CVS commit: othersrc/crypto/external/bsd/ssss/ssss

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Sat Mar 10 21:18:04 UTC 2012

Modified Files:
othersrc/crypto/external/bsd//: Makefile

Log Message:
don't link with libthreshold any more

run simple tests in place without requiring lib installation


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 othersrc/crypto/external/bsd///Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd///Makefile
diff -u othersrc/crypto/external/bsd///Makefile:1.1.1.1 othersrc/crypto/external/bsd///Makefile:1.2
--- othersrc/crypto/external/bsd///Makefile:1.1.1.1	Mon Mar 21 05:43:37 2011
+++ othersrc/crypto/external/bsd///Makefile	Sat Mar 10 21:18:03 2012
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.1.1.1 2011/03/21 05:43:37 agc Exp $
+# $NetBSD: Makefile,v 1.2 2012/03/10 21:18:03 agc Exp $
 
 .include 
 
@@ -7,9 +7,6 @@ CPPFLAGS+=		-I${EXTDIST}/include
 LIBDIR!=	cd ${.CURDIR}/../lib && ${PRINTOBJDIR}
 LDADD+=		-L${LIBDIR} -l
 DPADD+=		${LIBDIR}/lib.a
-LIBTHRESHDIR!=	cd ${.CURDIR}/../../../../../external/bsd/threshold/libthreshold && ${PRINTOBJDIR}
-LDADD+=		-L${LIBTHRESHDIR} -lthreshold
-DPADD+=		${LIBTHRESHDIR}/libthreshold.a
 
 USE_FORT?= yes
 
@@ -27,16 +24,16 @@ EXTDIST=${.CURDIR}/../dist
 
 t test tst: $(PROG)
 	cp /etc/group secretfile
-	./${PROG} -t 3/10 secretfile
+	env LD_LIBRARY_PATH=${LIBDIR} ./${PROG} -t 3/10 secretfile
 	ls -al secretfile.0*
-	./${PROG} -j -o secretfile.recons secretfile.004 secretfile.002 secretfile.003  
+	env LD_LIBRARY_PATH=${LIBDIR} ./${PROG} -j -o secretfile.recons secretfile.004 secretfile.002 secretfile.003  
 	diff secretfile secretfile.recons
-	./${PROG} -t 2/10 < secretfile
-	ls -al threshold.0*
-	./${PROG} -j -o secretfile.mem threshold.002 threshold.003  
+	env LD_LIBRARY_PATH=${LIBDIR} ./${PROG} -t 2/10 < secretfile
+	ls -al .0*
+	env LD_LIBRARY_PATH=${LIBDIR} ./${PROG} -j -o secretfile.mem .002 .003  
 	-diff secretfile secretfile.mem
-	rm threshold.*
-	./${PROG} -t 5/10 -i
-	ls -al threshold.0*
-	./${PROG} -j threshold.004 threshold.002 threshold.003 threshold.005 threshold.007
-	rm -f secretfile.recons secretfile.0* secretfile secretfile.mem threshold.*
+	rm .*
+	env LD_LIBRARY_PATH=${LIBDIR} ./${PROG} -t 5/10 -i
+	ls -al .0*
+	env LD_LIBRARY_PATH=${LIBDIR} ./${PROG} -j .004 .002 .003 .005 .007
+	rm -f secretfile.recons secretfile.0* secretfile secretfile.mem .*

CVS commit: othersrc/crypto/external/bsd/ssss/dist/src/libssss

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Sat Mar 10 21:15:27 UTC 2012

Modified Files:
othersrc/crypto/external/bsd//dist/src/lib: secsplit.c

Log Message:
restore correct operation for odd-sized files


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 \
othersrc/crypto/external/bsd//dist/src/lib/secsplit.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c
diff -u othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.8 othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.9
--- othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.8	Fri Mar  9 06:37:23 2012
+++ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c	Sat Mar 10 21:15:27 2012
@@ -15,26 +15,74 @@
  * pieces give NO information about the original file (except its
  * length).
  *
+ * It has been written for and tested on DOS and Unix systems.
+ *
+ * To split up a file, use the command; secsplit n k file where n is
+ * the number of pieces to split it up to, and k is the number of
+ * pieces needed to reconstruct it. k should be <= n and > 1.  If you
+ * get n and k backwards the program will swap them for you so don't
+ * worry too much about remembering the order.
+ *
+ * The program will output to file.001, file.002,  If the file has
+ * an extension (e.g. "file.c") the extension will be stripped off
+ * before the ".001", etc., are added (so "file.c" will also output to
+ * "file.001", etc.).
+ *
+ * To reconstruct a file, use the command:
+ *secsplit k file.*
+ * or
+ *secsplit k file file1 file2...
+ *
  * k should be >= the k used when the file was split; the minimum
  * number of pieces needed to reconstruct the file.  If you have too
  * few pieces then the program won't give an error, but you'll get the
  * wrong answer.
  *
+ * The first command form is for DOS or other systems which won't
+ * expand the ".*" for you; the program scans for file.000, file.001,
+ * etc., and uses the first k of them that it finds.  In the second
+ * form, the number of files given should be at least k, and again the
+ * first k of them will be used.
+ *
+ * The output in the first form will be file.out; in the second form
+ * it will be the first file on the command line, stripped of its
+ * extension, and with ".out" added, so generally it will be file.out
+ * too.
+ *
  * Shamir's algorithm relies on cryptographically strong, unguessable,
  * random numbers.  This version of the program uses the arc4random(3)
  * interface.
  *
- * The files consist of a series of 16-bit values (high byte first),
- * which are the result of applying Shamir's splitting algorithm to
- * the input file taken in 16-bit chunks.  The prime used is slightly
- * less than 2^16.
+ * Revision history:
+ *Version 1.0	October 23, 1993
+ *
+ *Version 1.1	October 24, 1993
+ *   Added IDEA-based random-number-generator, initialized by MD5
+ *   of input file, plus the time of day.
+ *
+ *Version 1.2	March 31, 2000 Damien Miller 
+ *   Removed IDEA-based random-number generator in favour of 
+ *   /dev/random. Removed MSDOSisms. Rearranged source code and 
+ *   formatting according to OpenBSD style(9)
+ *
+ *
+ * The file formats used for output are as follows.  Each file starts
+ * with one byte which is the index, from 1 through n, of that file.
+ * This is the x value used for the polynomial evaluation in Shamir's
+ * algorithm.  The files then consist of a series of 16-bit values
+ * (high byte first), which are the result of applying Shamir's
+ * splitting algorithm to the input file taken in 16-bit chunks.  The
+ * prime used is slightly less than 2^16, meaning that input data
+ * values close to 2^16 get turned into a pair of values (see below
+ * for more information on this expansion).
  *
  * If the input file is of even length, the output files will each by
  * of that length+1 (because of the 1 byte at the beginning).  If the
  * input file is of odd length, the input is padded with a random byte
  * and processed normally to get a pair of output bytes, then each
  * output file is padded with an extra random byte to indicate this
- * fact.  So all output files should have an even number of bytes.
+ * fact.  So output files which have an odd length correspond to input
+ * files with an even length, and vice versa.
  *
  * The output files could have encoded k and n information, but this
  * could be helpful to an attacker (he would know when he was close to
@@ -44,12 +92,34 @@
  * The file formats are system-independent so files split on one kind
  * of machine should be able to be reassembled on another kind of
  * machine.
- */
-/*
- * This source code has been cruelly munged around, and very little
- * (if any) is left of the original sources.  I have left the original
- * leading co

CVS commit: othersrc/crypto/external/bsd/ssss/dist/src/libssss

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Fri Mar  9 06:37:23 UTC 2012

Modified Files:
othersrc/crypto/external/bsd//dist/src/lib: secsplit.c

Log Message:
+ don't allocate space if we're passed an in-memory array as either
a source or a destination of split/combine

+ fix up the split_vec/combine_vec combinatino so that they both
work a bit better now - still some work needed here, though

+ free the internal s4 structure as part of the combine/combine_vec
operation, rather than doing it in _end(). We know at that stage
that we have allocated it, and the principle of freeing memory in
the same place in the calling stack as it was allocated still applies

+ rip out parts of the initial comment which aren't really accurate
any more - i'm not sure there's that much of the original code left


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 \
othersrc/crypto/external/bsd//dist/src/lib/secsplit.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c
diff -u othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.7 othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.8
--- othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.7	Thu Mar  8 02:44:06 2012
+++ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c	Fri Mar  9 06:37:23 2012
@@ -15,74 +15,26 @@
  * pieces give NO information about the original file (except its
  * length).
  *
- * It has been written for and tested on DOS and Unix systems.
- *
- * To split up a file, use the command; secsplit n k file where n is
- * the number of pieces to split it up to, and k is the number of
- * pieces needed to reconstruct it. k should be <= n and > 1.  If you
- * get n and k backwards the program will swap them for you so don't
- * worry too much about remembering the order.
- *
- * The program will output to file.001, file.002,  If the file has
- * an extension (e.g. "file.c") the extension will be stripped off
- * before the ".001", etc., are added (so "file.c" will also output to
- * "file.001", etc.).
- *
- * To reconstruct a file, use the command:
- *secsplit k file.*
- * or
- *secsplit k file file1 file2...
- *
  * k should be >= the k used when the file was split; the minimum
  * number of pieces needed to reconstruct the file.  If you have too
  * few pieces then the program won't give an error, but you'll get the
  * wrong answer.
  *
- * The first command form is for DOS or other systems which won't
- * expand the ".*" for you; the program scans for file.000, file.001,
- * etc., and uses the first k of them that it finds.  In the second
- * form, the number of files given should be at least k, and again the
- * first k of them will be used.
- *
- * The output in the first form will be file.out; in the second form
- * it will be the first file on the command line, stripped of its
- * extension, and with ".out" added, so generally it will be file.out
- * too.
- *
  * Shamir's algorithm relies on cryptographically strong, unguessable,
  * random numbers.  This version of the program uses the arc4random(3)
  * interface.
  *
- * Revision history:
- *Version 1.0	October 23, 1993
- *
- *Version 1.1	October 24, 1993
- *   Added IDEA-based random-number-generator, initialized by MD5
- *   of input file, plus the time of day.
- *
- *Version 1.2	March 31, 2000 Damien Miller 
- *   Removed IDEA-based random-number generator in favour of 
- *   /dev/random. Removed MSDOSisms. Rearranged source code and 
- *   formatting according to OpenBSD style(9)
- *
- *
- * The file formats used for output are as follows.  Each file starts
- * with one byte which is the index, from 1 through n, of that file.
- * This is the x value used for the polynomial evaluation in Shamir's
- * algorithm.  The files then consist of a series of 16-bit values
- * (high byte first), which are the result of applying Shamir's
- * splitting algorithm to the input file taken in 16-bit chunks.  The
- * prime used is slightly less than 2^16, meaning that input data
- * values close to 2^16 get turned into a pair of values (see below
- * for more information on this expansion).
+ * The files consist of a series of 16-bit values (high byte first),
+ * which are the result of applying Shamir's splitting algorithm to
+ * the input file taken in 16-bit chunks.  The prime used is slightly
+ * less than 2^16.
  *
  * If the input file is of even length, the output files will each by
  * of that length+1 (because of the 1 byte at the beginning).  If the
  * input file is of odd length, the input is padded with a random byte
  * and processed normally to get a pair of output bytes, then each
  * output file is padded with an extra random byte to indicate this
- * fact.  So output files which have an odd length correspond to 

CVS commit: othersrc/crypto/external/bsd/ssss/dist

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Thu Mar  8 02:44:06 UTC 2012

Modified Files:
othersrc/crypto/external/bsd//dist/include: .h
othersrc/crypto/external/bsd//dist/src/lib: lib.3
secsplit.c

Log Message:
Update the  code:

+ add the ability to encode split shares as 16bit or 24-bit values,
which greatly simplifies input and output, and allows constant-sized
output for given inputs.  This also gives us the ability to use larger
primes, although space is wasted with these, and it's not immediately
obvious what advantage would accrue.  But it's there, just in case.

+ we advertise being able to do 255 (_MAX_SHARES) shares - so
complete the inverse table for GF(16) arithmetic modulo P for 256
values

+ use _MAX_SHARES (255) internally, rather than the previous
internal (and much smaller) limits

+ simplify the I/O in this library - it was a remnant from 1993

+ remove private structs and definitions from the header file - they're
not part of the public interface, and shouldn't be exposed

+ add _split_vec() and _combine_vec() which give input and
oputput to split and combine via struct iovec

+ update the manual page


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
othersrc/crypto/external/bsd//dist/include/.h
cvs rdiff -u -r1.2 -r1.3 \
othersrc/crypto/external/bsd//dist/src/lib/lib.3
cvs rdiff -u -r1.6 -r1.7 \
othersrc/crypto/external/bsd//dist/src/lib/secsplit.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd//dist/include/.h
diff -u othersrc/crypto/external/bsd//dist/include/.h:1.2 othersrc/crypto/external/bsd//dist/include/.h:1.3
--- othersrc/crypto/external/bsd//dist/include/.h:1.2	Tue Feb 21 05:25:42 2012
+++ othersrc/crypto/external/bsd//dist/include/.h	Thu Mar  8 02:44:05 2012
@@ -26,6 +26,7 @@
 #define _H_	20120220
 
 #include 
+#include 
 
 #include 
 #include 
@@ -45,20 +46,10 @@ __BEGIN_DECLS
 enum {
 	_MAX_SHARES		= 256,
 
-	_MAGIC_LENGTH	= 4,
-
 	_SPLIT_SOURCE	= _MAX_SHARES,
 	_JOIN_DEST		= _MAX_SHARES
 };
 
-/* threshold header written to output file when splitting */
-typedef struct s4_head_t {
-	char		magic[_MAGIC_LENGTH];	/* magic string */
-	uint8_t		coeff;		/* coefficient of this share */
-	uint8_t		pad[3];		/* padding character */
-	uint64_t	size;		/* size of original file */
-} s4_head_t;
-
 /* io vector - look familiar? */
 typedef struct _iovec_t {
 	size_t		 size;		/* size of vector */
@@ -84,24 +75,23 @@ typedef struct _t {
 } _t;
 
 /* initialisation function */
-int _init(_t *, unsigned, unsigned);
+int _init(_t */**/, unsigned, unsigned);
 
 /* split functions */
-int _split(_t *);
+int _split(_t */**/);
+int _split_vec(_t */**/, const char */*buf*/, size_t /*size*/, struct iovec */*iov*/, int /*iovc*/);
 
 /* reconstruction functions */
-int _combine(_t *);
-
-/* join function */
-int _join(_t *);
+int _combine(_t */**/);
+int _combine_vec(_t */**/, struct iovec */*iov*/, int /*iovc*/, char */*buf*/, size_t /*size*/);
 
 /* functions to retrieve a share or the result of a join */
-int _add_share(_t *, unsigned, const void *, ssize_t);
-int _get_share(_t *, unsigned, void **, size_t *);
-int _write_share(_t *, unsigned, const char *);
+int _add_share(_t */**/, unsigned, const void *, ssize_t);
+int _get_share(_t */**/, unsigned, void **, size_t *);
+int _write_share(_t */**/, unsigned, const char *);
 
 /* finalisation function */
-int _end(_t *);
+int _end(_t */**/);
 
 __END_DECLS
 

Index: othersrc/crypto/external/bsd//dist/src/lib/lib.3
diff -u othersrc/crypto/external/bsd//dist/src/lib/lib.3:1.2 othersrc/crypto/external/bsd//dist/src/lib/lib.3:1.3
--- othersrc/crypto/external/bsd//dist/src/lib/lib.3:1.2	Mon Mar 21 14:44:47 2011
+++ othersrc/crypto/external/bsd//dist/src/lib/lib.3	Thu Mar  8 02:44:06 2012
@@ -1,6 +1,6 @@
-.\" $NetBSD: lib.3,v 1.2 2011/03/21 14:44:47 wiz Exp $
+.\" $NetBSD: lib.3,v 1.3 2012/03/08 02:44:06 agc Exp $
 .\"
-.\" Copyright (c) 2010,2011 Alistair Crooks 
+.\" Copyright (c) 2010-2012 Alistair Crooks 
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"/
-.Dd April 13, 2010
+.Dd March 7, 2012
 .Dt LIB 3
 .Os
 .Sh NAME
@@ -37,48 +37,42 @@
 The following functions split the input into shared parts:
 .Ft int
 .Fo _init
-.Fa "threshold_t *thresh" "c

CVS commit: othersrc/crypto/external/bsd/ssss

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Tue Feb 21 05:25:42 UTC 2012

Modified Files:
othersrc/crypto/external/bsd//dist/include: .h
othersrc/crypto/external/bsd//dist/src/lib: secsplit.c
othersrc/crypto/external/bsd//dist/src/: main.c
othersrc/crypto/external/bsd//lib: Makefile
Removed Files:
othersrc/crypto/external/bsd//dist/src/lib: internal.h
threshold.c

Log Message:
Numerous changes to (1) and lib(3):

+ don't use the threshold headers any more - just use our own
header

+ "" is the only algorithm supported by (1)

+ add back (seamless) file I/O functionality, in the case that a
memory mapping, or subsequent memory allocation, fails

+ don't store information in the  share header which could be used
as part of an attack (specifically the threshold and total number of
shares).

