Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

/*-
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 *
 * Copyright (c) 2008 Isilon Inc http://www.isilon.com/
 * Authors: Doug Rabson <dfr@rabson.org>
 * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org>
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");

#include <sys/param.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/md5.h>
#include <sys/kobj.h>
#include <sys/mbuf.h>
#include <crypto/rc4/rc4.h>

#include <kgssapi/gssapi.h>
#include <kgssapi/gssapi_impl.h>

#include "kcrypto.h"

static void
arcfour_init(struct krb5_key_state *ks)
{

	ks->ks_priv = NULL;
}

static void
arcfour_destroy(struct krb5_key_state *ks)
{

}

static void
arcfour_set_key(struct krb5_key_state *ks, const void *in)
{
	void *kp = ks->ks_key;

	if (kp != in)
		bcopy(in, kp, 16);
}

static void
arcfour_random_to_key(struct krb5_key_state *ks, const void *in)
{

	arcfour_set_key(ks, in);
}

static void
arcfour_hmac(uint8_t *key, uint8_t *data, size_t datalen,
	uint8_t *result)
{
	uint8_t buf[64];
	MD5_CTX md5;
	int i;

	for (i = 0; i < 16; i++)
		buf[i] = key[i] ^ 0x36;
	for (; i < 64; i++)
		buf[i] = 0x36;

	MD5Init(&md5);
	MD5Update(&md5, buf, 64);
	MD5Update(&md5, data, datalen);
	MD5Final(result, &md5);

	for (i = 0; i < 16; i++)
		buf[i] = key[i] ^ 0x5c;
	for (; i < 64; i++)
		buf[i] = 0x5c;
	
	MD5Init(&md5);
	MD5Update(&md5, buf, 64);
	MD5Update(&md5, result, 16);
	MD5Final(result, &md5);
}

static void
arcfour_derive_key(const struct krb5_key_state *ks, uint32_t usage,
    uint8_t *newkey)
{
	uint8_t t[4];

	t[0] = (usage >> 24);
	t[1] = (usage >> 16);
	t[2] = (usage >> 8);
	t[3] = (usage >> 0);
	if (ks->ks_class->ec_type == ETYPE_ARCFOUR_HMAC_MD5_56) {
		uint8_t L40[14] = "fortybits";
		bcopy(t, L40 + 10, 4);
		arcfour_hmac(ks->ks_key, L40, 14, newkey);
		memset(newkey + 7, 0xab, 9);
	} else {
		arcfour_hmac(ks->ks_key, t, 4, newkey);
	}
}

static int
rc4_crypt_int(void *rs, void *buf, u_int len)
{

	rc4_crypt(rs, buf, buf, len);
	return (0);
}

static void
arcfour_encrypt(const struct krb5_key_state *ks, struct mbuf *inout,
    size_t skip, size_t len, void *ivec, size_t ivlen)
{
	struct rc4_state rs;
	uint8_t newkey[16];

	arcfour_derive_key(ks, 0, newkey);

	/*
	 * If we have an IV, then generate a new key from it using HMAC.
	 */
	if (ivec) {
		uint8_t kk[16];
		arcfour_hmac(newkey, ivec, ivlen, kk);
		rc4_init(&rs, kk, 16);
	} else {
		rc4_init(&rs, newkey, 16);
	}

	m_apply(inout, skip, len, rc4_crypt_int, &rs);
}

static int
MD5Update_int(void *ctx, void *buf, u_int len)
{

	MD5Update(ctx, buf, len);
	return (0);
}

static void
arcfour_checksum(const struct krb5_key_state *ks, int usage,
    struct mbuf *inout, size_t skip, size_t inlen, size_t outlen)
{
	MD5_CTX md5;
	uint8_t Ksign[16];
	uint8_t t[4];
	uint8_t sgn_cksum[16];

	arcfour_hmac(ks->ks_key, "signaturekey", 13, Ksign);

	t[0] = usage >> 0;
	t[1] = usage >> 8;
	t[2] = usage >> 16;
	t[3] = usage >> 24;

	MD5Init(&md5);
	MD5Update(&md5, t, 4);
	m_apply(inout, skip, inlen, MD5Update_int, &md5);
	MD5Final(sgn_cksum, &md5);
	
	arcfour_hmac(Ksign, sgn_cksum, 16, sgn_cksum);
	m_copyback(inout, skip + inlen, outlen, sgn_cksum);
}

struct krb5_encryption_class krb5_arcfour_encryption_class = {
	"arcfour-hmac-md5",	/* name */
	ETYPE_ARCFOUR_HMAC_MD5, /* etype */
	0,			/* flags */
	1,			/* blocklen */
	1,			/* msgblocklen */
	8,			/* checksumlen */
	128,			/* keybits */
	16,			/* keylen */
	arcfour_init,
	arcfour_destroy,
	arcfour_set_key,
	arcfour_random_to_key,
	arcfour_encrypt,
	arcfour_encrypt,
	arcfour_checksum
};

struct krb5_encryption_class krb5_arcfour_56_encryption_class = {
	"arcfour-hmac-md5-56",	   /* name */
	ETYPE_ARCFOUR_HMAC_MD5_56, /* etype */
	0,			   /* flags */
	1,			/* blocklen */
	1,			/* msgblocklen */
	8,			/* checksumlen */
	128,			/* keybits */
	16,			/* keylen */
	arcfour_init,
	arcfour_destroy,
	arcfour_set_key,
	arcfour_random_to_key,
	arcfour_encrypt,
	arcfour_encrypt,
	arcfour_checksum
};