static void des3_random_to_key(struct krb5_key_state *ks, const void *in) { uint8_t *outkey; const uint8_t *inkey; int subkey; for (subkey = 0, outkey = ks->ks_key, inkey = in; subkey < 3; subkey++, outkey += 8, inkey += 7) { /* * Expand 56 bits of random data to 64 bits as follows * (in the example, bit number 1 is the MSB of the 56 * bits of random data): * * expanded = * 1 2 3 4 5 6 7 p * 9 10 11 12 13 14 15 p * 17 18 19 20 21 22 23 p * 25 26 27 28 29 30 31 p * 33 34 35 36 37 38 39 p * 41 42 43 44 45 46 47 p * 49 50 51 52 53 54 55 p * 56 48 40 32 24 16 8 p */ outkey[0] = inkey[0]; outkey[1] = inkey[1]; outkey[2] = inkey[2]; outkey[3] = inkey[3]; outkey[4] = inkey[4]; outkey[5] = inkey[5]; outkey[6] = inkey[6]; outkey[7] = (((inkey[0] & 1) << 1) | ((inkey[1] & 1) << 2) | ((inkey[2] & 1) << 3) | ((inkey[3] & 1) << 4) | ((inkey[4] & 1) << 5) | ((inkey[5] & 1) << 6) | ((inkey[6] & 1) << 7)); des_set_odd_parity((des_cblock *) outkey); if (des_is_weak_key((des_cblock *) outkey)) outkey[7] ^= 0xf0; } des3_set_key(ks, ks->ks_key); }
static int wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize) { struct nettle_cipher_ctx *ctx = _ctx; uint8_t des_key[DES3_KEY_SIZE]; switch (ctx->algo) { case GNUTLS_CIPHER_AES_128_GCM: case GNUTLS_CIPHER_AES_256_GCM: gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key); break; case GNUTLS_CIPHER_AES_128_CBC: case GNUTLS_CIPHER_AES_192_CBC: case GNUTLS_CIPHER_AES_256_CBC: if (ctx->enc) aes_set_encrypt_key (ctx->ctx_ptr, keysize, key); else aes_set_decrypt_key (ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_CAMELLIA_128_CBC: case GNUTLS_CIPHER_CAMELLIA_192_CBC: case GNUTLS_CIPHER_CAMELLIA_256_CBC: if (ctx->enc) camellia_set_encrypt_key (ctx->ctx_ptr, keysize, key); else camellia_set_decrypt_key (ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_3DES_CBC: if (keysize != DES3_KEY_SIZE) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } des_fix_parity (keysize, des_key, key); /* this fails on weak keys */ if (des3_set_key (ctx->ctx_ptr, des_key) != 1) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } break; case GNUTLS_CIPHER_DES_CBC: if (keysize != DES_KEY_SIZE) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } des_fix_parity (keysize, des_key, key); if (des_set_key (ctx->ctx_ptr, des_key) != 1) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } break; case GNUTLS_CIPHER_ARCFOUR_128: case GNUTLS_CIPHER_ARCFOUR_40: arcfour_set_key (ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_RC2_40_CBC: arctwo_set_key (ctx->ctx_ptr, keysize, key); break; default: gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } return 0; }
static int wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize) { struct nettle_cipher_ctx *ctx = _ctx; uint8_t des_key[DES3_KEY_SIZE]; switch (ctx->algo) { case GNUTLS_CIPHER_AES_128_GCM: case GNUTLS_CIPHER_AES_256_GCM: gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key); break; case GNUTLS_CIPHER_AES_128_CBC: case GNUTLS_CIPHER_AES_192_CBC: case GNUTLS_CIPHER_AES_256_CBC: if (ctx->enc) aes_set_encrypt_key(ctx->ctx_ptr, keysize, key); else aes_set_decrypt_key(ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_CAMELLIA_128_CBC: case GNUTLS_CIPHER_CAMELLIA_192_CBC: case GNUTLS_CIPHER_CAMELLIA_256_CBC: if (ctx->enc) camellia_set_encrypt_key(ctx->ctx_ptr, keysize, key); else camellia_set_decrypt_key(ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_3DES_CBC: if (keysize != DES3_KEY_SIZE) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } des_fix_parity(keysize, des_key, key); if (des3_set_key(ctx->ctx_ptr, des_key) != 1) { gnutls_assert(); } zeroize_temp_key(des_key, sizeof(des_key)); break; case GNUTLS_CIPHER_CAMELLIA_128_GCM: case GNUTLS_CIPHER_CAMELLIA_256_GCM: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); _gcm_camellia_set_key(&ctx->ctx.camellia_gcm, keysize, key); break; case GNUTLS_CIPHER_DES_CBC: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (keysize != DES_KEY_SIZE) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } des_fix_parity(keysize, des_key, key); if (des_set_key(ctx->ctx_ptr, des_key) != 1) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } zeroize_temp_key(des_key, sizeof(des_key)); break; case GNUTLS_CIPHER_ARCFOUR_128: case GNUTLS_CIPHER_ARCFOUR_40: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); arcfour_set_key(ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_SALSA20_256: case GNUTLS_CIPHER_ESTREAM_SALSA20_256: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); salsa20_set_key(ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_RC2_40_CBC: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); arctwo_set_key(ctx->ctx_ptr, keysize, key); break; default: gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } return 0; }