SASLC_PROP_SERVICENAME ("SERVICENAME")
to
SASLC_PROP_SERVNAME ("SERVNAME")
Hopefully this will avoid confusion with SASLC_PROP_SERVICE ("SERVICE").
SERVNAME is also closer to the name used in the RFC2831 ("serv-name").
(Discussed with christos@.)
Change the hash parameters to keep that collision-less after the above
name change.
While here, go back to using .Sh in the manpage for unknown section
headers as the PostScript output from .Ss is slightly different.
(Discussed with wiz@.)
1) Fix a memory leak in cipher_context_create().
2) Fix a goof in the construction of the digest-uri.
3) Allow SASLC_PROP_SERVICENAME to be a hostname qualified comma
delimited list of service names to select from and update the manpage
to reflect this.
4) Make libsaslc.3 pass mdoclint(1).
Make this library work.
- several API changes (see the manpage)
- take care to match the spec (hopefully)
- deal with comma delimited lists more systematically
- addition of the DIGEST-MD5 security layer
- syslog messages including debugging messages
- many coding simplifications, changes, rewrites, and additions (i.e.,
stuff I can't recall at the moment)
- rewrite the manpage
The API changes have been heavily influenced by hooking this up to
postfix(1).
The ANONYMOUS, LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, and GSSAPI
authentication mechanisms have been tested and shown to work for
authentication with a postfix(1) server using the cyrus-sasl library.
(A postfix(1) libsaslc(3) client wrapper was used for the testing and
will be committed separately.)
The EXTERNAL authentication mechanism should work (it is pretty
simple), but it has not been tested with any servers.
The security layers of DIGEST-MD5 and GSSAPI have also not been tested
with any servers. Do any SMTP servers really support these security
layers? Postfix with cyrus-sasl does not, either as a client or
server, even though the cyrus-sasl library has support for the layers.
The new DIGEST-MD5 security layer encode/decode routines have been
tested against themselves (not terribly useful), but nothing else. As
they use the openssl EVP_* routines (which aren't well documented) to
do the cryptography, the "auth-conf" layer may or may not actually
match the rfc2831 standard. The "auth-int" layer is much more likely
to be in compliance.
Note: I have left support for a version of AES in the DIGEST-MD5 code
even though it is not part of rfc2831 (May 2000). This flavor of AES
was in a later draft (June 2003) that was included in the cyrus-sasl
distribution, but changed to a different flavor of AES in subsequent
drafts (and DES disappeared). AFAIKT, none of those drafts have been
accepted; the last I could find expired in Sept 2007. rfc2831 is
still listed as standards track. The AES support is very minor (some
table entries and a few lines of code to construct the IV) and I was
asked to leave it for now.
Hopefully there are not too many bugs, memory leaks, or
spelling/grammar errors. My apologies in advance.
BTW, if you would prefer to use cyrus-sasl, install it (e.g., from
pkgsrc), and then rebuild postfix with HAVE_CYRUS_SASL defined.
+ minor changes to free resources in error cases
+ update return values from some functions
+ wrap some long lines
+ more tests
+ add length argument to digest functions
an additional minor fix to make this build, and to libsaslc.3 man
page, by myself.
Fix a flaw in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored session cache
ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one
on subsequent connections. See
http://www.openssl.org/news/secadv_20101202.txt
(CVE-2010-4180)
external/lib/Makefile and crypto/external/lib/Makefile, replacing
them all with SUBDIRs directly from lib/Makefile.
compat/compatsubdirs.mk becomes simpler now, as everything is built
from lib/Makefile, meaning all the libraries will now be built under
compat so update the set lists to account for that.
--numtries=<attempts> option to netpgp(1) to provide the maximum
number of attempts to retrieve the correct passphrase when signing or
decrypting, and use it in libnetpgp(3). The default number of
attempts is 3, and a value of "unlimited" will loop until the correct
passphrase has been entered.
- Put roaming_dummy.c in libssh.a to satisfy linking needs for most programs
other than ssh and sshd. ssh and sshd override the shared library (and static
library) functions by linking in their own copy of the roaming functions.
