summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/krb5/crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/krb5/crypto.c')
-rw-r--r--source4/heimdal/lib/krb5/crypto.c162
1 files changed, 84 insertions, 78 deletions
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index aa417e15eb..5d274e9af7 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -35,17 +35,23 @@
#include "krb5_locl.h"
+struct _krb5_key_usage {
+ unsigned usage;
+ struct _krb5_key_data key;
+};
+
+
#ifndef HEIMDAL_SMALLER
#define DES3_OLD_ENCTYPE 1
#endif
static krb5_error_code _get_derived_key(krb5_context, krb5_crypto,
- unsigned, struct key_data**);
-static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
+ unsigned, struct _krb5_key_data**);
+static struct _krb5_key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
static void free_key_schedule(krb5_context,
- struct key_data *,
- struct encryption_type *);
+ struct _krb5_key_data *,
+ struct _krb5_encryption_type *);
/************************************************************
* *
@@ -56,7 +62,7 @@ krb5_enctype_keysize(krb5_context context,
krb5_enctype type,
size_t *keysize)
{
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@@ -72,7 +78,7 @@ krb5_enctype_keybits(krb5_context context,
krb5_enctype type,
size_t *keybits)
{
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
"encryption type %d not supported",
@@ -89,7 +95,7 @@ krb5_generate_random_keyblock(krb5_context context,
krb5_keyblock *key)
{
krb5_error_code ret;
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@@ -110,11 +116,11 @@ krb5_generate_random_keyblock(krb5_context context,
static krb5_error_code
_key_schedule(krb5_context context,
- struct key_data *key)
+ struct _krb5_key_data *key)
{
krb5_error_code ret;
- struct encryption_type *et = _krb5_find_enctype(key->key->keytype);
- struct key_type *kt;
+ struct _krb5_encryption_type *et = _krb5_find_enctype(key->key->keytype);
+ struct _krb5_key_type *kt;
if (et == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@@ -150,7 +156,7 @@ _key_schedule(krb5_context context,
static krb5_error_code
SHA1_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@@ -164,11 +170,11 @@ SHA1_checksum(krb5_context context,
/* HMAC according to RFC2104 */
krb5_error_code
_krb5_internal_hmac(krb5_context context,
- struct checksum_type *cm,
+ struct _krb5_checksum_type *cm,
const void *data,
size_t len,
unsigned usage,
- struct key_data *keyblock,
+ struct _krb5_key_data *keyblock,
Checksum *result)
{
unsigned char *ipad, *opad;
@@ -228,8 +234,8 @@ krb5_hmac(krb5_context context,
krb5_keyblock *key,
Checksum *result)
{
- struct checksum_type *c = _krb5_find_checksum(cktype);
- struct key_data kd;
+ struct _krb5_checksum_type *c = _krb5_find_checksum(cktype);
+ struct _krb5_key_data kd;
krb5_error_code ret;
if (c == NULL) {
@@ -252,13 +258,13 @@ krb5_hmac(krb5_context context,
krb5_error_code
_krb5_SP_HMAC_SHA1_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
Checksum *result)
{
- struct checksum_type *c = _krb5_find_checksum(CKSUMTYPE_SHA1);
+ struct _krb5_checksum_type *c = _krb5_find_checksum(CKSUMTYPE_SHA1);
Checksum res;
char sha1_data[20];
krb5_error_code ret;
@@ -273,7 +279,7 @@ _krb5_SP_HMAC_SHA1_checksum(krb5_context context,
return 0;
}
-struct checksum_type _krb5_checksum_sha1 = {
+struct _krb5_checksum_type _krb5_checksum_sha1 = {
CKSUMTYPE_SHA1,
"sha1",
64,
@@ -283,7 +289,7 @@ struct checksum_type _krb5_checksum_sha1 = {
NULL
};
-struct checksum_type *
+struct _krb5_checksum_type *
_krb5_find_checksum(krb5_cksumtype type)
{
int i;
@@ -297,8 +303,8 @@ static krb5_error_code
get_checksum_key(krb5_context context,
krb5_crypto crypto,
unsigned usage, /* not krb5_key_usage */
- struct checksum_type *ct,
- struct key_data **key)
+ struct _krb5_checksum_type *ct,
+ struct _krb5_key_data **key)
{
krb5_error_code ret = 0;
@@ -327,7 +333,7 @@ get_checksum_key(krb5_context context,
static krb5_error_code
