3 * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Bill Paul.
16 * 4. Neither the name of the author nor the names of any co-contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * $FreeBSD: src/usr.sbin/keyserv/crypt_server.c,v 1.6.2.1 2001/07/19 04:21:20 kris Exp $
33 * $DragonFly: src/usr.sbin/keyserv/crypt_server.c,v 1.2 2003/06/17 04:29:55 dillon Exp $
36 #include <sys/types.h>
37 #include <sys/param.h>
44 #include <rpc/des_crypt.h>
49 * The U.S. government stupidly believes that a) it can keep strong
50 * crypto code a secret and b) that doing so somehow protects national
51 * interests. It's wrong on both counts, but until it listens to reason
52 * we have to make certain compromises so it doesn't have an excuse to
53 * throw us in federal prison.
55 * Consequently, the core OS ships without DES support, and keyserv
56 * defaults to using ARCFOUR with only a 40 bit key, just like nutscrape.
57 * This breaks compatibility with Secure RPC on other systems, but it
58 * allows Secure RPC to work between FreeBSD systems that don't have the
59 * DES package installed without throwing security totally out the window.
61 * In order to avoid having to supply two versions of keyserv (one with
62 * DES and one without), we use dlopen() and friends to load libdes.so
63 * into our address space at runtime. We check for the presence of
64 * /usr/lib/libdes.so.3.0 at startup and load it if we find it. If we
65 * can't find it, or the __des_crypt symbol doesn't exist, we fall back
66 * to the ARCFOUR encryption code. The user can specify another path using
71 typedef struct arcfour_key
73 unsigned char state[256];
78 static void prepare_key(unsigned char *key_data_ptr,int key_data_len,
80 static void arcfour(unsigned char *buffer_ptr,int buffer_len,arcfour_key * key);
81 static void swap_byte(unsigned char *a, unsigned char *b);
83 static void prepare_key(unsigned char *key_data_ptr, int key_data_len,
91 state = &key->state[0];
92 for(counter = 0; counter < 256; counter++)
93 state[counter] = counter;
98 for(counter = 0; counter < 256; counter++)
100 index2 = (key_data_ptr[index1] + state[counter] +
102 swap_byte(&state[counter], &state[index2]);
104 index1 = (index1 + 1) % key_data_len;
108 static void arcfour(unsigned char *buffer_ptr, int buffer_len, arcfour_key *key)
112 unsigned char* state;
113 unsigned char xorIndex;
119 state = &key->state[0];
120 for(counter = 0; counter < buffer_len; counter ++)
123 y = (state[x] + y) % 256;
124 swap_byte(&state[x], &state[y]);
126 xorIndex = (state[x] + state[y]) % 256;
128 buffer_ptr[counter] ^= state[xorIndex];
134 static void swap_byte(unsigned char *a, unsigned char *b)
136 unsigned char swapByte;
143 /* Dummy _des_crypt function that uses ARCFOUR with a 40 bit key */
144 int _arcfour_crypt(buf, len, desp)
147 struct desparams *desp;
149 struct arcfour_key arcfourk;
152 * U.S. government anti-crypto weasels take
153 * note: although we are supplied with a 64 bit
154 * key, we're only passing 40 bits to the ARCFOUR
155 * encryption code. So there.
157 prepare_key(desp->des_key, 5, &arcfourk);
158 arcfour(buf, len, &arcfourk);
160 return(DESERR_NOHWDEVICE);
163 int (*_my_crypt)__P((char *, int, struct desparams *)) = NULL;
165 static void *dlhandle;
168 #define _PATH_USRLIB "/usr/lib"
173 #define LIBCRYPTO "libcrypto.so.1"
175 #define LIBCRYPTO "libcrypto.so.1."