- Bump libssh major.
- Fix compilation issue in evp hash buffer.
- Updated OpenSSH-HPN to hpn13v10
- Added OpenSSH-LPK patches to retrive pubkey from LDAP
- Replaced arc4random_buf() (which is not available on NetBSD) with arc4random
- Disabled roaming reconnect (otherwise: problem with undef symbols in libssh)
+ use plain SHA1 for session key s2k negotiation
+ don't warn on some conditions when inflating (reading a compressed file)
since the conditions don't hold for partial block lengths
+ prompt for a passphrase when generating a new key - used in the upcoming
secret-sharing functionality for netpgp
+ add support for partial blocks, defined in rfc 4880, and used fairly
extensively by gnupg where the input size may not be known in advance
(e.g. for encrypted compressed data, as produced by default by gpg -e)
with their header files, it seems - insight from the tor project mailing
list).
And just so that the search engines can find it:
> In file included from ssh2pgp.c:39:
> /usr/include/arpa/inet.h:74: warning: 'struct in_addr' declared inside parameter list
> /usr/include/arpa/inet.h:74: warning: its scope is only this definition or declaration, which is probably not what you want
> /usr/include/arpa/inet.h:75: warning: 'struct in_addr' declared inside parameter list
> *** Error code 1
is fixed by including <netinet/in.h> before <arpa/inet.h> - found after a
long-distance debug session with Anthony Bentley - thanks!
Elgamal decryption code from Postgresql by Marko Kreen.
% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% netpgp -d < f.gpg > f.netpgp
netpgp: default key set to "d4a643c5"
signature 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
encryption 2048/Elgamal (Encrypt-Only) a97a7db6d727bc1e 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% ls -al f*
-rw-r--r-- 1 agc agc 5730 Nov 6 23:53 f
-rw------- 1 agc agc 1727 Nov 6 23:53 f.gpg
-rw-r--r-- 1 agc agc 5730 Nov 6 23:54 f.netpgp
% diff f f.netpgp
%
This makes DSA keys into first class citizens, since encryption and
decryption using DSA/Elgamal is now supported.
code is inspired by the (BSD-licensed) Elgamal crypto code in
Postgresql by Marko Kreen, but netpgp uses BIGNUM numbers instead of
MPIs, and its keys have a completely different structure, so much has
changed.
% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% gpg -d f.gpg > f2
You need a passphrase to unlock the secret key for
user: "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
2048-bit ELG-E key, ID D727BC1E, created 2010-05-19 (main key ID D4A643C5)
gpg: encrypted with 2048-bit ELG-E key, ID D727BC1E, created 2010-05-19
"Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
% diff f f2
% ls -al f*
-rw-r--r-- 1 agc agc 5730 Nov 6 05:40 f
-rw------- 1 agc agc 1727 Nov 6 05:40 f.gpg
-rw-r--r-- 1 agc agc 5730 Nov 6 05:41 f2
%
in the GNU autoconf infrastructure with ltmain.sh script - change all
occurrences of "$echo" to "$ECHO".
(Incidentally, this does not show up under pkgsrc, since pkgsrc uses
the platform's libtool instead of the script which comes with the
distribution)
``When netpgp thinks (even for a little while, even if it
should change its mind almost immediately) that it's
processing a detached signature, it sends a message to that
effect to io->outs.
This kind of interferes with "netpgp --cat" :)''
Use io->errs instead of io->outs for the informational message.
The patch fixes two problems when verifying a clearsigned message:
- a copy/paste error - "litdata" should be "cleartext"
- a use of an uninitialized variable, resulting in freeing
an uninitialized pointer on the stack... resulting in a segfault
+ add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm)
as specified in RFC 5581
+ add the camellia cipher implementation from openssl
initialisation. return an error if allocation failed.
modify symmetric key initialisation function signature to return an
indication of success or failure.
get rid of one-time typedef for function definitions; their indirection
does not add any extra insight, and just obfuscates the declarations.
Fixes an error reported by Anthony Bentley when compiling on OpenBSD,
which apparently lacks bzlib.h (and bz2).
