leviathan
/
netpgp-et
forked from pEp.foundation/netpgp-et
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

Release v1, z/OS: Basic encryption decryption 

* RSA keys up to 1024 bit length are supported
* Tripple DES as cipher is supported
  (CAST5 is not supported by hard ware acceleration)
* All common SHA variants are supported
master
David Lanzendörfer 11 months ago
parent
4c813b4c5d
commit
8a98d005dd
17 changed files with 176 additions and 234 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +0
    -2
      include/netpgp/create.h
  2. +4
    -0
      include/netpgp/crypto.h
  3. +0
    -1
      include/netpgp/gskssl_glue.h
  4. +0
    -52
      src/create.c
  5. +2
    -2
      src/crypto.c
  6. +5
    -6
      src/gskssl_crypto.c
  7. +3
    -0
      src/gskssl_glue.c
  8. +0
    -12
      src/keyring.c
  9. +6
    -3
      src/main.c
  10. +6
    -9
      src/openssl_crypto.c
  11. +7
    -4
      src/packet-parse.c
  12. +6
    -8
      src/reader.c
  13. +0
    -12
      src/signature.c
  14. +3
    -6
      src/symmetric.c
  15. +90
    -65
      src/symmetric_gskssl.c
  16. +8
    -24
      src/symmetric_openssl.c
  17. +36
    -28
      src/writer.c

+ 0
- 2
include/netpgp/create.h View File

@ -119,7 +119,5 @@ unsigned encode_m_buf(const uint8_t *, size_t, const pgp_pubkey_t *,
uint8_t *);
unsigned pgp_fileread_litdata(const char *, const pgp_litdata_enum,
pgp_output_t *);
unsigned pgp_write_symm_enc_data(const uint8_t *, const int,
pgp_output_t *);
#endif /* CREATE_H_ */

+ 4
- 0
include/netpgp/crypto.h View File

@ -72,6 +72,10 @@
#define PGP_MIN_HASH_SIZE 16
#if defined(HAVE_GSKSSL)
unsigned gsk_num_bits ( gsk_buffer *bn );
#endif
/** pgp_hash_t */
struct pgp_hash_t {
pgp_hash_alg_t alg; /* algorithm */


+ 0
- 1
include/netpgp/gskssl_glue.h View File

@ -25,7 +25,6 @@
#define KEYBITS_CAMELLIA128 128
#define KEYBITS_CAMELLIA256 256
CK_FUNCTION_LIST *funcs;
CK_RV getSession(CK_SESSION_HANDLE *session);


+ 0
- 52
src/create.c View File

@ -189,16 +189,6 @@ mpi_length(const BIGNUM *bn)
return (unsigned)(2 +(BN_num_bits(bn)+7)/8);
}
#elif defined(HAVE_GSKSSL)
static unsigned gsk_num_bits ( gsk_buffer *bn )
{
unsigned r = (bn->length-1)*8;
uint8_t x = ((uint8_t*)bn->data)[0];
do {
r++;
} while (x >>= 1);
return r;
}
static unsigned
mpi_length(gsk_buffer *bn)
{
@ -1407,48 +1397,6 @@ pgp_filewrite(const char *filename, const char *buf,
return (close(fd) == 0);
}
/**
\ingroup Core_WritePackets
\brief Write Symmetrically Encrypted packet
\param data Data to encrypt
\param len Length of data
\param output Write settings
\return 1 if OK; else 0
\note Hard-coded to use AES256
*/
unsigned
pgp_write_symm_enc_data(const uint8_t *data,
const int len,
pgp_output_t * output)
{
pgp_crypt_t crypt_info;
uint8_t *encrypted = (uint8_t *) NULL;
size_t encrypted_sz;
int done = 0;
/* \todo assume AES256 for now */
pgp_crypt_any(&crypt_info, PGP_SA_AES_256);
pgp_encrypt_init(&crypt_info);
encrypted_sz = (size_t)(len + crypt_info.blocksize + 2);
if ((encrypted = calloc(1, encrypted_sz)) == NULL) {
(void) fprintf(stderr, "can't allocate %" PRIsize "d\n",
encrypted_sz);
return 0;
}
done = (int)pgp_encrypt_se(&crypt_info, encrypted, data, (unsigned)len);
if (done != len) {
(void) fprintf(stderr,
"pgp_write_symm_enc_data: done != len\n");
return 0;
}
return pgp_write_ptag(output, PGP_PTAG_CT_SE_DATA) &&
pgp_write_length(output, (unsigned)(1 + encrypted_sz)) &&
pgp_write(output, data, (unsigned)len);
}
/**
\ingroup Core_WritePackets
\brief Write a One Pass Signature packet


