d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove support for Kernel GSS algorithms deprecated in r348875.

Browse Source 
This removes support for using DES, Triple DES, and RC4.

Reviewed by:	cem, kp
Tested by:	kp
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24344
This commit is contained in:
jhb 2020-04-10 23:08:41 +00:00
parent 23f6c382b1
commit 158ae761a4
7 changed files with 0 additions and 906 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/conf/files
View File

@ -3945,9 +3945,6 @@ kgssapi/gssd_prot.c optional kgssapi
kgssapi/krb5/krb5_mech.c optional kgssapi
kgssapi/krb5/kcrypto.c optional kgssapi
kgssapi/krb5/kcrypto_aes.c optional kgssapi
kgssapi/krb5/kcrypto_arcfour.c optional kgssapi
kgssapi/krb5/kcrypto_des.c optional kgssapi
kgssapi/krb5/kcrypto_des3.c optional kgssapi
kgssapi/kgss_if.m optional kgssapi
kgssapi/gsstest.c optional kgssapi_debug
# These files in libkern/ are those needed by all architectures. Some

9
sys/kgssapi/krb5/kcrypto.c
View File

@ -42,20 +42,11 @@ __FBSDID("$FreeBSD$");
#include "kcrypto.h"
static struct krb5_encryption_class *krb5_encryption_classes[] = {
&krb5_des_encryption_class,
&krb5_des3_encryption_class,
&krb5_aes128_encryption_class,
&krb5_aes256_encryption_class,
&krb5_arcfour_encryption_class,
&krb5_arcfour_56_encryption_class,
NULL
};
struct timeval krb5_warn_interval = { .tv_sec = 3600, .tv_usec = 0 };
SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, kgssapi_warn_interval, CTLFLAG_RW,
&krb5_warn_interval,
"Delay in seconds between warnings of deprecated KGSSAPI crypto.");
struct krb5_encryption_class *
krb5_find_encryption_class(int etype)
{

5
sys/kgssapi/krb5/kcrypto.h
View File

@ -95,13 +95,8 @@ struct krb5_key_state {
void *ks_priv;
};
extern struct krb5_encryption_class krb5_des_encryption_class;
extern struct krb5_encryption_class krb5_des3_encryption_class;
extern struct krb5_encryption_class krb5_aes128_encryption_class;
extern struct krb5_encryption_class krb5_aes256_encryption_class;
extern struct krb5_encryption_class krb5_arcfour_encryption_class;
extern struct krb5_encryption_class krb5_arcfour_56_encryption_class;
extern struct timeval krb5_warn_interval;
static __inline void
krb5_set_key(struct krb5_key_state *ks, const void *keydata)

