Projects
home:pandora:RobinOS23
krb5
_service:download_src_package:downstream-Remove...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:download_src_package:downstream-Remove-3des-support.patch of Package krb5
From defa8816e26ab9f5a8f0b61e7bebad67175c433e Mon Sep 17 00:00:00 2001 From: Robbie Harwood <rharwood@redhat.com> Date: Tue, 26 Mar 2019 18:51:10 -0400 Subject: [PATCH] [downstream] Remove 3des support Completely remove support for all DES3 enctypes (des3-cbc-raw, des3-hmac-sha1, des3-cbc-sha1-kd). Update all tests and documentation to user other enctypes. Mark the 3DES enctypes UNSUPPORTED and retain their constants. Last-updated: 1.19-beta1 [antorres@redhat.com: remove diffs for: - src/kdamin/testing/proto/kdc.conf.proto - src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp - src/lib/kadm5/unit-test/api.current/get-principal-v2.exp - src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp since they were removed by Remove-TCL-based-libkadm5-API-tests.patch] --- doc/admin/advanced/retiring-des.rst | 11 + doc/admin/conf_files/kdc_conf.rst | 7 +- doc/admin/enctypes.rst | 10 +- doc/admin/troubleshoot.rst | 9 +- doc/appdev/refs/macros/index.rst | 1 - doc/conf.py | 2 +- doc/mitK5features.rst | 2 +- src/Makefile.in | 4 +- src/configure.ac | 1 - src/include/krb5/krb5.hin | 10 +- src/kadmin/testing/proto/kdc.conf.proto | 4 +- src/kdc/kdc_util.c | 4 - src/lib/crypto/Makefile.in | 8 +- src/lib/crypto/builtin/Makefile.in | 6 +- src/lib/crypto/builtin/des/ISSUES | 13 - src/lib/crypto/builtin/des/Makefile.in | 80 ---- src/lib/crypto/builtin/des/d3_aead.c | 133 ------ src/lib/crypto/builtin/des/d3_kysched.c | 51 --- src/lib/crypto/builtin/des/deps | 150 ------- src/lib/crypto/builtin/des/des_int.h | 285 ------------- src/lib/crypto/builtin/des/des_keys.c | 40 -- src/lib/crypto/builtin/des/destest.c | 240 ----------- src/lib/crypto/builtin/des/doc/libdes.doc | 208 --------- src/lib/crypto/builtin/des/f_aead.c | 173 -------- src/lib/crypto/builtin/des/f_cbc.c | 256 ------------ src/lib/crypto/builtin/des/f_cksum.c | 136 ------ src/lib/crypto/builtin/des/f_parity.c | 56 --- src/lib/crypto/builtin/des/f_sched.c | 359 ---------------- src/lib/crypto/builtin/des/f_tables.c | 370 ---------------- src/lib/crypto/builtin/des/f_tables.h | 285 ------------- src/lib/crypto/builtin/des/key_sched.c | 62 --- src/lib/crypto/builtin/des/keytest.data | 171 -------- src/lib/crypto/builtin/des/t_verify.c | 395 ------------------ src/lib/crypto/builtin/des/weak_key.c | 86 ---- .../crypto/builtin/enc_provider/Makefile.in | 6 +- src/lib/crypto/builtin/enc_provider/deps | 13 - src/lib/crypto/builtin/enc_provider/des3.c | 105 ----- src/lib/crypto/crypto_tests/t_cf2.expected | 1 - src/lib/crypto/crypto_tests/t_cf2.in | 5 - src/lib/crypto/crypto_tests/t_cksums.c | 10 - src/lib/crypto/crypto_tests/t_decrypt.c | 57 --- src/lib/crypto/crypto_tests/t_derive.c | 36 -- src/lib/crypto/crypto_tests/t_encrypt.c | 1 - src/lib/crypto/crypto_tests/t_short.c | 1 - src/lib/crypto/crypto_tests/t_str2key.c | 52 --- src/lib/crypto/krb/Makefile.in | 3 - src/lib/crypto/krb/cksumtypes.c | 6 - src/lib/crypto/krb/crypto_int.h | 16 - src/lib/crypto/krb/default_state.c | 10 - src/lib/crypto/krb/enctype_util.c | 3 + src/lib/crypto/krb/etypes.c | 21 - src/lib/crypto/krb/prf_des.c | 47 --- src/lib/crypto/krb/random_to_key.c | 45 -- src/lib/crypto/libk5crypto.exports | 1 - src/lib/crypto/openssl/Makefile.in | 8 +- src/lib/crypto/openssl/des/Makefile.in | 20 - src/lib/crypto/openssl/des/deps | 15 - src/lib/crypto/openssl/des/des_keys.c | 40 -- .../crypto/openssl/enc_provider/Makefile.in | 3 - src/lib/crypto/openssl/enc_provider/deps | 11 - src/lib/crypto/openssl/enc_provider/des3.c | 184 -------- src/lib/gssapi/krb5/accept_sec_context.c | 1 - src/lib/gssapi/krb5/gssapiP_krb5.h | 6 +- src/lib/gssapi/krb5/k5seal.c | 35 +- src/lib/gssapi/krb5/k5sealiov.c | 27 +- src/lib/gssapi/krb5/k5unseal.c | 102 ++--- src/lib/gssapi/krb5/k5unsealiov.c | 38 +- src/lib/gssapi/krb5/util_crypt.c | 11 - .../api.current/chpass-principal-v2.exp | 4 +- .../api.current/get-principal-v2.exp | 4 +- .../api.current/randkey-principal-v2.exp | 4 +- src/lib/krb5/krb/init_ctx.c | 3 - src/lib/krb5/krb/s4u_creds.c | 2 - src/lib/krb5/krb/t_etypes.c | 48 +-- src/lib/krb5/os/t_trace.c | 4 +- src/lib/krb5/os/t_trace.ref | 2 +- src/plugins/preauth/pkinit/pkcs11.h | 6 +- src/plugins/preauth/pkinit/pkinit_clnt.c | 8 - src/plugins/preauth/pkinit/pkinit_crypto.h | 12 - .../preauth/pkinit/pkinit_crypto_openssl.c | 38 -- src/plugins/preauth/pkinit/pkinit_kdf_test.c | 31 -- src/plugins/preauth/spake/t_vectors.c | 25 -- src/tests/dejagnu/config/default.exp | 78 ---- src/tests/dejagnu/krb-standalone/kprop.exp | 2 +- src/tests/gssapi/t_enctypes.py | 33 +- src/tests/gssapi/t_invalid.c | 12 - src/tests/gssapi/t_pcontok.c | 16 +- src/tests/gssapi/t_prf.c | 7 - src/tests/t_authdata.py | 2 +- src/tests/t_etype_info.py | 18 +- src/tests/t_keyrollover.py | 8 +- src/tests/t_mkey.py | 35 -- src/tests/t_salt.py | 5 +- src/util/k5test.py | 7 - .../leash/htmlhelp/html/Encryption_Types.htm | 13 - 95 files changed, 160 insertions(+), 4835 deletions(-) delete mode 100644 src/lib/crypto/builtin/des/ISSUES delete mode 100644 src/lib/crypto/builtin/des/Makefile.in delete mode 100644 src/lib/crypto/builtin/des/d3_aead.c delete mode 100644 src/lib/crypto/builtin/des/d3_kysched.c delete mode 100644 src/lib/crypto/builtin/des/deps delete mode 100644 src/lib/crypto/builtin/des/des_int.h delete mode 100644 src/lib/crypto/builtin/des/des_keys.c delete mode 100644 src/lib/crypto/builtin/des/destest.c delete mode 100644 src/lib/crypto/builtin/des/doc/libdes.doc delete mode 100644 src/lib/crypto/builtin/des/f_aead.c delete mode 100644 src/lib/crypto/builtin/des/f_cbc.c delete mode 100644 src/lib/crypto/builtin/des/f_cksum.c delete mode 100644 src/lib/crypto/builtin/des/f_parity.c delete mode 100644 src/lib/crypto/builtin/des/f_sched.c delete mode 100644 src/lib/crypto/builtin/des/f_tables.c delete mode 100644 src/lib/crypto/builtin/des/f_tables.h delete mode 100644 src/lib/crypto/builtin/des/key_sched.c delete mode 100644 src/lib/crypto/builtin/des/keytest.data delete mode 100644 src/lib/crypto/builtin/des/t_verify.c delete mode 100644 src/lib/crypto/builtin/des/weak_key.c delete mode 100644 src/lib/crypto/builtin/enc_provider/des3.c delete mode 100644 src/lib/crypto/krb/prf_des.c delete mode 100644 src/lib/crypto/openssl/des/Makefile.in delete mode 100644 src/lib/crypto/openssl/des/deps delete mode 100644 src/lib/crypto/openssl/des/des_keys.c delete mode 100644 src/lib/crypto/openssl/enc_provider/des3.c diff --git a/doc/admin/advanced/retiring-des.rst b/doc/admin/advanced/retiring-des.rst index 38f76d3f4..d5e3c30c0 100644 --- a/doc/admin/advanced/retiring-des.rst +++ b/doc/admin/advanced/retiring-des.rst @@ -10,6 +10,13 @@ ability have rendered DES vulnerable to brute force attacks on its 56-bit keyspace. As such, it is now considered insecure and should not be used (:rfc:`6649`). +In 1999, MIT krb5 added support for Triple-DES (3DES) encryption types. +However, due to weakenings of DES and other security concerns, it is now also +considered insecure and should not be used (:rfc:`8429`). AES encryption +types were added to MIT in 2003, meaning that the number of deployments with +3DES as the strongest encryption type is hopefully small. The rotation +procedure described herein works for both DES and 3DES. + History ------- @@ -27,6 +34,10 @@ and removed DES (single-DES) support in release 1.18. As a consequence, a release prior to 1.18 is required to perform these migrations. +3DES (a flagged deprecated encryption type) was also removed downstream by +rharwood@redhat.com starting in 1.18; likewise, a pre-1.18 release is required +to perform these migrations. + Types of keys ------------- diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst index 1dc958d62..3a72aabef 100644 --- a/doc/admin/conf_files/kdc_conf.rst +++ b/doc/admin/conf_files/kdc_conf.rst @@ -848,8 +848,6 @@ Encryption types marked as "weak" and "deprecated" are available for compatibility but not recommended for use. ==================================================== ========================================================= -des3-cbc-raw Triple DES cbc mode raw (weak) -des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd Triple DES cbc mode with HMAC/sha1 (deprecated) aes256-cts-hmac-sha1-96 aes256-cts aes256-sha1 AES-256 CTS mode with 96-bit SHA-1 HMAC aes128-cts-hmac-sha1-96 aes128-cts aes128-sha1 AES-128 CTS mode with 96-bit SHA-1 HMAC aes256-cts-hmac-sha384-192 aes256-sha2 AES-256 CTS mode with 192-bit SHA-384 HMAC @@ -858,7 +856,6 @@ arcfour-hmac rc4-hmac arcfour-hmac-md5 RC4 with HMAC/MD5 (deprecat arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp Exportable RC4 with HMAC/MD5 (weak) camellia256-cts-cmac camellia256-cts Camellia-256 CTS mode with CMAC camellia128-cts-cmac camellia128-cts Camellia-128 CTS mode with CMAC -des3 The triple DES family: des3-cbc-sha1 aes The AES family: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha384-192, and aes128-cts-hmac-sha256-128 rc4 The RC4 family: arcfour-hmac camellia The Camellia family: camellia256-cts-cmac and camellia128-cts-cmac @@ -870,8 +867,8 @@ from the current list by prefixing them with a minus sign ("-"). Types or families can be prefixed with a plus sign ("+") for symmetry; it has the same meaning as just listing the type or family. For example, "``DEFAULT -rc4``" would be the default set of encryption -types with RC4 types removed, and "``des3 DEFAULT``" would be the -default set of encryption types with triple DES types moved to the +types with RC4 types removed, and "``aes128-sha2 DEFAULT``" would be +the default set of encryption types with aes128-sha2 moved to the front. While **aes128-cts** and **aes256-cts** are supported for all Kerberos diff --git a/doc/admin/enctypes.rst b/doc/admin/enctypes.rst index 694922c0d..c4d5499d3 100644 --- a/doc/admin/enctypes.rst +++ b/doc/admin/enctypes.rst @@ -129,7 +129,7 @@ enctype weak? krb5 Windows des-cbc-crc weak <1.18 >=2000 des-cbc-md4 weak <1.18 ? des-cbc-md5 weak <1.18 >=2000 -des3-cbc-sha1 deprecated >=1.1 none +des3-cbc-sha1 deprecated <1.18 none arcfour-hmac deprecated >=1.3 >=2000 arcfour-hmac-exp weak >=1.3 >=2000 aes128-cts-hmac-sha1-96 >=1.3 >=Vista @@ -148,9 +148,11 @@ default. krb5 releases 1.17 and later flag deprecated encryption types (including ``des3-cbc-sha1`` and ``arcfour-hmac``) in KDC logs and kadmin output. krb5 release 1.19 issues a warning during initial -authentication if ``des3-cbc-sha1`` is used. Future releases will -disable ``des3-cbc-sha1`` by default and eventually remove support for -it. +authentication if ``des3-cbc-sha1`` is used. + +krb5 releases 1.18 and later remove single-DES and 3DES +(downstream-only patch) enctype support. Microsoft Windows never +supported 3DES. Migrating away from older encryption types diff --git a/doc/admin/troubleshoot.rst b/doc/admin/troubleshoot.rst index ade5e1f87..e4dc54f7e 100644 --- a/doc/admin/troubleshoot.rst +++ b/doc/admin/troubleshoot.rst @@ -73,11 +73,10 @@ credential verification failed: KDC has no support for encryption type ...................................................................... This most commonly happens when trying to use a principal with only -DES keys, in a release (MIT krb5 1.7 or later) which disables DES by -default. DES encryption is considered weak due to its inadequate key -size. If you cannot migrate away from its use, you can re-enable DES -by adding ``allow_weak_crypto = true`` to the :ref:`libdefaults` -section of :ref:`krb5.conf(5)`. +DES/3DES keys, in a release (MIT krb5 1.7 or later) which disables DES +by default. DES encryption is considered weak due to its inadequate +key size and has been removed upstream; 3DES is not recommended, and +has been removed downstream by rharwood@redhat.com. .. _err_cert_chain_cert_expired: diff --git a/doc/appdev/refs/macros/index.rst b/doc/appdev/refs/macros/index.rst index 5542d9850..0cb2e81bd 100644 --- a/doc/appdev/refs/macros/index.rst +++ b/doc/appdev/refs/macros/index.rst @@ -36,7 +36,6 @@ Public CKSUMTYPE_HMAC_SHA1_96_AES256.rst CKSUMTYPE_HMAC_SHA256_128_AES128.rst CKSUMTYPE_HMAC_SHA384_192_AES256.rst - CKSUMTYPE_HMAC_SHA1_DES3.rst CKSUMTYPE_MD5_HMAC_ARCFOUR.rst CKSUMTYPE_NIST_SHA.rst CKSUMTYPE_RSA_MD4.rst diff --git a/doc/conf.py b/doc/conf.py index 14158ae81..a876fd633 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -278,7 +278,7 @@ else: rst_epilog += ''' .. |krb5conf| replace:: ``/etc/krb5.conf`` .. |defkeysalts| replace:: ``aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal`` -.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac`` +.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac`` .. |defmkey| replace:: ``aes256-cts-hmac-sha1-96`` .. |copy| unicode:: U+000A9 ''' diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst index 4954bb3aa..92ce2a772 100644 --- a/doc/mitK5features.rst +++ b/doc/mitK5features.rst @@ -37,7 +37,7 @@ Database backends: LDAP, DB2, LMDB krb4 support: Kerberos 5 release < 1.8 -DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`) +DES/3DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`) Interoperability ---------------- diff --git a/src/Makefile.in b/src/Makefile.in index 7d2507ef8..c16715ac7 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -130,7 +130,7 @@ WINMAKEFILES=Makefile \ lib\Makefile lib\crypto\Makefile lib\crypto\krb\Makefile \ lib\crypto\builtin\Makefile lib\crypto\builtin\aes\Makefile \ lib\crypto\builtin\enc_provider\Makefile \ - lib\crypto\builtin\des\Makefile lib\crypto\builtin\md5\Makefile \ + lib\crypto\builtin\md5\Makefile \ lib\crypto\builtin\camellia\Makefile lib\crypto\builtin\md4\Makefile \ lib\crypto\builtin\hash_provider\Makefile \ lib\crypto\builtin\sha2\Makefile lib\crypto\builtin\sha1\Makefile \ @@ -202,8 +202,6 @@ WINMAKEFILES=Makefile \ ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\builtin\enc_provider\Makefile: lib\crypto\builtin\enc_provider\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ -##DOS##lib\crypto\builtin\des\Makefile: lib\crypto\builtin\des\Makefile.in $(MKFDEP) -##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\builtin\md5\Makefile: lib\crypto\builtin\md5\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\builtin\camellia\Makefile: lib\crypto\builtin\camellia\Makefile.in $(MKFDEP) diff --git a/src/configure.ac b/src/configure.ac index dd2cad3ee..3e1052db7 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -1480,7 +1480,6 @@ V5_AC_OUTPUT_MAKEFILE(. lib/crypto lib/crypto/krb lib/crypto/$CRYPTO_IMPL lib/crypto/$CRYPTO_IMPL/enc_provider lib/crypto/$CRYPTO_IMPL/hash_provider - lib/crypto/$CRYPTO_IMPL/des lib/crypto/$CRYPTO_IMPL/md4 lib/crypto/$CRYPTO_IMPL/md5 lib/crypto/$CRYPTO_IMPL/sha1 lib/crypto/$CRYPTO_IMPL/sha2 lib/crypto/$CRYPTO_IMPL/aes lib/crypto/$CRYPTO_IMPL/camellia diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index db80063eb..63e67a2ba 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -426,8 +426,8 @@ typedef struct _krb5_crypto_iov { #define ENCTYPE_DES_CBC_MD4 0x0002 /**< @deprecated no longer supported */ #define ENCTYPE_DES_CBC_MD5 0x0003 /**< @deprecated no longer supported */ #define ENCTYPE_DES_CBC_RAW 0x0004 /**< @deprecated no longer supported */ -#define ENCTYPE_DES3_CBC_SHA 0x0005 /**< @deprecated DES-3 cbc with SHA1 */ -#define ENCTYPE_DES3_CBC_RAW 0x0006 /**< @deprecated DES-3 cbc mode raw */ +#define ENCTYPE_DES3_CBC_SHA 0x0005 /**< @deprecated no longer supported */ +#define ENCTYPE_DES3_CBC_RAW 0x0006 /**< @deprecated no longer supported */ #define ENCTYPE_DES_HMAC_SHA1 0x0008 /**< @deprecated no longer supported */ /* PKINIT */ #define ENCTYPE_DSA_SHA1_CMS 0x0009 /**< DSA with SHA1, CMS signature */ @@ -436,9 +436,9 @@ typedef struct _krb5_crypto_iov { #define ENCTYPE_RC2_CBC_ENV 0x000c /**< RC2 cbc mode, CMS enveloped data */ #define ENCTYPE_RSA_ENV 0x000d /**< RSA encryption, CMS enveloped data */ #define ENCTYPE_RSA_ES_OAEP_ENV 0x000e /**< RSA w/OEAP encryption, CMS enveloped data */ -#define ENCTYPE_DES3_CBC_ENV 0x000f /**< DES-3 cbc mode, CMS enveloped data */ +#define ENCTYPE_DES3_CBC_ENV 0x000f /**< @deprecated no longer supported */ -#define ENCTYPE_DES3_CBC_SHA1 0x0010 +#define ENCTYPE_DES3_CBC_SHA1 0x0010 /**< @deprecated removed */ #define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 /**< RFC 3962 */ #define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 /**< RFC 3962 */ #define ENCTYPE_AES128_CTS_HMAC_SHA256_128 0x0013 /**< RFC 8009 */ @@ -458,7 +458,7 @@ typedef struct _krb5_crypto_iov { #define CKSUMTYPE_RSA_MD5 0x0007 #define CKSUMTYPE_RSA_MD5_DES 0x0008 #define CKSUMTYPE_NIST_SHA 0x0009 -#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c +#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c /* @deprecated removed */ #define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f /**< RFC 3962. Used with ENCTYPE_AES128_CTS_HMAC_SHA1_96 */ #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 /**< RFC 3962. Used with diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 60f30c4f4..c65375aef 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -1017,8 +1017,6 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen) name = "rsaEncryption-EnvOID"; else if (ktype == ENCTYPE_RSA_ES_OAEP_ENV) name = "id-RSAES-OAEP-EnvOID"; - else if (ktype == ENCTYPE_DES3_CBC_ENV) - name = "des-ede3-cbc-EnvOID"; else return krb5_enctype_to_name(ktype, FALSE, buf, buflen); @@ -1605,8 +1603,6 @@ krb5_boolean enctype_requires_etype_info_2(krb5_enctype enctype) { switch(enctype) { - case ENCTYPE_DES3_CBC_SHA1: - case ENCTYPE_DES3_CBC_RAW: case ENCTYPE_ARCFOUR_HMAC: case ENCTYPE_ARCFOUR_HMAC_EXP : return 0; diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in index c3fcfd7e8..890d54adf 100644 --- a/src/lib/crypto/Makefile.in +++ b/src/lib/crypto/Makefile.in @@ -13,7 +13,7 @@ STOBJLISTS=$(CRYPTO_IMPL)/enc_provider/OBJS.ST \ $(CRYPTO_IMPL)/hash_provider/OBJS.ST \ $(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \ $(CRYPTO_IMPL)/sha1/OBJS.ST $(CRYPTO_IMPL)/sha2/OBJS.ST \ - $(CRYPTO_IMPL)/aes/OBJS.ST $(CRYPTO_IMPL)/des/OBJS.ST \ + $(CRYPTO_IMPL)/aes/OBJS.ST \ $(CRYPTO_IMPL)/camellia/OBJS.ST krb/OBJS.ST \ $(CRYPTO_IMPL)/OBJS.ST @@ -21,7 +21,7 @@ SUBDIROBJLISTS=$(CRYPTO_IMPL)/enc_provider/OBJS.ST \ $(CRYPTO_IMPL)/hash_provider/OBJS.ST \ $(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \ $(CRYPTO_IMPL)/sha1/OBJS.ST $(CRYPTO_IMPL)/sha2/OBJS.ST \ - $(CRYPTO_IMPL)/aes/OBJS.ST $(CRYPTO_IMPL)/des/OBJS.ST \ + $(CRYPTO_IMPL)/aes/OBJS.ST \ $(CRYPTO_IMPL)/camellia/OBJS.ST krb/OBJS.ST \ $(CRYPTO_IMPL)/OBJS.ST @@ -34,8 +34,8 @@ SHLIB_EXPDEPLIBS= $(SUPPORT_DEPLIB) SHLIB_LDFLAGS= $(LDFLAGS) @SHLIB_RPATH_DIRS@ ##DOS##LIBNAME=$(OUTPRE)crypto.lib -##DOS##OBJFILEDEP=$(OUTPRE)krb.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)des.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst -##DOS##OBJFILELIST=@$(OUTPRE)krb.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)des.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst +##DOS##OBJFILEDEP=$(OUTPRE)krb.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst +##DOS##OBJFILELIST=@$(OUTPRE)krb.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst all-unix: all-liblinks install-unix: install-libs diff --git a/src/lib/crypto/builtin/Makefile.in b/src/lib/crypto/builtin/Makefile.in index baf5d974f..82adf1dec 100644 --- a/src/lib/crypto/builtin/Makefile.in +++ b/src/lib/crypto/builtin/Makefile.in @@ -1,6 +1,6 @@ mydir=lib$(S)crypto$(S)builtin BUILDTOP=$(REL)..$(S)..$(S).. -SUBDIRS=camellia des aes md4 md5 sha1 sha2 enc_provider hash_provider +SUBDIRS=camellia aes md4 md5 sha1 sha2 enc_provider hash_provider LOCALINCLUDES = -I$(srcdir)/../krb -I$(srcdir) ##DOS##BUILDTOP = ..\..\.. @@ -22,7 +22,7 @@ SRCS=\ $(srcdir)/init.c \ $(srcdir)/pbkdf2.c -STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ +STOBJLISTS= md4/OBJS.ST \ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ enc_provider/OBJS.ST \ hash_provider/OBJS.ST \ @@ -30,7 +30,7 @@ STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ camellia/OBJS.ST \ OBJS.ST -SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \ +SUBDIROBJLISTS= md4/OBJS.ST \ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ enc_provider/OBJS.ST \ hash_provider/OBJS.ST \ diff --git a/src/lib/crypto/builtin/des/ISSUES b/src/lib/crypto/builtin/des/ISSUES deleted file mode 100644 index 157891103..000000000 --- a/src/lib/crypto/builtin/des/ISSUES +++ /dev/null @@ -1,13 +0,0 @@ -Issues to be addressed for src/lib/crypto/des: -*- text -*- - - -"const" could be used in more places - - -Array types are used in calling interfaces. Under ANSI C, a value of -type "arraytype *" cannot be assigned to a variable of type "const -arraytype *", so we get compilation warnings. - -Possible fix: Rewrite internal interfaces to not use arrays this way. -Provide external routines compatible with old API, but not using -const? diff --git a/src/lib/crypto/builtin/des/Makefile.in b/src/lib/crypto/builtin/des/Makefile.in deleted file mode 100644 index 54b329d0f..000000000 --- a/src/lib/crypto/builtin/des/Makefile.in +++ /dev/null @@ -1,80 +0,0 @@ -mydir=lib$(S)crypto$(S)builtin$(S)des -BUILDTOP=$(REL)..$(S)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../krb - -##DOS##BUILDTOP = ..\..\..\.. -##DOS##PREFIXDIR = builtin\des -##DOS##OBJFILE = ..\..\$(OUTPRE)des.lst - -STLIBOBJS=\ - d3_aead.o \ - d3_kysched.o \ - des_keys.o \ - f_aead.o \ - f_cksum.o \ - f_parity.o \ - f_sched.o \ - f_tables.o \ - key_sched.o \ - weak_key.o - -OBJS= $(OUTPRE)d3_aead.$(OBJEXT) \ - $(OUTPRE)d3_kysched.$(OBJEXT) \ - $(OUTPRE)des_keys.$(OBJEXT) \ - $(OUTPRE)f_aead.$(OBJEXT) \ - $(OUTPRE)f_cksum.$(OBJEXT) \ - $(OUTPRE)f_parity.$(OBJEXT) \ - $(OUTPRE)f_sched.$(OBJEXT) \ - $(OUTPRE)f_tables.$(OBJEXT) \ - $(OUTPRE)key_sched.$(OBJEXT) \ - $(OUTPRE)weak_key.$(OBJEXT) - -SRCS= $(srcdir)/d3_aead.c \ - $(srcdir)/d3_kysched.c \ - $(srcdir)/des_keys.c \ - $(srcdir)/f_aead.c \ - $(srcdir)/f_cksum.c \ - $(srcdir)/f_parity.c \ - $(srcdir)/f_sched.c \ - $(srcdir)/f_tables.c \ - $(srcdir)/key_sched.c \ - $(srcdir)/weak_key.c - -EXTRADEPSRCS = $(srcdir)/destest.c $(srcdir)/f_cbc.c $(srcdir)/t_verify.c - -##DOS##LIBOBJS = $(OBJS) - -TOBJS = $(OUTPRE)key_sched.$(OBJEXT) $(OUTPRE)f_sched.$(OBJEXT) \ - $(OUTPRE)f_cbc.$(OBJEXT) $(OUTPRE)f_tables.$(OBJEXT) \ - $(OUTPRE)f_cksum.$(OBJEXT) - -verify$(EXEEXT): t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \ - $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB) - $(CC_LINK) -o $@ t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \ - $(COM_ERR_LIB) $(SUPPORT_LIB) - -destest$(EXEEXT): destest.$(OBJEXT) $(TOBJS) $(SUPPORT_DEPLIB) - $(CC_LINK) -o $@ destest.$(OBJEXT) $(TOBJS) $(SUPPORT_LIB) - -all-unix: all-libobjs - -check-unix: verify destest - $(RUN_TEST) ./verify -z - $(RUN_TEST) ./verify -m - $(RUN_TEST) ./verify - $(RUN_TEST) ./destest < $(srcdir)/keytest.data - -includes: depend - -depend: $(SRCS) - -check-windows: - -clean: - $(RM) destest.$(OBJEXT) destest$(EXEEXT) verify$(EXEEXT) \ - t_verify.