crypt_server.c revision 50479
1133066Sdfr/* 2133066Sdfr * Copyright (c) 1996 3133066Sdfr * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 4133066Sdfr * 5133066Sdfr * Redistribution and use in source and binary forms, with or without 6133066Sdfr * modification, are permitted provided that the following conditions 7133066Sdfr * are met: 8133066Sdfr * 1. Redistributions of source code must retain the above copyright 9133066Sdfr * notice, this list of conditions and the following disclaimer. 10133066Sdfr * 2. Redistributions in binary form must reproduce the above copyright 11133066Sdfr * notice, this list of conditions and the following disclaimer in the 12133066Sdfr * documentation and/or other materials provided with the distribution. 13133066Sdfr * 3. All advertising materials mentioning features or use of this software 14133066Sdfr * must display the following acknowledgement: 15133066Sdfr * This product includes software developed by Bill Paul. 16133066Sdfr * 4. Neither the name of the author nor the names of any co-contributors 17133066Sdfr * may be used to endorse or promote products derived from this software 18133066Sdfr * without specific prior written permission. 19133066Sdfr * 20133066Sdfr * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 21133066Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22133066Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23133066Sdfr * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 24133066Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25133066Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26133066Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27133066Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28133066Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29133066Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30133066Sdfr * SUCH DAMAGE. 31133066Sdfr */ 32133066Sdfr 33133066Sdfr#include <sys/types.h> 34133066Sdfr#include <sys/param.h> 35133066Sdfr#include <dirent.h> 36133066Sdfr#include <dlfcn.h> 37#include <err.h> 38#include <stdio.h> 39#include <stdlib.h> 40#include <string.h> 41#include <rpc/des_crypt.h> 42#include <rpc/des.h> 43#include "crypt.h" 44 45#ifndef lint 46static const char rcsid[] = 47 "$FreeBSD: head/usr.sbin/keyserv/crypt_server.c 50479 1999-08-28 01:35:59Z peter $"; 48#endif /* not lint */ 49 50/* 51 * The U.S. government stupidly believes that a) it can keep strong 52 * crypto code a secret and b) that doing so somehow protects national 53 * interests. It's wrong on both counts, but until it listens to reason 54 * we have to make certain compromises so it doesn't have an excuse to 55 * throw us in federal prison. 56 * 57 * Consequently, the core OS ships without DES support, and keyserv 58 * defaults to using ARCFOUR with only a 40 bit key, just like nutscrape. 59 * This breaks compatibility with Secure RPC on other systems, but it 60 * allows Secure RPC to work between FreeBSD systems that don't have the 61 * DES package installed without throwing security totally out the window. 62 * 63 * In order to avoid having to supply two versions of keyserv (one with 64 * DES and one without), we use dlopen() and friends to load libdes.so 65 * into our address space at runtime. We check for the presence of 66 * /usr/lib/libdes.so.3.0 at startup and load it if we find it. If we 67 * can't find it, or the __des_crypt symbol doesn't exist, we fall back 68 * to the ARCFOUR encryption code. The user can specify another path using 69 * the -p flag. 70 */ 71 72 /* arcfour.h */ 73typedef struct arcfour_key 74{ 75 unsigned char state[256]; 76 unsigned char x; 77 unsigned char y; 78} arcfour_key; 79 80static void prepare_key(unsigned char *key_data_ptr,int key_data_len, 81 arcfour_key *key); 82static void arcfour(unsigned char *buffer_ptr,int buffer_len,arcfour_key * key); 83static void swap_byte(unsigned char *a, unsigned char *b); 84 85static void prepare_key(unsigned char *key_data_ptr, int key_data_len, 86 arcfour_key *key) 87{ 88 unsigned char index1; 89 unsigned char index2; 90 unsigned char* state; 91 short counter; 92 93 state = &key->state[0]; 94 for(counter = 0; counter < 256; counter++) 95 state[counter] = counter; 96 key->x = 0; 97 key->y = 0; 98 index1 = 0; 99 index2 = 0; 100 for(counter = 0; counter < 256; counter++) 101 { 102 index2 = (key_data_ptr[index1] + state[counter] + 103 index2) % 256; 104 swap_byte(&state[counter], &state[index2]); 105 106 index1 = (index1 + 1) % key_data_len; 107 } 108} 109 110static void arcfour(unsigned char *buffer_ptr, int buffer_len, arcfour_key *key) 111{ 112 unsigned char x; 113 unsigned char y; 114 unsigned char* state; 115 unsigned char xorIndex; 116 short counter; 117 118 x = key->x; 119 y = key->y; 120 121 state = &key->state[0]; 122 for(counter = 0; counter < buffer_len; counter ++) 123 { 124 x = (x + 1) % 256; 125 y = (state[x] + y) % 256; 126 swap_byte(&state[x], &state[y]); 127 128 xorIndex = (state[x] + state[y]) % 256; 129 130 buffer_ptr[counter] ^= state[xorIndex]; 131 } 132 key->x = x; 133 key->y = y; 134} 135 136static void swap_byte(unsigned char *a, unsigned char *b) 137{ 138 unsigned char swapByte; 139 140 swapByte = *a; 141 *a = *b; 142 *b = swapByte; 143} 144 145/* Dummy _des_crypt function that uses ARCFOUR with a 40 bit key */ 146int _arcfour_crypt(buf, len, desp) 147 char *buf; 148 int len; 149 struct desparams *desp; 150{ 151 struct arcfour_key arcfourk; 152 153 /* 154 * U.S. government anti-crypto weasels take 155 * note: although we are supplied with a 64 bit 156 * key, we're only passing 40 bits to the ARCFOUR 157 * encryption code. So there. 158 */ 159 prepare_key(desp->des_key, 5, &arcfourk); 160 arcfour(buf, len, &arcfourk); 161 162 return(DESERR_NOHWDEVICE); 163} 164 165int (*_my_crypt)__P((char *, int, struct desparams *)) = NULL; 166 167static void *dlhandle; 168 169#ifndef _PATH_USRLIB 170#define _PATH_USRLIB "/usr/lib" 171#endif 172 173#ifndef LIBDES 174#ifdef OBJFORMAT_ELF 175#define LIBDES "libdes.so.3" 176#else 177#define LIBDES "libdes.so.3." 178#endif /* OBJFORMAT_ELF */ 179#endif 180 181void load_des(warn, libpath) 182 int warn; 183 char *libpath; 184{ 185 DIR *dird; 186 struct dirent *dirp; 187 char dlpath[MAXPATHLEN]; 188 int minor = -1; 189 int len; 190 191 if (libpath == NULL) { 192#ifdef OBJFORMAT_ELF 193 snprintf(dlpath, sizeof(dlpath), "%s/%s", _PATH_USRLIB, LIBDES); 194#else 195 len = strlen(LIBDES); 196 if ((dird = opendir(_PATH_USRLIB)) == NULL) 197 err(1, "opendir(/usr/lib) failed"); 198 199 while ((dirp = readdir(dird)) != NULL) { 200 /* must have a minor number */ 201 if (strlen(dirp->d_name) <= len) 202 continue; 203 if (!strncmp(dirp->d_name, LIBDES, len)) { 204 if (atoi((dirp->d_name + len + 1)) > minor) { 205 minor = atoi((dirp->d_name + len + 1)); 206 snprintf(dlpath,sizeof(dlpath),"%s/%s", 207 _PATH_USRLIB, dirp->d_name); 208 } 209 } 210 } 211 212 closedir(dird); 213#endif /* OBJFORMAT_ELF */ 214 } else 215 snprintf(dlpath, sizeof(dlpath), "%s", libpath); 216 217 if (dlpath != NULL && (dlhandle = dlopen(dlpath, 0444)) != NULL) 218#ifdef OBJFORMAT_ELF 219 _my_crypt = (int (*)())dlsym(dlhandle, "_des_crypt"); 220#else 221 _my_crypt = (int (*)())dlsym(dlhandle, "__des_crypt"); 222#endif /* OBJFORMAT_ELF */ 223 224 if (_my_crypt == NULL) { 225 if (dlhandle != NULL) 226 dlclose(dlhandle); 227 _my_crypt = &_arcfour_crypt; 228 if (warn) { 229 printf ("DES support disabled -- using ARCFOUR instead.\n"); 230 printf ("Warning: ARCFOUR cipher is not compatible with "); 231 printf ("other Secure RPC implementations.\nInstall "); 232 printf ("the FreeBSD 'des' distribution to enable"); 233 printf (" DES encryption.\n"); 234 } 235 } else { 236 if (warn) { 237 printf ("DES support enabled\n"); 238 printf ("Using %s shared object.\n", dlpath); 239 } 240 } 241 242 return; 243} 244 245desresp * 246des_crypt_1_svc(desargs *argp, struct svc_req *rqstp) 247{ 248 static desresp result; 249 struct desparams dparm; 250 251 if (argp->desbuf.desbuf_len > DES_MAXDATA) { 252 result.stat = DESERR_BADPARAM; 253 return(&result); 254 } 255 256 257 bcopy(argp->des_key, dparm.des_key, 8); 258 bcopy(argp->des_ivec, dparm.des_ivec, 8); 259 dparm.des_mode = argp->des_mode; 260 dparm.des_dir = argp->des_dir; 261#ifdef BROKEN_DES 262 dparm.UDES.UDES_buf = argp->desbuf.desbuf_val; 263#endif 264 265 /* 266 * XXX This compensates for a bug in the libdes Secure RPC 267 * compat interface. (Actually, there are a couple.) The 268 * des_ecb_encrypt() routine in libdes only encrypts 8 bytes 269 * (64 bits) at a time. However, the Sun Secure RPC ecb_crypt() 270 * routine is supposed to be able to handle buffers up to 8Kbytes. 271 * The rpc_enc module in libdes ignores this fact and just drops 272 * the length parameter on the floor, encrypting only the 273 * first 64 bits of whatever buffer you feed it. We deal with 274 * this here: if we're using DES encryption, and we're using 275 * ECB mode, then we make a pass over the entire buffer 276 * ourselves. Note: the rpc_enc module incorrectly transposes 277 * the mode flags, so when you ask for CBC mode, you're really 278 * getting ECB mode. 279 */ 280#ifdef BROKEN_DES 281 if (_my_crypt != &_arcfour_crypt && argp->des_mode == CBC) { 282#else 283 if (_my_crypt != &_arcfour_crypt && argp->des_mode == ECB) { 284#endif 285 int i; 286 char *dptr; 287 288 for (i = 0; i < argp->desbuf.desbuf_len / 8; i++) { 289 dptr = argp->desbuf.desbuf_val; 290 dptr += (i * 8); 291#ifdef BROKEN_DES 292 dparm.UDES.UDES_buf = dptr; 293#endif 294 result.stat = _my_crypt(dptr, 8, &dparm); 295 } 296 } else { 297 result.stat = _my_crypt(argp->desbuf.desbuf_val, 298 argp->desbuf.desbuf_len, 299 &dparm); 300 } 301 302 if (result.stat == DESERR_NONE || result.stat == DESERR_NOHWDEVICE) { 303 bcopy(dparm.des_ivec, result.des_ivec, 8); 304 result.desbuf.desbuf_len = argp->desbuf.desbuf_len; 305 result.desbuf.desbuf_val = argp->desbuf.desbuf_val; 306 } 307 308 return (&result); 309} 310