From 1e0f12d0fcd5f1a865c9d0502f0e3f8ef58ed5f0 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 5 Jan 1999 05:14:54 +0000 Subject: [PATCH] * make_checksum.c (krb5_c_make_checksum): Note the fact that we're punting on dealing with backwards compat with length-included checksums. * etypes.c: Add ENCTYPE_LOCAL_DES3_HMAC_SHA1 as a temporary kludge. Note that this is added to the end of the array so other code can lop off the last member of the array and the right thing will happen so that it is possible to disable des3-marc-hmac-sha1 from the KDC command line, for instance. * configure.in: Conditionalize ATHENA_DES3_KLUDGE on --enable-athena. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11099 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/ChangeLog | 15 +++++++++++++++ src/lib/crypto/configure.in | 6 ++++++ src/lib/crypto/etypes.c | 8 ++++++++ src/lib/crypto/make_checksum.c | 10 +++++++++- 4 files changed, 38 insertions(+), 1 deletion(-) diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index 3326e6d24..ccce05aec 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,18 @@ +Tue Jan 5 00:06:02 1999 Tom Yu + + * make_checksum.c (krb5_c_make_checksum): Note the fact that we're + punting on dealing with backwards compat with length-included + checksums. + + * etypes.c: Add ENCTYPE_LOCAL_DES3_HMAC_SHA1 as a temporary + kludge. Note that this is added to the end of the array so other + code can lop off the last member of the array and the right thing + will happen so that it is possible to disable des3-marc-hmac-sha1 + from the KDC command line, for instance. + + * configure.in: Conditionalize ATHENA_DES3_KLUDGE on + --enable-athena. + 1998-11-13 Theodore Ts'o * Makefile.in: Set the myfulldir and mydir variables (which are diff --git a/src/lib/crypto/configure.in b/src/lib/crypto/configure.in index 2fb1faffb..0dfa334f3 100644 --- a/src/lib/crypto/configure.in +++ b/src/lib/crypto/configure.in @@ -10,6 +10,12 @@ KRB5_BUILD_PROGRAM KRB5_BUILD_LIBOBJS KRB5_BUILD_LIBRARY +dnl XXX This will go away soon. -- tlyu +AC_ARG_ENABLE([athena], +[ --enable-athena build with MIT Project Athena configuration + -- here meaning use temporary DES3 etype that + includes 32-bit length codings], +[AC_DEFINE(ATHENA_DES3_KLUDGE)],) K5_GEN_MAKEFILE(., lib libobj) K5_GEN_MAKEFILE(crc32, libobj) K5_GEN_MAKEFILE(des, libobj) diff --git a/src/lib/crypto/etypes.c b/src/lib/crypto/etypes.c index cebb5bda5..4d16aa96a 100644 --- a/src/lib/crypto/etypes.c +++ b/src/lib/crypto/etypes.c @@ -76,6 +76,14 @@ struct krb5_keytypes krb5_enctypes_list[] = { &krb5_enc_des, &krb5_hash_sha1, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, krb5_dk_string_to_key }, +#ifdef ATHENA_DES3_KLUDGE + { ENCTYPE_LOCAL_DES3_HMAC_SHA1, + "des3-marc-hmac-sha1", + "Triple DES with HMAC/sha1 and 32-bit length code", + &krb5_enc_des3, &krb5_hash_sha1, + krb5_marc_dk_encrypt_length, krb5_marc_dk_encrypt, krb5_marc_dk_decrypt, + krb5_dk_string_to_key }, +#endif }; int krb5_enctypes_length = diff --git a/src/lib/crypto/make_checksum.c b/src/lib/crypto/make_checksum.c index 2be79ccb4..2c3947536 100644 --- a/src/lib/crypto/make_checksum.c +++ b/src/lib/crypto/make_checksum.c @@ -87,7 +87,15 @@ krb5_c_make_checksum(context, cksumtype, key, usage, input, cksum) ret = (*(krb5_cksumtypes_list[i].keyhash->hash))(key, 0, input, &data); } else if (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE) { /* any key is ok */ - +#ifdef ATHENA_DES3_KLUDGE + /* + * XXX Punt on actually using krb5_marc_dk_make_checksum + * for now because we never actually use a DES3 session key + * anywhere on Athena, and this is temporary anyway. + * In any case, it's way too hairy to actually make this work + * properly. + */ +#endif ret = krb5_dk_make_checksum(krb5_cksumtypes_list[i].hash, key, usage, input, &data); } else { -- 2.26.2