Build 3961 library in userspace, and add enctypes
authorChaskiel Grundman <cg2v@andrew.cmu.edu>
Sat, 6 Apr 2013 00:12:12 +0000 (20:12 -0400)
committerJeffrey Altman <jaltman@your-file-system.com>
Tue, 9 Jul 2013 04:27:10 +0000 (21:27 -0700)
Build the 3961 library in userspace, with support for the common
kerberos enctypes des3-hmac-sha1, arcfour-hmac-md5, and aesXXX-cts-hmac-sha1-96.
Export new symbols as well, and suppress deprecated warnings.

Rename all symbols, both exported and not, with an oafs_h_ prefix
so as to reduce the chance of conflicts.

Rename heim_octet_string to avoid confusion about where things are coming
from.

Change-Id: If5155661deb5adf73329eb8b90021512c01a290f
Reviewed-on: http://gerrit.openafs.org/10050
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

NTMakefile
src/config/NTMakefile
src/crypto/rfc3961/Makefile.in
src/crypto/rfc3961/NTMakefile [new file with mode: 0644]
src/crypto/rfc3961/afsrfc3961.def [new file with mode: 0644]
src/crypto/rfc3961/afsrfc3961.rc [new file with mode: 0644]
src/crypto/rfc3961/kernel/random.c
src/crypto/rfc3961/krb5_locl.h
src/crypto/rfc3961/liboafs_rfc3961.la.sym [new file with mode: 0644]
src/crypto/rfc3961/rfc3961.h

index a2d934c..8865f72 100644 (file)
@@ -180,7 +180,7 @@ rxgen: lwp
        $(NTMAKE)
        $(CD) ..\..
 
-opr: hcrypto
+opr: rfc3961
      @echo ***** $@
        $(DOCD) $(SRC)\opr
        $(CD) $(SRC)\opr
@@ -194,6 +194,13 @@ hcrypto: roken
        $(NTMAKE)
        $(CD) ..\..\..
 
+rfc3961: hcrypto
+     @echo ***** $@
+       $(DOCD) $(SRC)\crypto\$@
+       $(CD) $(SRC)\crypto\$@
+       $(NTMAKE)
+       $(CD) ..\..\..
+
 roken: pthread
      @echo ***** $@
         $(DOCD) $(SRC)\roken
index cefdaee..17c8086 100644 (file)
@@ -94,6 +94,9 @@ idirs: doclink
 !      IF (!EXIST($(OJT)\crypto\hcrypto))
                $(MKDIR) $(OJT)\crypto\hcrypto
 !      ENDIF
+!      IF (!EXIST($(OJT)\crypto\rfc3961))
+               $(MKDIR) $(OJT)\crypto\rfc3961
+!      ENDIF
 !      IF (!EXIST($(OJT)\dir))
                $(MKDIR) $(OJT)\dir
 !      ENDIF
index 68b5b99..0e1b49c 100644 (file)
@@ -7,14 +7,84 @@
 
 srcdir=@srcdir@
 include @TOP_OBJDIR@/src/config/Makefile.config
+include @TOP_OBJDIR@/src/config/Makefile.lwp
+include @TOP_OBJDIR@/src/config/Makefile.lwptool
+top_builddir=@TOP_OBJDIR@
 
-all:  ${TOP_INCDIR}/afs/rfc3961.h
+
+UPSTREAM= ${TOP_SRCDIR}/external/heimdal
+
+MODULE_INCLUDE=-I${srcdir} -I${TOP_INCDIR}/hcrypto -I$(UPSTREAM)/krb5 -I$(UPSTREAM)/hcrypto
+
+HEADERS=rfc3961.h krb5_locl.h $(UPSTREAM)/krb5/crypto.h
+
+all:  ${TOP_INCDIR}/afs/rfc3961.h liboafs_rfc3961.la libafsrpc_rfc3961.la \
+        ${TOP_LIBDIR}/libafsrfc3961.a
 
 ${TOP_INCDIR}/afs/rfc3961.h: rfc3961.h
        ${INSTALL_DATA} $? $@
 
-install:
+install: libafsrfc3961.a
+       ${INSTALL_DATA} libafsrfc3961.a ${DESTDIR}${libdir}/libafsrfc3961.a
 
