mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-18 17:00:49 +01:00
60643d379b
(Including all changes for FreeBSD - importing the original eBones distribution would be too complex at this stage, since I don't have access to Piero's CVS.) (If you want to include eBones in your system, don't forget to include MAKE_EBONES in /etc/make.conf.) (This stuff is now also suppable from braae.ru.ac.za.) Bones originally from MIT SIPB. Original port to FreeBSD 1.x by Piero Serini. Moved to FreeBSD 2.0 by Doug Rabson and Geoff Rehmet. Nice bug fixes from Doug Rabson.
266 lines
7.5 KiB
C
266 lines
7.5 KiB
C
/* -
|
|
* Copyright (c) 1994 Geoffrey M. Rehmet, Rhodes University
|
|
* All rights reserved.
|
|
*
|
|
* This code is derived from a specification based on software
|
|
* which forms part of the 4.4BSD-Lite distribution, which was developed
|
|
* by the University of California and its contributors.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the entire comment,
|
|
* including the above copyright notice, this list of conditions
|
|
* and the following disclaimer, verbatim, at the beginning of
|
|
* the source file.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* This product includes software developed by Geoffrey M. Rehmet
|
|
* 4. Neither the name of Geoffrey M. Rehmet nor that of Rhodes University
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL GEOFFREY M. REHMET OR RHODES UNIVERSITY BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* $Id: des_rw.c,v 1.5 1994/09/24 18:54:41 g89r4222 Exp $
|
|
*/
|
|
|
|
/*
|
|
*
|
|
* NB: THESE ROUTINES WILL FAIL IF NON-BLOCKING I/O IS USED.
|
|
*
|
|
*/
|
|
|
|
/*
|
|
* Routines for reading and writing DES encrypted messages onto sockets.
|
|
* (These routines will fail if non-blocking I/O is used.)
|
|
*
|
|
* When a message is written, its length is first transmitted as an int,
|
|
* in network byte order. The encrypted message is then transmitted,
|
|
* to a multiple of 8 bytes. Messages shorter than 8 bytes are right
|
|
* justified into a buffer of length 8 bytes, and the remainder of the
|
|
* buffer is filled with random garbage (before encryption):
|
|
*
|
|
* DDD -------->--+--------+
|
|
* | |
|
|
* +--+--+--+--+--+--+--+--+
|
|
* |x |x |x |x |x |D |D |D |
|
|
* +--+--+--+--+--+--+--+--+
|
|
* | garbage | data |
|
|
* | |
|
|
* +-----------------------+----> des_pcbc_encrypt() -->
|
|
*
|
|
* (Note that the length field sent before the actual message specifies
|
|
* the number of data bytes, not the length of the entire padded message.
|
|
*
|
|
* When data is read, if the message received is longer than the number
|
|
* of bytes requested, then the remaining bytes are stored until the
|
|
* following call to des_read(). If the number of bytes received is
|
|
* less then the number of bytes received, then only the number of bytes
|
|
* actually received is returned.
|
|
*
|
|
* This interface corresponds with the original des_rw.c, except for the
|
|
* bugs in des_read() in the original 4.4BSD version. (One bug is
|
|
* normally not visible, due to undocumented behaviour of
|
|
* des_pcbc_encrypt() in the original MIT libdes.)
|
|
*
|
|
* XXX Todo:
|
|
* 1) Give better error returns on writes
|
|
* 2) Improve error checking on reads
|
|
* 3) Get rid of need for extern decl. of krb_net_read()
|
|
* 4) Tidy garbage generation a bit
|
|
* 5) Make the above comment more readable
|
|
*/
|
|
|
|
#ifdef CRYPT
|
|
#ifdef KERBEROS
|
|
|
|
#ifndef BUFFER_LEN
|
|
#define BUFFER_LEN 10240
|
|
#endif
|
|
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <time.h>
|
|
#include <unistd.h>
|
|
|
|
#include <sys/param.h>
|
|
#include <sys/types.h>
|
|
|
|
#include <kerberosIV/des.h>
|
|
#include <kerberosIV/krb.h>
|
|
|
|
extern int krb_net_read(int fd, void * data, size_t length);
|
|
extern int des_pcbc_encrypt(des_cblock *input, des_cblock *output,
|
|
register long length,
|
|
des_key_schedule schedule,
|
|
des_cblock *ivec,
|
|
int encrypt);
|
|
|
|
static bit_64 des_key;
|
|
static des_key_schedule key_sched;
|
|
|
|
/*
|
|
* Buffer for storing extra data when more data is received, then was
|
|
* actually requested in des_read().
|
|
*/
|
|
static u_char des_buff[BUFFER_LEN];
|
|
static u_char buffer[BUFFER_LEN];
|
|
static unsigned stored = 0;
|
|
static u_char *buff_ptr = buffer;
|
|
|
|
/*
|
|
* Set the encryption key for des_read() and des_write().
