+2002-09-26 Tom Yu <tlyu@mit.edu>
+
+ * des.h: Some initial work for KfM integration. Clean up
+ DES_INT32 selection. Set up for inclusion by
+ lib/crypto/des/des_int.h, which will define a special macro to
+ prevent the krb4-specific stuff from being declared.
+
+ * krb.h: Initial work for KfM integration. Fix up KRB4_32, and
+ add KRB_INT32, KRB_UINT32. Change all error code macros to be
+ offsets from krb_err.et symbols.
+
2002-09-18 Ken Raeburn <raeburn@mit.edu>
* krb.h: Add extern "C" markers in case a C++ compiler is used.
/*
* include/kerberosIV/des.h
*
- * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
+ * Copyright 1987, 1988, 1994, 2002 by the Massachusetts Institute of
+ * Technology. All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* Include file for the Data Encryption Standard library.
*/
+#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+ #include <TargetConditionals.h>
+ #if TARGET_RT_MAC_CFM
+ #error "Use KfM 4.0 SDK headers for CFM compilation."
+ #endif
+#endif
+
+#ifndef KRB5INT_DES_TYPES_DEFINED
+#define KRB5INT_DES_TYPES_DEFINED
+
+#if TARGET_OS_MAC
+ #if defined(__MWERKS__)
+ #pragma import on
+ #pragma enumsalwaysint on
+ #endif
+ #pragma options align=mac68k
+#endif
+
+#include <limits.h>
+
+#if UINT_MAX >= 0xFFFFFFFFUL
+#define DES_INT32 int
+#define DES_UINT32 unsigned int
+#else
+#define DES_INT32 long
+#define DES_UINT32 unsigned long
+#endif
+
+typedef unsigned char des_cblock[8]; /* crypto-block size */
+/*
+ * Key schedule.
+ *
+ * This used to be
+ *
+ * typedef struct des_ks_struct { union { DES_INT32 pad; des_cblock _;} __; } des_key_schedule[16];
+ *
+ * but it would cause trouble if DES_INT32 is ever more than 4 bytes.
+ * The reason is that all the encryption functions cast it to
+ * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If
+ * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the
+ * caller-allocated des_key_schedule will be overflowed by the key
+ * scheduling functions. We can't assume that every platform will
+ * have an exact 32-bit int, and nothing should be looking inside a
+ * des_key_schedule anyway.
+ */
+typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16];
+
+#if TARGET_OS_MAC
+ #if defined(__MWERKS__)
+ #pragma enumsalwaysint reset
+ #pragma import reset
+ #endif
+ #pragma options align=reset
+#endif
+
+#endif /* KRB5INT_DES_TYPES_DEFINED */
+
/* only do the whole thing once */
#ifndef DES_DEFS
+/*
+ * lib/crypto/des/des_int.h defines KRB5INT_CRYPTO_DES_INT temporarily
+ * to avoid including the defintions and declarations below. The
+ * reason that the crypto library needs to include this file is that
+ * it needs to have its types aligned with krb4's types.
+ */
+#ifndef KRB5INT_CRYPTO_DES_INT
#define DES_DEFS
+#if TARGET_OS_MAC
+ #if defined(__MWERKS__)
+ #pragma import on
+ #pragma enumsalwaysint on
+ #endif
+ #pragma options align=mac68k
+#endif
+
#if defined(_WIN32) && !defined(_WINDOWS)
#define _WINDOWS
#endif
#endif
#include <win-mac.h>
#endif
-#ifdef __STDC__
-#include <limits.h>
-#endif
#include <stdio.h> /* need FILE for des_cblock_print_file */
/* Windows declarations */
#define KRB5_CALLCONV_C
#endif
-#ifndef KRB4_32
-#ifdef SIZEOF_INT
-#if SIZEOF_INT >= 4
-#define KRB4_32 int
-#else /* !(SIZEOF_INT >= 4) */
-#define KRB4_32 long
-#endif /* !(SIZEOF_INT >= 4) */
-#else /* !defined(SIZEOF_INT) */
-#ifdef __STDC__
-#if INT_MAX >= 0x7fffffff
-#define KRB4_32 int
-#else /* !(INT_MAX >= 0x7ffffff) */
-#define KRB4_32 long
-#endif /* !(INT_MAX >= 0x7ffffff) */
-#else /* !defined(__STDC__) */
-#define KRB4_32 long /* worst case */
-#endif /* !defined(__STDC__) */
-#endif /* !defined(SIZEOF_INT) */
-#endif /* !defined(KRB4_32) */
-
-/* Key schedule */
-/* Ick. We need this in here unfortunately... */
-#ifndef DES_INT32
-#define DES_INT32 KRB4_32
-#endif
-
-/*
- *
- * NOTE WELL:
- *
- * This section must be kept in sync with lib/crypto/des/des_int.h,
- * until we get around to actually combining them at the source level.
