- C_Block key; /* The key for DES en/decryption */
- Key_schedule sched; /* En/decryption schedule */
- static char decrypt[BUFSIZ]; /* Buffer to hold decrypted information */
- long decrypt_len; /* Length of decypted ID information */
- char recrypt[14]; /* Buffer to hold re-encrypted information */
- static char hashid[14]; /* Buffer to hold one-way encrypted ID */
- char idnumber[BUFSIZ]; /* Buffer to hold plain-text ID */
- char *temp; /* A temporary string pointer */
- int len; /* Keeps track of length left in packet */
- int status = SUCCESS; /* Error status */
-
-#ifdef DEBUG
- com_err(whoami, 0, "Entering parse_encrypted");
-#endif
-
- /* Make the decrypted information length the same as the encrypted
- information length. Both are integral multples of eight bytes
- because of the DES encryption routines. */
- decrypt_len = (long)message->encrypted_len;
-
- /* Get key from the one-way encrypted ID in the Moira database */
- string_to_key(data->mit_id, key);
- /* Get schedule from key */
- key_sched(key, sched);
- /* Decrypt information from packet using this key. Since decrypt_len
- is an integral multiple of eight bytes, it will probably be null-
- padded. */
- pcbc_encrypt(message->encrypted,decrypt, decrypt_len, sched, key, DECRYPT);
-
- /* Extract the plain text and encrypted ID fields from the decrypted
- packet information. */
- /* Since the decrypted information starts with the plain-text ID
- followed by a null, if the decryption worked, this will only
- copy the plain text part of the decrypted information. It is
- important that strncpy be used because if we are not using the
- correct key, there is no guarantee that a null will occur
- anywhere in the string. */
- (void) strncpy(idnumber,decrypt,(int)decrypt_len);
- /* Point temp to the end of the plain text ID number. */
- temp = decrypt + strlen(idnumber) + 1;
- /* Find out how much more packet there is. */
- len = message->encrypted_len - (temp - decrypt);
- /* Copy the next CRYPT_LEN bytes of the decrypted information into
- hashid if there are CRYPT_LEN more bytes to copy. There will be
- if we have the right key. */
- (void) strncpy(hashid, temp, min(len, CRYPT_LEN));
- /* Point temp to the end of the encrypted ID field */
- temp += strlen(hashid) + 1;
- /* Find out how much more room there is. */
- len = message->encrypted_len - (temp - decrypt);
-
- /* Now compare encrypted ID's don't match. */
- if (strcmp(hashid, data->mit_id)) status = FAILURE;
- if (status == SUCCESS)
- {
- EncryptID(recrypt, idnumber, message->first, message->last);
- /* Now compare encrypted plain text to ID from database. */
- if (strcmp(recrypt, data->mit_id)) status = FAILURE;
- }
-
- if (status == SUCCESS)
- {
- /* We made it. Now we can finish initializing message. */
- /* Point leftover to whatever is left over! */
- message->leftover = temp;
- message->leftover_len = len;
- /* Since we know we have the right user, fill in the information
- from the Moira database. */
- message->db.reg_status = data->reg_status;
- (void) strncpy(message->db.uid,data->uid, sizeof(message->db.uid));
- (void) strncpy(message->db.mit_id,data->mit_id,
- sizeof(message->db.mit_id));
- (void) strncpy(message->db.login,data->login, sizeof(message->db.login));
- }
-
-#ifdef DEBUG
- if (status)
- com_err(whoami, status, " in parse_encrypted");
- else
- com_err(whoami, status, "parse_encrypted succeeded");
-#endif
+ des_cblock key; /* The key for DES en/decryption */
+ des_key_schedule sched; /* En/decryption schedule */
+ static char decrypt[BUFSIZ]; /* Buffer to hold decrypted information */
+ long decrypt_len; /* Length of decypted ID information */
+ static char hashid[14]; /* Buffer to hold one-way encrypted ID */
+ char idnumber[BUFSIZ]; /* Buffer to hold plain-text ID */
+ char *temp; /* A temporary string pointer */
+ int len; /* Keeps track of length left in packet */
+ int status = SUCCESS; /* Error status */
+
+ /* Make the decrypted information length the same as the encrypted
+ information length. Both are integral multples of eight bytes
+ because of the DES encryption routines. */
+ decrypt_len = message->encrypted_len;
+
+ /* Get key from the possibly one-way encrypted ID in the Moira database */
+ if (data->mit_id[0] >= '0' && data->mit_id[0] <= '9')
+ {
+ char buf[32];
+
+ EncryptID(buf, data->mit_id, message->first, message->last);
+ des_string_to_key(buf, key);
+ }
+ else
+ des_string_to_key(data->mit_id, key);
+
+ /* Get schedule from key */
+ des_key_sched(key, sched);
+ /* Decrypt information from packet using this key. Since decrypt_len
+ is an integral multiple of eight bytes, it will probably be null-
+ padded. */
+ des_pcbc_encrypt(message->encrypted, decrypt, decrypt_len,
+ sched, key, DES_DECRYPT);
+
+ /* Extract the plain text and encrypted ID fields from the decrypted
+ packet information. */
+ /* Since the decrypted information starts with the plain-text ID
+ followed by a null, if the decryption worked, this will only
+ copy the plain text part of the decrypted information. It is
+ important that strncpy be used because if we are not using the
+ correct key, there is no guarantee that a null will occur
+ anywhere in the string. */
+ strncpy(idnumber, decrypt, decrypt_len);
+ /* Check that the idnumber of a mismatched decryption doesn't overflow
+ * the buffer. */
+ if (strlen(idnumber) != 9)
+ return FAILURE;
+
+ /* Point temp to the end of the plain text ID number. */
+ temp = decrypt + strlen(idnumber) + 1;
+ /* Find out how much more packet there is. */
+ len = message->encrypted_len - (temp - decrypt);
+ /* Copy the next CRYPT_LEN bytes of the decrypted information into
+ hashid if there are CRYPT_LEN more bytes to copy. There will be
+ if we have the right key. */
+ strncpy(hashid, temp, min(len, CRYPT_LEN));
+ /* Point temp to the end of the encrypted ID field */
+ temp += strlen(hashid) + 1;
+ /* Find out how much more room there is. */
+ len = message->encrypted_len - (temp - decrypt);
+
+ /* Now compare encrypted ID and clear text ID for a match. */
+ if (strcmp(hashid, data->mit_id) &&
+ strcmp(idnumber, data->mit_id))
+ status = FAILURE;
+
+ if (status == SUCCESS)
+ {
+ /* We made it. Now we can finish initializing message. */
+ /* Point leftover to whatever is left over! */
+ message->leftover = temp;
+ message->leftover_len = len;
+ /* Since we know we have the right user, fill in the information
+ from the Moira database. */
+ message->db.reg_status = data->reg_status;
+ strncpy(message->db.uid, data->uid, sizeof(message->db.uid));
+ strncpy(message->db.mit_id, data->mit_id, sizeof(message->db.mit_id));
+ strncpy(message->db.login, data->login, sizeof(message->db.login));
+ }