r4304 - in /packages/libcrypt-cbc-perl/branches/upstream/current:
CBC.pm Changes MANIFEST META.yml README.compatibility t/parameters.t
t/preexisting.t
gregoa-guest at users.alioth.debian.org
gregoa-guest at users.alioth.debian.org
Sun Nov 19 20:26:18 CET 2006
Author: gregoa-guest
Date: Sun Nov 19 20:26:18 2006
New Revision: 4304
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=4304
Log:
Load /tmp/tmp.rHkih28905/libcrypt-cbc-perl-2.22 into
packages/libcrypt-cbc-perl/branches/upstream/current.
Added:
packages/libcrypt-cbc-perl/branches/upstream/current/README.compatibility
packages/libcrypt-cbc-perl/branches/upstream/current/t/preexisting.t
Modified:
packages/libcrypt-cbc-perl/branches/upstream/current/CBC.pm
packages/libcrypt-cbc-perl/branches/upstream/current/Changes
packages/libcrypt-cbc-perl/branches/upstream/current/MANIFEST
packages/libcrypt-cbc-perl/branches/upstream/current/META.yml
packages/libcrypt-cbc-perl/branches/upstream/current/t/parameters.t
Modified: packages/libcrypt-cbc-perl/branches/upstream/current/CBC.pm
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libcrypt-cbc-perl/branches/upstream/current/CBC.pm?rev=4304&op=diff
==============================================================================
--- packages/libcrypt-cbc-perl/branches/upstream/current/CBC.pm (original)
+++ packages/libcrypt-cbc-perl/branches/upstream/current/CBC.pm Sun Nov 19 20:26:18 2006
@@ -4,7 +4,7 @@
use Carp;
use strict;
use vars qw($VERSION);
-$VERSION = '2.19';
+$VERSION = '2.22';
use constant RANDOM_DEVICE => '/dev/urandom';
@@ -19,7 +19,7 @@
}
# CGI style arguments
- elsif ($_[0] =~ /^-[a-zA-Z]{1,20}$/) {
+ elsif ($_[0] =~ /^-[a-zA-Z_]{1,20}$/) {
my %tmp = @_;
while ( my($key,$value) = each %tmp) {
$key =~ s/^-//;
@@ -32,10 +32,20 @@
$options->{cipher} = shift;
}
+ my $cipher_object_provided = $options->{cipher} && ref $options->{cipher};
+
# "key" is a misnomer here, because it is actually usually a passphrase that is used
# to derive the true key
my $pass = $options->{key};
- croak "Please provide an encryption/decryption passphrase or key using -key" unless defined $pass;
+
+ if ($cipher_object_provided) {
+ carp "Both a key and a pre-initialized Crypt::* object were passed. The key will be ignored"
+ if defined $pass;
+ $pass ||= '';
+ }
+ elsif (!defined $pass) {
+ croak "Please provide an encryption/decryption passphrase or key using -key"
+ }
# header mode
my %valid_modes = map {$_=>1} qw(none salt randomiv);
@@ -50,11 +60,14 @@
my $cipher = $options->{cipher};
$cipher = 'Crypt::DES' unless $cipher;
- $cipher = $cipher=~/^Crypt::/ ? $cipher : "Crypt::$cipher";
- $cipher->can('encrypt') or eval "require $cipher; 1" or croak "Couldn't load $cipher: $@";
-
- # some crypt modules use the class Crypt::, and others don't
- $cipher =~ s/^Crypt::// unless $cipher->can('keysize');
+ my $cipherclass = ref $cipher || $cipher;
+
+ unless (ref $cipher) { # munge the class name if no object passed
+ $cipher = $cipher=~/^Crypt::/ ? $cipher : "Crypt::$cipher";
+ $cipher->can('encrypt') or eval "require $cipher; 1" or croak "Couldn't load $cipher: $@";
+ # some crypt modules use the class Crypt::, and others don't
+ $cipher =~ s/^Crypt::// unless $cipher->can('keysize');
+ }
# allow user to override these values
my $ks = $options->{keysize};
