From 3f5960cf4ba2f938c677c27e3296e6feae2f56aa Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 10 Jan 2009 18:42:57 -0500 Subject: pem2openpgp: replace raw numbers with semantic labelling to make it more readable. --- src/keytrans/pem2openpgp | 61 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 42 insertions(+), 19 deletions(-) (limited to 'src/keytrans') diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp index 382e14f..637eba2 100755 --- a/src/keytrans/pem2openpgp +++ b/src/keytrans/pem2openpgp @@ -208,6 +208,7 @@ my $subpacket_types = { sig_creation_time => 2, issuer => 16, notation => 20, preferred_digest => 21, + preferred_compression => 22, keyserver_prefs => 23, preferred_keyserver => 24, primary_uid => 25, @@ -220,6 +221,14 @@ my $subpacket_types = { sig_creation_time => 2, embedded_signature => 32, }; +# bitstring (see RFC 4880 section 5.2.3.24) +my $features = { mdc => 0x01 + }; + +# bitstring (see RFC 4880 5.2.3.17) +my $keyserver_prefs = { nomodify => 0x80 + }; + # we're just not dealing with newline business right now. slurp in # the whole file. undef $/; @@ -240,11 +249,11 @@ if (! $rsa->check_key()) { my $version = pack('C', 4); # strong assertion of identity: -my $sigtype = pack('C', 0x13); +my $sigtype = pack('C', $sig_types->{positive_certification}); # RSA -my $pubkey_algo = pack('C', 1); +my $pubkey_algo = pack('C', $asym_algos->{rsa}); # SHA1 -my $hash_algo = pack('C', 2); +my $hash_algo = pack('C', $digests->{sha1}); # FIXME: i'm worried about generating a bazillion new OpenPGP # certificates from the same key, which could easily happen if you run @@ -254,36 +263,51 @@ my $hash_algo = pack('C', 2); # could an environment variable (if set) override the current time? my $timestamp = time(); -my $creation_time_packet = pack('CCN', 5, 2, $timestamp); +my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $timestamp); # FIXME: HARDCODED: what if someone wants to select a different set of # usage flags? For now, we do only authentication. -my $flags = $usage_flags->{authenticate}; -my $usage_packet = pack('CCC', 2, 27, $flags); +my $usage_packet = pack('CCC', 2, $subpacket_types->{usage_flags}, $usage_flags->{authenticate}); # FIXME: HARDCODED: how should we determine how far off to set the # expiration date? default is to expire in 2 days, which is insanely # short (but good for testing). my $expires_in = 86400*2; -my $expiration_packet = pack('CCN', 5, 9, $expires_in); +my $expiration_packet = pack('CCN', 5, $subpacket_types->{key_expiration_time}, $expires_in); # prefer AES-256, AES-192, AES-128, CAST5, 3DES: -my $pref_sym_algos = pack('CCCCCCC', 6, 11, 9, 8, 7, 3, 2); +my $pref_sym_algos = pack('CCCCCCC', 6, $subpacket_types->{preferred_cipher}, + $ciphers->{aes256}, + $ciphers->{aes192}, + $ciphers->{aes128}, + $ciphers->{cast5}, + $ciphers->{tripledes} + ); # prefer SHA-1, SHA-256, RIPE-MD/160 -my $pref_hash_algos = pack('CCCCC', 4, 21, 2, 8, 3); +my $pref_hash_algos = pack('CCCCC', 4, $subpacket_types->{preferred_digest}, + $digests->{sha1}, + $digests->{sha256}, + $digests->{ripemd160} + ); # prefer ZLIB, BZip2, ZIP -my $pref_zip_algos = pack('CCCCC', 4, 22, 2, 3, 1); +my $pref_zip_algos = pack('CCCCC', 4, $subpacket_types->{preferred_compression}, + $zips->{zlib}, + $zips->{bzip2}, + $zips->{zip} + ); # we support the MDC feature: -my $features = pack('CCC', 2, 30, 1); +my $feature_subpacket = pack('CCC', 2, $subpacket_types->{features}, + $features->{mdc}); # keyserver preference: only owner modify (???): -my $keyserver_pref = pack('CCC', 2, 23, 0x80); +my $keyserver_pref = pack('CCC', 2, $subpacket_types->{keyserver_prefs}, + $keyserver_prefs->{nomodify}); my $subpackets_to_be_hashed = $creation_time_packet. @@ -292,7 +316,7 @@ my $subpackets_to_be_hashed = $pref_sym_algos. $pref_hash_algos. $pref_zip_algos. - $features. + $feature_subpacket. $keyserver_pref; my $subpacket_octets = pack('n', length($subpackets_to_be_hashed)); @@ -307,8 +331,7 @@ my $sig_data_to_be_hashed = my $pubkey = make_rsa_pub_key_body($rsa, $timestamp); -#open(KEYFILE, "{pubkey}, $pubkey); # take the last 8 bytes of the fingerprint as the keyid: my $keyid = substr(fingerprint($rsa, $timestamp), 20 - 8, 8); @@ -332,7 +355,7 @@ my $datatosign = my $data_hash = Digest::SHA1::sha1_hex($datatosign); -my $issuer_packet = pack('CCa8', 9, 16, $keyid); +my $issuer_packet = pack('CCa8', 9, $subpacket_types->{issuer}, $keyid); my $sig = Crypt::OpenSSL::Bignum->new_from_bin($rsa->sign($datatosign)); @@ -344,8 +367,8 @@ my $sig_body = mpi_pack($sig); print - make_packet(6, $pubkey). - make_packet(13, $uid). - make_packet(2, $sig_body); + make_packet($packet_types->{pubkey}, $pubkey). + make_packet($packet_types->{uid}, $uid). + make_packet($packet_types->{sig}, $sig_body); -- cgit v1.2.3