r1709 - in packages/libcrypt-cbc-perl/trunk: . debian eg t
Krzysztof Krzyzaniak
eloy at costa.debian.org
Tue Dec 20 09:56:44 UTC 2005
Author: eloy
Date: 2005-12-20 09:56:44 +0000 (Tue, 20 Dec 2005)
New Revision: 1709
Added:
packages/libcrypt-cbc-perl/trunk/eg/aes.pl
packages/libcrypt-cbc-perl/trunk/t/Blowfish.t
packages/libcrypt-cbc-perl/trunk/t/Blowfish_PP.t
packages/libcrypt-cbc-perl/trunk/t/CAST5.t
packages/libcrypt-cbc-perl/trunk/t/DES.t
packages/libcrypt-cbc-perl/trunk/t/IDEA.t
packages/libcrypt-cbc-perl/trunk/t/PCBC.t
packages/libcrypt-cbc-perl/trunk/t/Rijndael.t
Modified:
packages/libcrypt-cbc-perl/trunk/CBC.pm
packages/libcrypt-cbc-perl/trunk/Changes
packages/libcrypt-cbc-perl/trunk/MANIFEST
packages/libcrypt-cbc-perl/trunk/META.yml
packages/libcrypt-cbc-perl/trunk/debian/changelog
packages/libcrypt-cbc-perl/trunk/debian/control
packages/libcrypt-cbc-perl/trunk/eg/des.pl
packages/libcrypt-cbc-perl/trunk/eg/idea.pl
packages/libcrypt-cbc-perl/trunk/t/Rijndael_compat.t
packages/libcrypt-cbc-perl/trunk/t/func.t
packages/libcrypt-cbc-perl/trunk/t/null_data.t
Log:
eloy: new upstream version
Modified: packages/libcrypt-cbc-perl/trunk/CBC.pm
===================================================================
--- packages/libcrypt-cbc-perl/trunk/CBC.pm 2005-12-20 09:54:31 UTC (rev 1708)
+++ packages/libcrypt-cbc-perl/trunk/CBC.pm 2005-12-20 09:56:44 UTC (rev 1709)
@@ -4,64 +4,83 @@
use Carp;
use strict;
use vars qw($VERSION);
-$VERSION = '2.12';
+$VERSION = '2.15';
+use constant RANDOM_DEVICE => '/dev/urandom';
+
sub new {
my $class = shift;
- my $arg1 = shift;
- my $arg2 = shift;
my $options = {};
- if (ref($arg1) eq 'HASH') {
- $options = $arg1;
- } else {
- $options->{key} = $arg1;
+ # hashref arguments
+ if (ref $_[0] eq 'HASH') {
+ $options = shift;
}
- if ($arg2) {
- $options->{cipher} = $arg2;
+ # CGI style arguments
+ elsif ($_[0] =~ /^-[a-zA-Z]{1,20}$/) {
+ my %tmp = @_;
+ while ( my($key,$value) = each %tmp) {
+ $key =~ s/^-//;
+ $options->{lc $key} = $value;
+ }
}
- my $key = $options->{key};
- croak "Please provide an encryption/decryption key" unless defined $key;
+ else {
+ $options->{key} = shift;
+ $options->{cipher} = shift;
+ }
- # get key from key?
- my $gkfk = 1;
- $gkfk = $options->{regenerate_key} if (exists($options->{regenerate_key}));
+ # "key" is a misnomer here, because it is actually usually a passphrase that is used
+ # to derive the true key
+ my $pass = $options->{key};
+ croak "Please provide an encryption/decryption key" unless defined $pass;
+ # confusing logic, but if the regenerate_key option is present but false, we
+ # use the passphrase for the key
+ my $key = $pass if $options->{literal_key}
+ or (exists $options->{regenerate_key} && !$options->{regenerate_key});
+ my $salt = $options->{salt};
+
+ # if salt is equal to the string "1", then we replace it with random bytes
+ $salt = $class->_get_random_bytes(8) if $salt and $salt eq '1';
+
+ my $prepend_header = 1;
+ for ('prepend_iv','add_header') {
+ $prepend_header = 0 if exists $options->{$_} && !$options->{$_};
+ }
+
+ # note: iv will be autogenerated by start() if not specified in options
+ my $iv = $options->{iv};
+ croak "Initialization vector must be 8 bytes" if $prepend_header && defined $iv && length $iv != 8;
+
my $cipher = $options->{cipher};
$cipher = 'Crypt::DES' unless $cipher;
$cipher = $cipher=~/^Crypt::/ ? $cipher : "Crypt::$cipher";
- eval "require $cipher";
- croak "Couldn't load $cipher: $@" if $@;
+ eval "require $cipher; 1" or croak "Couldn't load $cipher: $@";
+
# some crypt modules use the class Crypt::, and others don't
$cipher =~ s/^Crypt::// unless $cipher->can('keysize');
- my $iv = $options->{iv};
-
my $ks = eval {$cipher->keysize};
my $bs = eval {$cipher->blocksize};
- my $padding = $options->{padding};
- $padding ||= \&_standard_padding;
+ my $padding = $options->{padding} || 'standard';
if ($padding && ref($padding) eq 'CODE') {
# check to see that this code does its padding correctly
for my $i (1..$bs-1) {
my $rbs = length($padding->(" "x$i,$bs,'e'));
- croak "padding method callback does not behave properly: expected $bs bytes back, got $rbs bytes back." unless ($rbs == $bs);
+ croak "padding method callback does not behave properly: expected $bs bytes back, got $rbs bytes back."
