Background:
When libdes was replaced with OpenSSL's libcrypto, there were a few interfaces that the former implemented but the latter did not. Because some software in the base system still depended upon these interfaces, we simply included them in our libcrypto (rnd_keys.c). Now, finally get around to removing the dependencies on these interfaces. There were basically two cases: des_new_random_key -- This is just a wrapper for des_random_key, and these calls were replaced. des_init_random_number_generator et. al. -- A few functions were used by the application to seed libdes's PRNG. These are not necessary when using libcrypto, as OpenSSL internally seeds the PRNG from /dev/random. These calls were simply removed. Again, some of the Kerberos 4 files have been taken off the vendor branch. I do not expect there to be future imports of KTH Kerberos 4.
This commit is contained in:
parent
38563e3c33
commit
4b2eaea43f
@ -54,7 +54,6 @@ static const char sccsid[] = "@(#)enc_des.c 8.3 (Berkeley) 5/30/95";
|
||||
#include "misc-proto.h"
|
||||
|
||||
extern int encrypt_debug_mode;
|
||||
void des_set_random_generator_seed(des_cblock *); /* XXX */
|
||||
|
||||
#define CFB 0
|
||||
#define OFB 1
|
||||
@ -75,7 +74,6 @@ struct fb {
|
||||
int need_start;
|
||||
int state[2];
|
||||
int keyid[2];
|
||||
int once;
|
||||
struct stinfo {
|
||||
Block str_output;
|
||||
Block str_feed;
|
||||
@ -211,7 +209,7 @@ fb64_start(struct fb *fbp, int dir, int server __unused)
|
||||
/*
|
||||
* Create a random feed and send it over.
|
||||
*/
|
||||
des_new_random_key((Block *)fbp->temp_feed);
|
||||
des_random_key((Block *)fbp->temp_feed);
|
||||
des_ecb_encrypt((Block *)fbp->temp_feed, (Block *)fbp->temp_feed,
|
||||
fbp->krbdes_sched, 1);
|
||||
p = fbp->fb_feed + 3;
|
||||
@ -397,10 +395,6 @@ fb64_session(Session_Key *key, int server, struct fb *fbp)
|
||||
fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
|
||||
fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
|
||||
|
||||
if (fbp->once == 0) {
|
||||
des_set_random_generator_seed((Block *)fbp->krbdes_key);
|
||||
fbp->once = 1;
|
||||
}
|
||||
des_key_sched((Block *)fbp->krbdes_key, fbp->krbdes_sched);
|
||||
/*
|
||||
* Now look to see if krbdes_start() was was waiting for
|
||||
|
@ -207,8 +207,7 @@ kerberos4_send(Authenticator *ap)
|
||||
register int i;
|
||||
|
||||
des_key_sched(&cred.session, sched);
|
||||
des_init_random_number_generator(&cred.session);
|
||||
des_new_random_key(&session_key);
|
||||
des_random_key(&session_key);
|
||||
des_ecb_encrypt(&session_key, &session_key, sched, 0);
|
||||
des_ecb_encrypt(&session_key, &challenge, sched, 0);
|
||||
/*
|
||||
@ -299,11 +298,6 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
|
||||
break;
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialize the random number generator since it's
|
||||
* used later on by the encryption routine.
|
||||
*/
|
||||
des_init_random_number_generator(&session_key);
|
||||
des_key_sched(&session_key, sched);
|
||||
memmove((void *)datablock, (void *)data, sizeof(Block));
|
||||
/*
|
||||
|
@ -8,6 +8,7 @@
|
||||
* This routine changes the Kerberos encryption keys for principals,
|
||||
* i.e., users or services.
|
||||
*/
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* exit returns 0 ==> success -1 ==> error
|
||||
@ -162,7 +163,7 @@ change_principal(void)
|
||||
memset(new_key, 0, sizeof(des_cblock));
|
||||
new_key[0] = 127;
|
||||
#else
|
||||
des_new_random_key(&new_key);
|
||||
des_random_key(new_key);
|
||||
#endif
|
||||
memset(pw_str, 0, sizeof pw_str);
|
||||
}
|
||||
@ -384,9 +385,6 @@ main(int argc, char **argv)
|
||||
stdout)) < 0)
|
||||
return 1;
|
||||
|
||||
/* Initialize non shared random sequence */
|
||||
des_init_random_number_generator(&master_key);
|
||||
|
||||
/* lookup the default values */
|
||||
n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
|
||||
&default_princ, 1, &more);
|
||||
|
@ -7,6 +7,7 @@
|
||||
* program to initialize the database, reports error if database file
|
||||
* already exists.
