1 /* 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * lib/crypto/des/string2key.c 8 * 9 * Copyright 1990,1991 by the Massachusetts Institute of Technology. 10 * All Rights Reserved. 11 * 12 * Export of this software from the United States of America may 13 * require a specific license from the United States Government. 14 * It is the responsibility of any person or organization contemplating 15 * export to obtain such a license before exporting. 16 * 17 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 18 * distribute this software and its documentation for any purpose and 19 * without fee is hereby granted, provided that the above copyright 20 * notice appear in all copies and that both that copyright notice and 21 * this permission notice appear in supporting documentation, and that 22 * the name of M.I.T. not be used in advertising or publicity pertaining 23 * to distribution of the software without specific, written prior 24 * permission. M.I.T. makes no representations about the suitability of 25 * this software for any purpose. It is provided "as is" without express 26 * or implied warranty. 27 */ 28 29 #include <k5-int.h> 30 #include <des_int.h> 31 32 /* 33 converts the string pointed to by "data" into an encryption key 34 of type "enctype". *keyblock is filled in with the key info; 35 in particular, keyblock->contents is to be set to allocated storage. 36 It is the responsibility of the caller to release this storage 37 when the generated key no longer needed. 38 39 The routine may use "salt" to seed or alter the conversion 40 algorithm. 41 42 If the particular function called does not know how to make a 43 key of type "enctype", an error may be returned. 44 45 returns: errors 46 */ 47 48 krb5_error_code 49 mit_des_string_to_key_int (krb5_context context, 50 krb5_keyblock *keyblock, 51 const krb5_data *data, 52 const krb5_data *salt) 53 { 54 krb5_error_code retval = KRB5_PROG_ETYPE_NOSUPP; 55 register char *str, *copystr; 56 register krb5_octet *key; 57 register unsigned temp; 58 register long i; 59 register int j; 60 register long length; 61 unsigned char *k_p; 62 int forward; 63 register char *p_char; 64 char k_char[64]; 65 66 #ifndef min 67 #define min(A, B) ((A) < (B) ? (A): (B)) 68 #endif 69 70 keyblock->magic = KV5M_KEYBLOCK; 71 keyblock->length = sizeof(mit_des_cblock); 72 key = keyblock->contents; 73 74 if (salt 75 && (salt->length == SALT_TYPE_AFS_LENGTH 76 /* XXX Yuck! Aren't we done with this yet? */ 77 || salt->length == (unsigned) -1)) { 78 krb5_data afssalt; 79 char *at; 80 81 afssalt.data = salt->data; 82 at = strchr(afssalt.data, '@'); 83 if (at) { 84 *at = 0; 85 afssalt.length = at - afssalt.data; 86 } else 87 afssalt.length = strlen(afssalt.data); 88 return mit_afs_string_to_key(context, keyblock, data, &afssalt); 89 } 90 91 length = data->length + (salt ? salt->length : 0); 92 93 copystr = malloc((size_t) length); 94 if (!copystr) { 95 return ENOMEM; 96 } 97 98 (void) memcpy(copystr, (char *) data->data, data->length); 99 if (salt) 100 (void) memcpy(copystr + data->length, (char *)salt->data, salt->length); 101 102 /* convert to des key */ 103 forward = 1; 104 p_char = k_char; 105 106 /* init key array for bits */ 107 (void) memset(k_char,0,sizeof(k_char)); 108 109 #if 0 110 if (mit_des_debug) 111 fprintf(stdout, 112 "\n\ninput str length = %d string = %*s\nstring = 0x ", 113 length,length,str); 114 #endif 115 116 str = copystr; 117 118 /* get next 8 bytes, strip parity, xor */ 119 for (i = 1; i <= length; i++) { 120 /* get next input key byte */ 121 temp = (unsigned int) *str++; 122 #if 0 123 if (mit_des_debug) 124 fprintf(stdout,"%02x ",temp & 0xff); 125 #endif 126 /* loop through bits within byte, ignore parity */ 127 for (j = 0; j <= 6; j++) { 128 if (forward) 129 *p_char++ ^= (int) temp & 01; 130 else 131 *--p_char ^= (int) temp & 01; 132 temp = temp >> 1; 133 } 134 135 /* check and flip direction */ 136 if ((i%8) == 0) 137 forward = !forward; 138 } 139 140 /* now stuff into the key mit_des_cblock, and force odd parity */ 141 p_char = k_char; 142 k_p = (unsigned char *) key; 143 144 for (i = 0; i <= 7; i++) { 145 temp = 0; 146 for (j = 0; j <= 6; j++) 147 temp |= *p_char++ << (1+j); 148 *k_p++ = (unsigned char) temp; 149 } 150 151 /* fix key parity */ 152 mit_des_fixup_key_parity(key); 153 if (mit_des_is_weak_key(key)) 154 ((krb5_octet *)key)[7] ^= 0xf0; 155 156 retval = mit_des_cbc_cksum(context, (unsigned char*)copystr, key, 157 length, keyblock, key); 158 159 /* clean & free the input string */ 160 (void) memset(copystr, 0, (size_t) length); 161 krb5_xfree(copystr); 162 163 /* now fix up key parity again */ 164 mit_des_fixup_key_parity(key); 165 if (mit_des_is_weak_key(key)) 166 ((krb5_octet *)key)[7] ^= 0xf0; 167 168 /* 169 * Because this routine actually modifies the original keyblock 170 * in place we cannot use the PKCS#11 key object handle created earlier. 171 * Destroy the existing object handle associated with the key, 172 * a correct handle will get created when the key is actually 173 * used for the first time. 174 */ 175 if (keyblock->hKey != CK_INVALID_HANDLE) { 176 (void)C_DestroyObject(krb_ctx_hSession(context), keyblock->hKey); 177 keyblock->hKey = CK_INVALID_HANDLE; 178 } 179 180 return retval; 181 } 182