to get the krb5 GSS functions. gssapi/gssapi_krb5.h should be included.
[this is necesary for the next Heimdal upgrade as krb5.h inclusion is no
longer effective.]
revision 1.11
date: 2010/04/02 15:25:04; author: christos; state: Exp;
make it obvious to grep that ctime is being checked.
and
revision 1.10
date: 2010/04/02 15:23:17; author: christos; state: Exp;
handle ctime returning NULL.
revision 1.7
date: 2010/01/24 16:45:57; author: christos; state: Exp;
make the window size function return the lines and columns
variables separately instead of depending on the existance
of struct winsize. Technically I should bump the library
version or version the symbol, but nothing seems to use
this outside the library!
We should review this logic and come up with a better way to do this as
now that there are DNS SRV RRs for locating KDCs, the lack of a config
does not imply that Kerberos should be turned off.
Instead, document saslc_sess_getmech().
* Add FUNCTIONS and describe the functions in a list for readability.
* Sort SYNOPSIS in the order of appearance in FUNCTIONS.
* Split couple of long paragraphs for readability.
* Split the code example into EXAMPLES.
* Add missing prototypes to SYNOPSIS.
* Small markup improvements.
No contextual change.
for weak references. GCC 4.2+ and Clang require static, older GCC wants
extern. Change __weak_reference to include sym. This requires changes
the existing users to not reuse the name of the symbol, but avoids
further differences between GCC 4.1 and GCC 4.2+/clang.
SASLC_PROP_SERVICENAME ("SERVICENAME")
to
SASLC_PROP_SERVNAME ("SERVNAME")
Hopefully this will avoid confusion with SASLC_PROP_SERVICE ("SERVICE").
SERVNAME is also closer to the name used in the RFC2831 ("serv-name").
(Discussed with christos@.)
Change the hash parameters to keep that collision-less after the above
name change.
While here, go back to using .Sh in the manpage for unknown section
headers as the PostScript output from .Ss is slightly different.
(Discussed with wiz@.)
1) Fix a memory leak in cipher_context_create().
2) Fix a goof in the construction of the digest-uri.
3) Allow SASLC_PROP_SERVICENAME to be a hostname qualified comma
delimited list of service names to select from and update the manpage
to reflect this.
4) Make libsaslc.3 pass mdoclint(1).
Make this library work.
- several API changes (see the manpage)
- take care to match the spec (hopefully)
- deal with comma delimited lists more systematically
- addition of the DIGEST-MD5 security layer
- syslog messages including debugging messages
- many coding simplifications, changes, rewrites, and additions (i.e.,
stuff I can't recall at the moment)
- rewrite the manpage
The API changes have been heavily influenced by hooking this up to
postfix(1).
The ANONYMOUS, LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, and GSSAPI
authentication mechanisms have been tested and shown to work for
authentication with a postfix(1) server using the cyrus-sasl library.
(A postfix(1) libsaslc(3) client wrapper was used for the testing and
will be committed separately.)
The EXTERNAL authentication mechanism should work (it is pretty
simple), but it has not been tested with any servers.
The security layers of DIGEST-MD5 and GSSAPI have also not been tested
with any servers. Do any SMTP servers really support these security
layers? Postfix with cyrus-sasl does not, either as a client or
server, even though the cyrus-sasl library has support for the layers.
The new DIGEST-MD5 security layer encode/decode routines have been
tested against themselves (not terribly useful), but nothing else. As
they use the openssl EVP_* routines (which aren't well documented) to
do the cryptography, the "auth-conf" layer may or may not actually
match the rfc2831 standard. The "auth-int" layer is much more likely
to be in compliance.
Note: I have left support for a version of AES in the DIGEST-MD5 code
even though it is not part of rfc2831 (May 2000). This flavor of AES
was in a later draft (June 2003) that was included in the cyrus-sasl
distribution, but changed to a different flavor of AES in subsequent
drafts (and DES disappeared). AFAIKT, none of those drafts have been
accepted; the last I could find expired in Sept 2007. rfc2831 is
still listed as standards track. The AES support is very minor (some
table entries and a few lines of code to construct the IV) and I was
asked to leave it for now.
Hopefully there are not too many bugs, memory leaks, or
spelling/grammar errors. My apologies in advance.
BTW, if you would prefer to use cyrus-sasl, install it (e.g., from
pkgsrc), and then rebuild postfix with HAVE_CYRUS_SASL defined.
