1 /*
2 * Copyright (c) 1996
3 * Bill Paul <[email protected]>. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Bill Paul.
16 * 4. Neither the name of the author nor the names of any co-contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 #include <sys/types.h>
34 #include <sys/param.h>
35 #include <dirent.h>
36 #include <dlfcn.h>
37 #include <err.h>
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <string.h>
41 #include <rpc/des_crypt.h>
42 #include <rpc/des.h>
43 #include "crypt.h"
44
45 /*
46 * The U.S. government stupidly believes that a) it can keep strong
47 * crypto code a secret and b) that doing so somehow protects national
48 * interests. It's wrong on both counts, but until it listens to reason
49 * we have to make certain compromises so it doesn't have an excuse to
50 * throw us in federal prison.
51 *
52 * Consequently, the core OS ships without DES support, and keyserv
53 * defaults to using ARCFOUR with only a 40 bit key, just like nutscrape.
54 * This breaks compatibility with Secure RPC on other systems, but it
55 * allows Secure RPC to work between FreeBSD systems that don't have the
56 * DES package installed without throwing security totally out the window.
57 *
58 * In order to avoid having to supply two versions of keyserv (one with
59 * DES and one without), we use dlopen() and friends to load libdes.so
60 * into our address space at runtime. We check for the presence of
61 * /usr/lib/libdes.so.3.0 at startup and load it if we find it. If we
62 * can't find it, or the __des_crypt symbol doesn't exist, we fall back
63 * to the ARCFOUR encryption code. The user can specify another path using
64 * the -p flag.
65 */
66
67 /* arcfour.h */
68 typedef struct arcfour_key
69 {
70 unsigned char state[256];
71 unsigned char x;
72 unsigned char y;
73 } arcfour_key;
74
75 static void prepare_key(unsigned char *key_data_ptr,int key_data_len,
76 arcfour_key *key);
77 static void arcfour(unsigned char *buffer_ptr,int buffer_len,arcfour_key * key);
78 static void swap_byte(unsigned char *a, unsigned char *b);
79
prepare_key(unsigned char * key_data_ptr,int key_data_len,arcfour_key * key)80 static void prepare_key(unsigned char *key_data_ptr, int key_data_len,
81 arcfour_key *key)
82 {
83 unsigned char index1;
84 unsigned char index2;
85 unsigned char* state;
86 short counter;
87
88 state = &key->state[0];
89 for(counter = 0; counter < 256; counter++)
90 state[counter] = counter;
91 key->x = 0;
92 key->y = 0;
93 index1 = 0;
94 index2 = 0;
95 for(counter = 0; counter < 256; counter++)
96 {
97 index2 = (key_data_ptr[index1] + state[counter] +
98 index2) % 256;
99 swap_byte(&state[counter], &state[index2]);
100
101 index1 = (index1 + 1) % key_data_len;
102 }
103 }
104
arcfour(unsigned char * buffer_ptr,int buffer_len,arcfour_key * key)105 static void arcfour(unsigned char *buffer_ptr, int buffer_len, arcfour_key *key)
106 {
107 unsigned char x;
108 unsigned char y;
109 unsigned char* state;
110 unsigned char xorIndex;
111 short counter;
112
113 x = key->x;
114 y = key->y;
115
116 state = &key->state[0];
117 for(counter = 0; counter < buffer_len; counter ++)
118 {
119 x = (x + 1) % 256;
120 y = (state[x] + y) % 256;
121 swap_byte(&state[x], &state[y]);
122
123 xorIndex = (state[x] + state[y]) % 256;
124
125 buffer_ptr[counter] ^= state[xorIndex];
126 }
127 key->x = x;
128 key->y = y;
129 }
130
swap_byte(unsigned char * a,unsigned char * b)131 static void swap_byte(unsigned char *a, unsigned char *b)
132 {
133 unsigned char swapByte;
134
135 swapByte = *a;
136 *a = *b;
137 *b = swapByte;
138 }
139
140 /* Dummy _des_crypt function that uses ARCFOUR with a 40 bit key */
_arcfour_crypt(char * buf,int len,struct desparams * desp)141 int _arcfour_crypt(char *buf, int len, struct desparams *desp)
142 {
143 struct arcfour_key arcfourk;
144
145 /*
146 * U.S. government anti-crypto weasels take
147 * note: although we are supplied with a 64 bit
148 * key, we're only passing 40 bits to the ARCFOUR
149 * encryption code. So there.
