From: Ken Raeburn Date: Fri, 13 Feb 2004 23:38:57 +0000 (+0000) Subject: * dk_decrypt.c (krb5_dk_decrypt_maybe_trunc_hmac): New argument IVEC_MODE. If X-Git-Tag: krb5-1.4-beta1~618 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=0f240326537d6d303c288506840189d3b35c4da3;p=krb5.git * dk_decrypt.c (krb5_dk_decrypt_maybe_trunc_hmac): New argument IVEC_MODE. If clear, same old behavior. If set, copy out next to last block for CTS. (krb5_dk_decrypt, krb5int_aes_dk_decrypt): Pass extra argument. * dk_encrypt.c (krb5int_aes_dk_encrypt): For IV, copy out next to last block for CTS. ticket: 2229 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16077 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/crypto/dk/ChangeLog b/src/lib/crypto/dk/ChangeLog index 30107a218..98adf7537 100644 --- a/src/lib/crypto/dk/ChangeLog +++ b/src/lib/crypto/dk/ChangeLog @@ -1,3 +1,12 @@ +2004-02-13 Ken Raeburn + + * dk_decrypt.c (krb5_dk_decrypt_maybe_trunc_hmac): New argument + IVEC_MODE. If clear, same old behavior. If set, copy out next + to last block for CTS. + (krb5_dk_decrypt, krb5int_aes_dk_decrypt): Pass extra argument. + * dk_encrypt.c (krb5int_aes_dk_encrypt): For IV, copy out next to + last block for CTS. + 2003-07-22 Ken Raeburn * checksum.c (krb5_dk_make_checksum, krb5_marc_dk_make_checksum): diff --git a/src/lib/crypto/dk/dk_decrypt.c b/src/lib/crypto/dk/dk_decrypt.c index 0c95d4079..823eefa27 100644 --- a/src/lib/crypto/dk/dk_decrypt.c +++ b/src/lib/crypto/dk/dk_decrypt.c @@ -37,7 +37,8 @@ krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc, const krb5_data *ivec, const krb5_data *input, krb5_data *output, - size_t hmacsize); + size_t hmacsize, + int ivec_mode); krb5_error_code krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output) @@ -50,7 +51,7 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output) krb5_data *output; { return krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage, - ivec, input, output, 0); + ivec, input, output, 0, 0); } krb5_error_code @@ -64,12 +65,12 @@ krb5int_aes_dk_decrypt(enc, hash, key, usage, ivec, input, output) krb5_data *output; { return krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage, - ivec, input, output, 96 / 8); + ivec, input, output, 96 / 8, 1); } static krb5_error_code krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage, ivec, input, output, - hmacsize) + hmacsize, ivec_mode) const struct krb5_enc_provider *enc; const struct krb5_hash_provider *hash; const krb5_keyblock *key; @@ -78,6 +79,7 @@ krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage, ivec, input, output, const krb5_data *input; krb5_data *output; size_t hmacsize; + int ivec_mode; { krb5_error_code ret; size_t hashsize, blocksize, keybytes, keylength, enclen, plainlen; @@ -154,9 +156,15 @@ krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage, ivec, input, output, if ((ret = ((*(enc->decrypt))(&ke, ivec, &d1, &d2))) != 0) goto cleanup; - if (ivec != NULL && ivec->length == blocksize) - cn = (unsigned char *) d1.data + d1.length - blocksize; - else + if (ivec != NULL && ivec->length == blocksize) { + if (ivec_mode == 0) + cn = (unsigned char *) d1.data + d1.length - blocksize; + else if (ivec_mode == 1) { + int nblocks = (d1.length + blocksize - 1) / blocksize; + cn = d1.data + blocksize * (nblocks - 2); + } else + abort(); + } else cn = NULL; /* verify the hash */ diff --git a/src/lib/crypto/dk/dk_encrypt.c b/src/lib/crypto/dk/dk_encrypt.c index 32cc509af..cf6b826a4 100644 --- a/src/lib/crypto/dk/dk_encrypt.c +++ b/src/lib/crypto/dk/dk_encrypt.c @@ -313,9 +313,10 @@ krb5int_aes_dk_encrypt(enc, hash, key, usage, ivec, input, output) if ((ret = ((*(enc->encrypt))(&ke, ivec, &d1, &d2)))) goto cleanup; - if (ivec != NULL && ivec->length == blocksize) - cn = d2.data + d2.length - blocksize; - else + if (ivec != NULL && ivec->length == blocksize) { + int nblocks = (d2.length + blocksize - 1) / blocksize; + cn = d2.data + blocksize * (nblocks - 2); + } else cn = NULL; /* hash the plaintext */ @@ -333,8 +334,27 @@ krb5int_aes_dk_encrypt(enc, hash, key, usage, ivec, input, output) output->length = enclen; /* update ivec */ - if (cn != NULL) + if (cn != NULL) { memcpy(ivec->data, cn, blocksize); +#if 0 + { + int i; + printf("\n%s: output:", __func__); + for (i = 0; i < output->length; i++) { + if (i % 16 == 0) + printf("\n%s: ", __func__); + printf(" %02x", i[(unsigned char *)output->data]); + } + printf("\n%s: outputIV:", __func__); + for (i = 0; i < ivec->length; i++) { + if (i % 16 == 0) + printf("\n%s: ", __func__); + printf(" %02x", i[(unsigned char *)ivec->data]); + } + printf("\n"); fflush(stdout); + } +#endif + } /* ret is set correctly by the prior call */