+ unless ($rbs == $bs);
}
- } elsif ($padding eq 'null') {
- $padding = \&_null_padding;
- } elsif ($padding eq 'space') {
- $padding = \&_space_padding;
- } elsif ($padding eq 'oneandzeroes') {
- $padding = \&_oneandzeroes_padding;
- } elsif ($padding eq 'standard') {
- $padding = \&_standard_padding;
} else {
- croak "padding method $padding not supported. Please create your own sub to do it, and pass in a coderef to that";
+ $padding = $padding eq 'null' ? \&_null_padding
+ :$padding eq 'space' ? \&_space_padding
+ :$padding eq 'oneandzeroes' ? \&_oneandzeroes_padding
+ :$padding eq 'standard' ? \&_standard_padding
+ :croak "'$padding' padding not supported. See perldoc Crypt::CBC for instructions on creating your own.";
}
# Some of the cipher modules are busted and don't report the
@@ -71,37 +90,23 @@
$ks ||= $cipher =~ /blowfish/i ? 56 : 8;
$bs ||= $ks;
- if ($gkfk) {
- # generate the keysize from the
- # MD5 hash of the provided key.
- my $material = md5($key);
- # if that's not enough, keep adding to it
- while (length($material) < $ks) {
- $material .= md5($material);
- }
-
- $key = substr($material,0,$ks);
+ if (defined $key && length($key) > $ks) {
+ carp "keysize is greater than allowed keysize of $ks for cipher $cipher - using only first $ks bytes";
+ $key = substr($key, 0, $ks);
}
- if (length($key) > $ks) {
- carp "keysize is greater than allowed keysize of $ks for cipher $cipher - using only first $ks bytes";
- $key = substr($key, 0, $ks);
- }
-
- my $prepend_iv = exists $options->{'prepend_iv'}
- ? $options->{'prepend_iv'}
- : 1;
+ my $pcbc = $options->{'pcbc'};
- my $pcbc = exists $options->{'pcbc'}
- ? $options->{'pcbc'}
- : 0;
-
- return bless {'crypt' => $cipher->new($key),
- 'iv' => $iv,
- 'padding' => $padding,
- 'blocksize' => $bs,
- 'prepend_iv' => $prepend_iv,
- 'pcbc' => $pcbc,
+ return bless {'cipher' => $cipher,
+ 'passphrase' => $pass,
+ 'key' => $key,
+ 'iv' => $iv,
+ 'salt' => $salt,
+ 'padding' => $padding,
+ 'blocksize' => $bs,
+ 'keysize' => $ks,
+ 'prepend_header' => $prepend_header,
+ 'pcbc' => $pcbc,
},$class;
}
@@ -137,10 +142,6 @@
my $operation = shift;
croak "Specify <e>ncryption or <d>ecryption" unless $operation=~/^[ed]/i;
- unless (defined($self->{'iv'})) {
- $self->{'iv'} = pack("C*",map {rand(256)} 1..8);
- }
-
$self->{'buffer'} = '';
$self->{'decrypt'} = $operation=~/^d/i;
}
@@ -149,41 +150,26 @@
sub crypt (\$$){
my $self = shift;
my $data = shift;
+
+ my $result;
+
croak "crypt() called without a preceding start()"
unless exists $self->{'buffer'};
my $d = $self->{'decrypt'};
- my $iv;
- my $result = '';
-
- if ( !$self->{'civ'} ) {
- if ($d) { # decrypting
- if (($iv) = $data=~ /^RandomIV(.{8})/s) {
- $self->{'iv'} = $iv;
- substr($data,0,16) = ''; #truncate
- }
- } else { # encrypting
- if ($self->{'prepend_iv'}) {
- $result = 'RandomIV';
- $result .= $self->{'iv'};
- }
- }
- $self->{'civ'} = $self->{'iv'};
+ unless ($self->{civ}) { # block cipher has not yet been initialized
+ $result = $self->_generate_iv_and_cipher_from_datastream(\$data) if $d;
+ $result = $self->_generate_iv_and_cipher_from_options() unless $d;
}
- $iv = $self->{'civ'};
-
+ my $iv = $self->{'civ'};
$self->{'buffer'} .= $data;
- my $bs = $self->{'blocksize'};
+ my $bs = $self->{'blocksize'};
return $result unless (length($self->{'buffer'}) >= $bs);
- # split into blocksize chunks
- # used to be:
- # my @blocks = $self->{'buffer'}=~/(.{1,$bs})/ogs;
- # but this is a little faster (about 1.5 times)
