CVS commit: othersrc/crypto/external/bsd/ssss/ssss
Module Name:othersrc Committed By: agc Date: Sat Mar 10 21:18:04 UTC 2012 Modified Files: othersrc/crypto/external/bsd//: Makefile Log Message: don't link with libthreshold any more run simple tests in place without requiring lib installation To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 othersrc/crypto/external/bsd///Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd///Makefile diff -u othersrc/crypto/external/bsd///Makefile:1.1.1.1 othersrc/crypto/external/bsd///Makefile:1.2 --- othersrc/crypto/external/bsd///Makefile:1.1.1.1 Mon Mar 21 05:43:37 2011 +++ othersrc/crypto/external/bsd///Makefile Sat Mar 10 21:18:03 2012 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.1.1.1 2011/03/21 05:43:37 agc Exp $ +# $NetBSD: Makefile,v 1.2 2012/03/10 21:18:03 agc Exp $ .include @@ -7,9 +7,6 @@ CPPFLAGS+= -I${EXTDIST}/include LIBDIR!= cd ${.CURDIR}/../lib && ${PRINTOBJDIR} LDADD+= -L${LIBDIR} -l DPADD+= ${LIBDIR}/lib.a -LIBTHRESHDIR!= cd ${.CURDIR}/../../../../../external/bsd/threshold/libthreshold && ${PRINTOBJDIR} -LDADD+= -L${LIBTHRESHDIR} -lthreshold -DPADD+= ${LIBTHRESHDIR}/libthreshold.a USE_FORT?= yes @@ -27,16 +24,16 @@ EXTDIST=${.CURDIR}/../dist t test tst: $(PROG) cp /etc/group secretfile - ./${PROG} -t 3/10 secretfile + env LD_LIBRARY_PATH=${LIBDIR} ./${PROG} -t 3/10 secretfile ls -al secretfile.0* - ./${PROG} -j -o secretfile.recons secretfile.004 secretfile.002 secretfile.003 + env LD_LIBRARY_PATH=${LIBDIR} ./${PROG} -j -o secretfile.recons secretfile.004 secretfile.002 secretfile.003 diff secretfile secretfile.recons - ./${PROG} -t 2/10 < secretfile - ls -al threshold.0* - ./${PROG} -j -o secretfile.mem threshold.002 threshold.003 + env LD_LIBRARY_PATH=${LIBDIR} ./${PROG} -t 2/10 < secretfile + ls -al .0* + env LD_LIBRARY_PATH=${LIBDIR} ./${PROG} -j -o secretfile.mem .002 .003 -diff secretfile secretfile.mem - rm threshold.* - ./${PROG} -t 5/10 -i - ls -al threshold.0* - ./${PROG} -j threshold.004 threshold.002 threshold.003 threshold.005 threshold.007 - rm -f secretfile.recons secretfile.0* secretfile secretfile.mem threshold.* + rm .* + env LD_LIBRARY_PATH=${LIBDIR} ./${PROG} -t 5/10 -i + ls -al .0* + env LD_LIBRARY_PATH=${LIBDIR} ./${PROG} -j .004 .002 .003 .005 .007 + rm -f secretfile.recons secretfile.0* secretfile secretfile.mem .*
CVS commit: othersrc/crypto/external/bsd/ssss/dist/src/libssss
Module Name:othersrc Committed By: agc Date: Sat Mar 10 21:15:27 UTC 2012 Modified Files: othersrc/crypto/external/bsd//dist/src/lib: secsplit.c Log Message: restore correct operation for odd-sized files To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 \ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c diff -u othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.8 othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.9 --- othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.8 Fri Mar 9 06:37:23 2012 +++ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c Sat Mar 10 21:15:27 2012 @@ -15,26 +15,74 @@ * pieces give NO information about the original file (except its * length). * + * It has been written for and tested on DOS and Unix systems. + * + * To split up a file, use the command; secsplit n k file where n is + * the number of pieces to split it up to, and k is the number of + * pieces needed to reconstruct it. k should be <= n and > 1. If you + * get n and k backwards the program will swap them for you so don't + * worry too much about remembering the order. + * + * The program will output to file.001, file.002, If the file has + * an extension (e.g. "file.c") the extension will be stripped off + * before the ".001", etc., are added (so "file.c" will also output to + * "file.001", etc.). + * + * To reconstruct a file, use the command: + *secsplit k file.* + * or + *secsplit k file file1 file2... + * * k should be >= the k used when the file was split; the minimum * number of pieces needed to reconstruct the file. If you have too * few pieces then the program won't give an error, but you'll get the * wrong answer. * + * The first command form is for DOS or other systems which won't + * expand the ".*" for you; the program scans for file.000, file.001, + * etc., and uses the first k of them that it finds. In the second + * form, the number of files given should be at least k, and again the + * first k of them will be used. + * + * The output in the first form will be file.out; in the second form + * it will be the first file on the command line, stripped of its + * extension, and with ".out" added, so generally it will be file.out + * too. + * * Shamir's algorithm relies on cryptographically strong, unguessable, * random numbers. This version of the program uses the arc4random(3) * interface. * - * The files consist of a series of 16-bit values (high byte first), - * which are the result of applying Shamir's splitting algorithm to - * the input file taken in 16-bit chunks. The prime used is slightly - * less than 2^16. + * Revision history: + *Version 1.0 October 23, 1993 + * + *Version 1.1 October 24, 1993 + * Added IDEA-based random-number-generator, initialized by MD5 + * of input file, plus the time of day. + * + *Version 1.2 March 31, 2000 Damien Miller + * Removed IDEA-based random-number generator in favour of + * /dev/random. Removed MSDOSisms. Rearranged source code and + * formatting according to OpenBSD style(9) + * + * + * The file formats used for output are as follows. Each file starts + * with one byte which is the index, from 1 through n, of that file. + * This is the x value used for the polynomial evaluation in Shamir's + * algorithm. The files then consist of a series of 16-bit values + * (high byte first), which are the result of applying Shamir's + * splitting algorithm to the input file taken in 16-bit chunks. The + * prime used is slightly less than 2^16, meaning that input data + * values close to 2^16 get turned into a pair of values (see below + * for more information on this expansion). * * If the input file is of even length, the output files will each by * of that length+1 (because of the 1 byte at the beginning). If the * input file is of odd length, the input is padded with a random byte * and processed normally to get a pair of output bytes, then each * output file is padded with an extra random byte to indicate this - * fact. So all output files should have an even number of bytes. + * fact. So output files which have an odd length correspond to input + * files with an even length, and vice versa. * * The output files could have encoded k and n information, but this * could be helpful to an attacker (he would know when he was close to @@ -44,12 +92,34 @@ * The file formats are system-independent so files split on one kind * of machine should be able to be reassembled on another kind of * machine. - */ -/* - * This source code has been cruelly munged around, and very little - * (if any) is left of the original sources. I have left the original - * leading co
CVS commit: othersrc/crypto/external/bsd/ssss/dist/src/libssss
