Move the des and AFS string-to-key implementations into lib/crypto/krb,

since they aren't standard crypto primitives.  Revise the module SPI
accordingly.  Add tests for AFS string-to-key to t_str2key.c to replace
the ones in the (now defunct) t_afss2k.c.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24699 dc483132-0cff-0310-8789-dd5450dbe970

7 files changed, 113 insertions, 174 deletions

diff --git a/src/lib/crypto/nss/des/Makefile.in b/src/lib/crypto/nss/des/Makefile.in
index b751e6e65..cdef2818a 100644
--- a/src/lib/crypto/nss/des/Makefile.in
+++ b/src/lib/crypto/nss/des/Makefile.in
@@ -9,17 +9,11 @@ RUN_SETUP = @KRB5_RUN_ENV@
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
-STLIBOBJS= des_oldapis.o \
-	f_parity.o 	\
-	string2key.o
+STLIBOBJS= des_keys.o
 
-OBJS=	$(OUTPRE)f_parity.$(OBJEXT) 	\
-	$(OUTPRE)des_oldapis.$(OBJEXT) 	\
-	$(OUTPRE)string2key.$(OBJEXT)
+OBJS= $(OUTPRE)des_keys.$(OBJEXT)
 
-SRCS=	$(srcdir)/f_parity.c	\
-	$(srcdir)/des_oldapis.c	\
-	$(srcdir)/string2key.c
+SRCS= $(srcdir)/des_keys.c
 
