X-Git-Url: https://git.distorted.org.uk/~mdw/become/blobdiff_plain/38b18db87ee952fef8fc9e856d4ec2dae6fa2847..9e5602f0603b771fdda16731ab5bf6e460fe8795:/src/crypt.c diff --git a/src/crypt.c b/src/crypt.c index d052471..4148cdb 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: crypt.c,v 1.2 1997/08/04 10:24:21 mdw Exp $ + * $Id: crypt.c,v 1.3 1997/09/26 09:14:58 mdw Exp $ * * Cryptographic transfer of `become' requests * @@ -29,6 +29,14 @@ /*----- Revision history --------------------------------------------------* * * $Log: crypt.c,v $ + * Revision 1.3 1997/09/26 09:14:58 mdw + * Merged blowfish branch into trunk. + * + * Revision 1.2.2.1 1997/09/26 09:08:02 mdw + * Use the Blowfish encryption algorithm instead of IDEA. This is partly + * because I prefer Blowfish (without any particularly strong evidence) but + * mainly because IDEA is patented and Blowfish isn't. + * * Revision 1.2 1997/08/04 10:24:21 mdw * Sources placed under CVS control. * @@ -59,10 +67,10 @@ /* --- Local headers --- */ #include "become.h" +#include "blowfish.h" #include "config.h" #include "crypt.h" #include "icrypt.h" -#include "idea.h" #include "md5.h" #include "noise.h" #include "rand.h" @@ -124,7 +132,7 @@ static void crypt__sessionKey(const char *seedfile, unsigned char *k, { icrypt_job j; - icrypt_init(&j, k, 0); + icrypt_init(&j, k, BLOWFISH_KEYSIZE, 0); rand_encrypt(&j); burn(j); } @@ -132,13 +140,13 @@ static void crypt__sessionKey(const char *seedfile, unsigned char *k, /* --- Generate the session key and IV --- */ noise_acquire(); - rand_extract(sk, IDEA_KEYSIZE); - rand_extract(iv, IDEA_BLKSIZE); + rand_extract(sk, BLOWFISH_KEYSIZE); + rand_extract(iv, BLOWFISH_BLKSIZE); IF_TRACING(TRACE_CRYPTO, - traceblk(TRACE_CRYPTO, "crypto: session key:", sk, IDEA_KEYSIZE); + traceblk(TRACE_CRYPTO, "crypto: session key:", sk, BLOWFISH_KEYSIZE); traceblk(TRACE_CRYPTO, "crypto: initialisation vector:", - iv, IDEA_BLKSIZE); + iv, BLOWFISH_BLKSIZE); ); /* --- Write the seed back --- */ @@ -171,7 +179,7 @@ void crypt_packRequest(request *rq, unsigned char *buff, { /* --- First, build the easy stuff in the block --- */ - buff[crq_cryptType] = cryptType_idea; + buff[crq_cryptType] = cryptType_blowfish; store32(buff + crq_time, t); store32(buff + crq_pid, pid); store32(buff + crq_from, rq->from); @@ -180,7 +188,7 @@ void crypt_packRequest(request *rq, unsigned char *buff, /* --- Now generate session keys and things --- */ crypt__sessionKey(file_RANDSEED, k, sk, buff + crq_iv); - memcpy(buff + crq_session, sk, IDEA_KEYSIZE); + memcpy(buff + crq_session, sk, BLOWFISH_KEYSIZE); /* --- The string causes a few problems --- * * @@ -190,9 +198,9 @@ void crypt_packRequest(request *rq, unsigned char *buff, * version of this code used @strncpy@ which is even worse!) * * I'll fill the block with random (from @rand@(3) -- nothing too - * elaborate) and then encrypt it using IDEA in CFB mode, using the first - * few bytes as the key. This should provide a sufficiently unpredictable - * background for the block. + * elaborate) and then encrypt it using Blowfish in CFB mode, using the + * first few bytes as the key. This should provide a sufficiently + * unpredictable background for the block. */ { @@ -200,7 +208,7 @@ void crypt_packRequest(request *rq, unsigned char *buff, unsigned char *p; unsigned u; md5 md; - unsigned char qk[IDEA_KEYSIZE]; + unsigned char qk[BLOWFISH_KEYSIZE]; /* --- Initialise the buffer with junk --- */ @@ -213,7 +221,8 @@ void crypt_packRequest(request *rq, unsigned char *buff, p = buff + crq_cmd; md5_init(&md); md5_buffer(&md, p, CMDLEN_MAX); md5_final(&md, qk); - icrypt_init(&j, qk, 0); icrypt_encrypt(&j, p, p, CMDLEN_MAX); + icrypt_init(&j, qk, BLOWFISH_KEYSIZE, 