X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/c70a7c5cedab62209640b76f03d97c1876e38dc6..b2177d0418407afaf5fbabe7d5d9b19ce6fb9105:/server/bulkcrypto.c diff --git a/server/bulkcrypto.c b/server/bulkcrypto.c index 288eed9d..d0e654cc 100644 --- a/server/bulkcrypto.c +++ b/server/bulkcrypto.c @@ -9,19 +9,18 @@ * * This file is part of Trivial IP Encryption (TrIPE). * - * TrIPE is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. + * TrIPE is free software: you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at your + * option) any later version. * - * TrIPE is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * TrIPE is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. * * You should have received a copy of the GNU General Public License - * along with TrIPE; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * along with TrIPE. If not, see . */ /*----- Header files ------------------------------------------------------*/ @@ -50,6 +49,53 @@ trace_block(T_CRYPTO, "crypto: expected MAC", (pmac), (tagsz)); \ }) } while (0) +/* --- @derivekey@ --- * + * + * Arguments: @octet *k@ = pointer to an output buffer of at least + * @MAXHASHSZ@ bytes + * @size_t ksz@ = actual size wanted (for tracing) + * @const deriveargs@ = derivation parameters, as passed into + * @genkeys@ + * @int dir@ = direction for the key (@DIR_IN@ or @DIR_OUT@) + * @const char *what@ = label for the key (input to derivation) + * + * Returns: --- + * + * Use: Derives a session key, for use on incoming or outgoing data. + */ + +static void derivekey(octet *k, size_t ksz, const deriveargs *a, + int dir, const char *what) +{ + const gchash *hc = a->hc; + ghash *h; + + assert(ksz <= hc->hashsz); + assert(hc->hashsz <= MAXHASHSZ); + h = GH_INIT(hc); + GH_HASH(h, a->what, strlen(a->what)); GH_HASH(h, what, strlen(what) + 1); + switch (dir) { + case DIR_IN: + if (a->x) GH_HASH(h, a->k, a->x); + if (a->y != a->x) GH_HASH(h, a->k + a->x, a->y - a->x); + break; + case DIR_OUT: + if (a->y != a->x) GH_HASH(h, a->k + a->x, a->y - a->x); + if (a->x) GH_HASH(h, a->k, a->x); + break; + default: + abort(); + } + GH_HASH(h, a->k + a->y, a->z - a->y); + GH_DONE(h, k); + GH_DESTROY(h); + IF_TRACING(T_KEYSET, { IF_TRACING(T_CRYPTO, { + char _buf[32]; + sprintf(_buf, "crypto: %s key %s", dir ? "outgoing" : "incoming", what); + trace_block(T_CRYPTO, _buf, k, ksz); + }) }) +} + /*----- Common functionality for generic-composition transforms -----------*/ #define CHECK_MAC(h, pmac, tagsz) do { \ @@ -73,7 +119,7 @@ typedef struct gencomp_algs { typedef struct gencomp_chal { bulkchal _b; - gmac *m; size_t tagsz; + gmac *m; } gencomp_chal; static int gencomp_getalgs(gencomp_algs *a, const algswitch *asw, @@ -98,7 +144,7 @@ static int gencomp_getalgs(gencomp_algs *a, const algswitch *asw, if ((p = key_getattr(kf, k, "mac")) != 0) { dstr_reset(&d); dstr_puts(&d, p); - if ((q = strchr(d.buf, '/')) != 0) + if ((q = strrchr(d.buf, '/')) != 0) *q++ = 0; if ((a->m = gmac_byname(d.buf)) == 