$(OBJEXT) $(TOBJS) - -clean-unix:: clean-libobjs - -@libobj_frag@ - diff --git a/src/lib/crypto/builtin/des/d3_aead.c b/src/lib/crypto/builtin/des/d3_aead.c deleted file mode 100644 index bddf75a47..000000000 --- a/src/lib/crypto/builtin/des/d3_aead.c +++ /dev/null @@ -1,133 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright (C) 2008 by the Massachusetts Institute of Technology. - * Copyright 1995 by Richard P. Basch. All Rights Reserved. - * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. Richard P. Basch, - * Lehman Brothers and M.I.T. make no representations about the suitability - * of this software for any purpose. It is provided "as is" without - * express or implied warranty. - */ - -#include "crypto_int.h" -#include "des_int.h" -#include "f_tables.h" - -void -krb5int_des3_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, - const mit_des_key_schedule ks1, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - mit_des_cblock ivec) -{ - unsigned DES_INT32 left, right; - const unsigned DES_INT32 *kp1, *kp2, *kp3; - const unsigned char *ip; - struct iov_cursor cursor; - unsigned char block[MIT_DES_BLOCK_LENGTH]; - - /* Get key pointers here. These won't need to be reinitialized. */ - kp1 = (const unsigned DES_INT32 *)ks1; - kp2 = (const unsigned DES_INT32 *)ks2; - kp3 = (const unsigned DES_INT32 *)ks3; - - /* Initialize left and right with the contents of the initial vector. */ - ip = (ivec != NULL) ? ivec : mit_des_zeroblock; - left = load_32_be(ip); - right = load_32_be(ip + 4); - - k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); - while (k5_iov_cursor_get(&cursor, block)) { - /* xor this block with the previous ciphertext. */ - left ^= load_32_be(block); - right ^= load_32_be(block + 4); - - /* Encrypt what we have and store it back into block. */ - DES_DO_ENCRYPT(left, right, kp1); - DES_DO_DECRYPT(left, right, kp2); - DES_DO_ENCRYPT(left, right, kp3); - store_32_be(left, block); - store_32_be(right, block + 4); - - k5_iov_cursor_put(&cursor, block); - } - - if (ivec != NULL) { - store_32_be(left, ivec); - store_32_be(right, ivec + 4); - } -} - -void -krb5int_des3_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, - const mit_des_key_schedule ks1, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - mit_des_cblock ivec) -{ - unsigned DES_INT32 left, right; - const unsigned DES_INT32 *kp1, *kp2, *kp3; - const unsigned char *ip; - unsigned DES_INT32 ocipherl, ocipherr; - unsigned DES_INT32 cipherl, cipherr; - struct iov_cursor cursor; - unsigned char block[MIT_DES_BLOCK_LENGTH]; - - /* Get key pointers here. These won't need to be reinitialized. */ - kp1 = (const unsigned DES_INT32 *)ks1; - kp2 = (const unsigned DES_INT32 *)ks2; - kp3 = (const unsigned DES_INT32 *)ks3; - - /* - * Decrypting is harder than encrypting because of - * the necessity of remembering a lot more things. - * Should think about this a little more... - */ - - /* Prime the old cipher with ivec.*/ - ip = (ivec != NULL) ? ivec : mit_des_zeroblock; - ocipherl = load_32_be(ip); - ocipherr = load_32_be(ip + 4); - - k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); - while (k5_iov_cursor_get(&cursor, block)) { - /* Split this block into left and right. */ - cipherl = left = load_32_be(block); - cipherr = right = load_32_be(block + 4); - - /* Decrypt and xor with the old cipher to get plain text. */ - DES_DO_DECRYPT(left, right, kp3); - DES_DO_ENCRYPT(left, right, kp2); - DES_DO_DECRYPT(left, right, kp1); - left ^= ocipherl; - right ^= ocipherr; - - /* Store the encrypted halves back into block. */ - store_32_be(left, block); - store_32_be(right, block + 4); - - /* Save current cipher block halves. */ - ocipherl = cipherl; - ocipherr = cipherr; - - k5_iov_cursor_put(&cursor, block); - } - - if (ivec != NULL) { - store_32_be(ocipherl, ivec); - store_32_be(ocipherr, ivec + 4); - } -} diff --git a/src/lib/crypto/builtin/des/d3_kysched.c b/src/lib/crypto/builtin/des/d3_kysched.c deleted file mode 100644 index ebd1050b1..000000000 --- a/src/lib/crypto/builtin/des/d3_kysched.c +++ /dev/null @@ -1,51 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright 1995 by Richard P. Basch. All Rights Reserved. - * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. Richard P. Basch, - * Lehman Brothers and M.I.T. make no representations about the suitability - * of this software for any purpose. It is provided "as is" without - * express or implied warranty. - */ - -#include "k5-int.h" -#include "des_int.h" - -int -mit_des3_key_sched(mit_des3_cblock k, mit_des3_key_schedule schedule) -{ - mit_des_make_key_sched(k[0],schedule[0]); - mit_des_make_key_sched(k[1],schedule[1]); - mit_des_make_key_sched(k[2],schedule[2]); - - if (!mit_des_check_key_parity(k[0])) /* bad parity --> return -1 */ - return(-1); - if (mit_des_is_weak_key(k[0])) - return(-2); - - if (!mit_des_check_key_parity(k[1])) - return(-1); - if (mit_des_is_weak_key(k[1])) - return(-2); - - if (!mit_des_check_key_parity(k[2])) - return(-1); - if (mit_des_is_weak_key(k[2])) - return(-2); - - /* if key was good, return 0 */ - return 0; -} diff --git a/src/lib/crypto/builtin/des/deps b/src/lib/crypto/builtin/des/deps deleted file mode 100644 index a1db1f36e..000000000 --- a/src/lib/crypto/builtin/des/deps +++ /dev/null @@ -1,150 +0,0 @@ -# -# Generated makefile dependencies follow. -# -d3_aead.so d3_aead.po $(OUTPRE)d3_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ - $(srcdir)/../aes/aes.h $(srcdir)/../aes/brg_types.h \ - $(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - d3_aead.c des_int.h f_tables.h -d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - d3_kysched.c des_int.h -des_keys.so des_keys.po $(OUTPRE)des_keys.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../aes/aes.h \ - $(srcdir)/../aes/brg_types.h $(srcdir)/../crypto_mod.h \ - $(srcdir)/../sha2/sha2.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des_int.h des_keys.c -f_aead.so f_aead.po $(OUTPRE)f_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ - $(srcdir)/../aes/aes.h $(srcdir)/../aes/brg_types.h \ - $(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - des_int.h f_aead.c f_tables.h -f_cksum.so f_cksum.po $(OUTPRE)f_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des_int.h f_cksum.c \ - f_tables.h -f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - des_int.h f_parity.c -f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des_int.h f_sched.c -f_tables.so f_tables.po $(OUTPRE)f_tables.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - des_int.h f_tables.c f_tables.h -key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - des_int.h key_sched.c -weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - des_int.h weak_key.c -destest.so destest.po $(OUTPRE)destest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des_int.h destest.c -f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des_int.h f_cbc.c \ - f_tables.h -t_verify.so t_verify.po $(OUTPRE)t_verify.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - des_int.h t_verify.c diff --git a/src/lib/crypto/builtin/des/des_int.h b/src/lib/crypto/builtin/des/des_int.h deleted file mode 100644 index f8dc6b296..000000000 --- a/src/lib/crypto/builtin/des/des_int.h +++ /dev/null @@ -1,285 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/builtin/des/des_int.h */ -/* - * Copyright 1987, 1988, 1990, 2002 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -/* Private include file for the Data Encryption Standard library. */ - -/* only do the whole thing once */ -#ifndef DES_INTERNAL_DEFS -#define DES_INTERNAL_DEFS - -#include "k5-int.h" -/* - * Begin "mit-des.h" - */ -#ifndef KRB5_MIT_DES__ -#define KRB5_MIT_DES__ - -#if defined(__MACH__) && defined(__APPLE__) -#include <TargetConditionals.h> -#include <AvailabilityMacros.h> -#if TARGET_RT_MAC_CFM -#error "Use KfM 4.0 SDK headers for CFM compilation." -#endif -#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS) -#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5 -#endif -#endif /* defined(__MACH__) && defined(__APPLE__) */ - -/* Macro to add deprecated attribute to DES types and functions */ -/* Currently only defined on macOS 10.5 and later. */ -#ifndef KRB5INT_DES_DEPRECATED -#define KRB5INT_DES_DEPRECATED -#endif - -#include <limits.h> - -#if UINT_MAX >= 0xFFFFFFFFUL -#define DES_INT32 int -#define DES_UINT32 unsigned int -#else -#define DES_INT32 long -#define DES_UINT32 unsigned long -#endif - -typedef unsigned char des_cblock[8] /* crypto-block size */ -KRB5INT_DES_DEPRECATED; - -/* - * Key schedule. - * - * This used to be - * - * typedef struct des_ks_struct { - * union { DES_INT32 pad; des_cblock _;} __; - * } des_key_schedule[16]; - * - * but it would cause trouble if DES_INT32 were ever more than 4 - * bytes. The reason is that all the encryption functions cast it to - * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If - * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the - * caller-allocated des_key_schedule will be overflowed by the key - * scheduling functions. We can't assume that every platform will - * have an exact 32-bit int, and nothing should be looking inside a - * des_key_schedule anyway. - */ -typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] -KRB5INT_DES_DEPRECATED; - -typedef des_cblock mit_des_cblock; -typedef des_key_schedule mit_des_key_schedule; - -/* Triple-DES structures */ -typedef mit_des_cblock mit_des3_cblock[3]; -typedef mit_des_key_schedule mit_des3_key_schedule[3]; - -#define MIT_DES_ENCRYPT 1 -#define MIT_DES_DECRYPT 0 - -typedef struct mit_des_ran_key_seed { - krb5_encrypt_block eblock; - krb5_data sequence; -} mit_des_random_state; - -/* the first byte of the key is already in the keyblock */ - -#define MIT_DES_BLOCK_LENGTH (8*sizeof(krb5_octet)) -/* This used to be 8*sizeof(krb5_octet) */ -#define MIT_DES_KEYSIZE 8 - -#define MIT_DES_CBC_CKSUM_LENGTH (4*sizeof(krb5_octet)) - -#endif /* KRB5_MIT_DES__ */ -/* - * End "mit-des.h" - */ - -/* afsstring2key.c */ -krb5_error_code mit_afs_string_to_key(krb5_keyblock *keyblock, - const krb5_data *data, - const krb5_data *salt); -char *mit_afs_crypt(const char *pw, const char *salt, char *iobuf); - -/* f_cksum.c */ -unsigned long mit_des_cbc_cksum(const krb5_octet *, krb5_octet *, - unsigned long, const mit_des_key_schedule, - const krb5_octet *); - -/* f_cbc.c (used by test programs) */ -int -mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, - unsigned long length, const mit_des_key_schedule schedule, - const mit_des_cblock ivec, int enc); - -#define mit_des_zeroblock krb5int_c_mit_des_zeroblock -extern const mit_des_cblock mit_des_zeroblock; - -/* fin_rndkey.c */ -krb5_error_code mit_des_finish_random_key(const krb5_encrypt_block *, - krb5_pointer *); - -/* finish_key.c */ -krb5_error_code mit_des_finish_key(krb5_encrypt_block *); - -/* init_rkey.c */ -krb5_error_code mit_des_init_random_key(const krb5_encrypt_block *, - const krb5_keyblock *, - krb5_pointer *); - -/* key_parity.c */ -void mit_des_fixup_key_parity(mit_des_cblock); -int mit_des_check_key_parity(mit_des_cblock); - -/* key_sched.c */ -int mit_des_key_sched(mit_des_cblock, mit_des_key_schedule); - -/* process_ky.c */ -krb5_error_code mit_des_process_key(krb5_encrypt_block *, - const krb5_keyblock *); - -/* random_key.c */ -krb5_error_code mit_des_random_key(const krb5_encrypt_block *, - krb5_pointer, krb5_keyblock **); - -/* string2key.c */ -krb5_error_code mit_des_string_to_key(const krb5_encrypt_block *, - krb5_keyblock *, const krb5_data *, - const krb5_data *); -krb5_error_code mit_des_string_to_key_int(krb5_keyblock *, const krb5_data *, - const krb5_data *); - -/* weak_key.c */ -int mit_des_is_weak_key(mit_des_cblock); - -/* cmb_keys.c */ -krb5_error_code mit_des_combine_subkeys(const krb5_keyblock *, - const krb5_keyblock *, - krb5_keyblock **); - -/* f_pcbc.c */ -int mit_des_pcbc_encrypt(); - -/* f_sched.c */ -int mit_des_make_key_sched(mit_des_cblock, mit_des_key_schedule); - - -/* misc.c */ -extern void swap_bits(char *); -extern unsigned long long_swap_bits(unsigned long); -extern unsigned long swap_six_bits_to_ansi(unsigned long); -extern unsigned long swap_four_bits_to_ansi(unsigned long); -extern unsigned long swap_bit_pos_1(unsigned long); -extern unsigned long swap_bit_pos_0(unsigned long); -extern unsigned long swap_bit_pos_0_to_ansi(unsigned long); -extern unsigned long rev_swap_bit_pos_0(unsigned long); -extern unsigned long swap_byte_bits(unsigned long); -extern unsigned long swap_long_bytes_bit_number(unsigned long); -#ifdef FILE -/* XXX depends on FILE being a #define! */ -extern void test_set(FILE *, const char *, int, const char *, int); -#endif - -void -krb5int_des3_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, - const mit_des_key_schedule ks1, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - mit_des_cblock ivec); - -void -krb5int_des3_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, - const mit_des_key_schedule ks1, - const mit_des_key_schedule ks2, - const mit_des_key_schedule ks3, - mit_des_cblock ivec); - -void -krb5int_des_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, - const mit_des_key_schedule schedule, - mit_des_cblock ivec); - -void -krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, - const mit_des_key_schedule schedule, - mit_des_cblock ivec); - -void -krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data, - const mit_des_key_schedule schedule, mit_des_cblock ivec, - mit_des_cblock out); - -/* d3_procky.c */ -krb5_error_code mit_des3_process_key(krb5_encrypt_block *eblock, - const krb5_keyblock *keyblock); - -/* d3_kysched.c */ -int mit_des3_key_sched(mit_des3_cblock key, mit_des3_key_schedule schedule); - -/* d3_str2ky.c */ -krb5_error_code mit_des3_string_to_key(const krb5_encrypt_block *eblock, - krb5_keyblock *keyblock, - const krb5_data *data, - const krb5_data *salt); - -/* u_nfold.c */ -krb5_error_code mit_des_n_fold(const krb5_octet *input, const size_t in_len, - krb5_octet *output, const size_t out_len); - -/* u_rn_key.c */ -int mit_des_is_weak_keyblock(krb5_keyblock *keyblock); - -void mit_des_fixup_keyblock_parity(krb5_keyblock *keyblock); - -krb5_error_code mit_des_set_random_generator_seed(const krb5_data *seed, - krb5_pointer random_state); - -krb5_error_code mit_des_set_random_sequence_number(const krb5_data *sequence, - krb5_pointer random_state); -#endif /*DES_INTERNAL_DEFS*/ diff --git a/src/lib/crypto/builtin/des/des_keys.c b/src/lib/crypto/builtin/des/des_keys.c deleted file mode 100644 index 32b119aad..000000000 --- a/src/lib/crypto/builtin/des/des_keys.c +++ /dev/null @@ -1,40 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/builtin/des/des_keys.c - Key functions used by Kerberos code */ -/* - * Copyright (C) 2011 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "crypto_int.h" -#include "des_int.h" - -void -k5_des_fixup_key_parity(unsigned char *keybits) -{ - mit_des_fixup_key_parity(keybits); -} - -krb5_boolean -k5_des_is_weak_key(unsigned char *keybits) -{ - return mit_des_is_weak_key(keybits); -} diff --git a/src/lib/crypto/builtin/des/destest.c b/src/lib/crypto/builtin/des/destest.c deleted file mode 100644 index 52114304e..000000000 --- a/src/lib/crypto/builtin/des/destest.c +++ /dev/null @@ -1,240 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/builtin/des/destest.c */ -/* - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -/* Test a DES implementation against known inputs & outputs. */ - -#include "des_int.h" -#include <ctype.h> -#include <stdio.h> - -void convert (char *, unsigned char []); - -void des_cblock_print_file (mit_des_cblock, FILE *); - -krb5_octet zeroblock[8] = {0,0,0,0,0,0,0,0}; - -int -main(argc, argv) - int argc; - char *argv[]; -{ - char block1[17], block2[17], block3[17]; - /* Force tests of unaligned accesses. */ - union { unsigned char c[8*4+3]; long l; } u; - unsigned char *ioblocks = u.c; - unsigned char *input = ioblocks+1; - unsigned char *output = ioblocks+10; - unsigned char *output2 = ioblocks+19; - unsigned char *key = ioblocks+27; - mit_des_key_schedule sched; - int num = 0; - int retval; - - int error = 0; - - while (scanf("%16s %16s %16s", block1, block2, block3) == 3) { - convert(block1, key); - convert(block2, input); - convert(block3, output); - - retval = mit_des_key_sched(key, sched); - if (retval) { - fprintf(stderr, "des test: can't process key: %d\n", retval); - fprintf(stderr, "des test: %s %s %s\n", block1, block2, block3); - exit(1); - } - mit_des_cbc_encrypt((const mit_des_cblock *) input, - (mit_des_cblock *) output2, 8, - sched, zeroblock, 1); - - if (memcmp((char *)output2, (char *)output, 8)) { - fprintf(stderr, - "DES ENCRYPT ERROR, key %s, text %s, real cipher %s, computed cyphertext %02X%02X%02X%02X%02X%02X%02X%02X\n", - block1, block2, block3, - output2[0],output2[1],output2[2],output2[3], - output2[4],output2[5],output2[6],output2[7]); - error++; - } - - /* - * Now try decrypting.... - */ - mit_des_cbc_encrypt((const mit_des_cblock *) output, - (mit_des_cblock *) output2, 8, - sched, zeroblock, 0); - - if (memcmp((char *)output2, (char *)input, 8)) { - fprintf(stderr, - "DES DECRYPT ERROR, key %s, text %s, real cipher %s, computed cleartext %02X%02X%02X%02X%02X%02X%02X%02X\n", - block1, block2, block3, - output2[0],output2[1],output2[2],output2[3], - output2[4],output2[5],output2[6],output2[7]); - error++; - } - - num++; - } - - if (error) - printf("destest: failed to pass the test\n"); - else - printf("destest: %d tests passed successfully\n", num); - - exit( (error > 256 && error % 256) ? 1 : error); -} - -int value[128] = { - -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, - 0, 1, 2, 3, 4, 5, 6, 7, - 8, 9, -1, -1, -1, -1, -1, -1, - -1, 10, 11, 12, 13, 14, 15, -1, - -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -}; - -void -convert(text, cblock) - char *text; - unsigned char cblock[]; -{ - int i; - for (i = 0; i < 8; i++) { - if (!isascii((unsigned char)text[i * 2])) - abort (); - if (value[(int) text[i*2]] == -1 || value[(int) text[i*2+1]] == -1) { - printf("Bad value byte %d in %s\n", i, text); - exit(1); - } - cblock[i] = 16*value[(int) text[i*2]] + value[(int) text[i*2+1]]; - } - return; -} - -/* - * Fake out the DES library, for the purposes of testing. - */ - -int -mit_des_is_weak_key(key) - mit_des_cblock key; -{ - return 0; /* fake it out for testing */ -} - -void -des_cblock_print_file(x, fp) - mit_des_cblock x; - FILE *fp; -{ - unsigned char *y = (unsigned char *) x; - int i = 0; - fprintf(fp," 0x { "); - - while (i++ < 8) { - fprintf(fp,"%x",*y++); - if (i < 8) - fprintf(fp,", "); - } - fprintf(fp," }"); -} - - -#define smask(step) ((1<<step)-1) -#define pstep(x,step) (((x)&smask(step))^(((x)>>step)&smask(step))) -#define parity_char(x) pstep(pstep(pstep((x),4),2),1) - -/* - * des_check_key_parity: returns true iff key has the correct des parity. - * See des_fix_key_parity for the definition of - * correct des parity. - */ -int -mit_des_check_key_parity(key) - mit_des_cblock key; -{ - unsigned int i; - - for (i=0; i<sizeof(mit_des_cblock); i++) { - if ((key[i] & 1) == parity_char(0xfe&key[i])) { - printf("warning: bad parity key:"); - des_cblock_print_file(key, stdout); - putchar('\n'); - - return 1; - } - } - - return(1); -} - -void -mit_des_fixup_key_parity(key) - mit_des_cblock key; -{ - unsigned int i; - for (i=0; i<sizeof(mit_des_cblock); i++) - { - key[i] &= 0xfe; - key[i] |= 1^parity_char(key[i]); - } - - return; -} diff --git a/src/lib/crypto/builtin/des/doc/libdes.doc b/src/lib/crypto/builtin/des/doc/libdes.doc deleted file mode 100644 index 6e9431ed2..000000000 --- a/src/lib/crypto/builtin/des/doc/libdes.doc +++ /dev/null @@ -1,208 +0,0 @@ - - How to use the Kerberos encryption library. - - Revised 10/15/85 spm - -1) The following include file is needed: - - /projects/auth/include/des.h (VAX) - --------------- (PC8086) - -2) The encryption library that should be linked to is: - - /projects/auth/lib/libdes.a (VAX) -| /projects/auth/ibm/lib/libdes.a (PC8086 cross-compilation environment) - -3) For each key that may be simultaneously active, - allocate (either compile or malloc) a "Key_schedule" struct, - defined in "des.h" - -4) Create key schedules, as needed, prior to using the encryption - routines, via "des_set_key()". - -5) Setup the input and output areas. Make sure to note the restrictions - on lengths being multiples of eight bytes. - -6) Invoke the encryption/decryption routines, "ecb_encrypt()" - or "cbc_encrypt()" - -7) To generate a cryptographic checksum, use "cbc_cksum()" -/* ---------------------------------------------------------------- */ - - Routine Interfaces-- - -/* ----------------------------------------------------------------- */ - -int - des_set_key(k,schedule) - C_Block *k; - Key_schedule schedule; - - Calculates a key schedule from (all) eight bytes of the input key, and - puts it into the indicated "Key_schedule" struct; - - Make sure to pass valid eight bytes, no padding or other processing - it done. - - The key schedule is then used in subsequent encryption/decryption - operations. Many key schedules may be created and cached for later - use. - - The user is responsible to clear keys and schedules no longer needed - to prevent their disclosure. - -| Checks the parity of the key provided, to make sure it is odd per -| FIPS spec. Returns 0 value for key ok, 1 for key_parity error. - -/* ---------------------------------------------------------------- */ - -int - ecb_encrypt(input,output,schedule,encrypt) - C_Block *input; /* ptr to eight byte input value */ - C_Block *output; /* ptr to eight byte output value */ - int encrypt; /* 0 ==> decrypt, else encrypt */ - Key_schedule schedule; /* addr of key schedule */ - -This is the low level routine that encrypts or decrypts a single 8-byte -block in electronic code book mode. Always transforms the input -data into the output data. - -If encrypt is non-zero, the input (cleartext) is encrypted into the -output (ciphertext) using the specified key_schedule, pre-set via "des_set_key". - -If encrypt is zero, the input (now ciphertext) is decrypted into -the output (now cleartext). - -Input and output may be the same space. - -Does not return any meaningful value. Void is not used for compatibility -with other compilers. - -/* -------------------------------------------------------------- */ - -int - cbc_encrypt(input,output,length,schedule,ivec,encrypt) - - C_Block *input; /* ptr to input data */ - C_Block *output; /* ptr to output data */ - int length; /* desired length, in bytes */ - Key_schedule schedule; /* addr of precomputed schedule */ - C_Block *ivec; /* pointer to 8 byte initialization - * vector - */ - int encrypt /* 0 ==> decrypt; else encrypt*/ - - - If encrypt is non-zero, the routine cipher-block-chain encrypts - the INPUT (cleartext) into the OUTPUT (ciphertext) using the provided - key schedule and initialization vector. If the length is not an integral - multiple of eight bytes, the last block is copied to a temp and zero - filled (highest addresses). The output is ALWAYS an integral multiple - of eight bytes. - - If encrypt is zero, the routine cipher-block chain decrypts the INPUT - (ciphertext) into the OUTPUT (cleartext) using the provided key schedule - and initialization vector. Decryption ALWAYS operates on integral - multiples of 8 bytes, so will round the length provided up to the - appropriate multiple. Consequently, it will always produce the rounded-up - number of bytes of output cleartext. The application must determine if - the output cleartext was zero-padded due to cleartext lengths not integral - multiples of 8. - - No errors or meaningful value are returned. Void is not used for - compatibility with other compilers. - - -/* cbc checksum (MAC) only routine ---------------------------------------- */ -int - cbc_cksum(input,output,length,schedule,ivec) - - C_Block *input; /* >= length bytes of inputtext */ - C_Block *output; /* >= length bytes of outputtext */ - int length; /* in bytes */ - Key_schedule schedule; /* precomputed key schedule */ - C_Block *ivec; /* 8 bytes of ivec */ - - - Produces a cryptographic checksum, 8 bytes, by cipher-block-chain - encrypting the input, discarding the ciphertext output, and only retaining - the last ciphertext 8-byte block. Uses the provided key schedule and ivec. - The input is effectively zero-padded to an integral multiple of - eight bytes, though the original input is not modified. - - No meaningful value is returned. Void is not used for compatibility - with other compilers. - - -/* random_key ----------------------------------------*/ -int - random_key(key) - - C_Block *key; - - The start for the random number generated is set from the current time - in microseconds, then the random number generator is invoked - to create an eight byte output key (not a schedule). The key - generated is set to odd parity per FIPS spec. - - The caller must supply space for the output key, pointed to - by "*key", then after getting a new key, call the des_set_key() - routine when needed. - - No meaningful value is returned. Void is not used for compatibility - with other compilers. - - -/* string_to_key --------------------------------------------*/ - -int - string_to_key(str,key) - char *str; - C_Block *key; - - This routines converts an arbitrary length, null terminated string - to an 8 byte DES key, with each byte parity set to odd, per FIPS spec. - - The algorithm is