diff options
| author | Marc Horowitz <marc@mit.edu> | 1998-10-30 02:56:35 +0000 |
|---|---|---|
| committer | Marc Horowitz <marc@mit.edu> | 1998-10-30 02:56:35 +0000 |
| commit | 1440ab035ba04550ddbbfbff1ee9b5571e3d95db (patch) | |
| tree | 9d5e8d2e151a930e044c7d0f7c64053d244577a0 /src/lib/crypto | |
| parent | 61ddbf948ba6ee70c1bc049268c3dfa73bc9983e (diff) | |
| download | krb5-1440ab035ba04550ddbbfbff1ee9b5571e3d95db.tar.gz krb5-1440ab035ba04550ddbbfbff1ee9b5571e3d95db.tar.xz krb5-1440ab035ba04550ddbbfbff1ee9b5571e3d95db.zip | |
pull up 3des implementation from the marc-3des branch
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto')
95 files changed, 2853 insertions, 6773 deletions
diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index dd0e7b5611..566afc88f3 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,34 @@ +Tue Sep 22 21:19:01 1998 Tom Yu <tlyu@mit.edu> + + * prng.c (krb5_c_random_make_octets): Fix to nfold into 15 bytes, + not one byte. + +Mon Sep 21 15:23:19 1998 Tom Yu <tlyu@mit.edu> + + * prng.c (krb5_c_random_seed): Fix memory leak. + +Mon Sep 14 23:21:17 1998 Tom Yu <tlyu@mit.edu> + + * old/decrypt.c (krb5_old_decrypt): Fix memory leak. + +Tue Sep 1 19:33:38 1998 Tom Yu <tlyu@mit.edu> + + * etypes.c: Add ETYPE_LOCAL_DES3_HMAC_SHA1 to deal with marc's + des3 code. ETYPE_DES3_HMAC_SHA1 remains the same for now. + +Mon Aug 17 23:40:11 1998 Tom Yu <tlyu@mit.edu> + + * keyhash_provider/k5_md4des.c (k5_md4des_verify): Add + compatibility for krb5-beta5 checksums. + + * keyhash_provider/k5_md5des.c (k5_md5des_verify): Add + compatibility for krb5-beta5 checksums. Fix typos similar to + those corrected in k5_md4des.c. + +Sun Jul 19 12:00:00 1998 Marc Horowitz <marc@mit.edu> + + * *.c: replace the crypto layer. + Wed Apr 15 18:02:44 1998 Tom Yu <tlyu@mit.edu> * Makefile.in (LIB): Rename to k5crypto. diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in index 468818cb80..48d035a78b 100644 --- a/src/lib/crypto/Makefile.in +++ b/src/lib/crypto/Makefile.in @@ -1,7 +1,10 @@ thisconfigdir=. BUILDTOP=$(REL)$(U)$(S)$(U) -LOCAL_SUBDIRS=des crc32 md4 md5 sha os -CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/crc32 -I$(srcdir)/des -I$(srcdir)/md4 -I$(srcdir)/md5 -I$(srcdir)/sha +LOCAL_SUBDIRS=crc32 des dk enc_provider hash_provider keyhash_provider \ + md4 md5 old raw sha1 +CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/enc_provider \ + -I$(srcdir)/hash_provider -I$(srcdir)/keyhash_provider \ + -I$(srcdir)/old -I$(srcdir)/raw -I$(srcdir)/dk ##DOSBUILDTOP = ..\.. ##DOSLIBNAME=crypto.lib @@ -9,37 +12,102 @@ CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/crc32 -I$(srcdir)/des -I$(srcdir)/md4 -I$ ##DOSOBJFILELIST=@crypto.lst @des.lst @md4.lst @md5.lst @sha.lst @crc32.lst @os.lst ##DOSOBJFILEDEP =crypto.lst des.lst md4.lst md5.lst sha.lst crc32.lst os.lst -MAC_SUBDIRS = des sha md4 md5 crc32 os - -OBJS= cryptoconf.$(OBJEXT) \ - encrypt_data.$(OBJEXT) \ - krb5_glue.$(OBJEXT) \ - decrypt_data.$(OBJEXT) \ - des_crc.$(OBJEXT) \ - des_md5.$(OBJEXT) \ - des3_sha.$(OBJEXT) \ - des3_raw.$(OBJEXT) \ - raw_des.$(OBJEXT) - -SRCS= $(srcdir)/cryptoconf.c \ - $(srcdir)/encrypt_data.c \ - $(srcdir)/krb5_glue.c \ - $(srcdir)/decrypt_data.c \ - $(srcdir)/des_crc.c \ - $(srcdir)/des_md5.c \ - $(srcdir)/des3_sha.c \ - $(srcdir)/des3_raw.c \ - $(srcdir)/raw_des.c +MAC_SUBDIRS = crc32 des dk enc_provider hash_provider keyhash_provider \ + md4 md5 old raw sha1 + +PROG_LIBPATH=-L$(TOPLIBD) +PROG_RPATH=$(KRB5_LIBDIR) + +STLIBOBJS=\ + block_size.o \ + checksum_length.o \ + cksumtype_to_string.o \ + cksumtypes.o \ + coll_proof_cksum.o \ + decrypt.o \ + encrypt.o \ + encrypt_length.o \ + enctype_compare.o \ + enctype_to_string.o \ + etypes.o \ + hmac.o \ + keyed_cksum.o \ + keyed_checksum_types.o \ + make_checksum.o \ + make_random_key.o \ + nfold.o \ + old_api_glue.o \ + prng.o \ + string_to_cksumtype.o \ + string_to_enctype.o \ + string_to_key.o \ + valid_cksumtype.o \ + valid_enctype.o \ + verify_checksum.o + +OBJS=\ + block_size.$(OBJEXT) \ + checksum_length.$(OBJEXT) \ + cksumtype_to_string.$(OBJEXT) \ + cksumtypes.$(OBJEXT) \ + coll_proof_cksum.$(OBJEXT) \ + decrypt.$(OBJEXT) \ + encrypt.$(OBJEXT) \ + encrypt_length.$(OBJEXT) \ + enctype_compare.$(OBJEXT) \ + enctype_to_string.$(OBJEXT) \ + etypes.$(OBJEXT) \ + hmac.$(OBJEXT) \ + keyed_cksum.$(OBJEXT) \ + keyed_checksum_types.$(OBJEXT) \ + make_checksum.$(OBJEXT) \ + make_random_key.$(OBJEXT) \ + nfold.$(OBJEXT) \ + old_api_glue.$(OBJEXT) \ + prng.$(OBJEXT) \ + string_to_cksumtype.$(OBJEXT) \ + string_to_enctype.$(OBJEXT) \ + string_to_key.$(OBJEXT) \ + valid_cksumtype.$(OBJEXT) \ + valid_enctype.$(OBJEXT) \ + verify_checksum.$(OBJEXT) + +SRCS=\ + $(subdir)/block_size.c \ + $(subdir)/checksum_length.c \ + $(subdir)/cksumtype_to_string.c \ + $(subdir)/cksumtypes.c \ + $(subdir)/coll_proof_cksum.c \ + $(subdir)/decrypt.c \ + $(subdir)/encrypt.c \ + $(subdir)/encrypt_length.c \ + $(subdir)/enctype_compare.c \ + $(subdir)/enctype_to_string.c \ + $(subdir)/etypes.c \ + $(subdir)/hmac.c \ + $(subdir)/keyed_cksum.c \ + $(subdir)/keyed_checksum_types.c\ + $(subdir)/make_checksum.c \ + $(subdir)/make_random_key.c \ + $(subdir)/nfold.c \ + $(subdir)/old_api_glue.c \ + $(subdir)/prng.c \ + $(subdir)/string_to_cksumtype.c \ + $(subdir)/string_to_enctype.c \ + $(subdir)/string_to_key.c \ + $(subdir)/valid_cksumtype.c \ + $(subdir)/valid_enctype.c \ + $(subdir)/verify_checksum.c + LIB=k5crypto LIBMAJOR=2 -LIBMINOR=0 +LIBMINOR=1 RELDIR=crypto -STLIBOBJS=cryptoconf.o encrypt_data.o decrypt_data.o \ - des_crc.o des_md5.o des3_sha.o des3_raw.o raw_des.o krb5_glue.o -STOBJLISTS=des/OBJS.ST md4/OBJS.ST md5/OBJS.ST sha/OBJS.ST crc32/OBJS.ST \ - os/OBJS.ST OBJS.ST +STOBJLISTS=crc32/OBJS.ST des/OBJS.ST dk/OBJS.ST enc_provider/OBJS.ST \ + hash_provider/OBJS.ST keyhash_provider/OBJS.ST md4/OBJS.ST \ + md5/OBJS.ST old/OBJS.ST raw/OBJS.ST sha1/OBJS.ST OBJS.ST # No dependencies. Record places to find this shared object if the target # link editor and loader support it. @@ -58,7 +126,14 @@ libcrypto.lib: clean-unix:: clean-liblinks clean-libs clean-libobjs -check-unix:: +check-unix:: t_nfold + $(RUN_SETUP) ./t_nfold + +t_nfold$(EXEEXT): t_nfold.$(OBJEXT) nfold.$(OBJEXT) + $(CC_LINK) -o $@ t_nfold.$(OBJEXT) nfold.$(OBJEXT) + +clean:: + $(RM) t_nfold.o t_nfold all-windows:: cd crc32 @@ -67,61 +142,101 @@ all-windows:: cd ..\des @echo Making in crypto\des -$(MAKE) -$(MFLAGS) + cd ..\dk + @echo Making in crypto\dk + -$(MAKE) -$(MFLAGS) + cd ..\enc_provider + @echo Making in crypto\enc_provider + -$(MAKE) -$(MFLAGS) + cd ..\hash_provider + @echo Making in crypto\hash_provider + -$(MAKE) -$(MFLAGS) + cd ..\keyhash_provider + @echo Making in crypto\keyhash_provider + -$(MAKE) -$(MFLAGS) cd ..\md4 @echo Making in crypto\md4 -$(MAKE) -$(MFLAGS) - cd ..\os - @echo Making in crypto\os - -$(MAKE) -$(MFLAGS) cd ..\md5 @echo Making in crypto\md5 -$(MAKE) -$(MFLAGS) - cd ..\sha - @echo Making in crypto\sha + cd ..\old + @echo Making in crypto\old + -$(MAKE) -$(MFLAGS) + cd ..\raw + @echo Making in crypto\raw + -$(MAKE) -$(MFLAGS) + cd ..\sha1 + @echo Making in crypto\sha1 -$(MAKE) -$(MFLAGS) - cd .. clean-windows:: cd crc32 - @echo Making clean in crypto\crc32 + @echo Making in clean crypto\crc32 -$(MAKE) -$(MFLAGS) clean cd ..\des @echo Making clean in crypto\des -$(MAKE) -$(MFLAGS) clean + cd ..\dk + @echo Making clean in crypto\dk + -$(MAKE) -$(MFLAGS) clean + cd ..\enc_provider + @echo Making clean in crypto\enc_provider + -$(MAKE) -$(MFLAGS) clean + cd ..\hash_provider + @echo Making clean in crypto\hash_provider + -$(MAKE) -$(MFLAGS) clean + cd ..\keyhash_provider + @echo Making clean in crypto\keyhash_provider + -$(MAKE) -$(MFLAGS) clean cd ..\md4 @echo Making clean in crypto\md4 -$(MAKE) -$(MFLAGS) clean cd ..\md5 @echo Making clean in crypto\md5 -$(MAKE) -$(MFLAGS) clean - cd ..\sha - @echo Making clean in crypto\sha + cd ..\old + @echo Making clean in crypto\old -$(MAKE) -$(MFLAGS) clean - cd ..\os - @echo Making clean in crypto\os + cd ..\raw + @echo Making clean in crypto\raw + -$(MAKE) -$(MFLAGS) clean + cd ..\sha1 + @echo Making clean in crypto\sha1 -$(MAKE) -$(MFLAGS) clean - cd .. - @echo Making clean locally check-windows:: cd crc32 - @echo Making check in crypto\crc32 + @echo Making in check crypto\crc32 -$(MAKE) -$(MFLAGS) check cd ..\des @echo Making check in crypto\des -$(MAKE) -$(MFLAGS) check + cd ..\dk + @echo Making check in crypto\dk + -$(MAKE) -$(MFLAGS) check + cd ..\enc_provider + @echo Making check in crypto\enc_provider + -$(MAKE) -$(MFLAGS) check + cd ..\hash_provider + @echo Making check in crypto\hash_provider + -$(MAKE) -$(MFLAGS) check + cd ..\keyhash_provider + @echo Making check in crypto\keyhash_provider + -$(MAKE) -$(MFLAGS) check cd ..\md4 @echo Making check in crypto\md4 -$(MAKE) -$(MFLAGS) check cd ..\md5 @echo Making check in crypto\md5 -$(MAKE) -$(MFLAGS) check - cd ..\sha - @echo Making check in crypto\sha + cd ..\old + @echo Making check in crypto\old -$(MAKE) -$(MFLAGS) check - cd ..\os - @echo Making check in crypto\os + cd ..\raw + @echo Making check in crypto\raw + -$(MAKE) -$(MFLAGS) check + cd ..\sha1 + @echo Making check in crypto\sha1 -$(MAKE) -$(MFLAGS) check - cd .. - diff --git a/src/lib/crypto/block_size.c b/src/lib/crypto/block_size.c new file mode 100644 index 0000000000..de5c3ac89c --- /dev/null +++ b/src/lib/crypto/block_size.c @@ -0,0 +1,49 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "etypes.h" + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_c_block_size(context, enctype, blocksize) + krb5_context context; + krb5_enctype enctype; + size_t *blocksize; +{ + int i; + + for (i=0; i<krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == enctype) + break; + } + + if (i == krb5_enctypes_length) + return(KRB5_BAD_ENCTYPE); + + (*(krb5_enctypes_list[i].enc->block_size))(blocksize); + + return(0); +} diff --git a/src/lib/crypto/checksum_length.c b/src/lib/crypto/checksum_length.c new file mode 100644 index 0000000000..38773cae01 --- /dev/null +++ b/src/lib/crypto/checksum_length.c @@ -0,0 +1,53 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "cksumtypes.h" + +krb5_error_code +krb5_c_checksum_length(context, cksumtype, length) + krb5_context context; + krb5_cksumtype cksumtype; + size_t *length; +{ + int i; + + for (i=0; i<krb5_cksumtypes_length; i++) { + if (krb5_cksumtypes_list[i].ctype == cksumtype) + break; + } + + if (i == krb5_cksumtypes_length) + return(KRB5_BAD_ENCTYPE); + + if (krb5_cksumtypes_list[i].keyhash) + (*(krb5_cksumtypes_list[i].keyhash->hash_size))(length); + else + (*(krb5_cksumtypes_list[i].hash->hash_size))(length); + + return(0); +} + diff --git a/src/lib/crypto/cksumtype_to_string.c b/src/lib/crypto/cksumtype_to_string.c new file mode 100644 index 0000000000..21cc5905f6 --- /dev/null +++ b/src/lib/crypto/cksumtype_to_string.c @@ -0,0 +1,49 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "cksumtypes.h" + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_cksumtype_to_string(cksumtype, buffer, buflen) + krb5_cksumtype cksumtype; + char FAR * buffer; + size_t buflen; +{ + int i; + + for (i=0; i<krb5_cksumtypes_length; i++) { + if (krb5_cksumtypes_list[i].ctype == cksumtype) { + if ((strlen(krb5_cksumtypes_list[i].out_string)+1) > buflen) + return(ENOMEM); + + strcpy(buffer, krb5_cksumtypes_list[i].out_string); + return(0); + } + } + + return(EINVAL); +} diff --git a/src/lib/crypto/cksumtypes.c b/src/lib/crypto/cksumtypes.c new file mode 100644 index 0000000000..8107d3b8f7 --- /dev/null +++ b/src/lib/crypto/cksumtypes.c @@ -0,0 +1,74 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "hash_provider.h" +#include "keyhash_provider.h" +#include "cksumtypes.h" + +struct krb5_cksumtypes krb5_cksumtypes_list[] = { + { CKSUMTYPE_CRC32, KRB5_CKSUMFLAG_NOT_COLL_PROOF, + "crc32", "CRC-32", + 0, NULL, + &krb5_hash_crc32 }, + + { CKSUMTYPE_RSA_MD4, 0, + "md4", "RSA-MD4", + 0, NULL, + &krb5_hash_md4 }, + { CKSUMTYPE_RSA_MD4_DES, 0, + "md4-des", "RSA-MD4 with DES cbc mode", + ENCTYPE_DES_CBC_CRC, &krb5_keyhash_md4des, + NULL }, + + { CKSUMTYPE_DESCBC, 0, + "des-cbc", "DES cbc mode", + ENCTYPE_DES_CBC_CRC, &krb5_keyhash_descbc, + NULL }, + + { CKSUMTYPE_RSA_MD5, 0, + "md5", "RSA-MD5", + 0, NULL, + &krb5_hash_md5 }, + { CKSUMTYPE_RSA_MD5_DES, 0, + "md5-des", "RSA-MD5 with DES cbc mode", + ENCTYPE_DES_CBC_CRC, &krb5_keyhash_md5des, + NULL }, + + { CKSUMTYPE_NIST_SHA, 0, + "sha", "NIST-SHA", + 0, NULL, + &krb5_hash_sha1 }, + + { CKSUMTYPE_HMAC_SHA1, KRB5_CKSUMFLAG_DERIVE, + "hmac-sha1", "HMAC-SHA1", + 0, NULL, + &krb5_hash_sha1 }, +}; + +int krb5_cksumtypes_length = +sizeof(krb5_cksumtypes_list)/sizeof(struct krb5_cksumtypes); + diff --git a/src/lib/crypto/cksumtypes.h b/src/lib/crypto/cksumtypes.h new file mode 100644 index 0000000000..900a7c8914 --- /dev/null +++ b/src/lib/crypto/cksumtypes.h @@ -0,0 +1,31 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" + +extern struct krb5_cksumtypes krb5_cksumtypes_list[]; +extern int krb5_cksumtypes_length; + diff --git a/src/lib/crypto/coll_proof_cksum.c b/src/lib/crypto/coll_proof_cksum.c new file mode 100644 index 0000000000..07925c641a --- /dev/null +++ b/src/lib/crypto/coll_proof_cksum.c @@ -0,0 +1,44 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "cksumtypes.h" + +krb5_boolean is_coll_proof_cksum(ctype) + krb5_cksumtype ctype; +{ + int i; + + for (i=0; i<krb5_cksumtypes_length; i++) { + if (krb5_cksumtypes_list[i].ctype == ctype) + return((krb5_cksumtypes_list[i].flags & + KRB5_CKSUMFLAG_NOT_COLL_PROOF)?0:1); + } + + /* ick, but it's better than coredumping, which is what the + old code would have done */ + return(0); +} diff --git a/src/lib/crypto/configure.in b/src/lib/crypto/configure.in index 19688e35e6..2fb1faffbf 100644 --- a/src/lib/crypto/configure.in +++ b/src/lib/crypto/configure.in @@ -4,136 +4,22 @@ AC_PROG_ARCHIVE AC_PROG_ARCHIVE_ADD AC_PROG_RANLIB AC_PROG_INSTALL -dnl -dnl Determine which cryptosystems we are enabling -dnl -AC_ARG_ENABLE([des-cbc-md5], -[ --enable-des-cbc-md5 enable DES_CBC_MD5 (DEFAULT). - --disable-des-cbc-md5 disable DES_CBC_MD5.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling DES_CBC_MD5) - AC_DEFINE(PROVIDE_DES_CBC_MD5) -else - AC_MSG_RESULT(Disabling DES_CBC_MD5) -fi -dnl AC_ARG_ENABLE([des3-cbc-sha], -dnl [ --enable-des3-cbc-sha enable DES3_CBC_SHA (DEFAULT). -dnl --disable-des3-cbc-sha disable DES3_CBC_SHA.], -dnl , -dnl enableval=yes)dnl -dnl if test "$enableval" = yes; then -dnl AC_MSG_RESULT(Enabling DES3_CBC_SHA) -dnl AC_DEFINE(PROVIDE_DES3_CBC_SHA) -dnl else -dnl AC_MSG_RESULT(Disabling DES3_CBC_SHA) -dnl fi -AC_ARG_WITH([des-cbc-crc], -[ --enable-des-cbc-crc enable DES_CBC_CRC (DEFAULT). - --disable-des-cbc-crc disable DES_CBC_CRC.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling DES_CBC_CRC) - AC_DEFINE(PROVIDE_DES_CBC_CRC) -else - AC_MSG_RESULT(Disabling DES_CBC_CRC) -fi -AC_ARG_WITH([des-cbc-raw], -[ --enable-des-cbc-raw enable DES_CBC_RAW (DEFAULT). - --disable-des-cbc-raw disable DES_CBC_RAW.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling DES_CBC_RAW) - AC_DEFINE(PROVIDE_DES_CBC_RAW) -else - AC_MSG_RESULT(Disabling DES_CBC_RAW) -fi -dnl AC_ARG_WITH([des3-cbc-raw], -dnl [ --enable-des3-cbc-raw enable DES3_CBC_RAW (DEFAULT). -dnl --disable-des3-cbc-raw disable DES3_CBC_RAW.], -dnl , -dnl enableval=yes)dnl -dnl if test "$enableval" = yes; then -dnl AC_MSG_RESULT(Enabling DES3_CBC_RAW) -dnl AC_DEFINE(PROVIDE_DES3_CBC_RAW) -dnl else -dnl AC_MSG_RESULT(Disabling DES3_CBC_RAW) -dnl fi -AC_ARG_WITH([des-cbc-cksum], -[ --enable-des-cbc-cksum enable DES_CBC_CKSUM (DEFAULT). - --disable-des-cbc-cksum disable DES_CBC_CKSUM.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling DES_CBC_CKSUM) - AC_DEFINE(PROVIDE_DES_CBC_CKSUM) -else - AC_MSG_RESULT(Disabling DES_CBC_CKSUM) -fi -AC_ARG_WITH([crc32], -[ --enable-crc32 enable CRC32 (DEFAULT). - --disable-crc32 disable CRC32.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling CRC32) - AC_DEFINE(PROVIDE_CRC32) -else - AC_MSG_RESULT(Disabling CRC32) -fi -AC_ARG_WITH([rsa-md4], -[ --enable-rsa-md4 enable RSA_MD4 (DEFAULT). - --disable-rsa-md4 disable RSA_MD4.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling RSA_MD4) - AC_DEFINE(PROVIDE_RSA_MD4) -else - AC_MSG_RESULT(Disabling RSA_MD4) -fi -AC_ARG_WITH([rsa-md5], -[ --enable-rsa-md5 enable RSA_MD5 (DEFAULT). - --disable-rsa-md5 disable RSA_MD5.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling RSA_MD5) - AC_DEFINE(PROVIDE_RSA_MD5) -else - AC_MSG_RESULT(Disabling RSA_MD5) -fi -dnl AC_ARG_WITH([nist-sha], -dnl [ --enable-nist-sha enable NIST_SHA (DEFAULT). -dnl --disable-nist-sha disable NIST_SHA.], -dnl , -dnl enableval=yes)dnl -dnl if test "$enableval" = yes; then -dnl AC_MSG_RESULT(Enabling NIST_SHA) -dnl AC_DEFINE(PROVIDE_NIST_SHA) -dnl else -dnl AC_MSG_RESULT(Disabling NIST_SHA) -dnl fi - -AC_REPLACE_FUNCS(memmove) -AC_HAVE_FUNCS(srand48 srand srandom getpid) -AC_CHECK_HEADERS(sys/types.h) -AC_PROG_LN_S -KRB5_SOCKADDR_SA_LEN KRB5_RUN_FLAGS +KRB5_BUILD_PROGRAM KRB5_BUILD_LIBOBJS KRB5_BUILD_LIBRARY -KRB5_BUILD_PROGRAM K5_GEN_MAKEFILE(., lib libobj) K5_GEN_MAKEFILE(crc32, libobj) K5_GEN_MAKEFILE(des, libobj) +K5_GEN_MAKEFILE(dk, libobj) +K5_GEN_MAKEFILE(enc_provider, libobj) +K5_GEN_MAKEFILE(hash_provider, libobj) +K5_GEN_MAKEFILE(keyhash_provider, libobj) K5_GEN_MAKEFILE(md4, libobj) K5_GEN_MAKEFILE(md5, libobj) -K5_GEN_MAKEFILE(os, libobj) -K5_GEN_MAKEFILE(sha, libobj) +K5_GEN_MAKEFILE(old, libobj) +K5_GEN_MAKEFILE(raw, libobj) +K5_GEN_MAKEFILE(sha1, libobj) K5_AC_OUTPUT diff --git a/src/lib/crypto/crc32/ChangeLog b/src/lib/crypto/crc32/ChangeLog index 1ee004262c..5f6e617cb9 100644 --- a/src/lib/crypto/crc32/ChangeLog +++ b/src/lib/crypto/crc32/ChangeLog @@ -1,3 +1,7 @@ +Sun Jul 19 12:00:00 1998 Marc Horowitz <marc@mit.edu> + + * *.c: replace the crypto layer. + Wed Feb 18 16:05:45 1998 Tom Yu <tlyu@mit.edu> * Makefile.in: Remove trailing slash from thisconfigdir. Fix up diff --git a/src/lib/crypto/crc32/Makefile.in b/src/lib/crypto/crc32/Makefile.in index b1ad86bdd8..97ab64cf04 100644 --- a/src/lib/crypto/crc32/Makefile.in +++ b/src/lib/crypto/crc32/Makefile.in @@ -7,25 +7,23 @@ CFLAGS = $(CCOPTS) $(DEFS) ##DOS##OBJFILE=..\crc32.lst ##WIN16##LIBNAME=..\crypto.lib -STLIBOBJS=crc.o -OBJS= crc.$(OBJEXT) -SRCS= $(srcdir)/crc.c +PROG_LIBPATH=-L$(TOPLIBD) +PROG_RPATH=$(KRB5_LIBDIR) -##DOS##LIBOBJS = $(OBJS) +RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf -all-unix:: all-libobjs +STLIBOBJS= crc32.o + +OBJS= crc32.$(OBJEXT) -crctest: crctest.$(OBJEXT) $(OBJS) - $(RM) crctest - $(CC) -o crctest crctest.$(OBJEXT) $(CFLAGS) $(LDFLAGS) $(OBJS) +SRCS= $(srcdir)/crc32.c -crctest.exe: - $(CC) -o crctest.exe $(CFLAGS2) $(SRCS) +##DOS##LIBOBJS = $(OBJS) + +all-unix:: all-libobjs -check:: crctest$(EXEEXT) - $(C)crctest$(EXEEXT) < $(srcdir)$(S)crc-test +includes:: depend -clean:: - $(RM) crctest$(EXEEXT) crctest.$(OBJEXT) +depend:: $(SRCS) clean-unix:: clean-libobjs diff --git a/src/lib/crypto/crc32/crc-32.h b/src/lib/crypto/crc32/crc-32.h index 28d0dc4519..1b05b9ac6a 100644 --- a/src/lib/crypto/crc32/crc-32.h +++ b/src/lib/crypto/crc32/crc-32.h @@ -24,11 +24,41 @@ * Definitions for the CRC-32 checksum */ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + #ifndef KRB5_CRC32__ #define KRB5_CRC32__ -#define CRC32_CKSUM_LENGTH (4*sizeof(krb5_octet)) +#define CRC32_CKSUM_LENGTH 4 + +void +mit_crc32 PROTOTYPE((krb5_const krb5_pointer in, krb5_const size_t in_length, + unsigned long *c)); extern krb5_checksum_entry crc32_cksumtable_entry; diff --git a/src/lib/crypto/crc32/crc32.c b/src/lib/crypto/crc32/crc32.c new file mode 100644 index 0000000000..654981fc9f --- /dev/null +++ b/src/lib/crypto/crc32/crc32.c @@ -0,0 +1,166 @@ +/* + * lib/crypto/crc32/crc.c + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * CRC-32/AUTODIN-II routines + */ + +#include "k5-int.h" +#include "crc-32.h" + +/* This table and block of comments are taken from code labeled: */ +/* + * Copyright (C) 1986 Gary S. Brown. You may use this program, or + * code or tables extracted from it, as desired without restriction. + */ + +/* First, the polynomial itself and its table of feedback terms. The */ +/* polynomial is */ +/* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 */ +/* Note that we take it "backwards" and put the highest-order term in */ +/* the lowest-order bit. The X^32 term is "implied"; the LSB is the */ +/* X^31 term, etc. The X^0 term (usually shown as "+1") results in */ +/* the MSB being 1. */ + +/* Note that the usual hardware shift register implementation, which */ +/* is what we're using (we're merely optimizing it by doing eight-bit */ +/* chunks at a time) shifts bits into the lowest-order term. In our */ +/* implementation, that means shifting towards the right. Why do we */ +/* do it this way? Because the calculated CRC must be transmitted in */ +/* order from highest-order term to lowest-order term. UARTs transmit */ +/* characters in order from LSB to MSB. By storing the CRC this way, */ +/* we hand it to the UART in the order low-byte to high-byte; the UART */ +/* sends each low-bit to hight-bit; and the result is transmission bit */ +/* by bit from highest- to lowest-order term without requiring any bit */ +/* shuffling on our part. Reception works similarly. */ + +/* The feedback terms table consists of 256, 32-bit entries. Notes: */ +/* */ +/* 1. The table can be generated at runtime if desired; code to do so */ +/* is shown later. It might not be obvious, but the feedback */ +/* terms simply represent the results of eight shift/xor opera- */ +/* tions for all combinations of data and CRC register values. */ +/* */ +/* 2. The CRC accumulation logic is the same for all CRC polynomials, */ +/* be they sixteen or thirty-two bits wide. You simply choose the */ +/* appropriate table. Alternatively, because the table can be */ +/* generated at runtime, you can start by generating the table for */ +/* the polynomial in question and use exactly the same "updcrc", */ +/* if your application needn't simultaneously handle two CRC */ +/* polynomials. (Note, however, that XMODEM is strange.) */ +/* */ +/* 3. For 16-bit CRCs, the table entries need be only 16 bits wide; */ +/* of course, 32-bit entries work OK if the high 16 bits are zero. */ +/* */ +/* 4. The values must be right-shifted by eight bits by the "updcrc" */ +/* logic; the shift must be unsigned (bring in zeroes). On some */ +/* hardware you could probably optimize the shift in assembler by */ +/* using byte-swap instructions. */ + +static u_long const crc_table[256] = { + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, + 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, + 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, + 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, + 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, + 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, + 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, + 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, + 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, + 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, + 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, + 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, + 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, + 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, + 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, + 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, + 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, + 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, + 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, + 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, + 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, + 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, + 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, + 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, + 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, + 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, + 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, + 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, + 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, + 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, + 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, + 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, + 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, + 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, + 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, + 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, + 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, + 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, + 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, + 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, + 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, + 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, + 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, + 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, + 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, + 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, + 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, + 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, + 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, + 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, + 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, + 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, + 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, + 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, + 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, + 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, + 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, + 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, + 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, + 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, + 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, + 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, + 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d + }; + +void +mit_crc32(in, in_length, cksum) + krb5_const krb5_pointer in; + krb5_const size_t in_length; + unsigned long *cksum; +{ + register u_char *data; + register u_long c = 0; + register int idx; + size_t i; + + data = (u_char *)in; + for (i = 0; i < in_length; i++) { + idx = (int) (data[i] ^ c); + idx &= 0xff; + c >>= 8; + c ^= crc_table[idx]; + } + + *cksum = c; +} diff --git a/src/lib/crypto/cryptoconf.c b/src/lib/crypto/cryptoconf.c deleted file mode 100644 index 62be745812..0000000000 --- a/src/lib/crypto/cryptoconf.c +++ /dev/null @@ -1,168 +0,0 @@ -/* - * lib/crypto/cryptoconf.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Cryptosystem configurations - */ - -#include "k5-int.h" - -#if defined(PROVIDE_DES_CBC_CRC) || defined(PROVIDE_CRC32) -#include "crc-32.h" -#define CRC32_CKENTRY &crc32_cksumtable_entry -#else -#define CRC32_CKENTRY 0 -#endif - -#ifdef PROVIDE_RSA_MD4 -#include "rsa-md4.h" -#define MD4_CKENTRY &rsa_md4_cksumtable_entry -#define MD4_DES_CKENTRY &rsa_md4_des_cksumtable_entry -#else -#define MD4_CKENTRY 0 -#define MD4_DES_CKENTRY 0 -#endif - -#ifdef PROVIDE_RSA_MD5 -#include "rsa-md5.h" -#define MD5_CKENTRY &rsa_md5_cksumtable_entry -#define MD5_DES_CKENTRY &rsa_md5_des_cksumtable_entry -#else -#define MD5_CKENTRY 0 -#define MD5_DES_CKENTRY 0 -#endif - -#ifdef PROVIDE_NIST_SHA -#include "shs.h" -/* #define SHA_CKENTRY &nist_sha_cksumtable_entry */ -/* #define HMAC_SHA_CKENTRY &hmac_sha_cksumtable_entry */ -#define SHA_CKENTRY 0 -#define HMAC_SHA_CKENTRY 0 -#else -#define SHA_CKENTRY 0 -#define HMAC_SHA_CKENTRY 0 -#endif - -#ifdef PROVIDE_SNEFRU -#define XEROX_CKENTRY &snefru_cksumtable_entry -#else -#define XEROX_CKENTRY 0 -#endif - -#ifdef PROVIDE_DES_CBC_CKSUM -#include "des_int.h" -#define _DES_DONE__ -#define DES_CBC_CKENTRY &krb5_des_cbc_cksumtable_entry -#else -#define DES_CBC_CKENTRY 0 -#endif - -#ifdef PROVIDE_DES_CBC_CRC -#ifndef _DES_DONE__ -#include "des_int.h" -#define _DES_DONE__ -#endif -#define DES_CBC_CRC_CSENTRY &krb5_des_crc_cst_entry -#else -#define DES_CBC_CRC_CSENTRY 0 -#endif - -#ifdef PROVIDE_DES_CBC_MD5 -#ifndef _DES_DONE__ -#include "des_int.h" -#define _DES_DONE__ -#endif -#define DES_CBC_MD5_CSENTRY &krb5_des_md5_cst_entry -#else -#define DES_CBC_MD5_CSENTRY 0 -#endif - -#ifdef PROVIDE_DES_CBC_RAW -#ifndef _DES_DONE__ -#include "des_int.h" -#define _DES_DONE__ -#endif -#define DES_CBC_RAW_CSENTRY &krb5_raw_des_cst_entry -#else -#define DES_CBC_RAW_CSENTRY 0 -#endif - -#ifdef PROVIDE_DES3_CBC_SHA -#ifndef _DES_DONE__ -#include "des_int.h" -#define _DES_DONE__ -#endif -/* Don't try to enable triple DES unless you know what you are doing; */ -/* the current implementation of triple DES is NOT the final and */ -/* correct implementation.!!! */ -/* #define DES3_CBC_SHA_CSENTRY &krb5_des3_sha_cst_entry */ -#define DES3_CBC_SHA_CSENTRY 0 -#else -#define DES3_CBC_SHA_CSENTRY 0 -#endif - -#ifdef PROVIDE_DES3_CBC_RAW -#ifndef _DES_DONE__ -#include "des_int.h" -#define _DES_DONE__ -#endif -/* #define DES3_CBC_RAW_CSENTRY &krb5_des3_raw_cst_entry */ -#define DES3_CBC_RAW_CSENTRY 0 -#else -#define DES3_CBC_RAW_CSENTRY 0 -#endif - - -/* WARNING: - make sure the order of entries in these tables matches the #defines in - "krb5/encryption.h" - */ - -krb5_cs_table_entry * NEAR krb5_enctype_array[] = { - 0, /* ENCTYPE_NULL */ - DES_CBC_CRC_CSENTRY, /* ENCTYPE_DES_CBC_CRC */ - 0, /* ENCTYPE_DES_CBC_MD4 */ - DES_CBC_MD5_CSENTRY, /* ENCTYPE_DES_CBC_MD5 */ - DES_CBC_RAW_CSENTRY, /* ENCTYPE_DES_CBC_RAW */ - DES3_CBC_SHA_CSENTRY, /* ENCTYPE_DES3_CBC_SHA */ - DES3_CBC_RAW_CSENTRY /* ENCTYPE_DES3_CBC_RAW */ -}; - -krb5_enctype krb5_max_enctype = sizeof(krb5_enctype_array)/sizeof(krb5_enctype_array[0]) - 1; - -krb5_checksum_entry * NEAR krb5_cksumarray[] = { - 0, - CRC32_CKENTRY, /* 1 - CKSUMTYPE_CRC32 */ - MD4_CKENTRY, /* 2 - CKSUMTYPE_RSA_MD4 */ - MD4_DES_CKENTRY, /* 3 - CKSUMTYPE_RSA_MD4_DES */ - DES_CBC_CKENTRY, /* 4 - CKSUMTYPE_DESCBC */ - 0, /* 5 - des-mac-k */ - 0, /* 6 - rsa-md4-des-k */ - MD5_CKENTRY, /* 7 - CKSUMTYPE_RSA_MD5 */ - MD5_DES_CKENTRY, /* 8 - CKSUMTYPE_RSA_MD5_DES */ - SHA_CKENTRY, /* 9 - CKSUMTYPE_NIST_SHA */ - HMAC_SHA_CKENTRY /* 10 - CKSUMTYPE_NIST_SHA_DES3 */ -}; - -krb5_cksumtype krb5_max_cksum = sizeof(krb5_cksumarray)/sizeof(krb5_cksumarray[0]); - -#undef _DES_DONE__ diff --git a/src/lib/crypto/decrypt.c b/src/lib/crypto/decrypt.c new file mode 100644 index 0000000000..0d66ec0c0e --- /dev/null +++ b/src/lib/crypto/decrypt.c @@ -0,0 +1,56 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "etypes.h" + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_c_decrypt(context, key, usage, ivec, input, output) + krb5_context context; + krb5_const krb5_keyblock *key; + krb5_keyusage usage; + krb5_const krb5_data *ivec; + krb5_const krb5_enc_data *input; + krb5_data *output; +{ + int i; + + for (i=0; i<krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == key->enctype) + break; + } + + if (i == krb5_enctypes_length) + return(KRB5_BAD_ENCTYPE); + + if ((input->enctype != ENCTYPE_UNKNOWN) && + (krb5_enctypes_list[i].etype != input->enctype)) + return(KRB5_BAD_ENCTYPE); + + return((*(krb5_enctypes_list[i].decrypt)) + (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash, + key, usage, ivec, &input->ciphertext, output)); +} diff --git a/src/lib/crypto/decrypt_data.c b/src/lib/crypto/decrypt_data.c deleted file mode 100644 index ae886d0c9d..0000000000 --- a/src/lib/crypto/decrypt_data.