-dest:
+dest: libafsrfc3961.a
+       ${INSTALL_DATA} libafsrfc3961.a ${DEST}/lib/libafsrfc3961.a
 
 clean:
+       $(LT_CLEAN)
+       $(RM) -f *.o *.a
+
+LT_objs=context.lo copy.lo crypto-aes.lo crypto-algs.lo crypto-arcfour.lo \
+       crypto.lo crypto-des3.lo crypto-des.lo crypto-des-common.lo \
+       crypto-evp.lo crypto-null.lo crypto-rand.lo data.lo keyblock.lo \
+       n-fold.lo store-int.lo
+
+LT_deps=
+
+LT_libs=$(LDFLAGS_hcrypto) $(LIB_hcrypto) $(LDFLAGS_roken) $(LIB_roken)
+
+${TOP_LIBDIR}/libafsrfc3961.a: libafsrfc3961.a
+       ${INSTALL_DATA} $? $@
+
+CFLAGS_crypto-arcfour.lo=@CFLAGS_NOERROR@
+CFLAGS_crypto-des-common.lo=@CFLAGS_NOERROR@
+
+context.lo: context.c ${HEADERS}
+copy.lo: copy.c ${HEADERS}
+crypto-aes.lo: ${UPSTREAM}/krb5/crypto-aes.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-aes.c
+crypto-algs.lo: ${UPSTREAM}/krb5/crypto-algs.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-algs.c
+crypto-arcfour.lo: ${UPSTREAM}/krb5/crypto-arcfour.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-arcfour.c
+crypto.lo: ${UPSTREAM}/krb5/crypto.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto.c
+crypto-des3.lo: ${UPSTREAM}/krb5/crypto-des3.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-des3.c
+crypto-des.lo: ${UPSTREAM}/krb5/crypto-des.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-des.c
+crypto-des-common.lo: ${UPSTREAM}/krb5/crypto-des-common.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-des-common.c
+crypto-evp.lo: ${UPSTREAM}/krb5/crypto-evp.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-evp.c
+crypto-null.lo: ${UPSTREAM}/krb5/crypto-null.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-null.c
+crypto-rand.lo: ${UPSTREAM}/krb5/crypto-rand.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-rand.c
+data.lo: ${UPSTREAM}/krb5/data.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/data.c
+keyblock.lo: ${UPSTREAM}/krb5/keyblock.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/keyblock.c
+n-fold.lo: ${UPSTREAM}/krb5/n-fold.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/n-fold.c
+store-int.lo: ${UPSTREAM}/krb5/store-int.c ${HEADERS}
+       $(LTLWP_CCRULE) ${UPSTREAM}/krb5/store-int.c
+
+liboafs_rfc3961.la: liboafs_rfc3961.la.sym $(LT_objs) $(LT_deps)
+       $(LT_LDLIB_shlib) $(LT_objs) $(LT_deps) $(LT_libs) $(MT_LIBS)
+
+libafsrpc_rfc3961.la: $(LT_objs)
+       $(LT_LDLIB_pic) $(LT_objs) $(MT_LIBS)
+
+libafsrfc3961.a: $(LT_objs)
+       $(LT_LDLIB_lwp) $(LT_objs)
diff --git a/src/crypto/rfc3961/NTMakefile b/src/crypto/rfc3961/NTMakefile
new file mode 100644 (file)
index 0000000..f54c82d
--- /dev/null
@@ -0,0 +1,68 @@
+RELDIR=crypto\rfc3961
+!include ..\..\config\NTMakefile.$(SYS_NAME)
+!include ..\..\config\NTMakefile.version
+
+UPSTREAM = $(SRC)\external\heimdal
+HKRB5 = $(UPSTREAM)\krb5
+AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -I$(UPSTREAM)\hcrypto -I$(UPSTREAM)\krb5
+
+INCFILEDIR = $(DESTDIR)\include\afs
+
+INCFILES = \
+       $(INCFILEDIR)\rfc3961.h
