2 * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Kungliga Tekniska
20 * Högskolan and its contributors.
22 * 4. Neither the name of the Institute nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 #include "krb5_locl.h"
44 static void krb5_crypto_debug(krb5_context
, int, size_t, krb5_keyblock
*);
58 struct krb5_crypto_data
{
59 struct encryption_type
*et
;
62 struct key_usage
*key_usage
;
65 #define CRYPTO_ETYPE(C) ((C)->et->type)
67 /* bits for `flags' below */
68 #define F_KEYED 1 /* checksum is keyed */
69 #define F_CPROOF 2 /* checksum is collision proof */
70 #define F_DERIVED 4 /* uses derived keys */
71 #define F_VARIANT 8 /* uses `variant' keys (6.4.3) */
72 #define F_PSEUDO 16 /* not a real protocol type */
77 krb5_error_code (*string_to_key
)(krb5_context
, krb5_enctype
, krb5_data
,
78 krb5_salt
, krb5_keyblock
*);
82 krb5_keytype type
; /* XXX */
88 krb5_enctype best_etype
;
90 void (*random_key
)(krb5_context
, krb5_keyblock
*);
91 void (*schedule
)(krb5_context
, struct key_data
*);
92 struct salt_type
*string_to_key
;
95 struct checksum_type
{
101 void (*checksum
)(krb5_context
, struct key_data
*, void*, size_t, Checksum
*);
102 krb5_error_code (*verify
)(krb5_context
, struct key_data
*,
103 void*, size_t, Checksum
*);
106 struct encryption_type
{
110 size_t confoundersize
;
111 struct key_type
*keytype
;
112 struct checksum_type
*cksumtype
;
113 struct checksum_type
*keyed_checksum
;
115 void (*encrypt
)(struct key_data
*, void *, size_t, int);
118 #define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA)
119 #define INTEGRITY_USAGE(U) (((U) << 8) | 0x55)
120 #define CHECKSUM_USAGE(U) (((U) << 8) | 0x99)
122 static struct checksum_type
*_find_checksum(krb5_cksumtype type
);
123 static struct encryption_type
*_find_enctype(krb5_enctype type
);
124 static struct key_type
*_find_keytype(krb5_keytype type
);
125 static krb5_error_code
_get_derived_key(krb5_context
, krb5_crypto
,
126 unsigned, struct key_data
**);
127 static struct key_data
*_new_derived_key(krb5_crypto crypto
, unsigned usage
);
129 /************************************************************
131 ************************************************************/
134 DES_random_key(krb5_context context
,
137 des_cblock
*k
= key
->keyvalue
.data
;
139 krb5_generate_random_block(k
, sizeof(des_cblock
));
140 des_set_odd_parity(k
);
141 } while(des_is_weak_key(k
));
145 DES_schedule(krb5_context context
,
146 struct key_data
*key
)
148 des_set_key(key
->key
->keyvalue
.data
, key
->schedule
->data
);
151 static krb5_error_code
152 DES_string_to_key(krb5_context context
,
153 krb5_enctype enctype
,
161 len
= password
.length
+ salt
.saltvalue
.length
+ 1;
165 memcpy(s
, password
.data
, password
.length
);
166 memcpy(s
+ password
.length
, salt
.saltvalue
.data
, salt
.saltvalue
.length
);
168 des_string_to_key(s
, &tmp
);
169 key
->keytype
= enctype
;
170 krb5_data_copy(&key
->keyvalue
, tmp
, sizeof(tmp
));
171 memset(&tmp
, 0, sizeof(tmp
));
177 /* This defines the Andrew string_to_key function. It accepts a password
178 * string as input and converts its via a one-way encryption algorithm to a DES
179 * encryption key. It is compatible with the original Andrew authentication
180 * service password database.
184 * Short passwords, i.e 8 characters or less.
187 DES_AFS3_CMU_string_to_key (krb5_data pw
,
191 char password
[8+1]; /* crypt is limited to 8 chars anyway */
194 for(i
= 0; i
< 8; i
++) {
195 char c
= ((i
< pw
.length
) ? ((char*)pw
.data
)[i
] : 0) ^
196 ((i
< cell
.length
) ? ((char*)cell
.data
)[i
] : 0);
197 password
[i
] = c
? c
: 'X';
201 memcpy(key
, crypt(password
, "#~") + 2, sizeof(des_cblock
));
203 /* parity is inserted into the LSB so left shift each byte up one
204 bit. This allows ascii characters with a zero MSB to retain as
205 much significance as possible. */
206 for (i
= 0; i
< sizeof(des_cblock
); i
++)
207 ((unsigned char*)key
)[i
] <<= 1;
208 des_set_odd_parity (key
);
212 * Long passwords, i.e 9 characters or more.
215 DES_AFS3_Transarc_string_to_key (krb5_data pw
,
219 des_key_schedule schedule
;
225 memcpy(password
, pw
.data
, min(pw
.length
, sizeof(password
)));
226 if(pw
.length
< sizeof(password
))
227 memcpy(password
+ pw
.length
,
228 cell
.data
, min(cell
.length
,
229 sizeof(password
) - pw
.length
));
230 passlen
= min(sizeof(password
), pw
.length
+ cell
.length
);
231 memcpy(&ivec
, "kerberos", 8);
232 memcpy(&temp_key
, "kerberos", 8);
233 des_set_odd_parity (&temp_key
);
234 des_set_key (&temp_key
, schedule
);
235 des_cbc_cksum ((des_cblock
*)password
, &ivec
, passlen
, schedule
, &ivec
);
237 memcpy(&temp_key
, &ivec
, 8);
238 des_set_odd_parity (&temp_key
);
239 des_set_key (&temp_key
, schedule
);
240 des_cbc_cksum ((des_cblock
*)password
, key
, passlen
, schedule
, &ivec
);
241 memset(&schedule
, 0, sizeof(schedule
));
242 memset(&temp_key
, 0, sizeof(temp_key
));
243 memset(&ivec
, 0, sizeof(ivec
));
244 memset(password
, 0, sizeof(password
));
246 des_set_odd_parity (key
);
249 static krb5_error_code
250 DES_AFS3_string_to_key(krb5_context context
,
251 krb5_enctype enctype
,
257 if(password
.length
> 8)
258 DES_AFS3_Transarc_string_to_key(password
, salt
.saltvalue
, &tmp
);
260 DES_AFS3_CMU_string_to_key(password
, salt
.saltvalue
, &tmp
);
261 key
->keytype
= enctype
;
262 krb5_data_copy(&key
->keyvalue
, tmp
, sizeof(tmp
));
263 memset(&key
, 0, sizeof(key
));
268 DES3_random_key(krb5_context context
,
271 des_cblock
*k
= key
->keyvalue
.data
;
273 krb5_generate_random_block(k
, 3 * sizeof(des_cblock
));
274 des_set_odd_parity(&k
[0]);
275 des_set_odd_parity(&k
[1]);
276 des_set_odd_parity(&k
[2]);
277 } while(des_is_weak_key(&k
[0]) ||
278 des_is_weak_key(&k
[1]) ||
279 des_is_weak_key(&k
[2]));
283 DES3_schedule(krb5_context context
,
284 struct key_data
*key
)
286 des_cblock
*k
= key
->key
->keyvalue
.data
;
287 des_key_schedule
*s
= key
->schedule
->data
;
288 des_set_key(&k
[0], s
[0]);
289 des_set_key(&k
[1], s
[1]);
290 des_set_key(&k
[2], s
[2]);
294 * A = A xor B. A & B are 8 bytes.
