oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Do the arcfour checksum mapping for krb5_create_checksum and

Browse Source 
krb5_verify_checksum, From: Luke Howard <lukeh@PADL.COM>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12590 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2003-08-20 15:09:39 +00:00
parent 44190e97a0
commit c2680f2373
1 changed files with 61 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
lib/krb5/crypto.c
View File

@@ -147,6 +147,7 @@ static krb5_error_code hmac(krb5_context context,
struct key_data *keyblock, struct key_data *keyblock,
Checksum *result); Checksum *result);
static void free_key_data(krb5_context context, struct key_data *key); static void free_key_data(krb5_context context, struct key_data *key);
static krb5_error_code usage2arcfour (krb5_context, int *);
/************************************************************ /************************************************************
* * * *
@@ -1822,18 +1823,18 @@ get_checksum_key(krb5_context context,
} }
static krb5_error_code static krb5_error_code
do_checksum (krb5_context context, create_checksum (krb5_context context,
struct checksum_type *ct, struct checksum_type *ct,
krb5_crypto crypto, krb5_crypto crypto,
unsigned usage, unsigned usage,
void *data, void *data,
size_t len, size_t len,
Checksum *result) Checksum *result)
{ {
krb5_error_code ret; krb5_error_code ret;
struct key_data *dkey; struct key_data *dkey;
int keyed_checksum; int keyed_checksum;
keyed_checksum = (ct->flags & F_KEYED) != 0; keyed_checksum = (ct->flags & F_KEYED) != 0;
if(keyed_checksum && crypto == NULL) { if(keyed_checksum && crypto == NULL) {
krb5_clear_error_string (context); krb5_clear_error_string (context);
@@ -1851,17 +1852,26 @@ do_checksum (krb5_context context,
return 0; return 0;
} }
static krb5_error_code static int
create_checksum(krb5_context context, arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
krb5_crypto crypto, {
unsigned usage, /* not krb5_key_usage */ return (ct->type == CKSUMTYPE_HMAC_MD5) &&
krb5_cksumtype type, /* 0 -> pick from crypto */ (crypto->key.key->keytype != KEYTYPE_ARCFOUR);
void *data, }
size_t len,
Checksum *result) krb5_error_code
krb5_create_checksum(krb5_context context,
krb5_crypto crypto,
krb5_key_usage usage,
int type,
void *data,
size_t len,
Checksum *result)
{ {
struct checksum_type *ct = NULL; struct checksum_type *ct = NULL;
unsigned keyusage;
/* type 0 -> pick from crypto */
if (type) { if (type) {
ct = _find_checksum(type); ct = _find_checksum(type);
} else if (crypto) { } else if (crypto) {
@@ -1875,21 +1885,15 @@ create_checksum(krb5_context context,
type); type);
return KRB5_PROG_SUMTYPE_NOSUPP; return KRB5_PROG_SUMTYPE_NOSUPP;
} }
return do_checksum (context, ct, crypto, usage, data, len, result);
}
krb5_error_code if (arcfour_checksum_p(ct, crypto)) {
krb5_create_checksum(krb5_context context, keyusage = usage;
krb5_crypto crypto, usage2arcfour(context, &keyusage);
krb5_key_usage usage, } else
int type, keyusage = CHECKSUM_USAGE(usage);
void *data,
size_t len, return create_checksum(context, ct, crypto, keyusage,
Checksum *result) data, len, result);
{
return create_checksum(context, crypto,
CHECKSUM_USAGE(usage),
type, data, len, result);
} }
static krb5_error_code static krb5_error_code
@@ -1907,7 +1911,7 @@ verify_checksum(krb5_context context,
struct checksum_type *ct; struct checksum_type *ct;
ct = _find_checksum(cksum->cksumtype); ct = _find_checksum(cksum->cksumtype);
if(ct == NULL) { if (ct == NULL) {
krb5_set_error_string (context, "checksum type %d not supported", krb5_set_error_string (context, "checksum type %d not supported",
cksum->cksumtype); cksum->cksumtype);
return KRB5_PROG_SUMTYPE_NOSUPP; return KRB5_PROG_SUMTYPE_NOSUPP;
@@ -1953,8 +1957,24 @@ krb5_verify_checksum(krb5_context context,
size_t len, size_t len,
Checksum *cksum) Checksum *cksum)
{ {
return verify_checksum(context, crypto, struct checksum_type *ct;
CHECKSUM_USAGE(usage), data, len, cksum); unsigned keyusage;
ct = _find_checksum(cksum->cksumtype);
if(ct == NULL) {
krb5_set_error_string (context, "checksum type %d not supported",
cksum->cksumtype);
return KRB5_PROG_SUMTYPE_NOSUPP;
}
if (arcfour_checksum_p(ct, crypto)) {
keyusage = usage;
usage2arcfour(context, &keyusage);
} else
keyusage = CHECKSUM_USAGE(usage);
return verify_checksum(context, crypto, keyusage,
data, len, cksum);
} }
krb5_error_code krb5_error_code
@@ -2388,6 +2408,12 @@ usage2arcfour (krb5_context context, int *usage)
case KRB5_KU_KRB_PRIV : case KRB5_KU_KRB_PRIV :
*usage = 0; *usage = 0;
return 0; return 0;
case KRB5_KU_USAGE_SEAL :
*usage = 13;
return 0;
case KRB5_KU_USAGE_SIGN :
*usage = 15;
return 0;
case KRB5_KU_KRB_CRED : case KRB5_KU_KRB_CRED :
case KRB5_KU_KRB_SAFE_CKSUM : case KRB5_KU_KRB_SAFE_CKSUM :
case KRB5_KU_OTHER_ENCRYPTED : case KRB5_KU_OTHER_ENCRYPTED :
@@ -2396,8 +2422,6 @@ usage2arcfour (krb5_context context, int *usage)
case KRB5_KU_AD_KDC_ISSUED : case KRB5_KU_AD_KDC_ISSUED :
case KRB5_KU_MANDATORY_TICKET_EXTENSION : case KRB5_KU_MANDATORY_TICKET_EXTENSION :
case KRB5_KU_AUTH_DATA_TICKET_EXTENSION : case KRB5_KU_AUTH_DATA_TICKET_EXTENSION :
case KRB5_KU_USAGE_SEAL :
case KRB5_KU_USAGE_SIGN :
case KRB5_KU_USAGE_SEQ : case KRB5_KU_USAGE_SEQ :
default : default :
krb5_set_error_string(context, "unknown arcfour usage type %d", *usage); krb5_set_error_string(context, "unknown arcfour usage type %d", *usage);
@@ -2837,9 +2861,9 @@ encrypt_internal_derived(krb5_context context,
memcpy(q, data, len); memcpy(q, data, len);
ret = create_checksum(context, ret = create_checksum(context,
et->keyed_checksum,
crypto, crypto,
INTEGRITY_USAGE(usage), INTEGRITY_USAGE(usage),
et->keyed_checksum->type,
p, p,
block_sz, block_sz,
&cksum); &cksum);
@@ -2906,9 +2930,9 @@ encrypt_internal(krb5_context context,
memcpy(q, data, len); memcpy(q, data, len);
ret = create_checksum(context, ret = create_checksum(context,
et->checksum,
crypto, crypto,
0, 0,
et->checksum->type,
p, p,
block_sz, block_sz,
&cksum); &cksum);