crypto.c (57428) | crypto.c (72448) |
---|---|
1/* | 1/* |
2 * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan | 2 * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan |
3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include "krb5_locl.h" 35RCSID("$Id: crypto.c,v 1.29 2000/01/25 23:06:55 assar Exp $"); | 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include "krb5_locl.h" 35RCSID("$Id: crypto.c,v 1.29 2000/01/25 23:06:55 assar Exp $"); |
36/* RCSID("$FreeBSD: head/crypto/heimdal/lib/krb5/crypto.c 57428 2000-02-24 13:37:41Z markm $"); */ | 36/* RCSID("$FreeBSD: head/crypto/heimdal/lib/krb5/crypto.c 72448 2001-02-13 16:52:56Z assar $"); */ |
37 38#undef CRYPTO_DEBUG 39#ifdef CRYPTO_DEBUG 40static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*); 41#endif 42 43 44struct key_data { --- 16 unchanged lines hidden (view full) --- 61#define CRYPTO_ETYPE(C) ((C)->et->type) 62 63/* bits for `flags' below */ 64#define F_KEYED 1 /* checksum is keyed */ 65#define F_CPROOF 2 /* checksum is collision proof */ 66#define F_DERIVED 4 /* uses derived keys */ 67#define F_VARIANT 8 /* uses `variant' keys (6.4.3) */ 68#define F_PSEUDO 16 /* not a real protocol type */ | 37 38#undef CRYPTO_DEBUG 39#ifdef CRYPTO_DEBUG 40static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*); 41#endif 42 43 44struct key_data { --- 16 unchanged lines hidden (view full) --- 61#define CRYPTO_ETYPE(C) ((C)->et->type) 62 63/* bits for `flags' below */ 64#define F_KEYED 1 /* checksum is keyed */ 65#define F_CPROOF 2 /* checksum is collision proof */ 66#define F_DERIVED 4 /* uses derived keys */ 67#define F_VARIANT 8 /* uses `variant' keys (6.4.3) */ 68#define F_PSEUDO 16 /* not a real protocol type */ |
69#define F_SPECIAL 32 /* backwards */ |
|
69 70struct salt_type { 71 krb5_salttype type; 72 const char *name; 73 krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, 74 krb5_salt, krb5_keyblock*); 75}; 76 --- 12 unchanged lines hidden (view full) --- 89}; 90 91struct checksum_type { 92 krb5_cksumtype type; 93 const char *name; 94 size_t blocksize; 95 size_t checksumsize; 96 unsigned flags; | 70 71struct salt_type { 72 krb5_salttype type; 73 const char *name; 74 krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, 75 krb5_salt, krb5_keyblock*); 76}; 77 --- 12 unchanged lines hidden (view full) --- 90}; 91 92struct checksum_type { 93 krb5_cksumtype type; 94 const char *name; 95 size_t blocksize; 96 size_t checksumsize; 97 unsigned flags; |
97 void (*checksum)(krb5_context, struct key_data*, void*, size_t, Checksum*); 98 krb5_error_code (*verify)(krb5_context, struct key_data*, 99 void*, size_t, Checksum*); | 98 void (*checksum)(krb5_context context, 99 struct key_data *key, 100 const void *buf, size_t len, 101 unsigned usage, 102 Checksum *csum); 103 krb5_error_code (*verify)(krb5_context context, 104 struct key_data *key, 105 const void *buf, size_t len, 106 unsigned usage, 107 Checksum *csum); |
100}; 101 102struct encryption_type { 103 krb5_enctype type; 104 const char *name; 105 size_t blocksize; 106 size_t confoundersize; 107 struct key_type *keytype; 108 struct checksum_type *cksumtype; 109 struct checksum_type *keyed_checksum; 110 unsigned flags; | 108}; 109 110struct encryption_type { 111 krb5_enctype type; 112 const char *name; 113 size_t blocksize; 114 size_t confoundersize; 115 struct key_type *keytype; 116 struct checksum_type *cksumtype; 117 struct checksum_type *keyed_checksum; 118 unsigned flags; |
111 void (*encrypt)(struct key_data *, void *, size_t, int); | 119 krb5_error_code (*encrypt)(struct key_data *key, 120 void *data, size_t len, 121 krb5_boolean encrypt, 122 int usage, 123 void *ivec); |
112}; 113 114#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA) 115#define INTEGRITY_USAGE(U) (((U) << 8) | 0x55) 116#define CHECKSUM_USAGE(U) (((U) << 8) | 0x99) 117 118static struct checksum_type *_find_checksum(krb5_cksumtype type); 119static struct encryption_type *_find_enctype(krb5_enctype type); --- 65 unchanged lines hidden (view full) --- 185 krb5_data cell, 186 des_cblock *key) 187{ 188 char password[8+1]; /* crypt is limited to 8 chars anyway */ 189 int i; 190 191 for(i = 0; i < 8; i++) { 192 char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^ | 124}; 125 126#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA) 127#define INTEGRITY_USAGE(U) (((U) << 8) | 0x55) 128#define CHECKSUM_USAGE(U) (((U) << 8) | 0x99) 129 130static struct checksum_type *_find_checksum(krb5_cksumtype type); 131static struct encryption_type *_find_enctype(krb5_enctype type); --- 65 unchanged lines hidden (view full) --- 197 krb5_data cell, 198 des_cblock *key) 199{ 200 char password[8+1]; /* crypt is limited to 8 chars anyway */ 201 int i; 202 203 for(i = 0; i < 8; i++) { 204 char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^ |
193 ((i < cell.length) ? ((char*)cell.data)[i] : 0); | 205 ((i < cell.length) ? 206 tolower(((unsigned char*)cell.data)[i]) : 0); |
194 password[i] = c ? c : 'X'; 195 } 196 password[8] = '\0'; 197 198 memcpy(key, crypt(password, "#~") + 2, sizeof(des_cblock)); 199 200 /* parity is inserted into the LSB so left shift each byte up one 201 bit. This allows ascii characters with a zero MSB to retain as --- 13 unchanged lines hidden (view full) --- 215{ 216 des_key_schedule schedule; 217 des_cblock temp_key; 218 des_cblock ivec; 219 char password[512]; 220 size_t passlen; 221 222 memcpy(password, pw.data, min(pw.length, sizeof(password))); | 207 password[i] = c ? c : 'X'; 208 } 209 password[8] = '\0'; 210 211 memcpy(key, crypt(password, "#~") + 2, sizeof(des_cblock)); 212 213 /* parity is inserted into the LSB so left shift each byte up one 214 bit. This allows ascii characters with a zero MSB to retain as --- 13 unchanged lines hidden (view full) --- 228{ 229 des_key_schedule schedule; 230 des_cblock temp_key; 231 des_cblock ivec; 232 char password[512]; 233 size_t passlen; 234 235 memcpy(password, pw.data, min(pw.length, sizeof(password))); |
223 if(pw.length < sizeof(password)) 224 memcpy(password + pw.length, 225 cell.data, min(cell.length, 226 sizeof(password) - pw.length)); | 236 if(pw.length < sizeof(password)) { 237 int len = min(cell.length, sizeof(password) - pw.length); 238 int i; 239 240 memcpy(password + pw.length, cell.data, len); 241 for (i = pw.length; i < pw.length + len; ++i) 242 password[i] = tolower((unsigned char)password[i]); 243 } |
227 passlen = min(sizeof(password), pw.length + cell.length); 228 memcpy(&ivec, "kerberos", 8); 229 memcpy(&temp_key, "kerberos", 8); 230 des_set_odd_parity (&temp_key); 231 des_set_key (&temp_key, schedule); | 244 passlen = min(sizeof(password), pw.length + cell.length); 245 memcpy(&ivec, "kerberos", 8); 246 memcpy(&temp_key, "kerberos", 8); 247 des_set_odd_parity (&temp_key); 248 des_set_key (&temp_key, schedule); |
232 des_cbc_cksum ((const void *)password, &ivec, passlen, 233 schedule, &ivec); | 249 des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); |
234 235 memcpy(&temp_key, &ivec, 8); 236 des_set_odd_parity (&temp_key); 237 des_set_key (&temp_key, schedule); | 250 251 memcpy(&temp_key, &ivec, 8); 252 des_set_odd_parity (&temp_key); 253 des_set_key (&temp_key, schedule); |
238 des_cbc_cksum ((const void *)password, key, passlen, 239 schedule, &ivec); | 254 des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); |
240 memset(&schedule, 0, sizeof(schedule)); 241 memset(&temp_key, 0, sizeof(temp_key)); 242 memset(&ivec, 0, sizeof(ivec)); 243 memset(password, 0, sizeof(password)); 244 245 des_set_odd_parity (key); 246} 247 --- 87 unchanged lines hidden (view full) --- 335 for(i = 0; i < 3; i++){ 336 memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); 337 des_set_odd_parity(keys + i); 338 if(des_is_weak_key(keys + i)) 339 xor(keys + i, (unsigned char*)"\0\0\0\0\0\0\0\xf0"); 340 des_set_key(keys + i, s[i]); 341 } 342 memset(&ivec, 0, sizeof(ivec)); | 255 memset(&schedule, 0, sizeof(schedule)); 256 memset(&temp_key, 0, sizeof(temp_key)); 257 memset(&ivec, 0, sizeof(ivec)); 258 memset(password, 0, sizeof(password)); 259 260 des_set_odd_parity (key); 261} 262 --- 87 unchanged lines hidden (view full) --- 350 for(i = 0; i < 3; i++){ 351 memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); 352 des_set_odd_parity(keys + i); 353 if(des_is_weak_key(keys + i)) 354 xor(keys + i, (unsigned char*)"\0\0\0\0\0\0\0\xf0"); 355 des_set_key(keys + i, s[i]); 356 } 357 memset(&ivec, 0, sizeof(ivec)); |
343 des_ede3_cbc_encrypt((const void *)tmp, 344 (void *)tmp, sizeof(tmp), | 358 des_ede3_cbc_encrypt((des_cblock *)tmp, 359 (des_cblock *)tmp, sizeof(tmp), |
345 s[0], s[1], s[2], &ivec, DES_ENCRYPT); 346 memset(s, 0, sizeof(s)); 347 memset(&ivec, 0, sizeof(ivec)); 348 for(i = 0; i < 3; i++){ 349 memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); 350 des_set_odd_parity(keys + i); 351 if(des_is_weak_key(keys + i)) 352 xor(keys + i, (unsigned char*)"\0\0\0\0\0\0\0\xf0"); --- 59 unchanged lines hidden (view full) --- 412 krb5_salt salt, 413 krb5_keyblock *key) 414{ 415 char *s, *p; 416 size_t len; 417 int i; 418 MD4_CTX m; 419 | 360 s[0], s[1], s[2], &ivec, DES_ENCRYPT); 361 memset(s, 0, sizeof(s)); 362 memset(&ivec, 0, sizeof(ivec)); 363 for(i = 0; i < 3; i++){ 364 memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); 365 des_set_odd_parity(keys + i); 366 if(des_is_weak_key(keys + i)) 367 xor(keys + i, (unsigned char*)"\0\0\0\0\0\0\0\xf0"); --- 59 unchanged lines hidden (view full) --- 427 krb5_salt salt, 428 krb5_keyblock *key) 429{ 430 char *s, *p; 431 size_t len; 432 int i; 433 MD4_CTX m; 434 |
