From 4fcff7688ff46ed5d6f8fb013a659f8bce027226 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 3 Feb 2009 21:32:50 -0500 Subject: accept environment variables to adjust the behavior of pem2openpgp --- src/keytrans/pem2openpgp | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'src/keytrans/pem2openpgp') diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp index 3d9f6f8..0910d07 100755 --- a/src/keytrans/pem2openpgp +++ b/src/keytrans/pem2openpgp @@ -352,7 +352,21 @@ my $hash_algo = pack('C', $digests->{sha1}); # could an environment variable (if set) override the current time, to # be able to create a standard key? If we read the key from a file # instead of stdin, should we use the creation time on the file? -my $timestamp = time(); +my $timestamp = $ENV{PEM2OPENPGP_TIMESTAMP}; +if (! defined $timestamp) + $timestamp = time(); + +my $flags = 0; +if (! defined $ENV{PEM2OPENPGP_USAGE_FLAGS}) + $flags = $usage_flags->{authenticate}; +else { + my @ff = split(",", $ENV{PEM2OPENPGP_USAGE_FLAGS}); + foreach $f (@ff) { + if (! defined $usage_flags->{$f}) + die "No such flag $f"; + $flags |= $usage_flags->{$f}; + } +} my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $timestamp); -- cgit v1.2.3 From 17b89ec0f5ff0fce733f60b6973e8fc372d7c037 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 3 Feb 2009 21:36:07 -0500 Subject: stupid perl flailing in pem2openpgp. --- src/keytrans/pem2openpgp | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'src/keytrans/pem2openpgp') diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp index 0910d07..61ce00f 100755 --- a/src/keytrans/pem2openpgp +++ b/src/keytrans/pem2openpgp @@ -352,14 +352,17 @@ my $hash_algo = pack('C', $digests->{sha1}); # could an environment variable (if set) override the current time, to # be able to create a standard key? If we read the key from a file # instead of stdin, should we use the creation time on the file? -my $timestamp = $ENV{PEM2OPENPGP_TIMESTAMP}; -if (! defined $timestamp) +my $timestamp = 0; +if (defined $ENV{PEM2OPENPGP_TIMESTAMP}) { + $timestamp = ($ENV{PEM2OPENPGP_TIMESTAMP} + 0); +} else { $timestamp = time(); +} my $flags = 0; -if (! defined $ENV{PEM2OPENPGP_USAGE_FLAGS}) +if (! defined $ENV{PEM2OPENPGP_USAGE_FLAGS}) { $flags = $usage_flags->{authenticate}; -else { +} else { my @ff = split(",", $ENV{PEM2OPENPGP_USAGE_FLAGS}); foreach $f (@ff) { if (! defined $usage_flags->{$f}) -- cgit v1.2.3 From c18ef1a9a630826e642f33a7077b382cc5a7a25c Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 3 Feb 2009 21:37:29 -0500 Subject: still trying to get clean perl for pem2openpgp --- src/keytrans/pem2openpgp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/keytrans/pem2openpgp') diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp index 61ce00f..8ef6257 100755 --- a/src/keytrans/pem2openpgp +++ b/src/keytrans/pem2openpgp @@ -364,7 +364,7 @@ if (! defined $ENV{PEM2OPENPGP_USAGE_FLAGS}) { $flags = $usage_flags->{authenticate}; } else { my @ff = split(",", $ENV{PEM2OPENPGP_USAGE_FLAGS}); - foreach $f (@ff) { + foreach my $f (@ff) { if (! defined $usage_flags->{$f}) die "No such flag $f"; $flags |= $usage_flags->{$f}; -- cgit v1.2.3 From edb55cada143fb8b42c14d2ec3809dc302ea5c83 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 3 Feb 2009 21:38:11 -0500 Subject: *still* trying to get clean perl for pem2openpgp --- src/keytrans/pem2openpgp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/keytrans/pem2openpgp') diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp index 8ef6257..1aae4fe 100755 --- a/src/keytrans/pem2openpgp +++ b/src/keytrans/pem2openpgp @@ -365,8 +365,9 @@ if (! defined $ENV{PEM2OPENPGP_USAGE_FLAGS}) { } else { my @ff = split(",", $ENV{PEM2OPENPGP_USAGE_FLAGS}); foreach my $f (@ff) { - if (! defined $usage_flags->{$f}) + if (! defined $usage_flags->{$f}) { die "No such flag $f"; + } $flags |= $usage_flags->{$f}; } } -- cgit v1.2.3 From 6965f6fdde9c834b0dff32f406a5eaeba4acb722 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 3 Feb 2009 21:42:06 -0500 Subject: use the environment to determine usage flags (default to certify) --- src/keytrans/pem2openpgp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/keytrans/pem2openpgp') diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp index 1aae4fe..315a2b5 100755 --- a/src/keytrans/pem2openpgp +++ b/src/keytrans/pem2openpgp @@ -361,7 +361,7 @@ if (defined $ENV{PEM2OPENPGP_TIMESTAMP}) { my $flags = 0; if (! defined $ENV{PEM2OPENPGP_USAGE_FLAGS}) { - $flags = $usage_flags->{authenticate}; + $flags = $usage_flags->{certify}; } else { my @ff = split(",", $ENV{PEM2OPENPGP_USAGE_FLAGS}); foreach my $f (@ff) { @@ -378,7 +378,7 @@ my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, # FIXME: HARDCODED: what if someone wants to select a different set of # usage flags? For now, we do only authentication because that's what # monkeysphere needs. -my $usage_packet = pack('CCC', 2, $subpacket_types->{usage_flags}, $usage_flags->{authenticate}); +my $usage_packet = pack('CCC', 2, $subpacket_types->{usage_flags}, $flags); # FIXME: HARDCODED: how should we determine how far off to set the -- cgit v1.2.3 From bc8f6439a96dbae1e0c58d6ac0032f4b043ee692 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 3 Feb 2009 22:19:57 -0500 Subject: bring comments up-to-date and parameterize expiration date. --- src/keytrans/pem2openpgp | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) (limited to 'src/keytrans/pem2openpgp') diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp index 315a2b5..9dead77 100755 --- a/src/keytrans/pem2openpgp +++ b/src/keytrans/pem2openpgp @@ -349,7 +349,7 @@ my $hash_algo = pack('C', $digests->{sha1}); # this script more than once against the same key (because the # timestamps will differ). How can we prevent this? -# could an environment variable (if set) override the current time, to +# this environment variable (if set) overrides the current time, to # be able to create a standard key? If we read the key from a file # instead of stdin, should we use the creation time on the file? my $timestamp = 0; @@ -359,6 +359,9 @@ if (defined $ENV{PEM2OPENPGP_TIMESTAMP}) { $timestamp = time(); } +my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $timestamp); + + my $flags = 0; if (! defined $ENV{PEM2OPENPGP_USAGE_FLAGS}) { $flags = $usage_flags->{certify}; @@ -372,22 +375,17 @@ if (! defined $ENV{PEM2OPENPGP_USAGE_FLAGS}) { } } -my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $timestamp); - - -# FIXME: HARDCODED: what if someone wants to select a different set of -# usage flags? For now, we do only authentication because that's what -# monkeysphere needs. my $usage_packet = pack('CCC', 2, $subpacket_types->{usage_flags}, $flags); -# FIXME: HARDCODED: how should we determine how far off to set the -# expiration date? default is to expire in 2 days, which is insanely -# short (but good for testing). The user ought to be able to decide -# this directly, rather than having to do "monkeysphere-server -# extend-key". -my $expires_in = 86400*2; -my $expiration_packet = pack('CCN', 5, $subpacket_types->{key_expiration_time}, $expires_in); +# how should we determine how far off to set the expiration date? +# default is no expiration. Specify the timestamp in seconds from the +# key creation. +my $expiration_packet = ''; +if (defined $ENV{PEM2OPENPGP_EXPIRATION}) { + my $expires_in = $ENV{PEM2OPENPGP_EXPIRATION} + 0; + $expiration_packet = pack('CCN', 5, $subpacket_types->{key_expiration_time}, $expires_in); +} # prefer AES-256, AES-192, AES-128, CAST5, 3DES: -- cgit v1.2.3 From 325baae0ae5e78fa0a4e9895270d2cd71757f869 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 4 Feb 2009 00:27:35 -0500 Subject: ensure that the output of modular multiplicative inverse is positive. --- src/keytrans/pem2openpgp | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'src/keytrans/pem2openpgp') diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp index 9dead77..7abe52c 100755 --- a/src/keytrans/pem2openpgp +++ b/src/keytrans/pem2openpgp @@ -185,12 +185,18 @@ sub modular_multi_inverse { my $a = shift; my $b = shift; + + my $origdivisor = $b->copy(); + my $ctx = Crypt::OpenSSL::Bignum::CTX->new(); my $x = Crypt::OpenSSL::Bignum->zero(); my $y = Crypt::OpenSSL::Bignum->one(); my $lastx = Crypt::OpenSSL::Bignum->one(); my $lasty = Crypt::OpenSSL::Bignum->zero(); + my $finalquotient; + my $finalremainder; + while (! $b->is_zero()) { my ($quotient, $remainder) = $a->div($b, $ctx); @@ -210,7 +216,12 @@ sub modular_multi_inverse { die "did this math wrong.