+ 2
- 2
src/crypto.c View File

@ -77,7 +77,7 @@ __RCSID("$NetBSD$");
#include <netpgp/validate.h>
#if defined(HAVE_GSKSSL)
static unsigned gsk_num_bits ( gsk_buffer *bn )
unsigned gsk_num_bits ( gsk_buffer *bn )
{
unsigned r = (bn->length-1)*8;
uint8_t x = ((uint8_t*)bn->data)[0];
@ -133,7 +133,7 @@ pgp_decrypt_decode_mpi(uint8_t *buf,
#if defined(HAVE_OPENSSL)
BN_bn2bin(encmpi, encmpibuf);
#elif defined(HAVE_GSKSSL)
memcpy(encmpibuf,encmpi->data,encmpi->length);
memcpy(encmpibuf, encmpi->data, encmpi->length);
#endif
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "encrypted", encmpibuf, 16);


+ 5
- 6
src/gskssl_crypto.c View File

@ -667,7 +667,6 @@ pgp_rsa_private_encrypt(uint8_t *out,
{CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{CKA_MODULUS, pubkey->n->data, pubkey->n->length },
{CKA_PUBLIC_EXPONENT, seckey->d->data, seckey->d->length }, // CKA_PUBLIC_EXPONENT (e) = d
};
rv = getSession(&session);
@ -742,7 +741,7 @@ pgp_rsa_private_decrypt(uint8_t *out,
CK_SESSION_HANDLE session;
CK_RV rv = CKR_OK;
CK_OBJECT_HANDLE key;
CK_ULONG len = length;
CK_ULONG len;
CK_KEY_TYPE keyType = CKK_RSA;
CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
@ -752,14 +751,14 @@ pgp_rsa_private_decrypt(uint8_t *out,
};
CK_ATTRIBUTE template[] = {
{CKA_CLASS, &keyClass, sizeof(keyClass) },
{CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{CKA_CLASS, &keyClass, sizeof(keyClass) },
{CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{CKA_MODULUS, pubkey->n->data, pubkey->n->length },
{CKA_PUBLIC_EXPONENT, pubkey->e->data, pubkey->e->length },
{CKA_PRIVATE_EXPONENT, seckey->d->data, seckey->d->length },
{CKA_PRIME_1, seckey->p->data, seckey->p->length },
{CKA_PRIME_2, seckey->q->data, seckey->q->length },
{CKA_COEFFICIENT, seckey->u->data, seckey->u->length },
{CKA_COEFFICIENT, seckey->u->data, seckey->u->length }
};
rv = getSession(&session);
@ -844,7 +843,7 @@ pgp_rsa_public_encrypt(uint8_t *out,
fprintf(stderr, "C_EncryptInit: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Encrypt(session,(CK_BYTE_PTR)in,length,out,&len);
rv = funcs->C_Encrypt(session, (CK_BYTE_PTR)in, length, out, &len);
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
}


+ 3
- 0
src/gskssl_glue.c View File

@ -73,11 +73,13 @@ CK_RV getSession(CK_SESSION_HANDLE *session)
fprintf(stderr, "C_GetSlotList: rv = 0x%.8lX\n", rv);
return rv;
}
rv = funcs->C_GetTokenInfo(pSlotList[0], &info);
if( rv != CKR_OK ) {
fprintf(stderr, "C_GetTokenInfo: rv = 0x%.8lX\n", rv);
return rv;
}
rv = funcs->C_OpenSession(pSlotList[0], flags, NULL, NULL, session);
if( rv != CKR_OK ) {
fprintf(stderr, "C_OpenSession: rv = 0x%.8lX\n", rv);
@ -85,6 +87,7 @@ CK_RV getSession(CK_SESSION_HANDLE *session)
}
free(pSlotList);
return rv;
}


+ 0
- 12
src/keyring.c View File

@ -516,18 +516,6 @@ const uint8_t *pgp_key_get_primary_userid(pgp_key_t *key)
return NULL;
}
#if defined(HAVE_GSKSSL)
static unsigned gsk_num_bits ( gsk_buffer *bn )
{
unsigned r = (bn->length-1)*8;
uint8_t x = ((uint8_t*)bn->data)[0];
do {
r++;
} while (x >>= 1);
return r;
}
#endif
unsigned key_bit_len(const pgp_pubkey_t *key)
{
switch (key->alg) {