225
sys/kgssapi/krb5/kcrypto_arcfour.c
View File

@ -1,225 +0,0 @@
/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2008 Isilon Inc http://www.isilon.com/
* Authors: Doug Rabson <dfr@rabson.org>
* Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/md5.h>
#include <sys/kobj.h>
#include <sys/mbuf.h>
#include <crypto/rc4/rc4.h>
#include <kgssapi/gssapi.h>
#include <kgssapi/gssapi_impl.h>
#include "kcrypto.h"
static void
arcfour_init(struct krb5_key_state *ks)
{
static struct timeval lastwarn;
ks->ks_priv = NULL;
if (ratecheck(&lastwarn, &krb5_warn_interval))
gone_in(13, "RC4 cipher for Kerberos GSS");
}
static void
arcfour_destroy(struct krb5_key_state *ks)
{
}
static void
arcfour_set_key(struct krb5_key_state *ks, const void *in)
{
void *kp = ks->ks_key;
if (kp != in)
bcopy(in, kp, 16);
}
static void
arcfour_random_to_key(struct krb5_key_state *ks, const void *in)
{
arcfour_set_key(ks, in);
}
static void
arcfour_hmac(uint8_t *key, uint8_t *data, size_t datalen,
uint8_t *result)
{
uint8_t buf[64];
MD5_CTX md5;
int i;
for (i = 0; i < 16; i++)
buf[i] = key[i] ^ 0x36;
for (; i < 64; i++)
buf[i] = 0x36;
MD5Init(&md5);
MD5Update(&md5, buf, 64);
MD5Update(&md5, data, datalen);
MD5Final(result, &md5);
for (i = 0; i < 16; i++)
buf[i] = key[i] ^ 0x5c;
for (; i < 64; i++)
buf[i] = 0x5c;
MD5Init(&md5);
MD5Update(&md5, buf, 64);
MD5Update(&md5, result, 16);
MD5Final(result, &md5);
}
static void
arcfour_derive_key(const struct krb5_key_state *ks, uint32_t usage,
uint8_t *newkey)
{
uint8_t t[4];
t[0] = (usage >> 24);
t[1] = (usage >> 16);
t[2] = (usage >> 8);
t[3] = (usage >> 0);
if (ks->ks_class->ec_type == ETYPE_ARCFOUR_HMAC_MD5_56) {
uint8_t L40[14] = "fortybits";
bcopy(t, L40 + 10, 4);
arcfour_hmac(ks->ks_key, L40, 14, newkey);
memset(newkey + 7, 0xab, 9);
} else {
arcfour_hmac(ks->ks_key, t, 4, newkey);
}
}
static int
rc4_crypt_int(void *rs, void *buf, u_int len)
{
rc4_crypt(rs, buf, buf, len);
return (0);
}
static void
arcfour_encrypt(const struct krb5_key_state *ks, struct mbuf *inout,
size_t skip, size_t len, void *ivec, size_t ivlen)
{
struct rc4_state rs;
uint8_t newkey[16];
arcfour_derive_key(ks, 0, newkey);
/*
* If we have an IV, then generate a new key from it using HMAC.
*/
if (ivec) {
uint8_t kk[16];
arcfour_hmac(newkey, ivec, ivlen, kk);
rc4_init(&rs, kk, 16);
} else {
rc4_init(&rs, newkey, 16);
}
m_apply(inout, skip, len, rc4_crypt_int, &rs);
}
static int
MD5Update_int(void *ctx, void *buf, u_int len)
{
MD5Update(ctx, buf, len);
return (0);
}
static void
arcfour_checksum(const struct krb5_key_state *ks, int usage,
struct mbuf *inout, size_t skip, size_t inlen, size_t outlen)
{
MD5_CTX md5;
uint8_t Ksign[16];
uint8_t t[4];
uint8_t sgn_cksum[16];
arcfour_hmac(ks->ks_key, "signaturekey", 13, Ksign);
t[0] = usage >> 0;
t[1] = usage >> 8;
t[2] = usage >> 16;
t[3] = usage >> 24;
MD5Init(&md5);
MD5Update(&md5, t, 4);
m_apply(inout, skip, inlen, MD5Update_int, &md5);
MD5Final(sgn_cksum, &md5);
arcfour_hmac(Ksign, sgn_cksum, 16, sgn_cksum);
m_copyback(inout, skip + inlen, outlen, sgn_cksum);
}
struct krb5_encryption_class krb5_arcfour_encryption_class = {
"arcfour-hmac-md5", /* name */
ETYPE_ARCFOUR_HMAC_MD5, /* etype */
0, /* flags */
1, /* blocklen */
1, /* msgblocklen */
8, /* checksumlen */
128, /* keybits */
16, /* keylen */
arcfour_init,
arcfour_destroy,
arcfour_set_key,
arcfour_random_to_key,
arcfour_encrypt,
arcfour_encrypt,
arcfour_checksum
};
struct krb5_encryption_class krb5_arcfour_56_encryption_class = {
"arcfour-hmac-md5-56", /* name */
ETYPE_ARCFOUR_HMAC_MD5_56, /* etype */
0, /* flags */
1, /* blocklen */
1, /* msgblocklen */
8, /* checksumlen */
128, /* keybits */
16, /* keylen */
arcfour_init,
arcfour_destroy,
arcfour_set_key,
arcfour_random_to_key,
arcfour_encrypt,
arcfour_encrypt,
arcfour_checksum
};