+
+LIBFILE = $(DESTDIR)\lib\afsrfc3961.dll
+
+# Object files by category.
+LOCAL_OBJS = \
+       $(OUT)\context.obj \
+       $(OUT)\copy.obj
+
+HKRB5_OBJS = \
+        $(OUT)\crypto-aes.obj \
+        $(OUT)\crypto-algs.obj \
+        $(OUT)\crypto-arcfour.obj \
+        $(OUT)\crypto.obj \
+        $(OUT)\crypto-des3.obj \
+        $(OUT)\crypto-des.obj \
+        $(OUT)\crypto-des-common.obj \
+        $(OUT)\crypto-evp.obj \
+        $(OUT)\crypto-null.obj \
+       $(OUT)\crypto-rand.obj \
+        $(OUT)\data.obj \
+        $(OUT)\keyblock.obj \
+        $(OUT)\n-fold.obj \
+        $(OUT)\store-int.obj
+
+$(HKRB5_OBJS):$(HKRB5)\$$(@B).c
+       $(C2OBJ) $** -I$(HKRB5)
+
+$(INCFILES):$$(@B).h
+       $(COPY) $** $(INCFILEDIR)
+
+RESFILE = $(OUT)\afsrfc3961.res
+
+$(RESFILE): afsrfc3961.rc AFS_component_version_number.h
+
+!if !defined(NMAKE)
+NTMAKE = nmake /nologo /f ntmakefile
+!endif
+
+DLLLIBS = \
+       $(DESTDIR)\lib\afsroken.lib $(DESTDIR)\lib\afshcrypto.lib
+
+$(LIBFILE): $(LOCAL_OBJS) $(HKRB5_OBJS) $(RESFILE) $(DLLLIBS)
+       $(DLLCONLINK) /DEF:afsrfc3961.def shell32.lib
+        $(_VC_MANIFEST_EMBED_DLL)
+       $(DLLPREP)
+        $(CODESIGN_USERLAND)
+        $(SYMSTORE_IMPORT)
+       $(MAKECYGLIB) --input-def afsrfc3961.def
+
+install_headers: $(INCFILES)
+
+install: install_headers $(LIBFILE)
+
+clean::
+        $(DEL) $(INCFILES)
+       $(DEL) $(LIBFILE) $(DESTDIR)\lib\afsrfc3961.lib $(DESTDIR)\lib\afsrfc3961.exp
diff --git a/src/crypto/rfc3961/afsrfc3961.def b/src/crypto/rfc3961/afsrfc3961.def
new file mode 100644 (file)
index 0000000..9fad6c9
--- /dev/null
@@ -0,0 +1,16 @@
+EXPORTS
+       oafs_h_krb5_init_context                    @1
+       oafs_h_krb5_free_context                    @2
+       oafs_h_krb5_enctype_valid                   @3
+       oafs_h_krb5_crypto_init                     @4
+       oafs_h_krb5_crypto_destroy                  @5
+       oafs_h_krb5_encrypt                         @6
+       oafs_h_krb5_decrypt                         @7
+       oafs_h_krb5_enctype_keybits                 @8
+       oafs_h_krb5_data_free                       @9
+       oafs_h_krb5_data_alloc                      @10
+       oafs_h_krb5_keyblock_init                   @11
+       oafs_h_krb5_copy_keyblock                   @12
+       oafs_h_krb5_copy_keyblock_contents          @13
+       oafs_h_krb5_free_keyblock                   @14
+       oafs_h_krb5_free_keyblock_contents          @15
diff --git a/src/crypto/rfc3961/afsrfc3961.rc b/src/crypto/rfc3961/afsrfc3961.rc
new file mode 100644 (file)
index 0000000..0c61281
--- /dev/null
@@ -0,0 +1,9 @@
+/* Define VERSIONINFO resource */
+
+#define  AFS_VERINFO_FILE_DESCRIPTION "AFS RFC 3961 Crypto DLL"
+#define AFS_VERINFO_DLL
+#define  AFS_VERINFO_NAME "afsrfc3961"
+#define  AFS_VERINFO_FILENAME "afsrfc3961.dll"
+
+#include "AFS_component_version_number.h"
+#include "..\..\config\NTVersioninfo.rc"
index df1efa8..ad44036 100644 (file)
@@ -30,8 +30,8 @@
 