+ size the extra memory required on a much better estimate of the size
needed, rather than a constant size

+ get rid of unneeded files, now that everything has been cleaned up


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 \
othersrc/crypto/external/bsd//dist/include/.h
cvs rdiff -u -r1.1.1.1 -r0 \
othersrc/crypto/external/bsd//dist/src/lib/internal.h
cvs rdiff -u -r1.5 -r1.6 \
othersrc/crypto/external/bsd//dist/src/lib/secsplit.c
cvs rdiff -u -r1.3 -r0 \
othersrc/crypto/external/bsd//dist/src/lib/threshold.c
cvs rdiff -u -r1.2 -r1.3 \
othersrc/crypto/external/bsd//dist/src//main.c
cvs rdiff -u -r1.1.1.1 -r1.2 \
othersrc/crypto/external/bsd//lib/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd//dist/include/.h
diff -u othersrc/crypto/external/bsd//dist/include/.h:1.1.1.1 othersrc/crypto/external/bsd//dist/include/.h:1.2
--- othersrc/crypto/external/bsd//dist/include/.h:1.1.1.1	Mon Mar 21 05:43:35 2011
+++ othersrc/crypto/external/bsd//dist/include/.h	Tue Feb 21 05:25:42 2012
@@ -23,12 +23,12 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #ifndef _H_
-#define _H_	20110320
+#define _H_	20120220
 
 #include 
 
 #include 
-#include 
+#include 
 
 #ifndef __BEGIN_DECLS
 #  if defined(__cplusplus)
@@ -42,30 +42,66 @@
 
 __BEGIN_DECLS
 
+enum {
+	_MAX_SHARES		= 256,
+
+	_MAGIC_LENGTH	= 4,
+
+	_SPLIT_SOURCE	= _MAX_SHARES,
+	_JOIN_DEST		= _MAX_SHARES
+};
+
+/* threshold header written to output file when splitting */
+typedef struct s4_head_t {
+	char		magic[_MAGIC_LENGTH];	/* magic string */
+	uint8_t		coeff;		/* coefficient of this share */
+	uint8_t		pad[3];		/* padding character */
+	uint64_t	size;		/* size of original file */
+} s4_head_t;
+
+/* io vector - look familiar? */
+typedef struct _iovec_t {
+	size_t		 size;		/* size of vector */
+	uint8_t		*base;		/* its base */
+} _iovec_t;
+
+/* a threshold string */
+typedef struct _str_t {
+	unsigned	 iotype;	/* type of input mechanism */
+	size_t		 c;		/* # of chars */
+	_iovec_t	 io;		/* iovec */
+	FILE		*fp;		/* file descriptor */
+} _str_t;
+
+/* structure to hold threshold information */
+typedef struct _t {
+	void		*handle;	/* implementation internals */
+	unsigned	 sharesc;	/* total # of shares */
+	unsigned	 threshold;	/* # of shares in quorum */
+	unsigned	 strsize;	/* size of share */
+	unsigned	 availc;	/* # of shares we have added */
+	_str_t	 shares[_MAX_SHARES + 1];	/* the shares themselves */
+} _t;
+
 /* initialisation function */
-int _init(threshold_t *, const char *, unsigned, unsigned);
+int _init(_t *, unsigned, unsigned);
 
 /* split functions */
-int _split(threshold_t *);
+int _split(_t *);
 
 /* reconstruction functions */
-int _combine(threshold_t *);
+int _combine(_t *);
 
 /* join function */
-int _join(threshold_t *);
+int _join(_t *);
 
 /* functions to retrieve a share or the result of a join */
-int _add_share(threshold_t *, unsigned, const void *, ssize_t);
-int _get_share(threshold_t *, unsigned, void **, size_t *);
-int _write_share(threshold_t *, unsigned, const char *);
-
-/* header functions */
-int _sane_header(thresh_head_t *, thresh_head_t *);
-int _get_header(thresh_head_t *, const uint8_t *);
-int _fmt_header(thresh_head_t *, const char *, unsigned, unsigned, uint64_t);
+int _add_share(_t *, unsigned, const void *, ssize_t);
+int _get_share(_t *, unsigned, void **, size_t *);
+int _write_share(_t *, unsigned, const char *);
 
 /* finalisation function */
-int _end(threshold_t *);
+int _end(_t *);
 
 __END_DECLS
 

Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c
diff -u othersrc/crypto/external/bsd//dist/src/lib/secsp

CVS commit: othersrc/crypto/external/bsd/ssss/dist/src/libssss

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Mon Feb 20 06:54:01 UTC 2012

Modified Files:
othersrc/crypto/external/bsd//dist/src/lib: secsplit.c

Log Message:
minor cosmetic changes to make this more readable - no functional change


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 \
othersrc/crypto/external/bsd//dist/src/lib/secsplit.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c
diff -u othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.4 othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.5
--- othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.4	Sat Feb 18 02:17:42 2012
+++ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c	Mon Feb 20 06:54:01 2012
@@ -365,9 +365,7 @@ interpolate(int *x, uint32_t *y, unsigne
 	unsigned	i;
 	unsigned	j;
 
-	for (i = 0; i < n; i++) {
-		alpha[i] = y[i];
-	}
+	(void) memcpy(alpha, y, n * sizeof(alpha[0]));
 	for (i = 1; i < n; i++) {
 		for (j = n - 1; j >= i; j--) {
 			if (alpha[j] > alpha[j - 1]) {
@@ -381,11 +379,7 @@ interpolate(int *x, uint32_t *y, unsigne
 	}
 	product = alpha[n - 1];
 	for (i = n - 2; (int)i >= 0; i--) {
-		if (x[i] > 0) {
-			product *= 0 - x[i] + LARGEST_PRIME;
-		} else {
-			product *= 0 - x[i];
-		}
+		product *= -x[i] + ((x[i] > 0) ? LARGEST_PRIME : 0);
 		product += alpha[i];
 		product %= LARGEST_PRIME;
 	}
@@ -447,7 +441,7 @@ get_assemble(s4_t *s4, unsigned nin, thr
 }
 
 /*
- * Given a set of nin file descriptors, assemble them to generate the
+ * Given a set of nin input descriptors, assemble them to generate the
  * original file.  This is the main routine for the assembly case.
  */
 static int

CVS commit: othersrc/crypto/external/bsd/ssss/dist/src

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Sat Feb 18 02:17:42 UTC 2012

Modified Files:
othersrc/crypto/external/bsd//dist/src/lib: secsplit.c
threshold.c
othersrc/crypto/external/bsd//dist/src/: main.c

Log Message:
Various fixes to improve stability and code readability

+ previously not enough space was allocated for the unusual occurrence that
a 16-bit entity was greater than the largest 16bit prime (65521). Introduce
an overhead allocation which works around this issue

+ the largest prime is not about to change - define it, and don't bother
passing it as an argument to functions.

+ remove an extraneous "can't happen" call to exit()

+ fix some lint (as seen on amd64)

+ use better names for variables in the code

+ move occurrences of fprintf() to warn() - thanks, Christos!

+ use definitions instead of magic integer constants to make it obvious
what's happening with end of file, and odd-sized files

+ hold on information on input parsing in a separate struct, rather than
using arguments to functions

+ check input arguments to (1), and improve error checking in general

With this in place, (1) will now combine shares accessible through
httpdev(8) - which opens up a number of opportunities...


