diff options
| author | John Baldwin <jhb@FreeBSD.org> | 2020-04-10 23:08:41 +0000 |
|---|---|---|
| committer | John Baldwin <jhb@FreeBSD.org> | 2020-04-10 23:08:41 +0000 |
| commit | dee3aa83d1b6d563ac33f46582f060260334148d (patch) | |
| tree | 33f2eaf132d8314ef13b3fae2fbb5465b9b59c03 | |
| parent | 3133bbf7a4390f5bf6c9dc3d7bd81835d0d90540 (diff) | |
| download | src-dee3aa83d1b6.tar.gz src-dee3aa83d1b6.zip | |
Remove support for Kernel GSS algorithms deprecated in r348875.
This removes support for using DES, Triple DES, and RC4.
Reviewed by: cem, kp
Tested by: kp
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24344
Notes
Notes:
svn path=/head/; revision=359786
| -rw-r--r-- | sys/conf/files | 3 | ||||
| -rw-r--r-- | sys/kgssapi/krb5/kcrypto.c | 9 | ||||
| -rw-r--r-- | sys/kgssapi/krb5/kcrypto.h | 5 | ||||
| -rw-r--r-- | sys/kgssapi/krb5/kcrypto_arcfour.c | 225 | ||||
| -rw-r--r-- | sys/kgssapi/krb5/kcrypto_des.c | 260 | ||||
| -rw-r--r-- | sys/kgssapi/krb5/kcrypto_des3.c | 401 | ||||
| -rw-r--r-- | sys/modules/kgssapi_krb5/Makefile | 3 |
7 files changed, 0 insertions, 906 deletions
diff --git a/sys/conf/files b/sys/conf/files index 24b2fcc43f03..6805a4ddeb0b 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -3945,9 +3945,6 @@ kgssapi/gssd_prot.c optional kgssapi kgssapi/krb5/krb5_mech.c optional kgssapi kgssapi/krb5/kcrypto.c optional kgssapi kgssapi/krb5/kcrypto_aes.c optional kgssapi -kgssapi/krb5/kcrypto_arcfour.c optional kgssapi -kgssapi/krb5/kcrypto_des.c optional kgssapi -kgssapi/krb5/kcrypto_des3.c optional kgssapi kgssapi/kgss_if.m optional kgssapi kgssapi/gsstest.c optional kgssapi_debug # These files in libkern/ are those needed by all architectures. Some diff --git a/sys/kgssapi/krb5/kcrypto.c b/sys/kgssapi/krb5/kcrypto.c index f7c54a1770f3..dc5bc29c98e8 100644 --- a/sys/kgssapi/krb5/kcrypto.c +++ b/sys/kgssapi/krb5/kcrypto.c @@ -42,20 +42,11 @@ __FBSDID("$FreeBSD$"); #include "kcrypto.h" static struct krb5_encryption_class *krb5_encryption_classes[] = { - &krb5_des_encryption_class, - &krb5_des3_encryption_class, &krb5_aes128_encryption_class, &krb5_aes256_encryption_class, - &krb5_arcfour_encryption_class, - &krb5_arcfour_56_encryption_class, NULL }; -struct timeval krb5_warn_interval = { .tv_sec = 3600, .tv_usec = 0 }; -SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, kgssapi_warn_interval, CTLFLAG_RW, - &krb5_warn_interval, - "Delay in seconds between warnings of deprecated KGSSAPI crypto."); - struct krb5_encryption_class * krb5_find_encryption_class(int etype) { diff --git a/sys/kgssapi/krb5/kcrypto.h b/sys/kgssapi/krb5/kcrypto.h index 2ddfd663e28c..62e28261187f 100644 --- a/sys/kgssapi/krb5/kcrypto.h +++ b/sys/kgssapi/krb5/kcrypto.h @@ -95,13 +95,8 @@ struct krb5_key_state { void *ks_priv; }; -extern struct krb5_encryption_class krb5_des_encryption_class; -extern struct krb5_encryption_class krb5_des3_encryption_class; extern struct krb5_encryption_class krb5_aes128_encryption_class; extern struct krb5_encryption_class krb5_aes256_encryption_class; -extern struct krb5_encryption_class krb5_arcfour_encryption_class; -extern struct krb5_encryption_class krb5_arcfour_56_encryption_class; -extern