420 len = 2 * (password.length + salt.saltvalue.length); | 435 len = 2 * password.length; |
421 s = malloc (len); 422 if (len != 0 && s == NULL) 423 return ENOMEM; 424 for (p = s, i = 0; i < password.length; ++i) { 425 *p++ = ((char *)password.data)[i]; 426 *p++ = 0; 427 } | 436 s = malloc (len); 437 if (len != 0 && s == NULL) 438 return ENOMEM; 439 for (p = s, i = 0; i < password.length; ++i) { 440 *p++ = ((char *)password.data)[i]; 441 *p++ = 0; 442 } |
428 for (i = 0; i < salt.saltvalue.length; ++i) { 429 *p++ = ((char *)salt.saltvalue.data)[i]; 430 *p++ = 0; 431 } 432 MD4Init (&m); 433 MD4Update (&m, s, len); | 443 MD4_Init (&m); 444 MD4_Update (&m, s, len); |
434 key->keytype = enctype; 435 krb5_data_alloc (&key->keyvalue, 16); | 445 key->keytype = enctype; 446 krb5_data_alloc (&key->keyvalue, 16); |
436 MD4Final (key->keyvalue.data, &m); | 447 MD4_Final (key->keyvalue.data, &m); |
437 memset (s, 0, len); 438 free (s); 439 return 0; 440} 441 442extern struct salt_type des_salt[], 443 des3_salt[], des3_salt_derived[], arcfour_salt[]; 444 --- 221 unchanged lines hidden (view full) --- 666 krb5_keyblock *key) 667{ 668 krb5_data pw; 669 pw.data = (void*)password; 670 pw.length = strlen(password); 671 return krb5_string_to_key_data(context, enctype, pw, principal, key); 672} 673 | 448 memset (s, 0, len); 449 free (s); 450 return 0; 451} 452 453extern struct salt_type des_salt[], 454 des3_salt[], des3_salt_derived[], arcfour_salt[]; 455 --- 221 unchanged lines hidden (view full) --- 677 krb5_keyblock *key) 678{ 679 krb5_data pw; 680 pw.data = (void*)password; 681 pw.length = strlen(password); 682 return krb5_string_to_key_data(context, enctype, pw, principal, key); 683} 684 |
685/* 686 * Do a string -> key for encryption type `enctype' operation on 687 * `password' (with salt `salt'), returning the resulting key in `key' 688 */ 689 |
|
674krb5_error_code 675krb5_string_to_key_data_salt (krb5_context context, 676 krb5_enctype enctype, 677 krb5_data password, 678 krb5_salt salt, 679 krb5_keyblock *key) 680{ 681 struct encryption_type *et =_find_enctype(enctype); 682 struct salt_type *st; 683 if(et == NULL) 684 return KRB5_PROG_ETYPE_NOSUPP; 685 for(st = et->keytype->string_to_key; st && st->type; st++) 686 if(st->type == salt.salttype) 687 return (*st->string_to_key)(context, enctype, password, salt, key); 688 return HEIM_ERR_SALTTYPE_NOSUPP; 689} 690 | 690krb5_error_code 691krb5_string_to_key_data_salt (krb5_context context, 692 krb5_enctype enctype, 693 krb5_data password, 694 krb5_salt salt, 695 krb5_keyblock *key) 696{ 697 struct encryption_type *et =_find_enctype(enctype); 698 struct salt_type *st; 699 if(et == NULL) 700 return KRB5_PROG_ETYPE_NOSUPP; 701 for(st = et->keytype->string_to_key; st && st->type; st++) 702 if(st->type == salt.salttype) 703 return (*st->string_to_key)(context, enctype, password, salt, key); 704 return HEIM_ERR_SALTTYPE_NOSUPP; 705} 706 |
707/* 708 * Do a string -> key for encryption type `enctype' operation on the 709 * string `password' (with salt `salt'), returning the resulting key 710 * in `key' 711 */ 712 |
|
691krb5_error_code 692krb5_string_to_key_salt (krb5_context context, 693 krb5_enctype enctype, 694 const char *password, 695 krb5_salt salt, 696 krb5_keyblock *key) 697{ 698 krb5_data pw; --- 56 unchanged lines hidden (view full) --- 755 struct key_data *key) 756{ 757 krb5_error_code ret; 758 struct encryption_type *et = _find_enctype(key->key->keytype); 759 struct key_type *kt = et->keytype; 760 761 if(kt->schedule == NULL) 762 return 0; | 713krb5_error_code 714krb5_string_to_key_salt (krb5_context context, 715 krb5_enctype enctype, 716 const char *password, 717 krb5_salt salt, 718 krb5_keyblock *key) 719{ 720 krb5_data pw; --- 56 unchanged lines hidden (view full) --- 777 struct key_data *key) 778{ 779 krb5_error_code ret; 780 struct encryption_type *et = _find_enctype(key->key->keytype); 781 struct key_type *kt = et->keytype; 782 783 if(kt->schedule == NULL) 784 return 0; |
785 if (key->schedule != NULL) 786 return 0; |
|
763 ALLOC(key->schedule, 1); 764 if(key->schedule == NULL) 765 return ENOMEM; 766 ret = krb5_data_alloc(key->schedule, kt->schedule_size); 767 if(ret) { 768 free(key->schedule); 769 key->schedule = NULL; 770 return ret; --- 4 unchanged lines hidden (view full) --- 775 776/************************************************************ 777 * * 778 ************************************************************/ 779 780static void 781NONE_checksum(krb5_context context, 782 struct key_data *key, | 787 ALLOC(key->schedule, 1); 788 if(key->schedule == NULL) 789 return ENOMEM; 790 ret = krb5_data_alloc(key->schedule, kt->schedule_size); 791 if(ret) { 792 free(key->schedule); 793 key->schedule = NULL; 794 return ret; --- 4 unchanged lines hidden (view full) --- 799 800/************************************************************ 801 * * 802 ************************************************************/ 803 804static void 805NONE_checksum(krb5_context context, 806 struct key_data *key, |
783 void *data, | 807 const void *data, |
784 size_t len, | 808 size_t len, |
809 unsigned usage, |
|
785 Checksum *C) 786{ 787} 788 789static void 790CRC32_checksum(krb5_context context, 791 struct key_data *key, | 810 Checksum *C) 811{ 812} 813 814static void 815CRC32_checksum(krb5_context context, 816 struct key_data *key, |
792 void *data, | 817 const void *data, |
793 size_t len, | 818 size_t len, |
819 unsigned usage, |
|
794 Checksum *C) 795{ 796 u_int32_t crc; 797 unsigned char *r = C->checksum.data; 798 _krb5_crc_init_table (); 799 crc = _krb5_crc_update (data, len, 0); 800 r[0] = crc & 0xff; 801 r[1] = (crc >> 8) & 0xff; 802 r[2] = (crc >> 16) & 0xff; 803 r[3] = (crc >> 24) & 0xff; 804} 805 806static void 807RSA_MD4_checksum(krb5_context context, 808 struct key_data *key, | 820 Checksum *C) 821{ 822 u_int32_t crc; 823 unsigned char *r = C->checksum.data; 824 _krb5_crc_init_table (); 825 crc = _krb5_crc_update (data, len, 0); 826 r[0] = crc & 0xff; 827 r[1] = (crc >> 8) & 0xff; 828 r[2] = (crc >> 16) & 0xff; 829 r[3] = (crc >> 24) & 0xff; 830} 831 832static void 833RSA_MD4_checksum(krb5_context context, 834 struct key_data *key, |
809 void *data, | 835 const void *data, |
810 size_t len, | 836 size_t len, |
837 unsigned usage, |
|
811 Checksum *C) 812{ 813 MD4_CTX m; 814 | 838 Checksum *C) 839{ 840 MD4_CTX m; 841 |
815 MD4Init (&m); 816 MD4Update (&m, data, len); 817 MD4Final (C->checksum.data, &m); | 842 MD4_Init (&m); 843 MD4_Update (&m, data, len); 844 MD4_Final (C->checksum.data, &m); |
818} 819 820static void 821RSA_MD4_DES_checksum(krb5_context context, 822 struct key_data *key, | 845} 846 847static void 848RSA_MD4_DES_checksum(krb5_context context, 849 struct key_data *key, |
823 void *data, | 850 const void *data, |
824 size_t len, | 851 size_t len, |
852 unsigned usage, |
|
825 Checksum *cksum) 826{ 827 MD4_CTX md4; 828 des_cblock ivec; 829 unsigned char *p = cksum->checksum.data; 830 831 krb5_generate_random_block(p, 8); | 853 Checksum *cksum) 854{ 855 MD4_CTX md4; 856 des_cblock ivec; 857 unsigned char *p = cksum->checksum.data; 858 859 krb5_generate_random_block(p, 8); |
832 MD4Init (&md4); 833 MD4Update (&md4, p, 8); 834 MD4Update (&md4, data, len); 835 MD4Final (p + 8, &md4); | 860 MD4_Init (&md4); 861 MD4_Update (&md4, p, 8); 862 MD4_Update (&md4, data, len); 863 MD4_Final (p + 8, &md4); |
836 memset (&ivec, 0, sizeof(ivec)); | 864 memset (&ivec, 0, sizeof(ivec)); |
837 des_cbc_encrypt((const void *)p, 838 (void *)p, | 865 des_cbc_encrypt((des_cblock*)p, 866 (des_cblock*)p, |
839 24, 840 key->schedule->data, 841 &ivec, 842 DES_ENCRYPT); 843} 844 845static krb5_error_code 846RSA_MD4_DES_verify(krb5_context context, 847 struct key_data *key, | 867 24, 868 key->schedule->data, 869 &ivec, 870 DES_ENCRYPT); 871} 872 873static krb5_error_code 874RSA_MD4_DES_verify(krb5_context context, 875 struct key_data *key, |
848 void *data, | 876 const void *data, |
849 size_t len, | 877 size_t len, |
878 unsigned usage, |
|
850 Checksum *C) 851{ 852 MD4_CTX md4; 853 unsigned char tmp[24]; 854 unsigned char res[16]; 855 des_cblock ivec; 856 krb5_error_code ret = 0; 857 858 memset(&ivec, 0, sizeof(ivec)); 859 des_cbc_encrypt(C->checksum.data, 860 (void*)tmp, 861 C->checksum.length, 862 key->schedule->data, 863 &ivec, 864 DES_DECRYPT); | 879 Checksum *C) 880{ 881 MD4_CTX md4; 882 unsigned char tmp[24]; 883 unsigned char res[16]; 884 des_cblock ivec; 885 krb5_error_code ret = 0; 886 887 memset(&ivec, 0, sizeof(ivec)); 888 des_cbc_encrypt(C->checksum.data, 889 (void*)tmp, 890 C->checksum.length, 891 key->schedule->data, 892 &ivec, 893 DES_DECRYPT); |
865 MD4Init (&md4); 866 MD4Update (&md4, tmp, 8); /* confounder */ 867 MD4Update (&md4, data, len); 868 MD4Final (res, &md4); | 894 MD4_Init (&md4); 895 MD4_Update (&md4, tmp, 8); /* confounder */ 896 MD4_Update (&md4, data, len); 897 MD4_Final (res, &md4); |
