1 1.1 elric /* $NetBSD: salt-des3.c,v 1.4 2023/06/19 21:41:44 christos Exp $ */ 2 1.1 elric 3 1.1 elric /* 4 1.1 elric * Copyright (c) 1997 - 2008 Kungliga Tekniska Hgskolan 5 1.1 elric * (Royal Institute of Technology, Stockholm, Sweden). 6 1.1 elric * All rights reserved. 7 1.1 elric * 8 1.1 elric * Redistribution and use in source and binary forms, with or without 9 1.1 elric * modification, are permitted provided that the following conditions 10 1.1 elric * are met: 11 1.1 elric * 12 1.1 elric * 1. Redistributions of source code must retain the above copyright 13 1.1 elric * notice, this list of conditions and the following disclaimer. 14 1.1 elric * 15 1.1 elric * 2. Redistributions in binary form must reproduce the above copyright 16 1.1 elric * notice, this list of conditions and the following disclaimer in the 17 1.1 elric * documentation and/or other materials provided with the distribution. 18 1.1 elric * 19 1.1 elric * 3. Neither the name of the Institute nor the names of its contributors 20 1.1 elric * may be used to endorse or promote products derived from this software 21 1.1 elric * without specific prior written permission. 22 1.1 elric * 23 1.1 elric * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 1.1 elric * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 1.1 elric * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 1.1 elric * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 1.1 elric * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 1.1 elric * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 1.1 elric * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 1.1 elric * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 1.1 elric * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 1.1 elric * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 1.1 elric * SUCH DAMAGE. 34 1.1 elric */ 35 1.1 elric 36 1.1 elric #include "krb5_locl.h" 37 1.1 elric 38 1.1 elric #ifdef DES3_OLD_ENCTYPE 39 1.1 elric static krb5_error_code 40 1.1 elric DES3_string_to_key(krb5_context context, 41 1.1 elric krb5_enctype enctype, 42 1.1 elric krb5_data password, 43 1.1 elric krb5_salt salt, 44 1.1 elric krb5_data opaque, 45 1.1 elric krb5_keyblock *key) 46 1.1 elric { 47 1.1 elric char *str; 48 1.1 elric size_t len; 49 1.1 elric unsigned char tmp[24]; 50 1.1 elric DES_cblock keys[3]; 51 1.1 elric krb5_error_code ret; 52 1.1 elric 53 1.1 elric len = password.length + salt.saltvalue.length; 54 1.1 elric str = malloc(len); 55 1.2 christos if (len != 0 && str == NULL) 56 1.2 christos return krb5_enomem(context); 57 1.1 elric memcpy(str, password.data, password.length); 58 1.1 elric memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length); 59 1.1 elric { 60 1.1 elric DES_cblock ivec; 61 1.1 elric DES_key_schedule s[3]; 62 1.1 elric int i; 63 1.1 elric 64 1.1 elric ret = _krb5_n_fold(str, len, tmp, 24); 65 1.1 elric if (ret) { 66 1.3 christos memset_s(str, len, 0, len); 67 1.1 elric free(str); 68 1.1 elric krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 69 1.1 elric return ret; 70 1.1 elric } 71 1.1 elric 72 1.1 elric for(i = 0; i < 3; i++){ 73 1.1 elric memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); 74 1.1 elric DES_set_odd_parity(keys + i); 75 1.1 elric if(DES_is_weak_key(keys + i)) 76 1.2 christos _krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); 77 1.1 elric DES_set_key_unchecked(keys + i, &s[i]); 78 1.1 elric } 79 1.3 christos memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec)); 80 1.1 elric DES_ede3_cbc_encrypt(tmp, 81 1.1 elric tmp, sizeof(tmp), 82 1.1 elric &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT); 83 1.3 christos memset_s(s, sizeof(s), 0, sizeof(s)); 84 1.3 christos memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec)); 85 1.1 elric for(i = 0; i < 3; i++){ 86 1.1 elric memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); 87 1.1 elric DES_set_odd_parity(keys + i); 88 1.1 elric if(DES_is_weak_key(keys + i)) 89 1.2 christos _krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); 90 1.1 elric } 91 1.3 christos memset_s(tmp, sizeof(tmp), 0, sizeof(tmp)); 92 1.1 elric } 93 1.1 elric key->keytype = enctype; 94 1.1 elric krb5_data_copy(&key->keyvalue, keys, sizeof(keys)); 95 1.3 christos memset_s(keys, sizeof(keys), 0, sizeof(keys)); 96 1.3 christos memset_s(str, len, 0, len); 97 1.1 elric free(str); 98 1.1 elric return 0; 99 1.1 elric } 100 1.1 elric #endif 101 1.1 elric 102 1.1 elric static krb5_error_code 103 1.1 elric DES3_string_to_key_derived(krb5_context context, 104 1.1 elric krb5_enctype enctype, 105 1.1 elric krb5_data password, 106 1.1 elric krb5_salt salt, 107 1.1 elric krb5_data opaque, 108 1.1 elric krb5_keyblock *key) 109 1.1 elric { 110 1.1 elric krb5_error_code ret; 111 1.1 elric size_t len = password.length + salt.saltvalue.length; 112 1.1 elric char *s; 113 1.1 elric 114 1.1 elric s = malloc(len); 115 1.2 christos if (len != 0 && s == NULL) 116 1.2 christos return krb5_enomem(context); 117 1.1 elric memcpy(s, password.data, password.length); 118 1.4 christos if (salt.saltvalue.length) 119 1.4 christos memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); 120 1.1 elric ret = krb5_string_to_key_derived(context, 121 1.1 elric s, 122 1.1 elric len, 123 1.1 elric enctype, 124 1.1 elric key); 125 1.3 christos memset_s(s, len, 0, len); 126 1.1 elric free(s); 127 1.1 elric return ret; 128 1.1 elric } 129 1.1 elric 130 1.1 elric 131 1.1 elric #ifdef DES3_OLD_ENCTYPE 132 1.1 elric struct salt_type _krb5_des3_salt[] = { 133 1.1 elric { 134 1.1 elric KRB5_PW_SALT, 135 1.1 elric "pw-salt", 136 1.1 elric DES3_string_to_key 137 1.1 elric }, 138 1.2 christos { 0, NULL, NULL } 139 1.1 elric }; 140 1.1 elric #endif 141 1.1 elric 142 1.1 elric struct salt_type _krb5_des3_salt_derived[] = { 143 1.1 elric { 144 1.1 elric KRB5_PW_SALT, 145 1.1 elric "pw-salt", 146 1.1 elric DES3_string_to_key_derived 147 1.1 elric }, 148 1.2 christos { 0, NULL, NULL } 149 1.1 elric }; 150
Indexes created Sun Mar 01 05:31:48 UTC 2026