From e43b29f2750df68d24c234528210537453698be9 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Fri, 23 Feb 1996 02:37:33 +0000 Subject: [PATCH] t_random.c: New file which just tests the random number generator new_rn_key.c (mit_des_set_random_generator_seed): Add fix so that we do something even if the input key is not a valid DES key. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7503 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/des/ChangeLog | 8 +++ src/lib/crypto/des/Makefile.in | 6 +- src/lib/crypto/des/new_rn_key.c | 15 +++- src/lib/crypto/des/t_random.c | 118 ++++++++++++++++++++++++++++++++ 4 files changed, 145 insertions(+), 2 deletions(-) create mode 100644 src/lib/crypto/des/t_random.c diff --git a/src/lib/crypto/des/ChangeLog b/src/lib/crypto/des/ChangeLog index ddc48365e..f07b4c082 100644 --- a/src/lib/crypto/des/ChangeLog +++ b/src/lib/crypto/des/ChangeLog @@ -1,3 +1,11 @@ +Thu Feb 22 20:32:08 1996 Theodore Y. Ts'o + + * t_random.c: New file which just tests the random number generator. + + * new_rn_key.c (mit_des_set_random_generator_seed): Add fix so + that we do something even if the input key is not a valid + DES key. + Wed Jan 10 22:28:23 1996 Theodore Y. Ts'o * des_int.h: Fix return type for mit_des3_string_to_key(). diff --git a/src/lib/crypto/des/Makefile.in b/src/lib/crypto/des/Makefile.in index 8f8a69693..c54061c9c 100644 --- a/src/lib/crypto/des/Makefile.in +++ b/src/lib/crypto/des/Makefile.in @@ -78,6 +78,9 @@ verify$(EXEEXT): t_verify.$(OBJEXT) $(DEPKLIB) destest$(EXEEXT): destest.$(OBJEXT) $(DEPKLIB) $(CC) -o $@ destest.$(OBJEXT) $(KLIB) $(LIBS) $(CFLAGS) $(LDFLAGS) +t_random$(EXEEXT): t_random.$(OBJEXT) $(DEPKLIB) + $(LD) -o $@ t_random.$(OBJEXT) $(KLIB) $(LIBS) $(CFLAGS) $(LDFLAGS) + check-mac: check-unix check-unix:: destest verify @@ -89,7 +92,8 @@ check-unix:: destest verify check-windows:: clean:: - $(RM) destest$(EXEEXT) verify$(EXEEXT) destest.$(OBJEXT) t_verify.$(OBJEXT) + $(RM) destest$(EXEEXT) verify$(EXEEXT) destest.$(OBJEXT) \ + t_verify.$(OBJEXT) t_random.$(OBJEXT) t_random$(EXEEXT) clean-unix:: $(RM) shared/* diff --git a/src/lib/crypto/des/new_rn_key.c b/src/lib/crypto/des/new_rn_key.c index ceb93f9de..d8c72a716 100644 --- a/src/lib/crypto/des/new_rn_key.c +++ b/src/lib/crypto/des/new_rn_key.c @@ -155,6 +155,11 @@ mit_des_init_random_number_generator(key,p_seed) * * Requires: key is a valid des key. I.e., has correct parity and is not a * weak des key. + * [Note: I have changed this so that even if it is not a valid + * DES key, this function will do something rational --- that is, + * we fix up the key parity and make it a non-weak key. This + * still won't help us if the input value is guessable, but at + * least we won't get screwed if the key-parity is wrong... --- TYT] */ void mit_des_set_random_generator_seed(key, p_seed) @@ -162,9 +167,17 @@ mit_des_set_random_generator_seed(key, p_seed) mit_des_random_key_seed *p_seed; { register int i; + mit_des_cblock fixed_key; + + memcpy(fixed_key, key, sizeof(mit_des_cblock)); + mit_des_fixup_key_parity(fixed_key); + if (mit_des_is_weak_key(fixed_key)) { + fixed_key[0] ^= 0xF0; + mit_des_fixup_key_parity(fixed_key); + } /* select the new stream: (note errors are not possible here...) */ - mit_des_key_sched(key, p_seed->random_sequence_key); + mit_des_key_sched(fixed_key, p_seed->random_sequence_key); /* "seek" to the start of the stream: */ for (i=0; i<8; i++) diff --git a/src/lib/crypto/des/t_random.c b/src/lib/crypto/des/t_random.c new file mode 100644 index 000000000..106bfb2fb --- /dev/null +++ b/src/lib/crypto/des/t_random.c @@ -0,0 +1,118 @@ +/* + * lib/crypto/des/t_random.c + * + * Copyright 1996 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Test a DES implementation against known inputs & outputs + */ + +#include "k5-int.h" +#include "des_int.h" +#include +#include "com_err.h" + +extern krb5_cryptosystem_entry mit_des_cryptosystem_entry; + +char *progname; +int nflag = 2; +int vflag; +int mflag; +int zflag; +int pid; +int mit_des_debug; + +krb5_data kdata; + +unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f }; +unsigned char zerokey[8] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; + +void print_key(key) + krb5_keyblock *key; +{ + int i; + + printf("key type: %d, length = %d, contents =", key->enctype, + key->length); + for (i=0; i < key->length; i++) { + printf(" %02x", key->contents[i]); + } + printf("\n"); +} + +/* + * Can also add : + * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?) + */ + +void +main(argc,argv) + int argc; + char *argv[]; +{ + /* Local Declarations */ + krb5_context context; + krb5_encrypt_block eblock; + krb5_keyblock keyblock, *randkey; + void *random_seed = 0; + +#ifdef WINDOWS + /* Set screen window buffer to infinite size -- MS default is tiny. */ + _wsetscreenbuf (fileno (stdout), _WINBUFINF); +#endif + + /* do some initialisation */ + krb5_init_context(&context); + krb5_init_ets(context); + + krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_CRC); + keyblock.enctype = ENCTYPE_DES_CBC_CRC; + keyblock.length = sizeof(mit_des_cblock); + + keyblock.contents = key2; + + printf("init_random: "); + print_key(&keyblock); + krb5_init_random_key(context, &eblock, &keyblock, &random_seed); + krb5_random_key(context, &eblock, random_seed, &randkey); + print_key(randkey); + krb5_free_keyblock(context, randkey); + krb5_random_key(context, &eblock, random_seed, &randkey); + print_key(randkey); + krb5_free_keyblock(context, randkey); + krb5_finish_random_key(context, &eblock, &random_seed); + + keyblock.contents = zerokey; + + printf("\n\ninit_random: "); + print_key(&keyblock); + + krb5_init_random_key(context, &eblock, &keyblock, &random_seed); + krb5_random_key(context, &eblock, random_seed, &randkey); + print_key(randkey); + krb5_free_keyblock(context, randkey); + krb5_random_key(context, &eblock, random_seed, &randkey); + print_key(randkey); + krb5_free_keyblock(context, randkey); + krb5_finish_random_key(context, &eblock, &random_seed); + + krb5_free_context(context); +} + -- 2.26.2