Browse Source

No more hard coding

No more hard coded CAST or SHA1... mainly needed because z/OS can't
do CAST5
master
David Lanzendörfer 11 months ago
parent
commit
482a812aa1
6 changed files with 30 additions and 49 deletions
  1. +3
    -17
      src/create.c
  2. +0
    -4
      src/packet-parse.c
  3. +9
    -6
      src/signature.c
  4. +0
    -1
      src/symmetric.c
  5. +17
    -14
      src/symmetric_gskssl.c
  6. +1
    -7
      src/writer.c

+ 3
- 17
src/create.c View File

@ -87,10 +87,6 @@ __RCSID("$NetBSD$");
#include <unistd.h>
#endif
#ifdef HAVE_OPENSSL_CAST_H
#include <openssl/cast.h>
#endif
#include <netpgp/create.h>
#include <netpgp/keyring.h>
#include <netpgp/packet.h>
@ -348,7 +344,7 @@ write_seckey_body(const pgp_seckey_t *key, pgp_output_t *output)
pgp_hash_t hash;
unsigned done = 0;
unsigned i = 0;
uint8_t sesskey[CAST_KEY_LENGTH];
uint8_t *sesskey;
memset(&hash, 0, sizeof(pgp_hash_t));
if (!write_pubkey_body(&key->pubkey, output)) {
@ -445,13 +441,6 @@ write_seckey_body(const pgp_seckey_t *key, pgp_output_t *output)
/* preload if iterating */
for (j = 0; j < i; j++) {
/*
* Coverity shows a DEADCODE error on this
* line. This is expected since the hardcoded
* use of SHA1 and CAST5 means that it will
* not used. This will change however when
* other algorithms are supported.
*/
hash.add(&hash, &zero, 1);
}
@ -465,8 +454,7 @@ write_seckey_body(const pgp_seckey_t *key, pgp_output_t *output)
* if more in hash than is needed by session key, use
* the leftmost octets
*/
(void) memcpy(&sesskey[i * hashsize],
hashed, (unsigned)size);
(void) memcpy(&sesskey[i*hashsize], hashed, (unsigned)size);
done += (unsigned)size;
free(hashed);
if (done > pgp_key_size(key->alg) ) {
@ -1067,8 +1055,6 @@ encode_m_buf(const uint8_t *M, size_t mLen, const pgp_pubkey_t * pubkey,
\param key Keydata to use
\return pgp_pk_sesskey_t struct
\note It is the caller's responsiblity to free the returned pointer
\note Currently hard-coded to use CAST5
\note Currently hard-coded to use RSA
*/
pgp_pk_sesskey_t *
pgp_create_pk_sesskey(pgp_key_t *key, const char *ciphername, pgp_pk_sesskey_t *initial_sesskey)
@ -1092,7 +1078,7 @@ pgp_create_pk_sesskey(pgp_key_t *key, const char *ciphername, pgp_pk_sesskey_t *
pubkey = pgp_key_get_enckey(key, &id);
(void) memset(&cipherinfo, 0x0, sizeof(pgp_crypt_t));
pgp_crypt_any(&cipherinfo, cipher = pgp_str_to_cipher((ciphername) ? ciphername : "cast5"));
pgp_crypt_any(&cipherinfo, cipher = pgp_str_to_cipher((ciphername) ? ciphername : "aes128"));
unencoded_m_buf = calloc(1, cipherinfo.keysize + 1 + 2);
if (unencoded_m_buf == NULL) {
(void) fprintf(stderr,


+ 0
- 4
src/packet-parse.c View File

@ -76,10 +76,6 @@ __RCSID("$NetBSD$");
#include <sys/param.h>
#endif
#ifdef HAVE_OPENSSL_CAST_H
#include <openssl/cast.h>
#endif
#ifdef HAVE_GSKSSL
#include <gskcms.h>
#endif


