search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Patrick Welche <prlw1@cam.ac.uk>
[netbsd-mini2440.git] / crypto / dist / heimdal / appl / telnet / libtelnet / enc_des.c
blob55578af51ddab2e4194392296656a50d9b9cf11e
1 /*-
2 * Copyright (c) 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include <config.h>
35
36 __RCSID("$Heimdal: enc_des.c 14681 2005-03-23 16:19:31Z lha $"
37 "$NetBSD$");
38
39 #if defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION)
40 #include <arpa/telnet.h>
41 #include <stdio.h>
42 #ifdef __STDC__
43 #include <stdlib.h>
44 #include <string.h>
45 #endif
46 #include <roken.h>
47 #ifdef SOCKS
48 #include <socks.h>
49 #endif
50
51 #include "encrypt.h"
52 #include "misc-proto.h"
53
54 #include "crypto-headers.h"
55
56 extern int encrypt_debug_mode;
57
58 #define CFB 0
59 #define OFB 1
60
61 #define NO_SEND_IV 1
62 #define NO_RECV_IV 2
63 #define NO_KEYID 4
64 #define IN_PROGRESS (NO_SEND_IV|NO_RECV_IV|NO_KEYID)
65 #define SUCCESS 0
66 #define FAILED -1
67
68
69 struct stinfo {
70 DES_cblock str_output;
71 DES_cblock str_feed;
72 DES_cblock str_iv;
73 DES_cblock str_ikey;
74 DES_key_schedule str_sched;
75 int str_index;
76 int str_flagshift;
77 };
78
79 struct fb {
80 DES_cblock krbdes_key;
81 DES_key_schedule krbdes_sched;
82 DES_cblock temp_feed;
83 unsigned char fb_feed[64];
84 int need_start;
85 int state[2];
86 int keyid[2];
87 int once;
88 struct stinfo streams[2];
89 };
90
91 static struct fb fb[2];
92
93 struct keyidlist {
94 char *keyid;
95 int keyidlen;
96 char *key;
97 int keylen;
98 int flags;
99 } keyidlist [] = {
100 { "\0", 1, 0, 0, 0 }, /* default key of zero */
101 { 0, 0, 0, 0, 0 }
102 };
103
104 #define KEYFLAG_MASK 03
105
106 #define KEYFLAG_NOINIT 00
107 #define KEYFLAG_INIT 01
108 #define KEYFLAG_OK 02
109 #define KEYFLAG_BAD 03
110
111 #define KEYFLAG_SHIFT 2
112
113 #define SHIFT_VAL(a,b) (KEYFLAG_SHIFT*((a)+((b)*2)))
114
115 #define FB64_IV 1
116 #define FB64_IV_OK 2
117 #define FB64_IV_BAD 3
118
119
120 void fb64_stream_iv (DES_cblock, struct stinfo *);
121 void fb64_init (struct fb *);
122 static int fb64_start (struct fb *, int, int);
123 int fb64_is (unsigned char *, int, struct fb *);
124 int fb64_reply (unsigned char *, int, struct fb *);
125 static void fb64_session (Session_Key *, int, struct fb *);
126 void fb64_stream_key (DES_cblock, struct stinfo *);
127 int fb64_keyid (int, unsigned char *, int *, struct fb *);
128 void fb64_printsub(unsigned char *, int ,
129 unsigned char *, int , char *);
130
131 void cfb64_init(int server)
132 {
133 fb64_init(&fb[CFB]);
134 fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64;
135 fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB);
136 fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB);
137 }
138
139
140 void ofb64_init(int server)
141 {
142 fb64_init(&fb[OFB]);
143 fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64;
144 fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB);
145 fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB);
146 }
147
148 void fb64_init(struct fb *fbp)
149 {
150 memset(fbp,0, sizeof(*fbp));
151 fbp->state[0] = fbp->state[1] = FAILED;
152 fbp->fb_feed[0] = IAC;
153 fbp->fb_feed[1] = SB;
154 fbp->fb_feed[2] = TELOPT_ENCRYPT;
155 fbp->fb_feed[3] = ENCRYPT_IS;
156 }
157
158 /*
159 * Returns:
160 * -1: some error. Negotiation is done, encryption not ready.
