xref: /NextBSD/sys/kgssapi/krb5/kcrypto_des.c (revision eb1a5f8de9f7ea602c373a710f531abbf81141c4)
1 /*-
2  * Copyright (c) 2008 Isilon Inc http://www.isilon.com/
3  * Authors: Doug Rabson <dfr@rabson.org>
4  * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org>
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  */
27 
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
30 
31 #include <sys/param.h>
32 #include <sys/lock.h>
33 #include <sys/kobj.h>
34 #include <sys/malloc.h>
35 #include <sys/md5.h>
36 #include <sys/mutex.h>
37 #include <sys/mbuf.h>
38 #include <crypto/des/des.h>
39 #include <opencrypto/cryptodev.h>
40 
41 #include <kgssapi/gssapi.h>
42 #include <kgssapi/gssapi_impl.h>
43 
44 #include "kcrypto.h"
45 
46 struct des1_state {
47 	struct mtx	ds_lock;
48 	uint64_t	ds_session;
49 };
50 
51 static void
des1_init(struct krb5_key_state * ks)52 des1_init(struct krb5_key_state *ks)
53 {
54 	struct des1_state *ds;
55 
56 	ds = malloc(sizeof(struct des1_state), M_GSSAPI, M_WAITOK|M_ZERO);
57 	mtx_init(&ds->ds_lock, "gss des lock", NULL, MTX_DEF);
58 	ks->ks_priv = ds;
59 }
60 
61 static void
des1_destroy(struct krb5_key_state * ks)62 des1_destroy(struct krb5_key_state *ks)
63 {
64 	struct des1_state *ds = ks->ks_priv;
65 
66 	if (ds->ds_session)
67 		crypto_freesession(ds->ds_session);
68 	mtx_destroy(&ds->ds_lock);
69 	free(ks->ks_priv, M_GSSAPI);
70 
71 }
72 
73 static void
des1_set_key(struct krb5_key_state * ks,const void * in)74 des1_set_key(struct krb5_key_state *ks, const void *in)
75 {
76 	void *kp = ks->ks_key;
77 	struct des1_state *ds = ks->ks_priv;
78 	struct cryptoini cri[1];
79 
80 	if (kp != in)
81 		bcopy(in, kp, ks->ks_class->ec_keylen);
82 
83 	if (ds->ds_session)
84 		crypto_freesession(ds->ds_session);
85 
86 	bzero(cri, sizeof(cri));
87 
88 	cri[0].cri_alg = CRYPTO_DES_CBC;
89 	cri[0].cri_klen = 64;
90 	cri[0].cri_mlen = 0;
91 	cri[0].cri_key = ks->ks_key;
92 	cri[0].cri_next = NULL;
93 
94 	crypto_newsession(&ds->ds_session, cri,
95 	    CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE);
96 }
97 
98 static void
des1_random_to_key(struct krb5_key_state * ks,const void * in)99 des1_random_to_key(struct krb5_key_state *ks, const void *in)
100 {
101 	uint8_t *outkey = ks->ks_key;
102 	const uint8_t *inkey = in;
103 
104 	/*
105 	 * Expand 56 bits of random data to 64 bits as follows
106 	 * (in the example, bit number 1 is the MSB of the 56
107 	 * bits of random data):
108 	 *
109 	 * expanded =
110 	 *	 1  2  3  4  5  6  7  p
111 	 *	 9 10 11 12 13 14 15  p
112 	 *	17 18 19 20 21 22 23  p
113 	 *	25 26 27 28 29 30 31  p
114 	 *	33 34 35 36 37 38 39  p
115 	 *	41 42 43 44 45 46 47  p
116 	 *	49 50 51 52 53 54 55  p
117 	 *	56 48 40 32 24 16  8  p
118 	 */
119 	outkey[0] = inkey[0];
120 	outkey[1] = inkey[1];
121 	outkey[2] = inkey[2];
122 	outkey[3] = inkey[3];
123 	outkey[4] = inkey[4];
124 	outkey[5] = inkey[5];
125 	outkey[6] = inkey[6];
126 	outkey[7] = (((inkey[0] & 1) << 1)
127 	    | ((inkey[1] & 1) << 2)
128 	    | ((inkey[2] & 1) << 3)
129 	    | ((inkey[3] & 1) << 4)
130 	    | ((inkey[4] & 1) << 5)
131 	    | ((inkey[5] & 1) << 6)
132 	    | ((inkey[6] & 1) << 7));
133 	des_set_odd_parity((des_cblock *) outkey);
134 	if (des_is_weak_key((des_cblock *) outkey))
135 		outkey[7] ^= 0xf0;
136 
137 	des1_set_key(ks, ks->ks_key);
138 }
139 
140 static int
des1_crypto_cb(struct cryptop * crp)141 des1_crypto_cb(struct cryptop *crp)
142 {
143 	int error;
144 	struct des1_state *ds = (struct des1_state *) crp->crp_opaque;
145 
146 	if (CRYPTO_SESID2CAPS(ds->ds_session) & CRYPTOCAP_F_SYNC)
147 		return (0);
148 
