oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Fix DES3 PRF

Browse Source 
RFC 3961 says the simplified profile PRF should truncate the hash
output to "multiple of m", which MIT krb5 interprets as the largest
possible multiple of m.  RFC 6113 appendix A also uses that
interpretation for the KRB-FX-CF2 test vector.  So the DES3 PRF should
truncate the 20-byte SHA-1 result to 16 bytes, not 8.  Also make
krb5_crypto_prf_length work with DES3 by giving the DES3 enctype a
non-zero PRF length.

Signed-off-by: Nicolas Williams <nico@cryptonector.com>
This commit is contained in:
Greg Hudson
2014-03-15 14:48:01 -04:00
committed by Nicolas Williams
parent 9269a4428a
commit cdf39f1369
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/krb5/crypto-des3.c
View File

@@ -85,7 +85,7 @@ DES3_prf(krb5_context context,
if (ret) if (ret)
krb5_abortx(context, "krb5_derive_key"); krb5_abortx(context, "krb5_derive_key");
ret = krb5_data_alloc(out, crypto->et->blocksize); ret = krb5_data_alloc(out, crypto->et->prf_length);
if (ret) if (ret)
krb5_abortx(context, "malloc failed"); krb5_abortx(context, "malloc failed");
@@ -96,7 +96,7 @@ DES3_prf(krb5_context context,
EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */ EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */
EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1); EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1);
EVP_Cipher(&ctx, out->data, result.checksum.data, EVP_Cipher(&ctx, out->data, result.checksum.data,
crypto->et->blocksize); crypto->et->prf_length);
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
} }
@@ -210,7 +210,7 @@ struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1 = {
&_krb5_checksum_hmac_sha1_des3, &_krb5_checksum_hmac_sha1_des3,
F_DERIVED, F_DERIVED,
_krb5_evp_encrypt, _krb5_evp_encrypt,
0, 16,
DES3_prf DES3_prf
}; };