diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-03-11 04:03:12 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:56:58 -0500 |
commit | b7afac2b834674e20f303c3a03b4ac7bb283695e (patch) | |
tree | 4828afb0cf5bc89f0063d3225d0f15cc01cd2012 /source4/heimdal/lib | |
parent | 64b619cefe99c833297f2a635db06bd186843481 (diff) | |
download | samba-b7afac2b834674e20f303c3a03b4ac7bb283695e.tar.gz samba-b7afac2b834674e20f303c3a03b4ac7bb283695e.tar.bz2 samba-b7afac2b834674e20f303c3a03b4ac7bb283695e.zip |
r14198: Update Samba4 to current lorikeet-heimdal.
Andrew Bartlett
(This used to be commit 97a0a0e2fa6784e5fc5278f7a15b385ddcb6a3b3)
Diffstat (limited to 'source4/heimdal/lib')
58 files changed, 2999 insertions, 677 deletions
diff --git a/source4/heimdal/lib/asn1/asn1_gen.c b/source4/heimdal/lib/asn1/asn1_gen.c index 95d670cbb1..5dc0ba2e2d 100644 --- a/source4/heimdal/lib/asn1/asn1_gen.c +++ b/source4/heimdal/lib/asn1/asn1_gen.c @@ -40,7 +40,7 @@ #include <hex.h> #include <err.h> -RCSID("$Id: asn1_gen.c,v 1.3 2005/08/11 10:44:43 lha Exp $"); +RCSID("$Id: asn1_gen.c,v 1.4 2006/01/30 15:06:03 lha Exp $"); static int doit(const char *fn) @@ -87,13 +87,13 @@ doit(const char *fn) ptr++; class = strtok_r(ptr, " \t\n", &foo); - if (class == NULL) errx(1, "class missing one line %lu", line); + if (class == NULL) errx(1, "class missing on line %lu", line); type = strtok_r(NULL, " \t\n", &foo); - if (type == NULL) errx(1, "type missing one line %lu", line); + if (type == NULL) errx(1, "type missing on line %lu", line); tag = strtok_r(NULL, " \t\n", &foo); - if (tag == NULL) errx(1, "tag missing one line %lu", line); + if (tag == NULL) errx(1, "tag missing on line %lu", line); length = strtok_r(NULL, " \t\n", &foo); - if (length == NULL) errx(1, "length missing one line %lu", line); + if (length == NULL) errx(1, "length missing on line %lu", line); data = strtok_r(NULL, " \t\n", &foo); c = der_get_class_num(class); diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h index 1f89f875f5..b9c2b47079 100644 --- a/source4/heimdal/lib/asn1/der.h +++ b/source4/heimdal/lib/asn1/der.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: der.h,v 1.30 2005/10/07 03:48:00 lha Exp $ */ +/* $Id: der.h,v 1.32 2006/01/30 15:25:25 lha Exp $ */ #ifndef __DER_H__ #define __DER_H__ @@ -65,8 +65,10 @@ enum { UT_IA5String = 22, UT_UTCTime = 23, UT_GeneralizedTime = 24, + UT_UniversalString = 25, UT_VisibleString = 26, UT_GeneralString = 27, + UT_BMPString = 30, /* unsupported types */ UT_ObjectDescriptor = 7, UT_External = 8, @@ -76,9 +78,7 @@ enum { UT_NumericString = 18, UT_TeletexString = 20, UT_VideotexString = 21, - UT_GraphicString = 25, - UT_UniversalString = 25, - UT_BMPString = 30, + UT_GraphicString = 25 }; #define ASN1_INDEFINITE 0xdce0deed diff --git a/source4/heimdal/lib/asn1/der_cmp.c b/source4/heimdal/lib/asn1/der_cmp.c index 306fcbdf57..2471312ba8 100755 --- a/source4/heimdal/lib/asn1/der_cmp.c +++ b/source4/heimdal/lib/asn1/der_cmp.c @@ -74,10 +74,10 @@ heim_bit_string_cmp(const heim_bit_string *p, const heim_bit_string *q) int heim_integer_cmp(const heim_integer *p, const heim_integer *q) { + if (p->negative != q->negative) + return q->negative - p->negative; if (p->length != q->length) return p->length - q->length; - if (p->negative != q->negative) - return p->negative - q->negative; return memcmp(p->data, q->data, p->length); } diff --git a/source4/heimdal/lib/asn1/der_copy.c b/source4/heimdal/lib/asn1/der_copy.c index a3c9026cbf..e0443eed39 100644 --- a/source4/heimdal/lib/asn1/der_copy.c +++ b/source4/heimdal/lib/asn1/der_copy.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_copy.c,v 1.13 2005/07/12 06:27:20 lha Exp $"); +RCSID("$Id: der_copy.c,v 1.14 2006/01/04 23:41:29 lha Exp $"); int copy_general_string (const heim_general_string *from, heim_general_string *to) @@ -106,6 +106,7 @@ copy_heim_integer (const heim_integer *from, heim_integer *to) if(to->length != 0 && to->data == NULL) return ENOMEM; memcpy(to->data, from->data, to->length); + to->negative = from->negative; return 0; } diff --git a/source4/heimdal/lib/asn1/der_format.c b/source4/heimdal/lib/asn1/der_format.c new file mode 100644 index 0000000000..44e39b46c5 --- /dev/null +++ b/source4/heimdal/lib/asn1/der_format.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" +#include <hex.h> + +RCSID("$Id: der_format.c,v 1.2 2006/01/16 23:01:11 lha Exp $"); + +int +der_parse_hex_heim_integer (const char *p, heim_integer *data) +{ + ssize_t len; + + data->length = 0; + data->negative = 0; + data->data = NULL; + + if (*p == '-') { + p++; + data->negative = 1; + } + + len = strlen(p); + if (len < 0) { + data->data = NULL; + data->length = 0; + return EINVAL; + } + + data->length = (len / 2) + 1; + data->data = malloc(data->length); + if (data->data == NULL) { + data->length = 0; + return ENOMEM; + } + + len = hex_decode(p, data->data, data->length); + if (len < 0) { + free(data->data); + data->data = NULL; + data->length = 0; + return EINVAL; + } + + { + unsigned char *p = data->data; + while(*p == 0 && len > 0) { + p++; + len--; + } + data->length = len; + memmove(data->data, p, len); + } + return 0; +} + +int +der_print_hex_heim_integer (const heim_integer *data, char **p) +{ + ssize_t len; + char *q; + + len = hex_encode(data->data, data->length, p); + if (len < 0) + return ENOMEM; + + if (data->negative) { + len = asprintf(&q, "-%s", *p); + free(*p); + if (len < 0) + return ENOMEM; + *p = q; + } + return 0; +} diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c index 403f5ab1ba..a75ab15c09 100644 --- a/source4/heimdal/lib/asn1/der_get.c +++ b/source4/heimdal/lib/asn1/der_get.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_get.c,v 1.44 2005/07/19 18:04:00 lha Exp $"); +RCSID("$Id: der_get.c,v 1.45 2006/01/20 10:03:50 lha Exp $"); #include <version.h> @@ -241,19 +241,40 @@ der_get_heim_integer (const unsigned char *p, size_t len, return 0; } if (p[0] & 0x80) { + unsigned char *q; + int carry = 1; data->negative = 1; - return ASN1_OVERRUN; + data->length = len; + + if (p[0] == 0xff) { + p++; + data->length--; + } + data->data = malloc(data->length); + if (data->data == NULL) { + data->length = 0; + return ENOMEM; + } + q = &((unsigned char*)data->data)[data->length - 1]; + p += data->length - 1; + while (q >= (unsigned char*)data->data) { + *q = *p ^ 0xff; + if (carry) + carry = !++*q; + p--; + q--; + } } else { data->negative = 0; data->length = len; - if (p[0] == 0 && data->length != 1) { + if (p[0] == 0) { p++; data->length--; } data->data = malloc(data->length); - if (data->data == NULL) { + if (data->data == NULL && data->length != 0) { data->length = 0; return ENOMEM; } diff --git a/source4/heimdal/lib/asn1/der_length.c b/source4/heimdal/lib/asn1/der_length.c index e818267bf4..2c017ad84e 100644 --- a/source4/heimdal/lib/asn1/der_length.c +++ b/source4/heimdal/lib/asn1/der_length.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_length.c,v 1.17 2005/07/12 06:27:22 lha Exp $"); +RCSID("$Id: der_length.c,v 1.18 2006/01/20 10:04:46 lha Exp $"); size_t _heim_len_unsigned (unsigned val) @@ -178,7 +178,7 @@ length_heim_integer (const heim_integer *k) if (k->length == 0) return 1; if (k->negative) - return k->length + ((((unsigned char *)k->data)[0] & 0x80) ? 0 : 1); + return k->length + (((~(((unsigned char *)k->data)[0])) & 0x80) ? 0 : 1); else return k->length + ((((unsigned char *)k->data)[0] & 0x80) ? 1 : 0); } diff --git a/source4/heimdal/lib/asn1/extra.c b/source4/heimdal/lib/asn1/extra.c index ba081e3a63..4f70f191df 100644 --- a/source4/heimdal/lib/asn1/extra.c +++ b/source4/heimdal/lib/asn1/extra.c @@ -34,7 +34,7 @@ #include "der_locl.h" #include "heim_asn1.h" -RCSID("$Id: extra.c,v 1.5 2005/07/19 18:05:16 lha Exp $"); +RCSID("$Id: extra.c,v 1.6 2006/01/31 09:44:54 lha Exp $"); int encode_heim_any(unsigned char *p, size_t len, @@ -59,10 +59,7 @@ decode_heim_any(const unsigned char *p, size_t len, unsigned int thistag; int e; - if (data == NULL && len == 0) { /* XXX tag less OPTIONAL */ - *size = 0; - return 0; - } + memset(data, 0, sizeof(*data)); e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l); if (e) return e; @@ -73,16 +70,15 @@ decode_heim_any(const unsigned char *p, size_t len, if (length + len_len + l > len) return ASN1_OVERFLOW; - if (data) { /* XXX hack to workaround tag less OPTIONAL data */ - memset(data, 0, sizeof(*data)); - - data->data = malloc(length + len_len + l); - if (data->data == NULL) - return ENOMEM; - data->length = length + len_len + l; - memcpy(data->data, p, length + len_len + l); - } - if (size) *size = length + len_len + l; + data->data = malloc(length + len_len + l); + if (data->data == NULL) + return ENOMEM; + data->length = length + len_len + l; + memcpy(data->data, p, length + len_len + l); + + if (size) + *size = length + len_len + l; + return 0; } diff --git a/source4/heimdal/lib/asn1/parse.y b/source4/heimdal/lib/asn1/parse.y index 51dc51ed88..2238478284 100644 --- a/source4/heimdal/lib/asn1/parse.y +++ b/source4/heimdal/lib/asn1/parse.y @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse.y,v 1.25 2005/08/23 10:52:31 lha Exp $ */ +/* $Id: parse.y,v 1.27 2005/12/14 09:44:36 lha Exp $ */ %{ #ifdef HAVE_CONFIG_H @@ -45,9 +45,10 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y,v 1.25 2005/08/23 10:52:31 lha Exp $"); +RCSID("$Id: parse.y,v 1.27 2005/12/14 09:44:36 lha Exp $"); static Type *new_type (Typetype t); +static struct constraint_spec *new_constraint_spec(enum ctype); static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype); void yyerror (const char *); static struct objid *new_objid(const char *label, int value); @@ -73,6 +74,7 @@ struct string_list { struct string_list *sl; struct tagtype tag; struct memhead *members; + struct constraint_spec *constraint_spec; } %token kw_ABSENT @@ -183,6 +185,7 @@ struct string_list { %type <type> BitStringType %type <type> BooleanType %type <type> ChoiceType +%type <type> ConstrainedType %type <type> EnumeratedType %type <type> IntegerType %type <type> NullType @@ -215,6 +218,12 @@ struct string_list { %type <sl> referencenames +%type <constraint_spec> Constraint +%type <constraint_spec> ConstraintSpec +%type <constraint_spec> GeneralConstraint +%type <constraint_spec> ContentsConstraint +%type <constraint_spec> UserDefinedConstraint + %start ModuleDefinition %% @@ -300,6 +309,7 @@ TypeAssignment : IDENTIFIER EEQUAL Type Type : BuiltinType | ReferencedType + | ConstrainedType ; BuiltinType : BitStringType @@ -507,6 +517,63 @@ UsefulType : kw_GeneralizedTime } ; +ConstrainedType : Type Constraint + { + /* if (Constraint.type == contentConstrant) { + assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too + if (Constraint.u.constraint.type) { + assert((Constraint.u.constraint.type.length % 8) == 0); + } + } + if (Constraint.u.constraint.encoding) { + type == der-oid|ber-oid + } + */ + } + ; + + +Constraint : '(' ConstraintSpec ')' + { + $$ = $2; + } + +ConstraintSpec : GeneralConstraint + +GeneralConstraint: ContentsConstraint + | UserDefinedConstraint + ; + +ContentsConstraint: kw_CONTAINING Type + { + $$ = new_constraint_spec(CT_CONTENTS); + $$->u.content.type = $2; + $$->u.content.encoding = NULL; + } + | kw_ENCODED kw_BY Value + { + if ($3->type != objectidentifiervalue) + error_message("Non-OID used in ENCODED BY constraint"); + $$ = new_constraint_spec(CT_CONTENTS); + $$->u.content.type = NULL; + $$->u.content.encoding = $3; + } + | kw_CONTAINING Type kw_ENCODED kw_BY Value + { + if ($5->type != objectidentifiervalue) + error_message("Non-OID used in ENCODED BY constraint"); + $$ = new_constraint_spec(CT_CONTENTS); + $$->u.content.type = $2; + $$->u.content.encoding = $5; + } + ; + +UserDefinedConstraint: kw_CONSTRAINED kw_BY '{' '}' + { + $$ = new_constraint_spec(CT_USER); + } + ; + TaggedType : Tag tagenv Type { $$ = new_type(TTag); @@ -861,6 +928,14 @@ new_type (Typetype tt) return t; } +static struct constraint_spec * +new_constraint_spec(enum ctype ct) +{ + struct constraint_spec *c = ecalloc(1, sizeof(*c)); + c->ctype = ct; + return c; +} + static void fix_labels2(Type *t, const char *prefix); static void fix_labels1(struct memhead *members, const char *prefix) { diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index 925615f244..ffaf15279a 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,4 +1,4 @@ -/* A lexical scanner generated by flex */ +/* A lexical scanner generated by flex*/ /* Scanner skeleton version: * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ @@ -134,6 +134,15 @@ extern FILE *yyin, *yyout; #define unput(c) yyunput( c, yytext_ptr ) +/* Some routines like yy_flex_realloc() are emitted as static but are + not called by all lexers. This generates warnings in some compilers, + notably GCC. Arrange to suppress these. */ +#ifdef __GNUC__ +#define YY_MAY_BE_UNUSED __attribute__((unused)) +#else +#define YY_MAY_BE_UNUSED +#endif + /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). @@ -240,7 +249,7 @@ YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED; static void yy_flex_free YY_PROTO(( void * )); #define yy_new_buffer yy_create_buffer @@ -442,7 +451,7 @@ static int getstring(void); #undef ECHO -#line 446 "lex.yy.c" +#line 455 "lex.yy.