lib/crypto-3des.c

   1 /* crypto-3des.c --- 3DES crypto functions.
   2  * Copyright (C) 2002, 2003, 2004, 2006  Simon Josefsson
   3  *
   4  * This file is part of Shishi.
   5  *
   6  * Shishi is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * Shishi is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with Shishi; if not, write to the Free Software
  18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  19  *
  20  */
  21
  22 #include "internal.h"
  23
  24 /* Get prototypes. */
  25 #include "crypto.h"
  26
  27 /* Get _shishi_escapeprint, etc. */
  28 #include "utils.h"
  29
  30 static int
  31 _des3_encrypt (Shishi * handle,
  32                Shishi_key * key,
  33                int keyusage,
  34                const char *iv,
  35                size_t ivlen,
  36                char **ivout, size_t * ivoutlen,
  37                const char *in, size_t inlen, char **out, size_t * outlen)
  38 {
  39   return _shishi_simplified_encrypt (handle, key, keyusage, iv, ivlen, ivout,
  40                                      ivoutlen, in, inlen, out, outlen);
  41 }
  42
  43 static int
  44 _des3_decrypt (Shishi * handle,
  45                Shishi_key * key,
  46                int keyusage,
  47                const char *iv,
  48                size_t ivlen,
  49                char **ivout, size_t * ivoutlen,
  50                const char *in, size_t inlen, char **out, size_t * outlen)
  51 {
  52   return _shishi_simplified_decrypt (handle, key, keyusage, iv, ivlen, ivout,
  53                                      ivoutlen, in, inlen, out, outlen);
  54 }
  55
  56 static int
  57 des3none_dencrypt (Shishi * handle,
  58                    Shishi_key * key,
  59                    int keyusage,
  60                    const char *iv, size_t ivlen,
  61                    char **ivout, size_t * ivoutlen,
  62                    const char *in, size_t inlen,
  63                    char **out, size_t * outlen, int direction)
  64 {
  65   int res;
  66
  67   if (keyusage != 0)
  68     {
  69       Shishi_key *derivedkey;
  70
  71       res = _shishi_simplified_derivekey (handle, key, keyusage,
  72                                           SHISHI_DERIVEKEYMODE_PRIVACY,
  73                                           &derivedkey);
  74       if (res != SHISHI_OK)
  75         return res;
  76
  77       res =
  78         _shishi_simplified_dencrypt (handle, derivedkey, iv, ivlen, ivout,
  79                                      ivoutlen, in, inlen, out, outlen,
  80                                      direction);
  81
  82       shishi_key_done (derivedkey);
  83
  84       if (res != SHISHI_OK)
  85         return res;
  86     }
  87   else
  88     {
  89       res =
  90         _shishi_simplified_dencrypt (handle, key, iv, ivlen, ivout, ivoutlen,
  91                                      in, inlen, out, outlen, direction);
  92       if (res != SHISHI_OK)
  93         return res;
  94     }
  95
  96   return SHISHI_OK;
  97 }
  98
  99 static int
 100 des3none_encrypt (Shishi * handle,
 101                   Shishi_key * key,
 102                   int keyusage,
 103                   const char *iv, size_t ivlen,
 104                   char **ivout, size_t * ivoutlen,
 105                   const char *in, size_t inlen, char **out, size_t * outlen)
 106 {
 107   return des3none_dencrypt (handle, key, keyusage, iv, ivlen, ivout, ivoutlen,
 108                             in, inlen, out, outlen, 0);
 109 }
 110
 111 static int
 112 des3none_decrypt (Shishi * handle,
 113                   Shishi_key * key,
 114                   int keyusage,
 115                   const char *iv, size_t ivlen,
 116                   char **ivout, size_t * ivoutlen,
 117                   const char *in, size_t inlen, char **out, size_t * outlen)
 118 {
 119   return des3none_dencrypt (handle, key, keyusage, iv, ivlen, ivout, ivoutlen,
 120                             in, inlen, out, outlen, 1);
 121 }
 122
 123 static void
 124 des_set_odd_key_parity (char key[8])
 125 {
 126   int i, j;
 127
 128   for (i = 0; i < 8; i++)
 129     {
 130       int n_set_bits = 0;
 131
 132       for (j = 1; j < 8; j++)
 133         if (key[i] & (1 << j))
 134           n_set_bits++;
 135
 136       key[i] &= ~1;
 137       if ((n_set_bits % 2) == 0)
 138         key[i] |= 1;
 139     }
 140 }
 141
 142 /* The 168 bits of random key data are converted to a protocol key
 143  * value as follows.  First, the 168 bits are divided into three
 144  * groups of 56 bits, which are expanded individually into 64 bits as
 145  * follows:
 146  *
 147  *          1  2  3  4  5  6  7  p
 148  *          9 10 11 12 13 14 15  p
 149  *         17 18 19 20 21 22 23  p
 150  *         25 26 27 28 29 30 31  p
 151  *         33 34 35 36 37 38 39  p
 152  *         41 42 43 44 45 46 47  p
 153  *         49 50 51 52 53 54 55  p
 154  *         56 48 40 32 24 16  8  p
 155  *
 156  * The "p" bits are parity bits computed over the data bits.  The
 157  * output of the three expansions are concatenated to form the
 158  * protocol key value.