869 if(memcmp(res, tmp + 8, sizeof(res)) != 0) 870 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 871 memset(tmp, 0, sizeof(tmp)); 872 memset(res, 0, sizeof(res)); 873 return ret; 874} 875 876static void 877RSA_MD5_checksum(krb5_context context, 878 struct key_data *key, | 898 if(memcmp(res, tmp + 8, sizeof(res)) != 0) 899 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 900 memset(tmp, 0, sizeof(tmp)); 901 memset(res, 0, sizeof(res)); 902 return ret; 903} 904 905static void 906RSA_MD5_checksum(krb5_context context, 907 struct key_data *key, |
879 void *data, | 908 const void *data, |
880 size_t len, | 909 size_t len, |
910 unsigned usage, |
|
881 Checksum *C) 882{ 883 MD5_CTX m; 884 | 911 Checksum *C) 912{ 913 MD5_CTX m; 914 |
885 MD5Init (&m); 886 MD5Update(&m, data, len); 887 MD5Final (C->checksum.data, &m); | 915 MD5_Init (&m); 916 MD5_Update(&m, data, len); 917 MD5_Final (C->checksum.data, &m); |
888} 889 890static void 891RSA_MD5_DES_checksum(krb5_context context, 892 struct key_data *key, | 918} 919 920static void 921RSA_MD5_DES_checksum(krb5_context context, 922 struct key_data *key, |
893 void *data, | 923 const void *data, |
894 size_t len, | 924 size_t len, |
925 unsigned usage, |
|
895 Checksum *C) 896{ 897 MD5_CTX md5; 898 des_cblock ivec; 899 unsigned char *p = C->checksum.data; 900 901 krb5_generate_random_block(p, 8); | 926 Checksum *C) 927{ 928 MD5_CTX md5; 929 des_cblock ivec; 930 unsigned char *p = C->checksum.data; 931 932 krb5_generate_random_block(p, 8); |
902 MD5Init (&md5); 903 MD5Update (&md5, p, 8); 904 MD5Update (&md5, data, len); 905 MD5Final (p + 8, &md5); | 933 MD5_Init (&md5); 934 MD5_Update (&md5, p, 8); 935 MD5_Update (&md5, data, len); 936 MD5_Final (p + 8, &md5); |
906 memset (&ivec, 0, sizeof(ivec)); | 937 memset (&ivec, 0, sizeof(ivec)); |
907 des_cbc_encrypt((const void *)p, 908 (void *)p, | 938 des_cbc_encrypt((des_cblock*)p, 939 (des_cblock*)p, |
909 24, 910 key->schedule->data, 911 &ivec, 912 DES_ENCRYPT); 913} 914 915static krb5_error_code 916RSA_MD5_DES_verify(krb5_context context, 917 struct key_data *key, | 940 24, 941 key->schedule->data, 942 &ivec, 943 DES_ENCRYPT); 944} 945 946static krb5_error_code 947RSA_MD5_DES_verify(krb5_context context, 948 struct key_data *key, |
918 void *data, | 949 const void *data, |
919 size_t len, | 950 size_t len, |
951 unsigned usage, |
|
920 Checksum *C) 921{ 922 MD5_CTX md5; 923 unsigned char tmp[24]; 924 unsigned char res[16]; 925 des_cblock ivec; 926 des_key_schedule *sched = key->schedule->data; 927 krb5_error_code ret = 0; 928 929 memset(&ivec, 0, sizeof(ivec)); 930 des_cbc_encrypt(C->checksum.data, 931 (void*)tmp, 932 C->checksum.length, 933 sched[0], 934 &ivec, 935 DES_DECRYPT); | 952 Checksum *C) 953{ 954 MD5_CTX md5; 955 unsigned char tmp[24]; 956 unsigned char res[16]; 957 des_cblock ivec; 958 des_key_schedule *sched = key->schedule->data; 959 krb5_error_code ret = 0; 960 961 memset(&ivec, 0, sizeof(ivec)); 962 des_cbc_encrypt(C->checksum.data, 963 (void*)tmp, 964 C->checksum.length, 965 sched[0], 966 &ivec, 967 DES_DECRYPT); |
936 MD5Init (&md5); 937 MD5Update (&md5, tmp, 8); /* confounder */ 938 MD5Update (&md5, data, len); 939 MD5Final (res, &md5); | 968 MD5_Init (&md5); 969 MD5_Update (&md5, tmp, 8); /* confounder */ 970 MD5_Update (&md5, data, len); 971 MD5_Final (res, &md5); |
940 if(memcmp(res, tmp + 8, sizeof(res)) != 0) 941 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 942 memset(tmp, 0, sizeof(tmp)); 943 memset(res, 0, sizeof(res)); 944 return ret; 945} 946 947static void 948RSA_MD5_DES3_checksum(krb5_context context, 949 struct key_data *key, | 972 if(memcmp(res, tmp + 8, sizeof(res)) != 0) 973 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 974 memset(tmp, 0, sizeof(tmp)); 975 memset(res, 0, sizeof(res)); 976 return ret; 977} 978 979static void 980RSA_MD5_DES3_checksum(krb5_context context, 981 struct key_data *key, |
950 void *data, | 982 const void *data, |
951 size_t len, | 983 size_t len, |
984 unsigned usage, |
|
952 Checksum *C) 953{ 954 MD5_CTX md5; 955 des_cblock ivec; 956 unsigned char *p = C->checksum.data; 957 des_key_schedule *sched = key->schedule->data; 958 959 krb5_generate_random_block(p, 8); | 985 Checksum *C) 986{ 987 MD5_CTX md5; 988 des_cblock ivec; 989 unsigned char *p = C->checksum.data; 990 des_key_schedule *sched = key->schedule->data; 991 992 krb5_generate_random_block(p, 8); |
960 MD5Init (&md5); 961 MD5Update (&md5, p, 8); 962 MD5Update (&md5, data, len); 963 MD5Final (p + 8, &md5); | 993 MD5_Init (&md5); 994 MD5_Update (&md5, p, 8); 995 MD5_Update (&md5, data, len); 996 MD5_Final (p + 8, &md5); |
964 memset (&ivec, 0, sizeof(ivec)); | 997 memset (&ivec, 0, sizeof(ivec)); |
965 des_ede3_cbc_encrypt((const void *)p, 966 (void *)p, | 998 des_ede3_cbc_encrypt((des_cblock*)p, 999 (des_cblock*)p, |
967 24, 968 sched[0], sched[1], sched[2], 969 &ivec, 970 DES_ENCRYPT); 971} 972 973static krb5_error_code 974RSA_MD5_DES3_verify(krb5_context context, 975 struct key_data *key, | 1000 24, 1001 sched[0], sched[1], sched[2], 1002 &ivec, 1003 DES_ENCRYPT); 1004} 1005 1006static krb5_error_code 1007RSA_MD5_DES3_verify(krb5_context context, 1008 struct key_data *key, |
976 void *data, | 1009 const void *data, |
977 size_t len, | 1010 size_t len, |
1011 unsigned usage, |
|
978 Checksum *C) 979{ 980 MD5_CTX md5; 981 unsigned char tmp[24]; 982 unsigned char res[16]; 983 des_cblock ivec; 984 des_key_schedule *sched = key->schedule->data; 985 krb5_error_code ret = 0; 986 987 memset(&ivec, 0, sizeof(ivec)); 988 des_ede3_cbc_encrypt(C->checksum.data, 989 (void*)tmp, 990 C->checksum.length, 991 sched[0], sched[1], sched[2], 992 &ivec, 993 DES_DECRYPT); | 1012 Checksum *C) 1013{ 1014 MD5_CTX md5; 1015 unsigned char tmp[24]; 1016 unsigned char res[16]; 1017 des_cblock ivec; 1018 des_key_schedule *sched = key->schedule->data; 1019 krb5_error_code ret = 0; 1020 1021 memset(&ivec, 0, sizeof(ivec)); 1022 des_ede3_cbc_encrypt(C->checksum.data, 1023 (void*)tmp, 1024 C->checksum.length, 1025 sched[0], sched[1], sched[2], 1026 &ivec, 1027 DES_DECRYPT); |
994 MD5Init (&md5); 995 MD5Update (&md5, tmp, 8); /* confounder */ 996 MD5Update (&md5, data, len); 997 MD5Final (res, &md5); | 1028 MD5_Init (&md5); 1029 MD5_Update (&md5, tmp, 8); /* confounder */ 1030 MD5_Update (&md5, data, len); 1031 MD5_Final (res, &md5); |
998 if(memcmp(res, tmp + 8, sizeof(res)) != 0) 999 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 1000 memset(tmp, 0, sizeof(tmp)); 1001 memset(res, 0, sizeof(res)); 1002 return ret; 1003} 1004 1005static void 1006SHA1_checksum(krb5_context context, 1007 struct key_data *key, | 1032 if(memcmp(res, tmp + 8, sizeof(res)) != 0) 1033 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 1034 memset(tmp, 0, sizeof(tmp)); 1035 memset(res, 0, sizeof(res)); 1036 return ret; 1037} 1038 1039static void 1040SHA1_checksum(krb5_context context, 1041 struct key_data *key, |
1008 void *data, | 1042 const void *data, |
1009 size_t len, | 1043 size_t len, |
1044 unsigned usage, |
|
1010 Checksum *C) 1011{ | 1045 Checksum *C) 1046{ |
1012 SHA1_CTX m; | 1047 SHA_CTX m; |
1013 | 1048 |
1014 SHA_Init(&m); 1015 SHA_Update(&m, data, len); 1016 SHA_Final(C->checksum.data, &m); | 1049 SHA1_Init(&m); 1050 SHA1_Update(&m, data, len); 1051 SHA1_Final(C->checksum.data, &m); |
1017} 1018 1019/* HMAC according to RFC2104 */ 1020static void 1021hmac(krb5_context context, 1022 struct checksum_type *cm, | 1052} 1053 1054/* HMAC according to RFC2104 */ 1055static void 1056hmac(krb5_context context, 1057 struct checksum_type *cm, |
1023 void *data, | 1058 const void *data, |
1024 size_t len, | 1059 size_t len, |
1060 unsigned usage, |
|
1025 struct key_data *keyblock, 1026 Checksum *result) 1027{ 1028 unsigned char *ipad, *opad; 1029 unsigned char *key; 1030 size_t key_len; 1031 int i; 1032 1033 if(keyblock->key->keyvalue.length > cm->blocksize){ 1034 (*cm->checksum)(context, 1035 keyblock, 1036 keyblock->key->keyvalue.data, 1037 keyblock->key->keyvalue.length, | 1061 struct key_data *keyblock, 1062 Checksum *result) 1063{ 1064 unsigned char *ipad, *opad; 1065 unsigned char *key; 1066 size_t key_len; 1067 int i; 1068 1069 if(keyblock->key->keyvalue.length > cm->blocksize){ 1070 (*cm->checksum)(context, 1071 keyblock, 1072 keyblock->key->keyvalue.data, 1073 keyblock->key->keyvalue.length, |
1074 usage, |
|
1038 result); 1039 key = result->checksum.data; 1040 key_len = result->checksum.length; 1041 } else { 1042 key = keyblock->key->keyvalue.data; 1043 key_len = keyblock->key->keyvalue.length; 1044 } 1045 ipad = malloc(cm->blocksize + len); 1046 opad = malloc(cm->blocksize + cm->checksumsize); 1047 memset(ipad, 0x36, cm->blocksize); 1048 memset(opad, 0x5c, cm->blocksize); 1049 for(i = 0; i < key_len; i++){ 1050 ipad[i] ^= key[i]; 1051 opad[i] ^= key[i]; 1052 } 1053 memcpy(ipad + cm->blocksize, data, len); | 1075 result); 1076 key = result->checksum.data; 1077 key_len = result->checksum.length; 1078 } else { 1079 key = keyblock->key->keyvalue.data; 1080 key_len = keyblock->key->keyvalue.length; 1081 } 1082 ipad = malloc(cm->blocksize + len); 1083 opad = malloc(cm->blocksize + cm->checksumsize); 1084 memset(ipad, 0x36, cm->blocksize); 1085 memset(opad, 0x5c, cm->blocksize); 1086 for(i = 0; i < key_len; i++){ 1087 ipad[i] ^= key[i]; 1088 opad[i] ^= key[i]; 1089 } 1090 memcpy(ipad + cm->blocksize, data, len); |
1054 (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len, result); | 1091 (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len, 1092 usage, result); |
