[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
inetutils headers/shishi_def.h libinetutils/shi...
From: |
shishi-commit |
Subject: |
inetutils headers/shishi_def.h libinetutils/shi... |
Date: |
Wed, 24 Sep 2003 11:17:59 -0400 |
CVSROOT: /cvsroot/shishi
Module name: inetutils
Branch:
Changes by: Nicolas Pouvesle <address@hidden> 03/09/24 11:17:58
Modified files:
headers : shishi_def.h
libinetutils : shishi.c
rlogin : rlogin.c
rlogind : rlogind.c
rsh : rsh.c
rshd : rshd.c
Log message:
Update to new crypto API and fix all encryption modes.
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/headers/shishi_def.h.diff?tr1=1.2&tr2=1.3&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/libinetutils/shishi.c.diff?tr1=1.5&tr2=1.6&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rlogin/rlogin.c.diff?tr1=1.5&tr2=1.6&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rlogind/rlogind.c.diff?tr1=1.5&tr2=1.6&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rsh/rsh.c.diff?tr1=1.5&tr2=1.6&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rshd/rshd.c.diff?tr1=1.4&tr2=1.5&r1=text&r2=text
Patches:
Index: inetutils/headers/shishi_def.h
diff -u inetutils/headers/shishi_def.h:1.2 inetutils/headers/shishi_def.h:1.3
--- inetutils/headers/shishi_def.h:1.2 Wed Sep 17 09:16:15 2003
+++ inetutils/headers/shishi_def.h Wed Sep 24 11:17:58 2003
@@ -28,6 +28,8 @@
char *iv;
int ivlen;
int keyusage;
+ Shishi_crypto * ctx;
+ int first;
};
typedef struct shishi_iv shishi_ivector;
Index: inetutils/libinetutils/shishi.c
diff -u inetutils/libinetutils/shishi.c:1.5 inetutils/libinetutils/shishi.c:1.6
--- inetutils/libinetutils/shishi.c:1.5 Fri Sep 19 15:45:29 2003
+++ inetutils/libinetutils/shishi.c Wed Sep 24 11:17:58 2003
@@ -227,7 +227,8 @@
}
int
-get_auth (int infd, Shishi ** handle, Shishi_key ** enckey, const char
**err_msg, int * protoversion)
+get_auth (int infd, Shishi ** handle, Shishi_key ** enckey, const char **
err_msg, int * protoversion
+ /*int * cksumtype, char * cksum, int * cksumlen*/)
{
Shishi_key *key;
Shishi_ap *ap;
@@ -397,6 +398,15 @@
#endif
+ /* Get authenticator checksum */
+ /* rc = shishi_authenticator_cksum (*handle, shishi_ap_authenticator (ap),
cksumtype, cksum, cksumlen);
+ if (rc != SHISHI_OK)
+ {
+ syslog (LOG_ERR, "Could not get checksum authenticator from AP-REQ:
%s\n", shishi_strerror (rc));
+ return 1;
+ }
+ */
+
/* User is authenticated. */
error = 0;
write (infd, &error, sizeof (int));
@@ -470,7 +480,6 @@
{
char * out;
char * outbis;
- char * iv2;
int rc;
int val;
@@ -501,16 +510,27 @@
case SHISHI_AES256_CTS_HMAC_SHA1_96:
dlen += 4 + hashsize + blocksize;
break;
- case SHISHI_DES3_CBC_HMAC_SHA1_KD:
case SHISHI_ARCFOUR_HMAC:
case SHISHI_ARCFOUR_HMAC_EXP:
- dlen += 2*blocksize - 1;
