[d309eb3] | 1 | /* This file is stolen and slightly modified code */ |
---|
| 2 | |
---|
| 3 | /* zcrypt.c -- Read in a data stream from stdin & dump a decrypted/encrypted * |
---|
| 4 | * datastream. Reads the string to make the key from from the first * |
---|
| 5 | * parameter. Encrypts or decrypts according to -d or -e flag. (-e is * |
---|
| 6 | * default.) Will invoke zwrite if the -c option is provided for * |
---|
| 7 | * encryption. If a zephyr class is specified & the keyfile name omitted * |
---|
| 8 | * the ~/.crypt-table will be checked for "crypt-classname" and then * |
---|
| 9 | * "crypt-default" for the keyfile name. */ |
---|
| 10 | |
---|
| 11 | #include <stdio.h> |
---|
| 12 | #include <stdlib.h> |
---|
| 13 | #include <string.h> |
---|
| 14 | #include <sys/types.h> |
---|
| 15 | #include <sys/wait.h> |
---|
[ac70242] | 16 | #include "owl.h" |
---|
[d309eb3] | 17 | |
---|
[c86a35c] | 18 | #ifdef OWL_ENABLE_ZCRYPT |
---|
[c269e22] | 19 | |
---|
[d309eb3] | 20 | #define BASE_CODE 70 |
---|
| 21 | #define LAST_CODE (BASE_CODE + 15) |
---|
| 22 | #define OUTPUT_BLOCK_SIZE 16 |
---|
| 23 | #include <unistd.h> |
---|
| 24 | #include <sys/types.h> |
---|
[806f769] | 25 | |
---|
| 26 | #ifdef HAVE_KERBEROS_IV |
---|
| 27 | #include <kerberosIV/des.h> |
---|
| 28 | #else |
---|
| 29 | #include <openssl/des.h> |
---|
| 30 | #endif |
---|
[d309eb3] | 31 | |
---|
| 32 | #define MAX_KEY 128 |
---|
| 33 | |
---|
| 34 | #ifndef TRUE |
---|
| 35 | #define TRUE -1 |
---|
| 36 | #endif |
---|
| 37 | #ifndef FALSE |
---|
| 38 | #define FALSE 0 |
---|
| 39 | #endif |
---|
| 40 | |
---|
| 41 | #define ZWRITE_OPT_NOAUTH (1<<0) |
---|
| 42 | #define ZWRITE_OPT_SIGNATURE (1<<1) |
---|
| 43 | #define ZWRITE_OPT_IGNOREVARS (1<<2) |
---|
| 44 | #define ZWRITE_OPT_VERBOSE (1<<3) |
---|
| 45 | #define ZWRITE_OPT_QUIET (1<<4) |
---|
| 46 | #define ZCRYPT_OPT_MESSAGE (1<<5) |
---|
| 47 | #define ZCRYPT_OPT_IGNOREDOT (1<<6) |
---|
| 48 | |
---|
| 49 | typedef struct |
---|
| 50 | { |
---|
| 51 | int flags; |
---|
| 52 | char *signature; |
---|
| 53 | char *message; |
---|
| 54 | } ZWRITEOPTIONS; |
---|
| 55 | |
---|
[e19eb97] | 56 | char *GetZephyrVarKeyFile(const char *whoami, const char *class, const char *instance); |
---|
[d309eb3] | 57 | |
---|
| 58 | #define M_NONE 0 |
---|
| 59 | #define M_ZEPHYR_ENCRYPT 1 |
---|
| 60 | #define M_DECRYPT 2 |
---|
| 61 | #define M_ENCRYPT 3 |
---|
| 62 | #define M_RANDOMIZE 4 |
---|
| 63 | #define M_SETKEY 5 |
---|
| 64 | |
---|
[a52eeb1] | 65 | static void owl_zcrypt_string_to_schedule(const char *keystring, des_key_schedule *schedule) { |
---|
[3daca13] | 66 | #ifdef HAVE_KERBEROS_IV |
---|
| 67 | des_cblock key; |
---|
| 68 | #else |
---|
| 69 | des_cblock _key, *key = &_key; |
---|
| 70 | #endif |
---|
| 71 | |
---|
| 72 | des_string_to_key(keystring, key); |
---|
[3f18ad5] | 73 | des_key_sched(key, *schedule); |
---|
[3daca13] | 74 | } |
---|
| 75 | |
---|
[9ceee9d] | 76 | /* The 'owl_zcrypt_decrypt' function was written by kretch for Owl. |
