1 /* $NetBSD: crypto-des3.c,v 1.2 2011/07/01 02:10:19 joerg Exp $ */ 2 3 /* 4 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include "krb5_locl.h" 37 38 /* 39 * 40 */ 41 42 static void 43 DES3_random_key(krb5_context context, 44 krb5_keyblock *key) 45 { 46 DES_cblock *k = key->keyvalue.data; 47 do { 48 krb5_generate_random_block(k, 3 * sizeof(DES_cblock)); 49 DES_set_odd_parity(&k[0]); 50 DES_set_odd_parity(&k[1]); 51 DES_set_odd_parity(&k[2]); 52 } while(DES_is_weak_key(&k[0]) || 53 DES_is_weak_key(&k[1]) || 54 DES_is_weak_key(&k[2])); 55 } 56 57 58 #ifdef DES3_OLD_ENCTYPE 59 static struct _krb5_key_type keytype_des3 = { 60 KEYTYPE_DES3, 61 "des3", 62 168, 63 24, 64 sizeof(struct _krb5_evp_schedule), 65 DES3_random_key, 66 _krb5_evp_schedule, 67 _krb5_des3_salt, 68 _krb5_DES3_random_to_key, 69 _krb5_evp_cleanup, 70 EVP_des_ede3_cbc 71 }; 72 #endif 73 74 static struct _krb5_key_type keytype_des3_derived = { 75 KEYTYPE_DES3, 76 "des3", 77 168, 78 24, 79 sizeof(struct _krb5_evp_schedule), 80 DES3_random_key, 81 _krb5_evp_schedule, 82 _krb5_des3_salt_derived, 83 _krb5_DES3_random_to_key, 84 _krb5_evp_cleanup, 85 EVP_des_ede3_cbc 86 }; 87 88 #ifdef DES3_OLD_ENCTYPE 89 static krb5_error_code 90 RSA_MD5_DES3_checksum(krb5_context context, 91 struct _krb5_key_data *key, 92 const void *data, 93 size_t len, 94 unsigned usage, 95 Checksum *C) 96 { 97 return _krb5_des_checksum(context, EVP_md5(), key, data, len, C); 98 } 99 100 static krb5_error_code 101 RSA_MD5_DES3_verify(krb5_context context, 102 struct _krb5_key_data *key, 103 const void *data, 104 size_t len, 105 unsigned usage, 106 Checksum *C) 107 { 108 return _krb5_des_verify(context, EVP_md5(), key, data, len, C); 109 } 110 111 struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3 = { 112 CKSUMTYPE_RSA_MD5_DES3, 113 "rsa-md5-des3", 114 64, 115 24, 116 F_KEYED | F_CPROOF | F_VARIANT, 117 RSA_MD5_DES3_checksum, 118 RSA_MD5_DES3_verify 119 }; 120 #endif 121 122 struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3 = { 123 CKSUMTYPE_HMAC_SHA1_DES3, 124 "hmac-sha1-des3", 125 64, 126 20, 127 F_KEYED | F_CPROOF | F_DERIVED, 128 _krb5_SP_HMAC_SHA1_checksum, 129 NULL 130 }; 131 132 #ifdef DES3_OLD_ENCTYPE 133 struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5 = { 134 ETYPE_DES3_CBC_MD5, 135 "des3-cbc-md5", 136 8, 137 8, 138 8, 139 &keytype_des3, 140 &_krb5_checksum_rsa_md5, 141 &_krb5_checksum_rsa_md5_des3, 142 0, 143 _krb5_evp_encrypt, 144 0, 145 NULL 146 }; 147 #endif 148 149 struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1 = { 150 ETYPE_DES3_CBC_SHA1, 151 "des3-cbc-sha1", 152 8, 153 8, 154 8, 155 &keytype_des3_derived, 156 &_krb5_checksum_sha1, 157 &_krb5_checksum_hmac_sha1_des3, 158 F_DERIVED, 159 _krb5_evp_encrypt, 160 0, 161 NULL 162 }; 163 164 #ifdef DES3_OLD_ENCTYPE 165 struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1 = { 166 ETYPE_OLD_DES3_CBC_SHA1, 167 "old-des3-cbc-sha1", 168 8, 169 8, 170 8, 171 &keytype_des3, 172 &_krb5_checksum_sha1, 173 &_krb5_checksum_hmac_sha1_des3, 174 0, 175 _krb5_evp_encrypt, 176 0, 177 NULL 178 }; 179 #endif 180 181 struct _krb5_encryption_type _krb5_enctype_des3_cbc_none = { 182 ETYPE_DES3_CBC_NONE, 183 "des3-cbc-none", 184 8, 185 8, 186 0, 187 &keytype_des3_derived, 188 &_krb5_checksum_none, 189 NULL, 190 F_PSEUDO, 191 _krb5_evp_encrypt, 192 0, 193 NULL 194 }; 195 196 void 197 _krb5_DES3_random_to_key(krb5_context context, 198 krb5_keyblock *key, 199 const void *data, 200 size_t size) 201 { 202 unsigned char *x = key->keyvalue.data; 203 const u_char *q = data; 204 DES_cblock *k; 205 int i, j; 206 207 memset(x, 0, 32); 208 for (i = 0; i < 3; ++i) { 209 unsigned char foo; 210 for (j = 0; j < 7; ++j) { 211 unsigned char b = q[7 * i + j]; 212 213 x[8 * i + j] = b; 214 } 215 foo = 0; 216 for (j = 6; j >= 0; --j) { 217 foo |= q[7 * i + j] & 1; 218 foo <<= 1; 219 } 220 x[8 * i + 7] = foo; 221 } 222 k = key->keyvalue.data; 223 for (i = 0; i < 3; i++) { 224 DES_set_odd_parity(&k[i]); 225 if(DES_is_weak_key(&k[i])) 226 _krb5_xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); 227 } 228 } 229