int
main(int argc, char *argv[])
{
struct ktc_principal client;
struct ktc_encryptionKey sessionkey;
Date start, end;
afs_int32 host;
char key[8];
char ticket[MAXKTCTICKETLEN];
afs_int32 ticketLen;
afs_int32 code;
char bob[KA_TIMESTR_LEN];
whoami = argv[0];
initialize_RXK_error_table();
initialize_KA_error_table();
if (argc != 3) {
printf("Usage is %s key ticket\n", whoami);
exit(1);
}
if (ka_ReadBytes(argv[1], key, sizeof(key)) != 8)
printf("Key must be 8 bytes long\n");
if (!des_check_key_parity(key) || des_is_weak_key(key)) {
afs_com_err(whoami, KABADKEY, "server's key for decoding ticket is bad");
exit(1);
}
ticketLen = ka_ReadBytes(argv[2], ticket, sizeof(ticket));
printf("Ticket length is %d\n", ticketLen);
code =
tkt_DecodeTicket(ticket, ticketLen, key, client.name, client.instance,
client.cell, &sessionkey, &host, &start, &end);
if (code) {
afs_com_err(whoami, code, "decoding ticket");
if (code = tkt_CheckTimes(start, end, time(0)) <= 0)
afs_com_err(whoami, 0, "because of start or end times");
exit(1);
}
if (!des_check_key_parity(&sessionkey) || des_is_weak_key(&sessionkey)) {
afs_com_err(whoami, KABADKEY, "checking ticket's session key");
exit(1);
}
ka_PrintUserID("Client is ", client.name, client.instance, 0);
if (strlen(client.cell))
printf("@%s", client.cell);
printf("\nSession key is ");
ka_PrintBytes(&sessionkey, 8);
ka_timestr(start, bob, KA_TIMESTR_LEN);
printf("\nGood from %s", bob);
ka_timestr(end, bob, KA_TIMESTR_LEN);
printf(" till %s\n", bob);
}
/*
* Generate a sequence of random des keys
* using the random block sequence, fixup
* parity and skip weak keys.
*/
int
des_new_random_key(des_cblock *key)
{
int urandom;
again:
urandom = open("/dev/urandom", O_RDONLY);
if (urandom < 0)
des_random_key(key);
else {
if (read(urandom, key,
sizeof(des_cblock)) != sizeof(des_cblock)) {
close(urandom);
des_random_key(key);
} else
close(urandom);
}
/* random key must have odd parity and not be weak */
des_set_odd_parity(key);
if (des_is_weak_key(key))
goto again;
return (0);
}
/*
* des_random_key: create a random des key
*
* You should call des_set_random_number_generater_seed at least
* once before this routine is called. If you haven't, I'll try
* to add a little randomness to the start point anyway. Yes,
* it recurses. Deal with it.
*
* Notes: the returned key has correct parity and is guarenteed not
* to be a weak des key. Des_generate_random_block is used to
* provide the random bits.
*/
int
des_random_key(des_cblock key)
{
LOCK_INIT;
if (!is_inited) {
des_init_random_number_generator(key);
}
UNLOCK_INIT;
do {
des_generate_random_block(key);
des_fixup_key_parity(key);
} while (des_is_weak_key(key));
return (0);
}
static void
des3_random_to_key(struct krb5_key_state *ks, const void *in)
{
uint8_t *outkey;
const uint8_t *inkey;
int subkey;
for (subkey = 0, outkey = ks->ks_key, inkey = in; subkey < 3;
subkey++, outkey += 8, inkey += 7) {
/*
* Expand 56 bits of random data to 64 bits as follows
* (in the example, bit number 1 is the MSB of the 56
* bits of random data):
*
* expanded =
* 1 2 3 4 5 6 7 p
* 9 10 11 12 13 14 15 p
* 17 18 19 20 21 22 23 p
* 25 26 27 28 29 30 31 p
* 33 34 35 36 37 38 39 p
* 41 42 43 44 45 46 47 p
* 49 50 51 52 53 54 55 p
* 56 48 40 32 24 16 8 p
*/
outkey[0] = inkey[0];
outkey[1] = inkey[1];
outkey[2] = inkey[2];
outkey[3] = inkey[3];
outkey[4] = inkey[4];
outkey[5] = inkey[5];
outkey[6] = inkey[6];
outkey[7] = (((inkey[0] & 1) << 1)
| ((inkey[1] & 1) << 2)
| ((inkey[2] & 1) << 3)
| ((inkey[3] & 1) << 4)
| ((inkey[4] & 1) << 5)
| ((inkey[5] & 1) << 6)
| ((inkey[6] & 1) << 7));