1055 memcpy(opad + cm->blocksize, result->checksum.data, 1056 result->checksum.length); 1057 (*cm->checksum)(context, keyblock, opad, | 1093 memcpy(opad + cm->blocksize, result->checksum.data, 1094 result->checksum.length); 1095 (*cm->checksum)(context, keyblock, opad, |
1058 cm->blocksize + cm->checksumsize, result); | 1096 cm->blocksize + cm->checksumsize, usage, result); |
1059 memset(ipad, 0, cm->blocksize + len); 1060 free(ipad); 1061 memset(opad, 0, cm->blocksize + cm->checksumsize); 1062 free(opad); 1063} 1064 1065static void 1066HMAC_SHA1_DES3_checksum(krb5_context context, 1067 struct key_data *key, | 1097 memset(ipad, 0, cm->blocksize + len); 1098 free(ipad); 1099 memset(opad, 0, cm->blocksize + cm->checksumsize); 1100 free(opad); 1101} 1102 1103static void 1104HMAC_SHA1_DES3_checksum(krb5_context context, 1105 struct key_data *key, |
1068 void *data, | 1106 const void *data, |
1069 size_t len, | 1107 size_t len, |
1108 unsigned usage, |
|
1070 Checksum *result) 1071{ 1072 struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1); 1073 | 1109 Checksum *result) 1110{ 1111 struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1); 1112 |
1074 hmac(context, c, data, len, key, result); | 1113 hmac(context, c, data, len, usage, key, result); |
1075} 1076 | 1114} 1115 |
1116/* 1117 * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt 1118 */ 1119 1120static void 1121HMAC_MD5_checksum(krb5_context context, 1122 struct key_data *key, 1123 const void *data, 1124 size_t len, 1125 unsigned usage, 1126 Checksum *result) 1127{ 1128 MD5_CTX md5; 1129 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); 1130 const char signature[] = "signaturekey"; 1131 Checksum ksign_c; 1132 struct key_data ksign; 1133 krb5_keyblock kb; 1134 unsigned char t[4]; 1135 unsigned char tmp[16]; 1136 unsigned char ksign_c_data[16]; 1137 1138 ksign_c.checksum.length = sizeof(ksign_c_data); 1139 ksign_c.checksum.data = ksign_c_data; 1140 hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c); 1141 ksign.key = &kb; 1142 kb.keyvalue = ksign_c.checksum; 1143 MD5_Init (&md5); 1144 t[0] = (usage >> 0) & 0xFF; 1145 t[1] = (usage >> 8) & 0xFF; 1146 t[2] = (usage >> 16) & 0xFF; 1147 t[3] = (usage >> 24) & 0xFF; 1148 MD5_Update (&md5, t, 4); 1149 MD5_Update (&md5, data, len); 1150 MD5_Final (tmp, &md5); 1151 hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result); 1152} 1153 1154/* 1155 * same as previous but being used while encrypting. 1156 */ 1157 1158static void 1159HMAC_MD5_checksum_enc(krb5_context context, 1160 struct key_data *key, 1161 const void *data, 1162 size_t len, 1163 unsigned usage, 1164 Checksum *result) 1165{ 1166 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); 1167 Checksum ksign_c; 1168 struct key_data ksign; 1169 krb5_keyblock kb; 1170 unsigned char t[4]; 1171 unsigned char ksign_c_data[16]; 1172 1173 t[0] = (usage >> 0) & 0xFF; 1174 t[1] = (usage >> 8) & 0xFF; 1175 t[2] = (usage >> 16) & 0xFF; 1176 t[3] = (usage >> 24) & 0xFF; 1177 1178 ksign_c.checksum.length = sizeof(ksign_c_data); 1179 ksign_c.checksum.data = ksign_c_data; 1180 hmac(context, c, t, sizeof(t), 0, key, &ksign_c); 1181 ksign.key = &kb; 1182 kb.keyvalue = ksign_c.checksum; 1183 hmac(context, c, data, len, 0, &ksign, result); 1184} 1185 |
|
1077struct checksum_type checksum_none = { 1078 CKSUMTYPE_NONE, 1079 "none", 1080 1, 1081 0, 1082 0, 1083 NONE_checksum, 1084 NULL --- 27 unchanged lines hidden (view full) --- 1112}; 1113#if 0 1114struct checksum_type checksum_des_mac = { 1115 CKSUMTYPE_DES_MAC, 1116 "des-mac", 1117 0, 1118 0, 1119 0, | 1186struct checksum_type checksum_none = { 1187 CKSUMTYPE_NONE, 1188 "none", 1189 1, 1190 0, 1191 0, 1192 NONE_checksum, 1193 NULL --- 27 unchanged lines hidden (view full) --- 1221}; 1222#if 0 1223struct checksum_type checksum_des_mac = { 1224 CKSUMTYPE_DES_MAC, 1225 "des-mac", 1226 0, 1227 0, 1228 0, |
1120 DES_MAC_checksum, | 1229 DES_MAC_checksum |
1121}; 1122struct checksum_type checksum_des_mac_k = { 1123 CKSUMTYPE_DES_MAC_K, 1124 "des-mac-k", 1125 0, 1126 0, 1127 0, | 1230}; 1231struct checksum_type checksum_des_mac_k = { 1232 CKSUMTYPE_DES_MAC_K, 1233 "des-mac-k", 1234 0, 1235 0, 1236 0, |
1128 DES_MAC_K_checksum, | 1237 DES_MAC_K_checksum |
1129}; 1130struct checksum_type checksum_rsa_md4_des_k = { 1131 CKSUMTYPE_RSA_MD4_DES_K, 1132 "rsa-md4-des-k", 1133 0, 1134 0, 1135 0, | 1238}; 1239struct checksum_type checksum_rsa_md4_des_k = { 1240 CKSUMTYPE_RSA_MD4_DES_K, 1241 "rsa-md4-des-k", 1242 0, 1243 0, 1244 0, |
1136 RSA_MD4_DES_K_checksum, 1137 RSA_MD4_DES_K_verify, | 1245 RSA_MD4_DES_K_checksum, 1246 RSA_MD4_DES_K_verify |
1138}; 1139#endif 1140struct checksum_type checksum_rsa_md5 = { 1141 CKSUMTYPE_RSA_MD5, 1142 "rsa-md5", 1143 64, 1144 16, 1145 F_CPROOF, 1146 RSA_MD5_checksum, 1147 NULL 1148}; 1149struct checksum_type checksum_rsa_md5_des = { 1150 CKSUMTYPE_RSA_MD5_DES, 1151 "rsa-md5-des", 1152 64, 1153 24, 1154 F_KEYED | F_CPROOF | F_VARIANT, 1155 RSA_MD5_DES_checksum, | 1247}; 1248#endif 1249struct checksum_type checksum_rsa_md5 = { 1250 CKSUMTYPE_RSA_MD5, 1251 "rsa-md5", 1252 64, 1253 16, 1254 F_CPROOF, 1255 RSA_MD5_checksum, 1256 NULL 1257}; 1258struct checksum_type checksum_rsa_md5_des = { 1259 CKSUMTYPE_RSA_MD5_DES, 1260 "rsa-md5-des", 1261 64, 1262 24, 1263 F_KEYED | F_CPROOF | F_VARIANT, 1264 RSA_MD5_DES_checksum, |
1156 RSA_MD5_DES_verify, | 1265 RSA_MD5_DES_verify |
1157}; 1158struct checksum_type checksum_rsa_md5_des3 = { 1159 CKSUMTYPE_RSA_MD5_DES3, 1160 "rsa-md5-des3", 1161 64, 1162 24, 1163 F_KEYED | F_CPROOF | F_VARIANT, 1164 RSA_MD5_DES3_checksum, | 1266}; 1267struct checksum_type checksum_rsa_md5_des3 = { 1268 CKSUMTYPE_RSA_MD5_DES3, 1269 "rsa-md5-des3", 1270 64, 1271 24, 1272 F_KEYED | F_CPROOF | F_VARIANT, 1273 RSA_MD5_DES3_checksum, |
1165 RSA_MD5_DES3_verify, | 1274 RSA_MD5_DES3_verify |
1166}; 1167struct checksum_type checksum_sha1 = { 1168 CKSUMTYPE_SHA1, 1169 "sha1", 1170 64, 1171 20, 1172 F_CPROOF, 1173 SHA1_checksum, --- 4 unchanged lines hidden (view full) --- 1178 "hmac-sha1-des3", 1179 64, 1180 20, 1181 F_KEYED | F_CPROOF | F_DERIVED, 1182 HMAC_SHA1_DES3_checksum, 1183 NULL 1184}; 1185 | 1275}; 1276struct checksum_type checksum_sha1 = { 1277 CKSUMTYPE_SHA1, 1278 "sha1", 1279 64, 1280 20, 1281 F_CPROOF, 1282 SHA1_checksum, --- 4 unchanged lines hidden (view full) --- 1287 "hmac-sha1-des3", 1288 64, 1289 20, 1290 F_KEYED | F_CPROOF | F_DERIVED, 1291 HMAC_SHA1_DES3_checksum, 1292 NULL 1293}; 1294 |
1295struct checksum_type checksum_hmac_md5 = { 1296 CKSUMTYPE_HMAC_MD5, 1297 "hmac-md5", 1298 64, 1299 16, 1300 F_KEYED | F_CPROOF, 1301 HMAC_MD5_checksum, 1302 NULL 1303}; 1304 1305struct checksum_type checksum_hmac_md5_enc = { 1306 CKSUMTYPE_HMAC_MD5_ENC, 1307 "hmac-md5-enc", 1308 64, 1309 16, 1310 F_KEYED | F_CPROOF | F_PSEUDO, 1311 HMAC_MD5_checksum_enc, 1312 NULL 1313}; 1314 |
|
1186struct checksum_type *checksum_types[] = { 1187 &checksum_none, 1188 &checksum_crc32, 1189 &checksum_rsa_md4, 1190 &checksum_rsa_md4_des, 1191#if 0 1192 &checksum_des_mac, 1193 &checksum_des_mac_k, 1194 &checksum_rsa_md4_des_k, 1195#endif 1196 &checksum_rsa_md5, 1197 &checksum_rsa_md5_des, 1198 &checksum_rsa_md5_des3, 1199 &checksum_sha1, | 1315struct checksum_type *checksum_types[] = { 1316 &checksum_none, 1317 &checksum_crc32, 1318 &checksum_rsa_md4, 1319 &checksum_rsa_md4_des, 1320#if 0 1321 &checksum_des_mac, 1322 &checksum_des_mac_k, 1323 &checksum_rsa_md4_des_k, 1324#endif 1325 &checksum_rsa_md5, 1326 &checksum_rsa_md5_des, 1327 &checksum_rsa_md5_des3, 1328 &checksum_sha1, |
1200 &checksum_hmac_sha1_des3 | 1329 &checksum_hmac_sha1_des3, 1330 &checksum_hmac_md5, 1331 &checksum_hmac_md5_enc |
1201}; 1202 1203static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]); 1204 1205static struct checksum_type * 1206_find_checksum(krb5_cksumtype type) 1207{ 1208 int i; --- 44 unchanged lines hidden (view full) --- 1253{ 1254 krb5_error_code ret; 1255 struct key_data *dkey; 1256 int keyed_checksum; 1257 1258 keyed_checksum = (ct->flags & F_KEYED) != 0; 1259 if(keyed_checksum && crypto == NULL) 1260 return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ | 1332}; 1333 1334static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]); 1335 1336static struct checksum_type * 1337_find_checksum(krb5_cksumtype type) 1338{ 1339 int i; --- 44 unchanged lines hidden (view full) --- 1384{ 1385 krb5_error_code ret; 1386 struct key_data *dkey; 1387 int keyed_checksum; 1388 1389 keyed_checksum = (ct->flags & F_KEYED) != 0; 1390 if(keyed_checksum && crypto == NULL) 1391 return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ |
1261 if(keyed_checksum) | 1392 if(keyed_checksum) { |
1262 ret = get_checksum_key(context, crypto, usage, ct, &dkey); | 1393 ret = get_checksum_key(context, crypto, usage, ct, &dkey); |
1263 else | 1394 if (ret) 1395 return ret; 1396 } else |
1264 dkey = NULL; 1265 result->cksumtype = ct->type; 1266 krb5_data_alloc(&result->checksum, ct->checksumsize); | 1397 dkey = NULL; 1398 result->cksumtype = ct->type; 1399 krb5_data_alloc(&result->checksum, ct->checksumsize); |
1267 (*ct->checksum)(context, dkey, data, len, result); | 1400 (*ct->checksum)(context, dkey, data, len, usage, result); |
