diff options
Diffstat (limited to 'secure')
47 files changed, 8519 insertions, 0 deletions
diff --git a/secure/Makefile b/secure/Makefile new file mode 100644 index 0000000..eb3f107 --- /dev/null +++ b/secure/Makefile @@ -0,0 +1,37 @@ +# $FreeBSD$ + +# lib must be first, or it will not work. This is because we reference +# the lib's in the directory where they are built from the binaries we +# want to build. + +MAINTAINER= markm + +SUBDIR= lib libexec usr.bin usr.sbin + +SDIR= ${.CURDIR}/.. + +CODAI= ${MAKE} ${MFLAGS} cleandir; \ + ${MAKE} ${MFLAGS} obj; \ + ${MAKE} ${MFLAGS} depend all install + +CODAD= ${MAKE} ${MFLAGS} cleandir; \ + ${MAKE} ${MFLAGS} obj; \ + ${MAKE} ${MFLAGS} depend all distribute + +# These are the programs which depend on secure libs +sprog: + cd ${SDIR}/bin/ed; ${CODAI} + cd ${SDIR}/sbin/init; ${CODAI} + +bootstrap: + ( cd include; ${MAKE} ${MFLAGS} install ) + ( cd lib; ${MAKE} ${MFLAGS} depend all install ) + ${MAKE} ${MFLAGS} cleandir + ${MAKE} ${MFLAGS} obj + ${MAKE} ${MFLAGS} depend all install sprog + +help-distribute: distribute + cd ${SDIR}/bin/ed; ${CODAD} + cd ${SDIR}/sbin/init; ${CODAD} + +.include <bsd.subdir.mk> diff --git a/secure/Makefile.inc b/secure/Makefile.inc new file mode 100644 index 0000000..f4968b8 --- /dev/null +++ b/secure/Makefile.inc @@ -0,0 +1,21 @@ +# $FreeBSD$ + +DISTRIBUTION?=crypto + +TELNETDIR= ${.CURDIR}/../../../crypto/telnet + +.if exists(${.OBJDIR}/../../lib/libtelnet) +TELNETOBJDIR= ${.OBJDIR}/../../lib/libtelnet +.else +TELNETOBJDIR= ${.CURDIR}/../../lib/libtelnet +.endif + +.if exists(${.CURDIR}/../../lib/libcrypt/obj) +CRYPTOBJDIR= ${.CURDIR}/../../lib/libcrypt/obj +.else +CRYPTOBJDIR= ${.CURDIR}/../../lib/libcrypt +.endif + +.if !defined(MAKE_IDEA) || ${MAKE_IDEA} != YES +CFLAGS+= -DNO_IDEA +.endif diff --git a/secure/lib/Makefile b/secure/lib/Makefile new file mode 100644 index 0000000..a3aa74c --- /dev/null +++ b/secure/lib/Makefile @@ -0,0 +1,14 @@ +# $FreeBSD$ + +SUBDIR= libcipher +.if !defined(NOCRYPT) && !defined(MAKE_KERBEROS4) +SUBDIR+=libtelnet +.endif +.if !defined(NO_OPENSSL) +SUBDIR+=libcrypto libssl +.endif +.if !defined(NO_OPENSSH) +SUBDIR+=libssh +.endif + +.include <bsd.subdir.mk> diff --git a/secure/lib/Makefile.inc b/secure/lib/Makefile.inc new file mode 100644 index 0000000..1410b21 --- /dev/null +++ b/secure/lib/Makefile.inc @@ -0,0 +1,6 @@ +# $FreeBSD$ + +.include "${.CURDIR}/../../Makefile.inc" +.if exists(${.CURDIR}/../../../lib/Makefile.inc) +.include "${.CURDIR}/../../../lib/Makefile.inc" +.endif diff --git a/secure/lib/libcipher/Makefile b/secure/lib/libcipher/Makefile new file mode 100644 index 0000000..a93667f --- /dev/null +++ b/secure/lib/libcipher/Makefile @@ -0,0 +1,16 @@ +# +# $FreeBSD$ +# + +LIB= cipher +SRCS= crypt.c +PRECIOUSLIB= yes +#NOPROFILE= yes + +MAN3= cipher.3 +MLINKS= cipher.3 encrypt.3 cipher.3 setkey.3 +MLINKS+=cipher.3 des_cipher.3 cipher.3 des_setkey.3 + +#SUBDIR= test + +.include <bsd.lib.mk> diff --git a/secure/lib/libcipher/README b/secure/lib/libcipher/README new file mode 100644 index 0000000..ab8af5a --- /dev/null +++ b/secure/lib/libcipher/README @@ -0,0 +1,98 @@ + + FreeSec - NetBSD libcrypt replacement + + David Burren <davidb@werj.com.au> + Release 1.0, March 1994 + + Document ref: $FreeBSD$ + + +Description +=========== +This library is a drop-in replacement for the libcrypt used in U.S. copies +of NetBSD, duplicating that library's functionality. A suite of verification +and benchmark tools is provided. + +FreeSec 1.0 is an original implementation of the DES algorithm and the +crypt(3) interfaces used in Unix-style operating systems. It was produced +in Australia and as such is not covered by U.S. export restrictions (at +least for copies that remain outside the U.S.). + + +History +======= +An earlier version of the FreeSec library was built using the UFC-crypt +package that is distributed as part of the GNU library. UFC-crypt did not +support the des_cipher() or des_setkey() functions, nor the new-style +crypt with long keys. These were implemented in FreeSec 0.2, but at least +one bug remained, where encryption would only succeed if either the salt +or the plaintext was zero. Because of its heritage FreeSec 0.2 was covered +by the GNU Library Licence. + +FreeSec 1.0 is an original implementation by myself, and has been tested +against the verification suite I'd been using with FreeSec 0.2 (this is not +encumbered by any licence). FreeSec 1.0 is covered by a Berkeley-style +licence, which better fits into the *BSD hierarchy than the earlier GNU +licence. + + +Why should you use FreeSec? +=========================== +FreeSec is intended as a replacement for the U.S.-only NetBSD libcrypt, +to act as a baseline for encryption functionality. + +Some other packages (such as Eric Young's libdes package) are faster and +more complete than FreeSec, but typically have different licencing +arrangements. While some applications will justify the use of these +packages, the idea here is that everyone should have access to *at least* +the functionality of FreeSec. + + +Performance of FreeSec 1.0 +========================== +I compare below the performance of three libcrypt implementations. As can be +seen, it's between the U.S. library and UFC-crypt. While the performance of +FreeSec 1.0 is good enough to keep me happy for now, I hope to improve it in +future versions. I was interested to note that while UFC-crypt is faster on +a 386, hardware characteristics can have markedly different effects on each +implementation. + + +386DX40, 128k cache | U.S. BSD | FreeSec 1.0 | FreeSec 0.2 +CFLAGS=-O2 | | | +========================+===============+===============+================== +crypt (alternate keys) | 317 | 341 | 395 + crypt/sec | | | +------------------------+---------------+---------------+------------------ +crypt (constant key) | 317 | 368 | 436 + crypt/sec | | | +------------------------+---------------+---------------+------------------ +des_cipher( , , , 1) | 6037 | 7459 | 3343 + blocks/sec | | | +------------------------+---------------+---------------+------------------ +des_cipher( , , , 25) | 8871 | 9627 | 15926 + blocks/sec | | | + +Notes: The results tabled here are the average over 10 runs. + The entry/exit code for FreeSec 0.2's des_cipher() is particularly + inefficient, thus the anomalous result for single encryptions. + + +As an experiment using a machine with a larger register set and an +obscenely fast CPU, I obtained the following results: + + 60 MHz R4400 | FreeSec 1.0 | FreeSec 0.2 + ========================+================================= + crypt (alternate keys) | 2545 | 2702 + crypt/sec | | + ------------------------+--------------------------------- + crypt (constant key) | 2852 | 2981 + crypt/sec | | + ------------------------+--------------------------------- + des_cipher( , , , 1) | 56443 | 21409 + blocks/sec | | + ------------------------+--------------------------------- + des_cipher( , , , 25) | 82531 | 18276 + blocks/sec | | + +Obviously your mileage will vary with your hardware and your compiler... diff --git a/secure/lib/libcipher/README.FreeBSD b/secure/lib/libcipher/README.FreeBSD new file mode 100644 index 0000000..2379f73 --- /dev/null +++ b/secure/lib/libcipher/README.FreeBSD @@ -0,0 +1,6 @@ +$FreeBSD$ + +This is FreeSec package for NetBSD, unchanged for +FreeBSD, except for the Makefile. + +The other stuff in libcrypt will be added in stages! diff --git a/secure/lib/libcipher/cipher.3 b/secure/lib/libcipher/cipher.3 new file mode 100644 index 0000000..a534fd7 --- /dev/null +++ b/secure/lib/libcipher/cipher.3 @@ -0,0 +1,150 @@ +.\" FreeSec: libcrypt for NetBSD +.\" +.\" Copyright (c) 1994 David Burren +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 4. Neither the name of the author nor the names of other contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.\" Manual page, using -mandoc macros +.\" +.Dd March 9, 1994 +.Dt CIPHER 3 +.Os "FreeSec 1.0" +.Sh NAME +.Nm setkey , +.Nm encrypt , +.Nm des_setkey , +.Nm des_cipher , +.Nd DES encryption +.Sh SYNOPSIS +.Ft int +.Fn setkey "char *key" +.Ft int +.Fn encrypt "char *block" "int flag" +.Ft int +.Fn des_setkey "const char *key" +.Ft int +.Fn des_cipher "const char *in" "char *out" "long salt" "int count" +.Sh DESCRIPTION +The functions, +.Fn encrypt , +.Fn setkey , +.Fn des_setkey +and +.Fn des_cipher +provide access to the +.Tn DES +algorithm. +.Fn setkey +is passed a 64-byte array of binary values (numeric 0 or 1). +A 56-bit key is extracted from this array by dividing the +array into groups of 8, and ignoring the last bit in each group. +That bit is reserved for a byte parity check by DES, but is ignored +by these functions. +.Pp +The +.Fa block +argument to +.Fn encrypt +is also a 64-byte array of binary values. +If the value of +.Fa flag +is 0, +.Fa block +is encrypted otherwise it is decrypted. +The result is returned in the original array +.Fa block +after using the key specified by +.Fn setkey +to process it. +.Pp +The argument to +.Fn des_setkey +is a character array of length 8. +The least significant bit (the parity bit) in each character is ignored, +and the remaining bits are concatenated to form a 56-bit key. +The function +.Fn des_cipher +encrypts (or decrypts if +.Fa count +is negative) the 64-bits stored in the 8 characters at +.Fa in +using +.Xr abs 3 +of +.Fa count +iterations of +.Tn DES +and stores the 64-bit result in the 8 characters at +.Fa out +(which may be the same as +.Fa in +). +The +.Fa salt +introduces disorder in the +.Tn DES +algorithm in one of 16777216 or 4096 possible ways +(ie. with 24 or 12 bits: if bit +.Em i +of the +.Ar salt +is set, then bits +.Em i +and +.Em i+24 +are swapped in the +.Tn DES +E-box output). +.Pp +The functions +.Fn setkey , +.Fn encrypt , +.Fn des_setkey , +and +.Fn des_cipher +return 0 on success and 1 on failure. +.Pp +The +.Fn setkey +and +.Fn des_setkey +functions manipulate the same key space. +.Sh SEE ALSO +.Xr login 1 , +.Xr passwd 1 , +.Xr crypt 3 , +.Xr getpass 3 , +.Xr passwd 5 +.Sh HISTORY +This library (FreeSec 1.0) was developed outside the United States of America +as an unencumbered replacement for the U.S.-only NetBSD libcrypt encryption +library. +Users should be aware that this code (and programs staticly linked with it) +may not be exported from the U.S., although it apparently can be imported. +.Sh AUTHORS +.An David Burren Aq davidb@werj.com.au diff --git a/secure/lib/libcipher/crypt.c b/secure/lib/libcipher/crypt.c new file mode 100644 index 0000000..4798371 --- /dev/null +++ b/secure/lib/libcipher/crypt.c @@ -0,0 +1,623 @@ +/* + * FreeSec: libcrypt for NetBSD + * + * Copyright (c) 1994 David Burren + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the author nor the names of other contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + * + * This is an original implementation of the DES and the crypt(3) interfaces + * by David Burren <davidb@werj.com.au>. + * + * An excellent reference on the underlying algorithm (and related + * algorithms) is: + * + * B. Schneier, Applied Cryptography: protocols, algorithms, + * and source code in C, John Wiley & Sons, 1994. + * + * Note that in that book's description of DES the lookups for the initial, + * pbox, and final permutations are inverted (this has been brought to the + * attention of the author). A list of errata for this book has been + * posted to the sci.crypt newsgroup by the author and is available for FTP. + * + * ARCHITECTURE ASSUMPTIONS: + * This code assumes that u_longs are 32 bits. It will probably not + * operate on 64-bit machines without modifications. + * It is assumed that the 8-byte arrays passed by reference can be + * addressed as arrays of u_longs (ie. the CPU is not picky about + * alignment). + */ +#include <sys/types.h> +#include <sys/param.h> +#include <pwd.h> + +#ifdef DEBUG +# include <stdio.h> +#endif + + +static u_char IP[64] = { + 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 +}; + +static u_char inv_key_perm[64]; +static u_char u_key_perm[56]; +static u_char key_perm[56] = { + 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 +}; + +static u_char key_shifts[16] = { + 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 +}; + +static u_char inv_comp_perm[56]; +static u_char comp_perm[48] = { + 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 +}; + +/* + * No E box is used, as it's replaced by some ANDs, shifts, and ORs. + */ + +static u_char u_sbox[8][64]; +static u_char sbox[8][64] = { + { + 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, + 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, + 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, + 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 + }, + { + 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, + 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, + 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, + 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 + }, + { + 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, + 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, + 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, + 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 + }, + { + 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, + 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, + 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, + 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 + }, + { + 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, + 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, + 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, + 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 + }, + { + 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, + 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, + 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, + 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 + }, + { + 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, + 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, + 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, + 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 + }, + { + 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, + 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, + 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, + 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 + } +}; + +static u_char un_pbox[32]; +static u_char pbox[32] = { + 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, + 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 +}; + +static u_long bits32[32] = +{ + 0x80000000, 0x40000000, 0x20000000, 0x10000000, + 0x08000000, 0x04000000, 0x02000000, 0x01000000, + 0x00800000, 0x00400000, 0x00200000, 0x00100000, + 0x00080000, 0x00040000, 0x00020000, 0x00010000, + 0x00008000, 0x00004000, 0x00002000, 0x00001000, + 0x00000800, 0x00000400, 0x00000200, 0x00000100, + 0x00000080, 0x00000040, 0x00000020, 0x00000010, + 0x00000008, 0x00000004, 0x00000002, 0x00000001 +}; + +static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; + +static u_long saltbits; +static long old_salt; +static u_long *bits28, *bits24; +static u_char init_perm[64], final_perm[64]; +static u_long en_keysl[16], en_keysr[16]; +static u_long de_keysl[16], de_keysr[16]; +static int des_initialised = 0; +static u_char m_sbox[4][4096]; +static u_long psbox[4][256]; +static u_long ip_maskl[8][256], ip_maskr[8][256]; +static u_long fp_maskl[8][256], fp_maskr[8][256]; +static u_long key_perm_maskl[8][128], key_perm_maskr[8][128]; +static u_long comp_maskl[8][128], comp_maskr[8][128]; +static u_long old_rawkey0, old_rawkey1; + +static u_char ascii64[] = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +/* 0000000000111111111122222222223333333333444444444455555555556666 */ +/* 0123456789012345678901234567890123456789012345678901234567890123 */ + +static inline int +ascii_to_bin(char ch) +{ + if (ch > 'z') + return(0); + if (ch >= 'a') + return(ch - 'a' + 38); + if (ch > 'Z') + return(0); + if (ch >= 'A') + return(ch - 'A' + 12); + if (ch > '9') + return(0); + if (ch >= '.') + return(ch - '.'); + return(0); +} + + +static void +des_init() +{ + int i, j, b, k, inbit, obit; + u_long *p, *il, *ir, *fl, *fr; + + old_rawkey0 = old_rawkey1 = 0L; + saltbits = 0L; + old_salt = 0L; + bits24 = (bits28 = bits32 + 4) + 4; + + /* + * Invert the S-boxes, reordering the input bits. + */ + for (i = 0; i < 8; i++) + for (j = 0; j < 64; j++) { + b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); + u_sbox[i][j] = sbox[i][b]; + } + + /* + * Convert the inverted S-boxes into 4 arrays of 8 bits. + * Each will handle 12 bits of the S-box input. + */ + for (b = 0; b < 4; b++) + for (i = 0; i < 64; i++) + for (j = 0; j < 64; j++) + m_sbox[b][(i << 6) | j] = + (u_sbox[(b << 1)][i] << 4) | + u_sbox[(b << 1) + 1][j]; + + /* + * Set up the initial & final permutations into a useful form, and + * initialise the inverted key permutation. + */ + for (i = 0; i < 64; i++) { + init_perm[final_perm[i] = IP[i] - 1] = i; + inv_key_perm[i] = 255; + } + + /* + * Invert the key permutation and initialise the inverted key + * compression permutation. + */ + for (i = 0; i < 56; i++) { + u_key_perm[i] = key_perm[i] - 1; + inv_key_perm[key_perm[i] - 1] = i; + inv_comp_perm[i] = 255; + } + + /* + * Invert the key compression permutation. + */ + for (i = 0; i < 48; i++) { + inv_comp_perm[comp_perm[i] - 1] = i; + } + + /* + * Set up the OR-mask arrays for the initial and final permutations, + * and for the key initial and compression permutations. + */ + for (k = 0; k < 8; k++) { + for (i = 0; i < 256; i++) { + *(il = &ip_maskl[k][i]) = 0L; + *(ir = &ip_maskr[k][i]) = 0L; + *(fl = &fp_maskl[k][i]) = 0L; + *(fr = &fp_maskr[k][i]) = 0L; + for (j = 0; j < 8; j++) { + inbit = 8 * k + j; + if (i & bits8[j]) { + if ((obit = init_perm[inbit]) < 32) + *il |= bits32[obit]; + else + *ir |= bits32[obit-32]; + if ((obit = final_perm[inbit]) < 32) + *fl |= bits32[obit]; + else + *fr |= bits32[obit - 32]; + } + } + } + for (i = 0; i < 128; i++) { + *(il = &key_perm_maskl[k][i]) = 0L; + *(ir = &key_perm_maskr[k][i]) = 0L; + for (j = 0; j < 7; j++) { + inbit = 8 * k + j; + if (i & bits8[j + 1]) { + if ((obit = inv_key_perm[inbit]) == 255) + continue; + if (obit < 28) + *il |= bits28[obit]; + else + *ir |= bits28[obit - 28]; + } + } + *(il = &comp_maskl[k][i]) = 0L; + *(ir = &comp_maskr[k][i]) = 0L; + for (j = 0; j < 7; j++) { + inbit = 7 * k + j; + if (i & bits8[j + 1]) { + if ((obit=inv_comp_perm[inbit]) == 255) + continue; + if (obit < 24) + *il |= bits24[obit]; + else + *ir |= bits24[obit - 24]; + } + } + } + } + + /* + * Invert the P-box permutation, and convert into OR-masks for + * handling the output of the S-box arrays setup above. + */ + for (i = 0; i < 32; i++) + un_pbox[pbox[i] - 1] = i; + + for (b = 0; b < 4; b++) + for (i = 0; i < 256; i++) { + *(p = &psbox[b][i]) = 0L; + for (j = 0; j < 8; j++) { + if (i & bits8[j]) + *p |= bits32[un_pbox[8 * b + j]]; + } + } + + des_initialised = 1; +} + + +static void +setup_salt(long salt) +{ + u_long obit, saltbit; + int i; + + if (salt == old_salt) + return; + old_salt = salt; + + saltbits = 0L; + saltbit = 1; + obit = 0x800000; + for (i = 0; i < 24; i++) { + if (salt & saltbit) + saltbits |= obit; + saltbit <<= 1; + obit >>= 1; + } +} + + +int +des_setkey(const char *key) +{ + u_long k0, k1, rawkey0, rawkey1; + int shifts, i, b, round; + + if (!des_initialised) + des_init(); + + rawkey0 = ntohl(*(u_long *) key); + rawkey1 = ntohl(*(u_long *) (key + 4)); + + if ((rawkey0 | rawkey1) + && rawkey0 == old_rawkey0 + && rawkey1 == old_rawkey1) { + /* + * Already setup for this key. + * This optimisation fails on a zero key (which is weak and + * has bad parity anyway) in order to simplify the starting + * conditions. + */ + return(0); + } + old_rawkey0 = rawkey0; + old_rawkey1 = rawkey1; + + /* + * Do key permutation and split into two 28-bit subkeys. + */ + k0 = key_perm_maskl[0][rawkey0 >> 25] + | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] + | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] + | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] + | key_perm_maskl[4][rawkey1 >> 25] + | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] + | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] + | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; + k1 = key_perm_maskr[0][rawkey0 >> 25] + | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] + | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] + | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] + | key_perm_maskr[4][rawkey1 >> 25] + | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] + | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] + | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; + /* + * Rotate subkeys and do compression permutation. + */ + shifts = 0; + for (round = 0; round < 16; round++) { + u_long t0, t1; + int bit; + + shifts += key_shifts[round]; + + t0 = (k0 << shifts) | (k0 >> (28 - shifts)); + t1 = (k1 << shifts) | (k1 >> (28 - shifts)); + + de_keysl[15 - round] = + en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] + | comp_maskl[1][(t0 >> 14) & 0x7f] + | comp_maskl[2][(t0 >> 7) & 0x7f] + | comp_maskl[3][t0 & 0x7f] + | comp_maskl[4][(t1 >> 21) & 0x7f] + | comp_maskl[5][(t1 >> 14) & 0x7f] + | comp_maskl[6][(t1 >> 7) & 0x7f] + | comp_maskl[7][t1 & 0x7f]; + + de_keysr[15 - round] = + en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] + | comp_maskr[1][(t0 >> 14) & 0x7f] + | comp_maskr[2][(t0 >> 7) & 0x7f] + | comp_maskr[3][t0 & 0x7f] + | comp_maskr[4][(t1 >> 21) & 0x7f] + | comp_maskr[5][(t1 >> 14) & 0x7f] + | comp_maskr[6][(t1 >> 7) & 0x7f] + | comp_maskr[7][t1 & 0x7f]; + } + return(0); +} + + +static int +do_des( u_long l_in, u_long r_in, u_long *l_out, u_long *r_out, int count) +{ + /* + * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. + */ + u_long mask, rawl, rawr, l, r, *kl, *kr, *kl1, *kr1; + u_long f, r48l, r48r; + int i, j, b, round; + + if (count == 0) { + return(1); + } else if (count > 0) { + /* + * Encrypting + */ + kl1 = en_keysl; + kr1 = en_keysr; + } else { + /* + * Decrypting + */ + count = -count; + kl1 = de_keysl; + kr1 = de_keysr; + } + + /* + * Do initial permutation (IP). + */ + l = ip_maskl[0][l_in >> 24] + | ip_maskl[1][(l_in >> 16) & 0xff] + | ip_maskl[2][(l_in >> 8) & 0xff] + | ip_maskl[3][l_in & 0xff] + | ip_maskl[4][r_in >> 24] + | ip_maskl[5][(r_in >> 16) & 0xff] + | ip_maskl[6][(r_in >> 8) & 0xff] + | ip_maskl[7][r_in & 0xff]; + r = ip_maskr[0][l_in >> 24] + | ip_maskr[1][(l_in >> 16) & 0xff] + | ip_maskr[2][(l_in >> 8) & 0xff] + | ip_maskr[3][l_in & 0xff] + | ip_maskr[4][r_in >> 24] + | ip_maskr[5][(r_in >> 16) & 0xff] + | ip_maskr[6][(r_in >> 8) & 0xff] + | ip_maskr[7][r_in & 0xff]; + + while (count--) { + /* + * Do each round. + */ + kl = kl1; + kr = kr1; + round = 16; + while (round--) { + /* + * Expand R to 48 bits (simulate the E-box). + */ + r48l = ((r & 0x00000001) << 23) + | ((r & 0xf8000000) >> 9) + | ((r & 0x1f800000) >> 11) + | ((r & 0x01f80000) >> 13) + | ((r & 0x001f8000) >> 15); + + r48r = ((r & 0x0001f800) << 7) + | ((r & 0x00001f80) << 5) + | ((r & 0x000001f8) << 3) + | ((r & 0x0000001f) << 1) + | ((r & 0x80000000) >> 31); + /* + * Do salting for crypt() and friends, and + * XOR with the permuted key. + */ + f = (r48l ^ r48r) & saltbits; + r48l ^= f ^ *kl++; + r48r ^= f ^ *kr++; + /* + * Do sbox lookups (which shrink it back to 32 bits) + * and do the pbox permutation at the same time. + */ + f = psbox[0][m_sbox[0][r48l >> 12]] + | psbox[1][m_sbox[1][r48l & 0xfff]] + | psbox[2][m_sbox[2][r48r >> 12]] + | psbox[3][m_sbox[3][r48r & 0xfff]]; + /* + * Now that we've permuted things, complete f(). + */ + f ^= l; + l = r; + r = f; + } + r = l; + l = f; + } + /* + * Do final permutation (inverse of IP). + */ + *l_out = fp_maskl[0][l >> 24] + | fp_maskl[1][(l >> 16) & 0xff] + | fp_maskl[2][(l >> 8) & 0xff] + | fp_maskl[3][l & 0xff] + | fp_maskl[4][r >> 24] + | fp_maskl[5][(r >> 16) & 0xff] + | fp_maskl[6][(r >> 8) & 0xff] + | fp_maskl[7][r & 0xff]; + *r_out = fp_maskr[0][l >> 24] + | fp_maskr[1][(l >> 16) & 0xff] + | fp_maskr[2][(l >> 8) & 0xff] + | fp_maskr[3][l & 0xff] + | fp_maskr[4][r >> 24] + | fp_maskr[5][(r >> 16) & 0xff] + | fp_maskr[6][(r >> 8) & 0xff] + | fp_maskr[7][r & 0xff]; + return(0); +} + + +int +des_cipher(const char *in, char *out, long salt, int count) +{ + u_long l_out, r_out, rawl, rawr; + int retval; + + if (!des_initialised) + des_init(); + + setup_salt(salt); + + rawl = ntohl(*((u_long *) in)++); + rawr = ntohl(*((u_long *) in)); + + retval = do_des(rawl, rawr, &l_out, &r_out, count); + + *((u_long *) out)++ = htonl(l_out); + *((u_long *) out) = htonl(r_out); + return(retval); +} + + +int +setkey(char *key) +{ + int i, j; + u_long packed_keys[2]; + u_char *p; + + p = (u_char *) packed_keys; + + for (i = 0; i < 8; i++) { + p[i] = 0; + for (j = 0; j < 8; j++) + if (*key++ & 1) + p[i] |= bits8[j]; + } + return(des_setkey(p)); +} + + +int +encrypt(char *block, int flag) +{ + u_long io[2]; + u_char *p; + int i, j, retval; + + if (!des_initialised) + des_init(); + + setup_salt(0L); + p = block; + for (i = 0; i < 2; i++) { + io[i] = 0L; + for (j = 0; j < 32; j++) + if (*p++ & 1) + io[i] |= bits32[j]; + } + retval = do_des(io[0], io[1], io, io + 1, flag ? -1 : 1); + for (i = 0; i < 2; i++) + for (j = 0; j < 32; j++) + block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0; + return(retval); +} + diff --git a/secure/lib/libcipher/test/Makefile b/secure/lib/libcipher/test/Makefile new file mode 100644 index 0000000..50ae571 --- /dev/null +++ b/secure/lib/libcipher/test/Makefile @@ -0,0 +1,56 @@ +# +# Hacked Makefile to compile and run the DES-certification program, +# but not install anything. +# +# $FreeBSD$ +# +LIBCRYPT!