Commit Graph

2013 Commits

Author SHA1 Message Date
tteras
731159f704 Extern admin protocol to allow reply packets to exceed 64kb. E.g SA dumps
with many established SAs can be easily over the limit.
2010-11-12 09:08:26 +00:00
agc
b2d38cefdf Bring the netpgpverify(1) manual page into line with current output, etc.
With thanks to Jeremy Reed for the fixes.
2010-11-11 04:51:18 +00:00
agc
98c5ed6b49 make this compile on amd64: clean up a debug statement, pointed out by jak 2010-11-11 01:08:26 +00:00
agc
b0df0a2281 Changes to 3.99.15/20101110
+ add support for partial blocks, defined in rfc 4880, and used fairly
extensively by gnupg where the input size may not be known in advance
(e.g. for encrypted compressed data, as produced by default by gpg -e)
2010-11-11 00:58:04 +00:00
agc
2e1539dfc7 Rename internal ops-ssh.h header file to ssh2pgp.h to better reflect its
use.
2010-11-07 21:41:38 +00:00
agc
67149907d3 Fix a build problem on OpenBSD (we're not the only one who has trouble
with their header files, it seems - insight from the tor project mailing
list).

And just so that the search engines can find it:

> In file included from ssh2pgp.c:39:
> /usr/include/arpa/inet.h:74: warning: 'struct in_addr' declared inside parameter list
> /usr/include/arpa/inet.h:74: warning: its scope is only this definition or declaration, which is probably not what you want
> /usr/include/arpa/inet.h:75: warning: 'struct in_addr' declared inside parameter list
> *** Error code 1

is fixed by including <netinet/in.h> before <arpa/inet.h> - found after a
long-distance debug session with Anthony Bentley - thanks!
2010-11-07 21:16:00 +00:00
agc
fc1f8641b7 Take the internal functions and definitions back out of the implementation
namespace:

	:g/\<__ops/s//pgp/g
	:g/\<__OPS/s//__PGP/g
	:g/\<OPS/s//PGP/g

No functional change, regression tests complete successfully.
2010-11-07 08:39:59 +00:00
agc
3184965a25 Elgamal encryption and decryption has been done - take it off the list of
tasks to do.
2010-11-07 07:34:27 +00:00
agc
c2430ca2f9 Add Elgamal decryption to netpgp. Inspired by (BSD-licensed) the
Elgamal decryption code from Postgresql by Marko Kreen.

% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% netpgp -d < f.gpg > f.netpgp
netpgp: default key set to "d4a643c5"
signature  1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid              Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>
encryption 2048/Elgamal (Encrypt-Only) a97a7db6d727bc1e 2010-05-19 [EXPIRES 2013-05-18]
netpgp passphrase:
% ls -al f*
-rw-r--r--  1 agc  agc  5730 Nov  6 23:53 f
-rw-------  1 agc  agc  1727 Nov  6 23:53 f.gpg
-rw-r--r--  1 agc  agc  5730 Nov  6 23:54 f.netpgp
% diff f f.netpgp
%

This makes DSA keys into first class citizens, since encryption and
decryption using DSA/Elgamal is now supported.
2010-11-07 06:56:52 +00:00
agc
37d8b79b30 Add the ability to perform Elgamal encryption to netpgp. Some of this
code is inspired by the (BSD-licensed) Elgamal crypto code in
Postgresql by Marko Kreen, but netpgp uses BIGNUM numbers instead of
MPIs, and its keys have a completely different structure, so much has
changed.

% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% gpg -d f.gpg > f2

You need a passphrase to unlock the secret key for
user: "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
2048-bit ELG-E key, ID D727BC1E, created 2010-05-19 (main key ID D4A643C5)

gpg: encrypted with 2048-bit ELG-E key, ID D727BC1E, created 2010-05-19
      "Alistair Crooks (DSA TEST KEY - DO NOT USE) <agc@netbsd.org>"
% diff f f2
% ls -al f*
-rw-r--r--  1 agc  agc  5730 Nov  6 05:40 f
-rw-------  1 agc  agc  1727 Nov  6 05:40 f.gpg
-rw-r--r--  1 agc  agc  5730 Nov  6 05:41 f2
%
2010-11-07 02:29:28 +00:00
agc
83b45ea713 specify the libmj.la archive as a pre-req for libnetpgp.la in the
correct way - tested on RHEL 6 and Mac OS X.
2010-11-06 03:42:59 +00:00
agc
aaec28fcb2 re-run automake to pick up changes to Makefile.am files. 2010-11-06 00:14:35 +00:00
agc
243b0fa9b8 Avoid specifying the manual page twice in the Makefile.am files, which
can lead to problems at installation time on some platforms (RHEL 6,
for example), whereas Mac OS X seems to install things fine.
2010-11-06 00:03:32 +00:00
agc
6ca3cd6172 Apply the patch provided in PR 44047 by Peter Pentchev to fix a problem
in the GNU autoconf infrastructure with ltmain.sh script - change all
occurrences of "$echo" to "$ECHO".

(Incidentally, this does not show up under pkgsrc, since pkgsrc uses
the platform's libtool instead of the script which comes with the
distribution)
2010-11-05 23:37:57 +00:00
agc
863876dc04 Explicitly link netpgpverify with libmj, rather than letting libnetpgp
bring it in.

Fixes a build issue on RHEL 6.
2010-11-05 07:41:20 +00:00
agc
9e1b7959ce Explicitly link netpgp with libmj, rather than letting libnetpgp bring it
in.

Fixes a build issue on RHEL 6.
2010-11-05 07:39:59 +00:00
agc
23e62cae6d Miscellaneous changes to bring the GNU autoconf framework into a state
where a package can be build and install properly.
2010-11-05 03:37:18 +00:00
agc
484002bc2a avoid calling a debug function that's not exported in libnetpgp 2010-11-05 03:30:52 +00:00
agc
e63bd9282f Find the libmj header file in the correct directory 2010-11-05 03:01:57 +00:00
agc
701ed11c84 run autoconf so we can generate a Makefile in src/libmj 2010-11-05 02:50:43 +00:00
agc
2dd0a33d09 generate the Makefile in src/libmj too 2010-11-05 02:36:01 +00:00
agc
9b9aeb8d81 Apply the patch from Peter Pentchev in PR 44041
``When netpgp thinks (even for a little while, even if it
	should change its mind almost immediately) that it's
	processing a detached signature, it sends a message to that
	effect to io->outs.
	This kind of interferes with "netpgp --cat" :)''

Use io->errs instead of io->outs for the informational message.
2010-11-04 16:24:22 +00:00
agc
d22b8667a6 Apply patch from Peter Pentchev in PR 44040
The patch fixes two problems when verifying a clearsigned message:
- a copy/paste error - "litdata" should be "cleartext"
- a use of an uninitialized variable, resulting in freeing
  an uninitialized pointer on the stack... resulting in a segfault
2010-11-04 16:13:35 +00:00
agc
8d65eff422 Note the user-specified cipher has been implemented 2010-11-04 15:40:43 +00:00
agc
4b284f7789 add an additional test for the user-specified cipher 2010-11-04 15:39:42 +00:00
agc
f36027304f allow user-specification of cipher to be used when encrypting packets.
at the user level, this is specified using the --cipher=<ciphername>
option.
2010-11-04 15:39:08 +00:00
agc
f7745f8410 allow user-specification of cipher to be used when encrypting packets.
preserve the CAST5 default for now.

