Home | History | Annotate | Line # | Download | only in krb5
salt-des3.c revision 1.3 
      1  1.1     elric /*	$NetBSD: salt-des3.c,v 1.3 2019/12/15 22:50:50 christos Exp $	*/
      2  1.1     elric 
      3  1.1     elric /*
      4  1.1     elric  * Copyright (c) 1997 - 2008 Kungliga Tekniska Hgskolan
      5  1.1     elric  * (Royal Institute of Technology, Stockholm, Sweden).
      6  1.1     elric  * All rights reserved.
      7  1.1     elric  *
      8  1.1     elric  * Redistribution and use in source and binary forms, with or without
      9  1.1     elric  * modification, are permitted provided that the following conditions
     10  1.1     elric  * are met:
     11  1.1     elric  *
     12  1.1     elric  * 1. Redistributions of source code must retain the above copyright
     13  1.1     elric  *    notice, this list of conditions and the following disclaimer.
     14  1.1     elric  *
     15  1.1     elric  * 2. Redistributions in binary form must reproduce the above copyright
     16  1.1     elric  *    notice, this list of conditions and the following disclaimer in the
     17  1.1     elric  *    documentation and/or other materials provided with the distribution.
     18  1.1     elric  *
     19  1.1     elric  * 3. Neither the name of the Institute nor the names of its contributors
     20  1.1     elric  *    may be used to endorse or promote products derived from this software
     21  1.1     elric  *    without specific prior written permission.
     22  1.1     elric  *
     23  1.1     elric  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
     24  1.1     elric  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     25  1.1     elric  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     26  1.1     elric  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
     27  1.1     elric  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     28  1.1     elric  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     29  1.1     elric  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     30  1.1     elric  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     31  1.1     elric  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     32  1.1     elric  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     33  1.1     elric  * SUCH DAMAGE.
     34  1.1     elric  */
     35  1.1     elric 
     36  1.1     elric #include "krb5_locl.h"
     37  1.1     elric 
     38  1.1     elric #ifdef DES3_OLD_ENCTYPE
     39  1.1     elric static krb5_error_code
     40  1.1     elric DES3_string_to_key(krb5_context context,
     41  1.1     elric 		   krb5_enctype enctype,
     42  1.1     elric 		   krb5_data password,
     43  1.1     elric 		   krb5_salt salt,
     44  1.1     elric 		   krb5_data opaque,
     45  1.1     elric 		   krb5_keyblock *key)
     46  1.1     elric {
     47  1.1     elric     char *str;
     48  1.1     elric     size_t len;
     49  1.1     elric     unsigned char tmp[24];
     50  1.1     elric     DES_cblock keys[3];
     51  1.1     elric     krb5_error_code ret;
     52  1.1     elric 
     53  1.1     elric     len = password.length + salt.saltvalue.length;
     54  1.1     elric     str = malloc(len);
     55  1.2  christos     if (len != 0 && str == NULL)
     56  1.2  christos 	return krb5_enomem(context);
     57  1.1     elric     memcpy(str, password.data, password.length);
     58  1.1     elric     memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length);
     59  1.1     elric     {
     60  1.1     elric 	DES_cblock ivec;
     61  1.1     elric 	DES_key_schedule s[3];
     62  1.1     elric 	int i;
     63  1.1     elric 
     64  1.1     elric 	ret = _krb5_n_fold(str, len, tmp, 24);
     65  1.1     elric 	if (ret) {
     66  1.3  christos 	    memset_s(str, len, 0, len);
     67  1.1     elric 	    free(str);
     68  1.1     elric 	    krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
     69  1.1     elric 	    return ret;
     70  1.1     elric 	}
     71  1.1     elric 
     72  1.1     elric 	for(i = 0; i < 3; i++){
     73  1.1     elric 	    memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
     74  1.1     elric 	    DES_set_odd_parity(keys + i);
     75  1.1     elric 	    if(DES_is_weak_key(keys + i))
     76  1.2  christos 		_krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
     77  1.1     elric 	    DES_set_key_unchecked(keys + i, &s[i]);
     78  1.1     elric 	}
     79  1.3  christos 	memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec));
     80  1.1     elric 	DES_ede3_cbc_encrypt(tmp,
     81  1.1     elric 			     tmp, sizeof(tmp),
     82  1.1     elric 			     &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT);
     83  1.3  christos 	memset_s(s, sizeof(s), 0, sizeof(s));
     84  1.3  christos 	memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec));
     85  1.1     elric 	for(i = 0; i < 3; i++){
     86  1.1     elric 	    memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
     87  1.1     elric 	    DES_set_odd_parity(keys + i);
     88  1.1     elric 	    if(DES_is_weak_key(keys + i))
     89  1.2  christos 		_krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
     90  1.1     elric 	}
     91  1.3  christos 	memset_s(tmp, sizeof(tmp), 0, sizeof(tmp));
     92  1.1     elric     }
     93  1.1     elric     key->keytype = enctype;
     94  1.1     elric     krb5_data_copy(&key->keyvalue, keys, sizeof(keys));
     95  1.3  christos     memset_s(keys, sizeof(keys), 0, sizeof(keys));
     96  1.3  christos     memset_s(str, len, 0, len);
     97  1.1     elric     free(str);
     98  1.1     elric     return 0;
     99  1.1     elric }
    100  1.1     elric #endif
    101  1.1     elric 
    102  1.1     elric static krb5_error_code
    103  1.1     elric DES3_string_to_key_derived(krb5_context context,
    104  1.1     elric 			   krb5_enctype enctype,
    105  1.1     elric 			   krb5_data password,
    106  1.1     elric 			   krb5_salt salt,
    107  1.1     elric 			   krb5_data opaque,
    108  1.1     elric 			   krb5_keyblock *key)
    109  1.1     elric {
    110  1.1     elric     krb5_error_code ret;
    111  1.1     elric     size_t len = password.length + salt.saltvalue.length;
    112  1.1     elric     char *s;
    113  1.1     elric 
    114  1.1     elric     s = malloc(len);
    115  1.2  christos     if (len != 0 && s == NULL)
    116  1.2  christos 	return krb5_enomem(context);
    117  1.1     elric     memcpy(s, password.data, password.length);
    118  1.1     elric     memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
    119  1.1     elric     ret = krb5_string_to_key_derived(context,
    120  1.1     elric 				     s,
    121  1.1     elric 				     len,
    122  1.1     elric 				     enctype,
    123  1.1     elric 				     key);
    124  1.3  christos     memset_s(s, len, 0, len);
    125  1.1     elric     free(s);
    126  1.1     elric     return ret;
    127  1.1     elric }
    128  1.1     elric 
    129  1.1     elric 
    130  1.1     elric #ifdef DES3_OLD_ENCTYPE
    131  1.1     elric struct salt_type _krb5_des3_salt[] = {
    132  1.1     elric     {
    133  1.1     elric 	KRB5_PW_SALT,
    134  1.1     elric 	"pw-salt",
    135  1.1     elric 	DES3_string_to_key
    136  1.1     elric     },
    137  1.2  christos     { 0, NULL, NULL }
    138  1.1     elric };
    139  1.1     elric #endif
    140  1.1     elric 
    141  1.1     elric struct salt_type _krb5_des3_salt_derived[] = {
    142  1.1     elric     {
    143  1.1     elric 	KRB5_PW_SALT,
    144  1.1     elric 	"pw-salt",
    145  1.1     elric 	DES3_string_to_key_derived
    146  1.1     elric     },
    147  1.2  christos     { 0, NULL, NULL }
    148  1.1     elric };
    149