lib/crypto-3des.c

   1 /* crypto-3des.c        3DES crypto functions
   2  * Copyright (C) 2002, 2003  Simon Josefsson
   3  *
   4  * This file is part of Shishi.
   5  *
   6  * Shishi is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * Shishi is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with Shishi; if not, write to the Free Software
  18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  19  *
  20  * Note: This file is #include'd by crypto.c.
  21  *
  22  */
  23
  24 static int
  25 des3_encrypt (Shishi * handle,
  26               Shishi_key * key,
  27               int keyusage,
  28               const char *iv,
  29               size_t ivlen,
  30               const char *in, size_t inlen, char **out, size_t * outlen)
  31 {
  32   return simplified_encrypt (handle, key, keyusage, iv, ivlen,
  33                              in, inlen, out, outlen);
  34 }
  35
  36 static int
  37 des3_decrypt (Shishi * handle,
  38               Shishi_key * key,
  39               int keyusage,
  40               const char *iv,
  41               size_t ivlen,
  42               const char *in, size_t inlen, char **out, size_t * outlen)
  43 {
  44   return simplified_decrypt (handle, key, keyusage, iv, ivlen,
  45                              in, inlen, out, outlen);
  46 }
  47
  48 static int
  49 des3none_dencrypt (Shishi * handle,
  50                    Shishi_key * key,
  51                    int keyusage,
  52                    const char *iv,
  53                    size_t ivlen,
  54                    const char *in,
  55                    size_t inlen, char **out, size_t * outlen, int direction)
  56 {
  57   int res;
  58
  59   if (keyusage != 0)
  60     {
  61       size_t len;
  62       Shishi_key *derivedkey;
  63
  64       res = simplified_derivekey (handle, key, keyusage,
  65                                   SHISHI_DERIVEKEYMODE_PRIVACY, &derivedkey);
  66       if (res != SHISHI_OK)
  67         return res;
  68
  69       res = simplified_dencrypt (handle, derivedkey, iv, ivlen,
  70                                  in, inlen, out, outlen, direction);
  71
  72       shishi_key_done (&derivedkey);
  73
  74       if (res != SHISHI_OK)
  75         return res;
  76     }
  77   else
  78     {
  79       res = simplified_dencrypt (handle, key, iv, ivlen,
  80                                  in, inlen, out, outlen, direction);
  81       if (res != SHISHI_OK)
  82         return res;
  83     }
  84
  85   return SHISHI_OK;
  86 }
  87
  88 static int
  89 des3none_encrypt (Shishi * handle,
  90                   Shishi_key * key,
  91                   int keyusage,
  92                   const char *iv,
  93                   size_t ivlen,
  94                   const char *in, size_t inlen, char **out, size_t * outlen)
  95 {
  96   return des3none_dencrypt (handle, key, keyusage,
  97                             iv, ivlen, in, inlen, out, outlen, 0);
  98 }
  99
 100 static int
 101 des3none_decrypt (Shishi * handle,
 102                   Shishi_key * key,
 103                   int keyusage,
 104                   const char *iv,
 105                   size_t ivlen,
 106                   const char *in, size_t inlen, char **out, size_t * outlen)
 107 {
 108   return des3none_dencrypt (handle, key, keyusage,
 109                             iv, ivlen, in, inlen, out, outlen, 1);
 110 }
 111
 112 /* The 168 bits of random key data are converted to a protocol key
 113  * value as follows.  First, the 168 bits are divided into three
 114  * groups of 56 bits, which are expanded individually into 64 bits as
 115  * follows:
 116  *
 117  *          1  2  3  4  5  6  7  p
 118  *          9 10 11 12 13 14 15  p
 119  *         17 18 19 20 21 22 23  p
 120  *         25 26 27 28 29 30 31  p
 121  *         33 34 35 36 37 38 39  p
 122  *         41 42 43 44 45 46 47  p
 123  *         49 50 51 52 53 54 55  p
 124  *         56 48 40 32 24 16  8  p
 125  *
 126  * The "p" bits are parity bits computed over the data bits.  The
 127  * output of the three expansions are concatenated to form the
 128  * protocol key value.
