search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Support nettle as well as libgcrypt.
[shishi.git] / lib / crypto-des.c
blob35efc37cd780c43b7da62f27a7fc08ec78632da4
1 /* crypto-des.c DES crypto functions
2 * Copyright (C) 2002, 2003 Simon Josefsson
3 *
4 * This file is part of Shishi.
5 *
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 * Note: This file is #include'd by crypto.c.
21 *
22 */
23 #ifdef USE_GCRYPT
24
25 static int
26 raw_des_verify (Shishi * handle, int algo, char *out, int *outlen)
27 {
28 char md[MAX_HASH_LEN];
29 gcry_md_hd_t hd;
30 gpg_error_t err;
31 int hlen = gcry_md_get_algo_dlen (algo);
32 int ok;
33 char *p;
34
35 memcpy (md, out + 8, hlen);
36 memset (out + 8, 0, hlen);
37
38 err = gcry_md_open (&hd, algo, 0);
39 if (err != GPG_ERR_NO_ERROR)
40 {
41 shishi_error_printf (handle, "Algo %d not available in libgcrypt", algo);
42 return SHISHI_CRYPTO_INTERNAL_ERROR;
43 }
44
45 gcry_md_write (hd, out, *outlen);
46
47 p = gcry_md_read (hd, algo);
48 if (p == NULL)
49 {
50 shishi_error_printf (handle, "Libgcrypt failed to compute hash");
51 return SHISHI_CRYPTO_INTERNAL_ERROR;
52 }
53
54 if (VERBOSECRYPTO (handle))
55 {
56 puts("DES verify:");
57 hexprint(md, hlen);
58 hexprint (p, hlen);
59 }
60
61 ok = memcmp (p, md, hlen) == 0;
62
63 gcry_md_close (hd);
64
65 if (!ok)
66 {
67 shishi_error_printf (handle, "DES verify failed");
68 return SHISHI_CRYPTO_ERROR;
69 }
70
71 memmove (out, out + 8 + hlen, *outlen - 8 - hlen);
72 *outlen -= 8 + hlen;
73
74 return SHISHI_OK;
75 }
76
77 static int
78 raw_des_checksum (Shishi * handle,
79 int algo,
80 const char *in, size_t inlen,
81 char *out, size_t * outlen,
82 int hashzeros)
83 {
84 gpg_error_t err;
85 int hlen = gcry_md_get_algo_dlen (algo);
86 char buffer[8 + MAX_HASH_LEN];
87 char *p;
88 gcry_md_hd_t hd;
89 int res;
90
91 err = gcry_md_open (&hd, algo, 0);
92 if (err != GPG_ERR_NO_ERROR)
93 {
94 shishi_error_printf (handle, "MD %d not available in libgcrypt", algo);
95 return SHISHI_CRYPTO_INTERNAL_ERROR;
96 }
97
98 res = shishi_randomize (handle, buffer, 8);
99 if (res != SHISHI_OK)
100 return res;
101
102 memset (buffer + 8, 0, hlen);
103
104 if (hashzeros)
105 gcry_md_write (hd, buffer, 8 + hlen);
106 else
107 gcry_md_write (hd, buffer, 8);
108 gcry_md_write (hd, in, inlen);
109
110 p = gcry_md_read (hd, algo);
111 if (p == NULL)
112 {
113 shishi_error_printf (handle, "Libgcrypt failed to compute hash");
114 return SHISHI_CRYPTO_INTERNAL_ERROR;
115 }
116
117 memcpy(out, buffer, 8);
118 memcpy(out + 8, p, hlen);
119
120 gcry_md_close (hd);
121
122 *outlen = 8 + hlen;
123
124 return SHISHI_OK;
125 }
126
127 static int
128 _des_encrypt (Shishi * handle,
129 Shishi_key * key,
130 int keyusage,
131 const char *iv,
132 size_t ivlen,
133 const char *in, size_t inlen, char **out, size_t * outlen,
134 int algo)
135 {
136 char cksum[8 + MAX_HASH_LEN];
137 char *inpad;
138 char *pt;
139 size_t inpadlen, padzerolen = 0, ptlen, cksumlen;
140 int res;
141
142 if (inlen % 8)
143 padzerolen = 8 - (inlen % 8);
144 inpadlen = inlen + padzerolen;
145 inpad = xmalloc (inpadlen);
146
147 memcpy (inpad, in, inlen);
148 memset (inpad + inlen, 0, padzerolen);
149
150 res = raw_des_checksum (handle, algo, inpad, inpadlen, cksum, &cksumlen, 1);
151 if (res != SHISHI_OK)
152 {
153 shishi_error_printf (handle, "DES checksum failed");
154 return res;
155 }
156
157 ptlen = inpadlen + cksumlen;
158 pt = xmalloc (ptlen);
159 memcpy (pt, cksum, cksumlen);
160 memcpy (pt + cksumlen, inpad, inpadlen);
161
162 free (inpad);
163
164 res = simplified_encrypt (handle, key, 0, iv, ivlen,
165 pt, ptlen, out, outlen);
166
167 free (pt);
168
169 if (res != SHISHI_OK)
170 {
171 shishi_error_printf (handle, "DES encrypt failed");
172 return res;
173 }
174
175 return SHISHI_OK;
176 }
177
178 static int
179 des_crc_encrypt (Shishi * handle,
180 Shishi_key * key,
181 int keyusage,
182 const char *iv,
183 size_t ivlen,
184 const char *in, size_t inlen, char **out, size_t * outlen)
185 {
186 return _des_encrypt (handle, key, keyusage, iv, ivlen,
187 in, inlen, out, outlen, GCRY_MD_CRC32_RFC1510);
188 }
189
190 static int
191 des_md4_encrypt (Shishi * handle,
192 Shishi_key * key,
193 int keyusage,
194 const char *iv,
195 size_t ivlen,
196 const char *in, size_t inlen, char **out, size_t * outlen)
197 {
198 return _des_encrypt (handle, key, keyusage, iv, ivlen,
199 in, inlen, out, outlen, GCRY_MD_MD4);
200 }
201
202 static int
203 des_md5_encrypt (Shishi * handle,
204 Shishi_key * key,
205 int keyusage,
206 const char *iv,
207 size_t ivlen,
208 const char *in, size_t inlen, char **out, size_t * outlen)
209 {
210 return _des_encrypt (handle, key, keyusage, iv, ivlen,
211 in, inlen, out, outlen, GCRY_MD_MD5);
212 }
213
214 static int
215 _des_decrypt (Shishi * handle,
216 Shishi_key * key,
217 int keyusage,
218 const char *iv, size_t ivlen,
219 const char *in, size_t inlen,
220 char **out, size_t * outlen,
221 int algo)
222 {
223 int res;
224
225 res = simplified_decrypt (handle, key, 0, iv, ivlen,
226 in, inlen, out, outlen);
227 if (res != SHISHI_OK)
228 {
229 shishi_error_printf (handle, "decrypt failed");
230 return res;
231 }
232
233 res = raw_des_verify (handle, algo, *out, outlen);
234 if (res != SHISHI_OK)
235 {
236 shishi_error_printf (handle, "verify failed");
237 return res;
238 }
239
240 return SHISHI_OK;
241 }
242
243 static int
244 des_crc_decrypt (Shishi * handle,
245 Shishi_key * key,
246 int keyusage,
247 const char *iv,
248 size_t ivlen,
249 const char *in, size_t inlen, char **out, size_t * outlen)
250 {
251 return _des_decrypt (handle, key, keyusage, iv, ivlen,
252 in, inlen, out, outlen, GCRY_MD_CRC32_RFC1510);
253 }
254
255 static int
256 des_md4_decrypt (Shishi * handle,
257 Shishi_key * key,
258 int keyusage,
259 const char *iv,
260 size_t ivlen,
261 const char *in, size_t inlen, char **out, size_t * outlen)
262 {
263 return _des_decrypt (handle, key, keyusage, iv, ivlen,
264 in, inlen, out, outlen, GCRY_MD_MD4);
265 }
266
267 static int
268 des_md5_decrypt (Shishi * handle,
269 Shishi_key * key,
270 int keyusage,
271 const char *iv,
272 size_t ivlen,
273 const char *in, size_t inlen, char **out, size_t * outlen)
274 {
275 return _des_decrypt (handle, key, keyusage, iv, ivlen,
276 in, inlen, out, outlen, GCRY_MD_MD5);
277 }
278
279 static int
280 des_none_encrypt (Shishi * handle,
281 Shishi_key * key,
282 int keyusage,
283 const char *iv,
284 size_t ivlen,
285 const char *in, size_t inlen, char **out, size_t * outlen)
286 {
287 int res;
288
289 res = simplified_encrypt (handle, key, 0, iv, ivlen,
