1 /* 2 * Copyright (c) 1996 3 * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by Bill Paul. 16 * 4. Neither the name of the author nor the names of any co-contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * $FreeBSD: src/usr.sbin/keyserv/crypt_server.c,v 1.6.2.1 2001/07/19 04:21:20 kris Exp $ 33 * $DragonFly: src/usr.sbin/keyserv/crypt_server.c,v 1.2 2003/06/17 04:29:55 dillon Exp $ 34 */ 35 36 #include <sys/types.h> 37 #include <sys/param.h> 38 #include <dirent.h> 39 #include <dlfcn.h> 40 #include <err.h> 41 #include <stdio.h> 42 #include <stdlib.h> 43 #include <string.h> 44 #include <rpc/des_crypt.h> 45 #include <rpc/des.h> 46 #include "crypt.h" 47 48 /* 49 * The U.S. government stupidly believes that a) it can keep strong 50 * crypto code a secret and b) that doing so somehow protects national 51 * interests. It's wrong on both counts, but until it listens to reason 52 * we have to make certain compromises so it doesn't have an excuse to 53 * throw us in federal prison. 54 * 55 * Consequently, the core OS ships without DES support, and keyserv 56 * defaults to using ARCFOUR with only a 40 bit key, just like nutscrape. 57 * This breaks compatibility with Secure RPC on other systems, but it 58 * allows Secure RPC to work between FreeBSD systems that don't have the 59 * DES package installed without throwing security totally out the window. 60 * 61 * In order to avoid having to supply two versions of keyserv (one with 62 * DES and one without), we use dlopen() and friends to load libdes.so 63 * into our address space at runtime. We check for the presence of 64 * /usr/lib/libdes.so.3.0 at startup and load it if we find it. If we 65 * can't find it, or the __des_crypt symbol doesn't exist, we fall back 66 * to the ARCFOUR encryption code. The user can specify another path using 67 * the -p flag. 68 */ 69 70 /* arcfour.h */ 71 typedef struct arcfour_key 72 { 73 unsigned char state[256]; 74 unsigned char x; 75 unsigned char y; 76 } arcfour_key; 77 78 static void prepare_key(unsigned char *key_data_ptr,int key_data_len, 79 arcfour_key *key); 80 static void arcfour(unsigned char *buffer_ptr,int buffer_len,arcfour_key * key); 81 static void swap_byte(unsigned char *a, unsigned char *b); 82 83 static void prepare_key(unsigned char *key_data_ptr, int key_data_len, 84 arcfour_key *key) 85 { 86 unsigned char index1; 87 unsigned char index2; 88 unsigned char* state; 89 short counter; 90 91 state = &key->state[0]; 92 for(counter = 0; counter < 256; counter++) 93 state[counter] = counter; 94 key->x = 0; 95 key->y = 0; 96 index1 = 0; 97 index2 = 0; 98 for(counter = 0; counter < 256; counter++) 99 { 100 index2 = (key_data_ptr[index1] + state[counter] + 101 index2) % 256; 102 swap_byte(&state[counter], &state[index2]); 103 104 index1 = (index1 + 1) % key_data_len; 105 } 106 } 107 108 static void arcfour(unsigned char *buffer_ptr, int buffer_len, arcfour_key *key) 109 { 110 unsigned char x; 111 unsigned char y; 112 unsigned char* state; 113 unsigned char xorIndex; 114 short counter; 115 116 x = key->x; 117 y = key->y; 118 119 state = &key->state[0]; 120 for(counter = 0; counter < buffer_len; counter ++) 121 { 122 x = (x + 1) % 256; 123 y = (state[x] + y) % 256; 124 swap_byte(&state[x], &state[y]); 125 126 xorIndex = (state[x] + state[y]) % 256; 127 128 buffer_ptr[counter] ^= state[xorIndex]; 129 } 130 key->x = x; 131 key->y = y; 132 } 133 134 static void swap_byte(unsigned char *a, unsigned char *b) 135 { 136 unsigned char swapByte; 137 138 swapByte = *a; 139 *a = *b; 140 *b = swapByte; 141 } 142 143 /* Dummy _des_crypt function that uses ARCFOUR with a 40 bit key */ 144 int _arcfour_crypt(buf, len, desp) 145 char *buf; 146 int len; 147 struct desparams *desp; 148 { 149 struct arcfour_key arcfourk; 150 151 /* 152 * U.S. government anti-crypto weasels take 153 * note: although we are supplied with a 64 bit 154 * key, we're only passing 40 bits to the ARCFOUR 155 * encryption code. So there. 