298 xor (des_cblock
*key
, const unsigned char *b
)
300 unsigned char *a
= (unsigned char*)key
;
311 static krb5_error_code
312 DES3_string_to_key(krb5_context context
,
313 krb5_enctype enctype
,
320 unsigned char tmp
[24];
323 len
= password
.length
+ salt
.saltvalue
.length
;
327 memcpy(str
, password
.data
, password
.length
);
328 memcpy(str
+ password
.length
, salt
.saltvalue
.data
, salt
.saltvalue
.length
);
331 des_key_schedule s
[3];
334 _krb5_n_fold(str
, len
, tmp
, 24);
336 for(i
= 0; i
< 3; i
++){
337 memcpy(keys
+ i
, tmp
+ i
* 8, sizeof(keys
[i
]));
338 des_set_odd_parity(keys
+ i
);
339 if(des_is_weak_key(keys
+ i
))
340 xor(keys
+ i
, (unsigned char*)"\0\0\0\0\0\0\0\xf0");
341 des_set_key(keys
+ i
, s
[i
]);
343 memset(&ivec
, 0, sizeof(ivec
));
344 des_ede3_cbc_encrypt((void*)tmp
, (void*)tmp
, sizeof(tmp
),
345 s
[0], s
[1], s
[2], &ivec
, DES_ENCRYPT
);
346 memset(s
, 0, sizeof(s
));
347 memset(&ivec
, 0, sizeof(ivec
));
348 for(i
= 0; i
< 3; i
++){
349 memcpy(keys
+ i
, tmp
+ i
* 8, sizeof(keys
[i
]));
350 des_set_odd_parity(keys
+ i
);
351 if(des_is_weak_key(keys
+ i
))
352 xor(keys
+ i
, (unsigned char*)"\0\0\0\0\0\0\0\xf0");
354 memset(tmp
, 0, sizeof(tmp
));
356 key
->keytype
= enctype
;
357 krb5_data_copy(&key
->keyvalue
, keys
, sizeof(keys
));
358 memset(keys
, 0, sizeof(keys
));
364 static krb5_error_code
365 DES3_string_to_key_derived(krb5_context context
,
366 krb5_enctype enctype
,
372 size_t len
= password
.length
+ salt
.saltvalue
.length
;
373 char *s
= malloc(len
);
377 memcpy(s
, password
.data
, password
.length
);
378 memcpy(s
+ password
.length
, salt
.saltvalue
.data
, salt
.saltvalue
.length
);
379 ret
= krb5_string_to_key_derived(context
,
389 extern struct salt_type des_salt
[],
390 des3_salt
[], des3_salt_derived
[];
392 struct key_type keytype_null
= {
403 struct key_type keytype_des
= {
408 sizeof(des_key_schedule
),
414 struct key_type keytype_des3
= {
418 3 * sizeof(des_cblock
),
419 3 * sizeof(des_key_schedule
),
425 struct key_type keytype_des3_derived
= {
429 3 * sizeof(des_cblock
),
430 3 * sizeof(des_key_schedule
),
436 struct key_type
*keytypes
[] = {
439 &keytype_des3_derived
,
443 static int num_keytypes
= sizeof(keytypes
) / sizeof(keytypes
[0]);
445 static struct key_type
*
446 _find_keytype(krb5_keytype type
)
449 for(i
= 0; i
< num_keytypes
; i
++)
450 if(keytypes
[i
]->type
== type
)
456 struct salt_type des_salt
[] = {
465 DES_AFS3_string_to_key
470 struct salt_type des3_salt
[] = {
479 struct salt_type des3_salt_derived
[] = {
483 DES3_string_to_key_derived
489 krb5_salttype_to_string (krb5_context context
,
494 struct encryption_type
*e
;
495 struct salt_type
*st
;
497 e
= _find_enctype (etype
);
499 return KRB5_PROG_ETYPE_NOSUPP
;
500 for (st
= e
->keytype
->string_to_key
; st
&& st
->type
; st
++) {
501 if (st
->type
== stype
) {
502 *string
= strdup (st
->name
);
508 return HEIM_ERR_SALTTYPE_NOSUPP
;
512 krb5_get_pw_salt(krb5_context context
,
513 krb5_const_principal principal
,
521 salt
->salttype
= KRB5_PW_SALT
;
522 len
= strlen(principal
->realm
);
523 for (i
= 0; i
< principal
->name
.name_string
.len
; ++i
)
524 len
+= strlen(principal
->name
.name_string
.val
[i
]);
525 ret
= krb5_data_alloc (&salt
->saltvalue
, len
);
528 p
= salt
->saltvalue
.data
;
529 memcpy (p
, principal
->realm
, strlen(principal
->realm
));
530 p
+= strlen(principal
->realm
);
531 for (i
= 0; i
< principal
->name
.name_string
.len
; ++i
) {
533 principal
->name
.name_string
.val
[i
],
534 strlen(principal
->name
.name_string
.val
[i
]));
535 p
+= strlen(principal
->name
.name_string
.val
[i
]);
541 krb5_free_salt(krb5_context context
,
544 krb5_data_free(&salt
.saltvalue
);
549 krb5_string_to_key_data (krb5_context context
,
550 krb5_enctype enctype
,
552 krb5_principal principal
,
558 ret
= krb5_get_pw_salt(context
, principal
, &salt
);
561 ret
= krb5_string_to_key_data_salt(context
, enctype
, password
, salt
, key
);
562 krb5_free_salt(context
, salt
);
567 krb5_string_to_key (krb5_context context
,
568 krb5_enctype enctype
,
569 const char *password
,
570 krb5_principal principal
,
574 pw
.data
= (void*)password
;
575 pw
.length
= strlen(password
);
576 return krb5_string_to_key_data(context
, enctype
, pw
, principal
, key
);
580 krb5_string_to_key_data_salt (krb5_context context
,
581 krb5_enctype enctype
,
586 struct encryption_type
*et
=_find_enctype(enctype
);
587 struct salt_type
*st
;
589 return KRB5_PROG_ETYPE_NOSUPP