0); + icrypt_encrypt(&j, p, p, CMDLEN_MAX); burn(j); burn(qk); burn(md); /* --- Copy the string into here --- */ @@ -248,9 +257,24 @@ void crypt_packRequest(request *rq, unsigned char *buff, T( traceblk(TRACE_CRYPTO, "crypto: plaintext request:", buff, crq_size); ) - icrypt_init(&j, k, buff + crq_iv); - icrypt_encrypt(&j, buff + crq_session, buff + crq_session, IDEA_KEYSIZE); - icrypt_reset(&j, sk, 0); + T( traceblk(TRACE_CRYPTO, "crypto: master key:", k, BLOWFISH_KEYSIZE); ) + T( traceblk(TRACE_CRYPTO, "crypto: initial iv:", + buff + crq_iv, BLOWFISH_BLKSIZE); ) + T( traceblk(TRACE_CRYPTO, "crypto: session key:", + sk, BLOWFISH_KEYSIZE); ) + + icrypt_init(&j, k, BLOWFISH_KEYSIZE, buff + crq_iv); + + icrypt_encrypt(&j, buff + crq_session, + buff + crq_session, BLOWFISH_KEYSIZE); + T( traceblk(TRACE_CRYPTO, "crypto: encrypted session key:", + buff + crq_session, BLOWFISH_KEYSIZE); ) + + icrypt_reset(&j, sk, BLOWFISH_KEYSIZE, 0); + + T( traceblk(TRACE_CRYPTO, "crypto: partial iv:", + j.iv, BLOWFISH_BLKSIZE); ) + icrypt_encrypt(&j, buff + crq_cipher, buff + crq_cipher, crq_size - crq_cipher); burn(j); @@ -280,7 +304,7 @@ int crypt_unpackRequest(request *rq, unsigned char *buff, { /* --- Check the encryption format --- */ - if (buff[crq_cryptType] != cryptType_idea) + if (buff[crq_cryptType] != cryptType_blowfish) return (0); } @@ -292,19 +316,35 @@ int crypt_unpackRequest(request *rq, unsigned char *buff, T( traceblk(TRACE_CRYPTO, "crypto: ciphertext request:", buff, crq_size); ) - icrypt_init(&j, k, buff + crq_iv); - icrypt_decrypt(&j, buff + crq_session, buff + crq_session, IDEA_KEYSIZE); - memcpy(sk, buff + crq_session, IDEA_KEYSIZE); - icrypt_reset(&j, sk, 0); + T( traceblk(TRACE_CRYPTO, "crypto: master key:", k, BLOWFISH_KEYSIZE); ) + T( traceblk(TRACE_CRYPTO, "crypto: initial iv:", + buff + crq_iv, BLOWFISH_BLKSIZE); ) + + icrypt_init(&j, k, BLOWFISH_KEYSIZE, buff + crq_iv); + T( traceblk(TRACE_CRYPTO, "crypto: job block:", &j, sizeof(j)); ) + + T( traceblk(TRACE_CRYPTO, "crypto: encrypted session key:", + buff + crq_session, BLOWFISH_KEYSIZE); ) + icrypt_decrypt(&j, buff + crq_session, + buff + crq_session, BLOWFISH_KEYSIZE); + memcpy(sk, buff + crq_session, BLOWFISH_KEYSIZE); + T( traceblk(TRACE_CRYPTO, "crypto: session key:", + sk, BLOWFISH_KEYSIZE); ) + + icrypt_reset(&j, sk, BLOWFISH_KEYSIZE, 0); + + T( traceblk(TRACE_CRYPTO, "crypto: partial iv:", + j.iv, BLOWFISH_BLKSIZE); ) + icrypt_decrypt(&j, buff + crq_cipher, buff + crq_cipher, crq_size - crq_cipher); icrypt_saveIV(&j, rpl + crp_iv); - memset(buff + crq_session, 0, IDEA_KEYSIZE); /* Burn, baby, burn */ - burn(j); - T( traceblk(TRACE_CRYPTO, "crypto: plaintext request:", buff, crq_size); ) + + memset(buff + crq_session, 0, BLOWFISH_KEYSIZE); /* Burn, baby, burn */ + burn(j); } { @@ -391,7 +431,7 @@ void crypt_packReply(unsigned char *buff, unsigned char *sk, int answer) T( traceblk(TRACE_CRYPTO, "crypto: plaintext reply:", buff, crp_size); ) - icrypt_init(&j, sk, buff + crp_iv); + icrypt_init(&j, sk, BLOWFISH_KEYSIZE, buff + crp_iv); icrypt_encrypt(&j, buff + crp_cipher, buff + crp_cipher, crp_size - crp_cipher); burn(j); @@ -422,7 +462,7 @@ int crypt_unpackReply(unsigned char *buff, unsigned char *sk, T( traceblk(TRACE_CRYPTO, "crypto: ciphertext reply:", buff, crp_size); ) - icrypt_init(&j, sk, buff + crp_iv); + icrypt_init(&j, sk, BLOWFISH_KEYSIZE, buff + crp_iv); icrypt_decrypt(&j, buff + crp_cipher, buff + crp_cipher, crp_size - crp_cipher); burn(j); @@ -471,7 +511,7 @@ int crypt_unpackReply(unsigned char *buff, unsigned char *sk, int main(int argc, char *argv[]) { unsigned char buff[8]; - unsigned char sk[IDEA_KEYSIZE], k[IDEA_KEYSIZE]; + unsigned char sk[BLOWFISH_KEYSIZE], k[BLOWFISH_KEYSIZE]; FILE *fp; ego(argv[0]);