xref: /freebsd/crypto/heimdal/lib/krb5/crypto-des-common.c (revision c6879c6c14eedbd060ba588a3129a6c60ebbe783) 
1 /*
2  * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 /* Functions which are used by both single and triple DES enctypes */
35 
36 #include "krb5_locl.h"
37 
38 /*
39  * A = A xor B. A & B are 8 bytes.
40  */
41 
42 void
_krb5_xor(DES_cblock * key,const unsigned char * b)43 _krb5_xor (DES_cblock *key, const unsigned char *b)
44 {
45     unsigned char *a = (unsigned char*)key;
46     a[0] ^= b[0];
47     a[1] ^= b[1];
48     a[2] ^= b[2];
49     a[3] ^= b[3];
50     a[4] ^= b[4];
51     a[5] ^= b[5];
52     a[6] ^= b[6];
53     a[7] ^= b[7];
54 }
55 
56 #if defined(DES3_OLD_ENCTYPE) || defined(HEIM_WEAK_CRYPTO)
57 krb5_error_code
_krb5_des_checksum(krb5_context context,const EVP_MD * evp_md,struct _krb5_key_data * key,const void * data,size_t len,Checksum * cksum)58 _krb5_des_checksum(krb5_context context,
59 		   const EVP_MD *evp_md,
60 		   struct _krb5_key_data *key,
61 		   const void *data,
62 		   size_t len,
63 		   Checksum *cksum)
64 {
65     struct _krb5_evp_schedule *ctx = key->schedule->data;
66     EVP_MD_CTX *m;
67     DES_cblock ivec;
68     unsigned char *p = cksum->checksum.data;
69 
70     krb5_generate_random_block(p, 8);
71 
72     m = EVP_MD_CTX_create();
73     if (m == NULL) {
74 	krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
75 	return ENOMEM;
76     }
77 
78     EVP_DigestInit_ex(m, evp_md, NULL);
79     EVP_DigestUpdate(m, p, 8);
80     EVP_DigestUpdate(m, data, len);
81     EVP_DigestFinal_ex (m, p + 8, NULL);
82     EVP_MD_CTX_destroy(m);
83     memset (&ivec, 0, sizeof(ivec));
84     EVP_CipherInit_ex(ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1);
85     EVP_Cipher(ctx->ectx, p, p, 24);
86 
87     return 0;
88 }
89 
90 krb5_error_code
_krb5_des_verify(krb5_context context,const EVP_MD * evp_md,struct _krb5_key_data * key,const void * data,size_t len,Checksum * C)91 _krb5_des_verify(krb5_context context,
92 		 const EVP_MD *evp_md,
93 		 struct _krb5_key_data *key,
94 		 const void *data,
95 		 size_t len,
96 		 Checksum *C)
97 {
98     struct _krb5_evp_schedule *ctx = key->schedule->data;
99     EVP_MD_CTX *m;
100     unsigned char tmp[24];
101     unsigned char res[16];
102     DES_cblock ivec;
103     krb5_error_code ret = 0;
104 
105     m = EVP_MD_CTX_create();
106     if (m == NULL) {
107 	krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
108 	return ENOMEM;
109     }
110 
111     memset(&ivec, 0, sizeof(ivec));
112     EVP_CipherInit_ex(ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1);
113     EVP_Cipher(ctx->dctx, tmp, C->checksum.data, 24);
114 
115     EVP_DigestInit_ex(m, evp_md, NULL);
116     EVP_DigestUpdate(m, tmp, 8); /* confounder */
117     EVP_DigestUpdate(m, data, len);
118     EVP_DigestFinal_ex (m, res, NULL);
119     EVP_MD_CTX_destroy(m);
120     if(ct_memcmp(res, tmp + 8, sizeof(res)) != 0) {
121 	krb5_clear_error_message (context);
122 	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
123     }
124     memset(tmp, 0, sizeof(tmp));
125     memset(res, 0, sizeof(res));
126     return ret;
127 }
128 
129 #endif
130 
131 static krb5_error_code
RSA_MD5_checksum(krb5_context context,struct _krb5_key_data * key,const void * data,size_t len,unsigned usage,Checksum * C)132 RSA_MD5_checksum(krb5_context context,
133 		 struct _krb5_key_data *key,
134 		 const void *data,
135 		 size_t len,
136 		 unsigned usage,
137 		 Checksum *C)
138 {
139     if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1)
140 	krb5_abortx(context, "md5 checksum failed");
141     return 0;
142 }
143 
144 struct _krb5_checksum_type _krb5_checksum_rsa_md5 = {
145     CKSUMTYPE_RSA_MD5,
146     "rsa-md5",
147     64,
148     16,
149     F_CPROOF,
150     RSA_MD5_checksum,
151     NULL
152 };
153