+ minor changes to free resources in error cases
+ update return values from some functions
+ wrap some long lines
+ more tests
+ add length argument to digest functions
an additional minor fix to make this build, and to libsaslc.3 man
page, by myself.
Fix a flaw in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored session cache
ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one
on subsequent connections. See
http://www.openssl.org/news/secadv_20101202.txt
(CVE-2010-4180)
external/lib/Makefile and crypto/external/lib/Makefile, replacing
them all with SUBDIRs directly from lib/Makefile.
compat/compatsubdirs.mk becomes simpler now, as everything is built
from lib/Makefile, meaning all the libraries will now be built under
compat so update the set lists to account for that.
--numtries=<attempts> option to netpgp(1) to provide the maximum
number of attempts to retrieve the correct passphrase when signing or
decrypting, and use it in libnetpgp(3). The default number of
attempts is 3, and a value of "unlimited" will loop until the correct
passphrase has been entered.
- Put roaming_dummy.c in libssh.a to satisfy linking needs for most programs
other than ssh and sshd. ssh and sshd override the shared library (and static
library) functions by linking in their own copy of the roaming functions.
- Bump libssh major.
- Fix compilation issue in evp hash buffer.
- Updated OpenSSH-HPN to hpn13v10
- Added OpenSSH-LPK patches to retrive pubkey from LDAP
- Replaced arc4random_buf() (which is not available on NetBSD) with arc4random
- Disabled roaming reconnect (otherwise: problem with undef symbols in libssh)
+ use plain SHA1 for session key s2k negotiation
+ don't warn on some conditions when inflating (reading a compressed file)
since the conditions don't hold for partial block lengths
+ prompt for a passphrase when generating a new key - used in the upcoming
secret-sharing functionality for netpgp
+ add support for partial blocks, defined in rfc 4880, and used fairly
extensively by gnupg where the input size may not be known in advance
(e.g. for encrypted compressed data, as produced by default by gpg -e)
with their header files, it seems - insight from the tor project mailing
list).
And just so that the search engines can find it:
> In file included from ssh2pgp.c:39:
> /usr/include/arpa/inet.h:74: warning: 'struct in_addr' declared inside parameter list
> /usr/include/arpa/inet.h:74: warning: its scope is only this definition or declaration, which is probably not what you want
> /usr/include/arpa/inet.h:75: warning: 'struct in_addr' declared inside parameter list
> *** Error code 1
is fixed by including <netinet/in.h> before <arpa/inet.h> - found after a
long-distance debug session with Anthony Bentley - thanks!
Elgamal decryption code from Postgresql by Marko Kreen.
% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% netpgp -d < f.gpg > f.netpgp
netpgp: default key set to "d4a643c5"
signature 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
encryption 2048/Elgamal (Encrypt-Only) a97a7db6d727bc1e 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% ls -al f*
-rw-r--r-- 1 agc agc 5730 Nov 6 23:53 f
-rw------- 1 agc agc 1727 Nov 6 23:53 f.gpg
-rw-r--r-- 1 agc agc 5730 Nov 6 23:54 f.netpgp
% diff f f.netpgp
%
This makes DSA keys into first class citizens, since encryption and
decryption using DSA/Elgamal is now supported.
code is inspired by the (BSD-licensed) Elgamal crypto code in
Postgresql by Marko Kreen, but netpgp uses BIGNUM numbers instead of
MPIs, and its keys have a completely different structure, so much has
changed.
% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% gpg -d f.gpg > f2
You need a passphrase to unlock the secret key for
user: "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
2048-bit ELG-E key, ID D727BC1E, created 2010-05-19 (main key ID D4A643C5)
gpg: encrypted with 2048-bit ELG-E key, ID D727BC1E, created 2010-05-19
"Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
% diff f f2
% ls -al f*
-rw-r--r-- 1 agc agc 5730 Nov 6 05:40 f
-rw------- 1 agc agc 1727 Nov 6 05:40 f.gpg
-rw-r--r-- 1 agc agc 5730 Nov 6 05:41 f2
%
in the GNU autoconf infrastructure with ltmain.sh script - change all
occurrences of "$echo" to "$ECHO".
(Incidentally, this does not show up under pkgsrc, since pkgsrc uses
the platform's libtool instead of the script which comes with the
distribution)
``When netpgp thinks (even for a little while, even if it
should change its mind almost immediately) that it's
processing a detached signature, it sends a message to that
effect to io->outs.
