lib/krb5/salt-des3.c

   1 /*
   2  * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "krb5_locl.h"
  35
  36 #ifdef DES3_OLD_ENCTYPE
  37 static krb5_error_code
  38 DES3_string_to_key(krb5_context context,
  39                    krb5_enctype enctype,
  40                    krb5_data password,
  41                    krb5_salt salt,
  42                    krb5_data opaque,
  43                    krb5_keyblock *key)
  44 {
  45     char *str;
  46     size_t len;
  47     unsigned char tmp[24];
  48     DES_cblock keys[3];
  49     krb5_error_code ret;
  50
  51     len = password.length + salt.saltvalue.length;
  52     str = malloc(len);
  53     if (len != 0 && str == NULL)
  54         return krb5_enomem(context);
  55     memcpy(str, password.data, password.length);
  56     memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length);
  57     {
  58         DES_cblock ivec;
  59         DES_key_schedule s[3];
  60         int i;
  61
  62         ret = _krb5_n_fold(str, len, tmp, 24);
  63         if (ret) {
  64             memset(str, 0, len);
  65             free(str);
  66             krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
  67             return ret;
  68         }
  69
  70         for(i = 0; i < 3; i++){
  71             memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
  72             DES_set_odd_parity(keys + i);
  73             if(DES_is_weak_key(keys + i))
  74                 _krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
  75             DES_set_key_unchecked(keys + i, &s[i]);
  76         }
  77         memset(&ivec, 0, sizeof(ivec));
  78         DES_ede3_cbc_encrypt(tmp,
  79                              tmp, sizeof(tmp),
  80                              &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT);
  81         memset(s, 0, sizeof(s));
  82         memset(&ivec, 0, sizeof(ivec));
  83         for(i = 0; i < 3; i++){
  84             memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
  85             DES_set_odd_parity(keys + i);
  86             if(DES_is_weak_key(keys + i))
  87                 _krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
  88         }
  89         memset(tmp, 0, sizeof(tmp));
  90     }
  91     key->keytype = enctype;
  92     krb5_data_copy(&key->keyvalue, keys, sizeof(keys));
  93     memset(keys, 0, sizeof(keys));
  94     memset(str, 0, len);
  95     free(str);
  96     return 0;
  97 }
  98 #endif
  99
 100 static krb5_error_code
 101 DES3_string_to_key_derived(krb5_context context,
 102                            krb5_enctype enctype,
 103                            krb5_data password,
 104                            krb5_salt salt,
 105                            krb5_data opaque,
 106                            krb5_keyblock *key)
 107 {
 108     krb5_error_code ret;
 109     size_t len = password.length + salt.saltvalue.length;
 110     char *s;
 111
 112     s = malloc(len);
 113     if (len != 0 && s == NULL)
 114         return krb5_enomem(context);
 115     memcpy(s, password.data, password.length);
 116     memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
 117     ret = krb5_string_to_key_derived(context,
 118                                      s,
 119                                      len,
 120                                      enctype,
 121                                      key);
 122     memset(s, 0, len);
 123     free(s);
 124     return ret;
 125 }
 126
 127
 128 #ifdef DES3_OLD_ENCTYPE
 129 struct salt_type _krb5_des3_salt[] = {
 130     {
 131         KRB5_PW_SALT,
 132         "pw-salt",
 133         DES3_string_to_key
 134     },
 135     { 0, NULL, NULL }
 136 };
 137 #endif
 138
 139 struct salt_type _krb5_des3_salt_derived[] = {
 140     {
 141         KRB5_PW_SALT,
 142         "pw-salt",
 143         DES3_string_to_key_derived
 144     },
 145     { 0, NULL, NULL }
 146 };