##DOS##LIBOBJS = $(OBJS)
+# NOTE: The t_cksum known checksum values are primarily for regression
+# testing. They are not derived a priori, but are known to produce
+# checksums that interoperate.
check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac \
t_cksum4 t_cksum5 \
aes-test \
$(RUN_SETUP) $(VALGRIND) ./t_hmac
$(RUN_SETUP) $(VALGRIND) ./t_prf <$(srcdir)/t_prf.in >t_prf.output
diff t_prf.output $(srcdir)/t_prf.expected
- $(RUN_SETUP) $(VALGRIND) ./t_cksum4 "this is a test"
- $(RUN_SETUP) $(VALGRIND) ./t_cksum5 "this is a test"
+ $(RUN_SETUP) $(VALGRIND) ./t_cksum4 "this is a test" e3f76a07f3401e3536b43a3f54226c39422c35682c354835
+ $(RUN_SETUP) $(VALGRIND) ./t_cksum5 "this is a test" e3f76a07f3401e351143ee6f4c09be1edb4264d55015db53
$(RUN_SETUP) $(VALGRIND) ./t_crc
$(RUN_SETUP) $(VALGRIND) ./t_cts
$(RUN_SETUP) $(VALGRIND) ./aes-test -k > vk.txt
printf("\n");
}
+static void
+parse_hexstring(const char *s, krb5_data *dat)
+{
+ size_t i, len;
+ unsigned int byte;
+ unsigned char *cp;
+
+ len = strlen(s);
+ cp = malloc(len / 2);
+ dat->data = (char *)cp;
+ if (cp == NULL) {
+ dat->length = 0;
+ return;
+ }
+ dat->length = len / 2;
+ for (i = 0; i + 1 < len; i += 2) {
+ sscanf(&s[i], "%2x", &byte);
+ *cp++ = byte;
+ }
+}
+
/*
* Test the checksum verification of Old Style (tm) and correct RSA-MD[4,5]-DES
* checksums.
krb5_keyblock keyblock;
krb5_key key;
krb5_error_code kret=0;
- krb5_data plaintext, newstyle_checksum;
+ krb5_data plaintext, newstyle_checksum, knowncksum_dat;
/* this is a terrible seed, but that's ok for the test. */
printf("cannot get memory for new style checksum\n");
return(ENOMEM);
}
- for (msgindex = 1; msgindex < argc; msgindex++) {
+ for (msgindex = 1; msgindex + 1 < argc; msgindex += 2) {
plaintext.length = strlen(argv[msgindex]);
plaintext.data = argv[msgindex];
}
if (!valid) {
printf("verify on new checksum failed\n");
+ kret = 1;
break;
}
printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
}
if (valid) {
printf("verify on new checksum succeeded, but shouldn't have\n");
+ kret = 1;
break;
}
printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
+ parse_hexstring(argv[msgindex+1], &knowncksum_dat);
+ if (knowncksum_dat.data == NULL) {
+ printf("parse_hexstring failed\n");
+ kret = 1;
+ break;
+ }
+ if ((kret = (*(khp.verify))(key, 0, 0, &plaintext, &knowncksum_dat,
+ &valid))) {
+ printf("verify on known checksum choked with %d\n", kret);
+ break;
+ }
+ if (!valid) {
+ printf("verify on known checksum failed\n");
+ kret = 1;
+ break;
+ }
+ printf("Verify on known checksum succeeded\n");
kret = 0;
}
free(newstyle_checksum.data);
if (!kret)
- printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
+ printf("%d tests passed successfully for MD%d checksum\n", (argc-1)/2, MD);
krb5_k_free_key(NULL, key);
extern struct krb5_enc_provider krb5int_enc_des;
+/* Derive a key by XOR with 0xF0 bytes. */
+static krb5_error_code
+mk_xorkey(krb5_key origkey, krb5_key *xorkey)
+{
+ krb5_error_code retval = 0;
+ unsigned char xorbytes[8];
+ krb5_keyblock xorkeyblock;
+ size_t i = 0;
+
+ if (origkey->keyblock.length != sizeof(xorbytes))
+ return KRB5_CRYPTO_INTERNAL;
+ memcpy(xorbytes, origkey->keyblock.contents, sizeof(xorbytes));
+ for (i = 0; i < sizeof(xorbytes); i++)
+ xorbytes[i] ^= 0xf0;
+
+ /* Do a shallow copy here. */
+ xorkeyblock = origkey->keyblock;
+ xorkeyblock.contents = xorbytes;
+
+ retval = krb5_k_create_key(0, &xorkeyblock, xorkey);
+ zap(xorbytes, sizeof(xorbytes));
+ return retval;
+}
+
static krb5_error_code
k5_md4des_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
const krb5_data *input, krb5_data *output)
krb5_data data;
krb5_MD4_CTX ctx;
unsigned char conf[CONFLENGTH];
+ krb5_key xorkey = NULL;
struct krb5_enc_provider *enc = &krb5int_enc_des;
if (output->length != (CONFLENGTH+RSA_MD4_CKSUM_LENGTH))
if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &data)))
