#include "krb5_locl.h"
+struct _krb5_key_usage {
+ unsigned usage;
+ struct _krb5_key_data key;
+};
+
+
#ifndef HEIMDAL_SMALLER
#define DES3_OLD_ENCTYPE 1
#endif
static krb5_error_code _get_derived_key(krb5_context, krb5_crypto,
- unsigned, struct key_data**);
-static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
+ unsigned, struct _krb5_key_data**);
+static struct _krb5_key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
static void free_key_schedule(krb5_context,
- struct key_data *,
- struct encryption_type *);
+ struct _krb5_key_data *,
+ struct _krb5_encryption_type *);
/************************************************************
* *
krb5_enctype type,
size_t *keysize)
{
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
krb5_enctype type,
size_t *keybits)
{
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
"encryption type %d not supported",
krb5_keyblock *key)
{
krb5_error_code ret;
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
static krb5_error_code
_key_schedule(krb5_context context,
- struct key_data *key)
+ struct _krb5_key_data *key)
{
krb5_error_code ret;
- struct encryption_type *et = _krb5_find_enctype(key->key->keytype);
- struct key_type *kt;
+ struct _krb5_encryption_type *et = _krb5_find_enctype(key->key->keytype);
+ struct _krb5_key_type *kt;
if (et == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
static krb5_error_code
SHA1_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
/* HMAC according to RFC2104 */
krb5_error_code
_krb5_internal_hmac(krb5_context context,
- struct checksum_type *cm,
+ struct _krb5_checksum_type *cm,
const void *data,
size_t len,
unsigned usage,
- struct key_data *keyblock,
+ struct _krb5_key_data *keyblock,
Checksum *result)
{
unsigned char *ipad, *opad;
krb5_keyblock *key,
Checksum *result)
{
- struct checksum_type *c = _krb5_find_checksum(cktype);
- struct key_data kd;
+ struct _krb5_checksum_type *c = _krb5_find_checksum(cktype);
+ struct _krb5_key_data kd;
krb5_error_code ret;
if (c == NULL) {
krb5_error_code
_krb5_SP_HMAC_SHA1_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
Checksum *result)
{
- struct checksum_type *c = _krb5_find_checksum(CKSUMTYPE_SHA1);
+ struct _krb5_checksum_type *c = _krb5_find_checksum(CKSUMTYPE_SHA1);
Checksum res;
char sha1_data[20];
krb5_error_code ret;
return 0;
}
-struct checksum_type _krb5_checksum_sha1 = {
+struct _krb5_checksum_type _krb5_checksum_sha1 = {
CKSUMTYPE_SHA1,
"sha1",
64,
NULL
};
-struct checksum_type *
+struct _krb5_checksum_type *
_krb5_find_checksum(krb5_cksumtype type)
{
int i;
get_checksum_key(krb5_context context,
krb5_crypto crypto,
unsigned usage, /* not krb5_key_usage */
- struct checksum_type *ct,
- struct key_data **key)
+ struct _krb5_checksum_type *ct,
+ struct _krb5_key_data **key)
{
krb5_error_code ret = 0;
static krb5_error_code
create_checksum (krb5_context context,
- struct checksum_type *ct,
+ struct _krb5_checksum_type *ct,
krb5_crypto crypto,
unsigned usage,
void *data,
Checksum *result)
{
krb5_error_code ret;
- struct key_data *dkey;
+ struct _krb5_key_data *dkey;
int keyed_checksum;
if (ct->flags & F_DISABLED) {
}
static int
-arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
+arcfour_checksum_p(struct _krb5_checksum_type *ct, krb5_crypto crypto)
{
return (ct->type == CKSUMTYPE_HMAC_MD5) &&
(crypto->key.key->keytype == KEYTYPE_ARCFOUR);
size_t len,
Checksum *result)
{
- struct checksum_type *ct = NULL;
+ struct _krb5_checksum_type *ct = NULL;
unsigned keyusage;
/* type 0 -> pick from crypto */
Checksum *cksum)
{
krb5_error_code ret;
- struct key_data *dkey;
+ struct _krb5_key_data *dkey;
int keyed_checksum;
Checksum c;
- struct checksum_type *ct;
+ struct _krb5_checksum_type *ct;
ct = _krb5_find_checksum(cksum->cksumtype);
if (ct == NULL || (ct->flags & F_DISABLED)) {
}
keyed_checksum = (ct->flags & F_KEYED) != 0;
if(keyed_checksum) {
- struct checksum_type *kct;
+ struct _krb5_checksum_type *kct;
if (crypto == NULL) {
krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("Checksum type %s is keyed but no "
size_t len,
Checksum *cksum)
{
- struct checksum_type *ct;
+ struct _krb5_checksum_type *ct;
unsigned keyusage;
ct = _krb5_find_checksum(cksum->cksumtype);
krb5_crypto crypto,
krb5_cksumtype *type)
{
- struct checksum_type *ct = NULL;
+ struct _krb5_checksum_type *ct = NULL;
if (crypto != NULL) {
ct = crypto->et->keyed_checksum;
krb5_cksumtype type,
size_t *size)
{
