crypt_server.c revision 50479
126234Swpaul/* 226234Swpaul * Copyright (c) 1996 326234Swpaul * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 426234Swpaul * 526234Swpaul * Redistribution and use in source and binary forms, with or without 626234Swpaul * modification, are permitted provided that the following conditions 726234Swpaul * are met: 826234Swpaul * 1. Redistributions of source code must retain the above copyright 926234Swpaul * notice, this list of conditions and the following disclaimer. 1026234Swpaul * 2. Redistributions in binary form must reproduce the above copyright 1126234Swpaul * notice, this list of conditions and the following disclaimer in the 1226234Swpaul * documentation and/or other materials provided with the distribution. 1326234Swpaul * 3. All advertising materials mentioning features or use of this software 1426234Swpaul * must display the following acknowledgement: 1526234Swpaul * This product includes software developed by Bill Paul. 1626234Swpaul * 4. Neither the name of the author nor the names of any co-contributors 1726234Swpaul * may be used to endorse or promote products derived from this software 1826234Swpaul * without specific prior written permission. 1926234Swpaul * 2026234Swpaul * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 2126234Swpaul * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2226234Swpaul * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2326234Swpaul * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 2426234Swpaul * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2526234Swpaul * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2626234Swpaul * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2726234Swpaul * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2826234Swpaul * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2926234Swpaul * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3026234Swpaul * SUCH DAMAGE. 3126234Swpaul */ 3226234Swpaul 3326234Swpaul#include <sys/types.h> 3426234Swpaul#include <sys/param.h> 3526234Swpaul#include <dirent.h> 3629735Scharnier#include <dlfcn.h> 3726234Swpaul#include <err.h> 3829735Scharnier#include <stdio.h> 3929735Scharnier#include <stdlib.h> 4029735Scharnier#include <string.h> 4126234Swpaul#include <rpc/des_crypt.h> 4226234Swpaul#include <rpc/des.h> 4326234Swpaul#include "crypt.h" 4426234Swpaul 4526234Swpaul#ifndef lint 4629735Scharnierstatic const char rcsid[] = 4750479Speter "$FreeBSD: head/usr.sbin/keyserv/crypt_server.c 50479 1999-08-28 01:35:59Z peter $"; 4829735Scharnier#endif /* not lint */ 4926234Swpaul 5026234Swpaul/* 5126234Swpaul * The U.S. government stupidly believes that a) it can keep strong 5226234Swpaul * crypto code a secret and b) that doing so somehow protects national 5326234Swpaul * interests. It's wrong on both counts, but until it listens to reason 5426234Swpaul * we have to make certain compromises so it doesn't have an excuse to 5526234Swpaul * throw us in federal prison. 5626234Swpaul * 5726234Swpaul * Consequently, the core OS ships without DES support, and keyserv 5826703Swpaul * defaults to using ARCFOUR with only a 40 bit key, just like nutscrape. 