From 9e5602f0603b771fdda16731ab5bf6e460fe8795 Mon Sep 17 00:00:00 2001 From: mdw Date: Fri, 26 Sep 1997 09:14:58 +0000 Subject: [PATCH] Merged blowfish branch into trunk. --- src/Makefile.am | 14 +++++++-- src/become.c | 10 +++++- src/blowfish.h | 20 +++++++++++- src/check.c | 16 +++++++--- src/crypt.c | 96 ++++++++++++++++++++++++++++++++++++++++----------------- src/crypt.h | 21 +++++++++++-- src/daemon.c | 18 ++++++++--- src/icrypt.c | 79 +++++++++++++++++++++++++++-------------------- src/icrypt.h | 38 +++++++++++------------ 9 files changed, 215 insertions(+), 97 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index de36c99..9635e72 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,7 +1,7 @@ ## Process this file with `automake' to generate `Makefile.in' ## -*-makefile-*- ## -## $Id: Makefile.am,v 1.6 1997/09/18 11:17:18 mdw Exp $ +## $Id: Makefile.am,v 1.7 1997/09/26 09:14:57 mdw Exp $ ## ## Makefile for `become' ## @@ -29,6 +29,14 @@ ##----- Revision history ---------------------------------------------------- ## ## $Log: Makefile.am,v $ +## Revision 1.7 1997/09/26 09:14:57 mdw +## Merged blowfish branch into trunk. +## +## Revision 1.6.2.1 1997/09/26 09:07:56 mdw +## Use the Blowfish encryption algorithm instead of IDEA. This is partly +## because I prefer Blowfish (without any particularly strong evidence) but +## mainly because IDEA is patented and Blowfish isn't. +## ## Revision 1.6 1997/09/18 11:17:18 mdw ## Fix comment leaders. Don't know why this CVS keeps breaking them. ## Could be DEC's bogus version of RCS being picked up. @@ -65,7 +73,7 @@ bcm_SOURCES = \ class.c name.c netg.c rule.c sym.c userdb.c \ crypt.c \ noise.c rand.c \ - icrypt.c idea.c md5.c \ + icrypt.c blowfish.c md5.c \ mdwopt.c tx.c utils.c \ \ become.h \ @@ -74,7 +82,7 @@ bcm_SOURCES = \ class.h name.h netg.h rule.h sym.h userdb.h \ crypt.h \ noise.h rand.h \ - icrypt.h idea.h md5.h \ + icrypt.h blowfish.h blowfish-sbox.h md5.h \ mdwopt.h tx.h utils.h \ dbutils.h diff --git a/src/become.c b/src/become.c index 54e5551..c53b00b 100644 --- a/src/become.c +++ b/src/become.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: become.c,v 1.12 1997/09/25 16:04:48 mdw Exp $ + * $Id: become.c,v 1.13 1997/09/26 09:14:57 mdw Exp $ * * Main code for `become' * @@ -29,10 +29,18 @@ /*----- Revision history --------------------------------------------------* * * $Log: become.c,v $ + * Revision 1.13 1997/09/26 09:14:57 mdw + * Merged blowfish branch into trunk. + * * Revision 1.12 1997/09/25 16:04:48 mdw * Change directory after becoming someone else, instead of before. This * avoids problems with root-squashed NFS mounts. * + * Revision 1.11.2.1 1997/09/26 09:07:58 mdw + * Use the Blowfish encryption algorithm instead of IDEA. This is partly + * because I prefer Blowfish (without any particularly strong evidence) but + * mainly because IDEA is patented and Blowfish isn't. + * * Revision 1.11 1997/09/24 09:48:45 mdw * Fix (scary) overrun bug in group allocation stuff. * diff --git a/src/blowfish.h b/src/blowfish.h index e291206..668a661 100644 --- a/src/blowfish.h +++ b/src/blowfish.