- if (proto == 2)
- dlen += 4;
+ dlen += 4 + 8 + blocksize -1;
dlen /= blocksize;
dlen *= blocksize;
dlen += hashsize;
break;
+ case SHISHI_DES3_CBC_HMAC_SHA1_KD:
+ dlen += 4 + 2*blocksize - 1;
+ dlen /= blocksize;
+ dlen *= blocksize;
+ dlen += hashsize;
+ break;
+ case SHISHI_DES_CBC_CRC:
+ dlen += 2*blocksize -1;
+ if (proto == 2)
+ dlen += 4;
+ dlen += hashsize;
+ dlen /= blocksize;
+ dlen *= blocksize;
+ break;
default:
dlen += blocksize - 1;
if (proto == 2)
@@ -521,7 +541,6 @@
break;
}
- syslog(LOG_ERR, "vla = %d", dlen);
/* read encrypted data */
outbis = (char *)xmalloc (dlen);
if (outbis == NULL)
@@ -553,23 +572,19 @@
val = 0;
}
else
- {
+ {
rc =
- shishi_decrypt_ivupdate (h, enckey, iv->keyusage, iv->iv, iv->ivlen,
&iv2, &iv->ivlen, outbis,
- dlen, &out, &outlen);
+ shishi_crypto_decrypt (iv->ctx, outbis, dlen, &out, &outlen);
if (rc != SHISHI_OK)
{
printf ("decryption error\n");
free (outbis);
return 1;
}
-
+
/* in KCMDV0.2 first 4 bytes of decrypted data = len of data */
*len = ntohl (*((int *) out));
val = sizeof (int);
-
- /* update iv */
- memcpy (iv->iv, iv2, iv->ivlen);
}
memset (buf, 0, BUFLEN);
@@ -590,14 +605,10 @@
{
char *out;
char *bufbis;
-
- char *iv2;
-
+
int rc;
int dlen, outlen;
- int i;
-
dlen = wlen;
dlen = htonl (dlen);
@@ -607,11 +618,10 @@
bufbis = (char *)xmalloc (wlen + sizeof (int));
memcpy (bufbis, (char *) &dlen, sizeof (int));
memcpy (bufbis + sizeof (int), buf, wlen);
-
+
/* encrypt it */
rc =
- shishi_encrypt_ivupdate (h, enckey, iv->keyusage, iv->iv, iv->ivlen,
&iv2, &iv->ivlen, bufbis,
- wlen + sizeof (int), &out, &outlen);
+ shishi_crypto_encrypt (iv->ctx, bufbis, wlen + sizeof (int), &out,
&outlen);
}
else
{
@@ -620,7 +630,7 @@
/* data to encrypt = size + data */
rc =
- shishi_encrypt (h, enckey, iv->keyusage, bufbis, wlen, &out, &outlen);
+ shishi_encrypt (h, enckey, iv->keyusage, bufbis, wlen, &out, &outlen);
}
if (rc != SHISHI_OK)
@@ -638,12 +648,6 @@
write (sock, out, outlen);
*len = wlen;
-
- if (proto == 2)
- {
- /* update iv */
- memcpy (iv->iv, iv2, iv->ivlen);
- }
free (out);
Index: inetutils/rlogin/rlogin.c
diff -u inetutils/rlogin/rlogin.c:1.5 inetutils/rlogin/rlogin.c:1.6
--- inetutils/rlogin/rlogin.c:1.5 Fri Sep 19 15:45:30 2003
+++ inetutils/rlogin/rlogin.c Wed Sep 24 11:17:58 2003
@@ -481,15 +481,26 @@
ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES;
ivtab[i]->iv = malloc (ivtab[i]->ivlen);
memset (ivtab[i]->iv, !i, ivtab[i]->ivlen);
+ ivtab[i]->ctx = shishi_crypto (handle, key,
ivtab[i]->keyusage, shishi_key_type (key),
+ ivtab[i]->iv,
ivtab[i]->ivlen);
+ break;
+ case SHISHI_ARCFOUR_HMAC:
+ case SHISHI_ARCFOUR_HMAC_EXP:
+ ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES + 2 + 4*i;
+ ivtab[i]->ctx = shishi_crypto (handle, key,
