Browse Source

z/OS support: Support symmetric algorithms

* Neither CAST5 nor IDEA are supported by z/OS
* Initial version of at least AES support
master
David Lanzendörfer 11 months ago
parent
commit
6a4243cb2f
16 changed files with 252 additions and 247 deletions
  1. +6
    -2
      include/netpgp/crypto.h
  2. +7
    -0
      include/netpgp/gskssl_glue.h
  3. +0
    -1
      include/netpgp/symmetric.h
  4. +10
    -4
      src/Makefile.am
  5. +11
    -13
      src/create.c
  6. +3
    -2
      src/crypto.c
  7. +0
    -22
      src/gskssl_glue.h
  8. +3
    -34
      src/main.c
  9. +7
    -2
      src/misc.c
  10. +11
    -0
      src/netpgp.c
  11. +3
    -0
      src/packet-parse.c
  12. +2
    -5
      src/reader.c
  13. +4
    -20
      src/symmetric.c
  14. +170
    -140
      src/symmetric_gskssl.c
  15. +13
    -0
      src/symmetric_openssl.c
  16. +2
    -2
      src/writer.c

+ 6
- 2
include/netpgp/crypto.h View File

@ -106,12 +106,16 @@ struct pgp_crypt_t {
uint8_t iv[PGP_MAX_BLOCK_SIZE];
uint8_t civ[PGP_MAX_BLOCK_SIZE];
uint8_t siv[PGP_MAX_BLOCK_SIZE];
/* siv is needed for weird v3 resync */
/* siv is needed for weird v3 resync */
uint8_t key[PGP_MAX_KEY_SIZE];
int num;
/* num is offset - see openssl _encrypt doco */
#if defined(HAVE_OPENSSL)
/* num is offset - see openssl _encrypt doco */
void *encrypt_key;
void *decrypt_key;
#elif defined(HAVE_GSKSSL)
CK_SESSION_HANDLE *session;
#endif
};
typedef struct pgp_validation_t {


+ 7
- 0
include/netpgp/gskssl_glue.h View File

@ -1,6 +1,9 @@
#ifndef _GSKSSL_GLUE_H
#define _GSKSSL_GLUE_H
#include <stdio.h>
#include <stdlib.h>
#include <csnpdefs.h>
#include <gskcms.h>
#include <csfbext.h>
@ -13,9 +16,13 @@
#define SHA384_DIGEST_LENGTH 48
#define MD5_DIGEST_LENGTH 16
#define AES_BLOCK_SIZE 16
#define CAMELLIA_BLOCK_SIZE 16
#define CAST_BLOCK 8
#define IDEA_BLOCK 8
#define IDEA_KEY_LENGTH 16
CK_FUNCTION_LIST *funcs;
CK_RV getSession(CK_SESSION_HANDLE *session);
CK_RV getFunctionList(void);


+ 0
- 1
include/netpgp/symmetric.h View File

@ -6,7 +6,6 @@ const pgp_crypt_t *get_proto(pgp_symm_alg_t alg);
void std_set_iv(pgp_crypt_t *crypt, const uint8_t *iv);
void std_set_key(pgp_crypt_t *crypt, const uint8_t *key);
void std_resync(pgp_crypt_t *decrypt);
void std_finish(pgp_crypt_t *crypt);
#endif

+ 10
- 4
src/Makefile.am View File

@ -19,9 +19,12 @@ libnetpgp_la_SOURCES = \
packet-show.c \
reader.c \
signature.c \
symmetric.c \
symmetric_openssl.c \
symmetric_gskssl.c \
validate.c \
writer.c
writer.c \
gskssl_glue.c \
symmetric.c
bin_PROGRAMS = netpgp
netpgp_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include -D_GNU_SOURCE
@ -44,7 +47,10 @@ netpgp_SOURCES = \
packet-show.c \
reader.c \
signature.c \
symmetric.c \
symmetric_openssl.c \
symmetric_gskssl.c \
validate.c \
writer.c
writer.c \
gskssl_glue.c \
symmetric.c

