3 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
8 #if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) && !defined(openbsd)
10 * Copyright 1985, 1986, 1987, 1988, 1989 by the Massachusetts Institute
13 * For copying and distribution information, please see the file
16 * These routines perform encryption and decryption using the DES
17 * private key algorithm, or else a subset of it-- fewer inner loops.
18 * (AUTH_DES_ITER defaults to 16, may be less.)
20 * Under U.S. law, this software may not be exported outside the US
21 * without license from the U.S. Commerce department.
23 * The key schedule is passed as an arg, as well as the cleartext or
24 * ciphertext. The cleartext and ciphertext should be in host order.
26 * These routines form the library interface to the DES facilities.
28 * spm 8/85 MIT project athena
34 #if defined( DEBUG ) && defined( HAVE_DES_DEBUG )
39 extern void des_fixup_key_parity();
41 #ifndef HAVE_AFS_KERBEROS
42 #define WORLDPEACEINOURTIME
45 #if defined(WORLDPEACEINOURTIME) /* Use original, not ifs version */
46 #ifndef HAVE_KERBEROS_V
48 * convert an arbitrary length string to a DES key
51 des_string_to_key( char *str, register des_cblock *key )
53 register char *in_str;
54 register unsigned temp,i;
57 static unsigned char *k_p;
59 register char *p_char;
60 static char k_char[64];
61 static des_key_schedule key_sked;
62 extern unsigned long des_cbc_cksum();
69 /* init key array for bits */
70 memset(k_char, '\0', sizeof(k_char));
75 "\n\ninput str length = %d string = %s\nstring = 0x ",
79 /* get next 8 bytes, strip parity, xor */
80 for (i = 1; i <= length; i++) {
81 /* get next input key byte */
82 temp = (unsigned int) *str++;
85 fprintf(stdout,"%02x ",temp & 0xff);
87 /* loop through bits within byte, ignore parity */
88 for (j = 0; j <= 6; j++) {
90 *p_char++ ^= (int) temp & 01;
92 *--p_char ^= (int) temp & 01;
96 /* check and flip direction */
101 /* now stuff into the key des_cblock, and force odd parity */
103 k_p = (unsigned char *) key;
105 for (i = 0; i <= 7; i++) {
107 for (j = 0; j <= 6; j++)
108 temp |= *p_char++ << (1+j);
109 *k_p++ = (unsigned char) temp;
113 des_fixup_key_parity(key);
115 /* Now one-way encrypt it with the folded key */
116 (void) des_key_sched(key,key_sked);
117 (void) des_cbc_cksum((des_cblock *)in_str,key,length,key_sked,key);
119 memset((char *)key_sked, '\0', sizeof(key_sked));
121 /* now fix up key parity again */
122 des_fixup_key_parity(key);
127 "\nResulting string_to_key = 0x%lx 0x%lx\n",
128 *((unsigned long *) key),
129 *((unsigned long *) key+1));
133 #endif /* HAVE_KERBEROS_V */
134 #else /* Use ifs version */
138 /* These two needed for rxgen output to work */
139 #include <sys/types.h>
141 #include <afs/cellconfig.h>
142 #include <afs/auth.h>
144 #include "/usr/andy/kauth/kauth.h"
145 #include "/usr/andy/kauth/kautils.h"
148 /* This defines the Andrew string_to_key function. It accepts a password
149 string as input and converts its via a one-way encryption algorithm to a DES
150 encryption key. It is compatible with the original Andrew authentication
151 service password database. */
156 char *cell, /* cell for password */
159 { char password[8+1]; /* crypt is limited to 8 chars anyway */
163 memset(key, '\0', sizeof(des_cblock));
164 memset(password, '\0', sizeof(password));
166 strncpy (password, cell, 8);
167 passlen = strlen (str);
168 if (passlen > 8) passlen = 8;
170 for (i=0; i<passlen; i++)
171 password[i] = str[i] ^ cell[i];
174 if (password[i] == '\0') password[i] = 'X';
176 /* crypt only considers the first 8 characters of password but for some
177 reason returns eleven characters of result (plus the two salt chars). */
178 strncpy(key, crypt(password, "#~") + 2, sizeof(des_cblock));
180 /* parity is inserted into the LSB so leftshift each byte up one bit. This
181 allows ascii characters with a zero MSB to retain as much significance
183 { char *keybytes = (char *)key;
186 for (i = 0; i < 8; i++) {
187 temp = (unsigned int) keybytes[i];
188 keybytes[i] = (unsigned char) (temp << 1);
191 des_fixup_key_parity (key);
197 char *cell, /* cell for password */
200 { des_key_schedule schedule;
203 char password[BUFSIZ];
206 strncpy (password, str, sizeof(password));
207 if ((passlen = strlen (password)) < sizeof(password)-1)
208 strncat (password, cell, sizeof(password)-passlen);
209 if ((passlen = strlen(password)) > sizeof(password)) passlen = sizeof(password);
211 memcpy(ivec, "kerberos", 8);
212 memcpy(temp_key, "kerberos", 8);
213 des_fixup_key_parity (temp_key);
214 des_key_sched (temp_key, schedule);
215 des_cbc_cksum (password, ivec, passlen, schedule, ivec);
217 memcpy(temp_key, ivec, 8);
218 des_fixup_key_parity (temp_key);
219 des_key_sched (temp_key, schedule);
220 des_cbc_cksum (password, key, passlen, schedule, ivec);
222 des_fixup_key_parity (key);
228 char *cell, /* cell for password */
231 { char realm[REALM_SZ];
236 code = ka_CellToRealm (cell, realm, 0/*local*/);
238 if (code) strcpy (realm, "");
239 else lcstring (realm, realm, sizeof(realm)); /* for backward compatibility */
241 (void)strcpy(realm, cell);
244 if (strlen(str) > 8) StringToKey (str, realm, key);
245 else Andrew_StringToKey (str, realm, key);
249 * convert an arbitrary length string to a DES key
252 des_string_to_key( char *str, register des_cblock *key )
254 /* NB: i should probably call routine to get local cell here */
255 ka_StringToKey(str, "umich.edu", key);
259 #endif /* Use IFS Version */
261 #endif /* kerberos */