From 17072285e62f826bff8207f77f03accee5c5f32c Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Mon, 29 Mar 1999 19:27:45 +0000 Subject: [PATCH] removed git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5805 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/checksum.c | 460 ---------------------------------------- lib/krb5/crc.h | 42 ---- lib/krb5/encrypt.c | 506 -------------------------------------------- 3 files changed, 1008 deletions(-) delete mode 100644 lib/krb5/checksum.c delete mode 100644 lib/krb5/crc.h delete mode 100644 lib/krb5/encrypt.c diff --git a/lib/krb5/checksum.c b/lib/krb5/checksum.c deleted file mode 100644 index 315ba62a0..000000000 --- a/lib/krb5/checksum.c +++ /dev/null @@ -1,460 +0,0 @@ -/* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include -#include - -RCSID("$Id$"); - -struct checksum_type { - krb5_cksumtype type; - size_t blocksize; - size_t checksumsize; - krb5_keytype keytype; - void (*checksum)(void *, size_t, const krb5_keyblock *, void *); - int (*verify)(void *, size_t, const krb5_keyblock *, void *); - int flags; - const char *name; -}; - -/* values for `flags' */ -#define F_KEYED 1 -#define F_CPROOF 2 - -static struct checksum_type* find_checksum_type(krb5_cksumtype); - - -static void -NULL_checksum(void *p, size_t len, const krb5_keyblock *k, void *result) -{ -} - -static void -MD4_checksum(void *p, size_t len, const krb5_keyblock *k, void *result) -{ - struct md4 m; - md4_init(&m); - md4_update(&m, p, len); - md4_finito(&m, result); -} - -static void -MD5_checksum(void *p, size_t len, const krb5_keyblock *k, void *result) -{ - struct md5 m; - md5_init(&m); - md5_update(&m, p, len); - md5_finito(&m, result); -} - -static void -SHA1_checksum(void *p, size_t len, const krb5_keyblock *k, void *result) -{ - struct sha m; - sha_init(&m); - sha_update(&m, p, len); - sha_finito(&m, result); -} - -static void -CRC_checksum(void *p, size_t len, const krb5_keyblock *k, void *result) -{ - u_int32_t crc; - unsigned char *r = result; - crc_init_table (); - crc = crc_update (p, len, 0); - r[0] = crc & 0xff; - r[1] = (crc >> 8) & 0xff; - r[2] = (crc >> 16) & 0xff; - r[3] = (crc >> 24) & 0xff; -} - -static void -MD4_DES_checksum (void *p, size_t len, const krb5_keyblock *keyblock, - void *result) -{ - struct md4 md4; - des_cblock ivec; - des_cblock key; - des_key_schedule schedule; - int i; - u_char *r = result; - u_char *orig_key = (u_char *)keyblock->keyvalue.data; - - md4_init(&md4); - krb5_generate_random_block(r, 8); - md4_update(&md4, r, 8); - md4_update(&md4, p, len); - md4_finito(&md4, r + 8); - for (i = 0; i < 8; ++i) - key[i] = orig_key[i] ^ 0xF0; - des_set_key(&key, schedule); - memset (&ivec, 0, sizeof(ivec)); - des_cbc_encrypt(result, result, 24, schedule, &ivec, DES_ENCRYPT); -} - -static int -MD4_DES_verify (void *p, size_t len, const krb5_keyblock *keyblock, - void *other) -{ - des_cblock ivec; - des_cblock key; - des_key_schedule schedule; - int i; - u_char res[16]; - u_char *orig_key = (u_char *)keyblock->keyvalue.data; - struct md4 md4; - - for (i = 0; i < 8; ++i) - key[i] = orig_key[i] ^ 0xF0; - des_set_key(&key, schedule); - memset (&ivec, 0, sizeof(ivec)); - des_cbc_encrypt(other, other, 