Deleted Added
sdiff udiff text old ( 57428 ) new ( 72448 )
full compact
crypto.c (57428) crypto.c (72448)
1/*
1/*
2 * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
2 * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright

--- 17 unchanged lines hidden (view full) ---

28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "krb5_locl.h"
35RCSID("$Id: crypto.c,v 1.29 2000/01/25 23:06:55 assar Exp $");
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright

--- 17 unchanged lines hidden (view full) ---

28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "krb5_locl.h"
35RCSID("$Id: crypto.c,v 1.29 2000/01/25 23:06:55 assar Exp $");
36/* RCSID("$FreeBSD: head/crypto/heimdal/lib/krb5/crypto.c 57428 2000-02-24 13:37:41Z markm $"); */
36/* RCSID("$FreeBSD: head/crypto/heimdal/lib/krb5/crypto.c 72448 2001-02-13 16:52:56Z assar $"); */
37
38#undef CRYPTO_DEBUG
39#ifdef CRYPTO_DEBUG
40static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*);
41#endif
42
43
44struct key_data {

--- 16 unchanged lines hidden (view full) ---

61#define CRYPTO_ETYPE(C) ((C)->et->type)
62
63/* bits for `flags' below */
64#define F_KEYED 1 /* checksum is keyed */
65#define F_CPROOF 2 /* checksum is collision proof */
66#define F_DERIVED 4 /* uses derived keys */
67#define F_VARIANT 8 /* uses `variant' keys (6.4.3) */
68#define F_PSEUDO 16 /* not a real protocol type */
37
38#undef CRYPTO_DEBUG
39#ifdef CRYPTO_DEBUG
40static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*);
41#endif
42
43
44struct key_data {

--- 16 unchanged lines hidden (view full) ---

61#define CRYPTO_ETYPE(C) ((C)->et->type)
62
63/* bits for `flags' below */
64#define F_KEYED 1 /* checksum is keyed */
65#define F_CPROOF 2 /* checksum is collision proof */
66#define F_DERIVED 4 /* uses derived keys */
67#define F_VARIANT 8 /* uses `variant' keys (6.4.3) */
68#define F_PSEUDO 16 /* not a real protocol type */
69#define F_SPECIAL 32 /* backwards */
69
70struct salt_type {
71 krb5_salttype type;
72 const char *name;
73 krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data,
74 krb5_salt, krb5_keyblock*);
75};
76

--- 12 unchanged lines hidden (view full) ---

89};
90
91struct checksum_type {
92 krb5_cksumtype type;
93 const char *name;
94 size_t blocksize;
95 size_t checksumsize;
96 unsigned flags;
70
71struct salt_type {
72 krb5_salttype type;
73 const char *name;
74 krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data,
75 krb5_salt, krb5_keyblock*);
76};
77

--- 12 unchanged lines hidden (view full) ---

90};
91
92struct checksum_type {
93 krb5_cksumtype type;
94 const char *name;
95 size_t blocksize;
96 size_t checksumsize;
97 unsigned flags;
97 void (*checksum)(krb5_context, struct key_data*, void*, size_t, Checksum*);
98 krb5_error_code (*verify)(krb5_context, struct key_data*,
99 void*, size_t, Checksum*);
98 void (*checksum)(krb5_context context,
99 struct key_data *key,
100 const void *buf, size_t len,
101 unsigned usage,
102 Checksum *csum);
103 krb5_error_code (*verify)(krb5_context context,
104 struct key_data *key,
105 const void *buf, size_t len,
106 unsigned usage,
107 Checksum *csum);
100};
101
102struct encryption_type {
103 krb5_enctype type;
104 const char *name;
105 size_t blocksize;
106 size_t confoundersize;
107 struct key_type *keytype;
108 struct checksum_type *cksumtype;
109 struct checksum_type *keyed_checksum;
110 unsigned flags;
108};
109
110struct encryption_type {
111 krb5_enctype type;
112 const char *name;
113 size_t blocksize;
114 size_t confoundersize;
115 struct key_type *keytype;
116 struct checksum_type *cksumtype;
117 struct checksum_type *keyed_checksum;
118 unsigned flags;
111 void (*encrypt)(struct key_data *, void *, size_t, int);
119 krb5_error_code (*encrypt)(struct key_data *key,
120 void *data, size_t len,
121 krb5_boolean encrypt,
122 int usage,
123 void *ivec);
112};
113
114#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA)
115#define INTEGRITY_USAGE(U) (((U) << 8) | 0x55)
116#define CHECKSUM_USAGE(U) (((U) << 8) | 0x99)
117
118static struct checksum_type *_find_checksum(krb5_cksumtype type);
119static struct encryption_type *_find_enctype(krb5_enctype type);

--- 65 unchanged lines hidden (view full) ---

185 krb5_data cell,
186 des_cblock *key)
187{
188 char password[8+1]; /* crypt is limited to 8 chars anyway */
189 int i;
190
191 for(i = 0; i < 8; i++) {
192 char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^
124};
125
126#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA)
127#define INTEGRITY_USAGE(U) (((U) << 8) | 0x55)
128#define CHECKSUM_USAGE(U) (((U) << 8) | 0x99)
129
130static struct checksum_type *_find_checksum(krb5_cksumtype type);
131static struct encryption_type *_find_enctype(krb5_enctype type);

--- 65 unchanged lines hidden (view full) ---

197 krb5_data cell,
198 des_cblock *key)
199{
200 char password[8+1]; /* crypt is limited to 8 chars anyway */
201 int i;
202
203 for(i = 0; i < 8; i++) {
204 char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^
193 ((i < cell.length) ? ((char*)cell.data)[i] : 0);
205 ((i < cell.length) ?
206 tolower(((unsigned char*)cell.data)[i]) : 0);
194 password[i] = c ? c : 'X';
195 }
196 password[8] = '\0';
197
198 memcpy(key, crypt(password, "#~") + 2, sizeof(des_cblock));
199
200 /* parity is inserted into the LSB so left shift each byte up one
201 bit. This allows ascii characters with a zero MSB to retain as

--- 13 unchanged lines hidden (view full) ---

215{
216 des_key_schedule schedule;
217 des_cblock temp_key;
218 des_cblock ivec;
219 char password[512];
220 size_t passlen;
221
222 memcpy(password, pw.data, min(pw.length, sizeof(password)));
207 password[i] = c ? c : 'X';
208 }
209 password[8] = '\0';
210
211 memcpy(key, crypt(password, "#~") + 2, sizeof(des_cblock));
212
213 /* parity is inserted into the LSB so left shift each byte up one
214 bit. This allows ascii characters with a zero MSB to retain as

--- 13 unchanged lines hidden (view full) ---

228{
229 des_key_schedule schedule;
230 des_cblock temp_key;
231 des_cblock ivec;
232 char password[512];
233 size_t passlen;
234
235 memcpy(password, pw.data, min(pw.length, sizeof(password)));
223 if(pw.length < sizeof(password))
224 memcpy(password + pw.length,
225 cell.data, min(cell.length,
226 sizeof(password) - pw.length));
236 if(pw.length < sizeof(password)) {
237 int len = min(cell.length, sizeof(password) - pw.length);
238 int i;
239
240 memcpy(password + pw.length, cell.data, len);
241 for (i = pw.length; i < pw.length + len; ++i)
242 password[i] = tolower((unsigned char)password[i]);
243 }
227 passlen = min(sizeof(password), pw.length + cell.length);
228 memcpy(&ivec, "kerberos", 8);
229 memcpy(&temp_key, "kerberos", 8);
230 des_set_odd_parity (&temp_key);
231 des_set_key (&temp_key, schedule);
244 passlen = min(sizeof(password), pw.length + cell.length);
245 memcpy(&ivec, "kerberos", 8);
246 memcpy(&temp_key, "kerberos", 8);
247 des_set_odd_parity (&temp_key);
248 des_set_key (&temp_key, schedule);
232 des_cbc_cksum ((const void *)password, &ivec, passlen,
233 schedule, &ivec);
249 des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec);
234
235 memcpy(&temp_key, &ivec, 8);
236 des_set_odd_parity (&temp_key);
237 des_set_key (&temp_key, schedule);
250
251 memcpy(&temp_key, &ivec, 8);
252 des_set_odd_parity (&temp_key);
253 des_set_key (&temp_key, schedule);
238 des_cbc_cksum ((const void *)password, key, passlen,
239 schedule, &ivec);
254 des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec);
240 memset(&schedule, 0, sizeof(schedule));
241 memset(&temp_key, 0, sizeof(temp_key));
242 memset(&ivec, 0, sizeof(ivec));
243 memset(password, 0, sizeof(password));
244
245 des_set_odd_parity (key);
246}
247

--- 87 unchanged lines hidden (view full) ---

335 for(i = 0; i < 3; i++){
336 memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
337 des_set_odd_parity(keys + i);
338 if(des_is_weak_key(keys + i))
339 xor(keys + i, (unsigned char*)"\0\0\0\0\0\0\0\xf0");
340 des_set_key(keys + i, s[i]);
341 }
342 memset(&ivec, 0, sizeof(ivec));
255 memset(&schedule, 0, sizeof(schedule));
256 memset(&temp_key, 0, sizeof(temp_key));
257 memset(&ivec, 0, sizeof(ivec));
258 memset(password, 0, sizeof(password));
259
260 des_set_odd_parity (key);
261}
262

--- 87 unchanged lines hidden (view full) ---

350 for(i = 0; i < 3; i++){
351 memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
352 des_set_odd_parity(keys + i);
353 if(des_is_weak_key(keys + i))
354 xor(keys + i, (unsigned char*)"\0\0\0\0\0\0\0\xf0");
355 des_set_key(keys + i, s[i]);
356 }
357 memset(&ivec, 0, sizeof(ivec));
343 des_ede3_cbc_encrypt((const void *)tmp,
344 (void *)tmp, sizeof(tmp),
358 des_ede3_cbc_encrypt((des_cblock *)tmp,
359 (des_cblock *)tmp, sizeof(tmp),
345 s[0], s[1], s[2], &ivec, DES_ENCRYPT);
346 memset(s, 0, sizeof(s));
347 memset(&ivec, 0, sizeof(ivec));
348 for(i = 0; i < 3; i++){
349 memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
350 des_set_odd_parity(keys + i);
351 if(des_is_weak_key(keys + i))
352 xor(keys + i, (unsigned char*)"\0\0\0\0\0\0\0\xf0");

--- 59 unchanged lines hidden (view full) ---

412 krb5_salt salt,
413 krb5_keyblock *key)
414{
415 char *s, *p;
416 size_t len;
417 int i;
418 MD4_CTX m;
419
360 s[0], s[1], s[2], &ivec, DES_ENCRYPT);
361 memset(s, 0, sizeof(s));
362 memset(&ivec, 0, sizeof(ivec));
363 for(i = 0; i < 3; i++){
364 memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
365 des_set_odd_parity(keys + i);
366 if(des_is_weak_key(keys + i))
367 xor(keys + i, (unsigned char*)"\0\0\0\0\0\0\0\xf0");