- * We can't right now, because both the Mac and Windows platforms are
- * using their own versions of krb4 des.h, and that's the one that
- * would have to have the definitions because we install it under UNIX.
- *
- */
-#ifndef KRB5INT_DES_TYPES_DEFINED
-#define KRB5INT_DES_TYPES_DEFINED
-typedef unsigned char des_cblock[8]; /* crypto-block size */
-typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16];
-#endif
-/* end sync */
-
#define DES_KEY_SZ (sizeof(des_cblock))
#define DES_ENCRYPT 1
#define DES_DECRYPT 0
#define des_cblock_print(x) des_cblock_print_file(x, stdout)
-
/*
* Function Prototypes
*/
int enc);
unsigned long KRB5_CALLCONV
-des_quad_cksum (const unsigned char *in, unsigned KRB4_32 *out,
+des_quad_cksum (const unsigned char *in, unsigned DES_INT32 *out,
long length, int out_count, C_Block *seed);
-
+/*
+ * XXX ABI change: used to return void; also, cns/kfm have signed long
+ * instead of unsigned long length.
+ */
+unsigned long KRB5_CALLCONV
+des_cbc_cksum(const des_cblock *, des_cblock *, unsigned long,
+ const des_key_schedule, const des_cblock *);
int KRB5_CALLCONV des_string_to_key (const char *, C_Block);
-/* new */
-#ifdef KRB5_GENERAL__
-/* Why are we using krb5 types as part of this API? */
-void KRB5_CALLCONV
-des_cbc_cksum(const krb5_octet *, krb5_octet *, unsigned long,
- const des_key_schedule, const krb5_octet *);
-int des_cbc_encrypt(krb5_octet *, krb5_octet *, unsigned long,
- const des_key_schedule, const krb5_octet *, int);
-krb5_error_code des_read_password(des_cblock *, char *, int);
-#endif
-/* The unsigned long pointers are indicative of the desired alignment;
- the values there aren't really treated as long values. */
-int KRB5_CALLCONV des_ecb_encrypt(unsigned long *, unsigned long *,
- const des_key_schedule, int);
+/* XXX ABI change: used to return krb5_error_code */
+int KRB5_CALLCONV des_read_password(des_cblock *, char *, int);
+int KRB5_CALLCONV des_ecb_encrypt(des_cblock *, des_cblock *,
+ const des_key_schedule, int);
+/* XXX kfm/cns have signed long length */
+int des_cbc_encrypt(des_cblock *, des_cblock *, unsigned long,
+ const des_key_schedule, const des_cblock *, int);
void des_fixup_key_parity(des_cblock);
int des_check_key_parity(des_cblock);
int KRB5_CALLCONV des_new_random_key(des_cblock);
int des_is_weak_key(des_cblock);
void des_cblock_print_file(des_cblock *, FILE *fp);
+#if TARGET_OS_MAC
+
+/*
+ * Stuff ported from KfM follows...
+ */
+
+void afs_string_to_key(char *, char *, des_cblock);
+
+/*
+ * AFS string2key support; they should be considered internal, but KfM
+ * exposes them.
+ */
+char *des_crypt(const char *, const char *);
+char *des_fcrypt(const char *, const char *, char *);
+int des_set_key(des_cblock *, des_key_schedule);
+
+/*
+ * internal used by des_read_password, but kfm exposes it
+ */
+int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int);
+
+void des_3cbc_encrypt(des_cblock *, des_cblock *, long, des_key_schedule, des_key_schedule, des_key_schedule, des_cblock *, int);
+void des_3ecb_encrypt(des_cblock *, des_cblock *, des_key_schedule, des_key_schedule, des_key_schedule, int);
+
+/*
+ * Should be internal to crypto/des/f_sched.c, but KfM exposes it.
