src/crypto/rfc3961/krb5_locl.h

   1 /* This is a shim header that's included by crypto.c, and turns it into
   2  * something that we can actually build on its own.
   3  */
   4
   5 #ifdef KERNEL
   6
   7 #include "config.h"
   8
   9 #else
  10 #include <afsconfig.h>
  11 #include <afs/stds.h>
  12 #include <roken.h>
  13
  14 #include <fcntl.h>
  15 #include <stdlib.h>
  16 #include <string.h>
  17 #ifndef AFS_NT40_ENV
  18 #include <sys/param.h>
  19 #include <inttypes.h>
  20 #include <sys/errno.h>
  21 #endif
  22 #include <sys/types.h>
  23
  24 #endif
  25
  26 #include <hcrypto/evp.h>
  27 #include <hcrypto/des.h>
  28 #include <hcrypto/rc4.h>
  29 #include <hcrypto/sha.h>
  30 #include <hcrypto/md5.h>
  31
  32 #include "rfc3961.h"
  33
  34 #ifndef KERNEL
  35 #ifdef AFS_PTHREAD_ENV
  36 #include <pthread.h>
  37 # define HEIMDAL_MUTEX pthread_mutex_t
  38 # define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
  39 # define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL)
  40 # define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m)
  41 # define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m)
  42 # define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m)
  43 #else
  44 /* The one location in this library which uses mutexes is the PRNG
  45  * code. As this code takes no locks, never yields, and does no
  46  * I/O through the LWP IO Manager, it cannot be pre-empted, so
  47  * it is safe to simply remove the locks in this case
  48  */
  49 #define HEIMDAL_MUTEX int
  50 #define HEIMDAL_MUTEX_INITIALIZER 0
  51 #define HEIMDAL_MUTEX_init(m) do { (void)(m); } while(0)
  52 #define HEIMDAL_MUTEX_lock(m) do { (void)(m); } while(0)
  53 #define HEIMDAL_MUTEX_unlock(m) do { (void)(m); } while(0)
  54 #define HEIMDAL_MUTEX_destroy(m) do { (void)(m); } while(0)
  55 #endif
  56 #endif
  57
  58 #define HEIMDAL_SMALLER 1
  59 #define HEIM_CRYPTO_NO_TRIPLE_DES
  60 #define HEIM_CRYPTO_NO_ARCFOUR
  61 #define HEIM_CRYPTO_NO_PK
  62
  63 #define NO_RAND_EGD_METHOD
  64 #define NO_RANDFILE
  65
  66 #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
  67
  68 #ifndef max
  69 #define max(a,b) (((a)>(b))?(a):(b))
  70 #endif
  71
  72 #ifndef O_BINARY
  73 #define O_BINARY 0
  74 #endif
  75
  76 #ifndef O_CLOEXEC
  77 #define O_CLOEXEC 0
  78 #endif
  79
  80 typedef int krb5_boolean;
  81 typedef ssize_t krb5_ssize_t;
  82
  83 #define KRB5_KU_AS_REP_ENC_PART 3
  84 #define KRB5_KU_USAGE_SEAL 22
  85 #define KRB5_KU_USAGE_SIGN 23
  86 #define KRB5_KU_USAGE_SEQ 24
  87
  88 #define TRUE 1
  89 #define FALSE 0
  90
  91 /* From the ASN.1 */
  92
  93 typedef struct EncryptedData {
  94   int etype;
  95   int *kvno;
  96   afs_heim_octet_string cipher;
  97 } EncryptedData;
  98
  99 typedef enum krb5_salttype {
 100     KRB5_PW_SALT = 3,
 101     KRB5_AFS3_SALT = 10
 102 } krb5_salttype;
 103
 104 typedef enum krb5_keytype {
 105     KEYTYPE_NULL        = 0,
 106     KEYTYPE_DES         = 1,
 107     KEYTYPE_DES3        = 7,
 108     KEYTYPE_AES128      = 17,
 109     KEYTYPE_AES256      = 18,
 110     KEYTYPE_ARCFOUR     = 23,
 111     KEYTYPE_ARCFOUR_56  = 24
 112 } krb5_keytype;
 113
 114 #define KRB5_ENCTYPE_NULL KEYTYPE_NULL
 115 #define KRB5_ENCTYPE_OLD_DES3_CBC_SHA1 KEYTYPE_DES3
 116 #define KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96 KEYTYPE_AES128