--- 59 unchanged lines hidden (view full) ---

427 krb5_salt salt,
428 krb5_keyblock *key)
429{
430 char *s, *p;
431 size_t len;
432 int i;
433 MD4_CTX m;
434
420 len = 2 * (password.length + salt.saltvalue.length);
435 len = 2 * password.length;
421 s = malloc (len);
422 if (len != 0 && s == NULL)
423 return ENOMEM;
424 for (p = s, i = 0; i < password.length; ++i) {
425 *p++ = ((char *)password.data)[i];
426 *p++ = 0;
427 }
436 s = malloc (len);
437 if (len != 0 && s == NULL)
438 return ENOMEM;
439 for (p = s, i = 0; i < password.length; ++i) {
440 *p++ = ((char *)password.data)[i];
441 *p++ = 0;
442 }
428 for (i = 0; i < salt.saltvalue.length; ++i) {
429 *p++ = ((char *)salt.saltvalue.data)[i];
430 *p++ = 0;
431 }
432 MD4Init (&m);
433 MD4Update (&m, s, len);
443 MD4_Init (&m);
444 MD4_Update (&m, s, len);
434 key->keytype = enctype;
435 krb5_data_alloc (&key->keyvalue, 16);
445 key->keytype = enctype;
446 krb5_data_alloc (&key->keyvalue, 16);
436 MD4Final (key->keyvalue.data, &m);
447 MD4_Final (key->keyvalue.data, &m);
437 memset (s, 0, len);
438 free (s);
439 return 0;
440}
441
442extern struct salt_type des_salt[],
443 des3_salt[], des3_salt_derived[], arcfour_salt[];
444

--- 221 unchanged lines hidden (view full) ---

666 krb5_keyblock *key)
667{
668 krb5_data pw;
669 pw.data = (void*)password;
670 pw.length = strlen(password);
671 return krb5_string_to_key_data(context, enctype, pw, principal, key);
672}
673
448 memset (s, 0, len);
449 free (s);
450 return 0;
451}
452
453extern struct salt_type des_salt[],
454 des3_salt[], des3_salt_derived[], arcfour_salt[];
455

--- 221 unchanged lines hidden (view full) ---

677 krb5_keyblock *key)
678{
679 krb5_data pw;
680 pw.data = (void*)password;
681 pw.length = strlen(password);
682 return krb5_string_to_key_data(context, enctype, pw, principal, key);
683}
684
685/*
686 * Do a string -> key for encryption type `enctype' operation on
687 * `password' (with salt `salt'), returning the resulting key in `key'
688 */
689
674krb5_error_code
675krb5_string_to_key_data_salt (krb5_context context,
676 krb5_enctype enctype,
677 krb5_data password,
678 krb5_salt salt,
679 krb5_keyblock *key)
680{
681 struct encryption_type *et =_find_enctype(enctype);
682 struct salt_type *st;
683 if(et == NULL)
684 return KRB5_PROG_ETYPE_NOSUPP;
685 for(st = et->keytype->string_to_key; st && st->type; st++)
686 if(st->type == salt.salttype)
687 return (*st->string_to_key)(context, enctype, password, salt, key);
688 return HEIM_ERR_SALTTYPE_NOSUPP;
689}
690
690krb5_error_code
691krb5_string_to_key_data_salt (krb5_context context,
692 krb5_enctype enctype,
693 krb5_data password,
694 krb5_salt salt,
695 krb5_keyblock *key)
696{
697 struct encryption_type *et =_find_enctype(enctype);
698 struct salt_type *st;
699 if(et == NULL)
700 return KRB5_PROG_ETYPE_NOSUPP;
701 for(st = et->keytype->string_to_key; st && st->type; st++)
702 if(st->type == salt.salttype)
703 return (*st->string_to_key)(context, enctype, password, salt, key);
704 return HEIM_ERR_SALTTYPE_NOSUPP;
705}
706
707/*
708 * Do a string -> key for encryption type `enctype' operation on the
709 * string `password' (with salt `salt'), returning the resulting key
710 * in `key'
711 */
712
691krb5_error_code
692krb5_string_to_key_salt (krb5_context context,
693 krb5_enctype enctype,
694 const char *password,
695 krb5_salt salt,
696 krb5_keyblock *key)
697{
698 krb5_data pw;

--- 56 unchanged lines hidden (view full) ---

755 struct key_data *key)
756{
757 krb5_error_code ret;
758 struct encryption_type *et = _find_enctype(key->key->keytype);
759 struct key_type *kt = et->keytype;
760
761 if(kt->schedule == NULL)
762 return 0;
713krb5_error_code
714krb5_string_to_key_salt (krb5_context context,
715 krb5_enctype enctype,
716 const char *password,
717 krb5_salt salt,
718 krb5_keyblock *key)
719{
720 krb5_data pw;

--- 56 unchanged lines hidden (view full) ---

777 struct key_data *key)
778{
779 krb5_error_code ret;
780 struct encryption_type *et = _find_enctype(key->key->keytype);
781 struct key_type *kt = et->keytype;
782
783 if(kt->schedule == NULL)
784 return 0;
785 if (key->schedule != NULL)
786 return 0;
763 ALLOC(key->schedule, 1);
764 if(key->schedule == NULL)
765 return ENOMEM;
766 ret = krb5_data_alloc(key->schedule, kt->schedule_size);
767 if(ret) {
768 free(key->schedule);
769 key->schedule = NULL;
770 return ret;

--- 4 unchanged lines hidden (view full) ---

775
776/************************************************************
777 * *
778 ************************************************************/
779
780static void
781NONE_checksum(krb5_context context,
782 struct key_data *key,
787 ALLOC(key->schedule, 1);
788 if(key->schedule == NULL)
789 return ENOMEM;
790 ret = krb5_data_alloc(key->schedule, kt->schedule_size);
791 if(ret) {
792 free(key->schedule);
793 key->schedule = NULL;
794 return ret;

