void des::decrypt(char const* key, core::vector<byte> const& in, core::string& out)
{
DES_cblock key_block;
DES_key_schedule schedule;
DES_string_to_key(key, &key_block);
DES_set_key_checked(&key_block, &schedule);
char* buf = (char*)malloc(in.size());
core::vector<byte>::const_iterator iter = in.begin();
DES_cblock* output = (DES_cblock*)buf;
DES_cblock input;
while (iter != in.end())
{
usize sz = in.end() - iter;
if (sz >= 8)
sz = 8;
else
memset(input, 0, sizeof(DES_cblock));
memcpy(input, &*iter, sz);
DES_ecb_encrypt(&input, output, &schedule, DES_DECRYPT);
iter += sz;
output += 1;
}
out = buf;
free(buf);
}
static void desencode(char *content, char *content_in)
{
char de_content[1024] = {0};
DES_cblock key_cblock;
DES_string_to_key(key, &key_cblock);
DES_key_schedule schedule;
DES_set_key_checked(&key_cblock, &schedule);
DES_ncbc_encrypt(content, de_content, strlen(content), &schedule, &key_cblock, DES_ENCRYPT );
DES_string_to_key(key, &key_cblock);
DES_set_key_checked(&key_cblock, &schedule);
printf("key_cblock= %s\n", key_cblock);
Base64Encode(de_content, strlen(de_content), content_in, sizeof(content_in));
}
void openssl_des_crypt()
{
int size;
DES_cblock key;
DES_cblock outputs;
const_DES_cblock inputs;
DES_key_schedule schedule;
unsigned char tmp[16] = "des crypt";
DES_random_key(&key);
DES_string_to_key("beike2012", &key);
DES_set_odd_parity(&key);
des_check_key_parity(&key);
DES_set_key_checked(&key, &schedule);
DES_is_weak_key((const_DES_cblock *)tmp);
DES_ecb_encrypt((const_DES_cblock *)tmp, &outputs, &schedule, DES_ENCRYPT);
printf("\nDES_ecb_encrypt(%s) = ", tmp);
for (size = 0; size < sizeof(outputs); size++)
printf("%02x", outputs[size]);
printf("\n");
DES_ecb_encrypt(&outputs, &inputs, &schedule, DES_DECRYPT);
printf("DES_ecb_decrypt(");
for (size = 0; size < sizeof(outputs); size++)
printf("%02x", outputs[size]);
printf(") = %s\n", inputs);
}
int main(int argc,char **argv)
{
DES_cblock key;
/* DES_random_key(&key); */ /* generate a random key */
DES_string_to_key("pass", &key);
DES_key_schedule schedule;
DES_set_key_checked(&key, &schedule);
const_DES_cblock input = "hehehe";
DES_cblock output;
printf("cleartext:%s ", input);
printf("\r\n ");
DES_ecb_encrypt(&input, &output, &schedule, DES_ENCRYPT);
printf("Encrypted! ");
printf("ciphertext:");
int i;
for (i = 0; i < sizeof(input); i++)
printf("%02x", output[i]);
printf("\r\n ");
DES_ecb_encrypt(&output, &input, &schedule, DES_DECRYPT);
printf("Decrypted! ");
printf("cleartext:%s ", input);
printf("\r\n ");
return 0;
}
void initDes(){
int i;
DES_string_to_key("558LFin@l", &key);
DES_set_key_checked(&key, &schedule);
for (i = 0; i < 8 ; i++)
ivdata[i] = 0x00;
}
int initDes(unsigned char* str, DES_key_schedule* schedule){
//fprintf(stdout, "key = %s\n", str);
int i, ret;
unsigned char key[8];
DES_string_to_key(str, &key);
ret = DES_set_key_checked(key, schedule);
for (i = 0; i < 8 ; i++)
ivdata[i] = 0x00;
return ret;
}
int DES_read_password(DES_cblock *key, const char *prompt, int verify)