Tests run to completion successfully both with and without bz2 being
available.
+ when writing out the key as an ssh key, don't include the user id
information at the end, in-line with expectations about standard ssh
key formats
+ since the signing key changed its "menu line" entry from "pub" to
"signature", the offset of the key id moved 7 chars to the right, so
take this into consideration when generating new keys
by Oliver Gould in
http://www.olix0r.net/PubKeyAccessAuthScheme.txt
This implementation includes an example client and server program, but
is not (yet) hooked into the build.
To quote from Oliver's RFC:
HTTP services are a core Internet technology, yet the Digest
authentication scheme provided by RFC 2617 only describes
authentication by way of shared-secrets (i.e. passwords).
This model has operational drawbacks, as authenticating
services are required to have access to a user's secret (or a
hash thereof), or retrograde technologies, such as cookies,
are employed.
Similarly to SSH's "publickey" authentication method [RFC
4252], the PubKey Access Authentication scheme allows an HTTP
server to authenticate clients using public key credentials.
Like the Digest Access Authentication Scheme [RFC 2617], the
PubKey.v1 scheme is based on a simple challenge-response
paradigm. The PubKey scheme responds to unauthorized clients
with a challenge value; and a valid response contains a
cryptographic signature of client's id, the authentication
realm, and the server's challenge.
The client's secret never leaves the client. The server
verifies the client's signed authorization request with the
client's published public keys.
libpaa(3) uses libnetpgp(3) for its digital signatures, SHA1Init(3)
for digests, and base64 encoding for transmission of data.
+ add a pretty print function mj_pretty(3) to libmj
+ added netpgp_write_sshkey(3) to libnetpgp
+ added pgp2ssh(1)
+ added preliminary support for ElGamal decryption, needed for DSA keys
as yet untested, unworking, and a WIP
+ add support for using all ssh keys, even those protected by a passphrase,
for decryption and signing. This rounds off ssh key file support in netpgp.
+ add a single character alias [-S file] for [--sshkeyfile file] to
netpgpkeys(1) and netpgp(1)
As far as ssh key file support goes, see the following example:
% cp configure a
% netpgp -S ~/.ssh/id_rsa.pub -e a
% netpgp -S ~/.ssh/id_rsa.pub -d a.gpg
Enter PEM pass phrase:
% ls -al a a.gpg
-rwxr-xr-x 1 agc agc 758398 Sep 7 05:38 a
-rw------- 1 agc agc 156886 Sep 7 05:38 a.gpg
%
in ssh format. In combination with hkpd (using ssh key files), this utility
can be used to distribute ssh pubkey files to remote computers using the
HKP protocol.
Add a C HKP client.
Provide reachover Makefiles for each, but do not hook them up to the build
just yet.
The HKP client and server can be embedded in other programs.
+ be smarter when checking for a null id
+ add test for rubbish being returned when listing specific keys in netpgpkeys(1)
+ take the public key from the pubring, not the secring when exporting
keys
+ allow hkpd to serve ssh keys in pgp format
+ test on whether a seckey is needed, not on a userid needed, for ssh keys
setoption() function, probably best to return one
+ check for a valid entry in the JSON array instead of trusting that
we have one
+ if there is no JSON value to print, don't print it
+ if we've set the keyring from an ssh key file, then we're using ssh
keys - no need to set that value separately. This means that
% netpgpkeys --sshkeyfile ~/.ssh/id_test.pub -l
1 key found
signature 2048/RSA (Encrypt or Sign) 8368881b3b9832ec 2010-08-26
Key fingerprint: 3abd bf38 33a5 1f87 d704 ad42 8368 881b 3b98 32ec
uid osx-vm1.crowthorne.alistaircrooks.co.uk (/home/agc/.ssh/id_test.pub) <agc@osx-vm1.crowthorne.alistaircrooks.co.uk>
%
lists ssh pubkeys properly, no need for other tautological arguments
+ add single character options to netpgp(1) and netpgpkeys(1)
+ add -o long-option(=value)? options to netpgp(1) and netpgpkeys(1)
+ add some small preparations for using the first subkey for encryption
(much more to follow)
