From: Ken Raeburn Date: Wed, 5 Mar 2003 03:03:04 +0000 (+0000) Subject: Clean up PBKDF2 interface. Add s2k-params to string-to-key interface, except X-Git-Tag: krb5-1.3-alpha1~48 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=805904312e781e852c4c198ad91b32bac3c95c4e;p=krb5.git Clean up PBKDF2 interface. Add s2k-params to string-to-key interface, except no new decl in krb5.h yet; rename changed s2k functions to use krb5int_ prefix. Add AES to etype table. Delete some unused declarations. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15229 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/ChangeLog b/src/include/ChangeLog index dffc4cb7a..d0ea27f22 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,13 @@ +2003-03-04 Ken Raeburn + + * krb5.h (ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_AES256_CTS_HMAC_SHA1_96, CKSUMTYPE_HMAC_SHA1_96_AES128, + CKSUMTYPE_HMAC_SHA1_96_AES256): New macros. + * k5-int.h (krb5_str2key_func): Added params argument. + (krb5int_pbkdf2_hmac_sha1): Declare. + (krb5_cryptosystem_entry, krb5_cs_table_entry, SUM_FUNC, + SUM_VERF_FUNC, krb5_checksum_entry): Delete unused declarations. + 2003-02-26 Ken Raeburn * configure.in: Set and substitute maybe_kerberosIV. diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 2bfce56e6..82f25163a 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -620,7 +620,7 @@ typedef krb5_error_code (*krb5_crypt_func) (const struct krb5_enc_provider *enc, const krb5_data *input, krb5_data *output); typedef krb5_error_code (*krb5_str2key_func) (const struct krb5_enc_provider *enc, const krb5_data *string, - const krb5_data *salt, krb5_keyblock *key); + const krb5_data *salt, const krb5_data *parm, krb5_keyblock *key); struct krb5_keytypes { krb5_enctype etype; @@ -669,6 +669,10 @@ krb5_error_code krb5_hmac const krb5_keyblock *key, unsigned int icount, const krb5_data *input, krb5_data *output); +krb5_error_code krb5int_pbkdf2_hmac_sha1 (const krb5_data *, unsigned long, + const krb5_data *, + const krb5_data *); + /* A definition of init_state for DES based encryption systems. * sets up an 8-byte IV of all zeros */ @@ -704,74 +708,6 @@ extern const struct krb5_hash_provider krb5int_hash_md5; #ifdef KRB5_OLD_CRYPTO /* old provider api */ -typedef struct _krb5_cryptosystem_entry { - krb5_magic magic; - krb5_error_code (*encrypt_func) ( krb5_const_pointer /* in */, - krb5_pointer /* out */, - const size_t, - krb5_encrypt_block *, - krb5_pointer); - krb5_error_code (*decrypt_func) ( krb5_const_pointer /* in */, - krb5_pointer /* out */, - const size_t, - krb5_encrypt_block *, - krb5_pointer); - krb5_error_code (*process_key) ( krb5_encrypt_block *, - const krb5_keyblock *); - krb5_error_code (*finish_key) ( krb5_encrypt_block *); - krb5_error_code (*string_to_key) (const krb5_encrypt_block *, - krb5_keyblock *, - const krb5_data *, - const krb5_data *); - krb5_error_code (*init_random_key) ( const krb5_encrypt_block *, - const krb5_keyblock *, - krb5_pointer *); - krb5_error_code (*finish_random_key) ( const krb5_encrypt_block *, - krb5_pointer *); - krb5_error_code (*random_key) ( const krb5_encrypt_block *, - krb5_pointer, - krb5_keyblock **); - int block_length; - int pad_minimum; /* needed for cksum size computation */ - int keysize; - krb5_enctype proto_enctype; /* key type, - (assigned protocol number AND - table index) */ -} krb5_cryptosystem_entry; - -typedef struct _krb5_cs_table_entry { - krb5_magic magic; - krb5_cryptosystem_entry * system; - krb5_pointer random_sequence; /* from init_random_key() */ -} krb5_cs_table_entry; - - -/* could be used in a table to find a sumtype */ -typedef