0) { a_format(e, "unknown-mac", "%s", d.buf, A_END); @@ -205,25 +251,26 @@ static bulkchal *gencomp_genchal(const gencomp_algs *a) return (&gc->_b); } -static int gencomp_chaltag(bulkchal *bc, const void *m, size_t msz, void *t) +static int gencomp_chaltag(bulkchal *bc, const void *m, size_t msz, + uint32 seq, void *t) { gencomp_chal *gc = (gencomp_chal *)bc; ghash *h = GM_INIT(gc->m); - GH_HASH(h, m, msz); + GH_HASHU32(h, seq); if (msz) GH_HASH(h, m, msz); memcpy(t, GH_DONE(h, 0), bc->tagsz); GH_DESTROY(h); return (0); } static int gencomp_chalvrf(bulkchal *bc, const void *m, size_t msz, - const void *t) + uint32 seq, const void *t) { gencomp_chal *gc = (gencomp_chal *)bc; ghash *h = GM_INIT(gc->m); int ok; - GH_HASH(h, m, msz); + GH_HASHU32(h, seq); if (msz) GH_HASH(h, m, msz); ok = ct_memeq(GH_DONE(h, 0), t, gc->_b.tagsz); GH_DESTROY(h); return (ok ? 0 : -1); @@ -310,7 +357,7 @@ static size_t v0_overhead(const bulkalgs *aa) static size_t v0_expsz(const bulkalgs *aa) { const v0_algs *a = (const v0_algs *)aa; return (gencomp_expsz(&a->ga)); } -static bulkctx *v0_genkeys(const bulkalgs *aa, const struct rawkey *rk) +static bulkctx *v0_genkeys(const bulkalgs *aa, const deriveargs *da) { const v0_algs *a = (const v0_algs *)aa; v0_ctx *bc = CREATE(v0_ctx); @@ -319,9 +366,10 @@ static bulkctx *v0_genkeys(const bulkalgs *aa, const struct rawkey *rk) bc->tagsz = a->ga.tagsz; for (i = 0; i < NDIR; i++) { - ks_derivekey(k, a->ga.cksz, rk, i, "encryption"); + if (!(da->f&(1 << i))) { bc->d[i].c = 0; bc->d[i].m = 0; continue; } + derivekey(k, a->ga.cksz, da, i, "encryption"); bc->d[i].c = GC_INIT(a->ga.c, k, a->ga.cksz); - ks_derivekey(k, a->ga.mksz, rk, i, "integrity"); + derivekey(k, a->ga.mksz, da, i, "integrity"); bc->d[i].m = GM_KEY(a->ga.m, k, a->ga.mksz); } return (&bc->_b); @@ -345,8 +393,8 @@ static void v0_freectx(bulkctx *bbc) int i; for (i = 0; i < NDIR; i++) { - GC_DESTROY(bc->d[i].c); - GM_DESTROY(bc->d[i].m); + if (bc->d[i].c) GC_DESTROY(bc->d[i].c); + if (bc->d[i].m) GM_DESTROY(bc->d[i].m); } DESTROY(bc); } @@ -360,10 +408,13 @@ static int v0_encrypt(bulkctx *bbc, unsigned ty, const octet *p = BCUR(b); size_t sz = BLEFT(b); octet *qmac, *qseq, *qiv, *qpk; - size_t ivsz = GC_CLASS(c)->blksz; + size_t ivsz; size_t tagsz = bc->tagsz; octet t[4]; + assert(c); + ivsz = GC_CLASS(c)->blksz; + /* --- Determine the ciphertext layout --- */ if (buf_ensure(bb, tagsz + SEQSZ + ivsz + sz)) return (0); @@ -420,10 +471,13 @@ static int v0_decrypt(bulkctx *bbc, unsigned ty, octet *q = BCUR(bb); ghash *h; gcipher *c = bc->d[DIR_IN].c; - size_t ivsz = GC_CLASS(c)->blksz; + size_t ivsz; size_t tagsz = bc->tagsz; octet t[4]; + assert(c); + ivsz = GC_CLASS(c)->blksz; + /* --- Break up the packet into its components --- */ if (psz < ivsz + SEQSZ + tagsz) { @@ -537,7 +591,8 @@ static void iiv_tracealgs(const bulkalgs *aa) const iiv_algs *a = (const iiv_algs *)aa; gencomp_tracealgs(&a->ga); - trace(T_CRYPTO, "crypto: blkc = %.*s", strlen(a->b->name) - 4, a->b->name); + trace(T_CRYPTO, + "crypto: blkc = %.