- struct checksum_type *ct = _krb5_find_checksum(type);
+ struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("checksum type %d not supported", ""),
krb5_checksum_is_keyed(krb5_context context,
krb5_cksumtype type)
{
- struct checksum_type *ct = _krb5_find_checksum(type);
+ struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
krb5_checksum_is_collision_proof(krb5_context context,
krb5_cksumtype type)
{
- struct checksum_type *ct = _krb5_find_checksum(type);
+ struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
krb5_checksum_disable(krb5_context context,
krb5_cksumtype type)
{
- struct checksum_type *ct = _krb5_find_checksum(type);
+ struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
* *
************************************************************/
-struct encryption_type *
+struct _krb5_encryption_type *
_krb5_find_enctype(krb5_enctype type)
{
int i;
krb5_enctype etype,
char **string)
{
- struct encryption_type *e;
+ struct _krb5_encryption_type *e;
e = _krb5_find_enctype(etype);
if(e == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
krb5_enctype etype,
krb5_keytype *keytype)
{
- struct encryption_type *e = _krb5_find_enctype(etype);
+ struct _krb5_encryption_type *e = _krb5_find_enctype(etype);
if(e == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
krb5_enctype_valid(krb5_context context,
krb5_enctype etype)
{
- struct encryption_type *e = _krb5_find_enctype(etype);
+ struct _krb5_encryption_type *e = _krb5_find_enctype(etype);
if(e == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
krb5_cksumtype_valid(krb5_context context,
krb5_cksumtype ctype)
{
- struct checksum_type *c = _krb5_find_checksum(ctype);
+ struct _krb5_checksum_type *c = _krb5_find_checksum(ctype);
if (c == NULL) {
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("checksum type %d not supported", ""),
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
- struct key_data *dkey;
- const struct encryption_type *et = crypto->et;
+ struct _krb5_key_data *dkey;
+ const struct _krb5_encryption_type *et = crypto->et;
checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
- const struct encryption_type *et = crypto->et;
+ const struct _krb5_encryption_type *et = crypto->et;
checksum_sz = CHECKSUMSIZE(et->checksum);
krb5_data *result,
void *ivec)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t cksum_sz = CHECKSUMSIZE(et->checksum);
size_t sz = len + cksum_sz + et->confoundersize;
char *tmp, *p;
Checksum cksum;
unsigned char *p;
krb5_error_code ret;
- struct key_data *dkey;
- struct encryption_type *et = crypto->et;
+ struct _krb5_key_data *dkey;
+ struct _krb5_encryption_type *et = crypto->et;
unsigned long l;
checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
unsigned char *p;
Checksum cksum;
size_t checksum_sz, l;
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
if ((len % et->padsize) != 0) {
krb5_clear_error_message(context);
krb5_data *result,
void *ivec)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t cksum_sz = CHECKSUMSIZE(et->checksum);
size_t sz = len - cksum_sz - et->confoundersize;
unsigned char *p;
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
- struct key_data *dkey;
- const struct encryption_type *et = crypto->et;
+ struct _krb5_key_data *dkey;
+ const struct _krb5_encryption_type *et = crypto->et;
krb5_crypto_iov *tiv, *piv, *hiv;
if (num_data < 0) {
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
- struct key_data *dkey;
- struct encryption_type *et = crypto->et;
+ struct _krb5_key_data *dkey;
+ struct _krb5_encryption_type *et = crypto->et;
krb5_crypto_iov *tiv, *hiv;
if (num_data < 0) {
unsigned int num_data,
krb5_cksumtype *type)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
Checksum cksum;
krb5_crypto_iov *civ;
krb5_error_code ret;
krb5_error_code
_krb5_derive_key(krb5_context context,
- struct encryption_type *et,
- struct key_data *key,
+ struct _krb5_encryption_type *et,
+ struct _krb5_key_data *key,
const void *constant,
size_t len)
{
unsigned char *k = NULL;
unsigned int nblocks = 0, i;
krb5_error_code ret = 0;
- struct key_type *kt = et->keytype;
+ struct _krb5_key_type *kt = et->keytype;
ret = _key_schedule(context, key);
if(ret)
return ret;
}
-static struct key_data *
+static struct _krb5_key_data *
_new_derived_key(krb5_crypto crypto, unsigned usage)
{
- struct key_usage *d = crypto->key_usage;
+ struct _krb5_key_usage *d = crypto->key_usage;
d = realloc(d, (crypto->num_key_usage + 1) * sizeof(*d));