 #include "rfc3961.h"
 
-krb5_error_code
+void
 krb5_generate_random_block(void *buf, size_t len)
 {
-    return osi_readRandom(buf, len);
+    osi_readRandom(buf, len);
 }
index ee4f7d8..05eff8e 100644 (file)
@@ -7,32 +7,52 @@
 #include "config.h"
 
 #else
-
+#include <afsconfig.h>
+#include <afs/stds.h>
 #include <roken.h>
 
 #include <fcntl.h>
 #include <stdlib.h>
 #include <string.h>
+#ifndef AFS_NT40_ENV
 #include <sys/param.h>
 #include <inttypes.h>
-#include <sys/types.h>
 #include <sys/errno.h>
-#include <pthread.h>
+#endif
+#include <sys/types.h>
 
 #endif
 
 #include <hcrypto/evp.h>
+#include <hcrypto/des.h>
+#include <hcrypto/rc4.h>
 #include <hcrypto/sha.h>
+#include <hcrypto/md5.h>
 
 #include "rfc3961.h"
 
 #ifndef KERNEL
+#ifdef AFS_PTHREAD_ENV
+#include <pthread.h>
 # define HEIMDAL_MUTEX pthread_mutex_t
 # define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
 # define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL)
 # define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m)
 # define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m)
 # define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m)
+#else
+/* The one location in this library which uses mutexes is the PRNG
+ * code. As this code takes no locks, never yields, and does no
+ * I/O through the LWP IO Manager, it cannot be pre-empted, so
+ * it is safe to simply remove the locks in this case
+ */
+#define HEIMDAL_MUTEX int
+#define HEIMDAL_MUTEX_INITIALIZER 0
+#define HEIMDAL_MUTEX_init(m) do { (void)(m); } while(0)
+#define HEIMDAL_MUTEX_lock(m) do { (void)(m); } while(0)
+#define HEIMDAL_MUTEX_unlock(m) do { (void)(m); } while(0)
+#define HEIMDAL_MUTEX_destroy(m) do { (void)(m); } while(0)
+#endif
 #endif
 
 #define HEIMDAL_SMALLER 1
@@ -73,7 +93,7 @@ typedef ssize_t krb5_ssize_t;
 typedef struct EncryptedData {
   int etype;
   int *kvno;
-  heim_octet_string cipher;
+  afs_heim_octet_string cipher;
 } EncryptedData;
 
 typedef enum krb5_salttype {
@@ -95,6 +115,7 @@ typedef enum krb5_keytype {
 #define KRB5_ENCTYPE_OLD_DES3_CBC_SHA1 KEYTYPE_DES3
 #define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 KEYTYPE_AES128
 #define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 KEYTYPE_AES256
+#define KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 KEYTYPE_ARCFOUR
 
 typedef struct krb5_salt {
     krb5_salttype salttype;
@@ -140,6 +161,70 @@ typedef struct krb5_crypto_iov {
  * numbers out, but no meaningful text */
 #define N_(X, Y) X
 