as follows: - -| Take the first 8 bytes and remove the parity (leaving 56 bits). -| Do the same for the second 8 bytes, and the third, etc. Do this for -| as many sets of 8 bytes as necessary, filling in the remainder of the -| last set with nulls. Fold the second set back on the first (i.e. bit -| 0 over bit 55, and bit 55 over bit 0). Fold the third over the second -| (bit 0 of the third set is now over bit 0 of the first set). Repeat -| until you have done this to all sets. Xor the folded sets. Break the -| result into 8 7 bit bytes, and generate odd parity for each byte. You -| now have 64 bits. Note that DES takes a 64 bit key, and uses only the -| non parity bits. - - -/* read_password -------------------------------------------*/ - -read_password(k,prompt,verify) - C_Block *k; - char *prompt; - int verify; - -This routine issues the supplied prompt, turns off echo, if possible, and -reads an input string. If verify is non-zero, it does it again, for use -in applications such as changing a password. If verify is non-zero, both -versions are compared, and the input is requested repeatedly until they -match. Then, the input string is mapped into a valid DES key, internally -using the string_to_key routine. The newly created key is copied to the -area pointed to by parameter "k". - -No meaningful value is returned. If an error occurs trying to manipulate -the terminal echo, the routine forces the process to exit. - -/* get_line ------------------------*/ -long get_line(p,max) - char *p; - long max; - -Reads input characters from standard input until either a newline appears or -else the max length is reached. The characters read are stuffed into -the string pointed to, which will always be null terminated. The newline -is not inserted in the string. The max parameter includes the byte needed -for the null terminator, so allocate and pass one more than the maximum -string length desired. diff --git a/src/lib/crypto/builtin/des/f_aead.c b/src/lib/crypto/builtin/des/f_aead.c deleted file mode 100644 index 71b8dff4d..000000000 --- a/src/lib/crypto/builtin/des/f_aead.c +++ /dev/null @@ -1,173 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright (C) 2008 by the Massachusetts Institute of Technology. - * Copyright 1995 by Richard P. Basch. All Rights Reserved. - * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. Richard P. Basch, - * Lehman Brothers and M.I.T. make no representations about the suitability - * of this software for any purpose. It is provided "as is" without - * express or implied warranty. - */ - -#include "crypto_int.h" -#include "des_int.h" -#include "f_tables.h" - -const mit_des_cblock mit_des_zeroblock /* = all zero */; - -void -krb5int_des_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, - const mit_des_key_schedule schedule, - mit_des_cblock ivec) -{ - unsigned DES_INT32 left, right; - const unsigned DES_INT32 *kp; - const unsigned char *ip; - struct iov_cursor cursor; - unsigned char block[MIT_DES_BLOCK_LENGTH]; - - /* Get key pointer here. This won't need to be reinitialized. */ - kp = (const unsigned DES_INT32 *)schedule; - - /* Initialize left and right with the contents of the initial vector. */ - ip = (ivec != NULL) ? ivec : mit_des_zeroblock; - left = load_32_be(ip); - right = load_32_be(ip + 4); - - k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); - while (k5_iov_cursor_get(&cursor, block)) { - /* Decompose this block and xor it with the previous ciphertext. */ - left ^= load_32_be(block); - right ^= load_32_be(block + 4); - - /* Encrypt what we have and put back into block. */ - DES_DO_ENCRYPT(left, right, kp); - store_32_be(left, block); - store_32_be(right, block + 4); - - k5_iov_cursor_put(&cursor, block); - } - - if (ivec != NULL) { - store_32_be(left, ivec); - store_32_be(right, ivec + 4); - } -} - -void -krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, - const mit_des_key_schedule schedule, - mit_des_cblock ivec) -{ - unsigned DES_INT32 left, right; - const unsigned DES_INT32 *kp; - const unsigned char *ip; - unsigned DES_INT32 ocipherl, ocipherr; - unsigned DES_INT32 cipherl, cipherr; - struct iov_cursor cursor; - unsigned char block[MIT_DES_BLOCK_LENGTH]; - - /* Get key pointer here. This won't need to be reinitialized. */ - kp = (const unsigned DES_INT32 *)schedule; - - /* - * Decrypting is harder than encrypting because of - * the necessity of remembering a lot more things. - * Should think about this a little more... - */ - - /* Prime the old cipher with ivec. */ - ip = (ivec != NULL) ? ivec : mit_des_zeroblock; - ocipherl = load_32_be(ip); - ocipherr = load_32_be(ip + 4); - - k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); - while (k5_iov_cursor_get(&cursor, block)) { - /* Split this block into left and right. */ - cipherl = left = load_32_be(block); - cipherr = right = load_32_be(block + 4); - - /* Decrypt and xor with the old cipher to get plain text. */ - DES_DO_DECRYPT(left, right, kp); - left ^= ocipherl; - right ^= ocipherr; - - /* Store the encrypted halves back into block. */ - store_32_be(left, block); - store_32_be(right, block + 4); - - /* Save current cipher block halves. */ - ocipherl = cipherl; - ocipherr = cipherr; - - k5_iov_cursor_put(&cursor, block); - } - - if (ivec != NULL) { - store_32_be(ocipherl, ivec); - store_32_be(ocipherr, ivec + 4); - } -} - -void -krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data, - const mit_des_key_schedule schedule, mit_des_cblock ivec, - mit_des_cblock out) -{ - unsigned DES_INT32 left, right; - const unsigned DES_INT32 *kp; - const unsigned char *ip; - struct iov_cursor cursor; - unsigned char block[MIT_DES_BLOCK_LENGTH]; - - /* Get key pointer here. This won't need to be reinitialized. */ - kp = (const unsigned DES_INT32 *)schedule; - - /* Initialize left and right with the contents of the initial vector. */ - ip = (ivec != NULL) ? ivec : mit_des_zeroblock; - left = load_32_be(ip); - right = load_32_be(ip + 4); - - k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, TRUE); - while (k5_iov_cursor_get(&cursor, block)) { - /* Decompose this block and xor it with the previous ciphertext. */ - left ^= load_32_be(block); - right ^= load_32_be(block + 4); - - /* Encrypt what we have. */ - DES_DO_ENCRYPT(left, right, kp); - } - - /* Output the final ciphertext block. */ - store_32_be(left, out); - store_32_be(right, out + 4); -} - -#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO) -void krb5int_des_do_encrypt_2 (unsigned DES_INT32 *left, - unsigned DES_INT32 *right, - const unsigned DES_INT32 *kp) -{ - DES_DO_ENCRYPT_1 (*left, *right, kp); -} - -void krb5int_des_do_decrypt_2 (unsigned DES_INT32 *left, - unsigned DES_INT32 *right, - const unsigned DES_INT32 *kp) -{ - DES_DO_DECRYPT_1 (*left, *right, kp); -} -#endif diff --git a/src/lib/crypto/builtin/des/f_cbc.c b/src/lib/crypto/builtin/des/f_cbc.c deleted file mode 100644 index 84d5382f2..000000000 --- a/src/lib/crypto/builtin/des/f_cbc.c +++ /dev/null @@ -1,256 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/builtin/des/f_cbc.c */ -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* - * CBC functions; used only by the test programs at this time. (krb5 uses the - * functions in f_aead.c instead.) - */ - -/* - * des_cbc_encrypt.c - an implementation of the DES cipher function in cbc mode - */ -#include "des_int.h" -#include "f_tables.h" - -/* - * des_cbc_encrypt - {en,de}crypt a stream in CBC mode - */ - -/* - * This routine performs DES cipher-block-chaining operation, either - * encrypting from cleartext to ciphertext, if encrypt != 0 or - * decrypting from ciphertext to cleartext, if encrypt == 0. - * - * The key schedule is passed as an arg, as well as the cleartext or - * ciphertext. The cleartext and ciphertext should be in host order. - * - * NOTE-- the output is ALWAYS an multiple of 8 bytes long. If not - * enough space was provided, your program will get trashed. - * - * For encryption, the cleartext string is null padded, at the end, to - * an integral multiple of eight bytes. - * - * For decryption, the ciphertext will be used in integral multiples - * of 8 bytes, but only the first "length" bytes returned into the - * cleartext. - */ - -const mit_des_cblock mit_des_zeroblock /* = all zero */; - -static void -des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, - unsigned long length, const mit_des_key_schedule schedule, - const mit_des_cblock ivec) -{ - unsigned DES_INT32 left, right; - const unsigned DES_INT32 *kp; - const unsigned char *ip; - unsigned char *op; - - /* - * Get key pointer here. This won't need to be reinitialized - */ - kp = (const unsigned DES_INT32 *)schedule; - - /* - * Initialize left and right with the contents of the initial - * vector. - */ - ip = ivec; - GET_HALF_BLOCK(left, ip); - GET_HALF_BLOCK(right, ip); - - /* - * Suitably initialized, now work the length down 8 bytes - * at a time. - */ - ip = *in; - op = *out; - while (length > 0) { - /* - * Get more input, xor it in. If the length is - * greater than or equal to 8 this is straight - * forward. Otherwise we have to fart around. - */ - if (length >= 8) { - unsigned DES_INT32 temp; - GET_HALF_BLOCK(temp, ip); - left ^= temp; - GET_HALF_BLOCK(temp, ip); - right ^= temp; - length -= 8; - } else { - /* - * Oh, shoot. We need to pad the - * end with zeroes. Work backwards - * to do this. - */ - ip += (int) length; - switch(length) { - case 7: - right ^= (*(--ip) & FF_UINT32) << 8; - case 6: - right ^= (*(--ip) & FF_UINT32) << 16; - case 5: - right ^= (*(--ip) & FF_UINT32) << 24; - case 4: - left ^= *(--ip) & FF_UINT32; - case 3: - left ^= (*(--ip) & FF_UINT32) << 8; - case 2: - left ^= (*(--ip) & FF_UINT32) << 16; - case 1: - left ^= (*(--ip) & FF_UINT32) << 24; - break; - } - length = 0; - } - - /* - * Encrypt what we have - */ - DES_DO_ENCRYPT(left, right, kp); - - /* - * Copy the results out - */ - PUT_HALF_BLOCK(left, op); - PUT_HALF_BLOCK(right, op); - } -} - -static void -des_cbc_decrypt(const mit_des_cblock *in, mit_des_cblock *out, - unsigned long length, const mit_des_key_schedule schedule, - const mit_des_cblock ivec) -{ - unsigned DES_INT32 left, right; - const unsigned DES_INT32 *kp; - const unsigned char *ip; - unsigned char *op; - unsigned DES_INT32 ocipherl, ocipherr; - unsigned DES_INT32 cipherl, cipherr; - - /* - * Get key pointer here. This won't need to be reinitialized - */ - kp = (const unsigned DES_INT32 *)schedule; - - /* - * Decrypting is harder than encrypting because of - * the necessity of remembering a lot more things. - * Should think about this a little more... - */ - - if (length <= 0) - return; - - /* - * Prime the old cipher with ivec. - */ - ip = ivec; - GET_HALF_BLOCK(ocipherl, ip); - GET_HALF_BLOCK(ocipherr, ip); - - /* - * Now do this in earnest until we run out of length. - */ - ip = *in; - op = *out; - for (;;) { /* check done inside loop */ - /* - * Read a block from the input into left and - * right. Save this cipher block for later. - */ - GET_HALF_BLOCK(left, ip); - GET_HALF_BLOCK(right, ip); - cipherl = left; - cipherr = right; - - /* - * Decrypt this. - */ - DES_DO_DECRYPT(left, right, kp); - - /* - * Xor with the old cipher to get plain - * text. Output 8 or less bytes of this. - */ - left ^= ocipherl; - right ^= ocipherr; - if (length > 8) { - length -= 8; - PUT_HALF_BLOCK(left, op); - PUT_HALF_BLOCK(right, op); - /* - * Save current cipher block here - */ - ocipherl = cipherl; - ocipherr = cipherr; - } else { - /* - * Trouble here. Start at end of output, - * work backwards. - */ - op += (int) length; - switch(length) { - case 8: - *(--op) = (unsigned char) (right & 0xff); - case 7: - *(--op) = (unsigned char) ((right >> 8) & 0xff); - case 6: - *(--op) = (unsigned char) ((right >> 16) & 0xff); - case 5: - *(--op) = (unsigned char) ((right >> 24) & 0xff); - case 4: - *(--op) = (unsigned char) (left & 0xff); - case 3: - *(--op) = (unsigned char) ((left >> 8) & 0xff); - case 2: - *(--op) = (unsigned char) ((left >> 16) & 0xff); - case 1: - *(--op) = (unsigned char) ((left >> 24) & 0xff); - break; - } - break; /* we're done */ - } - } -} - -int -mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, - unsigned long length, const mit_des_key_schedule schedule, - const mit_des_cblock ivec, int enc) -{ - /* - * Deal with encryption and decryption separately. - */ - if (enc) - des_cbc_encrypt(in, out, length, schedule, ivec); - else - des_cbc_decrypt(in, out, length, schedule, ivec); - return 0; -} diff --git a/src/lib/crypto/builtin/des/f_cksum.c b/src/lib/crypto/builtin/des/f_cksum.c deleted file mode 100644 index cb482b009..000000000 --- a/src/lib/crypto/builtin/des/f_cksum.c +++ /dev/null @@ -1,136 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/builtin/des/f_cksum.c */ -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* DES implementation donated by Dennis Ferguson */ - -/* - * des_cbc_cksum.c - compute an 8 byte checksum using DES in CBC mode - */ -#include "des_int.h" -#include "f_tables.h" - -/* - * This routine performs DES cipher-block-chaining checksum operation, - * a.k.a. Message Authentication Code. It ALWAYS encrypts from input - * to a single 64 bit output MAC checksum. - * - * The key schedule is passed as an arg, as well as the cleartext or - * ciphertext. The cleartext and ciphertext should be in host order. - * - * NOTE-- the output is ALWAYS 8 bytes long. If not enough space was - * provided, your program will get trashed. - * - * The input is null padded, at the end (highest addr), to an integral - * multiple of eight bytes. - */ - -unsigned long -mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out, - unsigned long length, const mit_des_key_schedule schedule, - const krb5_octet *ivec) -{ - unsigned DES_INT32 left, right; - const unsigned DES_INT32 *kp; - const unsigned char *ip; - unsigned char *op; - DES_INT32 len; - - /* - * Initialize left and right with the contents of the initial - * vector. - */ - ip = ivec; - GET_HALF_BLOCK(left, ip); - GET_HALF_BLOCK(right, ip); - - /* - * Suitably initialized, now work the length down 8 bytes - * at a time. - */ - ip = in; - len = length; - while (len > 0) { - /* - * Get more input, xor it in. If the length is - * greater than or equal to 8 this is straight - * forward. Otherwise we have to fart around. - */ - if (len >= 8) { - unsigned DES_INT32 temp; - GET_HALF_BLOCK(temp, ip); - left ^= temp; - GET_HALF_BLOCK(temp, ip); - right ^= temp; - len -= 8; - } else { - /* - * Oh, shoot. We need to pad the - * end with zeroes. Work backwards - * to do this. - */ - ip += (int) len; - switch(len) { - case 7: - right ^= (*(--ip) & FF_UINT32) << 8; - case 6: - right ^= (*(--ip) & FF_UINT32) << 16; - case 5: - right ^= (*(--ip) & FF_UINT32) << 24; - case 4: - left ^= *(--ip) & FF_UINT32; - case 3: - left ^= (*(--ip) & FF_UINT32) << 8; - case 2: - left ^= (*(--ip) & FF_UINT32) << 16; - case 1: - left ^= (*(--ip) & FF_UINT32) << 24; - break; - } - len = 0; - } - - /* - * Encrypt what we have - */ - kp = (const unsigned DES_INT32 *)schedule; - DES_DO_ENCRYPT(left, right, kp); - } - - /* - * Done. Left and right have the checksum. Put it into - * the output. - */ - op = out; - PUT_HALF_BLOCK(left, op); - PUT_HALF_BLOCK(right, op); - - /* - * Return right. I'll bet the MIT code returns this - * inconsistantly (with the low order byte of the checksum - * not always in the low order byte of the DES_INT32). We won't. - */ - return right & 0xFFFFFFFFUL; -} diff --git a/src/lib/crypto/builtin/des/f_parity.c b/src/lib/crypto/builtin/des/f_parity.c deleted file mode 100644 index 460b5061b..000000000 --- a/src/lib/crypto/builtin/des/f_parity.c +++ /dev/null @@ -1,56 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * These routines check and fix parity of encryption keys for the DES - * algorithm. - * - * They are a replacement for routines in key_parity.c, that don't require - * the table building that they do. - * - * Mark Eichin -- Cygnus Support - */ - - -#include "des_int.h" - -/* - * des_fixup_key_parity: Forces odd parity per byte; parity is bits - * 8,16,...64 in des order, implies 0, 8, 16, ... - * vax order. - */ -#define smask(step) ((1<<step)-1) -#define pstep(x,step) (((x)&smask(step))^(((x)>>step)&smask(step))) -#define parity_char(x) pstep(pstep(pstep((x),4),2),1) - -void -mit_des_fixup_key_parity(mit_des_cblock key) -{ - unsigned int i; - for (i=0; i<sizeof(mit_des_cblock); i++) - { - key[i] &= 0xfe; - key[i] |= 1^parity_char(key[i]); - } - - return; -} - -/* - * des_check_key_parity: returns true iff key has the correct des parity. - * See des_fix_key_parity for the definition of - * correct des parity. - */ -int -mit_des_check_key_parity(mit_des_cblock key) -{ - unsigned int i; - - for (i=0; i<sizeof(mit_des_cblock); i++) - { - if((key[i] & 1) == parity_char(0xfe&key[i])) - { - return 0; - } - } - - return(1); -} diff --git a/src/lib/crypto/builtin/des/f_sched.c b/src/lib/crypto/builtin/des/f_sched.c deleted file mode 100644 index 666a510fb..000000000 --- a/src/lib/crypto/builtin/des/f_sched.c +++ /dev/null @@ -1,359 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/builtin/des/f_sched.c */ -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* DES implementation donated by Dennis Ferguson */ - -/* - * des_make_sched.c - permute a DES key, returning the resulting key schedule - */ -#include "k5-int.h" -#include "des_int.h" - -/* - * Permuted choice 1 tables. These are used to extract bits - * from the left and right parts of the key to form Ci and Di. - * The code that uses these tables knows which bits from which - * part of each key are used to form Ci and Di. - */ -static const unsigned DES_INT32 PC1_CL[8] = { - 0x00000000, 0x00000010, 0x00001000, 0x00001010, - 0x00100000, 0x00100010, 0x00101000, 0x00101010 -}; - -static const unsigned DES_INT32 PC1_DL[16] = { - 0x00000000, 0x00100000, 0x00001000, 0x00101000, - 0x00000010, 0x00100010, 0x00001010, 0x00101010, - 0x00000001, 0x00100001, 0x00001001, 0x00101001, - 0x00000011, 0x00100011, 0x00001011, 0x00101011 -}; - -static const unsigned DES_INT32 PC1_CR[16] = { - 0x00000000, 0x00000001, 0x00000100, 0x00000101, - 0x00010000, 0x00010001, 0x00010100, 0x00010101, - 0x01000000, 0x01000001, 0x01000100, 0x01000101, - 0x01010000, 0x01010001, 0x01010100, 0x01010101 -}; - -static const unsigned DES_INT32 PC1_DR[8] = { - 0x00000000, 0x01000000, 0x00010000, 0x01010000, - 0x00000100, 0x01000100, 0x00010100, 0x01010100 -}; - - -/* - * At the start of some iterations of the key schedule we do - * a circular left shift by one place, while for others we do a shift by - * two places. This has bits set for the iterations where we do 2 bit - * shifts, starting at the low order bit. - */ -#define TWO_BIT_SHIFTS 0x7efc - -/* - * Permuted choice 2 tables. The first actually produces the low order - * 24 bits of the subkey Ki from the 28 bit value of Ci. The second produces - * the high order 24 bits from Di. The tables are indexed by six bit - * segments of Ci and Di respectively. The code is handcrafted to compute - * the appropriate 6 bit chunks. - * - * Note that for ease of computation, the 24 bit values are produced with - * six bits going into each byte. Note also that the table has been byte - * rearranged to produce keys which match the order we will apply them - * in in the des code. - */ -static const unsigned DES_INT32 PC2_C[4][64] = { - { - 0x00000000, 0x00000004, 0x00010000, 0x00010004, - 0x00000400, 0x00000404, 0x00010400, 0x00010404, - 0x00000020, 0x00000024, 0x00010020, 0x00010024, - 0x00000420, 0x00000424, 0x00010420, 0x00010424, - 0x01000000, 0x01000004, 0x01010000, 0x01010004, - 0x01000400, 0x01000404, 0x01010400, 0x01010404, - 0x01000020, 0x01000024, 0x01010020, 0x01010024, - 0x01000420, 0x01000424, 0x01010420, 0x01010424, - 0x00020000, 0x00020004, 0x00030000, 0x00030004, - 0x00020400, 0x00020404, 0x00030400, 0x00030404, - 0x00020020, 0x00020024, 0x00030020, 0x00030024, - 0x00020420, 0x00020424, 0x00030420, 0x00030424, - 0x01020000, 0x01020004, 0x01030000, 0x01030004, - 0x01020400, 0x01020404, 0x01030400, 0x01030404, - 0x01020020, 0x01020024, 0x01030020, 0x01030024, - 0x01020420, 0x01020424, 0x01030420, 0x01030424, - }, - { - 0x00000000, 0x02000000, 0x00000800, 0x02000800, - 0x00080000, 0x02080000, 0x00080800, 0x02080800, - 0x00000001, 0x02000001, 0x00000801, 0x02000801, - 0x00080001, 0x02080001, 0x00080801, 0x02080801, - 0x00000100, 0x02000100, 0x00000900, 0x02000900, - 0x00080100, 0x02080100, 0x00080900, 0x02080900, - 0x00000101, 0x02000101, 0x00000901, 0x02000901, - 0x00080101, 0x02080101, 0x00080901, 0x02080901, - 0x10000000, 0x12000000, 0x10000800, 0x12000800, - 0x10080000, 0x12080000, 0x10080800, 0x12080800, - 0x10000001, 0x12000001, 0x10000801, 0x12000801, - 0x10080001, 0x12080001, 0x10080801, 0x12080801, - 0x10000100, 0x12000100, 0x10000900, 0x12000900, - 0x10080100, 0x12080100, 0x10080900, 0x12080900, - 0x10000101, 0x12000101, 0x10000901, 0x12000901, - 0x10080101, 0x12080101, 0x10080901, 0x12080901, - }, - { - 0x00000000, 0x00040000, 0x00002000, 0x00042000, - 0x00100000, 0x00140000, 0x00102000, 0x00142000, - 0x20000000, 0x20040000, 0x20002000, 0x20042000, - 0x20100000, 0x20140000, 0x20102000, 0x20142000, - 0x00000008, 0x00040008, 0x00002008, 0x00042008, - 0x00100008, 0x00140008, 0x00102008, 0x00142008, - 0x20000008, 0x20040008, 0x20002008, 0x20042008, - 0x20100008, 0x20140008, 0x20102008, 0x20142008, - 0x00200000, 0x00240000, 0x00202000, 0x00242000, - 0x00300000, 0x00340000, 0x00302000, 0x00342000, - 0x20200000, 0x20240000, 0x20202000, 0x20242000, - 0x20300000, 0x20340000, 0x20302000, 0x20342000, - 0x00200008, 0x00240008, 0x00202008, 0x00242008, - 0x00300008, 0x00340008, 0x00302008, 0x00342008, - 0x20200008, 0x20240008, 0x20202008, 0x20242008, - 0x20300008, 0x20340008, 0x20302008, 0x20342008, - }, - { - 0x00000000, 0x00000010, 0x08000000, 0x08000010, - 0x00000200, 0x00000210, 0x08000200, 0x08000210, - 0x00000002, 0x00000012, 0x08000002, 0x08000012, - 0x00000202, 0x00000212, 0x08000202, 0x08000212, - 0x04000000, 0x04000010, 0x0c000000, 0x0c000010, - 0x04000200, 0x04000210, 0x0c000200, 0x0c000210, - 0x04000002, 0x04000012, 0x0c000002, 0x0c000012, - 0x04000202, 0x04000212, 0x0c000202, 0x0c000212, - 0x00001000, 0x00001010, 0x08001000, 0x08001010, - 0x00001200, 0x00001210, 0x08001200, 0x08001210, - 0x00001002, 0x00001012, 0x08001002, 0x08001012, - 0x00001202, 0x00001212, 0x08001202, 0x08001212, - 0x04001000, 0x04001010, 0x0c001000, 0x0c001010, - 0x04001200, 0x04001210, 0x0c001200, 0x0c001210, - 0x04001002, 0x04001012, 0x0c001002, 0x0c001012, - 0x04001202, 0x04001212, 0x0c001202, 0x0c001212 - }, -}; - -static const unsigned DES_INT32 PC2_D[4][64] = { - { - 0x00000000, 0x02000000, 0x00020000, 0x02020000, - 0x00000100, 0x02000100, 0x00020100, 0x02020100, - 0x00000008, 0x02000008, 0x00020008, 0x02020008, - 0x00000108, 0x02000108, 0x00020108, 0x02020108, - 0x00200000, 0x02200000, 0x00220000, 0x02220000, - 0x00200100, 0x02200100, 0x00220100, 0x02220100, - 0x00200008, 0x02200008, 0x00220008, 0x02220008, - 0x00200108, 0x02200108, 0x00220108, 0x02220108, - 0x00000200, 0x02000200, 0x00020200, 0x02020200, - 0x00000300, 0x02000300, 0x00020300, 0x02020300, - 0x00000208, 0x02000208, 0x00020208, 0x02020208, - 0x00000308, 0x02000308, 0x00020308, 0x02020308, - 0x00200200, 0x02200200, 0x00220200, 0x02220200, - 0x00200300, 0x02200300, 0x00220300, 0x02220300, - 0x00200208, 0x02200208, 0x00220208, 0x02220208, - 0x00200308, 0x02200308, 0x00220308, 0x02220308, - }, - { - 0x00000000, 0x00001000, 0x00000020, 0x00001020, - 0x00100000, 0x00101000, 0x00100020, 0x00101020, - 0x08000000, 0x08001000, 0x08000020, 0x08001020, - 0x08100000, 0x08101000, 0x08100020, 0x08101020, - 0x00000004, 0x00001004, 0x00000024, 0x00001024, - 0x00100004, 0x00101004, 0x00100024, 0x00101024, - 0x08000004, 0x08001004, 0x08000024, 0x08001024, - 0x08100004, 0x08101004, 0x08100024, 0x08101024, - 0x00000400, 0x00001400, 0x00000420, 0x00001420, - 0x00100400, 0x00101400, 0x00100420, 0x00101420, - 0x08000400, 0x08001400, 0x08000420, 0x08001420, - 0x08100400, 0x08101400, 0x08100420, 0x08101420, - 0x00000404, 0x00001404, 0x00000424, 0x00001424, - 0x00100404, 0x00101404, 0x00100424, 0x00101424, - 0x08000404, 0x08001404, 0x08000424, 0x08001424, - 0x08100404, 0x08101404, 0x08100424, 0x08101424, - }, - { - 0x00000000, 