+ 9
- 6
src/signature.c View File

@ -953,15 +953,17 @@ pgp_add_key_prefs(pgp_create_sig_t *sig)
{
/* Mimic of GPG default settings, limited to supported algos */
/* z/OS neither has CAST/IDEA OR bzip2 */
return
/* Symmetric algo prefs */
pgp_write_ss_header(sig->output, 6, PGP_PTAG_SS_PREFERRED_SKA) &&
//pgp_write_ss_header(sig->output, 6, PGP_PTAG_SS_PREFERRED_SKA) &&
pgp_write_ss_header(sig->output, 4, PGP_PTAG_SS_PREFERRED_SKA) &&
pgp_write_scalar(sig->output, PGP_SA_AES_256, 1) &&
pgp_write_scalar(sig->output, PGP_SA_AES_128, 1) &&
pgp_write_scalar(sig->output, PGP_SA_CAST5, 1) &&
pgp_write_scalar(sig->output, PGP_SA_TRIPLEDES, 1) &&
pgp_write_scalar(sig->output, PGP_SA_IDEA, 1) &&
//pgp_write_scalar(sig->output, PGP_SA_CAST5, 1) &&
//pgp_write_scalar(sig->output, PGP_SA_IDEA, 1) &&
/* Hash algo prefs */
pgp_write_ss_header(sig->output, 6, PGP_PTAG_SS_PREFERRED_HASH) &&
@ -972,9 +974,10 @@ pgp_add_key_prefs(pgp_create_sig_t *sig)
pgp_write_scalar(sig->output, PGP_HASH_SHA224, 1) &&
/* Compression algo prefs */
pgp_write_ss_header(sig->output, 3, PGP_PTAG_SS_PREF_COMPRESS) &&
pgp_write_scalar(sig->output, PGP_C_ZLIB, 1) &&
pgp_write_scalar(sig->output, PGP_C_BZIP2, 1);
//pgp_write_ss_header(sig->output, 3, PGP_PTAG_SS_PREF_COMPRESS) &&
pgp_write_ss_header(sig->output, 2, PGP_PTAG_SS_PREF_COMPRESS) &&
pgp_write_scalar(sig->output, PGP_C_ZLIB, 1); /* &&
pgp_write_scalar(sig->output, PGP_C_BZIP2, 1);*/
}
unsigned


+ 0
- 1
src/symmetric.c View File

@ -27,7 +27,6 @@ std_set_iv(pgp_crypt_t *crypt, const uint8_t *iv)
void
std_set_key(pgp_crypt_t *crypt, const uint8_t *key)
{
hexdump(stdout, "std_set_key", key, crypt->keysize);
(void) memcpy(crypt->key, key, crypt->keysize);
}


+ 17
- 14
src/symmetric_gskssl.c View File

@ -114,23 +114,21 @@ cryptoki_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
hexdump(stdout, "cryptoki_block_encrypt input", in, crypt->blocksize);
rv = funcs->C_Encrypt( *crypt->session, in, crypt->blocksize, out, &len );
rv = funcs->C_EncryptUpdate( *crypt->session, in, crypt->blocksize, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
}
hexdump(stdout, "cryptoki_block_encrypt output", out, len);
}
static void
cryptoki_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len;
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
rv = funcs->C_Encrypt( *crypt->session, (CK_BYTE_PTR)in, crypt->num, out, &len );
rv = funcs->C_EncryptUpdate( *crypt->session, in, crypt->blocksize, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_EncryptUpdate: rv = 0x%.8lX\n", rv);
}
}
@ -138,25 +136,23 @@ static void
cryptoki_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len;
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
hexdump(stdout, "cryptoki_cfb_encrypt input", in, crypt->blocksize);
rv = funcs->C_Encrypt( *crypt->session, (CK_BYTE_PTR)in, count, out, &len );
rv = funcs->C_EncryptUpdate( *crypt->session, in, crypt->blocksize, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_EncryptUpdate: rv = 0x%.8lX\n", rv);
}
hexdump(stdout, "cryptoki_cfb_encrypt output", out, len);
}
static void
cryptoki_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len;
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
rv = funcs->C_Encrypt( *crypt->session, (CK_BYTE_PTR)in, count, out, &len );
rv = funcs->C_EncryptUpdate( *crypt->session, in, crypt->blocksize, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_EncryptUpdate: rv = 0x%.8lX\n", rv);
}
}
@ -164,6 +160,13 @@ static void
cryptoki_finish(pgp_crypt_t *crypt)
{
CK_RV rv = CKR_OK;
CK_BYTE lastEncryptedPart;
CK_ULONG lastEncryptedPartLen;
rv = funcs->C_EncryptFinal( *crypt->session, &lastEncryptedPart, &lastEncryptedPartLen );
if( rv != CKR_OK) {
fprintf(stderr, "C_EncryptFinal: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_CloseSession( *crypt->session );
if( rv != CKR_OK) {


+ 1
- 7
src/writer.c View File

@ -70,10 +70,6 @@ __RCSID("$NetBSD$");
#include <unistd.h>
#endif
#ifdef HAVE_OPENSSL_CAST_H
#include <openssl/cast.h>
#endif
#include <netpgp/create.h>
#include <netpgp/writer.h>
#include <netpgp/keyring.h>
@ -1136,9 +1132,7 @@ encrypt_se_ip_writer(const uint8_t *src,
pgp_writez(zoutput, zsrc, zsrclen);
/* create SE IP packet set from this compressed literal data */
pgp_write_se_ip_pktset(output, pgp_mem_data(zmem),
(unsigned)pgp_mem_len(zmem),
se_ip->crypt);
pgp_write_se_ip_pktset(output, pgp_mem_data(zmem), (unsigned)pgp_mem_len(zmem), se_ip->crypt);
if (pgp_mem_len(localmem) <= pgp_mem_len(zmem)) {
(void) fprintf(stderr, "encrypt_se_ip_writer: bad comp len\n");
return 0;


Loading…
Cancel
Save