r2155 - in packages/libcrypt-cbc-perl/trunk: . debian t

Krzysztof Krzyzaniak eloy at costa.debian.org
Tue Feb 21 15:29:16 UTC 2006


Author: eloy
Date: 2006-02-21 15:29:15 +0000 (Tue, 21 Feb 2006)
New Revision: 2155

Added:
   packages/libcrypt-cbc-perl/trunk/t/parameters.t
Modified:
   packages/libcrypt-cbc-perl/trunk/CBC.pm
   packages/libcrypt-cbc-perl/trunk/Changes
   packages/libcrypt-cbc-perl/trunk/MANIFEST
   packages/libcrypt-cbc-perl/trunk/META.yml
   packages/libcrypt-cbc-perl/trunk/README
   packages/libcrypt-cbc-perl/trunk/debian/changelog
   packages/libcrypt-cbc-perl/trunk/t/PCBC.t
   packages/libcrypt-cbc-perl/trunk/t/Rijndael_compat.t
   packages/libcrypt-cbc-perl/trunk/t/func.t
   packages/libcrypt-cbc-perl/trunk/t/null_data.t
Log:
eloy: new upstream version


Modified: packages/libcrypt-cbc-perl/trunk/CBC.pm
===================================================================
--- packages/libcrypt-cbc-perl/trunk/CBC.pm	2006-02-21 15:27:49 UTC (rev 2154)
+++ packages/libcrypt-cbc-perl/trunk/CBC.pm	2006-02-21 15:29:15 UTC (rev 2155)
@@ -4,7 +4,7 @@
 use Carp;
 use strict;
 use vars qw($VERSION);
-$VERSION = '2.15';
+$VERSION = '2.17';
 
 use constant RANDOM_DEVICE => '/dev/urandom';
 
@@ -35,39 +35,64 @@
     # "key" is a misnomer here, because it is actually usually a passphrase that is used
     # to derive the true key
     my $pass = $options->{key};
-    croak "Please provide an encryption/decryption key" unless defined $pass;
+    croak "Please provide an encryption/decryption passphrase or key using -key" unless defined $pass;
 
-    # confusing logic, but if the regenerate_key option is present but false, we
-    # use the passphrase for the key
-    my $key  = $pass if $options->{literal_key}
-                 or (exists $options->{regenerate_key} && !$options->{regenerate_key});
-    my $salt = $options->{salt};
+    # header mode
+    my %valid_modes = map {$_=>1} qw(none salt randomiv);
+    my $header_mode     = $options->{header};
+    $header_mode      ||= 'none'     if exists $options->{prepend_iv} && !$options->{prepend_iv};
+    $header_mode      ||= 'none'     if exists $options->{add_header} && !$options->{add_header};
+    $header_mode      ||= 'salt';    # default
+    croak "Invalid -header mode '$header_mode'" unless $valid_modes{$header_mode};
 
-    # if salt is equal to the string "1", then we replace it with random bytes
-    $salt = $class->_get_random_bytes(8) if $salt and $salt eq '1';
+    croak "The -salt argument is incompatible with a -header mode of $header_mode"
+      if exists $options->{salt} && $header_mode ne 'salt';
 
-    my $prepend_header = 1;
-    for ('prepend_iv','add_header') {
-      $prepend_header = 0 if exists $options->{$_} && !$options->{$_};
-    }
-
-    # note: iv will be autogenerated by start() if not specified in options
-    my $iv = $options->{iv};
-       croak "Initialization vector must be 8 bytes" if $prepend_header && defined $iv && length $iv != 8;
-
     my $cipher = $options->{cipher};
     $cipher = 'Crypt::DES' unless $cipher;
     $cipher = $cipher=~/^Crypt::/ ? $cipher : "Crypt::$cipher";
-    eval "require $cipher; 1" or croak "Couldn't load $cipher: $@";
+    $cipher->can('encrypt') or eval "require $cipher; 1" or croak "Couldn't load $cipher: $@";
 
     # some crypt modules use the class Crypt::, and others don't
     $cipher =~ s/^Crypt::// unless $cipher->can('keysize');
 
-    my $ks = eval {$cipher->keysize};
-    my $bs = eval {$cipher->blocksize};
+    # allow user to override these values
+    my $ks        = $options->{keysize};
+    my $bs        = $options->{blocksize};
 
-    my $padding = $options->{padding} || 'standard';
+    # otherwise we get the values from the cipher
+    $ks ||= eval {$cipher->keysize};
+    $bs ||= eval {$cipher->blocksize};
 