0x10000000, 0x00010000, 0x10010000, - 0x00000002, 0x10000002, 0x00010002, 0x10010002, - 0x00002000, 0x10002000, 0x00012000, 0x10012000, - 0x00002002, 0x10002002, 0x00012002, 0x10012002, - 0x00040000, 0x10040000, 0x00050000, 0x10050000, - 0x00040002, 0x10040002, 0x00050002, 0x10050002, - 0x00042000, 0x10042000, 0x00052000, 0x10052000, - 0x00042002, 0x10042002, 0x00052002, 0x10052002, - 0x20000000, 0x30000000, 0x20010000, 0x30010000, - 0x20000002, 0x30000002, 0x20010002, 0x30010002, - 0x20002000, 0x30002000, 0x20012000, 0x30012000, - 0x20002002, 0x30002002, 0x20012002, 0x30012002, - 0x20040000, 0x30040000, 0x20050000, 0x30050000, - 0x20040002, 0x30040002, 0x20050002, 0x30050002, - 0x20042000, 0x30042000, 0x20052000, 0x30052000, - 0x20042002, 0x30042002, 0x20052002, 0x30052002, - }, - { - 0x00000000, 0x04000000, 0x00000001, 0x04000001, - 0x01000000, 0x05000000, 0x01000001, 0x05000001, - 0x00000010, 0x04000010, 0x00000011, 0x04000011, - 0x01000010, 0x05000010, 0x01000011, 0x05000011, - 0x00080000, 0x04080000, 0x00080001, 0x04080001, - 0x01080000, 0x05080000, 0x01080001, 0x05080001, - 0x00080010, 0x04080010, 0x00080011, 0x04080011, - 0x01080010, 0x05080010, 0x01080011, 0x05080011, - 0x00000800, 0x04000800, 0x00000801, 0x04000801, - 0x01000800, 0x05000800, 0x01000801, 0x05000801, - 0x00000810, 0x04000810, 0x00000811, 0x04000811, - 0x01000810, 0x05000810, 0x01000811, 0x05000811, - 0x00080800, 0x04080800, 0x00080801, 0x04080801, - 0x01080800, 0x05080800, 0x01080801, 0x05080801, - 0x00080810, 0x04080810, 0x00080811, 0x04080811, - 0x01080810, 0x05080810, 0x01080811, 0x05080811 - }, -}; - - - -/* - * Permute the key to give us our key schedule. - */ -int -mit_des_make_key_sched(mit_des_cblock key, mit_des_key_schedule schedule) -{ - unsigned DES_INT32 c, d; - - { - /* - * Need a pointer for the keys and a temporary DES_INT32 - */ - const unsigned char *k; - unsigned DES_INT32 tmp; - - /* - * Fetch the key into something we can work with - */ - k = key; - - /* - * The first permutted choice gives us the 28 bits for C0 and - * 28 for D0. C0 gets 12 bits from the left key and 16 from - * the right, while D0 gets 16 from the left and 12 from the - * right. The code knows which bits go where. - */ - tmp = load_32_be(k), k += 4; - - c = PC1_CL[(tmp >> 29) & 0x7] - | (PC1_CL[(tmp >> 21) & 0x7] << 1) - | (PC1_CL[(tmp >> 13) & 0x7] << 2) - | (PC1_CL[(tmp >> 5) & 0x7] << 3); - d = PC1_DL[(tmp >> 25) & 0xf] - | (PC1_DL[(tmp >> 17) & 0xf] << 1) - | (PC1_DL[(tmp >> 9) & 0xf] << 2) - | (PC1_DL[(tmp >> 1) & 0xf] << 3); - - tmp = load_32_be(k), k += 4; - - c |= PC1_CR[(tmp >> 28) & 0xf] - | (PC1_CR[(tmp >> 20) & 0xf] << 1) - | (PC1_CR[(tmp >> 12) & 0xf] << 2) - | (PC1_CR[(tmp >> 4) & 0xf] << 3); - d |= PC1_DR[(tmp >> 25) & 0x7] - | (PC1_DR[(tmp >> 17) & 0x7] << 1) - | (PC1_DR[(tmp >> 9) & 0x7] << 2) - | (PC1_DR[(tmp >> 1) & 0x7] << 3); - } - - { - /* - * Need several temporaries in here - */ - unsigned DES_INT32 ltmp, rtmp; - unsigned DES_INT32 *k; - int two_bit_shifts; - int i; - /* - * Now iterate to compute the key schedule. Note that we - * record the entire set of subkeys in 6 bit chunks since - * they are used that way. At 6 bits/char, we need - * 48/6 char's/subkey * 16 subkeys/encryption == 128 bytes. - * The schedule must be this big. - */ - k = (unsigned DES_INT32 *)schedule; - two_bit_shifts = TWO_BIT_SHIFTS; - for (i = 16; i > 0; i--) { - /* - * Do the rotation. One bit and two bit rotations - * are done separately. Note C and D are 28 bits. - */ - if (two_bit_shifts & 0x1) { - c = ((c << 2) & 0xffffffc) | (c >> 26); - d = ((d << 2) & 0xffffffc) | (d >> 26); - } else { - c = ((c << 1) & 0xffffffe) | (c >> 27); - d = ((d << 1) & 0xffffffe) | (d >> 27); - } - two_bit_shifts >>= 1; - - /* - * Apply permutted choice 2 to C to get the first - * 24 bits worth of keys. Note that bits 9, 18, 22 - * and 25 (using DES numbering) in C are unused. The - * shift-mask stuff is done to delete these bits from - * the indices, since this cuts the table size in half. - * - * The table is torqued, by the way. If the standard - * byte order for this (high to low order) is 1234, - * the table actually gives us 4132. - */ - ltmp = PC2_C[0][((c >> 22) & 0x3f)] - | PC2_C[1][((c >> 15) & 0xf) | ((c >> 16) & 0x30)] - | PC2_C[2][((c >> 4) & 0x3) | ((c >> 9) & 0x3c)] - | PC2_C[3][((c ) & 0x7) | ((c >> 4) & 0x38)]; - /* - * Apply permutted choice 2 to D to get the other half. - * Here, bits 7, 10, 15 and 26 go unused. The sqeezing - * actually turns out to be cheaper here. - * - * This table is similarly torqued. If the standard - * byte order is 5678, the table has the bytes permuted - * to give us 7685. - */ - rtmp = PC2_D[0][((d >> 22) & 0x3f)] - | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)] - | PC2_D[2][((d >> 7) & 0x3f)] - | PC2_D[3][((d ) & 0x3) | ((d >> 1) & 0x3c)]; - - /* - * Make up two words of the key schedule, with a - * byte order which is convenient for the DES - * inner loop. The high order (first) word will - * hold bytes 7135 (high to low order) while the - * second holds bytes 4682. - */ - *k++ = (ltmp & 0x00ffff00) | (rtmp & 0xff0000ff); - *k++ = (ltmp & 0xff0000ff) | (rtmp & 0x00ffff00); - } - } - return (0); -} diff --git a/src/lib/crypto/builtin/des/f_tables.c b/src/lib/crypto/builtin/des/f_tables.c deleted file mode 100644 index 6308cb0d5..000000000 --- a/src/lib/crypto/builtin/des/f_tables.c +++ /dev/null @@ -1,370 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/builtin/des/f_tables.c */ -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* DES implementation donated by Dennis Ferguson */ - -/* - * des_tables.c - precomputed tables used for the DES cipher function - */ - -/* - * Include the header file so something will complain if the - * declarations get out of sync - */ -#include "des_int.h" -#include "f_tables.h" - -/* - * These tables may be declared const if you want. Many compilers - * don't support this, though. - */ - -/* - * The DES algorithm which uses these is intended to be fairly speedy - * at the expense of some memory. All the standard hacks are used. - * The S boxes and the P permutation are precomputed into one table. - * The E box never actually appears explicitly since it is easy to apply - * this algorithmically as needed. The initial permutation and final - * (inverse initial) permutation are computed from tables designed to - * permute one byte at a time. This should run pretty fast on machines - * with 32 bit words and bit field/multiple bit shift instructions which - * are fast. - */ - -/* - * The initial permutation array. This is used to compute both the - * left and the right halves of the initial permutation using bytes - * from words made from the following operations: - * - * ((left & 0x55555555) << 1) | (right & 0x55555555) for left half - * (left & 0xaaaaaaaa) | ((right & 0xaaaaaaaa) >> 1) for right half - * - * The scheme is that we index into the table using each byte. The - * result from the high order byte is or'd with the result from the - * next byte shifted left once is or'd with the result from the next - * byte shifted left twice if or'd with the result from the low order - * byte shifted left by three. Clear? - */ - -const unsigned DES_INT32 des_IP_table[256] = { - 0x00000000, 0x00000010, 0x00000001, 0x00000011, - 0x00001000, 0x00001010, 0x00001001, 0x00001011, - 0x00000100, 0x00000110, 0x00000101, 0x00000111, - 0x00001100, 0x00001110, 0x00001101, 0x00001111, - 0x00100000, 0x00100010, 0x00100001, 0x00100011, - 0x00101000, 0x00101010, 0x00101001, 0x00101011, - 0x00100100, 0x00100110, 0x00100101, 0x00100111, - 0x00101100, 0x00101110, 0x00101101, 0x00101111, - 0x00010000, 0x00010010, 0x00010001, 0x00010011, - 0x00011000, 0x00011010, 0x00011001, 0x00011011, - 0x00010100, 0x00010110, 0x00010101, 0x00010111, - 0x00011100, 0x00011110, 0x00011101, 0x00011111, - 0x00110000, 0x00110010, 0x00110001, 0x00110011, - 0x00111000, 0x00111010, 0x00111001, 0x00111011, - 0x00110100, 0x00110110, 0x00110101, 0x00110111, - 0x00111100, 0x00111110, 0x00111101, 0x00111111, - 0x10000000, 0x10000010, 0x10000001, 0x10000011, - 0x10001000, 0x10001010, 0x10001001, 0x10001011, - 0x10000100, 0x10000110, 0x10000101, 0x10000111, - 0x10001100, 0x10001110, 0x10001101, 0x10001111, - 0x10100000, 0x10100010, 0x10100001, 0x10100011, - 0x10101000, 0x10101010, 0x10101001, 0x10101011, - 0x10100100, 0x10100110, 0x10100101, 0x10100111, - 0x10101100, 0x10101110, 0x10101101, 0x10101111, - 0x10010000, 0x10010010, 0x10010001, 0x10010011, - 0x10011000, 0x10011010, 0x10011001, 0x10011011, - 0x10010100, 0x10010110, 0x10010101, 0x10010111, - 0x10011100, 0x10011110, 0x10011101, 0x10011111, - 0x10110000, 0x10110010, 0x10110001, 0x10110011, - 0x10111000, 0x10111010, 0x10111001, 0x10111011, - 0x10110100, 0x10110110, 0x10110101, 0x10110111, - 0x10111100, 0x10111110, 0x10111101, 0x10111111, - 0x01000000, 0x01000010, 0x01000001, 0x01000011, - 0x01001000, 0x01001010, 0x01001001, 0x01001011, - 0x01000100, 0x01000110, 0x01000101, 0x01000111, - 0x01001100, 0x01001110, 0x01001101, 0x01001111, - 0x01100000, 0x01100010, 0x01100001, 0x01100011, - 0x01101000, 0x01101010, 0x01101001, 0x01101011, - 0x01100100, 0x01100110, 0x01100101, 0x01100111, - 0x01101100, 0x01101110, 0x01101101, 0x01101111, - 0x01010000, 0x01010010, 0x01010001, 0x01010011, - 0x01011000, 0x01011010, 0x01011001, 0x01011011, - 0x01010100, 0x01010110, 0x01010101, 0x01010111, - 0x01011100, 0x01011110, 0x01011101, 0x01011111, - 0x01110000, 0x01110010, 0x01110001, 0x01110011, - 0x01111000, 0x01111010, 0x01111001, 0x01111011, - 0x01110100, 0x01110110, 0x01110101, 0x01110111, - 0x01111100, 0x01111110, 0x01111101, 0x01111111, - 0x11000000, 0x11000010, 0x11000001, 0x11000011, - 0x11001000, 0x11001010, 0x11001001, 0x11001011, - 0x11000100, 0x11000110, 0x11000101, 0x11000111, - 0x11001100, 0x11001110, 0x11001101, 0x11001111, - 0x11100000, 0x11100010, 0x11100001, 0x11100011, - 0x11101000, 0x11101010, 0x11101001, 0x11101011, - 0x11100100, 0x11100110, 0x11100101, 0x11100111, - 0x11101100, 0x11101110, 0x11101101, 0x11101111, - 0x11010000, 0x11010010, 0x11010001, 0x11010011, - 0x11011000, 0x11011010, 0x11011001, 0x11011011, - 0x11010100, 0x11010110, 0x11010101, 0x11010111, - 0x11011100, 0x11011110, 0x11011101, 0x11011111, - 0x11110000, 0x11110010, 0x11110001, 0x11110011, - 0x11111000, 0x11111010, 0x11111001, 0x11111011, - 0x11110100, 0x11110110, 0x11110101, 0x11110111, - 0x11111100, 0x11111110, 0x11111101, 0x11111111 -}; - -/* - * The final permutation array. Like the IP array, used - * to compute both the left and right results from the bytes - * of words computed from: - * - * ((left & 0x0f0f0f0f) << 4) | (right & 0x0f0f0f0f) for left result - * (left & 0xf0f0f0f0) | ((right & 0xf0f0f0f0) >> 4) for right result - * - * The result from the high order byte is shifted left 6 bits and - * or'd with the result from the next byte shifted left 4 bits, which - * is or'd with the result from the next byte shifted left 2 bits, - * which is or'd with the result from the low byte. - */ -const unsigned DES_INT32 des_FP_table[256] = { - 0x00000000, 0x02000000, 0x00020000, 0x02020000, - 0x00000200, 0x02000200, 0x00020200, 0x02020200, - 0x00000002, 0x02000002, 0x00020002, 0x02020002, - 0x00000202, 0x02000202, 0x00020202, 0x02020202, - 0x01000000, 0x03000000, 0x01020000, 0x03020000, - 0x01000200, 0x03000200, 0x01020200, 0x03020200, - 0x01000002, 0x03000002, 0x01020002, 0x03020002, - 0x01000202, 0x03000202, 0x01020202, 0x03020202, - 0x00010000, 0x02010000, 0x00030000, 0x02030000, - 0x00010200, 0x02010200, 0x00030200, 0x02030200, - 0x00010002, 0x02010002, 0x00030002, 0x02030002, - 0x00010202, 0x02010202, 0x00030202, 0x02030202, - 0x01010000, 0x03010000, 0x01030000, 0x03030000, - 0x01010200, 0x03010200, 0x01030200, 0x03030200, - 0x01010002, 0x03010002, 0x01030002, 0x03030002, - 0x01010202, 0x03010202, 0x01030202, 0x03030202, - 0x00000100, 0x02000100, 0x00020100, 0x02020100, - 0x00000300, 0x02000300, 0x00020300, 0x02020300, - 0x00000102, 0x02000102, 0x00020102, 0x02020102, - 0x00000302, 0x02000302, 0x00020302, 0x02020302, - 0x01000100, 0x03000100, 0x01020100, 0x03020100, - 0x01000300, 0x03000300, 0x01020300, 0x03020300, - 0x01000102, 0x03000102, 0x01020102, 0x03020102, - 0x01000302, 0x03000302, 0x01020302, 0x03020302, - 0x00010100, 0x02010100, 0x00030100, 0x02030100, - 0x00010300, 0x02010300, 0x00030300, 0x02030300, - 0x00010102, 0x02010102, 0x00030102, 0x02030102, - 0x00010302, 0x02010302, 0x00030302, 0x02030302, - 0x01010100, 0x03010100, 0x01030100, 0x03030100, - 0x01010300, 0x03010300, 0x01030300, 0x03030300, - 0x01010102, 0x03010102, 0x01030102, 0x03030102, - 0x01010302, 0x03010302, 0x01030302, 0x03030302, - 0x00000001, 0x02000001, 0x00020001, 0x02020001, - 0x00000201, 0x02000201, 0x00020201, 0x02020201, - 0x00000003, 0x02000003, 0x00020003, 0x02020003, - 0x00000203, 0x02000203, 0x00020203, 0x02020203, - 0x01000001, 0x03000001, 0x01020001, 0x03020001, - 0x01000201, 0x03000201, 0x01020201, 0x03020201, - 0x01000003, 0x03000003, 0x01020003, 0x03020003, - 0x01000203, 0x03000203, 0x01020203, 0x03020203, - 0x00010001, 0x02010001, 0x00030001, 0x02030001, - 0x00010201, 0x02010201, 0x00030201, 0x02030201, - 0x00010003, 0x02010003, 0x00030003, 0x02030003, - 0x00010203, 0x02010203, 0x00030203, 0x02030203, - 0x01010001, 0x03010001, 0x01030001, 0x03030001, - 0x01010201, 0x03010201, 0x01030201, 0x03030201, - 0x01010003, 0x03010003, 0x01030003, 0x03030003, - 0x01010203, 0x03010203, 0x01030203, 0x03030203, - 0x00000101, 0x02000101, 0x00020101, 0x02020101, - 0x00000301, 0x02000301, 0x00020301, 0x02020301, - 0x00000103, 0x02000103, 0x00020103, 0x02020103, - 0x00000303, 0x02000303, 0x00020303, 0x02020303, - 0x01000101, 0x03000101, 0x01020101, 0x03020101, - 0x01000301, 0x03000301, 0x01020301, 0x03020301, - 0x01000103, 0x03000103, 0x01020103, 0x03020103, - 0x01000303, 0x03000303, 0x01020303, 0x03020303, - 0x00010101, 0x02010101, 0x00030101, 0x02030101, - 0x00010301, 0x02010301, 0x00030301, 0x02030301, - 0x00010103, 0x02010103, 0x00030103, 0x02030103, - 0x00010303, 0x02010303, 0x00030303, 0x02030303, - 0x01010101, 0x03010101, 0x01030101, 0x03030101, - 0x01010301, 0x03010301, 0x01030301, 0x03030301, - 0x01010103, 0x03010103, 0x01030103, 0x03030103, - 0x01010303, 0x03010303, 0x01030303, 0x03030303 -}; - - -/* - * The SP table is actually the S boxes and the P permutation - * table combined. This table is actually reordered from the - * spec, to match the order of key application we follow. - */ -const unsigned DES_INT32 des_SP_table[8][64] = { - { - 0x00100000, 0x02100001, 0x02000401, 0x00000000, /* 7 */ - 0x00000400, 0x02000401, 0x00100401, 0x02100400, - 0x02100401, 0x00100000, 0x00000000, 0x02000001, - 0x00000001, 0x02000000, 0x02100001, 0x00000401, - 0x02000400, 0x00100401, 0x00100001, 0x02000400, - 0x02000001, 0x02100000, 0x02100400, 0x00100001, - 0x02100000, 0x00000400, 0x00000401, 0x02100401, - 0x00100400, 0x00000001, 0x02000000, 0x00100400, - 0x02000000, 0x00100400, 0x00100000, 0x02000401, - 0x02000401, 0x02100001, 0x02100001, 0x00000001, - 0x00100001, 0x02000000, 0x02000400, 0x00100000, - 0x02100400, 0x00000401, 0x00100401, 0x02100400, - 0x00000401, 0x02000001, 0x02100401, 0x02100000, - 0x00100400, 0x00000000, 0x00000001, 0x02100401, - 0x00000000, 0x00100401, 0x02100000, 0x00000400, - 0x02000001, 0x02000400, 0x00000400, 0x00100001, - }, - { - 0x00808200, 0x00000000, 0x00008000, 0x00808202, /* 1 */ - 0x00808002, 0x00008202, 0x00000002, 0x00008000, - 0x00000200, 0x00808200, 0x00808202, 0x00000200, - 0x00800202, 0x00808002, 0x00800000, 0x00000002, - 0x00000202, 0x00800200, 0x00800200, 0x00008200, - 0x00008200, 0x00808000, 0x00808000, 0x00800202, - 0x00008002, 0x00800002, 0x00800002, 0x00008002, - 0x00000000, 0x00000202, 0x00008202, 0x00800000, - 0x00008000, 0x00808202, 0x00000002, 0x00808000, - 0x00808200, 0x00800000, 0x00800000, 0x00000200, - 0x00808002, 0x00008000, 0x00008200, 0x00800002, - 0x00000200, 0x00000002, 0x00800202, 0x00008202, - 0x00808202, 0x00008002, 0x00808000, 0x00800202, - 0x00800002, 0x00000202, 0x00008202, 0x00808200, - 0x00000202, 0x00800200, 0x00800200, 0x00000000, - 0x00008002, 0x00008200, 0x00000000, 0x00808002, - }, - { - 0x00000104, 0x04010100, 0x00000000, 0x04010004, /* 3 */ - 0x04000100, 0x00000000, 0x00010104, 0x04000100, - 0x00010004, 0x04000004, 0x04000004, 0x00010000, - 0x04010104, 0x00010004, 0x04010000, 0x00000104, - 0x04000000, 0x00000004, 0x04010100, 0x00000100, - 0x00010100, 0x04010000, 0x04010004, 0x00010104, - 0x04000104, 0x00010100, 0x00010000, 0x04000104, - 0x00000004, 0x04010104, 0x00000100, 0x04000000, - 0x04010100, 0x04000000, 0x00010004, 0x00000104, - 0x00010000, 0x04010100, 0x04000100, 0x00000000, - 0x00000100, 0x00010004, 0x04010104, 0x04000100, - 0x04000004, 0x00000100, 0x00000000, 0x04010004, - 0x04000104, 0x00010000, 0x04000000, 0x04010104, - 0x00000004, 0x00010104, 0x00010100, 0x04000004, - 0x04010000, 0x04000104, 0x00000104, 0x04010000, - 0x00010104, 0x00000004, 0x04010004, 0x00010100, - }, - { - 0x00000080, 0x01040080, 0x01040000, 0x21000080, /* 5 */ - 0x00040000, 0x00000080, 0x20000000, 0x01040000, - 0x20040080, 0x00040000, 0x01000080, 0x20040080, - 0x21000080, 0x21040000, 0x00040080, 0x20000000, - 0x01000000, 0x20040000, 0x20040000, 0x00000000, - 0x20000080, 0x21040080, 0x21040080, 0x01000080, - 0x21040000, 0x20000080, 0x00000000, 0x21000000, - 0x01040080, 0x01000000, 0x21000000, 0x00040080, - 0x00040000, 0x21000080, 0x00000080, 0x01000000, - 0x20000000, 0x01040000, 0x21000080, 0x20040080, - 0x01000080, 0x20000000, 0x21040000, 0x01040080, - 0x20040080, 0x00000080, 0x01000000, 0x21040000, - 0x21040080, 0x00040080, 0x21000000, 0x21040080, - 0x01040000, 0x00000000, 0x20040000, 0x21000000, - 0x00040080, 0x01000080, 0x20000080, 0x00040000, - 0x00000000, 0x20040000, 0x01040080, 0x20000080, - }, - { - 0x80401000, 0x80001040, 0x80001040, 0x00000040, /* 4 */ - 0x00401040, 0x80400040, 0x80400000, 0x80001000, - 0x00000000, 0x00401000, 0x00401000, 0x80401040, - 0x80000040, 0x00000000, 0x00400040, 0x80400000, - 0x80000000, 0x00001000, 0x00400000, 0x80401000, - 0x00000040, 0x00400000, 0x80001000, 0x00001040, - 0x80400040, 0x80000000, 0x00001040, 0x00400040, - 0x00001000, 0x00401040, 0x80401040, 0x80000040, - 0x00400040, 0x80400000, 0x00401000, 0x80401040, - 0x80000040, 0x00000000, 0x00000000, 0x00401000, - 0x00001040, 0x00400040, 0x80400040, 0x80000000, - 0x80401000, 0x80001040, 0x80001040, 0x00000040, - 0x80401040, 0x80000040, 0x80000000, 0x00001000, - 0x80400000, 0x80001000, 0x00401040, 0x80400040, - 0x80001000, 0x00001040, 0x00400000, 0x80401000, - 0x00000040, 0x00400000, 0x00001000, 0x00401040, - }, - { - 0x10000008, 0x10200000, 0x00002000, 0x10202008, /* 6 */ - 0x10200000, 0x00000008, 0x10202008, 0x00200000, - 0x10002000, 0x00202008, 0x00200000, 0x10000008, - 0x00200008, 0x10002000, 0x10000000, 0x00002008, - 0x00000000, 0x00200008, 0x10002008, 0x00002000, - 0x00202000, 0x10002008, 0x00000008, 0x10200008, - 0x10200008, 0x00000000, 0x00202008, 0x10202000, - 0x00002008, 0x00202000, 0x10202000, 0x10000000, - 0x10002000, 0x00000008, 0x10200008, 0x00202000, - 0x10202008, 0x00200000, 0x00002008, 0x10000008, - 0x00200000, 0x10002000, 0x10000000, 0x00002008, - 0x10000008, 0x10202008, 0x00202000, 0x10200000, - 0x00202008, 0x10202000, 0x00000000, 0x10200008, - 0x00000008, 0x00002000, 0x10200000, 0x00202008, - 0x00002000, 0x00200008, 0x10002008, 0x00000000, - 0x10202000, 0x10000000, 0x00200008, 0x10002008, - }, - { - 0x08000820, 0x00000800, 0x00020000, 0x08020820, /* 8 */ - 0x08000000, 0x08000820, 0x00000020, 0x08000000, - 0x00020020, 0x08020000, 0x08020820, 0x00020800, - 0x08020800, 0x00020820, 0x00000800, 0x00000020, - 0x08020000, 0x08000020, 0x08000800, 0x00000820, - 0x00020800, 0x00020020, 0x08020020, 0x08020800, - 0x00000820, 0x00000000, 0x00000000, 0x08020020, - 0x08000020, 0x08000800, 0x00020820, 0x00020000, - 0x00020820, 0x00020000, 0x08020800, 0x00000800, - 0x00000020, 0x08020020, 0x00000800, 0x00020820, - 0x08000800, 0x00000020, 0x08000020, 0x08020000, - 0x08020020, 0x08000000, 0x00020000, 0x08000820, - 0x00000000, 0x08020820, 0x00020020, 0x08000020, - 0x08020000, 0x08000800, 0x08000820, 0x00000000, - 0x08020820, 0x00020800, 0x00020800, 0x00000820, - 0x00000820, 0x00020020, 0x08000000, 0x08020800, - }, - { - 0x40084010, 0x40004000, 0x00004000, 0x00084010, /* 2 */ - 0x00080000, 0x00000010, 0x40080010, 0x40004010, - 0x40000010, 0x40084010, 0x40084000, 0x40000000, - 0x40004000, 0x00080000, 0x00000010, 0x40080010, - 0x00084000, 0x00080010, 0x40004010, 0x00000000, - 0x40000000, 0x00004000, 0x00084010, 0x40080000, - 0x00080010, 0x40000010, 0x00000000, 0x00084000, - 0x00004010, 0x40084000, 0x40080000, 0x00004010, - 0x00000000, 0x00084010, 0x40080010, 0x00080000, - 0x40004010, 0x40080000, 0x40084000, 0x00004000, - 0x40080000, 0x40004000, 0x00000010, 0x40084010, - 0x00084010, 0x00000010, 0x00004000, 0x40000000, - 0x00004010, 0x40084000, 0x00080000, 0x40000010, - 0x00080010, 0x40004010, 0x40000010, 0x00080010, - 0x00084000, 0x00000000, 0x40004000, 0x00004010, - 0x40000000, 0x40080010, 0x40084010, 0x00084000 - }, -}; diff --git a/src/lib/crypto/builtin/des/f_tables.h b/src/lib/crypto/builtin/des/f_tables.h deleted file mode 100644 index fc91b566c..000000000 --- a/src/lib/crypto/builtin/des/f_tables.h +++ /dev/null @@ -1,285 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/builtin/des/f_tables.h */ -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* - * DES implementation donated by Dennis Ferguson - */ - -/* - * des_tables.h - declarations to import the DES tables, used internally - * by some of the library routines. - */ -#ifndef __DES_TABLES_H__ -#define __DES_TABLES_H__ /* nothing */ - -#include "k5-platform.h" -/* - * These may be declared const if you wish. Be sure to change the - * declarations in des_tables.c as well. - */ -extern const unsigned DES_INT32 des_IP_table[256]; -extern const unsigned DES_INT32 des_FP_table[256]; -extern const unsigned DES_INT32 des_SP_table[8][64]; - -/* - * Use standard shortforms to reference these to save typing - */ -#define IP des_IP_table -#define FP des_FP_table -#define SP des_SP_table - -#ifdef DEBUG -#define DEB(foofraw) printf foofraw -#else -#define DEB(foofraw) /* nothing */ -#endif - -/* - * Code to do a DES round using the tables. Note that the E expansion - * is easy to compute algorithmically, especially if done out-of-order. - * Take a look at its form and compare it to everything involving temp - * below. Since SP[0-7] don't have any bits in common set it is okay - * to do the successive xor's. - * - * Note too that the SP table has been reordered to match the order of - * the keys (if the original order of SP was 12345678, the reordered - * table is 71354682). This is unnecessary, but was done since some - * compilers seem to like you going through the matrix from beginning - * to end. - * - * There is a difference in the best way to do this depending on whether - * one is encrypting or decrypting. If encrypting we move forward through - * the keys and hence should move forward through the table. If decrypting - * we go back. Part of the need for this comes from trying to emulate - * existing software which generates a single key schedule and uses it - * both for encrypting and decrypting. Generating separate encryption - * and decryption key schedules would allow one to use the same code - * for both. - * - * left, right and temp should be unsigned DES_INT32 values. left and right - * should be the high and low order parts of the cipher block at the - * current stage of processing (this makes sense if you read the spec). - * kp should be an unsigned DES_INT32 pointer which points at the current - * set of subkeys in the key schedule. It is advanced to the next set - * (i.e. by 8 bytes) when this is done. - * - * This occurs in the innermost loop of the DES function. The four - * variables should really be in registers. - * - * When using this, the inner loop of the DES function might look like: - * - * for (i = 0; i < 8; i++) { - * DES_SP_{EN,DE}CRYPT_ROUND(left, right, temp, kp); - * DES_SP_{EN,DE}CRYPT_ROUND(right, left, temp, kp); - * } - * - * Note the trick above. You are supposed to do 16 rounds, swapping - * left and right at the end of each round. By doing two rounds at - * a time and swapping left and right in the