sys/types.h>
@ -222,10 +222,10 @@ dump_one_keydata(const __ops_keydata_t * key)
unsigned n;
printf("Key ID: ");
hexdump(key->key_id, OPS_KEY_ID_SIZE, "");
hexdump(stdout, key->key_id, OPS_KEY_ID_SIZE, "");
printf("\nFingerpint: ");
hexdump(key->fingerprint.fingerprint, key->fingerprint.length, "");
hexdump(stdout, key->fingerprint.fingerprint, key->fingerprint.length, "");
printf("\n\nUIDs\n====\n\n");
for (n = 0; n < key->nuids; ++n)
@ -234,7 +234,7 @@ dump_one_keydata(const __ops_keydata_t * key)
printf("\nPackets\n=======\n");
for (n = 0; n < key->npackets; ++n) {
printf("\n%03d: ", n);
hexdump(key->packets[n].raw, key->packets[n].length, "");
hexdump(stdout, key->packets[n].raw, key->packets[n].length, "");
}
printf("\n\n");
}
@ -1049,13 +1049,13 @@ __ops_str_from_map(int type, __ops_map_t *map)
}
void
hexdump(const unsigned char *src, size_t length, const char *sep)
hexdump(FILE *fp, const unsigned char *src, size_t length, const char *sep)
{
unsigned i;
for (i = 0 ; i < length ; i += 2) {
printf("%02x", *src++);
printf("%02x%s", *src++, sep);
(void) fprintf(fp, "%02x", *src++);
(void) fprintf(fp, "%02x%s", *src++, sep);
}
}

9
crypto/external/bsd/netpgp/dist/src/lib/netpgp.c vendored
View File

@ -34,7 +34,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
__RCSID("$NetBSD: netpgp.c,v 1.14 2009/05/19 05:13:10 agc Exp $");
__RCSID("$NetBSD: netpgp.c,v 1.15 2009/05/21 00:33:31 agc Exp $");
#endif
#include <sys/types.h>
@ -112,7 +112,8 @@ conffile(netpgp_t *netpgp, char *homedir, char *userid, size_t length)
(void) memcpy(userid, &buf[(int)matchv[1].rm_so],
MIN((unsigned)(matchv[1].rm_eo -
matchv[1].rm_so), length));
printf("netpgp: default key set to \"%.*s\"\n",
(void) fprintf(stderr,
"netpgp: default key set to \"%.*s\"\n",
(int)(matchv[1].rm_eo - matchv[1].rm_so),
&buf[(int)matchv[1].rm_so]);
}
@ -164,7 +165,7 @@ psuccess(FILE *fp, char *f, __ops_validation_t *res, __ops_keyring_t *pubring)
userid_to_id(res->valid_sigs[i].signer_id, id));
pubkey = __ops_keyring_find_key_by_id(pubring,
(const unsigned char *) res->valid_sigs[i].signer_id);
__ops_print_pubkeydata(pubkey);
__ops_print_pubkeydata(fp, pubkey);
}
}
@ -404,7 +405,7 @@ netpgp_sign_file(netpgp_t *netpgp, char *userid, char *f, char *out,
}
do {
/* print out the user id */
__ops_print_pubkeydata(keypair);
__ops_print_pubkeydata(stderr, keypair);
/* get the passphrase */
get_pass_phrase(passphrase, sizeof(passphrase));
/* now decrypt key */

2
crypto/external/bsd/netpgp/dist/src/lib/netpgpdefs.h vendored
View File

@ -57,7 +57,7 @@
/* number of elements in an array */
#define OPS_ARRAY_SIZE(a) (sizeof(a)/sizeof(*(a)))
void hexdump(const unsigned char *, size_t, const char *);
void hexdump(FILE *, const unsigned char *, size_t, const char *);
const char *__ops_str_from_map(int, __ops_map_t *);

