Index: head/sys/crypto/des/des.h =================================================================== --- head/sys/crypto/des/des.h (revision 351512) +++ head/sys/crypto/des/des.h (revision 351513) @@ -1,117 +1,110 @@ /* $FreeBSD$ */ /* $KAME: des.h,v 1.8 2001/09/10 04:03:57 itojun Exp $ */ /* lib/des/des.h */ /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifndef HEADER_DES_H #define HEADER_DES_H #ifdef __cplusplus extern "C" { #endif /* must be 32bit quantity */ #define DES_LONG u_int32_t typedef unsigned char des_cblock[8]; typedef struct des_ks_struct { union { des_cblock cblock; /* make sure things are correct size on machines with * 8 byte longs */ DES_LONG deslong[2]; } ks; int weak_key; } des_key_schedule[16]; #define DES_KEY_SZ (sizeof(des_cblock)) #define DES_SCHEDULE_SZ (sizeof(des_key_schedule)) #define DES_ENCRYPT 1 #define DES_DECRYPT 0 #define DES_CBC_MODE 0 #define DES_PCBC_MODE 1 extern int des_check_key; /* defaults to false */ char *des_options(void); -void des_ecb_encrypt(des_cblock *, des_cblock *, des_key_schedule, int); +void des_ecb_encrypt(unsigned char *, unsigned char *, des_key_schedule, int); void des_encrypt1(DES_LONG *, des_key_schedule, int); void des_encrypt2(DES_LONG *, des_key_schedule, int); void des_encrypt3(DES_LONG *, des_key_schedule, des_key_schedule, des_key_schedule); void des_decrypt3(DES_LONG *, des_key_schedule, des_key_schedule, des_key_schedule); -void des_ecb3_encrypt(des_cblock *, des_cblock *, des_key_schedule, +void des_ecb3_encrypt(unsigned char *, unsigned char *, des_key_schedule, des_key_schedule, des_key_schedule, int); -void des_ncbc_encrypt(const unsigned char *, unsigned char *, long, - des_key_schedule, des_cblock *, int); - -void des_ede3_cbc_encrypt(const unsigned char *, unsigned char *, long, - des_key_schedule, des_key_schedule, - des_key_schedule, des_cblock *, int); - -void des_set_odd_parity(des_cblock *); -void des_fixup_key_parity(des_cblock *); -int des_is_weak_key(const des_cblock *); -int des_set_key(const des_cblock *, des_key_schedule); -int des_key_sched(const des_cblock *, des_key_schedule); -int des_set_key_checked(const des_cblock *, des_key_schedule); -void des_set_key_unchecked(const des_cblock *, des_key_schedule); -int des_check_key_parity(const des_cblock *); +void des_set_odd_parity(unsigned char *); +void des_fixup_key_parity(unsigned char *); +int des_is_weak_key(const unsigned char *); +int des_set_key(const unsigned char *, des_key_schedule); +int des_key_sched(const unsigned char *, des_key_schedule); +int des_set_key_checked(const unsigned char *, des_key_schedule); +void des_set_key_unchecked(const unsigned char *, des_key_schedule); +int des_check_key_parity(const unsigned char *); #ifdef __cplusplus } #endif #endif Index: head/sys/crypto/des/des_ecb.c =================================================================== --- head/sys/crypto/des/des_ecb.c (revision 351512) +++ head/sys/crypto/des/des_ecb.c (revision 351513) @@ -1,139 +1,139 @@ /* $KAME: des_ecb.c,v 1.6 2001/09/10 04:03:58 itojun Exp $ */ /* crypto/des/ecb_enc.c */ /* Copyright (C) 1995-1998 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include __FBSDID("$FreeBSD$"); #include #include #include #include /* char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay"; */ /* wrong */ /* char *DES_version="DES part of SSLeay 0.6.4 30-Aug-1996"; */ char *des_options(void) { static int init=1; static char buf[32]; if (init) { const char *ptr,*unroll,*risc,*size; #ifdef DES_PTR ptr="ptr"; #else ptr="idx"; #endif #if defined(DES_RISC1) || defined(DES_RISC2) #ifdef DES_RISC1 risc="risc1"; #endif #ifdef DES_RISC2 risc="risc2"; #endif #else risc="cisc"; #endif #ifdef DES_UNROLL unroll="16"; #else unroll="4"; #endif if (sizeof(DES_LONG) != sizeof(long)) size="int"; else size="long"; sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size); init=0; } return(buf); } -void des_ecb_encrypt(des_cblock *input, des_cblock *output, +void des_ecb_encrypt(unsigned char *input, unsigned char *output, des_key_schedule ks, int enc) { register DES_LONG l; DES_LONG ll[2]; - const unsigned char *in=&(*input)[0]; - unsigned char *out = &(*output)[0]; + const unsigned char *in = input; + unsigned char *out = output; c2l(in,l); ll[0]=l; c2l(in,l); ll[1]=l; des_encrypt1(ll,ks,enc); l=ll[0]; l2c(l,out); l=ll[1]; l2c(l,out); l=ll[0]=ll[1]=0; } -void des_ecb3_encrypt(des_cblock *input, des_cblock *output, +void