* in here to deal with stuff from lib/crypto
*/
-void krb5_nfold
+void krb5int_nfold
(unsigned int inbits, const unsigned char *in,
unsigned int outbits, unsigned char *out);
-krb5_error_code krb5_hmac
+krb5_error_code krb5int_hmac
(const struct krb5_hash_provider *hash,
krb5_key key, unsigned int icount,
const krb5_data *input, krb5_data *output);
/* crypto stuff */
const struct krb5_hash_provider *md5_hash_provider;
const struct krb5_enc_provider *arcfour_enc_provider;
- krb5_error_code (* krb5_hmac) (const struct krb5_hash_provider *hash,
+ krb5_error_code (* krb5int_hmac) (const struct krb5_hash_provider *hash,
const krb5_keyblock *key,
unsigned int icount, const krb5_data *input,
krb5_data *output);
krb5_boolean krb5_is_permitted_enctype_ext
( krb5_context, krb5_etypes_permitted *);
-krb5_boolean KRB5_CALLCONV krb5_c_weak_enctype(krb5_enctype);
+krb5_boolean KRB5_CALLCONV krb5int_c_weak_enctype(krb5_enctype);
krb5_error_code krb5_kdc_rep_decrypt_proc
(krb5_context,
if (err)
goto cleanup;
- err = krb5_derive_keyblock (enc, tempkey, key, &usage);
+ err = krb5int_derive_keyblock (enc, tempkey, key, &usage);
cleanup:
if (err)
const char *const krb5int_arcfour_l40 = "fortybits";
void
-krb5_arcfour_encrypt_length(const struct krb5_enc_provider *enc,
+krb5int_arcfour_encrypt_length(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
size_t inputlen, size_t *length)
{
}
krb5_error_code
-krb5_arcfour_encrypt(const struct krb5_enc_provider *enc,
+krb5int_arcfour_encrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
const krb5_data *ivec, const krb5_data *input,
salt.length=4;
store_32_le(ms_usage, salt.data);
}
- krb5_hmac(hash, key, 1, &salt, &d1);
+ krb5int_hmac(hash, key, 1, &salt, &d1);
memcpy(k2.contents, k1.contents, k2.length);
/* This is the arcfour-hmac decryption routine */
krb5_error_code
-krb5_arcfour_decrypt(const struct krb5_enc_provider *enc,
+krb5int_arcfour_decrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
const krb5_data *ivec, const krb5_data *input,
salt.length = 4;
store_32_le(ms_usage, salt.data);
}
- ret = krb5_hmac(hash, key, 1, &salt, &d1);
+ ret = krb5int_hmac(hash, key, 1, &salt, &d1);
if (ret)
goto cleanup;
#define ARCFOUR_H
extern void
-krb5_arcfour_encrypt_length(const struct krb5_enc_provider *,
+krb5int_arcfour_encrypt_length(const struct krb5_enc_provider *,
const struct krb5_hash_provider *,
size_t,
size_t *);
-extern
-krb5_error_code krb5_arcfour_encrypt(const struct krb5_enc_provider *,
+extern krb5_error_code
+krb5int_arcfour_encrypt(const struct krb5_enc_provider *,
const struct krb5_hash_provider *,
krb5_key,
krb5_keyusage,
const krb5_data *,
krb5_data *);
-extern
-krb5_error_code krb5_arcfour_decrypt(const struct krb5_enc_provider *,
+extern krb5_error_code
+krb5int_arcfour_decrypt(const struct krb5_enc_provider *,
const struct krb5_hash_provider *,
krb5_key,
krb5_keyusage,
const krb5_data *,
krb5_data *);
-extern krb5_error_code krb5int_arcfour_string_to_key(
+extern krb5_error_code
+krb5int_arcfour_string_to_key(
const struct krb5_enc_provider *,
const krb5_data *,
const krb5_data *,
salt.length = 4;
store_32_le(ms_usage, salt.data);
}
- ret = krb5_hmac(hash, key, 1, &salt, &d1);
+ ret = krb5int_hmac(hash, key, 1, &salt, &d1);
if (ret != 0)
goto cleanup;
salt.length = 4;
store_32_le(ms_usage, (unsigned char *)salt.data);
}
- ret = krb5_hmac(hash, key, 1, &salt, &d1);
+ ret = krb5int_hmac(hash, key, 1, &salt, &d1);
if (ret != 0)
goto cleanup;
return err;
/* the actual MD4 hash of the data */
- krb5_MD4Init(&md4_context);
- krb5_MD4Update(&md4_context, copystr, copystrlen);
- krb5_MD4Final(&md4_context);
+ krb5int_MD4Init(&md4_context);
+ krb5int_MD4Update(&md4_context, copystr, copystrlen);
+ krb5int_MD4Final(&md4_context);
memcpy(key->contents, md4_context.digest, 16);
#if 0
if (output->length != RSA_MD4_CKSUM_LENGTH)
return(KRB5_CRYPTO_INTERNAL);
- krb5_MD4Init(&ctx);
+ krb5int_MD4Init(&ctx);
for (i=0; i<icount; i++)
- krb5_MD4Update(&ctx, (unsigned char *) input[i].data, input[i].length);
- krb5_MD4Final(&ctx);
