## Process this file with `automake' to generate `Makefile.in'
## -*-makefile-*-
##
-## $Id: Makefile.am,v 1.6 1997/09/18 11:17:18 mdw Exp $
+## $Id: Makefile.am,v 1.6.2.1 1997/09/26 09:07:56 mdw Exp $
##
## Makefile for `become'
##
##----- Revision history ----------------------------------------------------
##
## $Log: Makefile.am,v $
+## Revision 1.6.2.1 1997/09/26 09:07:56 mdw
+## Use the Blowfish encryption algorithm instead of IDEA. This is partly
+## because I prefer Blowfish (without any particularly strong evidence) but
+## mainly because IDEA is patented and Blowfish isn't.
+##
## Revision 1.6 1997/09/18 11:17:18 mdw
## Fix comment leaders. Don't know why this CVS keeps breaking them.
## Could be DEC's bogus version of RCS being picked up.
class.c name.c netg.c rule.c sym.c userdb.c \
crypt.c \
noise.c rand.c \
- icrypt.c idea.c md5.c \
+ icrypt.c blowfish.c md5.c \
mdwopt.c tx.c utils.c \
\
become.h \
class.h name.h netg.h rule.h sym.h userdb.h \
crypt.h \
noise.h rand.h \
- icrypt.h idea.h md5.h \
+ icrypt.h blowfish.h blowfish-sbox.h md5.h \
mdwopt.h tx.h utils.h \
dbutils.h
/* -*-c-*-
*
- * $Id: become.c,v 1.11 1997/09/24 09:48:45 mdw Exp $
+ * $Id: become.c,v 1.11.2.1 1997/09/26 09:07:58 mdw Exp $
*
* Main code for `become'
*
/*----- Revision history --------------------------------------------------*
*
* $Log: become.c,v $
- * Revision 1.11 1997/09/24 09:48:45 mdw
+ * Revision 1.11.2.1 1997/09/26 09:07:58 mdw
+ * Use the Blowfish encryption algorithm instead of IDEA. This is partly
+ * because I prefer Blowfish (without any particularly strong evidence) but
+ * mainly because IDEA is patented and Blowfish isn't.
+ *
+ * Revision 1.12 1997/09/25 16:04:48 mdw
+ * Change directory after becoming someone else, instead of before. This
+ * avoids problems with root-squashed NFS mounts.
+ *
+ * Revision 1.11 1997/09/24 09:48:45 mdw
* Fix (scary) overrun bug in group allocation stuff.
*
* Revision 1.10 1997/09/17 10:14:10 mdw
enum {
f_daemon = 1, /* Start up in daemon mode */
f_duff = 2, /* Fault in arguments */
- f_login = 4, /* Execute as a login shell */
+ f_shell = 4, /* Run a default shell */
f_dummy = 8, /* Don't actually do anything */
f_setuid = 16, /* We're running setuid */
f_havegroup = 32 /* Set a default group */
binary = todo[0];
}
- else switch (style) {
+ else {
+ flags |= f_shell;
- /* --- An unadorned becoming requires little work --- */
+ switch (style) {
- case l_preserve:
- shell[0] = getenv("SHELL");
- if (!shell[0])
- shell[0] = from_pw->pw_shell;
- shell[1] = 0;
- todo = shell;
- binary = todo[0];
- break;
+ /* --- An unadorned becoming requires little work --- */
- /* --- An su-like login needs slightly less effort --- */
+ case l_preserve:
+ shell[0] = getenv("SHELL");
+ if (!shell[0])
+ shell[0] = from_pw->pw_shell;
+ shell[1] = 0;
+ todo = shell;
+ binary = todo[0];
+ break;
- case l_setuser:
- shell[0] = to_pw->pw_shell;
- shell[1] = 0;
- todo = shell;
- binary = todo[0];
- break;
+ /* --- An su-like login needs slightly less effort --- */
+
+ case l_setuser:
+ shell[0] = to_pw->pw_shell;
+ shell[1] = 0;
+ todo = shell;
+ binary = todo[0];
+ break;
- /* --- A login request needs a little bit of work --- */
-
- case l_login: {
- const char *p = strrchr(to_pw->pw_shell, '/');
-
- if (p)
- p++;
- else
- p = to_pw->pw_shell;
- shell[0] = xmalloc(strlen(p) + 2);
- shell[0][0] = '-';
- strcpy(shell[0] + 1, p);
- shell[1] = 0;
- todo = shell;
- binary = to_pw->pw_shell;
- chdir(to_pw->pw_dir);
- } break;
+ /* --- A login request needs a little bit of work --- */
+
+ case l_login: {
+ const char *p = strrchr(to_pw->pw_shell, '/');
+
+ if (p)
+ p++;
+ else
+ p = to_pw->pw_shell;
+ shell[0] = xmalloc(strlen(p) + 2);
+ shell[0][0] = '-';
+ strcpy(shell[0] + 1, p);
+ shell[1] = 0;
+ todo = shell;
+ binary = to_pw->pw_shell;
+ } break;
+ }
}
/* --- Mangle the environment --- *
if (rq.from == rq.to) {
moan("you already are `%s'!", to_pw->pw_name);
- if (!cmd && todo == shell) {
+ if (flags & f_shell) {
moan("(to prevent confusion, I'm not spawning a shell)");
exit(0);
}
if (setuid(rq.to) < 0)
die("couldn't set uid: %s", strerror(errno));
+ /* --- If this was a login, change current directory --- */
+
+ if (flags & f_shell && style == l_login && chdir(to_pw->pw_dir) < 0) {
+ moan("couldn't change directory to `%s': %s",
+ to_pw->pw_dir, strerror(errno));
+ }
+
/* --- Finally, call the program --- */
fflush(0);
/* -*-c-*-
*
- * $Id: blowfish.h,v 1.3 1997/08/07 09:43:20 mdw Exp $
+ * $Id: blowfish.h,v 1.3.2.1 1997/09/26 09:07:59 mdw Exp $
*
* Blowfish encryption routines
*
/*----- Revision history --------------------------------------------------*
*
* $Log: blowfish.h,v $
+ * Revision 1.3.2.1 1997/09/26 09:07:59 mdw
+ * Use the Blowfish encryption algorithm instead of IDEA. This is partly
+ * because I prefer Blowfish (without any particularly strong evidence) but
+ * mainly because IDEA is patented and Blowfish isn't.
+ *
* Revision 1.3 1997/08/07 09:43:20 mdw
* Fix address of the FSF.
*
extern "C" {
#endif
+/*----- Required headers --------------------------------------------------*/
+
+#ifndef CONFIG_H
+# include "config.h"
+#endif
+
/*----- Type definitions --------------------------------------------------*/
/* --- A blowfish expanded key --- */
uint_32 s3[256];
} blowfish_key;
+/* --- Size of a blowfish block --- */
+
+#define BLOWFISH_BLKSIZE (8u)
+
/*----- Functions provided ------------------------------------------------*/
/* --- @blowfish_encrypt@ --- *
/* -*-c-*-
*
- * $Id: check.c,v 1.4 1997/08/07 09:52:05 mdw Exp $
+ * $Id: check.c,v 1.4.2.1 1997/09/26 09:08:01 mdw Exp $
*
* Check validity of requests
*
/*----- Revision history --------------------------------------------------*
*
* $Log: check.c,v $
+ * Revision 1.4.2.1 1997/09/26 09:08:01 mdw
+ * Use the Blowfish encryption algorithm instead of IDEA. This is partly
+ * because I prefer Blowfish (without any particularly strong evidence) but
+ * mainly because IDEA is patented and Blowfish isn't.
+ *
* Revision 1.4 1997/08/07 09:52:05 mdw
* (Log entry for previous version is bogus.) Added support for multiple
* servers.
