2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2008 Isilon Inc http://www.isilon.com/
5 * Authors: Doug Rabson <dfr@rabson.org>
6 * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
33 #include <sys/param.h>
36 #include <sys/malloc.h>
38 #include <sys/mutex.h>
40 #include <crypto/des/des.h>
41 #include <opencrypto/cryptodev.h>
43 #include <kgssapi/gssapi.h>
44 #include <kgssapi/gssapi_impl.h>
50 crypto_session_t ds_session;
54 des1_init(struct krb5_key_state *ks)
56 struct des1_state *ds;
58 ds = malloc(sizeof(struct des1_state), M_GSSAPI, M_WAITOK|M_ZERO);
59 mtx_init(&ds->ds_lock, "gss des lock", NULL, MTX_DEF);
64 des1_destroy(struct krb5_key_state *ks)
66 struct des1_state *ds = ks->ks_priv;
69 crypto_freesession(ds->ds_session);
70 mtx_destroy(&ds->ds_lock);
71 free(ks->ks_priv, M_GSSAPI);
76 des1_set_key(struct krb5_key_state *ks, const void *in)
78 void *kp = ks->ks_key;
79 struct des1_state *ds = ks->ks_priv;
80 struct cryptoini cri[1];
83 bcopy(in, kp, ks->ks_class->ec_keylen);
86 crypto_freesession(ds->ds_session);
88 bzero(cri, sizeof(cri));
90 cri[0].cri_alg = CRYPTO_DES_CBC;
93 cri[0].cri_key = ks->ks_key;
94 cri[0].cri_next = NULL;
96 crypto_newsession(&ds->ds_session, cri,
97 CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE);
101 des1_random_to_key(struct krb5_key_state *ks, const void *in)
103 uint8_t *outkey = ks->ks_key;
104 const uint8_t *inkey = in;
107 * Expand 56 bits of random data to 64 bits as follows
108 * (in the example, bit number 1 is the MSB of the 56
109 * bits of random data):
113 * 9 10 11 12 13 14 15 p
114 * 17 18 19 20 21 22 23 p
115 * 25 26 27 28 29 30 31 p
116 * 33 34 35 36 37 38 39 p
117 * 41 42 43 44 45 46 47 p
118 * 49 50 51 52 53 54 55 p
119 * 56 48 40 32 24 16 8 p
121 outkey[0] = inkey[0];
122 outkey[1] = inkey[1];
123 outkey[2] = inkey[2];
124 outkey[3] = inkey[3];
125 outkey[4] = inkey[4];
126 outkey[5] = inkey[5];
127 outkey[6] = inkey[6];
128 outkey[7] = (((inkey[0] & 1) << 1)
129 | ((inkey[1] & 1) << 2)
130 | ((inkey[2] & 1) << 3)
131 | ((inkey[3] & 1) << 4)
132 | ((inkey[4] & 1) << 5)
133 | ((inkey[5] & 1) << 6)
134 | ((inkey[6] & 1) << 7));
135 des_set_odd_parity((des_cblock *) outkey);
136 if (des_is_weak_key((des_cblock *) outkey))
139 des1_set_key(ks, ks->ks_key);
143 des1_crypto_cb(struct cryptop *crp)
146 struct des1_state *ds = (struct des1_state *) crp->crp_opaque;
148 if (crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC)
151 error = crp->crp_etype;
153 error = crypto_dispatch(crp);
154 mtx_lock(&ds->ds_lock);
155 if (error || (crp->crp_flags & CRYPTO_F_DONE))
157 mtx_unlock(&ds->ds_lock);
163 des1_encrypt_1(const struct krb5_key_state *ks, int buftype, void *buf,
164 size_t skip, size_t len, void *ivec, int encdec)
166 struct des1_state *ds = ks->ks_priv;
168 struct cryptodesc *crd;
171 crp = crypto_getreq(1);
174 crd->crd_skip = skip;
176 crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT | encdec;
178 bcopy(ivec, crd->crd_iv, 8);
180 bzero(crd->crd_iv, 8);
182 crd->crd_next = NULL;
183 crd->crd_alg = CRYPTO_DES_CBC;
185 crp->crp_session = ds->ds_session;
186 crp->crp_flags = buftype | CRYPTO_F_CBIFSYNC;
188 crp->crp_opaque = (void *) ds;
189 crp->crp_callback = des1_crypto_cb;
191 error = crypto_dispatch(crp);
193 if ((crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) {
194 mtx_lock(&ds->ds_lock);
195 if (!error && !(crp->crp_flags & CRYPTO_F_DONE))
196 error = msleep(crp, &ds->ds_lock, 0, "gssdes", 0);
197 mtx_unlock(&ds->ds_lock);
204 des1_encrypt(const struct krb5_key_state *ks, struct mbuf *inout,
205 size_t skip, size_t len, void *ivec, size_t ivlen)
208 des1_encrypt_1(ks, CRYPTO_F_IMBUF, inout, skip, len, ivec,
213 des1_decrypt(const struct krb5_key_state *ks, struct mbuf *inout,
214 size_t skip, size_t len, void *ivec, size_t ivlen)
217 des1_encrypt_1(ks, CRYPTO_F_IMBUF, inout, skip, len, ivec, 0);
221 MD5Update_int(void *ctx, void *buf, u_int len)
224 MD5Update(ctx, buf, len);
229 des1_checksum(const struct krb5_key_state *ks, int usage,
230 struct mbuf *inout, size_t skip, size_t inlen, size_t outlen)
236 * This checksum is specifically for GSS-API. First take the
237 * MD5 checksum of the message, then calculate the CBC mode
238 * checksum of that MD5 checksum using a zero IV.
241 m_apply(inout, skip, inlen, MD5Update_int, &md5);
242 MD5Final(hash, &md5);
244 des1_encrypt_1(ks, 0, hash, 0, 16, NULL, CRD_F_ENCRYPT);
245 m_copyback(inout, skip + inlen, outlen, hash + 8);
248 struct krb5_encryption_class krb5_des_encryption_class = {
249 "des-cbc-md5", /* name */
250 ETYPE_DES_CBC_CRC, /* etype */