svn rev #23361: trunk/src/lib/crypto/ crypto_tests/ krb/keyhash_provider/
tlyu@MIT.EDU
tlyu at MIT.EDU
Wed Nov 25 22:55:00 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=23361
Commit By: tlyu
Log Message:
ticket: 6584
target_version: 1.7.1
tags: pullup
Pullup to 1.7-branch is only for the test case, as krb5-1.7 behaved
correctly for these checksums.
Fix regression in MD4-DES and MD5-DES keyed checksums. The original
key was being used for the DES encryption, not the "xorkey". (key
with each byte XORed with 0xf0)
Add a test case that will catch future regressions of this sort, by
including a verification of a "known-good" checksum (derived from a
known-to-be-interoperable version of the implementation).
Changed Files:
U trunk/src/lib/crypto/crypto_tests/Makefile.in
U trunk/src/lib/crypto/crypto_tests/t_cksum.c
U trunk/src/lib/crypto/krb/keyhash_provider/k5_md4des.c
U trunk/src/lib/crypto/krb/keyhash_provider/k5_md5des.c
Modified: trunk/src/lib/crypto/crypto_tests/Makefile.in
===================================================================
--- trunk/src/lib/crypto/crypto_tests/Makefile.in 2009-11-26 00:44:22 UTC (rev 23360)
+++ trunk/src/lib/crypto/crypto_tests/Makefile.in 2009-11-26 03:54:59 UTC (rev 23361)
@@ -37,6 +37,9 @@
##DOS##LIBOBJS = $(OBJS)
+# NOTE: The t_cksum known checksum values are primarily for regression
+# testing. They are not derived a priori, but are known to produce
+# checksums that interoperate.
check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac \
t_cksum4 t_cksum5 \
aes-test \
@@ -49,8 +52,8 @@
$(RUN_SETUP) $(VALGRIND) ./t_hmac
$(RUN_SETUP) $(VALGRIND) ./t_prf <$(srcdir)/t_prf.in >t_prf.output
diff t_prf.output $(srcdir)/t_prf.expected
- $(RUN_SETUP) $(VALGRIND) ./t_cksum4 "this is a test"
- $(RUN_SETUP) $(VALGRIND) ./t_cksum5 "this is a test"
+ $(RUN_SETUP) $(VALGRIND) ./t_cksum4 "this is a test" e3f76a07f3401e3536b43a3f54226c39422c35682c354835
+ $(RUN_SETUP) $(VALGRIND) ./t_cksum5 "this is a test" e3f76a07f3401e351143ee6f4c09be1edb4264d55015db53
$(RUN_SETUP) $(VALGRIND) ./t_crc
$(RUN_SETUP) $(VALGRIND) ./t_cts
$(RUN_SETUP) $(VALGRIND) ./aes-test -k > vk.txt
Modified: trunk/src/lib/crypto/crypto_tests/t_cksum.c
===================================================================
--- trunk/src/lib/crypto/crypto_tests/t_cksum.c 2009-11-26 00:44:22 UTC (rev 23360)
+++ trunk/src/lib/crypto/crypto_tests/t_cksum.c 2009-11-26 03:54:59 UTC (rev 23361)
@@ -59,6 +59,27 @@
printf("\n");
}
+static void
+parse_hexstring(const char *s, krb5_data *dat)
+{
+ size_t i, len;
+ unsigned int byte;
+ unsigned char *cp;
+
+ len = strlen(s);
+ cp = malloc(len / 2);
+ dat->data = (char *)cp;
+ if (cp == NULL) {
+ dat->length = 0;
+ return;
+ }
+ dat->length = len / 2;
+ for (i = 0; i + 1 < len; i += 2) {
+ sscanf(&s[i], "%2x", &byte);
+ *cp++ = byte;
+ }
+}
+
/*
* Test the checksum verification of Old Style (tm) and correct RSA-MD[4,5]-DES
* checksums.
