From: Pekka Riikonen Date: Fri, 6 Dec 2002 15:45:24 +0000 (+0000) Subject: Removed backwards support for old private key file format. X-Git-Tag: silc.client.0.9.10.2~10 X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=1dc9693d48c4496137ce3fe53a53a7de93cf1a6c Removed backwards support for old private key file format. --- diff --git a/CHANGES b/CHANGES index 6b660f0d..5ea86a4d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,14 @@ +Fri Dec 6 17:40:24 EET 2002 Pekka Riikonen + + * More log printing during backup router protocol. Affected + file silcd/server_backup.c. + + * Removed backwards support for old private key file format. + Affected file lib/silccrypt/silcpkcs.c. + + * Removed backwards support for not-so-strict decryption length + check, it's strict now. Affected lib/silccrypt/silccipher.c. + Thu Dec 5 22:29:46 EET 2002 Pekka Riikonen * Fixed backup router bugs: When backup resumes router and diff --git a/lib/silccrypt/silccipher.c b/lib/silccrypt/silccipher.c index db4a3329..53c938b6 100644 --- a/lib/silccrypt/silccipher.c +++ b/lib/silccrypt/silccipher.c @@ -330,13 +330,11 @@ bool silc_cipher_decrypt(SilcCipher cipher, const unsigned char *src, unsigned char *dst, SilcUInt32 len, unsigned char *iv) { -#if 0 /* Remove to 0.9.11 */ #ifdef SILC_DEBUG assert((len & (cipher->cipher->block_len - 1)) == 0); #endif if (len & (cipher->cipher->block_len - 1)) return FALSE; -#endif return cipher->cipher->decrypt(cipher->context, src, dst, len, iv ? iv : cipher->iv); } diff --git a/lib/silccrypt/silcpkcs.c b/lib/silccrypt/silcpkcs.c index bb2e65c8..4deddfd9 100644 --- a/lib/silccrypt/silcpkcs.c +++ b/lib/silccrypt/silcpkcs.c @@ -895,15 +895,6 @@ bool silc_pkcs_public_key_payload_decode(unsigned char *data, if (!public_key) return FALSE; -#if 1 - /* XXX 1.1 version support. Check whether the data is actually raw - public key and attempt to decode. Remove this later! */ - if (silc_pkcs_public_key_decode(data, data_len, public_key)) { - (*public_key)->pk_type = SILC_SKE_PK_TYPE_SILC; - return TRUE; - } -#endif - silc_buffer_set(&buf, data, data_len); ret = silc_buffer_unformat(&buf, SILC_STR_UI_SHORT(&pk_len), @@ -1406,156 +1397,6 @@ bool silc_pkcs_load_public_key(const char *filename, SilcPublicKey *public_key, return TRUE; } -#if 1 /* Old MD5 routine for private key loading, remove later! */ -struct MD5Context { - SilcUInt32 buf[4]; - SilcUInt32 bits[2]; - unsigned char in[64]; -}; -static void MD5Init(struct MD5Context *ctx) -{ - ctx->buf[0] = 0x67452301; - ctx->buf[1] = 0xefcdab89; - ctx->buf[2] = 0x98badcfe; - ctx->buf[3] = 0x10325476; - ctx->bits[0] = ctx->bits[1] = 0; -} -static void -MD5Transform(SilcUInt32 buf[4], const unsigned char kbuf[64]); -static void -MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len) -{ - SilcUInt32 t; - - t = ctx->bits[0]; - if ((ctx->bits[0] = t + ((SilcUInt32)len << 3)) < t) - ctx->bits[1]++; /* Carry from low to high */ - ctx->bits[1] += (SilcUInt32)len >> 29; - t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ - if ( t ) { - unsigned char *p = (unsigned char *)ctx->in + t; - - t = 64-t; - if (len < t) { - memcpy(p, buf, len); - return; - } - memcpy(p, buf, t); - MD5Transform(ctx->buf, ctx->in); - buf += t; - len -= t; - } while (len >= 64) { - memcpy(ctx->in, buf, 64); - MD5Transform(ctx->buf, ctx->in); - buf += 64; - len -= 64; - } - memcpy(ctx->in, buf, len); -} - -static void MD5Final(unsigned char digest[16], struct MD5Context *ctx) -{ - unsigned count; - unsigned char *p; - count = (ctx->bits[0] >> 3) & 0x3F; - p = ctx->in + count; - *p++ = 0x80; - count = 64 - 1 - count; - if (count < 8) { - memset(p, 0, count); - MD5Transform(ctx->buf, ctx->in); - memset(ctx->in, 0, 56); - } else { - memset(p, 0, count-8); - } - ((SilcUInt32 *)ctx->in)[ 14 ] = ctx->bits[0]; - ((SilcUInt32 *)ctx->in)[ 15 ] = ctx->bits[1]; - MD5Transform(ctx->buf, ctx->in); - memcpy(digest, ctx->buf, 16); - memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ -} -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1(z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) -#define MD5STEP(f, w, x, y, z, data, s) \ - ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) -static void -MD5Transform(SilcUInt32 buf[4], const unsigned char kbuf[64]) -{ - register SilcUInt32 a, b, c, d, i; - SilcUInt32 in[16]; - for (i = 0; i < 16; i++) - SILC_GET32_MSB(in[i], kbuf + 4 * i); - a = buf[0]; b = buf[1]; c = buf[2]; d = buf[3]; - MD5STEP(F1, a, b, c, d, in[ 0]+0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[ 1]+0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[ 2]+0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[ 3]+0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[ 4]+0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[ 5]+0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[ 6]+0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[ 7]+0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[ 8]+0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[ 