Thread: [Ipsec-tools-commits] ipsec-tools/src/racoon Makefile.am,1.20,1.21 crypto_openssl.c,1.40,1.41
Brought to you by:
mit_warlord,
netbsd
From: Emmanuel D. <ma...@us...> - 2005-02-22 23:41:47
|
Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv28526/src/racoon Modified Files: Makefile.am crypto_openssl.c Log Message: Optional support for patented algorithms IDEA and RC5. This existed in KAME ans was lost some time ago Index: Makefile.am =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/Makefile.am,v retrieving revision 1.20 retrieving revision 1.21 diff -u -d -r1.20 -r1.21 --- Makefile.am 18 Feb 2005 04:54:22 -0000 1.20 +++ Makefile.am 22 Feb 2005 23:41:36 -0000 1.21 @@ -12,7 +12,7 @@ INCLUDES = -I${srcdir}/../libipsec AM_CFLAGS = @GLIBC_BUGS@ -DSYSCONFDIR=\"${sysconfdir}\" \ -DADMINPORTDIR=\"${adminsockdir}\" -AM_LDFLAGS = -lcrypto +AM_LDFLAGS = @EXTRA_CRYPTO@ -lcrypto MISSING_ALGOS = \ missing/crypto/sha2/sha2.c \ Index: crypto_openssl.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/crypto_openssl.c,v retrieving revision 1.40 retrieving revision 1.41 diff -u -d -r1.40 -r1.41 --- crypto_openssl.c 29 Dec 2004 14:23:08 -0000 1.40 +++ crypto_openssl.c 22 Feb 2005 23:41:36 -0000 1.41 @@ -64,6 +64,12 @@ #include <openssl/blowfish.h> #include <openssl/cast.h> #include <openssl/err.h> +#ifdef HAVE_OPENSSL_RC5_H +#include <openssl/rc5.h> +#endif +#ifdef HAVE_OPENSSL_IDEA_H +#include <openssl/idea.h> +#endif #if defined(HAVE_OPENSSL_AES_H) #include <openssl/aes.h> #elif defined(HAVE_OPENSSL_RIJNDAEL_H) @@ -1220,6 +1226,68 @@ return evp_keylen(len, EVP_des_cbc()); } +#ifdef HAVE_OPENSSL_IDEA_H +/* + * IDEA-CBC + */ +vchar_t * +eay_idea_encrypt(data, key, iv) + vchar_t *data, *key, *iv; +{ + vchar_t *res; + IDEA_KEY_SCHEDULE ks; + + idea_set_encrypt_key(key->v, &ks); + + /* allocate buffer for result */ + if ((res = vmalloc(data->l)) == NULL) + return NULL; + + /* decryption data */ + idea_cbc_encrypt(data->v, res->v, data->l, + &ks, iv->v, IDEA_ENCRYPT); + + return res; +} + +vchar_t * +eay_idea_decrypt(data, key, iv) + vchar_t *data, *key, *iv; +{ + vchar_t *res; + IDEA_KEY_SCHEDULE ks, dks; + + idea_set_encrypt_key(key->v, &ks); + idea_set_decrypt_key(&ks, &dks); + + /* allocate buffer for result */ + if ((res = vmalloc(data->l)) == NULL) + return NULL; + + /* decryption data */ + idea_cbc_encrypt(data->v, res->v, data->l, + &dks, iv->v, IDEA_DECRYPT); + + return res; +} + +int +eay_idea_weakkey(key) + vchar_t *key; +{ + return 0; /* XXX */ +} + +int +eay_idea_keylen(len) + int len; +{ + if (len != 0 && len != 128) + return -1; + return 128; +} +#endif + /* * BLOWFISH-CBC */ @@ -1255,6 +1323,72 @@ return len; } +#ifdef HAVE_OPENSSL_RC5_H +/* + * RC5-CBC + */ +vchar_t * +eay_rc5_encrypt(data, key, iv) + vchar_t *data, *key, *iv; +{ + vchar_t *res; + RC5_32_KEY ks; + + /* in RFC 2451, there is information about the number of round. */ + RC5_32_set_key(&ks, key->l, key->v, 16); + + /* allocate buffer for result */ + if ((res = vmalloc(data->l)) == NULL) + return NULL; + + /* decryption data */ + RC5_32_cbc_encrypt(data->v, res->v, data->l, + &ks, iv->v, RC5_ENCRYPT); + + return res; +} + +vchar_t * +eay_rc5_decrypt(data, key, iv) + vchar_t *data, *key, *iv; +{ + vchar_t *res; + RC5_32_KEY ks; + + /* in RFC 2451, there is information about the number of round. */ + RC5_32_set_key(&ks, key->l, key->v, 16); + + /* allocate buffer for result */ + if ((res = vmalloc(data->l)) == NULL) + return NULL; + + /* decryption data */ + RC5_32_cbc_encrypt(data->v, res->v, data->l, + &ks, iv->v, RC5_DECRYPT); + + return res; +} + +int +eay_rc5_weakkey(key) + vchar_t *key; +{ + return 0; /* No known weak keys when used with 16 rounds. */ + +} + +int +eay_rc5_keylen(len) + int len; +{ + if (len == 0) + return 128; + if (len < 40 || len > 2040) + return -1; + return len; +} +#endif + /* * 3DES-CBC */ |
From: Michal L. <mi...@lo...> - 2005-02-23 01:36:31
|
Emmanuel Dreyfus wrote: > Update of /cvsroot/ipsec-tools/ipsec-tools/src/racoon > In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv28526/src/racoon > > Modified Files: > Makefile.am crypto_openssl.c > Log Message: > Optional support for patented algorithms IDEA and RC5. This existed in KAME > ans was lost some time ago Not lost actually. I intentionally removed it and noone complained for ... more than a year? ;-) Do you need IDEA or RC5 for anything? I think there are much better algos these days. And have never seen openssl with this support... Michal |
From: <ma...@ne...> - 2005-02-23 07:51:04
|
Michal Ludvig <mi...@lo...> wrote: > Not lost actually. I intentionally removed it and noone complained for > ... more than a year? ;-) >=20 > Do you need IDEA or RC5 for anything? I think there are much better > algos these days. And have never seen openssl with this support... Yes, I switched NetBSD's racoon to ipsec-tools a few days ago, and some people complained that they lost support for IDEA and RC5. As I understand, IDEA and RC5 is still there in OpenSSL, but optionnal. NetBSD can optionnally be built with theses algo enabled. --=20 Emmanuel Dreyfus Un bouquin en fran=E7ais sur BSD: http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php ma...@ne... |