ivtab[i]->keyusage, shishi_key_type (key),
+ NULL, 0);
break;
default :
ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES + 2 + 4*i;
ivtab[i]->iv = malloc (ivtab[i]->ivlen);
memset (ivtab[i]->iv, 0, ivtab[i]->ivlen);
- }
+ ivtab[i]->ctx = shishi_crypto (handle, key,
ivtab[i]->keyusage, shishi_key_type (key),
+ ivtab[i]->iv,
ivtab[i]->ivlen);
+ }
}
}
}
+
else
#else
rem = krcmd_mutual (&host, sp->s_port, user, term, 0,
@@ -718,18 +729,20 @@
msg ("closed connection.");
#ifdef SHISHI
-#ifdef ENCRYPTION
if (use_kerberos)
{
shishi_done (handle);
+#ifdef ENCRYPTION
if (doencrypt)
{
shishi_key_done (key);
+ shishi_crypto_close (iv1.ctx);
+ shishi_crypto_close (iv2.ctx);
free (iv1.iv);
free (iv2.iv);
}
- }
#endif
+ }
#endif
done (0);
Index: inetutils/rlogind/rlogind.c
diff -u inetutils/rlogind/rlogind.c:1.5 inetutils/rlogind/rlogind.c:1.6
--- inetutils/rlogind/rlogind.c:1.5 Fri Sep 19 15:45:29 2003
+++ inetutils/rlogind/rlogind.c Wed Sep 24 11:17:58 2003
@@ -386,6 +386,7 @@
else
exit (rlogind_mainloop (fileno (stdin), fileno (stdout)));
+
/* To pacify lint */
return 0;
}
@@ -760,6 +761,27 @@
protocol (infd, master, &auth_data);
signal (SIGCHLD, SIG_IGN);
cleanup (0);
+
+#ifdef SHISHI
+ if (kerberos)
+ {
+ int i;
+
+ shishi_done (auth_data.h);
+#ifdef ENCRYPTION
+ if (encrypt_io)
+ {
+ shishi_key_done (auth_data.enckey);
+ for (i = 0; i < 2; i++)
+ {
+ shishi_crypto_close (auth_data.ivtab[i]->ctx);
+ free (auth_data.ivtab[i]->iv);
+ }
+ }
+#endif
+ }
+#endif
+
return 0;
}
@@ -1007,11 +1029,16 @@
int error = 0;
int keylen, keytype;
struct passwd *pwd = NULL;
-
+ /*int cksumtype, cksumlen = 30;
+ char cksum[30];
+ char cksumdata[100];
+ */
#ifdef ENCRYPTION
- rc = get_auth (infd, &ad->h, &ad->enckey, err_msg, &ad->protocol);
+ rc = get_auth (infd, &ad->h, &ad->enckey, err_msg, &ad->protocol
+ /*&cksumtype, cksum, &cksumlen*/);
#else
- rc = get_auth (infd, &ad->h, NULL, err_msg, &ad->protocol);
+ rc = get_auth (infd, &ad->h, NULL, err_msg, &ad->protocol
+ /*&cksumtype, cksum, &cksumlen*/);
#endif
if (rc != SHISHI_OK)
return rc;
@@ -1021,6 +1048,7 @@
if (encrypt_io)
{
int i;
+ char *iv;
ad->ivtab[0] = &ad->iv1;
ad->ivtab[1] = &ad->iv2;
@@ -1042,11 +1070,22 @@
ad->ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES;
ad->ivtab[i]->iv = malloc (ad->ivtab[i]->ivlen);
memset (ad->ivtab[i]->iv, i, ad->ivtab[i]->ivlen);
+ ad->ivtab[i]->ctx = shishi_crypto (ad->h, ad->enckey,
ad->ivtab[i]->keyusage, shishi_key_type (ad->enckey),
+ ad->ivtab[i]->iv,
ad->ivtab[i]->ivlen);
+ break;
+ case SHISHI_ARCFOUR_HMAC:
+ case SHISHI_ARCFOUR_HMAC_EXP:
+ ad->ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES + 6 - 4*i;
+ ad->ivtab[i]->ctx = shishi_crypto (ad->h, ad->enckey,
