17c478bdstevel@tonic-gate/*
2159d09aMark Phalan * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
37c478bdstevel@tonic-gate * Use is subject to license terms.
47c478bdstevel@tonic-gate */
57c478bdstevel@tonic-gate
67c478bdstevel@tonic-gate
77c478bdstevel@tonic-gate/*
87c478bdstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC.
97c478bdstevel@tonic-gate *
107c478bdstevel@tonic-gate * All rights reserved.
117c478bdstevel@tonic-gate *
127c478bdstevel@tonic-gate * Export of this software from the United States of America may require
137c478bdstevel@tonic-gate * a specific license from the United States Government.  It is the
147c478bdstevel@tonic-gate * responsibility of any person or organization contemplating export to
157c478bdstevel@tonic-gate * obtain such a license before exporting.
167c478bdstevel@tonic-gate *
177c478bdstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
187c478bdstevel@tonic-gate * distribute this software and its documentation for any purpose and
197c478bdstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
207c478bdstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
217c478bdstevel@tonic-gate * this permission notice appear in supporting documentation, and that
227c478bdstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining
237c478bdstevel@tonic-gate * to distribution of the software without specific, written prior
247c478bdstevel@tonic-gate * permission.  FundsXpress makes no representations about the suitability of
257c478bdstevel@tonic-gate * this software for any purpose.  It is provided "as is" without express
267c478bdstevel@tonic-gate * or implied warranty.
277c478bdstevel@tonic-gate *
287c478bdstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
297c478bdstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
307c478bdstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
317c478bdstevel@tonic-gate */
327c478bdstevel@tonic-gate
337c478bdstevel@tonic-gate/* Solaris Kerberos:
347c478bdstevel@tonic-gate * this code is based on the
357c478bdstevel@tonic-gate * usr/src/lib/gss_mechs/mech_krb5/crypto/keyhash_provider/k5_md5des.c
367c478bdstevel@tonic-gate * file, but has been modified to use the Solaris resident md5.o kernel
377c478bdstevel@tonic-gate * module and associated header /usr/include/sys/md5.o.
387c478bdstevel@tonic-gate * This means that the MD5* functions are called instead of krb5_MD5*.
397c478bdstevel@tonic-gate */
407c478bdstevel@tonic-gate
417c478bdstevel@tonic-gate#include <des_int.h>
42159d09aMark Phalan#include <krb5.h>
437c478bdstevel@tonic-gate#include <keyhash_provider.h>
447c478bdstevel@tonic-gate#include <sys/kmem.h>
457c478bdstevel@tonic-gate#include <sys/crypto/api.h>
467c478bdstevel@tonic-gate
477c478bdstevel@tonic-gate#define CONFLENGTH 8
487c478bdstevel@tonic-gate
497c478bdstevel@tonic-gate/* Force acceptance of krb5-beta5 md5des checksum for now. */
507c478bdstevel@tonic-gate#define KRB5_MD5DES_BETA5_COMPAT
517c478bdstevel@tonic-gate
527c478bdstevel@tonic-gate/* des-cbc(xorkey, conf | rsa-md5(conf | data)) */
537c478bdstevel@tonic-gate
547c478bdstevel@tonic-gate/* this could be done in terms of the md5 and des providers, but
557c478bdstevel@tonic-gate   that's less efficient, and there's no need for this to be generic */
567c478bdstevel@tonic-gate