+    # Some of the cipher modules are busted and don't report the
+    # keysize (well, Crypt::Blowfish in any case).  If we detect
+    # this, and find the blowfish module in use, then assume 56.
+    # Otherwise assume the least common denominator of 8.
+    $ks ||= $cipher =~ /blowfish/i ? 56 : 8;
+    $bs ||= $ks;
+
+    my $pcbc = $options->{'pcbc'};
+
+    # Default behavior is to treat -key as a passphrase.
+    # But if the literal_key option is true, then use key as is
+    croak "The options -literal_key and -regenerate_key are incompatible with each other" 
+      if exists $options->{literal_key} && exists $options->{regenerate_key};
+    my $key  =  $pass if $options->{literal_key};
+    $key     = $pass  if exists $options->{regenerate_key} && !$options->{regenerate_key};
+
+    # Get the salt.
+    my $salt        = $options->{salt};
+    my $random_salt = 1 unless defined $salt && $salt ne '1';
+    croak "Argument to -salt must be exactly 8 bytes long" if defined $salt && length $salt != 8 && $salt ne '1';
+
+    # note: iv will be autogenerated by start() if not specified in options
+    my $iv = $options->{iv};
+    my $random_iv = 1 unless defined $iv;
+    croak "Initialization vector must be exactly $bs bytes long when using the $cipher cipher" if defined $iv and length($iv) != $bs;
+
+    my $legacy_hack = $options->{insecure_legacy_decrypt};
+    my $padding     = $options->{padding} || 'standard';
+
     if ($padding && ref($padding) eq 'CODE') {
       # check to see that this code does its padding correctly
       for my $i (1..$bs-1) {
@@ -83,30 +108,43 @@
 	        :croak "'$padding' padding not supported.  See perldoc Crypt::CBC for instructions on creating your own.";
     }
 
-    # Some of the cipher modules are busted and don't report the
-    # keysize (well, Crypt::Blowfish in any case).  If we detect
-    # this, and find the blowfish module in use, then assume 56.
-    # Otherwise assume the least common denominator of 8.
-    $ks ||= $cipher =~ /blowfish/i ? 56 : 8;
-    $bs ||= $ks;
+    # CONSISTENCY CHECKS
+    # HEADER consistency
+    if ($header_mode eq 'salt') {
+      croak "Cannot use salt-based key generation if literal key is specified" if $options->{literal_key};
+      croak "Cannot use salt-based IV generation if literal IV is specified"   if exists $options->{iv};
+    }
+    elsif ($header_mode eq 'randomiv') {
+      croak "Cannot encrypt using a non-8 byte blocksize cipher when using randomiv header mode" unless $bs == 8 || $legacy_hack;
+    }
+    elsif ($header_mode eq 'none') {
+      croak "You must provide an initialization vector using -iv when using -header=>'none'" unless exists $options->{iv};
+    }
 
-    if (defined $key && length($key) > $ks) {
-      carp "keysize is greater than allowed keysize of $ks for cipher $cipher - using only first $ks bytes";
-      $key = substr($key, 0, $ks);
+    # KEYSIZE consistency
+    if (defined $key && length($key) != $ks) {
+      croak "If specified by -literal_key, then the key length must be equal to the chosen cipher's key length of $ks bytes";
     }
 
-    my $pcbc = $options->{'pcbc'};
+    # IV consistency
+    if (defined $iv && length($iv) != $bs) {
+      croak "If specified by -iv, then the initialization vector length must be equal to the chosen cipher's blocksize of $bs bytes";
+    }
 
-    return bless {'cipher'     => $cipher,
-		  'passphrase' => $pass,
-		  'key'        => $key,
-		  'iv'         => $iv,
-		  'salt'       => $salt,
-		  'padding'    => $padding,
-		  'blocksize'  => $bs,
-		  'keysize'    => $ks,
-                  'prepend_header' => $prepend_header,
-                  'pcbc'       => $pcbc,
+
+    return bless {'cipher'      => $cipher,
+		  'passphrase'  => $pass,
+		  'key'         => $key,
+		  'iv'          => $iv,
+		  'salt'        => $salt,
+		  'padding'     => $padding,
+		  'blocksize'   => $bs,
+		  'keysize'     => $ks,
+                  'header_mode' => $header_mode,
+		  'legacy_hack' => $legacy_hack,
+                  'pcbc'        => $pcbc,
+		  'make_random_salt' => $random_salt,
+		  'make_random_iv'   => $random_iv,
 		  },$class;
 }
 
@@ -227,37 +265,46 @@
 sub _generate_iv_and_cipher_from_datastream {
   my $self         = shift;
   my $input_stream = shift;
+  my $bs           = $self->blocksize;
 
-  # if the input stream contains the salt, then it is used to derive the
-  # IV and the encryption key from the passphrase
-  if (my($salt) = $$input_stream =~ /^Salted__(.{8})/s) {
-    $self->{salt} = $salt;          # Replace manually-specified salt
-    undef $self->{key};             # reset the key and iv
-    undef $self->{iv};
+  # use our header mode to figure out what to do with the data stream
+  my $header_mode = $self->header_mode;
+
+  if ($header_mode eq 'none') {
+    croak "You must specify a $bs byte initialization vector by passing the -iv option to new() when using -header_mode=>'none'"
+      unless exists $self->{iv};
+    $self->{civ}   = $self->{iv};   # current IV equals saved IV
+    $self->{key} ||= $self->_key_from_key($self->{passphrase});
+  }
+
+  elsif ($header_mode eq 'salt') {
+    my ($salt) = $$input_stream =~ /^Salted__(.{8})/s;
+    croak "Ciphertext does not begin with a valid header for 'salt' header mode" unless defined $salt;
+    $self->{salt} = $salt;          # new salt
     substr($$input_stream,0,16) = '';
+    my ($key,$iv) = $self->_salted_key_and_iv($self->{passphrase},$salt);
+    $self->{iv} = $self->{civ}  = $iv;
+    $self->{key}  = $key;
   }
 