struct timeval krb5_warn_interval; static __inline void krb5_set_key(struct krb5_key_state *ks, const void *keydata) diff --git a/sys/kgssapi/krb5/kcrypto_arcfour.c b/sys/kgssapi/krb5/kcrypto_arcfour.c deleted file mode 100644 index c0a19abff622..000000000000 --- a/sys/kgssapi/krb5/kcrypto_arcfour.c +++ /dev/null @@ -1,225 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-2-Clause-FreeBSD - * - * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ - * Authors: Doug Rabson <dfr@rabson.org> - * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org> - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <sys/param.h> -#include <sys/lock.h> -#include <sys/malloc.h> -#include <sys/md5.h> -#include <sys/kobj.h> -#include <sys/mbuf.h> -#include <crypto/rc4/rc4.h> - -#include <kgssapi/gssapi.h> -#include <kgssapi/gssapi_impl.h> - -#include "kcrypto.h" - -static void -arcfour_init(struct krb5_key_state *ks) -{ - static struct timeval lastwarn; - - ks->ks_priv = NULL; - if (ratecheck(&lastwarn, &krb5_warn_interval)) - gone_in(13, "RC4 cipher for Kerberos GSS"); -} - -static void -arcfour_destroy(struct krb5_key_state *ks) -{ - -} - -static void -arcfour_set_key(struct krb5_key_state *ks, const void *in) -{ - void *kp = ks->ks_key; - - if (kp != in) - bcopy(in, kp, 16); -} - -static void -arcfour_random_to_key(struct krb5_key_state *ks, const void *in) -{ - - arcfour_set_key(ks, in); -} - -static void -arcfour_hmac(uint8_t *key, uint8_t *data, size_t datalen, - uint8_t *result) -{ - uint8_t buf[64]; - MD5_CTX md5; - int i; - - for (i = 0; i < 16; i++) - buf[i] = key[i] ^ 0x36; - for (; i < 64; i++) - buf[i] = 0x36; - - MD5Init(&md5); - MD5Update(&md5, buf, 64); - MD5Update(&md5, data, datalen); - MD5Final(result, &md5); - - for (i = 0; i < 16; i++) - buf[i] = key[i] ^ 0x5c; - for (; i < 64; i++) - buf[i] = 0x5c; - - MD5Init(&md5); - MD5Update(&md5, buf, 64); - MD5Update(&md5, result, 16); - MD5Final(result, &md5); -} - -static void -arcfour_derive_key(const struct krb5_key_state *ks, uint32_t usage, - uint8_t *newkey) -{ - uint8_t t[4]; - - t[0] = (usage >> 24); - t[1] = (usage >> 16); - t[2] = (usage >> 8); - t[3] = (usage >> 0); - if (ks->ks_class->ec_type == ETYPE_ARCFOUR_HMAC_MD5_56) { - uint8_t L40[14] = "fortybits"; - bcopy(t, L40 + 10, 4); - arcfour_hmac(ks->ks_key, L40, 14, newkey); - memset(newkey + 7, 0xab, 9); - } else { - arcfour_hmac(ks->ks_key, t, 4, newkey); - } -} - -static int -rc4_crypt_int(void *rs, void *buf, u_int len) -{ - - rc4_crypt(rs, buf, buf, len); - return (0); -} - -static void -arcfour_encrypt(const struct krb5_key_state *ks, struct mbuf *inout, - size_t skip, size_t len, void *ivec, size_t ivlen) -{ - struct rc4_state rs; - uint8_t newkey[16]; - - arcfour_derive_key(ks, 0, newkey); - - /* - * If we have an IV, then generate a new key from it using HMAC. - */ - if (ivec) { - uint8_t kk[16]; - arcfour_hmac(newkey, ivec, ivlen, kk); - rc4_init(&rs, kk, 16); - } else { - rc4_init(&rs, newkey, 16); - } - - m_apply(inout, skip, len, rc4_crypt_int, &rs); -} - -static int -MD5Update_int(void *ctx, void *buf, u_int len) -{ - - MD5Update(ctx, buf, len); - return (0); -} - -static