---|
| 77 | * Decrypt the message in 'in' on class 'class' and instance |
---|
[dacb555] | 78 | * 'instance'. Return must be freed by caller. |
---|
[9ceee9d] | 79 | */ |
---|
[dacb555] | 80 | char *owl_zcrypt_decrypt(const char *in, const char *class, const char *instance) |
---|
| 81 | { |
---|
[65b2173] | 82 | char *fname, keystring[MAX_KEY]; |
---|
[d309eb3] | 83 | FILE *fkey; |
---|
| 84 | |
---|
| 85 | fname=GetZephyrVarKeyFile("zcrypt", class, instance); |
---|
[dacb555] | 86 | if (!fname) return NULL; |
---|
[d309eb3] | 87 | fkey=fopen(fname, "r"); |
---|
[dacb555] | 88 | if (!fkey) return NULL; |
---|
[3daca13] | 89 | if (!fgets(keystring, MAX_KEY-1, fkey)) { |
---|
| 90 | fclose(fkey); |
---|
[dacb555] | 91 | return NULL; |
---|
[3daca13] | 92 | } |
---|
[d309eb3] | 93 | fclose(fkey); |
---|
| 94 | |
---|
[a52eeb1] | 95 | return owl_zcrypt_decrypt_with_key(in, keystring); |
---|
| 96 | } |
---|
| 97 | |
---|
| 98 | char *owl_zcrypt_decrypt_with_key(const char *in, const char *keystring) |
---|
| 99 | { |
---|
| 100 | const char *inptr, *endptr; |
---|
| 101 | char *out; |
---|
| 102 | des_key_schedule schedule; |
---|
| 103 | unsigned char input[8], output[8]; |
---|
| 104 | int i, c1, c2; |
---|
| 105 | |
---|
[f61e7ac] | 106 | /* We read in some number of full 16-byte blocks and write out the |
---|
| 107 | * same number of 8-byte blocks, plus a null terminator. |
---|
| 108 | */ |
---|
| 109 | out = owl_malloc((strlen(in) / 16) * 8 + 1); |
---|
[a52eeb1] | 110 | |
---|
[d309eb3] | 111 | strcpy(out, ""); |
---|
| 112 | |
---|
| 113 | output[0] = '\0'; /* In case no message at all */ |
---|
| 114 | |
---|
[3f18ad5] | 115 | owl_zcrypt_string_to_schedule(keystring, &schedule); |
---|
[d309eb3] | 116 | |
---|
| 117 | inptr=in; |
---|
[1f37eba] | 118 | endptr = in + strlen(in); |
---|
| 119 | while (inptr + 16 <= endptr) { |
---|
[d309eb3] | 120 | for (i=0; i<8; i++) { |
---|
| 121 | c1=(inptr[0])-BASE_CODE; |
---|
| 122 | c2=(inptr[1])-BASE_CODE; |
---|
| 123 | input[i]=c1 * 0x10 + c2; |
---|
| 124 | inptr+=2; |
---|
| 125 | } |
---|
[3daca13] | 126 | des_ecb_encrypt(&input, &output, schedule, FALSE); |
---|
| 127 | strncat(out, (const char *)output, 8); |
---|
[d309eb3] | 128 | } |
---|
| 129 | |
---|
[dacb555] | 130 | return out; |
---|
[d309eb3] | 131 | } |
---|
| 132 | |
---|
[dacb555] | 133 | char *owl_zcrypt_encrypt(const char *in, const char *class, const char *instance) |
---|
| 134 | { |
---|
[9ceee9d] | 135 | char *fname, keystring[MAX_KEY]; |
---|
| 136 | FILE *fkey; |
---|
| 137 | |
---|
| 138 | fname=GetZephyrVarKeyFile("zcrypt", class, instance); |
---|
[dacb555] | 139 | if (!fname) return NULL; |
---|
[9ceee9d] | 140 | fkey=fopen(fname, "r"); |
---|
[dacb555] | 141 | if (!fkey) return NULL; |
---|
[3daca13] | 142 | if (!fgets(keystring, MAX_KEY-1, fkey)) { |
---|
| 143 | fclose(fkey); |
---|
[dacb555] | 144 | return NULL; |
---|
[3daca13] | 145 | } |
---|
[9ceee9d] | 146 | fclose(fkey); |
---|
| 147 | |
---|
[a52eeb1] | 148 | return owl_zcrypt_encrypt_with_key(in, keystring); |
