search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #104 from jelmer/kadmin-ktutil-to-usr-bin
[heimdal.git] / lib / krb5 / crypto-des.c
bloba4430771d4e596c474eb8d95017f6ff2b728c5bf
1 /*
2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 #ifdef HEIM_WEAK_CRYPTO
37
38
39 static void
40 krb5_DES_random_key(krb5_context context,
41 krb5_keyblock *key)
42 {
43 DES_cblock *k = key->keyvalue.data;
44 do {
45 krb5_generate_random_block(k, sizeof(DES_cblock));
46 DES_set_odd_parity(k);
47 } while(DES_is_weak_key(k));
48 }
49
50 static void
51 krb5_DES_schedule_old(krb5_context context,
52 struct _krb5_key_type *kt,
53 struct _krb5_key_data *key)
54 {
55 DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data);
56 }
57
58 static void
59 krb5_DES_random_to_key(krb5_context context,
60 krb5_keyblock *key,
61 const void *data,
62 size_t size)
63 {
64 DES_cblock *k = key->keyvalue.data;
65 memcpy(k, data, key->keyvalue.length);
66 DES_set_odd_parity(k);
67 if(DES_is_weak_key(k))
68 _krb5_xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
69 }
70
71 static struct _krb5_key_type keytype_des_old = {
72 ETYPE_DES_CBC_CRC,
73 "des-old",
74 56,
75 8,
76 sizeof(DES_key_schedule),
77 krb5_DES_random_key,
78 krb5_DES_schedule_old,
79 _krb5_des_salt,
80 krb5_DES_random_to_key,
81 NULL,
82 NULL
83 };
84
85 static struct _krb5_key_type keytype_des = {
86 ETYPE_DES_CBC_CRC,
87 "des",
88 56,
89 8,
90 sizeof(struct _krb5_evp_schedule),
91 krb5_DES_random_key,
92 _krb5_evp_schedule,
93 _krb5_des_salt,
94 krb5_DES_random_to_key,
95 _krb5_evp_cleanup,
96 EVP_des_cbc
97 };
98
99 static krb5_error_code
100 CRC32_checksum(krb5_context context,
101 struct _krb5_key_data *key,
102 const void *data,
103 size_t len,
104 unsigned usage,
105 Checksum *C)
106 {
107 uint32_t crc;
108 unsigned char *r = C->checksum.data;
109 _krb5_crc_init_table ();
110 crc = _krb5_crc_update (data, len, 0);
111 r[0] = crc & 0xff;
112 r[1] = (crc >> 8) & 0xff;
113 r[2] = (crc >> 16) & 0xff;
114 r[3] = (crc >> 24) & 0xff;
115 return 0;
116 }
117
118 static krb5_error_code
119 RSA_MD4_checksum(krb5_context context,
120 struct _krb5_key_data *key,
121 const void *data,
122 size_t len,
123 unsigned usage,
124 Checksum *C)
125 {
126 if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md4(), NULL) != 1)
127 krb5_abortx(context, "md4 checksum failed");
128 return 0;
129 }
130
131 static krb5_error_code
132 RSA_MD4_DES_checksum(krb5_context context,
133 struct _krb5_key_data *key,
134 const void *data,
135 size_t len,
136 unsigned usage,
137 Checksum *cksum)
138 {
139 return _krb5_des_checksum(context, EVP_md4(), key, data, len, cksum);
140 }
141
142 static krb5_error_code
143 RSA_MD4_DES_verify(krb5_context context,
144 struct _krb5_key_data *key,
145 const void *data,
146 size_t len,
147 unsigned usage,
148 Checksum *C)
149 {
150 return _krb5_des_verify(context, EVP_md4(), key, data, len, C);
151 }
152
153 static krb5_error_code
154 RSA_MD5_DES_checksum(krb5_context context,
155 struct _krb5_key_data *key,
156 const void *data,
157 size_t len,
158 unsigned usage,
159 Checksum *C)
160 {
161 return _krb5_des_checksum(context, EVP_md5(), key, data, len, C);
162 }
163
164 static krb5_error_code
165 RSA_MD5_DES_verify(krb5_context context,
166 struct _krb5_key_data *key,
167 const void *data,
168 size_t len,
169 unsigned usage,
170 Checksum *C)
171 {
172 return _krb5_des_verify(context, EVP_md5(), key, data, len, C);
173 }
174
175 struct _krb5_checksum_type _krb5_checksum_crc32 = {
176 CKSUMTYPE_CRC32,
177 "crc32",
178 1,
179 4,
180 0,
181 CRC32_checksum,
182 NULL
183 };
184
185 struct _krb5_checksum_type _krb5_checksum_rsa_md4 = {
186 CKSUMTYPE_RSA_MD4,
187 "rsa-md4",
188 64,
189 16,
190 F_CPROOF,
191 RSA_MD4_checksum,
192 NULL
193 };
194
195 struct _krb5_checksum_type _krb5_checksum_rsa_md4_des = {
196 CKSUMTYPE_RSA_MD4_DES,
197 "rsa-md4-des",
198 64,
199 24,
200 F_KEYED | F_CPROOF | F_VARIANT,
201 RSA_MD4_DES_checksum,