void -arcfour_checksum(const struct krb5_key_state *ks, int usage, - struct mbuf *inout, size_t skip, size_t inlen, size_t outlen) -{ - MD5_CTX md5; - uint8_t Ksign[16]; - uint8_t t[4]; - uint8_t sgn_cksum[16]; - - arcfour_hmac(ks->ks_key, "signaturekey", 13, Ksign); - - t[0] = usage >> 0; - t[1] = usage >> 8; - t[2] = usage >> 16; - t[3] = usage >> 24; - - MD5Init(&md5); - MD5Update(&md5, t, 4); - m_apply(inout, skip, inlen, MD5Update_int, &md5); - MD5Final(sgn_cksum, &md5); - - arcfour_hmac(Ksign, sgn_cksum, 16, sgn_cksum); - m_copyback(inout, skip + inlen, outlen, sgn_cksum); -} - -struct krb5_encryption_class krb5_arcfour_encryption_class = { - "arcfour-hmac-md5", /* name */ - ETYPE_ARCFOUR_HMAC_MD5, /* etype */ - 0, /* flags */ - 1, /* blocklen */ - 1, /* msgblocklen */ - 8, /* checksumlen */ - 128, /* keybits */ - 16, /* keylen */ - arcfour_init, - arcfour_destroy, - arcfour_set_key, - arcfour_random_to_key, - arcfour_encrypt, - arcfour_encrypt, - arcfour_checksum -}; - -struct krb5_encryption_class krb5_arcfour_56_encryption_class = { - "arcfour-hmac-md5-56", /* name */ - ETYPE_ARCFOUR_HMAC_MD5_56, /* etype */ - 0, /* flags */ - 1, /* blocklen */ - 1, /* msgblocklen */ - 8, /* checksumlen */ - 128, /* keybits */ - 16, /* keylen */ - arcfour_init, - arcfour_destroy, - arcfour_set_key, - arcfour_random_to_key, - arcfour_encrypt, - arcfour_encrypt, - arcfour_checksum -}; diff --git a/sys/kgssapi/krb5/kcrypto_des.c b/sys/kgssapi/krb5/kcrypto_des.c deleted file mode 100644 index 391905dad50f..000000000000 --- a/sys/kgssapi/krb5/kcrypto_des.c +++ /dev/null @@ -1,260 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-2-Clause-FreeBSD - * - * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ - * Authors: Doug Rabson <dfr@rabson.org> - * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org> - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <sys/param.h> -#include <sys/lock.h> -#include <sys/kobj.h> -#include <sys/malloc.h> -#include <sys/md5.h> -#include <sys/mutex.h> -#include <sys/mbuf.h> -#include <crypto/des/des.h> -#include <opencrypto/cryptodev.h> - -#include <kgssapi/gssapi.h> -#include <kgssapi/gssapi_impl.h> - -#include "kcrypto.h" - -struct des1_state { - struct mtx ds_lock; - crypto_session_t ds_session; -}; - -static void -des1_init(struct krb5_key_state *ks) -{ - static struct timeval lastwarn; - struct des1_state *ds; - - ds = malloc(sizeof(struct des1_state), M_GSSAPI, M_WAITOK|M_ZERO); - mtx_init(&ds->ds_lock, "gss des lock", NULL, MTX_DEF); - ks->ks_priv = ds; - if (ratecheck(&lastwarn, &krb5_warn_interval)) - gone_in(13, "DES cipher for Kerberos GSS"); -} - -static void -des1_destroy(struct krb5_key_state *ks) -{ - struct des1_state *ds = ks->ks_priv; - - if (ds->ds_session) - crypto_freesession(ds->ds_session); - mtx_destroy(&ds->ds_lock); - free(ks->ks_priv, M_GSSAPI); - -} - -static void -des1_set_key(struct krb5_key_state *ks, const void *in) -{ - struct crypto_session_params csp; - void *kp = ks->ks_key; - struct des1_state *ds = ks->ks_priv; - - if (ds->ds_session) - crypto_freesession(ds->ds_session); - - if (kp != in) - bcopy(in, kp, ks->ks_class->ec_keylen); - - memset(&csp, 