Merge commit 'dkg/master'

9 files changed, 143 insertions, 42 deletions

diff --git a/man/man1/pem2openpgp.1 b/man/man1/pem2openpgp.1
index 8ac230b..ae75b11 100644
--- a/man/man1/pem2openpgp.1
+++ b/man/man1/pem2openpgp.1
@@ -4,24 +4,82 @@
 .Os
 .Sh NAME
 pem2openpgp
-.Nd translate PEM encoded keys to OpenPGP keys
+.Nd translate PEM-encoded RSA keys to OpenPGP certificates
 .Sh SYNOPSIS
-.Nm pem2openpgp $USERID < mykey.pem 
+.Nm pem2openpgp "$USERID" < mykey.pem | gpg --import
 .Pp
-.Nm ??? gpg --export $KEYID | openpgp2ssh $KEYID
-.Pp
-.Nm ????gpg --export-secret-key $KEYID | openpgp2ssh $KEYID
+.Nm PEM2OPENPGP_EXPIRATION=$((86400 * $DAYS)) PEM2OPENPGP_USAGE_FLAGS=authentication,certify pem2openpgp "$USERID" <mykey.pem
 .Sh DESCRIPTION
 .Nm
-WRITE ME!!!
+is a low-level utility for transforming raw, PEM-encoded RSA secret
+keys into OpenPGP-formatted certificates.  The generated certificates
+include the secret key material, so they should be handled carefully.
+.Pp
+It works as an element within a pipeline: feed it the raw key on
+stdin, supply the desired User ID as a command line argument.  Note
+that you may need to quote the string to ensure that it is entirely in
+a single argument.
+.Pp
+Other choices about how to generate the new OpenPGP certificate are
+governed by environment variables.
+.Sh ENVIRONMENT
+The following environment variables influence the behavior of
+.Nm :
+.Pp
+.ti 3
+\fBPEM2OPENPGP_TIMESTAMP\fP controls the timestamp (measured in
+seconds since the UNIX epoch) indicated as the creation time (a.k.a
+"not valid before") of the generated certificate.  By default,
+.Nm
+uses the current time.
+.Pp
+.ti 3
+\fBPEM2OPENPGP_USAGE_FLAGS\fP should contain a comma-separated list of
+valid OpenPGP usage flags (see section 5.2.3.21 of RFC 4880 for what
+these mean).  The available choices are: certify, sign, encrypt_comms,
+encrypt_storage, encrypt (this means both encrypt_comms and
+encrypt_storage), authenticate, split, shared.  By default, 
+.Nm
+only sets the certify flag.
+.Pp
+.ti 3
+\fBPEM2OPENPGP_EXPIRATION\fP sets an expiration (measured in seconds
+after the creation time of the key) in each self-signature packet.  By
+default, no expiration subpacket is included.
+.Pp
+.ti 3
+\fBPEM2OPENPGP_NEWKEY\fP indicates that
+.Nm
+should ignore stdin, and instead generate a new key internally and
+build the certificate based on this new key.  Set this variable to the
+number of bits for the new key (e.g. 2048).  By default (when this is
+unset), 
+.Nm
+will read the key from stdin.
 .Sh AUTHOR
 .Nm
 and this man page were written by Daniel Kahn Gillmor
 <dkg@fifthhorseman.net>.
 .Sh BUGS
+Only handles RSA keys at the moment.  It would be nice to handle DSA
+keys as well.
+.Pp
+Currently only creates certificates with a single User ID.  Should be
+able to create certificates with multiple User IDs.
+.Pp
+Currently only accepts unencrypted RSA keys.  It should be able to
+deal with passphrase-locked key material.
+.Pp
+Currently outputs OpenPGP certificates with cleartext secret key
+material.  It would be good to be able to lock the output with a
+passphrase.
+.Pp
+If you find other bugs, please report them at
+https://labs.riseup.net/code/projects/show/monkeysphere
 .Sh SEE ALSO
 .Xr openpgp2ssh 1,
 .Xr monkeysphere 1 ,
 .Xr monkeysphere 7 ,
 .Xr ssh 1 ,
-.Xr monkeysphere-server 8
+.Xr monkeysphere-host 8 ,
+.Xr monkeysphere-authentication 8
diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp
index e905644..2631da6 100755
--- a/src/keytrans/pem2openpgp
+++ b/src/keytrans/pem2openpgp
@@ -347,13 +347,16 @@ sub fingerprint {
   return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody);
 }
 
-# we're just not dealing with newline business right now.  slurp in
-# the whole file.
-undef $/;
-my $buf = <STDIN>;
 
-
-my $rsa = Crypt::OpenSSL::RSA->new_private_key($buf);
+my $rsa;
+if (defined $ENV{PEM2OPENPGP_NEWKEY}) {
+  $rsa = Crypt::OpenSSL::RSA->generate_key($ENV{PEM2OPENPGP_NEWKEY});
+} else {
+  # we're just not dealing with newline business right now.  slurp in
+  # the whole file.
+  undef $/;
+  $rsa = Crypt::OpenSSL::RSA->new_private_key(<STDIN>);
+}
 