my @blocks = unpack("a$bs "x(int(length($self->{'buffer'})/$bs)) . "a*", $self->{'buffer'});
$self->{'buffer'} = '';
@@ -234,6 +220,126 @@
return $result;
}
+# this subroutine will generate the actual {en,de}cryption key, the iv
+# and the block cipher object. This is called when reading from a datastream
+# and so it uses previous values of salt or iv if they are encoded in datastream
+# header
+sub _generate_iv_and_cipher_from_datastream {
+ my $self = shift;
+ my $input_stream = shift;
+
+ # if the input stream contains the salt, then it is used to derive the
+ # IV and the encryption key from the passphrase
+ if (my($salt) = $$input_stream =~ /^Salted__(.{8})/s) {
+ $self->{salt} = $salt; # Replace manually-specified salt
+ undef $self->{key}; # reset the key and iv
+ undef $self->{iv};
+ substr($$input_stream,0,16) = '';
+ }
+
+ # if the input stream contains the IV, then we use it to set the IV
+ elsif ( my($iv) = $$input_stream =~ /^RandomIV(.{8})/s) {
+ undef $self->{salt}; # message contents overrides salt option
+ $self->{'iv'} = $iv;
+ substr($$input_stream,0,16) = ''; # truncate
+ }
+
+ if (my $salt = $self->{salt}) {
+ my ($key,$iv) = $self->_salted_key_and_iv($self->{passphrase},$salt);
+ $self->{key} ||= $key; # don't replace manually-specified key
+ $self->{iv} ||= $iv; # don't replace manually-specified IV
+ } else {
+ $self->{key} ||= $self->_key_from_key($self->{passphrase}); # don't replace manually-specified key
+ }
+
+ # we should have the key and iv now, or we are dead in the water
+ croak "Cipher stream did not contain IV or salt, and you did not specify these values in new()"
+ unless $self->{key} && $self->{iv};
+
+ $self->{civ} = $self->{iv}; # 'civ' == "current IV"
+
+ # now we can generate the crypt object itself
+ $self->{crypt} = $self->{cipher}->new($self->{key})
+ or croak "Could not create $self->{cipher} object: $@";
+
+ return '';
+}
+
+sub _generate_iv_and_cipher_from_options {
+ my $self = shift;
+
+ my $result = '';
+
+ # if salt is provided, then we use that to generate our key and iv
+ if (my $salt = $self->{salt}) {
+ my ($key,$iv) = $self->_salted_key_and_iv($self->{passphrase},$salt);
+ $self->{key} ||= $key;
+ $self->{iv} ||= $iv;
+ $result = "Salted__${salt}" if $self->{'prepend_header'};
+ }
+
+ else {
+ $self->{key} ||= $self->_key_from_key($self->{passphrase});
+ $self->{iv} ||= $self->_get_random_bytes(8);
+ $result = "RandomIV$self->{iv}" if $self->{'prepend_header'};
+ }
+
+ croak "key and/or iv are missing" unless $self->{key} && $self->{iv};
+
+ $self->{crypt} = $self->{cipher}->new($self->{key})
+ or croak "Could not create $self->{cipher} object: $@";
+ $self->{'civ'} = $self->{'iv'};
+
+ return $result;
+}
+
+sub _key_from_key {
+ my $self = shift;
+ my $pass = shift;
+ my $ks = $self->{keysize};
+
+ my $material = md5($pass);
+ while (length($material) < $ks) {
+ $material .= md5($material);
+ }
+ return substr($material,0,$ks);
+}
+
+sub _salted_key_and_iv {
+ my $self = shift;
+ my ($pass,$salt) = @_;
+
+ croak "Salt must be 8 bytes long" unless length $salt == 8;
+
+ my $key_len = $self->{keysize};
+ my $iv_len = $self->{blocksize};
+
+ my $desired_len = $key_len+$iv_len;
+
+ my $data = '';
+ my $d = '';
+
+ while (length $data < $desired_len) {
+ $d = md5($d . $pass . $salt);
+ $data .= $d;
+ }
+ return (substr($data,0,$key_len),substr($data,$key_len,$iv_len));
+}
+
+sub _get_random_bytes {
+ my $self = shift;
+ my $length = shift;
+ my $result;
+
+ if (-r RANDOM_DEVICE && open(F,RANDOM_DEVICE)) {