+ 6
- 3
src/main.c View File

@ -365,7 +365,7 @@ int pgp_generate_keypair(netpgp_t *netpgp, prog_t *p)
pgp_key_t *newseckey, *newpubkey;
char newid[1024];
const char *hashalg = NULL, *cipher = NULL, *username = "David Lanzendörfer", *address = "leviathan@libresilicon.com";
hashalg = netpgp_getvar(netpgp, "hash");
/*hashalg = netpgp_getvar(netpgp, "hash");
cipher = netpgp_getvar(netpgp, "cipher");
if(!cipher) {
fprintf(stderr,"No cipher set\n");
@ -374,7 +374,10 @@ int pgp_generate_keypair(netpgp_t *netpgp, prog_t *p)
if(!hashalg) {
fprintf(stderr,"No cipher set\n");
return 0;
}
}*/
cipher = "tripledes";
hashalg = "sha1";
if(snprintf(newid, sizeof(newid), "%s <%s>", username, address) >= sizeof(newid)) return 0;
// Generate the key
newseckey = pgp_keydata_new();
@ -421,7 +424,7 @@ sign_data(netpgp_t *netpgp, prog_t *p, char *in, size_t size)
(p->cmd == CLEARSIGN) ? cleartext :
!cleartext,
p->detached);*/
return 1;
}
int


+ 6
- 9
src/openssl_crypto.c View File

@ -603,13 +603,11 @@ pgp_rsa_private_decrypt(uint8_t *out,
BN_dup(seckey->d)
);
/*printf("len d: %ld\n", BN_num_bytes(seckey->d));
printf("len: %ld\n", length);
printf("d\n");
BN_print_fp(stdout,seckey->d);
printf("\nn\n");
BN_print_fp(stdout,pubkey->n);
printf("\n\n");*/
RSA_set0_factors(
orsa,
BN_dup(seckey->p),
BN_dup(seckey->q)
);
n = RSA_private_decrypt(length, in, out, orsa, RSA_NO_PADDING);
@ -658,8 +656,7 @@ pgp_rsa_public_encrypt(uint8_t *out,
n = RSA_public_encrypt((int)length, in, out, orsa, RSA_NO_PADDING);
if (n == -1) {
BIO *fd_out;
BIO *fd_out;
fd_out = BIO_new_fd(fileno(stderr), BIO_NOCLOSE);
ERR_print_errors(fd_out);
}


+ 7
- 4
src/packet-parse.c View File

@ -143,6 +143,7 @@ limread_data(pgp_data_t *data, unsigned len, pgp_region_t *subregion, pgp_stream
if (!data->contents) {
return 0;
}
memset( data->contents, 0, data->len );
return pgp_limited_read(stream, data->contents, data->len, subregion, &stream->errors, &stream->readinfo, &stream->cbinfo);
}
@ -652,6 +653,7 @@ limread_mpi(gsk_buffer **pbn, pgp_region_t *region, pgp_stream_t *stream)
#endif
{
uint8_t buf[NETPGP_BUFSIZ];
int i;
/*
* An MPI has a 2 byte length part.
* Length is given in bits, so the
@ -711,9 +713,9 @@ limread_mpi(gsk_buffer **pbn, pgp_region_t *region, pgp_stream_t *stream)
#if defined(HAVE_OPENSSL)
*pbn = BN_bin2bn(buf, (int)length, NULL);
#elif defined(HAVE_GSKSSL)
(*pbn) = malloc(sizeof(gsk_buffer));
(*pbn) = malloc( sizeof(gsk_buffer) );
(*pbn)->length = length;
(*pbn)->data = malloc(length);
(*pbn)->data = malloc( length );
memcpy((*pbn)->data, buf, length);
#endif
return 1;
@ -2362,8 +2364,9 @@ parse_v4_sig(pgp_region_t *region, pgp_stream_t *stream)
#if defined(HAVE_OPENSSL)
BN_print_fp(stderr, pkt.u.sig.info.sig.rsa.sig);
#elif defined(HAVE_GSKSSL)
for(int i=0;i<pkt.u.sig.info.sig.rsa.sig->length;i++)
(void) fprintf(stderr, "%X", ((unsigned char*)pkt.u.sig.info.sig.rsa.sig->data)[i]);
for( int i = 0; i < pkt.u.sig.info.sig.rsa.sig->length; i++ ) {
(void) fprintf(stderr, "%02X", ((unsigned char*)pkt.u.sig.info.sig.rsa.sig->data)[i]);
}
#endif
(void) fprintf(stderr, "\n");
}


