Add AES string-to-key function

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15226 dc483132-0cff-0310-8789-dd5450dbe970
author: Ken Raeburn <raeburn@mit.edu> 2003-03-05 02:40:23 +0000
committer: Ken Raeburn <raeburn@mit.edu> 2003-03-05 02:40:23 +0000
commit: bd7a71a8ec0ac0bc4438a9a55009e081e2cdca45 (patch)
tree: 3db0e1410ec156a824644775917cdca1941cd0da
parent: 4ed6d69c2168c3e3e1833f89834bfa87919c5489 (diff)
download: krb5-bd7a71a8ec0ac0bc4438a9a55009e081e2cdca45.zip
krb5-bd7a71a8ec0ac0bc4438a9a55009e081e2cdca45.tar.gz
krb5-bd7a71a8ec0ac0bc4438a9a55009e081e2cdca45.tar.bz2
4 files changed, 84 insertions, 9 deletions
diff --git a/src/lib/crypto/aes/ChangeLog b/src/lib/crypto/aes/ChangeLog
index b01c82c..443aabd 100644
--- a/src/lib/crypto/aes/ChangeLog
+++ b/src/lib/crypto/aes/ChangeLog
@@ -1,3 +1,11 @@
+2003-03-04  Ken Raeburn  <raeburn@mit.edu>
+
+	* aes_s2k.c, aes_s2k.h: New files.
+	* Makefile.in (STLIBOBJS, OBJS, SRCS): Build aes_s2k.
+	(LOCALINCLUDES): Add dk directory.
+	(GEN_OBJS): New variable.
+	(aes-gen): Use GEN_OBJS.
+
 2003-02-28  Ezra Peisach  <epeisach@bu.edu>
 
 	* Makefile.in (clean): Cleanup testing objects and outputs
diff --git a/src/lib/crypto/aes/Makefile.in b/src/lib/crypto/aes/Makefile.in
index 18f405d..d14f0f9 100644
--- a/src/lib/crypto/aes/Makefile.in
+++ b/src/lib/crypto/aes/Makefile.in
@@ -2,7 +2,7 @@ thisconfigdir=./..
 myfulldir=lib/crypto/aes
 mydir=aes
 BUILDTOP=$(REL)..$(S)..$(S)..
-LOCALINCLUDES = -I$(srcdir)/..
+LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../dk
 
 ##DOS##BUILDTOP = ..\..\..
 ##DOS##PREFIXDIR=aes
@@ -17,20 +17,25 @@ RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf
 STLIBOBJS=\
 	aescrypt.o	\
 	aestab.o	\
-	aeskey.o
-#	aess2k.o
+	aeskey.o	\
+	aes_s2k.o
 
 OBJS=\
 	$(OUTPRE)aescrypt.$(OBJEXT)	\
 	$(OUTPRE)aestab.$(OBJEXT)	\
-	$(OUTPRE)aeskey.$(OBJEXT)
-#	$(OUTPRE)aess2k.$(OBJEXT)
+	$(OUTPRE)aeskey.$(OBJEXT)	\
+	$(OUTPRE)aes_s2k.$(OBJEXT)
 
 SRCS=\
 	$(srcdir)/aescrypt.c	\
 	$(srcdir)/aestab.c	\
-	$(srcdir)/aeskey.c
-#	$(srcdir)/aess2k.c
+	$(srcdir)/aeskey.c	\
+	$(srcdir)/aes_s2k.c
+
+GEN_OBJS=\
+	$(OUTPRE)aescrypt.$(OBJEXT)	\
+	$(OUTPRE)aestab.$(OBJEXT)	\
+	$(OUTPRE)aeskey.$(OBJEXT)
 
 ##DOS##LIBOBJS = $(OBJS)
 
@@ -40,8 +45,8 @@ includes:: depend
 
 depend:: $(SRCS)
 
-aes-gen: aes-gen.o $(OBJS)
-	$(CC) -o aes-gen aes-gen.o $(OBJS)
+aes-gen: aes-gen.o $(GEN_OBJS)
+	$(CC) -o aes-gen aes-gen.o $(GEN_OBJS)
 
 run-aes-gen: aes-gen
 	./aes-gen > kresults.out
@@ -76,4 +81,9 @@ aestab.so aestab.po $(OUTPRE)aestab.$(OBJEXT): aestab.c aesopt.h aes.h \
   uitypes.h
 aeskey.so aeskey.po $(OUTPRE)aeskey.$(OBJEXT): aeskey.c aesopt.h aes.h \
   uitypes.h
+aes_s2k.so aes_s2k.po $(OUTPRE)aes_s2k.$(OBJEXT): aes_s2k.c $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
+  $(BUILDTOP)/include/profile.h aes_s2k.h
 
diff --git a/src/lib/crypto/aes/aes_s2k.c b/src/lib/crypto/aes/aes_s2k.c
new file mode 100644
index 0000000..f3670d7
--- /dev/null
+++ b/src/lib/crypto/aes/aes_s2k.c
@@ -0,0 +1,53 @@
+/* Insert MIT copyright here.  */
+
+#include "k5-int.h"
+#include "dk.h"
+#include "aes_s2k.h"
+
+krb5_error_code
+krb5int_aes_string_to_key(const struct krb5_enc_provider *enc,
+			  const krb5_data *string,
+			  const krb5_data *salt,
+			  const krb5_data *params,
+			  krb5_keyblock *key)
+{
+    unsigned long iter_count;
+    krb5_data out;
+    static const krb5_data usage = { KV5M_DATA, 8, "kerberos" };
+    krb5_error_code err;
+
+    if (params) {
+	unsigned char *p = (unsigned char *) params->data;
+	if (params->length != 4)
+	    return KRB5_ERR_BAD_S2K_PARAMS;
+	iter_count = ((p[0] << 24) | (p[1] << 16) | (p[2] <<  8) | (p[3]));
+	if (iter_count == 0) {
+	    iter_count = (1L << 16) << 16;
+	    if (((iter_count >> 16) >> 16) != 1)
+		return KRB5_ERR_BAD_S2K_PARAMS;
+	}
+    } else
+	iter_count = 0xb000L;
+
+    /*
+     * Dense key space, no parity bits or anything, so take a shortcut
+     * and use the key contents buffer for the generated bytes.
+     */
+    out.data = (char *) key->contents;
+    out.length = key->length;
+    if (out.length != 16 && out.length != 32)
+	return KRB5_CRYPTO_INTERNAL;
+
+    err = krb5int_pbkdf2_hmac_sha1 (&out, iter_count, string, salt);
+    if (err) {
+	memset(out.data, 0, out.length);
+	return err;
+    }
+
+    err = krb5_derive_key (enc, key, key, &usage);
+    if (err) {
+	memset(out.data, 0, out.length);
+	return err;
+    }
+    return 0;
+}
diff --git a/src/lib/crypto/aes/aes_s2k.h b/src/lib/crypto/aes/aes_s2k.h
new file mode 100644
index 0000000..b6804a9
--- /dev/null
+++ b/src/lib/crypto/aes/aes_s2k.h
@@ -0,0 +1,4 @@
+extern krb5_error_code
+krb5int_aes_string_to_key (const struct krb5_enc_provider *,
+			   const krb5_data *, const krb5_data *,
+			   const krb5_data *, krb5_keyblock *key);
author	Ken Raeburn <raeburn@mit.edu>	2003-03-05 02:40:23 +0000
committer	Ken Raeburn <raeburn@mit.edu>	2003-03-05 02:40:23 +0000
commit	bd7a71a8ec0ac0bc4438a9a55009e081e2cdca45 (patch)
tree	3db0e1410ec156a824644775917cdca1941cd0da
parent	4ed6d69c2168c3e3e1833f89834bfa87919c5489 (diff)
download	krb5-bd7a71a8ec0ac0bc4438a9a55009e081e2cdca45.zip krb5-bd7a71a8ec0ac0bc4438a9a55009e081e2cdca45.tar.gz krb5-bd7a71a8ec0ac0bc4438a9a55009e081e2cdca45.tar.bz2