summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>2000-06-18 16:23:11 +0000
committerNiels Provos <provos@cvs.openbsd.org>2000-06-18 16:23:11 +0000
commitc03b36cbcdf70018b03c8c925fc4e9792f92fd8b (patch)
treeed2aa5d2828c838facc6aff27ef633f33d2d4ee6
parent555ca9661a390b91aeacaf535c9b178ba0167ce5 (diff)
change keysize from 8 bytes to 24 for Triple-DES and to 32 for Blowfish.
This probably breaks group sharing. copyin on userland pointers is required, inline key into the argument structure.
-rw-r--r--sys/miscfs/tcfs/tcfs_cipher.h6
-rw-r--r--sys/miscfs/tcfs/tcfs_cipher_TDES.c37
-rw-r--r--sys/miscfs/tcfs/tcfs_keytab.h4
-rw-r--r--sys/miscfs/tcfs/tcfs_mount.h4
4 files changed, 36 insertions, 15 deletions
diff --git a/sys/miscfs/tcfs/tcfs_cipher.h b/sys/miscfs/tcfs/tcfs_cipher.h
index 62a14ecab1f..fa2105d36cc 100644
--- a/sys/miscfs/tcfs/tcfs_cipher.h
+++ b/sys/miscfs/tcfs/tcfs_cipher.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcfs_cipher.h,v 1.3 2000/06/17 20:25:54 provos Exp $ */
+/* $OpenBSD: tcfs_cipher.h,v 1.4 2000/06/18 16:23:08 provos Exp $ */
/*
* Copyright 2000 The TCFS Project at http://tcfs.dia.unisa.it/
* All rights reserved.
@@ -97,12 +97,12 @@ void *TDES_init_key(char *);
void TDES_cleanup_key(void*);
void TDES_encrypt(char *, int , void*);
void TDES_decrypt(char *, int , void*);
-#define TDES_KEYSIZE 8
+#define TDES_KEYSIZE 24
void *BLOWFISH_init_key(char *);
void BLOWFISH_cleanup_key(void*);
void BLOWFISH_encrypt(char *, int , void*);
void BLOWFISH_decrypt(char *, int , void*);
-#define BLOWFISH_KEYSIZE 8
+#define BLOWFISH_KEYSIZE 32
#endif /* _TCFS_CIPHER_H_ */
diff --git a/sys/miscfs/tcfs/tcfs_cipher_TDES.c b/sys/miscfs/tcfs/tcfs_cipher_TDES.c
index f90d697336d..4e88df37929 100644
--- a/sys/miscfs/tcfs/tcfs_cipher_TDES.c
+++ b/sys/miscfs/tcfs/tcfs_cipher_TDES.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcfs_cipher_TDES.c,v 1.3 2000/06/17 20:25:54 provos Exp $ */
+/* $OpenBSD: tcfs_cipher_TDES.c,v 1.4 2000/06/18 16:23:10 provos Exp $ */
/*
* Copyright 2000 The TCFS Project at http://tcfs.dia.unisa.it/
* All rights reserved.