Module Name:othersrc Committed By: agc Date: Fri Mar 9 06:37:23 UTC 2012 Modified Files: othersrc/crypto/external/bsd//dist/src/lib: secsplit.c Log Message: + don't allocate space if we're passed an in-memory array as either a source or a destination of split/combine + fix up the split_vec/combine_vec combinatino so that they both work a bit better now - still some work needed here, though + free the internal s4 structure as part of the combine/combine_vec operation, rather than doing it in _end(). We know at that stage that we have allocated it, and the principle of freeing memory in the same place in the calling stack as it was allocated still applies + rip out parts of the initial comment which aren't really accurate any more - i'm not sure there's that much of the original code left To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 \ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c diff -u othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.7 othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.8 --- othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.7 Thu Mar 8 02:44:06 2012 +++ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c Fri Mar 9 06:37:23 2012 @@ -15,74 +15,26 @@ * pieces give NO information about the original file (except its * length). * - * It has been written for and tested on DOS and Unix systems. - * - * To split up a file, use the command; secsplit n k file where n is - * the number of pieces to split it up to, and k is the number of - * pieces needed to reconstruct it. k should be <= n and > 1. If you - * get n and k backwards the program will swap them for you so don't - * worry too much about remembering the order. - * - * The program will output to file.001, file.002, If the file has - * an extension (e.g. "file.c") the extension will be stripped off - * before the ".001", etc., are added (so "file.c" will also output to - * "file.001", etc.). - * - * To reconstruct a file, use the command: - *secsplit k file.* - * or - *secsplit k file file1 file2... - * * k should be >= the k used when the file was split; the minimum * number of pieces needed to reconstruct the file. If you have too * few pieces then the program won't give an error, but you'll get the * wrong answer. * - * The first command form is for DOS or other systems which won't - * expand the ".*" for you; the program scans for file.000, file.001, - * etc., and uses the first k of them that it finds. In the second - * form, the number of files given should be at least k, and again the - * first k of them will be used. - * - * The output in the first form will be file.out; in the second form - * it will be the first file on the command line, stripped of its - * extension, and with ".out" added, so generally it will be file.out - * too. - * * Shamir's algorithm relies on cryptographically strong, unguessable, * random numbers. This version of the program uses the arc4random(3) * interface. * - * Revision history: - *Version 1.0 October 23, 1993 - * - *Version 1.1 October 24, 1993 - * Added IDEA-based random-number-generator, initialized by MD5 - * of input file, plus the time of day. - * - *Version 1.2 March 31, 2000 Damien Miller - * Removed IDEA-based random-number generator in favour of - * /dev/random. Removed MSDOSisms. Rearranged source code and - * formatting according to OpenBSD style(9) - * - * - * The file formats used for output are as follows. Each file starts - * with one byte which is the index, from 1 through n, of that file. - * This is the x value used for the polynomial evaluation in Shamir's - * algorithm. The files then consist of a series of 16-bit values - * (high byte first), which are the result of applying Shamir's - * splitting algorithm to the input file taken in 16-bit chunks. The - * prime used is slightly less than 2^16, meaning that input data - * values close to 2^16 get turned into a pair of values (see below - * for more information on this expansion). + * The files consist of a series of 16-bit values (high byte first), + * which are the result of applying Shamir's splitting algorithm to + * the input file taken in 16-bit chunks. The prime used is slightly + * less than 2^16. * * If the input file is of even length, the output files will each by * of that length+1 (because of the 1 byte at the beginning). If the * input file is of odd length, the input is padded with a random byte * and processed normally to get a pair of output bytes, then each * output file is padded with an extra random byte to indicate this - * fact. So output files which have an odd length correspond to
CVS commit: othersrc/crypto/external/bsd/ssss/dist
Module Name:othersrc Committed By: agc Date: Thu Mar 8 02:44:06 UTC 2012 Modified Files: othersrc/crypto/external/bsd//dist/include: .h othersrc/crypto/external/bsd//dist/src/lib: lib.3 secsplit.c Log Message: Update the code: + add the ability to encode split shares as 16bit or 24-bit values, which greatly simplifies input and output, and allows constant-sized output for given inputs. This also gives us the ability to use larger primes, although space is wasted with these, and it's not immediately obvious what advantage would accrue. But it's there, just in case. + we advertise being able to do 255 (_MAX_SHARES) shares - so complete the inverse table for GF(16) arithmetic modulo P for 256 values + use _MAX_SHARES (255) internally, rather than the previous internal (and much smaller) limits + simplify the I/O in this library - it was a remnant from 1993 + remove private structs and definitions from the header file - they're not part of the public interface, and shouldn't be exposed + add _split_vec() and _combine_vec() which give input and oputput to split and combine via struct iovec + update the manual page To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 \ othersrc/crypto/external/bsd//dist/include/.h cvs rdiff -u -r1.2 -r1.3 \ othersrc/crypto/external/bsd//dist/src/lib/lib.3 cvs rdiff -u -r1.6 -r1.7 \ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd//dist/include/.h diff -u othersrc/crypto/external/bsd//dist/include/.h:1.2 othersrc/crypto/external/bsd//dist/include/.h:1.3 --- othersrc/crypto/external/bsd//dist/include/.h:1.2 Tue Feb 21 05:25:42 2012 +++ othersrc/crypto/external/bsd//dist/include/.h Thu Mar 8 02:44:05 2012 @@ -26,6 +26,7 @@ #define _H_ 20120220 #include +#include #include #include @@ -45,20 +46,10 @@ __BEGIN_DECLS enum { _MAX_SHARES = 256, - _MAGIC_LENGTH = 4, - _SPLIT_SOURCE = _MAX_SHARES, _JOIN_DEST = _MAX_SHARES }; -/* threshold header written to output file when splitting */ -typedef struct s4_head_t { - char magic[_MAGIC_LENGTH]; /* magic string */ - uint8_t coeff; /* coefficient of this share */ - uint8_t pad[3]; /* padding character */ - uint64_t size; /* size of original file */ -} s4_head_t; - /* io vector - look familiar? */ typedef struct _iovec_t { size_t size; /* size of vector */ @@ -84,24 +75,23 @@ typedef struct _t { } _t; /* initialisation function */ -int _init(_t *, unsigned, unsigned); +int _init(_t */**/, unsigned, unsigned); /* split functions */ -int _split(_t *); +int _split(_t */**/); +int _split_vec(_t */**/, const char */*buf*/, size_t /*size*/, struct iovec */*iov*/, int /*iovc*/); /* reconstruction functions */ -int _combine(_t *); - -/* join function */ -int _join(_t *); +int _combine(_t */**/); +int _combine_vec(_t */**/, struct iovec */*iov*/, int /*iovc*/, char */*buf*/, size_t /*size*/); /* functions to retrieve a share or the result of a join */ -int _add_share(_t *, unsigned, const void *, ssize_t); -int _get_share(_t *, unsigned, void **, size_t *); -int _write_share(_t *, unsigned, const char *); +int _add_share(_t */**/, unsigned, const void *, ssize_t); +int _get_share(_t */**/, unsigned, void **, size_t *); +int _write_share(_t */**/, unsigned, const char *); /* finalisation function */ -int _end(_t *); +int _end(_t */**/); __END_DECLS Index: othersrc/crypto/external/bsd//dist/src/lib/lib.3 diff -u othersrc/crypto/external/bsd//dist/src/lib/lib.3:1.2 othersrc/crypto/external/bsd//dist/src/lib/lib.3:1.3 --- othersrc/crypto/external/bsd//dist/src/lib/lib.3:1.2 Mon Mar 21 14:44:47 2011 +++ othersrc/crypto/external/bsd//dist/src/lib/lib.3 Thu Mar 8 02:44:06 2012 @@ -1,6 +1,6 @@ -.\" $NetBSD: lib.3,v 1.2 2011/03/21 14:44:47 wiz Exp $ +.\" $NetBSD: lib.3,v 1.3 2012/03/08 02:44:06 agc Exp $ .\" -.\" Copyright (c) 2010,2011 Alistair Crooks +.\" Copyright (c) 2010-2012 Alistair Crooks .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -23,7 +23,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\"/ -.Dd April 13, 2010 +.Dd March 7, 2012 .Dt LIB 3 .Os .Sh NAME @@ -37,48 +37,42 @@ The following functions split the input into shared parts: .Ft int .Fo _init -.Fa "threshold_t *thresh" "c