krb5_error_code - (*SUM_FUNC) ( - const krb5_pointer /* in */, - const size_t /* in_length */, - const krb5_pointer /* key/seed */, - const size_t /* key/seed size */, - krb5_checksum * /* out_cksum */); - -typedef krb5_error_code - (*SUM_VERF_FUNC) ( - const krb5_checksum * /* out_cksum */, - const krb5_pointer /* in */, - const size_t /* in_length */, - const krb5_pointer /* key/seed */, - const size_t /* key/seed size */); - -typedef struct _krb5_checksum_entry { - krb5_magic magic; - SUM_FUNC sum_func; /* Checksum generator */ - SUM_VERF_FUNC sum_verf_func; /* Verifier of checksum */ - int checksum_length; /* length returned by sum_func */ - unsigned int is_collision_proof:1; - unsigned int uses_key:1; -} krb5_checksum_entry; - krb5_error_code krb5_crypto_os_localaddr (krb5_address ***); diff --git a/src/include/krb5.hin b/src/include/krb5.hin index e53606c20..c6f7040a5 100644 --- a/src/include/krb5.hin +++ b/src/include/krb5.hin @@ -361,6 +361,8 @@ typedef struct _krb5_enc_data { #define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */ #define ENCTYPE_DES_HMAC_SHA1 0x0008 #define ENCTYPE_DES3_CBC_SHA1 0x0010 +#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 +#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 #define ENCTYPE_ARCFOUR_HMAC 0x0017 #define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018 #define ENCTYPE_UNKNOWN 0x01ff @@ -378,6 +380,8 @@ typedef struct _krb5_enc_data { #define CKSUMTYPE_RSA_MD5_DES 0x0008 #define CKSUMTYPE_NIST_SHA 0x0009 #define CKSUMTYPE_HMAC_SHA1_DES3 0x000c +#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f +#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/ /* The following are entropy source designations. Whenever diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index b5448c867..fae236d26 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,21 @@ +2003-03-04 Ken Raeburn + + * etypes.c: Include aes_s2k.h. + (krb5_enctypes): Add AES enctypes. Update s2k function names. + * pbkdf2.c (krb5int_pbkdf2): Now static. Output data descriptor + is const. + (krb5int_pbkdf2_hmac_sha1_128, krb5int_pbkdf2_hmac_sha1_256): + Deleted. + * string_to_key.c (krb5_c_string_to_key_with_params): Renamed from + krb5_c_string_to_key, takes new params argument and passes it + through. + (krb5_c_string_to_key): New function, passes null params. + * t_pkcs5.c (test_pbkdf2_rfc3211): Update calls to + krb5int_pbkdf2_hmac_sha1 for new API. + * vectors.c (test_mit_des_s2k): Update krb5_des_string_to_key call + for new API. + * Makefile.in: Update dependencies. + 2003-03-03 Ken Raeburn * pbkdf2.c (F): Now takes krb5_data for password and salt. diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in index 1f6ede7c7..ccb26af44 100644 --- a/src/lib/crypto/Makefile.in +++ b/src/lib/crypto/Makefile.in @@ -412,7 +412,8 @@ etypes.so etypes.po $(OUTPRE)etypes.$(OBJEXT): etypes.c $(SRCTOP)/include/k5-int $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ $(BUILDTOP)/include/profile.h $(srcdir)/enc_provider/enc_provider.h \ $(srcdir)/hash_provider/hash_provider.h etypes.h $(srcdir)/old/old.h \ - $(srcdir)/raw/raw.h $(srcdir)/dk/dk.h $(srcdir)/arcfour/arcfour.h + $(srcdir)/raw/raw.h $(srcdir)/dk/dk.h $(srcdir)/arcfour/arcfour.h \ + $(srcdir)/aes/aes_s2k.h hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): hmac.c $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ diff --git a/src/lib/crypto/arcfour/ChangeLog b/src/lib/crypto/arcfour/ChangeLog index 7442af5f8..5727d1986 100644 --- a/src/lib/crypto/arcfour/ChangeLog +++ b/src/lib/crypto/arcfour/ChangeLog @@ -1,3 +1,9 @@ +2003-03-04 Ken Raeburn + + * arcfour.c (krb5int_arcfour_string_to_key): Renamed from + krb5_... and added new s2k-params argument, which must be null. + * arcfour.h: Updated. + 2003-02-03 Sam Hartman * arcfour.c (krb5_arcfour_encrypt_length): l40, the 40-bit diff --git a/src/lib/crypto/arcfour/arcfour.h b/src/lib/crypto/arcfour/arcfour.h index 39bf8240a..c6e435334 100644 --- a/src/lib/crypto/arcfour/arcfour.h +++ b/src/lib/crypto/arcfour/arcfour.h @@ -25,10 +25,11 @@ krb5_error_code krb5_arcfour_decrypt(const struct krb5_enc_provider *, const krb5_data *, krb5_data *); -extern krb5_error_code krb5_arcfour_string_to_key( +extern krb5_error_code krb5int_arcfour_string_to_key( const struct krb5_enc_provider *, const krb5_data *, const krb5_data *, + const krb5_data *, krb5_keyblock *); extern const struct krb5_enc_provider krb5int_enc_arcfour; diff --git a/src/lib/crypto/arcfour/string_to_key.c b/src/lib/crypto/arcfour/string_to_key.c index 1fecd4df0..2212d715f 100644 --- a/src/lib/crypto/arcfour/string_to_key.c +++ b/src/lib/crypto/arcfour/string_to_key.c @@ -12,15 +12,16 @@ static void asctouni(unsigned char *unicode, unsigned char *ascii, size_t len) } krb5_error_code -krb5_arcfour_string_to_key(enc, string, salt, key) - const struct krb5_enc_provider *enc; - const krb5_data *string; - const krb5_data *salt; - krb5_keyblock *key; +krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, + const krb5_data *string, const krb5_data *salt, + const krb5_data *params, krb5_keyblock *key) { size_t len,slen; unsigned char *copystr; krb5_MD4_CTX md4_context; + + if (params != NULL) + return KRB5_ERR_BAD_S2K_PARAMS; if (key->length != 16) return (KRB5_BAD_MSIZE); diff --git a/src/lib/crypto/dk/ChangeLog b/src/lib/crypto/dk/ChangeLog index df04069a9..9ed3a8de9 100644 --- a/src/lib/crypto/dk/ChangeLog +++ b/src/lib/crypto/dk/ChangeLog @@ -1,3 +1,9 @@ +2003-03-04 Ken Raeburn + + * stringtokey.c (krb5int_dk_string_to_key): Renamed from + krb5_... and added s2k-params argument. + * dk.h: Updated. + 2003-01-10 Ken Raeburn * Makefile.in: Add AC_SUBST_FILE marker for libobj_frag. diff --git a/src/lib/crypto/dk/dk.h b/src/lib/crypto/dk/dk.h index 8d4c49787..017101617 100644 --- a/src/lib/crypto/dk/dk.h +++ b/src/lib/crypto/dk/dk.h @@ -45,10 +45,10 @@ krb5_error_code krb5_dk_decrypt const krb5_data *ivec, const krb5_data *input, krb5_data *arg_output); -krb5_error_code krb5_dk_string_to_key +krb5_error_code krb5int_dk_string_to_key (const struct krb5_enc_provider *enc, const krb5_data *string, const krb5_data *salt, - krb5_keyblock *key); + const krb5_data *params, krb5_keyblock *key); krb5_error_code krb5_derive_key (const struct krb5_enc_provider *enc, diff --git a/src/lib/crypto/dk/stringtokey.c b/src/lib/crypto/dk/stringtokey.c index a0bd3441f..be13ca4a1 100644 --- a/src/lib/crypto/dk/stringtokey.c +++ b/src/lib/crypto/dk/stringtokey.c @@ -30,11 +30,9 @@ static const unsigned char kerberos[] = "kerberos"; #define kerberos_len (sizeof(kerberos)-1) krb5_error_code -krb5_dk_string_to_key(enc, string, salt, key) - const struct krb5_enc_provider *enc; - const krb5_data *string; - const krb5_data *salt; - krb5_keyblock *key; +krb5int_dk_string_to_key(const struct krb5_enc_provider *enc, + const krb5_data *string, const krb5_data *salt, + const krb5_data *parms, krb5_keyblock *key) { krb5_error_code ret; size_t keybytes, keylength, concatlen; diff --git a/src/lib/crypto/etypes.c b/src/lib/crypto/etypes.c index 6d8f50b4e..1cc570cd8 100644 --- a/src/lib/crypto/etypes.c +++ b/src/lib/crypto/etypes.c @@ -32,6 +32,7 @@ #include "raw.h" #include "dk.h" #include "arcfour.h" +#include "aes_s2k.h" /* these will be linear searched. if they