return(ret);
+ ret = mk_xorkey(key, &xorkey);
+ if (ret)
+ return ret;
+
/* hash the confounder, then the input data */
krb5int_MD4Init(&ctx);
memcpy(output->data, conf, CONFLENGTH);
memcpy(output->data+CONFLENGTH, ctx.digest, RSA_MD4_CKSUM_LENGTH);
- ret = enc->encrypt(key, NULL, output, output);
+ ret = enc->encrypt(xorkey, NULL, output, output);
+
+ krb5_k_free_key(NULL, xorkey);
return (ret);
}
krb5_error_code ret;
krb5_MD4_CTX ctx;
unsigned char plaintext[CONFLENGTH+RSA_MD4_CKSUM_LENGTH];
+ krb5_key xorkey = NULL;
int compathash = 0;
struct krb5_enc_provider *enc = &krb5int_enc_des;
krb5_data output, iv;
+ iv.data = NULL;
+ iv.length = 0;
+
if (key->keyblock.length != 8)
return(KRB5_BAD_KEYSIZE);
if (hash->length != (CONFLENGTH+RSA_MD4_CKSUM_LENGTH)) {
iv.length = key->keyblock.length;
if (key->keyblock.contents)
memcpy(iv.data, key->keyblock.contents, key->keyblock.length);
+ } else {
+ ret = mk_xorkey(key, &xorkey);
+ if (ret)
+ return ret;
}
/* decrypt it */
- output.data = plaintext;
+ output.data = (char *)plaintext;
output.length = hash->length;
if (!compathash) {
- ret = enc->decrypt(key, NULL, hash, &output);
+ ret = enc->decrypt(xorkey, NULL, hash, &output);
+ krb5_k_free_key(NULL, xorkey);
} else {
ret = enc->decrypt(key, &iv, hash, &output);
- }
-
- if (compathash && iv.data) {
- free (iv.data);
+ zap(iv.data, iv.length);
+ free(iv.data);
}
if (ret) return(ret);
extern struct krb5_enc_provider krb5int_enc_des;
+/* Derive a key by XOR with 0xF0 bytes. */
+static krb5_error_code
+mk_xorkey(krb5_key origkey, krb5_key *xorkey)
+{
+ krb5_error_code retval = 0;
+ unsigned char xorbytes[8];
+ krb5_keyblock xorkeyblock;
+ size_t i = 0;
+
+ if (origkey->keyblock.length != sizeof(xorbytes))
+ return KRB5_CRYPTO_INTERNAL;
+ memcpy(xorbytes, origkey->keyblock.contents, sizeof(xorbytes));
+ for (i = 0; i < sizeof(xorbytes); i++)
+ xorbytes[i] ^= 0xf0;
+
+ /* Do a shallow copy here. */
+ xorkeyblock = origkey->keyblock;
+ xorkeyblock.contents = xorbytes;
+
+ retval = krb5_k_create_key(0, &xorkeyblock, xorkey);
+ zap(xorbytes, sizeof(xorbytes));
+ return retval;
+}
+
static krb5_error_code
k5_md5des_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
const krb5_data *input, krb5_data *output)
krb5_data data;
krb5_MD5_CTX ctx;
unsigned char conf[CONFLENGTH];
+ krb5_key xorkey = NULL;
struct krb5_enc_provider *enc = &krb5int_enc_des;
if (output->length != (CONFLENGTH+RSA_MD5_CKSUM_LENGTH))
if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &data)))
return(ret);
+ ret = mk_xorkey(key, &xorkey);
+ if (ret)
+ return ret;
+
/* hash the confounder, then the input data */
krb5int_MD5Init(&ctx);
memcpy(output->data, conf, CONFLENGTH);
memcpy(output->data+CONFLENGTH, ctx.digest, RSA_MD5_CKSUM_LENGTH);
- ret = enc->encrypt(key, NULL, output, output);
+ ret = enc->encrypt(xorkey, NULL, output, output);
+
+ krb5_k_free_key(NULL, xorkey);
return ret;
krb5_error_code ret;
krb5_MD5_CTX ctx;
unsigned char plaintext[CONFLENGTH+RSA_MD5_CKSUM_LENGTH];
+ krb5_key xorkey = NULL;
int compathash = 0;
struct krb5_enc_provider *enc = &krb5int_enc_des;
krb5_data output, iv;
+ iv.data = NULL;
+ iv.length = 0;
+
if (key->keyblock.length != 8)
return(KRB5_BAD_KEYSIZE);
iv.length = key->keyblock.length;
if (key->keyblock.contents)
memcpy(iv.data, key->keyblock.contents, key->keyblock.length);
+ } else {
+ ret = mk_xorkey(key, &xorkey);
+ if (ret)
+ return ret;
}
/* decrypt it */
- output.data = plaintext;
+ output.data = (char *)plaintext;
output.length = hash->length;
if (!compathash) {
- ret = enc->decrypt(key, NULL, hash, &output);
+ ret = enc->decrypt(xorkey, NULL, hash, &output);
+ krb5_k_free_key(NULL, xorkey);
} else {
ret = enc->decrypt(key, &iv, hash, &output);
- }
-
- if (compathash && iv.data) {
- free (iv.data);
+ zap(iv.data, iv.length);
+ free(iv.data);
}
if (ret) return(ret);