--- 4 unchanged lines hidden (view full) ---

799
800/************************************************************
801 * *
802 ************************************************************/
803
804static void
805NONE_checksum(krb5_context context,
806 struct key_data *key,
783 void *data,
807 const void *data,
784 size_t len,
808 size_t len,
809 unsigned usage,
785 Checksum *C)
786{
787}
788
789static void
790CRC32_checksum(krb5_context context,
791 struct key_data *key,
810 Checksum *C)
811{
812}
813
814static void
815CRC32_checksum(krb5_context context,
816 struct key_data *key,
792 void *data,
817 const void *data,
793 size_t len,
818 size_t len,
819 unsigned usage,
794 Checksum *C)
795{
796 u_int32_t crc;
797 unsigned char *r = C->checksum.data;
798 _krb5_crc_init_table ();
799 crc = _krb5_crc_update (data, len, 0);
800 r[0] = crc & 0xff;
801 r[1] = (crc >> 8) & 0xff;
802 r[2] = (crc >> 16) & 0xff;
803 r[3] = (crc >> 24) & 0xff;
804}
805
806static void
807RSA_MD4_checksum(krb5_context context,
808 struct key_data *key,
820 Checksum *C)
821{
822 u_int32_t crc;
823 unsigned char *r = C->checksum.data;
824 _krb5_crc_init_table ();
825 crc = _krb5_crc_update (data, len, 0);
826 r[0] = crc & 0xff;
827 r[1] = (crc >> 8) & 0xff;
828 r[2] = (crc >> 16) & 0xff;
829 r[3] = (crc >> 24) & 0xff;
830}
831
832static void
833RSA_MD4_checksum(krb5_context context,
834 struct key_data *key,
809 void *data,
835 const void *data,
810 size_t len,
836 size_t len,
837 unsigned usage,
811 Checksum *C)
812{
813 MD4_CTX m;
814
838 Checksum *C)
839{
840 MD4_CTX m;
841
815 MD4Init (&m);
816 MD4Update (&m, data, len);
817 MD4Final (C->checksum.data, &m);
842 MD4_Init (&m);
843 MD4_Update (&m, data, len);
844 MD4_Final (C->checksum.data, &m);
818}
819
820static void
821RSA_MD4_DES_checksum(krb5_context context,
822 struct key_data *key,
845}
846
847static void
848RSA_MD4_DES_checksum(krb5_context context,
849 struct key_data *key,
823 void *data,
850 const void *data,
824 size_t len,
851 size_t len,
852 unsigned usage,
825 Checksum *cksum)
826{
827 MD4_CTX md4;
828 des_cblock ivec;
829 unsigned char *p = cksum->checksum.data;
830
831 krb5_generate_random_block(p, 8);
853 Checksum *cksum)
854{
855 MD4_CTX md4;
856 des_cblock ivec;
857 unsigned char *p = cksum->checksum.data;
858
859 krb5_generate_random_block(p, 8);
832 MD4Init (&md4);
833 MD4Update (&md4, p, 8);
834 MD4Update (&md4, data, len);
835 MD4Final (p + 8, &md4);
860 MD4_Init (&md4);
861 MD4_Update (&md4, p, 8);
862 MD4_Update (&md4, data, len);
863 MD4_Final (p + 8, &md4);
836 memset (&ivec, 0, sizeof(ivec));
864 memset (&ivec, 0, sizeof(ivec));
837 des_cbc_encrypt((const void *)p,
838 (void *)p,
865 des_cbc_encrypt((des_cblock*)p,
866 (des_cblock*)p,
839 24,
840 key->schedule->data,
841 &ivec,
842 DES_ENCRYPT);
843}
844
845static krb5_error_code
846RSA_MD4_DES_verify(krb5_context context,
847 struct key_data *key,
867 24,
868 key->schedule->data,
869 &ivec,
870 DES_ENCRYPT);
871}
872
873static krb5_error_code
874RSA_MD4_DES_verify(krb5_context context,
875 struct key_data *key,
848 void *data,
876 const void *data,
849 size_t len,
877 size_t len,
878 unsigned usage,
850 Checksum *C)
851{
852 MD4_CTX md4;
853 unsigned char tmp[24];
854 unsigned char res[16];
855 des_cblock ivec;
856 krb5_error_code ret = 0;
857
858 memset(&ivec, 0, sizeof(ivec));
859 des_cbc_encrypt(C->checksum.data,
860 (void*)tmp,
861 C->checksum.length,
862 key->schedule->data,
863 &ivec,
864 DES_DECRYPT);
879 Checksum *C)
880{
881 MD4_CTX md4;
882 unsigned char tmp[24];
883 unsigned char res[16];
884 des_cblock ivec;
885 krb5_error_code ret = 0;
886
887 memset(&ivec, 0, sizeof(ivec));
888 des_cbc_encrypt(C->checksum.data,
889 (void*)tmp,
890 C->checksum.length,
891 key->schedule->data,
892 &ivec,
893 DES_DECRYPT);
865 MD4Init (&md4);
866 MD4Update (&md4, tmp, 8); /* confounder */
867 MD4Update (&md4, data, len);
868 MD4Final (res, &md4);
894 MD4_Init (&md4);
895 MD4_Update (&md4, tmp, 8); /* confounder */
896 MD4_Update (&md4, data, len);
897 MD4_Final (res, &md4);
869 if(memcmp(res, tmp + 8, sizeof(res)) != 0)
870 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
871 memset(tmp, 0, sizeof(tmp));
872 memset(res, 0, sizeof(res));
873 return ret;
874}
875
876static void
877RSA_MD5_checksum(krb5_context context,
878 struct key_data *key,
898 if(memcmp(res, tmp + 8, sizeof(res)) != 0)
899 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
900 memset(tmp, 0, sizeof(tmp));
901 memset(res, 0, sizeof(res));
902 return ret;
903}
904
905static void
906RSA_MD5_checksum(krb5_context context,
907 struct key_data *key,
879 void *data,
908 const void *data,
880 size_t len,
909 size_t len,
910 unsigned usage,
881 Checksum *C)
882{
883 MD5_CTX m;
884
911 Checksum *C)
912{
913 MD5_CTX m;
914
885 MD5Init (&m);
886 MD5Update(&m, data, len);
887 MD5Final (C->checksum.data, &m);
915 MD5_Init (&m);
916 MD5_Update(&m, data, len);
917 MD5_Final (C->checksum.data, &m);
888}
889
890static void
891RSA_MD5_DES_checksum(krb5_context context,
892 struct key_data *key,
918}
919
920static void
921RSA_MD5_DES_checksum(krb5_context context,
922 struct key_data *key,
893 void *data,
923 const void *data,
894 size_t len,
924 size_t len,
925 unsigned usage,
895 Checksum *C)
896{
897 MD5_CTX md5;
898 des_cblock ivec;
899 unsigned char *p = C->checksum.data;
900
901 krb5_generate_random_block(p, 8);
926 Checksum *C)
927{
928 MD5_CTX md5;
929 des_cblock ivec;
930 unsigned char *p = C->checksum.data;
931
932 krb5_generate_random_block(p, 8);
902 MD5Init (&md5);
903 MD5Update (&md5, p, 8);
904 MD5Update (&md5, data, len);
905 MD5Final (p + 8, &md5);
933 MD5_Init (&md5);
934 MD5_Update (&md5, p, 8);
935 MD5_Update (&md5, data, len);
936 MD5_Final (p + 8, &md5);
906 memset (&ivec, 0, sizeof(ivec));
937 memset (&ivec, 0, sizeof(ivec));
907 des_cbc_encrypt((const void *)p,
908 (void *)p,
938 des_cbc_encrypt((des_cblock*)p,
939 (des_cblock*)p,
909 24,
910 key->schedule->data,
911 &ivec,
912 DES_ENCRYPT);
913}
914
915static krb5_error_code
916RSA_MD5_DES_verify(krb5_context context,
917 struct key_data *key,
940 24,
941 key->schedule->data,
942 &ivec,
943 DES_ENCRYPT);
944}
945
946static krb5_error_code
947RSA_MD5_DES_verify(krb5_context context,
948 struct key_data *key,
918 void *data,
949 const void *data,
919 size_t len,
950 size_t len,
951 unsigned usage,
920 Checksum *C)
921{
922 MD5_CTX md5;
923 unsigned char tmp[24];
924 unsigned char res[16];
925 des_cblock ivec;
926 des_key_schedule *sched = key->schedule->data;
927 krb5_error_code ret = 0;
928
929 memset(&ivec, 0, sizeof(ivec));
930 des_cbc_encrypt(C->checksum.data,
931 (void*)tmp,
932 C->checksum.length,
933 sched[0],
934 &ivec,
935 DES_DECRYPT);
952 Checksum *C)
953{
954 MD5_CTX md5;
955 unsigned char tmp[24];
956 unsigned char res[16];
957 des_cblock ivec;
958 des_key_schedule *sched = key->schedule->data;
959 krb5_error_code ret = 0;
960
961 memset(&ivec, 0, sizeof(ivec));
962 des_cbc_encrypt(C->checksum.data,
963 (void*)tmp,
964 C->checksum.length,
965 sched[0],
966 &ivec,
967 DES_DECRYPT);
936 MD5Init (&md5);
937 MD5Update (&md5, tmp, 8); /* confounder */
938 MD5Update (&md5, data, len);
939 MD5Final (res, &md5);
968 MD5_Init (&md5);
969 MD5_Update (&md5, tmp, 8); /* confounder */
970 MD5_Update (&md5, data, len);
971 MD5_Final (res, &md5);
940 if(memcmp(res, tmp + 8, sizeof(res)) != 0)
941 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
942 memset(tmp, 0, sizeof(tmp));
943 memset(res, 0, sizeof(res));
944 return ret;
945}
946
947static void
948RSA_MD5_DES3_checksum(krb5_context context,
949 struct key_data *key,
972 if(memcmp(res, tmp + 8, sizeof(res)) != 0)
973 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
974 memset(tmp, 0, sizeof(tmp));
975 memset(res, 0, sizeof(res));
976 return ret;
977}
978
979static void
980RSA_MD5_DES3_checksum(krb5_context context,
981 struct key_data *key,
950 void *data,
982 const void *data,
951 size_t len,
983 size_t len,
984 unsigned usage,
952 Checksum *C)
953{
954 MD5_CTX md5;
955 des_cblock ivec;
956 unsigned char *p = C->checksum.data;
957 des_key_schedule *sched = key->schedule->data;
958
959 krb5_generate_random_block(p, 8);
985 Checksum *C)
986{
987 MD5_CTX md5;
988 des_cblock ivec;
989 unsigned char *p = C->checksum.data;
990 des_key_schedule *sched = key->schedule->data;
991
992 krb5_generate_random_block(p, 8);
960 MD5Init (&md5);
961 MD5Update (&md5, p, 8);
962 MD5Update (&md5, data, len);
963 MD5Final (p + 8, &md5);
993 MD5_Init (&md5);
994 MD5_Update (&md5, p, 8);
995 MD5_Update (&md5, data, len);
996 MD5_Final (p + 8, &md5);
964 memset (&ivec, 0, sizeof(ivec));
997 memset (&ivec, 0, sizeof(ivec));
965 des_ede3_cbc_encrypt((const void *)p,
966 (void *)p,
998 des_ede3_cbc_encrypt((des_cblock*)p,
999 (des_cblock*)p,
967 24,
968 sched[0], sched[1], sched[2],
969 &ivec,
970 DES_ENCRYPT);
971}
972
973static krb5_error_code
974RSA_MD5_DES3_verify(krb5_context context,
975 struct key_data *key,
1000 24,
1001 sched[0], sched[1], sched[2],
1002 &ivec,
1003 DES_ENCRYPT);
1004}
1005
1006static krb5_error_code
1007RSA_MD5_DES3_verify(krb5_context context,
1008 struct key_data *key,
976 void *data,
1009 const void *data,
977 size_t len,
1010 size_t len,
1011 unsigned usage,
978 Checksum *C)
979{
980 MD5_CTX md5;
981 unsigned char tmp[24];
982 unsigned char res[16];
983 des_cblock ivec;
984 des_key_schedule *sched = key->schedule->data;
985 krb5_error_code ret = 0;
986
987 memset(&ivec, 0, sizeof(ivec));
988 des_ede3_cbc_encrypt(C->checksum.data,
989 (void*)tmp,
990 C->checksum.length,
991 sched[0], sched[1], sched[2],
992 &ivec,
993 DES_DECRYPT);
1012 Checksum *C)
1013{
1014 MD5_CTX md5;
1015 unsigned char tmp[24];
1016 unsigned char res[16];
1017 des_cblock ivec;
1018 des_key_schedule *sched = key->schedule->data;
1019 krb5_error_code ret = 0;
1020
1021 memset(&ivec, 0, sizeof(ivec));
1022 des_ede3_cbc_encrypt(C->checksum.data,
1023 (void*)tmp,
1024 C->checksum.length,
1025 sched[0], sched[1], sched[2],
1026 &ivec,
1027 DES_DECRYPT);
994 MD5Init (&md5);
995 MD5Update (&md5, tmp, 8); /* confounder */
996 MD5Update (&md5, data, len);
997 MD5Final (res, &md5);
1028 MD5_Init (&md5);
1029 MD5_Update (&md5, tmp, 8); /* confounder */
1030 MD5_Update (&md5, data, len);
1031 MD5_Final (res, &md5);
998 if(memcmp(res, tmp + 8, sizeof(res)) != 0)
999 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
1000 memset(tmp, 0, sizeof(tmp));
1001 memset(res, 0, sizeof(res));
1002 return ret;
1003}
1004
1005static void
1006SHA1_checksum(krb5_context context,
1007 struct key_data *key,
1032 if(memcmp(res, tmp + 8, sizeof(res)) != 0)
1033 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
1034 memset(tmp, 0, sizeof(tmp));
1035 memset(res, 0, sizeof(res));
1036 return ret;
1037}
1038
1039static void
1040SHA1_checksum(krb5_context context,
1041 struct key_data *key,
1008 void *data,
1042 const void *data,
1009 size_t len,
1043 size_t len,
1044 unsigned usage,
1010 Checksum *C)
1011{
1045 Checksum *C)
1046{
1012 SHA1_CTX m;
1047 SHA_CTX m;
1013
1048
1014 SHA_Init(&m);
1015 SHA_Update(&m, data, len);
1016 SHA_Final(C->checksum.data, &m);
1049 SHA1_Init(&m);
1050 SHA1_Update(&m, data, len);
1051 SHA1_Final(C->checksum.data, &m);
1017}
1018
1019/* HMAC according to RFC2104 */
1020static void
1021hmac(krb5_context context,
1022 struct checksum_type *cm,
1052}
1053
1054/* HMAC according to RFC2104 */
1055static void
1056hmac(krb5_context context,
1057 struct checksum_type *cm,
1023 void *data,
1058 const void *data,
1024 size_t len,
1059 size_t len,
1060 unsigned usage,
1025 struct key_data *keyblock,
1026 Checksum *result)
1027{
1028 unsigned char *ipad, *opad;
1029 unsigned char *key;
1030 size_t key_len;
1031 int i;
1032
1033 if(keyblock->key->keyvalue.length > cm->blocksize){
1034 (*cm->checksum)(context,
1035 keyblock,
1036 keyblock->key->keyvalue.data,
1037 keyblock->key->keyvalue.length,
1061 struct key_data *keyblock,
1062 Checksum *result)
1063{
1064 unsigned char *ipad, *opad;
1065 unsigned char *key;
1066 size_t key_len;
1067 int i;
1068
1069 if(keyblock->key->keyvalue.length > cm->blocksize){
1070 (*cm->checksum)(context,
1071 keyblock,
1072 keyblock->key->keyvalue.data,
1073 keyblock->key->keyvalue.length,
1074 usage,
1038 result);
1039 key = result->checksum.data;
1040 key_len = result->checksum.length;
1041 } else {
1042 key = keyblock->key->keyvalue.data;
1043 key_len = keyblock->key->keyvalue.length;
1044 }
1045 ipad = malloc(cm->blocksize + len);
1046 opad = malloc(cm->blocksize + cm->checksumsize);
1047 memset(ipad, 0x36, cm->blocksize);
1048 memset(opad, 0x5c, cm->blocksize);
1049 for(i = 0; i < key_len; i++){
1050 ipad[i] ^= key[i];
1051 opad[i] ^= key[i];
1052 }
1053 memcpy(ipad + cm->blocksize, data, len);
1075 result);
1076 key = result->checksum.data;
1077 key_len = result->checksum.length;
1078 } else {
1079 key = keyblock->key->keyvalue.data;
1080 key_len = keyblock->key->keyvalue.length;
1081 }
1082 ipad = malloc(cm->blocksize + len);
1083 opad = malloc(cm->blocksize + cm->checksumsize);
1084 memset(ipad, 0x36, cm->blocksize);
1085 memset(opad, 0x5c, cm->blocksize);
1086 for(i = 0; i < key_len; i++){
1087 ipad[i] ^= key[i];
1088 opad[i] ^= key[i];
1089 }
1090 memcpy(ipad + cm->blocksize, data, len);
1054 (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len, result);
1091 (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len,
1092 usage, result);
1055 memcpy(opad + cm->blocksize, result->checksum.data,
1056 result->checksum.length);
1057 (*cm->checksum)(context, keyblock, opad,
1093 memcpy(opad + cm->blocksize, result->checksum.data,
1094 result->checksum.length);
1095 (*cm->checksum)(context, keyblock, opad,
1058 cm->blocksize + cm->checksumsize, result);
1096 cm->blocksize + cm->checksumsize, usage, result);
1059 memset(ipad, 0, cm->blocksize + len);
1060 free(ipad);
1061 memset(opad, 0, cm->blocksize + cm->checksumsize);
1062 free(opad);
1063}
1064
1065static void
1066HMAC_SHA1_DES3_checksum(krb5_context context,
1067 struct key_data *key,
1097 memset(ipad, 0, cm->blocksize + len);
1098 free(ipad);
1099 memset(opad, 0, cm->blocksize + cm->checksumsize);
1100 free(opad);
1101}
1102
1103static void
1104HMAC_SHA1_DES3_checksum(krb5_context context,
1105 struct key_data *key,
1068 void *data,
1106 const void *data,
1069 size_t len,
1107 size_t len,
1108 unsigned usage,
1070 Checksum *result)
1071{
1072 struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1);
1073
1109 Checksum *result)
1110{
1111 struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1);
1112
1074 hmac(context, c, data, len, key, result);
1113 hmac(context, c, data, len, usage, key, result);
1075}
1076
1114}
1115
1116/*
1117 * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt
1118 */
1119
1120static void
1121HMAC_MD5_checksum(krb5_context context,
1122 struct key_data *key,
1123 const void *data,
1124 size_t len,
1125 unsigned usage,
1126 Checksum *result)
1127{
1128 MD5_CTX md5;
1129 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
1130 const char signature[] = "signaturekey";
1131 Checksum ksign_c;
1132 struct key_data ksign;
1133 krb5_keyblock kb;
1134 unsigned char t[4];
1135 unsigned char tmp[16];
1136 unsigned char ksign_c_data[16];
1137
1138 ksign_c.checksum.length = sizeof(ksign_c_data);
1139 ksign_c.checksum.data = ksign_c_data;
1140 hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c);
1141 ksign.key = &kb;
1142 kb.keyvalue = ksign_c.checksum;
1143 MD5_Init (&md5);
1144 t[0] = (usage >> 0) & 0xFF;
1145 t[1] = (usage >> 8) & 0xFF;
1146 t[2] = (usage >> 16) & 0xFF;
1147 t[3] = (usage >> 24) & 0xFF;
1148 MD5_Update (&md5, t, 4);
1149 MD5_Update (&md5, data, len);
1150 MD5_Final (tmp, &md5);
1151 hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result);
1152}
1153
1154/*
1155 * same as previous but being used while encrypting.
1156 */
1157
1158static void
1159HMAC_MD5_checksum_enc(krb5_context context,
1160 struct key_data *key,
1161 const void *data,
1162 size_t len,
1163 unsigned usage,
1164 Checksum *result)
1165{
1166 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
1167 Checksum ksign_c;
1168 struct key_data ksign;
1169 krb5_keyblock kb;
1170 unsigned char t[4];
1171 unsigned char ksign_c_data[16];
1172
1173 t[0] = (usage >> 0) & 0xFF;
1174 t[1] = (usage >> 8) & 0xFF;
1175 t[2] = (usage >> 16) & 0xFF;
1176 t[3] = (usage >> 24) & 0xFF;
1177
1178 ksign_c.checksum.length = sizeof(ksign_c_data);
1179 ksign_c.checksum.data = ksign_c_data;
1180 hmac(context, c, t, sizeof(t), 0, key, &ksign_c);
1181 ksign.key = &kb;
1182 kb.keyvalue = ksign_c.checksum;
1183 hmac(context, c, data, len, 0, &ksign, result);
1184}
1185
1077struct checksum_type checksum_none = {
1078 CKSUMTYPE_NONE,
1079 "none",
1080 1,
1081 0,
1082 0,
1083 NONE_checksum,
1084 NULL

