From 4f96c32544b633e11c09dae1ecf85ea7097d3ac2 Mon Sep 17 00:00:00 2001
From: Richard Basch <probe@mit.edu>
Date: Fri, 29 Mar 1996 01:28:53 +0000
Subject: [PATCH] Added support for CKSUMTYPE_RSA_MD5_DES3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7734 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/crypto/md5/ChangeLog   |  4 +++
 src/lib/crypto/md5/md5crypto.c | 57 ++++++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+)

diff --git a/src/lib/crypto/md5/ChangeLog b/src/lib/crypto/md5/ChangeLog
index 5577fe94c..e7f991a38 100644
--- a/src/lib/crypto/md5/ChangeLog
+++ b/src/lib/crypto/md5/ChangeLog
@@ -1,3 +1,7 @@
+Thu Mar 28 09:50:58 1996  Richard Basch  <basch@lehman.com>
+
+	* md5crypto.c: Added support for CKSUMTYPE_RSA_MD5_DES3
+
 Sat Jan 27 00:56:38 1996  Mark Eichin  <eichin@cygnus.com>
 
 	* t_cksum.c (main): use proper old-style definition.
diff --git a/src/lib/crypto/md5/md5crypto.c b/src/lib/crypto/md5/md5crypto.c
index 4689bfcf1..d993c22b5 100644
--- a/src/lib/crypto/md5/md5crypto.c
+++ b/src/lib/crypto/md5/md5crypto.c
@@ -283,6 +283,63 @@ size_t seed_length;
 	else 
 	    retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
     }
+    else if (cksum->checksum_type == CKSUMTYPE_RSA_MD5_DES3) {
+	if (cksum->length == (RSA_MD5_DES_CKSUM_LENGTH +
+			      RSA_MD5_DES_CONFOUND_LENGTH)) {
+	    /*
+	     * If we're verifying the correct implementation, then we have
+	     * to do a little more work because we must decrypt the checksum
+	     * because it contains the confounder in it.  So, figure out
+	     * what our key variant is and then do it!
+	     */
+
+	    /* Set up the variant of the key (see RFC 1510 section 6.4.5) */
+	    memset((char *) tmpkey, 0, sizeof(mit_des_cblock));
+	    for (i=0; (i<seed_length) && (i<sizeof(mit_des_cblock)); i++)
+		tmpkey[i] = (((krb5_octet *) seed)[i]) ^ 0xf0;
+
+	    keyblock.length = sizeof(mit_des3_cblock);
+	    keyblock.contents = (krb5_octet *) tmpkey;
+	    keyblock.enctype = ENCTYPE_DES3_CBC_MD5;
+
+	    if ((retval = mit_des3_process_key(&eblock, &keyblock)))
+		return retval;
+	    /* now decrypt it */
+	    retval = mit_des3_cbc_encrypt((mit_des_cblock *)cksum->contents,
+					  (mit_des_cblock *)&outtmp[0],
+					  RSA_MD5_DES_CKSUM_LENGTH +
+					  RSA_MD5_DES_CONFOUND_LENGTH,
+					  (struct mit_des_ks_struct *)
+					 	eblock.priv,
+					  ((struct mit_des_ks_struct *)
+					 	eblock.priv) + 1,
+					  ((struct mit_des_ks_struct *)
+					 	eblock.priv) + 2,
+					  keyblock.contents,
+					  MIT_DES_DECRYPT);
+	    if (retval) {
+		(void) mit_des_finish_key(&eblock);
+		return retval;
+	    }
+	    if (retval = mit_des_finish_key(&eblock))
+		return(retval);
+
+	    /* Now that we have the decrypted checksum, try to regenerate it */
+	    md5_calculate_cksum(&working,
+				(krb5_pointer) outtmp,
+				(size_t) RSA_MD5_DES_CONFOUND_LENGTH,
+				in,
+				in_length);
+
+	    /* Compare the checksums */
+	    if (memcmp((char *) &outtmp[RSA_MD5_DES_CONFOUND_LENGTH],
+		       (char *) &working.digest[0],
+		       RSA_MD5_DES_CKSUM_LENGTH))
+		retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+	}
+	else 
+	    retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+    }
     else
 	retval = KRB5KRB_AP_ERR_INAPP_CKSUM;
 
-- 
2.26.2