161 * 0: Successful, initial negotiation all done.
162 * 1: successful, negotiation not done yet.
163 * 2: Not yet. Other things (like getting the key from
164 * Kerberos) have to happen before we can continue.
165 */
166 int cfb64_start(int dir, int server)
167 {
168 return(fb64_start(&fb[CFB], dir, server));
169 }
170
171 int ofb64_start(int dir, int server)
172 {
173 return(fb64_start(&fb[OFB], dir, server));
174 }
175
176 static int fb64_start(struct fb *fbp, int dir, int server)
177 {
178 int x;
179 unsigned char *p;
180 int state;
181
182 switch (dir) {
183 case DIR_DECRYPT:
184 /*
185 * This is simply a request to have the other side
186 * start output (our input). He will negotiate an
187 * IV so we need not look for it.
188 */
189 state = fbp->state[dir-1];
190 if (state == FAILED)
191 state = IN_PROGRESS;
192 break;
193
194 case DIR_ENCRYPT:
195 state = fbp->state[dir-1];
196 if (state == FAILED)
197 state = IN_PROGRESS;
198 else if ((state & NO_SEND_IV) == 0) {
199 break;
200 }
201
202 if (!VALIDKEY(fbp->krbdes_key)) {
203 fbp->need_start = 1;
204 break;
205 }
206
207 state &= ~NO_SEND_IV;
208 state |= NO_RECV_IV;
209 if (encrypt_debug_mode)
210 printf("Creating new feed\r\n");
211 /*
212 * Create a random feed and send it over.
213 */
214 #ifndef OLD_DES_RANDOM_KEY
215 DES_random_key(&fbp->temp_feed);
216 #else
217 /*
218 * From des_cryp.man "If the des_check_key flag is non-zero,
219 * des_set_key will check that the key passed is
220 * of odd parity and is not a week or semi-weak key."
221 */
222 do {
223 DES_random_key(fbp->temp_feed);
224 DES_set_odd_parity(fbp->temp_feed);
225 } while (DES_is_weak_key(fbp->temp_feed));
226 #endif
227 DES_ecb_encrypt(&fbp->temp_feed,
228 &fbp->temp_feed,
229 &fbp->krbdes_sched, 1);
230 p = fbp->fb_feed + 3;
231 *p++ = ENCRYPT_IS;
232 p++;
233 *p++ = FB64_IV;
234 for (x = 0; x < sizeof(DES_cblock); ++x) {
235 if ((*p++ = fbp->temp_feed[x]) == IAC)
236 *p++ = IAC;
237 }
238 *p++ = IAC;
239 *p++ = SE;
240 printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
241 telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
242 break;
243 default:
244 return(FAILED);
245 }
246 return(fbp->state[dir-1] = state);
247 }
248
249 /*
250 * Returns:
251 * -1: some error. Negotiation is done, encryption not ready.
252 * 0: Successful, initial negotiation all done.
253 * 1: successful, negotiation not done yet.
