1226031Sstas/* 2226031Sstas * Copyright (c) 1997 - 2008 Kungliga Tekniska H��gskolan 3226031Sstas * (Royal Institute of Technology, Stockholm, Sweden). 4226031Sstas * All rights reserved. 5226031Sstas * 6226031Sstas * Redistribution and use in source and binary forms, with or without 7226031Sstas * modification, are permitted provided that the following conditions 8226031Sstas * are met: 9226031Sstas * 10226031Sstas * 1. Redistributions of source code must retain the above copyright 11226031Sstas * notice, this list of conditions and the following disclaimer. 12226031Sstas * 13226031Sstas * 2. Redistributions in binary form must reproduce the above copyright 14226031Sstas * notice, this list of conditions and the following disclaimer in the 15226031Sstas * documentation and/or other materials provided with the distribution. 16226031Sstas * 17226031Sstas * 3. Neither the name of the Institute nor the names of its contributors 18226031Sstas * may be used to endorse or promote products derived from this software 19226031Sstas * without specific prior written permission. 20226031Sstas * 21226031Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22226031Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23226031Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24226031Sstas * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25226031Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26226031Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27226031Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28226031Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29226031Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30226031Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31226031Sstas * SUCH DAMAGE. 32226031Sstas */ 33226031Sstas 34226031Sstas#include "krb5_locl.h" 35226031Sstas 36226031Sstas#ifdef DES3_OLD_ENCTYPE 37226031Sstasstatic krb5_error_code 38226031SstasDES3_string_to_key(krb5_context context, 39226031Sstas krb5_enctype enctype, 40226031Sstas krb5_data password, 41226031Sstas krb5_salt salt, 42226031Sstas krb5_data opaque, 43226031Sstas krb5_keyblock *key) 44226031Sstas{ 45226031Sstas char *str; 46226031Sstas size_t len; 47226031Sstas unsigned char tmp[24]; 48226031Sstas DES_cblock keys[3]; 49226031Sstas krb5_error_code ret; 50226031Sstas 51226031Sstas len = password.length + salt.saltvalue.length; 52226031Sstas str = malloc(len); 53226031Sstas if(len != 0 && str == NULL) { 54226031Sstas krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 55226031Sstas return ENOMEM; 56226031Sstas } 57226031Sstas memcpy(str, password.data, password.length); 58226031Sstas memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length); 59226031Sstas { 60226031Sstas DES_cblock ivec; 61226031Sstas DES_key_schedule s[3]; 62226031Sstas int i; 63226031Sstas 64226031Sstas ret = _krb5_n_fold(str, len, tmp, 24); 65226031Sstas if (ret) { 66226031Sstas memset(str, 0, len); 67226031Sstas free(str); 68226031Sstas krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 69226031Sstas return ret; 70226031Sstas } 71226031Sstas 72226031Sstas for(i = 0; i < 3; i++){ 73226031Sstas memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); 74226031Sstas DES_set_odd_parity(keys + i); 75226031Sstas if(DES_is_weak_key(keys + i)) 76226031Sstas _krb5_xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); 77226031Sstas DES_set_key_unchecked(keys + i, &s[i]); 78226031Sstas } 79226031Sstas memset(&ivec, 0, sizeof(ivec)); 80226031Sstas DES_ede3_cbc_encrypt(tmp, 81226031Sstas tmp, sizeof(tmp), 82226031Sstas &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT); 83226031Sstas memset(s, 0, sizeof(s)); 84226031Sstas memset(&ivec, 0, sizeof(ivec)); 85226031Sstas for(i = 0; i < 3; i++){ 86226031Sstas memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); 87226031Sstas DES_set_odd_parity(keys + i); 88226031Sstas if(DES_is_weak_key(keys + i)) 89226031Sstas _krb5_xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); 90226031Sstas } 91226031Sstas memset(tmp, 0, sizeof(tmp)); 92226031Sstas } 93226031Sstas key->keytype = enctype; 94226031Sstas krb5_data_copy(&key->keyvalue, keys, sizeof(keys)); 95226031Sstas memset(keys, 0, sizeof(keys)); 96226031Sstas memset(str, 0, len); 97226031Sstas free(str); 98226031Sstas return 0; 99226031Sstas} 100226031Sstas#endif 101226031Sstas 102226031Sstasstatic krb5_error_code 103226031SstasDES3_string_to_key_derived(krb5_context context, 104226031Sstas krb5_enctype enctype, 105226031Sstas krb5_data password, 106226031Sstas krb5_salt salt, 107226031Sstas krb5_data opaque, 108226031Sstas krb5_keyblock *key) 109226031Sstas{ 110226031Sstas krb5_error_code ret; 111226031Sstas size_t len = password.length + salt.saltvalue.length; 112226031Sstas char *s; 113226031Sstas 114226031Sstas s = malloc(len); 115226031Sstas if(len != 0 && s == NULL) { 116226031Sstas krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); 117226031Sstas return ENOMEM; 118226031Sstas } 119226031Sstas memcpy(s, password.data, password.length); 120226031Sstas memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); 121226031Sstas ret = krb5_string_to_key_derived(context, 122226031Sstas s, 123226031Sstas len, 124226031Sstas enctype, 125226031Sstas key); 126226031Sstas memset(s, 0, len); 127226031Sstas free(s); 128226031Sstas return ret; 129226031Sstas} 130226031Sstas 131226031Sstas 132226031Sstas#ifdef DES3_OLD_ENCTYPE 133226031Sstasstruct salt_type _krb5_des3_salt[] = { 134226031Sstas { 135226031Sstas KRB5_PW_SALT, 136226031Sstas "pw-salt", 137226031Sstas DES3_string_to_key 138226031Sstas }, 139226031Sstas { 0 } 140226031Sstas}; 141226031Sstas#endif 142226031Sstas 143226031Sstasstruct salt_type _krb5_des3_salt_derived[] = { 144226031Sstas { 145226031Sstas KRB5_PW_SALT, 146226031Sstas "pw-salt", 147226031Sstas DES3_string_to_key_derived 148226031Sstas }, 149226031Sstas { 0 } 150226031Sstas}; 151