From 8e842831d784099389dbae324693d7150995acb3 Mon Sep 17 00:00:00 2001 From: Richard Basch Date: Tue, 12 Dec 1995 02:29:45 +0000 Subject: [PATCH] * d3_str2ky.c: Revised 3-DES String-To-Key algorithm to encrypt the folded result twice in the folded key. [Courtesy Uri Blumenthal] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7194 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/des/d3_str2ky.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/lib/crypto/des/d3_str2ky.c b/src/lib/crypto/des/d3_str2ky.c index 6e01b5c6d..67c0bf1ce 100644 --- a/src/lib/crypto/des/d3_str2ky.c +++ b/src/lib/crypto/des/d3_str2ky.c @@ -28,7 +28,7 @@ * * 168-fold the input string (appended with any salt), and treat the resulting * 168 bits as three DES keys sans parity. Process each set of 56 bits into - * a usable DES key with odd parity, and then encrypt the set of three usable + * a usable DES key with odd parity, and twice encrypt the set of three usable * DES keys using Triple-DES CBC mode. The result is then treated as three * DES keys, and should be corrected for parity. Any DES key that is weak or * semi-weak is to be corrected by eXclusive-ORing with 00000000000000F0. @@ -114,6 +114,13 @@ const krb5_data FAR * salt; ((mit_des_key_schedule *)ks)[1], ((mit_des_key_schedule *)ks)[2], zero_ivec, TRUE); + (void) mit_des3_cbc_encrypt((mit_des_cblock *)key, + (mit_des_cblock *)key, + keyblock->length, + ((mit_des_key_schedule *)ks)[0], + ((mit_des_key_schedule *)ks)[1], + ((mit_des_key_schedule *)ks)[2], + zero_ivec, TRUE); /* erase key_sked */ memset((char *)ks, 0, sizeof(ks)); -- 2.26.2