|
||||
*/
|
||||
/* $FreeBSD$ */
|
||||
|
||||
#include "adm_locl.h"
|
||||
|
||||
@ -43,7 +44,7 @@ add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife)
|
||||
memset(new_key, 0, sizeof(des_cblock));
|
||||
new_key[0] = 127;
|
||||
#else
|
||||
des_new_random_key(&new_key);
|
||||
des_random_key(new_key);
|
||||
#endif
|
||||
kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule,
|
||||
DES_ENCRYPT);
|
||||
@ -142,9 +143,6 @@ main(int argc, char **argv)
|
||||
fprintf(stderr, "Wrote master key to %s\n", MKEYFILE);
|
||||
#endif
|
||||
|
||||
/* Initialize non shared random sequence */
|
||||
des_init_random_number_generator(&master_key);
|
||||
|
||||
/* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */
|
||||
#define ADMLIFE (1 + (CLOCK_SKEW/(5*60)))
|
||||
|
||||
|
@ -18,6 +18,7 @@ this software for any purpose. It is provided "as is" without express
|
||||
or implied warranty.
|
||||
|
||||
*/
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* Kerberos database administrator's tool.
|
||||
@ -212,7 +213,7 @@ passwd_to_lowhigh(u_int32_t *low, u_int32_t *high, char *password, int byteswap)
|
||||
#ifdef NOENCRYPTION
|
||||
memset(newkey, 0, sizeof(newkey));
|
||||
#else
|
||||
des_new_random_key(&newkey);
|
||||
des_random_key(newkey);
|
||||
#endif
|
||||
} else {
|
||||
#ifdef NOENCRYPTION
|
||||
@ -288,7 +289,6 @@ get_admin_password(void)
|
||||
/* Initialize non shared random sequence from session key. */
|
||||
memset(&c, 0, sizeof(c));
|
||||
krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c);
|
||||
des_init_random_number_generator(&c.session);
|
||||
}
|
||||
else
|
||||
status = KDC_PR_UNKNOWN;
|
||||
|
@ -18,6 +18,7 @@ this software for any purpose. It is provided "as is" without express
|
||||
or implied warranty.
|
||||
|
||||
*/
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
* list and update contents of srvtab files
|
||||
@ -228,7 +229,7 @@ get_svc_new_key(des_cblock *new_key, char *sname, char *sinst,
|
||||
memset(new_key, 0, sizeof(des_cblock));
|
||||
(*new_key)[0] = (unsigned char) 1;
|
||||
#else /* NOENCRYPTION */
|
||||
des_new_random_key(new_key);
|
||||
des_random_key(*new_key);
|
||||
#endif /* NOENCRYPTION */
|
||||
return(KADM_SUCCESS);
|
||||
}
|
||||
@ -494,17 +495,6 @@ main(int argc, char **argv)
|
||||
printf("Not changing this key.\n");
|
||||
|
||||
if (change_this_key) {
|
||||
/*
|
||||
* This is not a good choice of seed when/if the
|
||||
* key has been compromised so we also use a
|
||||
* random sequence number!