-  # if the input stream contains the IV, then we use it to set the IV
-  elsif ( my($iv) = $$input_stream =~ /^RandomIV(.{8})/s) {
-    undef $self->{salt};              # message contents overrides salt option
-    $self->{'iv'} = $iv;
+  elsif ($header_mode eq 'randomiv') {
+    my ($iv) = $$input_stream =~ /^RandomIV(.{8})/s;
+    croak "Ciphertext does not begin with a valid header for 'randomiv' header mode" unless defined $iv;
+    croak "randomiv header mode cannot be used securely when decrypting with a >8 byte block cipher.\nUse the -insecure_legacy_decrypt flag if you are sure you want to do this" unless $self->blocksize == 8 || $self->legacy_hack;
+    $self->{iv} = $self->{civ} = $iv;
+    $self->{key} = $self->_key_from_key($self->{passphrase});
+    undef $self->{salt};  # paranoia
     substr($$input_stream,0,16) = ''; # truncate
   }
 
-  if (my $salt = $self->{salt}) {
-    my ($key,$iv) = $self->_salted_key_and_iv($self->{passphrase},$salt);
-    $self->{key}  ||= $key;   # don't replace manually-specified key
-    $self->{iv}   ||= $iv;    # don't replace manually-specified IV
-  } else {
-    $self->{key}  ||= $self->_key_from_key($self->{passphrase});  # don't replace manually-specified key
+  else {
+    croak "Invalid header mode '$header_mode'";
   }
 
   # we should have the key and iv now, or we are dead in the water
   croak "Cipher stream did not contain IV or salt, and you did not specify these values in new()"
-    unless $self->{key} && $self->{iv};
+    unless $self->{key} && $self->{civ};
 
-  $self->{civ} = $self->{iv};  # 'civ' == "current IV"
-
   # now we can generate the crypt object itself
   $self->{crypt} = $self->{cipher}->new($self->{key})
     or croak "Could not create $self->{cipher} object: $@";
@@ -267,28 +314,42 @@
 
 sub _generate_iv_and_cipher_from_options {
   my $self   = shift;
+  my $blocksize = $self->blocksize;
 
   my $result = '';
 
-  # if salt is provided, then we use that to generate our key and iv
-  if (my $salt = $self->{salt}) {
+  my $header_mode = $self->header_mode;
+  if ($header_mode eq 'none') {
+    croak "You must specify a $blocksize byte initialization vector by passing the -iv option to new() when using -header_mode=>'none'"
+      unless exists $self->{iv};
+    $self->{civ}   = $self->{iv};
+    $self->{key} ||= $self->_key_from_key($self->{passphrase});
+  }
+
+  elsif ($header_mode eq 'salt') {
+    $self->{salt} = $self->_get_random_bytes(8) if $self->{make_random_salt};
+    defined (my $salt = $self->{salt}) or croak "No header_mode of 'salt' specified, but no salt value provided"; # shouldn't happen
+    length($salt) == 8 or croak "Salt must be exactly 8 bytes long";
     my ($key,$iv) = $self->_salted_key_and_iv($self->{passphrase},$salt);
-    $self->{key} ||= $key;
-    $self->{iv}  ||= $iv;
-    $result  = "Salted__${salt}" if $self->{'prepend_header'};
+    $self->{key}  = $key;
+    $self->{civ}  = $self->{iv} = $iv;
+    $result  = "Salted__${salt}";
   }
 
-  else {
+  elsif ($header_mode eq 'randomiv') {
+    croak "randomiv header mode cannot be used when encrypting with a >8 byte block cipher. There is no option to allow this"
+      unless $blocksize == 8;
     $self->{key} ||= $self->_key_from_key($self->{passphrase});
-    $self->{iv}  ||= $self->_get_random_bytes(8);
-    $result = "RandomIV$self->{iv}" if $self->{'prepend_header'};
+    $self->{iv}    = $self->_get_random_bytes(8) if $self->{make_random_iv};
+    length($self->{iv}) == 8 or croak "IV must be exactly 8 bytes long when used with header mode of 'randomiv'";
+    $self->{civ}   = $self->{iv};
+    $result = "RandomIV$self->{iv}";
   }
 
-  croak "key and/or iv are missing" unless $self->{key} && $self->{iv};
+  croak "key and/or iv are missing" unless defined $self->{key} && defined $self->{civ};
 
   $self->{crypt} = $self->{cipher}->new($self->{key})
     or croak "Could not create $self->{cipher} object: $@";
-  $self->{'civ'} = $self->{'iv'};
 
   return $result;
 }
@@ -326,6 +387,12 @@
   return (substr($data,0,$key_len),substr($data,$key_len,$iv_len));
 }
 
