diff options
author | Greg Hudson <ghudson@mit.edu> | 2009-11-27 09:15:50 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2009-11-27 09:15:50 +0000 |
commit | a405b2509099df5725fbbdb7d19113d11d58ed5b (patch) | |
tree | c236c1d7acb893fd1b985d5a68634750500f99cd /src/lib/crypto/builtin | |
parent | 996fb223f419a16481aea18fd12f98f376836a8e (diff) | |
download | krb5-a405b2509099df5725fbbdb7d19113d11d58ed5b.tar.gz krb5-a405b2509099df5725fbbdb7d19113d11d58ed5b.tar.xz krb5-a405b2509099df5725fbbdb7d19113d11d58ed5b.zip |
Move the arcfour directory from the crypto module dirs into krb. This
directory contains the token encryption code (similar to dk, old, and
raw) which is Kerberos-specific. The actual stream cipher lives in
enc_provider/rc4.c, which is still in the module dirs.
arcfour/arcfour-int.h contained the definitions of some structures
used only in enc_provider/rc4.c. Move those definitions into that
source file so that everything in arcfour is at the right level of
abstraction to live in krb.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23367 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/builtin')
-rw-r--r-- | src/lib/crypto/builtin/Makefile.in | 18 | ||||
-rw-r--r-- | src/lib/crypto/builtin/arcfour/Makefile.in | 39 | ||||
-rw-r--r-- | src/lib/crypto/builtin/arcfour/arcfour-int.h | 32 | ||||
-rw-r--r-- | src/lib/crypto/builtin/arcfour/arcfour.c | 339 | ||||
-rw-r--r-- | src/lib/crypto/builtin/arcfour/arcfour.h | 39 | ||||
-rw-r--r-- | src/lib/crypto/builtin/arcfour/arcfour_aead.c | 336 | ||||
-rw-r--r-- | src/lib/crypto/builtin/arcfour/arcfour_s2k.c | 59 | ||||
-rw-r--r-- | src/lib/crypto/builtin/arcfour/deps | 38 | ||||
-rw-r--r-- | src/lib/crypto/builtin/enc_provider/deps | 1 | ||||
-rw-r--r-- | src/lib/crypto/builtin/enc_provider/rc4.c | 13 |
10 files changed, 15 insertions, 899 deletions
diff --git a/src/lib/crypto/builtin/Makefile.in b/src/lib/crypto/builtin/Makefile.in index a7224d516..a65f64df9 100644 --- a/src/lib/crypto/builtin/Makefile.in +++ b/src/lib/crypto/builtin/Makefile.in @@ -1,11 +1,10 @@ mydir=lib/crypto/builtin BUILDTOP=$(REL)..$(S)..$(S).. -SUBDIRS=des arcfour aes md4 md5 sha1 enc_provider hash_provider +SUBDIRS=des aes md4 md5 sha1 enc_provider hash_provider LOCALINCLUDES = -I$(srcdir)/../krb \ -I$(srcdir)/../krb/hash_provider \ -I$(srcdir)/des \ -I$(srcdir)/aes \ - -I$(srcdir)/arcfour \ -I$(srcdir)/sha1 \ -I$(srcdir)/md4 \ -I$(srcdir)/md5 \ @@ -22,8 +21,8 @@ EXTRADEPSRCS= $(srcdir)/t_cf2.c ##DOSBUILDTOP = ..\..\.. ##DOSLIBNAME=$(OUTPRE)crypto.lib ##DOSOBJFILE=$(OUTPRE)crypto.lst -##DOSOBJFILELIST=@$(OUTPRE)crypto.lst @$(OUTPRE)des.lst @$(OUTPRE)md4.lst @$(OUTPRE)md5.lst @$(OUTPRE)sha1.lst @$(OUTPRE)arcfour.lst @$(OUTPRE)crc32.lst @$(OUTPRE)dk.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)enc_prov.lst @$(OUTPRE)hash_pro.lst @$(OUTPRE)kh_pro.lst @$(OUTPRE)yarrow.lst @$(OUTPRE)aes.lst -##DOSOBJFILEDEP =$(OUTPRE)crypto.lst $(OUTPRE)des.lst $(OUTPRE)md4.lst $(OUTPRE)md5.lst $(OUTPRE)sha1.lst $(OUTPRE)arcfour.lst $(OUTPRE)crc32.lst $(OUTPRE)dk.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)enc_prov.lst $(OUTPRE)hash_pro.lst $(OUTPRE)kh_pro.lst $(OUTPRE)aes.lst +##DOSOBJFILELIST=@$(OUTPRE)crypto.lst @$(OUTPRE)des.lst @$(OUTPRE)md4.lst @$(OUTPRE)md5.lst @$(OUTPRE)sha1.lst @$(OUTPRE)crc32.lst @$(OUTPRE)dk.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)enc_prov.lst @$(OUTPRE)hash_pro.lst @$(OUTPRE)kh_pro.lst @$(OUTPRE)yarrow.lst @$(OUTPRE)aes.lst +##DOSOBJFILEDEP =$(OUTPRE)crypto.lst $(OUTPRE)des.lst $(OUTPRE)md4.lst $(OUTPRE)md5.lst $(OUTPRE)sha1.lst $(OUTPRE)crc32.lst $(OUTPRE)dk.