lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.SGI.4.44.0208280417570.215259-200000@hexeris>
From: aliver at xexil.com (aliver@...il.com)
Subject: XXT version 2 - Trash talking challege version ;-)

	A big thanks to all who participated in The Trash Talker Challenge
and helped me to make xxt a _much_ better piece of work. How many other
hacks like this can claim such a wide review *grin* ? My original
intention was to "call out" a few people who I thought were talent-less
loudmouths.  However, the people who contacted me about bugs or problems
both in private and on the list were very tactful and talented. Anyway I
wish to thank:

Rain Forest Puppy, Zen Parse (have fun with my 50 bucks!), Steven M.
Christey, Hank Leininger, Daniel Hartmeier, and anyone I forgot who
provided me with feedback, bugfixes, or pointed out errors in the original
release of xxt v1.

Attached is version 2.0 of xxt which has the following features and
changes over 1.0:

o Tried to mitigate race condition in -g by wiping the environment var as
  soon as it's copied. You'll be warned if you try to use -g but it will
  still work as before.

o Checked for NULL pointer when copying the environment variable data.

o Added use of O_EXCL for opening the output file.

o Fixed problem whereby the hash of the key was being reduced to 64bits
  since I was using a char array that was being populated with ascii hex
  values rather than just binary

o Moved the argv trashing loop up so that it happens before any file I/O
  thus a little more quickly. This only effects users who pass the
  keyphrase via the CLI option -k.

o Fixed an issue whereby someone may create a malicious xxt crypted file
  with a bad filesize header. Now I check to make sure the filesize jives
  with the stored header value.

o Checked for access to read & write to file in case someone is dumb
  enough to make this setuid root, also drop any permissions given to
  xxt via a SUID bit (probably superceeding the former).

o Added the -f functionality to use a whole file as the key. The file is
  hashed to a 128 bit key. This is the most secure option for providing a
  key and I would encourage it over -k or -g.

aliver
-------------- next part --------------
/* xxt encryptor by aliver               */
/* Version 2.0                           */
/*                                       */
/* An implementation of xxtea encryption */
/* A very small (code wise) secure block */
/* cipher. Supposedly faster than btea   */
/* and for files of any non-trival size  */
/* it's gonna be way faster than TEA or  */
/* IDEA. At worst it's something like 4x */
/* the speed of DES, and more secure by  */
/* a factor of 2^72 ~ 4.7 x 10^21        */
/* My tests seemed to indicate that xxt  */
/* is about 3x the speed of mcrypt with  */
/* the same options. Not that mcrypt is  */
/* not a great piece of work. It is.     */
/*                                       */
/* The xxtea algorithm was designed by:  */
/* David Wheeler and Roger Needham. Some */
/* code from their publications was used */
/* for some of the encryption portions.  */
/* However it was altered to be 64 bit   */
/* architecture friendly.                */
/*                                       */
/* MD5 Hashing was invented by:          */
/* Professor Ronald Rivest               */
/* I use MD5 to hash the key. The MD5    */
/* implementation here is uses a public  */
/* domain RFC1321 ripoff implementation  */
/* from:                                 */
/* L. Peter Deutsch                      */
/* so the RSA folks can't claim I owe    */
/* them anything.                        */
/*****************************************/
/* I'd like to thank the following folks */
/* Rain Forest Puppy, Zen Parse, Steven  */
/* M. Christey, Hank Leininger, Daniel   */
/* Hartmeier, and anyone I forgot who    */
/* provided me with feedback, bugfixes,  */
/* or pointed out errors in the original */
/* release of xxt                        */
/*****************************************/
/* CHANGE LOG - CHANGE LOG - CHANGE LOG  */
/* Version 2                             */
/* o Tried to mitigate race condition in */
/*   -g by wiping the environment var as */
/*   soon as it's copied.                */
/* o Checked for NULL pointer on -g      */
/* o Added use of O_EXCL for opening the */
/*   output file.                        */
/* o Fixed problem whereby the hash of   */
/*   the key was being reduced to 64bits */
/*   since I was using a char array that */
/*   was being populated with ascii hex  */
/*   values rather than just binary      */
/* o Moved the argv trashing loop up so  */
/*   that it happens before any file I/O */
/* o Fixed an issue whereby someone may  */
/*   create a malicious xxt crypted file */
/*   with a bad filesize header. Now I   */
/*   check for this.                     */
/* o Checked for access to read & write  */
/*   to file in case someone is dumb     */
/*   enough to make this setuid root     */
/* o Added the -f functionality to use a */
/*   whole file as the key. The file is  */
/*   hashed to a 128 bit key.            */
/*****************************************/
/* Compile with cc -O3 -o xxt xxt.c      */
/* "xxt -h" for help, after that         */
/* tested on IRIX, Solaris, Linux        */
/* NetBSD, and AIX                       */


