leviathan
/
netpgp-et
forked from pEp.foundation/netpgp-et
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

z/OS support: Support symmetric algorithms 

* Neither CAST5 nor IDEA are supported by z/OS
* Initial version of at least AES support
master
David Lanzendörfer 11 months ago
parent
cbdad44d87
commit
6a4243cb2f
16 changed files with 252 additions and 247 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +6
    -2
      include/netpgp/crypto.h
  2. +7
    -0
      include/netpgp/gskssl_glue.h
  3. +0
    -1
      include/netpgp/symmetric.h
  4. +10
    -4
      src/Makefile.am
  5. +11
    -13
      src/create.c
  6. +3
    -2
      src/crypto.c
  7. +0
    -22
      src/gskssl_glue.h
  8. +3
    -34
      src/main.c
  9. +7
    -2
      src/misc.c
  10. +11
    -0
      src/netpgp.c
  11. +3
    -0
      src/packet-parse.c
  12. +2
    -5
      src/reader.c
  13. +4
    -20
      src/symmetric.c
  14. +170
    -140
      src/symmetric_gskssl.c
  15. +13
    -0
      src/symmetric_openssl.c
  16. +2
    -2
      src/writer.c

+ 6
- 2
include/netpgp/crypto.h View File

@ -106,12 +106,16 @@ struct pgp_crypt_t {
uint8_t iv[PGP_MAX_BLOCK_SIZE];
uint8_t civ[PGP_MAX_BLOCK_SIZE];
uint8_t siv[PGP_MAX_BLOCK_SIZE];
/* siv is needed for weird v3 resync */
/* siv is needed for weird v3 resync */
uint8_t key[PGP_MAX_KEY_SIZE];
int num;
/* num is offset - see openssl _encrypt doco */
#if defined(HAVE_OPENSSL)
/* num is offset - see openssl _encrypt doco */
void *encrypt_key;
void *decrypt_key;
#elif defined(HAVE_GSKSSL)
CK_SESSION_HANDLE *session;
#endif
};
typedef struct pgp_validation_t {


+ 7
- 0
include/netpgp/gskssl_glue.h View File

@ -1,6 +1,9 @@
#ifndef _GSKSSL_GLUE_H
#define _GSKSSL_GLUE_H
#include <stdio.h>
#include <stdlib.h>
#include <csnpdefs.h>
#include <gskcms.h>
#include <csfbext.h>
@ -13,9 +16,13 @@
#define SHA384_DIGEST_LENGTH 48
#define MD5_DIGEST_LENGTH 16
#define AES_BLOCK_SIZE 16
#define CAMELLIA_BLOCK_SIZE 16
#define CAST_BLOCK 8
#define IDEA_BLOCK 8
#define IDEA_KEY_LENGTH 16
CK_FUNCTION_LIST *funcs;
CK_RV getSession(CK_SESSION_HANDLE *session);
CK_RV getFunctionList(void);


+ 0
- 1
include/netpgp/symmetric.h View File

@ -6,7 +6,6 @@ const pgp_crypt_t *get_proto(pgp_symm_alg_t alg);
void std_set_iv(pgp_crypt_t *crypt, const uint8_t *iv);
void std_set_key(pgp_crypt_t *crypt, const uint8_t *key);
void std_resync(pgp_crypt_t *decrypt);
void std_finish(pgp_crypt_t *crypt);
#endif

+ 10
- 4
src/Makefile.am View File

@ -19,9 +19,12 @@ libnetpgp_la_SOURCES = \
packet-show.c \
reader.c \
signature.c \
symmetric.c \
symmetric_openssl.c \
symmetric_gskssl.c \
validate.c \
writer.c
writer.c \
gskssl_glue.c \
symmetric.c
bin_PROGRAMS = netpgp
netpgp_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include -D_GNU_SOURCE
@ -44,7 +47,10 @@ netpgp_SOURCES = \
packet-show.c \
reader.c \
signature.c \
symmetric.c \
symmetric_openssl.c \
symmetric_gskssl.c \
validate.c \
writer.c
writer.c \
gskssl_glue.c \
symmetric.c