;
590 for(st
= et
->keytype
->string_to_key
; st
&& st
->type
; st
++)
591 if(st
->type
== salt
.salttype
)
592 return (*st
->string_to_key
)(context
, enctype
, password
, salt
, key
);
593 return HEIM_ERR_SALTTYPE_NOSUPP
;
597 krb5_string_to_key_salt (krb5_context context
,
598 krb5_enctype enctype
,
599 const char *password
,
604 pw
.data
= (void*)password
;
605 pw
.length
= strlen(password
);
606 return krb5_string_to_key_data_salt(context
, enctype
, pw
, salt
, key
);
610 krb5_keytype_to_string(krb5_context context
,
611 krb5_keytype keytype
,
614 struct key_type
*kt
= _find_keytype(keytype
);
616 return KRB5_PROG_KEYTYPE_NOSUPP
;
617 *string
= strdup(kt
->name
);
624 krb5_string_to_keytype(krb5_context context
,
626 krb5_keytype
*keytype
)
629 for(i
= 0; i
< num_keytypes
; i
++)
630 if(strcasecmp(keytypes
[i
]->name
, string
) == 0){
631 *keytype
= keytypes
[i
]->type
;
634 return KRB5_PROG_KEYTYPE_NOSUPP
;
638 krb5_generate_random_keyblock(krb5_context context
,
643 struct encryption_type
*et
= _find_enctype(type
);
645 return KRB5_PROG_ETYPE_NOSUPP
;
646 ret
= krb5_data_alloc(&key
->keyvalue
, et
->keytype
->size
);
650 if(et
->keytype
->random_key
)
651 (*et
->keytype
->random_key
)(context
, key
);
653 krb5_generate_random_block(key
->keyvalue
.data
,
654 key
->keyvalue
.length
);
658 static krb5_error_code
659 _key_schedule(krb5_context context
,
660 struct key_data
*key
)
663 struct encryption_type
*et
= _find_enctype(key
->key
->keytype
);
664 struct key_type
*kt
= et
->keytype
;
666 if(kt
->schedule
== NULL
)
668 ALLOC(key
->schedule
, 1);
669 if(key
->schedule
== NULL
)
671 ret
= krb5_data_alloc(key
->schedule
, kt
->schedule_size
);
674 key
->schedule
= NULL
;
677 (*kt
->schedule
)(context
, key
);
681 /************************************************************
683 ************************************************************/
686 NONE_checksum(krb5_context context
,
687 struct key_data
*key
,
695 CRC32_checksum(krb5_context context
,
696 struct key_data
*key
,
702 unsigned char *r
= C
->checksum
.data
;
703 _krb5_crc_init_table ();
704 crc
= _krb5_crc_update (data
, len
, 0);
706 r
[1] = (crc
>> 8) & 0xff;
707 r
[2] = (crc
>> 16) & 0xff;
708 r
[3] = (crc
>> 24) & 0xff;
712 RSA_MD4_checksum(krb5_context context
,
713 struct key_data
*key
,
720 md4_update(&m
, data
, len
);
721 md4_finito(&m
, C
->checksum
.data
);
725 RSA_MD4_DES_checksum(krb5_context context
,
726 struct key_data
*key
,
733 unsigned char *p
= cksum
->checksum
.data
;
735 krb5_generate_random_block(p
, 8);
737 md4_update(&md4
, p
, 8);
738 md4_update(&md4
, data
, len
);
739 md4_finito(&md4
, p
+ 8);
740 memset (&ivec
, 0, sizeof(ivec
));
741 des_cbc_encrypt((des_cblock
*)p
,
749 static krb5_error_code
750 RSA_MD4_DES_verify(krb5_context context
,
751 struct key_data
*key
,
757 unsigned char tmp
[24];
758 unsigned char res
[16];
760 krb5_error_code ret
= 0;
762 memset(&ivec
, 0, sizeof(ivec
));
763 des_cbc_encrypt(C
->checksum
.data
,
770 md4_update(&md4
, tmp
, 8); /* confounder */
771 md4_update(&md4
, data
, len
);
772 md4_finito(&md4
, res
);
773 if(memcmp(res
, tmp
+ 8, sizeof(res
)) != 0)
774 ret
= KRB5KRB_AP_ERR_BAD_INTEGRITY
;
775 memset(tmp
, 0, sizeof(tmp
));
776 memset(res
, 0, sizeof(res
));
781 RSA_MD5_checksum(krb5_context context
,
782 struct key_data
*key
,
789 md5_update(&m
, data
, len
);
790 md5_finito(&m
, C
->checksum
.data
);
794 RSA_MD5_DES_checksum(krb5_context context
,
795 struct key_data
*key
,
802 unsigned char *p
= C
->checksum
.data
;
804 krb5_generate_random_block(p
, 8);
806 md5_update(&md5
, p
, 8);
807 md5_update(&md5
, data
, len
);
808 md5_finito(&md5
, p
+ 8);
809 memset (&ivec
, 0, sizeof(ivec
));
810 des_cbc_encrypt((des_cblock
*)p
,
818 static krb5_error_code
819 RSA_MD5_DES_verify(krb5_context context
,
820 struct key_data
*key
,
826 unsigned char tmp
[24];
827 unsigned char res
[16];
829 des_key_schedule
*sched
= key
->schedule
->data
;
830 krb5_error_code ret
= 0;
832 memset(&ivec
, 0, sizeof(ivec
));
833 des_cbc_encrypt(C
->checksum
.data
,
840 md5_update(&md5
, tmp
, 8); /* confounder */
841 md5_update(&md5
, data
, len
);
842 md5_finito(&md5
, res
);
843 if(memcmp(res
, tmp
+ 8, sizeof(res
)) != 0)
844 ret
= KRB5KRB_AP_ERR_BAD_INTEGRITY
;
845 memset(tmp
, 0, sizeof(tmp
));
846 memset(res
, 0, sizeof(res
));
851 RSA_MD5_DES3_checksum(krb5_context context
,
852 struct key_data
*key
,
859 unsigned char *p
= C
->checksum
.data
