/* OpenBSD S/Key (skeysubr.c) * * Authors: * Neil M. Haller <nmh@thumper.bellcore.com> * Philip R. Karn <karn@chicago.qualcomm.com> * John S. Walden <jsw@thumper.bellcore.com> * Scott Chasin <chasin@crimelab.com> * Todd C. Miller <Todd.Miller@courtesan.com> * * S/Key misc routines. * * $OpenBSD: skeysubr.c,v 1.30 2007/05/17 04:34:50 ray Exp $ */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <ctype.h> #include <signal.h> #include <termios.h> #include <unistd.h> #include <md4.h> #include <md5.h> #include <sha1.h> #include <rmd160.h> #include "skey.h" /* Default hash function to use (index into skey_hash_types array) */ #ifndef SKEY_HASH_DEFAULT #define SKEY_HASH_DEFAULT 1 #endif static int keycrunch_md4(char *, char *, char *); static int keycrunch_md5(char *, char *, char *); static int keycrunch_sha1(char *, char *, char *); static int keycrunch_rmd160(char *, char *, char *); static void lowcase(char *); static void skey_echo(int); static void trapped(int); /* Current hash type (index into skey_hash_types array) */ static int skey_hash_type = SKEY_HASH_DEFAULT; /* * Hash types we support. * Each has an associated keycrunch() and f() function. */ #define SKEY_ALGORITH_LAST 4 struct skey_algorithm_table { const char *name; int (*keycrunch)(char *, char *, char *); }; static struct skey_algorithm_table skey_algorithm_table[] = { { "md4", keycrunch_md4 }, { "md5", keycrunch_md5 }, { "sha1", keycrunch_sha1 }, { "rmd160", keycrunch_rmd160 } }; /* * Crunch a key: * Concatenate the seed and the password, run through hash function and * collapse to 64 bits. This is defined as the user's starting key. * The result pointer must have at least SKEY_BINKEY_SIZE bytes of storage. * The seed and password may be of any length. */ int keycrunch(char *result, char *seed, char *passwd) { return(skey_algorithm_table[skey_hash_type].keycrunch(result, seed, passwd)); } static int keycrunch_md4(char *result, char *seed, char *passwd) { char *buf = NULL; MD4_CTX md; u_int32_t results[4]; unsigned int buflen; /* * If seed and passwd are defined we are in keycrunch() mode, * else we are in f() mode. */ if (seed && passwd) { buflen = strlen(seed) + strlen(passwd); if ((buf = malloc(buflen + 1)) == NULL) return(-1); (void)strlcpy(buf, seed, buflen + 1); lowcase(buf); (void)strlcat(buf, passwd, buflen + 1); sevenbit(buf); } else { buf = result; buflen = SKEY_BINKEY_SIZE; } /* Crunch the key through MD4 */ MD4Init(&md); MD4Update(&md, (unsigned char *)buf, buflen); MD4Final((unsigned char *)results, &md); /* Fold result from 128 to 64 bits */ results[0] ^= results[2]; results[1] ^= results[3]; (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); if (buf != result) (void)free(buf); return(0); } static int keycrunch_md5(char *result, char *seed, char *passwd) { char *buf; MD5_CTX md; u_int32_t results[4]; unsigned int buflen; /* * If seed and passwd are defined we are in keycrunch() mode, * else we are in f() mode. */ if (seed && passwd) { buflen = strlen(seed) + strlen(passwd); if ((buf = malloc(buflen + 1)) == NULL) return(-1); (void)strlcpy(buf, seed, buflen + 1); lowcase(buf); (void)strlcat(buf, passwd, buflen + 1); sevenbit(buf); } else { buf = result; buflen = SKEY_BINKEY_SIZE; } /* Crunch the key through MD5 */ MD5Init(&md); MD5Update(&md, (unsigned char *)buf, buflen); MD5Final((unsigned char *)results, &md); /* Fold result from 128 to 64 bits */ results[0] ^= results[2]; results[1] ^= results[3]; (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); if (buf != result) (void)free(buf); return(0); } static int keycrunch_sha1(char *result, char *seed, char *passwd) { char *buf; SHA1_CTX sha; unsigned int buflen; int i, j; /* * If seed and passwd are defined we are in keycrunch() mode, * else we are in f() mode. */ if (seed && passwd) { buflen = strlen(seed) + strlen(passwd); if ((buf = malloc(buflen + 1)) == NULL) return(-1); (void)strlcpy(buf, seed, buflen + 1); lowcase(buf); (void)strlcat(buf, passwd, buflen + 1); sevenbit(buf); } else { buf = result; buflen = SKEY_BINKEY_SIZE; } /* Crunch the key through SHA1 */ SHA1Init(&sha); SHA1Update(&sha, (unsigned char *)buf, buflen); SHA1Pad(&sha); /* Fold 160 to 64 bits */ sha.state[0] ^= sha.state[2]; sha.state[1] ^= sha.state[3]; sha.state[0] ^= sha.state[4]; /* * SHA1 is a big endian algorithm but RFC2289 mandates that * the result be in little endian form, so we copy to the * result buffer manually. */ for (i = 0, j = 0; j < 8; i++, j += 4) { result[j] = (u_char)(sha.state[i] & 0xff); result[j+1] = (u_char)((sha.state[i] >> 8) & 0xff); result[j+2] = (u_char)((sha.state[i] >> 