{
int ok;
char buf[BUFSIZ],buff[BUFSIZ];
if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
DES_string_to_key(buf,key);
OPENSSL_cleanse(buf,BUFSIZ);
OPENSSL_cleanse(buff,BUFSIZ);
return(ok);
}
//des解密函数
bool CRsaDesManager::DESDecode(const string& strDesKey, unsigned char *pcInData, unsigned long ulInLen, unsigned char *pcOutData)
{
DES_cblock key;
DES_key_schedule key_schedule;
DES_string_to_key(strDesKey.c_str(), &key);
if (DES_set_key_checked(&key, &key_schedule) != 0)
return false;
size_t len = (ulInLen+7)/8 * 8;
return DESDecode(key_schedule, pcInData, ulInLen, pcOutData);
}
krb5_error_code
mit_des_string_to_key_int (krb5_keyblock *key,
const krb5_data *pw, const krb5_data *salt)
{
DES_cblock outkey;
DES_string_to_key(pw->data, &outkey);
if ( key->length < sizeof(outkey))
return KRB5_CRYPTO_INTERNAL;
key->length = sizeof(outkey);
memcpy(key->contents, outkey, key->length);
return 0;
}
static void
s2k(char *password, const char *salt, char akey[8])
{
DES_cblock k;
size_t l = strlen(password) + strlen(salt);
char *pw = malloc(l + 1);
strcpy(pw, password);
strcat(pw, salt);
DES_string_to_key(pw, &k);
if (memcmp(akey, &k, 8) != 0)
errx(1, "key wrong for '%s'", pw);
free(pw);
}
//des加密函数
string CRsaDesManager::DESEncode(const string& strDesKey, const string& strInData)
{
DES_cblock key;
DES_key_schedule key_schedule;
DES_string_to_key(strDesKey.c_str(), &key);
if (DES_set_key_checked(&key, &key_schedule) != 0)
return "";
size_t len = (strInData.size()+7)/8 * 8;
unsigned char pcOutData[4096];
if(DESEncode(key_schedule, (unsigned char *)strInData.c_str(), len, pcOutData))
{
string strEncoded;
strEncoded.append((char*)pcOutData, len);
return strEncoded;
}
else
{
return "";
}
}
NNT_BEGIN_HEADER_C
# include <openssl/des.h>
# include <math.h>
NNT_END_HEADER_C
NNT_BEGIN_CXX
void des::encrypt(char const* key, core::string const& in, core::vector<byte>& out)
{
DES_cblock key_block;
DES_key_schedule schedule;
DES_string_to_key(key, &key_block);
DES_set_key_checked(&key_block, &schedule);
usize sz = (usize)ceil((double)in.size() / sizeof(DES_cblock)) * sizeof(DES_cblock);
out.resize(sz);
core::string::const_iterator iter = in.begin();
DES_cblock* output = (DES_cblock*)core::pointer(out);
DES_cblock input;
while (iter != in.end())
{
usize sz = in.end() - iter;
if (sz >= 8)
sz = 8;
else
memset(input, 0, sizeof(DES_cblock));
memcpy(input, &*iter, sz);
DES_ecb_encrypt(&input, output, &schedule, DES_ENCRYPT);
iter += sz;
output += 1;
}
}
afs_int32
ka_UserAuthenticateGeneral(afs_int32 flags, char *name, char *instance,
char *realm, char *password, Date lifetime,
afs_int32 * password_expires, /* days 'til, or don't change if not set */
afs_int32 spare2, char **reasonP)
{
int remainingTime = 0;
struct ktc_encryptionKey key;
afs_int32 code, dosetpag = 0;
if (reasonP)
*reasonP = "";
if ((flags & KA_USERAUTH_VERSION_MASK) != KA_USERAUTH_VERSION)
return KAOLDINTERFACE;
if ((strcmp(name, "root") == 0) && (instance == 0)) {