create_checksum (krb5_context context,
- struct checksum_type *ct,
+ struct _krb5_checksum_type *ct,
krb5_crypto crypto,
unsigned usage,
void *data,
@@ -335,7 +341,7 @@ create_checksum (krb5_context context,
Checksum *result)
{
krb5_error_code ret;
- struct key_data *dkey;
+ struct _krb5_key_data *dkey;
int keyed_checksum;
if (ct->flags & F_DISABLED) {
@@ -364,7 +370,7 @@ create_checksum (krb5_context context,
}
static int
-arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
+arcfour_checksum_p(struct _krb5_checksum_type *ct, krb5_crypto crypto)
{
return (ct->type == CKSUMTYPE_HMAC_MD5) &&
(crypto->key.key->keytype == KEYTYPE_ARCFOUR);
@@ -379,7 +385,7 @@ krb5_create_checksum(krb5_context context,
size_t len,
Checksum *result)
{
- struct checksum_type *ct = NULL;
+ struct _krb5_checksum_type *ct = NULL;
unsigned keyusage;
/* type 0 -> pick from crypto */
@@ -417,10 +423,10 @@ verify_checksum(krb5_context context,
Checksum *cksum)
{
krb5_error_code ret;
- struct key_data *dkey;
+ struct _krb5_key_data *dkey;
int keyed_checksum;
Checksum c;
- struct checksum_type *ct;
+ struct _krb5_checksum_type *ct;
ct = _krb5_find_checksum(cksum->cksumtype);
if (ct == NULL || (ct->flags & F_DISABLED)) {
@@ -441,7 +447,7 @@ verify_checksum(krb5_context context,
}
keyed_checksum = (ct->flags & F_KEYED) != 0;
if(keyed_checksum) {
- struct checksum_type *kct;
+ struct _krb5_checksum_type *kct;
if (crypto == NULL) {
krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("Checksum type %s is keyed but no "
@@ -511,7 +517,7 @@ krb5_verify_checksum(krb5_context context,
size_t len,
Checksum *cksum)
{
- struct checksum_type *ct;
+ struct _krb5_checksum_type *ct;
unsigned keyusage;
ct = _krb5_find_checksum(cksum->cksumtype);
@@ -537,7 +543,7 @@ krb5_crypto_get_checksum_type(krb5_context context,
krb5_crypto crypto,
krb5_cksumtype *type)
{
- struct checksum_type *ct = NULL;
+ struct _krb5_checksum_type *ct = NULL;
if (crypto != NULL) {
ct = crypto->et->keyed_checksum;
@@ -562,7 +568,7 @@ krb5_checksumsize(krb5_context context,
krb5_cksumtype type,
size_t *size)
{
- struct checksum_type *ct = _krb5_find_checksum(type);
+ struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("checksum type %d not supported", ""),
@@ -577,7 +583,7 @@ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_keyed(krb5_context context,
krb5_cksumtype type)
{
- struct checksum_type *ct = _krb5_find_checksum(type);
+ struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
@@ -592,7 +598,7 @@ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_collision_proof(krb5_context context,
krb5_cksumtype type)
{
- struct checksum_type *ct = _krb5_find_checksum(type);
+ struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
@@ -607,7 +613,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_checksum_disable(krb5_context context,
krb5_cksumtype type)
{
- struct checksum_type *ct = _krb5_find_checksum(type);
+ struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
@@ -623,7 +629,7 @@ krb5_checksum_disable(krb5_context context,
* *
************************************************************/
-struct encryption_type *
+struct _krb5_encryption_type *
_krb5_find_enctype(krb5_enctype type)
{
int i;
@@ -639,7 +645,7 @@ krb5_enctype_to_string(krb5_context context,
krb5_enctype etype,
char **string)
{
- struct encryption_type *e;
+ struct _krb5_encryption_type *e;
e = _krb5_find_enctype(etype);
if(e == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@@ -678,7 +684,7 @@ krb5_enctype_to_keytype(krb5_context context,
krb5_enctype etype,
krb5_keytype *keytype)
{
- struct encryption_type *e = _krb5_find_enctype(etype);
+ struct _krb5_encryption_type *e = _krb5_find_enctype(etype);
if(e == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@@ -693,7 +699,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_valid(krb5_context context,
krb5_enctype etype)
{
- struct encryption_type *e = _krb5_find_enctype(etype);
