leviathan
/
netpgp-et
forked from pEp.foundation/netpgp-et
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
An improved fork of NetBSD's OpenPGP implementation; maintained by the p≡p foundation.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
592 Commits
2 Branches
45 MiB
Tree: df0053cbfc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'df0053cbfc'
${ noResults }
netpgp-et/dist/src/lib/keyring.h

171 lines
6.1 KiB
Raw Normal View History

Commit the weekend's changes: + minor name changes + remove duplicated code (commented out) in packet-print.c + original code contained abstraction violations for hash size - fix them + get rid of some magic constants related to length of hash arrays + allow a choice of hash algorithms for the signature digest (rather than hardcoding SHA1 - it is looking as though collisions are easier to manufacture based on recent findings) + move default signature RSA hash algorithm to SHA256 (from SHA1). This is passed as a string parameter from the high-level interface. We'll revisit this later after a good way to specify the algorithm has been found. + display the size of the keys in --list-packets + display the keydata prior to file decryption
13 years ago
Initial revision
13 years ago
+ got rid of "local" header files. These aren't necessary since the openpgpsdk code was modified to all be in the same directory + added netpgp_getvar() and netpgp_setvar(), and use them to get and set the user id and hash algorithm preference + get rid of <stdbool.h> usage - I'm still not sure this is the way we should be going long term, but the bool changes got integrated with the others, and are there in cvs history if we want to resurrect them. Correct autoconf accordingly. Bump netpgp minimus version, and autoconf-based date version. + updated documentation to reflect these changes
13 years ago
Initial revision
13 years ago
add a minimalist JSON implementation, and add a new function to access the data, and serialise it using JSON.
12 years ago
Initial revision
13 years ago
+ only prompt for the passphrase for the secret key if the secret key is protected by a passphrase
13 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
Initial revision
13 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
Initial revision
13 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
+ don't use arrays of length 1 to hold single instances of characters, unsigned or not - just use a single character itself + misc cleanup + rename cinfo to "output" and ops_createinfo_t to "ops_output_t" to be a bit more descriptive + shorten some long names + get rid of test for libgen.h - it's not needed anymore + bump to version 0.99.4, and 20090515 sources, regenerate configure and co + numerous name changes to be more consistent and more concise + add verbosity level to the variables that can be set and retrieved by netpgp_setvar() and netpgp_getvar() + added --verbose option to netpgp(1) + add __RCSID() to all files
13 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
Update netpgp to version 1.99.20/20100304 - portability improvements, and bug fixes: Changes to 1.99.20/20100304 + move args to some functions around to be consistent + use uint*_t where appropriate + fix bug in verify memory + add documentation to manual pages to show how to do combined signing/encryption and decryption/verification + make verification of ascii-armoured memory work the same as binary + eliminate use of strdup(3), strcasecmp(3), and strptime(3). NetBSD/pkgsrc PR 42922 applies - need to define _XOPEN_SOURCE and _BSD_SOURCE for newer linux platforms with glibc 2.10.1. solved a bit differently, by implementing strdup(3) and strcasecmp(3) independently, and using regexps to avoid calling strptime(3).
13 years ago
+ rationalise birthtime/expiration timestamps into a single function + clean up some 64-bit (amd64) lint
12 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
Added 'get' key by fingerprint, 'delelet' key by id an by fingerprint
7 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
+ don't use arrays of length 1 to hold single instances of characters, unsigned or not - just use a single character itself + misc cleanup + rename cinfo to "output" and ops_createinfo_t to "ops_output_t" to be a bit more descriptive + shorten some long names + get rid of test for libgen.h - it's not needed anymore + bump to version 0.99.4, and 20090515 sources, regenerate configure and co + numerous name changes to be more consistent and more concise + add verbosity level to the variables that can be set and retrieved by netpgp_setvar() and netpgp_getvar() + added --verbose option to netpgp(1) + add __RCSID() to all files
13 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
+ When using ssh keys, use the first key as the default userid, unless specified. + The internal variable "sshetcdir" has been renamed to "sshkeydir" + When matching the text fields in the username, use an ICASE, NOSUB, EXTENDED regular expression. This allows more advanced ways of searching, such as: % netpgpkeys --list-keys '\.de\>' to find all the keys in the default keyring which have an email address in Germany. This is actually surprisingly useful.
13 years ago
Added 'get' key by fingerprint, 'delelet' key by id an by fingerprint
7 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
