search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
heimdal: import heimdal's trunk svn rev 23697 + lorikeet-heimdal patches
[Samba/vfs_proxy.git] / source4 / heimdal / lib / krb5 / crypto.c
blob66756477360ae003c261a43e4c03492bfa30d085
1 /*
2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35 RCSID("$Id$");
36 #include <pkinit_asn1.h>
37
38 #undef __attribute__
39 #define __attribute__(X)
40
41 #ifndef HEIMDAL_SMALLER
42 #define WEAK_ENCTYPES 1
43 #define DES3_OLD_ENCTYPE 1
44 #endif
45
46
47 #ifdef HAVE_OPENSSL /* XXX forward decl for hcrypto glue */
48 const EVP_CIPHER * _krb5_EVP_hcrypto_aes_128_cts(void);
49 const EVP_CIPHER * _krb5_EVP_hcrypto_aes_256_cts(void);
50 #define EVP_hcrypto_aes_128_cts _krb5_EVP_hcrypto_aes_128_cts
51 #define EVP_hcrypto_aes_256_cts _krb5_EVP_hcrypto_aes_256_cts
52 #endif
53
54 struct key_data {
55 krb5_keyblock *key;
56 krb5_data *schedule;
57 };
58
59 struct key_usage {
60 unsigned usage;
61 struct key_data key;
62 };
63
64 struct krb5_crypto_data {
65 struct encryption_type *et;
66 struct key_data key;
67 int num_key_usage;
68 struct key_usage *key_usage;
69 };
70
71 #define CRYPTO_ETYPE(C) ((C)->et->type)
72
73 /* bits for `flags' below */
74 #define F_KEYED 1 /* checksum is keyed */
75 #define F_CPROOF 2 /* checksum is collision proof */
76 #define F_DERIVED 4 /* uses derived keys */
77 #define F_VARIANT 8 /* uses `variant' keys (6.4.3) */
78 #define F_PSEUDO 16 /* not a real protocol type */
79 #define F_SPECIAL 32 /* backwards */
80 #define F_DISABLED 64 /* enctype/checksum disabled */
81
82 struct salt_type {
83 krb5_salttype type;
84 const char *name;
85 krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data,
86 krb5_salt, krb5_data, krb5_keyblock*);
87 };
88
89 struct key_type {
90 krb5_keytype type; /* XXX */
91 const char *name;
92 size_t bits;
93 size_t size;
94 size_t schedule_size;
95 void (*random_key)(krb5_context, krb5_keyblock*);
96 void (*schedule)(krb5_context, struct key_type *, struct key_data *);
97 struct salt_type *string_to_key;
98 void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t);
99 void (*cleanup)(krb5_context, struct key_data *);
100 const EVP_CIPHER *(*evp)(void);
101 };
102
103 struct checksum_type {
104 krb5_cksumtype type;
105 const char *name;
106 size_t blocksize;
107 size_t checksumsize;
108 unsigned flags;
109 krb5_enctype (*checksum)(krb5_context context,
110 struct key_data *key,
111 const void *buf, size_t len,
112 unsigned usage,
113 Checksum *csum);
114 krb5_error_code (*verify)(krb5_context context,
115 struct key_data *key,
116 const void *buf, size_t len,
117 unsigned usage,
118 Checksum *csum);
119 };
120
121 struct encryption_type {
122 krb5_enctype type;
123 const char *name;
124 size_t blocksize;
125 size_t padsize;
126 size_t confoundersize;
127 struct key_type *keytype;
128 struct checksum_type *checksum;
129 struct checksum_type *keyed_checksum;
130 unsigned flags;
131 krb5_error_code (*encrypt)(krb5_context context,
132 struct key_data *key,
133 void *data, size_t len,
134 krb5_boolean encryptp,
135 int usage,
136 void *ivec);
137 size_t prf_length;
138 krb5_error_code (*prf)(krb5_context,
139 krb5_crypto, const krb5_data *, krb5_data *);
140 };
141
142 #define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA)
143 #define INTEGRITY_USAGE(U) (((U) << 8) | 0x55)
144 #define CHECKSUM_USAGE(U) (((U) << 8) | 0x99)
145
146 static struct checksum_type *_find_checksum(krb5_cksumtype type);
147 static struct encryption_type *_find_enctype(krb5_enctype type);
148 static struct key_type *_find_keytype(krb5_keytype type);
149 static krb5_error_code _get_derived_key(krb5_context, krb5_crypto,
150 unsigned, struct key_data**);
151 static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
152 static krb5_error_code derive_key(krb5_context context,
153 struct encryption_type *et,
154 struct key_data *key,
155 const void *constant,
156 size_t len);
157 static krb5_error_code hmac(krb5_context context,
158 struct checksum_type *cm,
159 const void *data,
160 size_t len,
161 unsigned usage,
162 struct key_data *keyblock,
163 Checksum *result);
164 static void free_key_data(krb5_context,
165 struct key_data *,
166 struct encryption_type *);
167 static krb5_error_code usage2arcfour (krb5_context, unsigned *);
168 static void xor (DES_cblock *, const unsigned char *);
169
170 /************************************************************
171 * *
172 ************************************************************/
173
174 struct evp_schedule {
175 EVP_CIPHER_CTX ectx;
176 EVP_CIPHER_CTX dctx;
177 };
178
179
180 static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
181
182 static void
183 krb5_DES_random_key(krb5_context context,
184 krb5_keyblock *key)
185 {
186 DES_cblock *k = key->keyvalue.data;
187 do {
188 krb5_generate_random_block(k, sizeof(DES_cblock));
189 DES_set_odd_parity(k);
190 } while(DES_is_weak_key(k));
191 }
192
193 #ifdef WEAK_ENCTYPES
194 static void
195 krb5_DES_schedule_old(krb5_context context,
196 struct key_type *kt,
197 struct key_data *key)
198 {
199 DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data);
200 }
201 #endif /* WEAK_ENCTYPES */
202
203
204 #ifdef ENABLE_AFS_STRING_TO_KEY
205
206 /* This defines the Andrew string_to_key function. It accepts a password
207 * string as input and converts it via a one-way encryption algorithm to a DES
208 * encryption key. It is compatible with the original Andrew authentication
209 * service password database.
210 */
211
212 /*
213 * Short passwords, i.e 8 characters or less.
214 */
215 static void
216 krb5_DES_AFS3_CMU_string_to_key (krb5_data pw,
217 krb5_data cell,
218 DES_cblock *key)
219 {
220 char password[8+1]; /* crypt is limited to 8 chars anyway */
221 int i;
222
223 for(i = 0; i < 8; i++) {
224 char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^
225 ((i < cell.length) ?
226 tolower(((unsigned char*)cell.data)[i]) : 0);
227 password[i] = c ? c : 'X';
228 }
229 password[8] = '\0';
230
231 memcpy(key, crypt(password, "p1") + 2, sizeof(DES_cblock));
232
233 /* parity is inserted into the LSB so left shift each byte up one
234 bit. This allows ascii characters with a zero MSB to retain as
235 much significance as possible. */
236 for (i = 0; i < sizeof(DES_cblock); i++)
237 ((unsigned char*)key)[i] <<= 1;
238 DES_set_odd_parity (key);
239 }
240
241 /*
242 * Long passwords, i.e 9 characters or more.
243 */
244 static void
245 krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw,
246 krb5_data cell,
247 DES_cblock *key)
248 {
249 DES_key_schedule schedule;
250 DES_cblock temp_key;
251 DES_cblock ivec;
252 char password[512];
253 size_t passlen;
254
255 memcpy(password, pw.data, min(pw.length, sizeof(password)));
256 if(pw.length < sizeof(password)) {
257 int len = min(cell.length, sizeof(password) - pw.length);
258 int i;
259
260 memcpy(password + pw.length, cell.data, len);
261 for (i = pw.length; i < pw.length + len; ++i)
262 password[i] = tolower((unsigned char)password[i]);
263 }
264 passlen = min(sizeof(password), pw.length + cell.length);
265 memcpy(&ivec, "kerberos", 8);
266 memcpy(&temp_key, "kerberos", 8);
267 DES_set_odd_parity (&temp_key);
268 DES_set_key_unchecked (&temp_key, &schedule);
269 DES_cbc_cksum ((void*)password, &ivec, passlen, &schedule, &ivec);
270
271 memcpy(&temp_key, &ivec, 8);
272 DES_set_odd_parity (&temp_key);
273 DES_set_key_unchecked (&temp_key, &schedule);
274 DES_cbc_cksum ((void*)password, key, passlen, &schedule, &ivec);
275 memset(&schedule, 0, sizeof(schedule));
276 memset(&temp_key, 0, sizeof(temp_key));
277 memset(&ivec, 0, sizeof(ivec));
278 memset(password, 0, sizeof(password));
279
280 DES_set_odd_parity (key);
281 }
282
283 static krb5_error_code
284 DES_AFS3_string_to_key(krb5_context context,
285 krb5_enctype enctype,
286 krb5_data password,
287 krb5_salt salt,
288 krb5_data opaque,
289 krb5_keyblock *key)
290 {
291 DES_cblock tmp;
292 if(password.length > 8)
293 krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp);
294 else
295 krb5_DES_AFS3_CMU_string_to_key(password, salt.saltvalue, &tmp);
296 key->keytype = enctype;
297 krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
298 memset(&key, 0, sizeof(key));
299 return 0;
300 }
301 #endif /* ENABLE_AFS_STRING_TO_KEY */
302
303 static void
304 DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
305 {
306 DES_key_schedule schedule;
307 int i;
308 int reverse = 0;
309 unsigned char *p;
310
311 unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe,
312 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
313 memset(key, 0, 8);
314
315 p = (unsigned char*)key;
316 for (i = 0; i < length; i++) {
317 unsigned char tmp = data[i];
318 if (!reverse)
319 *p++ ^= (tmp << 1);
320 else
321 *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
322 if((i % 8) == 7)
323 reverse = !reverse;
324 }
325 DES_set_odd_parity(key);
326 if(DES_is_weak_key(key))
327 (*key)[7] ^= 0xF0;
328 DES_set_key_unchecked(key, &schedule);
329 DES_cbc_cksum((void*)data, key, length, &schedule, key);
330 memset(&schedule, 0, sizeof(schedule));
331 DES_set_odd_parity(key);
332 if(DES_is_weak_key(key))
333 (*key)[7] ^= 0xF0;
334 }
335
336 static krb5_error_code
337 krb5_DES_string_to_key(krb5_context context,
338 krb5_enctype enctype,
339 krb5_data password,
340 krb5_salt salt,
341 krb5_data opaque,
342 krb5_keyblock *key)
343 {
344 unsigned char *s;
345 size_t len;
346 DES_cblock tmp;
347
348 #ifdef ENABLE_AFS_STRING_TO_KEY
349 if (opaque.length == 1) {
350 unsigned long v;
351 _krb5_get_int(opaque.data, &v, 1);
352 if (v == 1)
353 return DES_AFS3_string_to_key(context, enctype, password,
354 salt, opaque, key);
355 }
356 #endif
357
358 len = password.length + salt.saltvalue.length;
359 s = malloc(len);
360 if(len > 0 && s == NULL) {
361 krb5_set_error_message (context, ENOMEM, "malloc: out of memory");
362 return ENOMEM;
363 }
364 memcpy(s, password.data, password.length);
365 memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
366 DES_string_to_key_int(s, len, &tmp);
367 key->keytype = enctype;
368 krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
369 memset(&tmp, 0, sizeof(tmp));
370 memset(s, 0, len);
371 free(s);
372 return 0;
373 }
374
375 static void
376 krb5_DES_random_to_key(krb5_context context,
377 krb5_keyblock *key,
378 const void *data,
379 size_t size)
380 {
381 DES_cblock *k = key->keyvalue.data;
382 memcpy(k, data, key->keyvalue.length);
383 DES_set_odd_parity(k);
384 if(DES_is_weak_key(k))
385 xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
386 }
387
388 /*
389 *
390 */
391
392 static void
393 DES3_random_key(krb5_context context,
394 krb5_keyblock *key)
395 {
396 DES_cblock *k = key->keyvalue.data;
397 do {
398 krb5_generate_random_block(k, 3 * sizeof(DES_cblock));
399 DES_set_odd_parity(&k[0]);
400 DES_set_odd_parity(&k[1]);
401 DES_set_odd_parity(&k[2]);
402 } while(DES_is_weak_key(&k[0]) ||
403 DES_is_weak_key(&k[1]) ||
404 DES_is_weak_key(&k[2]));
405 }
406
407 /*
408 * A = A xor B. A & B are 8 bytes.
409 */
410
411 static void
412 xor (DES_cblock *key, const unsigned char *b)
413 {
414 unsigned char *a = (unsigned char*)key;
415 a[0] ^= b[0];
416 a[1] ^= b[1];
417 a[2] ^= b[2];
418 a[3] ^= b[3];
419 a[4] ^= b[4];
420 a[5] ^= b[5];
421 a[6] ^= b[6];
422 a[7] ^= b[7];
423 }
424
425 #ifdef DES3_OLD_ENCTYPE
426 static krb5_error_code
427 DES3_string_to_key(krb5_context context,
428 krb5_enctype enctype,
429 krb5_data password,
430 krb5_salt salt,
431 krb5_data opaque,
432 krb5_keyblock *key)
433 {
434 char *str;
435 size_t len;
436 unsigned char tmp[24];
437 DES_cblock keys[3];
438 krb5_error_code ret;
439
440 len = password.length + salt.saltvalue.length;
441 str = malloc(len);
442 if(len != 0 && str == NULL) {
443 krb5_set_error_message (context, ENOMEM, "malloc: out of memory");
444 return ENOMEM;
445 }
446 memcpy(str, password.data, password.length);
447 memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length);
448 {
449 DES_cblock ivec;
450 DES_key_schedule s[3];
451 int i;
452
453 ret = _krb5_n_fold(str, len, tmp, 24);
454 if (ret) {
455 memset(str, 0, len);
456 free(str);
457 krb5_set_error_message (context, ret, "malloc: out of memory");
458 return ret;
459 }
460
461 for(i = 0; i < 3; i++){
462 memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
463 DES_set_odd_parity(keys + i);
464 if(DES_is_weak_key(keys + i))
465 xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
466 DES_set_key_unchecked(keys + i, &s[i]);
467 }
468 memset(&ivec, 0, sizeof(ivec));
469 DES_ede3_cbc_encrypt(tmp,
470 tmp, sizeof(tmp),
471 &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT);
472 memset(s, 0, sizeof(s));
473 memset(&ivec, 0, sizeof(ivec));
474 for(i = 0; i < 3; i++){
475 memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
476 DES_set_odd_parity(keys + i);
477 if(DES_is_weak_key(keys + i))
478 xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
479 }
480 memset(tmp, 0, sizeof(tmp));
481 }
482 key->keytype = enctype;
483 krb5_data_copy(&key->keyvalue, keys, sizeof(keys));
484 memset(keys, 0, sizeof(keys));
485 memset(str, 0, len);
486 free(str);
487 return 0;
488 }
489 #endif
490
491 static krb5_error_code
492 DES3_string_to_key_derived(krb5_context context,
493 krb5_enctype enctype,
494 krb5_data password,
495 krb5_salt salt,
496 krb5_data opaque,
497 krb5_keyblock *key)
498 {
499 krb5_error_code ret;
500 size_t len = password.length + salt.saltvalue.length;
501 char *s;
502
503 s = malloc(len);
504 if(len != 0 && s == NULL) {
505 krb5_set_error_message (context, ENOMEM, "malloc: out of memory");
506 return ENOMEM;
507 }
508 memcpy(s, password.data, password.length);
509 memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
510 ret = krb5_string_to_key_derived(context,
511 s,
512 len,
513 enctype,
514 key);
515 memset(s, 0, len);
516 free(s);
517 return ret;
518 }
519
520 static void
521 DES3_random_to_key(krb5_context context,
522 krb5_keyblock *key,
523 const void *data,
524 size_t size)
525 {
526 unsigned char *x = key->keyvalue.data;
527 const u_char *q = data;
528 DES_cblock *k;
529 int i, j;
530
531 memset(x, 0, sizeof(x));
532 for (i = 0; i < 3; ++i) {
533 unsigned char foo;
534 for (j = 0; j < 7; ++j) {
535 unsigned char b = q[7 * i + j];
536
537 x[8 * i + j] = b;
538 }
539 foo = 0;
540 for (j = 6; j >= 0; --j) {
541 foo |= q[7 * i + j] & 1;
542 foo <<= 1;
543 }
544 x[8 * i + 7] = foo;
545 }
546 k = key->keyvalue.data;
547 for (i = 0; i < 3; i++) {
548 DES_set_odd_parity(&k[i]);
549 if(DES_is_weak_key(&k[i]))
550 xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
551 }
552 }
553
554 /*
555 * ARCFOUR
556 */
557
558 static void
559 ARCFOUR_schedule(krb5_context context,
560 struct key_type *kt,
561 struct key_data *kd)
562 {
563 RC4_set_key (kd->schedule->data,
564 kd->key->keyvalue.length, kd->key->keyvalue.data);
565 }
566
567 static krb5_error_code
568 ARCFOUR_string_to_key(krb5_context context,
569 krb5_enctype enctype,
570 krb5_data password,
571 krb5_salt salt,
572 krb5_data opaque,
573 krb5_keyblock *key)
574 {
575 krb5_error_code ret;
576 uint16_t *s = NULL;
577 size_t len, i;
578 EVP_MD_CTX *m;
579
580 m = EVP_MD_CTX_create();
581 if (m == NULL) {
582 ret = ENOMEM;
583 krb5_set_error_message(context, ret, "Malloc: out of memory");
584 goto out;
585 }
586
587 EVP_DigestInit_ex(m, EVP_md4(), NULL);