+ */
+int make_key_sched(des_cblock *, des_key_schedule);
+
+/*
+ * XXX need to implement the following three:
+ */
+void des_generate_random_block(des_cblock);
+void des_set_random_generator_seed(des_cblock);
+void des_set_sequence_number(des_cblock);
+
+#endif /* TARGET_OS_MAC */
+
+#if TARGET_OS_MAC
+ #if defined(__MWERKS__)
+ #pragma enumsalwaysint reset
+ #pragma import reset
+ #endif
+ #pragma options align=reset
+#endif
+
+#endif /* KRB5INT_CRYPTO_DES_INT */
#endif /* DES_DEFS */
/* Need some defs from des.h */
#include <kerberosIV/des.h>
+#define KRB4_32 DES_INT32
+#define KRB_INT32 DES_INT32
+#define KRB_UINT32 DES_UINT32
+
#ifdef _WINDOWS
#include <time.h>
#endif /* _WINDOWS */
#define MAX_KRB_ERRORS 256
extern const char *const krb_err_txt[MAX_KRB_ERRORS];
-/* These are not defined for at least SunOS 3.3 and Ultrix 2.2 */
-#if defined(ULTRIX022) || (defined(SunOS) && SunOS < 40)
-#define FD_ZERO(p) ((p)->fds_bits[0] = 0)
-#define FD_SET(n, p) ((p)->fds_bits[0] |= (1 << (n)))
-#define FD_ISSET(n, p) ((p)->fds_bits[0] & (1 << (n)))
-#endif /* ULTRIX022 || SunOS */
-
/* General definitions */
#define KSUCCESS 0
#define KFAILURE 255
-#ifdef NO_UIDGID_T
-typedef unsigned short uid_t;
-typedef unsigned short gid_t;
-#endif /* NO_UIDGID_T */
-
/*
* Kerberos specific definitions
*
#define MAX_HSTNM 100
#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */
-#define DEFAULT_TKT_LIFE 255 /* default lifetime for krb_mk_req */
+#define DEFAULT_TKT_LIFE 120 /* default lifetime for krb_mk_req */
#endif
/* Definition of text structure used to pass text around */
KRB4_32 issue_date; /* The issue time */
char pname[ANAME_SZ]; /* Principal's name */
char pinst[INST_SZ]; /* Principal's instance */
+#if TARGET_OS_MAC
+ KRB_UINT32 address; /* Address in ticket */
+ KRB_UINT32 stk_type; /* string_to_key function needed */
+#endif
};
typedef struct credentials CREDENTIALS;
#define TKT_ROOT "/tmp/tkt"
#endif /* PC */
-/* Error codes returned from the KDC */
-#define KDC_OK 0 /* Request OK */
-#define KDC_NAME_EXP 1 /* Principal expired */
-#define KDC_SERVICE_EXP 2 /* Service expired */
-#define KDC_AUTH_EXP 3 /* Auth expired */
-#define KDC_PKT_VER 4 /* Protocol version unknown */
-#define KDC_P_MKEY_VER 5 /* Wrong master key version */
-#define KDC_S_MKEY_VER 6 /* Wrong master key version */
-#define KDC_BYTE_ORDER 7 /* Byte order unknown */
-#define KDC_PR_UNKNOWN 8 /* Principal unknown */
-#define KDC_PR_N_UNIQUE 9 /* Principal not unique */
-#define KDC_NULL_KEY 10 /* Principal has null key */
-#define KDC_GEN_ERR 20 /* Generic error from KDC */
+#include "kerberosIV/krb_err.h" /* XXX FIXME! */
+#define KRB_ET(x) ((KRBET_ ## x) - ERROR_TABLE_BASE_krb)
+/* Error codes returned from the KDC */
+#define KDC_OK KRB_ET(KSUCCESS) /* 0 - Request OK */
+#define KDC_NAME_EXP KRB_ET(KDC_NAME_EXP) /* 1 - Principal expired */
+#define KDC_SERVICE_EXP KRB_ET(KDC_SERVICE_EXP) /* 2 - Service expired */
+#define KDC_AUTH_EXP KRB_ET(KDC_AUTH_EXP) /* 3 - Auth expired */
+#define KDC_PKT_VER KRB_ET(KDC_PKT_VER) /* 4 - Prot version unknown */
+#define KDC_P_MKEY_VER KRB_ET(KDC_P_MKEY_VER) /* 5 - Wrong mkey version */
+#define KDC_S_MKEY_VER KRB_ET(KDC_S_MKEY_VER) /* 6 - Wrong mkey version */
+#define KDC_BYTE_ORDER KRB_ET(KDC_BYTE_ORDER) /* 7 - Byte order unknown */
+#define KDC_PR_UNKNOWN KRB_ET(KDC_PR_UNKNOWN) /* 8 - Princ unknown */
+#define KDC_PR_N_UNIQUE KRB_ET(KDC_PR_N_UNIQUE) /* 9 - Princ not unique */
+#define KDC_NULL_KEY KRB_ET(KDC_NULL_KEY) /* 10 - Princ has null key */