42
crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c vendored
View File

@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
__RCSID("$NetBSD: packet-parse.c,v 1.13 2009/05/19 05:13:10 agc Exp $");
__RCSID("$NetBSD: packet-parse.c,v 1.14 2009/05/21 00:33:31 agc Exp $");
#endif
#ifdef HAVE_OPENSSL_CAST_H
@ -1089,10 +1089,10 @@ __ops_parser_content_free(__ops_packet_t *c)
case OPS_PTAG_CT_COMPRESSED:
case OPS_PTAG_SS_CREATION_TIME:
case OPS_PTAG_SS_EXPIRATION_TIME:
case OPS_PTAG_SS_KEY_EXPIRATION_TIME:
case OPS_PTAG_SS_KEY_EXPIRY:
case OPS_PTAG_SS_TRUST:
case OPS_PTAG_SS_ISSUER_KEY_ID:
case OPS_PTAG_CT_ONE_PASS_SIGNATURE:
case OPS_PTAG_CT_1_PASS_SIG:
case OPS_PTAG_SS_PRIMARY_USER_ID:
case OPS_PTAG_SS_REVOCABLE:
case OPS_PTAG_SS_REVOCATION_KEY:
@ -1143,7 +1143,7 @@ __ops_parser_content_free(__ops_packet_t *c)
__ops_userid_free(&c->u.ss_signer);
break;
case OPS_PTAG_CT_USER_ATTRIBUTE:
case OPS_PTAG_CT_USER_ATTR:
__ops_userattr_free(&c->u.userattr);
break;
@ -1155,7 +1155,7 @@ __ops_parser_content_free(__ops_packet_t *c)
ss_hashpref_free(&c->u.ss_hashpref);
break;
case OPS_PTAG_SS_PREFERRED_COMPRESSION:
case OPS_PTAG_SS_PREF_COMPRESS:
ss_zpref_free(&c->u.ss_zpref);
break;
@ -1163,7 +1163,7 @@ __ops_parser_content_free(__ops_packet_t *c)
ss_key_flags_free(&c->u.ss_key_flags);
break;
case OPS_PTAG_SS_KEY_SERVER_PREFS:
case OPS_PTAG_SS_KEYSERV_PREFS:
ss_key_server_prefs_free(&c->u.ss_key_server_prefs);
break;
@ -1183,7 +1183,7 @@ __ops_parser_content_free(__ops_packet_t *c)
ss_policy_free(&c->u.ss_policy);
break;
case OPS_PTAG_SS_PREFERRED_KEY_SERVER:
case OPS_PTAG_SS_PREF_KEYSERV:
ss_keyserv_free(&c->u.ss_keyserv);
break;
@ -1456,7 +1456,7 @@ parse_userattr(__ops_region_t *region, __ops_parseinfo_t *pinfo)
if (!read_data(&pkt.u.userattr.data, region, pinfo))
return 0;
CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_USER_ATTRIBUTE, &pkt);
CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_USER_ATTR, &pkt);
return 1;
}
@ -1696,7 +1696,7 @@ parse_one_sig_subpacket(__ops_sig_t *sig,
t7 = 1 << (c & 7);
pkt.critical = (unsigned)c >> 7;
pkt.tag = OPS_PTAG_SIGNATURE_SUBPACKET_BASE + (c & 0x7f);
pkt.tag = OPS_PTAG_SIG_SUBPKT_BASE + (c & 0x7f);
/* Application wants it delivered raw */
if (pinfo->ss_raw[t8] & t7) {
@ -1713,7 +1713,7 @@ parse_one_sig_subpacket(__ops_sig_t *sig,
switch (pkt.tag) {
case OPS_PTAG_SS_CREATION_TIME:
case OPS_PTAG_SS_EXPIRATION_TIME:
case OPS_PTAG_SS_KEY_EXPIRATION_TIME:
case OPS_PTAG_SS_KEY_EXPIRY:
if (!limited_read_time(&pkt.u.ss_time.time, &subregion, pinfo))
return 0;
if (pkt.tag == OPS_PTAG_SS_CREATION_TIME) {
@ -1757,7 +1757,7 @@ parse_one_sig_subpacket(__ops_sig_t *sig,
}
break;
case OPS_PTAG_SS_PREFERRED_COMPRESSION:
case OPS_PTAG_SS_PREF_COMPRESS:
if (!read_data(&pkt.u.ss_zpref.data,
&subregion, pinfo)) {
return 0;
@ -1777,7 +1777,7 @@ parse_one_sig_subpacket(__ops_sig_t *sig,
}
break;
case OPS_PTAG_SS_KEY_SERVER_PREFS:
case OPS_PTAG_SS_KEYSERV_PREFS:
if (!read_data(&pkt.u.ss_key_server_prefs.data, &subregion,
pinfo)) {
return 0;
@ -1843,7 +1843,7 @@ parse_one_sig_subpacket(__ops_sig_t *sig,
}
break;
case OPS_PTAG_SS_PREFERRED_KEY_SERVER:
case OPS_PTAG_SS_PREF_KEYSERV:
if (!read_string(&pkt.u.ss_keyserv.name, &subregion,
pinfo)) {
return 0;
@ -2294,7 +2294,7 @@ parse_one_pass(__ops_region_t * region, __ops_parseinfo_t * pinfo)
return 0;
}
pkt.u.one_pass_sig.nested = !!c;
CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_ONE_PASS_SIGNATURE, &pkt);
CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_1_PASS_SIG, &pkt);
/* XXX: we should, perhaps, let the app choose whether to hash or not */
parse_hash_init(pinfo, pkt.u.one_pass_sig.hash_alg,
pkt.u.one_pass_sig.keyid);
@ -3236,7 +3236,7 @@ __ops_parse_packet(__ops_parseinfo_t *pinfo, unsigned long *pktlen)
ret = parse_compressed(&region, pinfo);
break;
case OPS_PTAG_CT_ONE_PASS_SIGNATURE:
case OPS_PTAG_CT_1_PASS_SIG:
ret = parse_one_pass(&region, pinfo);
break;
@ -3244,7 +3244,7 @@ __ops_parse_packet(__ops_parseinfo_t *pinfo, unsigned long *pktlen)
ret = parse_litdata(&region, pinfo);
break;
case OPS_PTAG_CT_USER_ATTRIBUTE:
case OPS_PTAG_CT_USER_ATTR:
ret = parse_userattr(&region, pinfo);
break;
@ -3379,18 +3379,18 @@ __ops_parse_options(__ops_parseinfo_t *pinfo,
for (n = 0; n < 256; ++n) {
__ops_parse_options(pinfo,
OPS_PTAG_SIGNATURE_SUBPACKET_BASE + n,
OPS_PTAG_SIG_SUBPKT_BASE + n,
type);
}
return;
}
if (tag < OPS_PTAG_SIGNATURE_SUBPACKET_BASE ||
tag > OPS_PTAG_SIGNATURE_SUBPACKET_BASE + NTAGS - 1) {
if (tag < OPS_PTAG_SIG_SUBPKT_BASE ||
tag > OPS_PTAG_SIG_SUBPKT_BASE + NTAGS - 1) {
(void) fprintf(stderr, "__ops_parse_options: bad tag\n");
return;
}
t8 = (tag - OPS_PTAG_SIGNATURE_SUBPACKET_BASE) / 8;
t7 = 1 << ((tag - OPS_PTAG_SIGNATURE_SUBPACKET_BASE) & 7);
t8 = (tag - OPS_PTAG_SIG_SUBPKT_BASE) / 8;
t7 = 1 << ((tag - OPS_PTAG_SIG_SUBPKT_BASE) & 7);
switch (type) {
case OPS_PARSE_RAW:
pinfo->ss_raw[t8] |= t7;

