/** Initializes user-supplied memory as TDES context for subsequent use. This function initializes user-supplied memory pointed by TdesContext as TDES context. In addition, it sets up all TDES key materials for subsequent encryption and decryption operations. There are 3 key options as follows: KeyLength = 64, Keying option 1: K1 == K2 == K3 (Backward compatibility with DES) KeyLength = 128, Keying option 2: K1 != K2 and K3 = K1 (Less Security) KeyLength = 192 Keying option 3: K1 != K2 != K3 (Strongest) If TdesContext is NULL, then return FALSE. If Key is NULL, then return FALSE. If KeyLength is not valid, then return FALSE. @param[out] TdesContext Pointer to TDES context being initialized. @param[in] Key Pointer to the user-supplied TDES key. @param[in] KeyLength Length of TDES key in bits. @retval TRUE TDES context initialization succeeded. @retval FALSE TDES context initialization failed. **/ BOOLEAN EFIAPI TdesInit ( OUT VOID *TdesContext, IN CONST UINT8 *Key, IN UINTN KeyLength ) { DES_key_schedule *KeySchedule; // // Check input parameters. // if (TdesContext == NULL || Key == NULL || (KeyLength != 64 && KeyLength != 128 && KeyLength != 192)) { return FALSE; } KeySchedule = (DES_key_schedule *) TdesContext; // // If input Key is a weak key, return error. // if (DES_is_weak_key ((const_DES_cblock *) Key) == 1) { return FALSE; } DES_set_key_unchecked ((const_DES_cblock *) Key, KeySchedule); if (KeyLength == 64) { CopyMem (KeySchedule + 1, KeySchedule, sizeof (DES_key_schedule)); CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); return TRUE; } if (DES_is_weak_key ((const_DES_cblock *) Key + 8) == 1) { return FALSE; } DES_set_key_unchecked ((const_DES_cblock *) (Key + 8), KeySchedule + 1); if (KeyLength == 128) { CopyMem (KeySchedule + 2, KeySchedule, sizeof (DES_key_schedule)); return TRUE; } if (DES_is_weak_key ((const_DES_cblock *) Key + 16) == 1) { return FALSE; } DES_set_key_unchecked ((const_DES_cblock *) (Key + 16), KeySchedule + 2); return TRUE; }
static void DES3_random_key(krb5_context context, krb5_keyblock *key) { DES_cblock *k = key->keyvalue.data; do { krb5_generate_random_block(k, 3 * sizeof(DES_cblock)); DES_set_odd_parity(&k[0]); DES_set_odd_parity(&k[1]); DES_set_odd_parity(&k[2]); } while(DES_is_weak_key(&k[0]) || DES_is_weak_key(&k[1]) || DES_is_weak_key(&k[2])); }
void _krb5_DES3_random_to_key(krb5_context context, krb5_keyblock *key, const void *data, size_t size) { unsigned char *x = key->keyvalue.data; const u_char *q = data; DES_cblock *k; int i, j; memset(key->keyvalue.data, 0, key->keyvalue.length); for (i = 0; i < 3; ++i) { unsigned char foo; for (j = 0; j < 7; ++j) { unsigned char b = q[7 * i + j]; x[8 * i + j] = b; } foo = 0; for (j = 6; j >= 0; --j) { foo |= q[7 * i + j] & 1; foo <<= 1; } x[8 * i + 7] = foo; } k = key->keyvalue.data; for (i = 0; i < 3; i++) { DES_set_odd_parity(&k[i]); if(DES_is_weak_key(&k[i])) _krb5_xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); } }
void openssl_des_crypt() { int size; DES_cblock key; DES_cblock outputs; const_DES_cblock inputs; DES_key_schedule schedule; unsigned char tmp[16] = "des crypt"; DES_random_key(&key); DES_string_to_key("beike2012", &key); DES_set_odd_parity(&key); des_check_key_parity(&key); DES_set_key_checked(&key, &schedule); DES_is_weak_key((const_DES_cblock *)tmp); DES_ecb_encrypt((const_DES_cblock *)tmp, &outputs, &schedule, DES_ENCRYPT); printf("\nDES_ecb_encrypt(%s) = ", tmp); for (size = 0; size < sizeof(outputs); size++) printf("%02x", outputs[size]); printf("\n"); DES_ecb_encrypt(&outputs, &inputs, &schedule, DES_DECRYPT); printf("DES_ecb_decrypt("); for (size = 0; size < sizeof(outputs); size++) printf("%02x", outputs[size]); printf(") = %s\n", inputs); }
