From: Ken Raeburn Date: Wed, 5 Mar 2003 02:40:23 +0000 (+0000) Subject: Add AES string-to-key function X-Git-Tag: krb5-1.3-alpha1~51 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=bd7a71a8ec0ac0bc4438a9a55009e081e2cdca45;p=krb5.git Add AES string-to-key function git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15226 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/crypto/aes/ChangeLog b/src/lib/crypto/aes/ChangeLog index b01c82cd4..443aabdd9 100644 --- a/src/lib/crypto/aes/ChangeLog +++ b/src/lib/crypto/aes/ChangeLog @@ -1,3 +1,11 @@ +2003-03-04 Ken Raeburn + + * aes_s2k.c, aes_s2k.h: New files. + * Makefile.in (STLIBOBJS, OBJS, SRCS): Build aes_s2k. + (LOCALINCLUDES): Add dk directory. + (GEN_OBJS): New variable. + (aes-gen): Use GEN_OBJS. + 2003-02-28 Ezra Peisach * Makefile.in (clean): Cleanup testing objects and outputs diff --git a/src/lib/crypto/aes/Makefile.in b/src/lib/crypto/aes/Makefile.in index 18f405dad..d14f0f906 100644 --- a/src/lib/crypto/aes/Makefile.in +++ b/src/lib/crypto/aes/Makefile.in @@ -2,7 +2,7 @@ thisconfigdir=./.. myfulldir=lib/crypto/aes mydir=aes BUILDTOP=$(REL)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/.. +LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../dk ##DOS##BUILDTOP = ..\..\.. ##DOS##PREFIXDIR=aes @@ -17,20 +17,25 @@ RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf STLIBOBJS=\ aescrypt.o \ aestab.o \ - aeskey.o -# aess2k.o + aeskey.o \ + aes_s2k.o OBJS=\ $(OUTPRE)aescrypt.$(OBJEXT) \ $(OUTPRE)aestab.$(OBJEXT) \ - $(OUTPRE)aeskey.$(OBJEXT) -# $(OUTPRE)aess2k.$(OBJEXT) + $(OUTPRE)aeskey.$(OBJEXT) \ + $(OUTPRE)aes_s2k.$(OBJEXT) SRCS=\ $(srcdir)/aescrypt.c \ $(srcdir)/aestab.c \ - $(srcdir)/aeskey.c -# $(srcdir)/aess2k.c + $(srcdir)/aeskey.c \ + $(srcdir)/aes_s2k.c + +GEN_OBJS=\ + $(OUTPRE)aescrypt.$(OBJEXT) \ + $(OUTPRE)aestab.$(OBJEXT) \ + $(OUTPRE)aeskey.$(OBJEXT) ##DOS##LIBOBJS = $(OBJS) @@ -40,8 +45,8 @@ includes:: depend depend:: $(SRCS) -aes-gen: aes-gen.o $(OBJS) - $(CC) -o aes-gen aes-gen.o $(OBJS) +aes-gen: aes-gen.o $(GEN_OBJS) + $(CC) -o aes-gen aes-gen.o $(GEN_OBJS) run-aes-gen: aes-gen ./aes-gen > kresults.out @@ -76,4 +81,9 @@ aestab.so aestab.po $(OUTPRE)aestab.$(OBJEXT): aestab.c aesopt.h aes.h \ uitypes.h aeskey.so aeskey.po $(OUTPRE)aeskey.$(OBJEXT): aeskey.c aesopt.h aes.h \ uitypes.h +aes_s2k.so aes_s2k.po $(OUTPRE)aes_s2k.$(OBJEXT): aes_s2k.c $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ + $(BUILDTOP)/include/profile.h aes_s2k.h diff --git a/src/lib/crypto/aes/aes_s2k.c b/src/lib/crypto/aes/aes_s2k.c new file mode 100644 index 000000000..f3670d7d8 --- /dev/null +++ b/src/lib/crypto/aes/aes_s2k.c @@ -0,0 +1,53 @@ +/* Insert MIT copyright here. */ + +#include "k5-int.h" +#include "dk.h" +#include "aes_s2k.h" + +krb5_error_code +krb5int_aes_string_to_key(const struct krb5_enc_provider *enc, + const krb5_data *string, + const krb5_data *salt, + const krb5_data *params, + krb5_keyblock *key) +{ + unsigned long iter_count; + krb5_data out; + static const krb5_data usage = { KV5M_DATA, 8, "kerberos" }; + krb5_error_code err; + + if (params) { + unsigned char *p = (unsigned char *) params->data; + if (params->length != 4) + return KRB5_ERR_BAD_S2K_PARAMS; + iter_count = ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | (p[3])); + if (iter_count == 0) { + iter_count = (1L << 16) << 16; + if (((iter_count >> 16) >> 16) != 1) + return KRB5_ERR_BAD_S2K_PARAMS; + } + } else + iter_count = 0xb000L; + + /* + * Dense key space, no parity bits or anything, so take a shortcut + * and use the key contents buffer for the generated bytes. + */ + out.data = (char *) key->contents; + out.length = key->length; + if (out.length != 16 && out.length != 32) + return KRB5_CRYPTO_INTERNAL; + + err = krb5int_pbkdf2_hmac_sha1 (&out, iter_count, string, salt); + if (err) { + memset(out.data, 0, out.length); + return err; + } + + err = krb5_derive_key (enc, key, key, &usage); + if (err) { + memset(out.data, 0, out.length); + return err; + } + return 0; +} diff --git a/src/lib/crypto/aes/aes_s2k.h b/src/lib/crypto/aes/aes_s2k.h new file mode 100644 index 000000000..b6804a991 --- /dev/null +++ b/src/lib/crypto/aes/aes_s2k.h @@ -0,0 +1,4 @@ +extern krb5_error_code +krb5int_aes_string_to_key (const struct krb5_enc_provider *, + const krb5_data *, const krb5_data *, + const krb5_data *, krb5_keyblock *key);