156 */ 157 prepare_key(desp->des_key, 5, &arcfourk); 158 arcfour(buf, len, &arcfourk); 159 160 return(DESERR_NOHWDEVICE); 161 } 162 163 int (*_my_crypt)__P((char *, int, struct desparams *)) = NULL; 164 165 static void *dlhandle; 166 167 #ifndef _PATH_USRLIB 168 #define _PATH_USRLIB "/usr/lib" 169 #endif 170 171 #ifndef LIBCRYPTO 172 #ifdef OBJFORMAT_ELF 173 #define LIBCRYPTO "libcrypto.so.1" 174 #else 175 #define LIBCRYPTO "libcrypto.so.1." 176 #endif /* OBJFORMAT_ELF */ 177 #endif 178 179 void load_des(warn, libpath) 180 int warn; 181 char *libpath; 182 { 183 char dlpath[MAXPATHLEN]; 184 185 if (libpath == NULL) { 186 #ifdef OBJFORMAT_ELF 187 snprintf(dlpath, sizeof(dlpath), "%s/%s", _PATH_USRLIB, LIBCRYPTO); 188 #else 189 len = strlen(LIBCRYPTO); 190 if ((dird = opendir(_PATH_USRLIB)) == NULL) 191 err(1, "opendir(/usr/lib) failed"); 192 193 while ((dirp = readdir(dird)) != NULL) { 194 /* must have a minor number */ 195 if (strlen(dirp->d_name) <= len) 196 continue; 197 if (!strncmp(dirp->d_name, LIBCRYPTO, len)) { 198 if (atoi((dirp->d_name + len + 1)) > minor) { 199 minor = atoi((dirp->d_name + len + 1)); 200 snprintf(dlpath,sizeof(dlpath),"%s/%s", 201 _PATH_USRLIB, dirp->d_name); 202 } 203 } 204 } 205 206 closedir(dird); 207 #endif /* OBJFORMAT_ELF */ 208 } else 209 snprintf(dlpath, sizeof(dlpath), "%s", libpath); 210 211 if (dlpath != NULL && (dlhandle = dlopen(dlpath, 0444)) != NULL) 212 #ifdef OBJFORMAT_ELF 213 _my_crypt = (int (*)())dlsym(dlhandle, "_des_crypt"); 214 #else 215 _my_crypt = (int (*)())dlsym(dlhandle, "__des_crypt"); 216 #endif /* OBJFORMAT_ELF */ 217 218 if (_my_crypt == NULL) { 219 if (dlhandle != NULL) 220 dlclose(dlhandle); 221 _my_crypt = &_arcfour_crypt; 222 if (warn) { 223 printf ("DES support disabled -- using ARCFOUR instead.\n"); 224 printf ("Warning: ARCFOUR cipher is not compatible with "); 225 printf ("other Secure RPC implementations.\nInstall "); 226 printf ("the FreeBSD 'des' distribution to enable"); 227 printf (" DES encryption.\n"); 228 } 229 } else { 230 if (warn) { 231 printf ("DES support enabled\n"); 232 printf ("Using %s shared object.\n", dlpath); 233 } 234 } 235 236 return; 237 } 238 239 desresp * 240 des_crypt_1_svc(desargs *argp, struct svc_req *rqstp) 241 { 242 static desresp result; 243 struct desparams dparm; 244 245 if (argp->desbuf.desbuf_len > DES_MAXDATA) { 246 result.stat = DESERR_BADPARAM; 247 return(&result); 248 } 249 250 251 bcopy(argp->des_key, dparm.des_key, 8); 252 bcopy(argp->des_ivec, dparm.des_ivec, 8); 253 dparm.des_mode = argp->des_mode; 254 dparm.des_dir = argp->des_dir; 255 #ifdef BROKEN_DES 256 dparm.UDES.UDES_buf = argp->desbuf.desbuf_val; 257 #endif 258 259 /* 260 * XXX This compensates for a bug in the libdes Secure RPC 261 * compat interface. (Actually, there are a couple.) The 262 * des_ecb_encrypt() routine in libdes only encrypts 8 bytes 263 * (64 bits) at a time. However, the Sun Secure RPC ecb_crypt() 264 * routine is supposed to be able to handle buffers up to 8Kbytes. 265 * The rpc_enc module in libdes ignores this fact and just drops 266 * the length parameter on the floor, encrypting only the 267 * first 64 bits of whatever buffer you feed it. We deal with 268 * this here: if we're using DES encryption, and we're using 269 * ECB mode, then we make a pass over the entire buffer 270 * ourselves. Note: the rpc_enc module incorrectly transposes 271 * the mode flags, so when you ask for CBC mode, you're really 272 * getting ECB mode. 273 */ 274 #ifdef BROKEN_DES 275 if (_my_crypt != &_arcfour_crypt && argp->des_mode == CBC) { 276 #else 277 if (_my_crypt != &_arcfour_crypt && argp->des_mode == ECB) { 278 #endif 279 int i; 280 char *dptr; 281 282 for (i = 0; i < argp->desbuf.desbuf_len / 8; i++) { 283 dptr = argp->desbuf.desbuf_val; 284 dptr += (i * 8); 285 #ifdef BROKEN_DES 286 dparm.UDES.UDES_buf = dptr; 287 #endif 288 result.stat = _my_crypt(dptr, 8, &dparm); 289 } 290 } else { 291 result.stat = _my_crypt(argp->desbuf.desbuf_val, 292 argp->desbuf.desbuf_len, 293 &dparm); 294 } 295 296 if (result.stat == DESERR_NONE || result.stat == DESERR_NOHWDEVICE) { 297 bcopy(dparm.des_ivec, result.des_ivec, 8); 298 result.desbuf.desbuf_len = argp->desbuf.desbuf_len; 299 result.desbuf.desbuf_val = argp->desbuf.desbuf_val; 300 } 301 302 return (&result); 303 } 304