176 #endif /* OBJFORMAT_ELF */
179 void load_des(warn, libpath)
183 char dlpath[MAXPATHLEN];
185 if (libpath == NULL) {
187 snprintf(dlpath, sizeof(dlpath), "%s/%s", _PATH_USRLIB, LIBCRYPTO);
189 len = strlen(LIBCRYPTO);
190 if ((dird = opendir(_PATH_USRLIB)) == NULL)
191 err(1, "opendir(/usr/lib) failed");
193 while ((dirp = readdir(dird)) != NULL) {
194 /* must have a minor number */
195 if (strlen(dirp->d_name) <= len)
197 if (!strncmp(dirp->d_name, LIBCRYPTO, len)) {
198 if (atoi((dirp->d_name + len + 1)) > minor) {
199 minor = atoi((dirp->d_name + len + 1));
200 snprintf(dlpath,sizeof(dlpath),"%s/%s",
201 _PATH_USRLIB, dirp->d_name);
207 #endif /* OBJFORMAT_ELF */
209 snprintf(dlpath, sizeof(dlpath), "%s", libpath);
211 if (dlpath != NULL && (dlhandle = dlopen(dlpath, 0444)) != NULL)
213 _my_crypt = (int (*)())dlsym(dlhandle, "_des_crypt");
215 _my_crypt = (int (*)())dlsym(dlhandle, "__des_crypt");
216 #endif /* OBJFORMAT_ELF */
218 if (_my_crypt == NULL) {
219 if (dlhandle != NULL)
221 _my_crypt = &_arcfour_crypt;
223 printf ("DES support disabled -- using ARCFOUR instead.\n");
224 printf ("Warning: ARCFOUR cipher is not compatible with ");
225 printf ("other Secure RPC implementations.\nInstall ");
226 printf ("the FreeBSD 'des' distribution to enable");
227 printf (" DES encryption.\n");
231 printf ("DES support enabled\n");
232 printf ("Using %s shared object.\n", dlpath);
240 des_crypt_1_svc(desargs *argp, struct svc_req *rqstp)
242 static desresp result;
243 struct desparams dparm;
245 if (argp->desbuf.desbuf_len > DES_MAXDATA) {
246 result.stat = DESERR_BADPARAM;
251 bcopy(argp->des_key, dparm.des_key, 8);
252 bcopy(argp->des_ivec, dparm.des_ivec, 8);
253 dparm.des_mode = argp->des_mode;
254 dparm.des_dir = argp->des_dir;
256 dparm.UDES.UDES_buf = argp->desbuf.desbuf_val;
260 * XXX This compensates for a bug in the libdes Secure RPC
261 * compat interface. (Actually, there are a couple.) The
262 * des_ecb_encrypt() routine in libdes only encrypts 8 bytes
263 * (64 bits) at a time. However, the Sun Secure RPC ecb_crypt()
264 * routine is supposed to be able to handle buffers up to 8Kbytes.
265 * The rpc_enc module in libdes ignores this fact and just drops
266 * the length parameter on the floor, encrypting only the
267 * first 64 bits of whatever buffer you feed it. We deal with
268 * this here: if we're using DES encryption, and we're using
269 * ECB mode, then we make a pass over the entire buffer
270 * ourselves. Note: the rpc_enc module incorrectly transposes
271 * the mode flags, so when you ask for CBC mode, you're really
275 if (_my_crypt != &_arcfour_crypt && argp->des_mode == CBC) {
277 if (_my_crypt != &_arcfour_crypt && argp->des_mode == ECB) {
282 for (i = 0; i < argp->desbuf.desbuf_len / 8; i++) {
283 dptr = argp->desbuf.desbuf_val;
286 dparm.UDES.UDES_buf = dptr;
288 result.stat = _my_crypt(dptr, 8, &dparm);
291 result.stat = _my_crypt(argp->desbuf.desbuf_val,
292 argp->desbuf.desbuf_len,
296 if (result.stat == DESERR_NONE || result.stat == DESERR_NOHWDEVICE) {
297 bcopy(dparm.des_ivec, result.des_ivec, 8);
298 result.desbuf.desbuf_len = argp->desbuf.desbuf_len;
299 result.desbuf.desbuf_val = argp->desbuf.desbuf_val;
projects / dragonfly.git / blob