@@ -77,7 +98,7 @@
krb5_keyblock keyblock;
krb5_key key;
krb5_error_code kret=0;
- krb5_data plaintext, newstyle_checksum;
+ krb5_data plaintext, newstyle_checksum, knowncksum_dat;
/* this is a terrible seed, but that's ok for the test. */
@@ -101,7 +122,7 @@
printf("cannot get memory for new style checksum\n");
return(ENOMEM);
}
- for (msgindex = 1; msgindex < argc; msgindex++) {
+ for (msgindex = 1; msgindex + 1 < argc; msgindex += 2) {
plaintext.length = strlen(argv[msgindex]);
plaintext.data = argv[msgindex];
@@ -118,6 +139,7 @@
}
if (!valid) {
printf("verify on new checksum failed\n");
+ kret = 1;
break;
}
printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
@@ -130,14 +152,32 @@
}
if (valid) {
printf("verify on new checksum succeeded, but shouldn't have\n");
+ kret = 1;
break;
}
printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
+ parse_hexstring(argv[msgindex+1], &knowncksum_dat);
+ if (knowncksum_dat.data == NULL) {
+ printf("parse_hexstring failed\n");
+ kret = 1;
+ break;
+ }
+ if ((kret = (*(khp.verify))(key, 0, 0, &plaintext, &knowncksum_dat,
+ &valid))) {
+ printf("verify on known checksum choked with %d\n", kret);
+ break;
+ }
+ if (!valid) {
+ printf("verify on known checksum failed\n");
+ kret = 1;
+ break;
+ }
+ printf("Verify on known checksum succeeded\n");
kret = 0;
}
free(newstyle_checksum.data);
if (!kret)
- printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
+ printf("%d tests passed successfully for MD%d checksum\n", (argc-1)/2, MD);
krb5_k_free_key(NULL, key);
Modified: trunk/src/lib/crypto/krb/keyhash_provider/k5_md4des.c
===================================================================
--- trunk/src/lib/crypto/krb/keyhash_provider/k5_md4des.c 2009-11-26 00:44:22 UTC (rev 23360)
+++ trunk/src/lib/crypto/krb/keyhash_provider/k5_md4des.c 2009-11-26 03:54:59 UTC (rev 23361)
@@ -38,7 +38,31 @@
extern struct krb5_enc_provider krb5int_enc_des;
+/* Derive a key by XOR with 0xF0 bytes. */
static krb5_error_code
+mk_xorkey(krb5_key origkey, krb5_key *xorkey)
+{
+ krb5_error_code retval = 0;
+ unsigned char xorbytes[8];
+ krb5_keyblock xorkeyblock;
+ size_t i = 0;
+
+ if (origkey->keyblock.length != sizeof(xorbytes))
+ return KRB5_CRYPTO_INTERNAL;
+ memcpy(xorbytes, origkey->keyblock.contents, sizeof(xorbytes));
+ for (i = 0; i < sizeof(xorbytes); i++)
+ xorbytes[i] ^= 0xf0;
+
+ /* Do a shallow copy here. */
+ xorkeyblock = origkey->keyblock;
+ xorkeyblock.contents = xorbytes;
+
+ retval = krb5_k_create_key(0, &xorkeyblock, xorkey);
+ zap(xorbytes, sizeof(xorbytes));
+ return retval;
+}
+
+static krb5_error_code
k5_md4des_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
const krb5_data *input, krb5_data *output)
{
@@ -46,6 +70,7 @@
krb5_data data;
krb5_MD4_CTX ctx;
unsigned char conf[CONFLENGTH];
+ krb5_key xorkey = NULL;
struct krb5_enc_provider *enc = &krb5int_enc_des;
if (output->length != (CONFLENGTH+RSA_MD4_CKSUM_LENGTH))
@@ -58,6 +83,10 @@
if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &data)))
return(ret);
+ ret = mk_xorkey(key, &xorkey);
+ if (ret)
+ return ret;
+
/* hash the confounder, then the input data */
krb5int_MD4Init(&ctx);
@@ -71,8 +100,10 @@
memcpy(output->data, conf, CONFLENGTH);
memcpy(output->data+CONFLENGTH, ctx.digest, RSA_MD4_CKSUM_LENGTH);
- ret = enc->encrypt(key, NULL, output, output);
+ ret = enc->encrypt(xorkey, NULL, output, output);
+ krb5_k_free_key(NULL, xorkey);
+
return (ret);
}
@@ -85,10 +116,14 @@
krb5_error_code ret;
krb5_MD4_CTX ctx;
unsigned char plaintext[CONFLENGTH+RSA_MD4_CKSUM_LENGTH];
+ krb5_key xorkey = NULL;
int compathash = 0;
struct krb5_enc_provider *enc = &krb5int_enc_des;
krb5_data output, iv;
+ iv.data = NULL;
+ iv.length = 0;
+
if (key->keyblock.length != 8)
return(KRB5_BAD_KEYSIZE);