577c478bdstevel@tonic-gate/*ARGSUSED*/
587c478bdstevel@tonic-gatestatic krb5_error_code
597c478bdstevel@tonic-gatek5_md5des_hash(krb5_context context,
607c478bdstevel@tonic-gate	krb5_const krb5_keyblock *key,
617c478bdstevel@tonic-gate	krb5_keyusage usage,
627c478bdstevel@tonic-gate	krb5_const krb5_data *ivec,
637c478bdstevel@tonic-gate	krb5_const krb5_data *input, krb5_data *output)
647c478bdstevel@tonic-gate{
657c478bdstevel@tonic-gate    krb5_error_code ret = 0;
667c478bdstevel@tonic-gate    krb5_data data;
677c478bdstevel@tonic-gate    unsigned char conf[CONFLENGTH];
687c478bdstevel@tonic-gate    unsigned char xorkey[MIT_DES_KEYSIZE];
697c478bdstevel@tonic-gate    int i;
707c478bdstevel@tonic-gate    krb5_data *hash_input;
717c478bdstevel@tonic-gate    char *outptr;
727c478bdstevel@tonic-gate    krb5_keyblock newkey;
737c478bdstevel@tonic-gate
747c478bdstevel@tonic-gate    if (key->length != MIT_DES_KEYSIZE)
757c478bdstevel@tonic-gate	return(KRB5_BAD_KEYSIZE);
767c478bdstevel@tonic-gate    if (ivec)
777c478bdstevel@tonic-gate	return(KRB5_CRYPTO_INTERNAL);
787c478bdstevel@tonic-gate    if (output->length != (CONFLENGTH + MD5_CKSUM_LENGTH))
797c478bdstevel@tonic-gate	return(KRB5_CRYPTO_INTERNAL);
807c478bdstevel@tonic-gate
817c478bdstevel@tonic-gate    /* create the confounder */
827c478bdstevel@tonic-gate    data.length = CONFLENGTH;
837c478bdstevel@tonic-gate    data.data = (char *) conf;
847c478bdstevel@tonic-gate    if ((ret = krb5_c_random_make_octets(context, &data)))
857c478bdstevel@tonic-gate	return(ret);
867c478bdstevel@tonic-gate
877c478bdstevel@tonic-gate    /* hash the confounder, then the input data */
887c478bdstevel@tonic-gate    hash_input = (krb5_data *)MALLOC(sizeof(krb5_data) * 2);
897c478bdstevel@tonic-gate    if (hash_input == NULL)
907c478bdstevel@tonic-gate	return(KRB5_RC_MALLOC);
917c478bdstevel@tonic-gate
927c478bdstevel@tonic-gate    hash_input[0].data = (char *)conf;
937c478bdstevel@tonic-gate    hash_input[0].length = CONFLENGTH;
947c478bdstevel@tonic-gate    hash_input[1].data = input->data;
957c478bdstevel@tonic-gate    hash_input[1].length = input->length;
967c478bdstevel@tonic-gate
977c478bdstevel@tonic-gate    /* Save the pointer to the beginning of the output buffer */
987c478bdstevel@tonic-gate    outptr = (char *)output->data;
997c478bdstevel@tonic-gate
1007c478bdstevel@tonic-gate    /*
1017c478bdstevel@tonic-gate     * Move the output ptr ahead so we can write the hash
1027c478bdstevel@tonic-gate     * digest directly into the buffer.
1037c478bdstevel@tonic-gate     */
1047c478bdstevel@tonic-gate    output->data = output->data + CONFLENGTH;
1057c478bdstevel@tonic-gate
1067c478bdstevel@tonic-gate    /* Use generic hash function that calls to kEF */
1077c478bdstevel@tonic-gate    if (k5_ef_hash(context, 2, hash_input, output)) {
1087c478bdstevel@tonic-gate	FREE(hash_input, sizeof(krb5_data) * 2);
1097c478bdstevel@tonic-gate	return(KRB5_KEF_ERROR);
1107c478bdstevel@tonic-gate    }
1117c478bdstevel@tonic-gate
1127c478bdstevel@tonic-gate    /* restore the original ptr to the output data */
1137c478bdstevel@tonic-gate    output->data = outptr;
1147c478bdstevel@tonic-gate
1157c478bdstevel@tonic-gate    /*
1167c478bdstevel@tonic-gate     * Put the confounder in the beginning of the buffer to be
1177c478bdstevel@tonic-gate     * encrypted.