+sub random_bytes {
+  my $self  = shift;
+  my $bytes = shift or croak "usage: random_bytes(\$byte_length)";
+  $self->_get_random_bytes($bytes);
+}
+
 sub _get_random_bytes {
   my $self   = shift;
   my $length = shift;
@@ -387,15 +454,15 @@
 
 sub get_initialization_vector (\$) {
   my $self = shift;
-  return $self->{'iv'};
+  $self->iv();
 }
 
 sub set_initialization_vector (\$$) {
   my $self = shift;
-  my $iv = shift;
-	
-  croak "Initialization vector must be 8 bytes" unless (length($iv) == 8);
-  $self->{'iv'} = $iv;
+  my $iv   = shift;
+  my $bs   = $self->blocksize;
+  croak "Initialization vector must be $bs bytes in length" unless length($iv) == $bs;
+  $self->iv($iv);
 }
 
 sub salt {
@@ -430,11 +497,13 @@
   $d;
 }
 
-sub cipher  { shift->{cipher}  }
-sub padding { shift->{padding} }
-sub keysize { shift->{keysize} }
+sub cipher    { shift->{cipher}    }
+sub padding   { shift->{padding}   }
+sub keysize   { shift->{keysize}   }
 sub blocksize { shift->{blocksize} }
-sub pcbc    { shift->{pcbc}    }
+sub pcbc      { shift->{pcbc}      }
+sub header_mode {shift->{header_mode} }
+sub legacy_hack { shift->{legacy_hack} }
 
 1;
 __END__
@@ -447,12 +516,11 @@
 
   use Crypt::CBC;
   $cipher = Crypt::CBC->new( -key    => 'my secret key',
-			     -cipher => 'Blowfish',
-			     -salt   => 1,
+			     -cipher => 'Blowfish'
 			    );
 
   $ciphertext = $cipher->encrypt("This data is hush hush");
-  $plaintext = $cipher->decrypt($ciphertext);
+  $plaintext  = $cipher->decrypt($ciphertext);
 
   $cipher->start('encrypting');
   open(F,"./BIG_FILE");
@@ -461,41 +529,55 @@
   }
   print $cipher->finish;
 
+  # do-it-yourself mode -- specify key, initialization vector yourself
+  $key    = Crypt::CBC->random_bytes(8);  # assuming a 8-byte block cipher
+  $iv     = Crypt::CBC->random_bytes(8);
+  $cipher = Crypt::CBC->new(-literal_key => 1,
+                            -key         => $key,
+                            -iv          => $iv,
+                            -header      => 'none');
 
+  $ciphertext = $cipher->encrypt("This data is hush hush");
+  $plaintext  = $cipher->decrypt($ciphertext);
+
+  # RANDOMIV-compatible mode
+  $cipher = Crypt::CBC->new(-key         => 'Super Secret!'
+                            -header      => 'randomiv');
+
+
 =head1 DESCRIPTION
 
 This module is a Perl-only implementation of the cryptographic cipher
 block chaining mode (CBC).  In combination with a block cipher such as
 DES or IDEA, you can encrypt and decrypt messages of arbitrarily long
 length.  The encrypted messages are compatible with the encryption
-format used by B<SSLeay>, and can be made compatible with the newer
-B<OpenSSL> package by specifying the B<-salt> argument.
+format used by the B<OpenSSL> package.
 
-To use this module, you will first create a Crypt::CBC cipher object with
-new().  At the time of cipher creation, you specify an encryption key
-to use and, optionally, a block encryption algorithm.  You will then
-call the start() method to initialize the encryption or decryption
-process, crypt() to encrypt or decrypt one or more blocks of data, and
-lastly finish(), to pad and encrypt the final block.  For your
-convenience, you can call the encrypt() and decrypt() methods to
+To use this module, you will first create a Crypt::CBC cipher object
+with new().  At the time of cipher creation, you specify an encryption
+key to use and, optionally, a block encryption algorithm.  You will
+then call the start() method to initialize the encryption or
+decryption process, crypt() to encrypt or decrypt one or more blocks
+of data, and lastly finish(), to pad and encrypt the final block.  For
+your convenience, you can call the encrypt() and decrypt() methods to
 operate on a whole data value at once.
 
 =head2 new()
 
   $cipher = Crypt::CBC->new( -key    => 'my secret key',
 			     -cipher => 'Blowfish',
-			     -salt   => 1
 			   );
 
   # or (for compatibility with versions prior to 2.13)
-  $cipher = Crypt::CBC->new( {key    => 'my secret key',
-			      cipher => 'Blowfish',
-			      salt   => 1}
+  $cipher = Crypt::CBC->new( {
+                              key    => 'my secret key',
+			      cipher => 'Blowfish'
+                             }
 			   );
 
 
   # or (for compatibility with versions prior to 2.0)
-  $cipher = new Crypt::CBC('my secret key','Blowfish');
+  $cipher = new Crypt::CBC('my secret key' => 'Blowfish');
 
 The new() method creates a new Crypt::CBC object. It accepts a list of
 -argument => value pairs selected from the following list:
@@ -514,6 +596,11 @@
 
   -iv             The initialization vector (IV)
 
+  -header         What type of header to prepend to ciphertext. One of
+                    'salt'   -- use OpenSSL-compatible salted header
+                    'randomiv' -- Randomiv-compatible "RandomIV" header
+                    'none'   -- prepend no header at all
+
   -padding        The padding method, one of "standard", "space",
                      "onesandzeroes", or "null". (default "standard")
 
@@ -525,7 +612,16 @@
   -pcbc           Whether to use the PCBC chaining algorithm rather than
                     the standard CBC algorithm (default false).
 