ad->ivtab[i]->keyusage, shishi_key_type (ad->enckey),
+ NULL, 0);
break;
default :
ad->ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES + 6 - 4*i;
ad->ivtab[i]->iv = malloc (ad->ivtab[i]->ivlen);
memset (ad->ivtab[i]->iv, 0, ad->ivtab[i]->ivlen);
+ if (ad->protocol == 2)
+ ad->ivtab[i]->ctx = shishi_crypto (ad->h, ad->enckey,
ad->ivtab[i]->keyusage, shishi_key_type (ad->enckey),
+ ad->ivtab[i]->iv,
ad->ivtab[i]->ivlen);
}
}
}
@@ -1086,6 +1125,15 @@
ad->lusername, ad->hostname);
/* ADD CHECKSUM VERIFICATION CODE !!!!!!!!!!!!!! */
+ /*
+ snprintf (cksumdata, 100, "%u:%s%s", ntohs(port), ad->term + 5,
ad->lusername);
+ shishi_checksum (Shishi * handle,
+ Shishi_key * key,
+ int keyusage,
+ int cksumtype,
+ const char *in, size_t inlen, char **out, size_t * outlen)
+ */
+
free (pwd);
return SHISHI_OK;
Index: inetutils/rsh/rsh.c
diff -u inetutils/rsh/rsh.c:1.5 inetutils/rsh/rsh.c:1.6
--- inetutils/rsh/rsh.c:1.5 Fri Sep 19 15:45:30 2003
+++ inetutils/rsh/rsh.c Wed Sep 24 11:17:58 2003
@@ -422,7 +422,7 @@
int i;
char * term;
- term = xmalloc (strlen(args)+4);
+ term = (char *)xmalloc (strlen(args)+4);
strcpy (term, "-x ");
strcat (term, args);
@@ -441,7 +441,7 @@
for (i=0; i<4; i++)
{
ivtab[i]->ivlen = keylen;
-
+
switch (keytype)
{
case SHISHI_DES_CBC_CRC:
@@ -452,12 +452,22 @@
ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES;
ivtab[i]->iv = malloc (ivtab[i]->ivlen);
memset (ivtab[i]->iv, 2*i + 1*(i<2) - 4*(i>=2),
ivtab[i]->ivlen);
+ ivtab[i]->ctx = shishi_crypto (h, enckey,
ivtab[i]->keyusage, shishi_key_type (enckey),
+ ivtab[i]->iv,
ivtab[i]->ivlen);
+ break;
+ case SHISHI_ARCFOUR_HMAC:
+ case SHISHI_ARCFOUR_HMAC_EXP:
+ ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES + 2 + 4*i;
+ ivtab[i]->ctx = shishi_crypto (h, enckey,
ivtab[i]->keyusage, shishi_key_type (enckey),
+ NULL, 0);
break;
default :
ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES + 2 + 4*i;
ivtab[i]->iv = malloc (ivtab[i]->ivlen);
memset (ivtab[i]->iv, 0, ivtab[i]->ivlen);
- }
+ ivtab[i]->ctx = shishi_crypto (h, enckey,
ivtab[i]->keyusage, shishi_key_type (enckey),
+ ivtab[i]->iv,
ivtab[i]->ivlen);
+ }
}
}
free (term);
@@ -553,6 +563,27 @@
}
talk (nflag, &osigs, pid, rem);
+
+
+#ifdef SHISHI
+ if (use_kerberos)
+ {
+ int i;
+
+ shishi_done (h);
+#ifdef ENCRYPTION
+ if (doencrypt)
+ {
+ shishi_key_done (enckey);
+ for (i = 0; i < 4; i++)
+ {
+ shishi_crypto_close (ivtab[i]->ctx);
+ free (ivtab[i]->iv);
+ }
+ }
+#endif
+ }
+#endif
if (!nflag)
kill (pid, SIGKILL);
Index: inetutils/rshd/rshd.c
diff -u inetutils/rshd/rshd.c:1.4 inetutils/rshd/rshd.c:1.5
--- inetutils/rshd/rshd.c:1.4 Fri Sep 19 15:45:29 2003
+++ inetutils/rshd/rshd.c Wed Sep 24 11:17:58 2003
@@ -125,6 +125,7 @@
Shishi_key * enckey;
shishi_ivector iv1, iv2, iv3, iv4;