|
||||
*/
|
||||
des_init_random_number_generator(&old_key);
|
||||
{
|
||||
des_cblock seqnum;
|
||||
des_generate_random_block(&seqnum);
|
||||
des_set_sequence_number((unsigned char *)&seqnum);
|
||||
}
|
||||
/*
|
||||
* Pick a new key and determine whether or not
|
||||
* it is safe to change
|
||||
|
@ -30,6 +30,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
/* $FreeBSD$ */
|
||||
|
||||
#include "kadm_locl.h"
|
||||
#include "ksrvutil.h"
|
||||
@ -82,11 +83,6 @@ get_admin_password(char *myname, char *myinst, char *myrealm)
|
||||
status = krb_get_pw_in_tkt(myname, myinst, myrealm, PWSERV_NAME,
|
||||
KADM_SINST, ticket_life, admin_passwd);
|
||||
memset(admin_passwd, 0, sizeof(admin_passwd));
|
||||
|
||||
/* Initialize non shared random sequence from session key. */
|
||||
memset(&c, 0, sizeof(c));
|
||||
krb_get_cred(PWSERV_NAME, KADM_SINST, myrealm, &c);
|
||||
des_init_random_number_generator(&c.session);
|
||||
} else
|
||||
status = KDC_PR_UNKNOWN;
|
||||
|
||||
@ -190,7 +186,7 @@ get_srvtab_ent(int unique_filename, int fd, char *filename,
|
||||
memset(&values, 0, sizeof(values));
|
||||
strlcpy(values.name, name, sizeof(values.name));
|
||||
strlcpy(values.instance, inst, sizeof(values.instance));
|
||||
des_new_random_key(&newkey);
|
||||
des_random_key(newkey);
|
||||
values.key_low = (newkey[0] << 24) | (newkey[1] << 16)
|
||||
| (newkey[2] << 8) | (newkey[3] << 0);
|
||||
values.key_high = (newkey[4] << 24) | (newkey[5] << 16)
|
||||
@ -295,9 +291,7 @@ ksrvutil_kadm(int unique_filename, int fd, char *filename, struct srv_ent *p)
|
||||
}
|
||||
|
||||
ret = krb_get_cred (PWSERV_NAME, KADM_SINST, u_realm, &c);
|
||||
if (ret == KSUCCESS)
|
||||
des_init_random_number_generator (&c.session);
|
||||
else {
|
||||
if (ret != KSUCCESS) {
|
||||
umask(077);
|
||||
|
||||
/*
|
||||
|
@ -30,6 +30,7 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
/* $FreeBSD$ */
|
||||
|
||||
#include "kadm_locl.h"
|
||||
|
||||
@ -57,7 +58,7 @@ random_password(char *pw, size_t len, u_int32_t *low, u_int32_t *high)
|
||||
{
|
||||
des_cblock newkey;
|
||||
#ifdef OTP_STYLE
|
||||
des_new_random_key(&newkey);
|
||||
des_random_key(&newkey);
|
||||
otp_print_stddict (newkey, pw, len);
|
||||
strlwr(pw);
|
||||
#else
|
||||
@ -87,7 +88,7 @@ static int
|
||||
RND(des_cblock *key, int *left)
|
||||
{
|
||||
if(*left == 0){
|
||||
des_new_random_key(key);
|
||||
des_random_key(*key);
|
||||
*left = 8;
|
||||
}
|
||||
(*left)--;
|
||||
|
@ -334,7 +334,7 @@ kerberos(unsigned char *buf, int len,
|
||||
life = min(life, s_name.max_life);
|
||||
life = min(life, a_name.max_life);
|
||||
|
||||
des_new_random_key(&session);
|
||||
des_random_key(session);
|
||||
copy_to_key(&s_name.key_low, &s_name.key_high, key);
|
||||
unseal(&key);
|
||||
krb_create_ticket(tk, flags, a_name.name, a_name.instance,
|
||||
@ -428,7 +428,7 @@ kerberos(unsigned char *buf, int len,
|
||||
life = min(life, s_name.max_life);
|
||||
copy_to_key(&s_name.key_low, &s_name.key_high, key);
|
||||
unseal(&key);
|
||||
des_new_random_key(&session);
|
||||
des_random_key(session);
|
||||
krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm,
|
||||
client->sin_addr.s_addr, &session,
|
||||
life, kerb_time.tv_sec,
|
||||
@ -860,7 +860,6 @@ main(int argc, char **argv)
|
||||
|
||||
fprintf(stdout, "\nCurrent Kerberos master key version is %d\n",
|
||||
master_key_version);
|
||||
des_init_random_number_generator(&master_key);
|
||||
|
||||
if (!rflag) {
|
||||
/* Look up our local realm */
|
||||
|
@ -1,444 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by the Kungliga Tekniska
|
||||
* Högskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <openssl/des.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/resource.h>
|
||||
#include <fcntl.h>
|
||||
#include <signal.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#ifndef RETSIGTYPE
|
||||
#define RETSIGTYPE void
|
||||
#define SIGRETURN(x) return
|
||||
#else
|
||||
#define SIGRETURN(x) return (RETSIGTYPE)(x)
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Generate "random" data by checksumming a file.
