HardenedBSD/eBones/krb/des_rw.c
markm 2539acf77b Major cleanup of eBones code:
- Get all functions prototyped or at least defined before use.
- Make code compile (Mostly) clean with -Wall set
- Start to reduce the degree to which DES aka libdes is built in.
- get all functions to the same uniform standard of definition:
int
foo(a, b)
int a;
int *b;
{
   :
}
- fix numerous bugs exposed by above processes.

Note - this replaces the previous work which used an unpopular function
 definition style.
1995-09-07 21:39:00 +00:00

263 lines
7.2 KiB
C

/*
* Copyright (c) 1994 Geoffrey M. Rehmet, Rhodes University
* All rights reserved.
*
* This code is derived from a specification based on software
* which forms part of the 4.4BSD-Lite distribution, which was developed
* by the University of California and its contributors.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the entire comment,
* including the above copyright notice, this list of conditions
* and the following disclaimer, verbatim, at the beginning of
* the source file.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Geoffrey M. Rehmet
* 4. Neither the name of Geoffrey M. Rehmet nor that of Rhodes University
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL GEOFFREY M. REHMET OR RHODES UNIVERSITY BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: des_rw.c,v 1.6 1995/07/18 16:38:17 mark Exp $
*/
/*
*
* NB: THESE ROUTINES WILL FAIL IF NON-BLOCKING I/O IS USED.
*
*/
/*
* Routines for reading and writing DES encrypted messages onto sockets.
* (These routines will fail if non-blocking I/O is used.)
*
* When a message is written, its length is first transmitted as an int,
* in network byte order. The encrypted message is then transmitted,
* to a multiple of 8 bytes. Messages shorter than 8 bytes are right
* justified into a buffer of length 8 bytes, and the remainder of the
* buffer is filled with random garbage (before encryption):
*
* DDD -------->--+--------+
* | |
* +--+--+--+--+--+--+--+--+
* |x |x |x |x |x |D |D |D |
* +--+--+--+--+--+--+--+--+
* | garbage | data |
* | |
* +-----------------------+----> des_pcbc_encrypt() -->
*
* (Note that the length field sent before the actual message specifies
* the number of data bytes, not the length of the entire padded message.
*
* When data is read, if the message received is longer than the number
* of bytes requested, then the remaining bytes are stored until the
* following call to des_read(). If the number of bytes received is
* less then the number of bytes received, then only the number of bytes
* actually received is returned.
*
* This interface corresponds with the original des_rw.c, except for the
* bugs in des_read() in the original 4.4BSD version. (One bug is
* normally not visible, due to undocumented behaviour of
* des_pcbc_encrypt() in the original MIT libdes.)
*
* XXX Todo:
* 1) Give better error returns on writes
* 2) Improve error checking on reads
* 3) Get rid of need for extern decl. of krb_net_read()
* 4) Tidy garbage generation a bit
* 5) Make the above comment more readable
*/
#ifdef CRYPT
#ifdef KERBEROS
#ifndef BUFFER_LEN
#define BUFFER_LEN 10240
#endif
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
#include <sys/param.h>
#include <sys/types.h>
#include <des.h>
#include <krb.h>
static des_cblock des_key;
static des_key_schedule key_schedule;
/*
* Buffer for storing extra data when more data is received, then was
* actually requested in des_read().
*/
static u_char des_buff[BUFFER_LEN];
static u_char buffer[BUFFER_LEN];
static unsigned stored = 0;
static u_char *buff_ptr = buffer;
/*
* Set the encryption key for des_read() and des_write().
* inkey is the initial vector for the DES encryption, while insched is
* the DES key, in unwrapped form.
*/
int
des_set_key(inkey, insched)
des_cblock *inkey;
des_key_schedule insched;
{
bcopy(inkey, des_key, sizeof(des_cblock));
bcopy(insched, &key_schedule, sizeof(des_key_schedule));
return 0;
}
/*
* Clear the key schedule, and initial vector, which were previously
* stored in static vars by des_set_key().
*/
void des_clear_key()
{
bzero(&des_key, sizeof(des_cblock));
bzero(&key_schedule, sizeof(des_key_schedule));
}
int
des_read(fd, buf, len)
int fd;
register char * buf;
int len;
{
int msg_length; /* length of actual message data */
int pad_length; /* length of padded message */
int nread; /* number of bytes actually read */
int nreturned = 0;
if(stored >= len) {
bcopy(buff_ptr, buf, len);
stored -= len;
buff_ptr += len;
return(len);
} else {
if (stored) {
bcopy(buff_ptr, buf, stored);
nreturned = stored;
len -= stored;
stored = 0;
buff_ptr = buffer;
} else {
nreturned = 0;
buff_ptr = buffer;
}
}
nread = krb_net_read(fd, (char *)&msg_length, sizeof(msg_length));
if(nread != (int)(sizeof(msg_length)))
return(0);
msg_length = ntohl(msg_length);
pad_length = roundup(msg_length, 8);
nread = krb_net_read(fd, des_buff, pad_length);
if(nread != pad_length)
return(0);
des_pcbc_encrypt((des_cblock*) des_buff, (des_cblock*) buff_ptr,
(msg_length < 8 ? 8 : msg_length),
key_schedule, (des_cblock*) &des_key, DES_DECRYPT);
if(msg_length < 8)
buff_ptr += (8 - msg_length);
stored = msg_length;
if(stored >= len) {
bcopy(buff_ptr, buf, len);
stored -= len;
buff_ptr += len;
nreturned += len;
} else {
bcopy(buff_ptr, buf, stored);
nreturned += stored;
stored = 0;
}
return(nreturned);
}
/*
* Write a message onto a file descriptor (generally a socket), using
* DES to encrypt the message.
*/
int
des_write(fd, buf, len)
int fd;
char * buf;
int len;
{
static int seeded = 0;
char garbage[8];
long rnd;
int pad_len;
int write_len;
int i;
char *data;
if(len < 8) {
/*
* Right justify the message in 8 bytes of random garbage.
*/
if(!seeded) {
seeded = 1;
srandom((unsigned)time(NULL));
}
for(i = 0 ; i < 8 ; i+= sizeof(long)) {
rnd = random();
bcopy(&rnd, garbage+i,
(i <= (8 - sizeof(long)))?sizeof(long):(8-i));
}
bcopy(buf, garbage + 8 - len, len);
data = garbage;
pad_len = 8;
} else {
data = buf;
pad_len = roundup(len, 8);
}
des_pcbc_encrypt((des_cblock*) data, (des_cblock*) des_buff,
(len < 8)?8:len, key_schedule, (des_cblock*) &des_key, DES_ENCRYPT);
write_len = htonl(len);
if(write(fd, &write_len, sizeof(write_len)) != sizeof(write_len))
return(-1);
if(write(fd, des_buff, pad_len) != pad_len)
return(-1);
return(len);
}
#endif /* KERBEROS */
#endif /* CRYPT */