1*ae771770SStanislav Sedov /*
2*ae771770SStanislav Sedov * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3*ae771770SStanislav Sedov * (Royal Institute of Technology, Stockholm, Sweden).
4*ae771770SStanislav Sedov * All rights reserved.
5*ae771770SStanislav Sedov *
6*ae771770SStanislav Sedov * Redistribution and use in source and binary forms, with or without
7*ae771770SStanislav Sedov * modification, are permitted provided that the following conditions
8*ae771770SStanislav Sedov * are met:
9*ae771770SStanislav Sedov *
10*ae771770SStanislav Sedov * 1. Redistributions of source code must retain the above copyright
11*ae771770SStanislav Sedov * notice, this list of conditions and the following disclaimer.
12*ae771770SStanislav Sedov *
13*ae771770SStanislav Sedov * 2. Redistributions in binary form must reproduce the above copyright
14*ae771770SStanislav Sedov * notice, this list of conditions and the following disclaimer in the
15*ae771770SStanislav Sedov * documentation and/or other materials provided with the distribution.
16*ae771770SStanislav Sedov *
17*ae771770SStanislav Sedov * 3. Neither the name of the Institute nor the names of its contributors
18*ae771770SStanislav Sedov * may be used to endorse or promote products derived from this software
19*ae771770SStanislav Sedov * without specific prior written permission.
20*ae771770SStanislav Sedov *
21*ae771770SStanislav Sedov * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22*ae771770SStanislav Sedov * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23*ae771770SStanislav Sedov * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24*ae771770SStanislav Sedov * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25*ae771770SStanislav Sedov * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26*ae771770SStanislav Sedov * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27*ae771770SStanislav Sedov * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28*ae771770SStanislav Sedov * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29*ae771770SStanislav Sedov * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30*ae771770SStanislav Sedov * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31*ae771770SStanislav Sedov * SUCH DAMAGE.
32*ae771770SStanislav Sedov */
33*ae771770SStanislav Sedov
34*ae771770SStanislav Sedov #include "krb5_locl.h"
35*ae771770SStanislav Sedov
36*ae771770SStanislav Sedov /*
37*ae771770SStanislav Sedov *
38*ae771770SStanislav Sedov */
39*ae771770SStanislav Sedov
40*ae771770SStanislav Sedov static void
DES3_random_key(krb5_context context,krb5_keyblock * key)41*ae771770SStanislav Sedov DES3_random_key(krb5_context context,
42*ae771770SStanislav Sedov krb5_keyblock *key)
43*ae771770SStanislav Sedov {
44*ae771770SStanislav Sedov DES_cblock *k = key->keyvalue.data;
45*ae771770SStanislav Sedov do {
46*ae771770SStanislav Sedov krb5_generate_random_block(k, 3 * sizeof(DES_cblock));
47*ae771770SStanislav Sedov DES_set_odd_parity(&k[0]);
48*ae771770SStanislav Sedov DES_set_odd_parity(&k[1]);
49*ae771770SStanislav Sedov DES_set_odd_parity(&k[2]);
50*ae771770SStanislav Sedov } while(DES_is_weak_key(&k[0]) ||
51*ae771770SStanislav Sedov DES_is_weak_key(&k[1]) ||
52*ae771770SStanislav Sedov DES_is_weak_key(&k[2]));
53*ae771770SStanislav Sedov }
54*ae771770SStanislav Sedov
55*ae771770SStanislav Sedov
56*ae771770SStanislav Sedov #ifdef DES3_OLD_ENCTYPE
57*ae771770SStanislav Sedov static struct _krb5_key_type keytype_des3 = {
58*ae771770SStanislav Sedov ETYPE_OLD_DES3_CBC_SHA1,
59*ae771770SStanislav Sedov "des3",
60*ae771770SStanislav Sedov 168,
61*ae771770SStanislav Sedov 24,
62*ae771770SStanislav Sedov sizeof(struct _krb5_evp_schedule),
63*ae771770SStanislav Sedov DES3_random_key,
64*ae771770SStanislav Sedov _krb5_evp_schedule,
65*ae771770SStanislav Sedov _krb5_des3_salt,