/* --- Local headers --- */
#include "become.h"
+#include "blowfish.h"
#include "config.h"
#include "crypt.h"
-#include "idea.h"
#include "lexer.h"
#include "name.h"
#include "netg.h"
{
int fd;
unsigned char crq[crq_size];
- unsigned char sk[IDEA_KEYSIZE];
+ unsigned char sk[BLOWFISH_KEYSIZE];
time_t t;
pid_t pid;
/* --- First, build the encrypted request packet --- */
{
- unsigned char k[IDEA_KEYSIZE];
+ unsigned char k[BLOWFISH_KEYSIZE];
FILE *fp;
/* --- Read in the encryption key --- */
/* -*-c-*-
*
- * $Id: crypt.c,v 1.2 1997/08/04 10:24:21 mdw Exp $
+ * $Id: crypt.c,v 1.2.2.1 1997/09/26 09:08:02 mdw Exp $
*
* Cryptographic transfer of `become' requests
*
/*----- Revision history --------------------------------------------------*
*
* $Log: crypt.c,v $
+ * Revision 1.2.2.1 1997/09/26 09:08:02 mdw
+ * Use the Blowfish encryption algorithm instead of IDEA. This is partly
+ * because I prefer Blowfish (without any particularly strong evidence) but
+ * mainly because IDEA is patented and Blowfish isn't.
+ *
* Revision 1.2 1997/08/04 10:24:21 mdw
* Sources placed under CVS control.
*
/* --- Local headers --- */
#include "become.h"
+#include "blowfish.h"
#include "config.h"
#include "crypt.h"
#include "icrypt.h"
-#include "idea.h"
#include "md5.h"
#include "noise.h"
#include "rand.h"
{
icrypt_job j;
- icrypt_init(&j, k, 0);
+ icrypt_init(&j, k, BLOWFISH_KEYSIZE, 0);
rand_encrypt(&j);
burn(j);
}
/* --- Generate the session key and IV --- */
noise_acquire();
- rand_extract(sk, IDEA_KEYSIZE);
- rand_extract(iv, IDEA_BLKSIZE);
+ rand_extract(sk, BLOWFISH_KEYSIZE);
+ rand_extract(iv, BLOWFISH_BLKSIZE);
IF_TRACING(TRACE_CRYPTO,
- traceblk(TRACE_CRYPTO, "crypto: session key:", sk, IDEA_KEYSIZE);
+ traceblk(TRACE_CRYPTO, "crypto: session key:", sk, BLOWFISH_KEYSIZE);
traceblk(TRACE_CRYPTO, "crypto: initialisation vector:",
- iv, IDEA_BLKSIZE);
+ iv, BLOWFISH_BLKSIZE);
);
/* --- Write the seed back --- */
{
/* --- First, build the easy stuff in the block --- */
- buff[crq_cryptType] = cryptType_idea;
+ buff[crq_cryptType] = cryptType_blowfish;
store32(buff + crq_time, t);
store32(buff + crq_pid, pid);
store32(buff + crq_from, rq->from);
/* --- Now generate session keys and things --- */
crypt__sessionKey(file_RANDSEED, k, sk, buff + crq_iv);
- memcpy(buff + crq_session, sk, IDEA_KEYSIZE);
+ memcpy(buff + crq_session, sk, BLOWFISH_KEYSIZE);
/* --- The string causes a few problems --- *
*
* version of this code used @strncpy@ which is even worse!)
*
* I'll fill the block with random (from @rand@(3) -- nothing too
- * elaborate) and then encrypt it using IDEA in CFB mode, using the first
- * few bytes as the key. This should provide a sufficiently unpredictable
- * background for the block.
+ * elaborate) and then encrypt it using Blowfish in CFB mode, using the
+ * first few bytes as the key. This should provide a sufficiently
+ * unpredictable background for the block.