code we can avoid the - * swaps altogether. - */ -#define DES_SP_ENCRYPT_ROUND(left, right, temp, kp) do { \ - (temp) = (((right) >> 11) | ((right) << 21)) ^ *(kp)++; \ - (left) ^= SP[0][((temp) >> 24) & 0x3f] \ - | SP[1][((temp) >> 16) & 0x3f] \ - | SP[2][((temp) >> 8) & 0x3f] \ - | SP[3][((temp) ) & 0x3f]; \ - (temp) = (((right) >> 23) | ((right) << 9)) ^ *(kp)++; \ - (left) ^= SP[4][((temp) >> 24) & 0x3f] \ - | SP[5][((temp) >> 16) & 0x3f] \ - | SP[6][((temp) >> 8) & 0x3f] \ - | SP[7][((temp) ) & 0x3f]; \ - } while(0); - -#define DES_SP_DECRYPT_ROUND(left, right, temp, kp) do { \ - (temp) = (((right) >> 23) | ((right) << 9)) ^ *(--(kp)); \ - (left) ^= SP[7][((temp) ) & 0x3f] \ - | SP[6][((temp) >> 8) & 0x3f] \ - | SP[5][((temp) >> 16) & 0x3f] \ - | SP[4][((temp) >> 24) & 0x3f]; \ - (temp) = (((right) >> 11) | ((right) << 21)) ^ *(--(kp)); \ - (left) ^= SP[3][((temp) ) & 0x3f] \ - | SP[2][((temp) >> 8) & 0x3f] \ - | SP[1][((temp) >> 16) & 0x3f] \ - | SP[0][((temp) >> 24) & 0x3f]; \ - } while (0); - -/* - * Macros to help deal with the initial permutation table. Note - * the IP table only deals with 32 bits at a time, allowing us to - * collect the bits we need to deal with each half into an unsigned - * DES_INT32. By carefully selecting how the bits are ordered we also - * take advantages of symmetries in the table so that we can use a - * single table to compute the permutation of all bytes. This sounds - * complicated, but if you go through the process of designing the - * table you'll find the symmetries fall right out. - * - * The follow macros compute the set of bits used to index the - * table for produce the left and right permuted result. - * - * The inserted cast to unsigned DES_INT32 circumvents a bug in - * the Macintosh MPW 3.2 C compiler which loses the unsignedness and - * propagates the high-order bit in the shift. - */ -#define DES_IP_LEFT_BITS(left, right) \ - ((((left) & 0x55555555) << 1) | ((right) & 0x55555555)) -#define DES_IP_RIGHT_BITS(left, right) \ - (((left) & 0xaaaaaaaa) | \ - ( ( (unsigned DES_INT32) ((right) & 0xaaaaaaaa) ) >> 1)) - -/* - * The following macro does an in-place initial permutation given - * the current left and right parts of the block and a single - * temporary. Use this more as a guide for rolling your own, though. - * The best way to do the IP depends on the form of the data you - * are dealing with. If you use this, though, try to make left, - * right and temp unsigned DES_INT32s. - */ -#define DES_INITIAL_PERM(left, right, temp) do { \ - (temp) = DES_IP_RIGHT_BITS((left), (right)); \ - (right) = DES_IP_LEFT_BITS((left), (right)); \ - (left) = IP[((right) >> 24) & 0xff] \ - | (IP[((right) >> 16) & 0xff] << 1) \ - | (IP[((right) >> 8) & 0xff] << 2) \ - | (IP[(right) & 0xff] << 3); \ - (right) = IP[((temp) >> 24) & 0xff] \ - | (IP[((temp) >> 16) & 0xff] << 1) \ - | (IP[((temp) >> 8) & 0xff] << 2) \ - | (IP[(temp) & 0xff] << 3); \ - } while(0); - -/* - * Now the final permutation stuff. The same comments apply to - * this as to the initial permutation, except that we use different - * bits and shifts. - * - * The inserted cast to unsigned DES_INT32 circumvents a bug in - * the Macintosh MPW 3.2 C compiler which loses the unsignedness and - * propagates the high-order bit in the shift. - */ -#define DES_FP_LEFT_BITS(left, right) \ - ((((left) & 0x0f0f0f0f) << 4) | ((right) & 0x0f0f0f0f)) -#define DES_FP_RIGHT_BITS(left, right) \ - (((left) & 0xf0f0f0f0) | \ - ( ( (unsigned DES_INT32) ((right) & 0xf0f0f0f0) ) >> 4)) - - -/* - * Here is a sample final permutation. Note that there is a trick - * here. DES requires swapping the left and right parts after the - * last cipher round but before the final permutation. We do this - * swapping internally, which is why left and right are confused - * at the beginning. - */ -#define DES_FINAL_PERM(left, right, temp) do { \ - (temp) = DES_FP_RIGHT_BITS((right), (left)); \ - (right) = DES_FP_LEFT_BITS((right), (left)); \ - (left) = (FP[((right) >> 24) & 0xff] << 6) \ - | (FP[((right) >> 16) & 0xff] << 4) \ - | (FP[((right) >> 8) & 0xff] << 2) \ - | FP[(right) & 0xff]; \ - (right) = (FP[((temp) >> 24) & 0xff] << 6) \ - | (FP[((temp) >> 16) & 0xff] << 4) \ - | (FP[((temp) >> 8) & 0xff] << 2) \ - | FP[temp & 0xff]; \ - } while(0); - - -/* - * Finally, as a sample of how all this might be held together, the - * following two macros do in-place encryptions and decryptions. left - * and right are two unsigned DES_INT32 variables which at the beginning - * are expected to hold the clear (encrypted) block in host byte order - * (left the high order four bytes, right the low order). At the end - * they will contain the encrypted (clear) block. temp is an unsigned DES_INT32 - * used as a temporary. kp is an unsigned DES_INT32 pointer pointing at - * the start of the key schedule. All these should be in registers. - * - * You can probably do better than these by rewriting for particular - * situations. These aren't bad, though. - * - * The DEB macros enable debugging when this code breaks (typically - * when a buggy compiler breaks it), by printing the intermediate values - * at each stage of the encryption, so that by comparing the output to - * a known good machine, the location of the first error can be found. - */ -#define DES_DO_ENCRYPT_1(left, right, kp) \ - do { \ - int i; \ - unsigned DES_INT32 temp1; \ - DEB (("do_encrypt %8lX %8lX \n", left, right)); \ - DES_INITIAL_PERM((left), (right), (temp1)); \ - DEB ((" after IP %8lX %8lX\n", left, right)); \ - for (i = 0; i < 8; i++) { \ - DES_SP_ENCRYPT_ROUND((left), (right), (temp1), (kp)); \ - DEB ((" round %2d %8lX %8lX \n", i*2, left, right)); \ - DES_SP_ENCRYPT_ROUND((right), (left), (temp1), (kp)); \ - DEB ((" round %2d %8lX %8lX \n", 1+i*2, left, right)); \ - } \ - DES_FINAL_PERM((left), (right), (temp1)); \ - (kp) -= (2 * 16); \ - DEB ((" after FP %8lX %8lX \n", left, right)); \ - } while (0) - -#define DES_DO_DECRYPT_1(left, right, kp) \ - do { \ - int i; \ - unsigned DES_INT32 temp2; \ - DES_INITIAL_PERM((left), (right), (temp2)); \ - (kp) += (2 * 16); \ - for (i = 0; i < 8; i++) { \ - DES_SP_DECRYPT_ROUND((left), (right), (temp2), (kp)); \ - DES_SP_DECRYPT_ROUND((right), (left), (temp2), (kp)); \ - } \ - DES_FINAL_PERM((left), (right), (temp2)); \ - } while (0) - -#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO) -extern void krb5int_des_do_encrypt_2(unsigned DES_INT32 *l, - unsigned DES_INT32 *r, - const unsigned DES_INT32 *k); -extern void krb5int_des_do_decrypt_2(unsigned DES_INT32 *l, - unsigned DES_INT32 *r, - const unsigned DES_INT32 *k); -#define DES_DO_ENCRYPT(L,R,K) krb5int_des_do_encrypt_2(&(L), &(R), (K)) -#define DES_DO_DECRYPT(L,R,K) krb5int_des_do_decrypt_2(&(L), &(R), (K)) -#else -#define DES_DO_ENCRYPT DES_DO_ENCRYPT_1 -#define DES_DO_DECRYPT DES_DO_DECRYPT_1 -#endif - -/* - * These are handy dandy utility thingies for straightening out bytes. - * Included here because they're used a couple of places. - */ -#define GET_HALF_BLOCK(lr, ip) ((lr) = load_32_be(ip), (ip) += 4) -#define PUT_HALF_BLOCK(lr, op) (store_32_be(lr, op), (op) += 4) - -/* Shorthand that we'll need in several places, for creating values that - really can hold 32 bits regardless of the prevailing int size. */ -#define FF_UINT32 ((unsigned DES_INT32) 0xFF) - -#endif /* __DES_TABLES_H__ */ diff --git a/src/lib/crypto/builtin/des/key_sched.c b/src/lib/crypto/builtin/des/key_sched.c deleted file mode 100644 index 87f02b6a9..000000000 --- a/src/lib/crypto/builtin/des/key_sched.c +++ /dev/null @@ -1,62 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/builtin/des/key_sched.c */ -/* - * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* - * This routine computes the DES key schedule given a key. The - * permutations and shifts have been done at compile time, resulting - * in a direct one-step mapping from the input key to the key - * schedule. - * - * Also checks parity and weak keys. - * - * Watch out for the subscripts -- most effectively start at 1 instead - * of at zero. Maybe some bugs in that area. - * - * In case the user wants to cache the computed key schedule, it is - * passed as an arg. Also implies that caller has explicit control - * over zeroing both the key schedule and the key. - * - * Originally written 6/85 by Steve Miller, MIT Project Athena. - */ - -#include "k5-int.h" -#include "des_int.h" - -int -mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule) -{ - mit_des_make_key_sched(k,schedule); - - if (!mit_des_check_key_parity(k)) /* bad parity --> return -1 */ - return(-1); - - if (mit_des_is_weak_key(k)) - return(-2); - - /* if key was good, return 0 */ - return 0; -} diff --git a/src/lib/crypto/builtin/des/keytest.data b/src/lib/crypto/builtin/des/keytest.data deleted file mode 100644 index 7ff34eedc..000000000 --- a/src/lib/crypto/builtin/des/keytest.data +++ /dev/null @@ -1,171 +0,0 @@ -0101010101010101 95F8A5E5DD31D900 8000000000000000 -0101010101010101 DD7F121CA5015619 4000000000000000 -0101010101010101 2E8653104F3834EA 2000000000000000 -0101010101010101 4BD388FF6CD81D4F 1000000000000000 -0101010101010101 20B9E767B2FB1456 0800000000000000 -0101010101010101 55579380D77138EF 0400000000000000 -0101010101010101 6CC5DEFAAF04512F 0200000000000000 -0101010101010101 0D9F279BA5D87260 0100000000000000 -0101010101010101 D9031B0271BD5A0A 0080000000000000 -0101010101010101 424250B37C3DD951 0040000000000000 -0101010101010101 B8061B7ECD9A21E5 0020000000000000 -0101010101010101 F15D0F286B65BD28 0010000000000000 -0101010101010101 ADD0CC8D6E5DEBA1 0008000000000000 -0101010101010101 E6D5F82752AD63D1 0004000000000000 -0101010101010101 ECBFE3BD3F591A5E 0002000000000000 -0101010101010101 F356834379D165CD 0001000000000000 -0101010101010101 2B9F982F20037FA9 0000800000000000 -0101010101010101 889DE068A16F0BE6 0000400000000000 -0101010101010101 E19E275D846A1298 0000200000000000 -0101010101010101 329A8ED523D71AEC 0000100000000000 -0101010101010101 E7FCE22557D23C97 0000080000000000 -0101010101010101 12A9F5817FF2D65D 0000040000000000 -0101010101010101 A484C3AD38DC9C19 0000020000000000 -0101010101010101 FBE00A8A1EF8AD72 0000010000000000 -0101010101010101 750D079407521363 0000008000000000 -0101010101010101 64FEED9C724C2FAF 0000004000000000 -0101010101010101 F02B263B328E2B60 0000002000000000 -0101010101010101 9D64555A9A10B852 0000001000000000 -0101010101010101 D106FF0BED5255D7 0000000800000000 -0101010101010101 E1652C6B138C64A5 0000000400000000 -0101010101010101 E428581186EC8F46 0000000200000000 -0101010101010101 AEB5F5EDE22D1A36 0000000100000000 -0101010101010101 E943D7568AEC0C5C 0000000080000000 -0101010101010101 DF98C8276F54B04B 0000000040000000 -0101010101010101 B160E4680F6C696F 0000000020000000 -0101010101010101 FA0752B07D9C4AB8 0000000010000000 -0101010101010101 CA3A2B036DBC8502 0000000008000000 -0101010101010101 5E0905517BB59BCF 0000000004000000 -0101010101010101 814EEB3B91D90726 0000000002000000 -0101010101010101 4D49DB1532919C9F 0000000001000000 -0101010101010101 25EB5FC3F8CF0621 0000000000800000 -0101010101010101 AB6A20C0620D1C6F 0000000000400000 -0101010101010101 79E90DBC98F92CCA 0000000000200000 -0101010101010101 866ECEDD8072BB0E 0000000000100000 -0101010101010101 8B54536F2F3E64A8 0000000000080000 -0101010101010101 EA51D3975595B86B 0000000000040000 -0101010101010101 CAFFC6AC4542DE31 0000000000020000 -0101010101010101 8DD45A2DDF90796C 0000000000010000 -0101010101010101 1029D55E880EC2D0 0000000000008000 -0101010101010101 5D86CB23639DBEA9 0000000000004000 -0101010101010101 1D1CA853AE7C0C5F 0000000000002000 -0101010101010101 CE332329248F3228 0000000000001000 -0101010101010101 8405D1ABE24FB942 0000000000000800 -0101010101010101 E643D78090CA4207 0000000000000400 -0101010101010101 48221B9937748A23 0000000000000200 -0101010101010101 DD7C0BBD61FAFD54 0000000000000100 -0101010101010101 2FBC291A570DB5C4 0000000000000080 -0101010101010101 E07C30D7E4E26E12 0000000000000040 -0101010101010101 0953E2258E8E90A1 0000000000000020 -0101010101010101 5B711BC4CEEBF2EE 0000000000000010 -0101010101010101 CC083F1E6D9E85F6 0000000000000008 -0101010101010101 D2FD8867D50D2DFE 0000000000000004 -0101010101010101 06E7EA22CE92708F 0000000000000002 -0101010101010101 166B40B44ABA4BD6 0000000000000001 -8001010101010101 0000000000000000 95A8D72813DAA94D -4001010101010101 0000000000000000 0EEC1487DD8C26D5 -2001010101010101 0000000000000000 7AD16FFB79C45926 -1001010101010101 0000000000000000 D3746294CA6A6CF3 -0801010101010101 0000000000000000 809F5F873C1FD761 -0401010101010101 0000000000000000 C02FAFFEC989D1FC -0201010101010101 0000000000000000 4615AA1D33E72F10 -0180010101010101 0000000000000000 2055123350C00858 -0140010101010101 0000000000000000 DF3B99D6577397C8 -0120010101010101 0000000000000000 31FE17369B5288C9 -0110010101010101 0000000000000000 DFDD3CC64DAE1642 -0108010101010101 0000000000000000 178C83CE2B399D94 -0104010101010101 0000000000000000 50F636324A9B7F80 -0102010101010101 0000000000000000 A8468EE3BC18F06D -0101800101010101 0000000000000000 A2DC9E92FD3CDE92 -0101400101010101 0000000000000000 CAC09F797D031287 -0101200101010101 0000000000000000 90BA680B22AEB525 -0101100101010101 0000000000000000 CE7A24F350E280B6 -0101080101010101 0000000000000000 882BFF0AA01A0B87 -0101040101010101 0000000000000000 25610288924511C2 -0101020101010101 0000000000000000 C71516C29C75D170 -0101018001010101 0000000000000000 5199C29A52C9F059 -0101014001010101 0000000000000000 C22F0A294A71F29F -0101012001010101 0000000000000000 EE371483714C02EA -0101011001010101 0000000000000000 A81FBD448F9E522F -0101010801010101 0000000000000000 4F644C92E192DFED -0101010401010101 0000000000000000 1AFA9A66A6DF92AE -0101010201010101 0000000000000000 B3C1CC715CB879D8 -0101010180010101 0000000000000000 19D032E64AB0BD8B -0101010140010101 0000000000000000 3CFAA7A7DC8720DC -0101010120010101 0000000000000000 B7265F7F447AC6F3 -0101010110010101 0000000000000000 9DB73B3C0D163F54 -0101010108010101 0000000000000000 8181B65BABF4A975 -0101010104010101 0000000000000000 93C9B64042EAA240 -0101010102010101 0000000000000000 5570530829705592 -0101010101800101 0000000000000000 8638809E878787A0 -0101010101400101 0000000000000000 41B9A79AF79AC208 -0101010101200101 0000000000000000 7A9BE42F2009A892 -0101010101100101 0000000000000000 29038D56BA6D2745 -0101010101080101 0000000000000000 5495C6ABF1E5DF51 -0101010101040101 0000000000000000 AE13DBD561488933 -0101010101020101 0000000000000000 024D1FFA8904E389 -0101010101018001 0000000000000000 D1399712F99BF02E -0101010101014001 0000000000000000 14C1D7C1CFFEC79E -0101010101012001 0000000000000000 1DE5279DAE3BED6F -0101010101011001 0000000000000000 E941A33F85501303 -0101010101010801 0000000000000000 DA99DBBC9A03F379 -0101010101010401 0000000000000000 B7FC92F91D8E92E9 -0101010101010201 0000000000000000 AE8E5CAA3CA04E85 -0101010101010180 0000000000000000 9CC62DF43B6EED74 -0101010101010140 0000000000000000 D863DBB5C59A91A0 -0101010101010120 0000000000000000 A1AB2190545B91D7 -0101010101010110 0000000000000000 0875041E64C570F7 -0101010101010108 0000000000000000 5A594528BEBEF1CC -0101010101010104 0000000000000000 FCDB3291DE21F0C0 -0101010101010102 0000000000000000 869EFD7F9F265A09 -1046913489980131 0000000000000000 88D55E54F54C97B4 -1007103489988020 0000000000000000 0C0CC00C83EA48FD -10071034C8980120 0000000000000000 83BC8EF3A6570183 -1046103489988020 0000000000000000 DF725DCAD94EA2E9 -1086911519190101 0000000000000000 E652B53B550BE8B0 -1086911519580101 0000000000000000 AF527120C485CBB0 -5107B01519580101 0000000000000000 0F04CE393DB926D5 -1007B01519190101 0000000000000000 C9F00FFC74079067 -3107915498080101 0000000000000000 7CFD82A593252B4E -3107919498080101 0000000000000000 CB49A2F9E91363E3 -10079115B9080140 0000000000000000 00B588BE70D23F56 -3107911598080140 0000000000000000 406A9A6AB43399AE -1007D01589980101 0000000000000000 6CB773611DCA9ADA -9107911589980101 0000000000000000 67FD21C17DBB5D70 -9107D01589190101 0000000000000000 9592CB4110430787 -1007D01598980120 0000000000000000 A6B7FF68A318DDD3 -1007940498190101 0000000000000000 4D102196C914CA16 -0107910491190401 0000000000000000 2DFA9F4573594965 -0107910491190101 0000000000000000 B46604816C0E0774 -0107940491190401 0000000000000000 6E7E6221A4F34E87 -19079210981A0101 0000000000000000 AA85E74643233199 -1007911998190801 0000000000000000 2E5A19DB4D1962D6 -10079119981A0801 0000000000000000 23A866A809D30894 -1007921098190101 0000000000000000 D812D961F017D320 -100791159819010B 0000000000000000 055605816E58608F -1004801598190101 0000000000000000 ABD88E8B1B7716F1 -1004801598190102 0000000000000000 537AC95BE69DA1E1 -1004801598190108 0000000000000000 AED0F6AE3C25CDD8 -1002911598100104 0000000000000000 B3E35A5EE53E7B8D -1002911598190104 0000000000000000 61C79C71921A2EF8 -1002911598100201 0000000000000000 E2F5728F0995013C -1002911698100101 0000000000000000 1AEAC39A61F0A464 -7CA110454A1A6E57 01A1D6D039776742 690F5B0D9A26939B -0131D9619DC1376E 5CD54CA83DEF57DA 7A389D10354BD271 -07A1133E4A0B2686 0248D43806F67172 868EBB51CAB4599A -3849674C2602319E 51454B582DDF440A 7178876E01F19B2A -04B915BA43FEB5B6 42FD443059577FA2 AF37FB421F8C4095 -0113B970FD34F2CE 059B5E0851CF143A 86A560F10EC6D85B -0170F175468FB5E6 0756D8E0774761D2 0CD3DA020021DC09 -43297FAD38E373FE 762514B829BF486A EA676B2CB7DB2B7A -07A7137045DA2A16 3BDD119049372802 DFD64A815CAF1A0F -04689104C2FD3B2F 26955F6835AF609A 5C513C9C4886C088 -37D06BB516CB7546 164D5E404F275232 0A2AEEAE3FF4AB77 -1F08260D1AC2465E 6B056E18759F5CCA EF1BF03E5DFA575A -584023641ABA6176 004BD6EF09176062 88BF0DB6D70DEE56 -025816164629B007 480D39006EE762F2 A1F9915541020B56 -49793EBC79B3258F 437540C8698F3CFA 6FBF1CAFCFFD0556 -4FB05E1515AB73A7 072D43A077075292 2F22E49BAB7CA1AC -49E95D6D4CA229BF 02FE55778117F12A 5A6B612CC26CCE4A -018310DC409B26D6 1D9D5C5018F728C2 5F4C038ED12B2E41 -1C587F1C13924FEF 305532286D6F295A 63FAC0D034D9F793 diff --git a/src/lib/crypto/builtin/des/t_verify.c b/src/lib/crypto/builtin/des/t_verify.c deleted file mode 100644 index 4a19933ca..000000000 --- a/src/lib/crypto/builtin/des/t_verify.c +++ /dev/null @@ -1,395 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/builtin/des/t_verify.c */ -/* - * Copyright 1988, 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -/* - * - * Program to test the correctness of the DES library - * implementation. - * - * exit returns 0 ==> success - * -1 ==> error - */ - -#include "k5-int.h" -#include "des_int.h" -#include <stdio.h> -#include "com_err.h" - -static void do_encrypt(unsigned char *, unsigned char *); -static void do_decrypt(unsigned char *, unsigned char *); - -char *progname; -int nflag = 2; -int vflag; -int mflag; -int zflag; -int pid; -int mit_des_debug; - -unsigned char cipher_text[64]; -unsigned char clear_text[64] = "Now is the time for all " ; -unsigned char clear_text2[64] = "7654321 Now is the time for "; -unsigned char clear_text3[64] = {2,0,0,0, 1,0,0,0}; -unsigned char output[64]; -unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0}; -unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */ -unsigned char *input; - -/* 0x0123456789abcdef */ -unsigned char default_key[8] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef -}; -unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f }; -unsigned char key3[8] = { 0x80,1,1,1,1,1,1,1 }; -mit_des_cblock s_key; -unsigned char default_ivec[8] = { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef -}; -unsigned char *ivec; -unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */ - -unsigned char cipher1[8] = { - 0x25,0xdd,0xac,0x3e,0x96,0x17,0x64,0x67 -}; -unsigned char cipher2[8] = { - 0x3f,0xa4,0x0e,0x8a,0x98,0x4d,0x48,0x15 -}; -unsigned char cipher3[64] = { - 0xe5,0xc7,0xcd,0xde,0x87,0x2b,0xf2,0x7c, - 0x43,0xe9,0x34,0x00,0x8c,0x38,0x9c,0x0f, - 0x68,0x37,0x88,0x49,0x9a,0x7c,0x05,0xf6 -}; -unsigned char checksum[8] = { - 0x58,0xd2,0xe7,0x7e,0x86,0x06,0x27,0x33 -}; - -unsigned char zresult[8] = { - 0x8c, 0xa6, 0x4d, 0xe9, 0xc1, 0xb1, 0x23, 0xa7 -}; - -unsigned char mresult[8] = { - 0xa3, 0x80, 0xe0, 0x2a, 0x6b, 0xe5, 0x46, 0x96 -}; - - -/* - * Can also add : - * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?) - */ - -mit_des_key_schedule sched; - -int -main(argc,argv) - int argc; - char *argv[]; -{ - /* Local Declarations */ - size_t in_length; - int retval; - int i, j; - -#ifdef WINDOWS - /* Set screen window buffer to infinite size -- MS default is tiny. */ - _wsetscreenbuf (fileno (stdout), _WINBUFINF); -#endif - progname=argv[0]; /* salt away invoking program */ - - while (--argc > 0 && (*++argv)[0] == '-') - for (i=1; argv[0][i] != '\0'; i++) { - switch (argv[0][i]) { - - /* debug flag */ - case 'd': - mit_des_debug=3; - continue; - - case 'z': - zflag = 1; - continue; - - case 'm': - mflag = 1; - continue; - - default: - printf("%s: illegal flag \"%c\" ", - progname,argv[0][i]); - exit(1); - } - }; - - if (argc) { - fprintf(stderr, "Usage: %s [-dmz]\n", progname); - exit(1); - } - - /* do some initialisation */ - - /* use known input and key */ - - /* ECB zero text zero key */ - if (zflag) { - input = zero_text; - mit_des_key_sched(zero_key, sched); - printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n"); - do_encrypt(input,cipher_text); - printf("\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) - printf("%02x ",cipher_text[j]); - printf("\n"); - do_decrypt(output,cipher_text); - if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) { - printf("verify: error in zero key test\n"); - exit(-1); - } - - exit(0); - } - - if (mflag) { - input = msb_text; - mit_des_key_sched(key3, sched); - printf("plaintext = 0x00 00 00 00 00 00 00 40, "); - printf("key = 0x80 01 01 01 01 01 01 01\n"); - printf(" cipher = 0xa380e02a6be54696\n"); - do_encrypt(input,cipher_text); - printf("\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) { - printf("%02x ",cipher_text[j]); - } - printf("\n"); - do_decrypt(output,cipher_text); - if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) { - printf("verify: error in msb test\n"); - exit(-1); - } - exit(0); - } - - /* ECB mode Davies and Price */ - { - input = zero_text; - mit_des_key_sched(key2, sched); - printf("Examples per FIPS publication 81, keys ivs and cipher\n"); - printf("in hex. These are the correct answers, see below for\n"); - printf("the actual answers.\n\n"); - printf("Examples per Davies and Price.