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 \
othersrc/crypto/external/bsd//dist/src/lib/secsplit.c
cvs rdiff -u -r1.2 -r1.3 \
othersrc/crypto/external/bsd//dist/src/lib/threshold.c
cvs rdiff -u -r1.1.1.1 -r1.2 \
othersrc/crypto/external/bsd//dist/src//main.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c
diff -u othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.3 othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.4
--- othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.3	Thu Oct 13 15:13:39 2011
+++ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c	Sat Feb 18 02:17:42 2012
@@ -128,6 +128,7 @@
 #include 
 #include 
 
+#include 
 #include 
 #include 
 #include 
@@ -137,7 +138,7 @@
 #include "threshold.h"
 #include "internal.h"
 
-#define PRIME 65521
+#define LARGEST_PRIME 65521
 
 #define S4_KMAX 48
 #define S4_NMAX 48
@@ -147,7 +148,17 @@
 
 #define S4_SMALLEST_INPUT	5
 
-/* Multiplicative inverses of 1-48 mod PRIME */
+#define S4_FILE_MAGIC	"s4"
+
+#ifndef USE_ARG
+#define USE_ARG(x) /*LINTED*/(void)&(x)
+#endif
+
+#ifndef __arraycount
+#define	__arraycount(__x)	(sizeof(__x) / sizeof(__x[0]))
+#endif
+
+/* Multiplicative inverses of 1-48 mod LARGEST_PRIME */
 static const int invtab[] = {
 	1, 32761, 43681, 49141, 52417, 54601, 56161, 57331,
 	58241, 58969, 11913, 60061, 60481, 60841, 61153, 61426,
@@ -160,16 +171,15 @@ static const int invtab[] = {
 typedef struct s4_t {
 	unsigned	  extra;	/* extra from last call */
 	unsigned	  magic;	/* magic number */
-	int		  have_extra;	/* 16-bit entity input */
-	int		  oddflag;	/* last return included a pad */
-	int		  seen[S4_KMAX]; /* if seen, then not the first */
-	unsigned	  next_d1[S4_KMAX]; /* for two byte lookahead */
+	int		  padded;	/* escaped 16-bit entity input */
+	int		  oddsizefile;	/* last return included a pad */
+	int		  peek[S4_KMAX]; /* for two byte lookahead */
 	uint8_t		  sharesc;	/* # of shares */
 } s4_t;
 
 /*** Code related to splitting */
 
-/* Return a random number from 0 to n-1. */
+/* Return a random number from 0 to x-1. */
 #define CRANDOM(x)	(uint32_t)(arc4random() % (x))
 
 /*
@@ -179,77 +189,79 @@ typedef struct s4_t {
  * poly = Polynomial coefficients
  * n = # coefficients (order of polynomial + 1)
  * i = Point to evaluate it at
- * mod = Modulus for evaluation
  */
 static uint32_t
-eval(uint32_t *poly, unsigned n, unsigned i, uint32_t mod)
+eval(uint32_t *poly, unsigned n, unsigned i)
 {
-	u_int32_t prod;		/* Accumulated product */
-	int j;	/* index */
+	uint32_t	prod;		/* Accumulated product */
+	int		j;		/* index */
 
 	prod = poly[n - 1];
 	for (j = (n - 1); --j >= 0; ) {
 		prod *= i;
 		prod += poly[j];
-		prod %= mod;
+		prod %= LARGEST_PRIME;
 	}
 	return prod;
 }
 
+#define _EOF		-1
+#define _ODD_SIZED_FILE	-2
+
 /*
- * Return a 16-bit value from file f_in, but limit it to be less than limit.
- * Anything >= limit-1 gets returned as two consecutive values (on 2 calls).
- * Return -1 on EOF, or -2 if the previous return value had been padded
- * because the file had an odd # bytes.
+ * Return a 16-bit value from input, but limit it to be less than
+ * LARGEST_PRIME.  Anything >= LARGEST_PRIME-1 gets returned as two
+ * consecutive values (on 2 calls).  Return -1 on EOF, or -2 if the
+ * previous return value had been padded because the file had an odd #
+ * bytes.
  */
-static uint32_t
-get_limited_16(s4_t *s4, thresh_str_t *str, uint32_t li

CVS commit: othersrc/crypto/external/bsd/ssss/dist/src/libssss

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Fri Feb 17 02:11:18 UTC 2012

Modified Files:
othersrc/crypto/external/bsd//dist/src/lib: threshold.c

Log Message:
don't rely on an application (such as (1)) being able to mmap(2) the
shares it presents via lib - allocate space using calloc(3) if the mmap
fails.

this change allows us to use (1) to combine shares from different
websites, mounted using httpdev(8).


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 \
othersrc/crypto/external/bsd//dist/src/lib/threshold.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd//dist/src/lib/threshold.c
diff -u othersrc/crypto/external/bsd//dist/src/lib/threshold.c:1.1.1.1 othersrc/crypto/external/bsd//dist/src/lib/threshold.c:1.2
--- othersrc/crypto/external/bsd//dist/src/lib/threshold.c:1.1.1.1	Mon Mar 21 05:43:35 2011
+++ othersrc/crypto/external/bsd//dist/src/lib/threshold.c	Fri Feb 17 02:11:18 2012
@@ -85,6 +85,21 @@ swapheader(thresh_head_t *head)
 head->size = (*(char *)(void *)&indian) ? head->size : (uint64_t)BSWAP64(head->size);
 }
 
+/* allocate space from heap */
+static int
+allocate(thresh_str_t *share, const void *data, size_t size)
+{
+	if ((share->io.base = calloc(1, size)) == NULL) {
+		(void) fprintf(stderr, "allocate: can't calloc %zu\n", size);
+		return 0;
+	}
+	if (data) {
+		(void) memcpy(share->io.base, data, size);
+	}
+	share->io.size = size;
+	return 1;
+}
+
 /**/
 
 /* check we have a sane header */
@@ -134,6 +149,8 @@ _add_share(threshold_t *thresh, unsi
 {
 	thresh_str_t	*share;
 	struct stat	 st;
+	ssize_t		 rc;
+	ssize_t		 cc;
 	FILE		*fp;
 
 	if (n != THRESH_MAX_SHARES) {
@@ -149,19 +166,23 @@ _add_share(threshold_t *thresh, unsi
 		share->io.size = (size_t)st.st_size;
 		share->io.base = mmap(NULL, share->io.size, PROT_READ, MAP_PRIVATE, fileno(fp), 0);
 		if (share->io.base == MAP_FAILED) {
-			(void) fprintf(stderr, "ida_add_share: can't mmap file '%s'\n", (const char *)data);
-			(void) fclose(fp);
-			return 0;
+			if (!allocate(share, NULL, (size_t)st.st_size)) {
+return 0;
+			}
+			for (cc = 0 ; cc < st.st_size ; cc += rc) {
+if ((rc = read(fileno(fp), &share->io.base[cc], st.st_size - cc)) < 0) {
+	break;
+}
+			}
+			thresh->mapped[n] = ALLOCATED;
+		} else {
+			thresh->mapped[n] = MMAPPED;
 		}
-		thresh->mapped[n] = MMAPPED;
+		(void) fclose(fp);
 	} else {
-		if ((share->io.base = calloc(1, (size_t)size)) == NULL) {
-			(void) fprintf(stderr, "ida_add_share: can't calloc %zu\n",
-(size_t)size);
+		if (!allocate(share, data, size)) {
 			return 0;
 		}
-		(void) memcpy(share->io.base, data, (size_t)size);
-		share->io.size = (size_t)size;
 		thresh->mapped[n] = ALLOCATED;
 	}
 	return 1;

CVS commit: othersrc/crypto/external/bsd/ssss/dist/src/libssss

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Thu Oct 13 15:13:39 UTC 2011

Modified Files:
othersrc/crypto/external/bsd//dist/src/lib: secsplit.c

Log Message:
remove a commented out line, and distribute the size allocation nearer
to where it's used:  make sure there's enough space in the allocated
arrays, especially when odd numbers of bytes are being split/joined.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
othersrc/crypto/external/bsd//dist/src/lib/secsplit.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c
diff -u othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.2 othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.3
--- othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.2	Thu Aug 18 04:19:47 2011
+++ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c	Thu Oct 13 15:13:39 2011
@@ -466,7 +466,6 @@ assemble(s4_t *s4, thresh_str_t *inputs,
 		}
 		inputs[i].c += sizeof(heads[i]);
 		x[i] = heads[i].coeff;
-		//inputs[i].io.size += 2;
 	}
 	for (;;) {
 		if ((d = get_assemble(s4, nin, inputs, x, mod, &oddflag)) == -1) {
@@ -532,7 +531,7 @@ split_memory(threshold_t *thresh, const 
 	/* allocate space for outputs */
 	thresh->sharesc = (unsigned)sharesc;
 	for (i = 0 ; i < sharesc ; i++) {
-		thresh->shares[i].io.size = memsize + sizeof(thresh_head_t);
+		thresh->shares[i].io.size = memsize + sizeof(thresh_head_t) + 2;
 		thresh->shares[i].c = 0;
 		if (thresh->shares[i].io.base == NULL &&
 		(thresh->shares[i].io.base = calloc(1, thresh->shares[i].io.size)) == NULL) {
@@ -579,7 +578,7 @@ int
 s4_combine(threshold_t *thresh)
 {
 	if (!join_memory(thresh, thresh->shares, 
-			thresh->shares[0].io.size, thresh->threshold,
+			thresh->shares[0].io.size - 2, thresh->threshold,
 			&thresh->shares[THRESH_JOIN_DEST])) {
 		return -1;
 	}

CVS commit: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey

[Thomas Klausner]

Module Name:othersrc
Committed By:   wiz
Date:   Sun Sep 18 22:33:38 UTC 2011

Modified Files:
othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey: sharedkey.1

Log Message:
Remove trailing whitespace.