des_ecb3_encrypt(unsigned char *input, unsigned char *output, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, int enc) { register DES_LONG l0,l1; DES_LONG ll[2]; - const unsigned char *in = &(*input)[0]; - unsigned char *out = &(*output)[0]; + const unsigned char *in = input; + unsigned char *out = output; c2l(in,l0); c2l(in,l1); ll[0]=l0; ll[1]=l1; if (enc) des_encrypt3(ll,ks1,ks2,ks3); else des_decrypt3(ll,ks1,ks2,ks3); l0=ll[0]; l1=ll[1]; l2c(l0,out); l2c(l1,out); } Index: head/sys/crypto/des/des_setkey.c =================================================================== --- head/sys/crypto/des/des_setkey.c (revision 351512) +++ head/sys/crypto/des/des_setkey.c (revision 351513) @@ -1,236 +1,236 @@ /* $KAME: des_setkey.c,v 1.7 2001/09/10 04:03:58 itojun Exp $ */ /* crypto/des/set_key.c */ /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* set_key.c v 1.4 eay 24/9/91 * 1.4 Speed up by 400% :-) * 1.3 added register declarations. * 1.2 unrolled make_key_sched a bit more * 1.1 added norm_expand_bits * 1.0 First working version */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include int des_check_key=0; -void des_set_odd_parity(des_cblock *key) +void des_set_odd_parity(unsigned char *key) { int i; for (i=0; i>(n))^(b))&(m)),\ * (b)^=(t),\ * (a)=((a)^((t)<<(n)))) */ #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ (a)=(a)^(t)^(t>>(16-(n)))) -int des_set_key(const des_cblock *key, des_key_schedule schedule) +int des_set_key(const unsigned char *key, des_key_schedule schedule) { if (des_check_key) { return des_set_key_checked(key, schedule); } else { des_set_key_unchecked(key, schedule); return 0; } } /* return 0 if key parity is odd (correct), * return -1 if key parity error, * return -2 if illegal weak key. */ -int des_set_key_checked(const des_cblock *key, des_key_schedule schedule) +int des_set_key_checked(const unsigned char *key, des_key_schedule schedule) { if (!des_check_key_parity(key)) return(-1); if (des_is_weak_key(key)) return(-2); des_set_key_unchecked(key, schedule); return 0; } -void des_set_key_unchecked(const des_cblock *key, des_key_schedule schedule) +void des_set_key_unchecked(const unsigned char *key, des_key_schedule schedule) { static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; DES_LONG c,d,t,s,t2; const unsigned char *in; DES_LONG *k; int i; k = &schedule->ks.deslong[0]; - in = &(*key)[0]; + in = key; c2l(in,c); c2l(in,d); /* do PC1 in 47 simple operations :-) * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) * for the inspiration. :-) */ PERM_OP (d,c,t,4,0x0f0f0f0fL); HPERM_OP(c,t,-2,0xcccc0000L); HPERM_OP(d,t,-2,0xcccc0000L); PERM_OP (d,c,t,1,0x55555555L); PERM_OP (c,d,t,8,0x00ff00ffL); PERM_OP (d,c,t,1,0x55555555L); d= (((d&0x000000ffL)<<16L)| (d&0x0000ff00L) | ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L)); c&=0x0fffffffL; for (i=0; i>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); } else { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); } c&=0x0fffffffL; d&=0x0fffffffL; /* could be a few less shifts but I am to lazy at this * point in time to investigate */ s= des_skb[0][ (c )&0x3f ]| des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]| des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]| des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) | ((c>>22L)&0x38)]; t= des_skb[4][ (d )&0x3f ]| des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]| des_skb[6][ (d>>15L)&0x3f ]| des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)]; /* table contained 0213 4657 */ t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL; *(k++)=ROTATE(t2,30)&0xffffffffL; t2=((s>>16L)|(t&0xffff0000L)); *(k++)=ROTATE(t2,26)&0xffffffffL; } } -int des_key_sched(const des_cblock *key, des_key_schedule schedule) +int des_key_sched(const unsigned char *key, des_key_schedule schedule) { return(des_set_key(key,schedule)); } -void des_fixup_key_parity(des_cblock *key) +void des_fixup_key_parity(unsigned char *key) { des_set_odd_parity(key); } Index: head/sys/kgssapi/krb5/kcrypto_des.c =================================================================== --- head/sys/kgssapi/krb5/kcrypto_des.c (revision 351512) +++ head/sys/kgssapi/krb5/kcrypto_des.c (revision 351513) @@ -1,267 +1,267 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ * Authors: Doug Rabson * Developed with Red Inc: Alfred Perlstein * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include "kcrypto.h" struct