--- 27 unchanged lines hidden (view full) ---

1112};
1113#if 0
1114struct checksum_type checksum_des_mac = {
1115 CKSUMTYPE_DES_MAC,
1116 "des-mac",
1117 0,
1118 0,
1119 0,
1186struct checksum_type checksum_none = {
1187 CKSUMTYPE_NONE,
1188 "none",
1189 1,
1190 0,
1191 0,
1192 NONE_checksum,
1193 NULL

--- 27 unchanged lines hidden (view full) ---

1221};
1222#if 0
1223struct checksum_type checksum_des_mac = {
1224 CKSUMTYPE_DES_MAC,
1225 "des-mac",
1226 0,
1227 0,
1228 0,
1120 DES_MAC_checksum,
1229 DES_MAC_checksum
1121};
1122struct checksum_type checksum_des_mac_k = {
1123 CKSUMTYPE_DES_MAC_K,
1124 "des-mac-k",
1125 0,
1126 0,
1127 0,
1230};
1231struct checksum_type checksum_des_mac_k = {
1232 CKSUMTYPE_DES_MAC_K,
1233 "des-mac-k",
1234 0,
1235 0,
1236 0,
1128 DES_MAC_K_checksum,
1237 DES_MAC_K_checksum
1129};
1130struct checksum_type checksum_rsa_md4_des_k = {
1131 CKSUMTYPE_RSA_MD4_DES_K,
1132 "rsa-md4-des-k",
1133 0,
1134 0,
1135 0,
1238};
1239struct checksum_type checksum_rsa_md4_des_k = {
1240 CKSUMTYPE_RSA_MD4_DES_K,
1241 "rsa-md4-des-k",
1242 0,
1243 0,
1244 0,
1136 RSA_MD4_DES_K_checksum,
1137 RSA_MD4_DES_K_verify,
1245 RSA_MD4_DES_K_checksum,
1246 RSA_MD4_DES_K_verify
1138};
1139#endif
1140struct checksum_type checksum_rsa_md5 = {
1141 CKSUMTYPE_RSA_MD5,
1142 "rsa-md5",
1143 64,
1144 16,
1145 F_CPROOF,
1146 RSA_MD5_checksum,
1147 NULL
1148};
1149struct checksum_type checksum_rsa_md5_des = {
1150 CKSUMTYPE_RSA_MD5_DES,
1151 "rsa-md5-des",
1152 64,
1153 24,
1154 F_KEYED | F_CPROOF | F_VARIANT,
1155 RSA_MD5_DES_checksum,
1247};
1248#endif
1249struct checksum_type checksum_rsa_md5 = {
1250 CKSUMTYPE_RSA_MD5,
1251 "rsa-md5",
1252 64,
1253 16,
1254 F_CPROOF,
1255 RSA_MD5_checksum,
1256 NULL
1257};
1258struct checksum_type checksum_rsa_md5_des = {
1259 CKSUMTYPE_RSA_MD5_DES,
1260 "rsa-md5-des",
1261 64,
1262 24,
1263 F_KEYED | F_CPROOF | F_VARIANT,
1264 RSA_MD5_DES_checksum,
1156 RSA_MD5_DES_verify,
1265 RSA_MD5_DES_verify
1157};
1158struct checksum_type checksum_rsa_md5_des3 = {
1159 CKSUMTYPE_RSA_MD5_DES3,
1160 "rsa-md5-des3",
1161 64,
1162 24,
1163 F_KEYED | F_CPROOF | F_VARIANT,
1164 RSA_MD5_DES3_checksum,
1266};
1267struct checksum_type checksum_rsa_md5_des3 = {
1268 CKSUMTYPE_RSA_MD5_DES3,
1269 "rsa-md5-des3",
1270 64,
1271 24,
1272 F_KEYED | F_CPROOF | F_VARIANT,
1273 RSA_MD5_DES3_checksum,
1165 RSA_MD5_DES3_verify,
1274 RSA_MD5_DES3_verify
1166};
1167struct checksum_type checksum_sha1 = {
1168 CKSUMTYPE_SHA1,
1169 "sha1",
1170 64,
1171 20,
1172 F_CPROOF,
1173 SHA1_checksum,

--- 4 unchanged lines hidden (view full) ---

1178 "hmac-sha1-des3",
1179 64,
1180 20,
1181 F_KEYED | F_CPROOF | F_DERIVED,
1182 HMAC_SHA1_DES3_checksum,
1183 NULL
1184};
1185
1275};
1276struct checksum_type checksum_sha1 = {
1277 CKSUMTYPE_SHA1,
1278 "sha1",
1279 64,
1280 20,
1281 F_CPROOF,
1282 SHA1_checksum,

--- 4 unchanged lines hidden (view full) ---

1287 "hmac-sha1-des3",
1288 64,
1289 20,
1290 F_KEYED | F_CPROOF | F_DERIVED,
1291 HMAC_SHA1_DES3_checksum,
1292 NULL
1293};
1294
1295struct checksum_type checksum_hmac_md5 = {
1296 CKSUMTYPE_HMAC_MD5,
1297 "hmac-md5",
1298 64,
1299 16,
1300 F_KEYED | F_CPROOF,
1301 HMAC_MD5_checksum,
1302 NULL
1303};
1304
1305struct checksum_type checksum_hmac_md5_enc = {
1306 CKSUMTYPE_HMAC_MD5_ENC,
1307 "hmac-md5-enc",
1308 64,
1309 16,
1310 F_KEYED | F_CPROOF | F_PSEUDO,
1311 HMAC_MD5_checksum_enc,
1312 NULL
1313};
1314
1186struct checksum_type *checksum_types[] = {
1187 &checksum_none,
1188 &checksum_crc32,
1189 &checksum_rsa_md4,
1190 &checksum_rsa_md4_des,
1191#if 0
1192 &checksum_des_mac,
1193 &checksum_des_mac_k,
1194 &checksum_rsa_md4_des_k,
1195#endif
1196 &checksum_rsa_md5,
1197 &checksum_rsa_md5_des,
1198 &checksum_rsa_md5_des3,
1199 &checksum_sha1,
1315struct checksum_type *checksum_types[] = {
1316 &checksum_none,
1317 &checksum_crc32,
1318 &checksum_rsa_md4,
1319 &checksum_rsa_md4_des,
1320#if 0
1321 &checksum_des_mac,
1322 &checksum_des_mac_k,
1323 &checksum_rsa_md4_des_k,
1324#endif
1325 &checksum_rsa_md5,
1326 &checksum_rsa_md5_des,
1327 &checksum_rsa_md5_des3,
1328 &checksum_sha1,
1200 &checksum_hmac_sha1_des3
1329 &checksum_hmac_sha1_des3,
1330 &checksum_hmac_md5,
1331 &checksum_hmac_md5_enc
1201};
1202
1203static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]);
1204
1205static struct checksum_type *
1206_find_checksum(krb5_cksumtype type)
1207{
1208 int i;

--- 44 unchanged lines hidden (view full) ---

1253{
1254 krb5_error_code ret;
1255 struct key_data *dkey;
1256 int keyed_checksum;
1257
1258 keyed_checksum = (ct->flags & F_KEYED) != 0;
1259 if(keyed_checksum && crypto == NULL)
1260 return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
1332};
1333
1334static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]);
1335
1336static struct checksum_type *
1337_find_checksum(krb5_cksumtype type)
1338{
1339 int i;

--- 44 unchanged lines hidden (view full) ---

1384{
1385 krb5_error_code ret;
1386 struct key_data *dkey;
1387 int keyed_checksum;
1388
1389 keyed_checksum = (ct->flags & F_KEYED) != 0;
1390 if(keyed_checksum && crypto == NULL)
1391 return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
1261 if(keyed_checksum)
1392 if(keyed_checksum) {
1262 ret = get_checksum_key(context, crypto, usage, ct, &dkey);
1393 ret = get_checksum_key(context, crypto, usage, ct, &dkey);
1263 else
1394 if (ret)
1395 return ret;
1396 } else
1264 dkey = NULL;
1265 result->cksumtype = ct->type;
1266 krb5_data_alloc(&result->checksum, ct->checksumsize);
1397 dkey = NULL;
1398 result->cksumtype = ct->type;
1399 krb5_data_alloc(&result->checksum, ct->checksumsize);
1267 (*ct->checksum)(context, dkey, data, len, result);
1400 (*ct->checksum)(context, dkey, data, len, usage, result);
1268 return 0;
1269}
1270
1271static krb5_error_code
1272create_checksum(krb5_context context,
1273 krb5_crypto crypto,
1274 unsigned usage, /* not krb5_key_usage */
1275 krb5_cksumtype type, /* if crypto == NULL */

