+2001-11-06 Sam Hartman <hartmans@tir-na-nogth.mit.edu>
+
+ * k5-int.h: Add krb5int_des_init_state and krb5int_default_free_state
+
+2001-11-06 Sam Hartman <hartmans@mit.edu>
+
+ * k5-int.h: Add init_state and free_state to enc_provider struct
+
+2001-11-05 Sam Hartman <hartmans@mit.edu>
+
+ * krb5.hin: Add krb5_c_init_state and krb5_c_free_state
+
2001-10-30 Ezra Peisach <epeisach@mit.edu>
* fake-addrinfo.c (freeaddrinfo): Do not free NULL pointers.
keylength is the output size */
void (*keysize) (size_t *keybytes, size_t *keylength);
- /* ivec == 0 is an all-zeros ivec */
+ /* cipher-state == 0 fresh state thrown away at end */
krb5_error_code (*encrypt) (krb5_const krb5_keyblock *key,
- krb5_const krb5_data *ivec,
+ krb5_const krb5_data *cipher_state,
krb5_const krb5_data *input,
krb5_data *output);
krb5_error_code (*make_key) (krb5_const krb5_data *randombits,
krb5_keyblock *key);
+
+ krb5_error_code (*init_state) (krb5_const krb5_keyblock *key,
+ krb5_keyusage keyusage, krb5_data *out_state);
+ krb5_error_code (*free_state) (krb5_data *state);
+
};
struct krb5_hash_provider {
krb5_const krb5_keyblock *key, unsigned int icount,
krb5_const krb5_data *input, krb5_data *output);
+/* A definition of init_state for DES based encryption systems.
+ * sets up an 8-byte IV of all zeros
+ */
+
+krb5_error_code krb5int_des_init_state
+(krb5_const krb5_keyblock *key, krb5_keyusage usage, krb5_data *new_state);
+
+/*
+ * normally to free a cipher_state you can just memset the length to zero and
+ * free it.
+ */
+krb5_error_code krb5int_default_free_state
+(krb5_data *state);
+
+
/*
* These declarations are here, so both krb5 and k5crypto
* can get to them.
krb5_error_code KRB5_CALLCONV
krb5_c_encrypt
(krb5_context context, krb5_const krb5_keyblock *key,
- krb5_keyusage usage, krb5_const krb5_data *ivec,
+ krb5_keyusage usage, krb5_const krb5_data *cipher_state,
krb5_const krb5_data *input, krb5_enc_data *output);
krb5_error_code KRB5_CALLCONV
krb5_c_decrypt
(krb5_context context, krb5_const krb5_keyblock *key,
- krb5_keyusage usage, krb5_const krb5_data *ivec,
+ krb5_keyusage usage, krb5_const krb5_data *cipher_state,
krb5_const krb5_enc_data *input, krb5_data *output);
krb5_error_code KRB5_CALLCONV
(krb5_context context, krb5_enctype enctype,
size_t *blocksize);
+krb5_error_code KRB5_CALLCONV
+ krb5_c_init_state
+(krb5_context context,
+krb5_const krb5_keyblock *key, krb5_keyusage usage,
+krb5_data *new_state);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_free_state
+(krb5_context context, krb5_const krb5_keyblock *key, krb5_data *state);
+
krb5_error_code KRB5_CALLCONV
krb5_c_make_random_key
(krb5_context context, krb5_enctype enctype,
+2001-11-06 Sam Hartman <hartmans@tir-na-nogth.mit.edu>
+
+ * state.c: New file
+
+ * default_state.c: New file.
