From b3023ac69b16bc682bbfb4a38ce63667f6b2cabe Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 4 Dec 2003 21:09:48 +0000 Subject: may fixes from dbindner git-svn-id: file:///home/lennart/svn/public/seppl/trunk@16 91a2fd9b-5dcb-0310-a70a-d71e310228e6 --- Makefile.am | 2 +- configure.ac | 42 ++++++++- kernel/ipt_CRYPT.c | 5 ++ kernel/seppl.c | 30 +++++++ kernel/seppl.h | 3 + utils-python/Makefile.am | 22 +++++ utils-python/seppl-gen-key | 110 ++++++++++++++++++++++++ utils-python/seppl-ls | 198 +++++++++++++++++++++++++++++++++++++++++++ utils-python/seppl_common.py | 105 +++++++++++++++++++++++ utils/Makefile.am | 22 ----- utils/seppl-gen-key | 110 ------------------------ utils/seppl-ls | 198 ------------------------------------------- utils/seppl_common.py | 105 ----------------------- 13 files changed, 512 insertions(+), 440 deletions(-) create mode 100644 utils-python/Makefile.am create mode 100755 utils-python/seppl-gen-key create mode 100755 utils-python/seppl-ls create mode 100644 utils-python/seppl_common.py delete mode 100644 utils/Makefile.am delete mode 100755 utils/seppl-gen-key delete mode 100755 utils/seppl-ls delete mode 100644 utils/seppl_common.py diff --git a/Makefile.am b/Makefile.am index 4cfa711..61456ee 100644 --- a/Makefile.am +++ b/Makefile.am @@ -19,7 +19,7 @@ # This Makefile is NOT created by automake! EXTRA_DIST = bootstrap.sh README LICENSE -SUBDIRS=kernel libs utils conf doc +SUBDIRS=kernel libs utils-python conf doc MAINTAINERCLEANFILES = README noinst_DATA = README diff --git a/configure.ac b/configure.ac index 090cf67..aeceb3e 100644 --- a/configure.ac +++ b/configure.ac @@ -20,7 +20,7 @@ # Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. AC_PREREQ(2.57) -AC_INIT([seppl], [0.2], [mzfrccy (at) 0pointer (dot) de]) +AC_INIT([seppl], [0.3], [mzfrccy (at) 0pointer (dot) de]) AC_CONFIG_SRCDIR([kernel/seppl.c]) AC_CONFIG_HEADERS([config.h]) AM_INIT_AUTOMAKE([foreign -Wall]) @@ -39,8 +39,10 @@ if test "x$GCC" = "xyes" ; then fi if type -p stow > /dev/null && test -d /usr/local/stow ; then - AC_MSG_NOTICE([*** Found /usr/local/stow: installing to /usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION} ***]) - AC_PREFIX_DEFAULT([/usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION}]) + AC_MSG_NOTICE([*** Found /usr/local/stow: default install prefix set to /usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION} ***]) + ac_default_prefix="/usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION}" +else + ac_default_prefix="/usr/local" fi AC_PROG_INSTALL @@ -49,6 +51,38 @@ AC_PROG_MAKE_SET AC_CHECK_FUNCS([memset]) AC_C_CONST +# iptables version +AC_PATH_PROG([IPTABLES], [iptables], [iptables], [$PATH:/usr/local/sbin:/usr/sbin:/sbin]) +AC_MSG_CHECKING([iptables release]) +if test "x$IPTABLES" = x ; then + AC_MSG_ERROR([*** Please install iptables ***]) +fi +IPTABLES_VERSION=$("$IPTABLES" -V | cut -d' ' -f2 | sed 's/^v//') +AC_DEFINE(IPTABLES_VERSION, [$IPTABLES_VERSION], "iptables release number") +AC_MSG_RESULT([$IPTABLES_VERSION]) + +# Init script location +AC_ARG_WITH(initdir, AC_HELP_STRING([--with-initdir=DIR], [Install init script in DIR (system dependent default)])) + +test "x$with_initdir" = xyes -o "x$with_initdir" = xno && with_initdir= + +if test "x$with_initdir" = x ; then + if test -d /etc/init.d ; then + SYSINITDIR=/etc/init.d + else + if test -d /etc/rc.d/init.d ; then + SYSINITDIR=/etc/rc.d/init.d + else + AC_MSG_ERROR([missing --with-initdir=DIR]) + fi + fi +else + SYSINITDIR="$with_initdir" +fi + +AC_MSG_NOTICE([Init sript will be installed in $SYSINITDIR]) +AC_SUBST(SYSINITDIR) + # Check for directory with kernel source... AC_MSG_CHECKING(for directory with kernel source) AC_ARG_WITH(kernel, @@ -144,5 +178,5 @@ fi AM_CONDITIONAL([USE_XMLTOMAN], [test "x$xmltoman" = xyes]) -AC_CONFIG_FILES([kernel/Makefile libs/Makefile Makefile utils/Makefile conf/Makefile doc/Makefile doc/README.html]) +AC_CONFIG_FILES([kernel/Makefile libs/Makefile Makefile utils-python/Makefile conf/Makefile doc/Makefile doc/README.html]) AC_OUTPUT diff --git a/kernel/ipt_CRYPT.c b/kernel/ipt_CRYPT.c index c4a2daf..68b5784 100644 --- a/kernel/ipt_CRYPT.c +++ b/kernel/ipt_CRYPT.c @@ -98,6 +98,11 @@ static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, unsigned int hooknum // Copy the IV seppl_copy_iv(ti->key, iv); + // Encrypt to make it randomish + sg[0].page = virt_to_page((void*) iv); + sg[0].offset = (((long) (void *) iv) & ~PAGE_MASK); + sg[0].length = ivs; + crypto_cipher_encrypt(ti->key->tfm_ecb, sg, sg, sg[0].length ); // Fill the crypted header ch->ident = 0x00; diff --git a/kernel/seppl.c b/kernel/seppl.c index ddb6bba..b15afbe 100644 --- a/kernel/seppl.c +++ b/kernel/seppl.c @@ -168,6 +168,8 @@ int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) { key->key = key->iv = NULL; key->tfm = NULL; + key->key_ecb = NULL; + key->tfm_ecb = NULL; atomic_set(&key->usage, 0); spin_lock_init(&key->iv_spinlock); @@ -201,6 +203,26 @@ int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) { key->blocksize = crypto_tfm_alg_blocksize(key->tfm); proc_file->size += 8 + key->keysize; + + /* Set up a random ecb key for making good IVs */ + if (!(key->tfm_ecb = crypto_alloc_tfm("aes", CRYPTO_TFM_MODE_ECB))) { + printk(KERN_ERR "SEPPL: Failed to load ecb cipher.\n"); + goto cleanup; + } + + if ( !(key->key_ecb = kmalloc( 128/8, GFP_KERNEL ))) { + r = -ENOMEM; + printk( KERN_ERR "SEPPL: kmalloc() failed #2a\n" ); + goto cleanup; + } + + get_random_bytes(key->key_ecb, 128/8); + + if (crypto_cipher_setkey(key->tfm_ecb, key->key_ecb, 128/8)) { + printk(KERN_ERR "SEPPL: Failed to set ecb cipher key.\n"); + goto cleanup; + } + atomic_set(&key->ready, 1); printk(KERN_INFO "SEPPL: Added key sucessfully.\n"); @@ -229,6 +251,7 @@ cleanup: spin_unlock(&keyring_lock); + /* Free the data transform */ if (key->tfm) crypto_free_tfm(key->tfm); @@ -238,6 +261,13 @@ cleanup: if (key->iv) kfree(key->iv); + /* Free the IV transform */ + if (key->tfm_ecb) + crypto_free_tfm(key->tfm_ecb); + + if (key->key_ecb) + kfree(key->key_ecb); + kfree(key); } diff --git a/kernel/seppl.h b/kernel/seppl.h index 273d865..282ba26 100644 --- a/kernel/seppl.h +++ b/kernel/seppl.h @@ -44,6 +44,9 @@ struct seppl_key { u8 *iv; u8 *key; + struct crypto_tfm *tfm_ecb; /* for encrypting iv */ + u8 *key_ecb; + unsigned int ivsize; unsigned int keysize; unsigned int blocksize; diff --git a/utils-python/Makefile.am b/utils-python/Makefile.am new file mode 100644 index 0000000..a16367f --- /dev/null +++ b/utils-python/Makefile.am @@ -0,0 +1,22 @@ +# $Id$ +# +# This file is part of seppl. +# +# seppl is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# seppl is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with seppl; if not, write to the Free Software Foundation, +# Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + +sbin_SCRIPTS=seppl-ls seppl-gen-key +python_PYTHON=seppl_common.py + +EXTRA_DIST=seppl-ls seppl-gen-key diff --git a/utils-python/seppl-gen-key b/utils-python/seppl-gen-key new file mode 100755 index 0000000..1690bb1 --- /dev/null +++ b/utils-python/seppl-gen-key @@ -0,0 +1,110 @@ +#!