xref: /netbsd-src/bin/ed/cbc.c (revision cda4f8f6ee55684e8d311b86c99ea59191e6b74f) 
1 /* cbc.c: This file contains the encryption routines for the ed line editor */
2 /*-
3  * Copyright (c) 1991 The Regents of the University of California.
4  * All rights reserved.
5  *
6  * This code is derived from software contributed to Berkeley by
7  * Matt Bishop of Dartmouth College.
8  *
9  * The United States Government has rights in this work pursuant
10  * to contract no. NAG 2-680 between the National Aeronautics and
11  * Space Administration and Dartmouth College.
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions
15  * are met:
16  * 1. Redistributions of source code must retain the above copyright
17  *    notice, this list of conditions and the following disclaimer.
18  * 2. Redistributions in binary form must reproduce the above copyright
19  *    notice, this list of conditions and the following disclaimer in the
20  *    documentation and/or other materials provided with the distribution.
21  * 3. All advertising materials mentioning features or use of this software
22  *    must display the following acknowledgement:
23  *	This product includes software developed by the University of
24  *	California, Berkeley and its contributors.
25  * 4. Neither the name of the University nor the names of its contributors
26  *    may be used to endorse or promote products derived from this software
27  *    without specific prior written permission.
28  *
29  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
30  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
31  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
32  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
33  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
37  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
38  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39  * SUCH DAMAGE.
40  */
41 
42 #ifndef lint
43 static char sccsid[] = "@(#)cbc.c	5.5 (Berkeley) 6/27/91";
44 #endif /* not lint */
45 
46 /* Author: Matt Bishop
47  *	   Department of Mathematics and Computer Science
48  *	   Dartmouth College
49  *	   Hanover, NH  03755
50  * Email:  Matt.Bishop@dartmouth.edu
51  *	   ...!decvax!dartvax!Matt.Bishop
52  *
53  * See Technical Report PCS-TR91-158, Department of Mathematics and Computer
54  * Science, Dartmouth College, for a detailed description of the implemen-
55  * tation and differences between it and Sun's.  The DES is described in
56  * FIPS PUB 46, and the modes in FIPS PUB 81 (see either the manual page
57  * or the technical report for a complete reference).
58  */
59 
60 #include <errno.h>
61 #include <pwd.h>
62 #include <unistd.h>
63 #include <stdio.h>
64 #include <ctype.h>
65 #include <stdlib.h>
66 #include <string.h>
67 #include <sys/types.h>
68 
69 #include "ed.h"
70 
71 /*
72  * Define a divisor for rand() that yields a uniform distribution in the
73  * range 0-255.
74  */
75 #define	RAND_DIV (((unsigned) RAND_MAX + 1) >> 8)
76 
77 /*
78  * BSD and System V systems offer special library calls that do
79  * block moves and fills, so if possible we take advantage of them
80  */
81 #define	MEMCPY(dest,src,len)	memcpy((dest),(src),(len))
82 #define	MEMZERO(dest,len)	memset((dest), 0, (len))
83 
