+2005-05-19 Sam Hartman <hartmans@mit.edu>
+
+ * k5-int.h (krb5int_c_ free_keyblock init_keyblock free_keyblock_contents): new
+
2005-05-13 Ken Raeburn <raeburn@mit.edu>
* configure.in: Deleted, content merged into ../configure.in.
($(srcdir)/krb5/autoconf.stmp): Use $(thisconfigdir) when
locating configure.in and autom4te.cache.
+2005-05-06 Sam Hartman <hartmans@mit.edu>
+
+
+ * krb5.hin: Add krb5_c_prf_length
+
+
2005-04-28 Ken Raeburn <raeburn@mit.edu>
* k5-int.h: Include fcntl.h only if HAVE_FCNTL_H is defined.
(k5_debug_make_loc): Change "lineno" to type int.
(k5_debug_make_loc): Likewise for argument "line".
+
2005-01-04 Jeffrey Altman <jaltman@mit.edu>
* krb5.hin: add prototype for krb5_is_thread_safe
* krb5.hin: Flag krb5_principal2salt as KRB5_CALLCONV_WRONG.
+
2004-12-08 Ken Raeburn <raeburn@mit.edu>
* k5-int.h (KRB5INT_ACCESS_STRUCT_VERSION): Bump to 9.
(struct _krb5int_access): Add function pointer field use_dns_kdc.
+2004-12-07 Sam Hartman <hartmans@mit.edu>
+
+ * k5-int.h: Add prf_length to the keytype function
+
+ * krb5.hin: Add krb5_c_prf
+
2004-12-06 Ken Raeburn <raeburn@mit.edu>
* k5-thread.h [DEBUG_THREADS_STATS]: Include string.h and
typedef krb5_error_code (*krb5_str2key_func) (const struct krb5_enc_provider *enc, const krb5_data *string,
const krb5_data *salt, const krb5_data *parm, krb5_keyblock *key);
+typedef krb5_error_code (*krb5_prf_func)(
+ const struct krb5_enc_provider *enc, const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key,
+ krb5_data *in, krb5_data *out);
+
struct krb5_keytypes {
krb5_enctype etype;
char *in_string;
char *out_string;
const struct krb5_enc_provider *enc;
const struct krb5_hash_provider *hash;
+ size_t prf_length;
krb5_encrypt_length_func encrypt_len;
krb5_crypt_func encrypt;
krb5_crypt_func decrypt;
krb5_str2key_func str2key;
+ krb5_prf_func prf;
krb5_cksumtype required_ctype;
};
(krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2,
krb5_keyblock *outkey);
+void krb5int_c_free_keyblock
+(krb5_context, krb5_keyblock *key);
+void krb5int_c_free_keyblock_contents
+ (krb5_context, krb5_keyblock *);
+krb5_error_code krb5int_c_init_keyblock
+ (krb5_context, krb5_enctype enctype,
+ size_t length, krb5_keyblock **out);
+
/*
* Internal - for cleanup.
*/
krb5_c_free_state
(krb5_context context, const krb5_keyblock *key, krb5_data *state);
+krb5_error_code KRB5_CALLCONV
+ krb5_c_prf (krb5_context, const krb5_keyblock *,
+ krb5_data *in, krb5_data *out);
+
+krb5_error_code KRB5_CALLCONV
+ krb5_c_prf_length (krb5_context, krb5_enctype, size_t *outlen);
+
krb5_error_code KRB5_CALLCONV
krb5_c_make_random_key
(krb5_context context, krb5_enctype enctype,
+2005-05-19 Sam Hartman <hartmans@mit.edu>
+
+ * keyblocks.c : File to contain memory management for keyblocks
+ moved from libkrb5
+
+ * Makefile.in (SRCS): keyblocks.c is new
+
+ * etypes.c: Add PRF for AES
+
+ * Makefile.in (t_prf$(EXEEXT)): New output for prf test framework
+
+2005-05-18 Sam Hartman <hartmans@mit.edu>
+
+ * Makefile.in : Add prf.c
+
+ * prf.c t_prf.c: New file
+
+ * etypes.c: Adjust structures to support the PRF declarations.