at the user level, this is specified using the --cipher=<ciphername>
option.
2010-11-04 15:38:45 +00:00
agc
c59501b234 Add the new --cipher option to usage message, pointed out by Thomas
Klausner -- thanks, wiz!
2010-11-04 13:45:30 +00:00
wiz
9569e8e4ad Bump date for --cipher. 2010-11-04 09:30:33 +00:00
agc
a4afbbbf7e use the correct manual page name 2010-11-04 07:47:30 +00:00
agc
ea2cbd9f75 Only include camellia cipher if openssl supports it 2010-11-04 07:35:08 +00:00
agc
87dbcd56bd add a Makefile.in file for libmj 2010-11-04 07:33:46 +00:00
agc
722a40f938 autoconf guard for <openssl/camellia.h> 2010-11-04 07:03:41 +00:00
agc
46e6961a97 update version string to 20101103 2010-11-04 07:02:25 +00:00
agc
da498fd5a2 Update base version to 20101103
Add openssl/camellia.h to the list of header files we look for in autoconf

Re-generate configure scripts
2010-11-04 07:01:52 +00:00
agc
f8aefef305 + add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm)
as specified in RFC 5581
+ add the camellia cipher implementation from openssl
2010-11-04 06:46:15 +00:00
agc
3dc7aea18b Update to version 3.99.13:
+ add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm)
  as specified in RFC 5581
+ add the camellia cipher implementation from openssl
2010-11-04 06:45:28 +00:00
agc
839eb285fa put RFC 5581 in the reference section 2010-11-04 06:42:22 +00:00
agc
3002456f79 Add RFC5581 in the reference section - The Camellia Cipher in OpenPGP 2010-11-04 06:40:25 +00:00
agc
9104ca5d0a check return values from memory allocation routines in symmetric key
initialisation. return an error if allocation failed.

modify symmetric key initialisation function signature to return an
indication of success or failure.

get rid of one-time typedef for function definitions; their indirection
does not add any extra insight, and just obfuscates the declarations.
2010-11-04 01:18:34 +00:00
agc
eb60d56a8c Clean up the test home directory in "make distclean"
Patch from Peter Pentchev in PR 44025.
2010-11-03 02:40:34 +00:00
agc
9e52ba5c80 Escape hyphens properly in manual pages, so that groff can handle them.
Patch from Peter Pentchev in PR 44026.
2010-11-03 02:36:12 +00:00
agc
40764fcb17 Don't call exit(3) from library context - brought in with the initial
import, so pink (rather than red) face here.

Pointed out by Peter Pentchev in PR 44027. Thanks!
2010-11-03 02:27:56 +00:00
stacktic
fdd702c327 Typo in usage --export-keys -> --export-key 2010-10-31 20:05:04 +00:00
stacktic
df2d91557b PR/42435 : Check pointers against NULL to avoid dereferencing them 2010-10-31 19:45:53 +00:00
agc
22b68feadb Make bz2 {de,}compression dependent on the header file being available.
Fixes an error reported by Anthony Bentley when compiling on OpenBSD,
which apparently lacks bzlib.h (and bz2).

Tests run to completion successfully both with and without bz2 being
available.
2010-10-31 18:31:03 +00:00
tteras
0a922db186 Change Linux Netlink address monitoring to monitor local route changes.
This works around a kernel bug, and slightly improves behaviour on some
special cases.
2010-10-22 06:26:26 +00:00
tteras
84874398b5 Introduce priorities for file descriptor polling mechanism and give
priority to admin port. If admin port is used by ISAKMP-SA hook scripts
they should be preferred, other wise heavy traffic can delay admin port
requests considerably. This in turn may cause renegotiation loop for
ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit
other setups too.
2010-10-21 06:15:28 +00:00
tteras
af50f9e5f9 Remove initial-contact entry when all ISAKMP-SA are purged via adminport.
This will avoid stale security associations if some of the delete
notifications happens to get lost.
2010-10-21 06:04:33 +00:00
tteras
976b63b0c6 Use high-level openssl EVP and HMAC functions when possible: this allows
openssl to perform hardware acceleration if available.
2010-10-20 13:40:02 +00:00
tteras
fa4803bf0a Various improvements to error log messages and a few additional error log
messages to improve diagnosing an error condition.
2010-10-20 13:37:37 +00:00
tteras
49a8dd9d23 Fix address comparison so we actually close sockets which were bound to
IP-address that got deconfigured.
2010-10-20 10:56:39 +00:00
agc
b990d6628e 2 minor changes:
+ when writing out the key as an ssh key, don't include the user id
information at the end, in-line with expectations about standard ssh
key formats