24, schedule, &ivec, DES_DECRYPT); - - md4_init(&md4); - md4_update(&md4, other, 8); - md4_update(&md4, p, len); - md4_finito(&md4, res); - - return memcmp (res, (u_char *)other + 8, 16); -} - - -static void -MD5_DES_checksum (void *p, size_t len, const krb5_keyblock *keyblock, - void *result) -{ - struct md5 md5; - des_cblock ivec; - des_cblock key; - des_key_schedule schedule; - int i; - u_char *r = result; - u_char *orig_key = (u_char *)keyblock->keyvalue.data; - - md5_init(&md5); - krb5_generate_random_block(r, 8); - md5_update(&md5, r, 8); - md5_update(&md5, p, len); - md5_finito(&md5, r + 8); - for (i = 0; i < 8; ++i) - key[i] = orig_key[i] ^ 0xF0; - des_set_key(&key, schedule); - memset (&ivec, 0, sizeof(ivec)); - des_cbc_encrypt(result, result, 24, schedule, &ivec, DES_ENCRYPT); -} - -static int -MD5_DES_verify (void *p, size_t len, const krb5_keyblock *keyblock, - void *other) -{ - des_cblock ivec; - des_cblock key; - des_key_schedule schedule; - int i; - u_char res[16]; - u_char *orig_key = (u_char *)keyblock->keyvalue.data; - struct md5 md5; - - for (i = 0; i < 8; ++i) - key[i] = orig_key[i] ^ 0xF0; - des_set_key(&key, schedule); - memset (&ivec, 0, sizeof(ivec)); - des_cbc_encrypt(other, other, 24, schedule, &ivec, DES_DECRYPT); - - md5_init(&md5); - md5_update(&md5, other, 8); - md5_update(&md5, p, len); - md5_finito(&md5, res); - - return memcmp (res, (u_char *)other + 8, 16); -} - -static void -fix_des3_key(const krb5_keyblock *keyblock, des_key_schedule *sched) -{ - unsigned char *orig_key = keyblock->keyvalue.data; - des_cblock key[3]; - int i; - for (i = 0; i < 8; ++i){ - key[0][i] = orig_key[i] ^ 0xF0; - key[1][i] = orig_key[i+8] ^ 0xF0; - key[2][i] = orig_key[i+16] ^ 0xF0; - } - for(i = 0; i < 3; i++) - des_set_key(&key[i], sched[i]); - memset(key, 0, sizeof(key)); -} - -static void -MD5_DES3_checksum (void *p, size_t len, const krb5_keyblock *keyblock, - void *result) -{ - struct md5 md5; - des_cblock ivec; - des_key_schedule sched[3]; - unsigned char *r = result; - - md5_init(&md5); - krb5_generate_random_block(r, 8); - md5_update(&md5, r, 8); - md5_update(&md5, p, len); - md5_finito(&md5, r + 8); - fix_des3_key(keyblock, sched); - memset (&ivec, 0, sizeof(ivec)); - des_ede3_cbc_encrypt(result, result, 24, sched[0], sched[1], sched[2], - &ivec, DES_ENCRYPT); - memset(sched, 0, sizeof(sched)); -} - -static int -MD5_DES3_verify (void *p, size_t len, const krb5_keyblock *keyblock, - void *other) -{ - des_cblock ivec; - des_key_schedule sched[3]; - unsigned char res[16]; - struct md5 md5; - - fix_des3_key(keyblock, sched); - memset (&ivec, 0, sizeof(ivec)); - des_ede3_cbc_encrypt(other, other, 24, sched[0], sched[1], sched[2], - &ivec, DES_DECRYPT); - - memset(sched, 0, sizeof(sched)); - md5_init(&md5); - md5_update(&md5, other, 8); - md5_update(&md5, p, len); - md5_finito(&md5, res); - - return memcmp (res, (unsigned char*)other + 8, 16); -} - - -/* HMAC according to RFC2104 */ -static void -hmac(struct checksum_type *cm, void *data, size_t len, - const krb5_keyblock *keyblock, void *result) -{ - unsigned char *ipad, *opad; - unsigned char *key, *tmp_key = NULL; - size_t key_len; - int i; - - key = keyblock->keyvalue.data; - key_len = keyblock->keyvalue.length; - if(key_len > cm->blocksize){ - tmp_key = malloc(cm->checksumsize); - (*cm->checksum)(key, key_len, keyblock, tmp_key); - key = tmp_key; - key_len = cm->checksumsize; - } - ipad = malloc(cm->blocksize + len); - opad = malloc(cm->blocksize + cm->checksumsize); - memset(ipad, 0x36, cm->blocksize); - memset(opad, 0x5c, cm->blocksize); - for(i = 0; i < key_len; i++){ - ipad[i] ^= key[i]; - opad[i] ^= key[i]; - } - memcpy(ipad + cm->blocksize, data, len); - (*cm->checksum)(ipad, cm->blocksize + len, keyblock, result); - memcpy(opad + cm->blocksize, result, cm->checksumsize); - (*cm->checksum)(opad, cm->blocksize + cm->checksumsize, keyblock, result); - if(tmp_key) - free(tmp_key); - free(ipad); - free(opad); -} - -/* this is used for HMAC-SHA1-DES3, but we make no checks that it - actually is a DES3 key that is passed */ -static void -HMAC_SHA1_checksum(void *data, size_t len, const krb5_keyblock *key, - void *result) -{ - struct checksum_type *c = find_checksum_type(CKSUMTYPE_SHA1); - hmac(c, data, len, key, result); -} - -static struct checksum_type cm[] = { - { CKSUMTYPE_NONE, 1, 0, KEYTYPE_NULL, - NULL_checksum, NULL, 0, "none" }, - { CKSUMTYPE_CRC32, 1, 4, KEYTYPE_NULL, - CRC_checksum, NULL, 0, "crc32" }, - { CKSUMTYPE_RSA_MD4, 64, 16, KEYTYPE_NULL, - MD4_checksum, NULL, F_CPROOF, "md4" }, - { CKSUMTYPE_RSA_MD5, 64, 16, KEYTYPE_NULL, - MD5_checksum, NULL, F_CPROOF, "md5" }, - { CKSUMTYPE_RSA_MD4_DES, 64, 24, KEYTYPE_DES, - MD4_DES_checksum, MD4_DES_verify, F_KEYED|F_CPROOF, "md4-des" }, - { CKSUMTYPE_RSA_MD5_DES, 64, 24, KEYTYPE_DES, - MD5_DES_checksum, MD5_DES_verify, F_KEYED|F_CPROOF, "md5-des" }, - { CKSUMTYPE_RSA_MD5_DES3, 64, 24, KEYTYPE_DES3, - MD5_DES3_checksum, MD5_DES3_verify, F_KEYED|F_CPROOF, "md5-des3" }, - { CKSUMTYPE_SHA1, 80, 20, KEYTYPE_NULL, - SHA1_checksum, NULL, F_CPROOF, "sha1" }, - { CKSUMTYPE_HMAC_SHA1_DES3, 80, 20, KEYTYPE_DES3, - HMAC_SHA1_checksum, NULL, F_KEYED|F_CPROOF, "hmac-sha1-des3" } -}; - -static int num_ctypes = sizeof(cm) / sizeof(cm[0]); - -static struct checksum_type * -find_checksum_type(krb5_cksumtype ctype) -{ - struct checksum_type *c; - for(c = cm; c < cm + num_ctypes; c++) - if(ctype == c->type) - return c; - return NULL; -} - -krb5_boolean -krb5_checksum_is_keyed(krb5_cksumtype ctype) -{ - struct checksum_type *c = find_checksum_type(ctype); - if(c == NULL) - return FALSE; - return (c->flags & F_KEYED) != 0; -} - -krb5_boolean -krb5_checksum_is_collision_proof(krb5_cksumtype ctype) -{ - struct checksum_type *c = find_checksum_type(ctype); - if(c == NULL) - return FALSE; - return (c->flags & F_CPROOF) != 0; -} - -krb5_error_code -krb5_checksum_to_string(krb5_context context, krb5_cksumtype ctype, - char **string) -{ - struct checksum_type *c = find_checksum_type(ctype); - if(c == NULL) - return KRB5_PROG_SUMTYPE_NOSUPP; - *string = strdup(c->name); - return 0; -} - -krb5_error_code -krb5_string_to_checksum(krb5_context context, const char *string, - krb5_cksumtype *ctype) -{ - int i; - for(i = 0; i < num_ctypes; i++) - if(strcasecmp(cm[i].name, string) == 0){ - *ctype = cm[i].type; - return 0; - } - return KRB5_PROG_SUMTYPE_NOSUPP; -} - -krb5_error_code -krb5_cksumsize(krb5_context context, - krb5_cksumtype type, - size_t *size) -{ - struct checksum_type *c = find_checksum_type(type); - if(c == NULL) - return KRB5_PROG_SUMTYPE_NOSUPP; - - *size = c->checksumsize; - return 0; -} - -krb5_error_code -krb5_create_checksum (krb5_context context, - krb5_cksumtype type, - void *ptr, - size_t len, - const krb5_keyblock *keyblock, - Checksum *result) -{ - struct checksum_type *c; - - c = find_checksum_type (type); - if (c == NULL) - return KRB5_PROG_SUMTYPE_NOSUPP; - if (c->keytype != KEYTYPE_NULL && c->keytype != keyblock->keytype) - return KRB5_PROG_KEYTYPE_NOSUPP; - result->cksumtype = type; - result->checksum.length = c->checksumsize; - result->checksum.data = malloc(result->checksum.length); - if(result->checksum.data == NULL) - return ENOMEM; - - (*c->checksum)(ptr, len, keyblock, result->checksum.data); - return 0; -} - -krb5_error_code -krb5_verify_checksum (krb5_context context, - void *ptr, - size_t len, - const krb5_keyblock *keyblock, - Checksum *cksum) -{ - void *tmp; - struct checksum_type *c; - int ret; - - c = find_checksum_type (cksum->cksumtype); - if (c == NULL) - return KRB5_PROG_SUMTYPE_NOSUPP; - if (c->keytype != KEYTYPE_NULL && c->keytype != keyblock->keytype) - return KRB5_PROG_KEYTYPE_NOSUPP; - if (cksum->checksum.length != c->checksumsize) - return KRB5KRB_AP_ERR_MODIFIED; - if (c->verify) { - ret = (*c->verify)(ptr, len, keyblock, cksum->checksum.data); - } else { - tmp = malloc (c->checksumsize); - if (tmp == NULL) - return ENOMEM; - (*c->checksum)(ptr, len, keyblock, tmp); - ret = memcmp (cksum->checksum.data, tmp, c->checksumsize); - free (tmp); - } - if (ret == 0) - return 0; - else - return KRB5KRB_AP_ERR_MODIFIED; -} diff --git a/lib/krb5/crc.h b/lib/krb5/crc.h deleted file mode 100644 index 13d80f20c..000000000 --- a/lib/krb5/crc.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id$ */ - -void crc_init_table (void); -u_int32_t crc_update (char *p, size_t len, u_int32_t res); diff --git a/lib/krb5/encrypt.c b/lib/krb5/encrypt.c deleted file mode 100644 index 496a68135..000000000 --- a/lib/krb5/encrypt.c +++ /dev/null @@ -1,506 +0,0 @@ -/* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include -#include "crc.h" - -RCSID("$Id$"); - -struct encryption_type { - krb5_enctype type; - size_t blocksize; - size_t confoundersize; - void (*encrypt)(void *, size_t, const krb5_keyblock *, int); - krb5_keytype keytype; - krb5_cksumtype cksumtype; - const char *name; -}; - -static void -NULL_encrypt(void *p, size_t len, const krb5_keyblock *keyblock, int encrypt) -{ -} - -static void -DES_encrypt_null_ivec(void *p, size_t len, - const krb5_keyblock *keyblock, int encrypt) -{ - des_cblock key; - des_cblock ivec; - des_key_schedule schedule; - memcpy(&key, keyblock->keyvalue.data, sizeof(key)); - des_set_key(&key, schedule); - memset (&ivec, 0, sizeof(ivec)); - des_cbc_encrypt(p, p, len, schedule, &ivec, encrypt); -} - -static void -DES_encrypt_key_ivec(void *p, size_t len, - const krb5_keyblock *keyblock, int encrypt) -{ - des_cblock key; - des_key_schedule schedule; - memcpy(&key, keyblock->keyvalue.data, sizeof(key)); - des_set_key(&key, schedule); - des_cbc_encrypt(p, p, len, schedule, &key, encrypt); - memset(&key, 0, sizeof(key)); - memset(&schedule, 