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)enc_prov.lst $(OUTPRE)hash_pro.lst $(OUTPRE)kh_pro.lst $(OUTPRE)aes.lst STLIBOBJS=\ hmac.o \ @@ -41,7 +40,6 @@ STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ md5/OBJS.ST sha1/OBJS.ST \ enc_provider/OBJS.ST \ hash_provider/OBJS.ST \ - arcfour/OBJS.ST \ aes/OBJS.ST \ OBJS.ST @@ -49,7 +47,6 @@ SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \ md5/OBJS.ST sha1/OBJS.ST \ enc_provider/OBJS.ST \ hash_provider/OBJS.ST \ - arcfour/OBJS.ST \ aes/OBJS.ST ##DOS##LIBOBJS = $(OBJS) @@ -92,9 +89,6 @@ all-windows:: cd ..\enc_provider @echo Making in crypto\enc_provider $(MAKE) -$(MFLAGS) - cd ..\arcfour - @echo Making in crypto\arcfour - $(MAKE) -$(MFLAGS) cd ..\aes @echo Making in crypto\aes $(MAKE) -$(MFLAGS) @@ -119,9 +113,6 @@ clean-windows:: cd ..\enc_provider @echo Making clean in crypto\enc_provider $(MAKE) -$(MFLAGS) clean - cd ..\arcfour - @echo Making clean in crypto\arcfour - $(MAKE) -$(MFLAGS) clean cd ..\aes @echo Making clean in crypto\aes $(MAKE) -$(MFLAGS) clean @@ -146,9 +137,6 @@ check-windows:: cd ..\enc_provider @echo Making check in crypto\enc_provider $(MAKE) -$(MFLAGS) check - cd ..\arcfour - @echo Making check in crypto\arcfour - $(MAKE) -$(MFLAGS) check cd ..\aes @echo Making check in crypto\aes $(MAKE) -$(MFLAGS) check diff --git a/src/lib/crypto/builtin/arcfour/Makefile.in b/src/lib/crypto/builtin/arcfour/Makefile.in deleted file mode 100644 index cb050a738..000000000 --- a/src/lib/crypto/builtin/arcfour/Makefile.in +++ /dev/null @@ -1,39 +0,0 @@ -mydir=lib/crypto/builtin/arcfour -BUILDTOP=$(REL)..$(S)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../md4 -I$(srcdir)/../../krb -DEFS= - -##DOS##BUILDTOP = ..\..\..\.. -##DOS##PREFIXDIR=arcfour -##DOS##OBJFILE=..\$(OUTPRE)arcfour.lst - -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) - -STLIBOBJS=\ - arcfour.o \ - arcfour_aead.o \ - arcfour_s2k.o - -OBJS=\ - $(OUTPRE)arcfour.$(OBJEXT) \ - $(OUTPRE)arcfour_aead.$(OBJEXT) \ - $(OUTPRE)arcfour_s2k.$(OBJEXT) - -SRCS=\ - $(srcdir)/arcfour.c \ - $(srcdir)/arcfour_aead.c\ - $(srcdir)/arcfour_s2k.c - -##DOS##LIBOBJS = $(OBJS) - -all-unix:: all-libobjs - -includes:: depend - -depend:: $(SRCS) - -clean-unix:: clean-libobjs - -@libobj_frag@ - diff --git a/src/lib/crypto/builtin/arcfour/arcfour-int.h b/src/lib/crypto/builtin/arcfour/arcfour-int.h deleted file mode 100644 index efd7a0282..000000000 --- a/src/lib/crypto/builtin/arcfour/arcfour-int.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - -ARCFOUR cipher (based on a cipher posted on the Usenet in Spring-95). -This cipher is widely believed and has been tested to be equivalent -with the RC4 cipher from RSA Data Security, Inc. (RC4 is a trademark -of RSA Data Security) - -*/ -#ifndef ARCFOUR_INT_H -#define ARCFOUR_INT_H - -#include "arcfour.h" - -#define CONFOUNDERLENGTH 8 - -typedef struct -{ - unsigned int x; - unsigned int y; - unsigned char state[256]; -} ArcfourContext; - -typedef struct { - int initialized; - ArcfourContext ctx; -} ArcFourCipherState; - -krb5_keyusage krb5int_arcfour_translate_usage(krb5_keyusage usage); - -extern const char *const krb5int_arcfour_l40; - -#endif /* ARCFOUR_INT_H */ diff --git a/src/lib/crypto/builtin/arcfour/arcfour.c b/src/lib/crypto/builtin/arcfour/arcfour.c deleted file mode 100644 index 1f49812eb..000000000 --- a/src/lib/crypto/builtin/arcfour/arcfour.c +++ /dev/null @@ -1,339 +0,0 @@ -/* - -ARCFOUR cipher (based on a