lib/crypto-3des.c

   1 /* crypto-3des.c        3DES crypto functions
   2  * Copyright (C) 2002, 2003  Simon Josefsson
   3  *
   4  * This file is part of Shishi.
   5  *
   6  * Shishi is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * Shishi is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with Shishi; if not, write to the Free Software
  18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  19  *
  20  * Note: This file is #include'd by crypto.c.
  21  *
  22  */
  23
  24 static int
  25 des3_encrypt (Shishi * handle,
  26               Shishi_key *key,
  27               int keyusage,
  28               const char *iv,
  29               size_t ivlen,
  30               const char *in,
  31               size_t inlen,
  32               char *out,
  33               size_t *outlen)
  34 {
  35   return simplified_encrypt (handle, key, keyusage, iv, ivlen,
  36                              in, inlen, out, outlen);
  37 }
  38
  39 static int
  40 des3_decrypt (Shishi * handle,
  41               Shishi_key *key,
  42               int keyusage,
  43               const char *iv,
  44               size_t ivlen,
  45               const char *in,
  46               size_t inlen,
  47               char *out,
  48               size_t *outlen)
  49 {
  50   return simplified_decrypt (handle, key, keyusage, iv, ivlen,
  51                              in, inlen, out, outlen);
  52 }
  53
  54 static int
  55 des3none_dencrypt (Shishi * handle,
  56                    Shishi_key *key,
  57                    int keyusage,
  58                    const char *iv,
  59                    size_t ivlen,
  60                    const char *in,
  61                    size_t inlen,
  62                    char *out,
  63                    size_t *outlen,
  64                    int direction)
  65 {
  66   int res;
  67
  68   if (keyusage != 0)
  69     {
  70       size_t len;
  71       Shishi_key *derivedkey;
  72
  73       res = shishi_key_from_value (handle, shishi_key_type (key),
  74                                    NULL, &derivedkey);
  75       if (res != SHISHI_OK)
  76         return res;
  77
  78       res = simplified_derivekey (handle, key, keyusage,
  79                                   SHISHI_DERIVEKEYMODE_PRIVACY, derivedkey);
  80       if (res != SHISHI_OK)
  81         return res;
  82
  83       res = simplified_dencrypt (handle, derivedkey, iv, ivlen,
  84                                  in, inlen, out, outlen, direction);
  85       if (res != SHISHI_OK)
  86         return res;
  87
  88       shishi_key_done (&derivedkey);
  89     }
  90   else
  91     {
  92       res = simplified_dencrypt (handle, key, iv, ivlen,
  93                                  in, inlen, out, outlen, direction);
  94     }
  95
  96   return res;
  97 }
  98
  99 static int
 100 des3none_encrypt (Shishi * handle,
 101                   Shishi_key *key,
 102                   int keyusage,
 103                   const char *iv,
 104                   size_t ivlen,
 105                   const char *in,
 106                   size_t inlen,
 107                   char *out,
 108                   size_t *outlen)
 109 {
 110   return des3none_dencrypt (handle, key, keyusage,
 111                             iv, ivlen, in, inlen, out, outlen, 0);
 112 }
 113
 114 static int
 115 des3none_decrypt (Shishi * handle,
 116                   Shishi_key *key,
 117                   int keyusage,
 118                   const char *iv,
 119                   size_t ivlen,
 120                   const char *in,
 121                   size_t inlen,
 122                   char *out,
 123                   size_t *outlen)
 124 {
 125   return des3none_dencrypt (handle, key, keyusage,
 126                             iv, ivlen, in, inlen, out, outlen, 1);
 127 }
 128
 129 /* The 168 bits of random key data are converted to a protocol key
 130  * value as follows.  First, the 168 bits are divided into three
 131  * groups of 56 bits, which are expanded individually into 64 bits as
 132  * follows:
 133  *
 134  *          1  2  3  4  5  6  7  p
 135  *          9 10 11 12 13 14 15  p
 136  *         17 18 19 20 21 22 23  p
 137  *         25 26 27 28 29 30 31  p
 138  *         33 34 35 36 37 38 39  p
 139  *         41 42 43 44 45 46 47  p
 140  *         49 50 51 52 53 54 55  p
 141  *         56 48 40 32 24 16  8  p
 142  *
 143  * The "p" bits are parity bits computed over the data bits.  The
 144  * output of the three expansions are concatenated to form the
 145  * protocol key value.