84 /* Hide the calls to the primitive encryption routines. */
85 #define	DES_KEY(buf) \
86 	if (des_setkey(buf)) \
87 		err("des_setkey");
88 #define	DES_XFORM(buf) \
89 	if (des_cipher(buf, buf, 0L, (inverse ? -1 : 1))) \
90 		err("des_cipher");
91 
92 /*
93  * read/write - no error checking
94  */
95 #define	READ(buf, n, fp)	fread(buf, sizeof(char), n, fp)
96 #define WRITE(buf, n, fp)	fwrite(buf, sizeof(char), n, fp)
97 
98 /*
99  * some things to make references easier
100  */
101 typedef char Desbuf[8];
102 #define	CHAR(x,i)	(x[i])
103 #define	UCHAR(x,i)	(x[i])
104 #define	BUFFER(x)	(x)
105 #define	UBUFFER(x)	(x)
106 
107 /*
108  * global variables and related macros
109  */
110 
111 enum { 					/* encrypt, decrypt, authenticate */
112 	MODE_ENCRYPT, MODE_DECRYPT, MODE_AUTHENTICATE
113 } mode = MODE_ENCRYPT;
114 
115 Desbuf ivec;				/* initialization vector */
116 Desbuf pvec;				/* padding vector */
117 char bits[] = {				/* used to extract bits from a char */
118 	'\200', '\100', '\040', '\020', '\010', '\004', '\002', '\001'
119 };
120 int pflag;				/* 1 to preserve parity bits */
121 
122 char des_buf[8];		/* shared buffer for desgetc/desputc */
123 int des_ct = 0;			/* count for desgetc/desputc */
124 int des_n = 0;			/* index for desputc/desgetc */
125 
126 
127 /* desinit: initialize DES */
128 void
129 desinit()
130 {
131 #ifdef DES
132 	int i;
133 
134 	des_ct = des_n = 0;
135 
136 	/* initialize the initialization vctor */
137 	MEMZERO(ivec, 8);
138 
139 	/* intialize the padding vector */
140 	srand((unsigned) time((time_t *) 0));
141 	for (i = 0; i < 8; i++)
142 		CHAR(pvec, i) = (char) (rand()/RAND_DIV);
143 #endif
144 }
145 
146 
147 /* desgetc: return next char in an encrypted file */
148 desgetc(fp)
149 	FILE *fp;
150 {
151 #ifdef DES
152 	if (des_n >= des_ct) {
153 		des_n = 0;
154 		des_ct = cbcdec(des_buf, fp);
155 	}
156 	return (des_ct > 0) ? des_buf[des_n++] : EOF;
157 #endif
158 }
159 
160 
161 /* desputc: write a char to an encrypted file; return char written */
162 desputc(c, fp)
163 	int c;
164 	FILE *fp;
165 {
166 #ifdef DES
167 	if (des_n == sizeof des_buf) {
168 		des_ct = cbcenc(des_buf, des_n, fp);
169 		des_n = 0;
170 	}
171 	return (des_ct >= 0) ? (des_buf[des_n++] = c) : EOF;
172 #endif
173 }
174 
175 
176 /* desflush: flush an encrypted file's output; return status */
177 desflush(fp)
178 	FILE *fp;
179 {
180 #ifdef DES
181 	if (des_n == sizeof des_buf) {
182 		des_ct = cbcenc(des_buf, des_n, fp);
183 		des_n = 0;
184 	}
185 	return (des_ct >= 0 && cbcenc(des_buf, des_n, fp) >= 0) ? 0 : EOF;
186 #endif
187 }
188 
189 #ifdef DES
190 /*
191  * get keyword from tty or stdin
192  */
193 getkey()
194 {
195 	register char *p;		/* used to obtain the key */
196 	Desbuf msgbuf;			/* I/O buffer */
197 
198 	/*
199 	 * get the key
200 	 */
201 	if (*(p = getpass("Enter key: "))) {
202 
203 		/*
204 		 * copy it, nul-padded, into the key area
205 		 */
206 		cvtkey(BUFFER(msgbuf), p);
207 		MEMZERO(p, _PASSWORD_LEN);
208 		makekey(msgbuf);
209 		MEMZERO(msgbuf, sizeof msgbuf);
210 		return 1;
211 	}
212 	return 0;
213 }
214 
215 
216 extern char errmsg[];
217 
218 /*
219  * print a warning message and, possibly, terminate
220  */
221 void
222 err(s)
223 	char *s;		/* the message */
224 {
225 	(void)sprintf(errmsg, "%s", s ? s : strerror(errno));