1268 return 0; 1269} 1270 1271static krb5_error_code 1272create_checksum(krb5_context context, 1273 krb5_crypto crypto, 1274 unsigned usage, /* not krb5_key_usage */ 1275 krb5_cksumtype type, /* if crypto == NULL */ --- 49 unchanged lines hidden (view full) --- 1325 keyed_checksum = (ct->flags & F_KEYED) != 0; 1326 if(keyed_checksum && crypto == NULL) 1327 return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ 1328 if(keyed_checksum) 1329 ret = get_checksum_key(context, crypto, usage, ct, &dkey); 1330 else 1331 dkey = NULL; 1332 if(ct->verify) | 1401 return 0; 1402} 1403 1404static krb5_error_code 1405create_checksum(krb5_context context, 1406 krb5_crypto crypto, 1407 unsigned usage, /* not krb5_key_usage */ 1408 krb5_cksumtype type, /* if crypto == NULL */ --- 49 unchanged lines hidden (view full) --- 1458 keyed_checksum = (ct->flags & F_KEYED) != 0; 1459 if(keyed_checksum && crypto == NULL) 1460 return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ 1461 if(keyed_checksum) 1462 ret = get_checksum_key(context, crypto, usage, ct, &dkey); 1463 else 1464 dkey = NULL; 1465 if(ct->verify) |
1333 return (*ct->verify)(context, dkey, data, len, cksum); | 1466 return (*ct->verify)(context, dkey, data, len, usage, cksum); |
1334 1335 ret = krb5_data_alloc (&c.checksum, ct->checksumsize); 1336 if (ret) 1337 return ret; 1338 | 1467 1468 ret = krb5_data_alloc (&c.checksum, ct->checksumsize); 1469 if (ret) 1470 return ret; 1471 |
1339 (*ct->checksum)(context, dkey, data, len, &c); | 1472 (*ct->checksum)(context, dkey, data, len, usage, &c); |
1340 1341 if(c.checksum.length != cksum->checksum.length || 1342 memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) 1343 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 1344 else 1345 ret = 0; 1346 krb5_data_free (&c.checksum); 1347 return ret; --- 42 unchanged lines hidden (view full) --- 1390 return KRB5_PROG_SUMTYPE_NOSUPP; 1391 return ct->flags & F_CPROOF; 1392} 1393 1394/************************************************************ 1395 * * 1396 ************************************************************/ 1397 | 1473 1474 if(c.checksum.length != cksum->checksum.length || 1475 memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) 1476 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 1477 else 1478 ret = 0; 1479 krb5_data_free (&c.checksum); 1480 return ret; --- 42 unchanged lines hidden (view full) --- 1523 return KRB5_PROG_SUMTYPE_NOSUPP; 1524 return ct->flags & F_CPROOF; 1525} 1526 1527/************************************************************ 1528 * * 1529 ************************************************************/ 1530 |
1398static void | 1531static krb5_error_code |
1399NULL_encrypt(struct key_data *key, 1400 void *data, 1401 size_t len, | 1532NULL_encrypt(struct key_data *key, 1533 void *data, 1534 size_t len, |
1402 krb5_boolean encrypt) | 1535 krb5_boolean encrypt, 1536 int usage, 1537 void *ivec) |
1403{ | 1538{ |
1539 return 0; |
|
1404} 1405 | 1540} 1541 |
1406static void | 1542static krb5_error_code |
1407DES_CBC_encrypt_null_ivec(struct key_data *key, 1408 void *data, 1409 size_t len, | 1543DES_CBC_encrypt_null_ivec(struct key_data *key, 1544 void *data, 1545 size_t len, |
1410 krb5_boolean encrypt) | 1546 krb5_boolean encrypt, 1547 int usage, 1548 void *ignore_ivec) |
1411{ 1412 des_cblock ivec; 1413 des_key_schedule *s = key->schedule->data; 1414 memset(&ivec, 0, sizeof(ivec)); 1415 des_cbc_encrypt(data, data, len, *s, &ivec, encrypt); | 1549{ 1550 des_cblock ivec; 1551 des_key_schedule *s = key->schedule->data; 1552 memset(&ivec, 0, sizeof(ivec)); 1553 des_cbc_encrypt(data, data, len, *s, &ivec, encrypt); |
1554 return 0; |
|
1416} 1417 | 1555} 1556 |
1418static void | 1557static krb5_error_code |
1419DES_CBC_encrypt_key_ivec(struct key_data *key, 1420 void *data, 1421 size_t len, | 1558DES_CBC_encrypt_key_ivec(struct key_data *key, 1559 void *data, 1560 size_t len, |
1422 krb5_boolean encrypt) | 1561 krb5_boolean encrypt, 1562 int usage, 1563 void *ignore_ivec) |
1423{ 1424 des_cblock ivec; 1425 des_key_schedule *s = key->schedule->data; 1426 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); 1427 des_cbc_encrypt(data, data, len, *s, &ivec, encrypt); | 1564{ 1565 des_cblock ivec; 1566 des_key_schedule *s = key->schedule->data; 1567 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); 1568 des_cbc_encrypt(data, data, len, *s, &ivec, encrypt); |
1569 return 0; |
|
1428} 1429 | 1570} 1571 |
1430static void | 1572static krb5_error_code |
1431DES3_CBC_encrypt(struct key_data *key, 1432 void *data, 1433 size_t len, | 1573DES3_CBC_encrypt(struct key_data *key, 1574 void *data, 1575 size_t len, |
1434 krb5_boolean encrypt) | 1576 krb5_boolean encrypt, 1577 int usage, 1578 void *ignore_ivec) |
1435{ 1436 des_cblock ivec; 1437 des_key_schedule *s = key->schedule->data; 1438 memset(&ivec, 0, sizeof(ivec)); 1439 des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], &ivec, encrypt); | 1579{ 1580 des_cblock ivec; 1581 des_key_schedule *s = key->schedule->data; 1582 memset(&ivec, 0, sizeof(ivec)); 1583 des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], &ivec, encrypt); |
1584 return 0; |
|
1440} 1441 | 1585} 1586 |
1442static void | 1587static krb5_error_code 1588DES3_CBC_encrypt_ivec(struct key_data *key, 1589 void *data, 1590 size_t len, 1591 krb5_boolean encrypt, 1592 int usage, 1593 void *ivec) 1594{ 1595 des_key_schedule *s = key->schedule->data; 1596 1597 des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], ivec, encrypt); 1598 return 0; 1599} 1600 1601static krb5_error_code 1602DES_CFB64_encrypt_null_ivec(struct key_data *key, 1603 void *data, 1604 size_t len, 1605 krb5_boolean encrypt, 1606 int usage, 1607 void *ignore_ivec) 1608{ 1609 des_cblock ivec; 1610 int num = 0; 1611 des_key_schedule *s = key->schedule->data; 1612 memset(&ivec, 0, sizeof(ivec)); 1613 1614 des_cfb64_encrypt(data, data, len, *s, &ivec, &num, encrypt); 1615 return 0; 1616} 1617 1618static krb5_error_code 1619DES_PCBC_encrypt_key_ivec(struct key_data *key, 1620 void *data, 1621 size_t len, 1622 krb5_boolean encrypt, 1623 int usage, 1624 void *ignore_ivec) 1625{ 1626 des_cblock ivec; 1627 des_key_schedule *s = key->schedule->data; 1628 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); 1629 1630 des_pcbc_encrypt(data, data, len, *s, &ivec, encrypt); 1631 return 0; 1632} 1633 1634/* 1635 * section 6 of draft-brezak-win2k-krb-rc4-hmac-03 1636 * 1637 * warning: not for small children 1638 */ 1639 1640static krb5_error_code 1641ARCFOUR_subencrypt(struct key_data *key, 1642 void *data, 1643 size_t len, 1644 int usage, 1645 void *ivec) 1646{ 1647 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); 1648 Checksum k1_c, k2_c, k3_c, cksum; 1649 struct key_data ke; 1650 krb5_keyblock kb; 1651 unsigned char t[4]; 1652 RC4_KEY rc4_key; 1653 char *cdata = (char *)data; 1654 unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; 1655 1656 t[0] = (usage >> 0) & 0xFF; 1657 t[1] = (usage >> 8) & 0xFF; 1658 t[2] = (usage >> 16) & 0xFF; 1659 t[3] = (usage >> 24) & 0xFF; 1660 1661 k1_c.checksum.length = sizeof(k1_c_data); 1662 k1_c.checksum.data = k1_c_data; 1663 1664 hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); 1665 1666 memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data)); 1667 1668 k2_c.checksum.length = sizeof(k2_c_data); 1669 k2_c.checksum.data = k2_c_data; 1670 1671 ke.key = &kb; 1672 kb.keyvalue = k2_c.checksum; 1673 1674 cksum.checksum.length = 16; 1675 cksum.checksum.data = data; 1676 1677 hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); 1678 1679 ke.key = &kb; 1680 kb.keyvalue = k1_c.checksum; 1681 1682 k3_c.checksum.length = sizeof(k3_c_data); 1683 k3_c.checksum.data = k3_c_data; 1684 1685 hmac(NULL, c, data, 16, 0, &ke, &k3_c); 1686 1687 RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data); 1688 RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16); 1689 memset (k1_c_data, 0, sizeof(k1_c_data)); 1690 memset (k2_c_data, 0, sizeof(k2_c_data)); 1691 memset (k3_c_data, 0, sizeof(k3_c_data)); 1692 return 0; 1693} 1694 1695static krb5_error_code 1696ARCFOUR_subdecrypt(struct key_data *key, 1697 void *data, 1698 size_t len, 1699 int usage, 1700 void *ivec) 1701{ 1702 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); 1703 Checksum k1_c, k2_c, k3_c, cksum; 1704 struct key_data ke; 1705 krb5_keyblock kb; 1706 unsigned char t[4]; 1707 RC4_KEY rc4_key; 1708 char *cdata = (char *)data; 1709 unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; 1710 unsigned char cksum_data[16]; 1711 1712 t[0] = (usage >> 0) & 0xFF; 1713 t[1] = (usage >> 8) & 0xFF; 1714 t[2] = (usage >> 16) & 0xFF; 1715 t[3] = (usage >> 24) & 0xFF; 1716 1717 k1_c.checksum.length = sizeof(k1_c_data); 1718 k1_c.checksum.data = k1_c_data; 1719 1720 hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); 1721 1722 memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data)); 1723 1724 k2_c.checksum.length = sizeof(k2_c_data); 1725 k2_c.checksum.data = k2_c_data; 1726 1727 ke.key = &kb; 1728 kb.keyvalue = k1_c.checksum; 1729 1730 k3_c.checksum.length = sizeof(k3_c_data); 1731 k3_c.checksum.data = k3_c_data; 1732 1733 hmac(NULL, c, cdata, 16, 0, &ke, &k3_c); 1734 1735 RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data); 1736 RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16); 1737 1738 ke.key = &kb; 1739 kb.keyvalue = k2_c.checksum; 1740 1741 cksum.checksum.length = 16; 1742 cksum.checksum.data = cksum_data; 1743 1744 hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); 