salt-des3.c revision 226031 
138889Sjdp/*
285815Sobrien * Copyright (c) 1997 - 2008 Kungliga Tekniska H��gskolan
338889Sjdp * (Royal Institute of Technology, Stockholm, Sweden).
438889Sjdp * All rights reserved.
538889Sjdp *
638889Sjdp * Redistribution and use in source and binary forms, with or without
738889Sjdp * modification, are permitted provided that the following conditions
838889Sjdp * are met:
938889Sjdp *
1038889Sjdp * 1. Redistributions of source code must retain the above copyright
1138889Sjdp *    notice, this list of conditions and the following disclaimer.
1238889Sjdp *
1338889Sjdp * 2. Redistributions in binary form must reproduce the above copyright
1438889Sjdp *    notice, this list of conditions and the following disclaimer in the
1538889Sjdp *    documentation and/or other materials provided with the distribution.
1638889Sjdp *
1738889Sjdp * 3. Neither the name of the Institute nor the names of its contributors
1838889Sjdp *    may be used to endorse or promote products derived from this software
1938889Sjdp *    without specific prior written permission.
2038889Sjdp *
2138889Sjdp * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
2238889Sjdp * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2338889Sjdp * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2438889Sjdp * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
2538889Sjdp * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2638889Sjdp * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2785815Sobrien * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2885815Sobrien * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2985815Sobrien * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
3038889Sjdp * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3138889Sjdp * SUCH DAMAGE.
3238889Sjdp */
3338889Sjdp
3485815Sobrien#include "krb5_locl.h"
3538889Sjdp
3685815Sobrien#ifdef DES3_OLD_ENCTYPE
3738889Sjdpstatic krb5_error_code
3838889SjdpDES3_string_to_key(krb5_context context,
3938889Sjdp		   krb5_enctype enctype,
4038889Sjdp		   krb5_data password,
4138889Sjdp		   krb5_salt salt,
4238889Sjdp		   krb5_data opaque,
4385815Sobrien		   krb5_keyblock *key)
4485815Sobrien{
4585815Sobrien    char *str;
4685815Sobrien    size_t len;
4785815Sobrien    unsigned char tmp[24];
4838889Sjdp    DES_cblock keys[3];
4938889Sjdp    krb5_error_code ret;
5038889Sjdp
5185815Sobrien    len = password.length + salt.saltvalue.length;
5285815Sobrien    str = malloc(len);
5338889Sjdp    if(len != 0 && str == NULL) {
5438889Sjdp	krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
5538889Sjdp	return ENOMEM;
5638889Sjdp    }
5738889Sjdp    memcpy(str, password.data, password.length);
5838889Sjdp    memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length);
5938889Sjdp    {
6038889Sjdp	DES_cblock ivec;
6138889Sjdp	DES_key_schedule s[3];
6238889Sjdp	int i;
6338889Sjdp
6438889Sjdp	ret = _krb5_n_fold(str, len, tmp, 24);
6585815Sobrien	if (ret) {
6685815Sobrien	    memset(str, 0, len);
6738889Sjdp	    free(str);
6838889Sjdp	    krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
69	    return ret;
70	}
71
72	for(i = 0; i < 3; i++){
73	    memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
74	    DES_set_odd_parity(keys + i);
75	    if(DES_is_weak_key(keys + i))
76		_krb5_xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
77	    DES_set_key_unchecked(keys + i, &s[i]);
78	}
79	memset(&ivec, 0, sizeof(ivec));
80	DES_ede3_cbc_encrypt(tmp,
81			     tmp, sizeof(tmp),
82			     &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT);
83	memset(s, 0, sizeof(s));
84	memset(&ivec, 0, sizeof(ivec));
85	for(i = 0; i < 3; i++){
86	    memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
87	    DES_set_odd_parity(keys + i);
88	    if(DES_is_weak_key(keys + i))
89		_krb5_xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
90	}
91	memset(tmp, 0, sizeof(tmp));
92    }
93    key->keytype = enctype;
94    krb5_data_copy(&key->keyvalue, keys, sizeof(keys));
95    memset(keys, 0, sizeof(keys));
96    memset(str, 0, len);
97    free(str);
98    return 0;
99}
100#endif
101
102static krb5_error_code
103DES3_string_to_key_derived(krb5_context context,
104			   krb5_enctype enctype,
105			   krb5_data password,
106			   krb5_salt salt,
107			   krb5_data opaque,
108			   krb5_keyblock *key)
109{
110    krb5_error_code ret;
111    size_t len = password.length + salt.saltvalue.length;
112    char *s;
113
114    s = malloc(len);
115    if(len != 0 && s == NULL) {
116	krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
117	return ENOMEM;
118    }
119    memcpy(s, password.data, password.length);
120    memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
121    ret = krb5_string_to_key_derived(context,
122				     s,
123				     len,
124				     enctype,
125				     key);
126    memset(s, 0, len);
127    free(s);
128    return ret;
129}
130
131
132#ifdef DES3_OLD_ENCTYPE
133struct salt_type _krb5_des3_salt[] = {
134    {
135	KRB5_PW_SALT,
136	"pw-salt",
137	DES3_string_to_key
138    },
139    { 0 }
140};
141#endif
142
143struct salt_type _krb5_des3_salt_derived[] = {
144    {
145	KRB5_PW_SALT,
146	"pw-salt",
147	DES3_string_to_key_derived
148    },
149    { 0 }
150};
151