← Back to branch summary

~ubuntu-branches/ubuntu/maverick/krb5/maverick

« back to all changes in this revision

Viewing changes to src/lib/crypto/etypes.c

  • Committer: Bazaar Package Importer
  • Author(s): Sam Hartman
  • Date: 2009-05-07 16:16:34 UTC
  • mfrom: (13.1.7 sid)
  • Revision ID: james.westby@ubuntu.com-20090507161634-xqyk0s9na0le4flj
Tags: 1.7dfsg~beta1-4
http://bugs.debian.org/527353
When  decrypting the TGS response fails with the subkey, try with the
session key to work around Heimdal bug, Closes: #527353 

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/lib/crypto/etypes.c
42
42
 
43
43
const struct krb5_keytypes krb5_enctypes_list[] = {
44
44
    { ENCTYPE_DES_CBC_CRC,
45
 
      "des-cbc-crc", "DES cbc mode with CRC-32",
 
45
      "des-cbc-crc", { 0 }, "DES cbc mode with CRC-32",
46
46
      &krb5int_enc_des, &krb5int_hash_crc32,
47
47
      8,
48
48
      krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
49
49
      krb5int_des_string_to_key,
50
50
      NULL, /*PRF*/
51
 
      CKSUMTYPE_RSA_MD5 },
 
51
      CKSUMTYPE_RSA_MD5,
 
52
      NULL, /*AEAD*/
 
53
      ETYPE_WEAK },
52
54
    { ENCTYPE_DES_CBC_MD4,
53
 
      "des-cbc-md4", "DES cbc mode with RSA-MD4",
 
55
      "des-cbc-md4", { 0 }, "DES cbc mode with RSA-MD4",
54
56
      &krb5int_enc_des, &krb5int_hash_md4,
55
57
      8,
56
58
      krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
57
59
      krb5int_des_string_to_key,
58
60
      NULL, /*PRF*/
59
 
      CKSUMTYPE_RSA_MD4 },
60
 
    { ENCTYPE_DES_CBC_MD5,
61
 
      "des-cbc-md5", "DES cbc mode with RSA-MD5",
62
 
      &krb5int_enc_des, &krb5int_hash_md5,
63
 
      8,
64
 
      krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
65
 
      krb5int_des_string_to_key,
66
 
      NULL, /*PRF*/
67
 
CKSUMTYPE_RSA_MD5 },
68
 
    { ENCTYPE_DES_CBC_MD5,
69
 
      "des", "DES cbc mode with RSA-MD5", /* alias */
70
 
      &krb5int_enc_des, &krb5int_hash_md5,
71
 
      8,
72
 
      krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
73
 
      krb5int_des_string_to_key,
74
 
      NULL, /*PRF*/
75
 
      CKSUMTYPE_RSA_MD5 },
76
 
 
 
61
      CKSUMTYPE_RSA_MD4,
 
62
      NULL, /*AEAD*/
 
63
      ETYPE_WEAK },
 
64
    { ENCTYPE_DES_CBC_MD5,
 
65
      "des-cbc-md5", { "des" }, "DES cbc mode with RSA-MD5",
 
66
      &krb5int_enc_des, &krb5int_hash_md5,
 
67
      8,
 
68
      krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
 
69
      krb5int_des_string_to_key,
 
70
      NULL, /*PRF*/
 
71
      CKSUMTYPE_RSA_MD5,
 
72
      NULL, /*AEAD*/
 
73
      ETYPE_WEAK },
77
74
    { ENCTYPE_DES_CBC_RAW,
78
 
      "des-cbc-raw", "DES cbc mode raw",
 
75
      "des-cbc-raw", { 0 }, "DES cbc mode raw",
79
76
      &krb5int_enc_des, NULL,
80
77
      8,
81
78
      krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
82
79
      krb5int_des_string_to_key,
83
80
      NULL, /*PRF*/
84
 
      0 },
 
81
      0,
 
82
      &krb5int_aead_raw,
 
83
      ETYPE_WEAK },
85
84
    { ENCTYPE_DES3_CBC_RAW,
86
 
      "des3-cbc-raw", "Triple DES cbc mode raw",
 
85
      "des3-cbc-raw", { 0 }, "Triple DES cbc mode raw",
87
86
      &krb5int_enc_des3, NULL,
88
87
      8,
89
88
      krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
90
89
      krb5int_dk_string_to_key,
91
90
      NULL, /*PRF*/
92
 
