1 /* $NetBSD: cbc.c,v 1.25 2018/02/08 09:05:16 dholland Exp $ */
2
3 /* cbc.c: This file contains the encryption routines for the ed line editor */
4 /*-
5 * Copyright (c) 1993 The Regents of the University of California.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * from: @(#)bdes.c 5.5 (Berkeley) 6/27/91
33 */
34
35 /*-
36 * Copyright (c) 1993 Andrew Moore, Talke Studio.
37 * All rights reserved.
38 *
39 * Redistribution and use in source and binary forms, with or without
40 * modification, are permitted provided that the following conditions
41 * are met:
42 * 1. Redistributions of source code must retain the above copyright
43 * notice, this list of conditions and the following disclaimer.
44 * 2. Redistributions in binary form must reproduce the above copyright
45 * notice, this list of conditions and the following disclaimer in the
46 * documentation and/or other materials provided with the distribution.
47 * 3. All advertising materials mentioning features or use of this software
48 * must display the following acknowledgement:
49 * This product includes software developed by the University of
50 * California, Berkeley and its contributors.
51 * 4. Neither the name of the University nor the names of its contributors
52 * may be used to endorse or promote products derived from this software
53 * without specific prior written permission.
54 *
55 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
56 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
57 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
58 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
59 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
60 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
61 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
62 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
63 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
64 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
65 * SUCH DAMAGE.
66 *
67 * from: @(#)bdes.c 5.5 (Berkeley) 6/27/91
68 */
69
70 #include <sys/cdefs.h>
71 #ifndef lint
72 #if 0
73 static char *rcsid = "@(#)cbc.c,v 1.2 1994/02/01 00:34:36 alm Exp";
74 #else
75 __RCSID("$NetBSD: cbc.c,v 1.25 2018/02/08 09:05:16 dholland Exp $");
76 #endif
77 #endif /* not lint */
78
79 #include <sys/types.h>
80 #include <ctype.h>
81 #include <errno.h>
82 #include <pwd.h>
83 #ifdef DES
84 #include <time.h>
85 #endif
86
87 #include "ed.h"
88
89
90 /*
91 * Define a divisor for rand() that yields a uniform distribution in the
92 * range 0-255.
93 */
94 #define RAND_DIV (((unsigned) RAND_MAX + 1) >> 8)
95
96 /*
97 * BSD and System V systems offer special library calls that do
98 * block move_liness and fills, so if possible we take advantage of them
99 */
100 #define MEMCPY(dest,src,len) memcpy((dest),(src),(len))
101 #define MEMZERO(dest,len) memset((dest), 0, (len))
102
103 /* Hide the calls to the primitive encryption routines. */
104 #define DES_KEY(buf) \
105 if (des_setkey(buf)) \
106 des_error("des_setkey");
107 #define DES_XFORM(buf) \
108 if (des_cipher(buf, buf, 0L, (inverse ? -1 : 1))) \
109 des_error("des_cipher");
110
111 /*
112 * read/write - no error checking
113 */
114 #define READ(buf, n, fp) fread(buf, sizeof(char), n, fp)
115 #define WRITE(buf, n, fp) fwrite(buf, sizeof(char), n, fp)
116
117 /*
118 * some things to make references easier
119 */
120 typedef char Desbuf[8];
121 #define CHAR(x,i) (x[i])
122 #define UCHAR(x,i) (x[i])
123 #define BUFFER(x) (x)
124 #define UBUFFER(x) (x)
125
126 #ifdef DES
127 /*
128 * global variables and related macros
129 */
130
131 static Desbuf ivec; /* initialization vector */
132 static Desbuf pvec; /* padding vector */
133 static char bits[] = { /* used to extract bits from a char */
134 '\200', '\100', '\040', '\020', '\010', '\004', '\002', '\001'
135 };
136 static int pflag; /* 1 to preserve parity bits */
137
138 static char des_buf[8]; /* shared buffer for get_des_char/put_des_char */
139 static int des_ct = 0; /* count for get_des_char/put_des_char */
140 static int des_n = 0; /* index for put_des_char/get_des_char */
141 #endif
142
143
144 #ifdef DES
145 static void des_error(const char *);
146 static int hex_to_binary(int, int);
147 static void expand_des_key(char *, char *);
148 static void set_des_key(char *);
149 static int cbc_decode(char *, FILE *);
150 static int cbc_encode(char *, int, FILE *);
151 #endif
152
153
154 /* init_des_cipher: initialize DES */
155 void
init_des_cipher(void)156 init_des_cipher(void)
157 {
158 #ifdef DES
159 int i;
160
161 des_ct = des_n = 0;
162
163 /* initialize the initialization vector */
164 MEMZERO(ivec, 8);
165
166 /* initialize the padding vector */
167 srand((unsigned) time((time_t *) 0));
168 for (i = 0; i < 8; i++)
169 CHAR(pvec, i) = (char) (rand()/RAND_DIV);
170 #endif
171 }
172
173
174 /* get_des_char: return next char in an encrypted file */
175 int
get_des_char(FILE * fp)176 get_des_char(FILE *fp)