+
2005-03-15 Jeffrey Altman <jaltman@mit.edu>
* keyed_cksum.c: (krb5_c_is_keyed_cksum): this is a boolean
EXTRADEPSRCS=\
$(srcdir)/t_nfold.c \
$(srcdir)/t_encrypt.c \
+ $(srcdir)/t_prf.c \
$(srcdir)/t_prng.c \
$(srcdir)/t_hmac.c \
$(srcdir)/t_pkcs5.c \
enctype_to_string.o \
etypes.o \
hmac.o \
+ keyblocks.o \
keyed_cksum.o \
keyed_checksum_types.o \
make_checksum.o \
nfold.o \
old_api_glue.o \
pbkdf2.o \
+ prf.o \
prng.o \
state.o \
string_to_cksumtype.o \
$(OUTPRE)enctype_to_string.$(OBJEXT) \
$(OUTPRE)etypes.$(OBJEXT) \
$(OUTPRE)hmac.$(OBJEXT) \
+ $(OUTPRE)keyblocks.$(OBJEXT) \
$(OUTPRE)keyed_cksum.$(OBJEXT) \
$(OUTPRE)keyed_checksum_types.$(OBJEXT) \
$(OUTPRE)make_checksum.$(OBJEXT) \
$(OUTPRE)nfold.$(OBJEXT) \
$(OUTPRE)old_api_glue.$(OBJEXT) \
$(OUTPRE)pbkdf2.$(OBJEXT) \
+ $(OUTPRE)prf.$(OBJEXT) \
$(OUTPRE)prng.$(OBJEXT) \
$(OUTPRE)state.$(OBJEXT) \
$(OUTPRE)string_to_cksumtype.$(OBJEXT) \
$(srcdir)/enctype_to_string.c \
$(srcdir)/etypes.c \
$(srcdir)/hmac.c \
+ $(srcdir)/keyblocks.c \
$(srcdir)/keyed_cksum.c \
$(srcdir)/keyed_checksum_types.c\
$(srcdir)/make_checksum.c \
$(srcdir)/nfold.c \
$(srcdir)/old_api_glue.c \
$(srcdir)/pbkdf2.c \
+ $(srcdir)/prf.c \
$(srcdir)/prng.c \
$(srcdir)/state.c \
$(srcdir)/string_to_cksumtype.c \
clean-unix:: clean-liblinks clean-libs clean-libobjs
-check-unix:: t_nfold t_encrypt t_prng t_hmac t_pkcs5
+check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5
$(RUN_SETUP) ./t_nfold
$(RUN_SETUP) ./t_encrypt
$(RUN_SETUP) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \
t_encrypt$(EXEEXT): t_encrypt.$(OBJEXT) nfold.$(OBJEXT) $(CRYPTO_DEPLIB)
$(CC_LINK) -o $@ t_encrypt.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB)
+t_prf$(EXEEXT): t_prf.$(OBJEXT)
+ $(CC_LINK) -o $@ t_prf.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB)
+
t_prng$(EXEEXT): t_prng.$(OBJEXT)
$(CC_LINK) -o $@ t_prng.$(OBJEXT) -lk5crypto -lcom_err $(SUPPORT_LIB)
+2005-05-19 Sam Hartman <hartmans@mit.edu>
+
+ * dk_prf.c (krb5int_dk_prf): Use k5crypto versions of keyblock memory management
+
+2004-12-09 Sam Hartman <hartmans@mit.edu>
+
+ * dk.h: Add krb5_dk_prf
+
+ * Makefile.in (SRCS): Add dk_prf.c
+
+ * dk_prf.c (krb5int_dk_prf): New function
+
2004-03-17 Ken Raeburn <raeburn@mit.edu>
* derive.c (krb5_random2key): Don't compile.