=cd $(.CURDIR)/..; \ + printf "xxx:\n\techo \$${.OBJDIR}/libcipher.a\n" | make -r -s -f - xxx + +#CFLAGS+= -DHAVE_CRYPT16 +LIBCRYPT+= -lcrypt + +TARGETS=cert speedcrypt speeddes + +all: ${TARGETS} + +test: all testcrypt testencrypt testdes testspeed + +testcrypt: cert + @./cert -c + +testencrypt: cert + @./cert -e < ${.CURDIR}/cert.input + +testdes: cert + @./cert -d < ${.CURDIR}/cert.input + +testspeed: cryptspeed desspeed + +cryptspeed: speedcrypt + @./speedcrypt 30 1 + @./speedcrypt 30 1 + @./speedcrypt 30 0 + @./speedcrypt 30 0 + +desspeed: speeddes + @./speeddes 30 1 + @./speeddes 30 1 + @./speeddes 40 25 + @./speeddes 40 25 + +cert: cert.c ${LIBCRYPT} + $(CC) $(CFLAGS) -o cert ${.CURDIR}/cert.c ${LIBCRYPT} + +speedcrypt: speedcrypt.c ${LIBCRYPT} + $(CC) $(CFLAGS) -o speedcrypt ${.CURDIR}/speedcrypt.c ${LIBCRYPT} + +speeddes: speeddes.c ${LIBCRYPT} + $(CC) $(CFLAGS) -o speeddes ${.CURDIR}/speeddes.c ${LIBCRYPT} + +clean: + rm -f ${TARGETS} + +install: + +.include <bsd.prog.mk> diff --git a/secure/lib/libcipher/test/README b/secure/lib/libcipher/test/README new file mode 100644 index 0000000..eb6b0be --- /dev/null +++ b/secure/lib/libcipher/test/README @@ -0,0 +1,10 @@ +This directory contains test programs to certify DES operation and to +time the crypt() call (of curiosity value). + +Simply type `make test` to run the tests. + +The normal `make all` and `make install` that get done during library building +and installation will build these programs BUT NOT INSTALL THEM. After all, +they're only for testing... + +- David Burren, January 1994 diff --git a/secure/lib/libcipher/test/cert.c b/secure/lib/libcipher/test/cert.c new file mode 100644 index 0000000..e9907b9 --- /dev/null +++ b/secure/lib/libcipher/test/cert.c @@ -0,0 +1,344 @@ +/* + * This DES validation program shipped with FreeSec is derived from that + * shipped with UFC-crypt which is apparently derived from one distributed + * with Phil Karns PD DES package. + * + * $FreeBSD$ + */ + +#include <stdio.h> + +int totfails = 0; + +char *crypt(); +#ifdef HAVE_CRYPT16 +char *crypt16(); +#endif /* HAVE_CRYPT16 */ + + +static struct crypt_test { + char *key, *setting, *answer; +} crypt_tests[] = { + "foob", "ar", "arlEKn0OzVJn.", + "holyhooplasbatman!", "_X.......", "_X.......N89y2Z.e4WU", + "holyhooplasbatman!", "_X...X...", "_X...X...rSUDQ5Na/QM", + "holyhooplasbatman!", "_XX..X...", "_XX..X...P8vb9xU4JAk", + "holyhooplasbatman!", "_XX..XX..", "_XX..XX..JDs5IlGLqT2", + "holyhooplasbatman!", "_XX..XXa.", "_XX..XXa.bFVsOnCNh8Y", + "holyhooplasbatman!", "_XXa.X...", "_XXa.X...Ghsb3QKNaps", +#ifdef TAKES_TOO_LONG_ON_SOME_CRYPTS + "holyhooplasbatman!", "_arararar", "_ararararNGMzvpNjeCc", +#endif + NULL, NULL, NULL, +}; + + +static struct crypt_test crypt16_tests[] = { + "foob", "ar", "arxo23jZDD5AYbHbqoy9Dalg", + "holyhooplasbatman!", "ar", "arU5FRLJ3kxIoedlmyrOelEw", + NULL, NULL, NULL +}; + + +void good_bye() +{ + if(totfails == 0) { + printf(" Passed validation\n"); + exit(0); + } else { + printf(" %d failures during validation!!!\n", totfails); + exit(1); + } +} + + +void put8(cp) +char *cp; +{ + int i,j,t; + + for(i = 0; i < 8; i++){ + t = 0; + for(j = 0; j < 8; j++) + t = t << 1 | *cp++; + printf("%02x", t); + } +} + + +void print_bits(bits) +unsigned char *bits; +{ + int i; + + for (i = 0; i < 8; i++) { + printf("%02x", bits[i]); + } +} + + +int parse_line(buff, salt, key, plain, answer) +char *buff; +long *salt; +char *key, *plain, *answer; +{ + char *ptr1, *ptr2; + int val; + int i,j,t; + + /* + * Extract salt + */ + if (sscanf(buff, "%lu", salt) != 1) + return(-1); + for (ptr2 = buff; *ptr2 && !isspace(*ptr2); ptr2++) + ; + + /* + * Extract key + */ + for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++) + ; + for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++) + ; + if (ptr2 - ptr1 != 16) + return(-1); + for (i = 0; i < 8; i++){ + if (sscanf(ptr1 + 2*i, "%2x", &t) != 1) + return(-2); + for (j = 0; j < 8; j++) + *key++ = (t & 1 << (7 - j)) != 0; + } + + /* + * Extract plain + */ + for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++) + ; + for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++) + ; + if (ptr2 - ptr1 != 16) + return(-1); + for (i = 0; i < 8; i++){ + if (sscanf(ptr1 + 2*i, "%2x", &t) != 1) + return(-2); + for (j = 0; j < 8; j++) + *plain++ = (t & 1 << (7 - j)) != 0; + } + + /* + * Extract answer + */ + for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++) + ; + for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++) + ; + if (ptr2 - ptr1 != 16) + return(-1); + for (i = 0; i < 8; i++){ + if (sscanf(ptr1 + 2*i, "%2x", &t) != 1) + return(-2); + for (j = 0; j < 8; j++) + *answer++ = (t & 1 << (7 - j)) != 0; + } + return(0); +} + +/* + * Test the setkey and encrypt functions + */ +void test_encrypt() +{ + char key[64],plain[64],cipher[64],answer[64]; + char buff[BUFSIZ]; + unsigned long salt; + int i; + int test; + int fail; + + printf("Testing setkey/encrypt\n"); + + for(test=0;fgets(buff, BUFSIZ, stdin);test++){ + + /* + * Allow comments. + */ + if (*buff == '#') + continue; + + if ((fail = parse_line(buff, &salt, key, plain, answer)) < 0){ + printf("test %d garbled (%d)\n", test, fail); + continue; + } + + if (salt) + continue; /* encrypt has no salt support */ + + printf(" K: "); put8(key); + printf(" P: "); put8(plain); + printf(" C: "); put8(answer); + + setkey(key); + for(i = 0; i < 64; i++) + cipher[i] = plain[i]; + encrypt(cipher, 0); + + for(i=0;i<64;i++) + if(cipher[i] != answer[i]) + break; + fail = 0; + if(i != 64){ + printf(" Enc FAIL "); + put8(cipher); + fail++; totfails++; + } + + encrypt(cipher, 1); + + for(i=0;i<64;i++) + if(cipher[i] != plain[i]) + break; + if(i != 64){ + printf(" Dec FAIL"); + fail++; totfails++; + } + + if(fail == 0) + printf(" OK"); + printf("\n"); + } +} + + +void bytes_to_bits(bytes, bits) +char *bytes; +unsigned char *bits; +{ + int i, j; + + for (i = 0; i < 8; i++) { + bits[i] = 0; + for (j = 0; j < 8; j++) { + bits[i] |= (bytes[i*8+j] & 1) << (7 - j); + } + } +} + + +/* + * Test the des_setkey and des_cipher functions + */ +void test_des() +{ + char ckey[64], cplain[64], canswer[64]; + unsigned char key[8], plain[8], cipher[8], answer[8]; + char buff[BUFSIZ]; + unsigned long salt; + int i; + int test; + int fail; + + printf("Testing des_setkey/des_cipher\n"); + + for(test=0;fgets(buff, BUFSIZ, stdin);test++){ + + /* + * Allow comments. + */ + if (*buff == '#') + continue; + + if ((fail = parse_line(buff, &salt, ckey, cplain, canswer)) <0){ + printf("test %d garbled (%d)\n", test, fail); + continue; + } + + printf(" S: %06x", salt); + printf(" K: "); put8(ckey); + printf(" P: "); put8(cplain); + printf(" C: "); put8(canswer); + + bytes_to_bits(ckey, key); + bytes_to_bits(cplain, plain); + bytes_to_bits(canswer, answer); + des_setkey(key); + des_cipher(plain, cipher, salt, 1); + + for(i = 0; i < 8; i++) + if(cipher[i] != answer[i]) + break; + fail = 0; + if(i != 8){ + printf(" Enc FAIL "); + print_bits(cipher); + fail++; totfails++; + } + + des_cipher(cipher, cipher, salt, -1); + + for(i = 0; i < 8; i++) + if(cipher[i] != plain[i]) + break; + if(i != 8){ + printf(" Dec FAIL"); + fail++; totfails++; + } + + if(fail == 0) + printf(" OK"); + printf("\n"); + } +} + + +/* + * Test the old-style crypt(), the new-style crypt(), and crypt16(). + */ +void test_crypt() +{ + char *result; + struct crypt_test *p; + + printf("Testing crypt() family\n"); + + for (p = crypt_tests; p->key; p++) { + printf(" crypt(\"%s\", \"%s\"), \"%s\" expected", + p->key, p->setting, p->answer); + fflush(stdout); + result = crypt(p->key, p->setting); + if(!strcmp(result, p->answer)) { + printf(", OK\n"); + } else { + printf("\n failed (\"%s\")\n", result); + totfails++; + } + } + +#ifdef HAVE_CRYPT16 + for (p = crypt16_tests; p->key; p++) { + printf(" crypt16(\"%s\", \"%s\"), \"%s\" expected", + p->key, p->setting, p->answer); + fflush(stdout); + result = crypt16(p->key, p->setting); + if(!strcmp(result, p->answer)) { + printf(", OK\n"); + } else { + printf("\n failed (\"%s\")\n", result); + totfails++; + } + } +#endif /* HAVE_CRYPT16 */ +} + +main(argc, argv) +int argc; +char *argv[]; +{ + if(argc < 1 || !strcmp(argv[1], "-e")) + test_encrypt(); + else if(!strcmp(argv[1], "-d")) + test_des(); + else if(!strcmp(argv[1], "-c")) + test_crypt(); + good_bye(); +} diff --git a/secure/lib/libcipher/test/cert.input b/secure/lib/libcipher/test/cert.input new file mode 100644 index 0000000..e7c715c --- /dev/null +++ b/secure/lib/libcipher/test/cert.input @@ -0,0 +1,179 @@ +# $FreeBSD$ +# +# Salt, key, plaintext, ciphertext +# +0 0101010101010101 95f8a5e5dd31d900 8000000000000000 +0 0101010101010101 dd7f121ca5015619 4000000000000000 +0 0101010101010101 2e8653104f3834ea 2000000000000000 +0 0101010101010101 4bd388ff6cd81d4f 1000000000000000 +0 0101010101010101 20b9e767b2fb1456 0800000000000000 +0 0101010101010101 55579380d77138ef 0400000000000000 +0 0101010101010101 6cc5defaaf04512f 0200000000000000 +0 0101010101010101 0d9f279ba5d87260 0100000000000000 +0 0101010101010101 d9031b0271bd5a0a 0080000000000000 +0 0101010101010101 424250b37c3dd951 0040000000000000 +0 0101010101010101 b8061b7ecd9a21e5 0020000000000000 +0 0101010101010101 f15d0f286b65bd28 0010000000000000 +0 0101010101010101 add0cc8d6e5deba1 0008000000000000 +0 0101010101010101 e6d5f82752ad63d1 0004000000000000 +0 0101010101010101 ecbfe3bd3f591a5e 0002000000000000 +0 0101010101010101 f356834379d165cd 0001000000000000 +0 0101010101010101 2b9f982f20037fa9 0000800000000000 +0 0101010101010101 889de068a16f0be6 0000400000000000 +0 0101010101010101 e19e275d846a1298 0000200000000000 +0 0101010101010101 329a8ed523d71aec 0000100000000000 +0 0101010101010101 e7fce22557d23c97 0000080000000000 +0 0101010101010101 12a9f5817ff2d65d 0000040000000000 +0 0101010101010101 a484c3ad38dc9c19 0000020000000000 +0 0101010101010101 fbe00a8a1ef8ad72 0000010000000000 +0 0101010101010101 750d079407521363 0000008000000000 +0 0101010101010101 64feed9c724c2faf 0000004000000000 +0 0101010101010101 f02b263b328e2b60 0000002000000000 +0 0101010101010101 9d64555a9a10b852 0000001000000000 +0 0101010101010101 d106ff0bed5255d7 0000000800000000 +0 0101010101010101 e1652c6b138c64a5 0000000400000000 +0 0101010101010101 e428581186ec8f46 0000000200000000 +0 0101010101010101 aeb5f5ede22d1a36 0000000100000000 +0 0101010101010101 e943d7568aec0c5c 0000000080000000 +0 0101010101010101 df98c8276f54b04b 0000000040000000 +0 0101010101010101 b160e4680f6c696f 0000000020000000 +0 0101010101010101 fa0752b07d9c4ab8 0000000010000000 +0 0101010101010101 ca3a2b036dbc8502 0000000008000000 +0 0101010101010101 5e0905517bb59bcf 0000000004000000 +0 0101010101010101 814eeb3b91d90726 0000000002000000 +0 0101010101010101 4d49db1532919c9f 0000000001000000 +0 0101010101010101 25eb5fc3f8cf0621 0000000000800000 +0 0101010101010101 ab6a20c0620d1c6f 0000000000400000 +0 0101010101010101 79e90dbc98f92cca 0000000000200000 +0 0101010101010101 866ecedd8072bb0e 0000000000100000 +0 0101010101010101 8b54536f2f3e64a8 0000000000080000 +0 0101010101010101 ea51d3975595b86b 0000000000040000 +0 0101010101010101 caffc6ac4542de31 0000000000020000 +0 0101010101010101 8dd45a2ddf90796c 0000000000010000 +0 0101010101010101 1029d55e880ec2d0 0000000000008000 +0 0101010101010101 5d86cb23639dbea9 0000000000004000 +0 0101010101010101 1d1ca853ae7c0c5f 0000000000002000 +0 0101010101010101 ce332329248f3228 0000000000001000 +0 0101010101010101 8405d1abe24fb942 0000000000000800 +0 0101010101010101 e643d78090ca4207 0000000000000400 +0 0101010101010101 48221b9937748a23 0000000000000200 +0 0101010101010101 dd7c0bbd61fafd54 0000000000000100 +0 0101010101010101 2fbc291a570db5c4 0000000000000080 +0 0101010101010101 e07c30d7e4e26e12 0000000000000040 +0 0101010101010101 0953e2258e8e90a1 0000000000000020 +0 0101010101010101 5b711bc4ceebf2ee 0000000000000010 +0 0101010101010101 cc083f1e6d9e85f6 0000000000000008 +0 0101010101010101 d2fd8867d50d2dfe 0000000000000004 +0 0101010101010101 06e7ea22ce92708f 0000000000000002 +0 0101010101010101 166b40b44aba4bd6 0000000000000001 +0 8001010101010101 0000000000000000 95a8d72813daa94d +0 4001010101010101 0000000000000000 0eec1487dd8c26d5 +0 2001010101010101 0000000000000000 7ad16ffb79c45926 +0 1001010101010101 0000000000000000 d3746294ca6a6cf3 +0 0801010101010101 0000000000000000 809f5f873c1fd761 +0 0401010101010101 0000000000000000 c02faffec989d1fc +0 0201010101010101 0000000000000000 4615aa1d33e72f10 +0 0180010101010101 0000000000000000 2055123350c00858 +0 0140010101010101 0000000000000000 df3b99d6577397c8 +0 0120010101010101 0000000000000000 31fe17369b5288c9 +0 0110010101010101 0000000000000000 dfdd3cc64dae1642 +0 0108010101010101 0000000000000000 178c83ce2b399d94 +0 0104010101010101 0000000000000000 50f636324a9b7f80 +0 0102010101010101 0000000000000000 a8468ee3bc18f06d +0 0101800101010101 0000000000000000 a2dc9e92fd3cde92 +0 0101400101010101 0000000000000000 cac09f797d031287 +0 0101200101010101 0000000000000000 90ba680b22aeb525 +0 0101100101010101 0000000000000000 ce7a24f350e280b6 +0 0101080101010101 0000000000000000 882bff0aa01a0b87 +0 0101040101010101 0000000000000000 25610288924511c2 +0 0101020101010101 0000000000000000 c71516c29c75d170 +0 0101018001010101 0000000000000000 5199c29a52c9f059 +0 0101014001010101 0000000000000000 c22f0a294a71f29f +0 0101012001010101 0000000000000000 ee371483714c02ea +0 0101011001010101 0000000000000000 a81fbd448f9e522f +0 0101010801010101 0000000000000000 4f644c92e192dfed +0 0101010401010101 0000000000000000 1afa9a66a6df92ae +0 0101010201010101 0000000000000000 b3c1cc715cb879d8 +0 0101010180010101 0000000000000000 19d032e64ab0bd8b +0 0101010140010101 0000000000000000 3cfaa7a7dc8720dc +0 0101010120010101 0000000000000000 b7265f7f447ac6f3 +0 0101010110010101 0000000000000000 9db73b3c0d163f54 +0 0101010108010101 0000000000000000 8181b65babf4a975 +0 0101010104010101 0000000000000000 93c9b64042eaa240 +0 0101010102010101 0000000000000000 5570530829705592 +0 0101010101800101 0000000000000000 8638809e878787a0 +0 0101010101400101 0000000000000000 41b9a79af79ac208 +0 0101010101200101 0000000000000000 7a9be42f2009a892 +0 0101010101100101 0000000000000000 29038d56ba6d2745 +0 0101010101080101 0000000000000000 5495c6abf1e5df51 +0 0101010101040101 0000000000000000 ae13dbd561488933 +0 0101010101020101 0000000000000000 024d1ffa8904e389 +0 0101010101018001 0000000000000000 d1399712f99bf02e +0 0101010101014001 0000000000000000 14c1d7c1cffec79e +0 0101010101012001 0000000000000000 1de5279dae3bed6f +0 0101010101011001 0000000000000000 e941a33f85501303 +0 0101010101010801 0000000000000000 da99dbbc9a03f379 +0 0101010101010401 0000000000000000 b7fc92f91d8e92e9 +0 0101010101010201 0000000000000000 ae8e5caa3ca04e85 +0 0101010101010180 0000000000000000 9cc62df43b6eed74 +0 0101010101010140 0000000000000000 d863dbb5c59a91a0 +0 0101010101010120 0000000000000000 a1ab2190545b91d7 +0 0101010101010110 0000000000000000 0875041e64c570f7 +0 0101010101010108 0000000000000000 5a594528bebef1cc +0 0101010101010104 0000000000000000 fcdb3291de21f0c0 +0 0101010101010102 0000000000000000 869efd7f9f265a09 +0 1046913489980131 0000000000000000 88d55e54f54c97b4 +0 1007103489988020 0000000000000000 0c0cc00c83ea48fd +0 10071034c8980120 0000000000000000 83bc8ef3a6570183 +0 1046103489988020 0000000000000000 df725dcad94ea2e9 +0 1086911519190101 0000000000000000 e652b53b550be8b0 +0 1086911519580101 0000000000000000 af527120c485cbb0 +0 5107b01519580101 0000000000000000 0f04ce393db926d5 +0 1007b01519190101 0000000000000000 c9f00ffc74079067 +0 3107915498080101 0000000000000000 7cfd82a593252b4e +0 3107919498080101 0000000000000000 cb49a2f9e91363e3 +0 10079115b9080140 0000000000000000 00b588be70d23f56 +0 3107911598080140 0000000000000000 406a9a6ab43399ae +0 1007d01589980101 0000000000000000 6cb773611dca9ada +0 9107911589980101 0000000000000000 67fd21c17dbb5d70 +0 9107d01589190101 0000000000000000 9592cb4110430787 +0 1007d01598980120 0000000000000000 a6b7ff68a318ddd3 +0 1007940498190101 0000000000000000 4d102196c914ca16 +0 0107910491190401 0000000000000000 2dfa9f4573594965 +0 0107910491190101 0000000000000000 b46604816c0e0774 +0 0107940491190401 0000000000000000 6e7e6221a4f34e87 +0 19079210981a0101 0000000000000000 aa85e74643233199 +0 1007911998190801 0000000000000000 2e5a19db4d1962d6 +0 10079119981a0801 0000000000000000 23a866a809d30894 +0 1007921098190101 0000000000000000 d812d961f017d320 +0 100791159819010b 0000000000000000 055605816e58608f +0 1004801598190101 0000000000000000 abd88e8b1b7716f1 +0 1004801598190102 0000000000000000 537ac95be69da1e1 +0 1004801598190108 0000000000000000 aed0f6ae3c25cdd8 +0 1002911598100104 0000000000000000 b3e35a5ee53e7b8d +0 1002911598190104 0000000000000000 61c79c71921a2ef8 +0 1002911598100201 0000000000000000 e2f5728f0995013c +0 1002911698100101 0000000000000000 1aeac39a61f0a464 +0 7ca110454a1a6e57 01a1d6d039776742 690f5b0d9a26939b +0 0131d9619dc1376e 5cd54ca83def57da 7a389d10354bd271 +0 07a1133e4a0b2686 0248d43806f67172 868ebb51cab4599a +0 3849674c2602319e 51454b582ddf440a 7178876e01f19b2a +0 04b915ba43feb5b6 42fd443059577fa2 af37fb421f8c4095 +0 0113b970fd34f2ce 059b5e0851cf143a 86a560f10ec6d85b +0 0170f175468fb5e6 0756d8e0774761d2 0cd3da020021dc09 +0 43297fad38e373fe 762514b829bf486a ea676b2cb7db2b7a +0 07a7137045da2a16 3bdd119049372802 dfd64a815caf1a0f +0 04689104c2fd3b2f 26955f6835af609a 5c513c9c4886c088 +0 37d06bb516cb7546 164d5e404f275232 0a2aeeae3ff4ab77 +0 1f08260d1ac2465e 6b056e18759f5cca ef1bf03e5dfa575a +0 584023641aba6176 004bd6ef09176062 88bf0db6d70dee56 +0 025816164629b007 480d39006ee762f2 a1f9915541020b56 +0 49793ebc79b3258f 437540c8698f3cfa 6fbf1cafcffd0556 +0 4fb05e1515ab73a7 072d43a077075292 2f22e49bab7ca1ac +0 49e95d6d4ca229bf 02fe55778117f12a 5a6b612cc26cce4a +0 018310dc409b26d6 1d9d5c5018f728c2 5f4c038ed12b2e41 +0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793 +1 1c587f1c13924fef 305532286d6f295a 400d307ca24fee60 +57 1c587f1c13924fef 305532286d6f295a 28b568f40e7d43ae +1 8001010101010101 0000000000000000 f501029f268e45dc +0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793 diff --git a/secure/lib/libcipher/test/speedcrypt.c b/secure/lib/libcipher/test/speedcrypt.c new file mode 100644 index 0000000..f7507fd --- /dev/null +++ b/secure/lib/libcipher/test/speedcrypt.c @@ -0,0 +1,76 @@ +#include <sys/types.h> +#include <sys/time.h> +#include <sys/resource.h> +#include <signal.h> +#include <stdio.h> + +int keep_going, count, alternate, seconds; +struct rusage prior, now; + +void +finish() +{ + keep_going = 0; +} + + +main(int argc, char *argv[]) +{ + struct itimerval itv; + u_long msecs, key1[8], key2[8]; + char *k1, *k2; + + if (argc < 2 || sscanf(argv[1], "%d", &seconds) != 1) + seconds = 20; + + if (argc < 3 || sscanf(argv[2], "%d", &alternate) != 1) + alternate = 0; + + printf ("Running crypt%s for %d seconds of vtime...\n", + alternate ? " with alternate keys" : "", seconds); + + bzero(&itv, sizeof (itv)); + signal (SIGVTALRM, finish); + itv.it_value.tv_sec = seconds; + itv.it_value.tv_usec = 0; + setitimer(ITIMER_VIRTUAL, &itv, NULL); + + keep_going = 1; + if (getrusage(0, &prior) < 0) { + perror("getrusage"); + exit(1); + } + + k1 = (char *) key1; + k2 = (char *) key2; + strcpy(k1, "fredfredfredfredfred"); + strcpy(k2, "joejoejoejoejoejoejo"); + + if (alternate) + for (count = 0; keep_going; count++) + { +#if defined(LONGCRYPT) + crypt((count & 1) ? k1 : k2, "_ara.X..."); +#else + crypt((count & 1) ? k1 : k2, "eek"); +#endif + } + else + for (count = 0; keep_going; count++) + { +#if defined(LONGCRYPT) + crypt(k1, "_ara.X..."); +#else + crypt(k1, "eek"); +#endif + } + + if (getrusage(0, &now) < 0) { + perror("getrusage"); + exit(1); + } + msecs = (now.ru_utime.tv_sec - prior.ru_utime.tv_sec) * 1000 + + (now.ru_utime.tv_usec - prior.ru_utime.tv_usec) / 1000; + printf ("\tDid %d crypt()s per second.\n", 1000 * count / msecs); + exit(0); +} diff --git a/secure/lib/libcipher/test/speeddes.c b/secure/lib/libcipher/test/speeddes.c new file mode 100644 index 0000000..a582236 --- /dev/null +++ b/secure/lib/libcipher/test/speeddes.c @@ -0,0 +1,61 @@ +#include <sys/types.h> +#include <sys/time.h> +#include <sys/resource.h> +#include <signal.h> +#include <stdio.h> + +int keep_going, count, alternate, seconds, iters; +struct rusage prior, now; +u_long block[3]; +char *blk; + +void +finish() +{ + keep_going = 0; +} + + +main(int argc, char *argv[]) +{ + struct itimerval itv; + u_long msecs; + + if (argc < 2 || sscanf(argv[1], "%d", &seconds) != 1) + seconds = 20; + + if (argc < 3 || sscanf(argv[2], "%d", &iters) != 1) + iters = 1; + + printf ("Running des_cipher( , , 0L, %d) for %d seconds of vtime...\n", + iters, seconds); + + bzero(&itv, sizeof (itv)); + signal (SIGVTALRM, finish); + itv.it_value.tv_sec = seconds; + itv.it_value.tv_usec = 0; + setitimer(ITIMER_VIRTUAL, &itv, NULL); + + keep_going = 1; + if (getrusage(0, &prior) < 0) { + perror("getrusage"); + exit(1); + } + + blk = (char *) block; + (void)des_setkey(blk); + for (count = 0; keep_going; count++) + (void) des_cipher(blk, blk, 0, iters); + + if (getrusage(0, &now) < 0) { + perror("getrusage"); + exit(1); + } + + msecs = (now.ru_utime.tv_sec - prior.ru_utime.tv_sec) * 1000 + + (now.ru_utime.tv_usec - prior.ru_utime.tv_usec) / 1000; + printf ("Did %d encryptions per second, each of %d iteration(s).\n", + 1000 * count / msecs, iters); + printf ("\tTotal %d blocks per second.\n", (1000*iters*count)/msecs); + exit(0); +} diff --git a/secure/lib/libcrypt/Makefile b/secure/lib/libcrypt/Makefile new file mode 100644 index 0000000..b46df11 --- /dev/null +++ b/secure/lib/libcrypt/Makefile @@ -0,0 +1,73 @@ +# +# $FreeBSD$ +# + +SHLIB_MAJOR= 2 +LIB= descrypt + +LCRYPTBASE= libcrypt +LSCRYPTBASE= lib${LIB} + +LCRYPTSO= ${LCRYPTBASE}.so.${SHLIB_MAJOR} +LSCRYPTSO= ${LSCRYPTBASE}.so.${SHLIB_MAJOR} + +.if ${OBJFORMAT} == elf +SONAME= ${LCRYPTSO} +.endif + +.PATH: ${.CURDIR}/../../../lib/libmd ${.CURDIR}/../../../lib/libcrypt +SRCS= crypt.c crypt-md5.c misc.c +STATICSRCS= md5c.c +STATICOBJS= ${STATICSRCS:S/.c/.o/g} +SRCS+= crypt-des.c +MAN3= crypt.3 +MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3 +CFLAGS+= -I${.CURDIR}/../../../lib/libmd +CFLAGS+= -I${.CURDIR}/../../../lib/libcrypt +CFLAGS+= -DNONEXPORTABLE_CRYPT +CFLAGS+= -DLIBC_SCCS -Wall +PRECIOUSLIB= yes + +# Include this early to pick up the definitions of SHLIB_MAJOR and +# SHLIB_MINOR which are used in the existence tests. +.include "${.CURDIR}/../../../lib/Makefile.inc" + +# We only install the links if they do not already exist. +# This may have to be revised +.if !exists(${DESTDIR}${LIBDIR}/${LCRYPTBASE}.a) +SYMLINKS+= ${LSCRYPTBASE}.a ${LIBDIR}/${LCRYPTBASE}.a +.endif +.if !defined(NOPROFILE) && !exists(${DESTDIR}${LIBDIR}/${LCRYPTBASE}_p.a) +SYMLINKS+= ${LSCRYPTBASE}_p.a ${LIBDIR}/${LCRYPTBASE}_p.a +.endif +.if !defined(NOPIC) && !exists(${DESTDIR}${SHLIBDIR}/${LCRYPTSO}) +SYMLINKS+= ${LSCRYPTSO} ${SHLIBDIR}/${LCRYPTSO} +.endif +.if !defined(NOPIC) && ${OBJFORMAT} == elf && \ + !exists(${DESTDIR}${SHLIBDIR}/${LCRYPTBASE}.so) +SYMLINKS+= ${LSCRYPTBASE}.so ${SHLIBDIR}/${LCRYPTBASE}.so +.endif + +.include <bsd.lib.mk> + +afterinstall: +.if !defined(NODESCRYPTLINKS) +.if !defined(NOPIC) + @cd ${DESTDIR}${SHLIBDIR}; \ + rm -f ${LCRYPTSO}; \ + ln -sf ${LSCRYPTSO} ${LCRYPTSO}; +.endif +.if !defined(NOPIC) && ${OBJFORMAT} == elf + @cd ${DESTDIR}${SHLIBDIR}; \ + rm -f ${LCRYPTBASE}.so; \ + ln -sf ${LSCRYPTBASE}.so libcrypt.so +.endif + @cd ${DESTDIR}${LIBDIR}; \ + rm -f ${LCRYPTBASE}.a; \ + ln -sf ${LSCRYPTBASE}.a libcrypt.a +.if !defined(NOPROFILE) + @cd ${DESTDIR}${LIBDIR}; \ + rm -f ${LCRYPTBASE}_p.a; \ + ln -sf ${LSCRYPTBASE}_p.a libcrypt_p.a +.endif +.endif diff --git a/secure/lib/libcrypt/crypt-des.c b/secure/lib/libcrypt/crypt-des.c new file mode 100644 index 0000000..634a1ad --- /dev/null +++ b/secure/lib/libcrypt/crypt-des.c @@ -0,0 +1,695 @@ +/* + * FreeSec: libcrypt for NetBSD + * + * Copyright (c) 1994 David Burren + * All rights reserved. + * + * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet + * this file should now *only* export crypt(), in order to make + * binaries of libcrypt exportable from the USA + * + * Adapted for FreeBSD-4.0 by Mark R V Murray + * this file should now *only* export crypt_des(), in order to make + * a module that can be optionally included in libcrypt. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the author nor the names of other contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + * + * This is an original implementation of the DES and the crypt(3) interfaces + * by David Burren <davidb@werj.com.au>. + * + * An excellent reference on the underlying algorithm (and related + * algorithms) is: + * + * B. Schneier, Applied Cryptography: protocols, algorithms, + * and source code in C, John Wiley & Sons, 1994. + * + * Note that in that book's description of DES the lookups for the initial, + * pbox, and final permutations are inverted (this has been brought to the + * attention of the author). A list of errata for this book has been + * posted to the sci.crypt newsgroup by the author and is available for FTP. + * + * ARCHITECTURE ASSUMPTIONS: + * It is assumed that the 8-byte arrays passed by reference can be + * addressed as arrays of u_int32_t's (ie. the CPU is not picky about + * alignment). + */ +#include <sys/types.h> +#include <sys/param.h> +#include <pwd.h> +#include <string.h> +#include "crypt.h" + +/* We can't always assume gcc */ +#ifdef __GNUC__ +#define INLINE inline +#endif + + +static u_char IP[64] = { + 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 +}; + +static u_char inv_key_perm[64]; +static u_char u_key_perm[56]; +static u_char key_perm[56] = { + 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 +}; + +static u_char key_shifts[16] = { + 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 +}; + +static u_char inv_comp_perm[56]; +static u_char comp_perm[48] = { + 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 +}; + +/* + * No E box is used, as it's replaced by some ANDs, shifts, and ORs. + */ + +static u_char u_sbox[8][64]; +static u_char sbox[8][64] = { + { + 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, + 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, + 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, + 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 + }, + { + 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, + 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, + 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, + 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 + }, + { + 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, + 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, + 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, + 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 + }, + { + 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, + 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, + 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, + 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 + }, + { + 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, + 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, + 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, + 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 + }, + { + 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, + 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, + 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, + 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 + }, + { + 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, + 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, + 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, + 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 + }, + { + 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, + 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, + 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, + 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 + } +}; + +static u_char un_pbox[32]; +static u_char pbox[32] = { + 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, + 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 +}; + +static u_int32_t bits32[32] = +{ + 0x80000000, 0x40000000, 0x20000000, 0x10000000, + 0x08000000, 0x04000000, 0x02000000, 0x01000000, + 0x00800000, 0x00400000, 0x00200000, 0x00100000, + 0x00080000, 0x00040000, 0x00020000, 0x00010000, + 0x00008000, 0x00004000, 