--- 49 unchanged lines hidden (view full) ---

1325 keyed_checksum = (ct->flags & F_KEYED) != 0;
1326 if(keyed_checksum && crypto == NULL)
1327 return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
1328 if(keyed_checksum)
1329 ret = get_checksum_key(context, crypto, usage, ct, &dkey);
1330 else
1331 dkey = NULL;
1332 if(ct->verify)
1401 return 0;
1402}
1403
1404static krb5_error_code
1405create_checksum(krb5_context context,
1406 krb5_crypto crypto,
1407 unsigned usage, /* not krb5_key_usage */
1408 krb5_cksumtype type, /* if crypto == NULL */

--- 49 unchanged lines hidden (view full) ---

1458 keyed_checksum = (ct->flags & F_KEYED) != 0;
1459 if(keyed_checksum && crypto == NULL)
1460 return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
1461 if(keyed_checksum)
1462 ret = get_checksum_key(context, crypto, usage, ct, &dkey);
1463 else
1464 dkey = NULL;
1465 if(ct->verify)
1333 return (*ct->verify)(context, dkey, data, len, cksum);
1466 return (*ct->verify)(context, dkey, data, len, usage, cksum);
1334
1335 ret = krb5_data_alloc (&c.checksum, ct->checksumsize);
1336 if (ret)
1337 return ret;
1338
1467
1468 ret = krb5_data_alloc (&c.checksum, ct->checksumsize);
1469 if (ret)
1470 return ret;
1471
1339 (*ct->checksum)(context, dkey, data, len, &c);
1472 (*ct->checksum)(context, dkey, data, len, usage, &c);
1340
1341 if(c.checksum.length != cksum->checksum.length ||
1342 memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length))
1343 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
1344 else
1345 ret = 0;
1346 krb5_data_free (&c.checksum);
1347 return ret;

--- 42 unchanged lines hidden (view full) ---

1390 return KRB5_PROG_SUMTYPE_NOSUPP;
1391 return ct->flags & F_CPROOF;
1392}
1393
1394/************************************************************
1395 * *
1396 ************************************************************/
1397
1473
1474 if(c.checksum.length != cksum->checksum.length ||
1475 memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length))
1476 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
1477 else
1478 ret = 0;
1479 krb5_data_free (&c.checksum);
1480 return ret;

--- 42 unchanged lines hidden (view full) ---

1523 return KRB5_PROG_SUMTYPE_NOSUPP;
1524 return ct->flags & F_CPROOF;
1525}
1526
1527/************************************************************
1528 * *
1529 ************************************************************/
1530
1398static void
1531static krb5_error_code
1399NULL_encrypt(struct key_data *key,
1400 void *data,
1401 size_t len,
1532NULL_encrypt(struct key_data *key,
1533 void *data,
1534 size_t len,
1402 krb5_boolean encrypt)
1535 krb5_boolean encrypt,
1536 int usage,
1537 void *ivec)
1403{
1538{
1539 return 0;
1404}
1405
1540}
1541
1406static void
1542static krb5_error_code
1407DES_CBC_encrypt_null_ivec(struct key_data *key,
1408 void *data,
1409 size_t len,
1543DES_CBC_encrypt_null_ivec(struct key_data *key,
1544 void *data,
1545 size_t len,
1410 krb5_boolean encrypt)
1546 krb5_boolean encrypt,
1547 int usage,
1548 void *ignore_ivec)
1411{
1412 des_cblock ivec;
1413 des_key_schedule *s = key->schedule->data;
1414 memset(&ivec, 0, sizeof(ivec));
1415 des_cbc_encrypt(data, data, len, *s, &ivec, encrypt);
1549{
1550 des_cblock ivec;
1551 des_key_schedule *s = key->schedule->data;
1552 memset(&ivec, 0, sizeof(ivec));
1553 des_cbc_encrypt(data, data, len, *s, &ivec, encrypt);
1554 return 0;
1416}
1417
1555}
1556
1418static void
1557static krb5_error_code
1419DES_CBC_encrypt_key_ivec(struct key_data *key,
1420 void *data,
1421 size_t len,
1558DES_CBC_encrypt_key_ivec(struct key_data *key,
1559 void *data,
1560 size_t len,
1422 krb5_boolean encrypt)
1561 krb5_boolean encrypt,
1562 int usage,
1563 void *ignore_ivec)
1423{
1424 des_cblock ivec;
1425 des_key_schedule *s = key->schedule->data;
1426 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
1427 des_cbc_encrypt(data, data, len, *s, &ivec, encrypt);
1564{
1565 des_cblock ivec;
1566 des_key_schedule *s = key->schedule->data;
1567 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
1568 des_cbc_encrypt(data, data, len, *s, &ivec, encrypt);
1569 return 0;
1428}
1429
1570}
1571
1430static void
1572static krb5_error_code
1431DES3_CBC_encrypt(struct key_data *key,
1432 void *data,
1433 size_t len,
1573DES3_CBC_encrypt(struct key_data *key,
1574 void *data,
1575 size_t len,
1434 krb5_boolean encrypt)
1576 krb5_boolean encrypt,
1577 int usage,
1578 void *ignore_ivec)
1435{
1436 des_cblock ivec;
1437 des_key_schedule *s = key->schedule->data;
1438 memset(&ivec, 0, sizeof(ivec));
1439 des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], &ivec, encrypt);
1579{
1580 des_cblock ivec;
1581 des_key_schedule *s = key->schedule->data;
1582 memset(&ivec, 0, sizeof(ivec));
1583 des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], &ivec, encrypt);
1584 return 0;
1440}
1441
1585}
1586
1442static void
1587static krb5_error_code
1588DES3_CBC_encrypt_ivec(struct key_data *key,
1589 void *data,
1590 size_t len,
1591 krb5_boolean encrypt,
1592 int usage,
1593 void *ivec)
1594{
1595 des_key_schedule *s = key->schedule->data;
1596
1597 des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], ivec, encrypt);
1598 return 0;
1599}
1600
1601static krb5_error_code
1602DES_CFB64_encrypt_null_ivec(struct key_data *key,
1603 void *data,
1604 size_t len,
1605 krb5_boolean encrypt,
1606 int usage,
1607 void *ignore_ivec)
1608{
1609 des_cblock ivec;
1610 int num = 0;
1611 des_key_schedule *s = key->schedule->data;
1612 memset(&ivec, 0, sizeof(ivec));
1613
1614 des_cfb64_encrypt(data, data, len, *s, &ivec, &num, encrypt);
1615 return 0;
1616}
1617
1618static krb5_error_code
1619DES_PCBC_encrypt_key_ivec(struct key_data *key,
1620 void *data,
1621 size_t len,
1622 krb5_boolean encrypt,
1623 int usage,
1624 void *ignore_ivec)
1625{
1626 des_cblock ivec;
1627 des_key_schedule *s = key->schedule->data;
1628 memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
1629
1630 des_pcbc_encrypt(data, data, len, *s, &ivec, encrypt);
1631 return 0;
1632}
1633
1634/*
1635 * section 6 of draft-brezak-win2k-krb-rc4-hmac-03
1636 *
1637 * warning: not for small children
1638 */
1639
1640static krb5_error_code
1641ARCFOUR_subencrypt(struct key_data *key,
1642 void *data,
1643 size_t len,
1644 int usage,
1645 void *ivec)
1646{
1647 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
1648 Checksum k1_c, k2_c, k3_c, cksum;
1649 struct key_data ke;
1650 krb5_keyblock kb;
1651 unsigned char t[4];
1652 RC4_KEY rc4_key;
1653 char *cdata = (char *)data;
1654 unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
1655
1656 t[0] = (usage >> 0) & 0xFF;
1657 t[1] = (usage >> 8) & 0xFF;
1658 t[2] = (usage >> 16) & 0xFF;
1659 t[3] = (usage >> 24) & 0xFF;
1660
1661 k1_c.checksum.length = sizeof(k1_c_data);
1662 k1_c.checksum.data = k1_c_data;
1663
1664 hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
1665
1666 memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
1667
1668 k2_c.checksum.length = sizeof(k2_c_data);
1669 k2_c.checksum.data = k2_c_data;
1670
1671 ke.key = &kb;
1672 kb.keyvalue = k2_c.checksum;
1673
1674 cksum.checksum.length = 16;
1675 cksum.checksum.data = data;
1676
1677 hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
1678
1679 ke.key = &kb;
1680 kb.keyvalue = k1_c.checksum;
1681
1682 k3_c.checksum.length = sizeof(k3_c_data);
1683 k3_c.checksum.data = k3_c_data;
1684
1685 hmac(NULL, c, data, 16, 0, &ke, &k3_c);
1686
1687 RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
1688 RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
1689 memset (k1_c_data, 0, sizeof(k1_c_data));
1690 memset (k2_c_data, 0, sizeof(k2_c_data));
1691 memset (k3_c_data, 0, sizeof(k3_c_data));
1692 return 0;
1693}
1694
1695static krb5_error_code
1696ARCFOUR_subdecrypt(struct key_data *key,
1697 void *data,
1698 size_t len,
1699 int usage,
1700 void *ivec)
1701{
1702 struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
1703 Checksum k1_c, k2_c, k3_c, cksum;
1704 struct key_data ke;
1705 krb5_keyblock kb;
1706 unsigned char t[4];
1707 RC4_KEY rc4_key;
1708 char *cdata = (char *)data;
1709 unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
1710 unsigned char cksum_data[16];
1711
1712 t[0] = (usage >> 0) & 0xFF;
1713 t[1] = (usage >> 8) & 0xFF;
1714 t[2] = (usage >> 16) & 0xFF;
1715 t[3] = (usage >> 24) & 0xFF;
1716
1717 k1_c.checksum.length = sizeof(k1_c_data);
1718 k1_c.checksum.data = k1_c_data;
1719
1720 hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
1721
1722 memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
1723
1724 k2_c.checksum.length = sizeof(k2_c_data);
1725 k2_c.checksum.data = k2_c_data;
1726
1727 ke.key = &kb;
1728 kb.keyvalue = k1_c.checksum;
1729
1730 k3_c.checksum.length = sizeof(k3_c_data);
1731 k3_c.checksum.data = k3_c_data;
1732
1733 hmac(NULL, c, cdata, 16, 0, &ke, &k3_c);
1734
1735 RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
1736 RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
1737
1738 ke.key = &kb;
1739 kb.keyvalue = k2_c.checksum;
1740
1741 cksum.checksum.length = 16;
1742 cksum.checksum.data = cksum_data;
1743
1744 hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
1745
1746 memset (k1_c_data, 0, sizeof(k1_c_data));
1747 memset (k2_c_data, 0, sizeof(k2_c_data));
1748 memset (k3_c_data, 0, sizeof(k3_c_data));
1749
1750 if (memcmp (cksum.checksum.data, data, 16) != 0)
1751 return KRB5KRB_AP_ERR_BAD_INTEGRITY;
1752 else
1753 return 0;
1754}
1755
1756/*
1757 * convert the usage numbers used in
1758 * draft-ietf-cat-kerb-key-derivation-00.txt to the ones in
1759 * draft-brezak-win2k-krb-rc4-hmac-03.txt
1760 */
1761
1762static int
1763usage2arcfour (int usage)
1764{
1765 switch (usage) {
1766 case KRB5_KU_PA_ENC_TIMESTAMP :
1767 return 1;
1768 case KRB5_KU_TICKET :
1769 return 8;
1770 case KRB5_KU_AS_REP_ENC_PART :
1771 return 8;
1772 case KRB5_KU_TGS_REQ_AUTH_DAT_SESSION :
1773 case KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY :
1774 case KRB5_KU_TGS_REQ_AUTH_CKSUM :
1775 case KRB5_KU_TGS_REQ_AUTH :
1776 return 7;
1777 case KRB5_KU_TGS_REP_ENC_PART_SESSION :
1778 case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY :
1779 return 8;
1780 case KRB5_KU_AP_REQ_AUTH_CKSUM :
1781 case KRB5_KU_AP_REQ_AUTH :
1782 case KRB5_KU_AP_REQ_ENC_PART :
1783 return 11;
1784 case KRB5_KU_KRB_PRIV :
1785 return 0;
1786 case KRB5_KU_KRB_CRED :
1787 case KRB5_KU_KRB_SAFE_CKSUM :
1788 case KRB5_KU_OTHER_ENCRYPTED :
1789 case KRB5_KU_OTHER_CKSUM :
1790 case KRB5_KU_KRB_ERROR :
1791 case KRB5_KU_AD_KDC_ISSUED :
1792 case KRB5_KU_MANDATORY_TICKET_EXTENSION :
1793 case KRB5_KU_AUTH_DATA_TICKET_EXTENSION :
1794 case KRB5_KU_USAGE_SEAL :
1795 case KRB5_KU_USAGE_SIGN :
1796 case KRB5_KU_USAGE_SEQ :
1797 default :
1798 abort ();
1799 }
1800}
1801
1802static krb5_error_code
1443ARCFOUR_encrypt(struct key_data *key,
1444 void *data,
1445 size_t len,
1803ARCFOUR_encrypt(struct key_data *key,
1804 void *data,
1805 size_t len,
1446 krb5_boolean encrypt)
1806 krb5_boolean encrypt,
1807 int usage,
1808 void *ivec)
1447{
1809{
1810 usage = usage2arcfour (usage);
1448
1811
1812 if (encrypt)
1813 return ARCFOUR_subencrypt (key, data, len, usage, ivec);
1814 else
1815 return ARCFOUR_subdecrypt (key, data, len, usage, ivec);
1449}
1450
1816}
1817
1818
1451/*
1452 * these should currently be in reverse preference order.
1819/*
1820 * these should currently be in reverse preference order.
1453 */
1821 * (only relevant for !F_PSEUDO) */
1454
1455static struct encryption_type etypes[] = {
1456 {
1457 ETYPE_NULL,
1458 "null",
1459 1,
1460 0,
1461 &keytype_null,