1187c478bdstevel@tonic-gate     */
1197c478bdstevel@tonic-gate    bcopy(conf, output->data, CONFLENGTH);
1207c478bdstevel@tonic-gate
1217c478bdstevel@tonic-gate    bcopy(key->contents, xorkey, sizeof(xorkey));
1227c478bdstevel@tonic-gate    for (i=0; i<sizeof(xorkey); i++)
1237c478bdstevel@tonic-gate	xorkey[i] ^= 0xf0;
1247c478bdstevel@tonic-gate
1257c478bdstevel@tonic-gate    /*
1267c478bdstevel@tonic-gate     * Solaris Kerberos:
1277c478bdstevel@tonic-gate     * Encryption Framework checks for parity and weak keys.
1287c478bdstevel@tonic-gate     */
1297c478bdstevel@tonic-gate    bzero(&newkey, sizeof(krb5_keyblock));
1307c478bdstevel@tonic-gate    newkey.enctype = key->enctype;
1317c478bdstevel@tonic-gate    newkey.contents = xorkey;
1327c478bdstevel@tonic-gate    newkey.length = sizeof(xorkey);
1337c478bdstevel@tonic-gate    newkey.dk_list = NULL;
1347c478bdstevel@tonic-gate    newkey.kef_key.ck_data = NULL;
1357c478bdstevel@tonic-gate    ret = init_key_kef(context->kef_cipher_mt, &newkey);
1367c478bdstevel@tonic-gate    if (ret) {
1377c478bdstevel@tonic-gate	FREE(hash_input, sizeof(krb5_data) * 2);
1387c478bdstevel@tonic-gate	return (ret);
1397c478bdstevel@tonic-gate    }
1407c478bdstevel@tonic-gate
1417c478bdstevel@tonic-gate    /* encrypt it, in place.  this has a return value, but it's
1427c478bdstevel@tonic-gate       always zero.  */
1437c478bdstevel@tonic-gate    ret = mit_des_cbc_encrypt(context, (krb5_pointer) output->data,
1447c478bdstevel@tonic-gate	(krb5_pointer) output->data, output->length,
1457c478bdstevel@tonic-gate	&newkey, (unsigned char*) mit_des_zeroblock, 1);
1467c478bdstevel@tonic-gate
1477c478bdstevel@tonic-gate    FREE(hash_input, sizeof(krb5_data) * 2);
1487c478bdstevel@tonic-gate    (void)crypto_destroy_ctx_template(newkey.key_tmpl);
1497c478bdstevel@tonic-gate    return(ret);
1507c478bdstevel@tonic-gate}
1517c478bdstevel@tonic-gate
1527c478bdstevel@tonic-gate/*ARGSUSED*/
1537c478bdstevel@tonic-gatestatic krb5_error_code
1547c478bdstevel@tonic-gatek5_md5des_verify(krb5_context context,
1557c478bdstevel@tonic-gate	krb5_const krb5_keyblock *key,
1567c478bdstevel@tonic-gate	krb5_keyusage usage,
1577c478bdstevel@tonic-gate	krb5_const krb5_data *ivec,
1587c478bdstevel@tonic-gate	krb5_const krb5_data *input,
1597c478bdstevel@tonic-gate	krb5_const krb5_data *hash,
1607c478bdstevel@tonic-gate	krb5_boolean *valid)
1617c478bdstevel@tonic-gate{
1627c478bdstevel@tonic-gate    krb5_error_code ret = 0;
1637c478bdstevel@tonic-gate    unsigned char plaintext[CONFLENGTH + MD5_CKSUM_LENGTH];
1647c478bdstevel@tonic-gate    unsigned char xorkey[8];
1657c478bdstevel@tonic-gate    int i;
1667c478bdstevel@tonic-gate    int compathash = 0;