ever get big, a binary search or hash table would be better, which means these would need @@ -44,82 +45,93 @@ const struct krb5_keytypes krb5_enctypes_list[] = { "des-cbc-crc", "DES cbc mode with CRC-32", &krb5int_enc_des, &krb5int_hash_crc32, krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, - krb5_des_string_to_key }, + krb5int_des_string_to_key }, { ENCTYPE_DES_CBC_MD4, "des-cbc-md4", "DES cbc mode with RSA-MD4", &krb5int_enc_des, &krb5int_hash_md4, krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, - krb5_des_string_to_key }, + krb5int_des_string_to_key }, { ENCTYPE_DES_CBC_MD5, "des-cbc-md5", "DES cbc mode with RSA-MD5", &krb5int_enc_des, &krb5int_hash_md5, krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, - krb5_des_string_to_key }, + krb5int_des_string_to_key }, { ENCTYPE_DES_CBC_MD5, "des", "DES cbc mode with RSA-MD5", /* alias */ &krb5int_enc_des, &krb5int_hash_md5, krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, - krb5_des_string_to_key }, + krb5int_des_string_to_key }, { ENCTYPE_DES_CBC_RAW, "des-cbc-raw", "DES cbc mode raw", &krb5int_enc_des, NULL, krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt, - krb5_des_string_to_key }, + krb5int_des_string_to_key }, { ENCTYPE_DES3_CBC_RAW, "des3-cbc-raw", "Triple DES cbc mode raw", &krb5int_enc_des3, NULL, krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt, - krb5_dk_string_to_key }, + krb5int_dk_string_to_key }, { ENCTYPE_DES3_CBC_SHA1, "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1", &krb5int_enc_des3, &krb5int_hash_sha1, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, - krb5_dk_string_to_key }, + krb5int_dk_string_to_key }, { ENCTYPE_DES3_CBC_SHA1, /* alias */ "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1", &krb5int_enc_des3, &krb5int_hash_sha1, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, - krb5_dk_string_to_key }, + krb5int_dk_string_to_key }, { ENCTYPE_DES3_CBC_SHA1, /* alias */ "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1", &krb5int_enc_des3, &krb5int_hash_sha1, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, - krb5_dk_string_to_key }, + krb5int_dk_string_to_key }, { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1", "DES with HMAC/sha1", &krb5int_enc_des, &krb5int_hash_sha1, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, - krb5_dk_string_to_key }, + krb5int_dk_string_to_key }, { ENCTYPE_ARCFOUR_HMAC, "arcfour-hmac","ArcFour with HMAC/md5", &krb5int_enc_arcfour, &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, - krb5_arcfour_decrypt, krb5_arcfour_string_to_key }, + krb5_arcfour_decrypt, krb5int_arcfour_string_to_key }, { ENCTYPE_ARCFOUR_HMAC, /* alias */ "rc4-hmac", "ArcFour with HMAC/md5", &krb5int_enc_arcfour, &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, - krb5_arcfour_decrypt, krb5_arcfour_string_to_key }, + krb5_arcfour_decrypt, krb5int_arcfour_string_to_key }, { ENCTYPE_ARCFOUR_HMAC, /* alias */ "arcfour-hmac-md5", "ArcFour with HMAC/md5", &krb5int_enc_arcfour, &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, - krb5_arcfour_decrypt, krb5_arcfour_string_to_key }, + krb5_arcfour_decrypt, krb5int_arcfour_string_to_key }, { ENCTYPE_ARCFOUR_HMAC_EXP, "arcfour-hmac-exp", "Exportable ArcFour with HMAC/md5", &krb5int_enc_arcfour, &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, - krb5_arcfour_decrypt, krb5_arcfour_string_to_key }, + krb5_arcfour_decrypt, krb5int_arcfour_string_to_key }, { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */ "rc4-hmac-exp", "Exportable ArcFour with HMAC/md5", &krb5int_enc_arcfour, &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, - krb5_arcfour_decrypt, krb5_arcfour_string_to_key }, + krb5_arcfour_decrypt, krb5int_arcfour_string_to_key }, { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */ "arcfour-hmac-md5-exp", "Exportable ArcFour with HMAC/md5", &krb5int_enc_arcfour, &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, - krb5_arcfour_decrypt, krb5_arcfour_string_to_key }, + krb5_arcfour_decrypt, krb5int_arcfour_string_to_key }, + + { ENCTYPE_AES128_CTS_HMAC_SHA1_96, + "aes128-cts-hmac-sha1-96", "AES-128 CTS mode with 96-bit SHA-1 HMAC", + &krb5int_enc_aes128, &krb5int_hash_sha1, + krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, + krb5int_aes_string_to_key }, + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, + "aes256-cts-hmac-sha1-96", "AES-256 CTS mode with 96-bit SHA-1 HMAC", + &krb5int_enc_aes256, &krb5int_hash_sha1, + krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, + krb5int_aes_string_to_key }, #ifdef ATHENA_DES3_KLUDGE /* @@ -131,7 +143,7 @@ const struct krb5_keytypes krb5_enctypes_list[] = { "Triple DES with HMAC/sha1 and 32-bit length code", &krb5int_enc_des3, &krb5int_hash_sha1, krb5_marc_dk_encrypt_length, krb5_marc_dk_encrypt, krb5_marc_dk_decrypt, - krb5_dk_string_to_key }, + krb5int_dk_string_to_key }, #endif }; diff --git a/src/lib/crypto/old/ChangeLog b/src/lib/crypto/old/ChangeLog index 0cdd65931..c23b40371 100644 --- a/src/lib/crypto/old/ChangeLog +++ b/src/lib/crypto/old/ChangeLog @@ -1,3 +1,9 @@ +2003-03-04 Ken Raeburn + + * des_stringtokey.c (krb5int_des_string_to_key): Renamed from + krb5_... and added s2k-params argument which must be null. + * old.h: Updated. + 2003-01-10 Ken Raeburn * Makefile.in: Add AC_SUBST_FILE marker for libobj_frag. diff --git a/src/lib/crypto/old/des_stringtokey.c b/src/lib/crypto/old/des_stringtokey.c index ee3e1d065..fd3440bda 100644 --- a/src/lib/crypto/old/des_stringtokey.c +++ b/src/lib/crypto/old/des_stringtokey.c @@ -34,11 +34,14 @@ extern krb5_error_code mit_des_string_to_key_int const krb5_data * salt); krb5_error_code -krb5_des_string_to_key(enc, string, salt, key) +krb5int_des_string_to_key(enc, string, salt, parm, key) const struct krb5_enc_provider *enc; const krb5_data *string; const krb5_data *salt; + const krb5_data *parm; krb5_keyblock *key; { + if (parm != NULL) + return KRB5_ERR_BAD_S2K_PARAMS; return(mit_des_string_to_key_int(key, string, salt)); } diff --git a/src/lib/crypto/old/old.h b/src/lib/crypto/old/old.h index b22b1684d..94ee6421e 100644 --- a/src/lib/crypto/old/old.h +++ b/src/lib/crypto/old/old.h @@ -45,7 +45,8 @@ krb5_error_code krb5_old_decrypt const krb5_data *ivec, const krb5_data *input, krb5_data *arg_output); -krb5_error_code krb5_des_string_to_key +krb5_error_code krb5int_des_string_to_key (const struct krb5_enc_provider *enc, - const krb5_data *string, const krb5_data *salt, + const krb5_data *string, const krb5_data *salt, + const krb5_data *params, krb5_keyblock *key); diff --git a/src/lib/crypto/pbkdf2.c b/src/lib/crypto/pbkdf2.c index d93b5b893..d8a3f8b58 100644 --- a/src/lib/crypto/pbkdf2.c +++ b/src/lib/crypto/pbkdf2.c @@ -32,24 +32,12 @@ #include "k5-int.h" #include "hash_provider.h" -/* for k5-int.h */ -extern krb5_error_code +/* Not exported, for now. */ +static krb5_error_code krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *, krb5_data *), size_t hlen, const krb5_data *pass, const krb5_data *salt, - unsigned long count, krb5_data *output); -extern krb5_error_code -krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count, - const krb5_data *pass, const krb5_data *salt); -extern krb5_error_code -krb5int_pbkdf2_hmac_sha1_128 (char *out, unsigned long count, - const