This kind of interferes with "netpgp --cat" :)''
Use io->errs instead of io->outs for the informational message.
The patch fixes two problems when verifying a clearsigned message:
- a copy/paste error - "litdata" should be "cleartext"
- a use of an uninitialized variable, resulting in freeing
an uninitialized pointer on the stack... resulting in a segfault
+ add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm)
as specified in RFC 5581
+ add the camellia cipher implementation from openssl
initialisation. return an error if allocation failed.
modify symmetric key initialisation function signature to return an
indication of success or failure.
get rid of one-time typedef for function definitions; their indirection
does not add any extra insight, and just obfuscates the declarations.
Fixes an error reported by Anthony Bentley when compiling on OpenBSD,
which apparently lacks bzlib.h (and bz2).
Tests run to completion successfully both with and without bz2 being
available.
+ when writing out the key as an ssh key, don't include the user id
information at the end, in-line with expectations about standard ssh
key formats
+ since the signing key changed its "menu line" entry from "pub" to
"signature", the offset of the key id moved 7 chars to the right, so
take this into consideration when generating new keys
by Oliver Gould in
http://www.olix0r.net/PubKeyAccessAuthScheme.txt
This implementation includes an example client and server program, but
is not (yet) hooked into the build.
To quote from Oliver's RFC:
HTTP services are a core Internet technology, yet the Digest
authentication scheme provided by RFC 2617 only describes
authentication by way of shared-secrets (i.e. passwords).
This model has operational drawbacks, as authenticating
services are required to have access to a user's secret (or a
hash thereof), or retrograde technologies, such as cookies,
are employed.
Similarly to SSH's "publickey" authentication method [RFC
4252], the PubKey Access Authentication scheme allows an HTTP
server to authenticate clients using public key credentials.
Like the Digest Access Authentication Scheme [RFC 2617], the
PubKey.v1 scheme is based on a simple challenge-response
paradigm. The PubKey scheme responds to unauthorized clients
with a challenge value; and a valid response contains a
cryptographic signature of client's id, the authentication
realm, and the server's challenge.
The client's secret never leaves the client. The server
verifies the client's signed authorization request with the
client's published public keys.
libpaa(3) uses libnetpgp(3) for its digital signatures, SHA1Init(3)
for digests, and base64 encoding for transmission of data.
+ add a pretty print function mj_pretty(3) to libmj
+ added netpgp_write_sshkey(3) to libnetpgp
+ added pgp2ssh(1)
+ added preliminary support for ElGamal decryption, needed for DSA keys
as yet untested, unworking, and a WIP
+ add support for using all ssh keys, even those protected by a passphrase,
for decryption and signing. This rounds off ssh key file support in netpgp.
+ add a single character alias [-S file] for [--sshkeyfile file] to
netpgpkeys(1) and netpgp(1)
As far as ssh key file support goes, see the following example:
% cp configure a
% netpgp -S ~/.ssh/id_rsa.pub -e a
% netpgp -S ~/.ssh/id_rsa.pub -d a.gpg
Enter PEM pass phrase:
% ls -al a a.gpg
-rwxr-xr-x 1 agc agc 758398 Sep 7 05:38 a
-rw------- 1 agc agc 156886 Sep 7 05:38 a.gpg
%
in ssh format. In combination with hkpd (using ssh key files), this utility
can be used to distribute ssh pubkey files to remote computers using the
HKP protocol.
Add a C HKP client.
Provide reachover Makefiles for each, but do not hook them up to the build
just yet.
The HKP client and server can be embedded in other programs.