*/
{
unsigned char *p;
unsigned u;
md5 md;
- unsigned char qk[IDEA_KEYSIZE];
+ unsigned char qk[BLOWFISH_KEYSIZE];
/* --- Initialise the buffer with junk --- */
p = buff + crq_cmd;
md5_init(&md); md5_buffer(&md, p, CMDLEN_MAX); md5_final(&md, qk);
- icrypt_init(&j, qk, 0); icrypt_encrypt(&j, p, p, CMDLEN_MAX);
+ icrypt_init(&j, qk, BLOWFISH_KEYSIZE, 0);
+ icrypt_encrypt(&j, p, p, CMDLEN_MAX);
burn(j); burn(qk); burn(md);
/* --- Copy the string into here --- */
T( traceblk(TRACE_CRYPTO, "crypto: plaintext request:",
buff, crq_size); )
- icrypt_init(&j, k, buff + crq_iv);
- icrypt_encrypt(&j, buff + crq_session, buff + crq_session, IDEA_KEYSIZE);
- icrypt_reset(&j, sk, 0);
+ T( traceblk(TRACE_CRYPTO, "crypto: master key:", k, BLOWFISH_KEYSIZE); )
+ T( traceblk(TRACE_CRYPTO, "crypto: initial iv:",
+ buff + crq_iv, BLOWFISH_BLKSIZE); )
+ T( traceblk(TRACE_CRYPTO, "crypto: session key:",
+ sk, BLOWFISH_KEYSIZE); )
+
+ icrypt_init(&j, k, BLOWFISH_KEYSIZE, buff + crq_iv);
+
+ icrypt_encrypt(&j, buff + crq_session,
+ buff + crq_session, BLOWFISH_KEYSIZE);
+ T( traceblk(TRACE_CRYPTO, "crypto: encrypted session key:",
+ buff + crq_session, BLOWFISH_KEYSIZE); )
+
+ icrypt_reset(&j, sk, BLOWFISH_KEYSIZE, 0);
+
+ T( traceblk(TRACE_CRYPTO, "crypto: partial iv:",
+ j.iv, BLOWFISH_BLKSIZE); )
+
icrypt_encrypt(&j, buff + crq_cipher,
buff + crq_cipher, crq_size - crq_cipher);
burn(j);
{
/* --- Check the encryption format --- */
- if (buff[crq_cryptType] != cryptType_idea)
+ if (buff[crq_cryptType] != cryptType_blowfish)
return (0);
}
T( traceblk(TRACE_CRYPTO, "crypto: ciphertext request:",
buff, crq_size); )
- icrypt_init(&j, k, buff + crq_iv);
- icrypt_decrypt(&j, buff + crq_session, buff + crq_session, IDEA_KEYSIZE);
- memcpy(sk, buff + crq_session, IDEA_KEYSIZE);
- icrypt_reset(&j, sk, 0);
+ T( traceblk(TRACE_CRYPTO, "crypto: master key:", k, BLOWFISH_KEYSIZE); )
+ T( traceblk(TRACE_CRYPTO, "crypto: initial iv:",
+ buff + crq_iv, BLOWFISH_BLKSIZE); )
+
+ icrypt_init(&j, k, BLOWFISH_KEYSIZE, buff + crq_iv);
+ T( traceblk(TRACE_CRYPTO, "crypto: job block:", &j, sizeof(j)); )
+
+ T( traceblk(TRACE_CRYPTO, "crypto: encrypted session key:",
+ buff + crq_session, BLOWFISH_KEYSIZE); )
+ icrypt_decrypt(&j, buff + crq_session,
+ buff + crq_session, BLOWFISH_KEYSIZE);
+ memcpy(sk, buff + crq_session, BLOWFISH_KEYSIZE);
+ T( traceblk(TRACE_CRYPTO, "crypto: session key:",
+ sk, BLOWFISH_KEYSIZE); )
+
+ icrypt_reset(&j, sk, BLOWFISH_KEYSIZE, 0);
+
+ T( traceblk(TRACE_CRYPTO, "crypto: partial iv:",
+ j.iv, BLOWFISH_BLKSIZE); )
+
icrypt_decrypt(&j, buff + crq_cipher,
buff + crq_cipher, crq_size - crq_cipher);
icrypt_saveIV(&j, rpl + crp_iv);
- memset(buff + crq_session, 0, IDEA_KEYSIZE); /* Burn, baby, burn */
- burn(j);
-
T( traceblk(TRACE_CRYPTO, "crypto: plaintext request:",
