1 | /* zcrypt.c -- Read in a data stream from stdin & dump a decrypted/encrypted * |
---|
2 | * datastream. Reads the string to make the key from from the first * |
---|
3 | * parameter. Encrypts or decrypts according to -d or -e flag. (-e is * |
---|
4 | * default.) Will invoke zwrite if the -c option is provided for * |
---|
5 | * encryption. If a zephyr class is specified & the keyfile name omitted * |
---|
6 | * the ~/.crypt-table will be checked for "crypt-classname" and then * |
---|
7 | * "crypt-default" for the keyfile name. */ |
---|
8 | |
---|
9 | #include <stdio.h> |
---|
10 | |
---|
11 | #include <unistd.h> |
---|
12 | #include <sys/types.h> |
---|
13 | #include <glib.h> |
---|
14 | #include <string.h> |
---|
15 | #include <stdlib.h> |
---|
16 | #include <sys/wait.h> |
---|
17 | #include <ctype.h> |
---|
18 | #include <limits.h> |
---|
19 | #include <getopt.h> |
---|
20 | |
---|
21 | #include <config.h> |
---|
22 | |
---|
23 | #ifdef HAVE_KERBEROS_IV |
---|
24 | #include <kerberosIV/des.h> |
---|
25 | #else |
---|
26 | #include <openssl/des.h> |
---|
27 | #endif |
---|
28 | |
---|
29 | #include "filterproc.h" |
---|
30 | |
---|
31 | #ifndef OWL_VERSION_STRING |
---|
32 | #ifdef GIT_VERSION |
---|
33 | #define stringify(x) __stringify(x) |
---|
34 | #define __stringify(x) #x |
---|
35 | #define OWL_VERSION_STRING stringify(GIT_VERSION) |
---|
36 | #else |
---|
37 | #define OWL_VERSION_STRING PACKAGE_VERSION |
---|
38 | #endif |
---|
39 | #endif /* !OWL_VERSION_STRING */ |
---|
40 | |
---|
41 | /* Annotate functions in which the caller owns the return value and is |
---|
42 | * responsible for ensuring it is freed. */ |
---|
43 | #define CALLER_OWN G_GNUC_WARN_UNUSED_RESULT |
---|
44 | |
---|
45 | #define MAX_KEY 128 |
---|
46 | #define MAX_LINE 128 |
---|
47 | #define MAX_RESULT 4096 |
---|
48 | |
---|
49 | #ifndef TRUE |
---|
50 | #define TRUE -1 |
---|
51 | #endif |
---|
52 | #ifndef FALSE |
---|
53 | #define FALSE 0 |
---|
54 | #endif |
---|
55 | |
---|
56 | #define ZWRITE_OPT_NOAUTH (1<<0) |
---|
57 | #define ZWRITE_OPT_SIGNATURE (1<<1) |
---|
58 | #define ZWRITE_OPT_IGNOREVARS (1<<2) |
---|
59 | #define ZWRITE_OPT_VERBOSE (1<<3) |
---|
60 | #define ZWRITE_OPT_QUIET (1<<4) |
---|
61 | #define ZCRYPT_OPT_MESSAGE (1<<5) |
---|
62 | #define ZCRYPT_OPT_IGNOREDOT (1<<6) |
---|
63 | |
---|
64 | typedef struct |
---|
65 | { |
---|
66 | int flags; |
---|
67 | const char *signature; |
---|
68 | char *message; |
---|
69 | } ZWRITEOPTIONS; |
---|
70 | |
---|
71 | CALLER_OWN char *GetZephyrVarKeyFile(const char *whoami, const char *class, const char *instance); |
---|
72 | int ParseCryptSpec(const char *spec, const char **keyfile); |
---|
73 | CALLER_OWN char *BuildArgString(char **argv, int start, int end); |
---|
74 | CALLER_OWN char *read_keystring(const char *keyfile); |
---|
75 | |
---|
76 | int do_encrypt(int zephyr, const char *class, const char *instance, |
---|
77 | ZWRITEOPTIONS *zoptions, const char* keyfile, int cipher); |
---|
78 | int do_encrypt_des(const char *keyfile, const char *in, int len, FILE *out); |
---|
79 | int do_encrypt_aes(const char *keyfile, const char *in, int len, FILE *out); |
---|
80 | |
---|
81 | int do_decrypt(const char *keyfile, int cipher); |
---|
82 | int do_decrypt_aes(const char *keyfile); |
---|
83 | int do_decrypt_des(const char *keyfile); |
---|
84 | |
---|
85 | |
---|
86 | #define M_NONE 0 |
---|
87 | #define M_ZEPHYR_ENCRYPT 1 |
---|
88 | #define M_DECRYPT 2 |
---|
89 | #define M_ENCRYPT 3 |
---|
90 | #define M_RANDOMIZE 4 |
---|
91 | #define M_SETKEY 5 |
---|
92 | |
---|
93 | enum cipher_algo { |
---|
94 | CIPHER_DES, |
---|
95 | CIPHER_AES, |
---|
96 | NCIPHER |
---|
97 | }; |
---|
98 | |
---|
99 | typedef struct { |
---|
100 | int (*encrypt)(const char *keyfile, const char *in, int len, FILE *out); |
---|
101 | int (*decrypt)(const char *keyfile); |
---|
102 | } cipher_pair; |
---|
103 | |
---|