588
589 ret = wind_utf8ucs2_length(password.data, &len);
590 if (ret) {
591 krb5_set_error_message (context, ret, "Password not an UCS2 string");
592 goto out;
593 }
594
595 s = malloc (len * sizeof(s[0]));
596 if (len != 0 && s == NULL) {
597 krb5_set_error_message (context, ENOMEM, "malloc: out of memory");
598 ret = ENOMEM;
599 goto out;
600 }
601
602 ret = wind_utf8ucs2(password.data, s, &len);
603 if (ret) {
604 krb5_set_error_message (context, ret, "Password not an UCS2 string");
605 goto out;
606 }
607
608 /* LE encoding */
609 for (i = 0; i < len; i++) {
610 unsigned char p;
611 p = (s[i] & 0xff);
612 EVP_DigestUpdate (m, &p, 1);
613 p = (s[i] >> 8) & 0xff;
614 EVP_DigestUpdate (m, &p, 1);
615 }
616
617 key->keytype = enctype;
618 ret = krb5_data_alloc (&key->keyvalue, 16);
619 if (ret) {
620 krb5_set_error_message (context, ENOMEM, "malloc: out of memory");
621 goto out;
622 }
623 EVP_DigestFinal_ex (m, key->keyvalue.data, NULL);
624
625 out:
626 EVP_MD_CTX_destroy(m);
627 if (s)
628 memset (s, 0, len);
629 free (s);
630 return ret;
631 }
632
633 /*
634 * AES
635 */
636
637 int _krb5_AES_string_to_default_iterator = 4096;
638
639 static krb5_error_code
640 AES_string_to_key(krb5_context context,
641 krb5_enctype enctype,
642 krb5_data password,
643 krb5_salt salt,
644 krb5_data opaque,
645 krb5_keyblock *key)
646 {
647 krb5_error_code ret;
648 uint32_t iter;
649 struct encryption_type *et;
650 struct key_data kd;
651
652 if (opaque.length == 0)
653 iter = _krb5_AES_string_to_default_iterator;
654 else if (opaque.length == 4) {
655 unsigned long v;
656 _krb5_get_int(opaque.data, &v, 4);
657 iter = ((uint32_t)v);
658 } else
659 return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */
660
661 et = _find_enctype(enctype);
662 if (et == NULL)
663 return KRB5_PROG_KEYTYPE_NOSUPP;
664
665 kd.schedule = NULL;
666 ALLOC(kd.key, 1);
667 if(kd.key == NULL) {
668 krb5_set_error_message (context, ENOMEM, "malloc: out of memory");
669 return ENOMEM;
670 }
671 kd.key->keytype = enctype;
672 ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
673 if (ret) {
674 krb5_set_error_message (context, ret, "malloc: out of memory");
675 return ret;
676 }
677
678 ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
679 salt.saltvalue.data, salt.saltvalue.length,
680 iter,
681 et->keytype->size, kd.key->keyvalue.data);
682 if (ret != 1) {
683 free_key_data(context, &kd, et);
684 krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP,
685 "Error calculating s2k");
686 return KRB5_PROG_KEYTYPE_NOSUPP;
687 }
688
689 ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos"));
690 if (ret == 0)
691 ret = krb5_copy_keyblock_contents(context, kd.key, key);
692 free_key_data(context, &kd, et);
693
694 return ret;
695 }
696
697 static void
698 evp_schedule(krb5_context context, struct key_type *kt, struct key_data *kd)
699 {
700 struct evp_schedule *key = kd->schedule->data;
701 const EVP_CIPHER *c = (*kt->evp)();
702
703 EVP_CIPHER_CTX_init(&key->ectx);
704 EVP_CIPHER_CTX_init(&key->dctx);
705
706 EVP_CipherInit_ex(&key->ectx, c, NULL, kd->key->keyvalue.data, NULL, 1);
707 EVP_CipherInit_ex(&key->dctx, c, NULL, kd->key->keyvalue.data, NULL, 0);
708 }
709
710 static void
711 evp_cleanup(krb5_context context, struct key_data *kd)
712 {
713 struct evp_schedule *key = kd->schedule->data;
714 EVP_CIPHER_CTX_cleanup(&key->ectx);
715 EVP_CIPHER_CTX_cleanup(&key->dctx);
716 }
717
718 /*
719 *
720 */
721
722 static struct salt_type des_salt[] = {
723 {
724 KRB5_PW_SALT,
725 "pw-salt",
726 krb5_DES_string_to_key
727 },
728 #ifdef ENABLE_AFS_STRING_TO_KEY
729 {
730 KRB5_AFS3_SALT,
731 "afs3-salt",
732 DES_AFS3_string_to_key
733 },
734 #endif
735 { 0 }
736 };
737
738 #ifdef DES3_OLD_ENCTYPE
739 static struct salt_type des3_salt[] = {
740 {
741 KRB5_PW_SALT,
742 "pw-salt",
743 DES3_string_to_key
744 },
745 { 0 }
746 };
747 #endif
748
749 static struct salt_type des3_salt_derived[] = {
750 {
751 KRB5_PW_SALT,
752 "pw-salt",
753 DES3_string_to_key_derived
754 },
755 { 0 }
756 };
757
758 static struct salt_type AES_salt[] = {
759 {
760 KRB5_PW_SALT,
761 "pw-salt",
762 AES_string_to_key
763 },
764 { 0 }
765 };
766
767 static struct salt_type arcfour_salt[] = {
768 {
769 KRB5_PW_SALT,
770 "pw-salt",
771 ARCFOUR_string_to_key
772 },
773 { 0 }
774 };
775
776 /*
777 *
778 */
779
780 static struct key_type keytype_null = {
781 KEYTYPE_NULL,
782 "null",
783 0,
784 0,
785 0,
786 NULL,
787 NULL,
788 NULL
789 };
790
791 #ifdef WEAK_ENCTYPES
792 static struct key_type keytype_des_old = {
793 KEYTYPE_DES,
794 "des-old",
795 56,
796 8,
797 sizeof(DES_key_schedule),
798 krb5_DES_random_key,
799 krb5_DES_schedule_old,
800 des_salt,
801 krb5_DES_random_to_key
802 };
803 #endif /* WEAK_ENCTYPES */
804
805 static struct key_type keytype_des = {
806 KEYTYPE_DES,
807 "des",
808 56,
809 8,
810 sizeof(struct evp_schedule),
811 krb5_DES_random_key,
812 evp_schedule,
813 des_salt,
814 krb5_DES_random_to_key,
815 evp_cleanup,
816 EVP_des_cbc
817 };
818
819 #ifdef DES3_OLD_ENCTYPE
820 static struct key_type keytype_des3 = {
821 KEYTYPE_DES3,
822 "des3",
823 168,
824 24,
825 sizeof(struct evp_schedule),
826 DES3_random_key,
827 evp_schedule,
828 des3_salt,
829 DES3_random_to_key,
830 evp_cleanup,
831 EVP_des_ede3_cbc
832 };
833 #endif
834
835 static struct key_type keytype_des3_derived = {
836 KEYTYPE_DES3,
837 "des3",
838 168,
839 24,
840 sizeof(struct evp_schedule),
841 DES3_random_key,
842 evp_schedule,
843 des3_salt_derived,
844 DES3_random_to_key,
845 evp_cleanup,
846 EVP_des_ede3_cbc
847 };
848
849 static struct key_type keytype_aes128 = {
850 KEYTYPE_AES128,
851 "aes-128",
852 128,
853 16,
854 sizeof(struct evp_schedule),
855 NULL,
856 evp_schedule,
857 AES_salt,
858 NULL,
859 evp_cleanup,
860 EVP_hcrypto_aes_128_cts
861 };
862
863 static struct key_type keytype_aes256 = {
864 KEYTYPE_AES256,
865 "aes-256",
866 256,
867 32,
868 sizeof(struct evp_schedule),
869 NULL,
870 evp_schedule,
871 AES_salt,
872 NULL,
873 evp_cleanup,
874 EVP_hcrypto_aes_256_cts
875 };
876
877 static struct key_type keytype_arcfour = {
878 KEYTYPE_ARCFOUR,
879 "arcfour",
880 128,
881 16,
882 sizeof(RC4_KEY),
883 NULL,
884 ARCFOUR_schedule,
885 arcfour_salt
886 };
887
888 static struct key_type *keytypes[] = {
889 &keytype_null,
890 &keytype_des,
891 &keytype_des3_derived,
892 #ifdef DES3_OLD_ENCTYPE
893 &keytype_des3,
894 #endif
895 &keytype_aes128,
896 &keytype_aes256,
897 &keytype_arcfour
898 };
899
900 static int num_keytypes = sizeof(keytypes) / sizeof(keytypes[0]);
901
902 static struct key_type *
903 _find_keytype(krb5_keytype type)
904 {
905 int i;
906 for(i = 0; i < num_keytypes; i++)
907 if(keytypes[i]->type == type)
908 return keytypes[i];
909 return NULL;
910 }
911
912
913 krb5_error_code KRB5_LIB_FUNCTION
914 krb5_salttype_to_string (krb5_context context,
915 krb5_enctype etype,
916 krb5_salttype stype,
917 char **string)
918 {
919 struct encryption_type *e;
920 struct salt_type *st;
921
922 e = _find_enctype (etype);
923 if (e == NULL) {
924 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
925 "encryption type %d not supported",
926 etype);
927 return KRB5_PROG_ETYPE_NOSUPP;
928 }
929 for (st = e->keytype->string_to_key; st && st->type; st++) {
930 if (st->type == stype) {
931 *string = strdup (st->name);
932 if (*string == NULL) {
933 krb5_set_error_message (context, ENOMEM,
934 "malloc: out of memory");
935 return ENOMEM;
936 }
937 return 0;
938 }
939 }
940 krb5_set_error_message (context, HEIM_ERR_SALTTYPE_NOSUPP,
941 "salttype %d not supported", stype);
942 return HEIM_ERR_SALTTYPE_NOSUPP;
943 }
944
945 krb5_error_code KRB5_LIB_FUNCTION
946 krb5_string_to_salttype (krb5_context context,
947 krb5_enctype etype,
948 const char *string,
949 krb5_salttype *salttype)
950 {
951 struct encryption_type *e;
952 struct salt_type *st;
953
954 e = _find_enctype (etype);
955 if (e == NULL) {
956 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
957 "encryption type %d not supported",
958 etype);
959 return KRB5_PROG_ETYPE_NOSUPP;
960 }
961 for (st = e->keytype->string_to_key; st && st->type; st++) {
962 if (strcasecmp (st->name, string) == 0) {
963 *salttype = st->type;
964 return 0;
965 }
966 }
967 krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP,
968 "salttype %s not supported", string);
969 return HEIM_ERR_SALTTYPE_NOSUPP;
970 }
971
972 krb5_error_code KRB5_LIB_FUNCTION
973 krb5_get_pw_salt(krb5_context context,
974 krb5_const_principal principal,
975 krb5_salt *salt)
976 {
977 size_t len;
978 int i;
979 krb5_error_code ret;
980 char *p;
981
982 salt->salttype = KRB5_PW_SALT;
983 len = strlen(principal->realm);
984 for (i = 0; i < principal->name.name_string.len; ++i)
985 len += strlen(principal->name.name_string.val[i]);
986 ret = krb5_data_alloc (&salt->saltvalue, len);
987 if (ret)
988 return ret;
989 p = salt->saltvalue.data;
990 memcpy (p, principal->realm, strlen(principal->realm));
991 p += strlen(principal->realm);
992 for (i = 0; i < principal->name.name_string.len; ++i) {
993 memcpy (p,
994 principal->name.name_string.val[i],
995 strlen(principal->name.name_string.val[i]));
996 p += strlen(principal->name.name_string.val[i]);
997 }
998 return 0;
999 }
1000
1001 krb5_error_code KRB5_LIB_FUNCTION
1002 krb5_free_salt(krb5_context context,
1003 krb5_salt salt)
1004 {
1005 krb5_data_free(&salt.saltvalue);
1006 return 0;
1007 }
1008
1009 krb5_error_code KRB5_LIB_FUNCTION
1010 krb5_string_to_key_data (krb5_context context,
1011 krb5_enctype enctype,
1012 krb5_data password,
1013 krb5_principal principal,
1014 krb5_keyblock *key)
1015 {
1016 krb5_error_code ret;
1017 krb5_salt salt;
1018
1019 ret = krb5_get_pw_salt(context, principal, &salt);
1020 if(ret)
1021 return ret;
1022 ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key);
1023 krb5_free_salt(context, salt);
1024 return ret;
1025 }
1026
1027 krb5_error_code KRB5_LIB_FUNCTION
1028 krb5_string_to_key (krb5_context context,
1029 krb5_enctype enctype,
1030 const char *password,
1031 krb5_principal principal,
1032 krb5_keyblock *key)
1033 {
1034 krb5_data pw;
1035 pw.data = rk_UNCONST(password);
1036 pw.length = strlen(password);
1037 return krb5_string_to_key_data(context, enctype, pw, principal, key);
1038 }
1039
1040 krb5_error_code KRB5_LIB_FUNCTION
1041 krb5_string_to_key_data_salt (krb5_context context,
1042 krb5_enctype enctype,
1043 krb5_data password,
1044 krb5_salt salt,
1045 krb5_keyblock *key)
1046 {
1047 krb5_data opaque;
1048 krb5_data_zero(&opaque);
1049 return krb5_string_to_key_data_salt_opaque(context, enctype, password,
1050 salt, opaque, key);
1051 }
1052
1053 /*
1054 * Do a string -> key for encryption type `enctype' operation on
1055 * `password' (with salt `salt' and the enctype specific data string
1056 * `opaque'), returning the resulting key in `key'
1057 */
1058
1059 krb5_error_code KRB5_LIB_FUNCTION
1060 krb5_string_to_key_data_salt_opaque (krb5_context context,
1061 krb5_enctype enctype,
1062 krb5_data password,
1063 krb5_salt salt,
1064 krb5_data opaque,
1065 krb5_keyblock *key)
1066 {
1067 struct encryption_type *et =_find_enctype(enctype);
1068 struct salt_type *st;
1069 if(et == NULL) {
1070 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
1071 "encryption type %d not supported",
1072 enctype);
1073 return KRB5_PROG_ETYPE_NOSUPP;
1074 }
1075 for(st = et->keytype->string_to_key; st && st->type; st++)
1076 if(st->type == salt.salttype)
1077 return (*st->string_to_key)(context, enctype, password,
1078 salt, opaque, key);
1079 krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP,
1080 "salt type %d not supported",
1081 salt.salttype);
1082 return HEIM_ERR_SALTTYPE_NOSUPP;
1083 }
1084
1085 /*
1086 * Do a string -> key for encryption type `enctype' operation on the
1087 * string `password' (with salt `salt'), returning the resulting key
1088 * in `key'
1089 */
1090
1091 krb5_error_code KRB5_LIB_FUNCTION
1092 krb5_string_to_key_salt (krb5_context context,
1093 krb5_enctype enctype,
1094 const char *password,
1095 krb5_salt salt,
1096 krb5_keyblock *key)
1097 {
1098 krb5_data pw;
1099 pw.data = rk_UNCONST(password);
1100 pw.length = strlen(password);
1101 return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
1102 }
1103
1104 krb5_error_code KRB5_LIB_FUNCTION
1105 krb5_string_to_key_salt_opaque (krb5_context context,
1106 krb5_enctype enctype,
1107 const char *password,
1108 krb5_salt salt,
1109 krb5_data opaque,
1110 krb5_keyblock *key)
1111 {
1112 krb5_data pw;
1113 pw.data = rk_UNCONST(password);
1114 pw.length = strlen(password);
1115 return krb5_string_to_key_data_salt_opaque(context, enctype,
1116 pw, salt, opaque, key);
1117 }
1118
1119 krb5_error_code KRB5_LIB_FUNCTION
1120 krb5_enctype_keysize(krb5_context context,
1121 krb5_enctype type,
1122 size_t *keysize)
1123 {
1124 struct encryption_type *et = _find_enctype(type);
1125 if(et == NULL) {
1126 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
1127 "encryption type %d not supported",
1128 type);
1129 return KRB5_PROG_ETYPE_NOSUPP;
1130 }
1131 *keysize = et->keytype->size;
1132 return 0;
1133 }
1134
1135 krb5_error_code KRB5_LIB_FUNCTION
1136 krb5_enctype_keybits(krb5_context context,
1137 krb5_enctype type,
1138 size_t *keybits)
1139 {
1140 struct encryption_type *et = _find_enctype(type);
1141 if(et == NULL) {
1142 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
1143 "encryption type %d not supported",
1144 type);
1145 return KRB5_PROG_ETYPE_NOSUPP;
1146 }
1147 *keybits = et->keytype->bits;
1148 return 0;
1149 }
1150
1151 krb5_error_code KRB5_LIB_FUNCTION
1152 krb5_generate_random_keyblock(krb5_context context,
1153 krb5_enctype type,
1154 krb5_keyblock *key)
1155 {
1156 krb5_error_code ret;
1157 struct encryption_type *et = _find_enctype(type);
1158 if(et == NULL) {
1159 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
1160 "encryption type %d not supported",
1161 type);
1162 return KRB5_PROG_ETYPE_NOSUPP;
1163 }
1164 ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
1165 if(ret)
1166 return ret;
1167 key->keytype = type;
1168 if(et->keytype->random_key)
1169 (*et->keytype->random_key)(context, key);
1170 else
1171 krb5_generate_random_block(key->keyvalue.data,
1172 key->keyvalue.length);
1173 return 0;
1174 }
1175
1176 static krb5_error_code
1177 _key_schedule(krb5_context context,
1178 struct key_data *key)
1179 {
1180 krb5_error_code ret;
1181 struct encryption_type *et = _find_enctype(key->key->keytype);
1182 struct key_type *kt = et->keytype;
1183
1184 if(kt->schedule == NULL)
1185 return 0;
1186 if (key->schedule != NULL)
1187 return 0;
1188 ALLOC(key->schedule, 1);
1189 if(key->schedule == NULL) {
1190 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
1191 return ENOMEM;
1192 }
1193 ret = krb5_data_alloc(key->schedule, kt->schedule_size);
1194 if(ret) {
1195 free(key->schedule);
1196 key->schedule = NULL;
1197 return ret;
1198 }
1199 (*kt->schedule)(context, kt, key);
1200 return 0;
1201 }
1202
1203 /************************************************************
1204 * *
1205 ************************************************************/
1206
1207 static krb5_error_code
1208 NONE_checksum(krb5_context context,
1209 struct key_data *key,
1210 const void *data,
1211 size_t len,
1212 unsigned usage,
1213 Checksum *C)
1214 {
1215 return 0;
1216 }
1217
1218 static krb5_error_code