netpgp_save_pubring (ok), netpgp_save_secring (broken), raw initial key packet for generated keys
7 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
+ don't use arrays of length 1 to hold single instances of characters, unsigned or not - just use a single character itself + misc cleanup + rename cinfo to "output" and ops_createinfo_t to "ops_output_t" to be a bit more descriptive + shorten some long names + get rid of test for libgen.h - it's not needed anymore + bump to version 0.99.4, and 20090515 sources, regenerate configure and co + numerous name changes to be more consistent and more concise + add verbosity level to the variables that can be set and retrieved by netpgp_setvar() and netpgp_getvar() + added --verbose option to netpgp(1) + add __RCSID() to all files
13 years ago
Initial revision
13 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
netpgp_save_pubring (ok), netpgp_save_secring (broken), raw initial key packet for generated keys
7 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
CHANGES 1.99.7 -> 1.99.8 + get rid of __ops_malloc_passphrase() - strdup() works just as well + generalise __ops_seckey_forget() to become __ops_forget(), give it a size parameter, and make it work on things other than secret keys (passphrases for instance) + minor struct field enum renaming + minor function call renaming + add ops_io_t struct to hold pointers to IO streams, and pass it down where necessary
13 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
CHANGES 1.99.8 -> 1.99.9 + make more use of __ops_io_t structure + addition of standalone, stripped-down netpgpverify utility + addition of test for --list-packets on an empty file + bring forward some simplifications from netpgpverify + some name changes + get rid of the increment and then decrement keycount around accumulated data ("it's to do with counting") + then use unsigned integers for the size and counts for the dynamic array of keys, and use the common dynamic array macros for keys in a keyring + if it's a union, let's use it as a union, not a struct + modified documentation to correct the --list-packets command (sorry, ver) + add a new directory structure for both the distribution and the reachover Makefiles. The autotest framework has been partially overhauled but more TLC is needed here. + add a --pass-fd=n option so that external programs can provide the passphrase on a file descriptor without going through the callback, requested by joerg
13 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
Initial revision
13 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
Initial revision
13 years ago
pgp_encrypt_buf now accepts multiple recipients and raw openPGP message as input
7 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
Add the ability to use ssh host keys (on the fly) to provide RSA keys. These keys can be used in the same way as normal PGP keys - to sign, verify, encrypt and decrypt files and data. % cp configure a % sudo netpgp --ssh-keys --sign --userid 1e00404a a Password: pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11 Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a % sudo chmod 644 a.gpg % netpgp --ssh-keys --verify a.gpg netpgp: default key set to "C0596823" can't open '/etc/ssh/ssh_host_rsa_key' Good signature for a.gpg made Fri Dec 4 23:04:36 2009 using RSA (Encrypt or Sign) key 040180871e00404a pub 1024/RSA (Encrypt or Sign) 040180871e00404a 2008-08-11 Key fingerprint: c4aa b385 4796 e6ce 606c f0c2 0401 8087 1e00 404a uid osx-vm1.crowthorne.alistaircrooks.co.uk (/etc/ssh/ssh_host_rsa_key.pub) <root@osx-vm1.crowthorne.alistaircrooks.co.uk> % uname -a NetBSD osx-vm1.crowthorne.alistaircrooks.co.uk 5.99.20 NetBSD 5.99.20 (ISCSI) #0: Wed Oct 7 17:16:33 PDT 2009 agc@osx-vm1.crowthorne.alistaircrooks.co.uk:/usr/obj/i386/usr/src/sys/arch/i386/compile/ISCSI i386 % The ssh host keys do not need to be manipulated in any way - the information is read from existing files.
13 years ago
Take the internal functions and definitions back out of the implementation namespace: :g/\<__ops/s//pgp/g :g/\<__OPS/s//__PGP/g :g/\<OPS/s//PGP/g No functional change, regression tests complete successfully.
12 years ago
Changes to 1.99.16/20100205 + minor simplifications to netpgp(1) internally + fix a bug in netpgp_verify_file where a non-existent file while listing packets would cause a SIGSEGV + add duration arg to netpgp(1), and check for validity when verifying signatures + add birthtime arg to netpgp(1), and check for validity when verifying signatures + add netpgp commands to print pubkey, if desired + allow the passphrase for the signature to be taken from --pass-fd + get rid of static indent value when printing packet contents + print signature validity times when verifying a file's signature
13 years ago
+ got rid of "local" header files. These aren't necessary since the openpgpsdk code was modified to all be in the same directory + added netpgp_getvar() and netpgp_setvar(), and use them to get and set the user id and hash algorithm preference + get rid of <stdbool.h> usage - I'm still not sure this is the way we should be going long term, but the bool changes got integrated with the others, and are there in cvs history if we want to resurrect them. Correct autoconf accordingly. Bump netpgp minimus version, and autoconf-based date version. + updated documentation to reflect these changes
13 years ago
 