+ 11
- 13
src/create.c View File

@ -583,8 +583,6 @@ pgp_write_struct_pubkey(pgp_output_t *output, const pgp_pubkey_t *key)
unsigned
pgp_write_struct_crypted_seckey_ptag(const pgp_seckey_t *key, pgp_output_t *output, pgp_content_enum ptag)
{
int length = 0;
if (key->pubkey.version != 4) {
(void) fprintf(stderr, "pgp_write_struct_seckey: public key version\n");
return 0;
@ -736,12 +734,12 @@ pgp_write_xfer_key(pgp_output_t *output,
\param output Output stream
*/
void
int
pgp_write_xfer_seckey(pgp_output_t *output,
const pgp_key_t *key,
const unsigned armoured)
{
unsigned /*i,*/ j;
//unsigned /*i,*/ j;
if (armoured) {
pgp_writer_push_armoured(output, PGP_PGP_PUBLIC_KEY_BLOCK);
@ -953,6 +951,7 @@ pgp_calc_sesskey_checksum(pgp_pk_sesskey_t *sesskey, uint8_t cs[2])
unsigned i;
if (!pgp_is_sa_supported(sesskey->symm_alg)) {
printf("SA (%d) not supported!\n", sesskey->symm_alg);
return 0;
}
@ -1003,8 +1002,8 @@ unsigned
encode_m_buf(const uint8_t *M, size_t mLen, const pgp_pubkey_t * pubkey,
uint8_t *EM)
{
unsigned k;
unsigned i;
unsigned k = 0;
unsigned i = 0;
/* implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC */
switch (pubkey->alg) {
@ -1085,14 +1084,14 @@ pgp_create_pk_sesskey(pgp_key_t *key, const char *ciphername, pgp_pk_sesskey_t *
pgp_symm_alg_t cipher;
const uint8_t *id;
pgp_crypt_t cipherinfo;
uint8_t *unencoded_m_buf;
uint8_t *encoded_m_buf;
size_t sz_encoded_m_buf;
uint8_t *unencoded_m_buf = NULL;
uint8_t *encoded_m_buf = NULL;
size_t sz_encoded_m_buf = 0;
memset(&cipherinfo, 0, sizeof(pgp_crypt_t));
pubkey = pgp_key_get_enckey(key, &id);
/* allocate unencoded_m_buf here */
(void) memset(&cipherinfo, 0x0, sizeof(cipherinfo));
(void) memset(&cipherinfo, 0x0, sizeof(pgp_crypt_t));
pgp_crypt_any(&cipherinfo, cipher = pgp_str_to_cipher((ciphername) ? ciphername : "cast5"));
unencoded_m_buf = calloc(1, cipherinfo.keysize + 1 + 2);
if (unencoded_m_buf == NULL) {
@ -1181,8 +1180,7 @@ pgp_create_pk_sesskey(pgp_key_t *key, const char *ciphername, pgp_pk_sesskey_t *
}
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "sesskey created", sesskey->key,
cipherinfo.keysize + 1 + 2);
hexdump(stderr, "sesskey created", sesskey->key, cipherinfo.keysize + 1 + 2);
}
if (create_unencoded_m_buf(sesskey, &cipherinfo, &unencoded_m_buf[0]) == 0) {
free(unencoded_m_buf);


+ 3
- 2
src/crypto.c View File

@ -254,8 +254,9 @@ pgp_rsa_encrypt_mpi(const uint8_t *encoded_m_buf,
#if defined(HAVE_OPENSSL_BN_H)
skp->rsa.encrypted_m = BN_bin2bn(encmpibuf, n, NULL);
#elif defined(HAVE_GSKSSL)
skp->rsa.encrypted_m->data=malloc(n);
skp->rsa.encrypted_m->length=n;
skp->rsa.encrypted_m = malloc(sizeof(gsk_buffer));
skp->rsa.encrypted_m->data = malloc(n);
skp->rsa.encrypted_m->length = n;
memcpy(skp->rsa.encrypted_m->data, encmpibuf, n);
#endif