1219 CRC32_checksum(krb5_context context,
1220 struct key_data *key,
1221 const void *data,
1222 size_t len,
1223 unsigned usage,
1224 Checksum *C)
1225 {
1226 uint32_t crc;
1227 unsigned char *r = C->checksum.data;
1228 _krb5_crc_init_table ();
1229 crc = _krb5_crc_update (data, len, 0);
1230 r[0] = crc & 0xff;
1231 r[1] = (crc >> 8) & 0xff;
1232 r[2] = (crc >> 16) & 0xff;
1233 r[3] = (crc >> 24) & 0xff;
1234 return 0;
1235 }
1236
1237 static krb5_error_code
1238 RSA_MD4_checksum(krb5_context context,
1239 struct key_data *key,
1240 const void *data,
1241 size_t len,
1242 unsigned usage,
1243 Checksum *C)
1244 {
1245 if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md4(), NULL) != 1)
1246 krb5_abortx(context, "md4 checksum failed");
1247 return 0;
1248 }
1249
1250 static krb5_error_code
1251 des_checksum(krb5_context context,
1252 const EVP_MD *evp_md,
1253 struct key_data *key,
1254 const void *data,
1255 size_t len,
1256 Checksum *cksum)
1257 {
1258 struct evp_schedule *ctx = key->schedule->data;
1259 EVP_MD_CTX *m;
1260 DES_cblock ivec;
1261 unsigned char *p = cksum->checksum.data;
1262
1263 krb5_generate_random_block(p, 8);
1264
1265 m = EVP_MD_CTX_create();
1266 if (m == NULL) {
1267 krb5_set_error_message(context, ENOMEM, "Malloc: out of memory");
1268 return ENOMEM;
1269 }
1270
1271 EVP_DigestInit_ex(m, evp_md, NULL);
1272 EVP_DigestUpdate(m, p, 8);
1273 EVP_DigestUpdate(m, data, len);
1274 EVP_DigestFinal_ex (m, p + 8, NULL);
1275 EVP_MD_CTX_destroy(m);
1276 memset (&ivec, 0, sizeof(ivec));
1277 EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1);
1278 EVP_Cipher(&ctx->ectx, p, p, 24);
1279
1280 return 0;
1281 }
1282
1283 static krb5_error_code
1284 des_verify(krb5_context context,
1285 const EVP_MD *evp_md,
1286 struct key_data *key,
1287 const void *data,
1288 size_t len,
1289 Checksum *C)
1290 {
1291 struct evp_schedule *ctx = key->schedule->data;
1292 EVP_MD_CTX *m;
1293 unsigned char tmp[24];
1294 unsigned char res[16];
1295 DES_cblock ivec;
1296 krb5_error_code ret = 0;
1297
1298 m = EVP_MD_CTX_create();
1299 if (m == NULL) {
1300 krb5_set_error_message(context, ENOMEM, "Malloc: out of memory");
1301 return ENOMEM;
1302 }
1303
1304 memset(&ivec, 0, sizeof(ivec));
1305 EVP_CipherInit_ex(&ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1);
1306 EVP_Cipher(&ctx->dctx, tmp, C->checksum.data, 24);
1307
1308 EVP_DigestInit_ex(m, evp_md, NULL);
1309 EVP_DigestUpdate(m, tmp, 8); /* confounder */
1310 EVP_DigestUpdate(m, data, len);
1311 EVP_DigestFinal_ex (m, res, NULL);
1312 EVP_MD_CTX_destroy(m);
1313 if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
1314 krb5_clear_error_string (context);
1315 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
1316 }
1317 memset(tmp, 0, sizeof(tmp));
1318 memset(res, 0, sizeof(res));
1319 return ret;
1320 }
1321
1322 static krb5_error_code
1323 RSA_MD4_DES_checksum(krb5_context context,
1324 struct key_data *key,
1325 const void *data,
1326 size_t len,
1327 unsigned usage,
1328 Checksum *cksum)
1329 {
1330 return des_checksum(context, EVP_md4(), key, data, len, cksum);
1331 }
1332
1333 static krb5_error_code
1334 RSA_MD4_DES_verify(krb5_context context,
1335 struct key_data *key,
1336 const void *data,
1337 size_t len,
1338 unsigned usage,
1339 Checksum *C)
1340 {
1341 return des_verify(context, EVP_md5(), key, data, len, C);
1342 }
1343
1344 static krb5_error_code
1345 RSA_MD5_checksum(krb5_context context,
1346 struct key_data *key,
1347 const void *data,
1348 size_t len,
1349 unsigned usage,
1350 Checksum *C)
1351 {
1352 if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1)
1353 krb5_abortx(context, "md5 checksum failed");
1354 return 0;
1355 }
1356
1357 static krb5_error_code
1358 RSA_MD5_DES_checksum(krb5_context context,
1359 struct key_data *key,
1360 const void *data,
1361 size_t len,
1362 unsigned usage,
1363 Checksum *C)
1364 {
1365 return des_checksum(context, EVP_md5(), key, data, len, C);
1366 }
1367
1368 static krb5_error_code
1369 RSA_MD5_DES_verify(krb5_context context,
1370 struct key_data *key,
1371 const void *data,
1372 size_t len,
1373 unsigned usage,
1374 Checksum *C)
1375 {
1376 return des_verify(context, EVP_md5(), key, data, len, C);
1377 }
1378
1379 static krb5_error_code
1380 RSA_MD5_DES3_checksum(krb5_context context,
1381 struct key_data *key,
1382 const void *data,
1383 size_t len,
1384 unsigned usage,
1385 Checksum *C)
1386 {
1387 return des_checksum(context, EVP_md5(), key, data, len, C);
1388 }
1389
1390 static krb5_error_code
1391 RSA_MD5_DES3_verify(krb5_context context,
1392 struct key_data *key,
1393 const void *data,
1394 size_t len,
1395 unsigned usage,
1396 Checksum *C)
1397 {
1398 return des_verify(context, EVP_md5(), key, data, len, C);
1399 }
1400
1401 static krb5_error_code
1402 SHA1_checksum(krb5_context context,
1403 struct key_data *key,
1404 const void *data,
1405 size_t len,
1406 unsigned usage,
1407 Checksum *C)
1408 {
1409 if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_sha1(), NULL) != 1)
1410 krb5_abortx(context, "sha1 checksum failed");
1411 return 0;
1412 }
1413
1414 /* HMAC according to RFC2104 */
1415 static krb5_error_code
1416 hmac(krb5_context context,
1417 struct checksum_type *cm,
1418 const void *data,
1419 size_t len,
1420 unsigned usage,
1421 struct key_data *keyblock,
1422 Checksum *result)
1423 {
1424 unsigned char *ipad, *opad;
1425 unsigned char *key;
1426 size_t key_len;
1427 int i;
1428
1429 ipad = malloc(cm->blocksize + len);
1430 if (ipad == NULL)
1431 return ENOMEM;
1432 opad = malloc(cm->blocksize + cm->checksumsize);
1433 if (opad == NULL) {
1434 free(ipad);
1435 return ENOMEM;
1436 }
1437 memset(ipad, 0x36, cm->blocksize);
1438 memset(opad, 0x5c, cm->blocksize);
1439
1440 if(keyblock->key->keyvalue.length > cm->blocksize){
1441 (*cm->checksum)(context,
1442 keyblock,
1443 keyblock->key->keyvalue.data,
1444 keyblock->key->keyvalue.length,
1445 usage,
1446 result);
1447 key = result->checksum.data;
1448 key_len = result->checksum.length;
1449 } else {
1450 key = keyblock->key->keyvalue.data;
1451 key_len = keyblock->key->keyvalue.length;
1452 }
1453 for(i = 0; i < key_len; i++){
1454 ipad[i] ^= key[i];
1455 opad[i] ^= key[i];
1456 }
1457 memcpy(ipad + cm->blocksize, data, len);
1458 (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len,
1459 usage, result);
1460 memcpy(opad + cm->blocksize, result->checksum.data,
1461 result->checksum.length);
1462 (*cm->checksum)(context, keyblock, opad,
1463 cm->blocksize + cm->checksumsize, usage, result);
1464 memset(ipad, 0, cm->blocksize + len);
1465 free(ipad);
1466 memset(opad, 0, cm->blocksize + cm->checksumsize);
1467 free(opad);
1468
1469 return 0;
1470 }
1471
1472 krb5_error_code KRB5_LIB_FUNCTION
1473 krb5_hmac(krb5_context context,
1474 krb5_cksumtype cktype,
1475 const void *data,
1476 size_t len,
1477 unsigned usage,
1478 krb5_keyblock *key,
1479 Checksum *result)
1480 {
1481 struct checksum_type *c = _find_checksum(cktype);
1482 struct key_data kd;
1483 krb5_error_code ret;
1484
1485 if (c == NULL) {
1486 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
1487 "checksum type %d not supported",
1488 cktype);
1489 return KRB5_PROG_SUMTYPE_NOSUPP;
1490 }
1491
1492 kd.key = key;
1493 kd.schedule = NULL;
1494
1495 ret = hmac(context, c, data, len, usage, &kd, result);
1496
1497 if (kd.schedule)
1498 krb5_free_data(context, kd.schedule);
1499
1500 return ret;
1501 }
1502
1503 static krb5_error_code
1504 SP_HMAC_SHA1_checksum(krb5_context context,
1505 struct key_data *key,
1506 const void *data,
1507 size_t len,
1508 unsigned usage,
1509 Checksum *result)
1510 {
1511 struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1);
1512 Checksum res;
1513 char sha1_data[20];
1514 krb5_error_code ret;
1515
1516 res.checksum.data = sha1_data;
1517 res.checksum.length = sizeof(sha1_data);
1518
1519 ret = hmac(context, c, data, len, usage, key, &res);
1520 if (ret)
1521 krb5_abortx(context, "hmac failed");
1522 memcpy(result->checksum.data, res.checksum.data, result->checksum.length);
1523 return 0;
1524 }
1525
1526 /*
1527 * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt
1528 */
1529
1530 static krb5_error_code
1531 HMAC_MD5_checksum(krb5_context context,
1532 struct key_data *key,
1533 const void *data,
1534 size_t len,
1535 unsigned usage,
1536 Checksum *result)
1537 {
1538 EVP_MD_CTX *m;
1539 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
1540 const char signature[] = "signaturekey";
1541 Checksum ksign_c;
1542 struct key_data ksign;
1543 krb5_keyblock kb;
1544 unsigned char t[4];
1545 unsigned char tmp[16];
1546 unsigned char ksign_c_data[16];
1547 krb5_error_code ret;
1548
1549 m = EVP_MD_CTX_create();
1550 if (m == NULL) {
1551 krb5_set_error_message(context, ENOMEM, "Malloc: out of memory");
1552 return ENOMEM;
1553 }
1554 ksign_c.checksum.length = sizeof(ksign_c_data);
1555 ksign_c.checksum.data = ksign_c_data;
1556 ret = hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c);
1557 if (ret) {
1558 EVP_MD_CTX_destroy(m);
1559 return ret;
1560 }
1561 ksign.key = &kb;
1562 kb.keyvalue = ksign_c.checksum;
1563 EVP_DigestInit_ex(m, EVP_md5(), NULL);
1564 t[0] = (usage >> 0) & 0xFF;
1565 t[1] = (usage >> 8) & 0xFF;
1566 t[2] = (usage >> 16) & 0xFF;
1567 t[3] = (usage >> 24) & 0xFF;
1568 EVP_DigestUpdate(m, t, 4);
1569 EVP_DigestUpdate(m, data, len);
1570 EVP_DigestFinal_ex (m, tmp, NULL);
1571 EVP_MD_CTX_destroy(m);
1572
1573 ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result);
1574 if (ret)
1575 return ret;
1576 return 0;
1577 }
1578
1579 static struct checksum_type checksum_none = {
1580 CKSUMTYPE_NONE,
1581 "none",
1582 1,
1583 0,
1584 0,
1585 NONE_checksum,
1586 NULL
1587 };
1588 static struct checksum_type checksum_crc32 = {
1589 CKSUMTYPE_CRC32,
1590 "crc32",
1591 1,
1592 4,
1593 0,
1594 CRC32_checksum,
1595 NULL
1596 };
1597 static struct checksum_type checksum_rsa_md4 = {
1598 CKSUMTYPE_RSA_MD4,
1599 "rsa-md4",
1600 64,
1601 16,
1602 F_CPROOF,
1603 RSA_MD4_checksum,
1604 NULL
1605 };
1606 static struct checksum_type checksum_rsa_md4_des = {
1607 CKSUMTYPE_RSA_MD4_DES,
1608 "rsa-md4-des",
1609 64,
1610 24,
1611 F_KEYED | F_CPROOF | F_VARIANT,
1612 RSA_MD4_DES_checksum,
1613 RSA_MD4_DES_verify
1614 };
1615 static struct checksum_type checksum_rsa_md5 = {
1616 CKSUMTYPE_RSA_MD5,
1617 "rsa-md5",
1618 64,
1619 16,
1620 F_CPROOF,
1621 RSA_MD5_checksum,
1622 NULL
1623 };
1624 static struct checksum_type checksum_rsa_md5_des = {
1625 CKSUMTYPE_RSA_MD5_DES,
1626 "rsa-md5-des",
1627 64,
1628 24,
1629 F_KEYED | F_CPROOF | F_VARIANT,
1630 RSA_MD5_DES_checksum,
1631 RSA_MD5_DES_verify
1632 };
1633 #ifdef DES3_OLD_ENCTYPE
1634 static struct checksum_type checksum_rsa_md5_des3 = {
1635 CKSUMTYPE_RSA_MD5_DES3,
1636 "rsa-md5-des3",
1637 64,
1638 24,
1639 F_KEYED | F_CPROOF | F_VARIANT,
1640 RSA_MD5_DES3_checksum,
1641 RSA_MD5_DES3_verify
1642 };
1643 #endif
1644 static struct checksum_type checksum_sha1 = {
1645 CKSUMTYPE_SHA1,
1646 "sha1",
1647 64,
1648 20,
1649 F_CPROOF,
1650 SHA1_checksum,
1651 NULL
1652 };
1653 static struct checksum_type checksum_hmac_sha1_des3 = {
1654 CKSUMTYPE_HMAC_SHA1_DES3,
1655 "hmac-sha1-des3",
1656 64,
1657 20,
1658 F_KEYED | F_CPROOF | F_DERIVED,
1659 SP_HMAC_SHA1_checksum,
1660 NULL
1661 };
1662
1663 static struct checksum_type checksum_hmac_sha1_aes128 = {
1664 CKSUMTYPE_HMAC_SHA1_96_AES_128,
1665 "hmac-sha1-96-aes128",
1666 64,
1667 12,
1668 F_KEYED | F_CPROOF | F_DERIVED,
1669 SP_HMAC_SHA1_checksum,
1670 NULL
1671 };
1672
1673 static struct checksum_type checksum_hmac_sha1_aes256 = {
1674 CKSUMTYPE_HMAC_SHA1_96_AES_256,
1675 "hmac-sha1-96-aes256",
1676 64,
1677 12,
1678 F_KEYED | F_CPROOF | F_DERIVED,
1679 SP_HMAC_SHA1_checksum,
1680 NULL
1681 };
1682
1683 static struct checksum_type checksum_hmac_md5 = {
1684 CKSUMTYPE_HMAC_MD5,
1685 "hmac-md5",
1686 64,
1687 16,
1688 F_KEYED | F_CPROOF,
1689 HMAC_MD5_checksum,
1690 NULL
1691 };
1692
1693 static struct checksum_type *checksum_types[] = {
1694 &checksum_none,
1695 &checksum_crc32,
1696 &checksum_rsa_md4,
1697 &checksum_rsa_md4_des,
1698 &checksum_rsa_md5,
1699 &checksum_rsa_md5_des,
1700 #ifdef DES3_OLD_ENCTYPE
1701 &checksum_rsa_md5_des3,
1702 #endif
1703 &checksum_sha1,
1704 &checksum_hmac_sha1_des3,
1705 &checksum_hmac_sha1_aes128,
1706 &checksum_hmac_sha1_aes256,
1707 &checksum_hmac_md5
1708 };
1709
1710 static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]);
1711
1712 static struct checksum_type *
1713 _find_checksum(krb5_cksumtype type)
1714 {
1715 int i;
1716 for(i = 0; i < num_checksums; i++)
1717 if(checksum_types[i]->type == type)
1718 return checksum_types[i];
1719 return NULL;
1720 }
1721
1722 static krb5_error_code
1723 get_checksum_key(krb5_context context,
1724 krb5_crypto crypto,
1725 unsigned usage, /* not krb5_key_usage */
1726 struct checksum_type *ct,
1727 struct key_data **key)
1728 {
1729 krb5_error_code ret = 0;
1730
1731 if(ct->flags & F_DERIVED)
1732 ret = _get_derived_key(context, crypto, usage, key);
1733 else if(ct->flags & F_VARIANT) {
1734 int i;
1735
1736 *key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */);
1737 if(*key == NULL) {
1738 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
1739 return ENOMEM;
1740 }
1741 ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key);
1742 if(ret)
1743 return ret;
1744 for(i = 0; i < (*key)->key->keyvalue.length; i++)
1745 ((unsigned char*)(*key)->key->keyvalue.data)[i] ^= 0xF0;
1746 } else {
1747 *key = &crypto->key;
1748 }
1749 if(ret == 0)
1750 ret = _key_schedule(context, *key);
1751 return ret;
1752 }
1753
1754 static krb5_error_code
1755 create_checksum (krb5_context context,
1756 struct checksum_type *ct,
1757 krb5_crypto crypto,
1758 unsigned usage,
1759 void *data,
1760 size_t len,
1761 Checksum *result)
1762 {
1763 krb5_error_code ret;
1764 struct key_data *dkey;
1765 int keyed_checksum;
1766
1767 if (ct->flags & F_DISABLED) {
1768 krb5_clear_error_string (context);
1769 return KRB5_PROG_SUMTYPE_NOSUPP;
1770 }
1771 keyed_checksum = (ct->flags & F_KEYED) != 0;
1772 if(keyed_checksum && crypto == NULL) {
1773 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
1774 "Checksum type %s is keyed "
1775 "but no crypto context (key) was passed in",
1776 ct->name);
1777 return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
1778 }
1779 if(keyed_checksum) {
1780 ret = get_checksum_key(context, crypto, usage, ct, &dkey);
1781 if (ret)
1782 return ret;
1783 } else
1784 dkey = NULL;
1785 result->cksumtype = ct->type;
1786 ret = krb5_data_alloc(&result->checksum, ct->checksumsize);
1787 if (ret)
1788 return (ret);
1789 return (*ct->checksum)(context, dkey, data, len, usage, result);
1790 }
1791
1792 static int
1793 arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
1794 {
1795 return (ct->type == CKSUMTYPE_HMAC_MD5) &&
1796 (crypto->key.key->keytype == KEYTYPE_ARCFOUR);
1797 }
1798
1799 krb5_error_code KRB5_LIB_FUNCTION
1800 krb5_create_checksum(krb5_context context,
1801 krb5_crypto crypto,
1802 krb5_key_usage usage,
1803 int type,
1804 void *data,
1805 size_t len,
1806 Checksum *result)
1807 {
1808 struct checksum_type *ct = NULL;
1809 unsigned keyusage;
1810
1811 /* type 0 -> pick from crypto */
1812 if (type) {
1813 ct = _find_checksum(type);
1814 } else if (crypto) {
1815 ct = crypto->et->keyed_checksum;