*s", (int)strlen(a->b->name) - 4, a->b->name); } #endif @@ -587,7 +642,7 @@ static size_t iiv_expsz(const bulkalgs *aa) return (gencomp_expsz(&a->ga)); } -static bulkctx *iiv_genkeys(const bulkalgs *aa, const struct rawkey *rk) +static bulkctx *iiv_genkeys(const bulkalgs *aa, const deriveargs *da) { const iiv_algs *a = (const iiv_algs *)aa; iiv_ctx *bc = CREATE(iiv_ctx); @@ -596,11 +651,13 @@ static bulkctx *iiv_genkeys(const bulkalgs *aa, const struct rawkey *rk) bc->tagsz = a->ga.tagsz; for (i = 0; i < NDIR; i++) { - ks_derivekey(k, a->ga.cksz, rk, i, "encryption"); + if (!(da->f&(1 << i))) + { bc->d[i].c = 0; bc->d[i].b = 0; bc->d[i].m = 0; continue; } + derivekey(k, a->ga.cksz, da, i, "encryption"); bc->d[i].c = GC_INIT(a->ga.c, k, a->ga.cksz); - ks_derivekey(k, a->bksz, rk, i, "blkc"); + derivekey(k, a->bksz, da, i, "blkc"); bc->d[i].b = GC_INIT(a->b, k, a->bksz); - ks_derivekey(k, a->ga.mksz, rk, i, "integrity"); + derivekey(k, a->ga.mksz, da, i, "integrity"); bc->d[i].m = GM_KEY(a->ga.m, k, a->ga.mksz); } return (&bc->_b); @@ -624,9 +681,9 @@ static void iiv_freectx(bulkctx *bbc) int i; for (i = 0; i < NDIR; i++) { - GC_DESTROY(bc->d[i].c); - GC_DESTROY(bc->d[i].b); - GM_DESTROY(bc->d[i].m); + if (bc->d[i].c) GC_DESTROY(bc->d[i].c); + if (bc->d[i].b) GC_DESTROY(bc->d[i].b); + if (bc->d[i].m) GM_DESTROY(bc->d[i].m); } DESTROY(bc); } @@ -644,10 +701,14 @@ static int iiv_encrypt(bulkctx *bbc, unsigned ty, const octet *p = BCUR(b); size_t sz = BLEFT(b); octet *qmac, *qseq, *qpk; - size_t ivsz = GC_CLASS(c)->blksz, blkcsz = GC_CLASS(blkc)->blksz; + size_t ivsz, blkcsz; size_t tagsz = bc->tagsz; octet t[4]; + assert(c); assert(blkc); + ivsz = GC_CLASS(c)->blksz; + blkcsz = GC_CLASS(blkc)->blksz; + /* --- Determine the ciphertext layout --- */ if (buf_ensure(bb, tagsz + SEQSZ + sz)) return (0); @@ -707,10 +768,14 @@ static int iiv_decrypt(bulkctx *bbc, unsigned ty, octet *q = BCUR(bb); ghash *h; gcipher *c = bc->d[DIR_IN].c, *blkc = bc->d[DIR_IN].b; - size_t ivsz = GC_CLASS(c)->blksz, blkcsz = GC_CLASS(blkc)->blksz; + size_t ivsz, blkcsz; size_t tagsz = bc->tagsz; octet t[4]; + assert(c); assert(blkc); + ivsz = GC_CLASS(c)->blksz; + blkcsz = GC_CLASS(blkc)->blksz; + /* --- Break up the packet into its components --- */ if (psz < SEQSZ + tagsz) { @@ -749,6 +814,339 @@ static int iiv_decrypt(bulkctx *bbc, unsigned ty, return (0); } +/*----- The NaCl box transform --------------------------------------------* + * + * This transform is very similar to the NaCl `crypto_secretbox' transform + * described in Bernstein, `Cryptography in NaCl', with the difference that, + * rather than using XSalsa20, we use either Salsa20/r or ChaChar, because we + * have no need of XSalsa20's extended nonce. The default cipher is Salsa20. + * + * Salsa20 and ChaCha accept a 64-bit nonce. The low 32 bits are the + * sequence number, and the high 32 bits are the type, both big-endian. + * + * +------+------+ + * | seq | type | + * +------+------+ + * 32 32 + * + * A stream is generated by concatenating the raw output blocks generated + * with this nonce and successive counter values starting from zero. The + * first 32 bytes of the stream are used as a key for Poly1305: the first 16 + * bytes are the universal hash key r, and the second 16 bytes are the mask + * value s. + * + * +------+------+ +------...