+/* rename internal symbols, to reduce conflicts with external kerberos
+   libraries */
+#define krb5_abortx _oafs_h_krb5_abortx
+#define krb5_set_error_message _oafs_h_krb5_set_error_message
+#define copy_EncryptionKey _oafs_h_copy_EncryptionKey
+#define der_copy_octet_string _oafs_h_der_copy_octet_string
+#define _krb5_HMAC_MD5_checksum _oafs_h__krb5_HMAC_MD5_checksum
+#define _krb5_usage2arcfour _oafs_h__krb5_usage2arcfour
+#define _krb5_SP_HMAC_SHA1_checksum _oafs_h__krb5_SP_HMAC_SHA1_checksum
+#define _krb5_derive_key _oafs_h__krb5_derive_key
+#define _krb5_find_checksum _oafs_h__krb5_find_checksum
+#define _krb5_find_enctype _oafs_h__krb5_find_enctype
+#define _krb5_free_key_data _oafs_h__krb5_free_key_data
+#define _krb5_internal_hmac _oafs_h__krb5_internal_hmac
+#define krb5_allow_weak_crypto _oafs_h_krb5_allow_weak_crypto
+#define krb5_checksum_disable _oafs_h_krb5_checksum_disable
+#define krb5_checksum_is_collision_proof _oafs_h_krb5_checksum_is_collision_proof
+#define krb5_checksum_is_keyed _oafs_h_krb5_checksum_is_keyed
+#define krb5_cksumtype_to_enctype _oafs_h_krb5_cksumtype_to_enctype
+#define krb5_cksumtype_valid _oafs_h_krb5_cksumtype_valid
+#define krb5_create_checksum_iov _oafs_h_krb5_create_checksum_iov
+#define krb5_crypto_getblocksize _oafs_h_krb5_crypto_getblocksize
+#define krb5_crypto_getconfoundersize _oafs_h_krb5_crypto_getconfoundersize
+#define krb5_crypto_getenctype _oafs_h_krb5_crypto_getenctype
+#define krb5_crypto_getpadsize _oafs_h_krb5_crypto_getpadsize
+#define krb5_crypto_length _oafs_h_krb5_crypto_length
+#define krb5_crypto_length_iov _oafs_h_krb5_crypto_length_iov
+#define krb5_crypto_prf_length _oafs_h_krb5_crypto_prf_length
+#define krb5_decrypt_EncryptedData _oafs_h_krb5_decrypt_EncryptedData
+#define krb5_decrypt_iov_ivec _oafs_h_krb5_decrypt_iov_ivec
+#define krb5_decrypt_ivec _oafs_h_krb5_decrypt_ivec
+#define krb5_derive_key _oafs_h_krb5_derive_key
+#define krb5_encrypt_EncryptedData _oafs_h_krb5_encrypt_EncryptedData
+#define krb5_encrypt_iov_ivec _oafs_h_krb5_encrypt_iov_ivec
+#define krb5_encrypt_ivec _oafs_h_krb5_encrypt_ivec
+#define krb5_enctype_disable _oafs_h_krb5_enctype_disable
+#define krb5_enctype_enable _oafs_h_krb5_enctype_enable
+#define krb5_enctype_keysize _oafs_h_krb5_enctype_keysize
+#define krb5_enctype_to_keytype _oafs_h_krb5_enctype_to_keytype
+#define krb5_enctype_to_string _oafs_h_krb5_enctype_to_string
+#define krb5_generate_random_keyblock _oafs_h_krb5_generate_random_keyblock
+#define krb5_get_wrapped_length _oafs_h_krb5_get_wrapped_length
+#define krb5_hmac _oafs_h_krb5_hmac
+#define krb5_is_enctype_weak _oafs_h_krb5_is_enctype_weak
+#define krb5_string_to_enctype _oafs_h_krb5_string_to_enctype
+#define krb5_verify_checksum_iov _oafs_h_krb5_verify_checksum_iov
+#define _krb5_DES3_random_to_key _oafs_h__krb5_DES3_random_to_key
+#define _krb5_xor _oafs_h__krb5_xor
+#define _krb5_evp_cleanup _oafs_h__krb5_evp_cleanup
+#define _krb5_evp_encrypt _oafs_h__krb5_evp_encrypt
+#define _krb5_evp_encrypt_cts _oafs_h__krb5_evp_encrypt_cts
+#define _krb5_evp_schedule _oafs_h__krb5_evp_schedule
+#define krb5_copy_data _oafs_h_krb5_copy_data
+#define krb5_data_cmp _oafs_h_krb5_data_cmp
+#define krb5_data_copy _oafs_h_krb5_data_copy
+#define krb5_data_ct_cmp _oafs_h_krb5_data_ct_cmp
+#define krb5_data_realloc _oafs_h_krb5_data_realloc
+#define krb5_data_zero _oafs_h_krb5_data_zero
+#define krb5_free_data _oafs_h_krb5_free_data
+#define _krb5_n_fold _oafs_h__krb5_n_fold
+#define _krb5_get_int _oafs_h__krb5_get_int
+#define _krb5_put_int _oafs_h__krb5_put_int
+
+
 /* These have to be real functions, because IRIX doesn't seem to support
  * variadic macros */
 void krb5_set_error_message(krb5_context, krb5_error_code, const char *, ...);
@@ -175,10 +260,13 @@ void krb5_free_keyblock(krb5_context, krb5_keyblock *);
 int krb5_data_ct_cmp(const krb5_data *, const krb5_data *);
 int der_copy_octet_string(const krb5_data *, krb5_data *);
 int copy_EncryptionKey(const krb5_keyblock *, krb5_keyblock *);
-int ct_memcmp(const void *p1, const void *p2, size_t len);
 krb5_error_code krb5_enctype_to_string(krb5_context context,
                                       krb5_enctype etype,
                                       char **string);
+#ifdef KERNEL
+/* Roken provides this in userspace, but we're on our own in the kernel. */
+int ct_memcmp(const void *p1, const void *p2, size_t len);
+#endif
 
