[src/trunk]: src/lib/libskey Bring s/key closer to RFC2289 conformance by pul...

[mjl <mjl%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/a2d40299dd7c
branches:  trunk
changeset: 494481:a2d40299dd7c
user:      mjl <mjl%NetBSD.org@localhost>
date:      Thu Jul 06 22:30:18 2000 +0000

description:
Bring s/key closer to RFC2289 conformance by pulling in changes
from OpenBSD to make use of different hash functions possible.
Also factored out some common code pieces, ANSIfied and
corrected SHA1 hash to make the result match up with the
regression examples in above RFC.

diffstat:

 lib/libskey/put.c         |   53 +---
 lib/libskey/shlib_version |    4 +-
 lib/libskey/skey.h        |  103 +++++---
 lib/libskey/skeylogin.c   |  535 ++++++++++++++++++++++++++++++++-------------
 lib/libskey/skeysubr.c    |  487 ++++++++++++++++++++++++++++++-----------
 5 files changed, 813 insertions(+), 369 deletions(-)

diffs (truncated from 1634 to 300 lines):

diff -r fe6a72d6f2c3 -r a2d40299dd7c lib/libskey/put.c
--- a/lib/libskey/put.c Thu Jul 06 20:32:06 2000 +0000
+++ b/lib/libskey/put.c Thu Jul 06 22:30:18 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: put.c,v 1.7 1999/07/02 15:45:23 simonb Exp $   */
+/*     $NetBSD: put.c,v 1.8 2000/07/06 22:30:18 mjl Exp $      */
 
 /* S/KEY v1.1b (put.c)
  *
@@ -15,12 +15,13 @@
 #include <string.h>
 #include <assert.h>
 #include <ctype.h>
+#include <sys/types.h>
 #include "skey.h"
 
-static unsigned int extract __ARGS ((char *s, int start, int length));
-static void standard __ARGS ((char *word));
-static void insert __ARGS ((char *s, int x, int start, int length));
-static int wsrch __ARGS ((char *w, int low, int high));
+static unsigned int extract __P ((char *s, int start, int length));
+static void standard __P ((char *word));
+static void insert __P ((char *s, int x, int start, int length));
+static int wsrch __P ((const char *w, int low, int high));
 
 /* Dictionary for integer-word translations */
 char Wp[2048][4] = {
@@ -2077,10 +2078,7 @@
 /* Encode 8 bytes in 'c' as a string of English words.
  * Returns a pointer to a static buffer
  */
-char *
- btoe (engout, c)
-  char *engout;
-  const char *c;
+char *btoe(char *engout, const char *c)
 {
   char cp[9];                  /* add in room for the parity 2 bits */
   int p, i;
@@ -2117,10 +2115,7 @@
  *        -1 badly formed in put ie > 4 char word
  *        -2 words OK but parity is wrong
  */
-int
- etob (out, e)
-  char *out;
-  const char *e;
+int etob(char *out, const char *e)
 {
   char *word;
   int i, p, v, l, low, high;
@@ -2172,12 +2167,9 @@
 }
 
 /* Display 8 bytes as a series of 16-bit hex digits */
-char *
- put8 (out, s)
-  char *out;
-  const char *s;
+char *put8(char *out, const char *s)
 {
-  sprintf (out, "%02X%02X %02X%02X %02X%02X %02X%02X", /* XXX: sprintf (put8()) appears to be unused */
+  sprintf (out, "%02X%02X %02X%02X %02X%02X %02X%02X",
           s[0] & 0xff, s[1] & 0xff, s[2] & 0xff,
           s[3] & 0xff, s[4] & 0xff, s[5] & 0xff,
           s[6] & 0xff, s[7] & 0xff);
@@ -2188,9 +2180,7 @@
 /* Encode 8 bytes in 'cp' as stream of ascii letters.
  * Provided as a possible alternative to btoe()
  */
-char *
- btoc (cp)
-  char *cp;
+char *btoc(char *cp)
 {
   int i;
   static char out[31];
@@ -2210,10 +2200,7 @@
 /* Internal subroutines for word encoding/decoding */
 