buff, crq_size); )
+
+ memset(buff + crq_session, 0, BLOWFISH_KEYSIZE); /* Burn, baby, burn */
+ burn(j);
}
{
T( traceblk(TRACE_CRYPTO, "crypto: plaintext reply:", buff, crp_size); )
- icrypt_init(&j, sk, buff + crp_iv);
+ icrypt_init(&j, sk, BLOWFISH_KEYSIZE, buff + crp_iv);
icrypt_encrypt(&j, buff + crp_cipher,
buff + crp_cipher, crp_size - crp_cipher);
burn(j);
T( traceblk(TRACE_CRYPTO, "crypto: ciphertext reply:", buff, crp_size); )
- icrypt_init(&j, sk, buff + crp_iv);
+ icrypt_init(&j, sk, BLOWFISH_KEYSIZE, buff + crp_iv);
icrypt_decrypt(&j, buff + crp_cipher,
buff + crp_cipher, crp_size - crp_cipher);
burn(j);
int main(int argc, char *argv[])
{
unsigned char buff[8];
- unsigned char sk[IDEA_KEYSIZE], k[IDEA_KEYSIZE];
+ unsigned char sk[BLOWFISH_KEYSIZE], k[BLOWFISH_KEYSIZE];
FILE *fp;
ego(argv[0]);
/* -*-c-*-
*
- * $Id: crypt.h,v 1.2 1997/08/04 10:24:21 mdw Exp $
+ * $Id: crypt.h,v 1.2.2.1 1997/09/26 09:08:04 mdw Exp $
*
* Cryptographic transfer of `become' requests
*
/*----- Revision history --------------------------------------------------*
*
* $Log: crypt.h,v $
+ * Revision 1.2.2.1 1997/09/26 09:08:04 mdw
+ * Use the Blowfish encryption algorithm instead of IDEA. This is partly
+ * because I prefer Blowfish (without any particularly strong evidence) but
+ * mainly because IDEA is patented and Blowfish isn't.
+ *
* Revision 1.2 1997/08/04 10:24:21 mdw
* Sources placed under CVS control.
*
/* --- Encryption formats --- */
enum {
- cryptType_idea, /* Symmetric IDEA encryption */
+ cryptType_blowfish, /* Symmetric Blowfish encryption */
cryptType_rsa /* Public key RSA (later project) */
};
+/* --- Blowfish has a variable key size --- *
+ *
+ * Fix a key size here.
+ */
+
+#define BLOWFISH_KEYSIZE (16u)
+
/* --- Encrypted buffer format --- *
*
* C structures are no good here. Time for some explicit offsets.
enum {
crq_cryptType = 0, /* Encryption type (1 byte) */
crq_iv = crq_cryptType + 1, /* Plaintext IV (8 bytes) */
- crq_session = crq_iv + 8, /* IDEA session key (16 bytes) */
+ crq_session = crq_iv + 8, /* Session key (16 bytes) */
crq_cipher = crq_session + 16, /* Where to start encrypting */
crq_time = crq_cipher, /* Time stamp (4 bytes) */
crq_pid = crq_time + 4, /* Process ID (4 bytes) */
/* -*-c-*-
*
- * $Id: daemon.c,v 1.7 1997/09/17 10:23:23 mdw Exp $
+ * $Id: daemon.c,v 1.7.2.1 1997/09/26 09:08:05 mdw Exp $
*
* Running a `become' daemon
*
/*----- Revision history --------------------------------------------------*
*
* $Log: daemon.c,v $
+ * Revision 1.7.2.1 1997/09/26 09:08:05 mdw
+ * Use the Blowfish encryption algorithm instead of IDEA. This is partly
+ * because I prefer Blowfish (without any particularly strong evidence) but
+ * mainly because IDEA is patented and Blowfish isn't.
