void
oldCBCencrypt(char *key7, char *p, int len)
{
uchar ivec[8];
uchar key[8];
DESstate s;
memset(ivec, 0, 8);
des56to64((uchar*)key7, key);
setupDESstate(&s, key, ivec);
desCBCencrypt((uchar*)p, len, &s);
}
static void
vncencrypt(uint8_t *buf, int n, char *pw)
{
uint8_t *p;
uint8_t key[9];
DESstate s;
mktab();
memset(key, 0, sizeof key);
strncpy((char*)key, pw, 8);
for(p=key; *p; p++)
*p = tab[*p];
setupDESstate(&s, key, nil);
desECBencrypt(buf, n, &s);
}
static void
desespinit(Espcb *ecb, char *name, uint8_t *k, unsigned n)
{
uint8_t key[Desblk], ivec[Desblk];
int i;
n = BITS2BYTES(n);
if(n > Desblk)
n = Desblk;
memset(key, 0, sizeof(key));
memmove(key, k, n);
for(i = 0; i < Desblk; i++)
ivec[i] = nrand(256);
ecb->espalg = name;
ecb->espblklen = Desblk;
ecb->espivlen = Desblk;
ecb->cipher = descipher;
ecb->espstate = smalloc(sizeof(DESstate));
setupDESstate(ecb->espstate, key, ivec);
}
static void
desespinit(Espcb *ecb, char *name, uchar *k, int n)
{
uchar key[8];
uchar ivec[8];
int i;
// bits to bytes
n = (n+7)>>3;
if(n > 8)
n = 8;
memset(key, 0, sizeof(key));
memmove(key, k, n);
for(i=0; i<8; i++)
ivec[i] = nrand(256);
ecb->espalg = name;
ecb->espblklen = 8;
ecb->espivlen = 8;
ecb->cipher = descipher;
ecb->espstate = smalloc(sizeof(DESstate));
setupDESstate(ecb->espstate, key, ivec);
}
int
convert(char **db, int len)
{
int i, nu, keydblen, keydboff, keydbaes;
char *p = *db;
keydblen = KEYDBLEN;
keydboff = KEYDBOFF;
keydbaes = len > 24 && memcmp(p, "AES KEYS", 8) == 0;
if(keydbaes) {
keydblen += AESKEYLEN;
keydboff = 8+16; /* signature[8] + iv[16] */
}
len -= keydboff;
if(len % keydblen) {
fprint(2, "%s: file odd length; not converting %d bytes\n", argv0, len % keydblen);
len -= len % keydblen;
}
len += keydboff;
if(keydbaes) {
AESstate s;
/* make sure we have aes key for decryption */
if(memcmp(okey.aes, zeros, AESKEYLEN) == 0) {
fprint(2, "%s: no aes key in NVRAM\n", argv0);
exits("no aes key");
}
setupAESstate(&s, okey.aes, AESKEYLEN, zeros);
aesCBCdecrypt((uchar*)p+8, len-8, &s);
} else {
DESstate s;
uchar k[8];
des56to64((uchar*)okey.des, k);
setupDESstate(&s, k, zeros);
desCBCdecrypt((uchar*)p, len, &s);
}
nu = 0;
for(i = keydboff; i < len; i += keydblen) {
if (badname(&p[i])) {
fprint(2, "%s: bad name %.30s... - aborting\n", argv0, &p[i]);
exits("bad name");
}
nu++;
}
if(verb) {
for(i = keydboff; i < len; i += keydblen)
print("%s\n", &p[i]);
exits(nil);
}
if(convaes && !keydbaes) {
char *s, *d;
keydboff = 8+16;
keydblen += AESKEYLEN;
len = keydboff + keydblen*nu;
p = realloc(p, len);
if(p == nil)
error("out of memory");
*db = p;
s = p + KEYDBOFF + nu*KEYDBLEN;
d = p + keydboff + nu*keydblen;
for(i=0; i<nu; i++) {
s -= KEYDBLEN;
d -= keydblen;
memmove(d, s, KEYDBLEN);
memset(d + KEYDBLEN, 0, keydblen-KEYDBLEN);
}
keydbaes = 1;
}
genrandom((uchar*)p, keydboff);
if(keydbaes) {
AESstate s;
memmove(p, "AES KEYS", 8);
setupAESstate(&s, nkey.aes, AESKEYLEN, zeros);
aesCBCencrypt((uchar*)p+8, len-8, &s);
} else {
DESstate s;
uchar k[8];
des56to64((uchar*)nkey.des, k);
setupDESstate(&s, k, zeros);
desCBCencrypt((uchar*)p, len, &s);
}
return len;
}
void
vnc(Ticketreq *tr)
{
uchar chal[VNCchallen+6];
uchar reply[VNCchallen];
char *secret, *hkey;
char sbuf[SECRETLEN], hbuf[DESKEYLEN];
DESstate s;
int i;
/*
* Create a challenge and send it.
*/
randombytes(chal+6, VNCchallen);
chal[0] = AuthOKvar;
snprint((char*)chal+1, sizeof chal - 1, "%-5d", VNCchallen);
if(write(1, chal, sizeof(chal)) != sizeof(chal))
return;
/*
* lookup keys (and swizzle bits)
*/
memset(sbuf, 0, sizeof(sbuf));
secret = findsecret(KEYDB, tr->uid, sbuf);
if(secret == 0){
randombytes((uchar*)sbuf, sizeof(sbuf));
secret = sbuf;
}
for(i = 0; i < 8; i++)
secret[i] = swizzletab[(uchar)secret[i]];
hkey = findkey(KEYDB, tr->hostid, hbuf);
if(hkey == 0){
randombytes((uchar*)hbuf, sizeof(hbuf));
hkey = hbuf;
}
/*
* get response
*/
if(readn(0, reply, sizeof(reply)) != sizeof(reply))
return;
/*
* decrypt response and compare
*/
setupDESstate(&s, (uchar*)secret, nil);
desECBdecrypt(reply, sizeof(reply), &s);
if(memcmp(reply, chal+6, VNCchallen) != 0){
replyerror("vnc-fail bad response %s", raddr);
logfail(tr->uid);
return;
}
succeed(tr->uid);
/*
* reply with ticket & authenticator
*/
if(tickauthreply(tr, hkey) < 0)
exits(0);
if(debug)
syslog(0, AUTHLOG, "vnc-ok %s %s", tr->uid, raddr);
}