/usr/bin/python + +# $Id$ +# +# This file is part of seppl. +# +# seppl is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# seppl is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with seppl; if not, write to the Free Software Foundation, +# Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + +from seppl_common import * +import getopt, sys + +def genkey(a, name, f): + + n, b = find_alg_by_number(a) + + if b == 0: + return -1 + + fd = open("/dev/random", "r+") + key = fd.read(b/8) + fd.close() + + if (len(key) != b/8): + sys.stderr("ERROR: Cannot generate randomness.\n") + return + + if f == dump_key_xml: + print "" + + f(a, name, key) + + if f == dump_key_xml: + print "" + + return 0 + +algorithm = "aes" +bits = 128 +name = "def" +func = dump_key_xml + +def usage(): + global algorithm, bits, name, func + x = { dump_key_xml : "disable", dump_key_bin : "enable" } + + print "%s:" % sys.argv[0] + print " -h --help Show this help" + print " -x --no-xml No xml output (%s)" % x[func] + print " -a --algorithm ALGORITHM Specify algorithm (%s)" % algorithm + print " -b --bits BITS Specify key length (%s)" % bits + print " -n --name NAME Specify key name (%s)" % name + + +def main(): + global algorithm, bits, name, func + + try: + opts, args = getopt.getopt(sys.argv[1:], "hxa:b:n:", ["help", "no-xml", "algorithm=", "bits=", "name="]) + except getopt.GetoptError: + usage() + sys.exit(1) + + u = 0; + + for o, a in opts: + if o in ("-h", "--help"): + u = 1 + + if o in ("-x", "--no-xml"): + func = dump_key_bin + + if o in ("-a", "--algorithm"): + algorithm = a + + if o in ("-b", "--bits"): + bits = int(a) + + if o in ("-n", "--name"): + name = a[:7] + + if u: + usage() + sys.exit(0) + + + a = find_alg_by_name(algorithm, bits) + + if a == -1: + sys.stderr.write("ERROR: Cipher not available\n") + sys.exit(2) + + genkey(a, name, func) + +if __name__ == "__main__": + main() + + + diff --git a/utils-python/seppl-ls b/utils-python/seppl-ls new file mode 100755 index 0000000..0b0decb --- /dev/null +++ b/utils-python/seppl-ls @@ -0,0 +1,198 @@ +#!/usr/bin/python + +# $Id$ +# +# This file is part of seppl. +# +# seppl is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# seppl is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with seppl; if not, write to the Free Software Foundation, +# Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + +import getopt, sys + +from seppl_common import * +import xml.sax, xml.sax.handler + +name = None +algorithm = None +bits = 0 +reverse = 0 +PROC_FILE_NAME = "/proc/net/seppl_keyring" +file = None + +class KeyContentHandler(xml.sax.handler.ContentHandler): + + last = None + + def startElement(self, name, attrs): + self.last = name + + if name != "key": + return + + self.name = "" + self.algorithm = "" + self.bits = "" + self.data = "" + + def endElement(self, n): + global name, algorithm, bits + self.last = None + + if n != "key": + return + + if self.name == "": + self.name = "def" + + if self.algorithm == "": + self.algorithm = "aes" + + if self.bits == "": + self.bits = 128 + else: + self.bits = int(self.bits) + + a = find_alg_by_name(self.algorithm, self.bits) + if