1 /* This is a shim header that's included by crypto.c, and turns it into
2 * something that we can actually build on its own.
16 #include <sys/param.h>
18 #include <sys/types.h>
19 #include <sys/errno.h>
24 #include <hcrypto/evp.h>
25 #include <hcrypto/sha.h>
30 # define HEIMDAL_MUTEX pthread_mutex_t
31 # define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
32 # define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL)
33 # define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m)
34 # define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m)
35 # define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m)
38 #define HEIMDAL_SMALLER 1
39 #define HEIM_CRYPTO_NO_TRIPLE_DES
40 #define HEIM_CRYPTO_NO_ARCFOUR
41 #define HEIM_CRYPTO_NO_PK
43 #define NO_RAND_EGD_METHOD
46 #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
49 #define max(a,b) (((a)>(b))?(a):(b))
60 typedef int krb5_boolean;
61 typedef ssize_t krb5_ssize_t;
63 #define KRB5_KU_AS_REP_ENC_PART 3
64 #define KRB5_KU_USAGE_SEAL 22
65 #define KRB5_KU_USAGE_SIGN 23
66 #define KRB5_KU_USAGE_SEQ 24
73 typedef struct EncryptedData {
76 heim_octet_string cipher;
79 typedef enum krb5_salttype {
84 typedef enum krb5_keytype {
91 KEYTYPE_ARCFOUR_56 = 24
94 #define KRB5_ENCTYPE_NULL KEYTYPE_NULL
95 #define KRB5_ENCTYPE_OLD_DES3_CBC_SHA1 KEYTYPE_DES3
96 #define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 KEYTYPE_AES128
97 #define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 KEYTYPE_AES256
99 typedef struct krb5_salt {
100 krb5_salttype salttype;
104 typedef struct krb5_crypto_iov {
107 #define KRB5_CRYPTO_TYPE_EMPTY 0
108 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */
109 #define KRB5_CRYPTO_TYPE_HEADER 1
111 #define KRB5_CRYPTO_TYPE_DATA 2
113 #define KRB5_CRYPTO_TYPE_SIGN_ONLY 3
114 /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
115 #define KRB5_CRYPTO_TYPE_PADDING 4
116 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
117 #define KRB5_CRYPTO_TYPE_TRAILER 5
118 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */
119 #define KRB5_CRYPTO_TYPE_CHECKSUM 6
125 #define KRB5_LIB_FUNCTION
126 #define KRB5_LIB_CALL
129 #define KRB5_BAD_MSIZE -1765328194
130 #define KRB5_BAD_KEYSIZE -1765328195
131 #define KRB5_PROG_SUMTYPE_NOSUPP -1765328231
132 #define KRB5_PROG_KEYTYPE_NOSUPP -1765328233
133 #define KRB5_PROG_ETYPE_NOSUPP -1765328234
134 #define HEIM_ERR_SALTTYPE_NOSUPP -1980176638
135 #define KRB5KRB_AP_ERR_BAD_INTEGRITY -1765328353
137 #define KRB5_CRYPTO_INTERNAL 1
139 /* Currently, we just disable localised error strings. We'll get the error
140 * numbers out, but no meaningful text */
143 /* These have to be real functions, because IRIX doesn't seem to support
145 void krb5_set_error_message(krb5_context, krb5_error_code, const char *, ...);
146 krb5_error_code krb5_abortx(krb5_context, const char *, ...);
148 #define krb5_clear_error_message(ctx)
150 static_inline krb5_error_code
151 krb5_enomem(krb5_context context)
157 /* Local prototypes. These are functions that we aren't admitting to in the
159 krb5_error_code _krb5_n_fold(const void *str, size_t len, void *, size_t);
160 krb5_error_code krb5_derive_key(krb5_context context, const krb5_keyblock *key,
161 krb5_enctype etype, const void *constant,
163 krb5_keyblock **derived_key);
164 krb5_error_code krb5_enctype_keysize(krb5_context context,
167 krb5_ssize_t _krb5_put_int(void *buffer, unsigned long value, size_t size);
168 void krb5_data_zero(krb5_data *p);
169 krb5_error_code krb5_data_copy(krb5_data *p, const void *data, size_t len);
170 void krb5_free_data(krb5_context context, krb5_data *p);
171 krb5_error_code krb5_copy_keyblock(krb5_context,
172 const krb5_keyblock *,
174 void krb5_free_keyblock(krb5_context, krb5_keyblock *);
175 int krb5_data_ct_cmp(const krb5_data *, const krb5_data *);
176 int der_copy_octet_string(const krb5_data *, krb5_data *);
177 int copy_EncryptionKey(const krb5_keyblock *, krb5_keyblock *);
178 int ct_memcmp(const void *p1, const void *p2, size_t len);
179 krb5_error_code krb5_enctype_to_string(krb5_context context,
186 struct _krb5_checksum_type * _krb5_find_checksum (krb5_cksumtype);
187 struct _krb5_encryption_type * _krb5_find_enctype (krb5_enctype);
188 void _krb5_free_key_data (krb5_context, struct _krb5_key_data *,
189 struct _krb5_encryption_type *);
190 void _krb5_evp_cleanup (krb5_context, struct _krb5_key_data *);
192 krb5_error_code _krb5_evp_encrypt (krb5_context, struct _krb5_key_data *,
193 void *, size_t, krb5_boolean, int,
195 krb5_error_code _krb5_evp_encrypt_cts (krb5_context, struct _krb5_key_data *,
196 void *,size_t, krb5_boolean,
198 void _krb5_evp_schedule (krb5_context, struct _krb5_key_type *,
199 struct _krb5_key_data *);
200 krb5_error_code _krb5_SP_HMAC_SHA1_checksum (krb5_context,
201 struct _krb5_key_data *,
203 size_t, unsigned, Checksum *);
205 /* These are bodges - we don't implement these encryption types, but
206 * crypto.c contains hard coded references to them, and to these funcs.
208 * They will never actually be called ...
210 static_inline krb5_error_code
211 _krb5_usage2arcfour(krb5_context context, unsigned *usage) {
216 _krb5_DES3_random_to_key (krb5_context context,
223 #define _krb5_AES_salt NULL