------+ + * | r | s | | keystream | + * +------+------+ +------...------+ + * 128 128 sz + * + * The remainder of the stream is XORed with the incoming plaintext to form a + * ciphertext with the same length. The ciphertext (only) is then tagged + * using Poly1305. The tag, sequence number, and ciphertext are concatenated + * in this order, and transmitted. + * + * + * +---...---+------+------...------+ + * | tag | seq | ciphertext | + * +---...---+------+------...------+ + * 128 32 sz + * + * Note that there is no need to authenticate the type separately, since it + * was used to select the cipher nonce, and hence the Poly1305 key. The + * Poly1305 tag length is fixed. + */ + +typedef struct naclbox_algs { + bulkalgs _b; + const gccipher *c; size_t cksz; +} naclbox_algs; + +typedef struct naclbox_ctx { + bulkctx _b; + struct { gcipher *c; } d[NDIR]; +} naclbox_ctx; + + +static bulkalgs *naclbox_getalgs(const algswitch *asw, dstr *e, + key_file *kf, key *k) +{ + naclbox_algs *a = CREATE(naclbox_algs); + const char *p; + char *qq; + unsigned long n; + + /* --- Collect the selected cipher and check that it's supported --- */ + + p = key_getattr(kf, k, "cipher"); + if (!p || strcmp(p, "salsa20") == 0) a->c = &salsa20; + else if (strcmp(p, "salsa20/12") == 0) a->c = &salsa2012; + else if (strcmp(p, "salsa20/8") == 0) a->c = &salsa208; + else if (strcmp(p, "chacha20") == 0) a->c = &chacha20; + else if (strcmp(p, "chacha12") == 0) a->c = &chacha12; + else if (strcmp(p, "chacha8") == 0) a->c = &chacha8; + else { + a_format(e, "unknown-cipher", "%s", p, A_END); + goto fail; + } + + /* --- Collect the selected MAC, and check the tag length --- */ + + p = key_getattr(kf, k, "mac"); + if (!p) + ; + else if (strncmp(p, "poly1305", 8) != 0 || (p[8] && p[8] != '/')) { + a_format(e, "unknown-mac", "%s", p, A_END); + goto fail; + } else if (p[8] == '/') { + n = strtoul(p + 9, &qq, 0); + if (*qq) { + a_format(e, "bad-tag-length-string", "%s", p + 9, A_END); + goto fail; + } + if (n != 128) { + a_format(e, "bad-tag-length", "%lu", n, A_END); + goto fail; + } + } + + return (&a->_b); +fail: + DESTROY(a); + return (0); +} + +#ifndef NTRACE +static void naclbox_tracealgs(const bulkalgs *aa) +{ + const naclbox_algs *a = (const naclbox_algs *)aa; + + trace(T_CRYPTO, "crypto: cipher = %s", a->c->name); + trace(T_CRYPTO, "crypto: mac = poly1305/128"); +} +#endif + +static int naclbox_checkalgs(bulkalgs *aa, const algswitch *asw, dstr *e) +{ + naclbox_algs *a = (naclbox_algs *)aa; + + if ((a->cksz = keysz(asw->hashsz, a->c->keysz)) == 0) { + a_format(e, "cipher", "%s", a->c->name, + "no-key-size", "%lu", (unsigned long)asw->hashsz, + A_END); + return (-1); + } + return (0); +} + +static int naclbox_samealgsp(const bulkalgs *aa, const bulkalgs *bb) +{ + const naclbox_algs *a = (const naclbox_algs *)aa, + *b = (const naclbox_algs *)bb; + return (a->c == b->c); +} + +static void naclbox_alginfo(const bulkalgs *aa, admin *adm) +{ + const naclbox_algs *a = (const naclbox_algs *)aa; + a_info(adm, "cipher=%s", a->c->name, "cipher-keysz=32", A_END); + a_info(adm, "mac=poly1305", "mac-tagsz=16", A_END); +} + +static size_t naclbox_overhead(const bulkalgs *aa) + { return (POLY1305_TAGSZ + SEQSZ); } + +static size_t naclbox_expsz(const bulkalgs *aa) + { return (MEG(2048)); } + +static bulkctx *naclbox_genkeys(const bulkalgs *aa, const deriveargs *da) +{ + const naclbox_algs *a = (const naclbox_algs *)aa; + naclbox_ctx *bc = CREATE(naclbox_ctx); + octet k[MAXHASHSZ]; + int i; + + for (i = 0; i < NDIR; i++) { + if (!(da->f&(1 << i))) { bc->d[i].c = 0; continue; } + derivekey(k, a->cksz, da, i, "encryption"); + bc->d[i].c = GC_INIT(a->c, k, a->cksz); + } + return (&bc->_b); +} + +typedef struct naclbox_chal { + bulkchal _b; + gcipher *c; +} naclbox_chal; + +static bulkchal *naclbox_genchal(const bulkalgs *aa) +{ + const naclbox_algs *a = (const naclbox_algs *)aa; + naclbox_chal *c = CREATE(naclbox_chal); + rand_get(RAND_GLOBAL, buf_t, a->cksz); + c->c = GC_INIT(a->c, buf_t, a->cksz); + IF_TRACING(T_CHAL, { + trace(T_CHAL, "chal: generated new challenge key"); + trace_block(T_CRYPTO, "chal: new key", buf_t, a->cksz); + }) + c->_b.tagsz = POLY1305_TAGSZ; + return (&c->_b); +} + +static int naclbox_chaltag(bulkchal *bc, const void *m, size_t msz, + uint32 seq, void *t) +{ + naclbox_chal *c = (naclbox_chal *)bc; + poly1305_key pk; + poly1305_ctx pm; + octet b[POLY1305_KEYSZ + POLY1305_MASKSZ]; + + assert(SALSA20_NONCESZ <= sizeof(b)); + memset(b, 0, SALSA20_NONCESZ - 4); STORE32(b + SALSA20_NONCESZ - 4, seq); + GC_SETIV(c->c, b); GC_ENCRYPT(c->c, 0, b, sizeof(b)); + poly1305_keyinit(&pk, b, POLY1305_KEYSZ); + poly1305_macinit(&pm, &pk, b + POLY1305_KEYSZ); + if (msz) poly1305_hash(&pm, m, msz); + poly1305_done(&pm, t); + return (0); +} + +static int naclbox_chalvrf(bulkchal *bc, const void *m, size_t msz, + uint32 seq, const void *t) +{ + naclbox_chal *c = (naclbox_chal *)bc; + poly1305_key pk; + poly1305_ctx pm; + octet b[POLY1305_KEYSZ + POLY1305_MASKSZ]; + + assert(SALSA20_NONCESZ <= sizeof(b)); + memset(b, 0, SALSA20_NONCESZ - 4); STORE32(b + SALSA20_NONCESZ - 4, seq); + GC_SETIV(c->c, b); GC_ENCRYPT(c->c, 0, b, sizeof(b)); + poly1305_keyinit(&pk, b, POLY1305_KEYSZ); + poly1305_macinit(&pm, &pk, b + POLY1305_KEYSZ); + if (msz) poly1305_hash(&pm, m, msz); + assert(POLY1305_TAGSZ <= sizeof(b)); poly1305_done(&pm, b); + return (ct_memeq(t, b, POLY1305_TAGSZ) ? 