[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
shishi ./NEWS ./configure.ac lib/crypto-rc4.c
From: |
shishi-commit |
Subject: |
shishi ./NEWS ./configure.ac lib/crypto-rc4.c |
Date: |
Fri, 19 Sep 2003 16:29:06 -0400 |
CVSROOT: /cvsroot/shishi
Module name: shishi
Branch:
Changes by: Simon Josefsson <address@hidden> 03/09/19 16:29:06
Modified files:
. : NEWS configure.ac
lib : crypto-rc4.c
Log message:
Fix and enable ARCFOUR.
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/NEWS.diff?tr1=1.52&tr2=1.53&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/configure.ac.diff?tr1=1.88&tr2=1.89&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/lib/crypto-rc4.c.diff?tr1=1.8&tr2=1.9&r1=text&r2=text
Patches:
Index: shishi/NEWS
diff -u shishi/NEWS:1.52 shishi/NEWS:1.53
--- shishi/NEWS:1.52 Sun Sep 14 13:45:04 2003
+++ shishi/NEWS Fri Sep 19 16:29:05 2003
@@ -4,6 +4,8 @@
* Version 0.0.7 (unreleased)
+** ARCFOUR encryption support according to draft-brezak-win2k-krb-rc4-hmac-04.
+
* Version 0.0.6 (released 2003-09-14)
** Proxiable, proxy, forwardable and forwarded tickets supported.
Index: shishi/configure.ac
diff -u shishi/configure.ac:1.88 shishi/configure.ac:1.89
--- shishi/configure.ac:1.88 Fri Sep 19 12:28:33 2003
+++ shishi/configure.ac Fri Sep 19 16:29:05 2003
@@ -381,9 +381,9 @@
AC_MSG_CHECKING([if dummy NULL encryption/checksum type should be used])
AC_MSG_RESULT($enable_null)
-AC_ARG_ENABLE(arcfour, AC_HELP_STRING([--enable-arcfour],
- [enable ARCFOUR encryption/checksum type]),
- enable_arcfour=$enableval, enable_arcfour=no)
+AC_ARG_ENABLE(arcfour, AC_HELP_STRING([--disable-arcfour],
+ [disable ARCFOUR encryption/checksum type]),
+ enable_arcfour=$enableval, enable_arcfour=yes)
AM_CONDITIONAL(ARCFOUR, test "$enable_arcfour" != "no")
if test "$enable_arcfour" != "no"; then
AC_DEFINE(WITH_ARCFOUR, 1,
Index: shishi/lib/crypto-rc4.c
diff -u shishi/lib/crypto-rc4.c:1.8 shishi/lib/crypto-rc4.c:1.9
--- shishi/lib/crypto-rc4.c:1.8 Thu Sep 18 17:54:09 2003
+++ shishi/lib/crypto-rc4.c Fri Sep 19 16:29:06 2003
@@ -25,7 +25,8 @@
static int arcfour_keyusage (int keyusage)
{
- /*
+ /* From draft-brezak-win2k-krb-rc4-hmac-04.txt:
+ *
* 1. AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with
* the client key (T=1)
* 2. AS-REP Ticket and TGS-REP Ticket (includes TGS session key
@@ -58,6 +59,16 @@
* the application (T=14)
* 15. KRB-SAFE cksum, keyed with a key chosen by the
* application. Also for data signed in GSS MIC (T=15)
+ */
+
+ if (keyusage == SHISHI_KEYUSAGE_ENCASREPPART)
+ return SHISHI_KEYUSAGE_ENCTGSREPPART_SESSION_KEY;
+ else if (keyusage == SHISHI_KEYUSAGE_ENCTGSREPPART_AUTHENTICATOR_KEY)
+ return SHISHI_KEYUSAGE_ENCTGSREPPART_SESSION_KEY;
+
+ /* Continued, this probably refer to the non-standard 3DES GSSAPI
+ * keyusages; RFC 1964 does not discuss key uses at all. When this
+ * comment was written, GSSLib did not support ARCFOUR though.