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -#include "k5-int.h" - -/* - * This routine takes a key and a krb5_enc_data structure as input, and - * outputs the decrypted data in a krb5_data structure. Note that - * the krb5_data structure is not allocated. - */ -krb5_error_code -krb5_decrypt_data(context, key, ivec, enc_data, data) - krb5_context context; - krb5_keyblock * key; - krb5_pointer ivec; - krb5_enc_data * enc_data; - krb5_data * data; -{ - krb5_error_code retval; - krb5_encrypt_block eblock; - - krb5_use_enctype(context, &eblock, key->enctype); - data->length = enc_data->ciphertext.length; - if (!(data->data = malloc(data->length))) - return ENOMEM; - - if ((retval = krb5_process_key(context, &eblock, key)) != 0) - goto cleanup; - - if ((retval = krb5_decrypt(context, - (krb5_pointer) enc_data->ciphertext.data, - (krb5_pointer) data->data, - enc_data->ciphertext.length, &eblock, ivec))) { - krb5_finish_key(context, &eblock); - goto cleanup; - } - (void) krb5_finish_key(context, &eblock); - - return 0; - -cleanup: - if (data->data) { - free(data->data); - data->data = 0; - } - return retval; -} diff --git a/src/lib/crypto/des/.rconf b/src/lib/crypto/des/.rconf deleted file mode 100644 index b886964867..0000000000 --- a/src/lib/crypto/des/.rconf +++ /dev/null @@ -1,8 +0,0 @@ -ignore fp.c -ignore ip.c -ignore key_perm.h -ignore odd.h -ignore p.c -ignore p_table.h -ignore s_table.h -ignore doc diff --git a/src/lib/crypto/des/ChangeLog b/src/lib/crypto/des/ChangeLog index e236a9cb96..70c431aa5c 100644 --- a/src/lib/crypto/des/ChangeLog +++ b/src/lib/crypto/des/ChangeLog @@ -1,3 +1,7 @@ +Sun Jul 19 12:00:00 1998 Marc Horowitz <marc@mit.edu> + + * *.c: replace the crypto layer. + Wed Feb 18 16:06:23 1998 Tom Yu <tlyu@mit.edu> * Makefile.in: Remove trailing slash from thisconfigdir. Fix up diff --git a/src/lib/crypto/des/FUNCTIONS b/src/lib/crypto/des/FUNCTIONS deleted file mode 100644 index 7ed082e32d..0000000000 --- a/src/lib/crypto/des/FUNCTIONS +++ /dev/null @@ -1,26 +0,0 @@ -File Function Where? - -weak_key.c mit_des_is_weak_key crypto -string2key.c mit_des_string_to_key ? -random_key.c mit_des_random_key ? -process_ky.c mit_des_process_key ? -new_rn_key.c mit_des_new_random_key ? - mit_des_init_random_number_generator ? - mit_des_set_random_generator_seed ? - mit_des_set_sequence_number ? - mit_des_generate_random_block ? -krb_glue.c mit_des_encrypt_func ? - mit_des_decrypt_func ? -key_sched.c mit_des_key_sched crypto -key_parity.c mit_des_fixup_key_parity crypto - mit_des_check_key_parity crypto -init_rkey.c mit_des_init_random_key crypto -finish_key.c mit_des_finish_key crypto -fin_rndkey.c mit_des_finish_random_key crypto -enc_dec.c mit_des_cbc_encrypt crypto -des.c mit_des_ecb_encrypt crypto -cs_entry.c (var) mit_des_cryptosystem_entry krb5 - (var) krb5_des_cst_entry krb5 - (var) mit_des_cbc_cksumtable_entry krb5 -cksum.c mit_des_cbc_cksum crypto -cbc_cksum.c mit_des_cbc_checksum crypto diff --git a/src/lib/crypto/des/Makefile.in b/src/lib/crypto/des/Makefile.in index 3f9311b96e..fdef9e869a 100644 --- a/src/lib/crypto/des/Makefile.in +++ b/src/lib/crypto/des/Makefile.in @@ -13,77 +13,41 @@ PROG_RPATH=$(KRB5_LIBDIR) RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf STLIBOBJS=\ - afsstring2key.o \ - cbc_cksum.o \ - finish_key.o \ - fin_rndkey.o \ - init_rkey.o \ - process_ky.o \ - random_key.o \ - string2key.o \ - key_sched.o \ - weak_key.o \ + afsstring2key.o \ + d3_cbc.o \ + d3_kysched.o \ f_cbc.o \ - f_cksum.o \ - f_sched.o \ - f_ecb.o \ + f_cksum.o \ f_parity.o \ + f_sched.o \ f_tables.o \ - d3_cbc.o \ - d3_ecb.o \ - d3_kysched.o \ - d3_procky.o \ - d3_str2ky.o \ - u_nfold.o \ - u_rn_key.o - -OBJS= afsstring2key.$(OBJEXT) \ - cbc_cksum.$(OBJEXT) \ - finish_key.$(OBJEXT) \ - fin_rndkey.$(OBJEXT) \ - init_rkey.$(OBJEXT) \ - process_ky.$(OBJEXT) \ - random_key.$(OBJEXT) \ - string2key.$(OBJEXT) \ - key_sched.$(OBJEXT) \ - weak_key.$(OBJEXT) \ + key_sched.o \ + string2key.o \ + weak_key.o + +OBJS= afsstring2key.$(OBJEXT) \ + d3_cbc.$(OBJEXT) \ + d3_kysched.$(OBJEXT) \ f_cbc.$(OBJEXT) \ - f_cksum.$(OBJEXT) \ - f_sched.$(OBJEXT) \ - f_ecb.$(OBJEXT) \ + f_cksum.$(OBJEXT) \ f_parity.$(OBJEXT) \ + f_sched.$(OBJEXT) \ f_tables.$(OBJEXT) \ - d3_cbc.$(OBJEXT) \ - d3_ecb.$(OBJEXT) \ - d3_kysched.$(OBJEXT) \ - d3_procky.$(OBJEXT) \ - d3_str2ky.$(OBJEXT) \ - u_nfold.$(OBJEXT) \ - u_rn_key.$(OBJEXT) - -SRCS= $(srcdir)/afsstring2key.c \ - $(srcdir)/cbc_cksum.c \ - $(srcdir)/finish_key.c \ - $(srcdir)/fin_rndkey.c \ - $(srcdir)/init_rkey.c \ - $(srcdir)/process_ky.c \ - $(srcdir)/random_key.c \ - $(srcdir)/string2key.c \ + key_sched.$(OBJEXT) \ + string2key.$(OBJEXT) \ + weak_key.$(OBJEXT) + +SRCS= $(srcdir)/afsstring2key.c \ + $(srcdir)/d3_cbc.c \ + $(srcdir)/d3_kysched.c \ + $(srcdir)/f_cbc.c \ + $(srcdir)/f_cksum.c \ + $(srcdir)/f_parity.c \ + $(srcdir)/f_sched.c \ + $(srcdir)/f_tables.c \ $(srcdir)/key_sched.c \ $(srcdir)/weak_key.c \ - $(srcdir)/f_cbc.c \ - $(srcdir)/f_cksum.c \ - $(srcdir)/f_sched.c \ - $(srcdir)/f_ecb.c \ - $(srcdir)/f_parity.c \ - $(srcdir)/f_tables.c \ - $(srcdir)/d3_cbc.c \ - $(srcdir)/d3_ecb.c \ - $(srcdir)/d3_kysched.c \ - $(srcdir)/d3_procky.c \ - $(srcdir)/d3_str2ky.c \ - $(srcdir)/u_nfold.c \ - $(srcdir)/u_rn_key.c + $(srcdir)/string2key.c ##DOS##LIBOBJS = $(OBJS) @@ -93,22 +57,18 @@ includes:: depend depend:: $(SRCS) -# FIXME, this is left from the previous DES implementation. -clean:: - $(RM) fp.c ip.c key_perm.h odd.h p.c p_table.h s_table.h - -verify$(EXEEXT): t_verify.$(OBJEXT) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o $@ t_verify.$(OBJEXT) process_ky.o key_sched.o \ - ../cryptoconf.o ../des_crc.o $(KRB5_BASE_LIBS) +TOBJS = key_sched.$(OBJEXT) f_sched.$(OBJEXT) f_cbc.$(OBJEXT) \ + f_tables.$(OBJEXT) f_cksum.$(OBJEXT) -destest$(EXEEXT): destest.$(OBJEXT) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o $@ destest.$(OBJEXT) process_ky.o key_sched.o \ - ../cryptoconf.o ../des_crc.o $(KRB5_BASE_LIBS) +verify$(EXEEXT): t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \ + $(COM_ERR_DEPLIB) + $(CC_LINK) -o $@ t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \ + -lcom_err -t_random$(EXEEXT): t_random.$(OBJEXT) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o $@ t_random.$(OBJEXT) $(KRB5_BASE_LIBS) +destest$(EXEEXT): destest.$(OBJEXT) $(TOBJS) + $(CC_LINK) -o $@ destest.$(OBJEXT) $(TOBJS) -check-unix:: destest verify +check-unix:: verify destest $(RUN_SETUP) ./verify -z $(RUN_SETUP) ./verify -m $(RUN_SETUP) ./verify @@ -118,6 +78,6 @@ check-windows:: clean:: $(RM) destest$(EXEEXT) verify$(EXEEXT) destest.$(OBJEXT) \ - t_verify.$(OBJEXT) t_random.$(OBJEXT) t_random$(EXEEXT) + t_verify.$(OBJEXT) clean-unix:: clean-libobjs diff --git a/src/lib/crypto/des/afsstring2key.c b/src/lib/crypto/des/afsstring2key.c index 36c42c4823..7eac0807c2 100644 --- a/src/lib/crypto/des/afsstring2key.c +++ b/src/lib/crypto/des/afsstring2key.c @@ -6,6 +6,32 @@ * constructed by Mark Eichin, Cygnus Support, 1995. */ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + #include "k5-int.h" #include "des_int.h" #include <ctype.h> @@ -13,8 +39,7 @@ static char *afs_crypt PROTOTYPE((char*,char*)); krb5_error_code -mit_afs_string_to_key (eblock, keyblock, data, salt) - const krb5_encrypt_block FAR * eblock; +mit_afs_string_to_key (keyblock, data, salt) krb5_keyblock FAR * keyblock; const krb5_data FAR * data; const krb5_data FAR * salt; @@ -29,7 +54,7 @@ mit_afs_string_to_key (eblock, keyblock, data, salt) register krb5_octet *key = keyblock->contents; if (data->length <= 8) { - char password[9]; /* trailing null for crypt() */ + char password[9]; /* trailing nul for crypt() */ strncpy(password, realm, 8); for (i=0; i<8; i++) if (isupper(password[i])) @@ -39,6 +64,7 @@ mit_afs_string_to_key (eblock, keyblock, data, salt) for (i=0; i<8; i++) if (password[i] == '\0') password[i] = 'X'; + password[8] = '\0'; strncpy(key, (char *) afs_crypt(password, "#~") + 2, 8); for (i=0; i<8; i++) key[i] <<= 1; diff --git a/src/lib/crypto/des/cbc_cksum.c b/src/lib/crypto/des/cbc_cksum.c deleted file mode 100644 index 29a38a0a59..0000000000 --- a/src/lib/crypto/des/cbc_cksum.c +++ /dev/null @@ -1,164 +0,0 @@ -/* - * lib/crypto/des/cbc_cksum.c - * - * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Under U.S. law, this software may not be exported outside the US - * without license from the U.S. Commerce department. - * - * These routines form the library interface to the DES facilities. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - */ - -#include "k5-int.h" -#include "des_int.h" - -/* - produces cbc cheksum of sequence "in" of the length "in_length" - with the help of key "key" of size "key_size" (which should be 8); - fills out krb5_checksum structure. - - caller is responsible for allocating & freeing "contents" element in - krb5_checksum structure. - - returns: errors -*/ - -static krb5_error_code mit_des_cbc_checksum - PROTOTYPE((krb5_const krb5_pointer, - krb5_const size_t, - krb5_const krb5_pointer, - krb5_const size_t, - krb5_checksum FAR * )); - -static krb5_error_code mit_des_cbc_verf_cksum - PROTOTYPE ((krb5_const krb5_checksum FAR *, - krb5_const krb5_pointer, - krb5_const size_t, - krb5_const krb5_pointer, - krb5_const size_t )); - -static krb5_error_code -mit_des_cbc_checksum(in, in_length, key, key_size, cksum) - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer key; - krb5_const size_t key_size; - krb5_checksum FAR * cksum; -{ - struct mit_des_ks_struct *schedule; /* pointer to key schedules */ - - if (cksum->length < sizeof(mit_des_cblock)) - return KRB5_BAD_MSIZE; - if (key_size != sizeof(mit_des_cblock)) - return KRB5_BAD_KEYSIZE; - - if (!(schedule = (struct mit_des_ks_struct *) malloc(sizeof(mit_des_key_schedule)))) - return ENOMEM; - -#define cleanup() { memset((char *)schedule, 0, sizeof(mit_des_key_schedule));\ - free( (char *) schedule); } - - switch (mit_des_key_sched ((krb5_octet *)key, schedule)) { - case -1: - cleanup(); - return KRB5DES_BAD_KEYPAR; - - case -2: - cleanup(); - return KRB5DES_WEAK_KEY; - - default: - ; - } - - cksum->checksum_type = CKSUMTYPE_DESCBC; - cksum->length = sizeof(mit_des_cblock); - mit_des_cbc_cksum(in, cksum->contents, in_length, schedule, key); - - cleanup(); - - return 0; -} - -static krb5_error_code -mit_des_cbc_verf_cksum(cksum, in, in_length, key, key_size) - krb5_const krb5_checksum FAR * cksum; - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer key; - krb5_const size_t key_size; -{ - struct mit_des_ks_struct *schedule; /* pointer to key schedules */ - mit_des_cblock contents; - krb5_error_code retval; - - if (key_size != sizeof(mit_des_cblock)) - return KRB5_BAD_KEYSIZE; - - if (!(schedule = (struct mit_des_ks_struct *) malloc(sizeof(mit_des_key_schedule)))) - return ENOMEM; - -#define cleanup() { memset((char *)schedule, 0, sizeof(mit_des_key_schedule));\ - free( (char *) schedule); } - - switch (mit_des_key_sched ((krb5_octet *)key, schedule)) { - case -1: - cleanup(); - return KRB5DES_BAD_KEYPAR; - - case -2: - cleanup(); - return KRB5DES_WEAK_KEY; - - default: - ; - } - - mit_des_cbc_cksum(in, contents, in_length, schedule, key); - - retval = 0; - if (cksum->checksum_type == CKSUMTYPE_DESCBC) { - if (cksum->length == sizeof(mit_des_cblock)) { - if (memcmp((char *) cksum->contents, - (char *) contents, - sizeof(mit_des_cblock))) - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - else - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - else - retval = KRB5KRB_AP_ERR_INAPP_CKSUM; - cleanup(); - - return retval; -} - -krb5_checksum_entry krb5_des_cbc_cksumtable_entry = { - 0, - mit_des_cbc_checksum, - mit_des_cbc_verf_cksum, - sizeof(mit_des_cblock), - 1, /* is collision proof */ - 1, /* is keyed */ -}; diff --git a/src/lib/crypto/des/d3_ecb.c b/src/lib/crypto/des/d3_ecb.c deleted file mode 100644 index 306f97dd60..0000000000 --- a/src/lib/crypto/des/d3_ecb.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 1995 by Richard P. Basch. All Rights Reserved. - * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. Richard P. Basch, - * Lehman Brothers and M.I.T. make no representations about the suitability - * of this software for any purpose. It is provided "as is" without - * express or implied warranty. - */ - -#include "des_int.h" -#include "f_tables.h" - -/* - * Triple-DES ECB encryption mode. - */ - -int -mit_des3_ecb_encrypt(in, out, sched1, sched2, sched3, encrypt) - const mit_des_cblock FAR *in; - mit_des_cblock FAR *out; - mit_des_key_schedule sched1, sched2, sched3; - int encrypt; -{ - if (encrypt) { - mit_des_ecb_encrypt(in, out, sched1, encrypt); - mit_des_ecb_encrypt(out, out, sched2, !encrypt); - mit_des_ecb_encrypt(out, out, sched3, encrypt); - } else { - mit_des_ecb_encrypt(in, out, sched3, encrypt); - mit_des_ecb_encrypt(out, out, sched2, !encrypt); - mit_des_ecb_encrypt(out, out, sched1, encrypt); - } - return 0; -} diff --git a/src/lib/crypto/des/d3_procky.c b/src/lib/crypto/des/d3_procky.c deleted file mode 100644 index 9c969a823b..0000000000 --- a/src/lib/crypto/des/d3_procky.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 1995 by Richard P. Basch. All Rights Reserved. - * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. Richard P. Basch, - * Lehman Brothers and M.I.T. make no representations about the suitability - * of this software for any purpose. It is provided "as is" without - * express or implied warranty. - */ - -#include "k5-int.h" -#include "des_int.h" - -krb5_error_code -mit_des3_process_key (eblock, keyblock) - krb5_encrypt_block * eblock; - const krb5_keyblock * keyblock; -{ - struct mit_des_ks_struct *schedule; /* pointer to key schedules */ - - if ((keyblock->enctype != ENCTYPE_DES3_CBC_SHA) && - (keyblock->enctype != ENCTYPE_DES3_CBC_RAW)) - return KRB5_PROG_ETYPE_NOSUPP; - - if (keyblock->length != sizeof (mit_des3_cblock)) - return KRB5_BAD_KEYSIZE; - - if ( !(schedule = (struct mit_des_ks_struct *) malloc(3*sizeof(mit_des_key_schedule))) ) - return ENOMEM; -#define cleanup() { free( (char *) schedule); } - - switch (mit_des3_key_sched (*(mit_des3_cblock *)keyblock->contents, - *(mit_des3_key_schedule *)schedule)) { - case -1: - cleanup(); - return KRB5DES_BAD_KEYPAR; - - case -2: - cleanup(); - return KRB5DES_WEAK_KEY; - } - - eblock->key = (krb5_keyblock *) keyblock; - eblock->priv = (krb5_pointer) schedule; - eblock->priv_size = (krb5_int32) 3*sizeof(mit_des_key_schedule); - - return 0; -} diff --git a/src/lib/crypto/des/d3_str2ky.c b/src/lib/crypto/des/d3_str2ky.c deleted file mode 100644 index ed9f5183d2..0000000000 --- a/src/lib/crypto/des/d3_str2ky.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright 1995 by Richard P. Basch. All Rights Reserved. - * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. Richard P. Basch, - * Lehman Brothers and M.I.T. make no representations about the suitability - * of this software for any purpose. It is provided "as is" without - * express or implied warranty. - */ - -#include "k5-int.h" -#include "des_int.h" - -/* - * Triple-DES string-to-key algorithm - * - * 168-fold the input string (appended with any salt), and treat the resulting - * 168 bits as three DES keys sans parity. Process each set of 56 bits into - * a usable DES key with odd parity, and twice encrypt the set of three usable - * DES keys using Triple-DES CBC mode. The result is then treated as three - * DES keys, and should be corrected for parity. Any DES key that is weak or - * semi-weak is to be corrected by eXclusive-ORing with 00000000000000F0. - */ - -static mit_des_cblock zero_ivec = { 0, 0, 0, 0, 0, 0, 0, 0 }; - -krb5_error_code -mit_des3_string_to_key (eblock, keyblock, data, salt) -const krb5_encrypt_block FAR * eblock; -krb5_keyblock FAR * keyblock; -const krb5_data FAR * data; -const krb5_data FAR * salt; -{ - char *copystr; - mit_des_cblock *key; - unsigned int j; - - int length; - mit_des3_key_schedule ks; - krb5_enctype enctype = eblock->crypto_entry->proto_enctype; - - if ((enctype == ENCTYPE_DES3_CBC_SHA) || - (enctype == ENCTYPE_DES3_CBC_RAW)) - keyblock->length = sizeof(mit_des3_cblock); - else - return (KRB5_PROG_ETYPE_NOSUPP); - - if ( !(keyblock->contents = (krb5_octet *)malloc(keyblock->length)) ) - return(ENOMEM); - - keyblock->magic = KV5M_KEYBLOCK; - keyblock->enctype = enctype; - key = (mit_des_cblock *)keyblock->contents; - - if (salt) - length = data->length + salt->length; - else - length = data->length; - - if (length < keyblock->length) - length = keyblock->length; - - copystr = malloc((size_t) length); - if (!copystr) { - free(keyblock->contents); - keyblock->contents = 0; - return ENOMEM; - } - - memset(copystr, 0, length); - memcpy(copystr, (char *) data->data, data->length); - if (salt) - memcpy(copystr + data->length, (char *)salt->data, salt->length); - - /* n-fold into des3 key sans parity */ - if (mit_des_n_fold(copystr, length, keyblock->contents, - keyblock->length * 7 / 8)) - return EINVAL; - - /* Add space for parity (low bit) */ - for (j = keyblock->length; j--; ) { - register int k; - - k = (8-(j%8)) & 7; - keyblock->contents[j] = - ((keyblock->contents[j*7/8] << k) & 0xfe) + - ((k>1) ? keyblock->contents[j*7/8 +1] >> (8-k) : 0); - } - - /* fix key parity */ - for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++) { - mit_des_fixup_key_parity(key[j]); - if (mit_des_is_weak_key(key[j])) - ((krb5_octet *)(key[j]))[7] ^= 0xf0; - } - - /* Now, CBC encrypt with itself */ - (void) mit_des3_key_sched(*((mit_des3_cblock *)key), ks); - (void) mit_des3_cbc_encrypt(key, key, keyblock->length, - ((mit_des_key_schedule *)ks)[0], - ((mit_des_key_schedule *)ks)[1], - ((mit_des_key_schedule *)ks)[2], - zero_ivec, TRUE); - (void) mit_des3_cbc_encrypt(key, key, keyblock->length, - ((mit_des_key_schedule *)ks)[0], - ((mit_des_key_schedule *)ks)[1], - ((mit_des_key_schedule *)ks)[2], - key[2], TRUE); - - /* erase key_sked */ - memset((char *)ks, 0, sizeof(ks)); - - /* clean & free the input string */ - memset(copystr, 0, (size_t) length); - krb5_xfree(copystr); - - /* now fix up key parity again */ - for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++) { - mit_des_fixup_key_parity(key[j]); - if (mit_des_is_weak_key(key[j])) - ((krb5_octet *)(key[j]))[7] ^= 0xf0; - } - - return 0; -} diff --git a/src/lib/crypto/des/des.h b/src/lib/crypto/des/des.h deleted file mode 100644 index bd0a30b370..0000000000 --- a/src/lib/crypto/des/des.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * include/des.h - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * <mit-copyright.h>. - * - * Include file for the Data Encryption Standard library. - */ - -/* only do the whole thing once */ -#ifndef DES_DEFS -#define DES_DEFS - -#include "k5-int.h" - -#ifndef DES_INT32 -#ifdef SIZEOF_INT -#if SIZEOF_INT >= 4 -#define DES_INT32 int -#else -#define DES_INT32 long -#endif -#else /* !defined(SIZEOF_INT) */ -#include <limits.h> -#if (UINT_MAX >= 0xffffffff) -#define DES_INT32 int -#else -#define DES_INT32 long -#endif -#endif /* !defined(SIZEOF_INT) */ -#endif /* !defined(DES_INT32) */ - -#ifndef DES_UINT32 -#define DES_UINT32 unsigned DES_INT32 -#endif - -#ifndef NCOMPAT -#define C_Block des_cblock -#define Key_schedule des_key_schedule -#define ENCRYPT DES_ENCRYPT -#define DECRYPT DES_DECRYPT -#define KEY_SZ DES_KEY_SZ -#define string_to_key des_string_to_key -#define read_pw_string des_read_pw_string -#define random_key des_random_key -#define pcbc_encrypt des_pcbc_encrypt -#define key_sched des_key_sched -#define cbc_encrypt des_cbc_encrypt -#define cbc_cksum des_cbc_cksum -#define C_Block_print des_cblock_print -#define quad_cksum des_quad_cksum -typedef struct des_ks_struct bit_64; -#endif - -#define des_cblock_print(x) des_cblock_print_file(x, stdout) - -#endif /* DES_DEFS */ diff --git a/src/lib/crypto/des/des_int.h b/src/lib/crypto/des/des_int.h index df8e9ca1ed..0f81908615 100644 --- a/src/lib/crypto/des/des_int.h +++ b/src/lib/crypto/des/des_int.h @@ -24,6 +24,32 @@ * Private include file for the Data Encryption Standard library. */ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + /* only do the whole thing once */ #ifndef DES_INTERNAL_DEFS #define DES_INTERNAL_DEFS @@ -112,8 +138,7 @@ error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) /* afsstring2key.c */ extern krb5_error_code mit_afs_string_to_key - PROTOTYPE((const krb5_encrypt_block FAR *eblock, - krb5_keyblock FAR *keyblock, + PROTOTYPE((krb5_keyblock FAR *keyblock, const krb5_data FAR *data, const krb5_data FAR *salt)); diff --git a/src/lib/crypto/des/destest.c b/src/lib/crypto/des/destest.c index 1e077a4239..bf442e8698 100644 --- a/src/lib/crypto/des/destest.c +++ b/src/lib/crypto/des/destest.c @@ -25,20 +25,43 @@ */ -#include "k5-int.h" +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + #include "des_int.h" #include "com_err.h" -extern int errno; -extern mit_des_ecb_encrypt(); - #include <stdio.h> - void convert PROTOTYPE((char *, unsigned char [])); void des_cblock_print_file PROTOTYPE((mit_des_cblock, FILE *)); +char zeroblock[8] = {0,0,0,0,0,0,0,0}; + void main(argc, argv) int argc; @@ -46,38 +69,23 @@ char *argv[]; { char block1[17], block2[17], block3[17]; - krb5_encrypt_block eblock; - krb5_keyblock keyblock; - krb5_context context; mit_des_cblock key, input, output, output2; - krb5_error_code retval; + mit_des_key_schedule sched; int num = 0; + int retval; int error = 0; - /* This is a crock and we know it... We win because - none of these tests rely on a valid context pointer */ - context = 0; - - /* do some initialisation */ - initialize_krb5_error_table(); - - krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_CRC); - keyblock.magic = KV5M_KEYBLOCK; - keyblock.enctype = ENCTYPE_DES_CBC_CRC; - keyblock.length = sizeof (mit_des_cblock); - keyblock.contents = (krb5_octet *)key; while (scanf("%16s %16s %16s", block1, block2, block3) == 3) { convert(block1, key); convert(block2, input); convert(block3, output); - if (retval = krb5_process_key(context, &eblock,&keyblock)) { - com_err("des test", retval, "can't process key"); - exit(-1); + if (retval = mit_des_key_sched(key, sched)) { + fprintf(stderr, "des test: can't process key"); + exit(1); } - mit_des_ecb_encrypt(&input, &output2, - (struct mit_des_ks_struct *)eblock.priv,1); + mit_des_cbc_encrypt(&input, &output2, 8, sched, zeroblock, 1); if (memcmp((char *)output2, (char *)output, 8)) { fprintf(stderr, @@ -91,8 +99,7 @@ char *argv[]; /* * Now try decrypting.... */ - mit_des_ecb_encrypt(&output, &output2, - (struct mit_des_ks_struct *)eblock.priv,0); + mit_des_cbc_encrypt(&output, &output2, 8, sched, zeroblock, 0); if (memcmp((char *)output2, (char *)input, 8)) { fprintf(stderr, @@ -103,10 +110,6 @@ char *argv[]; error++; } - if (retval = krb5_finish_key(context, &eblock)) { - com_err("des verify", retval, "can't finish key"); - exit(-1); - } num++; } @@ -157,7 +160,6 @@ unsigned char cblock[]; * Fake out the DES library, for the purposes of testing. */ -#include "des.h" #include "des_int.h" int diff --git a/src/lib/crypto/des/f_README b/src/lib/crypto/des/f_README deleted file mode 100644 index 0d381e3739..0000000000 --- a/src/lib/crypto/des/f_README +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 1990 Dennis Ferguson. All rights reserved. - * - * Commercial use is permitted only if products which are derived from - * or include this software are made available for purchase and/or use - * in Canada. Otherwise, redistribution and use in source and binary - * forms are permitted. - */ - -Sorry about the poor quality of installation instructions. Included -here are replacements for the DES portions of Eric Young's kerberos -DES library replacement. To use this you will need his distribution. -Untar the latter and: - -(1) Copy all .c and .h files into the distribution directory. This will - overwrite some files and add others. - -(2) Apply the patch included here to set_key.c in the distribution directory. - -(3) Edit the Imakefile (or the Makefile) to include the following files - on the SRCS= line: - - des_tables.c ecb_buffer.c make_sched.c - - Add the following files to the OBJS= line: - - des_tables.o ecb_buffer.o make_sched.o - - Add the following file to the CODE= line: - - des_tables.h - -Recompile and you're done. - -The salient differences between this DES and Eric Young's are as follows: - -(1) There are no dependencies on byte ordering, the ability to do - unaligned loads and stores, or any other machine dependencies - that I know of. There are no #ifdef's. The code could probably - be made faster by adding such things, but not enough to be worth - it. - -(2) Combined S and P tables are used for the inner loop of the cipher - routine and the E expansion is computed on the fly, like Eric - Young's code, but the computation is reordered from the standard - to save instructions. - -(3) The initial and final permutations are table driven, and take - about the same amount of work as a single round of the inner - loop (i.e. only about 12% of the work done for an ecb encryption - is spent in the IP and FP code). - -(4) Since NTP (for which this DES was originally implemented) uses - lots of keys to encrypt small things, the key permutation code - has been well worked over and is quite speedy (the amount of - work required to permute a key is on the order of that required - to do a single ECB encryption, more or less). - -(5) Since the code required to do an ECB encryption using the tables - is actually fairly compact, even with lots of inlining, it was - implemented as a macro and is expanded in situ where needed. - -On the one machine I ran a comparison on this code ran 80% faster than -Eric's, compiled into a slightly smaller space, and did pass destest. -I suspect this stuff is also faster, and not a lot larger, than the -library MIT doesn't export with kerberos. You mileage may vary. - -The silly copyright was a (probably ineffective) afterthought. If it -really inconveniences you give me a call. diff --git a/src/lib/crypto/des/f_ecb.c b/src/lib/crypto/des/f_ecb.c deleted file mode 100644 index a1d1dcb0c7..0000000000 --- a/src/lib/crypto/des/f_ecb.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 1990 Dennis Ferguson. All rights reserved. - * - * Commercial use is permitted only if products which are derived from - * or include this software are made available for purchase and/or use - * in Canada. Otherwise, redistribution and use in source and binary - * forms are permitted. - */ - -/* - * des_ecb_encrypt.c - do an encryption in ECB mode - */ -#include "des_int.h" -#include "f_tables.h" - -/* - * des_ecb_encrypt - {en,de}crypt a block in ECB mode - */ -int -mit_des_ecb_encrypt(in, out, schedule, encrypt) - const mit_des_cblock *in; - mit_des_cblock *out; - mit_des_key_schedule schedule; - int encrypt; -{ - register unsigned DES_INT32 left, right; - register unsigned DES_INT32 temp; - register int i; - - { - /* - * Need a temporary for copying the data in - */ - register unsigned char *datap; - - /* - * Copy the input block into the registers - */ - datap = (unsigned char *)in; - GET_HALF_BLOCK(left, datap); - GET_HALF_BLOCK(right, datap); - } - - /* - * Do the initial permutation. - */ - DES_INITIAL_PERM(left, right, temp); - - /* - * Now the rounds. Use different code depending on whether it - * is an encryption or a decryption (gross, should keep both - * sets of keys in the key schedule instead). - */ - if (encrypt) { - register unsigned DES_INT32 *kp; - - kp = (unsigned DES_INT32 *)schedule; - for (i = 0; i < 8; i++) { - DES_SP_ENCRYPT_ROUND(left, right, temp, kp); - DES_SP_ENCRYPT_ROUND(right, left, temp, kp); - } - } else { - register unsigned DES_INT32 *kp; - - /* - * Point kp past end of schedule - */ - kp = ((unsigned DES_INT32 *)schedule) + (2 * 16);; - for (i = 0; i < 8; i++) { - DES_SP_DECRYPT_ROUND(left, right, temp, kp); - DES_SP_DECRYPT_ROUND(right, left, temp, kp); - } - } - - /* - * Do the final permutation - */ - DES_FINAL_PERM(left, right, temp); - - /* - * Finally, copy the result out a byte at a time - */ - { - register unsigned char *datap; - - datap = (unsigned char *)out; - PUT_HALF_BLOCK(left, datap); - PUT_HALF_BLOCK(right, datap); - } - - /* - * return nothing - */ - return (0); -} diff --git a/src/lib/crypto/des/f_pcbc.c b/src/lib/crypto/des/f_pcbc.c deleted file mode 100644 index cb445446b9..0000000000 --- a/src/lib/crypto/des/f_pcbc.c +++ /dev/null @@ -1,207 +0,0 @@ -/* - * Copyright (c) 1990 Dennis Ferguson. All rights reserved. - * - * Commercial use is permitted only if products which are derived from - * or include this software are made available for purchase and/or use - * in Canada. Otherwise, redistribution and use in source and binary - * forms are permitted. - */ - -/* - * des_pcbc_encrypt.c - encrypt a string of characters in error propagation mode - */ -#include "des_int.h" -#include "f_tables.h" - -/* - * des_pcbc_encrypt - {en,de}crypt a stream in PCBC mode - */ -int -mit_des_pcbc_encrypt(in, out, length, schedule, ivec, encrypt) - mit_des_cblock *in; - mit_des_cblock *out; - long length; - mit_des_key_schedule schedule; - mit_des_cblock ivec; - int encrypt; -{ - register unsigned DES_INT32 left, right; - register unsigned DES_INT32 temp; - register unsigned DES_INT32 *kp; - register unsigned char *ip, *op; - - /* - * Copy the key pointer, just once - */ - kp = (unsigned DES_INT32 *)schedule; - - /* - * Deal with encryption and decryption separately. - */ - if (encrypt) { - register unsigned DES_INT32 plainl; - register unsigned DES_INT32 plainr; - - /* - * Initialize left and right with the contents of the initial - * vector. - */ - ip = (unsigned char *)ivec; - GET_HALF_BLOCK(left, ip); - GET_HALF_BLOCK(right, ip); - - /* - * Suitably initialized, now work the length down 8 bytes - * at a time. - */ - ip = (unsigned char *)in; - op = (unsigned char *)out; - while (length > 0) { - /* - * Get block of input. If the length is - * greater than 8 this is straight - * forward. Otherwise we have to fart around. - */ - if (length > 8) { - GET_HALF_BLOCK(plainl, ip); - GET_HALF_BLOCK(plainr, ip); - left ^= plainl; - right ^= plainr; - length -= 8; - } else { - /* - * Oh, shoot. We need to pad the - * end with zeroes. Work backwards - * to do this. We know this is the - * last block, though, so we don't have - * to save the plain text. - */ - ip += (int) length; - switch(length) { - case 8: - right ^= *(--ip) & FF_UINT32; - case 7: - right ^= (*(--ip) & FF_UINT32) << 8; - case 6: - right ^= (*(--ip) & FF_UINT32) << 16; - case 5: - right ^= (*(--ip) & FF_UINT32) << 24; - case 4: - left ^= *(--ip) & FF_UINT32; - case 3: - left ^= (*(--ip) & FF_UINT32) << 8; - case 2: - left ^= (*(--ip) & FF_UINT32) << 16; - case 1: - left ^= (*(--ip) & FF_UINT32) << 24; - break; - } - length = 0; - } - - /* - * Encrypt what we have - */ - DES_DO_ENCRYPT(left, right, temp, kp); - - /* - * Copy the results out - */ - PUT_HALF_BLOCK(left, op); - PUT_HALF_BLOCK(right, op); - - /* - * Xor with the old plain text - */ - left ^= plainl; - right ^= plainr; - } - } else { - /* - * Decrypting is harder than encrypting because of - * the necessity of remembering a lot more things. - * Should think about this a little more... - */ - unsigned DES_INT32 ocipherl, ocipherr; - unsigned DES_INT32 cipherl, cipherr; - - if (length <= 0) - return 0; - - /* - * Prime the old cipher with ivec. - */ - ip = (unsigned char *)ivec; - GET_HALF_BLOCK(ocipherl, ip); - GET_HALF_BLOCK(ocipherr, ip); - - /* - * Now do this in earnest until we run out of length. - */ - ip = (unsigned char *)in; - op = (unsigned char *)out; - for (;;) { /* check done inside loop */ - /* - * Read a block from the input into left and - * right. Save this cipher block for later. - */ - GET_HALF_BLOCK(left, ip); - GET_HALF_BLOCK(right, ip); - cipherl = left; - cipherr = right; - - /* - * Decrypt this. - */ - DES_DO_DECRYPT(left, right, temp, kp); - - /* - * Xor with the old cipher to get plain - * text. Output 8 or less bytes of this. - */ - left ^= ocipherl; - right ^= ocipherr; - if (length > 8) { - length -= 8; - PUT_HALF_BLOCK(left, op); - PUT_HALF_BLOCK(right, op); - /* - * Save current cipher block here - */ - ocipherl = cipherl ^ left; - ocipherr = cipherr ^ right; - } else { - /* - * Trouble here. Start at end of output, - * work backwards. - */ - op += (int) length; - switch(length) { - case 8: - *(--op) = (unsigned char) (right & 0xff); - case 7: - *(--op) = (unsigned char) ((right >> 8) & 0xff); - case 6: - *(--op) = (unsigned char) ((right >> 16) & 0xff); - case 5: - *(--op) = (unsigned char) ((right >> 24) & 0xff); - case 4: - *(--op) = (unsigned char) (left & 0xff); - case 3: - *(--op) = (unsigned char) ((left >> 8) & 0xff); - case 2: - *(--op) = (unsigned char) ((left >> 16) & 0xff); - case 1: - *(--op) = (unsigned char) ((left >> 24) & 0xff); - break; - } - break; /* we're done */ - } - } - } - - /* - * Done, return nothing. - */ - return 0; -} diff --git a/src/lib/crypto/des/fin_rndkey.c b/src/lib/crypto/des/fin_rndkey.c deleted file mode 100644 index 7b8a2c385c..0000000000 --- a/src/lib/crypto/des/fin_rndkey.