+ since the signing key changed its "menu line" entry from "pub" to
"signature", the offset of the key id moved 7 chars to the right, so
take this into consideration when generating new keys
2010-10-19 00:00:00 +00:00
vanhu
fe1c6ea2f2 report a higher encryption key length in approval for OBEY / CLAIM / STRICT modes 2010-10-11 14:16:30 +00:00
agc
c9aae3a745 fix an off-by-two error when printing out the received key 2010-10-06 10:12:36 +00:00
agc
39e763161d don't try to print a key if an error occurred 2010-10-06 09:58:22 +00:00
agc
29365490e2 fix an off-by-one error when printing the key from the server when retrieving
with the "get" command.

fix up an erroneous error message
2010-10-06 09:57:48 +00:00
vanhu
45f0ad8281 fixed some typos in logs (reported by fazaeli (at) sepehrs.com) 2010-09-27 11:57:59 +00:00
vanhu
1da0e31bfc fixed a fd leak, patch by getlaser (at) gmail.com 2010-09-24 15:09:29 +00:00
vanhu
23e038ba26 get the correct length of username when processing ADMIN_LOGOUT_USER, patch by rweikusat (at) mssgmbh.com 2010-09-22 13:37:35 +00:00
vanhu
40e858e050 fixed a typo in macros, reported by marisp (at) mt.lv 2010-09-22 07:34:51 +00:00
vanhu
a4e6ec9d93 moved from utmp.h to utmpx.h (patch provided by marcin.cieslak (at) gmail.com) 2010-09-21 13:14:17 +00:00
agc
6bae07a6a8 Fix previous differently to avoid over-padding the base64 encoded output,
by being smarter in the decode stage.
2010-09-11 04:08:34 +00:00
agc
25825605ed Allow the user specification of the secret key file as the
--sshkeyfile or -S argument, and check that the public key file exists
before trying to read it.
2010-09-10 20:14:19 +00:00
wiz
145da732a5 Fix a typo. 2010-09-10 12:18:48 +00:00
agc
b1c86f5f08 Add build glue for the example client and server programs for PAA 2010-09-10 05:30:28 +00:00
agc
0a453369f8 Add build glue for libpaa (not yet hooked into the build) 2010-09-10 05:29:12 +00:00
agc
3fb45f3cb6 Add an implementation of the Pubkey Access Authentication Scheme proposed
by Oliver Gould in

	http://www.olix0r.net/PubKeyAccessAuthScheme.txt

This implementation includes an example client and server program, but
is not (yet) hooked into the build.

To quote from Oliver's RFC:

	HTTP services are a core Internet technology, yet the Digest
	authentication scheme provided by RFC 2617 only describes
	authentication by way of shared-secrets (i.e.  passwords).
	This model has operational drawbacks, as authenticating
	services are required to have access to a user's secret (or a
	hash thereof), or retrograde technologies, such as cookies,
	are employed.

	Similarly to SSH's "publickey" authentication method [RFC
	4252], the PubKey Access Authentication scheme allows an HTTP
	server to authenticate clients using public key credentials.

	Like the Digest Access Authentication Scheme [RFC 2617], the
	PubKey.v1 scheme is based on a simple challenge-response
	paradigm.  The PubKey scheme responds to unauthorized clients
	with a challenge value; and a valid response contains a
	cryptographic signature of client's id, the authentication
	realm, and the server's challenge.