+ struct _krb5_encryption_type *e = _krb5_find_enctype(etype);
if(e == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@@ -751,7 +757,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cksumtype_valid(krb5_context context,
krb5_cksumtype ctype)
{
- struct checksum_type *c = _krb5_find_checksum(ctype);
+ struct _krb5_checksum_type *c = _krb5_find_checksum(ctype);
if (c == NULL) {
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("checksum type %d not supported", ""),
@@ -798,8 +804,8 @@ encrypt_internal_derived(krb5_context context,
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
- struct key_data *dkey;
- const struct encryption_type *et = crypto->et;
+ struct _krb5_key_data *dkey;
+ const struct _krb5_encryption_type *et = crypto->et;
checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
@@ -864,7 +870,7 @@ encrypt_internal(krb5_context context,
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
- const struct encryption_type *et = crypto->et;
+ const struct _krb5_encryption_type *et = crypto->et;
checksum_sz = CHECKSUMSIZE(et->checksum);
@@ -926,7 +932,7 @@ encrypt_internal_special(krb5_context context,
krb5_data *result,
void *ivec)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t cksum_sz = CHECKSUMSIZE(et->checksum);
size_t sz = len + cksum_sz + et->confoundersize;
char *tmp, *p;
@@ -967,8 +973,8 @@ decrypt_internal_derived(krb5_context context,
Checksum cksum;
unsigned char *p;
krb5_error_code ret;
- struct key_data *dkey;
- struct encryption_type *et = crypto->et;
+ struct _krb5_key_data *dkey;
+ struct _krb5_encryption_type *et = crypto->et;
unsigned long l;
checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
@@ -1047,7 +1053,7 @@ decrypt_internal(krb5_context context,
unsigned char *p;
Checksum cksum;
size_t checksum_sz, l;
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
if ((len % et->padsize) != 0) {
krb5_clear_error_message(context);
@@ -1112,7 +1118,7 @@ decrypt_internal_special(krb5_context context,
krb5_data *result,
void *ivec)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t cksum_sz = CHECKSUMSIZE(et->checksum);
size_t sz = len - cksum_sz - et->confoundersize;
unsigned char *p;
@@ -1201,8 +1207,8 @@ krb5_encrypt_iov_ivec(krb5_context context,
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
- struct key_data *dkey;
- const struct encryption_type *et = crypto->et;
+ struct _krb5_key_data *dkey;
+ const struct _krb5_encryption_type *et = crypto->et;
krb5_crypto_iov *tiv, *piv, *hiv;
if (num_data < 0) {
@@ -1393,8 +1399,8 @@ krb5_decrypt_iov_ivec(krb5_context context,
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
- struct key_data *dkey;
- struct encryption_type *et = crypto->et;
+ struct _krb5_key_data *dkey;
+ struct _krb5_encryption_type *et = crypto->et;
krb5_crypto_iov *tiv, *hiv;
if (num_data < 0) {
@@ -1619,7 +1625,7 @@ krb5_verify_checksum_iov(krb5_context context,
unsigned int num_data,
krb5_cksumtype *type)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
Checksum cksum;
krb5_crypto_iov *civ;
krb5_error_code ret;
@@ -1833,15 +1839,15 @@ krb5_decrypt_EncryptedData(krb5_context context,
krb5_error_code
_krb5_derive_key(krb5_context context,
- struct encryption_type *et,
- struct key_data *key,
+ struct _krb5_encryption_type *et,
+ struct _krb5_key_data *key,
const void *constant,
size_t len)
{
unsigned char *k = NULL;
unsigned int nblocks = 0, i;
krb5_error_code ret = 0;
- struct key_type *kt = et->keytype;
+ struct _krb5_key_type *kt = et->keytype;
ret = _key_schedule(context, key);
if(ret)
@@ -1923,10 +1929,10 @@ _krb5_derive_key(krb5_context context,
return ret;
}
-static struct key_data *
+static struct _krb5_key_data *
_new_derived_key(krb5_crypto crypto, unsigned usage)
{
- struct key_usage *d = crypto->key_usage;
+ struct _krb5_key_usage *d = crypto->key_usage;
d = realloc(d, (crypto->num_key_usage + 1) * sizeof(*d));
if(d == NULL)
return NULL;
@@ -1946,8 +1952,8 @@ krb5_derive_key(krb5_context context,