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * lib/crypto/des/fin_rndkey.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * Copyright 1996 by Lehman Brothers, Inc. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. or Lehman Brothers not be used in advertising or - * publicity pertaining to distribution of the software without - * specific, written prior permission. M.I.T. and Lehman Brothers - * make no representations about the suitability of this software for - * any purpose. It is provided "as is" without express or implied - * warranty. - */ - -#include "k5-int.h" -#include "des_int.h" - -/* - free any resources held by "seed" and assigned by init_random_key() - */ - -krb5_error_code mit_des_finish_random_key (eblock, p_state) - const krb5_encrypt_block * eblock; - krb5_pointer * p_state; -{ - mit_des_random_state * state = *p_state; - - if (! state) return 0; - - if (state->sequence.data) { - memset((char *)state->sequence.data, 0, state->sequence.length); - krb5_xfree(state->sequence.data); - } - - mit_des_finish_key(&state->eblock); - - krb5_xfree(state); - *p_state = 0; - return 0; -} diff --git a/src/lib/crypto/des/finish_key.c b/src/lib/crypto/des/finish_key.c deleted file mode 100644 index e7e9e13ae3..0000000000 --- a/src/lib/crypto/des/finish_key.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * lib/crypto/des/finish_key.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - */ - -#include "k5-int.h" -#include "des_int.h" - -/* - does any necessary clean-up on the eblock (such as releasing - resources held by eblock->priv). - - returns: errors - */ - -krb5_error_code -mit_des_finish_key (eblock) - krb5_encrypt_block FAR * eblock; -{ - if (eblock->priv) { - memset((char *)eblock->priv, 0, (size_t) eblock->priv_size); - free(eblock->priv); - } - eblock->priv = 0; - eblock->priv_size = 0; - /* free/clear other stuff here? */ - return 0; -} diff --git a/src/lib/crypto/des/init_rkey.c b/src/lib/crypto/des/init_rkey.c deleted file mode 100644 index 5096647ec6..0000000000 --- a/src/lib/crypto/des/init_rkey.c +++ /dev/null @@ -1,167 +0,0 @@ -/* - * lib/crypto/des/init_rkey.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include "des_int.h" - -/* - initialize the random key generator using the encryption key, - "seedblock", and allocating private sequence information, filling - in "seed" with the address of such information. - "seed" is later passed to the random_key() function to provide - sequence information. - */ - -#ifndef min -#define min(a,b) (((a) > (b)) ? (b) : (a)) -#endif - -krb5_error_code -mit_des_init_random_key (eblock, seedblock, state) - const krb5_encrypt_block * eblock; - const krb5_keyblock * seedblock; - krb5_pointer * state; -{ - mit_des_random_state * p_state = 0; - krb5_keyblock *new_key; - krb5_enctype enctype = eblock->crypto_entry->proto_enctype; - krb5_error_code kret = 0; - krb5_address **addrs = 0; - krb5_data seed; - krb5_int32 now; - krb5_int32 unow; - unsigned char *cp; - - switch (enctype) - { - case ENCTYPE_DES_CBC_CRC: - case ENCTYPE_DES_CBC_MD4: - case ENCTYPE_DES_CBC_MD5: - case ENCTYPE_DES_CBC_RAW: - enctype = ENCTYPE_DES_CBC_RAW; - break; - - case ENCTYPE_DES3_CBC_SHA: - case ENCTYPE_DES3_CBC_RAW: - enctype = ENCTYPE_DES3_CBC_RAW; - break; - - default: - return KRB5_BAD_ENCTYPE; - } - - p_state = (mit_des_random_state *) malloc(sizeof(mit_des_random_state)); - *state = (krb5_pointer) p_state; - - if (! p_state) { - kret = ENOMEM; - goto cleanup; - } - - memset(p_state, 0, sizeof(*p_state)); - p_state->eblock.crypto_entry = krb5_enctype_array[enctype]->system; - p_state->sequence.length = p_state->eblock.crypto_entry->keysize; - p_state->sequence.data = (krb5_pointer) malloc(p_state->sequence.length); - - if (! p_state->sequence.data) { - kret = ENOMEM; - goto cleanup; - } - - /* - * Generate a temporary value that is based on the - * input seed and the hostid (sequence number) - * such that it gives no useful information about the input. - * - * Then use the temporary value as the new seed and the current - * time as a sequence number to give us a stream that was not - * previously used. - * - * This result will be the seed for the random number stream - * (the sequence number will start at zero). - */ - - /* seed = input */ - seed.data = seedblock->contents; - seed.length = seedblock->length; - kret = mit_des_set_random_generator_seed(&seed, p_state); - if (kret) goto cleanup; - - /* sequence = hostid */ - if (!krb5_crypto_os_localaddr(&addrs) && addrs && *addrs) { - memcpy((char *)p_state->sequence.data, (char *)addrs[0]->contents, - min(p_state->sequence.length, addrs[0]->length)); - /* XXX may not do all of the sequence number. */ - } - if (addrs) { - /* can't use krb5_free_addresses due to circular dependencies in - libraries */ - register krb5_address **addr2; - for (addr2 = addrs; *addr2; addr2++) { - krb5_xfree((*addr2)->contents); - krb5_xfree(*addr2); - } - krb5_xfree(addrs); - } - - /* tmp.seed = random(input,hostid) */ - kret = mit_des_random_key(NULL, p_state, &new_key); - if (kret) goto cleanup; - seed.data = new_key->contents; - seed.length = new_key->length; - kret = mit_des_set_random_generator_seed(&seed, p_state); - (void) memset(new_key->contents, 0, new_key->length); - krb5_xfree(new_key->contents); - krb5_xfree(new_key); - if (kret) goto cleanup; - - /* sequence = time */ - (void) krb5_crypto_us_timeofday(&now, &unow); - cp = p_state->sequence.data; - *cp++ = (now >> 24) & 0xff; - *cp++ = (now >> 16) & 0xff; - *cp++ = (now >> 8) & 0xff; - *cp++ = now & 0xff; - *cp++ = (unow >> 24) & 0xff; - *cp++ = (unow >> 16) & 0xff; - *cp++ = (unow >> 8) & 0xff; - *cp++ = unow &0xff; - - /* seed = random(tmp.seed, time) */ - kret = mit_des_random_key(NULL, p_state, &new_key); - if (kret) goto cleanup; - seed.data = new_key->contents; - seed.length = new_key->length; - kret = mit_des_set_random_generator_seed(&seed, p_state); - (void) memset(new_key->contents, 0, new_key->length); - krb5_xfree(new_key->contents); - krb5_xfree(new_key); - if (kret) goto cleanup; - - return 0; - -cleanup: - if (kret) - mit_des_finish_random_key(eblock, state); - return kret; -} diff --git a/src/lib/crypto/des/process_ky.c b/src/lib/crypto/des/process_ky.c deleted file mode 100644 index 64cef57ad6..0000000000 --- a/src/lib/crypto/des/process_ky.c +++ /dev/null @@ -1,70 +0,0 @@ -/* - * lib/crypto/des/process_ky.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include "des_int.h" - -/* - does any necessary key preprocessing (such as computing key - schedules for DES). - eblock->crypto_entry must be set by the caller; the other elements - of eblock are to be assigned by this function. - [in particular, eblock->key must be set by this function if the key - is needed in raw form by the encryption routine] - - The caller may not move or reallocate "keyblock" before calling - finish_key on "eblock" - - returns: errors - */ - -krb5_error_code -mit_des_process_key (eblock, keyblock) - krb5_encrypt_block * eblock; - const krb5_keyblock * keyblock; -{ - struct mit_des_ks_struct *schedule; /* pointer to key schedules */ - - if (keyblock->length != sizeof (mit_des_cblock)) - return KRB5_BAD_KEYSIZE; - - if ( !(schedule = (struct mit_des_ks_struct *) malloc(sizeof(mit_des_key_schedule))) ) - return ENOMEM; -#define cleanup() { free( (char *) schedule); } - - switch (mit_des_key_sched (keyblock->contents, schedule)) { - case -1: - cleanup(); - return KRB5DES_BAD_KEYPAR; - - case -2: - cleanup(); - return KRB5DES_WEAK_KEY; - - default: - eblock->key = (krb5_keyblock *) keyblock; - eblock->priv = (krb5_pointer) schedule; - eblock->priv_size = (krb5_int32) sizeof(mit_des_key_schedule); - return 0; - } -} diff --git a/src/lib/crypto/des/random_key.c b/src/lib/crypto/des/random_key.c deleted file mode 100644 index 1dc4600b4f..0000000000 --- a/src/lib/crypto/des/random_key.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * lib/crypto/des/random_key.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * Copyright 1996 by Lehman Brothers, Inc. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. or Lehman Brothers not be used in advertising or - * publicity pertaining to distribution of the software without - * specific, written prior permission. M.I.T. and Lehman Brothers - * make no representations about the suitability of this software for - * any purpose. It is provided "as is" without express or implied - * warranty. - */ - -#include "k5-int.h" -#include "des_int.h" - -static void mit_des_generate_random_key - PROTOTYPE((mit_des_random_state * state, krb5_keyblock * randkey)); - - -/* - generate a random encryption key, allocating storage for it and - filling in the keyblock address in *keyblock - */ - -krb5_error_code -mit_des_random_key (eblock, state, keyblock) - const krb5_encrypt_block * eblock; - krb5_pointer state; - krb5_keyblock ** keyblock; -{ - krb5_keyblock *randkey; - int keysize = ((mit_des_random_state *)state)->eblock.crypto_entry->keysize; - - if (eblock == NULL) - /* We are being called from the random number initialization routine */ - eblock = &((mit_des_random_state *)state)->eblock; - - if (!(randkey = (krb5_keyblock *)malloc(sizeof(*randkey)))) - return ENOMEM; - if (!(randkey->contents = (krb5_octet *)malloc(keysize))) { - krb5_xfree(randkey); - return ENOMEM; - } - randkey->magic = KV5M_KEYBLOCK; - randkey->length = keysize; - randkey->enctype = eblock->crypto_entry->proto_enctype; - - do { - mit_des_generate_random_key(state, randkey); - mit_des_fixup_keyblock_parity(randkey); - } while (mit_des_is_weak_keyblock(randkey)); - - *keyblock = randkey; - return 0; -} - -static mit_des_cblock zero_ivec = { 0, 0, 0, 0, 0, 0, 0, 0 }; - -static void -mit_des_generate_random_key(state, randkey) - mit_des_random_state * state; - krb5_keyblock * randkey; -{ - krb5_encrypt_block *eblock = &state->eblock; - int i; - - (* state->eblock.crypto_entry->encrypt_func) - (state->sequence.data /*in*/, randkey->contents /*out*/, - state->sequence.length, eblock, zero_ivec); - if (state->sequence.length > sizeof(mit_des_cblock)) - (* state->eblock.crypto_entry->encrypt_func) - (randkey->contents /*in*/, randkey->contents /*out*/, - randkey->length, eblock, - randkey->contents + randkey->length - sizeof(mit_des_cblock)); - - /* Increment the sequence number, with wraparound (LSB) */ - for (i = 0; i < state->sequence.length; i++) { - state->sequence.data[i] = (state->sequence.data[i] + 1) & 0xff; - if (state->sequence.data[i]) - break; - } -} diff --git a/src/lib/crypto/des/string2key.c b/src/lib/crypto/des/string2key.c index 8a2b1415b7..79b7c9cbd8 100644 --- a/src/lib/crypto/des/string2key.c +++ b/src/lib/crypto/des/string2key.c @@ -21,6 +21,32 @@ * or implied warranty. */ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + #include "k5-int.h" #include "des_int.h" @@ -41,8 +67,7 @@ */ krb5_error_code -mit_des_string_to_key (eblock, keyblock, data, salt) -const krb5_encrypt_block FAR * eblock; +mit_des_string_to_key_int (keyblock, data, salt) krb5_keyblock FAR * keyblock; const krb5_data FAR * data; const krb5_data FAR * salt; @@ -59,28 +84,19 @@ const krb5_data FAR * salt; register char *p_char; char k_char[64]; mit_des_key_schedule key_sked; - krb5_enctype enctype = eblock->crypto_entry->proto_enctype; #ifndef min #define min(A, B) ((A) < (B) ? (A): (B)) #endif - if ((enctype != ENCTYPE_DES_CBC_CRC) && (enctype != ENCTYPE_DES_CBC_MD4) && - (enctype != ENCTYPE_DES_CBC_MD5) && (enctype != ENCTYPE_DES_CBC_RAW)) - return (KRB5_PROG_ETYPE_NOSUPP); - - if ( !(keyblock->contents = (krb5_octet *)malloc(sizeof(mit_des_cblock))) ) - return(ENOMEM); - keyblock->magic = KV5M_KEYBLOCK; keyblock->length = sizeof(mit_des_cblock); - keyblock->enctype = eblock->crypto_entry->proto_enctype; key = keyblock->contents; if (salt) { if (salt->length == -1) { /* cheat and do AFS string2key instead */ - return mit_afs_string_to_key (eblock, keyblock, data, salt); + return mit_afs_string_to_key (keyblock, data, salt); } else length = data->length + salt->length; } diff --git a/src/lib/crypto/des/t_random.c b/src/lib/crypto/des/t_random.c deleted file mode 100644 index bc013bdab7..0000000000 --- a/src/lib/crypto/des/t_random.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * lib/crypto/des/t_random.c - * - * Copyright 1996 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Test a DES implementation against known inputs & outputs - */ - -#include "k5-int.h" -#include "des_int.h" -#include <stdio.h> -#include "com_err.h" - -extern krb5_cryptosystem_entry mit_des_cryptosystem_entry; - -char *progname; -int nflag = 2; -int vflag; -int mflag; -int zflag; -int pid; -int mit_des_debug; - -krb5_data kdata; - -unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f }; -unsigned char zerokey[8] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; - -void print_key(key) - krb5_keyblock *key; -{ - int i; - - printf("key type: %d, length = %d, contents =", key->enctype, - key->length); - for (i=0; i < key->length; i++) { - printf(" %02x", key->contents[i]); - } - printf("\n"); -} - -/* - * Can also add : - * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?) - */ - -void -main(argc,argv) - int argc; - char *argv[]; -{ - /* Local Declarations */ - krb5_context context; - krb5_encrypt_block eblock; - krb5_keyblock keyblock, *randkey; - void *random_seed = 0; - -#ifdef WINDOWS - /* Set screen window buffer to infinite size -- MS default is tiny. */ - _wsetscreenbuf (fileno (stdout), _WINBUFINF); -#endif - - /* do some initialisation */ - krb5_init_context(&context); - - krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_CRC); - keyblock.enctype = ENCTYPE_DES_CBC_CRC; - keyblock.length = sizeof(mit_des_cblock); - - keyblock.contents = key2; - - printf("init_random: "); - print_key(&keyblock); - krb5_init_random_key(context, &eblock, &keyblock, &random_seed); - krb5_random_key(context, &eblock, random_seed, &randkey); - print_key(randkey); - krb5_free_keyblock(context, randkey); - krb5_random_key(context, &eblock, random_seed, &randkey); - print_key(randkey); - krb5_free_keyblock(context, randkey); - krb5_finish_random_key(context, &eblock, &random_seed); - - keyblock.contents = zerokey; - - printf("\n\ninit_random: "); - print_key(&keyblock); - - krb5_init_random_key(context, &eblock, &keyblock, &random_seed); - krb5_random_key(context, &eblock, random_seed, &randkey); - print_key(randkey); - krb5_free_keyblock(context, randkey); - krb5_random_key(context, &eblock, random_seed, &randkey); - print_key(randkey); - krb5_free_keyblock(context, randkey); - krb5_finish_random_key(context, &eblock, &random_seed); - - krb5_free_context(context); -} - diff --git a/src/lib/crypto/des/t_verify.c b/src/lib/crypto/des/t_verify.c index 82a73e21fb..e8a7dc0eed 100644 --- a/src/lib/crypto/des/t_verify.c +++ b/src/lib/crypto/des/t_verify.c @@ -28,13 +28,37 @@ * -1 ==> error */ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + #include "k5-int.h" #include "des_int.h" #include <stdio.h> #include "com_err.h" -extern krb5_cryptosystem_entry mit_des_cryptosystem_entry; - char *progname; int nflag = 2; int vflag; @@ -43,10 +67,6 @@ int zflag; int pid; int mit_des_debug; -krb5_encrypt_block eblock; -krb5_keyblock keyblock; -krb5_data kdata; - unsigned char cipher_text[64]; unsigned char clear_text[64] = "Now is the time for all " ; unsigned char clear_text2[64] = "7654321 Now is the time for "; @@ -56,23 +76,6 @@ unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0}; unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */ unsigned char *input; -unsigned char *nfold_in[] = { - "basch", - "eichin", - "sommerfeld", - "MASSACHVSETTS INSTITVTE OF TECHNOLOGY" }; - -unsigned char nfold_192[4][24] = { - { 0x1a, 0xab, 0x6b, 0x42, 0x96, 0x4b, 0x98, 0xb2, 0x1f, 0x8c, 0xde, 0x2d, - 0x24, 0x48, 0xba, 0x34, 0x55, 0xd7, 0x86, 0x2c, 0x97, 0x31, 0x64, 0x3f }, - { 0x65, 0x69, 0x63, 0x68, 0x69, 0x6e, 0x4b, 0x73, 0x2b, 0x4b, 0x1b, 0x43, - 0xda, 0x1a, 0x5b, 0x99, 0x5a, 0x58, 0xd2, 0xc6, 0xd0, 0xd2, 0xdc, 0xca }, - { 0x2f, 0x7a, 0x98, 0x55, 0x7c, 0x6e, 0xe4, 0xab, 0xad, 0xf4, 0xe7, 0x11, - 0x92, 0xdd, 0x44, 0x2b, 0xd4, 0xff, 0x53, 0x25, 0xa5, 0xde, 0xf7, 0x5c }, - { 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82, 0xb3, 0x08, - 0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b } -}; - /* 0x0123456789abcdef */ unsigned char default_key[8] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef @@ -86,7 +89,6 @@ unsigned char default_ivec[8] = { unsigned char *ivec; unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */ int i,j; -krb5_error_code retval; unsigned char cipher1[8] = { 0x25,0xdd,0xac,0x3e,0x96,0x17,0x64,0x67 @@ -117,14 +119,15 @@ unsigned char mresult[8] = { * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?) */ -void +mit_des_key_schedule sched; + +int main(argc,argv) int argc; char *argv[]; { /* Local Declarations */ - krb5_context context; - int in_length; + int in_length, retval; void do_encrypt(); void do_decrypt(); @@ -164,23 +167,13 @@ main(argc,argv) } /* do some initialisation */ - initialize_krb5_error_table(); - krb5_init_context(&context); - - krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_CRC); - keyblock.enctype = ENCTYPE_DES_CBC_CRC; - keyblock.length = sizeof(mit_des_cblock); /* use known input and key */ /* ECB zero text zero key */ if (zflag) { input = zero_text; - keyblock.contents = (krb5_octet *)zero_key; - if (retval = krb5_process_key(context, &eblock,&keyblock)) { - com_err("des verify", retval, "can't process zero key"); - exit(-1); - } + mit_des_key_sched(zero_key, sched); printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n"); do_encrypt(input,cipher_text); printf("\tcipher = (low to high bytes)\n\t\t"); @@ -188,26 +181,17 @@ main(argc,argv) printf("%02x ",cipher_text[j]); printf("\n"); do_decrypt(output,cipher_text); - if (retval = krb5_finish_key(context, &eblock)) { - com_err("des verify", retval, "can't finish zero key"); - exit(-1); - } if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) { printf("verify: error in zero key test\n"); exit(-1); } - krb5_free_context(context); exit(0); } if (mflag) { input = msb_text; - keyblock.contents = (krb5_octet *)key3; - if (retval = krb5_process_key(context, &eblock,&keyblock)) { - com_err("des verify", retval, "can't process key3"); - exit(-1); - } + mit_des_key_sched(key3, sched); printf("plaintext = 0x00 00 00 00 00 00 00 40, "); printf("key = 0x80 01 01 01 01 01 01 01\n"); printf(" cipher = 0xa380e02a6be54696\n"); @@ -218,26 +202,17 @@ main(argc,argv) } printf("\n"); do_decrypt(output,cipher_text); - if (retval = krb5_finish_key(context, &eblock)) { - com_err("des verify", retval, "can't finish key3"); - exit(-1); - } if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) { printf("verify: error in msb test\n"); exit(-1); } - krb5_free_context(context); exit(0); } /* ECB mode Davies and Price */ { input = zero_text; - keyblock.contents = (krb5_octet *)key2; - if (retval = krb5_process_key(context, &eblock,&keyblock)) { - com_err("des verify", retval, "can't process key2"); - exit(-1); - } + mit_des_key_sched(key2, sched); printf("Examples per FIPS publication 81, keys ivs and cipher\n"); printf("in hex. These are the correct answers, see below for\n"); printf("the actual answers.\n\n"); @@ -253,10 +228,6 @@ main(argc,argv) printf("%02x ",cipher_text[j]); printf("\n\n"); do_decrypt(output,cipher_text); - if (retval = krb5_finish_key(context, &eblock)) { - com_err("des verify", retval, "can't finish key2"); - exit(-1); - } if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) { printf("verify: error in ECB encryption\n"); exit(-1); @@ -267,11 +238,7 @@ main(argc,argv) /* ECB mode */ { - keyblock.contents = (krb5_octet *)default_key; - if (retval = krb5_process_key(context, &eblock,&keyblock)) { - com_err("des verify", retval, "can't process key2"); - exit(-1); - } + mit_des_key_sched(default_key, sched); input = clear_text; ivec = default_ivec; printf("EXAMPLE ECB\tkey = 0123456789abcdef\n"); @@ -306,14 +273,14 @@ main(argc,argv) if (retval = mit_des_cbc_encrypt((mit_des_cblock *) input, (mit_des_cblock *) cipher_text, (size_t) in_length, - (struct mit_des_ks_struct *)eblock.priv, + sched, ivec, MIT_DES_ENCRYPT)) { com_err("des verify", retval, "can't encrypt"); exit(-1); } printf("\tciphertext = (low to high bytes)\n"); - for (i = 0; i <= 7; i++) { + for (i = 0; i <= 2; i++) { printf("\t\t"); for (j = 0; j <= 7; j++) { printf("%02x ",cipher_text[i*8+j]); @@ -323,7 +290,7 @@ main(argc,argv) if (retval = mit_des_cbc_encrypt((mit_des_cblock *) cipher_text, (mit_des_cblock *) clear_text, (size_t) in_length, - eblock.priv, + sched, ivec, MIT_DES_DECRYPT)) { com_err("des verify", retval, "can't decrypt"); @@ -345,16 +312,12 @@ main(argc,argv) printf("or some part thereof\n"); input = clear_text2; mit_des_cbc_cksum(input,cipher_text,(long) strlen((char *)input), - eblock.priv,ivec); + sched,ivec); printf("ACTUAL CBC checksum\n"); printf("\t\tencrypted cksum = (low to high bytes)\n\t\t"); for (j = 0; j<=7; j++) printf("%02x ",cipher_text[j]); printf("\n\n"); - if (retval = krb5_finish_key(context, &eblock)) { - com_err("des verify", retval, "can't finish key2"); - exit(-1); - } if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) { printf("verify: error in CBC cheksum\n"); exit(-1); @@ -362,25 +325,6 @@ main(argc,argv) else printf("verify: CBC checksum is correct\n\n"); - printf("N-fold\n"); - for (i=0; i<sizeof(nfold_in)/sizeof(char *); i++) { - kdata.data = nfold_in[i]; - kdata.length = strlen(kdata.data); - printf("\tInput:\t\"%.*s\"\n", kdata.length, kdata.data); - printf("\t192-Fold:\t"); - mit_des_n_fold(kdata.data, kdata.length, cipher_text, 24); - for (j=0; j<24; j++) - printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]); - printf("\n"); - if (memcmp(cipher_text, nfold_192[i], 24)) { - printf("verify: error in n-fold\n"); - exit(-1); - }; - } - printf("verify: N-fold is correct\n\n"); - - krb5_free_context(context); - exit(0); } @@ -412,9 +356,11 @@ do_encrypt(in,out) char *out; { for (i =1; i<=nflag; i++) { - mit_des_ecb_encrypt((mit_des_cblock *)in, + mit_des_cbc_encrypt((mit_des_cblock *)in, (mit_des_cblock *)out, - (struct mit_des_ks_struct *)eblock.priv, + 8, + sched, + zero_text, MIT_DES_ENCRYPT); if (mit_des_debug) { printf("\nclear %s\n",in); @@ -434,9 +380,11 @@ do_decrypt(in,out) /* try to invert it */ { for (i =1; i<=nflag; i++) { - mit_des_ecb_encrypt((mit_des_cblock *)out, + mit_des_cbc_encrypt((mit_des_cblock *)out, (mit_des_cblock *)in, - (struct mit_des_ks_struct *)eblock.priv, + 8, + sched, + zero_text, MIT_DES_DECRYPT); if (mit_des_debug) { printf("clear %s\n",in); @@ -453,8 +401,6 @@ do_decrypt(in,out) * Fake out the DES library, for the purposes of testing. */ -#include "des.h" - int mit_des_is_weak_key(key) mit_des_cblock key; diff --git a/src/lib/crypto/des/u_nfold.c b/src/lib/crypto/des/u_nfold.c deleted file mode 100644 index 6da58cbef3..0000000000 --- a/src/lib/crypto/des/u_nfold.c +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright 1995 by Richard P. Basch. All Rights Reserved. - * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. Richard P. Basch, - * Lehman Brothers and M.I.T. make no representations about the suitability - * of this software for any purpose. It is provided "as is" without - * express or implied warranty. - * - * - * N-folding algorithm - * Described in "A Better Key Schedule for DES-like Ciphers" - * by Uri Blumenthal and Steven M. Bellovin - * based on the work done by Lars Knudsen. - * - * To n-fold a number X, replicate the input value X to a length that is - * the least common multiple of n and the length of X. Before each - * repetition, the input value is rotated to the right by 13 bit positions. - * The successive n-bit chunks are added together using 1's complement - * addition (addition with end-around carry) to yield a n-bit result. - * - * The algorithm here assumes that the input and output are padded to - * octet boundaries (8-bit multiple). - */ - -#include "k5-int.h" - -#define ROTATE_VALUE 13 - -krb5_error_code -mit_des_n_fold(inbuf, inlen, outbuf, outlen) - krb5_octet *inbuf; - size_t inlen; - krb5_octet *outbuf; - size_t outlen; -{ - register int bytes; - register krb5_octet *tempbuf; - - if (inbuf == (krb5_octet *)NULL) - return EINVAL; - if (outbuf == (krb5_octet *)NULL) - return EINVAL; - - tempbuf = (krb5_octet *)malloc(inlen); - if (tempbuf == (krb5_octet *)NULL) - return ENOMEM; - - memset(outbuf, 0, outlen); - bytes = 0; - -#ifndef min -#define min(a,b) ((a) < (b) ? (a) : (b)) -#endif - - do { - unsigned int j, k; - - /* Rotate input */ - k = ((bytes/inlen) * ROTATE_VALUE) % (inlen*8); - for (j = (k+7)/8; j < inlen + (k+7)/8; j++) - tempbuf[j % inlen] = - ((inbuf[((8*j-k)/8)%inlen] << ((8-(k&7))&7)) + - ((k&7) ? (inbuf[((8*j-k)/8 +1)%inlen] >> (k&7)) : 0)) - & 0xff; - - for (k=0, j=inlen; j--; ) { - k += outbuf[(bytes+j) % outlen] + tempbuf[j]; - outbuf[(bytes+j) % outlen] = k & 0xff; - k >>= 8; - } - j = bytes % outlen; - while (k) { - if (j == 0) - j = outlen; - j--; - k += outbuf[j]; - outbuf[j] = k & 0xff; - k >>= 8; - } - bytes += inlen; - } while (bytes % outlen); - - free(tempbuf); - - return 0; -} diff --git a/src/lib/crypto/des/u_rn_key.c b/src/lib/crypto/des/u_rn_key.c deleted file mode 100644 index 44d3c73839..0000000000 --- a/src/lib/crypto/des/u_rn_key.c +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright 1996 by Richard P. Basch. All Rights Reserved. - * Copyright 1996 by Lehman Brothers, Inc. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. Richard P. Basch, - * Lehman Brothers and M.I.T. make no representations about the suitability - * of this software for any purpose. It is provided "as is" without - * express or implied warranty. - * - * - * Based on the version written by Mark Lillibridge, MIT Project Athena. - * - * Under U.S. law, this software may not be exported outside the US - * without license from the U.S. Commerce department. - */ - -#include "k5-int.h" -#include "des_int.h" - -int -mit_des_is_weak_keyblock(keyblock) - krb5_keyblock * keyblock; -{ - int i; - - for (i = 0; i < keyblock->length/sizeof(mit_des_cblock); i++) - if (mit_des_is_weak_key(*((mit_des_cblock *)keyblock->contents + i))) - return 1; - return 0; -} - -void -mit_des_fixup_keyblock_parity(keyblock) - krb5_keyblock * keyblock; -{ - int i; - - for (i = 0; i < keyblock->length/sizeof(mit_des_cblock); i++) - mit_des_fixup_key_parity(*((mit_des_cblock *)keyblock->contents + i)); -} - -/* - * mit_des_set_random_generator_seed: this routine is used to select a random - * number stream. The stream that results is - * totally determined by the passed in key. - * (I.e., calling this routine again with the - * same key allows repeating a sequence of - * random numbers) - */ -krb5_error_code -mit_des_set_random_generator_seed(seed, p_state) - const krb5_data * seed; - krb5_pointer p_state; -{ - krb5_error_code kret; - register int i; - mit_des_cblock *new_key; - mit_des_random_state *state = p_state; - - if (state->eblock.key) { - if (state->eblock.key->contents) { - memset(state->eblock.key->contents, 0, state->eblock.key->length); - krb5_xfree(state->eblock.key->contents); - } - } - - state->eblock.key = (krb5_keyblock *)malloc(sizeof(krb5_keyblock)); - if (! state->eblock.key) - return ENOMEM; - - state->eblock.key->enctype = state->eblock.crypto_entry->proto_enctype; - state->eblock.key->length = state->eblock.crypto_entry->keysize; - state->eblock.key->contents = (krb5_octet *)malloc(state->eblock.key->length); - if (! state->eblock.key->contents) { - krb5_xfree(state->eblock.key); - state->eblock.key = 0; - return ENOMEM; - } - - kret = mit_des_n_fold(seed->data, seed->length, - state->eblock.key->contents, state->eblock.key->length); - if (kret) return kret; - - mit_des_fixup_keyblock_parity(state->eblock.key); - - for (i = 0; i < state->eblock.key->length/sizeof(mit_des_cblock); i++) { - new_key = (mit_des_cblock *)state->eblock.key->contents + i; - if (mit_des_is_weak_key(*new_key)) { - (*new_key)[0] ^= 0xF0; - mit_des_fixup_key_parity(*new_key); - } - } - - /* destroy any old key schedule */ - mit_des_finish_key(&state->eblock); - - /* compute the key schedule */ - (* state->eblock.crypto_entry->process_key) - (&state->eblock, state->eblock.key); - - /* now we can destroy the key... */ - memset(state->eblock.key->contents, 0, state->eblock.key->length); - krb5_xfree(state->eblock.key->contents); - krb5_xfree(state->eblock.key); - state->eblock.key = (krb5_keyblock *) 0; - - /* "seek" to the start of the stream: */ - memset(state->sequence.data, 0, state->sequence.length); - - return 0; -} - -krb5_error_code -mit_des_set_random_sequence_number(sequence, p_state) - const krb5_data *sequence; - krb5_pointer p_state; -{ - mit_des_random_state *state = p_state; - int length = state->eblock.crypto_entry->keysize; - - if (length > sequence->length) - length = sequence->length; - - memcpy(state->sequence.data, sequence->data, length); - - return 0; -} diff --git a/src/lib/crypto/des3_raw.c b/src/lib/crypto/des3_raw.c deleted file mode 100644 index 62e3d724dc..0000000000 --- a/src/lib/crypto/des3_raw.c +++ /dev/null @@ -1,104 +0,0 @@ -/* - * lib/crypto/des3_raw.c - * - * Copyright 1996 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include "des_int.h" - -krb5_error_code mit_des3_raw_encrypt_func - PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, - krb5_encrypt_block *, krb5_pointer )); - -krb5_error_code mit_des3_raw_decrypt_func - PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, - krb5_encrypt_block *, krb5_pointer )); - -static krb5_cryptosystem_entry mit_des3_raw_cryptosystem_entry = { - 0, - mit_des3_raw_encrypt_func, - mit_des3_raw_decrypt_func, - mit_des3_process_key, - mit_des_finish_key, - mit_des3_string_to_key, - mit_des_init_random_key, - mit_des_finish_random_key, - mit_des_random_key, - sizeof(mit_des_cblock), - 0, - sizeof(mit_des3_cblock), - ENCTYPE_DES3_CBC_RAW - }; - -krb5_cs_table_entry krb5_des3_raw_cst_entry = { - 0, - &mit_des3_raw_cryptosystem_entry, - 0 - }; - -krb5_error_code -mit_des3_raw_decrypt_func(in, out, size, key, ivec) - krb5_const_pointer in; - krb5_pointer out; - const size_t size; - krb5_encrypt_block * key; - krb5_pointer ivec; -{ - return (mit_des3_cbc_encrypt((const mit_des_cblock *) in, - out, - size, - (struct mit_des_ks_struct *)key->priv, - ((struct mit_des_ks_struct *)key->priv) + 1, - ((struct mit_des_ks_struct *)key->priv) + 2, - ivec ? ivec : (krb5_pointer)key->key->contents, - MIT_DES_DECRYPT)); -} - -krb5_error_code -mit_des3_raw_encrypt_func(in, out, size, key, ivec) - krb5_const_pointer in; - krb5_pointer out; - const size_t size; - krb5_encrypt_block * key; - krb5_pointer ivec; -{ - int sumsize; - - /* round up to des block size */ - - sumsize = krb5_roundup(size, sizeof(mit_des_cblock)); - - /* assemble crypto input into the output area, then encrypt in place. */ - - memset((char *)out, 0, sumsize); - memcpy((char *)out, (char *)in, size); - - /* We depend here on the ability of this DES implementation to - encrypt plaintext to ciphertext in-place. */ - return (mit_des3_cbc_encrypt(out, - out, - sumsize, - (struct mit_des_ks_struct *)key->priv, - ((struct mit_des_ks_struct *)key->priv) + 1, - ((struct mit_des_ks_struct *)key->priv) + 2, - ivec ? ivec : (krb5_pointer)key->key->contents, - MIT_DES_ENCRYPT)); -} diff --git a/src/lib/crypto/des3_sha.c b/src/lib/crypto/des3_sha.c deleted file mode 100644 index 9b060e5899..0000000000 --- a/src/lib/crypto/des3_sha.c +++ /dev/null @@ -1,178 +0,0 @@ -/* - * lib/crypto/des3-sha.c - * - * Copyright 1996 by Lehman Brothers, Inc. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of Lehman Brothers or M.I.T. not be used in advertising or - * publicity pertaining to distribution of the software without - * specific, written prior permission. Lehman Brothers and - * M.I.T. make no representations about the suitability of this - * software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include "shs.h" -#include "des_int.h" - - -#define DES3_SHA_CONFOUNDER_SIZE sizeof(mit_des_cblock) - -static krb5_error_code -mit_des3_sha_encrypt_func - PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, - krb5_encrypt_block *, krb5_pointer )); - -static krb5_error_code -mit_des3_sha_decrypt_func - PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, - krb5_encrypt_block *, krb5_pointer )); - -static mit_des_cblock zero_ivec = { 0 }; - -static krb5_cryptosystem_entry mit_des3_sha_cryptosystem_entry = { - 0, - mit_des3_sha_encrypt_func, - mit_des3_sha_decrypt_func, - mit_des3_process_key, - mit_des_finish_key, - mit_des3_string_to_key, - mit_des_init_random_key, - mit_des_finish_random_key, - mit_des_random_key, - sizeof(mit_des_cblock), - NIST_SHA_CKSUM_LENGTH + DES3_SHA_CONFOUNDER_SIZE, - sizeof(mit_des3_cblock), - ENCTYPE_DES3_CBC_SHA - }; - -krb5_cs_table_entry krb5_des3_sha_cst_entry = { - 0, - &mit_des3_sha_cryptosystem_entry, - 0 - }; - - -static krb5_error_code -mit_des3_sha_encrypt_func(in, out, size, key, ivec) - krb5_const_pointer in; - krb5_pointer out; - const size_t size; - krb5_encrypt_block * key; - krb5_pointer ivec; -{ - krb5_checksum cksum; - krb5_octet contents[NIST_SHA_CKSUM_LENGTH]; - int sumsize; - krb5_error_code retval; - - /* caller passes data size, and saves room for the padding. */ - /* format of ciphertext, per RFC is: - +-----------+----------+-------------+-----+ - |confounder | check | msg-seq | pad | - +-----------+----------+-------------+-----+ - - our confounder is 8 bytes - our checksum is NIST_SHA_CKSUM_LENGTH - */ - sumsize = krb5_roundup(size + mit_des3_sha_cryptosystem_entry.pad_minimum, - mit_des3_sha_cryptosystem_entry.block_length); - - /* assemble crypto input into the output area, then encrypt in place. */ - - memset((char *)out, 0, sumsize); - - /* put in the confounder */ - if ((retval = krb5_random_confounder(DES3_SHA_CONFOUNDER_SIZE, out))) - return retval; - - memcpy((char *)out + mit_des3_sha_cryptosystem_entry.pad_minimum, - (char *)in, size); - - cksum.length = sizeof(contents); - cksum.contents = contents; - - /* This is equivalent to krb5_calculate_checksum(CKSUMTYPE_SHA,...) - but avoids use of the cryptosystem config table which can not be - referenced here if this object is to be included in a shared library. */ - retval = nist_sha_cksumtable_entry.sum_func((krb5_pointer) out, sumsize, - 0, 0, &cksum); - if (retval) - return retval; - - memcpy((char *)out + DES3_SHA_CONFOUNDER_SIZE, - (char *)contents, NIST_SHA_CKSUM_LENGTH); - - /* We depend here on the ability of this DES-3 implementation to - encrypt plaintext to ciphertext in-place. */ - retval = mit_des3_cbc_encrypt(out, - out, - sumsize, - (struct mit_des_ks_struct *) key->priv, - ((struct mit_des_ks_struct *) key->priv) + 1, - ((struct mit_des_ks_struct *) key->priv) + 2, - ivec ? ivec : (krb5_pointer)zero_ivec, - MIT_DES_ENCRYPT); - return retval; -} - -static krb5_error_code -mit_des3_sha_decrypt_func(in, out, size, key, ivec) - krb5_const_pointer in; - krb5_pointer out; - const size_t size; - krb5_encrypt_block * key; - krb5_pointer ivec; -{ - krb5_checksum cksum; - krb5_octet contents_prd[NIST_SHA_CKSUM_LENGTH]; - krb5_octet contents_get[NIST_SHA_CKSUM_LENGTH]; - char *p; - krb5_error_code retval; - - if ( size < krb5_roundup(mit_des3_sha_cryptosystem_entry.pad_minimum, - mit_des3_sha_cryptosystem_entry.block_length)) - return KRB5_BAD_MSIZE; - - retval = mit_des3_cbc_encrypt((const mit_des_cblock *) in, - out, - size, - (struct mit_des_ks_struct *) key->priv, - ((struct mit_des_ks_struct *) key->priv) + 1, - ((struct mit_des_ks_struct *) key->priv) + 2, - ivec ? ivec : (krb5_pointer)zero_ivec, - MIT_DES_DECRYPT); - if (retval) - return retval; - - cksum.length = sizeof(contents_prd); - cksum.contents = contents_prd; - p = (char *)out + DES3_SHA_CONFOUNDER_SIZE; - memcpy((char *)contents_get, p, NIST_SHA_CKSUM_LENGTH); - memset(p, 0, NIST_SHA_CKSUM_LENGTH); - - retval = nist_sha_cksumtable_entry.sum_func(out, size, 0, 0, &cksum); - if (retval) - return retval; - - if (memcmp((char *)contents_get, - (char *)contents_prd, - NIST_SHA_CKSUM_LENGTH)) - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - - memmove((char *)out, (char *)out + - mit_des3_sha_cryptosystem_entry.pad_minimum, - size - mit_des3_sha_cryptosystem_entry.pad_minimum); - return 0; -} diff --git a/src/lib/crypto/des_crc.c b/src/lib/crypto/des_crc.c deleted file mode 100644 index 6317f61d7a..0000000000 --- a/src/lib/crypto/des_crc.c +++ /dev/null @@ -1,170 +0,0 @@ -/* - * lib/crypto/des-crc.32 - * - * Copyright 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include "crc-32.h" -#include "des_int.h" - -krb5_error_code mit_des_crc_encrypt_func - PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, - krb5_encrypt_block *, krb5_pointer )); - -krb5_error_code mit_des_crc_decrypt_func - PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, - krb5_encrypt_block *, krb5_pointer )); - - -static krb5_cryptosystem_entry mit_des_crc_cryptosystem_entry = { - 0, - mit_des_crc_encrypt_func, - mit_des_crc_decrypt_func, - mit_des_process_key, - mit_des_finish_key, - mit_des_string_to_key, - mit_des_init_random_key, - mit_des_finish_random_key, - mit_des_random_key, - sizeof(mit_des_cblock), - CRC32_CKSUM_LENGTH+sizeof(mit_des_cblock), - sizeof(mit_des_cblock), - ENCTYPE_DES_CBC_CRC - }; - -krb5_cs_table_entry krb5_des_crc_cst_entry = { - 0, - &mit_des_crc_cryptosystem_entry, - 0 - }; - - -krb5_error_code -mit_des_crc_encrypt_func(in, out, size, key, ivec) - krb5_const_pointer in; - krb5_pointer out; - const size_t size; - krb5_encrypt_block * key; - krb5_pointer ivec; -{ - krb5_checksum cksum; - krb5_octet contents[CRC32_CKSUM_LENGTH]; - int sumsize; - krb5_error_code retval; - -/* if ( size < sizeof(mit_des_cblock) ) - return KRB5_BAD_MSIZE; */ - - /* caller passes data size, and saves room for the padding. */ - /* format of ciphertext, per RFC is: - +-----------+----------+-------------+-----+ - |confounder | check | msg-seq | pad | - +-----------+----------+-------------+-----+ - - our confounder is 8 bytes (one cblock); - our checksum is CRC32_CKSUM_LENGTH - */ - sumsize = krb5_roundup(size+CRC32_CKSUM_LENGTH+sizeof(mit_des_cblock), - sizeof(mit_des_cblock)); - - /* assemble crypto input into the output area, then encrypt in place. */ - - memset((char *)out, 0, sumsize); - - /* put in the confounder */ - if ((retval = krb5_random_confounder(sizeof(mit_des_cblock), out))) - return retval; - - memcpy((char *)out+sizeof(mit_des_cblock)+CRC32_CKSUM_LENGTH, (char *)in, - size); - - cksum.length = sizeof(contents); - cksum.contents = contents; - - /* This is equivalent to krb5_calculate_checksum(CKSUMTYPE_CRC32,...) - but avoids use of the cryptosystem config table which can not be - referenced here if this object is to be included in a shared library. */ - if ((retval = crc32_cksumtable_entry.sum_func((krb5_pointer) out, - sumsize, - (krb5_pointer)key->key->contents, - sizeof(mit_des_cblock), - &cksum))) - return retval; - - memcpy((char *)out+sizeof(mit_des_cblock), (char *)contents, - CRC32_CKSUM_LENGTH); - - /* We depend here on the ability of this DES implementation to - encrypt plaintext to ciphertext in-place. */ - return (mit_des_cbc_encrypt(out, - out, - sumsize, - (struct mit_des_ks_struct *) key->priv, - ivec ? ivec : (krb5_pointer)key->key->contents, - MIT_DES_ENCRYPT)); - -} - -krb5_error_code -mit_des_crc_decrypt_func(in, out, size, key, ivec) - krb5_const_pointer in; - krb5_pointer out; - const size_t size; - krb5_encrypt_block * key; - krb5_pointer ivec; -{ - krb5_checksum cksum; - krb5_octet contents_prd[CRC32_CKSUM_LENGTH]; - krb5_octet contents_get[CRC32_CKSUM_LENGTH]; - char *p; - krb5_error_code retval; - - if ( size < 2*sizeof(mit_des_cblock) ) - return KRB5_BAD_MSIZE; - - retval = mit_des_cbc_encrypt((const mit_des_cblock FAR *) in, - out, - size, - (struct mit_des_ks_struct *) key->priv, - ivec ? ivec : (krb5_pointer)key->key->contents, - MIT_DES_DECRYPT); - if (retval) - return retval; - - cksum.length = sizeof(contents_prd); - cksum.contents = contents_prd; - p = (char *)out + sizeof(mit_des_cblock); - memcpy((char *)contents_get, p, CRC32_CKSUM_LENGTH); - memset(p, 0, CRC32_CKSUM_LENGTH); - - if ((retval = crc32_cksumtable_entry.sum_func(out, size, - (krb5_pointer)key->key->contents, - sizeof(mit_des_cblock), - &cksum))) - return retval; - - if (memcmp((char *)contents_get, (char *)contents_prd, CRC32_CKSUM_LENGTH) ) - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - memmove((char *)out, (char *)out + - sizeof(mit_des_cblock) + CRC32_CKSUM_LENGTH, - size - sizeof(mit_des_cblock) - CRC32_CKSUM_LENGTH); - return 0; -} diff --git a/src/lib/crypto/des_md5.c b/src/lib/crypto/des_md5.c deleted file mode 100644 index 6794f568f6..0000000000 --- a/src/lib/crypto/des_md5.c +++ /dev/null @@ -1,171 +0,0 @@ -/* - * lib/crypto/des-md5.32 - * - * Copyright 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include "rsa-md5.h" -#include "des_int.h" - -krb5_error_code mit_des_md5_encrypt_func - PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, - krb5_encrypt_block *, krb5_pointer )); - -krb5_error_code mit_des_md5_decrypt_func - PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, - krb5_encrypt_block *, krb5_pointer )); - -static mit_des_cblock zero_ivec = { 0 }; - -static krb5_cryptosystem_entry mit_des_md5_cryptosystem_entry = { - 0, - mit_des_md5_encrypt_func, - mit_des_md5_decrypt_func, - mit_des_process_key, - mit_des_finish_key, - mit_des_string_to_key, - mit_des_init_random_key, - mit_des_finish_random_key, - mit_des_random_key, - sizeof(mit_des_cblock), - RSA_MD5_CKSUM_LENGTH+sizeof(mit_des_cblock), - sizeof(mit_des_cblock), - ENCTYPE_DES_CBC_MD5 - }; - -krb5_cs_table_entry krb5_des_md5_cst_entry = { - 0, - &mit_des_md5_cryptosystem_entry, - 0 - }; - - -krb5_error_code -mit_des_md5_encrypt_func(in, out, size, key, ivec) - krb5_const_pointer in; - krb5_pointer out; - const size_t size; - krb5_encrypt_block * key; - krb5_pointer ivec; -{ - krb5_checksum cksum; - krb5_octet contents[RSA_MD5_CKSUM_LENGTH]; - int sumsize; - krb5_error_code retval; - -/* if ( size < sizeof(mit_des_cblock) ) - return KRB5_BAD_MSIZE; */ - - /* caller passes data size, and saves room for the padding. */ - /* format of ciphertext, per RFC is: - +-----------+----------+-------------+-----+ - |confounder | check | msg-seq | pad | - +-----------+----------+-------------+-----+ - - our confounder is 8 bytes (one cblock); - our checksum is RSA_MD5_CKSUM_LENGTH - */ - sumsize = krb5_roundup(size+RSA_MD5_CKSUM_LENGTH+sizeof(mit_des_cblock), - sizeof(mit_des_cblock)); - - /* assemble crypto input into the output area, then encrypt in place. */ - - memset((char *)out, 0, sumsize); - - /* put in the confounder */ - if ((retval = krb5_random_confounder(sizeof(mit_des_cblock), out))) - return retval; - - memcpy((char *)out+sizeof(mit_des_cblock)+RSA_MD5_CKSUM_LENGTH, (char *)in, - size); - - cksum.length = sizeof(contents); - cksum.contents = contents; - - /* This is equivalent to krb5_calculate_checksum(CKSUMTYPE_MD5,...) - but avoids use of the cryptosystem config table which can not be - referenced here if this object is to be included in a shared library. */ - if ((retval = rsa_md5_cksumtable_entry.sum_func((krb5_pointer) out, - sumsize, - (krb5_pointer)key->key->contents, - sizeof(mit_des_cblock), - &cksum))) - return retval; - - memcpy((char *)out+sizeof(mit_des_cblock), (char *)contents, - RSA_MD5_CKSUM_LENGTH); - - /* We depend here on the ability of this DES implementation to - encrypt plaintext to ciphertext in-place. */ - return (mit_des_cbc_encrypt(out, - out, - sumsize, - (struct mit_des_ks_struct *) key->priv, - ivec ? ivec : (krb5_pointer)zero_ivec, - MIT_DES_ENCRYPT)); - -} - -krb5_error_code -mit_des_md5_decrypt_func(in, out, size, key, ivec) - krb5_const_pointer in; - krb5_pointer out; - const size_t size; - krb5_encrypt_block * key; - krb5_pointer ivec; -{ - krb5_checksum cksum; - krb5_octet contents_prd[RSA_MD5_CKSUM_LENGTH]; - krb5_octet contents_get[RSA_MD5_CKSUM_LENGTH]; - char *p; - krb5_error_code retval; - - if ( size < 2*sizeof(mit_des_cblock) ) - return KRB5_BAD_MSIZE; - - retval = mit_des_cbc_encrypt((const mit_des_cblock *) in, - out, - size, - (struct mit_des_ks_struct *) key->priv, - ivec ? ivec : (krb5_pointer)zero_ivec, - MIT_DES_DECRYPT); - if (retval) - return retval; - - cksum.length = sizeof(contents_prd); - cksum.contents = contents_prd; - p = (char *)out + sizeof(mit_des_cblock); - memcpy((char *)contents_get, p, RSA_MD5_CKSUM_LENGTH); - memset(p, 0, RSA_MD5_CKSUM_LENGTH); - - if ((retval = rsa_md5_cksumtable_entry.sum_func(out, size, - (krb5_pointer)key->key->contents, - sizeof(mit_des_cblock), - &cksum))) - return retval; - - if (memcmp((char *)contents_get, (char *)contents_prd, RSA_MD5_CKSUM_LENGTH) ) - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - memmove((char *)out, (char *)out + - sizeof(mit_des_cblock) + RSA_MD5_CKSUM_LENGTH, - size - sizeof(mit_des_cblock) - RSA_MD5_CKSUM_LENGTH); - return 0; -} diff --git a/src/lib/crypto/encrypt.c b/src/lib/crypto/encrypt.c new file mode 100644 index 0000000000..76b8c84031 --- /dev/null +++ b/src/lib/crypto/encrypt.c @@ -0,0 +1,56 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "etypes.h" + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_c_encrypt(context, key, usage, ivec, input, output) + krb5_context context; + krb5_const krb5_keyblock *key; + krb5_keyusage usage; + krb5_const krb5_data *ivec; + krb5_const krb5_data *input; + krb5_enc_data *output; +{ + int i; + + for (i=0; i<krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == key->enctype) + break; + } + + if (i == krb5_enctypes_length) + return(KRB5_BAD_ENCTYPE); + + output->magic = KV5M_ENC_DATA; + output->kvno = 0; + output->enctype = key->enctype; + + return((*(krb5_enctypes_list[i].encrypt)) + (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash, + key, usage, ivec, input, &output->ciphertext)); +} diff --git a/src/lib/crypto/encrypt_data.c b/src/lib/crypto/encrypt_data.c deleted file mode 100644 index b2f039f339..0000000000 --- a/src/lib/crypto/encrypt_data.c +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -#include "k5-int.h" - -/* - * This routine takes a key and a krb5_data structure as input, and - * outputs the encrypted data in a krb5_enc_data structure. Note that - * the krb5_enc_data structure is not allocated, and the kvno field is - * not filled in. - */ -krb5_error_code -krb5_encrypt_data(context, key, ivec, data, enc_data) - krb5_context context; - krb5_keyblock * key; - krb5_pointer ivec; - krb5_data * data; - krb5_enc_data * enc_data; -{ - krb5_error_code retval; - krb5_encrypt_block eblock; - - krb5_use_enctype(context, &eblock, key->enctype); - - enc_data->magic = KV5M_ENC_DATA; - enc_data->kvno = 0; - enc_data->enctype = key->enctype; - enc_data->ciphertext.length = krb5_encrypt_size(data->length, - eblock.crypto_entry); - enc_data->ciphertext.data = malloc(enc_data->ciphertext.length); - if (enc_data->ciphertext.data == 0) - return ENOMEM; - - if ((retval = krb5_process_key(context, &eblock, key)) != 0) - goto cleanup; - - if ((retval = krb5_encrypt(context, (krb5_pointer) data->data, - (krb5_pointer) enc_data->ciphertext.data, - data->length, &eblock, ivec))) { - krb5_finish_key(context, &eblock); - goto cleanup; - } - (void) krb5_finish_key(context, &eblock); - - return 0; - -cleanup: - free(enc_data->ciphertext.data); - return retval; -} - diff --git a/src/lib/crypto/encrypt_length.c b/src/lib/crypto/encrypt_length.c new file mode 100644 index 0000000000..005b2211da --- /dev/null +++ b/src/lib/crypto/encrypt_length.c @@ -0,0 +1,52 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "etypes.h" + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_c_encrypt_length(context, enctype, inputlen, length) + krb5_context context; + krb5_enctype enctype; + size_t inputlen; + size_t *length; +{ + int i; + + for (i=0; i<krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == enctype) + break; + } + + if (i == krb5_enctypes_length) + return(KRB5_BAD_ENCTYPE); + + (*(krb5_enctypes_list[i].encrypt_len)) + (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash, + inputlen, length); + + return(0); +} diff --git a/src/lib/crypto/enctype_compare.c b/src/lib/crypto/enctype_compare.c new file mode 100644 index 0000000000..8972589685 --- /dev/null +++ b/src/lib/crypto/enctype_compare.c @@ -0,0 +1,58 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "etypes.h" + +krb5_error_code +krb5_c_enctype_compare(context, e1, e2, similar) + krb5_context context; + krb5_enctype e1; + krb5_enctype e2; + krb5_boolean *similar; +{ + int i, j; + + for (i=0; i<krb5_enctypes_length; i++) + if (krb5_enctypes_list[i].etype == e1) + break; + + if (i == krb5_enctypes_length) + return(KRB5_BAD_ENCTYPE); + + for (j=0; j<krb5_enctypes_length; j++) + if (krb5_enctypes_list[j].etype == e2) + break; + + if (j == krb5_enctypes_length) + return(KRB5_BAD_ENCTYPE); + + *similar = + ((krb5_enctypes_list[i].enc == krb5_enctypes_list[j].enc) && + (krb5_enctypes_list[i].str2key == krb5_enctypes_list[j].str2key)); + + return(0); +} diff --git a/src/lib/crypto/enctype_to_string.c b/src/lib/crypto/enctype_to_string.c new file mode 100644 index 0000000000..2c25a52510 --- /dev/null +++ b/src/lib/crypto/enctype_to_string.c @@ -0,0 +1,49 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "etypes.h" + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_enctype_to_string(enctype, buffer, buflen) + krb5_enctype enctype; + char FAR * buffer; + size_t buflen; +{ + int i; + + for (i=0; i<krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == enctype) { + if ((strlen(krb5_enctypes_list[i].out_string)+1) > buflen) + return(ENOMEM); + + strcpy(buffer, krb5_enctypes_list[i].out_string); + return(0); + } + } + + return(EINVAL); +} diff --git a/src/lib/crypto/etypes.c b/src/lib/crypto/etypes.c new file mode 100644 index 0000000000..cebb5bda5a --- /dev/null +++ b/src/lib/crypto/etypes.c @@ -0,0 +1,82 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "enc_provider.h" +#include "hash_provider.h" +#include "etypes.h" +#include "old.h" +#include "raw.h" +#include "dk.h" + +/* these will be linear searched. if they ever get big, a binary + search or hash table would be better, which means these would need + to be sorted. An array would be more efficient, but that assumes + that the keytypes are all near each other. I'd rather not make + that assumption. */ + +struct krb5_keytypes krb5_enctypes_list[] = { + { ENCTYPE_DES_CBC_CRC, + "des-cbc-crc", "DES cbc mode with CRC-32", + &krb5_enc_des, &krb5_hash_crc32, + krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, + krb5_des_string_to_key }, + { ENCTYPE_DES_CBC_MD4, + "des-cbc-md4", "DES cbc mode with RSA-MD4", + &krb5_enc_des, &krb5_hash_md4, + krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, + krb5_des_string_to_key }, + { ENCTYPE_DES_CBC_MD5, + "des-cbc-md5", "DES cbc mode with RSA-MD5", + &krb5_enc_des, &krb5_hash_md5, + krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, + krb5_des_string_to_key }, + + { ENCTYPE_DES_CBC_RAW, + "des-cbc-raw", "DES cbc mode raw", + &krb5_enc_des, NULL, + krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt, + krb5_des_string_to_key }, + { ENCTYPE_DES3_CBC_RAW, + "des3-cbc-raw", "Triple DES cbc mode raw", + &krb5_enc_des3, NULL, + krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt, + krb5_dk_string_to_key }, + + { ENCTYPE_DES3_HMAC_SHA1, + "des3-hmac-sha1", "Triple DES with HMAC/sha1", + &krb5_enc_des3, &krb5_hash_sha1, + krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, + krb5_dk_string_to_key }, + { ENCTYPE_DES_HMAC_SHA1, + "des-hmac-sha1", "DES with HMAC/sha1", + &krb5_enc_des, &krb5_hash_sha1, + krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, + krb5_dk_string_to_key }, +}; + +int krb5_enctypes_length = +sizeof(krb5_enctypes_list)/sizeof(struct krb5_keytypes); diff --git a/src/lib/crypto/etypes.h b/src/lib/crypto/etypes.h new file mode 100644 index 0000000000..53d8b655af --- /dev/null +++ b/src/lib/crypto/etypes.h @@ -0,0 +1,30 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" + +extern struct krb5_keytypes krb5_enctypes_list[]; +extern int krb5_enctypes_length; diff --git a/src/lib/crypto/hmac.c b/src/lib/crypto/hmac.c new file mode 100644 index 0000000000..7cf11a6c70 --- /dev/null +++ b/src/lib/crypto/hmac.c @@ -0,0 +1,131 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" + +/* + * the HMAC transform looks like: + * + * H(K XOR opad, H(K XOR ipad, text)) + * + * where H is a cryptographic hash + * K is an n byte key + * ipad is the byte 0x36 repeated blocksize times + * opad is the byte 0x5c repeated blocksize times + * and text is the data being protected + */ + +krb5_error_code +krb5_hmac(hash, key, icount, input, output) + krb5_const struct krb5_hash_provider *hash; + krb5_const krb5_keyblock *key; + unsigned int icount; + krb5_const krb5_data *input; + krb5_data *output; +{ + size_t hashsize, blocksize; + unsigned char *xorkey, *ihash; + int i; + krb5_data *hashin, hashout; + krb5_error_code ret; + + (*(hash->hash_size))(&hashsize); + (*(hash->block_size))(&blocksize); + + if (key->length > blocksize) + return(KRB5_CRYPTO_INTERNAL); + if (output->length < hashsize) + return(KRB5_BAD_MSIZE); + /* if this isn't > 0, then there won't be enough space in this + array to compute the outer hash */ + if (icount == 0) + return(KRB5_CRYPTO_INTERNAL); + + /* allocate space for the xor key, hash input vector, and inner hash */ + + if ((xorkey = (unsigned char *) malloc(blocksize)) == NULL) + return(ENOMEM); + if ((ihash = (unsigned char *) malloc(hashsize)) == NULL) { + free(xorkey); + return(ENOMEM); + } + if ((hashin = (krb5_data *)malloc(sizeof(krb5_data)*(icount+1))) == NULL) { + free(ihash); + free(xorkey); + return(ENOMEM); + } + + /* create the inner padded key */ + + memset(xorkey, 0x36, blocksize); + + for (i=0; i<key->length; i++) + xorkey[i] ^= key->contents[i]; + + /* compute the inner hash */ + + for (i=0; i<icount; i++) { + hashin[0].length = blocksize; + hashin[0].data = xorkey; + hashin[i+1] = input[i]; + } + + hashout.length = hashsize; + hashout.data = ihash; + + if (ret = ((*(hash->hash))(icount+1, hashin, &hashout))) + goto cleanup; + + /* create the outer padded key */ + + memset(xorkey, 0x5c, blocksize); + + for (i=0; i<key->length; i++) + xorkey[i] ^= key->contents[i]; + + /* compute the outer hash */ + + hashin[0].length = blocksize; + hashin[0].data = xorkey; + hashin[1] = hashout; + + output->length = hashsize; + + if (ret = ((*(hash->hash))(2, hashin, output))) + memset(output->data, 0, output->length); + + /* ret is set correctly by the prior call */ + +cleanup: + memset(xorkey, 0, blocksize); + memset(ihash, 0, hashsize); + + free(hashin); + free(ihash); + free(xorkey); + + return(ret); +} diff --git a/src/lib/crypto/keyed_checksum_types.c b/src/lib/crypto/keyed_checksum_types.c new file mode 100644 index 0000000000..cf0b736f2f --- /dev/null +++ b/src/lib/crypto/keyed_checksum_types.c @@ -0,0 +1,95 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "etypes.h" +#include "cksumtypes.h" + +static int etype_match(e1, e2) + krb5_enctype e1, e2; +{ + int i1, i2; + + for (i1=0; i1<krb5_enctypes_length; i1++) + if (krb5_enctypes_list[i1].etype == e1) + break; + + for (i2=0; i2<krb5_enctypes_length; i2++) + if (krb5_enctypes_list[i2].etype == e2) + break; + + return((i1 < krb5_enctypes_length) && + (i2 < krb5_enctypes_length) && + (krb5_enctypes_list[i1].enc == krb5_enctypes_list[i2].enc)); +} + +krb5_error_code +krb5_c_keyed_checksum_types(context, enctype, count, cksumtypes) + krb5_context context; + krb5_enctype enctype; + unsigned int *count; + krb5_cksumtype **cksumtypes; +{ + unsigned int i, c; + + c = 0; + for (i=0; i<krb5_cksumtypes_length; i++) { + if ((krb5_cksumtypes_list[i].keyhash && + etype_match(krb5_cksumtypes_list[i].keyed_etype, enctype)) || + (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE)) { + c++; + } + } + + *count = c; + + if ((*cksumtypes = (krb5_cksumtype *) malloc(c*sizeof(krb5_cksumtype))) + == NULL) + return(ENOMEM); + + c = 0; + for (i=0; i<krb5_cksumtypes_length; i++) { + if ((krb5_cksumtypes_list[i].keyhash && + etype_match(krb5_cksumtypes_list[i].keyed_etype, enctype)) || + (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE)) { + (*cksumtypes)[c] = krb5_cksumtypes_list[i].ctype; + c++; + } + } + + return(0); +} + +void +krb5_free_cksumtypes(context, val) + krb5_context context; + krb5_cksumtype FAR * val; +{ + if (val) + krb5_xfree(val); + return; +} + diff --git a/src/lib/crypto/keyed_cksum.c b/src/lib/crypto/keyed_cksum.c new file mode 100644 index 0000000000..0ff6d3e38c --- /dev/null +++ b/src/lib/crypto/keyed_cksum.c @@ -0,0 +1,49 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "cksumtypes.h" + +krb5_boolean is_keyed_cksum(ctype) + krb5_cksumtype ctype; +{ + int i; + + for (i=0; i<krb5_cksumtypes_length; i++) { + if (krb5_cksumtypes_list[i].ctype == ctype) { + if (krb5_cksumtypes_list[i].keyhash || + (krb5_cksumtypes_list[i].flags & + KRB5_CKSUMFLAG_DERIVE)) + return(1); + else + return(0); + } + } + + /* ick, but it's better than coredumping, which is what the + old code would have done */ + return(-1); +} diff --git a/src/lib/crypto/krb5_glue.c b/src/lib/crypto/krb5_glue.c deleted file mode 100644 index 3b26aed18c..0000000000 --- a/src/lib/crypto/krb5_glue.