From b83c83ee63fe130a944e2f9c786d21fa97d402be Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Thu, 13 Jan 1994 22:56:08 +0000 Subject: [PATCH] Fixed crypto_system table entries; added raw DES cryptosystem git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3316 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/cryptoconf.c | 50 ++++++++++++++++++----------------- src/lib/crypto/des/cs_entry.c | 26 ++++++++++++++++-- src/lib/crypto/des/des_int.h | 20 +++++++++----- src/lib/crypto/des/krb_glue.c | 43 +++++++++++++++++++++++++++++- 4 files changed, 106 insertions(+), 33 deletions(-) diff --git a/src/lib/crypto/cryptoconf.c b/src/lib/crypto/cryptoconf.c index 6ac6c320e..5b06c4125 100644 --- a/src/lib/crypto/cryptoconf.c +++ b/src/lib/crypto/cryptoconf.c @@ -34,7 +34,7 @@ static char rcsid_cryptoconf_c[] = #include #include -#if defined(PROVIDE_DES_CBC_CRC) || defined(PROVIDE_LUCIFER_CRC) || defined(PROVIDE_CRC32) +#if defined(PROVIDE_DES_CBC_CRC) || defined(PROVIDE_CRC32) #include #define CRC32_CKENTRY &crc32_cksumtable_entry #else @@ -68,7 +68,7 @@ static char rcsid_cryptoconf_c[] = #ifdef PROVIDE_DES_CBC_CKSUM #include #define _DES_DONE__ -#define DES_CBC_CKENTRY &mit_des_cbc_cksumtable_entry +#define DES_CBC_CKENTRY &krb5_des_cbc_cksumtable_entry #else #define DES_CBC_CKENTRY 0 #endif @@ -78,52 +78,54 @@ static char rcsid_cryptoconf_c[] = #include #define _DES_DONE__ #endif -static krb5_cs_table_entry mit_des_cbc_crc_csentry = { - &mit_des_cryptosystem_entry, 0 }; -#define DES_CBC_CRC_CSENTRY &mit_des_cbc_crc_csentry +#define DES_CBC_CRC_CSENTRY &krb5_des_cst_entry #else #define DES_CBC_CRC_CSENTRY 0 #endif -#ifdef PROVIDE_LUCIFER_CRC -static krb5_cs_table_entry lucifer_crc_csentry = { - &lucifer_cryptosystem_entry, 0 }; -#define LUCIFER_CRC_CSENTRY &lucifer_crc_csentry +#ifdef PROVIDE_RAW_DES_CBC +#ifndef _DES_DONE__ +#include +#define _DES_DONE__ +#endif +#define RAW_DES_CBC_CSENTRY &krb5_des_cst_entry #else -#define LUCIFER_CRC_CSENTRY 0 +#define RAW_DES_CBC_CSENTRY 0 #endif + /* WARNING: make sure the order of entries in these tables matches the #defines in */ krb5_cs_table_entry *krb5_csarray[] = { - 0, - DES_CBC_CRC_CSENTRY, - LUCIFER_CRC_CSENTRY, + 0, /* ETYPE_NULL */ + DES_CBC_CRC_CSENTRY, /* ETYPE_DES_CBC_CRC */ + 0, /* ETYPE_DES_CBC_MD4 */ + 0, /* ETYPE_DES_CBC_MD5 */ + RAW_DES_CBC_CSENTRY, /* ETYPE_RAW_DES_CBC */ }; int krb5_max_cryptosystem = sizeof(krb5_csarray)/sizeof(krb5_csarray[0]) - 1; krb5_cs_table_entry *krb5_keytype_array[] = { - 0, - DES_CBC_CRC_CSENTRY, - LUCIFER_CRC_CSENTRY, + 0, /* KEYTYPE_NULL */ + DES_CBC_CRC_CSENTRY /* KEYTYPE_DES */ }; int krb5_max_keytype = sizeof(krb5_keytype_array)/sizeof(krb5_keytype_array[0]) - 1; krb5_checksum_entry *krb5_cksumarray[] = { 0, - CRC32_CKENTRY, - MD4_CKENTRY, - MD4_DES_CKENTRY, - DES_CBC_CKENTRY, - 0, - 0, - MD5_CKENTRY, - MD5_DES_CKENTRY + CRC32_CKENTRY, /* CKSUMTYPE_CRC32 */ + MD4_CKENTRY, /* CKSUMTYPE_RSA_MD4 */ + MD4_DES_CKENTRY, /* CKSUMTYPE_RSA_MD4_DES */ + DES_CBC_CKENTRY, /* CKSUMTYPE_DESCBC */ + 0, /* des-mac */ + 0, /* des-mac-k */ + MD5_CKENTRY, /* CKSUMTYPE_RSA_MD5 */ + MD5_DES_CKENTRY /* CKSUMTYPE_RSA_MD5_DES */ }; int krb5_max_cksum = sizeof(krb5_cksumarray)/sizeof(krb5_cksumarray[0]); diff --git a/src/lib/crypto/des/cs_entry.c b/src/lib/crypto/des/cs_entry.c index 5f96f176a..b2dc6e1f8 100644 --- a/src/lib/crypto/des/cs_entry.c +++ b/src/lib/crypto/des/cs_entry.c @@ -36,7 +36,23 @@ static char rcsid_cs_entry_c[] = #include "des_int.h" -krb5_cryptosystem_entry mit_des_cryptosystem_entry = { +static krb5_cryptosystem_entry mit_raw_des_cryptosystem_entry = { + mit_raw_des_encrypt_func, + mit_raw_des_decrypt_func, + mit_des_process_key, + mit_des_finish_key, + mit_des_string_to_key, + mit_des_init_random_key, + mit_des_finish_random_key, + mit_des_random_key, + sizeof(mit_des_cblock), + 0, + sizeof(mit_des_cblock), + ETYPE_DES_CBC_CRC, + KEYTYPE_DES + }; + +static krb5_cryptosystem_entry mit_des_cryptosystem_entry = { mit_des_encrypt_func, mit_des_decrypt_func, mit_des_process_key, @@ -52,10 +68,16 @@ krb5_cryptosystem_entry mit_des_cryptosystem_entry = { KEYTYPE_DES }; +krb5_cs_table_entry krb5_raw_des_cst_entry = { + &mit_raw_des_cryptosystem_entry, + 0 + }; + krb5_cs_table_entry krb5_des_cst_entry = { &mit_des_cryptosystem_entry, 0 }; + extern krb5_error_code mit_des_cbc_checksum PROTOTYPE ((krb5_pointer , size_t , krb5_pointer , @@ -63,7 +85,7 @@ extern krb5_error_code mit_des_cbc_checksum PROTOTYPE ((krb5_pointer , krb5_checksum * )); -krb5_checksum_entry mit_des_cbc_cksumtable_entry = { +krb5_checksum_entry krb5_des_cbc_cksumtable_entry = { mit_des_cbc_checksum, sizeof(mit_des_cblock), 1, /* is collision proof */ diff --git a/src/lib/crypto/des/des_int.h b/src/lib/crypto/des/des_int.h index 02beed14e..5ad058633 100644 --- a/src/lib/crypto/des/des_int.h +++ b/src/lib/crypto/des/des_int.h @@ -122,12 +122,6 @@ extern int mit_des_ecb_encrypt PROTOTYPE((unsigned long *, unsigned long *, mit_des_key_schedule , int )); /* enc_dec.c */ -extern krb5_error_code mit_des_encrypt_func - PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, - krb5_encrypt_block *, krb5_pointer )); -extern krb5_error_code mit_des_decrypt_func - PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, - krb5_encrypt_block *, krb5_pointer )); extern krb5_error_code mit_des_cbc_encrypt PROTOTYPE((krb5_octet *, krb5_octet *, long, mit_des_key_schedule, krb5_octet *, int)); @@ -152,6 +146,20 @@ extern int mit_des_check_key_parity PROTOTYPE((mit_des_cblock )); extern int mit_des_key_sched PROTOTYPE((mit_des_cblock , mit_des_key_schedule )); +/* krb_glue.c */ +extern krb5_error_code mit_raw_des_encrypt_func + PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, + krb5_encrypt_block *, krb5_pointer )); +extern krb5_error_code mit_des_encrypt_func + PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, + krb5_encrypt_block *, krb5_pointer )); +extern krb5_error_code mit_raw_des_decrypt_func + PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, + krb5_encrypt_block *, krb5_pointer )); +extern krb5_error_code mit_des_decrypt_func + PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, + krb5_encrypt_block *, krb5_pointer )); + /* new_rnd_key.c */ extern int mit_des_new_random_key PROTOTYPE((mit_des_cblock , mit_des_random_key_seed *)); diff --git a/src/lib/crypto/des/krb_glue.c b/src/lib/crypto/des/krb_glue.c index 670d302b9..542bab63f 100644 --- a/src/lib/crypto/des/krb_glue.c +++ b/src/lib/crypto/des/krb_glue.c @@ -140,6 +140,33 @@ OLDDECLARG(krb5_pointer, ivec) MIT_DES_DECRYPT)); } +krb5_error_code mit_raw_des_encrypt_func(DECLARG(krb5_const_pointer, in), + DECLARG(krb5_pointer, out), + DECLARG(const size_t, size), + DECLARG(krb5_encrypt_block *, key), + DECLARG(krb5_pointer, ivec)) +OLDDECLARG(krb5_const_pointer, in) +OLDDECLARG(krb5_pointer, out) +OLDDECLARG(const size_t, size) +OLDDECLARG(krb5_encrypt_block *, key) +OLDDECLARG(krb5_pointer, ivec) +{ + int sumsize; + + /* round up to des block size */ + + sumsize = krb5_roundup(size, sizeof(mit_des_cblock)); + + /* assemble crypto input into the output area, then encrypt in place. */ + + memset((char *)out, 0, sumsize); + memcpy((char *)out, (char *)in, size); + + /* We depend here on the ability of this DES implementation to + encrypt plaintext to ciphertext in-place. */ + return (mit_des_encrypt_f(out, out, sumsize, key, ivec)); +} + krb5_error_code mit_des_encrypt_func(DECLARG(krb5_const_pointer, in), DECLARG(krb5_pointer, out), DECLARG(const size_t, size), @@ -202,6 +229,20 @@ OLDDECLARG(krb5_pointer, ivec) return (mit_des_encrypt_f(out, out, sumsize, key, ivec)); } +krb5_error_code mit_raw_des_decrypt_func(DECLARG(krb5_const_pointer, in), + DECLARG(krb5_pointer, out), + DECLARG(const size_t, size), + DECLARG(krb5_encrypt_block *, key), + DECLARG(krb5_pointer, ivec)) +OLDDECLARG(krb5_const_pointer, in) +OLDDECLARG(krb5_pointer, out) +OLDDECLARG(const size_t, size) +OLDDECLARG(krb5_encrypt_block *, key) +OLDDECLARG(krb5_pointer, ivec) +{ + return(mit_des_decrypt_f(in, out, size, key, ivec)); +} + krb5_error_code mit_des_decrypt_func(DECLARG(krb5_const_pointer, in), DECLARG(krb5_pointer, out), DECLARG(const size_t, size), @@ -238,7 +279,7 @@ OLDDECLARG(krb5_pointer, ivec) if (memcmp((char *)contents_get, (char *)contents_prd, CRC32_CKSUM_LENGTH) ) return KRB5KRB_AP_ERR_BAD_INTEGRITY; - memcpy((char *)out, (char *)out + + memmove((char *)out, (char *)out + sizeof(mit_des_cblock) + CRC32_CKSUM_LENGTH, size - sizeof(mit_des_cblock) - CRC32_CKSUM_LENGTH); return 0; -- 2.26.2