254 */
255
256 int cfb64_is(unsigned char *data, int cnt)
257 {
258 return(fb64_is(data, cnt, &fb[CFB]));
259 }
260
261 int ofb64_is(unsigned char *data, int cnt)
262 {
263 return(fb64_is(data, cnt, &fb[OFB]));
264 }
265
266
267 int fb64_is(unsigned char *data, int cnt, struct fb *fbp)
268 {
269 unsigned char *p;
270 int state = fbp->state[DIR_DECRYPT-1];
271
272 if (cnt-- < 1)
273 goto failure;
274
275 switch (*data++) {
276 case FB64_IV:
277 if (cnt != sizeof(DES_cblock)) {
278 if (encrypt_debug_mode)
279 printf("CFB64: initial vector failed on size\r\n");
280 state = FAILED;
281 goto failure;
282 }
283
284 if (encrypt_debug_mode)
285 printf("CFB64: initial vector received\r\n");
286
287 if (encrypt_debug_mode)
288 printf("Initializing Decrypt stream\r\n");
289
290 fb64_stream_iv(data, &fbp->streams[DIR_DECRYPT-1]);
291
292 p = fbp->fb_feed + 3;
293 *p++ = ENCRYPT_REPLY;
294 p++;
295 *p++ = FB64_IV_OK;
296 *p++ = IAC;
297 *p++ = SE;
298 printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
299 telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
300
301 state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
302 break;
303
304 default:
305 if (encrypt_debug_mode) {
306 printf("Unknown option type: %d\r\n", *(data-1));
307 printd(data, cnt);
308 printf("\r\n");
309 }
310 /* FALL THROUGH */
311 failure:
312 /*
313 * We failed. Send an FB64_IV_BAD option
314 * to the other side so it will know that
315 * things failed.
316 */
317 p = fbp->fb_feed + 3;
318 *p++ = ENCRYPT_REPLY;
319 p++;
320 *p++ = FB64_IV_BAD;
321 *p++ = IAC;
322 *p++ = SE;
323 printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
324 telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
325
326 break;
327 }
328 return(fbp->state[DIR_DECRYPT-1] = state);
329 }
330
331 /*
332 * Returns:
333 * -1: some error. Negotiation is done, encryption not ready.
334 * 0: Successful, initial negotiation all done.
335 * 1: successful, negotiation not done yet.
336 */
337
338 int cfb64_reply(unsigned char *data, int cnt)
339 {
340 return(fb64_reply(data, cnt, &fb[CFB]));
341 }
342
343 int ofb64_reply(unsigned char *data, int cnt)
344 {
345 return(fb64_reply(data, cnt, &fb[OFB]));
346 }
347
348
349 int fb64_reply(unsigned char *data, int cnt, struct fb *fbp)
350 {
351 int state = fbp->state[DIR_ENCRYPT-1];
352
353 if (cnt-- < 1)
354 goto failure;
355
356 switch (*data++) {
357 case FB64_IV_OK:
358 fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
359 if (state == FAILED)
360 state = IN_PROGRESS;
361 state &= ~NO_RECV_IV;
362 encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1);
363 break;
364
365 case FB64_IV_BAD:
366 memset(fbp->temp_feed, 0, sizeof(DES_cblock));
367 fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
368 state = FAILED;
369 break;
370
371 default:
372 if (encrypt_debug_mode) {
373 printf("Unknown option type: %d\r\n", data[-1]);
374 printd(data, cnt);
375 printf("\r\n");
376 }
377 /* FALL THROUGH */
378 failure:
379 state = FAILED;
380 break;
381 }
382 return(fbp->state[DIR_ENCRYPT-1] = state);
383 }
384
385 void cfb64_session(Session_Key *key, int server)
386 {
387 fb64_session(key, server, &fb[CFB]);
388 }
389
390 void ofb64_session(Session_Key *key, int server)
391 {
392 fb64_session(key, server, &fb[OFB]);
393 }
394
395 static void fb64_session(Session_Key *key, int server, struct fb *fbp)
396 {
397
398 if (!key || key->type != SK_DES) {
399 if (encrypt_debug_mode)
400 printf("Can't set krbdes's session key (%d != %d)\r\n",
401 key ? key->type : -1, SK_DES);
402 return;
403 }
404 memcpy(fbp->krbdes_key, key->data, sizeof(DES_cblock));
405
406 fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
407 fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
408
409 if (fbp->once == 0) {
410 #if !defined(OLD_DES_RANDOM_KEY) && !defined(HAVE_OPENSSL)
411 DES_init_random_number_generator(&fbp->krbdes_key);
412 #endif
413 fbp->once = 1;
414 }
415 DES_set_key_checked((DES_cblock *)&fbp->krbdes_key,
416 &fbp->krbdes_sched);
417 /*
418 * Now look to see if krbdes_start() was was waiting for
419 * the key to show up. If so, go ahead an call it now
420 * that we have the key.