+#define KDC_GEN_ERR KRB_ET(KDC_GEN_ERR) /* 20 - Generic err frm KDC */
/* Values returned by get_credentials */
-#define GC_OK 0 /* Retrieve OK */
-#define RET_OK 0 /* Retrieve OK */
-#define GC_TKFIL 21 /* Can't read ticket file */
-#define RET_TKFIL 21 /* Can't read ticket file */
-#define GC_NOTKT 22 /* Can't find ticket or TGT */
-#define RET_NOTKT 22 /* Can't find ticket or TGT */
-
+#define GC_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */
+#define RET_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */
+#define GC_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */
+#define RET_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */
+#define GC_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */
+#define RET_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */
/* Values returned by mk_ap_req */
-#define MK_AP_OK 0 /* Success */
-#define MK_AP_TGTEXP 26 /* TGT Expired */
+#define MK_AP_OK KRB_ET(KSUCCESS) /* 0 - Success */
+#define MK_AP_TGTEXP KRB_ET(MK_AP_TGTEXP) /* 26 - TGT Expired */
/* Values returned by rd_ap_req */
-#define RD_AP_OK 0 /* Request authentic */
-#define RD_AP_UNDEC 31 /* Can't decode authenticator */
-#define RD_AP_EXP 32 /* Ticket expired */
-#define RD_AP_NYV 33 /* Ticket not yet valid */
-#define RD_AP_REPEAT 34 /* Repeated request */
-#define RD_AP_NOT_US 35 /* The ticket isn't for us */
-#define RD_AP_INCON 36 /* Request is inconsistent */
-#define RD_AP_TIME 37 /* delta_t too big */
-#define RD_AP_BADD 38 /* Incorrect net address */
-#define RD_AP_VERSION 39 /* protocol version mismatch */
-#define RD_AP_MSG_TYPE 40 /* invalid msg type */
-#define RD_AP_MODIFIED 41 /* message stream modified */
-#define RD_AP_ORDER 42 /* message out of order */
-#define RD_AP_UNAUTHOR 43 /* unauthorized request */
+#define RD_AP_OK KRB_ET(KSUCCESS) /* 0 - Request authentic */
+#define RD_AP_UNDEC KRB_ET(RD_AP_UNDEC) /* 31 - Can't decode authent */
+#define RD_AP_EXP KRB_ET(RD_AP_EXP) /* 32 - Ticket expired */
+#define RD_AP_NYV KRB_ET(RD_AP_NYV) /* 33 - Ticket not yet valid */
+#define RD_AP_REPEAT KRB_ET(RD_AP_REPEAT) /* 34 - Repeated request */
+#define RD_AP_NOT_US KRB_ET(RD_AP_NOT_US) /* 35 - Ticket isn't for us */
+#define RD_AP_INCON KRB_ET(RD_AP_INCON) /* 36 - Request inconsistent */
+#define RD_AP_TIME KRB_ET(RD_AP_TIME) /* 37 - delta_t too big */
+#define RD_AP_BADD KRB_ET(RD_AP_BADD) /* 38 - Incorrect net addr */
+#define RD_AP_VERSION KRB_ET(RD_AP_VERSION) /* 39 - prot vers mismatch */
+#define RD_AP_MSG_TYPE KRB_ET(RD_AP_MSG_TYPE) /* 40 - invalid msg type */
+#define RD_AP_MODIFIED KRB_ET(RD_AP_MODIFIED) /* 41 - msg stream modified */
+#define RD_AP_ORDER KRB_ET(RD_AP_ORDER) /* 42 - message out of order */
+#define RD_AP_UNAUTHOR KRB_ET(RD_AP_UNAUTHOR) /* 43 - unauthorized request */
/* Values returned by get_pw_tkt */
-#define GT_PW_OK 0 /* Got password changing tkt */
-#define GT_PW_NULL 51 /* Current PW is null */
-#define GT_PW_BADPW 52 /* Incorrect current password */
-#define GT_PW_PROT 53 /* Protocol Error */
-#define GT_PW_KDCERR 54 /* Error returned by KDC */
-#define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */
-
+#define GT_PW_OK KRB_ET(KSUCCESS) /* 0 - Got passwd chg tkt */
+#define GT_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */
+#define GT_PW_BADPW KRB_ET(GT_PW_BADPW) /* 52 - Wrong passwd */
+#define GT_PW_PROT KRB_ET(GT_PW_PROT) /* 53 - Protocol Error */
+#define GT_PW_KDCERR KRB_ET(GT_PW_KDCERR) /* 54 - Error ret by KDC */
+#define GT_PW_NULLTKT KRB_ET(GT_PW_NULLTKT) /* 55 - Null tkt ret by KDC */