#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <inttypes.h>
#include <string.h>
#include <errno.h>
#include <time.h>
#include <netinet/in.h>

long btea( int32_t * v, int32_t n , int32_t * k );
char * memncat(char *binstr_a,int size_a,char *binstr_b,int size_b);
char * cnp(char *bytestream, int block, int size);
void showhelp(void);

#define MX (z>>5^y<<2)+(y>>3^z<<4)^(sum^y)+(k[p&3^e]^z) ;

/* most of the MD5 hashing stuff is from L. Peter Deutsch */
/* see his notice at the bottom along with the algorithm  */
#ifndef md5_INCLUDED
#define md5_INCLUDED
typedef unsigned char md5_byte_t; /* 8-bit byte */
typedef unsigned int md5_word_t;  /* 32-bit word */
typedef struct md5_state_s {
    md5_word_t count[2];
    md5_word_t abcd[4];
    md5_byte_t buf[64];
}
md5_state_t;

void md5_init(md5_state_t *pms);
void md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes);
void md5_finish(md5_state_t *pms, md5_byte_t digest[16]);
#endif

/* you can get some trival speedups with MSB if you define this right */
#undef BYTE_ORDER	/* 1 = big-endian, -1 = little-endian, 0 = unknown */
#ifdef ARCH_IS_BIG_ENDIAN
#  define BYTE_ORDER (ARCH_IS_BIG_ENDIAN ? 1 : -1)
#else
#  define BYTE_ORDER 0
#endif

#define T_MASK ((md5_word_t)~0)
#define T1 /* 0xd76aa478 */ (T_MASK ^ 0x28955b87)
#define T2 /* 0xe8c7b756 */ (T_MASK ^ 0x173848a9)
#define T3    0x242070db
#define T4 /* 0xc1bdceee */ (T_MASK ^ 0x3e423111)
#define T5 /* 0xf57c0faf */ (T_MASK ^ 0x0a83f050)
#define T6    0x4787c62a
#define T7 /* 0xa8304613 */ (T_MASK ^ 0x57cfb9ec)
#define T8 /* 0xfd469501 */ (T_MASK ^ 0x02b96afe)
#define T9    0x698098d8
#define T10 /* 0x8b44f7af */ (T_MASK ^ 0x74bb0850)
#define T11 /* 0xffff5bb1 */ (T_MASK ^ 0x0000a44e)
#define T12 /* 0x895cd7be */ (T_MASK ^ 0x76a32841)
#define T13    0x6b901122
#define T14 /* 0xfd987193 */ (T_MASK ^ 0x02678e6c)
#define T15 /* 0xa679438e */ (T_MASK ^ 0x5986bc71)
#define T16    0x49b40821
#define T17 /* 0xf61e2562 */ (T_MASK ^ 0x09e1da9d)
#define T18 /* 0xc040b340 */ (T_MASK ^ 0x3fbf4cbf)
#define T19    0x265e5a51
#define T20 /* 0xe9b6c7aa */ (T_MASK ^ 0x16493855)
#define T21 /* 0xd62f105d */ (T_MASK ^ 0x29d0efa2)
#define T22    0x02441453
#define T23 /* 0xd8a1e681 */ (T_MASK ^ 0x275e197e)
#define T24 /* 0xe7d3fbc8 */ (T_MASK ^ 0x182c0437)
#define T25    0x21e1cde6
#define T26 /* 0xc33707d6 */ (T_MASK ^ 0x3cc8f829)
#define T27 /* 0xf4d50d87 */ (T_MASK ^ 0x0b2af278)
#define T28    0x455a14ed
#define T29 /* 0xa9e3e905 */ (T_MASK ^ 0x561c16fa)
#define T30 /* 0xfcefa3f8 */ (T_MASK ^ 0x03105c07)
#define T31    0x676f02d9
#define T32 /* 0x8d2a4c8a */ (T_MASK ^ 0x72d5b375)
#define T33 /* 0xfffa3942 */ (T_MASK ^ 0x0005c6bd)
#define T34 /* 0x8771f681 */ (T_MASK ^ 0x788e097e)
#define T35    0x6d9d6122
#define T36 /* 0xfde5380c */ (T_MASK ^ 0x021ac7f3)
#define T37 /* 0xa4beea44 */ (T_MASK ^ 0x5b4115bb)
#define T38    0x4bdecfa9
#define T39 /* 0xf6bb4b60 */ (T_MASK ^ 0x0944b49f)
#define T40 /* 0xbebfbc70 */ (T_MASK ^ 0x4140438f)
#define T41    0x289b7ec6
#define T42 /* 0xeaa127fa */ (T_MASK ^ 0x155ed805)
#define T43 /* 0xd4ef3085 */ (T_MASK ^ 0x2b10cf7a)
#define T44    0x04881d05
#define T45 /* 0xd9d4d039 */ (T_MASK ^ 0x262b2fc6)
#define T46 /* 0xe6db99e5 */ (T_MASK ^ 0x1924661a)
#define T47    0x1fa27cf8
#define T48 /* 0xc4ac5665 */ (T_MASK ^ 0x3b53a99a)
#define T49 /* 0xf4292244 */ (T_MASK ^ 0x0bd6ddbb)
#define T50    0x432aff97
#define T51 /* 0xab9423a7 */ (T_MASK ^ 0x546bdc58)
#define T52 /* 0xfc93a039 */ (T_MASK ^ 0x036c5fc6)
#define T53    0x655b59c3
#define T54 /* 0x8f0ccc92 */ (T_MASK ^ 0x70f3336d)
#define T55 /* 0xffeff47d */ (T_MASK ^ 0x00100b82)
#define T56 /* 0x85845dd1 */ (T_MASK ^ 0x7a7ba22e)
#define T57    0x6fa87e4f
#define T58 /* 0xfe2ce6e0 */ (T_MASK ^ 0x01d3191f)
#define T59 /* 0xa3014314 */ (T_MASK ^ 0x5cfebceb)
#define T60    0x4e0811a1
#define T61 /* 0xf7537e82 */ (T_MASK ^ 0x08ac817d)
#define T62 /* 0xbd3af235 */ (T_MASK ^ 0x42c50dca)
#define T63    0x2ad7d2bb
#define T64 /* 0xeb86d391 */ (T_MASK ^ 0x14792c6e)