      0 },
 
91
      0,
 
92
      &krb5int_aead_raw,
 
93
      ETYPE_WEAK },
93
94
 
94
95
    { ENCTYPE_DES3_CBC_SHA1,
95
 
      "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1",
96
 
      &krb5int_enc_des3, &krb5int_hash_sha1,
97
 
      8,
98
 
      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
99
 
      krb5int_dk_string_to_key,
100
 
      NULL, /*PRF*/
101
 
      CKSUMTYPE_HMAC_SHA1_DES3 },
102
 
    { ENCTYPE_DES3_CBC_SHA1,    /* alias */
103
 
      "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1",
104
 
      &krb5int_enc_des3, &krb5int_hash_sha1,
105
 
      8,
106
 
      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
107
 
      krb5int_dk_string_to_key,
108
 
      NULL, /*PRF*/
109
 
      CKSUMTYPE_HMAC_SHA1_DES3 },
110
 
    { ENCTYPE_DES3_CBC_SHA1,    /* alias */
111
 
      "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
112
 
      &krb5int_enc_des3, &krb5int_hash_sha1,
113
 
      8,
114
 
      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
115
 
      krb5int_dk_string_to_key,
116
 
      NULL, /*PRF*/
117
 
      CKSUMTYPE_HMAC_SHA1_DES3 },
 
96
      "des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" },
 
97
      "Triple DES cbc mode with HMAC/sha1",
 
98
      &krb5int_enc_des3, &krb5int_hash_sha1,
 
99
      8,
 
100
      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
 
101
      krb5int_dk_string_to_key,
 
102
      NULL, /*PRF*/
 
103
      CKSUMTYPE_HMAC_SHA1_DES3,
 
104
      &krb5int_aead_dk,
 
105
      0 /*flags*/ },
118
106
 
119
107
    { ENCTYPE_DES_HMAC_SHA1,
120
 
      "des-hmac-sha1", "DES with HMAC/sha1",
 
108
      "des-hmac-sha1", { 0 }, "DES with HMAC/sha1",
121
109
      &krb5int_enc_des, &krb5int_hash_sha1,
122
110
      8,
123
111
      krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
124
112
      krb5int_dk_string_to_key,
125
113
      NULL, /*PRF*/
126
 
