oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

use krb5_crypto_get_params to implement kcrypto RC2 support

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13804 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2004-04-26 19:18:04 +00:00
parent 45c5b47131
commit fa6167819e
1 changed files with 37 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
lib/krb5/pkinit.c
View File

@@ -119,6 +119,18 @@ static unsigned des_ede3_cbc_num[] =
{ 1, 2, 840, 113549, 3, 7 }; { 1, 2, 840, 113549, 3, 7 };
heim_oid heim_des_ede3_cbc_oid = heim_oid heim_des_ede3_cbc_oid =
oid_enc(des_ede3_cbc_num); oid_enc(des_ede3_cbc_num);
static unsigned des_aes_128_cbc_num[] =
{ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
heim_oid heim_aes_128_cbc_oid =
oid_enc(des_aes_128_cbc_num);
static unsigned des_aes_192_cbc_num[] =
{ 2, 16, 840, 1, 101, 3, 4, 1, 22 };
heim_oid heim_aes_192_cbc_oid =
oid_enc(des_aes_192_cbc_num);
static unsigned des_aes_256_cbc_num[] =
{ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
heim_oid heim_aes_256_cbc_oid =
oid_enc(des_aes_256_cbc_num);
static unsigned pkcs7_data_num[] = static unsigned pkcs7_data_num[] =
{ 1, 2, 840, 113549, 1, 7, 1 }; { 1, 2, 840, 113549, 1, 7, 1 };
heim_oid pkcs7_data_oid = heim_oid pkcs7_data_oid =
@@ -1234,6 +1246,8 @@ pk_rd_pa_reply_enckey(krb5_context context,
struct krb5_pk_cert *host = NULL; struct krb5_pk_cert *host = NULL;
heim_octet_string encryptedContent; heim_octet_string encryptedContent;
heim_octet_string *any; heim_octet_string *any;
krb5_data ivec;
krb5_data params;
memset(&tmp_key, 0, sizeof(tmp_key)); memset(&tmp_key, 0, sizeof(tmp_key));
@@ -1241,6 +1255,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
krb5_data_zero(&plain); krb5_data_zero(&plain);
krb5_data_zero(&eContent); krb5_data_zero(&eContent);
krb5_data_zero(&encryptedContent); krb5_data_zero(&encryptedContent);
krb5_data_zero(&ivec);
user_cert = sk_X509_value(ctx->id->cert, 0); user_cert = sk_X509_value(ctx->id->cert, 0);
@@ -1326,109 +1341,14 @@ pk_rd_pa_reply_enckey(krb5_context context,
goto out; goto out;
} }
params.data = ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->data;
params.length = ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->length;
/* XXXX krb5_crypto_oid2enctype */
if (heim_oid_cmp(&ed.encryptedContentInfo.contentEncryptionAlgorithm.algorithm, &heim_rc2CBC_oid) == 0) { if (heim_oid_cmp(&ed.encryptedContentInfo.contentEncryptionAlgorithm.algorithm, &heim_rc2CBC_oid) == 0) {
/* use rc2-cbc */ tmp_key.keytype = ETYPE_RC2_CBC_NONE;
RC2CBCParameter params; } else if (heim_oid_cmp(&ed.encryptedContentInfo.contentEncryptionAlgorithm.algorithm, &heim_des_ede3_cbc_oid) == 0) {
int bits;
plain.data = malloc(encryptedContent.length);
if (plain.data == NULL) {
krb5_set_error_string(context, "malloc - out of memory");
ret = ENOMEM;
goto out;
}
plain.length = encryptedContent.length;
ret = decode_RC2CBCParameter(ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->data,
ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->length,
&params,
&size);
if (ret) {
krb5_set_error_string(context, "failed decoding rc2 parameters");
goto out;
}
switch (params.rc2ParameterVersion) {
case 160:
bits = 40;
break;
case 120:
bits = 64;
break;
case 58:
bits = 128;
break;
default:
krb5_set_error_string(context,
"rc2ParameterVersion %d unsupported",
params.rc2ParameterVersion);
ret = KRB5_BADMSGTYPE;
goto out;
}
if (params.iv.length != 8) {
free_RC2CBCParameter(&params);
krb5_set_error_string(context, "rc2 iv wrong size: %d",
params.iv.length);
ret = KRB5_BADMSGTYPE;
goto out;
}
{
RC2_KEY key;
RC2_set_key(&key, tmp_key.keyvalue.length,
tmp_key.keyvalue.data, bits);
RC2_cbc_encrypt(encryptedContent.data,
plain.data,
encryptedContent.length, &key,
params.iv.data, 0);
}
free_RC2CBCParameter(&params);
} else if (heim_oid_cmp(&ed.encryptedContentInfo.contentEncryptionAlgorithm.algorithm,
&heim_des_ede3_cbc_oid) == 0) {
/* use des-ede3-cbc */
CBCParameter params;
ret = decode_CBCParameter(ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->data,
ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->length,
&params,
&size);
if (ret) {
krb5_set_error_string(context, "failed decoding des3 parameters");
goto out;
}
if (params.length != 8) {
free_CBCParameter(&params);
krb5_set_error_string(context, "des3 iv wrong size: %d",
params.length);
ret = KRB5_BADMSGTYPE;
goto out;
}
tmp_key.keytype = ETYPE_DES3_CBC_NONE; tmp_key.keytype = ETYPE_DES3_CBC_NONE;
ret = krb5_crypto_init(context,
&tmp_key,
0,
&crypto);
if (ret) {
free_CBCParameter(&params);
goto out;
}
ret = krb5_decrypt_ivec(context, crypto,
0,
encryptedContent.data,
encryptedContent.length,
&plain,
params.data);
free_CBCParameter(&params);
krb5_crypto_destroy(context, crypto);
if (ret)
goto out;
} else { } else {
krb5_set_error_string(context, "PKINIT no support for oid " krb5_set_error_string(context, "PKINIT no support for oid "
"in contentEncryptionAlgorithm"); "in contentEncryptionAlgorithm");
@@ -1436,6 +1356,22 @@ pk_rd_pa_reply_enckey(krb5_context context,
goto out; goto out;
} }
ret = krb5_crypto_init(context, &tmp_key, 0, &crypto);
if (ret)
goto out;
ret = krb5_crypto_get_params(context, crypto, &params,
&ivec);
if (ret)
goto out;
ret = krb5_decrypt_ivec(context, crypto,
0,
encryptedContent.data,
encryptedContent.length,
&plain,
ivec.data);
p = plain.data; p = plain.data;
length = plain.length; length = plain.length;
@@ -1505,6 +1441,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
krb5_data_free(&eContent); krb5_data_free(&eContent);
krb5_free_keyblock_contents(context, &tmp_key); krb5_free_keyblock_contents(context, &tmp_key);
krb5_data_free(&plain); krb5_data_free(&plain);
krb5_data_free(&ivec);
return ret; return ret;
} }