+ 11
- 13
src/create.c View File

@ -583,8 +583,6 @@ pgp_write_struct_pubkey(pgp_output_t *output, const pgp_pubkey_t *key)
unsigned
pgp_write_struct_crypted_seckey_ptag(const pgp_seckey_t *key, pgp_output_t *output, pgp_content_enum ptag)
{
int length = 0;
if (key->pubkey.version != 4) {
(void) fprintf(stderr, "pgp_write_struct_seckey: public key version\n");
return 0;
@ -736,12 +734,12 @@ pgp_write_xfer_key(pgp_output_t *output,
\param output Output stream
*/
void
int
pgp_write_xfer_seckey(pgp_output_t *output,
const pgp_key_t *key,
const unsigned armoured)
{
unsigned /*i,*/ j;
//unsigned /*i,*/ j;
if (armoured) {
pgp_writer_push_armoured(output, PGP_PGP_PUBLIC_KEY_BLOCK);
@ -953,6 +951,7 @@ pgp_calc_sesskey_checksum(pgp_pk_sesskey_t *sesskey, uint8_t cs[2])
unsigned i;
if (!pgp_is_sa_supported(sesskey->symm_alg)) {
printf("SA (%d) not supported!\n", sesskey->symm_alg);
return 0;
}
@ -1003,8 +1002,8 @@ unsigned
encode_m_buf(const uint8_t *M, size_t mLen, const pgp_pubkey_t * pubkey,
uint8_t *EM)
{
unsigned k;
unsigned i;
unsigned k = 0;
unsigned i = 0;
/* implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC */
switch (pubkey->alg) {
@ -1085,14 +1084,14 @@ pgp_create_pk_sesskey(pgp_key_t *key, const char *ciphername, pgp_pk_sesskey_t *
pgp_symm_alg_t cipher;
const uint8_t *id;
pgp_crypt_t cipherinfo;
uint8_t *unencoded_m_buf;
uint8_t *encoded_m_buf;
size_t sz_encoded_m_buf;
uint8_t *unencoded_m_buf = NULL;
uint8_t *encoded_m_buf = NULL;
size_t sz_encoded_m_buf = 0;
memset(&cipherinfo, 0, sizeof(pgp_crypt_t));
pubkey = pgp_key_get_enckey(key, &id);
/* allocate unencoded_m_buf here */
(void) memset(&cipherinfo, 0x0, sizeof(cipherinfo));
(void) memset(&cipherinfo, 0x0, sizeof(pgp_crypt_t));
pgp_crypt_any(&cipherinfo, cipher = pgp_str_to_cipher((ciphername) ? ciphername : "cast5"));
unencoded_m_buf = calloc(1, cipherinfo.keysize + 1 + 2);
if (unencoded_m_buf == NULL) {
@ -1181,8 +1180,7 @@ pgp_create_pk_sesskey(pgp_key_t *key, const char *ciphername, pgp_pk_sesskey_t *
}
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "sesskey created", sesskey->key,
cipherinfo.keysize + 1 + 2);
hexdump(stderr, "sesskey created", sesskey->key, cipherinfo.keysize + 1 + 2);
}
if (create_unencoded_m_buf(sesskey, &cipherinfo, &unencoded_m_buf[0]) == 0) {
free(unencoded_m_buf);


+ 3
- 2
src/crypto.c View File

@ -254,8 +254,9 @@ pgp_rsa_encrypt_mpi(const uint8_t *encoded_m_buf,
#if defined(HAVE_OPENSSL_BN_H)
skp->rsa.encrypted_m = BN_bin2bn(encmpibuf, n, NULL);
#elif defined(HAVE_GSKSSL)
skp->rsa.encrypted_m->data=malloc(n);
skp->rsa.encrypted_m->length=n;
skp->rsa.encrypted_m = malloc(sizeof(gsk_buffer));
skp->rsa.encrypted_m->data = malloc(n);
skp->rsa.encrypted_m->length = n;
memcpy(skp->rsa.encrypted_m->data, encmpibuf, n);
#endif


