diff options
author | Luke Howard <lukeh@padl.com> | 2009-12-08 21:15:45 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2009-12-08 21:15:45 +0000 |
commit | be21fbc44a9472c6b8df0f4de6c544b38f04c3d5 (patch) | |
tree | db1889f705aac49923e9e7c53a06f1eec34a37d1 | |
parent | 5250bd0d81d79159dc5c1d09e83c69b53a9ff604 (diff) | |
download | krb5-lhoward/aes-ccm.tar.gz |
have AESCBC keyhash_provider do its own key derivationlhoward/aes-ccm
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/aes-ccm@23459 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/crypto/krb/dk/dk_ccm.c | 4 | ||||
-rw-r--r-- | src/lib/crypto/krb/keyhash_provider/aescbc.c | 38 |
2 files changed, 38 insertions, 4 deletions
diff --git a/src/lib/crypto/krb/dk/dk_ccm.c b/src/lib/crypto/krb/dk/dk_ccm.c index c8ee32352..b3b18ffce 100644 --- a/src/lib/crypto/krb/dk/dk_ccm.c +++ b/src/lib/crypto/krb/dk/dk_ccm.c @@ -380,7 +380,7 @@ krb5int_ccm_encrypt_iov(const struct krb5_aead_provider *aead, goto cleanup; } - ret = krb5int_c_make_checksum_iov(keyhash, kc, usage, sign_data, num_sign_data, &cksum); + ret = krb5int_c_make_checksum_iov(keyhash, key, usage, sign_data, num_sign_data, &cksum); if (ret != 0) goto cleanup; @@ -576,7 +576,7 @@ krb5int_ccm_decrypt_iov(const struct krb5_aead_provider *aead, sign_data[num_sign_data++] = data[i]; } - ret = krb5int_c_make_checksum_iov(keyhash, kc, usage, sign_data, num_sign_data, &cksum); + ret = krb5int_c_make_checksum_iov(keyhash, key, usage, sign_data, num_sign_data, &cksum); if (ret != 0) goto cleanup; diff --git a/src/lib/crypto/krb/keyhash_provider/aescbc.c b/src/lib/crypto/krb/keyhash_provider/aescbc.c index 2312c8b0e..c947353a6 100644 --- a/src/lib/crypto/krb/keyhash_provider/aescbc.c +++ b/src/lib/crypto/krb/keyhash_provider/aescbc.c @@ -28,8 +28,13 @@ #include "k5-int.h" #include "keyhash_provider.h" #include "hash_provider.h" +#include "enc_provider/enc_provider.h" +#include "../etypes.h" #include "../aes/aes.h" #include "../aead.h" +#include "../dk/dk.h" + +#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */ static void xorblock(unsigned char *out, unsigned const char *in) { @@ -38,12 +43,17 @@ static void xorblock(unsigned char *out, unsigned const char *in) out[z] ^= in[z]; } -static krb5_error_code +static krb5_error_code k5_aescbc_hash_iov (krb5_key key, krb5_keyusage usage, const krb5_data *iv, const krb5_crypto_iov *data, size_t num_data, krb5_data *output) { + unsigned char constantdata[K5CLENGTH]; + krb5_error_code ret; + krb5_data d1; + krb5_key kc; + int i; aes_ctx ctx; unsigned char blockY[BLOCK_SIZE]; struct iov_block_state iov_state; @@ -51,6 +61,28 @@ k5_aescbc_hash_iov (krb5_key key, krb5_keyusage usage, if (output->length < BLOCK_SIZE) return KRB5_BAD_MSIZE; + d1.data = (char *)constantdata; + d1.length = K5CLENGTH; + + d1.data[0] = (usage >> 24) & 0xFF; + d1.data[1] = (usage >> 16) & 0xFF; + d1.data[2] = (usage >> 8 ) & 0xFF; + d1.data[3] = (usage ) & 0xFF; + + d1.data[4] = 0xCC; + + for (i = 0, kc = NULL; i < krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == krb5_k_key_enctype(NULL, key)) { + ret = krb5_derive_key(krb5_enctypes_list[i].enc, key, &kc, &d1); + if (ret != 0) + return ret; + break; + } + } + + if (kc == NULL) + abort(); + if (aes_enc_key(key->keyblock.contents, key->keyblock.length, &ctx) != aes_good) abort(); @@ -85,10 +117,12 @@ k5_aescbc_hash_iov (krb5_key key, krb5_keyusage usage, output->length = BLOCK_SIZE; memcpy(output->data, blockY, BLOCK_SIZE); + krb5_k_free_key(NULL, kc); + return 0; } -static krb5_error_code +static krb5_error_code k5_aescbc_hash (krb5_key key, krb5_keyusage usage, const krb5_data *iv, const krb5_data *input, krb5_data *output) |