des1_state { struct mtx ds_lock; crypto_session_t ds_session; }; static void des1_init(struct krb5_key_state *ks) { static struct timeval lastwarn; struct des1_state *ds; ds = malloc(sizeof(struct des1_state), M_GSSAPI, M_WAITOK|M_ZERO); mtx_init(&ds->ds_lock, "gss des lock", NULL, MTX_DEF); ks->ks_priv = ds; if (ratecheck(&lastwarn, &krb5_warn_interval)) gone_in(13, "DES cipher for Kerberos GSS"); } static void des1_destroy(struct krb5_key_state *ks) { struct des1_state *ds = ks->ks_priv; if (ds->ds_session) crypto_freesession(ds->ds_session); mtx_destroy(&ds->ds_lock); free(ks->ks_priv, M_GSSAPI); } static void des1_set_key(struct krb5_key_state *ks, const void *in) { void *kp = ks->ks_key; struct des1_state *ds = ks->ks_priv; struct cryptoini cri[1]; if (kp != in) bcopy(in, kp, ks->ks_class->ec_keylen); if (ds->ds_session) crypto_freesession(ds->ds_session); bzero(cri, sizeof(cri)); cri[0].cri_alg = CRYPTO_DES_CBC; cri[0].cri_klen = 64; cri[0].cri_mlen = 0; cri[0].cri_key = ks->ks_key; cri[0].cri_next = NULL; crypto_newsession(&ds->ds_session, cri, CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); } static void des1_random_to_key(struct krb5_key_state *ks, const void *in) { uint8_t *outkey = ks->ks_key; const uint8_t *inkey = in; /* * Expand 56 bits of random data to 64 bits as follows * (in the example, bit number 1 is the MSB of the 56 * bits of random data): * * expanded = * 1 2 3 4 5 6 7 p * 9 10 11 12 13 14 15 p * 17 18 19 20 21 22 23 p * 25 26 27 28 29 30 31 p * 33 34 35 36 37 38 39 p * 41 42 43 44 45 46 47 p * 49 50 51 52 53 54 55 p * 56 48 40 32 24 16 8 p */ outkey[0] = inkey[0]; outkey[1] = inkey[1]; outkey[2] = inkey[2]; outkey[3] = inkey[3]; outkey[4] = inkey[4]; outkey[5] = inkey[5]; outkey[6] = inkey[6]; outkey[7] = (((inkey[0] & 1) << 1) | ((inkey[1] & 1) << 2) | ((inkey[2] & 1) << 3) | ((inkey[3] & 1) << 4) | ((inkey[4] & 1) << 5) | ((inkey[5] & 1) << 6) | ((inkey[6] & 1) << 7)); - des_set_odd_parity((des_cblock *) outkey); - if (des_is_weak_key((des_cblock *) outkey)) + des_set_odd_parity(outkey); + if (des_is_weak_key(outkey)) outkey[7] ^= 0xf0; des1_set_key(ks, ks->ks_key); } static int des1_crypto_cb(struct cryptop *crp) { int error; struct des1_state *ds = (struct des1_state *) crp->crp_opaque; if (crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC) return (0); error = crp->crp_etype; if (error == EAGAIN) error = crypto_dispatch(crp); mtx_lock(&ds->ds_lock); if (error || (crp->crp_flags & CRYPTO_F_DONE)) wakeup(crp); mtx_unlock(&ds->ds_lock); return (0); } static void des1_encrypt_1(const struct krb5_key_state *ks, int buftype, void *buf, size_t skip, size_t len, void *ivec, int encdec) { struct des1_state *ds = ks->ks_priv; struct cryptop *crp; struct cryptodesc *crd; int error; crp = crypto_getreq(1); crd = crp->crp_desc; crd->crd_skip = skip; crd->crd_len = len; crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT | encdec; if (ivec) { bcopy(ivec, crd->crd_iv, 8); } else { bzero(crd->crd_iv, 8); } crd->crd_next = NULL; crd->crd_alg = CRYPTO_DES_CBC; crp->crp_session = ds->ds_session; crp->crp_flags = buftype | CRYPTO_F_CBIFSYNC; crp->crp_buf = buf; crp->crp_opaque = (void *) ds; crp->crp_callback = des1_crypto_cb; error = crypto_dispatch(crp); if ((crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) { mtx_lock(&ds->ds_lock); if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) error = msleep(crp, &ds->ds_lock, 0, "gssdes", 0); mtx_unlock(&ds->ds_lock); } crypto_freereq(crp); } static void des1_encrypt(const struct krb5_key_state *ks, struct mbuf *inout, size_t skip, size_t len, void *ivec, size_t ivlen) { des1_encrypt_1(ks, CRYPTO_F_IMBUF, inout, skip, len, ivec, CRD_F_ENCRYPT); } static void des1_decrypt(const struct krb5_key_state *ks, struct mbuf *inout, size_t skip, size_t len, void *ivec, size_t ivlen) { des1_encrypt_1(ks, CRYPTO_F_IMBUF, inout, skip, len, ivec, 0); } static int MD5Update_int(void *ctx, void *buf, u_int len) { MD5Update(ctx, buf, len); return (0); } static void des1_checksum(const struct krb5_key_state *ks, int usage, struct mbuf *inout, size_t skip, size_t inlen, size_t outlen) { char hash[16]; MD5_CTX md5; /* * This checksum is specifically for GSS-API. First take the * MD5 checksum of the message, then calculate the CBC mode * checksum of that MD5 checksum using a zero IV. */ MD5Init(&md5); m_apply(inout, skip, inlen, MD5Update_int, &md5); MD5Final(hash, &md5); des1_encrypt_1(ks, 