From: Chaskiel Grundman Date: Sat, 6 Apr 2013 00:12:12 +0000 (-0400) Subject: Build 3961 library in userspace, and add enctypes X-Git-Tag: openafs-stable-1_8_0pre1~1097 X-Git-Url: http://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=b185c3f00d8530e4341ac4f990126f8505fce0f5 Build 3961 library in userspace, and add enctypes Build the 3961 library in userspace, with support for the common kerberos enctypes des3-hmac-sha1, arcfour-hmac-md5, and aesXXX-cts-hmac-sha1-96. Export new symbols as well, and suppress deprecated warnings. Rename all symbols, both exported and not, with an oafs_h_ prefix so as to reduce the chance of conflicts. Rename heim_octet_string to avoid confusion about where things are coming from. Change-Id: If5155661deb5adf73329eb8b90021512c01a290f Reviewed-on: http://gerrit.openafs.org/10050 Tested-by: BuildBot Reviewed-by: Jeffrey Altman --- diff --git a/NTMakefile b/NTMakefile index a2d934c..8865f72 100644 --- a/NTMakefile +++ b/NTMakefile @@ -180,7 +180,7 @@ rxgen: lwp $(NTMAKE) $(CD) ..\.. -opr: hcrypto +opr: rfc3961 @echo ***** $@ $(DOCD) $(SRC)\opr $(CD) $(SRC)\opr @@ -194,6 +194,13 @@ hcrypto: roken $(NTMAKE) $(CD) ..\..\.. +rfc3961: hcrypto + @echo ***** $@ + $(DOCD) $(SRC)\crypto\$@ + $(CD) $(SRC)\crypto\$@ + $(NTMAKE) + $(CD) ..\..\.. + roken: pthread @echo ***** $@ $(DOCD) $(SRC)\roken diff --git a/src/config/NTMakefile b/src/config/NTMakefile index cefdaee..17c8086 100644 --- a/src/config/NTMakefile +++ b/src/config/NTMakefile @@ -94,6 +94,9 @@ idirs: doclink ! IF (!EXIST($(OJT)\crypto\hcrypto)) $(MKDIR) $(OJT)\crypto\hcrypto ! ENDIF +! IF (!EXIST($(OJT)\crypto\rfc3961)) + $(MKDIR) $(OJT)\crypto\rfc3961 +! ENDIF ! IF (!EXIST($(OJT)\dir)) $(MKDIR) $(OJT)\dir ! ENDIF diff --git a/src/crypto/rfc3961/Makefile.in b/src/crypto/rfc3961/Makefile.in index 68b5b99..0e1b49c 100644 --- a/src/crypto/rfc3961/Makefile.in +++ b/src/crypto/rfc3961/Makefile.in @@ -7,14 +7,84 @@ srcdir=@srcdir@ include @TOP_OBJDIR@/src/config/Makefile.config +include @TOP_OBJDIR@/src/config/Makefile.lwp +include @TOP_OBJDIR@/src/config/Makefile.lwptool +top_builddir=@TOP_OBJDIR@ -all: ${TOP_INCDIR}/afs/rfc3961.h + +UPSTREAM= ${TOP_SRCDIR}/external/heimdal + +MODULE_INCLUDE=-I${srcdir} -I${TOP_INCDIR}/hcrypto -I$(UPSTREAM)/krb5 -I$(UPSTREAM)/hcrypto + +HEADERS=rfc3961.h krb5_locl.h $(UPSTREAM)/krb5/crypto.h + +all: ${TOP_INCDIR}/afs/rfc3961.h liboafs_rfc3961.la libafsrpc_rfc3961.la \ + ${TOP_LIBDIR}/libafsrfc3961.a ${TOP_INCDIR}/afs/rfc3961.h: rfc3961.h ${INSTALL_DATA} $? $@ -install: +install: libafsrfc3961.a + ${INSTALL_DATA} libafsrfc3961.a ${DESTDIR}${libdir}/libafsrfc3961.a -dest: +dest: libafsrfc3961.a + ${INSTALL_DATA} libafsrfc3961.a ${DEST}/lib/libafsrfc3961.a clean: + $(LT_CLEAN) + $(RM) -f *.o *.a + +LT_objs=context.lo copy.lo crypto-aes.lo crypto-algs.lo crypto-arcfour.lo \ + crypto.lo crypto-des3.lo crypto-des.lo crypto-des-common.lo \ + crypto-evp.lo crypto-null.lo crypto-rand.lo data.lo keyblock.lo \ + n-fold.lo store-int.lo + +LT_deps= + +LT_libs=$(LDFLAGS_hcrypto) $(LIB_hcrypto) $(LDFLAGS_roken) $(LIB_roken) + +${TOP_LIBDIR}/libafsrfc3961.a: libafsrfc3961.a + ${INSTALL_DATA} $? $@ + +CFLAGS_crypto-arcfour.lo=@CFLAGS_NOERROR@ +CFLAGS_crypto-des-common.lo=@CFLAGS_NOERROR@ + +context.lo: context.c ${HEADERS} +copy.lo: copy.c ${HEADERS} +crypto-aes.lo: ${UPSTREAM}/krb5/crypto-aes.