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -595,7 +604,7 @@ YY_DECL #line 59 "lex.l" -#line 599 "lex.yy.c" +#line 608 "lex.yy.c" if ( yy_init ) { @@ -758,7 +767,7 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 762 "lex.yy.c" +#line 771 "lex.yy.c" case YY_STATE_EOF(INITIAL): yyterminate(); diff --git a/source4/heimdal/lib/des/aes.h b/source4/heimdal/lib/des/aes.h index ef72b0add7..8a62c6461d 100755 --- a/source4/heimdal/lib/des/aes.h +++ b/source4/heimdal/lib/des/aes.h @@ -31,11 +31,22 @@ * SUCH DAMAGE. */ -/* $Id: aes.h,v 1.4 2005/04/10 19:09:47 lha Exp $ */ +/* $Id: aes.h,v 1.5 2006/01/08 21:47:27 lha Exp $ */ #ifndef HEIM_AES_H #define HEIM_AES_H 1 +/* symbol renaming */ +#define AES_set_encrypt_key hc_AES_set_encrypt_key +#define AES_set_decrypt_key hc_AES_decrypt_key +#define AES_encrypt hc_AES_encrypt +#define AES_decrypt hc_AES_decrypt +#define AES_cbc_encrypt hc_AES_cbc_encrypt + +/* + * + */ + #define AES_BLOCK_SIZE 16 #define AES_MAXNR 14 diff --git a/source4/heimdal/lib/des/bn.h b/source4/heimdal/lib/des/bn.h new file mode 100644 index 0000000000..b0c90d36fc --- /dev/null +++ b/source4/heimdal/lib/des/bn.h @@ -0,0 +1,121 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: bn.h,v 1.3 2006/01/13 08:27:50 lha Exp $ + */ + +#ifndef _HEIM_BN_H +#define _HEIM_BN_H 1 + +/* symbol renaming */ +#define BN_GENCB_call hc_BN_GENCB_call +#define BN_GENCB_set hc_BN_GENCB_set +#define BN_bin2bn hc_BN_bin2bn +#define BN_bn2bin hc_BN_bn2bin +#define BN_bn2hex hc_BN_bn2hex +#define BN_clear hc_BN_clear +#define BN_clear_bit hc_BN_clear_bit +#define BN_clear_free hc_BN_clear_free +#define BN_cmp hc_BN_cmp +#define BN_dup hc_BN_dup +#define BN_free hc_BN_free +#define BN_is_negative hc_BN_is_negative +#define BN_get_word hc_BN_get_word +#define BN_hex2bn hc_BN_hex2bn +#define BN_is_bit_set hc_BN_is_bit_set +#define BN_new hc_BN_new +#define BN_num_bits hc_BN_num_bits +#define BN_num_bytes hc_BN_num_bytes +#define BN_rand hc_BN_rand +#define BN_set_bit hc_BN_set_bit +#define BN_set_negative hc_BN_set_negative +#define BN_set_word hc_BN_set_word +#define BN_uadd hc_BN_uadd + +/* + * + */ + +typedef void BIGNUM; +typedef struct BN_GENCB BN_GENCB; +typedef void BN_CTX; +typedef void BN_MONT_CTX; +typedef void BN_BLINDING; + +struct BN_GENCB { + unsigned int ver; + void *arg; + union { + int (*cb_2)(int, int, BN_GENCB *); + } cb; +}; + +/* + * + */ + +BIGNUM *BN_new(void); +void BN_free(BIGNUM *); +void BN_clear_free(BIGNUM *); +void BN_clear(BIGNUM *); +BIGNUM *BN_dup(const BIGNUM *); + +int BN_num_bits(const BIGNUM *); +int BN_num_bytes(const BIGNUM *); + +int BN_cmp(const BIGNUM *, const BIGNUM *); + +void BN_set_negative(BIGNUM *, int); +int BN_is_negative(BIGNUM *); + +int BN_is_bit_set(const BIGNUM *, int); +int BN_set_bit(BIGNUM *, int); +int BN_clear_bit(BIGNUM *, int); + +int BN_set_word(BIGNUM *, unsigned long); +unsigned long BN_get_word(const BIGNUM *); + +BIGNUM *BN_bin2bn(const void *,int len,BIGNUM *); +int BN_bn2bin(const BIGNUM *, void *); +int BN_hex2bn(BIGNUM **, const char *); +char * BN_bn2hex(const BIGNUM *); + +int BN_uadd(BIGNUM *, const BIGNUM *, const BIGNUM *); + +int BN_rand(BIGNUM *, int, int, int); + +void BN_GENCB_set(BN_GENCB *, int (*)(int, int, BN_GENCB *), void *); +int BN_GENCB_call(BN_GENCB *, int, int); + +#endif diff --git a/source4/heimdal/lib/des/des.c b/source4/heimdal/lib/des/des.c index b615bbd30e..b6bb55a9ba 100644 --- a/source4/heimdal/lib/des/des.c +++ b/source4/heimdal/lib/des/des.c @@ -45,7 +45,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: des.c,v 1.15 2005/07/20 10:49:22 lha Exp $"); +RCSID("$Id: des.c,v 1.16 2006/01/08 21:47:28 lha Exp $"); #endif #include <stdio.h> @@ -54,6 +54,7 @@ RCSID("$Id: des.c,v 1.15 2005/07/20 10:49:22 lha Exp $"); #include <krb5-types.h> #include "des.h" +#include "ui.h" static void desx(uint32_t [2], DES_key_schedule *, int); static void IP(uint32_t [2]); diff --git a/source4/heimdal/lib/des/des.h b/source4/heimdal/lib/des/des.h index 887c2e14d4..890fab462d 100644 --- a/source4/heimdal/lib/des/des.h +++ b/source4/heimdal/lib/des/des.h @@ -31,11 +31,41 @@ * SUCH DAMAGE. */ -/* $Id: des.h,v 1.24 2005/07/20 10:49:23 lha Exp $ */ +/* $Id: des.h,v 1.25 2006/01/08 21:47:28 lha Exp $ */ #ifndef _DESperate_H #define _DESperate_H 1 +/* symbol renaming */ +#define DES_set_odd_parity hc_DES_set_odd_parity +#define DES_is_weak_key hc_DES_is_weak_key +#define DES_key_sched hc_DES_key_sched +#define DES_set_key hc_DES_set_key +#define DES_set_key_checked hc_DES_set_key_checked +#define DES_set_key_sched hc_DES_set_key_sched +#define DES_new_random_key hc_DES_new_random_key +#define DES_string_to_key hc_DES_string_to_key +#define DES_read_password hc_DES_read_password +#define DES_rand_data hc_DES_rand_data +#define DES_set_random_generator_seed hc_DES_set_random_generator_seed +#define DES_generate_random_block hc_DES_generate_random_block +#define DES_set_sequence_number hc_DES_set_sequence_number +#define DES_init_random_number_generator hc_DES_init_random_number_generator +#define DES_random_key hc_DES_random_key +#define DES_encrypt hc_DES_encrypt +#define DES_ecb_encrypt hc_DES_ecb_encrypt +#define DES_ecb3_encrypt hc_DES_ecb3_encrypt +#define DES_pcbc_encrypt hc_DES_pcbc_encrypt +#define DES_cbc_encrypt hc_DES_cbc_encrypt +#define DES_cbc_cksum hc_DES_cbc_cksum +#define DES_ede3_cbc_encrypt hc_DES_ede3_cbc_encrypt +#define DES_cfb64_encrypt hc_DES_cfb64_encrypt +#define _DES_ipfp_test _hc_DES_ipfp_test + +/* + * + */ + #define DES_CBLOCK_LEN 8 #define DES_KEY_SZ 8 @@ -48,6 +78,10 @@ typedef struct DES_key_schedule uint32_t ks[32]; } DES_key_schedule; +/* + * + */ + int DES_set_odd_parity(DES_cblock *); int DES_is_weak_key(DES_cblock *); int DES_set_key(DES_cblock *, DES_key_schedule *); @@ -57,8 +91,6 @@ int DES_new_random_key(DES_cblock *); void DES_string_to_key(const char *, DES_cblock *); int DES_read_password(DES_cblock *, char *, int); -int UI_UTIL_read_pw_string(char *, int, const char *, int); /* XXX */ - void DES_rand_data(void *, int); void DES_set_random_generator_seed(DES_cblock *); void DES_generate_random_block(DES_cblock *); diff --git a/source4/heimdal/lib/des/dh.h b/source4/heimdal/lib/des/dh.h new file mode 100644 index 0000000000..cbea876521 --- /dev/null +++ b/source4/heimdal/lib/des/dh.h @@ -0,0 +1,139 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: dh.h,v 1.4 2006/01/18 13:48:30 lha Exp $ + */ + +#ifndef _HEIM_DH_H +#define _HEIM_DH_H 1 + +/* symbol renaming */ +#define DH_null_method hc_DH_null_method +#define DH_new hc_DH_new +#define DH_new_method hc_DH_new_method +#define DH_free hc_DH_free +#define DH_up_ref hc_DH_up_ref +#define DH_size hc_DH_size +#define DH_set_default_method hc_DH_set_default_method +#define DH_get_default_method hc_DH_get_default_method +#define DH_set_method hc_DH_set_method +#define DH_get_method hc_DH_get_method +#define DH_set_ex_data hc_DH_set_ex_data +#define DH_get_ex_data hc_DH_get_ex_data +#define DH_generate_parameters_ex hc_DH_generate_parameters_ex +#define DH_check hc_DH_check +#define DH_generate_key hc_DH_generate_key +#define DH_compute_key hc_DH_compute_key + +/* + * + */ + +typedef struct DH DH; +typedef struct DH_METHOD DH_METHOD; + +#include <hcrypto/bn.h> +#include <hcrypto/engine.h> + +struct DH_METHOD { + const char *name; + int (*generate_key)(DH *); + int (*compute_key)(unsigned char *,const BIGNUM *,DH *); + int (*bn_mod_exp)(const DH *, BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *); + int (*init)(DH *); + int (*finish)(DH *); + int flags; + void *app_data; + int (*generate_params)(DH *, int, int, BN_GENCB *); +}; + +struct DH { + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + long length; + BIGNUM *pub_key; + BIGNUM *priv_key; + int flags; + void *method_mont_p; + BIGNUM *q; + BIGNUM *j; + void *seed; + int seedlen; + BIGNUM *counter; + int references; + struct CRYPTO_EX_DATA { + void *sk; + int dummy; + } ex_data; + const DH_METHOD *meth; + ENGINE *engine; +}; + +/* DH_check_pubkey return codes in `codes' argument. */ +#define DH_CHECK_PUBKEY_TOO_SMALL 1 +#define DH_CHECK_PUBKEY_TOO_LARGE 2 + +/* + * + */ + +const DH_METHOD *DH_null_method(void); + +DH * DH_new(void); +DH * DH_new_method(ENGINE *); +void DH_free(DH *); +int DH_up_ref(DH *); + +int DH_size(const DH *); + + +void DH_set_default_method(const DH_METHOD *); +const DH_METHOD * + DH_get_default_method(void); +int DH_set_method(DH *, const DH_METHOD *); + +int DH_set_ex_data(DH *, int, void *); +void * DH_get_ex_data(DH *, int); + +int DH_generate_parameters_ex(DH *, int, int, BN_GENCB *); +int DH_check_pubkey(const DH *, const BIGNUM *, int *); +int DH_generate_key(DH *); +int DH_compute_key(unsigned char *,const BIGNUM *,DH *); + +#endif /* _HEIM_DH_H */ + diff --git a/source4/heimdal/lib/des/dsa.h b/source4/heimdal/lib/des/dsa.h new file mode 100644 index 0000000000..18859effc8 --- /dev/null +++ b/source4/heimdal/lib/des/dsa.h @@ -0,0 +1,140 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: dsa.h,v 1.2 2006/01/13 15:26:52 lha Exp $ + */ + +#ifndef _HEIM_DSA_H +#define _HEIM_DSA_H 1 + +#include <hcrypto/bn.h> + +/* symbol renaming */ +#define DSA_null_method hc_DSA_null_method +#define DSA_new hc_DSA_new +#define DSA_free hc_DSA_free +#define DSA_up_ref hc_DSA_up_ref +#define DSA_set_default_method hc_DSA_set_default_method +#define DSA_get_default_method hc_DSA_get_default_method +#define DSA_set_method hc_DSA_set_method +#define DSA_get_method hc_DSA_get_method +#define DSA_set_app_data hc_DSA_set_app_data +#define DSA_get_app_data hc_DSA_get_app_data +#define DSA_size hc_DSA_size +#define DSA_verify hc_DSA_verify + +/* + * + */ + + +typedef struct DSA DSA; +typedef struct DSA_METHOD DSA_METHOD; +typedef struct DSA_SIG DSA_SIG; + +struct DSA_SIG { + BIGNUM *r; + BIGNUM *s; +}; + +struct DSA_METHOD { + const char *name; + DSA_SIG * (*dsa_do_sign)(const unsigned char *, int, DSA *); + int (*dsa_sign_setup)(DSA *, BN_CTX *, BIGNUM **, BIGNUM **); + int (*dsa_do_verify)(const unsigned char *, int, DSA_SIG *, DSA *); + int (*dsa_mod_exp)(DSA *, BIGNUM *, BIGNUM *, BIGNUM *, + BIGNUM *, BIGNUM *, BIGNUM *, BN_CTX *, + BN_MONT_CTX *); + int (*bn_mod_exp)(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, + BN_MONT_CTX *); + int (*init)(DSA *); + int (*finish)(DSA *); + int flags; + void *app_data; +}; + +struct DSA { + int pad; + long version; + int write_params; + BIGNUM *p; + BIGNUM *q; + BIGNUM *g; + + BIGNUM *pub_key; + BIGNUM *priv_key; + + BIGNUM *kinv; + BIGNUM *r; + int flags; + void *method_mont_p; + int references; + struct