104 | cipher_pair ciphers[NCIPHER] = { |
---|
105 | [CIPHER_DES] = { do_encrypt_des, do_decrypt_des}, |
---|
106 | [CIPHER_AES] = { do_encrypt_aes, do_decrypt_aes}, |
---|
107 | }; |
---|
108 | |
---|
109 | static void owl_zcrypt_string_to_schedule(char *keystring, des_key_schedule *schedule) { |
---|
110 | #ifdef HAVE_KERBEROS_IV |
---|
111 | des_cblock key; |
---|
112 | #else |
---|
113 | des_cblock _key, *key = &_key; |
---|
114 | #endif |
---|
115 | |
---|
116 | des_string_to_key(keystring, key); |
---|
117 | des_key_sched(key, *schedule); |
---|
118 | } |
---|
119 | |
---|
120 | void usage(FILE *file, const char *progname) |
---|
121 | { |
---|
122 | fprintf(file, "Usage: %s [-Z|-D|-E|-R|-S] [-F Keyfile] [-c class] [-i instance]\n", progname); |
---|
123 | fprintf(file, " [-advqtluon] [-s signature] [-f arg] [-m message]\n"); |
---|
124 | fprintf(file, " One or more of class, instance, and keyfile must be specified.\n"); |
---|
125 | } |
---|
126 | |
---|
127 | int main(int argc, char *argv[]) |
---|
128 | { |
---|
129 | char *cryptspec = NULL; |
---|
130 | const char *keyfile; |
---|
131 | int cipher; |
---|
132 | int error = FALSE; |
---|
133 | int zephyr = FALSE; |
---|
134 | const char *class = NULL, *instance = NULL; |
---|
135 | int mode = M_NONE; |
---|
136 | |
---|
137 | int c; |
---|
138 | |
---|
139 | int messageflag = FALSE; |
---|
140 | ZWRITEOPTIONS zoptions; |
---|
141 | zoptions.flags = 0; |
---|
142 | |
---|
143 | enum { |
---|
144 | OPT_VERSION = CHAR_MAX + 1, |
---|
145 | OPT_HELP, |
---|
146 | }; |
---|
147 | static const struct option options[] = { |
---|
148 | {"version", no_argument, NULL, OPT_VERSION}, |
---|
149 | {"help", no_argument, NULL, OPT_HELP}, |
---|
150 | {NULL, 0, NULL, 0} |
---|
151 | }; |
---|
152 | |
---|
153 | while ((c = getopt_long(argc, argv, "ZDERSF:c:i:advqtluons:f:m", options, NULL)) != -1) |
---|
154 | { |
---|
155 | switch(c) |
---|
156 | { |
---|
157 | case OPT_VERSION: |
---|
158 | /* Version */ |
---|
159 | printf("This is zcrypt version %s\n", OWL_VERSION_STRING); |
---|
160 | exit(0); |
---|
161 | case OPT_HELP: |
---|
162 | /* Help */ |
---|
163 | usage(stdout, argv[0]); |
---|
164 | exit(0); |
---|
165 | case 'Z': |
---|
166 | /* Zephyr encrypt */ |
---|
167 | mode = M_ZEPHYR_ENCRYPT; |
---|
168 | break; |
---|
169 | case 'D': |
---|
170 | /* Decrypt */ |
---|
171 | mode = M_DECRYPT; |
---|
172 | break; |
---|
173 | case 'E': |
---|
174 | /* Encrypt */ |
---|
175 | mode = M_ENCRYPT; |
---|
176 | break; |
---|
177 | case 'R': |
---|
178 | /* Randomize the keyfile */ |
---|
179 | mode = M_RANDOMIZE; |
---|
180 | break; |
---|
181 | case 'S': |
---|
182 | /* Set a new key value from stdin */ |
---|
183 | mode = M_SETKEY; |
---|
184 | break; |
---|
185 | case 'F': |
---|
186 | /* Specify the keyfile explicitly */ |
---|
187 | if (cryptspec != NULL) error = TRUE; |
---|
188 | cryptspec = optarg; |
---|
189 | break; |
---|
190 | case 'c': |
---|
191 | /* Zwrite/zcrypt: class name */ |
---|
192 | if (class != NULL) error = TRUE; |
---|
193 | class = optarg; |
---|
194 | break; |
---|
195 | case 'i': |
---|
196 | /* Zwrite/zcrypt: instance name */ |
---|
197 | if (instance != NULL) error = TRUE; |
---|
198 | instance = optarg; |
---|
199 | break; |
---|
200 | case 'a': |
---|
201 | /* Zwrite: authenticate (default) */ |
---|
202 | zoptions.flags &= ~ZWRITE_OPT_NOAUTH; |
---|
203 | break; |
---|
204 | case 'd': |
---|
205 | /* Zwrite: do not authenticate */ |
---|
206 | zoptions.flags |= ZWRITE_OPT_NOAUTH; |
---|
207 | break; |
---|
208 | case 'v': |
---|
209 | /* Zwrite: verbose */ |
---|
210 | zoptions.flags |= ZWRITE_OPT_VERBOSE; |
---|
211 | break; |
---|
212 | case 'q': |
---|
213 | /* Zwrite: quiet */ |
---|
214 | zoptions.flags |= ZWRITE_OPT_QUIET; |
---|
215 | break; |
---|
216 | case 't': |
---|
217 | /* Zwrite: no expand tabs (ignored) */ |
---|
218 | break; |
---|
219 | case 'l': |
---|