a == -1: + raise xml.sax.SAXNotRecognizedException("Cipher not known") + + key = parse_key(self.data) + if key is None or len(key) != self.bits/8: + raise xml.sax.SAXNotRecognizedException("Could not parse key data.") + + if (name is None or name == self.name) and (algorithm is None or algorithm == self.algorithm) and (bits == 0 or bits == self.bits): + dump_key_bin(a, self.name, key) + + def characters(self, content): + content = content.strip() + + if len(content) == 0: + return + + if self.last == "name": + self.name += content + return + if self.last == "algorithm": + self.algorithm += content + return + if self.last == "bits": + self.bits += content + return + if self.last == "data": + self.data += content + return + + raise xml.sax.SAXNotRecognizedException("Malformed XML structure |%s|%s|" % (self.last, content)) + +def usage(): + global name, algorithm, bits, reverse, file + + print "%s:" % sys.argv[0] + print " -h --help Show this help" + print " -r --reverse Convert XML to binary, instead of the other way round (%s)" % { 0 : "disabled", 1 : "enabled" }[reverse] + print " -a --algorithm ALGORITHM Show only keys with algorithm (%s)" % algorithm + print " -b --bits BITS Show only keys with bit length (%s)" % bits + print " -n --name NAME Show only keys with name (%s)" % name + print " -f --file FILE Specify file (- for STDIN) (%s)" % file + pass + +def main(): + global name, algorithm, bits, reverse, file + + try: + opts, args = getopt.getopt(sys.argv[1:], "hn:a:b:rf:", ["help", "name=", "algorithm=", "bits=", "reverse", "file"]) + except getopt.GetoptError: + usage() + sys.exit(2) + + u = 0 + + for o, a in opts: + if o in ("-h", "--help"): + u = 1 + + if o in ("-n", "--name"): + name = a[:7] + + if o in ("-a", "--algorithm"): + algorithm = a + + if o in ("-b", "--bits"): + bits = int(a) + + if o in ("-r", "--reverse"): + reverse = 1 + + if o in ("-f", "--file"): + file = a + + if file is None: + if reverse: + file = "-" + else: + file = PROC_FILE_NAME + + if u: + usage() + sys.exit(0) + + + if file == "-": + buf = sys.stdin.read(); + else: + try: + fd = open(file, "r+") + buf = fd.read(); + fd.close() + except IOError, e: + sys.stderr.write("Could not open proc-file (%s).\n" % str(e)) + sys.exit(2) + + + if len(buf) == 0: + sys.exit(0) + + if buf[0] == '<': + reverse = 1 + + if not reverse: + + print "" + while len(buf) >= 8: + a, _name = unpack("B7s", buf[:8]) + n, b = find_alg_by_number(a) + + if (b == 0): + sys.stderr.write("ERROR: Unknown cipher. Please update.\n") + break + + _name = _name.replace("\000", "") + + if (name is None or name == _name) and (algorithm is None or algorithm == n) and (bits == 0 or b == bits): + dump_key_xml(a, _name, buf[8:b/8+8]) + + buf = buf[8+b/8:] + print "" + else: + try: + xml.sax.parseString(buf, KeyContentHandler()) + except xml.sax.SAXException, e: + sys.stderr.write("Parse error (%s)\n" %str(e)) + + +if __name__ == "__main__": + main() + + + diff --git a/utils-python/seppl_common.py b/utils-python/seppl_common.py new file mode 100644 index 0000000..59e7f96 --- /dev/null +++ b/utils-python/seppl_common.py @@ -0,0 +1,105 @@ +#!