      0 },
 
114
      0,
 
115
      NULL,
 
116
      ETYPE_WEAK },
127
117
    { ENCTYPE_ARCFOUR_HMAC, 
128
 
      "arcfour-hmac","ArcFour with HMAC/md5", &krb5int_enc_arcfour,
129
 
      &krb5int_hash_md5,
130
 
      0,
131
 
krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
132
 
      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
133
 
      NULL, /*PRF*/
134
 
      CKSUMTYPE_HMAC_MD5_ARCFOUR },
135
 
    { ENCTYPE_ARCFOUR_HMAC,  /* alias */
136
 
      "rc4-hmac", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
137
 
      &krb5int_hash_md5,
138
 
      0,
139
 
      krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
140
 
      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
141
 
      NULL, /*PRF*/
142
 
      CKSUMTYPE_HMAC_MD5_ARCFOUR },
143
 
    { ENCTYPE_ARCFOUR_HMAC,  /* alias */
144
 
      "arcfour-hmac-md5", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
145
 
      &krb5int_hash_md5,
146
 
      0,
147
 
      krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
148
 
      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
149
 
      NULL, /*PRF*/
150
 
      CKSUMTYPE_HMAC_MD5_ARCFOUR },
 
118
      "arcfour-hmac", { "rc4-hmac", "arcfour-hmac-md5" },
 
119
      "ArcFour with HMAC/md5",
 
120
      &krb5int_enc_arcfour,
 
121
      &krb5int_hash_md5,
 
122
      20,
 
123
      krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
 
124
      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
 
125
      krb5int_arcfour_prf, /*PRF*/
 
126
      CKSUMTYPE_HMAC_MD5_ARCFOUR,
 
127
      &krb5int_aead_arcfour,
 
128
      0 /*flags*/ },
151
129
    { ENCTYPE_ARCFOUR_HMAC_EXP, 
152
 
      "arcfour-hmac-exp", "Exportable ArcFour with HMAC/md5",
153
 
      &krb5int_enc_arcfour,
154
 
      &krb5int_hash_md5,
155
 
      0,
156
 
      krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
157
 
      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
158
 
      NULL, /*PRF*/
159
 
      CKSUMTYPE_HMAC_MD5_ARCFOUR },
160
 
    { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
161
 
      "rc4-hmac-exp", "Exportable ArcFour with HMAC/md5",
162
 
      &krb5int_enc_arcfour,
163
 
      &krb5int_hash_md5,
164
 
      0,
165
 
      krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
166
 
      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
167
 
      NULL, /*PRF*/
168
 
      CKSUMTYPE_HMAC_MD5_ARCFOUR },
169
 
    { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
170
 
      "arcfour-hmac-md5-exp", "Exportable ArcFour with HMAC/md5",
171
 
      &krb5int_enc_arcfour,
172
 
      &krb5int_hash_md5,
173
 
      0,
174
 
      krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
175
 
      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
176
 
      NULL, /*PRF*/
177
 
      CKSUMTYPE_HMAC_MD5_ARCFOUR },
 
130
      "arcfour-hmac-exp", { "rc4-hmac-exp", "arcfour-hmac-md5-exp" },
 
131
      "Exportable ArcFour with HMAC/md5",
 
132
      &krb5int_enc_arcfour,
 
133
      &krb5int_hash_md5,
 
134
      20,
 
135
      krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
 
136
      krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
 
137
      krb5int_arcfour_prf, /*PRF*/
 
138
      CKSUMTYPE_HMAC_MD5_ARCFOUR,
 
139
      &krb5int_aead_arcfour,
 
140
      ETYPE_WEAK
 
141
    },
178
142
 
179
143
    { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
180
 
      "aes128-cts-hmac-sha1-96", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
181
 
      &krb5int_enc_aes128, &krb5int_hash_sha1,
182
 
      16,
183
 
      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
184
 
      krb5int_aes_string_to_key,
185
 
      krb5int_dk_prf,
186
 
      CKSUMTYPE_HMAC_SHA1_96_AES128 },
187
 
    { ENCTYPE_AES128_CTS_HMAC_SHA1_96, /* alias */
188
 
      "aes128-cts", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
189
 
      &krb5int_enc_aes128, &krb5int_hash_sha1,
190
 
      16,
191
 
      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
192
 
      krb5int_aes_string_to_key,
193
 
      krb5int_dk_prf,
194
 
      CKSUMTYPE_HMAC_SHA1_96_AES128 },
 
144
      "aes128-cts-hmac-sha1-96", { "aes128-cts" },
 
145
      "AES-128 CTS mode with 96-bit SHA-1 HMAC",
 
146
      &krb5int_enc_aes128, &krb5int_hash_sha1,
 
147
      16,
 
148
      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
 
149
      krb5int_aes_string_to_key,
 
150
      krb5int_dk_prf,
 
151
      CKSUMTYPE_HMAC_SHA1_96_AES128,
 
152
      &krb5int_aead_aes,
 
153
      0 /*flags*/ },
195
154
    { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
196
 
      "aes256-cts-hmac-sha1-96", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
197
 
      &krb5int_enc_aes256, &krb5int_hash_sha1,
198
 
      16,
199
 
      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
200
 
      krb5int_aes_string_to_key,
201
 
      krb5int_dk_prf,
202
 
      CKSUMTYPE_HMAC_SHA1_96_AES256 },
203
 
    { ENCTYPE_AES256_CTS_HMAC_SHA1_96, /* alias */
204
 
      "aes256-cts", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
205
 
      &krb5int_enc_aes256, &krb5int_hash_sha1,
206
 
      16,
207
 
      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
208
 
      krb5int_aes_string_to_key,
209
 
      krb5int_dk_prf,
210
 
      CKSUMTYPE_HMAC_SHA1_96_AES256 },
 
155
      "aes256-cts-hmac-sha1-96", { "aes256-cts" },
 
156
      "AES-256 CTS mode with 96-bit SHA-1 HMAC",
 
157
      &krb5int_enc_aes256, &krb5int_hash_sha1,
 
158
      16,
 
159
      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
 
160
      krb5int_aes_string_to_key,
 
161
      krb5int_dk_prf,
 
162
      CKSUMTYPE_HMAC_SHA1_96_AES256,
 
163
      &krb5int_aead_aes,
 
164
      0 /*flags*/ },
211
165
};
212
166
 
213
167
const int krb5_enctypes_length =