diff options
author | Sam Hartman <hartmans@mit.edu> | 2004-02-24 21:07:22 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2004-02-24 21:07:22 +0000 |
commit | 6ce8b3450b2c24ba09a298895c724a40a929d024 (patch) | |
tree | 2f44dd7927da5c3fb5dc7d21938f2e009aa1bb08 /src/lib/crypto/dk/dk_encrypt.c | |
parent | 2d16d6cd6b2ecec6e8843ba17603875d1804c980 (diff) | |
download | krb5-6ce8b3450b2c24ba09a298895c724a40a929d024.tar.gz krb5-6ce8b3450b2c24ba09a298895c724a40a929d024.tar.xz krb5-6ce8b3450b2c24ba09a298895c724a40a929d024.zip |
Remove ENCTYPE_LOCAL_DES3_HMAC_SHA1
Previously, MIT had support for a version of the des3 enctype with a
32-bit length prepended to encrypted data. Remove that support. This
is non-standard and is no longer needed even at MIT.
Ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16122 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/dk/dk_encrypt.c')
-rw-r--r-- | src/lib/crypto/dk/dk_encrypt.c | 147 |
1 files changed, 0 insertions, 147 deletions
diff --git a/src/lib/crypto/dk/dk_encrypt.c b/src/lib/crypto/dk/dk_encrypt.c index 08d26856c..2431e61c8 100644 --- a/src/lib/crypto/dk/dk_encrypt.c +++ b/src/lib/crypto/dk/dk_encrypt.c @@ -360,150 +360,3 @@ cleanup: return(ret); } -#ifdef ATHENA_DES3_KLUDGE -void -krb5_marc_dk_encrypt_length(enc, hash, inputlen, length) - const struct krb5_enc_provider *enc; - const struct krb5_hash_provider *hash; - size_t inputlen; - size_t *length; -{ - size_t blocksize, hashsize; - - blocksize = enc->block_size; - hashsize = hash->hashsize; - *length = krb5_roundup(blocksize+4+inputlen, blocksize) + hashsize; -} - -krb5_error_code -krb5_marc_dk_encrypt(enc, hash, key, usage, ivec, input, output) - const struct krb5_enc_provider *enc; - const struct krb5_hash_provider *hash; - const krb5_keyblock *key; - krb5_keyusage usage; - const krb5_data *ivec; - const krb5_data *input; - krb5_data *output; -{ - size_t blocksize, keybytes, keylength, plainlen, enclen; - krb5_error_code ret; - unsigned char constantdata[K5CLENGTH]; - krb5_data d1, d2; - unsigned char *plaintext, *kedata, *kidata, *cn; - krb5_keyblock ke, ki; - - /* allocate and set up plaintext and to-be-derived keys */ - - blocksize = enc->block_size; - keybytes = enc->keybytes; - keylength = enc->keylength; - plainlen = krb5_roundup(blocksize+4+input->length, blocksize); - - krb5_marc_dk_encrypt_length(enc, hash, input->length, &enclen); - - /* key->length, ivec will be tested in enc->encrypt */ - - if (output->length < enclen) - return(KRB5_BAD_MSIZE); - - if ((kedata = (unsigned char *) malloc(keylength)) == NULL) - return(ENOMEM); - if ((kidata = (unsigned char *) malloc(keylength)) == NULL) { - free(kedata); - return(ENOMEM); - } - if ((plaintext = (unsigned char *) malloc(plainlen)) == NULL) { - free(kidata); - free(kedata); - return(ENOMEM); - } - - ke.contents = kedata; - ke.length = keylength; - ki.contents = kidata; - ki.length = keylength; - - /* derive the keys */ - - d1.data = constantdata; - d1.length = K5CLENGTH; - - d1.data[0] = (usage>>24)&0xff; - d1.data[1] = (usage>>16)&0xff; - d1.data[2] = (usage>>8)&0xff; - d1.data[3] = usage&0xff; - - d1.data[4] = 0xAA; - - if ((ret = krb5_derive_key(enc, key, &ke, &d1))) - goto cleanup; - - d1.data[4] = 0x55; - - if ((ret = krb5_derive_key(enc, key, &ki, &d1))) - goto cleanup; - - /* put together the plaintext */ - - d1.length = blocksize; - d1.data = plaintext; - - if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &d1))) - goto cleanup; - - (plaintext+blocksize)[0] = (input->length>>24)&0xff; - (plaintext+blocksize)[1] = (input->length>>16)&0xff; - (plaintext+blocksize)[2] = (input->length>>8)&0xff; - (plaintext+blocksize)[3] = input->length&0xff; - - memcpy(plaintext+blocksize+4, input->data, input->length); - - memset(plaintext+blocksize+4+input->length, 0, - plainlen - (blocksize+4+input->length)); - - /* encrypt the plaintext */ - - d1.length = plainlen; - d1.data = plaintext; - - d2.length = plainlen; - d2.data = output->data; - - if ((ret = ((*(enc->encrypt))(&ke, ivec, &d1, &d2)))) - goto cleanup; - - if (ivec != NULL && ivec->length == blocksize) - cn = d2.data + d2.length - blocksize; - else - cn = NULL; - - /* hash the plaintext */ - - d2.length = enclen - plainlen; - d2.data = output->data+plainlen; - - output->length = enclen; - - if ((ret = krb5_hmac(hash, &ki, 1, &d1, &d2))) { - memset(d2.data, 0, d2.length); - goto cleanup; - } - - /* update ivec */ - if (cn != NULL) - memcpy(ivec->data, cn, blocksize); - - /* ret is set correctly by the prior call */ - -cleanup: - memset(kedata, 0, keylength); - memset(kidata, 0, keylength); - memset(plaintext, 0, plainlen); - - free(plaintext); - free(kidata); - free(kedata); - - return(ret); -} -#endif /* ATHENA_DES3_KLUDGE */ |