cbc.c revision 73563 
1/* cbc.c: This file contains the encryption routines for the ed line editor */
2/*-
3 * Copyright (c) 1993 The Regents of the University of California.
4 * All rights reserved.
5 *
6 * Copyright (c) 1993 Andrew Moore, Talke Studio.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 *    notice, this list of conditions and the following disclaimer in the
16 *    documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 *    must display the following acknowledgement:
19 *	This product includes software developed by the University of
20 *	California, Berkeley and its contributors.
21 * 4. Neither the name of the University nor the names of its contributors
22 *    may be used to endorse or promote products derived from this software
23 *    without specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 *
37 *	from: @(#)bdes.c	5.5 (Berkeley) 6/27/91
38 */
39
40#ifndef lint
41#if 0
42static char * const rcsid = "@(#)cbc.c,v 1.2 1994/02/01 00:34:36 alm Exp";
43#else
44static char * const rcsid =
45  "$FreeBSD: head/bin/ed/cbc.c 73563 2001-03-05 02:15:38Z kris $";
46#endif
47#endif /* not lint */
48
49#include <sys/types.h>
50#include <errno.h>
51#include <pwd.h>
52#ifdef DES
53#include <time.h>
54#endif
55
56#include "ed.h"
57
58
59/*
60 * BSD and System V systems offer special library calls that do
61 * block move_liness and fills, so if possible we take advantage of them
62 */
63#define	MEMCPY(dest,src,len)	memcpy((dest),(src),(len))
64#define	MEMZERO(dest,len)	memset((dest), 0, (len))
65
66/* Hide the calls to the primitive encryption routines. */
67#define	DES_KEY(buf) \
68	if (des_setkey(buf)) \
69		des_error("des_setkey");
70#define	DES_XFORM(buf) \
71	if (des_cipher(buf, buf, 0L, (inverse ? -1 : 1))) \
72		des_error("des_cipher");
73
74/*
75 * read/write - no error checking
76 */
77#define	READ(buf, n, fp)	fread(buf, sizeof(char), n, fp)
78#define WRITE(buf, n, fp)	fwrite(buf, sizeof(char), n, fp)
79
80/*
81 * some things to make references easier
82 */
83typedef char Desbuf[8];
84#define	CHAR(x,i)	(x[i])
85#define	UCHAR(x,i)	(x[i])
86#define	BUFFER(x)	(x)
87#define	UBUFFER(x)	(x)
88
89/*
90 * global variables and related macros
91 */
92
93enum { 					/* encrypt, decrypt, authenticate */
94	MODE_ENCRYPT, MODE_DECRYPT, MODE_AUTHENTICATE
95} mode = MODE_ENCRYPT;
96
97Desbuf ivec;				/* initialization vector */
98Desbuf pvec;				/* padding vector */
99char bits[] = {				/* used to extract bits from a char */
100	'\200', '\100', '\040', '\020', '\010', '\004', '\002', '\001'
101};
102int pflag;				/* 1 to preserve parity bits */
103
104unsigned char des_buf[8];	/* shared buffer for get_des_char/put_des_char */
105int des_ct = 0;			/* count for get_des_char/put_des_char */
106int des_n = 0;			/* index for put_des_char/get_des_char */
107
108
109/* init_des_cipher: initialize DES */
110void
111init_des_cipher()
112{
113#ifdef DES
114	int i;
115
116	des_ct = des_n = 0;
117
118	/* initialize the initialization vector */
119	MEMZERO(ivec, 8);
120
121	/* initialize the padding vector */
122	for (i = 0; i < 8; i++)
123		CHAR(pvec, i) = (char) (arc4random() % 256);
124#endif
125}
126
127
128/* get_des_char: return next char in an encrypted file */
129int
130get_des_char(fp)
131	FILE *fp;
132{
133#ifdef DES
134	if (des_n >= des_ct) {
135		des_n = 0;
136		des_ct = cbc_decode(des_buf, fp);
137	}
138	return (des_ct > 0) ? des_buf[des_n++] : EOF;
139#else
140	return (getc(fp));
141#endif
142}
143
144
145/* put_des_char: write a char to an encrypted file; return char written */
146int
147put_des_char(c, fp)
148	int c;
149	FILE *fp;
150{
151#ifdef DES
152	if (des_n == sizeof des_buf) {
153		des_ct = cbc_encode(des_buf, des_n, fp);
154		des_n = 0;
155	}
156	return (des_ct >= 0) ? (des_buf[des_n++] = c) : EOF;
157#else
158	return (fputc(c, fp));
159#endif
160}
161
162
163/* flush_des_file: flush an encrypted file's output; return status */
164int
165flush_des_file(fp)
166	FILE *fp;
167{
168#ifdef DES
169	if (des_n == sizeof des_buf) {
170		des_ct = cbc_encode(des_buf, des_n, fp);