CVS commit: othersrc/crypto/external/bsd/ssss
Module Name:othersrc Committed By: agc Date: Tue Feb 21 05:25:42 UTC 2012 Modified Files: othersrc/crypto/external/bsd//dist/include: .h othersrc/crypto/external/bsd//dist/src/lib: secsplit.c othersrc/crypto/external/bsd//dist/src/: main.c othersrc/crypto/external/bsd//lib: Makefile Removed Files: othersrc/crypto/external/bsd//dist/src/lib: internal.h threshold.c Log Message: Numerous changes to (1) and lib(3): + don't use the threshold headers any more - just use our own header + "" is the only algorithm supported by (1) + add back (seamless) file I/O functionality, in the case that a memory mapping, or subsequent memory allocation, fails + don't store information in the share header which could be used as part of an attack (specifically the threshold and total number of shares). + size the extra memory required on a much better estimate of the size needed, rather than a constant size + get rid of unneeded files, now that everything has been cleaned up To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 \ othersrc/crypto/external/bsd//dist/include/.h cvs rdiff -u -r1.1.1.1 -r0 \ othersrc/crypto/external/bsd//dist/src/lib/internal.h cvs rdiff -u -r1.5 -r1.6 \ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c cvs rdiff -u -r1.3 -r0 \ othersrc/crypto/external/bsd//dist/src/lib/threshold.c cvs rdiff -u -r1.2 -r1.3 \ othersrc/crypto/external/bsd//dist/src//main.c cvs rdiff -u -r1.1.1.1 -r1.2 \ othersrc/crypto/external/bsd//lib/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd//dist/include/.h diff -u othersrc/crypto/external/bsd//dist/include/.h:1.1.1.1 othersrc/crypto/external/bsd//dist/include/.h:1.2 --- othersrc/crypto/external/bsd//dist/include/.h:1.1.1.1 Mon Mar 21 05:43:35 2011 +++ othersrc/crypto/external/bsd//dist/include/.h Tue Feb 21 05:25:42 2012 @@ -23,12 +23,12 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef _H_ -#define _H_ 20110320 +#define _H_ 20120220 #include #include -#include +#include #ifndef __BEGIN_DECLS # if defined(__cplusplus) @@ -42,30 +42,66 @@ __BEGIN_DECLS +enum { + _MAX_SHARES = 256, + + _MAGIC_LENGTH = 4, + + _SPLIT_SOURCE = _MAX_SHARES, + _JOIN_DEST = _MAX_SHARES +}; + +/* threshold header written to output file when splitting */ +typedef struct s4_head_t { + char magic[_MAGIC_LENGTH]; /* magic string */ + uint8_t coeff; /* coefficient of this share */ + uint8_t pad[3]; /* padding character */ + uint64_t size; /* size of original file */ +} s4_head_t; + +/* io vector - look familiar? */ +typedef struct _iovec_t { + size_t size; /* size of vector */ + uint8_t *base; /* its base */ +} _iovec_t; + +/* a threshold string */ +typedef struct _str_t { + unsigned iotype; /* type of input mechanism */ + size_t c; /* # of chars */ + _iovec_t io; /* iovec */ + FILE *fp; /* file descriptor */ +} _str_t; + +/* structure to hold threshold information */ +typedef struct _t { + void *handle; /* implementation internals */ + unsigned sharesc; /* total # of shares */ + unsigned threshold; /* # of shares in quorum */ + unsigned strsize; /* size of share */ + unsigned availc; /* # of shares we have added */ + _str_t shares[_MAX_SHARES + 1]; /* the shares themselves */ +} _t; + /* initialisation function */ -int _init(threshold_t *, const char *, unsigned, unsigned); +int _init(_t *, unsigned, unsigned); /* split functions */ -int _split(threshold_t *); +int _split(_t *); /* reconstruction functions */ -int _combine(threshold_t *); +int _combine(_t *); /* join function */ -int _join(threshold_t *); +int _join(_t *); /* functions to retrieve a share or the result of a join */ -int _add_share(threshold_t *, unsigned, const void *, ssize_t); -int _get_share(threshold_t *, unsigned, void **, size_t *); -int _write_share(threshold_t *, unsigned, const char *); - -/* header functions */ -int _sane_header(thresh_head_t *, thresh_head_t *); -int _get_header(thresh_head_t *, const uint8_t *); -int _fmt_header(thresh_head_t *, const char *, unsigned, unsigned, uint64_t); +int _add_share(_t *, unsigned, const void *, ssize_t); +int _get_share(_t *, unsigned, void **, size_t *); +int _write_share(_t *, unsigned, const char *); /* finalisation function */ -int _end(threshold_t *); +int _end(_t *); __END_DECLS Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c diff -u othersrc/crypto/external/bsd//dist/src/lib/secsp
CVS commit: othersrc/crypto/external/bsd/ssss/dist/src/libssss
Module Name:othersrc Committed By: agc Date: Mon Feb 20 06:54:01 UTC 2012 Modified Files: othersrc/crypto/external/bsd//dist/src/lib: secsplit.c Log Message: minor cosmetic changes to make this more readable - no functional change To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 \ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c diff -u othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.4 othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.5 --- othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.4 Sat Feb 18 02:17:42 2012 +++ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c Mon Feb 20 06:54:01 2012 @@ -365,9 +365,7 @@ interpolate(int *x, uint32_t *y, unsigne unsigned i; unsigned j; - for (i = 0; i < n; i++) { - alpha[i] = y[i]; - } + (void) memcpy(alpha, y, n * sizeof(alpha[0])); for (i = 1; i < n; i++) { for (j = n - 1; j >= i; j--) { if (alpha[j] > alpha[j - 1]) { @@ -381,11 +379,7 @@ interpolate(int *x, uint32_t *y, unsigne } product = alpha[n - 1]; for (i = n - 2; (int)i >= 0; i--) { - if (x[i] > 0) { - product *= 0 - x[i] + LARGEST_PRIME; - } else { - product *= 0 - x[i]; - } + product *= -x[i] + ((x[i] > 0) ? LARGEST_PRIME : 0); product += alpha[i]; product %= LARGEST_PRIME; } @@ -447,7 +441,7 @@ get_assemble(s4_t *s4, unsigned nin, thr } /* - * Given a set of nin file descriptors, assemble them to generate the + * Given a set of nin input descriptors, assemble them to generate the * original file. This is the main routine for the assembly case. */ static int
CVS commit: othersrc/crypto/external/bsd/ssss/dist/src
Module Name:othersrc Committed By: agc Date: Sat Feb 18 02:17:42 UTC 2012 Modified Files: othersrc/crypto/external/bsd//dist/src/lib: secsplit.c threshold.c othersrc/crypto/external/bsd//dist/src/: main.c Log Message: Various fixes to improve stability and code readability + previously not enough space was allocated for the unusual occurrence that a 16-bit entity was greater than the largest 16bit prime (65521). Introduce an overhead allocation which works around this issue + the largest prime is not about to change - define it, and don't bother passing it as an argument to functions. + remove an extraneous "can't happen" call to exit() + fix some lint (as seen on amd64) + use better names for variables in the code + move occurrences of fprintf() to warn() - thanks, Christos! + use definitions instead of magic integer constants to make it obvious what's happening with end of file, and odd-sized files + hold on information on input parsing in a separate struct, rather than using arguments to functions + check input arguments to (1), and improve error checking in general With this in place, (1) will now combine shares accessible through httpdev(8) - which opens up a number of opportunities... To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 \ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c cvs rdiff -u -r1.2 -r1.3 \ othersrc/crypto/external/bsd//dist/src/lib/threshold.c cvs rdiff -u -r1.1.1.1 -r1.2 \ othersrc/crypto/external/bsd//dist/src//main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c diff -u othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.3 othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.4 --- othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.3 Thu Oct 13 15:13:39 2011 +++ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c Sat Feb 18 02:17:42 2012 @@ -128,6 +128,7 @@ #include #include +#include #include #include #include @@ -137,7 +138,7 @@ #include "threshold.h" #include "internal.h" -#define PRIME 65521 +#define LARGEST_PRIME 65521 #define S4_KMAX 48 #define S4_NMAX 48 @@ -147,7 +148,17 @@ #define S4_SMALLEST_INPUT 5 -/* Multiplicative inverses of 1-48 mod PRIME */ +#define S4_FILE_MAGIC "s4" + +#ifndef USE_ARG +#define USE_ARG(x) /*LINTED*/(void)&(x) +#endif + +#ifndef __arraycount +#define __arraycount(__x) (sizeof(__x) / sizeof(__x[0])) +#endif + +/* Multiplicative inverses of 1-48 mod LARGEST_PRIME */ static const int invtab[] = { 1, 32761, 43681, 49141, 52417, 54601, 56161, 57331, 58241, 58969, 11913, 60061, 60481, 60841, 61153, 61426, @@ -160,16 +171,15 @@ static const int invtab[] = { typedef struct s4_t { unsigned extra; /* extra from last call */ unsigned magic; /* magic number */ - int have_extra; /* 16-bit entity input */ - int oddflag; /* last return included a pad */ - int seen[S4_KMAX]; /* if seen, then not the first */ - unsigned next_d1[S4_KMAX]; /* for two byte lookahead */ + int padded; /* escaped 16-bit entity input */ + int oddsizefile; /* last return included a pad */ + int peek[S4_KMAX]; /* for two byte lookahead */ uint8_t sharesc; /* # of shares */ } s4_t; /*** Code related to splitting */ -/* Return a random number from 0 to n-1. */ +/* Return a random number from 0 to x-1. */ #define CRANDOM(x) (uint32_t)(arc4random() % (x)) /* @@ -179,77 +189,79 @@ typedef struct s4_t { * poly = Polynomial coefficients * n = # coefficients (order of polynomial + 1) * i = Point to evaluate it at - * mod = Modulus for evaluation */ static uint32_t -eval(uint32_t *poly, unsigned n, unsigned i, uint32_t mod) +eval(uint32_t *poly, unsigned n, unsigned i) { - u_int32_t prod; /* Accumulated product */ - int j; /* index */ + uint32_t prod; /* Accumulated product */ + int j; /* index */ prod = poly[n - 1]; for (j = (n - 1); --j >= 0; ) { prod *= i; prod += poly[j]; - prod %= mod; + prod %= LARGEST_PRIME; } return prod; } +#define _EOF -1 +#define _ODD_SIZED_FILE -2 + /* - * Return a 16-bit value from file f_in, but limit it to be less than limit. - * Anything >= limit-1 gets returned as two consecutive values (on 2 calls). - * Return -1 on EOF, or -2 if the previous return value had been padded - * because the file had an odd # bytes. + * Return a 16-bit value from input, but limit it to be less than + * LARGEST_PRIME. Anything >= LARGEST_PRIME-1 gets returned as two + * consecutive values (on 2 calls). Return -1 on EOF, or -2 if the + * previous return value had been padded because the file had an odd # + * bytes. */ -static uint32_t -get_limited_16(s4_t *s4, thresh_str_t *str, uint32_t li
CVS commit: othersrc/crypto/external/bsd/ssss/dist/src/libssss
Module Name:othersrc Committed By: agc Date: Fri Feb 17 02:11:18 UTC 2012 Modified Files: othersrc/crypto/external/bsd//dist/src/lib: threshold.c Log Message: don't rely on an application (such as (1)) being able to mmap(2) the shares it presents via lib - allocate space using calloc(3) if the mmap fails. this change allows us to use (1) to combine shares from different websites, mounted using httpdev(8). To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 \ othersrc/crypto/external/bsd//dist/src/lib/threshold.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd//dist/src/lib/threshold.c diff -u othersrc/crypto/external/bsd//dist/src/lib/threshold.c:1.1.1.1 othersrc/crypto/external/bsd//dist/src/lib/threshold.c:1.2 --- othersrc/crypto/external/bsd//dist/src/lib/threshold.c:1.1.1.1 Mon Mar 21 05:43:35 2011 +++ othersrc/crypto/external/bsd//dist/src/lib/threshold.c Fri Feb 17 02:11:18 2012 @@ -85,6 +85,21 @@ swapheader(thresh_head_t *head) head->size = (*(char *)(void *)&indian) ? head->size : (uint64_t)BSWAP64(head->size); } +/* allocate space from heap */ +static int +allocate(thresh_str_t *share, const void *data, size_t size) +{ + if ((share->io.base = calloc(1, size)) == NULL) { + (void) fprintf(stderr, "allocate: can't calloc %zu\n", size); + return 0; + } + if (data) { + (void) memcpy(share->io.base, data, size); + } + share->io.size = size; + return 1; +} + /**/ /* check we have a sane header */ @@ -134,6 +149,8 @@ _add_share(threshold_t *thresh, unsi { thresh_str_t *share; struct stat st; + ssize_t rc; + ssize_t cc; FILE *fp; if (n != THRESH_MAX_SHARES) { @@ -149,19 +166,23 @@ _add_share(threshold_t *thresh, unsi share->io.size = (size_t)st.st_size; share->io.base = mmap(NULL, share->io.size, PROT_READ, MAP_PRIVATE, fileno(fp), 0); if (share->io.base == MAP_FAILED) { - (void) fprintf(stderr, "ida_add_share: can't mmap file '%s'\n", (const char *)data); - (void) fclose(fp); - return 0; + if (!allocate(share, NULL, (size_t)st.st_size)) { +return 0; + } + for (cc = 0 ; cc < st.st_size ; cc += rc) { +if ((rc = read(fileno(fp), &share->io.base[cc], st.st_size - cc)) < 0) { + break; +} + } + thresh->mapped[n] = ALLOCATED; + } else { + thresh->mapped[n] = MMAPPED; } - thresh->mapped[n] = MMAPPED; + (void) fclose(fp); } else { - if ((share->io.base = calloc(1, (size_t)size)) == NULL) { - (void) fprintf(stderr, "ida_add_share: can't calloc %zu\n", -(size_t)size); + if (!allocate(share, data, size)) { return 0; } - (void) memcpy(share->io.base, data, (size_t)size); - share->io.size = (size_t)size; thresh->mapped[n] = ALLOCATED; } return 1;
CVS commit: othersrc/crypto/external/bsd/ssss/dist/src/libssss
Module Name:othersrc Committed By: agc Date: Thu Oct 13 15:13:39 UTC 2011 Modified Files: othersrc/crypto/external/bsd//dist/src/lib: secsplit.c Log Message: remove a commented out line, and distribute the size allocation nearer to where it's used: make sure there's enough space in the allocated arrays, especially when odd numbers of bytes are being split/joined. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 \ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c diff -u othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.2 othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.3 --- othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.2 Thu Aug 18 04:19:47 2011 +++ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c Thu Oct 13 15:13:39 2011 @@ -466,7 +466,6 @@ assemble(s4_t *s4, thresh_str_t *inputs, } inputs[i].c += sizeof(heads[i]); x[i] = heads[i].coeff; - //inputs[i].io.size += 2; } for (;;) { if ((d = get_assemble(s4, nin, inputs, x, mod, &oddflag)) == -1) { @@ -532,7 +531,7 @@ split_memory(threshold_t *thresh, const /* allocate space for outputs */ thresh->sharesc = (unsigned)sharesc; for (i = 0 ; i < sharesc ; i++) { - thresh->shares[i].io.size = memsize + sizeof(thresh_head_t); + thresh->shares[i].io.size = memsize + sizeof(thresh_head_t) + 2; thresh->shares[i].c = 0; if (thresh->shares[i].io.base == NULL && (thresh->shares[i].io.base = calloc(1, thresh->shares[i].io.size)) == NULL) { @@ -579,7 +578,7 @@ int s4_combine(threshold_t *thresh) { if (!join_memory(thresh, thresh->shares, - thresh->shares[0].io.size, thresh->threshold, + thresh->shares[0].io.size - 2, thresh->threshold, &thresh->shares[THRESH_JOIN_DEST])) { return -1; }
CVS commit: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey
Module Name:othersrc Committed By: wiz Date: Sun Sep 18 22:33:38 UTC 2011 Modified Files: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey: sharedkey.1 Log Message: Remove trailing whitespace. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 \ othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1 diff -u othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.4 othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.5 --- othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.4 Sun Sep 18 19:27:08 2011 +++ othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1 Sun Sep 18 22:33:38 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: sharedkey.1,v 1.4 2011/09/18 19:27:08 agc Exp $ +.\" $NetBSD: sharedkey.1,v 1.5 2011/09/18 22:33:38 wiz Exp $ .\" .\" Copyright (c) 2010,2011 Alistair Crooks .\" All rights reserved. @@ -138,12 +138,12 @@ .Bd -literal % sharedkey -t 2/3 /etc/group Generating a one-time key -signature 2048/RSA (Encrypt or Sign) 6018e4d1edcd8801 2011-09-17 -Key fingerprint: e6ba 6252 120b 2f6a b702 4223 6018 e4d1 edcd 8801 +signature 2048/RSA (Encrypt or Sign) 6018e4d1edcd8801 2011-09-17 +Key fingerprint: e6ba 6252 120b 2f6a b702 4223 6018 e4d1 edcd 8801 uid /etc/group shared 2/3 by agc Sat Sep 17 14:32:28 2011 netpgp: generated keys in directory /tmp/share.04718a/6018e4d1edcd8801 -Enter passphrase for 6018e4d1edcd8801: -Repeat passphrase for 6018e4d1edcd8801: +Enter passphrase for 6018e4d1edcd8801: +Repeat passphrase for 6018e4d1edcd8801: Shared secrets are in: /tmp/share.04718a % mat tvf /tmp/share.*/share000.mat @@ -166,10 +166,10 @@ Two of the shares can then be used to recover the secret in the following way: .Bd -literal % sharedkey -o group.recover -r /tmp/share.*/share002.mat /tmp/share.*/share000.mat -signature 2048/RSA (Encrypt or Sign) 6018e4d1edcd8801 2011-09-17 -Key fingerprint: e6ba 6252 120b 2f6a b702 4223 6018 e4d1 edcd 8801 +signature 2048/RSA (Encrypt or Sign) 6018e4d1edcd8801 2011-09-17 +Key fingerprint: e6ba 6252 120b 2f6a b702 4223 6018 e4d1 edcd 8801 uid /etc/group shared 2/3 by agc Sat Sep 17 14:32:28 2011 -netpgp passphrase: +netpgp passphrase: % diff /etc/group group.recover % ls -l /etc/group group.recover -rw-r--r-- 1 root wheel 535 Oct 4 21:44 /etc/group
CVS commit: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey
Module Name:othersrc Committed By: agc Date: Sun Sep 18 19:27:09 UTC 2011 Modified Files: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey: sharedkey.1 Log Message: sync man page with reality To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 \ othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1 diff -u othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.3 othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.4 --- othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.3 Mon Mar 21 14:44:47 2011 +++ othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1 Sun Sep 18 19:27:08 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: sharedkey.1,v 1.3 2011/03/21 14:44:47 wiz Exp $ +.\" $NetBSD: sharedkey.1,v 1.4 2011/09/18 19:27:08 agc Exp $ .\" .\" Copyright (c) 2010,2011 Alistair Crooks .\" All rights reserved. @@ -23,7 +23,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd March 20, 2011 +.Dd September 18, 2011 .Dt SHAREDKEY 1 .Os .Sh NAME @@ -138,47 +138,42 @@ .Bd -literal % sharedkey -t 2/3 /etc/group Generating a one-time key -signature 2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 -Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 -uid /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010 -Enter passphrase for db2d87129df8ca38: -Repeat passphrase for db2d87129df8ca38: -Shared secrets are in: /tmp/share.008847aa -% ls -l /tmp/share.008847aa -total 14 --rw-r--r-- 1 agc wheel 621 Nov 22 16:46 pubring.gpg --rw-r--r-- 1 agc wheel 2947 Nov 22 16:46 share000.tar.gz --rw-r--r-- 1 agc wheel 2948 Nov 22 16:46 share001.tar.gz --rw-r--r-- 1 agc wheel 2955 Nov 22 16:46 share002.tar.gz -% tar tvzf /tmp/share.008847aa/share000.tar.gz -drwxr-xr-x 2 agc wheel 0 Nov 22 16:46 share000 -lrwxr-xr-x 1 agc wheel 0 Nov 22 16:46 share000/keyid -> db2d87129df8ca38 --rw--- 1 agc wheel625 Nov 22 16:46 share000/group.gpg -lrwxr-xr-x 1 agc wheel 0 Nov 22 16:46 share000/secret -> group.gpg --rw-r--r-- 1 agc wheel621 Nov 22 16:46 share000/pubring.gpg --rw-r--r-- 1 agc wheel 1316 Nov 22 16:46 share000/secring.gpg.000 -tar: ustar vol 1, 6 files, 10240 bytes read, 0 bytes written in 1 secs (10240 bytes/sec) -% netpgpkeys -l --homedir /tmp/share.008847aa -1 key found -signature 2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 -Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 -uid /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010 +signature 2048/RSA (Encrypt or Sign) 6018e4d1edcd8801 2011-09-17 +Key fingerprint: e6ba 6252 120b 2f6a b702 4223 6018 e4d1 edcd 8801 +uid /etc/group shared 2/3 by agc Sat Sep 17 14:32:28 2011 +netpgp: generated keys in directory /tmp/share.04718a/6018e4d1edcd8801 +Enter passphrase for 6018e4d1edcd8801: +Repeat passphrase for 6018e4d1edcd8801: +Shared secrets are in: /tmp/share.04718a +% mat tvf /tmp/share.*/share000.mat +drwx-- 2 agc wheel512 Sep 17 14:32 share000 +lrwxr-xr-x 1 agc wheel 16 Sep 17 14:32 share000/keyid -> 6018e4d1edcd8801 +-rw-r--r-- 1 agc wheel623 Sep 17 14:32 share000/secret.gpg +-rw-r--r-- 1 agc wheel617 Sep 17 14:32 share000/pubring.gpg +-rw-r--r-- 1 agc wheel 1323 Sep 17 14:32 share000/secring.gpg.share +% ls -laR /tmp/share.* +total 18 +drwx-- 2 agc wheel 512 Sep 17 14:32 . +drwxrwxrwt 5 root wheel 512 Sep 17 14:32 .. +-rw-r--r-- 1 agc wheel 617 Sep 17 14:32 pubring.gpg +-rw--- 1 agc wheel 3444 Sep 17 14:32 share000.mat +-rw--- 1 agc wheel 3444 Sep 17 14:32 share001.mat +-rw--- 1 agc wheel 3444 Sep 17 14:32 share002.mat +% .Ed .Pp Two of the shares can then be used to recover the secret in the following way: .Bd -literal -% sharedkey -r -o group.recover /tmp/share.008847aa/share000.tar.gz /tmp/share.008847aa/share001.tar.gz -Creating file /tmp/recover.008981aa/db2d87129df8ca38/secring.gpg from files: -signature 2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 -Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 -uid /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010 -netpgp passphrase: -Recovered secret in: group.recover - +% sharedkey -o group.recover -r /tmp/share.*/share002.mat /tmp/share.*/share000.mat +signature 2048/RSA (Encrypt or Sign) 6018e4d1edcd8801 2011-09-17 +Key fingerprint: e6ba 6252 120b 2f6a b702 4223 6018 e4d1 edcd 8801 +uid /etc/group shared 2/3 by agc Sat Sep 17 14:32:28 2011 +netpgp passphras
CVS commit: othersrc/crypto/external/bsd/ssss/dist/src/libssss
Module Name:othersrc Committed By: agc Date: Thu Aug 18 04:19:47 UTC 2011 Modified Files: othersrc/crypto/external/bsd//dist/src/lib: secsplit.c Log Message: With thanks to yamt for the heads-up, and to tls for the suggestion, needs a csprng - use arc4random(3) rather than random(3) for an unpredictable source of randomness. To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 \ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd//dist/src/lib/secsplit.c diff -u othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.1.1.1 othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.2 --- othersrc/crypto/external/bsd//dist/src/lib/secsplit.c:1.1.1.1 Mon Mar 21 05:43:35 2011 +++ othersrc/crypto/external/bsd//dist/src/lib/secsplit.c Thu Aug 18 04:19:47 2011 @@ -170,7 +170,7 @@ /*** Code related to splitting */ /* Return a random number from 0 to n-1. */ -#define CRANDOM(x) (uint32_t)(random() % (x)) +#define CRANDOM(x) (uint32_t)(arc4random() % (x)) /* * Evaluate the given polynomial, n coefficients, at point x=i.