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 \
othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1
diff -u othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.4 othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.5
--- othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.4	Sun Sep 18 19:27:08 2011
+++ othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1	Sun Sep 18 22:33:38 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: sharedkey.1,v 1.4 2011/09/18 19:27:08 agc Exp $
+.\" $NetBSD: sharedkey.1,v 1.5 2011/09/18 22:33:38 wiz Exp $
 .\"
 .\" Copyright (c) 2010,2011 Alistair Crooks 
 .\" All rights reserved.
@@ -138,12 +138,12 @@
 .Bd -literal
 % sharedkey -t 2/3 /etc/group
 Generating a one-time key
-signature  2048/RSA (Encrypt or Sign) 6018e4d1edcd8801 2011-09-17 
-Key fingerprint: e6ba 6252 120b 2f6a b702 4223 6018 e4d1 edcd 8801 
+signature  2048/RSA (Encrypt or Sign) 6018e4d1edcd8801 2011-09-17
+Key fingerprint: e6ba 6252 120b 2f6a b702 4223 6018 e4d1 edcd 8801
 uid  /etc/group shared 2/3 by agc Sat Sep 17 14:32:28 2011
 netpgp: generated keys in directory /tmp/share.04718a/6018e4d1edcd8801
-Enter passphrase for 6018e4d1edcd8801: 
-Repeat passphrase for 6018e4d1edcd8801: 
+Enter passphrase for 6018e4d1edcd8801:
+Repeat passphrase for 6018e4d1edcd8801:
 Shared secrets are in: /tmp/share.04718a
 
 % mat tvf /tmp/share.*/share000.mat
@@ -166,10 +166,10 @@
 Two of the shares can then be used to recover the secret in the following way:
 .Bd -literal
 % sharedkey -o group.recover -r /tmp/share.*/share002.mat /tmp/share.*/share000.mat
-signature  2048/RSA (Encrypt or Sign) 6018e4d1edcd8801 2011-09-17 
-Key fingerprint: e6ba 6252 120b 2f6a b702 4223 6018 e4d1 edcd 8801 
+signature  2048/RSA (Encrypt or Sign) 6018e4d1edcd8801 2011-09-17
+Key fingerprint: e6ba 6252 120b 2f6a b702 4223 6018 e4d1 edcd 8801
 uid  /etc/group shared 2/3 by agc Sat Sep 17 14:32:28 2011
-netpgp passphrase: 
+netpgp passphrase:
 % diff /etc/group group.recover
 % ls -l /etc/group group.recover
 -rw-r--r--  1 root  wheel  535 Oct  4 21:44 /etc/group

CVS commit: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Sun Sep 18 19:27:09 UTC 2011

Modified Files:
othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey: sharedkey.1

Log Message:
sync man page with reality


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 \
othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1
diff -u othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.3 othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.4
--- othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.3	Mon Mar 21 14:44:47 2011
+++ othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1	Sun Sep 18 19:27:08 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: sharedkey.1,v 1.3 2011/03/21 14:44:47 wiz Exp $
+.\" $NetBSD: sharedkey.1,v 1.4 2011/09/18 19:27:08 agc Exp $
 .\"
 .\" Copyright (c) 2010,2011 Alistair Crooks 
 .\" All rights reserved.
@@ -23,7 +23,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd March 20, 2011
+.Dd September 18, 2011
 .Dt SHAREDKEY 1
 .Os
 .Sh NAME
@@ -138,47 +138,42 @@
 .Bd -literal
 % sharedkey -t 2/3 /etc/group
 Generating a one-time key
-signature  2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23
-Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38
-uid  /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010
-Enter passphrase for db2d87129df8ca38:
-Repeat passphrase for db2d87129df8ca38:
-Shared secrets are in: /tmp/share.008847aa
-% ls -l /tmp/share.008847aa
-total 14
--rw-r--r--  1 agc  wheel   621 Nov 22 16:46 pubring.gpg
--rw-r--r--  1 agc  wheel  2947 Nov 22 16:46 share000.tar.gz
--rw-r--r--  1 agc  wheel  2948 Nov 22 16:46 share001.tar.gz
--rw-r--r--  1 agc  wheel  2955 Nov 22 16:46 share002.tar.gz
-% tar tvzf /tmp/share.008847aa/share000.tar.gz
-drwxr-xr-x  2 agc  wheel  0 Nov 22 16:46 share000
-lrwxr-xr-x  1 agc  wheel  0 Nov 22 16:46 share000/keyid -> db2d87129df8ca38
--rw---  1 agc  wheel625 Nov 22 16:46 share000/group.gpg
-lrwxr-xr-x  1 agc  wheel  0 Nov 22 16:46 share000/secret -> group.gpg
--rw-r--r--  1 agc  wheel621 Nov 22 16:46 share000/pubring.gpg
--rw-r--r--  1 agc  wheel   1316 Nov 22 16:46 share000/secring.gpg.000
-tar: ustar vol 1, 6 files, 10240 bytes read, 0 bytes written in 1 secs (10240 bytes/sec)
-% netpgpkeys -l --homedir /tmp/share.008847aa
-1 key found
-signature  2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23
-Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38
-uid  /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010
+signature  2048/RSA (Encrypt or Sign) 6018e4d1edcd8801 2011-09-17 
+Key fingerprint: e6ba 6252 120b 2f6a b702 4223 6018 e4d1 edcd 8801 
+uid  /etc/group shared 2/3 by agc Sat Sep 17 14:32:28 2011
+netpgp: generated keys in directory /tmp/share.04718a/6018e4d1edcd8801
+Enter passphrase for 6018e4d1edcd8801: 
+Repeat passphrase for 6018e4d1edcd8801: 
+Shared secrets are in: /tmp/share.04718a
 
+% mat tvf /tmp/share.*/share000.mat
+drwx--  2 agc  wheel512 Sep 17 14:32 share000
+lrwxr-xr-x  1 agc  wheel 16 Sep 17 14:32 share000/keyid -> 6018e4d1edcd8801
+-rw-r--r--  1 agc  wheel623 Sep 17 14:32 share000/secret.gpg
+-rw-r--r--  1 agc  wheel617 Sep 17 14:32 share000/pubring.gpg
+-rw-r--r--  1 agc  wheel   1323 Sep 17 14:32 share000/secring.gpg.share
+% ls -laR /tmp/share.*
+total 18
+drwx--  2 agc   wheel   512 Sep 17 14:32 .
+drwxrwxrwt  5 root  wheel   512 Sep 17 14:32 ..
+-rw-r--r--  1 agc   wheel   617 Sep 17 14:32 pubring.gpg
+-rw---  1 agc   wheel  3444 Sep 17 14:32 share000.mat
+-rw---  1 agc   wheel  3444 Sep 17 14:32 share001.mat
+-rw---  1 agc   wheel  3444 Sep 17 14:32 share002.mat
+%
 .Ed
 .Pp
 Two of the shares can then be used to recover the secret in the following way:
 .Bd -literal
-% sharedkey -r -o group.recover  /tmp/share.008847aa/share000.tar.gz /tmp/share.008847aa/share001.tar.gz
-Creating file /tmp/recover.008981aa/db2d87129df8ca38/secring.gpg from files:
-signature  2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23
-Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38
-uid  /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010
-netpgp passphrase:
-Recovered secret in: group.recover
-
+% sharedkey -o group.recover -r /tmp/share.*/share002.mat /tmp/share.*/share000.mat
+signature  2048/RSA (Encrypt or Sign) 6018e4d1edcd8801 2011-09-17 
+Key fingerprint: e6ba 6252 120b 2f6a b702 4223 6018 e4d1 edcd 8801 
+uid  /etc/group shared 2/3 by agc Sat Sep 17 14:32:28 2011
+netpgp passphras

CVS commit: othersrc/crypto/external/bsd/ssss/dist/src/libssss

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Thu Aug 18 04:19:47 UTC 2011

Modified Files:
othersrc/crypto/external/bsd//dist/src/lib: secsplit.c

Log Message:
With thanks to yamt for the heads-up, and to tls for the suggestion, 
needs a csprng - use arc4random(3) rather than random(3) for an unpredictable
source of randomness.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 \
othersrc/crypto/external/bsd//dist/src/lib/secsplit.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c
diff -u othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.1.1.1 othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.2
--- othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.1.1.1	Mon Mar 21 05:43:35 2011
+++ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c	Thu Aug 18 04:19:47 2011
@@ -170,7 +170,7 @@
 /*** Code related to splitting */
 
 /* Return a random number from 0 to n-1. */
-#define CRANDOM(x)	(uint32_t)(random() % (x))
+#define CRANDOM(x)	(uint32_t)(arc4random() % (x))
 
 /*
  * Evaluate the given polynomial, n coefficients, at point x=i.