260
sys/kgssapi/krb5/kcrypto_des.c
View File

@ -1,260 +0,0 @@
/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2008 Isilon Inc http://www.isilon.com/
* Authors: Doug Rabson <dfr@rabson.org>
* Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/lock.h>
#include <sys/kobj.h>
#include <sys/malloc.h>
#include <sys/md5.h>
#include <sys/mutex.h>
#include <sys/mbuf.h>
#include <crypto/des/des.h>
#include <opencrypto/cryptodev.h>
#include <kgssapi/gssapi.h>
#include <kgssapi/gssapi_impl.h>
#include "kcrypto.h"
struct des1_state {
struct mtx ds_lock;
crypto_session_t ds_session;
};
static void
des1_init(struct krb5_key_state *ks)
{
static struct timeval lastwarn;
struct des1_state *ds;
ds = malloc(sizeof(struct des1_state), M_GSSAPI, M_WAITOK|M_ZERO);
mtx_init(&ds->ds_lock, "gss des lock", NULL, MTX_DEF);
ks->ks_priv = ds;
if (ratecheck(&lastwarn, &krb5_warn_interval))
gone_in(13, "DES cipher for Kerberos GSS");
}
static void
des1_destroy(struct krb5_key_state *ks)
{
struct des1_state *ds = ks->ks_priv;
if (ds->ds_session)
crypto_freesession(ds->ds_session);
mtx_destroy(&ds->ds_lock);
free(ks->ks_priv, M_GSSAPI);
}
static void
des1_set_key(struct krb5_key_state *ks, const void *in)
{
struct crypto_session_params csp;
void *kp = ks->ks_key;
struct des1_state *ds = ks->ks_priv;
if (ds->ds_session)
crypto_freesession(ds->ds_session);
if (kp != in)
bcopy(in, kp, ks->ks_class->ec_keylen);
memset(&csp, 0, sizeof(csp));
csp.csp_mode = CSP_MODE_CIPHER;
csp.csp_ivlen = 8;
csp.csp_cipher_alg = CRYPTO_DES_CBC;
csp.csp_cipher_klen = 8;
csp.csp_cipher_key = ks->ks_key;
crypto_newsession(&ds->ds_session, &csp,
CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE);
}
static void
des1_random_to_key(struct krb5_key_state *ks, const void *in)
{
uint8_t *outkey = ks->ks_key;
const uint8_t *inkey = in;
/*
* Expand 56 bits of random data to 64 bits as follows
* (in the example, bit number 1 is the MSB of the 56
* bits of random data):
*
* expanded =
* 1 2 3 4 5 6 7 p
* 9 10 11 12 13 14 15 p
* 17 18 19 20 21 22 23 p
* 25 26 27 28 29 30 31 p
* 33 34 35 36 37 38 39 p
* 41 42 43 44 45 46 47 p
* 49 50 51 52 53 54 55 p
* 56 48 40 32 24 16 8 p
*/
outkey[0] = inkey[0];
outkey[1] = inkey[1];
outkey[2] = inkey[2];
outkey[3] = inkey[3];
outkey[4] = inkey[4];
outkey[5] = inkey[5];
outkey[6] = inkey[6];
outkey[7] = (((inkey[0] & 1) << 1)
| ((inkey[1] & 1) << 2)
| ((inkey[2] & 1) << 3)
| ((inkey[3] & 1) << 4)
| ((inkey[4] & 1) << 5)
| ((inkey[5] & 1) << 6)
| ((inkey[6] & 1) << 7));
des_set_odd_parity(outkey);
if (des_is_weak_key(outkey))
outkey[7] ^= 0xf0;
des1_set_key(ks, ks->ks_key);
}
static int
des1_crypto_cb(struct cryptop *crp)
