size_t blocksize, keybytes, keylength;
krb5_error_code ret;
unsigned char constantdata[K5CLENGTH];
- krb5_data datain[2];
+ krb5_data datain;
unsigned char *kcdata;
krb5_keyblock kc;
/* derive the key */
- datain[0].data = constantdata;
- datain[0].length = K5CLENGTH;
+ datain.data = constantdata;
+ datain.length = K5CLENGTH;
- datain[0].data[0] = (usage>>24)&0xff;
- datain[0].data[1] = (usage>>16)&0xff;
- datain[0].data[2] = (usage>>8)&0xff;
- datain[0].data[3] = usage&0xff;
+ datain.data[0] = (usage>>24)&0xff;
+ datain.data[1] = (usage>>16)&0xff;
+ datain.data[2] = (usage>>8)&0xff;
+ datain.data[3] = usage&0xff;
- datain[0].data[4] = 0x99;
+ datain.data[4] = 0x99;
- if (ret = krb5_derive_key(enc, key, &kc, &datain[0]))
+ if (ret = krb5_derive_key(enc, key, &kc, &datain))
goto cleanup;
/* hash the data */
- datain[0].length = 4;
- datain[0].data[0] = (input->length>>24)&0xff;
- datain[0].data[1] = (input->length>>16)&0xff;
- datain[0].data[2] = (input->length>>8)&0xff;
- datain[0].data[3] = input->length&0xff;
+ datain = *input;
- datain[1] = *input;
-
- if (ret = krb5_hmac(hash, &kc, 2, datain, output))
+ if (ret = krb5_hmac(hash, &kc, 1, &datain, output))
memset(output->data, 0, output->length);
/* ret is set correctly by the prior call */
goto cleanup;
}
- /* get the real plaintext length and copy the data into the output */
+ /* because this encoding isn't self-describing wrt length, the
+ best we can do here is to compute the length minus the
+ confounder. */
- plainlen = ((((plaindata+blocksize)[0])<<24) |
- (((plaindata+blocksize)[1])<<16) |
- (((plaindata+blocksize)[2])<<8) |
- ((plaindata+blocksize)[3]));
-
- if (plainlen > (enclen - blocksize - 4))
- return(KRB5_BAD_MSIZE);
+ plainlen = enclen - blocksize;
if (output->length < plainlen)
return(KRB5_BAD_MSIZE);
output->length = plainlen;
- memcpy(output->data, d2.data+blocksize+4, output->length);
+ memcpy(output->data, d2.data+blocksize, output->length);
ret = 0;
#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
-/* the spec says that the confounder size is specific to the
- encryption algorithm. This code (dk_encrypt_length and dk_encrypt)
- assumes the confounder is always the blocksize. If this assumption
- ever fails, the keytype table should be extended to include this
- bit of info. */
+/* the spec says that the confounder size and padding are specific to
+ the encryption algorithm. This code (dk_encrypt_length and
+ dk_encrypt) assume the confounder is always the blocksize, and the
+ padding is always zero bytes up to the blocksize. If these
+ assumptions ever fails, the keytype table should be extended to
+ include these bits of info. */
void
krb5_dk_encrypt_length(enc, hash, inputlen, length)
(*(enc->block_size))(&blocksize);
(*(hash->hash_size))(&hashsize);
- *length = krb5_roundup(blocksize+4+inputlen, blocksize) + hashsize;
+ *length = krb5_roundup(blocksize+inputlen, blocksize) + hashsize;
}
krb5_error_code
(*(enc->block_size))(&blocksize);
(*(enc->keysize))(&keybytes, &keylength);
- plainlen = krb5_roundup(blocksize+4+input->length, blocksize);
+ plainlen = krb5_roundup(blocksize+input->length, blocksize);
krb5_dk_encrypt_length(enc, hash, input->length, &enclen);
if (ret = krb5_c_random_make_octets(/* XXX */ 0, &d1))
goto cleanup;
- (plaintext+blocksize)[0] = (input->length>>24)&0xff;
- (plaintext+blocksize)[1] = (input->length>>16)&0xff;
- (plaintext+blocksize)[2] = (input->length>>8)&0xff;
- (plaintext+blocksize)[3] = input->length&0xff;
+ memcpy(plaintext+blocksize, input->data, input->length);
- memcpy(plaintext+blocksize+4, input->data, input->length);
-
- memset(plaintext+blocksize+4+input->length, 0,
- plainlen - (blocksize+4+input->length));
+ memset(plaintext+blocksize+input->length, 0,
+ plainlen - (blocksize+input->length));
/* encrypt the plaintext */
projects / thirdparty / krb5.git / commitdiff