0, sizeof(csp)); - csp.csp_mode = CSP_MODE_CIPHER; - csp.csp_ivlen = 8; - csp.csp_cipher_alg = CRYPTO_DES_CBC; - csp.csp_cipher_klen = 8; - csp.csp_cipher_key = ks->ks_key; - - crypto_newsession(&ds->ds_session, &csp, - CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); -} - -static void -des1_random_to_key(struct krb5_key_state *ks, const void *in) -{ - uint8_t *outkey = ks->ks_key; - const uint8_t *inkey = in; - - /* - * Expand 56 bits of random data to 64 bits as follows - * (in the example, bit number 1 is the MSB of the 56 - * bits of random data): - * - * expanded = - * 1 2 3 4 5 6 7 p - * 9 10 11 12 13 14 15 p - * 17 18 19 20 21 22 23 p - * 25 26 27 28 29 30 31 p - * 33 34 35 36 37 38 39 p - * 41 42 43 44 45 46 47 p - * 49 50 51 52 53 54 55 p - * 56 48 40 32 24 16 8 p - */ - outkey[0] = inkey[0]; - outkey[1] = inkey[1]; - outkey[2] = inkey[2]; - outkey[3] = inkey[3]; - outkey[4] = inkey[4]; - outkey[5] = inkey[5]; - outkey[6] = inkey[6]; - outkey[7] = (((inkey[0] & 1) << 1) - | ((inkey[1] & 1) << 2) - | ((inkey[2] & 1) << 3) - | ((inkey[3] & 1) << 4) - | ((inkey[4] & 1) << 5) - | ((inkey[5] & 1) << 6) - | ((inkey[6] & 1) << 7)); - des_set_odd_parity(outkey); - if (des_is_weak_key(outkey)) - outkey[7] ^= 0xf0; - - des1_set_key(ks, ks->ks_key); -} - -static int -des1_crypto_cb(struct cryptop *crp) -{ - int error; - struct des1_state *ds = (struct des1_state *) crp->crp_opaque; - - if (crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC) - return (0); - - error = crp->crp_etype; - if (error == EAGAIN) - error = crypto_dispatch(crp); - mtx_lock(&ds->ds_lock); - if (error || (crp->crp_flags & CRYPTO_F_DONE)) - wakeup(crp); - mtx_unlock(&ds->ds_lock); - - return (0); -} - -static void -des1_encrypt_1(const struct krb5_key_state *ks, int buf_type, void *buf, - size_t skip, size_t len, void *ivec, bool encrypt) -{ - struct des1_state *ds = ks->ks_priv; - struct cryptop *crp; - int error; - - crp = crypto_getreq(ds->ds_session, M_WAITOK); - - crp->crp_payload_start = skip; - crp->crp_payload_length = len; - crp->crp_op = encrypt ? CRYPTO_OP_ENCRYPT : CRYPTO_OP_DECRYPT; - crp->crp_flags = CRYPTO_F_CBIFSYNC | CRYPTO_F_IV_SEPARATE; - if (ivec) { - memcpy(crp->crp_iv, ivec, 8); - } else { - memset(crp->crp_iv, 0, 8); - } - crp->crp_buf_type = buf_type; - crp->crp_buf = buf; - crp->crp_opaque = ds; - crp->crp_callback = des1_crypto_cb; - - error = crypto_dispatch(crp); - - if ((crypto_ses2caps(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) { - mtx_lock(&ds->ds_lock); - if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) - error = msleep(crp, &ds->ds_lock, 0, "gssdes", 0); - mtx_unlock(&ds->ds_lock); - } - - crypto_freereq(crp); -} - -static void -des1_encrypt(const struct krb5_key_state *ks, struct mbuf *inout, - size_t skip, size_t len, void *ivec, size_t ivlen) -{ - - des1_encrypt_1(ks, CRYPTO_BUF_MBUF, inout, skip, len, ivec, true); -} - -static void -des1_decrypt(const struct krb5_key_state *ks, struct mbuf *inout, - size_t skip, size_t len, void *ivec, size_t ivlen) -{ - - des1_encrypt_1(ks, CRYPTO_BUF_MBUF, inout, skip, len, ivec, false); -} - -static int -MD5Update_int(void *ctx, void *buf, u_int len) -{ - - MD5Update(ctx, buf, len); - return (0); -} - -static void -des1_checksum(const struct krb5_key_state *ks, int usage, - struct mbuf *inout, size_t skip, size_t inlen, size_t outlen) -{ - char hash[16]; - MD5_CTX md5; - - /* - * This checksum is specifically for GSS-API. First take the - * MD5 checksum of the message, then calculate the CBC mode - * checksum of that MD5 checksum using a zero IV. - */ - MD5Init(&md5); - m_apply(inout, skip, inlen, MD5Update_int, &md5); - MD5Final(hash, &md5); - - des1_encrypt_1(ks, CRYPTO_BUF_CONTIG, hash, 0, 16, NULL, true); - m_copyback(inout, skip + inlen, outlen, hash + 8); -} - -struct krb5_encryption_class krb5_des_encryption_class = { - "des-cbc-md5", /* name */ - ETYPE_DES_CBC_CRC, /* etype */ - 0, /* flags */ - 8, /* blocklen */ - 8, /* msgblocklen */ - 8, /* checksumlen */ - 56, /* keybits */ - 8, /* keylen */ - des1_init, - des1_destroy, - des1_set_key, - des1_random_to_key, - des1_encrypt, - des1_decrypt, - des1_checksum -}; diff --git a/sys/kgssapi/krb5/kcrypto_des3.c b/sys/kgssapi/krb5/kcrypto_des3.c deleted file mode 100644 index 0055b24cdbdf..000000000000 --- a/sys/kgssapi/krb5/kcrypto_des3.c +++ /dev/null @@ -1,401 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-2-Clause-FreeBSD - * - * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ - * Authors: Doug Rabson <dfr@rabson.org> - * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org> - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <sys/param.h> -#include <sys/lock.h> -#include <sys/malloc.h> -#include <sys/mutex.h> -#include <sys/kobj.h> -#include <sys/mbuf.h> -#include <crypto/des/des.h> -#include <opencrypto/cryptodev.h> - -#include <kgssapi/gssapi.h> -#include <kgssapi/gssapi_impl.h> - -#include "kcrypto.h" - -#define DES3_FLAGS (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE) - -struct des3_state { - struct mtx ds_lock; - crypto_session_t ds_cipher_session; - crypto_session_t ds_hmac_session; -}; - -static void -des3_init(struct krb5_key_state *ks) -{ - static struct timeval lastwarn; - struct des3_state *ds; - - ds = malloc(sizeof(struct des3_state), M_GSSAPI, M_WAITOK|M_ZERO); - mtx_init(&ds->ds_lock, "gss des3 lock", NULL, MTX_DEF); - ks->ks_priv = ds; - if (ratecheck(&lastwarn, &krb5_warn_interval)) - gone_in(13, "DES3 cipher for Kerberos GSS"); -} - -static void -des3_destroy(struct krb5_key_state *ks) -{ - struct des3_state *ds = ks->ks_priv; - - if (ds->ds_cipher_session) { - crypto_freesession(ds->ds_cipher_session); - crypto_freesession(ds->ds_hmac_session); - } - mtx_destroy(&ds->ds_lock); - free(ks->ks_priv, M_GSSAPI); -} - -static void -des3_set_key(struct krb5_key_state *ks, const void *in) -{ - struct crypto_session_params csp; - void *kp = ks->ks_key; - struct des3_state *ds = ks->ks_priv; - - if (ds->ds_cipher_session) { - crypto_freesession(ds->ds_cipher_session); - crypto_freesession(ds->ds_hmac_session); - } - - if (kp != in) - bcopy(in, kp, ks->ks_class->ec_keylen); - - memset(&csp, 0, sizeof(csp)); - csp.csp_mode = CSP_MODE_DIGEST; - csp.csp_auth_alg = CRYPTO_SHA1_HMAC; - csp.csp_auth_klen = 24; - csp.csp_auth_key = ks->ks_key; - - crypto_newsession(&ds->ds_hmac_session, &csp, - CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); - - memset(&csp, 0, sizeof(csp)); - csp.csp_mode = CSP_MODE_CIPHER; - csp.csp_cipher_alg = CRYPTO_3DES_CBC; - csp.csp_cipher_klen = 24; - csp.csp_cipher_key = ks->ks_key; - csp.csp_ivlen = 8; - - crypto_newsession(&ds->ds_cipher_session, &csp, - CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); -} - -static void -des3_random_to_key(struct krb5_key_state *ks, const void *in) -{ - uint8_t *outkey; - const uint8_t *inkey; - int subkey; - - for (subkey = 0, outkey = ks->ks_key, inkey = in; subkey < 3; - subkey++, outkey += 8, inkey += 7) { - /* - * Expand 56 bits of random data to 64 bits as follows - * (in the example, bit number 1 is the MSB of the 56 - * bits of random data): - * - * expanded = - * 1 2 3 4 5 6 7 p - * 9 10 11 12 13 14 15 p - * 17 18 19 20 21 22 23 p - * 25 26 27 28 29 30 31 p - * 33 34 35 36 37 38 39 p - * 41 42 43 44 45 46 47 p - * 49 50 51 52 53 54 55 p - * 56 48 40 32 24 16 8 p - */ - outkey[0] = inkey[0]; - outkey[1] = inkey[1]; - outkey[2] = inkey[2]; - outkey[3] = inkey[3]; - outkey[4] = inkey[4]; - outkey[5] = inkey[5]; - outkey[6] = inkey[6]; - outkey[7] = (((inkey[0] & 1) << 1) - | ((inkey[1] & 1) << 2) - | ((inkey[2] & 1) << 3) - | ((inkey[3] & 1) << 4) - | ((inkey[4] & 1) << 5) - | ((inkey[5] & 1) << 6) - | ((inkey[6] & 1) << 7)); - des_set_odd_parity(outkey); - if (des_is_weak_key(outkey)) - outkey[7] ^= 0xf0; - } - - des3_set_key(ks, ks->ks_key); -} - -static int -des3_crypto_cb(struct cryptop *crp) -{ - int error; - struct des3_state *ds = (struct des3_state *) crp->crp_opaque; - - if (crypto_ses2caps(crp->crp_session) & CRYPTOCAP_F_SYNC) - return (0); - - error = crp->crp_etype; - if (error == EAGAIN) - error = crypto_dispatch(crp); - mtx_lock(&ds->ds_lock); - if (error || (crp->crp_flags & CRYPTO_F_DONE)) - wakeup(crp); - mtx_unlock(&ds->ds_lock); - - return (0); -} - -static void -des3_encrypt_1(const struct krb5_key_state *ks, struct mbuf *inout, - size_t skip, size_t len, void *ivec, bool encrypt) -{ - struct des3_state *ds = ks->ks_priv; - struct cryptop *crp; - int error; - - crp = crypto_getreq(ds->ds_cipher_session, M_WAITOK); - - crp->crp_payload_start = skip; - crp->crp_payload_length = len; - crp->crp_op = encrypt ? CRYPTO_OP_ENCRYPT : CRYPTO_OP_DECRYPT; - crp->crp_flags = CRYPTO_F_CBIFSYNC | CRYPTO_F_IV_SEPARATE; - if (ivec) { - memcpy(crp->crp_iv, ivec, 8); - } else { - memset(crp->crp_iv, 0, 8); - } - crp->crp_buf_type = CRYPTO_BUF_MBUF; - crp->crp_mbuf = inout; - crp->crp_opaque = ds; - crp->crp_callback = des3_crypto_cb; - - error = crypto_dispatch(crp); - - if ((crypto_ses2caps(ds->ds_cipher_session) & CRYPTOCAP_F_SYNC) == 0) { - mtx_lock(&ds->ds_lock); - if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) - error = msleep(crp, &ds->ds_lock, 0, "gssdes3", 0); - mtx_unlock(&ds->ds_lock); - } - - crypto_freereq(crp); -} - -static void -des3_encrypt(const struct krb5_key_state *ks, struct mbuf *inout, - size_t skip, size_t len, void *ivec, size_t ivlen) -{ - - des3_encrypt_1(ks, inout, skip, len, ivec, true); -} - -static void -des3_decrypt(const