{
int error;
struct des1_state *ds = (struct des1_state *) crp->crp_opaque;
if (crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC)
return (0);
error = crp->crp_etype;
if (error == EAGAIN)
error = crypto_dispatch(crp);
mtx_lock(&ds->ds_lock);
if (error || (crp->crp_flags & CRYPTO_F_DONE))
wakeup(crp);
mtx_unlock(&ds->ds_lock);
return (0);
}
static void
des1_encrypt_1(const struct krb5_key_state *ks, int buf_type, void *buf,
size_t skip, size_t len, void *ivec, bool encrypt)
{
struct des1_state *ds = ks->ks_priv;
struct cryptop *crp;
int error;
crp = crypto_getreq(ds->ds_session, M_WAITOK);
crp->crp_payload_start = skip;
crp->crp_payload_length = len;
crp->crp_op = encrypt ? CRYPTO_OP_ENCRYPT : CRYPTO_OP_DECRYPT;
crp->crp_flags = CRYPTO_F_CBIFSYNC | CRYPTO_F_IV_SEPARATE;
if (ivec) {
memcpy(crp->crp_iv, ivec, 8);
} else {
memset(crp->crp_iv, 0, 8);
}
crp->crp_buf_type = buf_type;
crp->crp_buf = buf;
crp->crp_opaque = ds;
crp->crp_callback = des1_crypto_cb;
error = crypto_dispatch(crp);
if ((crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) {
mtx_lock(&ds->ds_lock);
if (!error && !(crp->crp_flags & CRYPTO_F_DONE))
error = msleep(crp, &ds->ds_lock, 0, "gssdes", 0);
mtx_unlock(&ds->ds_lock);
}
crypto_freereq(crp);
}
static void
des1_encrypt(const struct krb5_key_state *ks, struct mbuf *inout,
size_t skip, size_t len, void *ivec, size_t ivlen)
{
des1_encrypt_1(ks, CRYPTO_BUF_MBUF, inout, skip, len, ivec, true);
}
static void
des1_decrypt(const struct krb5_key_state *ks, struct mbuf *inout,
size_t skip, size_t len, void *ivec, size_t ivlen)
{
des1_encrypt_1(ks, CRYPTO_BUF_MBUF, inout, skip, len, ivec, false);
}
static int
MD5Update_int(void *ctx, void *buf, u_int len)
{
MD5Update(ctx, buf, len);
return (0);
}
static void
des1_checksum(const struct krb5_key_state *ks, int usage,
struct mbuf *inout, size_t skip, size_t inlen, size_t outlen)
{
char hash[16];
MD5_CTX md5;
/*
* This checksum is specifically for GSS-API. First take the
* MD5 checksum of the message, then calculate the CBC mode
* checksum of that MD5 checksum using a zero IV.
*/
MD5Init(&md5);
m_apply(inout, skip, inlen, MD5Update_int, &md5);
MD5Final(hash, &md5);
des1_encrypt_1(ks, CRYPTO_BUF_CONTIG, hash, 0, 16, NULL, true);
m_copyback(inout, skip + inlen, outlen, hash + 8);
}
struct krb5_encryption_class krb5_des_encryption_class = {
"des-cbc-md5", /* name */
ETYPE_DES_CBC_CRC, /* etype */
0, /* flags */
8, /* blocklen */
8, /* msgblocklen */
8, /* checksumlen */
56, /* keybits */
8, /* keylen */
des1_init,
des1_destroy,
des1_set_key,
des1_random_to_key,
des1_encrypt,
des1_decrypt,
des1_checksum
};