0, hash, 0, 16, NULL, CRD_F_ENCRYPT); m_copyback(inout, skip + inlen, outlen, hash + 8); } struct krb5_encryption_class krb5_des_encryption_class = { "des-cbc-md5", /* name */ ETYPE_DES_CBC_CRC, /* etype */ 0, /* flags */ 8, /* blocklen */ 8, /* msgblocklen */ 8, /* checksumlen */ 56, /* keybits */ 8, /* keylen */ des1_init, des1_destroy, des1_set_key, des1_random_to_key, des1_encrypt, des1_decrypt, des1_checksum }; Index: head/sys/kgssapi/krb5/kcrypto_des3.c =================================================================== --- head/sys/kgssapi/krb5/kcrypto_des3.c (revision 351512) +++ head/sys/kgssapi/krb5/kcrypto_des3.c (revision 351513) @@ -1,407 +1,407 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ * Authors: Doug Rabson * Developed with Red Inc: Alfred Perlstein * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include "kcrypto.h" #define DES3_FLAGS (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE) struct des3_state { struct mtx ds_lock; crypto_session_t ds_session; }; static void des3_init(struct krb5_key_state *ks) { static struct timeval lastwarn; struct des3_state *ds; ds = malloc(sizeof(struct des3_state), M_GSSAPI, M_WAITOK|M_ZERO); mtx_init(&ds->ds_lock, "gss des3 lock", NULL, MTX_DEF); ks->ks_priv = ds; if (ratecheck(&lastwarn, &krb5_warn_interval)) gone_in(13, "DES3 cipher for Kerberos GSS"); } static void des3_destroy(struct krb5_key_state *ks) { struct des3_state *ds = ks->ks_priv; if (ds->ds_session) crypto_freesession(ds->ds_session); mtx_destroy(&ds->ds_lock); free(ks->ks_priv, M_GSSAPI); } static void des3_set_key(struct krb5_key_state *ks, const void *in) { void *kp = ks->ks_key; struct des3_state *ds = ks->ks_priv; struct cryptoini cri[2]; if (kp != in) bcopy(in, kp, ks->ks_class->ec_keylen); if (ds->ds_session) crypto_freesession(ds->ds_session); bzero(cri, sizeof(cri)); cri[0].cri_alg = CRYPTO_SHA1_HMAC; cri[0].cri_klen = 192; cri[0].cri_mlen = 0; cri[0].cri_key = ks->ks_key; cri[0].cri_next = &cri[1]; cri[1].cri_alg = CRYPTO_3DES_CBC; cri[1].cri_klen = 192; cri[1].cri_mlen = 0; cri[1].cri_key = ks->ks_key; cri[1].cri_next = NULL; crypto_newsession(&ds->ds_session, cri, CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); } static void des3_random_to_key(struct krb5_key_state *ks, const void *in) { uint8_t *outkey; const uint8_t *inkey; int subkey; for (subkey = 0, outkey = ks->ks_key, inkey = in; subkey < 3; subkey++, outkey += 8, inkey += 7) { /* * Expand 56 bits of random data to 64 bits as follows * (in the example, bit number 1 is the MSB of the 56 * bits of random data): * * expanded = * 1 2 3 4 5 6 7 p * 9 10 11 12 13 14 15 p * 17 18 19 20 21 22 23 p * 25 26 27 28 29 30 31 p * 33 34 35 36 37 38 39 p * 41 42 43 44 45 46 47 p * 49 50 51 52 53 54 55 p * 56 48 40 32 24 16 8 p */ outkey[0] = inkey[0]; outkey[1] = inkey[1]; outkey[2] = inkey[2]; outkey[3] = inkey[3]; outkey[4] = inkey[4]; outkey[5] = inkey[5]; outkey[6] = inkey[6]; outkey[7] = (((inkey[0] & 1) << 1) | ((inkey[1] & 1) << 2) | ((inkey[2] & 1) << 3) | ((inkey[3] & 1) << 4) | ((inkey[4] & 1) << 5) | ((inkey[5] & 1) << 6) | ((inkey[6] & 1) << 7)); - des_set_odd_parity((des_cblock *) outkey); - if (des_is_weak_key((des_cblock *) outkey)) + des_set_odd_parity(outkey); + if (des_is_weak_key(outkey)) outkey[7] ^= 0xf0; } des3_set_key(ks, ks->ks_key); } static int des3_crypto_cb(struct cryptop *crp) { int error; struct des3_state *ds = (struct des3_state *) crp->crp_opaque; if (crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC) return (0); error = crp->crp_etype; if (error == EAGAIN) error = crypto_dispatch(crp); mtx_lock(&ds->ds_lock); if (error || (crp->crp_flags & CRYPTO_F_DONE)) wakeup(crp); mtx_unlock(&ds->ds_lock); return (0); } static void des3_encrypt_1(const struct krb5_key_state *ks, struct mbuf *inout, size_t skip, size_t len, void *ivec, int encdec) { struct des3_state *ds = ks->ks_priv; struct cryptop *crp; struct cryptodesc *crd; int error; crp = crypto_getreq(1); crd = crp->crp_desc; crd->crd_skip = skip; crd->crd_len = len; crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT | encdec; if (ivec) { bcopy(ivec, crd->crd_iv, 8); } else { bzero(crd->crd_iv, 8); } crd->crd_next = NULL; crd->crd_alg = CRYPTO_3DES_CBC; crp->crp_session = ds->ds_session; crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; crp->crp_buf = (void *) inout; crp->crp_opaque = (void *) ds; crp->crp_callback = des3_crypto_cb; error = crypto_dispatch(crp); if ((crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) { mtx_lock(&ds->ds_lock); if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) error = msleep(crp, &ds->ds_lock, 0, "gssdes3", 0); mtx_unlock(&ds->ds_lock); } crypto_freereq(crp); } static void des3_encrypt(const struct krb5_key_state *ks, struct mbuf *inout, size_t skip, size_t len, void *ivec, size_t ivlen) { des3_encrypt_1(ks, inout, skip, len, ivec, CRD_F_ENCRYPT); } static void des3_decrypt(const struct krb5_key_state *ks, struct mbuf *inout, size_t skip, size_t len, void *ivec, size_t ivlen) { des3_encrypt_1(ks, inout, skip, len, ivec, 0); } static void des3_checksum(const struct krb5_key_state *ks, int usage, struct mbuf *inout, size_t skip, size_t inlen, size_t outlen) { struct des3_state *ds = ks->ks_priv; struct cryptop *crp; struct cryptodesc *crd; int error; crp = crypto_getreq(1); crd = crp->crp_desc; crd->crd_skip = skip; crd->crd_len = inlen; crd->crd_inject = skip + inlen; crd->crd_flags = 0; crd->crd_next = NULL; crd->crd_alg = CRYPTO_SHA1_HMAC; crp->crp_session = ds->ds_session; crp->crp_ilen = inlen; crp->crp_olen = 20; crp->crp_etype = 0; crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; crp->crp_buf = (void *) inout; crp->crp_opaque = (void *) ds; crp->crp_callback = des3_crypto_cb; error = crypto_dispatch(crp); if ((crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) { mtx_lock(&ds->ds_lock); if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) error = msleep(crp, &ds->ds_lock, 0, "gssdes3", 0); mtx_unlock(&ds->ds_lock); } crypto_freereq(crp); } struct krb5_encryption_class krb5_des3_encryption_class = { "des3-cbc-sha1", /* name */ ETYPE_DES3_CBC_SHA1, /* etype */ EC_DERIVED_KEYS, /* flags */ 8, /* blocklen */ 8, /* msgblocklen */ 20, /* checksumlen */ 168, /* keybits */ 24, /* keylen */ des3_init, des3_destroy, des3_set_key, des3_random_to_key, des3_encrypt, des3_decrypt, des3_checksum }; #if 0 struct des3_dk_test { uint8_t key[24]; uint8_t usage[8]; size_t usagelen; uint8_t dk[24]; }; struct des3_dk_test tests[] = { {{0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92}, {0x00, 0x00, 0x00, 0x01, 0x55}, 5, {0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 0x5d, 0x31, 0x92, 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, 0x04, 0xcd}}, {{0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2}, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, {0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 0x10, 0x1c, 0x46, 0x98, 0x45, 0xd6, 0x7a, 0x20, 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, 0xf2, 0x07}}, {{0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52, 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc}, {0x00, 0x00, 0x00, 0x01, 0x55}, 5, {0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 0x6d, 0x13, 0xfd, 0x2c, 0xa1, 0xd0, 0x85, 0x07, 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, 0xea, 0xbf}}, {{0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02, 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5}, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, {0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 0xdc, 0x07, 0x02, 0x68, 0x6b, 0xcb, 0x34, 0x89, 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, 0x70, 0x3e}}, {{0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92, 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb}, {0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73}, 8, {0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 0x64, 0xce, 0xbf, 0xdc, 0x52, 0x04, 0xd5, 0x6d, 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, 0xda, 0x43}}, {{0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda}, {0x00, 0x00, 0x00, 0x01, 0x55}, 5, {0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 0x16, 0x16, 0x1c, 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, 0x75, 0xf7}}, {{0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c}, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, {0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 0xcb, 0xe9, 0xa7, 0xc8, 0x46, 0x26, 0xfb, 0xc7, 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, 0xe5, 0xc1}}, {{0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43}, {0x00, 0x00, 0x00, 0x01, 0x55}, 5, {0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 0xf7, 0x54, 0x25, 0xce, 0x91, 0x75, 0xfb, 0xe3, 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, 0x3b, 