 117 #define KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96 KEYTYPE_AES256
 118 #define KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 KEYTYPE_ARCFOUR
 119
 120 typedef struct krb5_salt {
 121     krb5_salttype salttype;
 122     krb5_data saltvalue;
 123 } krb5_salt;
 124
 125 typedef struct krb5_crypto_iov {
 126     unsigned int flags;
 127     /* ignored */
 128 #define KRB5_CRYPTO_TYPE_EMPTY          0
 129     /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */
 130 #define KRB5_CRYPTO_TYPE_HEADER         1
 131     /* IN and OUT */
 132 #define KRB5_CRYPTO_TYPE_DATA           2
 133     /* IN */
 134 #define KRB5_CRYPTO_TYPE_SIGN_ONLY      3
 135    /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
 136 #define KRB5_CRYPTO_TYPE_PADDING        4
 137    /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
 138 #define KRB5_CRYPTO_TYPE_TRAILER        5
 139    /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */
 140 #define KRB5_CRYPTO_TYPE_CHECKSUM       6
 141     krb5_data data;
 142 } krb5_crypto_iov;
 143
 144 #define ETYPE_NULL 0
 145
 146 #define KRB5_LIB_FUNCTION
 147 #define KRB5_LIB_CALL
 148
 149 /* Error codes */
 150 #define KRB5_BAD_MSIZE -1765328194
 151 #define KRB5_BAD_KEYSIZE -1765328195
 152 #define KRB5_PROG_SUMTYPE_NOSUPP -1765328231
 153 #define KRB5_PROG_KEYTYPE_NOSUPP -1765328233
 154 #define KRB5_PROG_ETYPE_NOSUPP -1765328234
 155 #define HEIM_ERR_SALTTYPE_NOSUPP -1980176638
 156 #define KRB5KRB_AP_ERR_BAD_INTEGRITY -1765328353
 157
 158 #define KRB5_CRYPTO_INTERNAL 1
 159
 160 /* Currently, we just disable localised error strings. We'll get the error
 161  * numbers out, but no meaningful text */
 162 #define N_(X, Y) X
 163
 164 /* rename internal symbols, to reduce conflicts with external kerberos
 165    libraries */
 166 #define krb5_abortx _oafs_h_krb5_abortx
 167 #define krb5_set_error_message _oafs_h_krb5_set_error_message
 168 #define copy_EncryptionKey _oafs_h_copy_EncryptionKey
 169 #define der_copy_octet_string _oafs_h_der_copy_octet_string
 170 #define _krb5_HMAC_MD5_checksum _oafs_h__krb5_HMAC_MD5_checksum
 171 #define _krb5_usage2arcfour _oafs_h__krb5_usage2arcfour
 172 #define _krb5_SP_HMAC_SHA1_checksum _oafs_h__krb5_SP_HMAC_SHA1_checksum
 173 #define _krb5_derive_key _oafs_h__krb5_derive_key
 174 #define _krb5_find_checksum _oafs_h__krb5_find_checksum
 175 #define _krb5_find_enctype _oafs_h__krb5_find_enctype
 176 #define _krb5_free_key_data _oafs_h__krb5_free_key_data
 177 #define _krb5_internal_hmac _oafs_h__krb5_internal_hmac
 178 #define krb5_allow_weak_crypto _oafs_h_krb5_allow_weak_crypto
 179 #define krb5_checksum_disable _oafs_h_krb5_checksum_disable
 180 #define krb5_checksum_is_collision_proof _oafs_h_krb5_checksum_is_collision_proof
 181 #define krb5_checksum_is_keyed _oafs_h_krb5_checksum_is_keyed
 182 #define krb5_cksumtype_to_enctype _oafs_h_krb5_cksumtype_to_enctype
 183 #define krb5_cksumtype_valid _oafs_h_krb5_cksumtype_valid
 184 #define krb5_create_checksum_iov _oafs_h_krb5_create_checksum_iov
 185 #define krb5_crypto_getblocksize _oafs_h_krb5_crypto_getblocksize
 186 #define krb5_crypto_getconfoundersize _oafs_h_krb5_crypto_getconfoundersize
 187 #define krb5_crypto_getenctype _oafs_h_krb5_crypto_getenctype
 188 #define krb5_crypto_getpadsize _oafs_h_krb5_crypto_getpadsize
 189 #define krb5_crypto_length _oafs_h_krb5_crypto_length