+ 0
- 22
src/gskssl_glue.h View File

@ -1,22 +0,0 @@
#ifndef _GSKSSL_GLUE_H
#define _GSKSSL_GLUE_H
#include <csnpdefs.h>
#include <gskcms.h>
#include <csfbext.h>
#include <dlfcn.h>
#define CAST_KEY_LENGTH 16
#define SHA_DIGEST_LENGTH 20
#define SHA224_DIGEST_LENGTH 28
#define MAXPATHLEN _POSIX_PATH_MAX
#define SHA384_DIGEST_LENGTH 48
#define MD5_DIGEST_LENGTH 16
#define AES_BLOCK_SIZE 16
#define CAST_BLOCK 8
CK_FUNCTION_LIST *funcs;
CK_RV getSession(CK_SESSION_HANDLE *session);
CK_RV getFunctionList(void);
#endif

+ 3
- 34
src/main.c View File

@ -233,7 +233,6 @@ size_t
file_to_mem(netpgp_t *netpgp, char *filename, char **out)
{
size_t size;
int n;
FILE *fp;
if(!filename) return 0;
@ -254,30 +253,6 @@ file_to_mem(netpgp_t *netpgp, char *filename, char **out)
return size;
}
/* output the text to stdout */
static int
show_output(char *out, size_t size, const char *header)
{
int cc;
int n;
if (size <= 0) {
(void) fprintf(stderr, "%s\n", header);
return 0;
}
for (cc = 0 ; cc < size ; cc += n) {
if ((n = write(STDOUT_FILENO, &out[cc], size - cc)) <= 0) {
break;
}
}
if (cc < size) {
(void) fprintf(stderr, "Short write\n");
return 0;
}
return cc == size;
}
void
process_output(prog_t *p, uint8_t *out, size_t size)
{
@ -310,8 +285,6 @@ pgp_cb_ret_t ask_password(const pgp_packet_t *packet, pgp_cbdata_t *data)
int show_seckeys(netpgp_t *netpgp, prog_t *p)
{
pgp_key_t key;
pgp_uidsig_t uidsigp;
pgp_directsig_t directsig;
pgp_subkey_t subkey;
pgp_uidsig_t uidsig;
char *uid, *fpr;
@ -352,8 +325,6 @@ int show_keys(netpgp_t *netpgp, prog_t *p)
{
pgp_key_t key;
pgp_subkey_t subkey;
pgp_directsig_t directsig;
pgp_subkeysig_t subkeysig;
pgp_uidsig_t uidsig;
char *uid, *fpr;
int i,j;
@ -393,7 +364,7 @@ int pgp_generate_keypair(netpgp_t *netpgp, prog_t *p)
{
pgp_key_t *newseckey, *newpubkey;
char newid[1024];
const char *hashalg = NULL, *cipher = NULL, *username = "David Lanzendörfer", *address = "leviathan@libresilicon.com", *password = NULL;
const char *hashalg = NULL, *cipher = NULL, *username = "David Lanzendörfer", *address = "leviathan@libresilicon.com";
hashalg = netpgp_getvar(netpgp, "hash");
cipher = netpgp_getvar(netpgp, "cipher");
if(!cipher) {
@ -500,11 +471,9 @@ int
encrypt_data(netpgp_t *netpgp, prog_t *p, char *in, size_t size, int sign)
{
pgp_memory_t *mem;
char *cipher = NULL;
char *userid = NULL;
char *recipients = NULL;
char *to = NULL;
int i, ret;
pgp_io_t* io;
uint8_t keyid[PGP_KEY_ID_SIZE];
@ -514,7 +483,7 @@ encrypt_data(netpgp_t *netpgp, prog_t *p, char *in, size_t size, int sign)
pgp_key_t *key;
pgp_key_t *signer;
pgp_keyring_t *rcpts;
pgp_seckey_t *seckey;
pgp_seckey_t *seckey = NULL;
io = netpgp->io;
@ -571,7 +540,7 @@ encrypt_data(netpgp_t *netpgp, prog_t *p, char *in, size_t size, int sign)
if(sign) {
seckey = pgp_key_get_certkey(signer);
/* No signig key. Revoked ? */
if(seckey == NULL){
if( seckey == NULL ){
// PEP_GET_KEY_FAILED;
if (pgp_get_debug_level(__FILE__)) {
fprintf(stderr,"Seckey not found\n");


