X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fkeytrans;h=3e6bdf6ba95ed8560e908e2ade313f03efb3090d;hb=028617f7160596fabfc5f9123a4cc9a6445aaa59;hp=e6777ffd4a35805d96cbd55ead27042cdbecd1f4;hpb=5df09d935f33477cdd9763c0e9c1ba7c8073aea0;p=monkeysphere.git diff --git a/src/share/keytrans b/src/share/keytrans index e6777ff..3e6bdf6 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w -T +#!/usr/bin/perl -T # keytrans: this is an RSA key translation utility; it is capable of # transforming RSA keys (both public keys and secret keys) between @@ -54,7 +54,7 @@ use File::Basename; use Crypt::OpenSSL::RSA; use Crypt::OpenSSL::Bignum; use Crypt::OpenSSL::Bignum::CTX; -use Digest::SHA1; +use Digest::SHA; use MIME::Base64; use POSIX; @@ -368,12 +368,12 @@ sub read_mpi { # FIXME: genericize these to accept either RSA or DSA keys: sub make_rsa_pub_key_body { my $key = shift; - my $timestamp = shift; + my $key_timestamp = shift; my ($n, $e) = $key->get_key_parameters(); return - pack('CN', 4, $timestamp). + pack('CN', 4, $key_timestamp). pack('C', $asym_algos->{rsa}). mpi_pack($n). mpi_pack($e); @@ -381,7 +381,7 @@ sub make_rsa_pub_key_body { sub make_rsa_sec_key_body { my $key = shift; - my $timestamp = shift; + my $key_timestamp = shift; # we're not using $a and $b, but we need them to get to $c. my ($n, $e, $d, $p, $q) = $key->get_key_parameters(); @@ -400,7 +400,7 @@ sub make_rsa_sec_key_body { # with modular_multi_inverse. return - pack('CN', 4, $timestamp). + pack('CN', 4, $key_timestamp). pack('C', $asym_algos->{rsa}). mpi_pack($n). mpi_pack($e). @@ -412,11 +412,11 @@ sub make_rsa_sec_key_body { # expects an RSA key (public or private) and a timestamp sub fingerprint { my $key = shift; - my $timestamp = shift; + my $key_timestamp = shift; - my $rsabody = make_rsa_pub_key_body($key, $timestamp); + my $rsabody = make_rsa_pub_key_body($key, $key_timestamp); - return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody); + return Digest::SHA::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody); } @@ -426,7 +426,7 @@ sub pem2openpgp { my $uid = shift; my $args = shift; - $rsa->use_sha1_hash(); + $rsa->use_sha256_hash(); # see page 22 of RFC 4880 for why i think this is the right padding # choice to use: @@ -436,30 +436,42 @@ sub pem2openpgp { die "key does not check"; } + # strong assertion of identity is the default (for a self-sig): + my $certtype = $sig_types->{positive_certification}; + if (defined $args->{certification_type}) { + $certtype = $args->{certification_type} + 0; + } + my $version = pack('C', 4); - # strong assertion of identity: - my $sigtype = pack('C', $sig_types->{positive_certification}); + my $sigtype = pack('C', $certtype); # RSA my $pubkey_algo = pack('C', $asym_algos->{rsa}); - # SHA1 - my $hash_algo = pack('C', $digests->{sha1}); + # SHA256 + my $hash_algo = pack('C', $digests->{sha256}); # FIXME: i'm worried about generating a bazillion new OpenPGP # certificates from the same key, which could easily happen if you run # this script more than once against the same key (because the # timestamps will differ). How can we prevent this? - # this environment variable (if set) overrides the current time, to - # be able to create a standard key? If we read the key from a file + # this argument (if set) overrides the current time, to + # be able to create a standard key. If we read the key from a file # instead of stdin, should we use the creation time on the file? - my $timestamp = 0; - if (defined $args->{timestamp}) { - $timestamp = ($args->{timestamp} + 0); + my $sig_timestamp = 0; + if (defined $args->{sig_timestamp}) { + $sig_timestamp = ($args->{sig_timestamp} + 0); } else { - $timestamp = time(); + $sig_timestamp = time(); + } + my $key_timestamp = $sig_timestamp; + if (defined $args->{key_timestamp}) { + $key_timestamp = ($args->{key_timestamp} + 0); + } + if ($key_timestamp > $sig_timestamp) { + die "key timestamp must not be later than signature timestamp"; } - my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $timestamp); + my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $sig_timestamp); my $flags = 0; @@ -497,11 +509,14 @@ sub pem2openpgp { $ciphers->{tripledes} ); - # prefer SHA-1, SHA-256, RIPE-MD/160 - my $pref_hash_algos = pack('CCCCC', 4, $subpacket_types->{preferred_digest}, - $digests->{sha1}, + # prefer SHA-512, SHA-384, SHA-256, SHA-224, RIPE-MD/160, SHA-1 + my $pref_hash_algos = pack('CCCCCCCC', 7, $subpacket_types->{preferred_digest}, + $digests->{sha512}, + $digests->{sha384}, $digests->{sha256}, - $digests->{ripemd160} + $digests->{sha224}, + $digests->{ripemd160}, + $digests->{sha1} ); # prefer ZLIB, BZip2, ZIP @@ -539,8 +554,8 @@ sub pem2openpgp { $subpacket_octets. $subpackets_to_be_hashed; - my $pubkey = make_rsa_pub_key_body($rsa, $timestamp); - my $seckey = make_rsa_sec_key_body($rsa, $timestamp); + my $pubkey = make_rsa_pub_key_body($rsa, $key_timestamp); + my $seckey = make_rsa_sec_key_body($rsa, $key_timestamp); # this is for signing. it needs to be an old-style header with a # 2-packet octet count. @@ -548,7 +563,7 @@ sub pem2openpgp { my $key_data = make_packet($packet_types->{pubkey}, $pubkey, {'packet_length'=>2}); # take the last 8 bytes of the fingerprint as the keyid: - my $keyid = substr(fingerprint($rsa, $timestamp), 20 - 8, 8); + my $keyid = substr(fingerprint($rsa, $key_timestamp), 20 - 8, 8); # the v4 signature trailer is: @@ -566,7 +581,7 @@ sub pem2openpgp { $sig_data_to_be_hashed. $trailer; - my $data_hash = Digest::SHA1::sha1_hex($datatosign); + my $data_hash = Digest::SHA::sha256_hex($datatosign); my $issuer_packet = pack('CCa8', 9, $subpacket_types->{issuer}, $keyid); @@ -612,6 +627,7 @@ sub openpgp2ssh { die "This is not an OpenPGP packet\n"; } if (0x40 & $packettag) { + # this is a new-format packet. $tag = (0x3f & $packettag); my $nextlen = 0; read($instr, $nextlen, 1); @@ -630,6 +646,7 @@ sub openpgp2ssh { # packet length is undefined. } } else { + # this is an old-format packet. my $lentype; $lentype = 0x03 & $packettag; $tag = ( 0x3c & $packettag ) >> 2; @@ -666,10 +683,10 @@ sub openpgp2ssh { read($instr, $dummy, $packetlen - $readbytes) or die "Could not skip past this packet.\n"; } else { - my $timestamp; - read($instr, $timestamp, 4) or die "could not read key timestamp.\n"; + my $key_timestamp; + read($instr, $key_timestamp, 4) or die "could not read key timestamp.\n"; $readbytes += 4; - $timestamp = unpack('N', $timestamp); + $key_timestamp = unpack('N', $key_timestamp); my $algo; read($instr, $algo, 1) or die "could not read key algorithm.\n"; @@ -684,9 +701,11 @@ sub openpgp2ssh { my $exponent = read_mpi($instr, \$readbytes); my $pubkey = Crypt::OpenSSL::RSA->new_key_from_parameters($modulus, $exponent); - my $foundfpr = fingerprint($pubkey, $timestamp); + my $foundfpr = fingerprint($pubkey, $key_timestamp); my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex(); + # left-pad with 0's to bring up to full 40-char (160-bit) fingerprint: + $foundfprstr = sprintf("%040s", $foundfprstr); # is this a match? if ((!defined($fpr)) || @@ -759,7 +778,6 @@ for (basename($0)) { # FIXME: fail if there is no given user ID; or should we default to # hostname_long() from Sys::Hostname::Long ? - if (defined $ENV{PEM2OPENPGP_NEWKEY}) { $rsa = Crypt::OpenSSL::RSA->generate_key($ENV{PEM2OPENPGP_NEWKEY}); } else { @@ -773,7 +791,8 @@ for (basename($0)) { print pem2openpgp($rsa, $uid, - { timestamp => $ENV{PEM2OPENPGP_TIMESTAMP}, + { sig_timestamp => $ENV{PEM2OPENPGP_TIMESTAMP}, + key_timestamp => $ENV{PEM2OPENPGP_KEY_TIMESTAMP}, expiration => $ENV{PEM2OPENPGP_EXPIRATION}, usage_flags => $ENV{PEM2OPENPGP_USAGE_FLAGS}, }