@@ -68,7 +81,7 @@
# keysize (well, Crypt::Blowfish in any case). If we detect
# this, and find the blowfish module in use, then assume 56.
# Otherwise assume the least common denominator of 8.
- $ks ||= $cipher =~ /blowfish/i ? 56 : 8;
+ $ks ||= $cipherclass =~ /blowfish/i ? 56 : 8;
$bs ||= $ks;
my $pcbc = $options->{'pcbc'};
@@ -77,8 +90,9 @@
# But if the literal_key option is true, then use key as is
croak "The options -literal_key and -regenerate_key are incompatible with each other"
if exists $options->{literal_key} && exists $options->{regenerate_key};
- my $key = $pass if $options->{literal_key};
- $key = $pass if exists $options->{regenerate_key} && !$options->{regenerate_key};
+ my $key;
+ $key = $pass if $options->{literal_key};
+ $key = $pass if exists $options->{regenerate_key} && !$options->{regenerate_key};
# Get the salt.
my $salt = $options->{salt};
@@ -88,8 +102,9 @@
# note: iv will be autogenerated by start() if not specified in options
my $iv = $options->{iv};
my $random_iv = 1 unless defined $iv;
- croak "Initialization vector must be exactly $bs bytes long when using the $cipher cipher" if defined $iv and length($iv) != $bs;
-
+ croak "Initialization vector must be exactly $bs bytes long when using the $cipherclass cipher" if defined $iv and length($iv) != $bs;
+
+ my $literal_key = $options->{literal_key} || (exists $options->{regenerate_key} && !$options->{regenerate_key});
my $legacy_hack = $options->{insecure_legacy_decrypt};
my $padding = $options->{padding} || 'standard';
@@ -142,6 +157,7 @@
'keysize' => $ks,
'header_mode' => $header_mode,
'legacy_hack' => $legacy_hack,
+ 'literal_key' => $literal_key,
'pcbc' => $pcbc,
'make_random_salt' => $random_salt,
'make_random_iv' => $random_iv,
@@ -306,9 +322,9 @@
unless $self->{key} && $self->{civ};
# now we can generate the crypt object itself
- $self->{crypt} = $self->{cipher}->new($self->{key})
- or croak "Could not create $self->{cipher} object: $@";
-
+ $self->{crypt} = ref $self->{cipher} ? $self->{cipher}
+ : $self->{cipher}->new($self->{key})
+ or croak "Could not create $self->{cipher} object: $@";
return '';
}
@@ -348,9 +364,9 @@
croak "key and/or iv are missing" unless defined $self->{key} && defined $self->{civ};
- $self->{crypt} = $self->{cipher}->new($self->{key})
- or croak "Could not create $self->{cipher} object: $@";
-
+ $self->{crypt} = ref $self->{cipher} ? $self->{cipher}
+ : $self->{cipher}->new($self->{key})
+ or croak "Could not create $self->{cipher} object: $@";
return $result;
}
@@ -358,6 +374,8 @@
my $self = shift;
my $pass = shift;
my $ks = $self->{keysize};
+
+ return $pass if $self->{literal_key};
my $material = md5($pass);
while (length($material) < $ks) {
@@ -587,7 +605,8 @@
-key The encryption/decryption key (required)
- -cipher The cipher algorithm (defaults to Crypt::DES)
+ -cipher The cipher algorithm (defaults to Crypt::DES), or
+ a preexisting cipher object.
-salt Enables OpenSSL-compatibility. If equal to a value
of "1" then causes a random salt to be generated
@@ -658,6 +677,14 @@
Crypt::DES, Crypt::DES_EDE3, Crypt::IDEA, Crypt::Blowfish,
Crypt::CAST5 and Crypt::Rijndael. You may refer to them using their
full names ("Crypt::IDEA") or in abbreviated form ("IDEA").
+
+Instead of passing the name of a cipher class, you may pass an
+already-created block cipher object. This allows you to take advantage
+of cipher algorithms that have parameterized new() methods, such as
+Crypt::Eksblowfish:
+
+ my $eksblowfish = Crypt::Eksblowfish->new(8,$salt,$key);
+ my $cbc = Crypt::CBC->new(-cipher=>$eksblowfish);
The B<-key> argument provides either a passphrase to use to generate
the encryption key, or the literal value of the block cipher key. If
@@ -668,7 +695,11 @@
be at least equal to the cipher's blocksize. To skip this hashing
operation and specify the key directly, pass a true value to the
B<-literal_key> option. In this case, you should choose a key of
-length exactly equal to the cipher's key length.