/* Values returned by send_to_kdc */
-#define SKDC_OK 0 /* Response received */
-#define SKDC_RETRY 56 /* Retry count exceeded */
-#define SKDC_CANT 57 /* Can't send request */
+#define SKDC_OK KRB_ET(KSUCCESS) /* 0 - Response received */
+#define SKDC_RETRY KRB_ET(SKDC_RETRY) /* 56 - Retry count exceeded */
+#define SKDC_CANT KRB_ET(SKDC_CANT) /* 57 - Can't send request */
/*
* Values returned by get_intkt
* (can also return SKDC_* and KDC errors)
*/
-#define INTK_OK 0 /* Ticket obtained */
-#define INTK_W_NOTALL 61 /* Not ALL tickets returned */
-#define INTK_BADPW 62 /* Incorrect password */
-#define INTK_PROT 63 /* Protocol Error */
-#define INTK_ERR 70 /* Other error */
+#define INTK_OK KRB_ET(KSUCCESS) /* 0 - Ticket obtained */
+#define INTK_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */
+#define INTK_W_NOTALL KRB_ET(INTK_W_NOTALL) /* 61 - Not ALL tkts retd */
+#define INTK_BADPW KRB_ET(INTK_BADPW) /* 62 - Incorrect password */
+#define INTK_PROT KRB_ET(INTK_PROT) /* 63 - Protocol Error */
+#define INTK_ERR KRB_ET(INTK_ERR) /* 70 - Other error */
/* Values returned by get_adtkt */
-#define AD_OK 0 /* Ticket Obtained */
-#define AD_NOTGT 71 /* Don't have tgt */
+#define AD_OK KRB_ET(KSUCCESS) /* 0 - Ticket Obtained */
+#define AD_NOTGT KRB_ET(AD_NOTGT) /* 71 - Don't have tgt */
/* Error codes returned by ticket file utilities */
-#define NO_TKT_FIL 76 /* No ticket file found */
-#define TKT_FIL_ACC 77 /* Couldn't access tkt file */
-#define TKT_FIL_LCK 78 /* Couldn't lock ticket file */
-#define TKT_FIL_FMT 79 /* Bad ticket file format */
-#define TKT_FIL_INI 80 /* tf_init not called first */
+#define NO_TKT_FIL KRB_ET(NO_TKT_FIL) /* 76 - No ticket file found */
+#define TKT_FIL_ACC KRB_ET(TKT_FIL_ACC) /* 77 - Can't acc tktfile */
+#define TKT_FIL_LCK KRB_ET(TKT_FIL_LCK) /* 78 - Can't lck tkt file */
+#define TKT_FIL_FMT KRB_ET(TKT_FIL_FMT) /* 79 - Bad tkt file format */
+#define TKT_FIL_INI KRB_ET(TKT_FIL_INI) /* 80 - tf_init not called */
/* Error code returned by kparse_name */
-#define KNAME_FMT 81 /* Bad Kerberos name format */
+#define KNAME_FMT KRB_ET(KNAME_FMT) /* 81 - Bad krb name fmt */
/* Error code returned by krb_mk_safe */
#define SAFE_PRIV_ERROR -1 /* syscall error */
#endif
+#if TARGET_OS_MAC
+/* The following functions are not part of the standard Kerberos v4 API.
+ * They were created for Mac implementation, and used by admin tools
+ * such as CNS-Config. */
+extern int KRB5_CALLCONV
+krb_get_num_cred(void);
+
+extern int INTERFACE
+krb_get_nth_cred(char *, char *, char *, int);
+
+extern int INTERFACE
+krb_delete_cred(char *, char *,char *);
+
+extern int INTERFACE
+dest_all_tkts(void);
+
+#endif /* TARGET_OS_MAC */
+
#ifdef _WINDOWS
HINSTANCE get_lib_instance(void);
unsigned int krb_get_notification_message(void);
+2002-09-26 Tom Yu <tlyu@mit.edu>
+
+ * afsstring2key.c (krb5_afs_crypt): Leak this function out as as
+ mit_afs_crypt to allow for des_crypt and des_fcrypt
+ implementations for the KfM merge.
+
+ * des_int.h: Change DES_INT32 strategy to include kerberosIV/des.h
+ with a magic macro defined for skipping krb4-specific stuff. Make
+ renaming of make_key_sched explicit, to avoid conflict with
+ kerberosIV/des.h.
+
+ * f_sched.c, key_sched.c, d3_kysched.c: Make renaming of
+ make_key_sched explicit.
+
+ * f_cksum.c (mit_des_cbc_cksum): Return only the rightmost 32
+ bits; this should optimize out on any platform where longs are
+ exactly 32 bits wide.
+
2002-08-29 Ken Raeburn <raeburn@mit.edu>
* Makefile.in: Revert $(S)=>/ change, for Windows support.