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - * lib/krb5/krb/crypto_glue.c - * - * Copyright 1996 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Exported routines: - * krb5_use_enctype() - * krb5_checksum_size() - * krb5_encrypt_size() - * krb5_calculate_checksum() - * krb5_verify_checksum() - * krb5_encrypt() - * krb5_decrypt() - * krb5_process_key() - * krb5_finish_key() - * krb5_string_to_key() - * krb5_init_random_key() - * krb5_finish_random_key() - * krb5_random_key() - * krb5_eblock_enctype() - * - * Internal library routines: - * is_coll_proof_cksum() - * is_keyed_cksum() - * valid_cksumtype() - * valid_enctype() - */ - -#include "k5-int.h" - - -KRB5_DLLIMP size_t KRB5_CALLCONV -krb5_encrypt_size(length, crypto) - krb5_const size_t length; - krb5_const krb5_cryptosystem_entry FAR * crypto; -{ - return krb5_roundup(length + crypto->pad_minimum, crypto->block_length); -} - -krb5_boolean KRB5_CALLCONV -valid_enctype(ktype) - krb5_const krb5_enctype ktype; -{ - return ((ktype<=krb5_max_enctype) && (ktype>0) && krb5_enctype_array[ktype]); -} - -krb5_boolean KRB5_CALLCONV -valid_cksumtype(cktype) - krb5_const krb5_cksumtype cktype; -{ - return ((cktype<=krb5_max_cksum) && (cktype>0) && krb5_cksumarray[cktype]); -} - -krb5_boolean KRB5_CALLCONV -is_coll_proof_cksum(cktype) - krb5_const krb5_cksumtype cktype; -{ - return(krb5_cksumarray[cktype]->is_collision_proof); -} - -krb5_boolean KRB5_CALLCONV -is_keyed_cksum(cktype) - krb5_const krb5_cksumtype cktype; -{ - return (krb5_cksumarray[cktype]->uses_key); -} - -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_use_enctype(context, eblock, enctype) - krb5_context context; - krb5_encrypt_block FAR * eblock; - krb5_const krb5_enctype enctype; -{ - eblock->crypto_entry = krb5_enctype_array[(enctype)]->system; - return 0; -} - -KRB5_DLLIMP size_t KRB5_CALLCONV -krb5_checksum_size(context, cktype) - krb5_context context; - krb5_const krb5_cksumtype cktype; -{ - return krb5_cksumarray[cktype]->checksum_length; -} - -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_calculate_checksum(context, cktype, in, in_length, seed, seed_length, outcksum) - krb5_context context; - krb5_const krb5_cksumtype cktype; - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; - krb5_checksum FAR *outcksum; -{ - return krb5_x(((*krb5_cksumarray[cktype]->sum_func)), - (in, in_length, seed, seed_length, outcksum)); -} - -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_verify_checksum(context, cktype, cksum, in, in_length, seed, seed_length) - krb5_context context; - krb5_const krb5_cksumtype cktype; - krb5_const krb5_checksum FAR *cksum; - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; -{ - return krb5_x((*krb5_cksumarray[cktype]->sum_verf_func), - (cksum, in, in_length, seed, seed_length)); -} - -KRB5_DLLIMP krb5_enctype KRB5_CALLCONV -krb5_eblock_enctype(context, eblock) - krb5_context context; - krb5_const krb5_encrypt_block FAR * eblock; -{ - return eblock->crypto_entry->proto_enctype; -} - -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_encrypt(context, inptr, outptr, size, eblock, ivec) - krb5_context context; - krb5_const krb5_pointer inptr; - krb5_pointer outptr; - krb5_const size_t size; - krb5_encrypt_block FAR * eblock; - krb5_pointer ivec; -{ - return krb5_x(eblock->crypto_entry->encrypt_func, - (inptr, outptr, size, eblock, ivec)); -} - - -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_decrypt(context, inptr, outptr, size, eblock, ivec) - krb5_context context; - krb5_const krb5_pointer inptr; - krb5_pointer outptr; - krb5_const size_t size; - krb5_encrypt_block FAR * eblock; - krb5_pointer ivec; -{ - return krb5_x(eblock->crypto_entry->decrypt_func, - (inptr, outptr, size, eblock, ivec)); -} - - -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_process_key(context, eblock, key) - krb5_context context; - krb5_encrypt_block FAR * eblock; - krb5_const krb5_keyblock FAR * key; -{ - return krb5_x(eblock->crypto_entry->process_key, - (eblock, key)); -} - -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_finish_key(context, eblock) - krb5_context context; - krb5_encrypt_block FAR * eblock; -{ - return krb5_x(eblock->crypto_entry->finish_key,(eblock)); -} - - -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_string_to_key(context, eblock, keyblock, data, princ) - krb5_context context; - krb5_const krb5_encrypt_block FAR * eblock; - krb5_keyblock FAR * keyblock; - krb5_const krb5_data FAR * data; - krb5_const krb5_data FAR * princ; -{ - return krb5_x(eblock->crypto_entry->string_to_key, - (eblock, keyblock, data, princ)); -} - - -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_init_random_key(context, eblock, keyblock, ptr) - krb5_context context; - krb5_const krb5_encrypt_block FAR * eblock; - krb5_const krb5_keyblock FAR * keyblock; - krb5_pointer FAR * ptr; -{ - return krb5_x(eblock->crypto_entry->init_random_key, - (eblock, keyblock, ptr)); -} - - -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_finish_random_key(context, eblock, ptr) - krb5_context context; - krb5_const krb5_encrypt_block FAR * eblock; - krb5_pointer FAR * ptr; -{ - return krb5_x(eblock->crypto_entry->finish_random_key, - (eblock, ptr)); -} - - -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_random_key(context, eblock, ptr, keyblock) - krb5_context context; - krb5_const krb5_encrypt_block FAR * eblock; - krb5_pointer ptr; - krb5_keyblock FAR * FAR * keyblock; -{ - return krb5_x(eblock->crypto_entry->random_key, - (eblock, ptr, keyblock)); -} - - diff --git a/src/lib/crypto/make_checksum.c b/src/lib/crypto/make_checksum.c new file mode 100644 index 0000000000..b2faef191f --- /dev/null +++ b/src/lib/crypto/make_checksum.c @@ -0,0 +1,111 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "cksumtypes.h" +#include "etypes.h" + +krb5_error_code +krb5_c_make_checksum(context, cksumtype, key, usage, input, cksum) + krb5_context context; + krb5_cksumtype cksumtype; + krb5_const krb5_keyblock *key; + krb5_keyusage usage; + krb5_const krb5_data *input; + krb5_checksum *cksum; +{ + int i, e1, e2; + krb5_data data; + krb5_error_code ret; + size_t cksumlen; + + for (i=0; i<krb5_cksumtypes_length; i++) { + if (krb5_cksumtypes_list[i].ctype == cksumtype) + break; + } + + if (i == krb5_cksumtypes_length) + return(KRB5_BAD_ENCTYPE); + + if (krb5_cksumtypes_list[i].keyhash) + (*(krb5_cksumtypes_list[i].keyhash->hash_size))(&cksumlen); + else + (*(krb5_cksumtypes_list[i].hash->hash_size))(&cksumlen); + + cksum->length = cksumlen; + + if ((cksum->contents = (krb5_octet *) malloc(cksum->length)) == NULL) + return(ENOMEM); + + data.length = cksum->length; + data.data = cksum->contents; + + if (krb5_cksumtypes_list[i].keyhash) { + /* check if key is compatible */ + + if (krb5_cksumtypes_list[i].keyed_etype) { + for (e1=0; e1<krb5_enctypes_length; e1++) + if (krb5_enctypes_list[e1].etype == + krb5_cksumtypes_list[i].keyed_etype) + break; + + for (e2=0; e2<krb5_enctypes_length; e2++) + if (krb5_enctypes_list[e2].etype == key->enctype) + break; + + if ((e1 == krb5_enctypes_length) || + (e2 == krb5_enctypes_length) || + (krb5_enctypes_list[e1].enc != krb5_enctypes_list[e2].enc)) { + ret = KRB5_BAD_ENCTYPE; + goto cleanup; + } + } + + ret = (*(krb5_cksumtypes_list[i].keyhash->hash))(key, 0, input, &data); + } else if (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE) { + /* any key is ok */ + + ret = krb5_dk_make_checksum(krb5_cksumtypes_list[i].hash, + key, usage, input, &data); + } else { + /* no key is used */ + + ret = (*(krb5_cksumtypes_list[i].hash->hash))(1, input, &data); + } + + if (!ret) { + cksum->magic = KV5M_CHECKSUM; + cksum->checksum_type = cksumtype; + } + +cleanup: + if (ret) { + memset(cksum->contents, 0, cksum->length); + free(cksum->contents); + } + + return(ret); +} diff --git a/src/lib/crypto/make_random_key.c b/src/lib/crypto/make_random_key.c new file mode 100644 index 0000000000..391f56dfc2 --- /dev/null +++ b/src/lib/crypto/make_random_key.c @@ -0,0 +1,84 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "etypes.h" + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_c_make_random_key(context, enctype, random_key) + krb5_context context; + krb5_enctype enctype; + krb5_keyblock *random_key; +{ + int i; + krb5_error_code ret; + struct krb5_enc_provider *enc; + size_t keybytes, keylength; + krb5_data random; + unsigned char *bytes; + + for (i=0; i<krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == enctype) + break; + } + + if (i == krb5_enctypes_length) + return(KRB5_BAD_ENCTYPE); + + enc = krb5_enctypes_list[i].enc; + + (*(enc->keysize))(&keybytes, &keylength); + + if ((bytes = (unsigned char *) malloc(keybytes)) == NULL) + return(ENOMEM); + if ((random_key->contents = (krb5_octet *) malloc(keylength)) == NULL) { + free(bytes); + return(ENOMEM); + } + + random.data = bytes; + random.length = keybytes; + + if (ret = krb5_c_random_make_octets(context, &random)) + goto cleanup; + + random_key->magic = KV5M_KEYBLOCK; + random_key->enctype = enctype; + random_key->length = keylength; + + ret = ((*(enc->make_key))(&random, random_key)); + +cleanup: + memset(bytes, 0, keybytes); + free(bytes); + + if (ret) { + memset(random_key->contents, 0, keylength); + free(random_key->contents); + } + + return(ret); +} diff --git a/src/lib/crypto/md4/.rconf b/src/lib/crypto/md4/.rconf deleted file mode 100644 index de30fd8c9c..0000000000 --- a/src/lib/crypto/md4/.rconf +++ /dev/null @@ -1,2 +0,0 @@ -ignore RFC1186.TXT -ignore RFC1186B.TXT diff --git a/src/lib/crypto/md4/ChangeLog b/src/lib/crypto/md4/ChangeLog index 3ca8c08728..7714d4a43f 100644 --- a/src/lib/crypto/md4/ChangeLog +++ b/src/lib/crypto/md4/ChangeLog @@ -1,3 +1,7 @@ +Sun Jul 19 12:00:00 1998 Marc Horowitz <marc@mit.edu> + + * *.c: replace the crypto layer. + Tue Mar 3 08:39:47 1998 Ezra Peisach <epeisach@kangaroo.mit.edu> * Makefile.in (t_cksum): Do not depend on libkrb5.a, use diff --git a/src/lib/crypto/md4/Makefile.in b/src/lib/crypto/md4/Makefile.in index 739b34b84c..be6baebb01 100644 --- a/src/lib/crypto/md4/Makefile.in +++ b/src/lib/crypto/md4/Makefile.in @@ -1,7 +1,6 @@ thisconfigdir=./.. BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U) -# -I$(srcdir) is needed to pull in $(srcdir)/rsa-md4.h for ./t_mddriver.c. -CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/../des -I"$(srcdir)" +CFLAGS = $(CCOPTS) $(DEFS) ##DOS##BUILDTOP = ..\..\.. ##DOS##PREFIXDIR=md4 @@ -11,16 +10,22 @@ CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/../des -I"$(srcdir)" PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) -RUN_SETUP=@KRB5_RUN_ENV@ +RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf -STLIBOBJS=md4.o md4glue.o md4crypto.o -OBJS= md4.$(OBJEXT) md4glue.$(OBJEXT) md4crypto.$(OBJEXT) -SRCS= $(srcdir)/md4.c $(srcdir)/md4glue.c $(srcdir)/md4crypto.c +STLIBOBJS= md4.o + +OBJS= md4.$(OBJEXT) + +SRCS= $(srcdir)/md4.c ##DOS##LIBOBJS = $(OBJS) all-unix:: all-libobjs +includes:: depend + +depend:: $(SRCS) + t_mddriver.c: $(srcdir)/../md5/t_mddriver.c $(CP) $(srcdir)/../md5/t_mddriver.c t_mddriver.c @@ -35,24 +40,13 @@ t_mddriver.exe: $(CC) -DMD=4 $(CFLAGS2) -o t_mddriver t_mddriver.c md4.c $(RM) md4.obj -t_cksum.c: $(srcdir)/../md5/t_cksum.c - $(CP) $(srcdir)/../md5/t_cksum.c t_cksum.c - -t_cksum.o: t_cksum.c - $(CC) -DMD=4 $(CFLAGS) -c t_cksum.c - -t_cksum: t_cksum.o $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o t_cksum t_cksum.o $(KRB5_BASE_LIBS) - -check-unix:: t_mddriver t_cksum +check-unix:: t_mddriver $(RUN_SETUP) $(C)t_mddriver -x - $(RUN_SETUP) $(C)t_cksum "this is a test" check-windows:: t_mddriver$(EXEEXT) $(C)t_mddriver$(EXEEXT) -x clean:: $(RM) t_mddriver$(EXEEXT) t_mddriver.$(OBJEXT) t_mddriver.c - $(RM) t_cksum$(EXEEXT) t_cksum.$(OBJEXT) t_cksum.c clean-unix:: clean-libobjs diff --git a/src/lib/crypto/md4/md4crypto.c b/src/lib/crypto/md4/md4crypto.c deleted file mode 100644 index eac9647f2d..0000000000 --- a/src/lib/crypto/md4/md4crypto.c +++ /dev/null @@ -1,385 +0,0 @@ -/* - * lib/crypto/md4/md4crypto.c - * - * Copyright 1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Kerberos glue for MD4 sample implementation. - */ - -#include "k5-int.h" -#include "rsa-md4.h" -#include "des_int.h" /* we cheat a bit and call it directly... */ - -/* - * In Kerberos V5 Beta 5 and previous releases the RSA-MD4-DES implementation - * did not follow RFC1510. The folowing definitions control the compatibility - * with these releases. - * - * If MD4_K5BETA_COMPAT is defined, then compatability mode is enabled. That - * means that both checksum functions are compiled and available for use and - * the additional interface md4_crypto_compat_ctl() is defined. - * - * If MD4_K5BETA_COMPAT_DEF is defined and compatability mode is enabled, then - * the compatible behaviour becomes the default. - * - */ -#define MD4_K5BETA_COMPAT -#define MD4_K5BETA_COMPAT_DEF - - -/* Windows needs to these prototypes for the assignment below */ - -#ifdef MD4_K5BETA_COMPAT -krb5_error_code -krb5_md4_crypto_compat_sum_func PROTOTYPE(( - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length, - krb5_checksum *outcksum)); -#endif - -krb5_error_code -krb5_md4_crypto_sum_func PROTOTYPE(( - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length, - krb5_checksum *outcksum)); - -krb5_error_code -krb5_md4_crypto_verify_func PROTOTYPE(( - krb5_const krb5_checksum FAR *cksum, - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length)); - -static mit_des_cblock zero_ivec = { 0 }; - -static void -krb5_md4_calculate_cksum(md4ctx, confound, confound_length, in, in_length) - krb5_MD4_CTX *md4ctx; - krb5_pointer confound; - size_t confound_length; - krb5_pointer in; - size_t in_length; -{ - krb5_MD4Init(md4ctx); - if (confound && confound_length) - krb5_MD4Update(md4ctx, confound, confound_length); - krb5_MD4Update(md4ctx, in, in_length); - krb5_MD4Final(md4ctx); -} - -#ifdef MD4_K5BETA_COMPAT -/* - * Generate the RSA-MD4-DES checksum in a manner which is compatible with - * K5 Beta implementations. Sigh... - */ -krb5_error_code -krb5_md4_crypto_compat_sum_func(in, in_length, seed, seed_length, outcksum) - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; - krb5_checksum FAR *outcksum; -{ - krb5_octet outtmp[OLD_RSA_MD4_DES_CKSUM_LENGTH]; - krb5_octet *input = (krb5_octet *)in; - krb5_encrypt_block eblock; - krb5_keyblock keyblock; - krb5_error_code retval; - krb5_MD4_CTX working; - - if (outcksum->length < OLD_RSA_MD4_DES_CKSUM_LENGTH) - return KRB5_BAD_MSIZE; - - krb5_MD4Init(&working); - krb5_MD4Update(&working, input, in_length); - krb5_MD4Final(&working); - - outcksum->checksum_type = CKSUMTYPE_RSA_MD4_DES; - outcksum->length = OLD_RSA_MD4_DES_CKSUM_LENGTH; - - memcpy((char *)outtmp, (char *)&working.digest[0], 16); - - memset((char *)&working, 0, sizeof(working)); - - keyblock.length = seed_length; - keyblock.contents = (krb5_octet *)seed; - keyblock.enctype = ENCTYPE_DES_CBC_MD4; - - if ((retval = mit_des_process_key(&eblock, &keyblock))) - return retval; - /* now encrypt it */ - retval = mit_des_cbc_encrypt((mit_des_cblock *)&outtmp[0], - (mit_des_cblock *)outcksum->contents, - OLD_RSA_MD4_DES_CKSUM_LENGTH, - (struct mit_des_ks_struct *)eblock.priv, - keyblock.contents, - MIT_DES_ENCRYPT); - if (retval) { - (void) mit_des_finish_key(&eblock); - return retval; - } - return mit_des_finish_key(&eblock); -} -#endif /* MD4_K5BETA_COMPAT */ - -/* - * Generate the RSA-MD4-DES checksum correctly. - */ -krb5_error_code -krb5_md4_crypto_sum_func(in, in_length, seed, seed_length, outcksum) - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; - krb5_checksum FAR *outcksum; -{ - krb5_octet outtmp[NEW_RSA_MD4_DES_CKSUM_LENGTH]; - mit_des_cblock tmpkey; - krb5_encrypt_block eblock; - krb5_keyblock keyblock; - krb5_error_code retval; - size_t i; - - krb5_MD4_CTX working; - - /* Generate the confounder in place */ - if ((retval = krb5_random_confounder(RSA_MD4_DES_CONFOUND_LENGTH, outtmp))) - return(retval); - - /* Calculate the checksum */ - krb5_md4_calculate_cksum(&working, - (krb5_pointer) outtmp, - (size_t) RSA_MD4_DES_CONFOUND_LENGTH, - in, - in_length); - - outcksum->checksum_type = CKSUMTYPE_RSA_MD4_DES; - outcksum->length = NEW_RSA_MD4_DES_CKSUM_LENGTH; - - /* Now blast in the digest */ - memcpy((char *) &outtmp[RSA_MD4_DES_CONFOUND_LENGTH], - (char *) &working.digest[0], - RSA_MD4_CKSUM_LENGTH); - - /* Clean up droppings */ - memset((char *)&working, 0, sizeof(working)); - - /* Set up the temporary copy of the key (see RFC 1510 section 6.4.3) */ - memset((char *) tmpkey, 0, sizeof(mit_des_cblock)); - for (i=0; (i<seed_length) && (i<sizeof(mit_des_cblock)); i++) - tmpkey[i] = (((krb5_octet *) seed)[i]) ^ 0xf0; - - keyblock.length = sizeof(mit_des_cblock); - keyblock.contents = (krb5_octet *) tmpkey; - keyblock.enctype = ENCTYPE_DES_CBC_MD4; - - if ((retval = mit_des_process_key(&eblock, &keyblock))) - return retval; - /* now encrypt it */ - retval = mit_des_cbc_encrypt((mit_des_cblock *)&outtmp[0], - (mit_des_cblock *)outcksum->contents, - NEW_RSA_MD4_DES_CKSUM_LENGTH, - (struct mit_des_ks_struct *)eblock.priv, - zero_ivec, - MIT_DES_ENCRYPT); - if (retval) { - (void) mit_des_finish_key(&eblock); - return retval; - } - return mit_des_finish_key(&eblock); -} - -krb5_error_code -krb5_md4_crypto_verify_func(cksum, in, in_length, seed, seed_length) - krb5_const krb5_checksum FAR *cksum; - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; -{ - krb5_octet outtmp[NEW_RSA_MD4_DES_CKSUM_LENGTH]; - mit_des_cblock tmpkey; - krb5_encrypt_block eblock; - krb5_keyblock keyblock; - krb5_error_code retval; - size_t i; - - krb5_MD4_CTX working; - - retval = 0; - if (cksum->checksum_type == CKSUMTYPE_RSA_MD4_DES) { -#ifdef MD4_K5BETA_COMPAT - /* - * We have a backwards compatibility problem here. Kerberos - * version 5 Beta 5 and previous releases did not correctly - * generate RSA-MD4-DES checksums. The way that we can - * differentiate is by the length of the provided checksum. - * If it's only OLD_RSA_MD4_DES_CKSUM_LENGTH, then it's the - * old style, otherwise it's the correct implementation. - */ - if (cksum->length == OLD_RSA_MD4_DES_CKSUM_LENGTH) { - /* - * If we're verifying the Old Style (tm) checksum, then we can just - * recalculate the checksum and encrypt it and see if it's the - * same. - */ - - /* Recalculate the checksum with no confounder */ - krb5_md4_calculate_cksum(&working, - (krb5_pointer) NULL, - (size_t) 0, - in, - in_length); - - /* Use the key "as-is" */ - keyblock.length = seed_length; - keyblock.contents = (krb5_octet *) seed; - keyblock.enctype = ENCTYPE_DES_CBC_MD4; - - if ((retval = mit_des_process_key(&eblock, &keyblock))) - return retval; - /* now encrypt the checksum */ - retval = mit_des_cbc_encrypt((mit_des_cblock *)&working.digest[0], - (mit_des_cblock *)&outtmp[0], - RSA_MD4_CKSUM_LENGTH, - (struct mit_des_ks_struct *) - eblock.priv, - keyblock.contents, - MIT_DES_ENCRYPT); - if (retval) { - (void) mit_des_finish_key(&eblock); - return retval; - } - if ((retval = mit_des_finish_key(&eblock))) - return(retval); - - /* Compare the encrypted checksums */ - if (memcmp((char *) &outtmp[0], - (char *) cksum->contents, - OLD_RSA_MD4_DES_CKSUM_LENGTH)) - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - else -#endif /* MD4_K5BETA_COMPAT */ - if (cksum->length == (NEW_RSA_MD4_DES_CKSUM_LENGTH)) { - /* - * If we're verifying the correct implementation, then we have - * to do a little more work because we must decrypt the checksum - * because it contains the confounder in it. So, figure out - * what our key variant is and then do it! - */ - - /* Set up the variant of the key (see RFC 1510 section 6.4.3) */ - memset((char *) tmpkey, 0, sizeof(mit_des_cblock)); - for (i=0; (i<seed_length) && (i<sizeof(mit_des_cblock)); i++) - tmpkey[i] = (((krb5_octet *) seed)[i]) ^ 0xf0; - - keyblock.length = sizeof(mit_des_cblock); - keyblock.contents = (krb5_octet *) tmpkey; - keyblock.enctype = ENCTYPE_DES_CBC_MD4; - - if ((retval = mit_des_process_key(&eblock, &keyblock))) - return retval; - /* now decrypt it */ - retval = mit_des_cbc_encrypt((mit_des_cblock *)cksum->contents, - (mit_des_cblock *)&outtmp[0], - NEW_RSA_MD4_DES_CKSUM_LENGTH, - (struct mit_des_ks_struct *) - eblock.priv, - zero_ivec, - MIT_DES_DECRYPT); - if (retval) { - (void) mit_des_finish_key(&eblock); - return retval; - } - if ((retval = mit_des_finish_key(&eblock))) - return(retval); - - /* Now that we have the decrypted checksum, try to regenerate it */ - krb5_md4_calculate_cksum(&working, - (krb5_pointer) outtmp, - (size_t) RSA_MD4_DES_CONFOUND_LENGTH, - in, - in_length); - - /* Compare the checksums */ - if (memcmp((char *) &outtmp[RSA_MD4_DES_CONFOUND_LENGTH], - (char *) &working.digest[0], - RSA_MD4_CKSUM_LENGTH)) - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - else - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - else - retval = KRB5KRB_AP_ERR_INAPP_CKSUM; - - /* Clean up droppings */ - memset((char *)&working, 0, sizeof(working)); - return(retval); -} - -krb5_checksum_entry rsa_md4_des_cksumtable_entry = -#if defined(MD4_K5BETA_COMPAT) && defined(MD4_K5BETA_COMPAT_DEF) -{ - 0, - krb5_md4_crypto_compat_sum_func, - krb5_md4_crypto_verify_func, - OLD_RSA_MD4_DES_CKSUM_LENGTH, - 1, /* is collision proof */ - 1, /* uses key */ -}; -#else /* MD4_K5BETA_COMPAT && MD4_K5BETA_COMPAT_DEF */ -{ - 0, - krb5_md4_crypto_sum_func, - krb5_md4_crypto_verify_func, - NEW_RSA_MD4_DES_CKSUM_LENGTH, - 1, /* is collision proof */ - 1, /* uses key */ -}; -#endif /* MD4_K5BETA_COMPAT && MD4_K5BETA_COMPAT_DEF */ - -#ifdef MD4_K5BETA_COMPAT -/* - * Turn on/off compatible checksum generation. - */ -void -krb5_md4_crypto_compat_ctl(scompat) - krb5_boolean scompat; -{ - if (scompat) { - rsa_md4_des_cksumtable_entry.sum_func = krb5_md4_crypto_compat_sum_func; - rsa_md4_des_cksumtable_entry.checksum_length = - OLD_RSA_MD4_DES_CKSUM_LENGTH; - } - else { - rsa_md4_des_cksumtable_entry.sum_func = krb5_md4_crypto_sum_func; - rsa_md4_des_cksumtable_entry.checksum_length = - NEW_RSA_MD4_DES_CKSUM_LENGTH; - } -} -#endif /* MD4_K5BETA_COMPAT */ diff --git a/src/lib/crypto/md4/md4driver.c b/src/lib/crypto/md4/md4driver.c deleted file mode 100644 index 425ef2954a..0000000000 --- a/src/lib/crypto/md4/md4driver.c +++ /dev/null @@ -1,202 +0,0 @@ -/* - * lib/crypto/md4/md4driver.c - */ - -/* - ********************************************************************** - ** md4driver.c -- sample routines to test ** - ** RSA Data Security, Inc. MD4 message digest algorithm. ** - ** Created: 2/16/90 RLR ** - ** Updated: 1/91 SRD ** - ********************************************************************** - */ - -/* - ********************************************************************** - ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** - ** ** - ** RSA Data Security, Inc. makes no representations concerning ** - ** either the merchantability of this software or the suitability ** - ** of this software for any particular purpose. It is provided "as ** - ** is" without express or implied warranty of any kind. ** - ** ** - ** These notices must be retained in any copies of any part of this ** - ** documentation and/or software. ** - ********************************************************************** - */ - -#include "k5-int.h" -#include "rsa-md4.h" - -/* Prints message digest buffer in mdContext as 32 hexadecimal digits. - Order is from low-order byte to high-order byte of digest. - Each byte is printed with high-order hexadecimal digit first. - */ -static void MDPrint (mdContext) -krb5_MD4_CTX *mdContext; -{ - int i; - - for (i = 0; i < 16; i++) - printf ("%02x", mdContext->digest[i]); -} - -/* size of test block */ -#define TEST_BLOCK_SIZE 1000 - -/* number of blocks to process */ -#define TEST_BLOCKS 2000 - -/* number of test bytes = TEST_BLOCK_SIZE * TEST_BLOCKS */ -static long TEST_BYTES = (long)TEST_BLOCK_SIZE * (long)TEST_BLOCKS; - -/* A time trial routine, to measure the speed of MD4. - Measures wall time required to digest TEST_BLOCKS * TEST_BLOCK_SIZE - characters. - */ -static void MDTimeTrial () -{ - krb5_MD4_CTX mdContext; - time_t endTime, startTime; - unsigned char data[TEST_BLOCK_SIZE]; - unsigned int i; - - /* initialize test data */ - for (i = 0; i < TEST_BLOCK_SIZE; i++) - data[i] = (unsigned char)(i & 0xFF); - - /* start timer */ - printf ("MD4 time trial. Processing %ld characters...\n", TEST_BYTES); - time (&startTime); - - /* digest data in TEST_BLOCK_SIZE byte blocks */ - krb5_MD4Init (&mdContext); - for (i = TEST_BLOCKS; i > 0; i--) - krb5_MD4Update (&mdContext, data, TEST_BLOCK_SIZE); - krb5_MD4Final (&mdContext); - /* stop timer, get time difference */ - time (&endTime); - MDPrint (&mdContext); - printf (" is digest of test input.\n"); - printf - ("Seconds to process test input: %ld\n", (long)(endTime-startTime)); - printf - ("Characters processed per second: %ld\n", - TEST_BYTES/(endTime-startTime)); -} - -/* Computes the message digest for string inString. - Prints out message digest, a space, the string (in quotes) and a - carriage return. - */ -static void MDString (inString) -char *inString; -{ - krb5_MD4_CTX mdContext; - unsigned int len = strlen (inString); - - krb5_MD4Init (&mdContext); - krb5_MD4Update (&mdContext, inString, len); - krb5_MD4Final (&mdContext); - MDPrint (&mdContext); - printf (" \"%s\"\n\n", inString); -} - -/* Computes the message digest for a specified file. - Prints out message digest, a space, the file name, and a carriage - return. - */ -static void MDFile (filename) -char *filename; -{ -#ifdef __STDC__ - FILE *inFile = fopen (filename, "rb"); -#else - FILE *inFile = fopen (filename, "r"); -#endif - krb5_MD4_CTX mdContext; - int bytes; - unsigned char data[1024]; - - if (inFile == NULL) { - printf ("%s can't be opened.\n", filename); - return; - } - - krb5_MD4Init (&mdContext); - while ((bytes = fread (data, 1, 1024, inFile)) != 0) - krb5_MD4Update (&mdContext, data, bytes); - krb5_MD4Final (&mdContext); - MDPrint (&mdContext); - printf (" %s\n", filename); - fclose (inFile); -} - - -/* Writes the message digest of the data from stdin onto stdout, - followed by a carriage return. - */ -static void MDFilter () -{ - krb5_MD4_CTX mdContext; - int bytes; - unsigned char data[16]; - - krb5_MD4Init (&mdContext); - while ((bytes = fread (data, 1, 16, stdin)) != 0) - krb5_MD4Update (&mdContext, data, bytes); - krb5_MD4Final (&mdContext); - MDPrint (&mdContext); - printf ("\n"); -} - -/* Runs a standard suite of test data. - */ -static void MDTestSuite () -{ - printf ("MD4 test suite results:\n\n"); - MDString (""); - MDString ("a"); - MDString ("abc"); - MDString ("message digest"); - MDString ("abcdefghijklmnopqrstuvwxyz"); - MDString - ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"); - MDString - ("1234567890123456789012345678901234567890\ -1234567890123456789012345678901234567890"); - /* Contents of file foo are "abc" */ - MDFile ("foo"); -} - -void main (argc, argv) -int argc; -char *argv[]; -{ - int i; - - /* For each command line argument in turn: - ** filename -- prints message digest and name of file - ** -sstring -- prints message digest and contents of string - ** -t -- prints time trial statistics for 1M characters - ** -x -- execute a standard suite of test data - ** (no args) -- writes messages digest of stdin onto stdout - */ - if (argc == 1) - MDFilter (); - else - for (i = 1; i < argc; i++) - if (argv[i][0] == '-' && argv[i][1] == 's') - MDString (argv[i] + 2); - else if (strcmp (argv[i], "-t") == 0) - MDTimeTrial (); - else if (strcmp (argv[i], "-x") == 0) - MDTestSuite (); - else MDFile (argv[i]); -} - -/* - ********************************************************************** - ** End of md4driver.c ** - ******************************* (cut) ******************************** - */ diff --git a/src/lib/crypto/md4/md4glue.c b/src/lib/crypto/md4/md4glue.c deleted file mode 100644 index f7e566e9b2..0000000000 --- a/src/lib/crypto/md4/md4glue.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * lib/crypto/md4/md4glue.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Kerberos glue for MD4 sample implementation. - */ - -#include "k5-int.h" -#include "rsa-md4.h" - -/* Windows needs to these prototypes for the assignment below */ - -krb5_error_code -krb5_md4_sum_func PROTOTYPE(( - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length, - krb5_checksum FAR *outcksum)); - -krb5_error_code -krb5_md4_verify_func PROTOTYPE(( - krb5_const krb5_checksum FAR *cksum, - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length)); - -krb5_error_code -krb5_md4_sum_func(in, in_length, seed, seed_length, outcksum) - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; - krb5_checksum FAR *outcksum; -{ - krb5_octet *input = (krb5_octet *)in; - krb5_MD4_CTX working; - - if (outcksum->length < RSA_MD4_CKSUM_LENGTH) - return KRB5_BAD_MSIZE; - - krb5_MD4Init(&working); - krb5_MD4Update(&working, input, in_length); - krb5_MD4Final(&working); - - outcksum->checksum_type = CKSUMTYPE_RSA_MD4; - outcksum->length = RSA_MD4_CKSUM_LENGTH; - - memcpy((char *)outcksum->contents, (char *)&working.digest[0], - RSA_MD4_CKSUM_LENGTH); - - memset((char *)&working, 0, sizeof(working)); - return 0; -} - -krb5_error_code -krb5_md4_verify_func(cksum, in, in_length, seed, seed_length) - krb5_const krb5_checksum FAR *cksum; - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; -{ - krb5_octet *input = (krb5_octet *)in; - krb5_MD4_CTX working; - krb5_error_code retval; - - retval = 0; - if (cksum->checksum_type == CKSUMTYPE_RSA_MD4) { - if (cksum->length == RSA_MD4_CKSUM_LENGTH) { - krb5_MD4Init(&working); - krb5_MD4Update(&working, input, in_length); - krb5_MD4Final(&working); - - if (memcmp((char *) cksum->contents, - (char *) &working.digest[0], - RSA_MD4_CKSUM_LENGTH)) - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - memset((char *)&working, 0, sizeof(working)); - } - else - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - else - retval = KRB5KRB_AP_ERR_INAPP_CKSUM; - return retval; -} - -krb5_checksum_entry rsa_md4_cksumtable_entry = { - 0, - krb5_md4_sum_func, - krb5_md4_verify_func, - RSA_MD4_CKSUM_LENGTH, - 1, /* is collision proof */ - 0, /* doesn't use key */ -}; diff --git a/src/lib/crypto/md5/ChangeLog b/src/lib/crypto/md5/ChangeLog index 1c0026add4..79fb94a7dd 100644 --- a/src/lib/crypto/md5/ChangeLog +++ b/src/lib/crypto/md5/ChangeLog @@ -1,3 +1,7 @@ +Sun Jul 19 12:00:00 1998 Marc Horowitz <marc@mit.edu> + + * *.c: replace the crypto layer. + Tue Mar 3 08:42:10 1998 Ezra Peisach <epeisach@kangaroo.mit.edu> * Makefile.in (t_cksum): Do not depend on libkrb5.a, use diff --git a/src/lib/crypto/md5/Makefile.in b/src/lib/crypto/md5/Makefile.in index 3707f897b8..219fa3081a 100644 --- a/src/lib/crypto/md5/Makefile.in +++ b/src/lib/crypto/md5/Makefile.in @@ -1,6 +1,6 @@ thisconfigdir=./.. BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U) -CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/../des +CFLAGS = $(CCOPTS) $(DEFS) ##DOS##BUILDTOP = ..\..\.. ##DOS##PREFIXDIR=md5 @@ -10,35 +10,35 @@ CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/../des PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) -RUN_SETUP = @KRB5_RUN_ENV@ +RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf -STLIBOBJS=md5.o md5glue.o md5crypto.o +STLIBOBJS= md5.o -OBJS= md5.$(OBJEXT) md5glue.$(OBJEXT) md5crypto.$(OBJEXT) -SRCS= $(srcdir)/md5.c $(srcdir)/md5glue.c $(srcdir)/md5crypto.c +OBJS= md5.$(OBJEXT) + +SRCS= $(srcdir)/md5.c ##DOS##LIBOBJS = $(OBJS) all-unix:: all-libobjs +includes:: depend + +depend:: $(SRCS) + t_mddriver: t_mddriver.o md5.o $(CC) $(CFLAGS) $(LDFLAGS) -o t_mddriver t_mddriver.o md5.o t_mddriver.exe: $(CC) $(CFLAGS2) -o t_mddriver.exe t_mddriver.c md5.c -t_cksum: t_cksum.o $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o t_cksum t_cksum.o $(KRB5_BASE_LIBS) - -check-unix:: t_mddriver t_cksum +check-unix:: t_mddriver $(RUN_SETUP) $(C)t_mddriver -x - $(RUN_SETUP) $(C)t_cksum "this is a test" check-windows:: t_mddriver$(EXEEXT) $(C)t_mddriver$(EXEEXT) -x clean:: $(RM) t_mddriver$(EXEEXT) t_mddriver.$(OBJEXT) - $(RM) t_cksum$(EXEEXT) t_cksum.