1816 if (ct == NULL)
1817 ct = crypto->et->checksum;
1818 }
1819
1820 if(ct == NULL) {
1821 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
1822 "checksum type %d not supported",
1823 type);
1824 return KRB5_PROG_SUMTYPE_NOSUPP;
1825 }
1826
1827 if (arcfour_checksum_p(ct, crypto)) {
1828 keyusage = usage;
1829 usage2arcfour(context, &keyusage);
1830 } else
1831 keyusage = CHECKSUM_USAGE(usage);
1832
1833 return create_checksum(context, ct, crypto, keyusage,
1834 data, len, result);
1835 }
1836
1837 static krb5_error_code
1838 verify_checksum(krb5_context context,
1839 krb5_crypto crypto,
1840 unsigned usage, /* not krb5_key_usage */
1841 void *data,
1842 size_t len,
1843 Checksum *cksum)
1844 {
1845 krb5_error_code ret;
1846 struct key_data *dkey;
1847 int keyed_checksum;
1848 Checksum c;
1849 struct checksum_type *ct;
1850
1851 ct = _find_checksum(cksum->cksumtype);
1852 if (ct == NULL || (ct->flags & F_DISABLED)) {
1853 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
1854 "checksum type %d not supported",
1855 cksum->cksumtype);
1856 return KRB5_PROG_SUMTYPE_NOSUPP;
1857 }
1858 if(ct->checksumsize != cksum->checksum.length) {
1859 krb5_clear_error_string (context);
1860 return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */
1861 }
1862 keyed_checksum = (ct->flags & F_KEYED) != 0;
1863 if(keyed_checksum && crypto == NULL) {
1864 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
1865 "Checksum type %s is keyed "
1866 "but no crypto context (key) was passed in",
1867 ct->name);
1868 return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
1869 }
1870 if(keyed_checksum) {
1871 ret = get_checksum_key(context, crypto, usage, ct, &dkey);
1872 if (ret)
1873 return ret;
1874 } else
1875 dkey = NULL;
1876 if(ct->verify)
1877 return (*ct->verify)(context, dkey, data, len, usage, cksum);
1878
1879 ret = krb5_data_alloc (&c.checksum, ct->checksumsize);
1880 if (ret)
1881 return ret;
1882
1883 ret = (*ct->checksum)(context, dkey, data, len, usage, &c);
1884 if (ret) {
1885 krb5_data_free(&c.checksum);
1886 return ret;
1887 }
1888
1889 if(c.checksum.length != cksum->checksum.length ||
1890 memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
1891 krb5_clear_error_string (context);
1892 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
1893 } else {
1894 ret = 0;
1895 }
1896 krb5_data_free (&c.checksum);
1897 return ret;
1898 }
1899
1900 krb5_error_code KRB5_LIB_FUNCTION
1901 krb5_verify_checksum(krb5_context context,
1902 krb5_crypto crypto,
1903 krb5_key_usage usage,
1904 void *data,
1905 size_t len,
1906 Checksum *cksum)
1907 {
1908 struct checksum_type *ct;
1909 unsigned keyusage;
1910
1911 ct = _find_checksum(cksum->cksumtype);
1912 if(ct == NULL) {
1913 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
1914 "checksum type %d not supported",
1915 cksum->cksumtype);
1916 return KRB5_PROG_SUMTYPE_NOSUPP;
1917 }
1918
1919 if (arcfour_checksum_p(ct, crypto)) {
1920 keyusage = usage;
1921 usage2arcfour(context, &keyusage);
1922 } else
1923 keyusage = CHECKSUM_USAGE(usage);
1924
1925 return verify_checksum(context, crypto, keyusage,
1926 data, len, cksum);
1927 }
1928
1929 krb5_error_code KRB5_LIB_FUNCTION
1930 krb5_crypto_get_checksum_type(krb5_context context,
1931 krb5_crypto crypto,
1932 krb5_cksumtype *type)
1933 {
1934 struct checksum_type *ct = NULL;
1935
1936 if (crypto != NULL) {
1937 ct = crypto->et->keyed_checksum;
1938 if (ct == NULL)
1939 ct = crypto->et->checksum;
1940 }
1941
1942 if (ct == NULL) {
1943 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
1944 "checksum type not found");
1945 return KRB5_PROG_SUMTYPE_NOSUPP;
1946 }
1947
1948 *type = ct->type;
1949
1950 return 0;
1951 }
1952
1953
1954 krb5_error_code KRB5_LIB_FUNCTION
1955 krb5_checksumsize(krb5_context context,
1956 krb5_cksumtype type,
1957 size_t *size)
1958 {
1959 struct checksum_type *ct = _find_checksum(type);
1960 if(ct == NULL) {
1961 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
1962 "checksum type %d not supported",
1963 type);
1964 return KRB5_PROG_SUMTYPE_NOSUPP;
1965 }
1966 *size = ct->checksumsize;
1967 return 0;
1968 }
1969
1970 krb5_boolean KRB5_LIB_FUNCTION
1971 krb5_checksum_is_keyed(krb5_context context,
1972 krb5_cksumtype type)
1973 {
1974 struct checksum_type *ct = _find_checksum(type);
1975 if(ct == NULL) {
1976 if (context)
1977 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
1978 "checksum type %d not supported",
1979 type);
1980 return KRB5_PROG_SUMTYPE_NOSUPP;
1981 }
1982 return ct->flags & F_KEYED;
1983 }
1984
1985 krb5_boolean KRB5_LIB_FUNCTION
1986 krb5_checksum_is_collision_proof(krb5_context context,
1987 krb5_cksumtype type)
1988 {
1989 struct checksum_type *ct = _find_checksum(type);
1990 if(ct == NULL) {
1991 if (context)
1992 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
1993 "checksum type %d not supported",
1994 type);
1995 return KRB5_PROG_SUMTYPE_NOSUPP;
1996 }
1997 return ct->flags & F_CPROOF;
1998 }
1999
2000 krb5_error_code KRB5_LIB_FUNCTION
2001 krb5_checksum_disable(krb5_context context,
2002 krb5_cksumtype type)
2003 {
2004 struct checksum_type *ct = _find_checksum(type);
2005 if(ct == NULL) {
2006 if (context)
2007 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
2008 "checksum type %d not supported",
2009 type);
2010 return KRB5_PROG_SUMTYPE_NOSUPP;
2011 }
2012 ct->flags |= F_DISABLED;
2013 return 0;
2014 }
2015
2016 /************************************************************
2017 * *
2018 ************************************************************/
2019
2020 static krb5_error_code
2021 NULL_encrypt(krb5_context context,
2022 struct key_data *key,
2023 void *data,
2024 size_t len,
2025 krb5_boolean encryptp,
2026 int usage,
2027 void *ivec)
2028 {
2029 return 0;
2030 }
2031
2032 static krb5_error_code
2033 evp_encrypt(krb5_context context,
2034 struct key_data *key,
2035 void *data,
2036 size_t len,
2037 krb5_boolean encryptp,
2038 int usage,
2039 void *ivec)
2040 {
2041 struct evp_schedule *ctx = key->schedule->data;
2042 EVP_CIPHER_CTX *c;
2043 c = encryptp ? &ctx->ectx : &ctx->dctx;
2044 if (ivec == NULL) {
2045 /* alloca ? */
2046 size_t len = EVP_CIPHER_CTX_iv_length(c);
2047 void *loiv = malloc(len);
2048 if (loiv == NULL) {
2049 krb5_clear_error_string(context);
2050 return ENOMEM;
2051 }
2052 memset(loiv, 0, len);
2053 EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1);
2054 free(loiv);
2055 } else
2056 EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1);
2057 EVP_Cipher(c, data, data, len);
2058 return 0;
2059 }
2060
2061 #ifdef WEAK_ENCTYPES
2062 static krb5_error_code
2063 evp_des_encrypt_null_ivec(krb5_context context,
2064 struct key_data *key,
2065 void *data,
2066 size_t len,
2067 krb5_boolean encryptp,
2068 int usage,
2069 void *ignore_ivec)
2070 {
2071 struct evp_schedule *ctx = key->schedule->data;
2072 EVP_CIPHER_CTX *c;
2073 DES_cblock ivec;
2074 memset(&ivec, 0, sizeof(ivec));
2075 c = encryptp ? &ctx->ectx : &ctx->dctx;
2076 EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1);
2077 EVP_Cipher(c, data, data, len);
2078 return 0;
2079 }
2080
2081 static krb5_error_code
2082 evp_des_encrypt_key_ivec(krb5_context context,
2083 struct key_data *key,
2084 void *data,
2085 size_t len,
2086 krb5_boolean encryptp,
2087 int usage,
2088 void *ignore_ivec)
2089 {
2090 struct evp_schedule *ctx = key->schedule->data;
2091 EVP_CIPHER_CTX *c;
2092 DES_cblock ivec;
2093 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
2094 c = encryptp ? &ctx->ectx : &ctx->dctx;
2095 EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1);
2096 EVP_Cipher(c, data, data, len);
2097 return 0;
2098 }
2099
2100 static krb5_error_code
2101 DES_CFB64_encrypt_null_ivec(krb5_context context,
2102 struct key_data *key,
2103 void *data,
2104 size_t len,
2105 krb5_boolean encryptp,
2106 int usage,
2107 void *ignore_ivec)
2108 {
2109 DES_cblock ivec;
2110 int num = 0;
2111 DES_key_schedule *s = key->schedule->data;
2112 memset(&ivec, 0, sizeof(ivec));
2113
2114 DES_cfb64_encrypt(data, data, len, s, &ivec, &num, encryptp);
2115 return 0;
2116 }
2117
2118 static krb5_error_code
2119 DES_PCBC_encrypt_key_ivec(krb5_context context,
2120 struct key_data *key,
2121 void *data,
2122 size_t len,
2123 krb5_boolean encryptp,
2124 int usage,
2125 void *ignore_ivec)
2126 {
2127 DES_cblock ivec;
2128 DES_key_schedule *s = key->schedule->data;
2129 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
2130
2131 DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp);
2132 return 0;
2133 }
2134 #endif
2135
2136 /*
2137 * section 6 of draft-brezak-win2k-krb-rc4-hmac-03
2138 *
2139 * warning: not for small children
2140 */
2141
2142 static krb5_error_code
2143 ARCFOUR_subencrypt(krb5_context context,
2144 struct key_data *key,
2145 void *data,
2146 size_t len,
2147 unsigned usage,
2148 void *ivec)
2149 {
2150 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
2151 Checksum k1_c, k2_c, k3_c, cksum;
2152 struct key_data ke;
2153 krb5_keyblock kb;
2154 unsigned char t[4];
2155 RC4_KEY rc4_key;
2156 unsigned char *cdata = data;
2157 unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
2158 krb5_error_code ret;
2159
2160 t[0] = (usage >> 0) & 0xFF;
2161 t[1] = (usage >> 8) & 0xFF;
2162 t[2] = (usage >> 16) & 0xFF;
2163 t[3] = (usage >> 24) & 0xFF;
2164
2165 k1_c.checksum.length = sizeof(k1_c_data);
2166 k1_c.checksum.data = k1_c_data;
2167
2168 ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
2169 if (ret)
2170 krb5_abortx(context, "hmac failed");
2171
2172 memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
2173
2174 k2_c.checksum.length = sizeof(k2_c_data);
2175 k2_c.checksum.data = k2_c_data;
2176
2177 ke.key = &kb;
2178 kb.keyvalue = k2_c.checksum;
2179
2180 cksum.checksum.length = 16;
2181 cksum.checksum.data = data;
2182
2183 ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
2184 if (ret)
2185 krb5_abortx(context, "hmac failed");
2186
2187 ke.key = &kb;
2188 kb.keyvalue = k1_c.checksum;
2189
2190 k3_c.checksum.length = sizeof(k3_c_data);
2191 k3_c.checksum.data = k3_c_data;
2192
2193 ret = hmac(NULL, c, data, 16, 0, &ke, &k3_c);
2194 if (ret)
2195 krb5_abortx(context, "hmac failed");
2196
2197 RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
2198 RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
2199 memset (k1_c_data, 0, sizeof(k1_c_data));
2200 memset (k2_c_data, 0, sizeof(k2_c_data));
2201 memset (k3_c_data, 0, sizeof(k3_c_data));
2202 return 0;
2203 }
2204
2205 static krb5_error_code
2206 ARCFOUR_subdecrypt(krb5_context context,
2207 struct key_data *key,
2208 void *data,
2209 size_t len,
2210 unsigned usage,
2211 void *ivec)
2212 {
2213 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
2214 Checksum k1_c, k2_c, k3_c, cksum;
2215 struct key_data ke;
2216 krb5_keyblock kb;
2217 unsigned char t[4];
2218 RC4_KEY rc4_key;
2219 unsigned char *cdata = data;
2220 unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
2221 unsigned char cksum_data[16];
2222 krb5_error_code ret;
2223
2224 t[0] = (usage >> 0) & 0xFF;
2225 t[1] = (usage >> 8) & 0xFF;
2226 t[2] = (usage >> 16) & 0xFF;
2227 t[3] = (usage >> 24) & 0xFF;
2228
2229 k1_c.checksum.length = sizeof(k1_c_data);
2230 k1_c.checksum.data = k1_c_data;
2231
2232 ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
2233 if (ret)
2234 krb5_abortx(context, "hmac failed");
2235
2236 memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
2237
2238 k2_c.checksum.length = sizeof(k2_c_data);
2239 k2_c.checksum.data = k2_c_data;
2240
2241 ke.key = &kb;
2242 kb.keyvalue = k1_c.checksum;
2243
2244 k3_c.checksum.length = sizeof(k3_c_data);
2245 k3_c.checksum.data = k3_c_data;
2246
2247 ret = hmac(NULL, c, cdata, 16, 0, &ke, &k3_c);
2248 if (ret)
2249 krb5_abortx(context, "hmac failed");
2250
2251 RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
2252 RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
2253
2254 ke.key = &kb;
2255 kb.keyvalue = k2_c.checksum;
2256
2257 cksum.checksum.length = 16;
2258 cksum.checksum.data = cksum_data;
2259
2260 ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
2261 if (ret)
2262 krb5_abortx(context, "hmac failed");
2263
2264 memset (k1_c_data, 0, sizeof(k1_c_data));
2265 memset (k2_c_data, 0, sizeof(k2_c_data));
2266 memset (k3_c_data, 0, sizeof(k3_c_data));
2267
2268 if (memcmp (cksum.checksum.data, data, 16) != 0) {
2269 krb5_clear_error_string (context);
2270 return KRB5KRB_AP_ERR_BAD_INTEGRITY;
2271 } else {
2272 return 0;
2273 }
2274 }
2275
2276 /*
2277 * convert the usage numbers used in
2278 * draft-ietf-cat-kerb-key-derivation-00.txt to the ones in
2279 * draft-brezak-win2k-krb-rc4-hmac-04.txt
2280 */
2281
2282 static krb5_error_code
2283 usage2arcfour (krb5_context context, unsigned *usage)
2284 {
2285 switch (*usage) {
2286 case KRB5_KU_AS_REP_ENC_PART : /* 3 */
2287 case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : /* 9 */
2288 *usage = 8;
2289 return 0;
2290 case KRB5_KU_USAGE_SEAL : /* 22 */
2291 *usage = 13;
2292 return 0;
2293 case KRB5_KU_USAGE_SIGN : /* 23 */
2294 *usage = 15;
2295 return 0;
2296 case KRB5_KU_USAGE_SEQ: /* 24 */
2297 *usage = 0;
2298 return 0;
2299 default :
2300 return 0;
2301 }
2302 }
2303
2304 static krb5_error_code
2305 ARCFOUR_encrypt(krb5_context context,
2306 struct key_data *key,
2307 void *data,
2308 size_t len,
2309 krb5_boolean encryptp,
2310 int usage,
2311 void *ivec)
2312 {
2313 krb5_error_code ret;
2314 unsigned keyusage = usage;
2315
2316 if((ret = usage2arcfour (context, &keyusage)) != 0)
2317 return ret;
2318
2319 if (encryptp)
2320 return ARCFOUR_subencrypt (context, key, data, len, keyusage, ivec);
2321 else
2322 return ARCFOUR_subdecrypt (context, key, data, len, keyusage, ivec);
2323 }
2324
2325
2326 /*
2327 *
2328 */
2329
2330 static krb5_error_code
2331 AES_PRF(krb5_context context,
2332 krb5_crypto crypto,
2333 const krb5_data *in,
2334 krb5_data *out)
2335 {
2336 struct checksum_type *ct = crypto->et->checksum;
2337 krb5_error_code ret;
2338 Checksum result;
2339 krb5_keyblock *derived;
2340
2341 result.cksumtype = ct->type;
2342 ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
2343 if (ret) {
2344 krb5_set_error_message(context, ret, "out memory");
2345 return ret;
2346 }
2347
2348 ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
2349 if (ret) {
2350 krb5_data_free(&result.checksum);
2351 return ret;
2352 }
2353
2354 if (result.checksum.length < crypto->et->blocksize)
2355 krb5_abortx(context, "internal prf error");
2356
2357 derived = NULL;
2358 ret = krb5_derive_key(context, crypto->key.key,
2359 crypto->et->type, "prf", 3, &derived);
2360 if (ret)
2361 krb5_abortx(context, "krb5_derive_key");
2362
2363 ret = krb5_data_alloc(out, crypto->et->blocksize);
2364 if (ret)
2365 krb5_abortx(context, "malloc failed");
2366
2367 {
2368 const EVP_CIPHER *c = (*crypto->et->keytype->evp)();
2369 EVP_CIPHER_CTX ctx;
2370 /* XXX blksz 1 for cts, so we can't use that */
2371 EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */
2372 EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1);
2373 EVP_Cipher(&ctx, out->data, result.checksum.data, 16);
2374 EVP_CIPHER_CTX_cleanup(&ctx);
2375 }
2376
2377 krb5_data_free(&result.checksum);
2378 krb5_free_keyblock(context, derived);
2379
2380 return ret;
2381 }
2382
2383 /*
2384 * these should currently be in reverse preference order.
