diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-02-27 19:08:14 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-02-27 19:08:14 +0000 |
| commit | ec044ad8e3eafb829a43fbd1cb11b94fea6027fb (patch) | |
| tree | 62695fd64027f1041cd18453fe41b1a9b6c08898 /src/lib/crypto/krb | |
| parent | 73b80b790cb90d012600d74c9ce2b36be45c3090 (diff) | |
| download | krb5-ec044ad8e3eafb829a43fbd1cb11b94fea6027fb.tar.gz krb5-ec044ad8e3eafb829a43fbd1cb11b94fea6027fb.tar.xz krb5-ec044ad8e3eafb829a43fbd1cb11b94fea6027fb.zip | |
Reference random-to-key handlers through the enctype instead of the
enc_provider, for consistency with string-to-key and the place of
implementation (other enc_provider functions are implemented in the
back end, but random-to-key handlers are in krb). Use a single
handler for non-DES/DES3 enctypes since it's always just directly
copying the bits. Collapse the three implementations (des, des3, and
direct) into random_to_key.c, as they're very short, and eliminate the
lib/crypto/krb/rand2key directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24669 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/krb')
| -rw-r--r-- | src/lib/crypto/krb/Makefile.in | 11 | ||||
| -rw-r--r-- | src/lib/crypto/krb/arcfour/deps | 6 | ||||
| -rw-r--r-- | src/lib/crypto/krb/cf2.c | 2 | ||||
| -rw-r--r-- | src/lib/crypto/krb/combine_keys.c | 2 | ||||
| -rw-r--r-- | src/lib/crypto/krb/deps | 50 | ||||
| -rw-r--r-- | src/lib/crypto/krb/dk/derive.c | 2 | ||||
| -rw-r--r-- | src/lib/crypto/krb/dk/stringtokey.c | 9 | ||||
| -rw-r--r-- | src/lib/crypto/krb/etypes.c | 26 | ||||
| -rw-r--r-- | src/lib/crypto/krb/etypes.h | 13 | ||||
| -rw-r--r-- | src/lib/crypto/krb/make_random_key.c | 2 | ||||
| -rw-r--r-- | src/lib/crypto/krb/old/deps | 2 | ||||
| -rw-r--r-- | src/lib/crypto/krb/prf/deps | 4 | ||||
| -rw-r--r-- | src/lib/crypto/krb/rand2key/Makefile.in | 34 | ||||
| -rw-r--r-- | src/lib/crypto/krb/rand2key/aes_rand2key.c | 44 | ||||
| -rw-r--r-- | src/lib/crypto/krb/rand2key/camellia_rand2key.c | 43 | ||||
| -rw-r--r-- | src/lib/crypto/krb/rand2key/deps | 64 | ||||
| -rw-r--r-- | src/lib/crypto/krb/rand2key/des3_rand2key.c | 60 | ||||
| -rw-r--r-- | src/lib/crypto/krb/rand2key/des_rand2key.c | 54 | ||||
| -rw-r--r-- | src/lib/crypto/krb/rand2key/rand2key.h | 19 | ||||
| -rw-r--r-- | src/lib/crypto/krb/rand2key/rc4_rand2key.c | 45 | ||||
| -rw-r--r-- | src/lib/crypto/krb/random_to_key.c | 65 |
21 files changed, 129 insertions, 428 deletions
diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in index b3efb85638..7eaccb4ff4 100644 --- a/src/lib/crypto/krb/Makefile.in +++ b/src/lib/crypto/krb/Makefile.in @@ -1,10 +1,9 @@ mydir=lib$(S)crypto$(S)krb BUILDTOP=$(REL)..$(S)..$(S).. -SUBDIRS= arcfour checksum crc32 dk prf rand2key old raw +SUBDIRS= arcfour checksum crc32 dk prf old raw LOCALINCLUDES = -I$(srcdir) -I$(srcdir)/../$(CRYPTO_IMPL)/enc_provider \ -I$(srcdir)/dk -I$(srcdir)/../$(CRYPTO_IMPL)/hash_provider \ - -I$(srcdir)/prf -I$(srcdir)/rand2key \ - -I$(srcdir)/old -I$(srcdir)/raw \ + -I$(srcdir)/prf -I$(srcdir)/old -I$(srcdir)/raw \ -I$(srcdir)/../$(CRYPTO_IMPL) \ -I$(srcdir)/../$(CRYPTO_IMPL)/des \ -I$(srcdir)/../$(CRYPTO_IMPL)/aes -I$(srcdir)/arcfour \ @@ -149,12 +148,10 @@ SRCS=\ $(srcdir)/verify_checksum_iov.c STOBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \ - dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \ - old/OBJS.ST raw/OBJS.ST OBJS.ST + dk/OBJS.ST prf/OBJS.ST old/OBJS.ST raw/OBJS.ST OBJS.ST SUBDIROBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST \ - dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST \ - old/OBJS.ST raw/OBJS.ST + dk/OBJS.ST prf/OBJS.ST old/OBJS.ST raw/OBJS.ST ##DOS##LIBOBJS = $(OBJS) diff --git a/src/lib/crypto/krb/arcfour/deps b/src/lib/crypto/krb/arcfour/deps index 7ab05e9aca..8d026c4510 100644 --- a/src/lib/crypto/krb/arcfour/deps +++ b/src/lib/crypto/krb/arcfour/deps @@ -3,7 +3,7 @@ # arcfour.so arcfour.po $(OUTPRE)arcfour.