+ 6
- 8
src/reader.c View File

@ -131,6 +131,8 @@ __RCSID("$NetBSD$");
#include <limits.h>
#endif
#include <netpgp.h>
#include <netpgp/errors.h>
#include <netpgp/crypto.h>
#include <netpgp/create.h>
@ -144,6 +146,7 @@ __RCSID("$NetBSD$");
#include <netpgp/netpgpsdk.h>
#include <netpgp/netpgpdefs.h>
#include <netpgp/netpgpdigest.h>
#include <netpgp/validate.h>
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
@ -1578,8 +1581,7 @@ se_ip_data_reader(pgp_stream_t *stream, void *dest_,
}
/* read entire SE IP packet */
if (!pgp_stacked_limited_read(stream, buf, decrypted_region.length,
&decrypted_region, errors, readinfo, cbinfo)) {
if (!pgp_stacked_limited_read(stream, buf, decrypted_region.length, &decrypted_region, errors, readinfo, cbinfo)) {
free(buf);
return -1;
}
@ -1592,12 +1594,8 @@ se_ip_data_reader(pgp_stream_t *stream, void *dest_,
}
b = se_ip->decrypt->blocksize;
if (buf[b - 2] != buf[b] || buf[b - 1] != buf[b + 1]) {
fprintf(stderr,
"Bad symmetric decrypt (%02x%02x vs %02x%02x)\n",
buf[b - 2], buf[b - 1], buf[b], buf[b + 1]);
PGP_ERROR_1(errors, PGP_E_PROTO_BAD_SYMMETRIC_DECRYPT,
"%s", "Bad symmetric decrypt when parsing SE IP"
" packet");
fprintf(stderr, "Bad symmetric decrypt (%02x%02x vs %02x%02x)\n", buf[b - 2], buf[b - 1], buf[b], buf[b + 1]);
PGP_ERROR_1(errors, PGP_E_PROTO_BAD_SYMMETRIC_DECRYPT, "%s", "Bad symmetric decrypt when parsing SE IP packet");
free(buf);
return -1;
}


+ 0
- 12
src/signature.c View File

@ -144,18 +144,6 @@ static uint8_t prefix_sha512[] = {
0x00, 0x04, 0x40
};
#if defined(HAVE_GSKSSL)
static unsigned gsk_num_bits ( gsk_buffer *bn )
{
unsigned r = (bn->length-1)*8;
uint8_t x = ((uint8_t*)bn->data)[0];
do {
r++;
} while (x >>= 1);
return r;
}
#endif
/* XXX: both this and verify would be clearer if the signature were */
/* treated as an MPI. */
static int


+ 3
- 6
src/symmetric.c View File

@ -132,14 +132,11 @@ pgp_encrypt_se(pgp_crypt_t *encrypt, void *outvoid, const void *invoid,
*/
while (count-- > 0) {
if ((size_t) encrypt->num == encrypt->blocksize) {
(void) memcpy(encrypt->siv, encrypt->civ,
encrypt->blocksize);
encrypt->block_encrypt(encrypt, encrypt->civ,
encrypt->civ);
(void) memcpy(encrypt->siv, encrypt->civ, encrypt->blocksize);
encrypt->block_encrypt(encrypt, encrypt->civ, encrypt->civ);
encrypt->num = 0;
}
encrypt->civ[encrypt->num] = *out++ =
encrypt->civ[encrypt->num] ^ *in++;
encrypt->civ[encrypt->num] = *out++ = encrypt->civ[encrypt->num] ^ *in++;
++encrypt->num;
}