2385 * (only relevant for !F_PSEUDO) */
2386
2387 static struct encryption_type enctype_null = {
2388 ETYPE_NULL,
2389 "null",
2390 1,
2391 1,
2392 0,
2393 &keytype_null,
2394 &checksum_none,
2395 NULL,
2396 F_DISABLED,
2397 NULL_encrypt,
2398 0,
2399 NULL
2400 };
2401 static struct encryption_type enctype_arcfour_hmac_md5 = {
2402 ETYPE_ARCFOUR_HMAC_MD5,
2403 "arcfour-hmac-md5",
2404 1,
2405 1,
2406 8,
2407 &keytype_arcfour,
2408 &checksum_hmac_md5,
2409 NULL,
2410 F_SPECIAL,
2411 ARCFOUR_encrypt,
2412 0,
2413 NULL
2414 };
2415 #ifdef DES3_OLD_ENCTYPE
2416 static struct encryption_type enctype_des3_cbc_md5 = {
2417 ETYPE_DES3_CBC_MD5,
2418 "des3-cbc-md5",
2419 8,
2420 8,
2421 8,
2422 &keytype_des3,
2423 &checksum_rsa_md5,
2424 &checksum_rsa_md5_des3,
2425 0,
2426 evp_encrypt,
2427 0,
2428 NULL
2429 };
2430 #endif
2431 static struct encryption_type enctype_des3_cbc_sha1 = {
2432 ETYPE_DES3_CBC_SHA1,
2433 "des3-cbc-sha1",
2434 8,
2435 8,
2436 8,
2437 &keytype_des3_derived,
2438 &checksum_sha1,
2439 &checksum_hmac_sha1_des3,
2440 F_DERIVED,
2441 evp_encrypt,
2442 0,
2443 NULL
2444 };
2445 #ifdef DES3_OLD_ENCTYPE
2446 static struct encryption_type enctype_old_des3_cbc_sha1 = {
2447 ETYPE_OLD_DES3_CBC_SHA1,
2448 "old-des3-cbc-sha1",
2449 8,
2450 8,
2451 8,
2452 &keytype_des3,
2453 &checksum_sha1,
2454 &checksum_hmac_sha1_des3,
2455 0,
2456 evp_encrypt,
2457 0,
2458 NULL
2459 };
2460 #endif
2461 static struct encryption_type enctype_aes128_cts_hmac_sha1 = {
2462 ETYPE_AES128_CTS_HMAC_SHA1_96,
2463 "aes128-cts-hmac-sha1-96",
2464 16,
2465 1,
2466 16,
2467 &keytype_aes128,
2468 &checksum_sha1,
2469 &checksum_hmac_sha1_aes128,
2470 F_DERIVED,
2471 evp_encrypt,
2472 16,
2473 AES_PRF
2474 };
2475 static struct encryption_type enctype_aes256_cts_hmac_sha1 = {
2476 ETYPE_AES256_CTS_HMAC_SHA1_96,
2477 "aes256-cts-hmac-sha1-96",
2478 16,
2479 1,
2480 16,
2481 &keytype_aes256,
2482 &checksum_sha1,
2483 &checksum_hmac_sha1_aes256,
2484 F_DERIVED,
2485 evp_encrypt,
2486 16,
2487 AES_PRF
2488 };
2489 static struct encryption_type enctype_des3_cbc_none = {
2490 ETYPE_DES3_CBC_NONE,
2491 "des3-cbc-none",
2492 8,
2493 8,
2494 0,
2495 &keytype_des3_derived,
2496 &checksum_none,
2497 NULL,
2498 F_PSEUDO,
2499 evp_encrypt,
2500 0,
2501 NULL
2502 };
2503 #ifdef WEAK_ENCTYPES
2504 static struct encryption_type enctype_des_cbc_crc = {
2505 ETYPE_DES_CBC_CRC,
2506 "des-cbc-crc",
2507 8,
2508 8,
2509 8,
2510 &keytype_des,
2511 &checksum_crc32,
2512 NULL,
2513 F_DISABLED,
2514 evp_des_encrypt_key_ivec,
2515 0,
2516 NULL
2517 };
2518 static struct encryption_type enctype_des_cbc_md4 = {
2519 ETYPE_DES_CBC_MD4,
2520 "des-cbc-md4",
2521 8,
2522 8,
2523 8,
2524 &keytype_des,
2525 &checksum_rsa_md4,
2526 &checksum_rsa_md4_des,
2527 F_DISABLED,
2528 evp_des_encrypt_null_ivec,
2529 0,
2530 NULL
2531 };
2532 static struct encryption_type enctype_des_cbc_md5 = {
2533 ETYPE_DES_CBC_MD5,
2534 "des-cbc-md5",
2535 8,
2536 8,
2537 8,
2538 &keytype_des,
2539 &checksum_rsa_md5,
2540 &checksum_rsa_md5_des,
2541 F_DISABLED,
2542 evp_des_encrypt_null_ivec,
2543 0,
2544 NULL
2545 };
2546 static struct encryption_type enctype_des_cbc_none = {
2547 ETYPE_DES_CBC_NONE,
2548 "des-cbc-none",
2549 8,
2550 8,
2551 0,
2552 &keytype_des,
2553 &checksum_none,
2554 NULL,
2555 F_PSEUDO|F_DISABLED,
2556 evp_des_encrypt_null_ivec,
2557 0,
2558 NULL
2559 };
2560 static struct encryption_type enctype_des_cfb64_none = {
2561 ETYPE_DES_CFB64_NONE,
2562 "des-cfb64-none",
2563 1,
2564 1,
2565 0,
2566 &keytype_des_old,
2567 &checksum_none,
2568 NULL,
2569 F_PSEUDO|F_DISABLED,
2570 DES_CFB64_encrypt_null_ivec,
2571 0,
2572 NULL
2573 };
2574 static struct encryption_type enctype_des_pcbc_none = {
2575 ETYPE_DES_PCBC_NONE,
2576 "des-pcbc-none",
2577 8,
2578 8,
2579 0,
2580 &keytype_des_old,
2581 &checksum_none,
2582 NULL,
2583 F_PSEUDO|F_DISABLED,
2584 DES_PCBC_encrypt_key_ivec,
2585 0,
2586 NULL
2587 };
2588 #endif /* WEAK_ENCTYPES */
2589
2590 static struct encryption_type *etypes[] = {
2591 &enctype_aes256_cts_hmac_sha1,
2592 &enctype_aes128_cts_hmac_sha1,
2593 &enctype_des3_cbc_sha1,
2594 &enctype_des3_cbc_none, /* used by the gss-api mech */
2595 &enctype_arcfour_hmac_md5,
2596 #ifdef DES3_OLD_ENCTYPE
2597 &enctype_des3_cbc_md5,
2598 &enctype_old_des3_cbc_sha1,
2599 #endif
2600 #ifdef WEAK_ENCTYPES
2601 &enctype_des_cbc_crc,
2602 &enctype_des_cbc_md4,
2603 &enctype_des_cbc_md5,
2604 &enctype_des_cbc_none,
2605 &enctype_des_cfb64_none,
2606 &enctype_des_pcbc_none,
2607 #endif
2608 &enctype_null
2609 };
2610
2611 static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]);
2612
2613
2614 static struct encryption_type *
2615 _find_enctype(krb5_enctype type)
2616 {
2617 int i;
2618 for(i = 0; i < num_etypes; i++)
2619 if(etypes[i]->type == type)
2620 return etypes[i];
2621 return NULL;
2622 }
2623
2624
2625 krb5_error_code KRB5_LIB_FUNCTION
2626 krb5_enctype_to_string(krb5_context context,
2627 krb5_enctype etype,
2628 char **string)
2629 {
2630 struct encryption_type *e;
2631 e = _find_enctype(etype);
2632 if(e == NULL) {
2633 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
2634 "encryption type %d not supported",
2635 etype);
2636 *string = NULL;
2637 return KRB5_PROG_ETYPE_NOSUPP;
2638 }
2639 *string = strdup(e->name);
2640 if(*string == NULL) {
2641 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
2642 return ENOMEM;
2643 }
2644 return 0;
2645 }
2646
2647 krb5_error_code KRB5_LIB_FUNCTION
2648 krb5_string_to_enctype(krb5_context context,
2649 const char *string,
2650 krb5_enctype *etype)
2651 {
2652 int i;
2653 for(i = 0; i < num_etypes; i++)
2654 if(strcasecmp(etypes[i]->name, string) == 0){
2655 *etype = etypes[i]->type;
2656 return 0;
2657 }
2658 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
2659 "encryption type %s not supported",
2660 string);
2661 return KRB5_PROG_ETYPE_NOSUPP;
2662 }
2663
2664 krb5_error_code KRB5_LIB_FUNCTION
2665 krb5_enctype_to_keytype(krb5_context context,
2666 krb5_enctype etype,
2667 krb5_keytype *keytype)
2668 {
2669 struct encryption_type *e = _find_enctype(etype);
2670 if(e == NULL) {
2671 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
2672 "encryption type %d not supported",
2673 etype);
2674 return KRB5_PROG_ETYPE_NOSUPP;
2675 }
2676 *keytype = e->keytype->type; /* XXX */
2677 return 0;
2678 }
2679
2680 krb5_error_code KRB5_LIB_FUNCTION
2681 krb5_keytype_to_enctypes (krb5_context context,
2682 krb5_keytype keytype,
2683 unsigned *len,
2684 krb5_enctype **val)
2685 {
2686 int i;
2687 unsigned n = 0;
2688 krb5_enctype *ret;
2689
2690 for (i = num_etypes - 1; i >= 0; --i) {
2691 if (etypes[i]->keytype->type == keytype
2692 && !(etypes[i]->flags & F_PSEUDO))
2693 ++n;
2694 }
2695 ret = malloc(n * sizeof(*ret));
2696 if (ret == NULL && n != 0) {
2697 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
2698 return ENOMEM;
2699 }
2700 n = 0;
2701 for (i = num_etypes - 1; i >= 0; --i) {
2702 if (etypes[i]->keytype->type == keytype
2703 && !(etypes[i]->flags & F_PSEUDO))
2704 ret[n++] = etypes[i]->type;
2705 }
2706 *len = n;
2707 *val = ret;
2708 return 0;
2709 }
2710
2711 krb5_error_code KRB5_LIB_FUNCTION
2712 krb5_enctype_valid(krb5_context context,
2713 krb5_enctype etype)
2714 {
2715 struct encryption_type *e = _find_enctype(etype);
2716 if(e == NULL) {
2717 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
2718 "encryption type %d not supported",
2719 etype);
2720 return KRB5_PROG_ETYPE_NOSUPP;
2721 }
2722 if (e->flags & F_DISABLED) {
2723 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
2724 "encryption type %s is disabled",
2725 e->name);
2726 return KRB5_PROG_ETYPE_NOSUPP;
2727 }
2728 return 0;
2729 }
2730
2731 krb5_error_code KRB5_LIB_FUNCTION
2732 krb5_cksumtype_valid(krb5_context context,
2733 krb5_cksumtype ctype)
2734 {
2735 struct checksum_type *c = _find_checksum(ctype);
2736 if (c == NULL) {
2737 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
2738 "checksum type %d not supported",
2739 ctype);
2740 return KRB5_PROG_SUMTYPE_NOSUPP;
2741 }
2742 if (c->flags & F_DISABLED) {
2743 krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
2744 "checksum type %s is disabled",
2745 c->name);
2746 return KRB5_PROG_SUMTYPE_NOSUPP;
2747 }
2748 return 0;
2749 }
2750
2751
2752 /* if two enctypes have compatible keys */
2753 krb5_boolean KRB5_LIB_FUNCTION
2754 krb5_enctypes_compatible_keys(krb5_context context,
2755 krb5_enctype etype1,
2756 krb5_enctype etype2)
2757 {
2758 struct encryption_type *e1 = _find_enctype(etype1);
2759 struct encryption_type *e2 = _find_enctype(etype2);
2760 return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype;
2761 }
2762
2763 static krb5_boolean
2764 derived_crypto(krb5_context context,
2765 krb5_crypto crypto)
2766 {
2767 return (crypto->et->flags & F_DERIVED) != 0;
2768 }
2769
2770 static krb5_boolean
2771 special_crypto(krb5_context context,
2772 krb5_crypto crypto)
2773 {
2774 return (crypto->et->flags & F_SPECIAL) != 0;
2775 }
2776
2777 #define CHECKSUMSIZE(C) ((C)->checksumsize)
2778 #define CHECKSUMTYPE(C) ((C)->type)
2779
2780 static krb5_error_code
2781 encrypt_internal_derived(krb5_context context,
2782 krb5_crypto crypto,
2783 unsigned usage,
2784 const void *data,
2785 size_t len,
2786 krb5_data *result,
2787 void *ivec)
2788 {
2789 size_t sz, block_sz, checksum_sz, total_sz;
2790 Checksum cksum;
2791 unsigned char *p, *q;
2792 krb5_error_code ret;
2793 struct key_data *dkey;
2794 const struct encryption_type *et = crypto->et;
2795
2796 checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
2797
2798 sz = et->confoundersize + len;
2799 block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
2800 total_sz = block_sz + checksum_sz;
2801 p = calloc(1, total_sz);
2802 if(p == NULL) {
2803 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
2804 return ENOMEM;
2805 }
2806
2807 q = p;
2808 krb5_generate_random_block(q, et->confoundersize); /* XXX */
2809 q += et->confoundersize;
2810 memcpy(q, data, len);
2811
2812 ret = create_checksum(context,
2813 et->keyed_checksum,
2814 crypto,
2815 INTEGRITY_USAGE(usage),
2816 p,
2817 block_sz,
2818 &cksum);
2819 if(ret == 0 && cksum.checksum.length != checksum_sz) {
2820 free_Checksum (&cksum);
2821 krb5_clear_error_string (context);
2822 ret = KRB5_CRYPTO_INTERNAL;
2823 }
2824 if(ret)
2825 goto fail;
2826 memcpy(p + block_sz, cksum.checksum.data, cksum.checksum.length);
2827 free_Checksum (&cksum);
2828 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
2829 if(ret)
2830 goto fail;
2831 ret = _key_schedule(context, dkey);
2832 if(ret)
2833 goto fail;
2834 ret = (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec);
2835 if (ret)
2836 goto fail;
2837 result->data = p;
2838 result->length = total_sz;
2839 return 0;
2840 fail:
2841 memset(p, 0, total_sz);
2842 free(p);
2843 return ret;
2844 }
2845
2846
2847 static krb5_error_code
2848 encrypt_internal(krb5_context context,
2849 krb5_crypto crypto,
2850 const void *data,
2851 size_t len,
2852 krb5_data *result,
2853 void *ivec)
2854 {
2855 size_t sz, block_sz, checksum_sz;
2856 Checksum cksum;
2857 unsigned char *p, *q;
2858 krb5_error_code ret;
2859 const struct encryption_type *et = crypto->et;
2860
2861 checksum_sz = CHECKSUMSIZE(et->checksum);
2862
2863 sz = et->confoundersize + checksum_sz + len;
2864 block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
2865 p = calloc(1, block_sz);
2866 if(p == NULL) {
2867 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
2868 return ENOMEM;
2869 }
2870
2871 q = p;
2872 krb5_generate_random_block(q, et->confoundersize); /* XXX */
2873 q += et->confoundersize;
2874 memset(q, 0, checksum_sz);
2875 q += checksum_sz;
2876 memcpy(q, data, len);
2877
2878 ret = create_checksum(context,
2879 et->checksum,
2880 crypto,
2881 0,
2882 p,
2883 block_sz,
2884 &cksum);
2885 if(ret == 0 && cksum.checksum.length != checksum_sz) {
2886 krb5_clear_error_string (context);
2887 free_Checksum(&cksum);
2888 ret = KRB5_CRYPTO_INTERNAL;
2889 }
2890 if(ret)
2891 goto fail;
2892 memcpy(p + et->confoundersize, cksum.checksum.data, cksum.checksum.length);
2893 free_Checksum(&cksum);
2894 ret = _key_schedule(context, &crypto->key);
2895 if(ret)
2896 goto fail;
2897 ret = (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec);
2898 if (ret) {
2899 memset(p, 0, block_sz);
2900 free(p);
2901 return ret;
2902 }
2903 result->data = p;
2904 result->length = block_sz;
2905 return 0;
2906 fail:
2907 memset(p, 0, block_sz);
2908 free(p);
2909 return ret;
2910 }
2911
2912 static krb5_error_code
2913 encrypt_internal_special(krb5_context context,
2914 krb5_crypto crypto,
2915 int usage,
2916 const void *data,
2917 size_t len,
2918 krb5_data *result,
2919 void *ivec)
2920 {
2921 struct encryption_type *et = crypto->et;
2922 size_t cksum_sz = CHECKSUMSIZE(et->checksum);
2923 size_t sz = len + cksum_sz + et->confoundersize;
2924 char *tmp, *p;
2925 krb5_error_code ret;
2926
2927 tmp = malloc (sz);
2928 if (tmp == NULL) {
2929 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
2930 return ENOMEM;
2931 }
2932 p = tmp;
2933 memset (p, 0, cksum_sz);
2934 p += cksum_sz;
2935 krb5_generate_random_block(p, et->confoundersize);
2936 p += et->confoundersize;
2937 memcpy (p, data, len);
2938 ret = (*et->encrypt)(context, &crypto->key, tmp, sz, TRUE, usage, ivec);
2939 if (ret) {
2940 memset(tmp, 0, sz);
2941 free(tmp);
2942 return ret;
2943 }
2944 result->data = tmp;
2945 result->length = sz;
2946 return 0;
2947 }
2948
2949 static krb5_error_code
2950 decrypt_internal_derived(krb5_context context,
2951 krb5_crypto crypto,
2952 unsigned usage,
2953 void *data,
2954 size_t len,
2955 krb5_data *result,
2956 void *ivec)
2957 {
2958 size_t checksum_sz;
2959 Checksum cksum;
2960 unsigned char *p;
2961 krb5_error_code ret;
2962 struct key_data *dkey;
2963 struct encryption_type *et = crypto->et;
