Browse Source

z/OS: Introducing missing cipher

master
David Lanzendörfer 2 weeks ago
parent
commit
951e476b33
5 changed files with 122 additions and 86 deletions
  1. +5
    -1
      include/netpgp/crypto.h
  2. +5
    -0
      include/netpgp/gskssl_glue.h
  3. +14
    -13
      src/gskssl_crypto.c
  4. +6
    -2
      src/main.c
  5. +92
    -70
      src/symmetric_gskssl.c

+ 5
- 1
include/netpgp/crypto.h View File

@ -114,7 +114,11 @@ struct pgp_crypt_t {
void *encrypt_key;
void *decrypt_key;
#elif defined(HAVE_GSKSSL)
CK_SESSION_HANDLE *session;
CK_SESSION_HANDLE session;
CK_MECHANISM mechanism;
CK_KEY_TYPE keyType;
CK_OBJECT_HANDLE encrypt_key;
CK_OBJECT_HANDLE decrypt_key;
#endif
};


+ 5
- 0
include/netpgp/gskssl_glue.h View File

@ -20,6 +20,11 @@
#define CAST_BLOCK 8
#define IDEA_BLOCK 8
#define IDEA_KEY_LENGTH 16
#define KEYBITS_AES128 128
#define KEYBITS_AES256 256
#define KEYBITS_CAMELLIA128 128
#define KEYBITS_CAMELLIA256 256
CK_FUNCTION_LIST *funcs;


+ 14
- 13
src/gskssl_crypto.c View File

@ -777,9 +777,10 @@ pgp_rsa_private_decrypt(uint8_t *out,
fprintf(stderr, "C_DecryptInit: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Decrypt(session,(CK_BYTE_PTR)in,length,out,&len);
rv = funcs->C_Decrypt(session, (CK_BYTE_PTR)in, length, out, &len);
if( rv != CKR_OK) {
fprintf(stderr, "C_Decrypt: rv = 0x%.8lX\n", rv);
printf("%s:%d\n",__FILE__,__LINE__);
}
rv = funcs->C_CloseSession( session );
@ -938,11 +939,11 @@ pgp_rsa_generate_keypair(pgp_key_t *keydata,
fprintf(stderr, "gsk_factor_private_key_rsa: rv = 0x%.8lX\n", rv);
}
seckey->pubkey.key.rsa.n=malloc(sizeof(gsk_buffer));
seckey->pubkey.key.rsa.e=malloc(sizeof(gsk_buffer));
seckey->pubkey.key.rsa.n = malloc(sizeof(gsk_buffer));
seckey->pubkey.key.rsa.e = malloc(sizeof(gsk_buffer));
gsk_copy_buffer(&_n,seckey->pubkey.key.rsa.n);
gsk_copy_buffer(&_e,seckey->pubkey.key.rsa.e);;
gsk_copy_buffer(&_n, seckey->pubkey.key.rsa.n);
gsk_copy_buffer(&_e, seckey->pubkey.key.rsa.e);;
/* seckey->s2k_usage = PGP_S2KU_ENCRYPTED_AND_HASHED; */
seckey->s2k_usage = PGP_S2KU_NONE;
@ -955,15 +956,15 @@ pgp_rsa_generate_keypair(pgp_key_t *keydata,
seckey->octetc = 0;
seckey->checksum = 0;
seckey->key.rsa.d=malloc(sizeof(gsk_buffer));
seckey->key.rsa.p=malloc(sizeof(gsk_buffer));
seckey->key.rsa.q=malloc(sizeof(gsk_buffer));
seckey->key.rsa.u=malloc(sizeof(gsk_buffer));
seckey->key.rsa.d = malloc(sizeof(gsk_buffer));
seckey->key.rsa.p = malloc(sizeof(gsk_buffer));
seckey->key.rsa.q = malloc(sizeof(gsk_buffer));
seckey->key.rsa.u = malloc(sizeof(gsk_buffer));
gsk_copy_buffer(&_d,seckey->key.rsa.d);
gsk_copy_buffer(&_p,seckey->key.rsa.p);
gsk_copy_buffer(&_q,seckey->key.rsa.q);
gsk_copy_buffer(&_u,seckey->key.rsa.u);
gsk_copy_buffer(&_d, seckey->key.rsa.d);
gsk_copy_buffer(&_p, seckey->key.rsa.p);
gsk_copy_buffer(&_q, seckey->key.rsa.q);
gsk_copy_buffer(&_u, seckey->key.rsa.u);
if (seckey->key.rsa.u->length == 0) {
(void) fprintf(stderr, "seckey->key.rsa.u is NULL\n");


