diff options
Diffstat (limited to 'contrib/ntp/libntp/authencrypt.c')
-rw-r--r-- | contrib/ntp/libntp/authencrypt.c | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/contrib/ntp/libntp/authencrypt.c b/contrib/ntp/libntp/authencrypt.c new file mode 100644 index 0000000..22f910c --- /dev/null +++ b/contrib/ntp/libntp/authencrypt.c @@ -0,0 +1,97 @@ +/* + * DES interface for rsaref2.0 + * + * These routines implement an interface for the RSA Laboratories + * implementation of the Data Encryption Standard (DES) algorithm + * operating in Cipher-Block Chaining (CBC) mode. This algorithm is + * included in the rsaref2.0 package available from RSA in the US and + * foreign countries. Further information is available at www.rsa.com. + */ + +#include "ntp_machine.h" + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#ifdef DES +#include "ntp_types.h" +#include "ntp_fp.h" +#include "ntp_string.h" +#include "global.h" +#include "des.h" +#include "ntp_stdlib.h" + +#define BLOCK_OCTETS 8 /* message digest size */ +#define MAXTPKT 128 /* max packet size */ + + +/* + * DESauthencrypt - generate DES-CBC message authenticator + * + * Returns length of authenticator field. + */ +int +DESauthencrypt( + u_char *key, /* key pointer */ + u_int32 *pkt, /* packet pointer */ + int length /* packet length */ + ) +{ + DES_CBC_CTX ctx; + u_int32 tpkt[MAXTPKT]; + u_int32 work[2]; + int i, j; + + /* + * DES-CBC with zero IV. Note the encrypted text is discarded. + */ + work[0] = work[1] = 0; + DES_CBCInit(&ctx, key, (u_char *)work, 1); + DES_CBCUpdate(&ctx, (u_char *)tpkt, (u_char *)pkt, + (u_int)length); + i = length / 4 + 1; + j = i - 3; + pkt[i++] = (u_int32)htonl(tpkt[j++]); + pkt[i] = (u_int32)htonl(tpkt[j]); + return (BLOCK_OCTETS + 4); +} + + +/* + * DESauthdecrypt - verify DES message authenticator + * + * Returns one if authenticator valid, zero if invalid. + */ +int +DESauthdecrypt( + u_char *key, /* key pointer */ + u_int32 *pkt, /* packet pointer */ + int length, /* packet length */ + int size /* size of MAC field */ + ) +{ + DES_CBC_CTX ctx; + u_int32 tpkt[MAXTPKT]; + u_int32 work[2]; + int i, j; + + /* + * DES-CBC with zero IV. Note the encrypted text is discarded. + */ + if (size != BLOCK_OCTETS + 4) + return (0); + work[0] = work[1] = 0; + DES_CBCInit (&ctx, key, (u_char *)work, 1); + DES_CBCUpdate (&ctx, (u_char *)tpkt, (u_char *)pkt, + (u_int)length); + i = length / 4 + 1; + j = i - 3; + if ((u_int32)ntohl(pkt[i++]) == tpkt[j++] && + (u_int32)ntohl(pkt[i]) == tpkt[j]) + return (1); + return (0); +} +#else +int authencrypt_bs; +#endif /* DES */ |