dsa_CRYPTO_EX_DATA { + void *sk; + int dummy; + } ex_data; + const DSA_METHOD *meth; + void *engine; +}; + +/* + * + */ + +const DSA_METHOD *DSA_null_method(void); + +/* + * + */ + +DSA * DSA_new(void); +void DSA_free(DSA *); +int DSA_up_ref(DSA *); + +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD * DSA_get_default_method(void); + +const DSA_METHOD * DSA_get_method(const DSA *); +int DSA_set_method(DSA *, const DSA_METHOD *); + +void DSA_set_app_data(DSA *, void *arg); +void * DSA_get_app_data(DSA *); + +int DSA_size(const DSA *); + +int DSA_verify(int, const unsigned char *, int, + const unsigned char *, int, DSA *); + +#endif /* _HEIM_DSA_H */ diff --git a/source4/heimdal/lib/des/engine.h b/source4/heimdal/lib/des/engine.h new file mode 100644 index 0000000000..70c0a7688c --- /dev/null +++ b/source4/heimdal/lib/des/engine.h @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: engine.h,v 1.4 2006/01/13 15:26:52 lha Exp $ + */ + +#ifndef _HEIM_ENGINE_H +#define _HEIM_ENGINE_H 1 + +/* symbol renaming */ +#define ENGINE_add_conf_module hc_ENGINE_add_conf_module +#define ENGINE_by_dso hc_ENGINE_by_dso +#define ENGINE_by_id hc_ENGINE_by_id +#define ENGINE_finish hc_ENGINE_finish +#define ENGINE_get_DH hc_ENGINE_get_DH +#define ENGINE_get_RSA hc_ENGINE_get_RSA +#define ENGINE_get_id hc_ENGINE_get_id +#define ENGINE_get_name hc_ENGINE_get_name +#define ENGINE_load_builtin_engines hc_ENGINE_load_builtin_engines +#define ENGINE_set_DH hc_ENGINE_set_DH +#define ENGINE_set_RSA hc_ENGINE_set_RSA +#define ENGINE_set_id hc_ENGINE_set_id +#define ENGINE_set_name hc_ENGINE_set_name +#define ENGINE_set_destroy_function hc_ENGINE_set_destroy_function +#define ENGINE_up_ref hc_ENGINE_up_ref + +/* + * + */ + +typedef struct hc_engine ENGINE; + +#include <hcrypto/rsa.h> +#include <hcrypto/dsa.h> +#include <hcrypto/dh.h> + +#define OPENSSL_DYNAMIC_VERSION (unsigned long)0x00020000 + +typedef int (*openssl_bind_engine)(ENGINE *, const char *, const void *); +typedef unsigned long (*openssl_v_check)(unsigned long); + +void ENGINE_add_conf_module(void); +void ENGINE_load_builtin_engines(void); +ENGINE *ENGINE_by_id(const char *); +ENGINE *ENGINE_by_dso(const char *, const char *); +int ENGINE_finish(ENGINE *); +int ENGINE_up_ref(ENGINE *); +int ENGINE_set_id(ENGINE *, const char *); +int ENGINE_set_name(ENGINE *, const char *); +int ENGINE_set_RSA(ENGINE *, const RSA_METHOD *); +int ENGINE_set_DH(ENGINE *, const DH_METHOD *); +int ENGINE_set_destroy_function(ENGINE *, void (*)(ENGINE *)); + +const char * ENGINE_get_id(const ENGINE *); +const char * ENGINE_get_name(const ENGINE *); +const RSA_METHOD * ENGINE_get_RSA(const ENGINE *); +const DH_METHOD * ENGINE_get_DH(const ENGINE *); + +int ENGINE_set_default_RSA(ENGINE *); +ENGINE * ENGINE_get_default_RSA(void); +int ENGINE_set_default_DH(ENGINE *); +ENGINE * ENGINE_get_default_DH(void); + + +#endif /* _HEIM_ENGINE_H */ diff --git a/source4/heimdal/lib/des/evp.c b/source4/heimdal/lib/des/evp.c new file mode 100644 index 0000000000..3f89a49bcc --- /dev/null +++ b/source4/heimdal/lib/des/evp.c @@ -0,0 +1,728 @@ +#include <sys/types.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> + +#include <evp.h> + +#include <krb5-types.h> + +#include <aes.h> +#include <des.h> +#include <sha.h> +#include <rc2.h> +#include <rc4.h> +#include <md2.h> +#include <md4.h> +#include <md5.h> + +struct hc_evp_md { + int hash_size; + int block_size; + int ctx_size; + int (*init)(EVP_MD_CTX *); + int (*update)(EVP_MD_CTX *,const void *, size_t ); + int (*final)(void *, EVP_MD_CTX *); + int (*cleanup)(EVP_MD_CTX *); +}; + +/* + * + */ + +size_t +EVP_MD_size(const EVP_MD *md) +{ + return md->hash_size; +} + +size_t +EVP_MD_block_size(const EVP_MD *md) +{ + return md->block_size; +} + +EVP_MD_CTX * +EVP_MD_CTX_create(void) +{ + return calloc(1, sizeof(EVP_MD_CTX)); +} + +void +EVP_MD_CTX_init(EVP_MD_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); +} + +void +EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) +{ + EVP_MD_CTX_cleanup(ctx); + free(ctx); +} + +int +EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +{ + if (ctx->md && ctx->md->cleanup) + (ctx->md->cleanup)(ctx); + ctx->md = NULL; + ctx->engine = NULL; + free(ctx->ptr); + return 1; +} + + +const EVP_MD * +EVP_MD_CTX_md(EVP_MD_CTX *ctx) +{ + return ctx->md; +} + +size_t +EVP_MD_CTX_size(EVP_MD_CTX *ctx) +{ + return EVP_MD_size(ctx->md); +} + +size_t +EVP_MD_CTX_block_size(EVP_MD_CTX *ctx) +{ + return EVP_MD_block_size(ctx->md); +} + +int +EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine) +{ + if (ctx->md != md || ctx->engine != engine) { + EVP_MD_CTX_cleanup(ctx); + ctx->md = md; + ctx->engine = engine; + + ctx->ptr = calloc(1, md->ctx_size); + if (ctx->ptr == NULL) + return 0; + } + (ctx->md->init)(ctx->ptr); + return 1; +} + +int +EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size) +{ + (ctx->md->update)(ctx->ptr, data, size); + return 1; +} + +int +EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size) +{ + (ctx->md->final)(hash, ctx->ptr); + if (size) + *size = ctx->md->hash_size; + return 1; +} + +int +EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, + const EVP_MD *md, ENGINE *engine) +{ + EVP_MD_CTX *ctx; + int ret; + + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) + return 0; + ret = EVP_DigestInit_ex(ctx, md, engine); + if (ret != 1) + return ret; + ret = EVP_DigestUpdate(ctx, data, dsize); + if (ret != 1) + return ret; + ret = EVP_DigestFinal_ex(ctx, hash, hsize); + if (ret != 1) + return ret; + EVP_MD_CTX_destroy(ctx); + return 1; +} + +/* + * + */ + +static const struct hc_evp_md sha1 = { + 20, + 64, + sizeof(SHA_CTX), + (void *)SHA1_Init, + (void *)SHA1_Update, + (void *)SHA1_Final, + NULL +}; + +const EVP_MD * +EVP_sha1(void) +{ + return &sha1; +} + +const EVP_MD * +EVP_sha(void) +{ + return &sha1; +} + +const EVP_MD * +EVP_md5(void) +{ + static const struct hc_evp_md md5 = { + 16, + 64, + sizeof(MD5_CTX), + (void *)MD5_Init, + (void *)MD5_Update, + (void *)MD5_Final, + NULL + }; + return &md5; +} + +const EVP_MD * +EVP_md4(void) +{ + static const struct hc_evp_md md4 = { + 16, + 64, + sizeof(MD4_CTX), + (void *)MD4_Init, + (void *)MD4_Update, + (void *)MD4_Final, + NULL + }; + return &md4; +} + +const EVP_MD * +EVP_md2(void) +{ + static const struct hc_evp_md md2 = { + 16, + 16, + sizeof(MD2_CTX), + (void *)MD2_Init, + (void *)MD2_Update, + (void *)MD2_Final, + NULL + }; + return &md2; +} + +/* + * + */ + +static void +null_Init (void *m) +{ +} +static void +null_Update (void *m, const void * data, size_t size) +{ +} +static void +null_Final(void *res, struct md5 *m) +{ +} + +const EVP_MD * +EVP_md_null(void) +{ + static const struct hc_evp_md null = { + 0, + 0, + 0, + (void *)null_Init, + (void *)null_Update, + (void *)null_Final, + NULL + }; + return &null; +} + +#if 0 +void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); +int EVP_SignFinal(EVP_MD_CTX *, void *, size_t *, EVP_PKEY *); +int EVP_VerifyFinal(EVP_MD_CTX *, const void *, size_t, EVP_PKEY *); +#endif + +/* + * + */ + +size_t +EVP_CIPHER_block_size(const EVP_CIPHER *c) +{ + return c->block_size; +} + +size_t +EVP_CIPHER_key_length(const EVP_CIPHER *c) +{ + return c->key_len; +} + +size_t +EVP_CIPHER_iv_length(const EVP_CIPHER *c) +{ + return c->iv_len; +} + +void +EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c) +{ + memset(c, 0, sizeof(*c)); +} + +int +EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) +{ + if (c->cipher && c->cipher->cleanup) + c->cipher->cleanup(c); + if (c->cipher_data) { + free(c->cipher_data); + c->cipher_data = NULL; + } + return 1; +} + +#if 0 +int +EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length) +{ + return 0; +} + +int +EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad) +{ + return 0; +} +#endif + +const EVP_CIPHER * +EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher; +} + +size_t +EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_block_size(ctx->cipher); +} + +size_t +EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_key_length(ctx->cipher); +} + +size_t +EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_iv_length(ctx->cipher); +} + +unsigned long +EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher->flags; +} + +int +EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE; +} + +void * +EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx) +{ + return ctx->app_data; +} + +void +EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) +{ + ctx->app_data = data; +} + +int +EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, + const void *key, const void *iv, int encp) +{ + if (encp == -1) + encp = ctx->encrypt; + else + ctx->encrypt = (encp ? 1 : 0); + + if (c && (c != ctx->cipher)) { + EVP_CIPHER_CTX_cleanup(ctx); + ctx->cipher = c; + ctx->key_len = c->key_len; + + ctx->cipher_data = malloc(c->ctx_size); + if (ctx->cipher_data == NULL && c->ctx_size != 0) + return 0; + + } else if (ctx->cipher == NULL) { + /* reuse of cipher, but not any cipher ever set! */ + return 0; + } + + switch (EVP_CIPHER_CTX_flags(ctx)) { + case EVP_CIPH_CBC_MODE: + + assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv)); + + if (iv) + memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + break; + default: + return 0; + } + + if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) + ctx->cipher->init(ctx, key, iv, encp); + + return 1; +} + +int +EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size) +{ + return ctx->cipher->do_cipher(ctx, out, in, size); +} + +/* + * + */ + +static int +enc_null_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + return 1; +} + +static int +enc_null_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + memmove(out, in, size); + return 1; +} + +static int +enc_null_cleanup(EVP_CIPHER_CTX *ctx) +{ + return 1; +} + +const EVP_CIPHER * +EVP_enc_null(void) +{ + static const EVP_CIPHER enc_null = { + 0, + 0, + 0, + 0, + EVP_CIPH_CBC_MODE, + enc_null_init, + enc_null_do_cipher, + enc_null_cleanup, + 0, + NULL, + NULL, + NULL, + NULL + }; + return &enc_null; +} + +/* + * + */ + +struct rc2_cbc { + unsigned int maximum_effective_key; + RC2_KEY key; +}; + +static int +rc2_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + struct rc2_cbc *k = ctx->cipher_data; + k->maximum_effective_key = EVP_CIPHER_CTX_key_length(ctx) * 8; + RC2_set_key(&k->key, + EVP_CIPHER_CTX_key_length(ctx), + key, + k->maximum_effective_key); + return 1; +} + +static int +rc2_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + struct rc2_cbc *k = ctx->cipher_data; + RC2_cbc_encrypt(in, out, size, &k->key, ctx->iv, ctx->encrypt); + return 1; +} + +static int +rc2_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(struct rc2_cbc)); + return 1; +} + + +const EVP_CIPHER * +EVP_rc2_cbc(void) +{ + static const EVP_CIPHER rc2_cbc = { + 0, + RC2_BLOCK_SIZE, + RC2_KEY_LENGTH, + RC2_BLOCK_SIZE, + EVP_CIPH_CBC_MODE, + rc2_init, + rc2_do_cipher, + rc2_cleanup, + sizeof(struct rc2_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_cbc; +} + +const EVP_CIPHER * +EVP_rc2_40_cbc(void) +{ + static const EVP_CIPHER rc2_40_cbc = { + 0, + RC2_BLOCK_SIZE, + 5, + RC2_BLOCK_SIZE, + EVP_CIPH_CBC_MODE, + rc2_init, + rc2_do_cipher, + rc2_cleanup, + sizeof(struct rc2_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_40_cbc; +} + +/* + * + */ + +const EVP_CIPHER * +EVP_rc4(void) +{ + printf("evp rc4\n"); + abort(); + return NULL; +} + +const EVP_CIPHER * +EVP_rc4_40(void) +{ + printf("evp rc4_40\n"); + abort(); + return NULL; +} + +/* + * + */ + +struct des_ede3_cbc { + DES_key_schedule ks[3]; +}; + +static int +des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + struct des_ede3_cbc *k = ctx->cipher_data; + + DES_key_sched((DES_cblock *)(key), &k->ks[0]); + DES_key_sched((DES_cblock *)(key + 8), &k->ks[1]); + DES_key_sched((DES_cblock *)(key + 16), &k->ks[2]); + + return 