int main (int argc, char *argv[]) {
    extern char *optarg;
    extern int  optind;
    extern int errno;
    int c;
    int i;
    int j;
    int sl;
    int debug = 0;
    int unlinkit = 0;
    int use_out = 0;
    int use_kp  = 0;
    int use_ke  = 0;
    int first_block = 1;
    int fd_in;
    int fd_out;
    int encrypt = 0;
    int decrypt = 0;
    int bl = 0;
    int bytes_read;
    int pad = 0;
    int noumask = 0;
    int trnd = 0;
    int uid;
    int use_file = 0;
    uint32_t randpad[16];
    uint32_t hash[8];
    uint32_t filesize = 0;
    uint32_t filesize_msb = 0;
    uint32_t read_filesize_msb = 0;
    uint32_t read_filesize = 0;
    uint32_t bsf = 0;
    char *in_file = NULL;
    char *out_file = NULL;
    char *keyphrase = NULL;
    char *keyenv = NULL;
    char *keyfile = NULL;
    char *kf_all = NULL;
    char fb_buffer[64];
    /* u_char *plaintext = NULL; */
    u_char plaintext[64];
    struct stat statbuf;
    md5_state_t state;
    md5_byte_t digest[32];

    /* drop any privileges given to us by someone dumb enough to */
    /* make xxt a SUID program                                   */
    uid = getuid();
    setuid(uid);

    while( (c = getopt(argc,argv,"i:o:k:g:f:hxdeuv")) != -1 ) {
        switch(c) {
        case 'h':
            showhelp();
            break;
        case 'v':
            debug = 1;
            break;
        case 'i':
            if(NULL == (in_file = (char *) malloc(strlen(optarg) + 2))) {
                fprintf(stderr,"FATAL: cannot allocate memory.\n");
                exit(1);
            }
            strncpy(in_file,optarg,strlen(optarg) + 1);
            break;
        case 'o':
            use_out = 1;
            if(NULL == (out_file = (char *) malloc(strlen(optarg) + 2))) {
                fprintf(stderr,"FATAL: cannot allocate memory.\n");
                exit(1);
            }
            strncpy(out_file,optarg,strlen(optarg) + 1);
            break;
        case 'f':
            use_file = 1;
            if(NULL == (keyfile = (char *) malloc(strlen(optarg) + 2))) {
                fprintf(stderr,"FATAL: cannot allocate memory.\n");
                exit(1);
            }
            strncpy(keyfile,optarg,strlen(optarg) + 1);
            break;
        case 'k':
            fprintf(stderr,"WARNING: using a keyphrase from the command line can be insecure.\n");
            use_kp = 1;
            if(NULL == (keyphrase = (char *) malloc(strlen(optarg) + 2))) {
                fprintf(stderr,"FATAL: cannot allocate memory.\n");
                exit(1);
            }
            strncpy(keyphrase,optarg,strlen(optarg) + 1);
            break;
        case 'g':
            /* my overall opinion is that using -g or -k can be */
            /* insecure. Even though I do my best to mitigate   */
            /* the problems associated with using getenv() here */
            /* by wiping the environment var afterwards, it's   */
            /* still a little vulnerable to a race condition    */
            /* So, I think it's prudent that I warn the user on */
            /* the use of this now, too.                        */
            fprintf(stderr,"Warning: use of -g can be insecure; use -f instead.\n");
            use_ke = 1;
            if(NULL == (keyenv = getenv(optarg))) {
                fprintf(stderr,"FATAL: Your environment variable was null. No keyphrase found.\n");
                exit(1);
            }
            if(NULL == (keyphrase = (char *) malloc(strlen(keyenv) + 2))) {
                fprintf(stderr,"FATAL: cannot allocate memory.\n");
                exit(1);
            }
            strncpy(keyphrase,keyenv,strlen(keyenv) + 1);
            /* get rid of the environment variable ASAP */
            /* since it can be seen in the 'ps' output  */
            unsetenv(optarg);
            break;
        case 'd':
            decrypt = 1;
            break;
        case 'e':
            encrypt = 1;
            break;
        case 'u':
            unlinkit = 1;
            break;
        case 'x':
            noumask = 1;
            break;
        } /* end of switch() */
    } /* end of while getopt() */

