1 /* $NetBSD: crypto-des-common.c,v 1.6 2023/06/19 21:41:44 christos Exp $ */
2
3 /*
4 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 /* Functions which are used by both single and triple DES enctypes */
37
38 #include "krb5_locl.h"
39
40 /*
41 * A = A xor B. A & B are 8 bytes.
42 */
43
44 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
_krb5_xor8(unsigned char * a,const unsigned char * b)45 _krb5_xor8(unsigned char *a, const unsigned char *b)
46 {
47 a[0] ^= b[0];
48 a[1] ^= b[1];
49 a[2] ^= b[2];
50 a[3] ^= b[3];
51 a[4] ^= b[4];
52 a[5] ^= b[5];
53 a[6] ^= b[6];
54 a[7] ^= b[7];
55 }
56
57 #if defined(DES3_OLD_ENCTYPE) || defined(HEIM_WEAK_CRYPTO)
58 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_des_checksum(krb5_context context,const EVP_MD * evp_md,struct _krb5_key_data * key,const void * data,size_t len,Checksum * cksum)59 _krb5_des_checksum(krb5_context context,
60 const EVP_MD *evp_md,
61 struct _krb5_key_data *key,
62 const void *data,
63 size_t len,
64 Checksum *cksum)
65 {
66 struct _krb5_evp_schedule *ctx = key->schedule->data;
67 EVP_MD_CTX *m;
68 DES_cblock ivec;
69 unsigned char *p = cksum->checksum.data;
70
71 krb5_generate_random_block(p, 8);
72
73 m = EVP_MD_CTX_create();
74 if (m == NULL)
75 return krb5_enomem(context);
76
77 EVP_DigestInit_ex(m, evp_md, NULL);
78 EVP_DigestUpdate(m, p, 8);
79 EVP_DigestUpdate(m, data, len);
80 EVP_DigestFinal_ex (m, p + 8, NULL);
81 EVP_MD_CTX_destroy(m);
82 memset_s (&ivec, sizeof(ivec), 0, sizeof(ivec));
83
84 #if OPENSSL_VERSION_NUMBER < 0x10100000UL
85 ctx->ectx = malloc(sizeof(*ctx->ectx));
86 EVP_CIPHER_CTX_init(ctx->ectx);
87 #else
88 ctx->ectx = EVP_CIPHER_CTX_new();
89 #endif
90
91 if (!EVP_CipherInit_ex(ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1))
92 krb5_abortx(context, "can't initialize cipher");
93 EVP_Cipher(ctx->ectx, p, p, 24);
94
95 return 0;
96 }
97
98 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_des_verify(krb5_context context,const EVP_MD * evp_md,struct _krb5_key_data * key,const void * data,size_t len,Checksum * C)99 _krb5_des_verify(krb5_context context,
100 const EVP_MD *evp_md,
101 struct _krb5_key_data *key,
102 const void *data,
103 size_t len,
104 Checksum *C)
105 {
106 struct _krb5_evp_schedule *ctx = key->schedule->data;
107 EVP_MD_CTX *m;
108 unsigned char tmp[24];
109 unsigned char res[16];
110 DES_cblock ivec;
111 krb5_error_code ret = 0;
112
113 m = EVP_MD_CTX_create();
114 if (m == NULL)
115 return krb5_enomem(context);
116
117 memset_s (&ivec, sizeof(ivec), 0, sizeof(ivec));
118 #if OPENSSL_VERSION_NUMBER < 0x10100000UL
119 ctx->dctx = malloc(sizeof(*ctx->dctx));
120 EVP_CIPHER_CTX_init(ctx->dctx);
121 #else
122 ctx->dctx = EVP_CIPHER_CTX_new();
123 #endif
124 if (!EVP_CipherInit_ex(ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1))
125 krb5_abortx(context, "can't initialize cipher");
126 EVP_Cipher(ctx->dctx, tmp, C->checksum.data, 24);
127
128 EVP_DigestInit_ex(m, evp_md, NULL);
129 EVP_DigestUpdate(m, tmp, 8); /* confounder */
130 EVP_DigestUpdate(m, data, len);
131 EVP_DigestFinal_ex (m, res, NULL);
132 EVP_MD_CTX_destroy(m);
133 if(ct_memcmp(res, tmp + 8, sizeof(res)) != 0) {
134 krb5_clear_error_message (context);
135 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
136 }
137 memset_s (tmp, sizeof(tmp), 0, sizeof(tmp));
138 memset_s (res, sizeof(res), 0, sizeof(res));
139 return ret;
140 }
141
142 #endif
143
144 static krb5_error_code
RSA_MD5_checksum(krb5_context context,struct _krb5_key_data * key,const void * data,size_t len,unsigned usage,Checksum * C)145 RSA_MD5_checksum(krb5_context context,
146 struct _krb5_key_data *key,
147 const void *data,
148 size_t len,
149 unsigned usage,
150 Checksum *C)
151 {
152 if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1)
153 krb5_abortx(context, "md5 checksum failed");
154 return 0;
155 }
156
157 struct _krb5_checksum_type _krb5_checksum_rsa_md5 = {
158 CKSUMTYPE_RSA_MD5,
159 "rsa-md5",
160 64,
161 16,
162 F_CPROOF,
163 RSA_MD5_checksum,
164 NULL
165 };
166