66
crypto/external/bsd/netpgp/dist/src/lib/packet-print.c vendored
View File

@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
__RCSID("$NetBSD: packet-print.c,v 1.11 2009/05/19 05:13:10 agc Exp $");
__RCSID("$NetBSD: packet-print.c,v 1.12 2009/05/21 00:33:31 agc Exp $");
#endif
#include <string.h>
@ -151,32 +151,22 @@ print_time(const char *name, time_t t)
}
static void
showtime_short(time_t t)
print_time_short(FILE *fp, time_t t)
{
struct tm *tm;
tm = gmtime(&t);
printf("%04d-%02d-%02d",
(void) fprintf(fp, "%04d-%02d-%02d",
tm->tm_year + 1900,
tm->tm_mon + 1,
tm->tm_mday);
}
static void
print_time_short(time_t t)
{
showtime_short(t);
}
static void
print_string_and_value(const char *name, const char *str,
unsigned char value)
print_string_and_value(const char *name, const char *str, unsigned char value)
{
print_name(name);
printf("%s", str);
printf(" (0x%x)", value);
printf("\n");
printf("%s (0x%x)\n", str, value);
}
static void
@ -219,7 +209,7 @@ print_packet_hex(const __ops_subpacket_t *pkt)
cur < (pkt->raw + pkt->length);
cur += blksz, i++) {
rem = pkt->raw + pkt->length - cur;
hexdump(cur, (rem <= blksz) ? rem : blksz, "");
hexdump(stdout, cur, (rem <= blksz) ? rem : blksz, "");
printf(" ");
if (i % 8 == 0) {
printf("\n");
@ -394,22 +384,22 @@ numkeybits(const __ops_pubkey_t *pubkey)
\param key Ptr to public key
*/
void
__ops_print_pubkeydata(const __ops_keydata_t * key)
__ops_print_pubkeydata(FILE *fp, const __ops_keydata_t * key)
{
unsigned int i;
printf("pub %d/%s ",
(void) fprintf(fp, "pub %d/%s ",
numkeybits(&key->key.pubkey),
__ops_show_pka(key->key.pubkey.alg));
hexdump(key->key_id, OPS_KEY_ID_SIZE, "");
printf(" ");
print_time_short(key->key.pubkey.birthtime);
printf("\nKey fingerprint: ");
hexdump(key->fingerprint.fingerprint, 20, " ");
printf("\n");
hexdump(fp, key->key_id, OPS_KEY_ID_SIZE, "");
(void) fprintf(fp, " ");
print_time_short(fp, key->key.pubkey.birthtime);
(void) fprintf(fp, "\nKey fingerprint: ");
hexdump(fp, key->fingerprint.fingerprint, 20, " ");
(void) fprintf(fp, "\n");
for (i = 0; i < key->nuids; i++) {
printf("uid %s\n", key->uids[i].userid);
(void) fprintf(fp, "uid %s\n",
key->uids[i].userid);
}
}
@ -474,10 +464,10 @@ __ops_print_seckeydata(const __ops_keydata_t * key)
__ops_show_pka(key->key.pubkey.alg);
printf(" ");
hexdump(key->key_id, OPS_KEY_ID_SIZE, "");
hexdump(stdout, key->key_id, OPS_KEY_ID_SIZE, "");
printf(" ");
print_time_short(key->key.pubkey.birthtime);
print_time_short(stdout, key->key.pubkey.birthtime);
printf(" ");
if (key->nuids == 1) {
@ -598,7 +588,7 @@ start_subpacket(int type)
print_indent();
printf("-- %s (type 0x%02x)\n",
__ops_show_ss_type(type),
type - OPS_PTAG_SIGNATURE_SUBPACKET_BASE);
type - OPS_PTAG_SIG_SUBPKT_BASE);
}
static void
@ -676,7 +666,7 @@ __ops_print_packet(const __ops_packet_t * pkt)
printf(" data body length=%d\n",
content->se_data_body.length);
printf(" data=");
hexdump(content->se_data_body.data,
hexdump(stdout, content->se_data_body.data,
content->se_data_body.length, "");
printf("\n");
break;
@ -766,7 +756,7 @@ __ops_print_packet(const __ops_packet_t * pkt)
(unsigned)content->compressed.type);
break;
case OPS_PTAG_CT_ONE_PASS_SIGNATURE:
case OPS_PTAG_CT_1_PASS_SIG:
print_tagname("ONE PASS SIGNATURE");
print_unsigned_int("Version",
@ -788,7 +778,7 @@ __ops_print_packet(const __ops_packet_t * pkt)
content->one_pass_sig.nested);
break;
case OPS_PTAG_CT_USER_ATTRIBUTE:
case OPS_PTAG_CT_USER_ATTR:
print_tagname("USER ATTRIBUTE");
print_hexdump("User Attribute",
content->userattr.data.contents,
@ -803,7 +793,7 @@ __ops_print_packet(const __ops_packet_t * pkt)
start_subpacket(pkt->tag);
print_unsigned_int("Raw Signature Subpacket: tag",
(unsigned)(content->ss_raw.tag -
OPS_PTAG_SIGNATURE_SUBPACKET_BASE));
OPS_PTAG_SIG_SUBPKT_BASE));
print_hexdump("Raw Data",
content->ss_raw.raw,
content->ss_raw.length);
@ -822,7 +812,7 @@ __ops_print_packet(const __ops_packet_t * pkt)
end_subpacket();
break;
case OPS_PTAG_SS_KEY_EXPIRATION_TIME:
case OPS_PTAG_SS_KEY_EXPIRY:
start_subpacket(pkt->tag);
print_duration("Key Expiration Time", content->ss_time.time);
end_subpacket();
@ -854,7 +844,7 @@ __ops_print_packet(const __ops_packet_t * pkt)
printf(", algid=0x%x",
content->ss_revocation_key.algid);
printf(", fingerprint=");
hexdump(content->ss_revocation_key.fingerprint, 20, "");
hexdump(stdout, content->ss_revocation_key.fingerprint, 20, "");
printf("\n");
end_subpacket();
break;
@ -897,7 +887,7 @@ __ops_print_packet(const __ops_packet_t * pkt)
end_subpacket();
break;
case OPS_PTAG_SS_PREFERRED_COMPRESSION:
case OPS_PTAG_SS_PREF_COMPRESS:
start_subpacket(pkt->tag);
print_data("Preferred Compression Algorithms",
&content->ss_zpref.data);
@ -919,7 +909,7 @@ __ops_print_packet(const __ops_packet_t * pkt)
end_subpacket();
break;
case OPS_PTAG_SS_KEY_SERVER_PREFS:
case OPS_PTAG_SS_KEYSERV_PREFS:
start_subpacket(pkt->tag);
print_data("Key Server Preferences",
&content->ss_key_server_prefs.data);
@ -986,7 +976,7 @@ __ops_print_packet(const __ops_packet_t * pkt)
end_subpacket();
break;
case OPS_PTAG_SS_PREFERRED_KEY_SERVER:
case OPS_PTAG_SS_PREF_KEYSERV:
start_subpacket(pkt->tag);
print_string("Preferred Key Server", content->ss_keyserv.name);
end_subpacket();

