← Back to branch summary

~ubuntu-branches/ubuntu/maverick/krb5/maverick

« back to all changes in this revision

Viewing changes to src/lib/crypto/enc_provider/des3.c

  • Committer: Bazaar Package Importer
  • Author(s): Sam Hartman
  • Date: 2009-05-07 16:16:34 UTC
  • mfrom: (13.1.7 sid)
  • Revision ID: james.westby@ubuntu.com-20090507161634-xqyk0s9na0le4flj
Tags: 1.7dfsg~beta1-4
http://bugs.debian.org/527353
When  decrypting the TGS response fails with the subkey, try with the
session key to work around Heimdal bug, Closes: #527353 

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/lib/crypto/enc_provider/des3.c
26
26
 
27
27
#include "k5-int.h"
28
28
#include "des_int.h"
 
29
#include "../aead.h"
29
30
 
30
31
static krb5_error_code
31
32
validate_and_schedule(const krb5_keyblock *key, const krb5_data *ivec,
54
55
}
55
56
 
56
57
static krb5_error_code
 
58
validate_and_schedule_iov(const krb5_keyblock *key, const krb5_data *ivec,
 
59
                          const krb5_crypto_iov *data, size_t num_data,
 
60
                          mit_des3_key_schedule *schedule)
 
61
{
 
62
    size_t i, input_length;
 
63
 
 
64
    for (i = 0, input_length = 0; i < num_data; i++) {
 
65
        const krb5_crypto_iov *iov = &data[i];
 
66
 
 
67
        if (ENCRYPT_IOV(iov))
 
68
            input_length += iov->data.length;
 
69
    }
 
70
 
 
71
    if (key->length != 24)
 
72
        return(KRB5_BAD_KEYSIZE);
 
73
    if ((input_length%8) != 0)
 
74
        return(KRB5_BAD_MSIZE);
 
75
    if (ivec && (ivec->length != 8))
 
76
        return(KRB5_BAD_MSIZE);
 
77
 
 
78
    switch (mit_des3_key_sched(*(mit_des3_cblock *)key->contents,
 
79
                               *schedule)) {
 
80
    case -1:
 
81
        return(KRB5DES_BAD_KEYPAR);
 
82
    case -2:
 
83
        return(KRB5DES_WEAK_KEY);
 
84
    }
 
85
    return 0;
 
86
}
 
87
 
 
88
static krb5_error_code
57
89
k5_des3_encrypt(const krb5_keyblock *key, const krb5_data *ivec,
58
90
                const krb5_data *input, krb5_data *output)
59
91
{
68
100
    krb5int_des3_cbc_encrypt((krb5_pointer) input->data,
69
101
                             (krb5_pointer) output->data, input->length,
70
102
                             schedule[0], schedule[1], schedule[2],
71
 
                             ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock);
 
103
                             ivec?(const unsigned char *) ivec->data:(const unsigned char *)mit_des_zeroblock);
72
104
 
73
105
    zap(schedule, sizeof(schedule));
74
106
 
90
122
    krb5int_des3_cbc_decrypt((krb5_pointer) input->data,
91
123
                             (krb5_pointer) output->data, input->length,
92
124
                             schedule[0], schedule[1], schedule[2],
93
 
                             ivec?(unsigned char *) ivec->data:(unsigned char *)mit_des_zeroblock);
 
125
                             ivec?(const unsigned char *) ivec->data:(const unsigned char *)mit_des_zeroblock);
94
126
 
95
127
    zap(schedule, sizeof(schedule));
96
128
 
129
161
    return(0);
130
162
}
131
163
 
 
164
static krb5_error_code
 
165
k5_des3_encrypt_iov(const krb5_keyblock *key,
 
166
                    const krb5_data *ivec,
 
167
                    krb5_crypto_iov *data,
 
168
                    size_t num_data)
 
169
{
 
170
    mit_des3_key_schedule schedule;
 
171
    krb5_error_code err;
 
172
 
 
173
    err = validate_and_schedule_iov(key, ivec, data, num_data, &schedule);
 
174
    if (err)
 
175
        return err;
 
176
 
 
177
    /* this has a return value, but the code always returns zero */
 
178
    krb5int_des3_cbc_encrypt_iov(data, num_data,
 
179
                             schedule[0], schedule[1], schedule[2],
 
180
                             ivec != NULL ? (const unsigned char *) ivec->data : NULL);
 
181
 
 
182
    zap(schedule, sizeof(schedule));
 
183
 
 
184
    return(0);
 
185
}
 
186
 
 
187
static krb5_error_code
 
188
k5_des3_decrypt_iov(const krb5_keyblock *key,
 
189
                    const krb5_data *ivec,
 
190
                    krb5_crypto_iov *data,
 
191
                    size_t num_data)
 
192
{
 
193
    mit_des3_key_schedule schedule;
 
194
    krb5_error_code err;
 
195
 
 
196
    err = validate_and_schedule_iov(key, ivec, data, num_data, &schedule);
 
197
    if (err)
 
198
        return err;
 
199
 
 
200
    /* this has a return value, but the code always returns zero */
 
201
    krb5int_des3_cbc_decrypt_iov(data, num_data,
 
202
                                 schedule[0], schedule[1], schedule[2],
 
203
                                 ivec != NULL ? (const unsigned char *) ivec->data : NULL);
 
204
 
 
205
    zap(schedule, sizeof(schedule));
 
206
 
 
207
    return(0);
 
208
}
 
209
 
132
210
const struct krb5_enc_provider krb5int_enc_des3 = {
133
211
    8,
134
212
    21, 24,
136
214
    k5_des3_decrypt,
137
215
    k5_des3_make_key,
138
216
    krb5int_des_init_state,
139
 
    krb5int_default_free_state
 
217
    krb5int_default_free_state,
 
218
    k5_des3_encrypt_iov,
 
219
    k5_des3_decrypt_iov
140
220
};
 
221