+length exactly equal to the cipher's key length. You should also
+specify the IV yourself and a -header mode of 'none'.
+
+If you pass an existing Crypt::* object to new(), then the -key
+argument is ignored and the module will generate a warning.
The B<-header> argument specifies what type of header, if any, to
prepend to the beginning of the encrypted data stream. The header
Modified: packages/libcrypt-cbc-perl/branches/upstream/current/Changes
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libcrypt-cbc-perl/branches/upstream/current/Changes?rev=4304&op=diff
==============================================================================
--- packages/libcrypt-cbc-perl/branches/upstream/current/Changes (original)
+++ packages/libcrypt-cbc-perl/branches/upstream/current/Changes Sun Nov 19 20:26:18 2006
@@ -1,4 +1,19 @@
Revision history for Perl extension Crypt::CBC.
+2.22 Sun Oct 29 16:50:32 EST 2006
+ - Fixed bug in which plaintext encrypted with the -literal_key
+ option could not be decrypted using a new object created with
+ the same -literal_key.
+ - Added documentation confirming that -literal_key must be accompanied by a
+ -header of 'none' and a manually specificied IV.
+
+2.21 Mon Oct 16 19:26:26 EDT 2006
+ - Fixed bug in which new() failed to work when first option is -literal_key.
+
+2.20 Sat Aug 12 22:30:53 EDT 2006
+ - Added ability to pass a preinitialized Crypt::* block cipher object instead of
+ the class name.
+ - Fixed a bug when processing -literal_key.
+
2.19 Tue Jul 18 18:39:57 EDT 2006
- Renamed Crypt::CBC-2.16-vulnerability.txt so that package installs correctly under
Cygwin
Modified: packages/libcrypt-cbc-perl/branches/upstream/current/MANIFEST
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libcrypt-cbc-perl/branches/upstream/current/MANIFEST?rev=4304&op=diff
==============================================================================
--- packages/libcrypt-cbc-perl/branches/upstream/current/MANIFEST (original)
+++ packages/libcrypt-cbc-perl/branches/upstream/current/MANIFEST Sun Nov 19 20:26:18 2006
@@ -4,6 +4,7 @@
META.yml Module meta-data (added by MakeMaker)
Makefile.PL
README
+README.compatibility
Crypt-CBC-2.16-vulnerability.txt
eg/aes.pl
eg/des.pl
@@ -19,4 +20,5 @@
t/func.t
t/null_data.t
t/parameters.t
+t/preexisting.t
Modified: packages/libcrypt-cbc-perl/branches/upstream/current/META.yml
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libcrypt-cbc-perl/branches/upstream/current/META.yml?rev=4304&op=diff
==============================================================================
--- packages/libcrypt-cbc-perl/branches/upstream/current/META.yml (original)
+++ packages/libcrypt-cbc-perl/branches/upstream/current/META.yml Sun Nov 19 20:26:18 2006
@@ -1,7 +1,7 @@
# http://module-build.sourceforge.net/META-spec.html
#XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX#
name: Crypt-CBC
-version: 2.19
+version: 2.22
version_from: CBC.pm
installdirs: site
requires:
Added: packages/libcrypt-cbc-perl/branches/upstream/current/README.compatibility
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libcrypt-cbc-perl/branches/upstream/current/README.compatibility?rev=4304&op=file
==============================================================================
(empty)
Modified: packages/libcrypt-cbc-perl/branches/upstream/current/t/parameters.t
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libcrypt-cbc-perl/branches/upstream/current/t/parameters.t?rev=4304&op=diff