+ 0
- 22
src/gskssl_glue.h View File

@ -1,22 +0,0 @@
#ifndef _GSKSSL_GLUE_H
#define _GSKSSL_GLUE_H
#include <csnpdefs.h>
#include <gskcms.h>
#include <csfbext.h>
#include <dlfcn.h>
#define CAST_KEY_LENGTH 16
#define SHA_DIGEST_LENGTH 20
#define SHA224_DIGEST_LENGTH 28
#define MAXPATHLEN _POSIX_PATH_MAX
#define SHA384_DIGEST_LENGTH 48
#define MD5_DIGEST_LENGTH 16
#define AES_BLOCK_SIZE 16
#define CAST_BLOCK 8
CK_FUNCTION_LIST *funcs;
CK_RV getSession(CK_SESSION_HANDLE *session);
CK_RV getFunctionList(void);
#endif

+ 3
- 34
src/main.c View File

@ -233,7 +233,6 @@ size_t
file_to_mem(netpgp_t *netpgp, char *filename, char **out)
{
size_t size;
int n;
FILE *fp;
if(!filename) return 0;
@ -254,30 +253,6 @@ file_to_mem(netpgp_t *netpgp, char *filename, char **out)
return size;
}
/* output the text to stdout */
static int
show_output(char *out, size_t size, const char *header)
{
int cc;
int n;
if (size <= 0) {
(void) fprintf(stderr, "%s\n", header);
return 0;
}
for (cc = 0 ; cc < size ; cc += n) {
if ((n = write(STDOUT_FILENO, &out[cc], size - cc)) <= 0) {
break;
}
}
if (cc < size) {
(void) fprintf(stderr, "Short write\n");
return 0;
}
return cc == size;
}
void
process_output(prog_t *p, uint8_t *out, size_t size)
{
@ -310,8 +285,6 @@ pgp_cb_ret_t ask_password(const pgp_packet_t *packet, pgp_cbdata_t *data)
int show_seckeys(netpgp_t *netpgp, prog_t *p)
{
pgp_key_t key;
pgp_uidsig_t uidsigp;
pgp_directsig_t directsig;
pgp_subkey_t subkey;
pgp_uidsig_t uidsig;
char *uid, *fpr;
@ -352,8 +325,6 @@ int show_keys(netpgp_t *netpgp, prog_t *p)
{
pgp_key_t key;
pgp_subkey_t subkey;
pgp_directsig_t directsig;
pgp_subkeysig_t subkeysig;
pgp_uidsig_t uidsig;
char *uid, *fpr;
int i,j;
@ -393,7 +364,7 @@ int pgp_generate_keypair(netpgp_t *netpgp, prog_t *p)
{
pgp_key_t *newseckey, *newpubkey;
char newid[1024];
const char *hashalg = NULL, *cipher = NULL, *username = "David Lanzendörfer", *address = "leviathan@libresilicon.com", *password = NULL;
const char *hashalg = NULL, *cipher = NULL, *username = "David Lanzendörfer", *address = "leviathan@libresilicon.com";
hashalg = netpgp_getvar(netpgp, "hash");
cipher = netpgp_getvar(netpgp, "cipher");
if(!cipher) {
@ -500,11 +471,9 @@ int
encrypt_data(netpgp_t *netpgp, prog_t *p, char *in, size_t size, int sign)
{
pgp_memory_t *mem;
char *cipher = NULL;
char *userid = NULL;
char *recipients = NULL;
char *to = NULL;
int i, ret;
pgp_io_t* io;
uint8_t keyid[PGP_KEY_ID_SIZE];
@ -514,7 +483,7 @@ encrypt_data(netpgp_t *netpgp, prog_t *p, char *in, size_t size, int sign)
pgp_key_t *key;
pgp_key_t *signer;
pgp_keyring_t *rcpts;
pgp_seckey_t *seckey;
pgp_seckey_t *seckey = NULL;
io = netpgp->io;
@ -571,7 +540,7 @@ encrypt_data(netpgp_t *netpgp, prog_t *p, char *in, size_t size, int sign)
if(sign) {
seckey = pgp_key_get_certkey(signer);
/* No signig key. Revoked ? */
if(seckey == NULL){
if( seckey == NULL ){
// PEP_GET_KEY_FAILED;
if (pgp_get_debug_level(__FILE__)) {
fprintf(stderr,"Seckey not found\n");