-  -add_header     Whether to add the salt and IV to the header of the output
+  -keysize        Force the cipher keysize to the indicated number of bytes.
+
+  -blocksize      Force the cipher blocksize to the indicated number of bytes.
+
+  -insecure_legacy_decrypt
+                  Allow decryption of data encrypted using the "RandomIV" header
+                    produced by pre-2.17 versions of Crypt::CBC.
+
+  -add_header     [deprecated; use -header instread]
+                   Whether to add the salt and IV to the header of the output
                     cipher text.
 
   -regenerate_key [deprecated; use literal_key instead]
@@ -536,11 +632,24 @@
                   Whether to prepend the IV to the beginning of the
                     encrypted stream (default true)
 
-You must provide an encryption/decryption B<-key>, which can be any
-series of characters of any length.  If B<-regenerate_key> is true (the
-default), then the actual key used is derived from the MD5 hash of the
-key you provide; otherwise the actual binary bits of the key are used.
+Crypt::CBC requires three pieces of information to do its job. First
+it needs the name of the block cipher algorithm that will encrypt or
+decrypt the data in blocks of fixed length known as the cipher's
+"blocksize." Second, it needs an encryption/decryption key to pass to
+the block cipher. Third, it needs an initialization vector (IV) that
+will be used to propagate information from one encrypted block to the
+next. Both the key and the IV must be exactly the same length as the
+chosen cipher's blocksize.
 
+Crypt::CBC can derive the key and the IV from a passphrase that you
+provide, or can let you specify the true key and IV manually. In
+addition, you have the option of embedding enough information to
+regenerate the IV in a short header that is emitted at the start of
+the encrypted stream, or outputting a headerless encryption stream. In
+the first case, Crypt::CBC will be able to decrypt the stream given
+just the original key or passphrase. In the second case, you will have
+to provide the original IV as well as the key/passphrase.
+
 The B<-cipher> option specifies which block cipher algorithm to use to
 encode each section of the message.  This argument is optional and
 will default to the quick-but-not-very-secure DES algorithm unless
@@ -550,23 +659,54 @@
 Crypt::CAST5 and Crypt::Rijndael. You may refer to them using their
 full names ("Crypt::IDEA") or in abbreviated form ("IDEA").
 
-The B<-salt> argument actives an OpenSSL-compatible method of
-generating the encryption/decryption key and IV. If salt has the value
-"1", then a random salt is computed (highly recommended).  Any other
-non-false value will be interpreted as the bytes of the actual salt to
-use.  If you provide the salt, it must be exactly 8 bytes in length.
-It is highly recommended that you use -salt=>1, as this may become the
-default in future versions of this module.
+The B<-key> argument provides either a passphrase to use to generate
+the encryption key, or the literal value of the block cipher key. If
+used in passphrase mode (which is the default), B<-key> can be any
+number of characters; the actual key will be derived by passing the
+passphrase through a series of MD5 hash operations. To take full
+advantage of a given block cipher, the length of the passphrase should
+be at least equal to the cipher's blocksize. To skip this hashing
+operation and specify the key directly, pass a true value to the
+B<-literal_key> option. In this case, you should choose a key of
+length exactly equal to the cipher's key length.
 
-The initialization vector (IV) is used to start the CBC chaining
-algorithm.  Unless you have also specified a false value for
-B<-add_header>, the IV should be exactly 8 bytes in length. The IV may
-be specified manually by passing in a key of B<-iv> as an option to
-new() or by calling $cipher->set_initialization_vector($iv) before
-calling $cipher->start().  If no IV is specified, then one will be
-generated randomly for you.  This is backwardly compatible with CBC
-encrypted streams generated by the older SSLEay library.
+The B<-header> argument specifies what type of header, if any, to
+prepend to the beginning of the encrypted data stream. The header
+allows Crypt::CBC to regenerate the original IV and correctly decrypt
+the data without your having to provide the same IV used to encrypt
+the data. Valid values for the B<-header> are:
 
+ "salt" -- Combine the passphrase with an 8-byte random value to
+           generate both the block cipher key and the IV from the
+           provided passphrase. The salt will be appended to the
+           beginning of the data stream allowing decryption to
+           regenerate both the key and IV given the correct passphrase.
+           This method is compatible with current versions of OpenSSL.
+
+ "randomiv" -- Generate the block cipher key from the passphrase, and
+           choose a random 8-byte value to use as the IV. The IV will
+           be prepended to the data stream. This method is compatible
+           with ciphertext produced by versions of the library prior to
+           2.17, but is incompatible with block ciphers that have non
+           8-byte block sizes, such as Rijndael. Crypt::CBC will exit
+           with a fatal error if you try to use this header mode with a
+           non 8-byte cipher.
+
+ "none"   -- Do not generate a header. To decrypt a stream encrypted
+           in this way, you will have to provide the original IV
+           manually.
+
+B<The "salt" header is now the default as of Crypt::CBC version 2.17. In
+all earlier versions "randomiv" was the default.>
+
+When using a "salt" header, you may specify your own value of the
+salt, by passing the desired 8-byte salt to the B<-salt>
+argument. Otherwise, the module will generate a random salt for
+you. Crypt::CBC will generate a fatal error if you specify a salt
+value that isn't exactly 8 bytes long. For backward compatibility
+reasons, passing a value of "1" will generate a random salt, the same
+as if no B<-salt> argument was provided.
+
 The B<-padding> argument controls how the last few bytes of the
 encrypted stream are dealt with when they not an exact multiple of the
 cipher block length. The default is "standard", the method specified
@@ -577,19 +717,16 @@
 than the default CBC encryption and is required for authenticating to
 Kerberos4 systems (see RFC 2222).
 