+ read(F,$result,$length);
+ close F;
+ } else {
+ $result = pack("C*",map {rand(256)} 1..$length);
+ }
+ $result;
+}
+
sub _standard_padding ($$$) {
my ($b,$bs,$decrypt) = @_;
$b = length $b ? $b : '';
@@ -292,6 +398,44 @@
$self->{'iv'} = $iv;
}
+sub salt {
+ my $self = shift;
+ my $d = $self->{salt};
+ $self->{salt} = shift if @_;
+ $d;
+}
+
+sub iv {
+ my $self = shift;
+ my $d = $self->{iv};
+ $self->{iv} = shift if @_;
+ $d;
+}
+
+sub key {
+ my $self = shift;
+ my $d = $self->{key};
+ $self->{key} = shift if @_;
+ $d;
+}
+
+sub passphrase {
+ my $self = shift;
+ my $d = $self->{passphrase};
+ if (@_) {
+ undef $self->{key};
+ undef $self->{iv};
+ $self->{passphrase} = shift;
+ }
+ $d;
+}
+
+sub cipher { shift->{cipher} }
+sub padding { shift->{padding} }
+sub keysize { shift->{keysize} }
+sub blocksize { shift->{blocksize} }
+sub pcbc { shift->{pcbc} }
+
1;
__END__
@@ -302,18 +446,14 @@
=head1 SYNOPSIS
use Crypt::CBC;
- $cipher = Crypt::CBC->new( {'key' => 'my secret key',
- 'cipher' => 'Blowfish',
- 'iv' => '$KJh#(}q',
- 'regenerate_key' => 0, # default true
- 'padding' => 'space',
- 'prepend_iv' => 0,
- 'pcbc' => 1 #default 0
- });
-
+ $cipher = Crypt::CBC->new( -key => 'my secret key',
+ -cipher => 'Blowfish',
+ -salt => 1,
+ );
+
$ciphertext = $cipher->encrypt("This data is hush hush");
$plaintext = $cipher->decrypt($ciphertext);
-
+
$cipher->start('encrypting');
open(F,"./BIG_FILE");
while (read(F,$buffer,1024)) {
@@ -328,7 +468,8 @@
block chaining mode (CBC). In combination with a block cipher such as
DES or IDEA, you can encrypt and decrypt messages of arbitrarily long
length. The encrypted messages are compatible with the encryption
-format used by B<SSLeay>.
+format used by B<SSLeay>, and can be made compatible with the newer
+B<OpenSSL> package by specifying the B<-salt> argument.
To use this module, you will first create a Crypt::CBC cipher object with
new(). At the time of cipher creation, you specify an encryption key
@@ -341,46 +482,121 @@
=head2 new()
- $cipher = Crypt::CBC->new( {'key' => 'my secret key',
- 'cipher' => 'Blowfish',
- 'iv' => '$KJh#(}q',
- 'regenerate_key' => 0, # default true
- 'padding' => 'space',
- 'prepend_iv' => 0
- });
-
- # or (for compatibility with earlier versions)
- $cipher = new Crypt::CBC($key,$algorithm);
+ $cipher = Crypt::CBC->new( -key => 'my secret key',
+ -cipher => 'Blowfish',
+ -salt => 1
+ );
-The new() method creates a new Crypt::CBC object.
+ # or (for compatibility with versions prior to 2.13)
+ $cipher = Crypt::CBC->new( {key => 'my secret key',
+ cipher => 'Blowfish',
+ salt => 1}
+ );
-You must provide an encryption/decryption key, which can be any series
-of characters of any length. If regenerate_key is not specified as a
-false value, the actual key used is derived from the MD5 hash of the
-key you provide. The cipher is optional and will default to DES unless
+
+ # or (for compatibility with versions prior to 2.0)
+ $cipher = new Crypt::CBC('my secret key','Blowfish');
+
+The new() method creates a new Crypt::CBC object. It accepts a list of
+-argument => value pairs selected from the following list:
+
+ Argument Description
+ -------- -----------
+
+ -key The encryption/decryption key (required)
+
+ -cipher The cipher algorithm (defaults to Crypt::DES)
+
+ -salt Enables OpenSSL-compatibility. If equal to a value
+ of "1" then causes a random salt to be generated
+ and used to derive the encryption key and IV. Other
+ true values are taken to be the literal salt.