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../builtin/hash_provider/hash_provider.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../openssl/hash_provider/hash_provider.h \ $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ @@ -16,7 +16,7 @@ arcfour.so arcfour.po $(OUTPRE)arcfour.$(OBJEXT): $(BUILDTOP)/include/autoconf.h arcfour_aead.so arcfour_aead.po $(OUTPRE)arcfour_aead.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../builtin/hash_provider/hash_provider.h \ + $(COM_ERR_DEPS) $(srcdir)/../../openssl/hash_provider/hash_provider.h \ $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h $(srcdir)/../etypes.h \ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ @@ -30,7 +30,7 @@ arcfour_aead.so arcfour_aead.po $(OUTPRE)arcfour_aead.$(OBJEXT): \ arcfour_s2k.so arcfour_s2k.po $(OUTPRE)arcfour_s2k.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../builtin/md4/rsa-md4.h \ + $(COM_ERR_DEPS) $(srcdir)/../../openssl/md4/rsa-md4.h \ $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ diff --git a/src/lib/crypto/krb/cf2.c b/src/lib/crypto/krb/cf2.c index ab0a134b9d..6e7ecdc3d1 100644 --- a/src/lib/crypto/krb/cf2.c +++ b/src/lib/crypto/krb/cf2.c @@ -136,7 +136,7 @@ krb5_c_fx_cf2_simple(krb5_context context, goto cleanup; keydata.data = prf1; keydata.length = keybytes; - retval = (*out_enctype->enc->make_key)(&keydata, out_key); + retval = (*out_enctype->rand2key)(&keydata, out_key); if (retval) goto cleanup; diff --git a/src/lib/crypto/krb/combine_keys.c b/src/lib/crypto/krb/combine_keys.c index a6cea2eed7..979281d4a2 100644 --- a/src/lib/crypto/krb/combine_keys.c +++ b/src/lib/crypto/krb/combine_keys.c @@ -157,7 +157,7 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1, tkeyblock.length = keylength; tkeyblock.contents = output; - ret = (*enc->make_key)(&randbits, &tkeyblock); + ret = (*ktp->rand2key)(&randbits, &tkeyblock); if (ret) goto cleanup; diff --git a/src/lib/crypto/krb/deps b/src/lib/crypto/krb/deps index 43eb8c8958..8f86ab95b1 100644 --- a/src/lib/crypto/krb/deps +++ b/src/lib/crypto/krb/deps @@ -51,8 +51,8 @@ cksumtype_to_string.so cksumtype_to_string.po $(OUTPRE)cksumtype_to_string.$(OBJ cksumtypes.so cksumtypes.po $(OUTPRE)cksumtypes.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../builtin/enc_provider/enc_provider.h \ - $(srcdir)/../builtin/hash_provider/hash_provider.h \ + $(COM_ERR_DEPS) $(srcdir)/../openssl/enc_provider/enc_provider.h \ + $(srcdir)/../openssl/hash_provider/hash_provider.h \ $(srcdir)/dk/dk.h $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ @@ -193,8 +193,8 @@ enctype_util.so enctype_util.po $(OUTPRE)enctype_util.$(OBJEXT): \ etypes.h etypes.so etypes.po $(OUTPRE)etypes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/des/des_int.h \ - $(srcdir)/../builtin/enc_provider/enc_provider.h $(srcdir)/../builtin/hash_provider/hash_provider.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../openssl/des/des_int.h \ + $(srcdir)/../openssl/enc_provider/enc_provider.h $(srcdir)/../openssl/hash_provider/hash_provider.h \ $(srcdir)/arcfour/arcfour.h $(srcdir)/dk/dk.h $(srcdir)/old/old.h \ $(srcdir)/prf/prf_int.h $(srcdir)/raw/raw.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ @@ -355,16 +355,15 @@ prng.so prng.po $(OUTPRE)prng.