+ 7
- 2
src/misc.c View File

@ -747,8 +747,13 @@ pgp_random(void *dest, size_t length)
{
#if defined(HAVE_OPENSSL)
RAND_bytes(dest, (int)length);
#else
// TODO: Implement random bytes
#elif defined(HAVE_GSKSSL)
gsk_buffer buffer;
buffer.length = length;
buffer.data = malloc(length);
gsk_generate_random_bytes(&buffer);
memcpy(dest, buffer.data, buffer.length);
gsk_free_buffer(&buffer);
#endif
}


+ 11
- 0
src/netpgp.c View File

@ -26,6 +26,17 @@
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/*
** Check to see if this machine uses EBCDIC. (Yes, believe it or
** not, there are still machines out there that use EBCDIC.)
*/
#if 'A' == '\301'
# define NETPGP_EBCDIC 1
#else
# define NETPGP_ASCII 1
#endif
#include <netpgp/config.h>
#ifdef HAVE_SYS_CDEFS_H


+ 3
- 0
src/packet-parse.c View File

@ -690,6 +690,7 @@ limread_mpi(gsk_buffer **pbn, pgp_region_t *region, pgp_stream_t *stream)
if (!limread(buf, length, region, stream)) {
return 0;
}
#if 0
if (((unsigned)buf[0] >> nonzero) != 0 || !((unsigned)buf[0] & (1U << (nonzero - 1U)))) {
printf("MPI Format error");
PGP_ERROR_1(&stream->errors, PGP_E_P_MPI_FORMAT_ERROR, "%s", "MPI Format error");
@ -705,6 +706,8 @@ limread_mpi(gsk_buffer **pbn, pgp_region_t *region, pgp_stream_t *stream)
hexdump(stderr,"buf",buf,1);
return 0;
}
#endif
#if defined(HAVE_OPENSSL)
*pbn = BN_bin2bn(buf, (int)length, NULL);
#elif defined(HAVE_GSKSSL)


+ 2
- 5
src/reader.c View File

@ -154,11 +154,10 @@ __RCSID("$NetBSD$");
char A(char c)
{
char ret = c;
#if defined(NETPGP_EBCDIC)
__e2a_l(&ret,1);
__e2a_l(&c,1);
#endif
return ret;
return c;
}
/* get a pass phrase from the user */
@ -2033,7 +2032,6 @@ pgp_setup_file_read(
unsigned accumulate
)
{
struct stat st;
int fd;
fd = open(filename, MMAP_BIN_FLAGS, 0666);
if (fd < 0) {
@ -2164,7 +2162,6 @@ pgp_get_seckey_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
const pgp_key_t *keypair;
unsigned from;
pgp_io_t *io;
int i;
pgp_cryptinfo_t *cryptinfo = &cbinfo->cryptinfo;
key_id_t *key_id;


