[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
inetutils/libtelnet shishi.c encrypt.c enc_des.c
|
From: |
shishi-commit |
|
Subject: |
inetutils/libtelnet shishi.c encrypt.c enc_des.c |
|
Date: |
Fri, 26 Sep 2003 11:16:57 -0400 |
CVSROOT: /cvsroot/shishi
Module name: inetutils
Branch:
Changes by: Nicolas Pouvesle <address@hidden> 03/09/26 11:16:57
Modified files:
libtelnet : shishi.c encrypt.c enc_des.c
Log message:
Add shishi encryption support.
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/libtelnet/shishi.c.diff?tr1=1.1&tr2=1.2&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/libtelnet/encrypt.c.diff?tr1=1.1&tr2=1.2&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/libtelnet/enc_des.c.diff?tr1=1.1&tr2=1.2&r1=text&r2=text
Patches:
Index: inetutils/libtelnet/enc_des.c
diff -u inetutils/libtelnet/enc_des.c:1.1 inetutils/libtelnet/enc_des.c:1.2
--- inetutils/libtelnet/enc_des.c:1.1 Fri Sep 12 12:22:49 2003
+++ inetutils/libtelnet/enc_des.c Fri Sep 26 11:16:56 2003
@@ -37,7 +37,11 @@
#ifdef ENCRYPTION
# ifdef AUTHENTICATION
-# ifdef DES_ENCRYPTION
+# if defined (DES_ENCRYPTION) || defined (SHISHI)
+#ifdef SHISHI
+#include <shishi.h>
+extern Shishi * shishi_handle;
+#endif
#include <arpa/telnet.h>
#include <stdio.h>
#ifdef HAVE_STDLIB_H
@@ -74,7 +78,7 @@
Block str_output;
Block str_feed;
Block str_iv;
- Block str_ikey;
+ Block str_ikey;
Schedule str_sched;
int str_index;
int str_flagshift;
@@ -119,7 +123,18 @@
void fb64_stream_key P((Block, struct stinfo *));
int fb64_keyid P((int, unsigned char *, int *, struct fb *));
- void
+#ifdef SHISHI
+void shishi_des_ecb_encrypt (Shishi * h, const char key[8], const char * in,
char * out)
+{
+ char * tmp;
+
+ shishi_des (h, 0, key, NULL, NULL, in, 8, &tmp);
+ memcpy (out, tmp, 8);
+ free (tmp);
+}
+#endif
+
+void
cfb64_init(server)
int server;
{
@@ -215,9 +230,16 @@
/*
* Create a random feed and send it over.
*/
+#ifdef SHISHI
+ if (shishi_randomize (shishi_handle, 0,
+ fbp->temp_feed, 8) != SHISHI_OK)
+ return(FAILED);
+
+#else
des_new_random_key(fbp->temp_feed);
des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
fbp->krbdes_sched, 1);
+#endif
p = fbp->fb_feed + 3;
*p++ = ENCRYPT_IS;
p++;
@@ -428,10 +450,14 @@
fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
if (fbp->once == 0) {
+#ifndef SHISHI
des_set_random_generator_seed(fbp->krbdes_key);
+#endif
fbp->once = 1;
}
+#ifndef SHISHI
des_key_sched(fbp->krbdes_key, fbp->krbdes_sched);
+#endif
/*
* Now look to see if krbdes_start() was was waiting for
* the key to show up. If so, go ahead an call it now
@@ -552,7 +578,9 @@
memmove((void *)stp->str_iv, (void *)seed, sizeof(Block));
memmove((void *)stp->str_output, (void *)seed, sizeof(Block));
+#ifndef SHISHI
des_key_sched(stp->str_ikey, stp->str_sched);
+#endif
stp->str_index = sizeof(Block);
}
@@ -563,8 +591,9 @@
register struct stinfo *stp;
{
memmove((void *)stp->str_ikey, (void *)key, sizeof(Block));