226 }
227 
228 /*
229  * map a hex character to an integer
230  */
231 tobinhex(c, radix)
232 	int c;			/* char to be converted */
233 	int radix;		/* base (2 to 16) */
234 {
235 	switch(c) {
236 	case '0':		return(0x0);
237 	case '1':		return(0x1);
238 	case '2':		return(radix > 2 ? 0x2 : -1);
239 	case '3':		return(radix > 3 ? 0x3 : -1);
240 	case '4':		return(radix > 4 ? 0x4 : -1);
241 	case '5':		return(radix > 5 ? 0x5 : -1);
242 	case '6':		return(radix > 6 ? 0x6 : -1);
243 	case '7':		return(radix > 7 ? 0x7 : -1);
244 	case '8':		return(radix > 8 ? 0x8 : -1);
245 	case '9':		return(radix > 9 ? 0x9 : -1);
246 	case 'A': case 'a':	return(radix > 10 ? 0xa : -1);
247 	case 'B': case 'b':	return(radix > 11 ? 0xb : -1);
248 	case 'C': case 'c':	return(radix > 12 ? 0xc : -1);
249 	case 'D': case 'd':	return(radix > 13 ? 0xd : -1);
250 	case 'E': case 'e':	return(radix > 14 ? 0xe : -1);
251 	case 'F': case 'f':	return(radix > 15 ? 0xf : -1);
252 	}
253 	/*
254 	 * invalid character
255 	 */
256 	return(-1);
257 }
258 
259 /*
260  * convert the key to a bit pattern
261  */
262 void
263 cvtkey(obuf, ibuf)
264 	char *obuf;			/* bit pattern */
265 	char *ibuf;			/* the key itself */
266 {
267 	register int i, j;		/* counter in a for loop */
268 	int nbuf[64];			/* used for hex/key translation */
269 
270 	/*
271 	 * leading '0x' or '0X' == hex key
272 	 */
273 	if (ibuf[0] == '0' && (ibuf[1] == 'x' || ibuf[1] == 'X')) {
274 		ibuf = &ibuf[2];
275 		/*
276 		 * now translate it, bombing on any illegal hex digit
277 		 */
278 		for (i = 0; ibuf[i] && i < 16; i++)
279 			if ((nbuf[i] = tobinhex((int) ibuf[i], 16)) == -1)
280 				err("bad hex digit in key");
281 		while (i < 16)
282 			nbuf[i++] = 0;
283 		for (i = 0; i < 8; i++)
284 			obuf[i] =
285 			    ((nbuf[2*i]&0xf)<<4) | (nbuf[2*i+1]&0xf);
286 		/* preserve parity bits */
287 		pflag = 1;
288 		return;
289 	}
290 	/*
291 	 * leading '0b' or '0B' == binary key
292 	 */
293 	if (ibuf[0] == '0' && (ibuf[1] == 'b' || ibuf[1] == 'B')) {
294 		ibuf = &ibuf[2];
295 		/*
296 		 * now translate it, bombing on any illegal binary digit
297 		 */
298 		for (i = 0; ibuf[i] && i < 16; i++)
299 			if ((nbuf[i] = tobinhex((int) ibuf[i], 2)) == -1)
300 				err("bad binary digit in key");
301 		while (i < 64)
302 			nbuf[i++] = 0;
303 		for (i = 0; i < 8; i++)
304 			for (j = 0; j < 8; j++)
305 				obuf[i] = (obuf[i]<<1)|nbuf[8*i+j];
306 		/* preserve parity bits */
307 		pflag = 1;
308 		return;
309 	}
310 	/*
311 	 * no special leader -- ASCII
312 	 */
313 	(void)strncpy(obuf, ibuf, 8);
314 }
315 
316 /*****************
317  * DES FUNCTIONS *
318  *****************/
319 /*
320  * This sets the DES key and (if you're using the deszip version)
321  * the direction of the transformation.  This uses the Sun
322  * to map the 64-bit key onto the 56 bits that the key schedule
323  * generation routines use: the old way, which just uses the user-
324  * supplied 64 bits as is, and the new way, which resets the parity
325  * bit to be the same as the low-order bit in each character.  The
326  * new way generates a greater variety of key schedules, since many
327  * systems set the parity (high) bit of each character to 0, and the
328  * DES ignores the low order bit of each character.