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: blowfish.h,v 1.3 1997/08/07 09:43:20 mdw Exp $ + * $Id: blowfish.h,v 1.4 1997/09/26 09:14:57 mdw Exp $ * * Blowfish encryption routines * @@ -29,6 +29,14 @@ /*----- Revision history --------------------------------------------------* * * $Log: blowfish.h,v $ + * Revision 1.4 1997/09/26 09:14:57 mdw + * Merged blowfish branch into trunk. + * + * Revision 1.3.2.1 1997/09/26 09:07:59 mdw + * Use the Blowfish encryption algorithm instead of IDEA. This is partly + * because I prefer Blowfish (without any particularly strong evidence) but + * mainly because IDEA is patented and Blowfish isn't. + * * Revision 1.3 1997/08/07 09:43:20 mdw * Fix address of the FSF. * @@ -47,6 +55,12 @@ extern "C" { #endif +/*----- Required headers --------------------------------------------------*/ + +#ifndef CONFIG_H +# include "config.h" +#endif + /*----- Type definitions --------------------------------------------------*/ /* --- A blowfish expanded key --- */ @@ -59,6 +73,10 @@ typedef struct blowfish_key { uint_32 s3[256]; } blowfish_key; +/* --- Size of a blowfish block --- */ + +#define BLOWFISH_BLKSIZE (8u) + /*----- Functions provided ------------------------------------------------*/ /* --- @blowfish_encrypt@ --- * diff --git a/src/check.c b/src/check.c index a9f8ec4..7e61433 100644 --- a/src/check.c +++ b/src/check.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: check.c,v 1.4 1997/08/07 09:52:05 mdw Exp $ + * $Id: check.c,v 1.5 1997/09/26 09:14:58 mdw Exp $ * * Check validity of requests * @@ -29,6 +29,14 @@ /*----- Revision history --------------------------------------------------* * * $Log: check.c,v $ + * Revision 1.5 1997/09/26 09:14:58 mdw + * Merged blowfish branch into trunk. + * + * Revision 1.4.2.1 1997/09/26 09:08:01 mdw + * Use the Blowfish encryption algorithm instead of IDEA. This is partly + * because I prefer Blowfish (without any particularly strong evidence) but + * mainly because IDEA is patented and Blowfish isn't. + * * Revision 1.4 1997/08/07 09:52:05 mdw * (Log entry for previous version is bogus.) Added support for multiple * servers. @@ -68,9 +76,9 @@ /* --- Local headers --- */ #include "become.h" +#include "blowfish.h" #include "config.h" #include "crypt.h" -#include "idea.h" #include "lexer.h" #include "name.h" #include "netg.h" @@ -133,14 +141,14 @@ static int check__ask(request *rq, struct sockaddr_in *serv, size_t n_serv) { int fd; unsigned char crq[crq_size]; - unsigned char sk[IDEA_KEYSIZE]; + unsigned char sk[BLOWFISH_KEYSIZE]; time_t t; pid_t pid; /* --- First, build the encrypted request packet --- */ { - unsigned char k[IDEA_KEYSIZE]; + unsigned char k[BLOWFISH_KEYSIZE]; FILE *fp; /* --- Read in the encryption key --- */ diff --git a/src/crypt.c b/src/crypt.c index d052471..4148cdb 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: crypt.c,v 1.2 1997/08/04 10:24:21 mdw Exp $ + * $Id: crypt.c,v 1.3 1997/09/26 09:14:58 mdw Exp $ * * Cryptographic transfer of `become' requests * @@ -29,6 +29,14 @@ /*----- Revision history --------------------------------------------------* * * $Log: crypt.c,v $ + * Revision 1.3 1997/09/26 09:14:58 mdw + * Merged blowfish branch into trunk. + * + * Revision 1.2.2.1 1997/09/26 09:08:02 mdw + * Use the Blowfish encryption algorithm instead of IDEA. This is partly + * because