shishi_ivector *ivtab[4];
+int protocol;
#endif
# define VERSION_SIZE 9
# define SECURE_MESSAGE "This rsh session is using DES encryption for all
transmissions.\r\n"
@@ -307,8 +308,6 @@
int pv1[2], pv2[2];
fd_set wready, writeto;
int keytype, keylen;
- int proto;
-
#endif
signal(SIGINT, SIG_DFL);
@@ -568,7 +567,7 @@
int rc;
char * err_msg = NULL;
- rc = get_auth (STDIN_FILENO, &h, &enckey, &err_msg, &proto);
+ rc = get_auth (STDIN_FILENO, &h, &enckey, &err_msg, &protocol);
if (rc != SHISHI_OK)
{
error ("Kerberos authentication failure: %s\n", err_msg);
@@ -619,11 +618,22 @@
ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES;
ivtab[i]->iv = malloc (ivtab[i]->ivlen);
memset (ivtab[i]->iv, 2*i -3*(i>=2), ivtab[i]->ivlen);
+ ivtab[i]->ctx = shishi_crypto (h, enckey, ivtab[i]->keyusage,
shishi_key_type (enckey),
+ ivtab[i]->iv, ivtab[i]->ivlen);
+ break;
+ case SHISHI_ARCFOUR_HMAC:
+ case SHISHI_ARCFOUR_HMAC_EXP:
+ ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES + 4*(i<2) + 2 +
2*(i%2);
+ ivtab[i]->ctx = shishi_crypto (h, enckey, ivtab[i]->keyusage,
shishi_key_type (enckey),
+ NULL, 0);
break;
default :
ivtab[i]->keyusage = SHISHI_KEYUSAGE_KCMD_DES + 4*(i<2) + 2 +
2*(i%2);
ivtab[i]->iv = malloc (ivtab[i]->ivlen);
memset (ivtab[i]->iv, 0, ivtab[i]->ivlen);
+ if (protocol == 2)
+ ivtab[i]->ctx = shishi_crypto (h, enckey,
ivtab[i]->keyusage, shishi_key_type (enckey),
+ ivtab[i]->iv,
ivtab[i]->ivlen);
}
}
@@ -853,7 +863,7 @@
else
#elif defined(SHISHI)
if (doencrypt)
- readenc (h, s, &sig, &ret, &iv2, enckey, proto);
+ readenc (h, s, &sig, &ret, &iv2, enckey, protocol);
else
#endif
#endif
@@ -881,7 +891,7 @@
else
#elif defined(SHISHI)
if (doencrypt)
- writeenc (h, s, buf, cc, &n, &iv4, enckey, proto);
+ writeenc (h, s, buf, cc, &n, &iv4, enckey, protocol);
else
#endif
#endif
@@ -901,7 +911,7 @@
}
else
#ifdef SHISHI
- writeenc (h, STDOUT_FILENO, buf, cc, &n, &iv3, enckey,
proto);
+ writeenc (h, STDOUT_FILENO, buf, cc, &n, &iv3, enckey,
protocol);
#else
des_write (STDOUT_FILENO, buf, cc);
#endif
@@ -911,7 +921,7 @@
{
errno = 0;
#ifdef SHISHI
- readenc (h, STDIN_FILENO, buf, &cc, &iv1, enckey, proto);
+ readenc (h, STDIN_FILENO, buf, &cc, &iv1, enckey, protocol);
#else
cc = des_read (STDIN_FILENO, buf, sizeof buf);
#endif
@@ -960,6 +970,28 @@
}
#endif
#endif
+
+#if defined(SHISHI)
+ if (use_kerberos)
+ {
+ int i;
+
+ shishi_done (h);
+#ifdef ENCRYPTION
+ if (doencrypt)
+ {
+ shishi_key_done (enckey);
+ for (i = 0; i < 4; i++)
+ {
+ shishi_crypto_close (ivtab[i]->ctx);
+ free (ivtab[i]->iv);
+ }
+ }
+#endif
+ }
+
+#endif
+
dup2 (pv[1], STDERR_FILENO); /* stderr of shell has to go
pipe to control process */
close (pv[1]);
- inetutils headers/shishi_def.h libinetutils/shi...,
shishi-commit <=