+ 90
- 65
src/symmetric_gskssl.c View File

@ -76,26 +76,28 @@ cryptoki_init( pgp_crypt_t *crypt )
CK_RV rv = CKR_OK;
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
CK_BBOOL true = TRUE, false = FALSE;
CK_ULONG len = crypt->keysize;
CK_ULONG tcount = 0;
CK_ATTRIBUTE template[] = {
{CKA_CLASS, &keyClass, sizeof(keyClass) },
{CKA_KEY_TYPE, &crypt->keyType, sizeof(crypt->keyType) },
{CKA_ENCRYPT, &true, sizeof(true) },
{CKA_VALUE, crypt->key, len }
{CKA_CLASS, &keyClass, sizeof(keyClass) },
{CKA_KEY_TYPE, &crypt->keyType, sizeof(crypt->keyType) },
{CKA_ENCRYPT, &true, sizeof(true) },
{CKA_VALUE, crypt->key, crypt->keysize }
};
tcount = sizeof(template)/sizeof(CK_ATTRIBUTE);
rv = getSession( &crypt->session );
if( rv != CKR_OK) {
fprintf(stderr, "getSession: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_CreateObject( crypt->session, template, sizeof(template)/sizeof(CK_ATTRIBUTE), &crypt->encrypt_key);
rv = funcs->C_CreateObject( crypt->session, template, tcount, &crypt->encrypt_key );
if( rv != CKR_OK) {
fprintf(stderr, "C_CreateObject: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_CreateObject( crypt->session, template, sizeof(template)/sizeof(CK_ATTRIBUTE), &crypt->decrypt_key);
rv = funcs->C_CreateObject( crypt->session, template, tcount, &crypt->decrypt_key );
if( rv != CKR_OK) {
fprintf(stderr, "C_CreateObject: rv = 0x%.8lX\n", rv);
}
@ -120,10 +122,6 @@ cryptoki_finish_int( pgp_crypt_t *crypt )
if( rv != CKR_OK) {
fprintf(stderr, "C_Finalize: rv = 0x%.8lX\n", rv);
}
//free( crypt->session );
//free( crypt->pKey );
//free( crypt->pMechanism );
}
static void
@ -131,7 +129,6 @@ cryptoki_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
CK_OBJECT_HANDLE key = crypt->encrypt_key;
cryptoki_init( crypt );
@ -150,22 +147,21 @@ cryptoki_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
}
static void
cryptoki_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
cfb64_encrypt_iv( pgp_crypt_t *crypt )
{
CK_ULONG len = crypt->blocksize;
CK_ULONG len;
CK_RV rv = CKR_OK;
CK_OBJECT_HANDLE key = crypt->encrypt_key;
cryptoki_init( crypt );
rv = funcs->C_EncryptInit( crypt->session, &crypt->mechanism, crypt->encrypt_key );
if( rv != CKR_OK) {
fprintf(stderr, "C_DecryptInit: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_EncryptInit: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Encrypt( crypt->session, (CK_BYTE_PTR)in, crypt->blocksize, out, &len );
rv = funcs->C_Encrypt( crypt->session, crypt->iv, PGP_MAX_BLOCK_SIZE, crypt->iv, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Decrypt: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
printf("%s:%d\n",__FILE__,__LINE__);
}
@ -173,57 +169,74 @@ cryptoki_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
}
static void
cryptoki_cfb_encrypt( pgp_crypt_t *crypt, void *out, const void *in, size_t count )
cryptoki_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
cryptoki_init( crypt );
rv = funcs->C_EncryptInit( crypt->session, &crypt->mechanism, crypt->encrypt_key );
rv = funcs->C_DecryptInit( crypt->session, &crypt->mechanism, crypt->decrypt_key );
if( rv != CKR_OK) {
fprintf(stderr, "C_EncryptInit: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_DecryptInit: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Encrypt( crypt->session, (CK_BYTE_PTR)in, crypt->blocksize, out, &len );
rv = funcs->C_Decrypt( crypt->session, (CK_BYTE_PTR)in, crypt->blocksize, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_Decrypt: rv = 0x%.8lX\n", rv);
printf("%s:%d\n",__FILE__,__LINE__);
}
cryptoki_finish_int( crypt );
}
static void
cryptoki_cfb_decrypt( pgp_crypt_t *crypt, void *out, const void *in, size_t count )
{
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
cryptoki_init( crypt );
/*
* The input and output encrypted as though 64bit cfb mode is being used.
* The extra state information to record how much of the 64bit block we have
* used is contained in *num;
*/
rv = funcs->C_EncryptInit( crypt->session, &crypt->mechanism, crypt->encrypt_key );
if( rv != CKR_OK) {
fprintf(stderr, "C_EncryptInit: rv = 0x%.8lX\n", rv);
void cryptoki_cfb64_encrypt( pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
uint8_t c;
register int i, n;
for ( i = 0, n = crypt->num; i < count; i++, n = ( n + 1 ) & 7 ) {
if( n == 0 ) {
cfb64_encrypt_iv( crypt );
}
c = (((uint8_t *)in)[i]) ^ (crypt->iv[n]);
((uint8_t *)out)[i] = c;
crypt->iv[n] = c;
}
rv = funcs->C_Encrypt( crypt->session, (CK_BYTE_PTR)in, crypt->blocksize, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Decrypt: rv = 0x%.8lX\n", rv);
printf("%s:%d\n",__FILE__,__LINE__);
crypt->num = n;
}
void cryptoki_cfb64_decrypt( pgp_crypt_t *crypt, void *out, const void *in, size_t count )
{
uint8_t c, cc;
register int i, n;
for ( i = 0, n = crypt->num; i < count; i++, n = ( n + 1 ) & 7 ) {
if( n == 0 ) {
cfb64_encrypt_iv( crypt );
}
c = crypt->iv[n];
cc = ((uint8_t *)in)[i];
crypt->iv[n] = cc;
((uint8_t *)out)[i] = c ^ cc;
}
cryptoki_finish_int( crypt );
crypt->num = n;
}
static int
cast5_init(pgp_crypt_t *crypt)
{
crypt->mechanism.mechanism = CKM_CAST5_ECB;
crypt->mechanism.pParameter = NULL;
crypt->mechanism.ulParameterLen = 0;
crypt->keyType = CKK_CAST5;
crypt->mechanism.pParameter = crypt->iv;
crypt->mechanism.ulParameterLen = crypt->blocksize;
crypt->keyType = CKK_CAST128;
return 1;
}
@ -238,8 +251,8 @@ static pgp_crypt_t cast5 =
std_resync,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_cfb64_encrypt,
cryptoki_cfb64_decrypt,
cryptoki_finish,
TRAILER
};
@ -265,8 +278,8 @@ static const pgp_crypt_t idea =
std_resync,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_cfb64_encrypt,
cryptoki_cfb64_decrypt,
cryptoki_finish,
TRAILER
};
@ -294,8 +307,8 @@ static const pgp_crypt_t aes128 =
std_resync,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_cfb64_encrypt,
cryptoki_cfb64_decrypt,
cryptoki_finish,
TRAILER
};
@ -305,7 +318,10 @@ static const pgp_crypt_t aes128 =
static int
aes256_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
crypt->mechanism.mechanism = CKM_AES_ECB;
crypt->mechanism.pParameter = NULL;
crypt->mechanism.ulParameterLen = 0;
crypt->keyType = CKK_AES;
return 1;
}
@ -320,8 +336,8 @@ static const pgp_crypt_t aes256 =
std_resync,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_cfb64_encrypt,
cryptoki_cfb64_decrypt,
cryptoki_finish,
TRAILER
};
@ -331,7 +347,10 @@ static const pgp_crypt_t aes256 =
static int
tripledes_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
crypt->mechanism.mechanism = CKM_DES3_ECB;
crypt->mechanism.pParameter = NULL;
crypt->mechanism.ulParameterLen = 0;
crypt->keyType = CKK_DES3;
return 1;
}
@ -346,8 +365,8 @@ static const pgp_crypt_t tripledes =
std_resync,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_cfb64_encrypt,
cryptoki_cfb64_decrypt,
cryptoki_finish,
TRAILER
};
@ -355,7 +374,10 @@ static const pgp_crypt_t tripledes =
static int
camellia128_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
crypt->mechanism.mechanism = CKM_CAMELLIA_ECB;
crypt->mechanism.pParameter = NULL;
crypt->mechanism.ulParameterLen = 0;
crypt->keyType = CKK_CAMELLIA;
return 1;
}
@ -370,8 +392,8 @@ static const pgp_crypt_t camellia128 =
std_resync,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_cfb64_encrypt,
cryptoki_cfb64_decrypt,
cryptoki_finish,
TRAILER
};
@ -381,7 +403,10 @@ static const pgp_crypt_t camellia128 =
static int
camellia256_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
crypt->mechanism.mechanism = CKM_CAMELLIA_ECB;
crypt->mechanism.pParameter = NULL;
crypt->mechanism.ulParameterLen = 0;
crypt->keyType = CKK_CAMELLIA;
return 1;
}
@ -396,8 +421,8 @@ static const pgp_crypt_t camellia256 =
std_resync,
cryptoki_block_encrypt,
cryptoki_block_decrypt,
cryptoki_cfb_encrypt,
cryptoki_cfb_decrypt,
cryptoki_cfb64_encrypt,
cryptoki_cfb64_decrypt,
cryptoki_finish,
TRAILER
};
@ -440,7 +465,7 @@ get_proto(pgp_symm_alg_t alg)
IBM z/OS is the worst platform for such stuff ever, half
the algorithms aren't implemented.
Here's a list of the few which are, in case you've got a crash
here and wanna have a look at the desert of the real worl yoursel:
here and wanna have a look at the desert of the real world yourself:
https://www.ibm.com/docs/en/zos/2.1.0?topic=api-key-types-mechanisms-supported
*/
unsigned
@ -450,10 +475,10 @@ pgp_is_sa_supported(pgp_symm_alg_t alg)
case PGP_SA_AES_128:
case PGP_SA_AES_256:
case PGP_SA_TRIPLEDES:
case PGP_SA_CAMELLIA_128:
case PGP_SA_CAMELLIA_256:
//case PGP_SA_IDEA:
//case PGP_SA_CAST5:
//case PGP_SA_CAMELLIA_128:
//case PGP_SA_CAMELLIA_256:
case PGP_SA_IDEA:
case PGP_SA_CAST5:
return 1;
default:


+ 8
- 24
src/symmetric_openssl.c View File

@ -298,17 +298,13 @@ aes_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
static void
aes_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
AES_cfb128_encrypt(in, out, (unsigned)count,
crypt->encrypt_key, crypt->iv, &crypt->num,
AES_ENCRYPT);
AES_cfb128_encrypt(in, out, (unsigned)count, crypt->encrypt_key, crypt->iv, &crypt->num, AES_ENCRYPT);
}
static void
aes_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
AES_cfb128_encrypt(in, out, (unsigned)count,
crypt->encrypt_key, crypt->iv, &crypt->num,
AES_DECRYPT);
AES_cfb128_encrypt(in, out, (unsigned)count, crypt->encrypt_key, crypt->iv, &crypt->num, AES_DECRYPT);
}
static const pgp_crypt_t aes128 =
@ -413,40 +409,28 @@ static void
tripledes_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
DES_key_schedule *keys = crypt->encrypt_key;
DES_ecb3_encrypt(__UNCONST(in), out, &keys[0], &keys[1], &keys[2],
DES_ENCRYPT);
DES_ecb3_encrypt(__UNCONST(in), out, &keys[0], &keys[1], &keys[2], DES_ENCRYPT);
}
static void
tripledes_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
DES_key_schedule *keys = crypt->encrypt_key;
DES_ecb3_encrypt(__UNCONST(in), out, &keys[0], &keys[1], &keys[2],
DES_DECRYPT);
DES_ecb3_encrypt(__UNCONST(in), out, &keys[0], &keys[1], &keys[2], DES_DECRYPT);
}
static void
tripledes_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in,
size_t count)
tripledes_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
DES_key_schedule *keys = crypt->encrypt_key;
DES_ede3_cfb64_encrypt(in, out, (long)count,
&keys[0], &keys[1], &keys[2], (DES_cblock *)(void *)crypt->iv,
&crypt->num, DES_ENCRYPT);
DES_ede3_cfb64_encrypt(in, out, (long)count, &keys[0], &keys[1], &keys[2], (DES_cblock *)(void *)crypt->iv, &crypt->num, DES_ENCRYPT);
}
static void
tripledes_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in,
size_t count)
tripledes_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
DES_key_schedule *keys = crypt->encrypt_key;
DES_ede3_cfb64_encrypt(in, out, (long)count,
&keys[0], &keys[1], &keys[2], (DES_cblock *)(void *)crypt->iv,
&crypt->num, DES_DECRYPT);
DES_ede3_cfb64_encrypt(in, out, (long)count, &keys[0], &keys[1], &keys[2], (DES_cblock *)(void *)crypt->iv, &crypt->num, DES_DECRYPT);
}
static const pgp_crypt_t tripledes =


