Print this page
first pass

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/libnsl/key/xcrypt.c
          +++ new/usr/src/lib/libnsl/key/xcrypt.c
↓ open down ↓ 52 lines elided ↑ open up ↑
  53   53  #define MD5HEXSIZE      32
  54   54  
  55   55  extern int bin2hex(int len, unsigned char *binnum, char *hexnum);
  56   56  extern int hex2bin(int len, char *hexnum, char *binnum);
  57   57  static char hex[];      /* forward */
  58   58  static char hexval();
  59   59  
  60   60  int passwd2des(char *, char *);
  61   61  static int weak_DES_key(des_block);
  62   62  
  63      -/* EXPORT DELETE START */
  64   63  /*
  65   64   * For export control reasons, we want to limit the maximum size of
  66   65   * data that can be encrypted or decrypted.  We limit this to 1024
  67   66   * bits of key data, which amounts to 128 bytes.
  68   67   *
  69   68   * For the extended DH project, we have increased it to
  70   69   * 144 bytes (128key + 16checksum) to accomadate all the 128 bytes
  71   70   * being used by the new 1024bit keys plus 16 bytes MD5 checksum.
  72   71   * We discussed this with Sun's export control office and lawyers
  73   72   * and we have reason to believe this is ok for export.
  74   73   */
  75   74  #define MAX_KEY_CRYPT_LEN       144
  76      -/* EXPORT DELETE END */
  77   75  
  78   76  /*
  79   77   * Encrypt a secret key given passwd
  80   78   * The secret key is passed and returned in hex notation.
  81   79   * Its length must be a multiple of 16 hex digits (64 bits).
  82   80   */
  83   81  int
  84   82  xencrypt(secret, passwd)
  85   83          char *secret;
  86   84          char *passwd;
  87   85  {
  88      -/* EXPORT DELETE START */
  89   86          char key[8];
  90   87          char ivec[8];
  91   88          char *buf;
  92   89          int err;
  93   90          int len;
  94   91  
  95   92          len = (int)strlen(secret) / 2;
  96   93          if (len > MAX_KEY_CRYPT_LEN)
  97   94                  return (0);
  98   95          buf = malloc((unsigned)len);
↓ open down ↓ 2 lines elided ↑ open up ↑
 101   98          (void) memset(ivec, 0, 8);
 102   99  
 103  100          err = cbc_crypt(key, buf, len, DES_ENCRYPT | DES_HW, ivec);
 104  101          if (DES_FAILED(err)) {
 105  102                  free(buf);
 106  103                  return (0);
 107  104          }
 108  105          (void) bin2hex(len, (unsigned char *) buf, secret);
 109  106          free(buf);
 110  107          return (1);
 111      -#if 0
 112      -/* EXPORT DELETE END */
 113      -        return (0);
 114      -/* EXPORT DELETE START */
 115      -#endif
 116      -/* EXPORT DELETE END */
 117  108  }
 118  109  
 119  110  /*
 120  111   * Decrypt secret key using passwd
 121  112   * The secret key is passed and returned in hex notation.
 122  113   * Once again, the length is a multiple of 16 hex digits
 123  114   */
 124  115  int
 125  116  xdecrypt(secret, passwd)
 126  117          char *secret;
 127  118          char *passwd;
 128  119  {
 129      -/* EXPORT DELETE START */
 130  120          char key[8];
 131  121          char ivec[8];
 132  122          char *buf;
 133  123          int err;
 134  124          int len;
 135  125  
 136  126          len = (int)strlen(secret) / 2;
 137  127          if (len > MAX_KEY_CRYPT_LEN)
 138  128                  return (0);
 139  129          buf = malloc((unsigned)len);
↓ open down ↓ 3 lines elided ↑ open up ↑
 143  133          (void) memset(ivec, 0, 8);
 144  134  
 145  135          err = cbc_crypt(key, buf, len, DES_DECRYPT | DES_HW, ivec);
 146  136          if (DES_FAILED(err)) {
 147  137                  free(buf);
 148  138                  return (0);
 149  139          }
 150  140          (void) bin2hex(len, (unsigned char *) buf, secret);
 151  141          free(buf);
 152  142          return (1);
 153      -#if 0
 154      -/* EXPORT DELETE END */
 155      -        return (0);
 156      -/* EXPORT DELETE START */
 157      -#endif
 158      -/* EXPORT DELETE END */
 159  143  }
 160  144  
 161  145  /*
 162  146   * Turn password into DES key
 163  147   */
 164  148  int
 165  149  passwd2des(pw, key)
 166  150          char *pw;
 167  151          char *key;