+ 7
- 2
src/misc.c View File

@ -747,8 +747,13 @@ pgp_random(void *dest, size_t length)
{
#if defined(HAVE_OPENSSL)
RAND_bytes(dest, (int)length);
#else
// TODO: Implement random bytes
#elif defined(HAVE_GSKSSL)
gsk_buffer buffer;
buffer.length = length;
buffer.data = malloc(length);
gsk_generate_random_bytes(&buffer);
memcpy(dest, buffer.data, buffer.length);
gsk_free_buffer(&buffer);
#endif
}


+ 11
- 0
src/netpgp.c View File

@ -26,6 +26,17 @@
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/*
** Check to see if this machine uses EBCDIC. (Yes, believe it or
** not, there are still machines out there that use EBCDIC.)
*/
#if 'A' == '\301'
# define NETPGP_EBCDIC 1
#else
# define NETPGP_ASCII 1
#endif
#include <netpgp/config.h>
#ifdef HAVE_SYS_CDEFS_H


+ 3
- 0
src/packet-parse.c View File

@ -690,6 +690,7 @@ limread_mpi(gsk_buffer **pbn, pgp_region_t *region, pgp_stream_t *stream)
if (!limread(buf, length, region, stream)) {
return 0;
}
#if 0
if (((unsigned)buf[0] >> nonzero) != 0 || !((unsigned)buf[0] & (1U << (nonzero - 1U)))) {
printf("MPI Format error");
PGP_ERROR_1(&stream->errors, PGP_E_P_MPI_FORMAT_ERROR, "%s", "MPI Format error");
@ -705,6 +706,8 @@ limread_mpi(gsk_buffer **pbn, pgp_region_t *region, pgp_stream_t *stream)
hexdump(stderr,"buf",buf,1);
return 0;
}
#endif
#if defined(HAVE_OPENSSL)
*pbn = BN_bin2bn(buf, (int)length, NULL);
#elif defined(HAVE_GSKSSL)


+ 2
- 5
src/reader.c View File

@ -154,11 +154,10 @@ __RCSID("$NetBSD$");
char A(char c)
{
char ret = c;
#if defined(NETPGP_EBCDIC)
__e2a_l(&ret,1);
__e2a_l(&c,1);
#endif
return ret;
return c;
}
/* get a pass phrase from the user */
@ -2033,7 +2032,6 @@ pgp_setup_file_read(
unsigned accumulate
)
{
struct stat st;
int fd;
fd = open(filename, MMAP_BIN_FLAGS, 0666);
if (fd < 0) {
@ -2164,7 +2162,6 @@ pgp_get_seckey_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
const pgp_key_t *keypair;
unsigned from;
pgp_io_t *io;
int i;
pgp_cryptinfo_t *cryptinfo = &cbinfo->cryptinfo;
key_id_t *key_id;