 /* Dictionary binary search */
-static int
- wsrch (w, low, high)
-  char *w;
-  int low, high;
+static int wsrch(const char *w, int low, int high)
 {
   int i, j;
 
@@ -2238,11 +2225,8 @@
       low = i;                 /* Search upper half */
   }
 }
-static void
- insert (s, x, start, length)
-  char *s;
-  int x;
-  int start, length;
+
+static void insert (char *s, int x, int start, int length)
 {
   unsigned char cl;
   unsigned char cc;
@@ -2277,9 +2261,7 @@
   }
 }
 
-static void
- standard (word)
-  char *word;
+static void standard(char *word)
 {
   while (*word)
   {
@@ -2298,10 +2280,7 @@
 }
 
 /* Extract 'length' bits from the char array 's' starting with bit 'start' */
-static unsigned int
- extract (s, start, length)
-  char *s;
-  int start, length;
+static unsigned int extract(char *s, int start, int length)
 {
   unsigned char cl;
   unsigned char cc;
diff -r fe6a72d6f2c3 -r a2d40299dd7c lib/libskey/shlib_version
--- a/lib/libskey/shlib_version Thu Jul 06 20:32:06 2000 +0000
+++ b/lib/libskey/shlib_version Thu Jul 06 22:30:18 2000 +0000
@@ -1,5 +1,5 @@
-#      $NetBSD: shlib_version,v 1.3 1999/02/25 08:02:20 abs Exp $
+#      $NetBSD: shlib_version,v 1.4 2000/07/06 22:30:19 mjl Exp $
 #      Remember to update distrib/sets/lists/base/shl.* when changing
 #
-major=0
+major=1
 minor=0
diff -r fe6a72d6f2c3 -r a2d40299dd7c lib/libskey/skey.h
--- a/lib/libskey/skey.h        Thu Jul 06 20:32:06 2000 +0000
+++ b/lib/libskey/skey.h        Thu Jul 06 22:30:18 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: skey.h,v 1.6 2000/01/23 02:11:02 mycroft Exp $ */
+/*     $NetBSD: skey.h,v 1.7 2000/07/06 22:30:19 mjl Exp $     */
 
 /*
  * S/KEY v1.1b (skey.h)
@@ -10,26 +10,11 @@
  *
  * Modifications:
  *          Scott Chasin <chasin%crimelab.com@localhost>
+ *          Todd C. Miller <Todd.Miller%courtesan.com@localhost>
  *
  * Main client header
  */
 
-#if    defined(__TURBOC__) || defined(__STDC__) || defined(LATTICE)
-#define        ANSIPROTO       1
-#endif
-
-#ifndef        __ARGS
-#ifdef ANSIPROTO
-#define        __ARGS(x)       x
-#else
-#define        __ARGS(x)       ()
-#endif
-#endif
-
-#ifdef SOLARIS
-#define setpriority(x,y,z)      z
-#endif
-
 /* Server-side data structure for reading keys file during login */
 struct skey
 {
@@ -40,8 +25,6 @@
   char *seed;
   char *val;
   long recstart;               /* needed so reread of buffer is efficient */
-
-
 };
 
 /* Client-side structure for scanning data stream for challenge */
@@ -52,26 +35,64 @@
   int cnt;
 };
 