/** * Use NIST SP800-108 with HMAC(MD5) in counter mode as the PRF to derive a * des key from another type of key. * * L is 64, as we take 64 random bits and turn them into a 56-bit des key. * The output of hmac_md5 is 128 bits; we take the first 64 only, so n * properly should be 1. However, we apply a slight variation due to the * possibility of producing a weak des key. If the output key is weak, do NOT * simply correct it, instead, the counter is advanced and the next output * used. As such, we code so as to have n be the full 255 permitted by our * encoding of the counter i in an 8-bit field. L itself is encoded as a * 32-bit field, big-endian. We use the constant string "rxkad" as a label * for this key derivation, the standard NUL byte separator, and omit a * key-derivation context. The input key is unique to the krb5 service ticket, * which is unlikely to be used in an other location. If it is used in such * a fashion, both locations will derive the same des key from the PRF, but * this is no different from if a krb5 des key had been used in the same way, * as traditional krb5 rxkad uses the ticket session key directly as the token * key. * * @param[in] in pointer to input key data * @param[in] insize length of input key data * @param[out] out 8-byte buffer to hold the derived key * * @return Returns 0 to indicate success, or an error code. * * @retval KRB5DES_WEAK_KEY Successive derivation attempts with all * 255 possible counter values each produced weak DES keys. This input * cannot be used to produce a usable key. */ static int rxkad_derive_des_key(const void *in, size_t insize, char out[8]) { unsigned char i; static unsigned char label[] = "rxkad"; /* bits of output, as 32 bit word, MSB first */ static unsigned char Lbuf[4] = { 0, 0, 0, 64 }; /* only needs to be 16 for md5, but lets be sure it fits */ unsigned char tmp[64]; unsigned int mdsize; DES_cblock ktmp; HMAC_CTX mctx; /* stop when 8 bit counter wraps to 0 */ for (i = 1; i; i++) { HMAC_CTX_init(&mctx); HMAC_Init_ex(&mctx, in, insize, EVP_md5(), NULL); HMAC_Update(&mctx, &i, 1); HMAC_Update(&mctx, label, sizeof(label)); /* includes label and separator */ HMAC_Update(&mctx, Lbuf, 4); mdsize = sizeof(tmp); HMAC_Final(&mctx, tmp, &mdsize); memcpy(ktmp, tmp, 8); DES_set_odd_parity(&ktmp); if (!DES_is_weak_key(&ktmp)) { memcpy(out, ktmp, 8); return 0; } } return KRB5DES_WEAK_KEY; }
bool key_des_check (uint8_t *key, int key_len, int ndc) { int i; struct buffer b; buf_set_read (&b, key, key_len); for (i = 0; i < ndc; ++i) { DES_cblock *dc = (DES_cblock*) buf_read_alloc (&b, sizeof (DES_cblock)); if (!dc) { msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: insufficient key material"); goto err; } if (DES_is_weak_key(dc)) { msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: weak key detected"); goto err; } if (!DES_check_key_parity (dc)) { msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: bad parity detected"); goto err; } } return true; err: ERR_clear_error (); return false; }
static void weak_test(int is_weak, const char akey[8]) { DES_cblock key; memcpy(&key, akey, sizeof(key)); if (DES_is_weak_key(&key) != is_weak) errx(1, "weakness is wrong"); }
int DES_random_key(DES_cblock *ret) { do { if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) return (0); } while (DES_is_weak_key(ret)); DES_set_odd_parity(ret); return (1); }
int HC_DEPRECATED DES_new_random_key(DES_cblock *key) { do { if (RAND_bytes(key, sizeof(*key)) != 1) return 1; DES_set_odd_parity(key); } while(DES_is_weak_key(key)); return(0); }
