d3_cbc.o \
d3_aead.o \
d3_kysched.o \
+ des_prf.o \
f_aead.o \
f_cbc.o \
f_cksum.o \
$(OUTPRE)d3_cbc.$(OBJEXT) \
$(OUTPRE)d3_aead.$(OBJEXT) \
$(OUTPRE)d3_kysched.$(OBJEXT) \
+ $(OUTPRE)des_prf.$(OBJEXT) \
$(OUTPRE)f_aead.$(OBJEXT) \
$(OUTPRE)f_cbc.$(OBJEXT) \
$(OUTPRE)f_cksum.$(OBJEXT) \
$(srcdir)/d3_cbc.c \
$(srcdir)/d3_aead.c \
$(srcdir)/d3_kysched.c \
+ $(srcdir)/des_prf.c \
$(srcdir)/f_aead.c \
$(srcdir)/f_cbc.c \
$(srcdir)/f_cksum.c \
extern krb5_error_code mit_des_set_random_sequence_number
(const krb5_data * sequence,
krb5_pointer random_state);
-
+krb5_error_code
+krb5int_des_prf (const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key,
+ const krb5_data *in, krb5_data *out);
#endif /*DES_INTERNAL_DEFS*/
--- /dev/null
+/*
+ * lib/crypto/des/des_prf.c
+ *
+ * Copyright (C) 2004, 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ *
+ * This file contains an implementation of the RFC 3961 PRF for
+ * des-cbc-crc, des-cbc-md4, and des-cbc-md5 enctypes.
+ */
+
+#include "k5-int.h"
+#include "../hash_provider/hash_provider.h" /* XXX is this ok? */
+
+krb5_error_code
+krb5int_des_prf (const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key,
+ const krb5_data *in, krb5_data *out)
+{
+ krb5_data tmp;
+ krb5_error_code ret = 0;
+
+ hash = &krb5int_hash_md5; /* MD5 is always used. */
+ tmp.length = hash->hashsize;
+ tmp.data = malloc(hash->hashsize);
+ if (tmp.data == NULL)
+ return ENOMEM;
+ ret = hash->hash(1, in, &tmp);
+ if (ret == 0)
+ ret = enc->encrypt(key, NULL, &tmp, out);
+ free(tmp.data);
+ return ret;
+}
#include "dk.h"
#include "arcfour.h"
#include "aes_s2k.h"
+#include "des/des_int.h"
/* these will be linear searched. if they ever get big, a binary
search or hash table would be better, which means these would need
{ ENCTYPE_DES_CBC_CRC,
"des-cbc-crc", { 0 }, "DES cbc mode with CRC-32",
&krb5int_enc_des, &krb5int_hash_crc32,
- 8,
+ 16,
krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
krb5int_des_string_to_key,
- NULL, /*PRF*/
+ krb5int_des_prf,
CKSUMTYPE_RSA_MD5,
NULL, /*AEAD*/
ETYPE_WEAK },
{ ENCTYPE_DES_CBC_MD4,
"des-cbc-md4", { 0 }, "DES cbc mode with RSA-MD4",
&krb5int_enc_des, &krb5int_hash_md4,
- 8,
+ 16,
krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
krb5int_des_string_to_key,
- NULL, /*PRF*/
+ krb5int_des_prf,
CKSUMTYPE_RSA_MD4,
NULL, /*AEAD*/
ETYPE_WEAK },
{ ENCTYPE_DES_CBC_MD5,
"des-cbc-md5", { "des" }, "DES cbc mode with RSA-MD5",
&krb5int_enc_des, &krb5int_hash_md5,
- 8,
+ 16,
krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
krb5int_des_string_to_key,
- NULL, /*PRF*/
+ krb5int_des_prf,
CKSUMTYPE_RSA_MD5,
NULL, /*AEAD*/
ETYPE_WEAK },
{ ENCTYPE_DES_CBC_RAW,
"des-cbc-raw", { 0 }, "DES cbc mode raw",
&krb5int_enc_des, NULL,
- 8,
+ 16,
krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
krb5int_des_string_to_key,
- NULL, /*PRF*/
+ krb5int_des_prf,
0,
&krb5int_aead_raw,
ETYPE_WEAK },
{ ENCTYPE_DES3_CBC_RAW,
"des3-cbc-raw", { 0 }, "Triple DES cbc mode raw",
&krb5int_enc_des3, NULL,
- 8,
+ 16,
krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
krb5int_dk_string_to_key,
NULL, /*PRF*/
"des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" },
"Triple DES cbc mode with HMAC/sha1",
&krb5int_enc_des3, &krb5int_hash_sha1,
- 8,
+ 16,
krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
krb5int_dk_string_to_key,
- NULL, /*PRF*/
+ krb5int_dk_prf,
CKSUMTYPE_HMAC_SHA1_DES3,
&krb5int_aead_dk,
0 /*flags*/ },
The first test mirrors the first two tests in t_prf.in.
The second test mirrors the following four tests in t_prf.in.
+
+The third and fourth tests are simple tests of the DES and 3DES PRF.
97df97e4b798b29eb31ed7280287a92a
4d6ca4e629785c1f01baf55e2e548566b9617ae3a96868c337cb93b5e72b1c7b
+43bae3738c9467e6
+e58f9eb643862c13ad38e529313462a7f73e62834fe54a01
key2
a
b
+1
+key1
+key2
+a
+b
+16
+key1
+key2
+a
+b