kcrypto_des.c revision 184588
191100Sdes/*- 2115619Sdes * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ 3228690Sdes * Authors: Doug Rabson <dfr@rabson.org> 491100Sdes * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org> 591100Sdes * 691100Sdes * Redistribution and use in source and binary forms, with or without 799158Sdes * modification, are permitted provided that the following conditions 899158Sdes * are met: 999158Sdes * 1. Redistributions of source code must retain the above copyright 1091100Sdes * notice, this list of conditions and the following disclaimer. 1191100Sdes * 2. Redistributions in binary form must reproduce the above copyright 1291100Sdes * notice, this list of conditions and the following disclaimer in the 1391100Sdes * documentation and/or other materials provided with the distribution. 1491100Sdes * 1591100Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1691100Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1791100Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1891100Sdes * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1991100Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2091100Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2191100Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2291100Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2391100Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2491100Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2591100Sdes * SUCH DAMAGE. 2691100Sdes */ 2791100Sdes 2891100Sdes#include <sys/cdefs.h> 2991100Sdes__FBSDID("$FreeBSD: head/sys/kgssapi/krb5/kcrypto_des.c 184588 2008-11-03 10:38:00Z dfr $"); 3091100Sdes 3191100Sdes#include <sys/param.h> 3291100Sdes#include <sys/lock.h> 3391100Sdes#include <sys/kobj.h> 3491100Sdes#include <sys/malloc.h> 35255376Sdes#include <sys/md5.h> 3691100Sdes#include <sys/mutex.h> 3791100Sdes#include <sys/mbuf.h> 38228690Sdes#include <crypto/des/des.h> 39228690Sdes#include <opencrypto/cryptodev.h> 40228690Sdes 41228690Sdes#include <kgssapi/gssapi.h> 4291100Sdes#include <kgssapi/gssapi_impl.h> 4391100Sdes 4491100Sdes#include "kcrypto.h" 4591100Sdes 4691100Sdesstruct des1_state { 4791100Sdes struct mtx ds_lock; 4891100Sdes uint64_t ds_session; 4991100Sdes}; 5091100Sdes 5191100Sdesstatic void 5291100Sdesdes1_init(struct krb5_key_state *ks) 5391100Sdes{ 5491100Sdes struct des1_state *ds; 5591100Sdes 5691100Sdes ds = malloc(sizeof(struct des1_state), M_GSSAPI, M_WAITOK|M_ZERO); 5791100Sdes mtx_init(&ds->ds_lock, "gss des lock", NULL, MTX_DEF); 5891100Sdes ks->ks_priv = ds; 5991100Sdes} 6091100Sdes 61107937Sdesstatic void 62107937Sdesdes1_destroy(struct krb5_key_state *ks) 6391100Sdes{ 6491100Sdes struct des1_state *ds = ks->ks_priv; 6591100Sdes 6691100Sdes if (ds->ds_session) 6791100Sdes crypto_freesession(ds->ds_session); 6891100Sdes mtx_destroy(&ds->ds_lock); 6991100Sdes free(ks->ks_priv, M_GSSAPI); 7091100Sdes 7191100Sdes} 7291100Sdes 7391100Sdesstatic void 7491100Sdesdes1_set_key(struct krb5_key_state *ks, const void *in) 7591100Sdes{ 7691100Sdes void *kp = ks->ks_key; 7791100Sdes struct des1_state *ds = ks->ks_priv; 7891100Sdes struct cryptoini cri[1]; 7991100Sdes 8091100Sdes if (kp != in) 8191100Sdes bcopy(in, kp, ks->ks_class->ec_keylen); 8291100Sdes 8391100Sdes if (ds->ds_session) 8491100Sdes crypto_freesession(ds->ds_session); 8591100Sdes 86 bzero(cri, sizeof(cri)); 87 88 cri[0].cri_alg = CRYPTO_DES_CBC; 89 cri[0].cri_klen = 64; 90 cri[0].cri_mlen = 0; 91 cri[0].cri_key = ks->ks_key; 92 cri[0].cri_next = NULL; 93 94 crypto_newsession(&ds->ds_session, cri, 95 CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); 96} 97 98static void 99des1_random_to_key(struct krb5_key_state *ks, const void *in) 100{ 101 uint8_t *outkey = ks->ks_key; 102 const uint8_t *inkey = in; 103 104 /* 105 * Expand 56 bits of random data to 64 bits as follows 106 * (in the example, bit number 1 is the MSB of the 56 107 * bits of random data): 108 * 109 * expanded = 110 * 1 2 