0x00002000, 0x00001000, + 0x00000800, 0x00000400, 0x00000200, 0x00000100, + 0x00000080, 0x00000040, 0x00000020, 0x00000010, + 0x00000008, 0x00000004, 0x00000002, 0x00000001 +}; + +static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; + +static u_int32_t saltbits; +static long old_salt; +static u_int32_t *bits28, *bits24; +static u_char init_perm[64], final_perm[64]; +static u_int32_t en_keysl[16], en_keysr[16]; +static u_int32_t de_keysl[16], de_keysr[16]; +static int des_initialised = 0; +static u_char m_sbox[4][4096]; +static u_int32_t psbox[4][256]; +static u_int32_t ip_maskl[8][256], ip_maskr[8][256]; +static u_int32_t fp_maskl[8][256], fp_maskr[8][256]; +static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; +static u_int32_t comp_maskl[8][128], comp_maskr[8][128]; +static u_int32_t old_rawkey0, old_rawkey1; + +static u_char ascii64[] = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +/* 0000000000111111111122222222223333333333444444444455555555556666 */ +/* 0123456789012345678901234567890123456789012345678901234567890123 */ + +static INLINE int +ascii_to_bin(char ch) +{ + if (ch > 'z') + return(0); + if (ch >= 'a') + return(ch - 'a' + 38); + if (ch > 'Z') + return(0); + if (ch >= 'A') + return(ch - 'A' + 12); + if (ch > '9') + return(0); + if (ch >= '.') + return(ch - '.'); + return(0); +} + +static void +des_init() +{ + int i, j, b, k, inbit, obit; + u_int32_t *p, *il, *ir, *fl, *fr; + + old_rawkey0 = old_rawkey1 = 0L; + saltbits = 0L; + old_salt = 0L; + bits24 = (bits28 = bits32 + 4) + 4; + + /* + * Invert the S-boxes, reordering the input bits. + */ + for (i = 0; i < 8; i++) + for (j = 0; j < 64; j++) { + b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); + u_sbox[i][j] = sbox[i][b]; + } + + /* + * Convert the inverted S-boxes into 4 arrays of 8 bits. + * Each will handle 12 bits of the S-box input. + */ + for (b = 0; b < 4; b++) + for (i = 0; i < 64; i++) + for (j = 0; j < 64; j++) + m_sbox[b][(i << 6) | j] = + (u_sbox[(b << 1)][i] << 4) | + u_sbox[(b << 1) + 1][j]; + + /* + * Set up the initial & final permutations into a useful form, and + * initialise the inverted key permutation. + */ + for (i = 0; i < 64; i++) { + init_perm[final_perm[i] = IP[i] - 1] = i; + inv_key_perm[i] = 255; + } + + /* + * Invert the key permutation and initialise the inverted key + * compression permutation. + */ + for (i = 0; i < 56; i++) { + u_key_perm[i] = key_perm[i] - 1; + inv_key_perm[key_perm[i] - 1] = i; + inv_comp_perm[i] = 255; + } + + /* + * Invert the key compression permutation. + */ + for (i = 0; i < 48; i++) { + inv_comp_perm[comp_perm[i] - 1] = i; + } + + /* + * Set up the OR-mask arrays for the initial and final permutations, + * and for the key initial and compression permutations. + */ + for (k = 0; k < 8; k++) { + for (i = 0; i < 256; i++) { + *(il = &ip_maskl[k][i]) = 0L; + *(ir = &ip_maskr[k][i]) = 0L; + *(fl = &fp_maskl[k][i]) = 0L; + *(fr = &fp_maskr[k][i]) = 0L; + for (j = 0; j < 8; j++) { + inbit = 8 * k + j; + if (i & bits8[j]) { + if ((obit = init_perm[inbit]) < 32) + *il |= bits32[obit]; + else + *ir |= bits32[obit-32]; + if ((obit = final_perm[inbit]) < 32) + *fl |= bits32[obit]; + else + *fr |= bits32[obit - 32]; + } + } + } + for (i = 0; i < 128; i++) { + *(il = &key_perm_maskl[k][i]) = 0L; + *(ir = &key_perm_maskr[k][i]) = 0L; + for (j = 0; j < 7; j++) { + inbit = 8 * k + j; + if (i & bits8[j + 1]) { + if ((obit = inv_key_perm[inbit]) == 255) + continue; + if (obit < 28) + *il |= bits28[obit]; + else + *ir |= bits28[obit - 28]; + } + } + *(il = &comp_maskl[k][i]) = 0L; + *(ir = &comp_maskr[k][i]) = 0L; + for (j = 0; j < 7; j++) { + inbit = 7 * k + j; + if (i & bits8[j + 1]) { + if ((obit=inv_comp_perm[inbit]) == 255) + continue; + if (obit < 24) + *il |= bits24[obit]; + else + *ir |= bits24[obit - 24]; + } + } + } + } + + /* + * Invert the P-box permutation, and convert into OR-masks for + * handling the output of the S-box arrays setup above. + */ + for (i = 0; i < 32; i++) + un_pbox[pbox[i] - 1] = i; + + for (b = 0; b < 4; b++) + for (i = 0; i < 256; i++) { + *(p = &psbox[b][i]) = 0L; + for (j = 0; j < 8; j++) { + if (i & bits8[j]) + *p |= bits32[un_pbox[8 * b + j]]; + } + } + + des_initialised = 1; +} + +static void +setup_salt(long salt) +{ + u_int32_t obit, saltbit; + int i; + + if (salt == old_salt) + return; + old_salt = salt; + + saltbits = 0L; + saltbit = 1; + obit = 0x800000; + for (i = 0; i < 24; i++) { + if (salt & saltbit) + saltbits |= obit; + saltbit <<= 1; + obit >>= 1; + } +} + +static int +des_setkey(const char *key) +{ + u_int32_t k0, k1, rawkey0, rawkey1; + int shifts, round; + + if (!des_initialised) + des_init(); + + rawkey0 = ntohl(*(u_int32_t *) key); + rawkey1 = ntohl(*(u_int32_t *) (key + 4)); + + if ((rawkey0 | rawkey1) + && rawkey0 == old_rawkey0 + && rawkey1 == old_rawkey1) { + /* + * Already setup for this key. + * This optimisation fails on a zero key (which is weak and + * has bad parity anyway) in order to simplify the starting + * conditions. + */ + return(0); + } + old_rawkey0 = rawkey0; + old_rawkey1 = rawkey1; + + /* + * Do key permutation and split into two 28-bit subkeys. + */ + k0 = key_perm_maskl[0][rawkey0 >> 25] + | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] + | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] + | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] + | key_perm_maskl[4][rawkey1 >> 25] + | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] + | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] + | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; + k1 = key_perm_maskr[0][rawkey0 >> 25] + | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] + | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] + | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] + | key_perm_maskr[4][rawkey1 >> 25] + | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] + | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] + | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; + /* + * Rotate subkeys and do compression permutation. + */ + shifts = 0; + for (round = 0; round < 16; round++) { + u_int32_t t0, t1; + + shifts += key_shifts[round]; + + t0 = (k0 << shifts) | (k0 >> (28 - shifts)); + t1 = (k1 << shifts) | (k1 >> (28 - shifts)); + + de_keysl[15 - round] = + en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] + | comp_maskl[1][(t0 >> 14) & 0x7f] + | comp_maskl[2][(t0 >> 7) & 0x7f] + | comp_maskl[3][t0 & 0x7f] + | comp_maskl[4][(t1 >> 21) & 0x7f] + | comp_maskl[5][(t1 >> 14) & 0x7f] + | comp_maskl[6][(t1 >> 7) & 0x7f] + | comp_maskl[7][t1 & 0x7f]; + + de_keysr[15 - round] = + en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] + | comp_maskr[1][(t0 >> 14) & 0x7f] + | comp_maskr[2][(t0 >> 7) & 0x7f] + | comp_maskr[3][t0 & 0x7f] + | comp_maskr[4][(t1 >> 21) & 0x7f] + | comp_maskr[5][(t1 >> 14) & 0x7f] + | comp_maskr[6][(t1 >> 7) & 0x7f] + | comp_maskr[7][t1 & 0x7f]; + } + return(0); +} + +static int +do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count) +{ + /* + * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. + */ + u_int32_t l, r, *kl, *kr, *kl1, *kr1; + u_int32_t f, r48l, r48r; + int round; + + if (count == 0) { + return(1); + } else if (count > 0) { + /* + * Encrypting + */ + kl1 = en_keysl; + kr1 = en_keysr; + } else { + /* + * Decrypting + */ + count = -count; + kl1 = de_keysl; + kr1 = de_keysr; + } + + /* + * Do initial permutation (IP). + */ + l = ip_maskl[0][l_in >> 24] + | ip_maskl[1][(l_in >> 16) & 0xff] + | ip_maskl[2][(l_in >> 8) & 0xff] + | ip_maskl[3][l_in & 0xff] + | ip_maskl[4][r_in >> 24] + | ip_maskl[5][(r_in >> 16) & 0xff] + | ip_maskl[6][(r_in >> 8) & 0xff] + | ip_maskl[7][r_in & 0xff]; + r = ip_maskr[0][l_in >> 24] + | ip_maskr[1][(l_in >> 16) & 0xff] + | ip_maskr[2][(l_in >> 8) & 0xff] + | ip_maskr[3][l_in & 0xff] + | ip_maskr[4][r_in >> 24] + | ip_maskr[5][(r_in >> 16) & 0xff] + | ip_maskr[6][(r_in >> 8) & 0xff] + | ip_maskr[7][r_in & 0xff]; + + while (count--) { + /* + * Do each round. + */ + kl = kl1; + kr = kr1; + round = 16; + while (round--) { + /* + * Expand R to 48 bits (simulate the E-box). + */ + r48l = ((r & 0x00000001) << 23) + | ((r & 0xf8000000) >> 9) + | ((r & 0x1f800000) >> 11) + | ((r & 0x01f80000) >> 13) + | ((r & 0x001f8000) >> 15); + + r48r = ((r & 0x0001f800) << 7) + | ((r & 0x00001f80) << 5) + | ((r & 0x000001f8) << 3) + | ((r & 0x0000001f) << 1) + | ((r & 0x80000000) >> 31); + /* + * Do salting for crypt() and friends, and + * XOR with the permuted key. + */ + f = (r48l ^ r48r) & saltbits; + r48l ^= f ^ *kl++; + r48r ^= f ^ *kr++; + /* + * Do sbox lookups (which shrink it back to 32 bits) + * and do the pbox permutation at the same time. + */ + f = psbox[0][m_sbox[0][r48l >> 12]] + | psbox[1][m_sbox[1][r48l & 0xfff]] + | psbox[2][m_sbox[2][r48r >> 12]] + | psbox[3][m_sbox[3][r48r & 0xfff]]; + /* + * Now that we've permuted things, complete f(). + */ + f ^= l; + l = r; + r = f; + } + r = l; + l = f; + } + /* + * Do final permutation (inverse of IP). + */ + *l_out = fp_maskl[0][l >> 24] + | fp_maskl[1][(l >> 16) & 0xff] + | fp_maskl[2][(l >> 8) & 0xff] + | fp_maskl[3][l & 0xff] + | fp_maskl[4][r >> 24] + | fp_maskl[5][(r >> 16) & 0xff] + | fp_maskl[6][(r >> 8) & 0xff] + | fp_maskl[7][r & 0xff]; + *r_out = fp_maskr[0][l >> 24] + | fp_maskr[1][(l >> 16) & 0xff] + | fp_maskr[2][(l >> 8) & 0xff] + | fp_maskr[3][l & 0xff] + | fp_maskr[4][r >> 24] + | fp_maskr[5][(r >> 16) & 0xff] + | fp_maskr[6][(r >> 8) & 0xff] + | fp_maskr[7][r & 0xff]; + return(0); +} + +static int +des_cipher(const char *in, char *out, long salt, int count) +{ + u_int32_t l_out, r_out, rawl, rawr; + int retval; + + if (!des_initialised) + des_init(); + + setup_salt(salt); + + rawl = ntohl(*((u_int32_t *) in)++); + rawr = ntohl(*((u_int32_t *) in)); + + retval = do_des(rawl, rawr, &l_out, &r_out, count); + + *((u_int32_t *) out)++ = htonl(l_out); + *((u_int32_t *) out) = htonl(r_out); + return(retval); +} + +char * +crypt_des(const char *key, const char *setting) +{ + int i; + u_int32_t count, salt, l, r0, r1, keybuf[2]; + u_char *p, *q; + static u_char output[21]; + + if (!des_initialised) + des_init(); + + + /* + * Copy the key, shifting each character up by one bit + * and padding with zeros. + */ + q = (u_char *) keybuf; + while (q - (u_char *) keybuf - 8) { + if ((*q++ = *key << 1)) + key++; + } + if (des_setkey((u_char *) keybuf)) + return(NULL); + + if (*setting == _PASSWORD_EFMT1) { + /* + * "new"-style: + * setting - underscore, 4 bytes of count, 4 bytes of salt + * key - unlimited characters + */ + for (i = 1, count = 0L; i < 5; i++) + count |= ascii_to_bin(setting[i]) << (i - 1) * 6; + + for (i = 5, salt = 0L; i < 9; i++) + salt |= ascii_to_bin(setting[i]) << (i - 5) * 6; + + while (*key) { + /* + * Encrypt the key with itself. + */ + if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0L, 1)) + return(NULL); + /* + * And XOR with the next 8 characters of the key. + */ + q = (u_char *) keybuf; + while (q - (u_char *) keybuf - 8 && *key) + *q++ ^= *key++ << 1; + + if (des_setkey((u_char *) keybuf)) + return(NULL); + } + strncpy(output, setting, 9); + + /* + * Double check that we weren't given a short setting. + * If we were, the above code will probably have created + * wierd values for count and salt, but we don't really care. + * Just make sure the output string doesn't have an extra + * NUL in it. + */ + output[9] = '\0'; + p = output + strlen(output); + } else { + /* + * "old"-style: + * setting - 2 bytes of salt + * key - up to 8 characters + */ + count = 25; + + salt = (ascii_to_bin(setting[1]) << 6) + | ascii_to_bin(setting[0]); + + output[0] = setting[0]; + /* + * If the encrypted password that the salt was extracted from + * is only 1 character long, the salt will be corrupted. We + * need to ensure that the output string doesn't have an extra + * NUL in it! + */ + output[1] = setting[1] ? setting[1] : output[0]; + + p = output + 2; + } + setup_salt(salt); + /* + * Do it. + */ + if (do_des(0L, 0L, &r0, &r1, count)) + return(NULL); + /* + * Now encode the result... + */ + l = (r0 >> 8); + *p++ = ascii64[(l >> 18) & 0x3f]; + *p++ = ascii64[(l >> 12) & 0x3f]; + *p++ = ascii64[(l >> 6) & 0x3f]; + *p++ = ascii64[l & 0x3f]; + + l = (r0 << 16) | ((r1 >> 16) & 0xffff); + *p++ = ascii64[(l >> 18) & 0x3f]; + *p++ = ascii64[(l >> 12) & 0x3f]; + *p++ = ascii64[(l >> 6) & 0x3f]; + *p++ = ascii64[l & 0x3f]; + + l = r1 << 2; + *p++ = ascii64[(l >> 12) & 0x3f]; + *p++ = ascii64[(l >> 6) & 0x3f]; + *p++ = ascii64[l & 0x3f]; + *p = 0; + + return(output); +} diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile new file mode 100644 index 0000000..03098a3 --- /dev/null +++ b/secure/lib/libcrypto/Makefile @@ -0,0 +1,280 @@ +# $FreeBSD$ + +.include "Makefile.inc" + +.PATH: ${LCRYPTO_SRC} ${LCRYPTO_SRC}/asn1 ${LCRYPTO_SRC}/bf \ + ${LCRYPTO_SRC}/bio ${LCRYPTO_SRC}/bn ${LCRYPTO_SRC}/buffer \ + ${LCRYPTO_SRC}/cast ${LCRYPTO_SRC}/comp ${LCRYPTO_SRC}/conf \ + ${LCRYPTO_SRC}/des ${LCRYPTO_SRC}/dh ${LCRYPTO_SRC}/dsa \ + ${LCRYPTO_SRC}/err ${LCRYPTO_SRC}/evp ${LCRYPTO_SRC}/hmac \ + ${LCRYPTO_SRC}/lhash ${LCRYPTO_SRC}/md2 ${LCRYPTO_SRC}/md5 \ + ${LCRYPTO_SRC}/mdc2 ${LCRYPTO_SRC}/objects ${LCRYPTO_SRC}/pem \ + ${LCRYPTO_SRC}/pkcs7 ${LCRYPTO_SRC}/pkcs12 ${LCRYPTO_SRC}/rand \ + ${LCRYPTO_SRC}/rc2 ${LCRYPTO_SRC}/rc4 ${LCRYPTO_SRC}/rc5 \ + ${LCRYPTO_SRC}/ripemd ${LCRYPTO_SRC}/rsa ${LCRYPTO_SRC}/../rsaref \ + ${LCRYPTO_SRC}/sha ${LCRYPTO_SRC}/stack ${LCRYPTO_SRC}/txt_db \ + ${LCRYPTO_SRC}/x509 ${LCRYPTO_SRC}/x509v3 + +.if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES +.PATH: ${LCRYPTO_SRC}/idea +.endif + +LIB= crypto +SHLIB_MAJOR= 1 + +MAINTAINER= kris + +# base sources +SRCS+= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_dbg.c \ + tmdiff.c + +# asn1 +SRCS+= a_bitstr.c a_bmp.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c \ + a_dup.c a_enum.c a_gentm.c a_hdr.c a_i2d_fp.c a_int.c a_mbstr.c \ + a_meth.c a_null.c a_object.c a_octet.c a_print.c a_set.c a_sign.c \ + a_strnid.c a_time.c a_type.c a_utctm.c a_utf8.c a_verify.c a_vis.c \ + asn1_err.c asn1_lib.c asn1_par.c asn_pack.c d2i_dhp.c d2i_dsap.c \ + d2i_pr.c d2i_pu.c d2i_r_pr.c d2i_r_pu.c d2i_s_pr.c d2i_s_pu.c \ + evp_asn1.c f_enum.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c i2d_pr.c \ + i2d_pu.c i2d_r_pr.c i2d_r_pu.c i2d_s_pr.c i2d_s_pu.c n_pkey.c nsseq.c \ + p5_pbe.c p5_pbev2.c p7_dgst.c p7_enc.c p7_enc_c.c p7_evp.c p7_i_s.c \ + p7_lib.c p7_recip.c p7_s_e.c p7_signd.c p7_signi.c p8_pkey.c \ + t_bitst.c t_crl.c t_pkey.c t_req.c t_spki.c t_x509.c t_x509a.c \ + x_algor.c x_attrib.c x_cinf.c x_crl.c x_exten.c x_info.c x_name.c \ + x_pkey.c x_pubkey.c x_req.c x_sig.c x_spki.c x_val.c x_x509.c \ + x_x509a.c \ + +# blowfish +SRCS+= bf_cfb64.c bf_ecb.c bf_enc.c bf_ofb64.c bf_skey.c + +# bio +SRCS+= b_dump.c b_print.c b_sock.c bf_buff.c bf_nbio.c bf_null.c \ + bio_cb.c bio_err.c bio_lib.c bss_acpt.c bss_bio.c bss_conn.c \ + bss_fd.c bss_file.c bss_log.c bss_mem.c bss_null.c bss_sock.c + +# bn +SRCS+= bn_add.c bn_asm.c bn_blind.c bn_ctx.c bn_div.c bn_err.c bn_exp.c \ + bn_exp2.c bn_gcd.c bn_lib.c bn_mont.c bn_mpi.c bn_mul.c bn_prime.c \ + bn_print.c bn_rand.c bn_recp.c bn_shift.c bn_sqr.c bn_word.c + +# buffer +SRCS+= buf_err.c buffer.c + +# cast +SRCS+= c_cfb64.c c_ecb.c c_enc.c c_ofb64.c c_skey.c + +# comp +SRCS+= c_rle.c c_zlib.c comp_lib.c + +# conf +SRCS+= conf.c conf_err.c + +# des +SRCS+= cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c des_enc.c \ + ecb3_enc.c ecb_enc.c ede_cbcm_enc.c enc_read.c enc_writ.c fcrypt.c \ + fcrypt_b.c ofb64ede.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c \ + rand_key.c read2pwd.c read_pwd.c rnd_keys.c rpc_enc.c set_key.c \ + str2key.c supp.c xcbc_enc.c + +# dh +SRCS+= dh_check.c dh_err.c dh_gen.c dh_key.c dh_lib.c + +# dsa +SRCS+= dsa_asn1.c dsa_err.c dsa_gen.c dsa_key.c dsa_lib.c dsa_ossl.c \ + dsa_sign.c dsa_vrf.c + +# err +SRCS+= err.c err_all.c err_prn.c + +# evp +SRCS+= bio_b64.c bio_enc.c bio_md.c bio_ok.c c_all.c c_allc.c c_alld.c \ + digest.c e_cbc_3d.c e_cbc_bf.c e_cbc_c.c e_cbc_d.c e_cbc_i.c \ + e_cbc_r2.c e_cbc_r5.c e_cfb_3d.c e_cfb_bf.c e_cfb_c.c e_cfb_d.c \ + e_cfb_i.c e_cfb_r2.c e_cfb_r5.c e_ecb_3d.c e_ecb_bf.c e_ecb_c.c \ + e_ecb_d.c e_ecb_i.c e_ecb_r2.c e_ecb_r5.c e_null.c e_ofb_3d.c \ + e_ofb_bf.c e_ofb_c.c e_ofb_d.c e_ofb_i.c e_ofb_r2.c e_ofb_r5.c \ + e_rc4.c e_xcbc_d.c encode.c evp_enc.c evp_err.c evp_key.c \ + evp_lib.c evp_pbe.c evp_pkey.c m_dss.c m_dss1.c m_md2.c m_md5.c \ + m_mdc2.c m_null.c m_ripemd.c m_sha.c m_sha1.c names.c p5_crpt.c \ + p5_crpt2.c p_dec.c p_enc.c p_lib.c p_open.c p_seal.c p_sign.c \ + p_verify.c + +# hmac +SRCS+= hmac.c + +# idea +.if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES +SRCS+= i_ecb.c i_cbc.c i_cfb64.c i_ofb64.c i_skey.c +.endif + +# lhash +SRCS+= lh_stats.c lhash.c + +# md2 +SRCS+= md2_dgst.c md2_one.c + +# md5 +SRCS+= md5_dgst.c md5_one.c + +# mdc2 +SRCS+= mdc2dgst.c mdc2_one.c + +# objects +SRCS+= o_names.c obj_dat.c obj_err.c obj_lib.c + +# pem +SRCS+= pem_all.c pem_err.c pem_info.c pem_lib.c pem_seal.c pem_sign.c + +# pkcs7 +SRCS+= pk7_attr.c pk7_doit.c pk7_lib.c pk7_mime.c pk7_smime.c pkcs7err.c + +# pkcs12 +SRCS+= p12_add.c p12_attr.c p12_bags.c p12_crpt.c p12_crt.c p12_decr.c \ + p12_init.c p12_key.c p12_kiss.c p12_lib.c p12_mac.c p12_mutl.c \ + p12_npas.c p12_sbag.c p12_utl.c pk12err.c + +# rand +SRCS+= md_rand.c rand_egd.c rand_err.c rand_lib.c randfile.c + +# rc2 +SRCS+= rc2_cbc.c rc2cfb64.c rc2_ecb.c rc2ofb64.c rc2_skey.c + +# rc4 +SRCS+= rc4_enc.c rc4_skey.c + +# rc5 +SRCS+= rc5cfb64.c rc5_ecb.c rc5_enc.c rc5ofb64.c rc5_skey.c + +# ripemd +SRCS+= rmd_dgst.c rmd_one.c + +# rsa +.if defined(WITH_RSA) && ${WITH_RSA} == YES +SRCS+= rsa_chk.c rsa_eay.c rsa_err.c rsa_gen.c rsa_lib.c rsa_none.c \ + rsa_null.c rsa_oaep.c rsa_pk1.c rsa_saos.c rsa_sign.c rsa_ssl.c +.endif + +# sha +SRCS+= sha_dgst.c sha_one.c sha1_one.c sha1dgst.c + +# stack +SRCS+= stack.c + +# txt_db +SRCS+= txt_db.c + +# x509 +SRCS+= by_dir.c by_file.c x509_att.c x509_cmp.c x509_d2.c x509_def.c \ + x509_err.c x509_ext.c x509_lu.c x509_obj.c x509_r2x.c x509_req.c \ + x509_set.c x509_trs.c x509_txt.c x509_v3.c x509_vfy.c x509name.c \ + x509rset.c x509spki.c x509type.c x_all.c + +# x509v3 +SRCS+= v3_akey.c v3_alt.c v3_bcons.c v3_bitst.c v3_conf.c v3_cpols.c \ + v3_crld.c v3_enum.c v3_extku.c v3_genn.c v3_ia5.c v3_info.c v3_int.c \ + v3_lib.c v3_pku.c v3_prn.c v3_purp.c v3_skey.c v3_sxnet.c v3_utl.c \ + v3err.c + +POD1+= apps/CA.pl.pod apps/asn1parse.pod apps/ca.pod apps/ciphers.pod \ + apps/config.pod apps/crl.pod apps/crl2pkcs7.pod apps/dgst.pod \ + apps/dhparam.pod apps/dsa.pod apps/dsaparam.pod apps/enc.pod \ + apps/gendsa.pod apps/genrsa.pod apps/nseq.pod apps/openssl.pod \ + apps/passwd.pod apps/pkcs12.pod apps/pkcs7.pod apps/pkcs8.pod \ + apps/req.pod apps/rsa.pod apps/s_client.pod apps/s_server.pod \ + apps/sess_id.pod apps/smime.pod apps/speed.pod apps/spkac.pod \ + apps/verify.pod apps/version.pod apps/x509.pod + +POD3+= crypto/BN_CTX_new.pod crypto/BN_CTX_start.pod crypto/BN_add.pod \ + crypto/BN_add_word.pod crypto/BN_bn2bin.pod crypto/BN_cmp.pod \ + crypto/BN_copy.pod crypto/BN_generate_prime.pod \ + crypto/BN_mod_inverse.pod crypto/BN_mod_mul_montgomery.pod \ + crypto/BN_mod_mul_reciprocal.pod crypto/BN_new.pod \ + crypto/BN_num_bytes.pod crypto/BN_rand.pod crypto/BN_set_bit.pod \ + crypto/BN_zero.pod crypto/CRYPTO_set_ex_data.pod \ + crypto/DH_generate_key.pod crypto/DH_generate_parameters.pod \ + crypto/DH_get_ex_new_index.pod crypto/DH_new.pod \ + crypto/DH_set_method.pod crypto/DH_size.pod crypto/DSA_SIG_new.pod \ + crypto/DSA_do_sign.pod crypto/DSA_dup_DH.pod \ + crypto/DSA_generate_key.pod crypto/DSA_generate_parameters.pod \ + crypto/DSA_get_ex_new_index.pod crypto/DSA_new.pod \ + crypto/DSA_set_method.pod crypto/DSA_sign.pod crypto/DSA_size.pod \ + crypto/ERR_GET_LIB.pod crypto/ERR_clear_error.pod \ + crypto/ERR_error_string.pod crypto/ERR_get_error.pod \ + crypto/ERR_load_crypto_strings.pod crypto/ERR_load_strings.pod \ + crypto/ERR_print_errors.pod crypto/ERR_put_error.pod \ + crypto/ERR_remove_state.pod crypto/EVP_DigestInit.pod \ + crypto/EVP_EncryptInit.pod crypto/OPENSSL_VERSION_NUMBER.pod \ + crypto/OpenSSL_add_all_algorithms.pod crypto/RAND_add.pod \ + crypto/RAND_bytes.pod crypto/RAND_cleanup.pod crypto/RAND_egd.pod \ + crypto/RAND_load_file.pod crypto/RAND_set_rand_method.pod \ + crypto/RSA_blinding_on.pod crypto/RSA_check_key.pod \ + crypto/RSA_generate_key.pod crypto/RSA_get_ex_new_index.pod \ + crypto/RSA_new.pod crypto/RSA_padding_add_PKCS1_type_1.pod \ + crypto/RSA_print.pod crypto/RSA_private_encrypt.pod \ + crypto/RSA_public_encrypt.pod crypto/RSA_set_method.pod \ + crypto/RSA_sign.pod crypto/RSA_sign_ASN1_OCTET_STRING.pod \ + crypto/RSA_size.pod crypto/blowfish.pod crypto/bn.pod \ + crypto/bn_internal.pod crypto/buffer.pod crypto/crypto.pod \ + crypto/d2i_DHparams.pod crypto/d2i_RSAPublicKey.pod \ + crypto/des_modes.pod crypto/dh.pod crypto/dsa.pod crypto/err.pod \ + crypto/hmac.pod crypto/lh_stats.pod crypto/lhash.pod crypto/md5.pod \ + crypto/mdc2.pod crypto/rand.pod crypto/rc4.pod crypto/ripemd.pod \ + crypto/rsa.pod crypto/sha.pod crypto/threads.pod + +POD3+= ssl/SSL_get_error.pod ssl/ssl.pod + +#.for section in 1 3 +#.for pod in ${POD${section}} +#.for target in ${pod:T:S/.pod/.${section}/g} +#MAN${section}+= ${target} +#CLEANFILES+= ${target} +#all-man: ${target} +#${target}: ${LCRYPTO_SRC}/../doc/${pod} +# pod2man ${LCRYPTO_SRC}/../doc/${pod} > ${target} +#.endfor +#.endfor +#.endfor + +MAN3= des_crypt.3 + +MLINKS= des_crypt.3 des_read_password.3 \ + des_crypt.3 des_read_2password.3 des_crypt.3 des_string_to_key.3 \ + des_crypt.3 des_string_to_2key.3 des_crypt.3 des_read_pw_string.3 \ + des_crypt.3 des_random_key.3 des_crypt.3 des_set_key.3 \ + des_crypt.3 des_key_sched.3 des_crypt.3 des_ecb_encrypt.3 \ + des_crypt.3 des_3ecb_encrypt.3 des_crypt.3 des_cbc_encrypt.3 \ + des_crypt.3 des_3cbc_encrypt.3 des_crypt.3 des_pcbc_encrypt.3 \ + des_crypt.3 des_cfb_encrypt.3 des_crypt.3 des_ofb_encrypt.3 \ + des_crypt.3 des_cbc_cksum.3 des_crypt.3 des_quad_cksum.3 \ + des_crypt.3 des_enc_read.3 des_crypt.3 des_enc_write.3 \ + des_crypt.3 des_set_odd_parity.3 des_crypt.3 des_is_weak_key.3 + +beforeinstall: openssl/opensslconf.h openssl/evp.h + ${INSTALL} ${COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \ + ${CRYPTO_HDRS} openssl/evp.h openssl/opensslconf.h \ + ${DESTDIR}/usr/include/openssl + +.include <bsd.lib.mk> + +afterinstall: +.if !defined(NOPIC) + @cd ${DESTDIR}${SHLIBDIR}; \ + rm -f libdes.so.3; \ + ln -sf lib${LIB}.so.${SHLIB_MAJOR} libdes.so.3; +.endif +.if !defined(NOPIC) && ${OBJFORMAT} == elf + @cd ${DESTDIR}${SHLIBDIR}; \ + rm -f libdes.so; \ + ln -sf lib${LIB}.so libdes.so +.endif + @cd ${DESTDIR}${LIBDIR}; \ + rm -f libdes.a; \ + ln -sf lib${LIB}.a libdes.a + @cd ${DESTDIR}${INCDIR}; \ + rm -f des.h; \ + ln -sf openssl/des.h +.if !defined(NOPROFILE) + @cd ${DESTDIR}${LIBDIR}; \ + rm -f libdes_p.a; \ + ln -sf lib${LIB}_p.a libdes_p.a +.endif diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc new file mode 100644 index 0000000..df8adee --- /dev/null +++ b/secure/lib/libcrypto/Makefile.inc @@ -0,0 +1,64 @@ +# $FreeBSD$ + +LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl/crypto +CFLAGS+= -DTERMIOS -DANSI_SOURCE -I${LCRYPTO_SRC} -I${.OBJDIR} +.if !defined(MAKE_IDEA) || ${MAKE_IDEA} != YES +CFLAGS+= -DNO_IDEA +.endif + +.if ${MACHINE_ARCH} == "i386" +CFLAGS+= -DL_ENDIAN +# -DBN_ASM -DSHA1_ASM -DMD5_ASM -DRMD160_ASM - XXX notyet +.elif ${MACHINE_ARCH} == "alpha" +# no ENDIAN stuff defined for alpha (64-bit) +.endif + +WITH_RSA?