5926234Swpaul * This breaks compatibility with Secure RPC on other systems, but it 6026234Swpaul * allows Secure RPC to work between FreeBSD systems that don't have the 6126234Swpaul * DES package installed without throwing security totally out the window. 6226234Swpaul * 6326234Swpaul * In order to avoid having to supply two versions of keyserv (one with 6426234Swpaul * DES and one without), we use dlopen() and friends to load libdes.so 6526234Swpaul * into our address space at runtime. We check for the presence of 6626234Swpaul * /usr/lib/libdes.so.3.0 at startup and load it if we find it. If we 6726234Swpaul * can't find it, or the __des_crypt symbol doesn't exist, we fall back 6826703Swpaul * to the ARCFOUR encryption code. The user can specify another path using 6926234Swpaul * the -p flag. 7026234Swpaul */ 7126234Swpaul 7226703Swpaul /* arcfour.h */ 7326703Swpaultypedef struct arcfour_key 7426234Swpaul{ 7526234Swpaul unsigned char state[256]; 7626234Swpaul unsigned char x; 7726234Swpaul unsigned char y; 7826703Swpaul} arcfour_key; 7926234Swpaul 8026234Swpaulstatic void prepare_key(unsigned char *key_data_ptr,int key_data_len, 8126703Swpaul arcfour_key *key); 8226703Swpaulstatic void arcfour(unsigned char *buffer_ptr,int buffer_len,arcfour_key * key); 8326234Swpaulstatic void swap_byte(unsigned char *a, unsigned char *b); 8426234Swpaul 8526234Swpaulstatic void prepare_key(unsigned char *key_data_ptr, int key_data_len, 8626703Swpaul arcfour_key *key) 8726234Swpaul{ 8826234Swpaul unsigned char index1; 8926234Swpaul unsigned char index2; 9026234Swpaul unsigned char* state; 9126234Swpaul short counter; 9226234Swpaul 9326234Swpaul state = &key->state[0]; 9426234Swpaul for(counter = 0; counter < 256; counter++) 9526234Swpaul state[counter] = counter; 9626234Swpaul key->x = 0; 9726234Swpaul key->y = 0; 9826234Swpaul index1 = 0; 9926234Swpaul index2 = 0; 10026234Swpaul for(counter = 0; counter < 256; counter++) 10126234Swpaul { 10226234Swpaul index2 = (key_data_ptr[index1] + state[counter] + 10326234Swpaul index2) % 256; 10426234Swpaul swap_byte(&state[counter], &state[index2]); 10526234Swpaul 10626234Swpaul index1 = (index1 + 1) % key_data_len; 10726234Swpaul } 10826234Swpaul} 10926234Swpaul 11026703Swpaulstatic void arcfour(unsigned char *buffer_ptr, int buffer_len, arcfour_key *key) 11126234Swpaul{ 11226234Swpaul unsigned char x; 11326234Swpaul unsigned char y; 11426234Swpaul unsigned char* state; 11526234Swpaul unsigned char xorIndex; 11626234Swpaul short counter; 11726234Swpaul 11826234Swpaul x = key->x; 11926234Swpaul y = key->y; 12026234Swpaul 12126234Swpaul state = &key->state[0]; 12226234Swpaul for(counter = 0; counter < buffer_len; counter ++) 12326234Swpaul { 12426234Swpaul x = (x + 1) % 256; 12526234Swpaul y = (state[x] + y) % 256; 12626234Swpaul swap_byte(&state[x], &state[y]); 12726234Swpaul 12826234Swpaul xorIndex = (state[x] + state[y]) % 256; 12926234Swpaul 13026234Swpaul buffer_ptr[counter] ^= state[xorIndex]; 13126234Swpaul } 13226234Swpaul key->x = x; 13326234Swpaul key->y = y; 13426234Swpaul} 13526234Swpaul 13626234Swpaulstatic void swap_byte(unsigned char *a, unsigned char *b) 13726234Swpaul{ 13826234Swpaul unsigned char swapByte; 13926234Swpaul 14026234Swpaul swapByte = *a; 14126234Swpaul *a = *b; 14226234Swpaul *b = swapByte; 14326234Swpaul} 14426234Swpaul 14526703Swpaul/* Dummy _des_crypt function that uses ARCFOUR with a 40 bit key */ 14626703Swpaulint _arcfour_crypt(buf, len, desp) 14726234Swpaul char *buf; 14826234Swpaul int len; 14926234Swpaul struct desparams *desp; 15026234Swpaul{ 15126703Swpaul struct arcfour_key arcfourk; 15226234Swpaul 15326234Swpaul /* 15426234Swpaul * U.S. government anti-crypto weasels take 15526234Swpaul * note: although we are supplied with a 64 bit 15626703Swpaul * key, we're only passing 40 bits to the ARCFOUR 15726234Swpaul * encryption code. So there. 15826234Swpaul */ 15926703Swpaul prepare_key(desp->des_key, 5, &arcfourk); 16026703Swpaul arcfour(buf, len, &arcfourk); 16126234Swpaul 16226234Swpaul return(DESERR_NOHWDEVICE); 16326234Swpaul} 16426234Swpaul 16526234Swpaulint (*_my_crypt)__P((char *, int, struct desparams *)) = NULL; 16626234Swpaul 16726234Swpaulstatic void *dlhandle; 16826234Swpaul 16926234Swpaul#ifndef _PATH_USRLIB 17026234Swpaul#define _PATH_USRLIB "/usr/lib" 17126234Swpaul#endif 17226234Swpaul 17326234Swpaul#ifndef LIBDES 17439319Swpaul#ifdef OBJFORMAT_ELF 17539319Swpaul#define LIBDES "libdes.so.3" 17639319Swpaul#else 17726234Swpaul#define LIBDES "libdes.so.3." 17839319Swpaul#endif /* OBJFORMAT_ELF */ 17926234Swpaul#endif 18026234Swpaul 18126234Swpaulvoid load_des(warn, libpath) 18226234Swpaul int warn; 18326234Swpaul char *libpath; 18426234Swpaul{ 18526234Swpaul DIR *dird; 18626234Swpaul struct dirent *dirp; 18726234Swpaul char dlpath[MAXPATHLEN]; 18826234Swpaul int minor = -1; 18926234Swpaul int len; 19026234Swpaul 19126234Swpaul if (libpath == NULL) { 19239319Swpaul#ifdef OBJFORMAT_ELF 19339319Swpaul snprintf(dlpath, sizeof(dlpath), "%s/%s", _PATH_USRLIB, LIBDES); 19439319Swpaul#else 19526234Swpaul len = strlen(LIBDES); 19626234Swpaul if ((dird = opendir(_PATH_USRLIB)) == NULL) 19726234Swpaul err(1, "opendir(/usr/lib) failed"); 19826234Swpaul 19926234Swpaul while ((dirp = readdir(dird)) != NULL) { 20026234Swpaul /* must have a minor number */ 20126234Swpaul if (strlen(dirp->d_name) <= len) 20226234Swpaul continue; 20326234Swpaul if (!strncmp(dirp->d_name, LIBDES, len)) { 20426234Swpaul if (atoi((dirp->d_name + len + 1)) > minor) { 20526234Swpaul minor = atoi((dirp->d_name + len + 1)); 20626234Swpaul snprintf(dlpath,sizeof(dlpath),"%s/%s", 20726234Swpaul _PATH_USRLIB, dirp->d_name); 20826234Swpaul } 20926234Swpaul } 21026234Swpaul } 21126234Swpaul 21226234Swpaul closedir(dird); 21339319Swpaul#endif /* OBJFORMAT_ELF */ 21426234Swpaul } else 21526234Swpaul snprintf(dlpath, sizeof(dlpath), "%s", libpath); 21626234Swpaul 21726234Swpaul if (dlpath != NULL && (dlhandle = dlopen(dlpath, 0444)) != NULL) 21839319Swpaul#ifdef OBJFORMAT_ELF 21939319Swpaul _my_crypt = (int (*)())dlsym(dlhandle, "_des_crypt"); 22039319Swpaul#else 22126234Swpaul _my_crypt = (int (*)())dlsym(dlhandle, "__des_crypt"); 22239319Swpaul#endif /* OBJFORMAT_ELF */ 22326234Swpaul 22426234Swpaul if (_my_crypt == NULL) { 22526234Swpaul if (dlhandle != NULL) 22626234Swpaul dlclose(dlhandle); 22726703Swpaul _my_crypt = &_arcfour_crypt; 22826234Swpaul if (warn) { 22926703Swpaul printf ("DES support disabled -- using ARCFOUR instead.\n"); 23026703Swpaul printf ("Warning: ARCFOUR cipher is not compatible with "); 23126234Swpaul printf ("other Secure RPC implementations.