34
crypto/external/bsd/netpgp/dist/src/lib/packet-show.c vendored
View File

@ -60,7 +60,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
__RCSID("$NetBSD: packet-show.c,v 1.7 2009/05/19 05:13:10 agc Exp $");
__RCSID("$NetBSD: packet-show.c,v 1.8 2009/05/21 00:33:31 agc Exp $");
#endif
#include <stdlib.h>
@ -81,7 +81,7 @@ static __ops_map_t packet_tag_map[] =
{OPS_PTAG_CT_PK_SESSION_KEY, "Public-Key Encrypted Session Key"},
{OPS_PTAG_CT_SIGNATURE, "Signature"},
{OPS_PTAG_CT_SK_SESSION_KEY, "Symmetric-Key Encrypted Session Key"},
{OPS_PTAG_CT_ONE_PASS_SIGNATURE, "One-Pass Signature"},
{OPS_PTAG_CT_1_PASS_SIG, "One-Pass Signature"},
{OPS_PTAG_CT_SECRET_KEY, "Secret Key"},
{OPS_PTAG_CT_PUBLIC_KEY, "Public Key"},
{OPS_PTAG_CT_SECRET_SUBKEY, "Secret Subkey"},
@ -92,33 +92,33 @@ static __ops_map_t packet_tag_map[] =
{OPS_PTAG_CT_TRUST, "Trust"},
{OPS_PTAG_CT_USER_ID, "User ID"},
{OPS_PTAG_CT_PUBLIC_SUBKEY, "Public Subkey"},
{OPS_PTAG_CT_RESERVED2, "reserved"},
{OPS_PTAG_CT_RESERVED3, "reserved"},
{OPS_PTAG_CT_USER_ATTRIBUTE, "User Attribute"},
{OPS_PTAG_CT_SE_IP_DATA, "Sym. Encrypted and Integrity Protected Data"},
{OPS_PTAG_CT_RESERVED2, "reserved2"},
{OPS_PTAG_CT_RESERVED3, "reserved3"},
{OPS_PTAG_CT_USER_ATTR, "User Attribute"},
{OPS_PTAG_CT_SE_IP_DATA,
"Symmetric Encrypted and Integrity Protected Data"},
{OPS_PTAG_CT_MDC, "Modification Detection Code"},
{OPS_PARSER_PTAG, "OPS_PARSER_PTAG"},
{OPS_PTAG_RAW_SS, "OPS_PTAG_RAW_SS"},
{OPS_PTAG_SS_ALL, "OPS_PTAG_SS_ALL"},
{OPS_PARSER_PACKET_END, "OPS_PARSER_PACKET_END"},
{OPS_PTAG_SIGNATURE_SUBPACKET_BASE, "OPS_PTAG_SIGNATURE_SUBPACKET_BASE"},
{OPS_PTAG_SIG_SUBPKT_BASE, "OPS_PTAG_SIG_SUBPKT_BASE"},
{OPS_PTAG_SS_CREATION_TIME, "SS: Signature Creation Time"},
{OPS_PTAG_SS_EXPIRATION_TIME, "SS: Signature Expiration Time"},
{OPS_PTAG_SS_EXPORTABLE_CERTIFICATION, "SS: Exportable Certification"},
{OPS_PTAG_SS_EXPORT_CERT, "SS: Exportable Certification"},
{OPS_PTAG_SS_TRUST, "SS: Trust Signature"},
{OPS_PTAG_SS_REGEXP, "SS: Regular Expression"},
{OPS_PTAG_SS_REVOCABLE, "SS: Revocable"},
{OPS_PTAG_SS_KEY_EXPIRATION_TIME, "SS: Key Expiration Time"},
{OPS_PTAG_SS_KEY_EXPIRY, "SS: Key Expiration Time"},
{OPS_PTAG_SS_RESERVED, "SS: Reserved"},
{OPS_PTAG_SS_PREFERRED_SKA, "SS: Preferred Secret Key Algorithm"},
{OPS_PTAG_SS_REVOCATION_KEY, "SS: Revocation Key"},
{OPS_PTAG_SS_ISSUER_KEY_ID, "SS: Issuer Key Id"},
{OPS_PTAG_SS_NOTATION_DATA, "SS: Notation Data"},
{OPS_PTAG_SS_PREFERRED_HASH, "SS: Preferred Hash Algorithm"},
{OPS_PTAG_SS_PREFERRED_COMPRESSION, "SS: Preferred Compression Algorithm"},
{OPS_PTAG_SS_KEY_SERVER_PREFS, "SS: Key Server Preferences"},
{OPS_PTAG_SS_PREFERRED_COMPRESSION, "SS: Preferred Key Server"},
{OPS_PTAG_SS_PREF_COMPRESS, "SS: Preferred Compression Algorithm"},
{OPS_PTAG_SS_KEYSERV_PREFS, "SS: Key Server Preferences"},
{OPS_PTAG_SS_PREF_KEYSERV, "SS: Preferred Key Server"},
{OPS_PTAG_SS_PRIMARY_USER_ID, "SS: Primary User ID"},
{OPS_PTAG_SS_POLICY_URI, "SS: Policy URI"},
{OPS_PTAG_SS_KEY_FLAGS, "SS: Key Flags"},
@ -160,15 +160,15 @@ static __ops_map_t ss_type_map[] =
{OPS_PTAG_SS_TRUST, "Trust Signature"},
{OPS_PTAG_SS_REGEXP, "Regular Expression"},
{OPS_PTAG_SS_REVOCABLE, "Revocable"},
{OPS_PTAG_SS_KEY_EXPIRATION_TIME, "Key Expiration Time"},
{OPS_PTAG_SS_KEY_EXPIRY, "Key Expiration Time"},
{OPS_PTAG_SS_PREFERRED_SKA, "Preferred Symmetric Algorithms"},
{OPS_PTAG_SS_REVOCATION_KEY, "Revocation Key"},
{OPS_PTAG_SS_ISSUER_KEY_ID, "Issuer key ID"},
{OPS_PTAG_SS_NOTATION_DATA, "Notation Data"},
{OPS_PTAG_SS_PREFERRED_HASH, "Preferred Hash Algorithms"},
{OPS_PTAG_SS_PREFERRED_COMPRESSION, "Preferred Compression Algorithms"},
{OPS_PTAG_SS_KEY_SERVER_PREFS, "Key Server Preferences"},
{OPS_PTAG_SS_PREFERRED_KEY_SERVER, "Preferred Key Server"},
{OPS_PTAG_SS_PREF_COMPRESS, "Preferred Compression Algorithms"},
{OPS_PTAG_SS_KEYSERV_PREFS, "Key Server Preferences"},
{OPS_PTAG_SS_PREF_KEYSERV, "Preferred Key Server"},
{OPS_PTAG_SS_PRIMARY_USER_ID, "Primary User ID"},
{OPS_PTAG_SS_POLICY_URI, "Policy URI"},
{OPS_PTAG_SS_KEY_FLAGS, "Key Flags"},

