bool
key_des_check (uint8_t *key, int key_len, int ndc)
{
int i;
struct buffer b;
buf_set_read (&b, key, key_len);
for (i = 0; i < ndc; ++i)
{
DES_cblock *dc = (DES_cblock*) buf_read_alloc (&b, sizeof (DES_cblock));
if (!dc)
{
msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: insufficient key material");
goto err;
}
if (DES_is_weak_key(dc))
{
msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: weak key detected");
goto err;
}
if (!DES_check_key_parity (dc))
{
msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: bad parity detected");
goto err;
}
}
return true;
err:
ERR_clear_error ();
return false;
}
/* return 0 if key parity is odd (correct),
* return -1 if key parity error,
* return -2 if illegal weak key.
* return -3 if illegal parameter.
*/
int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
{
if(key == NULL || schedule == NULL)
return (-3);
if (!DES_check_key_parity(key))
return(-1);
if (DES_is_weak_key(key))
return(-2);
DES_set_key_unchecked(key, schedule);
return 0;
}
static int
WorkerBee(struct cmd_syndesc *as, void *arock)
{
afs_int32 code;
char *dbFile;
char *outFile;
afs_int32 index;
struct stat info;
struct kaheader header;
int nentries, i, j, count;
int *entrys;
struct kaentry entry;
dbFile = as->parms[0].items->data; /* -database */
listuheader = (as->parms[1].items ? 1 : 0); /* -uheader */
listkheader = (as->parms[2].items ? 1 : 0); /* -kheader */
listentries = (as->parms[3].items ? 1 : 0); /* -entries */
verbose = (as->parms[4].items ? 1 : 0); /* -verbose */
outFile = (as->parms[5].items ? as->parms[5].items->data : NULL); /* -rebuild */
if (outFile) {
out = fopen(outFile, "w");
if (!out) {
afs_com_err(whoami, errno, "opening output file %s", outFile);
exit(7);
}
} else
out = 0;
fd = open(dbFile, O_RDONLY, 0);
if (fd < 0) {
afs_com_err(whoami, errno, "opening database file %s", dbFile);
exit(6);
}
code = fstat(fd, &info);
if (code) {
afs_com_err(whoami, errno, "stat'ing file %s", dbFile);
exit(6);
}
if ((info.st_size - UBIK_HEADERSIZE) % UBIK_BUFFERSIZE)
fprintf(stderr,
"DATABASE SIZE INCONSISTENT: was %d, should be (n*%d + %d), for integral n\n",
(int) info.st_size, UBIK_BUFFERSIZE, UBIK_HEADERSIZE);
readUbikHeader();
readDB(0, &header, sizeof(header));
code = CheckHeader(&header);
if (listkheader)
PrintHeader(&header);
nentries =
(info.st_size -
(UBIK_HEADERSIZE + header.headerSize)) / sizeof(struct kaentry);
entrys = calloc(nentries, sizeof(int));
for (i = 0, index = sizeof(header); i < nentries;
i++, index += sizeof(struct kaentry)) {
readDB(index, &entry, sizeof(entry));
if (index >= header.eofPtr) {
entrys[i] |= 0x8;
} else if (listentries) {
PrintEntry(index, &entry);
}
if (entry.flags & KAFNORMAL) {
entrys[i] |= 0x1; /* user entry */
if (strlen(entry.userID.name) == 0) {
if (verbose)
printf("Entry %d has zero length name\n", i);
continue;
}
if (!DES_check_key_parity(ktc_to_cblock(&entry.key))
|| DES_is_weak_key(ktc_to_cblock(&entry.key))) {
fprintf(stderr, "Entry %d, %s, has bad key\n", i,
EntryName(&entry));
continue;
}
if (out) {
RebuildEntry(&entry);
}
} else if (entry.flags & KAFFREE) {
entrys[i] |= 0x2; /* free entry */
} else if (entry.flags & KAFOLDKEYS) {
entrys[i] |= 0x4; /* old keys block */
/* Should check the structure of the oldkeys block? */
} else {
if (index < header.eofPtr) {
fprintf(stderr, "Entry %d is unrecognizable\n", i);
}
}
}
/* Follow the hash chains */
for (j = 0; j < HASHSIZE; j++) {
for (index = header.nameHash[j]; index; index = entry.next) {
readDB(index, &entry, sizeof(entry));
/* check to see if the name is hashed correctly */
i = NameHash(&entry);
if (i != j) {
fprintf(stderr,
"Entry %" AFS_SIZET_FMT ", %s, found in hash chain %d (should be %d)\n",
((index -
sizeof(struct kaheader)) / sizeof(struct kaentry)),
EntryName(&entry), j, i);
}
/* Is it on another hash chain or circular hash chain */
i = (index - header.headerSize) / sizeof(entry);
if (entrys[i] & 0x10) {
fprintf(stderr,
"Entry %d, %s, hash index %d, was found on another hash chain\n",
i, EntryName(&entry), j);
if (entry.next)
fprintf(stderr, "Skipping rest of hash chain %d\n", j);
else
fprintf(stderr, "No next entry in hash chain %d\n", j);
code++;
break;
}
entrys[i] |= 0x10; /* On hash chain */
}
}
/* Follow the free pointers */
count = 0;
for (index = header.freePtr; index; index = entry.next) {
readDB(index, &entry, sizeof(entry));
/* Is it on another chain or circular free chain */
i = (index - header.headerSize) / sizeof(entry);
if (entrys[i] & 0x20) {
fprintf(stderr, "Entry %d, %s, already found on free chain\n", i,
EntryName(&entry));
fprintf(stderr, "Skipping rest of free chain\n");
code++;
break;
}
entrys[i] |= 0x20; /* On free chain */
count++;
}
if (verbose)
printf("Found %d free entries\n", count);
/* Follow the oldkey blocks */
count = 0;
for (index = header.kvnoPtr; index; index = entry.next) {
readDB(index, &entry, sizeof(entry));
/* Is it on another chain or circular free chain */
i = (index - header.headerSize) / sizeof(entry);
if (entrys[i] & 0x40) {
fprintf(stderr, "Entry %d, %s, already found on olkeys chain\n",
i, EntryName(&entry));
fprintf(stderr, "Skipping rest of oldkeys chain\n");
code++;
break;
}
entrys[i] |= 0x40; /* On free chain */
count++;
}
if (verbose)
printf("Found %d oldkey blocks\n", count);
/* Now recheck all the blocks and see if they are allocated correctly
* 0x1 --> User Entry 0x10 --> On hash chain
* 0x2 --> Free Entry 0x20 --> On Free chain
* 0x4 --> OldKeys Entry 0x40 --> On Oldkeys chain
* 0x8 --> Past EOF
*/
for (i = 0; i < nentries; i++) {
j = entrys[i];
if (j & 0x1) { /* user entry */
if (!(j & 0x10))
badEntry(j, i); /* on hash chain? */
else if (j & 0xee)
badEntry(j, i); /* anything else? */
} else if (j & 0x2) { /* free entry */
if (!(j & 0x20))
badEntry(j, i); /* on free chain? */
else if (j & 0xdd)
badEntry(j, i); /* anything else? */
} else if (j & 0x4) { /* oldkeys entry */
if (!(j & 0x40))
badEntry(j, i); /* on oldkeys chain? */
else if (j & 0xbb)
badEntry(j, i); /* anything else? */
} else if (j & 0x8) { /* past eof */
if (j & 0xf7)
badEntry(j, i); /* anything else? */
} else
badEntry(j, i); /* anything else? */
}
exit(code != 0);
}