if (reasonP)
*reasonP = "root is only authenticated locally";
return KANOENT;
}
code = ka_Init(0);
if (code)
return code;
ka_StringToKey(password, realm, &key);
/*
* alarm is set by kpasswd only so ignore for
* NT
*/
#ifndef AFS_NT40_ENV
{ /* Rx uses timers, save to be safe */
if (rx_socket) {
/* don't reset alarms, rx already running */
remainingTime = 0;
} else
remainingTime = alarm(0);
}
#endif
#if !defined(AFS_NT40_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_USR_LINUX20_ENV) && (!defined(AFS_XBSD_ENV) || defined(AFS_FBSD_ENV))
/* handle smoothly the case where no AFS system calls exists (yet) */
(void)signal(SIGSYS, SIG_IGN);
#endif
#ifdef AFS_DECOSF_ENV
(void)signal(SIGTRAP, SIG_IGN);
#endif /* AFS_DECOSF_ENV */
if (instance == 0)
instance = "";
if (flags & KA_USERAUTH_ONLY_VERIFY) {
code = ka_VerifyUserToken(name, instance, realm, &key);
if (code == KABADREQUEST) {
DES_string_to_key(password, ktc_to_cblockptr(&key));
code = ka_VerifyUserToken(name, instance, realm, &key);
}
} else {
#ifdef AFS_DUX40_ENV
if (flags & KA_USERAUTH_DOSETPAG)
afs_setpag();
#else
#if !defined(UKERNEL) && !defined(AFS_NT40_ENV)
if (flags & KA_USERAUTH_DOSETPAG)
setpag();
#endif
#endif
if (flags & KA_USERAUTH_DOSETPAG2)
dosetpag = 1;
#ifdef AFS_KERBEROS_ENV
if ((flags & KA_USERAUTH_DOSETPAG) || dosetpag)
ktc_newpag();
#endif
if (lifetime == 0)
lifetime = MAXKTCTICKETLIFETIME;
code =
GetTickets(name, instance, realm, &key, lifetime,
password_expires, dosetpag);
if (code == KABADREQUEST) {
DES_string_to_key(password, ktc_to_cblockptr(&key));
code =
GetTickets(name, instance, realm, &key, lifetime,
password_expires, dosetpag);
}
}
#ifndef AFS_NT40_ENV
if (remainingTime) {
pr_End();
rx_Finalize();
alarm(remainingTime); /* restore timer, if any */
}
#endif
if (code && reasonP)
switch (code) {
case KABADREQUEST:
*reasonP = "password was incorrect";
break;
case KAUBIKCALL:
*reasonP = "Authentication Server was unavailable";
break;
default:
*reasonP = (char *)afs_error_message(code);
}
return code;
}
void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key)
{
DES_string_to_key(str, key);
}
int
main(int argc, char **argv)
{
struct afsconf_dir *tdir;
afs_int32 code;
if (argc == 1) {
printf("bos_util: usage is 'bos_util <opcode> options, e.g.\n");
printf(" bos_util add <kvno>\n");
printf(" bos_util adddes <kvno>\n");
#ifdef KERBEROS
printf(" bos_util srvtab2keyfile <kvno> <keyfile> <princ>\n");
#endif
printf(" bos_util delete <kvno>\n");
printf(" bos_util list\n");
exit(1);
}
tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIR);
if (!tdir) {
printf("bos_util: can't initialize conf dir '%s'\n",
AFSDIR_SERVER_ETC_DIR);
exit(1);
}
if (strcmp(argv[1], "add") == 0) {
struct ktc_encryptionKey tkey;
int kvno;
char buf[BUFSIZ], ver[BUFSIZ];
char *tcell = NULL;
if (argc != 3) {
printf("bos_util add: usage is 'bos_util add <kvno>\n");
exit(1);
}
kvno = atoi(argv[2]);
memset(&tkey, 0, sizeof(struct ktc_encryptionKey));
/* prompt for key */
