1 /* crypto-rc4.c draft-brezak-win2k-krb-rc4-hmac-04 crypto functions
2 * Copyright (C) 2003 Simon Josefsson
4 * This file is part of Shishi.
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 static int arcfour_keyusage (int keyusage
)
29 * 1. AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with
30 * the client key (T=1)
31 * 2. AS-REP Ticket and TGS-REP Ticket (includes TGS session key
32 * or application session key), encrypted with the service key
34 * 3. AS-REP encrypted part (includes TGS session key or
35 * application session key), encrypted with the client key (T=8)
36 * 4. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the
37 * TGS session key (T=4)
38 * 5. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the
39 * TGS authenticator subkey (T=5)
40 * 6. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
41 * with the TGS session key (T=6)
42 * 7. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes
43 * TGS authenticator subkey), encrypted with the TGS session key
45 * 8. TGS-REP encrypted part (includes application session key),
46 * encrypted with the TGS session key (T=8)
47 * 9. TGS-REP encrypted part (includes application session key),
48 * encrypted with the TGS authenticator subkey (T=8)
49 * 10. AP-REQ Authenticator cksum, keyed with the application
51 * 11. AP-REQ Authenticator (includes application authenticator
52 * subkey), encrypted with the application session key (T=11)
53 * 12. AP-REP encrypted part (includes application session
54 * subkey), encrypted with the application session key (T=12)
55 * 13. KRB-PRIV encrypted part, encrypted with a key chosen by
56 * the application. Also for data encrypted with GSS Wrap (T=13)
57 * 14. KRB-CRED encrypted part, encrypted with a key chosen by
58 * the application (T=14)
59 * 15. KRB-SAFE cksum, keyed with a key chosen by the
60 * application. Also for data signed in GSS MIC (T=15)
62 * Relative to RFC-1964 key uses:
64 * T = 0 in the generation of sequence number for the MIC token
65 * T = 0 in the generation of sequence number for the WRAP token
66 * T = 0 in the generation of encrypted data for the WRAPPED token
72 else if (keyusage
== 9)
79 arcfour_hmac_encrypt (Shishi
* handle
,
84 char **ivout
, size_t * ivoutlen
,
85 const char *in
, size_t inlen
, char **out
, size_t * outlen
)
87 int export
= shishi_key_type (key
) == SHISHI_ARCFOUR_HMAC_EXP
;
88 int arcfourkeyusage
= arcfour_keyusage (keyusage
);
89 char L40
[14] = "fortybits";
99 T
[0] = arcfourkeyusage
& 0xFF;
100 T
[1] = (arcfourkeyusage
>> 8) & 0xFF;
101 T
[2] = (arcfourkeyusage
>> 16) & 0xFF;
102 T
[3] = (arcfourkeyusage
>> 24) & 0xFF;
104 memcpy (L40
+ 10, T
, 4);
111 err
= shishi_hmac_md5 (handle
,
112 shishi_key_value (key
), shishi_key_length (key
),
113 L40
+ offset
, 14 - offset
, &K1
);
119 memset (K1
+ 7, 0xAB, 9);
121 pt
= xmalloc (16 + 8 + inlen
);
124 err
= shishi_randomize (handle
, pt
+ 16, 8);
127 memcpy (pt
+ 16 + 8, in
, inlen
);
129 err
= shishi_hmac_md5 (handle
, K2
, 16, pt
, 16 + 8 + inlen
, &cksum
);
132 err
= shishi_hmac_md5 (handle
, K1
, 16, cksum
, 16, &K3
);
137 err
= shishi_arcfour (handle
, 0, K3
, 16, pt
+ 16, 8 + inlen
, out
);
141 memcpy (out
, cksum
, 16);
154 arcfour_hmac_decrypt (Shishi
* handle
,
159 char **ivout
, size_t * ivoutlen
,
160 const char *in
, size_t inlen