cipher posted on the Usenet in Spring-95). -This cipher is widely believed and has been tested to be equivalent -with the RC4 cipher from RSA Data Security, Inc. (RC4 is a trademark -of RSA Data Security) - -*/ -#include "k5-int.h" -#include "arcfour-int.h" -#include "hash_provider/hash_provider.h" - -const char *const krb5int_arcfour_l40 = "fortybits"; - -void -krb5int_arcfour_encrypt_length(const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - size_t inputlen, size_t *length) -{ - size_t blocksize, hashsize; - - blocksize = enc->block_size; - hashsize = hash->hashsize; - - /* checksum + (confounder + inputlen, in even blocksize) */ - *length = hashsize + krb5_roundup(8 + inputlen, blocksize); -} - - krb5_keyusage - krb5int_arcfour_translate_usage(krb5_keyusage usage) -{ - switch (usage) { - case 1: /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, */ - return 1; - case 2: /* ticket from kdc */ - return 2; - case 3: /* as-rep encrypted part */ - return 8; - case 4: /* tgs-req authz data */ - return 4; - case 5: /* tgs-req authz data in subkey */ - return 5; - case 6: /* tgs-req authenticator cksum */ - return 6; -case 7: /* tgs-req authenticator */ - return 7; - case 8: - return 8; - case 9: /* tgs-rep encrypted with subkey */ - return 9; - case 10: /* ap-rep authentication cksum */ - return 10; /* xxx Microsoft never uses this*/ - case 11: /* app-req authenticator */ - return 11; - case 12: /* app-rep encrypted part */ - return 12; - case 23: /* sign wrap token*/ - return 13; - default: - return usage; -} -} - -krb5_error_code -krb5int_arcfour_encrypt(const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, krb5_keyusage usage, - const krb5_data *ivec, const krb5_data *input, - krb5_data *output) -{ - krb5_keyblock k1, k2, k3; - krb5_key k3key = NULL; - krb5_data d1, d2, d3, salt, plaintext, checksum, ciphertext, confounder; - krb5_keyusage ms_usage; - size_t keylength, keybytes, blocksize, hashsize; - krb5_error_code ret; - - blocksize = enc->block_size; - keybytes = enc->keybytes; - keylength = enc->keylength; - hashsize = hash->hashsize; - - d1.length=keybytes; - d1.data=malloc(d1.length); - if (d1.data == NULL) - return (ENOMEM); - k1 = key->keyblock; - k1.length=d1.length; - k1.contents= (void *) d1.data; - - d2.length=keybytes; - d2.data=malloc(d2.length); - if (d2.data == NULL) { - free(d1.data); - return (ENOMEM); - } - k2 = key->keyblock; - k2.length=d2.length; - k2.contents=(void *) d2.data; - - d3.length=keybytes; - d3.data=malloc(d3.length); - if (d3.data == NULL) { - free(d1.data); - free(d2.data); - return (ENOMEM); - } - k3 = key->keyblock; - k3.length=d3.length; - k3.contents= (void *) d3.data; - - salt.length=14; - salt.data=malloc(salt.length); - if (salt.data == NULL) { - free(d1.data); - free(d2.data); - free(d3.data); - return (ENOMEM); - } - - /* is "input" already blocksize aligned? if it is, then we need this - step, otherwise we do not */ - plaintext.length=krb5_roundup(input->length+CONFOUNDERLENGTH,blocksize); - plaintext.data=malloc(plaintext.length); - if (plaintext.data == NULL) { - free(d1.data); - free(d2.data); - free(d3.data); - free(salt.data); - return(ENOMEM); - } - - /* setup convienient pointers into the allocated data */ - checksum.length=hashsize; - checksum.data=output->data; - ciphertext.length=krb5_roundup(input->length+CONFOUNDERLENGTH,blocksize); - ciphertext.data=output->data+hashsize; - confounder.length=CONFOUNDERLENGTH; - confounder.data=plaintext.data; - output->length = plaintext.length+hashsize; - - /* begin