File: esm_cipher.c

package info (click to toggle)
cfs 1.4.1-17
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 600 kB
  • ctags: 648
  • sloc: ansic: 7,684; sh: 362; makefile: 185
file content (309 lines) | stat: -rw-r--r-- 6,459 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
/*
 * ESM crypto interface
 * v0.6
 */

/*
 * The author of this software is Matt Blaze.
 *              Copyright (c) 1995 by AT&T.
 * Permission to use, copy, and modify this software without fee
 * is hereby granted, provided that this entire notice is included in
 * all copies of any software which is or includes a copy or
 * modification of this software and in all copies of the supporting
 * documentation for such software.
 *
 * This software is subject to United States export controls.
 *
 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
 * WARRANTY.  IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
 * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
 */
#include <stdio.h>
#include <sys/types.h>
#include <sys/time.h>
#include <signal.h>
#include "global.h"
#include "rsaref.h"
#include "esm.h"

unsigned char check[8];

unsigned char skey1[8];
unsigned char skey2[8];
unsigned char skey3[8];
unsigned char mkey1[8];
unsigned char mkey2[8];
unsigned char mkey3[8];
unsigned char ivin[8];
unsigned char ivout[8];

R_RANDOM_STRUCT rs;

R_DH_PARAMS dhparams[3];

unsigned char otherpub[MAXPUBKEY+2];
unsigned char ourpub[MAXPUBKEY+2];
unsigned char ourpriv[MAXPUBKEY];
int ourprivlen;
int pklen;

keystr inks, outks;

cipherinit(master)
     int master;
{
	if (master) {
		des_key_setup(skey1,inks.ek1);
		des_key_setup(skey2,inks.ek2);
		des_key_setup(skey3,inks.ek3);
		des_key_setup(mkey1,outks.ek1);
		des_key_setup(mkey2,outks.ek2);
		des_key_setup(mkey3,outks.ek3);
	} else {
		des_key_setup(skey1,outks.ek1);
		des_key_setup(skey2,outks.ek2);
		des_key_setup(skey3,outks.ek3);
		des_key_setup(mkey1,inks.ek1);
		des_key_setup(mkey2,inks.ek2);
		des_key_setup(mkey3,inks.ek3);
	}
}

/* 8 bit cfb encrypt */
unsigned int cfb8_encrypt(c)
     unsigned int c;
     
{
	int i;
	char blk[8];

	for (i=0; i<8; i++)
		blk[i]=ivout[i];
	des_block_cipher(outks.ek1,blk,0);
	des_block_cipher(outks.ek2,blk,1);
	des_block_cipher(outks.ek3,blk,0);
	for (i=0; i<7; i++)
		ivout[i]=ivout[i+1];
	ivout[7] = blk[0] ^ c;
	return (ivout[7]);
}

/*
 * 8 bit cfb decrypt
 */
unsigned int cfb8_decrypt(c)
     unsigned int c;
{
	int i;
	unsigned char blk[8];

	for (i=0; i<8; i++)
		blk[i]=ivin[i];
	des_block_cipher(inks.ek1,blk,0);
	des_block_cipher(inks.ek2,blk,1);
	des_block_cipher(inks.ek3,blk,0);
	for (i=0; i<7; i++)
		ivin[i]=ivin[i+1];
	ivin[7] = c;
	return (blk[0] ^ c);
}

/*
 * alpha -> hex; used for encoding
 *  (ascii only - bfd)
 */
int atoh(ch)
     int ch;
{
	if (isdigit(ch))
		return ch-'0';
	if (islower(ch))
		return 10+ch-'a';
	if (isupper(ch))
		return 10+ch-'A';
	else
		return -1; /*???*/
}

     
int count=0;
int secs;
unsigned int bits;
void procbit()
{
	secs--;
	bits |= ((count ^ (count>>4)) & 0xf)<<(secs*4);
	if (secs) {
		alarm(1);
		signal(SIGALRM,procbit);
		getuid();	/* do a syscall to slow things a bit */
	}
}

int verbose=1;
/*
 * init the random number generator - seed with
 * truerandbits.
 * Use a combination of OS load and processor clock skew to get
 * enough entropy to generate the secret parameter (we only need a
 * total of 128 or so bits, so we just get more than we need to
 * compensate for any non-randomness).
 * WARNING: use oldrand() (below) on new platforms
 * if you aren't sure about truerand().
 */
randinit()
{
	unsigned int n;
	int i;
	struct timeval tv;
	unsigned long truerand();
	unsigned char b[20];
	