|
||||
*
|
||||
* Returns -1 if there were any problems with permissions or I/O
|
||||
* errors.
|
||||
*/
|
||||
static
|
||||
int
|
||||
sumFile (const char *name, int len, void *res)
|
||||
{
|
||||
u_int32_t sum[2];
|
||||
u_int32_t buf[1024*2];
|
||||
int fd, i;
|
||||
|
||||
fd = open (name, 0);
|
||||
if (fd < 0)
|
||||
return -1;
|
||||
|
||||
while (len > 0)
|
||||
{
|
||||
int n = read(fd, buf, sizeof(buf));
|
||||
if (n < 0)
|
||||
{
|
||||
close(fd);
|
||||
return n;
|
||||
}
|
||||
for (i = 0; i < (n/sizeof(buf[0])); i++)
|
||||
{
|
||||
sum[0] += buf[i];
|
||||
i++;
|
||||
sum[1] += buf[i];
|
||||
}
|
||||
len -= n;
|
||||
}
|
||||
close (fd);
|
||||
memcpy (res, &sum, sizeof(sum));
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Create a sequence of random 64 bit blocks.
|
||||
* The sequence is indexed with a long long and
|
||||
* based on an initial des key used as a seed.
|
||||
*/
|
||||
static des_key_schedule sequence_seed;
|
||||
static u_int32_t sequence_index[2];
|
||||
|
||||
/*
|
||||
* Random number generator based on ideas from truerand in cryptolib
|
||||
* as described on page 424 in Applied Cryptography 2 ed. by Bruce
|
||||
* Schneier.
|
||||
*/
|
||||
|
||||
static volatile int counter;
|
||||
static volatile unsigned char *gdata; /* Global data */
|
||||
static volatile int igdata; /* Index into global data */
|
||||
static int gsize;
|
||||
|
||||
#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
|
||||
/* Visual C++ 4.0 (Windows95/NT) */
|
||||
|
||||
static
|
||||
RETSIGTYPE
|
||||
sigALRM(int sig)
|
||||
{
|
||||
if (igdata < gsize)
|
||||
gdata[igdata++] ^= counter & 0xff;
|
||||
|
||||
#ifndef HAVE_SIGACTION
|
||||
signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */
|
||||
#endif
|
||||
SIGRETURN(0);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#if !defined(HAVE_RANDOM) && defined(HAVE_RAND)
|
||||
#ifndef srandom
|
||||
#define srandom srand
|
||||
#endif
|
||||
#ifndef random
|
||||
#define random rand
|
||||
#endif
|
||||
#endif
|
||||
|
||||
static void
|
||||
des_not_rand_data(unsigned char *data, int size)
|
||||
{
|
||||
int i;
|
||||
|
||||
srandom (time (NULL));
|
||||
|
||||
for(i = 0; i < size; ++i)
|
||||
data[i] ^= random() % 0x100;
|
||||
}
|
||||
|
||||
#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
|
||||
|
||||
#ifndef HAVE_SETITIMER
|
||||
static void
|
||||
pacemaker(struct timeval *tv)
|
||||
{
|
||||
fd_set fds;
|
||||
pid_t pid;
|
||||
pid = getppid();
|
||||
while(1){
|
||||
FD_ZERO(&fds);
|
||||
FD_SET(0, &fds);
|
||||
select(1, &fds, NULL, NULL, tv);
|
||||
kill(pid, SIGALRM);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SIGACTION
|
||||
/* XXX ugly hack, should perhaps use function from roken */
|
||||
static RETSIGTYPE
|
||||
(*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int)
|
||||
{
|
||||
struct sigaction sa, osa;
|
||||
sa.sa_handler = f;
|
||||
sa.sa_flags = 0;
|
||||
sigemptyset(&sa.sa_mask);
|
||||
sigaction(sig, &sa, &osa);
|
||||
return osa.sa_handler;
|
||||
}
|
||||
#define signal(S, F) fake_signal((S), (F))
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Generate size bytes of "random" data using timed interrupts.