;
860 des_key_schedule
*sched
= key
->schedule
->data
;
862 krb5_generate_random_block(p
, 8);
864 md5_update(&md5
, p
, 8);
865 md5_update(&md5
, data
, len
);
866 md5_finito(&md5
, p
+ 8);
867 memset (&ivec
, 0, sizeof(ivec
));
868 des_ede3_cbc_encrypt((des_cblock
*)p
,
871 sched
[0], sched
[1], sched
[2],
876 static krb5_error_code
877 RSA_MD5_DES3_verify(krb5_context context
,
878 struct key_data
*key
,
884 unsigned char tmp
[24];
885 unsigned char res
[16];
887 des_key_schedule
*sched
= key
->schedule
->data
;
888 krb5_error_code ret
= 0;
890 memset(&ivec
, 0, sizeof(ivec
));
891 des_ede3_cbc_encrypt(C
->checksum
.data
,
894 sched
[0], sched
[1], sched
[2],
898 md5_update(&md5
, tmp
, 8); /* confounder */
899 md5_update(&md5
, data
, len
);
900 md5_finito(&md5
, res
);
901 if(memcmp(res
, tmp
+ 8, sizeof(res
)) != 0)
902 ret
= KRB5KRB_AP_ERR_BAD_INTEGRITY
;
903 memset(tmp
, 0, sizeof(tmp
));
904 memset(res
, 0, sizeof(res
));
909 SHA1_checksum(krb5_context context
,
910 struct key_data
*key
,
917 sha_update(&m
, data
, len
);
918 sha_finito(&m
, C
->checksum
.data
);
921 /* HMAC according to RFC2104 */
923 hmac(krb5_context context
,
924 struct checksum_type
*cm
,
927 struct key_data
*keyblock
,
930 unsigned char *ipad
, *opad
;
935 if(keyblock
->key
->keyvalue
.length
> cm
->blocksize
){
936 (*cm
->checksum
)(context
,
938 keyblock
->key
->keyvalue
.data
,
939 keyblock
->key
->keyvalue
.length
,
941 key
= result
->checksum
.data
;
942 key_len
= result
->checksum
.length
;
944 key
= keyblock
->key
->keyvalue
.data
;
945 key_len
= keyblock
->key
->keyvalue
.length
;
947 ipad
= malloc(cm
->blocksize
+ len
);
948 opad
= malloc(cm
->blocksize
+ cm
->checksumsize
);
949 memset(ipad
, 0x36, cm
->blocksize
);
950 memset(opad
, 0x5c, cm
->blocksize
);
951 for(i
= 0; i
< key_len
; i
++){
955 memcpy(ipad
+ cm
->blocksize
, data
, len
);
956 (*cm
->checksum
)(context
, keyblock
, ipad
, cm
->blocksize
+ len
, result
);
957 memcpy(opad
+ cm
->blocksize
, result
->checksum
.data
,
958 result
->checksum
.length
);
959 (*cm
->checksum
)(context
, keyblock
, opad
,
960 cm
->blocksize
+ cm
->checksumsize
, result
);
961 memset(ipad
, 0, cm
->blocksize
+ len
);
963 memset(opad
, 0, cm
->blocksize
+ cm
->checksumsize
);
968 HMAC_SHA1_DES3_checksum(krb5_context context
,
969 struct key_data
*key
,
974 struct checksum_type
*c
= _find_checksum(CKSUMTYPE_SHA1
);
976 unsigned char *p
= malloc(4 + len
);
977 _krb5_put_int(p
, len
, 4);
978 memcpy(p
+ 4, data
, len
);
979 hmac(context
, c
, p
, 4 + len
, key
, result
);
980 memset(p
, 0, 4 + len
);
984 struct checksum_type checksum_none
= {
993 struct checksum_type checksum_crc32
= {
1002 struct checksum_type checksum_rsa_md4
= {
1011 struct checksum_type checksum_rsa_md4_des
= {
1012 CKSUMTYPE_RSA_MD4_DES
,
1016 F_KEYED
| F_CPROOF
| F_VARIANT
,
1017 RSA_MD4_DES_checksum
,
1021 struct checksum_type checksum_des_mac
= {
1029 struct checksum_type checksum_des_mac_k
= {
1030 CKSUMTYPE_DES_MAC_K
,
1037 struct checksum_type checksum_rsa_md4_des_k
= {
1038 CKSUMTYPE_RSA_MD4_DES_K
,
1043 RSA_MD4_DES_K_checksum
,
1044 RSA_MD4_DES_K_verify
,
1047 struct checksum_type checksum_rsa_md5
= {
1056 struct checksum_type checksum_rsa_md5_des
= {
1057 CKSUMTYPE_RSA_MD5_DES
,
1061 F_KEYED
| F_CPROOF
| F_VARIANT
,
1062 RSA_MD5_DES_checksum
,
1065 struct checksum_type checksum_rsa_md5_des3
= {
1066 CKSUMTYPE_RSA_MD5_DES3
,
1070 F_KEYED
| F_CPROOF
| F_VARIANT
,
1071 RSA_MD5_DES3_checksum
,
1072 RSA_MD5_DES3_verify
,
1074 struct checksum_type checksum_sha1
= {
1083 struct checksum_type checksum_hmac_sha1_des3
= {
1084 CKSUMTYPE_HMAC_SHA1_DES3
,
1088 F_KEYED
| F_CPROOF
| F_DERIVED
,
1089 HMAC_SHA1_DES3_checksum
,
1093 struct checksum_type
*checksum_types
[] = {
1097 &checksum_rsa_md4_des
,
1100 &checksum_des_mac_k
,
1101 &checksum_rsa_md4_des_k
,
1104 &checksum_rsa_md5_des
,
1105 &checksum_rsa_md5_des3
,
1107 &checksum_hmac_sha1_des3
1110 static int num_checksums
= sizeof(checksum_types
) / sizeof(checksum_types
[0]);
1112 static struct checksum_type
*
1113 _find_checksum(krb5_cksumtype type
)
1116 for(i
= 0; i
< num_checksums
; i
++)
1117 if(checksum_types
[i
]->type
== type
)
1118 return checksum_types
[i
];
1122 static krb5_error_code
1123 get_checksum_key(krb5_context context
,
1125 unsigned usage
, /* not krb5_key_usage */
1126 struct checksum_type
*ct
,
1127 struct key_data
**key
)
1129 krb5_error_code ret
= 0;
1131 if(ct
->flags
& F_DERIVED
)
1132 ret