dk_decrypt.o \
dk_encrypt.o \
derive.o \
+ dk_prf.o \
stringtokey.o
OBJS=\
$(OUTPRE)dk_decrypt.$(OBJEXT) \
$(OUTPRE)dk_encrypt.$(OBJEXT) \
$(OUTPRE)derive.$(OBJEXT) \
+ $(OUTPRE)dk_prf.$(OBJEXT) \
$(OUTPRE)stringtokey.$(OBJEXT)
SRCS=\
$(srcdir)/checksum.c \
$(srcdir)/dk_decrypt.c \
$(srcdir)/dk_encrypt.c \
+ $(srcdir)/dk_prf.c \
$(srcdir)/derive.c \
$(srcdir)/stringtokey.c
const krb5_data *string, const krb5_data *salt,
const krb5_data *params, krb5_keyblock *key);
+krb5_error_code
+krb5int_dk_prf(const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key, const krb5_data *in, krb5_data *out);
+
krb5_error_code krb5_derive_key
(const struct krb5_enc_provider *enc,
const krb5_keyblock *inkey,
--- /dev/null
+/*
+ * lib/crypto/dk/prf.c
+ *
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ *
+ * This file contains an implementation of the RFC 3961 PRF for
+ *simplified profile enctypes.
+ */
+
+#include "k5-int.h"
+#include "dk.h"
+
+krb5_error_code
+krb5int_dk_prf (const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ const krb5_keyblock *key,
+ const krb5_data *in, krb5_data *out)
+{
+ krb5_data tmp;
+ krb5_data prfconst;
+ krb5_keyblock *kp = NULL;
+ krb5_error_code ret = 0;
+
+ prfconst.data = (char *) "prf";
+ prfconst.length = 3;
+ tmp.length = hash->hashsize;
+ tmp.data = malloc(hash->hashsize);
+ if (tmp.data == NULL)
+ return ENOMEM;
+ hash->hash(1, in, &tmp);
+ tmp.length = (tmp.length/enc->block_size)*enc->block_size; /*truncate to block size*/
+ ret = krb5int_c_init_keyblock(0, key->enctype,
+ key->length, &kp);
+ if (ret == 0)
+ ret = krb5_derive_key(enc, key, kp, &prfconst);
+ if (ret == 0)
+ ret = enc->encrypt(kp, NULL, &tmp, out);
+ if (kp)
+ krb5int_c_free_keyblock(0, kp);
+ free (tmp.data);
+ return ret;
+}
{ ENCTYPE_DES_CBC_CRC,
"des-cbc-crc", "DES cbc mode with CRC-32",
&krb5int_enc_des, &krb5int_hash_crc32,
+ 8,
krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
- krb5int_des_string_to_key, CKSUMTYPE_RSA_MD5 },
+ krb5int_des_string_to_key,
+ NULL, /*PRF*/
+ CKSUMTYPE_RSA_MD5 },
{ ENCTYPE_DES_CBC_MD4,
"des-cbc-md4", "DES cbc mode with RSA-MD4",
&krb5int_enc_des, &krb5int_hash_md4,
+ 8,
krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
- krb5int_des_string_to_key, CKSUMTYPE_RSA_MD4 },
+ krb5int_des_string_to_key,
+ NULL, /*PRF*/
+ CKSUMTYPE_RSA_MD4 },
{ ENCTYPE_DES_CBC_MD5,
"des-cbc-md5", "DES cbc mode with RSA-MD5",
&krb5int_enc_des, &krb5int_hash_md5,
+ 8,
krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
- krb5int_des_string_to_key, CKSUMTYPE_RSA_MD5 },
+ krb5int_des_string_to_key,
+ NULL, /*PRF*/
+CKSUMTYPE_RSA_MD5 },
{ ENCTYPE_DES_CBC_MD5,
"des", "DES cbc mode with RSA-MD5", /* alias */
&krb5int_enc_des, &krb5int_hash_md5,
+ 8,
krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
- krb5int_des_string_to_key, CKSUMTYPE_RSA_MD5 },
+ krb5int_des_string_to_key,
+ NULL, /*PRF*/
+ CKSUMTYPE_RSA_MD5 },
{ ENCTYPE_DES_CBC_RAW,
"des-cbc-raw", "DES cbc mode raw",
&krb5int_enc_des, NULL,
+ 8,
krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
- krb5int_des_string_to_key, 0 },
+ krb5int_des_string_to_key,
+ NULL, /*PRF*/
+ 0 },
{ ENCTYPE_DES3_CBC_RAW,
"des3-cbc-raw", "Triple DES cbc mode raw",
&krb5int_enc_des3, NULL,
+ 8,
krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
- krb5int_dk_string_to_key, 0 },
+ krb5int_dk_string_to_key,
+ NULL, /*PRF*/
+ 0 },
{ ENCTYPE_DES3_CBC_SHA1,
"des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1",
&krb5int_enc_des3, &krb5int_hash_sha1,
+ 8,
krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
- krb5int_dk_string_to_key, CKSUMTYPE_HMAC_SHA1_DES3 },
+ krb5int_dk_string_to_key,
+ NULL, /*PRF*/
+ CKSUMTYPE_HMAC_SHA1_DES3 },
{ ENCTYPE_DES3_CBC_SHA1, /* alias */
"des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1",
&krb5int_enc_des3, &krb5int_hash_sha1,
+ 8,
krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
- krb5int_dk_string_to_key, CKSUMTYPE_HMAC_SHA1_DES3 },
+ krb5int_dk_string_to_key,
+ NULL, /*PRF*/
+ CKSUMTYPE_HMAC_SHA1_DES3 },
{ ENCTYPE_DES3_CBC_SHA1, /* alias */
"des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
&krb5int_enc_des3, &krb5int_hash_sha1,
+ 8,
krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
- krb5int_dk_string_to_key, CKSUMTYPE_HMAC_SHA1_DES3 },
+ krb5int_dk_string_to_key,
+ NULL, /*PRF*/
+ CKSUMTYPE_HMAC_SHA1_DES3 },
{ ENCTYPE_DES_HMAC_SHA1,
"des-hmac-sha1", "DES with HMAC/sha1",
&krb5int_enc_des, &krb5int_hash_sha1,
+ 8,
krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
- krb5int_dk_string_to_key, 0 },
+ krb5int_dk_string_to_key,
+ NULL, /*PRF*/
+ 0 },
{ ENCTYPE_ARCFOUR_HMAC,
"arcfour-hmac","ArcFour with HMAC/md5", &krb5int_enc_arcfour,
- &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
+ &krb5int_hash_md5,
+ 0,
+krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+ NULL, /*PRF*/
CKSUMTYPE_HMAC_MD5_ARCFOUR },
{ ENCTYPE_ARCFOUR_HMAC, /* alias */
"rc4-hmac", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
- &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
+ &krb5int_hash_md5,
+ 0,
+ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+ NULL, /*PRF*/
CKSUMTYPE_HMAC_MD5_ARCFOUR },
{ ENCTYPE_ARCFOUR_HMAC, /* alias */
"arcfour-hmac-md5", "ArcFour with HMAC/md5", &krb5int_enc_arcfour,
- &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
+ &krb5int_hash_md5,
+ 0,
+ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+ NULL, /*PRF*/
CKSUMTYPE_HMAC_MD5_ARCFOUR },
{ ENCTYPE_ARCFOUR_HMAC_EXP,
"arcfour-hmac-exp", "Exportable ArcFour with HMAC/md5",
&krb5int_enc_arcfour,
- &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
+ &krb5int_hash_md5,
+ 0,
+ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+ NULL, /*PRF*/
CKSUMTYPE_HMAC_MD5_ARCFOUR },
{ ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
"rc4-hmac-exp", "Exportable ArcFour with HMAC/md5",
&krb5int_enc_arcfour,
- &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
+ &krb5int_hash_md5,
+ 0,
+ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+ NULL, /*PRF*/
CKSUMTYPE_HMAC_MD5_ARCFOUR },
{ ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */
"arcfour-hmac-md5-exp", "Exportable ArcFour with HMAC/md5",
&krb5int_enc_arcfour,
- &krb5int_hash_md5, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
+ &krb5int_hash_md5,
+ 0,
+ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+ NULL, /*PRF*/
CKSUMTYPE_HMAC_MD5_ARCFOUR },
{ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
"aes128-cts-hmac-sha1-96", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