421 */
422 if (fbp->need_start) {
423 fbp->need_start = 0;
424 fb64_start(fbp, DIR_ENCRYPT, server);
425 }
426 }
427
428 /*
429 * We only accept a keyid of 0. If we get a keyid of
430 * 0, then mark the state as SUCCESS.
431 */
432
433 int cfb64_keyid(int dir, unsigned char *kp, int *lenp)
434 {
435 return(fb64_keyid(dir, kp, lenp, &fb[CFB]));
436 }
437
438 int ofb64_keyid(int dir, unsigned char *kp, int *lenp)
439 {
440 return(fb64_keyid(dir, kp, lenp, &fb[OFB]));
441 }
442
443 int fb64_keyid(int dir, unsigned char *kp, int *lenp, struct fb *fbp)
444 {
445 int state = fbp->state[dir-1];
446
447 if (*lenp != 1 || (*kp != '\0')) {
448 *lenp = 0;
449 return(state);
450 }
451
452 if (state == FAILED)
453 state = IN_PROGRESS;
454
455 state &= ~NO_KEYID;
456
457 return(fbp->state[dir-1] = state);
458 }
459
460 void fb64_printsub(unsigned char *data, int cnt,
461 unsigned char *buf, int buflen, char *type)
462 {
463 char lbuf[32];
464 int i;
465 char *cp;
466
467 buf[buflen-1] = '\0'; /* make sure it's NULL terminated */
468 buflen -= 1;
469
470 switch(data[2]) {
471 case FB64_IV:
472 snprintf(lbuf, sizeof(lbuf), "%s_IV", type);
473 cp = lbuf;
474 goto common;
475
476 case FB64_IV_OK:
477 snprintf(lbuf, sizeof(lbuf), "%s_IV_OK", type);
478 cp = lbuf;
479 goto common;
480
481 case FB64_IV_BAD:
482 snprintf(lbuf, sizeof(lbuf), "%s_IV_BAD", type);
483 cp = lbuf;
484 goto common;
485
486 default:
487 snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[2]);
488 cp = lbuf;
489 common:
490 for (; (buflen > 0) && (*buf = *cp++); buf++)
491 buflen--;
492 for (i = 3; i < cnt; i++) {
493 snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
494 for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
495 buflen--;
496 }
497 break;
498 }
499 }
500
501 void cfb64_printsub(unsigned char *data, int cnt,
502 unsigned char *buf, int buflen)
503 {
504 fb64_printsub(data, cnt, buf, buflen, "CFB64");
505 }
506
507 void ofb64_printsub(unsigned char *data, int cnt,
508 unsigned char *buf, int buflen)
509 {
510 fb64_printsub(data, cnt, buf, buflen, "OFB64");
511 }
512
513 void fb64_stream_iv(DES_cblock seed, struct stinfo *stp)
514 {
515
516 memcpy(stp->str_iv, seed,sizeof(DES_cblock));
517 memcpy(stp->str_output, seed, sizeof(DES_cblock));
518
519 DES_set_key_checked(&stp->str_ikey, &stp->str_sched);
520
521 stp->str_index = sizeof(DES_cblock);
522 }
523
524 void fb64_stream_key(DES_cblock key, struct stinfo *stp)
525 {
526 memcpy(stp->str_ikey, key, sizeof(DES_cblock));
527 DES_set_key_checked((DES_cblock*)key, &stp->str_sched);
528
529 memcpy(stp->str_output, stp->str_iv, sizeof(DES_cblock));
530
531 stp->str_index = sizeof(DES_cblock);
532 }
533
534 /*
535 * DES 64 bit Cipher Feedback
536 *
537 * key --->+-----+
538 * +->| DES |--+
539 * | +-----+ |
540 * | v
541 * INPUT --(--------->(+)+---> DATA
542 * | |
543 * +-------------+
544 *
545 *
546 * Given:
547 * iV: Initial vector, 64 bits (8 bytes) long.
