From 1174bcf393bf9432f0c8ebbf61016c82c2d04fba Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Mon, 20 May 1996 21:20:12 +0000 Subject: [PATCH] md5crypto.c, md5crypto.h: Change use of RSA_MD5_DES_CKSUM_LENGTH to use OLD_RSA_MD5_DES_CKSUM_LENGTH and NEW_RSA_MD5_DES_CKSUM_LENGTH, as appropriate. t_cksum.c (main): Use proper header file constants to get the correct checksum length for the MD4 and MD5 old-style and new-style checksum functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8066 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/md5/ChangeLog | 10 +++ src/lib/crypto/md5/md5crypto.c | 122 ++++++++------------------------- src/lib/crypto/md5/rsa-md5.h | 3 +- src/lib/crypto/md5/t_cksum.c | 63 +++++++++-------- 4 files changed, 73 insertions(+), 125 deletions(-) diff --git a/src/lib/crypto/md5/ChangeLog b/src/lib/crypto/md5/ChangeLog index ae09cdab7..b5a2a6698 100644 --- a/src/lib/crypto/md5/ChangeLog +++ b/src/lib/crypto/md5/ChangeLog @@ -1,3 +1,13 @@ +Mon May 20 17:19:00 1996 Theodore Y. Ts'o + + * md5crypto.c, md5crypto.h: Change use of RSA_MD5_DES_CKSUM_LENGTH + to use OLD_RSA_MD5_DES_CKSUM_LENGTH and + NEW_RSA_MD5_DES_CKSUM_LENGTH, as appropriate. + + * t_cksum.c (main): Use proper header file constants to get the + correct checksum length for the MD4 and MD5 old-style and + new-style checksum functions. + Sat May 18 01:49:33 1996 Theodore Y. Ts'o * md5crypto.c: Define MD5_K5BETA_COMPAT and MD5_K5BETA_COMP_DEF so diff --git a/src/lib/crypto/md5/md5crypto.c b/src/lib/crypto/md5/md5crypto.c index c37b8e658..1982a56e2 100644 --- a/src/lib/crypto/md5/md5crypto.c +++ b/src/lib/crypto/md5/md5crypto.c @@ -54,7 +54,7 @@ krb5_pointer seed; size_t seed_length; krb5_checksum FAR *outcksum; { - krb5_octet outtmp[RSA_MD5_DES_CKSUM_LENGTH]; + krb5_octet outtmp[OLD_RSA_MD5_DES_CKSUM_LENGTH]; krb5_octet *input = (krb5_octet *)in; krb5_encrypt_block eblock; krb5_keyblock keyblock; @@ -67,7 +67,7 @@ krb5_checksum FAR *outcksum; krb5_MD5Final(&working); outcksum->checksum_type = CKSUMTYPE_RSA_MD5_DES; - outcksum->length = RSA_MD5_DES_CKSUM_LENGTH; + outcksum->length = OLD_RSA_MD5_DES_CKSUM_LENGTH; memcpy((char *)outtmp, (char *)&working.digest[0], 16); @@ -82,7 +82,7 @@ krb5_checksum FAR *outcksum; /* now encrypt it */ retval = mit_des_cbc_encrypt((mit_des_cblock *)&outtmp[0], (mit_des_cblock *)outcksum->contents, - RSA_MD5_DES_CKSUM_LENGTH, + OLD_RSA_MD5_DES_CKSUM_LENGTH, (struct mit_des_ks_struct *)eblock.priv, keyblock.contents, MIT_DES_ENCRYPT); @@ -102,22 +102,19 @@ krb5_pointer seed; size_t seed_length; krb5_checksum FAR *outcksum; { - krb5_octet outtmp[RSA_MD5_DES_CKSUM_LENGTH+ - RSA_MD5_DES_CONFOUND_LENGTH]; + krb5_octet outtmp[NEW_RSA_MD5_DES_CKSUM_LENGTH]; mit_des_cblock tmpkey; - krb5_octet *input = (krb5_octet *)in; krb5_encrypt_block eblock; krb5_keyblock keyblock; krb5_error_code retval; size_t i; krb5_MD5_CTX working; - if (outcksum->length < RSA_MD5_DES_CKSUM_LENGTH + RSA_MD5_DES_CONFOUND_LENGTH) + if (outcksum->length < NEW_RSA_MD5_DES_CKSUM_LENGTH) return KRB5_BAD_MSIZE; /* Generate the confounder in place */ - if (retval = krb5_random_confounder(RSA_MD5_DES_CONFOUND_LENGTH, - outtmp)) + if ((retval = krb5_random_confounder(RSA_MD5_DES_CONFOUND_LENGTH, outtmp))) return(retval); /* Calculate the checksum */ @@ -128,12 +125,12 @@ krb5_checksum FAR *outcksum; in_length); outcksum->checksum_type = CKSUMTYPE_RSA_MD5_DES; - outcksum->length = RSA_MD5_DES_CKSUM_LENGTH + RSA_MD5_DES_CONFOUND_LENGTH; + outcksum->length = NEW_RSA_MD5_DES_CKSUM_LENGTH; /* Now blast in the digest */ memcpy((char *)&outtmp[RSA_MD5_DES_CONFOUND_LENGTH], (char *)&working.digest[0], - RSA_MD5_DES_CKSUM_LENGTH); + RSA_MD5_CKSUM_LENGTH); /* Clean up the droppings */ memset((char *)&working, 0, sizeof(working)); @@ -152,8 +149,7 @@ krb5_checksum FAR *outcksum; /* now encrypt it */ retval = mit_des_cbc_encrypt((mit_des_cblock *)&outtmp[0], (mit_des_cblock *)outcksum->contents, - RSA_MD5_DES_CKSUM_LENGTH + - RSA_MD5_DES_CONFOUND_LENGTH, + NEW_RSA_MD5_DES_CKSUM_LENGTH, (struct mit_des_ks_struct *)eblock.priv, zero_ivec, MIT_DES_ENCRYPT); @@ -172,10 +168,8 @@ size_t in_length; krb5_pointer seed; size_t seed_length; { - krb5_octet outtmp[RSA_MD5_DES_CKSUM_LENGTH+ - RSA_MD5_DES_CONFOUND_LENGTH]; + krb5_octet outtmp[NEW_RSA_MD5_DES_CKSUM_LENGTH]; mit_des_cblock tmpkey; - krb5_octet *input = (krb5_octet *)in; krb5_encrypt_block eblock; krb5_keyblock keyblock; krb5_error_code retval; @@ -187,13 +181,14 @@ size_t seed_length; if (cksum->checksum_type == CKSUMTYPE_RSA_MD5_DES) { #ifdef MD5_K5BETA_COMPAT /* - * We have a backwards compatibility problem here. Kerberos version 5 - * Beta 5 and previous releases did not correctly generate RSA-MD5-DES - * checksums. The way that we can differentiate is by the length of - * the provided checksum. If it's only RSA_MD5_DES_CKSUM_LENGTH, then - * it's the old style, otherwise it's the correct implementation. + * We have a backwards compatibility problem here. Kerberos + * version 5 Beta 5 and previous releases did not correctly + * generate RSA-MD5-DES checksums. The way that we can + * differentiate is by the length of the provided checksum. + * If it's only OLD_RSA_MD5_DES_CKSUM_LENGTH, then it's the + * old style, otherwise it's the correct implementation. */ - if (cksum->length == RSA_MD5_DES_CKSUM_LENGTH) { + if (cksum->length == OLD_RSA_MD5_DES_CKSUM_LENGTH) { /* * If we're verifying the Old Style (tm) checksum, then we can just * recalculate the checksum and encrypt it and see if it's the @@ -217,7 +212,7 @@ size_t seed_length; /* now encrypt the checksum */ retval = mit_des_cbc_encrypt((mit_des_cblock *)&working.digest[0], (mit_des_cblock *)&outtmp[0], - RSA_MD5_DES_CKSUM_LENGTH, + OLD_RSA_MD5_DES_CKSUM_LENGTH, (struct mit_des_ks_struct *) eblock.priv, keyblock.contents, @@ -226,19 +221,18 @@ size_t