+ 4
- 20
src/symmetric.c View File

@ -17,20 +17,21 @@ __RCSID("$NetBSD$");
#include <netpgp/packet-show.h>
#include <netpgp/symmetric.h>
void
void
std_set_iv(pgp_crypt_t *crypt, const uint8_t *iv)
{
(void) memcpy(crypt->iv, iv, crypt->blocksize);
crypt->num = 0;
}
void
void
std_set_key(pgp_crypt_t *crypt, const uint8_t *key)
{
hexdump(stdout, "std_set_key", key, crypt->keysize);
(void) memcpy(crypt->key, key, crypt->keysize);
}
void
void
std_resync(pgp_crypt_t *decrypt)
{
if ((size_t) decrypt->num == decrypt->blocksize) {
@ -42,19 +43,6 @@ std_resync(pgp_crypt_t *decrypt)
decrypt->num = 0;
}
void
std_finish(pgp_crypt_t *crypt)
{
if (crypt->encrypt_key) {
free(crypt->encrypt_key);
crypt->encrypt_key = NULL;
}
if (crypt->decrypt_key) {
free(crypt->decrypt_key);
crypt->decrypt_key = NULL;
}
}
int
pgp_crypt_any(pgp_crypt_t *crypt, pgp_symm_alg_t alg)
{
@ -81,7 +69,6 @@ unsigned
pgp_key_size(pgp_symm_alg_t alg)
{
const pgp_crypt_t *p = get_proto(alg);
return (p == NULL) ? 0 : (unsigned)p->keysize;
}
@ -103,9 +90,6 @@ pgp_decrypt_init(pgp_crypt_t *decrypt)
decrypt->num = 0;
}
size_t
pgp_decrypt_se(pgp_crypt_t *decrypt, void *outvoid, const void *invoid,
size_t count)