*
* Relative to RFC-1964 key uses:
*
@@ -67,10 +78,10 @@
*
*/
- if (keyusage == 3)
- return 8;
- else if (keyusage == 9)
- return 8;
+ if (keyusage == SHISHI_KEYUSAGE_GSS_R1 ||
+ keyusage == SHISHI_KEYUSAGE_GSS_R2 ||
+ keyusage == SHISHI_KEYUSAGE_GSS_R3)
+ return 0;
return keyusage;
}
@@ -92,6 +103,8 @@
char K2[16];
char *K3 = NULL;
char *pt = NULL;
+ size_t ptlen;
+ char *ct = NULL;
char *cksum = NULL;
int offset;
int err;
@@ -104,9 +117,15 @@
memcpy (L40 + 10, T, 4);
if (export)
- offset = 10;
- else
offset = 0;
+ else
+ offset = 10;
+
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("k1pt");
+ _shishi_hexprint (L40 + offset, 14 - offset);
+ }
err = shishi_hmac_md5 (handle,
shishi_key_value (key), shishi_key_length (key),
@@ -114,31 +133,85 @@
if (err)
goto done;
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("k1");
+ _shishi_hexprint (K1, 16);
+ }
+
memcpy (K2, K1, 16);
if (export)
memset (K1 + 7, 0xAB, 9);
- pt = xmalloc (16 + 8 + inlen);
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("k1");
+ _shishi_hexprint (K1, 16);
+ puts ("k2");
+ _shishi_hexprint (K2, 16);
+ }
+
+ /* Note that in ENCRYPT of draft-brezak-win2k-krb-rc4-hmac-04.txt change:
+ *
+ * edata.Checksum = HMAC (K2, edata);
+ *
+ * into
+ *
+ * edata.Checksum = HMAC (K2, concat(edata.Confounder, edata.Data));
+ *
+ * otherwise it will not work. Compare DECRYPT where the later is
+ * taken from. Another interpretation would be to HMAC a zeroized
+ * checksum field, like certain other Kerberos cipher suites do, but
+ * that does not interoperate.
+ *
+ */
+
+ ptlen = 8 + inlen;
+ pt = xmalloc (ptlen);
- memset (pt, 0, 16);
- err = shishi_randomize (handle, 0, pt + 16, 8);
+ err = shishi_randomize (handle, 0, pt, 8);
if (err)
goto done;
- memcpy (pt + 16 + 8, in, inlen);
+ memcpy (pt + 8, in, inlen);
- err = shishi_hmac_md5 (handle, K2, 16, pt, 16 + 8 + inlen, &cksum);
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("random"); _shishi_hexprint (pt, 8);
+ }
+
+ err = shishi_hmac_md5 (handle, K2, 16, pt, ptlen, &cksum);
if (err)
goto done;
+
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("cksum"); _shishi_hexprint (cksum, 16);
+ }
+
err = shishi_hmac_md5 (handle, K1, 16, cksum, 16, &K3);
if (err)
goto done;
- *outlen = 8 + inlen;
- err = shishi_arcfour (handle, 0, K3, 16, pt + 16, 8 + inlen, out);
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("k3");
+ _shishi_hexprint (K3, 16);
+ }
+
+ err = shishi_arcfour (handle, 0, K3, 16, pt, ptlen, &ct);
if (err)
goto done;
- memcpy (out, cksum, 16);
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("ct");
+ _shishi_hexprint (ct, ptlen);
+ }
+
+ *outlen = 16 + ptlen;
+ *out = xmalloc (*outlen);
+ memcpy (*out, cksum, 16);
+ memcpy (*out + 16, ct, ptlen);
err = SHISHI_OK;
@@ -146,6 +219,7 @@
free (cksum);
free (K3);
free (pt);
+ free (ct);
free (K1);
return err;
}
@@ -166,8 +240,9 @@
char *K1 = NULL;
char K2[16];
char *K3 = NULL;
- char *pt = NULL;
char *cksum = NULL;
+ char *ct = NULL;