+#ifndef SHISHI
des_key_sched(key, stp->str_sched);
-
+#endif
memmove((void *)stp->str_output, (void *)stp->str_iv, sizeof(Block));
stp->str_index = sizeof(Block);
@@ -604,7 +633,12 @@
while (c-- > 0) {
if (index == sizeof(Block)) {
Block b;
+#ifdef SHISHI
+ shishi_des_ecb_encrypt (shishi_handle,
fb[CFB].krbdes_key,
+ stp->str_output, b);
+#else
des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
+#endif
memmove((void *)stp->str_feed, (void *)b,
sizeof(Block));
index = 0;
}
@@ -638,7 +672,12 @@
index = stp->str_index++;
if (index == sizeof(Block)) {
Block b;
+#ifdef SHISHI
+ shishi_des_ecb_encrypt (shishi_handle, fb[CFB].krbdes_key,
+ stp->str_output, b);
+#else
des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
+#endif
memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
stp->str_index = 1; /* Next time will be 1 */
index = 0; /* But now use 0 */
@@ -680,7 +719,12 @@
while (c-- > 0) {
if (index == sizeof(Block)) {
Block b;
+#ifdef SHISHI
+ shishi_des_ecb_encrypt (shishi_handle,
fb[OFB].krbdes_key,
+ stp->str_feed, b);
+#else
des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
+#endif
memmove((void *)stp->str_feed, (void *)b,
sizeof(Block));
index = 0;
}
@@ -711,7 +755,12 @@
index = stp->str_index++;
if (index == sizeof(Block)) {
Block b;
+#ifdef SHISHI
+ shishi_des_ecb_encrypt (shishi_handle, fb[OFB].krbdes_key,
+ stp->str_feed, b);
+#else
des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
+#endif
memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
stp->str_index = 1; /* Next time will be 1 */
index = 0; /* But now use 0 */
Index: inetutils/libtelnet/encrypt.c
diff -u inetutils/libtelnet/encrypt.c:1.1 inetutils/libtelnet/encrypt.c:1.2
--- inetutils/libtelnet/encrypt.c:1.1 Fri Sep 12 12:22:49 2003
+++ inetutils/libtelnet/encrypt.c Fri Sep 26 11:16:56 2003
@@ -104,7 +104,7 @@
static long remote_supports_decrypt = 0;
static Encryptions encryptions[] = {
-#ifdef DES_ENCRYPTION
+#if defined (DES_ENCRYPTION) || defined (SHISHI)
{ "DES_CFB64", ENCTYPE_DES_CFB64,
cfb64_encrypt,
cfb64_decrypt,
Index: inetutils/libtelnet/shishi.c
diff -u inetutils/libtelnet/shishi.c:1.1 inetutils/libtelnet/shishi.c:1.2
--- inetutils/libtelnet/shishi.c:1.1 Fri Sep 12 12:28:55 2003
+++ inetutils/libtelnet/shishi.c Fri Sep 26 11:16:56 2003
@@ -40,6 +40,12 @@
#include "auth.h"
#include "misc.h"
+#ifdef ENCRYPTION
+#include "encrypt.h"
+#endif
+
+Shishi_key *enckey = NULL;
+
static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
AUTHTYPE_KERBEROS_V5,
};
@@ -88,6 +94,8 @@
return (net_write (str_data, p - str_data));
}
+Shishi * shishi_telnet = NULL;
+
/* FIXME: Reverse return code! */
int
krb5shishi_init (TN_Authenticator * ap, int server)
@@ -171,6 +179,23 @@
return 0;
}
+#ifdef ENCRYPTION
+ if (enckey)
+ {
+ shishi_key_done (enckey);
+ enckey = NULL;
+ }
+
+ rc = shishi_authenticator_get_subkey (shishi_handle,
shishi_ap_authenticator (auth_handle), &enckey);
