From: Richard Basch <probe@mit.edu>
Date: Fri, 10 May 1996 07:19:22 +0000 (+0000)
Subject: Replaced des3-md5 with des3-sha
X-Git-Tag: krb5-1.0-beta6~112
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=3b97f7ed117f80081893228a36cc964cd94d66b9;p=krb5.git

Replaced des3-md5 with des3-sha

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7968 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in
index 2c88714d9..033d55947 100644
--- a/src/lib/crypto/Makefile.in
+++ b/src/lib/crypto/Makefile.in
@@ -1,4 +1,4 @@
-CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/crc32 -I$(srcdir)/des -I$(srcdir)/md4 -I$(srcdir)/md5
+CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/crc32 -I$(srcdir)/des -I$(srcdir)/md4 -I$(srcdir)/md5 -I$(srcdir)/sha
 
 ##DOSBUILDTOP = ..\..
 ##DOSLIBNAME=crypto.lib
@@ -16,7 +16,7 @@ OBJS=	cryptoconf.$(OBJEXT) \
 	decrypt_data.$(OBJEXT) \
 	des_crc.$(OBJEXT) \
 	des_md5.$(OBJEXT) \
-	des3_md5.$(OBJEXT) \
+	des3_sha.$(OBJEXT) \
 	des3_raw.$(OBJEXT) \
 	raw_des.$(OBJEXT)
 
@@ -25,13 +25,13 @@ SRCS=	$(srcdir)/cryptoconf.c \
 	$(srcdir)/decrypt_data.c \
 	$(srcdir)/des_crc.c \
 	$(srcdir)/des_md5.c \
-	$(srcdir)/des3_md5.c \
+	$(srcdir)/des3_sha.c \
 	$(srcdir)/des3_raw.c \
 	$(srcdir)/raw_des.c 
 
-LIB_SUBDIRS= des md4 md5 crc32 os .
+LIB_SUBDIRS= des md4 md5 sha crc32 os .
 LIBUPDATE= $(BUILDTOP)/util/libupdate
-LIBDONE= ./des/DONE ./md4/DONE ./md5/DONE ./crc32/DONE ./os/DONE ./DONE
+LIBDONE= ./des/DONE ./md4/DONE ./md5/DONE ./sha/DONE ./crc32/DONE ./os/DONE ./DONE
 
 # No dependencies.  Record places to find this shared object if the target
 # link editor and loader support it.
@@ -94,6 +94,9 @@ all-windows::
 	cd ..\md5
 	@echo Making in crypto\md5
 	-$(MAKE) -$(MFLAGS) LIBCMD=$(LIBCMD)
+	cd ..\sha
+	@echo Making in crypto\sha
+	-$(MAKE) -$(MFLAGS) LIBCMD=$(LIBCMD)
 	cd ..
 