+
+ -iv The initialization vector (IV)
+
+ -padding The padding method, one of "standard", "space",
+ "onesandzeroes", or "null". (default "standard")
+
+ -literal_key If true, the key provided by "key" is used directly
+ for encryption/decryption. Otherwise the actual
+ key used will be a hash of the provided key.
+ (default false)
+
+ -pcbc Whether to use the PCBC chaining algorithm rather than
+ the standard CBC algorithm (default false).
+
+ -add_header Whether to add the salt and IV to the header of the output
+ cipher text.
+
+ -regenerate_key [deprecated; use literal_key instead]
+ Whether to use a hash of the provided key to generate
+ the actual encryption key (default true)
+
+ -prepend_iv [deprecated; use add_header instead]
+ Whether to prepend the IV to the beginning of the
+ encrypted stream (default true)
+
+You must provide an encryption/decryption B<-key>, which can be any
+series of characters of any length. If B<-regenerate_key> is true (the
+default), then the actual key used is derived from the MD5 hash of the
+key you provide; otherwise the actual binary bits of the key are used.
+
+The B<-cipher> option specifies which block cipher algorithm to use to
+encode each section of the message. This argument is optional and
+will default to the quick-but-not-very-secure DES algorithm unless
specified otherwise. You may use any compatible block encryption
-algorithm that you have installed. Currently, this includes Crypt::DES,
-Crypt::DES_EDE3, Crypt::IDEA, Crypt::Blowfish, and Crypt::Rijndael. You
-may refer to them using their full names ("Crypt::IDEA") or in
-abbreviated form ("IDEA").
+algorithm that you have installed. Currently, this includes
+Crypt::DES, Crypt::DES_EDE3, Crypt::IDEA, Crypt::Blowfish,
+Crypt::CAST5 and Crypt::Rijndael. You may refer to them using their
+full names ("Crypt::IDEA") or in abbreviated form ("IDEA").
-An initialization vector may be specified, either by passing in a key of
-'iv' as an option to new, or by calling
-$cipher->set_initialization_key($iv) before calling $cipher->start().
-The IV will be ignored in decryption if the ciphertext is prepended by
-text which matches the regex /^RandomIV.{8}/, in which case the 8
-characters following "RandomIV" will be used as the IV. When encrypting,
-by default the ciphertext will be prepended with "RandomIVE<lt>IVE<gt>"
-(16 bytes). To disable this, set 'prepend_iv' to a false value. The
-padding method can be specified by the 'padding' option. If no padding
-method is specified, PKCS#5 ("standard") padding is assumed.
+The B<-salt> argument actives an OpenSSL-compatible method of
+generating the encryption/decryption key and IV. If salt has the value
+"1", then a random salt is computed (highly recommended). Any other
+non-false value will be interpreted as the bytes of the actual salt to
+use. If you provide the salt, it must be exactly 8 bytes in length.
+It is highly recommended that you use -salt=>1, as this may become the
+default in future versions of this module.
-Instead of the default cipher-block-chaining mode a modified algorithm
-PCBC can be used. It provides better error propagation characteristics
-than CBC encryption. To switch it on you have to set 'pcbc' to a true value.
-The PCBC mode is part of the des library and required e.g. in Kerberos4
-authentication procedures as mentioned in RFC 2222 and other documents.
+The initialization vector (IV) is used to start the CBC chaining
+algorithm. Unless you have also specified a false value for
+B<-add_header>, the IV should be exactly 8 bytes in length. The IV may
+be specified manually by passing in a key of B<-iv> as an option to
+new() or by calling $cipher->set_initialization_vector($iv) before
+calling $cipher->start(). If no IV is specified, then one will be
+generated randomly for you. This is backwardly compatible with CBC
+encrypted streams generated by the older SSLEay library.
+The B<-padding> argument controls how the last few bytes of the
+encrypted stream are dealt with when they not an exact multiple of the
+cipher block length. The default is "standard", the method specified
+in PKCS#5.
+
+The B<-pcbc> argument, if true, activates a modified chaining mode
+known as PCBC. It provides better error propagation characteristics
+than the default CBC encryption and is required for authenticating to
+Kerberos4 systems (see RFC 2222).
+
+When generating ciphertext, the IV or salt are inserted into the
+encrypted data as a 16 byte header. If the B<-salt> option was
+specified, the header will consist of the string "Salted__" followed
+by 8 bytes of salt data. Otherwise the header will consist of
+"RandomIV" followed by 8 bytes of IV data. During decryption, if the
+ciphertext is found to contain either of these headers, the IV or salt
+will be retrieved and used during the decryption process, ignoring any
+values that you might have set manually.