\n\n"); - printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n"); - printf("\tclear = 0\n"); - printf("\tcipher = 25 dd ac 3e 96 17 64 67\n"); - printf("ACTUAL ECB\n"); - printf("\tclear \"%s\"\n", input); - do_encrypt(input,cipher_text); - printf("\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) - printf("%02x ",cipher_text[j]); - printf("\n\n"); - do_decrypt(output,cipher_text); - if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) { - printf("verify: error in ECB encryption\n"); - exit(-1); - } - else - printf("verify: ECB encryption is correct\n\n"); - } - - /* ECB mode */ - { - mit_des_key_sched(default_key, sched); - input = clear_text; - ivec = default_ivec; - printf("EXAMPLE ECB\tkey = 0123456789abcdef\n"); - printf("\tclear = \"Now is the time for all \"\n"); - printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n"); - printf("ACTUAL ECB\n\tclear \"%s\"",input); - do_encrypt(input,cipher_text); - printf("\n\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) { - printf("%02x ",cipher_text[j]); - } - printf("\n\n"); - do_decrypt(output,cipher_text); - if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) { - printf("verify: error in ECB encryption\n"); - exit(-1); - } - else - printf("verify: ECB encryption is correct\n\n"); - } - - /* CBC mode */ - printf("EXAMPLE CBC\tkey = 0123456789abcdef"); - printf("\tiv = 1234567890abcdef\n"); - printf("\tclear = \"Now is the time for all \"\n"); - printf("\tcipher =\te5 c7 cd de 87 2b f2 7c\n"); - printf("\t\t\t43 e9 34 00 8c 38 9c 0f\n"); - printf("\t\t\t68 37 88 49 9a 7c 05 f6\n"); - - printf("ACTUAL CBC\n\tclear \"%s\"\n",input); - in_length = strlen((char *)input); - if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) input, - (mit_des_cblock *) cipher_text, - (size_t) in_length, - sched, - ivec, - MIT_DES_ENCRYPT))) { - com_err("des verify", retval, "can't encrypt"); - exit(-1); - } - printf("\tciphertext = (low to high bytes)\n"); - for (i = 0; i <= 2; i++) { - printf("\t\t"); - for (j = 0; j <= 7; j++) { - printf("%02x ",cipher_text[i*8+j]); - } - printf("\n"); - } - if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) cipher_text, - (mit_des_cblock *) clear_text, - (size_t) in_length, - sched, - ivec, - MIT_DES_DECRYPT))) { - com_err("des verify", retval, "can't decrypt"); - exit(-1); - } - printf("\tdecrypted clear_text = \"%s\"\n",clear_text); - - if ( memcmp((char *)cipher_text, (char *)cipher3, in_length) ) { - printf("verify: error in CBC encryption\n"); - exit(-1); - } - else - printf("verify: CBC encryption is correct\n\n"); - - printf("EXAMPLE CBC checksum"); - printf("\tkey = 0123456789abcdef\tiv = 1234567890abcdef\n"); - printf("\tclear =\t\t\"7654321 Now is the time for \"\n"); - printf("\tchecksum\t58 d2 e7 7e 86 06 27 33, "); - printf("or some part thereof\n"); - input = clear_text2; - mit_des_cbc_cksum(input,cipher_text, strlen((char *)input), - sched,ivec); - printf("ACTUAL CBC checksum\n"); - printf("\t\tencrypted cksum = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) - printf("%02x ",cipher_text[j]); - printf("\n\n"); - if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) { - printf("verify: error in CBC checksum\n"); - exit(-1); - } - else - printf("verify: CBC checksum is correct\n\n"); - - exit(0); -} - -static void -do_encrypt(in,out) - unsigned char *in; - unsigned char *out; -{ - int i, j; - for (i =1; i<=nflag; i++) { - mit_des_cbc_encrypt((const mit_des_cblock *)in, - (mit_des_cblock *)out, - 8, - sched, - zero_text, - MIT_DES_ENCRYPT); - if (mit_des_debug) { - printf("\nclear %s\n",in); - for (j = 0; j<=7; j++) - printf("%02X ",in[j] & 0xff); - printf("\tcipher "); - for (j = 0; j<=7; j++) - printf("%02X ",out[j] & 0xff); - } - } -} - -static void -do_decrypt(in,out) - unsigned char *out; - unsigned char *in; - /* try to invert it */ -{ - int i, j; - for (i =1; i<=nflag; i++) { - mit_des_cbc_encrypt((const mit_des_cblock *)out, - (mit_des_cblock *)in, - 8, - sched, - zero_text, - MIT_DES_DECRYPT); - if (mit_des_debug) { - printf("clear %s\n",in); - for (j = 0; j<=7; j++) - printf("%02X ",in[j] & 0xff); - printf("\tcipher "); - for (j = 0; j<=7; j++) - printf("%02X ",out[j] & 0xff); - } - } -} - -/* - * Fake out the DES library, for the purposes of testing. - */ - -int -mit_des_is_weak_key(key) - mit_des_cblock key; -{ - return 0; /* fake it out for testing */ -} diff --git a/src/lib/crypto/builtin/des/weak_key.c b/src/lib/crypto/builtin/des/weak_key.c deleted file mode 100644 index eb41b267d..000000000 --- a/src/lib/crypto/builtin/des/weak_key.c +++ /dev/null @@ -1,86 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/builtin/des/weak_key.c */ -/* - * Copyright 1989,1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* - * Under U.S. law, this software may not be exported outside the US - * without license from the U.S. Commerce department. - * - * These routines form the library interface to the DES facilities. - * - * Originally written 8/85 by Steve Miller, MIT Project Athena. - */ - -#include "k5-int.h" -#include "des_int.h" - -/* - * The following are the weak DES keys: - */ -static const mit_des_cblock weak[16] = { - /* weak keys */ - {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, - {0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe}, - {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e}, - {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1}, - - /* semi-weak */ - {0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe}, - {0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01}, - - {0x1f,0xe0,0x1f,0xe0,0x0e,0xf1,0x0e,0xf1}, - {0xe0,0x1f,0xe0,0x1f,0xf1,0x0e,0xf1,0x0e}, - - {0x01,0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1}, - {0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1,0x01}, - - {0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e,0xfe}, - {0xfe,0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e}, - - {0x01,0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e}, - {0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e,0x01}, - - {0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1,0xfe}, - {0xfe,0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1} -}; - -/* - * mit_des_is_weak_key: returns true iff key is a [semi-]weak des key. - * - * Requires: key has correct odd parity. - */ -int -mit_des_is_weak_key(mit_des_cblock key) -{ - unsigned int i; - const mit_des_cblock *weak_p = weak; - - for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) { - if (!memcmp(weak_p++,key,sizeof(mit_des_cblock))) - return 1; - } - - return 0; -} diff --git a/src/lib/crypto/builtin/enc_provider/Makefile.in b/src/lib/crypto/builtin/enc_provider/Makefile.in index 3459e1d0e..af6276b96 100644 --- a/src/lib/crypto/builtin/enc_provider/Makefile.in +++ b/src/lib/crypto/builtin/enc_provider/Makefile.in @@ -1,7 +1,6 @@ mydir=lib$(S)crypto$(S)builtin$(S)enc_provider BUILDTOP=$(REL)..$(S)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/../des \ - -I$(srcdir)/../aes \ +LOCALINCLUDES = -I$(srcdir)/../aes \ -I$(srcdir)/../camellia \ -I$(srcdir)/../../krb \ -I$(srcdir)/.. @@ -11,19 +10,16 @@ LOCALINCLUDES = -I$(srcdir)/../des \ ##DOS##OBJFILE = ..\..\$(OUTPRE)enc_provider.lst STLIBOBJS= \ - des3.o \ rc4.o \ aes.o \ camellia.o OBJS= \ - $(OUTPRE)des3.$(OBJEXT) \ $(OUTPRE)aes.$(OBJEXT) \ $(OUTPRE)camellia.$(OBJEXT) \ $(OUTPRE)rc4.$(OBJEXT) SRCS= \ - $(srcdir)/des3.c \ $(srcdir)/aes.c \ $(srcdir)/camellia.c \ $(srcdir)/rc4.c diff --git a/src/lib/crypto/builtin/enc_provider/deps b/src/lib/crypto/builtin/enc_provider/deps index ea4ffecd8..061289a91 100644 --- a/src/lib/crypto/builtin/enc_provider/deps +++ b/src/lib/crypto/builtin/enc_provider/deps @@ -1,19 +1,6 @@ # # Generated makefile dependencies follow. # -des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ - $(srcdir)/../aes/aes.h $(srcdir)/../aes/brg_types.h \ - $(srcdir)/../crypto_mod.h $(srcdir)/../des/des_int.h \ - $(srcdir)/../sha2/sha2.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des3.c aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ diff --git a/src/lib/crypto/builtin/enc_provider/des3.c b/src/lib/crypto/builtin/enc_provider/des3.c deleted file mode 100644 index 9b8244223..000000000 --- a/src/lib/crypto/builtin/enc_provider/des3.c +++ /dev/null @@ -1,105 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "crypto_int.h" -#include "des_int.h" - -static krb5_error_code -validate_and_schedule(krb5_key key, const krb5_data *ivec, - const krb5_crypto_iov *data, size_t num_data, - mit_des3_key_schedule *schedule) -{ - if (key->keyblock.length != 24) - return(KRB5_BAD_KEYSIZE); - if (iov_total_length(data, num_data, FALSE) % 8 != 0) - return(KRB5_BAD_MSIZE); - if (ivec && (ivec->length != 8)) - return(KRB5_BAD_MSIZE); - - switch (mit_des3_key_sched(*(mit_des3_cblock *)key->keyblock.contents, - *schedule)) { - case -1: - return(KRB5DES_BAD_KEYPAR); - case -2: - return(KRB5DES_WEAK_KEY); - } - return 0; -} - -static krb5_error_code -k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, - size_t num_data) -{ - mit_des3_key_schedule schedule; - krb5_error_code err; - - err = validate_and_schedule(key, ivec, data, num_data, &schedule); - if (err) - return err; - - /* this has a return value, but the code always returns zero */ - krb5int_des3_cbc_encrypt(data, num_data, - schedule[0], schedule[1], schedule[2], - ivec != NULL ? (unsigned char *) ivec->data : - NULL); - - zap(schedule, sizeof(schedule)); - - return(0); -} - -static krb5_error_code -k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, - size_t num_data) -{ - mit_des3_key_schedule schedule; - krb5_error_code err; - - err = validate_and_schedule(key, ivec, data, num_data, &schedule); - if (err) - return err; - - /* this has a return value, but the code always returns zero */ - krb5int_des3_cbc_decrypt(data, num_data, - schedule[0], schedule[1], schedule[2], - ivec != NULL ? (unsigned char *) ivec->data : - NULL); - - zap(schedule, sizeof(schedule)); - - return 0; -} - -const struct krb5_enc_provider krb5int_enc_des3 = { - 8, - 21, 24, - k5_des3_encrypt, - k5_des3_decrypt, - NULL, - krb5int_des_init_state, - krb5int_default_free_state -}; diff --git a/src/lib/crypto/crypto_tests/t_cf2.expected b/src/lib/crypto/crypto_tests/t_cf2.expected index f8251a16c..bc6aa50c8 100644 --- a/src/lib/crypto/crypto_tests/t_cf2.expected +++ b/src/lib/crypto/crypto_tests/t_cf2.expected @@ -1,6 +1,5 @@ 97df97e4b798b29eb31ed7280287a92a 4d6ca4e629785c1f01baf55e2e548566b9617ae3a96868c337cb93b5e72b1c7b -e58f9eb643862c13ad38e529313462a7f73e62834fe54a01 24d7f6b6bae4e5c00d2082c5ebab3672 edd02a39d2dbde31611c16e610be062c 67f6ea530aea85a37dcbb23349ea52dcc61ca8493ff557252327fd8304341584 diff --git a/src/lib/crypto/crypto_tests/t_cf2.in b/src/lib/crypto/crypto_tests/t_cf2.in index 73e2f8fbc..c4d23b506 100644 --- a/src/lib/crypto/crypto_tests/t_cf2.in +++ b/src/lib/crypto/crypto_tests/t_cf2.in @@ -8,11 +8,6 @@ key1 key2 a b -16 -key1 -key2 -a -b 23 key1 key2 diff --git a/src/lib/crypto/crypto_tests/t_cksums.c b/src/lib/crypto/crypto_tests/t_cksums.c index 8297fcbf5..3063d12ec 100644 --- a/src/lib/crypto/crypto_tests/t_cksums.c +++ b/src/lib/crypto/crypto_tests/t_cksums.c @@ -59,16 +59,6 @@ struct test { "\xDA\x39\xA3\xEE\x5E\x6B\x4B\x0D\x32\x55\xBF\xEF\x95\x60\x18\x90" "\xAF\xD8\x07\x09" } }, - { - { KV5M_DATA, 9, "six seven" }, - CKSUMTYPE_HMAC_SHA1_DES3, ENCTYPE_DES3_CBC_SHA1, 2, - { KV5M_DATA, 24, - "\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23" - "\x75\xB3\xC1\x4C\x98\xFB\xC1\x62" }, - { KV5M_DATA, 20, - "\x0E\xEF\xC9\xC3\xE0\x49\xAA\xBC\x1B\xA5\xC4\x01\x67\x7D\x9A\xB6" - "\x99\x08\x2B\xB4" } - }, { { KV5M_DATA, 37, "eight nine ten eleven twelve thirteen" }, CKSUMTYPE_HMAC_SHA1_96_AES128, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 3, diff --git a/src/lib/crypto/crypto_tests/t_decrypt.c b/src/lib/crypto/crypto_tests/t_decrypt.c index a40a85500..716f2c337 100644 --- a/src/lib/crypto/crypto_tests/t_decrypt.c +++ b/src/lib/crypto/crypto_tests/t_decrypt.c @@ -39,62 +39,6 @@ struct test { krb5_data keybits; krb5_data ciphertext; } test_cases[] = { - { - ENCTYPE_DES3_CBC_SHA1, - { KV5M_DATA, 0, "", }, 0, - { KV5M_DATA, 24, - "\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23" - "\x75\xB3\xC1\x4C\x98\xFB\xC1\x62" }, - { KV5M_DATA, 28, - "\x54\x8A\xF4\xD5\x04\xF7\xD7\x23\x30\x3F\x12\x17\x5F\xE8\x38\x6B" - "\x7B\x53\x35\xA9\x67\xBA\xD6\x1F\x3B\xF0\xB1\x43" } - }, - { - ENCTYPE_DES3_CBC_SHA1, - { KV5M_DATA, 1, "1", }, 1, - { KV5M_DATA, 24, - "\xBC\x07\x83\x89\x15\x13\xD5\xCE\x57\xBC\x13\x8F\xD3\xC1\x1A\xE6" - "\x40\x45\x23\x85\x32\x29\x62\xB6" }, - { KV5M_DATA, 36, - "\x9C\x3C\x1D\xBA\x47\x47\xD8\x5A\xF2\x91\x6E\x47\x45\xF2\xDC\xE3" - "\x80\x46\x79\x6E\x51\x04\xBC\xCD\xFB\x66\x9A\x91\xD4\x4B\xC3\x56" - "\x66\x09\x45\xC7" } - }, - { - ENCTYPE_DES3_CBC_SHA1, - { KV5M_DATA, 9, "9 bytesss", }, 2, - { KV5M_DATA, 24, - "\x2F\xD0\xF7\x25\xCE\x04\x10\x0D\x2F\xC8\xA1\x80\x98\x83\x1F\x85" - "\x0B\x45\xD9\xEF\x85\x0B\xD9\x20" }, - { KV5M_DATA, 44, - "\xCF\x91\x44\xEB\xC8\x69\x79\x81\x07\x5A\x8B\xAD\x8D\x74\xE5\xD7" - "\xD5\x91\xEB\x7D\x97\x70\xC7\xAD\xA2\x5E\xE8\xC5\xB3\xD6\x94\x44" - "\xDF\xEC\x79\xA5\xB7\xA0\x14\x82\xD9\xAF\x74\xE6" } - }, - { - ENCTYPE_DES3_CBC_SHA1, - { KV5M_DATA, 13, "13 bytes byte", }, 3, - { KV5M_DATA, 24, - "\x0D\xD5\x20\x94\xE0\xF4\x1C\xEC\xCB\x5B\xE5\x10\xA7\x64\xB3\x51" - "\x76\xE3\x98\x13\x32\xF1\xE5\x98" }, - { KV5M_DATA, 44, - "\x83\x9A\x17\x08\x1E\xCB\xAF\xBC\xDC\x91\xB8\x8C\x69\x55\xDD\x3C" - "\x45\x14\x02\x3C\xF1\x77\xB7\x7B\xF0\xD0\x17\x7A\x16\xF7\x05\xE8" - "\x49\xCB\x77\x81\xD7\x6A\x31\x6B\x19\x3F\x8D\x30" } - }, - { - ENCTYPE_DES3_CBC_SHA1, - { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, - { KV5M_DATA, 24, - "\xF1\x16\x86\xCB\xBC\x9E\x23\xEA\x54\xFE\xCD\x2A\x3D\xCD\xFB\x20" - "\xB6\xFE\x98\xBF\x26\x45\xC4\xC4" }, - { KV5M_DATA, 60, - "\x89\x43\x3E\x83\xFD\x0E\xA3\x66\x6C\xFF\xCD\x18\xD8\xDE\xEB\xC5" - "\x3B\x9A\x34\xED\xBE\xB1\x59\xD9\xF6\x67\xC6\xC2\xB9\xA9\x64\x40" - "\x1D\x55\xE7\xE9\xC6\x8D\x64\x8D\x65\xC3\xAA\x84\xFF\xA3\x79\x0C" - "\x14\xA8\x64\xDA\x80\x73\xA9\xA9\x5C\x4B\xA2\xBC" } - }, - { ENCTYPE_ARCFOUR_HMAC, { KV5M_DATA, 0, "", }, 0, @@ -524,7 +468,6 @@ printhex(const char *head, void *data, size_t len) static krb5_enctype enctypes[] = { - ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_AES128_CTS_HMAC_SHA1_96, diff --git a/src/lib/crypto/crypto_tests/t_derive.c b/src/lib/crypto/crypto_tests/t_derive.c index afbf7477f..93ce30da2 100644 --- a/src/lib/crypto/crypto_tests/t_derive.c +++ b/src/lib/crypto/crypto_tests/t_derive.c @@ -38,41 +38,6 @@ struct test { enum deriv_alg alg; krb5_data expected_key; } test_cases[] = { - /* Kc, Ke, Kei for a DES3 key */ - { - ENCTYPE_DES3_CBC_SHA1, - { KV5M_DATA, 24, - "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE" - "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, - { KV5M_DATA, 5, "\0\0\0\2\x99" }, - DERIVE_RFC3961, - { KV5M_DATA, 24, - "\xF7\x8C\x49\x6D\x16\xE6\xC2\xDA\xE0\xE0\xB6\xC2\x40\x57\xA8\x4C" - "\x04\x26\xAE\xEF\x26\xFD\x6D\xCE" } - }, - { - ENCTYPE_DES3_CBC_SHA1, - { KV5M_DATA, 24, - "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE" - "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, - { KV5M_DATA, 5, "\0\0\0\2\xAA" }, - DERIVE_RFC3961, - { KV5M_DATA, 24, - "\x5B\x57\x23\xD0\xB6\x34\xCB\x68\x4C\x3E\xBA\x52\x64\xE9\xA7\x0D" - "\x52\xE6\x83\x23\x1A\xD3\xC4\xCE" } - }, - { - ENCTYPE_DES3_CBC_SHA1, - { KV5M_DATA, 24, - "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE" - "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, - { KV5M_DATA, 5, "\0\0\0\2\x55" }, - DERIVE_RFC3961, - { KV5M_DATA, 24, - "\xA7\x7C\x94\x98\x0E\x9B\x73\x45\xA8\x15\x25\xC4\x23\xA7\x37\xCE" - "\x67\xF4\xCD\x91\xB6\xB3\xDA\x45" } - }, - /* Kc, Ke, Ki for an AES-128 key */ { ENCTYPE_AES128_CTS_HMAC_SHA1_96, @@ -286,7 +251,6 @@ static const struct krb5_enc_provider * get_enc_provider(krb5_enctype enctype) { switch (enctype) { - case ENCTYPE_DES3_CBC_SHA1: return &krb5int_enc_des3; case ENCTYPE_AES128_CTS_HMAC_SHA1_96: return &krb5int_enc_aes128; case ENCTYPE_AES256_CTS_HMAC_SHA1_96: return &krb5int_enc_aes256; case ENCTYPE_CAMELLIA128_CTS_CMAC: return &krb5int_enc_camellia128; diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c index bd9b94691..290a72e1e 100644 --- a/src/lib/crypto/crypto_tests/t_encrypt.c +++ b/src/lib/crypto/crypto_tests/t_encrypt.c @@ -37,7 +37,6 @@ /* What enctypes should we test?*/ krb5_enctype interesting_enctypes[] = { - ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_AES256_CTS_HMAC_SHA1_96, diff --git a/src/lib/crypto/crypto_tests/t_short.c b/src/lib/crypto/crypto_tests/t_short.c index d4c2b97df..4466b7115 100644 --- a/src/lib/crypto/crypto_tests/t_short.c +++ b/src/lib/crypto/crypto_tests/t_short.c @@ -34,7 +34,6 @@ #include "k5-int.h" krb5_enctype interesting_enctypes[] = { - ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_AES256_CTS_HMAC_SHA1_96, diff --git a/src/lib/crypto/crypto_tests/t_str2key.c b/src/lib/crypto/crypto_tests/t_str2key.c index cdb1acc6d..ef4c4a7d3 100644 --- a/src/lib/crypto/crypto_tests/t_str2key.c +++ b/src/lib/crypto/crypto_tests/t_str2key.c @@ -35,58 +35,6 @@ struct test { krb5_error_code expected_err; krb5_boolean allow_weak; } test_cases[] = { - /* Test vectors from RFC 3961 appendix A.4. */ - { - ENCTYPE_DES3_CBC_SHA1, - "password", - { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, - { KV5M_DATA, 0, NULL }, - { KV5M_DATA, 24, "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C" - "\x31\x3E\x3B\xFE\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, - 0, - FALSE - }, - { - ENCTYPE_DES3_CBC_SHA1, - "potatoe", - { KV5M_DATA, 19, "WHITEHOUSE.GOVdanny" }, - { KV5M_DATA, 0, NULL }, - { KV5M_DATA, 24, "\xDF\xCD\x23\x3D\xD0\xA4\x32\x04\xEA\x6D\xC4\x37" - "\xFB\x15\xE0\x61\xB0\x29\x79\xC1\xF7\x4F\x37\x7A" }, - 0, - FALSE - }, - { - ENCTYPE_DES3_CBC_SHA1, - "penny", - { KV5M_DATA, 19, "EXAMPLE.COMbuckaroo" }, - { KV5M_DATA, 0, NULL }, - { KV5M_DATA, 24, "\x6D\x2F\xCD\xF2\xD6\xFB\xBC\x3D\xDC\xAD\xB5\xDA" - "\x57\x10\xA2\x34\x89\xB0\xD3\xB6\x9D\x5D\x9D\x4A" }, - 0, - FALSE - }, - { - ENCTYPE_DES3_CBC_SHA1, - "\xC3\x9F", - { KV5M_DATA, 23, "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87" }, - { KV5M_DATA, 0, NULL }, - { KV5M_DATA, 24, "\x16\xD5\xA4\x0E\x1C\xE3\xBA\xCB\x61\xB9\xDC\xE0" - "\x04\x70\x32\x4C\x83\x19\x73\xA7\xB9\x52\xFE\xB0" }, - 0, - FALSE - }, - { - ENCTYPE_DES3_CBC_SHA1, - "\xF0\x9D\x84\x9E", - { KV5M_DATA, 18, "EXAMPLE.COMpianist" }, - { KV5M_DATA, 0, NULL }, - { KV5M_DATA, 24, "\x85\x76\x37\x26\x58\x5D\xBC\x1C\xCE\x6E\xC4\x3E" - "\x1F\x75\x1F\x07\xF1\xC4\xCB\xB0\x98\xF4\x0B\x19" }, - 0, - FALSE - }, - /* Test vectors from RFC 3962 appendix B. */ { ENCTYPE_AES128_CTS_HMAC_SHA1_96, diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in index b74e6f7cc..2b0c4163d 100644 --- a/src/lib/crypto/krb/Makefile.in +++ b/src/lib/crypto/krb/Makefile.in @@ -50,7 +50,6 @@ STLIBOBJS=\ prf.o \ prf_aes2.o \ prf_cmac.o \ - prf_des.o \ prf_dk.o \ prf_rc4.o \ prng.o \ @@ -109,7 +108,6 @@ OBJS=\ $(OUTPRE)prf.$(OBJEXT) \ $(OUTPRE)prf_aes2.$(OBJEXT) \ $(OUTPRE)prf_cmac.$(OBJEXT) \ - $(OUTPRE)prf_des.$(OBJEXT) \ $(OUTPRE)prf_dk.$(OBJEXT) \ $(OUTPRE)prf_rc4.$(OBJEXT) \ $(OUTPRE)prng.$(OBJEXT) \ @@ -168,7 +166,6 @@ SRCS=\ $(srcdir)/prf.c \ $(srcdir)/prf_aes2.c \ $(srcdir)/prf_cmac.c \ - $(srcdir)/prf_des.c \ $(srcdir)/prf_dk.c \ $(srcdir)/prf_rc4.c \ $(srcdir)/prng.c \ diff --git a/src/lib/crypto/krb/cksumtypes.c b/src/lib/crypto/krb/cksumtypes.c index ecc2e08c9..f5fbe8a2a 100644 --- a/src/lib/crypto/krb/cksumtypes.c +++ b/src/lib/crypto/krb/cksumtypes.c @@ -46,12 +46,6 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = { krb5int_unkeyed_checksum, NULL, 20, 20, CKSUM_UNKEYED }, - { CKSUMTYPE_HMAC_SHA1_DES3, - "hmac-sha1-des3", { "hmac-sha1-des3-kd" }, "HMAC-SHA1 DES3 key", - &krb5int_enc_des3, &krb5int_hash_sha1, - krb5int_dk_checksum, NULL, - 20, 20, 0 }, - { CKSUMTYPE_HMAC_MD5_ARCFOUR, "hmac-md5-rc4", { "hmac-md5-enc", "hmac-md5-earcfour" }, "Microsoft HMAC MD5", diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h index 19f808749..4bc430c7a 100644 --- a/src/lib/crypto/krb/crypto_int.h +++ b/src/lib/crypto/krb/crypto_int.h @@ -276,10 +276,6 @@ krb5_error_code krb5int_aes2_string_to_key(const struct krb5_keytypes *enc, /* Random to key */ krb5_error_code k5_rand2key_direct(const krb5_data *randombits, krb5_keyblock *keyblock); -krb5_error_code k5_rand2key_des(const krb5_data *randombits, - krb5_keyblock *keyblock); -krb5_error_code k5_rand2key_des3(const krb5_data *randombits, - krb5_keyblock *keyblock); /* Pseudo-random function */ krb5_error_code krb5int_des_prf(const struct krb5_keytypes *ktp, @@ -368,11 +364,6 @@ krb5_keyusage krb5int_arcfour_translate_usage(krb5_keyusage usage); /* Ensure library initialization has occurred. */ int krb5int_crypto_init(void); -/* DES default state initialization handler (used by module enc providers). */ -krb5_error_code krb5int_des_init_state(const krb5_keyblock *key, - krb5_keyusage keyusage, - krb5_data *state_out); - /* Default state cleanup handler (used by module enc providers). */ void krb5int_default_free_state(krb5_data *state); @@ -425,7 +416,6 @@ void k5_iov_cursor_put(struct iov_cursor *cursor, unsigned char *block); /* Modules must implement the k5_sha256() function prototyped in k5-int.h. */ /* Modules must implement the following enc_providers and hash_providers: */ -extern const struct krb5_enc_provider krb5int_enc_des3; extern const struct krb5_enc_provider krb5int_enc_arcfour; extern const struct krb5_enc_provider krb5int_enc_aes128; extern const struct krb5_enc_provider krb5int_enc_aes256; @@ -442,12 +432,6 @@ extern const struct krb5_hash_provider krb5int_hash_sha384; /* Modules must implement the following functions. */ -/* Set the parity bits to the correct values in keybits. */ -void k5_des_fixup_key_parity(unsigned char *keybits); - -/* Return true if keybits is a weak or semi-weak DES key. */ -krb5_boolean k5_des_is_weak_key(unsigned char *keybits); - /* Compute an HMAC using the provided hash function, key, and data, storing the * result into output (caller-allocated). */ krb5_error_code krb5int_hmac(const struct krb5_hash_provider *hash, diff --git a/src/lib/crypto/krb/default_state.c b/src/lib/crypto/krb/default_state.c index 0757c8b02..f89dc7902 100644 --- a/src/lib/crypto/krb/default_state.c +++ b/src/lib/crypto/krb/default_state.c @@ -32,16 +32,6 @@ #include "crypto_int.h" -krb5_error_code -krb5int_des_init_state(const krb5_keyblock *key, krb5_keyusage usage, - krb5_data *state_out) -{ - if (alloc_data(state_out, 8)) - return ENOMEM; - - return 0; -} - void krb5int_default_free_state(krb5_data *state) { diff --git a/src/lib/crypto/krb/enctype_util.c b/src/lib/crypto/krb/enctype_util.c index 1542d4062..a0037912a 100644 --- a/src/lib/crypto/krb/enctype_util.c +++ b/src/lib/crypto/krb/enctype_util.c @@ -45,6 +45,9 @@ struct { { ENCTYPE_DES_CBC_MD5, "des-cbc-md5" }, { ENCTYPE_DES_CBC_RAW, "des-cbc-raw" }, { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1" }, + { ENCTYPE_DES3_CBC_SHA, "des3-cbc-sha1" }, + { ENCTYPE_DES3_CBC_RAW, "des3-cbc-raw" }, + { ENCTYPE_DES3_CBC_SHA1, "des3-hmac-sha1" }, { ENCTYPE_NULL, NULL } }; diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c index fc278783b..7635393a4 100644 --- a/src/lib/crypto/krb/etypes.c +++ b/src/lib/crypto/krb/etypes.c @@ -35,27 +35,6 @@ /* Deprecations come from RFC 6649 and RFC 8249. */ const struct krb5_keytypes krb5int_enctypes_list[] = { - { ENCTYPE_DES3_CBC_RAW, - "des3-cbc-raw", { 0 }, "Triple DES cbc mode raw", - &krb5int_enc_des3, NULL, - 16, - krb5int_raw_crypto_length, krb5int_raw_encrypt, krb5int_raw_decrypt, - krb5int_dk_string_to_key, k5_rand2key_des3, - NULL, /*PRF*/ - 0, - ETYPE_WEAK | ETYPE_DEPRECATED, 112 }, - - { ENCTYPE_DES3_CBC_SHA1, - "des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" }, - "Triple DES cbc mode with HMAC/sha1", - &krb5int_enc_des3, &krb5int_hash_sha1, - 16, - krb5int_dk_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt, - krb5int_dk_string_to_key, k5_rand2key_des3, - krb5int_dk_prf, - CKSUMTYPE_HMAC_SHA1_DES3, - ETYPE_DEPRECATED, 112 }, - /* rc4-hmac uses a 128-bit key, but due to weaknesses in the RC4 cipher, we * consider its strength degraded and assign it an SSF value of 64. */ { ENCTYPE_ARCFOUR_HMAC, diff --git a/src/lib/crypto/krb/prf_des.c b/src/lib/crypto/krb/prf_des.c deleted file mode 100644 index 7a2d719c5..000000000 --- a/src/lib/crypto/krb/prf_des.c +++ /dev/null @@ -1,47 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/krb/prf_des.c - RFC 3961 DES-based PRF */ -/* - * Copyright (C) 2004, 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "crypto_int.h" - -krb5_error_code -krb5int_des_prf(const struct krb5_keytypes *ktp, krb5_key key, - const krb5_data *in, krb5_data *out) -{ - const struct krb5_hash_provider *hash = &krb5int_hash_md5; - krb5_crypto_iov iov; - krb5_error_code ret; - - /* Compute a hash of the input, storing into the output buffer. */ - iov.flags = KRB5_CRYPTO_TYPE_DATA; - iov.data = *in; - ret = hash->hash(&iov, 1, out); - if (ret != 0) - return ret; - - /* Encrypt the hash in place. */ - iov.data = *out; - return ktp->enc->encrypt(key, NULL, &iov, 1); -} diff --git a/src/lib/crypto/krb/random_to_key.c b/src/lib/crypto/krb/random_to_key.c index 157462526..863090beb 100644 --- a/src/lib/crypto/krb/random_to_key.c +++ b/src/lib/crypto/krb/random_to_key.c @@ -71,48 +71,3 @@ k5_rand2key_direct(const krb5_data *randombits, krb5_keyblock *keyblock) memcpy(keyblock->contents, randombits->data, randombits->length); return 0; } - -static inline void -eighth_byte(unsigned char *b) -{ - b[7] = (((b[0] & 1) << 1) | ((b[1] & 1) << 2) | ((b[2] & 1) << 3) | - ((b[3] & 1) << 4) | ((b[4] & 1) << 5) | ((b[5] & 1) << 6) | - ((b[6] & 1) << 7)); -} - -krb5_error_code -k5_rand2key_des(const krb5_data *randombits, krb5_keyblock *keyblock) -{ - if (randombits->length != 7) - return(KRB5_CRYPTO_INTERNAL); - - keyblock->magic = KV5M_KEYBLOCK; - - /* Take the seven bytes, move them around into the top 7 bits of the - * 8 key bytes, then compute the parity bits. */ - memcpy(keyblock->contents, randombits->data, randombits->length); - eighth_byte(keyblock->contents); - k5_des_fixup_key_parity(keyblock->contents); - - return 0; -} - -krb5_error_code -k5_rand2key_des3(const krb5_data *randombits, krb5_keyblock *keyblock) -{ - int i; - - if (randombits->length != 21) - return KRB5_CRYPTO_INTERNAL; - - keyblock->magic = KV5M_KEYBLOCK; - - /* Take the seven bytes, move them around into the top 7 bits of the - * 8 key bytes, then compute the parity bits. Do this three times. */ - for (i = 0; i < 3; i++) { - memcpy(&keyblock->contents[i * 8], &randombits->data[i * 7], 7); - eighth_byte(&keyblock->contents[i * 8]); - k5_des_fixup_key_parity(&keyblock->contents[i * 8]); - } - return 0; -} diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports index d6cc1b423..f44cb9170 100644 --- a/src/lib/crypto/libk5crypto.exports +++ b/src/lib/crypto/libk5crypto.exports @@ -86,7 +86,6 @@ krb5_k_verify_checksum krb5_k_verify_checksum_iov krb5int_aes_encrypt krb5int_aes_decrypt -krb5int_enc_des3 krb5int_arcfour_gsscrypt krb5int_camellia_cbc_mac krb5int_cmac_checksum diff --git a/src/lib/crypto/openssl/Makefile.in b/src/lib/crypto/openssl/Makefile.in index aa434b168..234fc0e76 100644 --- a/src/lib/crypto/openssl/Makefile.in +++ b/src/lib/crypto/openssl/Makefile.in @@ -1,6 +1,6 @@ mydir=lib$(S)crypto$(S)openssl BUILDTOP=$(REL)..