1; +} + +static int +des_ede3_cbc_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + struct des_ede3_cbc *k = ctx->cipher_data; + DES_ede3_cbc_encrypt(in, out, size, + &k->ks[0], &k->ks[1], &k->ks[2], + (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; +} + +static int +des_ede3_cbc_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(struct des_ede3_cbc)); + return 1; +} + +const EVP_CIPHER * +EVP_des_ede3_cbc(void) +{ + static const EVP_CIPHER des_ede3_cbc = { + 0, + 8, + 24, + 8, + EVP_CIPH_CBC_MODE, + des_ede3_cbc_init, + des_ede3_cbc_do_cipher, + des_ede3_cbc_cleanup, + sizeof(struct des_ede3_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &des_ede3_cbc; +} + +/* + * + */ + +static int +aes_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + AES_KEY *k = ctx->cipher_data; + if (ctx->encrypt) + AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); + else + AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); + return 1; +} + +static int +aes_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + AES_KEY *k = ctx->cipher_data; + AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); + return 1; +} + +static int +aes_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(AES_KEY)); + return 1; +} + +const EVP_CIPHER * +EVP_aes_128_cbc(void) +{ + static const EVP_CIPHER aes_128_cbc = { + 0, + 16, + 16, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + aes_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &aes_128_cbc; +} + +const EVP_CIPHER * +EVP_aes_192_cbc(void) +{ + static const EVP_CIPHER aes_192_cbc = { + 0, + 16, + 24, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + aes_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &aes_192_cbc; +} + + +const EVP_CIPHER * +EVP_aes_256_cbc(void) +{ + static const EVP_CIPHER aes_256_cbc = { + 0, + 16, + 32, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + aes_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &aes_256_cbc; +} diff --git a/source4/heimdal/lib/des/evp.h b/source4/heimdal/lib/des/evp.h new file mode 100644 index 0000000000..a04f17aabf --- /dev/null +++ b/source4/heimdal/lib/des/evp.h @@ -0,0 +1,231 @@ +/* + * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: evp.h,v 1.3 2006/02/28 14:17:25 lha Exp $ */ + +#ifndef HEIM_EVP_H +#define HEIM_EVP_H 1 + +#include <hcrypto/engine.h> + +/* symbol renaming */ +#define EVP_CIPHER_CTX_block_size hc_EVP_CIPHER_CTX_block_size +#define EVP_CIPHER_CTX_cipher hc_EVP_CIPHER_CTX_cipher +#define EVP_CIPHER_CTX_cleanup hc_EVP_CIPHER_CTX_cleanup +#define EVP_CIPHER_CTX_flags hc_EVP_CIPHER_CTX_flags +#define EVP_CIPHER_CTX_get_app_data hc_EVP_CIPHER_CTX_get_app_data +#define EVP_CIPHER_CTX_init hc_EVP_CIPHER_CTX_init +#define EVP_CIPHER_CTX_iv_length hc_EVP_CIPHER_CTX_iv_length +#define EVP_CIPHER_CTX_key_length hc_EVP_CIPHER_CTX_key_length +#define EVP_CIPHER_CTX_mode hc_EVP_CIPHER_CTX_mode +#define EVP_CIPHER_CTX_set_app_data hc_EVP_CIPHER_CTX_set_app_data +#define EVP_CIPHER_CTX_set_key_length hc_EVP_CIPHER_CTX_set_key_length +#define EVP_CIPHER_CTX_set_padding hc_EVP_CIPHER_CTX_set_padding +#define EVP_CIPHER_block_size hc_EVP_CIPHER_block_size +#define EVP_CIPHER_iv_length hc_EVP_CIPHER_iv_length +#define EVP_CIPHER_key_length hc_EVP_CIPHER_key_length +#define EVP_Cipher hc_EVP_Cipher +#define EVP_CipherInit_ex hc_EVP_CipherInit_ex +#define EVP_Digest hc_EVP_Digest +#define EVP_DigestFinal_ex hc_EVP_DigestFinal_ex +#define EVP_DigestInit_ex hc_EVP_DigestInit_ex +#define EVP_DigestUpdate hc_EVP_DigestUpdate +#define EVP_MD_CTX_block_size hc_EVP_MD_CTX_block_size +#define EVP_MD_CTX_cleanup hc_EVP_MD_CTX_cleanup +#define EVP_MD_CTX_create hc_EVP_MD_CTX_create +#define EVP_MD_CTX_init hc_EVP_MD_CTX_init +#define EVP_MD_CTX_destroy hc_EVP_MD_CTX_destroy +#define EVP_MD_CTX_md hc_EVP_MD_CTX_md +#define EVP_MD_CTX_size hc_EVP_MD_CTX_size +#define EVP_MD_block_size hc_EVP_MD_block_size +#define EVP_MD_size hc_EVP_MD_size +#define EVP_aes_128_cbc hc_EVP_aes_128_cbc +#define EVP_aes_192_cbc hc_EVP_aes_192_cbc +#define EVP_aes_256_cbc hc_EVP_aes_256_cbc +#define EVP_des_ede3_cbc hc_EVP_des_ede3_cbc +#define EVP_enc_null hc_EVP_enc_null +#define EVP_md2 hc_EVP_md2 +#define EVP_md4 hc_EVP_md4 +#define EVP_md5 hc_EVP_md5 +#define EVP_md_null hc_EVP_md_null +#define EVP_rc2_40_cbc hc_EVP_rc2_40_cbc +#define EVP_rc2_cbc hc_EVP_rc2_cbc +#define EVP_rc4 hc_EVP_rc4 +#define EVP_rc4_40 hc_EVP_rc4_40 +#define EVP_sha hc_EVP_sha +#define EVP_sha1 hc_EVP_sha1 +#define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1 + +/* + * + */ + +typedef struct hc_EVP_MD_CTX EVP_MD_CTX; +typedef struct hc_evp_pkey EVP_PKEY; +typedef struct hc_evp_md EVP_MD; +typedef struct hc_CIPHER EVP_CIPHER; +typedef struct hc_CIPHER_CTX EVP_CIPHER_CTX; + +#define EVP_MAX_IV_LENGTH 16 +#define EVP_MAX_BLOCK_LENGTH 32 + +#define EVP_MAX_MD_SIZE 64 + +struct hc_CIPHER { + int nid; + int block_size; + int key_len; + int iv_len; + unsigned long flags; + /* The lowest 3 bits is used as integer field for the mode the + * cipher is used in (use EVP_CIPHER.._mode() to extract the + * mode). The rest of the flag field is a bitfield. + */ +#define EVP_CIPH_CBC_MODE 2 +#define EVP_CIPH_MODE 0x7 + +#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 + + int (*init)(EVP_CIPHER_CTX*,const unsigned char*,const unsigned char*,int); + int (*do_cipher)(EVP_CIPHER_CTX *, unsigned char *, + const unsigned char *, unsigned int); + int (*cleanup)(EVP_CIPHER_CTX *); + int ctx_size; + void *set_asn1_parameters; + void *get_asn1_parameters; + void *ctrl; + void *app_data; +}; + +struct hc_CIPHER_CTX { + const EVP_CIPHER *cipher; + ENGINE *engine; + int encrypt; + int buf_len; + unsigned char oiv[EVP_MAX_IV_LENGTH]; + unsigned char iv[EVP_MAX_IV_LENGTH]; + unsigned char buf[EVP_MAX_BLOCK_LENGTH]; + int num; + void *app_data; + int key_len; + unsigned long flags; + void *cipher_data; + int final_used; + int block_mask; + unsigned char final[EVP_MAX_BLOCK_LENGTH]; +}; + +struct hc_EVP_MD_CTX { + const EVP_MD *md; + ENGINE *engine; + void *ptr; +}; + +/* + * Avaible crypto algs + */ + +const EVP_MD *EVP_md_null(void); +const EVP_MD *EVP_md2(void); +const EVP_MD *EVP_md4(void); +const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_sha(void); +const EVP_MD *EVP_sha1(void); + +const EVP_CIPHER * EVP_aes_128_cbc(void); +const EVP_CIPHER * EVP_aes_192_cbc(void); +const EVP_CIPHER * EVP_aes_256_cbc(void); +const EVP_CIPHER * EVP_des_ede3_cbc(void); +const EVP_CIPHER * EVP_enc_null(void); +const EVP_CIPHER * EVP_rc2_40_cbc(void); +const EVP_CIPHER * EVP_rc2_cbc(void); +const EVP_CIPHER * EVP_rc4(void); +const EVP_CIPHER * EVP_rc4_40(void); + +/* + * + */ + +size_t EVP_MD_size(const EVP_MD *); +size_t EVP_MD_block_size(const EVP_MD *); + +const EVP_MD * + EVP_MD_CTX_md(EVP_MD_CTX *); +size_t EVP_MD_CTX_size(EVP_MD_CTX *); +size_t EVP_MD_CTX_block_size(EVP_MD_CTX *); + +EVP_MD_CTX * + EVP_MD_CTX_create(void); +void EVP_MD_CTX_init(EVP_MD_CTX *); +void EVP_MD_CTX_destroy(EVP_MD_CTX *); +int EVP_MD_CTX_cleanup(EVP_MD_CTX *); + +int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *); +int EVP_DigestUpdate(EVP_MD_CTX *,const void *, size_t); +int EVP_DigestFinal_ex(EVP_MD_CTX *, void *, unsigned int *); +int EVP_Digest(const void *, size_t, void *, unsigned int *, + const EVP_MD *, ENGINE *); +/* + * + */ + +size_t EVP_CIPHER_block_size(const EVP_CIPHER *); +size_t EVP_CIPHER_key_length(const EVP_CIPHER *); +size_t EVP_CIPHER_iv_length(const EVP_CIPHER *); + +void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *, int); +unsigned long + EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *); + +const EVP_CIPHER * + EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *); +size_t EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *); +size_t EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *); +size_t EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *); +void * EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *, void *); + +int EVP_CipherInit_ex(EVP_CIPHER_CTX *,const EVP_CIPHER *, ENGINE *, + const void *, const void *, int); + +int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t); + +int PKCS5_PBKDF2_HMAC_SHA1(const void *, size_t, const void *, size_t, + unsigned long, size_t, void *); + + +#endif /* HEIM_EVP_H */ diff --git a/source4/heimdal/lib/des/hcrypto b/source4/heimdal/lib/des/hcrypto new file mode 120000 index 0000000000..023d458e1d --- /dev/null +++ b/source4/heimdal/lib/des/hcrypto @@ -0,0 +1 @@ +./../des
\ No newline at end of file diff --git a/source4/heimdal/lib/des/hmac.c b/source4/heimdal/lib/des/hmac.c new file mode 100644 index 0000000000..1d323b3725 --- /dev/null +++ b/source4/heimdal/lib/des/hmac.c @@ -0,0 +1,119 @@ +#include <sys/types.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <hmac.h> + +void +HMAC_CTX_init(HMAC_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); +} + +void +HMAC_CTX_cleanup(HMAC_CTX *ctx) +{ + if (ctx->buf) { + memset(ctx->buf, 0, ctx->key_length); + free(ctx->buf); + ctx->buf = NULL; + } + if (ctx->opad) { + memset(ctx->ipad, 0, ctx->key_length); + free(ctx->opad); + ctx->opad = NULL; + } + if (ctx->ipad) { + memset(ctx->ipad, 0, ctx->key_length); + free(ctx->ipad); + ctx->ipad = NULL; + } + EVP_MD_CTX_cleanup(ctx->ctx); +} + +size_t +HMAC_size(const HMAC_CTX *ctx) +{ + return EVP_MD_size(ctx->md); +} + +void +HMAC_Init_ex(HMAC_CTX *ctx, + const void *key, + size_t keylen, + const EVP_MD *md, + ENGINE *engine) +{ + unsigned char *p; + size_t i; + + if (ctx->md != md) { + ctx->md = md; + if (ctx->buf) + free (ctx->buf); + ctx->key_length = EVP_MD_size(ctx->md); + ctx->buf = malloc(ctx->key_length); + } +#if 0 + ctx->engine = engine; +#endif + + if (keylen > EVP_MD_block_size(ctx->md)) { + EVP_Digest(key, keylen, ctx->buf, NULL, ctx->md, engine); + key = ctx->buf; + keylen = EVP_MD_size(ctx->md); + } + + if (ctx->opad) + free(ctx->opad); + if (ctx->ipad) + free(ctx->ipad); + + ctx->opad = malloc(EVP_MD_block_size(ctx->md)); + ctx->ipad = malloc(EVP_MD_block_size(ctx->md)); + memset(ctx->ipad, 0x36, EVP_MD_block_size(ctx->md)); + memset(ctx->opad, 0x5c, EVP_MD_block_size(ctx->md)); + + for (i = 0, p = ctx->ipad; i < keylen; i++) + p[i] ^= ((const unsigned char *)key)[i]; + for (i = 0, p = ctx->opad; i < keylen; i++) + p[i] ^= ((const unsigned char *)key)[i]; + + ctx->ctx = EVP_MD_CTX_create(); + + EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine); + EVP_DigestUpdate(ctx->ctx, ctx->ipad, EVP_MD_block_size(ctx->md)); +} + +void +HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len) +{ + EVP_DigestUpdate(ctx->ctx, data, len); +} + +void +HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len) +{ + EVP_DigestFinal_ex(ctx->ctx, ctx->buf, NULL); + + EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine); + EVP_DigestUpdate(ctx->ctx, ctx->opad, EVP_MD_block_size(ctx->md)); + EVP_DigestUpdate(ctx->ctx, ctx->buf, ctx->key_length); + EVP_DigestFinal_ex(ctx->ctx, md, len); +} + +void * +HMAC(const EVP_MD *md, + const void *key, size_t key_size, + const void *data, size_t data_size, + void *hash, unsigned int *hash_len) +{ + HMAC_CTX ctx; + + HMAC_CTX_init(&ctx); + HMAC_Init_ex(&ctx, key, key_size, md, NULL); + HMAC_Update(&ctx, data, data_size); + HMAC_Final(&ctx, hash, hash_len); + HMAC_CTX_cleanup(&ctx); + return hash; +} diff --git a/source4/heimdal/lib/des/hmac.h b/source4/heimdal/lib/des/hmac.h new file mode 100644 index 0000000000..a72ab574e7 --- /dev/null +++ b/source4/heimdal/lib/des/hmac.h @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: hmac.h,v 1.3 2006/01/13 15:26:52 lha Exp $ */ + +#ifndef HEIM_HMAC_H +#define HEIM_HMAC_H 1 + +#include <hcrypto/evp.h> + +/* symbol renaming */ +#define HMAC_CTX_init hc_HMAC_CTX_init +#define HMAC_CTX_cleanup hc_HMAC_CTX_cleanup +#define HMAC_size hc_HMAC_size +#define HMAC_Init_ex hc_HMAC_Init_ex +#define HMAC_Update hc_HMAC_Update +#define HMAC_Final