/src/samba/third_party/heimdal/lib/krb5/crypto-des3.c

Source
/*
 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
 * (Royal Institute of Technology, Stockholm, Sweden).
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * 3. Neither the name of the Institute nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include "krb5_locl.h"

/*
 *
 */

static void
DES3_random_key(krb5_context context,
    krb5_keyblock *key)
{
    DES_cblock *k = key->keyvalue.data;
    do {
  krb5_generate_random_block(k, 3 * sizeof(DES_cblock));
  DES_set_odd_parity(&k[0]);
  DES_set_odd_parity(&k[1]);
  DES_set_odd_parity(&k[2]);
    } while(DES_is_weak_key(&k[0]) ||
      DES_is_weak_key(&k[1]) ||
      DES_is_weak_key(&k[2]));
}

static krb5_error_code
DES3_prf(krb5_context context,
   krb5_crypto crypto,
   const krb5_data *in,
   krb5_data *out)
{
    struct _krb5_checksum_type *ct = crypto->et->checksum;
    struct krb5_crypto_iov iov[1];
    krb5_error_code ret;
    Checksum result;
    krb5_keyblock *derived;

    result.cksumtype = ct->type;
    ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
    if (ret) {
  krb5_set_error_message(context, ret, N_("malloc: out memory", ""));
  return ret;
    }

    iov[0].data = *in;
    iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
    ret = (*ct->checksum)(context, crypto, NULL, 0, iov, 1, &result);
    if (ret) {
  krb5_data_free(&result.checksum);
  return ret;
    }

    if (result.checksum.length < crypto->et->blocksize)
  krb5_abortx(context, "internal prf error");

    derived = NULL;
    ret = krb5_derive_key(context, crypto->key.key,
        crypto->et->type, "prf", 3, &derived);
    if (ret)
  krb5_abortx(context, "krb5_derive_key");

    ret = krb5_data_alloc(out, crypto->et->prf_length);
    if (ret)
  krb5_abortx(context, "malloc failed");

    {
  const EVP_CIPHER *c = (*crypto->et->keytype->evp)();
  EVP_CIPHER_CTX ctx;

  EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */
  EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1);
  EVP_Cipher(&ctx, out->data, result.checksum.data,
       crypto->et->prf_length);
  EVP_CIPHER_CTX_cleanup(&ctx);
    }

    krb5_data_free(&result.checksum);
    krb5_free_keyblock(context, derived);

    return ret;
}

#ifdef DES3_OLD_ENCTYPE
static struct _krb5_key_type keytype_des3 = {
    ETYPE_OLD_DES3_CBC_SHA1,
    "des3",
    168,
    24,
    sizeof(struct _krb5_evp_schedule),
    DES3_random_key,
    _krb5_evp_schedule,
    _krb5_des3_salt,
    _krb5_DES3_random_to_key,
    _krb5_evp_cleanup,
    EVP_des_ede3_cbc
};
#endif

static struct _krb5_key_type keytype_des3_derived = {
    ETYPE_OLD_DES3_CBC_SHA1,
    "des3",
    168,
    24,
    sizeof(struct _krb5_evp_schedule),
    DES3_random_key,
    _krb5_evp_schedule,
    _krb5_des3_salt_derived,
    _krb5_DES3_random_to_key,
    _krb5_evp_cleanup,
    EVP_des_ede3_cbc
};

#ifdef DES3_OLD_ENCTYPE
static krb5_error_code
RSA_MD5_DES3_checksum(krb5_context context,
          krb5_crypto crypto,
          struct _krb5_key_data *key,
          unsigned usage,
          const struct krb5_crypto_iov *iov,
          int niov,
          Checksum *C)
{
    return _krb5_des_checksum(context, EVP_md5(), key, iov, niov, C);
}

static krb5_error_code
RSA_MD5_DES3_verify(krb5_context context,
        krb5_crypto crypto,
        struct _krb5_key_data *key,
        unsigned usage,
                    const struct krb5_crypto_iov *iov,
                    int niov,
        Checksum *C)
{
    return _krb5_des_verify(context, EVP_md5(), key, iov, niov, C);
}

struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3 = {
    CKSUMTYPE_RSA_MD5_DES3,
    "rsa-md5-des3",
    64,
    24,
    F_KEYED | F_CPROOF | F_VARIANT,
    RSA_MD5_DES3_checksum,
    RSA_MD5_DES3_verify
};
#endif

struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3 = {
    CKSUMTYPE_HMAC_SHA1_DES3,
    "hmac-sha1-des3",
    64,
    20,
    F_KEYED | F_CPROOF | F_DERIVED,
    _krb5_SP_HMAC_SHA1_checksum,
    NULL
};