2964 unsigned long l;
2965
2966 checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
2967 if (len < checksum_sz + et->confoundersize) {
2968 krb5_set_error_message(context, KRB5_BAD_MSIZE,
2969 "Encrypted data shorter then "
2970 "checksum + confunder");
2971 return KRB5_BAD_MSIZE;
2972 }
2973
2974 if (((len - checksum_sz) % et->padsize) != 0) {
2975 krb5_clear_error_string(context);
2976 return KRB5_BAD_MSIZE;
2977 }
2978
2979 p = malloc(len);
2980 if(len != 0 && p == NULL) {
2981 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
2982 return ENOMEM;
2983 }
2984 memcpy(p, data, len);
2985
2986 len -= checksum_sz;
2987
2988 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
2989 if(ret) {
2990 free(p);
2991 return ret;
2992 }
2993 ret = _key_schedule(context, dkey);
2994 if(ret) {
2995 free(p);
2996 return ret;
2997 }
2998 ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec);
2999 if (ret) {
3000 free(p);
3001 return ret;
3002 }
3003
3004 cksum.checksum.data = p + len;
3005 cksum.checksum.length = checksum_sz;
3006 cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum);
3007
3008 ret = verify_checksum(context,
3009 crypto,
3010 INTEGRITY_USAGE(usage),
3011 p,
3012 len,
3013 &cksum);
3014 if(ret) {
3015 free(p);
3016 return ret;
3017 }
3018 l = len - et->confoundersize;
3019 memmove(p, p + et->confoundersize, l);
3020 result->data = realloc(p, l);
3021 if(result->data == NULL && l != 0) {
3022 free(p);
3023 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
3024 return ENOMEM;
3025 }
3026 result->length = l;
3027 return 0;
3028 }
3029
3030 static krb5_error_code
3031 decrypt_internal(krb5_context context,
3032 krb5_crypto crypto,
3033 void *data,
3034 size_t len,
3035 krb5_data *result,
3036 void *ivec)
3037 {
3038 krb5_error_code ret;
3039 unsigned char *p;
3040 Checksum cksum;
3041 size_t checksum_sz, l;
3042 struct encryption_type *et = crypto->et;
3043
3044 if ((len % et->padsize) != 0) {
3045 krb5_clear_error_string(context);
3046 return KRB5_BAD_MSIZE;
3047 }
3048
3049 checksum_sz = CHECKSUMSIZE(et->checksum);
3050 p = malloc(len);
3051 if(len != 0 && p == NULL) {
3052 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
3053 return ENOMEM;
3054 }
3055 memcpy(p, data, len);
3056
3057 ret = _key_schedule(context, &crypto->key);
3058 if(ret) {
3059 free(p);
3060 return ret;
3061 }
3062 ret = (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec);
3063 if (ret) {
3064 free(p);
3065 return ret;
3066 }
3067 ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz);
3068 if(ret) {
3069 free(p);
3070 return ret;
3071 }
3072 memset(p + et->confoundersize, 0, checksum_sz);
3073 cksum.cksumtype = CHECKSUMTYPE(et->checksum);
3074 ret = verify_checksum(context, NULL, 0, p, len, &cksum);
3075 free_Checksum(&cksum);
3076 if(ret) {
3077 free(p);
3078 return ret;
3079 }
3080 l = len - et->confoundersize - checksum_sz;
3081 memmove(p, p + et->confoundersize + checksum_sz, l);
3082 result->data = realloc(p, l);
3083 if(result->data == NULL && l != 0) {
3084 free(p);
3085 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
3086 return ENOMEM;
3087 }
3088 result->length = l;
3089 return 0;
3090 }
3091
3092 static krb5_error_code
3093 decrypt_internal_special(krb5_context context,
3094 krb5_crypto crypto,
3095 int usage,
3096 void *data,
3097 size_t len,
3098 krb5_data *result,
3099 void *ivec)
3100 {
3101 struct encryption_type *et = crypto->et;
3102 size_t cksum_sz = CHECKSUMSIZE(et->checksum);
3103 size_t sz = len - cksum_sz - et->confoundersize;
3104 unsigned char *p;
3105 krb5_error_code ret;
3106
3107 if ((len % et->padsize) != 0) {
3108 krb5_clear_error_string(context);
3109 return KRB5_BAD_MSIZE;
3110 }
3111
3112 p = malloc (len);
3113 if (p == NULL) {
3114 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
3115 return ENOMEM;
3116 }
3117 memcpy(p, data, len);
3118
3119 ret = (*et->encrypt)(context, &crypto->key, p, len, FALSE, usage, ivec);
3120 if (ret) {
3121 free(p);
3122 return ret;
3123 }
3124
3125 memmove (p, p + cksum_sz + et->confoundersize, sz);
3126 result->data = realloc(p, sz);
3127 if(result->data == NULL && sz != 0) {
3128 free(p);
3129 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
3130 return ENOMEM;
3131 }
3132 result->length = sz;
3133 return 0;
3134 }
3135
3136 /**
3137 * Inline encrypt a kerberos message
3138 *
3139 * @param context Kerberos context
3140 * @param crypto Kerberos crypto context
3141 * @param usage Key usage for this buffer
3142 * @param data array of buffers to process
3143 * @param num_data length of array
3144 * @param ivec initial cbc/cts vector
3145 *
3146 * @return Return an error code or 0.
3147 * @ingroup krb5_crypto
3148 *
3149 * Kerberos encrypted data look like this:
3150 *
3151 * 1. KRB5_CRYPTO_TYPE_HEADER
3152 * 2. array KRB5_CRYPTO_TYPE_DATA and KRB5_CRYPTO_TYPE_SIGN_ONLY in
3153 * any order, however the receiver have to aware of the
3154 * order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and
3155 * trailers.
3156 * 3. KRB5_CRYPTO_TYPE_TRAILER
3157 */
3158
3159 static krb5_crypto_iov *
3160 find_iv(krb5_crypto_iov *data, int num_data, int type)
3161 {
3162 int i;
3163 for (i = 0; i < num_data; i++)
3164 if (data[i].flags == type)
3165 return &data[i];
3166 return NULL;
3167 }
3168
3169 krb5_error_code KRB5_LIB_FUNCTION
3170 krb5_encrypt_iov_ivec(krb5_context context,
3171 krb5_crypto crypto,
3172 unsigned usage,
3173 krb5_crypto_iov *data,
3174 size_t num_data,
3175 void *ivec)
3176 {
3177 size_t headersz, trailersz, len;
3178 size_t i, sz, block_sz, pad_sz;
3179 Checksum cksum;
3180 unsigned char *p, *q;
3181 krb5_error_code ret;
3182 struct key_data *dkey;
3183 const struct encryption_type *et = crypto->et;
3184 krb5_crypto_iov *tiv, *piv, *hiv;
3185
3186 if(!derived_crypto(context, crypto)) {
3187 krb5_clear_error_string(context);
3188 return KRB5_CRYPTO_INTERNAL;
3189 }
3190
3191 headersz = et->confoundersize;
3192 trailersz = CHECKSUMSIZE(et->keyed_checksum);
3193
3194 for (len = 0, i = 0; i < num_data; i++) {
3195 if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER &&
3196 data[i].flags == KRB5_CRYPTO_TYPE_DATA) {
3197 len += data[i].data.length;
3198 }
3199 }
3200
3201 sz = headersz + len;
3202 block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
3203
3204 pad_sz = block_sz - sz;
3205 trailersz += pad_sz;
3206
3207 /* header */
3208
3209 hiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
3210 if (hiv == NULL || hiv->data.length != headersz)
3211 return KRB5_BAD_MSIZE;
3212
3213 krb5_generate_random_block(hiv->data.data, hiv->data.length);
3214
3215 /* padding */
3216
3217 piv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
3218 /* its ok to have no TYPE_PADDING if there is no padding */
3219 if (piv == NULL && pad_sz != 0)
3220 return KRB5_BAD_MSIZE;
3221 if (piv) {
3222 if (piv->data.length < pad_sz)
3223 return KRB5_BAD_MSIZE;
3224 piv->data.length = pad_sz;
3225 }
3226
3227
3228 /* trailer */
3229
3230 tiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
3231 if (tiv == NULL || tiv->data.length != trailersz)
3232 return KRB5_BAD_MSIZE;
3233
3234
3235 /*
3236 * XXX replace with EVP_Sign? at least make create_checksum an iov
3237 * function.
3238 * XXX CTS EVP is broken, can't handle multi buffers :(
3239 */
3240
3241 len = hiv->data.length;
3242 for (i = 0; i < num_data; i++) {
3243 if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
3244 data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
3245 continue;
3246 len += data[i].data.length;
3247 }
3248
3249 p = q = malloc(len);
3250
3251 memcpy(q, hiv->data.data, hiv->data.length);
3252 q += hiv->data.length;
3253 for (i = 0; i < num_data; i++) {
3254 if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
3255 data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
3256 continue;
3257 memcpy(q, data[i].data.data, data[i].data.length);
3258 q += data[i].data.length;
3259 }
3260
3261 ret = create_checksum(context,
3262 et->keyed_checksum,
3263 crypto,
3264 INTEGRITY_USAGE(usage),
3265 p,
3266 len,
3267 &cksum);
3268 free(p);
3269 if(ret == 0 && cksum.checksum.length != trailersz) {
3270 free_Checksum (&cksum);
3271 krb5_clear_error_string (context);
3272 ret = KRB5_CRYPTO_INTERNAL;
3273 }
3274 if(ret)
3275 return ret;
3276
3277 /* save cksum at end */
3278 memcpy(tiv->data.data, cksum.checksum.data, cksum.checksum.length);
3279 free_Checksum (&cksum);
3280
3281 /* now encrypt data */
3282
3283 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
3284 if(ret)
3285 return ret;
3286 ret = _key_schedule(context, dkey);
3287 if(ret)
3288 return ret;
3289
3290 /* XXX replace with EVP_Cipher */
3291
3292 len = hiv->data.length;
3293 for (i = 0; i < num_data; i++) {
3294 if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
3295 data[i].flags != KRB5_CRYPTO_TYPE_PADDING)
3296 continue;
3297 len += data[i].data.length;
3298 }
3299
3300 p = q = malloc(len);
3301 if(p == NULL)
3302 return ENOMEM;
3303
3304 memcpy(q, hiv->data.data, hiv->data.length);
3305 q += hiv->data.length;
3306 for (i = 0; i < num_data; i++) {
3307 if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
3308 data[i].flags != KRB5_CRYPTO_TYPE_PADDING)
3309 continue;
3310 memcpy(q, data[i].data.data, data[i].data.length);
3311 q += data[i].data.length;
3312 }
3313
3314 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
3315 if(ret) {
3316 free(p);
3317 return ret;
3318 }
3319 ret = _key_schedule(context, dkey);
3320 if(ret) {
3321 free(p);
3322 return ret;
3323 }
3324
3325 ret = (*et->encrypt)(context, dkey, p, len, 1, usage, ivec);
3326 if (ret) {
3327 free(p);
3328 return ret;
3329 }
3330
3331 /* now copy data back to buffers */
3332 q = p;
3333 memcpy(hiv->data.data, q, hiv->data.length);
3334 q += hiv->data.length;
3335
3336 for (i = 0; i < num_data; i++) {
3337 if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
3338 data[i].flags != KRB5_CRYPTO_TYPE_PADDING)
3339 continue;
3340 memcpy(data[i].data.data, q, data[i].data.length);
3341 q += data[i].data.length;
3342 }
3343 free(p);
3344
3345 return ret;
3346 }
3347
3348 krb5_error_code KRB5_LIB_FUNCTION
3349 krb5_decrypt_iov_ivec(krb5_context context,
3350 krb5_crypto crypto,
3351 unsigned usage,
3352 krb5_crypto_iov *data,
3353 size_t num_data,
3354 void *ivec)
3355 {
3356 size_t headersz, trailersz, len;
3357 size_t i, sz, block_sz, pad_sz;
3358 Checksum cksum;
3359 unsigned char *p, *q;
3360 krb5_error_code ret;
3361 struct key_data *dkey;
3362 struct encryption_type *et = crypto->et;
3363 krb5_crypto_iov *tiv, *hiv;
3364
3365 if(!derived_crypto(context, crypto)) {
3366 krb5_clear_error_string(context);
3367 return KRB5_CRYPTO_INTERNAL;
3368 }
3369
3370 headersz = et->confoundersize;
3371 trailersz = CHECKSUMSIZE(et->keyed_checksum);
3372
3373 for (len = 0, i = 0; i < num_data; i++)
3374 if (data[i].flags == KRB5_CRYPTO_TYPE_DATA)
3375 len += data[i].data.length;
3376
3377 sz = headersz + len;
3378 block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
3379
3380 pad_sz = block_sz - sz;
3381 trailersz += pad_sz;
3382
3383 /* header */
3384
3385 hiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
3386 if (hiv == NULL || hiv->data.length < headersz)
3387 return KRB5_BAD_MSIZE;
3388 hiv->data.length = headersz;
3389
3390 /* trailer */
3391
3392 tiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
3393 if (tiv == NULL || tiv->data.length < trailersz)
3394 return KRB5_BAD_MSIZE;
3395 tiv->data.length = trailersz;
3396
3397 /* body */
3398
3399 /* XXX replace with EVP_Cipher */
3400
3401 for (len = 0, i = 0; i < num_data; i++) {
3402 if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER &&
3403 data[i].flags != KRB5_CRYPTO_TYPE_DATA)
3404 continue;
3405 len += data[i].data.length;
3406 }
3407
3408 p = q = malloc(len);
3409 if (p == NULL)
3410 return ENOMEM;
3411
3412 memcpy(q, hiv->data.data, hiv->data.length);
3413 q += hiv->data.length;
3414 for (i = 0; i < num_data; i++) {
3415 if (data[i].flags != KRB5_CRYPTO_TYPE_DATA)
3416 continue;
3417 memcpy(q, data[i].data.data, data[i].data.length);
3418 q += data[i].data.length;
3419 }
3420
3421 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
3422 if(ret) {
3423 free(p);
3424 return ret;
3425 }
3426 ret = _key_schedule(context, dkey);
3427 if(ret) {
3428 free(p);
3429 return ret;
3430 }
3431
3432 ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec);
3433 if (ret) {
3434 free(p);
3435 return ret;
3436 }
3437
3438 /* XXX now copy data back to buffers */
3439 q = p;
3440 memcpy(hiv->data.data, q, hiv->data.length);
3441 q += hiv->data.length;
3442 len -= hiv->data.length;
3443
3444 for (i = 0; i < num_data; i++) {
3445 if (data[i].flags != KRB5_CRYPTO_TYPE_DATA)
3446 continue;
3447 if (len < data[i].data.length)
3448 data[i].data.length = len;
3449 memcpy(data[i].data.data, q, data[i].data.length);
3450 q += data[i].data.length;
3451 len -= data[i].data.length;
3452 }
3453 free(p);
3454 if (len)
3455 krb5_abortx(context, "data still in the buffer");
3456
3457 len = hiv->data.length;
3458 for (i = 0; i < num_data; i++) {
3459 if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
3460 data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
3461 continue;
3462 len += data[i].data.length;
3463 }
3464
3465 p = q = malloc(len);
3466
3467 memcpy(q, hiv->data.data, hiv->data.length);
3468 q += hiv->data.length;
3469 for (i = 0; i < num_data; i++) {
3470 if (data[i].flags != KRB5_CRYPTO_TYPE_DATA &&
3471 data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY)
3472 continue;
3473 memcpy(q, data[i].data.data, data[i].data.length);
3474 q += data[i].data.length;
3475 }
3476
3477 cksum.checksum.data = tiv->data.data;
3478 cksum.checksum.length = tiv->data.length;
3479 cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum);
3480
3481 ret = verify_checksum(context,
