+2001-11-09 Sam Hartman <hartmans@mit.edu>
+
+ * yhash.h : Use krb5 shaa1
+
+ * yarrow.c (Yarrow_Reseed): For all calls to cipher_init, use TRY
+ block and use function rather than macros
+ (Yarrow_Reseed): call encrypt block function not macro
+
+ * ycipher.h: Make the the interface use functions not macros; convert for krb5 ciphers
+
2001-11-08 Sam Hartman <hartmans@mit.edu>
+ * ylock.h (lock UNLOCK): Turn into no-ops
+
* yarrow.h: Don't use #error
(YARROW_DLL): Don't actually ever export or import from win32 dlls as Yarrow is not a public part of krb5 API
(yarrow_poll): Drop from the API
mem_zero(y->K, sizeof(y->K));
- CIPHER_Init(&y->cipher, y->K);
+ TRY (Krb5int_Yarrow_Cipher_Init(&y->cipher, y->K));
y->out_left = 0;
y->out_count = 0;
y->gate_count = 0;
/* R <- E_k(C) */
- CIPHER_Encrypt_Block( &y->cipher, y->C, out );
+ TRY ( krb5int_yarrow_cipher_encrypt_block ( &y->cipher, y->C, out ))
#if defined(YARROW_DEBUG)
printf("===\n");
/* need to resetup the key schedule as the key has changed */
- CIPHER_Init(&y->cipher, y->K);
+ TRY (Krb5int_Yarrow_Cipher_Init(&y->cipher, y->K));
CATCH:
TRACE( printf( "]," ); );
/* need to resetup the key schedule as the key has changed */
- CIPHER_Init(&y->cipher, y->K);
+ TRY(Krb5int_Yarrow_Cipher_Init(&y->cipher, y->K));
#if defined(YARROW_DEBUG)
hex_print(stdout, "new K", y->K, sizeof(y->K));
#if defined(YARROW_DEBUG)
hex_print(stdout, "old C", y->C, sizeof(y->C));
#endif
- CIPHER_Encrypt_Block(&y->cipher, zero_block, y->C);
+ TRY (krb5int_yarrow_cipher_encrypt_block (&y->cipher, zero_block, y->C))
#if defined(YARROW_DEBUG)
hex_print(stdout, "new C", y->C, sizeof(y->C));
#endif
--- /dev/null
+/*
+ * lib/crypto/yarrow/ycipher.c
+ *
+ * Copyright (C) 2001 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ *
+ * Routines to implement krb5 cipher operations.
+ */
+#include "k5-int.h"
+#include "yarrow.h"
+#include "ycipher.h"
+#include "enc_provider.h"
+#include "assert.h"
+
+int krb5int_yarrow_cipher_init
+(CIPHER_CTX *ctx,
+ const char * key)
+{
+ size_t keybytes, keylength;
+ const struct krb5_enc_provider *enc = &yarrow_enc_provider;
+ krb5_error_code ret;
+ krb5_data randombits;
+ enc->keysize (&keybytes, &keylength);
+ assert (keybytes == CIPHER_KEY_SIZE);
+ if (ctx->key.contents)
+ krb5_free_keyblock_contents (0, &ctx->key);
+ ctx->key.contents = (void *) malloc (keylength);
+ ctx->key.length = keylength;
+ if (ctx->key.contents == NULL)
+ return (YARROW_NOMEM);
+ randombits.data = (char *) key;
+ randombits.length = keybytes;
+ ret = enc->make_key (&randombits, &ctx->key);
+ if (ret) {
+ krb5_free_keyblock_contents (0, &ctx->key);
+ return (YARROW_FAIL);
+ }
+ return (YARROW_OK);
+}
+
+int krb5int_yarrow_cipher_encrypt_block
+(CIPHER_CTX *ctx, const char *in,
+ char *out)
