/src/samba/third_party/heimdal/lib/krb5/salt-des3.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan |
3 | | * (Royal Institute of Technology, Stockholm, Sweden). |
4 | | * All rights reserved. |
5 | | * |
6 | | * Redistribution and use in source and binary forms, with or without |
7 | | * modification, are permitted provided that the following conditions |
8 | | * are met: |
9 | | * |
10 | | * 1. Redistributions of source code must retain the above copyright |
11 | | * notice, this list of conditions and the following disclaimer. |
12 | | * |
13 | | * 2. Redistributions in binary form must reproduce the above copyright |
14 | | * notice, this list of conditions and the following disclaimer in the |
15 | | * documentation and/or other materials provided with the distribution. |
16 | | * |
17 | | * 3. Neither the name of the Institute nor the names of its contributors |
18 | | * may be used to endorse or promote products derived from this software |
19 | | * without specific prior written permission. |
20 | | * |
21 | | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND |
22 | | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
23 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
24 | | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE |
25 | | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 | | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
27 | | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
28 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
29 | | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
30 | | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
31 | | * SUCH DAMAGE. |
32 | | */ |
33 | | |
34 | | #include "krb5_locl.h" |
35 | | |
36 | | #ifdef DES3_OLD_ENCTYPE |
37 | | static krb5_error_code |
38 | | DES3_string_to_key(krb5_context context, |
39 | | krb5_enctype enctype, |
40 | | krb5_data password, |
41 | | krb5_salt salt, |
42 | | krb5_data opaque, |
43 | | krb5_keyblock *key) |
44 | 0 | { |
45 | 0 | char *str; |
46 | 0 | size_t len; |
47 | 0 | unsigned char tmp[24]; |
48 | 0 | DES_cblock keys[3]; |
49 | 0 | krb5_error_code ret; |
50 | |
|
51 | 0 | len = password.length + salt.saltvalue.length; |
52 | 0 | str = malloc(len); |
53 | 0 | if (len != 0 && str == NULL) |
54 | 0 | return krb5_enomem(context); |
55 | 0 | memcpy(str, password.data, password.length); |
56 | 0 | memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length); |
57 | 0 | { |
58 | 0 | DES_cblock ivec; |
59 | 0 | DES_key_schedule s[3]; |
60 | 0 | int i; |
61 | |
|
62 | 0 | ret = _krb5_n_fold(str, len, tmp, 24); |
63 | 0 | if (ret) { |
64 | 0 | memset_s(str, len, 0, len); |
65 | 0 | free(str); |
66 | 0 | krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); |
67 | 0 | return ret; |
68 | 0 | } |
69 | | |
70 | 0 | for(i = 0; i < 3; i++){ |
71 | 0 | memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); |
72 | 0 | DES_set_odd_parity(keys + i); |
73 | 0 | if(DES_is_weak_key(keys + i)) |
74 | 0 | _krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); |
75 | 0 | DES_set_key_unchecked(keys + i, &s[i]); |
76 | 0 | } |
77 | 0 | memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec)); |
78 | 0 | DES_ede3_cbc_encrypt(tmp, |
79 | 0 | tmp, sizeof(tmp), |
80 | 0 | &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT); |
81 | 0 | memset_s(s, sizeof(s), 0, sizeof(s)); |
82 | 0 | memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec)); |
83 | 0 | for(i = 0; i < 3; i++){ |
84 | 0 | memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); |
85 | 0 | DES_set_odd_parity(keys + i); |
86 | 0 | if(DES_is_weak_key(keys + i)) |
87 | 0 | _krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); |
88 | 0 | } |
89 | 0 | memset_s(tmp, sizeof(tmp), 0, sizeof(tmp)); |
90 | 0 | } |
91 | 0 | key->keytype = enctype; |
92 | 0 | krb5_data_copy(&key->keyvalue, keys, sizeof(keys)); |
93 | 0 | memset_s(keys, sizeof(keys), 0, sizeof(keys)); |
94 | 0 | memset_s(str, len, 0, len); |
95 | 0 | free(str); |
96 | 0 | return 0; |
97 | 0 | } |
98 | | #endif |
99 | | |
100 | | static krb5_error_code |
101 | | DES3_string_to_key_derived(krb5_context context, |
102 | | krb5_enctype enctype, |
103 | | krb5_data password, |
104 | | krb5_salt salt, |
105 | | krb5_data opaque, |
106 | | krb5_keyblock *key) |
107 | 0 | { |
108 | 0 | krb5_error_code ret; |
109 | 0 | size_t len = password.length + salt.saltvalue.length; |
110 | 0 | char *s; |
111 | |
|
112 | 0 | s = malloc(len); |
113 | 0 | if (len != 0 && s == NULL) |
114 | 0 | return krb5_enomem(context); |
115 | 0 | memcpy(s, password.data, password.length); |
116 | 0 | if (salt.saltvalue.length) |
117 | 0 | memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); |
118 | 0 | ret = krb5_string_to_key_derived(context, |
119 | 0 | s, |
120 | 0 | len, |
121 | 0 | enctype, |
122 | 0 | key); |
123 | 0 | memset_s(s, len, 0, len); |
124 | 0 | free(s); |
125 | 0 | return ret; |
126 | 0 | } |
127 | | |
128 | | |
129 | | #ifdef DES3_OLD_ENCTYPE |
130 | | struct salt_type _krb5_des3_salt[] = { |
131 | | { |
132 | | KRB5_PW_SALT, |
133 | | "pw-salt", |
134 | | DES3_string_to_key |
135 | | }, |
136 | | { 0, NULL, NULL } |
137 | | }; |
138 | | #endif |
139 | | |
140 | | struct salt_type _krb5_des3_salt_derived[] = { |
141 | | { |
142 | | KRB5_PW_SALT, |
143 | | "pw-salt", |
144 | | DES3_string_to_key_derived |
145 | | }, |
146 | | { 0, NULL, NULL } |
147 | | }; |