diff options
Diffstat (limited to 'src/lib/crypto/krb/old')
| -rw-r--r-- | src/lib/crypto/krb/old/Makefile.in | 35 | ||||
| -rw-r--r-- | src/lib/crypto/krb/old/deps | 37 | ||||
| -rw-r--r-- | src/lib/crypto/krb/old/des_stringtokey.c | 58 | ||||
| -rw-r--r-- | src/lib/crypto/krb/old/old.h | 52 | ||||
| -rw-r--r-- | src/lib/crypto/krb/old/old_decrypt.c | 143 | ||||
| -rw-r--r-- | src/lib/crypto/krb/old/old_encrypt.c | 110 |
6 files changed, 435 insertions, 0 deletions
diff --git a/src/lib/crypto/krb/old/Makefile.in b/src/lib/crypto/krb/old/Makefile.in new file mode 100644 index 0000000..4370f1f --- /dev/null +++ b/src/lib/crypto/krb/old/Makefile.in @@ -0,0 +1,35 @@ +thisconfigdir=../../../.. +myfulldir=lib/crypto/krb/old +mydir=lib/crypto/krb/old +BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +LOCALINCLUDES = -I$(srcdir)/../../@CRYPTO_IMPL@/des -I$(srcdir) +DEFS= + +##DOS##BUILDTOP = ..\..\.. +##DOS##PREFIXDIR=old +##DOS##OBJFILE=..\$(OUTPRE)old.lst + +PROG_LIBPATH=-L$(TOPLIBD) +PROG_RPATH=$(KRB5_LIBDIR) + +RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf + +STLIBOBJS= old_decrypt.o old_encrypt.o des_stringtokey.o + +OBJS= $(OUTPRE)des_stringtokey.$(OBJEXT) $(OUTPRE)old_decrypt.$(OBJEXT) $(OUTPRE)old_encrypt.$(OBJEXT) + +SRCS= $(srcdir)/des_stringtokey.c $(srcdir)/old_decrypt.c \ + $(srcdir)/old_encrypt.c + +##DOS##LIBOBJS = $(OBJS) + +all-unix:: all-libobjs + +includes:: depend + +depend:: $(SRCS) + +clean-unix:: clean-libobjs + +@libobj_frag@ + diff --git a/src/lib/crypto/krb/old/deps b/src/lib/crypto/krb/old/deps new file mode 100644 index 0000000..e2e71c2 --- /dev/null +++ b/src/lib/crypto/krb/old/deps @@ -0,0 +1,37 @@ +# +# Generated makefile dependencies follow. +# +des_stringtokey.so des_stringtokey.po $(OUTPRE)des_stringtokey.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/autoconf.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../../builtin/des/des_int.h des_stringtokey.c \ + old.h +old_decrypt.so old_decrypt.po $(OUTPRE)old_decrypt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/autoconf.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + old.h old_decrypt.c +old_encrypt.so old_encrypt.po $(OUTPRE)old_encrypt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/autoconf.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + old.h old_encrypt.c diff --git a/src/lib/crypto/krb/old/des_stringtokey.c b/src/lib/crypto/krb/old/des_stringtokey.c new file mode 100644 index 0000000..2bacb4e --- /dev/null +++ b/src/lib/crypto/krb/old/des_stringtokey.c @@ -0,0 +1,58 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "old.h" +#include <des_int.h> + +/* XXX */ +extern krb5_error_code mit_des_string_to_key_int +(krb5_keyblock * keyblock, + const krb5_data * data, + const krb5_data * salt); + +krb5_error_code +krb5int_des_string_to_key(const struct krb5_enc_provider *enc, + const krb5_data *string, + const krb5_data *salt, const krb5_data *parm, + krb5_keyblock *key) +{ + int type; + if (parm ) { + if (parm->length != 1) + return KRB5_ERR_BAD_S2K_PARAMS; + type = parm->data[0]; + } + else type = 0; + switch(type) { + case 0: + return(mit_des_string_to_key_int(key, string, salt)); + case 1: + return mit_afs_string_to_key(key, string, salt); + default: + return KRB5_ERR_BAD_S2K_PARAMS; + } +} diff --git a/src/lib/crypto/krb/old/old.h b/src/lib/crypto/krb/old/old.h new file mode 100644 index 0000000..94ee642 --- /dev/null +++ b/src/lib/crypto/krb/old/old.h @@ -0,0 +1,52 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" + +void krb5_old_encrypt_length +(const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + size_t input, size_t *length); + +krb5_error_code krb5_old_encrypt +(const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_data *ivec, const krb5_data *input, + krb5_data *output); + +krb5_error_code krb5_old_decrypt +(const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_data *ivec, const krb5_data *input, + krb5_data *arg_output); + +krb5_error_code krb5int_des_string_to_key +(const struct krb5_enc_provider *enc, + const krb5_data *string, const krb5_data *salt, + const krb5_data *params, + krb5_keyblock *key); diff --git a/src/lib/crypto/krb/old/old_decrypt.c b/src/lib/crypto/krb/old/old_decrypt.c new file mode 100644 index 0000000..cfbbd72 --- /dev/null +++ b/src/lib/crypto/krb/old/old_decrypt.c @@ -0,0 +1,143 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "old.h" + +krb5_error_code +krb5_old_decrypt(const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_data *ivec, + const krb5_data *input, + krb5_data *arg_output) +{ + krb5_error_code ret; + size_t blocksize, hashsize, plainsize; + unsigned char *cksumdata, *cn; + krb5_data output, cksum, crcivec; + int alloced; + + blocksize = enc->block_size; + hashsize = hash->hashsize; + + plainsize = input->length - blocksize - hashsize; + + if (arg_output->length < plainsize) + return(KRB5_BAD_MSIZE); + + /* if there's enough space to work in the app buffer, use it, + otherwise allocate our own */ + + if ((cksumdata = (unsigned char *) malloc(hashsize)) == NULL) + return(ENOMEM); + + if (arg_output->length < input->length) { + output.length = input->length; + + if ((output.data = (char *) malloc(output.length)) == NULL) { + free(cksumdata); + return(ENOMEM); + } + + alloced = 1; + } else { + output.length = input->length; + + output.data = arg_output->data; + + alloced = 0; + } + + /* decrypt it */ + + /* save last ciphertext block in case we decrypt in place */ + if (ivec != NULL && ivec->length == blocksize) { + cn = malloc(blocksize); + if (cn == NULL) { + ret = ENOMEM; + goto cleanup; + } + memcpy(cn, input->data + input->length - blocksize, blocksize); + } else + cn = NULL; + + /* XXX this is gross, but I don't have much choice */ + if ((key->enctype == ENCTYPE_DES_CBC_CRC) && (ivec == 0)) { + crcivec.length = key->length; + crcivec.data = (char *) key->contents; + ivec = &crcivec; + } + + if ((ret = ((*(enc->decrypt))(key, ivec, input, &output)))) + goto cleanup; + + /* verify the checksum */ + + memcpy(cksumdata, output.data+blocksize, hashsize); + memset(output.data+blocksize, 0, hashsize); + + cksum.length = hashsize; + cksum.data = output.data+blocksize; + + if ((ret = ((*(hash->hash))(1, &output, &cksum)))) + goto cleanup; + + if (memcmp(cksum.data, cksumdata, cksum.length) != 0) { + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + goto cleanup; + } + + /* copy the plaintext around */ + + if (alloced) { + memcpy(arg_output->data, output.data+blocksize+hashsize, + plainsize); + } else { + memmove(arg_output->data, arg_output->data+blocksize+hashsize, + plainsize); + } + arg_output->length = plainsize; + + /* update ivec */ + if (cn != NULL) + memcpy(ivec->data, cn, blocksize); + + ret = 0; + +cleanup: + if (alloced) { + memset(output.data, 0, output.length); + free(output.data); + } + + if (cn != NULL) + free(cn); + memset(cksumdata, 0, hashsize); + free(cksumdata); + return(ret); +} diff --git a/src/lib/crypto/krb/old/old_encrypt.c b/src/lib/crypto/krb/old/old_encrypt.c new file mode 100644 index 0000000..98bd109 --- /dev/null +++ b/src/lib/crypto/krb/old/old_encrypt.c @@ -0,0 +1,110 @@ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "k5-int.h" +#include "old.h" + +void +krb5_old_encrypt_length(const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + size_t inputlen, + size_t *length) +{ + size_t blocksize, hashsize; + + blocksize = enc->block_size; + hashsize = hash->hashsize; + + *length = krb5_roundup(blocksize+hashsize+inputlen, blocksize); +} + +krb5_error_code +krb5_old_encrypt(const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_data *ivec, + const krb5_data *input, + krb5_data *output) +{ + krb5_error_code ret; + size_t blocksize, hashsize, enclen; + krb5_data datain, crcivec; + int real_ivec; + + blocksize = enc->block_size; + hashsize = hash->hashsize; + + krb5_old_encrypt_length(enc, hash, input->length, &enclen); + + if (output->length < enclen) + return(KRB5_BAD_MSIZE); + + output->length = enclen; + + /* fill in confounded, padded, plaintext buffer with zero checksum */ + + memset(output->data, 0, output->length); + + datain.length = blocksize; + datain.data = output->data; + + if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &datain))) + return(ret); + memcpy(output->data+blocksize+hashsize, input->data, input->length); + + /* compute the checksum */ + + datain.length = hashsize; + datain.data = output->data+blocksize; + + if ((ret = ((*(hash->hash))(1, output, &datain)))) + goto cleanup; + + /* encrypt it */ + + /* XXX this is gross, but I don't have much choice */ + if ((key->enctype == ENCTYPE_DES_CBC_CRC) && (ivec == 0)) { + crcivec.length = key->length; + crcivec.data = (char *) key->contents; + ivec = &crcivec; + real_ivec = 0; + } else + real_ivec = 1; + + if ((ret = ((*(enc->encrypt))(key, ivec, output, output)))) + goto cleanup; + + /* update ivec */ + if (real_ivec && ivec != NULL && ivec->length == blocksize) + memcpy(ivec->data, output->data + output->length - blocksize, + blocksize); +cleanup: + if (ret) + memset(output->data, 0, output->length); + + return(ret); +} |