From: Richard Basch Date: Fri, 29 Mar 1996 01:28:53 +0000 (+0000) Subject: Added support for CKSUMTYPE_RSA_MD5_DES3 X-Git-Tag: krb5-1.0-beta6~277 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=4f96c32544b633e11c09dae1ecf85ea7097d3ac2;p=krb5.git Added support for CKSUMTYPE_RSA_MD5_DES3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7734 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/crypto/md5/ChangeLog b/src/lib/crypto/md5/ChangeLog index 5577fe94c..e7f991a38 100644 --- a/src/lib/crypto/md5/ChangeLog +++ b/src/lib/crypto/md5/ChangeLog @@ -1,3 +1,7 @@ +Thu Mar 28 09:50:58 1996 Richard Basch + + * md5crypto.c: Added support for CKSUMTYPE_RSA_MD5_DES3 + Sat Jan 27 00:56:38 1996 Mark Eichin * t_cksum.c (main): use proper old-style definition. diff --git a/src/lib/crypto/md5/md5crypto.c b/src/lib/crypto/md5/md5crypto.c index 4689bfcf1..d993c22b5 100644 --- a/src/lib/crypto/md5/md5crypto.c +++ b/src/lib/crypto/md5/md5crypto.c @@ -283,6 +283,63 @@ size_t seed_length; else retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; } + else if (cksum->checksum_type == CKSUMTYPE_RSA_MD5_DES3) { + if (cksum->length == (RSA_MD5_DES_CKSUM_LENGTH + + RSA_MD5_DES_CONFOUND_LENGTH)) { + /* + * If we're verifying the correct implementation, then we have + * to do a little more work because we must decrypt the checksum + * because it contains the confounder in it. So, figure out + * what our key variant is and then do it! + */ + + /* Set up the variant of the key (see RFC 1510 section 6.4.5) */ + memset((char *) tmpkey, 0, sizeof(mit_des_cblock)); + for (i=0; (icontents, + (mit_des_cblock *)&outtmp[0], + RSA_MD5_DES_CKSUM_LENGTH + + RSA_MD5_DES_CONFOUND_LENGTH, + (struct mit_des_ks_struct *) + eblock.priv, + ((struct mit_des_ks_struct *) + eblock.priv) + 1, + ((struct mit_des_ks_struct *) + eblock.priv) + 2, + keyblock.contents, + MIT_DES_DECRYPT); + if (retval) { + (void) mit_des_finish_key(&eblock); + return retval; + } + if (retval = mit_des_finish_key(&eblock)) + return(retval); + + /* Now that we have the decrypted checksum, try to regenerate it */ + md5_calculate_cksum(&working, + (krb5_pointer) outtmp, + (size_t) RSA_MD5_DES_CONFOUND_LENGTH, + in, + in_length); + + /* Compare the checksums */ + if (memcmp((char *) &outtmp[RSA_MD5_DES_CONFOUND_LENGTH], + (char *) &working.digest[0], + RSA_MD5_DES_CKSUM_LENGTH)) + retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; + } + else + retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; + } else retval = KRB5KRB_AP_ERR_INAPP_CKSUM;