1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
/*
* DES interface for rsaref2.0
*
* These routines implement an interface for the RSA Laboratories
* implementation of the Data Encryption Standard (DES) algorithm
* operating in Cipher-Block Chaining (CBC) mode. This algorithm is
* included in the rsaref2.0 package available from RSA in the US and
* foreign countries. Further information is available at www.rsa.com.
*/
#include "ntp_machine.h"
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef DES
#include "ntp_types.h"
#include "ntp_fp.h"
#include "ntp_string.h"
#include "global.h"
#include "des.h"
#include "ntp_stdlib.h"
#define BLOCK_OCTETS 8 /* message digest size */
#define MAXTPKT 128 /* max packet size */
/*
* DESauthencrypt - generate DES-CBC message authenticator
*
* Returns length of authenticator field.
*/
int
DESauthencrypt(
u_char *key, /* key pointer */
u_int32 *pkt, /* packet pointer */
int length /* packet length */
)
{
DES_CBC_CTX ctx;
u_int32 tpkt[MAXTPKT];
u_int32 work[2];
int i, j;
/*
* DES-CBC with zero IV. Note the encrypted text is discarded.
*/
work[0] = work[1] = 0;
DES_CBCInit(&ctx, key, (u_char *)work, 1);
DES_CBCUpdate(&ctx, (u_char *)tpkt, (u_char *)pkt,
(u_int)length);
i = length / 4 + 1;
j = i - 3;
pkt[i++] = (u_int32)htonl(tpkt[j++]);
pkt[i] = (u_int32)htonl(tpkt[j]);
return (BLOCK_OCTETS + 4);
}
/*
* DESauthdecrypt - verify DES message authenticator
*
* Returns one if authenticator valid, zero if invalid.
*/
int
DESauthdecrypt(
u_char *key, /* key pointer */
u_int32 *pkt, /* packet pointer */
int length, /* packet length */
int size /* size of MAC field */
)
{
DES_CBC_CTX ctx;
u_int32 tpkt[MAXTPKT];
u_int32 work[2];
int i, j;
/*
* DES-CBC with zero IV. Note the encrypted text is discarded.
*/
if (size != BLOCK_OCTETS + 4)
return (0);
work[0] = work[1] = 0;
DES_CBCInit (&ctx, key, (u_char *)work, 1);
DES_CBCUpdate (&ctx, (u_char *)tpkt, (u_char *)pkt,
(u_int)length);
i = length / 4 + 1;
j = i - 3;
if ((u_int32)ntohl(pkt[i++]) == tpkt[j++] &&
(u_int32)ntohl(pkt[i]) == tpkt[j])
return (1);
return (0);
}
#else
int authencrypt_bs;
#endif /* DES */
|