-When generating ciphertext, the IV or salt are inserted into the
-encrypted data as a 16 byte header. If the B<-salt> option was
-specified, the header will consist of the string "Salted__" followed
-by 8 bytes of salt data. Otherwise the header will consist of
-"RandomIV" followed by 8 bytes of IV data. During decryption, if the
-ciphertext is found to contain either of these headers, the IV or salt
-will be retrieved and used during the decryption process, ignoring any
-values that you might have set manually.
+The B<-keysize> and B<-blocksize> arguments can be used to force the
+cipher's keysize and/or blocksize. This is only currently useful for
+the Crypt::Blowfish module, which accepts a variable length
+keysize. If -keysize is not specified, then Crypt::CBC will use the
+maximum length Blowfish key size of 56 bytes (448 bits). The Openssl
+library defaults to 16 byte Blowfish key sizes, so for compatibility
+with Openssl you may wish to set -keysize=>16. There are currently no
+Crypt::* modules that have variable block sizes, but an option to
+change the block size is provided just in case.
 
-You may disable the generation of the header, by specifying a false
-value for B<-add_header>.  You will then have to provide the correct
-values of IV or salt when you decrypt the resulting ciphertext.
-
 For compatibility with earlier versions of this module, you can
 provide new() with a hashref containing key/value pairs. The key names
 are the same as the arguments described earlier, but without the
@@ -597,6 +734,18 @@
 arguments, in which case the first argument is taken to be the key and
 the second to be the optional block cipher algorithm.
 
+B<IMPORTANT NOTE:> Versions of this module prior to 2.17 were
+incorrectly using 8-byte IVs when generating the "randomiv" style of
+header, even when the chosen cipher's blocksize was greater than 8
+bytes. This primarily affects the Rijndael algorithm. Such encrypted
+data streams were B<not secure>. From versions 2.17 onward, Crypt::CBC
+will refuse to encrypt or decrypt using the "randomiv" header and non-8
+byte block ciphers. To decrypt legacy data encrypted with earlier
+versions of the module, you can override the check using the
+B<-insecure_legacy_decrypt> option. It is not possible to override
+encryption. Please use the default "salt" header style, or no headers
+at all.
+
 =head2 start()
 
    $cipher->start('encrypting');
@@ -610,7 +759,7 @@
 decryption.
 
 =head2 crypt()
- 
+
    $ciphertext = $cipher->crypt($plaintext);
 
 After calling start(), you should call crypt() as many times as
@@ -658,7 +807,8 @@
 These are convenience functions that operate on ciphertext in a
 hexadecimal representation.  B<encrypt_hex($plaintext)> is exactly
 equivalent to B<unpack('H*',encrypt($plaintext))>.  These functions
-can be useful if, for example, you wish to place the encrypted
+can be useful if, for example, you wish to place the encrypted in an
+email message.
 
 =head2 get_initialization_vector()
 
@@ -666,7 +816,9 @@
 
 This function will return the IV used in encryption and or decryption.
 The IV is not guaranteed to be set when encrypting until start() is
-called, and when decrypting until crypt() is called the first time.
+called, and when decrypting until crypt() is called the first
+time. Unless the IV was manually specified in the new() call, the IV
+will change with every complete encryption operation.
 
 =head2 set_initialization_vector()
 
@@ -675,7 +827,8 @@
 This function sets the IV used in encryption and/or decryption. This
 function may be useful if the IV is not contained within the
 ciphertext string being decrypted, or if a particular IV is desired
-for encryption.  Note that the IV must be 8 bytes in length.
+for encryption.  Note that the IV must match the chosen cipher's
+blocksize bytes in length.
 
 =head2 iv()
 
@@ -689,12 +842,15 @@
   $key = $cipher->key();
   $cipher->key($new_key);
 
-Get or set the actual key used for encryption/decryption.  When
+Get or set the block cipher key used for encryption/decryption.  When
 encrypting, the key is not guaranteed to exist until start() is
 called, and when decrypting, the key is not guaranteed to exist until
 after the first call to crypt(). The key must match the length
 required by the underlying block cipher.
 
+When salted headers are used, the block cipher key will change after
+each complete sequence of encryption operations.
+
 =head2 salt()
 
   $salt = $cipher->salt();
@@ -711,6 +867,13 @@
 This gets or sets the value of the B<key> passed to new() when
 B<literal_key> is false.
 