171		des_n = 0;
172	}
173	return (des_ct >= 0 && cbc_encode(des_buf, des_n, fp) >= 0) ? 0 : EOF;
174#else
175	return (fflush(fp));
176#endif
177}
178
179#ifdef DES
180/*
181 * get keyword from tty or stdin
182 */
183int
184get_keyword()
185{
186	register char *p;		/* used to obtain the key */
187	Desbuf msgbuf;			/* I/O buffer */
188
189	/*
190	 * get the key
191	 */
192	if (*(p = getpass("Enter key: "))) {
193
194		/*
195		 * copy it, nul-padded, into the key area
196		 */
197		expand_des_key(BUFFER(msgbuf), p);
198		MEMZERO(p, _PASSWORD_LEN);
199		set_des_key(msgbuf);
200		MEMZERO(msgbuf, sizeof msgbuf);
201		return 1;
202	}
203	return 0;
204}
205
206
207/*
208 * print a warning message and, possibly, terminate
209 */
210void
211des_error(s)
212	char *s;		/* the message */
213{
214	(void)sprintf(errmsg, "%s", s ? s : strerror(errno));
215}
216
217/*
218 * map a hex character to an integer
219 */
220int
221hex_to_binary(c, radix)
222	int c;			/* char to be converted */
223	int radix;		/* base (2 to 16) */
224{
225	switch(c) {
226	case '0':		return(0x0);
227	case '1':		return(0x1);
228	case '2':		return(radix > 2 ? 0x2 : -1);
229	case '3':		return(radix > 3 ? 0x3 : -1);
230	case '4':		return(radix > 4 ? 0x4 : -1);
231	case '5':		return(radix > 5 ? 0x5 : -1);
232	case '6':		return(radix > 6 ? 0x6 : -1);
233	case '7':		return(radix > 7 ? 0x7 : -1);
234	case '8':		return(radix > 8 ? 0x8 : -1);
235	case '9':		return(radix > 9 ? 0x9 : -1);
236	case 'A': case 'a':	return(radix > 10 ? 0xa : -1);
237	case 'B': case 'b':	return(radix > 11 ? 0xb : -1);
238	case 'C': case 'c':	return(radix > 12 ? 0xc : -1);
239	case 'D': case 'd':	return(radix > 13 ? 0xd : -1);
240	case 'E': case 'e':	return(radix > 14 ? 0xe : -1);
241	case 'F': case 'f':	return(radix > 15 ? 0xf : -1);
242	}
243	/*
244	 * invalid character
245	 */
246	return(-1);
247}
248
249/*
250 * convert the key to a bit pattern
251 */
252void
253expand_des_key(obuf, ibuf)
254	char *obuf;			/* bit pattern */
255	char *ibuf;			/* the key itself */
256{
257	register int i, j;		/* counter in a for loop */
258	int nbuf[64];			/* used for hex/key translation */
259
260	/*
261	 * leading '0x' or '0X' == hex key
262	 */
263	if (ibuf[0] == '0' && (ibuf[1] == 'x' || ibuf[1] == 'X')) {
264		ibuf = &ibuf[2];
265		/*
266		 * now translate it, bombing on any illegal hex digit
267		 */
268		for (i = 0; ibuf[i] && i < 16; i++)
269			if ((nbuf[i] = hex_to_binary((int) ibuf[i], 16)) == -1)
270				des_error("bad hex digit in key");
271		while (i < 16)
272			nbuf[i++] = 0;
273		for (i = 0; i < 8; i++)
274			obuf[i] =
275			    ((nbuf[2*i]&0xf)<<4) | (nbuf[2*i+1]&0xf);
276		/* preserve parity bits */
277		pflag = 1;
278		return;
279	}
280	/*
281	 * leading '0b' or '0B' == binary key
282	 */
283	if (ibuf[0] == '0' && (ibuf[1] == 'b' || ibuf[1] == 'B')) {
284		ibuf = &ibuf[2];
285		/*
286		 * now translate it, bombing on any illegal binary digit
287		 */
288		for (i = 0; ibuf[i] && i < 16; i++)
289			if ((nbuf[i] = hex_to_binary((int) ibuf[i], 2)) == -1)
290				des_error("bad binary digit in key");
291		while (i < 64)
292			nbuf[i++] = 0;
293		for (i = 0; i < 8; i++)
294			for (j = 0; j < 8; j++)
295				obuf[i] = (obuf[i]<<1)|nbuf[8*i+j];
296		/* preserve parity bits */
297		pflag = 1;
298		return;
299	}
300	/*
301	 * no special leader -- ASCII
302	 */
303	(void)strncpy(obuf, ibuf, 8);
304}
305
306/*****************
307 * DES FUNCTIONS *
308 *****************/
309/*
310 * This sets the DES key and (if you're using the deszip version)
311 * the direction of the transformation.  This uses the Sun
312 * to map the 64-bit key onto the 56 bits that the key schedule
313 * generation routines use: the old way, which just uses the user-
314 * supplied 64 bits as is, and the new way, which resets the parity
315 * bit to be the same as the low-order bit in each character.  The
316 * new way generates a greater variety of key schedules, since many
317 * systems set the parity (high) bit of each character to 0, and the
318 * DES ignores the low order bit of each character.