\nInstall "); 23226234Swpaul printf ("the FreeBSD 'des' distribution to enable"); 23326234Swpaul printf (" DES encryption.\n"); 23426234Swpaul } 23526234Swpaul } else { 23626234Swpaul if (warn) { 23726234Swpaul printf ("DES support enabled\n"); 23826234Swpaul printf ("Using %s shared object.\n", dlpath); 23926234Swpaul } 24026234Swpaul } 24126234Swpaul 24226234Swpaul return; 24326234Swpaul} 24426234Swpaul 24526234Swpauldesresp * 24626234Swpauldes_crypt_1_svc(desargs *argp, struct svc_req *rqstp) 24726234Swpaul{ 24826234Swpaul static desresp result; 24926234Swpaul struct desparams dparm; 25026234Swpaul 25126234Swpaul if (argp->desbuf.desbuf_len > DES_MAXDATA) { 25226234Swpaul result.stat = DESERR_BADPARAM; 25326234Swpaul return(&result); 25426234Swpaul } 25526234Swpaul 25626703Swpaul 25726234Swpaul bcopy(argp->des_key, dparm.des_key, 8); 25826234Swpaul bcopy(argp->des_ivec, dparm.des_ivec, 8); 25926234Swpaul dparm.des_mode = argp->des_mode; 26026234Swpaul dparm.des_dir = argp->des_dir; 26126234Swpaul#ifdef BROKEN_DES 26226234Swpaul dparm.UDES.UDES_buf = argp->desbuf.desbuf_val; 26326234Swpaul#endif 26426234Swpaul 26526703Swpaul /* 26626703Swpaul * XXX This compensates for a bug in the libdes Secure RPC 26726703Swpaul * compat interface. (Actually, there are a couple.) The 26826703Swpaul * des_ecb_encrypt() routine in libdes only encrypts 8 bytes 26926703Swpaul * (64 bits) at a time. However, the Sun Secure RPC ecb_crypt() 27026703Swpaul * routine is supposed to be able to handle buffers up to 8Kbytes. 27126703Swpaul * The rpc_enc module in libdes ignores this fact and just drops 27226703Swpaul * the length parameter on the floor, encrypting only the 27326703Swpaul * first 64 bits of whatever buffer you feed it. We deal with 27426703Swpaul * this here: if we're using DES encryption, and we're using 27526703Swpaul * ECB mode, then we make a pass over the entire buffer 27626703Swpaul * ourselves. Note: the rpc_enc module incorrectly transposes 27726703Swpaul * the mode flags, so when you ask for CBC mode, you're really 27826703Swpaul * getting ECB mode. 27926703Swpaul */ 28026703Swpaul#ifdef BROKEN_DES 28126703Swpaul if (_my_crypt != &_arcfour_crypt && argp->des_mode == CBC) { 28226703Swpaul#else 28326703Swpaul if (_my_crypt != &_arcfour_crypt && argp->des_mode == ECB) { 28426703Swpaul#endif 28526703Swpaul int i; 28626703Swpaul char *dptr; 28726703Swpaul 28826703Swpaul for (i = 0; i < argp->desbuf.desbuf_len / 8; i++) { 28926703Swpaul dptr = argp->desbuf.desbuf_val; 29026703Swpaul dptr += (i * 8); 29126703Swpaul#ifdef BROKEN_DES 29226703Swpaul dparm.UDES.UDES_buf = dptr; 29326703Swpaul#endif 29426703Swpaul result.stat = _my_crypt(dptr, 8, &dparm); 29526703Swpaul } 29626703Swpaul } else { 29726703Swpaul result.stat = _my_crypt(argp->desbuf.desbuf_val, 29826703Swpaul argp->desbuf.desbuf_len, 29926703Swpaul &dparm); 30026703Swpaul } 30126703Swpaul 30226234Swpaul if (result.stat == DESERR_NONE || result.stat == DESERR_NOHWDEVICE) { 30326234Swpaul bcopy(dparm.des_ivec, result.des_ivec, 8); 30426234Swpaul result.desbuf.desbuf_len = argp->desbuf.desbuf_len; 30526234Swpaul result.desbuf.desbuf_val = argp->desbuf.desbuf_val; 30626234Swpaul } 30726234Swpaul 30826234Swpaul return (&result); 30926234Swpaul} 310