CVS commit: othersrc/crypto/external/bsd/sharedkey

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Fri Jul 15 05:37:33 UTC 2011

Modified Files:
othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey:
libsharedkey.c
othersrc/crypto/external/bsd/sharedkey/sharedkey: Makefile

Log Message:
move from using a system(3) call to tar to package up the individual shares,
to using libmat(3). Removes the remaining "XXX" from this code.

the getopt2 lib is specified explicitly in the Makefiles for the benefit of
all of the sun2 port users out there.

also fix some lint


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 \
othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/libsharedkey.c
cvs rdiff -u -r1.1.1.1 -r1.2 \
othersrc/crypto/external/bsd/sharedkey/sharedkey/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/libsharedkey.c
diff -u othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/libsharedkey.c:1.1.1.1 othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/libsharedkey.c:1.2
--- othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/libsharedkey.c:1.1.1.1	Mon Mar 21 07:10:42 2011
+++ othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/libsharedkey.c	Fri Jul 15 05:37:33 2011
@@ -39,8 +39,13 @@
 #include 
 #include 
 
+#include "mat.h"
 #include "sharedkey.h"
 
+#ifndef __UNCONST
+#define __UNCONST(a)	((void *)(unsigned long)(const void *)(a))
+#endif
+
 /* copy from one file to another */
 static int
 copy(const char *fromdir, const char *from, const char *todir, const char *to)
@@ -52,8 +57,8 @@
 	char		*mem;
 	FILE		*fpr;
 	FILE		*fpw;
-	int		 wc;
-	int		 cc;
+	ssize_t		 wc;
+	ssize_t		 cc;
 
 	(void) snprintf(fromname, sizeof(fromname), "%s/%s", fromdir, from);
 	(void) snprintf(toname, sizeof(toname), "%s/%s", todir, to);
@@ -102,14 +107,14 @@
 {
 	va_list	args;
 	char	name[MAXPATHLEN];
-	int	cc;
+	ssize_t	cc;
 
 	va_start(args, fmt);
 	vsnprintf(name, sizeof(name), fmt, args);
 	va_end(args);
 	cc = readlink(name, contents, size);
 	contents[cc] = 0x0;
-	return cc;
+	return (int)cc;
 }
 
 /* varargs stat function */
@@ -144,7 +149,7 @@
 {
 	const char	*last;
 	const char	*s;
-	int	 	 sufflen;
+	size_t	 	 sufflen;
 
 	if ((s = strrchr(name, '/')) == NULL) {
 		s = name;
@@ -240,17 +245,19 @@
 {
 	threshold_t	 threshold;
 	struct stat	 st;
+	const char	*mat = "mattar";
 	netpgp_t	 netpgp;
 	unsigned	 i;
 	size_t		 cc;
 	time_t		 t;
+	char		 archive[MAXPATHLEN];
 	char		 keyrings[MAXPATHLEN];
 	char		 secret[MAXPATHLEN];
 	char		 sharedir[MAXPATHLEN];
 	char		 scratch[MAXPATHLEN];
 	char		 d[MAXPATHLEN];
+	char		 sharenum[32];
 	char		 desc[1024];
-	char		 cmd[8192];
 	char		*share;
 
 	(void) memset(&netpgp, 0x0, sizeof(netpgp));
@@ -289,7 +296,7 @@
 	(void) snprintf(secret, sizeof(secret), "%s/secret.gpg", keyrings);
 	netpgp_encrypt_file(&netpgp, sharedkey->keyid, f, secret, 0);
 	/* share the private key */
-	_init(&threshold, "", (uint8_t)sharedkey->threshold, (uint8_t)sharedkey->shares);
+	_init(&threshold, "", (unsigned)sharedkey->threshold, (unsigned)sharedkey->shares);
 	(void) snprintf(scratch, sizeof(scratch), "%s/secring.gpg", keyrings);
 	_add_share(&threshold, THRESH_SPLIT_SOURCE, scratch, -1);
 	_split(&threshold);
@@ -302,11 +309,10 @@
 		copy(keyrings, "pubring.gpg", sharedir, "pubring.gpg");
 		_get_share(&threshold, i, (void **)(void *)&share, &cc);
 		writeshare(share, cc, "%s/secring.gpg.share", sharedir);
-		(void) snprintf(cmd, sizeof(cmd),
-			"tar -C %s -czf %s/share%.3d.tar.gz share%.3d",
-			sharedkey->splitdir, sharedkey->splitdir, i, i);
-		system(cmd); /* XXX */
-		vsyscall(0600, "chmod", "%s/share%.3d.tar.gz", sharedkey->splitdir, i);
+		snprintf(archive, sizeof(archive), "%s/share%.3d.mat", sharedkey->splitdir, i);
+		snprintf(sharenum, sizeof(sharenum), "share%.3d", i);
+		mat_vtar(__UNCONST(mat), "-cvvf", archive, "-C", sharedkey->splitdir, sharenum, NULL);
+		vsyscall(0600, "chmod", "%s/share%.3d.mat", sharedkey->splitdir, i);
 		recursive_rm(sharedir);
 	}
 	_end(&threshold);
@@ -321,16 +327,14 @@
 {
 	threshold_t	 threshold;
 	struct stat	 st;
+	const char	*mat = "mattar";
 	netpgp_t	 netpgp;
-	//size_t		 size;
 	char		*recoverdir;
-	char		 cmd[8192];
 	char		 keyring[MAXPATHLEN];
 	char		 scratch[MAXPATHLEN];
 	char		 secring[MAXPATHLEN];
 	char		 both[MAXPATHLEN];
 	char		 d[MAXPATHLEN];
-	//char		*share;
 	int		 i;
 
 	(void) snprintf(d, sizeof(d), "/tmp/recover.XX");
@@ -342,9 +346,8 @@
 		return 0;
 	}
 	for (i = optind ; i < argc ; i++) {
-		(void) snprintf(cmd, sizeof(cmd), "tar -C %s -xzf %s", recoverdir, argv[i]);
-		system(cmd); /* XXX */
-		(void) realbasename(argv[i], ".tar.gz", scratch, sizeof(scratch));
+		mat_vtar(__UNCONST(mat), "-xf", argv[i], "-C", recoverdir, NULL);
+		(void) realbasename(argv[i], ".mat", s

CVS commit: othersrc/crypto/external/bsd

[Thomas Klausner]

Module Name:othersrc
Committed By:   wiz
Date:   Mon Mar 21 14:44:48 UTC 2011

Modified Files:
othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey: sharedkey.1
othersrc/crypto/external/bsd//dist/src/lib: lib.3
othersrc/crypto/external/bsd//dist/src/: .1

Log Message:
Whitespace nits, use \- for a minus sign.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1
cvs rdiff -u -r1.1.1.1 -r1.2 \
othersrc/crypto/external/bsd//dist/src/lib/lib.3
cvs rdiff -u -r1.1.1.1 -r1.2 \
othersrc/crypto/external/bsd//dist/src//.1

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1
diff -u othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.2 othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.3
--- othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.2	Mon Mar 21 07:15:33 2011
+++ othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1	Mon Mar 21 14:44:47 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: sharedkey.1,v 1.2 2011/03/21 07:15:33 agc Exp $
+.\" $NetBSD: sharedkey.1,v 1.3 2011/03/21 14:44:47 wiz Exp $
 .\"
 .\" Copyright (c) 2010,2011 Alistair Crooks 
 .\" All rights reserved.
@@ -138,11 +138,11 @@
 .Bd -literal
 % sharedkey -t 2/3 /etc/group
 Generating a one-time key
-signature  2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 
-Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 
+signature  2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23
+Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38
 uid  /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010
-Enter passphrase for db2d87129df8ca38: 
-Repeat passphrase for db2d87129df8ca38: 
+Enter passphrase for db2d87129df8ca38:
+Repeat passphrase for db2d87129df8ca38:
 Shared secrets are in: /tmp/share.008847aa
 % ls -l /tmp/share.008847aa
 total 14
@@ -161,7 +161,7 @@
 % netpgpkeys -l --homedir /tmp/share.008847aa
 1 key found
 signature  2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23
-Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 
+Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38
 uid  /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010
 
