(krb5_DES_string_to_key): If the opaque length it set to 1, and
content is 0x01, use the afs3 string-to-key. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16078 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -188,68 +188,6 @@ krb5_DES_schedule(krb5_context context,
|
|||||||
DES_set_key(key->key->keyvalue.data, key->schedule->data);
|
DES_set_key(key->key->keyvalue.data, key->schedule->data);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
|
||||||
DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
|
|
||||||
{
|
|
||||||
DES_key_schedule schedule;
|
|
||||||
int i;
|
|
||||||
int reverse = 0;
|
|
||||||
unsigned char *p;
|
|
||||||
|
|
||||||
unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe,
|
|
||||||
0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
|
|
||||||
memset(key, 0, 8);
|
|
||||||
|
|
||||||
p = (unsigned char*)key;
|
|
||||||
for (i = 0; i < length; i++) {
|
|
||||||
unsigned char tmp = data[i];
|
|
||||||
if (!reverse)
|
|
||||||
*p++ ^= (tmp << 1);
|
|
||||||
else
|
|
||||||
*--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
|
|
||||||
if((i % 8) == 7)
|
|
||||||
reverse = !reverse;
|
|
||||||
}
|
|
||||||
DES_set_odd_parity(key);
|
|
||||||
if(DES_is_weak_key(key))
|
|
||||||
(*key)[7] ^= 0xF0;
|
|
||||||
DES_set_key(key, &schedule);
|
|
||||||
DES_cbc_cksum((void*)data, key, length, &schedule, key);
|
|
||||||
memset(&schedule, 0, sizeof(schedule));
|
|
||||||
DES_set_odd_parity(key);
|
|
||||||
if(DES_is_weak_key(key))
|
|
||||||
(*key)[7] ^= 0xF0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static krb5_error_code
|
|
||||||
krb5_DES_string_to_key(krb5_context context,
|
|
||||||
krb5_enctype enctype,
|
|
||||||
krb5_data password,
|
|
||||||
krb5_salt salt,
|
|
||||||
krb5_data opaque,
|
|
||||||
krb5_keyblock *key)
|
|
||||||
{
|
|
||||||
unsigned char *s;
|
|
||||||
size_t len;
|
|
||||||
DES_cblock tmp;
|
|
||||||
|
|
||||||
len = password.length + salt.saltvalue.length;
|
|
||||||
s = malloc(len);
|
|
||||||
if(len > 0 && s == NULL) {
|
|
||||||
krb5_set_error_string(context, "malloc: out of memory");
|
|
||||||
return ENOMEM;
|
|
||||||
}
|
|
||||||
memcpy(s, password.data, password.length);
|
|
||||||
memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
|
|
||||||
DES_string_to_key_int(s, len, &tmp);
|
|
||||||
key->keytype = enctype;
|
|
||||||
krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
|
|
||||||
memset(&tmp, 0, sizeof(tmp));
|
|
||||||
memset(s, 0, len);
|
|
||||||
free(s);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef ENABLE_AFS_STRING_TO_KEY
|
#ifdef ENABLE_AFS_STRING_TO_KEY
|
||||||
|
|
||||||
/* This defines the Andrew string_to_key function. It accepts a password
|
/* This defines the Andrew string_to_key function. It accepts a password
|
||||||
@@ -349,6 +287,78 @@ DES_AFS3_string_to_key(krb5_context context,
|
|||||||
}
|
}
|
||||||
#endif /* ENABLE_AFS_STRING_TO_KEY */
|
#endif /* ENABLE_AFS_STRING_TO_KEY */
|
||||||
|
|
||||||
|
static void
|
||||||
|
DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
|
||||||
|
{
|
||||||
|
DES_key_schedule schedule;
|
||||||
|
int i;
|
||||||
|
int reverse = 0;
|
||||||
|
unsigned char *p;
|
||||||
|
|
||||||
|
unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe,
|
||||||
|
0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
|
||||||
|
memset(key, 0, 8);
|
||||||
|
|
||||||
|
p = (unsigned char*)key;
|
||||||
|
for (i = 0; i < length; i++) {
|
||||||
|
unsigned char tmp = data[i];
|
||||||
|
if (!reverse)
|
||||||
|
*p++ ^= (tmp << 1);
|
||||||
|
else
|
||||||
|
*--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
|
||||||
|
if((i % 8) == 7)
|
||||||
|
reverse = !reverse;
|
||||||
|
}
|
||||||
|
DES_set_odd_parity(key);
|
||||||
|
if(DES_is_weak_key(key))
|
||||||
|
(*key)[7] ^= 0xF0;
|
||||||
|
DES_set_key(key, &schedule);
|
||||||
|
DES_cbc_cksum((void*)data, key, length, &schedule, key);
|
||||||
|
memset(&schedule, 0, sizeof(schedule));
|
||||||
|
DES_set_odd_parity(key);
|
||||||
|
if(DES_is_weak_key(key))
|
||||||
|
(*key)[7] ^= 0xF0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static krb5_error_code
|
||||||
|
krb5_DES_string_to_key(krb5_context context,
|
||||||
|
krb5_enctype enctype,
|
||||||
|
krb5_data password,
|
||||||
|
krb5_salt salt,
|
||||||
|
krb5_data opaque,
|
||||||
|
krb5_keyblock *key)
|
||||||
|
{
|
||||||
|
unsigned char *s;
|
||||||
|
size_t len;
|
||||||
|
DES_cblock tmp;
|
||||||
|
|
||||||
|
#ifdef ENABLE_AFS_STRING_TO_KEY
|
||||||
|
if (opaque.length == 1) {
|
||||||
|
unsigned long v;
|
||||||
|
_krb5_get_int(opaque.data, &v, 1);
|
||||||
|
if (v == 1)
|
||||||
|
return DES_AFS3_string_to_key(context, enctype, password,
|
||||||
|
salt, opaque, key);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
len = password.length + salt.saltvalue.length;
|
||||||
|
s = malloc(len);
|
||||||
|
if(len > 0 && s == NULL) {
|
||||||
|
krb5_set_error_string(context, "malloc: out of memory");
|
||||||
|
return ENOMEM;
|
||||||
|
}
|
||||||
|
memcpy(s, password.data, password.length);
|
||||||
|
memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
|
||||||
|
DES_string_to_key_int(s, len, &tmp);
|
||||||
|
key->keytype = enctype;
|
||||||
|
krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
|
||||||
|
memset(&tmp, 0, sizeof(tmp));
|
||||||
|
memset(s, 0, len);
|
||||||
|
free(s);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
krb5_DES_random_to_key(krb5_context context,
|
krb5_DES_random_to_key(krb5_context context,
|
||||||
krb5_keyblock *key,
|
krb5_keyblock *key,
|
||||||
|
|||||||
Reference in New Issue
Block a user