1 files changed, 276 insertions, 0 deletions
diff --git a/usr.sbin/keyserv/crypt_server.c b/usr.sbin/keyserv/crypt_server.c
new file mode 100644
index 0000000..b4c6036
--- /dev/null
+++ b/usr.sbin/keyserv/crypt_server.c
@@ -0,0 +1,276 @@
+/*
+ * Copyright (c) 1996
+ *	Bill Paul <wpaul@ctr.columbia.edu>.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by Bill Paul.
+ * 4. Neither the name of the author nor the names of any co-contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <dirent.h>
+#include <dlfcn.h>
+#include <err.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <rpc/des_crypt.h>
+#include <rpc/des.h>
+#include "crypt.h"
+
+#ifndef lint
+static const char rcsid[] =
+  "$FreeBSD$";
+#endif /* not lint */
+
+/*
+ * The U.S. government stupidly believes that a) it can keep strong
+ * crypto code a secret and b) that doing so somehow protects national
+ * interests. It's wrong on both counts, but until it listens to reason
+ * we have to make certain compromises so it doesn't have an excuse to
+ * throw us in federal prison.
+ *
+ * Consequently, the core OS ships without DES support, and keyserv
+ * defaults to using ARCFOUR with only a 40 bit key, just like nutscrape.
+ * This breaks compatibility with Secure RPC on other systems, but it
+ * allows Secure RPC to work between FreeBSD systems that don't have the
+ * DES package installed without throwing security totally out the window.
+ *
+ * In order to avoid having to supply two versions of keyserv (one with
+ * DES and one without), we use dlopen() and friends to load libdes.so
+ * into our address space at runtime. We check for the presence of
+ * /usr/lib/libdes.so.3.0 at startup and load it if we find it. If we
+ * can't find it, or the __des_crypt symbol doesn't exist, we fall back
+ * to the ARCFOUR encryption code. The user can specify another path using
+ * the -p flag.
+ */
+
+ /* arcfour.h */
+typedef struct arcfour_key
+{      
+   unsigned char state[256];       
+   unsigned char x;        
+   unsigned char y;
+} arcfour_key;
+
+static void prepare_key(unsigned char *key_data_ptr,int key_data_len,
+		 arcfour_key *key);
+static void arcfour(unsigned char *buffer_ptr,int buffer_len,arcfour_key * key);
+static void swap_byte(unsigned char *a, unsigned char *b);
+
+static void prepare_key(unsigned char *key_data_ptr, int key_data_len,
+		 arcfour_key *key)
+{
+   unsigned char index1;
+   unsigned char index2;
+   unsigned char* state;
+   short counter;     
+
+   state = &key->state[0];         
+   for(counter = 0; counter < 256; counter++)              
+   state[counter] = counter;               
+   key->x = 0;     
+   key->y = 0;     
+   index1 = 0;     
+   index2 = 0;             
+   for(counter = 0; counter < 256; counter++)      
+   {               
+      index2 = (key_data_ptr[index1] + state[counter] +
+                index2) % 256;                
+      swap_byte(&state[counter], &state[index2]);            
+      
+      index1 = (index1 + 1) % key_data_len;  
+   }       
+}
+
+static void arcfour(unsigned char *buffer_ptr, int buffer_len, arcfour_key *key)
+{ 
+   unsigned char x;
+   unsigned char y;
+   unsigned char* state;
+   unsigned char xorIndex;
+   short counter;              
+   
+   x = key->x;     
+   y = key->y;     
+   
+   state = &key->state[0];         
+   for(counter = 0; counter < buffer_len; counter ++)      
+   {               
+      x = (x + 1) % 256;                      
+      y = (state[x] + y) % 256;               
+      swap_byte(&state[x], &state[y]);                        
+      
+      xorIndex = (state[x] + state[y]) % 256;                 
+      
+      buffer_ptr[counter] ^= state[xorIndex];         
+   }               
+   key->x = x;     
+   key->y = y;
+}
+
+static void swap_byte(unsigned char *a, unsigned char *b)
+{
+   unsigned char swapByte; 
+   
+   swapByte = *a; 
+   *a = *b;      
+   *b = swapByte;
+}
+
+/* Dummy _des_crypt function that uses ARCFOUR with a 40 bit key */
+int _arcfour_crypt(buf, len, desp)
+	char *buf;
+	int len;
+	struct desparams *desp;
+{
+	struct arcfour_key arcfourk;
+
+	/*
+	 * U.S. government anti-crypto weasels take
+	 * note: although we are supplied with a 64 bit
+	 * key, we're only passing 40 bits to the ARCFOUR
+	 * encryption code. So there.