 $rsa->use_sha1_hash();
 
@@ -495,11 +498,8 @@ my $datatosign =
   $sig_data_to_be_hashed.
   $trailer;
 
-print STDERR $datatosign;
-
 my $data_hash = Digest::SHA1::sha1_hex($datatosign);
 
-
 my $issuer_packet = pack('CCa8', 9, $subpacket_types->{issuer}, $keyid);
 
 my $sig = Crypt::OpenSSL::Bignum->new_from_bin($rsa->sign($datatosign));
diff --git a/src/share/ma/setup b/src/share/ma/setup
index 422cfd3..034f047 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -53,17 +53,8 @@ EOF
 
 	local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 </dev/urandom | base64))
     
-	local TMPLOC=$(mktemp -d "${MATMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
-
-	# generate the key with ssh-keygen...
-	log debug "generating ssh key ($CORE_KEYLENGTH bits)..."
-	ssh-keygen -q -b "$CORE_KEYLENGTH" -t rsa -N '' -f "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core"
-	# and then translate to openpgp encoding and import
-	# FIXME: pem2openpgp currently sets the A flag and a short
-	# expiration date.  We should set the C flag and no expiration
-	# date.
-	log debug "converting ssh key to openpgp key and importing into core..."
-	< "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core"
+	log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..."
+	PEM2OPENPGP_USAGE_FLAGS=certify PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core"
 
 	# get fingerprint of core key.  should definitely not be empty at this point
 	log debug "get core key fingerprint..."
diff --git a/src/share/mh/import_key b/src/share/mh/import_key
index 2e73a8c..93afb0a 100644
--- a/src/share/mh/import_key
+++ b/src/share/mh/import_key
@@ -17,7 +17,7 @@ local hostName
 local userID
 local fingerprint
 
-# check for presense of secret key
+# check for presence of secret key
 # FIXME: is this the proper test to be doing here?
 fingerprint_host_key >/dev/null \
 	&& failure "An OpenPGP host key already exists."
@@ -32,8 +32,7 @@ chmod 700 "$GNUPGHOME_HOST"
 
 log verbose "importing ssh key..."
 # translate ssh key to a private key
-(umask 077 && \
-	pem2openpgp "$userID" | gpg_host --import)
+PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | gpg_host --import
 
 # find the key fingerprint of the newly converted key
 fingerprint=$(fingerprint_host_key)
diff --git a/tests/basic b/tests/basic
index 5c6b4bb..d9399f0 100755
--- a/tests/basic
+++ b/tests/basic
@@ -17,7 +17,8 @@ set -e
 # piped commands should return the code of the first non-zero return
 set -o pipefail
 
-export TESTDIR=$(dirname "$0")
+# make sure the TESTDIR is an absolute path, not a relative one.
+export TESTDIR=$(cd $(dirname "$0") && pwd)
 
 source "$TESTDIR"/common
 
@@ -32,6 +33,7 @@ which socat >/dev/null || { echo "You must have socat installed to run this test
 
 # gpg command for test admin user
 gpgadmin() {
+    chmod 0700 "$TEMPDIR"/admin
     GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@"
 }
 
@@ -89,12 +91,8 @@ trap failed_cleanup EXIT
 ## the tests, not system-wide:
 
 # make temp dir
-TEMPDIR="$TESTDIR"/tmp
-if [ -e "$TEMPDIR" ] ; then
-    echo "tempdir '$TEMPDIR' already exists."
-    exit 1
-fi
-mkdir -p "$TEMPDIR"
+mkdir -p "$TESTDIR"/tmp
+TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX")
 
 # Use the local copy of executables first, instead of system ones.
 # This should help us test without installing.
@@ -130,6 +128,7 @@ cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/
 # set up environment for testuser
 export TESTHOME="$TEMPDIR"/testuser
 export GNUPGHOME="$TESTHOME"/.gnupg
+chmod 0700 "$GNUPGHOME"
 export SSH_ASKPASS="$TESTHOME"/.ssh/askpass
 export MONKEYSPHERE_HOME="$TESTHOME"/.monkeysphere
 cat <<EOF >> "$TESTHOME"/.ssh/config
@@ -207,7 +206,7 @@ echo "##################################################"
 echo "### setup monkeysphere authentication..."
 cp "$TESTDIR"/etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/
 cat <<EOF >> "$TEMPDIR"/monkeysphere-authentication.conf
-AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authentication/authorized_user_ids"
+AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authorized_user_ids"
 EOF
 monkeysphere-authentication setup
 get_gpg_prng_arg >> "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf
@@ -236,7 +235,7 @@ gpgadmin --armor --export "$HOSTKEYID" | gpg --import
 # teach the "server" about the testuser's key
 echo "##################################################"
 echo "### export testuser key to server..."
-gpg --export testuser | monkeysphere-authentication gpg-cmd --import
+gpg --export testuser | monkeysphere-authentication expert gpg-cmd --import
 
