From: Zhanna Tsitkov Date: Thu, 1 Oct 2009 21:46:57 +0000 (+0000) Subject: Crypto modularity proj: Populate openssl/des dir. X-Git-Tag: krb5-1.8-alpha1~326 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=97d243197bbb85b50f1376f2138dd9724e203ce1;p=krb5.git Crypto modularity proj: Populate openssl/des dir. To avoid breaking the export list some functions (mostly mit_xxx) are left in place with the disabled functionality. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22821 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/crypto/openssl/des/afsstring2key.c b/src/lib/crypto/openssl/des/afsstring2key.c new file mode 100644 index 000000000..031db5845 --- /dev/null +++ b/src/lib/crypto/openssl/des/afsstring2key.c @@ -0,0 +1,27 @@ +/* lib/crypto/openss/des/afsstring2key.c + * + * Copyright 2009 by the Massachusetts Institute + * of Technology. + * All Rights Reserved. + * + */ + +#include "k5-int.h" +#include "des_int.h" +#include + +krb5_error_code +mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data, + const krb5_data *salt) +{ + return KRB5_CRYPTO_INTERNAL; +} +char * +mit_afs_crypt(const char *pw, const char *salt, + char *iobuf) +{ + /* Unsupported operation */ + return NULL; +} + + diff --git a/src/lib/crypto/openssl/des/d3_aead.c b/src/lib/crypto/openssl/des/d3_aead.c new file mode 100644 index 000000000..cd9988611 --- /dev/null +++ b/src/lib/crypto/openssl/des/d3_aead.c @@ -0,0 +1,34 @@ +/* lib/crypto/openssl/des/d3_aead.c + * + * Copyright 2009 by the Massachusetts Institute + * of Technology. + * All Rights Reserved. + * + */ +#include "des_int.h" +#include "aead.h" + +void +krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + mit_des_cblock ivec) +{ + /* Unsupported operation */ + abort(); +} + +void +krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + mit_des_cblock ivec) +{ + /* Unsupported operation */ + abort(); +} + diff --git a/src/lib/crypto/openssl/des/d3_cbc.c b/src/lib/crypto/openssl/des/d3_cbc.c new file mode 100644 index 000000000..98caab503 --- /dev/null +++ b/src/lib/crypto/openssl/des/d3_cbc.c @@ -0,0 +1,51 @@ +/* lib/crypto/openssl/des/d3_cbc.c + * + * Copyright 2009 by the Massachusetts Institute + * of Technology. + * All Rights Reserved. + * + */ +#include "des_int.h" + +/* + * Triple-DES CBC encryption mode. + */ + +#undef mit_des3_cbc_encrypt +int +mit_des3_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, + unsigned long length, const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + const mit_des_cblock ivec, int enc) +{ + /* Unsupported operation */ + return KRB5_CRYPTO_INTERNAL; +} + +void +krb5int_des3_cbc_encrypt(const mit_des_cblock *input, + mit_des_cblock *output, + unsigned long length, + const mit_des_key_schedule key, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + const mit_des_cblock ivec) +{ + /* Unsupported operation */ + abort(); +} + +void +krb5int_des3_cbc_decrypt(const mit_des_cblock *in, + mit_des_cblock *out, + unsigned long length, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + const mit_des_cblock ivec) +{ + /* Unsupported operation */ + abort(); +} + diff --git a/src/lib/crypto/openssl/des/d3_kysched.c b/src/lib/crypto/openssl/des/d3_kysched.c new file mode 100644 index 000000000..fb42e792f --- /dev/null +++ b/src/lib/crypto/openssl/des/d3_kysched.c @@ -0,0 +1,18 @@ +/* lib/crypto/openssl/des/d3_kysched.c + * + * Copyright 2009 by the Massachusetts Institute + * of Technology. + * All Rights Reserved. + * + */ + +#include "des_int.h" + +int +mit_des3_key_sched(mit_des3_cblock k, mit_des3_key_schedule schedule) +{ + /* Unsupported operation */ + return KRB5_CRYPTO_INTERNAL; +} + + diff --git a/src/lib/crypto/openssl/des/des_int.h b/src/lib/crypto/openssl/des/des_int.h new file mode 100644 index 000000000..fd2024a45 --- /dev/null +++ b/src/lib/crypto/openssl/des/des_int.h @@ -0,0 +1,377 @@ +/* + * lib/crypto/des/des_int.h + * + * Copyright 1987, 1988, 1990, 2002 by the Massachusetts Institute of + * Technology. All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Private include file for the Data Encryption Standard library. + */ + +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* only do the whole thing once */ +#ifndef DES_INTERNAL_DEFS +#define DES_INTERNAL_DEFS + +#include "k5-int.h" +/* + * Begin "mit-des.h" + */ +#ifndef KRB5_MIT_DES__ +#define KRB5_MIT_DES__ + +#if defined(__MACH__) && defined(__APPLE__) +#include +#include +#if TARGET_RT_MAC_CFM +#error "Use KfM 4.0 SDK headers for CFM compilation." +#endif +#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS) +#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5 +#endif +#endif /* defined(__MACH__) && defined(__APPLE__) */ + +/* Macro to add deprecated attribute to DES types and functions */ +/* Currently only defined on Mac OS X 10.5 and later. */ +#ifndef KRB5INT_DES_DEPRECATED +#define KRB5INT_DES_DEPRECATED +#endif + +#include + +#if UINT_MAX >= 0xFFFFFFFFUL +#define DES_INT32 int +#define DES_UINT32 unsigned int +#else +#define DES_INT32 long +#define DES_UINT32 unsigned long +#endif + +typedef unsigned char des_cblock[8] /* crypto-block size */ +KRB5INT_DES_DEPRECATED; + +/* + * Key schedule. + * + * This used to be + * + * typedef struct des_ks_struct { + * union { DES_INT32 pad; des_cblock _;} __; + * } des_key_schedule[16]; + * + * but it would cause trouble if DES_INT32 were ever more than 4 + * bytes. The reason is that all the encryption functions cast it to + * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If + * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the + * caller-allocated des_key_schedule will be overflowed by the key + * scheduling functions. We can't assume that every platform will + * have an exact 32-bit int, and nothing should be looking inside a + * des_key_schedule anyway. + */ +typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] +KRB5INT_DES_DEPRECATED; + +typedef des_cblock mit_des_cblock; +typedef des_key_schedule mit_des_key_schedule; + +/* Triple-DES structures */ +typedef mit_des_cblock mit_des3_cblock[3]; +typedef mit_des_key_schedule mit_des3_key_schedule[3]; + +#define MIT_DES_ENCRYPT 1 +#define MIT_DES_DECRYPT 0 + +typedef struct mit_des_ran_key_seed { + krb5_encrypt_block eblock; + krb5_data sequence; +} mit_des_random_state; + +/* the first byte of the key is already in the keyblock */ + +#define MIT_DES_BLOCK_LENGTH (8*sizeof(krb5_octet)) +#define MIT_DES_CBC_CRC_PAD_MINIMUM CRC32_CKSUM_LENGTH +/* This used to be 8*sizeof(krb5_octet) */ +#define MIT_DES_KEYSIZE 8 + +#define MIT_DES_CBC_CKSUM_LENGTH (4*sizeof(krb5_octet)) + +/* + * Check if k5-int.h has been included before us. If so, then check to see + * that our view of the DES key size is the same as k5-int.h's. + */ +#ifdef KRB5_MIT_DES_KEYSIZE +#if MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE +error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) +#endif /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */ +#endif /* KRB5_MIT_DES_KEYSIZE */ +#endif /* KRB5_MIT_DES__ */ +/* + * End "mit-des.h" + */ + +/* afsstring2key.c */ +extern krb5_error_code mit_afs_string_to_key + (krb5_keyblock *keyblock, + const krb5_data *data, + const krb5_data *salt); +extern char *mit_afs_crypt + (const char *pw, const char *salt, char *iobuf); + +/* f_cksum.c */ +extern