Module Name: src Committed By: agc Date: Thu Nov 4 06:45:28 UTC 2010
Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: crypto.h misc.c netpgp.c openssl_crypto.c packet-show.c packet.h symmetric.c version.h Log Message: Update to version 3.99.13: + add ability in netpgpkeys(1) to specify the cipher (symmetric algorithm) as specified in RFC 5581 + add the camellia cipher implementation from openssl To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.23 \ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h cvs rdiff -u -r1.36 -r1.37 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c cvs rdiff -u -r1.78 -r1.79 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c cvs rdiff -u -r1.29 -r1.30 \ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c cvs rdiff -u -r1.17 -r1.18 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c cvs rdiff -u -r1.26 -r1.27 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet.h cvs rdiff -u -r1.12 -r1.13 \ src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c cvs rdiff -u -r1.42 -r1.43 \ src/crypto/external/bsd/netpgp/dist/src/lib/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h diff -u src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.22 src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.23 --- src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.22 Thu Nov 4 01:18:34 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h Thu Nov 4 06:45:28 2010 @@ -132,6 +132,7 @@ int __ops_elgamal_private_decrypt(uint8_t *, const uint8_t *, size_t, const __ops_elgamal_seckey_t *, const __ops_elgamal_pubkey_t *); +__ops_symm_alg_t __ops_str_to_cipher(const char *); unsigned __ops_block_size(__ops_symm_alg_t); unsigned __ops_key_size(__ops_symm_alg_t); @@ -199,7 +200,8 @@ /* Keys */ __ops_key_t *__ops_rsa_new_selfsign_key(const int, - const unsigned long, uint8_t *, const char *); + const unsigned long, uint8_t *, const char *, + const char *); int __ops_dsa_size(const __ops_dsa_pubkey_t *); DSA_SIG *__ops_dsa_sign(uint8_t *, unsigned, Index: src/crypto/external/bsd/netpgp/dist/src/lib/misc.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.36 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.37 --- src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.36 Sun Aug 15 16:36:24 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/misc.c Thu Nov 4 06:45:28 2010 @@ -57,7 +57,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: misc.c,v 1.36 2010/08/15 16:36:24 agc Exp $"); +__RCSID("$NetBSD: misc.c,v 1.37 2010/11/04 06:45:28 agc Exp $"); #endif #include <sys/types.h> @@ -793,6 +793,37 @@ } } +/* structure to map string to cipher def */ +typedef struct str2cipher_t { + const char *s; /* cipher name */ + __ops_symm_alg_t i; /* cipher def */ +} str2cipher_t; + +static str2cipher_t str2cipher[] = { + { "cast5", OPS_SA_CAST5 }, + { "idea", OPS_SA_IDEA }, + { "aes128", OPS_SA_AES_128 }, + { "aes256", OPS_SA_AES_256 }, + { "camellia128", OPS_SA_CAMELLIA_128 }, + { "camellia256", OPS_SA_CAMELLIA_256 }, + { "tripledes", OPS_SA_TRIPLEDES }, + { NULL, 0 } +}; + +/* convert from a string to a cipher definition */ +__ops_symm_alg_t +__ops_str_to_cipher(const char *cipher) +{ + str2cipher_t *sp; + + for (sp = str2cipher ; cipher && sp->s ; sp++) { + if (netpgp_strcasecmp(cipher, sp->s) == 0) { + return sp->i; + } + } + return OPS_SA_DEFAULT_CIPHER; +} + void __ops_random(void *dest, size_t length) { Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.78 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.79 --- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.78 Sun Oct 31 19:45:53 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Thu Nov 4 06:45:28 2010 @@ -34,7 +34,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: netpgp.c,v 1.78 2010/10/31 19:45:53 stacktic Exp $"); +__RCSID("$NetBSD: netpgp.c,v 1.79 2010/11/04 06:45:28 agc Exp $"); #endif #include <sys/types.h> @@ -1108,10 +1108,13 @@ if (id) { (void) snprintf(newid, sizeof(newid), "%s", id); } else { - (void) snprintf(newid, sizeof(newid), "RSA %d-bit key <%...@localhost>", numbits, getenv("LOGNAME")); + (void) snprintf(newid, sizeof(newid), + "RSA %d-bit key <%...