From 3eb64614ce85a43a737a1e8dba8bd9281f98e8d5 Mon Sep 17 00:00:00 2001
From: Marc Horowitz <marc@mit.edu>
Date: Mon, 28 Sep 1998 07:25:08 +0000
Subject: [PATCH] remove length from encrypted data and checksum data encodings

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10947 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/crypto/dk/checksum.c | 28 +++++++++++-----------------
 src/lib/crypto/dk/decrypt.c  | 14 +++++---------
 src/lib/crypto/dk/encrypt.c  | 26 +++++++++++---------------
 3 files changed, 27 insertions(+), 41 deletions(-)

diff --git a/src/lib/crypto/dk/checksum.c b/src/lib/crypto/dk/checksum.c
index 0db295c100..df73b13ce4 100644
--- a/src/lib/crypto/dk/checksum.c
+++ b/src/lib/crypto/dk/checksum.c
@@ -17,7 +17,7 @@ krb5_dk_make_checksum(hash, key, usage, input, output)
     size_t blocksize, keybytes, keylength;
     krb5_error_code ret;
     unsigned char constantdata[K5CLENGTH];
-    krb5_data datain[2];
+    krb5_data datain;
     unsigned char *kcdata;
     krb5_keyblock kc;
 
@@ -47,30 +47,24 @@ krb5_dk_make_checksum(hash, key, usage, input, output)
 
     /* derive the key */
  
-    datain[0].data = constantdata;
-    datain[0].length = K5CLENGTH;
+    datain.data = constantdata;
+    datain.length = K5CLENGTH;
 
-    datain[0].data[0] = (usage>>24)&0xff;
-    datain[0].data[1] = (usage>>16)&0xff;
-    datain[0].data[2] = (usage>>8)&0xff;
-    datain[0].data[3] = usage&0xff;
+    datain.data[0] = (usage>>24)&0xff;
+    datain.data[1] = (usage>>16)&0xff;
+    datain.data[2] = (usage>>8)&0xff;
+    datain.data[3] = usage&0xff;
 
-    datain[0].data[4] = 0x99;
+    datain.data[4] = 0x99;
 
-    if (ret = krb5_derive_key(enc, key, &kc, &datain[0]))
+    if (ret = krb5_derive_key(enc, key, &kc, &datain))
 	goto cleanup;
 
     /* hash the data */
 
-    datain[0].length = 4;
-    datain[0].data[0] = (input->length>>24)&0xff;
-    datain[0].data[1] = (input->length>>16)&0xff;
-    datain[0].data[2] = (input->length>>8)&0xff;
-    datain[0].data[3] = input->length&0xff;
+    datain = *input;
 
-    datain[1] = *input;
-
-    if (ret = krb5_hmac(hash, &kc, 2, datain, output))
+    if (ret = krb5_hmac(hash, &kc, 1, &datain, output))
 	memset(output->data, 0, output->length);
 
     /* ret is set correctly by the prior call */
diff --git a/src/lib/crypto/dk/decrypt.c b/src/lib/crypto/dk/decrypt.c
index 268eb7bf26..6e65e72f74 100644
--- a/src/lib/crypto/dk/decrypt.c
+++ b/src/lib/crypto/dk/decrypt.c
@@ -95,22 +95,18 @@ krb5_dk_decrypt(enc, hash, key, usage, ivec, input, output)
 	goto cleanup;
     }
 
-    /* get the real plaintext length and copy the data into the output */
+    /* because this encoding isn't self-describing wrt length, the
+       best we can do here is to compute the length minus the
+       confounder. */
 
-    plainlen = ((((plaindata+blocksize)[0])<<24) |
-		(((plaindata+blocksize)[1])<<16) |
-		(((plaindata+blocksize)[2])<<8) |
-		((plaindata+blocksize)[3]));
-
-    if (plainlen > (enclen - blocksize - 4))
-	return(KRB5_BAD_MSIZE);
+    plainlen = enclen - blocksize;
 
     if (output->length < plainlen)
 	return(KRB5_BAD_MSIZE);
 
     output->length = plainlen;
 
-    memcpy(output->data, d2.data+blocksize+4, output->length);
+    memcpy(output->data, d2.data+blocksize, output->length);
 
     ret = 0;
 
diff --git a/src/lib/crypto/dk/encrypt.c b/src/lib/crypto/dk/encrypt.c
index 7c40d74227..0d3dacc126 100644
--- a/src/lib/crypto/dk/encrypt.c
+++ b/src/lib/crypto/dk/encrypt.c
@@ -3,11 +3,12 @@
 
 #define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
 
-/* the spec says that the confounder size is specific to the
-   encryption algorithm.  This code (dk_encrypt_length and dk_encrypt)
-   assumes the confounder is always the blocksize.  If this assumption
-   ever fails, the keytype table should be extended to include this
-   bit of info. */
+/* the spec says that the confounder size and padding are specific to
+   the encryption algorithm.  This code (dk_encrypt_length and
+   dk_encrypt) assume the confounder is always the blocksize, and the
+   padding is always zero bytes up to the blocksize.  If these
+   assumptions ever fails, the keytype table should be extended to
+   include these bits of info. */
 
 void
 krb5_dk_encrypt_length(enc, hash, inputlen, length)
@@ -21,7 +22,7 @@ krb5_dk_encrypt_length(enc, hash, inputlen, length)
     (*(enc->block_size))(&blocksize);
     (*(hash->hash_size))(&hashsize);
 
-    *length = krb5_roundup(blocksize+4+inputlen, blocksize) + hashsize;
+    *length = krb5_roundup(blocksize+inputlen, blocksize) + hashsize;
 }
 
 krb5_error_code
@@ -45,7 +46,7 @@ krb5_dk_encrypt(enc, hash, key, usage, ivec, input, output)
 
     (*(enc->block_size))(&blocksize);
     (*(enc->keysize))(&keybytes, &keylength);
-    plainlen = krb5_roundup(blocksize+4+input->length, blocksize);
+    plainlen = krb5_roundup(blocksize+input->length, blocksize);
 
     krb5_dk_encrypt_length(enc, hash, input->length, &enclen);
 
@@ -99,15 +100,10 @@ krb5_dk_encrypt(enc, hash, key, usage, ivec, input, output)
     if (ret = krb5_c_random_make_octets(/* XXX */ 0, &d1))
 	goto cleanup;
 
-    (plaintext+blocksize)[0] = (input->length>>24)&0xff;
-    (plaintext+blocksize)[1] = (input->length>>16)&0xff;
-    (plaintext+blocksize)[2] = (input->length>>8)&0xff;
-    (plaintext+blocksize)[3] = input->length&0xff;
+    memcpy(plaintext+blocksize, input->data, input->length);
 
-    memcpy(plaintext+blocksize+4, input->data, input->length);
-
-    memset(plaintext+blocksize+4+input->length, 0,
-	   plainlen - (blocksize+4+input->length));
+    memset(plaintext+blocksize+input->length, 0,
+	   plainlen - (blocksize+input->length));
 
     /* encrypt the plaintext */
 
-- 
2.47.2