unsigned long mit_des_cbc_cksum + (const krb5_octet *, krb5_octet *, unsigned long , + const mit_des_key_schedule, const krb5_octet *); + +/* f_ecb.c */ +extern int mit_des_ecb_encrypt + (const mit_des_cblock *, mit_des_cblock *, mit_des_key_schedule , int ); + +/* f_cbc.c */ +extern int mit_des_cbc_encrypt (const mit_des_cblock *in, + mit_des_cblock *out, + unsigned long length, + const mit_des_key_schedule schedule, + const mit_des_cblock ivec, int enc); + +#define mit_des_zeroblock krb5int_c_mit_des_zeroblock +extern const mit_des_cblock mit_des_zeroblock; + +/* fin_rndkey.c */ +extern krb5_error_code mit_des_finish_random_key + ( const krb5_encrypt_block *, + krb5_pointer *); + +/* finish_key.c */ +extern krb5_error_code mit_des_finish_key + ( krb5_encrypt_block *); + +/* init_rkey.c */ +extern krb5_error_code mit_des_init_random_key + ( const krb5_encrypt_block *, + const krb5_keyblock *, + krb5_pointer *); + +/* key_parity.c */ +extern void mit_des_fixup_key_parity (mit_des_cblock ); +extern int mit_des_check_key_parity (mit_des_cblock ); + +/* key_sched.c */ +extern int mit_des_key_sched + (mit_des_cblock , mit_des_key_schedule ); + +/* process_ky.c */ +extern krb5_error_code mit_des_process_key + ( krb5_encrypt_block *, const krb5_keyblock *); + +/* random_key.c */ +extern krb5_error_code mit_des_random_key + ( const krb5_encrypt_block *, krb5_pointer , + krb5_keyblock **); + +/* string2key.c */ +extern krb5_error_code mit_des_string_to_key + ( const krb5_encrypt_block *, + krb5_keyblock *, const krb5_data *, const krb5_data *); +extern krb5_error_code mit_des_string_to_key_int + (krb5_keyblock *, const krb5_data *, const krb5_data *); + +/* weak_key.c */ +extern int mit_des_is_weak_key (mit_des_cblock ); + +/* cmb_keys.c */ +krb5_error_code mit_des_combine_subkeys + (const krb5_keyblock *, const krb5_keyblock *, + krb5_keyblock **); + +/* f_pcbc.c */ +int mit_des_pcbc_encrypt (); + +/* f_sched.c */ +int mit_des_make_key_sched(mit_des_cblock, mit_des_key_schedule); + + +/* misc.c */ +extern void swap_bits (char *); +extern unsigned long long_swap_bits (unsigned long ); +extern unsigned long swap_six_bits_to_ansi (unsigned long ); +extern unsigned long swap_four_bits_to_ansi (unsigned long ); +extern unsigned long swap_bit_pos_1 (unsigned long ); +extern unsigned long swap_bit_pos_0 (unsigned long ); +extern unsigned long swap_bit_pos_0_to_ansi (unsigned long ); +extern unsigned long rev_swap_bit_pos_0 (unsigned long ); +extern unsigned long swap_byte_bits (unsigned long ); +extern unsigned long swap_long_bytes_bit_number (unsigned long ); +#ifdef FILE +/* XXX depends on FILE being a #define! */ +extern void test_set (FILE *, const char *, int, const char *, int); +#endif + +/* d3_ecb.c */ +extern int mit_des3_ecb_encrypt + (const mit_des_cblock *in, + mit_des_cblock *out, + mit_des_key_schedule sched1, + mit_des_key_schedule sched2, + mit_des_key_schedule sched3, + int enc); + +/* d3_cbc.c */ +extern int mit_des3_cbc_encrypt + (const mit_des_cblock *in, + mit_des_cblock *out, + unsigned long length, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + const mit_des_cblock ivec, + int enc); + +void +krb5int_des3_cbc_encrypt(const mit_des_cblock *in, + mit_des_cblock *out, + unsigned long length, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + const mit_des_cblock ivec); +void +krb5int_des3_cbc_decrypt(const mit_des_cblock *in, + mit_des_cblock *out, + unsigned long length, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + const mit_des_cblock ivec); + +void +krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + mit_des_cblock ivec); + +void +krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + mit_des_cblock ivec); + +#define mit_des3_cbc_encrypt(in,out,length,ks1,ks2,ks3,ivec,enc) \ + ((enc ? krb5int_des3_cbc_encrypt : krb5int_des3_cbc_decrypt) \ + (in, out, length, ks1, ks2, ks3, ivec), 0) + +void +krb5int_des_cbc_encrypt(const mit_des_cblock *in, + mit_des_cblock *out, + unsigned long length, + const mit_des_key_schedule schedule, + const mit_des_cblock ivec); +void +krb5int_des_cbc_decrypt(const mit_des_cblock *in, + mit_des_cblock *out, + unsigned long length, + const mit_des_key_schedule schedule, + const mit_des_cblock ivec); + +#define mit_des_cbc_encrypt(in,out,length,schedule,ivec,enc) \ + ((enc ? krb5int_des_cbc_encrypt : krb5int_des_cbc_decrypt) \ + (in, out, length, schedule, ivec), 0) + +void +krb5int_des_cbc_encrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule schedule, + mit_des_cblock ivec); + +void +krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule schedule, + mit_des_cblock ivec); + +/* d3_procky.c */ +extern krb5_error_code mit_des3_process_key + (krb5_encrypt_block * eblock, + const krb5_keyblock * keyblock); + +/* d3_kysched.c */ +extern int mit_des3_key_sched + (mit_des3_cblock key, + mit_des3_key_schedule schedule); + +/* d3_str2ky.c */ +extern krb5_error_code mit_des3_string_to_key + (const krb5_encrypt_block * eblock, + krb5_keyblock * keyblock, + const krb5_data * data, + const krb5_data * salt); + +/* u_nfold.c */ +extern krb5_error_code mit_des_n_fold + (const krb5_octet * input, + const size_t in_len, + krb5_octet * output, + const size_t out_len); + +/* u_rn_key.c */ +extern int mit_des_is_weak_keyblock + (krb5_keyblock *keyblock); + +extern void mit_des_fixup_keyblock_parity + (krb5_keyblock *keyblock); + +extern krb5_error_code mit_des_set_random_generator_seed + (const krb5_data * seed, + krb5_pointer random_state); + +extern krb5_error_code mit_des_set_random_sequence_number + (const krb5_data * sequence, + krb5_pointer random_state); +#endif /*DES_INTERNAL_DEFS*/ diff --git a/src/lib/crypto/openssl/des/f_aead.c b/src/lib/crypto/openssl/des/f_aead.c new file mode 100644 index 000000000..204647590 --- /dev/null +++ b/src/lib/crypto/openssl/des/f_aead.c @@ -0,0 +1,33 @@ +/* lib/crypto/openssl/des/f_aead.c + * + * Copyright 2009 by the Massachusetts Institute + * of Technology. + * All Rights Reserved. + * + */ + +#include "des_int.h" +#include "aead.h" + + +void +krb5int_des_cbc_encrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule schedule, + mit_des_cblock ivec) +{ + /* Unsupported operation */ + abort(); +} + +void +krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule schedule, + mit_des_cblock iv) +{ + /* Unsupported operation */ + abort(); +} + + diff --git a/src/lib/crypto/openssl/des/f_cbc.c b/src/lib/crypto/openssl/des/f_cbc.c new file mode 100644 index 000000000..55b648fc1 --- /dev/null +++ b/src/lib/crypto/openssl/des/f_cbc.c @@ -0,0 +1,89 @@ +/* + * lib/crypto/openssldes/f_cbc.c + * + * Copyright (C) 1990 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * DES implementation donated by Dennis Ferguson + */ + +/* + * des_cbc_encrypt.c - an implementation of the DES cipher function in cbc mode + */ +#include "des_int.h" + +/* + * des_cbc_encrypt - {en,de}crypt a stream in CBC mode + */ + +/* + * This routine performs DES cipher-block-chaining operation, either + * encrypting from cleartext to ciphertext, if encrypt != 0 or + * decrypting from ciphertext to cleartext, if encrypt == 0. + * + * The key schedule is passed as an arg, as well as the cleartext or + * ciphertext. The cleartext and ciphertext should be in host order. + * + * NOTE-- the output is ALWAYS an