/* return 0 if key parity is odd (correct), * return -1 if key parity error, * return -2 if illegal weak key. * return -3 if illegal parameter. */ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule) { if(key == NULL || schedule == NULL) return (-3); if (!DES_check_key_parity(key)) return(-1); if (DES_is_weak_key(key)) return(-2); DES_set_key_unchecked(key, schedule); return 0; }
/* * mit_des_is_weak_key: returns true iff key is a [semi-]weak des key. * * Requires: key has correct odd parity. */ int mit_des_is_weak_key(mit_des_cblock key) { unsigned int i; const mit_des_cblock *weak_p = weak; for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) { if (!memcmp(weak_p++,key,sizeof(mit_des_cblock))) return 1; } if ( DES_is_weak_key(key) == 1) /* Also OpenSSL's check */ return 1; return 0; }
void DES_string_to_key(const char *str, DES_cblock *key) { DES_key_schedule ks; int i,length; register unsigned char j; TINYCLR_SSL_MEMSET(key,0,8); length=TINYCLR_SSL_STRLEN(str); #ifdef OLD_STR_TO_KEY for (i=0; i<length; i++) (*key)[i%8]^=(str[i]<<1); #else /* MIT COMPATIBLE */ for (i=0; i<length; i++) { j=str[i]; if ((i%16) < 8) (*key)[i%8]^=(j<<1); else { /* Reverse the bit order 05/05/92 eay */ j=((j<<4)&0xf0)|((j>>4)&0x0f); j=((j<<2)&0xcc)|((j>>2)&0x33); j=((j<<1)&0xaa)|((j>>1)&0x55); (*key)[7-(i%8)]^=j; } } #endif DES_set_odd_parity(key); #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY if(DES_is_weak_key(key)) (*key)[7] ^= 0xF0; DES_set_key(key,&ks); #else DES_set_key_unchecked(key,&ks); #endif DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key); OPENSSL_cleanse(&ks,sizeof(ks)); DES_set_odd_parity(key); }
static int fb64_start(struct fb *fbp, int dir, int server) { int x; unsigned char *p; int state; switch (dir) { case DIR_DECRYPT: /* * This is simply a request to have the other side * start output (our input). He will negotiate an * IV so we need not look for it. */ state = fbp->state[dir-1]; if (state == FAILED) state = IN_PROGRESS; break; case DIR_ENCRYPT: state = fbp->state[dir-1]; if (state == FAILED) state = IN_PROGRESS; else if ((state & NO_SEND_IV) == 0) { break; } if (!VALIDKEY(fbp->krbdes_key)) { fbp->need_start = 1; break; } state &= ~NO_SEND_IV; state |= NO_RECV_IV; if (encrypt_debug_mode) printf("Creating new feed\r\n"); /* * Create a random feed and send it over. */ do { if (RAND_bytes(fbp->temp_feed, sizeof(*fbp->temp_feed)) != 1) abort(); DES_set_odd_parity(&fbp->temp_feed); } while(DES_is_weak_key(&fbp->temp_feed)); p = fbp->fb_feed + 3; *p++ = ENCRYPT_IS; p++; *p++ = FB64_IV; for (x = 0; x < sizeof(DES_cblock); ++x) { if ((*p++ = fbp->temp_feed[x]) == IAC) *p++ = IAC; } *p++ = IAC; *p++ = SE; printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); telnet_net_write(fbp->fb_feed, p - fbp->fb_feed); break; default: return(FAILED); } return(fbp->state[dir-1] = state); }
static krb5_error_code DES3_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, krb5_data opaque, krb5_keyblock *key) { char *str; size_t len; unsigned char tmp[24]; DES_cblock keys[3]; krb5_error_code ret; len = password.length + salt.saltvalue.length; str = malloc(len); if(len != 0 && str == NULL) { krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(str, password.data, password.length); memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length); { DES_cblock ivec; DES_key_schedule s[3]; int i; ret = _krb5_n_fold(str, len, tmp, 24); if (ret) { memset(str, 0, len); free(str); krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } for(i = 0; i < 3; i++){ memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); DES_set_odd_parity(keys + i); if(DES_is_weak_key(keys + i)) _krb5_xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); DES_set_key_unchecked(keys + i, &s[i]); } memset(&ivec, 0, sizeof(ivec)); DES_ede3_cbc_encrypt(tmp, tmp, sizeof(tmp), &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT); memset(s, 0, sizeof(s)); memset(&ivec, 0, sizeof(ivec)); for(i = 0; i < 3; i++){ memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); DES_set_odd_parity(keys + i); if(DES_is_weak_key(keys + i)) _krb5_xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); } memset(tmp, 0, sizeof(tmp)); } key->keytype = enctype; krb5_data_copy(&key->keyvalue, keys, sizeof(keys)); memset(keys, 0, sizeof(keys)); memset(str, 0, len); free(str); return 0; }
static int WorkerBee(struct cmd_syndesc *as, void *arock) { afs_int32 code; char *dbFile; char *outFile; afs_int32 index; struct stat info; struct kaheader header; int nentries, i, j, count; int *entrys; struct kaentry entry; dbFile = as->parms[0].items->data; /* -database */ listuheader = (as->parms[1].items ? 1 : 0); /* -uheader */ listkheader = (as->parms[2].items ? 1 : 0); /* -kheader */ listentries = (as->parms[3].items ? 1 : 0); /* -entries */ verbose = (as->parms[4].items ? 1 : 0); /* -verbose */ outFile = (as->parms[5].items ? as->parms[5].items->data : NULL); /* -rebuild */ if (outFile) { out = fopen(outFile, "w"); if (!out) { afs_com_err(whoami, errno, "opening output file %s", outFile); exit(7); } } else out = 0; fd = open(dbFile, O_RDONLY, 0); if (fd < 0) { afs_com_err(whoami, errno, "opening database file %s", dbFile); exit(6); } code = fstat(fd, &info); if (code) { afs_com_err(whoami, errno, "stat'ing file %s", dbFile); exit(6); } if ((info.st_size - UBIK_HEADERSIZE) % UBIK_BUFFERSIZE) fprintf(stderr, "DATABASE SIZE INCONSISTENT: was %d, should be (n*%d + %d), for integral n\n", (int) info.st_size, UBIK_BUFFERSIZE, UBIK_HEADERSIZE); readUbikHeader(); readDB(0, &header, sizeof(header)); code = CheckHeader(&header); if (listkheader) PrintHeader(&header); nentries = (info.st_size - (UBIK_HEADERSIZE + header.headerSize)) / sizeof(struct kaentry); entrys = calloc(nentries, sizeof(int)); for (i = 0, index = sizeof(header); i < nentries; i++, index += sizeof(struct kaentry)) { readDB(index, &entry, sizeof(entry)); if (index >= header.eofPtr) { entrys[i] |= 0x8; } else if (listentries) { PrintEntry(index, &entry); } if (entry.flags & KAFNORMAL) { entrys[i] |= 0x1; /* user entry */ if (strlen(entry.userID.name) == 0) { if (verbose) printf("Entry %d has zero length name\n", i); continue; } if (!DES_check_key_parity(ktc_to_cblock(&entry.key)) || DES_is_weak_key(ktc_to_cblock(&entry.key))) { fprintf(stderr, "Entry %d, %s, has bad key\n", i, EntryName(&entry)); continue; } if (out) { RebuildEntry(&entry); } } else if (entry.flags & KAFFREE) { entrys[i] |= 0x2; /* free entry */ } else if (entry.flags & KAFOLDKEYS) { entrys[i] |= 0x4; /* old keys block */ /* Should check the structure of the oldkeys block? */ } else { if (index < header.eofPtr) { fprintf(stderr, "Entry %d is unrecognizable\n", i); } } } /* Follow the hash chains */ for (j = 0; j < HASHSIZE; j++) { for (index = header.nameHash[j]; index; index = entry.next) { readDB(index, &entry, sizeof(entry)); /* check to see if the name is hashed correctly */ i = NameHash(&entry); if (i != j) { fprintf(stderr, "Entry %" AFS_SIZET_FMT ", %s, found in hash chain %d (should be %d)\n", ((index - sizeof(struct kaheader)) / sizeof(struct kaentry)), EntryName(&entry), j, i); } /* Is it on another hash chain or circular hash chain */ i = (index - header.headerSize) / sizeof(entry); if (entrys[i] & 0x10) { fprintf(stderr, "Entry %d, %s, hash index %d, was found on another hash