+{
+ krb5_error_code ret;
+ krb5_data ind;
+ krb5_enc_data outd;
+ const struct krb5_enc_provider *enc = &yarrow_enc_provider;
+ ind.data = (char *) in;
+ ind.length = CIPHER_BLOCK_SIZE;
+ outd.data = out;
+ outd.length = CIPHER_BLOCK_SIZE;
+ ret = enc->encrypt (ctx->key, 0, ind, outd);
+ if (ret)
+ return YARROW_FAIL;
+ return YARROW_OK;
+}
+
/* block cipher interface */
-/* default to 3DES for yarrow 160 */
-
-#if !defined(YARROW_CIPHER_3DES) && !defined(YARROW_CIPHER_BLOWFISH)
-# if !defined(YARROW_CIPHER_IDEA)
-# define YARROW_CIPHER_3DES
-# endif
-#endif
-
-#if defined(YARROW_CIPHER_3DES)
-
-/* For yarrow160 use 3 key 3DES */
-
-#include "openssl/des.h"
-
-/* first deal with DES */
-
-typedef struct { des_key_schedule ks; } DES_CTX;
-
-#define DES_BLOCK_SIZE DES_KEY_SZ
-
-#define DES_PARITY_KEY_SIZE DES_KEY_SZ
-/* effective key size, sans parity */
-#define DES_KEY_SIZE (DES_PARITY_KEY_SIZE-1)
-
-/* key schedule needs to stretch 56 bit key to 64 bit key leaving
- * slots for parity bits
- */
-
-#define DES_Init( ctx, key ) \
-do { \
- byte parity_key[ DES_PARITY_KEY_SIZE ]; \
- void* parity_keyp = (void*)parity_key; \
- parity_key[ 0 ] = (key)[ 0 ]; \
- parity_key[ 1 ] = (key)[ 0 ] << 7 | (key)[ 1 ] >> 2; \
- parity_key[ 2 ] = (key)[ 1 ] << 6 | (key)[ 2 ] >> 3; \
- parity_key[ 3 ] = (key)[ 2 ] << 5 | (key)[ 3 ] >> 4; \
- parity_key[ 4 ] = (key)[ 3 ] << 4 | (key)[ 4 ] >> 5; \
- parity_key[ 5 ] = (key)[ 4 ] << 3 | (key)[ 5 ] >> 6; \
- parity_key[ 6 ] = (key)[ 5 ] << 2 | (key)[ 6 ] >> 7; \
- parity_key[ 7 ] = (key)[ 6 ] << 1; \
- des_key_sched( (des_cblock*) parity_keyp, (ctx)->ks ); \
-} while (0)
-
typedef struct
{
- DES_CTX ks1, ks2, ks3;
+ krb5_keyblock key;
} CIPHER_CTX;
-#define CIPHER_BLOCK_SIZE DES_BLOCK_SIZE
-#define CIPHER_KEY_SIZE (DES_KEY_SIZE * 3)
-
-#if defined( YARROW_NO_MATHLIB )
-/* see macros at end for functions evaluated */
-#define POW_CIPHER_KEY_SIZE 72057594037927936.0
-#define POW_CIPHER_BLOCK_SIZE 18446744073709551616.0
-#endif
-
-#define CIPHER_Init(ctx, key) \
-do { \
- DES_Init( &(ctx)->ks1, key ); \
- DES_Init( &(ctx)->ks2, key+DES_KEY_SIZE ); \
- DES_Init( &(ctx)->ks3, key+2*DES_KEY_SIZE ); \
-} while (0)
-
-#define CIPHER_Encrypt_Block(ctx, in, out)\
- des_ecb3_encrypt((des_cblock*) in, (des_cblock*) out,\
- (ctx)->ks1.ks, (ctx)->ks2.ks, (ctx)->ks3.ks, 1)
-
-#elif defined(YARROW_CIPHER_BLOWFISH)
-
-/* macros to allow blowfish */
-
-#include "openssl/blowfish.h"
+/* We need to choose a cipher. To do this, choose an enc_provider.
+ * Be sure to update the block size and key size constants below;
+ * they are here because static data structures are sized based on
+ * them so they must be known at compile time./ Thus we cannot
+ * call the enc_provider function to get the info.