3 4 5 6 7 p 111 * 9 10 11 12 13 14 15 p 112 * 17 18 19 20 21 22 23 p 113 * 25 26 27 28 29 30 31 p 114 * 33 34 35 36 37 38 39 p 115 * 41 42 43 44 45 46 47 p 116 * 49 50 51 52 53 54 55 p 117 * 56 48 40 32 24 16 8 p 118 */ 119 outkey[0] = inkey[0]; 120 outkey[1] = inkey[1]; 121 outkey[2] = inkey[2]; 122 outkey[3] = inkey[3]; 123 outkey[4] = inkey[4]; 124 outkey[5] = inkey[5]; 125 outkey[6] = inkey[6]; 126 outkey[7] = (((inkey[0] & 1) << 1) 127 | ((inkey[1] & 1) << 2) 128 | ((inkey[2] & 1) << 3) 129 | ((inkey[3] & 1) << 4) 130 | ((inkey[4] & 1) << 5) 131 | ((inkey[5] & 1) << 6) 132 | ((inkey[6] & 1) << 7)); 133 des_set_odd_parity((des_cblock *) outkey); 134 if (des_is_weak_key((des_cblock *) outkey)) 135 outkey[7] ^= 0xf0; 136 137 des1_set_key(ks, ks->ks_key); 138} 139 140static int 141des1_crypto_cb(struct cryptop *crp) 142{ 143 int error; 144 struct des1_state *ds = (struct des1_state *) crp->crp_opaque; 145 146 if (CRYPTO_SESID2CAPS(ds->ds_session) & CRYPTOCAP_F_SYNC) 147 return (0); 148 149 error = crp->crp_etype; 150 if (error == EAGAIN) 151 error = crypto_dispatch(crp); 152 mtx_lock(&ds->ds_lock); 153 if (error || (crp->crp_flags & CRYPTO_F_DONE)) 154 wakeup(crp); 155 mtx_unlock(&ds->ds_lock); 156 157 return (0); 158} 159 160static void 161des1_encrypt_1(const struct krb5_key_state *ks, int buftype, void *buf, 162 size_t skip, size_t len, void *ivec, int encdec) 163{ 164 struct des1_state *ds = ks->ks_priv; 165 struct cryptop *crp; 166 struct cryptodesc *crd; 167 int error; 168 169 crp = crypto_getreq(1); 170 crd = crp->crp_desc; 171 172 crd->crd_skip = skip; 173 crd->crd_len = len; 174 crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT | encdec; 175 if (ivec) { 176 bcopy(ivec, crd->crd_iv, 8); 177 } else { 178 bzero(crd->crd_iv, 8); 179 } 180 crd->crd_next = NULL; 181 crd->crd_alg = CRYPTO_DES_CBC; 182 183 crp->crp_sid = ds->ds_session; 184 crp->crp_flags = buftype | CRYPTO_F_CBIFSYNC; 185 crp->crp_buf = buf; 186 crp->crp_opaque = (void *) ds; 187 crp->crp_callback = des1_crypto_cb; 188 189 error = crypto_dispatch(crp); 190 191 if ((CRYPTO_SESID2CAPS(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) { 192 mtx_lock(&ds->ds_lock); 193 if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) 194 error = msleep(crp, &ds->ds_lock, 0, "gssdes", 0); 195 mtx_unlock(&ds->ds_lock); 196 } 197 198 crypto_freereq(crp); 199} 200 201static void 202des1_encrypt(const struct krb5_key_state *ks, struct mbuf *inout, 203 size_t skip, size_t len, void *ivec, size_t ivlen) 204{ 205 206 des1_encrypt_1(ks, CRYPTO_F_IMBUF, inout, skip, len, ivec, 207 CRD_F_ENCRYPT); 208} 209 210static void 211des1_decrypt(const struct krb5_key_state *ks, struct mbuf *inout, 212 size_t skip, size_t len, void *ivec, size_t ivlen) 213{ 214 215 des1_encrypt_1(ks, CRYPTO_F_IMBUF, inout, skip, len, ivec, 0); 216} 217 218static int 219MD5Update_int(void *ctx, void *buf, u_int len) 220{ 221 222 MD5Update(ctx, buf, len); 223 return (0); 224} 225 226static void 227des1_checksum(const struct krb5_key_state *ks, int usage, 228 struct mbuf *inout, size_t skip, size_t inlen, size_t outlen) 229{ 230 char hash[16]; 231 MD5_CTX md5; 232 233 /* 234 * This checksum is specifically for GSS-API. First take the 235 * MD5 checksum of the message, then calculate the CBC mode 236 * checksum of that MD5 checksum using a zero IV. 237 */ 238 MD5Init(&md5); 239 m_apply(inout, skip, inlen, MD5Update_int, &md5); 240 MD5Final(hash, &md5); 241 242 des1_encrypt_1(ks, 0, hash, 0, 16, NULL, CRD_F_ENCRYPT); 243 m_copyback(inout, skip + inlen, outlen, hash + 8); 244} 245 246struct krb5_encryption_class krb5_des_encryption_class = { 247 "des-cbc-md5", /* name */ 248 ETYPE_DES_CBC_CRC, /* etype */ 249 0, /* flags */ 250 8, /* blocklen */ 251 8, /* msgblocklen */ 252 8, /* checksumlen */ 253 56, /* keybits */ 254 8, /* keylen */ 255 des1_init, 256 des1_destroy, 257 des1_set_key, 258 des1_random_to_key, 259 des1_encrypt, 260 des1_decrypt, 261 des1_checksum 262}; 263