struct krb5_key_state *ks, struct mbuf *inout, - size_t skip, size_t len, void *ivec, size_t ivlen) -{ - - des3_encrypt_1(ks, inout, skip, len, ivec, false); -} - -static void -des3_checksum(const struct krb5_key_state *ks, int usage, - struct mbuf *inout, size_t skip, size_t inlen, size_t outlen) -{ - struct des3_state *ds = ks->ks_priv; - struct cryptop *crp; - int error; - - crp = crypto_getreq(ds->ds_hmac_session, M_WAITOK); - - crp->crp_payload_start = skip; - crp->crp_payload_length = inlen; - crp->crp_digest_start = skip + inlen; - crp->crp_op = CRYPTO_OP_COMPUTE_DIGEST; - crp->crp_flags = CRYPTO_F_CBIFSYNC; - crp->crp_buf_type = CRYPTO_BUF_MBUF; - crp->crp_mbuf = inout; - crp->crp_opaque = ds; - crp->crp_callback = des3_crypto_cb; - - error = crypto_dispatch(crp); - - if ((crypto_ses2caps(ds->ds_hmac_session) & CRYPTOCAP_F_SYNC) == 0) { - mtx_lock(&ds->ds_lock); - if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) - error = msleep(crp, &ds->ds_lock, 0, "gssdes3", 0); - mtx_unlock(&ds->ds_lock); - } - - crypto_freereq(crp); -} - -struct krb5_encryption_class krb5_des3_encryption_class = { - "des3-cbc-sha1", /* name */ - ETYPE_DES3_CBC_SHA1, /* etype */ - EC_DERIVED_KEYS, /* flags */ - 8, /* blocklen */ - 8, /* msgblocklen */ - 20, /* checksumlen */ - 168, /* keybits */ - 24, /* keylen */ - des3_init, - des3_destroy, - des3_set_key, - des3_random_to_key, - des3_encrypt, - des3_decrypt, - des3_checksum -}; - -#if 0 -struct des3_dk_test { - uint8_t key[24]; - uint8_t usage[8]; - size_t usagelen; - uint8_t dk[24]; -}; -struct des3_dk_test tests[] = { - {{0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 0x1c, 0x3d, 0xb5, - 0x7c, 0x51, 0x89, 0x9b, 0x2c, 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, - 0x3b, 0x92}, - {0x00, 0x00, 0x00, 0x01, 0x55}, 5, - {0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 0x5d, 0x31, 0x92, - 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, - 0x04, 0xcd}}, - - {{0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 0x46, 0x57, 0x85, - 0x31, 0xcb, 0x51, 0xc1, 0x5b, 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, - 0xe9, 0xf2}, - {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, - {0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 0x10, 0x1c, 0x46, - 0x98, 0x45, 0xd6, 0x7a, 0x20, 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, - 0xf2, 0x07}}, - - {{0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 0x9b, 0x75, 0xa1, - 0x76, 0x54, 0x0b, 0x97, 0x52, 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, - 0x52, 0xbc}, - {0x00, 0x00, 0x00, 0x01, 0x55}, 5, - {0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 0x6d, 0x13, 0xfd, - 0x2c, 0xa1, 0xd0, 0x85, 0x07, 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, - 0xea, 0xbf}}, - - {{0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 0x70, 0x94, 0x68, - 0x0b, 0x7c, 0x64, 0x94, 0x02, 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, - 0x92, 0xb5}, - {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, - {0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 0xdc, 0x07, 0x02, - 0x68, 0x6b, 0xcb, 0x34, 0x89, 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, - 