 
 #include "crypto.h"
@@ -202,22 +290,38 @@ krb5_error_code _krb5_SP_HMAC_SHA1_checksum (krb5_context,
                                             const void *,
                                             size_t, unsigned, Checksum *);
 
-/* These are bodges - we don't implement these encryption types, but
- * crypto.c contains hard coded references to them, and to these funcs.
- *
- * They will never actually be called ...
+void _krb5_xor(DES_cblock *key, const unsigned char *b);
+
+#ifdef KERNEL
+/*
+ * Ew, gross!
+ * crypto.c contains hard-coded references to these, so even though we don't
+ * implement these enctypes in the kernel, we need to have stubs present in
+ * order to link a kernel module.  In userspace, we do implement these enctypes,
+ * and the real functions are provided by the heimdal source files.
  */
 static_inline krb5_error_code
 _krb5_usage2arcfour(krb5_context context, unsigned *usage) {
-   return -1;
+    return -1;
 }
 
 static_inline void
+_krb5_DES3_random_to_key(krb5_context context, krb5_keyblock *key,
+                        const void *rand, size_t size) {
+    return;
+}
+#else  /* KERNEL */
+void
 _krb5_DES3_random_to_key (krb5_context context,
                          krb5_keyblock *key,
                          const void *rand,
-                         size_t size) {
-   return;
-}
+                         size_t size);
+
+krb5_error_code _krb5_usage2arcfour(krb5_context context, unsigned *usage);
+#endif /* KERNEL */
 
 #define _krb5_AES_salt NULL
+#define _krb5_arcfour_salt NULL
+#define _krb5_des3_salt NULL
+#define _krb5_des3_salt_derived NULL
+#define _krb5_des_salt NULL
diff --git a/src/crypto/rfc3961/liboafs_rfc3961.la.sym b/src/crypto/rfc3961/liboafs_rfc3961.la.sym
new file mode 100644 (file)
index 0000000..9b3d345
--- /dev/null
@@ -0,0 +1,22 @@
+oafs_h_free_Checksum
+oafs_h_krb5_init_context
+oafs_h_krb5_free_context
+oafs_h_krb5_enctype_valid
+oafs_h_krb5_checksumsize
+oafs_h_krb5_create_checksum
+oafs_h_krb5_crypto_init
+oafs_h_krb5_crypto_destroy
+oafs_h_krb5_crypto_overhead
+oafs_h_krb5_crypto_prf
+oafs_h_krb5_encrypt
+oafs_h_krb5_decrypt
+oafs_h_krb5_enctype_keybits
+oafs_h_krb5_data_free
+oafs_h_krb5_data_alloc
+oafs_h_krb5_keyblock_get_enctype
+oafs_h_krb5_keyblock_init
+oafs_h_krb5_copy_keyblock
+oafs_h_krb5_copy_keyblock_contents
+oafs_h_krb5_free_keyblock
+oafs_h_krb5_free_keyblock_contents
+oafs_h_krb5_verify_checksum
index 61e9f9e..fd884b2 100644 (file)
@@ -11,13 +11,13 @@ typedef struct _krb5_context * krb5_context;
 typedef struct {
     size_t length;
     void *data;
-} heim_octet_string;
+} afs_heim_octet_string;
 
-typedef heim_octet_string krb5_data;
+typedef afs_heim_octet_string krb5_data;
 
 typedef struct {
   int keytype;
-  heim_octet_string keyvalue;
+  afs_heim_octet_string keyvalue;
 } krb5_keyblock;
 
 typedef struct krb5_crypto_data *krb5_crypto;
@@ -45,7 +45,7 @@ typedef enum CKSUMTYPE {
 
 typedef struct Checksum {
   CKSUMTYPE cksumtype;
-  heim_octet_string checksum;
+  afs_heim_octet_string checksum;
 } Checksum;
 
 typedef int krb5_cksumtype;
@@ -83,6 +83,24 @@ enum {
 
 typedef ENCTYPE krb5_enctype;
 
