oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(DES3_postproc): new version that does the right thing

Browse Source 
(*): don't put and recover length in 3DES encoding
other small fixes


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6294 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1999-06-03 17:36:04 +00:00
parent 038dd1f08f
commit 03adfaa3b1
1 changed files with 66 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
lib/krb5/crypto.c
View File

@@ -1621,8 +1621,10 @@ encrypt_internal_derived(krb5_context context,
q = p; q = p;
krb5_generate_random_block(q, et->confoundersize); /* XXX */ krb5_generate_random_block(q, et->confoundersize); /* XXX */
q += et->confoundersize; q += et->confoundersize;
#if 0
_krb5_put_int(q, len, 4); _krb5_put_int(q, len, 4);
q += 4; q += 4;
#endif
memcpy(q, data, len); memcpy(q, data, len);
ret = create_checksum(context, ret = create_checksum(context,
@@ -1762,8 +1764,9 @@ decrypt_internal_derived(krb5_context context,
#endif #endif
(*et->encrypt)(dkey, p, len, 0); (*et->encrypt)(dkey, p, len, 0);
cksum.checksum.data = p + len; cksum.checksum.data = p + len;
cksum.checksum.length = checksum_sz; cksum.checksum.length = checksum_sz;
cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum);
ret = verify_checksum(context, ret = verify_checksum(context,
crypto, crypto,
@@ -1775,8 +1778,11 @@ decrypt_internal_derived(krb5_context context,
free(p); free(p);
return ret; return ret;
} }
#if 0
_krb5_get_int(p + et->confoundersize, &l, 4); _krb5_get_int(p + et->confoundersize, &l, 4);
memmove(p, p + et->confoundersize + 4, l); #endif
l = len - et->confoundersize - checksum_sz;
memmove(p, p + et->confoundersize + checksum_sz, l);
result->data = realloc(p, l); result->data = realloc(p, l);
if(p == NULL) { if(p == NULL) {
free(p); free(p);
@@ -1927,6 +1933,42 @@ krb5_generate_random_block(void *buf, size_t len)
} }
} }
static void
DES3_postproc(krb5_context context,
unsigned char *k, size_t len, struct key_data *key)
{
unsigned char x[24];
int i, j;
memset(x, 0, sizeof(x));
for (i = 0; i < 3; ++i) {
unsigned char foo;
for (j = 0; j < 7; ++j) {
unsigned char b = k[7 * i + j];
x[8 * i + j] = b;
}
foo = 0;
for (j = 6; j >= 0; --j) {
foo |= k[7 * i + j] & 1;
foo <<= 1;
}
x[8 * i + 7] = foo;
}
k = key->key->keyvalue.data;
memcpy(k, x, 24);
memset(x, 0, sizeof(x));
if (key->schedule) {
krb5_free_data(context, key->schedule);
key->schedule = NULL;
}
des_set_odd_parity((des_cblock*)k);
des_set_odd_parity((des_cblock*)(k + 8));
des_set_odd_parity((des_cblock*)(k + 16));
}
#if 0
/* XXX should be moved someplace else */ /* XXX should be moved someplace else */
static void static void
DES3_postproc(krb5_context context, DES3_postproc(krb5_context context,
@@ -1960,12 +2002,15 @@ DES3_postproc(krb5_context context,
k = key->key->keyvalue.data; k = key->key->keyvalue.data;
memcpy(k, x, 24); memcpy(k, x, 24);
memset(x, 0, sizeof(x)); memset(x, 0, sizeof(x));
krb5_free_data(context, key->schedule); if (key->schedule) {
key->schedule = NULL; krb5_free_data(context, key->schedule);
key->schedule = NULL;
}
des_set_odd_parity((des_cblock*)k); des_set_odd_parity((des_cblock*)k);
des_set_odd_parity((des_cblock*)(k + 8)); des_set_odd_parity((des_cblock*)(k + 8));
des_set_odd_parity((des_cblock*)(k + 16)); des_set_odd_parity((des_cblock*)(k + 16));
} }
#endif
static krb5_error_code static krb5_error_code
derive_key(krb5_context context, derive_key(krb5_context context,
@@ -1998,17 +2043,26 @@ derive_key(krb5_context context,
} }
} else { } else {
void *c = malloc(len); void *c = malloc(len);
size_t res_len = (kt->bits + 7) / 8;
if(c == NULL) if(c == NULL)
return ENOMEM; return ENOMEM;
memcpy(c, constant, len); memcpy(c, constant, len);
(*et->encrypt)(key, c, len, 1); (*et->encrypt)(key, c, len, 1);
k = malloc((kt->bits + 7) / 8); k = malloc(res_len);
if(k == NULL) if(k == NULL)
return ENOMEM; return ENOMEM;
_krb5_n_fold(c, len, k, kt->bits); _krb5_n_fold(c, len, k, res_len);
free(c); free(c);
} }
#if 0
des_set_odd_parity((des_cblock*)k);
des_set_odd_parity((des_cblock*)(k + 8));
des_set_odd_parity((des_cblock*)(k + 16));
memcpy (key->key->keyvalue.data, k, 24);
#endif
#if 1
/* XXX keytype dependent post-processing */ /* XXX keytype dependent post-processing */
switch(kt->type) { switch(kt->type) {
case KEYTYPE_DES3: case KEYTYPE_DES3:
@@ -2020,6 +2074,7 @@ derive_key(krb5_context context,
ret = KRB5_CRYPTO_INTERNAL; ret = KRB5_CRYPTO_INTERNAL;
break; break;
} }
#endif
memset(k, 0, nblocks * et->blocksize); memset(k, 0, nblocks * et->blocksize);
free(k); free(k);
return ret; return ret;
@@ -2132,13 +2187,17 @@ krb5_string_to_key_derived(krb5_context context,
struct encryption_type *et = _find_enctype(etype); struct encryption_type *et = _find_enctype(etype);
krb5_error_code ret; krb5_error_code ret;
struct key_data kd; struct key_data kd;
u_char *tmp;
if(et == NULL) if(et == NULL)
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
ALLOC(kd.key, 1); ALLOC(kd.key, 1);
kd.key->keytype = etype; kd.key->keytype = etype;
tmp = malloc (et->keytype->bits / 8);
_krb5_n_fold(str, len, tmp, et->keytype->bits / 8);
krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
_krb5_n_fold(str, len, kd.key->keyvalue.data, kd.key->keyvalue.length); kd.schedule = NULL;
DES3_postproc (context, tmp, et->keytype->bits / 8, &kd); /* XXX */
ret = derive_key(context, ret = derive_key(context,
et, et,
&kd, &kd,