CVS commit: othersrc/crypto/external/bsd/sharedkey
Module Name:othersrc Committed By: agc Date: Fri Jul 15 05:37:33 UTC 2011 Modified Files: othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey: libsharedkey.c othersrc/crypto/external/bsd/sharedkey/sharedkey: Makefile Log Message: move from using a system(3) call to tar to package up the individual shares, to using libmat(3). Removes the remaining "XXX" from this code. the getopt2 lib is specified explicitly in the Makefiles for the benefit of all of the sun2 port users out there. also fix some lint To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 \ othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/libsharedkey.c cvs rdiff -u -r1.1.1.1 -r1.2 \ othersrc/crypto/external/bsd/sharedkey/sharedkey/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/libsharedkey.c diff -u othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/libsharedkey.c:1.1.1.1 othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/libsharedkey.c:1.2 --- othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/libsharedkey.c:1.1.1.1 Mon Mar 21 07:10:42 2011 +++ othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/libsharedkey.c Fri Jul 15 05:37:33 2011 @@ -39,8 +39,13 @@ #include #include +#include "mat.h" #include "sharedkey.h" +#ifndef __UNCONST +#define __UNCONST(a) ((void *)(unsigned long)(const void *)(a)) +#endif + /* copy from one file to another */ static int copy(const char *fromdir, const char *from, const char *todir, const char *to) @@ -52,8 +57,8 @@ char *mem; FILE *fpr; FILE *fpw; - int wc; - int cc; + ssize_t wc; + ssize_t cc; (void) snprintf(fromname, sizeof(fromname), "%s/%s", fromdir, from); (void) snprintf(toname, sizeof(toname), "%s/%s", todir, to); @@ -102,14 +107,14 @@ { va_list args; char name[MAXPATHLEN]; - int cc; + ssize_t cc; va_start(args, fmt); vsnprintf(name, sizeof(name), fmt, args); va_end(args); cc = readlink(name, contents, size); contents[cc] = 0x0; - return cc; + return (int)cc; } /* varargs stat function */ @@ -144,7 +149,7 @@ { const char *last; const char *s; - int sufflen; + size_t sufflen; if ((s = strrchr(name, '/')) == NULL) { s = name; @@ -240,17 +245,19 @@ { threshold_t threshold; struct stat st; + const char *mat = "mattar"; netpgp_t netpgp; unsigned i; size_t cc; time_t t; + char archive[MAXPATHLEN]; char keyrings[MAXPATHLEN]; char secret[MAXPATHLEN]; char sharedir[MAXPATHLEN]; char scratch[MAXPATHLEN]; char d[MAXPATHLEN]; + char sharenum[32]; char desc[1024]; - char cmd[8192]; char *share; (void) memset(&netpgp, 0x0, sizeof(netpgp)); @@ -289,7 +296,7 @@ (void) snprintf(secret, sizeof(secret), "%s/secret.gpg", keyrings); netpgp_encrypt_file(&netpgp, sharedkey->keyid, f, secret, 0); /* share the private key */ - _init(&threshold, "", (uint8_t)sharedkey->threshold, (uint8_t)sharedkey->shares); + _init(&threshold, "", (unsigned)sharedkey->threshold, (unsigned)sharedkey->shares); (void) snprintf(scratch, sizeof(scratch), "%s/secring.gpg", keyrings); _add_share(&threshold, THRESH_SPLIT_SOURCE, scratch, -1); _split(&threshold); @@ -302,11 +309,10 @@ copy(keyrings, "pubring.gpg", sharedir, "pubring.gpg"); _get_share(&threshold, i, (void **)(void *)&share, &cc); writeshare(share, cc, "%s/secring.gpg.share", sharedir); - (void) snprintf(cmd, sizeof(cmd), - "tar -C %s -czf %s/share%.3d.tar.gz share%.3d", - sharedkey->splitdir, sharedkey->splitdir, i, i); - system(cmd); /* XXX */ - vsyscall(0600, "chmod", "%s/share%.3d.tar.gz", sharedkey->splitdir, i); + snprintf(archive, sizeof(archive), "%s/share%.3d.mat", sharedkey->splitdir, i); + snprintf(sharenum, sizeof(sharenum), "share%.3d", i); + mat_vtar(__UNCONST(mat), "-cvvf", archive, "-C", sharedkey->splitdir, sharenum, NULL); + vsyscall(0600, "chmod", "%s/share%.3d.mat", sharedkey->splitdir, i); recursive_rm(sharedir); } _end(&threshold); @@ -321,16 +327,14 @@ { threshold_t threshold; struct stat st; + const char *mat = "mattar"; netpgp_t netpgp; - //size_t size; char *recoverdir; - char cmd[8192]; char keyring[MAXPATHLEN]; char scratch[MAXPATHLEN]; char secring[MAXPATHLEN]; char both[MAXPATHLEN]; char d[MAXPATHLEN]; - //char *share; int i; (void) snprintf(d, sizeof(d), "/tmp/recover.XX"); @@ -342,9 +346,8 @@ return 0; } for (i = optind ; i < argc ; i++) { - (void) snprintf(cmd, sizeof(cmd), "tar -C %s -xzf %s", recoverdir, argv[i]); - system(cmd); /* XXX */ - (void) realbasename(argv[i], ".tar.gz", scratch, sizeof(scratch)); + mat_vtar(__UNCONST(mat), "-xf", argv[i], "-C", recoverdir, NULL); + (void) realbasename(argv[i], ".mat", s
CVS commit: othersrc/crypto/external/bsd
Module Name:othersrc Committed By: wiz Date: Mon Mar 21 14:44:48 UTC 2011 Modified Files: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey: sharedkey.1 othersrc/crypto/external/bsd//dist/src/lib: lib.3 othersrc/crypto/external/bsd//dist/src/: .1 Log Message: Whitespace nits, use \- for a minus sign. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 \ othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1 cvs rdiff -u -r1.1.1.1 -r1.2 \ othersrc/crypto/external/bsd//dist/src/lib/lib.3 cvs rdiff -u -r1.1.1.1 -r1.2 \ othersrc/crypto/external/bsd//dist/src//.1 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1 diff -u othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.2 othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.3 --- othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.2 Mon Mar 21 07:15:33 2011 +++ othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1 Mon Mar 21 14:44:47 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: sharedkey.1,v 1.2 2011/03/21 07:15:33 agc Exp $ +.\" $NetBSD: sharedkey.1,v 1.3 2011/03/21 14:44:47 wiz Exp $ .\" .\" Copyright (c) 2010,2011 Alistair Crooks .\" All rights reserved. @@ -138,11 +138,11 @@ .Bd -literal % sharedkey -t 2/3 /etc/group Generating a one-time key -signature 2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 -Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 +signature 2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 +Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 uid /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010 -Enter passphrase for db2d87129df8ca38: -Repeat passphrase for db2d87129df8ca38: +Enter passphrase for db2d87129df8ca38: +Repeat passphrase for db2d87129df8ca38: Shared secrets are in: /tmp/share.008847aa % ls -l /tmp/share.008847aa total 14 @@ -161,7 +161,7 @@ % netpgpkeys -l --homedir /tmp/share.008847aa 1 key found signature 2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 -Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 +Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 uid /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010 .Ed @@ -170,10 +170,10 @@ .Bd -literal % sharedkey -r -o group.recover /tmp/share.008847aa/share000.tar.gz /tmp/share.008847aa/share001.tar.gz Creating file /tmp/recover.008981aa/db2d87129df8ca38/secring.gpg from files: -signature 2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 -Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 +signature 2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 +Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 uid /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010 -netpgp passphrase: +netpgp passphrase: Recovered secret in: group.recover % ls -l /etc/group group.recover Index: othersrc/crypto/external/bsd//dist/src/lib/lib.3 diff -u othersrc/crypto/external/bsd//dist/src/lib/lib.3:1.1.1.1 othersrc/crypto/external/bsd//dist/src/lib/lib.3:1.2 --- othersrc/crypto/external/bsd//dist/src/lib/lib.3:1.1.1.1 Mon Mar 21 05:43:35 2011 +++ othersrc/crypto/external/bsd//dist/src/lib/lib.3 Mon Mar 21 14:44:47 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: lib.3,v 1.1.1.1 2011/03/21 05:43:35 agc Exp $ +.