$(S)..$(S).. -SUBDIRS=camellia des aes md4 md5 sha1 sha2 enc_provider hash_provider +SUBDIRS=camellia aes md4 md5 sha1 sha2 enc_provider hash_provider LOCALINCLUDES = -I$(srcdir)/../krb -I$(srcdir) STLIBOBJS=\ @@ -24,14 +24,14 @@ SRCS=\ $(srcdir)/sha256.c \ $(srcdir)/stubs.c -STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ +STOBJLISTS= md4/OBJS.ST \ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ enc_provider/OBJS.ST \ hash_provider/OBJS.ST \ aes/OBJS.ST \ OBJS.ST -SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \ +SUBDIROBJLISTS= md4/OBJS.ST \ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ enc_provider/OBJS.ST \ hash_provider/OBJS.ST \ @@ -42,7 +42,7 @@ includes: depend depend: $(SRCS) -clean-unix:: clean-libobjs +clean-unix:: clean-libobjsn @lib_frag@ @libobj_frag@ diff --git a/src/lib/crypto/openssl/des/Makefile.in b/src/lib/crypto/openssl/des/Makefile.in deleted file mode 100644 index 4392fb8ea..000000000 --- a/src/lib/crypto/openssl/des/Makefile.in +++ /dev/null @@ -1,20 +0,0 @@ -mydir=lib$(S)crypto$(S)openssl$(S)des -BUILDTOP=$(REL)..$(S)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. - -STLIBOBJS= des_keys.o - -OBJS= $(OUTPRE)des_keys.$(OBJEXT) - -SRCS= $(srcdir)/des_keys.c - -all-unix: all-libobjs - -includes: depend - -depend: $(SRCS) - -clean-unix:: clean-libobjs - -@libobj_frag@ - diff --git a/src/lib/crypto/openssl/des/deps b/src/lib/crypto/openssl/des/deps deleted file mode 100644 index 21b904f89..000000000 --- a/src/lib/crypto/openssl/des/deps +++ /dev/null @@ -1,15 +0,0 @@ -# -# Generated makefile dependencies follow. -# -des_keys.so des_keys.po $(OUTPRE)des_keys.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - des_keys.c diff --git a/src/lib/crypto/openssl/des/des_keys.c b/src/lib/crypto/openssl/des/des_keys.c deleted file mode 100644 index 51d9db216..000000000 --- a/src/lib/crypto/openssl/des/des_keys.c +++ /dev/null @@ -1,40 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/openssl/des/des_keys.c - Key functions used by Kerberos code */ -/* - * Copyright (C) 2011 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "crypto_int.h" -#include <openssl/des.h> - -void -k5_des_fixup_key_parity(unsigned char *keybits) -{ - DES_set_odd_parity((DES_cblock *)keybits); -} - -krb5_boolean -k5_des_is_weak_key(unsigned char *keybits) -{ - return DES_is_weak_key((DES_cblock *)keybits); -} diff --git a/src/lib/crypto/openssl/enc_provider/Makefile.in b/src/lib/crypto/openssl/enc_provider/Makefile.in index a9069d22d..2b32c3ac4 100644 --- a/src/lib/crypto/openssl/enc_provider/Makefile.in +++ b/src/lib/crypto/openssl/enc_provider/Makefile.in @@ -3,19 +3,16 @@ BUILDTOP=$(REL)..$(S)..$(S)..$(S).. LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. STLIBOBJS= \ - des3.o \ rc4.o \ aes.o \ camellia.o OBJS= \ - $(OUTPRE)des3.$(OBJEXT) \ $(OUTPRE)aes.$(OBJEXT) \ $(OUTPRE)camellia.$(OBJEXT) \ $(OUTPRE)rc4.$(OBJEXT) SRCS= \ - $(srcdir)/des3.c \ $(srcdir)/aes.c \ $(srcdir)/camellia.c \ $(srcdir)/rc4.c diff --git a/src/lib/crypto/openssl/enc_provider/deps b/src/lib/crypto/openssl/enc_provider/deps index 1c28cc842..91ba48234 100644 --- a/src/lib/crypto/openssl/enc_provider/deps +++ b/src/lib/crypto/openssl/enc_provider/deps @@ -1,17 +1,6 @@ # # Generated makefile dependencies follow. # -des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ - $(srcdir)/../crypto_mod.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des3.c aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c deleted file mode 100644 index 1c439c2cd..000000000 --- a/src/lib/crypto/openssl/enc_provider/des3.c +++ /dev/null @@ -1,184 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/openssl/enc_provider/des3.c */ -/* - * Copyright (C) 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "crypto_int.h" -#include <openssl/evp.h> - - -#define DES3_BLOCK_SIZE 8 -#define DES3_KEY_SIZE 24 -#define DES3_KEY_BYTES 21 - -static krb5_error_code -validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data, - size_t num_data, krb5_boolean *empty) -{ - size_t input_length = iov_total_length(data, num_data, FALSE); - - if (key->keyblock.length != DES3_KEY_SIZE) - return(KRB5_BAD_KEYSIZE); - if ((input_length%DES3_BLOCK_SIZE) != 0) - return(KRB5_BAD_MSIZE); - if (ivec && (ivec->length != 8)) - return(KRB5_BAD_MSIZE); - - *empty = (input_length == 0); - return 0; -} - -static krb5_error_code -k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, - size_t num_data) -{ - int ret, olen = DES3_BLOCK_SIZE; - unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE]; - struct iov_cursor cursor; - EVP_CIPHER_CTX *ctx; - krb5_boolean empty; - - ret = validate(key, ivec, data, num_data, &empty); - if (ret != 0 || empty) - return ret; - - ctx = EVP_CIPHER_CTX_new(); - if (ctx == NULL) - return ENOMEM; - - ret = EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, - key->keyblock.contents, - (ivec) ? (unsigned char*)ivec->data : NULL); - if (!ret) { - EVP_CIPHER_CTX_free(ctx); - return KRB5_CRYPTO_INTERNAL; - } - - EVP_CIPHER_CTX_set_padding(ctx,0); - - k5_iov_cursor_init(&cursor, data, num_data, DES3_BLOCK_SIZE, FALSE); - while (k5_iov_cursor_get(&cursor, iblock)) { - ret = EVP_EncryptUpdate(ctx, oblock, &olen, iblock, DES3_BLOCK_SIZE); - if (!ret) - break; - k5_iov_cursor_put(&cursor, oblock); - } - - if (ivec != NULL) - memcpy(ivec->data, oblock, DES3_BLOCK_SIZE); - - EVP_CIPHER_CTX_free(ctx); - - zap(iblock, sizeof(iblock)); - zap(oblock, sizeof(oblock)); - - if (ret != 1) - return KRB5_CRYPTO_INTERNAL; - return 0; -} - -static krb5_error_code -k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, - size_t num_data) -{ - int ret, olen = DES3_BLOCK_SIZE; - unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE]; - struct iov_cursor cursor; - EVP_CIPHER_CTX *ctx; - krb5_boolean empty; - - ret = validate(key, ivec, data, num_data, &empty); - if (ret != 0 || empty) - return ret; - - ctx = EVP_CIPHER_CTX_new(); - if (ctx == NULL) - return ENOMEM; - - ret = EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, - key->keyblock.contents, - (ivec) ? (unsigned char*)ivec->data : NULL); - if (!ret) { - EVP_CIPHER_CTX_free(ctx); - return KRB5_CRYPTO_INTERNAL; - } - - EVP_CIPHER_CTX_set_padding(ctx,0); - - k5_iov_cursor_init(&cursor, data, num_data, DES3_BLOCK_SIZE, FALSE); - while (k5_iov_cursor_get(&cursor, iblock)) { - ret = EVP_DecryptUpdate(ctx, oblock, &olen, - (unsigned char *)iblock, DES3_BLOCK_SIZE); - if (!ret) - break; - k5_iov_cursor_put(&cursor, oblock); - } - - if (ivec != NULL) - memcpy(ivec->data, iblock, DES3_BLOCK_SIZE); - - EVP_CIPHER_CTX_free(ctx); - - zap(iblock, sizeof(iblock)); - zap(oblock, sizeof(oblock)); - - if (ret != 1) - return KRB5_CRYPTO_INTERNAL; - return 0; -} - -const struct krb5_enc_provider krb5int_enc_des3 = { - DES3_BLOCK_SIZE, - DES3_KEY_BYTES, DES3_KEY_SIZE, - k5_des3_encrypt, - k5_des3_decrypt, - NULL, - krb5int_des_init_state, - krb5int_default_free_state -}; diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 75f071c3e..fcf2c2152 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -1039,7 +1039,6 @@ kg_accept_krb5(minor_status, context_handle, } switch (negotiated_etype) { - case ENCTYPE_DES3_CBC_SHA1: case ENCTYPE_ARCFOUR_HMAC: case ENCTYPE_ARCFOUR_HMAC_EXP: /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index a7e0e63ec..3bacdcd35 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -125,14 +125,14 @@ enum sgn_alg { /* SGN_ALG_DES_MAC = 0x0002, */ /* SGN_ALG_3 = 0x0003, /\* not published *\/ */ SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; */ - SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 + /* SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 */ }; enum seal_alg { SEAL_ALG_NONE = 0xffff, /* SEAL_ALG_DES = 0x0000, */ /* SEAL_ALG_1 = 0x0001, /\* not published *\/ */ SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */ - SEAL_ALG_DES3KD = 0x0002 + /* SEAL_ALG_DES3KD = 0x0002 */ }; /* for 3DES */ @@ -153,7 +153,7 @@ enum qop { GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004, GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff, /* GSS_KRB5_CONF_C_QOP_DES = 0x0100, */ - GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, + /* GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, */ GSS_KRB5_CONF_C_QOP_MASK = 0xff00 }; diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index d1cdce486..7f7146a0a 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -136,19 +136,12 @@ make_seal_token_v1 (krb5_context context, /* pad the plaintext, encrypt if needed, and stick it in the token */ - /* initialize the the checksum */ - switch (signalg) { - case SGN_ALG_HMAC_SHA1_DES3_KD: - md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; - break; - case SGN_ALG_HMAC_MD5: - md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; - if (toktype != KG_TOK_SEAL_MSG) - sign_usage = 15; - break; - default: - abort (); - } + if (signalg != SGN_ALG_HMAC_MD5) + abort(); + + md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + if (toktype != KG_TOK_SEAL_MSG) + sign_usage = 15; code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); if (code) { @@ -196,20 +189,8 @@ make_seal_token_v1 (krb5_context context, gssalloc_free(t); return(code); } - switch(signalg) { - case SGN_ALG_HMAC_SHA1_DES3_KD: - /* - * Using key derivation, the call to krb5_c_make_checksum - * already dealt with encrypting. - */ - if (md5cksum.length != cksum_size) - abort (); - memcpy (ptr+14, md5cksum.contents, md5cksum.length); - break; - case SGN_ALG_HMAC_MD5: - memcpy (ptr+14, md5cksum.contents, cksum_size); - break; - } + + memcpy (ptr+14, md5cksum.contents, cksum_size); krb5_free_checksum_contents(context, &md5cksum); diff --git a/src/lib/gssapi/krb5/k5sealiov.c b/src/lib/gssapi/krb5/k5sealiov.c index 9bb2ee109..9147bb2c7 100644 --- a/src/lib/gssapi/krb5/k5sealiov.c +++ b/src/lib/gssapi/krb5/k5sealiov.c @@ -144,18 +144,11 @@ make_seal_token_v1_iov(krb5_context context, /* pad the plaintext, encrypt if needed, and stick it in the token */ /* initialize the checksum */ - switch (ctx->signalg) { - case SGN_ALG_HMAC_SHA1_DES3_KD: - md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; - break; - case SGN_ALG_HMAC_MD5: - md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; - if (toktype != KG_TOK_WRAP_MSG) - sign_usage = 15; - break; - default: - abort (); - } + if (ctx->signalg != SGN_ALG_HMAC_MD5) + abort(); + md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + if (toktype != KG_TOK_WRAP_MSG) + sign_usage = 15; code = krb5_c_checksum_length(context, md5cksum.checksum_type, &k5_trailerlen); if (code != 0) @@ -177,15 +170,7 @@ make_seal_token_v1_iov(krb5_context context, if (code != 0) goto cleanup; - switch (ctx->signalg) { - case SGN_ALG_HMAC_SHA1_DES3_KD: - assert(md5cksum.length == ctx->cksum_size); - memcpy(ptr + 14, md5cksum.contents, md5cksum.length); - break; - case SGN_ALG_HMAC_MD5: - memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size); - break; - } + memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size); /* create the seq_num */ code = kg_make_seq_num(context, ctx->seq, ctx->initiate ? 0 : 0xFF, diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index 9b183bc33..f0cc4a680 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -131,28 +131,21 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, but few enough that we can try them all. */ if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) || - (ctx->sealalg == SEAL_ALG_DES3KD && - signalg != SGN_ALG_HMAC_SHA1_DES3_KD)|| (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 && signalg != SGN_ALG_HMAC_MD5)) { *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; } - switch (signalg) { - case SGN_ALG_HMAC_MD5: - cksum_len = 8; - if (toktype != KG_TOK_SEAL_MSG) - sign_usage = 15; - break; - case SGN_ALG_HMAC_SHA1_DES3_KD: - cksum_len = 20; - break; - default: + if (signalg != SGN_ALG_HMAC_MD5) { *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; } + cksum_len = 8; + if (toktype != KG_TOK_SEAL_MSG) + sign_usage = 15; + if ((size_t)bodysize < 14 + cksum_len) { *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; @@ -252,64 +245,53 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, /* compute the checksum of the message */ /* initialize the the cksum */ - switch (signalg) { - case SGN_ALG_HMAC_MD5: - md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; - break; - case SGN_ALG_HMAC_SHA1_DES3_KD: - md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; - break; - default: - abort (); - } + if (signalg != SGN_ALG_HMAC_MD5) + abort(); + md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); if (code) return(code); md5cksum.length = sumlen; - switch (signalg) { - default: + if (signalg != SGN_ALG_HMAC_MD5) { *minor_status = 0; return(GSS_S_DEFECTIVE_TOKEN); - - case SGN_ALG_HMAC_SHA1_DES3_KD: - case SGN_ALG_HMAC_MD5: - /* compute the checksum of the message */ - - /* 8 = bytes of token body to be checksummed according to spec */ - - if (! (data_ptr = xmalloc(8 + plainlen))) { - if (sealalg != 0xffff) - xfree(plain); - if (toktype == KG_TOK_SEAL_MSG) - gssalloc_free(token.value); - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - - (void) memcpy(data_ptr, ptr-2, 8); - - (void) memcpy(data_ptr+8, plain, plainlen); - - plaind.length = 8 + plainlen; - plaind.data = data_ptr; - code = krb5_k_make_checksum(context, md5cksum.checksum_type, - ctx->seq, sign_usage, - &plaind, &md5cksum); - xfree(data_ptr); - - if (code) { - if (toktype == KG_TOK_SEAL_MSG) - gssalloc_free(token.value); - *minor_status = code; - return(GSS_S_FAILURE); - } - - code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); - break; } + /* compute the checksum of the message */ + + /* 8 = bytes of token body to be checksummed according to spec */ + + if (! (data_ptr = xmalloc(8 + plainlen))) { + if (sealalg != 0xffff) + xfree(plain); + if (toktype == KG_TOK_SEAL_MSG) + gssalloc_free(token.value); + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + + (void) memcpy(data_ptr, ptr-2, 8); + + (void) memcpy(data_ptr+8, plain, plainlen); + + plaind.length = 8 + plainlen; + plaind.data = data_ptr; + code = krb5_k_make_checksum(context, md5cksum.checksum_type, + ctx->seq, sign_usage, + &plaind, &md5cksum); + xfree(data_ptr); + + if (code) { + if (toktype == KG_TOK_SEAL_MSG) + gssalloc_free(token.value); + *minor_status = code; + return(GSS_S_FAILURE); + } + + code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); + krb5_free_checksum_contents(context, &md5cksum); if (sealalg != 0xffff) xfree(plain); diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c index 85a9574f3..3ce2a90ce 100644 --- a/src/lib/gssapi/krb5/k5unsealiov.c +++ b/src/lib/gssapi/krb5/k5unsealiov.c @@ -102,28 +102,21 @@ kg_unseal_v1_iov(krb5_context context, } if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) || - (ctx->sealalg == SEAL_ALG_DES3KD && - signalg != SGN_ALG_HMAC_SHA1_DES3_KD)|| (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 && signalg != SGN_ALG_HMAC_MD5)) { *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; } - switch (signalg) { - case SGN_ALG_HMAC_MD5: - cksum_len = 8; - if (toktype != KG_TOK_WRAP_MSG) - sign_usage = 15; - break; - case SGN_ALG_HMAC_SHA1_DES3_KD: - cksum_len = 20; - break; - default: + if (signalg != SGN_ALG_HMAC_MD5) { *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; } + cksum_len = 8; + if (toktype != KG_TOK_WRAP_MSG) + sign_usage = 15; + /* get the token parameters */ code = kg_get_seq_num(context, ctx->seq, ptr + 14, ptr + 6, &direction, &seqnum); @@ -181,16 +174,10 @@ kg_unseal_v1_iov(krb5_context context, /* initialize the checksum */ - switch (signalg) { - case SGN_ALG_HMAC_MD5: - md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; - break; - case SGN_ALG_HMAC_SHA1_DES3_KD: - md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; - break; - default: + if (signalg != SGN_ALG_HMAC_MD5) abort(); - } + + md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); if (code != 0) { @@ -209,18 +196,13 @@ kg_unseal_v1_iov(krb5_context context, goto cleanup; } - switch (signalg) { - case SGN_ALG_HMAC_SHA1_DES3_KD: - case SGN_ALG_HMAC_MD5: - code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); - break; - default: + if (signalg != SGN_ALG_HMAC_MD5) { code = 0; retval = GSS_S_DEFECTIVE_TOKEN; goto cleanup; - break; } + code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); if (code != 0) { code = 0; retval = GSS_S_BAD_SIG; diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c index 84f194988..32150f5e3 100644 --- a/src/lib/gssapi/krb5/util_crypt.c +++ b/src/lib/gssapi/krb5/util_crypt.c @@ -97,17 +97,6 @@ kg_setup_keys(krb5_context context, krb5_gss_ctx_id_rec *ctx, krb5_key subkey, return code; switch (subkey->keyblock.enctype) { - case ENCTYPE_DES3_CBC_SHA1: - code = kg_copy_keys(context, ctx, subkey); - if (code != 0) - return code; - - ctx->enc->keyblock.enctype = ENCTYPE_DES3_CBC_RAW; - ctx->seq->keyblock.enctype = ENCTYPE_DES3_CBC_RAW; - ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD; - ctx->cksum_size = 20; - ctx->sealalg = SEAL_ALG_DES3KD; - break; case ENCTYPE_ARCFOUR_HMAC: case ENCTYPE_ARCFOUR_HMAC_EXP: /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" enctype, diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index aa35baa3c..bfa99d9eb 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -59,7 +59,6 @@ static krb5_enctype default_enctype_list[] = { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, - ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC, 0 @@ -467,8 +466,6 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey, /* Set all enctypes in the default list. */ for (i = 0; default_list[i]; i++) mod_list(default_list[i], sel, weak, &list); - } else if (strcasecmp(token, "des3") == 0) { - mod_list(ENCTYPE_DES3_CBC_SHA1, sel, weak, &list); } else if (strcasecmp(token, "aes") == 0) { mod_list(ENCTYPE_AES256_CTS_HMAC_SHA1_96, sel, weak, &list); mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, &list); diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c index 44d113e7c..966278578 100644 --- a/src/lib/krb5/krb/s4u_creds.c +++ b/src/lib/krb5/krb/s4u_creds.c @@ -288,8 +288,6 @@ verify_s4u2self_reply(krb5_context context, assert(req_s4u_user != NULL); switch (subkey->enctype) { - case ENCTYPE_DES3_CBC_SHA1: - case ENCTYPE_DES3_CBC_RAW: case ENCTYPE_ARCFOUR_HMAC: case ENCTYPE_ARCFOUR_HMAC_EXP : not_newer = TRUE; diff --git a/src/lib/krb5/krb/t_etypes.c b/src/lib/krb5/krb/t_etypes.c index 90c9f626c..935aca12f 100644 --- a/src/lib/krb5/krb/t_etypes.c +++ b/src/lib/krb5/krb/t_etypes.c @@ -50,17 +50,6 @@ static struct { { ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }, 0, 0 }, - /* Family followed by enctype */ - { "aes des3-cbc-sha1-kd", - { 0 }, - { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, - ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, - ENCTYPE_DES3_CBC_SHA1, 0 }, - { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, - ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, - ENCTYPE_DES3_CBC_SHA1, 0 }, - 0, 0 - }, /* Family with enctype removed */ { "camellia -camellia256-cts-cmac", { 0 }, @@ -69,46 +58,15 @@ static struct { }, /* Default set with family added and enctype removed */ { "DEFAULT +aes -arcfour-hmac-md5", - { ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES3_CBC_SHA1, 0 }, - { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96, + { ENCTYPE_ARCFOUR_HMAC, 0 }, + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, 0 }, - { ENCTYPE_DES3_CBC_SHA1, - ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, 0 }, 0, 0 }, - /* Default set with families removed and enctypes added (one redundant) */ - { "DEFAULT -des3 rc4-hmac rc4-hmac-exp", - { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, - ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, 0 }, - { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, - ENCTYPE_ARCFOUR_HMAC, 0 }, - { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, - ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC_EXP, 0 }, - 0, 0 - }, - /* Default set with family moved to front */ - { "des3 +DEFAULT", - { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, - ENCTYPE_DES3_CBC_SHA1, 0 }, - { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96, - ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 }, - { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96, - ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 }, - 0, 0 - }, - /* Two families with default set removed (exotic case), enctype added */ - { "aes +rc4 -DEFaulT des3-hmac-sha1", - { ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_DES3_CBC_SHA1, - ENCTYPE_ARCFOUR_HMAC, 0 }, - { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, - ENCTYPE_AES128_CTS_HMAC_SHA256_128, ENCTYPE_DES3_CBC_SHA1, 0 }, - { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, - ENCTYPE_AES128_CTS_HMAC_SHA256_128, ENCTYPE_DES3_CBC_SHA1, 0 }, - 0, 0 - }, /* Test krb5_set_default_in_tkt_ktypes */ { NULL, { ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }, diff --git a/src/lib/krb5/os/t_trace.c b/src/lib/krb5/os/t_trace.c index 10ba8d0ac..24064ffcf 100644 --- a/src/lib/krb5/os/t_trace.c +++ b/src/lib/krb5/os/t_trace.c @@ -65,8 +65,8 @@ main (int argc, char *argv[]) krb5_principal princ = &principal_data; krb5_pa_data padata, padata2, **padatap; krb5_enctype enctypes[4] = { - ENCTYPE_DES3_CBC_SHA, ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_UNKNOWN, - ENCTYPE_NULL}; + ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_ARCFOUR_HMAC_EXP, + ENCTYPE_UNKNOWN, ENCTYPE_NULL}; krb5_ccache ccache; krb5_keytab keytab; krb5_creds creds; diff --git a/src/lib/krb5/os/t_trace.ref b/src/lib/krb5/os/t_trace.ref index 044a66999..98fb14f3f 100644 --- a/src/lib/krb5/os/t_trace.ref +++ b/src/lib/krb5/os/t_trace.ref @@ -41,7 +41,7 @@ int, krb5_principal type: ? krb5_pa_data **, display list of padata type numbers: PA-PW-SALT (3), 0 krb5_pa_data **, display list of padata type numbers: (empty) krb5_enctype, display shortest name of enctype: aes128-cts -krb5_enctype *, display list of enctypes: 5, rc4-hmac-exp, 511 +krb5_enctype *, display list of enctypes: aes128-cts, rc4-hmac-exp, 511 krb5_enctype *, display list of enctypes: (empty) krb5_ccache, display type:name: FILE:/path/to/ccache krb5_keytab, display name: FILE:/etc/krb5.keytab diff --git a/src/plugins/preauth/pkinit/pkcs11.h b/src/plugins/preauth/pkinit/pkcs11.h index e3d284631..586661bb7 100644 --- a/src/plugins/preauth/pkinit/pkcs11.h +++ b/src/plugins/preauth/pkinit/pkcs11.h @@ -339,9 +339,9 @@ typedef unsigned long ck_key_type_t; #define CKK_GENERIC_SECRET (0x10) #define CKK_RC2 (0x11) #define CKK_RC4 (0x12) -#define CKK_DES (0x13) -#define CKK_DES2 (0x14) -#define CKK_DES3 (0x15) +/* #define CKK_DES (0x13) */ +/* #define CKK_DES2 (0x14) */ +/* #define CKK_DES3 (0x15) */ #define CKK_CAST (0x16) #define CKK_CAST3 (0x17) #define CKK_CAST128 (0x18) diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c index 2817cc213..a385da7c3 100644 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c @@ -212,14 +212,6 @@ pkinit_as_req_create(krb5_context