summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Goins <mjgoins@openflows.com>2009-07-11 19:14:43 -0400
committerMatthew Goins <mjgoins@openflows.com>2009-07-11 19:14:43 -0400
commit68aabdc3af7409b66787a68e97a1ce67d695299c (patch)
treef6d89497c79cb4146d17282e45d8edd404dc3a80
parentb6bd17157915c420b8cda418abc4c658e2da83c6 (diff)
parent028617f7160596fabfc5f9123a4cc9a6445aaa59 (diff)
Merge commit 'dkg/master'
-rwxr-xr-xMakefile1
-rw-r--r--packaging/debian/changelog3
-rw-r--r--packaging/debian/control4
-rwxr-xr-xsrc/share/keytrans8
-rwxr-xr-xtests/basic2
-rwxr-xr-xtests/keytrans55
6 files changed, 50 insertions, 23 deletions
diff --git a/Makefile b/Makefile
index 5f87a16..1744ea8 100755
--- a/Makefile
+++ b/Makefile
@@ -81,6 +81,7 @@ releasenote:
./utils/build-releasenote
test:
+ MONKEYSPHERE_TEST_NO_EXAMINE=true ./tests/keytrans
MONKEYSPHERE_TEST_NO_EXAMINE=true ./tests/basic
.PHONY: all tarball debian-package freebsd-distinfo clean install installman releasenote test
diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index b5d067b..ec68e14 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -9,6 +9,7 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
ports
- add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key
- pem2openpgp now generates self-sigs over SHA-256 instead of SHA-1
+ (changes dependency to libdigest-sha-perl)
- some portability improvements
- properly handle translation of keys with fingerprints with leading
all-zero bytes.
@@ -16,7 +17,7 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
(closes MS #917)
- explicitly set and use MONKEYSPHERE_GROUP from system "groups"
(closes: #534008)
- * update Standard-Version to 3.8.2
+ * update Standard-Version to 3.8.2 (no changes needed)
-- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 11 Jul 2009 18:55:25 -0400
diff --git a/packaging/debian/control b/packaging/debian/control
index 5f1444c..bbed4b4 100644
--- a/packaging/debian/control
+++ b/packaging/debian/control
@@ -3,7 +3,7 @@ Section: net
Priority: extra
Maintainer: Jameson Graef Rollins <jrollins@finestructure.net>
Uploaders: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Build-Depends: debhelper (>= 7.0), socat, openssh-server, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha1-perl, lockfile-progs | procmail
+Build-Depends: debhelper (>= 7.0), socat, openssh-server, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha-perl, lockfile-progs | procmail
Standards-Version: 3.8.2
Homepage: http://web.monkeysphere.info/
Vcs-Git: git://git.monkeysphere.info/monkeysphere
@@ -11,7 +11,7 @@ Dm-Upload-Allowed: yes
Package: monkeysphere
Architecture: all
-Depends: openssh-client, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha1-perl, lockfile-progs | procmail, adduser, ${misc:Depends}
+Depends: openssh-client, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha-perl, lockfile-progs | procmail, adduser, ${misc:Depends}
Recommends: netcat | socat, ssh-askpass, cron
Enhances: openssh-client, openssh-server
Description: use the OpenPGP web of trust to verify ssh connections
diff --git a/src/share/keytrans b/src/share/keytrans
index 326bfb1..3e6bdf6 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -54,7 +54,7 @@ use File::Basename;
use Crypt::OpenSSL::RSA;
use Crypt::OpenSSL::Bignum;
use Crypt::OpenSSL::Bignum::CTX;
-use Digest::SHA1;
+use Digest::SHA;
use MIME::Base64;
use POSIX;
@@ -416,7 +416,7 @@ sub fingerprint {
my $rsabody = make_rsa_pub_key_body($key, $key_timestamp);
- return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody);
+ return Digest::SHA::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody);
}
@@ -446,7 +446,7 @@ sub pem2openpgp {
my $sigtype = pack('C', $certtype);
# RSA
my $pubkey_algo = pack('C', $asym_algos->{rsa});
- # SHA1
+ # SHA256
my $hash_algo = pack('C', $digests->{sha256});
# FIXME: i'm worried about generating a bazillion new OpenPGP
@@ -581,7 +581,7 @@ sub pem2openpgp {
$sig_data_to_be_hashed.