177 {
178 #ifdef DES
179 if (des_n >= des_ct) {
180 des_n = 0;
181 des_ct = cbc_decode(des_buf, fp);
182 }
183 return (des_ct > 0) ? (unsigned char) des_buf[des_n++] : EOF;
184 #else
185 return EOF;
186 #endif
187 }
188
189
190 /* put_des_char: write a char to an encrypted file; return char written */
191 int
put_des_char(int c,FILE * fp)192 put_des_char(int c, FILE *fp)
193 {
194 #ifdef DES
195 if (des_n == sizeof des_buf) {
196 des_ct = cbc_encode(des_buf, des_n, fp);
197 des_n = 0;
198 }
199 return (des_ct >= 0) ? (unsigned char) (des_buf[des_n++] = c) : EOF;
200 #else
201 return EOF;
202 #endif
203 }
204
205
206 /* flush_des_file: flush an encrypted file's output; return status */
207 int
flush_des_file(FILE * fp)208 flush_des_file(FILE *fp)
209 {
210 #ifdef DES
211 if (des_n == sizeof des_buf) {
212 des_ct = cbc_encode(des_buf, des_n, fp);
213 des_n = 0;
214 }
215 return (des_ct >= 0 && cbc_encode(des_buf, des_n, fp) >= 0) ? 0 : EOF;
216 #else
217 return EOF;
218 #endif
219 }
220
221 #ifdef DES
222 /*
223 * get keyword from tty or stdin
224 */
225 int
get_keyword(void)226 get_keyword(void)
227 {
228 char *p; /* used to obtain the key */
229 Desbuf msgbuf; /* I/O buffer */
230
231 /*
232 * get the key
233 */
234 if (*(p = getpass("Enter key: "))) {
235
236 /*
237 * copy it, nul-padded, into the key area
238 */
239 expand_des_key(BUFFER(msgbuf), p);
240 MEMZERO(p, _PASSWORD_LEN);
241 set_des_key(msgbuf);
242 MEMZERO(msgbuf, sizeof msgbuf);
243 return 1;
244 }
245 return 0;
246 }
247
248
249 /*
250 * print a warning message and, possibly, terminate
251 */
252 static void
des_error(const char * s)253 des_error(const char *s /* the message */)
254 {
255 seterrmsg("%s", s ? s : strerror(errno));
256 }
257
258 /*
259 * map a hex character to an integer
260 */
261 static int
hex_to_binary(int c,int radix)262 hex_to_binary(int c /* char to be converted */,
263 int radix /* base (2 to 16) */)
264 {
265 switch(c) {
266 case '0': return(0x0);
267 case '1': return(0x1);
268 case '2': return(radix > 2 ? 0x2 : -1);
269 case '3': return(radix > 3 ? 0x3 : -1);
270 case '4': return(radix > 4 ? 0x4 : -1);
271 case '5': return(radix > 5 ? 0x5 : -1);
272 case '6': return(radix > 6 ? 0x6 : -1);
273 case '7': return(radix > 7 ? 0x7 : -1);
274 case '8': return(radix > 8 ? 0x8 : -1);
275 case '9': return(radix > 9 ? 0x9 : -1);
276 case 'A': case 'a': return(radix > 10 ? 0xa : -1);
277 case 'B': case 'b': return(radix > 11 ? 0xb : -1);
278 case 'C': case 'c': return(radix > 12 ? 0xc : -1);
279 case 'D': case 'd': return(radix > 13 ? 0xd : -1);
280 case 'E': case 'e': return(radix > 14 ? 0xe : -1);
281 case 'F': case 'f': return(radix > 15 ? 0xf : -1);
282 }
283 /*
284 * invalid character
285 */
286 return(-1);
287 }
288
289 /*
290 * convert the key to a bit pattern
291 */
292 static void
expand_des_key(char * obuf,char * inbuf)293 expand_des_key(char *obuf /* bit pattern */, char *inbuf /* the key itself */)
294 {
295 int i, j; /* counter in a for loop */
296 int nbuf[64]; /* used for hex/key translation */
297
298 /*
299 * leading '0x' or '0X' == hex key
300 */
301 if (inbuf[0] == '0' && (inbuf[1] == 'x' || inbuf[1] == 'X')) {
302 inbuf = &inbuf[2];
303 /*
304 * now translate it, bombing on any illegal hex digit
305 */
306 for (i = 0; i < 16 && inbuf[i]; i++)
307 if ((nbuf[i] = hex_to_binary((int) inbuf[i], 16)) == -1)
308 des_error("bad hex digit in key");
309 while (i < 16)
310 nbuf[i++] = 0;
311 for (i = 0; i < 8; i++)
312 obuf[i] =
313 ((nbuf[2*i]&0xf)<<4) | (nbuf[2*i+1]&0xf);
314 /* preserve parity bits */
315 pflag = 1;
316 return;
317 }
318 /*
319 * leading '0b' or '0B' == binary key
320 */
321 if (inbuf[0] == '0' && (inbuf[1] == 'b' || inbuf[1] == 'B')) {
322 inbuf = &inbuf[2];
323 /*
324 * now translate it, bombing on any illegal binary digit
325 */
326 for (i = 0; i < 16 && inbuf[i]; i++)
327 if ((nbuf[i] = hex_to_binary((int) inbuf[i], 2)) == -1)
328 des_error("bad binary digit in key");
329 while (i < 64)
330 nbuf[i++] = 0;
331 for (i = 0; i < 8; i++)
332 for (j = 0; j < 8; j++)
333 obuf[i] = (obuf[i]<<1)|nbuf[8*i+j];
334 /* preserve parity bits */
335 pflag = 1;
336 return;
337 }
338 /*
339 * no special leader -- ASCII
340 */
341 (void)strncpy(obuf, inbuf, 8);
342 }
343
344 /*****************
345 * DES FUNCTIONS *
346 *****************/
347 /*
348 * This sets the DES key and (if you're using the deszip version)
349 * the direction of the transformation. This uses the Sun
350 * to map the 64-bit key onto the 56 bits that the key schedule
351 * generation routines use: the old way, which just uses the user-
352 * supplied 64 bits as is, and the new way, which resets the parity
353 * bit to be the same as the low-order bit in each character. The
354 * new way generates a greater variety of key schedules, since many
355 * systems set the parity (high) bit of each character to 0, and the
356 * DES ignores the low order bit of each character.