= YES + +HDRS= asn1/asn1.h asn1/asn1_mac.h bio/bio.h bf/blowfish.h bn/bn.h \ + buffer/buffer.h cast/cast.h comp/comp.h conf/conf.h crypto.h \ + des/des.h dh/dh.h dsa/dsa.h ../e_os.h ../e_os2.h ebcdic.h \ + err/err.h hmac/hmac.h lhash/lhash.h md2/md2.h \ + md5/md5.h mdc2/mdc2.h objects/objects.h opensslv.h pem/pem.h \ + pem/pem2.h pkcs12/pkcs12.h pkcs7/pkcs7.h rand/rand.h rc2/rc2.h \ + rc4/rc4.h rc5/rc5.h ripemd/ripemd.h rsa/rsa.h stack/safestack.h \ + sha/sha.h stack/stack.h tmdiff.h txt_db/txt_db.h x509/x509.h \ + x509/x509_vfy.h x509v3/x509v3.h + +.if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES +HDRS+= idea/idea.h +.endif + +.for h in ${HDRS} +CRYPTO_HDRS+= ${LCRYPTO_SRC}/${h} +.endfor + +SRCS+= buildinf.h openssl/opensslconf.h openssl/evp.h +CLEANFILES+= buildinf.h openssl/opensslconf.h openssl/evp.h +CLEANDIRS+= openssl + +buildinf.h: + ( echo "#ifndef MK1MF_BUILD"; \ + echo " /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \ + echo " #define CFLAGS \"$(CC)\""; \ + echo " #define PLATFORM \"`uname -s`-`uname -m`\""; \ + echo " #define DATE \"`LC_TIME=C date`\""; \ + echo "#endif" ) > ${.TARGET} + +# XXX: The openssl/ dependencies are not correct, in that a change in +# any of ${CRYPTO_HDRS} ${EXTRA_HDRS} will no repopulate openssl/. +# This deficiency will be fixed in a later commit. + +.ORDER: openssl/opensslconf.h openssl/evp.h + +openssl/opensslconf.h: ../libcrypto/opensslconf-${MACHINE_ARCH}.h + mkdir -p openssl + cp ${.OODATE} ${.TARGET} + ${INSTALL} ${COPY} -m 444 ${CRYPTO_HDRS} ${EXTRA_HDRS} openssl + +openssl/evp.h: ${LCRYPTO_SRC}/evp/evp.h +.if !defined(MAKE_IDEA) || ${MAKE_IDEA} != YES + sed '/^#ifndef NO_IDEA$$/,/^#endif$$/d' ${.OODATE} > ${.TARGET} +.else + ${INSTALL} ${COPY} -m 444 ${.OODATE} ${.TARGET} +.endif diff --git a/secure/lib/libcrypto/des_crypt.3 b/secure/lib/libcrypto/des_crypt.3 new file mode 100644 index 0000000..0ecc416 --- /dev/null +++ b/secure/lib/libcrypto/des_crypt.3 @@ -0,0 +1,508 @@ +.TH DES_CRYPT 3 +.SH NAME +des_read_password, des_read_2password, +des_string_to_key, des_string_to_2key, des_read_pw_string, +des_random_key, des_set_key, +des_key_sched, des_ecb_encrypt, des_ecb3_encrypt, des_cbc_encrypt, +des_3cbc_encrypt, +des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt, +des_cbc_cksum, des_quad_cksum, +des_enc_read, des_enc_write, des_set_odd_parity, +des_is_weak_key, crypt \- (non USA) DES encryption +.SH SYNOPSIS +.nf +.nj +.ft B +#include <des.h> +.PP +.B int des_read_password(key,prompt,verify) +des_cblock *key; +char *prompt; +int verify; +.PP +.B int des_read_2password(key1,key2,prompt,verify) +des_cblock *key1,*key2; +char *prompt; +int verify; +.PP +.B int des_string_to_key(str,key) +char *str; +des_cblock *key; +.PP +.B int des_string_to_2keys(str,key1,key2) +char *str; +des_cblock *key1,*key2; +.PP +.B int des_read_pw_string(buf,length,prompt,verify) +char *buf; +int length; +char *prompt; +int verify; +.PP +.B int des_random_key(key) +des_cblock *key; +.PP +.B int des_set_key(key,schedule) +des_cblock *key; +des_key_schedule schedule; +.PP +.B int des_key_sched(key,schedule) +des_cblock *key; +des_key_schedule schedule; +.PP +.B int des_ecb_encrypt(input,output,schedule,encrypt) +des_cblock *input; +des_cblock *output; +des_key_schedule schedule; +int encrypt; +.PP +.B int des_ecb3_encrypt(input,output,ks1,ks2,encrypt) +des_cblock *input; +des_cblock *output; +des_key_schedule ks1,ks2; +int encrypt; +.PP +.B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt) +des_cblock *input; +des_cblock *output; +long length; +des_key_schedule schedule; +des_cblock *ivec; +int encrypt; +.PP +.B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt) +des_cblock *input; +des_cblock *output; +long length; +des_key_schedule sk1; +des_key_schedule sk2; +des_cblock *ivec1; +des_cblock *ivec2; +int encrypt; +.PP +.B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt) +des_cblock *input; +des_cblock *output; +long length; +des_key_schedule schedule; +des_cblock *ivec; +int encrypt; +.PP +.B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt) +unsigned char *input; +unsigned char *output; +int numbits; +long length; +des_key_schedule schedule; +des_cblock *ivec; +int encrypt; +.PP +.B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec) +unsigned char *input,*output; +int numbits; +long length; +des_key_schedule schedule; +des_cblock *ivec; +.PP +.B unsigned long des_cbc_cksum(input,output,length,schedule,ivec) +des_cblock *input; +des_cblock *output; +long length; +des_key_schedule schedule; +des_cblock *ivec; +.PP +.B unsigned long des_quad_cksum(input,output,length,out_count,seed) +des_cblock *input; +des_cblock *output; +long length; +int out_count; +des_cblock *seed; +.PP +.B int des_check_key; +.PP +.B int des_enc_read(fd,buf,len,sched,iv) +int fd; +char *buf; +int len; +des_key_schedule sched; +des_cblock *iv; +.PP +.B int des_enc_write(fd,buf,len,sched,iv) +int fd; +char *buf; +int len; +des_key_schedule sched; +des_cblock *iv; +.PP +.B extern int des_rw_mode; +.PP +.B void des_set_odd_parity(key) +des_cblock *key; +.PP +.B int des_is_weak_key(key) +des_cblock *key; +.PP +.B char *crypt(passwd,salt) +char *passwd; +char *salt; +.PP +.fi +.SH DESCRIPTION +This library contains a fast implementation of the DES encryption +algorithm. +.PP +There are two phases to the use of DES encryption. +The first is the generation of a +.I des_key_schedule +from a key, +the second is the actual encryption. +A des key is of type +.I des_cblock. +This type is made from 8 characters with odd parity. +The least significant bit in the character is the parity bit. +The key schedule is an expanded form of the key; it is used to speed the +encryption process. +.PP +.I des_read_password +writes the string specified by prompt to the standard output, +turns off echo and reads an input string from standard input +until terminated with a newline. +If verify is non-zero, it prompts and reads the input again and verifies +that both entered passwords are the same. +The entered string is converted into a des key by using the +.I des_string_to_key +routine. +The new key is placed in the +.I des_cblock +that was passed (by reference) to the routine. +If there were no errors, +.I des_read_password +returns 0, +-1 is returned if there was a terminal error and 1 is returned for +any other error. +.PP +.I des_read_2password +operates in the same way as +.I des_read_password +except that it generates 2 keys by using the +.I des_string_to_2key +function. +.PP +.I des_read_pw_string +is called by +.I des_read_password +to read and verify a string from a terminal device. +The string is returned in +.I buf. +The size of +.I buf +is passed to the routine via the +.I length +parameter. +.PP +.I des_string_to_key +converts a string into a valid des key. +.PP +.I des_string_to_2key +converts a string into 2 valid des keys. +This routine is best suited for used to generate keys for use with +.I des_ecb3_encrypt. +.PP +.I des_random_key +returns a random key that is made of a combination of process id, +time and an increasing counter. +.PP +Before a des key can be used it is converted into a +.I des_key_schedule +via the +.I des_set_key +routine. +If the +.I des_check_key +flag is non-zero, +.I des_set_key +will check that the key passed is of odd parity and is not a week or +semi-weak key. +If the parity is wrong, +then -1 is returned. +If the key is a weak key, +then -2 is returned. +If an error is returned, +the key schedule is not generated. +.PP +.I des_key_sched +is another name for the +.I des_set_key +function. +.PP +The following routines mostly operate on an input and output stream of +.I des_cblock's. +.PP +.I des_ecb_encrypt +is the basic DES encryption routine that encrypts or decrypts a single 8-byte +.I des_cblock +in +.I electronic code book +mode. +It always transforms the input data, pointed to by +.I input, +into the output data, +pointed to by the +.I output +argument. +If the +.I encrypt +argument is non-zero (DES_ENCRYPT), +the +.I input +(cleartext) is encrypted in to the +.I output +(ciphertext) using the key_schedule specified by the +.I schedule +argument, +previously set via +.I des_set_key. +If +.I encrypt +is zero (DES_DECRYPT), +the +.I input +(now ciphertext) +is decrypted into the +.I output +(now cleartext). +Input and output may overlap. +No meaningful value is returned. +.PP +.I des_ecb3_encrypt +encrypts/decrypts the +.I input +block by using triple ecb DES encryption. +This involves encrypting the input with +.I ks1, +decryption with the key schedule +.I ks2, +and then encryption with the first again. +This routine greatly reduces the chances of brute force breaking of +DES and has the advantage of if +.I ks1 +and +.I ks2 +are the same, it is equivalent to just encryption using ecb mode and +.I ks1 +as the key. +.PP +.I des_cbc_encrypt +encrypts/decrypts using the +.I cipher-block-chaining +mode of DES. +If the +.I encrypt +argument is non-zero, +the routine cipher-block-chain encrypts the cleartext data pointed to by the +.I input +argument into the ciphertext pointed to by the +.I output +argument, +using the key schedule provided by the +.I schedule +argument, +and initialisation vector provided by the +.I ivec +argument. +If the +.I length +argument is not an integral multiple of eight bytes, +the last block is copied to a temporary area and zero filled. +The output is always +an integral multiple of eight bytes. +To make multiple cbc encrypt calls on a large amount of data appear to +be one +.I des_cbc_encrypt +call, the +.I ivec +of subsequent calls should be the last 8 bytes of the output. +.PP +.I des_3cbc_encrypt +encrypts/decrypts the +.I input +block by using triple cbc DES encryption. +This involves encrypting the input with key schedule +.I ks1, +decryption with the key schedule +.I ks2, +and then encryption with the first again. +2 initialisation vectors are required, +.I ivec1 +and +.I ivec2. +Unlike +.I des_cbc_encrypt, +these initialisation vectors are modified by the subroutine. +This routine greatly reduces the chances of brute force breaking of +DES and has the advantage of if +.I ks1 +and +.I ks2 +are the same, it is equivalent to just encryption using cbc mode and +.I ks1 +as the key. +.PP +.I des_pcbc_encrypt +encrypt/decrypts using a modified block chaining mode. +It provides better error propagation characteristics than cbc +encryption. +.PP +.I des_cfb_encrypt +encrypt/decrypts using cipher feedback mode. This method takes an +array of characters as input and outputs and array of characters. It +does not require any padding to 8 character groups. Note: the ivec +variable is changed and the new changed value needs to be passed to +the next call to this function. Since this function runs a complete +DES ecb encryption per numbits, this function is only suggested for +use when sending small numbers of characters. +.PP +.I des_ofb_encrypt +encrypt using output feedback mode. This method takes an +array of characters as input and outputs and array of characters. It +does not require any padding to 8 character groups. Note: the ivec +variable is changed and the new changed value needs to be passed to +the next call to this function. Since this function runs a complete +DES ecb encryption per numbits, this function is only suggested for +use when sending small numbers of characters. +.PP +.I des_cbc_cksum +produces an 8 byte checksum based on the input stream (via cbc encryption). +The last 4 bytes of the checksum is returned and the complete 8 bytes is +placed in +.I output. +.PP +.I des_quad_cksum +returns a 4 byte checksum from the input bytes. +The algorithm can be iterated over the input, +depending on +.I out_count, +1, 2, 3 or 4 times. +If +.I output +is non-NULL, +the 8 bytes generated by each pass are written into +.I output. +.PP +.I des_enc_write +is used to write +.I len +bytes +to file descriptor +.I fd +from buffer +.I buf. +The data is encrypted via +.I pcbc_encrypt +(default) using +.I sched +for the key and +.I iv +as a starting vector. +The actual data send down +.I fd +consists of 4 bytes (in network byte order) containing the length of the +following encrypted data. The encrypted data then follows, padded with random +data out to a multiple of 8 bytes. +.PP +.I des_enc_read +is used to read +.I len +bytes +from file descriptor +.I fd +into buffer +.I buf. +The data being read from +.I fd +is assumed to have come from +.I des_enc_write +and is decrypted using +.I sched +for the key schedule and +.I iv +for the initial vector. +The +.I des_enc_read/des_enc_write +pair can be used to read/write to files, pipes and sockets. +I have used them in implementing a version of rlogin in which all +data is encrypted. +.PP +.I des_rw_mode +is used to specify the encryption mode to use with +.I des_enc_read +and +.I des_end_write. +If set to +.I DES_PCBC_MODE +(the default), des_pcbc_encrypt is used. +If set to +.I DES_CBC_MODE +des_cbc_encrypt is used. +These two routines and the variable are not part of the normal MIT library. +.PP +.I des_set_odd_parity +sets the parity of the passed +.I key +to odd. This routine is not part of the standard MIT library. +.PP +.I des_is_weak_key +returns 1 is the passed key is a weak key (pick again :-), +0 if it is ok. +This routine is not part of the standard MIT library. +.PP +.I crypt +is a replacement for the normal system crypt. +It is much faster than the system crypt. +.PP +.SH FILES +/usr/include/des.h +.br +/usr/lib/libdes.a +.PP +The encryption routines have been tested on 16bit, 32bit and 64bit +machines of various endian and even works under VMS. +.PP +.SH BUGS +.PP +If you think this manual is sparse, +read the des_crypt(3) manual from the MIT kerberos (or bones outside +of the USA) distribution. +.PP +.I des_cfb_encrypt +and +.I des_ofb_encrypt +operates on input of 8 bits. What this means is that if you set +numbits to 12, and length to 2, the first 12 bits will come from the 1st +input byte and the low half of the second input byte. The second 12 +bits will have the low 8 bits taken from the 3rd input byte and the +top 4 bits taken from the 4th input byte. The same holds for output. +This function has been implemented this way because most people will +be using a multiple of 8 and because once you get into pulling bytes input +bytes apart things get ugly! +.PP +.I des_read_pw_string +is the most machine/OS dependent function and normally generates the +most problems when porting this code. +.PP +.I des_string_to_key +is probably different from the MIT version since there are lots +of fun ways to implement one-way encryption of a text string. +.PP +The routines are optimised for 32 bit machines and so are not efficient +on IBM PCs. +.PP +NOTE: extensive work has been done on this library since this document +was origionally written. Please try to read des.doc from the libdes +distribution since it is far more upto date and documents more of the +functions. Libdes is now also being shipped as part of SSLeay, a +general cryptographic library that amonst other things implements +netscapes SSL protocoll. The most recent version can be found in +SSLeay distributions. +.SH AUTHOR +Eric Young (eay@cryptsoft.com) diff --git a/secure/lib/libcrypto/opensslconf-alpha.h b/secure/lib/libcrypto/opensslconf-alpha.h new file mode 100644 index 0000000..03894d5 --- /dev/null +++ b/secure/lib/libcrypto/opensslconf-alpha.h @@ -0,0 +1,144 @@ +/* $FreeBSD$ */ + +/* crypto/opensslconf.h */ +/* WARNING: This file is autogenerated by Configure */ + +/* Generate 80386 code? */ +#undef I386_ONLY + +#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/usr/local/ssl" +#endif +#endif + +#define OPENSSL_UNISTD <unistd.h> + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) && !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +#define RC4_INT unsigned int +#endif + +#if defined(HEADER_DES_H) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#undef BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#undef THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#undef RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#define DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#define DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#undef DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman <pgut001@cs.auckland.ac.nz> + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( i386 ) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/secure/lib/libcrypto/opensslconf-amd64.h b/secure/lib/libcrypto/opensslconf-amd64.h new file mode 100644 index 0000000..03894d5 --- /dev/null +++ b/secure/lib/libcrypto/opensslconf-amd64.h @@ -0,0 +1,144 @@ +/* $FreeBSD$ */ + +/* crypto/opensslconf.h */ +/* WARNING: This file is autogenerated by Configure */ + +/* Generate 80386 code? */ +#undef I386_ONLY + +#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/usr/local/ssl" +#endif +#endif + +#define OPENSSL_UNISTD <unistd.h> + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) && !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +#define RC4_INT unsigned int +#endif + +#if defined(HEADER_DES_H) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#undef BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#undef THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#undef RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#define DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#define DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#undef DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman <pgut001@cs.auckland.ac.nz> + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( i386 ) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/secure/lib/libcrypto/opensslconf-i386.h b/secure/lib/libcrypto/opensslconf-i386.h new file mode 100644 index 0000000..fc3cf04 --- /dev/null +++ b/secure/lib/libcrypto/opensslconf-i386.h @@ -0,0 +1,175 @@ +/* $FreeBSD$ */ +/* opensslconf.h */ + +/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ + +/* OpenSSL was configured with the following options: */ +#ifdef OPENSSL_ALGORITHM_DEFINES + /* no ciphers excluded */ +#endif +#ifdef OPENSSL_THREAD_DEFINES +# ifndef THREADS +# define THREADS +# endif +#endif +#ifdef OPENSSL_OTHER_DEFINES +# ifndef NO_ASM +# define NO_ASM +# endif +#endif + +/* crypto/opensslconf.h.in */ + +/* Generate 80386 code? */ +#undef I386_ONLY + +#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif +#endif + +#define OPENSSL_UNISTD <unistd.h> + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#undef RC4_CHUNK +#endif +#endif + +#if defined(HEADER_DES_H) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned long +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#define BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#undef SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#define THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#define RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#define DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#define DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman <pgut001@cs.auckland.ac.nz> + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( i386 ) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/secure/lib/librsaglue/Makefile b/secure/lib/librsaglue/Makefile new file mode 100644 index 0000000..9536ed5 --- /dev/null +++ b/secure/lib/librsaglue/Makefile @@ -0,0 +1,11 @@ +# $FreeBSD$ + +LIB= RSAglue +SHLIB_MAJOR= 1 +SRCS= stub.c + +CLEANFILES+= stub.c +stub.c: + touch stub.c + +.include <bsd.lib.mk> diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile new file mode 100644 index 0000000..3c3e0b6 --- /dev/null +++ b/secure/lib/libssh/Makefile @@ -0,0 +1,40 @@ +# $FreeBSD$ +# + +SSHSRC= ${.CURDIR}/../../../crypto/openssh + +LIB= ssh +SRCS= authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \ + cipher.c compat.c compress.c crc32.c deattack.c \ + hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \ + rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \ + key.c dispatch.c dsa.c kex.c hmac.c uuencode.c util.c + +NOPIC= yes + +install: + +.if defined(COMPAT_GETADDRINFO) +SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c +.endif + +.include <bsd.own.mk> + +.PATH: ${SSHSRC} +.PATH: ${SSHSRC}/lib + +.if defined(MAKE_KERBEROS4) && \ + ((${MAKE_KERBEROS4} == "yes") || (${MAKE_KERBEROS4} == "YES")) +CFLAGS+= -DKRB4 +.endif # MAKE_KERBEROS4 + +.if defined(MAKE_KERBEROS5) && \ + ((${MAKE_KERBEROS5} == "yes") || (${MAKE_KERBEROS5} == "YES")) +CFLAGS+= -DKRB5 +.endif # MAKE_KERBEROS5 + +CFLAGS+= -DSKEY +DPADD+= ${LIBOPIE} +LDADD+= -lopie +SRCS+= auth-skey.c +.include <bsd.lib.mk> diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile new file mode 100644 index 0000000..6a3ab6c --- /dev/null +++ b/secure/lib/libssl/Makefile @@ -0,0 +1,35 @@ +# $FreeBSD$ + +.include "../libcrypto/Makefile.inc" + +LCRYPTOSSL_SRC=${LCRYPTO_SRC}/../ssl + +.PATH: ${LCRYPTOSSL_SRC} + +LIB= ssl +SHLIB_MAJOR= 1 + +MAINTAINER= kris + +SRCS+= bio_ssl.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \ + s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c s3_both.c \ + s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c s3_srvr.c ssl_algs.c \ + ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_err.c ssl_err2.c ssl_lib.c \ + ssl_rsa.c ssl_sess.c ssl_stat.c ssl_txt.c t1_clnt.c t1_enc.c \ + t1_lib.c t1_meth.c t1_srvr.c + +HDRS= ssl.h ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h + +.for h in ${HDRS} +CRYPTO_HDRS+= ${LCRYPTOSSL_SRC}/${h} +.endfor + +.for h in ${HDRS} +SSL_HDRS+= ${LCRYPTOSSL_SRC}/${h} +.endfor + +beforeinstall: openssl/opensslconf.h openssl/evp.h + ${INSTALL} ${COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \ + ${SSL_HDRS} ${DESTDIR}/usr/include/openssl + +.include <bsd.lib.mk> diff --git a/secure/lib/libtelnet/Makefile b/secure/lib/libtelnet/Makefile new file mode 100644 index 0000000..33e1ee5 --- /dev/null +++ b/secure/lib/libtelnet/Makefile @@ -0,0 +1,28 @@ +# $FreeBSD$ + +LIB= telnet + +SRCS= genget.c getent.c misc.c encrypt.c auth.c \ + enc_des.c sra.c pk.c + +CFLAGS+= -DHAS_CGETENT -DENCRYPTION -DDES_ENCRYPTION -DAUTHENTICATION \ + -DSRA -I${TELNETDIR} \ + +NOPIC= yes + +INCLUDES= ${TELNETDIR}/arpa/telnet.h + +# +# Before complaining about this, please *double-check* that you have +# updated the ldconfig path in /etc/rc to include /usr/lib/compat that +# was added in src/etc/rc rev 1.98. +# This is so that `ld' will not continue to generate binaries linked +# shared against libtelnet, so that in a future release we can move this +# off to a compat dist (like compat22). +# +beforeinstall: + rm -f ${DESTDIR}${LIBDIR}/lib${LIB}.so.${SHLIB_MAJOR}.${SHLIB_MINOR} + +.include <bsd.lib.mk> + +.PATH: ${TELNETDIR}/libtelnet diff --git a/secure/libexec/Makefile b/secure/libexec/Makefile new file mode 100644 index 0000000..c5992e6 --- /dev/null +++ b/secure/libexec/Makefile @@ -0,0 +1,10 @@ +# $FreeBSD$ + +.if !defined(NOCRYPT) && !defined(MAKE_KERBEROS4) && !defined(NO_OPENSSL) +SUBDIR= telnetd +.endif +.if !defined(NO_OPENSSL) && !defined(NO_OPENSSH) +SUBDIR+=sftp-server +.endif + +.include <bsd.subdir.mk> diff --git a/secure/libexec/Makefile.inc b/secure/libexec/Makefile.inc new file mode 100644 index 0000000..4adbbf5 --- /dev/null +++ b/secure/libexec/Makefile.inc @@ -0,0 +1,4 @@ +# $FreeBSD$ + +BINDIR= /usr/libexec +.include "${.CURDIR}/../../Makefile.inc" diff --git a/secure/libexec/sftp-server/Makefile b/secure/libexec/sftp-server/Makefile new file mode 100644 index 0000000..731676c --- /dev/null +++ b/secure/libexec/sftp-server/Makefile @@ -0,0 +1,22 @@ +# $FreeBSD$ +# + +SSHSRC= ${.CURDIR}/../../../crypto/openssh + +.PATH: ${SSHSRC} +#.PATH: ${SSHSRC}/lib + +PROG= sftp-server +BINOWN= root + +BINMODE?=555 + +BINDIR= /usr/libexec +MAN8= sftp-server.8 + +SRCS= sftp-server.c log-server.c + +.include <bsd.prog.mk> + +LDADD+= -L${.OBJDIR}/../../lib/libssh -lssh -lcrypto +DPADD+= ${LIBCRYPTO} diff --git a/secure/libexec/telnetd/Makefile b/secure/libexec/telnetd/Makefile new file mode 100644 index 0000000..53de979 --- /dev/null +++ b/secure/libexec/telnetd/Makefile @@ -0,0 +1,22 @@ +# $FreeBSD$ + +# Do not define -DKLUDGELINEMODE, as it does not interact well with many +# telnet implementations. + +PROG= telnetd +MAN8= telnetd.8 + +CFLAGS+= -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON \ + -DENV_HACK -DAUTHENTICATION -DENCRYPTION \ + -I${TELNETDIR} -DINET6 + +SRCS= global.c slc.c state.c sys_term.c telnetd.c \ + termstat.c utility.c authenc.c + +DPADD= ${LIBUTIL} ${LIBTERMCAP} ${LIBTELNET} ${LIBCRYPTO} ${LIBMP} \ + ${LIBCRYPT} +LDADD= -lutil -ltermcap -L${TELNETOBJDIR} -ltelnet -lcrypto -lcrypt -lmp + +.include <bsd.prog.mk> + +.PATH: ${TELNETDIR}/telnetd diff --git a/secure/usr.bin/Makefile b/secure/usr.bin/Makefile new file mode 100644 index 0000000..fd67fd8 --- /dev/null +++ b/secure/usr.bin/Makefile @@ -0,0 +1,14 @@ +# $FreeBSD$ + +SUBDIR= bdes +.if !defined(NOCRYPT) && !defined(NO_OPENSSL) && !defined(MAKE_KERBEROS4) && !defined(MAKE_KERBEROS5) +SUBDIR+=telnet +.endif +.if !defined(NO_OPENSSL) +SUBDIR+=openssl +.if !defined(NO_OPENSSH) +SUBDIR+=scp ssh ssh-add ssh-agent ssh-keygen +.endif +.endif + +.include <bsd.subdir.mk> diff --git a/secure/usr.bin/Makefile.inc b/secure/usr.bin/Makefile.inc new file mode 100644 index 0000000..c4fd273 --- /dev/null +++ b/secure/usr.bin/Makefile.inc @@ -0,0 +1,4 @@ +# $FreeBSD$ + +BINDIR= /usr/bin +.include "${.CURDIR}/../../Makefile.inc" diff --git a/secure/usr.bin/bdes/Makefile b/secure/usr.bin/bdes/Makefile new file mode 100644 index 0000000..78af60c --- /dev/null +++ b/secure/usr.bin/bdes/Makefile @@ -0,0 +1,16 @@ +# @(#)Makefile 8.1 (Berkeley) 6/6/93 +# $FreeBSD$ + +PROG= bdes +SRCS= bdes.c + +.if exists(${.OBJDIR}/../../lib/libcipher) +LDFLAGS+= -L${.OBJDIR}/../../lib/libcipher +.else +LDFLAGS+= -L${.CURDIR}/../../lib/libcipher +.endif + +LDADD+= -lcipher +DPADD+= libcipher.a + +.include <bsd.prog.mk> diff --git a/secure/usr.bin/bdes/bdes.1 b/secure/usr.bin/bdes/bdes.1 new file mode 100644 index 0000000..a0ad666 --- /dev/null +++ b/secure/usr.bin/bdes/bdes.1 @@ -0,0 +1,305 @@ +.\" Copyright (c) 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Matt Bishop of Dartmouth College. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)bdes.1 8.1 (Berkeley) 6/29/93 +.\" $FreeBSD$ +.\" +.TH BDES 1 "June 29, 1993" +.UC 6 +.SH NAME +bdes \- encrypt/decrypt using the Data Encryption Standard +.SH SYNOPSIS +.nf +.ft B +bdes [ \-abdp ] [ \-F N ] [ \-f N ] [ \-k key ] +.ti +5 +[ \-m N ] [ \-o N ] [ \-v vector ] +.ft R +.fi +.SH DESCRIPTION +.I Bdes +implements all DES modes of operation described in FIPS PUB 81, +including alternative cipher feedback mode and both authentication +modes. +.I Bdes +reads from the standard input and writes to the standard output. +By default, the input is encrypted using cipher block chaining mode. +Using the same key for encryption and decryption preserves plain text. +.PP +All modes but the electronic code book mode require an initialization +vector; if none is supplied, the zero vector is used. +If no +.I key +is specified on the command line, the user is prompted for one (see +.IR getpass (3) +for more details). +.PP +The options are as follows: +.TP +\-a +The key and initialization vector strings are to be taken as ASCII, +suppressing the special interpretation given to leading ``0X'', ``0x'', +``0B'', and ``0b'' characters. +This flag applies to +.I both +the key and initialization vector. +.TP +\-b +Use electronic code book mode. +.TP +\-d +Decrypt the input. +.TP +\-F +Use +.IR N -bit +alternative cipher feedback mode. +Currently +.I N +must be a multiple of 7 between 7 and 56 inclusive (this does not conform +to the alternative CFB mode specification). +.TP +\-f +Use +.IR N -bit +cipher feedback mode. +Currently +.I N +must be a multiple of 8 between 8 and 64 inclusive (this does not conform +to the standard CFB mode specification). +.TP +\-k +Use +.I key +as the cryptographic key. +.TP +\-m +Compute a message authentication code (MAC) of +.I N +bits on the input. +The value of +.I N +must be between 1 and 64 inclusive; if +.I N +is not a multiple of 8, enough 0 bits will be added to pad the MAC length +to the nearest multiple of 8. +Only the MAC is output. +MACs are only available in cipher block chaining mode or in cipher feedback +mode. +.TP +\-o +Use +.IR N -bit +output feedback mode. +Currently +.I N +must be a multiple of 8 between 8 and 64 inclusive (this does not conform +to the OFB mode specification). +.TP +\-p +Disable the resetting of the parity bit. +This flag forces the parity bit of the key to be used as typed, rather than +making each character be of odd parity. +It is used only if the key is given in ASCII. +.TP +\-v +Set the initialization vector to +.IR vector ; +the vector is interpreted in the same way as the key. +The vector is ignored in electronic codebook mode. +.PP +The key and initialization vector are taken as sequences of ASCII +characters which are then mapped into their bit representations. +If either begins with ``0X'' or ``0x'', +that one is taken as a sequence of hexadecimal digits indicating the +bit pattern; +if either begins with ``0B'' or ``0b'', +that one is taken as a sequence of binary digits indicating the bit pattern. +In either case, +only the leading 64 bits of the key or initialization vector +are used, +and if fewer than 64 bits are provided, enough 0 bits are appended +to pad the key to 64 bits. +.PP +According to the DES standard, the low-order bit of each character in the +key string is deleted. +Since most ASCII representations set the high-order bit to 0, simply +deleting the low-order bit effectively reduces the size of the key space +from 2\u\s-356\s0\d to 2\u\s-348\s0\d keys. +To prevent this, the high-order bit must be a function depending in part +upon the low-order bit; so, the high-order bit is set to whatever value +gives odd parity. +This preserves the key space size. +Note this resetting of the parity bit is +.I not +done if the key is given in binary or hex, and can be disabled for ASCII +keys as well. +.PP +The DES is considered a very strong cryptosystem, and other than table lookup +attacks, key search attacks, and Hellman's time-memory tradeoff (all of which +are very expensive and time-consuming), no cryptanalytic methods for breaking +the DES are known in the open literature. +No doubt the choice of keys and key security are the most vulnerable aspect +of +.IR bdes . +.SH IMPLEMENTATION NOTES +For implementors wishing to write software compatible with this program, +the