--- 30 unchanged lines hidden (view full) ---

1492 8,
1493 8,
1494 &keytype_des,
1495 &checksum_rsa_md5,
1496 &checksum_rsa_md5_des,
1497 0,
1498 DES_CBC_encrypt_null_ivec,
1499 },
1822
1823static struct encryption_type etypes[] = {
1824 {
1825 ETYPE_NULL,
1826 "null",
1827 1,
1828 0,
1829 &keytype_null,

--- 30 unchanged lines hidden (view full) ---

1860 8,
1861 8,
1862 &keytype_des,
1863 &checksum_rsa_md5,
1864 &checksum_rsa_md5_des,
1865 0,
1866 DES_CBC_encrypt_null_ivec,
1867 },
1868 {
1869 ETYPE_ARCFOUR_HMAC_MD5,
1870 "arcfour-hmac-md5",
1871 1,
1872 8,
1873 &keytype_arcfour,
1874 &checksum_hmac_md5_enc,
1875 &checksum_hmac_md5_enc,
1876 F_SPECIAL,
1877 ARCFOUR_encrypt
1878 },
1500 {
1501 ETYPE_DES3_CBC_MD5,
1502 "des3-cbc-md5",
1503 8,
1504 8,
1505 &keytype_des3,
1506 &checksum_rsa_md5,
1507 &checksum_rsa_md5_des3,

--- 29 unchanged lines hidden (view full) ---

1537 0,
1538 &keytype_des,
1539 &checksum_none,
1540 NULL,
1541 F_PSEUDO,
1542 DES_CBC_encrypt_null_ivec,
1543 },
1544 {
1879 {
1880 ETYPE_DES3_CBC_MD5,
1881 "des3-cbc-md5",
1882 8,
1883 8,
1884 &keytype_des3,
1885 &checksum_rsa_md5,
1886 &checksum_rsa_md5_des3,

--- 29 unchanged lines hidden (view full) ---

1916 0,
1917 &keytype_des,
1918 &checksum_none,
1919 NULL,
1920 F_PSEUDO,
1921 DES_CBC_encrypt_null_ivec,
1922 },
1923 {
1924 ETYPE_DES_CFB64_NONE,
1925 "des-cfb64-none",
1926 1,
1927 0,
1928 &keytype_des,
1929 &checksum_none,
1930 NULL,
1931 F_PSEUDO,
1932 DES_CFB64_encrypt_null_ivec,
1933 },
1934 {
1935 ETYPE_DES_PCBC_NONE,
1936 "des-pcbc-none",
1937 8,
1938 0,
1939 &keytype_des,
1940 &checksum_none,
1941 NULL,
1942 F_PSEUDO,
1943 DES_PCBC_encrypt_key_ivec,
1944 },
1945 {
1545 ETYPE_DES3_CBC_NONE,
1546 "des3-cbc-none",
1547 8,
1548 0,
1549 &keytype_des3_derived,
1550 &checksum_none,
1551 NULL,
1552 F_PSEUDO,
1946 ETYPE_DES3_CBC_NONE,
1947 "des3-cbc-none",
1948 8,
1949 0,
1950 &keytype_des3_derived,
1951 &checksum_none,
1952 NULL,
1953 F_PSEUDO,
1553 DES_CBC_encrypt_null_ivec,
1954 DES3_CBC_encrypt,
1554 },
1955 },
1956 {
1957 ETYPE_DES3_CBC_NONE_IVEC,
1958 "des3-cbc-none-ivec",
1959 8,
1960 0,
1961 &keytype_des3_derived,
1962 &checksum_none,
1963 NULL,
1964 F_PSEUDO,
1965 DES3_CBC_encrypt_ivec,
1966 }
1555};
1556
1557static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]);
1558
1559
1560static struct encryption_type *
1561_find_enctype(krb5_enctype type)
1562{

--- 139 unchanged lines hidden (view full) ---

1702
1703static krb5_boolean
1704derived_crypto(krb5_context context,
1705 krb5_crypto crypto)
1706{
1707 return (crypto->et->flags & F_DERIVED) != 0;
1708}
1709
1967};
1968
1969static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]);
1970
1971
1972static struct encryption_type *
1973_find_enctype(krb5_enctype type)
1974{

--- 139 unchanged lines hidden (view full) ---

2114
2115static krb5_boolean
2116derived_crypto(krb5_context context,
2117 krb5_crypto crypto)
2118{
2119 return (crypto->et->flags & F_DERIVED) != 0;
2120}
2121
2122static krb5_boolean
2123special_crypto(krb5_context context,
2124 krb5_crypto crypto)
2125{
2126 return (crypto->et->flags & F_SPECIAL) != 0;
2127}
1710
1711#define CHECKSUMSIZE(C) ((C)->checksumsize)
1712#define CHECKSUMTYPE(C) ((C)->type)
1713
1714static krb5_error_code
1715encrypt_internal_derived(krb5_context context,
1716 krb5_crypto crypto,
1717 unsigned usage,
1718 void *data,
1719 size_t len,
2128
2129#define CHECKSUMSIZE(C) ((C)->checksumsize)
2130#define CHECKSUMTYPE(C) ((C)->type)
2131
2132static krb5_error_code
2133encrypt_internal_derived(krb5_context context,
2134 krb5_crypto crypto,
2135 unsigned usage,
2136 void *data,
2137 size_t len,
1720 krb5_data *result)
2138 krb5_data *result,
2139 void *ivec)
1721{
1722 size_t sz, block_sz, checksum_sz;
1723 Checksum cksum;
1724 unsigned char *p, *q;
1725 krb5_error_code ret;
1726 struct key_data *dkey;
1727 struct encryption_type *et = crypto->et;
1728

--- 12 unchanged lines hidden (view full) ---

1741
1742 ret = create_checksum(context,
1743 crypto,
1744 INTEGRITY_USAGE(usage),
1745 0,
1746 p,
1747 block_sz,
1748 &cksum);
2140{
2141 size_t sz, block_sz, checksum_sz;
2142 Checksum cksum;
2143 unsigned char *p, *q;
2144 krb5_error_code ret;
2145 struct key_data *dkey;
2146 struct encryption_type *et = crypto->et;
2147

--- 12 unchanged lines hidden (view full) ---

2160
2161 ret = create_checksum(context,
2162 crypto,
2163 INTEGRITY_USAGE(usage),
2164 0,
2165 p,
2166 block_sz,
2167 &cksum);
1749 if(ret == 0 && cksum.checksum.length != checksum_sz)
1750 ret = KRB5_CRYPTO_INTERNAL;
2168 if(ret == 0 && cksum.checksum.length != checksum_sz) {
2169 free_Checksum (&cksum);
2170 ret = KRB5_CRYPTO_INTERNAL;
2171 }
1751 if(ret) {
1752 memset(p, 0, block_sz + checksum_sz);
1753 free(p);
1754 return ret;
1755 }
1756 memcpy(p + block_sz, cksum.checksum.data, cksum.checksum.length);
2172 if(ret) {
2173 memset(p, 0, block_sz + checksum_sz);
2174 free(p);
2175 return ret;
2176 }
2177 memcpy(p + block_sz, cksum.checksum.data, cksum.checksum.length);
2178 free_Checksum (&cksum);
1757 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
1758 if(ret) {
1759 memset(p, 0, block_sz + checksum_sz);
1760 free(p);
1761 return ret;
1762 }
1763 ret = _key_schedule(context, dkey);
1764 if(ret) {
1765 memset(p, 0, block_sz);
1766 free(p);
1767 return ret;
1768 }
1769#ifdef CRYPTO_DEBUG
1770 krb5_crypto_debug(context, 1, block_sz, dkey->key);
1771#endif
2179 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
2180 if(ret) {
2181 memset(p, 0, block_sz + checksum_sz);
2182 free(p);
2183 return ret;
2184 }
2185 ret = _key_schedule(context, dkey);
2186 if(ret) {
2187 memset(p, 0, block_sz);
2188 free(p);
2189 return ret;
2190 }
2191#ifdef CRYPTO_DEBUG
2192 krb5_crypto_debug(context, 1, block_sz, dkey->key);
2193#endif
1772 (*et->encrypt)(dkey, p, block_sz, 1);
2194 (*et->encrypt)(dkey, p, block_sz, 1, usage, ivec);
1773 result->data = p;
1774 result->length = block_sz + checksum_sz;
1775 return 0;
1776}
1777
1778static krb5_error_code
1779encrypt_internal(krb5_context context,
1780 krb5_crypto crypto,
1781 void *data,
1782 size_t len,
2195 result->data = p;
2196 result->length = block_sz + checksum_sz;
2197 return 0;
2198}
2199
2200static krb5_error_code
2201encrypt_internal(krb5_context context,
2202 krb5_crypto crypto,
2203 void *data,
2204 size_t len,
1783 krb5_data *result)
2205 krb5_data *result,
2206 void *ivec)
1784{
1785 size_t sz, block_sz, checksum_sz;
1786 Checksum cksum;
1787 unsigned char *p, *q;
1788 krb5_error_code ret;
1789 struct encryption_type *et = crypto->et;
1790
1791 checksum_sz = CHECKSUMSIZE(et->cksumtype);

