* des_crc.c des_md5.c:
authorRichard Basch <probe@mit.edu>
Wed, 15 May 1996 01:03:37 +0000 (01:03 +0000)
committerRichard Basch <probe@mit.edu>
Wed, 15 May 1996 01:03:37 +0000 (01:03 +0000)
        set the length field of the cksum structure.

* des3_sha.c:
        Increase the confounder length to 24 bytes.
        Set the length of the cksum structure.

* cryptoconf.c:
sha-des3 cksum has been replaced by hmac-sha

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8027 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/crypto/ChangeLog
src/lib/crypto/cryptoconf.c
src/lib/crypto/des3_sha.c
src/lib/crypto/des_crc.c
src/lib/crypto/des_md5.c

index e113e06e3cf1390cc66a71cf4e7655f8b883d38f..3a45d7e716e927a2ea694ee0e8ef7923b4325959 100644 (file)
@@ -1,3 +1,12 @@
+Tue May 14 15:14:20 1996  Richard Basch  <basch@lehman.com>
+
+       * des_crc.c des_md5.c:
+               set the length field of the cksum structure.
+
+       * des3_sha.c:
+               Increase the confounder length to 24 bytes.
+               Set the length of the cksum structure.
+
 Fri May 10 01:34:46 1996  Richard Basch  <basch@lehman.com>
 
        * configure.in cryptoconf.c des3_sha.c:
index 60e9e89b019ee2cd9a60f24a6f9d21dcd8e2d8a2..768c6cf3cb7042806f69b3c02474fca3d08883ee 100644 (file)
 #ifdef PROVIDE_NIST_SHA
 #include "shs.h"
 #define SHA_CKENTRY &nist_sha_cksumtable_entry
-#define SHA_DES3_CKENTRY &nist_sha_des3_cksumtable_entry
+#define HMAC_SHA_CKENTRY &hmac_sha_cksumtable_entry
 #else
 #define SHA_CKENTRY 0
-#define SHA_DES3_CKENTRY 0
+#define HMAC_SHA_CKENTRY 0
 #endif
 
 #ifdef PROVIDE_SNEFRU
@@ -153,7 +153,7 @@ krb5_checksum_entry * NEAR krb5_cksumarray[] = {
     MD5_CKENTRY,               /* 7 - CKSUMTYPE_RSA_MD5 */
     MD5_DES_CKENTRY,           /* 8 - CKSUMTYPE_RSA_MD5_DES */
     SHA_CKENTRY,               /* 9 - CKSUMTYPE_NIST_SHA */
-    SHA_DES3_CKENTRY           /* 10 - CKSUMTYPE_NIST_SHA_DES3 */
+    HMAC_SHA_CKENTRY           /* 10 - CKSUMTYPE_NIST_SHA_DES3 */
 };
 
 krb5_cksumtype krb5_max_cksum = sizeof(krb5_cksumarray)/sizeof(krb5_cksumarray[0]);
index 90d9af089b00339cef4dcd61492d5e7185b0969b..260ceb374521bd587468de5a61436f37cae66953 100644 (file)
 #include "shs.h"
 #include "des_int.h"
 
-krb5_error_code mit_des3_sha_encrypt_func
+
+#define DES3_SHA_CONFOUNDER_SIZE       sizeof(mit_des3_cblock)
+
+static krb5_error_code
+mit_des3_sha_encrypt_func
     PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t,
                krb5_encrypt_block *, krb5_pointer ));
 
-krb5_error_code mit_des3_sha_decrypt_func
+static krb5_error_code
+mit_des3_sha_decrypt_func
     PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t,
                krb5_encrypt_block *, krb5_pointer ));
 
@@ -47,7 +52,7 @@ static krb5_cryptosystem_entry mit_des3_sha_cryptosystem_entry = {
     mit_des_finish_random_key,
     mit_des_random_key,
     sizeof(mit_des_cblock),
-    NIST_SHA_CKSUM_LENGTH+sizeof(mit_des_cblock),
+    NIST_SHA_CKSUM_LENGTH + DES3_SHA_CONFOUNDER_SIZE,
     sizeof(mit_des3_cblock),
     ENCTYPE_DES3_CBC_SHA
     };
@@ -72,58 +77,54 @@ mit_des3_sha_encrypt_func(in, out, size, key, ivec)
     int sumsize;
     krb5_error_code retval;
 