548 * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
549 * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
550 *
551 * V0 = DES(iV, key)
552 * On = Dn ^ Vn
553 * V(n+1) = DES(On, key)
554 */
555
556 void cfb64_encrypt(unsigned char *s, int c)
557 {
558 struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1];
559 int index;
560
561 index = stp->str_index;
562 while (c-- > 0) {
563 if (index == sizeof(DES_cblock)) {
564 DES_cblock b;
565 DES_ecb_encrypt(&stp->str_output, &b,&stp->str_sched, 1);
566 memcpy(stp->str_feed, b, sizeof(DES_cblock));
567 index = 0;
568 }
569
570 /* On encryption, we store (feed ^ data) which is cypher */
571 *s = stp->str_output[index] = (stp->str_feed[index] ^ *s);
572 s++;
573 index++;
574 }
575 stp->str_index = index;
576 }
577
578 int cfb64_decrypt(int data)
579 {
580 struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1];
581 int index;
582
583 if (data == -1) {
584 /*
585 * Back up one byte. It is assumed that we will
586 * never back up more than one byte. If we do, this
587 * may or may not work.
588 */
589 if (stp->str_index)
590 --stp->str_index;
591 return(0);
592 }
593
594 index = stp->str_index++;
595 if (index == sizeof(DES_cblock)) {
596 DES_cblock b;
597 DES_ecb_encrypt(&stp->str_output,&b, &stp->str_sched, 1);
598 memcpy(stp->str_feed, b, sizeof(DES_cblock));
599 stp->str_index = 1; /* Next time will be 1 */
600 index = 0; /* But now use 0 */
601 }
602
603 /* On decryption we store (data) which is cypher. */
604 stp->str_output[index] = data;
605 return(data ^ stp->str_feed[index]);
606 }
607
608 /*
609 * DES 64 bit Output Feedback
610 *
611 * key --->+-----+
612 * +->| DES |--+
613 * | +-----+ |
614 * +-----------+
615 * v
616 * INPUT -------->(+) ----> DATA
617 *
618 * Given:
619 * iV: Initial vector, 64 bits (8 bytes) long.
620 * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
621 * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
622 *
623 * V0 = DES(iV, key)
624 * V(n+1) = DES(Vn, key)
625 * On = Dn ^ Vn
626 */
627
628 void ofb64_encrypt(unsigned char *s, int c)
629 {
630 struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1];
631 int index;
632
633 index = stp->str_index;
634 while (c-- > 0) {
635 if (index == sizeof(DES_cblock)) {
636 DES_cblock b;
637 DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1);
638 memcpy(stp->str_feed, b, sizeof(DES_cblock));
639 index = 0;
640 }
641 *s++ ^= stp->str_feed[index];
642 index++;
643 }
644 stp->str_index = index;
645 }
646
647 int ofb64_decrypt(int data)
648 {
649 struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1];
650 int index;
651
652 if (data == -1) {
653 /*
654 * Back up one byte. It is assumed that we will
655 * never back up more than one byte. If we do, this
656 * may or may not work.
657 */
658 if (stp->str_index)
659 --stp->str_index;
660 return(0);
661 }
662
663 index = stp->str_index++;
664 if (index == sizeof(DES_cblock)) {
665 DES_cblock b;
666 DES_ecb_encrypt(&stp->str_feed,&b,&stp->str_sched, 1);
667 memcpy(stp->str_feed, b, sizeof(DES_cblock));
668 stp->str_index = 1; /* Next time will be 1 */
669 index = 0; /* But now use 0 */
670 }
671
672 return(data ^ stp->str_feed[index]);
673 }
674 #endif
675
NetBSD on the FriendlyARM MINI2440