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-aes.c +crypto-algs.lo: ${UPSTREAM}/krb5/crypto-algs.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-algs.c +crypto-arcfour.lo: ${UPSTREAM}/krb5/crypto-arcfour.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-arcfour.c +crypto.lo: ${UPSTREAM}/krb5/crypto.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto.c +crypto-des3.lo: ${UPSTREAM}/krb5/crypto-des3.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-des3.c +crypto-des.lo: ${UPSTREAM}/krb5/crypto-des.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-des.c +crypto-des-common.lo: ${UPSTREAM}/krb5/crypto-des-common.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-des-common.c +crypto-evp.lo: ${UPSTREAM}/krb5/crypto-evp.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-evp.c +crypto-null.lo: ${UPSTREAM}/krb5/crypto-null.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-null.c +crypto-rand.lo: ${UPSTREAM}/krb5/crypto-rand.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/crypto-rand.c +data.lo: ${UPSTREAM}/krb5/data.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/data.c +keyblock.lo: ${UPSTREAM}/krb5/keyblock.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/keyblock.c +n-fold.lo: ${UPSTREAM}/krb5/n-fold.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/n-fold.c +store-int.lo: ${UPSTREAM}/krb5/store-int.c ${HEADERS} + $(LTLWP_CCRULE) ${UPSTREAM}/krb5/store-int.c + +liboafs_rfc3961.la: liboafs_rfc3961.la.sym $(LT_objs) $(LT_deps) + $(LT_LDLIB_shlib) $(LT_objs) $(LT_deps) $(LT_libs) $(MT_LIBS) + +libafsrpc_rfc3961.la: $(LT_objs) + $(LT_LDLIB_pic) $(LT_objs) $(MT_LIBS) + +libafsrfc3961.a: $(LT_objs) + $(LT_LDLIB_lwp) $(LT_objs) diff --git a/src/crypto/rfc3961/NTMakefile b/src/crypto/rfc3961/NTMakefile new file mode 100644 index 0000000..f54c82d --- /dev/null +++ b/src/crypto/rfc3961/NTMakefile @@ -0,0 +1,68 @@ +RELDIR=crypto\rfc3961 +!include ..\..\config\NTMakefile.$(SYS_NAME) +!include ..\..\config\NTMakefile.version + +UPSTREAM = $(SRC)\external\heimdal +HKRB5 = $(UPSTREAM)\krb5 +AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -I$(UPSTREAM)\hcrypto -I$(UPSTREAM)\krb5 + +INCFILEDIR = $(DESTDIR)\include\afs + +INCFILES = \ + $(INCFILEDIR)\rfc3961.h + +LIBFILE = $(DESTDIR)\lib\afsrfc3961.dll + +# Object files by category. +LOCAL_OBJS = \ + $(OUT)\context.obj \ + $(OUT)\copy.obj + +HKRB5_OBJS = \ + $(OUT)\crypto-aes.obj \ + $(OUT)\crypto-algs.obj \ + $(OUT)\crypto-arcfour.obj \ + $(OUT)\crypto.obj \ + $(OUT)\crypto-des3.obj \ + $(OUT)\crypto-des.obj \ + $(OUT)\crypto-des-common.obj \ + $(OUT)\crypto-evp.obj \ + $(OUT)\crypto-null.obj \ + $(OUT)\crypto-rand.obj \ + $(OUT)\data.obj \ + $(OUT)\keyblock.obj \ + $(OUT)\n-fold.obj \ + $(OUT)\store-int.obj + +$(HKRB5_OBJS):$(HKRB5)\$$(@B).c + $(C2OBJ) $** -I$(HKRB5) + +$(INCFILES):$$(@B).h + $(COPY) $** $(INCFILEDIR) + +RESFILE = $(OUT)\afsrfc3961.res + +$(RESFILE): afsrfc3961.rc AFS_component_version_number.h + +!if !defined(NMAKE) +NTMAKE = nmake /nologo /f ntmakefile +!endif + +DLLLIBS = \ + $(DESTDIR)\lib\afsroken.lib $(DESTDIR)\lib\afshcrypto.lib + +$(LIBFILE): $(LOCAL_OBJS) $(HKRB5_OBJS) $(RESFILE) $(DLLLIBS) + $(DLLCONLINK) /DEF:afsrfc3961.def shell32.lib + $(_VC_MANIFEST_EMBED_DLL) + $(DLLPREP) + $(CODESIGN_USERLAND) + $(SYMSTORE_IMPORT) + $(MAKECYGLIB) --input-def afsrfc3961.def + +install_headers: $(INCFILES) + +install: install_headers $(LIBFILE) + +clean:: + $(DEL) $(INCFILES) + $(DEL) $(LIBFILE) $(DESTDIR)\lib\afsrfc3961.lib $(DESTDIR)\lib\afsrfc3961.exp diff --git a/src/crypto/rfc3961/afsrfc3961.def b/src/crypto/rfc3961/afsrfc3961.def new file mode 100644 index 0000000..9fad6c9 --- /dev/null +++ b/src/crypto/rfc3961/afsrfc3961.def @@ -0,0 +1,16 @@ +EXPORTS + oafs_h_krb5_init_context @1 + oafs_h_krb5_free_context @2 + oafs_h_krb5_enctype_valid @3 + oafs_h_krb5_crypto_init @4 + oafs_h_krb5_crypto_destroy @5 + oafs_h_krb5_encrypt @6 + oafs_h_krb5_decrypt @7 + oafs_h_krb5_enctype_keybits @8 + oafs_h_krb5_data_free @9 + oafs_h_krb5_data_alloc @10 + oafs_h_krb5_keyblock_init @11 + oafs_h_krb5_copy_keyblock @12 + oafs_h_krb5_copy_keyblock_contents @13 + oafs_h_krb5_free_keyblock @14 + oafs_h_krb5_free_keyblock_contents @15 diff --git a/src/crypto/rfc3961/afsrfc3961.rc b/src/crypto/rfc3961/afsrfc3961.rc new file mode 100644 index 0000000..0c61281 --- /dev/null +++ b/src/crypto/rfc3961/afsrfc3961.rc @@ -0,0 +1,9 @@ +/* Define VERSIONINFO resource */ + +#define AFS_VERINFO_FILE_DESCRIPTION "AFS RFC 3961 Crypto DLL" +#define AFS_VERINFO_DLL +#define AFS_VERINFO_NAME "afsrfc3961" +#define AFS_VERINFO_FILENAME "afsrfc3961.dll" + +#include "AFS_component_version_number.h" +#include "..\..\config\NTVersioninfo.rc" diff --git a/src/crypto/rfc3961/kernel/random.c b/src/crypto/rfc3961/kernel/random.c index df1efa8..ad44036 100644 --- a/src/crypto/rfc3961/kernel/random.c +++ b/src/crypto/rfc3961/kernel/random.c @@ -30,8 +30,8 @@ #include "rfc3961.h" -krb5_error_code +void krb5_generate_random_block(void *buf, size_t len) { - return osi_readRandom(buf, len); + osi_readRandom(buf, len); } diff --git a/src/crypto/rfc3961/krb5_locl.h b/src/crypto/rfc3961/krb5_locl.h index ee4f7d8..05eff8e 100644 --- a/src/crypto/rfc3961/krb5_locl.h +++ b/src/crypto/rfc3961/krb5_locl.h @@ -7,32 +7,52 @@ #include "config.h" #else - +#include +#include #include #include #include #include +#ifndef AFS_NT40_ENV #include #include -#include #include -#include +#endif +#include #endif #include +#include +#include #include +#include #include "rfc3961.h" #ifndef KERNEL +#ifdef AFS_PTHREAD_ENV +#include # define HEIMDAL_MUTEX pthread_mutex_t # define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER # define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL) # define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m) # define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m) # define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m) +#else +/* The one location in this library which uses mutexes is the PRNG + * code. As this code takes no locks, never yields, and does no + * I/O through the LWP IO Manager, it cannot be pre-empted, so + * it is safe to simply remove the locks in this case + */ +#define HEIMDAL_MUTEX int +#define HEIMDAL_MUTEX_INITIALIZER 0 +#define HEIMDAL_MUTEX_init(m) do { (void)(m); } while(0) +#define HEIMDAL_MUTEX_lock(m) do { (void)(m); } while(0) +#define HEIMDAL_MUTEX_unlock(m) do { (void)(m); } while(0) +#define HEIMDAL_MUTEX_destroy(m) do { (void)(m); } while(0) +#endif #endif #define HEIMDAL_SMALLER 1 @@ -73,7 +93,7 @@ typedef ssize_t krb5_ssize_t; typedef struct EncryptedData { int etype; int *kvno; - heim_octet_string cipher; + afs_heim_octet_string cipher; } EncryptedData; typedef enum krb5_salttype { @@ -95,6 +115,7 @@ typedef enum krb5_keytype { #define KRB5_ENCTYPE_OLD_DES3_CBC_SHA1 KEYTYPE_DES3 #define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 KEYTYPE_AES128 #define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 KEYTYPE_AES256 +#define KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 KEYTYPE_ARCFOUR typedef struct krb5_salt { krb5_salttype salttype; @@ -140,6 +161,70 @@ typedef struct krb5_crypto_iov { * numbers out, but no meaningful text */ #define N_(X, Y) X +/* rename internal symbols, to reduce conflicts with external kerberos + libraries */ +#define krb5_abortx _oafs_h_krb5_abortx +#define krb5_set_error_message _oafs_h_krb5_set_error_message +#define copy_EncryptionKey _oafs_h_copy_EncryptionKey +#define der_copy_octet_string _oafs_h_der_copy_octet_string +#define _krb5_HMAC_MD5_checksum _oafs_h__krb5_HMAC_MD5_checksum +#define _krb5_usage2arcfour _oafs_h__krb5_usage2arcfour +#define _krb5_SP_HMAC_SHA1_checksum _oafs_h__krb5_SP_HMAC_SHA1_checksum +#define _krb5_derive_key _oafs_h__krb5_derive_key +#define _krb5_find_checksum _oafs_h__krb5_find_checksum +#define _krb5_find_enctype _oafs_h__krb5_find_enctype +#define _krb5_free_key_data _oafs_h__krb5_free_key_data +#define _krb5_internal_hmac _oafs_h__krb5_internal_hmac +#define krb5_allow_weak_crypto _oafs_h_krb5_allow_weak_crypto +#define krb5_checksum_disable _oafs_h_krb5_checksum_disable +#define krb5_checksum_is_collision_proof _oafs_h_krb5_checksum_is_collision_proof +#define krb5_checksum_is_keyed _oafs_h_krb5_checksum_is_keyed +#define krb5_cksumtype_to_enctype _oafs_h_krb5_cksumtype_to_enctype +#define krb5_cksumtype_valid _oafs_h_krb5_cksumtype_valid +#define krb5_create_checksum_iov _oafs_h_krb5_create_checksum_iov +#define krb5_crypto_getblocksize _oafs_h_krb5_crypto_getblocksize +#define krb5_crypto_getconfoundersize _oafs_h_krb5_crypto_getconfoundersize +#define krb5_crypto_getenctype _oafs_h_krb5_crypto_getenctype +#define krb5_crypto_getpadsize _oafs_h_krb5_crypto_getpadsize +#define krb5_crypto_length _oafs_h_krb5_crypto_length +#define krb5_crypto_length_iov _oafs_h_krb5_crypto_length_iov +#define krb5_crypto_prf_length _oafs_h_krb5_crypto_prf_length +#define krb5_decrypt_EncryptedData _oafs_h_krb5_decrypt_EncryptedData +#define krb5_decrypt_iov_ivec _oafs_h_krb5_decrypt_iov_ivec +#define krb5_decrypt_ivec _oafs_h_krb5_decrypt_ivec +#define krb5_derive_key _oafs_h_krb5_derive_key +#define krb5_encrypt_EncryptedData _oafs_h_krb5_encrypt_EncryptedData +#define krb5_encrypt_iov_ivec _oafs_h_krb5_encrypt_iov_ivec +#define krb5_encrypt_ivec _oafs_h_krb5_encrypt_ivec +#define krb5_enctype_disable _oafs_h_krb5_enctype_disable +#define krb5_enctype_enable _oafs_h_krb5_enctype_enable +#define krb5_enctype_keysize _oafs_h_krb5_enctype_keysize +#define krb5_enctype_to_keytype _oafs_h_krb5_enctype_to_keytype +#define krb5_enctype_to_string _oafs_h_krb5_enctype_to_string +#define krb5_generate_random_keyblock _oafs_h_krb5_generate_random_keyblock +#define krb5_get_wrapped_length _oafs_h_krb5_get_wrapped_length +#define krb5_hmac _oafs_h_krb5_hmac +#define krb5_is_enctype_weak _oafs_h_krb5_is_enctype_weak +#define krb5_string_to_enctype _oafs_h_krb5_string_to_enctype +#define krb5_verify_checksum_iov _oafs_h_krb5_verify_checksum_iov +#define _krb5_DES3_random_to_key _oafs_h__krb5_DES3_random_to_key +#define _krb5_xor _oafs_h__krb5_xor +#define _krb5_evp_cleanup _oafs_h__krb5_evp_cleanup +#define _krb5_evp_encrypt _oafs_h__krb5_evp_encrypt +#define _krb5_evp_encrypt_cts _oafs_h__krb5_evp_encrypt_cts +#define _krb5_evp_schedule _oafs_h__krb5_evp_schedule +#define krb5_copy_data _oafs_h_krb5_copy_data +#define krb5_data_cmp _oafs_h_krb5_data_cmp +#define krb5_data_copy _oafs_h_krb5_data_copy +#define krb5_data_ct_cmp _oafs_h_krb5_data_ct_cmp +#define krb5_data_realloc _oafs_h_krb5_data_realloc +#define krb5_data_zero _oafs_h_krb5_data_zero +#define krb5_free_data _oafs_h_krb5_free_data +#define _krb5_n_fold _oafs_h__krb5_n_fold +#define _krb5_get_int _oafs_h__krb5_get_int +#define _krb5_put_int _oafs_h__krb5_put_int + + /* These have to be real functions, because IRIX doesn't seem to support * variadic macros */ void krb5_set_error_message(krb5_context, krb5_error_code, const char *, ...); @@ -175,10 +260,13 @@ void krb5_free_keyblock(krb5_context, krb5_keyblock *); int krb5_data_ct_cmp(const krb5_data *, const krb5_data *); int der_copy_octet_string(const krb5_data *, krb5_data *); int copy_EncryptionKey(const krb5_keyblock *, krb5_keyblock *); -int ct_memcmp(const void *p1, const void *p2, size_t len); krb5_error_code krb5_enctype_to_string(krb5_context context, krb5_enctype etype, char **string); +#ifdef KERNEL +/* Roken provides this in userspace, but we're on our own in the kernel. */ +int ct_memcmp(const void *p1, const void *p2, size_t len); +#endif #include "crypto.h" @@ -202,22 +290,38 @@ krb5_error_code _krb5_SP_HMAC_SHA1_checksum (krb5_context, const void *, size_t, unsigned, Checksum *); -/* These are bodges - we don't implement these encryption types, but - * crypto.c contains