From 10d80ee8da6c67ecbb42f54778fc1b2b4036d32f Mon Sep 17 00:00:00 2001 From: "Angelos D. Keromytis" Date: Wed, 3 Nov 1999 19:52:23 +0000 Subject: Handle multiple assertions per file in signature verification, better detection of malformed credentials, update manpages, sync with release. --- lib/libkeynote/README | 4 +-- lib/libkeynote/keynote-sigver.c | 78 +++++++++++++++++++++++++--------------- lib/libkeynote/keynote.1 | 6 ++-- lib/libkeynote/keynote.3 | 9 +++-- lib/libkeynote/parse_assertion.c | 23 ++++++++++-- 5 files changed, 81 insertions(+), 39 deletions(-) diff --git a/lib/libkeynote/README b/lib/libkeynote/README index 605599904d4..9fca97dda7b 100644 --- a/lib/libkeynote/README +++ b/lib/libkeynote/README @@ -1,6 +1,6 @@ -# $OpenBSD: README,v 1.6 1999/10/26 22:31:37 angelos Exp $ +# $OpenBSD: README,v 1.7 1999/11/03 19:52:21 angelos Exp $ -This is release 2.1 of the KeyNote trust management library reference +This is release 2.2 of the KeyNote trust management library reference implementation (in case you are wondering, there was never an official 1.0 release). diff --git a/lib/libkeynote/keynote-sigver.c b/lib/libkeynote/keynote-sigver.c index 3a3e68cec7b..81332a4ff10 100644 --- a/lib/libkeynote/keynote-sigver.c +++ b/lib/libkeynote/keynote-sigver.c @@ -1,4 +1,4 @@ -/* $OpenBSD: keynote-sigver.c,v 1.8 1999/10/26 22:31:38 angelos Exp $ */ +/* $OpenBSD: keynote-sigver.c,v 1.9 1999/11/03 19:52:22 angelos Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) * @@ -56,9 +56,9 @@ sigverusage(void) void keynote_sigver(int argc, char *argv[]) { + char *buf, **assertlist; + int fd, i, n, j; struct stat sb; - int fd, i; - char *buf; if (argc != 2) { @@ -101,41 +101,61 @@ keynote_sigver(int argc, char *argv[]) close(fd); - i = kn_verify_assertion(buf, sb.st_size); - if (i == -1) + assertlist = kn_read_asserts(buf, sb.st_size, &n); + if ((assertlist == NULL) || (n == 0)) { - switch (keynote_errno) - { - case ERROR_MEMORY: - fprintf(stderr, - "Out of memory while parsing the assertion.\n"); - break; - - case ERROR_SYNTAX: - fprintf(stderr, - "Syntax error while parsing the assertion.\n"); - break; - - default: - fprintf(stderr, - "Unknown error while parsing the assertion.\n"); - } - + if (keynote_errno == ERROR_MEMORY) + fprintf(stderr, "Out of memory while allocating memory for " + "assertions.\n"); + else + fprintf(stderr, "No assertions found.\n"); exit(-1); } free(buf); - if (i == SIGRESULT_TRUE) - fprintf(stdout, "Signature verified.\n"); - else + for (j = 0; j < n; j++) { - if (keynote_errno != 0) - fprintf(stdout, "Signature could not be verified " - "(keynote_errno = %d).\n", keynote_errno); + i = kn_verify_assertion(assertlist[j], strlen(assertlist[j])); + if (i == -1) + { + switch (keynote_errno) + { + case ERROR_MEMORY: + fprintf(stderr, + "Out of memory while parsing assertion %d.\n", j); + break; + + case ERROR_SYNTAX: + fprintf(stderr, + "Syntax error while parsing assertion %d.\n", j); + break; + + default: + fprintf(stderr, + "Unknown error while parsing assertion %d.\n", j); + } + } else - fprintf(stdout, "Signature did not verify!\n"); + { + if (i == SIGRESULT_TRUE) + fprintf(stdout, "Signature on assertion %d verified.\n", j); + else + { + if (keynote_errno != 0) + fprintf(stdout, + "Signature on assertion %d could not be verified " + "(keynote_errno = %d).