--- 34 unchanged lines hidden (view full) ---

1826 if(ret) {
1827 memset(p, 0, block_sz);
1828 free(p);
1829 return ret;
1830 }
1831#ifdef CRYPTO_DEBUG
1832 krb5_crypto_debug(context, 1, block_sz, crypto->key.key);
1833#endif
2207{
2208 size_t sz, block_sz, checksum_sz;
2209 Checksum cksum;
2210 unsigned char *p, *q;
2211 krb5_error_code ret;
2212 struct encryption_type *et = crypto->et;
2213
2214 checksum_sz = CHECKSUMSIZE(et->cksumtype);

--- 34 unchanged lines hidden (view full) ---

2249 if(ret) {
2250 memset(p, 0, block_sz);
2251 free(p);
2252 return ret;
2253 }
2254#ifdef CRYPTO_DEBUG
2255 krb5_crypto_debug(context, 1, block_sz, crypto->key.key);
2256#endif
1834 (*et->encrypt)(&crypto->key, p, block_sz, 1);
2257 (*et->encrypt)(&crypto->key, p, block_sz, 1, 0, ivec);
1835 result->data = p;
1836 result->length = block_sz;
1837 return 0;
1838}
1839
1840static krb5_error_code
2258 result->data = p;
2259 result->length = block_sz;
2260 return 0;
2261}
2262
2263static krb5_error_code
2264encrypt_internal_special(krb5_context context,
2265 krb5_crypto crypto,
2266 int usage,
2267 void *data,
2268 size_t len,
2269 krb5_data *result,
2270 void *ivec)
2271{
2272 struct encryption_type *et = crypto->et;
2273 size_t cksum_sz = CHECKSUMSIZE(et->cksumtype);
2274 size_t sz = len + cksum_sz + et->confoundersize;
2275 char *tmp, *p;
2276
2277 tmp = malloc (sz);
2278 if (tmp == NULL)
2279 return ENOMEM;
2280 p = tmp;
2281 memset (p, 0, cksum_sz);
2282 p += cksum_sz;
2283 krb5_generate_random_block(p, et->confoundersize);
2284 p += et->confoundersize;
2285 memcpy (p, data, len);
2286 (*et->encrypt)(&crypto->key, tmp, sz, TRUE, usage, ivec);
2287 result->data = tmp;
2288 result->length = sz;
2289 return 0;
2290}
2291
2292static krb5_error_code
1841decrypt_internal_derived(krb5_context context,
1842 krb5_crypto crypto,
1843 unsigned usage,
1844 void *data,
1845 size_t len,
2293decrypt_internal_derived(krb5_context context,
2294 krb5_crypto crypto,
2295 unsigned usage,
2296 void *data,
2297 size_t len,
1846 krb5_data *result)
2298 krb5_data *result,
2299 void *ivec)
1847{
1848 size_t checksum_sz;
1849 Checksum cksum;
1850 unsigned char *p;
1851 krb5_error_code ret;
1852 struct key_data *dkey;
1853 struct encryption_type *et = crypto->et;
1854 unsigned long l;
1855
2300{
2301 size_t checksum_sz;
2302 Checksum cksum;
2303 unsigned char *p;
2304 krb5_error_code ret;
2305 struct key_data *dkey;
2306 struct encryption_type *et = crypto->et;
2307 unsigned long l;
2308
2309 checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
2310 if (len < checksum_sz)
2311 return EINVAL; /* better error code? */
2312
1856 p = malloc(len);
1857 if(len != 0 && p == NULL)
1858 return ENOMEM;
1859 memcpy(p, data, len);
1860
2313 p = malloc(len);
2314 if(len != 0 && p == NULL)
2315 return ENOMEM;
2316 memcpy(p, data, len);
2317
1861 checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
1862 len -= checksum_sz;
1863
1864 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
1865 if(ret) {
1866 free(p);
1867 return ret;
1868 }
1869 ret = _key_schedule(context, dkey);
1870 if(ret) {
1871 free(p);
1872 return ret;
1873 }
1874#ifdef CRYPTO_DEBUG
1875 krb5_crypto_debug(context, 0, len, dkey->key);
1876#endif
2318 len -= checksum_sz;
2319
2320 ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
2321 if(ret) {
2322 free(p);
2323 return ret;
2324 }
2325 ret = _key_schedule(context, dkey);
2326 if(ret) {
2327 free(p);
2328 return ret;
2329 }
2330#ifdef CRYPTO_DEBUG
2331 krb5_crypto_debug(context, 0, len, dkey->key);
2332#endif
1877 (*et->encrypt)(dkey, p, len, 0);
2333 (*et->encrypt)(dkey, p, len, 0, usage, ivec);
1878
1879 cksum.checksum.data = p + len;
1880 cksum.checksum.length = checksum_sz;
1881 cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum);
1882
1883 ret = verify_checksum(context,
1884 crypto,
1885 INTEGRITY_USAGE(usage),

--- 15 unchanged lines hidden (view full) ---

1901 return 0;
1902}
1903
1904static krb5_error_code
1905decrypt_internal(krb5_context context,
1906 krb5_crypto crypto,
1907 void *data,
1908 size_t len,
2334
2335 cksum.checksum.data = p + len;
2336 cksum.checksum.length = checksum_sz;
2337 cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum);
2338
2339 ret = verify_checksum(context,
2340 crypto,
2341 INTEGRITY_USAGE(usage),

--- 15 unchanged lines hidden (view full) ---

2357 return 0;
2358}
2359
2360static krb5_error_code
2361decrypt_internal(krb5_context context,
2362 krb5_crypto crypto,
2363 void *data,
2364 size_t len,
1909 krb5_data *result)
2365 krb5_data *result,
2366 void *ivec)
1910{
1911 krb5_error_code ret;
1912 unsigned char *p;
1913 Checksum cksum;
1914 size_t checksum_sz, l;
1915 struct encryption_type *et = crypto->et;
1916
1917 checksum_sz = CHECKSUMSIZE(et->cksumtype);

--- 5 unchanged lines hidden (view full) ---

1923 ret = _key_schedule(context, &crypto->key);
1924 if(ret) {
1925 free(p);
1926 return ret;
1927 }
1928#ifdef CRYPTO_DEBUG
1929 krb5_crypto_debug(context, 0, len, crypto->key.key);
1930#endif
2367{
2368 krb5_error_code ret;
2369 unsigned char *p;
2370 Checksum cksum;
2371 size_t checksum_sz, l;
2372 struct encryption_type *et = crypto->et;
2373
2374 checksum_sz = CHECKSUMSIZE(et->cksumtype);

--- 5 unchanged lines hidden (view full) ---

2380 ret = _key_schedule(context, &crypto->key);
2381 if(ret) {
2382 free(p);
2383 return ret;
2384 }
2385#ifdef CRYPTO_DEBUG
2386 krb5_crypto_debug(context, 0, len, crypto->key.key);
2387#endif
1931 (*et->encrypt)(&crypto->key, p, len, 0);
2388 (*et->encrypt)(&crypto->key, p, len, 0, 0, ivec);
1932 ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz);
1933 if(ret) {
2389 ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz);
2390 if(ret) {
1934 free(p);
1935 return ret;
2391 free(p);
2392 return ret;
1936 }
1937 memset(p + et->confoundersize, 0, checksum_sz);
1938 cksum.cksumtype = CHECKSUMTYPE(et->cksumtype);
1939 ret = verify_checksum(context, NULL, 0, p, len, &cksum);
1940 free_Checksum(&cksum);
1941 if(ret) {
1942 free(p);
1943 return ret;

--- 4 unchanged lines hidden (view full) ---

1948 if(result->data == NULL) {
1949 free(p);
1950 return ENOMEM;
1951 }
1952 result->length = l;
1953 return 0;
1954}
1955
2393 }
2394 memset(p + et->confoundersize, 0, checksum_sz);
2395 cksum.cksumtype = CHECKSUMTYPE(et->cksumtype);
2396 ret = verify_checksum(context, NULL, 0, p, len, &cksum);
2397 free_Checksum(&cksum);
2398 if(ret) {
2399 free(p);
2400 return ret;

--- 4 unchanged lines hidden (view full) ---

2405 if(result->data == NULL) {
2406 free(p);
2407 return ENOMEM;
2408 }
2409 result->length = l;
2410 return 0;
2411}
2412
2413static krb5_error_code
2414decrypt_internal_special(krb5_context context,
2415 krb5_crypto crypto,
2416 int usage,
2417 void *data,
2418 size_t len,
2419 krb5_data *result,
2420 void *ivec)
2421{
2422 struct encryption_type *et = crypto->et;
2423 size_t cksum_sz = CHECKSUMSIZE(et->cksumtype);
2424 size_t sz = len - cksum_sz - et->confoundersize;
2425 char *cdata = (char *)data;
2426 char *tmp;
2427
2428 tmp = malloc (sz);
2429 if (tmp == NULL)
2430 return ENOMEM;
2431
2432 (*et->encrypt)(&crypto->key, data, len, FALSE, usage, ivec);
2433
2434 memcpy (tmp, cdata + cksum_sz + et->confoundersize, sz);
2435
2436 result->data = tmp;
2437 result->length = sz;
2438 return 0;
2439}
2440
2441
1956krb5_error_code
2442krb5_error_code
2443krb5_encrypt_ivec(krb5_context context,
2444 krb5_crypto crypto,
2445 unsigned usage,
2446 void *data,
2447 size_t len,
2448 krb5_data *result,
2449 void *ivec)
2450{
2451 if(derived_crypto(context, crypto))
2452 return encrypt_internal_derived(context, crypto, usage,
2453 data, len, result, ivec);
2454 else if (special_crypto(context, crypto))
2455 return encrypt_internal_special (context, crypto, usage,
2456 data, len, result, ivec);
2457 else
2458 return encrypt_internal(context, crypto, data, len, result, ivec);
2459}
2460
2461krb5_error_code
1957krb5_encrypt(krb5_context context,
1958 krb5_crypto crypto,
1959 unsigned usage,
1960 void *data,
1961 size_t len,
1962 krb5_data *result)
1963{
2462krb5_encrypt(krb5_context context,
2463 krb5_crypto crypto,
2464 unsigned usage,
2465 void *data,
2466 size_t len,
2467 krb5_data *result)
2468{
1964 if(derived_crypto(context, crypto))
1965 return encrypt_internal_derived(context, crypto, usage,
1966 data, len, result);
1967 else
1968 return encrypt_internal(context, crypto, data, len, result);
2469 return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
1969}
1970
1971krb5_error_code
1972krb5_encrypt_EncryptedData(krb5_context context,
1973 krb5_crypto crypto,
1974 unsigned usage,
1975 void *data,
1976 size_t len,

--- 5 unchanged lines hidden (view full) ---

1982 ALLOC(result->kvno, 1);
1983 *result->kvno = kvno;
1984 }else
1985 result->kvno = NULL;
1986 return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
1987}
1988
1989krb5_error_code
2470}
2471
2472krb5_error_code
2473krb5_encrypt_EncryptedData(krb5_context context,
2474 krb5_crypto crypto,
2475 unsigned usage,
2476 void *data,
2477 size_t len,