  1. /*-

  2.  * Copyright (c) 2009 The NetBSD Foundation, Inc.
  3.  * All rights reserved.
  4.  *
  5.  * This code is derived from software contributed to The NetBSD Foundation
  6.  * by Alistair Crooks (agc@NetBSD.org)
  7.  *
  8.  * Redistribution and use in source and binary forms, with or without
  9.  * modification, are permitted provided that the following conditions
  10.  * are met:
  11.  * 1. Redistributions of source code must retain the above copyright
  12.  *    notice, this list of conditions and the following disclaimer.
  13.  * 2. Redistributions in binary form must reproduce the above copyright
  14.  *    notice, this list of conditions and the following disclaimer in the
  15.  *    documentation and/or other materials provided with the distribution.
  16.  *
  17.  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  18.  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  19.  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  20.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  21.  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  22.  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  23.  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  24.  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  25.  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  26.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  27.  * POSSIBILITY OF SUCH DAMAGE.
  28.  */
  29. /*

  30.  * Copyright (c) 2005-2008 Nominet UK (www.nic.uk)
  31.  * All rights reserved.
  32.  * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
  33.  * their moral rights under the UK Copyright Design and Patents Act 1988 to
  34.  * be recorded as the authors of this copyright work.
  35.  *
  36.  * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  37.  * use this file except in compliance with the License.
  38.  *
  39.  * You may obtain a copy of the License at
  40.  *     http://www.apache.org/licenses/LICENSE-2.0

  41.  *
  42.  * Unless required by applicable law or agreed to in writing, software
  43.  * distributed under the License is distributed on an "AS IS" BASIS,
  44.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  45.  *
  46.  * See the License for the specific language governing permissions and
  47.  * limitations under the License.
  48.  */
  49. 

  50. /** \file

  51.  */
  52. 

  53. #ifndef KEYRING_H_

  54. #define KEYRING_H_

  55. 

  56. #include "packet.h"

  57. #include "packet-parse.h"

  58. #include "mj.h"

  59. 

  60. enum {
  61. 	MAX_ID_LENGTH		= 128,
  62. 	MAX_PASSPHRASE_LENGTH	= 256
  63. };
  64. 

  65. typedef struct pgp_key_t	pgp_key_t;
  66. 

  67. /** \struct pgp_keyring_t

  68.  * A keyring
  69.  */
  70. typedef struct pgp_keyring_t {
  71. 	DYNARRAY(pgp_key_t,	key);
  72. 	pgp_hash_alg_t	hashtype;
  73. } pgp_keyring_t;
  74. 

  75. const pgp_key_t *pgp_getkeybyid(pgp_io_t *,
  76. 					const pgp_keyring_t *,
  77. 					const uint8_t *,
  78. 					unsigned *,
  79. 					pgp_pubkey_t **);
  80. unsigned pgp_deletekeybyid(pgp_io_t *, 
  81.                     pgp_keyring_t *,
  82. 			        const uint8_t *);
  83. const pgp_key_t *pgp_getkeybyfpr(pgp_io_t *,
  84. 					const pgp_keyring_t *,
  85. 			        const uint8_t *fpr,
  86.                     size_t length,
  87. 					unsigned *,
  88. 					pgp_pubkey_t **);
  89. unsigned pgp_deletekeybyfpr(pgp_io_t *, 
  90.                     pgp_keyring_t *,
  91. 			        const uint8_t *fpr,
  92.                     size_t length);
  93. const pgp_key_t *pgp_getkeybyname(pgp_io_t *,
  94. 					const pgp_keyring_t *,
  95. 					const char *);
  96. const pgp_key_t *pgp_getnextkeybyname(pgp_io_t *,
  97. 					const pgp_keyring_t *,
  98. 					const char *,
  99. 					unsigned *);
  100. void pgp_key_free(pgp_key_t *);
  101. void pgp_keydata_free(pgp_key_t *);
  102. int pgp_keydata_dup(pgp_key_t *, pgp_key_t *, unsigned);
  103. void pgp_keyring_free(pgp_keyring_t *);
  104. void pgp_dump_keyring(const pgp_keyring_t *);
  105. const pgp_pubkey_t *pgp_get_pubkey(const pgp_key_t *);
  106. unsigned   pgp_is_key_secret(const pgp_key_t *);
  107. const pgp_seckey_t *pgp_get_seckey(const pgp_key_t *);
  108. pgp_seckey_t *pgp_get_writable_seckey(pgp_key_t *);
  109. pgp_seckey_t *pgp_decrypt_seckey(const pgp_key_t *, void *);
  110. 

