summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>2000-06-19 14:01:57 +0000
committerNiels Provos <provos@cvs.openbsd.org>2000-06-19 14:01:57 +0000
commitdf441f86a113552ec627c874c7bd9d2ecd483c94 (patch)
tree6c30dcd4d6fd88e792e238b29578160dc03a62bd
parent96f897b9f36c30629f9d4acd3ca7c7c2e1669131 (diff)
use blowfish instead of DES to encrypt user keys
-rw-r--r--usr.bin/tcfs/tcfs_keymaint.c35
-rw-r--r--usr.bin/tcfs/tcfsmng/Makefile4
-rw-r--r--usr.bin/tcfs/tcfsuse/Makefile4
3 files changed, 20 insertions, 23 deletions
diff --git a/usr.bin/tcfs/tcfs_keymaint.c b/usr.bin/tcfs/tcfs_keymaint.c
index f4df15f36c5..2438b615c92 100644
--- a/usr.bin/tcfs/tcfs_keymaint.c
+++ b/usr.bin/tcfs/tcfs_keymaint.c
@@ -17,7 +17,8 @@
#include <sys/param.h>
#include <sys/mount.h>
#include <sys/ucred.h>
-#include <des.h>
+#include <blf.h>
+
#include <miscfs/tcfs/tcfs.h>
#include <miscfs/tcfs/tcfs_cmd.h>
@@ -59,9 +60,9 @@ tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk,
{
int i = 0;
char pass[_PASSWORD_LEN], *cypher;
- char tcfskey[2*KEYSIZE];
- des_key_schedule ks;
- int keysize = (flag == GROUPKEY) ? KEYSIZE + KEYSIZE/8 : KEYSIZE;
+ char tcfskey[2*KEYSIZE], iv[8];
+ blf_ctx ctx;
+ int keysize = (flag == GROUPKEY) ? GKEYSIZE : KEYSIZE;
if (!tk)
return 0;
@@ -80,14 +81,12 @@ tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk,
strcat (pass, tmp);
}
- while ((i*8) < keysize) {
- des_set_key ((des_cblock *) pass, ks);
+ blf_key(&ctx, pass, strlen(pass));
+ memset(iv, 0, sizeof(iv));
+ blf_cbc_decrypt(&ctx, iv, tcfskey, keysize);
- des_ecb_encrypt ((des_cblock *) (tcfskey+i*8),
- (des_cblock *) (tcfskey+i*8), ks, DES_DECRYPT);
- i++;
- }
memset (pass, 0, strlen (pass));
+ memset (&ctx, 0, sizeof(ctx));
memcpy (tk, tcfskey, keysize);
return 1;
@@ -98,9 +97,9 @@ tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek,
unsigned int flag)
{
int i = 0;
- char pass[_PASSWORD_LEN];
- des_key_schedule ks;
- int keysize = (flag == GROUPKEY) ? KEYSIZE + KEYSIZE/8 : KEYSIZE;
+ char pass[_PASSWORD_LEN], iv[8];
+ blf_ctx ctx;
+ int keysize = (flag == GROUPKEY) ? GKEYSIZE : KEYSIZE;
int uulen = (flag == GROUPKEY) ? UUGKEYSIZE : UUKEYSIZE;
int res;
@@ -116,13 +115,11 @@ tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek,
strcat (tmp, pass);
strcat (pass, tmp);
}
+
+ blf_key(&ctx, pass, strlen(pass));
+ blf_cbc_encrypt(&ctx, iv, key, keysize);
- while ((i*8) < keysize) {
- des_set_key((des_cblock *) pass, ks);
- des_ecb_encrypt((des_cblock *) (key + i * 8),
- (des_cblock *) (key + i * 8), ks, DES_ENCRYPT);
- i++;
- }
+ memset(&ctx, 0, sizeof(ctx));
res = uuencode (key, keysize, ek, uulen + 1);
if (res != uulen) {
diff --git a/usr.bin/tcfs/tcfsmng/Makefile b/usr.bin/tcfs/tcfsmng/Makefile
index d7b456c037b..c657ad56078 100644
--- a/usr.bin/tcfs/tcfsmng/Makefile
+++ b/usr.bin/tcfs/tcfsmng/Makefile
@@ -11,5 +11,5 @@ SRCS= tcfsmng.c tcfsadduser.c tcfsrmuser.c tcfsaddgroup.c tcfsrmgroup.c
.include <bsd.prog.mk>
-LDADD+= -lutil -ldes
-DPADD+= ${LIBUTIL} ${LIBDES}
+LDADD+= -lutil
+DPADD+= ${LIBUTIL}
diff --git a/usr.bin/tcfs/tcfsuse/Makefile b/usr.bin/tcfs/tcfsuse/Makefile
index 5f93cc3a552..e91fb13d05a 100644
--- a/usr.bin/tcfs/tcfsuse/Makefile
+++ b/usr.bin/tcfs/tcfsuse/Makefile
@@ -14,5 +14,5 @@ SRCS= tcfsuse.c tcfsputkey.c tcfsrun.c tcfsrmkey.c tcfsgenkey.c tcfstat.c \
.include <bsd.prog.mk>
-LDADD+= -lutil -ldes
-DPADD+= ${LIBUTIL} ${LIBDES}
+LDADD+= -lutil
+DPADD+= ${LIBUTIL}