1745 1746 memset (k1_c_data, 0, sizeof(k1_c_data)); 1747 memset (k2_c_data, 0, sizeof(k2_c_data)); 1748 memset (k3_c_data, 0, sizeof(k3_c_data)); 1749 1750 if (memcmp (cksum.checksum.data, data, 16) != 0) 1751 return KRB5KRB_AP_ERR_BAD_INTEGRITY; 1752 else 1753 return 0; 1754} 1755 1756/* 1757 * convert the usage numbers used in 1758 * draft-ietf-cat-kerb-key-derivation-00.txt to the ones in 1759 * draft-brezak-win2k-krb-rc4-hmac-03.txt 1760 */ 1761 1762static int 1763usage2arcfour (int usage) 1764{ 1765 switch (usage) { 1766 case KRB5_KU_PA_ENC_TIMESTAMP : 1767 return 1; 1768 case KRB5_KU_TICKET : 1769 return 8; 1770 case KRB5_KU_AS_REP_ENC_PART : 1771 return 8; 1772 case KRB5_KU_TGS_REQ_AUTH_DAT_SESSION : 1773 case KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY : 1774 case KRB5_KU_TGS_REQ_AUTH_CKSUM : 1775 case KRB5_KU_TGS_REQ_AUTH : 1776 return 7; 1777 case KRB5_KU_TGS_REP_ENC_PART_SESSION : 1778 case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : 1779 return 8; 1780 case KRB5_KU_AP_REQ_AUTH_CKSUM : 1781 case KRB5_KU_AP_REQ_AUTH : 1782 case KRB5_KU_AP_REQ_ENC_PART : 1783 return 11; 1784 case KRB5_KU_KRB_PRIV : 1785 return 0; 1786 case KRB5_KU_KRB_CRED : 1787 case KRB5_KU_KRB_SAFE_CKSUM : 1788 case KRB5_KU_OTHER_ENCRYPTED : 1789 case KRB5_KU_OTHER_CKSUM : 1790 case KRB5_KU_KRB_ERROR : 1791 case KRB5_KU_AD_KDC_ISSUED : 1792 case KRB5_KU_MANDATORY_TICKET_EXTENSION : 1793 case KRB5_KU_AUTH_DATA_TICKET_EXTENSION : 1794 case KRB5_KU_USAGE_SEAL : 1795 case KRB5_KU_USAGE_SIGN : 1796 case KRB5_KU_USAGE_SEQ : 1797 default : 1798 abort (); 1799 } 1800} 1801 1802static krb5_error_code |
1443ARCFOUR_encrypt(struct key_data *key, 1444 void *data, 1445 size_t len, | 1803ARCFOUR_encrypt(struct key_data *key, 1804 void *data, 1805 size_t len, |
1446 krb5_boolean encrypt) | 1806 krb5_boolean encrypt, 1807 int usage, 1808 void *ivec) |
1447{ | 1809{ |
1810 usage = usage2arcfour (usage); |
|
1448 | 1811 |
1812 if (encrypt) 1813 return ARCFOUR_subencrypt (key, data, len, usage, ivec); 1814 else 1815 return ARCFOUR_subdecrypt (key, data, len, usage, ivec); |
|
1449} 1450 | 1816} 1817 |
1818 |
|
1451/* 1452 * these should currently be in reverse preference order. | 1819/* 1820 * these should currently be in reverse preference order. |
1453 */ | 1821 * (only relevant for !F_PSEUDO) */ |
1454 1455static struct encryption_type etypes[] = { 1456 { 1457 ETYPE_NULL, 1458 "null", 1459 1, 1460 0, 1461 &keytype_null, --- 30 unchanged lines hidden (view full) --- 1492 8, 1493 8, 1494 &keytype_des, 1495 &checksum_rsa_md5, 1496 &checksum_rsa_md5_des, 1497 0, 1498 DES_CBC_encrypt_null_ivec, 1499 }, | 1822 1823static struct encryption_type etypes[] = { 1824 { 1825 ETYPE_NULL, 1826 "null", 1827 1, 1828 0, 1829 &keytype_null, --- 30 unchanged lines hidden (view full) --- 1860 8, 1861 8, 1862 &keytype_des, 1863 &checksum_rsa_md5, 1864 &checksum_rsa_md5_des, 1865 0, 1866 DES_CBC_encrypt_null_ivec, 1867 }, |
1868 { 1869 ETYPE_ARCFOUR_HMAC_MD5, 1870 "arcfour-hmac-md5", 1871 1, 1872 8, 1873 &keytype_arcfour, 1874 &checksum_hmac_md5_enc, 1875 &checksum_hmac_md5_enc, 1876 F_SPECIAL, 1877 ARCFOUR_encrypt 1878 }, |
|
1500 { 1501 ETYPE_DES3_CBC_MD5, 1502 "des3-cbc-md5", 1503 8, 1504 8, 1505 &keytype_des3, 1506 &checksum_rsa_md5, 1507 &checksum_rsa_md5_des3, --- 29 unchanged lines hidden (view full) --- 1537 0, 1538 &keytype_des, 1539 &checksum_none, 1540 NULL, 1541 F_PSEUDO, 1542 DES_CBC_encrypt_null_ivec, 1543 }, 1544 { | 1879 { 1880 ETYPE_DES3_CBC_MD5, 1881 "des3-cbc-md5", 1882 8, 1883 8, 1884 &keytype_des3, 1885 &checksum_rsa_md5, 1886 &checksum_rsa_md5_des3, --- 29 unchanged lines hidden (view full) --- 1916 0, 1917 &keytype_des, 1918 &checksum_none, 1919 NULL, 1920 F_PSEUDO, 1921 DES_CBC_encrypt_null_ivec, 1922 }, 1923 { |
1924 ETYPE_DES_CFB64_NONE, 1925 "des-cfb64-none", 1926 1, 1927 0, 1928 &keytype_des, 1929 &checksum_none, 1930 NULL, 1931 F_PSEUDO, 1932 DES_CFB64_encrypt_null_ivec, 1933 }, 1934 { 1935 ETYPE_DES_PCBC_NONE, 1936 "des-pcbc-none", 1937 8, 1938 0, 1939 &keytype_des, 1940 &checksum_none, 1941 NULL, 1942 F_PSEUDO, 1943 DES_PCBC_encrypt_key_ivec, 1944 }, 1945 { |
|
1545 ETYPE_DES3_CBC_NONE, 1546 "des3-cbc-none", 1547 8, 1548 0, 1549 &keytype_des3_derived, 1550 &checksum_none, 1551 NULL, 1552 F_PSEUDO, | 1946 ETYPE_DES3_CBC_NONE, 1947 "des3-cbc-none", 1948 8, 1949 0, 1950 &keytype_des3_derived, 1951 &checksum_none, 1952 NULL, 1953 F_PSEUDO, |
1553 DES_CBC_encrypt_null_ivec, | 1954 DES3_CBC_encrypt, |
1554 }, | 1955 }, |
1956 { 1957 ETYPE_DES3_CBC_NONE_IVEC, 1958 "des3-cbc-none-ivec", 1959 8, 1960 0, 1961 &keytype_des3_derived, 1962 &checksum_none, 1963 NULL, 1964 F_PSEUDO, 1965 DES3_CBC_encrypt_ivec, 1966 } |
|
1555}; 1556 1557static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]); 1558 1559 1560static struct encryption_type * 1561_find_enctype(krb5_enctype type) 1562{ --- 139 unchanged lines hidden (view full) --- 1702 1703static krb5_boolean 1704derived_crypto(krb5_context context, 1705 krb5_crypto crypto) 1706{ 1707 return (crypto->et->flags & F_DERIVED) != 0; 1708} 1709 | 1967}; 1968 1969static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]); 1970 1971 1972static struct encryption_type * 1973_find_enctype(krb5_enctype type) 1974{ --- 139 unchanged lines hidden (view full) --- 2114 2115static krb5_boolean 2116derived_crypto(krb5_context context, 2117 krb5_crypto crypto) 2118{ 2119 return (crypto->et->flags & F_DERIVED) != 0; 2120} 2121 |
2122static krb5_boolean 2123special_crypto(krb5_context context, 2124 krb5_crypto crypto) 2125{ 2126 return (crypto->et->flags & F_SPECIAL) != 0; 2127} |
|
1710 1711#define CHECKSUMSIZE(C) ((C)->checksumsize) 1712#define CHECKSUMTYPE(C) ((C)->type) 1713 1714static krb5_error_code 1715encrypt_internal_derived(krb5_context context, 1716 krb5_crypto crypto, 1717 unsigned usage, 1718 void *data, 1719 size_t len, | 2128 2129#define CHECKSUMSIZE(C) ((C)->checksumsize) 2130#define CHECKSUMTYPE(C) ((C)->type) 2131 2132static krb5_error_code 2133encrypt_internal_derived(krb5_context context, 2134 krb5_crypto crypto, 2135 unsigned usage, 2136 void *data, 2137 size_t len, |
1720 krb5_data *result) | 2138 krb5_data *result, 2139 void *ivec) |
1721{ 1722 size_t sz, block_sz, checksum_sz; 1723 Checksum cksum; 1724 unsigned char *p, *q; 1725 krb5_error_code ret; 1726 struct key_data *dkey; 1727 struct encryption_type *et = crypto->et; 1728 --- 12 unchanged lines hidden (view full) --- 1741 1742 ret = create_checksum(context, 1743 crypto, 1744 INTEGRITY_USAGE(usage), 1745 0, 1746 p, 1747 block_sz, 1748 &cksum); | 2140{ 2141 size_t sz, block_sz, checksum_sz; 2142 Checksum cksum; 2143 unsigned char *p, *q; 2144 krb5_error_code ret; 2145 struct key_data *dkey; 2146 struct encryption_type *et = crypto->et; 2147 --- 12 unchanged lines hidden (view full) --- 2160 2161 ret = create_checksum(context, 2162 crypto, 2163 INTEGRITY_USAGE(usage), 2164 0, 2165 p, 2166 block_sz, 2167 &cksum); |
1749 if(ret == 0 && cksum.checksum.length != checksum_sz) 1750 ret = KRB5_CRYPTO_INTERNAL; | 2168 if(ret == 0 && cksum.checksum.length != checksum_sz) { 2169 free_Checksum (&cksum); 2170 ret = KRB5_CRYPTO_INTERNAL; 2171 } |
1751 if(ret) { 1752 memset(p, 0, block_sz + checksum_sz); 1753 free(p); 1754 return ret; 1755 } 1756 memcpy(p + block_sz, cksum.checksum.data, cksum.checksum.length); | 2172 if(ret) { 2173 memset(p, 0, block_sz + checksum_sz); 2174 free(p); 2175 return ret; 2176 } 2177 memcpy(p + block_sz, cksum.checksum.data, cksum.checksum.length); |
2178 free_Checksum (&cksum); |
|
1757 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); 1758 if(ret) { 1759 memset(p, 0, block_sz + checksum_sz); 1760 free(p); 1761 return ret; 1762 } 1763 ret = _key_schedule(context, dkey); 1764 if(ret) { 1765 memset(p, 0, block_sz); 1766 free(p); 1767 return ret; 1768 } 1769#ifdef CRYPTO_DEBUG 1770 krb5_crypto_debug(context, 1, block_sz, dkey->key); 1771#endif | 2179 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); 2180 if(ret) { 2181 memset(p, 0, block_sz + checksum_sz); 2182 free(p); 2183 return ret; 2184 } 2185 ret = _key_schedule(context, dkey); 2186 if(ret) { 2187 memset(p, 0, block_sz); 2188 free(p); 2189 return ret; 2190 } 2191#ifdef CRYPTO_DEBUG 2192 krb5_crypto_debug(context, 1, block_sz, dkey->key); 2193#endif |
1772 (*et->encrypt)(dkey, p, block_sz, 1); | 2194 (*et->encrypt)(dkey, p, block_sz, 1, usage, ivec); |
1773 result->data = p; 1774 result->length = block_sz + checksum_sz; 1775 return 0; 1776} 1777 1778static krb5_error_code 1779encrypt_internal(krb5_context context, 1780 krb5_crypto crypto, 1781 void *data, 1782 size_t len, | 2195 result->data = p; 2196 result->length = block_sz + checksum_sz; 2197 return 0; 2198} 2199 2200static krb5_error_code 2201encrypt_internal(krb5_context context, 2202 krb5_crypto crypto, 2203 void *data, 2204 size_t len, |
1783 krb5_data *result) | 2205 krb5_data *result, 2206 void *ivec) |
1784{ 1785 size_t sz, block_sz, checksum_sz; 1786 Checksum cksum; 1787 unsigned char *p, *q; 1788 krb5_error_code ret; 1789 struct encryption_type *et = crypto->et; 1790 1791 checksum_sz = CHECKSUMSIZE(et->cksumtype); --- 34 unchanged lines hidden (view full) --- 1826 if(ret) { 1827 memset(p, 0, block_sz); 1828 free(p); 1829 return ret; 1830 } 1831#ifdef CRYPTO_DEBUG 1832 krb5_crypto_debug(context, 1, block_sz, crypto->key.key); 1833#endif | 2207{ 2208 size_t sz, block_sz, checksum_sz; 2209 Checksum cksum; 2210 unsigned char *p, *q; 2211 krb5_error_code ret; 2212 struct encryption_type *et = crypto->et; 2213 2214 checksum_sz = CHECKSUMSIZE(et->cksumtype); --- 34 unchanged lines hidden (view full) --- 2249 if(ret) { 2250 memset(p, 0, block_sz); 2251 free(p); 2252 return ret; 2253 } 2254#ifdef CRYPTO_DEBUG 2255 krb5_crypto_debug(context, 1, block_sz, crypto->key.key); 2256#endif |