  111. unsigned   pgp_keyring_fileread(pgp_keyring_t *, const unsigned,
  112. 					const char *);
  113. 

  114. int pgp_keyring_list(pgp_io_t *, const pgp_keyring_t *, const int);
  115. int pgp_keyring_json(pgp_io_t *, const pgp_keyring_t *, mj_t *, const int);
  116. 

  117. void pgp_set_seckey(pgp_contents_t *, const pgp_key_t *);
  118. void pgp_forget(void *, unsigned);
  119. 

  120. const uint8_t *pgp_get_key_id(const pgp_key_t *);
  121. unsigned pgp_get_userid_count(const pgp_key_t *);
  122. const uint8_t *pgp_get_userid(const pgp_key_t *, unsigned);
  123. unsigned pgp_is_key_supported(const pgp_key_t *);
  124. 

  125. uint8_t *pgp_add_userid(pgp_key_t *, const uint8_t *);
  126. pgp_subpacket_t *pgp_add_subpacket(pgp_key_t *,
  127. 						const pgp_subpacket_t *);
  128. pgp_subpacket_t *pgp_replace_subpacket(pgp_key_t *,
  129.                                        const pgp_subpacket_t *,
  130.                                        unsigned );
  131. 

  132. unsigned pgp_add_selfsigned_userid(pgp_key_t *, uint8_t *);
  133. 

  134. pgp_key_t  *pgp_keydata_new(void);
  135. void pgp_keydata_init(pgp_key_t *, const pgp_content_enum);
  136. 

  137. int pgp_parse_and_accumulate(pgp_keyring_t *, pgp_stream_t *);
  138. 

  139. int pgp_sprint_keydata(pgp_io_t *, const pgp_keyring_t *,
  140. 			const pgp_key_t *, char **, const char *,
  141. 			const pgp_pubkey_t *, const int);
  142. int pgp_sprint_mj(pgp_io_t *, const pgp_keyring_t *,
  143. 			const pgp_key_t *, mj_t *, const char *,
  144. 			const pgp_pubkey_t *, const int);
  145. int pgp_hkp_sprint_keydata(pgp_io_t *, const pgp_keyring_t *,
  146. 			const pgp_key_t *, char **,
  147. 			const pgp_pubkey_t *, const int);
  148. void pgp_print_keydata(pgp_io_t *, const pgp_keyring_t *, const pgp_key_t *,
  149. 			const char *, const pgp_pubkey_t *, const int);
  150. void pgp_print_sig(pgp_io_t *, const pgp_key_t *, const char *,
  151. 			const pgp_pubkey_t *);
  152. void pgp_print_pubkey(const pgp_pubkey_t *);
  153. int pgp_sprint_pubkey(const pgp_key_t *, char *, size_t);
  154. 

  155. int pgp_list_packets(pgp_io_t *,
  156. 			char *,
  157. 			unsigned,
  158. 			pgp_keyring_t *,
  159. 			pgp_keyring_t *,
  160. 			void *,
  161. 			pgp_cbfunc_t *);
  162. 

  163. char *pgp_export_key(pgp_io_t *, const pgp_key_t *, uint8_t *);
  164. 

  165. int pgp_keyring_add(pgp_keyring_t *, const pgp_key_t *);
  166. int pgp_add_to_pubring(pgp_keyring_t *, const pgp_pubkey_t *, pgp_content_enum tag);
  167. int pgp_add_to_secring(pgp_keyring_t *, const pgp_seckey_t *);
  168. 

  169. int pgp_append_keyring(pgp_keyring_t *, pgp_keyring_t *);
  170. 

  171. #endif /* KEYRING_H_ */