 clean-windows::
@@ -109,6 +112,9 @@ clean-windows::
 	cd ..\md5
 	@echo Making clean in crypto\md5
 	-$(MAKE) -$(MFLAGS) clean
+	cd ..\sha
+	@echo Making clean in crypto\sha
+	-$(MAKE) -$(MFLAGS) clean
 	cd ..\os
 	@echo Making clean in crypto\os
 	-$(MAKE) -$(MFLAGS) clean
@@ -128,6 +134,9 @@ check-windows::
 	cd ..\md5
 	@echo Making check in crypto\md5
 	-$(MAKE) -$(MFLAGS) check
+	cd ..\sha
+	@echo Making check in crypto\sha
+	-$(MAKE) -$(MFLAGS) check
 	cd ..\os
 	@echo Making check in crypto\os
 	-$(MAKE) -$(MFLAGS) check
diff --git a/src/lib/crypto/configure.in b/src/lib/crypto/configure.in
index 230544afa..9e0451004 100644
--- a/src/lib/crypto/configure.in
+++ b/src/lib/crypto/configure.in
@@ -1,6 +1,6 @@
 AC_INIT(configure.in)
 CONFIG_RULES
-CONFIG_DIRS(des crc32 md4 md5 os)
+CONFIG_DIRS(des crc32 md4 md5 sha os)
 AC_PROG_ARCHIVE
 AC_PROG_ARCHIVE_ADD
 AC_PROG_RANLIB
@@ -19,16 +19,16 @@ if test "$enableval" = yes; then
 else
 	AC_MSG_RESULT(Disabling DES_CBC_MD5)
 fi
-AC_ARG_ENABLE([des3-cbc-md5],
-[ --enable-des3-cbc-md5		enable DES3_CBC_MD5 (DEFAULT).
- --disable-des3-cbc-md5		disable DES3_CBC_MD5.],
+AC_ARG_ENABLE([des3-cbc-sha],
+[ --enable-des3-cbc-sha		enable DES3_CBC_SHA (DEFAULT).
+ --disable-des3-cbc-sha		disable DES3_CBC_SHA.],
 ,
 enableval=yes)dnl
 if test "$enableval" = yes; then
-	AC_MSG_RESULT(Enabling DES3_CBC_MD5)
-	AC_DEFINE(PROVIDE_DES3_CBC_MD5)
+	AC_MSG_RESULT(Enabling DES3_CBC_SHA)
+	AC_DEFINE(PROVIDE_DES3_CBC_SHA)
 else
-	AC_MSG_RESULT(Disabling DES3_CBC_MD5)
+	AC_MSG_RESULT(Disabling DES3_CBC_SHA)
 fi
 AC_ARG_WITH([des-cbc-crc],
 [ --enable-des-cbc-crc		enable DES_CBC_CRC (DEFAULT).
@@ -107,6 +107,17 @@ if test "$enableval" = yes; then
 else
 	AC_MSG_RESULT(Disabling RSA_MD5)
 fi
+AC_ARG_WITH([nist-sha],
+[ --enable-nist-sha		enable NIST_SHA (DEFAULT).
+ --disable-nist-sha		disable NIST_SHA.],
+,
+enableval=yes)dnl
+if test "$enableval" = yes; then
+	AC_MSG_RESULT(Enabling NIST_SHA)
+	AC_DEFINE(PROVIDE_NIST_SHA)
+else
+	AC_MSG_RESULT(Disabling NIST_SHA)
+fi
 
 V5_SHARED_LIB_OBJS
 SubdirLibraryRule([${OBJS}])
diff --git a/src/lib/crypto/cryptoconf.c b/src/lib/crypto/cryptoconf.c
index 542254f4e..60e9e89b0 100644
--- a/src/lib/crypto/cryptoconf.c
+++ b/src/lib/crypto/cryptoconf.c
@@ -46,11 +46,18 @@
 #include "rsa-md5.h"
 #define MD5_CKENTRY &rsa_md5_cksumtable_entry
 #define MD5_DES_CKENTRY &rsa_md5_des_cksumtable_entry
-#define MD5_DES3_CKENTRY MD5_DES_CKENTRY
 #else
 #define MD5_CKENTRY 0
 #define MD5_DES_CKENTRY 0
-#define MD5_DES3_CKENTRY 0
+#endif
+
+#ifdef PROVIDE_NIST_SHA
+#include "shs.h"
+#define SHA_CKENTRY &nist_sha_cksumtable_entry
+#define SHA_DES3_CKENTRY &nist_sha_des3_cksumtable_entry
+#else
+#define SHA_CKENTRY 0
+#define SHA_DES3_CKENTRY 0
 #endif
 
 #ifdef PROVIDE_SNEFRU
@@ -97,14 +104,14 @@
 #define DES_CBC_RAW_CSENTRY 0
 #endif
 
-#ifdef PROVIDE_DES3_CBC_MD5
+#ifdef PROVIDE_DES3_CBC_SHA
 #ifndef _DES_DONE__
 #include "des_int.h"
 #define _DES_DONE__
 #endif
-#define DES3_CBC_MD5_CSENTRY &krb5_des3_md5_cst_entry
+#define DES3_CBC_SHA_CSENTRY &krb5_des3_sha_cst_entry
 #else
-#define DES3_CBC_MD5_CSENTRY 0
+#define DES3_CBC_SHA_CSENTRY 0
 #endif
 