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ prng_fortuna.so prng_fortuna.po $(OUTPRE)prng_fortuna.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h $(srcdir)/../builtin/aes/uitypes.h \ - $(srcdir)/../builtin/sha2/sha2.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - prng.h prng_fortuna.c + $(COM_ERR_DEPS) $(srcdir)/../openssl/aes/aes.h $(srcdir)/../openssl/sha2/sha2.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h prng.h prng_fortuna.c cf2.so cf2.po $(OUTPRE)cf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ @@ -379,7 +378,8 @@ cf2.so cf2.po $(OUTPRE)cf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ random_to_key.so random_to_key.po $(OUTPRE)random_to_key.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(COM_ERR_DEPS) $(srcdir)/../openssl/des/des_int.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ @@ -424,16 +424,16 @@ string_to_key.so string_to_key.po $(OUTPRE)string_to_key.$(OBJEXT): \ t_fortuna.so t_fortuna.po $(OUTPRE)t_fortuna.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h $(srcdir)/../builtin/aes/uitypes.h \ - $(srcdir)/../builtin/sha2/sha2.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - prng.h prng_fortuna.c t_fortuna.c + $(COM_ERR_DEPS) $(srcdir)/../openssl/aes/aes.h $(srcdir)/../openssl/sha2/sha2.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h prng.h prng_fortuna.c \ + t_fortuna.c valid_cksumtype.so valid_cksumtype.po $(OUTPRE)valid_cksumtype.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ diff --git a/src/lib/crypto/krb/dk/derive.c b/src/lib/crypto/krb/dk/derive.c index 3e9af2854a..7fa6c80ada 100644 --- a/src/lib/crypto/krb/dk/derive.c +++ b/src/lib/crypto/krb/dk/derive.c @@ -252,7 +252,7 @@ krb5int_derive_keyblock(const struct krb5_enc_provider *enc, goto cleanup; /* Postprocess the key. */ - ret = enc->make_key(&rawkey, outkey); + ret = krb5_c_random_to_key(NULL, inkey->keyblock.enctype, &rawkey, outkey); cleanup: zapfree(rawkey.data, enc->keybytes); diff --git a/src/lib/crypto/krb/dk/stringtokey.c b/src/lib/crypto/krb/dk/stringtokey.c index 779f51bdf0..2c5188bdb8 100644 --- a/src/lib/crypto/krb/dk/stringtokey.c +++ b/src/lib/crypto/krb/dk/stringtokey.c @@ -35,7 +35,6 @@ krb5int_dk_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string, const krb5_data *salt, const krb5_data *parms, krb5_keyblock *keyblock) { - const struct krb5_enc_provider *enc = ktp->enc; krb5_error_code ret; size_t keybytes, keylength, concatlen; unsigned char *concat = NULL, *foldstring = NULL, *foldkeydata = NULL; @@ -45,8 +44,8 @@ krb5int_dk_string_to_key(const struct krb5_keytypes *ktp, /* keyblock->length is checked by krb5int_derive_key. */ - keybytes = enc->keybytes; - keylength = enc->keylength; + keybytes = ktp->enc->keybytes; + keylength = ktp->enc->keylength; concatlen = string->length + (salt ? salt->length : 0); @@ -74,7 +73,7 @@ krb5int_dk_string_to_key(const struct krb5_keytypes *ktp, foldkeyblock.contents = foldkeydata; foldkeyblock.enctype = ktp->etype; - ret = enc->make_key(&indata, &foldkeyblock); + ret = ktp->rand2key(&indata, &foldkeyblock); if (ret != 0) goto cleanup; @@ -87,7 +86,7 @@ krb5int_dk_string_to_key(const struct krb5_keytypes *ktp, indata.length = kerberos_len; indata.data = (char *) kerberos; - ret = krb5int_derive_keyblock(enc, foldkey, keyblock, &indata, + ret = krb5int_derive_keyblock(ktp->enc, foldkey, keyblock, &indata, DERIVE_RFC3961); if (ret != 0) memset(keyblock->contents, 0, keyblock->length); diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c index ec9fb1d1b6..476a0e626a 100644 --- a/src/lib/crypto/krb/etypes.c +++ b/src/lib/crypto/krb/etypes.c @@ -48,7 +48,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { &krb5int_enc_des, &krb5int_hash_crc32, 16, krb5int_old_crypto_length, krb5int_old_encrypt, krb5int_old_decrypt, - krb5int_des_string_to_key, + krb5int_des_string_to_key, k5_rand2key_des, krb5int_des_prf, krb5int_init_state_enc, krb5int_free_state_enc, CKSUMTYPE_RSA_MD5_DES, @@ -58,7 +58,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { &krb5int_enc_des, &krb5int_hash_md4, 16, krb5int_old_crypto_length, krb5int_old_encrypt, krb5int_old_decrypt, - krb5int_des_string_to_key, + krb5int_des_string_to_key, k5_rand2key_des, krb5int_des_prf, krb5int_init_state_enc, krb5int_free_state_enc, CKSUMTYPE_RSA_MD4_DES, @@ -68,7 +68,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { &krb5int_enc_des, &krb5int_hash_md5, 16, krb5int_old_crypto_length, krb5int_old_encrypt, krb5int_old_decrypt, - krb5int_des_string_to_key, + krb5int_des_string_to_key, k5_rand2key_des, krb5int_des_prf, krb5int_init_state_enc, krb5int_free_state_enc, CKSUMTYPE_RSA_MD5_DES, @@ -78,7 +78,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { &krb5int_enc_des, NULL, 16, krb5int_raw_crypto_length, krb5int_raw_encrypt, krb5int_raw_decrypt, - krb5int_des_string_to_key, + krb5int_des_string_to_key, k5_rand2key_des, krb5int_des_prf, krb5int_init_state_enc, krb5int_free_state_enc, 0, @@ -88,7 +88,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { &krb5int_enc_des3, NULL, 16, krb5int_raw_crypto_length, krb5int_raw_encrypt, krb5int_raw_decrypt, - krb5int_dk_string_to_key, + krb5int_dk_string_to_key, k5_rand2key_des3, NULL, /*PRF*/ krb5int_init_state_enc, krb5int_free_state_enc, 0, @@ -100,7 +100,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { &krb5int_enc_des3, &krb5int_hash_sha1, 16, krb5int_dk_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt, - krb5int_dk_string_to_key, + krb5int_dk_string_to_key, k5_rand2key_des3, krb5int_dk_prf, krb5int_init_state_enc, krb5int_free_state_enc, CKSUMTYPE_HMAC_SHA1_DES3, @@ -111,7 +111,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { &krb5int_enc_des, &krb5int_hash_sha1, 8, krb5int_dk_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt, - krb5int_dk_string_to_key, + krb5int_dk_string_to_key, k5_rand2key_des, NULL, /*PRF*/ krb5int_init_state_enc, krb5int_free_state_enc, 0, @@ -124,7 +124,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { 20, krb5int_arcfour_crypto_length, krb5int_arcfour_encrypt, krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key, - krb5int_arcfour_prf, /*PRF*/ + k5_rand2key_direct, krb5int_arcfour_prf, krb5int_init_state_enc, krb5int_free_state_enc, CKSUMTYPE_HMAC_MD5_ARCFOUR, 0 /*flags*/ }, @@ -136,7 +136,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { 20, krb5int_arcfour_crypto_length, krb5int_arcfour_encrypt, krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key, - krb5int_arcfour_prf, /*PRF*/ + k5_rand2key_direct, krb5int_arcfour_prf, krb5int_init_state_enc, krb5int_free_state_enc, CKSUMTYPE_HMAC_MD5_ARCFOUR, ETYPE_WEAK @@ -148,7 +148,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { &krb5int_enc_aes128, &krb5int_hash_sha1, 16, krb5int_aes_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt, - krb5int_aes_string_to_key, + krb5int_aes_string_to_key, k5_rand2key_direct, krb5int_dk_prf, krb5int_init_state_enc, krb5int_free_state_enc, CKSUMTYPE_HMAC_SHA1_96_AES128, @@ -159,7 +159,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { &krb5int_enc_aes256, &krb5int_hash_sha1, 