\n", j, keynote_errno); + else + fprintf(stdout, + "Signature on assertion %d did not verify!\n", j); + } + } + + free(assertlist[j]); } + free(assertlist); + exit(0); } diff --git a/lib/libkeynote/keynote.1 b/lib/libkeynote/keynote.1 index b56cc655de2..a3f9c62546b 100644 --- a/lib/libkeynote/keynote.1 +++ b/lib/libkeynote/keynote.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: keynote.1,v 1.12 1999/11/03 03:17:58 angelos Exp $ +.\" $OpenBSD: keynote.1,v 1.13 1999/11/03 19:52:22 angelos Exp $ .\" .\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) .\" @@ -180,9 +180,9 @@ the end of each line, and the doublequotes at the beginning and end of the signature encoding. Default values are 12 and 50 respectively. .Pp .Sh SIGNATURE VERIFICATION -"keynote sigver" reads the assertion contained in +"keynote sigver" reads the assertions contained in .Fa AssertionFile -and verifies the public-key signature on it. +and verifies the public-key signatures on all of them. .Pp .Sh QUERY TOOL For each operand that names a diff --git a/lib/libkeynote/keynote.3 b/lib/libkeynote/keynote.3 index f1fce699133..ee405941922 100644 --- a/lib/libkeynote/keynote.3 +++ b/lib/libkeynote/keynote.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: keynote.3,v 1.16 1999/10/11 04:39:00 angelos Exp $ +.\" $OpenBSD: keynote.3,v 1.17 1999/11/03 19:52:22 angelos Exp $ .\" .\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) .\" @@ -443,8 +443,13 @@ parses the string .Fa array of length .Fa arraylen -and returns an array of strings containing the assertions found in +and returns an array of pointers to strings containing copies of +the assertions found in .Fa array . +Both the array of pointers and the strings are allocated by +.Fn kn_read_asserts +dynamically, and thus should be freed by the programmer when they are +no longer needed. .Fa numassertions contains the number of assertions (and thus strings in the returned array) found in diff --git a/lib/libkeynote/parse_assertion.c b/lib/libkeynote/parse_assertion.c index 13ec503ee59..03110545e22 100644 --- a/lib/libkeynote/parse_assertion.c +++ b/lib/libkeynote/parse_assertion.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parse_assertion.c,v 1.6 1999/10/26 22:31:38 angelos Exp $ */ +/* $OpenBSD: parse_assertion.c,v 1.7 1999/11/03 19:52:22 angelos Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) * @@ -376,7 +376,7 @@ whichkeyword(char *start, char *end) struct assertion * keynote_parse_assertion(char *buf, int len, int assertion_flags) { - int i, j, seen_field = 0, ver = 0, end_of_assertion = 0; + int k, i, j, seen_field = 0, ver = 0, end_of_assertion = 0; char *ks, *ke, *ts, *te = (char *) NULL; struct assertion *as; @@ -596,7 +596,24 @@ keynote_parse_assertion(char *buf, int len, int assertion_flags) seen_field = 1; if (end_of_assertion == 1) - break; + { + /* End of buffer, good termination */ + if ((te == as->as_buf + len) || (te + 1 == as->as_buf + len) || + (*(te) == '\0') || (*(te + 1) == '\0')) + break; + + /* Check whether there's something else following */ + for (k = 1; te + k < as->as_buf + len && *(te + k) != '\n'; k++) + if (!isspace(*(te + k))) + { + printf("here %c\n", *(te + k)); + keynote_free_assertion(as); + keynote_errno = ERROR_SYNTAX; + return (struct assertion *) NULL; + } + + break; /* Assertion is "properly" terminated */ + } } /* Check that the basic fields are there */ -- cgit v1.2.3