1/* $NetBSD: salt-des.c,v 1.4 2023/06/19 21:41:44 christos Exp $ */ 2 3/* 4 * Copyright (c) 1997 - 2008 Kungliga Tekniska H��gskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include "krb5_locl.h" 37 38#ifdef HEIM_WEAK_CRYPTO 39 40#ifdef ENABLE_AFS_STRING_TO_KEY 41 42/* This defines the Andrew string_to_key function. It accepts a password 43 * string as input and converts it via a one-way encryption algorithm to a DES 44 * encryption key. It is compatible with the original Andrew authentication 45 * service password database. 46 */ 47 48/* 49 * Short passwords, i.e 8 characters or less. 50 */ 51static void 52krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, 53 krb5_data cell, 54 DES_cblock *key) 55{ 56 char password[8+1]; /* crypt is limited to 8 chars anyway */ 57 size_t i; 58 59 for(i = 0; i < 8; i++) { 60 char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^ 61 ((i < cell.length) ? 62 tolower(((unsigned char*)cell.data)[i]) : 0); 63 password[i] = c ? c : 'X'; 64 } 65 password[8] = '\0'; 66 67 memcpy(key, crypt(password, "p1") + 2, sizeof(DES_cblock)); 68 69 /* parity is inserted into the LSB so left shift each byte up one 70 bit. This allows ascii characters with a zero MSB to retain as 71 much significance as possible. */ 72 for (i = 0; i < sizeof(DES_cblock); i++) 73 ((unsigned char*)key)[i] <<= 1; 74 DES_set_odd_parity (key); 75} 76 77/* 78 * Long passwords, i.e 9 characters or more. 79 */ 80static void 81krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw, 82 krb5_data cell, 83 DES_cblock *key) 84{ 85 DES_key_schedule schedule; 86 DES_cblock temp_key; 87 DES_cblock ivec; 88 char password[512]; 89 size_t passlen; 90 91 memcpy(password, pw.data, min(pw.length, sizeof(password))); 92 if(pw.length < sizeof(password)) { 93 int len = min(cell.length, sizeof(password) - pw.length); 94 size_t i; 95 96 memcpy(password + pw.length, cell.data, len); 97 for (i = pw.length; i < pw.length + len; ++i) 98 password[i] = tolower((unsigned char)password[i]); 99 } 100 passlen = min(sizeof(password), pw.length + cell.length); 101 memcpy(&ivec, "kerberos", 8); 102 memcpy(&temp_key, "kerberos", 8); 103 DES_set_odd_parity (&temp_key); 104 DES_set_key_unchecked (&temp_key, &schedule); 105 DES_cbc_cksum ((void*)password, &ivec, passlen, &schedule, &ivec); 106 107 memcpy(&temp_key, &ivec, 8); 108 DES_set_odd_parity (&temp_key); 109 DES_set_key_unchecked (&temp_key, &schedule); 110 DES_cbc_cksum ((void*)password, key, passlen, &schedule, &ivec); 111 memset(&schedule, 0, sizeof(schedule)); 112 memset(&temp_key, 0, sizeof(temp_key)); 113 memset(&ivec, 0, sizeof(ivec)); 114 memset_s(password, sizeof(password), 0, sizeof(password)); 115 116 DES_set_odd_parity (key); 117} 118 119static krb5_error_code 120DES_AFS3_string_to_key(krb5_context context, 121 krb5_enctype enctype, 122 krb5_data password, 123 krb5_salt salt, 124 krb5_data opaque, 125 krb5_keyblock *key) 126{ 127 DES_cblock tmp; 128 if(password.length > 8) 129 krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp); 130 else 131 krb5_DES_AFS3_CMU_string_to_key(password, salt.saltvalue, &tmp); 132 key->keytype = enctype; 133 krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); 134 memset(&key, 0, sizeof(key)); 135 return 0; 136} 137#endif /* ENABLE_AFS_STRING_TO_KEY */ 138 139static void 140DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) 141{ 142 DES_key_schedule schedule; 143 size_t i; 144 int reverse = 0; 145 unsigned char *p; 146 147 unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, 148 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; 149 memset(key, 0, 8); 150 151 p = (unsigned char*)key; 152 for (i = 0; i < length; i++) { 153 unsigned char tmp = data[i]; 154 if (!reverse) 155 *p++ ^= (tmp << 1); 156 else 157 *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; 158 if((i % 8) == 7) 159 reverse = !reverse; 160 } 161 DES_set_odd_parity(key); 162 if(DES_is_weak_key(key)) 163 (*key)[7] ^= 0xF0; 164 DES_set_key_unchecked(key, &schedule); 165 DES_cbc_cksum((void*)data, key, length, &schedule, key); 166 memset(&schedule, 0, sizeof(schedule)); 167 DES_set_odd_parity(key); 168 if(DES_is_weak_key(key)) 169 (*key)[7] ^= 0xF0; 170} 171 172static krb5_error_code 173krb5_DES_string_to_key(krb5_context context, 174 krb5_enctype enctype, 175 krb5_data password, 176 krb5_salt salt, 177 krb5_data opaque, 178 krb5_keyblock *key) 179{ 180 unsigned char *s; 181 size_t len; 182 DES_cblock tmp; 183 184#ifdef ENABLE_AFS_STRING_TO_KEY 185 if (opaque.length == 1) { 186 unsigned long v; 187 _krb5_get_int(opaque.data, &v, 1); 188 if (v == 1) 189 return DES_AFS3_string_to_key(context, enctype, password, 190 salt, opaque, key); 191 } 192#endif 193 194 len = password.length + salt.saltvalue.length; 195 s = malloc(len); 196 if (len > 0 && s == NULL) 197 return krb5_enomem(context); 198 memcpy(s, password.data, password.length); 199 if (salt.saltvalue.length) 200 memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); 201 DES_string_to_key_int(s, len, &tmp); 202 key->keytype = enctype; 203 krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); 204 memset(&tmp, 0, sizeof(tmp)); 205 memset(s, 0, len); 206 free(s); 207 return 0; 208} 209 210struct salt_type _krb5_des_salt[] = { 211 { 212 KRB5_PW_SALT, 213 "pw-salt", 214 krb5_DES_string_to_key 215 }, 216#ifdef ENABLE_AFS_STRING_TO_KEY 217 { 218 KRB5_AFS3_SALT, 219 "afs3-salt", 220 DES_AFS3_string_to_key 221 }, 222#endif 223 { 0, NULL, NULL } 224}; 225#endif 226