401
sys/kgssapi/krb5/kcrypto_des3.c
View File

@ -1,401 +0,0 @@
/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2008 Isilon Inc http://www.isilon.com/
* Authors: Doug Rabson <dfr@rabson.org>
* Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
#include <sys/kobj.h>
#include <sys/mbuf.h>
#include <crypto/des/des.h>
#include <opencrypto/cryptodev.h>
#include <kgssapi/gssapi.h>
#include <kgssapi/gssapi_impl.h>
#include "kcrypto.h"
#define DES3_FLAGS (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)
struct des3_state {
struct mtx ds_lock;
crypto_session_t ds_cipher_session;
crypto_session_t ds_hmac_session;
};
static void
des3_init(struct krb5_key_state *ks)
{
static struct timeval lastwarn;
struct des3_state *ds;
ds = malloc(sizeof(struct des3_state), M_GSSAPI, M_WAITOK|M_ZERO);
mtx_init(&ds->ds_lock, "gss des3 lock", NULL, MTX_DEF);
ks->ks_priv = ds;
if (ratecheck(&lastwarn, &krb5_warn_interval))
gone_in(13, "DES3 cipher for Kerberos GSS");
}
static void
des3_destroy(struct krb5_key_state *ks)
{
struct des3_state *ds = ks->ks_priv;
if (ds->ds_cipher_session) {
crypto_freesession(ds->ds_cipher_session);
crypto_freesession(ds->ds_hmac_session);
}
mtx_destroy(&ds->ds_lock);
free(ks->ks_priv, M_GSSAPI);
}
static void
des3_set_key(struct krb5_key_state *ks, const void *in)
{
struct crypto_session_params csp;
void *kp = ks->ks_key;
struct des3_state *ds = ks->ks_priv;
if (ds->ds_cipher_session) {
crypto_freesession(ds->ds_cipher_session);
crypto_freesession(ds->ds_hmac_session);
}
if (kp != in)
bcopy(in, kp, ks->ks_class->ec_keylen);
memset(&csp, 0, sizeof(csp));
csp.csp_mode = CSP_MODE_DIGEST;
csp.csp_auth_alg = CRYPTO_SHA1_HMAC;
csp.csp_auth_klen = 24;
csp.csp_auth_key = ks->ks_key;
crypto_newsession(&ds->ds_hmac_session, &csp,
CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE);
memset(&csp, 0, sizeof(csp));
csp.csp_mode = CSP_MODE_CIPHER;
csp.csp_cipher_alg = CRYPTO_3DES_CBC;
csp.csp_cipher_klen = 24;
csp.csp_cipher_key = ks->ks_key;
csp.csp_ivlen = 8;
crypto_newsession(&ds->ds_cipher_session, &csp,
CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE);
}
static void
des3_random_to_key(struct krb5_key_state *ks, const void *in)
{
uint8_t *outkey;
const uint8_t *inkey;
int subkey;
for (subkey = 0, outkey = ks->ks_key, inkey = in; subkey < 3;
subkey++, outkey += 8, inkey += 7) {
/*
* Expand 56 bits of random data to 64 bits as follows
* (in the example, bit number 1 is the MSB of the 56
* bits of random data):
*
* expanded =
* 1 2 3 4 5 6 7 p
* 9 10 11 12 13 14 15 p
* 17 18 19 20 21 22 23 p
* 25 26 27 28 29 30 31 p
* 33 34 35 36 37 38 39 p
* 41 42 43 44 45 46 47 p
* 49 50 51 52 53 54 55 p
* 56 48 40 32 24 16 8 p
*/
outkey[0] = inkey[0];
outkey[1] = inkey[1];
outkey[2] = inkey[2];
outkey[3] = inkey[3];
outkey[4] = inkey[4];
outkey[5] = inkey[5];
outkey[6] = inkey[6];
outkey[7] = (((inkey[0] & 1) << 1)
| ((inkey[1] & 1) << 2)
| ((inkey[2] & 1) << 3)
| ((inkey[3] & 1) << 4)
| ((inkey[4] & 1) << 5)
| ((inkey[5] & 1) << 6)
| ((inkey[6] & 1) << 7));
des_set_odd_parity(outkey);
if (des_is_weak_key(outkey))
outkey[7] ^= 0xf0;
}
des3_set_key(ks, ks->ks_key);
}
static int
des3_crypto_cb(struct cryptop *crp)
{
int error;
struct des3_state *ds = (struct des3_state *) crp->crp_opaque;
if (crypto_ses2caps(crp->crp_session) & CRYPTOCAP_F_SYNC)
return (0);
error = crp->crp_etype;
if (error == EAGAIN)
error = crypto_dispatch(crp);
mtx_lock(&ds->ds_lock);
if (error || (crp->crp_flags & CRYPTO_F_DONE))
wakeup(crp);
mtx_unlock(&ds->ds_lock);
return (0);
}
static void