 #ifdef PROVIDE_DES3_CBC_RAW
@@ -129,7 +136,7 @@ krb5_cs_table_entry * NEAR krb5_enctype_array[] = {
     0,				/* ENCTYPE_DES_CBC_MD4 */
     DES_CBC_MD5_CSENTRY,	/* ENCTYPE_DES_CBC_MD5 */
     DES_CBC_RAW_CSENTRY,	/* ENCTYPE_DES_CBC_RAW */
-    DES3_CBC_MD5_CSENTRY,	/* ENCTYPE_DES3_CBC_MD5 */
+    DES3_CBC_SHA_CSENTRY,	/* ENCTYPE_DES3_CBC_SHA */
     DES3_CBC_RAW_CSENTRY	/* ENCTYPE_DES3_CBC_RAW */
 };
 
@@ -145,7 +152,8 @@ krb5_checksum_entry * NEAR krb5_cksumarray[] = {
     0,				/* 6 - rsa-md4-des-k */
     MD5_CKENTRY,		/* 7 - CKSUMTYPE_RSA_MD5 */
     MD5_DES_CKENTRY,		/* 8 - CKSUMTYPE_RSA_MD5_DES */
-    MD5_DES3_CKENTRY		/* 9 - CKSUMTYPE_RSA_MD5_DES3 */
+    SHA_CKENTRY,		/* 9 - CKSUMTYPE_NIST_SHA */
+    SHA_DES3_CKENTRY		/* 10 - CKSUMTYPE_NIST_SHA_DES3 */
 };
 