following notes are provided. +This software is believed to be compatible with the implementation of the +data encryption standard distributed by Sun Microsystems, Inc. +.PP +In the ECB and CBC modes, plaintext is encrypted in units of 64 bits (8 bytes, +also called a block). +To ensure that the plaintext file is encrypted correctly, +.I bdes +will (internally) append from 1 to 8 bytes, the last byte containing an +integer stating how many bytes of that final block are from the plaintext +file, and encrypt the resulting block. +Hence, when decrypting, the last block may contain from 0 to 7 characters +present in the plaintext file, and the last byte tells how many. +Note that if during decryption the last byte of the file does not contain an +integer between 0 and 7, either the file has been corrupted or an incorrect +key has been given. +A similar mechanism is used for the OFB and CFB modes, except that those +simply require the length of the input to be a multiple of the mode size, +and the final byte contains an integer between 0 and one less than the number +of bytes being used as the mode. +(This was another reason that the mode size must be a multiple of 8 for those +modes.) +.PP +Unlike Sun's implementation, unused bytes of that last block are not filled +with random data, but instead contain what was in those byte positions in +the preceding block. +This is quicker and more portable, and does not weaken the encryption +significantly. +.PP +If the key is entered in ASCII, the parity bits of the key characters are set +so that each key character is of odd parity. +Unlike Sun's implementation, it is possible to enter binary or hexadecimal +keys on the command line, and if this is done, the parity bits are +.I not +reset. +This allows testing using arbitrary bit patterns as keys. +.PP +The Sun implementation always uses an initialization vector of 0 +(that is, all zeroes). +By default, +.I bdes +does too, but this may be changed from the command line. +.SH SEE ALSO +crypt(3), getpass(3) +.sp +.IR "Data Encryption Standard" , +Federal Information Processing Standard #46, +National Bureau of Standards, +U.S. Department of Commerce, +Washington DC +(Jan. 1977) +.sp +.IR "DES Modes of Operation" , +Federal Information Processing Standard #81, +National Bureau of Standards, +U.S. Department of Commerce +Washington DC +(Dec. 1980) +.sp +Dorothy Denning, +.IR "Cryptography and Data Security" , +Addison-Wesley Publishing Co., +Reading, MA +\(co1982. +.sp +Matt Bishop, +.IR "Implementation Notes on bdes(1)" , +Technical Report PCS-TR-91-158, +Department of Mathematics and Computer Science, +Dartmouth College, +Hanover, NH 03755 +(Apr. 1991). +.SH DISCLAIMER +.nf +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. +.fi +.SH BUGS +There is a controversy raging over whether the DES will still be secure +in a few years. +The advent of special-purpose hardware could reduce the cost of any of the +methods of attack named above so that they are no longer computationally +infeasible. +.PP +As the key or key schedule is stored in memory, the encryption can be +compromised if memory is readable. +Additionally, programs which display programs' arguments may compromise the +key and initialization vector, if they are specified on the command line. +To avoid this +.I bdes +overwrites its arguments, however, the obvious race cannot currently be +avoided. +.PP +Certain specific keys should be avoided because they introduce potential +weaknesses; these keys, called the +.I weak +and +.I semiweak +keys, are (in hex notation, where p is either 0 or 1, and P is either +e or f): +.sp +.nf +.in +10n +.ta \w'0x0p0p0p0p0p0p0p0p\0\0\0'u+5n +0x0p0p0p0p0p0p0p0p 0x0p1P0p1P0p0P0p0P +0x0pep0pep0pfp0pfp 0x0pfP0pfP0pfP0pfP +0x1P0p1P0p0P0p0P0p 0x1P1P1P1P0P0P0P0P +0x1Pep1Pep0Pfp0Pfp 0x1PfP1PfP0PfP0PfP +0xep0pep0pfp0pfp0p 0xep1Pep1pfp0Pfp0P +0xepepepepepepepep 0xepfPepfPfpfPfpfP +0xfP0pfP0pfP0pfP0p 0xfP1PfP1PfP0PfP0P +0xfPepfPepfPepfPep 0xfPfPfPfPfPfPfPfP +.fi +.in -10n +.sp +This is inherent in the DES algorithm (see Moore and Simmons, +\*(LqCycle structure of the DES with weak and semi-weak keys,\*(Rq +.I "Advances in Cryptology \- Crypto '86 Proceedings" , +Springer-Verlag New York, \(co1987, pp. 9-32.) diff --git a/secure/usr.bin/bdes/bdes.c b/secure/usr.bin/bdes/bdes.c new file mode 100644 index 0000000..f2dc827 --- /dev/null +++ b/secure/usr.bin/bdes/bdes.c @@ -0,0 +1,1051 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Matt Bishop of Dartmouth College. + * + * The United States Government has rights in this work pursuant + * to contract no. NAG 2-680 between the National Aeronautics and + * Space Administration and Dartmouth College. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char copyright[] = +"@(#) Copyright (c) 1991, 1993\n\ + The Regents of the University of California. All rights reserved.\n"; +#endif /* not lint */ + +#ifndef lint +#if 0 +static char sccsid[] = "@(#)bdes.c 8.1 (Berkeley) 6/6/93"; +#else +static const char rcsid[] = + "$FreeBSD$"; +#endif +#endif /* not lint */ + +/* + * BDES -- DES encryption package for Berkeley Software Distribution 4.4 + * options: + * -a key is in ASCII + * -b use ECB (electronic code book) mode + * -d invert (decrypt) input + * -f b use b-bit CFB (cipher feedback) mode + * -F b use b-bit CFB (cipher feedback) alternative mode + * -k key use key as the cryptographic key + * -m b generate a MAC of length b + * -o b use b-bit OFB (output feedback) mode + * -p don't reset the parity bit + * -v v use v as the initialization vector (ignored for ECB) + * note: the last character of the last block is the integer indicating + * how many characters of that block are to be output + * + * Author: Matt Bishop + * Department of Mathematics and Computer Science + * Dartmouth College + * Hanover, NH 03755 + * Email: Matt.Bishop@dartmouth.edu + * ...!decvax!dartvax!Matt.Bishop + * + * See Technical Report PCS-TR91-158, Department of Mathematics and Computer + * Science, Dartmouth College, for a detailed description of the implemen- + * tation and differences between it and Sun's. The DES is described in + * FIPS PUB 46, and the modes in FIPS PUB 81 (see either the manual page + * or the technical report for a complete reference). + */ + +#include <errno.h> +#include <unistd.h> +#include <stdio.h> +#include <ctype.h> +#include <stdlib.h> +#include <string.h> + +/* + * BSD and System V systems offer special library calls that do + * block moves and fills, so if possible we take advantage of them + */ +#define MEMCPY(dest,src,len) bcopy((src),(dest),(len)) +#define MEMZERO(dest,len) bzero((dest),(len)) + +/* Hide the calls to the primitive encryption routines. */ +#define FASTWAY +#ifdef FASTWAY +#define DES_KEY(buf) \ + if (des_setkey(buf)) \ + err("des_setkey", 0); +#define DES_XFORM(buf) \ + if (des_cipher(buf, buf, 0L, (inverse ? -1 : 1))) \ + err("des_cipher", 0); +#else +#define DES_KEY(buf) { \ + char bits1[64]; /* bits of key */ \ + expand(buf, bits1); \ + if (setkey(bits1)) \ + err("setkey", 0); \ + } +#define DES_XFORM(buf) { \ + char bits1[64]; /* bits of message */ \ + expand(buf, bits1); \ + if (encrypt(bits1, inverse)) \ + err("encrypt", 0); \ + compress(bits1, buf); \ + } +#endif + +/* + * this does an error-checking write + */ +#define READ(buf, n) fread(buf, sizeof(char), n, stdin) +#define WRITE(buf,n) \ + if (fwrite(buf, sizeof(char), n, stdout) != n) \ + err(bn, NULL); + +/* + * some things to make references easier + */ +typedef char Desbuf[8]; +#define CHAR(x,i) (x[i]) +#define UCHAR(x,i) (x[i]) +#define BUFFER(x) (x) +#define UBUFFER(x) (x) + +/* + * global variables and related macros + */ +#define KEY_DEFAULT 0 /* interpret radix of key from key */ +#define KEY_ASCII 1 /* key is in ASCII characters */ +int keybase = KEY_DEFAULT; /* how to interpret the key */ + +enum { /* encrypt, decrypt, authenticate */ + MODE_ENCRYPT, MODE_DECRYPT, MODE_AUTHENTICATE +} mode = MODE_ENCRYPT; +enum { /* ecb, cbc, cfb, cfba, ofb? */ + ALG_ECB, ALG_CBC, ALG_CFB, ALG_OFB, ALG_CFBA +} alg = ALG_CBC; + +Desbuf ivec; /* initialization vector */ +char bits[] = { /* used to extract bits from a char */ + '\200', '\100', '\040', '\020', '\010', '\004', '\002', '\001' +}; +int inverse; /* 0 to encrypt, 1 to decrypt */ +int macbits = -1; /* number of bits in authentication */ +int fbbits = -1; /* number of feedback bits */ +int pflag; /* 1 to preserve parity bits */ + +main(ac, av) + int ac; /* arg count */ + char **av; /* arg vector */ +{ + extern int optind; /* option (argument) number */ + extern char *optarg; /* argument to option if any */ + register int i; /* counter in a for loop */ + register char *p; /* used to obtain the key */ + Desbuf msgbuf; /* I/O buffer */ + int kflag; /* command-line encryptiooon key */ + int argc; /* the real arg count */ + char **argv; /* the real argument vector */ + + /* + * Hide the arguments from ps(1) by making private copies of them + * and clobbering the global (visible to ps(1)) ones. + */ + argc = ac; + ac = 1; + argv = malloc((argc + 1) * sizeof(char *)); + for (i = 0; i < argc; ++i) { + argv[i] = strdup(av[i]); + MEMZERO(av[i], strlen(av[i])); + } + argv[argc] = NULL; + + /* initialize the initialization vctor */ + MEMZERO(ivec, 8); + + /* process the argument list */ + kflag = 0; + while ((i = getopt(argc, argv, "abdF:f:k:m:o:pv:")) != EOF) + switch(i) { + case 'a': /* key is ASCII */ + keybase = KEY_ASCII; + break; + case 'b': /* use ECB mode */ + alg = ALG_ECB; + break; + case 'd': /* decrypt */ + mode = MODE_DECRYPT; + break; + case 'F': /* use alternative CFB mode */ + alg = ALG_CFBA; + if ((fbbits = setbits(optarg, 7)) > 56 || fbbits == 0) + err(-1, "-F: number must be 1-56 inclusive"); + else if (fbbits == -1) + err(-1, "-F: number must be a multiple of 7"); + break; + case 'f': /* use CFB mode */ + alg = ALG_CFB; + if ((fbbits = setbits(optarg, 8)) > 64 || fbbits == 0) + err(-1, "-f: number must be 1-64 inclusive"); + else if (fbbits == -1) + err(-1, "-f: number must be a multiple of 8"); + break; + case 'k': /* encryption key */ + kflag = 1; + cvtkey(BUFFER(msgbuf), optarg); + break; + case 'm': /* number of bits for MACing */ + mode = MODE_AUTHENTICATE; + if ((macbits = setbits(optarg, 1)) > 64) + err(-1, "-m: number must be 0-64 inclusive"); + break; + case 'o': /* use OFB mode */ + alg = ALG_OFB; + if ((fbbits = setbits(optarg, 8)) > 64 || fbbits == 0) + err(-1, "-o: number must be 1-64 inclusive"); + else if (fbbits == -1) + err(-1, "-o: number must be a multiple of 8"); + break; + case 'p': /* preserve parity bits */ + pflag = 1; + break; + case 'v': /* set initialization vector */ + cvtkey(BUFFER(ivec), optarg); + break; + default: /* error */ + usage(); + } + + if (!kflag) { + /* + * if the key's not ASCII, assume it is + */ + keybase = KEY_ASCII; + /* + * get the key + */ + p = getpass("Enter key: "); + /* + * copy it, nul-padded, into the key area + */ + cvtkey(BUFFER(msgbuf), p); + } + + makekey(msgbuf); + inverse = (alg == ALG_CBC || alg == ALG_ECB) && mode == MODE_DECRYPT; + + switch(alg) { + case ALG_CBC: + switch(mode) { + case MODE_AUTHENTICATE: /* authenticate using CBC mode */ + cbcauth(); + break; + case MODE_DECRYPT: /* decrypt using CBC mode */ + cbcdec(); + break; + case MODE_ENCRYPT: /* encrypt using CBC mode */ + cbcenc(); + break; + } + break; + case ALG_CFB: + switch(mode) { + case MODE_AUTHENTICATE: /* authenticate using CFB mode */ + cfbauth(); + break; + case MODE_DECRYPT: /* decrypt using CFB mode */ + cfbdec(); + break; + case MODE_ENCRYPT: /* encrypt using CFB mode */ + cfbenc(); + break; + } + break; + case ALG_CFBA: + switch(mode) { + case MODE_AUTHENTICATE: /* authenticate using CFBA mode */ + err(-1, "can't authenticate with CFBA mode"); + break; + case MODE_DECRYPT: /* decrypt using CFBA mode */ + cfbadec(); + break; + case MODE_ENCRYPT: /* encrypt using CFBA mode */ + cfbaenc(); + break; + } + break; + case ALG_ECB: + switch(mode) { + case MODE_AUTHENTICATE: /* authenticate using ECB mode */ + err(-1, "can't authenticate with ECB mode"); + break; + case MODE_DECRYPT: /* decrypt using ECB mode */ + ecbdec(); + break; + case MODE_ENCRYPT: /* encrypt using ECB mode */ + ecbenc(); + break; + } + break; + case ALG_OFB: + switch(mode) { + case MODE_AUTHENTICATE: /* authenticate using OFB mode */ + err(-1, "can't authenticate with OFB mode"); + break; + case MODE_DECRYPT: /* decrypt using OFB mode */ + ofbdec(); + break; + case MODE_ENCRYPT: /* encrypt using OFB mode */ + ofbenc(); + break; + } + break; + } + exit(0); +} + +/* + * print a warning message and, possibly, terminate + */ +err(n, s) + int n; /* offending block number */ + char *s; /* the message */ +{ + if (n > 0) + (void)fprintf(stderr, "bdes (block %d): ", n); + else + (void)fprintf(stderr, "bdes: "); + (void)fprintf(stderr, "%s\n", s ? s : strerror(errno)); + exit(1); +} + +/* + * map a hex character to an integer + */ +tobinhex(c, radix) + char c; /* char to be converted */ + int radix; /* base (2 to 16) */ +{ + switch(c) { + case '0': return(0x0); + case '1': return(0x1); + case '2': return(radix > 2 ? 0x2 : -1); + case '3': return(radix > 3 ? 0x3 : -1); + case '4': return(radix > 4 ? 0x4 : -1); + case '5': return(radix > 5 ? 0x5 : -1); + case '6': return(radix > 6 ? 0x6 : -1); + case '7': return(radix > 7 ? 0x7 : -1); + case '8': return(radix > 8 ? 0x8 : -1); + case '9': return(radix > 9 ? 0x9 : -1); + case 'A': case 'a': return(radix > 10 ? 0xa : -1); + case 'B': case 'b': return(radix > 11 ? 0xb : -1); + case 'C': case 'c': return(radix > 12 ? 0xc : -1); + case 'D': case 'd': return(radix > 13 ? 0xd : -1); + case 'E': case 'e': return(radix > 14 ? 0xe : -1); + case 'F': case 'f': return(radix > 15 ? 0xf : -1); + } + /* + * invalid character + */ + return(-1); +} + +/* + * convert the key to a bit pattern + */ +cvtkey(obuf, ibuf) + char *obuf; /* bit pattern */ + char *ibuf; /* the key itself */ +{ + register int i, j; /* counter in a for loop */ + int nbuf[64]; /* used for hex/key translation */ + + /* + * just switch on the key base + */ + switch(keybase) { + case KEY_ASCII: /* ascii to integer */ + (void)strncpy(obuf, ibuf, 8); + return; + case KEY_DEFAULT: /* tell from context */ + /* + * leading '0x' or '0X' == hex key + */ + if (ibuf[0] == '0' && (ibuf[1] == 'x' || ibuf[1] == 'X')) { + ibuf = &ibuf[2]; + /* + * now translate it, bombing on any illegal hex digit + */ + for (i = 0; ibuf[i] && i < 16; i++) + if ((nbuf[i] = tobinhex(ibuf[i], 16)) == -1) + err(-1, "bad hex digit in key"); + while (i < 16) + nbuf[i++] = 0; + for (i = 0; i < 8; i++) + obuf[i] = + ((nbuf[2*i]&0xf)<<4) | (nbuf[2*i+1]&0xf); + /* preserve parity bits */ + pflag = 1; + return; + } + /* + * leading '0b' or '0B' == binary key + */ + if (ibuf[0] == '0' && (ibuf[1] == 'b' || ibuf[1] == 'B')) { + ibuf = &ibuf[2]; + /* + * now translate it, bombing on any illegal binary digit + */ + for (i = 0; ibuf[i] && i < 16; i++) + if ((nbuf[i] = tobinhex(ibuf[i], 2)) == -1) + err(-1, "bad binary digit in key"); + while (i < 64) + nbuf[i++] = 0; + for (i = 0; i < 8; i++) + for (j = 0; j < 8; j++) + obuf[i] = (obuf[i]<<1)|nbuf[8*i+j]; + /* preserve parity bits */ + pflag = 1; + return; + } + /* + * no special leader -- ASCII + */ + (void)strncpy(obuf, ibuf, 8); + } +} + +/* + * convert an ASCII string into a decimal number: + * 1. must be between 0 and 64 inclusive + * 2. must be a valid decimal number + * 3. must be a multiple of mult + */ +setbits(s, mult) + char *s; /* the ASCII string */ + int mult; /* what it must be a multiple of */ +{ + register char *p; /* pointer in a for loop */ + register int n = 0; /* the integer collected */ + + /* + * skip white space + */ + while (isspace(*s)) + s++; + /* + * get the integer + */ + for (p = s; *p; p++) { + if (isdigit(*p)) + n = n * 10 + *p - '0'; + else { + err(-1, "bad decimal digit in MAC length"); + } + } + /* + * be sure it's a multiple of mult + */ + return((n % mult != 0) ? -1 : n); +} + +/***************** + * DES FUNCTIONS * + *****************/ +/* + * This sets the DES key and (if you're using the deszip version) + * the direction of the transformation. This uses the Sun + * to map the 64-bit key onto the 56 bits that the key schedule + * generation routines use: the old way, which just uses the user- + * supplied 64 bits as is, and the new way, which resets the parity + * bit to be the same as the low-order bit in each character. The + * new way generates a greater variety of key schedules, since many + * systems set the parity (high) bit of each character to 0, and the + * DES ignores the low order bit of each character. + */ +makekey(buf) + Desbuf buf; /* key block */ +{ + register int i, j; /* counter in a for loop */ + register int par; /* parity counter */ + + /* + * if the parity is not preserved, flip it + */ + if (!pflag) { + for (i = 0; i < 8; i++) { + par = 0; + for (j = 1; j < 8; j++) + if ((bits[j]&UCHAR(buf, i)) != 0) + par++; + if ((par&01) == 01) + UCHAR(buf, i) = UCHAR(buf, i)&0177; + else + UCHAR(buf, i) = (UCHAR(buf, i)&0177)|0200; + } + } + + DES_KEY(UBUFFER(buf)); +} + +/* + * This encrypts using the Electronic Code Book mode of DES + */ +ecbenc() +{ + register int n; /* number of bytes actually read */ + register int bn; /* block number */ + Desbuf msgbuf; /* I/O buffer */ + + for (bn = 0; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) { + /* + * do the transformation + */ + DES_XFORM(UBUFFER(msgbuf)); + WRITE(BUFFER(msgbuf), 8); + } + /* + * at EOF or last block -- in either case, the last byte contains + * the character representation of the number of bytes in it + */ + bn++; + MEMZERO(&CHAR(msgbuf, n), 8 - n); + CHAR(msgbuf, 7) = n; + DES_XFORM(UBUFFER(msgbuf)); + WRITE(BUFFER(msgbuf), 8); + +} + +/* + * This decrypts using the Electronic Code Book mode of DES + */ +ecbdec() +{ + register int n; /* number of bytes actually read */ + register int c; /* used to test for EOF */ + register int bn; /* block number */ + Desbuf msgbuf; /* I/O buffer */ + + for (bn = 1; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) { + /* + * do the transformation + */ + DES_XFORM(UBUFFER(msgbuf)); + /* + * if the last one, handle it specially + */ + if ((c = getchar()) == EOF) { + n = CHAR(msgbuf, 7); + if (n < 0 || n > 7) + err(bn, "decryption failed (block corrupted)"); + } + else + (void)ungetc(c, stdin); + WRITE(BUFFER(msgbuf), n); + } + if (n > 0) + err(bn, "decryption failed (incomplete block)"); +} + +/* + * This encrypts using the Cipher Block Chaining mode of DES + */ +cbcenc() +{ + register int n; /* number of bytes actually read */ + register int bn; /* block number */ + Desbuf msgbuf; /* I/O buffer */ + + /* + * do the transformation + */ + for (bn = 1; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) { + for (n = 0; n < 8; n++) + CHAR(msgbuf, n) ^= CHAR(ivec, n); + DES_XFORM(UBUFFER(msgbuf)); + MEMCPY(BUFFER(ivec), BUFFER(msgbuf), 8); + WRITE(BUFFER(msgbuf), 8); + } + /* + * at EOF or last block -- in either case, the last byte contains + * the character representation of the number of bytes in it + */ + bn++; + MEMZERO(&CHAR(msgbuf, n), 8 - n); + CHAR(msgbuf, 7) = n; + for (n = 0; n < 8; n++) + CHAR(msgbuf, n) ^= CHAR(ivec, n); + DES_XFORM(UBUFFER(msgbuf)); + WRITE(BUFFER(msgbuf), 8); + +} + +/* + * This decrypts using the Cipher Block Chaining mode of DES + */ +cbcdec() +{ + register int n; /* number of bytes actually read */ + Desbuf msgbuf; /* I/O buffer */ + Desbuf ibuf; /* temp buffer for initialization vector */ + register int c; /* used to test for EOF */ + register int bn; /* block number */ + + for (bn = 0; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) { + /* + * do the transformation + */ + MEMCPY(BUFFER(ibuf), BUFFER(msgbuf), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (c = 0; c < 8; c++) + UCHAR(msgbuf, c) ^= UCHAR(ivec, c); + MEMCPY(BUFFER(ivec), BUFFER(ibuf), 8); + /* + * if the last one, handle it specially + */ + if ((c = getchar()) == EOF) { + n = CHAR(msgbuf, 7); + if (n < 0 || n > 7) + err(bn, "decryption failed (block corrupted)"); + } + else + (void)ungetc(c, stdin); + WRITE(BUFFER(msgbuf), n); + } + if (n > 0) + err(bn, "decryption failed (incomplete block)"); +} + +/* + * This authenticates using the Cipher Block Chaining mode of DES + */ +cbcauth() +{ + register int n, j; /* number of bytes actually read */ + Desbuf msgbuf; /* I/O buffer */ + Desbuf encbuf; /* encryption buffer */ + + /* + * do the transformation + * note we DISCARD the encrypted block; + * we only care about the last one + */ + while ((n = READ(BUFFER(msgbuf), 8)) == 8) { + for (n = 0; n < 8; n++) + CHAR(encbuf, n) = CHAR(msgbuf, n) ^ CHAR(ivec, n); + DES_XFORM(UBUFFER(encbuf)); + MEMCPY(BUFFER(ivec), BUFFER(encbuf), 8); + } + /* + * now compute the last one, right padding with '\0' if need be + */ + if (n > 0) { + MEMZERO(&CHAR(msgbuf, n), 8 - n); + for (n = 0; n < 8; n++) + CHAR(encbuf, n) = CHAR(msgbuf, n) ^ CHAR(ivec, n); + DES_XFORM(UBUFFER(encbuf)); + } + /* + * drop the bits + * we write chars until fewer than 7 bits, + * and then pad the last one with 0 bits + */ + for (n = 0; macbits > 7; n++, macbits -= 8) + (void)putchar(CHAR(encbuf, n)); + if (macbits > 0) { + CHAR(msgbuf, 0) = 0x00; + for (j = 0; j < macbits; j++) + CHAR(msgbuf, 0) |= (CHAR(encbuf, n)&bits[j]); + (void)putchar(CHAR(msgbuf, 0)); + } +} + +/* + * This encrypts using the Cipher FeedBack mode of DES + */ +cfbenc() +{ + register int n; /* number of bytes actually read */ + register int nbytes; /* number of bytes to read */ + register int bn; /* block number */ + char ibuf[8]; /* input buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 8; + /* + * do the transformation + */ + for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < 8 - nbytes; n++) + UCHAR(ivec, n) = UCHAR(ivec, n+nbytes); + for (n = 0; n < nbytes; n++) + UCHAR(ivec, 8-nbytes+n) = ibuf[n] ^ UCHAR(msgbuf, n); + WRITE(&CHAR(ivec, 8-nbytes), nbytes); + } + /* + * at EOF or last block -- in either case, the last byte contains + * the character representation of the number of bytes in it + */ + bn++; + MEMZERO(&ibuf[n], nbytes - n); + ibuf[nbytes - 1] = n; + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < nbytes; n++) + ibuf[n] ^= UCHAR(msgbuf, n); + WRITE(ibuf, nbytes); +} + +/* + * This decrypts using the Cipher Block Chaining mode of DES + */ +cfbdec() +{ + register int n; /* number of bytes actually read */ + register int c; /* used to test for EOF */ + register int nbytes; /* number of bytes to read */ + register int bn; /* block number */ + char ibuf[8]; /* input buffer */ + char obuf[8]; /* output buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 8; + /* + * do the transformation + */ + for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (c = 0; c < 8 - nbytes; c++) + CHAR(ivec, c) = CHAR(ivec, c+nbytes); + for (c = 0; c < nbytes; c++) { + CHAR(ivec, 8-nbytes+c) = ibuf[c]; + obuf[c] = ibuf[c] ^ UCHAR(msgbuf, c); + } + /* + * if the last one, handle it specially + */ + if ((c = getchar()) == EOF) { + n = obuf[nbytes-1]; + if (n < 0 || n > nbytes-1) + err(bn, "decryption failed (block corrupted)"); + } + else + (void)ungetc(c, stdin); + WRITE(obuf, n); + } + if (n > 0) + err(bn, "decryption failed (incomplete block)"); +} + +/* + * This encrypts using the alternative Cipher FeedBack mode of DES + */ +cfbaenc() +{ + register int n; /* number of bytes actually read */ + register int nbytes; /* number of bytes to read */ + register int bn; /* block number */ + char ibuf[8]; /* input buffer */ + char obuf[8]; /* output buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 7; + /* + * do the transformation + */ + for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < 8 - nbytes; n++) + UCHAR(ivec, n) = UCHAR(ivec, n+nbytes); + for (n = 0; n < nbytes; n++) + UCHAR(ivec, 8-nbytes+n) = (ibuf[n] ^ UCHAR(msgbuf, n)) + |0200; + for (n = 0; n < nbytes; n++) + obuf[n] = CHAR(ivec, 8-nbytes+n)&0177; + WRITE(obuf, nbytes); + } + /* + * at EOF or last block -- in either case, the last byte contains + * the character representation of the number of bytes in it + */ + bn++; + MEMZERO(&ibuf[n], nbytes - n); + ibuf[nbytes - 1] = ('0' + n)|0200; + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < nbytes; n++) + ibuf[n] ^= UCHAR(msgbuf, n); + WRITE(ibuf, nbytes); +} + +/* + * This decrypts using the alternative Cipher Block Chaining mode of DES + */ +cfbadec() +{ + register int n; /* number of bytes actually read */ + register int c; /* used to test for EOF */ + register int nbytes; /* number of bytes to read */ + register int bn; /* block number */ + char ibuf[8]; /* input buffer */ + char obuf[8]; /* output buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 7; + /* + * do the transformation + */ + for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (c = 0; c < 8 - nbytes; c++) + CHAR(ivec, c) = CHAR(ivec, c+nbytes); + for (c = 0; c < nbytes; c++) { + CHAR(ivec, 8-nbytes+c) = ibuf[c]|0200; + obuf[c] = (ibuf[c] ^ UCHAR(msgbuf, c))&0177; + } + /* + * if the last one, handle it specially + */ + if ((c = getchar()) == EOF) { + if ((n = (obuf[nbytes-1] - '0')) < 0 + || n > nbytes-1) + err(bn, "decryption failed (block corrupted)"); + } + else + (void)ungetc(c, stdin); + WRITE(obuf, n); + } + if (n > 0) + err(bn, "decryption failed (incomplete block)"); +} + + +/* + * This encrypts using the Output FeedBack mode of DES + */ +ofbenc() +{ + register int n; /* number of bytes actually read */ + register int c; /* used to test for EOF */ + register int nbytes; /* number of bytes to read */ + register int bn; /* block number */ + char ibuf[8]; /* input buffer */ + char obuf[8]; /* output buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 8; + /* + * do the transformation + */ + for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < 8 - nbytes; n++) + UCHAR(ivec, n) = UCHAR(ivec, n+nbytes); + for (n = 0; n < nbytes; n++) { + UCHAR(ivec, 8-nbytes+n) = UCHAR(msgbuf, n); + obuf[n] = ibuf[n] ^ UCHAR(msgbuf, n); + } + WRITE(obuf, nbytes); + } + /* + * at EOF or last block -- in either case, the last byte contains + * the character representation of the number of bytes in it + */ + bn++; + MEMZERO(&ibuf[n], nbytes - n); + ibuf[nbytes - 1] = n; + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (c = 0; c < nbytes; c++) + ibuf[c] ^= UCHAR(msgbuf, c); + WRITE(ibuf, nbytes); +} + +/* + * This decrypts using the Output Block Chaining mode of DES + */ +ofbdec() +{ + register int n; /* number of bytes actually read */ + register int c; /* used to test for EOF */ + register int nbytes; /* number of bytes to read */ + register int bn; /* block number */ + char ibuf[8]; /* input buffer */ + char obuf[8]; /* output buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 8; + /* + * do the transformation + */ + for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (c = 0; c < 8 - nbytes; c++) + CHAR(ivec, c) = CHAR(ivec, c+nbytes); + for (c = 0; c < nbytes; c++) { + CHAR(ivec, 8-nbytes+c) = UCHAR(msgbuf, c); + obuf[c] = ibuf[c] ^ UCHAR(msgbuf, c); + } + /* + * if the last one, handle it specially + */ + if ((c = getchar()) == EOF) { + n = obuf[nbytes-1]; + if (n < 0 || n > nbytes-1) + err(bn, "decryption failed (block corrupted)"); + } + else + (void)ungetc(c, stdin); + /* + * dump it + */ + WRITE(obuf, n); + } + if (n > 0) + err(bn, "decryption failed (incomplete block)"); +} + +/* + * This authenticates using the Cipher FeedBack mode of DES + */ +cfbauth() +{ + register int n, j; /* number of bytes actually read */ + register int nbytes; /* number of bytes to read */ + char ibuf[8]; /* input buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 8; + /* + * do the transformation + */ + while ((n = READ(ibuf, nbytes)) == nbytes) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < 8 - nbytes; n++) + UCHAR(ivec, n) = UCHAR(ivec, n+nbytes); + for (n = 0; n < nbytes; n++) + UCHAR(ivec, 8-nbytes+n) = ibuf[n] ^ UCHAR(msgbuf, n); + } + /* + * at EOF or last block -- in either case, the last byte contains + * the character representation of the number of bytes in it + */ + MEMZERO(&ibuf[n], nbytes - n); + ibuf[nbytes - 1] = '0' + n; + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < nbytes; n++) + ibuf[n] ^= UCHAR(msgbuf, n); + /* + * drop the bits + * we write chars until fewer than 7 bits, + * and then pad the last one with 0 bits + */ + for (n = 0; macbits > 7; n++, macbits -= 8) + (void)putchar(CHAR(msgbuf, n)); + if (macbits > 0) { + CHAR(msgbuf, 0) = 0x00; + for (j = 0; j < macbits; j++) + CHAR(msgbuf, 0) |= (CHAR(msgbuf, n)&bits[j]); + (void)putchar(CHAR(msgbuf, 0)); + } +} + +#ifndef FASTWAY +/* + * change from 8 bits/Uchar to 1 bit/Uchar + */ +expand(from, to) + Desbuf from; /* 8bit/unsigned char string */ + char *to; /* 1bit/char string */ +{ + register int i, j; /* counters in for loop */ + + for (i = 0; i < 8; i++) + for (j = 0; j < 8; j++) + *to++ = (CHAR(from, i)>>(7-j))&01; +} + +/* + * change from 1 bit/char to 8 bits/Uchar + */ +compress(from, to) + char *from; /* 1bit/char string */ + Desbuf to; /* 8bit/unsigned char string */ +{ + register int i, j; /* counters in for loop */ + + for (i = 0; i < 8; i++) { + CHAR(to, i) = 0; + for (j = 0; j < 8; j++) + CHAR(to, i) = ((*from++)<<(7-j))|CHAR(to, i); + } +} +#endif + +/* + * message about usage + */ +usage() +{ + (void)fprintf(stderr, "%s\n", +"usage: bdes [-abdp] [-F bit] [-f bit] [-k key] [-m bit] [-o bit] [-v vector]"); + exit(1); +} diff --git a/secure/usr.bin/bdes/bdes.ps b/secure/usr.bin/bdes/bdes.ps new file mode 100644 index 0000000..471c267 --- /dev/null +++ b/secure/usr.bin/bdes/bdes.ps @@ -0,0 +1,2945 @@ +%! +%%BoundingBox: (atend) +%%Pages: (atend) +%%DocumentFonts: (atend) +%%EndComments +% +% FrameMaker PostScript Prolog 2.0, for use with FrameMaker 2.0 +% Copyright (c) 1986,87,89 by Frame Technology, Inc. All rights reserved. +% +% Known Problems: +% Due to bugs in Transcript, the 'PS-Adobe-' is omitted from line 1 +/FMversion (2.0) def +% Set up Color vs. Black-and-White + /FMPrintInColor systemdict /colorimage known def +% Uncomment this line to force b&w on color printer +% /FMPrintInColor false def +/FrameDict 190 dict def +systemdict /errordict known not {/errordict 10 dict def + errordict /rangecheck {stop} put} if +% The readline in 23.0 doesn't recognize cr's as nl's on AppleTalk +FrameDict /tmprangecheck errordict /rangecheck get put +errordict /rangecheck {FrameDict /bug true put} put +FrameDict /bug false put +mark +% Some PS machines read past the CR, so keep the following 3 lines together! +currentfile 5 string readline +00 +0000000000 +cleartomark +errordict /rangecheck FrameDict /tmprangecheck get put +FrameDict /bug get { + /readline { + /gstring exch def + /gfile exch def + /gindex 0 def + { + gfile read pop + dup 10 eq {exit} if + dup 13 eq {exit} if + gstring exch gindex exch put + /gindex gindex 1 add def + } loop + pop + gstring 0 gindex getinterval true + } def + } if +/FMVERSION { + FMversion ne { + /Times-Roman findfont 18 scalefont setfont + 100 100 moveto + (FrameMaker version does not match postscript_prolog!) + dup = + show showpage + } if + } def +/FMLOCAL { + FrameDict begin + 0 def + end + } def + /gstring FMLOCAL + /gfile FMLOCAL + /gindex FMLOCAL + /orgxfer FMLOCAL + /orgproc FMLOCAL + /organgle FMLOCAL + /orgfreq FMLOCAL + /yscale FMLOCAL + /xscale FMLOCAL + /manualfeed FMLOCAL + /paperheight FMLOCAL + /paperwidth FMLOCAL +/FMDOCUMENT { + array /FMfonts exch def + /#copies exch def + FrameDict begin + 0 ne dup {setmanualfeed} if + /manualfeed exch def + /paperheight exch def + /paperwidth exch def + setpapername + manualfeed {true} {papersize} ifelse + {manualpapersize} {false} ifelse + {desperatepapersize} if + /yscale exch def + /xscale exch def + currenttransfer cvlit /orgxfer exch def + currentscreen cvlit /orgproc exch def + /organgle exch def /orgfreq exch def + end + } def + /pagesave FMLOCAL + /orgmatrix FMLOCAL + /landscape FMLOCAL +/FMBEGINPAGE { + FrameDict begin + /pagesave save def + 3.86 setmiterlimit + /landscape exch 0 ne def + landscape { + 90 rotate 0 exch neg translate pop + } + {pop pop} + ifelse + xscale yscale scale + /orgmatrix matrix def + gsave + } def +/FMENDPAGE { + grestore + pagesave restore + end + showpage + } def +/FMDEFINEFONT { + FrameDict begin + findfont + ReEncode + 2 index exch + definefont exch + scalefont + FMfonts 3 1 roll + put + end + } bind def +/FMNORMALIZEGRAPHICS { + newpath + 0.0 0.0 moveto + 1 setlinewidth + 0 setlinecap + 0 0 0 sethsbcolor + 0 setgray + } bind def + /fx FMLOCAL + /fy FMLOCAL + /fh FMLOCAL + /fw FMLOCAL + /llx FMLOCAL + /lly FMLOCAL + /urx FMLOCAL + /ury FMLOCAL +/FMBEGINEPSF { + end + /FMEPSF save def + /showpage {} def + FMNORMALIZEGRAPHICS + [/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall + fx fy translate + rotate + fw urx llx sub div fh ury lly sub div scale + llx neg lly neg translate + } bind def +/FMENDEPSF { + FMEPSF restore + FrameDict begin + } bind def +FrameDict begin +/setmanualfeed { +%%BeginFeature *ManualFeed True + statusdict /manualfeed true put +%%EndFeature + } def +/max {2 copy lt {exch} if pop} bind def +/min {2 copy gt {exch} if pop} bind def +/inch {72 mul} def +/pagedimen { + paperheight sub abs 16 lt exch + paperwidth sub abs 16 lt and + {/papername exch def} {pop} ifelse + } def + /papersizedict FMLOCAL +/setpapername { + /papersizedict 14 dict def + papersizedict begin + /papername /unknown def + /Letter 8.5 inch 11.0 inch pagedimen + /LetterSmall 7.68 inch 10.16 inch pagedimen + /Tabloid 11.0 inch 17.0 inch pagedimen + /Ledger 17.0 inch 11.0 inch pagedimen + /Legal 8.5 inch 14.0 inch pagedimen + /Statement 5.5 inch 8.5 inch pagedimen + /Executive 7.5 inch 10.0 inch pagedimen + /A3 11.69 inch 16.5 inch pagedimen + /A4 8.26 inch 11.69 inch pagedimen + /A4Small 7.47 inch 10.85 inch pagedimen + /B4 10.125 inch 14.33 inch pagedimen + /B5 7.16 inch 10.125 inch pagedimen + end + } def +/papersize { + papersizedict begin + /Letter {lettertray} def + /LetterSmall {lettertray lettersmall} def + /Tabloid {11x17tray} def + /Ledger {ledgertray} def + /Legal {legaltray} def + /Statement {statementtray} def + /Executive {executivetray} def + /A3 {a3tray} def + /A4 {a4tray} def + /A4Small {a4tray a4small} def + /B4 {b4tray} def + /B5 {b5tray} def + /unknown {unknown} def + papersizedict dup papername known {papername} {/unknown} ifelse get + end + /FMdicttop countdictstack 1 add def + statusdict begin stopped end + countdictstack -1 FMdicttop {pop end} for + } def +/manualpapersize { + papersizedict begin + /Letter {letter} def + /LetterSmall {lettersmall} def + /Tabloid {11x17} def + /Ledger {ledger} def + /Legal {legal} def + /Statement {statement} def + /Executive {executive} def + /A3 {a3} def + /A4 {a4} def + /A4Small {a4small} def + /B4 {b4} def + /B5 {b5} def + /unknown {unknown} def + papersizedict dup papername known {papername} {/unknown} ifelse get + end + stopped + } def +/desperatepapersize { + statusdict /setpageparams known + { + paperwidth paperheight 0 1 + statusdict begin + {setpageparams} stopped pop + end + } if + } def +/savematrix { + orgmatrix currentmatrix pop + } bind def +/restorematrix { + orgmatrix setmatrix + } bind def +/dmatrix matrix def +/dpi 72 0 dmatrix defaultmatrix dtransform + dup mul exch dup mul add sqrt def +/freq dpi 18.75 div 8 div round dup 0 eq {pop 1} if 8 mul dpi exch div def +/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def +/DiacriticEncoding [ +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl +/numbersign /dollar /percent /ampersand /quotesingle /parenleft +/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one +/two /three /four /five /six /seven /eight /nine /colon /semicolon +/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K +/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash +/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h +/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar +/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute +/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis +/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis +/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve +/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex +/udieresis /dagger /.notdef /cent /sterling /section /bullet +/paragraph /germandbls /registered /copyright /trademark /acute +/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef +/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown +/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef +/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde +/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright +/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis +/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl +/periodcentered /quotesinglbase /quotedblbase /perthousand +/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute +/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve +/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron +/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron +] def +/ReEncode { + dup + length + dict begin + { + 1 index /FID ne + {def} + {pop pop} ifelse + } forall + Encoding StandardEncoding eq + { + /Encoding DiacriticEncoding def + }if + currentdict + end + } bind def +/graymode true def + /bwidth FMLOCAL + /bpside FMLOCAL + /bstring FMLOCAL + /onbits FMLOCAL + /offbits FMLOCAL + /xindex FMLOCAL + /yindex FMLOCAL + /x FMLOCAL + /y FMLOCAL +/setpattern { + /bwidth exch def + /bpside exch def + /bstring exch def + /onbits 0 def /offbits 0 def + freq sangle landscape {90 add} if + {/y exch def + /x exch def + /xindex x 1 add 2 div bpside mul cvi def + /yindex y 1 add 2 div bpside mul cvi def + bstring yindex bwidth mul xindex 8 idiv add get + 1 7 xindex 8 mod sub bitshift and 0 ne + {/onbits onbits 1 add def 1} + {/offbits offbits 1 add def 0} + ifelse + } + setscreen + {} settransfer + offbits offbits onbits add div FMsetgray + /graymode false def + } bind def +/grayness { + FMsetgray + graymode not { + /graymode true def + orgxfer cvx settransfer + orgfreq organgle orgproc cvx setscreen + } if + } bind def + /HUE FMLOCAL + /SAT FMLOCAL + /BRIGHT FMLOCAL + /Colors FMLOCAL +FMPrintInColor + + { + /HUE 0 def + /SAT 0 def + /BRIGHT 0 def + % array of arrays Hue and Sat values for the separations [HUE BRIGHT] + /Colors + [[0 0 ] % black + [0 0 ] % white + [0.00 1.0] % red + [0.37 1.0] % green + [0.60 1.0] % blue + [0.50 1.0] % cyan + [0.83 1.0] % magenta + [0.16 1.0] % comment / yellow + ] def + + /BEGINBITMAPCOLOR { + BITMAPCOLOR} def + /BEGINBITMAPCOLORc { + BITMAPCOLORc} def + /K { + Colors exch get dup + 0 get /HUE exch store + 1 get /BRIGHT exch store + HUE 0 eq BRIGHT 0 eq and + {1.0 SAT sub setgray} + {HUE SAT BRIGHT sethsbcolor} + ifelse + } def + /FMsetgray { + /SAT exch 1.0 exch sub store + HUE 0 eq BRIGHT 0 eq and + {1.0 SAT sub setgray} + {HUE SAT BRIGHT sethsbcolor} + ifelse + } bind def + } + + { + /BEGINBITMAPCOLOR { + BITMAPGRAY} def + /BEGINBITMAPCOLORc { + BITMAPGRAYc} def + /FMsetgray {setgray} bind def + /K { + pop + } def + } +ifelse +/normalize { + transform round exch round exch itransform + } bind def +/dnormalize { + dtransform round exch round exch idtransform + } bind def +/lnormalize { + 0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop + } bind def +/H { + lnormalize setlinewidth + } bind def +/Z { + setlinecap + } bind def +/X { + fillprocs exch get exec + } bind def +/V { + gsave eofill grestore + } bind def +/N { + stroke + } bind def +/M {newpath moveto} bind def +/E {lineto} bind def +/D {curveto} bind def +/O {closepath} bind def + /n FMLOCAL +/L { + /n exch def + newpath + normalize + moveto + 2 1 n {pop normalize lineto} for + } bind def +/Y { + L + closepath + } bind def + /x1 FMLOCAL + /x2 FMLOCAL + /y1 FMLOCAL + /y2 FMLOCAL + /rad FMLOCAL +/R { + /y2 exch def + /x2 exch def + /y1 exch def + /x1 exch def + x1 y1 + x2 y1 + x2 y2 + x1 y2 + 4 Y + } bind def +/RR { + /rad exch def + normalize + /y2 exch def + /x2 exch def + normalize + /y1 exch def + /x1 exch def + newpath + x1 y1 rad add moveto + x1 y2 x2 y2 rad arcto + x2 y2 x2 y1 rad arcto + x2 y1 x1 y1 rad arcto + x1 y1 x1 y2 rad arcto + closepath + 16 {pop} repeat + } bind def +/C { + grestore + gsave + R + clip + } bind def +/U { + grestore + gsave + } bind def +/F { + FMfonts exch get + setfont + } bind def +/T { + moveto show + } bind def +/RF { + rotate + 0 ne {-1 1 scale} if + } bind def +/TF { + gsave + moveto + RF + show + grestore + } bind def +/P { + moveto + 0 32 3 2 roll widthshow + } bind def +/PF { + gsave + moveto + RF + 0 32 3 2 roll widthshow + grestore + } bind def +/S { + moveto + 0 exch ashow + } bind def +/SF { + gsave + moveto + RF + 0 exch ashow + grestore + } bind def +/B { + moveto + 0 32 4 2 roll 0 exch awidthshow + } bind def +/BF { + gsave + moveto + RF + 0 32 4 2 roll 0 exch awidthshow + grestore + } bind def + /x FMLOCAL + /y FMLOCAL + /dx FMLOCAL + /dy FMLOCAL + /dl FMLOCAL + /t FMLOCAL + /t2 FMLOCAL + /Cos FMLOCAL + /Sin FMLOCAL + /r FMLOCAL +/W { + dnormalize + /dy exch def + /dx exch def + normalize + /y exch def + /x exch def + /dl dx dx mul dy dy mul add sqrt def + dl 0.0 gt { + /t currentlinewidth def + savematrix + /Cos dx dl div def + /Sin dy dl div def + /r [Cos Sin Sin neg Cos 0.0 0.0] def + /t2 t 2.5 mul 3.5 max def + newpath + x y translate + r concat + 0.0 0.0 moveto + dl t 2.7 mul sub 0.0 rlineto + stroke + restorematrix + x dx add y dy add translate + r concat + t 0.67 mul setlinewidth + t 1.61 mul neg 0.0 translate + 0.0 0.0 moveto + t2 1.7 mul neg t2 2.0 div moveto + 0.0 0.0 lineto + t2 1.7 mul neg t2 2.0 div neg lineto + stroke + t setlinewidth + restorematrix + } if + } bind def +/G { + gsave + newpath + normalize translate 0.0 0.0 moveto + dnormalize scale + 0.0 0.0 1.0 5 3 roll arc + closepath fill + grestore + } bind def +/A { + gsave + savematrix + newpath + 2 index 2 div add exch 3 index 2 div sub exch + normalize 2 index 2 div sub exch 3 index 2 div add exch + translate + scale + 0.0 0.0 1.0 5 3 roll arc + restorematrix + stroke + grestore + } bind def + /x FMLOCAL + /y FMLOCAL + /w FMLOCAL + /h FMLOCAL + /xx FMLOCAL + /yy FMLOCAL + /ww FMLOCAL + /hh FMLOCAL + /FMsaveobject FMLOCAL + /FMoptop FMLOCAL + /FMdicttop FMLOCAL +/BEGINPRINTCODE { + /FMdicttop countdictstack 1 add def + /FMoptop count 4 sub def + /FMsaveobject save def + userdict begin + /showpage {} def + FMNORMALIZEGRAPHICS + 3 index neg 3 index neg translate + } bind def +/ENDPRINTCODE { + count -1 FMoptop {pop pop} for + countdictstack -1 FMdicttop {pop end} for + FMsaveobject restore + } bind def +/gn { + 0 + { 46 mul + cf read pop + 32 sub + dup 46 lt {exit} if + 46 sub add + } loop + add + } bind def + /str FMLOCAL +/cfs { + /str sl string def + 0 1 sl 1 sub {str exch val put} for + str def + } bind def +/ic [ + 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223 + 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223 + 0 + {0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx} + {10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx} + {19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12} + {13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh} + {4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh} + {13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl} + {7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl} + {0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl} + {10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl} + ] def + /sl FMLOCAL + /val FMLOCAL + /ws FMLOCAL + /im FMLOCAL + /bs FMLOCAL + /cs FMLOCAL + /len FMLOCAL + /pos FMLOCAL +/ms { + /sl exch def + /val 255 def + /ws cfs + /im cfs + /val 0 def + /bs cfs + /cs cfs + } bind def +400 ms +/ip { + is + 0 + cf cs readline pop + { ic exch get exec + add + } forall + pop + + } bind def +/wh { + /len exch def + /pos exch def + ws 0 len getinterval im pos len getinterval copy pop + pos len + } bind def +/bl { + /len exch def + /pos exch def + bs 0 len getinterval im pos len getinterval copy pop + pos len + } bind def +/s1 1 string def +/fl { + /len exch def + /pos exch def + /val cf s1 readhexstring pop 0 get def + pos 1 pos len add 1 sub {im exch val put} for + pos len + } bind def +/hx { + 3 copy getinterval + cf exch readhexstring pop pop + } bind def + /h FMLOCAL + /w FMLOCAL + /d FMLOCAL + /lb FMLOCAL + /bitmapsave FMLOCAL + /is FMLOCAL + /cf FMLOCAL +/wbytes { + dup + 8 eq {pop} {1 eq {7 add 8 idiv} {3 add 4 idiv} ifelse} ifelse + } bind def +/BEGINBITMAPBWc { + 1 {} COMMONBITMAPc + } bind def +/BEGINBITMAPGRAYc { + 8 {} COMMONBITMAPc + } bind def +/BEGINBITMAP2BITc { + 2 {} COMMONBITMAPc + } bind def +/COMMONBITMAPc { + /r exch def + /d exch def + gsave + translate rotate scale /h exch def /w exch def + /lb w d wbytes def + sl lb lt {lb ms} if + /bitmapsave save def + r + /is im 0 lb getinterval def + ws 0 lb getinterval is copy pop + /cf currentfile def + w h d [w 0 0 h neg 0 h] + {ip} image + bitmapsave restore + grestore + } bind def +/BEGINBITMAPBW { + 1 {} COMMONBITMAP + } bind def +/BEGINBITMAPGRAY { + 8 {} COMMONBITMAP + } bind def +/BEGINBITMAP2BIT { + 2 {} COMMONBITMAP + } bind def +/COMMONBITMAP { + /r exch def + /d exch def + gsave + translate rotate scale /h exch def /w exch def + /bitmapsave save def + r + /is w d wbytes string def + /cf currentfile def + w h d [w 0 0 h neg 0 h] + {cf is readhexstring pop} image + bitmapsave restore + grestore + } bind def + /proc1 FMLOCAL + /proc2 FMLOCAL + /newproc FMLOCAL +/Fmcc { + /proc2 exch cvlit def + /proc1 exch cvlit def + /newproc proc1 length proc2 length add array def + newproc 0 proc1 putinterval + newproc proc1 length proc2 putinterval + newproc cvx +} bind def +/ngrayt 256 array def +/nredt 256 array def +/nbluet 256 array def +/ngreent 256 array def + /gryt FMLOCAL + /blut FMLOCAL + /grnt FMLOCAL + /redt FMLOCAL + /indx FMLOCAL + /cynu FMLOCAL + /magu FMLOCAL + /yelu FMLOCAL + /k FMLOCAL + /u FMLOCAL +/colorsetup { + currentcolortransfer + /gryt exch def + /blut exch def + /grnt exch def + /redt exch def + 0 1 255 { + /indx exch def + /cynu 1 red indx get 255 div sub def + /magu 1 green indx get 255 div sub def + /yelu 1 blue indx get 255 div sub def + /k cynu magu min yelu min def + /u k currentundercolorremoval exec def + nredt indx 1 0 cynu u sub max sub redt exec put + ngreent indx 1 0 magu u sub max sub grnt exec put + nbluet indx 1 0 yelu u sub max sub blut exec put + ngrayt indx 1 k currentblackgeneration exec sub gryt exec put + } for + {255 mul cvi nredt exch get} + {255 mul cvi ngreent exch get} + {255 mul cvi nbluet exch get} + {255 mul cvi ngrayt exch get} + setcolortransfer + {pop 0} setundercolorremoval + {} setblackgeneration + } bind def + /tran FMLOCAL +/fakecolorsetup { + /tran 256 string def + 0 1 255 {/indx exch def + tran indx + red indx get 77 mul + green indx get 151 mul + blue indx get 28 mul + add add 256 idiv put} for + currenttransfer + {255 mul cvi tran exch get 255.0 div} + exch Fmcc settransfer +} bind def +/BITMAPCOLOR { + /d 8 def + gsave + translate rotate scale /h exch def /w exch def + /bitmapsave save def + colorsetup + /is w d wbytes string def + /cf currentfile def + w h d [w 0 0 h neg 0 h] + {cf is readhexstring pop} {is} {is} true 3 colorimage + bitmapsave restore + grestore + } bind def +/BITMAPCOLORc { + /d 8 def + gsave + translate rotate scale /h exch def /w exch def + /lb w d wbytes def + sl lb lt {lb ms} if + /bitmapsave save def + colorsetup + /is im 0 lb getinterval def + ws 0 lb getinterval is copy pop + /cf currentfile def + w h d [w 0 0 h neg 0 h] + {ip} {is} {is} true 3 colorimage + bitmapsave restore + grestore + } bind def +/BITMAPGRAY { + 8 {fakecolorsetup} COMMONBITMAP + } bind def +/BITMAPGRAYc { + 8 {fakecolorsetup} COMMONBITMAPc + } bind def +/ENDBITMAP { + } bind def +end +%%EndProlog +%%BeginSetup +(2.0) FMVERSION +1 1 612 792 0 1 16 FMDOCUMENT +/fillprocs 32 array def +fillprocs 0 { 0.000000 grayness } put +fillprocs 1 { 0.100000 grayness } put +fillprocs 2 { 0.300000 grayness } put +fillprocs 3 { 0.500000 grayness } put +fillprocs 4 { 0.700000 grayness } put +fillprocs 5 { 0.900000 grayness } put +fillprocs 6 { 0.970000 grayness } put +fillprocs 7 { 1.000000 grayness } put +fillprocs 8 {<0f87c3e1f0783c1e> 8 1 setpattern } put +fillprocs 9 {<0f1e3c78f0e1c387> 8 1 setpattern } put +fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put +fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put +fillprocs 12 {<8142241818244281> 8 1 setpattern } put +fillprocs 13 {<8040201008040201> 8 1 setpattern } put +fillprocs 14 {<03060c183060c081> 8 1 setpattern } put +fillprocs 15 {} put +fillprocs 16 { 1.000000 grayness } put +fillprocs 17 { 0.900000 grayness } put +fillprocs 18 { 0.700000 grayness } put +fillprocs 19 { 0.500000 grayness } put +fillprocs 20 { 0.300000 grayness } put +fillprocs 21 { 0.100000 grayness } put +fillprocs 22 { 0.030000 grayness } put +fillprocs 23 { 0.000000 grayness } put +fillprocs 24 {<f0783c1e0f87c3e1> 8 1 setpattern } put +fillprocs 25 {<f0e1c3870f1e3c78> 8 1 setpattern } put +fillprocs 26 {<3333333333333333> 8 1 setpattern } put +fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put +fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put +fillprocs 29 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put +fillprocs 30 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put +fillprocs 31 {} put +%%EndSetup +0 12 /Helvetica-Bold FMDEFINEFONT +1 12 /Helvetica-BoldOblique FMDEFINEFONT +%%Page: "-1" 1 +%%BeginPaperSize: Letter +%%EndPaperSize +612 792 0 FMBEGINPAGE +144 144 468 396 R +7 X +0 K +V +0 F +0 X +1.2 (IMPLEMENT) 178.34 388 S +1.2 (A) 258.88 388 S +1.2 (TION NOTES ON ) 267.85 388 S +1 F +1.2 (bdes) 382.61 388 S +0 F +1.2 (\0501\051) 415.4 388 S +1.2 (Matt Bishop) 265.09 338 S +1.2 (T) 197.74 288 S +1.2 (echnical Report PCS-TR91-158) 205.38 288 S +FMENDPAGE +%%EndPage: "-1" 2 +%%Page: "0" 2 +612 792 0 FMBEGINPAGE +72 72 540 720 R +7 X +0 K +V +FMENDPAGE +%%EndPage: "0" 3 +0 12 /Times-Roman FMDEFINEFONT +1 18 /Times-Bold FMDEFINEFONT +2 18 /Times-BoldItalic FMDEFINEFONT +3 12 /Times-Italic FMDEFINEFONT +4 12 /Times-Bold FMDEFINEFONT +5 10 /Times-Roman FMDEFINEFONT +6 12 /Courier FMDEFINEFONT +7 12 /Courier-Oblique FMDEFINEFONT +8 12 /ZapfDingbats FMDEFINEFONT +9 12 /Symbol FMDEFINEFONT +10 12 /Courier-Bold FMDEFINEFONT +%%Page: "1" 3 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 1 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +1 F +0 X +(Implementation Notes on ) 179.84 708 T +2 F +(bdes) 378.21 708 T +1 F +(\0501\051) 411.19 708 T +0 F +( ) 432.17 708 T +3 F +(Matt Bishop) 276.51 676 T +0 F +(Department of Mathematics and Computer Science) 182.92 656 T +(Dartmouth College) 259.86 642 T +(Hanover) 257.45 628 T +(, NH 03755) 298.26 628 T +3 F +(ABSTRACT) 277.68 602 T +0 F +0.27 (This note describes the implementation of ) 108 582 P +3 F +0.27 (bdes) 314.13 582 P +0 F +0.27 (, the \336le encryption program being) 336.12 582 P +0.36 (distributed in the 4.4 release of the Berkeley Software Distribution. It implements) 108 568 P +(all modes of the Data Encryption Standard program.) 108 554 T +4 F +(1. Intr) 72 528 T +(oduction) 104.43 528 T +0 F +-0.09 (The Data Encryption Standard is a standard endorsed by the federal government. It is con-) 108 504 P +-0.56 (siderably stronger than the algorithm used by the ) 72 484 P +5 F +-0.47 (UNIX) 305.36 484 P +0 F +-0.56 (\252 ) 330.34 484 P +3 F +-0.56 (crypt) 344.53 484 P +0 F +-0.56 (\0501\051 program, and therefore is a more) 369.18 484 P +0.11 (suitable candidate for protecting information, especially information contained in ) 72 464 P +5 F +0.09 (ASCII) 466.05 464 P +0 F +0.11 ( \336les. The) 492.14 464 P +-0.65 (program ) 72 444 P +3 F +-0.65 (bdes) 114.99 444 P +0 F +-0.65 (\0501\051 implements the DES and all of its modes, including the two authentication modes.) 136.97 444 P +-0.59 (Because others may wish to write software compatible with this program, this note presents) 108 420 P +-0.04 (the layout of the encrypted \336les produced by ) 72 400 P +3 F +-0.04 (bdes) 288.86 400 P +0 F +-0.04 ( as well as internal details relevant to the imple-) 310.85 400 P +-0.15 (mentation. Whereever possible and appropriate, the description of the ) 72 380 P +3 F +-0.15 (des) 408.04 380 P +0 F +-0.15 (\0501\051 program given in [4]) 424.03 380 P +-0.2 (has been followed; thus, ) 72 360 P +3 F +-0.2 (bdes) 190.77 360 P +0 F +-0.2 ( is completely compatible with that program. However) 212.75 360 P +-0.2 (, ) 473.33 360 P +3 F +-0.2 (bdes) 479.12 360 P +0 F +-0.2 ( also of-) 501.11 360 P +(fers several extensions to ) 72 340 T +3 F +(des) 195.9 340 T +0 F +( that are not compatible, and these will be explicitly pointed out.) 211.89 340 T +-0.14 (In this note, strings typed as shown will be in ) 108 316 P +6 F +-0.34 (Courier Roman font) 326.78 316 P +0 F +-0.14 (, and strings to be) 455.62 316 P +-0.42 (chosen by the user will be in ) 72 296 P +7 F +-1 (Courier Oblique font) 209.32 296 P +0 F +-0.42 (. The space character \050) 351.24 296 P +5 F +-0.35 (ASCII) 457.79 296 P +0 F +-0.42 ( <) 483.88 296 P +5 F +-0.35 (SP) 493.23 296 P +0 F +-0.42 (>, octal) 504.34 296 P +-0.43 (40, decimal 32, hex 20\051 will be represented as \322) 72 276 P +8 F +-0.47 (z) 296.98 276 P +0 F +-0.43 (\323 and the newline character \050) 301.96 276 P +5 F +-0.35 (ASCII) 438.03 276 P +0 F +-0.43 ( <) 464.13 276 P +5 F +-0.35 (NL) 473.46 276 P +0 F +-0.43 (>, octal 12,) 486.79 276 P +-0.05 (decimal 10, hex a\051 as \322) 72 256 P +9 F +-0.05 (\277) 181.65 256 P +0 F +-0.05 (\323. Because it is often more convenient to represent arbitrary characters as) 189.54 256 P +1.13 (a sequence of hexadecimal digits, that representation will often be used; these digits will be in) 72 236 P +10 F +(Courier Bold font) 72 216 T +0 F +( with spaces often inserted for readability) 194.33 216 T +(.) 392.07 216 T +4 F +(2. Overview and Use) 72 184 T +3 F +-0.39 (Bdes) 108 160 P +0 F +-0.39 ( implements the Data Encryption Standard algorithm in software, and enables the user) 131.32 160 P +-0.61 (to encrypt data using any of the four modes of operation of the DES \050Electronic Code Book, Cipher) 72 140 P +72 72 540 720 C +72 72 540 117 C +72 72 549 108 R +7 X +0 K +V +5 F +0 X +(This work is based on work funded by grant NAG2-680 from the National +Aeronautics and Space Administration to ) 72 101.33 T +(Dartmouth College.) 