= _get_derived_key(context
, crypto
, usage
, key
);
1133 else if(ct
->flags
& F_VARIANT
) {
1136 *key
= _new_derived_key(crypto
, 0xff/* KRB5_KU_RFC1510_VARIANT */);
1139 ret
= krb5_copy_keyblock(context
, crypto
->key
.key
, &(*key
)->key
);
1142 for(i
= 0; i
< (*key
)->key
->keyvalue
.length
; i
++)
1143 ((unsigned char*)(*key
)->key
->keyvalue
.data
)[i
] ^= 0xF0;
1145 *key
= &crypto
->key
;
1148 ret
= _key_schedule(context
, *key
);
1152 static krb5_error_code
1153 do_checksum (krb5_context context
,
1154 struct checksum_type
*ct
,
1161 krb5_error_code ret
;
1162 struct key_data
*dkey
;
1165 keyed_checksum
= (ct
->flags
& F_KEYED
) != 0;
1166 if(keyed_checksum
&& crypto
== NULL
)
1167 return KRB5_PROG_SUMTYPE_NOSUPP
; /* XXX */
1169 ret
= get_checksum_key(context
, crypto
, usage
, ct
, &dkey
);
1172 result
->cksumtype
= ct
->type
;
1173 krb5_data_alloc(&result
->checksum
, ct
->checksumsize
);
1174 (*ct
->checksum
)(context
, dkey
, data
, len
, result
);
1178 static krb5_error_code
1179 create_checksum(krb5_context context
,
1181 unsigned usage
, /* not krb5_key_usage */
1182 krb5_cksumtype type
, /* if crypto == NULL */
1187 struct checksum_type
*ct
;
1190 ct
= crypto
->et
->keyed_checksum
;
1192 ct
= crypto
->et
->cksumtype
;
1194 ct
= _find_checksum(type
);
1196 return KRB5_PROG_SUMTYPE_NOSUPP
;
1197 return do_checksum (context
, ct
, crypto
, usage
, data
, len
, result
);
1201 krb5_create_checksum(krb5_context context
,
1203 unsigned usage_or_type
,
1208 return create_checksum(context
, crypto
,
1209 CHECKSUM_USAGE(usage_or_type
),
1210 usage_or_type
, data
, len
, result
);
1213 static krb5_error_code
1214 verify_checksum(krb5_context context
,
1216 unsigned usage
, /* not krb5_key_usage */
1221 krb5_error_code ret
;
1222 struct key_data
*dkey
;
1225 struct checksum_type
*ct
;
1227 ct
= _find_checksum(cksum
->cksumtype
);
1229 return KRB5_PROG_SUMTYPE_NOSUPP
;
1230 if(ct
->checksumsize
!= cksum
->checksum
.length
)
1231 return KRB5KRB_AP_ERR_BAD_INTEGRITY
; /* XXX */
1232 keyed_checksum
= (ct
->flags
& F_KEYED
) != 0;
1233 if(keyed_checksum
&& crypto
== NULL
)
1234 return KRB5_PROG_SUMTYPE_NOSUPP
; /* XXX */
1236 ret
= get_checksum_key(context
, crypto
, usage
, ct
, &dkey
);
1240 return (*ct
->verify
)(context
, dkey
, data
, len
, cksum
);
1242 ret
= krb5_data_alloc (&c
.checksum
, ct
->checksumsize
);
1246 (*ct
->checksum
)(context
, dkey
, data
, len
, &c
);
1248 if(c
.checksum
.length
!= cksum
->checksum
.length
||
1249 memcmp(c
.checksum
.data
, cksum
->checksum
.data
, c
.checksum
.length
))
1250 ret
= KRB5KRB_AP_ERR_BAD_INTEGRITY
;
1253 krb5_data_free (&c
.checksum
);
1258 krb5_verify_checksum(krb5_context context
,
1260 krb5_key_usage usage
,
1265 return verify_checksum(context
, crypto
,
1266 CHECKSUM_USAGE(usage
), data
, len
, cksum
);
1270 krb5_checksumsize(krb5_context context
,
1271 krb5_cksumtype type
,
1274 struct checksum_type
*ct
= _find_checksum(type
);
1276 return KRB5_PROG_SUMTYPE_NOSUPP
;
1277 *size
= ct
->checksumsize
;
1282 krb5_checksum_is_keyed(krb5_context context
,
1283 krb5_cksumtype type
)
1285 struct checksum_type
*ct
= _find_checksum(type
);
1287 return KRB5_PROG_SUMTYPE_NOSUPP
;
1288 return ct
->flags
& F_KEYED
;
1292 krb5_checksum_is_collision_proof(krb5_context context
,
1293 krb5_cksumtype type
)
1295 struct checksum_type
*ct
= _find_checksum(type
);
1297 return KRB5_PROG_SUMTYPE_NOSUPP
;
1298 return ct
->flags
& F_CPROOF
;
1301 /************************************************************
1303 ************************************************************/
1306 NULL_encrypt(struct key_data
*key
,
1309 krb5_boolean encrypt
)
1314 DES_CBC_encrypt_null_ivec(struct key_data
*key
,
1317 krb5_boolean encrypt
)
1320 des_key_schedule
*s
= key
->schedule
->data
;
1321 memset(&ivec
, 0, sizeof(ivec
));
1322 des_cbc_encrypt(data
, data
, len
, *s
, &ivec
, encrypt
);
1326 DES_CBC_encrypt_key_ivec(struct key_data
*key
,
1329 krb5_boolean encrypt
)
1332 des_key_schedule
*s
= key
->schedule
->data
;
1333 memcpy(&ivec
, key
->key
->keyvalue
.data
, sizeof(ivec
));
1334 des_cbc_encrypt(data
, data
, len
, *s
, &ivec
, encrypt
);
1338 DES3_CBC_encrypt(struct key_data
*key
,
1341 krb5_boolean encrypt
)
1344 des_key_schedule
*s
= key
->schedule
->data
;
1345 memset(&ivec
, 0, sizeof(ivec
));
1346 des_ede3_cbc_encrypt(data
, data
, len
, s
[0], s
[1], s
[2], &ivec
, encrypt
);
1350 * these should currently be in reverse preference order.
