From 343e236ed2637a826f4d53ff60d2b2bc349100d6 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 18 Apr 2019 17:27:07 -0400 Subject: [PATCH] Remove krb5int_c_combine_keys() This method of combining keys was specified by draft-ietf-krb-wg-kerberos-sam for DES and 3DES enctypes, and is otherwise unused. Remove it. [ghudson@mit.edu: rewrote commit message] ticket: 8812 (cherry picked from commit 925a7df2f486aaa3ff137d2bcdf8ff57186638c6) [rharwood@redhat.com: conflicts: .gitignore] --- src/include/k5-int.h | 7 - src/lib/crypto/crypto_tests/Makefile.in | 12 +- src/lib/crypto/crypto_tests/deps | 10 -- src/lib/crypto/crypto_tests/t_combine.c | 62 ------- src/lib/crypto/krb/Makefile.in | 3 - src/lib/crypto/krb/combine_keys.c | 227 ------------------------ src/lib/crypto/krb/deps | 13 -- src/lib/crypto/libk5crypto.exports | 1 - 8 files changed, 3 insertions(+), 332 deletions(-) delete mode 100644 src/lib/crypto/crypto_tests/t_combine.c delete mode 100644 src/lib/crypto/krb/combine_keys.c diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 2bc59e636..0857fd1cc 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -673,13 +673,6 @@ zapfreedata(krb5_data *data) } } -/* - * Combine two keys (normally used by the hardware preauth mechanism) - */ -krb5_error_code -krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1, - krb5_keyblock *key2, krb5_keyblock *outkey); - void krb5int_c_free_keyblock(krb5_context, krb5_keyblock *key); void krb5int_c_free_keyblock_contents(krb5_context, krb5_keyblock *); krb5_error_code krb5int_c_init_keyblock(krb5_context, krb5_enctype enctype, diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in index 09feeb50e..0295ee14f 100644 --- a/src/lib/crypto/crypto_tests/Makefile.in +++ b/src/lib/crypto/crypto_tests/Makefile.in @@ -23,8 +23,7 @@ EXTRADEPSRCS=\ $(srcdir)/t_short.c \ $(srcdir)/t_str2key.c \ $(srcdir)/t_derive.c \ - $(srcdir)/t_fork.c \ - $(srcdir)/t_combine.c + $(srcdir)/t_fork.c ##DOS##BUILDTOP = ..\..\.. @@ -33,8 +32,7 @@ check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \ aes-test \ camellia-test \ t_mddriver4 t_mddriver \ - t_cts t_sha2 t_short t_str2key t_derive t_fork t_cf2 \ - t_combine + t_cts t_sha2 t_short t_str2key t_derive t_fork t_cf2 $(RUN_TEST) ./t_nfold $(RUN_TEST) ./t_encrypt $(RUN_TEST) ./t_decrypt @@ -59,7 +57,6 @@ check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \ $(RUN_TEST) ./t_fork $(RUN_TEST) ./t_cf2 <$(srcdir)/t_cf2.in >t_cf2.output diff t_cf2.output $(srcdir)/t_cf2.expected - $(RUN_TEST) ./t_combine # $(RUN_TEST) ./t_pkcs5 t_nfold$(EXEEXT): t_nfold.$(OBJEXT) $(KRB5_BASE_DEPLIBS) @@ -134,9 +131,6 @@ t_fork$(EXEEXT): t_fork.$(OBJEXT) $(KRB5_BASE_DEPLIBS) t_cf2$(EXEEXT): t_cf2.$(OBJEXT) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $@ t_cf2.$(OBJEXT) $(KRB5_BASE_LIBS) -t_combine$(EXEEXT): t_combine.$(OBJEXT) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o $@ t_combine.$(OBJEXT) $(KRB5_BASE_LIBS) - clean: $(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o \ t_decrypt.o t_decrypt t_prng.o t_prng t_cmac.o t_cmac \ @@ -149,7 +143,7 @@ clean: t_str2key.o t_derive t_derive.o t_fork t_fork.o \ t_mddriver$(EXEEXT) $(OUTPRE)t_mddriver.