+
2001-10-29 Jeff Altman <jaltman@columbia.edu>
* Makefile.in - Windows configuration for src/lib/crypto/arcfour
cksumtypes.o \
coll_proof_cksum.o \
crypto_libinit.o \
+ default_state.o \
decrypt.o \
encrypt.o \
encrypt_length.o \
nfold.o \
old_api_glue.o \
prng.o \
+ state.o \
string_to_cksumtype.o \
string_to_enctype.o \
string_to_key.o \
$(OUTPRE)cksumtypes.$(OBJEXT) \
$(OUTPRE)coll_proof_cksum.$(OBJEXT) \
$(OUTPRE)crypto_libinit.$(OBJEXT) \
+ $(OUTPRE)default_state.$(OBJEXT) \
$(OUTPRE)decrypt.$(OBJEXT) \
$(OUTPRE)encrypt.$(OBJEXT) \
$(OUTPRE)encrypt_length.$(OBJEXT) \
$(OUTPRE)nfold.$(OBJEXT) \
$(OUTPRE)old_api_glue.$(OBJEXT) \
$(OUTPRE)prng.$(OBJEXT) \
+ $(OUTPRE)state.$(OBJEXT) \
$(OUTPRE)string_to_cksumtype.$(OBJEXT) \
$(OUTPRE)string_to_enctype.$(OBJEXT) \
$(OUTPRE)string_to_key.$(OBJEXT) \
$(srcdir)/cksumtypes.c \
$(srcdir)/coll_proof_cksum.c \
$(srcdir)/crypto_libinit.c \
+ $(srcdir)/default_state.c \
$(srcdir)/decrypt.c \
$(srcdir)/encrypt.c \
$(srcdir)/encrypt_length.c \
$(srcdir)/nfold.c \
$(srcdir)/old_api_glue.c \
$(srcdir)/prng.c \
+ $(srcdir)/state.c \
$(srcdir)/string_to_cksumtype.c \
$(srcdir)/string_to_enctype.c \
$(srcdir)/string_to_key.c \
+2001-11-06 Sam Hartman <hartmans@mit.edu>
+
+ * arcfour-int.h: Structure for arcfour cipher state
+
2001-10-26 Ezra Peisach <epeisach@mit.edu>
* string_to_key.c (krb5_arcfour_string_to_key): Cleanup variables
unsigned char state[256];
} ArcfourContext;
+typedef struct {
+ int initialized;
+ ArcfourContext ctx;
+} ArcFourCipherState;
+
krb5_keyusage krb5int_arcfour_translate_usage(krb5_keyusage usage);
--- /dev/null
+/*
+ * Copyright (C) 2001 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * Section 6 (Encryption) of the Kerberos revisions document defines
+ * cipher states to be used to chain encryptions and decryptions
+ * together. Examples of cipher states include initialization vectors
+ * for CBC encription. Most Kerberos encryption systems can share
+ * code for initializing and freeing cipher states. This file
+ * contains that default code.
+ */
+
+#include "k5-int.h"
+
+krb5_error_code krb5int_des_init_state
+(const krb5_keyblock *key, krb5_keyusage usage, krb5_data *new_state )
+{
+ new_state->length = 8;
+ new_state->data = (void *) malloc(8);
+ if (new_state->data) {
+ memset (new_state->data, 0, new_state->length);
+ /* We need to copy in the key for des-cbc-cr--ick, but that's how it works*/
+ if (key->enctype == ENCTYPE_DES_CBC_CRC) {
+ memcpy (new_state->data, key->contents, new_state->length);
+ }
+ } else {
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code krb5int_default_free_state
+(krb5_data *state)
+{
+ if (state->data) {
+ free (state->data);
+ state-> data = NULL;
+ state->length = 0;
+ }
+ return 0;
+}
+
+
+
+2001-11-06 Sam Hartman <hartmans@mit.edu>
+
+ * arcfour.c (k5_arcfour_docrypt): Treat state as an
+ ArcFourCipherState structure; manipulate and initialize as appropriate.
