Return to BSD News archive
Newsgroups: comp.unix.bsd.freebsd.misc
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.mira.net.au!news.vbc.net!samba.rahul.net!rahul.net!a2i!olivea!quack!quack.kfu.com!nsayer
From: nsayer@quack.kfu.com (Nick Sayer)
Subject: more telnet encryption
Message-ID: <nyFP3r2@quack.kfu.com>
Sender: news@quack.kfu.com (0000-News(0000))
Organization: The Duck Pond public unix, +1 408 249 9630, log in as guest.
Date: Fri, 6 Sep 1996 00:07:34 UTC
Lines: 448
Stop me before I code again!
Well, steal, more like.
I took idea.[ch] from pgp and put together support for IDEA
as an encryption method for Telnet. I can't post this because
it contains encryption, but I _will_ post the hookup code
and directions:
Apply the patch below. It will muck around in
/usr/src/secure/lib/libtelnet, fiddle /usr/src/include/arpa/telnet.h
a little and finally leave a file called idea.pat in the current
directory.
Go get the source to pgp. copy idea.c and idea.h to
/usr/src/secure/lib/libtelnet.
Apply the patch in idea.pat to the idea files from pgp. It just
comments out some random number stuff that isn't needed.
make clean all install in /usr/src/secure/libtelnet.
There! You can use the command 'encrypt type idea' from a telnet
prompt and you'll be using IDEA in a CFB mode to encrypt your
session!
problems:
1. IDEA is covered by a yucky patent, aparently.
2. I haven't fiddled SRA to use the expanded keyspace offered by
IDEA. Coming soon
3. A couple of XXX sections in enc_idea.c
4. It appears that the default encryption type for a session is
chosen by magical means. It always comes up DES_CFB64. You can
change this on the fly with the encrypt type command, though.
Have fun!
diff -c ./Makefile /usr/src/secure/lib/libtelnet/Makefile
*** ./Makefile Mon Mar 11 08:17:17 1996
--- /usr/src/secure/lib/libtelnet/Makefile Thu Sep 5 16:26:22 1996
***************
*** 13,18 ****
--- 13,23 ----
DPADD+= ${LIBDES} ${LIBKRB}
.endif
+ # SRA authentication
+ CFLAGS+= -DDES_ENCRYPTION -DAUTHENTICATION -DSRA -DIDEA_ENCRYPTION
+ SRCS+= auth.c enc_des.c sra.c pk.c idea.c enc_idea.c
+ LDADD+= -ldescrypt -lmp
+
# Not Yet
#SRCS += spx.c rsaencpwd.c read_password.c
diff -c ./auth-proto.h /usr/src/secure/lib/libtelnet/auth-proto.h
*** ./auth-proto.h Mon May 29 23:11:49 1995
--- /usr/src/secure/lib/libtelnet/auth-proto.h Thu Sep 5 10:12:29 1996
***************
*** 93,96 ****
--- 93,104 ----
int kerberos5_status P((Authenticator *, char *, int));
void kerberos5_printsub P((unsigned char *, int, unsigned char *, int));
#endif
+ #ifdef SRA
+ int sra_init P((Authenticator *, int));
+ int sra_send P((Authenticator *));
+ void sra_is P((Authenticator *, unsigned char *, int));
+ void sra_reply P((Authenticator *, unsigned char *, int));
+ int sra_status P((Authenticator *, char *, int));
+ void sra_printsub P((unsigned char *, int, unsigned char *, int));
+ #endif
#endif
diff -c ./auth.c /usr/src/secure/lib/libtelnet/auth.c
*** ./auth.c Thu Jul 20 04:39:17 1995
--- /usr/src/secure/lib/libtelnet/auth.c Thu Sep 5 10:15:00 1996
