* dk_decrypt.c (krb5_dk_decrypt_maybe_trunc_hmac): New argument IVEC_MODE. If

clear, same old behavior. If set, copy out next to last block for CTS. (krb5_dk_decrypt, krb5int_aes_dk_decrypt): Pass extra argument. * dk_encrypt.c (krb5int_aes_dk_encrypt): For IV, copy out next to last block for CTS. ticket: 2229 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16077 dc483132-0cff-0310-8789-dd5450dbe970
author: Ken Raeburn <raeburn@mit.edu> 2004-02-13 23:38:57 +0000
committer: Ken Raeburn <raeburn@mit.edu> 2004-02-13 23:38:57 +0000
commit: 0f240326537d6d303c288506840189d3b35c4da3 (patch)
tree: 18d2cc5040423c08238569f5346acbdc13941743 /src/lib/crypto/dk
parent: d761253055c2710df9c351b03b03129fc95ed9f5 (diff)
download: krb5-0f240326537d6d303c288506840189d3b35c4da3.zip
krb5-0f240326537d6d303c288506840189d3b35c4da3.tar.gz
krb5-0f240326537d6d303c288506840189d3b35c4da3.tar.bz2
3 files changed, 48 insertions, 11 deletions
diff --git a/src/lib/crypto/dk/ChangeLog b/src/lib/crypto/dk/ChangeLog
index 30107a2..98adf75 100644
--- a/src/lib/crypto/dk/ChangeLog
+++ b/src/lib/crypto/dk/ChangeLog
@@ -1,3 +1,12 @@
+2004-02-13  Ken Raeburn  <raeburn@mit.edu>
+
+	* dk_decrypt.c (krb5_dk_decrypt_maybe_trunc_hmac): New argument
+	IVEC_MODE.  If clear, same old behavior.  If set, copy out next
+	to last block for CTS.
+	(krb5_dk_decrypt, krb5int_aes_dk_decrypt): Pass extra argument.
+	* dk_encrypt.c (krb5int_aes_dk_encrypt): For IV, copy out next to
+	last block for CTS.
+
 2003-07-22  Ken Raeburn  <raeburn@mit.edu>
 
 	* checksum.c (krb5_dk_make_checksum, krb5_marc_dk_make_checksum):
diff --git a/src/lib/crypto/dk/dk_decrypt.c b/src/lib/crypto/dk/dk_decrypt.c
index 0c95d40..823eefa 100644
--- a/src/lib/crypto/dk/dk_decrypt.c
+++ b/src/lib/crypto/dk/dk_decrypt.c
@@ -37,7 +37,8 @@ krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
 				 const krb5_data *ivec,
 				 const krb5_data *input,
 				 krb5_data *output,
-				 size_t hmacsize);
+				 size_t hmacsize,
+				 int ivec_mode);
 
 krb5_error_code
 krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output)
@@ -50,7 +51,7 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output)
      krb5_data *output;
 {
     return krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage,
-					    ivec, input, output, 0);
+					    ivec, input, output, 0, 0);
 }
 
 krb5_error_code
@@ -64,12 +65,12 @@ krb5int_aes_dk_decrypt(enc, hash, key, usage, ivec, input, output)
      krb5_data *output;
 {
     return krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage,
-					    ivec, input, output, 96 / 8);
+					    ivec, input, output, 96 / 8, 1);
 }
 
 static krb5_error_code
 krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage, ivec, input, output,
-				 hmacsize)
+				 hmacsize, ivec_mode)
      const struct krb5_enc_provider *enc;
      const struct krb5_hash_provider *hash;
      const krb5_keyblock *key;
@@ -78,6 +79,7 @@ krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage, ivec, input, output,
      const krb5_data *input;
      krb5_data *output;
      size_t hmacsize;
+     int ivec_mode;
 {
     krb5_error_code ret;
     size_t hashsize, blocksize, keybytes, keylength, enclen, plainlen;
@@ -154,9 +156,15 @@ krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage, ivec, input, output,
     if ((ret = ((*(enc->decrypt))(&ke, ivec, &d1, &d2))) != 0)
 	goto cleanup;
 
-    if (ivec != NULL && ivec->length == blocksize)
-	cn = (unsigned char *) d1.data + d1.length - blocksize;
-    else
+    if (ivec != NULL && ivec->length == blocksize) {
+	if (ivec_mode == 0)
+	    cn = (unsigned char *) d1.data + d1.length - blocksize;
+	else if (ivec_mode == 1) {
+	    int nblocks = (d1.length + blocksize - 1) / blocksize;
+	    cn = d1.data + blocksize * (nblocks - 2);
+	} else
+	    abort();
+    } else
 	cn = NULL;
 
     /* verify the hash */
diff --git a/src/lib/crypto/dk/dk_encrypt.c b/src/lib/crypto/dk/dk_encrypt.c
index 32cc509..cf6b826 100644
--- a/src/lib/crypto/dk/dk_encrypt.c
+++ b/src/lib/crypto/dk/dk_encrypt.c
@@ -313,9 +313,10 @@ krb5int_aes_dk_encrypt(enc, hash, key, usage, ivec, input, output)
     if ((ret = ((*(enc->encrypt))(&ke, ivec, &d1, &d2))))
 	goto cleanup;
 
-    if (ivec != NULL && ivec->length == blocksize)
-	cn = d2.data + d2.length - blocksize;
-    else
+    if (ivec != NULL && ivec->length == blocksize) {
+	int nblocks = (d2.length + blocksize - 1) / blocksize;
+	cn = d2.data + blocksize * (nblocks - 2);
+    } else
 	cn = NULL;
 
     /* hash the plaintext */
@@ -333,8 +334,27 @@ krb5int_aes_dk_encrypt(enc, hash, key, usage, ivec, input, output)
     output->length = enclen;
 
     /* update ivec */
-    if (cn != NULL)
+    if (cn != NULL) {
 	memcpy(ivec->data, cn, blocksize);
+#if 0
+	{
+	    int i;
+	    printf("\n%s: output:", __func__);
+	    for (i = 0; i < output->length; i++) {
+		if (i % 16 == 0)
+		    printf("\n%s: ", __func__);
+		printf(" %02x", i[(unsigned char *)output->data]);
+	    }
+	    printf("\n%s: outputIV:", __func__);
+	    for (i = 0; i < ivec->length; i++) {
+		if (i % 16 == 0)
+		    printf("\n%s: ", __func__);
+		printf(" %02x", i[(unsigned char *)ivec->data]);
+	    }
+	    printf("\n");  fflush(stdout);
+	}
+#endif
+    }
 
     /* ret is set correctly by the prior call */
author	Ken Raeburn <raeburn@mit.edu>	2004-02-13 23:38:57 +0000
committer	Ken Raeburn <raeburn@mit.edu>	2004-02-13 23:38:57 +0000
commit	0f240326537d6d303c288506840189d3b35c4da3 (patch)
tree	18d2cc5040423c08238569f5346acbdc13941743 /src/lib/crypto/dk
parent	d761253055c2710df9c351b03b03129fc95ed9f5 (diff)
download	krb5-0f240326537d6d303c288506840189d3b35c4da3.zip krb5-0f240326537d6d303c288506840189d3b35c4da3.tar.gz krb5-0f240326537d6d303c288506840189d3b35c4da3.tar.bz2