#include "des_int.h"
#include <ctype.h>
-static char *afs_crypt (char*,char*,char*);
+#define afs_crypt mit_afs_crypt
+char *afs_crypt (const char *, const char *, char *);
#undef min
#define min(a,b) ((a)>(b)?(b):(a))
};
-static char *afs_crypt(pw, salt, iobuf)
- char *pw;
- char *salt;
+char *afs_crypt(pw, salt, iobuf)
+ const char *pw;
+ const char *salt;
char *iobuf; /* must be at least 16 bytes */
{
int i, j, c;
mit_des3_cblock k;
mit_des3_key_schedule schedule;
{
- make_key_sched(k[0],schedule[0]);
- make_key_sched(k[1],schedule[1]);
- make_key_sched(k[2],schedule[2]);
+ mit_des_make_key_sched(k[0],schedule[0]);
+ mit_des_make_key_sched(k[1],schedule[1]);
+ mit_des_make_key_sched(k[2],schedule[2]);
if (!mit_des_check_key_parity(k[0])) /* bad parity --> return -1 */
return(-1);
/*
* lib/crypto/des/des_int.h
*
- * Copyright 1987, 1988, 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
+ * Copyright 1987, 1988, 1990, 2002 by the Massachusetts Institute of
+ * Technology. All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
#ifndef KRB5_MIT_DES__
#define KRB5_MIT_DES__
-#ifndef DES_INT32
-#ifdef SIZEOF_INT
-#if SIZEOF_INT >= 4
-#define DES_INT32 int
-#else
-#define DES_INT32 long
-#endif
-#else /* !defined(SIZEOF_INT) */
-#include <limits.h>
-#if (UINT_MAX >= 0xffffffff)
-#define DES_INT32 int
-#else
-#define DES_INT32 long
-#endif
-#endif /* !defined(SIZEOF_INT) */
-#endif /* !defined(DES_INT32) */
+#define KRB5INT_CRYPTO_DES_INT /* skip krb4-specific DES stuff */
+#include "kerberosIV/des.h" /* for des_key_schedule, etc. */
+#undef KRB5INT_CRYPTO_DES_INT /* don't screw other inclusions of des.h */
-/*
- *
- * NOTE WELL:
- *
- * This section must be kept in sync with include/kerberosIV/des.h,
- * until we get around to actually combining them at the source level.
- * We can't right now, because both the Mac and Windows platforms are
- * using their own versions of krb4 des.h, and that's the one that
- * would have to have the definitions because we install it under UNIX.
- *
- */
-#ifndef KRB5INT_DES_TYPES_DEFINED
-#define KRB5INT_DES_TYPES_DEFINED
-typedef unsigned char des_cblock[8]; /* crypto-block size */
-typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16];
-#endif
-/* end sync */
typedef des_cblock mit_des_cblock;
typedef des_key_schedule mit_des_key_schedule;
int mit_des_pcbc_encrypt ();
/* f_sched.c */
-#define make_key_sched mit_des_make_key_sched
-int make_key_sched (mit_des_cblock, mit_des_key_schedule);
+int mit_des_make_key_sched(mit_des_cblock, mit_des_key_schedule);
/* misc.c */
* inconsistantly (with the low order byte of the checksum
* not always in the low order byte of the DES_INT32). We won't.
*/
- return right;
+ return right & 0xFFFFFFFFUL;
}
* Permute the key to give us our key schedule.
*/
int
-make_key_sched(key, schedule)
+mit_des_make_key_sched(key, schedule)
mit_des_cblock key;
mit_des_key_schedule schedule;
{
mit_des_cblock k;
mit_des_key_schedule schedule;
{
- make_key_sched(k,schedule);
+ mit_des_make_key_sched(k,schedule);
if (!mit_des_check_key_parity(k)) /* bad parity --> return -1 */
return(-1);
+2002-09-26 Tom Yu <tlyu@mit.edu>
+
+ * cksum.c (des_cbc_cksum): Update API for KfM merge.
+
+ * des.c (des_ecb_encrypt): Update API for KfM merge.
+ (des_3ecb_encrypt): New (emulated) function from KfM.
+
+ * enc_dec.c (des_cbc_encrypt): Update API for KfM merge.
+ (des_3cbc_encrypt): New (emulated) function from KfM.
+
+ * key_sched.c (make_key_sched): New (emulated) function for KfM.
+
+ * new_rnd_key.c (des_generate_random_block)
+ (des_set_random_generator_seed, des_set_sequence_number):
+ New (emulated) functions from KfM.
+
+ * read_passwd.c (des_rd_pwstr_2prompt): Renamed from
+ des_read_pw_string; also now only returns -1, errno, or 0.
+ (des_read_pw_string): New (emulated) function from KfM.
+ (des_read_password): Update API for KfM merge.
+
+ * str_to_key.c (des_string_to_key): Update call to des_cbc_cksum.
+ (afs_string_to_key): New (emulated) function from KfM.
+ (des_crypt, des_fcrypt, des_set_key): New (emulated) functions
+ from KfM, presumed to be internal but exported by KfM anyway.
