1 /* $NetBSD: crypto-des.c,v 1.3 2018/02/05 16:00:53 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include "krb5_locl.h" 37 38 #ifdef HEIM_WEAK_CRYPTO 39 40 41 static void 42 krb5_DES_random_key(krb5_context context, 43 krb5_keyblock *key) 44 { 45 DES_cblock *k = key->keyvalue.data; 46 do { 47 krb5_generate_random_block(k, sizeof(DES_cblock)); 48 DES_set_odd_parity(k); 49 } while(DES_is_weak_key(k)); 50 } 51 52 static void 53 krb5_DES_schedule_old(krb5_context context, 54 struct _krb5_key_type *kt, 55 struct _krb5_key_data *key) 56 { 57 DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data); 58 } 59 60 static void 61 krb5_DES_random_to_key(krb5_context context, 62 krb5_keyblock *key, 63 const void *data, 64 size_t size) 65 { 66 DES_cblock *k = key->keyvalue.data; 67 memcpy(k, data, key->keyvalue.length); 68 DES_set_odd_parity(k); 69 if(DES_is_weak_key(k)) 70 _krb5_xor8(*k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); 71 } 72 73 static struct _krb5_key_type keytype_des_old = { 74 ETYPE_DES_CBC_CRC, 75 "des-old", 76 56, 77 8, 78 sizeof(DES_key_schedule), 79 krb5_DES_random_key, 80 krb5_DES_schedule_old, 81 _krb5_des_salt, 82 krb5_DES_random_to_key, 83 NULL, 84 NULL 85 }; 86 87 static struct _krb5_key_type keytype_des = { 88 ETYPE_DES_CBC_CRC, 89 "des", 90 56, 91 8, 92 sizeof(struct _krb5_evp_schedule), 93 krb5_DES_random_key, 94 _krb5_evp_schedule, 95 _krb5_des_salt, 96 krb5_DES_random_to_key, 97 _krb5_evp_cleanup, 98 EVP_des_cbc 99 }; 100 101 static krb5_error_code 102 CRC32_checksum(krb5_context context, 103 struct _krb5_key_data *key, 104 const void *data, 105 size_t len, 106 unsigned usage, 107 Checksum *C) 108 { 109 uint32_t crc; 110 unsigned char *r = C->checksum.data; 111 _krb5_crc_init_table (); 112 crc = _krb5_crc_update (data, len, 0); 113 r[0] = crc & 0xff; 114 r[1] = (crc >> 8) & 0xff; 115 r[2] = (crc >> 16) & 0xff; 116 r[3] = (crc >> 24) & 0xff; 117 return 0; 118 } 119 120 static krb5_error_code 121 RSA_MD4_checksum(krb5_context context, 122 struct _krb5_key_data *key, 123 const void *data, 124 size_t len, 125 unsigned usage, 126 Checksum *C) 127 { 128 if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md4(), NULL) != 1) 129 krb5_abortx(context, "md4 checksum failed"); 130 return 0; 131 } 132 133 static krb5_error_code 134 RSA_MD4_DES_checksum(krb5_context context, 135 struct _krb5_key_data *key, 136 const void *data, 137 size_t len, 138 unsigned usage, 139 Checksum *cksum) 140 { 141 return _krb5_des_checksum(context, EVP_md4(), key, data, len, cksum); 142 } 143 144 static krb5_error_code 145 RSA_MD4_DES_verify(krb5_context context, 146 struct _krb5_key_data *key, 147 const void *data, 148 size_t len, 149 unsigned usage, 150 Checksum *C) 151 { 152 return _krb5_des_verify(context, EVP_md4(), key, data, len, C); 153 } 154 155 static krb5_error_code 156 RSA_MD5_DES_checksum(krb5_context context, 157 struct _krb5_key_data *key, 158 const void *data, 159 size_t len, 160 unsigned usage, 161 Checksum *C) 162 { 163 return _krb5_des_checksum(context, EVP_md5(), key, data, len, C); 164 } 165 166 static krb5_error_code 167 RSA_MD5_DES_verify(krb5_context context, 168 struct _krb5_key_data *key, 169 const void *data, 170 size_t len, 171 unsigned usage, 172 Checksum *C) 173 { 174 return _krb5_des_verify(context, EVP_md5(), key, data, len, C); 175 } 176 177 struct _krb5_checksum_type _krb5_checksum_crc32 = { 178 CKSUMTYPE_CRC32, 179 "crc32", 180 1, 181 4, 182 0, 183 CRC32_checksum, 184 NULL 185 }; 186 187 struct _krb5_checksum_type _krb5_checksum_rsa_md4 = { 188 CKSUMTYPE_RSA_MD4, 189 "rsa-md4", 190 64, 191 16, 192 F_CPROOF, 193 RSA_MD4_checksum, 194 NULL 195 }; 196 197 struct _krb5_checksum_type _krb5_checksum_rsa_md4_des = { 198 CKSUMTYPE_RSA_MD4_DES, 199 "rsa-md4-des", 200 64, 201 24, 202 F_KEYED | F_CPROOF | F_VARIANT, 203 RSA_MD4_DES_checksum, 204 RSA_MD4_DES_verify 205 }; 206 207 struct _krb5_checksum_type _krb5_checksum_rsa_md5_des = { 208 CKSUMTYPE_RSA_MD5_DES, 209 "rsa-md5-des", 210 64, 211 24, 212 F_KEYED | F_CPROOF | F_VARIANT, 213 RSA_MD5_DES_checksum, 214 RSA_MD5_DES_verify 215 }; 216 217 static krb5_error_code 218 evp_des_encrypt_null_ivec(krb5_context context, 219 struct _krb5_key_data *key, 220 void *data, 221 size_t len, 222 krb5_boolean encryptp, 223 int usage, 224 void *ignore_ivec) 225 { 226 struct _krb5_evp_schedule *ctx = key->schedule->data; 227 EVP_CIPHER_CTX *c; 228 DES_cblock ivec; 229 memset(&ivec, 0, sizeof(ivec)); 230 c = encryptp ? ctx->ectx : ctx->dctx; 231 EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1); 232 EVP_Cipher(c, data, data, len); 233 return 0; 234 } 235 236 static krb5_error_code 237 evp_des_encrypt_key_ivec(krb5_context context, 238 struct _krb5_key_data *key, 239 void *data, 240 size_t len, 241 krb5_boolean encryptp, 242 int usage, 243 void *ignore_ivec) 244 { 245 struct _krb5_evp_schedule *ctx = key->schedule->data; 246 EVP_CIPHER_CTX *c; 247 DES_cblock ivec; 248 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); 249 c = encryptp ? ctx->ectx : ctx->dctx; 250 EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1); 251 EVP_Cipher(c, data, data, len); 252 return 0; 253 } 254 255 static krb5_error_code 256 DES_CFB64_encrypt_null_ivec(krb5_context context, 257 struct _krb5_key_data *key, 258 void *data, 259 size_t len, 260 krb5_boolean encryptp, 261 int usage, 262 void *ignore_ivec) 263 { 264 DES_cblock ivec; 265 int num = 0; 266 DES_key_schedule *s = key->schedule->data; 267 memset(&ivec, 0, sizeof(ivec)); 268 269 DES_cfb64_encrypt(data, data, len, s, &ivec, &num, encryptp); 270 return 0; 271 } 272 273 static krb5_error_code 274 DES_PCBC_encrypt_key_ivec(krb5_context context, 275 struct _krb5_key_data *key, 276 void *data, 277 size_t len, 278 krb5_boolean encryptp, 279 int usage, 280 void *ignore_ivec) 281 { 282 DES_cblock ivec; 283 DES_key_schedule *s = key->schedule->data; 284 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); 285 286 DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp); 287 return 0; 288 } 289 290 struct _krb5_encryption_type _krb5_enctype_des_cbc_crc = { 291 ETYPE_DES_CBC_CRC, 292 "des-cbc-crc", 293 NULL, 294 8, 295 8, 296 8, 297 &keytype_des, 298 &_krb5_checksum_crc32, 299 NULL, 300 F_DISABLED|F_WEAK, 301 evp_des_encrypt_key_ivec, 302 0, 303 NULL 304 }; 305 306 struct _krb5_encryption_type _krb5_enctype_des_cbc_md4 = { 307 ETYPE_DES_CBC_MD4, 308 "des-cbc-md4", 309 NULL, 310 8, 311 8, 312 8, 313 &keytype_des, 314 &_krb5_checksum_rsa_md4, 315 &_krb5_checksum_rsa_md4_des, 316 F_DISABLED|F_WEAK, 317 evp_des_encrypt_null_ivec, 318 0, 319 NULL 320 }; 321 322 struct _krb5_encryption_type _krb5_enctype_des_cbc_md5 = { 323 ETYPE_DES_CBC_MD5, 324 "des-cbc-md5", 325 NULL, 326 8, 327 8, 328 8, 329 &keytype_des, 330 &_krb5_checksum_rsa_md5, 331 &_krb5_checksum_rsa_md5_des, 332 F_DISABLED|F_WEAK, 333 evp_des_encrypt_null_ivec, 334 0, 335 NULL 336 }; 337 338 struct _krb5_encryption_type _krb5_enctype_des_cbc_none = { 339 ETYPE_DES_CBC_NONE, 340 "des-cbc-none", 341 NULL, 342 8, 343 8, 344 0, 345 &keytype_des, 346 &_krb5_checksum_none, 347 NULL, 348 F_PSEUDO|F_DISABLED|F_WEAK, 349 evp_des_encrypt_null_ivec, 350 0, 351 NULL 352 }; 353 354 struct _krb5_encryption_type _krb5_enctype_des_cfb64_none = { 355 ETYPE_DES_CFB64_NONE, 356 "des-cfb64-none", 357 NULL, 358 1, 359 1, 360 0, 361 &keytype_des_old, 362 &_krb5_checksum_none, 363 NULL, 364 F_PSEUDO|F_DISABLED|F_WEAK, 365 DES_CFB64_encrypt_null_ivec, 366 0, 367 NULL 368 }; 369 370 struct _krb5_encryption_type _krb5_enctype_des_pcbc_none = { 371 ETYPE_DES_PCBC_NONE, 372 "des-pcbc-none", 373 NULL, 374 8, 375 8, 376 0, 377 &keytype_des_old, 378 &_krb5_checksum_none, 379 NULL, 380 F_PSEUDO|F_DISABLED|F_WEAK, 381 DES_PCBC_encrypt_key_ivec, 382 0, 383 NULL 384 }; 385 #endif /* HEIM_WEAK_CRYPTO */ 386