I prefer Blowfish (without any particularly strong evidence) but + * mainly because IDEA is patented and Blowfish isn't. + * * Revision 1.2 1997/08/04 10:24:21 mdw * Sources placed under CVS control. * @@ -59,10 +67,10 @@ /* --- Local headers --- */ #include "become.h" +#include "blowfish.h" #include "config.h" #include "crypt.h" #include "icrypt.h" -#include "idea.h" #include "md5.h" #include "noise.h" #include "rand.h" @@ -124,7 +132,7 @@ static void crypt__sessionKey(const char *seedfile, unsigned char *k, { icrypt_job j; - icrypt_init(&j, k, 0); + icrypt_init(&j, k, BLOWFISH_KEYSIZE, 0); rand_encrypt(&j); burn(j); } @@ -132,13 +140,13 @@ static void crypt__sessionKey(const char *seedfile, unsigned char *k, /* --- Generate the session key and IV --- */ noise_acquire(); - rand_extract(sk, IDEA_KEYSIZE); - rand_extract(iv, IDEA_BLKSIZE); + rand_extract(sk, BLOWFISH_KEYSIZE); + rand_extract(iv, BLOWFISH_BLKSIZE); IF_TRACING(TRACE_CRYPTO, - traceblk(TRACE_CRYPTO, "crypto: session key:", sk, IDEA_KEYSIZE); + traceblk(TRACE_CRYPTO, "crypto: session key:", sk, BLOWFISH_KEYSIZE); traceblk(TRACE_CRYPTO, "crypto: initialisation vector:", - iv, IDEA_BLKSIZE); + iv, BLOWFISH_BLKSIZE); ); /* --- Write the seed back --- */ @@ -171,7 +179,7 @@ void crypt_packRequest(request *rq, unsigned char *buff, { /* --- First, build the easy stuff in the block --- */ - buff[crq_cryptType] = cryptType_idea; + buff[crq_cryptType] = cryptType_blowfish; store32(buff + crq_time, t); store32(buff + crq_pid, pid); store32(buff + crq_from, rq->from); @@ -180,7 +188,7 @@ void crypt_packRequest(request *rq, unsigned char *buff, /* --- Now generate session keys and things --- */ crypt__sessionKey(file_RANDSEED, k, sk, buff + crq_iv); - memcpy(buff + crq_session, sk, IDEA_KEYSIZE); + memcpy(buff + crq_session, sk, BLOWFISH_KEYSIZE); /* --- The string causes a few problems --- * * @@ -190,9 +198,9 @@ void crypt_packRequest(request *rq, unsigned char *buff, * version of this code used @strncpy@ which is even worse!) * * I'll fill the block with random (from @rand@(3) -- nothing too - * elaborate) and then encrypt it using IDEA in CFB mode, using the first - * few bytes as the key. This should provide a sufficiently unpredictable - * background for the block. + * elaborate) and then encrypt it using Blowfish in CFB mode, using the + * first few bytes as the key. This should provide a sufficiently + * unpredictable background for the block. */ { @@ -200,7 +208,7 @@ void crypt_packRequest(request *rq, unsigned char *buff, unsigned char *p; unsigned u; md5 md; - unsigned char qk[IDEA_KEYSIZE]; + unsigned char qk[BLOWFISH_KEYSIZE]; /* --- Initialise the buffer with junk --- */ @@ -213,7 +221,8 @@ void crypt_packRequest(request *rq, unsigned char *buff, p = buff + crq_cmd; md5_init(&md); md5_buffer(&md, p, CMDLEN_MAX); md5_final(&md, qk); - icrypt_init(&j, qk, 0); icrypt_encrypt(&j, p, p, CMDLEN_MAX); + icrypt_init(&j, qk, BLOWFISH_KEYSIZE, 0); + icrypt_encrypt(&j, p, p, CMDLEN_MAX); burn(j); burn(qk); burn(md); /* --- Copy the string into here --- */ @@ -248,9 +257,24 @@ void crypt_packRequest(request *rq, unsigned char *buff, T( traceblk(TRACE_CRYPTO, "crypto: plaintext request:", buff, crq_size); ) - icrypt_init(&j, k, buff + crq_iv); - icrypt_encrypt(&j, buff + crq_session, buff + crq_session, IDEA_KEYSIZE); - icrypt_reset(&j, sk, 0); + T( traceblk(TRACE_CRYPTO, "crypto: master key:", k, BLOWFISH_KEYSIZE); ) + T( traceblk(TRACE_CRYPTO, "crypto: initial iv:", + buff + crq_iv, BLOWFISH_BLKSIZE); ) + T( traceblk(TRACE_CRYPTO, "crypto: session key:", + sk, BLOWFISH_KEYSIZE); ) + + icrypt_init(&j, k, BLOWFISH_KEYSIZE, buff + crq_iv); + + icrypt_encrypt(&j, buff + crq_session, + buff + crq_session, BLOWFISH_KEYSIZE); + T( traceblk(TRACE_CRYPTO, "crypto: encrypted session key:", + buff + crq_session, BLOWFISH_KEYSIZE); ) + + icrypt_reset(&j, sk, BLOWFISH_KEYSIZE, 0); + + T( traceblk(TRACE_CRYPTO, "crypto: partial iv:", + j.iv, BLOWFISH_BLKSIZE); ) + icrypt_encrypt(&j, buff + crq_cipher, buff + crq_cipher, crq_size - crq_cipher); burn(j); @@ -280,7 +304,7 @@ int crypt_unpackRequest(request *rq, unsigned char *buff, { /* --- Check the encryption format --- */ - if (buff[crq_cryptType] != cryptType_idea) + if (buff[crq_cryptType] != cryptType_blowfish) return (0); } @@ -292,19 +316,35 @@ int crypt_unpackRequest(request *rq, unsigned char *buff, T( traceblk(TRACE_CRYPTO, "crypto: ciphertext request:", buff, crq_size); ) - icrypt_init(&j, k, buff + crq_iv); - icrypt_decrypt(&j, buff + crq_session, buff + crq_session, IDEA_KEYSIZE); - memcpy(sk, buff + crq_session, IDEA_KEYSIZE); - icrypt_reset(&j, sk, 0); + T( traceblk(TRACE_CRYPTO, "crypto: master key:", k, BLOWFISH_KEYSIZE); ) + T( traceblk(TRACE_CRYPTO, "crypto: initial iv:", + buff + crq_iv, BLOWFISH_BLKSIZE); ) + + icrypt_init(&j, k, BLOWFISH_KEYSIZE, buff + crq_iv); + T( traceblk(TRACE_CRYPTO, "crypto: job block:", &j, sizeof(j)); ) + + T( traceblk(TRACE_CRYPTO, "crypto: encrypted session key:", + buff + crq_session, BLOWFISH_KEYSIZE); ) + icrypt_decrypt(&j, buff + crq_session, + buff + crq_session, BLOWFISH_KEYSIZE); + memcpy(sk, buff + crq_session, BLOWFISH_KEYSIZE); + T( traceblk(TRACE_CRYPTO, "crypto: session key:", + sk, BLOWFISH_KEYSIZE); ) + + icrypt_reset(&j, sk, BLOWFISH_KEYSIZE, 0); + + T( traceblk(TRACE_CRYPTO, "crypto: partial iv:", + j.iv, BLOWFISH_BLKSIZE); ) + icrypt_decrypt(&j, buff + crq_cipher, buff + crq_cipher, crq_size - crq_cipher); icrypt_saveIV(&j, rpl + crp_iv); - memset(buff + crq_session, 0, IDEA_KEYSIZE); /* Burn, baby, burn */ - burn(j); - T( traceblk(TRACE_CRYPTO, "crypto: plaintext request:", buff, crq_size); ) + + memset(buff + crq_session, 0, BLOWFISH_KEYSIZE); /* Burn, baby, burn */ + burn(j); } { @@ -391,7 +431,7 @@ void crypt_packReply(unsigned char *buff, unsigned char *sk, int answer) T( traceblk(TRACE_CRYPTO, "crypto: plaintext reply:", buff, crp_size); ) - icrypt_init(&j, sk, buff + crp_iv); + icrypt_init(&j, sk, BLOWFISH_KEYSIZE, buff + crp_iv); icrypt_encrypt(&j, buff + crp_cipher, buff + crp_cipher, crp_size - crp_cipher); burn(j); @@ -422,7 +462,7 @@ int crypt_unpackReply(unsigned char *buff, unsigned char *sk, T( traceblk(TRACE_CRYPTO, "crypto: ciphertext reply:", buff, crp_size); ) - icrypt_init(&j, sk, buff + crp_iv); + icrypt_init(&j, sk, BLOWFISH_KEYSIZE, buff + crp_iv); icrypt_decrypt(&j, buff + crp_cipher, buff + crp_cipher, crp_size - crp_cipher); burn(j); @@ -471,7 +511,7 @@ int crypt_unpackReply(unsigned char *buff, unsigned char *sk, int main(int argc, char *argv[]) { unsigned char buff[8]; - unsigned char sk[IDEA_KEYSIZE], k[IDEA_KEYSIZE]; + unsigned char sk[BLOWFISH_KEYSIZE], k[BLOWFISH_KEYSIZE]; FILE *fp; ego(argv[0]); diff --git a/src/crypt.h b/src/crypt.h index e84f508..55a4753 100644 --- a/src/crypt.h +++ b/src/crypt.