Commit Graph

1970 Commits

Author SHA1 Message Date
agc
6b3f11714a There were still some throwbacks with the prefix '_ops' - rectify that to
be the standard "pgp_" - no functional change.
2010-11-15 08:56:30 +00:00
agc
e2c60ad188 Don't prefix function names with "pgp_" if the functions are static. 2010-11-15 08:50:32 +00:00
agc
451e742596 Use a regular expression to match the various ASCII-armoured headers we
may encounter - fixes PR 44074 from Peter Pentchev in a different way.
2010-11-15 08:27:40 +00:00
agc
05e6b0bbe6 Changes to help with netpgp key generation and interoperability:
+ use plain SHA1 for session key s2k negotiation
+ don't warn on some conditions when inflating (reading a compressed file)
  since the conditions don't hold for partial block lengths
+ prompt for a passphrase when generating a new key - used in the upcoming
  secret-sharing functionality for netpgp
2010-11-15 08:03:39 +00:00
tteras
939a5bdbb6 isakmp_post_acquire is now called from admin commands too, add a flag so
admin commands can be used to establish even passive links on demand.
2010-11-12 10:36:37 +00:00
tteras
fafea48525 Purge all IPsec-SA's if the last main ISAKMP-SA for the node is deleted
by remote request and the phase1 rekeying is enabled (this will also
trigger the new phase1_dead script hook).
2010-11-12 09:11:37 +00:00
tteras
3d7d638a63 Improve DPD sequence checks to allow any reply within valid sequence window
to be proof of livelyness. This can improves things if there's random
packet delays, or if racoon is not getting enough CPU time.
2010-11-12 09:09:47 +00:00
tteras
731159f704 Extern admin protocol to allow reply packets to exceed 64kb. E.g SA dumps
with many established SAs can be easily over the limit.
2010-11-12 09:08:26 +00:00
agc
b2d38cefdf Bring the netpgpverify(1) manual page into line with current output, etc.
With thanks to Jeremy Reed for the fixes.
2010-11-11 04:51:18 +00:00
agc
98c5ed6b49 make this compile on amd64: clean up a debug statement, pointed out by jak 2010-11-11 01:08:26 +00:00
agc
b0df0a2281 Changes to 3.99.15/20101110
+ add support for partial blocks, defined in rfc 4880, and used fairly
extensively by gnupg where the input size may not be known in advance
(e.g. for encrypted compressed data, as produced by default by gpg -e)
2010-11-11 00:58:04 +00:00
agc
2e1539dfc7 Rename internal ops-ssh.h header file to ssh2pgp.h to better reflect its
use.
2010-11-07 21:41:38 +00:00
agc
67149907d3 Fix a build problem on OpenBSD (we're not the only one who has trouble
with their header files, it seems - insight from the tor project mailing
list).

And just so that the search engines can find it:

> In file included from ssh2pgp.c:39:
> /usr/include/arpa/inet.h:74: warning: 'struct in_addr' declared inside parameter list
> /usr/include/arpa/inet.h:74: warning: its scope is only this definition or declaration, which is probably not what you want
> /usr/include/arpa/inet.h:75: warning: 'struct in_addr' declared inside parameter list
> *** Error code 1

is fixed by including <netinet/in.h> before <arpa/inet.h> - found after a
long-distance debug session with Anthony Bentley - thanks!
2010-11-07 21:16:00 +00:00
agc
fc1f8641b7 Take the internal functions and definitions back out of the implementation
namespace:

	:g/\<__ops/s//pgp/g
	:g/\<__OPS/s//__PGP/g
	:g/\<OPS/s//PGP/g

No functional change, regression tests complete successfully.
2010-11-07 08:39:59 +00:00
agc
3184965a25 Elgamal encryption and decryption has been done - take it off the list of
tasks to do.
2010-11-07 07:34:27 +00:00
agc
c2430ca2f9 Add Elgamal decryption to netpgp. Inspired by (BSD-licensed) the
Elgamal decryption code from Postgresql by Marko Kreen.

% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% netpgp -d < f.gpg > f.netpgp
netpgp: default key set to "d4a643c5"
signature  1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid              Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
encryption 2048/Elgamal (Encrypt-Only) a97a7db6d727bc1e 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% ls -al f*
-rw-r--r--  1 agc  agc  5730 Nov  6 23:53 f
-rw-------  1 agc  agc  1727 Nov  6 23:53 f.gpg
-rw-r--r--  1 agc  agc  5730 Nov  6 23:54 f.netpgp
% diff f f.netpgp
%

This makes DSA keys into first class citizens, since encryption and
decryption using DSA/Elgamal is now supported.
2010-11-07 06:56:52 +00:00
agc
37d8b79b30 Add the ability to perform Elgamal encryption to netpgp. Some of this
code is inspired by the (BSD-licensed) Elgamal crypto code in
Postgresql by Marko Kreen, but netpgp uses BIGNUM numbers instead of
MPIs, and its keys have a completely different structure, so much has
changed.

% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% gpg -d f.gpg > f2

You need a passphrase to unlock the secret key for
user: "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
2048-bit ELG-E key, ID D727BC1E, created 2010-05-19 (main key ID D4A643C5)

gpg: encrypted with 2048-bit ELG-E key, ID D727BC1E, created 2010-05-19
      "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
% diff f f2
% ls -al f*
-rw-r--r--  1 agc  agc  5730 Nov  6 05:40 f
-rw-------  1 agc  agc  1727 Nov  6 05:40 f.gpg
-rw-r--r--  1 agc  agc  5730 Nov  6 05:41 f2
%
2010-11-07 02:29:28 +00:00
agc
83b45ea713 specify the libmj.la archive as a pre-req for libnetpgp.la in the
correct way - tested on RHEL 6 and Mac OS X.
2010-11-06 03:42:59 +00:00
agc
aaec28fcb2 re-run automake to pick up changes to Makefile.am files. 2010-11-06 00:14:35 +00:00
agc
243b0fa9b8 Avoid specifying the manual page twice in the Makefile.am files, which
can lead to problems at installation time on some platforms (RHEL 6,
for example), whereas Mac OS X seems to install things fine.
2010-11-06 00:03:32 +00:00
agc
6ca3cd6172 Apply the patch provided in PR 44047 by Peter Pentchev to fix a problem
in the GNU autoconf infrastructure with ltmain.sh script - change all
occurrences of "$echo" to "$ECHO".

