3
* $Id: x99_mac.c,v 1.6 2002/07/06 06:10:40 fcusack Exp $
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License as published by
7
* the Free Software Foundation; either version 2 of the License, or
8
* (at your option) any later version.
10
* This program is distributed in the hope that it will be useful,
11
* but WITHOUT ANY WARRANTY; without even the implied warranty of
12
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
* GNU General Public License for more details.
15
* You should have received a copy of the GNU General Public License
16
* along with this program; if not, write to the Free Software
17
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19
* Copyright 2001,2002 Google, Inc.
28
#include <openssl/des.h>
30
static const char rcsid[] = "$Id: x99_mac.c,v 1.6 2002/07/06 06:10:40 fcusack Exp $";
34
* The X9.9 MAC is used by tokens in the following manner:
36
* 1. Possibly convert the challenge to ASCII (eg "12345" -> 0x3132333435).
37
* Note that we do this unconditionally (we don't yet support tokens
38
* that can use raw challenge bytes (SafeWord Gold/Platinum)).
39
* 2. Use the possibly converted challenge as the plaintext input to
40
* the X9.9 MAC algorithm.
41
* 3. Convert the 32 bit MAC to ASCII (eg 0x1234567f -> "1234567f").
42
* Note that some tokens (SafeWord Gold/Platinum) can display a 64 bit MAC;
43
* we don't support those yet.
44
* 4. Apply any vendor specific transformations on chars "a" thru "f".
45
* 5. Use the result as the response.
48
/* Returns 0 on success, non-zero otherwise. response sized as indicated. */
50
x99_response(const char *challenge, char response[9],
51
uint32_t card_id, des_cblock keyblock)
55
const char *conversion;
58
if (x99_mac(challenge, output, keyblock) != 0)
62
if (card_id & X99_CF_DD) {
63
if (card_id & X99_CF_CRYPTOCARD) {
64
conversion = x99_cc_dec_conversion;
66
/* This should not happen. */
67
x99_log(X99_LOG_ERR, "x99_response: bad card mode/vendor");
72
conversion = x99_hex_conversion;
74
x99_keyblock_to_string(l_response, output, conversion);
75
(void) memcpy(response, l_response, 8);
78
if (card_id & X99_CF_R7) {
79
if (card_id & X99_CF_CRYPTOCARD) {
80
(void) memmove(&response[3], &response[4], 5);
82
/* This should not happen. */
83
x99_log(X99_LOG_ERR, "x99_response: bad card mode/vendor");
93
* The ANSI X9.9 MAC algorithm is:
94
* 1. Perform a CBC mode DES encryption of the plaintext. The last plaintext
95
* block must be zero padded.
96
* 2. The MAC is the most significant 32 bits of the last cipherblock.
98
* Most tokens support a max of an 8 character challenge, but at least one
99
* (CRYPTOCard RB-1) supports performing the full CBC mode encryption
100
* of an arbitrary length challenge. So we don't limit ourselves
101
* to just an ECB mode encryption.
103
* This routine returns the entire 64 bit last cipherblock, at least one sync
104
* mode needs this (and ANSI X9.9 states that the MAC can be 48 and 64 bit
105
* MACs should be supported). Returns 0 on success, non-zero otherwise.
108
x99_mac(const char *input, des_cblock output, des_cblock keyblock)
112
des_cblock l_output[MAX_CHALLENGE_LEN / sizeof(des_cblock)];
113
int chal_len = strlen(input);
117
* Setup and verify the key.
118
* This may be a bit expensive to do every time, but it
119
* makes more sense for calling functions to deal with
120
* the key itself, rather than the schedule. In practice,
121
* I don't think this will amount to much, but I haven't
122
* actually profiled it.
124
if ((rc = des_set_key_checked((const_des_cblock *) keyblock, ks)) != 0) {
125
x99_log(X99_LOG_ERR, "x99_mac: DES key %s",
126
rc == -1 ? "has incorrect parity" : "is weak");
130
(void) memset(ivec, 0, sizeof(ivec));
131
des_cbc_encrypt(input, (unsigned char *) l_output, chal_len,
132
ks, &ivec, DES_ENCRYPT);
133
(void) memcpy(output, l_output[(chal_len - 1) / 8], 8);