&krb5int_enc_aes128, &krb5int_hash_sha1,
+ 16,
krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
- krb5int_aes_string_to_key, CKSUMTYPE_HMAC_SHA1_96_AES128 },
+ krb5int_aes_string_to_key,
+ krb5int_dk_prf,
+ CKSUMTYPE_HMAC_SHA1_96_AES128 },
{ ENCTYPE_AES128_CTS_HMAC_SHA1_96, /* alias */
"aes128-cts", "AES-128 CTS mode with 96-bit SHA-1 HMAC",
&krb5int_enc_aes128, &krb5int_hash_sha1,
+ 16,
krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
- krb5int_aes_string_to_key, CKSUMTYPE_HMAC_SHA1_96_AES128 },
+ krb5int_aes_string_to_key,
+ krb5int_dk_prf,
+ CKSUMTYPE_HMAC_SHA1_96_AES128 },
{ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
"aes256-cts-hmac-sha1-96", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
&krb5int_enc_aes256, &krb5int_hash_sha1,
+ 16,
krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
- krb5int_aes_string_to_key, CKSUMTYPE_HMAC_SHA1_96_AES256 },
+ krb5int_aes_string_to_key,
+ krb5int_dk_prf,
+ CKSUMTYPE_HMAC_SHA1_96_AES256 },
{ ENCTYPE_AES256_CTS_HMAC_SHA1_96, /* alias */
"aes256-cts", "AES-256 CTS mode with 96-bit SHA-1 HMAC",
&krb5int_enc_aes256, &krb5int_hash_sha1,
+ 16,
krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
- krb5int_aes_string_to_key, CKSUMTYPE_HMAC_SHA1_96_AES256 },
+ krb5int_aes_string_to_key,
+ krb5int_dk_prf,
+ CKSUMTYPE_HMAC_SHA1_96_AES256 },
};
const int krb5_enctypes_length =
--- /dev/null
+/*
+ * lib/crypto/keyblocks.c
+ *
+ * Copyright (C) 2002, 2005 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ *
+ * krb5_init_keyblock- a function to set up
+ * an empty keyblock
+ */
+
+
+#include "k5-int.h"
+#include <assert.h>
+
+krb5_error_code krb5int_c_init_keyblock
+ (krb5_context context, krb5_enctype enctype,
+ size_t length, krb5_keyblock **out)
+{
+ krb5_keyblock *kb;
+ kb = malloc (sizeof(krb5_keyblock));
+ assert (out);
+ *out = NULL;
+ if (!kb) {
+ return ENOMEM;
+ }
+ kb->magic = KV5M_KEYBLOCK;
+ kb->enctype = enctype;
+ kb->length = length;
+ if(length) {
+ kb->contents = malloc (length);
+ if(!kb->contents) {
+ free (kb);
+ return ENOMEM;
+ }
+ } else {
+ kb->contents = NULL;
+ }
+ *out = kb;
+ return 0;
+}
+
+
+void KRB5_CALLCONV
+krb5int_c_free_keyblock(krb5_context context, register krb5_keyblock *val)
+{
+ krb5_free_keyblock_contents(context, val);
+ krb5_xfree(val);
+}
+
+void
+krb5int_c_free_keyblock_contents(krb5_context context, register krb5_keyblock *key)
+{
+ if (key->contents) {
+ krb5int_zap_data (key->contents, key->length);
+ krb5_xfree(key->contents);
+ key->contents = 0;
+ }
+}
krb5_c_keyed_checksum_types
krb5_c_make_checksum
krb5_c_make_random_key
+krb5_c_prf
+krb5_c_prf_length
krb5_c_random_add_entropy
krb5_c_random_make_octets
krb5_c_random_os_entropy
krb5int_arcfour_translate_usage
krb5int_c_combine_keys
krb5int_c_mandatory_cksumtype
+krb5int_c_free_keyblock
+krb5int_c_free_keyblock_contents
+krb5int_c_init_keyblock
krb5int_c_mit_des_zeroblock
krb5int_default_free_state
krb5int_des3_cbc_decrypt
--- /dev/null
+/*
+ * lib/crypto/prf.c
+ *
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ *
+ * This contains the implementation of krb5_c_prf, which will find
+ *the enctype-specific PRF and then generate pseudo-random data. This
+ *function yields krb5_c_prf_length bytes of output.