@localhost>", numbits, getenv("LOGNAME")); } uid = (uint8_t *)newid; - key = __ops_rsa_new_selfsign_key(numbits, 65537UL, uid, netpgp_getvar(netpgp, "hash")); + key = __ops_rsa_new_selfsign_key(numbits, 65537UL, uid, + netpgp_getvar(netpgp, "hash"), + netpgp_getvar(netpgp, "cipher")); if (key == NULL) { (void) fprintf(io->errs, "Cannot generate key\n"); return 0; Index: src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.29 src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.30 --- src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.29 Wed Sep 8 03:21:22 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c Thu Nov 4 06:45:28 2010 @@ -57,7 +57,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: openssl_crypto.c,v 1.29 2010/09/08 03:21:22 agc Exp $"); +__RCSID("$NetBSD: openssl_crypto.c,v 1.30 2010/11/04 06:45:28 agc Exp $"); #endif #ifdef HAVE_OPENSSL_DSA_H @@ -685,7 +685,8 @@ rsa_generate_keypair(__ops_key_t *keydata, const int numbits, const unsigned long e, - const char *hashalg) + const char *hashalg, + const char *cipher) { __ops_seckey_t *seckey; RSA *rsa; @@ -714,10 +715,10 @@ seckey->s2k_usage = OPS_S2KU_ENCRYPTED_AND_HASHED; seckey->s2k_specifier = OPS_S2KS_SALTED; /* seckey->s2k_specifier=OPS_S2KS_SIMPLE; */ - seckey->alg = OPS_SA_CAST5; /* \todo make param */ if ((seckey->hash_alg = __ops_str_to_hash_alg(hashalg)) == OPS_HASH_UNKNOWN) { seckey->hash_alg = OPS_HASH_SHA1; } + seckey->alg = __ops_str_to_cipher(cipher); seckey->octetc = 0; seckey->checksum = 0; @@ -796,12 +797,13 @@ __ops_rsa_new_selfsign_key(const int numbits, const unsigned long e, uint8_t *userid, - const char *hashalg) + const char *hashalg, + const char *cipher) { __ops_key_t *keydata; keydata = __ops_keydata_new(); - if (!rsa_generate_keypair(keydata, numbits, e, hashalg) || + if (!rsa_generate_keypair(keydata, numbits, e, hashalg, cipher) || !__ops_add_selfsigned_userid(keydata, userid)) { __ops_keydata_free(keydata); return NULL; Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c:1.17 src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c:1.18 --- src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c:1.17 Sun Aug 15 16:36:24 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c Thu Nov 4 06:45:28 2010 @@ -60,7 +60,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: packet-show.c,v 1.17 2010/08/15 16:36:24 agc Exp $"); +__RCSID("$NetBSD: packet-show.c,v 1.18 2010/11/04 06:45:28 agc Exp $"); #endif #include <stdlib.h> @@ -244,6 +244,9 @@ {OPS_SA_AES_192, "AES (192-bit key)"}, {OPS_SA_AES_256, "AES (256-bit key)"}, {OPS_SA_TWOFISH, "Twofish(256-bit key)"}, + {OPS_SA_CAMELLIA_128, "Camellia (128-bit key)"}, + {OPS_SA_CAMELLIA_192, "Camellia (192-bit key)"}, + {OPS_SA_CAMELLIA_256, "Camellia (256-bit key)"}, {0x00, NULL}, /* this is the end-of-array marker */ }; Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet.h diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet.h:1.26 src/crypto/external/bsd/netpgp/dist/src/lib/packet.h:1.27 --- src/crypto/external/bsd/netpgp/dist/src/lib/packet.h:1.26 Fri Aug 13 18:29:40 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/packet.h Thu Nov 4 06:45:28 2010 @@ -479,9 +479,14 @@ OPS_SA_AES_128 = 7, /* AES with 128-bit key (AES) */ OPS_SA_AES_192 = 8, /* AES with 192-bit key */ OPS_SA_AES_256 = 9, /* AES with 256-bit key */ - OPS_SA_TWOFISH = 10 /* Twofish with 256-bit key (TWOFISH) */ + OPS_SA_TWOFISH = 10, /* Twofish with 256-bit key (TWOFISH) */ + OPS_SA_CAMELLIA_128 = 100, /* Camellia with 128-bit key (CAMELLIA) */ + OPS_SA_CAMELLIA_192 = 101, /* Camellia with 192-bit key */ + OPS_SA_CAMELLIA_256 = 102 /* Camellia with 256-bit key */ } __ops_symm_alg_t; +#define OPS_SA_DEFAULT_CIPHER OPS_SA_CAST5 + /** Hashing Algorithm Numbers. * OpenPGP assigns a unique Algorithm Number to each algorithm that is * part of OpenPGP. Index: src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c:1.12 src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c:1.13 --- src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c:1.12 Thu Nov 4 01:18:34 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c Thu Nov 4 06:45:28 2010 @@ -54,7 +54,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: symmetric.c,v 1.12 2010/11/04 01:18:34 agc Exp $"); +__RCSID("$NetBSD: symmetric.c,v 1.13 2010/11/04 06:45:28 agc Exp $"); #endif #include "crypto.h" @@ -78,6 +78,8 @@ #include <openssl/des.h> #endif +#include <openssl/camellia.h> + #include "crypto.h" #include "netpgpdefs.h" @@ -482,32 +484,153 @@ TRAILER }; +/* Camellia with 128-bit key (CAMELLIA) */ + +#define KEYBITS_CAMELLIA128 128 + +static int +camellia128_init(__ops_crypt_t *crypt) +{ + if (crypt->encrypt_key) { + free(crypt->encrypt_key); + } + if ((crypt->encrypt_key = calloc(1, sizeof(CAMELLIA_KEY))) == NULL) { + (void) fprintf(stderr, "camellia128_init: alloc failure\n"); + return 0; + } + if (Camellia_set_key(crypt->key, KEYBITS_CAMELLIA128, crypt->encrypt_key)) { + fprintf(stderr, "camellia128_init: Error setting encrypt_key\n"); + } + if (crypt->decrypt_key) { + free(crypt->decrypt_key); + } + if ((crypt->decrypt_key = calloc(1, sizeof(CAMELLIA_KEY))) == NULL) { + (void) fprintf(stderr, "camellia128_init: alloc failure\n"); + return 0; + } + if (Camellia_set_key(crypt->key, KEYBITS_CAMELLIA128, crypt->decrypt_key)) { + fprintf(stderr, "camellia128_init: Error setting decrypt_key\n"); + } + return 1; +} + +static void +camellia_block_encrypt(__ops_crypt_t *crypt, void *out, const void *in) +{ + Camellia_encrypt(in, out, crypt->encrypt_key); +} + +static void +camellia_block_decrypt(__ops_crypt_t *crypt, void *out, const void *in) +{ + Camellia_decrypt(in, out, crypt->decrypt_key); +} + +static void +camellia_cfb_encrypt(__ops_crypt_t *crypt, void *out, const void *in, size_t count) +{ + Camellia_cfb128_encrypt(in, out, (unsigned)count, + crypt->encrypt_key, crypt->iv, &crypt->num, + CAMELLIA_ENCRYPT); +} + +static void +camellia_cfb_decrypt(__ops_crypt_t *crypt, void *out, const void *in, size_t count) +{ + Camellia_cfb128_encrypt(in, out, (unsigned)count, + crypt->encrypt_key, crypt->iv, &crypt->num, + CAMELLIA_DECRYPT); +} + +static const __ops_crypt_t camellia128 = +{ + OPS_SA_CAMELLIA_128, + CAMELLIA_BLOCK_SIZE, + KEYBITS_CAMELLIA128 / 8, + std_set_iv, + std_set_key, + camellia128_init, + std_resync, + camellia_block_encrypt, + camellia_block_decrypt, + camellia_cfb_encrypt, + camellia_cfb_decrypt, + std_finish, + TRAILER +}; + +/* Camellia with 256-bit key (CAMELLIA) */ + +#define KEYBITS_CAMELLIA256 256 + +static int +camellia256_init(__ops_crypt_t *crypt) +{ + if (crypt->encrypt_key) { + free(crypt->encrypt_key); + } + if ((crypt->encrypt_key = calloc(1, sizeof(CAMELLIA_KEY))) == NULL) { + (void) fprintf(stderr, "camellia256_init: alloc failure\n"); + return 0; + } + if (Camellia_set_key(crypt->key, KEYBITS_CAMELLIA256, crypt->encrypt_key)) { + fprintf(stderr, "camellia256_init: Error setting encrypt_key\n"); + } + if (crypt->decrypt_key) { + free(crypt->decrypt_key); + } + if ((crypt->decrypt_key = calloc(1, sizeof(CAMELLIA_KEY))) == NULL) { + (void) fprintf(stderr, "camellia256_init: alloc failure\n"); + return 0; + } + if (Camellia_set_key(crypt->key, KEYBITS_CAMELLIA256, crypt->decrypt_key)) { + fprintf(stderr, "camellia256_init: Error setting decrypt_key\n"); + } + return 1; +} + +static const __ops_crypt_t camellia256 = +{ + OPS_SA_CAMELLIA_256, + CAMELLIA_BLOCK_SIZE, + KEYBITS_CAMELLIA256 / 8, + std_set_iv, + std_set_key, + camellia256_init, + std_resync, + camellia_block_encrypt, + camellia_block_decrypt, + camellia_cfb_encrypt, + camellia_cfb_decrypt, + std_finish, + TRAILER +}; + + static const __ops_crypt_t * get_proto(__ops_symm_alg_t alg) { switch (alg) { case OPS_SA_CAST5: return &cast5; - #ifndef OPENSSL_NO_IDEA case OPS_SA_IDEA: return &idea; #endif /* OPENSSL_NO_IDEA */ - case OPS_SA_AES_128: return &aes128; - case OPS_SA_AES_256: return &aes256; - + case OPS_SA_CAMELLIA_128: + return &camellia128; + case OPS_SA_CAMELLIA_256: + return &camellia256; case OPS_SA_TRIPLEDES: return &tripledes; - default: (void) fprintf(stderr, "Unknown algorithm: %d (%s)\n", alg, __ops_show_symm_alg(alg)); } - return NULL; } Index: src/crypto/external/bsd/netpgp/dist/src/lib/version.h diff -u src/crypto/external/bsd/netpgp/dist/src/lib/version.h:1.42 src/crypto/external/bsd/netpgp/dist/src/lib/version.h:1.43 --- src/crypto/external/bsd/netpgp/dist/src/lib/version.h:1.42 Wed Sep 8 03:21:22 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/version.h Thu Nov 4 06:45:28 2010 @@ -58,7 +58,7 @@ #endif /* development versions have .99 suffix */ -#define NETPGP_BASE_VERSION "3.99.12" +#define NETPGP_BASE_VERSION "3.99.13" #define NETPGP_VERSION_CAT(a, b) "NetPGP portable " a "/[" b "]" #define NETPGP_VERSION_STRING \