+ 170
- 140
src/symmetric_gskssl.c View File

@ -70,38 +70,127 @@ __RCSID("$NetBSD$");
#define TRAILER "","","","",0,NULL,NULL
static void
cryptoki_init(pgp_crypt_t *crypt, CK_KEY_TYPE keyType, CK_MECHANISM *mechanism )
{
CK_RV rv = CKR_OK;
CK_OBJECT_HANDLE key;
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
CK_BBOOL true = TRUE, false = FALSE;
CK_UTF8CHAR label[] = "test";
CK_ULONG len = crypt->keysize;
CK_ATTRIBUTE template[] = {
{CKA_CLASS, &keyClass, sizeof(keyClass) },
{CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{CKA_LABEL, label, sizeof(label) },
{CKA_ENCRYPT, &true, sizeof(true) },
{CKA_VALUE, crypt->key, len }
};
crypt->session = malloc(sizeof(CK_SESSION_HANDLE));
memset(crypt->session, 0, sizeof(CK_SESSION_HANDLE));
rv = getSession( crypt->session );
if( rv != CKR_OK) {
fprintf(stderr, "getSession: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_CreateObject( *crypt->session, template, sizeof(template)/sizeof(CK_ATTRIBUTE), &key);
if( rv != CKR_OK) {
fprintf(stderr, "C_CreateObject: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_EncryptInit( *crypt->session, mechanism, key);
if( rv != CKR_OK) {
fprintf(stderr, "C_EncryptInit: rv = 0x%.8lX\n", rv);
}
static int
cast5_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
return 1;
}
static void
cast5_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
cryptoki_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
hexdump(stdout, "cryptoki_block_encrypt input", in, crypt->blocksize);
rv = funcs->C_Encrypt( *crypt->session, in, crypt->blocksize, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
}
hexdump(stdout, "cryptoki_block_encrypt output", out, len);
}
static void
cast5_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
cryptoki_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len;
CK_RV rv = CKR_OK;
rv = funcs->C_Encrypt( *crypt->session, (CK_BYTE_PTR)in, crypt->num, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
}
}
static void
cast5_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
cryptoki_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len;
CK_RV rv = CKR_OK;
hexdump(stdout, "cryptoki_cfb_encrypt input", in, crypt->blocksize);
rv = funcs->C_Encrypt( *crypt->session, (CK_BYTE_PTR)in, count, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
}
hexdump(stdout, "cryptoki_cfb_encrypt output", out, len);
}
static void
cast5_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
cryptoki_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len;
CK_RV rv = CKR_OK;
rv = funcs->C_Encrypt( *crypt->session, (CK_BYTE_PTR)in, count, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
}
}
static void
cryptoki_finish(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
CK_RV rv = CKR_OK;
rv = funcs->C_CloseSession( *crypt->session );
if( rv != CKR_OK) {
fprintf(stderr, "C_CloseSession: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Finalize( NULL );
if( rv != CKR_OK) {
fprintf(stderr, "C_Finalize: rv = 0x%.8lX\n", rv);
}
free( crypt->session );
}
static int
cast5_init(pgp_crypt_t *crypt)
{
CK_MECHANISM mechanism = {
CKM_CAST5_ECB,
NULL,
0
};
cryptoki_init( crypt, CKK_CAST5, &mechanism );
return 1;
}
static pgp_crypt_t cast5 =
{
PGP_SA_CAST5,
@ -111,40 +200,26 @@ static pgp_crypt_t cast5 =
std_set_key,
cast5_init,
std_resync,
cast5_block_encrypt,
cast5_block_decrypt,
cast5_cfb_encrypt,
cast5_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
static int
idea_init(pgp_crypt_t *crypt)
{
CK_MECHANISM mechanism = {
CKM_IDEA_ECB,
NULL,
0
};
cryptoki_init( crypt, CKK_IDEA, &mechanism );
return 1;
}
static void
idea_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
idea_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
idea_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
}
static void
idea_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
}
static const pgp_crypt_t idea =
{
PGP_SA_IDEA,
@ -154,11 +229,11 @@ static const pgp_crypt_t idea =
std_set_key,
idea_init,
std_resync,
idea_block_encrypt,
idea_block_decrypt,
idea_cfb_encrypt,
idea_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
@ -169,29 +244,12 @@ static const pgp_crypt_t idea =
static int
aes128_init(pgp_crypt_t *crypt)
{
CK_BYTE_PTR pData;
CK_MECHANISM mechanism = { CKM_AES_ECB, 0, 0 };
cryptoki_init( crypt, CKK_AES, &mechanism );
return 1;
}
static void
aes_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
aes_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
aes_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
}
static void
aes_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
}
static const pgp_crypt_t aes128 =
{
PGP_SA_AES_128,
