src/crypto/rfc3961/krb5_locl.h

   1 /* This is a shim header that's included by crypto.c, and turns it into
   2  * something that we can actually build on its own.
   3  */
   4
   5 #ifdef KERNEL
   6
   7 #include "config.h"
   8
   9 #else
  10
  11 #include <roken.h>
  12
  13 #include <fcntl.h>
  14 #include <stdlib.h>
  15 #include <string.h>
  16 #include <sys/param.h>
  17 #include <inttypes.h>
  18 #include <sys/types.h>
  19 #include <sys/errno.h>
  20 #include <pthread.h>
  21
  22 #endif
  23
  24 #include <hcrypto/evp.h>
  25 #include <hcrypto/sha.h>
  26
  27 #include "rfc3961.h"
  28
  29 #ifndef KERNEL
  30 # define HEIMDAL_MUTEX pthread_mutex_t
  31 # define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
  32 # define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL)
  33 # define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m)
  34 # define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m)
  35 # define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m)
  36 #endif
  37
  38 #define HEIMDAL_SMALLER 1
  39 #define HEIM_CRYPTO_NO_TRIPLE_DES
  40 #define HEIM_CRYPTO_NO_ARCFOUR
  41 #define HEIM_CRYPTO_NO_PK
  42
  43 #define NO_RAND_EGD_METHOD
  44 #define NO_RANDFILE
  45
  46 #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
  47
  48 #ifndef max
  49 #define max(a,b) (((a)>(b))?(a):(b))
  50 #endif
  51
  52 #ifndef O_BINARY
  53 #define O_BINARY 0
  54 #endif
  55
  56 #ifndef O_CLOEXEC
  57 #define O_CLOEXEC 0
  58 #endif
  59
  60 typedef int krb5_boolean;
  61 typedef ssize_t krb5_ssize_t;
  62
  63 #define KRB5_KU_AS_REP_ENC_PART 3
  64 #define KRB5_KU_USAGE_SEAL 22
  65 #define KRB5_KU_USAGE_SIGN 23
  66 #define KRB5_KU_USAGE_SEQ 24
  67
  68 #define TRUE 1
  69 #define FALSE 0
  70
  71 /* From the ASN.1 */
  72
  73 typedef struct EncryptedData {
  74   int etype;
  75   int *kvno;
  76   heim_octet_string cipher;
  77 } EncryptedData;
  78
  79 typedef enum krb5_salttype {
  80     KRB5_PW_SALT = 3,
  81     KRB5_AFS3_SALT = 10
  82 } krb5_salttype;
  83
  84 typedef enum krb5_keytype {
  85     KEYTYPE_NULL        = 0,
  86     KEYTYPE_DES         = 1,
  87     KEYTYPE_DES3        = 7,
  88     KEYTYPE_AES128      = 17,
  89     KEYTYPE_AES256      = 18,
  90     KEYTYPE_ARCFOUR     = 23,
  91     KEYTYPE_ARCFOUR_56  = 24
  92 } krb5_keytype;
  93
  94 #define KRB5_ENCTYPE_NULL KEYTYPE_NULL
  95 #define KRB5_ENCTYPE_OLD_DES3_CBC_SHA1 KEYTYPE_DES3
  96 #define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 KEYTYPE_AES128
  97 #define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 KEYTYPE_AES256
  98
  99 typedef struct krb5_salt {
 100     krb5_salttype salttype;
 101     krb5_data saltvalue;
 102 } krb5_salt;
 103
 104 typedef struct krb5_crypto_iov {
 105     unsigned int flags;
 106     /* ignored */
 107 #define KRB5_CRYPTO_TYPE_EMPTY          0
 108     /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */
 109 #define KRB5_CRYPTO_TYPE_HEADER         1
 110     /* IN and OUT */
 111 #define KRB5_CRYPTO_TYPE_DATA           2
 112     /* IN */
 113 #define KRB5_CRYPTO_TYPE_SIGN_ONLY      3
 114    /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
 115 #define KRB5_CRYPTO_TYPE_PADDING        4
 116    /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
 117 #define KRB5_CRYPTO_TYPE_TRAILER        5
 118    /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */
 119 #define KRB5_CRYPTO_TYPE_CHECKSUM       6
 120     krb5_data data;
 121 } krb5_crypto_iov;
 122
 123 #define ETYPE_NULL 0
 124
 125 #define KRB5_LIB_FUNCTION
 126 #define KRB5_LIB_CALL
 127
 128 /* Error codes */
 129 #define KRB5_BAD_MSIZE -1765328194
 130 #define KRB5_BAD_KEYSIZE -1765328195
 131 #define KRB5_PROG_SUMTYPE_NOSUPP -1765328231
 132 #define KRB5_PROG_KEYTYPE_NOSUPP -1765328233
 133 #define KRB5_PROG_ETYPE_NOSUPP -1765328234
 134 #define HEIM_ERR_SALTTYPE_NOSUPP -1980176638
 135 #define KRB5KRB_AP_ERR_BAD_INTEGRITY -1765328353
 136
 137 #define KRB5_CRYPTO_INTERNAL 1
 138