66*ae771770SStanislav Sedov _krb5_DES3_random_to_key,
67*ae771770SStanislav Sedov _krb5_evp_cleanup,
68*ae771770SStanislav Sedov EVP_des_ede3_cbc
69*ae771770SStanislav Sedov };
70*ae771770SStanislav Sedov #endif
71*ae771770SStanislav Sedov
72*ae771770SStanislav Sedov static struct _krb5_key_type keytype_des3_derived = {
73*ae771770SStanislav Sedov ETYPE_OLD_DES3_CBC_SHA1,
74*ae771770SStanislav Sedov "des3",
75*ae771770SStanislav Sedov 168,
76*ae771770SStanislav Sedov 24,
77*ae771770SStanislav Sedov sizeof(struct _krb5_evp_schedule),
78*ae771770SStanislav Sedov DES3_random_key,
79*ae771770SStanislav Sedov _krb5_evp_schedule,
80*ae771770SStanislav Sedov _krb5_des3_salt_derived,
81*ae771770SStanislav Sedov _krb5_DES3_random_to_key,
82*ae771770SStanislav Sedov _krb5_evp_cleanup,
83*ae771770SStanislav Sedov EVP_des_ede3_cbc
84*ae771770SStanislav Sedov };
85*ae771770SStanislav Sedov
86*ae771770SStanislav Sedov #ifdef DES3_OLD_ENCTYPE
87*ae771770SStanislav Sedov static krb5_error_code
RSA_MD5_DES3_checksum(krb5_context context,struct _krb5_key_data * key,const void * data,size_t len,unsigned usage,Checksum * C)88*ae771770SStanislav Sedov RSA_MD5_DES3_checksum(krb5_context context,
89*ae771770SStanislav Sedov struct _krb5_key_data *key,
90*ae771770SStanislav Sedov const void *data,
91*ae771770SStanislav Sedov size_t len,
92*ae771770SStanislav Sedov unsigned usage,
93*ae771770SStanislav Sedov Checksum *C)
94*ae771770SStanislav Sedov {
95*ae771770SStanislav Sedov return _krb5_des_checksum(context, EVP_md5(), key, data, len, C);
96*ae771770SStanislav Sedov }
97*ae771770SStanislav Sedov
98*ae771770SStanislav Sedov static krb5_error_code
RSA_MD5_DES3_verify(krb5_context context,struct _krb5_key_data * key,const void * data,size_t len,unsigned usage,Checksum * C)99*ae771770SStanislav Sedov RSA_MD5_DES3_verify(krb5_context context,
100*ae771770SStanislav Sedov struct _krb5_key_data *key,
101*ae771770SStanislav Sedov const void *data,
102*ae771770SStanislav Sedov size_t len,
103*ae771770SStanislav Sedov unsigned usage,
104*ae771770SStanislav Sedov Checksum *C)
105*ae771770SStanislav Sedov {
106*ae771770SStanislav Sedov return _krb5_des_verify(context, EVP_md5(), key, data, len, C);
107*ae771770SStanislav Sedov }
108*ae771770SStanislav Sedov
109*ae771770SStanislav Sedov struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3 = {
110*ae771770SStanislav Sedov CKSUMTYPE_RSA_MD5_DES3,
111*ae771770SStanislav Sedov "rsa-md5-des3",
112*ae771770SStanislav Sedov 64,
113*ae771770SStanislav Sedov 24,
114*ae771770SStanislav Sedov F_KEYED | F_CPROOF | F_VARIANT,
115*ae771770SStanislav Sedov RSA_MD5_DES3_checksum,
116*ae771770SStanislav Sedov RSA_MD5_DES3_verify
117*ae771770SStanislav Sedov };
118*ae771770SStanislav Sedov #endif
119*ae771770SStanislav Sedov
120*ae771770SStanislav Sedov struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3 = {
121*ae771770SStanislav Sedov CKSUMTYPE_HMAC_SHA1_DES3,
122*ae771770SStanislav Sedov "hmac-sha1-des3",
123*ae771770SStanislav Sedov 64,
124*ae771770SStanislav Sedov 20,
125*ae771770SStanislav Sedov F_KEYED | F_CPROOF | F_DERIVED,
126*ae771770SStanislav Sedov _krb5_SP_HMAC_SHA1_checksum,
127*ae771770SStanislav Sedov NULL
128*ae771770SStanislav Sedov };
129*ae771770SStanislav Sedov
130*ae771770SStanislav Sedov #ifdef DES3_OLD_ENCTYPE
131*ae771770SStanislav Sedov struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5 = {
132*ae771770SStanislav Sedov ETYPE_DES3_CBC_MD5,
133*ae771770SStanislav Sedov "des3-cbc-md5",
134*ae771770SStanislav Sedov 8,
135*ae771770SStanislav Sedov 8,
136*ae771770SStanislav Sedov 8,
137*ae771770SStanislav Sedov &keytype_des3,
138*ae771770SStanislav Sedov &_krb5_checksum_rsa_md5,
139*ae771770SStanislav Sedov &_krb5_checksum_rsa_md5_des3,
140*ae771770SStanislav Sedov 0,
141*ae771770SStanislav Sedov _krb5_evp_encrypt,
142*ae771770SStanislav Sedov 0,