0, sizeof(schedule)); -} - -static void -DES3_encrypt_null_ivec(void *p, size_t len, - const krb5_keyblock *keyblock, int encrypt) -{ - des_cblock key; - des_key_schedule schedule[3]; - int i; - for(i = 0; i < 3; i++){ - memcpy(&key, (char*)keyblock->keyvalue.data + 8*i, 8); - des_set_key(&key, schedule[i]); - } - memset(&key, 0, sizeof(key)); - des_ede3_cbc_encrypt(p, p, len, schedule[0], schedule[1], schedule[2], - &key, encrypt); - memset(&schedule, 0, sizeof(schedule)); -} - -static struct encryption_type em [] = { - { ETYPE_DES3_CBC_SHA1, 8, 8, DES3_encrypt_null_ivec, - KEYTYPE_DES3, CKSUMTYPE_SHA1, "des3-cbc-sha1" }, - { ETYPE_DES3_CBC_MD5, 8, 8, DES3_encrypt_null_ivec, - KEYTYPE_DES3, CKSUMTYPE_RSA_MD5, "des3-cbc-md5" }, - { ETYPE_DES_CBC_MD5, 8, 8, DES_encrypt_null_ivec, - KEYTYPE_DES, CKSUMTYPE_RSA_MD5, "des-cbc-md5" }, - { ETYPE_DES_CBC_MD4, 8, 8, DES_encrypt_null_ivec, - KEYTYPE_DES, CKSUMTYPE_RSA_MD4, "des-cbc-md4" }, - { ETYPE_DES_CBC_CRC, 8, 8, DES_encrypt_key_ivec, - KEYTYPE_DES, CKSUMTYPE_CRC32, "des-cbc-crc" }, - { ETYPE_NULL, 1, 0, NULL_encrypt, KEYTYPE_NULL, CKSUMTYPE_NONE, "null" }, -}; - -static int num_etypes = sizeof(em) / sizeof(em[0]); - -static struct encryption_type * -find_encryption_type(int etype) -{ - struct encryption_type *e; - for(e = em; e < em + num_etypes; e++) - if(etype == e->type) - return e; - return NULL; -} - -krb5_boolean -krb5_etype_valid(krb5_context context, - krb5_enctype etype) -{ - struct encryption_type *e; - - e = find_encryption_type(etype); - return e != NULL && etype != ETYPE_NULL; -} - -krb5_error_code -krb5_etype_to_string(krb5_context context, - krb5_enctype etype, - char **string) -{ - struct encryption_type *e; - e = find_encryption_type(etype); - if(e == NULL) - return KRB5_PROG_ETYPE_NOSUPP; - *string = strdup(e->name); - return 0; -} - -krb5_error_code -krb5_string_to_etype(krb5_context context, - const char *string, - krb5_enctype *etype) -{ - int i; - for(i = 0; i < num_etypes; i++) - if(strcasecmp(em[i].name, string) == 0){ - *etype = em[i].type; - return 0; - } - return KRB5_PROG_ETYPE_NOSUPP; -} - -krb5_error_code -krb5_keytype_to_etypes(krb5_context context, - krb5_keytype keytype, - krb5_enctype **etypes) -{ - krb5_enctype *tmp, *tmp2; - struct encryption_type *e; - int i; - - tmp = malloc((num_etypes + 1) * sizeof(*tmp)); - if (tmp == NULL) - return ENOMEM; - i = 0; - for (e = em; e < em + num_etypes; ++e) - if (e->keytype == keytype) - tmp[i++] = e->type; - tmp[i++] = 0; - tmp2 = realloc (tmp, i * sizeof(*tmp)); - if (tmp2 == NULL) { - free (tmp); - return ENOMEM; - } - *etypes = tmp2; - return 0; -} - -krb5_error_code -krb5_etype_to_keytype(krb5_context context, - krb5_enctype etype, - krb5_keytype *keytype) -{ - struct encryption_type *e; - e = find_encryption_type(etype); - if(e == NULL) - return KRB5_PROG_ETYPE_NOSUPP; - *keytype = e->keytype; - return 0; -} - -krb5_error_code -krb5_decode_keytype(krb5_context context, - krb5_keytype *keytype, - int decode) -{ - if(context->ktype_is_etype){ - krb5_error_code ret; - if(decode) { - krb5_keytype kt; - ret = krb5_etype_to_keytype(context, - (krb5_enctype)*keytype, - &kt); - if(ret) - return ret; - *keytype = kt; - }else{ - krb5_enctype et; - ret = krb5_keytype_to_etype(context, - *keytype, - &et); - if(ret) - return ret; - *keytype = (krb5_keytype)et; - } - } - return 0; -} - -krb5_error_code -krb5_decode_keyblock(krb5_context context, - krb5_keyblock *key, - int decode) -{ - return krb5_decode_keytype(context, &key->keytype, decode); -} - -void -krb5_generate_random_block(void *buf, size_t len) -{ - des_cblock tmp; - unsigned char *p = buf; - size_t l; - while(len){ - des_new_random_key(&tmp); - l = len > 8 ? 