multiple of 8 bytes long. If not + * enough space was provided, your program will get trashed. + * + * For encryption, the cleartext string is null padded, at the end, to + * an integral multiple of eight bytes. + * + * For decryption, the ciphertext will be used in integral multiples + * of 8 bytes, but only the first "length" bytes returned into the + * cleartext. + */ + +const mit_des_cblock mit_des_zeroblock /* = all zero */; + +#undef mit_des_cbc_encrypt +int +mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, + unsigned long length, const mit_des_key_schedule schedule, + const mit_des_cblock ivec, int enc) +{ + /* Unsupported operation */ + return KRB5_CRYPTO_INTERNAL; +} +void +krb5int_des_cbc_encrypt(const mit_des_cblock *in, + mit_des_cblock *out, + unsigned long length, + const mit_des_key_schedule schedule, + const mit_des_cblock ivec) +{ + /* Unsupported operation */ + abort(); +} + +void +krb5int_des_cbc_decrypt(const mit_des_cblock *in, + mit_des_cblock *out, + unsigned long length, + const mit_des_key_schedule schedule, + const mit_des_cblock ivec) +{ + /* Unsupported operation */ + abort(); +} + diff --git a/src/lib/crypto/openssl/des/f_cksum.c b/src/lib/crypto/openssl/des/f_cksum.c new file mode 100644 index 000000000..c49c8fdb3 --- /dev/null +++ b/src/lib/crypto/openssl/des/f_cksum.c @@ -0,0 +1,18 @@ +/* + * lib/crypto/openssl/des/f_cksum.c + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + */ + +#include "des_int.h" + +unsigned long +mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out, + unsigned long length, const mit_des_key_schedule schedule, + const krb5_octet *ivec) +{ + /* Unsupported operation */ + return KRB5_CRYPTO_INTERNAL; +} + diff --git a/src/lib/crypto/openssl/des/f_parity.c b/src/lib/crypto/openssl/des/f_parity.c new file mode 100644 index 000000000..1a83db6ef --- /dev/null +++ b/src/lib/crypto/openssl/des/f_parity.c @@ -0,0 +1,29 @@ +/* + * lib/crypto/openssl/des/f_parity.c + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + */ + +#include "des_int.h" +#include + +void +mit_des_fixup_key_parity(mit_des_cblock key) +{ + DES_set_odd_parity(key); +} + +/* + * des_check_key_parity: returns true iff key has the correct des parity. + * See des_fix_key_parity for the definition of + * correct des parity. + */ +int +mit_des_check_key_parity(mit_des_cblock key) +{ + if (!DES_check_key_parity(key)) + return(0); + return (1); +} + diff --git a/src/lib/crypto/openssl/des/f_sched.c b/src/lib/crypto/openssl/des/f_sched.c new file mode 100644 index 000000000..e833132bf --- /dev/null +++ b/src/lib/crypto/openssl/des/f_sched.c @@ -0,0 +1,15 @@ +/* + * lib/crypto/openssl/des/f_sched.c + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + */ + +#include "des_int.h" + +int +mit_des_make_key_sched(mit_des_cblock key, mit_des_key_schedule schedule) +{ + return KRB5_CRYPTO_INTERNAL; // CRYPTO_UNSOPPERTED_OP +} + diff --git a/src/lib/crypto/openssl/des/f_tables.c b/src/lib/crypto/openssl/des/f_tables.c new file mode 100644 index 000000000..a8d161d5c --- /dev/null +++ b/src/lib/crypto/openssl/des/f_tables.c @@ -0,0 +1,17 @@ +/* + * lib/crypto/openssl/des/f_tables.c + * + * Copyright 2009 by the Massachusetts Institute + * of Technology. + * All Rights Reserved. + * + */ + +#include "des_int.h" +#include "f_tables.h" + +const unsigned DES_INT32 des_IP_table[] = {}; +const unsigned DES_INT32 des_FP_table[] = {}; +const unsigned DES_INT32 des_SP_table[] = {}; + + diff --git a/src/lib/crypto/openssl/des/f_tables.h b/src/lib/crypto/openssl/des/f_tables.h new file mode 100644 index 000000000..af20cd59e --- /dev/null +++ b/src/lib/crypto/openssl/des/f_tables.h @@ -0,0 +1,9 @@ +/* + * lib/crypto/des/f_tables.h + * + * Copyright 2009 by the Massachusetts Institute + * of Technology. + * All Rights Reserved. + * + */ + diff --git a/src/lib/crypto/openssl/des/key_sched.c b/src/lib/crypto/openssl/des/key_sched.c new file mode 100644 index 000000000..1007ec961 --- /dev/null +++ b/src/lib/crypto/openssl/des/key_sched.c @@ -0,0 +1,18 @@ +/* + * lib/crypto/openssl/des/key_sched.c + * + * Copyright 2009 by the Massachusetts Institute + * of Technology. + * All Rights Reserved. + * + */ + +#include "des_int.h" + +int +mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule) +{ + /* Unsupported operation */ + return KRB5_CRYPTO_INTERNAL; +} + diff --git a/src/lib/crypto/openssl/des/string2key.c b/src/lib/crypto/openssl/des/string2key.c new file mode 100644 index 000000000..775a15364 --- /dev/null +++ b/src/lib/crypto/openssl/des/string2key.c @@ -0,0 +1,26 @@ +/* + * lib/crypto/openssl/des/string2key.c + * + * Copyright 2009 by the Massachusetts Institute + * of Technology. + * All Rights Reserved. + * + */ + +#include "des_int.h" +#include + + +krb5_error_code +mit_des_string_to_key_int (krb5_keyblock *key, + const krb5_data *pw, const krb5_data *salt) +{ + DES_cblock outkey; + DES_string_to_key(pw->data, &outkey); + if ( key->length < sizeof(outkey)) + return KRB5_CRYPTO_INTERNAL; + key->length = sizeof(outkey); + memcpy(key->contents, outkey, key->length); + return 0; +} + diff --git a/src/lib/crypto/openssl/des/weak_key.c b/src/lib/crypto/openssl/des/weak_key.c new file mode 100644 index 000000000..7f9708392 --- /dev/null +++ b/src/lib/crypto/openssl/des/weak_key.c @@ -0,0 +1,87 @@ +/* + * lib/crypto/openssl/des/weak_key.c + * + * Copyright 1989,1990,2009 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Under U.S. law, this software may not be exported outside the US + * without license from the U.S. Commerce department. + * + * These routines form the library interface to the DES facilities. + * + * Originally written 8/85 by Steve Miller, MIT Project Athena. + */ + +#include "des_int.h" + +/* + * The following are the weak DES keys: + */ +static const mit_des_cblock weak[16] = { + /* weak keys */ + {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, + {0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe}, + {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e}, + {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1}, + + /* semi-weak */ + {0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe}, + {0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01}, + + {0x1f,0xe0,0x1f,0xe0,0x0e,0xf1,0x0e,0xf1}, + {0xe0,0x1f,0xe0,0x1f,0xf1,0x0e,0xf1,0x0e}, + + {0x01,0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1}, + {0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1,0x01}, + + {0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e,0xfe}, + {0xfe,0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e}, + + {0x01,0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e}, + {0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e,0x01}, + + {0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1,0xfe}, + {0xfe,0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1} +}; + +/* + * mit_des_is_weak_key: returns true iff key is a [semi-]weak des key. + * + * Requires: key has correct odd parity. + */ +int +mit_des_is_weak_key(mit_des_cblock key) +{ + unsigned int i; + const mit_des_cblock *weak_p = weak; + + for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) { + if (!memcmp(weak_p++,key,sizeof(mit_des_cblock))) + return 1; + } + if ( DES_is_weak_key(key) == 1) /* Also OpenSSL's check */ + return 1; + + return 0; +} +