t_random.c: New file which just tests the random number generator

new_rn_key.c (mit_des_set_random_generator_seed): Add fix so that we
	do something even if the input key is not a valid DES key.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7503 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 145 insertions, 2 deletions

diff --git a/src/lib/crypto/des/ChangeLog b/src/lib/crypto/des/ChangeLog
index ddc48365e..f07b4c082 100644
--- a/src/lib/crypto/des/ChangeLog
+++ b/src/lib/crypto/des/ChangeLog
@@ -1,3 +1,11 @@
+Thu Feb 22 20:32:08 1996  Theodore Y. Ts'o  <tytso@dcl>
+
+	* t_random.c: New file which just tests the random number generator.
+
+	* new_rn_key.c (mit_des_set_random_generator_seed): Add fix so
+		that we do something even if the input key is not a valid
+		DES key.
+
 Wed Jan 10 22:28:23 1996  Theodore Y. Ts'o  <tytso@dcl>
 
 	* des_int.h: Fix return type for mit_des3_string_to_key().
diff --git a/src/lib/crypto/des/Makefile.in b/src/lib/crypto/des/Makefile.in
index 8f8a69693..c54061c9c 100644
--- a/src/lib/crypto/des/Makefile.in
+++ b/src/lib/crypto/des/Makefile.in
@@ -78,6 +78,9 @@ verify$(EXEEXT): t_verify.$(OBJEXT) $(DEPKLIB)
 destest$(EXEEXT): destest.$(OBJEXT) $(DEPKLIB)
 	$(CC) -o $@ destest.$(OBJEXT) $(KLIB) $(LIBS) $(CFLAGS) $(LDFLAGS) 
 
+t_random$(EXEEXT): t_random.$(OBJEXT) $(DEPKLIB)
+	$(LD) -o $@ t_random.$(OBJEXT) $(KLIB) $(LIBS) $(CFLAGS) $(LDFLAGS) 
+
 check-mac: check-unix
 
 check-unix:: destest verify
@@ -89,7 +92,8 @@ check-unix:: destest verify
 check-windows::
 
 clean:: 
-	$(RM) destest$(EXEEXT) verify$(EXEEXT) destest.$(OBJEXT) t_verify.$(OBJEXT)
+	$(RM) destest$(EXEEXT) verify$(EXEEXT) destest.$(OBJEXT) \
+	t_verify.$(OBJEXT) t_random.$(OBJEXT) t_random$(EXEEXT)
 
 clean-unix::
 	$(RM) shared/*
diff --git a/src/lib/crypto/des/new_rn_key.c b/src/lib/crypto/des/new_rn_key.c
index ceb93f9de..d8c72a716 100644
--- a/src/lib/crypto/des/new_rn_key.c
+++ b/src/lib/crypto/des/new_rn_key.c
@@ -155,6 +155,11 @@ mit_des_init_random_number_generator(key,p_seed)
  *
  * Requires: key is a valid des key.  I.e., has correct parity and is not a
  *           weak des key.
+ * 	[Note: I have changed this so that even if it is not a valid
+ * 	DES key, this function will do something rational --- that is,
+ * 	we fix up the key parity and make it a non-weak key.  This
+ * 	still won't help us if the input value is guessable, but at
+ * 	least we won't get screwed if the key-parity is wrong... --- TYT]
  */
 void
 mit_des_set_random_generator_seed(key, p_seed)
@@ -162,9 +167,17 @@ mit_des_set_random_generator_seed(key, p_seed)
     mit_des_random_key_seed	*p_seed;
 {
     register int i;
+    mit_des_cblock fixed_key;
+
+    memcpy(fixed_key, key, sizeof(mit_des_cblock));
+    mit_des_fixup_key_parity(fixed_key);
+    if (mit_des_is_weak_key(fixed_key)) {
+	    fixed_key[0] ^= 0xF0;
+	    mit_des_fixup_key_parity(fixed_key);
+    }
 
     /* select the new stream: (note errors are not possible here...) */
-    mit_des_key_sched(key, p_seed->random_sequence_key);
+    mit_des_key_sched(fixed_key, p_seed->random_sequence_key);
 
     /* "seek" to the start of the stream: */
     for (i=0; i<8; i++)
diff --git a/src/lib/crypto/des/t_random.c b/src/lib/crypto/des/t_random.c
new file mode 100644
index 000000000..106bfb2fb
--- /dev/null
+++ b/src/lib/crypto/des/t_random.c
@@ -0,0 +1,118 @@
+/*
+ * lib/crypto/des/t_random.c
+ *
+ * Copyright 1996 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * Test a DES implementation against known inputs & outputs
+ */
+
+#include "k5-int.h"
+#include "des_int.h"
+#include <stdio.h>
+#include "com_err.h"
+
+extern krb5_cryptosystem_entry mit_des_cryptosystem_entry;
+
+char *progname;
+int nflag = 2;
+int vflag;
+int mflag;
+int zflag;
+int pid;
+int mit_des_debug;
+
+krb5_data kdata;
+
+unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f };
+unsigned char zerokey[8] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
+
+void print_key(key)
+	krb5_keyblock *key;
+{
+	int 	i;
+
+	printf("key type: %d, length = %d, contents =", key->enctype,
+	       key->length);
+	for (i=0; i < key->length; i++) {
+		printf(" %02x", key->contents[i]);
+	}
+	printf("\n");
+}
+
+/*
+ * Can also add :
+ * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?)
+ */
+
+void
+main(argc,argv)
+    int argc;
+    char *argv[];
+{
+    /* Local Declarations */
+    krb5_context context;
+    krb5_encrypt_block eblock;
+    krb5_keyblock keyblock, *randkey;
+    void *random_seed = 0;
+
+#ifdef WINDOWS
+    /* Set screen window buffer to infinite size -- MS default is tiny.  */
+    _wsetscreenbuf (fileno (stdout), _WINBUFINF);
+#endif
+
+    /* do some initialisation */
+    krb5_init_context(&context);
+    krb5_init_ets(context);
+
+    krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_CRC);
+    keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+    keyblock.length = sizeof(mit_des_cblock);
+
+    keyblock.contents = key2;
+
+    printf("init_random: ");
+    print_key(&keyblock);
+    krb5_init_random_key(context, &eblock, &keyblock, &random_seed);
+    krb5_random_key(context, &eblock, random_seed, &randkey);
+    print_key(randkey);
+    krb5_free_keyblock(context, randkey);
+    krb5_random_key(context, &eblock, random_seed, &randkey);
+    print_key(randkey);
+    krb5_free_keyblock(context, randkey);
+    krb5_finish_random_key(context, &eblock, &random_seed);
+
+    keyblock.contents = zerokey;
+
+    printf("\n\ninit_random: ");
+    print_key(&keyblock);
+
+    krb5_init_random_key(context, &eblock, &keyblock, &random_seed);
+    krb5_random_key(context, &eblock, random_seed, &randkey);
+    print_key(randkey);
+    krb5_free_keyblock(context, randkey);
+    krb5_random_key(context, &eblock, random_seed, &randkey);
+    print_key(randkey);
+    krb5_free_keyblock(context, randkey);
+    krb5_finish_random_key(context, &eblock, &random_seed);
+
+    krb5_free_context(context);
+}
+