+#define krb5_init_context oafs_h_krb5_init_context
+#define krb5_free_context oafs_h_krb5_free_context
+#define krb5_enctype_valid oafs_h_krb5_enctype_valid
+#define krb5_crypto_init oafs_h_krb5_crypto_init
+#define krb5_crypto_destroy oafs_h_krb5_crypto_destroy
+#define krb5_encrypt oafs_h_krb5_encrypt
+#define krb5_decrypt oafs_h_krb5_decrypt
+#define krb5_enctype_keybits oafs_h_krb5_enctype_keybits
+#define krb5_data_free oafs_h_krb5_data_free
+#define krb5_data_alloc oafs_h_krb5_data_alloc
+#define krb5_keyblock_init oafs_h_krb5_keyblock_init
+#define krb5_copy_keyblock oafs_h_krb5_copy_keyblock
+#define krb5_copy_keyblock_contents oafs_h_krb5_copy_keyblock_contents
+#define krb5_free_keyblock oafs_h_krb5_free_keyblock
+#define krb5_free_keyblock_contents oafs_h_krb5_free_keyblock_contents
+#define krb5_keyblock_zero oafs_h_krb5_keyblock_zero
+#define krb5_keyblock_get_enctype oafs_h_krb5_keyblock_get_enctype
+
 krb5_error_code krb5_init_context(krb5_context *context);
 
 void krb5_free_context(krb5_context context);
@@ -122,6 +140,12 @@ krb5_error_code krb5_data_alloc(krb5_data *p, int len);
 void krb5_free_keyblock_contents(krb5_context context,
                                 krb5_keyblock *keyblock);
 
+#define krb5_crypto_prf oafs_h_krb5_crypto_prf
+#define krb5_crypto_fx_cf2 oafs_h_krb5_crypto_fx_cf2
+#define krb5_generate_random_block oafs_h_krb5_generate_random_block
+#define krb5_random_to_key oafs_h_krb5_random_ro_key
+#define krb5_crypto_overhead oafs_h_krb5_crypto_overhead
+
 krb5_error_code krb5_crypto_prf(krb5_context context,
                                const krb5_crypto crypto,
                                const krb5_data *input,
@@ -135,7 +159,7 @@ krb5_error_code krb5_crypto_fx_cf2(krb5_context context,
                                   krb5_enctype enctype,
                                   krb5_keyblock *res);
 
-krb5_error_code krb5_generate_random_block(void *buf, size_t len);
+void krb5_generate_random_block(void *buf, size_t len);
 
 krb5_error_code krb5_random_to_key(krb5_context context,
                                   krb5_enctype type,
@@ -146,6 +170,12 @@ krb5_error_code krb5_random_to_key(krb5_context context,
 size_t krb5_crypto_overhead (krb5_context context,
                             krb5_crypto crypto);
 
+#define krb5_crypto_get_checksum_type oafs_h_krb5_crypto_get_checksum_type
+#define krb5_checksumsize oafs_h_krb5_checksumsize
+#define krb5_create_checksum oafs_h_krb5_create_checksum
+#define krb5_verify_checksum oafs_h_krb5_verify_checksum
+#define free_Checksum oafs_h_free_Checksum
+
 krb5_error_code krb5_crypto_get_checksum_type (krb5_context context,
                                               krb5_crypto crypto,
                                               krb5_cksumtype *type);
@@ -168,4 +198,23 @@ krb5_error_code krb5_verify_checksum (krb5_context context,
                                      size_t len,
                                      Checksum *cksum);
 
+
 void free_Checksum(Checksum *data);
+
+void krb5_keyblock_zero(krb5_keyblock *keyblock);
+void krb5_free_keyblock_contents(krb5_context context,
+                           krb5_keyblock *keyblock);
+void krb5_free_keyblock(krb5_context context,
+                  krb5_keyblock *keyblock);
+krb5_error_code krb5_copy_keyblock_contents (krb5_context context,
+                            const krb5_keyblock *inblock,
+                            krb5_keyblock *to);
+krb5_error_code krb5_copy_keyblock (krb5_context context,
+                   const krb5_keyblock *inblock,
+                   krb5_keyblock **to);
+krb5_enctype krb5_keyblock_get_enctype(const krb5_keyblock *block);
+krb5_error_code krb5_keyblock_init(krb5_context context,
+                  krb5_enctype type,
+                  const void *data,
+                  size_t size,
+                  krb5_keyblock *key);