-void f __ARGS ((char *x));
-int keycrunch __ARGS ((char *result, const char *seed, const char *passwd));
-char *btoe __ARGS ((char *engout, const char *c));
-char *put8 __ARGS ((char *out, const char *s));
-int etob __ARGS ((char *out, const char *e));
-void rip __ARGS ((char *buf));
-int skeychallenge __ARGS ((struct skey * mp, const char *name, char *ss, int sslen));
-int skeylookup __ARGS ((struct skey * mp, const char *name));
-int skeyverify __ARGS ((struct skey * mp, char *response));
-void sevenbit __ARGS ((char *s));
-void backspace __ARGS ((char *s));
-const char *skipspace __ARGS ((const char *s));
-char *readpass __ARGS ((char *buf, int n));
-char *readskey __ARGS ((char *buf, int n));
-int skey_authenticate __ARGS ((const char *));
-int skey_passcheck __ARGS ((const char *, char *));
-char *skey_keyinfo __ARGS ((const char *));
-int skey_haskey __ARGS ((const char *));
-int getskeyprompt __ARGS ((struct skey *, char *, char *));
-int atob8 __ARGS((char *, const char *));
-int btoa8 __ARGS((char *, const char *));
-int htoi __ARGS((int));
+/* Maximum sequence number we allow */
+#ifndef SKEY_MAX_SEQ
+#define SKEY_MAX_SEQ           10000
+#endif
+
+/* Minimum secret password length (rfc2289) */
+#ifndef SKEY_MIN_PW_LEN
+#define SKEY_MIN_PW_LEN                10
+#endif
+
+/* Max secret password length (rfc2289 says 63 but allows more) */
+#ifndef SKEY_MAX_PW_LEN
+#define SKEY_MAX_PW_LEN                255
+#endif
+
+/* Max length of an S/Key seed (rfc2289) */
+#ifndef SKEY_MAX_SEED_LEN
+#define SKEY_MAX_SEED_LEN       16
+#endif
+
+/* Max length of S/Key challenge (otp-???? 9999 seed) */
+#ifndef SKEY_MAX_CHALLENGE
+#define SKEY_MAX_CHALLENGE      (11 + SKEY_MAX_HASHNAME_LEN + SKEY_MAX_SEED_LEN)
+#endif
+
+/* Max length of hash algorithm name (md4/md5/sha1/rmd160) */
+#define SKEY_MAX_HASHNAME_LEN  6
+
+/* Size of a binary key (not NULL-terminated) */
+#define SKEY_BINKEY_SIZE                8
 
+/* Location of random file for bogus challenges */
+#define _SKEY_RAND_FILE_PATH_  "/var/db/host.random"
+
+/* Prototypes */
+void f __P ((char *));
+int keycrunch __P ((char *, const char *, const char *));
+char *btoe __P ((char *, const char *));
+char *put8 __P ((char *, const char *));
+int etob __P ((char *, const char *));
+void rip __P ((char *));
+int skeychallenge __P ((struct skey *, const char *, char *, size_t));
+int skeylookup __P ((struct skey *, const char *));
+int skeyverify __P ((struct skey *, char *));
+void sevenbit __P ((char *));
+void backspace __P ((char *));
+const char *skipspace __P ((const char *));
+char *readpass __P ((char *, int));
+char *readskey __P ((char *, int));
+int skey_authenticate __P ((const char *));
+int skey_passcheck __P ((const char *, char *));
+char *skey_keyinfo __P ((const char *));
+int skey_haskey __P ((const char *));
+int getskeyprompt __P ((struct skey *, char *, char *));
+int atob8 __P((char *, const char *));
+int btoa8 __P((char *, const char *));
+int htoi __P((int));
+const char *skey_get_algorithm __P((void));
+const char *skey_set_algorithm __P((const char *));
+int skeygetnext __P((struct skey *));
+int skeyzero __P((struct skey *, char *));
diff -r fe6a72d6f2c3 -r a2d40299dd7c lib/libskey/skeylogin.c
--- a/lib/libskey/skeylogin.c   Thu Jul 06 20:32:06 2000 +0000
+++ b/lib/libskey/skeylogin.c   Thu Jul 06 22:30:18 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: skeylogin.c,v 1.13 2000/04/13 13:25:56 is Exp $        */
+/*     $NetBSD: skeylogin.c,v 1.14 2000/07/06 22:30:19 mjl Exp $       */
 
 /* S/KEY v1.1b (skeylogin.c)
  *
@@ -8,30 +8,33 @@
  *          John S. Walden <jsw%thumper.bellcore.com@localhost>
  *          Scott Chasin <chasin%crimelab.com@localhost>
  *
+ * Modifications:
+ *          Todd C. Miller <Todd.Miller%courtesan.com@localhost>
+ *          Angelos D. Keromytis <adk%adk.gr@localhost>
+ *
  * S/KEY verification check, lookups, and authentication.
  */
 
 #include <sys/param.h>
-#ifdef QUOTA
-#include <sys/quota.h>
-#endif
 #include <sys/stat.h>
 #include <sys/time.h>
-#include <sys/timeb.h>
 #include <sys/resource.h>
+#include <sys/types.h>