3482 crypto,
3483 INTEGRITY_USAGE(usage),
3484 p,
3485 len,
3486 &cksum);
3487 free(p);
3488 if(ret)
3489 return ret;
3490
3491 return 0;
3492 }
3493
3494
3495 size_t KRB5_LIB_FUNCTION
3496 krb5_crypto_length(krb5_context context,
3497 krb5_crypto crypto,
3498 int type)
3499 {
3500 if (!derived_crypto(context, crypto))
3501 return (size_t)-1;
3502 switch(type) {
3503 case KRB5_CRYPTO_TYPE_EMPTY:
3504 return 0;
3505 case KRB5_CRYPTO_TYPE_HEADER:
3506 return crypto->et->blocksize;
3507 case KRB5_CRYPTO_TYPE_PADDING:
3508 if (crypto->et->padsize > 1)
3509 return crypto->et->padsize;
3510 return 0;
3511 case KRB5_CRYPTO_TYPE_TRAILER:
3512 return CHECKSUMSIZE(crypto->et->keyed_checksum);
3513 }
3514 return (size_t)-1;
3515 }
3516
3517 krb5_error_code KRB5_LIB_FUNCTION
3518 krb5_encrypt_ivec(krb5_context context,
3519 krb5_crypto crypto,
3520 unsigned usage,
3521 const void *data,
3522 size_t len,
3523 krb5_data *result,
3524 void *ivec)
3525 {
3526 if(derived_crypto(context, crypto))
3527 return encrypt_internal_derived(context, crypto, usage,
3528 data, len, result, ivec);
3529 else if (special_crypto(context, crypto))
3530 return encrypt_internal_special (context, crypto, usage,
3531 data, len, result, ivec);
3532 else
3533 return encrypt_internal(context, crypto, data, len, result, ivec);
3534 }
3535
3536 krb5_error_code KRB5_LIB_FUNCTION
3537 krb5_encrypt(krb5_context context,
3538 krb5_crypto crypto,
3539 unsigned usage,
3540 const void *data,
3541 size_t len,
3542 krb5_data *result)
3543 {
3544 return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
3545 }
3546
3547 krb5_error_code KRB5_LIB_FUNCTION
3548 krb5_encrypt_EncryptedData(krb5_context context,
3549 krb5_crypto crypto,
3550 unsigned usage,
3551 void *data,
3552 size_t len,
3553 int kvno,
3554 EncryptedData *result)
3555 {
3556 result->etype = CRYPTO_ETYPE(crypto);
3557 if(kvno){
3558 ALLOC(result->kvno, 1);
3559 *result->kvno = kvno;
3560 }else
3561 result->kvno = NULL;
3562 return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
3563 }
3564
3565 krb5_error_code KRB5_LIB_FUNCTION
3566 krb5_decrypt_ivec(krb5_context context,
3567 krb5_crypto crypto,
3568 unsigned usage,
3569 void *data,
3570 size_t len,
3571 krb5_data *result,
3572 void *ivec)
3573 {
3574 if(derived_crypto(context, crypto))
3575 return decrypt_internal_derived(context, crypto, usage,
3576 data, len, result, ivec);
3577 else if (special_crypto (context, crypto))
3578 return decrypt_internal_special(context, crypto, usage,
3579 data, len, result, ivec);
3580 else
3581 return decrypt_internal(context, crypto, data, len, result, ivec);
3582 }
3583
3584 krb5_error_code KRB5_LIB_FUNCTION
3585 krb5_decrypt(krb5_context context,
3586 krb5_crypto crypto,
3587 unsigned usage,
3588 void *data,
3589 size_t len,
3590 krb5_data *result)
3591 {
3592 return krb5_decrypt_ivec (context, crypto, usage, data, len, result,
3593 NULL);
3594 }
3595
3596 krb5_error_code KRB5_LIB_FUNCTION
3597 krb5_decrypt_EncryptedData(krb5_context context,
3598 krb5_crypto crypto,
3599 unsigned usage,
3600 const EncryptedData *e,
3601 krb5_data *result)
3602 {
3603 return krb5_decrypt(context, crypto, usage,
3604 e->cipher.data, e->cipher.length, result);
3605 }
3606
3607 /************************************************************
3608 * *
3609 ************************************************************/
3610
3611 #define ENTROPY_NEEDED 128
3612
3613 static int
3614 seed_something(void)
3615 {
3616 char buf[1024], seedfile[256];
3617
3618 /* If there is a seed file, load it. But such a file cannot be trusted,
3619 so use 0 for the entropy estimate */
3620 if (RAND_file_name(seedfile, sizeof(seedfile))) {
3621 int fd;
3622 fd = open(seedfile, O_RDONLY | O_BINARY | O_CLOEXEC);
3623 if (fd >= 0) {
3624 ssize_t ret;
3625 rk_cloexec(fd);
3626 ret = read(fd, buf, sizeof(buf));
3627 if (ret > 0)
3628 RAND_add(buf, ret, 0.0);
3629 close(fd);
3630 } else
3631 seedfile[0] = '\0';
3632 } else
3633 seedfile[0] = '\0';
3634
3635 /* Calling RAND_status() will try to use /dev/urandom if it exists so
3636 we do not have to deal with it. */
3637 if (RAND_status() != 1) {
3638 krb5_context context;
3639 const char *p;
3640
3641 /* Try using egd */
3642 if (!krb5_init_context(&context)) {
3643 p = krb5_config_get_string(context, NULL, "libdefaults",
3644 "egd_socket", NULL);
3645 if (p != NULL)
3646 RAND_egd_bytes(p, ENTROPY_NEEDED);
3647 krb5_free_context(context);
3648 }
3649 }
3650
3651 if (RAND_status() == 1) {
3652 /* Update the seed file */
3653 if (seedfile[0])
3654 RAND_write_file(seedfile);
3655
3656 return 0;
3657 } else
3658 return -1;
3659 }
3660
3661 void KRB5_LIB_FUNCTION
3662 krb5_generate_random_block(void *buf, size_t len)
3663 {
3664 static int rng_initialized = 0;
3665
3666 HEIMDAL_MUTEX_lock(&crypto_mutex);
3667 if (!rng_initialized) {
3668 if (seed_something())
3669 krb5_abortx(NULL, "Fatal: could not seed the "
3670 "random number generator");
3671
3672 rng_initialized = 1;
3673 }
3674 HEIMDAL_MUTEX_unlock(&crypto_mutex);
3675 if (RAND_bytes(buf, len) != 1)
3676 krb5_abortx(NULL, "Failed to generate random block");
3677 }
3678
3679 static void
3680 DES3_postproc(krb5_context context,
3681 unsigned char *k, size_t len, struct key_data *key)
3682 {
3683 DES3_random_to_key(context, key->key, k, len);
3684
3685 if (key->schedule) {
3686 krb5_free_data(context, key->schedule);
3687 key->schedule = NULL;
3688 }
3689 }
3690
3691 static krb5_error_code
3692 derive_key(krb5_context context,
3693 struct encryption_type *et,
3694 struct key_data *key,
3695 const void *constant,
3696 size_t len)
3697 {
3698 unsigned char *k;
3699 unsigned int nblocks = 0, i;
3700 krb5_error_code ret = 0;
3701 struct key_type *kt = et->keytype;
3702
3703 ret = _key_schedule(context, key);
3704 if(ret)
3705 return ret;
3706 if(et->blocksize * 8 < kt->bits || len != et->blocksize) {
3707 nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8);
3708 k = malloc(nblocks * et->blocksize);
3709 if(k == NULL) {
3710 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
3711 return ENOMEM;
3712 }
3713 ret = _krb5_n_fold(constant, len, k, et->blocksize);
3714 if (ret) {
3715 free(k);
3716 krb5_set_error_message(context, ret, "malloc: out of memory");
3717 return ret;
3718 }
3719 for(i = 0; i < nblocks; i++) {
3720 if(i > 0)
3721 memcpy(k + i * et->blocksize,
3722 k + (i - 1) * et->blocksize,
3723 et->blocksize);
3724 (*et->encrypt)(context, key, k + i * et->blocksize, et->blocksize,
3725 1, 0, NULL);
3726 }
3727 } else {
3728 /* this case is probably broken, but won't be run anyway */
3729 void *c = malloc(len);
3730 size_t res_len = (kt->bits + 7) / 8;
3731
3732 if(len != 0 && c == NULL) {
3733 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
3734 return ENOMEM;
3735 }
3736 memcpy(c, constant, len);
3737 (*et->encrypt)(context, key, c, len, 1, 0, NULL);
3738 k = malloc(res_len);
3739 if(res_len != 0 && k == NULL) {
3740 free(c);
3741 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
3742 return ENOMEM;
3743 }
3744 ret = _krb5_n_fold(c, len, k, res_len);
3745 if (ret) {
3746 free(k);
3747 krb5_set_error_message(context, ret, "malloc: out of memory");
3748 return ret;
3749 }
3750 free(c);
3751 }
3752
3753 /* XXX keytype dependent post-processing */
3754 switch(kt->type) {
3755 case KEYTYPE_DES3:
3756 DES3_postproc(context, k, nblocks * et->blocksize, key);
3757 break;
3758 case KEYTYPE_AES128:
3759 case KEYTYPE_AES256:
3760 memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length);
3761 break;
3762 default:
3763 ret = KRB5_CRYPTO_INTERNAL;
3764 krb5_set_error_message(context, ret,
3765 "derive_key() called with unknown keytype (%u)",
3766 kt->type);
3767 break;
3768 }
3769 if (key->schedule) {
3770 krb5_free_data(context, key->schedule);
3771 key->schedule = NULL;
3772 }
3773 memset(k, 0, nblocks * et->blocksize);
3774 free(k);
3775 return ret;
3776 }
3777
3778 static struct key_data *
3779 _new_derived_key(krb5_crypto crypto, unsigned usage)
3780 {
3781 struct key_usage *d = crypto->key_usage;
3782 d = realloc(d, (crypto->num_key_usage + 1) * sizeof(*d));
3783 if(d == NULL)
3784 return NULL;
3785 crypto->key_usage = d;
3786 d += crypto->num_key_usage++;
3787 memset(d, 0, sizeof(*d));
3788 d->usage = usage;
3789 return &d->key;
3790 }
3791
3792 krb5_error_code KRB5_LIB_FUNCTION
3793 krb5_derive_key(krb5_context context,
3794 const krb5_keyblock *key,
3795 krb5_enctype etype,
3796 const void *constant,
3797 size_t constant_len,
3798 krb5_keyblock **derived_key)
3799 {
3800 krb5_error_code ret;
3801 struct encryption_type *et;
3802 struct key_data d;
3803
3804 *derived_key = NULL;
3805
3806 et = _find_enctype (etype);
3807 if (et == NULL) {
3808 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
3809 "encryption type %d not supported",
3810 etype);
3811 return KRB5_PROG_ETYPE_NOSUPP;
3812 }
3813
3814 ret = krb5_copy_keyblock(context, key, &d.key);
3815 if (ret)
3816 return ret;
3817
3818 d.schedule = NULL;
3819 ret = derive_key(context, et, &d, constant, constant_len);
3820 if (ret == 0)
3821 ret = krb5_copy_keyblock(context, d.key, derived_key);
3822 free_key_data(context, &d, et);
3823 return ret;
3824 }
3825
3826 static krb5_error_code
3827 _get_derived_key(krb5_context context,
3828 krb5_crypto crypto,
3829 unsigned usage,
3830 struct key_data **key)
3831 {
3832 int i;
3833 struct key_data *d;
3834 unsigned char constant[5];
3835
3836 for(i = 0; i < crypto->num_key_usage; i++)
3837 if(crypto->key_usage[i].usage == usage) {
3838 *key = &crypto->key_usage[i].key;
3839 return 0;
3840 }
3841 d = _new_derived_key(crypto, usage);
3842 if(d == NULL) {
3843 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
3844 return ENOMEM;
3845 }
3846 krb5_copy_keyblock(context, crypto->key.key, &d->key);
3847 _krb5_put_int(constant, usage, 5);
3848 derive_key(context, crypto->et, d, constant, sizeof(constant));
3849 *key = d;
3850 return 0;
3851 }
3852
3853
3854 krb5_error_code KRB5_LIB_FUNCTION
3855 krb5_crypto_init(krb5_context context,
3856 const krb5_keyblock *key,
3857 krb5_enctype etype,
3858 krb5_crypto *crypto)
3859 {
3860 krb5_error_code ret;
3861 ALLOC(*crypto, 1);
3862 if(*crypto == NULL) {
3863 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
3864 return ENOMEM;
3865 }
3866 if(etype == ETYPE_NULL)
3867 etype = key->keytype;
3868 (*crypto)->et = _find_enctype(etype);
3869 if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) {
3870 free(*crypto);
3871 *crypto = NULL;
3872 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
3873 "encryption type %d not supported",
3874 etype);
3875 return KRB5_PROG_ETYPE_NOSUPP;
3876 }
3877 if((*crypto)->et->keytype->size != key->keyvalue.length) {
3878 free(*crypto);
3879 *crypto = NULL;
3880 krb5_set_error_message (context, KRB5_BAD_KEYSIZE,
3881 "encryption key has bad length");
3882 return KRB5_BAD_KEYSIZE;
3883 }
3884 ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key);
3885 if(ret) {
3886 free(*crypto);
3887 *crypto = NULL;
3888 return ret;
3889 }
3890 (*crypto)->key.schedule = NULL;
3891 (*crypto)->num_key_usage = 0;
3892 (*crypto)->key_usage = NULL;
3893 return 0;
3894 }
3895
3896 static void
3897 free_key_data(krb5_context context, struct key_data *key,
3898 struct encryption_type *et)
3899 {
3900 krb5_free_keyblock(context, key->key);
3901 if(key->schedule) {
3902 if (et->keytype->cleanup)
3903 (*et->keytype->cleanup)(context, key);
3904 memset(key->schedule->data, 0, key->schedule->length);
3905 krb5_free_data(context, key->schedule);
3906 }
3907 }
3908
3909 static void
3910 free_key_usage(krb5_context context, struct key_usage *ku,
3911 struct encryption_type *et)
3912 {
3913 free_key_data(context, &ku->key, et);
3914 }
3915
3916 krb5_error_code KRB5_LIB_FUNCTION
3917 krb5_crypto_destroy(krb5_context context,
3918 krb5_crypto crypto)
3919 {
3920 int i;
3921
3922 for(i = 0; i < crypto->num_key_usage; i++)
3923 free_key_usage(context, &crypto->key_usage[i], crypto->et);
3924 free(crypto->key_usage);
3925 free_key_data(context, &crypto->key, crypto->et);
3926 free (crypto);
3927 return 0;
3928 }
3929
3930 krb5_error_code KRB5_LIB_FUNCTION
3931 krb5_crypto_getblocksize(krb5_context context,
3932 krb5_crypto crypto,
3933 size_t *blocksize)
3934 {
3935 *blocksize = crypto->et->blocksize;
3936 return 0;
3937 }
3938
3939 krb5_error_code KRB5_LIB_FUNCTION
3940 krb5_crypto_getenctype(krb5_context context,
3941 krb5_crypto crypto,
3942 krb5_enctype *enctype)
3943 {
3944 *enctype = crypto->et->type;
3945 return 0;
3946 }
3947
3948 krb5_error_code KRB5_LIB_FUNCTION
3949 krb5_crypto_getpadsize(krb5_context context,
3950 krb5_crypto crypto,
3951 size_t *padsize)
3952 {
3953 *padsize = crypto->et->padsize;
3954 return 0;
3955 }
3956
3957 krb5_error_code KRB5_LIB_FUNCTION
3958 krb5_crypto_getconfoundersize(krb5_context context,
3959 krb5_crypto crypto,
3960 size_t *confoundersize)
3961 {
3962 *confoundersize = crypto->et->confoundersize;
3963 return 0;
3964 }
3965
3966
3967 /**
3968 * Disable encryption type
3969 *
3970 * @param context Kerberos 5 context
3971 * @param enctype encryption type to disable
3972 *
3973 * @return Return an error code or 0.
3974 *
3975 * @ingroup krb5_crypto
3976 */
3977
3978 krb5_error_code KRB5_LIB_FUNCTION
3979 krb5_enctype_disable(krb5_context context,
3980 krb5_enctype enctype)
3981 {
3982 struct encryption_type *et = _find_enctype(enctype);
3983 if(et == NULL) {
3984 if (context)
3985 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
3986 "encryption type %d not supported",
3987 enctype);
3988 return KRB5_PROG_ETYPE_NOSUPP;
3989 }
3990 et->flags |= F_DISABLED;
3991 return 0;
3992 }
3993
3994 /**
3995 * Enable encryption type
3996 *
3997 * @param context Kerberos 5 context
3998 * @param enctype encryption type to enable
3999 *
4000 * @return Return an error code or 0.