9]+0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10]+0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11]+0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12]+0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13]+0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14]+0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15]+0x49b40821, 22); - MD5STEP(F2, a, b, c, d, in[ 1]+0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[ 6]+0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11]+0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[ 0]+0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[ 5]+0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10]+0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15]+0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[ 4]+0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[ 9]+0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14]+0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[ 3]+0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[ 8]+0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13]+0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[ 2]+0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[ 7]+0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12]+0x8d2a4c8a, 20); - MD5STEP(F3, a, b, c, d, in[ 5]+0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[ 8]+0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11]+0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14]+0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[ 1]+0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[ 4]+0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[ 7]+0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10]+0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13]+0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[ 0]+0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[ 3]+0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[ 6]+0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[ 9]+0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12]+0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15]+0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[ 2]+0xc4ac5665, 23); - MD5STEP(F4, a, b, c, d, in[ 0]+0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[ 7]+0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14]+0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[ 5]+0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12]+0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[ 3]+0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10]+0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[ 1]+0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[ 8]+0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15]+0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[ 6]+0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13]+0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[ 4]+0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11]+0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[ 2]+0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[ 9]+0xeb86d391, 21); - buf[0] += a; buf[1] += b; buf[2] += c; buf[3] += d; -} -#endif /* 1 */ - /* Load private key from file and allocates new private key. Returns TRUE if loading was successful. */ @@ -1573,13 +1414,6 @@ bool silc_pkcs_load_private_key(const char *filename, unsigned char *cp, *old, *data, byte; SilcUInt32 i, data_len, len, magic, mac_len; -#if 1 - /* Old support */ - struct MD5Context md5; - bool oldsupport = FALSE; - int oldlen = 0; -#endif /* 1 */ - SILC_LOG_DEBUG(("Loading private key `%s' with %s encoding", filename, encoding == SILC_PKCS_FILE_PEM ? "Base64" : encoding == SILC_PKCS_FILE_BIN ? "Binary" : "Unkonwn")); @@ -1685,20 +1519,6 @@ bool silc_pkcs_load_private_key(const char *filename, silc_hash_update(sha1, keymat, 16); silc_hash_final(sha1, keymat + 16); -#if 1 - olds: - /* Old support */ - if (oldsupport) { - MD5Init(&md5); - MD5Update(&md5, passphrase, passphrase_len); - MD5Final(keymat, &md5); - MD5Init(&md5); - MD5Update(&md5, passphrase, passphrase_len); - MD5Update(&md5, keymat, 16); - MD5Final(keymat + 16, &md5); - } -#endif /* 1 */ - /* Set the key to the cipher */ silc_cipher_set_key(aes, keymat, 256); @@ -1708,14 +1528,6 @@ bool silc_pkcs_load_private_key(const char *filename, silc_hmac_update(sha1hmac, data, len - mac_len); silc_hmac_final(sha1hmac, tmp, NULL); if (memcmp(tmp, data + (len - mac_len), mac_len)) { -#if 1 - /* Old support */ - if (!oldsupport) { - oldsupport = TRUE; - goto olds; - } -#endif - SILC_LOG_DEBUG(("Integrity check for private key failed")); memset(keymat, 0, sizeof(keymat)); memset(tmp, 0, sizeof(tmp)); @@ -1729,11 +1541,6 @@ bool silc_pkcs_load_private_key(const char *filename, data += 4; len -= 4; -#if 1 - /* Old support */ - oldlen = len - mac_len; -#endif - /* Decrypt the private key buffer */ silc_cipher_decrypt(aes, data, data, len - mac_len, NULL); SILC_GET32_MSB(i, data); @@ -1765,13 +1572,6 @@ bool silc_pkcs_load_private_key(const char *filename, return FALSE; } -#if 1 - /* Old support */ - if (oldsupport || (oldlen & 15)) - silc_pkcs_save_private_key((char *)filename, *private_key, - passphrase, passphrase_len, encoding); -#endif - memset(old, 0, data_len); silc_free(old); return TRUE;