| History log of /src/crypto/external/bsd/netpgp/dist/include/netpgp.h |
| Revision | | Date | Author | Comments |
| 1.22 |
| 01-Apr-2018 |
christos | remove unused struct tag.
|
| 1.21 |
| 06-Sep-2010 |
agc | branches: 1.21.10; 1.21.48;
Add a utility function, netpgp_write_sshkey(3), which will take a PGP public
key (RSA only) and format it as an ssh pubkey.
|
| 1.20 |
| 02-Sep-2010 |
agc | move the functions to parse the JSON from netpgpkeys(1) into libnetpgp(3)
update the version number for recent changes.
update the date for recent changes.
regenerate the autoconf files.
|
| 1.19 |
| 07-Aug-2010 |
agc | Catch up the JSON routines being in their own library. Use the JSON routines
to return all the text as a JSON-encoded string for all keys and sigs which
are returned.
|
| 1.18 |
| 16-Mar-2010 |
agc | Changes to 2.99.2/20100315
+ make subkey sigs available by hkp as well as on the command line
+ use the sketchily-defined vindex option to the hkp protocol to
return the subkey signature information
+ add a netpgp_unsetvar() function as a corollary to netpgp_setvar()
+ use a variable name of ''subkey sigs'' to denote that subkey
signatures should be returned with the pubkey uids
|
| 1.17 |
| 13-Mar-2010 |
agc | Changes to 2.99.1/20100313
+ add functionality to parse basic signature subkeys
+ in doing so, add expiration of keys
+ at the same time, add revocation of keys
+ recognise the primary user id, and use it when displaying user ids
+ recognise self signed keys and subkeys
+ rework the indentation of output
+ add the --list-sigs [userid] option to netpgpkeys(1)
+ use memcmp(3) rather than strcmp(3) when checking binary user ids to
be exported
+ add expiration display to subkey signature output
+ update libnetpgp library version major number to 3
|
| 1.16 |
| 05-Mar-2010 |
agc | Update netpgp to version 1.99.20/20100304 - portability improvements, and bug fixes:
Changes to 1.99.20/20100304
+ move args to some functions around to be consistent
+ use uint*_t where appropriate
+ fix bug in verify memory
+ add documentation to manual pages to show how to do combined
signing/encryption and decryption/verification
+ make verification of ascii-armoured memory work the same as binary
+ eliminate use of strdup(3), strcasecmp(3), and strptime(3). NetBSD/pkgsrc
PR 42922 applies - need to define _XOPEN_SOURCE and _BSD_SOURCE for
newer linux platforms with glibc 2.10.1. solved a bit differently, by
implementing strdup(3) and strcasecmp(3) independently, and using regexps
to avoid calling strptime(3).
|
| 1.15 |
| 06-Feb-2010 |
agc | Changes to 1.99.16/20100205
+ minor simplifications to netpgp(1) internally
+ fix a bug in netpgp_verify_file where a non-existent file while listing
packets would cause a SIGSEGV
+ add duration arg to netpgp(1), and check for validity when verifying
signatures
+ add birthtime arg to netpgp(1), and check for validity when verifying
signatures
+ add netpgp commands to print pubkey, if desired
+ allow the passphrase for the signature to be taken from --pass-fd
+ get rid of static indent value when printing packet contents
+ print signature validity times when verifying a file's signature
|
| 1.14 |
| 22-Dec-2009 |
agc | Netpgp changes to 1.99.15/20091221
+ some ssh host keys do not have the username of the generator included
in the key itself. If there is no username in there, create one.
+ added netpgp_encrypt_memory() and netpgp_decrypt_memory()
+ overhaul netpgp(1) to work with stdin/stdout if no filenames specified:
% netpgp --encrypt < a | netpgp --decrypt > b
netpgp: default key set to "C0596823"
netpgp: default key set to "C0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks <alistair@hockley-crooks.com>
netpgp passphrase:
% diff a b
% ls -al a b
-rw-r--r-- 1 agc agc 15243 Dec 20 08:55 a
-rw-r--r-- 1 agc agc 15243 Dec 21 17:15 b
%
% netpgp --sign < a | netpgp --cat > b
netpgp: default key set to "C0596823"
netpgp: default key set to "C0596823"
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks <alistair@hockley-crooks.com>
netpgp passphrase:
Good signature for <stdin> made Mon Dec 21 18:25:02 2009
using RSA (Encrypt or Sign) key 1b68dcfcc0596823
pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <alistair@hockley-crooks.com>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks (Yahoo!) <agcrooks@yahoo-inc.com>
%
+ add explanations of memory-based operations to manual pages
|
| 1.13 |
| 14-Dec-2009 |
agc | Prepare for a new netpgp-20091210 portable release.