+ *
* Revision 1.7 1997/09/17 10:23:23 mdw
* Fix a typo. Port numbers are in network order now, so don't change them.
*
/* --- Local headers --- */
#include "become.h"
+#include "blowfish.h"
#include "config.h"
#include "crypt.h"
#include "daemon.h"
-#include "idea.h"
#include "lexer.h"
#include "name.h"
#include "netg.h"
static volatile sig_atomic_t daemon__rescan = 0; /* Rescan as soon as poss */
#define daemon__signum daemon__rescan /* Alias for readbility */
static int daemon__readKey = 0; /* Have I read a key? */
-static unsigned char daemon__key[IDEA_KEYSIZE]; /* encryption key */
+static unsigned char daemon__key[BLOWFISH_KEYSIZE]; /* Encryption key */
static jmp_buf daemon__dieBuf; /* Jump here to kill the daemon */
/*----- Main code ---------------------------------------------------------*/
unsigned char rpl[crp_size]; /* Buffer for outgoing replies */
struct sockaddr_in sin; /* Address of packet sender */
char sender[64]; /* Sender's hostname (resolved) */
- unsigned char sk[IDEA_KEYSIZE]; /* Session key for reply */
+ unsigned char sk[BLOWFISH_KEYSIZE]; /* Session key for reply */
request rq; /* Request buffer for verification */
/* --- Read the message --- */
if (daemon__port == 0) {
struct servent *se = getservbyname(quis(), "udp");
if (!se)
- die("no idea which port to use");
+ die("no idea which port to listen to");
daemon__port = se->s_port;
}
/* -*-c-*-
*
- * $Id: icrypt.c,v 1.2 1997/08/04 10:24:22 mdw Exp $
+ * $Id: icrypt.c,v 1.2.2.1 1997/09/26 09:08:07 mdw Exp $
*
- * Higher level IDEA encryption
+ * Higher level encryption functions
*
* (c) 1997 Mark Wooding
*/
/*----- Revision history --------------------------------------------------*
*
* $Log: icrypt.c,v $
+ * Revision 1.2.2.1 1997/09/26 09:08:07 mdw
+ * Use the Blowfish encryption algorithm instead of IDEA. This is partly
+ * because I prefer Blowfish (without any particularly strong evidence) but
+ * mainly because IDEA is patented and Blowfish isn't.
+ *
* Revision 1.2 1997/08/04 10:24:22 mdw
* Sources placed under CVS control.
*
/* --- Local headers --- */
+#include "blowfish.h"
#include "config.h"
#include "icrypt.h"
-#include "idea.h"
/*----- Main code ---------------------------------------------------------*/
*
* Arguments: @icrypt_job *j@ = pointer to job context block
* @unsigned char *k@ = pointer to key data
+ * @size_t sz@ = size of the key data
* @const unsigned char *iv@ = pointer to IV
*
* Returns: ---
* Use: Primes the context block ready for encryption.
