5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 * Copyright 2001,2002 Google, Inc.
20 * Copyright 2005 TRI-D Systems, Inc.
26 #include <openssl/des.h>
28 static const char rcsid[] = "$Id$";
32 * The ANSI X9.9 MAC algorithm is:
33 * 1. Perform a CBC mode DES encryption of the plaintext. The last plaintext
34 * block must be zero padded.
35 * 2. The MAC is the most significant 32 bits of the last cipherblock.
37 * Most tokens support a max of an 8 character challenge, but at least one
38 * (CRYPTOCard RB-1) supports performing the full CBC mode encryption
39 * of an arbitrary length challenge. So we don't limit ourselves
40 * to just an ECB mode encryption.
42 * This routine returns the entire 64 bit last cipherblock, at least one sync
43 * mode needs this (and ANSI X9.9 states that the MAC can be 48, and 64 bit
44 * MACs should be supported). Returns 0 on success, non-zero otherwise.
47 otp_x99_mac(const unsigned char *input, size_t len, unsigned char output[8],
48 const unsigned char keyblock[OTP_MAX_KEY_LEN],
49 const char *log_prefix)
53 des_cblock l_output[OTP_MAX_CHALLENGE_LEN / sizeof(des_cblock)];
57 * Setup and verify the key.
58 * This may be a bit expensive to do every time, but it
59 * makes more sense for calling functions to deal with
60 * the key itself, rather than the schedule. In practice,
61 * I don't think this will amount to much, but I haven't
62 * actually profiled it.
63 * TODO: store in card_info after generating
65 if ((rc = des_set_key_checked((const_des_cblock *) keyblock, ks)) != 0) {
66 otp_log(OTP_LOG_ERR, "%s: %s: otp_x99_mac: DES key %s",
68 rc == -1 ? "has incorrect parity" : "is weak");
72 (void) memset(ivec, 0, sizeof(ivec));
73 des_cbc_encrypt(input, (unsigned char *) l_output, len,
74 ks, &ivec, DES_ENCRYPT);
75 (void) memcpy(output, l_output[(len - 1) / 8], 8);