329  */
330 void
331 makekey(buf)
332 	Desbuf buf;				/* key block */
333 {
334 	register int i, j;			/* counter in a for loop */
335 	register int par;			/* parity counter */
336 
337 	/*
338 	 * if the parity is not preserved, flip it
339 	 */
340 	if (!pflag) {
341 		for (i = 0; i < 8; i++) {
342 			par = 0;
343 			for (j = 1; j < 8; j++)
344 				if ((bits[j]&UCHAR(buf, i)) != 0)
345 					par++;
346 			if ((par&01) == 01)
347 				UCHAR(buf, i) = UCHAR(buf, i)&0177;
348 			else
349 				UCHAR(buf, i) = (UCHAR(buf, i)&0177)|0200;
350 		}
351 	}
352 
353 	DES_KEY(UBUFFER(buf));
354 }
355 
356 
357 /*
358  * This encrypts using the Cipher Block Chaining mode of DES
359  */
360 cbcenc(msgbuf, n, fp)
361 	char *msgbuf;
362 	int n;
363 	FILE *fp;
364 {
365 	int inverse = 0;	/* 0 to encrypt, 1 to decrypt */
366 
367 	/*
368 	 * do the transformation
369 	 */
370 	if (n == 8) {
371 		for (n = 0; n < 8; n++)
372 			CHAR(msgbuf, n) ^= CHAR(ivec, n);
373 		DES_XFORM(UBUFFER(msgbuf));
374 		MEMCPY(BUFFER(ivec), BUFFER(msgbuf), 8);
375 		return WRITE(BUFFER(msgbuf), 8, fp);
376 	}
377 	/*
378 	 * at EOF or last block -- in either case, the last byte contains
379 	 * the character representation of the number of bytes in it
380 	 */
381 /*
382 	MEMZERO(msgbuf +  n, 8 - n);
383 */
384 	/*
385 	 *  Pad the last block randomly
386 	 */
387 	(void)MEMCPY(BUFFER(msgbuf + n), BUFFER(pvec), 8 - n);
388 	CHAR(msgbuf, 7) = n;
389 	for (n = 0; n < 8; n++)
390 		CHAR(msgbuf, n) ^= CHAR(ivec, n);
391 	DES_XFORM(UBUFFER(msgbuf));
392 	return WRITE(BUFFER(msgbuf), 8, fp);
393 }
394 
395 /*
396  * This decrypts using the Cipher Block Chaining mode of DES
397  */
398 cbcdec(msgbuf, fp)
399 	char *msgbuf;		/* I/O buffer */
400 	FILE *fp;			/* input file descriptor */
401 {
402 	Desbuf ibuf;	/* temp buffer for initialization vector */
403 	register int n;		/* number of bytes actually read */
404 	register int c;		/* used to test for EOF */
405 	int inverse = 1;	/* 0 to encrypt, 1 to decrypt */
406 
407 	if ((n = READ(BUFFER(msgbuf), 8, fp)) == 8) {
408 		/*
409 		 * do the transformation
410 		 */
411 		MEMCPY(BUFFER(ibuf), BUFFER(msgbuf), 8);
412 		DES_XFORM(UBUFFER(msgbuf));
413 		for (c = 0; c < 8; c++)
414 			UCHAR(msgbuf, c) ^= UCHAR(ivec, c);
415 		MEMCPY(BUFFER(ivec), BUFFER(ibuf), 8);
416 		/*
417 		 * if the last one, handle it specially
418 		 */
419 		if ((c = fgetc(fp)) == EOF) {
420 			n = CHAR(msgbuf, 7);
421 			if (n < 0 || n > 7) {
422 				err("decryption failed (block corrupted)");
423 				return EOF;
424 			}
425 		} else
426 			(void)ungetc(c, fp);
427 		return n;
428 	}
429 	if (n > 0)
430 		err("decryption failed (incomplete block)");
431 	else if (n < 0)
432 		err("cannot read file");
433 	return EOF;
434 }
435 #endif	/* DES */
436