$(OBJEXT) \ camellia-test camellia-test.o camellia-vt.txt \ - t_cf2 t_cf2.o t_cf2.output t_combine.o t_combine + t_cf2 t_cf2.o t_cf2.output -$(RM) t_prng.output -$(RM) t_prf.output diff --git a/src/lib/crypto/crypto_tests/deps b/src/lib/crypto/crypto_tests/deps index 19fef2582..0d10d4a1a 100644 --- a/src/lib/crypto/crypto_tests/deps +++ b/src/lib/crypto/crypto_tests/deps @@ -226,13 +226,3 @@ $(OUTPRE)t_fork.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ $(top_srcdir)/include/socket-utils.h t_fork.c -$(OUTPRE)t_combine.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h t_combine.c diff --git a/src/lib/crypto/crypto_tests/t_combine.c b/src/lib/crypto/crypto_tests/t_combine.c deleted file mode 100644 index ba0622bcf..000000000 --- a/src/lib/crypto/crypto_tests/t_combine.c +++ /dev/null @@ -1,62 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/crypto_tests/t_combine.c - krb5int_c_combine_keys tests */ -/* - * Copyright (C) 2014 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "k5-int.h" - -unsigned char des3_key1[] = "\x10\xB6\x75\xD5\x5B\xD9\x6E\x73" - "\xFD\x54\xB3\x3D\x37\x52\xC1\x2A\xF7\x43\x91\xFE\x1C\x02\x37\x13"; -unsigned char des3_key2[] = "\xC8\xDA\x3E\xA7\xB6\x64\xAE\x7A" - "\xB5\x70\x2A\x29\xB3\xBF\x9B\xA8\x46\x7C\x5B\xA8\x8A\x46\x70\x10"; -unsigned char des3_result[] = "\x2F\x79\x97\x3E\x3E\xA4\x73\x1A" - "\xB9\x3D\xEF\x5E\x7C\x29\xFB\x2A\x68\x86\x1F\xC1\x85\x0E\x79\x92"; - -int -main(int argc, char **argv) -{ - krb5_keyblock kb1, kb2, result; - - kb1.enctype = ENCTYPE_DES3_CBC_SHA1; - kb1.contents = des3_key1; - kb1.length = 24; - kb2.enctype = ENCTYPE_DES3_CBC_SHA1; - kb2.contents = des3_key2; - kb2.length = 24; - memset(&result, 0, sizeof(result)); - if (krb5int_c_combine_keys(NULL, &kb1, &kb2, &result) != 0) - abort(); - if (result.enctype != ENCTYPE_DES3_CBC_SHA1 || result.length != 24 || - memcmp(result.contents, des3_result, 24) != 0) - abort(); - krb5_free_keyblock_contents(NULL, &result); - - return 0; -} diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in index c0e0b791b..536bacb6e 100644 --- a/src/lib/crypto/krb/Makefile.in +++ b/src/lib/crypto/krb/Makefile.in @@ -22,7 +22,6 @@ STLIBOBJS=\ cksumtypes.o \ cmac.o \ coll_proof_cksum.o \ - combine_keys.o \ crypto_length.o \ crypto_libinit.o \ default_state.o \ @@ -84,7 +83,6 @@ OBJS=\ $(OUTPRE)cksumtypes.$(OBJEXT) \ $(OUTPRE)cmac.$(OBJEXT) \ $(OUTPRE)coll_proof_cksum.$(OBJEXT) \ - $(OUTPRE)combine_keys.$(OBJEXT) \ $(OUTPRE)crypto_length.$(OBJEXT) \ $(OUTPRE)crypto_libinit.$(OBJEXT) \ $(OUTPRE)default_state.$(OBJEXT) \ @@ -146,7 +144,6 @@ SRCS=\ $(srcdir)/cksumtypes.c \ $(srcdir)/cmac.c \ $(srcdir)/coll_proof_cksum.c \ - $(srcdir)/combine_keys.c \ $(srcdir)/crypto_length.c \ $(srcdir)/crypto_libinit.c \ $(srcdir)/default_state.c \ diff --git a/src/lib/crypto/krb/combine_keys.c b/src/lib/crypto/krb/combine_keys.c deleted file mode 100644 index c36434e17..000000000 --- a/src/lib/crypto/krb/combine_keys.c +++ /dev/null @@ -1,227 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* Copyright (c) 2002 Naval Research Laboratory (NRL/CCS) */ -/* - * Permission to use, copy, modify and distribute this software and its - * documentation is hereby granted, provided that both the copyright - * notice and this permission notice appear in all copies of the software, - * derivative works or modified versions, and any portions thereof. - * - * NRL ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION AND - * DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER - * RESULTING FROM THE USE OF THIS SOFTWARE. - */ - -/* - * Key