@@ -28,24 +28,45 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
+#include <sys/md5k.h>
#include <miscfs/tcfs/tcfs_cipher.h>
#include <crypto/des_locl.h>
#include <crypto/des.h>
+/* EDE Triple-DES with K1, K2 and K3 */
+
void *
TDES_init_key (char *key)
{
des_key_schedule *ks;
+ char dkey[TDES_KEYSIZE];
+ char digest[16];
+ MD5_CTX ctx;
+ int i;
+
+
+ /* Fold the bigger key into a Triple-DES suitable one */
+ bcopy (key, dkey, sizeof(dkey));
+ MD5Init(&ctx);
+ MD5Update(&ctx, key, KEYSIZE);
+ MD5Final(digest, &ctx);
- ks = (des_key_schedule *)malloc (2 * sizeof (des_key_schedule),
+ for (i = 0; i < sizeof(dkey); i++)
+ dkey[i] ^= digest[i % 16];
+
+ ks = (des_key_schedule *)malloc (3 * sizeof (des_key_schedule),
M_FREE, M_NOWAIT);
if (!ks)
return NULL;
- des_set_key ((des_cblock *)key, ks[0]);
- des_set_key ((des_cblock *)(key + 8), ks[1]);
+ des_set_key ((des_cblock *) dkey, ks[0]);
+ des_set_key ((des_cblock *)(dkey + 8), ks[1]);
+ des_set_key ((des_cblock *)(dkey + 16), ks[2]);
+
+ bzero(dkey, sizeof(dkey));
+ bzero(digest, sizeof(digest));
return (void *)ks;
}
@@ -69,13 +90,13 @@ TDES_encrypt(char *block, int nb, void *key)
xi = (u_int32_t *)block;
tmp = block;
des_ecb3_encrypt((des_cblock *)tmp, (des_cblock *)tmp,
- ks[0],ks[1],ks[0],DES_ENCRYPT);
+ ks[0], ks[1], ks[2],DES_ENCRYPT);
tmp += 8;
for (i = 1;i < nb/8;i++) {
*(xi+2) ^= *xi;
*(xi+3) ^= *(xi + 1);
des_ecb3_encrypt((des_cblock *)tmp, (des_cblock *)tmp,
- ks[0], ks[1], ks[0], DES_ENCRYPT);
+ ks[0], ks[1], ks[2], DES_ENCRYPT);
tmp += 8;
xi += 2;
}
@@ -93,13 +114,13 @@ TDES_decrypt(char *block, int nb, void *key)
tmp = block;
xo[0] = *xi; xo[1] = *(xi+1);
des_ecb3_encrypt((des_cblock *)tmp, (des_cblock *)tmp,
- ks[0], ks[1], ks[0], DES_DECRYPT);
+ ks[0], ks[1], ks[2], DES_DECRYPT);
tmp += 8;
xi = (u_int32_t *)tmp;
for (i = 1;i < nb/8; i++) {
xa[0] = *xi; xa[1] = *(xi+1);
des_ecb3_encrypt((des_cblock *)tmp, (des_cblock *)tmp,
- ks[0], ks[1], ks[0], DES_DECRYPT);
+ ks[0], ks[1], ks[2], DES_DECRYPT);
*(xi) ^= xo[0];
*(xi+1)^= xo[1];
xo[0] = xa[0];
diff --git a/sys/miscfs/tcfs/tcfs_keytab.h b/sys/miscfs/tcfs/tcfs_keytab.h
index cdab1489c89..e5a286080f1 100644
--- a/sys/miscfs/tcfs/tcfs_keytab.h
+++ b/sys/miscfs/tcfs/tcfs_keytab.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcfs_keytab.h,v 1.3 2000/06/17 20:25:55 provos Exp $ */
+/* $OpenBSD: tcfs_keytab.h,v 1.4 2000/06/18 16:23:10 provos Exp $ */
/*
* Copyright 2000 The TCFS Project at http://tcfs.dia.unisa.it/
* All rights reserved.
@@ -32,7 +32,7 @@
struct tcfs_mount;
#define KEYTABSIZE 20
-#define KEYSIZE 8
+#define KEYSIZE 32
#define KEYPARTSIZE (KEYSIZE+KEYSIZE/8)
#define CLEAN 0x00
diff --git a/sys/miscfs/tcfs/tcfs_mount.h b/sys/miscfs/tcfs/tcfs_mount.h
index 095ed23f3b5..de6d87afe6d 100644
--- a/sys/miscfs/tcfs/tcfs_mount.h
+++ b/sys/miscfs/tcfs/tcfs_mount.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcfs_mount.h,v 1.3 2000/06/17 20:25:55 provos Exp $ */
+/* $OpenBSD: tcfs_mount.h,v 1.4 2000/06/18 16:23:10 provos Exp $ */
/*
* Copyright 2000 The TCFS Project at http://tcfs.dia.unisa.it/
* All rights reserved.
@@ -44,7 +44,7 @@ struct tcfs_status {
struct tcfs_args {
char *target; /* Target of loopback */
- char *tcfs_key; /* chiave */
+ u_char tcfs_key[KEYSIZE];
int cipher_num;
int cmd; /* direttiva */
uid_t user; /* utente */