the encryption, computer K1 */ - ms_usage=krb5int_arcfour_translate_usage(usage); - if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { - strncpy(salt.data, krb5int_arcfour_l40, salt.length); - store_32_le(ms_usage, salt.data+10); - } else { - salt.length=4; - store_32_le(ms_usage, salt.data); - } - krb5int_hmac(hash, key, 1, &salt, &d1); - - memcpy(k2.contents, k1.contents, k2.length); - - if (key->keyblock.enctype==ENCTYPE_ARCFOUR_HMAC_EXP) - memset(k1.contents+7, 0xab, 9); - - ret=krb5_c_random_make_octets(/* XXX */ 0, &confounder); - memcpy(plaintext.data+confounder.length, input->data, input->length); - if (ret) - goto cleanup; - - ret = krb5int_hmac_keyblock(hash, &k2, 1, &plaintext, &checksum); - if (ret) - goto cleanup; - - ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3); - if (ret) - goto cleanup; - - ret = krb5_k_create_key(NULL, &k3, &k3key); - if (ret) - goto cleanup; - - ret=(*(enc->encrypt))(k3key, ivec, &plaintext, &ciphertext); - - cleanup: - memset(d1.data, 0, d1.length); - memset(d2.data, 0, d2.length); - memset(d3.data, 0, d3.length); - memset(salt.data, 0, salt.length); - memset(plaintext.data, 0, plaintext.length); - - free(d1.data); - free(d2.data); - free(d3.data); - free(salt.data); - free(plaintext.data); - krb5_k_free_key(NULL, k3key); - return (ret); -} - -/* This is the arcfour-hmac decryption routine */ -krb5_error_code -krb5int_arcfour_decrypt(const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, krb5_keyusage usage, - const krb5_data *ivec, const krb5_data *input, - krb5_data *output) -{ - krb5_keyblock k1,k2,k3; - krb5_key k3key; - krb5_data d1,d2,d3,salt,ciphertext,plaintext,checksum; - krb5_keyusage ms_usage; - size_t keybytes, keylength, hashsize, blocksize; - krb5_error_code ret; - - blocksize = enc->block_size; - keybytes = enc->keybytes; - keylength = enc->keylength; - hashsize = hash->hashsize; - - d1.length=keybytes; - d1.data=malloc(d1.length); - if (d1.data == NULL) - return (ENOMEM); - k1 = key->keyblock; - k1.length=d1.length; - k1.contents= (void *) d1.data; - - d2.length=keybytes; - d2.data=malloc(d2.length); - if (d2.data == NULL) { - free(d1.data); - return (ENOMEM); - } - k2 = key->keyblock; - k2.length=d2.length; - k2.contents= (void *) d2.data; - - d3.length=keybytes; - d3.data=malloc(d3.length); - if (d3.data == NULL) { - free(d1.data); - free(d2.data); - return (ENOMEM); - } - k3 = key->keyblock; - k3.length=d3.length; - k3.contents= (void *) d3.data; - - salt.length=14; - salt.data=malloc(salt.length); - if(salt.data==NULL) { - free(d1.data); - free(d2.data); - free(d3.data); - return (ENOMEM); - } - - ciphertext.length=input->length-hashsize; - ciphertext.data=input->data+hashsize; - plaintext.length=ciphertext.length; - plaintext.data=malloc(plaintext.length); - if (plaintext.data == NULL) { - free(d1.data); - free(d2.data); - free(d3.data); - free(salt.data); - return (ENOMEM); - } - - checksum.length=hashsize; - checksum.data=input->data; - - ms_usage=krb5int_arcfour_translate_usage(usage); - - /* We may have to try two ms_usage values; see below. */ - do { - /* compute the salt */ - if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { - strncpy(salt.data, krb5int_arcfour_l40, salt.length); - store_32_le(ms_usage, salt.data + 10); - } else { - salt.length = 4; - store_32_le(ms_usage, salt.data); - } - ret = krb5int_hmac(hash, key, 1, &salt, &d1); - if (ret) - goto cleanup; - - memcpy(k2.contents, k1.contents, k2.length); - - if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) - memset(k1.contents + 7, 0xab, 9); - - ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3); - if (ret) - goto cleanup; - - ret = krb5_k_create_key(NULL, &k3, &k3key); - if (ret) - goto cleanup; - ret = (*(enc->decrypt))(k3key, ivec, &ciphertext, &plaintext); - krb5_k_free_key(NULL, k3key); - if (ret) - goto cleanup; - - ret = krb5int_hmac_keyblock(hash, &k2, 1, &plaintext, &d1); - if (ret) - goto cleanup; - - if (memcmp(checksum.data, d1.data, hashsize) != 0) { - if (ms_usage == 9) { - /* - * RFC 4757 specifies usage 8 for TGS-REP encrypted - * parts encrypted in a subkey, but the value used by MS - * is actually 9. We now use 9 to start with, but fall - * back to 8 on failure in case we are communicating - * with a KDC using the value from the RFC. - */ - ms_usage = 8; - continue; - } - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto cleanup; - } - - break; - } while (1); - - memcpy(output->data, plaintext.data+CONFOUNDERLENGTH, - (plaintext.length-CONFOUNDERLENGTH)); - output->length=plaintext.length-CONFOUNDERLENGTH; - - cleanup: - memset(d1.data, 0, d1.length); - memset(d2.data, 0, d2.length); - memset(d3.data, 0, d2.length); - memset(salt.data, 0, salt.length); - memset(plaintext.data, 0, plaintext.length); - - free(d1.data); - free(d2.data); - free(d3.data); - free(salt.data); - free(plaintext.data); - return (ret); -} diff --git a/src/lib/crypto/builtin/arcfour/arcfour.h b/src/lib/crypto/builtin/arcfour/arcfour.h deleted file mode 100644 index e00708a7c..000000000 --- a/src/lib/crypto/builtin/arcfour/arcfour.h +++ /dev/null @@ -1,39 +0,0 @@ -#ifndef ARCFOUR_H -#define ARCFOUR_H - -extern void -krb5int_arcfour_encrypt_length(const struct krb5_enc_provider *, - const struct krb5_hash_provider *, - size_t, - size_t *); - -extern krb5_error_code -krb5int_arcfour_encrypt(const struct krb5_enc_provider *, - const struct krb5_hash_provider *, - krb5_key, - krb5_keyusage, - const krb5_data *, - const krb5_data *, - krb5_data *); - -extern krb5_error_code -krb5int_arcfour_decrypt(const struct krb5_enc_provider *, - const struct krb5_hash_provider *, - krb5_key, - krb5_keyusage, - const krb5_data *, - const krb5_data *, - krb5_data *); - -extern krb5_error_code -krb5int_arcfour_string_to_key( - const struct krb5_enc_provider *, - const krb5_data *, - const krb5_data *, - const krb5_data *, - krb5_keyblock *); - -extern const struct krb5_enc_provider krb5int_enc_arcfour; -extern const struct krb5_aead_provider krb5int_aead_arcfour; - -#endif /* ARCFOUR_H */ diff --git a/src/lib/crypto/builtin/arcfour/arcfour_aead.c b/src/lib/crypto/builtin/arcfour/arcfour_aead.c deleted file mode 100644 index 7ede21d57..000000000 --- a/src/lib/crypto/builtin/arcfour/arcfour_aead.c +++ /dev/null @@ -1,336 +0,0 @@ -/* - * lib/crypto/arcfour/arcfour_aead.c - * - * Copyright 2008 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - - -#include "k5-int.h" -#include "arcfour.h" -#include "arcfour-int.h" -#include "aead.h" - -/* AEAD */ - -static krb5_error_code -krb5int_arcfour_crypto_length(const struct krb5_aead_provider *aead, - const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_cryptotype type, - unsigned int *length) -{ - switch (type) { - case KRB5_CRYPTO_TYPE_HEADER: - *length = hash->hashsize + CONFOUNDERLENGTH; - break; - case KRB5_CRYPTO_TYPE_PADDING: - *length = 0; - break; - case KRB5_CRYPTO_TYPE_TRAILER: - *length = 0; - break; - case KRB5_CRYPTO_TYPE_CHECKSUM: - *length = hash->hashsize; - break; - default: - assert(0 && "invalid cryptotype passed to