1834 (*et->encrypt)(&crypto->key, p, block_sz, 1); | 2257 (*et->encrypt)(&crypto->key, p, block_sz, 1, 0, ivec); |
1835 result->data = p; 1836 result->length = block_sz; 1837 return 0; 1838} 1839 1840static krb5_error_code | 2258 result->data = p; 2259 result->length = block_sz; 2260 return 0; 2261} 2262 2263static krb5_error_code |
2264encrypt_internal_special(krb5_context context, 2265 krb5_crypto crypto, 2266 int usage, 2267 void *data, 2268 size_t len, 2269 krb5_data *result, 2270 void *ivec) 2271{ 2272 struct encryption_type *et = crypto->et; 2273 size_t cksum_sz = CHECKSUMSIZE(et->cksumtype); 2274 size_t sz = len + cksum_sz + et->confoundersize; 2275 char *tmp, *p; 2276 2277 tmp = malloc (sz); 2278 if (tmp == NULL) 2279 return ENOMEM; 2280 p = tmp; 2281 memset (p, 0, cksum_sz); 2282 p += cksum_sz; 2283 krb5_generate_random_block(p, et->confoundersize); 2284 p += et->confoundersize; 2285 memcpy (p, data, len); 2286 (*et->encrypt)(&crypto->key, tmp, sz, TRUE, usage, ivec); 2287 result->data = tmp; 2288 result->length = sz; 2289 return 0; 2290} 2291 2292static krb5_error_code |
|
1841decrypt_internal_derived(krb5_context context, 1842 krb5_crypto crypto, 1843 unsigned usage, 1844 void *data, 1845 size_t len, | 2293decrypt_internal_derived(krb5_context context, 2294 krb5_crypto crypto, 2295 unsigned usage, 2296 void *data, 2297 size_t len, |
1846 krb5_data *result) | 2298 krb5_data *result, 2299 void *ivec) |
1847{ 1848 size_t checksum_sz; 1849 Checksum cksum; 1850 unsigned char *p; 1851 krb5_error_code ret; 1852 struct key_data *dkey; 1853 struct encryption_type *et = crypto->et; 1854 unsigned long l; 1855 | 2300{ 2301 size_t checksum_sz; 2302 Checksum cksum; 2303 unsigned char *p; 2304 krb5_error_code ret; 2305 struct key_data *dkey; 2306 struct encryption_type *et = crypto->et; 2307 unsigned long l; 2308 |
2309 checksum_sz = CHECKSUMSIZE(et->keyed_checksum); 2310 if (len < checksum_sz) 2311 return EINVAL; /* better error code? */ 2312 |
|
1856 p = malloc(len); 1857 if(len != 0 && p == NULL) 1858 return ENOMEM; 1859 memcpy(p, data, len); 1860 | 2313 p = malloc(len); 2314 if(len != 0 && p == NULL) 2315 return ENOMEM; 2316 memcpy(p, data, len); 2317 |
1861 checksum_sz = CHECKSUMSIZE(et->keyed_checksum); | |
1862 len -= checksum_sz; 1863 1864 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); 1865 if(ret) { 1866 free(p); 1867 return ret; 1868 } 1869 ret = _key_schedule(context, dkey); 1870 if(ret) { 1871 free(p); 1872 return ret; 1873 } 1874#ifdef CRYPTO_DEBUG 1875 krb5_crypto_debug(context, 0, len, dkey->key); 1876#endif | 2318 len -= checksum_sz; 2319 2320 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); 2321 if(ret) { 2322 free(p); 2323 return ret; 2324 } 2325 ret = _key_schedule(context, dkey); 2326 if(ret) { 2327 free(p); 2328 return ret; 2329 } 2330#ifdef CRYPTO_DEBUG 2331 krb5_crypto_debug(context, 0, len, dkey->key); 2332#endif |
1877 (*et->encrypt)(dkey, p, len, 0); | 2333 (*et->encrypt)(dkey, p, len, 0, usage, ivec); |
1878 1879 cksum.checksum.data = p + len; 1880 cksum.checksum.length = checksum_sz; 1881 cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum); 1882 1883 ret = verify_checksum(context, 1884 crypto, 1885 INTEGRITY_USAGE(usage), --- 15 unchanged lines hidden (view full) --- 1901 return 0; 1902} 1903 1904static krb5_error_code 1905decrypt_internal(krb5_context context, 1906 krb5_crypto crypto, 1907 void *data, 1908 size_t len, | 2334 2335 cksum.checksum.data = p + len; 2336 cksum.checksum.length = checksum_sz; 2337 cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum); 2338 2339 ret = verify_checksum(context, 2340 crypto, 2341 INTEGRITY_USAGE(usage), --- 15 unchanged lines hidden (view full) --- 2357 return 0; 2358} 2359 2360static krb5_error_code 2361decrypt_internal(krb5_context context, 2362 krb5_crypto crypto, 2363 void *data, 2364 size_t len, |
1909 krb5_data *result) | 2365 krb5_data *result, 2366 void *ivec) |
1910{ 1911 krb5_error_code ret; 1912 unsigned char *p; 1913 Checksum cksum; 1914 size_t checksum_sz, l; 1915 struct encryption_type *et = crypto->et; 1916 1917 checksum_sz = CHECKSUMSIZE(et->cksumtype); --- 5 unchanged lines hidden (view full) --- 1923 ret = _key_schedule(context, &crypto->key); 1924 if(ret) { 1925 free(p); 1926 return ret; 1927 } 1928#ifdef CRYPTO_DEBUG 1929 krb5_crypto_debug(context, 0, len, crypto->key.key); 1930#endif | 2367{ 2368 krb5_error_code ret; 2369 unsigned char *p; 2370 Checksum cksum; 2371 size_t checksum_sz, l; 2372 struct encryption_type *et = crypto->et; 2373 2374 checksum_sz = CHECKSUMSIZE(et->cksumtype); --- 5 unchanged lines hidden (view full) --- 2380 ret = _key_schedule(context, &crypto->key); 2381 if(ret) { 2382 free(p); 2383 return ret; 2384 } 2385#ifdef CRYPTO_DEBUG 2386 krb5_crypto_debug(context, 0, len, crypto->key.key); 2387#endif |
1931 (*et->encrypt)(&crypto->key, p, len, 0); | 2388 (*et->encrypt)(&crypto->key, p, len, 0, 0, ivec); |
1932 ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz); 1933 if(ret) { | 2389 ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz); 2390 if(ret) { |
1934 free(p); 1935 return ret; | 2391 free(p); 2392 return ret; |
1936 } 1937 memset(p + et->confoundersize, 0, checksum_sz); 1938 cksum.cksumtype = CHECKSUMTYPE(et->cksumtype); 1939 ret = verify_checksum(context, NULL, 0, p, len, &cksum); 1940 free_Checksum(&cksum); 1941 if(ret) { 1942 free(p); 1943 return ret; --- 4 unchanged lines hidden (view full) --- 1948 if(result->data == NULL) { 1949 free(p); 1950 return ENOMEM; 1951 } 1952 result->length = l; 1953 return 0; 1954} 1955 | 2393 } 2394 memset(p + et->confoundersize, 0, checksum_sz); 2395 cksum.cksumtype = CHECKSUMTYPE(et->cksumtype); 2396 ret = verify_checksum(context, NULL, 0, p, len, &cksum); 2397 free_Checksum(&cksum); 2398 if(ret) { 2399 free(p); 2400 return ret; --- 4 unchanged lines hidden (view full) --- 2405 if(result->data == NULL) { 2406 free(p); 2407 return ENOMEM; 2408 } 2409 result->length = l; 2410 return 0; 2411} 2412 |
2413static krb5_error_code 2414decrypt_internal_special(krb5_context context, 2415 krb5_crypto crypto, 2416 int usage, 2417 void *data, 2418 size_t len, 2419 krb5_data *result, 2420 void *ivec) 2421{ 2422 struct encryption_type *et = crypto->et; 2423 size_t cksum_sz = CHECKSUMSIZE(et->cksumtype); 2424 size_t sz = len - cksum_sz - et->confoundersize; 2425 char *cdata = (char *)data; 2426 char *tmp; 2427 2428 tmp = malloc (sz); 2429 if (tmp == NULL) 2430 return ENOMEM; 2431 2432 (*et->encrypt)(&crypto->key, data, len, FALSE, usage, ivec); 2433 2434 memcpy (tmp, cdata + cksum_sz + et->confoundersize, sz); 2435 2436 result->data = tmp; 2437 result->length = sz; 2438 return 0; 2439} 2440 2441 |
|
1956krb5_error_code | 2442krb5_error_code |
2443krb5_encrypt_ivec(krb5_context context, 2444 krb5_crypto crypto, 2445 unsigned usage, 2446 void *data, 2447 size_t len, 2448 krb5_data *result, 2449 void *ivec) 2450{ 2451 if(derived_crypto(context, crypto)) 2452 return encrypt_internal_derived(context, crypto, usage, 2453 data, len, result, ivec); 2454 else if (special_crypto(context, crypto)) 2455 return encrypt_internal_special (context, crypto, usage, 2456 data, len, result, ivec); 2457 else 2458 return encrypt_internal(context, crypto, data, len, result, ivec); 2459} 2460 2461krb5_error_code |
|
1957krb5_encrypt(krb5_context context, 1958 krb5_crypto crypto, 1959 unsigned usage, 1960 void *data, 1961 size_t len, 1962 krb5_data *result) 1963{ | 2462krb5_encrypt(krb5_context context, 2463 krb5_crypto crypto, 2464 unsigned usage, 2465 void *data, 2466 size_t len, 2467 krb5_data *result) 2468{ |
1964 if(derived_crypto(context, crypto)) 1965 return encrypt_internal_derived(context, crypto, usage, 1966 data, len, result); 1967 else 1968 return encrypt_internal(context, crypto, data, len, result); | 2469 return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL); |
1969} 1970 1971krb5_error_code 1972krb5_encrypt_EncryptedData(krb5_context context, 1973 krb5_crypto crypto, 1974 unsigned usage, 1975 void *data, 1976 size_t len, --- 5 unchanged lines hidden (view full) --- 1982 ALLOC(result->kvno, 1); 1983 *result->kvno = kvno; 1984 }else 1985 result->kvno = NULL; 1986 return krb5_encrypt(context, crypto, usage, data, len, &result->cipher); 1987} 1988 1989krb5_error_code | 2470} 2471 2472krb5_error_code 2473krb5_encrypt_EncryptedData(krb5_context context, 2474 krb5_crypto crypto, 2475 unsigned usage, 2476 void *data, 2477 size_t len, --- 5 unchanged lines hidden (view full) --- 2483 ALLOC(result->kvno, 1); 2484 *result->kvno = kvno; 2485 }else 2486 result->kvno = NULL; 2487 return krb5_encrypt(context, crypto, usage, data, len, &result->cipher); 2488} 2489 2490krb5_error_code |
