From: Sam Hartman Date: Fri, 9 Nov 2001 19:59:20 +0000 (+0000) Subject: Next pass at making things use krb5 types and functions X-Git-Tag: krb5-1.3-alpha1~957 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=d39e4236a30185ed1a4bb535b7d9d5fda90dbfb0;p=krb5.git Next pass at making things use krb5 types and functions git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13972 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/crypto/yarrow/ChangeLog b/src/lib/crypto/yarrow/ChangeLog index 4581ea036..6a0e5c4e0 100644 --- a/src/lib/crypto/yarrow/ChangeLog +++ b/src/lib/crypto/yarrow/ChangeLog @@ -1,5 +1,17 @@ +2001-11-09 Sam Hartman + + * yhash.h : Use krb5 shaa1 + + * yarrow.c (Yarrow_Reseed): For all calls to cipher_init, use TRY + block and use function rather than macros + (Yarrow_Reseed): call encrypt block function not macro + + * ycipher.h: Make the the interface use functions not macros; convert for krb5 ciphers + 2001-11-08 Sam Hartman + * ylock.h (lock UNLOCK): Turn into no-ops + * yarrow.h: Don't use #error (YARROW_DLL): Don't actually ever export or import from win32 dlls as Yarrow is not a public part of krb5 API (yarrow_poll): Drop from the API diff --git a/src/lib/crypto/yarrow/yarrow.c b/src/lib/crypto/yarrow/yarrow.c index 3c5d83862..7d9e6bdcf 100644 --- a/src/lib/crypto/yarrow/yarrow.c +++ b/src/lib/crypto/yarrow/yarrow.c @@ -175,7 +175,7 @@ int Yarrow_Init(Yarrow_CTX* y, const char *filename) mem_zero(y->K, sizeof(y->K)); - CIPHER_Init(&y->cipher, y->K); + TRY (Krb5int_Yarrow_Cipher_Init(&y->cipher, y->K)); y->out_left = 0; y->out_count = 0; y->gate_count = 0; @@ -402,7 +402,7 @@ static int Yarrow_Output_Block( Yarrow_CTX* y, void* out ) /* R <- E_k(C) */ - CIPHER_Encrypt_Block( &y->cipher, y->C, out ); + TRY ( krb5int_yarrow_cipher_encrypt_block ( &y->cipher, y->C, out )) #if defined(YARROW_DEBUG) printf("===\n"); @@ -526,7 +526,7 @@ int Yarrow_Gate(Yarrow_CTX* y) /* need to resetup the key schedule as the key has changed */ - CIPHER_Init(&y->cipher, y->K); + TRY (Krb5int_Yarrow_Cipher_Init(&y->cipher, y->K)); CATCH: TRACE( printf( "]," ); ); @@ -678,7 +678,7 @@ int Yarrow_Reseed(Yarrow_CTX* y, int pool) /* need to resetup the key schedule as the key has changed */ - CIPHER_Init(&y->cipher, y->K); + TRY(Krb5int_Yarrow_Cipher_Init(&y->cipher, y->K)); #if defined(YARROW_DEBUG) hex_print(stdout, "new K", y->K, sizeof(y->K)); @@ -689,7 +689,7 @@ int Yarrow_Reseed(Yarrow_CTX* y, int pool) #if defined(YARROW_DEBUG) hex_print(stdout, "old C", y->C, sizeof(y->C)); #endif - CIPHER_Encrypt_Block(&y->cipher, zero_block, y->C); + TRY (krb5int_yarrow_cipher_encrypt_block (&y->cipher, zero_block, y->C)) #if defined(YARROW_DEBUG) hex_print(stdout, "new C", y->C, sizeof(y->C)); #endif diff --git a/src/lib/crypto/yarrow/ycipher.c b/src/lib/crypto/yarrow/ycipher.c new file mode 100644 index 000000000..d354bae88 --- /dev/null +++ b/src/lib/crypto/yarrow/ycipher.c @@ -0,0 +1,79 @@ +/* + * lib/crypto/yarrow/ycipher.c + * + * Copyright (C) 2001 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * + * Routines to implement krb5 cipher operations. + */ +#include "k5-int.h" +#include "yarrow.h" +#include "ycipher.h" +#include "enc_provider.h" +#include "assert.h" + +int krb5int_yarrow_cipher_init +(CIPHER_CTX *ctx, + const char * key) +{ + size_t keybytes, keylength; + const struct krb5_enc_provider *enc = &yarrow_enc_provider; + krb5_error_code ret; + krb5_data randombits; + enc->keysize (&keybytes, &keylength); + assert (keybytes == CIPHER_KEY_SIZE); + if (ctx->key.contents) + krb5_free_keyblock_contents (0, &ctx->key); + ctx->key.contents = (void *) malloc (keylength); + ctx->key.length = keylength; + if (ctx->key.contents == NULL) + return (YARROW_NOMEM); + randombits.data = (char *) key; + randombits.length = keybytes; + ret = enc->make_key (&randombits, &ctx->key); + if (ret) { + krb5_free_keyblock_contents (0, &ctx->key); + return (YARROW_FAIL); + } + return (YARROW_OK); +} + +int krb5int_yarrow_cipher_encrypt_block +(CIPHER_CTX *ctx, const char *in, + char *out) +{ + krb5_error_code ret; + krb5_data ind; + krb5_enc_data outd; + const struct krb5_enc_provider *enc = &yarrow_enc_provider; + ind.data = (char *) in; + ind.length = CIPHER_BLOCK_SIZE; + outd.data = out; + outd.length = CIPHER_BLOCK_SIZE; + ret = enc->encrypt (ctx->key, 0, ind, outd); + if (ret) + return YARROW_FAIL; + return YARROW_OK; +} + diff --git a/src/lib/crypto/yarrow/ycipher.h b/src/lib/crypto/yarrow/ycipher.h index 38c878d69..87ae85a1b 100644 --- a/src/lib/crypto/yarrow/ycipher.h +++ b/src/lib/crypto/yarrow/ycipher.h @@ -5,126 +5,33 @@ /* block cipher interface */ -/* default to 3DES for yarrow 160 */ - -#if !defined(YARROW_CIPHER_3DES) && !defined(YARROW_CIPHER_BLOWFISH) -# if !defined(YARROW_CIPHER_IDEA) -# define YARROW_CIPHER_3DES -# endif -#endif - -#if defined(YARROW_CIPHER_3DES) - -/* For yarrow160 use 3 key 3DES */ - -#include "openssl/des.h" - -/* first deal with DES */ - -typedef struct { des_key_schedule ks; } DES_CTX; - -#define DES_BLOCK_SIZE DES_KEY_SZ - -#define DES_PARITY_KEY_SIZE DES_KEY_SZ -/* effective key size, sans parity */ -#define DES_KEY_SIZE (DES_PARITY_KEY_SIZE-1) - -/* key schedule needs to stretch 56 bit key to 64 bit key leaving - * slots for parity bits - */ - -#define DES_Init( ctx, key ) \ -do { \ - byte parity_key[ DES_PARITY_KEY_SIZE ]; \ - void* parity_keyp = (void*)parity_key; \ - parity_key[ 0 ] = (key)[ 0 ]; \ - parity_key[ 1 ] = (key)[ 0 ] << 7 | (key)[ 1 ] >> 2; \ - parity_key[ 2 ] = (key)[ 1 ] << 6 | (key)[ 2 ] >> 3; \ - parity_key[ 3 ] = (key)[ 2 ] << 5 | (key)[ 3 ] >> 4; \ - parity_key[ 4 ] = (key)[ 3 ] << 4 | (key)[ 4 ] >> 5; \ - parity_key[ 5 ] = (key)[ 4 ] << 3 | (key)[ 5 ] >> 6; \ - parity_key[ 6 ] = (key)[ 5 ] << 2 | (key)[ 6 ] >> 7; \ - parity_key[ 7 ] = (key)[ 6 ] << 1; \ - des_key_sched( (des_cblock*) parity_keyp, (ctx)->ks ); \ -} while (0) - typedef struct { - DES_CTX ks1, ks2, ks3; + krb5_keyblock key; } CIPHER_CTX; -#define CIPHER_BLOCK_SIZE DES_BLOCK_SIZE -#define CIPHER_KEY_SIZE (DES_KEY_SIZE * 3) - -#if defined( YARROW_NO_MATHLIB ) -/* see macros at end for functions evaluated */ -#define POW_CIPHER_KEY_SIZE 72057594037927936.0 -#define POW_CIPHER_BLOCK_SIZE 18446744073709551616.0 -#endif - -#define CIPHER_Init(ctx, key) \ -do { \ - DES_Init( &(ctx)->ks1, key ); \ - DES_Init( &(ctx)->ks2, key+DES_KEY_SIZE ); \ - DES_Init( &(ctx)->ks3, key+2*DES_KEY_SIZE ); \ -} while (0) - -#define CIPHER_Encrypt_Block(ctx, in, out)\ - des_ecb3_encrypt((des_cblock*) in, (des_cblock*) out,\ - (ctx)->ks1.ks, (ctx)->ks2.ks, (ctx)->ks3.ks, 1) - -#elif defined(YARROW_CIPHER_BLOWFISH) - -/* macros to allow blowfish */ - -#include "openssl/blowfish.h" +/* We need to choose a cipher. To do this, choose an enc_provider. + * Be sure to update the block size and key size constants below; + * they are here because static data structures are sized based