1677c478bdstevel@tonic-gate    krb5_octet outtmp[MD5_CKSUM_LENGTH];
1687c478bdstevel@tonic-gate    size_t hisize;
1697c478bdstevel@tonic-gate    krb5_data *hash_input;
1707c478bdstevel@tonic-gate    krb5_data hash_output;
1717c478bdstevel@tonic-gate    krb5_keyblock newkey;
1727c478bdstevel@tonic-gate
1737c478bdstevel@tonic-gate    if (key->length != MIT_DES_KEYSIZE)
1747c478bdstevel@tonic-gate	return(KRB5_BAD_KEYSIZE);
1757c478bdstevel@tonic-gate    if (ivec)
1767c478bdstevel@tonic-gate	return(KRB5_CRYPTO_INTERNAL);
1777c478bdstevel@tonic-gate    if (hash->length != (CONFLENGTH + MD5_CKSUM_LENGTH)) {
1787c478bdstevel@tonic-gate#ifdef KRB5_MD5DES_BETA5_COMPAT
1797c478bdstevel@tonic-gate	if (hash->length != MD5_CKSUM_LENGTH)
1807c478bdstevel@tonic-gate	    return(KRB5_CRYPTO_INTERNAL);
1817c478bdstevel@tonic-gate	else
1827c478bdstevel@tonic-gate	    compathash = 1;
1837c478bdstevel@tonic-gate#else
1847c478bdstevel@tonic-gate	return(KRB5_CRYPTO_INTERNAL);
1857c478bdstevel@tonic-gate#endif
1867c478bdstevel@tonic-gate    }
1877c478bdstevel@tonic-gate
1887c478bdstevel@tonic-gate    /* create and schedule the encryption key */
1897c478bdstevel@tonic-gate    (void) bcopy(key->contents, xorkey, sizeof(xorkey));
1907c478bdstevel@tonic-gate    if (!compathash) {
1917c478bdstevel@tonic-gate	for (i=0; i<sizeof(xorkey); i++)
1927c478bdstevel@tonic-gate	    xorkey[i] ^= 0xf0;
1937c478bdstevel@tonic-gate    }
1947c478bdstevel@tonic-gate
1957c478bdstevel@tonic-gate    /*
1967c478bdstevel@tonic-gate     * Solaris Kerberos:
1977c478bdstevel@tonic-gate     * Encryption Framework checks for parity and weak keys
1987c478bdstevel@tonic-gate     */
1997c478bdstevel@tonic-gate    bzero(&newkey, sizeof(krb5_keyblock));
2007c478bdstevel@tonic-gate    newkey.enctype = key->enctype;
2017c478bdstevel@tonic-gate    newkey.contents = xorkey;
2027c478bdstevel@tonic-gate    newkey.length = sizeof(xorkey);
2037c478bdstevel@tonic-gate    newkey.dk_list = NULL;
2047c478bdstevel@tonic-gate    newkey.kef_key.ck_data = NULL;
2057c478bdstevel@tonic-gate    ret = init_key_kef(context->kef_cipher_mt, &newkey);
2067c478bdstevel@tonic-gate
2077c478bdstevel@tonic-gate    /* decrypt it.  this has a return value, but it's always zero.  */
2087c478bdstevel@tonic-gate    if (!compathash) {
2097c478bdstevel@tonic-gate	ret = mit_des_cbc_encrypt(context, (krb5_pointer) hash->data,
2107c478bdstevel@tonic-gate			    (krb5_pointer) plaintext, hash->length,
2117c478bdstevel@tonic-gate			    &newkey, (unsigned char*) mit_des_zeroblock, 0);
2127c478bdstevel@tonic-gate    } else {
2137c478bdstevel@tonic-gate	ret = mit_des_cbc_encrypt(context, (krb5_pointer) hash->data,
2147c478bdstevel@tonic-gate			    (krb5_pointer) plaintext, hash->length,