+
2002-08-29 Ken Raeburn <raeburn@mit.edu>
* Makefile.in: Revert $(S)=>/ change, for Windows support.
* multiple of eight bytes.
*/
-void KRB5_CALLCONV
+unsigned long KRB5_CALLCONV
des_cbc_cksum(in,out,length,key,iv)
- const krb5_octet *in; /* >= length bytes of inputtext */
- krb5_octet *out; /* >= length bytes of outputtext */
+ const des_cblock *in; /* >= length bytes of inputtext */
+ des_cblock *out; /* >= length bytes of outputtext */
register unsigned long length; /* in bytes */
const mit_des_key_schedule key; /* precomputed key schedule */
- const krb5_octet *iv; /* 8 bytes of ivec */
+ const des_cblock *iv; /* 8 bytes of ivec */
{
- mit_des_cbc_cksum(in, out, length, key, iv);
+ return mit_des_cbc_cksum((const krb5_octet *)in, (krb5_octet *)out,
+ length, key, (krb5_octet *)iv);
}
int KRB5_CALLCONV
des_ecb_encrypt(clear, cipher, schedule, enc)
- unsigned long *clear;
- unsigned long *cipher;
+ des_cblock *clear;
+ des_cblock *cipher;
const mit_des_key_schedule schedule;
int enc; /* 0 ==> decrypt, else encrypt */
{
static const des_cblock iv;
- return (mit_des_cbc_encrypt((const des_cblock *) clear,
- (des_cblock *) cipher,
+ return (mit_des_cbc_encrypt((const des_cblock *)clear, cipher,
8, schedule, iv, enc));
}
+
+#if TARGET_OS_MAC
+void
+des_3ecb_encrypt(des_cblock *clear, des_cblock *cipher,
+ des_key_schedule ks1, des_key_schedule ks2,
+ des_key_schedule ks3, int enc)
+{
+ static const des_cblock iv;
+
+ mit_des3_cbc_encrypt((const des_cblock *)clear, cipher, 8, ks1, ks2, ks3, iv, enc);
+}
+#endif
int
des_cbc_encrypt(in,out,length,key,iv,enc)
- krb5_octet *in; /* >= length bytes of input text */
- krb5_octet *out; /* >= length bytes of output text */
+ des_cblock *in; /* >= length bytes of input text */
+ des_cblock *out; /* >= length bytes of output text */
register unsigned long length; /* in bytes */
const mit_des_key_schedule key; /* precomputed key schedule */
- const krb5_octet *iv; /* 8 bytes of ivec */
+ const des_cblock *iv; /* 8 bytes of ivec */
int enc; /* 0 ==> decrypt, else encrypt */
{
return (mit_des_cbc_encrypt((const des_cblock *) in,
- (des_cblock *) out,
- length, key, iv, enc));
+ out, length, key,
+ (const unsigned char *)iv, /* YUCK! */
+ enc));
}
+#if TARGET_OS_MAC
+void des_3cbc_encrypt(des_cblock *in, des_cblock *out, long length,
+ des_key_schedule ks1, des_key_schedule ks2,
+ des_key_schedule ks3, des_cblock *iv, int enc)
+{
+ mit_des3_cbc_encrypt((const des_cblock *)in, out, (unsigned long)length,
+ ks1, ks2, ks3,
+ (const unsigned char *)iv, /* YUCK! */
+ enc);
+}
+#endif
{
return (mit_des_key_sched(k, schedule));
}
+
+#if TARGET_OS_MAC
+int make_key_sched(des_cblock *k, des_key_schedule schedule)
+{
+ return mit_des_key_sched((unsigned char *)k, schedule); /* YUCK! */
+}
+#endif
#include "des_int.h"
#include "des.h"
+#include "k5-int.h"
void
des_init_random_number_generator(key)
return 0;
}
+
+#if TARGET_OS_MAC
+
+void des_generate_random_block(des_cblock block)
+{
+ krb5_data data;
+
+ data.length = sizeof(des_cblock);
+ data.data = (char *)block;
+ if (krb5_c_random_make_octets(/* XXX */ 0, &data))
+ abort(); /* XXX */
+}
+
+void des_set_random_generator_seed(des_cblock block)
+{
+ des_init_random_number_generator(block); /* XXX */
+}
+
+void des_set_sequence_number(des_cblock block)
+{
+ des_init_random_number_generator(block); /* XXX */
+}
+
+#endif
static jmp_buf pwd_jump;
static krb5_sigtype intr_routine (int);
-krb5_error_code des_read_pw_string (char *, int, char *, char *);
static krb5_sigtype
intr_routine(signo)
/*NOTREACHED*/
}
+/* This is re-declared here because des.h might not declare it. */
+int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int);
