diff options
| author | Luke Howard <lukeh@padl.com> | 2010-05-16 08:44:44 +0000 |
|---|---|---|
| committer | Luke Howard <lukeh@padl.com> | 2010-05-16 08:44:44 +0000 |
| commit | 95c7227b1abf3776f5c197156d7bcc0db0424f29 (patch) | |
| tree | 8780bc13153e6a6b22b04dbb15833568c6a6b3d4 | |
| parent | 1ea5d06f9e0afce946fe8a36b1b45ea1fafd09ba (diff) | |
| download | krb5-95c7227b1abf3776f5c197156d7bcc0db0424f29.zip krb5-95c7227b1abf3776f5c197156d7bcc0db0424f29.tar.gz krb5-95c7227b1abf3776f5c197156d7bcc0db0424f29.tar.bz2 | |
Cleanup; assert in CTR mode implementations that there is always an
initialization vector, otherwise their use is unsafe
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/camellia-ccm@24045 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/include/krb5/krb5.hin | 16 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/enc_provider/aes_ctr.c | 15 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/enc_provider/camellia_ctr.c | 15 | ||||
| -rw-r--r-- | src/lib/crypto/krb/checksum/cmac.c | 13 | ||||
| -rw-r--r-- | src/lib/crypto/openssl/enc_provider/aes_ctr.c | 15 | ||||
| -rw-r--r-- | src/lib/crypto/openssl/enc_provider/camellia_ctr.c | 15 |
6 files changed, 32 insertions, 57 deletions
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 85a9a85..9dd5a8b 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -424,11 +424,11 @@ typedef struct _krb5_crypto_iov { #define ENCTYPE_CAMELLIA128_CTS_HMAC_SHA1_96 0x0019 #define ENCTYPE_CAMELLIA256_CTS_HMAC_SHA1_96 0x001a #ifdef AES_CCM -#define ENCTYPE_AES128_CCM_128 -64 -#define ENCTYPE_AES256_CCM_128 -65 +#define ENCTYPE_AES128_CCM_128 -64 /* AES CCM mode with 128-bit key */ +#define ENCTYPE_AES256_CCM_128 -65 /* AES CCM mode with 256-bit key */ #endif -#define ENCTYPE_CAMELLIA128_CCM_128 -66 -#define ENCTYPE_CAMELLIA256_CCM_128 -67 +#define ENCTYPE_CAMELLIA128_CCM_128 -66 /* Camellia CCM mode with 128-bit key */ +#define ENCTYPE_CAMELLIA256_CCM_128 -67 /* Camellia CCM mode with 256-bit key */ #define ENCTYPE_UNKNOWN 0x01ff #define CKSUMTYPE_CRC32 0x0001 @@ -446,11 +446,11 @@ typedef struct _krb5_crypto_iov { #define CKSUMTYPE_HMAC_SHA1_96_CAMELLIA128 -17 #define CKSUMTYPE_HMAC_SHA1_96_CAMELLIA256 -18 #ifdef AES_CCM -#define CKSUMTYPE_CMAC_128_AES128 -64 -#define CKSUMTYPE_CMAC_128_AES256 -65 +#define CKSUMTYPE_CMAC_128_AES128 -64 /* CMAC with 128-bit AES key */ +#define CKSUMTYPE_CMAC_128_AES256 -65 /* CMAC with 256-bit AES key */ #endif -#define CKSUMTYPE_CMAC_128_CAMELLIA128 -66 -#define CKSUMTYPE_CMAC_128_CAMELLIA256 -67 +#define CKSUMTYPE_CMAC_128_CAMELLIA128 -66 /* CMAC with 128-bit Camellia key */ +#define CKSUMTYPE_CMAC_128_CAMELLIA256 -67 /* CMAC with 256-bit Camellia key */ #define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /*Microsoft netlogon cksumtype*/ #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/ diff --git a/src/lib/crypto/builtin/enc_provider/aes_ctr.c b/src/lib/crypto/builtin/enc_provider/aes_ctr.c index 06c6545..e03bfad 100644 --- a/src/lib/crypto/builtin/enc_provider/aes_ctr.c +++ b/src/lib/crypto/builtin/enc_provider/aes_ctr.c @@ -122,15 +122,12 @@ krb5int_aes_encrypt_ctr(krb5_key key, input_pos.ignore_header = output_pos.ignore_header = 1; input_pos.pad_to_boundary = output_pos.pad_to_boundary = 1; - if (ivec != NULL) { - if (ivec->length != BLOCK_SIZE) - return KRB5_BAD_MSIZE; - - memcpy(ctr, ivec->data, BLOCK_SIZE); - } else { - memset(ctr, 0, BLOCK_SIZE); - ctr[0] = DEFAULT_COUNTER_LEN - 1; - } + assert(ivec != NULL); + + if (ivec->length != BLOCK_SIZE) + return KRB5_BAD_MSIZE; + + memcpy(ctr, ivec->data, BLOCK_SIZE); getctrblockno(&blockno, ctr); diff --git a/src/lib/crypto/builtin/enc_provider/camellia_ctr.c b/src/lib/crypto/builtin/enc_provider/camellia_ctr.c index 02603eb..a6d8224 100644 --- a/src/lib/crypto/builtin/enc_provider/camellia_ctr.c +++ b/src/lib/crypto/builtin/enc_provider/camellia_ctr.c @@ -122,15 +122,12 @@ krb5int_camellia_encrypt_ctr(krb5_key key, input_pos.ignore_header = output_pos.ignore_header = 1; input_pos.pad_to_boundary = output_pos.pad_to_boundary = 1; - if (ivec != NULL) { - if (ivec->length != BLOCK_SIZE) - return KRB5_BAD_MSIZE; - - memcpy(ctr, ivec->data, BLOCK_SIZE); - } else { - memset(ctr, 0, BLOCK_SIZE); - ctr[0] = DEFAULT_COUNTER_LEN - 1; - } + assert(ivec != NULL); + + if (ivec->length != BLOCK_SIZE) + return KRB5_BAD_MSIZE; + + memcpy(ctr, ivec->data, BLOCK_SIZE); getctrblockno(&blockno, ctr); diff --git a/src/lib/crypto/krb/checksum/cmac.c b/src/lib/crypto/krb/checksum/cmac.c index fae5f1e..3b5cde5 100644 --- a/src/lib/crypto/krb/checksum/cmac.c +++ b/src/lib/crypto/krb/checksum/cmac.c @@ -52,11 +52,6 @@ static unsigned char const_Rb[BLOCK_SIZE] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 }; -static unsigned char const_Zero[BLOCK_SIZE] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; - static void xor_128(unsigned char *a, unsigned char *b, unsigned char *out) { @@ -103,18 +98,10 @@ generate_subkey(const struct krb5_enc_provider *enc, d = make_data((char *)L, BLOCK_SIZE); - /* - * CBC in terms of CBC-MAC; at the cost of an additional XOR, - * this avoids needing to extend the SPI interface (because we - * need both the CBC-MAC function from the CCM provider and - * the CBC function from the CTS provider). - */ ret = enc->cbc_mac(key, iov, 1, NULL, &d); if (ret != 0) return ret; - xor_128(const_Zero, L, L); - if ((L[0] & 0x80) == 0) { leftshift_onebit(L, K1); } else { diff --git a/src/lib/crypto/openssl/enc_provider/aes_ctr.c b/src/lib/crypto/openssl/enc_provider/aes_ctr.c index 27d6608..c9e8907 100644 --- a/src/lib/crypto/openssl/enc_provider/aes_ctr.c +++ b/src/lib/crypto/openssl/enc_provider/aes_ctr.c @@ -91,15 +91,12 @@ krb5int_aes_encrypt_ctr(krb5_key key, input_pos.ignore_header = output_pos.ignore_header = 1; input_pos.pad_to_boundary = output_pos.pad_to_boundary = 1; - if (ivec != NULL) { - if (ivec->length != AES_BLOCK_SIZE) - return KRB5_BAD_MSIZE; - - memcpy(ctr, ivec->data, AES_BLOCK_SIZE); - } else { - memset(ctr, 0, AES_BLOCK_SIZE); - ctr[0] = DEFAULT_COUNTER_LEN - 1; - } + assert(ivec != NULL); + + if (ivec->length != AES_BLOCK_SIZE) + return KRB5_BAD_MSIZE; + + memcpy(ctr, ivec->data, AES_BLOCK_SIZE); for (blockno = 0; ; blockno++) { unsigned char storage[AES_BLOCK_SIZE], *block; diff --git a/src/lib/crypto/openssl/enc_provider/camellia_ctr.c b/src/lib/crypto/openssl/enc_provider/camellia_ctr.c index 0145ebd..2812c05 100644 --- a/src/lib/crypto/openssl/enc_provider/camellia_ctr.c +++ b/src/lib/crypto/openssl/enc_provider/camellia_ctr.c @@ -90,15 +90,12 @@ krb5int_camellia_encrypt_ctr(krb5_key key, input_pos.ignore_header = output_pos.ignore_header = 1; input_pos.pad_to_boundary = output_pos.pad_to_boundary = 1; - if (ivec != NULL) { - if (ivec->length != CAMELLIA_BLOCK_SIZE) - return KRB5_BAD_MSIZE; - - memcpy(ctr, ivec->data, CAMELLIA_BLOCK_SIZE); - } else { - memset(ctr, 0, CAMELLIA_BLOCK_SIZE); - ctr[0] = DEFAULT_COUNTER_LEN - 1; - } + assert(ivec != NULL); + + if (ivec->length != CAMELLIA_BLOCK_SIZE) + return KRB5_BAD_MSIZE; + + memcpy(ctr, ivec->data, CAMELLIA_BLOCK_SIZE); for (blockno = 0; ; blockno++) { unsigned char storage[CAMELLIA_BLOCK_SIZE], *block; |