2491krb5_decrypt_ivec(krb5_context context, 2492 krb5_crypto crypto, 2493 unsigned usage, 2494 void *data, 2495 size_t len, 2496 krb5_data *result, 2497 void *ivec) 2498{ 2499 if(derived_crypto(context, crypto)) 2500 return decrypt_internal_derived(context, crypto, usage, 2501 data, len, result, ivec); 2502 else if (special_crypto (context, crypto)) 2503 return decrypt_internal_special(context, crypto, usage, 2504 data, len, result, ivec); 2505 else 2506 return decrypt_internal(context, crypto, data, len, result, ivec); 2507} 2508 2509krb5_error_code |
|
1990krb5_decrypt(krb5_context context, 1991 krb5_crypto crypto, 1992 unsigned usage, 1993 void *data, 1994 size_t len, 1995 krb5_data *result) 1996{ | 2510krb5_decrypt(krb5_context context, 2511 krb5_crypto crypto, 2512 unsigned usage, 2513 void *data, 2514 size_t len, 2515 krb5_data *result) 2516{ |
1997 if(derived_crypto(context, crypto)) 1998 return decrypt_internal_derived(context, crypto, usage, 1999 data, len, result); 2000 else 2001 return decrypt_internal(context, crypto, data, len, result); | 2517 return krb5_decrypt_ivec (context, crypto, usage, data, len, result, 2518 NULL); |
2002} 2003 2004krb5_error_code 2005krb5_decrypt_EncryptedData(krb5_context context, 2006 krb5_crypto crypto, 2007 unsigned usage, | 2519} 2520 2521krb5_error_code 2522krb5_decrypt_EncryptedData(krb5_context context, 2523 krb5_crypto crypto, 2524 unsigned usage, |
2008 EncryptedData *e, | 2525 const EncryptedData *e, |
2009 krb5_data *result) 2010{ 2011 return krb5_decrypt(context, crypto, usage, 2012 e->cipher.data, e->cipher.length, result); 2013} 2014 2015/************************************************************ 2016 * * --- 70 unchanged lines hidden (view full) --- 2087 unsigned char *k; 2088 unsigned int nblocks = 0, i; 2089 krb5_error_code ret = 0; 2090 2091 struct key_type *kt = et->keytype; 2092 ret = _key_schedule(context, key); 2093 if(ret) 2094 return ret; | 2526 krb5_data *result) 2527{ 2528 return krb5_decrypt(context, crypto, usage, 2529 e->cipher.data, e->cipher.length, result); 2530} 2531 2532/************************************************************ 2533 * * --- 70 unchanged lines hidden (view full) --- 2604 unsigned char *k; 2605 unsigned int nblocks = 0, i; 2606 krb5_error_code ret = 0; 2607 2608 struct key_type *kt = et->keytype; 2609 ret = _key_schedule(context, key); 2610 if(ret) 2611 return ret; |
2095 if(et->blocksize * 8 < kt->bits || | 2612 if(et->blocksize * 8 < kt->bits || |
2096 len != et->blocksize) { 2097 nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8); 2098 k = malloc(nblocks * et->blocksize); 2099 if(k == NULL) 2100 return ENOMEM; 2101 _krb5_n_fold(constant, len, k, et->blocksize); 2102 for(i = 0; i < nblocks; i++) { 2103 if(i > 0) 2104 memcpy(k + i * et->blocksize, 2105 k + (i - 1) * et->blocksize, 2106 et->blocksize); | 2613 len != et->blocksize) { 2614 nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8); 2615 k = malloc(nblocks * et->blocksize); 2616 if(k == NULL) 2617 return ENOMEM; 2618 _krb5_n_fold(constant, len, k, et->blocksize); 2619 for(i = 0; i < nblocks; i++) { 2620 if(i > 0) 2621 memcpy(k + i * et->blocksize, 2622 k + (i - 1) * et->blocksize, 2623 et->blocksize); |
2107 (*et->encrypt)(key, k + i * et->blocksize, et->blocksize, 1); | 2624 (*et->encrypt)(key, k + i * et->blocksize, et->blocksize, 1, 0, 2625 NULL); |
2108 } 2109 } else { | 2626 } 2627 } else { |
2628 /* this case is probably broken, but won't be run anyway */ |
|
2110 void *c = malloc(len); 2111 size_t res_len = (kt->bits + 7) / 8; 2112 2113 if(len != 0 && c == NULL) 2114 return ENOMEM; 2115 memcpy(c, constant, len); | 2629 void *c = malloc(len); 2630 size_t res_len = (kt->bits + 7) / 8; 2631 2632 if(len != 0 && c == NULL) 2633 return ENOMEM; 2634 memcpy(c, constant, len); |
2116 (*et->encrypt)(key, c, len, 1); | 2635 (*et->encrypt)(key, c, len, 1, 0, NULL); |
2117 k = malloc(res_len); 2118 if(res_len != 0 && k == NULL) 2119 return ENOMEM; 2120 _krb5_n_fold(c, len, k, res_len); 2121 free(c); 2122 } 2123 2124 /* XXX keytype dependent post-processing */ --- 136 unchanged lines hidden (view full) --- 2261 &kd, 2262 "kerberos", /* XXX well known constant */ 2263 strlen("kerberos")); 2264 ret = krb5_copy_keyblock_contents(context, kd.key, key); 2265 free_key_data(context, &kd); 2266 return ret; 2267} 2268 | 2636 k = malloc(res_len); 2637 if(res_len != 0 && k == NULL) 2638 return ENOMEM; 2639 _krb5_n_fold(c, len, k, res_len); 2640 free(c); 2641 } 2642 2643 /* XXX keytype dependent post-processing */ --- 136 unchanged lines hidden (view full) --- 2780 &kd, 2781 "kerberos", /* XXX well known constant */ 2782 strlen("kerberos")); 2783 ret = krb5_copy_keyblock_contents(context, kd.key, key); 2784 free_key_data(context, &kd); 2785 return ret; 2786} 2787 |
2788static size_t 2789wrapped_length (krb5_context context, 2790 krb5_crypto crypto, 2791 size_t data_len) 2792{ 2793 struct encryption_type *et = crypto->et; 2794 size_t blocksize = et->blocksize; 2795 size_t res; 2796 2797 res = et->confoundersize + et->cksumtype->checksumsize + data_len; 2798 res = (res + blocksize - 1) / blocksize * blocksize; 2799 return res; 2800} 2801 2802static size_t 2803wrapped_length_dervied (krb5_context context, 2804 krb5_crypto crypto, 2805 size_t data_len) 2806{ 2807 struct encryption_type *et = crypto->et; 2808 size_t blocksize = et->blocksize; 2809 size_t res; 2810 2811 res = et->confoundersize + data_len; 2812 res = (res + blocksize - 1) / blocksize * blocksize; 2813 res += et->cksumtype->checksumsize; 2814 return res; 2815} 2816 |
|
2269/* 2270 * Return the size of an encrypted packet of length `data_len' 2271 */ 2272 2273size_t 2274krb5_get_wrapped_length (krb5_context context, 2275 krb5_crypto crypto, 2276 size_t data_len) 2277{ | 2817/* 2818 * Return the size of an encrypted packet of length `data_len' 2819 */ 2820 2821size_t 2822krb5_get_wrapped_length (krb5_context context, 2823 krb5_crypto crypto, 2824 size_t data_len) 2825{ |
2278 struct encryption_type *et = crypto->et; 2279 size_t blocksize = et->blocksize; 2280 size_t res; 2281 2282 res = (data_len + blocksize - 1) / blocksize * blocksize; 2283 res = res + et->confoundersize + et->cksumtype->checksumsize; 2284 return res; | 2826 if (derived_crypto (context, crypto)) 2827 return wrapped_length_dervied (context, crypto, data_len); 2828 else 2829 return wrapped_length (context, crypto, data_len); |
2285} 2286 2287#ifdef CRYPTO_DEBUG 2288 2289static krb5_error_code 2290krb5_get_keyid(krb5_context context, 2291 krb5_keyblock *key, 2292 u_int32_t *keyid) 2293{ 2294 MD5_CTX md5; 2295 unsigned char tmp[16]; 2296 | 2830} 2831 2832#ifdef CRYPTO_DEBUG 2833 2834static krb5_error_code 2835krb5_get_keyid(krb5_context context, 2836 krb5_keyblock *key, 2837 u_int32_t *keyid) 2838{ 2839 MD5_CTX md5; 2840 unsigned char tmp[16]; 2841 |
2297 MD5Init (&md5); 2298 MD5Update (&md5, key->keyvalue.data, key->keyvalue.length); 2299 MD5Final (tmp, &md5); | 2842 MD5_Init (&md5); 2843 MD5_Update (&md5, key->keyvalue.data, key->keyvalue.length); 2844 MD5_Final (tmp, &md5); |
2300 *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15]; 2301 return 0; 2302} 2303 2304static void 2305krb5_crypto_debug(krb5_context context, 2306 int encrypt, 2307 size_t len, --- 7 unchanged lines hidden (view full) --- 2315 encrypt ? "encrypting" : "decrypting", 2316 (unsigned long)len, 2317 keyid, 2318 kt); 2319 free(kt); 2320} 2321 2322#endif /* CRYPTO_DEBUG */ | 2845 *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15]; 2846 return 0; 2847} 2848 2849static void 2850krb5_crypto_debug(krb5_context context, 2851 int encrypt, 2852 size_t len, --- 7 unchanged lines hidden (view full) --- 2860 encrypt ? "encrypting" : "decrypting", 2861 (unsigned long)len, 2862 keyid, 2863 kt); 2864 free(kt); 2865} 2866 2867#endif /* CRYPTO_DEBUG */ |
2868 2869#if 0 2870int 2871main() 2872{ 2873#if 0 2874 int i; 2875 krb5_context context; 2876 krb5_crypto crypto; 2877 struct key_data *d; 2878 krb5_keyblock key; 2879 char constant[4]; 2880 unsigned usage = ENCRYPTION_USAGE(3); 2881 krb5_error_code ret; 2882 2883 ret = krb5_init_context(&context); 2884 if (ret) 2885 errx (1, "krb5_init_context failed: %d", ret); 2886 2887 key.keytype = ETYPE_NEW_DES3_CBC_SHA1; 2888 key.keyvalue.data = "\xb3\x85\x58\x94\xd9\xdc\x7c\xc8" 2889 "\x25\xe9\x85\xab\x3e\xb5\xfb\x0e" 2890 "\xc8\xdf\xab\x26\x86\x64\x15\x25"; 2891 key.keyvalue.length = 24; 2892 2893 krb5_crypto_init(context, &key, 0, &crypto); 2894 2895 d = _new_derived_key(crypto, usage); 2896 if(d == NULL) 2897 return ENOMEM; 2898 krb5_copy_keyblock(context, crypto->key.key, &d->key); 2899 _krb5_put_int(constant, usage, 4); 2900 derive_key(context, crypto->et, d, constant, sizeof(constant)); 2901 return 0; 2902#else 2903 int i; 2904 krb5_context context; 2905 krb5_crypto crypto; 2906 struct key_data *d; 2907 krb5_keyblock key; 2908 krb5_error_code ret; 2909 Checksum res; 2910 2911 char *data = "what do ya want for nothing?"; 2912 2913 ret = krb5_init_context(&context); 2914 if (ret) 2915 errx (1, "krb5_init_context failed: %d", ret); 2916 2917 key.keytype = ETYPE_NEW_DES3_CBC_SHA1; 2918 key.keyvalue.data = "Jefe"; 2919 /* "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" 2920 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */ 2921 key.keyvalue.length = 4; 2922 2923 d = calloc(1, sizeof(*d)); 2924 2925 d->key = &key; 2926 res.checksum.length = 20; 2927 res.checksum.data = malloc(res.checksum.length); 2928 HMAC_SHA1_DES3_checksum(context, d, data, 28, &res); 2929 2930 return 0; 2931#endif 2932} 2933#endif |
|