150 */
151 prepare_key(desp->des_key, 5, &arcfourk);
152 arcfour(buf, len, &arcfourk);
153
154 return(DESERR_NOHWDEVICE);
155 }
156
157 int (*_my_crypt)(char *, int, struct desparams *) = NULL;
158
159 static void *dlhandle;
160
161 #ifndef _PATH_USRLIB
162 #define _PATH_USRLIB "/usr/lib"
163 #endif
164
165 #ifndef LIBCRYPTO
166 #define LIBCRYPTO "libcrypto.so.2"
167 #endif
168
load_des(int warn,char * libpath)169 void load_des(int warn, char *libpath)
170 {
171 char dlpath[MAXPATHLEN];
172
173 if (libpath == NULL)
174 snprintf(dlpath, sizeof(dlpath), "%s/%s", _PATH_USRLIB,
175 LIBCRYPTO);
176 else
177 snprintf(dlpath, sizeof(dlpath), "%s", libpath);
178
179 if ((dlhandle = dlopen(dlpath, 0444)) != NULL)
180 _my_crypt = (int (*)())dlsym(dlhandle, "_des_crypt");
181
182 if (_my_crypt == NULL) {
183 if (dlhandle != NULL)
184 dlclose(dlhandle);
185 _my_crypt = &_arcfour_crypt;
186 if (warn) {
187 printf ("DES support disabled -- using ARCFOUR instead.\n");
188 printf ("Warning: ARCFOUR cipher is not compatible with ");
189 printf ("other Secure RPC implementations.\nInstall ");
190 printf ("the FreeBSD 'des' distribution to enable");
191 printf (" DES encryption.\n");
192 }
193 } else {
194 if (warn) {
195 printf ("DES support enabled\n");
196 printf ("Using %s shared object.\n", dlpath);
197 }
198 }
199
200 return;
201 }
202
203 desresp *
des_crypt_1_svc(desargs * argp,struct svc_req * rqstp)204 des_crypt_1_svc(desargs *argp, struct svc_req *rqstp)
205 {
206 static desresp result;
207 struct desparams dparm;
208
209 if (argp->desbuf.desbuf_len > DES_MAXDATA) {
210 result.stat = DESERR_BADPARAM;
211 return(&result);
212 }
213
214
215 bcopy(argp->des_key, dparm.des_key, 8);
216 bcopy(argp->des_ivec, dparm.des_ivec, 8);
217 dparm.des_mode = (argp->des_mode == CBC_DES) ? CBC : ECB;
218 dparm.des_dir = (argp->des_dir == ENCRYPT_DES) ? ENCRYPT : DECRYPT;
219 #ifdef BROKEN_DES
220 dparm.UDES.UDES_buf = argp->desbuf.desbuf_val;
221 #endif
222
223 /*
224 * XXX This compensates for a bug in the libdes Secure RPC
225 * compat interface. (Actually, there are a couple.) The
226 * des_ecb_encrypt() routine in libdes only encrypts 8 bytes
227 * (64 bits) at a time. However, the Sun Secure RPC ecb_crypt()
228 * routine is supposed to be able to handle buffers up to 8Kbytes.
229 * The rpc_enc module in libdes ignores this fact and just drops
230 * the length parameter on the floor, encrypting only the
231 * first 64 bits of whatever buffer you feed it. We deal with
232 * this here: if we're using DES encryption, and we're using
233 * ECB mode, then we make a pass over the entire buffer
234 * ourselves. Note: the rpc_enc module incorrectly transposes
235 * the mode flags, so when you ask for CBC mode, you're really
236 * getting ECB mode.
237 */
238 #ifdef BROKEN_DES
239 if (_my_crypt != &_arcfour_crypt && argp->des_mode == CBC_DES) {
240 #else
241 if (_my_crypt != &_arcfour_crypt && argp->des_mode == ECB_DES) {
242 #endif
243 int i;
244 char *dptr;
245
246 for (i = 0; i < argp->desbuf.desbuf_len / 8; i++) {
247 dptr = argp->desbuf.desbuf_val;
248 dptr += (i * 8);
249 #ifdef BROKEN_DES
250 dparm.UDES.UDES_buf = dptr;
251 #endif
252 result.stat = _my_crypt(dptr, 8, &dparm);
253 }
254 } else {
255 result.stat = _my_crypt(argp->desbuf.desbuf_val,
256 argp->desbuf.desbuf_len,
257 &dparm);
258 }
259
260 if (result.stat == DESERR_NONE || result.stat == DESERR_NOHWDEVICE) {
261 bcopy(dparm.des_ivec, result.des_ivec, 8);
262 result.desbuf.desbuf_len = argp->desbuf.desbuf_len;
263 result.desbuf.desbuf_val = argp->desbuf.desbuf_val;
264 }
265
266 return (&result);
267 }
268