	The client's secret never leaves the client.  The server
	verifies the client's signed authorization request with the
	client's published public keys.

libpaa(3) uses libnetpgp(3) for its digital signatures, SHA1Init(3)
for digests, and base64 encoding for transmission of data.
2010-09-10 05:15:16 +00:00
agc
2f6667e4d4 clean up various bits of lint, and one outstanding bug:
+ properly terminate base64-encoded output, fixes a bug whereby if the input
  length was divisible by 3, a bad base64 encoding would ensue
2010-09-10 04:57:17 +00:00
wiz
394defd16e Add RCS Id, use more markup, use standard section headers,
fill in more fields in ECMA-262 reference.
2010-09-08 22:17:27 +00:00
vanhu
71f4bdc1a9 fixed remoteconf selection when no ID specified in configuration, and added some debug to remoteconf selection 2010-09-08 12:18:35 +00:00
agc
73f34b005f Changes to 3.99.12/20100907
+ add a pretty print function mj_pretty(3) to libmj
+ added netpgp_write_sshkey(3) to libnetpgp
+ added pgp2ssh(1)
+ added preliminary support for ElGamal decryption, needed for DSA keys
  as yet untested, unworking, and a WIP
+ add support for using all ssh keys, even those protected by a passphrase,
  for decryption and signing. This rounds off ssh key file support in netpgp.
+ add a single character alias [-S file] for [--sshkeyfile file] to
  netpgpkeys(1) and netpgp(1)

As far as ssh key file support goes, see the following example:

	% cp configure a
	% netpgp -S ~/.ssh/id_rsa.pub -e a
	% netpgp -S ~/.ssh/id_rsa.pub -d a.gpg
	Enter PEM pass phrase:
	% ls -al a a.gpg
	-rwxr-xr-x  1 agc  agc  758398 Sep  7 05:38 a
	-rw-------  1 agc  agc  156886 Sep  7 05:38 a.gpg
	%
2010-09-08 03:21:21 +00:00
agc
711d29d7f2 clarification comment as to why two of the bignums are reversed 2010-09-07 00:25:37 +00:00
wiz
b57aee9386 More markup, end sentence with dot. 2010-09-06 20:33:18 +00:00
agc
ba5555346c Add a utility function, netpgp_write_sshkey(3), which will take a PGP public
key (RSA only) and format it as an ssh pubkey.
2010-09-06 18:19:38 +00:00
agc
ea98f847ab Add a reachover Makefile for pgp2ssh(1). This utility has not yet been
hooked into the build infrastructure.
2010-09-06 18:17:58 +00:00
agc
13b8cf6624 Add pgp2ssh, a utility to retrieve PGP keys via HKP, and to store the keys
in ssh format. In combination with hkpd (using ssh key files), this utility
can be used to distribute ssh pubkey files to remote computers using the
HKP protocol.
2010-09-06 18:16:52 +00:00
agc
4f0925bb20 If we get passed a key which has no subuids, sigs, fingerprint or any
other data, and has been revoked, don't even attempt to print it out.
2010-09-02 07:31:16 +00:00
agc
0bbf5d4831 move the functions to parse the JSON from netpgpkeys(1) into libnetpgp(3)
update the version number for recent changes.

update the date for recent changes.

regenerate the autoconf files.
2010-09-02 06:00:11 +00:00
agc
267df97bea Update hkpd to return its information in JSON (via libmj).
Add a C HKP client.

Provide reachover Makefiles for each, but do not hook them up to the build
just yet.