krb5_data *pass, const krb5_data *salt); -extern krb5_error_code -krb5int_pbkdf2_hmac_sha1_256 (char *out, unsigned long count, - const krb5_data *pass, const krb5_data *salt); - - - + unsigned long count, const krb5_data *output); static int debug_hmac = 0; @@ -161,12 +149,12 @@ F(char *output, char *u_tmp1, char *u_tmp2, return 0; } -krb5_error_code +static krb5_error_code krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *, krb5_data *), size_t hlen, const krb5_data *pass, const krb5_data *salt, - unsigned long count, krb5_data *output) + unsigned long count, const krb5_data *output) { int l, r, i; char *utmp1, *utmp2; @@ -258,23 +246,3 @@ krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count, { return krb5int_pbkdf2 (foo, 20, pass, salt, count, out); } - -krb5_error_code -krb5int_pbkdf2_hmac_sha1_128 (char *out, unsigned long count, - const krb5_data *pass, const krb5_data *salt) -{ - krb5_data out_d; - out_d.data = out; - out_d.length = 16; - return krb5int_pbkdf2 (foo, 20, pass, salt, count, &out_d); -} - -krb5_error_code -krb5int_pbkdf2_hmac_sha1_256 (char *out, unsigned long count, - const krb5_data *pass, const krb5_data *salt) -{ - krb5_data out_d; - out_d.data = out; - out_d.length = 32; - return krb5int_pbkdf2 (foo, 20, pass, salt, count, &out_d); -} diff --git a/src/lib/crypto/string_to_key.c b/src/lib/crypto/string_to_key.c index f6ddf9d69..cccfd1c1a 100644 --- a/src/lib/crypto/string_to_key.c +++ b/src/lib/crypto/string_to_key.c @@ -34,6 +34,19 @@ krb5_c_string_to_key(context, enctype, string, salt, key) const krb5_data *string; const krb5_data *salt; krb5_keyblock *key; +{ + return krb5_c_string_to_key_with_params(context, enctype, string, salt, + NULL, key); +} + +krb5_error_code KRB5_CALLCONV +krb5_c_string_to_key_with_params(context, enctype, string, salt, params, key) + krb5_context context; + krb5_enctype enctype; + const krb5_data *string; + const krb5_data *salt; + const krb5_data *params; + krb5_keyblock *key; { int i; krb5_error_code ret; @@ -59,7 +72,8 @@ krb5_c_string_to_key(context, enctype, string, salt, key) key->enctype = enctype; key->length = keylength; - if ((ret = ((*(krb5_enctypes_list[i].str2key))(enc, string, salt, key)))) { + ret = (*krb5_enctypes_list[i].str2key)(enc, string, salt, params, key); + if (ret) { memset(key->contents, 0, keylength); free(key->contents); } diff --git a/src/lib/crypto/t_pkcs5.c b/src/lib/crypto/t_pkcs5.c index 30e857441..db255280a 100644 --- a/src/lib/crypto/t_pkcs5.c +++ b/src/lib/crypto/t_pkcs5.c @@ -49,7 +49,7 @@ static void test_pbkdf2_rfc3211() { char x[100]; krb5_error_code err; - krb5_data d; + krb5_data d, pass, salt; int i; /* RFC 3211 test cases. */ @@ -80,8 +80,11 @@ static void test_pbkdf2_rfc3211() t[i].count, t[i].len * 8, t[i].len, t[i].pass); d.length = t[i].len; - err = krb5int_pbkdf2_hmac_sha1 (x, d.length, t[i].count, - t[i].pass, t[i].salt); + pass.data = t[i].pass; + pass.length = strlen(pass.data); + salt.data = t[i].salt; + salt.length = strlen(salt.data); + err = krb5int_pbkdf2_hmac_sha1 (&d, t[i].count, &pass, &salt); if (err) { printf("error in computing pbkdf2: %s\n", error_message(err)); exit(1); diff --git a/src/lib/crypto/vectors.c b/src/lib/crypto/vectors.c index b5ca63e8c..20c5d7cc7 100644 --- a/src/lib/crypto/vectors.c +++ b/src/lib/crypto/vectors.c @@ -136,7 +136,7 @@ test_mit_des_s2k () printf ("\npassword: %-25s", buf); printhex (strlen(p), p); printf ("\n"); - r = krb5_des_string_to_key (0, &pd, &sd, &key); + r = krb5int_des_string_to_key (0, &pd, &sd, 0, &key); printf ( "DES key: %-25s", ""); printhex (key.length, key.contents); printf ("\n\n");