+
+You may disable the generation of the header, by specifying a false
+value for B<-add_header>. You will then have to provide the correct
+values of IV or salt when you decrypt the resulting ciphertext.
+
+For compatibility with earlier versions of this module, you can
+provide new() with a hashref containing key/value pairs. The key names
+are the same as the arguments described earlier, but without the
+initial hyphen. You may also call new() with one or two positional
+arguments, in which case the first argument is taken to be the key and
+the second to be the optional block cipher algorithm.
+
=head2 start()
$cipher->start('encrypting');
@@ -449,22 +665,58 @@
$iv = $cipher->get_initialization_vector()
This function will return the IV used in encryption and or decryption.
-This function may be useful to determine the random IV used when
-encrypting if none is specified in new(). The IV is not guaranteed to
-be set when encrypting until start() is called, and when decrypting
-until crypt() is called the first time.
+The IV is not guaranteed to be set when encrypting until start() is
+called, and when decrypting until crypt() is called the first time.
=head2 set_initialization_vector()
$cipher->set_initialization_vector('76543210')
-This function sets the IV used in encryption and/or decryption. This
-function may be useful if the IV is not contained within the ciphertext
-string being decrypted, or if a particular IV is desired for encryption.
-If not set, a random IV will be generated. The IV is not guaranteed to
-be set when encrypting until start() is called, and when decrypting
-until crypt() is called the first time.
+This function sets the IV used in encryption and/or decryption. This
+function may be useful if the IV is not contained within the
+ciphertext string being decrypted, or if a particular IV is desired
+for encryption. Note that the IV must be 8 bytes in length.
+=head2 iv()
+
+ $iv = $cipher->iv();
+ $cipher->iv($new_iv);
+
+As above, but using a single method call.
+
+=head2 key()
+
+ $key = $cipher->key();
+ $cipher->key($new_key);
+
+Get or set the actual key used for encryption/decryption. When
+encrypting, the key is not guaranteed to exist until start() is
+called, and when decrypting, the key is not guaranteed to exist until
+after the first call to crypt(). The key must match the length
+required by the underlying block cipher.
+
+=head2 salt()
+
+ $salt = $cipher->salt();
+ $cipher->salt($new_salt);
+
+Get or set the salt used for deriving the encryption key and IV when
+in OpenSSL compatibility mode.
+
+=head2 passphrase()
+
+ $passphrase = $cipher->passphrase();
+ $cipher->passphrase($new_passphrase);
+
+This gets or sets the value of the B<key> passed to new() when
+B<literal_key> is false.
+
+=head2 cipher(), padding(), keysize(), blocksize(), pcbc()
+
+These read-only methods return the identity of the chosen block cipher
+algorithm, padding method, key and block size of the chosen block
+cipher, and whether PCBC chaining is in effect.
+
=head2 Padding methods
Use the 'padding' option to change the padding method.
Modified: packages/libcrypt-cbc-perl/trunk/Changes
===================================================================
--- packages/libcrypt-cbc-perl/trunk/Changes 2005-12-20 09:54:31 UTC (rev 1708)
+++ packages/libcrypt-cbc-perl/trunk/Changes 2005-12-20 09:56:44 UTC (rev 1709)
@@ -1,4 +1,14 @@
Revision history for Perl extension Crypt::CBC.
+2.14 Thu May 5 16:08:15 EDT 2005
+ - RandomIV in message header overrides manually-supplied -salt, as one
+ would expect it should.