143*ae771770SStanislav Sedov NULL
144*ae771770SStanislav Sedov };
145*ae771770SStanislav Sedov #endif
146*ae771770SStanislav Sedov
147*ae771770SStanislav Sedov struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1 = {
148*ae771770SStanislav Sedov ETYPE_DES3_CBC_SHA1,
149*ae771770SStanislav Sedov "des3-cbc-sha1",
150*ae771770SStanislav Sedov 8,
151*ae771770SStanislav Sedov 8,
152*ae771770SStanislav Sedov 8,
153*ae771770SStanislav Sedov &keytype_des3_derived,
154*ae771770SStanislav Sedov &_krb5_checksum_sha1,
155*ae771770SStanislav Sedov &_krb5_checksum_hmac_sha1_des3,
156*ae771770SStanislav Sedov F_DERIVED,
157*ae771770SStanislav Sedov _krb5_evp_encrypt,
158*ae771770SStanislav Sedov 0,
159*ae771770SStanislav Sedov NULL
160*ae771770SStanislav Sedov };
161*ae771770SStanislav Sedov
162*ae771770SStanislav Sedov #ifdef DES3_OLD_ENCTYPE
163*ae771770SStanislav Sedov struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1 = {
164*ae771770SStanislav Sedov ETYPE_OLD_DES3_CBC_SHA1,
165*ae771770SStanislav Sedov "old-des3-cbc-sha1",
166*ae771770SStanislav Sedov 8,
167*ae771770SStanislav Sedov 8,
168*ae771770SStanislav Sedov 8,
169*ae771770SStanislav Sedov &keytype_des3,
170*ae771770SStanislav Sedov &_krb5_checksum_sha1,
171*ae771770SStanislav Sedov &_krb5_checksum_hmac_sha1_des3,
172*ae771770SStanislav Sedov 0,
173*ae771770SStanislav Sedov _krb5_evp_encrypt,
174*ae771770SStanislav Sedov 0,
175*ae771770SStanislav Sedov NULL
176*ae771770SStanislav Sedov };
177*ae771770SStanislav Sedov #endif
178*ae771770SStanislav Sedov
179*ae771770SStanislav Sedov struct _krb5_encryption_type _krb5_enctype_des3_cbc_none = {
180*ae771770SStanislav Sedov ETYPE_DES3_CBC_NONE,
181*ae771770SStanislav Sedov "des3-cbc-none",
182*ae771770SStanislav Sedov 8,
183*ae771770SStanislav Sedov 8,
184*ae771770SStanislav Sedov 0,
185*ae771770SStanislav Sedov &keytype_des3_derived,
186*ae771770SStanislav Sedov &_krb5_checksum_none,
187*ae771770SStanislav Sedov NULL,
188*ae771770SStanislav Sedov F_PSEUDO,
189*ae771770SStanislav Sedov _krb5_evp_encrypt,
190*ae771770SStanislav Sedov 0,
191*ae771770SStanislav Sedov NULL
192*ae771770SStanislav Sedov };
193*ae771770SStanislav Sedov
194*ae771770SStanislav Sedov void
_krb5_DES3_random_to_key(krb5_context context,krb5_keyblock * key,const void * data,size_t size)195*ae771770SStanislav Sedov _krb5_DES3_random_to_key(krb5_context context,
196*ae771770SStanislav Sedov krb5_keyblock *key,
197*ae771770SStanislav Sedov const void *data,
198*ae771770SStanislav Sedov size_t size)
199*ae771770SStanislav Sedov {
200*ae771770SStanislav Sedov unsigned char *x = key->keyvalue.data;
201*ae771770SStanislav Sedov const u_char *q = data;
202*ae771770SStanislav Sedov DES_cblock *k;
203*ae771770SStanislav Sedov int i, j;
204*ae771770SStanislav Sedov
205*ae771770SStanislav Sedov memset(key->keyvalue.data, 0, key->keyvalue.length);
206*ae771770SStanislav Sedov for (i = 0; i < 3; ++i) {
207*ae771770SStanislav Sedov unsigned char foo;
208*ae771770SStanislav Sedov for (j = 0; j < 7; ++j) {
209*ae771770SStanislav Sedov unsigned char b = q[7 * i + j];
210*ae771770SStanislav Sedov
211*ae771770SStanislav Sedov x[8 * i + j] = b;
212*ae771770SStanislav Sedov }
213*ae771770SStanislav Sedov foo = 0;
214*ae771770SStanislav Sedov for (j = 6; j >= 0; --j) {
215*ae771770SStanislav Sedov foo |= q[7 * i + j] & 1;
216*ae771770SStanislav Sedov foo <<= 1;
217*ae771770SStanislav Sedov }
218*ae771770SStanislav Sedov x[8 * i + 7] = foo;
219*ae771770SStanislav Sedov }
220*ae771770SStanislav Sedov k = key->keyvalue.data;
221*ae771770SStanislav Sedov for (i = 0; i < 3; i++) {
222*ae771770SStanislav Sedov DES_set_odd_parity(&k[i]);
223*ae771770SStanislav Sedov if(DES_is_weak_key(&k[i]))
224*ae771770SStanislav Sedov _krb5_xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
225*ae771770SStanislav Sedov }
226*ae771770SStanislav Sedov }
227