1/* $NetBSD: crypto-des-common.c,v 1.6 2023/06/19 21:41:44 christos Exp $ */ 2 3/* 4 * Copyright (c) 1997 - 2008 Kungliga Tekniska H��gskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36/* Functions which are used by both single and triple DES enctypes */ 37 38#include "krb5_locl.h" 39 40/* 41 * A = A xor B. A & B are 8 bytes. 42 */ 43 44KRB5_LIB_FUNCTION void KRB5_LIB_CALL 45_krb5_xor8(unsigned char *a, const unsigned char *b) 46{ 47 a[0] ^= b[0]; 48 a[1] ^= b[1]; 49 a[2] ^= b[2]; 50 a[3] ^= b[3]; 51 a[4] ^= b[4]; 52 a[5] ^= b[5]; 53 a[6] ^= b[6]; 54 a[7] ^= b[7]; 55} 56 57#if defined(DES3_OLD_ENCTYPE) || defined(HEIM_WEAK_CRYPTO) 58KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 59_krb5_des_checksum(krb5_context context, 60 const EVP_MD *evp_md, 61 struct _krb5_key_data *key, 62 const void *data, 63 size_t len, 64 Checksum *cksum) 65{ 66 struct _krb5_evp_schedule *ctx = key->schedule->data; 67 EVP_MD_CTX *m; 68 DES_cblock ivec; 69 unsigned char *p = cksum->checksum.data; 70 71 krb5_generate_random_block(p, 8); 72 73 m = EVP_MD_CTX_create(); 74 if (m == NULL) 75 return krb5_enomem(context); 76 77 EVP_DigestInit_ex(m, evp_md, NULL); 78 EVP_DigestUpdate(m, p, 8); 79 EVP_DigestUpdate(m, data, len); 80 EVP_DigestFinal_ex (m, p + 8, NULL); 81 EVP_MD_CTX_destroy(m); 82 memset_s (&ivec, sizeof(ivec), 0, sizeof(ivec)); 83 84#if OPENSSL_VERSION_NUMBER < 0x10100000UL 85 ctx->ectx = malloc(sizeof(*ctx->ectx)); 86 EVP_CIPHER_CTX_init(ctx->ectx); 87#else 88 ctx->ectx = EVP_CIPHER_CTX_new(); 89#endif 90 91 if (!EVP_CipherInit_ex(ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1)) 92 krb5_abortx(context, "can't initialize cipher"); 93 EVP_Cipher(ctx->ectx, p, p, 24); 94 95 return 0; 96} 97 98KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 99_krb5_des_verify(krb5_context context, 100 const EVP_MD *evp_md, 101 struct _krb5_key_data *key, 102 const void *data, 103 size_t len, 104 Checksum *C) 105{ 106 struct _krb5_evp_schedule *ctx = key->schedule->data; 107 EVP_MD_CTX *m; 108 unsigned char tmp[24]; 109 unsigned char res[16]; 110 DES_cblock ivec; 111 krb5_error_code ret = 0; 112 113 m = EVP_MD_CTX_create(); 114 if (m == NULL) 115 return krb5_enomem(context); 116 117 memset_s (&ivec, sizeof(ivec), 0, sizeof(ivec)); 118#if OPENSSL_VERSION_NUMBER < 0x10100000UL 119 ctx->dctx = malloc(sizeof(*ctx->dctx)); 120 EVP_CIPHER_CTX_init(ctx->dctx); 121#else 122 ctx->dctx = EVP_CIPHER_CTX_new(); 123#endif 124 if (!EVP_CipherInit_ex(ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1)) 125 krb5_abortx(context, "can't initialize cipher"); 126 EVP_Cipher(ctx->dctx, tmp, C->checksum.data, 24); 127 128 EVP_DigestInit_ex(m, evp_md, NULL); 129 EVP_DigestUpdate(m, tmp, 8); /* confounder */ 130 EVP_DigestUpdate(m, data, len); 131 EVP_DigestFinal_ex (m, res, NULL); 132 EVP_MD_CTX_destroy(m); 133 if(ct_memcmp(res, tmp + 8, sizeof(res)) != 0) { 134 krb5_clear_error_message (context); 135 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 136 } 137 memset_s (tmp, sizeof(tmp), 0, sizeof(tmp)); 138 memset_s (res, sizeof(res), 0, sizeof(res)); 139 return ret; 140} 141 142#endif 143 144static krb5_error_code 145RSA_MD5_checksum(krb5_context context, 146 struct _krb5_key_data *key, 147 const void *data, 148 size_t len, 149 unsigned usage, 150 Checksum *C) 151{ 152 if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1) 153 krb5_abortx(context, "md5 checksum failed"); 154 return 0; 155} 156 157struct _krb5_checksum_type _krb5_checksum_rsa_md5 = { 158 CKSUMTYPE_RSA_MD5, 159 "rsa-md5", 160 64, 161 16, 162 F_CPROOF, 163 RSA_MD5_checksum, 164 NULL 165}; 166