des3_encrypt_1(const struct krb5_key_state *ks, struct mbuf *inout,
size_t skip, size_t len, void *ivec, bool encrypt)
{
struct des3_state *ds = ks->ks_priv;
struct cryptop *crp;
int error;
crp = crypto_getreq(ds->ds_cipher_session, M_WAITOK);
crp->crp_payload_start = skip;
crp->crp_payload_length = len;
crp->crp_op = encrypt ? CRYPTO_OP_ENCRYPT : CRYPTO_OP_DECRYPT;
crp->crp_flags = CRYPTO_F_CBIFSYNC | CRYPTO_F_IV_SEPARATE;
if (ivec) {
memcpy(crp->crp_iv, ivec, 8);
} else {
memset(crp->crp_iv, 0, 8);
}
crp->crp_buf_type = CRYPTO_BUF_MBUF;
crp->crp_mbuf = inout;
crp->crp_opaque = ds;
crp->crp_callback = des3_crypto_cb;
error = crypto_dispatch(crp);
if ((crypto_ses2caps(ds->ds_cipher_session) & CRYPTOCAP_F_SYNC) == 0) {
mtx_lock(&ds->ds_lock);
if (!error && !(crp->crp_flags & CRYPTO_F_DONE))
error = msleep(crp, &ds->ds_lock, 0, "gssdes3", 0);
mtx_unlock(&ds->ds_lock);
}
crypto_freereq(crp);
}
static void
des3_encrypt(const struct krb5_key_state *ks, struct mbuf *inout,
size_t skip, size_t len, void *ivec, size_t ivlen)
{
des3_encrypt_1(ks, inout, skip, len, ivec, true);
}
static void
des3_decrypt(const struct krb5_key_state *ks, struct mbuf *inout,
size_t skip, size_t len, void *ivec, size_t ivlen)
{
des3_encrypt_1(ks, inout, skip, len, ivec, false);
}
static void
des3_checksum(const struct krb5_key_state *ks, int usage,
struct mbuf *inout, size_t skip, size_t inlen, size_t outlen)
{
struct des3_state *ds = ks->ks_priv;
struct cryptop *crp;
int error;
crp = crypto_getreq(ds->ds_hmac_session, M_WAITOK);
crp->crp_payload_start = skip;
crp->crp_payload_length = inlen;
crp->crp_digest_start = skip + inlen;
crp->crp_op = CRYPTO_OP_COMPUTE_DIGEST;
crp->crp_flags = CRYPTO_F_CBIFSYNC;
crp->crp_buf_type = CRYPTO_BUF_MBUF;
crp->crp_mbuf = inout;
crp->crp_opaque = ds;
crp->crp_callback = des3_crypto_cb;
error = crypto_dispatch(crp);
if ((crypto_ses2caps(ds->ds_hmac_session) & CRYPTOCAP_F_SYNC) == 0) {
mtx_lock(&ds->ds_lock);
if (!error && !(crp->crp_flags & CRYPTO_F_DONE))
error = msleep(crp, &ds->ds_lock, 0, "gssdes3", 0);
mtx_unlock(&ds->ds_lock);
}
crypto_freereq(crp);
}
struct krb5_encryption_class krb5_des3_encryption_class = {
"des3-cbc-sha1", /* name */
ETYPE_DES3_CBC_SHA1, /* etype */
EC_DERIVED_KEYS, /* flags */
8, /* blocklen */
8, /* msgblocklen */
20, /* checksumlen */
168, /* keybits */
24, /* keylen */
des3_init,
des3_destroy,
des3_set_key,
des3_random_to_key,
des3_encrypt,
des3_decrypt,
des3_checksum
};
#if 0
struct des3_dk_test {
uint8_t key[24];
uint8_t usage[8];
size_t usagelen;
uint8_t dk[24];
};
struct des3_dk_test tests[] = {
{{0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 0x1c, 0x3d, 0xb5,
0x7c, 0x51, 0x89, 0x9b, 0x2c, 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97,
0x3b, 0x92},
{0x00, 0x00, 0x00, 0x01, 0x55}, 5,
{0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 0x5d, 0x31, 0x92,
0xc4, 0xa7, 0xe9, 0xc2, 0x89, 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6,
0x04, 0xcd}},
{{0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 0x46, 0x57, 0x85,
0x31, 0xcb, 0x51, 0xc1, 0x5b, 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce,
0xe9, 0xf2},
{0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
{0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 0x10, 0x1c, 0x46,
0x98, 0x45, 0xd6, 0x7a, 0x20, 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13,
0xf2, 0x07}},
{{0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 0x9b, 0x75, 0xa1,
0x76, 0x54, 0x0b, 0x97, 0x52, 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2,
0x52, 0xbc},
{0x00, 0x00, 0x00, 0x01, 0x55}, 5,
