diff options
Diffstat (limited to 'src/lib/crypto')
| -rw-r--r-- | src/lib/crypto/ChangeLog | 19 | ||||
| -rw-r--r-- | src/lib/crypto/Makefile.in | 12 | ||||
| -rw-r--r-- | src/lib/crypto/dk/ChangeLog | 12 | ||||
| -rw-r--r-- | src/lib/crypto/dk/Makefile.in | 3 | ||||
| -rw-r--r-- | src/lib/crypto/dk/dk.h | 5 | ||||
| -rw-r--r-- | src/lib/crypto/dk/dk_prf.c | 64 | ||||
| -rw-r--r-- | src/lib/crypto/etypes.c | 100 | ||||
| -rw-r--r-- | src/lib/crypto/keyblocks.c | 79 | ||||
| -rw-r--r-- | src/lib/crypto/libk5crypto.exports | 5 | ||||
| -rw-r--r-- | src/lib/crypto/prf.c | 87 | ||||
| -rw-r--r-- | src/lib/crypto/t_prf.c | 89 |
11 files changed, 454 insertions, 21 deletions
diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index fa03524a3..6f6d28dfb 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,22 @@ +2005-05-19 Sam Hartman <hartmans@mit.edu> + + * keyblocks.c : File to contain memory management for keyblocks + moved from libkrb5 + + * Makefile.in (SRCS): keyblocks.c is new + + * etypes.c: Add PRF for AES + + * Makefile.in (t_prf$(EXEEXT)): New output for prf test framework + +2005-05-18 Sam Hartman <hartmans@mit.edu> + + * Makefile.in : Add prf.c + + * prf.c t_prf.c: New file + + * etypes.c: Adjust structures to support the PRF declarations. + 2005-03-15 Jeffrey Altman <jaltman@mit.edu> * keyed_cksum.c: (krb5_c_is_keyed_cksum): this is a boolean diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in index 5c1d94c2e..62cbddfe2 100644 --- a/src/lib/crypto/Makefile.in +++ b/src/lib/crypto/Makefile.in @@ -16,6 +16,7 @@ PROG_RPATH=$(KRB5_LIBDIR) EXTRADEPSRCS=\ $(srcdir)/t_nfold.c \ $(srcdir)/t_encrypt.c \ + $(srcdir)/t_prf.c \ $(srcdir)/t_prng.c \ $(srcdir)/t_hmac.c \ $(srcdir)/t_pkcs5.c \ @@ -47,6 +48,7 @@ STLIBOBJS=\ enctype_to_string.o \ etypes.o \ hmac.o \ + keyblocks.o \ keyed_cksum.o \ keyed_checksum_types.o \ make_checksum.o \ @@ -55,6 +57,7 @@ STLIBOBJS=\ nfold.o \ old_api_glue.o \ pbkdf2.o \ + prf.o \ prng.o \ state.o \ string_to_cksumtype.o \ @@ -80,6 +83,7 @@ OBJS=\ $(OUTPRE)enctype_to_string.$(OBJEXT) \ $(OUTPRE)etypes.$(OBJEXT) \ $(OUTPRE)hmac.$(OBJEXT) \ + $(OUTPRE)keyblocks.$(OBJEXT) \ $(OUTPRE)keyed_cksum.$(OBJEXT) \ $(OUTPRE)keyed_checksum_types.$(OBJEXT) \ $(OUTPRE)make_checksum.$(OBJEXT) \ @@ -88,6 +92,7 @@ OBJS=\ $(OUTPRE)nfold.$(OBJEXT) \ $(OUTPRE)old_api_glue.$(OBJEXT) \ $(OUTPRE)pbkdf2.$(OBJEXT) \ + $(OUTPRE)prf.$(OBJEXT) \ $(OUTPRE)prng.$(OBJEXT) \ $(OUTPRE)state.$(OBJEXT) \ $(OUTPRE)string_to_cksumtype.$(OBJEXT) \ @@ -113,6 +118,7 @@ SRCS=\ $(srcdir)/enctype_to_string.c \ $(srcdir)/etypes.c \ $(srcdir)/hmac.c \ + $(srcdir)/keyblocks.c \ $(srcdir)/keyed_cksum.c \ $(srcdir)/keyed_checksum_types.c\ $(srcdir)/make_checksum.c \ @@ -121,6 +127,7 @@ SRCS=\ $(srcdir)/nfold.c \ $(srcdir)/old_api_glue.c \ $(srcdir)/pbkdf2.c \ + $(srcdir)/prf.c \ $(srcdir)/prng.c \ $(srcdir)/state.c \ $(srcdir)/string_to_cksumtype.c \ @@ -170,7 +177,7 @@ libcrypto.lib: clean-unix:: clean-liblinks clean-libs clean-libobjs -check-unix:: t_nfold t_encrypt t_prng t_hmac t_pkcs5 +check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 $(RUN_SETUP) ./t_nfold $(RUN_SETUP) ./t_encrypt $(RUN_SETUP) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \ @@ -185,6 +192,9 @@ t_nfold$(EXEEXT): t_nfold.