*/
-void icrypt_init(icrypt_job *j, unsigned char *k, const unsigned char *iv)
+void icrypt_init(icrypt_job *j, unsigned char *k,
+ size_t sz, const unsigned char *iv)
{
- idea_ekeys(&j->k, k);
+ blowfish_setKey(&j->k, k, sz);
if (iv)
- memcpy(j->iv, iv, IDEA_BLKSIZE);
+ memcpy(j->iv, iv, BLOWFISH_BLKSIZE);
else
- memset(j->iv, 0, IDEA_BLKSIZE);
+ memset(j->iv, 0, BLOWFISH_BLKSIZE);
j->i = 8;
}
void icrypt_encrypt(icrypt_job *j, const void *src, void *dest, size_t sz)
{
- const char *s = src;
- char *d = dest;
+ const unsigned char *s = src;
+ unsigned char *d = dest;
int i;
/* --- First, use up bytes in the buffer --- */
- while (j->i < IDEA_BLKSIZE && sz > 0) {
+ while (j->i < BLOWFISH_BLKSIZE && sz > 0) {
*d++ = j->iv[j->i++] ^= *s++;
sz--;
}
/* --- Now encrypt larger chunks at a time --- */
- while (sz >= IDEA_BLKSIZE) {
+ while (sz >= BLOWFISH_BLKSIZE) {
/* --- Freshen the IV --- */
- idea_encrypt(&j->k, j->iv, j->iv);
+ blowfish_encrypt(&j->k, j->iv, j->iv);
/* --- Now encrypt some more bytes --- */
- for (i = 0; i < IDEA_BLKSIZE; i++) {
+ for (i = 0; i < BLOWFISH_BLKSIZE; i++) {
*d++ = j->iv[i] ^= *s++;
}
- sz -= IDEA_BLKSIZE;
+ sz -= BLOWFISH_BLKSIZE;
}
if (!sz) return;
/* --- Do the tail-end bits --- */
- idea_encrypt(&j->k, j->iv, j->iv);
+ blowfish_encrypt(&j->k, j->iv, j->iv);
j->i = 0;
while (sz) {
*d++ = j->iv[j->i++] ^= *s++;
void icrypt_decrypt(icrypt_job *j, const void *src, void *dest, size_t sz)
{
- const char *s = src;
- char *d = dest;
+ unsigned const char *s = src;
+ unsigned char *d = dest;
int i;
- char c;
+ unsigned char c;
/* --- First, use up bytes in the buffer --- */
- while (j->i < IDEA_BLKSIZE && sz > 0) {
+ while (j->i < BLOWFISH_BLKSIZE && sz > 0) {
c = *s++;
*d++ = j->iv[j->i] ^ c;
j->iv[j->i++] = c;
/* --- Now encrypt larger chunks at a time --- */
- while (sz >= IDEA_BLKSIZE) {
+ while (sz >= BLOWFISH_BLKSIZE) {
/* --- Freshen the IV --- */
- idea_encrypt(&j->k, j->iv, j->iv);
+ blowfish_encrypt(&j->k, j->iv, j->iv);
/* --- Now encrypt some more bytes --- */
- for (i = 0; i < IDEA_BLKSIZE; i++) {
+ for (i = 0; i < BLOWFISH_BLKSIZE; i++) {
c = *s++;
*d++ = j->iv[i] ^ c;
j->iv[i] = c;
}
- sz -= IDEA_BLKSIZE;
+ sz -= BLOWFISH_BLKSIZE;
}
if (!sz) return;
/* --- Do the tail-end bits --- */
- idea_encrypt(&j->k, j->iv, j->iv);
+ blowfish_encrypt(&j->k, j->iv, j->iv);
j->i = 0;
while (sz) {
c = *s++;
* Arguments: @icrypt_job *j@ = pointer to job context block
* @unsigned char *k@ = pointer to key data, or zero for
* no change
+ * @size_t sz@ = size of the key in bytes
* @const unsigned char *iv@ = pointer to IV, or zero
*
* Returns: ---
* of a session key, for example.
