From dc187d2b2c1ec061a3345b0f1cc0323cbf24767c Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 14 Apr 2009 21:07:42 +0000 Subject: [PATCH] pull up r22094, r22095 from trunk ------------------------------------------------------------------------ r22095 | hartmans | 2009-03-16 12:50:23 -0400 (Mon, 16 Mar 2009) | 7 lines Changed paths: M /trunk/src/lib/crypto/Makefile.in A /trunk/src/lib/crypto/t_cf2.c A /trunk/src/lib/crypto/t_cf2.comments A /trunk/src/lib/crypto/t_cf2.expected A /trunk/src/lib/crypto/t_cf2.in A /trunk/src/lib/crypto/t_prf.comments A /trunk/src/lib/crypto/t_prf.expected A /trunk/src/lib/crypto/t_prf.in ticket: 6421 Implement test cases for CF2 Implement a simple program to call KRB-FX-CF2 and print the resulting keys. Add to regression tests. Also, use the PRF testing application to confirm that CF2 generates consistent keys if called by hand. ------------------------------------------------------------------------ r22094 | hartmans | 2009-03-16 12:50:09 -0400 (Mon, 16 Mar 2009) | 6 lines Changed paths: M /trunk/src/include/krb5/krb5.hin M /trunk/src/lib/crypto/Makefile.in A /trunk/src/lib/crypto/cf2.c M /trunk/src/lib/crypto/etypes.h M /trunk/src/lib/crypto/libk5crypto.exports ticket: 6421 Subject: Implement KRB-FX_CF2 Draft-ietf-krb-wg-preauth-framework defines a function KRB-FX-CF2 that combines two keys of arbitrary enctype. Implement this function as an exported API. ticket: 6421 version_fixed: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22228 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/krb5/krb5.hin | 15 +++ src/lib/crypto/Makefile.in | 17 +++- src/lib/crypto/cf2.c | 154 +++++++++++++++++++++++++++++ src/lib/crypto/etypes.h | 14 +++ src/lib/crypto/libk5crypto.exports | 1 + src/lib/crypto/t_cf2.c | 88 +++++++++++++++++ src/lib/crypto/t_cf2.comments | 3 + src/lib/crypto/t_cf2.expected | 2 + src/lib/crypto/t_cf2.in | 10 ++ src/lib/crypto/t_prf.comments | 8 ++ src/lib/crypto/t_prf.expected | 6 ++ src/lib/crypto/t_prf.in | 18 ++++ 12 files changed, 334 insertions(+), 2 deletions(-) create mode 100644 src/lib/crypto/cf2.c create mode 100644 src/lib/crypto/t_cf2.c create mode 100644 src/lib/crypto/t_cf2.comments create mode 100644 src/lib/crypto/t_cf2.expected create mode 100644 src/lib/crypto/t_cf2.in create mode 100644 src/lib/crypto/t_prf.comments create mode 100644 src/lib/crypto/t_prf.expected create mode 100644 src/lib/crypto/t_prf.in diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 7d738a670..69fb038ce 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -497,6 +497,21 @@ krb5_error_code KRB5_CALLCONV krb5_error_code KRB5_CALLCONV krb5_c_prf_length (krb5_context, krb5_enctype, size_t *outlen); +krb5_error_code KRB5_CALLCONV +krb5_c_fx_cf2_simple(krb5_context context, + krb5_keyblock *k1, const char *pepper1, + krb5_keyblock *k2, const char *pepper2, + krb5_keyblock **out); + /* Returns KRB-FX-CF2 in a newly allocated + * keyblock on success or an error code on error. + * This function is simple in that it assumes + * pepper1 and pepper2 are C strings with no + * internal nulls and that the enctype of the + * result will be the same as that of k1. Both + * of these assumptions