$(OBJEXT) nfold.$(OBJEXT) t_encrypt$(EXEEXT): t_encrypt.$(OBJEXT) nfold.$(OBJEXT) $(CRYPTO_DEPLIB) $(CC_LINK) -o $@ t_encrypt.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB) +t_prf$(EXEEXT): t_prf.$(OBJEXT) + $(CC_LINK) -o $@ t_prf.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB) + t_prng$(EXEEXT): t_prng.$(OBJEXT) $(CC_LINK) -o $@ t_prng.$(OBJEXT) -lk5crypto -lcom_err $(SUPPORT_LIB) diff --git a/src/lib/crypto/dk/ChangeLog b/src/lib/crypto/dk/ChangeLog index 3430370af..5e9886700 100644 --- a/src/lib/crypto/dk/ChangeLog +++ b/src/lib/crypto/dk/ChangeLog @@ -1,3 +1,15 @@ +2005-05-19 Sam Hartman <hartmans@mit.edu> + + * dk_prf.c (krb5int_dk_prf): Use k5crypto versions of keyblock memory management + +2004-12-09 Sam Hartman <hartmans@mit.edu> + + * dk.h: Add krb5_dk_prf + + * Makefile.in (SRCS): Add dk_prf.c + + * dk_prf.c (krb5int_dk_prf): New function + 2004-03-17 Ken Raeburn <raeburn@mit.edu> * derive.c (krb5_random2key): Don't compile. diff --git a/src/lib/crypto/dk/Makefile.in b/src/lib/crypto/dk/Makefile.in index 83a7c8d78..89046a4c9 100644 --- a/src/lib/crypto/dk/Makefile.in +++ b/src/lib/crypto/dk/Makefile.in @@ -18,6 +18,7 @@ STLIBOBJS=\ dk_decrypt.o \ dk_encrypt.o \ derive.o \ + dk_prf.o \ stringtokey.o OBJS=\ @@ -25,12 +26,14 @@ OBJS=\ $(OUTPRE)dk_decrypt.$(OBJEXT) \ $(OUTPRE)dk_encrypt.$(OBJEXT) \ $(OUTPRE)derive.$(OBJEXT) \ + $(OUTPRE)dk_prf.$(OBJEXT) \ $(OUTPRE)stringtokey.$(OBJEXT) SRCS=\ $(srcdir)/checksum.c \ $(srcdir)/dk_decrypt.c \ $(srcdir)/dk_encrypt.c \ + $(srcdir)/dk_prf.c \ $(srcdir)/derive.c \ $(srcdir)/stringtokey.c diff --git a/src/lib/crypto/dk/dk.h b/src/lib/crypto/dk/dk.h index 1d742ce16..47bda6ebf 100644 --- a/src/lib/crypto/dk/dk.h +++ b/src/lib/crypto/dk/dk.h @@ -69,6 +69,11 @@ krb5_error_code krb5int_dk_string_to_key const krb5_data *string, const krb5_data *salt, const krb5_data *params, krb5_keyblock *key); +krb5_error_code +krb5int_dk_prf(const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, const krb5_data *in, krb5_data *out); + krb5_error_code krb5_derive_key (const struct krb5_enc_provider *enc, const krb5_keyblock *inkey, diff --git a/src/lib/crypto/dk/dk_prf.c b/src/lib/crypto/dk/dk_prf.c new file mode 100644 index 000000000..ec64caf16 --- /dev/null +++ b/src/lib/crypto/dk/dk_prf.c @@ -0,0 +1,64 @@ +/* + * lib/crypto/dk/prf.c + * + * Copyright (C) 2004 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * + * This file contains an implementation of the RFC 3961 PRF for + *simplified profile enctypes. + */ + +#include "k5-int.h" +#include "dk.h" + +krb5_error_code +krb5int_dk_prf (const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + const krb5_data *in, krb5_data *out) +{ + krb5_data tmp; + krb5_data prfconst; + krb5_keyblock *kp = NULL; + krb5_error_code ret = 0; + + prfconst.data = (char *) "prf"; + prfconst.length = 3; + tmp.length = hash->hashsize; + tmp.data = malloc(hash->hashsize); + if (tmp.data == NULL) + return ENOMEM; + hash->hash(1, in, &tmp); + tmp.length = (tmp.length/enc->block_size)*enc->block_size; /*truncate to block size*/ + ret = krb5int_c_init_keyblock(0, key->enctype, + key->length, &kp); + if (ret == 0) + ret = krb5_derive_key(enc, key, kp, &prfconst); + if (ret == 0) + ret = enc->encrypt(kp, NULL, &tmp, out); + if (kp) + krb5int_c_free_keyblock(0, kp); + free (tmp.data); + return ret; +} diff --git a/src/lib/crypto/etypes.c b/src/lib/crypto/etypes.c index 0a153743a..4273e2826 100644 --- a/src/lib/crypto/etypes.c +++ b/src/lib/crypto/etypes.c @@ -44,110 +44,170 @@ const struct krb5_keytypes krb5_enctypes_list[] = { { ENCTYPE_DES_CBC_CRC, "des-cbc-crc", "DES cbc mode with CRC-32", &krb5int_enc_des, &krb5int_hash_crc32, + 8, krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, - krb5int_des_string_to_key, CKSUMTYPE_RSA_MD5 }, + krb5int_des_string_to_key, + NULL, /*PRF*/ + CKSUMTYPE_RSA_MD5 }, { ENCTYPE_DES_CBC_MD4, "des-cbc-md4", "DES cbc mode with RSA-MD4", &krb5int_enc_des, &krb5int_hash_md4, + 8, krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, - krb5int_des_string_to_key, CKSUMTYPE_RSA_MD4 }, + krb5int_des_string_to_key, + NULL, /*PRF*/ + CKSUMTYPE_RSA_MD4 }, { ENCTYPE_DES_CBC_MD5, "des-cbc-md5", "DES cbc mode with RSA-MD5", &krb5int_enc_des, &krb5int_hash_md5, + 8, krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, - krb5int_des_string_to_key, CKSUMTYPE_RSA_MD5 }, + krb5int_des_string_to_key, + NULL, /*PRF*/ +CKSUMTYPE_RSA_MD5 }, { ENCTYPE_DES_CBC_MD5, "des", "DES cbc mode with RSA-MD5", /* alias */ &krb5int_enc_des, &krb5int_hash_md5, + 8, krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, - krb5int_des_string_to_key, CKSUMTYPE_RSA_MD5 }, + krb5int_des_string_to_key, + NULL, /*PRF*/ + CKSUMTYPE_RSA_MD5 }, { ENCTYPE_DES_CBC_RAW, "des-cbc-raw", "DES cbc mode raw", &krb5int_enc_des, NULL, + 8, krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt, - krb5int_des_string_to_key, 0 }, + krb5int_des_string_to_key, + NULL, /*PRF*/ + 0 }, { ENCTYPE_DES3_CBC_RAW, "des3-cbc-raw", "Triple DES cbc mode raw", &krb5int_enc_des3, NULL, + 8, krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt, - krb5int_dk_string_to_key, 0 }, + krb5int_dk_string_to_key, + NULL, /*PRF*/ + 0 }, { ENCTYPE_DES3_CBC_SHA1, "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1", &krb5int_enc_des3, &krb5int_hash_sha1, + 8, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, - krb5int_dk_string_to_key, CKSUMTYPE_HMAC_SHA1_DES3 }, + krb5int_dk_string_to_key, + NULL, /*PRF*/ + CKSUMTYPE_HMAC_SHA1_DES3 }, { ENCTYPE_DES3_CBC_SHA1, /* alias */ "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1", &krb5int_enc_des3, &krb5int_hash_sha1, + 8, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, - krb5int_dk_string_to_key, CKSUMTYPE_HMAC_SHA1_DES3 }, + krb5int_dk_string_to_key, + NULL, /*PRF*/ + CKSUMTYPE_HMAC_SHA1_DES3 }, { ENCTYPE_DES3_CBC_SHA1, /* alias */ "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1", &krb5int_enc_des3, &krb5int_hash_sha1, + 8, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, - krb5int_dk_string_to_key, CKSUMTYPE_HMAC_SHA1_DES3 }, + krb5int_dk_string_to_key, + NULL, /*PRF*/ + CKSUMTYPE_HMAC_SHA1_DES3 }, { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1", "DES with HMAC/sha1", &krb5int_enc_des, &krb5int_hash_sha1, + 8, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, - krb5int_dk_string_to_key, 0 }, + krb5int_dk_string_to_key, + NULL, /*PRF*/ + 0 }, { ENCTYPE_ARCFOUR_HMAC, "arcfour-hmac","ArcFour with HMAC/md5", &krb5int_enc_arcfour, - &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, + &krb5int_hash_md5, + 0, +krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, + NULL, /*PRF*/ CKSUMTYPE_HMAC_MD5_ARCFOUR }, { ENCTYPE_ARCFOUR_HMAC, /* alias */ "rc4-hmac", "ArcFour with HMAC/md5", &krb5int_enc_arcfour, - &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, + &krb5int_hash_md5, + 0, + krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, + NULL, /*PRF*/ CKSUMTYPE_HMAC_MD5_ARCFOUR }, { ENCTYPE_ARCFOUR_HMAC, /* alias */ "arcfour-hmac-md5", "ArcFour with HMAC/md5", &krb5int_enc_arcfour, - &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, + &krb5int_hash_md5, + 0, + krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, + NULL, /*PRF*/ CKSUMTYPE_HMAC_MD5_ARCFOUR }, { ENCTYPE_ARCFOUR_HMAC_EXP, "arcfour-hmac-exp", "Exportable ArcFour with HMAC/md5", &krb5int_enc_arcfour, - &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, + &krb5int_hash_md5, + 0, + krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, + NULL, /*PRF*/ CKSUMTYPE_HMAC_MD5_ARCFOUR }, { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */ "rc4-hmac-exp", "Exportable ArcFour with HMAC/md5", &krb5int_enc_arcfour, - &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, + &krb5int_hash_md5, + 0, + krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, + NULL, /*PRF*/ CKSUMTYPE_HMAC_MD5_ARCFOUR }, { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */ "arcfour-hmac-md5-exp", "Exportable ArcFour with HMAC/md5", &krb5int_enc_arcfour, - &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, + &krb5int_hash_md5, + 0, + krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, + NULL, /*PRF*/ CKSUMTYPE_HMAC_MD5_ARCFOUR }, { ENCTYPE_AES128_CTS_HMAC_SHA1_96, "aes128-cts-hmac-sha1-96", "AES-128 CTS mode with 96-bit SHA-1 HMAC", &krb5int_enc_aes128, &krb5int_hash_sha1, + 16, krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt, - krb5int_aes_string_to_key, CKSUMTYPE_HMAC_SHA1_96_AES128 }, + krb5int_aes_string_to_key, + krb5int_dk_prf, + CKSUMTYPE_HMAC_SHA1_96_AES128 }, { ENCTYPE_AES128_CTS_HMAC_SHA1_96, /* alias */ "aes128-cts", "AES-128 CTS mode with 96-bit SHA-1 HMAC", &krb5int_enc_aes128, &krb5int_hash_sha1, + 16, krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt, - krb5int_aes_string_to_key, CKSUMTYPE_HMAC_SHA1_96_AES128 }, + krb5int_aes_string_to_key, + krb5int_dk_prf, + CKSUMTYPE_HMAC_SHA1_96_AES128 }, { ENCTYPE_AES256_CTS_HMAC_SHA1_96, "aes256-cts-hmac-sha1-96", "AES-256 CTS mode with 96-bit SHA-1 HMAC", &krb5int_enc_aes256, &krb5int_hash_sha1, + 16, krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt, - krb5int_aes_string_to_key, CKSUMTYPE_HMAC_SHA1_96_AES256 }, + krb5int_aes_string_to_key, + krb5int_dk_prf, + CKSUMTYPE_HMAC_SHA1_96_AES256 }, { ENCTYPE_AES256_CTS_HMAC_SHA1_96, /* alias */ "aes256-cts", "AES-256 CTS mode with 96-bit SHA-1 HMAC", &krb5int_enc_aes256, &krb5int_hash_sha1, + 16, krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt, - krb5int_aes_string_to_key, CKSUMTYPE_HMAC_SHA1_96_AES256 }, + krb5int_aes_string_to_key, + krb5int_dk_prf, + CKSUMTYPE_HMAC_SHA1_96_AES256 }, }; const int krb5_enctypes_length = diff --git a/src/lib/crypto/keyblocks.c b/src/lib/crypto/keyblocks.c new file mode 100644 index 000000000..02ff677d1 --- /dev/null +++ b/src/lib/crypto/keyblocks.c @@ -0,0 +1,79 @@ +/* + * lib/crypto/keyblocks.c + * + * Copyright (C) 2002, 2005 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * + * krb5_init_keyblock- a function to set up + * an empty keyblock + */ + + +#include "k5-int.h" +#include <assert.h> + +krb5_error_code krb5int_c_init_keyblock + (krb5_context context, krb5_enctype enctype, + size_t length, krb5_keyblock **out) +{ + krb5_keyblock *kb; + kb = malloc (sizeof(krb5_keyblock)); + assert (out); + *out = NULL; + if (!kb) { + return ENOMEM; + } + kb->magic = KV5M_KEYBLOCK; + kb->enctype = enctype; + kb->length = length; + if(length) { + kb->contents = malloc (length); + if(!kb->contents) { + free (kb); + return ENOMEM; + } + } else { + kb->contents = NULL; + } + *out = kb; + return 0; +} + + +void KRB5_CALLCONV +krb5int_c_free_keyblock(krb5_context context, register krb5_keyblock *val) +{ + krb5_free_keyblock_contents(context, val); + krb5_xfree(val); +} + +void +krb5int_c_free_keyblock_contents(krb5_context context, register krb5_keyblock *key) +{ + if (key->contents) { + krb5int_zap_data (key->contents, key->length); + krb5_xfree(key->contents); + key->contents = 0; + } +} diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports index 744b1de48..b06f2e427 100644 --- a/src/lib/crypto/libk5crypto.exports +++ b/src/lib/crypto/libk5crypto.exports @@ -25,6 +25,8 @@ krb5_c_is_keyed_cksum krb5_c_keyed_checksum_types krb5_c_make_checksum krb5_c_make_random_key +krb5_c_prf +krb5_c_prf_length krb5_c_random_add_entropy krb5_c_random_make_octets krb5_c_random_os_entropy @@ -88,6 +90,9 @@ krb5int_arcfour_string_to_key krb5int_arcfour_translate_usage krb5int_c_combine_keys krb5int_c_mandatory_cksumtype +krb5int_c_free_keyblock +krb5int_c_free_keyblock_contents +krb5int_c_init_keyblock krb5int_c_mit_des_zeroblock krb5int_default_free_state krb5int_des3_cbc_decrypt diff --git a/src/lib/crypto/prf.c b/src/lib/crypto/prf.c new file mode 100644 index 000000000..f52564db4 --- /dev/null +++ b/src/lib/crypto/prf.c @@ -0,0 +1,87 @@ +/* + * lib/crypto/prf.c + * + * Copyright (C) 2004 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * + * This contains the implementation of krb5_c_prf, which will find + *the enctype-specific PRF and then generate pseudo-random data. This + *function yields krb5_c_prf_length bytes of output. + */ + + +#include "k5-int.h" +#include "etypes.h" + +#include <assert.h> + +krb5_error_code KRB5_CALLCONV +krb5_c_prf_length(krb5_context context, krb5_enctype enctype, + size_t *len) +{ + int i; + assert (len); + + for (i=0; i<krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == enctype) + break; + } + + if (i == krb5_enctypes_length) + return(KRB5_BAD_ENCTYPE); + + *len = krb5_enctypes_list[i].prf_length; + return 0; + +} + +krb5_error_code KRB5_CALLCONV +krb5_c_prf(krb5_context context, const krb5_keyblock *key, +krb5_data *input, krb5_data *output) +{ + int i; + size_t len; + assert(input && output); + assert (output->data); + + + for (i=0; i<krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == key->enctype) + break; + } + + if (i == krb5_enctypes_length) + return(KRB5_BAD_ENCTYPE); + + output->magic = KV5M_DATA; + if (!krb5_enctypes_list[i].prf) + return (KRB5_CRYPTO_INTERNAL); + krb5_c_prf_length (context, key->enctype, &len); + if( len != output->length) + return (KRB5_CRYPTO_INTERNAL); + return((*(krb5_enctypes_list[i].prf)) + (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash, + key, input, output)); +} + diff --git a/src/lib/crypto/t_prf.c b/src/lib/crypto/t_prf.c new file mode 100644 index 000000000..f11784b3d --- /dev/null +++ b/src/lib/crypto/t_prf.c @@ -0,0 +1,89 @@ +/* + * lib/crypto/t_prf.c + * + * Copyright (C) 2004 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * This file contains tests for the PRF code in Kerberos. IT reads + *an input file, and writes an output file. It is assumed that the + *output file will be diffed against expected output to see whether + *regression tests pass. The input file is a very primitive format. + *It includes an enctype and to be string2keyed followed by a number of bytes of input + *length, followed by that many bytes of input. The program outputs + *krb5_c_prf of that input and key as a hex string. + */ + +#include "k5-int.h" +#include <assert.h> + +int main () { + krb5_error_code ret; + krb5_data input, output; + krb5_keyblock *key = NULL; + unsigned int in_length; + unsigned int i; + while (1) { + krb5_enctype enctype; + char s[1025]; + + if (scanf( "%d", &enctype) == EOF) + break; + if (scanf("%1024s", &s[0]) == EOF) + break; + assert (krb5_init_keyblock(0, enctype, 0, &key) == 0); + input.data = &s[0]; + input.length = strlen(s); + assert(krb5_c_string_to_key (0, enctype, &input, &input, key) == 0); + + if (scanf("%u", &in_length) == EOF) + break; + + if (in_length ) { + unsigned int lc; + assert ((input.data = malloc(in_length)) != NULL); + for (lc = in_length; lc > 0; lc--) { + scanf ("%2x", &i); + input.data[in_length-lc] = (unsigned) (i&0xff); + } + input.length = in_length; + assert (krb5_c_prf_length(0, enctype, &i) == 0); + assert (output.data = malloc(i)); + output.length = i; + assert (krb5_c_prf(0, key, &input, &output) == 0); + + free (input.data); + input.data = NULL; + } + for (; i > 0; i--) { + printf ("%02x", + (unsigned int) ((unsigned char ) output.data[output.length-i])); + } + printf ("\n"); + + free (output.data); + output.data = NULL; + krb5_free_keyblock(0, key); + key = NULL; + } + + return (0); +} |