    /* try to pull a fast one and wipe the arguments */
    /* a person could still try and race to get them */
    /* but it'd be pretty tough (NOT impossible) I'm */
    /* just making it harder, but I'm not going to   */
    /* say that this makes it a totally secure way   */
    /* to make passing the key on the command line a */
    /* sane or good idea.                            */
    for (i = 1; i < argc; ++i) {
        sl = strlen(argv[i]);
        for (j = 0; j < sl; ++j)
            argv[i][j] = 0;
    }

    /* you must use a key file or a key phrase or a key variable */
    if(!use_kp && !use_ke && !use_file) {
        fprintf(stderr,"FATAL: I wont encrypt without a key!\n\n");
        showhelp();
        exit(1);
    }

    /* one mode, and only one mode. */
    if((decrypt && encrypt) || (!encrypt && !decrypt)) {
        fprintf(stderr,"FATAL: Your encrypt/decrypt options are missing or do not make sense.\n");
        exit(1);
    }

    if(keyfile != NULL) {
        if(-1 == (stat(keyfile,&statbuf))) {
            fprintf(stderr,"FATAL: cannot stat the key file!\n");
            exit(1);
        }
        if(statbuf.st_size == (off_t) 0) {
            fprintf(stderr,"FATAL: Keyfile is 0 bytes. This will not fly.\n");
            exit(1);
        }
        if(statbuf.st_size > 10000) {
            fprintf(stderr,"Notice: your keyfile is large enough that it will slow down xxt\n");
        }
        if(-1 == access(keyfile,R_OK)) {
            fprintf(stderr,"FATAL: access denied while trying to read %s: %s\n"
                    ,in_file
                    ,strerror(errno));
            exit(1);
        }
        if(!noumask)
            umask(077);
        if(-1 == (fd_in = open(keyfile,O_RDONLY))) {
            fprintf(stderr,"FATAL: Cannot open() the file: %s\n",strerror(errno));
            exit(1);
        } else {
            if(NULL == (kf_all = (char *) malloc(statbuf.st_size))) {
                fprintf(stderr,"FATAL: cannot allocate memory for keyfile. Too big?\n");
            }
            i = read(fd_in, kf_all, statbuf.st_size);
            if(i == (int) NULL || i != statbuf.st_size) {
                fprintf(stderr,"FATAL: Strangely enough I could not read the keyfile correctly.\n");
                exit(1);
            }
        }
        md5_init(&state);
        md5_append(&state, (const md5_byte_t *) kf_all, strlen(kf_all));
        md5_finish(&state, digest);
        memcpy(hash,digest, 32);
        close(fd_in);
        /* get this clear text out of memory asap */
        memset(kf_all,0,statbuf.st_size);
        free(kf_all);
    }