krb5int_arcfour_crypto_length"); - break; - } - - return 0; -} - -static krb5_error_code -alloc_derived_key(const struct krb5_enc_provider *enc, - krb5_keyblock *dst, - krb5_data *data, - const krb5_keyblock *src) -{ - data->length = enc->keybytes; - data->data = malloc(data->length); - if (data->data == NULL) - return ENOMEM; - - *dst = *src; - dst->length = data->length; - dst->contents = (void *)data->data; - - return 0; -} - -static krb5_error_code -krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead, - const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, - krb5_keyusage usage, - const krb5_data *ivec, - krb5_crypto_iov *data, - size_t num_data) -{ - krb5_error_code ret; - krb5_crypto_iov *header, *trailer; - krb5_keyblock k1, k2, k3; - krb5_key k3key = NULL; - krb5_data d1, d2, d3; - krb5_data checksum, confounder, header_data; - krb5_keyusage ms_usage; - char salt_data[14]; - krb5_data salt; - size_t i; - - d1.length = d2.length = d3.length = 0; - d1.data = d2.data = d3.data = NULL; - - /* - * Caller must have provided space for the header, padding - * and trailer; per RFC 4757 we will arrange it as: - * - * Checksum | E(Confounder | Plaintext) - */ - - header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER); - if (header == NULL || - header->data.length < hash->hashsize + CONFOUNDERLENGTH) - return KRB5_BAD_MSIZE; - - header_data = header->data; - - /* Trailer may be absent */ - trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); - if (trailer != NULL) - trailer->data.length = 0; - - /* Ensure that there is no padding */ - for (i = 0; i < num_data; i++) { - if (data[i].flags == KRB5_CRYPTO_TYPE_PADDING) - data[i].data.length = 0; - } - - ret = alloc_derived_key(enc, &k1, &d1, &key->keyblock); - if (ret != 0) - goto cleanup; - - ret = alloc_derived_key(enc, &k2, &d2, &key->keyblock); - if (ret != 0) - goto cleanup; - - ret = alloc_derived_key(enc, &k3, &d3, &key->keyblock); - if (ret != 0) - goto cleanup; - - /* Begin the encryption, compute K1 */ - salt.data = salt_data; - salt.length = sizeof(salt_data); - - ms_usage = krb5int_arcfour_translate_usage(usage); - - if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { - strncpy(salt.data, krb5int_arcfour_l40, salt.length); - store_32_le(ms_usage, salt.data + 10); - } else { - salt.length = 4; - store_32_le(ms_usage, salt.data); - } - ret = krb5int_hmac(hash, key, 1, &salt, &d1); - if (ret != 0) - goto cleanup; - - memcpy(k2.contents, k1.contents, k2.length); - - if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) - memset(k1.contents + 7, 0xAB, 9); - - header->data.length = hash->hashsize + CONFOUNDERLENGTH; - - confounder.data = header->data.data + hash->hashsize; - confounder.length = CONFOUNDERLENGTH; - - ret = krb5_c_random_make_octets(0, &confounder); - if (ret != 0) - goto cleanup; - - checksum.data = header->data.data; - checksum.length = hash->hashsize; - - /* Adjust pointers so confounder is at start of header */ - header->data.length -= hash->hashsize; - header->data.data += hash->hashsize; - - ret = krb5int_hmac_iov_keyblock(hash, &k2, data, num_data, &checksum); - if (ret != 0) - goto cleanup; - - ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3); - if (ret != 0) - goto cleanup; - - ret = krb5_k_create_key(NULL, &k3, &k3key); - if (ret != 0) - goto cleanup; - - ret = enc->encrypt_iov(k3key, ivec, data, num_data); - if (ret != 0) - goto cleanup; - -cleanup: - header->data = header_data; /* restore header pointers */ - - if (d1.data != NULL) { - memset(d1.data, 