+ */
+
+
+#include "k5-int.h"
+#include "etypes.h"
+
+#include <assert.h>
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_prf_length(krb5_context context, krb5_enctype enctype,
+ size_t *len)
+{
+ int i;
+ assert (len);
+
+ for (i=0; i<krb5_enctypes_length; i++) {
+ if (krb5_enctypes_list[i].etype == enctype)
+ break;
+ }
+
+ if (i == krb5_enctypes_length)
+ return(KRB5_BAD_ENCTYPE);
+
+ *len = krb5_enctypes_list[i].prf_length;
+ return 0;
+
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_prf(krb5_context context, const krb5_keyblock *key,
+krb5_data *input, krb5_data *output)
+{
+ int i;
+ size_t len;
+ assert(input && output);
+ assert (output->data);
+
+
+ for (i=0; i<krb5_enctypes_length; i++) {
+ if (krb5_enctypes_list[i].etype == key->enctype)
+ break;
+ }
+
+ if (i == krb5_enctypes_length)
+ return(KRB5_BAD_ENCTYPE);
+
+ output->magic = KV5M_DATA;
+ if (!krb5_enctypes_list[i].prf)
+ return (KRB5_CRYPTO_INTERNAL);
+ krb5_c_prf_length (context, key->enctype, &len);
+ if( len != output->length)
+ return (KRB5_CRYPTO_INTERNAL);
+ return((*(krb5_enctypes_list[i].prf))
+ (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash,
+ key, input, output));
+}
+
--- /dev/null
+/*
+ * lib/crypto/t_prf.c
+ *
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * This file contains tests for the PRF code in Kerberos. IT reads
+ *an input file, and writes an output file. It is assumed that the
+ *output file will be diffed against expected output to see whether
+ *regression tests pass. The input file is a very primitive format.
+ *It includes an enctype and to be string2keyed followed by a number of bytes of input
+ *length, followed by that many bytes of input. The program outputs
+ *krb5_c_prf of that input and key as a hex string.
+ */
+
+#include "k5-int.h"
+#include <assert.h>
+
+int main () {
+ krb5_error_code ret;
+ krb5_data input, output;
+ krb5_keyblock *key = NULL;
+ unsigned int in_length;
+ unsigned int i;
+ while (1) {
+ krb5_enctype enctype;
+ char s[1025];
+
+ if (scanf( "%d", &enctype) == EOF)
+ break;
+ if (scanf("%1024s", &s[0]) == EOF)
+ break;
+ assert (krb5_init_keyblock(0, enctype, 0, &key) == 0);
+ input.data = &s[0];
+ input.length = strlen(s);
+ assert(krb5_c_string_to_key (0, enctype, &input, &input, key) == 0);
+
+ if (scanf("%u", &in_length) == EOF)
+ break;
+
+ if (in_length ) {
+ unsigned int lc;
+ assert ((input.data = malloc(in_length)) != NULL);
+ for (lc = in_length; lc > 0; lc--) {
+ scanf ("%2x", &i);
+ input.data[in_length-lc] = (unsigned) (i&0xff);
+ }
+ input.length = in_length;
+ assert (krb5_c_prf_length(0, enctype, &i) == 0);
+ assert (output.data = malloc(i));
+ output.length = i;
+ assert (krb5_c_prf(0, key, &input, &output) == 0);
+
+ free (input.data);
+ input.data = NULL;
+ }
+ for (; i > 0; i--) {
+ printf ("%02x",
+ (unsigned int) ((unsigned char ) output.data[output.length-i]));
+ }
+ printf ("\n");
+
+ free (output.data);
+ output.data = NULL;
+ krb5_free_keyblock(0, key);
+ key = NULL;
+ }
+
+ return (0);
+}
+2005-05-19 Sam Hartman <hartmans@mit.edu>
+
+ * kfree.c (krb5_free_keyblock_contents krb5_free_keyblock): Make
+ stubs into libk5crypto so that libk5crypto can call these.
+ * init_keyblock.c (krb5_init_keyblock): As above.