--- 5 unchanged lines hidden (view full) ---

2483 ALLOC(result->kvno, 1);
2484 *result->kvno = kvno;
2485 }else
2486 result->kvno = NULL;
2487 return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
2488}
2489
2490krb5_error_code
2491krb5_decrypt_ivec(krb5_context context,
2492 krb5_crypto crypto,
2493 unsigned usage,
2494 void *data,
2495 size_t len,
2496 krb5_data *result,
2497 void *ivec)
2498{
2499 if(derived_crypto(context, crypto))
2500 return decrypt_internal_derived(context, crypto, usage,
2501 data, len, result, ivec);
2502 else if (special_crypto (context, crypto))
2503 return decrypt_internal_special(context, crypto, usage,
2504 data, len, result, ivec);
2505 else
2506 return decrypt_internal(context, crypto, data, len, result, ivec);
2507}
2508
2509krb5_error_code
1990krb5_decrypt(krb5_context context,
1991 krb5_crypto crypto,
1992 unsigned usage,
1993 void *data,
1994 size_t len,
1995 krb5_data *result)
1996{
2510krb5_decrypt(krb5_context context,
2511 krb5_crypto crypto,
2512 unsigned usage,
2513 void *data,
2514 size_t len,
2515 krb5_data *result)
2516{
1997 if(derived_crypto(context, crypto))
1998 return decrypt_internal_derived(context, crypto, usage,
1999 data, len, result);
2000 else
2001 return decrypt_internal(context, crypto, data, len, result);
2517 return krb5_decrypt_ivec (context, crypto, usage, data, len, result,
2518 NULL);
2002}
2003
2004krb5_error_code
2005krb5_decrypt_EncryptedData(krb5_context context,
2006 krb5_crypto crypto,
2007 unsigned usage,
2519}
2520
2521krb5_error_code
2522krb5_decrypt_EncryptedData(krb5_context context,
2523 krb5_crypto crypto,
2524 unsigned usage,
2008 EncryptedData *e,
2525 const EncryptedData *e,
2009 krb5_data *result)
2010{
2011 return krb5_decrypt(context, crypto, usage,
2012 e->cipher.data, e->cipher.length, result);
2013}
2014
2015/************************************************************
2016 * *

--- 70 unchanged lines hidden (view full) ---

2087 unsigned char *k;
2088 unsigned int nblocks = 0, i;
2089 krb5_error_code ret = 0;
2090
2091 struct key_type *kt = et->keytype;
2092 ret = _key_schedule(context, key);
2093 if(ret)
2094 return ret;
2526 krb5_data *result)
2527{
2528 return krb5_decrypt(context, crypto, usage,
2529 e->cipher.data, e->cipher.length, result);
2530}
2531
2532/************************************************************
2533 * *

--- 70 unchanged lines hidden (view full) ---

2604 unsigned char *k;
2605 unsigned int nblocks = 0, i;
2606 krb5_error_code ret = 0;
2607
2608 struct key_type *kt = et->keytype;
2609 ret = _key_schedule(context, key);
2610 if(ret)
2611 return ret;
2095 if(et->blocksize * 8 < kt->bits ||
2612 if(et->blocksize * 8 < kt->bits ||
2096 len != et->blocksize) {
2097 nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8);
2098 k = malloc(nblocks * et->blocksize);
2099 if(k == NULL)
2100 return ENOMEM;
2101 _krb5_n_fold(constant, len, k, et->blocksize);
2102 for(i = 0; i < nblocks; i++) {
2103 if(i > 0)
2104 memcpy(k + i * et->blocksize,
2105 k + (i - 1) * et->blocksize,
2106 et->blocksize);
2613 len != et->blocksize) {
2614 nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8);
2615 k = malloc(nblocks * et->blocksize);
2616 if(k == NULL)
2617 return ENOMEM;
2618 _krb5_n_fold(constant, len, k, et->blocksize);
2619 for(i = 0; i < nblocks; i++) {
2620 if(i > 0)
2621 memcpy(k + i * et->blocksize,
2622 k + (i - 1) * et->blocksize,
2623 et->blocksize);
2107 (*et->encrypt)(key, k + i * et->blocksize, et->blocksize, 1);
2624 (*et->encrypt)(key, k + i * et->blocksize, et->blocksize, 1, 0,
2625 NULL);
2108 }
2109 } else {
2626 }
2627 } else {
2628 /* this case is probably broken, but won't be run anyway */
2110 void *c = malloc(len);
2111 size_t res_len = (kt->bits + 7) / 8;
2112
2113 if(len != 0 && c == NULL)
2114 return ENOMEM;
2115 memcpy(c, constant, len);
2629 void *c = malloc(len);
2630 size_t res_len = (kt->bits + 7) / 8;
2631
2632 if(len != 0 && c == NULL)
2633 return ENOMEM;
2634 memcpy(c, constant, len);
2116 (*et->encrypt)(key, c, len, 1);
2635 (*et->encrypt)(key, c, len, 1, 0, NULL);
2117 k = malloc(res_len);
2118 if(res_len != 0 && k == NULL)
2119 return ENOMEM;
2120 _krb5_n_fold(c, len, k, res_len);
2121 free(c);
2122 }
2123
2124 /* XXX keytype dependent post-processing */

--- 136 unchanged lines hidden (view full) ---

2261 &kd,
2262 "kerberos", /* XXX well known constant */
2263 strlen("kerberos"));
2264 ret = krb5_copy_keyblock_contents(context, kd.key, key);
2265 free_key_data(context, &kd);
2266 return ret;
2267}
2268
2636 k = malloc(res_len);
2637 if(res_len != 0 && k == NULL)
2638 return ENOMEM;
2639 _krb5_n_fold(c, len, k, res_len);
2640 free(c);
2641 }
2642
2643 /* XXX keytype dependent post-processing */

--- 136 unchanged lines hidden (view full) ---

2780 &kd,
2781 "kerberos", /* XXX well known constant */
2782 strlen("kerberos"));
2783 ret = krb5_copy_keyblock_contents(context, kd.key, key);
2784 free_key_data(context, &kd);
2785 return ret;
2786}
2787
2788static size_t
2789wrapped_length (krb5_context context,
2790 krb5_crypto crypto,
2791 size_t data_len)
2792{
2793 struct encryption_type *et = crypto->et;
2794 size_t blocksize = et->blocksize;
2795 size_t res;
2796
2797 res = et->confoundersize + et->cksumtype->checksumsize + data_len;
2798 res = (res + blocksize - 1) / blocksize * blocksize;
2799 return res;
2800}
2801
2802static size_t
2803wrapped_length_dervied (krb5_context context,
2804 krb5_crypto crypto,
2805 size_t data_len)
2806{
2807 struct encryption_type *et = crypto->et;
2808 size_t blocksize = et->blocksize;
2809 size_t res;
2810
2811 res = et->confoundersize + data_len;
2812 res = (res + blocksize - 1) / blocksize * blocksize;
2813 res += et->cksumtype->checksumsize;
2814 return res;
2815}
2816
2269/*
2270 * Return the size of an encrypted packet of length `data_len'
2271 */
2272
2273size_t
2274krb5_get_wrapped_length (krb5_context context,
2275 krb5_crypto crypto,
2276 size_t data_len)
2277{
2817/*
2818 * Return the size of an encrypted packet of length `data_len'
2819 */
2820
2821size_t
2822krb5_get_wrapped_length (krb5_context context,
2823 krb5_crypto crypto,
2824 size_t data_len)
2825{
2278 struct encryption_type *et = crypto->et;
2279 size_t blocksize = et->blocksize;
2280 size_t res;
2281
2282 res = (data_len + blocksize - 1) / blocksize * blocksize;
2283 res = res + et->confoundersize + et->cksumtype->checksumsize;
2284 return res;
2826 if (derived_crypto (context, crypto))
2827 return wrapped_length_dervied (context, crypto, data_len);
2828 else
2829 return wrapped_length (context, crypto, data_len);
2285}
2286
2287#ifdef CRYPTO_DEBUG
2288
2289static krb5_error_code
2290krb5_get_keyid(krb5_context context,
2291 krb5_keyblock *key,
2292 u_int32_t *keyid)
2293{
2294 MD5_CTX md5;
2295 unsigned char tmp[16];
2296
2830}
2831
2832#ifdef CRYPTO_DEBUG
2833
2834static krb5_error_code
2835krb5_get_keyid(krb5_context context,
2836 krb5_keyblock *key,
2837 u_int32_t *keyid)
2838{
2839 MD5_CTX md5;
2840 unsigned char tmp[16];
2841
2297 MD5Init (&md5);
2298 MD5Update (&md5, key->keyvalue.data, key->keyvalue.length);
2299 MD5Final (tmp, &md5);
2842 MD5_Init (&md5);
2843 MD5_Update (&md5, key->keyvalue.data, key->keyvalue.length);
2844 MD5_Final (tmp, &md5);
2300 *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15];
2301 return 0;
2302}
2303
2304static void
2305krb5_crypto_debug(krb5_context context,
2306 int encrypt,
2307 size_t len,

--- 7 unchanged lines hidden (view full) ---

2315 encrypt ? "encrypting" : "decrypting",
2316 (unsigned long)len,
2317 keyid,
2318 kt);
2319 free(kt);
2320}
2321
2322#endif /* CRYPTO_DEBUG */
2845 *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15];
2846 return 0;
2847}
2848
2849static void
2850krb5_crypto_debug(krb5_context context,
2851 int encrypt,
2852 size_t len,

--- 7 unchanged lines hidden (view full) ---

2860 encrypt ? "encrypting" : "decrypting",
2861 (unsigned long)len,
2862 keyid,
2863 kt);
2864 free(kt);
2865}
2866
2867#endif /* CRYPTO_DEBUG */
2868
2869#if 0
2870int
2871main()
2872{
2873#if 0
2874 int i;
2875 krb5_context context;
2876 krb5_crypto crypto;
2877 struct key_data *d;
2878 krb5_keyblock key;
2879 char constant[4];
2880 unsigned usage = ENCRYPTION_USAGE(3);
2881 krb5_error_code ret;
2882
2883 ret = krb5_init_context(&context);
2884 if (ret)
2885 errx (1, "krb5_init_context failed: %d", ret);
2886
2887 key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
2888 key.keyvalue.data = "\xb3\x85\x58\x94\xd9\xdc\x7c\xc8"
2889 "\x25\xe9\x85\xab\x3e\xb5\xfb\x0e"
2890 "\xc8\xdf\xab\x26\x86\x64\x15\x25";
2891 key.keyvalue.length = 24;
2892
2893 krb5_crypto_init(context, &key, 0, &crypto);
2894
2895 d = _new_derived_key(crypto, usage);
2896 if(d == NULL)
2897 return ENOMEM;
2898 krb5_copy_keyblock(context, crypto->key.key, &d->key);
2899 _krb5_put_int(constant, usage, 4);
2900 derive_key(context, crypto->et, d, constant, sizeof(constant));
2901 return 0;
2902#else
2903 int i;
2904 krb5_context context;
2905 krb5_crypto crypto;
2906 struct key_data *d;
2907 krb5_keyblock key;
2908 krb5_error_code ret;
2909 Checksum res;
2910
2911 char *data = "what do ya want for nothing?";
2912
2913 ret = krb5_init_context(&context);
2914 if (ret)
2915 errx (1, "krb5_init_context failed: %d", ret);
2916
2917 key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
2918 key.keyvalue.data = "Jefe";
2919 /* "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
2920 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */
2921 key.keyvalue.length = 4;
2922
2923 d = calloc(1, sizeof(*d));
2924
2925 d->key = &key;
2926 res.checksum.length = 20;
2927 res.checksum.data = malloc(res.checksum.length);
2928 HMAC_SHA1_DES3_checksum(context, d, data, 28, &res);
2929
2930 return 0;
2931#endif
2932}
2933#endif