290 in, inlen, out, outlen);
291 if (res != SHISHI_OK)
292 return res;
293
294 return SHISHI_OK;
295 }
296
297 static int
298 des_none_decrypt (Shishi * handle,
299 Shishi_key * key,
300 int keyusage,
301 const char *iv,
302 size_t ivlen,
303 const char *in, size_t inlen, char **out, size_t * outlen)
304 {
305 int res;
306
307 res = simplified_decrypt (handle, key, 0, iv, ivlen,
308 in, inlen, out, outlen);
309 if (res != SHISHI_OK)
310 return res;
311
312 return SHISHI_OK;
313 }
314 #endif
315
316 static int
317 des_set_odd_key_parity (char key[8])
318 {
319 int i, j;
320
321 for (i = 0; i < 8; i++)
322 {
323 int n_set_bits = 0;
324
325 for (j = 1; j < 8; j++)
326 if (key[i] & (1 << j))
327 n_set_bits++;
328
329 key[i] &= ~1;
330 if ((n_set_bits % 2) == 0)
331 key[i] |= 1;
332 }
333
334 return SHISHI_OK;
335 }
336
337 #ifdef USE_GCRYPT
338 static int
339 des_key_correction (Shishi * handle, char *key)
340 {
341 gcry_cipher_hd_t ch;
342 gpg_error_t err;
343
344 /* fixparity(key); */
345 des_set_odd_key_parity (key);
346
347 err = gcry_cipher_open (&ch, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0);
348 if (err != GPG_ERR_NO_ERROR)
349 {
350 shishi_error_printf (handle, "DES-CBC not available in libgcrypt");
351 return SHISHI_CRYPTO_INTERNAL_ERROR;
352 }
353
354 /* XXX? libgcrypt tests for pseudo-weak keys, rfc 1510 doesn't */
355
356 err = gcry_cipher_setkey (ch, key, 8);
357
358 gcry_cipher_close (ch);
359
360 if (err != GPG_ERR_NO_ERROR)
361 {
362 if (gpg_err_code (err) == GPG_ERR_WEAK_KEY)
363 {
364 if (VERBOSECRYPTO (handle))
365 printf ("\t ;; WEAK KEY (corrected)\n");
366 key[7] ^= 0xF0;
367 }
368 else
369 {
370 shishi_error_printf (handle, "DES setkey failed");
371 shishi_error_set (handle, gpg_strerror (err));
372 return SHISHI_CRYPTO_INTERNAL_ERROR;
373 }
374 }
375
376 return SHISHI_OK;
377 }
378
379 static int
380 des_random_to_key (Shishi * handle,
381 const char *random, size_t randomlen, Shishi_key * outkey)
382 {
383 char tmp[MAX_RANDOM_LEN];
384 int keylen = shishi_cipher_keylen (shishi_key_type (outkey));
385
386 if (randomlen != shishi_key_length (outkey))
387 {
388 shishi_error_printf (handle, "DES random to key caller error");
389 return SHISHI_CRYPTO_ERROR;
390 }
391
392 memcpy (tmp, random, keylen);
393 des_set_odd_key_parity (tmp);
394
395 shishi_key_value_set (outkey, tmp);
396
397 return SHISHI_OK;
398 }
399
400 static int
401 des_cbc_check (Shishi * handle, char key[8], char *data, int n_data)
402 {
403 gcry_cipher_hd_t ch;
404 gpg_error_t err;
405 int res = SHISHI_CRYPTO_INTERNAL_ERROR;
406
407 err = gcry_cipher_open (&ch, GCRY_CIPHER_DES,
408 GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_MAC);
409 if (err != GPG_ERR_NO_ERROR)
410 {
411 shishi_error_printf (handle, "DES-CBC-MAC not available in libgcrypt");
412 return SHISHI_CRYPTO_INTERNAL_ERROR;
413 }
414
415 err = gcry_cipher_setkey (ch, key, 8);
416 if (err != GPG_ERR_NO_ERROR)
417 {
418 shishi_error_printf (handle, "DES setkey failed");
419 shishi_error_set (handle, gpg_strerror (err));
420 goto done;
421 }
422
423 err = gcry_cipher_setiv (ch, key, 8);
424 if (err != GPG_ERR_NO_ERROR)
425 {
426 shishi_error_printf (handle, "DES setiv failed");
427 shishi_error_set (handle, gpg_strerror (err));