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: crypt.h,v 1.2 1997/08/04 10:24:21 mdw Exp $ + * $Id: crypt.h,v 1.3 1997/09/26 09:14:58 mdw Exp $ * * Cryptographic transfer of `become' requests * @@ -29,6 +29,14 @@ /*----- Revision history --------------------------------------------------* * * $Log: crypt.h,v $ + * Revision 1.3 1997/09/26 09:14:58 mdw + * Merged blowfish branch into trunk. + * + * Revision 1.2.2.1 1997/09/26 09:08:04 mdw + * Use the Blowfish encryption algorithm instead of IDEA. This is partly + * because I prefer Blowfish (without any particularly strong evidence) but + * mainly because IDEA is patented and Blowfish isn't. + * * Revision 1.2 1997/08/04 10:24:21 mdw * Sources placed under CVS control. * @@ -61,10 +69,17 @@ /* --- Encryption formats --- */ enum { - cryptType_idea, /* Symmetric IDEA encryption */ + cryptType_blowfish, /* Symmetric Blowfish encryption */ cryptType_rsa /* Public key RSA (later project) */ }; +/* --- Blowfish has a variable key size --- * + * + * Fix a key size here. + */ + +#define BLOWFISH_KEYSIZE (16u) + /* --- Encrypted buffer format --- * * * C structures are no good here. Time for some explicit offsets. @@ -73,7 +88,7 @@ enum { enum { crq_cryptType = 0, /* Encryption type (1 byte) */ crq_iv = crq_cryptType + 1, /* Plaintext IV (8 bytes) */ - crq_session = crq_iv + 8, /* IDEA session key (16 bytes) */ + crq_session = crq_iv + 8, /* Session key (16 bytes) */ crq_cipher = crq_session + 16, /* Where to start encrypting */ crq_time = crq_cipher, /* Time stamp (4 bytes) */ crq_pid = crq_time + 4, /* Process ID (4 bytes) */ diff --git a/src/daemon.c b/src/daemon.c index 317a7fb..61638df 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: daemon.c,v 1.7 1997/09/17 10:23:23 mdw Exp $ + * $Id: daemon.c,v 1.8 1997/09/26 09:14:58 mdw Exp $ * * Running a `become' daemon * @@ -29,6 +29,14 @@ /*----- Revision history --------------------------------------------------* * * $Log: daemon.c,v $ + * Revision 1.8 1997/09/26 09:14:58 mdw + * Merged blowfish branch into trunk. + * + * Revision 1.7.2.1 1997/09/26 09:08:05 mdw + * Use the Blowfish encryption algorithm instead of IDEA. This is partly + * because I prefer Blowfish (without any particularly strong evidence) but + * mainly because IDEA is patented and Blowfish isn't. + * * Revision 1.7 1997/09/17 10:23:23 mdw * Fix a typo. Port numbers are in network order now, so don't change them. * @@ -79,10 +87,10 @@ /* --- Local headers --- */ #include "become.h" +#include "blowfish.h" #include "config.h" #include "crypt.h" #include "daemon.h" -#include "idea.h" #include "lexer.h" #include "name.h" #include "netg.h" @@ -103,7 +111,7 @@ static int daemon__port = -1; /* No particular port yet */ static volatile sig_atomic_t daemon__rescan = 0; /* Rescan as soon as poss */ #define daemon__signum daemon__rescan /* Alias for readbility */ static int