17
crypto/external/bsd/netpgp/dist/src/lib/packet.h vendored
View File

@ -175,7 +175,7 @@ typedef enum {
OPS_PTAG_CT_SIGNATURE = 2, /* Signature Packet */
OPS_PTAG_CT_SK_SESSION_KEY = 3, /* Symmetric-Key Encrypted Session
* Key Packet */
OPS_PTAG_CT_ONE_PASS_SIGNATURE = 4, /* One-Pass Signature
OPS_PTAG_CT_1_PASS_SIG = 4, /* One-Pass Signature
* Packet */
OPS_PTAG_CT_SECRET_KEY = 5, /* Secret Key Packet */
OPS_PTAG_CT_PUBLIC_KEY = 6, /* Public Key Packet */
@ -189,7 +189,7 @@ typedef enum {
OPS_PTAG_CT_PUBLIC_SUBKEY = 14, /* Public Subkey Packet */
OPS_PTAG_CT_RESERVED2 = 15, /* reserved */
OPS_PTAG_CT_RESERVED3 = 16, /* reserved */
OPS_PTAG_CT_USER_ATTRIBUTE = 17, /* User Attribute Packet */
OPS_PTAG_CT_USER_ATTR = 17, /* User Attribute Packet */
OPS_PTAG_CT_SE_IP_DATA = 18, /* Sym. Encrypted and Integrity
* Protected Data Packet */
OPS_PTAG_CT_MDC = 19, /* Modification Detection Code Packet */
@ -203,7 +203,7 @@ typedef enum {
/* signature subpackets (0x200-2ff) (type+0x200) */
/* only those we can parse are listed here */
OPS_PTAG_SIGNATURE_SUBPACKET_BASE = 0x200, /* Base for signature
OPS_PTAG_SIG_SUBPKT_BASE = 0x200, /* Base for signature
* subpacket types - All
* signature type values
* are relative to this
@ -212,12 +212,11 @@ typedef enum {
OPS_PTAG_SS_EXPIRATION_TIME = 0x200 + 3, /* signature
* expiration time */
OPS_PTAG_SS_EXPORTABLE_CERTIFICATION = 0x200 + 4, /* exportable
* certification */
OPS_PTAG_SS_EXPORT_CERT = 0x200 + 4, /* exportable certification */
OPS_PTAG_SS_TRUST = 0x200 + 5, /* trust signature */
OPS_PTAG_SS_REGEXP = 0x200 + 6, /* regular expression */
OPS_PTAG_SS_REVOCABLE = 0x200 + 7, /* revocable */
OPS_PTAG_SS_KEY_EXPIRATION_TIME = 0x200 + 9, /* key expiration
OPS_PTAG_SS_KEY_EXPIRY = 0x200 + 9, /* key expiration
* time */
OPS_PTAG_SS_RESERVED = 0x200 + 10, /* reserved */
OPS_PTAG_SS_PREFERRED_SKA = 0x200 + 11, /* preferred symmetric
@ -227,12 +226,12 @@ typedef enum {
OPS_PTAG_SS_NOTATION_DATA = 0x200 + 20, /* notation data */
OPS_PTAG_SS_PREFERRED_HASH = 0x200 + 21, /* preferred hash
* algs */
OPS_PTAG_SS_PREFERRED_COMPRESSION = 0x200 + 22, /* preferred
OPS_PTAG_SS_PREF_COMPRESS = 0x200 + 22, /* preferred
* compression
* algorithms */
OPS_PTAG_SS_KEY_SERVER_PREFS = 0x200 + 23, /* key server
OPS_PTAG_SS_KEYSERV_PREFS = 0x200 + 23, /* key server
* preferences */
OPS_PTAG_SS_PREFERRED_KEY_SERVER = 0x200 + 24, /* Preferred Key
OPS_PTAG_SS_PREF_KEYSERV = 0x200 + 24, /* Preferred Key
* Server */
OPS_PTAG_SS_PRIMARY_USER_ID = 0x200 + 25, /* primary User ID */
OPS_PTAG_SS_POLICY_URI = 0x200 + 26, /* Policy URI */