+
+2.13 Fri Apr 22 13:01:32 EDT 200
+ - Added OpenSSL compatibility
+ - Salt and IV generators take advantage of /dev/urandom device, if available
+ - Reorganized internal structure for coding clarity
+ - Added regression test for PCBC mode
+
2.12 Thu Jun 17 11:52:04 EDT 2004
- quenched (again) uninitialized variable warnings
Modified: packages/libcrypt-cbc-perl/trunk/MANIFEST
===================================================================
--- packages/libcrypt-cbc-perl/trunk/MANIFEST 2005-12-20 09:54:31 UTC (rev 1708)
+++ packages/libcrypt-cbc-perl/trunk/MANIFEST 2005-12-20 09:56:44 UTC (rev 1709)
@@ -1,11 +1,19 @@
CBC.pm
Changes
MANIFEST
+META.yml Module meta-data (added by MakeMaker)
Makefile.PL
README
+eg/aes.pl
eg/des.pl
eg/idea.pl
+t/Blowfish.t
+t/Blowfish_PP.t
+t/CAST5.t
+t/DES.t
+t/IDEA.t
+t/PCBC.t
+t/Rijndael.t
t/Rijndael_compat.t
t/func.t
t/null_data.t
-META.yml Module meta-data (added by MakeMaker)
Modified: packages/libcrypt-cbc-perl/trunk/META.yml
===================================================================
--- packages/libcrypt-cbc-perl/trunk/META.yml 2005-12-20 09:54:31 UTC (rev 1708)
+++ packages/libcrypt-cbc-perl/trunk/META.yml 2005-12-20 09:56:44 UTC (rev 1709)
@@ -1,7 +1,7 @@
# http://module-build.sourceforge.net/META-spec.html
#XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX#
name: Crypt-CBC
-version: 2.11
+version: 2.15
version_from: CBC.pm
installdirs: site
requires:
Modified: packages/libcrypt-cbc-perl/trunk/debian/changelog
===================================================================
--- packages/libcrypt-cbc-perl/trunk/debian/changelog 2005-12-20 09:54:31 UTC (rev 1708)
+++ packages/libcrypt-cbc-perl/trunk/debian/changelog 2005-12-20 09:56:44 UTC (rev 1709)
@@ -1,3 +1,12 @@
+libcrypt-cbc-perl (2.15-1) unstable; urgency=low
+
+ * New upstream release (closes: #329519)
+ * debian/control:
+ - Standards-Version bumped to 3.6.2 without changes,
+ - added me to Uploaders
+
+ -- Krzysztof Krzyzaniak (eloy) <eloy at debian.org> Tue, 20 Dec 2005 10:54:38 +0100
+
libcrypt-cbc-perl (2.12-2) unstable; urgency=low
* debian/control:
Modified: packages/libcrypt-cbc-perl/trunk/debian/control
===================================================================
--- packages/libcrypt-cbc-perl/trunk/debian/control 2005-12-20 09:54:31 UTC (rev 1708)
+++ packages/libcrypt-cbc-perl/trunk/debian/control 2005-12-20 09:56:44 UTC (rev 1709)
@@ -2,9 +2,9 @@
Section: perl
Priority: optional
Maintainer: Debian Perl Group <pkg-perl-maintainers at lists.alioth.debian.org>
-Uploaders: Gustavo Franco <stratus at debian.org>
+Uploaders: Gustavo Franco <stratus at debian.org>, Krzysztof Krzyzaniak (eloy) <eloy at debian.org>
Build-Depends-Indep: debhelper (>> 4.0.0), perl (>= 5.8)
-Standards-Version: 3.6.1
+Standards-Version: 3.6.2
Package: libcrypt-cbc-perl
Architecture: all
Copied: packages/libcrypt-cbc-perl/trunk/eg/aes.pl (from rev 1708, packages/libcrypt-cbc-perl/branches/upstream/current/eg/aes.pl)
Modified: packages/libcrypt-cbc-perl/trunk/eg/des.pl
===================================================================
--- packages/libcrypt-cbc-perl/trunk/eg/des.pl 2005-12-20 09:54:31 UTC (rev 1708)
+++ packages/libcrypt-cbc-perl/trunk/eg/des.pl 2005-12-20 09:56:44 UTC (rev 1709)
@@ -1,9 +1,8 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
use lib '../blib/lib';
use Getopt::Std;
-use Crypt::DES;
use Crypt::CBC;
use strict vars;
@@ -28,7 +27,9 @@
my $key = $options{'k'} || get_key();
# DES used by default
-my $cipher = Crypt::CBC->new($key) || die "Couldn't create CBC object";
+my $cipher = Crypt::CBC->new(-key => $key,
+ -cipher=> 'DES',
+ -salt => 1) || die "Couldn't create CBC object";
my $decrypt = $options{'d'} and !$options{'e'};
$cipher->start($decrypt ? 'decrypt' : 'encrypt');
Modified: packages/libcrypt-cbc-perl/trunk/eg/idea.pl
===================================================================