+=head2 $data = get_random_bytes($numbytes)
+
+Return $numbytes worth of random data. On systems that support the
+"/dev/urandom" device file, this data will be read from the
+device. Otherwise, it will be generated by repeated calls to the Perl
+rand() function.
+
 =head2 cipher(), padding(), keysize(), blocksize(), pcbc()
 
 These read-only methods return the identity of the chosen block cipher

Modified: packages/libcrypt-cbc-perl/trunk/Changes
===================================================================
--- packages/libcrypt-cbc-perl/trunk/Changes	2006-02-21 15:27:49 UTC (rev 2154)
+++ packages/libcrypt-cbc-perl/trunk/Changes	2006-02-21 15:29:15 UTC (rev 2155)
@@ -1,4 +1,38 @@
 Revision history for Perl extension Crypt::CBC.
+2.17    Mon Jan  9 18:22:51 EST 2006
+        -IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly
+	using 8 byte IVs when generating the old-style RandomIV style header
+	(as opposed to the new-style random salt header). This affects data
+        encrypted using the Rijndael algorithm, which has a 16 byte blocksize,
+        and is a significant security issue.
+
+        The bug has been corrected in versions 2.17 and higher by making it
+        impossible to use 16-byte block ciphers with RandomIV headers. You may
+        still read legacy encrypted data by explicitly passing the 
+        -insecure_legacy_decrypt option to Crypt::CBC->new().
+
+        -The salt, iv and key are now reset before each complete encryption
+         cycle. This avoids inadvertent reuse of the same salt.
+
+        -A new -header option has been added that allows you to select
+         among the various types of headers, and avoids the ambiguity
+         of having multiple interacting options.
+
+        -A new random_bytes() method provides access to /dev/urandom on
+         suitably-equipped hardware.
+
+2.16	Tue Dec  6 14:17:45 EST 2005
+	- Added two new options to new():
+		-keysize   => <bytes>  Force the keysize -- useful for Blowfish
+		-blocksize => <bytes>  Force the blocksize -- not known to be useful
+
+		("-keysize=>16" is necessary to decrypt OpenSSL messages encrypted with
+			Blowfish)
+
+2.15	Thu Nov 17 17:34:28 EST 2005
+	- -add_header=>0 now explicitly turns off any attempt of parsing the header
+		in decrypt routines.
+
 2.14	Thu May  5 16:08:15 EDT 2005
 	- RandomIV in message header overrides manually-supplied -salt, as one
 	would expect it should.

Modified: packages/libcrypt-cbc-perl/trunk/MANIFEST
===================================================================
--- packages/libcrypt-cbc-perl/trunk/MANIFEST	2006-02-21 15:27:49 UTC (rev 2154)
+++ packages/libcrypt-cbc-perl/trunk/MANIFEST	2006-02-21 15:29:15 UTC (rev 2155)
@@ -17,3 +17,5 @@
 t/Rijndael_compat.t
 t/func.t
 t/null_data.t
+t/parameters.t
+

Modified: packages/libcrypt-cbc-perl/trunk/META.yml
===================================================================
--- packages/libcrypt-cbc-perl/trunk/META.yml	2006-02-21 15:27:49 UTC (rev 2154)
+++ packages/libcrypt-cbc-perl/trunk/META.yml	2006-02-21 15:29:15 UTC (rev 2155)
@@ -1,7 +1,7 @@
 # http://module-build.sourceforge.net/META-spec.html
 #XXXXXXX This is a prototype!!!  It will change in the future!!! XXXXX#
 name:         Crypt-CBC
-version:      2.15
+version:      2.17
 version_from: CBC.pm
 installdirs:  site
 requires:

Modified: packages/libcrypt-cbc-perl/trunk/README
===================================================================
--- packages/libcrypt-cbc-perl/trunk/README	2006-02-21 15:27:49 UTC (rev 2154)
+++ packages/libcrypt-cbc-perl/trunk/README	2006-02-21 15:29:15 UTC (rev 2155)
@@ -4,6 +4,15 @@
 messages of arbitrarily long length.  The encrypted messages are
 compatible with the encryption format used by B<SSLeay>.
 
+IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly
+using 8 byte IVs when generating the old-style RandomIV style header
+(as opposed to the new-style random salt header). This affects the
+Rijndael algorithm, which has a 16 byte blocksize. The bug has been
+corrected in versions 2.17 and higher, but in order to read legacy
+encrypted data, you will have to pass the B<-legacy_iv> option to
+new() using a true value.
+
+
 Prerequisites
 -------------
 
@@ -40,29 +49,6 @@
 modules.  Please write to TripleDES's author, Vipul Ved Prakash
 <mail at vipul.net> and ask him to fix this.
 