combination function. - * - * If Key1 and Key2 are two keys to be combined, the algorithm to combine - * them is as follows. - * - * Definitions: - * - * k-truncate is defined as truncating to the key size the input. - * - * DR is defined as the generate "random" data from a key - * (defined in crypto draft) - * - * DK is defined as the key derivation function (krb5int_derive_key()) - * - * (note: | means "concatenate") - * - * Combine key algorithm: - * - * R1 = DR(Key1, n-fold(Key2)) [ Output is length of Key1 ] - * R2 = DR(Key2, n-fold(Key1)) [ Output is length of Key2 ] - * - * rnd = n-fold(R1 | R2) [ Note: output size of nfold must be appropriately - * sized for random-to-key function ] - * tkey = random-to-key(rnd) - * Combine-Key(Key1, Key2) = DK(tkey, CombineConstant) - * - * CombineConstant is defined as the byte string: - * - * { 0x63 0x6f 0x6d 0x62 0x69 0x6e 0x65 }, which corresponds to the - * ASCII encoding of the string "combine" - */ - -#include "crypto_int.h" - -static krb5_error_code dr(const struct krb5_enc_provider *enc, - const krb5_keyblock *inkey, unsigned char *outdata, - const krb5_data *in_constant); - -/* - * We only support this combine_keys algorithm for des and 3des keys. - * Everything else should use the PRF defined in the crypto framework. - * We don't implement that yet. - */ - -static krb5_boolean -enctype_ok(krb5_enctype e) -{ - switch (e) { - case ENCTYPE_DES3_CBC_SHA1: - return TRUE; - default: - return FALSE; - } -} - -krb5_error_code -krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1, - krb5_keyblock *key2, krb5_keyblock *outkey) -{ - unsigned char *r1 = NULL, *r2 = NULL, *combined = NULL, *rnd = NULL; - unsigned char *output = NULL; - size_t keybytes, keylength; - const struct krb5_enc_provider *enc; - krb5_data input, randbits; - krb5_keyblock tkeyblock; - krb5_key tkey = NULL; - krb5_error_code ret; - const struct krb5_keytypes *ktp; - krb5_boolean myalloc = FALSE; - - if (!enctype_ok(key1->enctype) || !enctype_ok(key2->enctype)) - return KRB5_CRYPTO_INTERNAL; - - if (key1->length != key2->length || key1->enctype != key2->enctype) - return KRB5_CRYPTO_INTERNAL; - - /* Find our encryption algorithm. */ - ktp = find_enctype(key1->enctype); - if (ktp == NULL) - return KRB5_BAD_ENCTYPE; - enc = ktp->enc; - - keybytes = enc->keybytes; - keylength = enc->keylength; - - /* Allocate and set up buffers. */ - r1 = k5alloc(keybytes, &ret); - if (ret) - goto cleanup; - r2 = k5alloc(keybytes, &ret); - if (ret) - goto cleanup; - rnd = k5alloc(keybytes, &ret); - if (ret) - goto cleanup; - combined = k5calloc(2, keybytes, &ret); - if (ret) - goto cleanup; - output = k5alloc(keylength, &ret); - if (ret) - goto cleanup; - - /* - * Get R1 and R2 (by running the input keys through the DR algorithm. - * Note this is most of derive-key, but not all. - */ - - input.length = key2->length; - input.data = (char *) key2->contents; - ret = dr(enc, key1, r1, &input); - if (ret) - goto cleanup; - - input.length = key1->length; - input.data = (char *) key1->contents; - ret = dr(enc, key2, r2, &input); - if (ret) - goto cleanup; - - /* - * Concatenate the two keys together, and then run them through - * n-fold to reduce them to a length appropriate for the random-to-key - * operation. Note here that krb5int_nfold() takes sizes in bits, hence - * the multiply by 8. - */ - - memcpy(combined, r1, keybytes); - memcpy(combined + keybytes, r2, keybytes); - - krb5int_nfold((keybytes * 2) * 8, combined, keybytes * 8, rnd); - - /* - * Run the "random" bits through random-to-key to produce a encryption - * key. - */ - - randbits.length = keybytes; - randbits.data = (char *) rnd; - tkeyblock.length = keylength; - tkeyblock.contents = output; - tkeyblock.enctype = key1->enctype; - - ret = (*ktp->rand2key)(&randbits, &tkeyblock); - if (ret) - goto cleanup; - - ret = krb5_k_create_key(NULL, &tkeyblock, &tkey); - if (ret) - goto cleanup; - - /* - * Run through derive-key one more time to produce the final key. - * Note that the input to derive-key is the ASCII string "combine". - */ - - input.length = 7; - input.data = "combine"; - - /* - * Just FYI: _if_ we have space here in the key, then simply use it - * without modification. But if the key is blank (no allocated storage) - * then allocate some memory for it. This allows programs to use one of - * the existing keys as the output key, _or_ pass in a blank keyblock - * for us to allocate. It's easier for us to allocate it since we already - * know the crypto library internals - */ - - if (outkey->length == 0 || outkey->contents == NULL) { - outkey->contents = k5alloc(keylength, &ret); - if (ret) - goto cleanup; - outkey->length = keylength; - outkey->enctype = key1->enctype; - myalloc = TRUE; - } - - ret = krb5int_derive_keyblock(enc, NULL, tkey, outkey, &input, - DERIVE_RFC3961); - if (ret) { - if (myalloc) { - free(outkey->contents); - outkey->contents = NULL; - } - goto cleanup; - } - -cleanup: - zapfree(r1, keybytes); - zapfree(r2, keybytes); - zapfree(rnd, keybytes); - zapfree(combined, keybytes * 2); - zapfree(output, keylength); - krb5_k_free_key(NULL, tkey); - return ret; -} - -/* Our DR function, a simple wrapper around krb5int_derive_random(). */ -static krb5_error_code -dr(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey, - unsigned char *out, const krb5_data *in_constant) -{ - krb5_data outdata = make_data(out, enc->keybytes); - krb5_key key = NULL; - krb5_error_code ret; - - ret = krb5_k_create_key(NULL, inkey, &key); - if (ret != 0) - return ret; - ret = krb5int_derive_random(enc, NULL, key, &outdata, in_constant, - DERIVE_RFC3961); - krb5_k_free_key(NULL, key); - return ret; -} diff --git a/src/lib/crypto/krb/deps b/src/lib/crypto/krb/deps index f9a740860..2f4af1906 100644 --- a/src/lib/crypto/krb/deps +++ b/src/lib/crypto/krb/deps @@ -191,19 +191,6 @@ coll_proof_cksum.so coll_proof_cksum.po $(OUTPRE)coll_proof_cksum.$(OBJEXT): \ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ $(top_srcdir)/include/socket-utils.h coll_proof_cksum.c \ crypto_int.h -combine_keys.so combine_keys.po $(OUTPRE)combine_keys.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h $(srcdir)/../builtin/crypto_mod.h \ - $(srcdir)/../builtin/sha2/sha2.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h combine_keys.c \ - crypto_int.h crypto_length.so crypto_length.po $(OUTPRE)crypto_length.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports index 63804299f..451d5e035 100644 --- a/src/lib/crypto/libk5crypto.exports +++ b/src/lib/crypto/libk5crypto.exports @@ -58,7 +58,6 @@ krb5_c_prf_length krb5int_c_mandatory_cksumtype krb5_c_fx_cf2_simple krb5int_c_weak_enctype -krb5int_c_combine_keys krb5_encrypt_data krb5int_c_copy_keyblock krb5int_c_copy_keyblock_contents