netpgp

Alistair G. Crooks Tue, 23 Oct 2012 08:01:06 -0700

Module Name:    src
Committed By:   agc
Date:           Tue Oct 23 15:00:57 UTC 2012


Modified Files:
        src/crypto/external/bsd/netpgp/bin/netpgpverify [agc-netpgp-standalone]:
            Makefile
        src/crypto/external/bsd/netpgp/dist/src/libverify 
[agc-netpgp-standalone]:
            libnetpgpverify.3 libverify.c verify.h
Added Files:
        src/crypto/external/bsd/netpgp/bin/netpgpverify [agc-netpgp-standalone]:
            dsa-pubring.gpg expected36 expected37 expected38 expected39
            expected40 expected41 expected42 expected43

Log Message:
Fix a tyop in the getopt string so that it specifies that -k takes an
argument - makes the specification of public keyrings work again.

Make pgpv_verify return a cookie if the signature matches, rather than
just a plain pseudo-boolean value.  The cookie can be used
subsequently to retrieve the verified data

Use the cookie as input to pgp_get_verified()

Add tests for DSA key verification


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.3 -r1.1.2.4 \
    src/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile
cvs rdiff -u -r0 -r1.1.2.1 \
    src/crypto/external/bsd/netpgp/bin/netpgpverify/dsa-pubring.gpg \
    src/crypto/external/bsd/netpgp/bin/netpgpverify/expected36 \
    src/crypto/external/bsd/netpgp/bin/netpgpverify/expected37 \
    src/crypto/external/bsd/netpgp/bin/netpgpverify/expected38 \
    src/crypto/external/bsd/netpgp/bin/netpgpverify/expected39 \
    src/crypto/external/bsd/netpgp/bin/netpgpverify/expected40 \
    src/crypto/external/bsd/netpgp/bin/netpgpverify/expected41 \
    src/crypto/external/bsd/netpgp/bin/netpgpverify/expected42 \
    src/crypto/external/bsd/netpgp/bin/netpgpverify/expected43
cvs rdiff -u -r1.1.2.3 -r1.1.2.4 \
    src/crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3
cvs rdiff -u -r1.1.2.5 -r1.1.2.6 \
    src/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c
cvs rdiff -u -r1.1.2.4 -r1.1.2.5 \
    src/crypto/external/bsd/netpgp/dist/src/libverify/verify.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile
diff -u src/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile:1.1.2.3 src/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile:1.1.2.4
--- src/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile:1.1.2.3	Sat Oct 20 12:22:00 2012
+++ src/crypto/external/bsd/netpgp/bin/netpgpverify/Makefile	Tue Oct 23 15:00:56 2012
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.1.2.3 2012/10/20 12:22:00 agc Exp $
+# $NetBSD: Makefile,v 1.1.2.4 2012/10/23 15:00:56 agc Exp $
 
 .include <bsd.own.mk>
 
@@ -14,12 +14,6 @@ LDADD+=-lnetpgpverify
 
 CPPFLAGS+=-I${EXTDIST}/libverify
 
-# XXX - debugging
-#CPPFLAGS+=-g -O0
-#LDFLAGS+=-g -O0
-#CPPFLAGS+=-O3
-#LDFLAGS+=-O3
-
 LIBNETPGPVERIFYDIR!=   cd ${.CURDIR}/../../lib/verify && ${PRINTOBJDIR}
 LDADD+=         -L${LIBNETPGPVERIFYDIR} -lnetpgpverify
 DPADD+=         ${LIBNETPGPVERIFYDIR}/libnetpgpverify.a
@@ -90,3 +84,27 @@ t: ${PROG}
 	env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -c cat det.sig > output35
 	diff expected35 output35
 	rm -f output35
+	env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in1.gpg > output36
+	diff expected36 output36
+	rm -f output36
+	env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg < in1.gpg > output37
+	diff expected37 output37
+	rm -f output37
+	env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg in1.asc > output38
+	diff expected38 output38
+	rm -f output38
+	env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg < in1.asc > output39
+	diff expected39 output39
+	rm -f output39
+	env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat in1.gpg > output40
+	diff expected40 output40
+	rm -f output40
+	env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat < in1.gpg > output41
+	diff expected41 output41
+	rm -f output41
+	env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat in1.asc > output42
+	diff expected42 output42
+	rm -f output42
+	env LD_LIBRARY_PATH=${LIBNETPGPVERIFYDIR} ./${PROG} -k dsa-pubring.gpg -c cat < in1.asc > output43
+	diff expected43 output43
+	rm -f output43