|
|
* inkey is the initial vector for the DES encryption, while insched is
|
|
* the DES key, in unwrapped form.
|
|
*/
|
|
void des_set_key(inkey, insched)
|
|
bit_64 *inkey;
|
|
u_char *insched;
|
|
{
|
|
bcopy(inkey, &des_key, sizeof(bit_64));
|
|
bcopy(insched, &key_sched, sizeof(des_key_schedule));
|
|
}
|
|
|
|
/*
|
|
* Clear the key schedule, and initial vector, which were previously
|
|
* stored in static vars by des_set_key().
|
|
*/
|
|
void des_clear_key()
|
|
{
|
|
bzero(&des_key, sizeof(des_cblock));
|
|
bzero(&key_sched, sizeof(des_key_schedule));
|
|
}
|
|
|
|
int des_read(fd, buf, len)
|
|
int fd;
|
|
register char * buf;
|
|
int len;
|
|
{
|
|
int msg_length; /* length of actual message data */
|
|
int pad_length; /* length of padded message */
|
|
int nread; /* number of bytes actually read */
|
|
int nreturned = 0;
|
|
|
|
if(stored >= len) {
|
|
bcopy(buff_ptr, buf, len);
|
|
stored -= len;
|
|
buff_ptr += len;
|
|
return(len);
|
|
} else {
|
|
if (stored) {
|
|
bcopy(buff_ptr, buf, stored);
|
|
nreturned = stored;
|
|
len -= stored;
|
|
stored = 0;
|
|
buff_ptr = buffer;
|
|
} else {
|
|
nreturned = 0;
|
|
buff_ptr = buffer;
|
|
}
|
|
}
|
|
|
|
nread = krb_net_read(fd, &msg_length, sizeof(msg_length));
|
|
if(nread != (int)(sizeof(msg_length)))
|
|
return(0);
|
|
|
|
msg_length = ntohl(msg_length);
|
|
pad_length = roundup(msg_length, 8);
|
|
|
|
nread = krb_net_read(fd, des_buff, pad_length);
|
|
if(nread != pad_length)
|
|
return(0);
|
|
|
|
des_pcbc_encrypt((des_cblock*) des_buff, (des_cblock*) buff_ptr,
|
|
(msg_length < 8 ? 8 : msg_length),
|
|
key_sched, (des_cblock*) &des_key, DES_DECRYPT);
|
|
|
|
|
|
if(msg_length < 8)
|
|
buff_ptr += (8 - msg_length);
|
|
stored = msg_length;
|
|
|
|
if(stored >= len) {
|
|
bcopy(buff_ptr, buf, len);
|
|
stored -= len;
|
|
buff_ptr += len;
|
|
nreturned += len;
|
|
} else {
|
|
bcopy(buff_ptr, buf, stored);
|
|
nreturned += stored;
|
|
stored = 0;
|
|
}
|
|
|
|
return(nreturned);
|
|
}
|
|
|
|
|
|
/*
|
|
* Write a message onto a file descriptor (generally a socket), using
|
|
* DES to encrypt the message.
|
|
*/
|
|
int des_write(fd, buf, len)
|
|
int fd;
|
|
char * buf;
|
|
int len;
|
|
{
|
|
static int seeded = 0;
|
|
char garbage[8];
|
|
long rnd;
|
|
int pad_len;
|
|
int write_len;
|
|
int nwritten = 0;
|
|
int i;
|
|
char *data;
|
|
|
|
if(len < 8) {
|
|
/*
|
|
* Right justify the message in 8 bytes of random garbage.
|
|
*/
|
|
if(!seeded) {
|
|
seeded = 1;
|
|
srandom((unsigned)time(NULL));
|
|
}
|
|
|
|
for(i = 0 ; i < 8 ; i+= sizeof(long)) {
|
|
rnd = random();
|
|
bcopy(&rnd, garbage+i,
|
|
(i <= (8 - sizeof(long)))?sizeof(long):(8-i));
|
|
}
|
|
bcopy(buf, garbage + 8 - len, len);
|
|
data = garbage;
|
|
pad_len = 8;
|
|
} else {
|
|
data = buf;
|
|
pad_len = roundup(len, 8);
|
|
}
|
|
|
|
des_pcbc_encrypt((des_cblock*) data, (des_cblock*) des_buff,
|
|
(len < 8)?8:len, key_sched, (des_cblock*) &des_key, DES_ENCRYPT);
|
|
|
|
|
|
write_len = htonl(len);
|
|
if(write(fd, &write_len, sizeof(write_len)) != sizeof(write_len))
|
|
return(-1);
|
|
if(write(fd, des_buff, pad_len) != pad_len)
|
|
return(-1);
|
|
|
|
return(len);
|
|
}
|
|
|
|
#endif /* KERBEROS */
|
|
#endif /* CRYPT */
|