 krb5_cksumtype krb5_max_cksum = sizeof(krb5_cksumarray)/sizeof(krb5_cksumarray[0]);
diff --git a/src/lib/crypto/des3_sha.c b/src/lib/crypto/des3_sha.c
new file mode 100644
index 000000000..90d9af089
--- /dev/null
+++ b/src/lib/crypto/des3_sha.c
@@ -0,0 +1,174 @@
+/*
+ * lib/crypto/des3-sha.c
+ *
+ * Copyright 1996 by Lehman Brothers, Inc.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of Lehman Brothers or M.I.T. not be used in advertising or
+ * publicity pertaining to distribution of the software without
+ * specific, written prior permission.  Lehman Brothers and
+ * M.I.T. make no representations about the suitability of this
+ * software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "shs.h"
+#include "des_int.h"
+
+krb5_error_code mit_des3_sha_encrypt_func
+    PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t,
+               krb5_encrypt_block *, krb5_pointer ));
+
+krb5_error_code mit_des3_sha_decrypt_func
+    PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t,
+               krb5_encrypt_block *, krb5_pointer ));
+
+static mit_des_cblock zero_ivec = { 0 };
+
+static krb5_cryptosystem_entry mit_des3_sha_cryptosystem_entry = {
+    0,
+    mit_des3_sha_encrypt_func,
+    mit_des3_sha_decrypt_func, 
+    mit_des3_process_key,
+    mit_des_finish_key,
+    mit_des3_string_to_key,
+    mit_des_init_random_key,
+    mit_des_finish_random_key,
+    mit_des_random_key,
+    sizeof(mit_des_cblock),
+    NIST_SHA_CKSUM_LENGTH+sizeof(mit_des_cblock),
+    sizeof(mit_des3_cblock),
+    ENCTYPE_DES3_CBC_SHA
+    };
+
+krb5_cs_table_entry krb5_des3_sha_cst_entry = {
+    0,
+    &mit_des3_sha_cryptosystem_entry,
+    0
+    };
+
+
+krb5_error_code
+mit_des3_sha_encrypt_func(in, out, size, key, ivec)
+    krb5_const_pointer in;
+    krb5_pointer out;
+    const size_t size;
+    krb5_encrypt_block * key;
+    krb5_pointer ivec;
+{
+    krb5_checksum cksum;
+    krb5_octet 	contents[NIST_SHA_CKSUM_LENGTH];
+    int sumsize;
+    krb5_error_code retval;
+
+/*    if ( size < sizeof(mit_des_cblock) )
+	return KRB5_BAD_MSIZE; */
+
+    /* caller passes data size, and saves room for the padding. */
+    /* format of ciphertext, per RFC is:
+      +-----------+----------+-------------+-----+
+      |confounder |   check  |   msg-seq   | pad |
+      +-----------+----------+-------------+-----+
+      
+      our confounder is 8 bytes (one cblock);
+      our checksum is NIST_SHA_CKSUM_LENGTH
+     */
+    sumsize =  krb5_roundup(size+NIST_SHA_CKSUM_LENGTH+sizeof(mit_des_cblock),
+			    sizeof(mit_des_cblock));
+
+    /* assemble crypto input into the output area, then encrypt in place. */
+
+    memset((char *)out, 0, sumsize);
+
+    /* put in the confounder */
+    if ((retval = krb5_random_confounder(sizeof(mit_des_cblock), out)))
+	return retval;
+
+    memcpy((char *)out+sizeof(mit_des_cblock)+NIST_SHA_CKSUM_LENGTH, (char *)in,
+	   size);
+
+    cksum.contents = contents; 
+
+    /* This is equivalent to krb5_calculate_checksum(CKSUMTYPE_MD5,...)
+       but avoids use of the cryptosystem config table which can not be
+       referenced here if this object is to be included in a shared library.  */
+    if ((retval = nist_sha_cksumtable_entry.sum_func((krb5_pointer) out,
+						    sumsize,
+						    (krb5_pointer)key->key->contents,
+						    key->key->length,
+						    &cksum)))
+	return retval;
+
+    memcpy((char *)out+sizeof(mit_des_cblock), (char *)contents,
+	   NIST_SHA_CKSUM_LENGTH);
+
+    /* We depend here on the ability of this DES-3 implementation to
+       encrypt plaintext to ciphertext in-place. */
+    return (mit_des3_cbc_encrypt(out, 
+				out,
+				sumsize, 
+				(struct mit_des_ks_struct *) key->priv, 
+				((struct mit_des_ks_struct *) key->priv) + 1, 
+				((struct mit_des_ks_struct *) key->priv) + 2, 
+				ivec ? ivec : (krb5_pointer)zero_ivec,
+				MIT_DES_ENCRYPT));
+    
+}
+
+krb5_error_code
+mit_des3_sha_decrypt_func(in, out, size, key, ivec)
+    krb5_const_pointer in;
+    krb5_pointer out;
+    const size_t size;
+    krb5_encrypt_block * key;
+    krb5_pointer ivec;
+{
+    krb5_checksum cksum;
+    krb5_octet 	contents_prd[NIST_SHA_CKSUM_LENGTH];
+    krb5_octet  contents_get[NIST_SHA_CKSUM_LENGTH];
+    char 	*p;
+    krb5_error_code   retval;
+
+    if ( size < 2*sizeof(mit_des_cblock) )
+	return KRB5_BAD_MSIZE;
+
+    retval = mit_des3_cbc_encrypt((const mit_des_cblock *) in,
+				 out,
+				 size,
+				 (struct mit_des_ks_struct *) key->priv,
+				 ((struct mit_des_ks_struct *) key->priv) + 1, 
+				 ((struct mit_des_ks_struct *) key->priv) + 2, 
+				 ivec ? ivec : (krb5_pointer)zero_ivec,
+				 MIT_DES_DECRYPT);
+    if (retval)
+	return retval;
+
+    cksum.contents = contents_prd;
+    p = (char *)out + sizeof(mit_des_cblock);
+    memcpy((char *)contents_get, p, NIST_SHA_CKSUM_LENGTH);
+    memset(p, 0, NIST_SHA_CKSUM_LENGTH);
+
+    if ((retval = nist_sha_cksumtable_entry.sum_func(out, size,
+						    (krb5_pointer)key->key->contents,
+						    key->key->length,
+						    &cksum)))
+	return retval;
+
+    if (memcmp((char *)contents_get, (char *)contents_prd, NIST_SHA_CKSUM_LENGTH) )
+        return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+    memmove((char *)out, (char *)out +
+	   sizeof(mit_des_cblock) + NIST_SHA_CKSUM_LENGTH,
+	   size - sizeof(mit_des_cblock) - NIST_SHA_CKSUM_LENGTH);
+    return 0;
+}