\" $NetBSD: lib.3,v 1.2 2011/03/21 14:44:47 wiz Exp $ .\" .\" Copyright (c) 2010,2011 Alistair Crooks .\" All rights reserved. @@ -28,7 +28,7 @@ .Os .Sh NAME .Nm lib -.Nd secret sharing library +.Nd secret sharing library .Sh LIBRARY .Lb lib .Sh SYNOPSIS @@ -101,7 +101,7 @@ .It use Shamir's Secret Sharing Scheme to share the original file in a way that cannot be recovered by others except by using -a number of shares equalling the threshold +a number of shares equalling the threshold .El .Pp If the threshold is set to 1, then any of the shares can be used to @@ -145,7 +145,7 @@ .Fa data argument, and a value of -.Dv -1 +.Dv \-1 should be given for the length. .Pp To split input data into shares, Index: othersrc/crypto/external/bsd//dist/src//.1 diff -u othersrc/crypto/external/bsd//dist/src//.1:1.1.1.1 othersrc/crypto/external/bsd//dist/src//.1:1.2 --- othersrc/crypto/external/bsd//dist/src//.1:1.1.1.1 Mon Mar 21 05:43:35 2011 +++ othersrc/crypto/external/bsd//dist/src//.1 Mon Mar 21 14:44:47 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: .1,v 1.1.1.1 2011/03/21 05:43:35 agc Exp $ +.\" $NetBSD: .1,v 1.2 2011/03/21 14:44:47 wiz Exp $ .\" .\" Copyright (c) 2010,2011 Alistair Crooks
CVS commit: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey
Module Name:othersrc Committed By: agc Date: Mon Mar 21 07:15:33 UTC 2011 Modified Files: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey: sharedkey.1 Log Message: update names and locations to reflect current use. To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 \ othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1 diff -u othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.1.1.1 othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.2 --- othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1:1.1.1.1 Mon Mar 21 07:10:42 2011 +++ othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1 Mon Mar 21 07:15:33 2011 @@ -1,6 +1,6 @@ -.\" $NetBSD: sharedkey.1,v 1.1.1.1 2011/03/21 07:10:42 agc Exp $ +.\" $NetBSD: sharedkey.1,v 1.2 2011/03/21 07:15:33 agc Exp $ .\" -.\" Copyright (c) 2010 Alistair Crooks +.\" Copyright (c) 2010,2011 Alistair Crooks .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -23,11 +23,11 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd April 13, 2010 -.Dt OTK 1 +.Dd March 20, 2011 +.Dt SHAREDKEY 1 .Os .Sh NAME -.Nm otk +.Nm sharedkey .Nd secret-sharing and recovery utility using one-time RSA keys .Sh SYNOPSIS .Nm @@ -61,13 +61,12 @@ .Nm command is used to recover a secret which has been shared using -.Xr otk 1 , -using a one-time RSA key generated by -.Xr netpgpkeys 1 , -encrypted using -.Xr netpgp 1 , +.Nm +using a one-time RSA key generated and +encrypted by +.Xr libnetpgp 3 , and then split into shares using -.Xr threshold 1 . +.Xr lib 3 . Only the .Dv threshold number of shares is needed to recover the secret, @@ -137,21 +136,21 @@ .Pa /etc/group into 3 separate shares, of which 2 are needed to reconstruct the original file. .Bd -literal -% otk -t 2/3 /etc/group +% sharedkey -t 2/3 /etc/group Generating a one-time key signature 2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 uid /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010 Enter passphrase for db2d87129df8ca38: Repeat passphrase for db2d87129df8ca38: -Shared secrets are in: /tmp/otk.008847aa -% ls -l /tmp/otk.008847aa +Shared secrets are in: /tmp/share.008847aa +% ls -l /tmp/share.008847aa total 14 -rw-r--r-- 1 agc wheel 621 Nov 22 16:46 pubring.gpg -rw-r--r-- 1 agc wheel 2947 Nov 22 16:46 share000.tar.gz -rw-r--r-- 1 agc wheel 2948 Nov 22 16:46 share001.tar.gz -rw-r--r-- 1 agc wheel 2955 Nov 22 16:46 share002.tar.gz -% tar tvzf /tmp/otk.008847aa/share000.tar.gz +% tar tvzf /tmp/share.008847aa/share000.tar.gz drwxr-xr-x 2 agc wheel 0 Nov 22 16:46 share000 lrwxr-xr-x 1 agc wheel 0 Nov 22 16:46 share000/keyid -> db2d87129df8ca38 -rw--- 1 agc wheel625 Nov 22 16:46 share000/group.gpg @@ -159,7 +158,7 @@ -rw-r--r-- 1 agc wheel621 Nov 22 16:46 share000/pubring.gpg -rw-r--r-- 1 agc wheel 1316 Nov 22 16:46 share000/secring.gpg.000 tar: ustar vol 1, 6 files, 10240 bytes read, 0 bytes written in 1 secs (10240 bytes/sec) -% netpgpkeys -l --homedir /tmp/otk.008847aa +% netpgpkeys -l --homedir /tmp/share.008847aa 1 key found signature 2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 @@ -169,8 +168,8 @@ .Pp Two of the shares can then be used to recover the secret in the following way: .Bd -literal -% otk -r -o group.recover /tmp/otk.008847aa/share000.tar.gz /tmp/otk.008847aa/share001.tar.gz -Creating file /tmp/otkrecover.008981aa/db2d87129df8ca38/secring.gpg from files: +% sharedkey -r -o group.recover /tmp/share.008847aa/share000.tar.gz /tmp/share.008847aa/share001.tar.gz +Creating file /tmp/recover.008981aa/db2d87129df8ca38/secring.gpg from files: signature 2048/RSA (Encrypt or Sign) db2d87129df8ca38 2010-11-23 Key fingerprint: c632 7068 8809 2dad 15f3 f84b db2d 8712 9df8 ca38 uid /etc/group shared 2/3 by agc Mon Nov 22 16:46:27 PST 2010 @@ -190,7 +189,7 @@ .Sh SEE ALSO .Xr tar 1 , .Xr libnetpgp 3 , -.Xr libotk 3 +.Xr lib 3 .Sh HISTORY The .Nm
CVS commit: othersrc/crypto/external/bsd/sharedkey