hc_HMAC_Final +#define HMAC hc_HMAC + +/* + * + */ + +#define HMAC_MAX_MD_CBLOCK 64 + +typedef struct hc_HMAC_CTX HMAC_CTX; + +struct hc_HMAC_CTX { + const EVP_MD *md; + ENGINE *engine; + EVP_MD_CTX *ctx; + size_t key_length; + void *opad; + void *ipad; + void *buf; +}; + + +void HMAC_CTX_init(HMAC_CTX *); +void HMAC_CTX_cleanup(HMAC_CTX *ctx); + +size_t HMAC_size(const HMAC_CTX *ctx); + +void HMAC_Init_ex(HMAC_CTX *, const void *, size_t, + const EVP_MD *, ENGINE *); +void HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len); +void HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len); + +void * HMAC(const EVP_MD *evp_md, const void *key, size_t key_len, + const void *data, size_t n, void *md, unsigned int *md_len); + +#endif /* HEIM_HMAC_H */ diff --git a/source4/heimdal/lib/des/md2.c b/source4/heimdal/lib/des/md2.c new file mode 100644 index 0000000000..91d7afd125 --- /dev/null +++ b/source4/heimdal/lib/des/md2.c @@ -0,0 +1,138 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: md2.c,v 1.1 2006/01/08 21:47:28 lha Exp $"); +#endif + +#include "hash.h" +#include "md2.h" + +static const unsigned char subst[256] = { + 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, + 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, + 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, + 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, + 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, + 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, + 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, + 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, + 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, + 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, + 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, + 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, + 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, + 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, + 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, + 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, + 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, + 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 +}; + +void +MD2_Init (struct md2 *m) +{ + memset(m, 0, sizeof(*m)); +} + +static void +calc(struct md2 *m, const void *v) +{ + unsigned char x[48], L; + const unsigned char *p = v; + int i, j, t; + + L = m->checksum[15]; + for (i = 0; i < 16; i++) + L = m->checksum[i] ^= subst[p[i] ^ L]; + + for (i = 0; i < 16; i++) { + x[i] = m->state[i]; + x[i + 16] = p[i]; + x[i + 32] = x[i] ^ p[i]; + } + + t = 0; + for (i = 0; i < 18; i++) { + for (j = 0; j < 48; j++) + t = x[j] ^= subst[t]; + t = (t + i) & 0xff; + } + + memcpy(m->state, x, 16); + memset(x, 0, sizeof(x)); +} + +void +MD2_Update (struct md2 *m, const void *v, size_t len) +{ + size_t idx = m->len & 0xf; + const unsigned char *p = v; + + m->len += len; + if (len + idx >= 16) { + if (idx) { + memcpy(m->data + idx, p, 16 - idx); + calc(m, m->data); + p += 16; + len -= 16 - idx; + } + while (len >= 16) { + calc(m, p); + p += 16; + len -= 16; + } + idx = 0; + } + + memcpy(m->data + idx, p, len); +} + +void +MD2_Final (void *res, struct md2 *m) +{ + unsigned char pad[16]; + size_t padlen; + + padlen = 16 - (m->len % 16); + memset(pad, padlen, padlen); + + MD2_Update(m, pad, padlen); + memcpy(pad, m->checksum, 16); + MD2_Update(m, pad, 16); + + memcpy(res, m->state, MD2_DIGEST_LENGTH); + memset(m, 0, sizeof(m)); +} diff --git a/source4/heimdal/lib/des/md2.h b/source4/heimdal/lib/des/md2.h new file mode 100644 index 0000000000..f305d943aa --- /dev/null +++ b/source4/heimdal/lib/des/md2.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: md2.h,v 1.1 2006/01/08 21:47:28 lha Exp $ */ + +#ifndef HEIM_MD2_H +#define HEIM_MD2_H 1 + +/* symbol renaming */ +#define MD2_Init hc_MD2_Init +#define MD2_Update hc_MD2_Update +#define MD2_Final hc_MD2_Final + +/* + * + */ + +#define MD2_DIGEST_LENGTH 16 + +struct md2 { + size_t len; + unsigned char data[16]; /* stored unalligned data between Update's */ + unsigned char checksum[16]; + unsigned char state[16]; /* lower 16 bytes of X */ +}; + +typedef struct md2 MD2_CTX; + +void MD2_Init (struct md2 *m); +void MD2_Update (struct md2 *m, const void *p, size_t len); +void MD2_Final (void *res, struct md2 *m); + +#endif /* HEIM_MD2_H */ diff --git a/source4/heimdal/lib/des/md4.h b/source4/heimdal/lib/des/md4.h index 92147c8489..79055e0fb0 100644 --- a/source4/heimdal/lib/des/md4.h +++ b/source4/heimdal/lib/des/md4.h @@ -31,11 +31,22 @@ * SUCH DAMAGE. */ -/* $Id: md4.h,v 1.9 2005/04/10 19:12:38 lha Exp $ */ +/* $Id: md4.h,v 1.10 2006/01/08 21:47:28 lha Exp $ */ #ifndef HEIM_MD4_H #define HEIM_MD4_H 1 +/* symbol renaming */ +#define MD4_Init hc_MD4_Init +#define MD4_Update hc_MD4_Update +#define MD4_Final hc_MD4_Final + +/* + * + */ + +#define MD4_DIGEST_LENGTH 16 + struct md4 { unsigned int sz[2]; u_int32_t counter[4]; diff --git a/source4/heimdal/lib/des/md5.h b/source4/heimdal/lib/des/md5.h index c0463e02d7..534bc9917e 100644 --- a/source4/heimdal/lib/des/md5.h +++ b/source4/heimdal/lib/des/md5.h @@ -31,11 +31,22 @@ * SUCH DAMAGE. */ -/* $Id: md5.h,v 1.9 2005/04/10 19:14:34 lha Exp $ */ +/* $Id: md5.h,v 1.10 2006/01/08 21:47:28 lha Exp $ */ #ifndef HEIM_MD5_H #define HEIM_MD5_H 1 +/* symbol renaming */ +#define MD5_Init hc_MD5_Init +#define MD5_Update hc_MD5_Update +#define MD5_Final hc_MD5_Final + +/* + * + */ + +#define MD5_DIGEST_LENGTH 16 + struct md5 { unsigned int sz[2]; u_int32_t counter[4]; diff --git a/source4/heimdal/lib/des/pkcs12.h b/source4/heimdal/lib/des/pkcs12.h new file mode 100644 index 0000000000..b55f1fced5 --- /dev/null +++ b/source4/heimdal/lib/des/pkcs12.h @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: pkcs12.h,v 1.2 2006/01/13 15:26:52 lha Exp $ + */ + +#ifndef _HEIM_PKCS12_H +#define _HEIM_PKCS12_H 1 + +/* symbol renaming */ +#define PKCS12_key_gen hc_PKCS12_key_gen + +/* + * + */ + +#include <hcrypto/evp.h> + +#define PKCS12_KEY_ID 1 +#define PKCS12_IV_ID 2 + +int PKCS12_key_gen(const void *, size_t, const void *, + size_t, int, int, size_t, void *, const EVP_MD *); + + +#endif /* _HEIM_PKCS12_H */ diff --git a/source4/heimdal/lib/des/pkcs5.c b/source4/heimdal/lib/des/pkcs5.c new file mode 100644 index 0000000000..4bfc313741 --- /dev/null +++ b/source4/heimdal/lib/des/pkcs5.c @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +RCSID("$Id: pkcs5.c,v 1.1 2006/02/28 14:16:57 lha Exp $"); + +#include <stdio.h> +#include <stdlib.h> + +#include <evp.h> +#include <hmac.h> + +#include <roken.h> + +int +PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len, + const void * salt, size_t salt_len, + unsigned long iter, + size_t keylen, void *key) +{ + size_t datalen, leftofkey, checksumsize; + char *data, *tmpcksum; + u_int32_t keypart; + const EVP_MD *md; + unsigned long i; + int j; + char *p; + unsigned int hmacsize; + + md = EVP_sha1(); + checksumsize = EVP_MD_size(md); + datalen = salt_len + 4; + + tmpcksum = malloc(checksumsize + datalen); + if (tmpcksum == NULL) + return 0; + + data = &tmpcksum[checksumsize]; + + memcpy(data, salt, salt_len); + + keypart = 1; + leftofkey = keylen; + p = key; + + while (leftofkey) { + int len; + + if (leftofkey > checksumsize) + len = checksumsize; + else + len = leftofkey; + + data[datalen - 4] = (keypart >> 24) & 0xff; + data[datalen - 3] = (keypart >> 16) & 0xff; + data[datalen - 2] = (keypart >> 8) & 0xff; + data[datalen - 1] = (keypart) & 0xff; + + HMAC(md, password, password_len, data, datalen, + tmpcksum, &hmacsize); + + memcpy(p, tmpcksum, len); + for (i = 1; i < iter; i++) { + HMAC(md, password, password_len, tmpcksum, checksumsize, + tmpcksum, &hmacsize); + + for (j = 0; j < len; j++) + p[j] ^= tmpcksum[j]; + } + + p += len; + leftofkey -= len; + keypart++; + } + + free(tmpcksum); + + return 1; +} diff --git a/source4/heimdal/lib/des/rand.h b/source4/heimdal/lib/des/rand.h new file mode 100644 index 0000000000..514fe0ced4 --- /dev/null +++ b/source4/heimdal/lib/des/rand.h @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: rand.h,v 1.2 2006/01/13 15:26:52 lha Exp $ + */ + +#ifndef _HEIM_RAND_H +#define _HEIM_RAND_H 1 + +#include <hcrypto/bn.h> + +/* symbol renaming */ +#define RAND_bytes hc_RAND_bytes +#define RAND_pseudo_bytes hc_RAND_pseudo_bytes + +/* + * + */ + +int RAND_bytes(void *, size_t num); +int RAND_pseudo_bytes(void *, size_t); + +#endif /* _HEIM_RAND_H */ diff --git a/source4/heimdal/lib/des/rc2.h b/source4/heimdal/lib/des/rc2.h index 3ff44dca01..b2cd50b880 100755 --- a/source4/heimdal/lib/des/rc2.h +++ b/source4/heimdal/lib/des/rc2.h @@ -31,7 +31,17 @@ * SUCH DAMAGE. */ -/* $Id: rc2.h,v 1.1 2004/04/23 19:23:00 lha Exp $ */ +/* $Id: rc2.h,v 1.2 2006/01/08 21:47:29 lha Exp $ */ + +/* symbol renaming */ +#define RC2_set_key hc_RC2_set_key +#define RC2_encryptc hc_RC2_encryptc +#define RC2_decryptc hc_RC2_decryptc +#define RC2_cbc_encrypt hc_RC2_cbc_encrypt + +/* + * + */ #define RC2_ENCRYPT 1 #define RC2_DECRYPT 0 diff --git a/source4/heimdal/lib/des/rc4.h b/source4/heimdal/lib/des/rc4.h index a39e79f236..3c359dc72a 100644 --- a/source4/heimdal/lib/des/rc4.h +++ b/source4/heimdal/lib/des/rc4.h @@ -31,7 +31,11 @@ * SUCH DAMAGE. */ -/* $Id: rc4.h,v 1.3 2004/03/25 16:39:58 lha Exp $ */ +/* $Id: rc4.h,v 1.4 2006/01/08 21:47:29 lha Exp $ */ + +/* symbol renaming */ +#define RC4_set_key hc_RC4_set_key +#define RC4 hc_RC4 typedef struct rc4_key { unsigned int x, y; diff --git a/source4/heimdal/lib/des/rijndael-alg-fst.h b/source4/heimdal/lib/des/rijndael-alg-fst.h index 028111094d..6b6e2a5cd3 100755 --- a/source4/heimdal/lib/des/rijndael-alg-fst.h +++ b/source4/heimdal/lib/des/rijndael-alg-fst.h @@ -28,6 +28,12 @@ #ifndef __RIJNDAEL_ALG_FST_H #define __RIJNDAEL_ALG_FST_H +/* symbol renaming */ +#define rijndaelKeySetupEnc _hc_rijndaelKeySetupEnc +#define rijndaelKeySetupDec _hc_rijndaelKeySetupDec +#define rijndaelEncrypt _hc_rijndaelEncrypt +#define rijndaelDecrypt _hc_rijndaelDecrypt + #define RIJNDAEL_MAXKC (256/32) #define RIJNDAEL_MAXKB (256/8) #define RIJNDAEL_MAXNR 14 diff --git a/source4/heimdal/lib/des/rnd_keys.c b/source4/heimdal/lib/des/rnd_keys.c index 63dddeb8ce..e27b00defa 100644 --- a/source4/heimdal/lib/des/rnd_keys.c +++ b/source4/heimdal/lib/des/rnd_keys.