0x70, 0x3e}}, - - {{0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 0xdc, 0xb9, 0xb9, - 0x3e, 0xe5, 0xa7, 0x62, 0x92, 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, - 0x02, 0xfb}, - {0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73}, 8, - {0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 0x64, 0xce, 0xbf, - 0xdc, 0x52, 0x04, 0xd5, 0x6d, 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, - 0xda, 0x43}}, - - {{0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 0xe6, 0xa1, 0x45, - 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, - 0x04, 0xda}, - {0x00, 0x00, 0x00, 0x01, 0x55}, 5, - {0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 0x16, 0x16, 0x1c, - 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, - 0x75, 0xf7}}, - - {{0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 0x15, 0x57, 0x19, - 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, - 0x91, 0x7c}, - {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, - {0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 0xcb, 0xe9, 0xa7, - 0xc8, 0x46, 0x26, 0xfb, 0xc7, 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, - 0xe5, 0xc1}}, - - {{0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 0xdc, 0x8c, 0x34, - 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, - 0xc4, 0x43}, - {0x00, 0x00, 0x00, 0x01, 0x55}, 5, - {0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 0xf7, 0x54, 0x25, - 0xce, 0x91, 0x75, 0xfb, 0xe3, 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, - 0x3b, 0x49}}, - - {{0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 0x2f, 0xea, 0xb9, - 0xa8, 0x70, 0x1a, 0x89, 0xa4, 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, - 0xd0, 0x16}, - {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, - {0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 0x54, 0xe6, 0x94, - 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, - 0xec, 0x5d}}, -}; -#define N_TESTS (sizeof(tests) / sizeof(tests[0])) - -int -main(int argc, char **argv) -{ - struct krb5_key_state *key, *dk; - uint8_t *dkp; - int j, i; - - for (j = 0; j < N_TESTS; j++) { - struct des3_dk_test *t = &tests[j]; - key = krb5_create_key(&des3_encryption_class); - krb5_set_key(key, t->key); - dk = krb5_derive_key(key, t->usage, t->usagelen); - krb5_free_key(key); - if (memcmp(dk->ks_key, t->dk, 24)) { - printf("DES3 dk("); - for (i = 0; i < 24; i++) - printf("%02x", t->key[i]); - printf(", "); - for (i = 0; i < t->usagelen; i++) - printf("%02x", t->usage[i]); - printf(") failed\n"); - printf("should be: "); - for (i = 0; i < 24; i++) - printf("%02x", t->dk[i]); - printf("\n result was: "); - dkp = dk->ks_key; - for (i = 0; i < 24; i++) - printf("%02x", dkp[i]); - printf("\n"); - } - krb5_free_key(dk); - } - - return (0); -} -#endif diff --git a/sys/modules/kgssapi_krb5/Makefile b/sys/modules/kgssapi_krb5/Makefile index 3eb2465158b8..2f4c69ae0949 100644 --- a/sys/modules/kgssapi_krb5/Makefile +++ b/sys/modules/kgssapi_krb5/Makefile @@ -5,10 +5,7 @@ KMOD= kgssapi_krb5 SRCS= krb5_mech.c \ kcrypto.c \ - kcrypto_des.c \ - kcrypto_des3.c \ kcrypto_aes.c \ - kcrypto_arcfour.c \ opt_inet6.h SRCS+= kgss_if.h gssd.h |