+
2005-04024 Jeffrey Altman <jaltman@mit.edu>
* get_creds.c:
-/* A Bison parser, made by GNU Bison 1.875c. */
+/* A Bison parser, made by GNU Bison 1.875d. */
/* Skeleton parser for Yacc-like parsing with Bison,
- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#if ! defined (yyoverflow) || YYERROR_VERBOSE
+# ifndef YYFREE
+# define YYFREE free
+# endif
+# ifndef YYMALLOC
+# define YYMALLOC malloc
+# endif
+
/* The parser invokes alloca or malloc; define the necessary symbols. */
# ifdef YYSTACK_USE_ALLOCA
# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
# define YYSIZE_T size_t
# endif
-# define YYSTACK_ALLOC malloc
-# define YYSTACK_FREE free
+# define YYSTACK_ALLOC YYMALLOC
+# define YYSTACK_FREE YYFREE
# endif
#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */
/* A type that is properly aligned for any stack member. */
union yyalloc
{
- short yyss;
+ short int yyss;
YYSTYPE yyvs;
};
/* The size of an array large to enough to hold all stacks, each with
N elements. */
# define YYSTACK_BYTES(N) \
- ((N) * (sizeof (short) + sizeof (YYSTYPE)) \
+ ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \
+ YYSTACK_GAP_MAXIMUM)
/* Copy COUNT objects from FROM to TO. The source and destination do
#if defined (__STDC__) || defined (__cplusplus)
typedef signed char yysigned_char;
#else
- typedef short yysigned_char;
+ typedef short int yysigned_char;
#endif
/* YYFINAL -- State number of the termination state. */
# ifdef YYPRINT
/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
token YYLEX-NUM. */
-static const unsigned short yytoknum[] =
+static const unsigned short int yytoknum[] =
{
0, 256, 257, 258, 259, 260, 45, 58, 100, 104,
109, 115, 261
#if defined (__STDC__) || defined (__cplusplus)
static void
-yy_stack_print (short *bottom, short *top)
+yy_stack_print (short int *bottom, short int *top)
#else
static void
yy_stack_print (bottom, top)
- short *bottom;
- short *top;
+ short int *bottom;
+ short int *top;
#endif
{
YYFPRINTF (stderr, "Stack now");
to reallocate them elsewhere. */
/* The state stack. */
- short yyssa[YYINITDEPTH];
- short *yyss = yyssa;
- register short *yyssp;
+ short int yyssa[YYINITDEPTH];
+ short int *yyss = yyssa;
+ register short int *yyssp;
/* The semantic value stack. */
YYSTYPE yyvsa[YYINITDEPTH];
yyssp = yyss;
yyvsp = yyvs;
+
goto yysetstate;
/*------------------------------------------------------------.
these so that the &'s don't force the real ones into
memory. */
YYSTYPE *yyvs1 = yyvs;
- short *yyss1 = yyss;
+ short int *yyss1 = yyss;
/* Each stack pointer address is followed by the size of the
yystacksize = YYMAXDEPTH;
{
- short *yyss1 = yyss;
+ short int *yyss1 = yyss;
union yyalloc *yyptr =
(union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
if (! yyptr)
}
-/* Line 993 of yacc.c. */
-#line 1156 "deltat.c"
+/* Line 1010 of yacc.c. */
+#line 1164 "deltat.c"
\f
yyvsp -= yylen;
yyssp -= yylen;
(krb5_context context, krb5_enctype enctype,
size_t length, krb5_keyblock **out)
{
- krb5_keyblock *kb;
- kb = malloc (sizeof(krb5_keyblock));
- assert (out);
- *out = NULL;
- if (!kb) {
- return ENOMEM;
- }
- kb->magic = KV5M_KEYBLOCK;
- kb->enctype = enctype;
- kb->length = length;
- if(length) {
- kb->contents = malloc (length);
- if(!kb->contents) {
- free (kb);
- return ENOMEM;
- }
- } else {
- kb->contents = NULL;
- }
- *out = kb;
- return 0;
+ return krb5int_c_init_keyblock (context, enctype, length, out);
}
void KRB5_CALLCONV
krb5_free_keyblock_contents(krb5_context context, register krb5_keyblock *key)
{
- if (key->contents) {
- memset(key->contents, 0, key->length);
- krb5_xfree(key->contents);
- key->contents = 0;
- }
+ krb5int_c_free_keyblock_contents (context, key);
}
void KRB5_CALLCONV
krb5_free_keyblock(krb5_context context, register krb5_keyblock *val)
{
- krb5_free_keyblock_contents(context, val);
- krb5_xfree(val);
+ krb5int_c_free_keyblock (context, val);
}
krb5_c_keyed_checksum_types
krb5_c_make_checksum
krb5_c_make_random_key
+krb5_c_prf
+krb5_c_prf_length
krb5_c_random_make_octets
krb5_c_random_seed
krb5_c_string_to_key