+ 36
- 28
src/writer.c View File

@ -127,18 +127,6 @@ pgp_write_scalar(pgp_output_t *output, unsigned n, unsigned len)
return 1;
}
#if defined(HAVE_GSKSSL)
static unsigned gsk_num_bits ( gsk_buffer *bn )
{
unsigned r = (bn->length-1)*8;
uint8_t x = ((uint8_t*)bn->data)[0];
do {
r++;
} while (x >>= 1);
return r;
}
#endif
/**
* \ingroup Core_WritePackets
* \param bn
@ -153,6 +141,7 @@ pgp_write_mpi(pgp_output_t *output, gsk_buffer *bn)
#endif
{
unsigned bits;
int i,len;
uint8_t buf[NETPGP_BUFSIZ];
memset(buf, 0, NETPGP_BUFSIZ);
#if defined(HAVE_GSKSSL)
@ -167,7 +156,8 @@ pgp_write_mpi(pgp_output_t *output, gsk_buffer *bn)
#if defined(HAVE_OPENSSL)
BN_bn2bin(bn, buf);
#elif defined(HAVE_GSKSSL)
memcpy(buf, bn->data, (bits + 7) / 8);
len = (bits + 7) / 8;
memcpy(buf, bn->data, len);
#endif
return pgp_write_scalar(output, bits, 2) && pgp_write(output, buf, (bits + 7) / 8);
}
@ -937,17 +927,21 @@ typedef struct {
* encrypts it with the given key
* and outputs the resulting encrypted text
*/
static unsigned
encrypt_writer(const uint8_t *src,
unsigned len,
pgp_error_t **errors,
pgp_writer_t *writer)
{
#define BUFSZ 1024 /* arbitrary number */
uint8_t encbuf[BUFSZ];
unsigned remaining;
unsigned done = 0;
crypt_t *pgp_encrypt;
unsigned size = 0;
uint8_t *encbuf = NULL;
uint8_t *blkbuf = NULL;
unsigned remaining = 0;
unsigned done = 0;
crypt_t *pgp_encrypt = NULL;
size_t blocksize = 0;
remaining = len;
pgp_encrypt = (crypt_t *) pgp_writer_get_arg(writer);
@ -955,17 +949,28 @@ encrypt_writer(const uint8_t *src,
(void) fprintf(stderr, "encrypt_writer: not supported\n");
return 0;
}
while (remaining > 0) {
unsigned size = (remaining < BUFSZ) ? remaining : BUFSZ;
/* memcpy(buf,src,size); // \todo copy needed here? */
pgp_encrypt->crypt->cfb_encrypt(pgp_encrypt->crypt, encbuf, src + done, size);
blocksize = pgp_block_size ( pgp_encrypt->crypt->alg );
encbuf = malloc(blocksize);
blkbuf = malloc(blocksize);
memset(encbuf, 0, blocksize);
memset(blkbuf, 0, blocksize);
while ( remaining > 0 ) {
size = ( remaining < blocksize ) ? remaining : blocksize;
memset( encbuf, 0, blocksize );
memset( blkbuf, 0, blocksize );
memcpy( blkbuf, src + done, size );
pgp_encrypt->crypt->cfb_encrypt( pgp_encrypt->crypt, encbuf, blkbuf, size );
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "unencrypted", &src[done], 16);
hexdump(stderr, "encrypted", encbuf, 16);
hexdump(stderr, "blkbuf", blkbuf, blocksize );
hexdump(stderr, "unencrypted", &src[done], blocksize );
hexdump(stderr, "encrypted", encbuf, blocksize );
}
if (!stacked_write(writer, encbuf, size, errors)) {
if (!stacked_write( writer, encbuf, size, errors )) {
if (pgp_get_debug_level(__FILE__)) {
fprintf(stderr, "encrypted_writer: stacked write\n");
}
@ -1093,8 +1098,8 @@ pgp_push_enc_se_ip(pgp_output_t *output, const pgp_keyring_t *pubkeys, const cha
se_ip->raw = raw;
/* And push writer on stack */
pgp_writer_push(output, encrypt_se_ip_writer, NULL,
encrypt_se_ip_destroyer, se_ip);
pgp_writer_push(output, encrypt_se_ip_writer, NULL, encrypt_se_ip_destroyer, se_ip);
/* tidy up */
free(initial_sesskey);
free(iv);
@ -1181,13 +1186,15 @@ pgp_write_se_ip_pktset(pgp_output_t *output,
uint8_t *preamble;
const size_t mdcsize = 1 + 1 + PGP_SHA1_HASH_SIZE;
size_t preamblesize;
size_t bufsize;
size_t bufsize = 0;
preamblesize = crypted->blocksize + 2;
if ((preamble = calloc(1, preamblesize)) == NULL) {
(void) fprintf(stderr, "pgp_write_se_ip_pktset: bad alloc\n");
return 0;
}
bufsize = preamblesize + len + mdcsize;
if (!pgp_write_ptag(output, PGP_PTAG_CT_SE_IP_DATA) ||
@ -1196,6 +1203,7 @@ pgp_write_se_ip_pktset(pgp_output_t *output,
free(preamble);
return 0;
}
pgp_random(preamble, crypted->blocksize);
preamble[crypted->blocksize] = preamble[crypted->blocksize - 2];
preamble[crypted->blocksize + 1] = preamble[crypted->blocksize - 1];


Write Preview
Loading…
Cancel
Save