16, krb5int_aes_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt, - krb5int_aes_string_to_key, + krb5int_aes_string_to_key, k5_rand2key_direct, krb5int_dk_prf, krb5int_init_state_enc, krb5int_free_state_enc, CKSUMTYPE_HMAC_SHA1_96_AES256, @@ -172,7 +172,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { 16, krb5int_camellia_crypto_length, krb5int_dk_cmac_encrypt, krb5int_dk_cmac_decrypt, - krb5int_camellia_string_to_key, + krb5int_camellia_string_to_key, k5_rand2key_direct, krb5int_dk_cmac_prf, krb5int_init_state_enc, krb5int_free_state_enc, CKSUMTYPE_CMAC_CAMELLIA128, @@ -184,7 +184,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { 16, krb5int_camellia_crypto_length, krb5int_dk_cmac_encrypt, krb5int_dk_cmac_decrypt, - krb5int_camellia_string_to_key, + krb5int_camellia_string_to_key, k5_rand2key_direct, krb5int_dk_cmac_prf, krb5int_init_state_enc, krb5int_free_state_enc, CKSUMTYPE_CMAC_CAMELLIA256, diff --git a/src/lib/crypto/krb/etypes.h b/src/lib/crypto/krb/etypes.h index bbf2bf3b8c..98ed58ed79 100644 --- a/src/lib/crypto/krb/etypes.h +++ b/src/lib/crypto/krb/etypes.h @@ -48,6 +48,9 @@ typedef krb5_error_code (*str2key_func)(const struct krb5_keytypes *ktp, const krb5_data *parm, krb5_keyblock *key); +typedef krb5_error_code (*rand2key_func)(const krb5_data *randombits, + krb5_keyblock *key); + typedef krb5_error_code (*prf_func)(const struct krb5_keytypes *ktp, krb5_key key, const krb5_data *in, krb5_data *out); @@ -72,6 +75,7 @@ struct krb5_keytypes { crypt_func encrypt; crypt_func decrypt; str2key_func str2key; + rand2key_func rand2key; prf_func prf; init_state_func init_state; free_state_func free_state; @@ -127,4 +131,13 @@ krb5int_init_state_enc(const struct krb5_keytypes *ktp, void krb5int_free_state_enc(const struct krb5_keytypes *ktp, krb5_data *state); +krb5_error_code +k5_rand2key_direct(const krb5_data *randombits, krb5_keyblock *keyblock); + +krb5_error_code +k5_rand2key_des(const krb5_data *randombits, krb5_keyblock *keyblock); + +krb5_error_code +k5_rand2key_des3(const krb5_data *randombits, krb5_keyblock *keyblock); + #endif diff --git a/src/lib/crypto/krb/make_random_key.c b/src/lib/crypto/krb/make_random_key.c index a2368441b8..4032676a1a 100644 --- a/src/lib/crypto/krb/make_random_key.c +++ b/src/lib/crypto/krb/make_random_key.c @@ -65,7 +65,7 @@ krb5_c_make_random_key(krb5_context context, krb5_enctype enctype, random_key->enctype = enctype; random_key->length = keylength; - ret = (*enc->make_key)(&random_data, random_key); + ret = (*ktp->rand2key)(&random_data, random_key); cleanup: if (ret) { diff --git a/src/lib/crypto/krb/old/deps b/src/lib/crypto/krb/old/deps index 0e51f504a2..5f9cf94f11 100644 --- a/src/lib/crypto/krb/old/deps +++ b/src/lib/crypto/krb/old/deps @@ -4,7 +4,7 @@ des_stringtokey.so des_stringtokey.po $(OUTPRE)des_stringtokey.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../builtin/des/des_int.h \ + $(COM_ERR_DEPS) $(srcdir)/../../openssl/des/des_int.h \ $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ diff --git a/src/lib/crypto/krb/prf/deps b/src/lib/crypto/krb/prf/deps index dbf083fa56..2f28a7c869 100644 --- a/src/lib/crypto/krb/prf/deps +++ b/src/lib/crypto/krb/prf/deps @@ -3,7 +3,7 @@ # des_prf.so des_prf.po $(OUTPRE)des_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../builtin/hash_provider/hash_provider.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../openssl/hash_provider/hash_provider.h \ $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ @@ -27,7 +27,7 @@ dk_prf.so dk_prf.po $(OUTPRE)dk_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ dk_prf.c prf_int.h rc4_prf.so rc4_prf.po $(OUTPRE)rc4_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../builtin/hash_provider/hash_provider.