oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(AES_string_to_key): drop _krb5_PKCS5_PBKDF2 and use PKCS5_PBKDF2_HMAC_SHA1

Browse Source 
instead.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16781 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-02-28 14:52:57 +00:00
parent cbd4c81a98
commit d86be025ae
1 changed files with 22 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
lib/krb5/crypto.c
View File

@@ -591,114 +591,6 @@ ARCFOUR_string_to_key(krb5_context context,
* AES * AES
*/ */
/* iter is really 1 based, so iter == 0 will be 1 iteration */
krb5_error_code KRB5_LIB_FUNCTION
_krb5_PKCS5_PBKDF2(krb5_context context, krb5_cksumtype cktype,
krb5_data password, krb5_salt salt, u_int32_t iter,
krb5_keytype type, krb5_keyblock *key)
{
struct checksum_type *c = _find_checksum(cktype);
struct key_type *kt;
size_t datalen, leftofkey;
krb5_error_code ret;
u_int32_t keypart;
struct key_data ksign;
krb5_keyblock kb;
Checksum result;
char *data, *tmpcksum;
int i, j;
char *p;
if (c == NULL) {
krb5_set_error_string(context, "checksum %d not supported", cktype);
return KRB5_PROG_KEYTYPE_NOSUPP;
}
kt = _find_keytype(type);
if (kt == NULL) {
krb5_set_error_string(context, "key type %d not supported", type);
return KRB5_PROG_KEYTYPE_NOSUPP;
}
key->keytype = type;
ret = krb5_data_alloc (&key->keyvalue, kt->bits / 8);
if (ret) {
krb5_set_error_string(context, "malloc: out of memory");
return ret;
}
ret = krb5_data_alloc (&result.checksum, c->checksumsize);
if (ret) {
krb5_set_error_string(context, "malloc: out of memory");
krb5_data_free (&key->keyvalue);
return ret;
}
tmpcksum = malloc(c->checksumsize);
if (tmpcksum == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
krb5_data_free (&key->keyvalue);
krb5_data_free (&result.checksum);
return ENOMEM;
}
datalen = salt.saltvalue.length + 4;
data = malloc(datalen);
if (data == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
free(tmpcksum);
krb5_data_free (&key->keyvalue);
krb5_data_free (&result.checksum);
return ENOMEM;
}
kb.keyvalue = password;
ksign.key = &kb;
memcpy(data, salt.saltvalue.data, salt.saltvalue.length);
keypart = 1;
leftofkey = key->keyvalue.length;
p = key->keyvalue.data;
while (leftofkey) {
int len;
if (leftofkey > c->checksumsize)
len = c->checksumsize;
else
len = leftofkey;
_krb5_put_int(data + datalen - 4, keypart, 4);
ret = hmac(context, c, data, datalen, 0, &ksign, &result);
if (ret)
krb5_abortx(context, "hmac failed");
memcpy(p, result.checksum.data, len);
memcpy(tmpcksum, result.checksum.data, result.checksum.length);
for (i = 0; i < iter; i++) {
ret = hmac(context, c, tmpcksum, result.checksum.length,
0, &ksign, &result);
if (ret)
krb5_abortx(context, "hmac failed");
memcpy(tmpcksum, result.checksum.data, result.checksum.length);
for (j = 0; j < len; j++)
p[j] ^= tmpcksum[j];
}
p += len;
leftofkey -= len;
keypart++;
}
free(data);
free(tmpcksum);
krb5_data_free (&result.checksum);
return 0;
}
int _krb5_AES_string_to_default_iterator = 4096; int _krb5_AES_string_to_default_iterator = 4096;
static krb5_error_code static krb5_error_code
@@ -715,33 +607,44 @@ AES_string_to_key(krb5_context context,
struct key_data kd; struct key_data kd;
if (opaque.length == 0) if (opaque.length == 0)
iter = _krb5_AES_string_to_default_iterator - 1; iter = _krb5_AES_string_to_default_iterator;
else if (opaque.length == 4) { else if (opaque.length == 4) {
unsigned long v; unsigned long v;
_krb5_get_int(opaque.data, &v, 4); _krb5_get_int(opaque.data, &v, 4);
iter = ((u_int32_t)v) - 1; iter = ((u_int32_t)v);
} else } else
return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */ return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */
et = _find_enctype(enctype); et = _find_enctype(enctype);
if (et == NULL) if (et == NULL)
return KRB5_PROG_KEYTYPE_NOSUPP; return KRB5_PROG_KEYTYPE_NOSUPP;
ret = _krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt, key->keytype = enctype;
iter, enctype, key); ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
if (ret) if (ret) {
krb5_set_error_string(context, "Failed to allocate pkcs5 key");
return ret; return ret;
}
ret = krb5_copy_keyblock(context, key, &kd.key); ret = krb5_copy_keyblock(context, key, &kd.key);
if (ret) {
krb5_free_keyblock(context, key);
return ret;
}
ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
salt.saltvalue.data, salt.saltvalue.length,
iter,
et->keytype->size, kd.key->keyvalue.data);
kd.schedule = NULL; kd.schedule = NULL;
if (ret != 1) {
krb5_set_error_string(context, "Error calculating s2k");
return KRB5_PROG_KEYTYPE_NOSUPP;
}
ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos")); ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos"));
krb5_free_keyblock_contents(context, key); if (ret == 0)
if (ret == 0) {
ret = krb5_copy_keyblock_contents(context, kd.key, key); ret = krb5_copy_keyblock_contents(context, kd.key, key);
free_key_data(context, &kd); free_key_data(context, &kd);
}
return ret; return ret;
} }