+ char *pt = NULL;
int offset;
int err;
@@ -179,9 +254,15 @@
memcpy (L40 + 10, T, 4);
if (export)
- offset = 10;
- else
offset = 0;
+ else
+ offset = 10;
+
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("k1pt");
+ _shishi_hexprint (L40 + offset, 14 - offset);
+ }
err = shishi_hmac_md5 (handle,
shishi_key_value (key), shishi_key_length (key),
@@ -189,37 +270,65 @@
if (err)
goto done;
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("k1");
+ _shishi_hexprint (K1, 16);
+ }
+
memcpy (K2, K1, 16);
if (export)
memset (K1 + 7, 0xAB, 9);
- pt = xmalloc (16 + 8 + inlen);
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("k1");
+ _shishi_hexprint (K1, 16);
+ puts ("k2");
+ _shishi_hexprint (K2, 16);
+ }
- memset (pt, 0, 16);
- err = shishi_randomize (handle, 0, pt + 16, 8);
+ err = shishi_hmac_md5 (handle, K1, 16, in, 16, &K3);
if (err)
goto done;
- memcpy (pt + 16 + 8, in, inlen);
- err = shishi_hmac_md5 (handle, K2, 16, pt, 16 + 8 + inlen, &cksum);
- if (err)
- goto done;
- err = shishi_hmac_md5 (handle, K1, 16, cksum, 16, &K3);
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("k3");
+ _shishi_hexprint (K3, 16);
+ }
+
+ err = shishi_arcfour (handle, 1, K3, 16, in + 16, inlen - 16, &pt);
if (err)
goto done;
- *outlen = 8 + inlen;
- err = shishi_arcfour (handle, 0, K3, 16, pt + 16, 8 + inlen, out);
+ err = shishi_hmac_md5 (handle, K2, 16, pt, inlen - 16, &cksum);
if (err)
goto done;
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("cksum"); _shishi_hexprint (cksum, 16);
+ puts ("cksumin"); _shishi_hexprint (in, 16);
+ }
+
+ if (memcmp (cksum, in, 16) != 0)
+ {
+ err = SHISHI_CRYPTO_ERROR;
+ goto done;
+ }
+
+ *outlen = inlen - 16 - 8;
+ *out = xmalloc (*outlen);
+ memcpy (*out, pt + 8, inlen - 16 - 8);
+
err = SHISHI_OK;
done:
free (cksum);
free (K3);
- free (pt);
free (K1);
+ free (pt);
return err;
}
@@ -265,6 +374,8 @@
int arcfourkeyusage = arcfour_keyusage (keyusage);
char *Ksign = NULL;
char *pt = NULL;
+ size_t ptlen;
+ char *tmp = NULL;
char T[4];
int err;
@@ -281,20 +392,46 @@
if (err)
goto done;
- pt = xmalloc (4 + inlen);
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("Ksign"); _shishi_hexprint (Ksign, 16);
+ }
+
+ ptlen = 4 + inlen;
+ pt = xmalloc (ptlen);
memcpy (pt, T, 4);
memcpy (pt + 4, in, inlen);
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("pt"); _shishi_hexprint (pt, ptlen);
+ }
+
+ err = shishi_md5 (handle, pt, ptlen, &tmp);
+ if (err)
+ goto done;
+
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("md"); _shishi_hexprint (tmp, 16);
+ }
+
*outlen = 16;
- err = shishi_hmac_md5 (handle, Ksign, 16, in, inlen, out);
+ err = shishi_hmac_md5 (handle, Ksign, 16, tmp, 16, out);
if (err)
goto done;
+ if (VERBOSECRYPTO (handle))
+ {
+ puts ("hmac"); _shishi_hexprint (*out, 16);
+ }
+
err = SHISHI_OK;
done:
free (Ksign);
free (pt);
+ free (tmp);
return err;
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- shishi ./NEWS ./configure.ac lib/crypto-rc4.c,
shishi-commit <=