    /* They must give us an input file, and it must */
    /* be statable and readable by us or we fail    */
    if(in_file != NULL) {
        if(-1 == (stat(in_file,&statbuf))) {
            fprintf(stderr,"FATAL: cannot stat the input file!\n");
            exit(1);
        }
        if(statbuf.st_size == (off_t) 0) {
            fprintf(stderr,"FATAL: WTF are you encrypting an empty file for?\n");
            exit(1);
        } else {
            (off_t) filesize = statbuf.st_size;
            filesize_msb = htonl(filesize);
        }
        if(-1 == access(in_file,R_OK)) {
            fprintf(stderr,"FATAL: access denied while trying to read %s: %s\n"
                    ,in_file
                    ,strerror(errno));
            exit(1);
        }
        if(!noumask)
            umask(077);
        if(-1 == (fd_in = open(in_file,O_RDONLY))) {
            fprintf(stderr,"FATAL: Cannot open() the file.\n\t%s\n",strerror(errno));
            exit(1);
        }
    } else {
        fprintf(stderr,"FATAL: no input file!\n");
        exit(1);
    }

    /* if they didn't provide an out file, let's use */
    /* in_file.xxt as the out_file name              */
    if(out_file == NULL) {
        use_out = 1;
        if(NULL == (out_file = (char *) malloc(strlen(in_file) + 6))) {
            fprintf(stderr,"FATAL: cannot allocate memory.\n");
            exit(1);
        }
        snprintf(out_file,strlen(in_file) + 6,"%s.xxt",in_file);
        if(!noumask)
            umask(077);
        if(-1 == (fd_out = open(out_file,O_WRONLY|O_CREAT|O_EXCL,00600))) {
            fprintf(stderr,"FATAL: cannot open the output file %s for writing.\n\t%s\n"
                    ,out_file
                    ,strerror(errno));
            exit(1);
        }
    } else {
        if(!noumask)
            umask(077);
        if(-1 == (fd_out = open(out_file,O_WRONLY|O_CREAT|O_EXCL,00600))) {
            fprintf(stderr,"FATAL: cannot open the output file %s for writing.\n\t%s\n"
                    ,out_file
                    ,strerror(errno));
            exit(1);
        }
    }

    /* create some random bytes that we may want to */
    /* use later on for padding, depending on the   */
    /* length of the input it may or may not get    */
    /* used. The maximum we may need for padding is */
    /* going to be 64 bytes. (the block size)       */
    for(i = 0; i < 16; i++) {
        srand(i);
        trnd = rand();
        srand((int)time(0) + getpid() + i + trnd);
        randpad[i] = rand();
    }

    if(!use_file) {
        memset(&hash,0,32);
        /* lets hash the keys. We get a 256 bit hash    */
        /* from md5, but xxtea takes a 128 bit key so   */
        /* the hash will be truncated to the first      */
        /* by nature of the algorithm itself 128 bits   */
        md5_init(&state);
        md5_append(&state, (const md5_byte_t *) keyphrase, strlen(keyphrase));
        md5_finish(&state, digest);
        memcpy(hash,digest, 32);
    }
    /* show a summary of args if we are in verbose mode */
    if(debug) {
        printf("---=[  Your option summary ]=--- \n");
        printf("INFILE    == %s\n",in_file);
        printf("OUTFILE   == %s\n",out_file);
        printf("UNLINK    == %d\n",unlinkit);
    }

    if(encrypt) {
        while(first_block) {
            bytes_read = read(fd_in,plaintext,60);
            if(bytes_read == -1) {
                printf("FATAL:  Problem reading input file.\n\t%s\n",strerror(errno));
                exit(1);
            }
            /* if the initial input isn't at least 60 bytes */
            /* we are going to have to pad it. */
            if(bytes_read != 60) {
                pad = 60 - bytes_read ;
                memcpy(plaintext+bytes_read,randpad,pad);
            }
            memcpy(fb_buffer, &filesize_msb, 4);
            memcpy(fb_buffer+4, plaintext, 60);
            btea((int32_t *) fb_buffer, 16, (int32_t *) hash);
            write(fd_out,(char *) fb_buffer,64);
            first_block = 0;
        }
        while( (bytes_read = read(fd_in,plaintext,64)) ) {
            if(bytes_read == 64) {
                btea((int32_t *) plaintext, 16, (int32_t *) hash);
                write(fd_out,(char *) plaintext,64);
            } else {
                pad = 64 - bytes_read;
                memcpy(plaintext+bytes_read,randpad,pad);
                btea((int32_t *) plaintext, 16, (int32_t *) hash);
                write(fd_out,(char *) plaintext,64);
            }
        }
    } else if(decrypt) {
        while(first_block) {
            read(fd_in,plaintext,64);
            btea((int32_t *) plaintext, -16, (int32_t *) hash);
            memcpy(&read_filesize_msb,plaintext,4);
            read_filesize = ntohl(read_filesize_msb);
            /* now that we know the filesize. Let's calculate if the */
            /* in file actually matches it. This is an attempt to    */
            /* avoid someone making an "evil" xxt and creating files */
            /* to crash someone elses "good" version and/or create   */
            /* monster files.                                        */
            pad = (64 - (read_filesize) % 64);
            if(pad < 4) {
                pad += 64;
                i = read_filesize ;
            } else {
                i = read_filesize;
            }
            if(filesize != (i + pad)) {
                fprintf(stderr,"FATAL: the file size in the header is mismatched with the actual size.\n");
                exit(1);
            }
            if(read_filesize >= 60) {
                write(fd_out,(char *) plaintext+4,60);
            } else {
                write(fd_out,(char *) plaintext+4,read_filesize);
            }
            bsf += 64;
            first_block = 0;
        }
        while(0 != (bytes_read = read(fd_in,plaintext,64)) ) {
            btea((int32_t *) plaintext, -16, (int32_t *) hash);
            bsf += 64;
            if(bsf < (read_filesize + 4) && read_filesize > 64) {
                write(fd_out,(char *) plaintext,64);
            } else {
                bl = 64 - (bsf - (read_filesize + 4)); /* calc how much is really left */
                write(fd_out,(char *) plaintext,bl);
            }
        }
    }