2157c478bdstevel@tonic-gate			    &newkey, xorkey, 0);
2167c478bdstevel@tonic-gate    }
2177c478bdstevel@tonic-gate    if (ret) goto cleanup;
2187c478bdstevel@tonic-gate
2197c478bdstevel@tonic-gate    /* hash the confounder, then the input data */
2207c478bdstevel@tonic-gate    i = 1;
2217c478bdstevel@tonic-gate    if (!compathash)
2227c478bdstevel@tonic-gate	i++;
2237c478bdstevel@tonic-gate
2247c478bdstevel@tonic-gate    hisize = sizeof(krb5_data) * i;
2257c478bdstevel@tonic-gate    hash_input = (krb5_data *)MALLOC(hisize);
2267c478bdstevel@tonic-gate    if (hash_input == NULL)
2277c478bdstevel@tonic-gate	return(KRB5_RC_MALLOC);
2287c478bdstevel@tonic-gate
2297c478bdstevel@tonic-gate    i=0;
2307c478bdstevel@tonic-gate    if (!compathash) {
2317c478bdstevel@tonic-gate    	hash_input[i].data = (char *)plaintext;
2327c478bdstevel@tonic-gate    	hash_input[i].length = CONFLENGTH;
2337c478bdstevel@tonic-gate	i++;
2347c478bdstevel@tonic-gate    }
2357c478bdstevel@tonic-gate    hash_input[i].data = input->data;
2367c478bdstevel@tonic-gate    hash_input[i].length = input->length;
2377c478bdstevel@tonic-gate
2387c478bdstevel@tonic-gate    hash_output.data = (char *)outtmp;
2397c478bdstevel@tonic-gate    hash_output.length = sizeof(outtmp);
2407c478bdstevel@tonic-gate
2417c478bdstevel@tonic-gate    if (k5_ef_hash(context, 1, hash_input, &hash_output)) {
2427c478bdstevel@tonic-gate	ret = KRB5_KEF_ERROR;
2437c478bdstevel@tonic-gate	goto cleanup;
2447c478bdstevel@tonic-gate    }
2457c478bdstevel@tonic-gate
2467c478bdstevel@tonic-gate    /* compare the decrypted hash to the computed one */
2477c478bdstevel@tonic-gate    if (!compathash) {
2487c478bdstevel@tonic-gate	*valid = !bcmp((const void *)(plaintext+CONFLENGTH),
2497c478bdstevel@tonic-gate		(void *)outtmp, MD5_CKSUM_LENGTH);
2507c478bdstevel@tonic-gate    } else {
2517c478bdstevel@tonic-gate	*valid = !bcmp((const void *)plaintext,
2527c478bdstevel@tonic-gate		(void *)outtmp, MD5_CKSUM_LENGTH);
2537c478bdstevel@tonic-gate    }
2547c478bdstevel@tonic-gate    bzero((void *)plaintext, sizeof(plaintext));
2557c478bdstevel@tonic-gate
2567c478bdstevel@tonic-gatecleanup:
2577c478bdstevel@tonic-gate    if (hash_input != NULL && hisize > 0)
2587c478bdstevel@tonic-gate	    FREE(hash_input, hisize);
2597c478bdstevel@tonic-gate    (void)crypto_destroy_ctx_template(newkey.key_tmpl);
2607c478bdstevel@tonic-gate
2617c478bdstevel@tonic-gate    return(ret);
2627c478bdstevel@tonic-gate}
2637c478bdstevel@tonic-gate
264159d09aMark Phalanconst struct krb5_keyhash_provider krb5int_keyhash_md5des = {
265505d05cgtb    CONFLENGTH+MD5_CKSUM_LENGTH,
2667c478bdstevel@tonic-gate    k5_md5des_hash,
2677c478bdstevel@tonic-gate    k5_md5des_verify
2687c478bdstevel@tonic-gate};
269