4
crypto/external/bsd/netpgp/dist/src/lib/reader.c vendored
View File

@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
__RCSID("$NetBSD: reader.c,v 1.12 2009/05/16 06:30:38 agc Exp $");
__RCSID("$NetBSD: reader.c,v 1.13 2009/05/21 00:33:32 agc Exp $");
#endif
#include <sys/types.h>
@ -2217,7 +2217,7 @@ get_passphrase_cb(const __ops_packet_t *pkt, __ops_callback_data_t *cbinfo)
if (cbinfo->cryptinfo.keydata == NULL) {
(void) fprintf(stderr, "get_passphrase_cb: NULL keydata\n");
} else {
__ops_print_pubkeydata(cbinfo->cryptinfo.keydata);
__ops_print_pubkeydata(stderr, cbinfo->cryptinfo.keydata);
}
switch (pkt->tag) {
case OPS_PARSER_CMD_GET_SK_PASSPHRASE:

62
crypto/external/bsd/netpgp/dist/src/lib/signature.c vendored
View File

@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
__RCSID("$NetBSD: signature.c,v 1.13 2009/05/19 05:13:10 agc Exp $");
__RCSID("$NetBSD: signature.c,v 1.14 2009/05/21 00:33:32 agc Exp $");
#endif
#include <sys/types.h>
@ -85,16 +85,14 @@ __RCSID("$NetBSD: signature.c,v 1.13 2009/05/19 05:13:10 agc Exp $");
#include "validate.h"
#include "netpgpdefs.h"
#define MAXBUF 1024 /* <! Standard buffer size to use */
/** \ingroup Core_Create
* needed for signature creation
*/
struct __ops_create_sig {
struct __ops_create_sig_t {
__ops_hash_t hash;
__ops_sig_t sig;
__ops_memory_t *mem;
__ops_output_t *output;/* !< how to do the writing */
__ops_output_t *output; /* how to do the writing */
unsigned hashoff; /* hashed count offset */
unsigned hashlen;
unsigned unhashoff;
@ -355,11 +353,8 @@ rsa_verify(__ops_hash_alg_t type,
}
printf("\n");
}
if (memcmp(&hashbuf_from_sig[n], prefix, plen) != 0 ||
memcmp(&hashbuf_from_sig[n + plen], hash, hash_length) != 0) {
return 0;
}
return 1;
return (memcmp(&hashbuf_from_sig[n], prefix, plen) == 0 &&
memcmp(&hashbuf_from_sig[n + plen], hash, hash_length) == 0);
}
static void
@ -427,7 +422,7 @@ __ops_check_sig(const unsigned char *hash, unsigned length,
if (__ops_get_debug_level(__FILE__)) {
printf("__ops_check_sig: (length %d) hash=", length);
hexdump(hash, length, "");
hexdump(stdout, hash, length, "");
}
ret = 0;
switch (sig->info.key_alg) {
@ -485,10 +480,10 @@ finalise_sig(__ops_hash_t * hash,
* \return 1 if OK; else 0
*/
unsigned
__ops_check_useridcert_sig(const __ops_pubkey_t * key,
const __ops_userid_t * id,
const __ops_sig_t * sig,
const __ops_pubkey_t * signer,
__ops_check_useridcert_sig(const __ops_pubkey_t *key,
const __ops_userid_t *id,
const __ops_sig_t *sig,
const __ops_pubkey_t *signer,
const unsigned char *raw_packet)
{
__ops_hash_t hash;
@ -550,10 +545,10 @@ __ops_check_userattrcert_sig(const __ops_pubkey_t * key,
* \return 1 if OK; else 0
*/
unsigned
__ops_check_subkey_sig(const __ops_pubkey_t * key,
const __ops_pubkey_t * subkey,
const __ops_sig_t * sig,
const __ops_pubkey_t * signer,
__ops_check_subkey_sig(const __ops_pubkey_t *key,
const __ops_pubkey_t *subkey,
const __ops_sig_t *sig,
const __ops_pubkey_t *signer,
const unsigned char *raw_packet)
{
__ops_hash_t hash;
@ -576,9 +571,9 @@ __ops_check_subkey_sig(const __ops_pubkey_t * key,
* \return 1 if OK; else 0
*/
unsigned
__ops_check_direct_sig(const __ops_pubkey_t * key,
const __ops_sig_t * sig,
const __ops_pubkey_t * signer,
__ops_check_direct_sig(const __ops_pubkey_t *key,
const __ops_sig_t *sig,
const __ops_pubkey_t *signer,
const unsigned char *raw_packet)
{
__ops_hash_t hash;
@ -610,7 +605,7 @@ __ops_check_hash_sig(__ops_hash_t *hash,
}
static void
start_sig_in_mem(__ops_create_sig_t * sig)
start_sig_in_mem(__ops_create_sig_t *sig)
{
/* since this has subpackets and stuff, we have to buffer the whole */
/* thing to get counts before writing. */
@ -726,12 +721,10 @@ __ops_sig_add_data(__ops_create_sig_t *sig, const void *buf, size_t length)
*/
unsigned
__ops_end_hashed_subpkts(__ops_create_sig_t * sig)
__ops_end_hashed_subpkts(__ops_create_sig_t *sig)
{
sig->hashlen = __ops_mem_len(sig->mem)
- sig->hashoff - 2;
__ops_memory_place_int(sig->mem, sig->hashoff,
sig->hashlen, 2);
sig->hashlen = __ops_mem_len(sig->mem) - sig->hashoff - 2;
__ops_memory_place_int(sig->mem, sig->hashoff, sig->hashlen, 2);
/* dummy unhashed subpacket count */
sig->unhashoff = __ops_mem_len(sig->mem);
return __ops_write_scalar(sig->output, 0, 2);
@ -751,7 +744,7 @@ __ops_end_hashed_subpkts(__ops_create_sig_t * sig)
unsigned
__ops_write_sig(__ops_output_t *output,
__ops_create_sig_t * sig,
__ops_create_sig_t *sig,
const __ops_pubkey_t *key,
const __ops_seckey_t *seckey)
{
@ -764,16 +757,14 @@ __ops_write_sig(__ops_output_t *output,
case OPS_PKA_RSA_ENCRYPT_ONLY:
case OPS_PKA_RSA_SIGN_ONLY:
if (seckey->key.rsa.d == NULL) {
(void) fprintf(stderr,
"__ops_write_sig: null rsa.d\n");
(void) fprintf(stderr, "__ops_write_sig: null rsa.d\n");
return 0;
}
break;
case OPS_PKA_DSA:
if (seckey->key.dsa.x == NULL) {
(void) fprintf(stderr,
"__ops_write_sig: null dsa.x\n");
(void) fprintf(stderr, "__ops_write_sig: null dsa.x\n");
return 0;
}
break;
@ -786,7 +777,7 @@ __ops_write_sig(__ops_output_t *output,
if (sig->hashlen == (unsigned) -1) {
(void) fprintf(stderr,
"ops_write_sig: bad hashed data len\n");
"ops_write_sig: bad hashed data len\n");
return 0;
}
@ -862,7 +853,8 @@ __ops_write_sig(__ops_output_t *output,
unsigned
__ops_add_birthtime(__ops_create_sig_t * sig, time_t when)
{
return __ops_write_ss_header(sig->output, 5, OPS_PTAG_SS_CREATION_TIME) &&
return __ops_write_ss_header(sig->output, 5,
OPS_PTAG_SS_CREATION_TIME) &&
__ops_write_scalar(sig->output, (unsigned)when, 4);
}