    /* if they want to delete the infile */
    if(unlinkit)
        unlink(in_file);

    /* free dynamically allocated memory and zero out the contents to */
    /* try to make recovery of information about what we did harder   */
    memset(in_file,0,strlen(in_file));
    free(in_file);
    if(use_kp || use_ke) {
        memset(keyphrase,0,strlen(keyphrase));
        free(keyphrase);
    }
    if(use_out) {
        memset(out_file,0,strlen(out_file));
        free(out_file);
    }
    if(use_file) {
        memset(keyfile,0,strlen(keyfile));
        free(keyfile);
    }
    close(fd_out);
    close(fd_in);
    return(0);
}

void showhelp(void) {
    printf("\nxxt - an xxtea based variable block-mode file encryptor.\n");
    printf("by aliver\n\n");
    printf("+---=[ Options ]=--------------------------+\n");
    printf("|                                          |\n");
    printf("| -h print help        -v be verbose       |\n");
    printf("| -i input_file        -o output_file      |\n");
    printf("| -k keyphrase         -g key env_variable |\n");
    printf("| -u unlink input_file after encryption    |\n");
    printf("| -x dont set umask to a safe value        |\n");
    printf("| Example:                                 |\n");
    printf("| \"xxt -k secretpass -i test -u\"           |\n");
    printf("| You get \"test.xxt\" and deletes \"test\"    |\n");
    printf("|                                          |\n");
    printf("+------------------------------------------+\n");

}


/* nearly all the following xxtea crypto */
/* code from the post script             */
/* by David Wheeler and Roger Needham    */
/* I've altered it to be more portable   */
/* on 64 bit platforms by making use of  */
/* definitions in stdint.h               */
long btea( int32_t * v, int32_t n , int32_t * k ) {
    uint32_t z=v[n-1], y=v[0], sum=0,e,
                                   DELTA=0x9e3779b9 ;
    int32_t p, q ;
    if ( n>1) {
        /* Coding Part */
        q = 6+52/n ;
        while ( q-- > 0 ) {
            sum += DELTA ;
            e = sum >> 2&3 ;
            for ( p = 0 ; p < n-1 ; p++ )
                y = v[p+1],
                    z = v[p] += MX
                                y = v[0] ;
            z = v[n-1] += MX
                      }
                      return 0 ;
    }
    /* Decoding Part */
    else if ( n <-1 ) {
        n = -n ;
        q = 6+52/n ;
        sum = q*DELTA ;
        while (sum != 0) {
            e = sum>>2 & 3 ;
            for (p = n-1 ; p > 0 ; p-- )
                z = v[p-1],
                    y = v[p] -= MX
                                z = v[n-1] ;
            y = v[0] -= MX
                        sum -= DELTA ;
        }
        return 0 ;
    }
    return 1 ;
} /* Signal n=0,1,-1 */



/* MD5 algorithm used to hash the keys given to xxt */
/* This source code has been altered to better suit */
/* my purposes (speed, and formatting) and I am now */
/* declaring it so nobody has a fit about it. Now   */
/* you can read Peter's notice below. It only       */
/* applies to the MD5 hashing part of xxt !         */

/*
  Copyright (C) 1999, 2000, 2002 Aladdin Enterprises.  All rights reserved.
 
  This software is provided 'as-is', without any express or implied
  warranty.  In no event will the authors be held liable for any damages
  arising from the use of this software.
 
  Permission is granted to anyone to use this software for any purpose,
  including commercial applications, and to alter it and redistribute it
  freely, subject to the following restrictions:
 
  1. The origin of this software must not be misrepresented; you must not
     claim that you wrote the original software. If you use this software
     in a product, an acknowledgment in the product documentation would be
     appreciated but is not required.
  2. Altered source versions must be plainly marked as such, and must not be
     misrepresented as being the original software.
  3. This notice may not be removed or altered from any source distribution.
 