Module Name:othersrc Committed By: agc Date: Mon Mar 21 07:10:45 UTC 2011 Update of /cvsroot/othersrc/crypto/external/bsd/sharedkey In directory ivanova.netbsd.org:/tmp/cvs-serv15677 Log Message: Initial import, into othersrc/crypto, of sharedkey, a library and utility which generates a one-time key (by default RSA 2048bit), which is used to encrypt a secret to be shared between a number of people. The secret is encrypted to the generated, one-time key. That key is then distributed using lib(3). All encryption and decryption are accomplished via libnetpgp(3). The secret can be recovered by presenting a threshold of shares, and using that to recover the secret key, which can then be used to decrypt the original secret. The key can optionally be further protected by a passphrase, which is set at one-time-key generation time. The net effect is to introduce a gate to recovery - with a passphrase, secret recovery can be gated through an individual who knows the passphrase - this protects against collusion to recover the secret "behind everyone's backs". At the same time, normal passphrase propagation rules apply, and there is a potential for a Single Point of Failure. There are a number of use cases for this functionality, which is a generalised and much more flexible form of encryption to a number of users. Shares can be distributed in non-uniform amounts, for example, so that more important players in the group can receive more than one share. Ad-hoc user groups can be established. Shares can be encrypted to other user's keys, and protected in transit that way. Shares can be encrypted to the distributor's key before encrypting to the recipient's key - this will protect against collusion and accidental exposure of the secret, but again introduces a SPoF. Backups can be generated which can be recovered only when a quorum of known and authorised keys have authorised it. There are many other use cases for this - they are left as an exercise for the reader. The original public key is kept around to provide information on the encrypted secret - who, when, how many shares, quorum, etc. If this is deemed to be sensitive, this information can be redacted by using the -a switch (to anonymize the public key). There are still some loose ends to this code, but it is functional at the present time. Further review is welcomed and encouraged. A worked example, taken from the regression test for sharedkey(1) distributes the /etc/group file on a machine to 3 shares, of which 2 make a quorum. The group file is then recovered by using two of the generated shares: % make t cd /usr/othersrc/crypto/external/bsd/sharedkey/sharedkey && make t make split rm -rf /tmp/share.* /tmp/recover.* ./sharedkey -t 2/3 /etc/group Generating a one-time key /tmp/share.14828a/pubring.gpg: No such file or directory Can't read pubring /tmp/share.14828a/pubring.gpg Can't read pub keyring signature 2048/RSA (Encrypt or Sign) 5eb658fbc4e0c0fc 2011-03-20 Key fingerprint: 1878 2f43 ff3b 0792 2f1c bacc 5eb6 58fb c4e0 c0fc uid /etc/group shared 2/3 by agc Sun Mar 20 03:48:28 2011 netpgp: generated keys in directory /tmp/share.14828a/5eb658fbc4e0c0fc Enter passphrase for 5eb658fbc4e0c0fc: Repeat passphrase for 5eb658fbc4e0c0fc: Shared secrets are in: /tmp/share.14828a tar tvzf /tmp/share.*/share000.tar.gz drwx-- 2 agc wheel 0 Mar 20 03:48 share000 lrwxr-xr-x 1 agc wheel 0 Mar 20 03:48 share000/keyid -> 5eb658fbc4e0c0fc -rw-r--r-- 1 agc wheel609 Mar 20 03:48 share000/secret.gpg -rw-r--r-- 1 agc wheel617 Mar 20 03:48 share000/pubring.gpg -rw-r--r-- 1 agc wheel 1323 Mar 20 03:48 share000/secring.gpg.share tar: ustar vol 1, 5 files, 10240 bytes read, 0 bytes written in 1 secs (10240 bytes/sec) ls -laR /tmp/share.* total 18 drwx-- 2 agc wheel 512 Mar 20 03:48 . drwxrwxrwt 5 root wheel 512 Mar 20 03:48 .. -rw-r--r-- 1 agc wheel 617 Mar 20 03:48 pubring.gpg -rw--- 1 agc wheel 2908 Mar 20 03:48 share000.tar.gz -rw--- 1 agc wheel 2908 Mar 20 03:48 share001.tar.gz -rw--- 1 agc wheel 2910 Mar 20 03:48 share002.tar.gz make join ./sharedkey -o group.recover -r /tmp/share.*/share002.tar.gz /tmp/share.*/share000.tar.gz Error: Format error (ptag bit not set) signature 2048/RSA (Encrypt or Sign) 5eb658fbc4e0c0fc 2011-03-20 Key fingerprint: 1878 2f43 ff3b 0792 2f1c bacc 5eb6 58fb c4e0 c0fc uid /etc/group shared 2/3 by agc Sun Mar 20 03:48:28 2011 netpgp passphrase: % Status: Vendor Tag: CROOKS Release Tags: sharedkey-base N othersrc/crypto/external/bsd/sharedkey/Makefile N othersrc/crypto/external/bsd/sharedkey/mkdist N othersrc/crypto/external/bsd/sharedkey/Makefile.inc N othersrc/crypto/external/bsd/sharedkey/dist/Makefile.am N othersrc/crypto/external/bsd/sharedkey/dist/TODO N othersrc/crypto/external/bsd/sharedkey/dist/aclocal.m4 N othersrc/crypto/external/bsd/s
CVS commit: othersrc/crypto/external/bsd/ssss
Module Name:othersrc Committed By: agc Date: Mon Mar 21 05:43:38 UTC 2011 Update of /cvsroot/othersrc/crypto/external/bsd/ In directory ivanova.netbsd.org:/tmp/cvs-serv27364 Log Message: Initial import of alternative threshold code to othersrc/crypto to perform Shamir's Secret Sharing Scheme. For more information on Sharmir's Secret Sharing Scheme ( or S4), please see: http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing To re-iterate: this is a threshold scheme where an original secret is split into shares. When a threshold of shares is presented, the original secret can be reconstructed. This is closely related to the threshold routines previously imported into othersrc; the difference is that this code does not reveal any of the information in the original secret until a threshold of shares is presented. Compared to IDA, for example, an share is the same size as the original data (compared to originalsize / threshold for IDA), but provides privacy which IDA does not do. This implementation of keeps the same interface as the threshold(1) and libthreshold(3), for convenience sake. Status: Vendor Tag: CROOKS Release Tags: -base N othersrc/crypto/external/bsd//Makefile N othersrc/crypto/external/bsd//mkdist N othersrc/crypto/external/bsd//Makefile.inc N othersrc/crypto/external/bsd//dist/Makefile.am N othersrc/crypto/external/bsd//dist/TODO N othersrc/crypto/external/bsd//dist/aclocal.m4 N othersrc/crypto/external/bsd//dist/configure N othersrc/crypto/external/bsd//dist/configure.ac N othersrc/crypto/external/bsd//dist/libtool N othersrc/crypto/external/bsd//dist/tst N othersrc/crypto/external/bsd//dist/buildaux/config.guess N othersrc/crypto/external/bsd//dist/buildaux/config.sub N othersrc/crypto/external/bsd//dist/buildaux/depcomp N othersrc/crypto/external/bsd//dist/buildaux/install-sh N othersrc/crypto/external/bsd//dist/buildaux/ltmain.sh N othersrc/crypto/external/bsd//dist/buildaux/missing N othersrc/crypto/external/bsd//dist/include/.h N othersrc/crypto/external/bsd//dist/include/Makefile.am N othersrc/crypto/external/bsd//dist/src/Makefile.am N othersrc/crypto/external/bsd//dist/src/Makefile.in N othersrc/crypto/external/bsd//dist/src//.1 N othersrc/crypto/external/bsd//dist/src//Makefile.am N othersrc/crypto/external/bsd//dist/src//Makefile.in N othersrc/crypto/external/bsd//dist/src//main.c N othersrc/crypto/external/bsd//dist/src/lib/Makefile.am N othersrc/crypto/external/bsd//dist/src/lib/Makefile.in N othersrc/crypto/external/bsd//dist/src/lib/config.h.in N othersrc/crypto/external/bsd//dist/src/lib/internal.h N othersrc/crypto/external/bsd//dist/src/lib/lib.3 N othersrc/crypto/external/bsd//dist/src/lib/secsplit.c N othersrc/crypto/external/bsd//dist/src/lib/threshold.c N othersrc/crypto/external/bsd//dist/autom4te.cache/requests N othersrc/crypto/external/bsd//dist/autom4te.cache/output.0 N othersrc/crypto/external/bsd//dist/autom4te.cache/traces.0 N othersrc/crypto/external/bsd///Makefile N othersrc/crypto/external/bsd//lib/shlib_version N othersrc/crypto/external/bsd//lib/Makefile N othersrc/crypto/external/bsd//lib/config.h No conflicts created by this import