Apart from infrastructure changes, there are the following functional ones:
+ Update to version 20091210
+ provide a new netpgp_match_list_keys(3) function to perform a
regular-expression based search of all the keys in the keyring. If no
pattern is specified to match, then all keys are returned.
+ provide a new netpgp_set_homedir(3) function, and use it to set the
home directory from the library, rather than individually in all the
programs which use the library
+ provide a new netpgp_incvar(3) function which will add a constant
increment (which may be negative) to the value of an internal
variable. This is primarily used for the verbosity level within the
library, and is again a movement of the function into the library from
the individual programs which use the library
+ move to the specification of an ssh key file by internal variable,
rather than the directory holding an ssh key file
+ autoconf infrastructure changes
+ take a hammer to the _GNU_SOURCE definitions problems
+ don't rely on strnlen(3) being present everywhere
|
| 1.12 |
| 07-Dec-2009 |
agc | Add a prototype for netpgp_match_list_keys()
|
| 1.11 |
| 19-Nov-2009 |
agc | Commit some changes that have been in a private tree for a while:
+ add a netpgp library function - netpgp_get_key(3) - to print a
specific key
+ add functionality to call this function in netpgpkeys(1)
+ add test for netpgp_get_key
+ add a verbose switch to the tst script
+ add netpgp functions to expose the memory signing and verification
functions - netpgp_sign_memory(3) and netpgp_verify_memory(3)
+ coalesced signing and verification ops file functions
|
| 1.10 |
| 10-Jun-2009 |
agc | CHANGES 1.99.9 -> 1.99.10
+ fix a bug in decryption whereby a bad passphrase would cause a segmentation
violation
+ fix some regressions in key searching in the underlying find keys routines
+ add C++ declaration protection to the external interface in netpgp.h
+ split out the key management parts of netpgp(1) into netpgpkeys(1)
|
| 1.9 |
| 09-Jun-2009 |
agc | CHANGES 1.99.8 -> 1.99.9
+ make more use of __ops_io_t structure
+ addition of standalone, stripped-down netpgpverify utility
+ addition of test for --list-packets on an empty file
+ bring forward some simplifications from netpgpverify
+ some name changes
+ get rid of the increment and then decrement keycount around
accumulated data ("it's to do with counting")
+ then use unsigned integers for the size and counts for the
dynamic array of keys, and use the common dynamic array macros
for keys in a keyring
+ if it's a union, let's use it as a union, not a struct
+ modified documentation to correct the --list-packets command (sorry, ver)
+ add a new directory structure for both the distribution and the
reachover Makefiles. The autotest framework has been partially overhauled
but more TLC is needed here.