-The Cryptix site also has versions of Crypt::DES and Crypt::IDEA that
-are slightly different from the CPAN versions.  Since these seem to be
-later versions, I suggest that you download and install the entire
-Cryptix Perl distribution.  
-
-In order to get the Crypt:: modules to compile under Perl 5.005 or
-later, you must add the following line to the DES.xs, IDEA.xs and
-Blowfish.xs files:
-
-  #define sv_undef PL_sv_undef
-
-For your convenience, a patch file which will bring the Cryptix
-directory up to date is included in this distribution.  It is named
-cryptix-5.005.patch.  Use it like this:
-
- % cd Cryptix-1.16
- % patch -p1 < ../Crypt-CBC/cryptix-5.005.patch 
- patching file Crypt-Blowfish/Blowfish.xs
- patching file Crypt-DES/DES.xs
- patching file Crypt-IDEA/IDEA.xs
-
-Then install the Cryptix modules using "perl Makefile.PL; make; make install".
-
 Installing Crypt::CBC
 ---------------------
 

Modified: packages/libcrypt-cbc-perl/trunk/debian/changelog
===================================================================
--- packages/libcrypt-cbc-perl/trunk/debian/changelog	2006-02-21 15:27:49 UTC (rev 2154)
+++ packages/libcrypt-cbc-perl/trunk/debian/changelog	2006-02-21 15:29:15 UTC (rev 2155)
@@ -1,3 +1,9 @@
+libcrypt-cbc-perl (2.17-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Krzysztof Krzyzaniak (eloy) <eloy at debian.org>  Tue, 21 Feb 2006 16:27:56 +0100
+
 libcrypt-cbc-perl (2.15-1) unstable; urgency=low
 
   * New upstream release (closes: #329519)

Modified: packages/libcrypt-cbc-perl/trunk/t/PCBC.t
===================================================================
--- packages/libcrypt-cbc-perl/trunk/t/PCBC.t	2006-02-21 15:27:49 UTC (rev 2154)
+++ packages/libcrypt-cbc-perl/trunk/t/PCBC.t	2006-02-21 15:29:15 UTC (rev 2155)
@@ -29,7 +29,6 @@
 test(1,!$@,"Couldn't load module");
 test(2,$i = Crypt::CBC->new(-key=>'secret',
 			    -cipher=>'DES',
-			    -salt =>1,
 			    -pcbc=>1,
 			   ),"Couldn't create new object");
 test(3,$c = $i->encrypt($test_data),"Couldn't encrypt");

Modified: packages/libcrypt-cbc-perl/trunk/t/Rijndael_compat.t
===================================================================
--- packages/libcrypt-cbc-perl/trunk/t/Rijndael_compat.t	2006-02-21 15:27:49 UTC (rev 2154)
+++ packages/libcrypt-cbc-perl/trunk/t/Rijndael_compat.t	2006-02-21 15:29:15 UTC (rev 2155)
@@ -39,18 +39,21 @@
 
 eval "use Crypt::CBC";
 
+my $bs = Crypt::Rijndael->blocksize;
+my $ks = Crypt::Rijndael->keysize;
+
 test(1,!$@,"Couldn't load module");
-test(2,$i = Crypt::CBC->new(-key         => 'a' x 16,
+test(2,$i = Crypt::CBC->new(-key         => 'a' x $ks,
 			    -cipher      => 'Rijndael',
-			    -iv          => 'f' x 16,
+			    -iv          => 'f' x $bs,
 			    -literal_key => 1,
-			    -add_header  => 0,
+			    -header      => 'none',
 			    -padding     => 'oneandzeroes'
                            ),
                            "Couldn't create new object");
-test(3,$j = Crypt::Rijndael->new('a' x 16, Crypt::Rijndael->MODE_CBC),
+test(3,$j = Crypt::Rijndael->new('a' x $ks, Crypt::Rijndael->MODE_CBC),
                            "Couldn't create new object");
-test(4,$j->set_iv('f' x 16));
+test(4,$j->set_iv('f' x $bs));
 
 test(5,$i->decrypt($i->encrypt($test_data)) eq $j->decrypt($j->encrypt($test_data)),"Decrypt doesn't match");
 

Modified: packages/libcrypt-cbc-perl/trunk/t/func.t
===================================================================
--- packages/libcrypt-cbc-perl/trunk/t/func.t	2006-02-21 15:27:49 UTC (rev 2154)
+++ packages/libcrypt-cbc-perl/trunk/t/func.t	2006-02-21 15:29:15 UTC (rev 2155)
@@ -55,8 +55,8 @@
     ;
 
       test(\$tnum,$i = Crypt::CBC->new(-key => 'secret',
-                                        -cipher => $mod,
-                                        -padding => $pad
+				       -cipher => $mod,
+				       -padding => $pad,
                                       ),
                                       "Couldn't create new object");
 

Modified: packages/libcrypt-cbc-perl/trunk/t/null_data.t
===================================================================
--- packages/libcrypt-cbc-perl/trunk/t/null_data.t	2006-02-21 15:27:49 UTC (rev 2154)
+++ packages/libcrypt-cbc-perl/trunk/t/null_data.t	2006-02-21 15:29:15 UTC (rev 2155)
@@ -41,8 +41,8 @@
 for my $mod (@in) {
   for my $pad (@pads) {
     my $cipher = Crypt::CBC->new(-key => 'secret',
-				  -cipher => $mod,
-				  -padding => $pad
+				 -cipher => $mod,
+				 -padding => $pad,
 				);
     for my $length (1..128) {
       my $test_data = 'a'x$length . '0';

Copied: packages/libcrypt-cbc-perl/trunk/t/parameters.t (from rev 2154, packages/libcrypt-cbc-perl/branches/upstream/current/t/parameters.t)




More information about the Pkg-perl-cvs-commits mailing list