--- packages/libcrypt-cbc-perl/trunk/eg/idea.pl 2005-12-20 09:54:31 UTC (rev 1708)
+++ packages/libcrypt-cbc-perl/trunk/eg/idea.pl 2005-12-20 09:56:44 UTC (rev 1709)
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
use lib '../blib/lib';
@@ -27,7 +27,10 @@
if $options{'o'};
my $key = $options{'k'} || get_key();
-my $cipher = Crypt::CBC->new($key,'IDEA') || die "Couldn't create CBC object";
+my $cipher = Crypt::CBC->new(-key => $key,
+ -cipher => 'IDEA',
+ -salt => 1,
+ ) || die "Couldn't create CBC object";
my $decrypt = $options{'d'} and !$options{'e'};
$cipher->start($decrypt ? 'decrypt' : 'encrypt');
Copied: packages/libcrypt-cbc-perl/trunk/t/Blowfish.t (from rev 1708, packages/libcrypt-cbc-perl/branches/upstream/current/t/Blowfish.t)
Copied: packages/libcrypt-cbc-perl/trunk/t/Blowfish_PP.t (from rev 1708, packages/libcrypt-cbc-perl/branches/upstream/current/t/Blowfish_PP.t)
Copied: packages/libcrypt-cbc-perl/trunk/t/CAST5.t (from rev 1708, packages/libcrypt-cbc-perl/branches/upstream/current/t/CAST5.t)
Copied: packages/libcrypt-cbc-perl/trunk/t/DES.t (from rev 1708, packages/libcrypt-cbc-perl/branches/upstream/current/t/DES.t)
Copied: packages/libcrypt-cbc-perl/trunk/t/IDEA.t (from rev 1708, packages/libcrypt-cbc-perl/branches/upstream/current/t/IDEA.t)
Copied: packages/libcrypt-cbc-perl/trunk/t/PCBC.t (from rev 1708, packages/libcrypt-cbc-perl/branches/upstream/current/t/PCBC.t)
Copied: packages/libcrypt-cbc-perl/trunk/t/Rijndael.t (from rev 1708, packages/libcrypt-cbc-perl/branches/upstream/current/t/Rijndael.t)
Modified: packages/libcrypt-cbc-perl/trunk/t/Rijndael_compat.t
===================================================================
--- packages/libcrypt-cbc-perl/trunk/t/Rijndael_compat.t 2005-12-20 09:54:31 UTC (rev 1708)
+++ packages/libcrypt-cbc-perl/trunk/t/Rijndael_compat.t 2005-12-20 09:56:44 UTC (rev 1709)
@@ -40,13 +40,13 @@
eval "use Crypt::CBC";
test(1,!$@,"Couldn't load module");
-test(2,$i = Crypt::CBC->new({key => 'a' x 16,
- cipher => 'Rijndael',
- iv => 'f' x 16,
- regenerate_key => 0,
- prepend_iv => 0,
- padding => 'oneandzeroes'
- }),
+test(2,$i = Crypt::CBC->new(-key => 'a' x 16,
+ -cipher => 'Rijndael',
+ -iv => 'f' x 16,
+ -literal_key => 1,
+ -add_header => 0,
+ -padding => 'oneandzeroes'
+ ),
"Couldn't create new object");
test(3,$j = Crypt::Rijndael->new('a' x 16, Crypt::Rijndael->MODE_CBC),
"Couldn't create new object");
Modified: packages/libcrypt-cbc-perl/trunk/t/func.t
===================================================================
--- packages/libcrypt-cbc-perl/trunk/t/func.t 2005-12-20 09:54:31 UTC (rev 1708)
+++ packages/libcrypt-cbc-perl/trunk/t/func.t 2005-12-20 09:56:44 UTC (rev 1709)
@@ -54,10 +54,10 @@
END
;
- test(\$tnum,$i = Crypt::CBC->new({key => 'secret',
- cipher => $mod,
- padding => $pad
- }),
+ test(\$tnum,$i = Crypt::CBC->new(-key => 'secret',
+ -cipher => $mod,
+ -padding => $pad
+ ),
"Couldn't create new object");
test(\$tnum,$c = $i->encrypt($test_data),"Couldn't encrypt");
Modified: packages/libcrypt-cbc-perl/trunk/t/null_data.t
===================================================================
--- packages/libcrypt-cbc-perl/trunk/t/null_data.t 2005-12-20 09:54:31 UTC (rev 1708)
+++ packages/libcrypt-cbc-perl/trunk/t/null_data.t 2005-12-20 09:56:44 UTC (rev 1709)
@@ -40,13 +40,12 @@
for my $mod (@in) {
for my $pad (@pads) {
- my $cipher = Crypt::CBC->new({key => 'secret',
- cipher => $mod,
- padding => $pad
- });
+ my $cipher = Crypt::CBC->new(-key => 'secret',
+ -cipher => $mod,
+ -padding => $pad
+ );
for my $length (1..128) {
my $test_data = 'a'x$length . '0';
-
my $encrypted = $cipher->encrypt_hex($test_data);
my $decrypted = $cipher->decrypt_hex($encrypted);
test(\$tnum,$test_data eq $decrypted,"$mod/$pad: match failed on zero-terminated data length $length");
More information about the Pkg-perl-cvs-commits
mailing list