149 	error = crp->crp_etype;
150 	if (error == EAGAIN)
151 		error = crypto_dispatch(crp);
152 	mtx_lock(&ds->ds_lock);
153 	if (error || (crp->crp_flags & CRYPTO_F_DONE))
154 		wakeup(crp);
155 	mtx_unlock(&ds->ds_lock);
156 
157 	return (0);
158 }
159 
160 static void
des1_encrypt_1(const struct krb5_key_state * ks,int buftype,void * buf,size_t skip,size_t len,void * ivec,int encdec)161 des1_encrypt_1(const struct krb5_key_state *ks, int buftype, void *buf,
162     size_t skip, size_t len, void *ivec, int encdec)
163 {
164 	struct des1_state *ds = ks->ks_priv;
165 	struct cryptop *crp;
166 	struct cryptodesc *crd;
167 	int error;
168 
169 	crp = crypto_getreq(1);
170 	crd = crp->crp_desc;
171 
172 	crd->crd_skip = skip;
173 	crd->crd_len = len;
174 	crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT | encdec;
175 	if (ivec) {
176 		bcopy(ivec, crd->crd_iv, 8);
177 	} else {
178 		bzero(crd->crd_iv, 8);
179 	}
180 	crd->crd_next = NULL;
181 	crd->crd_alg = CRYPTO_DES_CBC;
182 
183 	crp->crp_sid = ds->ds_session;
184 	crp->crp_flags = buftype | CRYPTO_F_CBIFSYNC;
185 	crp->crp_buf = buf;
186 	crp->crp_opaque = (void *) ds;
187 	crp->crp_callback = des1_crypto_cb;
188 
189 	error = crypto_dispatch(crp);
190 
191 	if ((CRYPTO_SESID2CAPS(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) {
192 		mtx_lock(&ds->ds_lock);
193 		if (!error && !(crp->crp_flags & CRYPTO_F_DONE))
194 			error = msleep(crp, &ds->ds_lock, 0, "gssdes", 0);
195 		mtx_unlock(&ds->ds_lock);
196 	}
197 
198 	crypto_freereq(crp);
199 }
200 
201 static void
des1_encrypt(const struct krb5_key_state * ks,struct mbuf * inout,size_t skip,size_t len,void * ivec,size_t ivlen)202 des1_encrypt(const struct krb5_key_state *ks, struct mbuf *inout,
203     size_t skip, size_t len, void *ivec, size_t ivlen)
204 {
205 
206 	des1_encrypt_1(ks, CRYPTO_F_IMBUF, inout, skip, len, ivec,
207 	    CRD_F_ENCRYPT);
208 }
209 
210 static void
des1_decrypt(const struct krb5_key_state * ks,struct mbuf * inout,size_t skip,size_t len,void * ivec,size_t ivlen)211 des1_decrypt(const struct krb5_key_state *ks, struct mbuf *inout,
212     size_t skip, size_t len, void *ivec, size_t ivlen)
213 {
214 
215 	des1_encrypt_1(ks, CRYPTO_F_IMBUF, inout, skip, len, ivec, 0);
216 }
217 
218 static int
MD5Update_int(void * ctx,void * buf,u_int len)219 MD5Update_int(void *ctx, void *buf, u_int len)
220 {
221 
222 	MD5Update(ctx, buf, len);
223 	return (0);
224 }
225 
226 static void
des1_checksum(const struct krb5_key_state * ks,int usage,struct mbuf * inout,size_t skip,size_t inlen,size_t outlen)227 des1_checksum(const struct krb5_key_state *ks, int usage,
228     struct mbuf *inout, size_t skip, size_t inlen, size_t outlen)
229 {
230 	char hash[16];
231 	MD5_CTX md5;
232 
233 	/*
234 	 * This checksum is specifically for GSS-API. First take the
235 	 * MD5 checksum of the message, then calculate the CBC mode
236 	 * checksum of that MD5 checksum using a zero IV.
237 	 */
238 	MD5Init(&md5);
239 	m_apply(inout, skip, inlen, MD5Update_int, &md5);
240 	MD5Final(hash, &md5);
241 
242 	des1_encrypt_1(ks, 0, hash, 0, 16, NULL, CRD_F_ENCRYPT);
243 	m_copyback(inout, skip + inlen, outlen, hash + 8);
244 }
245 
246 struct krb5_encryption_class krb5_des_encryption_class = {
247 	"des-cbc-md5",		/* name */
248 	ETYPE_DES_CBC_CRC,	/* etype */
249 	0,			/* flags */
250 	8,			/* blocklen */
251 	8,			/* msgblocklen */
252 	8,			/* checksumlen */
253 	56,			/* keybits */
254 	8,			/* keylen */
255 	des1_init,
256 	des1_destroy,
257 	des1_set_key,
258 	des1_random_to_key,
259 	des1_encrypt,
260 	des1_decrypt,
261 	des1_checksum
262 };
263