xcrypt.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License, Version 1.0 only 2N/A * (the "License"). You may not use this file except in compliance 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 2N/A * Use is subject to license terms. 2N/A/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 2N/A/* All Rights Reserved */ 2N/A * Portions of this source code were derived from Berkeley 4.3 BSD 2N/A * under license from the Regents of the University of California. 2N/A#
pragma ident "%Z%%M% %I% %E% SMI" 2N/Astatic char hex[];
/* forward */ 2N/A/* EXPORT DELETE START */ 2N/A * For export control reasons, we want to limit the maximum size of 2N/A * data that can be encrypted or decrypted. We limit this to 1024 2N/A * bits of key data, which amounts to 128 bytes. 2N/A * For the extended DH project, we have increased it to 2N/A * 144 bytes (128key + 16checksum) to accomadate all the 128 bytes 2N/A * being used by the new 1024bit keys plus 16 bytes MD5 checksum. 2N/A * We discussed this with Sun's export control office and lawyers 2N/A * and we have reason to believe this is ok for export. 2N/A/* EXPORT DELETE END */ 2N/A * Encrypt a secret key given passwd 2N/A * The secret key is passed and returned in hex notation. 2N/A * Its length must be a multiple of 16 hex digits (64 bits). 2N/A/* EXPORT DELETE START */ 2N/A/* EXPORT DELETE END */ 2N/A/* EXPORT DELETE START */ 2N/A/* EXPORT DELETE END */ 2N/A * Decrypt secret key using passwd 2N/A * The secret key is passed and returned in hex notation. 2N/A * Once again, the length is a multiple of 16 hex digits 2N/A/* EXPORT DELETE START */ 2N/A/* EXPORT DELETE END */ 2N/A/* EXPORT DELETE START */ 2N/A/* EXPORT DELETE END */ 2N/A * Turn password into DES key 2N/A for (i = 0; *
pw; i = (i+
1) %
8) {
2N/A * Hex to binary conversion 2N/A * Binary to hex conversion 2N/A '0',
'1',
'2',
'3',
'4',
'5',
'6',
'7',
2N/A '8',
'9',
'a',
'b',
'c',
'd',
'e',
'f',
2N/A if (c >=
'0' && c <=
'9') {
2N/A }
else if (c >=
'a' && c <=
'z') {
2N/A return (c -
'a' +
10);
2N/A }
else if (c >=
'A' && c <=
'Z') {
2N/A return (c -
'A' +
10);
2N/A * Encrypt a secret key given passwd. 2N/A * The secret key is passed in hex notation. 2N/A * Arg encrypted_secret will be set to point to the encrypted 2N/A * secret key (NUL term, hex notation). 2N/A * Its length must be a multiple of 16 hex digits (64 bits). 2N/A * For 192-0 (AUTH_DES), then encrypt using the same method as xencrypt(). 2N/A * If arg do_chksum is TRUE, append the checksum before the encrypt. 2N/A * For 192-0, the checksum is done the same as in xencrypt(). For 2N/A * bigger keys, MD5 is used. 2N/A * Arg netname can be NULL for 192-0. 2N/A/* EXPORT DELETE START */ 2N/A /* convert md5 binary digest to hex */ 2N/A /* append the hex md5 string to the end of the key */ /* EXPORT DELETE START */ * Generic key len and alg type for version of xdecrypt. * Decrypt secret key using passwd. The decrypted secret key * *overwrites* the supplied encrypted secret key. * The secret key is passed and returned in hex notation. * Once again, the length is a multiple of 16 hex digits. * If 'do_chksum' is TRUE, the 'secret' buffer is assumed to contain * a checksum calculated by a call to xencrypt_g(). * If keylen is 192 and algtype is 0, then decrypt the same way * Arg netname can be NULL for 192-0. /* EXPORT DELETE START */ /* convert md5 binary digest to hex */ /* does the digest match the appended one? */ /* EXPORT DELETE START */ * Modified version of passwd2des(). passwd2des_g() uses the Kerberos * RFC 1510 algorithm to generate a DES key from a user password * and mix-in string. The mix-in is expected to be the netname. * This function to be used only for extended Diffie-Hellman keys. * If altarg is TRUE, reverse the concat of passwd and mix-in. * Concatentate the password and the mix-in string, fan-fold and XOR them * to the required eight byte initial DES key. Since passwords can be * expected to use mostly seven bit ASCII, left shift the password one * bit in order to preserve as much key space as possible. * Concatenate the password and the mix-in string, fan-fold and XOR them * to the required eight byte initial DES key. Since passwords can be * expected to use mostly seven bit ASCII, left shift the password one * bit in order to preserve as much key space as possible. for (i = 0, j = 0;
pw[j]; j++) {
for (j = 0; j <
len; j++) {
}
else {
/* use alternative algorithm */ for (i = 0, j = 0; j <
len; j++) {
for (j = 0;
pw[j]; j++) {
* Use the temporary key to produce a DES CBC checksum for the text * string; cbc_crypt returns the checksum in the ivec. * XORing with 0xf0 preserves parity, so no need to check * Weak and semiweak keys from "Applied Cryptography", second edition, * by Bruce Schneier, Wiley 1996. {
0x01010101,
0x01010101},
{
0x1f1f1f1f,
0x1f1f1f1f},
{
0xe0e0e0e0,
0xe0e0e0e0},
{
0xfefefefe,
0xfefefefe},
{
0x01fe01fe,
0x01fe01fe},
{
0x1fe01fe0,
0x0ef10ef1},
{
0x01e001e0,
0x01f101f1},
{
0x1ffe1ffe,
0x0efe0efe},
{
0x011f011f,
0x010e010e},
{
0xe0fee0fe,
0xf1fef1fe},
{
0xfe01fe01,
0xfe01fe01},
{
0xe01fe01f,
0xf10ef10e},
{
0xe001e001,
0xf101f101},
{
0xfe1ffe1f,
0xfe0efe0e},
{
0x1f011f01,
0x0e010e01},