1/*	$NetBSD: cbc.c,v 1.22 2010/06/09 19:20:18 riz Exp $	*/
2
3/* cbc.c: This file contains the encryption routines for the ed line editor */
4/*-
5 * Copyright (c) 1993 The Regents of the University of California.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 *    may be used to endorse or promote products derived from this software
18 *    without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 *	from: @(#)bdes.c	5.5 (Berkeley) 6/27/91
33 */
34
35/*-
36 * Copyright (c) 1993 Andrew Moore, Talke Studio.
37 * All rights reserved.
38 *
39 * Redistribution and use in source and binary forms, with or without
40 * modification, are permitted provided that the following conditions
41 * are met:
42 * 1. Redistributions of source code must retain the above copyright
43 *    notice, this list of conditions and the following disclaimer.
44 * 2. Redistributions in binary form must reproduce the above copyright
45 *    notice, this list of conditions and the following disclaimer in the
46 *    documentation and/or other materials provided with the distribution.
47 * 3. All advertising materials mentioning features or use of this software
48 *    must display the following acknowledgement:
49 *	This product includes software developed by the University of
50 *	California, Berkeley and its contributors.
51 * 4. Neither the name of the University nor the names of its contributors
52 *    may be used to endorse or promote products derived from this software
53 *    without specific prior written permission.
54 *
55 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
56 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
57 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
58 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
59 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
60 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
61 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
62 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
63 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
64 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
65 * SUCH DAMAGE.
66 *
67 *	from: @(#)bdes.c	5.5 (Berkeley) 6/27/91
68 */
69
70#include <sys/cdefs.h>
71#ifndef lint
72#if 0
73static char *rcsid = "@(#)cbc.c,v 1.2 1994/02/01 00:34:36 alm Exp";
74#else
75__RCSID("$NetBSD: cbc.c,v 1.22 2010/06/09 19:20:18 riz Exp $");
76#endif
77#endif /* not lint */
78
79#include <sys/types.h>
80#include <ctype.h>
81#include <errno.h>
82#include <pwd.h>
83#ifdef DES
84#include <time.h>
85#endif
86
87#include "ed.h"
88
89
90/*
91 * Define a divisor for rand() that yields a uniform distribution in the
92 * range 0-255.
93 */
94#define	RAND_DIV (((unsigned) RAND_MAX + 1) >> 8)
95
96/*
97 * BSD and System V systems offer special library calls that do
98 * block move_liness and fills, so if possible we take advantage of them
99 */
100#define	MEMCPY(dest,src,len)	memcpy((dest),(src),(len))
101#define	MEMZERO(dest,len)	memset((dest), 0, (len))
102
103/* Hide the calls to the primitive encryption routines. */
104#define	DES_KEY(buf) \
105	if (des_setkey(buf)) \
106		des_error("des_setkey");
107#define	DES_XFORM(buf) \
108	if (des_cipher(buf, buf, 0L, (inverse ? -1 : 1))) \
109		des_error("des_cipher");
110
111/*
112 * read/write - no error checking
113 */
114#define	READ(buf, n, fp)	fread(buf, sizeof(char), n, fp)
115#define WRITE(buf, n, fp)	fwrite(buf, sizeof(char), n, fp)
116
117/*
118 * some things to make references easier
119 */
120typedef char Desbuf[8];
121#define	CHAR(x,i)	(x[i])
122#define	UCHAR(x,i)	(x[i])
123#define	BUFFER(x)	(x)
124#define	UBUFFER(x)	(x)
125
126#ifdef DES
127/*
128 * global variables and related macros
129 */
130
131static Desbuf ivec;			/* initialization vector */
132static Desbuf pvec;			/* padding vector */
133static char bits[] = {			/* used to extract bits from a char */
134	'\200', '\100', '\040', '\020', '\010', '\004', '\002', '\001'
135};
136static int pflag;			/* 1 to preserve parity bits */
137
138static char des_buf[8];	/* shared buffer for get_des_char/put_des_char */
139static int des_ct = 0;		/* count for get_des_char/put_des_char */
140static int des_n = 0;		/* index for put_des_char/get_des_char */
141#endif
142
143
144#ifdef DES
145static void des_error(const char *);
146static int hex_to_binary(int, int);
147static void expand_des_key(char *, char *);
148static void set_des_key(char *);
149static int cbc_decode(char *, FILE *);
150static int cbc_encode(char *, int, FILE *);
151#endif
152
153
154/* init_des_cipher: initialize DES */
155void
156init_des_cipher(void)
157{
158#ifdef DES
159	int i;
160
161	des_ct = des_n = 0;
162
163	/* initialize the initialization vector */
164	MEMZERO(ivec, 8);
165
166	/* intialize the padding vector */
167	srand((unsigned) time((time_t *) 0));
168	for (i = 0; i < 8; i++)
169		CHAR(pvec, i) = (char) (rand()/RAND_DIV);
170#endif
171}
172
173