16) & 0xff); result[j+3] = (u_char)((sha.state[i] >> 24) & 0xff); } if (buf != result) (void)free(buf); return(0); } static int keycrunch_rmd160(char *result, char *seed, char *passwd) { char *buf; RMD160_CTX rmd; u_int32_t results[5]; unsigned int buflen; /* * If seed and passwd are defined we are in keycrunch() mode, * else we are in f() mode. */ if (seed && passwd) { buflen = strlen(seed) + strlen(passwd); if ((buf = malloc(buflen + 1)) == NULL) return(-1); (void)strlcpy(buf, seed, buflen + 1); lowcase(buf); (void)strlcat(buf, passwd, buflen + 1); sevenbit(buf); } else { buf = result; buflen = SKEY_BINKEY_SIZE; } /* Crunch the key through RMD-160 */ RMD160Init(&rmd); RMD160Update(&rmd, (unsigned char *)buf, buflen); RMD160Final((unsigned char *)results, &rmd); /* Fold 160 to 64 bits */ results[0] ^= results[2]; results[1] ^= results[3]; results[0] ^= results[4]; (void)memcpy((void *)result, (void *)results, SKEY_BINKEY_SIZE); if (buf != result) (void)free(buf); return(0); } /* * The one-way hash function f(). * Takes SKEY_BINKEY_SIZE bytes and returns SKEY_BINKEY_SIZE bytes in place. */ void f(char *x) { (void)skey_algorithm_table[skey_hash_type].keycrunch(x, NULL, NULL); } /* Strip trailing cr/lf from a line of text */ void rip(char *buf) { buf += strcspn(buf, "\r\n"); if (*buf) *buf = '\0'; } /* Read in secret password (turns off echo) */ char * readpass(char *buf, int n) { void (*old_handler)(int); /* Turn off echoing */ skey_echo(0); /* Catch SIGINT and save old signal handler */ old_handler = signal(SIGINT, trapped); if (fgets(buf, n, stdin) == NULL) buf[0] = '\0'; rip(buf); (void)putc('\n', stderr); (void)fflush(stderr); /* Restore signal handler and turn echo back on */ if (old_handler != SIG_ERR) (void)signal(SIGINT, old_handler); skey_echo(1); sevenbit(buf); return(buf); } /* Read in an s/key OTP (does not turn off echo) */ char * readskey(char *buf, int n) { if (fgets(buf, n, stdin) == NULL) buf[0] = '\0'; rip(buf); sevenbit(buf); return(buf); } /* Signal handler for trapping ^C */ /*ARGSUSED*/ static void trapped(int sig) { write(STDERR_FILENO, "^C\n", 3); /* Turn on echo if necessary */ skey_echo(1); _exit(1); } /* * Convert 16-byte hex-ascii string to 8-byte binary array * Returns 0 on success, -1 on error */ int atob8(char *out, char *in) { int i; int val; if (in == NULL || out == NULL) return(-1); for (i=0; i < 8; i++) { if ((in = skipspace(in)) == NULL) return(-1); if ((val = htoi(*in++)) == -1) return(-1); *out = val << 4; if ((in = skipspace(in)) == NULL) return(-1); if ((val = htoi(*in++)) == -1) return(-1); *out++ |= val; } return(0); } /* Convert 8-byte binary array to 16-byte hex-ascii string */ int btoa8(char *out, char *in) { if (in == NULL || out == NULL) return(-1); (void)snprintf(out, 17, "%02x%02x%02x%02x%02x%02x%02x%02x", in[0] & 0xff, in[1] & 0xff, in[2] & 0xff, in[3] & 0xff, in[4] & 0xff, in[5] & 0xff, in[6] & 0xff, in[7] & 0xff); return(0); } /* Convert hex digit to binary integer */ int htoi(int c) { if ('0' <= c && c <= '9') return(c - '0'); if ('a' <= c && c <= 'f') return(10 + c - 'a'); if ('A' <= c && c <= 'F') return(10 + c - 'A'); return(-1); } /* Skip leading spaces from the string */ char * skipspace(char *cp) { while (*cp == ' ' || *cp == '\t') cp++; if (*cp == '\0') return(NULL); else return(cp); } /* Remove backspaced over characters from the string */ void backspace(char *buf) { char bs = 0x8; char *cp = buf; char *out = buf; while (*cp) { if (*cp == bs) { if (out == buf) { cp++; continue; } else { cp++; out--; } } else { *out++ = *cp++; } } *out = '\0'; } /* Make sure line is all seven bits */ void sevenbit(char *s) { while (*s) *s++ &= 0x7f; } /* Set hash algorithm type */ char * skey_set_algorithm(char *new) { int i; for (i = 0; i < SKEY_ALGORITH_LAST; i++) { if (strcmp(new, skey_algorithm_table[i].name) == 0) { skey_hash_type = i; return(new); } } return(NULL); } /* Get current hash type */ const char * skey_get_algorithm(void) { return(skey_algorithm_table[skey_hash_type].name); } /* Turn echo on/off */ static void skey_echo(int action) { static struct termios term; static int echo = 0; if (action == 0) { /* Turn echo off */ (void) tcgetattr(fileno(stdin), &term); if ((echo = (term.c_lflag & ECHO))) { term.c_lflag &= ~ECHO; (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); } } else if (action && echo) { /* Turn echo on */ term.c_lflag |= ECHO; (void) tcsetattr(fileno(stdin), TCSAFLUSH|TCSASOFT, &term); echo = 0; } } /* Convert string to lower case */ static void lowcase(char *s) { char *p; for (p = s; *p; p++) { if (isupper(*p)) *p = (char)tolower(*p); } }