1 /* 2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "krb5_locl.h" 35 36 #ifdef HEIM_WEAK_CRYPTO 37 38 #ifdef ENABLE_AFS_STRING_TO_KEY 39 40 /* This defines the Andrew string_to_key function. It accepts a password 41 * string as input and converts it via a one-way encryption algorithm to a DES 42 * encryption key. It is compatible with the original Andrew authentication 43 * service password database. 44 */ 45 46 /* 47 * Short passwords, i.e 8 characters or less. 48 */ 49 static void 50 krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, 51 krb5_data cell, 52 DES_cblock *key) 53 { 54 char password[8+1]; /* crypt is limited to 8 chars anyway */ 55 size_t i; 56 57 for(i = 0; i < 8; i++) { 58 char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^ 59 ((i < cell.length) ? 60 tolower(((unsigned char*)cell.data)[i]) : 0); 61 password[i] = c ? c : 'X'; 62 } 63 password[8] = '\0'; 64 65 memcpy(key, crypt(password, "p1") + 2, sizeof(DES_cblock)); 66 67 /* parity is inserted into the LSB so left shift each byte up one 68 bit. This allows ascii characters with a zero MSB to retain as 69 much significance as possible. */ 70 for (i = 0; i < sizeof(DES_cblock); i++) 71 ((unsigned char*)key)[i] <<= 1; 72 DES_set_odd_parity (key); 73 } 74 75 /* 76 * Long passwords, i.e 9 characters or more. 77 */ 78 static void 79 krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw, 80 krb5_data cell, 81 DES_cblock *key) 82 { 83 DES_key_schedule schedule; 84 DES_cblock temp_key; 85 DES_cblock ivec; 86 char password[512]; 87 size_t passlen; 88 89 memcpy(password, pw.data, min(pw.length, sizeof(password))); 90 if(pw.length < sizeof(password)) { 91 int len = min(cell.length, sizeof(password) - pw.length); 92 size_t i; 93 94 memcpy(password + pw.length, cell.data, len); 95 for (i = pw.length; i < pw.length + len; ++i) 96 password[i] = tolower((unsigned char)password[i]); 97 } 98 passlen = min(sizeof(password), pw.length + cell.length); 99 memcpy(&ivec, "kerberos", 8); 100 memcpy(&temp_key, "kerberos", 8); 101 DES_set_odd_parity (&temp_key); 102 DES_set_key_unchecked (&temp_key, &schedule); 103 DES_cbc_cksum ((void*)password, &ivec, passlen, &schedule, &ivec); 104 105 memcpy(&temp_key, &ivec, 8); 106 DES_set_odd_parity (&temp_key); 107 DES_set_key_unchecked (&temp_key, &schedule); 108 DES_cbc_cksum ((void*)password, key, passlen, &schedule, &ivec); 109 memset(&schedule, 0, sizeof(schedule)); 110 memset(&temp_key, 0, sizeof(temp_key)); 111 memset(&ivec, 0, sizeof(ivec)); 112 memset(password, 0, sizeof(password)); 113 114 DES_set_odd_parity (key); 115 } 116 117 static krb5_error_code 118 DES_AFS3_string_to_key(krb5_context context, 119 krb5_enctype enctype, 120 krb5_data password, 121 krb5_salt salt, 122 krb5_data opaque, 123 krb5_keyblock *key) 124 { 125 DES_cblock tmp; 126 if(password.length > 8) 127 krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp); 128 else 129 krb5_DES_AFS3_CMU_string_to_key(password, salt.saltvalue, &tmp); 130 key->keytype = enctype; 131 krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); 132 memset(&key, 0, sizeof(key)); 133 return 0; 134 } 135 #endif /* ENABLE_AFS_STRING_TO_KEY */ 136 137 static void 138 DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) 139 { 140 DES_key_schedule schedule; 141 size_t i; 142 int reverse = 0; 143 unsigned char *p; 144 145 unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, 146 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; 147 memset(key, 0, 8); 148 149 p = (unsigned char*)key; 150 for (i = 0; i < length; i++) { 151 unsigned char tmp = data[i]; 152 if (!reverse) 153 *p++ ^= (tmp << 1); 154 else 155 *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; 156 if((i % 8) == 7) 157 reverse = !reverse; 158 } 159 DES_set_odd_parity(key); 160 if(DES_is_weak_key(key)) 161 (*key)[7] ^= 0xF0; 162 DES_set_key_unchecked(key, &schedule); 163 DES_cbc_cksum((void*)data, key, length, &schedule, key); 164 memset(&schedule, 0, sizeof(schedule)); 165 DES_set_odd_parity(key); 166 if(DES_is_weak_key(key)) 167 (*key)[7] ^= 0xF0; 168 } 169 170 static krb5_error_code 171 krb5_DES_string_to_key(krb5_context context, 172 krb5_enctype enctype, 173 krb5_data password, 174 krb5_salt salt, 175 krb5_data opaque, 176 krb5_keyblock *key) 177 { 178 unsigned char *s; 179 size_t len; 180 DES_cblock tmp; 181 182 #ifdef ENABLE_AFS_STRING_TO_KEY 183 if (opaque.length == 1) { 184 unsigned long v; 185 _krb5_get_int(opaque.data, &v, 1); 186 if (v == 1) 187 return DES_AFS3_string_to_key(context, enctype, password, 188 salt, opaque, key); 189 } 190 #endif 191 192 len = password.length + salt.saltvalue.length; 193 s = malloc(len); 194 if(len > 0 && s == NULL) { 195 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 196 return ENOMEM; 197 } 198 memcpy(s, password.data, password.length); 199 memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); 200 DES_string_to_key_int(s, len, &tmp); 201 key->keytype = enctype; 202 krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); 203 memset(&tmp, 0, sizeof(tmp)); 204 memset(s, 0, len); 205 free(s); 206 return 0; 207 } 208 209 struct salt_type _krb5_des_salt[] = { 210 { 211 KRB5_PW_SALT, 212 "pw-salt", 213 krb5_DES_string_to_key 214 }, 215 #ifdef ENABLE_AFS_STRING_TO_KEY 216 { 217 KRB5_AFS3_SALT, 218 "afs3-salt", 219 DES_AFS3_string_to_key 220 }, 221 #endif 222 { 0 } 223 }; 224 #endif 225