Index: src/crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3
diff -u src/crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3:1.1.2.3 src/crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3:1.1.2.4
--- src/crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3:1.1.2.3	Sat Oct 20 06:01:57 2012
+++ src/crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3	Tue Oct 23 15:00:56 2012
@@ -1,4 +1,4 @@
-.\" $NetBSD: libnetpgpverify.3,v 1.1.2.3 2012/10/20 06:01:57 agc Exp $
+.\" $NetBSD: libnetpgpverify.3,v 1.1.2.4 2012/10/23 15:00:56 agc Exp $
 .\"
 .\" Copyright (c) 2012 Alistair Crooks <[email protected]>
 .\" All rights reserved.
@@ -23,7 +23,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd October 20, 2012
+.Dd October 21, 2012
 .Dt LIBNETPGPVERIFY 3
 .Os
 .Sh NAME
@@ -37,13 +37,13 @@
 .Fo pgpv_read_pubring
 .Fa "pgpv_t *pgp" "const char *keyring"
 .Fc
-.Ft int
+.Ft size_t
 .Fo pgpv_verify
 .Fa "pgpv_cursor_t *cursor" "pgpv_t *pgp" "const void *ptr" "ssize_t size"
 .Fc
 .Ft size_t
 .Fo pgpv_get_verified
-.Fa "pgpv_cursor_t *cursor" "unsigned entry" "char **ret"
+.Fa "pgpv_cursor_t *cursor" "size_t cookie " "char **ret"
 .Fc
 .Ft size_t
 .Fo pgpv_get_entry
@@ -79,9 +79,13 @@ argument should be set to
 .Dv -1
 whilst a positive size signals that the pointer value should be that
 of signed memory.
+.Fn pgpv_verify
+returns a cookie if the ignature was verified, or 0 if it did not.
+This cookie can subsequently be used to retrieve the data which
+was verified.
 .Pp
 If the signature does match, then the file or memory can be considered as being
-verified as being unmodified.
+verified as being unmodified and unchanged, integrally sound.
 .Pp
 Signatures have validity dates on them, and it is possible for a signature to
 have expired when it is being checked.
@@ -99,7 +103,8 @@ To do this, the
 function is used.
 Arguments to
 .Fn pgpv_get_verified
-are the entry number of the verification, and the returned data and its size.
+are the cookie returned from the verification, and a buffer
+allocated for the returned data and its size.
 If an error occurs, or the signature is not verified, a zero value is returned
 for the size.
 .Nm

Index: src/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c
diff -u src/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c:1.1.2.5 src/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c:1.1.2.6
--- src/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c:1.1.2.5	Mon Oct 22 08:35:13 2012
+++ src/crypto/external/bsd/netpgp/dist/src/libverify/libverify.c	Tue Oct 23 15:00:56 2012
@@ -1105,7 +1105,7 @@ read_pkt(pgpv_t *pgp, pgpv_mem_t *mem)
 	pkt.mement = (uint8_t)(mem - ARRAY_ARRAY(pgp->areas));
 	pkt.s.data = &mem->mem[mem->cc];
 	if (strchr(mem->allowed, pkt.tag) == NULL) {
-		printf("packet %d not allowed\n", pkt.tag);
+		printf("packet %d not allowed for operation %s\n", pkt.tag, pgp->op);
 		return 0;
 	}
 	size = pkt.s.size;
@@ -2010,7 +2010,7 @@ pgpv_find_keyid(pgpv_t *pgp, const char 
 }
 
 /* verify the signed packets we have */
-int
+size_t
 pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size)
 {
 	pgpv_signature_t	*signature;
@@ -2101,9 +2101,9 @@ pgpv_verify(pgpv_cursor_t *cursor, pgpv_
 	if (key_expired(pubkey, cursor->why, sizeof(cursor->why))) {
 		return 0;
 	}
-	ARRAY_APPEND(cursor->datacookies, (unsigned)pkt);
+	ARRAY_APPEND(cursor->datacookies, pkt);
 	ARRAY_APPEND(cursor->found, primary);
-	return 1;
+	return pkt + 1;
 }
 
 /* set up the pubkey keyring */
@@ -2118,7 +2118,7 @@ pgpv_read_pubring(pgpv_t *pgp, const cha
 
 /* get verified data as a string, return its size */
 size_t
-pgpv_get_verified(pgpv_cursor_t *cursor, unsigned ent, char **ret)
+pgpv_get_verified(pgpv_cursor_t *cursor, size_t cookie, char **ret)
 {
 	pgpv_litdata_t		*litdata;
 	uint8_t			*data;
@@ -2126,11 +2126,10 @@ pgpv_get_verified(pgpv_cursor_t *cursor,
 	size_t			 pkt;
 