+ 6
- 2
src/main.c View File

@ -462,7 +462,9 @@ decrypt_data(netpgp_t *netpgp, prog_t *p, uint8_t *in, size_t size, int verify)
&recipients_key_ids, &recipients_count
);
process_output(p, pgp_mem_data(mem), pgp_mem_len(mem));
if(pgp_mem_len(mem)) {
process_output(p, pgp_mem_data(mem), pgp_mem_len(mem));
}
return 1;
}
@ -551,7 +553,9 @@ encrypt_data(netpgp_t *netpgp, prog_t *p, char *in, size_t size, int sign)
mem = netpgp_encrypt_and_sign(netpgp, rcpts, seckey, in, size, sign, p->armour);
process_output(p, pgp_mem_data(mem), pgp_mem_len(mem));
if(pgp_mem_len(mem)) {
process_output(p, pgp_mem_data(mem), pgp_mem_len(mem));
}
return 1;
}


+ 92
- 70
src/symmetric_gskssl.c View File

@ -71,129 +71,162 @@ __RCSID("$NetBSD$");
#define TRAILER "","","","",0,NULL,NULL
static void
cryptoki_init(pgp_crypt_t *crypt, CK_KEY_TYPE keyType, CK_MECHANISM *mechanism )
cryptoki_init( pgp_crypt_t *crypt )
{
CK_RV rv = CKR_OK;
CK_OBJECT_HANDLE key;
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
CK_BBOOL true = TRUE, false = FALSE;
CK_UTF8CHAR label[] = "test";
CK_ULONG len = crypt->keysize;
CK_ATTRIBUTE template[] = {
{CKA_CLASS, &keyClass, sizeof(keyClass) },
{CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{CKA_LABEL, label, sizeof(label) },
{CKA_ENCRYPT, &true, sizeof(true) },
{CKA_VALUE, crypt->key, len }
{CKA_CLASS, &keyClass, sizeof(keyClass) },
{CKA_KEY_TYPE, &crypt->keyType, sizeof(crypt->keyType) },
{CKA_ENCRYPT, &true, sizeof(true) },
{CKA_VALUE, crypt->key, len }
};
crypt->session = malloc(sizeof(CK_SESSION_HANDLE));
memset(crypt->session, 0, sizeof(CK_SESSION_HANDLE));
rv = getSession( crypt->session );
rv = getSession( &crypt->session );
if( rv != CKR_OK) {
fprintf(stderr, "getSession: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_CreateObject( *crypt->session, template, sizeof(template)/sizeof(CK_ATTRIBUTE), &key);
rv = funcs->C_CreateObject( crypt->session, template, sizeof(template)/sizeof(CK_ATTRIBUTE), &crypt->encrypt_key);
if( rv != CKR_OK) {
fprintf(stderr, "C_CreateObject: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_EncryptInit( *crypt->session, mechanism, key);
rv = funcs->C_CreateObject( crypt->session, template, sizeof(template)/sizeof(CK_ATTRIBUTE), &crypt->decrypt_key);
if( rv != CKR_OK) {
fprintf(stderr, "C_EncryptInit: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_CreateObject: rv = 0x%.8lX\n", rv);
}
}
static void
cryptoki_finish( pgp_crypt_t *crypt )
{
}
static void
cryptoki_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
cryptoki_finish_int( pgp_crypt_t *crypt )
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
rv = funcs->C_EncryptUpdate( *crypt->session, in, crypt->blocksize, out, &len );
rv = funcs->C_CloseSession( crypt->session );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_CloseSession: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Finalize( NULL );
if( rv != CKR_OK) {
fprintf(stderr, "C_Finalize: rv = 0x%.8lX\n", rv);
}
//free( crypt->session );
//free( crypt->pKey );
//free( crypt->pMechanism );
}
static void
cryptoki_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
cryptoki_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
rv = funcs->C_EncryptUpdate( *crypt->session, in, crypt->blocksize, out, &len );
CK_OBJECT_HANDLE key = crypt->encrypt_key;
cryptoki_init( crypt );
rv = funcs->C_EncryptInit( crypt->session, &crypt->mechanism, crypt->encrypt_key );
if( rv != CKR_OK) {
fprintf(stderr, "C_EncryptUpdate: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_EncryptInit: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Encrypt( crypt->session, (CK_BYTE_PTR)in, crypt->blocksize, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
printf("%s:%d\n",__FILE__,__LINE__);
}
cryptoki_finish_int( crypt );
}
static void
cryptoki_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
cryptoki_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
rv = funcs->C_EncryptUpdate( *crypt->session, in, crypt->blocksize, out, &len );
CK_OBJECT_HANDLE key = crypt->encrypt_key;
cryptoki_init( crypt );
rv = funcs->C_EncryptInit( crypt->session, &crypt->mechanism, crypt->encrypt_key );
if( rv != CKR_OK) {