@ -201,11 +259,11 @@ static const pgp_crypt_t aes128 =
std_set_key,
aes128_init,
std_resync,
aes_block_encrypt,
aes_block_decrypt,
aes_cfb_encrypt,
aes_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
@ -216,6 +274,7 @@ static const pgp_crypt_t aes128 =
static int
aes256_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
return 1;
}
@ -228,11 +287,11 @@ static const pgp_crypt_t aes256 =
std_set_key,
aes256_init,
std_resync,
aes_block_encrypt,
aes_block_decrypt,
aes_cfb_encrypt,
aes_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
@ -241,31 +300,10 @@ static const pgp_crypt_t aes256 =
static int
tripledes_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
return 1;
}
static void
tripledes_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
tripledes_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
tripledes_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in,
size_t count)
{
}
static void
tripledes_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in,
size_t count)
{
}
static const pgp_crypt_t tripledes =
{
PGP_SA_TRIPLEDES,
@ -275,11 +313,11 @@ static const pgp_crypt_t tripledes =
std_set_key,
tripledes_init,
std_resync,
tripledes_block_encrypt,
tripledes_block_decrypt,
tripledes_cfb_encrypt,
tripledes_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
@ -288,29 +326,10 @@ static const pgp_crypt_t tripledes =
static int
camellia128_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
return 1;
}
static void
camellia_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
camellia_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
camellia_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
}
static void
camellia_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
}
static const pgp_crypt_t camellia128 =
{
PGP_SA_CAMELLIA_128,
@ -320,11 +339,11 @@ static const pgp_crypt_t camellia128 =
std_set_key,
camellia128_init,
std_resync,
camellia_block_encrypt,
camellia_block_decrypt,
camellia_cfb_encrypt,
camellia_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
@ -335,6 +354,7 @@ static const pgp_crypt_t camellia128 =
static int
camellia256_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
return 1;
}
@ -347,21 +367,22 @@ static const pgp_crypt_t camellia256 =
std_set_key,
camellia256_init,
std_resync,
camellia_block_encrypt,
camellia_block_decrypt,
camellia_cfb_encrypt,
camellia_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
/*
The list of algorithms for z/OS can be seen here:
https://www.ibm.com/docs/en/zos/2.1.0?topic=api-key-types-mechanisms-supported
*/
const pgp_crypt_t *
get_proto(pgp_symm_alg_t alg)
{
switch (alg) {
case PGP_SA_CAST5:
return &cast5;
case PGP_SA_IDEA:
return &idea;
case PGP_SA_AES_128:
@ -374,9 +395,10 @@ get_proto(pgp_symm_alg_t alg)
return &camellia256;
case PGP_SA_TRIPLEDES:
return &tripledes;
case PGP_SA_CAST5:
return &cast5;
default:
(void) fprintf(stderr, "get_proto: Unknown algorithm: %d (%s)\n",
alg, pgp_show_symm_alg(alg));
(void) fprintf(stderr, "get_proto: Unknown algorithm: %d (%s)\n", alg, pgp_show_symm_alg(alg));
}
return NULL;
}
@ -387,17 +409,25 @@ get_proto(pgp_symm_alg_t alg)
\param alg Symmetric Algorithm to check
\return 1 if supported; else 0
*/
/*
IBM z/OS is the worst platform for such stuff ever, half
the algorithms aren't implemented.
Here's a list of the few which are, in case you've got a crash
here and wanna have a look at the desert of the real worl yoursel:
https://www.ibm.com/docs/en/zos/2.1.0?topic=api-key-types-mechanisms-supported
*/
unsigned
pgp_is_sa_supported(pgp_symm_alg_t alg)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
switch (alg) {
case PGP_SA_AES_128:
case PGP_SA_AES_256:
case PGP_SA_CAST5:
case PGP_SA_TRIPLEDES:
case PGP_SA_CAMELLIA_128:
case PGP_SA_CAMELLIA_256:
case PGP_SA_IDEA:
//case PGP_SA_IDEA:
//case PGP_SA_CAST5:
return 1;
default:


+ 13
- 0
src/symmetric_openssl.c View File

@ -91,6 +91,19 @@ __RCSID("$NetBSD$");
#define TRAILER "","","","",0,NULL,NULL
static void
std_finish(pgp_crypt_t *crypt)
{
if (crypt->encrypt_key) {
free(crypt->encrypt_key);
crypt->encrypt_key = NULL;
}
if (crypt->decrypt_key) {
free(crypt->decrypt_key);
crypt->decrypt_key = NULL;
}
}
static int
cast5_init(pgp_crypt_t *crypt)
{


+ 2
- 2
src/writer.c View File

@ -1033,8 +1033,8 @@ pgp_push_enc_se_ip(pgp_output_t *output, const pgp_keyring_t *pubkeys, const cha
pgp_pk_sesskey_t *encrypted_pk_sesskey;
encrypt_se_ip_t *se_ip;
pgp_crypt_t *encrypted;
uint8_t *iv;
unsigned n;
uint8_t *iv;
unsigned n;
if ((se_ip = calloc(1, sizeof(*se_ip))) == NULL) {
(void) fprintf(stderr, "pgp_push_enc_se_ip: bad alloc\n");


Write Preview
Loading…
Cancel
Save