174/* get_des_char: return next char in an encrypted file */
175int
176get_des_char(FILE *fp)
177{
178#ifdef DES
179	if (des_n >= des_ct) {
180		des_n = 0;
181		des_ct = cbc_decode(des_buf, fp);
182	}
183	return (des_ct > 0) ? (unsigned char) des_buf[des_n++] : EOF;
184#else
185	return EOF;
186#endif
187}
188
189
190/* put_des_char: write a char to an encrypted file; return char written */
191int
192put_des_char(int c, FILE *fp)
193{
194#ifdef DES
195	if (des_n == sizeof des_buf) {
196		des_ct = cbc_encode(des_buf, des_n, fp);
197		des_n = 0;
198	}
199	return (des_ct >= 0) ? (unsigned char) (des_buf[des_n++] = c) : EOF;
200#else
201	return EOF;
202#endif
203}
204
205
206/* flush_des_file: flush an encrypted file's output; return status */
207int
208flush_des_file(FILE *fp)
209{
210#ifdef DES
211	if (des_n == sizeof des_buf) {
212		des_ct = cbc_encode(des_buf, des_n, fp);
213		des_n = 0;
214	}
215	return (des_ct >= 0 && cbc_encode(des_buf, des_n, fp) >= 0) ? 0 : EOF;
216#else
217	return EOF;
218#endif
219}
220
221#ifdef DES
222/*
223 * get keyword from tty or stdin
224 */
225int
226get_keyword(void)
227{
228	char *p;		/* used to obtain the key */
229	Desbuf msgbuf;			/* I/O buffer */
230
231	/*
232	 * get the key
233	 */
234	if (*(p = getpass("Enter key: "))) {
235
236		/*
237		 * copy it, nul-padded, into the key area
238		 */
239		expand_des_key(BUFFER(msgbuf), p);
240		MEMZERO(p, _PASSWORD_LEN);
241		set_des_key(msgbuf);
242		MEMZERO(msgbuf, sizeof msgbuf);
243		return 1;
244	}
245	return 0;
246}
247
248
249/*
250 * print a warning message and, possibly, terminate
251 */
252static void
253des_error(const char *s /* the message */)
254{
255	(void)sprintf(errmsg, "%s", s ? s : strerror(errno));
256}
257
258/*
259 * map a hex character to an integer
260 */
261static int
262hex_to_binary(int c /* char to be converted */,
263	      int radix /* base (2 to 16) */)
264{
265	switch(c) {
266	case '0':		return(0x0);
267	case '1':		return(0x1);
268	case '2':		return(radix > 2 ? 0x2 : -1);
269	case '3':		return(radix > 3 ? 0x3 : -1);
270	case '4':		return(radix > 4 ? 0x4 : -1);
271	case '5':		return(radix > 5 ? 0x5 : -1);
272	case '6':		return(radix > 6 ? 0x6 : -1);
273	case '7':		return(radix > 7 ? 0x7 : -1);
274	case '8':		return(radix > 8 ? 0x8 : -1);
275	case '9':		return(radix > 9 ? 0x9 : -1);
276	case 'A': case 'a':	return(radix > 10 ? 0xa : -1);
277	case 'B': case 'b':	return(radix > 11 ? 0xb : -1);
278	case 'C': case 'c':	return(radix > 12 ? 0xc : -1);
279	case 'D': case 'd':	return(radix > 13 ? 0xd : -1);
280	case 'E': case 'e':	return(radix > 14 ? 0xe : -1);
281	case 'F': case 'f':	return(radix > 15 ? 0xf : -1);
282	}
283	/*
284	 * invalid character
285	 */
286	return(-1);
287}
288
289/*
290 * convert the key to a bit pattern
291 */
292static void
293expand_des_key(char *obuf /* bit pattern */, char *inbuf /* the key itself */)
294{
295	int i, j;			/* counter in a for loop */
296	int nbuf[64];			/* used for hex/key translation */
297
298	/*
299	 * leading '0x' or '0X' == hex key
300	 */
301	if (inbuf[0] == '0' && (inbuf[1] == 'x' || inbuf[1] == 'X')) {
302		inbuf = &inbuf[2];
303		/*
304		 * now translate it, bombing on any illegal hex digit
305		 */
306		for (i = 0; inbuf[i] && i < 16; i++)
307			if ((nbuf[i] = hex_to_binary((int) inbuf[i], 16)) == -1)
308				des_error("bad hex digit in key");
309		while (i < 16)
310			nbuf[i++] = 0;
311		for (i = 0; i < 8; i++)
312			obuf[i] =
313			    ((nbuf[2*i]&0xf)<<4) | (nbuf[2*i+1]&0xf);
314		/* preserve parity bits */
315		pflag = 1;
316		return;
317	}
318	/*
319	 * leading '0b' or '0B' == binary key
320	 */
321	if (inbuf[0] == '0' && (inbuf[1] == 'b' || inbuf[1] == 'B')) {
322		inbuf = &inbuf[2];
323		/*
324		 * now translate it, bombing on any illegal binary digit
325		 */
326		for (i = 0; inbuf[i] && i < 16; i++)
327			if ((nbuf[i] = hex_to_binary((int) inbuf[i], 2)) == -1)
328				des_error("bad binary digit in key");
329		while (i < 64)
330			nbuf[i++] = 0;
331		for (i = 0; i < 8; i++)
332			for (j = 0; j < 8; j++)
333				obuf[i] = (obuf[i]<<1)|nbuf[8*i+j];
334		/* preserve parity bits */
335		pflag = 1;
336		return;
337	}
338	/*
339	 * no special leader -- ASCII
340	 */
341	(void)strncpy(obuf, inbuf, 8);
342}
343
344/*****************
345 * DES FUNCTIONS *
346 *****************/
347/*
348 * This sets the DES key and (if you're using the deszip version)
349 * the direction of the transformation.  This uses the Sun
350 * to map the 64-bit key onto the 56 bits that the key schedule
351 * generation routines use: the old way, which just uses the user-
352 * supplied 64 bits as is, and the new way, which resets the parity
353 * bit to be the same as the low-order bit in each character.  The
354 * new way generates a greater variety of key schedules, since many
355 * systems set the parity (high) bit of each character to 0, and the
356 * DES ignores the low order bit of each character.