 190 #define krb5_crypto_length_iov _oafs_h_krb5_crypto_length_iov
 191 #define krb5_crypto_prf_length _oafs_h_krb5_crypto_prf_length
 192 #define krb5_decrypt_EncryptedData _oafs_h_krb5_decrypt_EncryptedData
 193 #define krb5_decrypt_iov_ivec _oafs_h_krb5_decrypt_iov_ivec
 194 #define krb5_decrypt_ivec _oafs_h_krb5_decrypt_ivec
 195 #define krb5_derive_key _oafs_h_krb5_derive_key
 196 #define krb5_encrypt_EncryptedData _oafs_h_krb5_encrypt_EncryptedData
 197 #define krb5_encrypt_iov_ivec _oafs_h_krb5_encrypt_iov_ivec
 198 #define krb5_encrypt_ivec _oafs_h_krb5_encrypt_ivec
 199 #define krb5_enctype_disable _oafs_h_krb5_enctype_disable
 200 #define krb5_enctype_enable _oafs_h_krb5_enctype_enable
 201 #define krb5_enctype_keysize _oafs_h_krb5_enctype_keysize
 202 #define krb5_enctype_to_keytype _oafs_h_krb5_enctype_to_keytype
 203 #define krb5_enctype_to_string _oafs_h_krb5_enctype_to_string
 204 #define krb5_generate_random_keyblock _oafs_h_krb5_generate_random_keyblock
 205 #define krb5_get_wrapped_length _oafs_h_krb5_get_wrapped_length
 206 #define krb5_hmac _oafs_h_krb5_hmac
 207 #define krb5_is_enctype_weak _oafs_h_krb5_is_enctype_weak
 208 #define krb5_string_to_enctype _oafs_h_krb5_string_to_enctype
 209 #define krb5_verify_checksum_iov _oafs_h_krb5_verify_checksum_iov
 210 #define _krb5_DES3_random_to_key _oafs_h__krb5_DES3_random_to_key
 211 #define _krb5_xor _oafs_h__krb5_xor
 212 #define _krb5_evp_cleanup _oafs_h__krb5_evp_cleanup
 213 #define _krb5_evp_encrypt _oafs_h__krb5_evp_encrypt
 214 #define _krb5_evp_encrypt_cts _oafs_h__krb5_evp_encrypt_cts
 215 #define _krb5_evp_schedule _oafs_h__krb5_evp_schedule
 216 #define krb5_copy_data _oafs_h_krb5_copy_data
 217 #define krb5_data_cmp _oafs_h_krb5_data_cmp
 218 #define krb5_data_copy _oafs_h_krb5_data_copy
 219 #define krb5_data_ct_cmp _oafs_h_krb5_data_ct_cmp
 220 #define krb5_data_realloc _oafs_h_krb5_data_realloc
 221 #define krb5_data_zero _oafs_h_krb5_data_zero
 222 #define krb5_free_data _oafs_h_krb5_free_data
 223 #define _krb5_n_fold _oafs_h__krb5_n_fold
 224 #define _krb5_get_int _oafs_h__krb5_get_int
 225 #define _krb5_put_int _oafs_h__krb5_put_int
 226
 227
 228 /* These have to be real functions, because IRIX doesn't seem to support
 229  * variadic macros */
 230 void krb5_set_error_message(krb5_context, krb5_error_code, const char *, ...);
 231 krb5_error_code krb5_abortx(krb5_context, const char *, ...);
 232
 233 #define krb5_clear_error_message(ctx)
 234
 235 static_inline krb5_error_code
 236 krb5_enomem(krb5_context context)
 237 {
 238     return ENOMEM;
 239 }
 240
 241
 242 /* Local prototypes. These are functions that we aren't admitting to in the
 243  * public API */
 244 krb5_error_code _krb5_n_fold(const void *str, size_t len, void *, size_t);
 245 krb5_error_code krb5_derive_key(krb5_context context, const krb5_keyblock *key,
 246                                 krb5_enctype etype, const void *constant,
 247                                 size_t constant_len,
 248                                 krb5_keyblock **derived_key);
 249 krb5_error_code krb5_enctype_keysize(krb5_context context,
 250                                      krb5_enctype type,
 251                                      size_t *keysize);
 252 krb5_ssize_t _krb5_put_int(void *buffer, unsigned long value, size_t size);
 253 void krb5_data_zero(krb5_data *p);
 254 krb5_error_code krb5_data_copy(krb5_data *p, const void *data, size_t len);