are true of current + * specs. + */ + krb5_error_code KRB5_CALLCONV krb5_c_make_random_key diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in index a822e932c..85e32e483 100644 --- a/src/lib/crypto/Makefile.in +++ b/src/lib/crypto/Makefile.in @@ -16,6 +16,7 @@ DEFS= EXTRADEPSRCS=\ $(srcdir)/t_nfold.c \ + $(srcdir)/t_cf2.c \ $(srcdir)/t_encrypt.c \ $(srcdir)/t_prf.c \ $(srcdir)/t_prng.c \ @@ -36,6 +37,7 @@ PROG_RPATH=$(KRB5_LIBDIR) STLIBOBJS=\ aead.o \ block_size.o \ + cf2.o \ checksum_length.o \ cksumtype_to_string.o \ cksumtypes.o \ @@ -79,6 +81,7 @@ STLIBOBJS=\ OBJS=\ $(OUTPRE)aead.$(OBJEXT) \ $(OUTPRE)block_size.$(OBJEXT) \ + $(OUTPRE)cf2$(OBJEXT) \ $(OUTPRE)checksum_length.$(OBJEXT) \ $(OUTPRE)cksumtype_to_string.$(OBJEXT) \ $(OUTPRE)cksumtypes.$(OBJEXT) \ @@ -151,6 +154,7 @@ SRCS=\ $(srcdir)/old_api_glue.c \ $(srcdir)/pbkdf2.c \ $(srcdir)/prf.c \ + $(srcdir)/cf2.c \ $(srcdir)/prng.c \ $(srcdir)/random_to_key.c \ $(srcdir)/state.c \ @@ -202,12 +206,17 @@ libcrypto.lib: clean-unix:: clean-liblinks clean-libs clean-libobjs -check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 +check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_cf2 $(RUN_SETUP) $(VALGRIND) ./t_nfold $(RUN_SETUP) $(VALGRIND) ./t_encrypt $(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \ diff t_prng.output $(srcdir)/t_prng.expected $(RUN_SETUP) $(VALGRIND) ./t_hmac + $(RUN_SETUP) $(VALGRIND) ./t_prf <$(srcdir)/t_prf.in >t_prf.output + diff t_prf.output $(srcdir)/t_prf.expected + $(RUN_SETUP) $(VALGRIND) ./t_cf2 <$(srcdir)/t_cf2.in >t_cf2.output + diff t_cf2.output $(srcdir)/t_cf2.expected + # $(RUN_SETUP) $(VALGRIND) ./t_pkcs5 @@ -220,6 +229,10 @@ t_encrypt$(EXEEXT): t_encrypt.$(OBJEXT) nfold.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPO t_prf$(EXEEXT): t_prf.$(OBJEXT) $(SUPPORT_DEPLIB) $(CC_LINK) -o $@ t_prf.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB) +t_cf2$(EXEEXT): t_cf2.$(OBJEXT) $(SUPPORT_DEPLIB) + $(CC_LINK) -o $@ t_cf2.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB) + + t_prng$(EXEEXT): t_prng.$(OBJEXT) $(SUPPORT_DEPLIB) $(CC_LINK) -o $@ t_prng.$(OBJEXT) -lk5crypto -lcom_err $(SUPPORT_LIB) @@ -239,7 +252,7 @@ t_cts$(EXEEXT): t_cts.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB) clean:: $(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o t_prng.o t_prng \ - t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o + t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o t_cf2 t_cf2.o -$(RM) t_prng.output all-windows:: diff --git a/src/lib/crypto/cf2.c b/src/lib/crypto/cf2.c new file mode 100644 index 000000000..4e25641e8 --- /dev/null +++ b/src/lib/crypto/cf2.c @@ -0,0 +1,154 @@ +/* + * lib/crypto/cf2.c + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * + * Implement KRB_FX_CF2 function per + *draft-ietf-krb-wg-preauth-framework-09. Take two keys and two + *pepper strings as input and return a combined key. + */ + +#include +#include +#include "etypes.h" + + +/* + * Call the PRF function multiple times with the pepper prefixed with + * a count byte to get enough bits of output. + */ +static krb5_error_code +prf_plus( krb5_context context, krb5_keyblock *k,const char *pepper, + size_t