4001 *
4002 * @ingroup krb5_crypto
4003 */
4004
4005 krb5_error_code KRB5_LIB_FUNCTION
4006 krb5_enctype_enable(krb5_context context,
4007 krb5_enctype enctype)
4008 {
4009 struct encryption_type *et = _find_enctype(enctype);
4010 if(et == NULL) {
4011 if (context)
4012 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
4013 "encryption type %d not supported",
4014 enctype);
4015 return KRB5_PROG_ETYPE_NOSUPP;
4016 }
4017 et->flags &= ~F_DISABLED;
4018 return 0;
4019 }
4020
4021
4022 krb5_error_code KRB5_LIB_FUNCTION
4023 krb5_string_to_key_derived(krb5_context context,
4024 const void *str,
4025 size_t len,
4026 krb5_enctype etype,
4027 krb5_keyblock *key)
4028 {
4029 struct encryption_type *et = _find_enctype(etype);
4030 krb5_error_code ret;
4031 struct key_data kd;
4032 size_t keylen;
4033 u_char *tmp;
4034
4035 if(et == NULL) {
4036 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
4037 "encryption type %d not supported",
4038 etype);
4039 return KRB5_PROG_ETYPE_NOSUPP;
4040 }
4041 keylen = et->keytype->bits / 8;
4042
4043 ALLOC(kd.key, 1);
4044 if(kd.key == NULL) {
4045 krb5_set_error_message (context, ENOMEM,
4046 "malloc: out of memory");
4047 return ENOMEM;
4048 }
4049 ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
4050 if(ret) {
4051 free(kd.key);
4052 return ret;
4053 }
4054 kd.key->keytype = etype;
4055 tmp = malloc (keylen);
4056 if(tmp == NULL) {
4057 krb5_free_keyblock(context, kd.key);
4058 krb5_set_error_message (context, ENOMEM, "malloc: out of memory");
4059 return ENOMEM;
4060 }
4061 ret = _krb5_n_fold(str, len, tmp, keylen);
4062 if (ret) {
4063 free(tmp);
4064 krb5_set_error_message (context, ENOMEM, "malloc: out of memory");
4065 return ret;
4066 }
4067 kd.schedule = NULL;
4068 DES3_postproc (context, tmp, keylen, &kd); /* XXX */
4069 memset(tmp, 0, keylen);
4070 free(tmp);
4071 ret = derive_key(context,
4072 et,
4073 &kd,
4074 "kerberos", /* XXX well known constant */
4075 strlen("kerberos"));
4076 if (ret) {
4077 free_key_data(context, &kd, et);
4078 return ret;
4079 }
4080 ret = krb5_copy_keyblock_contents(context, kd.key, key);
4081 free_key_data(context, &kd, et);
4082 return ret;
4083 }
4084
4085 static size_t
4086 wrapped_length (krb5_context context,
4087 krb5_crypto crypto,
4088 size_t data_len)
4089 {
4090 struct encryption_type *et = crypto->et;
4091 size_t padsize = et->padsize;
4092 size_t checksumsize = CHECKSUMSIZE(et->checksum);
4093 size_t res;
4094
4095 res = et->confoundersize + checksumsize + data_len;
4096 res = (res + padsize - 1) / padsize * padsize;
4097 return res;
4098 }
4099
4100 static size_t
4101 wrapped_length_dervied (krb5_context context,
4102 krb5_crypto crypto,
4103 size_t data_len)
4104 {
4105 struct encryption_type *et = crypto->et;
4106 size_t padsize = et->padsize;
4107 size_t res;
4108
4109 res = et->confoundersize + data_len;
4110 res = (res + padsize - 1) / padsize * padsize;
4111 if (et->keyed_checksum)
4112 res += et->keyed_checksum->checksumsize;
4113 else
4114 res += et->checksum->checksumsize;
4115 return res;
4116 }
4117
4118 /*
4119 * Return the size of an encrypted packet of length `data_len'
4120 */
4121
4122 size_t
4123 krb5_get_wrapped_length (krb5_context context,
4124 krb5_crypto crypto,
4125 size_t data_len)
4126 {
4127 if (derived_crypto (context, crypto))
4128 return wrapped_length_dervied (context, crypto, data_len);
4129 else
4130 return wrapped_length (context, crypto, data_len);
4131 }
4132
4133 /*
4134 * Return the size of an encrypted packet of length `data_len'
4135 */
4136
4137 static size_t
4138 crypto_overhead (krb5_context context,
4139 krb5_crypto crypto)
4140 {
4141 struct encryption_type *et = crypto->et;
4142 size_t res;
4143
4144 res = CHECKSUMSIZE(et->checksum);
4145 res += et->confoundersize;
4146 if (et->padsize > 1)
4147 res += et->padsize;
4148 return res;
4149 }
4150
4151 static size_t
4152 crypto_overhead_dervied (krb5_context context,
4153 krb5_crypto crypto)
4154 {
4155 struct encryption_type *et = crypto->et;
4156 size_t res;
4157
4158 if (et->keyed_checksum)
4159 res = CHECKSUMSIZE(et->keyed_checksum);
4160 else
4161 res = CHECKSUMSIZE(et->checksum);
4162 res += et->confoundersize;
4163 if (et->padsize > 1)
4164 res += et->padsize;
4165 return res;
4166 }
4167
4168 size_t
4169 krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
4170 {
4171 if (derived_crypto (context, crypto))
4172 return crypto_overhead_dervied (context, crypto);
4173 else
4174 return crypto_overhead (context, crypto);
4175 }
4176
4177 krb5_error_code KRB5_LIB_FUNCTION
4178 krb5_random_to_key(krb5_context context,
4179 krb5_enctype type,
4180 const void *data,
4181 size_t size,
4182 krb5_keyblock *key)
4183 {
4184 krb5_error_code ret;
4185 struct encryption_type *et = _find_enctype(type);
4186 if(et == NULL) {
4187 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
4188 "encryption type %d not supported",
4189 type);
4190 return KRB5_PROG_ETYPE_NOSUPP;
4191 }
4192 if ((et->keytype->bits + 7) / 8 > size) {
4193 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
4194 "encryption key %s needs %d bytes "
4195 "of random to make an encryption key out of it",
4196 et->name, (int)et->keytype->size);
4197 return KRB5_PROG_ETYPE_NOSUPP;
4198 }
4199 ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
4200 if(ret)
4201 return ret;
4202 key->keytype = type;
4203 if (et->keytype->random_to_key)
4204 (*et->keytype->random_to_key)(context, key, data, size);
4205 else
4206 memcpy(key->keyvalue.data, data, et->keytype->size);
4207
4208 return 0;
4209 }
4210
4211 krb5_error_code
4212 _krb5_pk_octetstring2key(krb5_context context,
4213 krb5_enctype type,
4214 const void *dhdata,
4215 size_t dhsize,
4216 const heim_octet_string *c_n,
4217 const heim_octet_string *k_n,
4218 krb5_keyblock *key)
4219 {
4220 struct encryption_type *et = _find_enctype(type);
4221 krb5_error_code ret;
4222 size_t keylen, offset;
4223 void *keydata;
4224 unsigned char counter;
4225 unsigned char shaoutput[20];
4226
4227 if(et == NULL) {
4228 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
4229 "encryption type %d not supported",
4230 type);
4231 return KRB5_PROG_ETYPE_NOSUPP;
4232 }
4233 keylen = (et->keytype->bits + 7) / 8;
4234
4235 keydata = malloc(keylen);
4236 if (keydata == NULL) {
4237 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
4238 return ENOMEM;
4239 }
4240
4241 counter = 0;
4242 offset = 0;
4243 do {
4244 SHA_CTX m;
4245
4246 SHA1_Init(&m);
4247 SHA1_Update(&m, &counter, 1);
4248 SHA1_Update(&m, dhdata, dhsize);
4249 if (c_n)
4250 SHA1_Update(&m, c_n->data, c_n->length);
4251 if (k_n)
4252 SHA1_Update(&m, k_n->data, k_n->length);
4253 SHA1_Final(shaoutput, &m);
4254
4255 memcpy((unsigned char *)keydata + offset,
4256 shaoutput,
4257 min(keylen - offset, sizeof(shaoutput)));
4258
4259 offset += sizeof(shaoutput);
4260 counter++;
4261 } while(offset < keylen);
4262 memset(shaoutput, 0, sizeof(shaoutput));
4263
4264 ret = krb5_random_to_key(context, type, keydata, keylen, key);
4265 memset(keydata, 0, sizeof(keylen));
4266 free(keydata);
4267 return ret;
4268 }
4269
4270 static krb5_error_code
4271 encode_uvinfo(krb5_context context, krb5_const_principal p, krb5_data *data)
4272 {
4273 KRB5PrincipalName pn;
4274 krb5_error_code ret;
4275 size_t size;
4276
4277 pn.principalName = p->name;
4278 pn.realm = p->realm;
4279
4280 ASN1_MALLOC_ENCODE(KRB5PrincipalName, data->data, data->length,
4281 &pn, &size, ret);
4282 if (ret) {
4283 krb5_data_zero(data);
4284 krb5_set_error_message(context, ret,
4285 "Failed to encode KRB5PrincipalName");
4286 return ret;
4287 }
4288 if (data->length != size)
4289 krb5_abortx(context, "asn1 compiler internal error");
4290 return 0;
4291 }
4292
4293 static krb5_error_code
4294 encode_otherinfo(krb5_context context,
4295 const AlgorithmIdentifier *ai,
4296 krb5_const_principal client,
4297 krb5_const_principal server,
4298 krb5_enctype enctype,
4299 const krb5_data *as_req,
4300 const krb5_data *pk_as_rep,
4301 const Ticket *ticket,
4302 krb5_data *other)
4303 {
4304 PkinitSP80056AOtherInfo otherinfo;
4305 PkinitSuppPubInfo pubinfo;
4306 krb5_error_code ret;
4307 krb5_data pub;
4308 size_t size;
4309
4310 krb5_data_zero(other);
4311 memset(&otherinfo, 0, sizeof(otherinfo));
4312 memset(&pubinfo, 0, sizeof(pubinfo));
4313
4314 pubinfo.enctype = enctype;
4315 pubinfo.as_REQ = *as_req;
4316 pubinfo.pk_as_rep = *pk_as_rep;
4317 pubinfo.ticket = *ticket;
4318 ASN1_MALLOC_ENCODE(PkinitSuppPubInfo, pub.data, pub.length,
4319 &pubinfo, &size, ret);
4320 if (ret) {
4321 krb5_set_error_message(context, ret, "out of memory");
4322 return ret;
4323 }
4324 if (pub.length != size)
4325 krb5_abortx(context, "asn1 compiler internal error");
4326
4327 ret = encode_uvinfo(context, client, &otherinfo.partyUInfo);
4328 if (ret) {
4329 free(pub.data);
4330 return ret;
4331 }
4332 ret = encode_uvinfo(context, server, &otherinfo.partyVInfo);
4333 if (ret) {
4334 free(otherinfo.partyUInfo.data);
4335 free(pub.data);
4336 return ret;
4337 }
4338
4339 otherinfo.algorithmID = *ai;
4340 otherinfo.suppPubInfo = &pub;
4341
4342 ASN1_MALLOC_ENCODE(PkinitSP80056AOtherInfo, other->data, other->length,
4343 &otherinfo, &size, ret);
4344 free(otherinfo.partyUInfo.data);
4345 free(otherinfo.partyVInfo.data);
4346 free(pub.data);
4347 if (ret) {
4348 krb5_set_error_message(context, ret, "out of memory");
4349 return ret;
4350 }
4351 if (other->length != size)
4352 krb5_abortx(context, "asn1 compiler internal error");
4353
4354 return 0;
4355 }
4356
4357 krb5_error_code
4358 _krb5_pk_kdf(krb5_context context,
4359 const struct AlgorithmIdentifier *ai,
4360 const void *dhdata,
4361 size_t dhsize,
4362 krb5_const_principal client,
4363 krb5_const_principal server,
4364 krb5_enctype enctype,
4365 const krb5_data *as_req,
4366 const krb5_data *pk_as_rep,
4367 const Ticket *ticket,
4368 krb5_keyblock *key)
4369 {
4370 struct encryption_type *et;
4371 krb5_error_code ret;
4372 krb5_data other;
4373 size_t keylen, offset;
4374 uint32_t counter;
4375 unsigned char *keydata;
4376 unsigned char shaoutput[20];
4377
4378 if (der_heim_oid_cmp(oid_id_pkinit_kdf_ah_sha1(), &ai->algorithm) != 0) {
4379 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
4380 "kdf not supported");
4381 return KRB5_PROG_ETYPE_NOSUPP;
4382 }
4383 if (ai->parameters != NULL &&
4384 (ai->parameters->length != 2 ||
4385 memcmp(ai->parameters->data, "\x05\x00", 2) != 0))
4386 {
4387 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
4388 "kdf params not NULL or the NULL-type");
4389 return KRB5_PROG_ETYPE_NOSUPP;
4390 }
4391
4392 et = _find_enctype(enctype);
4393 if(et == NULL) {
4394 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
4395 "encryption type %d not supported",
4396 enctype);
4397 return KRB5_PROG_ETYPE_NOSUPP;
4398 }
4399 keylen = (et->keytype->bits + 7) / 8;
4400
4401 keydata = malloc(keylen);
4402 if (keydata == NULL) {
4403 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
4404 return ENOMEM;
4405 }
4406
4407 ret = encode_otherinfo(context, ai, client, server,
4408 enctype, as_req, pk_as_rep, ticket, &other);
4409 if (ret) {
4410 free(keydata);
4411 return ret;
4412 }
4413
4414 offset = 0;
4415 counter = 1;
4416 do {
4417 unsigned char cdata[4];
4418 SHA_CTX m;
4419
4420 SHA1_Init(&m);
4421 _krb5_put_int(cdata, counter, 4);
4422 SHA1_Update(&m, cdata, 4);
4423 SHA1_Update(&m, dhdata, dhsize);
4424 SHA1_Update(&m, other.data, other.length);
4425 SHA1_Final(shaoutput, &m);
4426
4427 memcpy((unsigned char *)keydata + offset,
4428 shaoutput,
4429 min(keylen - offset, sizeof(shaoutput)));
4430
4431 offset += sizeof(shaoutput);
4432 counter++;
4433 } while(offset < keylen);
4434 memset(shaoutput, 0, sizeof(shaoutput));
4435
4436 free(other.data);
4437
4438 ret = krb5_random_to_key(context, enctype, keydata, keylen, key);
4439 memset(keydata, 0, sizeof(keylen));
4440 free(keydata);
4441
4442 return ret;
4443 }
4444
4445
4446 krb5_error_code KRB5_LIB_FUNCTION
4447 krb5_crypto_prf_length(krb5_context context,
4448 krb5_enctype type,
4449 size_t *length)
4450 {
4451 struct encryption_type *et = _find_enctype(type);
4452
4453 if(et == NULL || et->prf_length == 0) {
4454 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
4455 "encryption type %d not supported",
4456 type);
4457 return KRB5_PROG_ETYPE_NOSUPP;
4458 }
4459
4460 *length = et->prf_length;
4461 return 0;
4462 }
4463
4464 krb5_error_code KRB5_LIB_FUNCTION
4465 krb5_crypto_prf(krb5_context context,
4466 const krb5_crypto crypto,
4467 const krb5_data *input,
4468 krb5_data *output)
4469 {
4470 struct encryption_type *et = crypto->et;
4471
4472 krb5_data_zero(output);
4473
4474 if(et->prf == NULL) {
4475 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
4476 "kerberos prf for %s not supported",
4477 et->name);
4478 return KRB5_PROG_ETYPE_NOSUPP;
4479 }
4480
4481 return (*et->prf)(context, crypto, input, output);
4482 }
4483
4484 #ifndef HEIMDAL_SMALLER
4485
4486 /*
4487 * First take the configured list of etypes for `keytype' if available,
4488 * else, do `krb5_keytype_to_enctypes'.
4489 */
4490
4491 krb5_error_code KRB5_LIB_FUNCTION
4492 krb5_keytype_to_enctypes_default (krb5_context context,
4493 krb5_keytype keytype,
4494 unsigned *len,
4495 krb5_enctype **val)
4496 __attribute__((deprecated))
4497 {
4498 unsigned int i, n;
4499 krb5_enctype *ret;
4500
4501 if (keytype != KEYTYPE_DES || context->etypes_des == NULL)
4502 return krb5_keytype_to_enctypes (context, keytype, len, val);
4503
4504 for (n = 0; context->etypes_des[n]; ++n)
4505 ;
4506 ret = malloc (n * sizeof(*ret));
4507 if (ret == NULL && n != 0) {
4508 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
4509 return ENOMEM;
4510 }
4511 for (i = 0; i < n; ++i)
4512 ret[i] = context->etypes_des[i];
4513 *len = n;
4514 *val = ret;
4515 return 0;
4516 }
4517
4518 krb5_error_code KRB5_LIB_FUNCTION
4519 krb5_keytype_to_string(krb5_context context,
4520 krb5_keytype keytype,
4521 char **string)
4522 __attribute__((deprecated))
4523 {
4524 struct key_type *kt = _find_keytype(keytype);
4525 if(kt == NULL) {
4526 krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP,
4527 "key type %d not supported", keytype);
4528 return KRB5_PROG_KEYTYPE_NOSUPP;
4529 }
4530 *string = strdup(kt->name);
4531 if(*string == NULL) {
4532 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
4533 return ENOMEM;
4534 }
4535 return 0;
4536 }
4537
4538
4539 krb5_error_code KRB5_LIB_FUNCTION
4540 krb5_string_to_keytype(krb5_context context,
4541 const char *string,
4542 krb5_keytype *keytype)
4543 __attribute__((deprecated))
4544 {
4545 char *end;
4546 int i;
4547
4548 for(i = 0; i < num_keytypes; i++)
4549 if(strcasecmp(keytypes[i]->name, string) == 0){
4550 *keytype = keytypes[i]->type;
4551 return 0;
4552 }
4553
4554 /* check if the enctype is a number */
4555 *keytype = strtol(string, &end, 0);
4556 if(*end == '\0' && *keytype != 0) {
4557 if (krb5_enctype_valid(context, *keytype) == 0)
4558 return 0;
4559 }
4560
4561 krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP,
4562 "key type %s not supported", string);
4563 return KRB5_PROG_KEYTYPE_NOSUPP;
4564 }
4565 #endif
Proof-of-concept samba4 based caching proxy