72 89.33 T +(UNIX is a Registered T) 72 77.33 T +(rademark of A) 166.58 77.33 T +(T&T Bell Laboratories.) 223.75 77.33 T +72 72 540 720 C +0 0 612 792 C +72 126 225 126 2 L +7 X +0 K +V +0.5 H +2 Z +0 X +N +FMENDPAGE +%%EndPage: "1" 4 +%%Page: "2" 4 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 2 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +0 X +0.31 (Block Chaining, ) 72 712 P +3 F +0.31 (k) 154.25 712 P +0 F +0.31 (-bit Cipher Feed Back, and ) 159.58 712 P +3 F +0.31 (k) 293.71 712 P +0 F +0.31 (-bit Output Feed Back\051 as well as the Alternate ) 299.04 712 P +3 F +0.31 (k) 530.68 712 P +0 F +0.31 (-) 536.01 712 P +-0.04 (bit Cipher Feed Back mode. Further) 72 692 P +-0.04 (, ) 244.52 692 P +3 F +-0.04 (bdes) 250.48 692 P +0 F +-0.04 ( supports message authentication code generation based) 272.46 692 P +(on both the Cipher Block Chaining mode and the ) 72 672 T +3 F +(k) 310.86 672 T +0 F +(-bit Cipher Feed Back mode.) 316.19 672 T +0.07 (By default, ) 108 648 P +3 F +0.07 (bdes) 164.43 648 P +0 F +0.07 ( encrypts an input \336le using Cipher Block Chaining mode, and is invoked) 186.41 648 P +-0.4 (as a \336lter) 72 628 P +-0.4 (. The key may be speci\336ed either on the command line or may be typed to the prompt. So,) 114.51 628 P +(if the input \336le ) 72 608 T +7 F +(inputf) 145.96 608 T +(ile) 189.14 608 T +0 F +( contains the message) 210.73 608 T +6 F +(a) 253.9 584 T +8 F +(z) 261.1 584 T +6 F +(test) 266.07 584 T +8 F +(z) 294.86 584 T +6 F +(message) 299.83 584 T +9 F +(\277) 350.21 584 T +0 F +(then the following command encrypts it using the key ) 72 560 T +6 F +(abcdefgh) 333.5 560 T +0 F +(:) 391.07 560 T +6 F +(bdes -k abcdefgh < ) 158.48 536 T +7 F +(inputf) 295.21 536 T +(ile) 338.38 536 T +6 F +( > ) 359.97 536 T +7 F +(outputf) 381.56 536 T +(ile) 431.93 536 T +0 F +(The option ) 72 512 T +4 F +(-k) 127.3 512 T +0 F +( indicates the next ar) 137.96 512 T +(gument is the key) 237.01 512 T +(. Now ) 321.17 512 T +7 F +(outputf) 353.48 512 T +(ile) 403.86 512 T +0 F +( contains) 425.45 512 T +10 F +(16 0e eb af 68 a0 d0 19 f1 a2 9b 31 0d 8a 01 c3) 136.89 488 T +0 F +0.06 (Other modes are speci\336ed using command-line options, as is control of the way the key is) 108 464 P +(interpreted. The next sections contain several examples, and the Appendix has the manual page.) 72 444 T +4 F +(3. Keys and Parity) 72 412 T +0 F +0.58 (The key consists of 64 bits, and may be presented in any of hex, binary) 108 388 P +0.58 (, or as a string of) 456.48 388 P +5 F +0.12 (ASCII) 72 368 P +0 F +0.14 ( characters. If the key is given in hex or binary) 98.1 368 P +0.14 (, it is used as is with no changes. However) 322.21 368 P +0.14 (, if) 526.53 368 P +-0.27 (the key is given in ) 72 348 P +5 F +-0.23 (ASCII) 161.59 348 P +0 F +-0.27 (, a delicate problem arises: by convention, the parity bit is usually set to 0.) 187.69 348 P +-0.47 (This high-order bit is generally ignored by applications; but the DES +does not do so. Instead, it dis-) 72 328 P +-0.14 (cards the low-order bit, ef) 72 308 P +-0.14 (fectively reducing the size of the space of possible keys from 2) 195.44 308 P +5 F +-0.12 (56) 495.97 312.8 P +0 F +-0.14 ( to 2) 505.97 308 P +5 F +-0.12 (48) 527.01 312.8 P +0 F +-0.14 (.) 537 308 P +-0.46 ( T) 108 284 P +-0.46 (o preserve the size of the key space, the value of the parity bit must be related to the value) 117.03 284 P +-0.09 (in the low-order bit, so the program sets the high-order bit to make each character in the key be of) 72 264 P +-0.7 (odd parity) 72 244 P +-0.7 (. \050Note that the initial value of the parity bit is ) 119.49 244 P +3 F +-0.7 (not) 334.99 244 P +0 F +-0.7 ( used in this computation.\051 For example,) 350.31 244 P +(if the key is ) 72 224 T +6 F +(abcdefgh) 131.29 224 T +0 F +(, the actual key bits used are determined as follows:) 188.86 224 T +5 F +(ASCII) 99 200 T +0 F +( key) 125.1 200 T +6 F +(a) 243 200 T +(b) 279 200 T +(c) 315 200 T +(d) 351 200 T +(e) 387 200 T +(f) 423 200 T +(g) 459 200 T +(h) 495 200 T +5 F +(ASCII) 99 180 T +0 F +( key bits \050hex\051) 125.1 180 T +10 F +(61) 243 180 T +(62) 279 180 T +(63) 315 180 T +(64) 351 180 T +(65) 387 180 T +(66) 423 180 T +(67) 459 180 T +(68) 495 180 T +0 F +(parity) 99 160 T +(odd) 243 160 T +(odd) 279 160 T +(even) 315 160 T +(odd) 351 160 T +(even) 387 160 T +(even) 423 160 T +(odd) 459 160 T +(odd) 495 160 T +(key bits used \050hex\051) 99 140 T +10 F +(61) 243 140 T +(62) 279 140 T +(e3) 315 140 T +(64) 351 140 T +(e5) 387 140 T +(e6) 423 140 T +(67) 459 140 T +(68) 495 140 T +0 F +0.18 (This convention \050as opposed to requiring even parity) 108 120 P +0.18 (, or simply copying the low-order bit) 362 120 P +-0.41 (to the high-order bit\051 was chosen to provide compatibility with the encryption program ) 72 100 P +3 F +-0.41 (des) 486.77 100 P +0 F +-0.41 ( distrib-) 502.76 100 P +-0.52 (uted by Sun Microsystems, Inc. [4]. Whether the key is entered on the command line or on the key-) 72 80 P +FMENDPAGE +%%EndPage: "2" 5 +%%Page: "3" 5 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 3 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +0 X +1.89 (board, by default it is processed into the same key schedule generated by Sun\325) 72 712 P +1.89 (s ) 471.02 712 P +3 F +1.89 (des) 480.58 712 P +0 F +1.89 (, so \336les) 496.56 712 P +(encrypted on a Sun can be decrypted using ) 72 692 T +3 F +(bdes) 280.51 692 T +0 F +( \050and vice versa\051.) 302.49 692 T +-0.3 (If the user does not wish to use the Sun convention, the option \320) 108 668 P +4 F +-0.3 (p) 411.9 668 P +0 F +-0.3 ( will disable the parity bit) 418.57 668 P +-0.62 (changing; with it, the parity bit is that of the character typed. This +is useful when the key is a known) 72 648 P +5 F +(ASCII) 72 628 T +0 F +( string and the \336le was encrypted on a system which does not alter parity bits.) 98.1 628 T +-0.24 (A key may be represented as a bit vector) 108 604 P +-0.24 (, rather than an ) 300.74 604 P +5 F +-0.2 (ASCII) 374.7 604 P +0 F +-0.24 ( string, in one of two ways. It) 400.8 604 P +0.19 (may be represented as a string of up to 16 hexadecimal digits; if fewer than 16 are given, the key) 72 584 P +0.16 (is right \336lled with 0 bits. Or) 72 564 P +0.16 (, it may be represented as a string of up to 64 binary digits, and again) 206.11 564 P +0.15 (if fewer than 64 are given, the key is right-\336lled with 0 bits. Bit +vector keys must be given on the) 72 544 P +0.51 (command line, and must begin with the characters ) 72 524 P +6 F +1.24 (0x) 320.28 524 P +0 F +0.51 ( or ) 334.67 524 P +6 F +1.24 (0X) 351.69 524 P +0 F +0.51 ( \050for hexadecimal\051 or ) 366.08 524 P +6 F +1.24 (0b) 472.71 524 P +0 F +0.51 ( or ) 487.1 524 P +6 F +1.24 (0B) 504.12 524 P +0 F +0.51 ( \050for) 518.51 524 P +(binary\051. For example, all of the following strings generate the same key schedule:) 72 504 T +5 F +(ASCII) 72 480 T +0 F +( key) 98.1 480 T +6 F +(abcdefgh) 180 480 T +0 F +(hexadecimal key) 72 460 T +6 F +(0x6162e364e5e66768) 180 460 T +0 F +(binary key) 72 440 T +6 F +(0b0110000101100010111000110110100011100101111000-) 180 440 T +(1100110011101101000) 180 420 T +0 F +-0.14 ( Note that giving the key on the command line as ) 108 396 P +6 F +-0.34 (0x6162636465666768) 345.27 396 P +0 F +-0.14 ( will ) 474.8 396 P +3 F +-0.14 (not) 499.17 396 P +0 F +-0.14 ( reset) 514.5 396 P +0.25 (the parity bits, because it is interpreted as a sequence of hex digits, not ) 72 376 P +5 F +0.21 (ASCII) 416.58 376 P +0 F +0.25 ( characters. The dif-) 442.68 376 P +0.69 (ference in interpretation is that here the user can specify all bits of the key exactly) 72 356 P +0.69 (, whereas \050on) 474.34 356 P +0.25 (most terminals\051 it is not possible to control how the parity bit of ) 72 336 P +5 F +0.21 (ASCII) 384.76 336 P +0 F +0.25 ( characters is set. On some) 410.85 336 P +0.36 (systems, it is possible to use a \322Meta\323 key to set the parity bit for an ) 72 316 P +5 F +0.3 (ASCII) 407.23 316 P +0 F +0.36 ( character; should this) 433.33 316 P +-0.3 (be the case and the user desire ) 72 296 P +3 F +-0.3 (bdes) 218.09 296 P +0 F +-0.3 ( not to reset the parity bit, the option ) 240.07 296 P +4 F +-0.3 (\320p) 415.25 296 P +0 F +-0.3 ( will force the parity bit) 427.92 296 P +(to be used as typed.) 72 276 T +4 F +(4. Encryption Output Repr) 72 244 T +(esentation) 211.05 244 T +0 F +0.01 (All modes of the DES output ciphertext in blocks; the size of the block is 64 bits \0508 bytes\051) 108 220 P +-0.25 (for ECB and CBC modes, and ) 72 200 P +3 F +-0.25 (k) 218.74 200 P +0 F +-0.25 ( bits for the ) 224.07 200 P +3 F +-0.25 (k) 281.02 200 P +0 F +-0.25 (-bit CFB and OFB modes, and there are as many out-) 286.35 200 P +-0.5 (put blocks as input blocks. However) 72 180 P +-0.5 (, as the length of the input is usually not a multiple of the block) 243.55 180 P +-0.35 (size, some padding is necessary; but as padding must be done by appending characters, these char-) 72 160 P +0.29 (acters must be distinguished from the input characters somehow) 72 140 P +0.29 (. The mechanism used is that the) 381.35 140 P +0.31 (last character of the \050decrypted\051 last block is the +\050integer\051 number of characters from the input in) 72 120 P +(the last block.) 72 100 T +FMENDPAGE +%%EndPage: "3" 6 +%%Page: "4" 6 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 4 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +0 X +-0.59 (For example, suppose ) 108 712 P +7 F +-1.41 (inputf) 214.16 712 P +-1.41 (ile) 257.34 712 P +0 F +-0.59 ( contains \322) 278.93 712 P +6 F +-1.41 (This) 329.04 712 P +8 F +-0.65 (z) 357.83 712 P +6 F +-1.41 (is) 362.8 712 P +8 F +-0.65 (z) 377.2 712 P +6 F +-1.41 (a) 382.17 712 P +8 F +-0.65 (z) 389.37 712 P +6 F +-1.41 (test) 394.35 712 P +9 F +-0.59 (\277) 423.13 712 P +0 F +-0.59 (\323, and it is encrypted in) 431.02 712 P +(CBC mode using the key \322) 72 692 T +6 F +(abcdef#@) 200.93 692 T +0 F +(\323 and the initialization vector ) 258.5 692 T +6 F +(0x0) 401.4 692 T +0 F +(; the command is) 422.99 692 T +6 F +(bdes -k abcdef#@ < ) 158.48 668 T +7 F +(inputf) 295.21 668 T +(ile) 338.38 668 T +6 F +( > ) 359.97 668 T +7 F +(outputf) 381.56 668 T +(ile) 431.93 668 T +0 F +(as CBC is the default encryption mode and ) 72 644 T +6 F +(0x0) 281.2 644 T +0 F +( the default initialization vector:) 302.79 644 T +(text) 72 620 T +6 F +(T) 117 620 T +(h) 144 620 T +(i) 171 620 T +(s) 198 620 T +8 F +(z) 225 620 T +6 F +(i) 252 620 T +(s) 279 620 T +8 F +(z) 306 620 T +6 F +(a) 333 620 T +8 F +(z) 360 620 T +6 F +(t) 387 620 T +(e) 414 620 T +(s) 441 620 T +(t) 468 620 T +9 F +(\277) 495 620 T +0 F +(hex) 72 600 T +10 F +(54) 117 600 T +(68) 144 600 T +(69) 171 600 T +(73) 198 600 T +(20) 225 600 T +(69) 252 600 T +(73) 279 600 T +(20) 306 600 T +(61) 333 600 T +(20) 360 600 T +(74) 387 600 T +(65) 414 600 T +(73) 441 600 T +(74) 468 600 T +(0a) 495 600 T +0 F +(input) 72 580 T +10 F +(54) 117 580 T +(68) 144 580 T +(69) 171 580 T +(73) 198 580 T +(20) 225 580 T +(69) 252 580 T +(73) 279 580 T +(20) 306 580 T +(61) 333 580 T +(20) 360 580 T +(74) 387 580 T +(65) 414 580 T +(73) 441 580 T +(74) 468 580 T +(0a) 495 580 T +(07) 522 580 T +0 F +(output) 72 560 T +10 F +(a5) 117 560 T +(5f) 144 560 T +(81) 171 560 T +(53) 198 560 T +(51) 225 560 T +(98) 252 560 T +(47) 279 560 T +(02) 306 560 T +(db) 333 560 T +(5a) 360 560 T +(c5) 387 560 T +(fe) 414 560 T +(50) 441 560 T +(3d) 468 560 T +(40) 495 560 T +(ce) 522 560 T +0 F +0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 540 P +3 F +0.22 (Bdes) 72 520 P +0 F +0.22 ( pads this to a full block by appending one byte containing the ) 95.32 520 P +5 F +0.19 (ASCII) 399.67 520 P +0 F +0.22 ( character with numeric) 425.77 520 P +(value 7 \050the ) 72 500 T +5 F +(ASCII) 131.62 500 T +0 F +( character <) 157.71 500 T +5 F +(BEL) 214.42 500 T +0 F +(>\051. The result is then encrypted.) 233.3 500 T +0.44 (As another example, suppose ) 108 476 P +7 F +1.07 (inputf) 253.34 476 P +1.07 (ile) 296.52 476 P +0 F +0.44 ( contains \322) 318.11 476 P +6 F +1.07 (test) 370.29 476 P +0 F +0.44 (\323, and it is encrypted in ECB) 399.08 476 P +(mode using the key \322) 72 456 T +6 F +(abcdef#@) 173.93 456 T +0 F +(\323; the command is) 231.5 456 T +6 F +(bdes -b \320k abcdef#@ < ) 147.69 432 T +7 F +(inputf) 306 432 T +(ile) 349.18 432 T +6 F +( > ) 370.76 432 T +7 F +(outputf) 392.35 432 T +(ile) 442.73 432 T +0 F +(because the option ) 72 408 T +4 F +(\320b) 164.26 408 T +0 F +( signi\336es ECB mode:) 176.93 408 T +(text) 72 384 T +6 F +(t) 144 384 T +(e) 171 384 T +(s) 198 384 T +(t) 225 384 T +0 F +(hex) 72 364 T +10 F +(74) 144 364 T +(65) 171 364 T +(73) 198 364 T +(74) 225 364 T +0 F +(input) 72 344 T +10 F +(74) 144 344 T +(65) 171 344 T +(73) 198 344 T +(74) 225 344 T +(00) 252 344 T +(00) 279 344 T +(00) 306 344 T +(04) 333 344 T +0 F +(output) 72 324 T +10 F +(0d) 144 324 T +(8a) 171 324 T +(6e) 198 324 T +(57) 225 324 T +(9c) 252 324 T +(8f) 279 324 T +(27) 306 324 T +(5d) 333 324 T +0 F +-0.31 (Finally) 108 304 P +-0.31 (, if the length of the message is indeed a multiple of the block size, an extra block of) 141.21 304 P +0.83 (all 0 bits is added. Suppose ) 72 284 P +7 F +1.99 (inputf) 210.57 284 P +1.99 (ile) 253.74 284 P +0 F +0.83 ( contains \322) 275.33 284 P +6 F +1.99 (test) 328.28 284 P +9 F +0.83 (\277) 357.07 284 P +0 F +0.83 (\323, and it is encrypted in 40-bit CFB) 364.96 284 P +1.51 (mode using the key \322) 72 264 P +6 F +3.62 (abcdef#@) 179.96 264 P +0 F +1.51 (\323 and the initialization vector ) 237.53 264 P +6 F +3.62 (0x0123456789abcdef) 387.97 264 P +0 F +1.51 (; the) 517.5 264 P +(command is) 72 244 T +6 F +-0.99 (bdes -f40 -v0x0123456789abcdef -kabcdef#@ < ) 72 220 P +7 F +-0.99 (inputf) 383.67 220 P +-0.99 (ile) 426.85 220 P +6 F +-0.99 ( > ) 448.43 220 P +7 F +-0.99 (outputf) 468.04 220 P +-0.99 (ile) 518.41 220 P +0 F +0.16 (because the option ) 72 196 P +4 F +0.16 (\320f40 ) 164.75 196 P +0 F +0.16 (signi\336es 40-bit CFB mode, and ) 189.89 196 P +4 F +0.16 (-v0x01234566789abcdef) 343.96 196 P +0 F +0.16 ( sets the initial-) 465.89 196 P +(ization vector \050note that spaces between the option and its ar) 72 176 T +(gument are optional\051:) 361.57 176 T +(text) 72 152 T +6 F +(t) 144 152 T +(e) 171 152 T +(s) 198 152 T +(t) 225 152 T +9 F +(\277) 252 152 T +0 F +(hex) 72 132 T +10 F +(74) 144 132 T +(65) 171 132 T +(73) 198 132 T +(74) 225 132 T +(0a) 252 132 T +0 F +(input) 72 112 T +10 F +(74) 144 112 T +(65) 171 112 T +(73) 198 112 T +(74) 225 112 T +(0a) 252 112 T +(00) 279 112 T +(00) 306 112 T +(00) 333 112 T +(00) 360 112 T +(00) 387 112 T +0 F +(output) 72 92 T +10 F +(e2) 144 92 T +(c2) 171 92 T +(69) 198 92 T +(a4) 225 92 T +(5b) 252 92 T +(3c) 279 92 T +(3d) 306 92 T +(b3) 333 92 T +(f5) 360 92 T +(3c) 387 92 T +FMENDPAGE +%%EndPage: "4" 7 +1 12 /Times-BoldItalic FMDEFINEFONT +2 14 /Symbol FMDEFINEFONT +%%Page: "5" 7 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 5 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +0 X +(Note here the block size is 40 bits \0505 bytes\051, not 64 bits \0508 bytes\051.) 108 712 T +-0.4 (This technique allows complete compatibility with Sun\325) 108 688 P +-0.4 (s ) 374.11 688 P +3 F +-0.4 (des) 381.37 688 P +0 F +-0.4 ( program. In Sun\325) 397.36 688 P +-0.4 (s implemen-) 480.77 688 P +0.02 (tation, padding is done with random bytes rather than bytes containing all zero bits. Cryptograph-) 72 668 P +0.85 (ically) 72 648 P +0.85 (, this makes no dif) 97.87 648 P +0.85 (ference, as the DES is a suf) 189.32 648 P +0.85 (\336ciently good random cipher to obscure the) 325.74 648 P +(input \050see for example [2], Chapter 6\051, and known plaintext attacks are very dif) 72 628 T +(\336cult [1].) 451.82 628 T +4 F +(5. Differ) 72 596 T +(ences Between the Standard CFB and OFB Modes and ) 114.41 596 T +1 F +(bdes) 397.26 596 T +0 F +-0.11 (The UNIX operating system treats all \336les as streams of 8-bit bytes. In order to implement) 108 572 P +-0.08 (the CFB and OFB modes properly) 72 552 P +-0.08 (, it would be necessary to read ) 235.74 552 P +3 F +-0.08 (k) 383.74 552 P +0 F +-0.08 ( bits from the \336le, where ) 389.07 552 P +3 F +-0.08 (k) 509.51 552 P +0 F +-0.08 ( is an) 514.84 552 P +0.98 (integer between 1 and 64 inclusive. However) 72 532 P +0.98 (, this would require considerable buf) 294.22 532 P +0.98 (fering and be) 474.77 532 P +0.23 (quite inef) 72 512 P +0.23 (\336cient and prohibitively slow) 117.65 512 P +0.23 (. For these reasons, the current implementation of ) 258.48 512 P +3 F +0.23 (bdes) 501.48 512 P +0 F +0.23 ( re-) 523.46 512 P +0.47 (quires that ) 72 492 P +3 F +0.47 (k) 126.23 492 P +0 F +0.47 ( be a multiple of 8, so that an integral number of bytes will always be read from the) 131.56 492 P +(\336le. Other than this change, this mode is implemented as described in [3].) 72 472 T +-0.58 (A similar observation holds for the alternate CFB mode described in [3]. Here, only the low) 108 448 P +0.23 (7 bits of each byte are signi\336cant, and hence the parameter ) 72 428 P +3 F +0.23 (k) 358.95 428 P +0 F +0.23 ( is an integer from 1 to 56 inclusive;) 364.28 428 P +(bdes requires k to be a multiple of 7. The high-order bit is retained for encryption and decryption,) 72 408 T +(but output \050whether from encryption or decryption\051 always has the high-order bit set to zero.) 72 388 T +4 F +(6. Message Authentication Code Modes) 72 356 T +0 F +0.57 (The Data Encryption Standard provides two modes of authentication, each providing be-) 108 332 P +1.27 (tween 1 and 64 bits of authentication data. In both cases an ) 72 312 P +3 F +1.27 (n) 373.32 312 P +0 F +1.27 (-bit message authentication code) 379.32 312 P +0.62 (\050MAC\051 is generated, where 1) 72 292 P +2 F +0.73 ( ) 214.71 292 P +9 F +0.62 (\243) 218.94 292 P +0 F +0.62 ( ) 225.52 292 P +3 F +0.62 (n) 229.15 292 P +0 F +0.62 ( ) 235.14 292 P +9 F +0.62 (\243) 238.76 292 P +0 F +0.62 ( 64. The \336rst is based on the CBC encryption mode, and the) 245.35 292 P +(second on CFB mode. Both work the same.) 72 272 T +0.13 (First, the \336le is padded to a multiple of the block size by appending enough zero bits. It is) 108 248 P +-0.16 (then encrypted using the standard CBC \050or CFB\051 algorithm, but +all encrypted text is discarded ex-) 72 228 P +-0.44 (cept for the last block. The ) 72 208 P +3 F +-0.44 (n) 200.9 208 P +0 F +-0.44 ( leading bits of the last block are used as the MAC. Note that the block) 206.9 208 P +(size constrains the number of bits available as the MAC.) 72 188 T +0.71 (The implementation allows the user to specify that the MAC is to be computed in either) 108 164 P +-0.01 (CBC or CFB mode, and the user can specify any number of bits from 1 to 64 inclusive. However) 72 144 P +-0.01 (,) 537 144 P +-0.11 (because the UNIX operating system can only output bits in multiples of 8, if the number of bits of) 72 124 P +-0.08 (MAC is not a multiple of 8, the MAC will be right-padded with the minimum number of zero bits) 72 104 P +-0.31 (necessary to make the MAC length be a multiple of 8. However) 72 84 P +-0.31 (, note that as the standard \050[3], Ap-) 374.6 84 P +FMENDPAGE +%%EndPage: "5" 8 +%%Page: "6" 8 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 6 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +0 X +-0.14 (pendix F\051 requires an incomplete \336nal block be right-padded with +zeroes, the technique of forcing) 72 712 P +(the last octet to contain the number of bytes in the message is ) 72 692 T +3 F +(not) 369.47 692 T +0 F +( used here.) 384.8 692 T +-0.39 (For example, suppose ) 108 668 P +7 F +-0.94 (inputf) 214.76 668 P +-0.94 (ile) 257.93 668 P +0 F +-0.39 ( contains \322) 279.52 668 P +6 F +-0.94 (This) 330.04 668 P +8 F +-0.43 (z) 358.82 668 P +6 F +-0.94 (is) 363.8 668 P +8 F +-0.43 (z) 378.19 668 P +6 F +-0.94 (a) 383.17 668 P +8 F +-0.43 (z) 390.36 668 P +6 F +-0.94 (test) 395.34 668 P +9 F +-0.39 (\277) 424.13 668 P +0 F +-0.39 (\323, and a 64-bit MAC is) 432.02 668 P +-0.73 (to be generated using CBC mode, the key \322) 72 648 P +6 F +-1.74 (abcdef#@) 274.39 648 P +0 F +-0.73 (\323 and the initialization vector ) 331.96 648 P +6 F +-1.74 (0x0) 471.23 648 P +0 F +-0.73 (; the com-) 492.82 648 P +(mand is) 72 628 T +6 F +(bdes -m 64 -k abcdef#@ < ) 136.89 604 T +7 F +(inputf) 316.79 604 T +(ile) 359.97 604 T +6 F +( > ) 381.56 604 T +7 F +(outputf) 403.15 604 T +(ile) 453.52 604 T +0 F +(as CBC is the default encryption mode and ) 72 580 T +6 F +(0x0) 281.2 580 T +0 F +( the default initialization vector:) 302.79 580 T +(text) 72 556 T +6 F +(T) 117 556 T +(h) 144 556 T +(i) 171 556 T +(s) 198 556 T +8 F +(z) 225 556 T +6 F +(i) 252 556 T +(s) 279 556 T +8 F +(z) 306 556 T +6 F +(a) 333 556 T +8 F +(z) 360 556 T +6 F +(t) 387 556 T +(e) 414 556 T +(s) 441 556 T +(t) 468 556 T +9 F +(\277) 495 556 T +0 F +(hex) 72 536 T +10 F +(54) 117 536 T +(68) 144 536 T +(69) 171 536 T +(73) 198 536 T +(20) 225 536 T +(69) 252 536 T +(73) 279 536 T +(20) 306 536 T +(61) 333 536 T +(20) 360 536 T +(74) 387 536 T +(65) 414 536 T +(73) 441 536 T +(74) 468 536 T +(0a) 495 536 T +0 F +(input) 72 516 T +10 F +(54) 117 516 T +(68) 144 516 T +(69) 171 516 T +(73) 198 516 T +(20) 225 516 T +(69) 252 516 T +(73) 279 516 T +(20) 306 516 T +(61) 333 516 T +(20) 360 516 T +(74) 387 516 T +(65) 414 516 T +(73) 441 516 T +(74) 468 516 T +(0a) 495 516 T +(00) 522 516 T +0 F +(output) 72 496 T +10 F +(43) 117 496 T +(18) 144 496 T +(de) 171 496 T +(74) 198 496 T +(24) 225 496 T +(a9) 252 496 T +(65) 279 496 T +(d1) 306 496 T +0 F +0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 476 P +3 F +(Bdes) 72 456 T +0 F +( pads this to a full block by appending a zero-\336lled byte. The result is then encrypted and the) 95.32 456 T +(last block of output is used as the MAC.) 72 436 T +0.06 (As another example, suppose we used the same text, and wanted a 36-bit MAC to be gen-) 108 412 P +6.91 (erated using 40-bit CFB mode, the key \322) 72 392 P +6 F +16.58 (abcdef#@) 314.9 392 P +0 F +6.91 (\323 and the initialization vector) 372.47 392 P +6 F +(0x0123456789abcdef) 72 372 T +0 F +(; the command is) 201.53 372 T +6 F +(bdes -m 36 -f 40 -v 0x0123456789abcdef < ) 79.32 348 T +7 F +(inputf) 374.36 348 T +(ile) 417.54 348 T +6 F +( > ) 439.13 348 T +7 F +(outputf) 460.71 348 T +(ile) 511.09 348 T +0 F +-0.19 (where ) 72 324 P +4 F +-0.19 (\320m 36) 104.11 324 P +0 F +-0.19 ( is the option to generate a 36-bit MAC, ) 134.91 324 P +4 F +-0.19 (\320f 40) 327.79 324 P +0 F +-0.19 ( indicates 40-bit CFB is to be used, and) 352.58 324 P +4 F +-0.31 (\320v 0x123456789abcdef) 72 304 P +0 F +-0.31 ( sets the initialization vector) 186.62 304 P +-0.31 (. Note that, as the key is not given on the com-) 319.95 304 P +(mand line, the user will be prompted for it. It gives:) 72 284 T +(text) 72 260 T +6 F +(T) 117 260 T +(h) 144 260 T +(i) 171 260 T +(s) 198 260 T +8 F +(z) 225 260 T +6 F +(i) 252 260 T +(s) 279 260 T +8 F +(z) 306 260 T +6 F +(a) 333 260 T +8 F +(z) 360 260 T +6 F +(t) 387 260 T +(e) 414 260 T +(s) 441 260 T +(t) 468 260 T +9 F +(\277) 495 260 T +0 F +(hex) 72 240 T +10 F +(54) 117 240 T +(68) 144 240 T +(69) 171 240 T +(73) 198 240 T +(20) 225 240 T +(69) 252 240 T +(73) 279 240 T +(20) 306 240 T +(61) 333 240 T +(20) 360 240 T +(74) 387 240 T +(65) 414 240 T +(73) 441 240 T +(74) 468 240 T +(0a) 495 240 T +0 F +(input) 72 220 T +10 F +(54) 117 220 T +(68) 144 220 T +(69) 171 220 T +(73) 198 220 T +(20) 225 220 T +(69) 252 220 T +(73) 279 220 T +(20) 306 220 T +(61) 333 220 T +(20) 360 220 T +(74) 387 220 T +(65) 414 220 T +(73) 441 220 T +(74) 468 220 T +(0a) 495 220 T +0 F +(output) 72 200 T +10 F +(2b) 117 200 T +(18) 144 200 T +(68) 171 200 T +(2d) 198 200 T +(60) 225 200 T +0 F +0.19 (Note that the MAC is padded on the right by four zero bits to produce \336ve characters that) 108 180 P +(can be output.) 72 160 T +4 F +(7. Differ) 72 128 T +(ences Between ) 114.41 128 T +1 F +(bdes) 191.01 128 T +4 F +( and Sun\325) 212.99 128 T +(s DES Implementation) 261.88 128 T +0 F +0.02 (The program ) 108 104 P +3 F +0.02 (bdes) 173.33 104 P +0 F +0.02 ( is designed to be completely compatible with Sun Microsystems, Inc.\325) 195.31 104 P +0.02 (s) 535.33 104 P +0.57 (implementation of the Data Encryption Standard, called ) 72 84 P +3 F +0.57 (des) 347.14 84 P +0 F +0.57 ( and described in [4]. Thus, \336les en-) 363.13 84 P +FMENDPAGE +%%EndPage: "6" 9 +%%Page: "7" 9 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 7 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +0 X +0.44 (crypted using ) 72 712 P +3 F +0.44 (des) 140.84 712 P +0 F +0.44 ( can be decrypted using ) 156.83 712 P +3 F +0.44 (bdes) 275.29 712 P +0 F +0.44 (, and vice versa, provided modes common to both) 297.27 712 P +-0.34 (are used. However) 72 692 P +-0.34 (, ) 160.41 692 P +3 F +-0.34 (bdes) 166.06 692 P +0 F +-0.34 ( does not allow \336les to be named on the command line, nor does it support) 188.05 692 P +-0.68 (hardware devices \050and so the ) 72 672 P +4 F +-0.68 (-s) 210.83 672 P +0 F +-0.68 ( and ) 219.49 672 P +4 F +-0.68 (-f) 241.45 672 P +0 F +-0.68 ( options of Sun\325) 249.44 672 P +-0.68 (s ) 323.71 672 P +3 F +-0.68 (des) 330.7 672 P +0 F +-0.68 ( are not available\051. Further) 346.69 672 P +-0.68 (, as encryption) 471.07 672 P +-0.05 (is the default, the Sun ) 72 652 P +3 F +-0.05 (des) 179.01 652 P +0 F +-0.05 ( ) 195 652 P +4 F +-0.05 (-e) 197.95 652 P +0 F +-0.05 ( option is not recognized. As the manual page to ) 207.27 652 P +3 F +-0.05 (bdes) 441.6 652 P +0 F +-0.05 ( is in the appen-) 463.59 652 P +(dix, these dif) 72 632 T +(ferences will not be elaborated upon further) 134.08 632 T +(.) 343.24 632 T +0.44 (Sun\325) 108 608 P +0.44 (s ) 130 608 P +3 F +0.44 (des) 138.1 608 P +0 F +0.44 ( supports the use of special-purpose hardware to encrypt and decrypt. Although) 154.09 608 P +3 F +1.33 (bdes) 72 588 P +0 F +1.33 ( does not directly support the use of such hardware, it uses the library routine ) 93.98 588 P +3 F +1.33 (encrypt) 487.05 588 P +0 F +1.33 (\0503\051,) 523.02 588 P +-0.09 (which may) 72 568 P +-0.09 (. Hardware support was not included directly to support as lar) 124.1 568 P +-0.09 (ge a number of platforms) 419.11 568 P +(as possible with installers needing to know as little about the hardware as possible.) 72 548 T +-0.08 (Sun\325) 108 524 P +-0.08 (s ) 130 524 P +3 F +-0.08 (des) 137.58 524 P +0 F +-0.08 ( supports only the CBC and ECB encryption modes; ) 153.57 524 P +3 F +-0.08 (bdes) 407.07 524 P +0 F +-0.08 ( supports all modes de-) 429.05 524 P +0.26 (scribed in [3] \050although CFB and OFB are not completely supported\051 as well as both CBC-based) 72 504 P +(and CFB-based MACs.) 72 484 T +0.15 (Although input with length not a multiple of the block size is handled in the same way by) 108 460 P +-0.47 (both ) 72 440 P +3 F +-0.47 (des) 95.85 440 P +0 F +-0.47 ( and ) 111.84 440 P +3 F +-0.47 (bdes) 134.21 440 P +0 F +-0.47 (, dif) 156.19 440 P +-0.47 (ferent values of the padding bytes are used in all but the last byte of the input.) 