	R_RandomInit(&rs);
	if (verbose) {
		fprintf(stderr,"randomizing...");
		fflush(stderr);
	}
	/* we just grab 160 truerand bits and keep feeding them
	   over and over to R_RandomUpdate until it's happy */
	for (i=0; i<20; i++) {
		b[i]=randbyte();
		fprintf(stderr,".");
	}
	while (R_GetRandomBytesNeeded(&n,&rs), (n>0)) {
		R_RandomUpdate(&rs,b,sizeof(b));
	}
	if (verbose) {
		fprintf(stderr,"done\n");
		fflush(stderr);
	}
}

/*
 * OLD CODE HERE.  NOT CALLED.
 * generate 8 random clock skew bits
 * we don't use this anymore.. instead we generate more
 * bits using the mitchell code.
 * modify the code to use this instead if you don't trust
 * the higher-bandwidth mitchell numbers.
 */
int rnd8()
{
	secs=2;
	bits=0;
	signal(SIGALRM,procbit);
	alarm(1);
	getpid();
	while (secs)
		count++;
	return bits;
	
}

/*
 * OLD CODE HERE.  NOT CALLED.
 * this is the old, slow but simple truerand routine
 * you should change the code use this on new platforms instead of 
 * the "randinit" above.
 */
oldrandinit()
{
	unsigned int n;
	unsigned char b[18];
	struct timeval tv;
	
	R_RandomInit(&rs);
	R_GetRandomBytesNeeded(&n,&rs); /* but we ignore */
	/* RSAREF wants 256 bytes, which is an awful lot at 4bps.  we
	   really only need enough to do justice to the entropy of
	   the block cipher (3des), so we just generate 18. */
	   
	if (verbose)
		fprintf(stderr,"Randomizing (takes about 45 secs)...");
	fflush(stderr);
	for (n=0; n<18; n++) {
		b[n]=rnd8();
		if (verbose && (n%4==3)) {
			fprintf(stderr,".");
			fflush(stderr);
		}
	}
	while (R_GetRandomBytesNeeded(&n,&rs), (n>0)) {
		R_RandomUpdate(&rs,b,18);
		if (verbose)
			fprintf(stderr,".");
	}
	/* Just for good measure, we throw in a couple other things */
	n=getpid();
	R_RandomUpdate(&rs,(unsigned char*)&n,sizeof(n));
	gettimeofday(&tv,NULL);
	R_RandomUpdate(&rs,(unsigned char*)&tv,sizeof(tv));
	if (verbose)
		fprintf(stderr,"done\n");
}

#define BLANKLINE 0
#define TERM 1
#define NONE 2
#define SHORTKEY 3
#define MEDKEY 4
#define LONGKEY 5
#define HEX 6
#define FILENAME 7

int size[3];

int keysize=0;
	
getpubkey()
{
	fprintf(stderr,"Calculator not implemented, sorry\n");
	return;
}

createdh(param)
     int param;
{
	int e;
	
	if ((param<0) || (param>2))
		return -1;
	ourprivlen=(dhparams[param].generatorLen)/2; /* from gen'd params */
	if ((e=R_SetupDHAgreement(ourpub, ourpriv, ourprivlen,
				  &dhparams[param], &rs))!=0) {
		return -1;
	}
	return 0;
}

dhagree(param,master)
     int param;
     int master;
{
	unsigned char buf[MAXPUBKEY];
	int i;
	
	if ((param<0) || (param>2))
		return -1;
	if (R_ComputeDHAgreedKey(buf,otherpub,ourpriv,ourprivlen,
				 &dhparams[param]) != 0)
		return -1;
	for (i=0; i<8; i++) {	/* always have enough agreed bits */
		mkey1[i] = buf[i];
		mkey2[i] = buf[i+8];
		mkey3[i] = buf[i+16];
		skey1[i] = buf[24+i];
		skey2[i] = buf[24+i+8];
		skey3[i] = buf[24+i+16];
		check[i] = buf[32+i];
	}
	cipherinit(master);
	return 0;
}
	    
     
delkey()
{
}