 all-unix:: all-libobjs
 
diff --git a/src/lib/crypto/nss/des/des_keys.c b/src/lib/crypto/nss/des/des_keys.c
new file mode 100644
index 000000000..4ff0e845d
--- /dev/null
+++ b/src/lib/crypto/nss/des/des_keys.c
@@ -0,0 +1,87 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/nss/des/des_keys.c - Key functions used by Kerberos code */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+/*
+ * des_fixup_key_parity: Forces odd parity per byte; parity is bits
+ *                       8,16,...64 in des order, implies 0, 8, 16, ...
+ *                       vax order.
+ */
+#define smask(step) ((1<<step)-1)
+#define pstep(x,step) (((x)&smask(step))^(((x)>>step)&smask(step)))
+#define parity_char(x) pstep(pstep(pstep((x),4),2),1)
+
+void
+k5_des_fixup_key_parity(unsigned char *keybits)
+{
+    unsigned int i;
+
+    for (i = 0; i < 8; i++) {
+        keybits[i] &= 0xfe;
+        keybits[i] |= 1^parity_char(keybits[i]);
+    }
+}
+
+/* The following are the weak DES keys: */
+static const unsigned char weak[16][8] = {
+    /* Weak keys */
+    {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+    {0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe},
+    {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e},
+    {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1},
+
+    /* Semi-weak */
+    {0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe},
+    {0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01},
+
+    {0x1f,0xe0,0x1f,0xe0,0x0e,0xf1,0x0e,0xf1},
+    {0xe0,0x1f,0xe0,0x1f,0xf1,0x0e,0xf1,0x0e},
+
+    {0x01,0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1},
+    {0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1,0x01},
+
+    {0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e,0xfe},
+    {0xfe,0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e},
+
+    {0x01,0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e},
+    {0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e,0x01},
+
+    {0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1,0xfe},
+    {0xfe,0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1}
+};
+
+krb5_boolean
+k5_des_is_weak_key(unsigned char *keybits)
+{
+    unsigned int i;
+
+    for (i = 0; i < sizeof(weak) / 8; i++) {
+        if (memcmp(weak[i], keybits, 8) == 0)
+            return TRUE;
+    }
+    return FALSE;
+}
diff --git a/src/lib/crypto/nss/des/des_oldapis.c b/src/lib/crypto/nss/des/des_oldapis.c
deleted file mode 100644
index c26439f54..000000000
--- a/src/lib/crypto/nss/des/des_oldapis.c
+++ /dev/null
@@ -1,34 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/nss/des/des_oldapis.c */
-/*
- * Copyright (C) 2009 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "crypto_int.h"
-
-krb5_error_code
-mit_afs_string_to_key(krb5_keyblock *keyblock, const krb5_data *data,
-                      const krb5_data *salt)
-{
-    return KRB5_CRYPTO_INTERNAL;
-}
diff --git a/src/lib/crypto/nss/des/f_parity.c b/src/lib/crypto/nss/des/f_parity.c
deleted file mode 100644
index ca1de3ed9..000000000
--- a/src/lib/crypto/nss/des/f_parity.c
+++ /dev/null
@@ -1,31 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * These routines check and fix parity of encryption keys for the DES
- * algorithm.
- *
- * They are a replacement for routines in key_parity.c, that don't require
- * the table building that they do.
- *
- * Mark Eichin -- Cygnus Support
- */
-
-#include "crypto_int.h"
-
-/*
- * des_fixup_key_parity: Forces odd parity per byte; parity is bits
- *                       8,16,...64 in des order, implies 0, 8, 16, ...
- *                       vax order.
- */
-#define smask(step) ((1<<step)-1)
-#define pstep(x,step) (((x)&smask(step))^(((x)>>step)&smask(step)))
-#define parity_char(x) pstep(pstep(pstep((x),4),2),1)
-
-void
-mit_des_fixup_key_parity(unsigned char *key)
-{
-    unsigned int i;
-    for (i = 0; i < 8; i++) {
-        key[i] &= 0xfe;
-        key[i] |= 1^parity_char(key[i]);
-    }
-}
diff --git a/src/lib/crypto/nss/des/string2key.c b/src/lib/crypto/nss/des/string2key.c
deleted file mode 100644
index 8474c4057..000000000
--- a/src/lib/crypto/nss/des/string2key.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/nss/des/string2key.c */
-/*
- * Copyright (C) 2009 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "crypto_int.h"
-#include "pk11pub.h"
-#include "nss_gen.h"
-
-krb5_error_code
-mit_des_string_to_key_int(krb5_keyblock *key, const krb5_data *pw,
-                          const krb5_data *salt)
-{
-    PK11SlotInfo *slot = NULL;
-    PK11SymKey *symKey = NULL;
-    SECItem pwItem;
-    SECItem paramsItem;
-    CK_PBE_PARAMS pbe_params;
-    CK_MECHANISM_TYPE pbeMech = CKM_NETSCAPE_PBE_SHA1_DES_CBC;
-    krb5_error_code ret;
-    SECItem *keyData;
-
-    ret = k5_nss_init();
-    if (ret)
-        return ret;
-
-    slot = PK11_GetBestSlot(pbeMech, NULL);
-    if (slot == NULL) {
-        ret = k5_nss_map_last_error();
-        goto loser;
-    }
-
-    pwItem.data = (unsigned char *)pw->data;
-    pwItem.len = pw->length;
-    memset(&pbe_params, 0, sizeof(pbe_params));
-    pbe_params.pSalt = (unsigned char *)salt->data;
-    pbe_params.ulSaltLen = salt->length;
-    pbe_params.ulIteration = 1;
-    paramsItem.data = (unsigned char *)&pbe_params;
-    paramsItem.len = sizeof(pbe_params);
-
-    symKey = PK11_RawPBEKeyGen(slot, pbeMech, &paramsItem, &pwItem,
-                               PR_FALSE, NULL);
-    if (symKey == NULL) {
-        ret = k5_nss_map_last_error();
-        goto loser;
-    }
-    PK11_ExtractKeyValue(symKey);
-    keyData = PK11_GetKeyData(symKey);
-    if (!keyData) {
-        ret = k5_nss_map_last_error();
-        goto loser;
-    }
-    key->length = keyData->len;
-    memcpy(key->contents, keyData->data, key->length);
-    ret = 0;
-
-loser:
-    if (symKey)
-        PK11_FreeSymKey(symKey);
-    if (slot)
-        PK11_FreeSlot(slot);
-    return ret;
-}
diff --git a/src/lib/crypto/nss/enc_provider/des.c b/src/lib/crypto/nss/enc_provider/des.c
index 46a3e0fc1..2d9387f19 100644
--- a/src/lib/crypto/nss/enc_provider/des.c
+++ b/src/lib/crypto/nss/enc_provider/des.c
@@ -57,19 +57,32 @@ k5_des_decrypt_iov(krb5_key key,
 {
     krb5_error_code ret;
 