krb5_keyblock **derived_key)
{
krb5_error_code ret;
- struct encryption_type *et;
- struct key_data d;
+ struct _krb5_encryption_type *et;
+ struct _krb5_key_data d;
*derived_key = NULL;
@@ -1975,10 +1981,10 @@ static krb5_error_code
_get_derived_key(krb5_context context,
krb5_crypto crypto,
unsigned usage,
- struct key_data **key)
+ struct _krb5_key_data **key)
{
int i;
- struct key_data *d;
+ struct _krb5_key_data *d;
unsigned char constant[5];
for(i = 0; i < crypto->num_key_usage; i++)
@@ -2060,8 +2066,8 @@ krb5_crypto_init(krb5_context context,
static void
free_key_schedule(krb5_context context,
- struct key_data *key,
- struct encryption_type *et)
+ struct _krb5_key_data *key,
+ struct _krb5_encryption_type *et)
{
if (et->keytype->cleanup)
(*et->keytype->cleanup)(context, key);
@@ -2070,8 +2076,8 @@ free_key_schedule(krb5_context context,
}
void
-_krb5_free_key_data(krb5_context context, struct key_data *key,
- struct encryption_type *et)
+_krb5_free_key_data(krb5_context context, struct _krb5_key_data *key,
+ struct _krb5_encryption_type *et)
{
krb5_free_keyblock(context, key->key);
if(key->schedule) {
@@ -2081,8 +2087,8 @@ _krb5_free_key_data(krb5_context context, struct key_data *key,
}
static void
-free_key_usage(krb5_context context, struct key_usage *ku,
- struct encryption_type *et)
+free_key_usage(krb5_context context, struct _krb5_key_usage *ku,
+ struct _krb5_encryption_type *et)
{
_krb5_free_key_data(context, &ku->key, et);
}
@@ -2212,7 +2218,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_disable(krb5_context context,
krb5_enctype enctype)
{
- struct encryption_type *et = _krb5_find_enctype(enctype);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(enctype);
if(et == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@@ -2239,7 +2245,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_enable(krb5_context context,
krb5_enctype enctype)
{
- struct encryption_type *et = _krb5_find_enctype(enctype);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(enctype);
if(et == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@@ -2283,7 +2289,7 @@ wrapped_length (krb5_context context,
krb5_crypto crypto,
size_t data_len)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t padsize = et->padsize;
size_t checksumsize = CHECKSUMSIZE(et->checksum);
size_t res;
@@ -2298,7 +2304,7 @@ wrapped_length_dervied (krb5_context context,
krb5_crypto crypto,
size_t data_len)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t padsize = et->padsize;
size_t res;
@@ -2334,7 +2340,7 @@ static size_t
crypto_overhead (krb5_context context,
krb5_crypto crypto)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t res;
res = CHECKSUMSIZE(et->checksum);
@@ -2348,7 +2354,7 @@ static size_t
crypto_overhead_dervied (krb5_context context,
krb5_crypto crypto)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t res;
if (et->keyed_checksum)
@@ -2395,7 +2401,7 @@ krb5_random_to_key(krb5_context context,
krb5_keyblock *key)
{
krb5_error_code ret;
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@@ -2429,7 +2435,7 @@ krb5_crypto_prf_length(krb5_context context,
krb5_enctype type,
size_t *length)
{
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL || et->prf_length == 0) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
@@ -2448,7 +2454,7 @@ krb5_crypto_prf(krb5_context context,
const krb5_data *input,
krb5_data *output)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
krb5_data_zero(output);
@@ -2640,8 +2646,8 @@ krb5_enctypes_compatible_keys(krb5_context context,
krb5_enctype etype1,
krb5_enctype etype2)
{
- struct encryption_type *e1 = _krb5_find_enctype(etype1);
- struct encryption_type *e2 = _krb5_find_enctype(etype2);
+ struct _krb5_encryption_type *e1 = _krb5_find_enctype(etype1);
+ struct _krb5_encryption_type *e2 = _krb5_find_enctype(etype2);
return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype;
}
generated by cgit (git 2.34.1) at 2024-05-20 16:09:51 +0000