/usr/bin/perl + +# $Id$ +# +# This file is part of seppl. +# +# seppl is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# seppl is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with seppl; if not, write to the Free Software Foundation, +# Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + +from struct import * +import re, string, sys + +algs = { 0 : ('aes', 128), 1 : ('aes', 192) } + +def find_alg_by_number(a): + global algs + + if algs.has_key(a): + return algs[a]; + else: + return ('unknown', 0) + +def find_alg_by_name(n, b): + global algs + + for i in algs.keys(): + if algs[i][0] == n and algs[i][1] == b: + return i + + return -1 + +def strhex(s): + r = "" + for i in range(len(s)): + (b,) = unpack("B", s[i]) + r = "%s:%02x" % (r, b) + + return r[1:] + +def dump_key_xml(a, name, key): + alg, bits = find_alg_by_number(a) + + if bits == 0: + sys.stderr.write("ERROR: Algorithm not found\n") + return -1 + + print "" + print " %s" % name + print " %s" % alg + print " %u" % bits + print " %s" % strhex(key) + print "" + + return 0 + +def dump_key_bin(a, name, key): + alg, bits = find_alg_by_number(a) + + if bits == 0: + sys.stderr.write("ERROR: Algorithm not found\n") + return -1 + + if len(key) != bits/8: + sys.stderr.write("ERROR: Key has wrong size\n") + return -1 + + name = name.encode("iso8859-1", 'ignore') + + sys.stdout.write(pack("B7s", a, name[:7])) + sys.stdout.write(key) + sys.stdout.flush() + +def parse_key(data): + + k = "" + + r = re.compile("^([0-9A-Fa-f][0-9A-Fa-f])") + + while len(data) > 0: + m = r.match(data+":") + + if m == None: + return None + + k += pack("B", string.atoi(m.group(0), 16)) + + data = data[3:] + + return k + + + + + diff --git a/utils/Makefile.am b/utils/Makefile.am deleted file mode 100644 index 49726f1..0000000 --- a/utils/Makefile.am +++ /dev/null @@ -1,22 +0,0 @@ -# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $ -# -# This file is part of seppl. -# -# seppl is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# seppl is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with seppl; if not, write to the Free Software Foundation, -# Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. - -sbin_SCRIPTS=seppl-ls seppl-gen-key -python_PYTHON=seppl_common.py - -EXTRA_DIST=seppl-ls seppl-gen-key diff --git a/utils/seppl-gen-key b/utils/seppl-gen-key deleted file mode 100755 index cc5817e..0000000 --- a/utils/seppl-gen-key +++ /dev/null @@ -1,110 +0,0 @@ -#!/usr/bin/python - -# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $ -# -# This file is part of seppl. -# -# seppl is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# seppl is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with seppl; if not, write to the Free Software Foundation, -# Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. - -from seppl_common import * -import getopt, sys - -def genkey(a, name, f): - - n, b = find_alg_by_number(a) - - if b == 0: - return -1 - - fd = open("/dev/random", "r+") - key = fd.read(b/8) - fd.close() - - if (len(key) != b/8): - sys.stderr("ERROR: Cannot generate randomness.\n") - return - - if f == dump_key_xml: - print "" - - f(a, name, key) - - if f == dump_key_xml: - print "" - - return 0 - -algorithm = "aes" -bits = 128 -name = "def" -func = dump_key_xml - -def usage(): - global algorithm, bits, name, func - x = { dump_key_xml : "disable", dump_key_bin : "enable" } - - print "%s:" % sys.argv[0] - print " -h --help Show this help" - print " -x --no-xml No xml output (%s)" % x[func] - print " -a --algorithm ALGORITHM Specify algorithm (%s)" % algorithm - print " -b --bits BITS Specify key length (%s)" % bits - print " -n --name NAME Specify key name (%s)" % name - - -def