+ (k5_arcfour_init_state): new function
+
+ * arcfour.c des.c des3.c: Add state functions
+
2001-10-23 Sam Hartman <hartmans@mit.edu>
* arcfour.c (endif /* gcc inlines*/): handle inlines in an ansi-compatible manner
krb5_const krb5_data *input, krb5_data *output)
{
ArcfourContext *arcfour_ctx;
+ ArcFourCipherState *cipher_state;
int ret;
if (key->length != 16)
return(KRB5_BAD_KEYSIZE);
- if (state && (state->length != sizeof (ArcfourContext)))
+ if (state && (state->length != sizeof (ArcFourCipherState)))
return(KRB5_BAD_MSIZE);
if (input->length != output->length)
return(KRB5_BAD_MSIZE);
if (state) {
- arcfour_ctx=(ArcfourContext *)state->data;
+ cipher_state = (ArcFourCipherState *) state->data;
+ arcfour_ctx=&cipher_state->ctx;
+ if (cipher_state->initialized == 0) {
+ if ((ret=k5_arcfour_init(arcfour_ctx, key->contents, key->length))) {
+ return ret;
+ }
+ cipher_state->initialized = 1;
+ }
k5_arcfour_crypt(arcfour_ctx, (unsigned char *) output->data, (const unsigned char *) input->data, input->length);
}
else {
return(0);
}
+static krb5_error_code
+k5_arcfour_init_state (const krb5_keyblock *key,
+ krb5_keyusage keyusage, krb5_data *new_state)
+{
+ /* Note that we can't actually set up the state here because the key
+ * will change between now and when encrypt is called
+ * because it is data dependent. Yeah, this has strange
+ * properties. --SDH
+ */
+ new_state->length = sizeof (ArcFourCipherState);
+ new_state->data = malloc (new_state->length);
+ if (new_state->data) {
+ memset (new_state->data, 0 , new_state->length);
+ /* That will set initialized to zero*/
+ }else {
+ return (ENOMEM);
+ }
+ return 0;
+}
+
/* Since the arcfour cipher is identical going forwards and backwards,
we just call "docrypt" directly
*/
k5_arcfour_keysize,
k5_arcfour_docrypt,
k5_arcfour_docrypt,
- k5_arcfour_make_key
+ k5_arcfour_make_key,
+ k5_arcfour_init_state, /*xxx not implemented yet*/
+ krb5int_default_free_state
};
k5_des_keysize,
k5_des_encrypt,
k5_des_decrypt,
- k5_des_make_key
+ k5_des_make_key,
+ krb5int_des_init_state,
+ krb5int_default_free_state
};
k5_des3_keysize,
k5_des3_encrypt,
k5_des3_decrypt,
- k5_des3_make_key
+ k5_des3_make_key,
+ krb5int_des_init_state,
+ krb5int_default_free_state
};
--- /dev/null
+/*
+ * lib/crypto/state.c
+ *
+ * Copyright (C) 2001 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+
+ *
+ *
+ *
+ * * Section 6 (Encryption) of the Kerberos revisions document defines
+ * cipher states to be used to chain encryptions and decryptions
+ * together. Examples of cipher states include initialization vectors
+ * for CBC encription. This file contains implementations of
+ * krb5_c_init_state and krb5_c_free_state used by clients of the
+ * Kerberos crypto library.
+ */
+#include "k5-int.h"
+#include "etypes.h"
+
+krb5_error_code krb5_c_init_state
+(krb5_context context, const krb5_keyblock *key,
+ krb5_keyusage keyusage, krb5_data *new_state)
+{
+ int i;
+
+ for (i=0; i<krb5_enctypes_length; i++) {
+ if (krb5_enctypes_list[i].etype == key->enctype)
+ break;
+ }
+
+ if (i == krb5_enctypes_length)
+ return(KRB5_BAD_ENCTYPE);
+
+ return (*(krb5_enctypes_list[i].enc->init_state))
+ (key, keyusage, new_state);
+}
+
+krb5_error_code krb5_c_free_state
+(krb5_context context, const krb5_keyblock *key, krb5_data *state)
+{
+ int i;
+
+ for (i=0; i<krb5_enctypes_length; i++) {
+ if (krb5_enctypes_list[i].etype == key->enctype)
+ break;
+ }
+
+ if (i == krb5_enctypes_length)
+ return(KRB5_BAD_ENCTYPE);
+
+ return (*(krb5_enctypes_list[i].enc->free_state))
+ (state);
+}
/*
- * lib/crypto/t_encrypt.c
+main * lib/crypto/t_encrypt.c
*
* Copyright2001 by the Massachusetts Institute of Technology.
* All Rights Reserved.
abort(); \
} else printf ("OK\n");
-int main () {
+int
+main ()
+{
krb5_context context ;
- krb5_data in, out, check;
+ krb5_data in, out, check, state;
int i;
size_t len;
krb5_enc_data enc_out;
krb5_c_encrypt (context, &key, 7, 0, &in, &enc_out));
test ("Decrypting",
krb5_c_decrypt (context, &key, 7, 0, &enc_out, &check));
+ test ("init_state",
+ krb5_c_init_state (context, &key, 7, &state));
+ test ("Encrypting with state",
+ krb5_c_encrypt (context, &key, 7, &state, &in, &enc_out));
+ test ("Decrypting",
+ krb5_c_decrypt (context, &key, 7, 0, &enc_out, &check));
+ test ("free_state",
+ krb5_c_free_state (context, &key, &state));
}
return 0;
}
projects / krb5.git / commitdiff