220 | /* Zwrite: ignore '.' on a line by itself (ignored) */ |
---|
221 | zoptions.flags |= ZCRYPT_OPT_IGNOREDOT; |
---|
222 | break; |
---|
223 | case 'u': |
---|
224 | /* Zwrite: urgent message */ |
---|
225 | instance = "URGENT"; |
---|
226 | break; |
---|
227 | case 'o': |
---|
228 | /* Zwrite: ignore zephyr variables zwrite-class, zwrite-inst, */ |
---|
229 | /* zwrite-opcode */ |
---|
230 | zoptions.flags |= ZWRITE_OPT_IGNOREVARS; |
---|
231 | break; |
---|
232 | case 'n': |
---|
233 | /* Zwrite: prevent PING message (always used) */ |
---|
234 | break; |
---|
235 | case 's': |
---|
236 | /* Zwrite: signature */ |
---|
237 | zoptions.flags |= ZWRITE_OPT_SIGNATURE; |
---|
238 | zoptions.signature = optarg; |
---|
239 | break; |
---|
240 | case 'f': |
---|
241 | /* Zwrite: file system specification (ignored) */ |
---|
242 | break; |
---|
243 | case 'm': |
---|
244 | /* Message on rest of line*/ |
---|
245 | messageflag = TRUE; |
---|
246 | break; |
---|
247 | case '?': |
---|
248 | error = TRUE; |
---|
249 | break; |
---|
250 | } |
---|
251 | if (error || messageflag) |
---|
252 | break; |
---|
253 | } |
---|
254 | |
---|
255 | if (class != NULL || instance != NULL) |
---|
256 | zephyr = TRUE; |
---|
257 | |
---|
258 | if (messageflag) |
---|
259 | { |
---|
260 | zoptions.flags |= ZCRYPT_OPT_MESSAGE; |
---|
261 | zoptions.message = BuildArgString(argv, optind, argc); |
---|
262 | if (!zoptions.message) |
---|
263 | { |
---|
264 | fprintf(stderr, "Memory allocation error.\n"); |
---|
265 | error = TRUE; |
---|
266 | } |
---|
267 | } |
---|
268 | else if (optind < argc) |
---|
269 | { |
---|
270 | error = TRUE; |
---|
271 | } |
---|
272 | |
---|
273 | if (mode == M_NONE) |
---|
274 | mode = (zephyr?M_ZEPHYR_ENCRYPT:M_ENCRYPT); |
---|
275 | |
---|
276 | if (mode == M_ZEPHYR_ENCRYPT && !zephyr) |
---|
277 | error = TRUE; |
---|
278 | |
---|
279 | if (!error && cryptspec == NULL && (class != NULL || instance != NULL)) { |
---|
280 | cryptspec = GetZephyrVarKeyFile(argv[0], class, instance); |
---|
281 | if(!cryptspec) { |
---|
282 | fprintf(stderr, "Unable to find keyfile for "); |
---|
283 | if(class != NULL) { |
---|
284 | fprintf(stderr, "-c %s ", class); |
---|
285 | } |
---|
286 | if(instance != NULL) { |
---|
287 | fprintf(stderr, "-i %s ", instance); |
---|
288 | } |
---|
289 | fprintf(stderr, "\n"); |
---|
290 | exit(-1); |
---|
291 | } |
---|
292 | } |
---|
293 | |
---|
294 | if (error || !cryptspec) |
---|
295 | { |
---|
296 | usage(stderr, argv[0]); |
---|
297 | exit(1); |
---|
298 | } |
---|
299 | |
---|
300 | cipher = ParseCryptSpec(cryptspec, &keyfile); |
---|
301 | if(cipher < 0) { |
---|
302 | fprintf(stderr, "Invalid cipher specification: %s\n", cryptspec); |
---|
303 | exit(1); |
---|
304 | } |
---|
305 | |
---|
306 | |
---|
307 | if (mode == M_RANDOMIZE) |
---|
308 | { |
---|
309 | /* Choose a new, random key */ |
---|
310 | /* |
---|
311 | FILE *fkey = fopen(fname, "w"); |
---|
312 | if (!fkey) |
---|
313 | printf("Could not open key file for writing: %s\n", fname); |
---|
314 | else |
---|
315 | { |
---|
316 | char string[100]; |
---|
317 | fputs(fkey, string); |
---|
318 | fclose(fkey); |
---|
319 | } |
---|
320 | */ |
---|
321 | fprintf(stderr, "Feature not yet implemented.\n"); |
---|
322 | } |
---|
323 | else if (mode == M_SETKEY) |
---|
324 | { |
---|
325 | /* Set a new, user-entered key */ |
---|
326 | char newkey[MAX_KEY]; |
---|
327 | FILE *fkey; |
---|
328 | |
---|
329 | if (isatty(0)) |
---|
330 | { |
---|
331 | printf("Enter new key: "); |
---|
332 | /* Really should read without echo!!! */ |
---|
333 | } |
---|
334 | if(!fgets(newkey, MAX_KEY - 1, stdin)) { |
---|
335 | fprintf(stderr, "Error reading key.\n"); |
---|
336 | return 1; |
---|
337 | } |
---|
338 | |
---|
339 | fkey = fopen(keyfile, "w"); |
---|
340 | if (!fkey) |
---|
341 | fprintf(stderr, "Could not open key file for writing: %s\n", keyfile); |
---|
342 | else |
---|
343 | { |
---|