 168  152  {
↓ open down ↓ 88 lines elided ↑ open up ↑
 257  241  int
 258  242  xencrypt_g(
 259  243          char *secret,                   /* in  */
 260  244          keylen_t keylen,                /* in  */
 261  245          algtype_t algtype,              /* in  */
 262  246          const char *passwd,             /* in  */
 263  247          const char netname[],           /* in  */
 264  248          char **encrypted_secret,        /* out */
 265  249          bool_t do_chksum)               /* in  */
 266  250  {
 267      -/* EXPORT DELETE START */
 268  251          des_block key;
 269  252          char ivec[8];
 270  253          char *binkeybuf;
 271  254          int err;
 272  255          const int classic_des = keylen == 192 && algtype == 0;
 273  256          const int hexkeybytes = BITS2NIBBLES(keylen);
 274  257          const int keychecksumsize = classic_des ? KEYCHECKSUMSIZE : MD5HEXSIZE;
 275  258          const int binkeybytes = do_chksum ? keylen/8 + keychecksumsize/2 :
 276  259                  keylen/8;
 277  260          const int bufsize = do_chksum ? hexkeybytes + keychecksumsize + 1 :
↓ open down ↓ 57 lines elided ↑ open up ↑
 335  318                          ivec);
 336  319          if (DES_FAILED(err)) {
 337  320                  free(hexkeybuf);
 338  321                  free(binkeybuf);
 339  322                  return (0);
 340  323          }
 341  324          (void) bin2hex(binkeybytes, (unsigned char *) binkeybuf, hexkeybuf);
 342  325          free(binkeybuf);
 343  326          *encrypted_secret = hexkeybuf;
 344  327          return (1);
 345      -#if 0
 346      -/* EXPORT DELETE END */
 347      -        return (0);
 348      -/* EXPORT DELETE START */
 349      -#endif
 350      -/* EXPORT DELETE END */
 351  328  }
 352  329  
 353  330  /*
 354  331   * Generic key len and alg type for version of xdecrypt.
 355  332   *
 356  333   * Decrypt secret key using passwd.  The decrypted secret key
 357  334   * *overwrites* the supplied encrypted secret key.
 358  335   * The secret key is passed and returned in hex notation.
 359  336   * Once again, the length is a multiple of 16 hex digits.
 360  337   *
↓ open down ↓ 7 lines elided ↑ open up ↑
 368  345   */
 369  346  int
 370  347  xdecrypt_g(
 371  348          char *secret,           /* out  */
 372  349          int keylen,             /* in  */
 373  350          int algtype,            /* in  */
 374  351          const char *passwd,     /* in  */
 375  352          const char netname[],   /* in  */
 376  353          bool_t do_chksum)       /* in  */
 377  354  {
 378      -/* EXPORT DELETE START */
 379  355          des_block key;
 380  356          char ivec[8];
 381  357          char *buf;
 382  358          int err;
 383  359          int len;
 384  360          const int classic_des = keylen == 192 && algtype == 0;
 385  361          const int hexkeybytes = BITS2NIBBLES(keylen);
 386  362          const int keychecksumsize = classic_des ? KEYCHECKSUMSIZE : MD5HEXSIZE;
 387  363  
 388  364          len = (int)strlen(secret) / 2;
↓ open down ↓ 47 lines elided ↑ open up ↑
 436  412                          if (memcmp(&(secret[hexkeybytes]),
 437  413                                          md5hexbuf, MD5HEXSIZE) != 0) {
 438  414                                  secret[0] = 0;
 439  415                                  return (0);
 440  416                          }
 441  417                  }
 442  418  
 443  419          secret[hexkeybytes] = '\0';
 444  420  
 445  421          return (1);
 446      -#if 0
 447      -/* EXPORT DELETE END */
 448      -        return (0);
 449      -/* EXPORT DELETE START */
 450      -#endif
 451      -/* EXPORT DELETE END */
 452  422  }
 453  423  
 454  424  
 455  425  /*
 456  426   * Modified version of passwd2des(). passwd2des_g() uses the Kerberos
 457  427   * RFC 1510 algorithm to generate a DES key from a user password
 458  428   * and mix-in string. The mix-in is expected to be the netname.
 459  429   * This function to be used only for extended Diffie-Hellman keys.
 460  430   *
 461  431   * If altarg is TRUE, reverse the concat of passwd and mix-in.
↓ open down ↓ 164 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX