t_random.c: New file which just tests the random number generator

new_rn_key.c (mit_des_set_random_generator_seed): Add fix so that we
	do something even if the input key is not a valid DES key.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7503 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/crypto/des/ChangeLog b/src/lib/crypto/des/ChangeLog
index ddc48365e18fcb072535e61d0c6151a6b96d3ce8..f07b4c0821ef2e79ad1ceef3971a847ff5b7f9ad 100644 (file)
--- a/src/lib/crypto/des/ChangeLog
+++ b/src/lib/crypto/des/ChangeLog
@@ -1,3 +1,11 @@
+Thu Feb 22 20:32:08 1996  Theodore Y. Ts'o  <tytso@dcl>
+
+       * t_random.c: New file which just tests the random number generator.
+
+       * new_rn_key.c (mit_des_set_random_generator_seed): Add fix so
+               that we do something even if the input key is not a valid
+               DES key.
+
 Wed Jan 10 22:28:23 1996  Theodore Y. Ts'o  <tytso@dcl>
 
        * des_int.h: Fix return type for mit_des3_string_to_key().

diff --git a/src/lib/crypto/des/Makefile.in b/src/lib/crypto/des/Makefile.in
index 8f8a6969390789d1379371d5057661ecf591ed45..c54061c9cf56788fe747b40a9034b364d95a791f 100644 (file)
--- a/src/lib/crypto/des/Makefile.in
+++ b/src/lib/crypto/des/Makefile.in
@@ -78,6 +78,9 @@ verify$(EXEEXT): t_verify.$(OBJEXT) $(DEPKLIB)
 destest$(EXEEXT): destest.$(OBJEXT) $(DEPKLIB)
        $(CC) -o $@ destest.$(OBJEXT) $(KLIB) $(LIBS) $(CFLAGS) $(LDFLAGS) 
 
+t_random$(EXEEXT): t_random.$(OBJEXT) $(DEPKLIB)
+       $(LD) -o $@ t_random.$(OBJEXT) $(KLIB) $(LIBS) $(CFLAGS) $(LDFLAGS) 
+
 check-mac: check-unix
 
 check-unix:: destest verify
@@ -89,7 +92,8 @@ check-unix:: destest verify
 check-windows::
 
 clean:: 
-       $(RM) destest$(EXEEXT) verify$(EXEEXT) destest.$(OBJEXT) t_verify.$(OBJEXT)
+       $(RM) destest$(EXEEXT) verify$(EXEEXT) destest.$(OBJEXT) \
+       t_verify.$(OBJEXT) t_random.$(OBJEXT) t_random$(EXEEXT)
 
 clean-unix::
        $(RM) shared/*

diff --git a/src/lib/crypto/des/new_rn_key.c b/src/lib/crypto/des/new_rn_key.c
index ceb93f9de8a0e1d53a48face114f119bf3327a10..d8c72a716ef4a12d7e6717d696694369c6a6163c 100644 (file)
--- a/src/lib/crypto/des/new_rn_key.c
+++ b/src/lib/crypto/des/new_rn_key.c
@@ -155,6 +155,11 @@ mit_des_init_random_number_generator(key,p_seed)
  *
  * Requires: key is a valid des key.  I.e., has correct parity and is not a
  *           weak des key.
+ *     [Note: I have changed this so that even if it is not a valid
+ *     DES key, this function will do something rational --- that is,
+ *     we fix up the key parity and make it a non-weak key.  This
+ *     still won't help us if the input value is guessable, but at
+ *     least we won't get screwed if the key-parity is wrong... --- TYT]
  */
 void
 mit_des_set_random_generator_seed(key, p_seed)
@@ -162,9 +167,17 @@ mit_des_set_random_generator_seed(key, p_seed)
     mit_des_random_key_seed    *p_seed;
 {
     register int i;
+    mit_des_cblock fixed_key;
+
+    memcpy(fixed_key, key, sizeof(mit_des_cblock));
+    mit_des_fixup_key_parity(fixed_key);
+    if (mit_des_is_weak_key(fixed_key)) {
+           fixed_key[0] ^= 0xF0;
+           mit_des_fixup_key_parity(fixed_key);
+    }
 
     /* select the new stream: (note errors are not possible here...) */
-    mit_des_key_sched(key, p_seed->random_sequence_key);
+    mit_des_key_sched(fixed_key, p_seed->random_sequence_key);
 
     /* "seek" to the start of the stream: */
     for (i=0; i<8; i++)

diff --git a/src/lib/crypto/des/t_random.c b/src/lib/crypto/des/t_random.c
new file mode 100644 (file)
index 0000000..106bfb2
--- /dev/null
+++ b/src/lib/crypto/des/t_random.c
@@ -0,0 +1,118 @@
+/*
+ * lib/crypto/des/t_random.c
+ *
+ * Copyright 1996 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * Test a DES implementation against known inputs & outputs
+ */
+
+#include "k5-int.h"
+#include "des_int.h"
+#include <stdio.h>
+#include "com_err.h"
+
+extern krb5_cryptosystem_entry mit_des_cryptosystem_entry;
+
+char *progname;
+int nflag = 2;
+int vflag;
+int mflag;
+int zflag;
+int pid;
+int mit_des_debug;
+
+krb5_data kdata;
+
+unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f };
+unsigned char zerokey[8] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
+
+void print_key(key)
+       krb5_keyblock *key;
+{
+       int     i;
+
+       printf("key type: %d, length = %d, contents =", key->enctype,
+              key->length);
+       for (i=0; i < key->length; i++) {
+               printf(" %02x", key->contents[i]);
+       }
+       printf("\n");
+}
+
+/*
+ * Can also add :
+ * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?)
+ */
+
+void
+main(argc,argv)
+    int argc;
+    char *argv[];
+{
+    /* Local Declarations */
+    krb5_context context;
+    krb5_encrypt_block eblock;
+    krb5_keyblock keyblock, *randkey;
+    void *random_seed = 0;
+
+#ifdef WINDOWS
+    /* Set screen window buffer to infinite size -- MS default is tiny.  */
+    _wsetscreenbuf (fileno (stdout), _WINBUFINF);
+#endif
+
+    /* do some initialisation */
+    krb5_init_context(&context);
+    krb5_init_ets(context);
+
+    krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_CRC);
+    keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+    keyblock.length = sizeof(mit_des_cblock);
+
+    keyblock.contents = key2;
+
+    printf("init_random: ");
+    print_key(&keyblock);
+    krb5_init_random_key(context, &eblock, &keyblock, &random_seed);
+    krb5_random_key(context, &eblock, random_seed, &randkey);
+    print_key(randkey);
+    krb5_free_keyblock(context, randkey);
+    krb5_random_key(context, &eblock, random_seed, &randkey);
+    print_key(randkey);
+    krb5_free_keyblock(context, randkey);
+    krb5_finish_random_key(context, &eblock, &random_seed);
+
+    keyblock.contents = zerokey;
+
+    printf("\n\ninit_random: ");
+    print_key(&keyblock);
+
+    krb5_init_random_key(context, &eblock, &keyblock, &random_seed);
+    krb5_random_key(context, &eblock, random_seed, &randkey);
+    print_key(randkey);
+    krb5_free_keyblock(context, randkey);
+    krb5_random_key(context, &eblock, random_seed, &randkey);
+    print_key(randkey);
+    krb5_free_keyblock(context, randkey);
+    krb5_finish_random_key(context, &eblock, &random_seed);
+
+    krb5_free_context(context);
+}
+