main(): - global algorithm, bits, name, func - - try: - opts, args = getopt.getopt(sys.argv[1:], "hxa:b:n:", ["help", "no-xml", "algorithm=", "bits=", "name="]) - except getopt.GetoptError: - usage() - sys.exit(1) - - u = 0; - - for o, a in opts: - if o in ("-h", "--help"): - u = 1 - - if o in ("-x", "--no-xml"): - func = dump_key_bin - - if o in ("-a", "--algorithm"): - algorithm = a - - if o in ("-b", "--bits"): - bits = int(a) - - if o in ("-n", "--name"): - name = a[:7] - - if u: - usage() - sys.exit(0) - - - a = find_alg_by_name(algorithm, bits) - - if a == -1: - sys.stderr.write("ERROR: Cipher not available\n") - sys.exit(2) - - genkey(a, name, func) - -if __name__ == "__main__": - main() - - - diff --git a/utils/seppl-ls b/utils/seppl-ls deleted file mode 100755 index b05b949..0000000 --- a/utils/seppl-ls +++ /dev/null @@ -1,198 +0,0 @@ -#!/usr/bin/python - -# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $ -# -# This file is part of seppl. -# -# seppl is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# seppl is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with seppl; if not, write to the Free Software Foundation, -# Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. - -import getopt, sys - -from seppl_common import * -import xml.sax, xml.sax.handler - -name = None -algorithm = None -bits = 0 -reverse = 0 -PROC_FILE_NAME = "/proc/net/seppl_keyring" -file = None - -class KeyContentHandler(xml.sax.handler.ContentHandler): - - last = None - - def startElement(self, name, attrs): - self.last = name - - if name != "key": - return - - self.name = "" - self.algorithm = "" - self.bits = "" - self.data = "" - - def endElement(self, n): - global name, algorithm, bits - self.last = None - - if n != "key": - return - - if self.name == "": - self.name = "def" - - if self.algorithm == "": - self.algorithm = "aes" - - if self.bits == "": - self.bits = 128 - else: - self.bits = int(self.bits) - - a = find_alg_by_name(self.algorithm, self.bits) - if a == -1: - raise xml.sax.SAXNotRecognizedException("Cipher not known") - - key = parse_key(self.data) - if key is None or len(key) != self.bits/8: - raise xml.sax.SAXNotRecognizedException("Could not parse key data.") - - if (name is None or name == self.name) and (algorithm is None or algorithm == self.algorithm) and (bits == 0 or bits == self.bits): - dump_key_bin(a, self.name, key) - - def characters(self, content): - content = content.strip() - - if len(content) == 0: - return - - if self.last == "name": - self.name += content - return - if self.last == "algorithm": - self.algorithm += content - return - if self.last == "bits": - self.bits += content - return - if self.last == "data": - self.data += content - return - - raise xml.sax.SAXNotRecognizedException("Malformed XML structure |%s|%s|" % (self.last, content)) - -def usage(): - global name, algorithm, bits, reverse, file - - print "%s:" % sys.argv[0] - print " -h --help Show this help" - print " -r --reverse Convert XML to binary, instead of the other way round (%s)" % { 0 : "disabled", 1 : "enabled" }[reverse] - print " -a --algorithm ALGORITHM Show only keys with algorithm (%s)" % algorithm - print " -b --bits BITS Show only keys with bit length (%s)" % bits - print " -n --name NAME Show only keys with name (%s)" % name - print " -f --file FILE Specify file (- for STDIN) (%s)" % file - pass - -def main(): - global name, algorithm, bits, reverse, file - - try: - opts, args = getopt.getopt(sys.argv[1:], "hn:a:b:rf:", ["help", "name=", "algorithm=", "bits=", "reverse", "file"]) - except getopt.GetoptError: - usage() - sys.exit(2) - - u = 0 - - for o, a in opts: - if o in ("-h", "--help"): - u = 1 - - if o in ("-n", "--name"): - name = a[:7] - - if o in ("-a", "--algorithm"): - algorithm = a - - if o in ("-b", "--bits"): - bits = int(a) - - if o in ("-r", "--reverse"): - reverse = 1 - - if o in ("-f", "--file"): - file = a - - if file is None: - if reverse: - file = "-" - else: - file = PROC_FILE_NAME - - if u: - usage() - sys.exit(0) - - - if file == "-": - buf = sys.stdin.read(); - else: - try: - fd = open(file, "r+") - buf = fd.read(); - fd.close() - except IOError, e: - sys.stderr.write("Could not open proc-file (%s).\n" % str(e)) - sys.exit(2) - - - if len(buf) == 0: - sys.exit(0) - - if buf[0] == '<': - reverse = 1 - - if not reverse: - - print "" - while len(buf) >= 8: - a, _name = unpack("B7s", buf[:8]) - n, b = find_alg_by_number(a) - - if (b == 0): - sys.stderr.write("ERROR: Unknown cipher. Please update.\n") - break - - _name = _name.replace("\000", "") - - if (name is None or name == _name) and (algorithm is None or algorithm == n) and (bits == 0 or b == bits): - dump_key_xml(a, _name, buf[8:b/8+8]) - - buf = buf[8+b/8:] - print "" - else: - try: - xml.sax.parseString(buf, KeyContentHandler()) - except xml.sax.SAXException, e: - sys.stderr.write("Parse error (%s)\n" %str(e)) - - -if __name__ == "__main__": - main() - - - diff --git a/utils/seppl_common.py b/utils/seppl_common.py deleted file mode 100644 index c8fe5ca..0000000 --- a/utils/seppl_common.py +++ /dev/null @@ -1,105 +0,0 @@ -#!/usr/bin/perl - -# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $ -# -# This file is part of seppl. -# -# seppl is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# seppl is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with seppl; if not, write to the Free Software Foundation, -# Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. - -from struct import * -import re, string, sys - -algs = { 0 : ('aes', 128), 1 : ('aes', 192) } - -def find_alg_by_number(a): - global algs - - if algs.has_key(a): - return algs[a]; - else: - return ('unknown', 0) - -def find_alg_by_name(n, b): - global algs - - for i in algs.keys(): - if algs[i][0] == n and algs[i][1] == b: - return i - - return -1 - -def strhex(s): - r = "" - for i in range(len(s)): - (b,) = unpack("B", s[i]) - r = "%s:%02x" % (r, b) - - return r[1:] - -def dump_key_xml(a, name, key): - alg, bits = find_alg_by_number(a) - - if bits == 0: - sys.stderr.write("ERROR: Algorithm not found\n") - return -1 - - print "" - print " %s" % name - print " %s" % alg - print " %u" % bits - print " %s" % strhex(key) - print "" - - return 0 - -def dump_key_bin(a, name, key): - alg, bits = find_alg_by_number(a) - - if bits == 0: - sys.stderr.write("ERROR: Algorithm not found\n") - return -1 - - if len(key) != bits/8: - sys.stderr.write("ERROR: Key has wrong size\n") - return -1 - - name = name.encode("iso8859-1", 'ignore') - - sys.stdout.write(pack("B7s", a, name[:7])) - sys.stdout.write(key) - sys.stdout.flush() - -def parse_key(data): - - k = "" - - r = re.compile("^([0-9A-Fa-f][0-9A-Fa-f])") - - while len(data) > 0: - m = r.match(data+":") - - if m == None: - return None - - k += pack("B", string.atoi(m.group(0), 16)) - - data = data[3:] - - return k - - - - - -- cgit