1353 static struct encryption_type etypes
[] = {
1374 DES_CBC_encrypt_key_ivec
,
1383 &checksum_rsa_md4_des
,
1385 DES_CBC_encrypt_null_ivec
,
1394 &checksum_rsa_md5_des
,
1396 DES_CBC_encrypt_null_ivec
,
1405 &checksum_rsa_md5_des3
,
1411 ETYPE_DES3_CBC_SHA1
,
1415 &keytype_des3_derived
,
1417 &checksum_hmac_sha1_des3
,
1423 ETYPE_NEW_DES3_CBC_SHA1
,
1424 "new-des3-cbc-sha1",
1427 &keytype_des3_derived
,
1429 &checksum_hmac_sha1_des3
,
1434 ETYPE_DES3_CBC_SHA1
,
1440 &checksum_hmac_sha1_des3
,
1454 DES_CBC_encrypt_null_ivec
,
1457 ETYPE_DES3_CBC_NONE
,
1461 &keytype_des3_derived
,
1465 DES_CBC_encrypt_null_ivec
,
1469 static unsigned num_etypes
= sizeof(etypes
) / sizeof(etypes
[0]);
1472 static struct encryption_type
*
1473 _find_enctype(krb5_enctype type
)
1476 for(i
= 0; i
< num_etypes
; i
++)
1477 if(etypes
[i
].type
== type
)
1484 krb5_enctype_to_string(krb5_context context
,
1488 struct encryption_type
*e
;
1489 e
= _find_enctype(etype
);
1491 return KRB5_PROG_ETYPE_NOSUPP
;
1492 *string
= strdup(e
->name
);
1499 krb5_string_to_enctype(krb5_context context
,
1501 krb5_enctype
*etype
)
1504 for(i
= 0; i
< num_etypes
; i
++)
1505 if(strcasecmp(etypes
[i
].name
, string
) == 0){
1506 *etype
= etypes
[i
].type
;
1509 return KRB5_PROG_ETYPE_NOSUPP
;
1513 krb5_enctype_to_keytype(krb5_context context
,
1515 krb5_keytype
*keytype
)
1517 struct encryption_type
*e
= _find_enctype(etype
);
1518 krb5_warnx(context
, "krb5_enctype_to_keytype(%u)", etype
);
1520 return KRB5_PROG_ETYPE_NOSUPP
;
1521 *keytype
= e
->keytype
->type
; /* XXX */
1527 krb5_keytype_to_enctype(krb5_context context
,
1528 krb5_keytype keytype
,
1529 krb5_enctype
*etype
)
1531 struct key_type
*kt
= _find_keytype(keytype
);
1532 krb5_warnx(context
, "krb5_keytype_to_enctype(%u)", keytype
);
1534 return KRB5_PROG_KEYTYPE_NOSUPP
;
1535 *etype
= kt
->best_etype
;
1541 krb5_keytype_to_enctypes (krb5_context context
,
1542 krb5_keytype keytype
,
1550 for (i
= num_etypes
- 1; i
>= 0; --i
) {
1551 if (etypes
[i
].keytype
->type
== keytype
1552 && !(etypes
[i
].flags
& F_PSEUDO
))
1555 ret
= malloc(n
* sizeof(int));
1556 if (ret
== NULL
&& n
!= 0)
1559 for (i
= num_etypes
- 1; i
>= 0; --i
) {
1560 if (etypes
[i
].keytype
->type
== keytype
1561 && !(etypes
[i
].flags
& F_PSEUDO
))
1562 ret
[n
++] = etypes
[i
].type
;
1570 krb5_enctype_valid(krb5_context context
,
1573 return _find_enctype(etype
) != NULL
;
1576 /* if two enctypes have compatible keys */
1578 krb5_enctypes_comptible_keys(krb5_context context
,
1579 krb5_enctype etype1
,
1580 krb5_enctype etype2
)
1582 struct encryption_type
*e1
= _find_enctype(etype1
);
1583 struct encryption_type
*e2
= _find_enctype(etype2
);
1584 return e1
!= NULL
&& e2
!= NULL
&& e1
->keytype
== e2
->keytype
;
1588 derived_crypto(krb5_context context
,
1591 return (crypto
->et
->flags
& F_DERIVED
) != 0;
1595 #define CHECKSUMSIZE(C) ((C)->checksumsize)
1596 #define CHECKSUMTYPE(C) ((C)->type)
1598 static krb5_error_code
1599 encrypt_internal_derived(krb5_context context
,
1606 size_t sz
, block_sz
, checksum_sz
;
1608 unsigned char *p
, *q
;
1609 krb5_error_code ret
;
1610 struct key_data
*dkey
;
1611 struct encryption_type
*et
= crypto
->et
;
1613 checksum_sz
= CHECKSUMSIZE(et
->keyed_checksum
);
1615 sz
= et
->confoundersize
+ 4 /* length */ + len
;
1616 block_sz
= (sz
+ et
->blocksize
- 1) &~ (et
->blocksize
- 1); /* pad */
1617 p
= calloc(1, block_sz
+ checksum_sz
);
1622 krb5_generate_random_block(q
, et
->confoundersize
); /* XXX */
1623 q
+= et
->confoundersize
;
1624 _krb5_put_int(q
, len
, 4);
1626 memcpy(q
, data
, len
);
1628 ret
= create_checksum(context
,
1630 INTEGRITY_USAGE(usage
),
1635 if(ret
== 0 && cksum
.checksum
.length
!= checksum_sz
)
1636 ret
= KRB5_CRYPTO_INTERNAL
;
1638 memset(p
, 0, block_sz
+ checksum_sz
);
1642 memcpy(p
+ block_sz
, cksum
.checksum
.data
, cksum
.checksum
.length
);
1643 ret
= _get_derived_key(context
, crypto
, ENCRYPTION_USAGE(usage
), &dkey
);
1645 memset(p
, 0, block_sz
+ checksum_sz
);
1649 ret
= _key_schedule(context
, dkey
);
1651 memset(p
, 0, block_sz
);
1656 krb5_crypto_debug(context
, 1, block_sz
, dkey
->key
);
1658 (*et
->encrypt
)(dkey
, p
, block_sz
, 1);
1660 result
->length
= block_sz
+ checksum_sz
;
1664 static krb5_error_code
1665 encrypt_internal(krb5_context context
,
1671 size_t sz
, block_sz
, checksum_sz
;
1673 unsigned char *p
, *q
;
1674 krb5_error_code ret
;
1675 struct encryption_type
*et
= crypto
->et
;
1677 checksum_sz
= CHECKSUMSIZE(et
->cksumtype
);
1679 sz
= et
->confoundersize
+ checksum_sz
+ len
;
1680 block_sz
= (sz
+ et
->blocksize
- 1) &~ (et
->blocksize
- 1); /* pad */
1681 p
= calloc(1, block_sz
);