174.82 440 P +(Where ) 72 420 T +3 F +(bdes) 106.96 420 T +0 F +( puts zero bytes, ) 128.94 420 T +3 F +(des) 209.89 420 T +0 F +( puts bytes containing random values. The reason for Sun\325) 225.87 420 T +(s doing) 505.02 420 T +0.47 (so is to prevent a known plaintext attack on the \336le should an +attacker determine that the input\325) 72 400 P +0.47 (s) 535.33 400 P +-0.29 (length were a multiple of the block size. W) 72 380 P +-0.29 (ith ) 276.05 380 P +3 F +-0.29 (bdes) 291.43 380 P +0 F +-0.29 (, the plaintext contents of the last block of input) 313.41 380 P +0.31 (for such a \336le is known \050a block with all bits zero\051. W) 72 360 P +0.31 (ith ) 333.99 360 P +3 F +0.31 (des) 349.96 360 P +0 F +0.31 (, the plaintext contents of that block) 365.95 360 P +0.73 (are not known. Cryptanalytically) 72 340 P +0.73 (, given the information about the strength of the DES currently) 231.29 340 P +0.2 (known, it is widely believed that known plaintext attacks are infeasible +\050see for example [1]\051 and) 72 320 P +1.86 (so initializing and invoking the pseudorandom number generator seems unnecessary) 72 300 P +1.86 (. But this) 492.63 300 P +(means that ciphertexts produced from a plaintext by ) 72 280 T +3 F +(bdes) 324.48 280 T +0 F +( and ) 346.47 280 T +3 F +(des) 369.78 280 T +0 F +( will dif) 385.77 280 T +(fer in the last block.) 423.54 280 T +4 F +(Refer) 72 248 T +(ences) 100.41 248 T +0 F +([1]) 72 224 T +0.37 (D. Denning, \322The Data Encryption Standard: Fifteen Y) 108 224 P +0.37 (ears of Public Scrutiny) 374.87 224 P +0.37 (,\323 ) 484.8 224 P +3 F +0.37 (Pr) 496.49 224 P +0.37 (oceed-) 508.04 224 P +-0.47 (ings of the Sixth Annual Computer Security Applications Confer) 108 204 P +-0.47 (ence) 411.65 204 P +0 F +-0.47 ( pp. x\320xv \050Dec. 1990\051.) 433.62 204 P +([2]) 72 180 T +(A. Konheim, ) 108 180 T +3 F +(Cryptography: A Primer) 173.29 180 T +0 F +(, John W) 291.4 180 T +(iley and Sons, Inc., New Y) 333.9 180 T +(ork, NY \0501981\051.) 461.94 180 T +([3]) 72 156 T +3 F +0.63 (DES Modes of Operation) 108 156 P +0 F +0.63 (, Federal Information Processing Standards Publication 81, Na-) 231.47 156 P +-0.07 (tional Bureau of Standards, U.S. Department of Commerce, W) 108 136 P +-0.07 (ashington, DC \050Dec. 1980\051.) 407.62 136 P +([4]) 72 112 T +3 F +(UNIX User) 108 112 T +(\325) 162.74 112 T +(s Manual) 165.18 112 T +0 F +(, Sun Microsystems Inc., Mountain V) 210.16 112 T +(iew) 390 112 T +(, CA \050Mar) 406.54 112 T +(. 1988\051.) 455.51 112 T +4 F +(Appendix. The UNIX System Manual Page for ) 72 80 T +1 F +(bdes) 313.2 80 T +FMENDPAGE +%%EndPage: "7" 10 +1 11 /Times-Bold FMDEFINEFONT +%%Page: "8" 10 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 8 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +1 F +0 X +(NAME) 72 712.67 T +0 F +(bdes - encrypt/decrypt using the Data Encryption Standard) 108 689 T +1 F +(SYNOPSIS) 72 663.67 T +4 F +(bdes) 108 640 T +0 F +( [) 131.33 640 T +3 F +( ) 138.32 640 T +4 F +(-abdp) 141.32 640 T +0 F +( ] [ ) 171.31 640 T +4 F +(-F) 188.3 640 T +0 F +( ) 199.62 640 T +3 F +(b) 202.62 640 T +0 F +( ] [ ) 208.61 640 T +4 F +(-f) 225.6 640 T +0 F +( ) 233.58 640 T +3 F +(b) 236.58 640 T +0 F +( ] [ ) 242.58 640 T +4 F +(-k) 259.56 640 T +0 F +( ) 270.22 640 T +3 F +(key) 273.22 640 T +0 F +( ] [ ) 289.2 640 T +4 F +(-m) 306.18 640 T +0 F +( ) 320.16 640 T +3 F +(b) 323.16 640 T +0 F +( ] [ ) 329.16 640 T +4 F +(-o) 346.14 640 T +0 F +( ) 356.13 640 T +3 F +(b) 359.13 640 T +0 F +( ] [ ) 365.13 640 T +4 F +(-v) 382.11 640 T +0 F +( ) 392.1 640 T +3 F +(vector) 395.1 640 T +0 F +( ]) 425.07 640 T +1 F +(DESCRIPTION) 72 614.67 T +3 F +-0.69 (Bdes) 108 591 P +0 F +-0.69 ( reads from the standard input and writes on the standard output. It implements all DES) 131.32 591 P +-0.09 (modes of operation described in FIPS PUB 81 including alternative cipher feedback mode) 108 577 P +0.74 (and both authentication modes. All modes but the electronic code book mode require an) 108 563 P +-0.14 (initialization vector; if none is supplied, the zero vector is used. T) 108 549 P +-0.14 (o protect the key and ini-) 420.44 549 P +0.29 (tialization vector from being read by) 108 535 P +3 F +0.29 ( ps) 284.98 535 P +0 F +0.29 (\0501\051, ) 298.94 535 P +3 F +0.29 (bdes ) 319.21 535 P +0 F +0.29 (hides its ar) 344.48 535 P +0.29 (guments on entry) 396.81 535 P +0.29 (. If no ) 479.89 535 P +3 F +0.29 (key ) 512.74 535 P +0 F +0.29 (is) 532 535 P +-0.61 (given, one is requested from the controlling terminal if that can be opened, or from the stan-) 108 521 P +(dard input if not.) 108 507 T +-0.17 (The key and initialization vector are taken as sequences of ) 108 489 P +5 F +-0.14 (ASCII) 389.38 489 P +0 F +-0.17 ( characters which are then) 415.48 489 P +-0.35 (mapped into their bit representations. If either begins with +\3240x\325 or \3240X\325, that one is taken as) 108 475 P +1.02 (a sequence of hexadecimal digits indicating the bit pattern; if either begins with \3240b\325 or) 108 461 P +-0.73 (\3240B\325, that one is taken as a sequence of binary digits +indicating the bit pattern. In either case,) 108 447 P +-0.37 (only the leading 64 bits of the key or initialization vector are used, and if fewer than 64 bits) 108 433 P +0.35 (are provided, enough 0 bits are appended to pad the key to 64 bits. Note that if the key is) 108 419 P +0.03 (not entered on the command line, it is interpreted in the same way) 108 405 P +0.03 (, because with 4.4 BSD,) 424.31 405 P +-0.36 (the password reading function ) 108 391 P +3 F +-0.36 (getpass) 254.45 391 P +0 F +-0.36 (\0503\051 allows enough characters for either hex or binary) 290.43 391 P +(keys to be entered.) 108 377 T +0.04 (According to the DES standard, the low-order bit of each character in the key string is de-) 108 359 P +-0.18 (leted. Since most ) 108 345 P +5 F +-0.15 (ASCII) 192.75 345 P +0 F +-0.18 ( representations set the high-order bit to 0, simply deleting the low-) 218.84 345 P +-0.29 (order bit ef) 108 331 P +-0.29 (fectively reduces the size of the key space from 2) 160.49 331 P +5 F +-0.24 (56) 394.67 335.8 P +0 F +-0.29 ( to 2) 404.67 331 P +5 F +-0.24 (48) 425.41 335.8 P +0 F +-0.29 ( keys. T) 435.4 331 P +-0.29 (o prevent this,) 472.29 331 P +-0.46 (the high-order bit must be a function depending in part upon the low-order bit; so, the high-) 108 317 P +0.11 (order bit is set to whatever value gives odd parity) 108 303 P +0.11 (. This preserves the key space size. Note) 345.05 303 P +(this resetting of the parity bit is ) 108 289 T +3 F +(not) 260.92 289 T +0 F +( done if the key is given in binary or hex.) 276.24 289 T +-0.38 (By default, the standard input is encrypted using cipher block chaining mode and is written) 108 271 P +0.18 (to the standard output. Using the same key for encryption and decryption preserves plain-) 108 257 P +(text, so) 108 243 T +( bdes ) 225.81 225 T +3 F +(key) 253.79 225 T +0 F +( < plaintext | bdes \320i ) 269.77 225 T +3 F +(key) 370.21 225 T +0 F +( ) 386.19 225 T +(is a very expensive equivalent of ) 108 201 T +3 F +(cat) 268.54 201 T +0 F +(\0501\051.) 283.2 201 T +(Options are:) 108 183 T +( ) 108 165 T +4 F +(\320a) 111 165 T +0 F +-0.75 (The key and initialization vector strings are to be taken as ) 144 165 P +5 F +-0.62 (ASCII) 415.89 165 P +0 F +-0.75 ( suppressing the spe-) 441.98 165 P +0.3 (cial interpretation given to leading \3240x\325, \3240X\325, \3240b\325, +and \3240B\325 characters. Note this) 144 151 P +(\337ag applies to ) 144 137 T +3 F +(both) 214.29 137 T +0 F +( the key and initialization vector) 235.62 137 T +(.) 389.85 137 T +4 F +(\320b) 108 119 T +0 F +(Use electronic code book mode.) 144 119 T +4 F +(\320d) 108 101 T +0 F +(Decrypt the input.) 144 101 T +FMENDPAGE +%%EndPage: "8" 11 +%%Page: "9" 11 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 9 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +4 F +0 X +(\320f) 108 712 T +0 F +( ) 117.99 712 T +3 F +(b) 120.99 712 T +0 F +-0.29 (Use ) 144 712 P +3 F +-0.29 (b) 165.36 712 P +0 F +-0.29 (-bit cipher feedback mode. Currently ) 171.35 712 P +3 F +-0.29 (b) 350.42 712 P +0 F +-0.29 ( must be a multiple of 8 between 8 and) 356.42 712 P +(64 inclusive \050this does not conform to the standard CFB mode speci\336cation\051.) 144 698 T +4 F +(\320F) 108 680 T +0 F +( ) 121.32 680 T +3 F +(b) 124.32 680 T +0 F +-0.29 (Use ) 144 680 P +3 F +-0.29 (b) 165.36 680 P +0 F +-0.29 (-bit alternative cipher feedback mode. Currently ) 171.36 680 P +3 F +-0.29 (b) 403.77 680 P +0 F +-0.29 ( must be a multiple of 7 be-) 409.77 680 P +-0.12 (tween 7 and 56 inclusive \050this does not conform to the alternative CFB mode spec-) 144 666 P +(i\336cation\051.) 144 652 T +4 F +(\320k) 108 634 T +0 F +( ) 120.67 634 T +3 F +(key) 123.66 634 T +0 F +0.37 (Use the string ) 144 616 P +3 F +0.37 (key) 214.74 616 P +0 F +0.37 ( as the cryptographic key) 230.72 616 P +0.37 (. If this ar) 352.01 616 P +0.37 (gument is not given, the user) 399.54 616 P +(will be prompted for the key) 144 602 T +(.) 280.12 602 T +4 F +(\320m) 108 584 T +0 F +( ) 123.99 584 T +3 F +(b) 126.99 584 T +0 F +0.71 (Compute a message authentication code \050MAC\051 of ) 144 584 P +3 F +0.71 (b) 395.78 584 P +0 F +0.71 ( bits on the input. ) 401.77 584 P +3 F +0.71 (b) 491.94 584 P +0 F +0.71 ( must be) 497.94 584 P +0.11 (between 1 and 64 inclusive; if ) 144 570 P +3 F +0.11 (b) 291.87 570 P +0 F +0.11 ( is not a multiple of 8, enough 0 bits will be added) 297.86 570 P +-0.44 (to pad the MAC length to the nearest multiple of 8. Only the MAC is output. MACs) 144 556 P +(are only available in cipher block chaining mode or in cipher feedback mode.) 144 542 T +4 F +(\320o) 108 524 T +0 F +( ) 119.99 524 T +3 F +(b) 122.99 524 T +0 F +-0.34 (Use ) 144 524 P +3 F +-0.34 (b) 165.31 524 P +0 F +-0.34 (-bit output feedback mode. Currently ) 171.31 524 P +3 F +-0.34 (b) 350.83 524 P +0 F +-0.34 ( must be a multiple of 8 between 8 and) 356.83 524 P +(64 inclusive \050this does not conform to the OFB mode speci\336cation\051.) 144 510 T +4 F +(\320p) 108 492 T +0 F +-0.14 (Disable the resetting of the parity bit. This \337ag forces the parity bit of the key to be) 144 492 P +0.03 (used as typed, rather than making each character be of odd parity) 144 478 P +0.03 (. It is used only if) 455.91 478 P +(the key is given in ) 144 464 T +5 F +(ASCII) 234.95 464 T +0 F +(.) 261.04 464 T +4 F +(\320v) 108 446 T +0 F +( ) 119.99 446 T +3 F +(vector) 122.99 446 T +0 F +-0.5 (Set the initialization vector to ) 144 428 P +3 F +-0.5 (v) 286.44 428 P +0 F +-0.5 (; the vector is interpreted in the same way as the key) 291.76 428 P +-0.5 (.) 537 428 P +(The vector is ignored in electronic codebook mode.) 144 414 T +-0.55 (The DES is considered a very strong cryptosystem, and other than table lookup attacks, key) 108 396 P +0.24 (search attacks, and Hellman\325) 108 382 P +0.24 (s time-memory tradeof) 246.61 382 P +0.24 (f \050all of which are very expensive and) 356.8 382 P +0.66 (time-consuming\051, no cryptanalytic methods for breaking the DES are known in the open) 108 368 P +0.33 (literature. No doubt the choice of keys and key security are the most vulnerable aspect of) 108 354 P +3 F +(bdes) 108 340 T +0 F +(.) 129.98 340 T +4 F +(IMPLEMENT) 72 314 T +(A) 146.41 314 T +(TION NOTES) 154.18 314 T +0 F +0.57 (For implementors wishing to write software compatible with this program, the following) 108 290 P +-0.23 (notes are provided. This software is completely compatible with the implementation of the) 108 276 P +(data encryption standard distributed by Sun Microsystems, Inc.) 108 262 T +0.11 (In the ECB and CBC modes, plaintext is encrypted in units of 64 bits \0508 bytes, also called) 108 244 P +0.52 (a block\051. T) 108 230 P +0.52 (o ensure that the plaintext \336le is encrypted correctly) 160.49 230 P +0.52 (, ) 413.01 230 P +3 F +0.52 (bdes ) 419.53 230 P +0 F +0.52 (will \050internally\051 ap-) 445.03 230 P +0.29 (pend from 1 to 8 bytes, the last byte containing an integer stating how many bytes of that) 108 216 P +-0.71 (\336nal block are from the plaintext \336le, and encrypt the resulting block. Hence, when decrypt-) 108 202 P +0.27 (ing, the last block may contain from 0 to 7 characters present in the plaintext \336le, and the) 108 188 P +-0.59 (last byte tells how many) 108 174 P +-0.59 (. Note that if during decryption the last byte of the \336le does not con-) 221.46 174 P +0.41 (tain an integer between 0 and 7, either the \336le has been corrupted or an incorrect key has) 108 160 P +0.48 (been given. A similar mechanism is used for the OFB and CFB modes, except that those) 108 146 P +0.26 (simply require the length of the input to be a multiple of the mode size, and the \336nal byte) 108 132 P +-0.73 (contains an integer between 0 and one less than the number of bytes being used as the mode.) 108 118 P +(\050This was another reason that the mode size must be a multiple of 8 for those modes.\051) 108 104 T +FMENDPAGE +%%EndPage: "9" 12 +%%Page: "10" 12 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 10 of 11) 473.71 34.7 T +72 72 540 720 R +7 X +V +0 X +0.94 (Unlike Sun\325) 108 712 P +0.94 (s implementation, unused bytes of that last block are not \336lled with random) 166.58 712 P +0.57 (data, but instead contain what was in those byte positions in the preceding block. This is) 108 698 P +(quicker and more portable, and does not weaken the encryption signi\336cantly) 108 684 T +(.) 473.95 684 T +0.36 (If the key is entered in ) 108 666 P +5 F +0.3 (ASCII) 220.76 666 P +0 F +0.36 (, the parity bits of the key characters are set so that each key) 246.85 666 P +1.03 (character is of odd parity) 108 652 P +1.03 (. Unlike Sun\325) 231.23 652 P +1.03 (s implementation, it is possible to enter binary or) 296.92 652 P +-0.57 (hexadecimal keys on the command line, and if this is done, the parity bits are ) 108 638 P +3 F +-0.57 (not ) 472.85 638 P +0 F +-0.57 (reset. This) 490.61 638 P +(allows testing using arbitrary bit patterns as keys.) 108 624 T +0.64 (The Sun implementation always uses an initialization vector of 0 \050that is, all zeroes\051. By) 108 606 P +(default, ) 108 592 T +3 F +(bdes ) 147.3 592 T +0 F +(does too, but this may be changed from the command line.) 172.29 592 T +4 F +(FILES) 72 566 T +0 F +(/dev/tty) 108 542 T +(controlling terminal for typed key) 180 542 T +4 F +(SEE ALSO) 72 516 T +3 F +(crypt) 108 492 T +0 F +(\0501\051, ) 132.65 492 T +3 F +(crypt) 152.63 492 T +0 F +(\0503\051) 177.27 492 T +3 F +-0.4 (Data Encryption Standar) 108 474 P +-0.4 (d) 228.02 474 P +0 F +-0.4 (, Federal Information Processing Standard #46, National Bureau) 234.02 474 P +(of Standards, U.S. Department of Commerce, W) 108 460 T +(ashington DC \050Jan. 1977\051.) 340.2 460 T +3 F +0.16 (DES) 108 442 P +0 F +0.16 ( ) 129.98 442 P +3 F +0.16 (Modes of Operation, ) 133.15 442 P +0 F +0.16 (Federal Information Processing Standard #81, National Bureau) 236.24 442 P +(of Standards, U.S. Department of Commerce, W) 108 428 T +(ashington DC \050Dec. 1980\051.) 340.2 428 T +2.75 (Dorothy Denning, ) 108 410 P +3 F +2.75 (Cryptography and Data Security) 203.77 410 P +0 F +2.75 (, Addison-W) 368.8 410 P +2.75 (esley Publishing Co.,) 432.55 410 P +(Reading, MA \2511982.) 108 396 T +-0.19 ( Matt Bishop, \322Implementation Notes on ) 108 378 P +3 F +-0.19 (bdes) 305.76 378 P +0 F +-0.19 (\0501\051\323, T) 327.75 378 P +-0.19 (echnical Report PCS-TR-91-158, De-) 359.35 378 P +0.34 (partment of Mathematics and Computer Science, Dartmouth College, Hanover) 108 364 P +0.34 (, NH \050Apr) 488.01 364 P +0.34 (.) 537 364 P +(1991\051.) 108 350 T +4 F +(CAUTION) 72 324 T +0 F +-0.55 (Certain speci\336c keys should be avoided because they introduce potential weaknesses; these) 108 300 P +-0.44 (keys, called the ) 108 286 P +3 F +-0.44 (weak) 183.95 286 P +0 F +-0.44 ( and ) 208.6 286 P +3 F +-0.44 (semiweak) 231.03 286 P +0 F +-0.44 ( keys, are \050in hex notation, where ) 277.66 286 P +6 F +-1.06 (p) 437.45 286 P +0 F +-0.44 ( is either ) 444.64 286 P +6 F +-1.06 (0) 487.63 286 P +0 F +-0.44 ( or ) 494.82 286 P +6 F +-1.06 (1) 509.93 286 P +0 F +-0.44 (, and) 517.12 286 P +6 F +(P) 108 272 T +0 F +( is either ) 115.2 272 T +6 F +(e) 159.5 272 T +0 F +( or ) 166.7 272 T +6 F +(f) 182.68 272 T +0 F +(\051:) 189.88 272 T +6 F +(0x0p0p0p0p0p0p0p0p) 144 254 T +(0x0p1P0p1P0p0P0p0P) 360 254 T +(0x0pep0pep0pfp0pfp) 144 236 T +(0x0pfP0pfP0pfP0pfP) 360 236 T +(0x1P0p1P0p0P0p0P0p) 144 218 T +(0x1P1P1P1P0P0P0P0P) 360 218 T +(0x1Pep1Pep0Pfp0Pfp) 144 200 T +(0x1PfP1PfP0PfP0PfP) 360 200 T +(0xep0pep0pfp0pfp0p) 144 182 T +(0xep1Pep1pfp0Pfp0P) 360 182 T +(0xepepepepepepepep) 144 164 T +(0xepfPepfPfpfPfpfP) 360 164 T +(0xfP0pfP0pfP0pfP0p) 144 146 T +(0xfP1PfP1PfP0PfP0P) 360 146 T +(0xfPepfPepfPepfPep) 144 128 T +(0xfPfPfPfPfPfPfPfP) 360 128 T +0 F +0.13 (The weakness of these keys is inherent in the DES algorithm \050see for example Moore and) 108 110 P +-0.57 (Simmons, \322Cycle structure of the DES with weak and semi-weak keys,\323) 108 96 P +3 F +-0.57 ( Advances in Cryp-) 449.43 96 P +(tology \320 Crypto \32486 Pr) 108 82 T +(oceedings) 216.83 82 T +0 F +(, Springer) 264.79 82 T +(-V) 311.85 82 T +(erlag New Y) 323.17 82 T +(ork, \2511987, pp. 9-32\051.) 383.25 82 T +FMENDPAGE +%%EndPage: "10" 13 +%%Page: "11" 13 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 11 of 11) 473.71 34.7 T +72 72 540 720 R +7 X +V +4 F +0 X +(BUGS) 72 712 T +0 F +-0.18 (There is a controversy raging over whether the DES will still be secure in a few years. The) 108 688 P +0.31 (advent of special-purpose hardware could reduce the cost of any of the methods of attack) 108 674 P +(named above so that they are no longer computationally infeasible.) 108 660 T +0.32 (Programs which display programs\325 ar) 108 642 P +0.32 (guments may compromise the key and initialization) 289.59 642 P +0.76 (vector if they are speci\336ed on the command line. T) 108 628 P +0.76 (o avoid this ) 358.46 628 P +3 F +0.76 (bdes) 419.7 628 P +0 F +0.76 ( overwrites its ar) 441.68 628 P +0.76 (gu-) 524.01 628 P +(ments. However) 108 614 T +(, the obvious race cannot currently be avoided.) 186.12 614 T +0.25 (As the key or key schedule is kept in memory throughout the run of this program, the en-) 108 596 P +(cryption can be compromised if memory is readable.) 108 582 T +-0.4 (There is no warranty of merchantability nor any warranty of \336tness for a particular purpose) 108 564 P +0.05 (nor any other warranty) 108 550 P +0.05 (, either express or implied, as to the accuracy of the enclosed mate-) 216.95 550 P +(rials or as to their suitability for any particular purpose.) 108 536 T +-0.06 (Accordingly) 108 518 P +-0.06 (, the user assumes full responsibility for their use. Further) 167.18 518 P +-0.06 (, the author assumes) 442.93 518 P +-0.25 (no obligation to furnish any assistance of any kind whatsoever) 108 504 P +-0.25 (, or to furnish any additional) 404.69 504 P +(information or documentation.) 108 490 T +4 F +(AUTHOR) 72 464 T +0 F +-0.54 (Matt Bishop, Department of Mathematics and Computer Science, Bradley Hall, Dartmouth) 108 440 P +(College, Hanover) 108 426 T +(, NH 03755) 192.12 426 T +(Electronic mail addresses:) 108 408 T +(Internet: Matt.Bishop@dartmouth.edu) 108 390 T +(UUCP: decvax!dartvax!Matt.Bishop) 108 372 T +FMENDPAGE +%%EndPage: "11" 14 +%%Trailer +%%BoundingBox: 0 0 612 792 +%%Pages: 13 1 +%%DocumentFonts: Helvetica-Bold +%%+ Helvetica-BoldOblique +%%+ Times-Roman +%%+ Times-Bold +%%+ Times-BoldItalic +%%+ Times-Italic +%%+ Courier +%%+ Courier-Oblique +%%+ ZapfDingbats +%%+ Symbol +%%+ Courier-Bold diff --git a/secure/usr.bin/openssl/Makefile b/secure/usr.bin/openssl/Makefile new file mode 100644 index 0000000..4aea4f0 --- /dev/null +++ b/secure/usr.bin/openssl/Makefile @@ -0,0 +1,34 @@ +# $FreeBSD$ + +OPENSSL_SRC= ${.CURDIR}/../../../crypto/openssl/apps +LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl/crypto + +.PATH: ${OPENSSL_SRC} ${OPENSSL_SRC}/../doc/apps/ + +PROG= openssl + +MAINTAINER= kris + +LDADD= -lssl -lcrypto +MAN1= openssl.1 +MLINKS= openssl.1 ssl.8 + +CFLAGS+= -DMONOLITH -I${.CURDIR} + +WITH_RSA?= YES +.if ${WITH_RSA} == NO +CFLAGS+= -DNO_RSA -DNO_SSL2 +.endif + +SRCS= app_rand.c apps.c asn1pars.c ca.c ciphers.c crl.c crl2p7.c dgst.c \ + dh.c dhparam.c dsa.c dsaparam.c enc.c errstr.c gendh.c gendsa.c \ + genrsa.c nseq.c openssl.c passwd.c pkcs12.c pkcs7.c pkcs8.c rand.c \ + req.c rsa.c s_cb.c s_client.c s_server.c s_socket.c s_time.c \ + sess_id.c smime.c speed.c spkac.c verify.c version.c x509.c + +.include <bsd.prog.mk> + +.SUFFIXES: .out .o .c .cc .cpp .cxx .C .m .y .l .s .S .pod + +.pod.1: + pod2man ${.IMPSRC} > ${.TARGET} diff --git a/secure/usr.bin/scp/Makefile b/secure/usr.bin/scp/Makefile new file mode 100644 index 0000000..80ad088 --- /dev/null +++ b/secure/usr.bin/scp/Makefile @@ -0,0 +1,18 @@ +# $FreeBSD$ +# + +SSHSRC= ${.CURDIR}/../../../crypto/openssh + +PROG= scp +BINOWN= root +BINMODE=555 +MAN1= scp.1 + +SRCS= scp.c + +.include <bsd.prog.mk> + +.PATH: ${SSHSRC} + +LDADD+= -lcrypto -lutil -lz -L${.OBJDIR}/../../lib/libssh -lssh +DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} diff --git a/secure/usr.bin/ssh-add/Makefile b/secure/usr.bin/ssh-add/Makefile new file mode 100644 index 0000000..5e8dbf2 --- /dev/null +++ b/secure/usr.bin/ssh-add/Makefile @@ -0,0 +1,18 @@ +# $FreeBSD$ +# + +SSHSRC= ${.CURDIR}/../../../crypto/openssh + +PROG= ssh-add +BINOWN= root +BINMODE=555 +MAN1= ssh-add.1 + +SRCS= ssh-add.c log-client.c + +.include <bsd.prog.mk> + +.PATH: ${SSHSRC} + +LDADD+= -L${.OBJDIR}/../../lib/libssh -lssh -lcrypto -lcrypt -lutil -lz +DPADD+= ${LIBCRYPTO} ${LIBCRYPT} ${LIBUTIL} ${LIBZ} diff --git a/secure/usr.bin/ssh-agent/Makefile b/secure/usr.bin/ssh-agent/Makefile new file mode 100644 index 0000000..901f09e --- /dev/null +++ b/secure/usr.bin/ssh-agent/Makefile @@ -0,0 +1,18 @@ +# $FreeBSD$ +# + +SSHSRC= ${.CURDIR}/../../../crypto/openssh + +PROG= ssh-agent +BINOWN= root +BINMODE=555 +MAN= ssh-agent.1 + +SRCS= ssh-agent.c log-client.c + +.include <bsd.prog.mk> + +.PATH: ${SSHSRC} + +LDADD+= -L${.OBJDIR}/../../lib/libssh -lssh -lcrypto -lcrypt -lutil -lz +DPADD+= ${LIBCRYPTO} ${LIBCRYPT} ${LIBUTIL} ${LIBZ} diff --git a/secure/usr.bin/ssh-keygen/Makefile b/secure/usr.bin/ssh-keygen/Makefile new file mode 100644 index 0000000..b34e0f7 --- /dev/null +++ b/secure/usr.bin/ssh-keygen/Makefile @@ -0,0 +1,18 @@ +# $FreeBSD$ +# + +SSHSRC= ${.CURDIR}/../../../crypto/openssh + +PROG= ssh-keygen +BINOWN= root +BINMODE=555 +MAN= ssh-keygen.1 + +SRCS= key.c log-client.c ssh-keygen.c + +.include <bsd.prog.mk> + +.PATH: ${SSHSRC} + +LDADD+= -L${.OBJDIR}/../../lib/libssh -lssh -lcrypto -lcrypt -lutil -lz +DPADD+= ${LIBCRYPTO} ${LIBCRYPT} ${LIBUTIL} ${LIBZ} diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile new file mode 100644 index 0000000..10dcbf0 --- /dev/null +++ b/secure/usr.bin/ssh/Makefile @@ -0,0 +1,44 @@ +# $FreeBSD$ +# + +SSHSRC= ${.CURDIR}/../../../crypto/openssh + +PROG= ssh +BINOWN= root +BINMODE=4555 +MAN1= ssh.1 +LINKS= ${BINDIR}/ssh ${BINDIR}/slogin +MLINKS= ssh.1 slogin.1 + +SRCS= ssh.c log-client.c readconf.c clientloop.c sshconnect.c \ + sshconnect1.c sshconnect2.c + +.include <bsd.own.mk> + +.PATH: ${SSHSRC} +.PATH: ${SSHSRC}/lib + +.if defined(MAKE_KERBEROS4) && \ + ((${MAKE_KERBEROS4} == "yes") || (${MAKE_KERBEROS4} == "YES")) +DISTRIBUTION=krb4 +CFLAGS+= -DKRB4 +LDADD+= -lkrb -lcom_err +DPADD+= ${LIBKRB} ${LIBCOM_ERR} +.endif # MAKE_KERBEROS4 + +.if defined(MAKE_KERBEROS5) && \ + ((${MAKE_KERBEROS5} == "yes") || (${MAKE_KERBEROS5} == "YES")) +DISTRIBUTION=krb5 +CFLAGS+= -DKRB5 +LDADD+= -lkrb5 -lasn1 -lcom_err -lmd -L${.OBJDIR}/../../../kerberos5/lib/libroken -lroken -lcrypt +DPADD+= ${LIBKRB5} ${LIBCOM_ERR} ${LIBASN1} ${LIBMD} ${LIBCRYPT} +.endif # MAKE_KERBEROS5 + +.if defined(X11BASE) +CFLAGS+= -DXAUTH_PATH=\"${X11BASE}/bin/xauth\" +.endif + +LDADD+= -L${.OBJDIR}/../../lib/libssh -lssh -lcrypto -lutil -lz +DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} + +.include <bsd.prog.mk> diff --git a/secure/usr.bin/telnet/Makefile b/secure/usr.bin/telnet/Makefile new file mode 100644 index 0000000..b59da7a --- /dev/null +++ b/secure/usr.bin/telnet/Makefile @@ -0,0 +1,19 @@ +# $FreeBSD$ + +PROG= telnet + +CFLAGS+= -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DSKEY \ + -DENCRYPTION -DAUTHENTICATION -I${TELNETDIR} +CFLAGS+= -DIPSEC -DINET6 + +SRCS= authenc.c commands.c main.c network.c ring.c sys_bsd.c \ + telnet.c terminal.c tn3270.c utilities.c + +DPADD= ${LIBTERMCAP} ${LIBTELNET} ${LIBCRYPTO} ${LIBCRYPT} ${LIBMP} +DPADD+= ${LIBIPSEC} +LDADD= -ltermcap -L${TELNETOBJDIR} -ltelnet -lcrypto -lcrypt -lmp +LDADD+= -lipsec + +.include <bsd.prog.mk> + +.PATH: ${TELNETDIR}/telnet diff --git a/secure/usr.sbin/Makefile b/secure/usr.sbin/Makefile new file mode 100644 index 0000000..b8636e5 --- /dev/null +++ b/secure/usr.sbin/Makefile @@ -0,0 +1,8 @@ +# $FreeBSD$ + +SUBDIR= +.if !defined(NO_OPENSSH) && !defined(NO_OPENSSL) +SUBDIR+=sshd +.endif + +.include <bsd.subdir.mk> diff --git a/secure/usr.sbin/Makefile.inc b/secure/usr.sbin/Makefile.inc new file mode 100644 index 0000000..c3699c1 --- /dev/null +++ b/secure/usr.sbin/Makefile.inc @@ -0,0 +1,4 @@ +# $FreeBSD$ + +BINDIR?=/usr/sbin +.include "${.CURDIR}/../../Makefile.inc" diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile new file mode 100644 index 0000000..74b9ee5 --- /dev/null +++ b/secure/usr.sbin/sshd/Makefile @@ -0,0 +1,51 @@ +# $FreeBSD$ +# + +SSHSRC= ${.CURDIR}/../../../crypto/openssh +LOGINSRC= ${.CURDIR}/../../../usr.bin/login + +PROG= sshd +BINOWN= root +BINMODE=555 +MAN8= sshd.8 + +SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ + pty.c log-server.c login.c servconf.c serverloop.c \ + auth.c auth1.c auth2.c auth-options.c session.c login_access.c + +CFLAGS+= -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I${LOGINSRC} + +.include <bsd.own.mk> + +.PATH: ${SSHSRC} ${LOGINSRC} + +.if defined(MAKE_KERBEROS4) && \ + ((${MAKE_KERBEROS4} == "yes") || (${MAKE_KERBEROS4} == "YES")) +DISTRIBUTION=krb4 +CFLAGS+= -DKRB4 +SRCS+= auth-krb4.c +LDADD+= -lkrb -lcom_err +DPADD+= ${LIBKRB} ${LIBCOM_ERR} +.endif # MAKE_KERBEROS4 + +.if defined(MAKE_KERBEROS5) && \ + ((${MAKE_KERBEROS5} == "yes") || (${MAKE_KERBEROS5} == "YES")) +DISTRIBUTION=krb5 +CFLAGS+= -DKRB5 +SRCS+= auth-krb5.c +LDADD+= -lkrb5 -lasn1 -lcom_err -lmd -L${.OBJDIR}/../../../kerberos5/lib/libroken -lroken +DPADD+= ${LIBKRB5} ${LIBCOM_ERR} ${LIBASN1} ${LIBMD} +.endif # MAKE_KERBEROS5 + +CFLAGS+= -DSKEY +LDADD+= -lopie -lmd +DPADD+= ${LIBOPIE} ${LIBMD} + +.include <bsd.prog.mk> + +.if defined(X11BASE) +CFLAGS+= -DXAUTH_PATH=\"${X11BASE}/bin/xauth\" +.endif + +LDADD+= -L${.OBJDIR}/../../lib/libssh -lssh -lcrypt -lcrypto -lutil -lz -lwrap +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} ${LIBWRAP} |