$(OBJEXT) clean-unix:: clean-libobjs diff --git a/src/lib/crypto/md5/md5crypto.c b/src/lib/crypto/md5/md5crypto.c deleted file mode 100644 index b83e50e77b..0000000000 --- a/src/lib/crypto/md5/md5crypto.c +++ /dev/null @@ -1,353 +0,0 @@ -#include "k5-int.h" -#include "rsa-md5.h" -#include "des_int.h" /* we cheat a bit and call it directly... */ - -/* - * In Kerberos V5 Beta 5 and previous releases the RSA-MD5-DES implementation - * did not follow RFC1510. The folowing definitions control the compatibility - * with these releases. - * - * If MD5_K5BETA_COMPAT is defined, then compatability mode is enabled. That - * means that both checksum functions are compiled and available for use and - * the additional interface krb5_md5_crypto_compat_ctl() is defined. - * - * If MD5_K5BETA_COMPAT_DEF is defined and compatability mode is enabled, then - * the compatible behaviour becomes the default. - * - */ -#define MD5_K5BETA_COMPAT -#define MD5_K5BETA_COMPAT_DEF - - -/* Windows needs to these prototypes for the assignment below */ - -#ifdef MD5_K5BETA_COMPAT -krb5_error_code -krb5_md5_crypto_compat_sum_func PROTOTYPE(( - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length, - krb5_checksum FAR *outcksum)); -#endif - -krb5_error_code -krb5_md5_crypto_sum_func PROTOTYPE(( - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length, - krb5_checksum FAR *outcksum)); - -krb5_error_code -krb5_md5_crypto_verify_func PROTOTYPE(( - krb5_const krb5_checksum FAR *cksum, - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length)); - -static mit_des_cblock zero_ivec = { 0 }; - -static void -krb5_md5_calculate_cksum(md5ctx, confound, confound_length, in, in_length) - krb5_MD5_CTX *md5ctx; - krb5_pointer in; - size_t in_length; - krb5_pointer confound; - size_t confound_length; -{ - krb5_MD5Init(md5ctx); - if (confound && confound_length) - krb5_MD5Update(md5ctx, confound, confound_length); - krb5_MD5Update(md5ctx, in, in_length); - krb5_MD5Final(md5ctx); -} - -#ifdef MD5_K5BETA_COMPAT -krb5_error_code -krb5_md5_crypto_compat_sum_func(in, in_length, seed, seed_length, outcksum) - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; - krb5_checksum FAR *outcksum; -{ - krb5_octet outtmp[OLD_RSA_MD5_DES_CKSUM_LENGTH]; - krb5_octet *input = (krb5_octet *)in; - krb5_encrypt_block eblock; - krb5_keyblock keyblock; - krb5_error_code retval; - - krb5_MD5_CTX working; - - krb5_MD5Init(&working); - krb5_MD5Update(&working, input, in_length); - krb5_MD5Final(&working); - - outcksum->checksum_type = CKSUMTYPE_RSA_MD5_DES; - outcksum->length = OLD_RSA_MD5_DES_CKSUM_LENGTH; - - memcpy((char *)outtmp, (char *)&working.digest[0], 16); - - memset((char *)&working, 0, sizeof(working)); - - keyblock.length = seed_length; - keyblock.contents = (krb5_octet *)seed; - keyblock.enctype = ENCTYPE_DES_CBC_MD5; - - if ((retval = mit_des_process_key(&eblock, &keyblock))) - return retval; - /* now encrypt it */ - retval = mit_des_cbc_encrypt((mit_des_cblock *)&outtmp[0], - (mit_des_cblock *)outcksum->contents, - OLD_RSA_MD5_DES_CKSUM_LENGTH, - (struct mit_des_ks_struct *)eblock.priv, - keyblock.contents, - MIT_DES_ENCRYPT); - if (retval) { - (void) mit_des_finish_key(&eblock); - return retval; - } - return mit_des_finish_key(&eblock); -} -#endif /* MD5_K5BETA_COMPAT */ - -krb5_error_code -krb5_md5_crypto_sum_func(in, in_length, seed, seed_length, outcksum) - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; - krb5_checksum FAR *outcksum; -{ - krb5_octet outtmp[NEW_RSA_MD5_DES_CKSUM_LENGTH]; - mit_des_cblock tmpkey; - krb5_encrypt_block eblock; - krb5_keyblock keyblock; - krb5_error_code retval; - size_t i; - krb5_MD5_CTX working; - - if (outcksum->length < NEW_RSA_MD5_DES_CKSUM_LENGTH) - return KRB5_BAD_MSIZE; - - /* Generate the confounder in place */ - if ((retval = krb5_random_confounder(RSA_MD5_DES_CONFOUND_LENGTH, outtmp))) - return(retval); - - /* Calculate the checksum */ - krb5_md5_calculate_cksum(&working, - (krb5_pointer) outtmp, - (size_t) RSA_MD5_DES_CONFOUND_LENGTH, - in, - in_length); - - outcksum->checksum_type = CKSUMTYPE_RSA_MD5_DES; - outcksum->length = NEW_RSA_MD5_DES_CKSUM_LENGTH; - - /* Now blast in the digest */ - memcpy((char *)&outtmp[RSA_MD5_DES_CONFOUND_LENGTH], - (char *)&working.digest[0], - RSA_MD5_CKSUM_LENGTH); - - /* Clean up the droppings */ - memset((char *)&working, 0, sizeof(working)); - - /* Set up the temporary copy of the key (see RFC 1510 section 6.4.5) */ - memset((char *) tmpkey, 0, sizeof(mit_des_cblock)); - for (i=0; (i<seed_length) && (i<sizeof(mit_des_cblock)); i++) - tmpkey[i] = (((krb5_octet *) seed)[i]) ^ 0xf0; - - keyblock.length = sizeof(mit_des_cblock); - keyblock.contents = (krb5_octet *) tmpkey; - keyblock.enctype = ENCTYPE_DES_CBC_MD5; - - if ((retval = mit_des_process_key(&eblock, &keyblock))) - return retval; - /* now encrypt it */ - retval = mit_des_cbc_encrypt((mit_des_cblock *)&outtmp[0], - (mit_des_cblock *)outcksum->contents, - NEW_RSA_MD5_DES_CKSUM_LENGTH, - (struct mit_des_ks_struct *)eblock.priv, - zero_ivec, - MIT_DES_ENCRYPT); - if (retval) { - (void) mit_des_finish_key(&eblock); - return retval; - } - return mit_des_finish_key(&eblock); -} - -krb5_error_code -krb5_md5_crypto_verify_func(cksum, in, in_length, seed, seed_length) - krb5_const krb5_checksum FAR *cksum; - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; -{ - krb5_octet outtmp[NEW_RSA_MD5_DES_CKSUM_LENGTH]; - mit_des_cblock tmpkey; - krb5_encrypt_block eblock; - krb5_keyblock keyblock; - krb5_error_code retval; - size_t i; - - krb5_MD5_CTX working; - - retval = 0; - if (cksum->checksum_type == CKSUMTYPE_RSA_MD5_DES) { -#ifdef MD5_K5BETA_COMPAT - /* - * We have a backwards compatibility problem here. Kerberos - * version 5 Beta 5 and previous releases did not correctly - * generate RSA-MD5-DES checksums. The way that we can - * differentiate is by the length of the provided checksum. - * If it's only OLD_RSA_MD5_DES_CKSUM_LENGTH, then it's the - * old style, otherwise it's the correct implementation. - */ - if (cksum->length == OLD_RSA_MD5_DES_CKSUM_LENGTH) { - /* - * If we're verifying the Old Style (tm) checksum, then we can just - * recalculate the checksum and encrypt it and see if it's the - * same. - */ - - /* Recalculate the checksum with no confounder */ - krb5_md5_calculate_cksum(&working, - (krb5_pointer) NULL, - (size_t) 0, - in, - in_length); - - /* Use the key "as-is" */ - keyblock.length = seed_length; - keyblock.contents = (krb5_octet *) seed; - keyblock.enctype = ENCTYPE_DES_CBC_MD5; - - if ((retval = mit_des_process_key(&eblock, &keyblock))) - return retval; - /* now encrypt the checksum */ - retval = mit_des_cbc_encrypt((mit_des_cblock *)&working.digest[0], - (mit_des_cblock *)&outtmp[0], - OLD_RSA_MD5_DES_CKSUM_LENGTH, - (struct mit_des_ks_struct *) - eblock.priv, - keyblock.contents, - MIT_DES_ENCRYPT); - if (retval) { - (void) mit_des_finish_key(&eblock); - return retval; - } - if ((retval = mit_des_finish_key(&eblock))) - return(retval); - - /* Compare the encrypted checksums */ - if (memcmp((char *) &outtmp[0], - (char *) cksum->contents, - OLD_RSA_MD5_DES_CKSUM_LENGTH)) - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - else -#endif /* MD5_K5BETA_COMPAT */ - if (cksum->length == (NEW_RSA_MD5_DES_CKSUM_LENGTH)) { - /* - * If we're verifying the correct implementation, then we have - * to do a little more work because we must decrypt the checksum - * because it contains the confounder in it. So, figure out - * what our key variant is and then do it! - */ - - /* Set up the variant of the key (see RFC 1510 section 6.4.5) */ - memset((char *) tmpkey, 0, sizeof(mit_des_cblock)); - for (i=0; (i<seed_length) && (i<sizeof(mit_des_cblock)); i++) - tmpkey[i] = (((krb5_octet *) seed)[i]) ^ 0xf0; - - keyblock.length = sizeof(mit_des_cblock); - keyblock.contents = (krb5_octet *) tmpkey; - keyblock.enctype = ENCTYPE_DES_CBC_MD5; - - if ((retval = mit_des_process_key(&eblock, &keyblock))) - return retval; - /* now decrypt it */ - retval = mit_des_cbc_encrypt((mit_des_cblock *)cksum->contents, - (mit_des_cblock *)&outtmp[0], - NEW_RSA_MD5_DES_CKSUM_LENGTH, - (struct mit_des_ks_struct *) - eblock.priv, - zero_ivec, - MIT_DES_DECRYPT); - if (retval) { - (void) mit_des_finish_key(&eblock); - return retval; - } - if ((retval = mit_des_finish_key(&eblock))) - return(retval); - - /* Now that we have the decrypted checksum, try to regenerate it */ - krb5_md5_calculate_cksum(&working, - (krb5_pointer) outtmp, - (size_t) RSA_MD5_DES_CONFOUND_LENGTH, - in, - in_length); - - /* Compare the checksums */ - if (memcmp((char *) &outtmp[RSA_MD5_DES_CONFOUND_LENGTH], - (char *) &working.digest[0], - RSA_MD5_CKSUM_LENGTH)) - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - else - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - else - retval = KRB5KRB_AP_ERR_INAPP_CKSUM; - - /* Clean up droppings */ - memset((char *)&working, 0, sizeof(working)); - return(retval); -} - -krb5_checksum_entry rsa_md5_des_cksumtable_entry = -#if defined(MD5_K5BETA_COMPAT) && defined(MD5_K5BETA_COMPAT_DEF) -{ - 0, - krb5_md5_crypto_compat_sum_func, - krb5_md5_crypto_verify_func, - OLD_RSA_MD5_DES_CKSUM_LENGTH, - 1, /* is collision proof */ - 1, /* uses key */ -}; -#else /* MD5_K5BETA_COMPAT && MD5_K5BETA_COMPAT_DEF */ -{ - 0, - krb5_md5_crypto_sum_func, - krb5_md5_crypto_verify_func, - NEW_RSA_MD5_DES_CKSUM_LENGTH, - 1, /* is collision proof */ - 1, /* uses key */ -}; -#endif /* MD5_K5BETA_COMPAT && MD5_K5BETA_COMPAT_DEF */ - -#ifdef MD5_K5BETA_COMPAT -/* - * Turn on/off compatible checksum generation. - */ -void -krb5_md5_crypto_compat_ctl(scompat) - krb5_boolean scompat; -{ - if (scompat) { - rsa_md5_des_cksumtable_entry.sum_func = krb5_md5_crypto_compat_sum_func; - rsa_md5_des_cksumtable_entry.checksum_length = - OLD_RSA_MD5_DES_CKSUM_LENGTH; - } - else { - rsa_md5_des_cksumtable_entry.sum_func = krb5_md5_crypto_sum_func; - rsa_md5_des_cksumtable_entry.checksum_length = - NEW_RSA_MD5_DES_CKSUM_LENGTH; - } -} -#endif /* MD5_K5BETA_COMPAT */ - diff --git a/src/lib/crypto/md5/md5glue.c b/src/lib/crypto/md5/md5glue.c deleted file mode 100644 index 66d5aa7917..0000000000 --- a/src/lib/crypto/md5/md5glue.c +++ /dev/null @@ -1,89 +0,0 @@ -#include "k5-int.h" -#include "rsa-md5.h" - -/* Windows needs to these prototypes for the assignment below */ - -krb5_error_code -krb5_md5_sum_func PROTOTYPE(( - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length, - krb5_checksum FAR *outcksum)); - -krb5_error_code -krb5_md5_verify_func PROTOTYPE(( - krb5_const krb5_checksum FAR *cksum, - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length)); - -krb5_error_code -krb5_md5_sum_func(in, in_length, seed, seed_length, outcksum) - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; - krb5_checksum FAR *outcksum; -{ - krb5_octet *input = (krb5_octet *)in; - krb5_MD5_CTX working; - - if (outcksum->length < RSA_MD5_CKSUM_LENGTH) - return KRB5_BAD_MSIZE; - - krb5_MD5Init(&working); - krb5_MD5Update(&working, input, in_length); - krb5_MD5Final(&working); - - outcksum->checksum_type = CKSUMTYPE_RSA_MD5; - outcksum->length = RSA_MD5_CKSUM_LENGTH; - - memcpy((char *)outcksum->contents, (char *)&working.digest[0], 16); - - memset((char *)&working, 0, sizeof(working)); - return 0; -} - -krb5_error_code -krb5_md5_verify_func(cksum, in, in_length, seed, seed_length) - krb5_const krb5_checksum FAR *cksum; - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; -{ - krb5_octet *input = (krb5_octet *)in; - krb5_MD5_CTX working; - krb5_error_code retval; - - retval = 0; - if (cksum->checksum_type == CKSUMTYPE_RSA_MD5) { - if (cksum->length == RSA_MD5_CKSUM_LENGTH) { - krb5_MD5Init(&working); - krb5_MD5Update(&working, input, in_length); - krb5_MD5Final(&working); - - if (memcmp((char *) cksum->contents, - (char *) &working.digest[0], - RSA_MD5_CKSUM_LENGTH)) - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - memset((char *)&working, 0, sizeof(working)); - } - else - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - else - retval = KRB5KRB_AP_ERR_INAPP_CKSUM; - return retval; -} - -krb5_checksum_entry rsa_md5_cksumtable_entry = { - 0, - krb5_md5_sum_func, - krb5_md5_verify_func, - RSA_MD5_CKSUM_LENGTH, - 1, /* is collision proof */ - 0, /* doesn't use key */ -}; diff --git a/src/lib/crypto/md5/t_cksum.c b/src/lib/crypto/md5/t_cksum.c deleted file mode 100644 index 5bc63709d2..0000000000 --- a/src/lib/crypto/md5/t_cksum.c +++ /dev/null @@ -1,203 +0,0 @@ -/* - * lib/crypto/md5/t_cksum.c - * - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -/* - * t_cksum.c - Test checksum and checksum compatability for rsa-md[4,5]-des - */ - -#ifndef MD -#define MD 5 -#endif /* MD */ - -#include "k5-int.h" -#if MD == 4 -#include "rsa-md4.h" -#endif /* MD == 4 */ -#if MD == 5 -#include "rsa-md5.h" -#endif /* MD == 5 */ -#include "des_int.h" - -#define MD5_K5BETA_COMPAT -#define MD4_K5BETA_COMPAT - -#if MD == 4 -#define CONFOUNDER_LENGTH RSA_MD4_DES_CONFOUND_LENGTH -#define NEW_CHECKSUM_LENGTH NEW_RSA_MD4_DES_CKSUM_LENGTH -#define OLD_CHECKSUM_LENGTH OLD_RSA_MD4_DES_CKSUM_LENGTH -#define CHECKSUM_TYPE CKSUMTYPE_RSA_MD4_DES -#ifdef MD4_K5BETA_COMPAT -#define K5BETA_COMPAT 1 -#else /* MD4_K5BETA_COMPAT */ -#undef K5BETA_COMPAT -#endif /* MD4_K5BETA_COMPAT */ -#define CKSUM_FUNCTION krb5_md4_crypto_sum_func -#define COMPAT_FUNCTION krb5_md4_crypto_compat_sum_func -#define VERIFY_FUNCTION krb5_md4_crypto_verify_func -#endif /* MD == 4 */ - -#if MD == 5 -#define CONFOUNDER_LENGTH RSA_MD5_DES_CONFOUND_LENGTH -#define NEW_CHECKSUM_LENGTH NEW_RSA_MD5_DES_CKSUM_LENGTH -#define OLD_CHECKSUM_LENGTH OLD_RSA_MD5_DES_CKSUM_LENGTH -#define CHECKSUM_TYPE CKSUMTYPE_RSA_MD5_DES -#ifdef MD5_K5BETA_COMPAT -#define K5BETA_COMPAT 1 -#else /* MD5_K5BETA_COMPAT */ -#undef K5BETA_COMPAT -#endif /* MD5_K5BETA_COMPAT */ -#define CKSUM_FUNCTION krb5_md5_crypto_sum_func -#define COMPAT_FUNCTION krb5_md5_crypto_compat_sum_func -#define VERIFY_FUNCTION krb5_md5_crypto_verify_func -#endif /* MD == 5 */ - -static void -print_checksum(text, number, message, checksum) - char *text; - int number; - char *message; - krb5_checksum *checksum; -{ - int i; - - printf("%s MD%d checksum(\"%s\") = ", text, number, message); - for (i=0; i<checksum->length; i++) - printf("%02x", checksum->contents[i]); - printf("\n"); -} - -/* - * Test the checksum verification of Old Style (tm) and correct RSA-MD[4,5]-DES - * checksums. - */ -int -main(argc, argv) - int argc; - char **argv; -{ - int msgindex; - krb5_context kcontext; - krb5_encrypt_block encblock; - krb5_keyblock keyblock; - krb5_error_code kret; - krb5_checksum oldstyle_checksum; - krb5_checksum newstyle_checksum; - krb5_data pwdata; - char *pwd; - - pwd = "test password"; - pwdata.length = strlen(pwd); - pwdata.data = pwd; - krb5_use_enctype(kcontext, &encblock, DEFAULT_KDC_ENCTYPE); - if ((kret = mit_des_string_to_key(&encblock, &keyblock, &pwdata, NULL))) { - printf("mit_des_string_to_key choked with %d\n", kret); - return(kret); - } - if ((kret = mit_des_process_key(&encblock, &keyblock))) { - printf("mit_des_process_key choked with %d\n", kret); - return(kret); - } - - oldstyle_checksum.length = OLD_CHECKSUM_LENGTH; - if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(OLD_CHECKSUM_LENGTH))) { - printf("cannot get memory for old style checksum\n"); - return(ENOMEM); - } - newstyle_checksum.length = NEW_CHECKSUM_LENGTH; - if (!(newstyle_checksum.contents = (krb5_octet *) - malloc(NEW_CHECKSUM_LENGTH))) { - printf("cannot get memory for new style checksum\n"); - return(ENOMEM); - } - for (msgindex = 1; msgindex < argc; msgindex++) { - if ((kret = CKSUM_FUNCTION(argv[msgindex], - strlen(argv[msgindex]), - (krb5_pointer) keyblock.contents, - keyblock.length, - &newstyle_checksum))) { - printf("krb5_calculate_checksum choked with %d\n", kret); - break; - } - print_checksum("correct", MD, argv[msgindex], &newstyle_checksum); -#ifdef K5BETA_COMPAT - if ((kret = COMPAT_FUNCTION(argv[msgindex], - strlen(argv[msgindex]), - (krb5_pointer) keyblock.contents, - keyblock.length, - &oldstyle_checksum))) { - printf("old style calculate_checksum choked with %d\n", kret); - break; - } - print_checksum("old", MD, argv[msgindex], &oldstyle_checksum); -#endif /* K5BETA_COMPAT */ - if ((kret = VERIFY_FUNCTION(&newstyle_checksum, - argv[msgindex], - strlen(argv[msgindex]), - (krb5_pointer) keyblock.contents, - keyblock.length))) { - printf("verify on new checksum choked with %d\n", kret); - break; - } - printf("Verify succeeded for \"%s\"\n", argv[msgindex]); -#ifdef K5BETA_COMPAT - if ((kret = VERIFY_FUNCTION(&oldstyle_checksum, - argv[msgindex], - strlen(argv[msgindex]), - (krb5_pointer) keyblock.contents, - keyblock.length))) { - printf("verify on old checksum choked with %d\n", kret); - break; - } - printf("Compatible checksum verify succeeded for \"%s\"\n", - argv[msgindex]); -#endif /* K5BETA_COMPAT */ - newstyle_checksum.contents[0]++; - if (!(kret = VERIFY_FUNCTION(&newstyle_checksum, - argv[msgindex], - strlen(argv[msgindex]), - (krb5_pointer) keyblock.contents, - keyblock.length))) { - printf("verify on new checksum should have choked\n"); - break; - } - printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]); -#ifdef K5BETA_COMPAT - oldstyle_checksum.contents[0]++; - if (!(kret = VERIFY_FUNCTION(&oldstyle_checksum, - argv[msgindex], - strlen(argv[msgindex]), - (krb5_pointer) keyblock.contents, - keyblock.length))) { - printf("verify on old checksum should have choked\n"); - break; - } - printf("Compatible checksum verify of altered checksum OK for \"%s\"\n", - argv[msgindex]); -#endif /* K5BETA_COMPAT */ - kret = 0; - } - if (!kret) - printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD); - return(kret); -} diff --git a/src/lib/crypto/nfold.c b/src/lib/crypto/nfold.c new file mode 100644 index 0000000000..07c539ebea --- /dev/null +++ b/src/lib/crypto/nfold.c @@ -0,0 +1,132 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include <memory.h> + +/* +n-fold(k-bits): + l = lcm(n,k) + r = l/k + s = k-bits | k-bits rot 13 | k-bits rot 13*2 | ... | k-bits rot 13*(r-1) + compute the 1's complement sum: + n-fold = s[0..n-1]+s[n..2n-1]+s[2n..3n-1]+..+s[(k-1)*n..k*n-1] +*/ + +/* representation: msb first, assume n and k are multiples of 8, and + that k>=16. this is the case of all the cryptosystems which are + likely to be used. this function can be replaced if that + assumption ever fails. */ + +/* input length is in bits */ + +void +krb5_nfold(inbits, in, outbits, out) + int inbits; + krb5_const unsigned char *in; + int outbits; + unsigned char *out; +{ + int a,b,c,gcd,lcm; + int reps; + int byte, i, msbit; + + /* the code below is more readable if I make these bytes + instead of bits */ + + inbits >>= 3; + outbits >>= 3; + + /* first compute lcm(n,k) */ + + a = outbits; + b = inbits; + + while(b != 0) { + c = b; + b = a%b; + a = c; + } + + lcm = outbits*inbits/a; + + /* now do the real work */ + + memset(out, 0, outbits); + byte = 0; + + /* this will end up cycling through k lcm(k,n)/k times, which + is correct */ + for (i=lcm-1; i>=0; i--) { + /* compute the msbit in k which gets added into this byte */ + msbit = (/* first, start with the msbit in the first, unrotated + byte */ + ((inbits<<3)-1) + /* then, for each byte, shift to the right for each + repetition */ + +(((inbits<<3)+13)*(i/inbits)) + /* last, pick out the correct byte within that + shifted repetition */ + +((inbits-(i%inbits))<<3) + )%(inbits<<3); + + /* pull out the byte value itself */ + byte += (((in[((inbits-1)-(msbit>>3))%inbits]<<8)| + (in[((inbits)-(msbit>>3))%inbits])) + >>((msbit&7)+1))&0xff; + + /* do the addition */ + byte += out[i%outbits]; + out[i%outbits] = byte&0xff; + +#if 0 + printf("msbit[%d] = %d\tbyte = %02x\tsum = %03x\n", i, msbit, + (((in[((inbits-1)-(msbit>>3))%inbits]<<8)| + (in[((inbits)-(msbit>>3))%inbits])) + >>((msbit&7)+1))&0xff, byte); +#endif + + /* keep around the carry bit, if any */ + byte >>= 8; + +#if 0 + printf("carry=%d\n", byte); +#endif + } + + /* if there's a carry bit left over, add it back in */ + if (byte) { + for (i=outbits-1; i>=0; i--) { + /* do the addition */ + byte += out[i]; + out[i] = byte&0xff; + + /* keep around the carry bit, if any */ + byte >>= 8; + } + } +} + diff --git a/src/lib/crypto/old_api_glue.c b/src/lib/crypto/old_api_glue.c new file mode 100644 index 0000000000..64be9b8891 --- /dev/null +++ b/src/lib/crypto/old_api_glue.c @@ -0,0 +1,360 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" + +krb5_error_code krb5_encrypt(context, inptr, outptr, size, eblock, ivec) + krb5_context context; + krb5_const krb5_pointer inptr; + krb5_pointer outptr; + krb5_const size_t size; + krb5_encrypt_block FAR * eblock; + krb5_pointer ivec; +{ + krb5_data inputd, ivecd; + krb5_enc_data outputd; + size_t blocksize, outlen; + krb5_error_code ret; + + if (ivec) { + if (ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize)) + return(ret); + + ivecd.length = blocksize; + ivecd.data = ivec; + } + + /* size is the length of the input cleartext data */ + inputd.length = size; + inputd.data = inptr; + + /* The size of the output buffer isn't part of the old api. Not too + safe. So, we assume here that it's big enough. */ + if (ret = krb5_c_encrypt_length(context, eblock->key->enctype, size, + &outlen)) + return(ret); + + outputd.ciphertext.length = outlen; + outputd.ciphertext.data = outptr; + + return(krb5_c_encrypt(context, eblock->key, 0, ivec?&ivecd:0, + &inputd, &outputd)); +} + +krb5_error_code krb5_decrypt(context, inptr, outptr, size, eblock, ivec) + krb5_context context; + krb5_const krb5_pointer inptr; + krb5_pointer outptr; + krb5_const size_t size; + krb5_encrypt_block FAR * eblock; + krb5_pointer ivec; +{ + krb5_enc_data inputd; + krb5_data outputd, ivecd; + size_t blocksize; + krb5_error_code ret; + + if (ivec) { + if (ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize)) + return(ret); + + ivecd.length = blocksize; + ivecd.data = ivec; + } + + /* size is the length of the input ciphertext data */ + inputd.enctype = eblock->key->enctype; + inputd.ciphertext.length = size; + inputd.ciphertext.data = inptr; + + /* we don't really know how big this is, but the code tends to assume + that the output buffer size should be the same as the input + buffer size */ + outputd.length = size; + outputd.data = outptr; + + return(krb5_c_decrypt(context, eblock->key, 0, ivec?&ivecd:0, + &inputd, &outputd)); +} + +krb5_error_code krb5_process_key(context, eblock, key) + krb5_context context; + krb5_encrypt_block FAR * eblock; + krb5_const krb5_keyblock FAR * key; +{ + eblock->key = (krb5_keyblock *) key; + + return(0); +} + +krb5_error_code krb5_finish_key(context, eblock) + krb5_context context; + krb5_encrypt_block FAR * eblock; +{ + return(0); +} + +krb5_error_code krb5_string_to_key(context, eblock, keyblock, data, salt) + krb5_context context; + krb5_const krb5_encrypt_block FAR * eblock; + krb5_keyblock FAR * keyblock; + krb5_const krb5_data FAR * data; + krb5_const krb5_data FAR * salt; +{ + return(krb5_c_string_to_key(context, eblock->crypto_entry, data, salt, + keyblock)); +} + +krb5_error_code krb5_init_random_key(context, eblock, keyblock, ptr) + krb5_context context; + krb5_const krb5_encrypt_block FAR * eblock; + krb5_const krb5_keyblock FAR * keyblock; + krb5_pointer FAR * ptr; +{ + krb5_data data; + + data.length = keyblock->length; + data.data = keyblock->contents; + + return(krb5_c_random_seed(context, &data)); +} + +krb5_error_code krb5_finish_random_key(context, eblock, ptr) + krb5_context context; + krb5_const krb5_encrypt_block FAR * eblock; + krb5_pointer FAR * ptr; +{ + return(0); +} + +krb5_error_code krb5_random_key(context, eblock, ptr, keyblock) + krb5_context context; + krb5_const krb5_encrypt_block FAR * eblock; + krb5_pointer ptr; + krb5_keyblock FAR * FAR * keyblock; +{ + krb5_keyblock *key; + krb5_error_code ret; + + if ((key = (krb5_keyblock *) malloc(sizeof(krb5_keyblock))) == NULL) + return(ENOMEM); + + if (ret = krb5_c_make_random_key(context, eblock->crypto_entry, key)) + free(key); + + *keyblock = key; + + return(ret); +} + +krb5_enctype krb5_eblock_enctype(context, eblock) + krb5_context context; + krb5_const krb5_encrypt_block FAR * eblock; +{ + return(eblock->crypto_entry); +} + +krb5_error_code krb5_use_enctype(context, eblock, enctype) + krb5_context context; + krb5_encrypt_block FAR * eblock; + krb5_const krb5_enctype enctype; +{ + eblock->crypto_entry = enctype; + + return(0); +} + +size_t krb5_encrypt_size(length, crypto) + size_t length; + krb5_enctype crypto; +{ + size_t ret; + + if (krb5_c_encrypt_length(/* XXX */ 0, crypto, length, &ret)) + return(-1); /* XXX */ + + return(ret); +} + +size_t krb5_checksum_size(context, ctype) + krb5_context context; + krb5_cksumtype ctype; +{ + size_t ret; + + if (krb5_c_checksum_length(context, ctype, &ret)) + return(-1); /* XXX */ + + return(ret); +} + +krb5_error_code krb5_calculate_checksum(context, ctype, in, in_length, + seed, seed_length, outcksum) + krb5_context context; + krb5_const krb5_cksumtype ctype; + krb5_const krb5_pointer in; + krb5_const size_t in_length; + krb5_const krb5_pointer seed; + krb5_const size_t seed_length; + krb5_checksum FAR * outcksum; +{ + krb5_data input; + krb5_keyblock key; + krb5_error_code ret; + krb5_checksum cksum; + + input.data = in; + input.length = in_length; + + key.length = seed_length; + key.contents = seed; + + if (ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum)) + return(ret); + + if (outcksum->length < cksum.length) { + memset(cksum.contents, 0, cksum.length); + free(cksum.contents); + return(KRB5_BAD_MSIZE); + } + + outcksum->magic = cksum.magic; + outcksum->checksum_type = cksum.checksum_type; + memcpy(outcksum->contents, cksum.contents, cksum.length); + outcksum->length = cksum.length; + + free(cksum.contents); + + return(0); +} + +krb5_error_code krb5_verify_checksum(context, ctype, cksum, in, in_length, + seed, seed_length) + krb5_context context; + krb5_cksumtype ctype; + krb5_const krb5_checksum FAR * cksum; + krb5_const krb5_pointer in; + krb5_const size_t in_length; + krb5_const krb5_pointer seed; + krb5_const size_t seed_length; +{ + krb5_data input; + krb5_keyblock key; + krb5_error_code ret; + krb5_boolean valid; + + input.data = in; + input.length = in_length; + + key.length = seed_length; + key.contents = seed; + + if (ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum, + &valid)) + return(ret); + + if (!valid) + return(KRB5KRB_AP_ERR_BAD_INTEGRITY); + + return(0); +} + +krb5_error_code krb5_random_confounder(size, ptr) + size_t size; + krb5_pointer ptr; +{ + krb5_data random; + + random.length = size; + random.data = ptr; + + return(krb5_c_random_make_octets(/* XXX */ 0, &random)); +} + +krb5_error_code krb5_encrypt_data(context, key, ivec, data, enc_data) + krb5_context context; + krb5_keyblock *key; + krb5_pointer ivec; + krb5_data *data; + krb5_enc_data *enc_data; +{ + krb5_error_code ret; + size_t enclen, blocksize; + krb5_data ivecd; + + if (ret = krb5_c_encrypt_length(context, key->enctype, data->length, + &enclen)) + return(ret); + + if (ivec) { + if (ret = krb5_c_block_size(context, key->enctype, &blocksize)) + return(ret); + + ivecd.length = blocksize; + ivecd.data = ivec; + } + + enc_data->magic = KV5M_ENC_DATA; + enc_data->kvno = 0; + enc_data->enctype = key->enctype; + enc_data->ciphertext.length = enclen; + if ((enc_data->ciphertext.data = malloc(enclen)) == NULL) + return(ENOMEM); + + if (ret = krb5_c_encrypt(context, key, 0, ivec?&ivecd:0, data, enc_data)) + free(enc_data->ciphertext.data); + + return(ret); +} + +krb5_error_code krb5_decrypt_data(context, key, ivec, enc_data, data) + krb5_context context; + krb5_keyblock *key; + krb5_pointer ivec; + krb5_enc_data *enc_data; + krb5_data *data; +{ + krb5_error_code ret; + krb5_data ivecd; + size_t blocksize; + + if (ivec) { + if (ret = krb5_c_block_size(context, key->enctype, &blocksize)) + return(ret); + + ivecd.length = blocksize; + ivecd.data = ivec; + } + + data->length = enc_data->ciphertext.length; + if ((data->data = (krb5_octet *) malloc(data->length)) == NULL) + return(ENOMEM); + + if (ret = krb5_c_decrypt(context, key, 0, ivec?&ivecd:0, enc_data, data)) + free(data->data); + + return(0); +} diff --git a/src/lib/crypto/os/.Sanitize b/src/lib/crypto/os/.Sanitize deleted file mode 100644 index 2e24ee69f4..0000000000 --- a/src/lib/crypto/os/.Sanitize +++ /dev/null @@ -1,39 +0,0 @@ -# Sanitize.in for Kerberos V5 - -# Each directory to survive it's way into a release will need a file -# like this one called "./.Sanitize". All keyword lines must exist, -# and must exist in the order specified by this file. Each directory -# in the tree will be processed, top down, in the following order. - -# Hash started lines like this one are comments and will be deleted -# before anything else is done. Blank lines will also be squashed -# out. - -# The lines between the "Do-first:" line and the "Things-to-keep:" -# line are executed as a /bin/sh shell script before anything else is -# done in this - -Do-first: - -# All files listed between the "Things-to-keep:" line and the -# "Files-to-sed:" line will be kept. All other files will be removed. -# Directories listed in this section will have their own Sanitize -# called. Directories not listed will be removed in their entirety -# with rm -rf. - -Things-to-keep: - -.cvsignore -ChangeLog -Makefile.in -configure -configure.in -c_localaddr.c -c_ustime.c -rnd_confoun.c - -Things-to-lose: - -Do-last: - -# End of file. diff --git a/src/lib/crypto/os/ChangeLog b/src/lib/crypto/os/ChangeLog deleted file mode 100644 index ebcb593a1b..0000000000 --- a/src/lib/crypto/os/ChangeLog +++ /dev/null @@ -1,204 +0,0 @@ -Wed Feb 18 16:08:30 1998 Tom Yu <tlyu@mit.edu> - - * Makefile.in: Remove trailing slash from thisconfigdir. Fix up - BUILDTOP for new conventions. - -Fri Feb 13 15:20:54 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * Makefile.in (thisconfigdir), configure.in: Point the - configuration directory at our parent, and remove our - local configure.in - -Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile - -Fri Nov 28 21:23:42 1997 Tom Yu <tlyu@mit.edu> - - * configure.in: Add AC_PROG_LN_S to deal with symlinking in - memmove.c. This is a kludge, as we really should have a more sane - way to deal with missing posix functions. - -Thu Sep 25 21:53:11 1997 Tom Yu <tlyu@mit.edu> - - * c_localaddr.c: Replace KRB5_USE_INET with something more sane. - -Tue Aug 12 09:09:14 1997 Ezra Peisach <epeisach@mit.edu> - - * Makefile.in (SRCS): Add $(srcdir) as needed. - -Fri Jul 4 00:13:02 1997 Theodore Y. Ts'o <tytso@mit.edu> - - * c_localaddr.c (local_addr_fallback_kludge): Added Winsock - kludge for finding your local IP address. May not work - for all stacks, so we use it as a fallback. - -Sat Feb 22 18:54:53 1997 Richard Basch <basch@lehman.com> - - * Makefile.in: Use some of the new library list build rules in - win-post.in - -Mon Feb 17 17:24:41 1997 Richard Basch <basch@lehman.com> - - * c_ustime.c: Fixed microsecond adjustment code (win32) - -Thu Nov 21 00:58:04 EST 1996 Richard Basch <basch@lehman.com> - - * Makefile.in: Win32 build - - * c_ustime.c: The Win32 time calculation is different from DOS' - so the DOS version shouldn't be trying to use the same - part of the ifdef. - - * rnd_confoun.c: Fix function declaration (win32) - -Sun Dec 29 21:54:42 1996 Tom Yu <tlyu@mit.edu> - - * Makefile.in: - * configure.in: Update to use new library building procedure. - -Wed Jun 12 00:12:52 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * c_ustime.c: Fix WIN32 to be _WIN32 - - * c_localaddr.c: Add #ifdef _WIN32 in places where we had #ifdef _MSDOS - - -Sat Feb 24 00:34:15 1996 Theodore Y. Ts'o <tytso@dcl> - - * c_ustime.c (krb5_crypto_us_timeofday): Add Windows 95/NT time - function. (Does this time function work under Windows? - We'll find out....) - -Thu Feb 15 10:57:27 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * c_localaddr.c: Set magic number in krb5_address. - -Fri Oct 6 22:00:48 1995 Theodore Y. Ts'o <tytso@dcl> - - * Makefile.in: Remove ##DOS!include of config/windows.in. - config/windows.in is now included by wconfig. - -Mon Sep 25 16:49:15 1995 Theodore Y. Ts'o <tytso@dcl> - - * Makefile.in: Removed "foo:: foo-$(WHAT)" lines from the - Makefile. - -Fri Sep 22 12:00:00 1995 James Mattly <mattly@fusion.com> - - * c_localaddr.c: change close on a socket to closesocket, sockets on - macintosh arn't files - -Wed Sep 13 10:33:53 1995 Keith Vetter (keithv@fusion.com) - - * Makefile.in: PC builds all C files because of function name changes. - * c_localtime.c, c_ustime.c: removed INTERFACE keyword. - -Wed Sep 13 17:32:36 1995 Theodore Y. Ts'o <tytso@dcl> - - * c_localaddr.c (krb5_crypto_os_localaddr): Clear the buffer - before calling the SIOCGIFCONF ioctl. This makes purify - happy. - -Thu Sep 7 12:00:00 1995 James Mattly <mattly@fusion.com> - - * Renamed ustime.c to c_ustime.c - * Renamed localaddr.c to c_localaddr.c because Mac can't have - two files with the same name. - * Makefile.in, .Sanitize updated for the above change. - -Thu Aug 24 18:40:48 1995 Theodore Y. Ts'o <tytso@dcl> - - * .Sanitize: Update file list - -Sat Jul 29 03:17:21 1995 Tom Yu <tlyu@lothlorien.MIT.EDU> - - * localaddr.c (krb5_crypto_os_localaddr): Don't bash the return - from SIOCGIFCONF with the output of a SIOCGIFFLAGS. Duh. - -Wed Jul 19 17:17:54 1995 Tom Yu <tlyu@lothlorien.MIT.EDU> - - * localaddr.c: also add definition of max if it's not there. - - * localaddr.c: fix definition of ifreq_size so it actually works - -Mon Jul 17 16:04:00 1995 Sam Hartman <hartmans@tertius.mit.edu> - - * localaddr.c (krb5_crypto_os_localaddr): Deal with variable sized - ifreq structures if sockaddr contains sa_len field. - - * configure.in: Check to see if struct sockaddr has sa_len. - -Thu Jul 6 17:13:11 1995 Tom Yu <tlyu@lothlorien.MIT.EDU> - - * localaddr.c: migrated from lib/krb5/os - - * ustime.c: migrated from lib/krb5/os; removed context variable - from arglist. - - * Makefile.in: don't copy or remove localaddr.c and ustime.c; - they're local now. - -Fri Jun 9 19:18:41 1995 <tytso@rsx-11.mit.edu> - - * configure.in: Remove standardized set of autoconf macros, which - are now handled by CONFIG_RULES. - -Thu May 25 22:16:35 1995 Theodore Y. Ts'o (tytso@dcl) - - * configure.in, Makefile.in: Add support for shared libraries. - -Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com) - - * *.