357 */
358static void
359set_des_key(Desbuf buf /* key block */)
360{
361	int i, j;				/* counter in a for loop */
362	int par;				/* parity counter */
363
364	/*
365	 * if the parity is not preserved, flip it
366	 */
367	if (!pflag) {
368		for (i = 0; i < 8; i++) {
369			par = 0;
370			for (j = 1; j < 8; j++)
371				if ((bits[j]&UCHAR(buf, i)) != 0)
372					par++;
373			if ((par&01) == 01)
374				UCHAR(buf, i) = UCHAR(buf, i)&0177;
375			else
376				UCHAR(buf, i) = (UCHAR(buf, i)&0177)|0200;
377		}
378	}
379
380	DES_KEY(UBUFFER(buf));
381}
382
383
384/*
385 * This encrypts using the Cipher Block Chaining mode of DES
386 */
387static int
388cbc_encode(char *msgbuf, int n, FILE *fp)
389{
390	int inverse = 0;	/* 0 to encrypt, 1 to decrypt */
391
392	/*
393	 * do the transformation
394	 */
395	if (n == 8) {
396		for (n = 0; n < 8; n++)
397			CHAR(msgbuf, n) ^= CHAR(ivec, n);
398		DES_XFORM(UBUFFER(msgbuf));
399		MEMCPY(BUFFER(ivec), BUFFER(msgbuf), 8);
400		return WRITE(BUFFER(msgbuf), 8, fp);
401	}
402	/*
403	 * at EOF or last block -- in either case, the last byte contains
404	 * the character representation of the number of bytes in it
405	 */
406/*
407	MEMZERO(msgbuf +  n, 8 - n);
408*/
409	/*
410	 *  Pad the last block randomly
411	 */
412	(void)MEMCPY(BUFFER(msgbuf + n), BUFFER(pvec), 8 - n);
413	CHAR(msgbuf, 7) = n;
414	for (n = 0; n < 8; n++)
415		CHAR(msgbuf, n) ^= CHAR(ivec, n);
416	DES_XFORM(UBUFFER(msgbuf));
417	return WRITE(BUFFER(msgbuf), 8, fp);
418}
419
420/*
421 * This decrypts using the Cipher Block Chaining mode of DES
422 */
423static int
424cbc_decode(char *msgbuf /* I/O buffer */,
425	   FILE *fp /* input file descriptor */)
426{
427	Desbuf inbuf;	/* temp buffer for initialization vector */
428	int n;		/* number of bytes actually read */
429	int c;		/* used to test for EOF */
430	int inverse = 1;	/* 0 to encrypt, 1 to decrypt */
431
432	if ((n = READ(BUFFER(msgbuf), 8, fp)) == 8) {
433		/*
434		 * do the transformation
435		 */
436		MEMCPY(BUFFER(inbuf), BUFFER(msgbuf), 8);
437		DES_XFORM(UBUFFER(msgbuf));
438		for (c = 0; c < 8; c++)
439			UCHAR(msgbuf, c) ^= UCHAR(ivec, c);
440		MEMCPY(BUFFER(ivec), BUFFER(inbuf), 8);
441		/*
442		 * if the last one, handle it specially
443		 */
444		if ((c = fgetc(fp)) == EOF) {
445			n = CHAR(msgbuf, 7);
446			if (n < 0 || n > 7) {
447				des_error("decryption failed (block corrupted)");
448				return EOF;
449			}
450		} else
451			(void)ungetc(c, fp);
452		return n;
453	}
454	if (n > 0)
455		des_error("decryption failed (incomplete block)");
456	else if (n < 0)
457		des_error("cannot read file");
458	return EOF;
459}
460#endif	/* DES */
461