  L. Peter Deutsch
  ghost@...ddin.com
 
 */

static void md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/) {
    md5_word_t
    a = pms->abcd[0], b = pms->abcd[1],
                          c = pms->abcd[2], d = pms->abcd[3];
    md5_word_t t;
#if BYTE_ORDER > 0
    /* Define storage only for big-endian CPUs. */
    md5_word_t X[16];
#else
/* Define storage for little-endian or both types of CPUs. */
    md5_word_t xbuf[16];
    const md5_word_t *X;
#endif

    {
#if BYTE_ORDER == 0
        /*
         * Determine dynamically whether this is a big-endian or
         * little-endian machine, since we can use a more efficient
         * algorithm on the latter.
         */
        static const int w = 1;

        if (*((const md5_byte_t *)&w)) /* dynamic little-endian */
#endif
#if BYTE_ORDER <= 0		/* little-endian */ 
{
            /*
             * On little-endian machines, we can process properly aligned
             * data without copying it.
             */
            if (!((data - (const md5_byte_t *)0) & 3)) {
                /* data are properly aligned */
                X = (const md5_word_t *)data;
            } else {
                /* not aligned */
                memcpy(xbuf, data, 64);
                X = xbuf;
            }
    }
#endif
#if BYTE_ORDER == 0
    else			/* dynamic big-endian */
#endif
#if BYTE_ORDER >= 0		/* big-endian */ 
{
        /*
         * On big-endian machines, we must arrange the bytes in the
         * right order.
         */
        const md5_byte_t *xp = data;
    int i;

#  if BYTE_ORDER == 0
    X = xbuf;		/* (dynamic only) */
#  else
#    define xbuf X		/* (static only) */
#  endif
    for (i = 0; i < 16; ++i, xp += 4)
        xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24);
}
#endif
}

#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n))))

/* Round 1. */
/* Let [abcd k s i] denote the operation
   a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */
#define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
#define SET(a, b, c, d, k, s, Ti)\
t = a + F(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d,  0,  7,  T1);
SET(d, a, b, c,  1, 12,  T2);
SET(c, d, a, b,  2, 17,  T3);
SET(b, c, d, a,  3, 22,  T4);
SET(a, b, c, d,  4,  7,  T5);
SET(d, a, b, c,  5, 12,  T6);
SET(c, d, a, b,  6, 17,  T7);
SET(b, c, d, a,  7, 22,  T8);
SET(a, b, c, d,  8,  7,  T9);
SET(d, a, b, c,  9, 12, T10);
SET(c, d, a, b, 10, 17, T11);
SET(b, c, d, a, 11, 22, T12);
SET(a, b, c, d, 12,  7, T13);
SET(d, a, b, c, 13, 12, T14);
SET(c, d, a, b, 14, 17, T15);
SET(b, c, d, a, 15, 22, T16);
#undef SET

/* Round 2. */
/* Let [abcd k s i] denote the operation
     a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */
#define G(x, y, z) (((x) & (z)) | ((y) & ~(z)))
#define SET(a, b, c, d, k, s, Ti)\
t = a + G(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d,  1,  5, T17);
SET(d, a, b, c,  6,  9, T18);
SET(c, d, a, b, 11, 14, T19);
SET(b, c, d, a,  0, 20, T20);
SET(a, b, c, d,  5,  5, T21);
SET(d, a, b, c, 10,  9, T22);
SET(c, d, a, b, 15, 14, T23);
SET(b, c, d, a,  4, 20, T24);
SET(a, b, c, d,  9,  5, T25);
SET(d, a, b, c, 14,  9, T26);
SET(c, d, a, b,  3, 14, T27);
SET(b, c, d, a,  8, 20, T28);
SET(a, b, c, d, 13,  5, T29);
SET(d, a, b, c,  2,  9, T30);
SET(c, d, a, b,  7, 14, T31);
SET(b, c, d, a, 12, 20, T32);
#undef SET

/* Round 3. */
/* Let [abcd k s t] denote the operation
     a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define SET(a, b, c, d, k, s, Ti)\
t = a + H(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d,  5,  4, T33);
SET(d, a, b, c,  8, 11, T34);
SET(c, d, a, b, 11, 16, T35);
SET(b, c, d, a, 14, 23, T36);
SET(a, b, c, d,  1,  4, T37);
SET(d, a, b, c,  4, 11, T38);
SET(c, d, a, b,  7, 16, T39);
SET(b, c, d, a, 10, 23, T40);
SET(a, b, c, d, 13,  4, T41);
SET(d, a, b, c,  0, 11, T42);
SET(c, d, a, b,  3, 16, T43);
SET(b, c, d, a,  6, 23, T44);
SET(a, b, c, d,  9,  4, T45);
SET(d, a, b, c, 12, 11, T46);
SET(c, d, a, b, 15, 16, T47);
SET(b, c, d, a,  2, 23, T48);
#undef SET