 146  *
 147  */
 148 static int
 149 des3_random_to_key (Shishi * handle,
 150                     const char *random,
 151                     size_t randomlen,
 152                     Shishi_key *outkey)
 153 {
 154   unsigned char tmpkey[3*8];
 155   int i;
 156
 157   if (randomlen < 168 / 8)
 158     return !SHISHI_OK;
 159
 160   if (VERBOSECRYPTO(handle))
 161     {
 162       printf ("des3_random_to_key (random)\n");
 163       printf ("\t ;; random (length %d):\n", 168 / 8);
 164       hexprint (random, 168 / 8);
 165       puts ("");
 166       binprint (random, 168 / 8);
 167       puts ("");
 168     }
 169
 170   memcpy (tmpkey, random, 7);
 171   memcpy (tmpkey + 8, random + 7, 7);
 172   memcpy (tmpkey + 16, random + 14, 7);
 173   for (i = 0; i < 3; i++)
 174     {
 175       tmpkey[i * 8 + 7] =
 176         ((tmpkey[i * 8 + 0] & 0x01) << 1) |
 177         ((tmpkey[i * 8 + 1] & 0x01) << 2) |
 178         ((tmpkey[i * 8 + 2] & 0x01) << 3) |
 179         ((tmpkey[i * 8 + 3] & 0x01) << 4) |
 180         ((tmpkey[i * 8 + 4] & 0x01) << 5) |
 181         ((tmpkey[i * 8 + 5] & 0x01) << 6) |
 182         ((tmpkey[i * 8 + 6] & 0x01) << 7);
 183       des_set_odd_key_parity (tmpkey + i * 8);
 184     }
 185
 186   shishi_key_value_set(outkey, tmpkey);
 187
 188   if (VERBOSECRYPTO(handle))
 189     {
 190       printf ("key = des3_random_to_key (random)\n");
 191       printf ("\t ;; key:\n");
 192       hexprint (tmpkey, 3 * 8);
 193       puts ("");
 194       binprint (tmpkey, 3 * 8);
 195       puts ("");
 196     }
 197
 198   return SHISHI_OK;
 199 }
 200
 201 static int
 202 des3_string_to_key (Shishi * handle,
 203                     const char *string,
 204                     size_t stringlen,
 205                     const char *salt,
 206                     size_t saltlen,
 207                     const char *parameter,
 208                     Shishi_key *outkey)
 209 {
 210   char *s;
 211   int n_s;
 212   Shishi_key *key;
 213   char nfold[168 / 8];
 214   int nfoldlen = 168 / 8;
 215   int res;
 216
 217   if (VERBOSECRYPTO(handle))
 218     {
 219       printf ("des3_string_to_key (string, salt)\n");
 220       printf ("\t ;; String:\n");
 221       escapeprint (string, stringlen);
 222       hexprint (string, stringlen);
 223       puts ("");
 224       printf ("\t ;; Salt:\n");
 225       escapeprint (salt, saltlen);
 226       hexprint (salt, saltlen);
 227       puts ("");
 228     }
 229
 230   /* s = passwordString + salt */
 231   n_s = stringlen + saltlen;
 232   s = (char *) malloc (n_s);
 233   memcpy (s, string, stringlen);
 234   memcpy (s + stringlen, salt, saltlen);
 235
 236   /* tmpKey = random-to-key(168-fold(s)) */
 237   res = shishi_n_fold (handle, s, n_s, nfold, nfoldlen);
 238   if (res != SHISHI_OK)
 239     return res;
 240
 241   free(s);
 242
 243   res = shishi_key_from_value(handle, shishi_key_type(outkey), NULL, &key);
 244   if (res != SHISHI_OK)
 245     return res;
 246
 247   res = des3_random_to_key (handle, nfold, nfoldlen, key);
 248   if (res != SHISHI_OK)
 249     return res;
 250
 251   /* key = DK (tmpKey, KerberosConstant) */
 252   res = shishi_dk (handle, key, "kerberos", strlen ("kerberos"), outkey);
 253   if (res != SHISHI_OK)
 254     return res;
 255
 256   shishi_key_done(&key);
 257
 258   if (VERBOSECRYPTO(handle))
 259     {
 260       printf ("des3_string_to_key (string, salt)\n");
 261       printf ("\t ;; Key:\n");
 262       hexprint (shishi_key_value(outkey), shishi_key_length(outkey));
 263       binprint (shishi_key_value(outkey), shishi_key_length(outkey));
 264       puts ("");
 265     }
 266
 267   return SHISHI_OK;
 268 }