From df441f86a113552ec627c874c7bd9d2ecd483c94 Mon Sep 17 00:00:00 2001
From: Niels Provos <provos@cvs.openbsd.org>
Date: Mon, 19 Jun 2000 14:01:57 +0000
Subject: use blowfish instead of DES to encrypt user keys

---
 usr.bin/tcfs/tcfs_keymaint.c  | 35 ++++++++++++++++-------------------
 usr.bin/tcfs/tcfsmng/Makefile |  4 ++--
 usr.bin/tcfs/tcfsuse/Makefile |  4 ++--
 3 files changed, 20 insertions(+), 23 deletions(-)

diff --git a/usr.bin/tcfs/tcfs_keymaint.c b/usr.bin/tcfs/tcfs_keymaint.c
index f4df15f36c5..2438b615c92 100644
--- a/usr.bin/tcfs/tcfs_keymaint.c
+++ b/usr.bin/tcfs/tcfs_keymaint.c
@@ -17,7 +17,8 @@
 #include <sys/param.h>
 #include <sys/mount.h>
 #include <sys/ucred.h>
-#include <des.h>
+#include <blf.h>
+
 #include <miscfs/tcfs/tcfs.h>
 #include <miscfs/tcfs/tcfs_cmd.h>
 
@@ -59,9 +60,9 @@ tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk,
 {
 	int i = 0;
 	char pass[_PASSWORD_LEN], *cypher;
-	char tcfskey[2*KEYSIZE];
-	des_key_schedule ks;
-	int keysize = (flag == GROUPKEY) ? KEYSIZE + KEYSIZE/8 : KEYSIZE;
+	char tcfskey[2*KEYSIZE], iv[8];
+	blf_ctx ctx;
+	int keysize = (flag == GROUPKEY) ? GKEYSIZE : KEYSIZE;
 
 	if (!tk)
 		return 0;
@@ -80,14 +81,12 @@ tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk,
 		strcat (pass, tmp);
 	}
 
-	while ((i*8) < keysize) {
-		des_set_key ((des_cblock *) pass, ks);
+	blf_key(&ctx, pass, strlen(pass));
+	memset(iv, 0, sizeof(iv));
+	blf_cbc_decrypt(&ctx, iv, tcfskey, keysize);
 
-		des_ecb_encrypt ((des_cblock *) (tcfskey+i*8),
-				 (des_cblock *) (tcfskey+i*8), ks, DES_DECRYPT);
-		i++;
-	}
 	memset (pass, 0, strlen (pass));
+	memset (&ctx, 0, sizeof(ctx));
 
 	memcpy (tk, tcfskey, keysize);
 	return 1;
@@ -98,9 +97,9 @@ tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek,
 		  unsigned int flag)
 {
 	int i = 0;
-	char pass[_PASSWORD_LEN];
-	des_key_schedule ks;
-	int keysize = (flag == GROUPKEY) ? KEYSIZE + KEYSIZE/8 : KEYSIZE;
+	char pass[_PASSWORD_LEN], iv[8];
+	blf_ctx ctx;
+	int keysize = (flag == GROUPKEY) ? GKEYSIZE : KEYSIZE;
 	int uulen = (flag == GROUPKEY) ? UUGKEYSIZE : UUKEYSIZE;
 	int res;
 
@@ -116,13 +115,11 @@ tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek,
 		strcat (tmp, pass);
 		strcat (pass, tmp);
 	}
+	
+	blf_key(&ctx, pass, strlen(pass));
+	blf_cbc_encrypt(&ctx, iv, key, keysize);
 
-	while ((i*8) < keysize) {
-		des_set_key((des_cblock *) pass, ks);
-		des_ecb_encrypt((des_cblock *) (key + i * 8),
-				(des_cblock *) (key + i * 8), ks, DES_ENCRYPT);
-		i++;
-	}
+	memset(&ctx, 0, sizeof(ctx));
 
 	res = uuencode (key, keysize, ek, uulen + 1);
 	if (res != uulen) {
diff --git a/usr.bin/tcfs/tcfsmng/Makefile b/usr.bin/tcfs/tcfsmng/Makefile
index d7b456c037b..c657ad56078 100644
--- a/usr.bin/tcfs/tcfsmng/Makefile
+++ b/usr.bin/tcfs/tcfsmng/Makefile
@@ -11,5 +11,5 @@ SRCS=	tcfsmng.c tcfsadduser.c tcfsrmuser.c tcfsaddgroup.c tcfsrmgroup.c
 
 .include <bsd.prog.mk>
 
-LDADD+=	-lutil -ldes
-DPADD+= ${LIBUTIL} ${LIBDES}
+LDADD+=	-lutil
+DPADD+= ${LIBUTIL}
diff --git a/usr.bin/tcfs/tcfsuse/Makefile b/usr.bin/tcfs/tcfsuse/Makefile
index 5f93cc3a552..e91fb13d05a 100644
--- a/usr.bin/tcfs/tcfsuse/Makefile
+++ b/usr.bin/tcfs/tcfsuse/Makefile
@@ -14,5 +14,5 @@ SRCS=	tcfsuse.c tcfsputkey.c tcfsrun.c tcfsrmkey.c tcfsgenkey.c tcfstat.c \
 
 .include <bsd.prog.mk>
 
-LDADD+=	-lutil -ldes
-DPADD+= ${LIBUTIL} ${LIBDES}
+LDADD+=	-lutil
+DPADD+= ${LIBUTIL}
-- 
cgit v1.2.3