context, auth_pack.clientPublicValue = &info; auth_pack.supportedKDFs = (krb5_data **)supported_kdf_alg_ids; - /* add List of CMS algorithms */ - retval = create_krb5_supportedCMSTypes(context, plgctx->cryptoctx, - reqctx->cryptoctx, - reqctx->idctx, &cmstypes); - auth_pack.supportedCMSTypes = cmstypes; - if (retval) - goto cleanup; - switch(protocol) { case DH_PROTOCOL: TRACE_PKINIT_CLIENT_REQ_DH(context); diff --git a/src/plugins/preauth/pkinit/pkinit_crypto.h b/src/plugins/preauth/pkinit/pkinit_crypto.h index 77d5c61fe..1f9868351 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto.h +++ b/src/plugins/preauth/pkinit/pkinit_crypto.h @@ -380,18 +380,6 @@ krb5_error_code server_process_dh unsigned int *server_key_len_out); /* OUT receives length of DH secret key */ -/* - * this functions takes in crypto specific representation of - * supportedCMSTypes and creates a list of - * krb5_algorithm_identifier - */ -krb5_error_code create_krb5_supportedCMSTypes - (krb5_context context, /* IN */ - pkinit_plg_crypto_context plg_cryptoctx, /* IN */ - pkinit_req_crypto_context req_cryptoctx, /* IN */ - pkinit_identity_crypto_context id_cryptoctx, /* IN */ - krb5_algorithm_identifier ***supportedCMSTypes); /* OUT */ - /* * this functions takes in crypto specific representation of * trustedCertifiers and creates a list of diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index e5940a513..e1153344e 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -5486,44 +5486,6 @@ cleanup: return retval; } -krb5_error_code -create_krb5_supportedCMSTypes(krb5_context context, - pkinit_plg_crypto_context plg_cryptoctx, - pkinit_req_crypto_context req_cryptoctx, - pkinit_identity_crypto_context id_cryptoctx, - krb5_algorithm_identifier ***oids) -{ - - krb5_error_code retval = ENOMEM; - krb5_algorithm_identifier **loids = NULL; - krb5_data des3oid = {0, 8, "\x2A\x86\x48\x86\xF7\x0D\x03\x07" }; - - *oids = NULL; - loids = malloc(2 * sizeof(krb5_algorithm_identifier *)); - if (loids == NULL) - goto cleanup; - loids[1] = NULL; - loids[0] = malloc(sizeof(krb5_algorithm_identifier)); - if (loids[0] == NULL) { - free(loids); - goto cleanup; - } - retval = pkinit_copy_krb5_data(&loids[0]->algorithm, &des3oid); - if (retval) { - free(loids[0]); - free(loids); - goto cleanup; - } - loids[0]->parameters.length = 0; - loids[0]->parameters.data = NULL; - - *oids = loids; - retval = 0; -cleanup: - - return retval; -} - krb5_error_code create_krb5_trustedCertifiers(krb5_context context, pkinit_plg_crypto_context plg_cryptoctx, diff --git a/src/plugins/preauth/pkinit/pkinit_kdf_test.c b/src/plugins/preauth/pkinit/pkinit_kdf_test.c index 7acbd0d28..cd998a29a 100644 --- a/src/plugins/preauth/pkinit/pkinit_kdf_test.c +++ b/src/plugins/preauth/pkinit/pkinit_kdf_test.c @@ -49,7 +49,6 @@ char eighteen_bs[9]; char party_u_name[] = "lha@SU.SE"; char party_v_name[] = "krbtgt/SU.SE@SU.SE"; int enctype_aes = ENCTYPE_AES256_CTS_HMAC_SHA1_96; -int enctype_des3 = ENCTYPE_DES3_CBC_SHA1; const krb5_data lha_data = DATA_FROM_STRING("lha"); krb5_octet key1_hex[] = @@ -185,36 +184,6 @@ main(int argc, char **argv) goto cleanup; } - /* TEST 3: SHA-512/DES3 */ - /* set up algorithm id */ - alg_id.algorithm.data = (char *)krb5_pkinit_sha512_oid; - alg_id.algorithm.length = krb5_pkinit_sha512_oid_len; - - enctype = enctype_des3; - - /* call pkinit_alg_agility_kdf() with test vector values*/ - if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, - &alg_id.algorithm, - u_principal, v_principal, - enctype, &as_req, &pk_as_rep, - &key_block))) { - printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d", - retval); - goto cleanup; - } - - /* compare key to expected key value */ - - if ((key_block.length == sizeof(key3_hex)) && - (0 == memcmp(key_block.contents, key3_hex, key_block.length))) { - printf("SUCCESS: TEST 3 (SHA-512/DES3), Correct key value generated.\n"); - retval = 0; - } else { - printf("FAILURE: TEST 2 (SHA-512/DES3), Incorrect key value generated!\n"); - retval = 1; - goto cleanup; - } - cleanup: /* release all allocated resources, whether good or bad return */ free(secret.data); diff --git a/src/plugins/preauth/spake/t_vectors.c b/src/plugins/preauth/spake/t_vectors.c index 2279202d3..96b0307d7 100644 --- a/src/plugins/preauth/spake/t_vectors.c +++ b/src/plugins/preauth/spake/t_vectors.c @@ -56,31 +56,6 @@ struct test { const char *K2; const char *K3; } tests[] = { - { ENCTYPE_DES3_CBC_SHA1, SPAKE_GROUP_EDWARDS25519, - /* initial key, w, x, y, T, S, K */ - "850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E", - "686D84730CB8679AE95416C6567C6A63F2C9CEF124F7A3371AE81E11CAD42A37", - "201012D07BFD48DDFA33C4AAC4FB1E229FB0D043CFE65EBFB14399091C71A723", - "500B294797B8B042ACA1BEDC0F5931A4F52C537B3608B2D05CC8A2372F439F25", - "18F511E750C97B592ACD30DB7D9E5FCA660389102E6BF610C1BFBED4616C8362", - "5D10705E0D1E43D5DBF30240CCFBDE4A0230C70D4C79147AB0B317EDAD2F8AE7", - "25BDE0D875F0FEB5755F45BA5E857889D916ECF7476F116AA31DC3E037EC4292", - /* support, challenge, thash, body */ - "A0093007A0053003020101", - "A1363034A003020101A122042018F511E750C97B592ACD30DB7D9E5FCA660389" - "102E6BF610C1BFBED4616C8362A20930073005A003020101", - "EAAA08807D0616026FF51C849EFBF35BA0CE3C5300E7D486DA46351B13D4605B", - "3075A00703050000000000A1143012A003020101A10B30091B07726165627572" - "6EA2101B0E415448454E412E4D49542E454455A3233021A003020102A11A3018" - "1B066B72627467741B0E415448454E412E4D49542E454455A511180F31393730" - "303130313030303030305AA703020100A8053003020110", - /* K'[0], K'[1], K'[2], K'[3] */ - "BAF12FAE7CD958CBF1A29BFBC71F89CE49E03E295D89DAFD", - "64F73DD9C41908206BCEC1F719026B574F9D13463D7A2520", - "0454520B086B152C455829E6BAEFF78A61DFE9E3D04A895D", - "4A92260B25E3EF94C125D5C24C3E5BCED5B37976E67F25C4", - }, - { ENCTYPE_ARCFOUR_HMAC, SPAKE_GROUP_EDWARDS25519, /* initial key, w, x, y, T, S, K */ "8846F7EAEE8FB117AD06BDD830B7586C", diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index 85bbf478a..302dee74c 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -15,8 +15,6 @@ set timeout 100 set stty_init {erase \^h kill \^u} set env(TERM) dumb -set des3_krbtgt 0 - if { [string length $VALGRIND] } { rename spawn valgrind_aux_spawn proc spawn { args } { @@ -105,17 +103,9 @@ if { $PRIOCNTL_HACK } { # particularly with regards to encryption types. set passes { - { - des3 - mode=udp - des3_krbtgt=1 - {supported_enctypes=des3-cbc-sha1:normal} - {dummy=[verbose -log "DES3 TGT, DES3 enctype"]} - } { aes-only mode=udp - des3_krbtgt=0 {supported_enctypes=aes256-cts-hmac-sha1-96:normal} {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96} {permitted_enctypes(client)=aes256-cts-hmac-sha1-96} @@ -130,7 +120,6 @@ set passes { { aes-sha2-only mode=udp - des3_krbtgt=0 {supported_enctypes=aes256-sha2:normal} {permitted_enctypes(kdc)=aes256-sha2} {permitted_enctypes(replica)=aes256-sha2} @@ -146,7 +135,6 @@ set passes { { camellia-only mode=udp - des3_krbtgt=0 {supported_enctypes=camellia256-cts:normal} {permitted_enctypes(kdc)=camellia256-cts} {permitted_enctypes(replica)=camellia256-cts} @@ -159,32 +147,9 @@ set passes { {master_key_type=camellia256-cts} {dummy=[verbose -log "Camellia-256 enctype"]} } - { - aes-des3 - mode=udp - des3_krbtgt=0 - {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal} - {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} - {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} - {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} - {master_key_type=aes256-cts-hmac-sha1-96} - {dummy=[verbose -log "AES + DES3 + DES enctypes"]} - } - { - aes-des3tgt - mode=udp - des3_krbtgt=1 - {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal} - {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} - {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} - {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} - {master_key_type=aes256-cts-hmac-sha1-96} - {dummy=[verbose -log "AES enctypes, DES3 TGT"]} - } { all-enctypes mode=udp - des3_krbtgt=0 {allow_weak_crypto(kdc)=false} {allow_weak_crypto(replica)=false} {allow_weak_crypto(client)=false} @@ -946,7 +911,6 @@ proc setup_kerberos_db { standalone } { global REALMNAME KDB5_UTIL KADMIN_LOCAL KEY global tmppwd hostname global spawn_id - global des3_krbtgt global multipass_name last_passname_db set failall 0 @@ -1143,48 +1107,6 @@ proc setup_kerberos_db { standalone } { } } - if $des3_krbtgt { - # Set the TGT key to DES3. - set test "kadmin.local TGT to DES3" - set body { - if $failall { - break - } - spawn $KADMIN_LOCAL -r $REALMNAME -e des3-cbc-sha1:normal - verbose "starting $test" - expect_after $def_exp_after - - expect "kadmin.local: " - send "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r" - # It echos... - expect "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r" - expect { - "Key for \"krbtgt/$REALMNAME@$REALMNAME\" randomized." { } - } - expect "kadmin.local: " - send "quit\r" - expect eof - catch expect_after - if ![check_exit_status kadmin_local] { - break - } - } - set ret [catch $body] - catch "expect eof" - catch expect_after - if $ret { - set failall 1 - if $standalone { - fail $test - } else { - delete_db - } - } else { - if $standalone { - pass $test - } - } - } envstack_pop # create the admin database lock file diff --git a/src/tests/dejagnu/krb-standalone/kprop.exp b/src/tests/dejagnu/krb-standalone/kprop.exp index 661e3fd9a..2b8f60045 100644 --- a/src/tests/dejagnu/krb-standalone/kprop.exp +++ b/src/tests/dejagnu/krb-standalone/kprop.exp @@ -54,7 +54,7 @@ proc doit { } { global REALMNAME KEY global KADMIN_LOCAL KTUTIL KDB5_UTIL KPROPLOG KPROP kpropd_spawn_id global hostname tmppwd spawn_id timeout - global KRBIV supported_enctypes portbase mode ulog des3_krbtgt + global KRBIV supported_enctypes portbase mode ulog # Delete any db, ulog files delete_db diff --git a/src/tests/gssapi/t_enctypes.py b/src/tests/gssapi/t_enctypes.py index 7494d7fcd..2f95d8996 100755 --- a/src/tests/gssapi/t_enctypes.py +++ b/src/tests/gssapi/t_enctypes.py @@ -1,24 +1,17 @@ from k5test import * -# Define some convenience abbreviations for enctypes we will see in -# test program output. For background, aes256 and aes128 are "CFX -# enctypes", meaning that they imply support for RFC 4121, while des3 -# and rc4 are not. DES3 keys will appear as 'des3-cbc-raw' in -# t_enctypes output because that's how GSSAPI does raw triple-DES -# encryption without the RFC3961 framing. +# Define some convenience abbreviations for enctypes we will see in test +# program output. For background, aes256 and aes128 are "CFX enctypes", +# meaning that they imply support for RFC 4121, while rc4 does not. aes256 = 'aes256-cts-hmac-sha1-96' aes128 = 'aes128-cts-hmac-sha1-96' -des3 = 'des3-cbc-sha1' -d_des3 = 'DEPRECATED:des3-cbc-sha1' -des3raw = 'des3-cbc-raw' -d_des3raw = 'DEPRECATED:des3-cbc-raw' rc4 = 'arcfour-hmac' d_rc4 = 'DEPRECATED:arcfour-hmac' # These tests make assumptions about the default enctype lists, so set # them explicitly rather than relying on the library defaults. -supp='aes256-cts:normal aes128-cts:normal des3-cbc-sha1:normal rc4-hmac:normal' -conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4'}, +supp='aes256-cts:normal aes128-cts:normal rc4-hmac:normal' +conf = {'libdefaults': {'permitted_enctypes': 'aes rc4'}, 'realms': {'$realm': {'supported_enctypes': supp}}} realm = K5Realm(krb5_conf=conf) shutil.copyfile(realm.ccache, os.path.join(realm.testdir, 'save')) @@ -87,19 +80,12 @@ test('both aes128', 'aes128-cts', 'aes128-cts', test_err('acc aes128', None, 'aes128-cts', 'Encryption type aes256-cts-hmac-sha1-96 not permitted') -# If the initiator constrains the permitted session enctypes to des3, -# no acceptor subkey will be generated because we can't upgrade to a -# CFX enctype. -test('init des3', 'des3', None, - tktenc=aes256, tktsession=d_des3, - proto='rfc1964', isubkey=des3raw, asubkey=None) - # Force the ticket session key to be rc4, so we can test some subkey # upgrade cases. The ticket encryption key remains aes256. realm.run([kadminl, 'setstr', realm.host_princ, 'session_enctypes', 'rc4']) # With no arguments, the initiator should send an upgrade list of -# [aes256 aes128 des3] and the acceptor should upgrade to an aes256 +# [aes256 aes128] and the acceptor should upgrade to an aes256 # subkey. test('upgrade noargs', None, None, tktenc=aes256, tktsession=d_rc4, @@ -115,13 +101,6 @@ test('upgrade init aes128+rc4', 'aes128-cts rc4', None, tktenc=aes256, tktsession=d_rc4, proto='cfx', isubkey=rc4, asubkey=aes128) -# If the initiator permits rc4 but prefers des3, it will send an -# upgrade list of [des3], but the acceptor won't generate a subkey -# because des3 isn't a CFX enctype. -test('upgrade init des3+rc4', 'des3 rc4', None, - tktenc=aes256, tktsession=d_rc4, - proto='rfc1964', isubkey=rc4, asubkey=None) - # If the acceptor permits only aes128, subkey negotiation will fail # because the ticket session key and initiator subkey are # non-permitted. (This is unfortunate if the acceptor's restriction diff --git a/src/tests/gssapi/t_invalid.c b/src/tests/gssapi/t_invalid.c index 9876a11e6..fb8fe5511 100644 --- a/src/tests/gssapi/t_invalid.c +++ b/src/tests/gssapi/t_invalid.c @@ -84,18 +84,6 @@ struct test { size_t toklen; const char *token; } tests[] = { - { - ENCTYPE_DES3_CBC_SHA1, ENCTYPE_DES3_CBC_RAW, - SEAL_ALG_DES3KD, SGN_ALG_HMAC_SHA1_DES3_KD, 20, - 24, - "\x4F\xEA\x19\x19\x5E\x0E\x10\xDF\x3D\x29\xB5\x13\x8F\x01\xC7\xA7" - "\x92\x3D\x38\xF7\x26\x73\x0D\x6D", - 65, - "\x60\x3F\x06\x09\x2A\x86\x48\x86\xF7\x12\x01\x02\x02\x02\x01\x04" - "\x00\x02\x00\xFF\xFF\xEB\xF3\x9A\x89\x24\x57\xB8\x63\x95\x25\xE8" - "\x6E\x8E\x79\xE6\x2E\xCA\xD3\xFF\x57\x9F\x8C\xAB\xEF\xDD\x28\x10" - "\x2F\x93\x21\x2E\xF2\x52\xB6\x6F\xA8\xBB\x8A\x6D\xAA\x6F\xB7\xF4\xD4" - }, { ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC, SEAL_ALG_MICROSOFT_RC4, SGN_ALG_HMAC_MD5, 8, diff --git a/src/tests/gssapi/t_pcontok.c b/src/tests/gssapi/t_pcontok.c index 7368f752f..bf22bd3da 100644 --- a/src/tests/gssapi/t_pcontok.c +++ b/src/tests/gssapi/t_pcontok.c @@ -43,7 +43,6 @@ #include "k5-int.h" #include "common.h" -#define SGN_ALG_HMAC_SHA1_DES3_KD 0x04 #define SGN_ALG_HMAC_MD5 0x11 /* @@ -77,17 +76,12 @@ make_delete_token(gss_krb5_lucid_context_v1_t *lctx, gss_buffer_desc *out) ret = krb5_k_create_key(context, &seqkb, &seq); check_k5err(context, "krb5_k_create_key", ret); - if (signalg == SGN_ALG_HMAC_SHA1_DES3_KD) { - cktype = CKSUMTYPE_HMAC_SHA1_DES3; - cksize = 20; - ckusage = 23; - } else if (signalg == SGN_ALG_HMAC_MD5) { - cktype = CKSUMTYPE_HMAC_MD5_ARCFOUR; - cksize = 8; - ckusage = 15; - } else { + if (signalg != SGN_ALG_HMAC_MD5) abort(); - } + + cktype = CKSUMTYPE_HMAC_MD5_ARCFOUR; + cksize = 8; + ckusage = 15; tlen = 20 + mech_krb5.length + cksize; token = malloc(tlen); diff --git a/src/tests/gssapi/t_prf.c b/src/tests/gssapi/t_prf.c index f71774cdc..d1857c433 100644 --- a/src/tests/gssapi/t_prf.c +++ b/src/tests/gssapi/t_prf.c @@ -41,13 +41,6 @@ static struct { const char *key2; const char *out2; } tests[] = { - { ENCTYPE_DES3_CBC_SHA1, - "70378A19CD64134580C27C0115D6B34A1CF2FEECEF9886A2", - "9F8D127C520BB826BFF3E0FE5EF352389C17E0C073D9" - "AC4A333D644D21BA3EF24F4A886D143F85AC9F6377FB", - "3452A167DF1094BA1089E0A20E9E51ABEF1525922558B69E", - "6BF24FABC858F8DD9752E4FCD331BB831F238B5BE190" - "4EEA42E38F7A60C588F075C5C96A67E7F8B7BD0AECF4" }, { ENCTYPE_ARCFOUR_HMAC, "3BB3AE288C12B3B9D06B208A4151B3B6", "9AEA11A3BCF3C53F1F91F5A0BA2132E2501ADF5F3C28" diff --git a/src/tests/t_authdata.py b/src/tests/t_authdata.py index 3fa957ad2..2e01f46bc 100644 --- a/src/tests/t_authdata.py +++ b/src/tests/t_authdata.py @@ -174,7 +174,7 @@ realm.run([kvno, 'restricted']) # preferred krbtgt enctype changes. mark('#8139 regression test') realm.kinit(realm.user_princ, password('user'), ['-f']) -realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'des3-cbc-sha1', +realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'aes256-sha2', realm.krbtgt_princ]) realm.run(['./forward']) realm.run([kvno, realm.host_princ]) diff --git a/src/tests/t_etype_info.py b/src/tests/t_etype_info.py index c982508d8..96e90a69d 100644 --- a/src/tests/t_etype_info.py +++ b/src/tests/t_etype_info.py @@ -1,6 +1,6 @@ from k5test import * -supported_enctypes = 'aes128-cts des3-cbc-sha1 rc4-hmac' +supported_enctypes = 'aes128-cts rc4-hmac' conf = {'libdefaults': {'allow_weak_crypto': 'true'}, 'realms': {'$realm': {'supported_enctypes': supported_enctypes}}} realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf) @@ -26,9 +26,9 @@ def test_etinfo(princ, enctypes, expected_lines): # With no newer enctypes in the request, PA-ETYPE-INFO2, # PA-ETYPE-INFO, and PA-PW-SALT appear in the AS-REP, each listing one # key for the most preferred matching enctype. -test_etinfo('user', 'rc4-hmac-exp des3 rc4', - ['asrep etype_info2 des3-cbc-sha1 KRBTEST.COMuser', - 'asrep etype_info des3-cbc-sha1 KRBTEST.COMuser', +test_etinfo('user', 'rc4-hmac-exp rc4', + ['asrep etype_info2 rc4-hmac KRBTEST.COMuser', + 'asrep etype_info rc4-hmac KRBTEST.COMuser', 'asrep pw_salt KRBTEST.COMuser']) # With a newer enctype in the request (even if it is not the most @@ -39,9 +39,9 @@ test_etinfo('user', 'rc4 aes256-cts', # In preauth-required errors, PA-PW-SALT does not appear, but the same # etype-info2 values are expected. -test_etinfo('preauthuser', 'rc4-hmac-exp des3 rc4', - ['error etype_info2 des3-cbc-sha1 KRBTEST.COMpreauthuser', - 'error etype_info des3-cbc-sha1 KRBTEST.COMpreauthuser']) +test_etinfo('preauthuser', 'rc4-hmac-exp rc4', + ['error etype_info2 rc4-hmac KRBTEST.COMpreauthuser', + 'error etype_info rc4-hmac KRBTEST.COMpreauthuser']) test_etinfo('preauthuser', 'rc4 aes256-cts', ['error etype_info2 rc4-hmac KRBTEST.COMpreauthuser']) @@ -50,8 +50,8 @@ test_etinfo('preauthuser', 'rc4 aes256-cts', # (to allow for preauth mechs which don't depend on long-term keys). # An AS-REP cannot be generated without preauth as there is no reply # key. -test_etinfo('rc4user', 'des3', []) -test_etinfo('nokeyuser', 'des3', []) +test_etinfo('rc4user', 'aes128-cts', []) +test_etinfo('nokeyuser', 'aes128-cts', []) # Verify that etype-info2 is included in a MORE_PREAUTH_DATA_REQUIRED # error if the client does optimistic preauth. diff --git a/src/tests/t_keyrollover.py b/src/tests/t_keyrollover.py index 2c825a692..f29e0d550 100755 --- a/src/tests/t_keyrollover.py +++ b/src/tests/t_keyrollover.py @@ -37,9 +37,9 @@ realm.run([klist, '-e'], expected_msg=msg) # Test that the KDC only accepts the first enctype for a kvno, for a # local-realm TGS request. To set this up, we abuse an edge-case -# behavior of modprinc -kvno. First, set up a DES3 krbtgt entry at +# behavior of modprinc -kvno. First, set up an aes128-sha2 krbtgt entry at # kvno 1 and cache a krbtgt ticket. -realm.run([kadminl, 'cpw', '-randkey', '-e', 'des3-cbc-sha1', +realm.run([kadminl, 'cpw', '-randkey', '-e', 'aes128-cts-hmac-sha256-128', realm.krbtgt_princ]) realm.run([kadminl, 'modprinc', '-kvno', '1', realm.krbtgt_princ]) realm.kinit(realm.user_princ, password('user')) @@ -50,9 +50,9 @@ realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'aes256-cts', realm.run([kadminl, 'modprinc', '-kvno', '1', realm.krbtgt_princ]) out = realm.run([kadminl, 'getprinc', realm.krbtgt_princ]) if 'vno 1, aes256-cts' not in out or \ - 'vno 1, DEPRECATED:des3-cbc-sha1' not in out: + 'vno 1, aes128-cts-hmac-sha256-128' not in out: fail('keyrollover: setup for TGS enctype test failed') -# Now present the DES3 ticket to the KDC and make sure it's rejected. +# Now present the aes128-sha2 ticket to the KDC and make sure it's rejected. realm.run([kvno, realm.host_princ], expected_code=1) realm.stop() diff --git a/src/tests/t_mkey.py b/src/tests/t_mkey.py index 32f4070bc..da0ed1831 100755 --- a/src/tests/t_mkey.py +++ b/src/tests/t_mkey.py @@ -7,7 +7,6 @@ import struct # default enctype for master keys. aes256 = 'aes256-cts-hmac-sha1-96' aes128 = 'aes128-cts-hmac-sha1-96' -des3 = 'des3-cbc-sha1' defetype = aes256 realm = K5Realm(create_host=False, start_kadmind=True) @@ -300,40 +299,6 @@ if 'Decrypt integrity check failed' in out or 'added to keytab' not in out: realm.stop() -# Load a dump file created with krb5 1.6, before the master key -# rollover changes were introduced. Write out an old-format stash -# file consistent with the dump's master password ("footes"). The K/M -# entry in this database will not have actkvno tl-data because it was -# created prior to master key rollover support. Verify that: -# 1. We can access the database using the old-format stash file. -# 2. list_mkeys displays the same list as for a post-1.7 KDB. -mark('pre-1.7 stash file') -dumpfile = os.path.join(srctop, 'tests', 'dumpfiles', 'dump.16') -os.remove(stash_file) -f = open(stash_file, 'wb') -f.write(struct.pack('=HL24s', 16, 24, - b'\xF8\x3E\xFB\xBA\x6D\x80\xD9\x54\xE5\x5D\xF2\xE0' - b'\x94\xAD\x6D\x86\xB5\x16\x37\xEC\x7C\x8A\xBC\x86')) -f.close() -realm.run([kdb5_util, 'load', dumpfile]) -nprincs = len(realm.run([kadminl, 'listprincs']).splitlines()) -check_mkvno('K/M', 1) -check_mkey_list((1, des3, True, True)) - -# Create a new master key and verify that, without actkvkno tl-data: -# 1. list_mkeys displays the same as for a post-1.7 KDB. -# 2. update_princ_encryption still targets mkvno 1. -# 3. libkadm5 still uses mkvno 1 for key changes. -# 4. use_mkey creates the same list as for a post-1.7 KDB. -mark('rollover from pre-1.7 KDB') -add_mkey([]) -check_mkey_list((2, defetype, False, False), (1, des3, True, True)) -update_princ_encryption(False, 1, 0, nprincs - 1) -realm.run([kadminl, 'addprinc', '-randkey', realm.user_princ]) -check_mkvno(realm.user_princ, 1) -realm.run([kdb5_util, 'use_mkey', '2', 'now-1day']) -check_mkey_list((2, defetype, True, True), (1, des3, True, False)) - # Regression test for #8395. Purge the master key and verify that a # master key fetch does not segfault. mark('#8395 regression test') diff --git a/src/tests/t_salt.py b/src/tests/t_salt.py index 65084bbf3..55ca89745 100755 --- a/src/tests/t_salt.py +++ b/src/tests/t_salt.py @@ -16,13 +16,12 @@ def test_salt(realm, e1, salt, e2): # Enctype/salt pairs chosen with non-default salt types. # The enctypes are mostly arbitrary. -salts = [('des3-cbc-sha1', 'norealm'), +salts = [('aes128-cts-hmac-sha1-96', 'norealm'), ('arcfour-hmac', 'onlyrealm'), ('aes128-cts-hmac-sha1-96', 'special')] # These enctypes are chosen to cover the different string-to-key routines. # Omit ":normal" from aes256 to check that salttype defaulting works. -second_kstypes = ['aes256-cts-hmac-sha1-96', 'arcfour-hmac:normal', - 'des3-cbc-sha1:normal'] +second_kstypes = ['aes256-cts-hmac-sha1-96', 'arcfour-hmac:normal'] # Test using different salt types in a principal's key list. # Parameters from one key in the list must not leak over to later ones. diff --git a/src/util/k5test.py b/src/util/k5test.py index 6afe4b92c..789b0f4b9 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -1278,13 +1278,6 @@ _passes = [ # No special settings; exercises AES256. ('default', None, None, None), - # Exercise the DES3 enctype. - ('des3', None, - {'libdefaults': {'permitted_enctypes': 'des3'}}, - {'realms': {'$realm': { - 'supported_enctypes': 'des3-cbc-sha1:normal', - 'master_key_type': 'des3-cbc-sha1'}}}), - # Exercise the arcfour enctype. ('arcfour', None, {'libdefaults': {'permitted_enctypes': 'rc4'}}, diff --git a/src/windows/leash/htmlhelp/html/Encryption_Types.htm b/src/windows/leash/htmlhelp/html/Encryption_Types.htm index 1aebdd0b4..c38eefd2b 100644 --- a/src/windows/leash/htmlhelp/html/Encryption_Types.htm +++ b/src/windows/leash/htmlhelp/html/Encryption_Types.htm @@ -79,19 +79,6 @@ will have an entry in the Encryption type column. <br> <th>Description</th> </tr> <tr> -<th id="th2"> des3- </th> - <td> The triple DES family improves on -the original DES (Data Encryption Standard) by using 3 separate 56-bit -keys. Some modes of 3DES are considered weak while others are strong -(if slow). <ul id="helpul"> -<li> des3-cbc-sha1</li> -<li> des3-cbc-raw (<b>weak</b>) </li> -<li>des3-hmac-sha1 </li> -<li>des3-cbc-sha1-kd </li> -</ul> -</td> - </tr> -<tr> <th id="th2"> aes </th> <td>The AES Advanced Encryption Standard family, like 3DES, is a symmetric block cipher and was designed
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2