1226031Sstas/* 2226031Sstas * Copyright (c) 1997 - 2008 Kungliga Tekniska H��gskolan 3226031Sstas * (Royal Institute of Technology, Stockholm, Sweden). 4226031Sstas * All rights reserved. 5226031Sstas * 6226031Sstas * Redistribution and use in source and binary forms, with or without 7226031Sstas * modification, are permitted provided that the following conditions 8226031Sstas * are met: 9226031Sstas * 10226031Sstas * 1. Redistributions of source code must retain the above copyright 11226031Sstas * notice, this list of conditions and the following disclaimer. 12226031Sstas * 13226031Sstas * 2. Redistributions in binary form must reproduce the above copyright 14226031Sstas * notice, this list of conditions and the following disclaimer in the 15226031Sstas * documentation and/or other materials provided with the distribution. 16226031Sstas * 17226031Sstas * 3. Neither the name of the Institute nor the names of its contributors 18226031Sstas * may be used to endorse or promote products derived from this software 19226031Sstas * without specific prior written permission. 20226031Sstas * 21226031Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22226031Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23226031Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24226031Sstas * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25226031Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26226031Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27226031Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28226031Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29226031Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30226031Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31226031Sstas * SUCH DAMAGE. 32226031Sstas */ 33226031Sstas 34226031Sstas#include "krb5_locl.h" 35226031Sstas 36226031Sstas/* 37226031Sstas * 38226031Sstas */ 39226031Sstas 40226031Sstasstatic void 41226031SstasDES3_random_key(krb5_context context, 42226031Sstas krb5_keyblock *key) 43226031Sstas{ 44226031Sstas DES_cblock *k = key->keyvalue.data; 45226031Sstas do { 46226031Sstas krb5_generate_random_block(k, 3 * sizeof(DES_cblock)); 47226031Sstas DES_set_odd_parity(&k[0]); 48226031Sstas DES_set_odd_parity(&k[1]); 49226031Sstas DES_set_odd_parity(&k[2]); 50226031Sstas } while(DES_is_weak_key(&k[0]) || 51226031Sstas DES_is_weak_key(&k[1]) || 52226031Sstas DES_is_weak_key(&k[2])); 53226031Sstas} 54226031Sstas 55226031Sstas 56226031Sstas#ifdef DES3_OLD_ENCTYPE 57226031Sstasstatic struct _krb5_key_type keytype_des3 = { 58226031Sstas ETYPE_OLD_DES3_CBC_SHA1, 59226031Sstas "des3", 60226031Sstas 168, 61226031Sstas 24, 62226031Sstas sizeof(struct _krb5_evp_schedule), 63226031Sstas DES3_random_key, 64226031Sstas _krb5_evp_schedule, 65226031Sstas _krb5_des3_salt, 66226031Sstas _krb5_DES3_random_to_key, 67226031Sstas _krb5_evp_cleanup, 68226031Sstas EVP_des_ede3_cbc 69226031Sstas}; 70226031Sstas#endif 71226031Sstas 72226031Sstasstatic struct _krb5_key_type keytype_des3_derived = { 73226031Sstas ETYPE_OLD_DES3_CBC_SHA1, 74226031Sstas "des3", 75226031Sstas 168, 76226031Sstas 24, 77226031Sstas sizeof(struct _krb5_evp_schedule), 78226031Sstas DES3_random_key, 79226031Sstas _krb5_evp_schedule, 80226031Sstas _krb5_des3_salt_derived, 81226031Sstas _krb5_DES3_random_to_key, 82226031Sstas _krb5_evp_cleanup, 83226031Sstas EVP_des_ede3_cbc 84226031Sstas}; 85226031Sstas 86226031Sstas#ifdef DES3_OLD_ENCTYPE 87226031Sstasstatic krb5_error_code 88226031SstasRSA_MD5_DES3_checksum(krb5_context context, 89226031Sstas struct _krb5_key_data *key, 90226031Sstas const void *data, 91226031Sstas size_t len, 92226031Sstas unsigned usage, 93226031Sstas Checksum *C) 94226031Sstas{ 95226031Sstas return _krb5_des_checksum(context, EVP_md5(), key, data, len, C); 96226031Sstas} 97226031Sstas 98226031Sstasstatic krb5_error_code 99226031SstasRSA_MD5_DES3_verify(krb5_context context, 100226031Sstas struct _krb5_key_data *key, 