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../openssl/hash_provider/hash_provider.h \ $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ diff --git a/src/lib/crypto/krb/rand2key/Makefile.in b/src/lib/crypto/krb/rand2key/Makefile.in deleted file mode 100644 index 7d1fb0705a..0000000000 --- a/src/lib/crypto/krb/rand2key/Makefile.in +++ /dev/null @@ -1,34 +0,0 @@ -mydir=lib$(S)crypto$(S)krb$(S)rand2key -BUILDTOP=$(REL)..$(S)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/. -I$(srcdir)/../../$(CRYPTO_IMPL)/des -DEFS= - -##DOS##BUILDTOP = ..\..\..\.. -##DOS##PREFIXDIR = krb\rand2key -##DOS##OBJFILE= ..\..\$(OUTPRE)rand2key.lst - -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) - -STLIBOBJS= aes_rand2key.o des_rand2key.o des3_rand2key.o rc4_rand2key.o camellia_rand2key.o - -OBJS= $(OUTPRE)aes_rand2key.$(OBJEXT) $(OUTPRE)des_rand2key.$(OBJEXT) \ - $(OUTPRE)des3_rand2key.$(OBJEXT) $(OUTPRE)rc4_rand2key.$(OBJEXT) \ - $(OUTPRE)camellia_rand2key.$(OBJEXT) - -SRCS= $(srcdir)/aes_rand2key.c $(srcdir)/des_rand2key.c \ - $(srcdir)/des3_rand2key.c $(srcdir)/rc4_rand2key.c \ - $(srcdir)/camellia_rand2key.c - -##DOS##LIBOBJS = $(OBJS) - -all-unix:: all-libobjs - -includes:: depend - -depend:: $(SRCS) - -clean-unix:: clean-libobjs - -@libobj_frag@ - diff --git a/src/lib/crypto/krb/rand2key/aes_rand2key.c b/src/lib/crypto/krb/rand2key/aes_rand2key.c deleted file mode 100644 index 4b876bcbf8..0000000000 --- a/src/lib/crypto/krb/rand2key/aes_rand2key.c +++ /dev/null @@ -1,44 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * lib/crypto/krb/rand2key/aes_rand2key.c - * - * Copyright (C) 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - - -#include "rand2key.h" - -krb5_error_code -krb5int_aes_make_key(const krb5_data *randombits, krb5_keyblock *key) -{ - if (key->length != 16 && key->length != 32) - return(KRB5_BAD_KEYSIZE); - if (randombits->length != key->length) - return(KRB5_CRYPTO_INTERNAL); - - key->magic = KV5M_KEYBLOCK; - - memcpy(key->contents, randombits->data, randombits->length); - - return(0); -} diff --git a/src/lib/crypto/krb/rand2key/camellia_rand2key.c b/src/lib/crypto/krb/rand2key/camellia_rand2key.c deleted file mode 100644 index 50e7ef015e..0000000000 --- a/src/lib/crypto/krb/rand2key/camellia_rand2key.c +++ /dev/null @@ -1,43 +0,0 @@ -/* - * lib/crypto/krb/rand2key/camellia_rand2key.c - * - * Copyright (c) 2009 - * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - - -#include "rand2key.h" - -krb5_error_code -krb5int_camellia_make_key(const krb5_data *randombits, krb5_keyblock *key) -{ - if (key->length != 16 && key->length != 32) - return(KRB5_BAD_KEYSIZE); - if (randombits->length != key->length) - return(KRB5_CRYPTO_INTERNAL); - - key->magic = KV5M_KEYBLOCK; - - memcpy(key->contents, randombits->data, randombits->length); - - return(0); -} diff --git a/src/lib/crypto/krb/rand2key/deps b/src/lib/crypto/krb/rand2key/deps deleted file mode 100644 index fdc9ef5d14..0000000000 --- a/src/lib/crypto/krb/rand2key/deps +++ /dev/null @@ -1,64 +0,0 @@ -# -# Generated makefile dependencies follow. -# -aes_rand2key.so aes_rand2key.po $(OUTPRE)aes_rand2key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h aes_rand2key.c \ - rand2key.h -des_rand2key.so des_rand2key.po $(OUTPRE)des_rand2key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../builtin/des/des_int.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des_rand2key.c \ - rand2key.h -des3_rand2key.so des3_rand2key.po $(OUTPRE)des3_rand2key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../builtin/des/des_int.