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: rnd_keys.c,v 1.69 2005/07/20 10:49:24 lha Exp $"); +RCSID("$Id: rnd_keys.c,v 1.70 2006/01/08 21:47:29 lha Exp $"); #endif #ifdef KRB5 @@ -324,6 +324,8 @@ DES_generate_random_block(DES_cblock *block) DES_rand_data((unsigned char *)block, sizeof(*block)); } +#define DES_rand_data_key hc_DES_rand_data_key + void DES_rand_data_key(DES_cblock *key); @@ -353,6 +355,9 @@ DES_rand_data_key(DES_cblock *key) * It's neccessary to be root to run it. Returns -1 if there were any * problems with permissions. */ + +#define DES_mem_rand8 hc_DES_mem_rand8 + int DES_mem_rand8(unsigned char *data); diff --git a/source4/heimdal/lib/des/rsa.h b/source4/heimdal/lib/des/rsa.h new file mode 100644 index 0000000000..da9d2ea4b1 --- /dev/null +++ b/source4/heimdal/lib/des/rsa.h @@ -0,0 +1,164 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: rsa.h,v 1.2 2006/01/13 15:26:52 lha Exp $ + */ + +#ifndef _HEIM_RSA_H +#define _HEIM_RSA_H 1 + +/* symbol renaming */ +#define RSA_null_method hc_RSA_null_method +#define RSA_new hc_RSA_new +#define RSA_new_method hc_RSA_new_method +#define RSA_free hc_RSA_free +#define RSA_up_ref hc_RSA_up_ref +#define RSA_set_default_method hc_RSA_set_default_method +#define RSA_get_default_method hc_RSA_get_default_method +#define RSA_set_method hc_RSA_set_method +#define RSA_get_method hc_RSA_get_method +#define RSA_set_app_data hc_RSA_set_app_data +#define RSA_get_app_data hc_RSA_get_app_data +#define RSA_check_key hc_RSA_check_key +#define RSA_size hc_RSA_size +#define RSA_public_encrypt hc_RSA_public_encrypt +#define RSA_public_decrypt hc_RSA_public_decrypt +#define RSA_private_encrypt hc_RSA_private_encrypt +#define RSA_private_decrypt hc_RSA_private_decrypt +#define RSA_sign hc_RSA_sign +#define RSA_verify hc_RSA_verify +#define d2i_RSAPrivateKey hc_d2i_RSAPrivateKey + +/* + * + */ + +typedef struct RSA RSA; +typedef struct RSA_METHOD RSA_METHOD; + +#include <hcrypto/bn.h> +#include <hcrypto/engine.h> + +struct RSA_METHOD { + const char *name; + int (*rsa_pub_enc)(int,const unsigned char *, unsigned char *, RSA *,int); + int (*rsa_pub_dec)(int,const unsigned char *, unsigned char *, RSA *,int); + int (*rsa_priv_enc)(int,const unsigned char *, unsigned char *, RSA *,int); + int (*rsa_priv_dec)(int,const unsigned char *, unsigned char *, RSA *,int); + void *rsa_mod_exp; + void *bn_mod_exp; + int (*init)(RSA *rsa); + int (*finish)(RSA *rsa); + int flags; + char *app_data; + int (*rsa_sign)(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int *, const RSA *); + int (*rsa_verify)(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int, const RSA *); + int (*rsa_keygen)(RSA *, int, BIGNUM *, BN_GENCB *); +}; + +struct RSA { + int pad; + long version; + const RSA_METHOD *meth; + void *engine; + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + struct rsa_CRYPTO_EX_DATA { + void *sk; + int dummy; + } ex_data; + int references; + int flags; + void *_method_mod_n; + void *_method_mod_p; + void *_method_mod_q; + + char *bignum_data; + void *blinding; + void *mt_blinding; +}; + +#define RSA_FLAG_SIGN_VER 0x40 + +#define RSA_PKCS1_PADDING 1 +#define RSA_PKCS1_PADDING_SIZE 11 + +/* + * + */ + +const RSA_METHOD *RSA_null_method(void); + +/* + * + */ + +RSA * RSA_new(void); +RSA * RSA_new_method(ENGINE *); +void RSA_free(RSA *); +int RSA_up_ref(RSA *); + +void RSA_set_default_method(const RSA_METHOD *); +const RSA_METHOD * RSA_get_default_method(void); + +const RSA_METHOD * RSA_get_method(const RSA *); +int RSA_set_method(RSA *, const RSA_METHOD *); + +int RSA_set_app_data(RSA *, void *arg); +void * RSA_get_app_data(RSA *); + +int RSA_check_key(const RSA *); +int RSA_size(const RSA *); + +int RSA_public_encrypt(int,const unsigned char*,unsigned char*,RSA *,int); +int RSA_private_encrypt(int,const unsigned char*,unsigned char*,RSA *,int); +int RSA_public_decrypt(int,const unsigned char*,unsigned char*,RSA *,int); +int RSA_private_decrypt(int,const unsigned char*,unsigned char*,RSA *,int); + +int RSA_sign(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int *, RSA *); +int RSA_verify(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int, RSA *); + +RSA * d2i_RSAPrivateKey(RSA *, const unsigned char **, size_t); + +#endif /* _HEIM_RSA_H */ diff --git a/source4/heimdal/lib/des/sha.h b/source4/heimdal/lib/des/sha.h index 77d84fbe6f..4657fad51f 100644 --- a/source4/heimdal/lib/des/sha.h +++ b/source4/heimdal/lib/des/sha.h @@ -31,11 +31,22 @@ * SUCH DAMAGE. */ -/* $Id: sha.h,v 1.8 2005/04/10 19:18:13 lha Exp $ */ +/* $Id: sha.h,v 1.9 2006/01/08 21:47:29 lha Exp $ */ #ifndef HEIM_SHA_H #define HEIM_SHA_H 1 +/* symbol renaming */ +#define SHA1_Init hc_SHA1_Init +#define SHA1_Update hc_SHA1_Update +#define SHA1_Final hc_SHA1_Final + +/* + * + */ + +#define SHA_DIGEST_LENGTH 20 + struct sha { unsigned int sz[2]; u_int32_t counter[5]; diff --git a/source4/heimdal/lib/des/ui.c b/source4/heimdal/lib/des/ui.c index 92538735c4..276367e186 100644 --- a/source4/heimdal/lib/des/ui.c +++ b/source4/heimdal/lib/des/ui.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: ui.c,v 1.4 2005/04/30 14:10:18 lha Exp $"); +RCSID("$Id: ui.c,v 1.5 2006/01/08 21:47:29 lha Exp $"); #endif #include <stdio.h> @@ -43,7 +43,7 @@ RCSID("$Id: ui.c,v 1.4 2005/04/30 14:10:18 lha Exp $"); #include <termios.h> #include <roken.h> -#include <des.h> +#include <ui.h> static sig_atomic_t intr_flag; diff --git a/source4/heimdal/lib/des/ui.h b/source4/heimdal/lib/des/ui.h new file mode 100644 index 0000000000..d6e68e12cc --- /dev/null +++ b/source4/heimdal/lib/des/ui.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: ui.h,v 1.1 2006/01/08 21:47:29 lha Exp $ */ + +#ifndef _HEIM_UI_H +#define _HEIM_UI_H 1 + +/* symbol renaming */ +#define UI_UTIL_read_pw_string hc_UI_UTIL_read_pw_string + +int UI_UTIL_read_pw_string(char *, int, const char *, int); /* XXX */ + +#endif /* _HEIM_UI_H */ + diff --git a/source4/heimdal/lib/gssapi/delete_sec_context.c b/source4/heimdal/lib/gssapi/delete_sec_context.c index 301197aa4c..f1842def7c 100644 --- a/source4/heimdal/lib/gssapi/delete_sec_context.c +++ b/source4/heimdal/lib/gssapi/delete_sec_context.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: delete_sec_context.c,v 1.15 2005/04/27 17:48:17 lha Exp $"); +RCSID("$Id: delete_sec_context.c,v 1.16 2006/01/16 13:12:29 lha Exp $"); OM_uint32 gss_delete_sec_context (OM_uint32 * minor_status, @@ -43,11 +43,16 @@ OM_uint32 gss_delete_sec_context { GSSAPI_KRB5_INIT (); + *minor_status = 0; + if (output_token) { output_token->length = 0; output_token->value = NULL; } + if (*context_handle == GSS_C_NO_CONTEXT) + return GSS_S_COMPLETE; + HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex); krb5_auth_con_free (gssapi_krb5_context, @@ -74,6 +79,5 @@ OM_uint32 gss_delete_sec_context memset(*context_handle, 0, sizeof(**context_handle)); free (*context_handle); *context_handle = GSS_C_NO_CONTEXT; - *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/import_name.c b/source4/heimdal/lib/gssapi/import_name.c index 423e757146..d393aa1a51 100644 --- a/source4/heimdal/lib/gssapi/import_name.c +++ b/source4/heimdal/lib/gssapi/import_name.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: import_name.c,v 1.13 2003/03/16 17:33:31 lha Exp $"); +RCSID("$Id: import_name.c,v 1.14 2006/02/15 11:59:10 lha Exp $"); static OM_uint32 parse_krb5_name (OM_uint32 *minor_status, @@ -207,7 +207,8 @@ OM_uint32 gss_import_name *minor_status = 0; *output_name = GSS_C_NO_NAME; - if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) + if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE) || + gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE_X)) return import_hostbased_name (minor_status, input_name_buffer, output_name); diff --git a/source4/heimdal/lib/gssapi/wrap.c b/source4/heimdal/lib/gssapi/wrap.c index d07a4d2599..e5be6cf149 100644 --- a/source4/heimdal/lib/gssapi/wrap.c +++ b/source4/heimdal/lib/gssapi/wrap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index 67e19f7e4a..3cc7d2131a 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -8,317 +8,6 @@ extern "C" { #endif -unsigned -HDBFlags2int (HDBFlags /*f*/); - -int -copy_Event ( - const Event */*from*/, - Event */*to*/); - -int -copy_GENERATION ( - const GENERATION */*from*/, - GENERATION */*to*/); - -int -copy_HDBFlags ( - const HDBFlags */*from*/, - HDBFlags */*to*/); - -int -copy_HDB_Ext_Aliases ( - const HDB_Ext_Aliases */*from*/, - HDB_Ext_Aliases */*to*/); - -int -copy_HDB_Ext_Constrained_delegation_acl ( - const HDB_Ext_Constrained_delegation_acl */*from*/, - HDB_Ext_Constrained_delegation_acl */*to*/); - -int -copy_HDB_Ext_Lan_Manager_OWF ( - const HDB_Ext_Lan_Manager_OWF */*from*/, - HDB_Ext_Lan_Manager_OWF */*to*/); - -int -copy_HDB_Ext_PKINIT_acl ( - const HDB_Ext_PKINIT_acl */*from*/, - HDB_Ext_PKINIT_acl */*to*/); - -int -copy_HDB_Ext_PKINIT_certificate ( - const HDB_Ext_PKINIT_certificate */*from*/, - HDB_Ext_PKINIT_certificate */*to*/); - -int -copy_HDB_Ext_Password ( - const HDB_Ext_Password */*from*/, - HDB_Ext_Password */*to*/); - -int -copy_HDB_extension ( - const HDB_extension */*from*/, - HDB_extension */*to*/); - -int -copy_HDB_extensions ( - const HDB_extensions */*from*/, - HDB_extensions */*to*/); - -int -copy_Key ( - const Key */*from*/, - Key */*to*/); - -int -copy_Salt ( - const Salt */*from*/, - Salt */*to*/); - -int -copy_hdb_entry ( - const hdb_entry */*from*/, - hdb_entry */*to*/); - -int -decode_Event ( - const unsigned char */*p*/, - size_t /*len*/, - Event */*data*/, - size_t */*size*/); - -int -decode_GENERATION ( - const unsigned char */*p*/, - size_t /*len*/, - GENERATION */*data*/, - size_t */*size*/); - -int -decode_HDBFlags ( - const unsigned char */*p*/, - size_t /*len*/, - HDBFlags */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Aliases ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Aliases */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Constrained_delegation_acl ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Constrained_delegation_acl */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Lan_Manager_OWF ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Lan_Manager_OWF */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_PKINIT_acl ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_PKINIT_acl */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_PKINIT_certificate ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_PKINIT_certificate */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Password ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Password */*data*/, - size_t */*size*/); - -int -decode_HDB_extension ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_extension */*data*/, - size_t */*size*/); - -int -decode_HDB_extensions ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_extensions */*data*/, - size_t */*size*/); - -int -decode_Key ( - const unsigned char */*p*/, - size_t /*len*/, - Key */*data*/, - size_t */*size*/); - -int -decode_Salt ( - const unsigned char */*p*/, - size_t /*len*/, - Salt */*data*/, - size_t */*size*/); - -int -decode_hdb_entry ( - const unsigned char */*p*/, - size_t /*len*/, - hdb_entry */*data*/, - size_t */*size*/); - -int -encode_Event ( - unsigned char */*p*/, - size_t /*len*/, - const Event */*data*/, - size_t */*size*/); - -int -encode_GENERATION ( - unsigned char */*p*/, - size_t /*len*/, - const GENERATION */*data*/, - size_t */*size*/); - -int -encode_HDBFlags ( - unsigned char */*p*/, - size_t /*len*/, - const HDBFlags */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Aliases ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Aliases */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Constrained_delegation_acl ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Constrained_delegation_acl */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Lan_Manager_OWF ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Lan_Manager_OWF */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_PKINIT_acl ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_PKINIT_acl */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_PKINIT_certificate ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_PKINIT_certificate */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Password ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Password */*data*/, - size_t */*size*/); - -int -encode_HDB_extension ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_extension */*data*/, - size_t */*size*/); - -int -encode_HDB_extensions ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_extensions */*data*/, - size_t */*size*/); - -int -encode_Key ( - unsigned char */*p*/, - size_t /*len*/, - const Key */*data*/, - size_t */*size*/); - -int -encode_Salt ( - unsigned char */*p*/, - size_t /*len*/, - const Salt */*data*/, - size_t */*size*/); - -int -encode_hdb_entry ( - unsigned char */*p*/, - size_t /*len*/, - const hdb_entry */*data*/, - size_t */*size*/); - -void -free_Event (Event */*data*/); - -void -free_GENERATION (GENERATION */*data*/); - -void -free_HDBFlags (HDBFlags */*data*/); - -void -free_HDB_Ext_Aliases (HDB_Ext_Aliases */*data*/); - -void -free_HDB_Ext_Constrained_delegation_acl (HDB_Ext_Constrained_delegation_acl */*data*/); - -void -free_HDB_Ext_Lan_Manager_OWF (HDB_Ext_Lan_Manager_OWF */*data*/); - -void -free_HDB_Ext_PKINIT_acl (HDB_Ext_PKINIT_acl */*data*/); - -void -free_HDB_Ext_PKINIT_certificate (HDB_Ext_PKINIT_certificate */*data*/); - -void -free_HDB_Ext_Password (HDB_Ext_Password */*data*/); - -void -free_HDB_extension (HDB_extension */*data*/); - -void -free_HDB_extensions (HDB_extensions */*data*/); - -void -free_Key (Key */*data*/); - -void -free_Salt (Salt */*data*/); - -void -free_hdb_entry (hdb_entry */*data*/); - krb5_error_code hdb_add_master_key ( krb5_context /*context*/, @@ -491,12 +180,6 @@ hdb_ldapi_create ( const char */*arg*/); krb5_error_code -hdb_ldb_create ( - krb5_context /*context*/, - HDB ** /*db*/, - const char */*arg*/); - -krb5_error_code hdb_list_builtin ( krb5_context /*context*/, char **/*list*/); @@ -627,54 +310,6 @@ hdb_write_master_key ( const char */*filename*/, hdb_master_key /*mkey*/); -void -initialize_hdb_error_table_r (struct et_list **/*list*/); - -HDBFlags -int2HDBFlags (unsigned /*n*/); - -size_t -length_Event (const Event */*data*/); - -size_t -length_GENERATION (const GENERATION */*data*/); - -size_t -length_HDBFlags (const HDBFlags */*data*/); - -size_t -length_HDB_Ext_Aliases (const HDB_Ext_Aliases */*data*/); - -size_t -length_HDB_Ext_Constrained_delegation_acl (const HDB_Ext_Constrained_delegation_acl */*data*/); - -size_t -length_HDB_Ext_Lan_Manager_OWF (const HDB_Ext_Lan_Manager_OWF */*data*/); - -size_t -length_HDB_Ext_PKINIT_acl (const HDB_Ext_PKINIT_acl */*data*/); - -size_t -length_HDB_Ext_PKINIT_certificate (const HDB_Ext_PKINIT_certificate */*data*/); - -size_t -length_HDB_Ext_Password (const HDB_Ext_Password */*data*/); - -size_t -length_HDB_extension (const HDB_extension */*data*/); - -size_t -length_HDB_extensions (const HDB_extensions */*data*/); - -size_t -length_Key (const Key */*data*/); - -size_t -length_Salt (const Salt */*data*/); - -size_t -length_hdb_entry (const hdb_entry */*data*/); - #ifdef __cplusplus } #endif diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index 406a50ecbd..b89937f82f 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/source4/heimdal/lib/hdb/hdb_locl.h b/source4/heimdal/lib/hdb/hdb_locl.h index 0d07164bd1..0bf4e8191c 100644 --- a/source4/heimdal/lib/hdb/hdb_locl.h +++ b/source4/heimdal/lib/hdb/hdb_locl.h @@ -64,4 +64,11 @@ #include <hdb.h> #include <hdb-private.h> +krb5_error_code +hdb_ldb_create ( + krb5_context /*context*/, + HDB ** /*db*/, + const char */*arg*/); + + #endif /* __HDB_LOCL_H__ */ diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index 21ee2f4274..6fb37842dc 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index de40b059b8..3cfc780eb4 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.130 2005/12/02 14:47:44 lha Exp $"); +RCSID("$Id: crypto.c,v 1.132 2006/02/28 14:52:57 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -591,114 +591,6 @@ ARCFOUR_string_to_key(krb5_context context, * AES */ -/* iter is really 1 based, so iter == 0 will be 1 iteration */ - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_PKCS5_PBKDF2(krb5_context context, krb5_cksumtype cktype, - krb5_data password, krb5_salt salt, u_int32_t iter, - krb5_keytype type, krb5_keyblock *key) -{ - struct checksum_type *c = _find_checksum(cktype); - struct key_type *kt; - size_t datalen, leftofkey; - krb5_error_code ret; - u_int32_t keypart; - struct key_data ksign; - krb5_keyblock kb; - Checksum result; - char *data, *tmpcksum; - int i, j; - char *p; - - if (c == NULL) { - krb5_set_error_string(context, "checksum %d not supported", cktype); - return KRB5_PROG_KEYTYPE_NOSUPP; - } - - kt = _find_keytype(type); - if (kt == NULL) { - krb5_set_error_string(context, "key type %d not supported", type); - return KRB5_PROG_KEYTYPE_NOSUPP; - } - - key->keytype = type; - ret = krb5_data_alloc (&key->keyvalue, kt->bits / 8); - if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); - return ret; - } - - ret = krb5_data_alloc (&result.checksum, c->checksumsize); - if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); - krb5_data_free (&key->keyvalue); - return ret; - } - - tmpcksum = malloc(c->checksumsize); - if (tmpcksum == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - krb5_data_free (&key->keyvalue); - krb5_data_free (&result.checksum); - return ENOMEM; - } - - datalen = salt.saltvalue.length + 4; - data = malloc(datalen); - if (data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - free(tmpcksum); - krb5_data_free (&key->keyvalue); - krb5_data_free (&result.checksum); - return ENOMEM; - } - - kb.keyvalue = password; - ksign.key = &kb; - - memcpy(data, salt.saltvalue.data, salt.saltvalue.length); - - keypart = 1; - leftofkey = key->keyvalue.length; - p = key->keyvalue.data; - - while (leftofkey) { - int len; - - if (leftofkey > c->checksumsize) - len = c->checksumsize; - else - len = leftofkey; - - _krb5_put_int(data + datalen - 4, keypart, 4); - - ret = hmac(context, c, data, datalen, 0, &ksign, &result); - if (ret) - krb5_abortx(context, "hmac failed"); - memcpy(p, result.checksum.data, len); - memcpy(tmpcksum, result.checksum.data, result.checksum.length); - for (i = 0; i < iter; i++) { - ret = hmac(context, c, tmpcksum, result.checksum.length, - 0, &ksign, &result); - if (ret) - krb5_abortx(context, "hmac failed"); - memcpy(tmpcksum, result.checksum.data, result.checksum.length); - for (j = 0; j < len; j++) - p[j] ^= tmpcksum[j]; - } - - p += len; - leftofkey -= len; - keypart++; - } - - free(data); - free(tmpcksum); - krb5_data_free (&result.checksum); - - return 0; -} - int _krb5_AES_string_to_default_iterator = 4096; static krb5_error_code @@ -715,33 +607,44 @@ AES_string_to_key(krb5_context context, struct key_data kd; if (opaque.length == 0) - iter = _krb5_AES_string_to_default_iterator - 1; + iter = _krb5_AES_string_to_default_iterator; else if (opaque.length == 4) { unsigned long v; _krb5_get_int(opaque.data, &v, 4); - iter = ((u_int32_t)v) - 1; + iter = ((u_int32_t)v); } else return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */ - et = _find_enctype(enctype); if (et == NULL) return KRB5_PROG_KEYTYPE_NOSUPP; - ret = _krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt, - iter, enctype, key); - if (ret) + key->keytype = enctype; + ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); + if (ret) { + krb5_set_error_string(context, "Failed to allocate pkcs5 key"); return ret; - + } ret = krb5_copy_keyblock(context, key, &kd.key); + if (ret) { + krb5_free_keyblock(context, key); + return ret; + } + + ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length, + salt.saltvalue.data, salt.saltvalue.length, + iter, + et->keytype->size, kd.key->keyvalue.data); kd.schedule = NULL; + if (ret != 1) { + krb5_set_error_string(context, "Error calculating s2k"); + return KRB5_PROG_KEYTYPE_NOSUPP; + } ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos")); - krb5_free_keyblock_contents(context, key); - if (ret == 0) { + if (ret == 0) ret = krb5_copy_keyblock_contents(context, kd.key, key); - free_key_data(context, &kd); - } + free_key_data(context, &kd); return ret; } @@ -3789,7 +3692,8 @@ krb5_generate_random_block(void *buf, size_t len) rng_initialized = 1; } HEIMDAL_MUTEX_unlock(&crypto_mutex); - RAND_bytes(buf, len); + if (RAND_bytes(buf, len) != 1) + krb5_abortx(NULL, "Failed to generate random block"); } #else diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c index 649bdd20fd..b672fe74f9 100644 --- a/source4/heimdal/lib/krb5/error_string.c +++ b/source4/heimdal/lib/krb5/error_string.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2001, 2003, 2005 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: error_string.c,v 1.3 2004/05/25 21:23:55 lha Exp $"); +RCSID("$Id: error_string.c,v 1.7 2006/02/16 07:49:23 lha Exp $"); #undef __attribute__ #define __attribute__(X) @@ -107,3 +107,24 @@ krb5_have_error_string(krb5_context context) HEIMDAL_MUTEX_unlock(context->mutex); return str != NULL; } + +char * KRB5_LIB_FUNCTION +krb5_get_error_message(krb5_context context, krb5_error_code code) +{ + const char *cstr; + char *str; + + str = krb5_get_error_string(context); + if (str) + return str; + + cstr = krb5_get_err_text(context, code); + if (cstr) + return strdup(cstr); + + if (asprintf(&str, "<unknown error: %d>", code) == -1) + return NULL; + + return str; +} + diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 7043b8ae51..1fa3f9143e 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_cred.c,v 1.108 2005/07/13 07:38:02 lha Exp $"); +RCSID("$Id: get_cred.c,v 1.109 2006/02/03 11:41:02 lha Exp $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -772,7 +772,8 @@ get_cred_from_kdc_flags(krb5_context context, krb5_boolean noaddr; krb5_appdefault_boolean(context, NULL, tgt->server->realm, - "no-addresses", FALSE, &noaddr); + "no-addresses", KRB5_ADDRESSLESS_DEFAULT, + &noaddr); if (noaddr) ret = get_cred_kdc (context, ccache, flags, NULL, in_creds, tgt, *out_creds); diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index be5c1db47d..aa7c62befc 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_for_creds.c,v 1.46 2005/11/28 20:43:02 lha Exp $"); +RCSID("$Id: get_for_creds.c,v 1.47 2006/02/03 11:37:29 lha Exp $"); static krb5_error_code add_addrs(krb5_context context, @@ -284,21 +284,14 @@ krb5_get_forwarded_creds (krb5_context context, enc_krb_cred_part.usec = NULL; } - if (auth_context->local_address && auth_context->local_port) { - krb5_boolean noaddr; - krb5_const_realm srealm; - - srealm = krb5_principal_get_realm(context, out_creds->server); - krb5_appdefault_boolean(context, NULL, srealm, "no-addresses", - paddrs == NULL, &noaddr); - if (!noaddr) { - ret = krb5_make_addrport (context, - &enc_krb_cred_part.s_address, - auth_context->local_address, - auth_context->local_port); - if (ret) - goto out4; - } + if (auth_context->local_address && auth_context->local_port && paddrs) { + + ret = krb5_make_addrport (context, + &enc_krb_cred_part.s_address, + auth_context->local_address, + auth_context->local_port); + if (ret) + goto out4; } if (auth_context->remote_address) { diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index 51b8ebc392..316c2f02eb 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c,v 1.21 2005/10/12 12:45:27 lha Exp $"); +RCSID("$Id: init_creds.c,v 1.22 2006/02/03 11:42:31 lha Exp $"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) @@ -191,7 +191,8 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, if(t != 0) krb5_get_init_creds_opt_set_renew_life(opt, t); - krb5_appdefault_boolean(context, appname, realm, "no-addresses", FALSE, &b); + krb5_appdefault_boolean(context, appname, realm, "no-addresses", + KRB5_ADDRESSLESS_DEFAULT, &b); if (b) krb5_get_init_creds_opt_set_address_list (opt, &no_addrs); diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index c308287a36..8d9b3c62ac 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -12,19 +12,6 @@ #endif #endif -struct krb5_dh_moduli; -struct _krb5_krb_auth_data; - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_PKCS5_PBKDF2 ( - krb5_context /*context*/, - krb5_cksumtype /*cktype*/, - krb5_data /*password*/, - krb5_salt /*salt*/, - u_int32_t /*iter*/, - krb5_keytype /*type*/, - krb5_keyblock */*key*/); - void KRB5_LIB_FUNCTION _krb5_aes_cts_encrypt ( const unsigned char */*in*/, @@ -92,6 +79,9 @@ _krb5_find_type_in_ad ( void _krb5_free_krbhst_info (krb5_krbhst_info */*hi*/); +void +_krb5_free_moduli (struct krb5_dh_moduli **/*moduli*/); + krb5_error_code _krb5_get_default_principal_local ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index c08d8058a4..d7e74621ef 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -20,15 +20,6 @@ extern "C" { #endif #endif -void -initialize_heim_error_table_r (struct et_list **/*list*/); - -void -initialize_k524_error_table_r (struct et_list **/*list*/); - -void -initialize_krb5_error_table_r (struct et_list **/*list*/); - krb5_error_code KRB5_LIB_FUNCTION krb524_convert_creds_kdc ( krb5_context /*context*/, @@ -1689,6 +1680,11 @@ krb5_get_err_text ( krb5_error_code /*code*/); char * KRB5_LIB_FUNCTION +krb5_get_error_message ( + krb5_context /*context*/, + krb5_error_code /*code*/); + +char * KRB5_LIB_FUNCTION krb5_get_error_string (krb5_context /*context*/); krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/krb5_err.et b/source4/heimdal/lib/krb5/krb5_err.et index 1257b074fb..e7bada1808 100644 --- a/source4/heimdal/lib/krb5/krb5_err.et +++ b/source4/heimdal/lib/krb5/krb5_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: krb5_err.et,v 1.12 2004/10/14 15:30:29 lha Exp $" +id "$Id: krb5_err.et,v 1.14 2006/02/13 11:28:22 lha Exp $" error_table krb5 @@ -74,35 +74,36 @@ prefix KRB5_KDC_ERR error_code CLIENT_NOT_TRUSTED, "Client not trusted" error_code KDC_NOT_TRUSTED, "KDC not trusted" error_code INVALID_SIG, "Invalid signature" -error_code KEY_SIZE, "Key size too small/key too weak" -error_code CERTIFICATE_MISMATCH, "Certificate mismatch" +error_code DH_KEY_PARAMETERS_NOT_ACCEPTED, "DH parameters not accepted" +index 69 prefix KRB5_AP_ERR error_code USER_TO_USER_REQUIRED, "User to user required" index 70 -prefix KRB5_KDC_ERROR +prefix KRB5_KDC_ERR error_code CANT_VERIFY_CERTIFICATE, "Cannot verify certificate" -error_code INVALID_CERTIFICATE, "Invalid certificate" -error_code REVOKED_CERTIFICATE, "Revoked certificate" +error_code INVALID_CERTIFICATE, "Certificate invalid" +error_code REVOKED_CERTIFICATE, "Certificate revoked" error_code REVOCATION_STATUS_UNKNOWN, "Revocation status unknown" -error_code REVOCATION_STATUS_UNAVAILABLE, "Revocation status unknown" -error_code CLIENT_NAME_MISMATCH, "Client name mismatch" -index 75 -error_code KDC_NAME_MISMATCH, "KDC name mismatch" - -# 76-79 are reserved - -index 80 -prefix KRB5_IAKERB -error_code ERR_KDC_NOT_FOUND, "IAKERB proxy could not find a KDC" -error_code ERR_KDC_NO_RESPONSE, "IAKERB proxy never reeived a response from a KDC" +error_code CLIENT_NAME_MISMATCH, "Revocation status unknown" +error_code INCONSISTENT_KEY_PURPOSE, "Inconsistent key purpose" +error_code DIGEST_IN_CERT_NOT_ACCEPTED, "Digest in certificate not accepted" +error_code PA_CHECKSUM_MUST_BE_INCLUDED, "paChecksum must be included" +error_code DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED, "Digest in signedData not accepted" +error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not supported" + +## these are never used +#index 80 +#prefix KRB5_IAKERB +#error_code ERR_KDC_NOT_FOUND, "IAKERB proxy could not find a KDC" +#error_code ERR_KDC_NO_RESPONSE, "IAKERB proxy never reeived a response from a KDC" # 82-127 are reserved index 128 prefix -error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.12 2004/10/14 15:30:29 lha Exp $" +error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.14 2006/02/13 11:28:22 lha Exp $" error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode" error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password" diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 60d72c8f80..92dd3271f5 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h,v 1.84 2005/12/13 15:40:50 lha Exp $ */ +/* $Id: krb5_locl.h,v 1.87 2006/02/09 11:36:27 lha Exp $ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -170,14 +170,6 @@ struct _krb5_krb_auth_data; #define KRB5_BUFSIZ 1024 -#ifndef KRB5_DEFAULT_CCNAME -#ifdef __APPLE__ -#define KRB5_DEFAULT_CCNAME "API:" -#else -#define KRB5_DEFAULT_CCNAME "FILE:/tmp/krb5cc_%{uid}" -#endif -#endif - typedef enum { KRB5_PA_PAC_DONT_CARE = 0, KRB5_PA_PAC_REQ_TRUE, @@ -196,4 +188,20 @@ struct _krb5_get_init_creds_opt_private { int canonicalize; }; +/* + * Configurable options + */ + +#ifndef KRB5_DEFAULT_CCNAME +#ifdef __APPLE__ +#define KRB5_DEFAULT_CCNAME "API:" +#else +#define KRB5_DEFAULT_CCNAME "FILE:/tmp/krb5cc_%{uid}" +#endif +#endif + +#ifndef KRB5_ADDRESSLESS_DEFAULT +#define KRB5_ADDRESSLESS_DEFAULT FALSE +#endif + #endif /* __KRB5_LOCL_H__ */ diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c index 56112eea8c..b5a1aadfea 100644 --- a/source4/heimdal/lib/krb5/mk_priv.c +++ b/source4/heimdal/lib/krb5/mk_priv.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_priv.c,v 1.34 2004/05/25 21:33:32 lha Exp $"); +RCSID("$Id: mk_priv.c,v 1.35 2006/02/01 12:39:26 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION @@ -129,9 +129,11 @@ krb5_mk_priv(krb5_context context, ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret); - - if(ret) + if (ret) goto fail; + if (buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + krb5_data_free (&s.enc_part.cipher); ret = krb5_data_copy(outbuf, buf + buf_size - len, len); diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 0c5dfc44e9..1247bb22ca 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,15 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.75 2005/10/21 17:18:38 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.77 2006/02/14 10:08:29 lha Exp $"); + +struct krb5_dh_moduli { + char *name; + unsigned long bits; + heim_integer p; + heim_integer g; + heim_integer q; +}; #ifdef PKINIT @@ -104,14 +112,6 @@ struct krb5_pk_cert { X509 *cert; }; -struct krb5_dh_moduli { - char *name; - unsigned long bits; - heim_integer p; - heim_integer g; - heim_integer q; -}; - struct krb5_pk_init_ctx_data { struct krb5_pk_identity *id; DH *dh; @@ -505,7 +505,13 @@ build_auth_pack(krb5_context context, if (ret) return ret; - ret = krb5_data_copy(&a->pkAuthenticator.paChecksum, + ALLOC(a->pkAuthenticator.paChecksum, 1); + if (a->pkAuthenticator.paChecksum == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + ret = krb5_data_copy(a->pkAuthenticator.paChecksum, checksum.checksum.data, checksum.checksum.length); free_Checksum(&checksum); if (ret) @@ -984,11 +990,9 @@ pk_verify_chain_standard(krb5_context context, * Since X509_verify_cert() doesn't do CRL checking at all, we have to * perform own verification against CRLs */ -#if 0 - ret = pk_verify_crl(context, store_ctx, id->crls); - if (ret) - goto end; -#endif + /* + * XXX add crl checking + */ if (client_cert && cert) *client_cert = X509_dup(cert); @@ -2429,6 +2433,31 @@ _krb5_pk_load_openssl_id(krb5_context context, return ret; } +static krb5_error_code +select_dh_group(krb5_context context, DH *dh, unsigned long bits, + struct krb5_dh_moduli **moduli) +{ + const struct krb5_dh_moduli *m; + + m = moduli[1]; /* XXX */ + if (m == NULL) + m = moduli[0]; /* XXX */ + + dh->p = integer_to_BN(context, "p", &m->p); + if (dh->p == NULL) + return ENOMEM; + dh->g = integer_to_BN(context, "g", &m->g); + if (dh->g == NULL) + return ENOMEM; + dh->q = integer_to_BN(context, "q", &m->q); + if (dh->q == NULL) + return ENOMEM; + + return 0; +} + +#endif /* PKINIT */ + static int parse_integer(krb5_context context, char **p, const char *file, int lineno, const char *name, heim_integer *integer) @@ -2526,7 +2555,7 @@ out: return ret; } -static void +void _krb5_free_moduli(struct krb5_dh_moduli **moduli) { int i; @@ -2541,8 +2570,9 @@ _krb5_free_moduli(struct krb5_dh_moduli **moduli) } static const char *default_moduli = - /* bits */ + /* name */ "RFC2412-MODP-group2 " + /* bits */ "1024 " /* p */ "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" @@ -2566,7 +2596,7 @@ krb5_error_code _krb5_parse_moduli(krb5_context context, const char *file, struct krb5_dh_moduli ***moduli) { - /* comment bits P G Q */ + /* name bits P G Q */ krb5_error_code ret; struct krb5_dh_moduli **m = NULL, **m2; char buf[4096]; @@ -2589,10 +2619,8 @@ _krb5_parse_moduli(krb5_context context, const char *file, } n = 1; - if (file == NULL) { - *moduli = m; - return 0; - } + if (file == NULL) + file = MODULI_FILE; f = fopen(file, "r"); if (f == NULL) { @@ -2646,7 +2674,7 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, for (i = 0; moduli[i] != NULL; i++) { if (heim_integer_cmp(&moduli[i]->g, g) == 0 && heim_integer_cmp(&moduli[i]->p, p) == 0 && - heim_integer_cmp(&moduli[i]->q, q) == 0) + (q == NULL || heim_integer_cmp(&moduli[i]->q, q) == 0)) { if (bits && bits > moduli[i]->bits) { krb5_set_error_string(context, "PKINIT: DH group parameter %s " @@ -2663,32 +2691,6 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; } -static krb5_error_code -select_dh_group(krb5_context context, DH *dh, unsigned long bits, - struct krb5_dh_moduli **moduli) -{ - const struct krb5_dh_moduli *m; - - m = moduli[1]; /* XXX */ - if (m == NULL) - m = moduli[0]; /* XXX */ - - dh->p = integer_to_BN(context, "p", &m->p); - if (dh->p == NULL) - return ENOMEM; - dh->g = integer_to_BN(context, "g", &m->g); - if (dh->g == NULL) - return ENOMEM; - dh->q = integer_to_BN(context, "q", &m->q); - if (dh->q == NULL) - return ENOMEM; - - return 0; -} - - -#endif /* PKINIT */ - void KRB5_LIB_FUNCTION _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) { @@ -2772,11 +2774,10 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, if ((flags & 2) == 0) { const char *moduli_file; - moduli_file = krb5_config_get_string_default(context, NULL, - MODULI_FILE, - "libdefaults", - "moduli", - NULL); + moduli_file = krb5_config_get_string(context, NULL, + "libdefaults", + "moduli", + NULL); ret = _krb5_parse_moduli(context, moduli_file, &opt->opt_private->pk_init_ctx->m); diff --git a/source4/heimdal/lib/roken/hex.c b/source4/heimdal/lib/roken/hex.c new file mode 100644 index 0000000000..ba0f4a4fda --- /dev/null +++ b/source4/heimdal/lib/roken/hex.c @@ -0,0 +1,103 @@ +/* + * Copyright (c) 2004-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: hex.c,v 1.8 2006/01/09 17:09:29 lha Exp $"); +#endif +#include "roken.h" +#include <ctype.h> +#include "hex.h" + +const static char hexchar[] = "0123456789ABCDEF"; + +static int +pos(char c) +{ + const char *p; + c = toupper((unsigned char)c); + for (p = hexchar; *p; p++) + if (*p == c) + return p - hexchar; + return -1; +} + +ssize_t ROKEN_LIB_FUNCTION +hex_encode(const void *data, size_t size, char **str) +{ + const unsigned char *q = data; + size_t i; + char *p; + + /* check for overflow */ + if (size * 2 < size) + return -1; + + p = malloc(size * 2 + 1); + if (p == NULL) + return -1; + + for (i = 0; i < size; i++) { + p[i * 2] = hexchar[(*q >> 4) & 0xf]; + p[i * 2 + 1] = hexchar[*q & 0xf]; + q++; + } + p[i * 2] = '\0'; + *str = p; + + return i * 2; +} + +ssize_t ROKEN_LIB_FUNCTION +hex_decode(const char *str, void *data, size_t len) +{ + size_t l; + unsigned char *p = data; + size_t i; + + l = strlen(str); + + /* check for overflow, same as (l+1)/2 but overflow safe */ + if ((l/2) + (l&1) > len) + return -1; + + i = 0; + if (l & 1) { + p[0] = pos(str[0]); + str++; + p++; + } + for (i = 0; i < l / 2; i++) + p[i] = pos(str[i * 2]) << 4 | pos(str[(i * 2) + 1]); + return i + (l & 1); +} diff --git a/source4/heimdal/lib/roken/hex.h b/source4/heimdal/lib/roken/hex.h new file mode 100644 index 0000000000..cd47b21f9f --- /dev/null +++ b/source4/heimdal/lib/roken/hex.h @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: hex.h,v 1.3 2005/04/12 11:28:50 lha Exp $ */ + +#ifndef _rk_HEX_H_ +#define _rk_HEX_H_ 1 + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION _stdcall +#else +#define ROKEN_LIB_FUNCTION +#endif +#endif + +#define hex_encode rk_hex_encode +#define hex_decode rk_hex_decode + +ssize_t ROKEN_LIB_FUNCTION + hex_encode(const void *, size_t, char **); +ssize_t ROKEN_LIB_FUNCTION + hex_decode(const char *, void *, size_t); + +#endif /* _rk_HEX_H_ */ diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index 8764f422ec..92438a9963 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -45,7 +45,7 @@ #include <assert.h> -RCSID("$Id: resolve.c,v 1.52 2005/08/22 19:16:21 lha Exp $"); +RCSID("$Id: resolve.c,v 1.53 2006/02/06 19:30:16 lha Exp $"); #ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */ #undef HAVE_RES_NSEARCH @@ -275,7 +275,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, } /* the signer name is placed after the sig_data, to make it - easy to free this struture; the size calculation below + easy to free this structure; the size calculation below includes the zero-termination if the structure itself. don't you just love C? */ |