101226031Sstas const void *data, 102226031Sstas size_t len, 103226031Sstas unsigned usage, 104226031Sstas Checksum *C) 105226031Sstas{ 106226031Sstas return _krb5_des_verify(context, EVP_md5(), key, data, len, C); 107226031Sstas} 108226031Sstas 109226031Sstasstruct _krb5_checksum_type _krb5_checksum_rsa_md5_des3 = { 110226031Sstas CKSUMTYPE_RSA_MD5_DES3, 111226031Sstas "rsa-md5-des3", 112226031Sstas 64, 113226031Sstas 24, 114226031Sstas F_KEYED | F_CPROOF | F_VARIANT, 115226031Sstas RSA_MD5_DES3_checksum, 116226031Sstas RSA_MD5_DES3_verify 117226031Sstas}; 118226031Sstas#endif 119226031Sstas 120226031Sstasstruct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3 = { 121226031Sstas CKSUMTYPE_HMAC_SHA1_DES3, 122226031Sstas "hmac-sha1-des3", 123226031Sstas 64, 124226031Sstas 20, 125226031Sstas F_KEYED | F_CPROOF | F_DERIVED, 126226031Sstas _krb5_SP_HMAC_SHA1_checksum, 127226031Sstas NULL 128226031Sstas}; 129226031Sstas 130226031Sstas#ifdef DES3_OLD_ENCTYPE 131226031Sstasstruct _krb5_encryption_type _krb5_enctype_des3_cbc_md5 = { 132226031Sstas ETYPE_DES3_CBC_MD5, 133226031Sstas "des3-cbc-md5", 134226031Sstas 8, 135226031Sstas 8, 136226031Sstas 8, 137226031Sstas &keytype_des3, 138226031Sstas &_krb5_checksum_rsa_md5, 139226031Sstas &_krb5_checksum_rsa_md5_des3, 140226031Sstas 0, 141226031Sstas _krb5_evp_encrypt, 142226031Sstas 0, 143226031Sstas NULL 144226031Sstas}; 145226031Sstas#endif 146226031Sstas 147226031Sstasstruct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1 = { 148226031Sstas ETYPE_DES3_CBC_SHA1, 149226031Sstas "des3-cbc-sha1", 150226031Sstas 8, 151226031Sstas 8, 152226031Sstas 8, 153226031Sstas &keytype_des3_derived, 154226031Sstas &_krb5_checksum_sha1, 155226031Sstas &_krb5_checksum_hmac_sha1_des3, 156226031Sstas F_DERIVED, 157226031Sstas _krb5_evp_encrypt, 158226031Sstas 0, 159226031Sstas NULL 160226031Sstas}; 161226031Sstas 162226031Sstas#ifdef DES3_OLD_ENCTYPE 163226031Sstasstruct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1 = { 164226031Sstas ETYPE_OLD_DES3_CBC_SHA1, 165226031Sstas "old-des3-cbc-sha1", 166226031Sstas 8, 167226031Sstas 8, 168226031Sstas 8, 169226031Sstas &keytype_des3, 170226031Sstas &_krb5_checksum_sha1, 171226031Sstas &_krb5_checksum_hmac_sha1_des3, 172226031Sstas 0, 173226031Sstas _krb5_evp_encrypt, 174226031Sstas 0, 175226031Sstas NULL 176226031Sstas}; 177226031Sstas#endif 178226031Sstas 179226031Sstasstruct _krb5_encryption_type _krb5_enctype_des3_cbc_none = { 180226031Sstas ETYPE_DES3_CBC_NONE, 181226031Sstas "des3-cbc-none", 182226031Sstas 8, 183226031Sstas 8, 184226031Sstas 0, 185226031Sstas &keytype_des3_derived, 186226031Sstas &_krb5_checksum_none, 187226031Sstas NULL, 188226031Sstas F_PSEUDO, 189226031Sstas _krb5_evp_encrypt, 190226031Sstas 0, 191226031Sstas NULL 192226031Sstas}; 193226031Sstas 194226031Sstasvoid 195226031Sstas_krb5_DES3_random_to_key(krb5_context context, 196226031Sstas krb5_keyblock *key, 197226031Sstas const void *data, 198226031Sstas size_t size) 199226031Sstas{ 200226031Sstas unsigned char *x = key->keyvalue.data; 201226031Sstas const u_char *q = data; 202226031Sstas DES_cblock *k; 203226031Sstas int i, j; 204226031Sstas 205226031Sstas memset(key->keyvalue.data, 0, key->keyvalue.length); 206226031Sstas for (i = 0; i < 3; ++i) { 207226031Sstas unsigned char foo; 208226031Sstas for (j = 0; j < 7; ++j) { 209226031Sstas unsigned char b = q[7 * i + j]; 210226031Sstas 211226031Sstas x[8 * i + j] = b; 212226031Sstas } 213226031Sstas foo = 0; 214226031Sstas for (j = 6; j >= 0; --j) { 215226031Sstas foo |= q[7 * i + j] & 1; 216226031Sstas foo <<= 1; 217226031Sstas } 218226031Sstas x[8 * i + 7] = foo; 219226031Sstas } 220226031Sstas k = key->keyvalue.data; 221226031Sstas for (i = 0; i < 3; i++) { 222226031Sstas DES_set_odd_parity(&k[i]); 223226031Sstas if(DES_is_weak_key(&k[i])) 224226031Sstas _krb5_xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); 225226031Sstas } 226226031Sstas} 227