2
crypto/external/bsd/netpgp/dist/src/lib/signature.h vendored
View File

@ -57,7 +57,7 @@
#include "create.h"
#include "memory.h"
typedef struct __ops_create_sig __ops_create_sig_t;
typedef struct __ops_create_sig_t __ops_create_sig_t;
__ops_create_sig_t *__ops_create_sig_new(void);
void __ops_create_sig_delete(__ops_create_sig_t *);

85
crypto/external/bsd/netpgp/dist/src/lib/validate.c vendored
View File

@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
__RCSID("$NetBSD: validate.c,v 1.12 2009/05/19 05:13:10 agc Exp $");
__RCSID("$NetBSD: validate.c,v 1.13 2009/05/21 00:33:32 agc Exp $");
#endif
#include <sys/types.h>
@ -68,6 +68,10 @@ __RCSID("$NetBSD: validate.c,v 1.12 2009/05/19 05:13:10 agc Exp $");
#include <unistd.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#include "packet-parse.h"
#include "packet-show.h"
#include "keyring.h"
@ -80,13 +84,17 @@ __RCSID("$NetBSD: validate.c,v 1.12 2009/05/19 05:13:10 agc Exp $");
#include "crypto.h"
#include "validate.h"
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
/* Does the signed hash match the given hash? */
static unsigned
static unsigned
check_binary_sig(const unsigned len,
const unsigned char *data,
const __ops_sig_t *sig,
const __ops_pubkey_t *signer)
const unsigned char *data,
const __ops_sig_t *sig,
const __ops_pubkey_t *signer)
{
unsigned char hashout[OPS_MAX_HASH_SIZE];
unsigned char trailer[6];
@ -118,11 +126,11 @@ check_binary_sig(const unsigned len,
trailer[3] = hashedlen >> 16;
trailer[4] = hashedlen >> 8;
trailer[5] = hashedlen;
hash.add(&hash, &trailer[0], 6);
hash.add(&hash, trailer, 6);
break;
default:
fprintf(stderr, "Invalid signature version %d\n",
(void) fprintf(stderr, "Invalid signature version %d\n",
sig->info.version);
return 0;
}
@ -245,7 +253,7 @@ __ops_validate_key_cb(const __ops_packet_t *pkt, __ops_callback_data_t *cbinfo)
key->last_seen = ID;
return OPS_KEEP_MEMORY;
case OPS_PTAG_CT_USER_ATTRIBUTE:
case OPS_PTAG_CT_USER_ATTR:
if (content->userattr.data.len == 0) {
(void) fprintf(stderr,
"__ops_validate_key_cb: user attribute length 0");
@ -420,7 +428,7 @@ validate_data_cb(const __ops_packet_t *pkt, __ops_callback_data_t *cbinfo)
printf("\n");
printf(" type=%02x signer_id=",
content->sig.info.type);
hexdump(content->sig.info.signer_id,
hexdump(stdout, content->sig.info.signer_id,
sizeof(content->sig.info.signer_id), "");
printf("\n");
}
@ -461,8 +469,6 @@ validate_data_cb(const __ops_packet_t *pkt, __ops_callback_data_t *cbinfo)
}
__ops_memory_free(data->mem);
if (valid) {
add_sig_to_list(&content->sig.info,
&data->result->valid_sigs,
@ -481,7 +487,7 @@ validate_data_cb(const __ops_packet_t *pkt, __ops_callback_data_t *cbinfo)
case OPS_PTAG_CT_SIGNATURE_HEADER:
case OPS_PTAG_CT_ARMOUR_HEADER:
case OPS_PTAG_CT_ARMOUR_TRAILER:
case OPS_PTAG_CT_ONE_PASS_SIGNATURE:
case OPS_PTAG_CT_1_PASS_SIG:
break;
case OPS_PARSER_PACKET_END:
@ -649,8 +655,8 @@ __ops_validate_file(__ops_validation_t *result,
validate_data_cb_t validation;
__ops_parseinfo_t *parse = NULL;
struct stat st;
unsigned ret;
int64_t sigsize;
char *filename;
char origfile[MAXPATHLEN];
char *detachname;
int outfd = 0;
@ -684,19 +690,6 @@ __ops_validate_file(__ops_validation_t *result,
validation.detachname = detachname;
/* setup output filename */
filename = NULL;
if (outfile) {
if (strcmp(outfile, "-") == 0) {
outfile = NULL;
}
outfd = __ops_setup_file_write(&parse->cbinfo.output, NULL, 0);
if (outfd < 0) {
__ops_teardown_file_read(parse, infd);
return 0;
