From 6ef14f388b28e1b2049957ec02d1eba640ad5bda Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Wed, 9 Jul 1997 00:31:09 +0000 Subject: [PATCH] Use functions from checksum.c. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2072 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/encrypt.c | 151 +++++++++++++++++++++++---------------------- 1 file changed, 77 insertions(+), 74 deletions(-) diff --git a/lib/krb5/encrypt.c b/lib/krb5/encrypt.c index 8efacf21b..2c90400be 100644 --- a/lib/krb5/encrypt.c +++ b/lib/krb5/encrypt.c @@ -7,56 +7,11 @@ struct encryption_type { int type; size_t blocksize; size_t confoundersize; - size_t checksumsize; void (*encrypt)(void *, size_t, const krb5_keyblock *, int); - void (*checksum)(void *, size_t, void *); + krb5_keytype keytype; + krb5_cksumtype cksumtype; }; -void -krb5_NULL_checksum(void *p, size_t len, void *result) -{ -} - -void -krb5_MD4_checksum(void *p, size_t len, void *result) -{ - struct md4 m; - md4_init(&m); - md4_update(&m, p, len); - md4_finito(&m, result); -} - -void -krb5_MD5_checksum(void *p, size_t len, void *result) -{ - struct md5 m; - md5_init(&m); - md5_update(&m, p, len); - md5_finito(&m, result); -} - -void -krb5_SHA1_checksum(void *p, size_t len, void *result) -{ - struct sha m; - sha_init(&m); - sha_update(&m, p, len); - sha_finito(&m, result); -} - -void -krb5_CRC_checksum(void *p, size_t len, void *result) -{ - u_int32_t crc; - unsigned char *r = result; - crc_init_table (); - crc = crc_update (p, len, 0); - r[0] = crc & 0xff; - r[1] = (crc >> 8) & 0xff; - r[2] = (crc >> 16) & 0xff; - r[3] = (crc >> 24) & 0xff; -} - static void NULL_encrypt(void *p, size_t len, const krb5_keyblock *keyblock, int encrypt) { @@ -80,14 +35,37 @@ DES3_encrypt(void *p, size_t len, const krb5_keyblock *keyblock, int encrypt) } static struct encryption_type em [] = { - { ETYPE_DES_CBC_CRC, 8, 8, 4, DES_encrypt, krb5_CRC_checksum }, - { ETYPE_DES_CBC_MD4, 8, 8, 16, DES_encrypt, krb5_MD4_checksum }, - { ETYPE_DES_CBC_MD5, 8, 8, 16, DES_encrypt, krb5_MD5_checksum }, - { ETYPE_NULL, 1, 0, 0, NULL_encrypt, krb5_NULL_checksum }, + { ETYPE_DES_CBC_CRC, 8, 8, DES_encrypt, KEYTYPE_DES, CKSUMTYPE_CRC32 }, + { ETYPE_DES_CBC_MD4, 8, 8, DES_encrypt, KEYTYPE_DES, CKSUMTYPE_RSA_MD4 }, + { ETYPE_DES_CBC_MD5, 8, 8, DES_encrypt, KEYTYPE_DES, CKSUMTYPE_RSA_MD5 }, + { ETYPE_NULL, 1, 0, NULL_encrypt, KEYTYPE_NONE, CKSUMTYPE_NONE }, }; static int num_etypes = sizeof(em) / sizeof(em[0]); +static struct encryption_type * +find_encryption_type(int etype) +{ + struct encryption_type *e; + for(e = em; e < em + num_etypes; e++) + if(etype == e->type) + return e; + return NULL; +} + +krb5_error_code +krb5_etype2keytype(krb5_context context, + krb5_enctype etype, + krb5_keytype *keytype) +{ + struct encryption_type *e; + e = find_encryption_type(etype); + if(e == NULL) + return KRB5_PROG_ETYPE_NOSUPP; + *keytype = e->keytype; + return 0; +} + static krb5_error_code krb5_do_encrypt(krb5_context context, void *ptr, @@ -97,15 +75,25 @@ krb5_do_encrypt(krb5_context context, krb5_data *result) { size_t sz; + size_t checksumsize; unsigned char *p; - sz = len + et->confoundersize + et->checksumsize; + krb5_error_code ret; + Checksum cksum; + + ret = krb5_cksumsize(context, et->cksumtype, &checksumsize); + if(ret) + return ret; + sz = len + et->confoundersize + checksumsize; sz = (sz + et->blocksize - 1) & ~ (et->blocksize - 1); p = calloc(1, sz); if (p == NULL) return ENOMEM; des_rand_data(p, et->confoundersize); /* XXX */ - memcpy(p + et->confoundersize + et->checksumsize, ptr, len); - (*et->checksum)(p, sz, p + et->confoundersize); + memcpy(p + et->confoundersize + checksumsize, ptr, len); + + krb5_create_checksum(context, et->cksumtype, p, sz, &cksum); + memcpy(p + et->confoundersize, cksum.checksum.data, checksumsize); + free_Checksum(&cksum); (*et->encrypt)(p, sz, keyblock, 1); result->data = p; result->length = sz; @@ -120,38 +108,40 @@ krb5_do_decrypt(krb5_context context, const krb5_keyblock *keyblock, krb5_data *result) { - unsigned char *his_checksum; unsigned char *p = ptr; size_t outlen; + Checksum cksum; + krb5_error_code ret; + cksum.cksumtype = et->cksumtype; + ret = krb5_cksumsize(context, cksum.cksumtype, &cksum.checksum.length); + if(ret) + return ret; + outlen = len - et->confoundersize - cksum.checksum.length; + cksum.checksum.data = malloc(cksum.checksum.length); + if(cksum.checksum.data == NULL) + return ENOMEM; (*et->encrypt)(ptr, len, keyblock, 0); - his_checksum = malloc(et->checksumsize); - memcpy(his_checksum, p + et->confoundersize, et->checksumsize); - memset(p + et->confoundersize, 0, et->checksumsize); - (*et->checksum)(p, len, p + et->confoundersize); - if (memcmp(p + et->confoundersize, his_checksum, et->checksumsize)) - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - - outlen = len - et->confoundersize - et->checksumsize; + memcpy(cksum.checksum.data, p + et->confoundersize, cksum.checksum.length); + memset(p + et->confoundersize, 0, cksum.checksum.length); + + ret = krb5_verify_checksum (context, + ptr, + len, + &cksum); + free_Checksum(&cksum); + if(ret) + return ret; + result->data = malloc(outlen); if(result->data == NULL) return ENOMEM; result->length = outlen; - memcpy(result->data, p + et->confoundersize + et->checksumsize, outlen); + memcpy(result->data, p + (len - outlen), outlen); return 0; } -static struct encryption_type * -find_encryption_type(int etype) -{ - struct encryption_type *e; - for(e = em; e < em + num_etypes; e++) - if(etype == e->type) - return e; - return NULL; -} - krb5_error_code krb5_encrypt (krb5_context context, void *ptr, @@ -166,6 +156,19 @@ krb5_encrypt (krb5_context context, return KRB5_PROG_ETYPE_NOSUPP; } +krb5_error_code +krb5_encrypt_EncryptedData(krb5_context context, + void *ptr, + size_t len, + int etype, + const krb5_keyblock *keyblock, + EncryptedData *result) +{ + result->etype = etype; + result->kvno = NULL; + return krb5_encrypt(context, ptr, len, etype, keyblock, &result->cipher); +} + krb5_error_code krb5_decrypt (krb5_context context, void *ptr,