 159  *
 160  */
 161 static int
 162 des3_random_to_key (Shishi * handle,
 163                     const char *rnd, size_t rndlen, Shishi_key * outkey)
 164 {
 165   char tmpkey[3 * 8];
 166   int i;
 167
 168   if (rndlen < 168 / 8)
 169     return !SHISHI_OK;
 170
 171   if (VERBOSECRYPTO (handle))
 172     {
 173       printf ("des3_random_to_key (random)\n");
 174       printf ("\t ;; random (length %d):\n", 168 / 8);
 175       _shishi_hexprint (rnd, 168 / 8);
 176       _shishi_binprint (rnd, 168 / 8);
 177     }
 178
 179   memcpy (tmpkey, rnd, 7);
 180   memcpy (tmpkey + 8, rnd + 7, 7);
 181   memcpy (tmpkey + 16, rnd + 14, 7);
 182   for (i = 0; i < 3; i++)
 183     {
 184       tmpkey[i * 8 + 7] =
 185         ((tmpkey[i * 8 + 0] & 0x01) << 1) |
 186         ((tmpkey[i * 8 + 1] & 0x01) << 2) |
 187         ((tmpkey[i * 8 + 2] & 0x01) << 3) |
 188         ((tmpkey[i * 8 + 3] & 0x01) << 4) |
 189         ((tmpkey[i * 8 + 4] & 0x01) << 5) |
 190         ((tmpkey[i * 8 + 5] & 0x01) << 6) | ((tmpkey[i * 8 + 6] & 0x01) << 7);
 191       des_set_odd_key_parity (tmpkey + i * 8);
 192     }
 193
 194   shishi_key_value_set (outkey, tmpkey);
 195
 196   if (VERBOSECRYPTO (handle))
 197     {
 198       printf ("key = des3_random_to_key (random)\n");
 199       printf ("\t ;; key:\n");
 200       _shishi_hexprint (tmpkey, 3 * 8);
 201       _shishi_binprint (tmpkey, 3 * 8);
 202     }
 203
 204   return SHISHI_OK;
 205 }
 206
 207 static int
 208 des3_string_to_key (Shishi * handle,
 209                     const char *string,
 210                     size_t stringlen,
 211                     const char *salt,
 212                     size_t saltlen,
 213                     const char *parameter, Shishi_key * outkey)
 214 {
 215   char *s;
 216   int n_s;
 217   Shishi_key *key;
 218   char nfold[168 / 8];
 219   int nfoldlen = 168 / 8;
 220   int res;
 221
 222   if (VERBOSECRYPTO (handle))
 223     {
 224       printf ("des3_string_to_key (string, salt)\n");
 225       printf ("\t ;; String:\n");
 226       _shishi_escapeprint (string, stringlen);
 227       _shishi_hexprint (string, stringlen);
 228       printf ("\t ;; Salt:\n");
 229       _shishi_escapeprint (salt, saltlen);
 230       _shishi_hexprint (salt, saltlen);
 231     }
 232
 233   /* s = passwordString + salt */
 234   n_s = stringlen + saltlen;
 235   s = (char *) xmalloc (n_s);
 236   memcpy (s, string, stringlen);
 237   memcpy (s + stringlen, salt, saltlen);
 238
 239   /* tmpKey = random-to-key(168-fold(s)) */
 240   res = shishi_n_fold (handle, s, n_s, nfold, nfoldlen);
 241   free (s);
 242   if (res != SHISHI_OK)
 243     return res;
 244
 245   res = shishi_key_from_value (handle, shishi_key_type (outkey), NULL, &key);
 246   if (res != SHISHI_OK)
 247     return res;
 248
 249   res = des3_random_to_key (handle, nfold, nfoldlen, key);
 250   if (res == SHISHI_OK)
 251     /* key = DK (tmpKey, Constant) */
 252     res = shishi_dk (handle, key, SHISHI_DK_CONSTANT,
 253                      strlen (SHISHI_DK_CONSTANT), outkey);
 254
 255   shishi_key_done (key);
 256
 257   if (res != SHISHI_OK)
 258     return res;
 259
 260   if (VERBOSECRYPTO (handle))
 261     {
 262       printf ("des3_string_to_key (string, salt)\n");
 263       printf ("\t ;; Key:\n");
 264       _shishi_hexprint (shishi_key_value (outkey),
 265                         shishi_key_length (outkey));
 266       _shishi_binprint (shishi_key_value (outkey),
 267                         shishi_key_length (outkey));
 268     }
 269
 270   return SHISHI_OK;
 271 }
 272
 273 static int
 274 des3_checksum (Shishi * handle,
 275                Shishi_key * key,
 276                int keyusage,
 277                int cksumtype,
 278                const char *in, size_t inlen, char **out, size_t * outlen)
 279 {
 280   return _shishi_simplified_checksum (handle, key, keyusage, cksumtype,
 281                                       in, inlen, out, outlen);
 282 }
 283
 284 cipherinfo des3_cbc_none_info = {
 285   SHISHI_DES3_CBC_NONE,
 286   "des3-cbc-none",
 287   8,
 288   8,
 289   3 * 8,
 290   3 * 8,
 291   SHISHI_HMAC_SHA1_DES3_KD,
 292   des3_random_to_key,
 293   des3_string_to_key,
 294   des3none_encrypt,
 295   des3none_decrypt
 296 };
 297
 298 cipherinfo des3_cbc_sha1_kd_info = {
 299   SHISHI_DES3_CBC_HMAC_SHA1_KD,
 300   "des3-cbc-sha1-kd",
 301   8,
 302   8,
 303   3 * 8,
 304   3 * 8,
 305   SHISHI_HMAC_SHA1_DES3_KD,
 306   des3_random_to_key,
 307   des3_string_to_key,
 308   _des3_encrypt,
 309   _des3_decrypt
 310 };
 311
 312 checksuminfo hmac_sha1_des3_kd_info = {
 313   SHISHI_HMAC_SHA1_DES3_KD,
 314   "hmac-sha1-des3-kd",
 315   20,
 316   des3_checksum
 317 };