+ 4
- 20
src/symmetric.c View File

@ -17,20 +17,21 @@ __RCSID("$NetBSD$");
#include <netpgp/packet-show.h>
#include <netpgp/symmetric.h>
void
void
std_set_iv(pgp_crypt_t *crypt, const uint8_t *iv)
{
(void) memcpy(crypt->iv, iv, crypt->blocksize);
crypt->num = 0;
}
void
void
std_set_key(pgp_crypt_t *crypt, const uint8_t *key)
{
hexdump(stdout, "std_set_key", key, crypt->keysize);
(void) memcpy(crypt->key, key, crypt->keysize);
}
void
void
std_resync(pgp_crypt_t *decrypt)
{
if ((size_t) decrypt->num == decrypt->blocksize) {
@ -42,19 +43,6 @@ std_resync(pgp_crypt_t *decrypt)
decrypt->num = 0;
}
void
std_finish(pgp_crypt_t *crypt)
{
if (crypt->encrypt_key) {
free(crypt->encrypt_key);
crypt->encrypt_key = NULL;
}
if (crypt->decrypt_key) {
free(crypt->decrypt_key);
crypt->decrypt_key = NULL;
}
}
int
pgp_crypt_any(pgp_crypt_t *crypt, pgp_symm_alg_t alg)
{
@ -81,7 +69,6 @@ unsigned
pgp_key_size(pgp_symm_alg_t alg)
{
const pgp_crypt_t *p = get_proto(alg);
return (p == NULL) ? 0 : (unsigned)p->keysize;
}
@ -103,9 +90,6 @@ pgp_decrypt_init(pgp_crypt_t *decrypt)
decrypt->num = 0;
}
size_t
pgp_decrypt_se(pgp_crypt_t *decrypt, void *outvoid, const void *invoid,
size_t count)