344 | if (fputs(newkey, fkey) != strlen(newkey) || putc('\n', fkey) != '\n') |
---|
345 | { |
---|
346 | fprintf(stderr, "Error writing to key file.\n"); |
---|
347 | fclose(fkey); |
---|
348 | exit(1); |
---|
349 | } |
---|
350 | else |
---|
351 | { |
---|
352 | fclose(fkey); |
---|
353 | fprintf(stderr, "Key update complete.\n"); |
---|
354 | } |
---|
355 | } |
---|
356 | } |
---|
357 | else |
---|
358 | { |
---|
359 | if (mode == M_ZEPHYR_ENCRYPT || mode == M_ENCRYPT) |
---|
360 | error = !do_encrypt((mode == M_ZEPHYR_ENCRYPT), class, instance, |
---|
361 | &zoptions, keyfile, cipher); |
---|
362 | else |
---|
363 | error = !do_decrypt(keyfile, cipher); |
---|
364 | } |
---|
365 | |
---|
366 | /* Always print the **END** message if -D is specified. */ |
---|
367 | if (mode == M_DECRYPT) |
---|
368 | printf("**END**\n"); |
---|
369 | |
---|
370 | return error; |
---|
371 | } |
---|
372 | |
---|
373 | int ParseCryptSpec(const char *spec, const char **keyfile) { |
---|
374 | int cipher = CIPHER_DES; |
---|
375 | char *cipher_name = strdup(spec); |
---|
376 | char *colon = strchr(cipher_name, ':'); |
---|
377 | |
---|
378 | *keyfile = spec; |
---|
379 | |
---|
380 | if (colon) { |
---|
381 | char *rest = strchr(spec, ':') + 1; |
---|
382 | while(isspace(*rest)) rest++; |
---|
383 | |
---|
384 | *colon-- = '\0'; |
---|
385 | while (colon >= cipher_name && isspace(*colon)) { |
---|
386 | *colon = '\0'; |
---|
387 | } |
---|
388 | |
---|
389 | if(strcmp(cipher_name, "AES") == 0) { |
---|
390 | cipher = CIPHER_AES; |
---|
391 | *keyfile = rest; |
---|
392 | } else if(strcmp(cipher_name, "DES") == 0) { |
---|
393 | cipher = CIPHER_DES; |
---|
394 | *keyfile = rest; |
---|
395 | } |
---|
396 | } |
---|
397 | |
---|
398 | free(cipher_name); |
---|
399 | |
---|
400 | return cipher; |
---|
401 | } |
---|
402 | |
---|
403 | /* Build a space-separated string from argv from elements between start * |
---|
404 | * and end - 1. malloc()'s the returned string. */ |
---|
405 | CALLER_OWN char *BuildArgString(char **argv, int start, int end) |
---|
406 | { |
---|
407 | int len = 1; |
---|
408 | int i; |
---|
409 | char *result; |
---|
410 | |
---|
411 | /* Compute the length of the string. (Plus 1 or 2) */ |
---|
412 | for (i = start; i < end; i++) |
---|
413 | len += strlen(argv[i]) + 1; |
---|
414 | |
---|
415 | /* Allocate memory */ |
---|
416 | result = (char *)malloc(len); |
---|
417 | if (result) |
---|
418 | { |
---|
419 | /* Build the string */ |
---|
420 | char *ptr = result; |
---|
421 | /* Start with an empty string, in case nothing is copied. */ |
---|
422 | *ptr = '\0'; |
---|
423 | /* Copy the arguments */ |
---|
424 | for (i = start; i < end; i++) |
---|
425 | { |
---|
426 | char *temp = argv[i]; |
---|
427 | /* Add a space, if not the first argument */ |
---|
428 | if (i != start) |
---|
429 | *ptr++ = ' '; |
---|
430 | /* Copy argv[i], leaving ptr pointing to the '\0' copied from temp */ |
---|
431 | while ((*ptr = *temp++)) |
---|
432 | ptr++; |
---|
433 | } |
---|
434 | } |
---|
435 | |
---|
436 | return result; |
---|
437 | } |
---|
438 | |
---|
439 | #define MAX_BUFF 258 |
---|
440 | #define MAX_SEARCH 3 |
---|
441 | /* Find the class/instance in the .crypt-table */ |
---|
442 | CALLER_OWN char *GetZephyrVarKeyFile(const char *whoami, const char *class, const char *instance) |
---|
443 | { |
---|
444 | char *keyfile = NULL; |
---|
445 | char *varname[MAX_SEARCH]; |
---|
446 | int length[MAX_SEARCH], i; |
---|
447 | char buffer[MAX_BUFF]; |
---|
448 | const char *home; |
---|
449 | char *filename; |
---|
450 | char result[MAX_SEARCH][MAX_BUFF]; |
---|
451 | int numsearch = 0; |
---|
452 | FILE *fsearch; |
---|
453 | |
---|
454 | memset(varname, 0, sizeof(varname)); |
---|
455 | |
---|
456 | /* Determine names to look for in .crypt-table */ |
---|
457 | if (instance) |
---|
458 | varname[numsearch++] = g_strdup_printf("crypt-%s-%s:", (class?class:"message"), instance); |