if(d == NULL)
return NULL;
krb5_keyblock **derived_key)
{
krb5_error_code ret;
- struct encryption_type *et;
- struct key_data d;
+ struct _krb5_encryption_type *et;
+ struct _krb5_key_data d;
*derived_key = NULL;
_get_derived_key(krb5_context context,
krb5_crypto crypto,
unsigned usage,
- struct key_data **key)
+ struct _krb5_key_data **key)
{
int i;
- struct key_data *d;
+ struct _krb5_key_data *d;
unsigned char constant[5];
for(i = 0; i < crypto->num_key_usage; i++)
static void
free_key_schedule(krb5_context context,
- struct key_data *key,
- struct encryption_type *et)
+ struct _krb5_key_data *key,
+ struct _krb5_encryption_type *et)
{
if (et->keytype->cleanup)
(*et->keytype->cleanup)(context, key);
}
void
-_krb5_free_key_data(krb5_context context, struct key_data *key,
- struct encryption_type *et)
+_krb5_free_key_data(krb5_context context, struct _krb5_key_data *key,
+ struct _krb5_encryption_type *et)
{
krb5_free_keyblock(context, key->key);
if(key->schedule) {
}
static void
-free_key_usage(krb5_context context, struct key_usage *ku,
- struct encryption_type *et)
+free_key_usage(krb5_context context, struct _krb5_key_usage *ku,
+ struct _krb5_encryption_type *et)
{
_krb5_free_key_data(context, &ku->key, et);
}
krb5_enctype_disable(krb5_context context,
krb5_enctype enctype)
{
- struct encryption_type *et = _krb5_find_enctype(enctype);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(enctype);
if(et == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
krb5_enctype_enable(krb5_context context,
krb5_enctype enctype)
{
- struct encryption_type *et = _krb5_find_enctype(enctype);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(enctype);
if(et == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
krb5_crypto crypto,
size_t data_len)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t padsize = et->padsize;
size_t checksumsize = CHECKSUMSIZE(et->checksum);
size_t res;
krb5_crypto crypto,
size_t data_len)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t padsize = et->padsize;
size_t res;
crypto_overhead (krb5_context context,
krb5_crypto crypto)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t res;
res = CHECKSUMSIZE(et->checksum);
crypto_overhead_dervied (krb5_context context,
krb5_crypto crypto)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t res;
if (et->keyed_checksum)
krb5_keyblock *key)
{
krb5_error_code ret;
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
krb5_enctype type,
size_t *length)
{
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL || et->prf_length == 0) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
const krb5_data *input,
krb5_data *output)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
krb5_data_zero(output);
krb5_enctype etype1,
krb5_enctype etype2)
{
- struct encryption_type *e1 = _krb5_find_enctype(etype1);
- struct encryption_type *e2 = _krb5_find_enctype(etype2);
+ struct _krb5_encryption_type *e1 = _krb5_find_enctype(etype1);
+ struct _krb5_encryption_type *e2 = _krb5_find_enctype(etype2);
return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype;
}
#define DES3_OLD_ENCTYPE 1
#endif
-struct key_data {
+struct _krb5_key_data {
krb5_keyblock *key;
krb5_data *schedule;
};
-struct key_usage {
- unsigned usage;
- struct key_data key;
-};
+struct _krb5_key_usage;
struct krb5_crypto_data {
- struct encryption_type *et;
- struct key_data key;
+ struct _krb5_encryption_type *et;
+ struct _krb5_key_data key;
int num_key_usage;
- struct key_usage *key_usage;
+ struct _krb5_key_usage *key_usage;
};
#define CRYPTO_ETYPE(C) ((C)->et->type)
krb5_salt, krb5_data, krb5_keyblock*);
};
-struct key_type {
+struct _krb5_key_type {
krb5_keytype type; /* XXX */
const char *name;
size_t bits;
size_t size;
size_t schedule_size;
void (*random_key)(krb5_context, krb5_keyblock*);
- void (*schedule)(krb5_context, struct key_type *, struct key_data *);
+ void (*schedule)(krb5_context, struct _krb5_key_type *, struct _krb5_key_data *);
struct salt_type *string_to_key;
void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t);
- void (*cleanup)(krb5_context, struct key_data *);
+ void (*cleanup)(krb5_context, struct _krb5_key_data *);
const EVP_CIPHER *(*evp)(void);
};
-struct checksum_type {
+struct _krb5_checksum_type {
krb5_cksumtype type;
const char *name;
size_t blocksize;
size_t checksumsize;
unsigned flags;
krb5_error_code (*checksum)(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *buf, size_t len,