if (hash->length != (CONFLENGTH+RSA_MD4_CKSUM_LENGTH)) {
@@ -109,22 +144,25 @@
iv.length = key->keyblock.length;
if (key->keyblock.contents)
memcpy(iv.data, key->keyblock.contents, key->keyblock.length);
+ } else {
+ ret = mk_xorkey(key, &xorkey);
+ if (ret)
+ return ret;
}
/* decrypt it */
- output.data = plaintext;
+ output.data = (char *)plaintext;
output.length = hash->length;
if (!compathash) {
- ret = enc->decrypt(key, NULL, hash, &output);
+ ret = enc->decrypt(xorkey, NULL, hash, &output);
+ krb5_k_free_key(NULL, xorkey);
} else {
ret = enc->decrypt(key, &iv, hash, &output);
+ zap(iv.data, iv.length);
+ free(iv.data);
}
- if (compathash && iv.data) {
- free (iv.data);
- }
-
if (ret) return(ret);
if (output.length > CONFLENGTH+RSA_MD4_CKSUM_LENGTH)
Modified: trunk/src/lib/crypto/krb/keyhash_provider/k5_md5des.c
===================================================================
--- trunk/src/lib/crypto/krb/keyhash_provider/k5_md5des.c 2009-11-26 00:44:22 UTC (rev 23360)
+++ trunk/src/lib/crypto/krb/keyhash_provider/k5_md5des.c 2009-11-26 03:54:59 UTC (rev 23361)
@@ -38,7 +38,31 @@
extern struct krb5_enc_provider krb5int_enc_des;
+/* Derive a key by XOR with 0xF0 bytes. */
static krb5_error_code
+mk_xorkey(krb5_key origkey, krb5_key *xorkey)
+{
+ krb5_error_code retval = 0;
+ unsigned char xorbytes[8];
+ krb5_keyblock xorkeyblock;
+ size_t i = 0;
+
+ if (origkey->keyblock.length != sizeof(xorbytes))
+ return KRB5_CRYPTO_INTERNAL;
+ memcpy(xorbytes, origkey->keyblock.contents, sizeof(xorbytes));
+ for (i = 0; i < sizeof(xorbytes); i++)
+ xorbytes[i] ^= 0xf0;
+
+ /* Do a shallow copy here. */
+ xorkeyblock = origkey->keyblock;
+ xorkeyblock.contents = xorbytes;
+
+ retval = krb5_k_create_key(0, &xorkeyblock, xorkey);
+ zap(xorbytes, sizeof(xorbytes));
+ return retval;
+}
+
+static krb5_error_code
k5_md5des_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
const krb5_data *input, krb5_data *output)
{
@@ -46,6 +70,7 @@
krb5_data data;
krb5_MD5_CTX ctx;
unsigned char conf[CONFLENGTH];
+ krb5_key xorkey = NULL;
struct krb5_enc_provider *enc = &krb5int_enc_des;
if (output->length != (CONFLENGTH+RSA_MD5_CKSUM_LENGTH))
@@ -58,6 +83,10 @@
if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &data)))
return(ret);
+ ret = mk_xorkey(key, &xorkey);
+ if (ret)
+ return ret;
+
/* hash the confounder, then the input data */
krb5int_MD5Init(&ctx);
@@ -71,8 +100,10 @@
memcpy(output->data, conf, CONFLENGTH);
memcpy(output->data+CONFLENGTH, ctx.digest, RSA_MD5_CKSUM_LENGTH);
- ret = enc->encrypt(key, NULL, output, output);
+ ret = enc->encrypt(xorkey, NULL, output, output);
+ krb5_k_free_key(NULL, xorkey);
+
return ret;
}
@@ -85,10 +116,14 @@
krb5_error_code ret;
krb5_MD5_CTX ctx;
unsigned char plaintext[CONFLENGTH+RSA_MD5_CKSUM_LENGTH];
+ krb5_key xorkey = NULL;
int compathash = 0;
struct krb5_enc_provider *enc = &krb5int_enc_des;
krb5_data output, iv;
+ iv.data = NULL;
+ iv.length = 0;
+
if (key->keyblock.length != 8)
return(KRB5_BAD_KEYSIZE);
@@ -109,22 +144,25 @@
iv.length = key->keyblock.length;
if (key->keyblock.contents)
memcpy(iv.data, key->keyblock.contents, key->keyblock.length);
+ } else {
+ ret = mk_xorkey(key, &xorkey);
+ if (ret)
+ return ret;
}
/* decrypt it */
- output.data = plaintext;
+ output.data = (char *)plaintext;
output.length = hash->length;
if (!compathash) {
- ret = enc->decrypt(key, NULL, hash, &output);
+ ret = enc->decrypt(xorkey, NULL, hash, &output);
+ krb5_k_free_key(NULL, xorkey);
} else {
ret = enc->decrypt(key, &iv, hash, &output);
+ zap(iv.data, iv.length);
+ free(iv.data);
}
- if (compathash && iv.data) {
- free (iv.data);
- }
-
if (ret) return(ret);
if (output.length > CONFLENGTH+RSA_MD5_CKSUM_LENGTH)
More information about the cvs-krb5
mailing list