+ add a --pass-fd=n option so that external programs can provide the
passphrase on a file descriptor without going through the callback,
requested by joerg
|
| 1.8 |
| 31-May-2009 |
agc | CHANGES 1.99.7 -> 1.99.8
+ get rid of __ops_malloc_passphrase() - strdup() works just as well
+ generalise __ops_seckey_forget() to become __ops_forget(), give it a size
parameter, and make it work on things other than secret keys (passphrases
for instance)
+ minor struct field enum renaming
+ minor function call renaming
+ add ops_io_t struct to hold pointers to IO streams, and pass it down
where necessary
|
| 1.7 |
| 27-May-2009 |
agc | CHANGES 1.99.4 -> 1.99.5
+ Luke Mewburn completely overhauled the auto tools infrastructure
+ changed signature (hah!) of some netpgp file management prototypes to
use const char * for file names and user ids, not char * - suggested by
christos
+ change some of the openpgpsdk display functions to return integer values,
and send those values back from the netpgp functions - suggested by
christos
+ rather than passing a shedload of variables to netpgp_init(), get rid
of them, and set variables using the netpgp_[gs]etvar() interface
+ replace some magic constants with descriptive names
+ use a netpgp variable to skip userid checks if necessary
+ add ability to allow coredumps via --coredumps if (a) you have taken
leave of your sanity, and (b) you have some magical persistent
storage which doesn't spare sectors, and (c) you know how to remove
a file securely
+ bumped library version on NetBSD to 1.0 for interface changes
|
| 1.6 |
| 16-May-2009 |
agc | + don't use arrays of length 1 to hold single instances of characters,
unsigned or not - just use a single character itself
+ misc cleanup
+ rename cinfo to "output" and ops_createinfo_t to "ops_output_t" to
be a bit more descriptive
+ shorten some long names
+ get rid of test for libgen.h - it's not needed anymore
+ bump to version 0.99.4, and 20090515 sources, regenerate configure and co
+ numerous name changes to be more consistent and more concise
+ add verbosity level to the variables that can be set and retrieved by
netpgp_setvar() and netpgp_getvar()
+ added --verbose option to netpgp(1)
+ add __RCSID() to all files
|
| 1.5 |
| 14-May-2009 |
agc | + got rid of "local" header files. These aren't necessary since the openpgpsdk
code was modified to all be in the same directory
+ added netpgp_getvar() and netpgp_setvar(), and use them to get and set the
user id and hash algorithm preference
+ get rid of <stdbool.h> usage - I'm still not sure this is the way we should
be going long term, but the bool changes got integrated with the others,
and are there in cvs history if we want to resurrect them. Correct autoconf
accordingly. Bump netpgp minimus version, and autoconf-based date version.
+ updated documentation to reflect these changes
|
| 1.4 |
| 12-May-2009 |
agc | branches: 1.4.2;
Commit the weekend's changes:
+ minor name changes
+ remove duplicated code (commented out) in packet-print.c
+ original code contained abstraction violations for hash size - fix them
+ get rid of some magic constants related to length of hash arrays
+ allow a choice of hash algorithms for the signature digest (rather
than hardcoding SHA1 - it is looking as though collisions are easier
to manufacture based on recent findings)
+ move default signature RSA hash algorithm to SHA256 (from SHA1). This is
passed as a string parameter from the high-level interface. We'll
revisit this later after a good way to specify the algorithm has been
found.
+ display the size of the keys in --list-packets
+ display the keydata prior to file decryption
|
| 1.3 |
| 05-May-2009 |
agc | + __ops_packet_t -> __ops_subpacket_t
+ __ops_parser_content_t -> __ops_packet_t
+ rename some other long names
51 chars is the record function name length so far
+ preliminary moves to support detached signatures
as yet, incomplete
+ add back command line option to list packets in a signed or encrypted file
+ make __ops_parse() take an argument whether to print errors, and kill the
__ops_parse_and_print_errors() function
+ get rid of some assertions in the code - this is a library - about 100 to go
|
| 1.2 |
| 02-May-2009 |
agc | Make this code WARNS=4
Add an option to the netpgp command to produce a detached signature.
|
| 1.1 |
| 23-Apr-2009 |
agc | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 |
| 23-Apr-2009 |
agc | Import netpgp source into crypto/external - this is a heavily-modified
version of openpgpsdk, and will replace it. Differences between netpgp
and the NetBSD repository version of openpgpsdk are:
+ Wrap source code in GNU autoconf/configure
+ New high-level interface for libnetpgp(3) and netpgp(1)
+ Hide prolifery of local headers in the internal lib directory -
there is now one exported header called netpgp.h
+ Hide all ops_* functions and structs behind __ops_* names
+ Fix long-standing bug - make decryption work with files > 8192 bytes
(fix for signature verification of signed files > 8192 bytes was already
brought forward from the NetBSD repository of openpgpsdk)
+ Use mmap(2) to read files, falls back to read(2) if can't do mmap
+ Compile portable package using libtool
+ Rationalise the number of source files - merge a number of smaller ones
+ Case-insensitive matching of key ids
+ Use PRIsize throughout
+ Use calloc(3) throughout to zero memory
+ Get rid of global symbols which abused a macro
+ Use more descriptive names - remove "_arg_" components, name things for their
purpose, rather than what they are (their type)
+ No more --passphrase= argument to netpgp(1) - this is now always
done through callbacks
+ Report source code date and build date in version number, as well as the
version number itself
This will form the basis of the portable netpgp package.