 255 void krb5_free_data(krb5_context context, krb5_data *p);
 256 krb5_error_code krb5_copy_keyblock(krb5_context,
 257                                    const krb5_keyblock *,
 258                                    krb5_keyblock **);
 259 void krb5_free_keyblock(krb5_context, krb5_keyblock *);
 260 int krb5_data_ct_cmp(const krb5_data *, const krb5_data *);
 261 int der_copy_octet_string(const krb5_data *, krb5_data *);
 262 int copy_EncryptionKey(const krb5_keyblock *, krb5_keyblock *);
 263 krb5_error_code krb5_enctype_to_string(krb5_context context,
 264                                        krb5_enctype etype,
 265                                        char **string);
 266 #ifdef KERNEL
 267 /* Roken provides this in userspace, but we're on our own in the kernel. */
 268 int ct_memcmp(const void *p1, const void *p2, size_t len);
 269 #endif
 270
 271
 272 #include "crypto.h"
 273
 274 struct _krb5_checksum_type * _krb5_find_checksum (krb5_cksumtype);
 275 struct _krb5_encryption_type * _krb5_find_enctype (krb5_enctype);
 276 void _krb5_free_key_data (krb5_context, struct _krb5_key_data *,
 277                           struct _krb5_encryption_type *);
 278 void _krb5_evp_cleanup (krb5_context, struct _krb5_key_data *);
 279
 280 krb5_error_code _krb5_evp_encrypt (krb5_context, struct _krb5_key_data *,
 281                                    void *, size_t, krb5_boolean, int,
 282                                    void *);
 283 krb5_error_code _krb5_evp_encrypt_cts (krb5_context, struct _krb5_key_data *,
 284                                        void *,size_t, krb5_boolean,
 285                                        int, void *);
 286 void _krb5_evp_schedule (krb5_context, struct _krb5_key_type *,
 287                          struct _krb5_key_data *);
 288 krb5_error_code _krb5_SP_HMAC_SHA1_checksum (krb5_context,
 289                                              struct _krb5_key_data *,
 290                                              const void *,
 291                                              size_t, unsigned, Checksum *);
 292
 293 void _krb5_xor(DES_cblock *key, const unsigned char *b);
 294
 295 #ifdef KERNEL
 296 /*
 297  * Ew, gross!
 298  * crypto.c contains hard-coded references to these, so even though we don't
 299  * implement these enctypes in the kernel, we need to have stubs present in
 300  * order to link a kernel module.  In userspace, we do implement these enctypes,
 301  * and the real functions are provided by the heimdal source files.
 302  */
 303 static_inline krb5_error_code
 304 _krb5_usage2arcfour(krb5_context context, unsigned *usage) {
 305     return -1;
 306 }
 307
 308 static_inline void
 309 _krb5_DES3_random_to_key(krb5_context context, krb5_keyblock *key,
 310                          const void *rand, size_t size) {
 311     return;
 312 }
 313 #else   /* KERNEL */
 314 void
 315 _krb5_DES3_random_to_key (krb5_context context,
 316                           krb5_keyblock *key,
 317                           const void *rand,
 318                           size_t size);
 319
 320 krb5_error_code _krb5_usage2arcfour(krb5_context context, unsigned *usage);
 321 #endif  /* KERNEL */
 322
 323 #define _krb5_AES_salt NULL
 324 #define _krb5_arcfour_salt NULL
 325 #define _krb5_des3_salt NULL
 326 #define _krb5_des3_salt_derived NULL
 327 #define _krb5_des_salt NULL