\n"; } - return $lastx; + # let's make sure that we return a positive value because RFC 4880, + # section 3.2 only allows unsigned values: + + ($finalquotient, $finalremainder) = $lastx->add($origdivisor)->div($origdivisor, $ctx); + + return $finalremainder; } @@ -287,10 +298,12 @@ sub make_rsa_sec_key_body { # we're not using $a and $b, but we need them to get to $c. my ($n, $e, $d, $p, $q) = $key->get_key_parameters(); + my $c3 = modular_multi_inverse($p, $q); + my $secret_material = mpi_pack($d). mpi_pack($p). mpi_pack($q). - mpi_pack(modular_multi_inverse($p, $q)); + mpi_pack($c3); # according to Crypt::OpenSSL::RSA, the closest value we can get out # of get_key_parameters is 1/q mod p; but according to sec 5.5.3 of -- cgit v1.2.3 From b31b50dc6de2e7bf51ffbb37a8246ddb9739b89b Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 4 Feb 2009 01:38:53 -0500 Subject: pem2openpgp: when creating a signature, make sure that the public key material uses a 2-octet packet length. --- src/keytrans/pem2openpgp | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) (limited to 'src/keytrans/pem2openpgp') diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp index 7abe52c..e905644 100755 --- a/src/keytrans/pem2openpgp +++ b/src/keytrans/pem2openpgp @@ -38,6 +38,11 @@ my $uid = shift; # hostname_long() from Sys::Hostname::Long ? +my $old_format_packet_lengths = { one => 0, + two => 1, + four => 2, + indeterminate => 3, +}; # see RFC 4880 section 9.1 (ignoring deprecated algorithms for now) my $asym_algos = { rsa => 1, @@ -232,26 +237,37 @@ sub modular_multi_inverse { sub make_packet { my $type = shift; my $body = shift; + my $options = shift; my $len = length($body); + my $pseudolen = $len; + + # if the caller wants to use at least N octets of packet length, + # pretend that we're using that many. + if (defined $options && defined $options->{'packet_length'}) { + $pseudolen = 2**($options->{'packet_length'} * 8) - 1; + } + if ($pseudolen < $len) { + $pseudolen = $len; + } my $lenbytes; my $lencode; - if ($len < 2**8) { - $lenbytes = 0; + if ($pseudolen < 2**8) { + $lenbytes = $old_format_packet_lengths->{one}; $lencode = 'C'; - } elsif ($len < 2**16) { - $lenbytes = 1; + } elsif ($pseudolen < 2**16) { + $lenbytes = $old_format_packet_lengths->{two}; $lencode = 'n'; - } elsif ($len < 2**31) { + } elsif ($pseudolen < 2**31) { ## not testing against full 32 bits because i don't want to deal ## with potential overflow. - $lenbytes = 2; + $lenbytes = $old_format_packet_lengths->{four}; $lencode = 'N'; } else { ## what the hell do we do here? - $lenbytes = 3; + $lenbytes = $old_format_packet_lengths->{indeterminate}; $lencode = ''; } @@ -455,7 +471,10 @@ my $sig_data_to_be_hashed = my $pubkey = make_rsa_pub_key_body($rsa, $timestamp); my $seckey = make_rsa_sec_key_body($rsa, $timestamp); -my $key_data = make_packet($packet_types->{pubkey}, $pubkey); +# this is for signing. it needs to be an old-style header with a +# 2-packet octet count. + +my $key_data = make_packet($packet_types->{pubkey}, $pubkey, {'packet_length'=>2}); # take the last 8 bytes of the fingerprint as the keyid: my $keyid = substr(fingerprint($rsa, $timestamp), 20 - 8, 8); @@ -476,6 +495,8 @@ my $datatosign = $sig_data_to_be_hashed. $trailer; +print STDERR $datatosign; + my $data_hash = Digest::SHA1::sha1_hex($datatosign); -- cgit v1.2.3 From 8bdeded365a07a48114ab80be6d6b51660cec005 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 4 Feb 2009 01:47:16 -0500 Subject: pem2openpgp: avoid dumping garbage to stderr --- src/keytrans/pem2openpgp | 3 --- 1 file changed, 3 deletions(-) (limited to 'src/keytrans/pem2openpgp') diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp index e905644..c765002 100755 --- a/src/keytrans/pem2openpgp +++ b/src/keytrans/pem2openpgp @@ -495,11 +495,8 @@ my $datatosign = $sig_data_to_be_hashed. $trailer; -print STDERR $datatosign; - my $data_hash = Digest::SHA1::sha1_hex($datatosign); - my $issuer_packet = pack('CCa8', 9, $subpacket_types->{issuer}, $keyid); my $sig = Crypt::OpenSSL::Bignum->new_from_bin($rsa->sign($datatosign)); -- cgit v1.2.3