#ifdef DES3_OLD_ENCTYPE
struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5 = {
    ETYPE_DES3_CBC_MD5,
    "des3-cbc-md5",
    NULL,
    8,
    8,
    8,
    &keytype_des3,
    &_krb5_checksum_rsa_md5,
    &_krb5_checksum_rsa_md5_des3,
    F_OLD,
    _krb5_evp_encrypt,
    _krb5_evp_encrypt_iov,
    0,
    NULL
};
#endif

struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1 = {
    ETYPE_DES3_CBC_SHA1,
    "des3-cbc-sha1",
    NULL,
    8,
    8,
    8,
    &keytype_des3_derived,
    &_krb5_checksum_sha1,
    &_krb5_checksum_hmac_sha1_des3,
    F_DERIVED | F_RFC3961_ENC | F_RFC3961_KDF | F_OLD,
    _krb5_evp_encrypt,
    _krb5_evp_encrypt_iov,
    16,
    DES3_prf
};

#ifdef DES3_OLD_ENCTYPE
struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1 = {
    ETYPE_OLD_DES3_CBC_SHA1,
    "old-des3-cbc-sha1",
    NULL,
    8,
    8,
    8,
    &keytype_des3,
    &_krb5_checksum_sha1,
    &_krb5_checksum_hmac_sha1_des3,
    F_OLD,
    _krb5_evp_encrypt,
    _krb5_evp_encrypt_iov,
    0,
    NULL
};
#endif

struct _krb5_encryption_type _krb5_enctype_des3_cbc_none = {
    ETYPE_DES3_CBC_NONE,
    "des3-cbc-none",
    NULL,
    8,
    8,
    0,
    &keytype_des3_derived,
    &_krb5_checksum_none,
    NULL,
    F_PSEUDO | F_OLD,
    _krb5_evp_encrypt,
    _krb5_evp_encrypt_iov,
    0,
    NULL
};

void
_krb5_DES3_random_to_key(krb5_context context,
       krb5_keyblock *key,
       const void *data,
       size_t size)
{
    unsigned char *x = key->keyvalue.data;
    const u_char *q = data;
    DES_cblock *k;
    int i, j;

    memset(key->keyvalue.data, 0, key->keyvalue.length);
    for (i = 0; i < 3; ++i) {
  unsigned char foo;
  for (j = 0; j < 7; ++j) {
      unsigned char b = q[7 * i + j];

      x[8 * i + j] = b;
  }
  foo = 0;
  for (j = 6; j >= 0; --j) {
      foo |= q[7 * i + j] & 1;
      foo <<= 1;
  }
  x[8 * i + 7] = foo;
    }
    k = key->keyvalue.data;
    for (i = 0; i < 3; i++) {
  DES_set_odd_parity(&k[i]);
  if(DES_is_weak_key(&k[i]))
      _krb5_xor8(k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
    }
}

