lib/crypto-3des.c

   1 /* crypto-3des.c        3DES crypto functions
   2  * Copyright (C) 2002, 2003  Simon Josefsson
   3  *
   4  * This file is part of Shishi.
   5  *
   6  * Shishi is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * Shishi is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with Shishi; if not, write to the Free Software
  18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  19  *
  20  */
  21
  22 #include "internal.h"
  23
  24 #include "crypto.h"
  25
  26 static int
  27 _des3_encrypt (Shishi * handle,
  28                Shishi_key * key,
  29                int keyusage,
  30                const char *iv,
  31                size_t ivlen,
  32                char **ivout, size_t * ivoutlen,
  33                const char *in, size_t inlen, char **out, size_t * outlen)
  34 {
  35   return _shishi_simplified_encrypt (handle, key, keyusage, iv, ivlen, ivout,
  36                                      ivoutlen, in, inlen, out, outlen);
  37 }
  38
  39 static int
  40 _des3_decrypt (Shishi * handle,
  41                Shishi_key * key,
  42                int keyusage,
  43                const char *iv,
  44                size_t ivlen,
  45                char **ivout, size_t * ivoutlen,
  46                const char *in, size_t inlen, char **out, size_t * outlen)
  47 {
  48   return _shishi_simplified_decrypt (handle, key, keyusage, iv, ivlen, ivout,
  49                                      ivoutlen, in, inlen, out, outlen);
  50 }
  51
  52 static int
  53 des3none_dencrypt (Shishi * handle,
  54                    Shishi_key * key,
  55                    int keyusage,
  56                    const char *iv, size_t ivlen,
  57                    char **ivout, size_t * ivoutlen,
  58                    const char *in, size_t inlen,
  59                    char **out, size_t * outlen, int direction)
  60 {
  61   int res;
  62
  63   if (keyusage != 0)
  64     {
  65       Shishi_key *derivedkey;
  66
  67       res = _shishi_simplified_derivekey (handle, key, keyusage,
  68                                           SHISHI_DERIVEKEYMODE_PRIVACY,
  69                                           &derivedkey);
  70       if (res != SHISHI_OK)
  71         return res;
  72
  73       res =
  74         _shishi_simplified_dencrypt (handle, derivedkey, iv, ivlen, ivout,
  75                                      ivoutlen, in, inlen, out, outlen,
  76                                      direction);
  77
  78       shishi_key_done (derivedkey);
  79
  80       if (res != SHISHI_OK)
  81         return res;
  82     }
  83   else
  84     {
  85       res =
  86         _shishi_simplified_dencrypt (handle, key, iv, ivlen, ivout, ivoutlen,
  87                                      in, inlen, out, outlen, direction);
  88       if (res != SHISHI_OK)
  89         return res;
  90     }
  91
  92   return SHISHI_OK;
  93 }
  94
  95 static int
  96 des3none_encrypt (Shishi * handle,
  97                   Shishi_key * key,
  98                   int keyusage,
  99                   const char *iv, size_t ivlen,
 100                   char **ivout, size_t * ivoutlen,
 101                   const char *in, size_t inlen, char **out, size_t * outlen)
 102 {
 103   return des3none_dencrypt (handle, key, keyusage, iv, ivlen, ivout, ivoutlen,
 104                             in, inlen, out, outlen, 0);
 105 }
 106
 107 static int
 108 des3none_decrypt (Shishi * handle,
 109                   Shishi_key * key,
 110                   int keyusage,
 111                   const char *iv, size_t ivlen,
 112                   char **ivout, size_t * ivoutlen,
 113                   const char *in, size_t inlen, char **out, size_t * outlen)
 114 {
 115   return des3none_dencrypt (handle, key, keyusage, iv, ivlen, ivout, ivoutlen,
 116                             in, inlen, out, outlen, 1);
 117 }
 118
 119 static void
 120 des_set_odd_key_parity (char key[8])
 121 {
 122   int i, j;
 123
 124   for (i = 0; i < 8; i++)
 125     {
 126       int n_set_bits = 0;
 127
 128       for (j = 1; j < 8; j++)
 129         if (key[i] & (1 << j))
 130           n_set_bits++;
 131
 132       key[i] &= ~1;
 133       if ((n_set_bits % 2) == 0)
 134         key[i] |= 1;
 135     }
 136 }
 137
 138 /* The 168 bits of random key data are converted to a protocol key
 139  * value as follows.  First, the 168 bits are divided into three
 140  * groups of 56 bits, which are expanded individually into 64 bits as
 141  * follows:
 142  *
 143  *          1  2  3  4  5  6  7  p
 144  *          9 10 11 12 13 14 15  p
 145  *         17 18 19 20 21 22 23  p
 146  *         25 26 27 28 29 30 31  p
 147  *         33 34 35 36 37 38 39  p
 148  *         41 42 43 44 45 46 47  p
 149  *         49 50 51 52 53 54 55  p
 150  *         56 48 40 32 24 16  8  p
 151  *
 152  * The "p" bits are parity bits computed over the data bits.  The
 153  * output of the three expansions are concatenated to form the
 154  * protocol key value.