1686 krb5_generate_random_block(q
, et
->confoundersize
); /* XXX */
1687 q
+= et
->confoundersize
;
1688 memset(q
, 0, checksum_sz
);
1690 memcpy(q
, data
, len
);
1692 ret
= create_checksum(context
,
1695 CHECKSUMTYPE(et
->cksumtype
),
1699 if(ret
== 0 && cksum
.checksum
.length
!= checksum_sz
) {
1700 free_Checksum (&cksum
);
1701 ret
= KRB5_CRYPTO_INTERNAL
;
1704 memset(p
, 0, block_sz
);
1706 free_Checksum(&cksum
);
1709 memcpy(p
+ et
->confoundersize
, cksum
.checksum
.data
, cksum
.checksum
.length
);
1710 free_Checksum(&cksum
);
1711 ret
= _key_schedule(context
, &crypto
->key
);
1713 memset(p
, 0, block_sz
);
1718 krb5_crypto_debug(context
, 1, block_sz
, crypto
->key
.key
);
1720 (*et
->encrypt
)(&crypto
->key
, p
, block_sz
, 1);
1722 result
->length
= block_sz
;
1726 static krb5_error_code
1727 decrypt_internal_derived(krb5_context context
,
1737 krb5_error_code ret
;
1738 struct key_data
*dkey
;
1739 struct encryption_type
*et
= crypto
->et
;
1745 memcpy(p
, data
, len
);
1747 checksum_sz
= CHECKSUMSIZE(et
->keyed_checksum
);
1750 ret
= _get_derived_key(context
, crypto
, ENCRYPTION_USAGE(usage
), &dkey
);
1755 ret
= _key_schedule(context
, dkey
);
1761 krb5_crypto_debug(context
, 0, len
, dkey
->key
);
1763 (*et
->encrypt
)(dkey
, p
, len
, 0);
1765 cksum
.checksum
.data
= p
+ len
;
1766 cksum
.checksum
.length
= checksum_sz
;
1768 ret
= verify_checksum(context
,
1770 INTEGRITY_USAGE(usage
),
1778 _krb5_get_int(p
+ et
->confoundersize
, &l
, 4);
1779 memmove(p
, p
+ et
->confoundersize
+ 4, l
);
1780 result
->data
= realloc(p
, l
);
1789 static krb5_error_code
1790 decrypt_internal(krb5_context context
,
1796 krb5_error_code ret
;
1799 size_t checksum_sz
, l
;
1800 struct encryption_type
*et
= crypto
->et
;
1802 checksum_sz
= CHECKSUMSIZE(et
->cksumtype
);
1806 memcpy(p
, data
, len
);
1808 ret
= _key_schedule(context
, &crypto
->key
);
1814 krb5_crypto_debug(context
, 0, len
, crypto
->key
.key
);
1816 (*et
->encrypt
)(&crypto
->key
, p
, len
, 0);
1817 ret
= krb5_data_copy(&cksum
.checksum
, p
+ et
->confoundersize
, checksum_sz
);
1822 memset(p
+ et
->confoundersize
, 0, checksum_sz
);
1823 cksum
.cksumtype
= CHECKSUMTYPE(et
->cksumtype
);
1824 ret
= verify_checksum(context
, NULL
, 0, p
, len
, &cksum
);
1825 free_Checksum(&cksum
);
1830 l
= len
- et
->confoundersize
- checksum_sz
;
1831 memmove(p
, p
+ et
->confoundersize
+ checksum_sz
, l
);
1832 result
->data
= realloc(p
, l
);
1833 if(result
->data
== NULL
) {
1842 krb5_encrypt(krb5_context context
,
1849 if(derived_crypto(context
, crypto
))
1850 return encrypt_internal_derived(context
, crypto
, usage
,
1853 return encrypt_internal(context
, crypto
, data
, len
, result
);
1857 krb5_encrypt_EncryptedData(krb5_context context
,
1863 EncryptedData
*result
)
1865 result
->etype
= CRYPTO_ETYPE(crypto
);
1867 ALLOC(result
->kvno
, 1);
1868 *result
->kvno
= kvno
;
1870 result
->kvno
= NULL
;
1871 return krb5_encrypt(context
, crypto
, usage
, data
, len
, &result
->cipher
);
1875 krb5_decrypt(krb5_context context
,
1882 if(derived_crypto(context
, crypto
))
1883 return decrypt_internal_derived(context
, crypto
, usage
,
1886 return decrypt_internal(context
, crypto
, data
, len
, result
);
1890 krb5_decrypt_EncryptedData(krb5_context context
,
1896 return krb5_decrypt(context
, crypto
, usage
,
1897 e
->cipher
.data
, e
->cipher
.length
, result
);
1900 /************************************************************
1902 ************************************************************/
1905 krb5_generate_random_block(void *buf
, size_t len
)
1907 des_cblock key
, out
;
1908 static des_cblock counter
;
1909 static des_key_schedule schedule
;
1911 static int initialized
= 0;
1914 des_new_random_key(&key
);
1915 des_set_key(&key
, schedule
);
1916 memset(&key
, 0, sizeof(key
));
1917 des_new_random_key(&counter
);
1920 des_ecb_encrypt(&counter
, &out
, schedule
, DES_ENCRYPT
);
1921 for(i
= 7; i
>=0; i
--)
1924 memcpy(buf
, out
, min(len
, sizeof(out
)));
1925 len
-= min(len
, sizeof(out
));
1926 buf
= (char*)buf
+ sizeof(out
);
1930 /* XXX should be moved someplace else */
1932 DES3_postproc(krb5_context context
,
1933 unsigned char *k
, size_t len
, struct key_data
*key
)
1935 unsigned char x
[24];
1936 int ki
= 0, xi
= 0, kb
= 8, xb
= 8;
1937 memset(x
, 0, sizeof(x
));
1938 /* insert a parity bit after every seven bits (I'm not
1939 convinced that the first 21 bytes has more entropy than the
1940 who 24 byte block...) */
1942 unsigned u
= k
[ki
] & ((1 << kb
) - 1);
1946 x
[xi
] |= u
>> (kb
- xb
);
1948 x
[xi
] |= u
<< (xb
- kb
);
1960 k
= key
->key
->keyvalue
.data
;
1962 memset(x
, 0, sizeof(x
));
1963 krb5_free_data(context
, key