 129  *
 130  */
 131 static int
 132 des3_random_to_key (Shishi * handle,
 133                     const char *random, size_t randomlen, Shishi_key * outkey)
 134 {
 135   unsigned char tmpkey[3 * 8];
 136   int i;
 137
 138   if (randomlen < 168 / 8)
 139     return !SHISHI_OK;
 140
 141   if (VERBOSECRYPTO (handle))
 142     {
 143       printf ("des3_random_to_key (random)\n");
 144       printf ("\t ;; random (length %d):\n", 168 / 8);
 145       hexprint (random, 168 / 8);
 146       puts ("");
 147       binprint (random, 168 / 8);
 148       puts ("");
 149     }
 150
 151   memcpy (tmpkey, random, 7);
 152   memcpy (tmpkey + 8, random + 7, 7);
 153   memcpy (tmpkey + 16, random + 14, 7);
 154   for (i = 0; i < 3; i++)
 155     {
 156       tmpkey[i * 8 + 7] =
 157         ((tmpkey[i * 8 + 0] & 0x01) << 1) |
 158         ((tmpkey[i * 8 + 1] & 0x01) << 2) |
 159         ((tmpkey[i * 8 + 2] & 0x01) << 3) |
 160         ((tmpkey[i * 8 + 3] & 0x01) << 4) |
 161         ((tmpkey[i * 8 + 4] & 0x01) << 5) |
 162         ((tmpkey[i * 8 + 5] & 0x01) << 6) | ((tmpkey[i * 8 + 6] & 0x01) << 7);
 163       des_set_odd_key_parity (tmpkey + i * 8);
 164     }
 165
 166   shishi_key_value_set (outkey, tmpkey);
 167
 168   if (VERBOSECRYPTO (handle))
 169     {
 170       printf ("key = des3_random_to_key (random)\n");
 171       printf ("\t ;; key:\n");
 172       hexprint (tmpkey, 3 * 8);
 173       puts ("");
 174       binprint (tmpkey, 3 * 8);
 175       puts ("");
 176     }
 177
 178   return SHISHI_OK;
 179 }
 180
 181 static int
 182 des3_string_to_key (Shishi * handle,
 183                     const char *string,
 184                     size_t stringlen,
 185                     const char *salt,
 186                     size_t saltlen,
 187                     const char *parameter, Shishi_key * outkey)
 188 {
 189   char *s;
 190   int n_s;
 191   Shishi_key *key;
 192   char nfold[168 / 8];
 193   int nfoldlen = 168 / 8;
 194   int res;
 195
 196   if (VERBOSECRYPTO (handle))
 197     {
 198       printf ("des3_string_to_key (string, salt)\n");
 199       printf ("\t ;; String:\n");
 200       escapeprint (string, stringlen);
 201       hexprint (string, stringlen);
 202       puts ("");
 203       printf ("\t ;; Salt:\n");
 204       escapeprint (salt, saltlen);
 205       hexprint (salt, saltlen);
 206       puts ("");
 207     }
 208
 209   /* s = passwordString + salt */
 210   n_s = stringlen + saltlen;
 211   s = (char *) malloc (n_s);
 212   memcpy (s, string, stringlen);
 213   memcpy (s + stringlen, salt, saltlen);
 214
 215   /* tmpKey = random-to-key(168-fold(s)) */
 216   res = shishi_n_fold (handle, s, n_s, nfold, nfoldlen);
 217   free (s);
 218   if (res != SHISHI_OK)
 219     return res;
 220
 221   res = shishi_key_from_value (handle, shishi_key_type (outkey), NULL, &key);
 222   if (res != SHISHI_OK)
 223     return res;
 224
 225   res = des3_random_to_key (handle, nfold, nfoldlen, key);
 226   if (res != SHISHI_OK)
 227     return res;
 228
 229   /* key = DK (tmpKey, KerberosConstant) */
 230   res = shishi_dk (handle, key, "kerberos", strlen ("kerberos"), outkey);
 231   if (res != SHISHI_OK)
 232     return res;
 233
 234   shishi_key_done (&key);
 235
 236   if (VERBOSECRYPTO (handle))
 237     {
 238       printf ("des3_string_to_key (string, salt)\n");
 239       printf ("\t ;; Key:\n");
 240       hexprint (shishi_key_value (outkey), shishi_key_length (outkey));
 241       binprint (shishi_key_value (outkey), shishi_key_length (outkey));
 242       puts ("");
 243     }
 244
 245   return SHISHI_OK;
 246 }
 247
 248 static int
 249 des3_checksum (Shishi * handle,
 250                Shishi_key * key,
 251                int keyusage,
 252                int cksumtype,
 253                char *in, size_t inlen,
 254                char **out, size_t * outlen)
 255 {
 256   return simplified_checksum (handle, key, keyusage, cksumtype,
 257                               in, inlen, out, outlen);
 258 }