des_set_odd_parity((des_cblock *) outkey);
if (des_is_weak_key((des_cblock *) outkey))
outkey[7] ^= 0xf0;
}
des3_set_key(ks, ks->ks_key);
}
static int
esp_descbc_mature(struct secasvar *sav)
{
const struct esp_algorithm *algo;
if (!(sav->flags & SADB_X_EXT_OLD) && (sav->flags & SADB_X_EXT_IV4B)) {
ipseclog((LOG_ERR, "esp_cbc_mature: "
"algorithm incompatible with 4 octets IV length\n"));
return 1;
}
if (!sav->key_enc) {
ipseclog((LOG_ERR, "esp_descbc_mature: no key is given.\n"));
return 1;
}
algo = esp_algorithm_lookup(sav->alg_enc);
if (!algo) {
ipseclog((LOG_ERR,
"esp_descbc_mature: unsupported algorithm.\n"));
return 1;
}
if (_KEYBITS(sav->key_enc) < algo->keymin ||
_KEYBITS(sav->key_enc) > algo->keymax) {
ipseclog((LOG_ERR,
"esp_descbc_mature: invalid key length %d.\n",
_KEYBITS(sav->key_enc)));
return 1;
}
/* weak key check */
if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc))) {
ipseclog((LOG_ERR,
"esp_descbc_mature: weak key was passed.\n"));
return 1;
}
return 0;
}
int
des_key_sched(des_cblock k, des_key_schedule schedule)
#endif
{
/* better pass 8 bytes, length not checked here */
int i, j, n; /* i = r10, j = r9, n = r8 */
unsigned int temp; /* r7 */
char *p_char; /* r6 */
key k_char;
i = 8;
n = 0;
p_char = k_char;
#ifdef lint
n = n; /* fool it in case of VAXASM */
#endif
#ifdef DEBUG
if (des_debug)
fprintf(stderr, "\n\ninput key, left to right = ");
#endif
if (!des_check_key_parity(k)) /* bad parity --> return -1 */
return (-1);
do {
/* get next input key byte */
#ifdef DEBUG
if (des_debug)
fprintf(stderr, "%02x ", *k & 0xff);
#endif
temp = (unsigned int)((unsigned char)*k++);
j = 8;
do {
#ifndef VAXASM
*p_char++ = (int)temp & 01;
temp = temp >> 1;
#else
asm("bicb3 $-2,r7,(r8)+[r6]");
asm("rotl $-1,r7,r7");
#endif
} while (--j > 0);
} while (--i > 0);
#ifdef DEBUG
if (des_debug) {
p_char = k_char;
fprintf(stderr, "\nKey bits, from zero to 63");
for (i = 0; i <= 7; i++) {
fprintf(stderr, "\n\t");
for (j = 0; j <= 7; j++)
fprintf(stderr, "%d ", *p_char++);
}
}
#else
#ifdef lint
p_char = p_char;
#endif
#endif
/* check against weak keys */
k -= sizeof(des_cblock);
if (des_is_weak_key(k))
return (-2);
make_key_sched(k_char, schedule);
/* if key was good, return 0 */
return 0;
}
static int
esp_cbc_mature(struct secasvar *sav)
{
int keylen;
const struct esp_algorithm *algo;
if (sav->flags & SADB_X_EXT_OLD) {
ipseclog((LOG_ERR,
"esp_cbc_mature: algorithm incompatible with esp-old\n"));
return 1;
}
if (sav->flags & SADB_X_EXT_DERIV) {
ipseclog((LOG_ERR,
"esp_cbc_mature: algorithm incompatible with derived\n"));
return 1;
}
if (!sav->key_enc) {
ipseclog((LOG_ERR, "esp_cbc_mature: no key is given.\n"));
return 1;
}
algo = esp_algorithm_lookup(sav->alg_enc);
if (!algo) {
ipseclog((LOG_ERR,
"esp_cbc_mature: unsupported algorithm.\n"));
return 1;
}
keylen = sav->key_enc->sadb_key_bits;
if (keylen < algo->keymin || algo->keymax < keylen) {
ipseclog((LOG_ERR,
"esp_cbc_mature %s: invalid key length %d.\n",
algo->name, sav->key_enc->sadb_key_bits));
return 1;
}
switch (sav->alg_enc) {
case SADB_EALG_3DESCBC:
/* weak key check */
if (des_is_weak_key((des_cblock *)_KEYBUF(sav->key_enc)) ||
des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 8)) ||
des_is_weak_key((des_cblock *)(_KEYBUF(sav->key_enc) + 16))) {
ipseclog((LOG_ERR,
"esp_cbc_mature %s: weak key was passed.\n",
algo->name));
return 1;
}
break;
case SADB_X_EALG_RIJNDAELCBC:
/* allows specific key sizes only */
if (!(keylen == 128 || keylen == 192 || keylen == 256)) {
ipseclog((LOG_ERR,
"esp_cbc_mature %s: invalid key length %d.\n",
algo->name, keylen));
return 1;
}
break;
}
return 0;
}