+ */
-typedef struct
-{
- BF_KEY ks;
-} CIPHER_CTX;
+#define yarrow_enc_provider krb5int_enc_des3
-#define CIPHER_BLOCK_SIZE BF_BLOCK
-#define CIPHER_KEY_SIZE 16
+#define CIPHER_BLOCK_SIZE 8
+#define CIPHER_KEY_SIZE 21
#if defined( YARROW_NO_MATHLIB )
/* see macros at end for functions evaluated */
-#define POW_CIPHER_KEY_SIZE 6981463658331.6
+#define POW_CIPHER_KEY_SIZE 72057594037927936.0
#define POW_CIPHER_BLOCK_SIZE 18446744073709551616.0
#endif
-#define CIPHER_Init(ctx, key)\
- BF_set_key(&(ctx)->ks, CIPHER_KEY_SIZE, (void*)key)
-#define CIPHER_Encrypt_Block(ctx, in, out)\
- BF_ecb_encrypt((void*) in, (void*) out, &(ctx)->ks, 1)
-
-#elif defined(YARROW_CIPHER_IDEA)
-
-/* macros to allow IDEA */
-
-#include "openssl/idea.h"
-
-typedef struct
-{
- IDEA_KEY_SCHEDULE ks;
-} CIPHER_CTX;
-
-#define CIPHER_BLOCK_SIZE IDEA_BLOCK
-#define CIPHER_KEY_SIZE IDEA_KEY_LENGTH
-
-#if defined( YARROW_NO_MATHLIB )
-/* see macros at end for functions evaluated */
-#define POW_CIPHER_KEY_SIZE 6981463658331.55909006437584655441
-#define POW_CIPHER_BLOCK_SIZE 18446744073709551616.000000
-#endif
-
-#define CIPHER_Init(ctx, key)\
- idea_set_encrypt_key((void*) key, &(ctx)->ks)
-#define CIPHER_Encrypt_Block(ctx, in, out)\
- idea_ecb_encrypt((void*)in, (void*)out, &(ctx)->ks)
-
-#endif
+int krb5int_yarrow_cipher_init (CIPHER_CTX *ctx, const char *key);
+int krb5int_yarrow_cipher_encrypt_block
+(CIPHER_CTX *ctx, const char *in, char *out);
#if !defined( YARROW_NO_MATHLIB )
#define POW_CIPHER_KEY_SIZE pow(2.0, CIPHER_KEY_SIZE * 8 / 3.0)
/* default to SHA1 for yarrow 160 */
-#if !defined(YARROW_HASH_SHA1) && !defined(YARROW_HASH_MD5)
-# define YARROW_HASH_SHA1
-#endif
+#include "shs.h"
-#if defined(YARROW_HASH_SHA1)
-/* For yarrow160 use SHA1 */
-#include "openssl/sha.h"
+#define HASH_CTX SHS_INFO
+#define HASH_Init(x) shsinit(x)
+#define HASH_Update(x, buf, sz) shsupdate(x, (void*)buf, sz)
+#define HASH_Final(x, digest) do { \
+ shsfinal(x); \
+ memcpy(digest, (void *) x.digest, SHS_DIGESTSIZE); \
+ } while(0;)
-#define HASH_CTX SHA_CTX
-#define HASH_Init(x) SHA1_Init(x)
-#define HASH_Update(x, buf, sz) SHA1_Update(x, (void*)buf, sz)
-#define HASH_Final(x, digest) SHA1_Final(digest, x)
-#define HASH_DIGEST_SIZE SHA_DIGEST_LENGTH
-
-#elif defined(YARROW_HASH_MD5)
-
-#include "openssl/md5.h"
-
-#define HASH_CTX MD5_CTX
-#define HASH_Init(x) MD5_Init(x)
-#define HASH_Update(x, buf, sz) MD5_Update(x, (void*)buf, sz)
-#define HASH_Final(x, digest) MD5_Final(digest, x)
-
-#define HASH_DIGEST_SIZE MD5_DIGEST_LENGTH
-
-#endif
+#define HASH_DIGEST_SIZE SHS_DIGESTSIZE
#endif /* YHASH_H */
* and YARROW_LOCKING on failure
*/
-#include "openssl/crypto.h"
-int LOCK( void ) { CRYPTO_w_lock(CRYPTO_LOCK_RAND); return (YARROW_OK); }
-int UNLOCK( void ) { CRYPTO_w_unlock(CRYPTO_LOCK_RAND); return (YARROW_OK); }
+
+int LOCK( void ) { return (YARROW_OK); }
+int UNLOCK( void ) { return (YARROW_OK); }
#endif /* YLOCK_H */
projects / krb5.git / commitdiff