}
}
/* Set verification reader and handling options */
validation.result = result;
validation.keyring = keyring;
@ -719,7 +712,44 @@ __ops_validate_file(__ops_validation_t *result,
}
__ops_teardown_file_read(parse, infd);
return validate_result_status(result);
ret = validate_result_status(result);
/* this is triggered only for --cat output */
if (outfile) {
/* need to send validated output somewhere */
if (strcmp(outfile, "-") == 0) {
outfd = STDOUT_FILENO;
} else {
outfd = open(outfile, O_WRONLY | O_CREAT, 0666);
}
if (outfd < 0) {
/* even if the signature was good, we can't
* write the file, so send back a bad return
* code */
ret = 0;
} else if (validate_result_status(result)) {
unsigned len;
char *cp;
int i;
len = __ops_mem_len(validation.mem);
cp = __ops_mem_data(validation.mem);
for (i = 0 ; i < (int)len ; i += cc) {
cc = write(outfd, &cp[i], len - i);
if (cc < 0) {
(void) fprintf(stderr,
"netpgp: short write\n");
ret = 0;
break;
}
}
if (strcmp(outfile, "-") != 0) {
(void) close(outfd);
}
}
}
__ops_memory_free(validation.mem);
return ret;
}
/**
@ -769,6 +799,7 @@ __ops_validate_mem(__ops_validation_t *result,
__ops_reader_pop_dearmour(pinfo);
}
__ops_teardown_memory_read(pinfo, mem);
__ops_memory_free(validation.mem);
return validate_result_status(result);
}

2
crypto/external/bsd/netpgp/dist/src/lib/version.h vendored
View File

@ -58,7 +58,7 @@
#endif
/* development versions have .99 suffix */
#define NETPGP_BASE_VERSION "1.99.1"
#define NETPGP_BASE_VERSION "1.99.2"
#define NETPGP_VERSION_CAT(a, b) "NetPGP portable " a "/[" b "]"
#define NETPGP_VERSION_STRING \

20
crypto/external/bsd/netpgp/dist/tst vendored
View File

@ -11,31 +11,37 @@ env USETOOLS=no MAKEOBJDIRPREFIX=/usr/obj/i386 sh -c 'cd ../bin && \
echo "======> sign/verify 180938 file"
cp configure a
/usr/bin/netpgp --sign a
/usr/bin/netpgp --verify a.gpg
/usr/bin/netpgp --verify a.gpg && echo "[Verified OK]"
echo "======> attempt to verify an unsigned file"
/usr/bin/netpgp --verify a
/usr/bin/netpgp --verify a && echo "[Verified OK]"
echo "======> encrypt/decrypt 10809 file"
cp src/bin/netpgp.1 b
/usr/bin/netpgp --encrypt b
/usr/bin/netpgp --decrypt b.gpg
diff src/bin/netpgp.1 b && echo "No differences found"
diff src/bin/netpgp.1 b && echo "[No differences found]"
echo "======> encrypt/decrypt 180938 file"
cp configure c
/usr/bin/netpgp --encrypt c
/usr/bin/netpgp --decrypt c.gpg
diff configure c && echo "No differences found"
diff configure c && echo "[No differences found]"
echo "======> encrypt/decrypt bigass file"
cat configure configure configure configure configure configure > d
ls -l d
cp d e
/usr/bin/netpgp --encrypt d
/usr/bin/netpgp --decrypt d.gpg
diff e d && echo "No differences found"
diff e d && echo "[No differences found]"
echo "======> sign/verify detached signature file"
cat configure configure configure configure configure configure > f
/usr/bin/netpgp --sign --detached f
ls -l f f.sig
/usr/bin/netpgp --verify f.sig
/usr/bin/netpgp --verify f.sig && echo "[Verified OK]"
echo "======> cat signature - verified cat command"
/usr/bin/netpgp --cat a.gpg > a2
diff a a2 && echo "[No differences found]"
echo "======> another cat signature - verified cat command"
/usr/bin/netpgp --cat --output=a3 a.gpg
diff a a3 && echo "[No differences found]"
echo "======> version information"
/usr/bin/netpgp --version
rm -f a a.gpg b b.gpg c c.gpg d d.gpg e f f.sig
rm -f a a.gpg b b.gpg c c.gpg d d.gpg e f f.sig a2 a3