+ if ((rc != SHISHI_OK) || ((shishi_key_type (enckey) !=
SHISHI_DES_CBC_CRC) &&
+ (shishi_key_type (enckey) !=
SHISHI_DES_CBC_MD5)))
+ {
+ DEBUG (("telnet: Kerberos V5: could get encryption key (%s)\r\n",
+ shishi_strerror (rc)));
+ return 0;
+ }
+#endif
+
rc = shishi_ap_req_der (auth_handle, &apreq, &apreq_len);
if (rc != SHISHI_OK)
{
@@ -205,10 +230,24 @@
return 1;
}
+#ifdef ENCRYPTION
+void
+shishi_init_key (Session_Key * skey, int type)
+{
+ skey->type = SK_DES;
+ skey->length = 8;
+ skey->data = shishi_key_value (enckey);
+ encrypt_session_key (skey, type);
+}
+#endif
+
void
krb5shishi_reply (TN_Authenticator * ap, unsigned char *data, int cnt)
{
static int mutual_complete = 0;
+#ifdef ENCRYPTION
+ Session_Key skey;
+#endif
if (cnt-- < 1)
return;
@@ -234,6 +273,9 @@
auth_send_retry ();
break;
}
+#ifdef ENCRYPTION
+ shishi_init_key (&skey, 0);
+#endif
}
if (cnt)
@@ -264,13 +306,16 @@
(auth_handle));
}
+#ifdef ENCRYPTION
+ shishi_init_key (&skey, 0);
+#endif
mutual_complete = 1;
}
break;
default:
DEBUG (("Unknown Kerberos option %d\r\n", data[-1]));
- }
+ }
}
int
@@ -288,7 +333,7 @@
(shishi_handle, shishi_tkt_encticketpart (shishi_ap_tkt (auth_handle)),
cname, &cnamelen);
- if (UserNameRequested && rc == SHISHI_OK &&
+ if (UserNameRequested && rc == SHISHI_OK &&
cnamelen == strlen (UserNameRequested) &&
memcmp (UserNameRequested, cname, cnamelen) == 0)
{
@@ -308,6 +353,9 @@
int rc;
char cnamerealm[BUFSIZ];
int cnamerealmlen;
+#ifdef ENCRYPTION
+ Session_Key skey;
+#endif
rc = shishi_ap (shishi_handle, &auth_handle);
if (rc != SHISHI_OK)
@@ -380,12 +428,48 @@
return 1;
}
cnamerealm[cnamerealmlen] = '\0';
-
Data (a, KRB_ACCEPT, cnamerealm, cnamerealm ? -1 : 0);
DEBUG (("telnetd: Kerberos5 identifies him as ``%s''\r\n",
cnamerealm ? cnamerealm : ""));
+
auth_finished (a, AUTH_USER);
+#ifdef ENCRYPTION
+ if (enckey)
+ {
+ shishi_key_done (enckey);
+ enckey = NULL;
+ }
+
+ rc = shishi_authenticator_get_subkey (shishi_handle, shishi_ap_authenticator
(auth_handle), &enckey);
+ if ((rc != SHISHI_OK) || ((shishi_key_type (enckey) != SHISHI_DES_CBC_CRC) &&
+ (shishi_key_type (enckey) != SHISHI_DES_CBC_MD5)))
+ {
+ Shishi_tkt * tkt;
+
+ tkt = shishi_ap_tkt (auth_handle);
+ if (tkt == NULL)
+ {
+ snprintf (errbuf, errbuflen, "telnet: Kerberos V5: could get
encryption key (%s)\r\n",
+ shishi_strerror (rc));
+ return 1;
+ }
+
+ rc = shishi_encticketpart_get_key (shishi_handle,
shishi_tkt_encticketpart (tkt), &enckey);
+ if ((rc != SHISHI_OK) || ((shishi_key_type (enckey) !=
SHISHI_DES_CBC_CRC) &&
+ (shishi_key_type (enckey) !=
SHISHI_DES_CBC_MD5)))
+ {
+ snprintf (errbuf, errbuflen, "telnet: Kerberos V5: could get
encryption key (%s)\r\n",
+ shishi_strerror (rc));
+ return 1;
+ }
+
+ shishi_tkt_done (tkt);
+ }
+
+ shishi_init_key (&skey, 1);
+#endif
+
return 0;
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- inetutils/libtelnet shishi.c encrypt.c enc_des.c,
shishi-commit <=