319 */
320void
321set_des_key(buf)
322	Desbuf buf;				/* key block */
323{
324	register int i, j;			/* counter in a for loop */
325	register int par;			/* parity counter */
326
327	/*
328	 * if the parity is not preserved, flip it
329	 */
330	if (!pflag) {
331		for (i = 0; i < 8; i++) {
332			par = 0;
333			for (j = 1; j < 8; j++)
334				if ((bits[j]&UCHAR(buf, i)) != 0)
335					par++;
336			if ((par&01) == 01)
337				UCHAR(buf, i) = UCHAR(buf, i)&0177;
338			else
339				UCHAR(buf, i) = (UCHAR(buf, i)&0177)|0200;
340		}
341	}
342
343	DES_KEY(UBUFFER(buf));
344}
345
346
347/*
348 * This encrypts using the Cipher Block Chaining mode of DES
349 */
350int
351cbc_encode(msgbuf, n, fp)
352	char *msgbuf;
353	int n;
354	FILE *fp;
355{
356	int inverse = 0;	/* 0 to encrypt, 1 to decrypt */
357
358	/*
359	 * do the transformation
360	 */
361	if (n == 8) {
362		for (n = 0; n < 8; n++)
363			CHAR(msgbuf, n) ^= CHAR(ivec, n);
364		DES_XFORM(UBUFFER(msgbuf));
365		MEMCPY(BUFFER(ivec), BUFFER(msgbuf), 8);
366		return WRITE(BUFFER(msgbuf), 8, fp);
367	}
368	/*
369	 * at EOF or last block -- in either case, the last byte contains
370	 * the character representation of the number of bytes in it
371	 */
372/*
373	MEMZERO(msgbuf +  n, 8 - n);
374*/
375	/*
376	 *  Pad the last block randomly
377	 */
378	(void)MEMCPY(BUFFER(msgbuf + n), BUFFER(pvec), 8 - n);
379	CHAR(msgbuf, 7) = n;
380	for (n = 0; n < 8; n++)
381		CHAR(msgbuf, n) ^= CHAR(ivec, n);
382	DES_XFORM(UBUFFER(msgbuf));
383	return WRITE(BUFFER(msgbuf), 8, fp);
384}
385
386/*
387 * This decrypts using the Cipher Block Chaining mode of DES
388 */
389int
390cbc_decode(msgbuf, fp)
391	char *msgbuf;		/* I/O buffer */
392	FILE *fp;			/* input file descriptor */
393{
394	Desbuf ibuf;	/* temp buffer for initialization vector */
395	register int n;		/* number of bytes actually read */
396	register int c;		/* used to test for EOF */
397	int inverse = 1;	/* 0 to encrypt, 1 to decrypt */
398
399	if ((n = READ(BUFFER(msgbuf), 8, fp)) == 8) {
400		/*
401		 * do the transformation
402		 */
403		MEMCPY(BUFFER(ibuf), BUFFER(msgbuf), 8);
404		DES_XFORM(UBUFFER(msgbuf));
405		for (c = 0; c < 8; c++)
406			UCHAR(msgbuf, c) ^= UCHAR(ivec, c);
407		MEMCPY(BUFFER(ivec), BUFFER(ibuf), 8);
408		/*
409		 * if the last one, handle it specially
410		 */
411		if ((c = fgetc(fp)) == EOF) {
412			n = CHAR(msgbuf, 7);
413			if (n < 0 || n > 7) {
414				des_error("decryption failed (block corrupted)");
415				return EOF;
416			}
417		} else
418			(void)ungetc(c, fp);
419		return n;
420	}
421	if (n > 0)
422		des_error("decryption failed (incomplete block)");
423	else if (n < 0)
424		des_error("cannot read file");
425	return EOF;
426}
427#endif	/* DES */
428