1/*	$NetBSD: crypto-des-common.c,v 1.6 2023/06/19 21:41:44 christos Exp $	*/
2
3/*
4 * Copyright (c) 1997 - 2008 Kungliga Tekniska H��gskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 *    may be used to endorse or promote products derived from this software
21 *    without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36/* Functions which are used by both single and triple DES enctypes */
37
38#include "krb5_locl.h"
39
40/*
41 * A = A xor B. A & B are 8 bytes.
42 */
43
44KRB5_LIB_FUNCTION void KRB5_LIB_CALL
45_krb5_xor8(unsigned char *a, const unsigned char *b)
46{
47    a[0] ^= b[0];
48    a[1] ^= b[1];
49    a[2] ^= b[2];
50    a[3] ^= b[3];
51    a[4] ^= b[4];
52    a[5] ^= b[5];
53    a[6] ^= b[6];
54    a[7] ^= b[7];
55}
56
57#if defined(DES3_OLD_ENCTYPE) || defined(HEIM_WEAK_CRYPTO)
58KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
59_krb5_des_checksum(krb5_context context,
60		   const EVP_MD *evp_md,
61		   struct _krb5_key_data *key,
62		   const void *data,
63		   size_t len,
64		   Checksum *cksum)
65{
66    struct _krb5_evp_schedule *ctx = key->schedule->data;
67    EVP_MD_CTX *m;
68    DES_cblock ivec;
69    unsigned char *p = cksum->checksum.data;
70
71    krb5_generate_random_block(p, 8);
72
73    m = EVP_MD_CTX_create();
74    if (m == NULL)
75	return krb5_enomem(context);
76
77    EVP_DigestInit_ex(m, evp_md, NULL);
78    EVP_DigestUpdate(m, p, 8);
79    EVP_DigestUpdate(m, data, len);
80    EVP_DigestFinal_ex (m, p + 8, NULL);
81    EVP_MD_CTX_destroy(m);
82    memset_s (&ivec, sizeof(ivec), 0, sizeof(ivec));
83
84#if OPENSSL_VERSION_NUMBER < 0x10100000UL
85    ctx->ectx = malloc(sizeof(*ctx->ectx));
86    EVP_CIPHER_CTX_init(ctx->ectx);
87#else
88    ctx->ectx = EVP_CIPHER_CTX_new();
89#endif
90
91    if (!EVP_CipherInit_ex(ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1))
92	krb5_abortx(context, "can't initialize cipher");
93    EVP_Cipher(ctx->ectx, p, p, 24);
94
95    return 0;
96}
97
98KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
99_krb5_des_verify(krb5_context context,
100		 const EVP_MD *evp_md,
101		 struct _krb5_key_data *key,
102		 const void *data,
103		 size_t len,
104		 Checksum *C)
105{
106    struct _krb5_evp_schedule *ctx = key->schedule->data;
107    EVP_MD_CTX *m;
108    unsigned char tmp[24];
109    unsigned char res[16];
110    DES_cblock ivec;
111    krb5_error_code ret = 0;
112
113    m = EVP_MD_CTX_create();
114    if (m == NULL)
115	return krb5_enomem(context);
116
117    memset_s (&ivec, sizeof(ivec), 0, sizeof(ivec));
118#if OPENSSL_VERSION_NUMBER < 0x10100000UL
119    ctx->dctx = malloc(sizeof(*ctx->dctx));
120    EVP_CIPHER_CTX_init(ctx->dctx);
121#else
122    ctx->dctx = EVP_CIPHER_CTX_new();
123#endif
124    if (!EVP_CipherInit_ex(ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1))
125	krb5_abortx(context, "can't initialize cipher");
126    EVP_Cipher(ctx->dctx, tmp, C->checksum.data, 24);
127
128    EVP_DigestInit_ex(m, evp_md, NULL);
129    EVP_DigestUpdate(m, tmp, 8); /* confounder */
130    EVP_DigestUpdate(m, data, len);
131    EVP_DigestFinal_ex (m, res, NULL);
132    EVP_MD_CTX_destroy(m);
133    if(ct_memcmp(res, tmp + 8, sizeof(res)) != 0) {
134	krb5_clear_error_message (context);
135	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
136    }
137    memset_s (tmp, sizeof(tmp), 0, sizeof(tmp));
138    memset_s (res, sizeof(res), 0, sizeof(res));
139    return ret;
140}
141
142#endif
143
144static krb5_error_code
145RSA_MD5_checksum(krb5_context context,
146		 struct _krb5_key_data *key,
147		 const void *data,
148		 size_t len,
149		 unsigned usage,
150		 Checksum *C)
151{
152    if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1)
153	krb5_abortx(context, "md5 checksum failed");
154    return 0;
155}
156
157struct _krb5_checksum_type _krb5_checksum_rsa_md5 = {
158    CKSUMTYPE_RSA_MD5,
159    "rsa-md5",
160    64,
161    16,
162    F_CPROOF,
163    RSA_MD5_checksum,
164    NULL
165};
166