->schedule
);
1964 key
->schedule
= NULL
;
1965 des_set_odd_parity((des_cblock
*)k
);
1966 des_set_odd_parity((des_cblock
*)(k
+ 8));
1967 des_set_odd_parity((des_cblock
*)(k
+ 16));
1970 static krb5_error_code
1971 derive_key(krb5_context context
,
1972 struct encryption_type
*et
,
1973 struct key_data
*key
,
1978 unsigned int nblocks
= 0, i
;
1979 krb5_error_code ret
= 0;
1981 struct key_type
*kt
= et
->keytype
;
1982 ret
= _key_schedule(context
, key
);
1985 if(et
->blocksize
* 8 < kt
->bits
||
1986 len
!= et
->blocksize
) {
1987 nblocks
= (kt
->bits
+ et
->blocksize
* 8 - 1) / (et
->blocksize
* 8);
1988 k
= malloc(nblocks
* et
->blocksize
);
1991 _krb5_n_fold(constant
, len
, k
, et
->blocksize
);
1992 for(i
= 0; i
< nblocks
; i
++) {
1994 memcpy(k
+ i
* et
->blocksize
,
1995 k
+ (i
- 1) * et
->blocksize
,
1997 (*et
->encrypt
)(key
, k
+ i
* et
->blocksize
, et
->blocksize
, 1);
2000 void *c
= malloc(len
);
2003 memcpy(c
, constant
, len
);
2004 (*et
->encrypt
)(key
, c
, len
, 1);
2005 k
= malloc((kt
->bits
+ 7) / 8);
2008 _krb5_n_fold(c
, len
, k
, kt
->bits
);
2012 /* XXX keytype dependent post-processing */
2015 DES3_postproc(context
, k
, nblocks
* et
->blocksize
, key
);
2018 krb5_warnx(context
, "derive_key() called with unknown keytype (%u)",
2020 ret
= KRB5_CRYPTO_INTERNAL
;
2023 memset(k
, 0, nblocks
* et
->blocksize
);
2028 static struct key_data
*
2029 _new_derived_key(krb5_crypto crypto
, unsigned usage
)
2031 struct key_usage
*d
= crypto
->key_usage
;
2032 d
= realloc(d
, (crypto
->num_key_usage
+ 1) * sizeof(*d
));
2035 crypto
->key_usage
= d
;
2036 d
+= crypto
->num_key_usage
++;
2037 memset(d
, 0, sizeof(*d
));
2042 static krb5_error_code
2043 _get_derived_key(krb5_context context
,
2046 struct key_data
**key
)
2050 unsigned char constant
[4];
2051 for(i
= 0; i
< crypto
->num_key_usage
; i
++)
2052 if(crypto
->key_usage
[i
].usage
== usage
) {
2053 *key
= &crypto
->key_usage
[i
].key
;
2056 d
= _new_derived_key(crypto
, usage
);
2059 krb5_copy_keyblock(context
, crypto
->key
.key
, &d
->key
);
2060 _krb5_put_int(constant
, usage
, 4);
2061 derive_key(context
, crypto
->et
, d
, constant
, sizeof(constant
));
2068 krb5_crypto_init(krb5_context context
,
2071 krb5_crypto
*crypto
)
2073 krb5_error_code ret
;
2077 if(etype
== ETYPE_NULL
)
2078 etype
= key
->keytype
;
2079 (*crypto
)->et
= _find_enctype(etype
);
2080 if((*crypto
)->et
== NULL
) {
2082 return KRB5_PROG_ETYPE_NOSUPP
;
2084 ret
= krb5_copy_keyblock(context
, key
, &(*crypto
)->key
.key
);
2089 (*crypto
)->key
.schedule
= NULL
;
2090 (*crypto
)->num_key_usage
= 0;
2091 (*crypto
)->key_usage
= NULL
;
2096 free_key_data(krb5_context context
, struct key_data
*key
)
2098 krb5_free_keyblock(context
, key
->key
);
2100 memset(key
->schedule
->data
, 0, key
->schedule
->length
);
2101 krb5_free_data(context
, key
->schedule
);
2106 free_key_usage(krb5_context context
, struct key_usage
*ku
)
2108 free_key_data(context
, &ku
->key
);
2112 krb5_crypto_destroy(krb5_context context
,
2117 for(i
= 0; i
< crypto
->num_key_usage
; i
++)
2118 free_key_usage(context
, &crypto
->key_usage
[i
]);
2119 free(crypto
->key_usage
);
2120 free_key_data(context
, &crypto
->key
);
2126 krb5_string_to_key_derived(krb5_context context
,
2132 struct encryption_type
*et
= _find_enctype(etype
);
2133 krb5_error_code ret
;
2137 return KRB5_PROG_ETYPE_NOSUPP
;
2139 kd
.key
->keytype
= etype
;
2140 krb5_data_alloc(&kd
.key
->keyvalue
, et
->keytype
->size
);
2141 _krb5_n_fold(str
, len
, kd
.key
->keyvalue
.data
, kd
.key
->keyvalue
.length
);
2142 ret
= derive_key(context
,
2145 "kerberos", /* XXX well known constant */
2146 strlen("kerberos"));
2147 ret
= krb5_copy_keyblock_contents(context
, kd
.key
, key
);
2148 free_key_data(context
, &kd
);
2153 * Return the size of an encrypted packet of length `data_len'
2157 krb5_get_wrapped_length (krb5_context context
,
2161 struct encryption_type
*et
= crypto
->et
;
2162 size_t blocksize
= et
->blocksize
;
2165 res
= et
->confoundersize
+ et
->cksumtype
->checksumsize
+ data_len
;
2166 res
= (res
+ blocksize
- 1) / blocksize
* blocksize
;
2172 static krb5_error_code
2173 krb5_get_keyid(krb5_context context
,
2178 unsigned char tmp
[16];
2180 md5_update(&md5
, key
->keyvalue
.data
, key
->keyvalue
.length
);
2181 md5_finito(&md5
, tmp
);
2182 *keyid
= (tmp
[12] << 24) | (tmp
[13] << 16) | (tmp
[14] << 8) | tmp
[15];
2187 krb5_crypto_debug(krb5_context context
,
2194 krb5_get_keyid(context
, key
, &keyid
);
2195 krb5_enctype_to_string(context
, key
->keytype
, &kt
);
2196 krb5_warnx(context
, "%s %lu bytes with key-id %#x (%s)",
2197 encrypt
? "encrypting" : "decrypting",
2204 #endif /* CRYPTO_DEBUG */