chain\n", i, EntryName(&entry), j); if (entry.next) fprintf(stderr, "Skipping rest of hash chain %d\n", j); else fprintf(stderr, "No next entry in hash chain %d\n", j); code++; break; } entrys[i] |= 0x10; /* On hash chain */ } } /* Follow the free pointers */ count = 0; for (index = header.freePtr; index; index = entry.next) { readDB(index, &entry, sizeof(entry)); /* Is it on another chain or circular free chain */ i = (index - header.headerSize) / sizeof(entry); if (entrys[i] & 0x20) { fprintf(stderr, "Entry %d, %s, already found on free chain\n", i, EntryName(&entry)); fprintf(stderr, "Skipping rest of free chain\n"); code++; break; } entrys[i] |= 0x20; /* On free chain */ count++; } if (verbose) printf("Found %d free entries\n", count); /* Follow the oldkey blocks */ count = 0; for (index = header.kvnoPtr; index; index = entry.next) { readDB(index, &entry, sizeof(entry)); /* Is it on another chain or circular free chain */ i = (index - header.headerSize) / sizeof(entry); if (entrys[i] & 0x40) { fprintf(stderr, "Entry %d, %s, already found on olkeys chain\n", i, EntryName(&entry)); fprintf(stderr, "Skipping rest of oldkeys chain\n"); code++; break; } entrys[i] |= 0x40; /* On free chain */ count++; } if (verbose) printf("Found %d oldkey blocks\n", count); /* Now recheck all the blocks and see if they are allocated correctly * 0x1 --> User Entry 0x10 --> On hash chain * 0x2 --> Free Entry 0x20 --> On Free chain * 0x4 --> OldKeys Entry 0x40 --> On Oldkeys chain * 0x8 --> Past EOF */ for (i = 0; i < nentries; i++) { j = entrys[i]; if (j & 0x1) { /* user entry */ if (!(j & 0x10)) badEntry(j, i); /* on hash chain? */ else if (j & 0xee) badEntry(j, i); /* anything else? */ } else if (j & 0x2) { /* free entry */ if (!(j & 0x20)) badEntry(j, i); /* on free chain? */ else if (j & 0xdd) badEntry(j, i); /* anything else? */ } else if (j & 0x4) { /* oldkeys entry */ if (!(j & 0x40)) badEntry(j, i); /* on oldkeys chain? */ else if (j & 0xbb) badEntry(j, i); /* anything else? */ } else if (j & 0x8) { /* past eof */ if (j & 0xf7) badEntry(j, i); /* anything else? */ } else badEntry(j, i); /* anything else? */ } exit(code != 0); }
int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key) { return DES_is_weak_key(key); }
void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) { DES_key_schedule ks; int i,length; register unsigned char j; TINYCLR_SSL_MEMSET(key1,0,8); TINYCLR_SSL_MEMSET(key2,0,8); length=TINYCLR_SSL_STRLEN(str); #ifdef OLD_STR_TO_KEY if (length <= 8) { for (i=0; i<length; i++) { (*key2)[i]=(*key1)[i]=(str[i]<<1); } } else { for (i=0; i<length; i++) { if ((i/8)&1) (*key2)[i%8]^=(str[i]<<1); else (*key1)[i%8]^=(str[i]<<1); } } #else /* MIT COMPATIBLE */ for (i=0; i<length; i++) { j=str[i]; if ((i%32) < 16) { if ((i%16) < 8) (*key1)[i%8]^=(j<<1); else (*key2)[i%8]^=(j<<1); } else { j=((j<<4)&0xf0)|((j>>4)&0x0f); j=((j<<2)&0xcc)|((j>>2)&0x33); j=((j<<1)&0xaa)|((j>>1)&0x55); if ((i%16) < 8) (*key1)[7-(i%8)]^=j; else (*key2)[7-(i%8)]^=j; } } if (length <= 8) TINYCLR_SSL_MEMCPY(key2,key1,8); #endif DES_set_odd_parity(key1); DES_set_odd_parity(key2); #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY if(DES_is_weak_key(key1)) (*key1)[7] ^= 0xF0; DES_set_key(key1,&ks); #else DES_set_key_unchecked(key1,&ks); #endif DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1); #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY if(DES_is_weak_key(key2)) (*key2)[7] ^= 0xF0; DES_set_key(key2,&ks); #else DES_set_key_unchecked(key2,&ks); #endif DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2); OPENSSL_cleanse(&ks,sizeof(ks)); DES_set_odd_parity(key1); DES_set_odd_parity(key2); }