***************
*** 181,186 ****
--- 181,195 ----
rsaencpwd_status,
rsaencpwd_printsub },
#endif
+ #ifdef SRA
+ { AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+ sra_init,
+ sra_send,
+ sra_is,
+ sra_reply,
+ sra_status,
+ sra_printsub },
+ #endif
{ 0, },
};
diff -c ./enc-proto.h /usr/src/secure/lib/libtelnet/enc-proto.h
*** ./enc-proto.h Thu Sep 14 14:29:07 1995
--- /usr/src/secure/lib/libtelnet/enc-proto.h Thu Sep 5 16:44:03 1996
***************
*** 97,102 ****
--- 97,103 ----
void krbdes_session P((Session_Key *, int));
void krbdes_printsub P((unsigned char *, int, unsigned char *, int));
+ #ifdef DES_ENCRYPTION
void cfb64_encrypt P((unsigned char *, int));
int cfb64_decrypt P((int));
void cfb64_init P((int));
***************
*** 116,120 ****
--- 117,129 ----
void ofb64_session P((Session_Key *, int));
int ofb64_keyid P((int, unsigned char *, int *));
void ofb64_printsub P((unsigned char *, int, unsigned char *, int));
+ #endif /* DES_ENCRYPTION */
+ #ifdef IDEA_ENCRYPTION
+ void idea_encrypt P((unsigned char *, int));
+ int idea_decrypt P((int));
+ void idea_init P((int));
+ int idea_start P((int, int));
+ void idea_session P((Session_Key *, int));
+ #endif /* IDEA_ENCRYPTION */
#endif /* ENCRYPTION */
Only in /usr/src/secure/lib/libtelnet: enc_idea.c
Only in /usr/src/secure/lib/libtelnet: enc_idea.o
diff -c ./encrypt.c /usr/src/secure/lib/libtelnet/encrypt.c
*** ./encrypt.c Thu Jul 20 04:39:19 1995
--- /usr/src/secure/lib/libtelnet/encrypt.c Thu Sep 5 16:03:18 1996
***************
*** 82,100 ****
int encrypt_debug_mode = 0;
static int decrypt_mode = 0;
static int encrypt_mode = 0;
! static int encrypt_verbose = 0;
! static int autoencrypt = 0;
! static int autodecrypt = 0;
static int havesessionkey = 0;
static int Server = 0;
static char *Name = "Noname";
#define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0)
! static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
! | typemask(ENCTYPE_DES_OFB64);
! static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
! | typemask(ENCTYPE_DES_OFB64);
static long i_wont_support_encrypt = 0;
static long i_wont_support_decrypt = 0;
#define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt)
--- 82,114 ----
int encrypt_debug_mode = 0;
static int decrypt_mode = 0;
static int encrypt_mode = 0;
! static int encrypt_verbose = 1;
! static int autoencrypt = 1;
! static int autodecrypt = 1;
static int havesessionkey = 0;
static int Server = 0;
static char *Name = "Noname";
#define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0)
! static long i_support_encrypt = 0
! #ifdef DES_ENCRYPTION
! | typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64)
! #endif
! #ifdef IDEA_ENCRYPTION
! | typemask(ENCTYPE_IDEA)
! #endif
! |0;
!
! static long i_support_decrypt = 0
! #ifdef DES_ENCRYPTION
! | typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64)
! #endif
! #ifdef IDEA_ENCRYPTION
! | typemask(ENCTYPE_IDEA)
! #endif
! |0;
!