hard coded references to them, and to these funcs. - * - * They will never actually be called ... +void _krb5_xor(DES_cblock *key, const unsigned char *b); + +#ifdef KERNEL +/* + * Ew, gross! + * crypto.c contains hard-coded references to these, so even though we don't + * implement these enctypes in the kernel, we need to have stubs present in + * order to link a kernel module. In userspace, we do implement these enctypes, + * and the real functions are provided by the heimdal source files. */ static_inline krb5_error_code _krb5_usage2arcfour(krb5_context context, unsigned *usage) { - return -1; + return -1; } static_inline void +_krb5_DES3_random_to_key(krb5_context context, krb5_keyblock *key, + const void *rand, size_t size) { + return; +} +#else /* KERNEL */ +void _krb5_DES3_random_to_key (krb5_context context, krb5_keyblock *key, const void *rand, - size_t size) { - return; -} + size_t size); + +krb5_error_code _krb5_usage2arcfour(krb5_context context, unsigned *usage); +#endif /* KERNEL */ #define _krb5_AES_salt NULL +#define _krb5_arcfour_salt NULL +#define _krb5_des3_salt NULL +#define _krb5_des3_salt_derived NULL +#define _krb5_des_salt NULL diff --git a/src/crypto/rfc3961/liboafs_rfc3961.la.sym b/src/crypto/rfc3961/liboafs_rfc3961.la.sym new file mode 100644 index 0000000..9b3d345 --- /dev/null +++ b/src/crypto/rfc3961/liboafs_rfc3961.la.sym @@ -0,0 +1,22 @@ +oafs_h_free_Checksum +oafs_h_krb5_init_context +oafs_h_krb5_free_context +oafs_h_krb5_enctype_valid +oafs_h_krb5_checksumsize +oafs_h_krb5_create_checksum +oafs_h_krb5_crypto_init +oafs_h_krb5_crypto_destroy +oafs_h_krb5_crypto_overhead +oafs_h_krb5_crypto_prf +oafs_h_krb5_encrypt +oafs_h_krb5_decrypt +oafs_h_krb5_enctype_keybits +oafs_h_krb5_data_free +oafs_h_krb5_data_alloc +oafs_h_krb5_keyblock_get_enctype +oafs_h_krb5_keyblock_init +oafs_h_krb5_copy_keyblock +oafs_h_krb5_copy_keyblock_contents +oafs_h_krb5_free_keyblock +oafs_h_krb5_free_keyblock_contents +oafs_h_krb5_verify_checksum diff --git a/src/crypto/rfc3961/rfc3961.h b/src/crypto/rfc3961/rfc3961.h index 61e9f9e..fd884b2 100644 --- a/src/crypto/rfc3961/rfc3961.h +++ b/src/crypto/rfc3961/rfc3961.h @@ -11,13 +11,13 @@ typedef struct _krb5_context * krb5_context; typedef struct { size_t length; void *data; -} heim_octet_string; +} afs_heim_octet_string; -typedef heim_octet_string krb5_data; +typedef afs_heim_octet_string krb5_data; typedef struct { int keytype; - heim_octet_string keyvalue; + afs_heim_octet_string keyvalue; } krb5_keyblock; typedef struct krb5_crypto_data *krb5_crypto; @@ -45,7 +45,7 @@ typedef enum CKSUMTYPE { typedef struct Checksum { CKSUMTYPE cksumtype; - heim_octet_string checksum; + afs_heim_octet_string checksum; } Checksum; typedef int krb5_cksumtype; @@ -83,6 +83,24 @@ enum { typedef ENCTYPE krb5_enctype; +#define krb5_init_context oafs_h_krb5_init_context +#define krb5_free_context oafs_h_krb5_free_context +#define krb5_enctype_valid oafs_h_krb5_enctype_valid +#define krb5_crypto_init oafs_h_krb5_crypto_init +#define