int tkt_MakeTicket(char *ticket, int *ticketLen, struct ktc_encryptionKey *key, char *name, char *inst, char *cell, afs_uint32 start, afs_uint32 end, struct ktc_encryptionKey *sessionKey, afs_uint32 host, char *sname, char *sinst) { int code; union Key_schedule_safe schedule; *ticketLen = 0; /* in case we return early */ code = assemble_athena_ticket(ticket, ticketLen, name, inst, cell, host, sessionKey, start, end, sname, sinst); *ticketLen = round_up_to_ebs(*ticketLen); /* round up */ if (code) return -1; /* encrypt ticket */ if ((code = key_sched(ktc_to_cblock(key), schedule.schedule))) { printf("In tkt_MakeTicket: key_sched returned %d\n", code); return RXKADBADKEY; } pcbc_encrypt(ticket, ticket, *ticketLen, schedule.schedule, ktc_to_cblockptr(key), ENCRYPT); return 0; }
int desInitKey( CRYPT_INFO *cryptInfo ) { /* Call the libdes key schedule code. Returns with -1 if the key parity is wrong, -2 if a weak key is used */ if( key_sched( ( C_Block * ) cryptInfo->userKey, *( ( Key_schedule * ) cryptInfo->key ) ) ) return( CRYPT_BADPARM ); return( CRYPT_OK ); }
static void convert_passwd(char *buf, char *newpwd, const int keyfd) { uint8_t key[HEXPASSWDLEN]; Key_schedule schedule; unsigned int i, j; if (!newpwd) { /* convert to binary */ for (i = j = 0; i < sizeof(key); i += 2, j++) buf[j] = (unhex(buf[i]) << 4) | unhex(buf[i + 1]); if (j <= DES_KEY_SZ) memset(buf + j, 0, sizeof(key) - j); } if (keyfd > -1) { lseek(keyfd, 0, SEEK_SET); read(keyfd, key, sizeof(key)); /* convert to binary */ for (i = j = 0; i < sizeof(key); i += 2, j++) key[j] = (unhex(key[i]) << 4) | unhex(key[i + 1]); if (j <= DES_KEY_SZ) memset(key + j, 0, sizeof(key) - j); key_sched((C_Block *) key, schedule); memset(key, 0, sizeof(key)); if (newpwd) { ecb_encrypt((C_Block *) newpwd, (C_Block *) newpwd, schedule, DES_ENCRYPT); } else { /* decrypt the password */ ecb_encrypt((C_Block *) buf, (C_Block *) buf, schedule, DES_DECRYPT); } memset(&schedule, 0, sizeof(schedule)); } if (newpwd) { const unsigned char hextable[] = "0123456789ABCDEF"; /* convert to hex */ for (i = j = 0; i < DES_KEY_SZ; i++, j += 2) { buf[j] = hextable[(newpwd[i] & 0xF0) >> 4]; buf[j + 1] = hextable[newpwd[i] & 0x0F]; } } }
static int desTestLoop( DES_TEST *testData, int iterations, int operation ) { BYTE temp[ DES_BLOCKSIZE ]; BYTE key[ DES_EXPANDED_KEYSIZE ]; int i; for( i = 0; i < iterations; i++ ) { memcpy( temp, testData[ i ].plaintext, DES_BLOCKSIZE ); key_sched( ( C_Block * ) testData[ i ].key, *( ( Key_schedule * ) key ) ); des_ecb_encrypt( ( C_Block * ) temp, ( C_Block * ) temp, *( ( Key_schedule * ) key ), operation ); if( memcmp( testData[ i ].ciphertext, temp, DES_BLOCKSIZE ) ) return( CRYPT_ERROR ); } return( CRYPT_OK ); }
int krb_sendauth_udpchk(long options, LONG checksum, MSG_DAT *msg_data, CREDENTIALS* cred, Key_schedule *schedule, struct sockaddr_in *laddr, struct sockaddr_in *faddr, LPSTR packet) { int cc; long tkt_len; u_long cksum; u_char priv_buf[1024]; /* mutual authentication, if desired */ if (options & KOPT_DO_MUTUAL) { /* get the length of the reply */ bcopy(packet,(char*) &tkt_len, sizeof(tkt_len)); tkt_len = ntohl((unsigned long) tkt_len); /* if the length is negative, the server failed to recognize us */ if ((tkt_len < 0) || (tkt_len > sizeof(priv_buf))) return (KFAILURE); /* XXX */ /* read the reply... */ bcopy(packet+sizeof(tkt_len), (char *)priv_buf, (int) tkt_len); /* ...and decrypt it */ #ifndef NOENCRYPTION key_sched(cred->session, *schedule); #endif /* !NOENCRYPTION */ if (cc = krb_rd_priv(priv_buf, (unsigned long) tkt_len, *schedule, cred->session, faddr, laddr, msg_data)) return (cc); /* fetch the (modified) checksum */ (void) bcopy((char *)msg_data->app_data, (char *)&cksum, sizeof(cksum)); cksum = ntohl(cksum); /* if it doesn't match, fail */ if (cksum != checksum + 1) return (KFAILURE); /* XXX */ } return (KSUCCESS); }
int tkt_DecodeTicket(char *asecret, afs_int32 ticketLen, struct ktc_encryptionKey *key, char *name, char *inst, char *cell, struct ktc_encryptionKey *sessionKey, afs_int32 * host, afs_uint32 * start, afs_uint32 * end) { char clear_ticket[MAXKTCTICKETLEN]; char *ticket; union Key_schedule_safe schedule; int code; if (ticketLen == 0) return RXKADBADTICKET; /* no ticket */ if ((ticketLen < MINKTCTICKETLEN) || /* minimum legal ticket size */ (ticketLen > MAXKTCTICKETLEN) || /* maximum legal ticket size */ ((ticketLen) % 8 != 0)) /* enc. part must be (0 mod 8) bytes */ return RXKADBADTICKET; if (key_sched(ktc_to_cblock(key), schedule.schedule)) return RXKADBADKEY; ticket = clear_ticket; pcbc_encrypt(asecret, ticket, ticketLen, schedule.schedule, ktc_to_cblockptr(key), DECRYPT); code = decode_athena_ticket(ticket, ticketLen, name, inst, cell, host, (struct ktc_encryptionKey *)sessionKey, start, end); if (code) return RXKADBADTICKET; code = tkt_CheckTimes(*start, *end, time(0)); if (code == 0) return RXKADNOAUTH; else if (code == -1) return RXKADEXPIRED; else if (code < -1) return RXKADBADTICKET; return 0; }
main() { struct sockaddr_in foreign; int foreign_len = sizeof(foreign); int rval, more; static char name[] = "kpasswdd"; static struct rlimit rl = { 0, 0 }; progname = name; openlog("kpasswdd", LOG_CONS | LOG_PID, LOG_AUTH); signal(SIGHUP, SIG_IGN); signal(SIGINT, SIG_IGN); signal(SIGTSTP, SIG_IGN); if(setrlimit(RLIMIT_CORE, &rl) < 0) { syslog(LOG_ERR, "setrlimit: %m"); exit(1); } if(getpeername(0, &foreign, &foreign_len) < 0) { syslog(LOG_ERR,"getpeername: %m"); exit(1); } strcpy(inst, "*"); rval = krb_recvauth( 0L, /* !MUTUAL */ 0, /* file desc */ &ticket, /* client's ticket */ SERVICE, /* expected service */ inst, /* expected instance */ &foreign, /* foreign addr */ (struct sockaddr_in *) 0, &kdata, "", (bit_64 *) NULL, /* key schedule */ version ); if(rval != KSUCCESS) { syslog(LOG_ERR, "krb_recvauth: %s", krb_err_txt[rval]); cleanup(); exit(1); } /* get master key */ if(kdb_get_master_key(0, master_key, master_key_schedule) != 0) { syslog(LOG_ERR, "couldn't get master key"); cleanup(); exit(1); } mkeyversion = kdb_get_master_key(master_key, master_key_schedule, NULL); if(mkeyversion < 0) { syslog(LOG_NOTICE, "couldn't verify master key"); cleanup(); exit(1); } /* get principal info */ rval = kerb_get_principal( kdata.pname, kdata.pinst, &principal_data, 1, &more ); if(rval != 1 || (more != 0)) { syslog(LOG_NOTICE, "more than 1 entry for %s.%s", kdata.pname, kdata.pinst); cleanup(); exit(1); } /* get the user's key */ bcopy(&principal_data.key_low, key, 4); bcopy(&principal_data.key_high, ((long *) key) + 1, 4); kdb_encrypt_key(key, key, master_key, master_key_schedule, DECRYPT); key_sched(key, key_schedule); des_set_key(key, key_schedule); /* get random key and send it over {random} Kperson */ random_key(kpwd_data.random_key); strcpy(kpwd_data.secure_msg, SECURE_STRING); if(des_write(0, &kpwd_data, sizeof(kpwd_data)) != sizeof(kpwd_data)) { syslog(LOG_ERR, "error writing initial data"); cleanup(); exit(1); } bzero(key, sizeof(key)); bzero(key_schedule, sizeof(key_schedule)); /* now read update info: { info }Krandom */ key_sched(kpwd_data.random_key, random_sched); des_set_key(kpwd_data.random_key, random_sched); if(des_read(0, &ud_data, sizeof(ud_data)) != sizeof(ud_data)) { syslog(LOG_ERR, "update aborted"); cleanup(); exit(1); } /* validate info string by looking at the embedded string */ if(strcmp(ud_data.secure_msg, SECURE_STRING)) { syslog(LOG_NOTICE, "invalid update from %s", inet_ntoa(foreign.sin_addr)); cleanup(); exit(1); } /* produce the new key entry in the database { key }Kmaster */ string_to_key(ud_data.pw, key); kdb_encrypt_key(key, key, master_key, master_key_schedule, ENCRYPT); bcopy(key, &principal_data.key_low, 4); bcopy(((long *) key) + 1, &principal_data.key_high, 4); bzero(key, sizeof(key)); principal_data.key_version++; if(kerb_put_principal(&principal_data, 1)) { syslog(LOG_ERR, "couldn't write new record for %s.%s", principal_data.name, principal_data.instance); cleanup(); exit(1); } syslog(LOG_NOTICE,"wrote new password field for %s.%s from %s", principal_data.name, principal_data.instance, inet_ntoa(foreign.sin_addr) ); send_ack(0, "Update complete.\n"); cleanup(); exit(0); }