static long i_wont_support_encrypt = 0;
static long i_wont_support_decrypt = 0;
#define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt)
***************
*** 126,131 ****
--- 140,157 ----
ofb64_keyid,
ofb64_printsub },
#endif /* DES_ENCRYPTION */
+ #ifdef IDEA_ENCRYPTION
+ { "IDEA", ENCTYPE_IDEA,
+ idea_encrypt,
+ idea_decrypt,
+ idea_init,
+ idea_start,
+ NULL,
+ NULL,
+ idea_session,
+ NULL,
+ NULL },
+ #endif /* IDEA_ENCRYPTION */
{ 0, },
};
*** /dev/null Thu Sep 5 02:02:14 1996
--- /usr/src/secure/lib/libtelnet/enc_idea.c Thu Sep 5 16:25:05 1996
***************
*** 0 ****
--- 1,102 ----
+ #ifdef ENCRYPTION
+ # ifdef AUTHENTICATION
+ # ifdef IDEA_ENCRYPTION
+ #include <arpa/telnet.h>
+ #include <stdio.h>
+ #ifdef __STDC__
+ #include <stdlib.h>
+ #endif
+
+ #include "encrypt.h"
+ #include "key-proto.h"
+ #include "misc-proto.h"
+ #include "idea.h"
+
+ extern encrypt_debug_mode;
+
+ #define IDEA_IN 0
+ #define IDEA_OUT 1
+
+ char got_session_key=0;
+ struct IdeaCfbContext context[2];
+
+ /*
+ * This is called once when the program starts
+ */
+
+ void idea_init(server)
+ int server;
+ {
+ /* Nothing to do */
+ }
+
+ /*
+ * This is called when we're supposed to start encrypting in a
+ * particular direction.
+ */
+ int idea_start(dir, server)
+ int dir;
+ int server;
+ {
+ if (got_session_key)
+ return 0;
+ else
+ return -1;
+ }
+
+ void idea_encrypt(s, c)
+ unsigned char *s;
+ int c;
+ {
+ /*
+ * XXX: Uh, large values of c will smash the stack...
+ */
+
+ unsigned char outbuf[1024];
+ ideaCfbEncrypt(&context[IDEA_OUT],s,outbuf,c);
+ memcpy(s,outbuf,c);
+ }
+
+ int idea_decrypt(c)
+ int c;
+ {
+ /*
+ * XXX: -1 is supposed to make us "back up". What the hell THAT
+ * is supposed to mean is anyone's guess. -1 will make this
+ * blow up, probably.
+ */
+
+ unsigned char in,out;
+
+ in=c;
+
+ ideaCfbDecrypt(&context[IDEA_IN],&in,&out,1);
+ return out;
+ }
+
+ /*
+ * This is called by the auth layer once per session.
+ * We init _here_ because we need the key to init.
+ */
+ void idea_session(key, server)
+ Session_Key *key;
+ int server;
+ {
+ unsigned char keybuf[16];
+
+ got_session_key=1;
+ /*
+ * No, we're not going to check the damn key type.
+ * We're going to zero the key, then use the first
+ * 16 bytes of whatever gets thrown at us
+ */
+ memset(keybuf,0,16);
+ memcpy(keybuf,key->data,min(16,key->length));
+
+ ideaCfbInit(&context[IDEA_IN],keybuf);
+ ideaCfbInit(&context[IDEA_OUT],keybuf);
+ }
+
+ #endif /* IDEA_ENCRYPTION */
+ #endif /* AUTHENTICATION */
+ #endif /* ENCRYPTION */
*** telnet.h Thu Sep 5 16:55:01 1996
--- /usr/src/include/arpa/telnet.h Thu Sep 5 16:34:52 1996
***************
*** 263,274 ****
#define AUTHTYPE_SPX 3
#define AUTHTYPE_MINK 4
#define AUTHTYPE_CNT 5
#define AUTHTYPE_TEST 99
#ifdef AUTH_NAMES
char *authtype_names[] = {
! "NULL", "KERBEROS_V4", "KERBEROS_V5", "SPX", "MINK", 0,
};
#else
extern char *authtype_names[];
--- 263,275 ----
#define AUTHTYPE_SPX 3
#define AUTHTYPE_MINK 4
+ #define AUTHTYPE_SRA 6
#define AUTHTYPE_CNT 7