 .Ed
@@ -170,10 +170,10 @@
 .Bd -literal
 % sharedkey -r -o group.recover  /tmp/share.008847aa/share000.tar.gz /tmp/share.008847aa/share001.tar.gz
 Creating file /tmp/recover.008981aa/db2d87129df8ca38/secring.gpg from files:
-signature  2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 
-Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 
+signature  2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23
+Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38
 uid  /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010
-netpgp passphrase: 
+netpgp passphrase:
 Recovered secret in: group.recover
 
 % ls -l /etc/group group.recover

Index: othersrc/crypto/external/bsd//dist/src/lib/lib.3
diff -u othersrc/crypto/external/bsd//dist/src/lib/lib.3:1.1.1.1 othersrc/crypto/external/bsd//dist/src/lib/lib.3:1.2
--- othersrc/crypto/external/bsd//dist/src/lib/lib.3:1.1.1.1	Mon Mar 21 05:43:35 2011
+++ othersrc/crypto/external/bsd//dist/src/lib/lib.3	Mon Mar 21 14:44:47 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: lib.3,v 1.1.1.1 2011/03/21 05:43:35 agc Exp $
+.\" $NetBSD: lib.3,v 1.2 2011/03/21 14:44:47 wiz Exp $
 .\"
 .\" Copyright (c) 2010,2011 Alistair Crooks 
 .\" All rights reserved.
@@ -28,7 +28,7 @@
 .Os
 .Sh NAME
 .Nm lib
-.Nd secret sharing library 
+.Nd secret sharing library
 .Sh LIBRARY
 .Lb lib
 .Sh SYNOPSIS
@@ -101,7 +101,7 @@
 .It 
 use Shamir's Secret Sharing Scheme to share the original
 file in a way that cannot be recovered by others except by using
-a number of shares equalling the threshold 
+a number of shares equalling the threshold
 .El
 .Pp
 If the threshold is set to 1, then any of the shares can be used to
@@ -145,7 +145,7 @@
 .Fa data
 argument,
 and a value of
-.Dv -1
+.Dv \-1
 should be given for the length.
 .Pp
 To split input data into shares,

Index: othersrc/crypto/external/bsd//dist/src//.1
diff -u othersrc/crypto/external/bsd//dist/src//.1:1.1.1.1 othersrc/crypto/external/bsd//dist/src//.1:1.2
--- othersrc/crypto/external/bsd//dist/src//.1:1.1.1.1	Mon Mar 21 05:43:35 2011
+++ othersrc/crypto/external/bsd//dist/src//.1	Mon Mar 21 14:44:47 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: .1,v 1.1.1.1 2011/03/21 05:43:35 agc Exp $
+.\" $NetBSD: .1,v 1.2 2011/03/21 14:44:47 wiz Exp $
 .\"
 .\" Copyright (c) 2010,2011 Alistair Crooks 

CVS commit: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Mon Mar 21 07:15:33 UTC 2011

Modified Files:
othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey: sharedkey.1

Log Message:
update names and locations to reflect current use.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 \
othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1
diff -u othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.1.1.1 othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.2
--- othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.1.1.1	Mon Mar 21 07:10:42 2011
+++ othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1	Mon Mar 21 07:15:33 2011
@@ -1,6 +1,6 @@
-.\" $NetBSD: sharedkey.1,v 1.1.1.1 2011/03/21 07:10:42 agc Exp $
+.\" $NetBSD: sharedkey.1,v 1.2 2011/03/21 07:15:33 agc Exp $
 .\"
-.\" Copyright (c) 2010 Alistair Crooks 
+.\" Copyright (c) 2010,2011 Alistair Crooks 
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -23,11 +23,11 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd April 13, 2010
-.Dt OTK 1
+.Dd March 20, 2011
+.Dt SHAREDKEY 1
 .Os
 .Sh NAME
-.Nm otk
+.Nm sharedkey
 .Nd secret-sharing and recovery utility using one-time RSA keys
 .Sh SYNOPSIS
 .Nm
@@ -61,13 +61,12 @@
 .Nm
 command is used to recover a secret
 which has been shared using
-.Xr otk 1 ,
-using a one-time RSA key generated by
-.Xr netpgpkeys 1 ,
-encrypted using
-.Xr netpgp 1 ,
+.Nm
+using a one-time RSA key generated and
+encrypted by
+.Xr libnetpgp 3 ,
 and then split into shares using
-.Xr threshold 1 .
+.Xr lib 3 .
 Only the
 .Dv threshold
 number of shares is needed to recover the secret,
@@ -137,21 +136,21 @@
 .Pa /etc/group
 into 3 separate shares, of which 2 are needed to reconstruct the original file.
 .Bd -literal
-% otk -t 2/3 /etc/group
+% sharedkey -t 2/3 /etc/group
 Generating a one-time key
 signature  2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 
 Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 
 uid  /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010
 Enter passphrase for db2d87129df8ca38: 
 Repeat passphrase for db2d87129df8ca38: 
-Shared secrets are in: /tmp/otk.008847aa
-% ls -l /tmp/otk.008847aa
+Shared secrets are in: /tmp/share.008847aa
+% ls -l /tmp/share.008847aa
 total 14
 -rw-r--r--  1 agc  wheel   621 Nov 22 16:46 pubring.gpg
 -rw-r--r--  1 agc  wheel  2947 Nov 22 16:46 share000.tar.gz
 -rw-r--r--  1 agc  wheel  2948 Nov 22 16:46 share001.tar.gz
 -rw-r--r--  1 agc  wheel  2955 Nov 22 16:46 share002.tar.gz
-% tar tvzf /tmp/otk.008847aa/share000.tar.gz
+% tar tvzf /tmp/share.008847aa/share000.tar.gz
 drwxr-xr-x  2 agc  wheel  0 Nov 22 16:46 share000
 lrwxr-xr-x  1 agc  wheel  0 Nov 22 16:46 share000/keyid -> db2d87129df8ca38
 -rw---  1 agc  wheel625 Nov 22 16:46 share000/group.gpg
@@ -159,7 +158,7 @@
 -rw-r--r--  1 agc  wheel621 Nov 22 16:46 share000/pubring.gpg
 -rw-r--r--  1 agc  wheel   1316 Nov 22 16:46 share000/secring.gpg.000
 tar: ustar vol 1, 6 files, 10240 bytes read, 0 bytes written in 1 secs (10240 bytes/sec)
-% netpgpkeys -l --homedir /tmp/otk.008847aa
+% netpgpkeys -l --homedir /tmp/share.008847aa
 1 key found
 signature  2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23
 Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 
@@ -169,8 +168,8 @@
 .Pp
 Two of the shares can then be used to recover the secret in the following way:
 .Bd -literal
-% otk -r -o group.recover  /tmp/otk.008847aa/share000.tar.gz /tmp/otk.008847aa/share001.tar.gz
-Creating file /tmp/otkrecover.008981aa/db2d87129df8ca38/secring.gpg from files:
+% sharedkey -r -o group.recover  /tmp/share.008847aa/share000.tar.gz /tmp/share.008847aa/share001.tar.gz
+Creating file /tmp/recover.008981aa/db2d87129df8ca38/secring.gpg from files:
 signature  2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 
 Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 
 uid  /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010
@@ -190,7 +189,7 @@
 .Sh SEE ALSO
 .Xr tar 1 ,
 .Xr libnetpgp 3 ,
-.Xr libotk 3
+.Xr lib 3
 .Sh HISTORY
 The
 .Nm

CVS commit: othersrc/crypto/external/bsd/sharedkey

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Mon Mar 21 07:10:45 UTC 2011

Update of /cvsroot/othersrc/crypto/external/bsd/sharedkey
In directory ivanova.netbsd.org:/tmp/cvs-serv15677

Log Message:
Initial import, into othersrc/crypto, of sharedkey, a library and
utility which generates a one-time key (by default RSA 2048bit), which
is used to encrypt a secret to be shared between a number of people.
The secret is encrypted to the generated, one-time key. That key is
then distributed using lib(3). All encryption and decryption are
accomplished via libnetpgp(3).