428 goto done;
429 }
430
431 err = gcry_cipher_encrypt (ch, key, 8, data, n_data);
432 if (err != GPG_ERR_NO_ERROR)
433 {
434 shishi_error_printf (handle, "DES encrypt failed");
435 shishi_error_set (handle, gpg_strerror (err));
436 goto done;
437 }
438
439 return SHISHI_OK;
440
441 done:
442 gcry_cipher_close (ch);
443 return res;
444 }
445
446 static int
447 des_string_to_key (Shishi * handle,
448 const char *string,
449 size_t stringlen,
450 const char *salt,
451 size_t saltlen, const char *parameter, Shishi_key * outkey)
452 {
453 char *s;
454 int n_s;
455 int odd;
456 char tempkey[8];
457 int i, j;
458 char temp, temp2;
459 int res;
460
461 if (VERBOSECRYPTO (handle))
462 {
463 printf ("des_string_to_key (string, salt)\n");
464
465 printf ("\t ;; String:\n");
466 escapeprint (string, stringlen);
467 hexprint (string, stringlen);
468 puts ("");
469 puts ("");
470
471 printf ("\t ;; Salt:\n");
472 escapeprint (salt, saltlen);
473 hexprint (salt, saltlen);
474 puts ("");
475
476 printf ("odd = 1;\n");
477 printf ("s = string | salt;\n");
478 printf ("tempstring = 0; /* 56-bit string */\n");
479 printf ("pad(s); /* with nulls to 8 byte boundary */\n");
480
481 }
482
483 if (saltlen < 0)
484 saltlen = 0;
485
486 odd = 1;
487 n_s = stringlen + saltlen;
488 if ((n_s % 8) != 0)
489 n_s += 8 - n_s % 8;
490 s = (char *) malloc (n_s);
491 memcpy (s, string, stringlen);
492 if (saltlen > 0)
493 memcpy (s + stringlen, salt, saltlen);
494 memset (s + stringlen + saltlen, 0, n_s - stringlen - saltlen);
495 memset (tempkey, 0, sizeof (tempkey)); /* tempkey = NULL; */
496
497 if (VERBOSECRYPTO (handle))
498 {
499 printf ("\t ;; s = pad(string|salt):\n");
500 escapeprint (s, n_s);
501 hexprint (s, n_s);
502 puts ("");
503 }
504
505 for (i = 0; i < n_s / 8; i++)
506 {
507 if (VERBOSECRYPTO (handle))
508 {
509 printf ("for (8byteblock in s) {\n");
510 printf ("\t ;; loop iteration %d\n", i);
511 printf ("\t ;; 8byteblock:\n");
512 escapeprint (&s[i * 8], 8);
513 hexprint (&s[i * 8], 8);
514 puts ("");
515 binprint (&s[i * 8], 8);
516 puts ("");
517 printf ("56bitstring = removeMSBits(8byteblock);\n");
518 }
519
520 for (j = 0; j < 8; j++)
521 s[i * 8 + j] = s[i * 8 + j] & ~0x80;
522
523 if (VERBOSECRYPTO (handle))
524 {
525 printf ("\t ;; 56bitstring:\n");
526 bin7print (&s[i * 8], 8);
527 puts ("");
528 printf ("if (odd == 0) reverse(56bitstring);\t ;; odd=%d\n", odd);
529 }
530
531 if (odd == 0)
532 {
533 for (j = 0; j < 4; j++)
534 {
535 temp = s[i * 8 + j];
536 temp =
537 ((temp >> 6) & 0x01) |
538 ((temp >> 4) & 0x02) |
539 ((temp >> 2) & 0x04) |
540 ((temp) & 0x08) |
541 ((temp << 2) & 0x10) |
542 ((temp << 4) & 0x20) | ((temp << 6) & 0x40);
543 temp2 = s[i * 8 + 7 - j];
544 temp2 =
545 ((temp2 >> 6) & 0x01) |
546 ((temp2 >> 4) & 0x02) |
547 ((temp2 >> 2) & 0x04) |
548 ((temp2) & 0x08) |
549 ((temp2 << 2) & 0x10) |
550 ((temp2 << 4) & 0x20) | ((temp2 << 6) & 0x40);
551 s[i * 8 + j] = temp2;
552 s[i * 8 + 7 - j] = temp;
553 }
554 if (VERBOSECRYPTO (handle))
555 {
556 printf ("reverse(56bitstring)\n");
557 printf ("\t ;; 56bitstring after reverse\n");
558 bin7print (&s[i * 8], 8);
559 puts ("");
560 }
561 }
562
563 odd = !odd;
564
565 if (VERBOSECRYPTO (handle))
566 {
567 printf ("odd = ! odd\n");
568 printf ("tempstring = tempstring XOR 56bitstring;\n");
