From fb27fb0d9117eb3db75122ea8621ba697dd7e753 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Thu, 22 Apr 2004 11:53:12 +0000 Subject: [PATCH] add des and DES3 random_to_key hooks, they need special processing git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13742 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/crypto.c | 62 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 54 insertions(+), 8 deletions(-) diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index 16370d49d..496f0caf5 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -87,6 +87,7 @@ struct key_type { void (*random_key)(krb5_context, krb5_keyblock*); void (*schedule)(krb5_context, struct key_data *); struct salt_type *string_to_key; + void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t); }; struct checksum_type { @@ -149,6 +150,7 @@ static krb5_error_code hmac(krb5_context context, Checksum *result); static void free_key_data(krb5_context context, struct key_data *key); static krb5_error_code usage2arcfour (krb5_context, int *); +static void xor (DES_cblock *, const unsigned char *); /************************************************************ * * @@ -331,6 +333,23 @@ DES_AFS3_string_to_key(krb5_context context, return 0; } +static void +krb5_DES_random_to_key(krb5_context context, + krb5_keyblock *key, + const void *data, + size_t size) +{ + DES_cblock *k = key->keyvalue.data; + memcpy(k, data, key->keyvalue.length); + DES_set_odd_parity(k); + if(DES_is_weak_key(k)) + xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); +} + +/* + * + */ + static void DES3_random_key(krb5_context context, krb5_keyblock *key) @@ -461,6 +480,31 @@ DES3_string_to_key_derived(krb5_context context, return ret; } +static void +DES3_random_to_key(krb5_context context, + krb5_keyblock *key, + const void *data, + size_t size) +{ + u_char *p = key->keyvalue.data; + const u_char *q = data; + DES_cblock *k; + int i, j; + + p[7] = p[15] = p[23] = 0; + for (j = 0, i = 0; i < 21; i++) { + j = i / 7; + p[j + i] = q[i] & 0x7f; + p[(j * 8) + 7] = (p[(j * 8) + 7] << 1) | (q[i] >> 7); + } + k = key->keyvalue.data; + for (i = 0; i < 3; i++) { + DES_set_odd_parity(&k[i]); + if(DES_is_weak_key(&k[i])) + xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); + } +} + /* * ARCFOUR */ @@ -718,7 +762,8 @@ struct key_type keytype_des = { sizeof(DES_key_schedule), krb5_DES_random_key, krb5_DES_schedule, - des_salt + des_salt, + krb5_DES_random_to_key }; struct key_type keytype_des3 = { @@ -729,7 +774,8 @@ struct key_type keytype_des3 = { 3 * sizeof(DES_key_schedule), DES3_random_key, DES3_schedule, - des3_salt + des3_salt, + DES3_random_to_key }; struct key_type keytype_des3_derived = { @@ -740,7 +786,8 @@ struct key_type keytype_des3_derived = { 3 * sizeof(DES_key_schedule), DES3_random_key, DES3_schedule, - des3_salt_derived + des3_salt_derived, + DES3_random_to_key }; #ifdef ENABLE_AES @@ -3886,11 +3933,10 @@ krb5_random_to_key(krb5_context context, if(ret) return ret; key->keytype = type; - memcpy(key->keyvalue.data, data, et->keytype->size); -#if 0 - if (et->random_to_key) - ret = (*et->random_to_key)(context, key, data, size); -#endif + if (et->keytype->random_to_key) + (*et->keytype->random_to_key)(context, key, data, size); + else + memcpy(key->keyvalue.data, data, et->keytype->size); return 0; }