+	 */
+	prepare_key(desp->des_key, 5, &arcfourk);
+	arcfour(buf, len, &arcfourk);
+
+	return(DESERR_NOHWDEVICE);
+}
+
+int (*_my_crypt)(char *, int, struct desparams *) = NULL;
+
+static void *dlhandle;
+
+#ifndef _PATH_USRLIB
+#define _PATH_USRLIB "/usr/lib"
+#endif
+
+#ifndef LIBCRYPTO
+#define LIBCRYPTO "libcrypto.so.2"
+#endif
+
+void load_des(warn, libpath)
+	int warn;
+	char *libpath;
+{
+	char dlpath[MAXPATHLEN];
+
+	if (libpath == NULL) {
+		snprintf(dlpath, sizeof(dlpath), "%s/%s", _PATH_USRLIB, LIBCRYPTO);
+	} else
+		snprintf(dlpath, sizeof(dlpath), "%s", libpath);
+
+	if (dlpath != NULL && (dlhandle = dlopen(dlpath, 0444)) != NULL)
+		_my_crypt = (int (*)())dlsym(dlhandle, "_des_crypt");
+
+	if (_my_crypt == NULL) {
+		if (dlhandle != NULL)
+			dlclose(dlhandle);
+		_my_crypt = &_arcfour_crypt;
+		if (warn) {
+			printf ("DES support disabled -- using ARCFOUR instead.\n");
+			printf ("Warning: ARCFOUR cipher is not compatible with ");
+			printf ("other Secure RPC implementations.\nInstall ");
+			printf ("the FreeBSD 'des' distribution to enable");
+			printf (" DES encryption.\n");
+		}
+	} else {
+		if (warn) {
+			printf ("DES support enabled\n");
+			printf ("Using %s shared object.\n", dlpath);
+		}
+	}
+
+	return;
+}
+
+desresp *
+des_crypt_1_svc(desargs *argp, struct svc_req *rqstp)
+{
+	static desresp  result;
+	struct desparams dparm;
+
+	if (argp->desbuf.desbuf_len > DES_MAXDATA) {
+		result.stat = DESERR_BADPARAM;
+		return(&result);
+	}
+
+
+	bcopy(argp->des_key, dparm.des_key, 8);
+	bcopy(argp->des_ivec, dparm.des_ivec, 8);
+	dparm.des_mode = (argp->des_mode == CBC_DES) ? CBC : ECB;
+	dparm.des_dir = (argp->des_dir == ENCRYPT_DES) ? ENCRYPT : DECRYPT;
+#ifdef BROKEN_DES
+	dparm.UDES.UDES_buf = argp->desbuf.desbuf_val;
+#endif
+
+	/*
+	 * XXX This compensates for a bug in the libdes Secure RPC
+	 * compat interface. (Actually, there are a couple.) The
+	 * des_ecb_encrypt() routine in libdes only encrypts 8 bytes
+	 * (64 bits) at a time. However, the Sun Secure RPC ecb_crypt()
+	 * routine is supposed to be able to handle buffers up to 8Kbytes.
+	 * The rpc_enc module in libdes ignores this fact and just drops
+	 * the length parameter on the floor, encrypting only the
+	 * first 64 bits of whatever buffer you feed it. We deal with
+	 * this here: if we're using DES encryption, and we're using
+	 * ECB mode, then we make a pass over the entire buffer
+	 * ourselves. Note: the rpc_enc module incorrectly transposes
+	 * the mode flags, so when you ask for CBC mode, you're really
+	 * getting ECB mode.
+	 */
+#ifdef BROKEN_DES
+	if (_my_crypt != &_arcfour_crypt && argp->des_mode == CBC) {
+#else
+	if (_my_crypt != &_arcfour_crypt && argp->des_mode == ECB) {
+#endif
+		int			i;
+		char			*dptr;
+
+		for (i = 0; i < argp->desbuf.desbuf_len / 8; i++) {
+			dptr = argp->desbuf.desbuf_val;
+			dptr += (i * 8);
+#ifdef BROKEN_DES
+			dparm.UDES.UDES_buf = dptr;
+#endif
+			result.stat = _my_crypt(dptr, 8, &dparm);
+		}
+	} else {
+		result.stat = _my_crypt(argp->desbuf.desbuf_val,
+					argp->desbuf.desbuf_len,
+					&dparm);
+	}
+
+	if (result.stat == DESERR_NONE || result.stat == DESERR_NOHWDEVICE) {
+		bcopy(dparm.des_ivec, result.des_ivec, 8);
+		result.desbuf.desbuf_len = argp->desbuf.desbuf_len;
+		result.desbuf.desbuf_val = argp->desbuf.desbuf_val;
+	}
+
+	return (&result);
+}