+static int des_rd_pwstr_2prompt(char *, int, char *, char *);
/*** Routines ****************************************************** */
-krb5_error_code
-des_read_pw_string/*_v4_compat_crock*/(return_pwd, bufsize_in, prompt, prompt2)
+static int
+des_rd_pwstr_2prompt(return_pwd, bufsize_in, prompt, prompt2)
char *return_pwd;
int bufsize_in;
char *prompt;
register char *ptr;
int scratchchar;
krb5_sigtype (*volatile ointrfunc)();
- krb5_error_code errcode;
+ int errcode;
size_t bufsize = bufsize_in;
#ifndef ECHO_PASSWORD
struct termios echo_control, save_control;
#endif /* ECHO_PASSWORD */
if (setjmp(pwd_jump)) {
- errcode = KRB5_LIBOS_PWDINTR; /* we were interrupted... */
+ errcode = -1; /* we were interrupted... */
goto cleanup;
}
/* save intrfunc */
if (fgets(return_pwd, bufsize_in, stdin) == NULL) {
(void) putchar('\n');
- errcode = KRB5_LIBOS_CANTREADPWD;
+ errcode = -1;
goto cleanup;
}
(void) putchar('\n');
(void) memset((char *)readin_string, 0, bufsize);
if (fgets((char *)readin_string, bufsize_in, stdin) == NULL) {
(void) putchar('\n');
- errcode = KRB5_LIBOS_CANTREADPWD;
+ errcode = -1;
goto cleanup;
}
(void) putchar('\n');
/* compare */
if (strncmp(return_pwd, (char *)readin_string, bufsize)) {
- errcode = KRB5_LIBOS_BADPWDMATCH;
+ errcode = -1;
goto cleanup;
}
}
return errcode;
}
-krb5_error_code
-des_read_password/*_v4_compat_crock*/(k,prompt,verify)
+int KRB5_CALLCONV
+des_read_password(k,prompt,verify)
mit_des_cblock *k;
char *prompt;
int verify;
{
- krb5_error_code ok;
+ int ok;
char key_string[BUFSIZ];
+
+ ok = des_read_pw_string(key_string, sizeof(key_string), prompt, verify);
+ if (ok == 0)
+ des_string_to_key(key_string, *k);
+
+ memset(key_string, 0, sizeof (key_string));
+ return ok;
+}
+
+int KRB5_CALLCONV
+des_read_pw_string(s, max, prompt, verify)
+ char *s;
+ int max;
+ char *prompt;
+ int verify;
+{
+ int ok;
char prompt2[BUFSIZ];
if (verify) {
strcpy(prompt2, "Verifying, please re-enter ");
strncat(prompt2, prompt, sizeof(prompt2)-(strlen(prompt2)+1));
+ prompt2[sizeof(prompt2)-1] = '\0';
}
- ok = des_read_pw_string(key_string, sizeof(key_string),
- prompt, verify ? prompt2 : 0);
-
- if (ok == 0)
- des_string_to_key(key_string, *k);
-
- memset(key_string, 0, sizeof (key_string));
+ ok = des_rd_pwstr_2prompt(s, max, prompt, verify ? prompt2 : 0);
return ok;
}
/* Now one-way encrypt it with the folded key */
(void) des_key_sched(key, key_sked);
- (void) des_cbc_cksum((const unsigned char *) in_str, key, length,
- key_sked, key);
+ (void) des_cbc_cksum((const des_cblock *)in_str, (des_cblock *)key,
+ length, key_sked, (const des_cblock *)key);
/* erase key_sked */
memset(key_sked, 0,sizeof(key_sked));
/* return an int, and ANSI compilers */
/* can do dumb things sometimes */
}
+
+#if TARGET_OS_MAC
+char *mit_afs_crypt (const char *, const char *, const char *);
+
+void afs_string_to_key(char *str, char *cell, des_cblock key)
+{
+ krb5_data str_data;
+ krb5_data cell_data;
+ krb5_keyblock keyblock;
+
+ str_data.data = str;
+ str_data.length = strlen(str);
+ cell_data.data = cell;
+ cell_data.length = strlen(cell);
+ keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+ keyblock.length = sizeof(des_cblock);
+ keyblock.contents = key;
+
+ mit_afs_string_to_key(&keyblock, &str_data, &cell_data);
+}
+
+char *des_crypt(const char *str, const char *salt)
+{
+ char afs_buf[16];
+
+ return des_fcrypt(str, salt, afs_buf);
+}
+
+char *des_fcrypt(const char *str, const char *salt, char *buf)
+{
+ return mit_afs_crypt(str, salt, buf);
+}
+
+/* Is this correct? */
+int des_set_key(des_cblock *key, des_key_schedule schedule)
+{
+ return make_key_sched(key, schedule);
+}
+
+#endif /* TARGET_OS_MAC */