📄 enc_des.c
字号:
/*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */#ifndef lintstatic char sccsid[] = "@(#)enc_des.c 8.3 (Berkeley) 5/30/95";#endif /* not lint */#ifdef HAVE_CONFIG_H#include <config.h>#endif#ifdef ENCRYPTION# ifdef AUTHENTICATION# ifdef DES_ENCRYPTION#include <arpa/telnet.h>#include <stdio.h>#ifdef HAVE_STDLIB_H#include <stdlib.h>#endif#include "encrypt.h"#include "key-proto.h"#include "misc-proto.h"extern encrypt_debug_mode;#define CFB 0#define OFB 1#define NO_SEND_IV 1#define NO_RECV_IV 2#define NO_KEYID 4#define IN_PROGRESS (NO_SEND_IV|NO_RECV_IV|NO_KEYID)#define SUCCESS 0#define FAILED -1struct fb { Block krbdes_key; Schedule krbdes_sched; Block temp_feed; unsigned char fb_feed[64]; int need_start; int state[2]; int keyid[2]; int once; struct stinfo { Block str_output; Block str_feed; Block str_iv; Block str_ikey; Schedule str_sched; int str_index; int str_flagshift; } streams[2];};static struct fb fb[2];struct keyidlist { char *keyid; int keyidlen; char *key; int keylen; int flags;} keyidlist [] = { { "\0", 1, 0, 0, 0 }, /* default key of zero */ { 0, 0, 0, 0, 0 }};#define KEYFLAG_MASK 03#define KEYFLAG_NOINIT 00#define KEYFLAG_INIT 01#define KEYFLAG_OK 02#define KEYFLAG_BAD 03#define KEYFLAG_SHIFT 2#define SHIFT_VAL(a,b) (KEYFLAG_SHIFT*((a)+((b)*2)))#define FB64_IV 1#define FB64_IV_OK 2#define FB64_IV_BAD 3void fb64_stream_iv P((Block, struct stinfo *));void fb64_init P((struct fb *));static int fb64_start P((struct fb *, int, int));int fb64_is P((unsigned char *, int, struct fb *));int fb64_reply P((unsigned char *, int, struct fb *));static void fb64_session P((Session_Key *, int, struct fb *));void fb64_stream_key P((Block, struct stinfo *));int fb64_keyid P((int, unsigned char *, int *, struct fb *)); voidcfb64_init(server) int server;{ fb64_init(&fb[CFB]); fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64; fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB); fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB);} voidofb64_init(server) int server;{ fb64_init(&fb[OFB]); fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64; fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB); fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB);} voidfb64_init(fbp) register struct fb *fbp;{ memset((void *)fbp, 0, sizeof(*fbp)); fbp->state[0] = fbp->state[1] = FAILED; fbp->fb_feed[0] = IAC; fbp->fb_feed[1] = SB; fbp->fb_feed[2] = TELOPT_ENCRYPT; fbp->fb_feed[3] = ENCRYPT_IS;}/* * Returns: * -1: some error. Negotiation is done, encryption not ready. * 0: Successful, initial negotiation all done. * 1: successful, negotiation not done yet. * 2: Not yet. Other things (like getting the key from * Kerberos) have to happen before we can continue. */ intcfb64_start(dir, server) int dir; int server;{ return(fb64_start(&fb[CFB], dir, server));} intofb64_start(dir, server) int dir; int server;{ return(fb64_start(&fb[OFB], dir, server));} static intfb64_start(fbp, dir, server) struct fb *fbp; int dir; int server;{ Block b; int x; unsigned char *p; register int state; switch (dir) { case DIR_DECRYPT: /* * This is simply a request to have the other side * start output (our input). He will negotiate an * IV so we need not look for it. */ state = fbp->state[dir-1]; if (state == FAILED) state = IN_PROGRESS; break; case DIR_ENCRYPT: state = fbp->state[dir-1]; if (state == FAILED) state = IN_PROGRESS; else if ((state & NO_SEND_IV) == 0) break; if (!VALIDKEY(fbp->krbdes_key)) { fbp->need_start = 1; break; } state &= ~NO_SEND_IV; state |= NO_RECV_IV; if (encrypt_debug_mode) printf("Creating new feed\r\n"); /* * Create a random feed and send it over. */ des_new_random_key(fbp->temp_feed); des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed, fbp->krbdes_sched, 1); p = fbp->fb_feed + 3; *p++ = ENCRYPT_IS; p++; *p++ = FB64_IV; for (x = 0; x < sizeof(Block); ++x) { if ((*p++ = fbp->temp_feed[x]) == IAC) *p++ = IAC; } *p++ = IAC; *p++ = SE; printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); net_write(fbp->fb_feed, p - fbp->fb_feed); break; default: return(FAILED); } return(fbp->state[dir-1] = state);}/* * Returns: * -1: some error. Negotiation is done, encryption not ready. * 0: Successful, initial negotiation all done. * 1: successful, negotiation not done yet. */ intcfb64_is(data, cnt) unsigned char *data; int cnt;{ return(fb64_is(data, cnt, &fb[CFB]));} intofb64_is(data, cnt) unsigned char *data; int cnt;{ return(fb64_is(data, cnt, &fb[OFB]));} intfb64_is(data, cnt, fbp) unsigned char *data; int cnt; struct fb *fbp;{ int x; unsigned char *p; Block b; register int state = fbp->state[DIR_DECRYPT-1]; if (cnt-- < 1) goto failure; switch (*data++) { case FB64_IV: if (cnt != sizeof(Block)) { if (encrypt_debug_mode) printf("CFB64: initial vector failed on size\r\n"); state = FAILED; goto failure; } if (encrypt_debug_mode) printf("CFB64: initial vector received\r\n"); if (encrypt_debug_mode) printf("Initializing Decrypt stream\r\n"); fb64_stream_iv((void *)data, &fbp->streams[DIR_DECRYPT-1]); p = fbp->fb_feed + 3; *p++ = ENCRYPT_REPLY; p++; *p++ = FB64_IV_OK; *p++ = IAC; *p++ = SE; printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); net_write(fbp->fb_feed, p - fbp->fb_feed); state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS; break; default: if (encrypt_debug_mode) { printf("Unknown option type: %d\r\n", *(data-1)); printd(data, cnt); printf("\r\n"); } /* FALL THROUGH */ failure: /* * We failed. Send an FB64_IV_BAD option * to the other side so it will know that * things failed. */ p = fbp->fb_feed + 3; *p++ = ENCRYPT_REPLY; p++; *p++ = FB64_IV_BAD; *p++ = IAC; *p++ = SE; printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); net_write(fbp->fb_feed, p - fbp->fb_feed); break; } return(fbp->state[DIR_DECRYPT-1] = state);}/* * Returns: * -1: some error. Negotiation is done, encryption not ready. * 0: Successful, initial negotiation all done. * 1: successful, negotiation not done yet. */ intcfb64_reply(data, cnt) unsigned char *data; int cnt;{ return(fb64_reply(data, cnt, &fb[CFB]));} intofb64_reply(data, cnt) unsigned char *data; int cnt;{ return(fb64_reply(data, cnt, &fb[OFB]));} intfb64_reply(data, cnt, fbp) unsigned char *data; int cnt; struct fb *fbp;{ int x; unsigned char *p; Block b; register int state = fbp->state[DIR_ENCRYPT-1];⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -