1 /* This is a shim header that's included by crypto.c, and turns it into
2 * something that we can actually build on its own.
10 #include <afsconfig.h>
18 #include <sys/param.h>
20 #include <sys/errno.h>
22 #include <sys/types.h>
26 #include <hcrypto/evp.h>
27 #include <hcrypto/des.h>
28 #include <hcrypto/rc4.h>
29 #include <hcrypto/sha.h>
30 #include <hcrypto/md5.h>
35 #ifdef AFS_PTHREAD_ENV
37 # define HEIMDAL_MUTEX pthread_mutex_t
38 # define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
39 # define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL)
40 # define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m)
41 # define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m)
42 # define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m)
44 /* The one location in this library which uses mutexes is the PRNG
45 * code. As this code takes no locks, never yields, and does no
46 * I/O through the LWP IO Manager, it cannot be pre-empted, so
47 * it is safe to simply remove the locks in this case
49 #define HEIMDAL_MUTEX int
50 #define HEIMDAL_MUTEX_INITIALIZER 0
51 #define HEIMDAL_MUTEX_init(m) do { (void)(m); } while(0)
52 #define HEIMDAL_MUTEX_lock(m) do { (void)(m); } while(0)
53 #define HEIMDAL_MUTEX_unlock(m) do { (void)(m); } while(0)
54 #define HEIMDAL_MUTEX_destroy(m) do { (void)(m); } while(0)
58 #define HEIMDAL_SMALLER 1
59 #define HEIM_CRYPTO_NO_TRIPLE_DES
60 #define HEIM_CRYPTO_NO_ARCFOUR
61 #define HEIM_CRYPTO_NO_PK
63 #define NO_RAND_EGD_METHOD
66 #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
69 #define max(a,b) (((a)>(b))?(a):(b))
80 typedef int krb5_boolean
;
81 typedef ssize_t krb5_ssize_t
;
83 #define KRB5_KU_AS_REP_ENC_PART 3
84 #define KRB5_KU_USAGE_SEAL 22
85 #define KRB5_KU_USAGE_SIGN 23
86 #define KRB5_KU_USAGE_SEQ 24
93 typedef struct EncryptedData
{
96 afs_heim_octet_string cipher
;
99 typedef enum krb5_salttype
{
104 typedef enum krb5_keytype
{
110 KEYTYPE_ARCFOUR
= 23,
111 KEYTYPE_ARCFOUR_56
= 24
114 #define KRB5_ENCTYPE_NULL ETYPE_NULL
115 #define KRB5_ENCTYPE_OLD_DES3_CBC_SHA1 ETYPE_OLD_DES3_CBC_SHA1
116 #define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 ETYPE_AES128_CTS_HMAC_SHA1_96
117 #define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 ETYPE_AES256_CTS_HMAC_SHA1_96
118 #define KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 ETYPE_ARCFOUR_HMAC_MD5
120 typedef struct krb5_salt
{
121 krb5_salttype salttype
;
125 typedef struct krb5_crypto_iov
{
128 #define KRB5_CRYPTO_TYPE_EMPTY 0
129 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */
130 #define KRB5_CRYPTO_TYPE_HEADER 1
132 #define KRB5_CRYPTO_TYPE_DATA 2
134 #define KRB5_CRYPTO_TYPE_SIGN_ONLY 3
135 /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
136 #define KRB5_CRYPTO_TYPE_PADDING 4
137 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
138 #define KRB5_CRYPTO_TYPE_TRAILER 5
139 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */
140 #define KRB5_CRYPTO_TYPE_CHECKSUM 6
146 #define KRB5_LIB_FUNCTION
147 #define KRB5_LIB_CALL
150 #define KRB5_BAD_MSIZE -1765328194
151 #define KRB5_BAD_KEYSIZE -1765328195
152 #define KRB5_PROG_SUMTYPE_NOSUPP -1765328231
153 #define KRB5_PROG_KEYTYPE_NOSUPP -1765328233
154 #define KRB5_PROG_ETYPE_NOSUPP -1765328234
155 #define HEIM_ERR_SALTTYPE_NOSUPP -1980176638
156 #define KRB5KRB_AP_ERR_BAD_INTEGRITY -1765328353
158 #define KRB5_CRYPTO_INTERNAL 1
160 /* Currently, we just disable localised error strings. We'll get the error
161 * numbers out, but no meaningful text */
164 /* rename internal symbols, to reduce conflicts with external kerberos
166 #define krb5_abortx _oafs_h_krb5_abortx
167 #define krb5_set_error_message _oafs_h_krb5_set_error_message
168 #define copy_EncryptionKey _oafs_h_copy_EncryptionKey
169 #define der_copy_octet_string _oafs_h_der_copy_octet_string
170 #define _krb5_HMAC_MD5_checksum _oafs_h__krb5_HMAC_MD5_checksum
171 #define _krb5_usage2arcfour _oafs_h__krb5_usage2arcfour
172 #define _krb5_SP_HMAC_SHA1_checksum _oafs_h__krb5_SP_HMAC_SHA1_checksum
173 #define _krb5_derive_key _oafs_h__krb5_derive_key
174 #define _krb5_find_checksum _oafs_h__krb5_find_checksum
175 #define _krb5_find_enctype _oafs_h__krb5_find_enctype
176 #define _krb5_free_key_data _oafs_h__krb5_free_key_data
177 #define _krb5_internal_hmac _oafs_h__krb5_internal_hmac
178 #define krb5_allow_weak_crypto _oafs_h_krb5_allow_weak_crypto
179 #define krb5_checksum_disable _oafs_h_krb5_checksum_disable
180 #define krb5_checksum_is_collision_proof _oafs_h_krb5_checksum_is_collision_proof
181 #define krb5_checksum_is_keyed _oafs_h_krb5_checksum_is_keyed
182 #define _krb5_checksum_hmac_md5 _oafs_h__krb5_checksum_hmac_md5
183 #define _krb5_checksum_hmac_sha1_des3 _oafs_h__krb5_checksum_hmac_sha1_des3
184 #define _krb5_checksum_rsa_md5 _oafs_h__krb5_checksum_rsa_md5
185 #define _krb5_checksum_sha1 _oafs_h__krb5_checksum_sha1
186 #define _krb5_checksum_sha1_des3 _oafs_h__krb5_checksum_sha1_des3
187 #define krb5_cksumtype_to_enctype _oafs_h_krb5_cksumtype_to_enctype
188 #define krb5_cksumtype_valid _oafs_h_krb5_cksumtype_valid
189 #define krb5_create_checksum_iov _oafs_h_krb5_create_checksum_iov
190 #define krb5_crypto_getblocksize _oafs_h_krb5_crypto_getblocksize
191 #define krb5_crypto_getconfoundersize _oafs_h_krb5_crypto_getconfoundersize
192 #define krb5_crypto_getenctype _oafs_h_krb5_crypto_getenctype
193 #define krb5_crypto_getpadsize _oafs_h_krb5_crypto_getpadsize
194 #define krb5_crypto_length _oafs_h_krb5_crypto_length
195 #define krb5_crypto_length_iov _oafs_h_krb5_crypto_length_iov
196 #define krb5_decrypt_EncryptedData _oafs_h_krb5_decrypt_EncryptedData
197 #define krb5_decrypt_iov_ivec _oafs_h_krb5_decrypt_iov_ivec
198 #define krb5_decrypt_ivec _oafs_h_krb5_decrypt_ivec
199 #define krb5_derive_key _oafs_h_krb5_derive_key
200 #define krb5_encrypt_EncryptedData _oafs_h_krb5_encrypt_EncryptedData
201 #define krb5_encrypt_iov_ivec _oafs_h_krb5_encrypt_iov_ivec
202 #define krb5_encrypt_ivec _oafs_h_krb5_encrypt_ivec
203 #define _krb5_enctype_des3_cbc_none _oafs_h__krb5_enctype_des3_cbc_none
204 #define _krb5_enctype_des3_cbc_sha1 _oafs_h__krb5_enctype_des3_cbc_sha1
205 #define _krb5_enctype_arcfour_hmac_md5 _oafs_h__krb5_enctype_arcfour_hmac_md5
206 #define krb5_enctype_disable _oafs_h_krb5_enctype_disable
207 #define krb5_enctype_enable _oafs_h_krb5_enctype_enable
208 #define krb5_enctype_to_keytype _oafs_h_krb5_enctype_to_keytype
209 #define krb5_enctype_to_string _oafs_h_krb5_enctype_to_string
210 #define krb5_generate_random_keyblock _oafs_h_krb5_generate_random_keyblock
211 #define krb5_get_wrapped_length _oafs_h_krb5_get_wrapped_length
212 #define krb5_hmac _oafs_h_krb5_hmac
213 #define krb5_is_enctype_weak _oafs_h_krb5_is_enctype_weak
214 #define krb5_string_to_enctype _oafs_h_krb5_string_to_enctype
215 #define krb5_verify_checksum_iov _oafs_h_krb5_verify_checksum_iov
216 #define _krb5_DES3_random_to_key _oafs_h__krb5_DES3_random_to_key
217 #define _krb5_xor _oafs_h__krb5_xor
218 #define _krb5_evp_cleanup _oafs_h__krb5_evp_cleanup
219 #define _krb5_evp_encrypt _oafs_h__krb5_evp_encrypt
220 #define _krb5_evp_encrypt_cts _oafs_h__krb5_evp_encrypt_cts
221 #define _krb5_evp_schedule _oafs_h__krb5_evp_schedule
222 #define krb5_copy_data _oafs_h_krb5_copy_data
223 #define krb5_data_cmp _oafs_h_krb5_data_cmp
224 #define krb5_data_copy _oafs_h_krb5_data_copy
225 #define krb5_data_ct_cmp _oafs_h_krb5_data_ct_cmp
226 #define krb5_data_realloc _oafs_h_krb5_data_realloc
227 #define krb5_data_zero _oafs_h_krb5_data_zero
228 #define krb5_free_data _oafs_h_krb5_free_data
229 #define _krb5_n_fold _oafs_h__krb5_n_fold
230 #define _krb5_get_int _oafs_h__krb5_get_int
231 #define _krb5_put_int _oafs_h__krb5_put_int
234 /* These have to be real functions, because IRIX doesn't seem to support
236 void krb5_set_error_message(krb5_context
, krb5_error_code
, const char *, ...);
237 krb5_error_code
krb5_abortx(krb5_context
, const char *, ...);
239 #define krb5_clear_error_message(ctx)
241 static_inline krb5_error_code
242 krb5_enomem(krb5_context context
)
248 /* Local prototypes. These are functions that we aren't admitting to in the
250 krb5_error_code
_krb5_n_fold(const void *str
, size_t len
, void *, size_t);
251 krb5_error_code
krb5_derive_key(krb5_context context
, const krb5_keyblock
*key
,
252 krb5_enctype etype
, const void *constant
,
254 krb5_keyblock
**derived_key
);
255 krb5_ssize_t
_krb5_put_int(void *buffer
, unsigned long value
, size_t size
);
256 void krb5_data_zero(krb5_data
*p
);
257 krb5_error_code
krb5_data_copy(krb5_data
*p
, const void *data
, size_t len
);
258 void krb5_free_data(krb5_context context
, krb5_data
*p
);
259 krb5_error_code
krb5_copy_keyblock(krb5_context
,
260 const krb5_keyblock
*,
262 void krb5_free_keyblock(krb5_context
, krb5_keyblock
*);
263 int krb5_data_ct_cmp(const krb5_data
*, const krb5_data
*);
264 int der_copy_octet_string(const krb5_data
*, krb5_data
*);
265 int copy_EncryptionKey(const krb5_keyblock
*, krb5_keyblock
*);
266 krb5_error_code
krb5_enctype_to_string(krb5_context context
,
270 /* Roken provides this in userspace, but we're on our own in the kernel. */
271 int ct_memcmp(const void *p1
, const void *p2
, size_t len
);
277 struct _krb5_checksum_type
* _krb5_find_checksum (krb5_cksumtype
);
278 struct _krb5_encryption_type
* _krb5_find_enctype (krb5_enctype
);
279 void _krb5_free_key_data (krb5_context
, struct _krb5_key_data
*,
280 struct _krb5_encryption_type
*);
281 void _krb5_evp_cleanup (krb5_context
, struct _krb5_key_data
*);
283 krb5_error_code
_krb5_evp_encrypt (krb5_context
, struct _krb5_key_data
*,
284 void *, size_t, krb5_boolean
, int,
286 krb5_error_code
_krb5_evp_encrypt_cts (krb5_context
, struct _krb5_key_data
*,
287 void *,size_t, krb5_boolean
,
289 void _krb5_evp_schedule (krb5_context
, struct _krb5_key_type
*,
290 struct _krb5_key_data
*);
291 krb5_error_code
_krb5_SP_HMAC_SHA1_checksum (krb5_context
,
292 struct _krb5_key_data
*,
294 size_t, unsigned, Checksum
*);
296 void _krb5_xor(DES_cblock
*key
, const unsigned char *b
);
298 krb5_error_code
_krb5_internal_hmac(krb5_context context
,
299 struct _krb5_checksum_type
*cm
,
303 struct _krb5_key_data
*keyblock
,
309 * crypto.c contains hard-coded references to these, so even though we don't
310 * implement these enctypes in the kernel, we need to have stubs present in
311 * order to link a kernel module. In userspace, we do implement these enctypes,
312 * and the real functions are provided by the heimdal source files.
314 static_inline krb5_error_code
315 _krb5_usage2arcfour(krb5_context context
, unsigned *usage
) {
320 _krb5_DES3_random_to_key(krb5_context context
, krb5_keyblock
*key
,
321 const void *rand
, size_t size
) {
326 _krb5_DES3_random_to_key (krb5_context context
,
331 krb5_error_code
_krb5_usage2arcfour(krb5_context context
, unsigned *usage
);
334 #define _krb5_AES_salt NULL
335 #define _krb5_arcfour_salt NULL
336 #define _krb5_des3_salt NULL
337 #define _krb5_des3_salt_derived NULL
338 #define _krb5_des_salt NULL