---|
459 | if (class) |
---|
460 | varname[numsearch++] = g_strdup_printf("crypt-%s:", class); |
---|
461 | varname[numsearch++] = g_strdup("crypt-default:"); |
---|
462 | |
---|
463 | /* Setup the result array, and determine string lengths */ |
---|
464 | for (i = 0; i < numsearch; i++) |
---|
465 | { |
---|
466 | result[i][0] = '\0'; |
---|
467 | length[i] = strlen(varname[i]); |
---|
468 | } |
---|
469 | |
---|
470 | /* Open~/.crypt-table */ |
---|
471 | home = getenv("HOME"); |
---|
472 | if (home == NULL) |
---|
473 | home = g_get_home_dir(); |
---|
474 | filename = g_build_filename(home, ".crypt-table", NULL); |
---|
475 | fsearch = fopen(filename, "r"); |
---|
476 | if (fsearch) |
---|
477 | { |
---|
478 | /* Scan file for a match */ |
---|
479 | while (!feof(fsearch)) |
---|
480 | { |
---|
481 | if (!fgets(buffer, MAX_BUFF - 3, fsearch)) break; |
---|
482 | for (i = 0; i < numsearch; i++) |
---|
483 | if (strncasecmp(varname[i], buffer, length[i]) == 0) |
---|
484 | { |
---|
485 | int j; |
---|
486 | for (j = length[i]; buffer[j] == ' '; j++) |
---|
487 | ; |
---|
488 | strcpy(result[i], &buffer[j]); |
---|
489 | if (*result[i]) |
---|
490 | if (result[i][strlen(result[i])-1] == '\n') |
---|
491 | result[i][strlen(result[i])-1] = '\0'; |
---|
492 | } |
---|
493 | } |
---|
494 | |
---|
495 | /* Pick the "best" match found */ |
---|
496 | keyfile = NULL; |
---|
497 | for (i = 0; i < numsearch; i++) |
---|
498 | if (*result[i]) |
---|
499 | { |
---|
500 | keyfile = result[i]; |
---|
501 | break; |
---|
502 | } |
---|
503 | |
---|
504 | if (keyfile != NULL) |
---|
505 | { |
---|
506 | /* Prepare result to be returned */ |
---|
507 | char *temp = keyfile; |
---|
508 | keyfile = (char *)malloc(strlen(temp) + 1); |
---|
509 | if (keyfile) |
---|
510 | strcpy(keyfile, temp); |
---|
511 | else |
---|
512 | fprintf(stderr, "Memory allocation error.\n"); |
---|
513 | } |
---|
514 | fclose(fsearch); |
---|
515 | } |
---|
516 | else |
---|
517 | fprintf(stderr, "Could not open key table file: %s\n", filename); |
---|
518 | |
---|
519 | for(i = 0; i < MAX_SEARCH; i++) { |
---|
520 | g_free(varname[i]); |
---|
521 | } |
---|
522 | |
---|
523 | g_free(filename); |
---|
524 | |
---|
525 | return keyfile; |
---|
526 | } |
---|
527 | |
---|
528 | static pid_t zephyrpipe_pid = 0; |
---|
529 | |
---|
530 | /* Open a pipe to zwrite */ |
---|
531 | FILE *GetZephyrPipe(const char *class, const char *instance, const ZWRITEOPTIONS *zoptions) |
---|
532 | { |
---|
533 | int fildes[2]; |
---|
534 | pid_t pid; |
---|
535 | FILE *result; |
---|
536 | const char *argv[20]; |
---|
537 | int argc = 0; |
---|
538 | |
---|
539 | if (pipe(fildes) < 0) |
---|
540 | return NULL; |
---|
541 | pid = fork(); |
---|
542 | |
---|
543 | if (pid < 0) |
---|
544 | { |
---|
545 | /* Error: clean up */ |
---|
546 | close(fildes[0]); |
---|
547 | close(fildes[1]); |
---|
548 | result = NULL; |
---|
549 | } |
---|
550 | else if (pid == 0) |
---|
551 | { |
---|
552 | /* Setup child process */ |
---|
553 | argv[argc++] = "zwrite"; |
---|
554 | argv[argc++] = "-n"; /* Always send without ping */ |
---|
555 | if (class) |
---|
556 | { |
---|
557 | argv[argc++] = "-c"; |
---|
558 | argv[argc++] = class; |
---|
559 | } |
---|
560 | if (instance) |
---|
561 | { |
---|
562 | argv[argc++] = "-i"; |
---|
563 | argv[argc++] = instance; |
---|
564 | } |
---|
565 | if (zoptions->flags & ZWRITE_OPT_NOAUTH) |
---|
566 | argv[argc++] = "-d"; |
---|
567 | if (zoptions->flags & ZWRITE_OPT_QUIET) |
---|
568 | argv[argc++] = "-q"; |
---|
569 | if (zoptions->flags & ZWRITE_OPT_VERBOSE) |
---|
570 | argv[argc++] = "-v"; |
---|
571 | if (zoptions->flags & ZWRITE_OPT_SIGNATURE) |
---|
572 | { |
---|
573 | argv[argc++] = "-s"; |
---|
574 | argv[argc++] = zoptions->signature; |
---|
575 | } |
---|
576 | argv[argc++] = "-O"; |
---|
577 | argv[argc++] = "crypt"; |
---|
578 | argv[argc] = NULL; |
---|
579 | close(fildes[1]); |
---|
580 | if (fildes[0] != STDIN_FILENO) |
---|
581 | { |
---|
582 | if (dup2(fildes[0], STDIN_FILENO) != STDIN_FILENO) |
---|
583 | exit(0); |
---|
584 | close(fildes[0]); |
---|
585 | } |
---|
586 | close(fildes[0]); |
---|
587 | execvp(argv[0], (char **)argv); |
---|
588 | fprintf(stderr, "Exec error: could not run zwrite\n"); |
---|
589 | exit(0); |
---|
590 | } |
---|
591 | else |
---|
592 | { |
---|
593 | close(fildes[0]); |
---|
594 | /* Create a FILE * for the zwrite pipe */ |
---|
595 | result = (FILE *)fdopen(fildes[1], "w"); |
---|
596 | zephyrpipe_pid = pid; |
---|
597 | } |
---|
598 | |
---|
599 | return result; |
---|
600 | } |
---|
601 | |
---|
602 | /* Close the pipe to zwrite */ |
---|
603 | void CloseZephyrPipe(FILE *pipe) |
---|
604 | { |
---|
605 | fclose(pipe); |
---|
606 | waitpid(zephyrpipe_pid, NULL, 0); |
---|
607 | zephyrpipe_pid = 0; |
---|
608 | } |
---|
609 | |
---|
610 | #define BASE_CODE 70 |
---|
611 | #define LAST_CODE (BASE_CODE + 15) |
---|
612 | #define OUTPUT_BLOCK_SIZE 16 |
---|
613 | |
---|
614 | void block_to_ascii(unsigned char *output, FILE *outfile) |
---|
615 | { |
---|
616 | int i; |
---|
617 | for (i = 0; i < 8; i++) |
---|
618 | { |
---|
619 | putc(((output[i] & 0xf0) >> 4) + BASE_CODE, outfile); |
---|
620 | putc( (output[i] & 0x0f) + BASE_CODE, outfile); |
---|
621 | } |
---|
622 | } |
---|
623 | |
---|
624 | CALLER_OWN char *slurp_stdin(int ignoredot, int *length) { |
---|
625 | char *buf; |
---|
626 | char *inptr; |
---|
627 | |
---|
628 | if ((inptr = buf = (char *)malloc(MAX_RESULT)) == NULL) |
---|
629 | { |
---|
630 | fprintf(stderr, "Memory allocation error\n"); |
---|
631 | return NULL; |
---|
632 | } |
---|
633 | while (inptr - buf < MAX_RESULT - MAX_LINE - 20) |
---|
634 | { |
---|
635 | if (fgets(inptr, MAX_LINE, stdin) == NULL) |
---|
636 | break; |
---|
637 | |
---|
638 | if (inptr[0]) |
---|
639 | { |
---|
640 | if (inptr[0] == '.' && inptr[1] == '\n' && !ignoredot) |
---|
641 | { |
---|
642 | inptr[0] = '\0'; |
---|
643 | break; |
---|
644 | } |
---|
645 | else |
---|
646 | inptr += strlen(inptr); |
---|
647 | } |
---|
648 | else |
---|
649 | break; |
---|
650 | } |
---|
651 | *length = inptr - buf; |
---|
652 | |
---|
653 | return buf; |
---|
654 | } |
---|
655 | |
---|
656 | CALLER_OWN char *GetInputBuffer(ZWRITEOPTIONS *zoptions, int *length) { |
---|
657 | char *buf; |
---|
658 | |
---|
659 | if (zoptions->flags & ZCRYPT_OPT_MESSAGE) |
---|
660 | { |
---|
661 | /* Use the -m message */ |
---|
662 | buf = strdup(zoptions->message); |
---|
663 | *length = strlen(buf); |
---|
664 | } |
---|
665 | else |
---|
666 | { |
---|
667 | if (isatty(0)) { |
---|
668 | /* tty input, so show the "Type your message now..." message */ |
---|
669 | if (zoptions->flags & ZCRYPT_OPT_IGNOREDOT) |
---|
670 | printf("Type your message now. End with the end-of-file character.\n"); |
---|
671 | else |
---|
672 | printf("Type your message now. End with control-D or a dot on a line by itself.\n"); |
---|
673 | } else { |
---|
674 | zoptions->flags |= ZCRYPT_OPT_IGNOREDOT; |
---|
675 | } |
---|
676 | |
---|
677 | buf = slurp_stdin(zoptions->flags & ZCRYPT_OPT_IGNOREDOT, length); |
---|
678 | } |
---|
679 | return buf; |
---|
680 | } |
---|
681 | |
---|
682 | CALLER_OWN char *read_keystring(const char *keyfile) { |
---|
683 | char *keystring; |
---|
684 | FILE *fkey = fopen(keyfile, "r"); |
---|
685 | if(!fkey) { |
---|
686 | fprintf(stderr, "Unable to open keyfile %s\n", keyfile); |
---|
687 | return NULL; |
---|
688 | } |
---|
689 | keystring = malloc(MAX_KEY); |
---|
690 | if(!fgets(keystring, MAX_KEY-1, fkey)) { |
---|
691 | fprintf(stderr, "Unable to read from keyfile: %s\n", keyfile); |
---|
692 | free(keystring); |
---|
693 | keystring = NULL; |
---|
694 | } |
---|
695 | fclose(fkey); |
---|
696 | return keystring; |
---|
697 | } |
---|
698 | |
---|
699 | /* Encrypt stdin, with prompt if isatty, and send to stdout, or to zwrite |