-    ret = k5_nss_gen_import(key, CKM_DES_CBC, CKA_ENCRYPT);
+    ret = k5_nss_gen_import(key, CKM_DES_CBC, CKA_DECRYPT);
     if (ret != 0)
         return ret;
     return k5_nss_gen_block_iov(key, CKM_DES_CBC, CKA_DECRYPT,
                                 ivec, data, num_data);
 }
 
+static krb5_error_code
+k5_des_cbc_mac(krb5_key key, const krb5_crypto_iov *data, size_t num_data,
+               const krb5_data *ivec, krb5_data *output)
+{
+    krb5_error_code ret;
+
+    ret = k5_nss_gen_import(key, CKM_DES_CBC, CKA_ENCRYPT);
+    if (ret != 0)
+        return ret;
+    return k5_nss_gen_cbcmac_iov(key, CKM_DES_CBC, ivec, data, num_data,
+                                 output);
+}
+
 const struct krb5_enc_provider krb5int_enc_des = {
     8,
     7, KRB5_MIT_DES_KEYSIZE,
     k5_des_encrypt_iov,
     k5_des_decrypt_iov,
-    NULL,
+    k5_des_cbc_mac,
     krb5int_des_init_state,
     krb5int_default_free_state,
     k5_nss_gen_cleanup
diff --git a/src/lib/crypto/nss/enc_provider/enc_gen.c b/src/lib/crypto/nss/enc_provider/enc_gen.c
index 943726352..ed016635e 100644
--- a/src/lib/crypto/nss/enc_provider/enc_gen.c
+++ b/src/lib/crypto/nss/enc_provider/enc_gen.c
@@ -545,9 +545,8 @@ k5_nss_gen_cbcmac_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
     SECStatus rv;
     SECItem *param = NULL;
     struct iov_block_state input_pos, output_pos;
-    unsigned char storage[MAX_BLOCK_SIZE];
+    unsigned char block[MAX_BLOCK_SIZE], *lastblock;
     unsigned char iv0[MAX_BLOCK_SIZE];
-    unsigned char *ptr = NULL, *lastptr = NULL;
     SECItem iv;
     size_t blocksize;
     int length = 0;
@@ -557,7 +556,7 @@ k5_nss_gen_cbcmac_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
     IOV_BLOCK_STATE_INIT(&output_pos);
 
     blocksize = PK11_GetBlockSize(mech, NULL);
-    assert(blocksize <= sizeof(storage));
+    assert(blocksize <= sizeof(block));
     if (output->length < blocksize)
         return KRB5_BAD_MSIZE;
 
@@ -577,23 +576,19 @@ k5_nss_gen_cbcmac_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
         goto done;
     }
 
-    lastptr = iv.data;
+    lastblock = iv.data;
     for (currentblock = 0;;currentblock++) {
-        if (!krb5int_c_iov_get_block_nocopy(storage, blocksize, data, num_data,
-                                            &input_pos, &ptr))
+        if (!krb5int_c_iov_get_block(block, blocksize, data, num_data,
+                                     &input_pos))
             break;
-
-        lastptr = NULL;
-
-        rv = PK11_CipherOp(ctx, ptr, &length, blocksize, ptr, blocksize);
+        rv = PK11_CipherOp(ctx, block, &length, blocksize, block, blocksize);
         if (rv != SECSuccess) {
             ret = k5_nss_map_last_error();
             goto done;
         }
-
-        lastptr = ptr;
+        lastblock = block;
     }
-    memcpy(output->data, lastptr, blocksize);
+    memcpy(output->data, lastblock, blocksize);
 
 done:
     if (ctx) {