keybytes, char **out) +{ + krb5_error_code retval = 0; + size_t prflen, iterations; + krb5_data out_data; + krb5_data in_data; + char *buffer = NULL; + struct k5buf prf_inbuf; + krb5int_buf_init_dynamic(&prf_inbuf); + krb5int_buf_add_len( &prf_inbuf, "\001", 1); + krb5int_buf_add( &prf_inbuf, pepper); + retval = krb5_c_prf_length( context, k->enctype, &prflen); + if (retval != 0) + goto cleanup; + iterations = keybytes/prflen; + if ((keybytes%prflen) != 0) + iterations++; + assert(iterations <= 254); + buffer = malloc(iterations*prflen); + if (buffer == NULL) { + retval = ENOMEM; + goto cleanup; + } + if (krb5int_buf_len( &prf_inbuf) == -1) { + retval = ENOMEM; + goto cleanup; + } + in_data.length = (krb5_int32) krb5int_buf_len( &prf_inbuf); + in_data.data = krb5int_buf_data( &prf_inbuf); + out_data.length = prflen; + out_data.data = buffer; + + while (iterations > 0) { + retval = krb5_c_prf( context, k, &in_data, &out_data); + if (retval != 0) + goto cleanup; + out_data.data += prflen; + in_data.data[0]++; + iterations--; + } + cleanup: + if (retval == 0 ) + *out = buffer; + else{ + if (buffer != NULL) + free(buffer); + } + krb5int_free_buf( &prf_inbuf); + return retval; +} + + +krb5_error_code KRB5_CALLCONV +krb5_c_fx_cf2_simple(krb5_context context, + krb5_keyblock *k1, const char *pepper1, + krb5_keyblock *k2, const char *pepper2, + krb5_keyblock **out) +{ + const struct krb5_keytypes *out_enctype; + size_t keybytes, keylength, i; + char *prf1 = NULL, *prf2 = NULL; + krb5_data keydata; + krb5_enctype out_enctype_num; + krb5_error_code retval = 0; + krb5_keyblock *out_key = NULL; + + + if (k1 == NULL ||!krb5_c_valid_enctype(k1->enctype)) + return KRB5_BAD_ENCTYPE; + if (k2 == NULL || !krb5_c_valid_enctype(k2->enctype)) + return KRB5_BAD_ENCTYPE; + out_enctype_num = k1->enctype; + assert(out != NULL); + assert ((out_enctype = find_enctype(out_enctype_num)) != NULL); + if (out_enctype->prf == NULL) { + if (context) + krb5int_set_error(&(context->err) , KRB5_CRYPTO_INTERNAL, + "Enctype %d has no PRF", out_enctype_num); + return KRB5_CRYPTO_INTERNAL; + } + keybytes = out_enctype->enc->keybytes; + keylength = out_enctype->enc->keylength; + + retval = prf_plus( context, k1, pepper1, keybytes, &prf1); + if (retval != 0) + goto cleanup; + retval = prf_plus( context, k2, pepper2, keybytes, &prf2); + if (retval != 0) + goto cleanup; + for (i = 0; i < keybytes; i++) + prf1[i] ^= prf2[i]; + zap(prf2, keybytes); + retval = krb5int_c_init_keyblock( context, out_enctype_num, keylength, &out_key); + if (retval != 0) + goto cleanup; + keydata.data = prf1; + keydata.length = keybytes; + retval = out_enctype->enc->make_key( &keydata, out_key); + + cleanup: + if (retval == 0) + *out = out_key; + else krb5int_c_free_keyblock( context, out_key); + if (prf1 != NULL) { + zap(prf1, keybytes); + free(prf1); + } + if (prf2 != NULL) + free(prf2); + return retval; +} diff --git a/src/lib/crypto/etypes.h b/src/lib/crypto/etypes.h index 17b448cee..8441fcabc 100644 --- a/src/lib/crypto/etypes.h +++ b/src/lib/crypto/etypes.h @@ -67,3 +67,17 @@ struct krb5_keytypes { extern const struct krb5_keytypes krb5_enctypes_list[]; extern const int