The secret can be recovered by presenting a threshold of shares, and
using that to recover the secret key, which can then be used to
decrypt the original secret.

The key can optionally be further protected by a passphrase, which is
set at one-time-key generation time.  The net effect is to introduce a
gate to recovery - with a passphrase, secret recovery can be gated
through an individual who knows the passphrase - this protects against
collusion to recover the secret "behind everyone's backs". At the same
time, normal passphrase propagation rules apply, and there is a potential
for a Single Point of Failure.

There are a number of use cases for this functionality, which is a
generalised and much more flexible form of encryption to a number of
users.  Shares can be distributed in non-uniform amounts, for example,
so that more important players in the group can receive more than one
share.  Ad-hoc user groups can be established.  Shares can be
encrypted to other user's keys, and protected in transit that way. 
Shares can be encrypted to the distributor's key before encrypting to
the recipient's key - this will protect against collusion and
accidental exposure of the secret, but again introduces a SPoF. 
Backups can be generated which can be recovered only when a quorum of
known and authorised keys have authorised it. There are many other
use cases for this - they are left as an exercise for the reader.

The original public key is kept around to provide information on
the encrypted secret - who, when, how many shares, quorum, etc.
If this is deemed to be sensitive, this information can be redacted by
using the -a switch (to anonymize the public key).

There are still some loose ends to this code, but it is functional
at the present time. Further review is welcomed and encouraged.

A worked example, taken from the regression test for sharedkey(1)
distributes the /etc/group file on a machine to 3 shares, of which 2
make a quorum. The group file is then recovered by using two of the
generated shares:

% make t
cd /usr/othersrc/crypto/external/bsd/sharedkey/sharedkey && make t
make split
rm -rf /tmp/share.* /tmp/recover.*
./sharedkey -t 2/3 /etc/group
Generating a one-time key
/tmp/share.14828a/pubring.gpg: No such file or directory
Can't read pubring /tmp/share.14828a/pubring.gpg
Can't read pub keyring
signature  2048/RSA (Encrypt or Sign) 5eb658fbc4e0c0fc 2011-03-20 
Key fingerprint: 1878 2f43 ff3b 0792 2f1c bacc 5eb6 58fb c4e0 c0fc 
uid  /etc/group shared 2/3 by agc Sun Mar 20 03:48:28 2011
netpgp: generated keys in directory /tmp/share.14828a/5eb658fbc4e0c0fc
Enter passphrase for 5eb658fbc4e0c0fc: 
Repeat passphrase for 5eb658fbc4e0c0fc: 
Shared secrets are in: /tmp/share.14828a
tar tvzf /tmp/share.*/share000.tar.gz
drwx--  2 agc  wheel  0 Mar 20 03:48 share000
lrwxr-xr-x  1 agc  wheel  0 Mar 20 03:48 share000/keyid -> 
5eb658fbc4e0c0fc
-rw-r--r--  1 agc  wheel609 Mar 20 03:48 share000/secret.gpg
-rw-r--r--  1 agc  wheel617 Mar 20 03:48 share000/pubring.gpg
-rw-r--r--  1 agc  wheel   1323 Mar 20 03:48 share000/secring.gpg.share
tar: ustar vol 1, 5 files, 10240 bytes read, 0 bytes written in 1 secs (10240 
bytes/sec)
ls -laR /tmp/share.*
total 18
drwx--  2 agc   wheel   512 Mar 20 03:48 .
drwxrwxrwt  5 root  wheel   512 Mar 20 03:48 ..
-rw-r--r--  1 agc   wheel   617 Mar 20 03:48 pubring.gpg
-rw---  1 agc   wheel  2908 Mar 20 03:48 share000.tar.gz
-rw---  1 agc   wheel  2908 Mar 20 03:48 share001.tar.gz
-rw---  1 agc   wheel  2910 Mar 20 03:48 share002.tar.gz
make join
./sharedkey -o group.recover -r /tmp/share.*/share002.tar.gz 
/tmp/share.*/share000.tar.gz
Error: Format error (ptag bit not set)
signature  2048/RSA (Encrypt or Sign) 5eb658fbc4e0c0fc 2011-03-20 
Key fingerprint: 1878 2f43 ff3b 0792 2f1c bacc 5eb6 58fb c4e0 c0fc 
uid  /etc/group shared 2/3 by agc Sun Mar 20 03:48:28 2011
netpgp passphrase: 
%


Status:

Vendor Tag: CROOKS
Release Tags:   sharedkey-base

N othersrc/crypto/external/bsd/sharedkey/Makefile
N othersrc/crypto/external/bsd/sharedkey/mkdist
N othersrc/crypto/external/bsd/sharedkey/Makefile.inc
N othersrc/crypto/external/bsd/sharedkey/dist/Makefile.am
N othersrc/crypto/external/bsd/sharedkey/dist/TODO
N othersrc/crypto/external/bsd/sharedkey/dist/aclocal.m4
N othersrc/crypto/external/bsd/s

CVS commit: othersrc/crypto/external/bsd/ssss

[Alistair G. Crooks]

Module Name:othersrc
Committed By:   agc
Date:   Mon Mar 21 05:43:38 UTC 2011

Update of /cvsroot/othersrc/crypto/external/bsd/
In directory ivanova.netbsd.org:/tmp/cvs-serv27364

Log Message:
Initial import of alternative threshold code to othersrc/crypto to
perform Shamir's Secret Sharing Scheme.

For more information on Sharmir's Secret Sharing Scheme ( or S4),
please see:

http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing

To re-iterate: this is a threshold scheme where an original secret is
split into shares. When a threshold of shares is presented, the original
secret can be reconstructed.

This is closely related to the threshold routines previously imported
into othersrc; the difference is that this code does not reveal any of
the information in the original secret until a threshold of shares is
presented. Compared to IDA, for example, an  share is the same size
as the original data (compared to originalsize / threshold for IDA), but
provides privacy which IDA does not do.

This implementation of  keeps the same interface as the threshold(1)
and libthreshold(3), for convenience sake.


Status:

Vendor Tag: CROOKS
Release Tags:   -base

N othersrc/crypto/external/bsd//Makefile
N othersrc/crypto/external/bsd//mkdist
N othersrc/crypto/external/bsd//Makefile.inc
N othersrc/crypto/external/bsd//dist/Makefile.am
N othersrc/crypto/external/bsd//dist/TODO
N othersrc/crypto/external/bsd//dist/aclocal.m4
N othersrc/crypto/external/bsd//dist/configure
N othersrc/crypto/external/bsd//dist/configure.ac
N othersrc/crypto/external/bsd//dist/libtool
N othersrc/crypto/external/bsd//dist/tst
N othersrc/crypto/external/bsd//dist/buildaux/config.guess
N othersrc/crypto/external/bsd//dist/buildaux/config.sub
N othersrc/crypto/external/bsd//dist/buildaux/depcomp
N othersrc/crypto/external/bsd//dist/buildaux/install-sh
N othersrc/crypto/external/bsd//dist/buildaux/ltmain.sh
N othersrc/crypto/external/bsd//dist/buildaux/missing
N othersrc/crypto/external/bsd//dist/include/.h
N othersrc/crypto/external/bsd//dist/include/Makefile.am
N othersrc/crypto/external/bsd//dist/src/Makefile.am
N othersrc/crypto/external/bsd//dist/src/Makefile.in
N othersrc/crypto/external/bsd//dist/src//.1
N othersrc/crypto/external/bsd//dist/src//Makefile.am
N othersrc/crypto/external/bsd//dist/src//Makefile.in
N othersrc/crypto/external/bsd//dist/src//main.c
N othersrc/crypto/external/bsd//dist/src/lib/Makefile.am
N othersrc/crypto/external/bsd//dist/src/lib/Makefile.in
N othersrc/crypto/external/bsd//dist/src/lib/config.h.in
N othersrc/crypto/external/bsd//dist/src/lib/internal.h
N othersrc/crypto/external/bsd//dist/src/lib/lib.3
N othersrc/crypto/external/bsd//dist/src/lib/secsplit.c
N othersrc/crypto/external/bsd//dist/src/lib/threshold.c
N othersrc/crypto/external/bsd//dist/autom4te.cache/requests
N othersrc/crypto/external/bsd//dist/autom4te.cache/output.0
N othersrc/crypto/external/bsd//dist/autom4te.cache/traces.0
N othersrc/crypto/external/bsd///Makefile
N othersrc/crypto/external/bsd//lib/shlib_version
N othersrc/crypto/external/bsd//lib/Makefile
N othersrc/crypto/external/bsd//lib/config.h

No conflicts created by this import