fprintf(stderr, "C_EncryptUpdate: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_DecryptInit: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Encrypt( crypt->session, (CK_BYTE_PTR)in, crypt->blocksize, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Decrypt: rv = 0x%.8lX\n", rv);
printf("%s:%d\n",__FILE__,__LINE__);
}
cryptoki_finish_int( crypt );
}
static void
cryptoki_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
cryptoki_cfb_encrypt( pgp_crypt_t *crypt, void *out, const void *in, size_t count )
{
printf("%s:%d\n",__FILE__,__LINE__);
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
rv = funcs->C_EncryptUpdate( *crypt->session, in, crypt->blocksize, out, &len );
cryptoki_init( crypt );
rv = funcs->C_EncryptInit( crypt->session, &crypt->mechanism, crypt->encrypt_key );
if( rv != CKR_OK) {
fprintf(stderr, "C_EncryptUpdate: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_EncryptInit: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Encrypt( crypt->session, (CK_BYTE_PTR)in, crypt->blocksize, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
printf("%s:%d\n",__FILE__,__LINE__);
}
cryptoki_finish_int( crypt );
}
static void
cryptoki_finish(pgp_crypt_t *crypt)
cryptoki_cfb_decrypt( pgp_crypt_t *crypt, void *out, const void *in, size_t count )
{
CK_ULONG len = crypt->blocksize;
CK_RV rv = CKR_OK;
CK_BYTE lastEncryptedPart;
CK_ULONG lastEncryptedPartLen;
rv = funcs->C_EncryptFinal( *crypt->session, &lastEncryptedPart, &lastEncryptedPartLen );
if( rv != CKR_OK) {
fprintf(stderr, "C_EncryptFinal: rv = 0x%.8lX\n", rv);
}
cryptoki_init( crypt );
rv = funcs->C_CloseSession( *crypt->session );
rv = funcs->C_EncryptInit( crypt->session, &crypt->mechanism, crypt->encrypt_key );
if( rv != CKR_OK) {
fprintf(stderr, "C_CloseSession: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_EncryptInit: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Finalize( NULL );
rv = funcs->C_Encrypt( crypt->session, (CK_BYTE_PTR)in, crypt->blocksize, out, &len );
if( rv != CKR_OK) {
fprintf(stderr, "C_Finalize: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_Decrypt: rv = 0x%.8lX\n", rv);
printf("%s:%d\n",__FILE__,__LINE__);
}
free( crypt->session );
cryptoki_finish_int( crypt );
}
static int
cast5_init(pgp_crypt_t *crypt)
{
CK_MECHANISM mechanism = {
CKM_CAST5_ECB,
NULL,
0
};
cryptoki_init( crypt, CKK_CAST5, &mechanism );
crypt->mechanism.mechanism = CKM_CAST5_ECB;
crypt->mechanism.pParameter = NULL;
crypt->mechanism.ulParameterLen = 0;
crypt->keyType = CKK_CAST5;
return 1;
}
static pgp_crypt_t cast5 =
{
PGP_SA_CAST5,
@ -214,12 +247,10 @@ static pgp_crypt_t cast5 =
static int
idea_init(pgp_crypt_t *crypt)
{
CK_MECHANISM mechanism = {
CKM_IDEA_ECB,
NULL,
0
};
cryptoki_init( crypt, CKK_IDEA, &mechanism );
crypt->mechanism.mechanism = CKM_IDEA_ECB;
crypt->mechanism.pParameter = NULL;
crypt->mechanism.ulParameterLen = 0;
crypt->keyType = CKK_IDEA;
return 1;
}
@ -242,14 +273,13 @@ static const pgp_crypt_t idea =
/* AES with 128-bit key (AES) */
#define KEYBITS_AES128 128
static int
aes128_init(pgp_crypt_t *crypt)
{
CK_BYTE_PTR pData;
CK_MECHANISM mechanism = { CKM_AES_ECB, 0, 0 };
cryptoki_init( crypt, CKK_AES, &mechanism );
crypt->mechanism.mechanism = CKM_AES_ECB;
crypt->mechanism.pParameter = NULL;
crypt->mechanism.ulParameterLen = 0;
crypt->keyType = CKK_AES;
return 1;
}
@ -272,8 +302,6 @@ static const pgp_crypt_t aes128 =
/* AES with 256-bit key */
#define KEYBITS_AES256 256
static int
aes256_init(pgp_crypt_t *crypt)
{
@ -324,8 +352,6 @@ static const pgp_crypt_t tripledes =
TRAILER
};
#define KEYBITS_CAMELLIA128 128
static int
camellia128_init(pgp_crypt_t *crypt)
{
@ -352,8 +378,6 @@ static const pgp_crypt_t camellia128 =
/* Camellia with 256-bit key (CAMELLIA) */
#define KEYBITS_CAMELLIA256 256
static int
camellia256_init(pgp_crypt_t *crypt)
{
@ -422,7 +446,6 @@ https://www.ibm.com/docs/en/zos/2.1.0?topic=api-key-types-mechanisms-supported
unsigned
pgp_is_sa_supported(pgp_symm_alg_t alg)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
switch (alg) {
case PGP_SA_AES_128:
case PGP_SA_AES_256:
@ -440,5 +463,4 @@ pgp_is_sa_supported(pgp_symm_alg_t alg)
}
}
#endif

Loading…
Cancel
Save