+ be smarter when checking for a null id
+ add test for rubbish being returned when listing specific keys in netpgpkeys(1)
+ take the public key from the pubring, not the secring when exporting
keys
+ allow hkpd to serve ssh keys in pgp format
+ test on whether a seckey is needed, not on a userid needed, for ssh keys
setoption() function, probably best to return one
+ check for a valid entry in the JSON array instead of trusting that
we have one
+ if there is no JSON value to print, don't print it
+ if we've set the keyring from an ssh key file, then we're using ssh
keys - no need to set that value separately. This means that
% netpgpkeys --sshkeyfile ~/.ssh/id_test.pub -l
1 key found
signature 2048/RSA (Encrypt or Sign) 8368881b3b9832ec 2010-08-26
Key fingerprint: 3abd bf38 33a5 1f87 d704 ad42 8368 881b 3b98 32ec
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/home/agc/.ssh/id_test.pub) <agc@osx-vm1.crowthorne.alistaircrooks.co.uk>
%
lists ssh pubkeys properly, no need for other tautological arguments
+ add single character options to netpgp(1) and netpgpkeys(1)
+ add -o long-option(=value)? options to netpgp(1) and netpgpkeys(1)
+ add some small preparations for using the first subkey for encryption
(much more to follow)
+ recognise ascii-armoured encrypted messages properly, in memory and
in files
+ print error message and exit for now when trying to encrypt with a DSA key
+ fix bug reported by dyoung when trying to print out the encryption key
fingerprint
we're ELF now, and there are many missing checks against OBJECT_FMT.
if we ever consider switching, the we can figure out what new ones
we need but for now it's just clutter.
this doesn't remove any of the support for exec_aout or any actually
required-for-boot a.out support, only the ability to build a netbsd
release in a.out format. ie, most of this code has been dead for
over a decade.
i've tested builds on vax, amd64, i386, mac68k, macppc, sparc, atari,
amiga, shark, cats, dreamcast, landisk, mmeye and x68k. this covers
the 5 MACHINE_ARCH's affected, and all the other arch code touched.
it also includes some actual run-time testing of sparc, i386 and
shark, and i performed binary comparison upon amiga and x68k as well.
some minor details relevant:
- move shlib.[ch] from ld.aout_so into ldconfig proper, and cut them
down to only the parts ldconfig needs
- remove various unused source files
- switch amiga bootblocks to using elf2bb.h instead of aout2bb.h
+ make ssh fingerprints (md5) match netpgp listing
+ use the more functional hexdump function from ssh2pgp in place of the
older hexdump function from openpgpsdk
+ pass hash type down from command line where needed
+ add test for netpgp/ssh key fingerprint matching
+ make netpgpkeys(1) take a --hash= option
With these changes, netpgp can be made to generate the same fingerprint as
openssh (by default, ssh-keygen(1) uses an md5 digest)
% /usr/bin/netpgpkeys --ssh-keys --sshkeyfile=/etc/ssh/ssh_host_rsa_key.pub --list-keys --hash=md5
1 key
pub 1024/RSA (Encrypt or Sign) fcdd1c608bef4c4b 2008-08-11
Key fingerprint: e935 902d ebf1 76ba fcdd 1c60 8bef 4c4b
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk>
% ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
1024 e9:35:90:2d:eb:f1:76:ba:fc:dd:1c:60:8b:ef:4c:4b /etc/ssh/ssh_host_rsa_key.pub (RSA)
%
Changes since 3.99.2:
+ avoid possible free() of new value passed to netpgp_setvar(),
with thanks to Anon Ymous.
+ netpgpkeys(1): print keys to stdout, not stderr - reported by Anon
Ymous.
+ fix DSA signatures and verification
+ simplify and shorten the internals of packet processing by getting rid of
the intermediate pseudo-abstraction layer, which detracted from understanding
and had no benefit whatsoever. Rename some enums and some definitions.
+ add some checking to new key generation, and don't try to read in
the keys after writing them - reported by Tyler Retzlaff
don't try to re-read the key after writing it - that's done by a separate
function. Problem found by Tyler Retzlaff, fixed in a different way.
check that keyrings are non-NULL before attempting to free them - from a
nudge by Tyler Retzlaff.
advance its counter if it's non-NULL.
Regression test for this is:
netpgpkeys --list-key '\.de\>'
with my standard keyring (to list all keys which have at least one subuid
with a German email address).
verify functionality was useful, but the time has come to learn lessons
and move on.
Replace the trimmed down code with a call to the verification code from
libnetpgp(3).
The DSA algorithm seems to require a digest value which is 20 bytes
long, which kind of implies SHA-1.
If we have a DSA signature, use SHA-1 as a hash algorithm, for backwards
compatibility. RSA signatures continue to use SHA256 by default, although
this can be given as an argument, if desired.
This fixes DSA signatures with netpgp:
% netpgp --sign --userid d4a643c5 a
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% netpgp --verify a.gpg
Good signature for a.gpg made Tue May 18 05:41:25 2010
using DSA key 8222c3ecd4a643c5
pub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
sub 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
%