(Incidentally, this does not show up under pkgsrc, since pkgsrc uses
the platform's libtool instead of the script which comes with the
distribution)
2010-11-05 23:37:57 +00:00
agc
863876dc04 Explicitly link netpgpverify with libmj, rather than letting libnetpgp
bring it in.

Fixes a build issue on RHEL 6.
2010-11-05 07:41:20 +00:00
agc
9e1b7959ce Explicitly link netpgp with libmj, rather than letting libnetpgp bring it
in.

Fixes a build issue on RHEL 6.
2010-11-05 07:39:59 +00:00
agc
23e62cae6d Miscellaneous changes to bring the GNU autoconf framework into a state
where a package can be build and install properly.
2010-11-05 03:37:18 +00:00
agc
484002bc2a avoid calling a debug function that's not exported in libnetpgp 2010-11-05 03:30:52 +00:00
agc
e63bd9282f Find the libmj header file in the correct directory 2010-11-05 03:01:57 +00:00
agc
701ed11c84 run autoconf so we can generate a Makefile in src/libmj 2010-11-05 02:50:43 +00:00
agc
2dd0a33d09 generate the Makefile in src/libmj too 2010-11-05 02:36:01 +00:00
agc
9b9aeb8d81 Apply the patch from Peter Pentchev in PR 44041
``When netpgp thinks (even for a little while, even if it
	should change its mind almost immediately) that it's
	processing a detached signature, it sends a message to that
	effect to io->outs.
	This kind of interferes with "netpgp --cat" :)''

Use io->errs instead of io->outs for the informational message.
2010-11-04 16:24:22 +00:00
agc
d22b8667a6 Apply patch from Peter Pentchev in PR 44040
The patch fixes two problems when verifying a clearsigned message:
- a copy/paste error - "litdata" should be "cleartext"
- a use of an uninitialized variable, resulting in freeing
  an uninitialized pointer on the stack... resulting in a segfault
2010-11-04 16:13:35 +00:00
agc
8d65eff422 Note the user-specified cipher has been implemented 2010-11-04 15:40:43 +00:00
agc
4b284f7789 add an additional test for the user-specified cipher 2010-11-04 15:39:42 +00:00
agc
f36027304f allow user-specification of cipher to be used when encrypting packets.
at the user level, this is specified using the --cipher=<ciphername>
option.
2010-11-04 15:39:08 +00:00
agc
f7745f8410 allow user-specification of cipher to be used when encrypting packets.
preserve the CAST5 default for now.

at the user level, this is specified using the --cipher=<ciphername>
option.
2010-11-04 15:38:45 +00:00
agc
c59501b234 Add the new --cipher option to usage message, pointed out by Thomas
Klausner -- thanks, wiz!
2010-11-04 13:45:30 +00:00
wiz
9569e8e4ad Bump date for --cipher. 2010-11-04 09:30:33 +00:00
agc
a4afbbbf7e use the correct manual page name 2010-11-04 07:47:30 +00:00
agc
ea2cbd9f75 Only include camellia cipher if openssl supports it 2010-11-04 07:35:08 +00:00
agc
87dbcd56bd add a Makefile.in file for libmj 2010-11-04 07:33:46 +00:00
agc
722a40f938 autoconf guard for <openssl/camellia.h> 2010-11-04 07:03:41 +00:00
agc
46e6961a97 update version string to 20101103 2010-11-04 07:02:25 +00:00
agc
da498fd5a2 Update base version to 20101103
Add openssl/camellia.h to the list of header files we look for in autoconf

Re-generate configure scripts
2010-11-04 07:01:52 +00:00
agc
f8aefef305 + add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm)
as specified in RFC 5581
+ add the camellia cipher implementation from openssl
2010-11-04 06:46:15 +00:00
agc
3dc7aea18b Update to version 3.99.13:
+ add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm)
  as specified in RFC 5581
+ add the camellia cipher implementation from openssl
2010-11-04 06:45:28 +00:00
agc
839eb285fa put RFC 5581 in the reference section 2010-11-04 06:42:22 +00:00
agc
3002456f79 Add RFC5581 in the reference section - The Camellia Cipher in OpenPGP 2010-11-04 06:40:25 +00:00
agc
9104ca5d0a check return values from memory allocation routines in symmetric key
initialisation. return an error if allocation failed.

modify symmetric key initialisation function signature to return an
indication of success or failure.

get rid of one-time typedef for function definitions; their indirection
does not add any extra insight, and just obfuscates the declarations.
2010-11-04 01:18:34 +00:00
agc
eb60d56a8c Clean up the test home directory in "make distclean"
Patch from Peter Pentchev in PR 44025.
2010-11-03 02:40:34 +00:00
agc
9e52ba5c80 Escape hyphens properly in manual pages, so that groff can handle them.
Patch from Peter Pentchev in PR 44026.
2010-11-03 02:36:12 +00:00
agc
40764fcb17 Don't call exit(3) from library context - brought in with the initial
import, so pink (rather than red) face here.

Pointed out by Peter Pentchev in PR 44027. Thanks!
2010-11-03 02:27:56 +00:00