seed_length; (void) mit_des_finish_key(&eblock); return retval; } - if (retval = mit_des_finish_key(&eblock)) + if ((retval = mit_des_finish_key(&eblock))) return(retval); /* Compare the encrypted checksums */ if (memcmp((char *) &outtmp[0], (char *) cksum->contents, - RSA_MD5_DES_CKSUM_LENGTH)) + OLD_RSA_MD5_DES_CKSUM_LENGTH)) retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; } else #endif /* MD5_K5BETA_COMPAT */ - if (cksum->length == (RSA_MD5_DES_CKSUM_LENGTH + - RSA_MD5_DES_CONFOUND_LENGTH)) { + if (cksum->length == (NEW_RSA_MD5_DES_CKSUM_LENGTH)) { /* * If we're verifying the correct implementation, then we have * to do a little more work because we must decrypt the checksum @@ -260,8 +254,7 @@ size_t seed_length; /* now decrypt it */ retval = mit_des_cbc_encrypt((mit_des_cblock *)cksum->contents, (mit_des_cblock *)&outtmp[0], - RSA_MD5_DES_CKSUM_LENGTH + - RSA_MD5_DES_CONFOUND_LENGTH, + NEW_RSA_MD5_DES_CKSUM_LENGTH, (struct mit_des_ks_struct *) eblock.priv, zero_ivec, @@ -270,65 +263,7 @@ size_t seed_length; (void) mit_des_finish_key(&eblock); return retval; } - if (retval = mit_des_finish_key(&eblock)) - return(retval); - - /* Now that we have the decrypted checksum, try to regenerate it */ - krb5_md5_calculate_cksum(&working, - (krb5_pointer) outtmp, - (size_t) RSA_MD5_DES_CONFOUND_LENGTH, - in, - in_length); - - /* Compare the checksums */ - if (memcmp((char *) &outtmp[RSA_MD5_DES_CONFOUND_LENGTH], - (char *) &working.digest[0], - RSA_MD5_DES_CKSUM_LENGTH)) - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - else - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } -#if CKSUMTYPE_RSA_MD5_DES3 - else if (cksum->checksum_type == CKSUMTYPE_RSA_MD5_DES3) { - if (cksum->length == (RSA_MD5_DES_CKSUM_LENGTH + - RSA_MD5_DES_CONFOUND_LENGTH)) { - /* - * If we're verifying the correct implementation, then we have - * to do a little more work because we must decrypt the checksum - * because it contains the confounder in it. So, figure out - * what our key variant is and then do it! - */ - - /* Set up the variant of the key (see RFC 1510 section 6.4.5) */ - memset((char *) tmpkey, 0, sizeof(mit_des_cblock)); - for (i=0; (icontents, - (mit_des_cblock *)&outtmp[0], - RSA_MD5_DES_CKSUM_LENGTH + - RSA_MD5_DES_CONFOUND_LENGTH, - (struct mit_des_ks_struct *) - eblock.priv, - ((struct mit_des_ks_struct *) - eblock.priv) + 1, - ((struct mit_des_ks_struct *) - eblock.priv) + 2, - keyblock.contents, - MIT_DES_DECRYPT); - if (retval) { - (void) mit_des_finish_key(&eblock); - return retval; - } - if (retval = mit_des_finish_key(&eblock)) + if ((retval = mit_des_finish_key(&eblock))) return(retval); /* Now that we have the decrypted checksum, try to regenerate it */ @@ -341,13 +276,12 @@ size_t seed_length; /* Compare the checksums */ if (memcmp((char *) &outtmp[RSA_MD5_DES_CONFOUND_LENGTH], (char *) &working.digest[0], - RSA_MD5_DES_CKSUM_LENGTH)) + RSA_MD5_CKSUM_LENGTH)) retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; } else retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; } -#endif /* CKSUMTYPE_RSA_MD5_DES3 */ else retval = KRB5KRB_AP_ERR_INAPP_CKSUM; @@ -362,7 +296,7 @@ krb5_checksum_entry rsa_md5_des_cksumtable_entry = 0, krb5_md5_crypto_compat_sum_func, krb5_md5_crypto_verify_func, - RSA_MD5_DES_CKSUM_LENGTH, + OLD_RSA_MD5_DES_CKSUM_LENGTH, 1, /* is collision proof */ 1, /* uses key */ }; @@ -371,7 +305,7 @@ krb5_checksum_entry rsa_md5_des_cksumtable_entry = 0, krb5_md5_crypto_sum_func, krb5_md5_crypto_verify_func, - RSA_MD5_DES_CKSUM_LENGTH+RSA_MD5_DES_CONFOUND_LENGTH, + NEW_RSA_MD5_DES_CKSUM_LENGTH, 1, /* is collision proof */ 1, /* uses key */ }; @@ -388,12 +322,12 @@ krb5_md5_crypto_compat_ctl(scompat) if (scompat) { rsa_md5_des_cksumtable_entry.sum_func = krb5_md5_crypto_compat_sum_func; rsa_md5_des_cksumtable_entry.checksum_length = - RSA_MD5_DES_CKSUM_LENGTH; + OLD_RSA_MD5_DES_CKSUM_LENGTH; } else { rsa_md5_des_cksumtable_entry.sum_func = krb5_md5_crypto_sum_func; rsa_md5_des_cksumtable_entry.checksum_length = - RSA_MD5_DES_CKSUM_LENGTH + RSA_MD5_DES_CONFOUND_LENGTH; + NEW_RSA_MD5_DES_CKSUM_LENGTH; } } #endif /* MD5_K5BETA_COMPAT */ diff --git a/src/lib/crypto/md5/rsa-md5.h b/src/lib/crypto/md5/rsa-md5.h index 084ae7360..5be6257ae 100644 --- a/src/lib/crypto/md5/rsa-md5.h +++ b/src/lib/crypto/md5/rsa-md5.h @@ -59,7 +59,8 @@ extern void krb5_MD5Final(); #endif #define RSA_MD5_CKSUM_LENGTH 16 -#define RSA_MD5_DES_CKSUM_LENGTH 16 +#define OLD_RSA_MD5_DES_CKSUM_LENGTH 16 +#define NEW_RSA_MD5_DES_CKSUM_LENGTH 24 #define RSA_MD5_DES_CONFOUND_LENGTH 8 extern krb5_checksum_entry diff --git a/src/lib/crypto/md5/t_cksum.c b/src/lib/crypto/md5/t_cksum.c index d28e36c16..5bc63709d 100644 --- a/src/lib/crypto/md5/t_cksum.c +++ b/src/lib/crypto/md5/t_cksum.c @@ -39,9 +39,13 @@ #endif /* MD == 5 */ #include "des_int.h" +#define MD5_K5BETA_COMPAT +#define MD4_K5BETA_COMPAT + #if MD == 4 #define CONFOUNDER_LENGTH RSA_MD4_DES_CONFOUND_LENGTH -#define CHECKSUM_LENGTH RSA_MD4_DES_CKSUM_LENGTH +#define NEW_CHECKSUM_LENGTH NEW_RSA_MD4_DES_CKSUM_LENGTH +#define OLD_CHECKSUM_LENGTH OLD_RSA_MD4_DES_CKSUM_LENGTH #define CHECKSUM_TYPE CKSUMTYPE_RSA_MD4_DES #ifdef MD4_K5BETA_COMPAT #define K5BETA_COMPAT 1 @@ -55,7 +59,8 @@ #if MD == 5 #define CONFOUNDER_LENGTH RSA_MD5_DES_CONFOUND_LENGTH -#define CHECKSUM_LENGTH RSA_MD5_DES_CKSUM_LENGTH +#define NEW_CHECKSUM_LENGTH NEW_RSA_MD5_DES_CKSUM_LENGTH +#define OLD_CHECKSUM_LENGTH OLD_RSA_MD5_DES_CKSUM_LENGTH #define CHECKSUM_TYPE CKSUMTYPE_RSA_MD5_DES #ifdef MD5_K5BETA_COMPAT #define K5BETA_COMPAT 1 @@ -91,9 +96,7 @@ main(argc, argv) int argc; char **argv; { - krb5_octet confound[CONFOUNDER_LENGTH]; int msgindex; - int i; krb5_context kcontext; krb5_encrypt_block encblock; krb5_keyblock keyblock; @@ -107,62 +110,62 @@ main(argc, argv) pwdata.length = strlen(pwd); pwdata.data = pwd; krb5_use_enctype(kcontext, &encblock, DEFAULT_KDC_ENCTYPE); - if (kret = mit_des_string_to_key(&encblock, &keyblock, &pwdata, NULL)) { + if ((kret = mit_des_string_to_key(&encblock, &keyblock, &pwdata, NULL))) { printf("mit_des_string_to_key choked with %d\n", kret); return(kret); } - if (kret = mit_des_process_key(&encblock, &keyblock)) { + if ((kret = mit_des_process_key(&encblock, &keyblock))) { printf("mit_des_process_key choked with %d\n", kret); return(kret); } - oldstyle_checksum.length = CHECKSUM_LENGTH; - if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(CHECKSUM_LENGTH))) { + oldstyle_checksum.length = OLD_CHECKSUM_LENGTH; + if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(OLD_CHECKSUM_LENGTH))) { printf("cannot get memory for old style checksum\n"); return(ENOMEM); } - newstyle_checksum.length = krb5_checksum_size(kcontext, CHECKSUM_TYPE); + newstyle_checksum.length = NEW_CHECKSUM_LENGTH; if (!(newstyle_checksum.contents = (krb5_octet *) - malloc(newstyle_checksum.length))) { + malloc(NEW_CHECKSUM_LENGTH))) { printf("cannot get memory for new style checksum\n"); return(ENOMEM); } for (msgindex = 1; msgindex < argc; msgindex++) { - if (kret = CKSUM_FUNCTION(argv[msgindex], - strlen(argv[msgindex]), - (krb5_pointer) keyblock.contents, - keyblock.length, - &newstyle_checksum)) { + if ((kret = CKSUM_FUNCTION(argv[msgindex], + strlen(argv[msgindex]), + (krb5_pointer) keyblock.contents, + keyblock.length, + &newstyle_checksum))) { printf("krb5_calculate_checksum choked with %d\n", kret); break; } print_checksum("correct", MD, argv[msgindex], &newstyle_checksum); #ifdef K5BETA_COMPAT - if (kret = COMPAT_FUNCTION(argv[msgindex], - strlen(argv[msgindex]), - (krb5_pointer) keyblock.contents, - keyblock.length, - &oldstyle_checksum)) { + if ((kret = COMPAT_FUNCTION(argv[msgindex], + strlen(argv[msgindex]), + (krb5_pointer) keyblock.contents, + keyblock.length, + &oldstyle_checksum))) { printf("old style calculate_checksum choked with %d\n", kret); break; } print_checksum("old", MD, argv[msgindex], &oldstyle_checksum); #endif /* K5BETA_COMPAT */ - if (kret = VERIFY_FUNCTION(&newstyle_checksum, - argv[msgindex], - strlen(argv[msgindex]), - (krb5_pointer) keyblock.contents, - keyblock.length)) { + if ((kret = VERIFY_FUNCTION(&newstyle_checksum, + argv[msgindex], + strlen(argv[msgindex]), + (krb5_pointer) keyblock.contents, + keyblock.length))) { printf("verify on new checksum choked with %d\n", kret); break; } printf("Verify succeeded for \"%s\"\n", argv[msgindex]); #ifdef K5BETA_COMPAT - if (kret = VERIFY_FUNCTION(&oldstyle_checksum, - argv[msgindex], - strlen(argv[msgindex]), - (krb5_pointer) keyblock.contents, - keyblock.length)) { + if ((kret = VERIFY_FUNCTION(&oldstyle_checksum, + argv[msgindex], + strlen(argv[msgindex]), + (krb5_pointer) keyblock.contents, + keyblock.length))) { printf("verify on old checksum choked with %d\n", kret); break; } -- 2.26.2