 155  *
 156  */
 157 static int
 158 des3_random_to_key (Shishi * handle,
 159                     const char *random, size_t randomlen, Shishi_key * outkey)
 160 {
 161   unsigned char tmpkey[3 * 8];
 162   int i;
 163
 164   if (randomlen < 168 / 8)
 165     return !SHISHI_OK;
 166
 167   if (VERBOSECRYPTO (handle))
 168     {
 169       printf ("des3_random_to_key (random)\n");
 170       printf ("\t ;; random (length %d):\n", 168 / 8);
 171       _shishi_hexprint (random, 168 / 8);
 172       _shishi_binprint (random, 168 / 8);
 173     }
 174
 175   memcpy (tmpkey, random, 7);
 176   memcpy (tmpkey + 8, random + 7, 7);
 177   memcpy (tmpkey + 16, random + 14, 7);
 178   for (i = 0; i < 3; i++)
 179     {
 180       tmpkey[i * 8 + 7] =
 181         ((tmpkey[i * 8 + 0] & 0x01) << 1) |
 182         ((tmpkey[i * 8 + 1] & 0x01) << 2) |
 183         ((tmpkey[i * 8 + 2] & 0x01) << 3) |
 184         ((tmpkey[i * 8 + 3] & 0x01) << 4) |
 185         ((tmpkey[i * 8 + 4] & 0x01) << 5) |
 186         ((tmpkey[i * 8 + 5] & 0x01) << 6) | ((tmpkey[i * 8 + 6] & 0x01) << 7);
 187       des_set_odd_key_parity (tmpkey + i * 8);
 188     }
 189
 190   shishi_key_value_set (outkey, tmpkey);
 191
 192   if (VERBOSECRYPTO (handle))
 193     {
 194       printf ("key = des3_random_to_key (random)\n");
 195       printf ("\t ;; key:\n");
 196       _shishi_hexprint (tmpkey, 3 * 8);
 197       _shishi_binprint (tmpkey, 3 * 8);
 198     }
 199
 200   return SHISHI_OK;
 201 }
 202
 203 static int
 204 des3_string_to_key (Shishi * handle,
 205                     const char *string,
 206                     size_t stringlen,
 207                     const char *salt,
 208                     size_t saltlen,
 209                     const char *parameter, Shishi_key * outkey)
 210 {
 211   char *s;
 212   int n_s;
 213   Shishi_key *key;
 214   char nfold[168 / 8];
 215   int nfoldlen = 168 / 8;
 216   int res;
 217
 218   if (VERBOSECRYPTO (handle))
 219     {
 220       printf ("des3_string_to_key (string, salt)\n");
 221       printf ("\t ;; String:\n");
 222       _shishi_escapeprint (string, stringlen);
 223       _shishi_hexprint (string, stringlen);
 224       printf ("\t ;; Salt:\n");
 225       _shishi_escapeprint (salt, saltlen);
 226       _shishi_hexprint (salt, saltlen);
 227     }
 228
 229   /* s = passwordString + salt */
 230   n_s = stringlen + saltlen;
 231   s = (char *) xmalloc (n_s);
 232   memcpy (s, string, stringlen);
 233   memcpy (s + stringlen, salt, saltlen);
 234
 235   /* tmpKey = random-to-key(168-fold(s)) */
 236   res = shishi_n_fold (handle, s, n_s, nfold, nfoldlen);
 237   free (s);
 238   if (res != SHISHI_OK)
 239     return res;
 240
 241   res = shishi_key_from_value (handle, shishi_key_type (outkey), NULL, &key);
 242   if (res != SHISHI_OK)
 243     return res;
 244
 245   res = des3_random_to_key (handle, nfold, nfoldlen, key);
 246   if (res != SHISHI_OK)
 247     return res;
 248
 249   /* key = DK (tmpKey, KerberosConstant) */
 250   res = shishi_dk (handle, key, "kerberos", strlen ("kerberos"), outkey);
 251   if (res != SHISHI_OK)
 252     return res;
 253
 254   shishi_key_done (key);
 255
 256   if (VERBOSECRYPTO (handle))
 257     {
 258       printf ("des3_string_to_key (string, salt)\n");
 259       printf ("\t ;; Key:\n");
 260       _shishi_hexprint (shishi_key_value (outkey),
 261                         shishi_key_length (outkey));
 262       _shishi_binprint (shishi_key_value (outkey),
 263                         shishi_key_length (outkey));
 264     }
 265
 266   return SHISHI_OK;
 267 }
 268
 269 static int
 270 des3_checksum (Shishi * handle,
 271                Shishi_key * key,
 272                int keyusage,
 273                int cksumtype,
 274                const char *in, size_t inlen, char **out, size_t * outlen)
 275 {
 276   return _shishi_simplified_checksum (handle, key, keyusage, cksumtype,
 277                                       in, inlen, out, outlen);
 278 }
 279
 280 cipherinfo des3_cbc_none_info = {
 281   SHISHI_DES3_CBC_NONE,
 282   "des3-cbc-none",
 283   8,
 284   0,
 285   8,
 286   3 * 8,
 287   3 * 8,
 288   SHISHI_HMAC_SHA1_DES3_KD,
 289   des3_random_to_key,
 290   des3_string_to_key,
 291   des3none_encrypt,
 292   des3none_decrypt
 293 };
 294
 295 cipherinfo des3_cbc_sha1_kd_info = {
 296   SHISHI_DES3_CBC_HMAC_SHA1_KD,
 297   "des3-cbc-sha1-kd",
 298   8,
 299   0,
 300   8,
 301   3 * 8,
 302   3 * 8,
 303   SHISHI_HMAC_SHA1_DES3_KD,
 304   des3_random_to_key,
 305   des3_string_to_key,
 306   _des3_encrypt,
 307   _des3_decrypt
 308 };
 309
 310 checksuminfo hmac_sha1_des3_kd_info = {
 311   SHISHI_HMAC_SHA1_DES3_KD,
 312   "hmac-sha1-des3-kd",
 313   20,
 314   des3_checksum
 315 };