 # update authorized_keys for user
 echo "##################################################"
@@ -247,7 +246,7 @@ monkeysphere-authentication update-users $(whoami)
 ######################################################################
 ### TESTS
 
-# connect to test sshd, using monkeysphere-ssh-proxycommand to verify
+# connect to test sshd, using monkeysphere ssh-proxycommand to verify
 # the identity before connection.  This should work in both directions!
 echo "##################################################"
 echo "### ssh connection test for success..."
diff --git a/tests/etc/monkeysphere/monkeysphere-authentication.conf b/tests/etc/monkeysphere/monkeysphere-authentication.conf
index 9cc396f..b4ecc05 100644
--- a/tests/etc/monkeysphere/monkeysphere-authentication.conf
+++ b/tests/etc/monkeysphere/monkeysphere-authentication.conf
@@ -1,4 +1,4 @@
-# Base monkeysphere-server.conf for monkeysphere tests
+# Base monkeysphere-authentication.conf for monkeysphere tests
 
 # AUTHORIZED_USER_IDS variable will be added dynamically during test.
 
diff --git a/tests/home/testuser/.ssh/proxy-command b/tests/home/testuser/.ssh/proxy-command
index 21c66fa..214cc23 100755
--- a/tests/home/testuser/.ssh/proxy-command
+++ b/tests/home/testuser/.ssh/proxy-command
@@ -3,6 +3,7 @@
 # simple socket-based proxy-command wrapper for testing monkeysphere.
 
 # pass this thing the host, the port, and the socket.
+which monkeysphere >&2
 
-monkeysphere-ssh-proxycommand --no-connect "$1" "$2" && \
+monkeysphere ssh-proxycommand --no-connect "$1" "$2" && \
 exec socat STDIO UNIX:"$3"
diff --git a/tests/keytrans b/tests/keytrans
index e1ccda5..285d17b 100755
--- a/tests/keytrans
+++ b/tests/keytrans
@@ -78,3 +78,11 @@ diff -u \
     <(PEM2OPENPGP_USAGE_FLAGS=sign,certify \
     PEM2OPENPGP_TIMESTAMP="$timestamp" pem2openpgp testtest < \
     "$TEMPDIR"/test.pem | hd )
+
+trap - EXIT
+
+echo "##################################################"
+echo " Monkeysphere keytrans test completed successfully!"
+echo "##################################################"
+
+cleanup
diff --git a/website/news/plans-for-the-bezoar.mdwn b/website/news/plans-for-the-bezoar.mdwn
new file mode 100644
index 0000000..0fb2c5b
--- /dev/null
+++ b/website/news/plans-for-the-bezoar.mdwn
@@ -0,0 +1,45 @@
+[[meta title="Plans for The Golden Bezoar"]]
+
+A workday with several Monkeysphere contributors on 2009-01-31
+resulted in a significant reorganization of the project in several
+areas, primarily driven by the realization that there are two
+fundamentally different concepts on the server side: 
+
+* publishing host keys via the Web-of-Trust (WoT), and
+* authenticating users via the WoT.
+
+For simplicity and clarity, those two concepts should be independent
+from each other, but earlier releases of the Monkeysphere tangled the
+two up together more than we probably should have.
+
+So the next release, version 0.23 (a.k.a. *The Golden Bezoar*) will
+have the following significant changes:
+
+* __user interface__: `/usr/sbin/monkeysphere-server` is no more, and
+  its functionality will be split out into
+  `/usr/sbin/monkeysphere-host` (for functionality dealing with
+  publishing the ssh host key through the WoT) and
+  `/usr/sbin/monkeysphere-authentication` (for functionality dealing
+  with authenticating users via the
+  WoT). `/usr/bin/monkeysphere-ssh-proxycommand` has been folded into
+  `/usr/bin/monkeysphere` itself as a new subcommand.
+
+* __code__: the subfunctions are now stored in their own separate
+  files, and sourced as-needed by the three top-level commands.  The
+  test suite has also been re-written to reflect the above UI changes.
+
+* __documentation__: in addition to making the man pages reflect the
+  above UI changes, we're rewriting the "getting started"
+  [documentation](/doc/) to use the conceptually-cleaner distinctions
+  above.
+
+* __data storage__: `/var/lib/monkeysphere` itself has been
+  re-organized with the aim of keeping the host/authentication
+  distinction clear, simplifying the internal use of `gpg`, and
+  facilitating privilege-separated access.
+
+*The Golden Bezoar* will also feature the ability to painlessly
+publish your current ssh host key to the WoT without needing to re-key
+the server.  If you're considering adopting the Monkeysphere in the
+near future, we recommend waiting for 0.23 to be released, as it
+should be conceptually clearer and easier to use.