---|
| 149 | } |
---|
| 150 | |
---|
| 151 | char *owl_zcrypt_encrypt_with_key(const char *in, const char *keystring) |
---|
| 152 | { |
---|
| 153 | des_key_schedule schedule; |
---|
| 154 | char *out; |
---|
| 155 | unsigned char input[8], output[8]; |
---|
| 156 | int size, length, i; |
---|
| 157 | const char *inbuff = NULL, *inptr; |
---|
| 158 | int num_blocks=0, last_block_size=0; |
---|
| 159 | |
---|
[3f18ad5] | 160 | owl_zcrypt_string_to_schedule(keystring, &schedule); |
---|
[9ceee9d] | 161 | |
---|
[dacb555] | 162 | /* Allocate enough space for the crypted message. For each byte of |
---|
| 163 | * the message, the encoded cyphertext will have two bytes. Block |
---|
| 164 | * size is 8 bytes of input, or 16 bytes of output, so make sure we |
---|
| 165 | * have at least one block worth of space allocated. If the message |
---|
| 166 | * is empty, no blocks are sent, but we still allocate one |
---|
| 167 | * block. The additional 16 bytes also provide space for the null |
---|
| 168 | * terminator, as we will never use all of it for cyphertext. |
---|
| 169 | */ |
---|
| 170 | out = owl_malloc((strlen(in) * 2) + 16); |
---|
| 171 | |
---|
[9ceee9d] | 172 | inbuff=in; |
---|
| 173 | length=strlen(inbuff); |
---|
| 174 | num_blocks=(length+7)/8; |
---|
| 175 | last_block_size=((length+7)%8)+1; |
---|
| 176 | |
---|
| 177 | strcpy(out, ""); |
---|
| 178 | |
---|
| 179 | inptr=inbuff; |
---|
| 180 | while (TRUE) { |
---|
| 181 | /* Get 8 bytes from buffer */ |
---|
| 182 | if (num_blocks > 1) { |
---|
| 183 | size = 8; |
---|
| 184 | memcpy(input, inptr, size); |
---|
| 185 | inptr+=8; |
---|
| 186 | num_blocks--; |
---|
| 187 | } else if (num_blocks == 1) { |
---|
| 188 | size=last_block_size; |
---|
| 189 | memcpy(input, inptr, size); |
---|
| 190 | num_blocks--; |
---|
| 191 | } else { |
---|
| 192 | size=0; |
---|
| 193 | } |
---|
| 194 | |
---|
| 195 | /* Check for EOF and pad the string to 8 chars, if needed */ |
---|
| 196 | if (size == 0) break; /* END OF INPUT: BREAK FROM while LOOP! */ |
---|
| 197 | |
---|
| 198 | if (size<8) memset(input + size, 0, 8 - size); |
---|
| 199 | |
---|
| 200 | /* Encrypt and output the block */ |
---|
[3daca13] | 201 | des_ecb_encrypt(&input, &output, schedule, TRUE); |
---|
[9ceee9d] | 202 | |
---|
| 203 | for (i = 0; i < 8; i++) { |
---|
[b9cb41b] | 204 | sprintf(out + strlen(out), "%c", ((output[i] & 0xf0) >> 4) + BASE_CODE); |
---|
| 205 | sprintf(out + strlen(out), "%c", (output[i] & 0x0f) + BASE_CODE); |
---|
[9ceee9d] | 206 | } |
---|
| 207 | |
---|
| 208 | if (size < 8) break; |
---|
| 209 | } |
---|
[dacb555] | 210 | return out; |
---|
[d309eb3] | 211 | } |
---|
| 212 | |
---|
| 213 | |
---|
| 214 | #define MAX_BUFF 258 |
---|
| 215 | #define MAX_SEARCH 3 |
---|
| 216 | /* Find the class/instance in the .crypt-table */ |
---|
[e19eb97] | 217 | char *GetZephyrVarKeyFile(const char *whoami, const char *class, const char *instance) { |
---|
[e3869df] | 218 | char *keyfile = NULL; |
---|