The HKP client and server can be embedded in other programs.
2010-09-02 05:58:00 +00:00
agc
46af1e88a3 Bump version number for latest changes 2010-09-01 19:46:14 +00:00
agc
4464721681 Various minor changes to netpgp:
+ be smarter when checking for a null id
+ add test for rubbish being returned when listing specific keys in netpgpkeys(1)
+ take the public key from the pubring, not the secring when exporting
  keys
+ allow hkpd to serve ssh keys in pgp format
+ test on whether a seckey is needed, not on a userid needed, for ssh keys
2010-09-01 17:25:57 +00:00
agc
98c1347b2a Denote the signing key with the word "signature" (the encryption key
already has the tag "encryption"). This is a bit more meaningful than
"pub" and "sub".
2010-09-01 06:20:23 +00:00
agc
c2a7bb795c + if we're going to the trouble of testing the return value from the
setoption() function, probably best to return one

+ check for a valid entry in the JSON array instead of trusting that
we have one

+ if there is no JSON value to print, don't print it

+ if we've set the keyring from an ssh key file, then we're using ssh
keys - no need to set that value separately. This means that

	% netpgpkeys --sshkeyfile ~/.ssh/id_test.pub -l
	1 key found
	signature  2048/RSA (Encrypt or Sign) 8368881b3b9832ec 2010-08-26
	Key fingerprint: 3abd bf38 33a5 1f87 d704 ad42 8368 881b 3b98 32ec
	uid              osx-vm1.crowthorne.alistaircrooks.co.uk (/home/agc/.ssh/id_test.pub) <agc@osx-vm1.crowthorne.alistaircrooks.co.uk>

	%

lists ssh pubkeys properly, no need for other tautological arguments
2010-09-01 06:18:21 +00:00
agc
f28c63c7c9 Fix a problem reported by moof whereby the build would fail on Sun2 due
to shared library lossage on the Sun2 platform. Sorry, I thought that the
change had already been made, but it was just to netpgpkeys' Makefile.
2010-09-01 06:02:58 +00:00
vanhu
12865805af fix by Sergio.Gelato (at) astro.su.se: duplicate some dynamic values in duprmconf() 2010-08-26 13:31:55 +00:00
reed
75d9fdeb7e Add copyright and license.
I reported this in October 2009 and it was fixed upstream.
http://github.com/heimdal/heimdal/commits/master/kpasswd/kpasswdd.8
2010-08-25 15:08:22 +00:00
agc
67effcdd3a avoid false positives when matching a (non-existent) encryption subkey
use debugging output to point to the matching key
2010-08-21 19:00:43 +00:00
joerg
398cced2a2 Include DHparams_print_fp 2010-08-21 13:47:37 +00:00
agc
593d671c7e get rid of more 64-bit lint 2010-08-15 16:36:24 +00:00
agc
3f685a7839 fix some more amd64 lint 2010-08-15 16:10:56 +00:00
agc
69d4f30f78 + rationalise birthtime/expiration timestamps into a single function
+ clean up some 64-bit (amd64) lint
2010-08-15 07:52:26 +00:00
agc
a135dcc2d8 get rid of a debugging statement 2010-08-15 02:39:46 +00:00
agc
9b987001ab Changes to 3.99.9/20100809
+ add single character options to netpgp(1) and netpgpkeys(1)
+ add -o long-option(=value)? options to netpgp(1) and netpgpkeys(1)
+ add some small preparations for using the first subkey for encryption
  (much more to follow)
2010-08-13 18:29:40 +00:00
he
d9c41d3081 Add reference to libmj, so that static-linkers (sun2) can make
build progress beyond this point.
2010-08-13 05:16:28 +00:00
drochner
f6781b59b4 fix a double free() in error case, see the thread
"openssl-1.0.0a and glibc detected sthg ;)" in openssl-dev.
I was getting a SEGV with the example posted there.
2010-08-10 11:01:00 +00:00
agc
306ca2b851 fix up 64-bit lint 2010-08-07 04:53:56 +00:00
agc
338b88adf7 re-fix this typo once again... 2010-08-07 04:50:35 +00:00
agc
d7b1bf3228 catch up with autoconf changes 2010-08-07 04:40:07 +00:00
agc
cd0b82c317 Build libraries in the correct order, also waiting for prereqs to build first 2010-08-07 04:34:03 +00:00