569 }
570
571 /* tempkey = tempkey XOR 8byteblock; */
572 for (j = 0; j < 8; j++)
573 tempkey[j] ^= s[i * 8 + j];
574
575 if (VERBOSECRYPTO (handle))
576 {
577 printf ("\t ;; tempstring\n");
578 bin7print (tempkey, 8);
579 puts ("");
580 puts ("");
581 }
582 }
583
584 for (j = 0; j < 8; j++)
585 tempkey[j] = tempkey[j] << 1;
586
587 if (VERBOSECRYPTO (handle))
588 {
589 printf ("for (8byteblock in s) {\n");
590 printf ("}\n");
591 printf ("\t ;; for loop terminated\n");
592 printf ("\t ;; tempstring as 64bitblock\n");
593 hexprint (tempkey, 8);
594 puts ("");
595 binprint (tempkey, 8);
596 puts ("");
597 printf ("/* add parity as low bit of each byte */\n");
598 printf ("tempkey = key_correction(add_parity_bits(tempstring));\n");
599 }
600
601 res = des_key_correction (handle, tempkey);
602 if (res != SHISHI_OK)
603 return res;
604
605 if (VERBOSECRYPTO (handle))
606 {
607 printf ("\t ;; tempkey\n");
608 escapeprint (tempkey, 8);
609 hexprint (tempkey, 8);
610 puts ("");
611 binprint (tempkey, 8);
612 puts ("");
613 puts ("");
614 printf ("key = key_correction(DES-CBC-check(s,tempkey));\n");
615 }
616
617 memcpy (s, string, stringlen);
618 if (saltlen > 0)
619 memcpy (s + stringlen, salt, saltlen);
620 memset (s + stringlen + saltlen, 0, n_s - stringlen - saltlen);
621
622 res = des_cbc_check (handle, tempkey, s, n_s);
623 if (res != SHISHI_OK)
624 return res;
625
626 res = des_key_correction (handle, tempkey);
627 if (res != SHISHI_OK)
628 return res;
629
630 if (VERBOSECRYPTO (handle))
631 {
632 printf ("\t ;; key\n");
633 escapeprint (tempkey, 8);
634 hexprint (tempkey, 8);
635 puts ("");
636 binprint (tempkey, 8);
637 puts ("");
638 puts ("");
639 }
640
641 shishi_key_value_set (outkey, tempkey);
642
643 return SHISHI_OK;
644 }
645
646 static int
647 des_checksum (Shishi * handle,
648 Shishi_key * key,
649 int keyusage,
650 int cksumtype,
651 char *in, size_t inlen, char **out, size_t * outlen,
652 int algo)
653 {
654 char buffer[BUFSIZ];
655 int buflen;
656 char *keyp;
657 int i;
658 int res;
659
660 buflen = sizeof (buffer);
661 res = raw_des_checksum (handle, algo, in, inlen, buffer, &buflen, 0);
662 if (res != SHISHI_OK)
663 {
664 shishi_error_set (handle, "checksum failed");
665 return res;
666 }
667
668 keyp = shishi_key_value (key);
669
670 for (i = 0; i < 8; i++)
671 keyp[i] ^= 0xF0;
672
673 res = simplified_dencrypt (handle, key, NULL, 0, buffer, buflen,
674 out, outlen, 0);
675
676 for (i = 0; i < 8; i++)
677 keyp[i] ^= 0xF0;
678
679 if (res != SHISHI_OK)
680 {
681 shishi_error_set (handle, "encrypt failed");
682 return res;
683 }
684
685 return SHISHI_OK;
686 }
687
688 static int
689 des_md4_checksum (Shishi * handle,
690 Shishi_key * key,
691 int keyusage,
692 int cksumtype,
693 char *in, size_t inlen, char **out, size_t * outlen)
694 {
695 return des_checksum (handle, key, keyusage, cksumtype,
696 in, inlen, out, outlen,
697 GCRY_MD_MD4);
698 }
699
700 static int
701 des_md5_checksum (Shishi * handle,
702 Shishi_key * key,
703 int keyusage,
704 int cksumtype,
705 char *in, size_t inlen, char **out, size_t * outlen)
706 {
707 return des_checksum (handle, key, keyusage, cksumtype,
708 in, inlen, out, outlen,
709 GCRY_MD_MD5);
710 }
711 #endif
Free Kerberos V5 implementation