daemon__readKey = 0; /* Have I read a key? */ -static unsigned char daemon__key[IDEA_KEYSIZE]; /* encryption key */ +static unsigned char daemon__key[BLOWFISH_KEYSIZE]; /* Encryption key */ static jmp_buf daemon__dieBuf; /* Jump here to kill the daemon */ /*----- Main code ---------------------------------------------------------*/ @@ -219,7 +227,7 @@ void daemon__read(int fd) unsigned char rpl[crp_size]; /* Buffer for outgoing replies */ struct sockaddr_in sin; /* Address of packet sender */ char sender[64]; /* Sender's hostname (resolved) */ - unsigned char sk[IDEA_KEYSIZE]; /* Session key for reply */ + unsigned char sk[BLOWFISH_KEYSIZE]; /* Session key for reply */ request rq; /* Request buffer for verification */ /* --- Read the message --- */ @@ -328,7 +336,7 @@ void daemon_init(const char *cf, int port) if (daemon__port == 0) { struct servent *se = getservbyname(quis(), "udp"); if (!se) - die("no idea which port to use"); + die("no idea which port to listen to"); daemon__port = se->s_port; } diff --git a/src/icrypt.c b/src/icrypt.c index 589c5a5..de1d508 100644 --- a/src/icrypt.c +++ b/src/icrypt.c @@ -1,8 +1,8 @@ /* -*-c-*- * - * $Id: icrypt.c,v 1.2 1997/08/04 10:24:22 mdw Exp $ + * $Id: icrypt.c,v 1.3 1997/09/26 09:14:58 mdw Exp $ * - * Higher level IDEA encryption + * Higher level encryption functions * * (c) 1997 Mark Wooding */ @@ -29,6 +29,14 @@ /*----- Revision history --------------------------------------------------* * * $Log: icrypt.c,v $ + * Revision 1.3 1997/09/26 09:14:58 mdw + * Merged blowfish branch into trunk. + * + * Revision 1.2.2.1 1997/09/26 09:08:07 mdw + * Use the Blowfish encryption algorithm instead of IDEA. This is partly + * because I prefer Blowfish (without any particularly strong evidence) but + * mainly because IDEA is patented and Blowfish isn't. + * * Revision 1.2 1997/08/04 10:24:22 mdw * Sources placed under CVS control. * @@ -47,9 +55,9 @@ /* --- Local headers --- */ +#include "blowfish.h" #include "config.h" #include "icrypt.h" -#include "idea.h" /*----- Main code ---------------------------------------------------------*/ @@ -57,6 +65,7 @@ * * Arguments: @icrypt_job *j@ = pointer to job context block * @unsigned char *k@ = pointer to key data + * @size_t sz@ = size of the key data * @const unsigned char *iv@ = pointer to IV * * Returns: --- @@ -64,13 +73,14 @@ * Use: Primes the context block ready for encryption. */ -void icrypt_init(icrypt_job *j, unsigned char *k, const unsigned char *iv) +void icrypt_init(icrypt_job *j, unsigned char *k, + size_t sz, const unsigned char *iv) { - idea_ekeys(&j->k, k); + blowfish_setKey(&j->k, k, sz); if (iv) - memcpy(j->iv, iv, IDEA_BLKSIZE); + memcpy(j->iv, iv, BLOWFISH_BLKSIZE); else - memset(j->iv, 0, IDEA_BLKSIZE); + memset(j->iv, 0, BLOWFISH_BLKSIZE); j->i = 8; } @@ -89,13 +99,13 @@ void icrypt_init(icrypt_job *j, unsigned char *k, const unsigned char *iv) void icrypt_encrypt(icrypt_job *j, const void *src, void *dest, size_t sz) { - const char *s = src; - char *d = dest; + const unsigned char *s = src; + unsigned char *d = dest; int i; /* --- First, use up bytes in the buffer --- */ - while (j->i < IDEA_BLKSIZE && sz > 0) { + while (j->i < BLOWFISH_BLKSIZE && sz > 0) { *d++ = j->iv[j->i++] ^= *s++; sz--; } @@ -103,24 +113,24 @@ void icrypt_encrypt(icrypt_job *j, const void *src, void *dest, size_t sz) /* --- Now encrypt larger chunks at a time --- */ - while (sz >= IDEA_BLKSIZE) { + while (sz >= BLOWFISH_BLKSIZE) { /* --- Freshen the IV --- */ - idea_encrypt(&j->k, j->iv, j->iv); + blowfish_encrypt(&j->k, j->iv, j->iv); /* --- Now encrypt some more bytes --- */ - for (i = 0; i < IDEA_BLKSIZE; i++) { + for (i = 0; i < BLOWFISH_BLKSIZE; i++) { *d++ = j->iv[i] ^= *s++; } - sz -= IDEA_BLKSIZE; + sz -= BLOWFISH_BLKSIZE; } if (!sz) return; /* --- Do the tail-end bits --- */ - idea_encrypt(&j->k, j->iv, j->iv); + blowfish_encrypt(&j->k, j->iv, j->iv); j->i = 0; while (sz) { *d++ = j->iv[j->i++] ^= *s++; @@ -143,14 +153,14 @@ void icrypt_encrypt(icrypt_job *j, const void *src, void *dest, size_t sz) void icrypt_decrypt(icrypt_job *j, const void *src, void *dest, size_t sz) { - const char *s = src; - char *d = dest; + unsigned const char *s = src; + unsigned char *d = dest; int i; - char c; + unsigned char c; /* --- First, use up bytes in the buffer --- */ - while (j->i < IDEA_BLKSIZE && sz > 0) { + while (j->i < BLOWFISH_BLKSIZE && sz > 0) { c = *s++; *d++ = j->iv[j->i] ^ c; j->iv[j->i++] = c; @@ -160,26 +170,26 @@ void icrypt_decrypt(icrypt_job *j, const void *src, void *dest, size_t sz) /* --- Now encrypt larger chunks at a time --- */ - while (sz >= IDEA_BLKSIZE) { + while (sz >= BLOWFISH_BLKSIZE) { /* --- Freshen the IV --- */ - idea_encrypt(&j->k, j->iv, j->iv); + blowfish_encrypt(&j->k, j->iv, j->iv); /* --- Now encrypt some more bytes --- */ - for (i = 0; i < IDEA_BLKSIZE; i++) { + for (i = 0; i < BLOWFISH_BLKSIZE; i++) { c = *s++; *d++ = j->iv[i] ^ c; j->iv[i] = c; } - sz -= IDEA_BLKSIZE; + sz -= BLOWFISH_BLKSIZE; } if (!sz) return; /* --- Do the tail-end bits --- */ - idea_encrypt(&j->k, j->iv, j->iv); + blowfish_encrypt(&j->k, j->iv, j->iv); j->i = 0; while (sz) { c = *s++; @@ -194,6 +204,7 @@ void icrypt_decrypt(icrypt_job *j, const void *src, void *dest, size_t sz) * Arguments: @icrypt_job *j@ = pointer to job context block * @unsigned char *k@ = pointer to key data, or zero for * no change + * @size_t sz@ = size of the key in bytes * @const unsigned char *iv@ = pointer to IV, or zero * * Returns: --- @@ -202,15 +213,16 @@ void icrypt_decrypt(icrypt_job *j, const void *src, void *dest, size_t sz) * of a session key, for example. */ -void icrypt_reset(icrypt_job *j, unsigned char *k, const unsigned char *iv) +void icrypt_reset(icrypt_job *j, unsigned char *k, + size_t sz, const unsigned char *iv) { if (k) - idea_ekeys(&j->k, k); + blowfish_setKey(&j->k, k, sz); if (iv) - memcpy(j->iv, iv, IDEA_BLKSIZE); + memcpy(j->iv, iv, BLOWFISH_BLKSIZE); else { - unsigned char b[IDEA_BLKSIZE]; - int n = j->i, o = IDEA_BLKSIZE - j->i; + unsigned char b[BLOWFISH_BLKSIZE]; + int n = j->i, o = BLOWFISH_BLKSIZE - j->i; memcpy(b, j->iv, sizeof(b)); memcpy(j->iv, b + n, o); @@ -231,11 +243,11 @@ void icrypt_reset(icrypt_job *j, unsigned char *k, const unsigned char *iv) void icrypt_saveIV(icrypt_job *j, unsigned char *iv) { - int n = j->i, o = IDEA_BLKSIZE - j->i; + int n = j->i, o = BLOWFISH_BLKSIZE - j->i; memcpy(j->iv, iv + n, o); memcpy(j->iv + o, iv, n); - idea_encrypt(&j->k, iv, iv); + blowfish_encrypt(&j->k, iv, iv); } /*----- Test rig ----------------------------------------------------------*/ @@ -245,6 +257,7 @@ void icrypt_saveIV(icrypt_job *j, unsigned char *iv) #include #include #include +#include "crypt.h" #include "mdwopt.h" #include "md5.h" #include "utils.h" @@ -288,13 +301,13 @@ int main(int argc, char *argv[]) { char *pass = getpass("Password: "); - unsigned char k[IDEA_KEYSIZE]; + unsigned char k[BLOWFISH_KEYSIZE]; md5_init(&md); md5_buffer(&md, pass, strlen(pass)); memset(pass, 0, strlen(pass)); md5_final(&md, k); - icrypt_init(&j, k, 0); + icrypt_init(&j, k, BLOWFISH_KEYSIZE, 0); } if (optind >= argc) diff --git a/src/icrypt.h b/src/icrypt.h index 2117814..41bbcf8 100644 --- a/src/icrypt.h +++ b/src/icrypt.h @@ -1,8 +1,8 @@ /* -*-c-*- * - * $Id: icrypt.h,v 1.2 1997/08/04 10:24:22 mdw Exp $ + * $Id: icrypt.h,v 1.3 1997/09/26 09:14:58 mdw Exp $ * - * Higher level IDEA encryption + * Higher level encryption functions * * (c) 1997 Mark Wooding */ @@ -29,6 +29,14 @@ /*----- Revision history --------------------------------------------------* * * $Log: icrypt.h,v $ + * Revision 1.3 1997/09/26 09:14:58 mdw + * Merged blowfish branch into trunk. + * + * Revision 1.2.2.1 1997/09/26 09:08:08 mdw + * Use the Blowfish encryption algorithm instead of IDEA. This is partly + * because I prefer Blowfish (without any particularly strong evidence) but + * mainly because IDEA is patented and Blowfish isn't. + * * Revision 1.2 1997/08/04 10:24:22 mdw * Sources placed under CVS control. * @@ -48,12 +56,12 @@ #include -#ifndef CONFIG_H -# include "config.h" +#ifndef BLOWFISH_H +# include "blowfish.h" #endif -#ifndef IDEA_H -# include "idea.h" +#ifndef CONFIG_H +# include "config.h" #endif /*----- Type definitions --------------------------------------------------*/ @@ -61,26 +69,16 @@ /* --- @icrypt_job@ --- */ typedef struct icrypt_job { - idea_key k; /* IDEA key for en/decrypting */ + blowfish_key k; /* Key for en/decrypting */ int i; /* Index into the IV buffer */ - char iv[IDEA_BLKSIZE]; /* IV bytes for encrypting */ + unsigned char iv[BLOWFISH_BLKSIZE]; /* IV bytes for encrypting */ } icrypt_job; /*----- Functions provided ------------------------------------------------*/ -/* --- @icrypt_init@ --- * - * - * Arguments: @icrypt_job *j@ = pointer to job context block - * @unsigned char *k@ = pointer to key data - * @const unsigned char *iv@ = pointer to IV - * - * Returns: --- - * - * Use: Primes the context block ready for encryption. - */ - extern void icrypt_init(icrypt_job */*j*/, unsigned char */*k*/, + size_t /*sz*/, const unsigned char */*iv*/); /* --- @icrypt_encrypt@ --- * @@ -120,6 +118,7 @@ extern void icrypt_decrypt(icrypt_job */*j*/, const void */*src*/, * Arguments: @icrypt_job *j@ = pointer to job context block * @unsigned char *k@ = pointer to key data, or zero for * no change + * @size_t sz@ = size of the key in bytes * @const unsigned char *iv@ = pointer to IV, or zero * * Returns: --- @@ -130,6 +129,7 @@ extern void icrypt_decrypt(icrypt_job */*j*/, const void */*src*/, extern void icrypt_reset(icrypt_job */*j*/, unsigned char */*k*/, + size_t /*sz*/, const unsigned char */*iv*/); /* --- @icrypt_saveIV@ --- * -- 2.11.0