xref: /netbsd-src/crypto/external/bsd/heimdal/dist/lib/krb5/crypto-des-common.c (revision 82d56013d7b633d116a93943de88e08335357a7c) 
1 /*	$NetBSD: crypto-des-common.c,v 1.4 2019/12/15 22:50:50 christos Exp $	*/
2 
3 /*
4  * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
5  * (Royal Institute of Technology, Stockholm, Sweden).
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * 3. Neither the name of the Institute nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 /* Functions which are used by both single and triple DES enctypes */
37 
38 #include "krb5_locl.h"
39 
40 /*
41  * A = A xor B. A & B are 8 bytes.
42  */
43 
44 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
45 _krb5_xor8(unsigned char *a, const unsigned char *b)
46 {
47     a[0] ^= b[0];
48     a[1] ^= b[1];
49     a[2] ^= b[2];
50     a[3] ^= b[3];
51     a[4] ^= b[4];
52     a[5] ^= b[5];
53     a[6] ^= b[6];
54     a[7] ^= b[7];
55 }
56 
57 #if defined(DES3_OLD_ENCTYPE) || defined(HEIM_WEAK_CRYPTO)
58 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
59 _krb5_des_checksum(krb5_context context,
60 		   const EVP_MD *evp_md,
61 		   struct _krb5_key_data *key,
62 		   const void *data,
63 		   size_t len,
64 		   Checksum *cksum)
65 {
66     struct _krb5_evp_schedule *ctx = key->schedule->data;
67     EVP_MD_CTX *m;
68     DES_cblock ivec;
69     unsigned char *p = cksum->checksum.data;
70 
71     krb5_generate_random_block(p, 8);
72 
73     m = EVP_MD_CTX_create();
74     if (m == NULL)
75 	return krb5_enomem(context);
76 
77     EVP_DigestInit_ex(m, evp_md, NULL);
78     EVP_DigestUpdate(m, p, 8);
79     EVP_DigestUpdate(m, data, len);
80     EVP_DigestFinal_ex (m, p + 8, NULL);
81     EVP_MD_CTX_destroy(m);
82     memset_s (&ivec, sizeof(ivec), 0, sizeof(ivec));
83 
84 #if OPENSSL_VERSION_NUMBER < 0x10100000UL
85     ctx->ectx = malloc(sizeof(*ctx->ectx));
86     EVP_CIPHER_CTX_init(ctx->ectx);
87 #else
88     ctx->ectx = EVP_CIPHER_CTX_new();
89 #endif
90 
91     EVP_CipherInit_ex(ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1);
92     EVP_Cipher(ctx->ectx, p, p, 24);
93 
94     return 0;
95 }
96 
97 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
98 _krb5_des_verify(krb5_context context,
99 		 const EVP_MD *evp_md,
100 		 struct _krb5_key_data *key,
101 		 const void *data,
102 		 size_t len,
103 		 Checksum *C)
104 {
105     struct _krb5_evp_schedule *ctx = key->schedule->data;
106     EVP_MD_CTX *m;
107     unsigned char tmp[24];
108     unsigned char res[16];
109     DES_cblock ivec;
110     krb5_error_code ret = 0;
111 
112     m = EVP_MD_CTX_create();
113     if (m == NULL)
114 	return krb5_enomem(context);
115 
116     memset_s (&ivec, sizeof(ivec), 0, sizeof(ivec));
117 #if OPENSSL_VERSION_NUMBER < 0x10100000UL
118     ctx->dctx = malloc(sizeof(*ctx->dctx));
119     EVP_CIPHER_CTX_init(ctx->dctx);
120 #else
121     ctx->dctx = EVP_CIPHER_CTX_new();
122 #endif
123     EVP_CipherInit_ex(ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1);
124     EVP_Cipher(ctx->dctx, tmp, C->checksum.data, 24);
125 
126     EVP_DigestInit_ex(m, evp_md, NULL);
127     EVP_DigestUpdate(m, tmp, 8); /* confounder */
128     EVP_DigestUpdate(m, data, len);
129     EVP_DigestFinal_ex (m, res, NULL);
130     EVP_MD_CTX_destroy(m);
131     if(ct_memcmp(res, tmp + 8, sizeof(res)) != 0) {
132 	krb5_clear_error_message (context);
133 	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
134     }
135     memset_s (tmp, sizeof(tmp), 0, sizeof(tmp));
136     memset_s (res, sizeof(res), 0, sizeof(res));
137     return ret;
138 }
139 
140 #endif
141 
142 static krb5_error_code
143 RSA_MD5_checksum(krb5_context context,
144 		 struct _krb5_key_data *key,
145 		 const void *data,
146 		 size_t len,
147 		 unsigned usage,
148 		 Checksum *C)
149 {
150     if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1)
151 	krb5_abortx(context, "md5 checksum failed");
152     return 0;
153 }
154 
155 struct _krb5_checksum_type _krb5_checksum_rsa_md5 = {
156     CKSUMTYPE_RSA_MD5,
157     "rsa-md5",
158     64,
159     16,
160     F_CPROOF,
161     RSA_MD5_checksum,
162     NULL
163 };
164