+ 170
- 140
src/symmetric_gskssl.c View File

@ -70,38 +70,127 @@ __RCSID("$NetBSD$");
#define TRAILER "","","","",0,NULL,NULL
static void
cryptoki_init(pgp_crypt_t *crypt, CK_KEY_TYPE keyType, CK_MECHANISM *mechanism )
{
CK_RV rv = CKR_OK;
CK_OBJECT_HANDLE key;
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
CK_BBOOL true = TRUE, false = FALSE;
CK_UTF8CHAR label[] = "test";
CK_ULONG len = crypt->keysize;
CK_ATTRIBUTE template[] = {
{CKA_CLASS, &keyClass, sizeof(keyClass) },
{CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{CKA_LABEL, label, sizeof(label) },
{CKA_ENCRYPT, &true, sizeof(true) },
{CKA_VALUE, crypt->key, len }
};
crypt->session = malloc(sizeof(CK_SESSION_HANDLE));
memset(crypt->session, 0, sizeof(CK_SESSION_HANDLE));
rv = getSession( crypt->session );
if( rv != CKR_OK) {
fprintf(stderr, "getSession: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_CreateObject( *crypt->session, template, sizeof(template)/sizeof(CK_ATTRIBUTE), &key);
if( rv != CKR_OK) {
fprintf(stderr, "C_CreateObject: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_EncryptInit( *crypt->session, mechanism, key);
if( rv != CKR_OK) {
fprintf(stderr, "C_EncryptInit: rv = 0x%.8lX\n", rv);
}
static int
cast5_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
return 1;
}
static void
cast5_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
cryptoki_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
hexdump(stdout, "cryptoki_block_encrypt input", in, crypt->blocksize);
rv = funcs->C_Encrypt( *crypt->session, in, crypt->blocksize, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
}
hexdump(stdout, "cryptoki_block_encrypt output", out, len);
}
static void
cast5_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
cryptoki_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len;
CK_RV rv = CKR_OK;
rv = funcs->C_Encrypt( *crypt->session, (CK_BYTE_PTR)in, crypt->num, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
}
}
static void
cast5_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
cryptoki_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len;
CK_RV rv = CKR_OK;
hexdump(stdout, "cryptoki_cfb_encrypt input", in, crypt->blocksize);
rv = funcs->C_Encrypt( *crypt->session, (CK_BYTE_PTR)in, count, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
}
hexdump(stdout, "cryptoki_cfb_encrypt output", out, len);
}
static void
cast5_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
cryptoki_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len;
CK_RV rv = CKR_OK;
rv = funcs->C_Encrypt( *crypt->session, (CK_BYTE_PTR)in, count, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
}
}
static void
cryptoki_finish(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
CK_RV rv = CKR_OK;
rv = funcs->C_CloseSession( *crypt->session );
if( rv != CKR_OK) {
fprintf(stderr, "C_CloseSession: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Finalize( NULL );
if( rv != CKR_OK) {
fprintf(stderr, "C_Finalize: rv = 0x%.8lX\n", rv);
}
free( crypt->session );
}
static int
cast5_init(pgp_crypt_t *crypt)
{
CK_MECHANISM mechanism = {
CKM_CAST5_ECB,
NULL,
0
};
cryptoki_init( crypt, CKK_CAST5, &mechanism );
return 1;
}
static pgp_crypt_t cast5 =
{
PGP_SA_CAST5,
@ -111,40 +200,26 @@ static pgp_crypt_t cast5 =
std_set_key,
cast5_init,
std_resync,
cast5_block_encrypt,
cast5_block_decrypt,
cast5_cfb_encrypt,
cast5_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
static int
idea_init(pgp_crypt_t *crypt)
{
CK_MECHANISM mechanism = {
CKM_IDEA_ECB,
NULL,
0
};
cryptoki_init( crypt, CKK_IDEA, &mechanism );
return 1;
}
static void
idea_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
idea_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
idea_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
}
static void
idea_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
}
static const pgp_crypt_t idea =
{
PGP_SA_IDEA,
@ -154,11 +229,11 @@ static const pgp_crypt_t idea =
std_set_key,
idea_init,
std_resync,
idea_block_encrypt,
idea_block_decrypt,
idea_cfb_encrypt,
idea_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
@ -169,29 +244,12 @@ static const pgp_crypt_t idea =
static int
aes128_init(pgp_crypt_t *crypt)
{
CK_BYTE_PTR pData;
CK_MECHANISM mechanism = { CKM_AES_ECB, 0, 0 };
cryptoki_init( crypt, CKK_AES, &mechanism );
return 1;
}
static void
aes_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
aes_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
aes_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
}
static void
aes_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
}
static const pgp_crypt_t aes128 =
{
PGP_SA_AES_128,