[ch]: removed unneeded INTERFACE from non-api functions. - -Sat Mar 25 15:38:23 1995 Mark Eichin <eichin@cygnus.com> - - * Makefile.in (memmove.c): memmove.c is in krb5/posix, not krb5/os. - -Wed Mar 22 11:44:07 1995 <tytso@rsx-11.mit.edu> - - * Makefile.in: Use $(SRCTOP) instead of $(srcdir), since Mac's - don't like dealing with $(U)$(U). - -Fri Mar 17 16:21:46 1995 Theodore Y. Ts'o (tytso@dcl) - - * Makefile.in: Fix rules for localdr.c, ustime.c, and memmove.c so - that they reference $(srcdir) where appropriate. - -Thu Mar 16 21:24:43 1995 John Gilmore (gnu at toad.com) - - * Makefile.in (LDFLAGS): Eliminate, comes in from pre.in. - (all-mac): Add. - (localaddr.c, ustime.c, memmove.c): Fix paths to work on Mac. - -Tue Mar 14 17:23:02 1995 Keith Vetter (keithv@fusion.com) - - * Makefile.in: no longer need to bring in ustime and localaddr for - windows since everything's going into one DLL in the end. - -Thu Mar 2 17:56:48 1995 Keith Vetter (keithv@fusion.com) - - * Makefile.in: changed LIBNAME for the PC, and brought in ustime - and localaddr from the krb/os directory. - * rnd_conf.c: added cast to the seed assignment. - -Mon Feb 20 16:25:36 1995 Keith Vetter (keithv@fusion.com) - - * Makfile.in: made to work for the PC - * rnd_confoun.c: added windows INTERFACE keyword - -Wed Jan 25 20:24:35 1995 John Gilmore (gnu at toad.com) - - * rnd_confoun.c: Replace <.../...> includes with "..."s. - -Mon Oct 24 14:58:14 1994 (tytso@rsx-11) - - * configure.in: - * rnd_confoun.c (krb5_random_confounder): Use the srand48/lrand48 - functions if available. - -Fri Oct 14 00:21:05 1994 Theodore Y. Ts'o (tytso@dcl) - - * Makefile.in: Remove symlinked files on make clean. - diff --git a/src/lib/crypto/os/Makefile.in b/src/lib/crypto/os/Makefile.in deleted file mode 100644 index d4c5f41416..0000000000 --- a/src/lib/crypto/os/Makefile.in +++ /dev/null @@ -1,28 +0,0 @@ -thisconfigdir=./.. -BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U) -CFLAGS = $(CCOPTS) $(DEFS) - -##DOS##BUILDTOP = ..\..\.. -##DOS##PREFIXDIR=os -##DOS##OBJFILE=..\os.lst -##WIN16##LIBNAME=..\crypto.lib - -STLIBOBJS = rnd_confoun.o c_localaddr.o c_ustime.o @LIBOBJS@ - -COBJS= rnd_confoun.$(OBJEXT) c_localaddr.$(OBJEXT) c_ustime.$(OBJEXT) -OBJS= $(COBJS) $(LIBOBJS) - -SRCS= $(srcdir)/rnd_confoun.c $(srcdir)/c_localaddr.c $(srcdir)/c_ustime.c - -##DOS##LIBOBJS = $(COBJS) - -all-unix:: all-libobjs - -memmove.c: $(SRCTOP)$(S)lib$(S)krb5$(S)posix$(S)memmove.c - -$(LN) $(SRCTOP)$(S)lib$(S)krb5$(S)posix$(S)memmove.c $@ - -memmove.o: memmove.c - -clean-unix:: clean-libobjs -clean:: - $(RM) memmove.c diff --git a/src/lib/crypto/os/c_localaddr.c b/src/lib/crypto/os/c_localaddr.c deleted file mode 100644 index 3b3bcb474f..0000000000 --- a/src/lib/crypto/os/c_localaddr.c +++ /dev/null @@ -1,348 +0,0 @@ -/* - * lib/crypto/os/c_localaddr.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Return the protocol addresses supported by this host. - * - * XNS support is untested, but "Should just work". - */ - - -#define NEED_SOCKETS -#include "k5-int.h" - -#if !defined(HAVE_MACSOCK_H) && !defined(_MSDOS) && !defined(_WIN32) - -/* needed for solaris, harmless elsewhere... */ -#define BSD_COMP -#include <sys/ioctl.h> -#include <sys/time.h> -#include <errno.h> - -/* - * The SIOCGIF* ioctls require a socket. - * It doesn't matter *what* kind of socket they use, but it has to be - * a socket. - * - * Of course, you can't just ask the kernel for a socket of arbitrary - * type; you have to ask for one with a valid type. - * - */ -#ifdef HAVE_NETINET_IN_H - -#include <netinet/in.h> - -#ifndef USE_AF -#define USE_AF AF_INET -#define USE_TYPE SOCK_DGRAM -#define USE_PROTO 0 -#endif - -#endif - -#ifdef KRB5_USE_NS - -#include <netns/ns.h> - -#ifndef USE_AF -#define USE_AF AF_NS -#define USE_TYPE SOCK_DGRAM -#define USE_PROTO 0 /* guess */ -#endif - -#endif -/* - * Add more address families here. - */ - -/* - * BSD 4.4 defines the size of an ifreq to be - * max(sizeof(ifreq), sizeof(ifreq.ifr_name)+ifreq.ifr_addr.sa_len - * However, under earlier systems, sa_len isn't present, so the size is - * just sizeof(struct ifreq) - */ -#ifdef HAVE_SA_LEN -#ifndef max -#define max(a,b) ((a) > (b) ? (a) : (b)) -#endif -#define ifreq_size(i) max(sizeof(struct ifreq),\ - sizeof((i).ifr_name)+(i).ifr_addr.sa_len) -#else -#define ifreq_size(i) sizeof(struct ifreq) -#endif /* HAVE_SA_LEN*/ - - - -extern int errno; - -/* - * Return all the protocol addresses of this host. - * - * We could kludge up something to return all addresses, assuming that - * they're valid kerberos protocol addresses, but we wouldn't know the - * real size of the sockaddr or know which part of it was actually the - * host part. - * - * This uses the SIOCGIFCONF, SIOCGIFFLAGS, and SIOCGIFADDR ioctl's. - */ - -krb5_error_code -krb5_crypto_os_localaddr(addr) - krb5_address ***addr; -{ - struct ifreq *ifr, ifreq; - struct ifconf ifc; - int s, code, n, i; - char buf[1024]; - krb5_address *addr_temp [ 1024/sizeof(struct ifreq) ]; - int n_found; - int mem_err = 0; - - memset(buf, 0, sizeof(buf)); - ifc.ifc_len = sizeof(buf); - ifc.ifc_buf = buf; - - s = socket (USE_AF, USE_TYPE, USE_PROTO); - if (s < 0) - return errno; - - code = ioctl (s, SIOCGIFCONF, (char *)&ifc); - if (code < 0) { - int retval = errno; - closesocket (s); - return retval; - } - n = ifc.ifc_len; - -n_found = 0; - for (i = 0; i < n; i+= ifreq_size(*ifr) ) { - krb5_address *address; - ifr = (struct ifreq *)((caddr_t) ifc.ifc_buf+i); - - strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof (ifreq.ifr_name)); - if (ioctl (s, SIOCGIFFLAGS, (char *)&ifreq) < 0) - continue; - -#ifdef IFF_LOOPBACK - if (ifreq.ifr_flags & IFF_LOOPBACK) - continue; -#endif - - if (!(ifreq.ifr_flags & IFF_UP)) - /* interface is down; skip */ - continue; - - /* ifr->ifr_addr has what we want! */ - switch (ifr->ifr_addr.sa_family) { -#ifdef HAVE_NETINET_IN_H - case AF_INET: - { - struct sockaddr_in *in = - (struct sockaddr_in *)&ifr->ifr_addr; - - address = (krb5_address *) - malloc (sizeof(krb5_address)); - if (address) { - address->magic = KV5M_ADDRESS; - address->addrtype = ADDRTYPE_INET; - address->length = sizeof(struct in_addr); - address->contents = (unsigned char *)malloc(address->length); - if (!address->contents) { - krb5_xfree(address); - address = 0; - mem_err++; - } else { - memcpy ((char *)address->contents, - (char *)&in->sin_addr, - address->length); - break; - } - } else mem_err++; - } -#endif -#ifdef KRB5_USE_NS - case AF_XNS: - { - struct sockaddr_ns *ns = - (struct sockaddr_ns *)&ifr->ifr_addr; - address = (krb5_address *) - malloc (sizeof (krb5_address) + sizeof (struct ns_addr)); - if (address) { - address->magic = KV5M_ADDRESS; - address->addrtype = ADDRTYPE_XNS; - - /* XXX should we perhaps use ns_host instead? */ - - address->length = sizeof(struct ns_addr); - address->contents = (unsigned char *)malloc(address->length); - if (!address->contents) { - krb5_xfree(address); - address = 0; - mem_err++; - } else { - memcpy ((char *)address->contents, - (char *)&ns->sns_addr, - address->length); - break; - } - } else mem_err++; - break; - } -#endif - /* - * Add more address families here.. - */ - default: - continue; - } - if (address) - addr_temp[n_found++] = address; - address = 0; - } - closesocket(s); - - *addr = (krb5_address **)malloc (sizeof (krb5_address *) * (n_found+1)); - if (*addr == 0) - mem_err++; - - if (mem_err) { - for (i=0; i<n_found; i++) { - krb5_xfree(addr_temp[i]); - addr_temp[i] = 0; - } - return ENOMEM; - } - - for (i=0; i<n_found; i++) { - (*addr)[i] = addr_temp[i]; - } - (*addr)[n_found] = 0; - return 0; -} - -#else /* Windows/Mac version */ - -/* - * Hold on to your lunch! Backup kludge method of obtaining your - * local IP address, courtesy of Windows Socket Network Programming, - * by Robert Quinn - */ -#if defined(_MSDOS) || defined(_WIN32) -static struct hostent *local_addr_fallback_kludge() -{ - static struct hostent host; - static SOCKADDR_IN addr; - static char * ip_ptrs[2]; - SOCKET sock; - int size = sizeof(SOCKADDR); - int err; - - sock = socket(AF_INET, SOCK_DGRAM, 0); - if (sock == INVALID_SOCKET) - return NULL; - - /* connect to arbitrary port and address (NOT loopback) */ - addr.sin_family = AF_INET; - addr.sin_port = htons(IPPORT_ECHO); - addr.sin_addr.s_addr = inet_addr("204.137.220.51"); - - err = connect(sock, (LPSOCKADDR) &addr, sizeof(SOCKADDR)); - if (err == SOCKET_ERROR) - return NULL; - - err = getsockname(sock, (LPSOCKADDR) &addr, (int FAR *) size); - if (err == SOCKET_ERROR) - return NULL; - - closesocket(sock); - - host.h_name = 0; - host.h_aliases = 0; - host.h_addrtype = AF_INET; - host.h_length = 4; - host.h_addr_list = ip_ptrs; - ip_ptrs[0] = (char *) &addr.sin_addr.s_addr; - ip_ptrs[1] = NULL; - - return &host; -} -#endif - -/* No ioctls in winsock so we just assume there is only one networking - * card per machine, so gethostent is good enough. - */ -krb5_error_code -krb5_crypto_os_localaddr (krb5_address ***addr) { - char host[64]; /* Name of local machine */ - struct hostent *hostrec; - int err; - - *addr = calloc (2, sizeof (krb5_address *)); - if (*addr == NULL) - return ENOMEM; - -#ifdef HAVE_MACSOCK_H - hostrec = getmyipaddr(); -#else /* HAVE_MACSOCK_H */ - err = 0; - - if (gethostname (host, sizeof(host))) { - err = WSAGetLastError(); - } - - if (!err) { - hostrec = gethostbyname (host); - if (hostrec == NULL) { - err = WSAGetLastError(); - } - } - - if (err) { - hostrec = local_addr_fallback_kludge(); - if (!hostrec) - return err; - } -#endif /* HAVE_MACSOCK_H */ - - (*addr)[0] = calloc (1, sizeof(krb5_address)); - if ((*addr)[0] == NULL) { - free (*addr); - return ENOMEM; - } - (*addr)[0]->magic = KV5M_ADDRESS; - (*addr)[0]->addrtype = hostrec->h_addrtype; - (*addr)[0]->length = hostrec->h_length; - (*addr)[0]->contents = (unsigned char *)malloc((*addr)[0]->length); - if (!(*addr)[0]->contents) { - free((*addr)[0]); - free(*addr); - return ENOMEM; - } else { - memcpy ((*addr)[0]->contents, - hostrec->h_addr, - (*addr)[0]->length); - } - /* FIXME, deal with the case where gethostent returns multiple addrs */ - - return(0); -} -#endif diff --git a/src/lib/crypto/os/c_ustime.c b/src/lib/crypto/os/c_ustime.c deleted file mode 100644 index e790acc956..0000000000 --- a/src/lib/crypto/os/c_ustime.c +++ /dev/null @@ -1,316 +0,0 @@ -/* - * lib/crypto/os/c_ustime.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb5_mstimeofday for BSD 4.3 - */ - -#define NEED_SOCKETS -#include "k5-int.h" - -#ifdef macintosh - -/* We're a Macintosh -- do Mac time things. */ - -/* - * This code is derived from kerberos/src/lib/des/mac_time.c from - * the Cygnus Support release of Kerberos V4: - * - * mac_time.c - * (Originally time_stuff.c) - * Copyright 1989 by the Massachusetts Institute of Technology. - * Macintosh ooperating system interface for Kerberos. - */ - -#include "AddressXlation.h" /* for ip_addr, for #if 0'd net-time stuff */ - -#include <script.h> /* Defines MachineLocation, used by getTimeZoneOffset */ -#include <ToolUtils.h> /* Defines BitTst(), called by getTimeZoneOffset() */ -#include <OSUtils.h> /* Defines GetDateTime */ - -/* Mac Cincludes */ -#include <string.h> -#include <stddef.h> - -static krb5_int32 last_sec = 0, last_usec = 0; - -/* - * The Unix epoch is 1/1/70, the Mac epoch is 1/1/04. - * - * 70 - 4 = 66 year differential - * - * Thus the offset is: - * - * (66 yrs) * (365 days/yr) * (24 hours/day) * (60 mins/hour) * (60 secs/min) - * plus - * (17 leap days) * (24 hours/day) * (60 mins/hour) * (60 secs/min) - * - * Don't forget the offset from GMT. - */ - -/* returns the offset in hours between the mac local time and the GMT */ -/* unsigned krb5_int32 */ -krb5_int32 -getTimeZoneOffset() -{ - MachineLocation macLocation; - long gmtDelta; - - macLocation.u.gmtDelta=0L; - ReadLocation(&macLocation); - gmtDelta=macLocation.u.gmtDelta & 0x00FFFFFF; - if (BitTst((void *)&gmtDelta,23L)) - gmtDelta |= 0xFF000000; - gmtDelta /= 3600L; - return(gmtDelta); -} - -/* Returns the GMT in seconds (and fake microseconds) using the Unix epoch */ - -krb5_error_code -krb5_crypto_us_timeofday(seconds, microseconds) - krb5_int32 *seconds, *microseconds; -{ - krb5_int32 sec, usec; - time_t the_time; - - GetDateTime (&the_time); - - sec = the_time - - ((66 * 365 * 24 * 60 * 60) + (17 * 24 * 60 * 60) + - (getTimeZoneOffset() * 60 * 60)); - - usec = 0; /* Mac is too slow to count faster than once a second */ - - if ((sec == last_sec) && (usec == last_usec)) { - if (++last_usec >= 1000000) { - last_usec = 0; - last_sec++; - } - sec = last_sec; - usec = last_usec; - } - else { - last_sec = sec; - last_usec = usec; - } - - *seconds = sec; - *microseconds = usec; - - return 0; -} - - -#elif defined(_WIN32) - - /* Microsoft Windows NT and 95 (32bit) */ - /* This one works for WOW (Windows on Windows, ntvdm on Win-NT) */ - -#include <time.h> -#include <sys/timeb.h> -#include <string.h> - -krb5_error_code -krb5_crypto_us_timeofday(seconds, microseconds) -register krb5_int32 *seconds, *microseconds; -{ - struct _timeb timeptr; - krb5_int32 sec, usec; - static krb5_int32 last_sec = 0; - static krb5_int32 last_usec = 0; - - _ftime(&timeptr); /* Get the current time */ - sec = timeptr.time; - usec = timeptr.millitm * 1000; - - if ((sec == last_sec) && (usec <= last_usec)) { /* Same as last time??? */ - usec = ++last_usec; - if (usec >= 1000000) { - ++sec; - usec = 0; - } - } - last_sec = sec; /* Remember for next time */ - last_usec = usec; - - *seconds = sec; /* Return the values */ - *microseconds = usec; - - return 0; -} - -#elif defined (_MSDOS) - - -/* - * Originally written by John Gilmore, Cygnus Support, May '94. - * Public Domain. - */ - -#include <time.h> -#include <sys/timeb.h> -#include <dos.h> -#include <string.h> - -/* - * Time handling. Translate Unix time calls into Kerberos internal - * procedure calls. - * - * Due to the fact that DOS time can be unreliable we have reverted - * to using the AT hardware clock and converting it to Unix time. - */ - -static time_t win_gettime (); -static long win_time_get_epoch(); /* Adjust for MSC 7.00 bug */ - -krb5_error_code -krb5_crypto_us_timeofday(seconds, microseconds) -register krb5_int32 *seconds, *microseconds; -{ - krb5_int32 sec, usec; - static krb5_int32 last_sec = 0; - static krb5_int32 last_usec = 0; - - sec = win_gettime (); /* Get the current time */ - usec = 0; /* Can't do microseconds */ - - if (sec == last_sec) { /* Same as last time??? */ - usec = ++last_usec; /* Yep, so do microseconds */ - if (usec >= 1000000) { - ++sec; - usec = 0; - } - } - last_sec = sec; /* Remember for next time */ - last_usec = usec; - - *seconds = sec; /* Return the values */ - *microseconds = usec; - - return 0; -} - - -static time_t -win_gettime () { - struct tm tm; - union _REGS inregs; /* For calling BIOS */ - union _REGS outregs; - struct _timeb now; - time_t time; - long convert; /* MSC 7.00 bug work around */ - - _ftime(&now); /* Daylight savings time */ - - /* Get time from AT hardware clock INT 0x1A, AH=2 */ - memset(&inregs, 0, sizeof(inregs)); - inregs.h.ah = 2; - _int86(0x1a, &inregs, &outregs); - - /* 0x13 = decimal 13, hence the decoding below */ - tm.tm_sec = 10 * ((outregs.h.dh & 0xF0) >> 4) + (outregs.h.dh & 0x0F); - tm.tm_min = 10 * ((outregs.h.cl & 0xF0) >> 4) + (outregs.h.cl & 0x0F); - tm.tm_hour = 10 * ((outregs.h.ch & 0xF0) >> 4) + (outregs.h.ch & 0x0F); - - /* Get date from AT hardware clock INT 0x1A, AH=4 */ - memset(&inregs, 0, sizeof(inregs)); - inregs.h.ah = 4; - _int86(0x1a, &inregs, &outregs); - - tm.tm_mday = 10 * ((outregs.h.dl & 0xF0) >> 4) + (outregs.h.dl & 0x0F); - tm.tm_mon = 10 * ((outregs.h.dh & 0xF0) >> 4) + (outregs.h.dh & 0x0F) - 1; - tm.tm_year = 10 * ((outregs.h.cl & 0xF0) >> 4) + (outregs.h.cl & 0x0F); - tm.tm_year += 100 * ((10 * (outregs.h.ch & 0xF0) >> 4) - + (outregs.h.ch & 0x0F) - 19); - - tm.tm_wday = 0; - tm.tm_yday = 0; - tm.tm_isdst = now.dstflag; - - time = mktime(&tm); - - convert = win_time_get_epoch(); - return time + convert; - -} - - -/* - * This routine figures out the current time epoch and returns the - * conversion factor. It exists because - * Microloss screwed the pooch on the time() and _ftime() calls in - * its release 7.0 libraries. They changed the epoch to Dec 31, 1899! - * Idiots... We try to cope. - */ - -static struct tm jan_1_70 = {0, 0, 0, 1, 0, 70}; -static long epoch = 0; -static int epoch_set = 0; - -long -win_time_get_epoch() -{ - - if (!epoch_set) { - epoch = 0 - mktime (&jan_1_70); /* Seconds til 1970 localtime */ - epoch += _timezone; /* Seconds til 1970 GMT */ - epoch_set = 1; - } - return epoch; -} - - -#else - - -/* We're a Unix machine -- do Unix time things. */ - -extern int errno; - -static struct timeval last_tv = {0, 0}; - -krb5_error_code -krb5_crypto_us_timeofday(seconds, microseconds) - register krb5_int32 *seconds, *microseconds; -{ - struct timeval tv; - - if (gettimeofday(&tv, (struct timezone *)0) == -1) { - /* failed, return errno */ - return (krb5_error_code) errno; - } - if ((tv.tv_sec == last_tv.tv_sec) && (tv.tv_usec == last_tv.tv_usec)) { - if (++last_tv.tv_usec >= 1000000) { - last_tv.tv_usec = 0; - last_tv.tv_sec++; - } - tv = last_tv; - } else - last_tv = tv; - - *seconds = tv.tv_sec; - *microseconds = tv.tv_usec; - return 0; -} - -#endif diff --git a/src/lib/crypto/os/rnd_confoun.c b/src/lib/crypto/os/rnd_confoun.c deleted file mode 100644 index e904cb5c7a..0000000000 --- a/src/lib/crypto/os/rnd_confoun.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - * lib/crypto/os/rnd_confoun.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb5_random_confounder() - */ - -#include "k5-int.h" - -#ifdef HAVE_SYS_TIME_H -#include <sys/time.h> -#ifdef TIME_WITH_SYS_TIME -#include <time.h> -#endif -#else -#include <time.h> -#endif - -#ifdef HAVE_SRAND48 -#define SRAND srand48 -#define RAND lrand48 -#define RAND_TYPE long -#endif - -#if !defined(RAND_TYPE) && defined(HAVE_SRAND) -#define SRAND srand -#define RAND rand -#define RAND_TYPE int -#endif - -#if !defined(RAND_TYPE) && defined(HAVE_SRANDOM) -#define SRAND srandom -#define RAND random -#define RAND_TYPE long -#endif - -#if !defined(RAND_TYPE) -You need a random number generator! -#endif - -/* - * Generate a random confounder - */ -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_random_confounder(size, fillin) -size_t size; -krb5_pointer fillin; -{ - static int seeded = 0; - register krb5_octet *real_fill; - RAND_TYPE rval; - - if (!seeded) { - /* time() defined in 4.12.2.4, but returns a time_t, which is an - "arithmetic type" (4.12.1) */ - rval = (RAND_TYPE) time(0); - SRAND(rval); -#ifdef HAVE_GETPID - rval = RAND(); - rval ^= getpid(); - SRAND(rval); -#endif - seeded = 1; - } - - real_fill = (krb5_octet *)fillin; - while (size > 0) { - rval = RAND(); - *real_fill = rval & 0xff; - real_fill++; - size--; - if (size) { - *real_fill = (rval >> 8) & 0xff; - real_fill++; - size--; - } - } - return 0; -} diff --git a/src/lib/crypto/prng.c b/src/lib/crypto/prng.c new file mode 100644 index 0000000000..2d4f6647d4 --- /dev/null +++ b/src/lib/crypto/prng.c @@ -0,0 +1,155 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "enc_provider.h" + +/* This random number generator is a feedback generator based on a + block cipher. It uses DES by default, since it guaranteed to be + present in the system, but can be changed. As new seed data comes + in, the old state is folded with the new seed into new state. Each + time random bytes are requested, the seed is used as a key and + cblock, and the encryption is used as the output. The output is + fed back as new seed data, as described above. */ + +/* this can be replaced with another encryption provider, since + everything below uses it abstractly */ + +struct krb5_enc_provider *enc = &krb5_enc_des; + +/* XXX state. Should it be in krb5_context? */ + +static int inited = 0; +static size_t blocksize, keybytes, keylength; +static int random_count; +/* keybytes | state-block | encblock | key | new-keybytes | new-state-block */ +static unsigned char *random_state; +#define STATE (random_state) +#define STATEKEY (STATE) +#define STATEBLOCK (STATEKEY+keybytes) +#define STATESIZE (keybytes+blocksize) +#define OUTPUT (STATE) +#define OUTPUTSIZE (STATESIZE+blocksize) +#define RANDBLOCK (STATEBLOCK+blocksize) +#define KEYCONTENTS (RANDBLOCK+blocksize) +#define NEWSTATE (KEYCONTENTS+keylength) +#define ALLSTATESIZE (keybytes+blocksize*2+keylength+keybytes+blocksize) + +krb5_error_code +krb5_c_random_seed(krb5_context context, krb5_data *data) +{ + unsigned char *fold_input; + + if (inited == 0) { + /* this does a bunch of malloc'ing up front, so that + generating random keys doesn't have to malloc, so it can't + fail. seeding still malloc's, but that's less common. */ + + enc->block_size(&blocksize); + enc->keysize(&keybytes, &keylength); + if ((random_state = (unsigned char *) malloc(ALLSTATESIZE)) == NULL) + return(ENOMEM); + random_count = 0; + inited = 1; + + krb5_nfold(data->length*8, data->data, STATESIZE*8, STATE); + + return(0); + } + + if ((fold_input = + (unsigned char *) malloc(data->length+STATESIZE)) == NULL) + return(ENOMEM); + + memcpy(fold_input, data->data, data->length); + memcpy(fold_input+data->length, STATE, STATESIZE); + + krb5_nfold((data->length+STATESIZE)*8, fold_input, + STATESIZE*8, STATE); + free(fold_input); + return(0); +} + +krb5_error_code +krb5_c_random_make_octets(krb5_context context, krb5_data *data) +{ + krb5_error_code ret; + krb5_data data1, data2; + krb5_keyblock key; + int bytes; + + if (inited == 0) { + /* i need some entropy. I'd use the current time and pid, but + that could cause portability problems. */ + abort(); + } + + bytes = 0; + + while (bytes < data->length) { + if (random_count == 0) { + /* set up random krb5_data, and key to be filled in */ + data1.length = keybytes; + data1.data = STATEKEY; + key.length = keylength; + key.contents = KEYCONTENTS; + + /* fill it in */ + if (ret = ((*(enc->make_key))(&data1, &key))) + return(ret); + + /* encrypt the block */ + data1.length = blocksize; + data1.data = STATEBLOCK; + data2.length = blocksize; + data2.data = RANDBLOCK; + if (ret = ((*(enc->encrypt))(&key, NULL, &data1, &data2))) + return(ret); + + /* fold the new output back into the state */ + + krb5_nfold(OUTPUTSIZE*8, OUTPUT, STATESIZE*8, NEWSTATE); + memcpy(STATE, NEWSTATE, STATESIZE); + + random_count = blocksize; + } + + if ((data->length - bytes) <= random_count) { + memcpy(data->data + bytes, RANDBLOCK+(blocksize-random_count), + data->length - bytes); + random_count -= (data->length - bytes); + break; + } + + memcpy(data->data + bytes, RANDBLOCK+(blocksize - random_count), + random_count); + + bytes += random_count; + random_count = 0; + } + + return(0); +} diff --git a/src/lib/crypto/raw_des.c b/src/lib/crypto/raw_des.c deleted file mode 100644 index 65e0ebdbbd..0000000000 --- a/src/lib/crypto/raw_des.c +++ /dev/null @@ -1,100 +0,0 @@ -/* - * lib/crypto/raw-des.c - * - * Copyright 1994, 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include "des_int.h" - -krb5_error_code mit_raw_des_encrypt_func - PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, - krb5_encrypt_block *, krb5_pointer )); - -krb5_error_code mit_raw_des_decrypt_func - PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, - krb5_encrypt_block *, krb5_pointer )); - -static krb5_cryptosystem_entry mit_raw_des_cryptosystem_entry = { - 0, - mit_raw_des_encrypt_func, - mit_raw_des_decrypt_func, - mit_des_process_key, - mit_des_finish_key, - mit_des_string_to_key, - mit_des_init_random_key, - mit_des_finish_random_key, - mit_des_random_key, - sizeof(mit_des_cblock), - 0, - sizeof(mit_des_cblock), - ENCTYPE_DES_CBC_RAW - }; - -krb5_cs_table_entry krb5_raw_des_cst_entry = { - 0, - &mit_raw_des_cryptosystem_entry, - 0 - }; - -krb5_error_code -mit_raw_des_decrypt_func(in, out, size, key, ivec) - krb5_const_pointer in; - krb5_pointer out; - const size_t size; - krb5_encrypt_block * key; - krb5_pointer ivec; -{ - return (mit_des_cbc_encrypt ((const mit_des_cblock *) in, - out, - size, - (struct mit_des_ks_struct *)key->priv, - ivec ? ivec : (krb5_pointer)key->key->contents, - MIT_DES_DECRYPT)); -} - -krb5_error_code -mit_raw_des_encrypt_func(in, out, size, key, ivec) - krb5_const_pointer in; - krb5_pointer out; - const size_t size; - krb5_encrypt_block * key; - krb5_pointer ivec; -{ - int sumsize; - - /* round up to des block size */ - - sumsize = krb5_roundup(size, sizeof(mit_des_cblock)); - - /* assemble crypto input into the output area, then encrypt in place. */ - - memset((char *)out, 0, sumsize); - memcpy((char *)out, (char *)in, size); - - /* We depend here on the ability of this DES implementation to - encrypt plaintext to ciphertext in-place. */ - return (mit_des_cbc_encrypt (out, - out, - sumsize, - (struct mit_des_ks_struct *)key->priv, - ivec ? ivec : (krb5_pointer)key->key->contents, - MIT_DES_ENCRYPT)); -} diff --git a/src/lib/crypto/sha/.Sanitize b/src/lib/crypto/sha/.Sanitize deleted file mode 100644 index 886bb2b0a3..0000000000 --- a/src/lib/crypto/sha/.Sanitize +++ /dev/null @@ -1,42 +0,0 @@ -# Sanitize.in for Kerberos V5 - -# Each directory to survive it's way into a release will need a file -# like this one called "./.Sanitize". All keyword lines must exist, -# and must exist in the order specified by this file. Each directory -# in the tree will be processed, top down, in the following order. - -# Hash started lines like this one are comments and will be deleted -# before anything else is done. Blank lines will also be squashed -# out. - -# The lines between the "Do-first:" line and the "Things-to-keep:" -# line are executed as a /bin/sh shell script before anything else is -# done in this - -Do-first: - -# All files listed between the "Things-to-keep:" line and the -# "Files-to-sed:" line will be kept. All other files will be removed. -# Directories listed in this section will have their own Sanitize -# called. Directories not listed will be removed in their entirety -# with rm -rf. - -Things-to-keep: - -.cvsignore -ChangeLog -Makefile.in -configure -configure.in -sha_crypto.c -sha_glue.c -shs.c -shs.h -hmac_sha.c -t_shs.c - -Things-to-lose: - -Do-last: - -# End of file. diff --git a/src/lib/crypto/sha/ChangeLog b/src/lib/crypto/sha/ChangeLog deleted file mode 100644 index 19abbbf6ed..0000000000 --- a/src/lib/crypto/sha/ChangeLog +++ /dev/null @@ -1,89 +0,0 @@ -Wed Feb 18 16:09:05 1998 Tom Yu <tlyu@mit.edu> - - * Makefile.in: Remove trailing slash from thisconfigdir. Fix up - BUILDTOP for new conventions. - -Fri Feb 13 15:20:54 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * Makefile.in (thisconfigdir), configure.in: Point the - configuration directory at our parent, and remove our - local configure.in - -Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile - -Tue Oct 28 16:37:18 1997 Tom Yu <tlyu@voltage-multiplier.mit.edu> - - * shs.c, sha_glue.c, hmac_sha.c: Fix to deal with LONG wider than - 32 bits. - - * t_shs.c: Print out the actual and expected values on error. - -Sat Feb 22 18:52:09 1997 Richard Basch <basch@lehman.com> - - * Makefile.in: Use some of the new library list build rules in - win-post.in - -Thu Jan 30 21:31:39 1997 Richard Basch <basch@lehman.com> - - * sha_crypto.c sha_glue.c: - Declare the functions to take const args where possible - Remove extra includes - - * sha_crypto.c: Function prototypes did not match function names. - -Thu Nov 21 00:58:04 EST 1996 Richard Basch <basch@lehman.com> - - * Makefile.in: Win32 build fixed - -Sun Dec 29 21:56:35 1996 Tom Yu <tlyu@mit.edu> - - * Makefile.in: - * configure.in: Update to use new library build procedure. - -Wed Aug 28 17:40:53 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * shs.c: Only include sys/types.h if present. - - * configure.in: Check for sys/types.h - -Thu Jun 13 10:54:27 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * hmac_sha.c: Include string.h for memcpy prototype - -Sat Jun 8 07:44:35 1996 Ezra Peisach (epeisach@mit.edu) - - * shs.c (longReverse): Test for big vs little endian failed for - little endian machines. - -Thu Jun 6 15:43:26 1996 Theodore Y. Ts'o <tytso@mit.edu> - - * shs.c (longReverse): Don't use htonl(); it doesn't exist under - Windows. Instead do the test by casting a pointer to an - integer to a char *. - -Mon May 20 17:15:32 1996 Theodore Y. Ts'o <tytso@mit.edu> - - * t_shs.c (main): Don't do timing tests; it takes too long! - -Tue May 14 17:09:36 1996 Richard Basch <basch@lehman.com> - - * .Sanitize: reflect current files - * Makefile.in: added hmac-sha - * hmac_sha.c: implement HMAC-SHA - * sha_crypto.c: use hmac-sha - * sha_glue.c: sanity check the passed in checksum length - * shs.h: replaced sha-des3 with hmac-sha - -Fri May 10 11:19:53 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * shs.c (longReverse): Remove extraneous \. - (expand): Start #define in first column. - -Fri May 10 01:19:18 1996 Richard Basch <basch@lehman.com> - - * Makefile.in configure.in t_shs.c sha_glue.c sha_crypto.c shs.c shs.h: - Initial check-in of the functions to support the NIST FIPS 180 - SHA algorithm. Provide interfaces for cksum-sha, cksum-sha-des3. - (enctype-des3-sha is also being defined) diff --git a/src/lib/crypto/sha/Makefile.in b/src/lib/crypto/sha/Makefile.in deleted file mode 100644 index 058ac0db00..0000000000 --- a/src/lib/crypto/sha/Makefile.in +++ /dev/null @@ -1,43 +0,0 @@ -thisconfigdir=./.. -BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U) -CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/../des - -##DOS##BUILDTOP = ..\..\.. -##DOS##PREFIXDIR=sha -##DOS##OBJFILE=..\sha.lst -##WIN16##LIBNAME=..\crypto.lib - -STLIBOBJS=shs.o hmac_sha.o sha_crypto.o sha_glue.o - -OBJS= shs.$(OBJEXT) \ - hmac_sha.$(OBJEXT) \ - sha_crypto.$(OBJEXT) \ - sha_glue.$(OBJEXT) - -SRCS= $(srcdir)/shs.c \ - $(srcdir)/hmac_sha.c \ - $(srcdir)/sha_crypto.c \ - $(srcdir)/sha_glue.c - - -##DOS##LIBOBJS = $(OBJS) - - -all-unix:: all-libobjs - -t_shs: t_shs.o shs.o - $(CC) $(CFLAGS) $(LDFLAGS) -o t_shs t_shs.o shs.o - -t_shs.exe: - $(CC) $(CFLAGS2) -o t_shs.exe t_shs.c shs.c - -check-unix:: t_shs - $(C)t_shs -x - -check-windows:: t_shs$(EXEEXT) - $(C)t_shs$(EXEEXT) -x - -clean:: - $(RM) t_shs$(EXEEXT) t_shs.