---|
700 | if zephyr is set. */ |
---|
701 | int do_encrypt(int zephyr, const char *class, const char *instance, |
---|
702 | ZWRITEOPTIONS *zoptions, const char *keyfile, int cipher) |
---|
703 | { |
---|
704 | FILE *outfile = stdout; |
---|
705 | char *inbuff = NULL; |
---|
706 | int buflen; |
---|
707 | int out = TRUE; |
---|
708 | |
---|
709 | inbuff = GetInputBuffer(zoptions, &buflen); |
---|
710 | |
---|
711 | if(!inbuff) { |
---|
712 | fprintf(stderr, "Error reading zcrypt input!\n"); |
---|
713 | return FALSE; |
---|
714 | } |
---|
715 | |
---|
716 | if (zephyr) { |
---|
717 | outfile = GetZephyrPipe(class, instance, zoptions); |
---|
718 | if (!outfile) |
---|
719 | { |
---|
720 | fprintf(stderr, "Could not run zwrite\n"); |
---|
721 | if (inbuff) |
---|
722 | free(inbuff); |
---|
723 | return FALSE; |
---|
724 | } |
---|
725 | } |
---|
726 | |
---|
727 | out = ciphers[cipher].encrypt(keyfile, inbuff, buflen, outfile); |
---|
728 | |
---|
729 | if (zephyr) |
---|
730 | CloseZephyrPipe(outfile); |
---|
731 | |
---|
732 | free(inbuff); |
---|
733 | return out; |
---|
734 | } |
---|
735 | |
---|
736 | int do_encrypt_des(const char *keyfile, const char *in, int length, FILE *outfile) |
---|
737 | { |
---|
738 | des_key_schedule schedule; |
---|
739 | unsigned char input[8], output[8]; |
---|
740 | const char *inptr; |
---|
741 | int num_blocks, last_block_size; |
---|
742 | char *keystring; |
---|
743 | int size; |
---|
744 | |
---|
745 | keystring = read_keystring(keyfile); |
---|
746 | if(!keystring) { |
---|
747 | return FALSE; |
---|
748 | } |
---|
749 | |
---|
750 | owl_zcrypt_string_to_schedule(keystring, &schedule); |
---|
751 | free(keystring); |
---|
752 | |
---|
753 | inptr = in; |
---|
754 | num_blocks = (length + 7) / 8; |
---|
755 | last_block_size = ((length + 7) % 8) + 1; |
---|
756 | |
---|
757 | /* Encrypt the input (inbuff or stdin) and send it to outfile */ |
---|
758 | while (TRUE) |
---|
759 | { |
---|
760 | /* Get 8 bytes from buffer */ |
---|
761 | if (num_blocks > 1) |
---|
762 | { |
---|
763 | size = 8; |
---|
764 | memcpy(input, inptr, size); |
---|
765 | inptr += 8; |
---|
766 | num_blocks--; |
---|
767 | } |
---|
768 | else if (num_blocks == 1) |
---|
769 | { |
---|
770 | size = last_block_size; |
---|
771 | memcpy(input, inptr, size); |
---|
772 | num_blocks--; |
---|
773 | } |
---|
774 | else |
---|
775 | size = 0; |
---|
776 | |
---|
777 | /* Check for EOF and pad the string to 8 chars, if needed */ |
---|
778 | if (size == 0) |
---|
779 | break; |
---|
780 | if (size < 8) |
---|
781 | memset(input + size, 0, 8 - size); |
---|
782 | |
---|
783 | /* Encrypt and output the block */ |
---|
784 | des_ecb_encrypt(&input, &output, schedule, TRUE); |
---|
785 | block_to_ascii(output, outfile); |
---|
786 | |
---|
787 | if (size < 8) |
---|
788 | break; |
---|
789 | } |
---|
790 | |
---|
791 | putc('\n', outfile); |
---|
792 | |
---|
793 | return TRUE; |
---|
794 | } |
---|
795 | |
---|
796 | int do_encrypt_aes(const char *keyfile, const char *in, int length, FILE *outfile) |
---|
797 | { |
---|
798 | char *out; |
---|
799 | int err, status; |
---|
800 | const char *argv[] = { |
---|
801 | "gpg", |
---|
802 | "--symmetric", |
---|
803 | "--no-options", |
---|
804 | "--no-default-keyring", |
---|
805 | "--keyring", "/dev/null", |
---|
806 | "--secret-keyring", "/dev/null", |
---|
807 | "--batch", |
---|
808 | "--quiet", |
---|
809 | "--no-use-agent", |
---|
810 | "--armor", |
---|
811 | "--cipher-algo", "AES", |
---|
812 | "--passphrase-file", keyfile, |
---|
813 | NULL |
---|
814 | }; |
---|
815 | err = call_filter(argv, in, &out, &status); |
---|
816 | if(err || status) { |
---|
817 | g_free(out); |
---|
818 | return FALSE; |
---|
819 | } |
---|
820 | fwrite(out, strlen(out), 1, outfile); |
---|
821 | g_free(out); |
---|
822 | return TRUE; |
---|
823 | } |
---|
824 | |
---|