|
||||
* It takes about 40ms/byte random data.
|
||||
* It's not neccessary to be root to run it.
|
||||
*/
|
||||
void
|
||||
des_rand_data(unsigned char *data, int size)
|
||||
{
|
||||
struct itimerval tv;
|
||||
#ifdef HAVE_SETITIMER
|
||||
struct itimerval otv;
|
||||
#endif
|
||||
RETSIGTYPE (*osa)(int);
|
||||
int i, j;
|
||||
#ifndef HAVE_SETITIMER
|
||||
RETSIGTYPE (*ochld)(int);
|
||||
pid_t pid;
|
||||
#endif
|
||||
char *rnd_devices[] = {"/dev/random",
|
||||
"/dev/srandom",
|
||||
"/dev/urandom",
|
||||
NULL};
|
||||
char **p;
|
||||
|
||||
for(p = rnd_devices; *p; p++) {
|
||||
int fd = open(*p, O_RDONLY | O_NDELAY);
|
||||
|
||||
if(fd >= 0 && read(fd, data, size) == size) {
|
||||
close(fd);
|
||||
return;
|
||||
}
|
||||
close(fd);
|
||||
}
|
||||
|
||||
/* Paranoia? Initialize data from /dev/mem if we can read it. */
|
||||
if (size >= 8)
|
||||
sumFile("/dev/mem", (1024*1024*2), data);
|
||||
|
||||
gdata = data;
|
||||
gsize = size;
|
||||
igdata = 0;
|
||||
|
||||
osa = signal(SIGALRM, sigALRM);
|
||||
|
||||
/* Start timer */
|
||||
tv.it_value.tv_sec = 0;
|
||||
tv.it_value.tv_usec = 10 * 1000; /* 10 ms */
|
||||
tv.it_interval = tv.it_value;
|
||||
#ifdef HAVE_SETITIMER
|
||||
setitimer(ITIMER_REAL, &tv, &otv);
|
||||
#else
|
||||
ochld = signal(SIGCHLD, SIG_IGN);
|
||||
pid = fork();
|
||||
if(pid == -1){
|
||||
signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
|
||||
des_not_rand_data(data, size);
|
||||
return;
|
||||
}
|
||||
if(pid == 0)
|
||||
pacemaker(&tv.it_interval);
|
||||
#endif
|
||||
|
||||
for(i = 0; i < 4; i++) {
|
||||
for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */
|
||||
counter++;
|
||||
for (j = 0; j < size; j++) /* Only use 2 bits each lap */
|
||||
gdata[j] = (gdata[j]>>2) | (gdata[j]<<6);
|
||||
}
|
||||
#ifdef HAVE_SETITIMER
|
||||
setitimer(ITIMER_REAL, &otv, 0);
|
||||
#else
|
||||
kill(pid, SIGKILL);
|
||||
while(waitpid(pid, NULL, 0) != pid);
|
||||
signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
|
||||
#endif
|
||||
signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL);
|
||||
}
|
||||
#else
|
||||
void
|
||||
des_rand_data(unsigned char *p, int s)
|
||||
{
|
||||
des_not_rand_data (p, s);
|
||||
}
|
||||
#endif
|
||||
|
||||
void
|
||||
des_generate_random_block(des_cblock *block)
|
||||
{
|
||||
des_rand_data((unsigned char *)block, sizeof(*block));
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate a "random" DES key.