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des3_rand2key.c \ - rand2key.h -rc4_rand2key.so rc4_rand2key.po $(OUTPRE)rc4_rand2key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h rand2key.h rc4_rand2key.c -camellia_rand2key.so camellia_rand2key.po $(OUTPRE)camellia_rand2key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h camellia_rand2key.c \ - rand2key.h diff --git a/src/lib/crypto/krb/rand2key/des3_rand2key.c b/src/lib/crypto/krb/rand2key/des3_rand2key.c deleted file mode 100644 index 31f3f4cba5..0000000000 --- a/src/lib/crypto/krb/rand2key/des3_rand2key.c +++ /dev/null @@ -1,60 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * lib/crypto/krb/rand2key/des3_rand2key.c - * - * Copyright (C) 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - - -#include "rand2key.h" -#include "des_int.h" - -/* RFC 3961 */ -krb5_error_code -krb5int_des3_make_key(const krb5_data *randombits, krb5_keyblock *key) -{ - int i; - if (key->length != KRB5_MIT_DES3_KEYSIZE) - return(KRB5_BAD_KEYSIZE); - if (randombits->length != KRB5_MIT_DES3_KEY_BYTES) - return(KRB5_CRYPTO_INTERNAL); - - key->magic = KV5M_KEYBLOCK; - - /* take the seven bytes, move them around into the top 7 bits of the - 8 key bytes, then compute the parity bits. Do this three times. */ - - for (i=0; i<3; i++) { - memcpy(key->contents+i*8, randombits->data+i*7, 7); - key->contents[i*8+7] = (((key->contents[i*8]&1)<<1) | - ((key->contents[i*8+1]&1)<<2) | - ((key->contents[i*8+2]&1)<<3) | - ((key->contents[i*8+3]&1)<<4) | - ((key->contents[i*8+4]&1)<<5) | - ((key->contents[i*8+5]&1)<<6) | - ((key->contents[i*8+6]&1)<<7)); - - mit_des_fixup_key_parity(key->contents+i*8); - } - return(0); -} diff --git a/src/lib/crypto/krb/rand2key/des_rand2key.c b/src/lib/crypto/krb/rand2key/des_rand2key.c deleted file mode 100644 index e5cdded924..0000000000 --- a/src/lib/crypto/krb/rand2key/des_rand2key.c +++ /dev/null @@ -1,54 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * lib/crypto/krb/rand2key/des_rand2key.c - * - * Copyright (C) 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - - -#include "rand2key.h" -#include "des_int.h" - -krb5_error_code -krb5int_des_make_key(const krb5_data *randombits, krb5_keyblock *key) -{ - if (key->length != KRB5_MIT_DES_KEYSIZE) - return(KRB5_BAD_KEYSIZE); - if (randombits->length != 7) - return(KRB5_CRYPTO_INTERNAL); - - key->magic = KV5M_KEYBLOCK; - - /* take the seven bytes, move them around into the top 7 bits of the - 8 key bytes, then compute the parity bits */ - - memcpy(key->contents, randombits->data, randombits->length); - key->contents[7] = (((key->contents[0]&1)<<1) | ((key->contents[1]&1)<<2) | - ((key->contents[2]&1)<<3) | ((key->contents[3]&1)<<4) | - ((key->contents[4]&1)<<5) | ((key->contents[5]&1)<<6) | - ((key->contents[6]&1)<<7)); - - mit_des_fixup_key_parity(key->contents); - - return(0); -} diff --git a/src/lib/crypto/krb/rand2key/rand2key.h b/src/lib/crypto/krb/rand2key/rand2key.h deleted file mode 100644 index 262d83daf7..0000000000 --- a/src/lib/crypto/krb/rand2key/rand2key.h +++ /dev/null @@ -1,19 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -#include "k5-int.h" - - -krb5_error_code -krb5int_arcfour_make_key(const krb5_data *randombits, krb5_keyblock *key); - -krb5_error_code -krb5int_des_make_key(const krb5_data *randombits, krb5_keyblock *key); - -/* RFC 3961 */ -krb5_error_code -krb5int_des3_make_key(const krb5_data *randombits, krb5_keyblock *key); - -krb5_error_code -krb5int_aes_make_key(const krb5_data *randombits, krb5_keyblock *key); - -krb5_error_code -krb5int_camellia_make_key(const krb5_data *randombits, krb5_keyblock *key); diff --git a/src/lib/crypto/krb/rand2key/rc4_rand2key.c b/src/lib/crypto/krb/rand2key/rc4_rand2key.c deleted file mode 100644 index 2e2ddaa3b5..0000000000 --- a/src/lib/crypto/krb/rand2key/rc4_rand2key.c +++ /dev/null @@ -1,45 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * lib/crypto/krb/rand2key/rc4_rand2key.c - * - * Copyright (C) 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "rand2key.h" - - -krb5_error_code -krb5int_arcfour_make_key(const krb5_data *randombits, krb5_keyblock *key) -{ - if (key->length != 16) - return(KRB5_BAD_KEYSIZE); - if (randombits->length != 16) - return(KRB5_CRYPTO_INTERNAL); - - key->magic = KV5M_KEYBLOCK; - key->length = 16; - - memcpy(key->contents, randombits->data, randombits->length); - - return(0); -} diff --git a/src/lib/crypto/krb/random_to_key.c b/src/lib/crypto/krb/random_to_key.c index 8b37374069..cb83129a24 100644 --- a/src/lib/crypto/krb/random_to_key.c +++ b/src/lib/crypto/krb/random_to_key.c @@ -36,6 +36,7 @@ */ #include "k5-int.h" #include "etypes.h" +#include "des_int.h" krb5_error_code KRB5_CALLCONV krb5_c_random_to_key(krb5_context context, krb5_enctype enctype, @@ -43,7 +44,6 @@ krb5_c_random_to_key(krb5_context context, krb5_enctype enctype, { krb5_error_code ret; const struct krb5_keytypes *ktp; - const struct krb5_enc_provider *enc; if (random_data == NULL || random_key == NULL || random_key->contents == NULL) @@ -52,14 +52,69 @@ krb5_c_random_to_key(krb5_context context, krb5_enctype enctype, ktp = find_enctype(enctype); if (ktp == NULL) return KRB5_BAD_ENCTYPE; - enc = ktp->enc; - if (random_key->length != enc->keylength) + if (random_key->length != ktp->enc->keylength) return KRB5_BAD_KEYSIZE; - ret = (*enc->make_key)(random_data, random_key); + ret = ktp->rand2key(random_data, random_key); if (ret) - memset(random_key->contents, 0, random_key->length); + zap(random_key->contents, random_key->length); return ret; } + +krb5_error_code +k5_rand2key_direct(const krb5_data *randombits, krb5_keyblock *keyblock) +{ + if (randombits->length != keyblock->length) + return KRB5_CRYPTO_INTERNAL; + + keyblock->magic = KV5M_KEYBLOCK; + memcpy(keyblock->contents, randombits->data, randombits->length); + return 0; +} + +static inline void +eighth_byte(unsigned char *b) +{ + b[7] = (((b[0] & 1) << 1) | ((b[1] & 1) << 2) | ((b[2] & 1) << 3) | + ((b[3] & 1) << 4) | ((b[4] & 1) << 5) | ((b[5] & 1) << 6) | + ((b[6] & 1) << 7)); +} + +krb5_error_code +k5_rand2key_des(const krb5_data *randombits, krb5_keyblock *keyblock) +{ + if (randombits->length != 7) + return(KRB5_CRYPTO_INTERNAL); + + keyblock->magic = KV5M_KEYBLOCK; + + /* Take the seven bytes, move them around into the top 7 bits of the + * 8 key bytes, then compute the parity bits. */ + memcpy(keyblock->contents, randombits->data, randombits->length); + eighth_byte(keyblock->contents); + mit_des_fixup_key_parity(keyblock->contents); + + return 0; +} + +krb5_error_code +k5_rand2key_des3(const krb5_data *randombits, krb5_keyblock *keyblock) +{ + int i; + + if (randombits->length != 21) + return KRB5_CRYPTO_INTERNAL; + + keyblock->magic = KV5M_KEYBLOCK; + + /* Take the seven bytes, move them around into the top 7 bits of the + * 8 key bytes, then compute the parity bits. Do this three times. */ + for (i = 0; i < 3; i++) { + memcpy(&keyblock->contents[i * 8], &randombits->data[i * 7], 7); + eighth_byte(&keyblock->contents[i * 8]); + mit_des_fixup_key_parity(&keyblock->contents[i * 8]); + } + return 0; +} |