825 | /* Read a half-byte from stdin, skipping invalid characters. Returns -1 |
---|
826 | if at EOF or file error */ |
---|
827 | int read_ascii_nybble(void) |
---|
828 | { |
---|
829 | char c; |
---|
830 | |
---|
831 | while (TRUE) |
---|
832 | { |
---|
833 | if (fread(&c, 1, 1, stdin) == 0) |
---|
834 | return -1; |
---|
835 | else if (c >= BASE_CODE && c <= LAST_CODE) |
---|
836 | return c - BASE_CODE; |
---|
837 | } |
---|
838 | } |
---|
839 | |
---|
840 | /* Read both halves of the byte and return the single byte. Returns -1 |
---|
841 | if at EOF or file error. */ |
---|
842 | int read_ascii_byte(void) |
---|
843 | { |
---|
844 | int c1, c2; |
---|
845 | c1 = read_ascii_nybble(); |
---|
846 | if (c1 >= 0) |
---|
847 | { |
---|
848 | c2 = read_ascii_nybble(); |
---|
849 | if (c2 >= 0) |
---|
850 | { |
---|
851 | return c1 * 0x10 + c2; |
---|
852 | } |
---|
853 | } |
---|
854 | return -1; |
---|
855 | } |
---|
856 | |
---|
857 | /* Read an 8-byte DES block from stdin */ |
---|
858 | int read_ascii_block(unsigned char *input) |
---|
859 | { |
---|
860 | int c; |
---|
861 | |
---|
862 | int i; |
---|
863 | for (i = 0; i < 8; i++) |
---|
864 | { |
---|
865 | c = read_ascii_byte(); |
---|
866 | if (c < 0) |
---|
867 | return FALSE; |
---|
868 | |
---|
869 | input[i] = c; |
---|
870 | } |
---|
871 | |
---|
872 | return TRUE; |
---|
873 | } |
---|
874 | |
---|
875 | /* Decrypt stdin */ |
---|
876 | int do_decrypt(const char *keyfile, int cipher) |
---|
877 | { |
---|
878 | return ciphers[cipher].decrypt(keyfile); |
---|
879 | } |
---|
880 | |
---|
881 | int do_decrypt_aes(const char *keyfile) { |
---|
882 | char *in, *out; |
---|
883 | int length; |
---|
884 | const char *argv[] = { |
---|
885 | "gpg", |
---|
886 | "--decrypt", |
---|
887 | "--no-options", |
---|
888 | "--no-default-keyring", |
---|
889 | "--keyring", "/dev/null", |
---|
890 | "--secret-keyring", "/dev/null", |
---|
891 | "--batch", |
---|
892 | "--no-use-agent", |
---|
893 | "--quiet", |
---|
894 | "--passphrase-file", keyfile, |
---|
895 | NULL |
---|
896 | }; |
---|
897 | int err, status; |
---|
898 | |
---|
899 | in = slurp_stdin(TRUE, &length); |
---|
900 | if(!in) return FALSE; |
---|
901 | |
---|
902 | err = call_filter(argv, in, &out, &status); |
---|
903 | free(in); |
---|
904 | if(err || status) { |
---|
905 | g_free(out); |
---|
906 | return FALSE; |
---|
907 | } |
---|
908 | fwrite(out, strlen(out), 1, stdout); |
---|
909 | g_free(out); |
---|
910 | |
---|
911 | return TRUE; |
---|
912 | } |
---|
913 | |
---|
914 | int do_decrypt_des(const char *keyfile) { |
---|
915 | des_key_schedule schedule; |
---|
916 | unsigned char input[8], output[8]; |
---|
917 | char tmp[9]; |
---|
918 | char *keystring; |
---|
919 | |
---|
920 | /* |
---|
921 | DES decrypts 8 bytes at a time. We copy those over into the 9-byte |
---|
922 | 'tmp', which has the final byte zeroed, to ensure that we always |
---|
923 | have a NULL-terminated string we can call printf/strlen on. |
---|
924 | |
---|
925 | We don't pass 'tmp' to des_ecb_encrypt directly, because it's |
---|
926 | prototyped as taking 'unsigned char[8]', and this avoids a stupid |
---|
927 | cast. |
---|
928 | |
---|
929 | We zero 'tmp' entirely, not just the final byte, in case there are |
---|
930 | no input blocks. |
---|
931 | */ |
---|
932 | memset(tmp, 0, sizeof tmp); |
---|
933 | |
---|
934 | keystring = read_keystring(keyfile); |
---|
935 | if(!keystring) return FALSE; |
---|
936 | |
---|
937 | owl_zcrypt_string_to_schedule(keystring, &schedule); |
---|
938 | |
---|
939 | free(keystring); |
---|
940 | |
---|
941 | while (read_ascii_block(input)) |
---|
942 | { |
---|
943 | des_ecb_encrypt(&input, &output, schedule, FALSE); |
---|
944 | memcpy(tmp, output, 8); |
---|
945 | printf("%s", tmp); |
---|
946 | } |
---|
947 | |
---|
948 | if (!tmp[0] || tmp[strlen(tmp) - 1] != '\n') |
---|
949 | printf("\n"); |
---|
950 | return TRUE; |
---|
951 | } |
---|