|
| 1.4.2.2 |
| 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.4.2.1 |
| 12-May-2009 |
jym | file netpgp.h was added on branch jym-xensuspend on 2009-05-13 19:16:02 +0000
|
| 1.21.48.1 |
| 07-Apr-2018 |
pgoyette | Sync with HEAD. 77 conflicts resolved - all of them $NetBSD$
|
| 1.21.10.1 |
| 20-Oct-2012 |
agc | Replace the netpgpverify command and libnetpgpverify in the
agc-netpgp-standalone branch with a completely rewritten "from the RFC
up" version designed to be small, standalone, and easy to maintain.
% ldd bin/netpgpverify/netpgpverify
bin/netpgpverify/netpgpverify:
-lz.1 => /usr/lib/libz.so.1
-lgcc_s.1 => /usr/lib/libgcc_s.so.1
-lc.12 => /usr/lib/libc.so.12
-lbz2.1 => /usr/lib/libbz2.so.1
-lnetpgpverify.4 => /usr/lib/libnetpgpverify.so.4
% ldd lib/verify/libnetpgpverify.so
lib/verify/libnetpgpverify.so:
-lc.12 => /usr/lib/libc.so.12
% ls -al lib/verify/libnetpgpverify* bin/netpgpverify/netpgpverify
-rwxr-xr-x 1 agc agc 10502 Oct 18 20:59 bin/netpgpverify/netpgpverify
-rw-r--r-- 1 agc agc 159720 Oct 18 20:59 lib/verify/libnetpgpverify.a
-rw-r--r-- 1 agc agc 4822 Oct 18 20:59 lib/verify/libnetpgpverify.html3
lrwxr-xr-x 1 agc agc 22 Oct 18 20:59 lib/verify/libnetpgpverify.so -> libnetpgpverify.so.4.0
lrwxr-xr-x 1 agc agc 22 Oct 18 20:59 lib/verify/libnetpgpverify.so.4 -> libnetpgpverify.so.4.0
-rwxr-xr-x 1 agc agc 123069 Oct 18 20:59 lib/verify/libnetpgpverify.so.4.0
-rw-r--r-- 1 agc agc 169696 Oct 18 20:59 lib/verify/libnetpgpverify_p.a
-rw-r--r-- 1 agc agc 149968 Oct 18 20:59 lib/verify/libnetpgpverify_pic.a
%
("Small" here includes the full BIGNUM/mpi functionality required to
verify signatures).
Instead of using extensive callbacks for input data, which have proved
to be fragile and difficult to maintain, as well as precluding uses
elsewhere, this uses straight mmaping of input files where possible,
and falls back to reading if unavailable.
RFC 4880 makes provision for two types of data to be signed, binary
data and text, and text is subject to modification of data before the
signature is made, and is usually opaque. The new netpgpverify(1) can
handle this, our old version could not. DSA signatures are not yet
supported -- watch this space -- but full RSA ones, including those of
text documents like the signed NetBSD release hashes (see PR
bin/46930) are recognised and are included in the regression tests.
% env LD_LIBRARY_PATH=../../lib/verify ./netpgpverify < NetBSD-6.0_hashes.asc
Good signature for [stdin] made Mon Oct 15 09:28:54 2012
signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23
fingerprint: ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e
uid NetBSD Security Officer <security-officer@NetBSD.org>
encryption 4096/RSA (Encrypt or Sign) 9ff2c24fdf2ce620 2009-06-23 [Expiry 2019-06-21]
fingerprint: 1915 0801 fbd8 f45d 89f2 0205 9ff2 c24f df2c e620
%
Redirection from stdin is also supported, as are multiple files, and
detached signatures. Another interesting use is to verify the
signatures, and to retrieve the data only if a signature matches -
this was the old "--cat" command to netpgpverify(1), and it has been
brought forward into the newer version.
% env LD_LIBRARY_PATH=../../lib/verify ./netpgpverify -c cat det.sig | diff det -
%
This is implemented as a library and a small program to call so
that it is easier to embed verification of signatures in scripting
languages, or other source code.
|