on + * them so they must be known at compile time./ Thus we cannot + * call the enc_provider function to get the info. + */ -typedef struct -{ - BF_KEY ks; -} CIPHER_CTX; +#define yarrow_enc_provider krb5int_enc_des3 -#define CIPHER_BLOCK_SIZE BF_BLOCK -#define CIPHER_KEY_SIZE 16 +#define CIPHER_BLOCK_SIZE 8 +#define CIPHER_KEY_SIZE 21 #if defined( YARROW_NO_MATHLIB ) /* see macros at end for functions evaluated */ -#define POW_CIPHER_KEY_SIZE 6981463658331.6 +#define POW_CIPHER_KEY_SIZE 72057594037927936.0 #define POW_CIPHER_BLOCK_SIZE 18446744073709551616.0 #endif -#define CIPHER_Init(ctx, key)\ - BF_set_key(&(ctx)->ks, CIPHER_KEY_SIZE, (void*)key) -#define CIPHER_Encrypt_Block(ctx, in, out)\ - BF_ecb_encrypt((void*) in, (void*) out, &(ctx)->ks, 1) - -#elif defined(YARROW_CIPHER_IDEA) - -/* macros to allow IDEA */ - -#include "openssl/idea.h" - -typedef struct -{ - IDEA_KEY_SCHEDULE ks; -} CIPHER_CTX; - -#define CIPHER_BLOCK_SIZE IDEA_BLOCK -#define CIPHER_KEY_SIZE IDEA_KEY_LENGTH - -#if defined( YARROW_NO_MATHLIB ) -/* see macros at end for functions evaluated */ -#define POW_CIPHER_KEY_SIZE 6981463658331.55909006437584655441 -#define POW_CIPHER_BLOCK_SIZE 18446744073709551616.000000 -#endif - -#define CIPHER_Init(ctx, key)\ - idea_set_encrypt_key((void*) key, &(ctx)->ks) -#define CIPHER_Encrypt_Block(ctx, in, out)\ - idea_ecb_encrypt((void*)in, (void*)out, &(ctx)->ks) - -#endif +int krb5int_yarrow_cipher_init (CIPHER_CTX *ctx, const char *key); +int krb5int_yarrow_cipher_encrypt_block +(CIPHER_CTX *ctx, const char *in, char *out); #if !defined( YARROW_NO_MATHLIB ) #define POW_CIPHER_KEY_SIZE pow(2.0, CIPHER_KEY_SIZE * 8 / 3.0) diff --git a/src/lib/crypto/yarrow/yhash.h b/src/lib/crypto/yarrow/yhash.h index 9ad6ed7fa..579432f30 100644 --- a/src/lib/crypto/yarrow/yhash.h +++ b/src/lib/crypto/yarrow/yhash.h @@ -7,34 +7,19 @@ /* default to SHA1 for yarrow 160 */ -#if !defined(YARROW_HASH_SHA1) && !defined(YARROW_HASH_MD5) -# define YARROW_HASH_SHA1 -#endif +#include "shs.h" -#if defined(YARROW_HASH_SHA1) -/* For yarrow160 use SHA1 */ -#include "openssl/sha.h" +#define HASH_CTX SHS_INFO +#define HASH_Init(x) shsinit(x) +#define HASH_Update(x, buf, sz) shsupdate(x, (void*)buf, sz) +#define HASH_Final(x, digest) do { \ + shsfinal(x); \ + memcpy(digest, (void *) x.digest, SHS_DIGESTSIZE); \ + } while(0;) -#define HASH_CTX SHA_CTX -#define HASH_Init(x) SHA1_Init(x) -#define HASH_Update(x, buf, sz) SHA1_Update(x, (void*)buf, sz) -#define HASH_Final(x, digest) SHA1_Final(digest, x) -#define HASH_DIGEST_SIZE SHA_DIGEST_LENGTH - -#elif defined(YARROW_HASH_MD5) - -#include "openssl/md5.h" - -#define HASH_CTX MD5_CTX -#define HASH_Init(x) MD5_Init(x) -#define HASH_Update(x, buf, sz) MD5_Update(x, (void*)buf, sz) -#define HASH_Final(x, digest) MD5_Final(digest, x) - -#define HASH_DIGEST_SIZE MD5_DIGEST_LENGTH - -#endif +#define HASH_DIGEST_SIZE SHS_DIGESTSIZE #endif /* YHASH_H */ diff --git a/src/lib/crypto/yarrow/ylock.h b/src/lib/crypto/yarrow/ylock.h index cbfd8dc08..3e5260540 100644 --- a/src/lib/crypto/yarrow/ylock.h +++ b/src/lib/crypto/yarrow/ylock.h @@ -11,8 +11,8 @@ * and YARROW_LOCKING on failure */ -#include "openssl/crypto.h" -int LOCK( void ) { CRYPTO_w_lock(CRYPTO_LOCK_RAND); return (YARROW_OK); } -int UNLOCK( void ) { CRYPTO_w_unlock(CRYPTO_LOCK_RAND); return (YARROW_OK); } + +int LOCK( void ) { return (YARROW_OK); } +int UNLOCK( void ) { return (YARROW_OK); } #endif /* YLOCK_H */