|
||||
*/
|
||||
void
|
||||
des_rand_data_key(des_cblock *key)
|
||||
{
|
||||
unsigned char data[8];
|
||||
des_key_schedule sched;
|
||||
do {
|
||||
des_rand_data(data, sizeof(data));
|
||||
des_rand_data((unsigned char*)key, sizeof(des_cblock));
|
||||
des_set_odd_parity(key);
|
||||
des_key_sched(key, sched);
|
||||
des_ecb_encrypt(&data, key, sched, DES_ENCRYPT);
|
||||
memset(&data, 0, sizeof(data));
|
||||
memset(&sched, 0, sizeof(sched));
|
||||
des_set_odd_parity(key);
|
||||
} while(des_is_weak_key(key));
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate "random" data by checksumming /dev/mem
|
||||
*
|
||||
* It's neccessary to be root to run it. Returns -1 if there were any
|
||||
* problems with permissions.
|
||||
*/
|
||||
int
|
||||
des_mem_rand8(unsigned char *data)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* In case the generator does not get initialized use this as fallback.
|
||||
*/
|
||||
static int initialized;
|
||||
|
||||
static void
|
||||
do_initialize(void)
|
||||
{
|
||||
des_cblock default_seed;
|
||||
do {
|
||||
des_generate_random_block(&default_seed);
|
||||
des_set_odd_parity(&default_seed);
|
||||
} while (des_is_weak_key(&default_seed));
|
||||
des_init_random_number_generator(&default_seed);
|
||||
}
|
||||
|
||||
#define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0)
|
||||
|
||||
#define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0)
|
||||
|
||||
#define set_sequence_number(ll) \
|
||||
memcpy((char *)sequence_index, (ll), sizeof(sequence_index));
|
||||
|
||||
/*
|
||||
* Set the sequnce number to this value (a long long).
|
||||
*/
|
||||
void
|
||||
des_set_sequence_number(unsigned char *ll)
|
||||
{
|
||||
set_sequence_number(ll);
|
||||
}
|
||||
|
||||
/*
|
||||
* Set the generator seed and reset the sequence number to 0.
|
||||
*/
|
||||
void
|
||||
des_set_random_generator_seed(des_cblock *seed)
|
||||
{
|
||||
des_key_sched(seed, sequence_seed);
|
||||
zero_long_long(sequence_index);
|
||||
initialized = 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate a sequence of random des keys
|
||||
* using the random block sequence, fixup
|
||||
* parity and skip weak keys.
|
||||
*/
|
||||
int
|
||||
des_new_random_key(des_cblock *key)
|
||||
{
|
||||
if (!initialized)
|
||||
do_initialize();
|
||||
|
||||
do {
|
||||
des_ecb_encrypt((des_cblock *) sequence_index,
|
||||
key,
|
||||
sequence_seed,
|
||||
DES_ENCRYPT);
|
||||
incr_long_long(sequence_index);
|
||||
/* random key must have odd parity and not be weak */
|
||||
des_set_odd_parity(key);
|
||||
} while (des_is_weak_key(key));
|
||||
return(0);
|
||||
}
|
||||
|
||||
/*
|
||||
* des_init_random_number_generator:
|
||||
*
|
||||
* Initialize the sequence of random 64 bit blocks. The input seed
|
||||
* can be a secret key since it should be well hidden and is also not
|
||||
* kept.