#define AUTHTYPE_TEST 99
#ifdef AUTH_NAMES
char *authtype_names[] = {
! "NULL", "KERBEROS_V4", "KERBEROS_V5", "SPX", "MINK", NULL, "SRA", 0,
};
#else
extern char *authtype_names[];
***************
*** 294,300 ****
#define ENCTYPE_ANY 0
#define ENCTYPE_DES_CFB64 1
#define ENCTYPE_DES_OFB64 2
! #define ENCTYPE_CNT 3
#ifdef ENCRYPT_NAMES
char *encrypt_names[] = {
--- 295,302 ----
#define ENCTYPE_ANY 0
#define ENCTYPE_DES_CFB64 1
#define ENCTYPE_DES_OFB64 2
! #define ENCTYPE_IDEA 3
! #define ENCTYPE_CNT 4
#ifdef ENCRYPT_NAMES
char *encrypt_names[] = {
***************
*** 303,309 ****
0,
};
char *enctype_names[] = {
! "ANY", "DES_CFB64", "DES_OFB64", 0,
};
#else
extern char *encrypt_names[];
--- 305,311 ----
0,
};
char *enctype_names[] = {
! "ANY", "DES_CFB64", "DES_OFB64", "IDEA", 0,
};
#else
extern char *encrypt_names[];
*** /dev/null Thu Sep 5 02:02:14 1996
--- idea.pat Thu Sep 5 16:59:15 1996
***************
*** 0 ****
--- 1,59 ----
+ *** idea.c Mon Oct 10 08:58:42 1994
+ --- /usr/src/secure/lib/libtelnet/idea.c Thu Sep 5 10:05:54 1996
+ ***************
+ *** 55,61 ****
+ --- 55,63 ----
+ */
+
+ #include "idea.h"
+ + #if 0 /* PGP */
+ #include "randpool.h"
+ + #endif
+
+ #ifdef IDEA32 /* Use >16-bit temporaries */
+ #define low16(x) ((x) & 0xFFFF)
+ ***************
+ *** 549,554 ****
+ --- 551,557 ----
+ } while (--count);
+ }
+
+ + #if 0 /* PGP needs it but we don't */
+ /********************************************************************/
+
+ /*
+ ***************
+ *** 631,635 ****
+ --- 634,639 ----
+ }
+ return c->outbuf[--c->bufleft];
+ }
+ + #endif /* PGP */
+
+ /* end of idea.c */
+ *** idea.h Fri Jul 15 04:59:00 1994
+ --- /usr/src/secure/lib/libtelnet/idea.h Thu Sep 5 10:06:38 1996
+ ***************
+ *** 46,55 ****
+ byte const *src, byte *dest, int count);
+ void ideaCfbDecrypt(struct IdeaCfbContext *context,
+ byte const *src, byte *dest, int count);
+ void ideaRandInit(struct IdeaRandContext *context, byte const (key[16]),
+ byte const (seed[8]));
+ byte ideaRandByte(struct IdeaRandContext *c);
+ void ideaRandWash(struct IdeaRandContext *c, struct IdeaCfbContext *cfb);
+ void ideaRandState(struct IdeaRandContext *c, byte key[16], byte seed[8]);
+ !
+ #endif /* !IDEA_H */
+ --- 46,56 ----
+ byte const *src, byte *dest, int count);
+ void ideaCfbDecrypt(struct IdeaCfbContext *context,
+ byte const *src, byte *dest, int count);
+ + #if 0 /* PGP needs this but we don't */
+ void ideaRandInit(struct IdeaRandContext *context, byte const (key[16]),
+ byte const (seed[8]));
+ byte ideaRandByte(struct IdeaRandContext *c);
+ void ideaRandWash(struct IdeaRandContext *c, struct IdeaCfbContext *cfb);
+ void ideaRandState(struct IdeaRandContext *c, byte key[16], byte seed[8]);
+ ! #endif /* PGP */
+ #endif /* !IDEA_H */
--
Nick Sayer <nsayer@quack.kfu.com> | "At least I have the artistic talent
N6QQQ @ N0ARY.#NORCAL.CA.USA.NOAM | to put some ascii-art in my .sig"
+1 408 249 9630, log in as 'guest' | -- Andrew Murphy
URL: http://www.kfu.com/~nsayer/ | (new motto of alt.fan.warlord)