/* Round 4. */
/* Let [abcd k s t] denote the operation
     a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */
#define I(x, y, z) ((y) ^ ((x) | ~(z)))
#define SET(a, b, c, d, k, s, Ti)\
t = a + I(b,c,d) + X[k] + Ti;\
a = ROTATE_LEFT(t, s) + b
/* Do the following 16 operations. */
SET(a, b, c, d,  0,  6, T49);
SET(d, a, b, c,  7, 10, T50);
SET(c, d, a, b, 14, 15, T51);
SET(b, c, d, a,  5, 21, T52);
SET(a, b, c, d, 12,  6, T53);
SET(d, a, b, c,  3, 10, T54);
SET(c, d, a, b, 10, 15, T55);
SET(b, c, d, a,  1, 21, T56);
SET(a, b, c, d,  8,  6, T57);
SET(d, a, b, c, 15, 10, T58);
SET(c, d, a, b,  6, 15, T59);
SET(b, c, d, a, 13, 21, T60);
SET(a, b, c, d,  4,  6, T61);
SET(d, a, b, c, 11, 10, T62);
SET(c, d, a, b,  2, 15, T63);
SET(b, c, d, a,  9, 21, T64);
#undef SET

/* Then perform the following additions. (That is increment each
   of the four registers by the value it had before this block
   was started.) */
pms->abcd[0] += a;
                pms->abcd[1] += b;
                                pms->abcd[2] += c;
                                                pms->abcd[3] += d;
                                                                }

                                                                void md5_init(md5_state_t *pms) {
                                                                    pms->count[0] = pms->count[1] = 0;
                                                                    pms->abcd[0] = 0x67452301;
                                                                    pms->abcd[1] = /*0xefcdab89*/ T_MASK ^ 0x10325476;
                                                                    pms->abcd[2] = /*0x98badcfe*/ T_MASK ^ 0x67452301;
                                                                    pms->abcd[3] = 0x10325476;
                                                                }

                                                                void md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes) {
                                                                    const md5_byte_t *p = data;
                                                                    int left = nbytes;
                                                                    int offset = (pms->count[0] >> 3) & 63;
                                                                    md5_word_t nbits = (md5_word_t)(nbytes << 3);

                                                                    if (nbytes <= 0)
                                                                        return;

                                                                    /* Update the message length. */
                                                                    pms->count[1] += nbytes >> 29;
                                                                    pms->count[0] += nbits;
                                                                    if (pms->count[0] < nbits)
                                                                        pms->count[1]++;

                                                                    /* Process an initial partial block. */
                                                                    if (offset) {
                                                                        int copy = (offset + nbytes > 64 ? 64 - offset : nbytes);

                                                                        memcpy(pms->buf + offset, p, copy);
                                                                        if (offset + copy < 64)
                                                                            return;
                                                                        p += copy;
                                                                        left -= copy;
                                                                        md5_process(pms, pms->buf);
                                                                    }

                                                                    /* Process full blocks. */
                                                                    for (; left >= 64; p += 64, left -= 64)
                                                                        md5_process(pms, p);

                                                                    /* Process a final partial block. */
                                                                    if (left)
                                                                        memcpy(pms->buf, p, left);
                                                                }

                                                                void md5_finish(md5_state_t *pms, md5_byte_t digest[16]) {
                                                                    static const md5_byte_t pad[64] = {
                                                                                                          0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
                                                                                                          0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
                                                                                                          0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
                                                                                                          0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
                                                                                                      };
                                                                    md5_byte_t data[8];
                                                                    int i;

                                                                    /* Save the length before padding. */
                                                                    for (i = 0; i < 8; ++i)
                                                                        data[i] = (md5_byte_t)(pms->count[i >> 2] >> ((i & 3) << 3));
                                                                    /* Pad to 56 bytes mod 64. */
                                                                    md5_append(pms, pad, ((55 - (pms->count[0] >> 3)) & 63) + 1);
                                                                    /* Append the length. */
                                                                    md5_append(pms, data, 8);
                                                                    for (i = 0; i < 16; ++i)
                                                                        digest[i] = (md5_byte_t)(pms->abcd[i >> 2] >> ((i & 3) << 3));
                                                                }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