[8412869] | 219 | char *varname[MAX_SEARCH]; |
---|
[d309eb3] | 220 | int length[MAX_SEARCH], i; |
---|
| 221 | char buffer[MAX_BUFF]; |
---|
[8412869] | 222 | char *filename; |
---|
[d309eb3] | 223 | char result[MAX_SEARCH][MAX_BUFF]; |
---|
| 224 | int numsearch = 0; |
---|
| 225 | FILE *fsearch; |
---|
| 226 | |
---|
[8412869] | 227 | memset(varname, 0, sizeof(varname)); |
---|
| 228 | |
---|
[d309eb3] | 229 | /* Determine names to look for in .crypt-table */ |
---|
| 230 | if (instance) { |
---|
[8412869] | 231 | varname[numsearch++] = owl_sprintf("crypt-%s-%s:", (class?class:"message"), instance); |
---|
[d309eb3] | 232 | } |
---|
| 233 | if (class) { |
---|
[8412869] | 234 | varname[numsearch++] = owl_sprintf("crypt-%s:", class); |
---|
[d309eb3] | 235 | } |
---|
[8412869] | 236 | varname[numsearch++] = owl_strdup("crypt-default:"); |
---|
[d309eb3] | 237 | |
---|
| 238 | /* Setup the result array, and determine string lengths */ |
---|
| 239 | for (i = 0; i < numsearch; i++) { |
---|
| 240 | result[i][0] = '\0'; |
---|
| 241 | length[i] = strlen(varname[i]); |
---|
| 242 | } |
---|
| 243 | |
---|
| 244 | /* Open~/.crypt-table */ |
---|
[8412869] | 245 | filename = owl_sprintf("%s/.crypt-table", getenv("HOME")); |
---|
[d309eb3] | 246 | fsearch = fopen(filename, "r"); |
---|
| 247 | if (fsearch) { |
---|
| 248 | /* Scan file for a match */ |
---|
| 249 | while (!feof(fsearch)) { |
---|
[3daca13] | 250 | if (!fgets(buffer, MAX_BUFF - 3, fsearch)) break; |
---|
[d309eb3] | 251 | for (i = 0; i < numsearch; i++) { |
---|
| 252 | if (strncasecmp(varname[i], buffer, length[i]) == 0) { |
---|
| 253 | int j; |
---|
| 254 | for (j = length[i]; buffer[j] == ' '; j++) |
---|
| 255 | ; |
---|
| 256 | strcpy(result[i], &buffer[j]); |
---|
| 257 | if (*result[i]) { |
---|
| 258 | if (result[i][strlen(result[i])-1] == '\n') { |
---|
| 259 | result[i][strlen(result[i])-1] = '\0'; |
---|
| 260 | } |
---|
| 261 | } |
---|
| 262 | } |
---|
| 263 | } |
---|
| 264 | } |
---|
| 265 | |
---|
| 266 | /* Pick the "best" match found */ |
---|
| 267 | keyfile = NULL; |
---|
| 268 | for (i = 0; i < numsearch; i++) { |
---|
| 269 | if (*result[i]) { |
---|
| 270 | keyfile = result[i]; |
---|
| 271 | break; |
---|
| 272 | } |
---|
| 273 | } |
---|
| 274 | |
---|
| 275 | if (keyfile == NULL) { |
---|
[9ceee9d] | 276 | /* printf("Could not find key table entry.\n"); */ |
---|
[d309eb3] | 277 | } else { |
---|
| 278 | /* Prepare result to be returned */ |
---|
[36486be] | 279 | keyfile = owl_strdup(keyfile); |
---|
[d309eb3] | 280 | } |
---|
| 281 | |
---|
| 282 | fclose(fsearch); |
---|
| 283 | } else { |
---|
[9ceee9d] | 284 | /* printf("Could not open key table file: %s\n", filename); */ |
---|
[d309eb3] | 285 | } |
---|
| 286 | |
---|
[8412869] | 287 | for(i = 0; i < MAX_SEARCH; i++) { |
---|
| 288 | owl_free(varname[i]); |
---|
| 289 | } |
---|
| 290 | |
---|
| 291 | owl_free(filename); |
---|
| 292 | |
---|
[d309eb3] | 293 | return(keyfile); |
---|
| 294 | } |
---|
| 295 | |
---|
[c269e22] | 296 | #endif |
---|