enc_des.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright 2002 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
*/
/*
* Copyright (c) 1991, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
* All rights reserved.
*
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of FundsXpress. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
/* based on @(#)enc_des.c 8.1 (Berkeley) 6/4/93 */
#include <krb5.h>
#include <stdio.h>
#ifdef __STDC__
#include <stdlib.h>
#endif
#include "externs.h"
extern boolean_t encrypt_debug_mode;
extern krb5_context telnet_context;
#define KEYFLAG_SHIFT 2
static struct _fb {
int once;
unsigned char fb_feed[64];
struct stinfo {
unsigned char str_keybytes[DES_BLOCKSIZE];
int str_index;
int str_flagshift;
} des_cfb;
static void
{
/* this is a kerberos enctype, not a telopt enctype */
if (code)
"Error encrypting stream data (%s)\r\n"), code);
}
void
cfb64_init(void)
{
}
/*
* Returns:
* -1: some error. Negotiation is done, encryption not ready.
* 0: Successful, initial negotiation all done.
* 1: successful, negotiation not done yet.
* 2: Not yet. Other things (like getting the key from
* Kerberos) have to happen before we can continue.
*/
int
cfb64_start(int dir)
{
int x;
unsigned char *p;
register int state;
switch (dir) {
case TELNET_DIR_DECRYPT:
/*
* This is simply a request to have the other side
* start output (our input). He will negotiate an
* IV so we need not look for it.
*/
if (state == ENCR_STATE_FAILED)
break;
case TELNET_DIR_ENCRYPT:
if (state == ENCR_STATE_FAILED)
else if ((state & ENCR_STATE_NO_SEND_IV) == 0)
break;
break;
}
if (encrypt_debug_mode)
/*
* Create a random feed and send it over.
*/
{
krb5_data d;
if (code != 0)
return (ENCR_STATE_FAILED);
}
*p++ = ENCRYPT_IS;
p++;
*p++ = FB64_IV;
for (x = 0; x < sizeof (Block); ++x) {
*p++ = IAC;
}
*p++ = IAC;
*p++ = SE;
break;
default:
return (ENCR_STATE_FAILED);
}
}
/*
* Returns:
* -1: some error. Negotiation is done, encryption not ready.
* 0: Successful, initial negotiation all done.
* 1: successful, negotiation not done yet.
*/
int
{
unsigned char *p;
if (cnt-- < 1)
goto failure;
switch (*data++) {
case FB64_IV:
if (encrypt_debug_mode)
"CFB64: initial vector failed "
"on size\r\n"));
goto failure;
}
if (encrypt_debug_mode)
"CFB64: initial vector received\r\n"));
if (encrypt_debug_mode)
"Initializing Decrypt stream\r\n"));
cfb64_stream_iv((void *)data,
*p++ = ENCRYPT_REPLY;
p++;
*p++ = FB64_IV_OK;
*p++ = IAC;
*p++ = SE;
break;
default:
if (encrypt_debug_mode) {
(void) printf("\r\n");
}
/* FALL THROUGH */
/*
* We failed. Send an FB64_IV_BAD option
* to the other side so it will know that
* things failed.
*/
*p++ = ENCRYPT_REPLY;
p++;
*p++ = FB64_IV_BAD;
*p++ = IAC;
*p++ = SE;
break;
}
}
/*
* Returns:
* -1: some error. Negotiation is done, encryption not ready.
* 0: Successful, initial negotiation all done.
* 1: successful, negotiation not done yet.
*/
int
{
if (cnt-- < 1)
goto failure;
switch (*data++) {
case FB64_IV_OK:
if (state == ENCR_STATE_FAILED)
(unsigned char *)"\0", 1, 1);
break;
case FB64_IV_BAD:
break;
default:
if (encrypt_debug_mode) {
(void) printf("\r\n");
}
/* FALL THROUGH */
break;
}
}
void
{
if (encrypt_debug_mode)
"Can't set DES's session key (%d != %d)\r\n"),
return;
}
/*
* Now look to see if cfb64_start() was was waiting for
* the key to show up. If so, go ahead an call it now
* that we have the key.
*/
if (fbp->need_start) {
(void) cfb64_start(TELNET_DIR_ENCRYPT);
}
}
/*
* We only accept a keyid of 0. If we get a keyid of
* 0, then mark the state as SUCCESS.
*/
int
unsigned char *kp;
{
*lenp = 0;
return (state);
}
if (state == ENCR_STATE_FAILED)
state &= ~ENCR_STATE_NO_KEYID;
}
/*
* Print ENCRYPT suboptions to NetTrace when "set opt" is used
*/
void
{
char lbuf[ENCR_LBUF_BUFSIZ];
register int i;
char *cp;
unsigned char type[] = "CFB64";
buflen -= 1;
switch (data[2]) {
case FB64_IV:
goto common;
case FB64_IV_OK:
goto common;
case FB64_IV_BAD:
goto common;
default:
data[2]);
buflen--;
for (i = 3; i < cnt; i++) {
buflen--;
}
break;
}
}
static void
{
}
void
{
/*
* the original version of this code uses des ecb mode, but
* it only ever does one block at a time. cbc with a zero iv
* is identical
*/
/* this is a kerberos enctype, not a telopt enctype */
sizeof (Block));
}
/*
* DES 64 bit Cipher Feedback
*
* key --->+-----+
* +->| DES |--+
* | +-----+ |
* | v
* INPUT --(--------->(+)+---> DATA
* | |
* +-------------+
*
*
* Given:
* iV: Initial vector, 64 bits (8 bytes) long.
* Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
* On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
*
* V0 = DES(iV, key)
* On = Dn ^ Vn
* V(n+1) = DES(On, key)
*/
void
cfb64_encrypt(register unsigned char *s, int c)
{
register int index;
while (c-- > 0) {
Block b;
sizeof (Block));
index = 0;
}
/* On encryption, we store (feed ^ data) which is cypher */
s++;
index++;
}
}
int
cfb64_decrypt(int data)
{
int index;
if (data == -1) {
/*
* Back up one byte. It is assumed that we will
* never back up more than one byte. If we do, this
* may or may not work.
*/
return (0);
}
Block b;
index = 0; /* But now use 0 */
}
/* On decryption we store (data) which is cypher. */
}