==============================================================================
--- packages/libcrypt-cbc-perl/branches/upstream/current/t/parameters.t (original)
+++ packages/libcrypt-cbc-perl/branches/upstream/current/t/parameters.t Sun Nov 19 20:26:18 2006
@@ -13,7 +13,7 @@
END
;
-print "1..61\n";
+print "1..63\n";
eval "use Crypt::CBC";
test(1,!$@,"Couldn't load module");
@@ -216,6 +216,15 @@
},
"module allowed initialization of header_mode 'none' without a key");
+$crypt = eval {Crypt::CBC->new(-cipher => 'Crypt::Crypt8',
+ -literal_key => 1,
+ -header => 'none',
+ -key => 'a'x56,
+ -iv => 'b'x8,
+ ) };
+test(62,defined $crypt,"unable to create a Crypt::CBC object with the -literal_key option: $@");
+test(63,$plaintext eq $crypt->decrypt($crypt->encrypt($plaintext)),'cannot decrypt encrypted data using -literal_key');
+
exit 0;
sub test ($$$){
Added: packages/libcrypt-cbc-perl/branches/upstream/current/t/preexisting.t
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libcrypt-cbc-perl/branches/upstream/current/t/preexisting.t?rev=4304&op=file
==============================================================================
--- packages/libcrypt-cbc-perl/branches/upstream/current/t/preexisting.t (added)
+++ packages/libcrypt-cbc-perl/branches/upstream/current/t/preexisting.t Sun Nov 19 20:26:18 2006
@@ -1,0 +1,77 @@
+#!/usr/local/bin/perl
+
+use strict;
+use lib '..','../blib/lib','.','./blib/lib';
+
+my (@mods,$cipherclass,$i,$c,$p,$test_data);
+
+ at mods = qw/Eksblowfish
+ Rijndael
+ Blowfish
+ Blowfish_PP
+ IDEA
+ DES
+ /;
+
+for my $mod (@mods) {
+ if (eval "use Crypt::$mod(); 1") {
+ $cipherclass = "Crypt::$mod";
+ warn "Using $cipherclass for test\n";
+ last;
+ }
+}
+
+unless ($cipherclass) {
+ print "1..0 # Skipped: No cryptographic module suitable for testing\n";
+ exit;
+}
+
+print "1..33\n";
+
+sub test {
+ local($^W) = 0;
+ my($num, $true,$msg) = @_;
+ print($true ? "ok $num\n" : "not ok $num $msg\n");
+}
+
+$test_data = <<END;
+Mary had a little lamb,
+Its fleece was black as coal,
+And everywere that Mary went,
+That lamb would dig a hole.
+END
+ ;
+
+eval "use Crypt::CBC";
+
+test(1,!$@,"Couldn't load module");
+my $bs = eval{$cipherclass->blocksize} || 8;
+my $ks = eval{$cipherclass->keysize} || $bs;
+
+my $key = Crypt::CBC->_get_random_bytes($ks);
+my $cipher = $cipherclass eq 'Crypt::Eksblowfish' ? $cipherclass->new(8,Crypt::CBC->_get_random_bytes(16),$key) : $cipherclass->new($key);
+
+test(2,$i = Crypt::CBC->new(-cipher=>$cipher),"Couldn't create new object");
+test(3,$c = $i->encrypt($test_data),"Couldn't encrypt");
+test(4,$p = $i->decrypt($c),"Couldn't decrypt");
+test(5,$p eq $test_data,"Decrypted ciphertext doesn't match plaintext");
+
+# now try various truncations of the whole
+for (my $c=1;$c<=7;$c++) {
+ substr($test_data,-$c) = ''; # truncate
+ test(5+$c,$i->decrypt($i->encrypt($test_data)) eq $test_data);
+}
+
+# now try various short strings
+for (my $c=0;$c<=18;$c++) {
+ $test_data = 'i' x $c;
+ test (13+$c,$i->decrypt($i->encrypt($test_data)) eq $test_data);
+}
+
+
+# make sure that strings that end in spaces or nulls are treated correctly
+$test_data = "This string ends in a null\0";
+test (32,$i->decrypt($i->encrypt($test_data)) eq $test_data);
+
+$test_data = "This string ends in some spaces ";
+test (33,$i->decrypt($i->encrypt($test_data)) eq $test_data);
More information about the Pkg-perl-cvs-commits
mailing list