krb5_crypto_destroy oafs_h_krb5_crypto_destroy +#define krb5_encrypt oafs_h_krb5_encrypt +#define krb5_decrypt oafs_h_krb5_decrypt +#define krb5_enctype_keybits oafs_h_krb5_enctype_keybits +#define krb5_data_free oafs_h_krb5_data_free +#define krb5_data_alloc oafs_h_krb5_data_alloc +#define krb5_keyblock_init oafs_h_krb5_keyblock_init +#define krb5_copy_keyblock oafs_h_krb5_copy_keyblock +#define krb5_copy_keyblock_contents oafs_h_krb5_copy_keyblock_contents +#define krb5_free_keyblock oafs_h_krb5_free_keyblock +#define krb5_free_keyblock_contents oafs_h_krb5_free_keyblock_contents +#define krb5_keyblock_zero oafs_h_krb5_keyblock_zero +#define krb5_keyblock_get_enctype oafs_h_krb5_keyblock_get_enctype + krb5_error_code krb5_init_context(krb5_context *context); void krb5_free_context(krb5_context context); @@ -122,6 +140,12 @@ krb5_error_code krb5_data_alloc(krb5_data *p, int len); void krb5_free_keyblock_contents(krb5_context context, krb5_keyblock *keyblock); +#define krb5_crypto_prf oafs_h_krb5_crypto_prf +#define krb5_crypto_fx_cf2 oafs_h_krb5_crypto_fx_cf2 +#define krb5_generate_random_block oafs_h_krb5_generate_random_block +#define krb5_random_to_key oafs_h_krb5_random_ro_key +#define krb5_crypto_overhead oafs_h_krb5_crypto_overhead + krb5_error_code krb5_crypto_prf(krb5_context context, const krb5_crypto crypto, const krb5_data *input, @@ -135,7 +159,7 @@ krb5_error_code krb5_crypto_fx_cf2(krb5_context context, krb5_enctype enctype, krb5_keyblock *res); -krb5_error_code krb5_generate_random_block(void *buf, size_t len); +void krb5_generate_random_block(void *buf, size_t len); krb5_error_code krb5_random_to_key(krb5_context context, krb5_enctype type, @@ -146,6 +170,12 @@ krb5_error_code krb5_random_to_key(krb5_context context, size_t krb5_crypto_overhead (krb5_context context, krb5_crypto crypto); +#define krb5_crypto_get_checksum_type oafs_h_krb5_crypto_get_checksum_type +#define krb5_checksumsize oafs_h_krb5_checksumsize +#define krb5_create_checksum oafs_h_krb5_create_checksum +#define krb5_verify_checksum oafs_h_krb5_verify_checksum +#define free_Checksum oafs_h_free_Checksum + krb5_error_code krb5_crypto_get_checksum_type (krb5_context context, krb5_crypto crypto, krb5_cksumtype *type); @@ -168,4 +198,23 @@ krb5_error_code krb5_verify_checksum (krb5_context context, size_t len, Checksum *cksum); + void free_Checksum(Checksum *data); + +void krb5_keyblock_zero(krb5_keyblock *keyblock); +void krb5_free_keyblock_contents(krb5_context context, + krb5_keyblock *keyblock); +void krb5_free_keyblock(krb5_context context, + krb5_keyblock *keyblock); +krb5_error_code krb5_copy_keyblock_contents (krb5_context context, + const krb5_keyblock *inblock, + krb5_keyblock *to); +krb5_error_code krb5_copy_keyblock (krb5_context context, + const krb5_keyblock *inblock, + krb5_keyblock **to); +krb5_enctype krb5_keyblock_get_enctype(const krb5_keyblock *block); +krb5_error_code krb5_keyblock_init(krb5_context context, + krb5_enctype type, + const void *data, + size_t size, + krb5_keyblock *key);