0 : -1); +} + +static void naclbox_freechal(bulkchal *bc) + { naclbox_chal *c = (naclbox_chal *)bc; GC_DESTROY(c->c); DESTROY(c); } + +static void naclbox_freealgs(bulkalgs *aa) + { naclbox_algs *a = (naclbox_algs *)aa; DESTROY(a); } + +static void naclbox_freectx(bulkctx *bbc) +{ + naclbox_ctx *bc = (naclbox_ctx *)bbc; + int i; + + for (i = 0; i < NDIR; i++) { if (bc->d[i].c) GC_DESTROY(bc->d[i].c); } + DESTROY(bc); +} + +static int naclbox_encrypt(bulkctx *bbc, unsigned ty, + buf *b, buf *bb, uint32 seq) +{ + naclbox_ctx *bc = (naclbox_ctx *)bbc; + gcipher *c = bc->d[DIR_OUT].c; + poly1305_key polyk; + poly1305_ctx poly; + const octet *p = BCUR(b); + size_t sz = BLEFT(b); + octet *qmac, *qseq, *qpk; + + assert(c); + + /* --- Determine the ciphertext layout --- */ + + if (buf_ensure(bb, POLY1305_TAGSZ + SEQSZ + sz)) return (0); + qmac = BCUR(bb); qseq = qmac + POLY1305_TAGSZ; qpk = qseq + SEQSZ; + BSTEP(bb, POLY1305_TAGSZ + SEQSZ + sz); + + /* --- Construct and set the nonce --- */ + + STORE32(qseq, seq); + memcpy(buf_u, qseq, SEQSZ); STORE32(buf_u + SEQSZ, ty); + GC_SETIV(c, buf_u); + TRACE_IV(buf_u, SALSA20_NONCESZ); + + /* --- Determine the MAC key --- */ + + GC_ENCRYPT(c, 0, buf_u, POLY1305_KEYSZ + POLY1305_MASKSZ); + poly1305_keyinit(&polyk, buf_u, POLY1305_KEYSZ); + poly1305_macinit(&poly, &polyk, buf_u + POLY1305_KEYSZ); + + /* --- Encrypt the message --- */ + + GC_ENCRYPT(c, p, qpk, sz); + TRACE_CT(qpk, sz); + + /* --- Compute the MAC --- */ + + poly1305_hash(&poly, qpk, sz); + poly1305_done(&poly, qmac); + TRACE_MAC(qmac, POLY1305_TAGSZ); + + /* --- We're done --- */ + + return (0); +} + +static int naclbox_decrypt(bulkctx *bbc, unsigned ty, + buf *b, buf *bb, uint32 *seq) +{ + naclbox_ctx *bc = (naclbox_ctx *)bbc; + gcipher *c = bc->d[DIR_IN].c; + poly1305_key polyk; + poly1305_ctx poly; + const octet *pmac, *pseq, *ppk; + size_t psz = BLEFT(b); + size_t sz; + octet *q = BCUR(bb); + + assert(c); + + /* --- Break up the packet into its components --- */ + + if (psz < SEQSZ + POLY1305_TAGSZ) { + T( trace(T_KEYSET, "keyset: block too small for keyset"); ) + return (KSERR_MALFORMED); + } + sz = psz - SEQSZ - POLY1305_TAGSZ; + pmac = BCUR(b); pseq = pmac + POLY1305_TAGSZ; ppk = pseq + SEQSZ; + + /* --- Construct and set the nonce --- */ + + memcpy(buf_u, pseq, SEQSZ); STORE32(buf_u + SEQSZ, ty); + GC_SETIV(c, buf_u); + TRACE_IV(buf_u, SALSA20_NONCESZ); + + /* --- Determine the MAC key --- */ + + GC_ENCRYPT(c, 0, buf_u, POLY1305_KEYSZ + POLY1305_MASKSZ); + poly1305_keyinit(&polyk, buf_u, POLY1305_KEYSZ); + poly1305_macinit(&poly, &polyk, buf_u + POLY1305_KEYSZ); + + /* --- Verify the MAC on the packet --- */ + + poly1305_hash(&poly, ppk, sz); + poly1305_done(&poly, buf_u); + TRACE_MAC(buf_u, POLY1305_TAGSZ); + if (!ct_memeq(buf_u, pmac, POLY1305_TAGSZ)) { + TRACE_MACERR(pmac, POLY1305_TAGSZ); + return (KSERR_DECRYPT); + } + + /* --- Decrypt the packet --- */ + + GC_DECRYPT(c, ppk, q, sz); + + /* --- Finished --- */ + + *seq = LOAD32(pseq); + BSTEP(bb, sz); + return (0); +} + /*----- Bulk crypto transform table ---------------------------------------*/ const bulkops bulktab[] = { @@ -765,6 +1163,7 @@ const bulkops bulktab[] = { BULK("v0", v0), BULK("iiv", iiv), + BULK("naclbox", naclbox), #undef BULK { 0 }