357 */
358 static void
set_des_key(Desbuf buf)359 set_des_key(Desbuf buf /* key block */)
360 {
361 int i, j; /* counter in a for loop */
362 int par; /* parity counter */
363
364 /*
365 * if the parity is not preserved, flip it
366 */
367 if (!pflag) {
368 for (i = 0; i < 8; i++) {
369 par = 0;
370 for (j = 1; j < 8; j++)
371 if ((bits[j]&UCHAR(buf, i)) != 0)
372 par++;
373 if ((par&01) == 01)
374 UCHAR(buf, i) = UCHAR(buf, i)&0177;
375 else
376 UCHAR(buf, i) = (UCHAR(buf, i)&0177)|0200;
377 }
378 }
379
380 DES_KEY(UBUFFER(buf));
381 }
382
383
384 /*
385 * This encrypts using the Cipher Block Chaining mode of DES
386 */
387 static int
cbc_encode(char * msgbuf,int n,FILE * fp)388 cbc_encode(char *msgbuf, int n, FILE *fp)
389 {
390 int inverse = 0; /* 0 to encrypt, 1 to decrypt */
391
392 /*
393 * do the transformation
394 */
395 if (n == 8) {
396 for (n = 0; n < 8; n++)
397 CHAR(msgbuf, n) ^= CHAR(ivec, n);
398 DES_XFORM(UBUFFER(msgbuf));
399 MEMCPY(BUFFER(ivec), BUFFER(msgbuf), 8);
400 return WRITE(BUFFER(msgbuf), 8, fp);
401 }
402 /*
403 * at EOF or last block -- in either case, the last byte contains
404 * the character representation of the number of bytes in it
405 */
406 /*
407 MEMZERO(msgbuf + n, 8 - n);
408 */
409 /*
410 * Pad the last block randomly
411 */
412 (void)MEMCPY(BUFFER(msgbuf + n), BUFFER(pvec), 8 - n);
413 CHAR(msgbuf, 7) = n;
414 for (n = 0; n < 8; n++)
415 CHAR(msgbuf, n) ^= CHAR(ivec, n);
416 DES_XFORM(UBUFFER(msgbuf));
417 return WRITE(BUFFER(msgbuf), 8, fp);
418 }
419
420 /*
421 * This decrypts using the Cipher Block Chaining mode of DES
422 */
423 static int
cbc_decode(char * msgbuf,FILE * fp)424 cbc_decode(char *msgbuf /* I/O buffer */,
425 FILE *fp /* input file descriptor */)
426 {
427 Desbuf inbuf; /* temp buffer for initialization vector */
428 int n; /* number of bytes actually read */
429 int c; /* used to test for EOF */
430 int inverse = 1; /* 0 to encrypt, 1 to decrypt */
431
432 if ((n = READ(BUFFER(msgbuf), 8, fp)) == 8) {
433 /*
434 * do the transformation
435 */
436 MEMCPY(BUFFER(inbuf), BUFFER(msgbuf), 8);
437 DES_XFORM(UBUFFER(msgbuf));
438 for (c = 0; c < 8; c++)
439 UCHAR(msgbuf, c) ^= UCHAR(ivec, c);
440 MEMCPY(BUFFER(ivec), BUFFER(inbuf), 8);
441 /*
442 * if the last one, handle it specially
443 */
444 if ((c = fgetc(fp)) == EOF) {
445 n = CHAR(msgbuf, 7);
446 if (n < 0 || n > 7) {
447 des_error("decryption failed (block corrupted)");
448 return EOF;
449 }
450 } else
451 (void)ungetc(c, fp);
452 return n;
453 }
454 if (n > 0)
455 des_error("decryption failed (incomplete block)");
456 else if (n < 0)
457 des_error("cannot read file");
458 return EOF;
459 }
460 #endif /* DES */
461