0, d1.length); - free(d1.data); - } - if (d2.data != NULL) { - memset(d2.data, 0, d2.length); - free(d2.data); - } - if (d3.data != NULL) { - memset(d3.data, 0, d3.length); - free(d3.data); - } - - krb5_k_free_key(NULL, k3key); - return ret; -} - -static krb5_error_code -krb5int_arcfour_decrypt_iov(const struct krb5_aead_provider *aead, - const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, - krb5_keyusage usage, - const krb5_data *ivec, - krb5_crypto_iov *data, - size_t num_data) -{ - krb5_error_code ret; - krb5_crypto_iov *header, *trailer; - krb5_keyblock k1, k2, k3; - krb5_key k3key = NULL; - krb5_data d1, d2, d3; - krb5_data checksum, header_data; - krb5_keyusage ms_usage; - char salt_data[14]; - krb5_data salt; - - d1.length = d2.length = d3.length = 0; - d1.data = d2.data = d3.data = NULL; - - header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER); - if (header == NULL || - header->data.length != hash->hashsize + CONFOUNDERLENGTH) - return KRB5_BAD_MSIZE; - - header_data = header->data; - - trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); - if (trailer != NULL && trailer->data.length != 0) - return KRB5_BAD_MSIZE; - - ret = alloc_derived_key(enc, &k1, &d1, &key->keyblock); - if (ret != 0) - goto cleanup; - - ret = alloc_derived_key(enc, &k2, &d2, &key->keyblock); - if (ret != 0) - goto cleanup; - - ret = alloc_derived_key(enc, &k3, &d3, &key->keyblock); - if (ret != 0) - goto cleanup; - - /* Begin the decryption, compute K1 */ - salt.data = salt_data; - salt.length = sizeof(salt_data); - - ms_usage = krb5int_arcfour_translate_usage(usage); - - if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { - strncpy(salt.data, krb5int_arcfour_l40, salt.length); - store_32_le(ms_usage, (unsigned char *)salt.data + 10); - } else { - salt.length = 4; - store_32_le(ms_usage, (unsigned char *)salt.data); - } - ret = krb5int_hmac(hash, key, 1, &salt, &d1); - if (ret != 0) - goto cleanup; - - memcpy(k2.contents, k1.contents, k2.length); - - if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) - memset(k1.contents + 7, 0xAB, 9); - - checksum.data = header->data.data; - checksum.length = hash->hashsize; - - /* Adjust pointers so confounder is at start of header */ - header->data.length -= hash->hashsize; - header->data.data += hash->hashsize; - - ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3); - if (ret != 0) - goto cleanup; - - ret = krb5_k_create_key(NULL, &k3, &k3key); - if (ret != 0) - goto cleanup; - - ret = enc->decrypt_iov(k3key, ivec, data, num_data); - if (ret != 0) - goto cleanup; - - ret = krb5int_hmac_iov_keyblock(hash, &k2, data, num_data, &d1); - if (ret != 0) - goto cleanup; - - if (memcmp(checksum.data, d1.data, hash->hashsize) != 0) { - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto cleanup; - } - -cleanup: - header->data = header_data; /* restore header pointers */ - - if (d1.data != NULL) { - memset(d1.data, 0, d1.length); - free(d1.data); - } - if (d2.data != NULL) { - memset(d2.data, 0, d2.length); - free(d2.data); - } - if (d3.data != NULL) { - memset(d3.data, 0, d3.length); - free(d3.data); - } - - krb5_k_free_key(NULL, k3key); - return ret; -} - -const struct krb5_aead_provider krb5int_aead_arcfour = { - krb5int_arcfour_crypto_length, - krb5int_arcfour_encrypt_iov, - krb5int_arcfour_decrypt_iov -}; diff --git a/src/lib/crypto/builtin/arcfour/arcfour_s2k.c b/src/lib/crypto/builtin/arcfour/arcfour_s2k.c deleted file mode 100644 index 1aaaa1cc4..000000000 --- a/src/lib/crypto/builtin/arcfour/arcfour_s2k.c +++ /dev/null @@ -1,59 +0,0 @@ -#include "k5-int.h" -#include "k5-utf8.h" -#include "rsa-md4.h" -#include "arcfour-int.h" - -#if TARGET_OS_MAC && !defined(DEPEND) -#include <CoreFoundation/CFString.h> -#endif - -krb5_error_code -krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, - const krb5_data *string, const krb5_data *salt, - const krb5_data *params, krb5_keyblock *key) -{ - krb5_error_code err = 0; - krb5_MD4_CTX md4_context; - unsigned char *copystr; - size_t copystrlen; - - if (params != NULL) - return KRB5_ERR_BAD_S2K_PARAMS; - - if (key->length != 16) - return (KRB5_BAD_MSIZE); - - /* We ignore salt per the Microsoft spec*/ - - /* compute the space needed for the new string. - Since the password must be stored in unicode, we need to increase - that number by 2x. - */ - - err = krb5int_utf8cs_to_ucs2les(string->data, string->length, ©str, ©strlen); - if (err) - return err; - - /* the actual MD4 hash of the data */ - krb5int_MD4Init(&md4_context); - krb5int_MD4Update(&md4_context, copystr, copystrlen); - krb5int_MD4Final(&md4_context); - memcpy(key->contents, md4_context.digest, 16); - -#if 0 - /* test the string_to_key function */ - printf("Hash="); - { - int counter; - for(counter=0;counter<16;counter++) - printf("%02x", md4_context.digest[counter]); - printf("\n"); - } -#endif /* 0 */ - - /* Zero out the data behind us */ - memset(copystr, 0, copystrlen); - memset(&md4_context, 0, sizeof(md4_context)); - free(copystr); - return err; -} diff --git a/src/lib/crypto/builtin/arcfour/deps b/src/lib/crypto/builtin/arcfour/deps deleted file mode 100644 index 3504e386b..000000000 --- a/src/lib/crypto/builtin/arcfour/deps +++ /dev/null @@ -1,38 +0,0 @@ -# -# Generated makefile dependencies follow. -# -arcfour.so arcfour.po $(OUTPRE)arcfour.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../hash_provider/hash_provider.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - arcfour-int.h arcfour.c arcfour.h -arcfour_aead.so arcfour_aead.po $(OUTPRE)arcfour_aead.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - arcfour-int.h arcfour.h arcfour_aead.c -arcfour_s2k.so arcfour_s2k.po $(OUTPRE)arcfour_s2k.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../md4/rsa-md4.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-utf8.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - arcfour-int.h arcfour.h arcfour_s2k.c diff --git a/src/lib/crypto/builtin/enc_provider/deps b/src/lib/crypto/builtin/enc_provider/deps index bb90fa20c..ec82b80db 100644 --- a/src/lib/crypto/builtin/enc_provider/deps +++ b/src/lib/crypto/builtin/enc_provider/deps @@ -41,7 +41,6 @@ rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \ $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/rand2key/rand2key.h \ - $(srcdir)/../arcfour/arcfour-int.h $(srcdir)/../arcfour/arcfour.h \ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ diff --git a/src/lib/crypto/builtin/enc_provider/rc4.c b/src/lib/crypto/builtin/enc_provider/rc4.c index 3c3e0f131..0a1f61804 100644 --- a/src/lib/crypto/builtin/enc_provider/rc4.c +++ b/src/lib/crypto/builtin/enc_provider/rc4.c @@ -7,11 +7,22 @@ */ #include "k5-int.h" -#include "arcfour-int.h" #include "enc_provider.h" #include <aead.h> #include <rand2key.h> +typedef struct +{ + unsigned int x; + unsigned int y; + unsigned char state[256]; +} ArcfourContext; + +typedef struct { + int initialized; + ArcfourContext ctx; +} ArcFourCipherState; + /* gets the next byte from the PRNG */ #if ((__GNUC__ >= 2) ) static __inline__ unsigned int k5_arcfour_byte(ArcfourContext *); |