krb5_enctypes_length; + +static inline const struct krb5_keytypes* +find_enctype (krb5_enctype enctype) +{ + int i; + for (i=0; i + +#include +#include +#include + +int main () { + char pepper1[1024], pepper2[1024]; + krb5_keyblock *k1 = NULL, *k2 = NULL, *out = NULL; + krb5_data s2k; + unsigned int i; + while (1) { + krb5_enctype enctype; + char s[1025]; + + if (scanf( "%d", &enctype) == EOF) + break; + if (scanf("%1024s", &s[0]) == EOF) + break; + assert (krb5_init_keyblock(0, enctype, 0, &k1) == 0); + s2k.data = &s[0]; + s2k.length = strlen(s); + assert(krb5_c_string_to_key (0, enctype, &s2k, &s2k, k1) == 0); + if (scanf("%1024s", &s[0]) == EOF) + break; + assert (krb5_init_keyblock(0, enctype, 0, &k2) == 0); + s2k.data = &s[0]; + s2k.length = strlen(s); + assert(krb5_c_string_to_key (0, enctype, &s2k, &s2k, k2) == 0); + if (scanf("%1024s %1024s", pepper1, pepper2) == EOF) + break; + assert(krb5_c_fx_cf2_simple(0, k1, pepper1, + k2, pepper2, &out) ==0); + i = out->length; + for (; i > 0; i--) { + printf ("%02x", + (unsigned int) ((unsigned char) out->contents[out->length-i])); + } + printf ("\n"); + + krb5_free_keyblock(0,out); + out = NULL; + + krb5_free_keyblock(0, k1); + k1 = NULL; + krb5_free_keyblock(0, k2); + k2 = NULL; + } + + return (0); +} diff --git a/src/lib/crypto/t_cf2.comments b/src/lib/crypto/t_cf2.comments new file mode 100644 index 000000000..4f01e7964 --- /dev/null +++ b/src/lib/crypto/t_cf2.comments @@ -0,0 +1,3 @@ +The first test mirrors the first two tests in t_prf.in. + +The second test mirrors the following four tests in t_prf.in. diff --git a/src/lib/crypto/t_cf2.expected b/src/lib/crypto/t_cf2.expected new file mode 100644 index 000000000..104c6c4a0 --- /dev/null +++ b/src/lib/crypto/t_cf2.expected @@ -0,0 +1,2 @@ +97df97e4b798b29eb31ed7280287a92a +4d6ca4e629785c1f01baf55e2e548566b9617ae3a96868c337cb93b5e72b1c7b diff --git a/src/lib/crypto/t_cf2.in b/src/lib/crypto/t_cf2.in new file mode 100644 index 000000000..d06fd5621 --- /dev/null +++ b/src/lib/crypto/t_cf2.in @@ -0,0 +1,10 @@ +17 +key1 +key2 +a +b +18 +key1 +key2 +a +b diff --git a/src/lib/crypto/t_prf.comments b/src/lib/crypto/t_prf.comments new file mode 100644 index 000000000..124584259 --- /dev/null +++ b/src/lib/crypto/t_prf.comments @@ -0,0 +1,8 @@ +The first two tests are effectively a call to krb-fx-cf2 for +aes-128-cts. This mirrorrs the first test in t_cf2.in. + + +The next four tests mirror a call to KRB-FX-CF2 for aes256-cts; this +mirrors the second test in t_cf2.in. + + diff --git a/src/lib/crypto/t_prf.expected b/src/lib/crypto/t_prf.expected new file mode 100644 index 000000000..eadfd9747 --- /dev/null +++ b/src/lib/crypto/t_prf.expected @@ -0,0 +1,6 @@ +77b39a37a868920f2a51f9dd150c5717 +e06c0dd31ff02091994f2ef5178bfe3d +b2628c788e2e9c4a9bb4644678c29f2f +b406373350cee8a6126f4a9b65a0cd21 +ff0e289ea756c0559a0e911856961a49 +0d674dd0f9a6806525a4d92e828bd15a diff --git a/src/lib/crypto/t_prf.in b/src/lib/crypto/t_prf.in new file mode 100644 index 000000000..f45c41618 --- /dev/null +++ b/src/lib/crypto/t_prf.in @@ -0,0 +1,18 @@ +17 +key1 +2 0161 +17 +key2 +2 0162 +18 +key1 +2 0161 +18 +key1 +2 0261 +18 +key2 +2 0162 +18 +key2 +2 0262 -- 2.26.2