0x49}}, {{0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16}, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, {0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 0x54, 0xe6, 0x94, 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 0xec, 0x5d}}, }; #define N_TESTS (sizeof(tests) / sizeof(tests[0])) int main(int argc, char **argv) { struct krb5_key_state *key, *dk; uint8_t *dkp; int j, i; for (j = 0; j < N_TESTS; j++) { struct des3_dk_test *t = &tests[j]; key = krb5_create_key(&des3_encryption_class); krb5_set_key(key, t->key); dk = krb5_derive_key(key, t->usage, t->usagelen); krb5_free_key(key); if (memcmp(dk->ks_key, t->dk, 24)) { printf("DES3 dk("); for (i = 0; i < 24; i++) printf("%02x", t->key[i]); printf(", "); for (i = 0; i < t->usagelen; i++) printf("%02x", t->usage[i]); printf(") failed\n"); printf("should be: "); for (i = 0; i < 24; i++) printf("%02x", t->dk[i]); printf("\n result was: "); dkp = dk->ks_key; for (i = 0; i < 24; i++) printf("%02x", dkp[i]); printf("\n"); } krb5_free_key(dk); } return (0); } #endif Index: head/sys/netsmb/smb_crypt.c =================================================================== --- head/sys/netsmb/smb_crypt.c (revision 351512) +++ head/sys/netsmb/smb_crypt.c (revision 351513) @@ -1,311 +1,311 @@ /*- * SPDX-License-Identifier: BSD-4-Clause * * Copyright (c) 2000-2001, Boris Popov * All rights reserved. * * Copyright (c) 2003, 2004 Tim J. Robbins. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Boris Popov. * 4. Neither the name of the author nor the names of any co-contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "opt_netsmb.h" static u_char N8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; static void smb_E(const u_char *key, u_char *data, u_char *dest) { des_key_schedule *ksp; u_char kk[8]; kk[0] = key[0] & 0xfe; kk[1] = key[0] << 7 | (key[1] >> 1 & 0xfe); kk[2] = key[1] << 6 | (key[2] >> 2 & 0xfe); kk[3] = key[2] << 5 | (key[3] >> 3 & 0xfe); kk[4] = key[3] << 4 | (key[4] >> 4 & 0xfe); kk[5] = key[4] << 3 | (key[5] >> 5 & 0xfe); kk[6] = key[5] << 2 | (key[6] >> 6 & 0xfe); kk[7] = key[6] << 1; ksp = malloc(sizeof(des_key_schedule), M_SMBTEMP, M_WAITOK); - des_set_key((des_cblock *)kk, *ksp); - des_ecb_encrypt((des_cblock *)data, (des_cblock *)dest, *ksp, 1); + des_set_key(kk, *ksp); + des_ecb_encrypt(data, dest, *ksp, 1); free(ksp, M_SMBTEMP); } int smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN) { u_char *p, *P14, *S21; p = malloc(14 + 21, M_SMBTEMP, M_WAITOK); bzero(p, 14 + 21); P14 = p; S21 = p + 14; bcopy(apwd, P14, min(14, strlen(apwd))); /* * S21 = concat(Ex(P14, N8), zeros(5)); */ smb_E(P14, N8, S21); smb_E(P14 + 7, N8, S21 + 8); smb_E(S21, C8, RN); smb_E(S21 + 7, C8, RN + 8); smb_E(S21 + 14, C8, RN + 16); free(p, M_SMBTEMP); return 0; } int smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) { u_char S21[21]; u_int16_t *unipwd; MD4_CTX *ctxp; u_int len; len = strlen(apwd); unipwd = malloc((len + 1) * sizeof(u_int16_t), M_SMBTEMP, M_WAITOK); /* * S21 = concat(MD4(U(apwd)), zeros(5)); */ smb_strtouni(unipwd, apwd); ctxp = malloc(sizeof(MD4_CTX), M_SMBTEMP, M_WAITOK); MD4Init(ctxp); MD4Update(ctxp, (u_char*)unipwd, len * sizeof(u_int16_t)); free(unipwd, M_SMBTEMP); bzero(S21, 21); MD4Final(S21, ctxp); free(ctxp, M_SMBTEMP); smb_E(S21, C8, RN); smb_E(S21 + 7, C8, RN + 8); smb_E(S21 + 14, C8, RN + 16); return 0; } /* * Calculate message authentication code (MAC) key for virtual circuit. */ int smb_calcmackey(struct smb_vc *vcp) { const char *pwd; u_int16_t *unipwd; u_int len; MD4_CTX md4; u_char S16[16], S21[21]; KASSERT(vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE, ("signatures not enabled")); if (vcp->vc_mackey != NULL) { free(vcp->vc_mackey, M_SMBTEMP); vcp->vc_mackey = NULL; vcp->vc_mackeylen = 0; vcp->vc_seqno = 0; } /* * The partial MAC key is the concatenation of the 16 byte session * key and the 24 byte challenge response. */ vcp->vc_mackeylen = 16 + 24; vcp->vc_mackey = malloc(vcp->vc_mackeylen, M_SMBTEMP, M_WAITOK); /* * Calculate session key: * MD4(MD4(U(PN))) */ pwd = smb_vc_getpass(vcp); len = strlen(pwd); unipwd = malloc((len + 1) * sizeof(u_int16_t), M_SMBTEMP, M_WAITOK); smb_strtouni(unipwd, pwd); MD4Init(&md4); MD4Update(&md4, (u_char *)unipwd, len * sizeof(u_int16_t)); MD4Final(S16, &md4); MD4Init(&md4); MD4Update(&md4, S16, 16); MD4Final(vcp->vc_mackey, &md4); free(unipwd, M_SMBTEMP); /* * Calculate response to challenge: * Ex(concat(MD4(U(pass)), zeros(5)), C8) */ bzero(S21, 21); bcopy(S16, S21, 16); smb_E(S21, vcp->vc_ch, vcp->vc_mackey + 16); smb_E(S21 + 7, vcp->vc_ch, vcp->vc_mackey + 24); smb_E(S21 + 14, vcp->vc_ch, vcp->vc_mackey + 32); return (0); } /* * Sign request with MAC. */ int smb_rq_sign(struct smb_rq *rqp) { struct smb_vc *vcp = rqp->sr_vc; struct mbchain *mbp; struct mbuf *mb; MD5_CTX md5; u_char digest[16]; KASSERT(vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE, ("signatures not enabled")); if (vcp->vc_mackey == NULL) /* XXX Should assert that cmd == SMB_COM_NEGOTIATE. */ return (0); /* * This is a bit of a kludge. If the request is non-TRANSACTION, * or it is the first request of a transaction, give it the next * sequence number, and expect the reply to have the sequence number * following that one. Otherwise, it is a secondary request in * a transaction, and it gets the same sequence numbers as the * primary request. */ if (rqp->sr_t2 == NULL || (rqp->sr_t2->t2_flags & SMBT2_SECONDARY) == 0) { rqp->sr_seqno = vcp->vc_seqno++; rqp->sr_rseqno = vcp->vc_seqno++; } else { /* * Sequence numbers are already in the struct because * smb_t2_request_int() uses the same one for all the * requests in the transaction. * (At least we hope so.) */ KASSERT(rqp->sr_t2 == NULL || (rqp->sr_t2->t2_flags & SMBT2_SECONDARY) == 0 || rqp->sr_t2->t2_rq == rqp, ("sec t2 rq not using same smb_rq")); } /* Initialize sec. signature field to sequence number + zeros. */ le32enc(rqp->sr_rqsig, rqp->sr_seqno); le32enc(rqp->sr_rqsig + 4, 0); /* * Compute HMAC-MD5 of packet data, keyed by MAC key. * Store the first 8 bytes in the sec. signature field. */ smb_rq_getrequest(rqp, &mbp); MD5Init(&md5); MD5Update(&md5, vcp->vc_mackey, vcp->vc_mackeylen); for (mb = mbp->mb_top; mb != NULL; mb = mb->m_next) MD5Update(&md5, mtod(mb, void *), mb->m_len); MD5Final(digest, &md5); bcopy(digest, rqp->sr_rqsig, 8); return (0); } /* * Verify reply signature. */ int smb_rq_verify(struct smb_rq *rqp) { struct smb_vc *vcp = rqp->sr_vc; struct mdchain *mdp; u_char sigbuf[8]; MD5_CTX md5; u_char digest[16]; struct mbuf *mb; KASSERT(vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE, ("signatures not enabled")); if (vcp->vc_mackey == NULL) /* XXX Should check that this is a SMB_COM_NEGOTIATE reply. */ return (0); /* * Compute HMAC-MD5 of packet data, keyed by MAC key. * We play games to pretend the security signature field * contains their sequence number, to avoid modifying * the packet itself. */ smb_rq_getreply(rqp, &mdp); mb = mdp->md_top; KASSERT(mb->m_len >= SMB_HDRLEN, ("forgot to m_pullup")); MD5Init(&md5); MD5Update(&md5, vcp->vc_mackey, vcp->vc_mackeylen); MD5Update(&md5, mtod(mb, void *), 14); *(u_int32_t *)sigbuf = htole32(rqp->sr_rseqno); *(u_int32_t *)(sigbuf + 4) = 0; MD5Update(&md5, sigbuf, 8); MD5Update(&md5, mtod(mb, u_char *) + 22, mb->m_len - 22); for (mb = mb->m_next; mb != NULL; mb = mb->m_next) MD5Update(&md5, mtod(mb, void *), mb->m_len); MD5Final(digest, &md5); /* * Now verify the signature. */ if (bcmp(mtod(mdp->md_top, u_char *) + 14, digest, 8) != 0) return (EAUTH); return (0); } Index: head/sys/opencrypto/xform_des1.c =================================================================== --- head/sys/opencrypto/xform_des1.c (revision 351512) +++ head/sys/opencrypto/xform_des1.c (revision 351513) @@ -1,116 +1,114 @@ /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ /*- * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), * Niels Provos (provos@physnet.uni-hamburg.de) and * Damien Miller (djm@mindrot.org). * * This code was written by John Ioannidis for BSD/OS in Athens, Greece, * in November 1995. * * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, * by Angelos D. Keromytis. * * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis * and Niels Provos. * * Additional features in 1999 by Angelos D. Keromytis. * * AES XTS implementation in 2008 by Damien Miller * * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, * Angelos D. Keromytis and Niels Provos. * * Copyright (C) 2001, Angelos D. Keromytis. * * Copyright (C) 2008, Damien Miller * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by John-Mark Gurney * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * * Permission to use, copy, and modify this software with or without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to * all. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #include __FBSDID("$FreeBSD$"); #include #include static int des1_setkey(u_int8_t **, const u_int8_t *, int); static void des1_encrypt(caddr_t, u_int8_t *); static void des1_decrypt(caddr_t, u_int8_t *); static void des1_zerokey(u_int8_t **); /* Encryption instances */ struct enc_xform enc_xform_des = { CRYPTO_DES_CBC, "DES", DES_BLOCK_LEN, DES_BLOCK_LEN, DES_MIN_KEY, DES_MAX_KEY, des1_encrypt, des1_decrypt, des1_setkey, des1_zerokey, NULL, }; /* * Encryption wrapper routines. */ static void des1_encrypt(caddr_t key, u_int8_t *blk) { - des_cblock *cb = (des_cblock *) blk; des_key_schedule *p = (des_key_schedule *) key; - des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT); + des_ecb_encrypt(blk, blk, p[0], DES_ENCRYPT); } static void des1_decrypt(caddr_t key, u_int8_t *blk) { - des_cblock *cb = (des_cblock *) blk; des_key_schedule *p = (des_key_schedule *) key; - des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT); + des_ecb_encrypt(blk, blk, p[0], DES_DECRYPT); } static int des1_setkey(u_int8_t **sched, const u_int8_t *key, int len) { des_key_schedule *p; int err; p = KMALLOC(sizeof (des_key_schedule), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (p != NULL) { - des_set_key((const des_cblock *) key, p[0]); + des_set_key(key, p[0]); err = 0; } else err = ENOMEM; *sched = (u_int8_t *) p; return err; } static void des1_zerokey(u_int8_t **sched) { bzero(*sched, sizeof (des_key_schedule)); KFREE(*sched, M_CRYPTO_DATA); *sched = NULL; } Index: head/sys/opencrypto/xform_des3.c =================================================================== --- head/sys/opencrypto/xform_des3.c (revision 351512) +++ head/sys/opencrypto/xform_des3.c (revision 351513) @@ -1,119 +1,117 @@ /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ /*- * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), * Niels Provos (provos@physnet.uni-hamburg.de) and * Damien Miller (djm@mindrot.org). * * This code was written by John Ioannidis for BSD/OS in Athens, Greece, * in November 1995. * * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, * by Angelos D. Keromytis. * * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis * and Niels Provos. * * Additional features in 1999 by Angelos D. Keromytis. * * AES XTS implementation in 2008 by Damien Miller * * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, * Angelos D. Keromytis and Niels Provos. * * Copyright (C) 2001, Angelos D. Keromytis. * * Copyright (C) 2008, Damien Miller * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by John-Mark Gurney * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * * Permission to use, copy, and modify this software with or without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to * all. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #include __FBSDID("$FreeBSD$"); #include #include static int des3_setkey(u_int8_t **, const u_int8_t *, int); static void des3_encrypt(caddr_t, u_int8_t *); static void des3_decrypt(caddr_t, u_int8_t *); static void des3_zerokey(u_int8_t **); /* Encryption instances */ struct enc_xform enc_xform_3des = { CRYPTO_3DES_CBC, "3DES", DES3_BLOCK_LEN, DES3_BLOCK_LEN, TRIPLE_DES_MIN_KEY, TRIPLE_DES_MAX_KEY, des3_encrypt, des3_decrypt, des3_setkey, des3_zerokey, NULL, }; /* * Encryption wrapper routines. */ static void des3_encrypt(caddr_t key, u_int8_t *blk) { - des_cblock *cb = (des_cblock *) blk; des_key_schedule *p = (des_key_schedule *) key; - des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT); + des_ecb3_encrypt(blk, blk, p[0], p[1], p[2], DES_ENCRYPT); } static void des3_decrypt(caddr_t key, u_int8_t *blk) { - des_cblock *cb = (des_cblock *) blk; des_key_schedule *p = (des_key_schedule *) key; - des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT); + des_ecb3_encrypt(blk, blk, p[0], p[1], p[2], DES_DECRYPT); } static int des3_setkey(u_int8_t **sched, const u_int8_t *key, int len) { des_key_schedule *p; int err; p = KMALLOC(3*sizeof (des_key_schedule), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (p != NULL) { - des_set_key((const des_cblock *)(key + 0), p[0]); - des_set_key((const des_cblock *)(key + 8), p[1]); - des_set_key((const des_cblock *)(key + 16), p[2]); + des_set_key(key + 0, p[0]); + des_set_key(key + 8, p[1]); + des_set_key(key + 16, p[2]); err = 0; } else err = ENOMEM; *sched = (u_int8_t *) p; return err; } static void des3_zerokey(u_int8_t **sched) { bzero(*sched, 3*sizeof (des_key_schedule)); KFREE(*sched, M_CRYPTO_DATA); *sched = NULL; }