|
||||
*
|
||||
*/
|
||||
void
|
||||
des_init_random_number_generator(des_cblock *seed)
|
||||
{
|
||||
struct timeval now;
|
||||
des_cblock uniq;
|
||||
des_cblock new_key;
|
||||
|
||||
gettimeofday(&now, (struct timezone *)0);
|
||||
des_generate_random_block(&uniq);
|
||||
|
||||
/* Pick a unique random key from the shared sequence. */
|
||||
des_set_random_generator_seed(seed);
|
||||
set_sequence_number((unsigned char *)&uniq);
|
||||
des_new_random_key(&new_key);
|
||||
|
||||
/* Select a new nonshared sequence, */
|
||||
des_set_random_generator_seed(&new_key);
|
||||
|
||||
/* and use the current time to pick a key for the new sequence. */
|
||||
set_sequence_number((unsigned char *)&now);
|
||||
des_new_random_key(&new_key);
|
||||
des_set_random_generator_seed(&new_key);
|
||||
}
|
||||
|
||||
#ifdef TESTRUN
|
||||
int
|
||||
main()
|
||||
{
|
||||
unsigned char data[8];
|
||||
int i;
|
||||
|
||||
while (1)
|
||||
{
|
||||
if (sumFile("/dev/mem", (1024*1024*8), data) != 0)
|
||||
{ perror("sumFile"); exit(1); }
|
||||
for (i = 0; i < 8; i++)
|
||||
printf("%02x", data[i]);
|
||||
printf("\n");
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef TESTRUN2
|
||||
int
|
||||
main()
|
||||
{
|
||||
des_cblock data;
|
||||
int i;
|
||||
|
||||
while (1)
|
||||
{
|
||||
do_initialize();
|
||||
des_random_key(data);
|
||||
for (i = 0; i < 8; i++)
|
||||
printf("%02x", data[i]);
|
||||
printf("\n");
|
||||
}
|
||||
}
|
||||
#endif
|
@ -54,7 +54,6 @@ static const char sccsid[] = "@(#)enc_des.c 8.3 (Berkeley) 5/30/95";
|
||||
#include "misc-proto.h"
|
||||
|
||||
extern int encrypt_debug_mode;
|
||||
void des_set_random_generator_seed(des_cblock *); /* XXX */
|
||||
|
||||
#define CFB 0
|
||||
#define OFB 1
|
||||
@ -75,7 +74,6 @@ struct fb {
|
||||
int need_start;
|
||||
int state[2];
|
||||
int keyid[2];
|
||||
int once;
|
||||
struct stinfo {
|
||||
Block str_output;
|
||||
Block str_feed;
|
||||
@ -211,7 +209,7 @@ fb64_start(struct fb *fbp, int dir, int server __unused)
|
||||
/*
|
||||
* Create a random feed and send it over.
|
||||
*/
|
||||
des_new_random_key((Block *)fbp->temp_feed);
|
||||
des_random_key((Block *)fbp->temp_feed);
|
||||
des_ecb_encrypt((Block *)fbp->temp_feed, (Block *)fbp->temp_feed,
|
||||
fbp->krbdes_sched, 1);
|
||||
p = fbp->fb_feed + 3;
|
||||
@ -397,10 +395,6 @@ fb64_session(Session_Key *key, int server, struct fb *fbp)
|
||||
fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
|
||||
fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
|
||||
|
||||
if (fbp->once == 0) {
|
||||
des_set_random_generator_seed((Block *)fbp->krbdes_key);
|
||||
fbp->once = 1;
|
||||
}
|
||||
des_key_sched((Block *)fbp->krbdes_key, fbp->krbdes_sched);
|
||||
/*
|
||||
* Now look to see if krbdes_start() was was waiting for
|
||||
|
@ -207,8 +207,7 @@ kerberos4_send(Authenticator *ap)
|
||||
register int i;
|
||||
|
||||
des_key_sched(&cred.session, sched);
|
||||
des_init_random_number_generator(&cred.session);
|
||||
des_new_random_key(&session_key);
|
||||
des_random_key(&session_key);
|
||||
des_ecb_encrypt(&session_key, &session_key, sched, 0);
|
||||
des_ecb_encrypt(&session_key, &challenge, sched, 0);
|
||||
/*
|
||||
@ -299,11 +298,6 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
|
||||
break;
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialize the random number generator since it's
|
||||
* used later on by the encryption routine.
|
||||
*/
|
||||
des_init_random_number_generator(&session_key);
|
||||
des_key_sched(&session_key, sched);
|
||||
memmove((void *)datablock, (void *)data, sizeof(Block));
|
||||
/*
|
||||
|
@ -60,7 +60,7 @@ SRCS+= conf_api.c conf_def.c conf_err.c conf_lib.c conf_mall.c conf_mod.c conf_s
|
||||
SRCS+= cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \
|
||||
des_enc.c des_old.c des_old2.c ecb3_enc.c ecb_enc.c ede_cbcm_enc.c \
|
||||
enc_read.c enc_writ.c fcrypt.c fcrypt_b.c ofb64ede.c ofb64enc.c \
|
||||
ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read2pwd.c rnd_keys.c \
|
||||
ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read2pwd.c \
|
||||
rpc_enc.c set_key.c str2key.c xcbc_enc.c
|
||||
|
||||
# dh
|
||||
|
Loading…
Reference in New Issue
Block a user