1/*- 2 * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ 3 * Authors: Doug Rabson <dfr@rabson.org> 4 * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28#include <sys/cdefs.h> 29__FBSDID("$FreeBSD$"); 30 31#include <sys/param.h> 32#include <sys/lock.h> 33#include <sys/malloc.h> 34#include <sys/md5.h> 35#include <sys/kobj.h> 36#include <sys/mbuf.h> 37#include <crypto/rc4/rc4.h> 38 39#include <kgssapi/gssapi.h> 40#include <kgssapi/gssapi_impl.h> 41 42#include "kcrypto.h" 43 44static void 45arcfour_init(struct krb5_key_state *ks) 46{ 47 48 ks->ks_priv = NULL; 49} 50 51static void 52arcfour_destroy(struct krb5_key_state *ks) 53{ 54 55} 56 57static void 58arcfour_set_key(struct krb5_key_state *ks, const void *in) 59{ 60 void *kp = ks->ks_key; 61 62 if (kp != in) 63 bcopy(in, kp, 16); 64} 65 66static void 67arcfour_random_to_key(struct krb5_key_state *ks, const void *in) 68{ 69 70 arcfour_set_key(ks, in); 71} 72 73static void 74arcfour_hmac(uint8_t *key, uint8_t *data, size_t datalen, 75 uint8_t *result) 76{ 77 uint8_t buf[64]; 78 MD5_CTX md5; 79 int i; 80 81 for (i = 0; i < 16; i++) 82 buf[i] = key[i] ^ 0x36; 83 for (; i < 64; i++) 84 buf[i] = 0x36; 85 86 MD5Init(&md5); 87 MD5Update(&md5, buf, 64); 88 MD5Update(&md5, data, datalen); 89 MD5Final(result, &md5); 90 91 for (i = 0; i < 16; i++) 92 buf[i] = key[i] ^ 0x5c; 93 for (; i < 64; i++) 94 buf[i] = 0x5c; 95 96 MD5Init(&md5); 97 MD5Update(&md5, buf, 64); 98 MD5Update(&md5, result, 16); 99 MD5Final(result, &md5); 100} 101 102static void 103arcfour_derive_key(const struct krb5_key_state *ks, uint32_t usage, 104 uint8_t *newkey) 105{ 106 uint8_t t[4]; 107 108 t[0] = (usage >> 24); 109 t[1] = (usage >> 16); 110 t[2] = (usage >> 8); 111 t[3] = (usage >> 0); 112 if (ks->ks_class->ec_type == ETYPE_ARCFOUR_HMAC_MD5_56) { 113 uint8_t L40[14] = "fortybits"; 114 bcopy(t, L40 + 10, 4); 115 arcfour_hmac(ks->ks_key, L40, 14, newkey); 116 memset(newkey + 7, 0xab, 9); 117 } else { 118 arcfour_hmac(ks->ks_key, t, 4, newkey); 119 } 120} 121 122static int 123rc4_crypt_int(void *rs, void *buf, u_int len) 124{ 125 126 rc4_crypt(rs, buf, buf, len); 127 return (0); 128} 129 130static void 131arcfour_encrypt(const struct krb5_key_state *ks, struct mbuf *inout, 132 size_t skip, size_t len, void *ivec, size_t ivlen) 133{ 134 struct rc4_state rs; 135 uint8_t newkey[16]; 136 137 arcfour_derive_key(ks, 0, newkey); 138 139 /* 140 * If we have an IV, then generate a new key from it using HMAC. 141 */ 142 if (ivec) { 143 uint8_t kk[16]; 144 arcfour_hmac(newkey, ivec, ivlen, kk); 145 rc4_init(&rs, kk, 16); 146 } else { 147 rc4_init(&rs, newkey, 16); 148 } 149 150 m_apply(inout, skip, len, rc4_crypt_int, &rs); 151} 152 153static int 154MD5Update_int(void *ctx, void *buf, u_int len) 155{ 156 157 MD5Update(ctx, buf, len); 158 return (0); 159} 160 161static void 162arcfour_checksum(const struct krb5_key_state *ks, int usage, 163 struct mbuf *inout, size_t skip, size_t inlen, size_t outlen) 164{ 165 MD5_CTX md5; 166 uint8_t Ksign[16]; 167 uint8_t t[4]; 168 uint8_t sgn_cksum[16]; 169 170 arcfour_hmac(ks->ks_key, "signaturekey", 13, Ksign); 171 172 t[0] = usage >> 0; 173 t[1] = usage >> 8; 174 t[2] = usage >> 16; 175 t[3] = usage >> 24; 176 177 MD5Init(&md5); 178 MD5Update(&md5, t, 4); 179 m_apply(inout, skip, inlen, MD5Update_int, &md5); 180 MD5Final(sgn_cksum, &md5); 181 182 arcfour_hmac(Ksign, sgn_cksum, 16, sgn_cksum); 183 m_copyback(inout, skip + inlen, outlen, sgn_cksum); 184} 185 186struct krb5_encryption_class krb5_arcfour_encryption_class = { 187 "arcfour-hmac-md5", /* name */ 188 ETYPE_ARCFOUR_HMAC_MD5, /* etype */ 189 0, /* flags */ 190 1, /* blocklen */ 191 1, /* msgblocklen */ 192 8, /* checksumlen */ 193 128, /* keybits */ 194 16, /* keylen */ 195 arcfour_init, 196 arcfour_destroy, 197 arcfour_set_key, 198 arcfour_random_to_key, 199 arcfour_encrypt, 200 arcfour_encrypt, 201 arcfour_checksum 202}; 203 204struct krb5_encryption_class krb5_arcfour_56_encryption_class = { 205 "arcfour-hmac-md5-56", /* name */ 206 ETYPE_ARCFOUR_HMAC_MD5_56, /* etype */ 207 0, /* flags */ 208 1, /* blocklen */ 209 1, /* msgblocklen */ 210 8, /* checksumlen */ 211 128, /* keybits */ 212 16, /* keylen */ 213 arcfour_init, 214 arcfour_destroy, 215 arcfour_set_key, 216 arcfour_random_to_key, 217 arcfour_encrypt, 218 arcfour_encrypt, 219 arcfour_checksum 220}; 221