Coverage Report

Created: 2025-11-16 06:57

Line	Count	Source
1		/*
2		* Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3		* (Royal Institute of Technology, Stockholm, Sweden).
4		* All rights reserved.
5		*
6		* Redistribution and use in source and binary forms, with or without
7		* modification, are permitted provided that the following conditions
8		* are met:
9		*
10		* 1. Redistributions of source code must retain the above copyright
11		* notice, this list of conditions and the following disclaimer.
12		*
13		* 2. Redistributions in binary form must reproduce the above copyright
14		* notice, this list of conditions and the following disclaimer in the
15		* documentation and/or other materials provided with the distribution.
16		*
17		* 3. Neither the name of the Institute nor the names of its contributors
18		* may be used to endorse or promote products derived from this software
19		* without specific prior written permission.
20		*
21		* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22		* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24		* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25		* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26		* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27		* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29		* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30		* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31		* SUCH DAMAGE.
32		*/
33
34		#include "krb5_locl.h"
35
36		/*
37		*
38		*/
39
40		static void
41		DES3_random_key(krb5_context context,
42		krb5_keyblock *key)
43	0	{
44	0	DES_cblock *k = key->keyvalue.data;
45	0	do {
46	0	krb5_generate_random_block(k, 3 * sizeof(DES_cblock));
47	0	DES_set_odd_parity(&k[0]);
48	0	DES_set_odd_parity(&k[1]);
49	0	DES_set_odd_parity(&k[2]);
50	0	} while(DES_is_weak_key(&k[0]) \|\|
51	0	DES_is_weak_key(&k[1]) \|\|
52	0	DES_is_weak_key(&k[2]));
53	0	}
54
55		static krb5_error_code
56		DES3_prf(krb5_context context,
57		krb5_crypto crypto,
58		const krb5_data *in,
59		krb5_data *out)
60	0	{
61	0	struct _krb5_checksum_type *ct = crypto->et->checksum;
62	0	struct krb5_crypto_iov iov[1];
63	0	krb5_error_code ret;
64	0	Checksum result;
65	0	krb5_keyblock *derived;
66
67	0	result.cksumtype = ct->type;
68	0	ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
69	0	if (ret) {
70	0	krb5_set_error_message(context, ret, N_("malloc: out memory", ""));
71	0	return ret;
72	0	}
73
74	0	iov[0].data = *in;
75	0	iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
76	0	ret = (*ct->checksum)(context, crypto, NULL, 0, iov, 1, &result);
77	0	if (ret) {
78	0	krb5_data_free(&result.checksum);
79	0	return ret;
80	0	}
81
82	0	if (result.checksum.length < crypto->et->blocksize)
83	0	krb5_abortx(context, "internal prf error");
84
85	0	derived = NULL;
86	0	ret = krb5_derive_key(context, crypto->key.key,
87	0	crypto->et->type, "prf", 3, &derived);
88	0	if (ret)
89	0	krb5_abortx(context, "krb5_derive_key");
90
91	0	ret = krb5_data_alloc(out, crypto->et->prf_length);
92	0	if (ret)
93	0	krb5_abortx(context, "malloc failed");
94
95	0	{
96	0	const EVP_CIPHER c = (crypto->et->keytype->evp)();
97	0	EVP_CIPHER_CTX ctx;
98
99	0	EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */
100	0	EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1);
101	0	EVP_Cipher(&ctx, out->data, result.checksum.data,
102	0	crypto->et->prf_length);
103	0	EVP_CIPHER_CTX_cleanup(&ctx);
104	0	}
105
106	0	krb5_data_free(&result.checksum);
107	0	krb5_free_keyblock(context, derived);
108
109	0	return ret;
110	0	}
111
112		#ifdef DES3_OLD_ENCTYPE
113		static struct _krb5_key_type keytype_des3 = {
114		ETYPE_OLD_DES3_CBC_SHA1,
115		"des3",
116		168,
117		24,
118		sizeof(struct _krb5_evp_schedule),
119		DES3_random_key,
120		_krb5_evp_schedule,
121		_krb5_des3_salt,
122		_krb5_DES3_random_to_key,