, char **out
, size_t * outlen
)
162 int export
= shishi_key_type (key
) == SHISHI_ARCFOUR_HMAC_EXP
;
163 int arcfourkeyusage
= arcfour_keyusage (keyusage
);
164 char L40
[14] = "fortybits";
174 T
[0] = arcfourkeyusage
& 0xFF;
175 T
[1] = (arcfourkeyusage
>> 8) & 0xFF;
176 T
[2] = (arcfourkeyusage
>> 16) & 0xFF;
177 T
[3] = (arcfourkeyusage
>> 24) & 0xFF;
179 memcpy (L40
+ 10, T
, 4);
186 err
= shishi_hmac_md5 (handle
,
187 shishi_key_value (key
), shishi_key_length (key
),
188 L40
+ offset
, 14 - offset
, &K1
);
194 memset (K1
+ 7, 0xAB, 9);
196 pt
= xmalloc (16 + 8 + inlen
);
199 err
= shishi_randomize (handle
, pt
+ 16, 8);
202 memcpy (pt
+ 16 + 8, in
, inlen
);
204 err
= shishi_hmac_md5 (handle
, K2
, 16, pt
, 16 + 8 + inlen
, &cksum
);
207 err
= shishi_hmac_md5 (handle
, K1
, 16, cksum
, 16, &K3
);
212 err
= shishi_arcfour (handle
, 0, K3
, 16, pt
+ 16, 8 + inlen
, out
);
227 arcfour_hmac_exp_encrypt (Shishi
* handle
,
232 char **ivout
, size_t * ivoutlen
,
233 const char *in
, size_t inlen
,
234 char **out
, size_t * outlen
)
236 return arcfour_hmac_encrypt (handle
, key
, keyusage
, iv
, ivlen
,
237 ivout
, ivoutlen
, in
, inlen
, out
, outlen
);
242 arcfour_hmac_exp_decrypt (Shishi
* handle
,
247 char **ivout
, size_t * ivoutlen
,
248 const char *in
, size_t inlen
,
249 char **out
, size_t * outlen
)
251 return arcfour_hmac_decrypt (handle
, key
, keyusage
, iv
, ivlen
,
252 ivout
, ivoutlen
, in
, inlen
, out
, outlen
);
255 #define ARCFOUR_HMAC_CKSUM_KEY_DERIVE_CONSTANT "signaturekey"
258 arcfour_hmac_md5_checksum (Shishi
* handle
,
262 const char *in
, size_t inlen
,
263 char **out
, size_t * outlen
)
265 int arcfourkeyusage
= arcfour_keyusage (keyusage
);
271 T
[0] = arcfourkeyusage
& 0xFF;
272 T
[1] = (arcfourkeyusage
>> 8) & 0xFF;
273 T
[2] = (arcfourkeyusage
>> 16) & 0xFF;
274 T
[3] = (arcfourkeyusage
>> 24) & 0xFF;
276 err
= shishi_hmac_md5 (handle
,
277 shishi_key_value (key
), shishi_key_length (key
),
278 ARCFOUR_HMAC_CKSUM_KEY_DERIVE_CONSTANT
,
279 strlen (ARCFOUR_HMAC_CKSUM_KEY_DERIVE_CONSTANT
) + 1,
284 pt
= xmalloc (4 + inlen
);
286 memcpy (pt
+ 4, in
, inlen
);
289 err
= shishi_hmac_md5 (handle
, Ksign
, 16, in
, inlen
, out
);
302 arcfour_hmac_random_to_key (Shishi
* handle
,
303 const char *random
, size_t randomlen
,
306 if (randomlen
!= shishi_key_length (outkey
))
308 shishi_error_printf (handle
, "ARCFOUR random to key caller error");
309 return SHISHI_CRYPTO_ERROR
;
312 shishi_key_value_set (outkey
, random
);
318 arcfour_hmac_string_to_key (Shishi
* handle
,
323 const char *parameter
, Shishi_key
* outkey
)
329 tmplen
= 2 * stringlen
;
330 tmp
= xmalloc (tmplen
);
332 for (i
= 0; i
< stringlen
; i
++)
334 tmp
[2 * i
] = string
[i
];
335 tmp
[2 * i
+ 1] = '\x0';
338 rc
= shishi_md4 (handle
, tmp
, tmplen
, &md
);
343 shishi_key_value_set (outkey
, md
);
348 cipherinfo arcfour_hmac_info
= {
356 SHISHI_ARCFOUR_HMAC_MD5
,
357 arcfour_hmac_random_to_key
,
358 arcfour_hmac_string_to_key
,
359 arcfour_hmac_encrypt
,
363 cipherinfo arcfour_hmac_exp_info
= {
364 SHISHI_ARCFOUR_HMAC_EXP
,
371 SHISHI_ARCFOUR_HMAC_MD5
,
372 arcfour_hmac_random_to_key
,
373 arcfour_hmac_string_to_key
,
374 arcfour_hmac_exp_encrypt
,
375 arcfour_hmac_exp_decrypt
378 checksuminfo arcfour_hmac_md5_info
= {
379 SHISHI_ARCFOUR_HMAC_MD5
,
382 arcfour_hmac_md5_checksum