*/
-void icrypt_reset(icrypt_job *j, unsigned char *k, const unsigned char *iv)
+void icrypt_reset(icrypt_job *j, unsigned char *k,
+ size_t sz, const unsigned char *iv)
{
if (k)
- idea_ekeys(&j->k, k);
+ blowfish_setKey(&j->k, k, sz);
if (iv)
- memcpy(j->iv, iv, IDEA_BLKSIZE);
+ memcpy(j->iv, iv, BLOWFISH_BLKSIZE);
else {
- unsigned char b[IDEA_BLKSIZE];
- int n = j->i, o = IDEA_BLKSIZE - j->i;
+ unsigned char b[BLOWFISH_BLKSIZE];
+ int n = j->i, o = BLOWFISH_BLKSIZE - j->i;
memcpy(b, j->iv, sizeof(b));
memcpy(j->iv, b + n, o);
void icrypt_saveIV(icrypt_job *j, unsigned char *iv)
{
- int n = j->i, o = IDEA_BLKSIZE - j->i;
+ int n = j->i, o = BLOWFISH_BLKSIZE - j->i;
memcpy(j->iv, iv + n, o);
memcpy(j->iv + o, iv, n);
- idea_encrypt(&j->k, iv, iv);
+ blowfish_encrypt(&j->k, iv, iv);
}
/*----- Test rig ----------------------------------------------------------*/
#include <errno.h>
#include <pwd.h>
#include <unistd.h>
+#include "crypt.h"
#include "mdwopt.h"
#include "md5.h"
#include "utils.h"
{
char *pass = getpass("Password: ");
- unsigned char k[IDEA_KEYSIZE];
+ unsigned char k[BLOWFISH_KEYSIZE];
md5_init(&md);
md5_buffer(&md, pass, strlen(pass));
memset(pass, 0, strlen(pass));
md5_final(&md, k);
- icrypt_init(&j, k, 0);
+ icrypt_init(&j, k, BLOWFISH_KEYSIZE, 0);
}
if (optind >= argc)
/* -*-c-*-
*
- * $Id: icrypt.h,v 1.2 1997/08/04 10:24:22 mdw Exp $
+ * $Id: icrypt.h,v 1.2.2.1 1997/09/26 09:08:08 mdw Exp $
*
- * Higher level IDEA encryption
+ * Higher level encryption functions
*
* (c) 1997 Mark Wooding
*/
/*----- Revision history --------------------------------------------------*
*
* $Log: icrypt.h,v $
+ * Revision 1.2.2.1 1997/09/26 09:08:08 mdw
+ * Use the Blowfish encryption algorithm instead of IDEA. This is partly
+ * because I prefer Blowfish (without any particularly strong evidence) but
+ * mainly because IDEA is patented and Blowfish isn't.
+ *
* Revision 1.2 1997/08/04 10:24:22 mdw
* Sources placed under CVS control.
*
#include <stddef.h>
-#ifndef CONFIG_H
-# include "config.h"
+#ifndef BLOWFISH_H
+# include "blowfish.h"
#endif
-#ifndef IDEA_H
-# include "idea.h"
+#ifndef CONFIG_H
+# include "config.h"
#endif
/*----- Type definitions --------------------------------------------------*/
/* --- @icrypt_job@ --- */
typedef struct icrypt_job {
- idea_key k; /* IDEA key for en/decrypting */
+ blowfish_key k; /* Key for en/decrypting */
int i; /* Index into the IV buffer */
- char iv[IDEA_BLKSIZE]; /* IV bytes for encrypting */
+ unsigned char iv[BLOWFISH_BLKSIZE]; /* IV bytes for encrypting */
} icrypt_job;
/*----- Functions provided ------------------------------------------------*/
-/* --- @icrypt_init@ --- *
- *
- * Arguments: @icrypt_job *j@ = pointer to job context block
- * @unsigned char *k@ = pointer to key data
- * @const unsigned char *iv@ = pointer to IV
- *
- * Returns: ---
- *
- * Use: Primes the context block ready for encryption.
- */
-
extern void icrypt_init(icrypt_job */*j*/,
unsigned char */*k*/,
+ size_t /*sz*/,
const unsigned char */*iv*/);
/* --- @icrypt_encrypt@ --- *
* Arguments: @icrypt_job *j@ = pointer to job context block
* @unsigned char *k@ = pointer to key data, or zero for
* no change
+ * @size_t sz@ = size of the key in bytes
* @const unsigned char *iv@ = pointer to IV, or zero
*
* Returns: ---
extern void icrypt_reset(icrypt_job */*j*/,
unsigned char */*k*/,
+ size_t /*sz*/,
const unsigned char */*iv*/);
/* --- @icrypt_saveIV@ --- *
~mdw / become / commitdiff