unsigned usage,
Checksum *csum);
krb5_error_code (*verify)(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *buf, size_t len,
unsigned usage,
Checksum *csum);
};
-struct encryption_type {
+struct _krb5_encryption_type {
krb5_enctype type;
const char *name;
size_t blocksize;
size_t padsize;
size_t confoundersize;
- struct key_type *keytype;
- struct checksum_type *checksum;
- struct checksum_type *keyed_checksum;
+ struct _krb5_key_type *keytype;
+ struct _krb5_checksum_type *checksum;
+ struct _krb5_checksum_type *keyed_checksum;
unsigned flags;
krb5_error_code (*encrypt)(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
void *data, size_t len,
krb5_boolean encryptp,
int usage,
/* Checksums */
-extern struct checksum_type _krb5_checksum_none;
-extern struct checksum_type _krb5_checksum_crc32;
-extern struct checksum_type _krb5_checksum_rsa_md4;
-extern struct checksum_type _krb5_checksum_rsa_md4_des;
-extern struct checksum_type _krb5_checksum_rsa_md5_des;
-extern struct checksum_type _krb5_checksum_rsa_md5_des3;
-extern struct checksum_type _krb5_checksum_rsa_md5;
-extern struct checksum_type _krb5_checksum_hmac_sha1_des3;
-extern struct checksum_type _krb5_checksum_hmac_sha1_aes128;
-extern struct checksum_type _krb5_checksum_hmac_sha1_aes256;
-extern struct checksum_type _krb5_checksum_hmac_md5;
-extern struct checksum_type _krb5_checksum_sha1;
-
-extern struct checksum_type *_krb5_checksum_types[];
+extern struct _krb5_checksum_type _krb5_checksum_none;
+extern struct _krb5_checksum_type _krb5_checksum_crc32;
+extern struct _krb5_checksum_type _krb5_checksum_rsa_md4;
+extern struct _krb5_checksum_type _krb5_checksum_rsa_md4_des;
+extern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des;
+extern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3;
+extern struct _krb5_checksum_type _krb5_checksum_rsa_md5;
+extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3;
+extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128;
+extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256;
+extern struct _krb5_checksum_type _krb5_checksum_hmac_md5;
+extern struct _krb5_checksum_type _krb5_checksum_sha1;
+
+extern struct _krb5_checksum_type *_krb5_checksum_types[];
extern int _krb5_num_checksums;
/* Salts */
/* Encryption types */
-extern struct encryption_type _krb5_enctype_aes256_cts_hmac_sha1;
-extern struct encryption_type _krb5_enctype_aes128_cts_hmac_sha1;
-extern struct encryption_type _krb5_enctype_des3_cbc_sha1;
-extern struct encryption_type _krb5_enctype_des3_cbc_md5;
-extern struct encryption_type _krb5_enctype_des3_cbc_none;
-extern struct encryption_type _krb5_enctype_arcfour_hmac_md5;
-extern struct encryption_type _krb5_enctype_des_cbc_md5;
-extern struct encryption_type _krb5_enctype_old_des3_cbc_sha1;
-extern struct encryption_type _krb5_enctype_des_cbc_crc;
-extern struct encryption_type _krb5_enctype_des_cbc_md4;
-extern struct encryption_type _krb5_enctype_des_cbc_md5;
-extern struct encryption_type _krb5_enctype_des_cbc_none;
-extern struct encryption_type _krb5_enctype_des_cfb64_none;
-extern struct encryption_type _krb5_enctype_des_pcbc_none;
-extern struct encryption_type _krb5_enctype_null;
-
-extern struct encryption_type *_krb5_etypes[];
+extern struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1;
+extern struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1;
+extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1;
+extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5;
+extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_none;
+extern struct _krb5_encryption_type _krb5_enctype_arcfour_hmac_md5;
+extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5;
+extern struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1;
+extern struct _krb5_encryption_type _krb5_enctype_des_cbc_crc;
+extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md4;
+extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5;
+extern struct _krb5_encryption_type _krb5_enctype_des_cbc_none;
+extern struct _krb5_encryption_type _krb5_enctype_des_cfb64_none;
+extern struct _krb5_encryption_type _krb5_enctype_des_pcbc_none;
+extern struct _krb5_encryption_type _krb5_enctype_null;
+
+extern struct _krb5_encryption_type *_krb5_etypes[];
extern int _krb5_num_etypes;
/* Interface to the EVP crypto layer provided by hcrypto */
-struct evp_schedule {
+struct _krb5_evp_schedule {
EVP_CIPHER_CTX ectx;
EVP_CIPHER_CTX dctx;
};