202 RSA_MD4_DES_verify
203 };
204
205 struct _krb5_checksum_type _krb5_checksum_rsa_md5_des = {
206 CKSUMTYPE_RSA_MD5_DES,
207 "rsa-md5-des",
208 64,
209 24,
210 F_KEYED | F_CPROOF | F_VARIANT,
211 RSA_MD5_DES_checksum,
212 RSA_MD5_DES_verify
213 };
214
215 static krb5_error_code
216 evp_des_encrypt_null_ivec(krb5_context context,
217 struct _krb5_key_data *key,
218 void *data,
219 size_t len,
220 krb5_boolean encryptp,
221 int usage,
222 void *ignore_ivec)
223 {
224 struct _krb5_evp_schedule *ctx = key->schedule->data;
225 EVP_CIPHER_CTX *c;
226 DES_cblock ivec;
227 memset(&ivec, 0, sizeof(ivec));
228 c = encryptp ? &ctx->ectx : &ctx->dctx;
229 EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1);
230 EVP_Cipher(c, data, data, len);
231 return 0;
232 }
233
234 static krb5_error_code
235 evp_des_encrypt_key_ivec(krb5_context context,
236 struct _krb5_key_data *key,
237 void *data,
238 size_t len,
239 krb5_boolean encryptp,
240 int usage,
241 void *ignore_ivec)
242 {
243 struct _krb5_evp_schedule *ctx = key->schedule->data;
244 EVP_CIPHER_CTX *c;
245 DES_cblock ivec;
246 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
247 c = encryptp ? &ctx->ectx : &ctx->dctx;
248 EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1);
249 EVP_Cipher(c, data, data, len);
250 return 0;
251 }
252
253 static krb5_error_code
254 DES_CFB64_encrypt_null_ivec(krb5_context context,
255 struct _krb5_key_data *key,
256 void *data,
257 size_t len,
258 krb5_boolean encryptp,
259 int usage,
260 void *ignore_ivec)
261 {
262 DES_cblock ivec;
263 int num = 0;
264 DES_key_schedule *s = key->schedule->data;
265 memset(&ivec, 0, sizeof(ivec));
266
267 DES_cfb64_encrypt(data, data, len, s, &ivec, &num, encryptp);
268 return 0;
269 }
270
271 static krb5_error_code
272 DES_PCBC_encrypt_key_ivec(krb5_context context,
273 struct _krb5_key_data *key,
274 void *data,
275 size_t len,
276 krb5_boolean encryptp,
277 int usage,
278 void *ignore_ivec)
279 {
280 DES_cblock ivec;
281 DES_key_schedule *s = key->schedule->data;
282 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
283
284 DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp);
285 return 0;
286 }
287
288 struct _krb5_encryption_type _krb5_enctype_des_cbc_crc = {
289 ETYPE_DES_CBC_CRC,
290 "des-cbc-crc",
291 NULL,
292 8,
293 8,
294 8,
295 &keytype_des,
296 &_krb5_checksum_crc32,
297 NULL,
298 F_DISABLED|F_WEAK,
299 evp_des_encrypt_key_ivec,
300 0,
301 NULL
302 };
303
304 struct _krb5_encryption_type _krb5_enctype_des_cbc_md4 = {
305 ETYPE_DES_CBC_MD4,
306 "des-cbc-md4",
307 NULL,
308 8,
309 8,
310 8,
311 &keytype_des,
312 &_krb5_checksum_rsa_md4,
313 &_krb5_checksum_rsa_md4_des,
314 F_DISABLED|F_WEAK,
315 evp_des_encrypt_null_ivec,
316 0,
317 NULL
318 };
319
320 struct _krb5_encryption_type _krb5_enctype_des_cbc_md5 = {
321 ETYPE_DES_CBC_MD5,
322 "des-cbc-md5",
323 NULL,
324 8,
325 8,
326 8,
327 &keytype_des,
328 &_krb5_checksum_rsa_md5,
329 &_krb5_checksum_rsa_md5_des,
330 F_DISABLED|F_WEAK,
331 evp_des_encrypt_null_ivec,
332 0,
333 NULL
334 };
335
336 struct _krb5_encryption_type _krb5_enctype_des_cbc_none = {
337 ETYPE_DES_CBC_NONE,
338 "des-cbc-none",
339 NULL,
340 8,
341 8,
342 0,
343 &keytype_des,
344 &_krb5_checksum_none,
345 NULL,
346 F_PSEUDO|F_DISABLED|F_WEAK,
347 evp_des_encrypt_null_ivec,
348 0,
349 NULL
350 };
351
352 struct _krb5_encryption_type _krb5_enctype_des_cfb64_none = {
353 ETYPE_DES_CFB64_NONE,
354 "des-cfb64-none",
355 NULL,
356 1,
357 1,
358 0,
359 &keytype_des_old,
360 &_krb5_checksum_none,
361 NULL,
362 F_PSEUDO|F_DISABLED|F_WEAK,
363 DES_CFB64_encrypt_null_ivec,
364 0,
365 NULL
366 };
367
368 struct _krb5_encryption_type _krb5_enctype_des_pcbc_none = {
369 ETYPE_DES_PCBC_NONE,
370 "des-pcbc-none",
371 NULL,
372 8,
373 8,
374 0,
375 &keytype_des_old,
376 &_krb5_checksum_none,
377 NULL,
378 F_PSEUDO|F_DISABLED|F_WEAK,
379 DES_PCBC_encrypt_key_ivec,
380 0,
381 NULL
382 };
383 #endif /* HEIM_WEAK_CRYPTO */
Heimdal