8 : len; - memcpy(p, tmp, l); - p += l; - len -= l; - } -} - -static krb5_error_code -krb5_do_encrypt(krb5_context context, - void *ptr, - size_t len, - struct encryption_type *et, - const krb5_keyblock *keyblock, - krb5_data *result) -{ - size_t sz; - size_t checksumsize; - unsigned char *p; - krb5_error_code ret; - Checksum cksum; - - ret = krb5_cksumsize(context, et->cksumtype, &checksumsize); - if(ret) - return ret; - sz = len + et->confoundersize + checksumsize; - sz = (sz + et->blocksize - 1) & ~ (et->blocksize - 1); - p = calloc(1, sz); - if (p == NULL) - return ENOMEM; - krb5_generate_random_block(p, et->confoundersize); /* XXX */ - memcpy(p + et->confoundersize + checksumsize, ptr, len); - - krb5_create_checksum(context, et->cksumtype, p, sz, NULL, &cksum); - memcpy(p + et->confoundersize, cksum.checksum.data, checksumsize); - free_Checksum(&cksum); - (*et->encrypt)(p, sz, keyblock, 1); - result->data = p; - result->length = sz; - return 0; -} - -static krb5_error_code -krb5_do_decrypt(krb5_context context, - void *ptr, - size_t len, - struct encryption_type *et, - const krb5_keyblock *keyblock, - krb5_data *result) -{ - unsigned char *p = ptr; - size_t outlen; - Checksum cksum; - krb5_error_code ret; - - cksum.cksumtype = et->cksumtype; - ret = krb5_cksumsize(context, cksum.cksumtype, &cksum.checksum.length); - if(ret) - return ret; - outlen = len - et->confoundersize - cksum.checksum.length; - cksum.checksum.data = malloc(cksum.checksum.length); - if(cksum.checksum.data == NULL) - return ENOMEM; - (*et->encrypt)(ptr, len, keyblock, 0); - - memcpy(cksum.checksum.data, p + et->confoundersize, cksum.checksum.length); - memset(p + et->confoundersize, 0, cksum.checksum.length); - - ret = krb5_verify_checksum (context, - ptr, - len, - keyblock, - &cksum); - free_Checksum(&cksum); - if(ret) - return ret; - - result->data = malloc(outlen); - if(result->data == NULL) - return ENOMEM; - result->length = outlen; - memcpy(result->data, p + (len - outlen), outlen); - return 0; -} - -krb5_error_code -krb5_encrypt (krb5_context context, - void *ptr, - size_t len, - int etype, - const krb5_keyblock *keyblock, - krb5_data *result) -{ - struct encryption_type *e; - if((e = find_encryption_type(etype))) - return krb5_do_encrypt(context, ptr, len, e, keyblock, result); - return KRB5_PROG_ETYPE_NOSUPP; -} - -krb5_error_code -krb5_encrypt_EncryptedData(krb5_context context, - void *ptr, - size_t len, - int etype, - int kvno, - const krb5_keyblock *keyblock, - EncryptedData *result) -{ - result->etype = etype; - if(kvno){ - result->kvno = malloc(sizeof(*result->kvno)); - *result->kvno = kvno; - }else - result->kvno = NULL; - return krb5_encrypt(context, ptr, len, etype, keyblock, &result->cipher); -} - -krb5_error_code -krb5_decrypt (krb5_context context, - void *ptr, - size_t len, - int etype, - const krb5_keyblock *keyblock, - krb5_data *result) -{ - struct encryption_type *e; - if((e = find_encryption_type(etype))) - return krb5_do_decrypt(context, ptr, len, e, keyblock, result); - return KRB5_PROG_ETYPE_NOSUPP; -} - -krb5_error_code -krb5_decrypt_EncryptedData (krb5_context context, - EncryptedData *e, - const krb5_keyblock *keyblock, - krb5_data *result) -{ - return krb5_decrypt(context, e->cipher.data, e->cipher.length, e->etype, - keyblock, result); -} - -static krb5_error_code -DES_random_key(krb5_data *key) -{ - unsigned char *p; - key->length = 8; - p = malloc(key->length); - if(p == NULL) - return ENOMEM; - des_new_random_key((void*)p); - key->data = p; - return 0; -} - -static krb5_error_code -DES3_random_key(krb5_data *key) -{ - unsigned char *p; - key->length = 24; - p = malloc(key->length); - if(p == NULL) - return ENOMEM; - des_new_random_key((void*)p); - des_new_random_key((void*)(p + 8)); - des_new_random_key((void*)(p + 16)); - key->data = p; - return 0; -} - -static struct key_type { - krb5_keytype ktype; - krb5_error_code (*random_key)(krb5_data *); - krb5_enctype best_etype; - krb5_cksumtype best_cksumtype; - const char *name; -} km [] = { - { KEYTYPE_NULL, NULL, ETYPE_NULL, - CKSUMTYPE_NONE, "null" }, - { KEYTYPE_DES, DES_random_key, ETYPE_DES_CBC_MD5, - CKSUMTYPE_RSA_MD5_DES, "des" }, - { KEYTYPE_DES_AFS3, DES_random_key, ETYPE_DES_CBC_MD5, - CKSUMTYPE_RSA_MD5_DES, "des" }, - { KEYTYPE_DES3, DES3_random_key, ETYPE_DES3_CBC_SHA1, - CKSUMTYPE_HMAC_SHA1_DES3, "des3" } -}; - -static struct key_type* -find_key_type(krb5_keytype ktype) -{ - int i; - for(i = 0; i < sizeof(km) / sizeof(km[0]); i++) - if(km[i].ktype == ktype) - return &km[i]; - return NULL; -} - -krb5_error_code -krb5_generate_random_keyblock(krb5_context context, - krb5_keytype ktype, - krb5_keyblock *key) -{ - krb5_error_code ret; - struct key_type *k = find_key_type(ktype); - if(k == NULL) - return KRB5_PROG_KEYTYPE_NOSUPP; - ret = (*k->random_key)(&key->keyvalue); - if(ret) - return ret; - key->keytype = ktype; - return 0; -} - - -krb5_error_code -krb5_keytype_to_etype(krb5_context context, krb5_keytype ktype, - krb5_enctype *etype) -{ - struct key_type *k = find_key_type(ktype); - if(k == NULL) - return KRB5_PROG_KEYTYPE_NOSUPP; - *etype = k->best_etype; - return 0; -} - -krb5_error_code -krb5_keytype_to_cksumtype(krb5_context context, - krb5_keytype ktype, - krb5_cksumtype *ctype) -{ - struct key_type *k = find_key_type(ktype); - if(k == NULL) - return KRB5_PROG_KEYTYPE_NOSUPP; - *ctype = k->best_cksumtype; - return 0; -} - -krb5_error_code -krb5_string_to_keytype(krb5_context context, const char *string, - krb5_keytype *ktype) -{ - int i; - for(i = 0; i < sizeof(km) / sizeof(km[0]); i++) - if(strcasecmp(km[i].name, string) == 0){ - *ktype = km[i].ktype; - return 0; - } - return KRB5_PROG_KEYTYPE_NOSUPP; -} - -krb5_error_code -krb5_keytype_to_string(krb5_context context, krb5_keytype ktype, char **string) -{ - struct key_type *k = find_key_type(ktype); - if(k == NULL) - return KRB5_PROG_KEYTYPE_NOSUPP; - *string = strdup(k->name); - if(*string == NULL) - return ENOMEM; - return 0; -}