$trailer;
- my $data_hash = Digest::SHA1::sha1_hex($datatosign);
+ my $data_hash = Digest::SHA::sha256_hex($datatosign);
my $issuer_packet = pack('CCa8', 9, $subpacket_types->{issuer}, $keyid);
diff --git a/tests/basic b/tests/basic
index 5907154..3386f76 100755
--- a/tests/basic
+++ b/tests/basic
@@ -35,7 +35,7 @@ perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl mo
On debian-derived systems, you can set this up with:
apt-get install libcrypt-openssl-rsa-perl" ; exit 1; }
-perl -MDigest::SHA1 -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA1 installed to run this test.
+perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test.
On debian-derived systems, you can set this up with:
apt-get install libdigest-sha1-perl" ; exit 1; }
diff --git a/tests/keytrans b/tests/keytrans
index 285d17b..199db31 100755
--- a/tests/keytrans
+++ b/tests/keytrans
@@ -17,12 +17,19 @@ set -e
# piped commands should return the code of the first non-zero return
set -o pipefail
-export TESTDIR=$(dirname "$0")
+# make sure the TESTDIR is an absolute path, not a relative one.
+export TESTDIR=$(cd $(dirname "$0") && pwd)
source "$TESTDIR"/common
-## setup trap
-trap failed_cleanup EXIT
+perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl module Crypt::OpenSSL::RSA installed to run this test.
+On debian-derived systems, you can set this up with:
+ apt-get install libcrypt-openssl-rsa-perl" ; exit 1; }
+
+perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test.
+On debian-derived systems, you can set this up with:
+ apt-get install libdigest-sha1-perl" ; exit 1; }
+
######################################################################
### SETUP VARIABLES
@@ -30,17 +37,19 @@ trap failed_cleanup EXIT
## set up some variables to ensure that we're operating strictly in
## the tests, not system-wide:
-# make temp dir
-TEMPDIR="$TESTDIR"/tmp
-if [ -e "$TEMPDIR" ] ; then
- echo "tempdir '$TEMPDIR' already exists."
- exit 1
-fi
-mkdir -p "$TEMPDIR"
+mkdir -p "$TESTDIR"/tmp
+TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX")
+
+mkdir "$TEMPDIR"/bin
+ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/openpgp2ssh
+ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/pem2openpgp
# Use the local copy of executables first, instead of system ones.
# This should help us test without installing.
-export PATH="$TESTDIR"/../src/keytrans:"$PATH"
+export PATH="$TEMPDIR"/bin:"$PATH"
+
+## setup trap
+trap failed_cleanup EXIT
######################################################################
### TEST KEYTRANS
@@ -49,6 +58,14 @@ echo "##################################################"
echo "### generating openpgp key..."
export GNUPGHOME="$TEMPDIR"
chmod 700 "$TEMPDIR"
+
+
+# create the key with the same preferences that monkeysphere uses.
+cat > "$TEMPDIR"/gpg.conf <<EOF
+default-preference-list SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 ZLIB BZIP2 ZIP AES256 AES192 AES CAST5 3DES
+cert-digest-algo SHA256
+EOF
+
# generate a key
gpg --batch --$(get_gpg_prng_arg) --gen-key <<EOF
Key-Type: RSA
@@ -71,13 +88,21 @@ echo "### exporting key to ssh file..."
gpg --export-secret-key | openpgp2ssh > \
"$TEMPDIR"/test.pem
+gpg --export-secret-key > "$TEMPDIR"/secret.key
+
+PEM2OPENPGP_USAGE_FLAGS=sign,certify \
+PEM2OPENPGP_TIMESTAMP="$timestamp" pem2openpgp testtest \
+ < "$TEMPDIR"/test.pem > "$TEMPDIR"/converted.secret.key
+
echo "##################################################"
echo "### reconvert key, and compare to key in gpg keyring..."
diff -u \
- <(gpg --export-secret-key | hd) \
- <(PEM2OPENPGP_USAGE_FLAGS=sign,certify \
- PEM2OPENPGP_TIMESTAMP="$timestamp" pem2openpgp testtest < \
- "$TEMPDIR"/test.pem | hd )
+ <(gpg --list-packets < "$TEMPDIR"/secret.key) \
+ <(gpg --list-packets < "$TEMPDIR"/converted.secret.key)
+
+diff -u \
+ <(hd "$TEMPDIR"/secret.key) \
+ <(hd "$TEMPDIR"/converted.secret.key)
trap - EXIT