-/*    if ( size < sizeof(mit_des_cblock) )
-       return KRB5_BAD_MSIZE; */
-
     /* caller passes data size, and saves room for the padding. */
     /* format of ciphertext, per RFC is:
       +-----------+----------+-------------+-----+
       |confounder |   check  |   msg-seq   | pad |
       +-----------+----------+-------------+-----+
       
-      our confounder is 8 bytes (one cblock);
+      our confounder is 24 bytes
       our checksum is NIST_SHA_CKSUM_LENGTH
      */
-    sumsize =  krb5_roundup(size+NIST_SHA_CKSUM_LENGTH+sizeof(mit_des_cblock),
-                           sizeof(mit_des_cblock));
+    sumsize =  krb5_roundup(size + mit_des3_sha_cryptosystem_entry.pad_minimum,
+                           mit_des3_sha_cryptosystem_entry.block_length);
 
     /* assemble crypto input into the output area, then encrypt in place. */
 
     memset((char *)out, 0, sumsize);
 
     /* put in the confounder */
-    if ((retval = krb5_random_confounder(sizeof(mit_des_cblock), out)))
+    if ((retval = krb5_random_confounder(DES3_SHA_CONFOUNDER_SIZE, out)))
        return retval;
 
-    memcpy((char *)out+sizeof(mit_des_cblock)+NIST_SHA_CKSUM_LENGTH, (char *)in,
-          size);
+    memcpy((char *)out + mit_des3_sha_cryptosystem_entry.pad_minimum,
+          (char *)in, size);
 
+    cksum.length = sizeof(contents);
     cksum.contents = contents; 
 
-    /* This is equivalent to krb5_calculate_checksum(CKSUMTYPE_MD5,...)
+    /* This is equivalent to krb5_calculate_checksum(CKSUMTYPE_SHA,...)
        but avoids use of the cryptosystem config table which can not be
-       referenced here if this object is to be included in a shared library.  */
-    if ((retval = nist_sha_cksumtable_entry.sum_func((krb5_pointer) out,
-                                                   sumsize,
-                                                   (krb5_pointer)key->key->contents,
-                                                   key->key->length,
-                                                   &cksum)))
+       referenced here if this object is to be included in a shared library. */
+    retval = nist_sha_cksumtable_entry.sum_func((krb5_pointer) out, sumsize,
+                                               0, 0, &cksum);
+    if (retval)
        return retval;
 
-    memcpy((char *)out+sizeof(mit_des_cblock), (char *)contents,
-          NIST_SHA_CKSUM_LENGTH);
+    memcpy((char *)out + DES3_SHA_CONFOUNDER_SIZE,
+          (char *)contents, NIST_SHA_CKSUM_LENGTH);
 
     /* We depend here on the ability of this DES-3 implementation to
        encrypt plaintext to ciphertext in-place. */
-    return (mit_des3_cbc_encrypt(out, 
-                               out,
-                               sumsize, 
-                               (struct mit_des_ks_struct *) key->priv, 
-                               ((struct mit_des_ks_struct *) key->priv) + 1, 
-                               ((struct mit_des_ks_struct *) key->priv) + 2, 
-                               ivec ? ivec : (krb5_pointer)zero_ivec,
-                               MIT_DES_ENCRYPT));
-    
+    retval = mit_des3_cbc_encrypt(out,
+                                 out,
+                                 sumsize,
+                                 (struct mit_des_ks_struct *) key->priv,
+                                 ((struct mit_des_ks_struct *) key->priv) + 1,
+                                 ((struct mit_des_ks_struct *) key->priv) + 2,
+                                 ivec ? ivec : (krb5_pointer)zero_ivec,
+                                 MIT_DES_ENCRYPT);
+    return retval;
 }
 
 krb5_error_code
@@ -140,35 +141,38 @@ mit_des3_sha_decrypt_func(in, out, size, key, ivec)
     char       *p;
     krb5_error_code   retval;
 
-    if ( size < 2*sizeof(mit_des_cblock) )
+    if ( size < krb5_roundup(mit_des3_sha_cryptosystem_entry.pad_minimum,
+                            mit_des3_sha_cryptosystem_entry.block_length))
        return KRB5_BAD_MSIZE;
 
     retval = mit_des3_cbc_encrypt((const mit_des_cblock *) in,
-                                out,
-                                size,
-                                (struct mit_des_ks_struct *) key->priv,
-                                ((struct mit_des_ks_struct *) key->priv) + 1, 
-                                ((struct mit_des_ks_struct *) key->priv) + 2, 
-                                ivec ? ivec : (krb5_pointer)zero_ivec,
-                                MIT_DES_DECRYPT);
+                                 out,
+                                 size,
+                                 (struct mit_des_ks_struct *) key->priv,
+                                 ((struct mit_des_ks_struct *) key->priv) + 1,
+                                 ((struct mit_des_ks_struct *) key->priv) + 2,
+                                 ivec ? ivec : (krb5_pointer)zero_ivec,
+                                 MIT_DES_DECRYPT);
     if (retval)
        return retval;
 
+    cksum.length = sizeof(contents_prd);
     cksum.contents = contents_prd;
-    p = (char *)out + sizeof(mit_des_cblock);
+    p = (char *)out + DES3_SHA_CONFOUNDER_SIZE;
     memcpy((char *)contents_get, p, NIST_SHA_CKSUM_LENGTH);
     memset(p, 0, NIST_SHA_CKSUM_LENGTH);
 
-    if ((retval = nist_sha_cksumtable_entry.sum_func(out, size,
-                                                   (krb5_pointer)key->key->contents,
-                                                   key->key->length,
-                                                   &cksum)))
+    retval = nist_sha_cksumtable_entry.sum_func(out, size, 0, 0, &cksum);
+    if (retval)
        return retval;
 
-    if (memcmp((char *)contents_get, (char *)contents_prd, NIST_SHA_CKSUM_LENGTH) )
+    if (memcmp((char *)contents_get,
+              (char *)contents_prd,
+              NIST_SHA_CKSUM_LENGTH))
         return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+
     memmove((char *)out, (char *)out +
-          sizeof(mit_des_cblock) + NIST_SHA_CKSUM_LENGTH,
-          size - sizeof(mit_des_cblock) - NIST_SHA_CKSUM_LENGTH);
+           mit_des3_sha_cryptosystem_entry.pad_minimum,
+           size - mit_des3_sha_cryptosystem_entry.pad_minimum);
     return 0;
 }
index b1a93dea42b028bc2f2ce2bbbe27ee70a8b07854..6317f61d7aebfb2d27b1852b745d820ed976fb59 100644 (file)
@@ -96,6 +96,7 @@ mit_des_crc_encrypt_func(in, out, size, key, ivec)
     memcpy((char *)out+sizeof(mit_des_cblock)+CRC32_CKSUM_LENGTH, (char *)in,
           size);
 
+    cksum.length = sizeof(contents);
     cksum.contents = contents; 
 
     /* This is equivalent to krb5_calculate_checksum(CKSUMTYPE_CRC32,...)
@@ -148,6 +149,7 @@ mit_des_crc_decrypt_func(in, out, size, key, ivec)
     if (retval)
        return retval;
 
+    cksum.length = sizeof(contents_prd);
     cksum.contents = contents_prd;
     p = (char *)out + sizeof(mit_des_cblock);
     memcpy((char *)contents_get, p, CRC32_CKSUM_LENGTH);
index 3ae64d7bcf03bec0873c5b1d7e6a15ff3ba84289..6794f568f6e2ccd84f0744ac9a19ae756ce73dae 100644 (file)
@@ -97,6 +97,7 @@ mit_des_md5_encrypt_func(in, out, size, key, ivec)
     memcpy((char *)out+sizeof(mit_des_cblock)+RSA_MD5_CKSUM_LENGTH, (char *)in,
           size);
 
+    cksum.length = sizeof(contents);
     cksum.contents = contents; 
 
     /* This is equivalent to krb5_calculate_checksum(CKSUMTYPE_MD5,...)
@@ -149,6 +150,7 @@ mit_des_md5_decrypt_func(in, out, size, key, ivec)
     if (retval)
        return retval;
 
+    cksum.length = sizeof(contents_prd);
     cksum.contents = contents_prd;
     p = (char *)out + sizeof(mit_des_cblock);
     memcpy((char *)contents_get, p, RSA_MD5_CKSUM_LENGTH);