@ -201,11 +259,11 @@ static const pgp_crypt_t aes128 =
std_set_key,
aes128_init,
std_resync,
aes_block_encrypt,
aes_block_decrypt,
aes_cfb_encrypt,
aes_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
@ -216,6 +274,7 @@ static const pgp_crypt_t aes128 =
static int
aes256_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
return 1;
}
@ -228,11 +287,11 @@ static const pgp_crypt_t aes256 =
std_set_key,
aes256_init,
std_resync,
aes_block_encrypt,
aes_block_decrypt,
aes_cfb_encrypt,
aes_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
@ -241,31 +300,10 @@ static const pgp_crypt_t aes256 =
static int
tripledes_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
return 1;
}
static void
tripledes_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
tripledes_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
tripledes_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in,
size_t count)
{
}
static void
tripledes_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in,
size_t count)
{
}
static const pgp_crypt_t tripledes =
{
PGP_SA_TRIPLEDES,
@ -275,11 +313,11 @@ static const pgp_crypt_t tripledes =
std_set_key,
tripledes_init,
std_resync,
tripledes_block_encrypt,
tripledes_block_decrypt,
tripledes_cfb_encrypt,
tripledes_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
@ -288,29 +326,10 @@ static const pgp_crypt_t tripledes =
static int
camellia128_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
return 1;
}
static void
camellia_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
camellia_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
}
static void
camellia_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
}
static void
camellia_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
}
static const pgp_crypt_t camellia128 =
{
PGP_SA_CAMELLIA_128,
@ -320,11 +339,11 @@ static const pgp_crypt_t camellia128 =
std_set_key,
camellia128_init,
std_resync,
camellia_block_encrypt,
camellia_block_decrypt,
camellia_cfb_encrypt,
camellia_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
@ -335,6 +354,7 @@ static const pgp_crypt_t camellia128 =
static int
camellia256_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
return 1;
}
@ -347,21 +367,22 @@ static const pgp_crypt_t camellia256 =
std_set_key,
camellia256_init,
std_resync,
camellia_block_encrypt,
camellia_block_decrypt,
camellia_cfb_encrypt,
camellia_cfb_decrypt,
std_finish,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_finish,
TRAILER
};
/*
The list of algorithms for z/OS can be seen here:
https://www.ibm.com/docs/en/zos/2.1.0?topic=api-key-types-mechanisms-supported
*/
const pgp_crypt_t *
get_proto(pgp_symm_alg_t alg)
{
switch (alg) {
case PGP_SA_CAST5:
return &cast5;
case PGP_SA_IDEA:
return &idea;
case PGP_SA_AES_128:
@ -374,9 +395,10 @@ get_proto(pgp_symm_alg_t alg)
return &camellia256;
case PGP_SA_TRIPLEDES:
return &tripledes;
case PGP_SA_CAST5:
return &cast5;
default:
(void) fprintf(stderr, "get_proto: Unknown algorithm: %d (%s)\n",
alg, pgp_show_symm_alg(alg));
(void) fprintf(stderr, "get_proto: Unknown algorithm: %d (%s)\n", alg, pgp_show_symm_alg(alg));
}
return NULL;
}
@ -387,17 +409,25 @@ get_proto(pgp_symm_alg_t alg)
\param alg Symmetric Algorithm to check
\return 1 if supported; else 0
*/
/*
IBM z/OS is the worst platform for such stuff ever, half
the algorithms aren't implemented.
Here's a list of the few which are, in case you've got a crash
here and wanna have a look at the desert of the real worl yoursel:
https://www.ibm.com/docs/en/zos/2.1.0?topic=api-key-types-mechanisms-supported
*/
unsigned
pgp_is_sa_supported(pgp_symm_alg_t alg)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
switch (alg) {
case PGP_SA_AES_128:
case PGP_SA_AES_256:
case PGP_SA_CAST5:
case PGP_SA_TRIPLEDES:
case PGP_SA_CAMELLIA_128:
case PGP_SA_CAMELLIA_256:
case PGP_SA_IDEA:
//case PGP_SA_IDEA:
//case PGP_SA_CAST5:
return 1;
default:


+ 13
- 0
src/symmetric_openssl.c View File

@ -91,6 +91,19 @@ __RCSID("$NetBSD$");
#define TRAILER "","","","",0,NULL,NULL
static void
std_finish(pgp_crypt_t *crypt)
{
if (crypt->encrypt_key) {
free(crypt->encrypt_key);
crypt->encrypt_key = NULL;
}
if (crypt->decrypt_key) {
free(crypt->decrypt_key);
crypt->decrypt_key = NULL;
}
}
static int
cast5_init(pgp_crypt_t *crypt)
{


+ 2
- 2
src/writer.c View File

@ -1033,8 +1033,8 @@ pgp_push_enc_se_ip(pgp_output_t *output, const pgp_keyring_t *pubkeys, const cha
pgp_pk_sesskey_t *encrypted_pk_sesskey;
encrypt_se_ip_t *se_ip;
pgp_crypt_t *encrypted;
uint8_t *iv;
unsigned n;
uint8_t *iv;
unsigned n;
if ((se_ip = calloc(1, sizeof(*se_ip))) == NULL) {
(void) fprintf(stderr, "pgp_push_enc_se_ip: bad alloc\n");


Loading…
Cancel
Save