{0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 0x6d, 0x13, 0xfd,
0x2c, 0xa1, 0xd0, 0x85, 0x07, 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08,
0xea, 0xbf}},
{{0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 0x70, 0x94, 0x68,
0x0b, 0x7c, 0x64, 0x94, 0x02, 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec,
0x92, 0xb5},
{0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
{0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 0xdc, 0x07, 0x02,
0x68, 0x6b, 0xcb, 0x34, 0x89, 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b,
0x70, 0x3e}},
{{0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 0xdc, 0xb9, 0xb9,
0x3e, 0xe5, 0xa7, 0x62, 0x92, 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8,
0x02, 0xfb},
{0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73}, 8,
{0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 0x64, 0xce, 0xbf,
0xdc, 0x52, 0x04, 0xd5, 0x6d, 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9,
0xda, 0x43}},
{{0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 0xe6, 0xa1, 0x45,
0x9d, 0x01, 0xdf, 0xd3, 0x0d, 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07,
0x04, 0xda},
{0x00, 0x00, 0x00, 0x01, 0x55}, 5,
{0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 0x16, 0x16, 0x1c,
0x2a, 0x4c, 0x7a, 0x94, 0x3e, 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91,
0x75, 0xf7}},
{{0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 0x15, 0x57, 0x19,
0xd5, 0x5e, 0x2f, 0x1f, 0x79, 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7,
0x91, 0x7c},
{0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
{0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 0xcb, 0xe9, 0xa7,
0xc8, 0x46, 0x26, 0xfb, 0xc7, 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15,
0xe5, 0xc1}},
{{0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 0xdc, 0x8c, 0x34,
0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad,
0xc4, 0x43},
{0x00, 0x00, 0x00, 0x01, 0x55}, 5,
{0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 0xf7, 0x54, 0x25,
0xce, 0x91, 0x75, 0xfb, 0xe3, 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70,
0x3b, 0x49}},
{{0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 0x2f, 0xea, 0xb9,
0xa8, 0x70, 0x1a, 0x89, 0xa4, 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec,
0xd0, 0x16},
{0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
{0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 0x54, 0xe6, 0x94,
0xfd, 0x25, 0x2c, 0xf8, 0x3b, 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37,
0xec, 0x5d}},
};
#define N_TESTS (sizeof(tests) / sizeof(tests[0]))
int
main(int argc, char **argv)
{
struct krb5_key_state *key, *dk;
uint8_t *dkp;
int j, i;
for (j = 0; j < N_TESTS; j++) {
struct des3_dk_test *t = &tests[j];
key = krb5_create_key(&des3_encryption_class);
krb5_set_key(key, t->key);
dk = krb5_derive_key(key, t->usage, t->usagelen);
krb5_free_key(key);
if (memcmp(dk->ks_key, t->dk, 24)) {
printf("DES3 dk(");
for (i = 0; i < 24; i++)
printf("%02x", t->key[i]);
printf(", ");
for (i = 0; i < t->usagelen; i++)
printf("%02x", t->usage[i]);
printf(") failed\n");
printf("should be: ");
for (i = 0; i < 24; i++)
printf("%02x", t->dk[i]);
printf("\n result was: ");
dkp = dk->ks_key;
for (i = 0; i < 24; i++)
printf("%02x", dkp[i]);
printf("\n");
}
krb5_free_key(dk);
}
return (0);
}
#endif

3
sys/modules/kgssapi_krb5/Makefile
View File

@ -5,10 +5,7 @@ KMOD= kgssapi_krb5
SRCS= krb5_mech.c \
kcrypto.c \
kcrypto_des.c \
kcrypto_des3.c \
kcrypto_aes.c \
kcrypto_arcfour.c \
opt_inet6.h
SRCS+= kgss_if.h gssd.h