code = UI_UTIL_read_pw_string(buf, sizeof(buf), "input key: ", 0);
if (code || strlen(buf) == 0) {
printf("Bad key: \n");
exit(1);
}
code = UI_UTIL_read_pw_string(ver, sizeof(ver), "Retype input key: ", 0);
if (code || strlen(ver) == 0) {
printf("Bad key: \n");
exit(1);
}
if (strcmp(ver, buf) != 0) {
printf("\nInput key mismatch\n");
exit(1);
}
ka_StringToKey(buf, tcell, &tkey);
code = afsconf_AddKey(tdir, kvno, ktc_to_charptr(&tkey), 0);
if (code) {
printf("bos_util: failed to set key, code %d.\n", code);
exit(1);
}
} else if (strcmp(argv[1], "adddes") == 0) {
DES_cblock tkey;
int kvno;
afs_int32 code;
char buf[BUFSIZ], ver[BUFSIZ];
if (argc != 3) {
printf("bos_util adddes: usage is 'bos_util adddes <kvno>\n");
exit(1);
}
kvno = atoi(argv[2]);
memset(&tkey, 0, sizeof(struct ktc_encryptionKey));
/* prompt for key */
code = UI_UTIL_read_pw_string(buf, sizeof(buf), "input key: ", 0);
if (code || strlen(buf) == 0) {
printf("Bad key: \n");
exit(1);
}
code = UI_UTIL_read_pw_string(ver, sizeof(ver), "Retype input key: ", 0);
if (code || strlen(ver) == 0) {
printf("Bad key: \n");
exit(1);
}
if (strcmp(ver, buf) != 0) {
printf("\nInput key mismatch\n");
exit(1);
}
DES_string_to_key(buf, &tkey);
code = afsconf_AddKey(tdir, kvno, (char *) &tkey, 0);
if (code) {
printf("bos_util: failed to set key, code %d.\n", code);
exit(1);
}
}
#ifdef KERBEROS
else if (strcmp(argv[1], "srvtab2keyfile") == 0) {
char tkey[8], name[255], inst[255], realm[255];
int kvno;
if (argc != 5) {
printf
("bos_util add: usage is 'bos_util srvtab2keyfile <kvno> <keyfile> <princ>\n");
exit(1);
}
kvno = atoi(argv[2]);
bzero(tkey, sizeof(tkey));
code = kname_parse(name, inst, realm, argv[4]);
if (code != 0) {
printf("Invalid kerberos name\n");
exit(1);
}
code = read_service_key(name, inst, realm, kvno, argv[3], tkey);
if (code != 0) {
printf("Can't find key in %s\n", argv[3]);
exit(1);
}
code = afsconf_AddKey(tdir, kvno, tkey, 0);
if (code) {
printf("bos_util: failed to set key, code %d.\n", code);
exit(1);
}
}
#endif
else if (strcmp(argv[1], "delete") == 0) {
long kvno;
if (argc != 3) {
printf("bos_util delete: usage is 'bos_util delete <kvno>\n");
exit(1);
}
kvno = atoi(argv[2]);
code = afsconf_DeleteKey(tdir, kvno);
if (code) {
printf("bos_util: failed to delete key %ld, (code %d)\n", kvno,
code);
exit(1);
}
} else if (strcmp(argv[1], "list") == 0) {
struct afsconf_keys tkeys;
int i;
unsigned char tbuffer[9];
code = afsconf_GetKeys(tdir, &tkeys);
if (code) {
printf("bos_util: failed to get keys, code %d\n", code);
exit(1);
}
for (i = 0; i < tkeys.nkeys; i++) {
if (tkeys.key[i].kvno != -1) {
int count;
unsigned char x[8];
memcpy(tbuffer, tkeys.key[i].key, 8);
tbuffer[8] = 0;
printf("kvno %4d: key is '%s' '", tkeys.key[i].kvno, tbuffer);
strcpy((char *)x, (char *)tbuffer);
for (count = 0; count < 8; count++)
printf("\\%03o", x[count]);
printf("'\n");
}
}
printf("All done.\n");
} else {
printf
("bos_util: unknown operation '%s', type 'bos_util' for assistance\n",
argv[1]);
exit(1);
}
exit(0);
}