$(OBJEXT) - -clean-unix:: clean-libobjs diff --git a/src/lib/crypto/sha/hmac_sha.c b/src/lib/crypto/sha/hmac_sha.c deleted file mode 100644 index d57092e69a..0000000000 --- a/src/lib/crypto/sha/hmac_sha.c +++ /dev/null @@ -1,101 +0,0 @@ -#include <string.h> -#include "shs.h" - -#define PAD_SZ 64 - - -krb5_error_code -hmac_sha(text, text_len, key, key_len, digest) - krb5_octet * text; /* pointer to data stream */ - int text_len; /* length of data stream */ - krb5_octet * key; /* pointer to authentication key */ - int key_len; /* length of authentication key */ - krb5_octet * digest; /* caller digest to be filled in */ -{ - SHS_INFO context; - krb5_octet k_ipad[PAD_SZ]; /* inner padding - key XORd with ipad */ - krb5_octet k_opad[PAD_SZ]; /* outer padding - key XORd with opad */ - int i; - krb5_octet *cp; - LONG *lp; - - /* sanity check parameters */ - if (!text || !key || !digest) - /* most heinous, probably should log something */ - return EINVAL; - - /* if key is longer than 64 bytes reset it to key=SHA(key) */ - if (key_len > sizeof(k_ipad)) { - shsInit(&context); - shsUpdate(&context, key, key_len); - shsFinal(&context); - - cp = digest; - lp = context.digest; - while (cp < digest + SHS_DIGESTSIZE) { - *cp++ = (*lp >> 24) & 0xff; - *cp++ = (*lp >> 16) & 0xff; - *cp++ = (*lp >> 8) & 0xff; - *cp++ = *lp++ & 0xff; - } - key = digest; - key_len = SHS_DIGESTSIZE; - } - - /* - * the HMAC_SHA transform looks like: - * - * SHA(K XOR opad, SHA(K XOR ipad, text)) - * - * where K is an n byte key - * ipad is the byte 0x36 repeated 64 times - * opad is the byte 0x5c repeated 64 times - * and text is the data being protected - */ - - /* start out by storing key in pads */ - memset(k_ipad, 0x36, sizeof(k_ipad)); - memset(k_opad, 0x5c, sizeof(k_opad)); - - /* XOR key with ipad and opad values */ - for (i = 0; i < key_len; i++) { - k_ipad[i] ^= key[i]; - k_opad[i] ^= key[i]; - } - - /* - * perform inner SHA - */ - shsInit(&context); - shsUpdate(&context, k_ipad, sizeof(k_ipad)); - shsUpdate(&context, text, text_len); - shsFinal(&context); - - cp = digest; - lp = context.digest; - while (cp < digest + SHS_DIGESTSIZE) { - *cp++ = (*lp >> 24) & 0xff; - *cp++ = (*lp >> 16) & 0xff; - *cp++ = (*lp >> 8) & 0xff; - *cp++ = *lp++ & 0xff; - } - - /* - * perform outer SHA - */ - shsInit(&context); - shsUpdate(&context, k_opad, sizeof(k_opad)); - shsUpdate(&context, digest, SHS_DIGESTSIZE); - shsFinal(&context); - - cp = digest; - lp = context.digest; - while (cp < digest + SHS_DIGESTSIZE) { - *cp++ = (*lp >> 24) & 0xff; - *cp++ = (*lp >> 16) & 0xff; - *cp++ = (*lp >> 8) & 0xff; - *cp++ = *lp++ & 0xff; - } - - return 0; -} diff --git a/src/lib/crypto/sha/sha_crypto.c b/src/lib/crypto/sha/sha_crypto.c deleted file mode 100644 index b539b1199f..0000000000 --- a/src/lib/crypto/sha/sha_crypto.c +++ /dev/null @@ -1,76 +0,0 @@ -#include "shs.h" - -/* Windows needs to these prototypes for the assignment below */ - -static krb5_error_code -krb5_sha_crypto_sum_func - PROTOTYPE((krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length, - krb5_checksum FAR *outcksum)); - -static krb5_error_code -krb5_sha_crypto_verify_func - PROTOTYPE((krb5_const krb5_checksum FAR *cksum, - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length)); - -static krb5_error_code -krb5_sha_crypto_sum_func(in, in_length, seed, seed_length, outcksum) - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; - krb5_checksum FAR *outcksum; -{ - krb5_error_code retval; - - if (outcksum->length < HMAC_SHA_CKSUM_LENGTH) - return KRB5_BAD_MSIZE; - - outcksum->checksum_type = CKSUMTYPE_HMAC_SHA; - outcksum->length = HMAC_SHA_CKSUM_LENGTH; - - retval = hmac_sha(in, in_length, seed, seed_length, outcksum->contents); - return retval; -} - -static krb5_error_code -krb5_sha_crypto_verify_func(cksum, in, in_length, seed, seed_length) - krb5_const krb5_checksum FAR *cksum; - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; -{ - krb5_octet digest[HMAC_SHA_CKSUM_LENGTH]; - krb5_error_code retval; - - if (cksum->checksum_type != CKSUMTYPE_HMAC_SHA) - return KRB5KRB_AP_ERR_INAPP_CKSUM; - if (cksum->length != HMAC_SHA_CKSUM_LENGTH) - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - - retval = hmac_sha(in, in_length, seed, seed_length, digest); - if (retval) goto cleanup; - - if (memcmp((char *)digest, (char *)cksum->contents, cksum->length)) - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - -cleanup: - memset((char *)digest, 0, sizeof(digest)); - return retval; -} - -krb5_checksum_entry hmac_sha_cksumtable_entry = -{ - 0, - krb5_sha_crypto_sum_func, - krb5_sha_crypto_verify_func, - HMAC_SHA_CKSUM_LENGTH, - 1, /* is collision proof */ - 1, /* uses key */ -}; diff --git a/src/lib/crypto/sha/sha_glue.c b/src/lib/crypto/sha/sha_glue.c deleted file mode 100644 index 58a93b7230..0000000000 --- a/src/lib/crypto/sha/sha_glue.c +++ /dev/null @@ -1,97 +0,0 @@ -#include "shs.h" - -krb5_error_code -krb5_sha_sum_func - PROTOTYPE((krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length, - krb5_checksum FAR *outcksum)); - -krb5_error_code -krb5_sha_verify_func - PROTOTYPE((krb5_const krb5_checksum FAR *cksum, - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length)); - -krb5_error_code -krb5_sha_sum_func(in, in_length, seed, seed_length, outcksum) - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; - krb5_checksum FAR *outcksum; -{ - krb5_octet *input = (krb5_octet *)in; - krb5_octet *cp; - LONG *lp; - SHS_INFO working; - - if (outcksum->length < SHS_DIGESTSIZE) - return KRB5_BAD_MSIZE; - - shsInit(&working); - shsUpdate(&working, input, in_length); - shsFinal(&working); - - outcksum->checksum_type = CKSUMTYPE_NIST_SHA; - outcksum->length = SHS_DIGESTSIZE; - - cp = outcksum->contents; - lp = working.digest; - while (lp < working.digest + 16) { - *cp++ = (*lp >> 24) & 0xff; - *cp++ = (*lp >> 16) & 0xff; - *cp++ = (*lp >> 8) & 0xff; - *cp++ = (*lp++) & 0xff; - } - memset((char *)&working, 0, sizeof(working)); - return 0; -} - -krb5_error_code -krb5_sha_verify_func(cksum, in, in_length, seed, seed_length) - krb5_const krb5_checksum FAR *cksum; - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; -{ - krb5_octet *input = (krb5_octet *)in; - SHS_INFO working; - krb5_error_code retval; - int i; - krb5_octet *cp; - - if (cksum->checksum_type != CKSUMTYPE_NIST_SHA) - return KRB5KRB_AP_ERR_INAPP_CKSUM; - if (cksum->length != SHS_DIGESTSIZE) - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - - shsInit(&working); - shsUpdate(&working, input, in_length); - shsFinal(&working); - - retval = 0; - for (i = 0, cp = cksum->contents; i < 5; i++, cp += 4) { - if (working.digest[i] != - (LONG) cp[0] << 24 | (LONG) cp[1] << 16 | - (LONG) cp[2] << 8 | (LONG) cp[3]) { - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - break; - } - } - memset((char *) &working, 0, sizeof(working)); - return retval; -} - -krb5_checksum_entry nist_sha_cksumtable_entry = { - 0, - krb5_sha_sum_func, - krb5_sha_verify_func, - SHS_DIGESTSIZE, - 1, /* is collision proof */ - 0, /* doesn't use key */ -}; diff --git a/src/lib/crypto/sha/shs.c b/src/lib/crypto/sha/shs.c deleted file mode 100644 index e18f3af9e2..0000000000 --- a/src/lib/crypto/sha/shs.c +++ /dev/null @@ -1,392 +0,0 @@ -#ifdef HAVE_SYS_TYPES_H -#include <sys/types.h> -#endif -#include <string.h> -#include "shs.h" - -/* The SHS f()-functions. The f1 and f3 functions can be optimized to - save one boolean operation each - thanks to Rich Schroeppel, - rcs@cs.arizona.edu for discovering this */ - -#define f1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) /* Rounds 0-19 */ -#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */ -#define f3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) /* Rounds 40-59 */ -#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */ - -/* The SHS Mysterious Constants */ - -#define K1 0x5A827999L /* Rounds 0-19 */ -#define K2 0x6ED9EBA1L /* Rounds 20-39 */ -#define K3 0x8F1BBCDCL /* Rounds 40-59 */ -#define K4 0xCA62C1D6L /* Rounds 60-79 */ - -/* SHS initial values */ - -#define h0init 0x67452301L -#define h1init 0xEFCDAB89L -#define h2init 0x98BADCFEL -#define h3init 0x10325476L -#define h4init 0xC3D2E1F0L - -/* Note that it may be necessary to add parentheses to these macros if they - are to be called with expressions as arguments */ - -/* 32-bit rotate left - kludged with shifts */ - -#define ROTL(n,X) (((X) << (n)) & 0xffffffff | ((X) >> (32 - n))) - -/* The initial expanding function. The hash function is defined over an - 80-word expanded input array W, where the first 16 are copies of the input - data, and the remaining 64 are defined by - - W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ] - - This implementation generates these values on the fly in a circular - buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this - optimization. - - The updated SHS changes the expanding function by adding a rotate of 1 - bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor - for this information */ - -#ifdef NEW_SHS -#define expand(W,i) ( W[ i & 15 ] = ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \ - W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ))) -#else -#define expand(W,i) ( W[ i & 15 ] ^= W[ (i - 14) & 15 ] ^ \ - W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) -#endif /* NEW_SHS */ - -/* The prototype SHS sub-round. The fundamental sub-round is: - - a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data; - b' = a; - c' = ROTL( 30, b ); - d' = c; - e' = d; - - but this is implemented by unrolling the loop 5 times and renaming the - variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration. - This code is then replicated 20 times for each of the 4 functions, using - the next 20 values from the W[] array each time */ - -#define subRound(a, b, c, d, e, f, k, data) \ - ( e += ROTL( 5, a ) + f( b, c, d ) + k + data, \ - e &= 0xffffffff, b = ROTL( 30, b ) ) - -/* Initialize the SHS values */ - -void shsInit(shsInfo) - SHS_INFO *shsInfo; -{ - /* Set the h-vars to their initial values */ - shsInfo->digest[ 0 ] = h0init; - shsInfo->digest[ 1 ] = h1init; - shsInfo->digest[ 2 ] = h2init; - shsInfo->digest[ 3 ] = h3init; - shsInfo->digest[ 4 ] = h4init; - - /* Initialise bit count */ - shsInfo->countLo = shsInfo->countHi = 0; -} - -/* Perform the SHS transformation. Note that this code, like MD5, seems to - break some optimizing compilers due to the complexity of the expressions - and the size of the basic block. It may be necessary to split it into - sections, e.g. based on the four subrounds - - Note that this corrupts the shsInfo->data area */ - -static void SHSTransform KRB5_PROTOTYPE((LONG *digest, LONG *data)); - -static -void SHSTransform(digest, data) - LONG *digest; - LONG *data; -{ - LONG A, B, C, D, E; /* Local vars */ - LONG eData[ 16 ]; /* Expanded data */ - - /* Set up first buffer and local data buffer */ - A = digest[ 0 ]; - B = digest[ 1 ]; - C = digest[ 2 ]; - D = digest[ 3 ]; - E = digest[ 4 ]; - memcpy(eData, data, sizeof (eData)); - - /* Heavy mangling, in 4 sub-rounds of 20 interations each. */ - subRound( A, B, C, D, E, f1, K1, eData[ 0 ] ); - subRound( E, A, B, C, D, f1, K1, eData[ 1 ] ); - subRound( D, E, A, B, C, f1, K1, eData[ 2 ] ); - subRound( C, D, E, A, B, f1, K1, eData[ 3 ] ); - subRound( B, C, D, E, A, f1, K1, eData[ 4 ] ); - subRound( A, B, C, D, E, f1, K1, eData[ 5 ] ); - subRound( E, A, B, C, D, f1, K1, eData[ 6 ] ); - subRound( D, E, A, B, C, f1, K1, eData[ 7 ] ); - subRound( C, D, E, A, B, f1, K1, eData[ 8 ] ); - subRound( B, C, D, E, A, f1, K1, eData[ 9 ] ); - subRound( A, B, C, D, E, f1, K1, eData[ 10 ] ); - subRound( E, A, B, C, D, f1, K1, eData[ 11 ] ); - subRound( D, E, A, B, C, f1, K1, eData[ 12 ] ); - subRound( C, D, E, A, B, f1, K1, eData[ 13 ] ); - subRound( B, C, D, E, A, f1, K1, eData[ 14 ] ); - subRound( A, B, C, D, E, f1, K1, eData[ 15 ] ); - subRound( E, A, B, C, D, f1, K1, expand( eData, 16 ) ); - subRound( D, E, A, B, C, f1, K1, expand( eData, 17 ) ); - subRound( C, D, E, A, B, f1, K1, expand( eData, 18 ) ); - subRound( B, C, D, E, A, f1, K1, expand( eData, 19 ) ); - - subRound( A, B, C, D, E, f2, K2, expand( eData, 20 ) ); - subRound( E, A, B, C, D, f2, K2, expand( eData, 21 ) ); - subRound( D, E, A, B, C, f2, K2, expand( eData, 22 ) ); - subRound( C, D, E, A, B, f2, K2, expand( eData, 23 ) ); - subRound( B, C, D, E, A, f2, K2, expand( eData, 24 ) ); - subRound( A, B, C, D, E, f2, K2, expand( eData, 25 ) ); - subRound( E, A, B, C, D, f2, K2, expand( eData, 26 ) ); - subRound( D, E, A, B, C, f2, K2, expand( eData, 27 ) ); - subRound( C, D, E, A, B, f2, K2, expand( eData, 28 ) ); - subRound( B, C, D, E, A, f2, K2, expand( eData, 29 ) ); - subRound( A, B, C, D, E, f2, K2, expand( eData, 30 ) ); - subRound( E, A, B, C, D, f2, K2, expand( eData, 31 ) ); - subRound( D, E, A, B, C, f2, K2, expand( eData, 32 ) ); - subRound( C, D, E, A, B, f2, K2, expand( eData, 33 ) ); - subRound( B, C, D, E, A, f2, K2, expand( eData, 34 ) ); - subRound( A, B, C, D, E, f2, K2, expand( eData, 35 ) ); - subRound( E, A, B, C, D, f2, K2, expand( eData, 36 ) ); - subRound( D, E, A, B, C, f2, K2, expand( eData, 37 ) ); - subRound( C, D, E, A, B, f2, K2, expand( eData, 38 ) ); - subRound( B, C, D, E, A, f2, K2, expand( eData, 39 ) ); - - subRound( A, B, C, D, E, f3, K3, expand( eData, 40 ) ); - subRound( E, A, B, C, D, f3, K3, expand( eData, 41 ) ); - subRound( D, E, A, B, C, f3, K3, expand( eData, 42 ) ); - subRound( C, D, E, A, B, f3, K3, expand( eData, 43 ) ); - subRound( B, C, D, E, A, f3, K3, expand( eData, 44 ) ); - subRound( A, B, C, D, E, f3, K3, expand( eData, 45 ) ); - subRound( E, A, B, C, D, f3, K3, expand( eData, 46 ) ); - subRound( D, E, A, B, C, f3, K3, expand( eData, 47 ) ); - subRound( C, D, E, A, B, f3, K3, expand( eData, 48 ) ); - subRound( B, C, D, E, A, f3, K3, expand( eData, 49 ) ); - subRound( A, B, C, D, E, f3, K3, expand( eData, 50 ) ); - subRound( E, A, B, C, D, f3, K3, expand( eData, 51 ) ); - subRound( D, E, A, B, C, f3, K3, expand( eData, 52 ) ); - subRound( C, D, E, A, B, f3, K3, expand( eData, 53 ) ); - subRound( B, C, D, E, A, f3, K3, expand( eData, 54 ) ); - subRound( A, B, C, D, E, f3, K3, expand( eData, 55 ) ); - subRound( E, A, B, C, D, f3, K3, expand( eData, 56 ) ); - subRound( D, E, A, B, C, f3, K3, expand( eData, 57 ) ); - subRound( C, D, E, A, B, f3, K3, expand( eData, 58 ) ); - subRound( B, C, D, E, A, f3, K3, expand( eData, 59 ) ); - - subRound( A, B, C, D, E, f4, K4, expand( eData, 60 ) ); - subRound( E, A, B, C, D, f4, K4, expand( eData, 61 ) ); - subRound( D, E, A, B, C, f4, K4, expand( eData, 62 ) ); - subRound( C, D, E, A, B, f4, K4, expand( eData, 63 ) ); - subRound( B, C, D, E, A, f4, K4, expand( eData, 64 ) ); - subRound( A, B, C, D, E, f4, K4, expand( eData, 65 ) ); - subRound( E, A, B, C, D, f4, K4, expand( eData, 66 ) ); - subRound( D, E, A, B, C, f4, K4, expand( eData, 67 ) ); - subRound( C, D, E, A, B, f4, K4, expand( eData, 68 ) ); - subRound( B, C, D, E, A, f4, K4, expand( eData, 69 ) ); - subRound( A, B, C, D, E, f4, K4, expand( eData, 70 ) ); - subRound( E, A, B, C, D, f4, K4, expand( eData, 71 ) ); - subRound( D, E, A, B, C, f4, K4, expand( eData, 72 ) ); - subRound( C, D, E, A, B, f4, K4, expand( eData, 73 ) ); - subRound( B, C, D, E, A, f4, K4, expand( eData, 74 ) ); - subRound( A, B, C, D, E, f4, K4, expand( eData, 75 ) ); - subRound( E, A, B, C, D, f4, K4, expand( eData, 76 ) ); - subRound( D, E, A, B, C, f4, K4, expand( eData, 77 ) ); - subRound( C, D, E, A, B, f4, K4, expand( eData, 78 ) ); - subRound( B, C, D, E, A, f4, K4, expand( eData, 79 ) ); - - /* Build message digest */ - digest[ 0 ] += A; - digest[ 0 ] &= 0xffffffff; - digest[ 1 ] += B; - digest[ 1 ] &= 0xffffffff; - digest[ 2 ] += C; - digest[ 2 ] &= 0xffffffff; - digest[ 3 ] += D; - digest[ 3 ] &= 0xffffffff; - digest[ 4 ] += E; - digest[ 4 ] &= 0xffffffff; -} - -/* When run on a little-endian CPU we need to perform byte reversal on an - array of longwords. It is possible to make the code endianness- - independant by fiddling around with data at the byte level, but this - makes for very slow code, so we rely on the user to sort out endianness - at compile time */ - -void longReverse( LONG *buffer, int byteCount ) -{ - LONG value; - static int init = 0; - char *cp; - - switch (init) { - case 0: - init=1; - cp = (char *) &init; - if (*cp == 1) { - init=2; - break; - } - init=1; - /* fall through - MSB */ - case 1: - return; - } - - byteCount /= sizeof( LONG ); - while( byteCount-- ) { - value = *buffer; - value = ( ( value & 0xFF00FF00L ) >> 8 ) | - ( ( value & 0x00FF00FFL ) << 8 ); - *buffer++ = ( value << 16 ) | ( value >> 16 ); - } -} - -/* Update SHS for a block of data */ - -void shsUpdate(shsInfo, buffer, count) - SHS_INFO *shsInfo; - BYTE *buffer; - int count; -{ - LONG tmp; - int dataCount, canfill; - LONG *lp; - - /* Update bitcount */ - tmp = shsInfo->countLo; - shsInfo->countLo = tmp + (((LONG) count) << 3 ); - if ((shsInfo->countLo &= 0xffffffff) < tmp) - shsInfo->countHi++; /* Carry from low to high */ - shsInfo->countHi += count >> 29; - - /* Get count of bytes already in data */ - dataCount = (int) (tmp >> 3) & 0x3F; - - /* Handle any leading odd-sized chunks */ - if (dataCount) { - lp = shsInfo->data + dataCount / 4; - canfill = (count >= dataCount); - dataCount = SHS_DATASIZE - dataCount; - - if (dataCount % 4) { - /* Fill out a full 32 bit word first if needed -- this - is not very efficient (computed shift amount), - but it shouldn't happen often. */ - while (dataCount % 4 && count > 0) { - *lp |= (LONG) *buffer++ << ((3 - dataCount++ % 4) * 8); - count--; - } - lp++; - } - while (lp < shsInfo->data + 16) { - *lp = (LONG) *buffer++ << 24; - *lp |= (LONG) *buffer++ << 16; - *lp |= (LONG) *buffer++ << 8; - *lp++ |= (LONG) *buffer++; - if ((count -= 4) < 4 && lp < shsInfo->data + 16) { - *lp = 0; - switch (count % 4) { - case 3: - *lp |= (LONG) buffer[2] << 8; - case 2: - *lp |= (LONG) buffer[1] << 16; - case 1: - *lp |= (LONG) buffer[0] << 24; - } - break; - count = 0; - } - } - if (canfill) { - SHSTransform(shsInfo->digest, shsInfo->data); - } - } - - /* Process data in SHS_DATASIZE chunks */ - while (count >= SHS_DATASIZE) { - lp = shsInfo->data; - while (lp < shsInfo->data + 16) { - *lp = ((LONG) *buffer++) << 24; - *lp |= ((LONG) *buffer++) << 16; - *lp |= ((LONG) *buffer++) << 8; - *lp++ |= (LONG) *buffer++; - } - SHSTransform(shsInfo->digest, shsInfo->data); - count -= SHS_DATASIZE; - } - - if (count > 0) { - lp = shsInfo->data; - while (count > 4) { - *lp = ((LONG) *buffer++) << 24; - *lp |= ((LONG) *buffer++) << 16; - *lp |= ((LONG) *buffer++) << 8; - *lp++ |= (LONG) *buffer++; - count -= 4; - } - *lp = 0; - switch (count % 4) { - case 0: - *lp |= ((LONG) buffer[3]); - case 3: - *lp |= ((LONG) buffer[2]) << 8; - case 2: - *lp |= ((LONG) buffer[1]) << 16; - case 1: - *lp |= ((LONG) buffer[0]) << 24; - } - } -} - -/* Final wrapup - pad to SHS_DATASIZE-byte boundary with the bit pattern - 1 0* (64-bit count of bits processed, MSB-first) */ - -void shsFinal(shsInfo) - SHS_INFO *shsInfo; -{ - int count; - LONG *lp; - BYTE *dataPtr; - - /* Compute number of bytes mod 64 */ - count = (int) shsInfo->countLo; - count = (count >> 3) & 0x3F; - - /* Set the first char of padding to 0x80. This is safe since there is - always at least one byte free */ - lp = shsInfo->data + count / 4; - switch (count % 4) { - case 3: - *lp++ |= (LONG) 0x80; - break; - case 2: - *lp++ |= (LONG) 0x80 << 8; - break; - case 1: - *lp++ |= (LONG) 0x80 << 16; - break; - case 0: - *lp++ = (LONG) 0x80 << 24; - } - - if (lp > shsInfo->data + 14) { - /* Pad out to 64 bytes if not enough room for length words */ - *lp = 0; - SHSTransform(shsInfo->digest, shsInfo->data); - lp = shsInfo->data; - } - /* Pad out to 56 bytes */ - while (lp < shsInfo->data + 14) - *lp++ = 0; - /* Append length in bits and transform */ - *lp++ = shsInfo->countHi; - *lp++ = shsInfo->countLo; - SHSTransform(shsInfo->digest, shsInfo->data); -} diff --git a/src/lib/crypto/sha/shs.h b/src/lib/crypto/sha/shs.h deleted file mode 100644 index 01acddb825..0000000000 --- a/src/lib/crypto/sha/shs.h +++ /dev/null @@ -1,59 +0,0 @@ -#ifndef _SHS_DEFINED - -#include <k5-int.h> - -#define _SHS_DEFINED - -/* Some useful types */ - -typedef krb5_octet BYTE; - -/* Old DOS/Windows compilers are case-insensitive */ -#if !defined(_MSDOS) && !defined(_WIN32) -typedef krb5_ui_4 LONG; -#endif - - -/* Define the following to use the updated SHS implementation */ -#define NEW_SHS /**/ - -/* The SHS block size and message digest sizes, in bytes */ - -#define SHS_DATASIZE 64 -#define SHS_DIGESTSIZE 20 - -/* The structure for storing SHS info */ - -typedef struct { - LONG digest[ 5 ]; /* Message digest */ - LONG countLo, countHi; /* 64-bit bit count */ - LONG data[ 16 ]; /* SHS data buffer */ - } SHS_INFO; - -/* Message digest functions (shs.c) */ -void shsInit - KRB5_PROTOTYPE((SHS_INFO *shsInfo)); -void shsUpdate - KRB5_PROTOTYPE((SHS_INFO *shsInfo, BYTE *buffer, int count)); -void shsFinal - KRB5_PROTOTYPE((SHS_INFO *shsInfo)); - - -/* Keyed Message digest functions (hmac_sha.c) */ -krb5_error_code hmac_sha - KRB5_PROTOTYPE((krb5_octet *text, - int text_len, - krb5_octet *key, - int key_len, - krb5_octet *digest)); - - -#define NIST_SHA_CKSUM_LENGTH SHS_DIGESTSIZE -#define HMAC_SHA_CKSUM_LENGTH SHS_DIGESTSIZE - - -extern krb5_checksum_entry - nist_sha_cksumtable_entry, - hmac_sha_cksumtable_entry; - -#endif /* _SHS_DEFINED */ diff --git a/src/lib/crypto/sha/t_shs.c b/src/lib/crypto/sha/t_shs.c deleted file mode 100644 index da55992ec9..0000000000 --- a/src/lib/crypto/sha/t_shs.c +++ /dev/null @@ -1,132 +0,0 @@ -/**************************************************************************** -* * -* SHS Test Code * -* * -****************************************************************************/ - -#include <stdio.h> -#include <stdlib.h> -#include <time.h> -#include "shs.h" - -/* Test the SHS implementation */ - -#ifdef NEW_SHS - -static LONG shsTestResults[][ 5 ] = { - { 0xA9993E36L, 0x4706816AL, 0xBA3E2571L, 0x7850C26CL, 0x9CD0D89DL, }, - { 0x84983E44L, 0x1C3BD26EL, 0xBAAE4AA1L, 0xF95129E5L, 0xE54670F1L, }, - { 0x34AA973CL, 0xD4C4DAA4L, 0xF61EEB2BL, 0xDBAD2731L, 0x6534016FL, } - }; - -#else - -static LONG shsTestResults[][ 5 ] = { - { 0x0164B8A9L, 0x14CD2A5EL, 0x74C4F7FFL, 0x082C4D97L, 0xF1EDF880L }, - { 0xD2516EE1L, 0xACFA5BAFL, 0x33DFC1C4L, 0x71E43844L, 0x9EF134C8L }, - { 0x3232AFFAL, 0x48628A26L, 0x653B5AAAL, 0x44541FD9L, 0x0D690603L } - }; -#endif /* NEW_SHS */ - -static int compareSHSresults(shsInfo, shsTestLevel) -SHS_INFO *shsInfo; -int shsTestLevel; -{ - int i, fail = 0; - - /* Compare the returned digest and required values */ - for( i = 0; i < 5; i++ ) - if( shsInfo->digest[ i ] != shsTestResults[ shsTestLevel ][ i ] ) - fail = 1; - if (fail) { - printf("\nExpected: "); - for (i = 0; i < 5; i++) { - printf("%8.8lx ", shsTestResults[shsTestLevel][i]); - } - printf("\nGot: "); - for (i = 0; i < 5; i++) { - printf("%8.8lx ", shsInfo->digest[i]); - } - printf("\n"); - return( -1 ); - } - return( 0 ); -} - -main() -{ - SHS_INFO shsInfo; - unsigned int i; - time_t secondCount; - BYTE data[ 200 ]; - - /* Make sure we've got the endianness set right. If the machine is - big-endian (up to 64 bits) the following value will be signed, - otherwise it will be unsigned. Unfortunately we can't test for odd - things like middle-endianness without knowing the size of the data - types */ - - /* Test SHS against values given in SHS standards document */ - printf( "Running SHS test 1 ... " ); - shsInit( &shsInfo ); - shsUpdate( &shsInfo, ( BYTE * ) "abc", 3 ); - shsFinal( &shsInfo ); - if( compareSHSresults( &shsInfo, 0 ) == -1 ) - { - putchar( '\n' ); - puts( "SHS test 1 failed" ); - exit( -1 ); - } -#ifdef NEW_SHS - puts( "passed, result= A9993E364706816ABA3E25717850C26C9CD0D89D" ); -#else - puts( "passed, result= 0164B8A914CD2A5E74C4F7FF082C4D97F1EDF880" ); -#endif /* NEW_SHS */ - - printf( "Running SHS test 2 ... " ); - shsInit( &shsInfo ); - shsUpdate( &shsInfo, ( BYTE * ) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56 ); - shsFinal( &shsInfo ); - if( compareSHSresults( &shsInfo, 1 ) == -1 ) - { - putchar( '\n' ); - puts( "SHS test 2 failed" ); - exit( -1 ); - } -#ifdef NEW_SHS - puts( "passed, result= 84983E441C3BD26EBAAE4AA1F95129E5E54670F1" ); -#else - puts( "passed, result= D2516EE1ACFA5BAF33DFC1C471E438449EF134C8" ); -#endif /* NEW_SHS */ - - printf( "Running SHS test 3 ... " ); - shsInit( &shsInfo ); - for( i = 0; i < 15625; i++ ) - shsUpdate( &shsInfo, ( BYTE * ) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 64 ); - shsFinal( &shsInfo ); - if( compareSHSresults( &shsInfo, 2 ) == -1 ) - { - putchar( '\n' ); - puts( "SHS test 3 failed" ); - exit( -1 ); - } -#ifdef NEW_SHS - puts( "passed, result= 34AA973CD4C4DAA4F61EEB2BDBAD27316534016F" ); -#else - puts( "passed, result= 3232AFFA48628A26653B5AAA44541FD90D690603" ); -#endif /* NEW_SHS */ - -#if 0 - printf( "\nTesting speed for 100MB data... " ); - shsInit( &shsInfo ); - secondCount = time( NULL ); - for( i = 0; i < 500000U; i++ ) - shsUpdate( &shsInfo, data, 200 ); - secondCount = time( NULL ) - secondCount; - printf( "done. Time = %ld seconds, %ld kbytes/second.\n", \ - secondCount, 100500L / secondCount ); -#endif - - puts( "\nAll SHS tests passed" ); - exit( 0 ); -} diff --git a/src/lib/crypto/string_to_cksumtype.c b/src/lib/crypto/string_to_cksumtype.c new file mode 100644 index 0000000000..fe46e8a9be --- /dev/null +++ b/src/lib/crypto/string_to_cksumtype.c @@ -0,0 +1,45 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "cksumtypes.h" + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_string_to_cksumtype(string, cksumtypep) + char FAR * string; + krb5_cksumtype FAR * cksumtypep; +{ + int i; + + for (i=0; i<krb5_cksumtypes_length; i++) { + if (strcasecmp(krb5_cksumtypes_list[i].in_string, string) == 0) { + *cksumtypep = krb5_cksumtypes_list[i].ctype; + return(0); + } + } + + return(EINVAL); +} diff --git a/src/lib/crypto/string_to_enctype.c b/src/lib/crypto/string_to_enctype.c new file mode 100644 index 0000000000..8d3e6a37e2 --- /dev/null +++ b/src/lib/crypto/string_to_enctype.c @@ -0,0 +1,45 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "etypes.h" + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_string_to_enctype(string, enctypep) + char FAR * string; + krb5_enctype FAR * enctypep; +{ + int i; + + for (i=0; i<krb5_enctypes_length; i++) { + if (strcasecmp(krb5_enctypes_list[i].in_string, string) == 0) { + *enctypep = krb5_enctypes_list[i].etype; + return(0); + } + } + + return(EINVAL); +} diff --git a/src/lib/crypto/string_to_key.c b/src/lib/crypto/string_to_key.c new file mode 100644 index 0000000000..a569e4954c --- /dev/null +++ b/src/lib/crypto/string_to_key.c @@ -0,0 +1,68 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "etypes.h" + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_c_string_to_key(context, enctype, string, salt, key) + krb5_context context; + krb5_enctype enctype; + krb5_const krb5_data *string; + krb5_const krb5_data *salt; + krb5_keyblock *key; +{ + int i; + krb5_error_code ret; + struct krb5_enc_provider *enc; + size_t keybytes, keylength; + + for (i=0; i<krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == enctype) + break; + } + + if (i == krb5_enctypes_length) + return(KRB5_BAD_ENCTYPE); + + enc = krb5_enctypes_list[i].enc; + + (*(enc->keysize))(&keybytes, &keylength); + + if ((key->contents = (krb5_octet *) malloc(keylength)) == NULL) + return(ENOMEM); + + key->magic = KV5M_KEYBLOCK; + key->enctype = enctype; + key->length = keylength; + + if (ret = ((*(krb5_enctypes_list[i].str2key))(enc, string, salt, key))) { + memset(key->contents, 0, keylength); + free(key->contents); + } + + return(ret); +} diff --git a/src/lib/crypto/t_nfold.c b/src/lib/crypto/t_nfold.c new file mode 100644 index 0000000000..2693318e14 --- /dev/null +++ b/src/lib/crypto/t_nfold.c @@ -0,0 +1,76 @@ +/* + * lib/crypto/t_nfold.c + * + * Copyright 1988, 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Program to test the correctness of nfold implementation. + * + * exit returns 0 ==> success + * -1 ==> error + */ + +#include <stdio.h> +#include <string.h> + +#include "k5-int.h" + +unsigned char *nfold_in[] = { + "basch", + "eichin", + "sommerfeld", + "MASSACHVSETTS INSTITVTE OF TECHNOLOGY" }; + +unsigned char nfold_192[4][24] = { + { 0x1a, 0xab, 0x6b, 0x42, 0x96, 0x4b, 0x98, 0xb2, 0x1f, 0x8c, 0xde, 0x2d, + 0x24, 0x48, 0xba, 0x34, 0x55, 0xd7, 0x86, 0x2c, 0x97, 0x31, 0x64, 0x3f }, + { 0x65, 0x69, 0x63, 0x68, 0x69, 0x6e, 0x4b, 0x73, 0x2b, 0x4b, 0x1b, 0x43, + 0xda, 0x1a, 0x5b, 0x99, 0x5a, 0x58, 0xd2, 0xc6, 0xd0, 0xd2, 0xdc, 0xca }, + { 0x2f, 0x7a, 0x98, 0x55, 0x7c, 0x6e, 0xe4, 0xab, 0xad, 0xf4, 0xe7, 0x11, + 0x92, 0xdd, 0x44, 0x2b, 0xd4, 0xff, 0x53, 0x25, 0xa5, 0xde, 0xf7, 0x5c }, + { 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82, 0xb3, 0x08, + 0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b } +}; + +int +main(argc, argv) + int argc; + char *argv[]; +{ + unsigned char cipher_text[64]; + int i, j; + + printf("N-fold\n"); + for (i=0; i<sizeof(nfold_in)/sizeof(char *); i++) { + printf("\tInput:\t\"%.*s\"\n", strlen(nfold_in[i]), nfold_in[i]); + printf("\t192-Fold:\t"); + krb5_nfold(strlen(nfold_in[i])*8, nfold_in[i], 24*8, cipher_text); + for (j=0; j<24; j++) + printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]); + printf("\n"); + if (memcmp(cipher_text, nfold_192[i], 24)) { + printf("verify: error in n-fold\n"); + exit(-1); + }; + } + printf("verify: N-fold is correct\n\n"); + + exit(0); +} diff --git a/src/lib/crypto/valid_cksumtype.c b/src/lib/crypto/valid_cksumtype.c new file mode 100644 index 0000000000..24108a3eca --- /dev/null +++ b/src/lib/crypto/valid_cksumtype.c @@ -0,0 +1,41 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "cksumtypes.h" + +krb5_boolean valid_cksumtype(ctype) + krb5_cksumtype ctype; +{ + int i; + + for (i=0; i<krb5_cksumtypes_length; i++) { + if (krb5_cksumtypes_list[i].ctype == ctype) + return(1); + } + + return(0); +} diff --git a/src/lib/crypto/valid_enctype.c b/src/lib/crypto/valid_enctype.c new file mode 100644 index 0000000000..03944c068c --- /dev/null +++ b/src/lib/crypto/valid_enctype.c @@ -0,0 +1,41 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "etypes.h" + +krb5_boolean valid_enctype(etype) + krb5_enctype etype; +{ + int i; + + for (i=0; i<krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == etype) + return(1); + } + + return(0); +} diff --git a/src/lib/crypto/verify_checksum.c b/src/lib/crypto/verify_checksum.c new file mode 100644 index 0000000000..f2749c8dea --- /dev/null +++ b/src/lib/crypto/verify_checksum.c @@ -0,0 +1,84 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "cksumtypes.h" + +krb5_error_code +krb5_c_verify_checksum(context, key, usage, data, cksum, valid) + krb5_context context; + krb5_const krb5_keyblock *key; + krb5_keyusage usage; + krb5_const krb5_data *data; + krb5_const krb5_checksum *cksum; + krb5_boolean *valid; +{ + int i; + size_t hashsize; + krb5_error_code ret; + krb5_data indata; + krb5_checksum computed; + + for (i=0; i<krb5_cksumtypes_length; i++) { + if (krb5_cksumtypes_list[i].ctype == cksum->checksum_type) + break; + } + + if (i == krb5_cksumtypes_length) + return(KRB5_BAD_ENCTYPE); + + /* if there's actually a verify function, call it */ + + indata.length = cksum->length; + indata.data = cksum->contents; + + if (krb5_cksumtypes_list[i].keyhash && + krb5_cksumtypes_list[i].keyhash->verify) + return((*(krb5_cksumtypes_list[i].keyhash->verify))(key, 0, data, + &indata, valid)); + + /* otherwise, make the checksum again, and compare */ + + if (ret = krb5_c_checksum_length(context, cksum->checksum_type, &hashsize)) + return(ret); + + if (cksum->length != hashsize) + return(KRB5_BAD_MSIZE); + + computed.length = hashsize; + + if (ret = krb5_c_make_checksum(context, cksum->checksum_type, key, usage, + data, &computed)) { + free(computed.contents); + return(ret); + } + + *valid = (memcmp(computed.contents, cksum->contents, hashsize) == 0); + + free(computed.contents); + + return(0); +} |