123		_krb5_evp_cleanup,
124		EVP_des_ede3_cbc
125		};
126		#endif
127
128		static struct _krb5_key_type keytype_des3_derived = {
129		ETYPE_OLD_DES3_CBC_SHA1,
130		"des3",
131		168,
132		24,
133		sizeof(struct _krb5_evp_schedule),
134		DES3_random_key,
135		_krb5_evp_schedule,
136		_krb5_des3_salt_derived,
137		_krb5_DES3_random_to_key,
138		_krb5_evp_cleanup,
139		EVP_des_ede3_cbc
140		};
141
142		#ifdef DES3_OLD_ENCTYPE
143		static krb5_error_code
144		RSA_MD5_DES3_checksum(krb5_context context,
145		krb5_crypto crypto,
146		struct _krb5_key_data *key,
147		unsigned usage,
148		const struct krb5_crypto_iov *iov,
149		int niov,
150		Checksum *C)
151	0	{
152	0	return _krb5_des_checksum(context, EVP_md5(), key, iov, niov, C);
153	0	}
154
155		static krb5_error_code
156		RSA_MD5_DES3_verify(krb5_context context,
157		krb5_crypto crypto,
158		struct _krb5_key_data *key,
159		unsigned usage,
160		const struct krb5_crypto_iov *iov,
161		int niov,
162		Checksum *C)
163	0	{
164	0	return _krb5_des_verify(context, EVP_md5(), key, iov, niov, C);
165	0	}
166
167		struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3 = {
168		CKSUMTYPE_RSA_MD5_DES3,
169		"rsa-md5-des3",
170		64,
171		24,
172		F_KEYED \| F_CPROOF \| F_VARIANT,
173		RSA_MD5_DES3_checksum,
174		RSA_MD5_DES3_verify
175		};
176		#endif
177
178		struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3 = {
179		CKSUMTYPE_HMAC_SHA1_DES3,
180		"hmac-sha1-des3",
181		64,
182		20,
183		F_KEYED \| F_CPROOF \| F_DERIVED,
184		_krb5_SP_HMAC_SHA1_checksum,
185		NULL
186		};
187
188		#ifdef DES3_OLD_ENCTYPE
189		struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5 = {
190		ETYPE_DES3_CBC_MD5,
191		"des3-cbc-md5",
192		NULL,
193		8,
194		8,
195		8,
196		&keytype_des3,
197		&_krb5_checksum_rsa_md5,
198		&_krb5_checksum_rsa_md5_des3,
199		F_OLD,
200		_krb5_evp_encrypt,
201		_krb5_evp_encrypt_iov,
202		0,
203		NULL
204		};
205		#endif
206
207		struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1 = {
208		ETYPE_DES3_CBC_SHA1,
209		"des3-cbc-sha1",
210		NULL,
211		8,
212		8,
213		8,
214		&keytype_des3_derived,
215		&_krb5_checksum_sha1,
216		&_krb5_checksum_hmac_sha1_des3,
217		F_DERIVED \| F_RFC3961_ENC \| F_RFC3961_KDF \| F_OLD,
218		_krb5_evp_encrypt,
219		_krb5_evp_encrypt_iov,
220		16,
221		DES3_prf
222		};
223
224		#ifdef DES3_OLD_ENCTYPE
225		struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1 = {
226		ETYPE_OLD_DES3_CBC_SHA1,
227		"old-des3-cbc-sha1",
228		NULL,
229		8,
230		8,
231		8,
232		&keytype_des3,
233		&_krb5_checksum_sha1,
234		&_krb5_checksum_hmac_sha1_des3,
235		F_OLD,
236		_krb5_evp_encrypt,
237		_krb5_evp_encrypt_iov,
238		0,
239		NULL
240		};
241		#endif
242
243		struct _krb5_encryption_type _krb5_enctype_des3_cbc_none = {
244		ETYPE_DES3_CBC_NONE,
245		"des3-cbc-none",
246		NULL,
247		8,
248		8,
249		0,
250		&keytype_des3_derived,
251		&_krb5_checksum_none,
252		NULL,
253		F_PSEUDO \| F_OLD,
254		_krb5_evp_encrypt,
255		_krb5_evp_encrypt_iov,
256		0,
257		NULL
258		};
259
260		void
261		_krb5_DES3_random_to_key(krb5_context context,
262		krb5_keyblock *key,
263		const void *data,
264		size_t size)
265	0	{
266	0	unsigned char *x = key->keyvalue.data;
267	0	const u_char *q = data;
268	0	DES_cblock *k;
269	0	int i, j;
270
271	0	memset(key->keyvalue.data, 0, key->keyvalue.length);
272	0	for (i = 0; i < 3; ++i) {
273	0	unsigned char foo;
274	0	for (j = 0; j < 7; ++j) {
275	0	unsigned char b = q[7 * i + j];
276
277	0	x[8 * i + j] = b;
278	0	}
279	0	foo = 0;
280	0	for (j = 6; j >= 0; --j) {
281	0	foo \|= q[7 * i + j] & 1;
282	0	foo <<= 1;
283	0	}
284	0	x[8 * i + 7] = foo;
285	0	}
286	0	k = key->keyvalue.data;
287	0	for (i = 0; i < 3; i++) {
288	0	DES_set_odd_parity(&k[i]);
289	0	if(DES_is_weak_key(&k[i]))
290	0	_krb5_xor8(k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
291	0	}
292	0	}