 139 /* Currently, we just disable localised error strings. We'll get the error
 140  * numbers out, but no meaningful text */
 141 #define N_(X, Y) X
 142
 143 /* These have to be real functions, because IRIX doesn't seem to support
 144  * variadic macros */
 145 void krb5_set_error_message(krb5_context, krb5_error_code, const char *, ...);
 146 krb5_error_code krb5_abortx(krb5_context, const char *, ...);
 147
 148 #define krb5_clear_error_message(ctx)
 149
 150 static_inline krb5_error_code
 151 krb5_enomem(krb5_context context)
 152 {
 153     return ENOMEM;
 154 }
 155
 156
 157 /* Local prototypes. These are functions that we aren't admitting to in the
 158  * public API */
 159 krb5_error_code _krb5_n_fold(const void *str, size_t len, void *, size_t);
 160 krb5_error_code krb5_derive_key(krb5_context context, const krb5_keyblock *key,
 161                                 krb5_enctype etype, const void *constant,
 162                                 size_t constant_len,
 163                                 krb5_keyblock **derived_key);
 164 krb5_error_code krb5_enctype_keysize(krb5_context context,
 165                                      krb5_enctype type,
 166                                      size_t *keysize);
 167 krb5_ssize_t _krb5_put_int(void *buffer, unsigned long value, size_t size);
 168 void krb5_data_zero(krb5_data *p);
 169 krb5_error_code krb5_data_copy(krb5_data *p, const void *data, size_t len);
 170 void krb5_free_data(krb5_context context, krb5_data *p);
 171 krb5_error_code krb5_copy_keyblock(krb5_context,
 172                                    const krb5_keyblock *,
 173                                    krb5_keyblock **);
 174 void krb5_free_keyblock(krb5_context, krb5_keyblock *);
 175 int krb5_data_ct_cmp(const krb5_data *, const krb5_data *);
 176 int der_copy_octet_string(const krb5_data *, krb5_data *);
 177 int copy_EncryptionKey(const krb5_keyblock *, krb5_keyblock *);
 178 int ct_memcmp(const void *p1, const void *p2, size_t len);
 179 krb5_error_code krb5_enctype_to_string(krb5_context context,
 180                                        krb5_enctype etype,
 181                                        char **string);
 182
 183
 184 #include "crypto.h"
 185
 186 struct _krb5_checksum_type * _krb5_find_checksum (krb5_cksumtype);
 187 struct _krb5_encryption_type * _krb5_find_enctype (krb5_enctype);
 188 void _krb5_free_key_data (krb5_context, struct _krb5_key_data *,
 189                           struct _krb5_encryption_type *);
 190 void _krb5_evp_cleanup (krb5_context, struct _krb5_key_data *);
 191
 192 krb5_error_code _krb5_evp_encrypt (krb5_context, struct _krb5_key_data *,
 193                                    void *, size_t, krb5_boolean, int,
 194                                    void *);
 195 krb5_error_code _krb5_evp_encrypt_cts (krb5_context, struct _krb5_key_data *,
 196                                        void *,size_t, krb5_boolean,
 197                                        int, void *);
 198 void _krb5_evp_schedule (krb5_context, struct _krb5_key_type *,
 199                          struct _krb5_key_data *);
 200 krb5_error_code _krb5_SP_HMAC_SHA1_checksum (krb5_context,
 201                                              struct _krb5_key_data *,
 202                                              const void *,
 203                                              size_t, unsigned, Checksum *);
 204
 205 /* These are bodges - we don't implement these encryption types, but
 206  * crypto.c contains hard coded references to them, and to these funcs.
 207  *
 208  * They will never actually be called ...
 209  */
 210 static_inline krb5_error_code
 211 _krb5_usage2arcfour(krb5_context context, unsigned *usage) {
 212    return -1;
 213 }
 214
 215 static_inline void
 216 _krb5_DES3_random_to_key (krb5_context context,
 217                           krb5_keyblock *key,
 218                           const void *rand,
 219                           size_t size) {
 220    return;
 221 }
 222
 223 #define _krb5_AES_salt NULL