 	*ret = NULL;
-	if (cursor == NULL || ent >= ARRAY_COUNT(cursor->datacookies)) {
+	if (cursor == NULL || cookie == 0) {
 		return 0;
 	}
-	pkt = ARRAY_ELEMENT(cursor->datacookies, ent);
-	if ((pkt = find_onepass(cursor, pkt)) == 0) {
+	if ((pkt = find_onepass(cursor, cookie - 1)) == 0) {
 		return 0;
 	}
 	litdata = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt).u.litdata;

Index: src/crypto/external/bsd/netpgp/dist/src/libverify/verify.h
diff -u src/crypto/external/bsd/netpgp/dist/src/libverify/verify.h:1.1.2.4 src/crypto/external/bsd/netpgp/dist/src/libverify/verify.h:1.1.2.5
--- src/crypto/external/bsd/netpgp/dist/src/libverify/verify.h:1.1.2.4	Sat Oct 20 15:58:46 2012
+++ src/crypto/external/bsd/netpgp/dist/src/libverify/verify.h	Tue Oct 23 15:00:56 2012
@@ -247,7 +247,7 @@ typedef struct pgpv_cursor_t {
 	char			*value;			/* value we're searching for */
 	void			*ptr;			/* for regexps etc */
 	PGPV_ARRAY(uint32_t,	 found);		/* array of matched subscripts */
-	PGPV_ARRAY(uint32_t,	 datacookies);		/* cookies to retrieve matched data */
+	PGPV_ARRAY(size_t,	 datacookies);		/* cookies to retrieve matched data */
 	int64_t			 sigtime;		/* time of signature */
 	char			 why[128];		/* reason for bad signature */
 } pgpv_cursor_t;
@@ -266,8 +266,8 @@ __BEGIN_DECLS
 
 int pgpv_read_pubring(pgpv_t */*pgp*/, const char */*keyring*/);
 
-int pgpv_verify(pgpv_cursor_t */*cursor*/, pgpv_t */*pgp*/, const void */*mem/file*/, ssize_t /*size*/);
-size_t pgpv_get_verified(pgpv_cursor_t */*cursor*/, unsigned /*ent*/, char **/*ret*/);
+size_t pgpv_verify(pgpv_cursor_t */*cursor*/, pgpv_t */*pgp*/, const void */*mem/file*/, ssize_t /*size*/);
+size_t pgpv_get_verified(pgpv_cursor_t */*cursor*/, size_t /*cookie*/, char **/*ret*/);
 
 size_t pgpv_get_entry(pgpv_t */*pgp*/, unsigned /*ent*/, char **/*ret*/);
 

Added files:

Index: src/crypto/external/bsd/netpgp/bin/netpgpverify/dsa-pubring.gpg
Index: src/crypto/external/bsd/netpgp/bin/netpgpverify/expected36
diff -u /dev/null src/crypto/external/bsd/netpgp/bin/netpgpverify/expected36:1.1.2.1
--- /dev/null	Tue Oct 23 15:00:57 2012
+++ src/crypto/external/bsd/netpgp/bin/netpgpverify/expected36	Tue Oct 23 15:00:56 2012
@@ -0,0 +1,7 @@
+Good signature for in1.gpg made Sun Oct 21 19:36:06 2012
+signature  3072/DSA 263fe78562e2fc7e 2012-10-21
+fingerprint:  d2e5 07b6 5d59 33d3 9c8d a618 263f e785 62e2 fc7e 
+uid              David Armstrong (Test DSA key - do not use) <[email protected]>
+encryption 2048/Elgamal (Encrypt Only) 53d1f21240f293c6 2012-10-21 [Expiry 2014-10-21]
+fingerprint:  6a83 d4aa 791f d8af a967 5e44 53d1 f212 40f2 93c6 
+
Index: src/crypto/external/bsd/netpgp/bin/netpgpverify/expected37
diff -u /dev/null src/crypto/external/bsd/netpgp/bin/netpgpverify/expected37:1.1.2.1
--- /dev/null	Tue Oct 23 15:00:57 2012
+++ src/crypto/external/bsd/netpgp/bin/netpgpverify/expected37	Tue Oct 23 15:00:56 2012
@@ -0,0 +1,7 @@
+Good signature for [stdin] made Sun Oct 21 19:36:06 2012
+signature  3072/DSA 263fe78562e2fc7e 2012-10-21
+fingerprint:  d2e5 07b6 5d59 33d3 9c8d a618 263f e785 62e2 fc7e 
+uid              David Armstrong (Test DSA key - do not use) <[email protected]>
+encryption 2048/Elgamal (Encrypt Only) 53d1f21240f293c6 2012-10-21 [Expiry 2014-10-21]
+fingerprint:  6a83 d4aa 791f d8af a967 5e44 53d1 f212 40f2 93c6 
+
Index: src/crypto/external/bsd/netpgp/bin/netpgpverify/expected38
diff -u /dev/null src/crypto/external/bsd/netpgp/bin/netpgpverify/expected38:1.1.2.1
--- /dev/null	Tue Oct 23 15:00:57 2012
+++ src/crypto/external/bsd/netpgp/bin/netpgpverify/expected38	Tue Oct 23 15:00:56 2012
@@ -0,0 +1,7 @@
+Good signature for in1.asc made Sun Oct 21 15:47:58 2012
+signature  3072/DSA 263fe78562e2fc7e 2012-10-21
+fingerprint:  d2e5 07b6 5d59 33d3 9c8d a618 263f e785 62e2 fc7e 
+uid              David Armstrong (Test DSA key - do not use) <[email protected]>
+encryption 2048/Elgamal (Encrypt Only) 53d1f21240f293c6 2012-10-21 [Expiry 2014-10-21]
+fingerprint:  6a83 d4aa 791f d8af a967 5e44 53d1 f212 40f2 93c6 
+
Index: src/crypto/external/bsd/netpgp/bin/netpgpverify/expected39
diff -u /dev/null src/crypto/external/bsd/netpgp/bin/netpgpverify/expected39:1.1.2.1
--- /dev/null	Tue Oct 23 15:00:57 2012
+++ src/crypto/external/bsd/netpgp/bin/netpgpverify/expected39	Tue Oct 23 15:00:57 2012
@@ -0,0 +1,7 @@
+Good signature for [stdin] made Sun Oct 21 15:47:58 2012
+signature  3072/DSA 263fe78562e2fc7e 2012-10-21
+fingerprint:  d2e5 07b6 5d59 33d3 9c8d a618 263f e785 62e2 fc7e 
+uid              David Armstrong (Test DSA key - do not use) <[email protected]>
+encryption 2048/Elgamal (Encrypt Only) 53d1f21240f293c6 2012-10-21 [Expiry 2014-10-21]
+fingerprint:  6a83 d4aa 791f d8af a967 5e44 53d1 f212 40f2 93c6 
+
Index: src/crypto/external/bsd/netpgp/bin/netpgpverify/expected40
diff -u /dev/null src/crypto/external/bsd/netpgp/bin/netpgpverify/expected40:1.1.2.1
--- /dev/null	Tue Oct 23 15:00:57 2012
+++ src/crypto/external/bsd/netpgp/bin/netpgpverify/expected40	Tue Oct 23 15:00:57 2012
@@ -0,0 +1,6 @@
+#	$NetBSD: expected40,v 1.1.2.1 2012/10/23 15:00:57 agc Exp $
+
+SUBDIR+=	lib .WAIT
+SUBDIR+=	bin
+
+.include <bsd.subdir.mk>
Index: src/crypto/external/bsd/netpgp/bin/netpgpverify/expected41
diff -u /dev/null src/crypto/external/bsd/netpgp/bin/netpgpverify/expected41:1.1.2.1
--- /dev/null	Tue Oct 23 15:00:57 2012
+++ src/crypto/external/bsd/netpgp/bin/netpgpverify/expected41	Tue Oct 23 15:00:57 2012
@@ -0,0 +1,6 @@
+#	$NetBSD: expected41,v 1.1.2.1 2012/10/23 15:00:57 agc Exp $
+
+SUBDIR+=	lib .WAIT
+SUBDIR+=	bin
+
+.include <bsd.subdir.mk>
Index: src/crypto/external/bsd/netpgp/bin/netpgpverify/expected42
diff -u /dev/null src/crypto/external/bsd/netpgp/bin/netpgpverify/expected42:1.1.2.1
--- /dev/null	Tue Oct 23 15:00:57 2012
+++ src/crypto/external/bsd/netpgp/bin/netpgpverify/expected42	Tue Oct 23 15:00:57 2012
@@ -0,0 +1,6 @@
+#	$NetBSD: expected42,v 1.1.2.1 2012/10/23 15:00:57 agc Exp $
+
+SUBDIR+=	lib .WAIT
+SUBDIR+=	bin
+
+.include <bsd.subdir.mk>
Index: src/crypto/external/bsd/netpgp/bin/netpgpverify/expected43
diff -u /dev/null src/crypto/external/bsd/netpgp/bin/netpgpverify/expected43:1.1.2.1
--- /dev/null	Tue Oct 23 15:00:57 2012
+++ src/crypto/external/bsd/netpgp/bin/netpgpverify/expected43	Tue Oct 23 15:00:57 2012
@@ -0,0 +1,6 @@
+#	$NetBSD: expected43,v 1.1.2.1 2012/10/23 15:00:57 agc Exp $
+
+SUBDIR+=	lib .WAIT
+SUBDIR+=	bin
+
+.include <bsd.subdir.mk>

CVS commit: [agc-netpgp-standalone] src/crypto/external/bsd/netpgp

Reply via email to