+ krb5int_MD4Update(&ctx, (unsigned char *) input[i].data, input[i].length);
+ krb5int_MD4Final(&ctx);
memcpy(output->data, ctx.digest, RSA_MD4_CKSUM_LENGTH);
if (output->length != RSA_MD5_CKSUM_LENGTH)
return(KRB5_CRYPTO_INTERNAL);
- krb5_MD5Init(&ctx);
+ krb5int_MD5Init(&ctx);
for (i=0; i<icount; i++)
- krb5_MD5Update(&ctx, (unsigned char *) input[i].data, input[i].length);
- krb5_MD5Final(&ctx);
+ krb5int_MD5Update(&ctx, (unsigned char *) input[i].data, input[i].length);
+ krb5int_MD5Final(&ctx);
memcpy(output->data, ctx.digest, RSA_MD5_CKSUM_LENGTH);
}
krb5_error_code
-krb5_hmac(const struct krb5_hash_provider *hash, krb5_key key,
+krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,
unsigned int icount, const krb5_data *input, krb5_data *output)
{
return krb5int_hmac_keyblock(hash, &key->keyblock, icount, input, output);
(a) = ROTATE_LEFT ((a), (s));}
void
-krb5_MD4Init (krb5_MD4_CTX *mdContext)
+krb5int_MD4Init (krb5_MD4_CTX *mdContext)
{
mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
}
void
-krb5_MD4Update (krb5_MD4_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
+krb5int_MD4Update (krb5_MD4_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
{
krb5_ui_4 in[16];
int mdi;
}
void
-krb5_MD4Final (krb5_MD4_CTX *mdContext)
+krb5int_MD4Final (krb5_MD4_CTX *mdContext)
{
krb5_ui_4 in[16];
int mdi;
/* pad out to 56 mod 64 */
padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
- krb5_MD4Update (mdContext, PADDING, padLen);
+ krb5int_MD4Update (mdContext, PADDING, padLen);
/* append length in bits and transform */
for (i = 0, ii = 0; i < 14; i++, ii += 4)
unsigned char digest[16]; /* actual digest after MD4Final call */
} krb5_MD4_CTX;
-extern void krb5_MD4Init(krb5_MD4_CTX *);
-extern void krb5_MD4Update(krb5_MD4_CTX *, const unsigned char *, unsigned int);
-extern void krb5_MD4Final(krb5_MD4_CTX *);
+extern void krb5int_MD4Init(krb5_MD4_CTX *);
+extern void krb5int_MD4Update(krb5_MD4_CTX *, const unsigned char *, unsigned int);
+extern void krb5int_MD4Final(krb5_MD4_CTX *);
/*
**********************************************************************
***********************************************************************
** Message-digest routines: **
** To form the message digest for a message M **
- ** (1) Initialize a context buffer mdContext using krb5_MD5Init **
- ** (2) Call krb5_MD5Update on mdContext and M **
- ** (3) Call krb5_MD5Final on mdContext **
+ ** (1) Initialize a context buffer mdContext using krb5int_MD5Init **
+ ** (2) Call krb5int_MD5Update on mdContext and M **
+ ** (3) Call krb5int_MD5Final on mdContext **
** The message digest is now in mdContext->digest[0...15] **
***********************************************************************
*/
(a) &= 0xffffffff; \
}
-/* The routine krb5_MD5Init initializes the message-digest context
+/* The routine krb5int_MD5Init initializes the message-digest context
mdContext. All fields are set to zero.
*/
void
-krb5_MD5Init (krb5_MD5_CTX *mdContext)
+krb5int_MD5Init (krb5_MD5_CTX *mdContext)
{
mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
mdContext->buf[3] = 0x10325476UL;
}
-/* The routine krb5_MD5Update updates the message-digest context to
+/* The routine krb5int_MD5Update updates the message-digest context to
account for the presence of each of the characters inBuf[0..inLen-1]
in the message whose digest is being computed.
*/
void
-krb5_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
+krb5int_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
{
krb5_ui_4 in[16];
int mdi;
}
}
-/* The routine krb5_MD5Final terminates the message-digest computation and
+/* The routine krb5int_MD5Final terminates the message-digest computation and
ends with the desired message digest in mdContext->digest[0...15].
*/
void
-krb5_MD5Final (krb5_MD5_CTX *mdContext)
+krb5int_MD5Final (krb5_MD5_CTX *mdContext)
{
krb5_ui_4 in[16];
int mdi;
/* pad out to 56 mod 64 */
padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
- krb5_MD5Update (mdContext, PADDING, padLen);
+ krb5int_MD5Update (mdContext, PADDING, padLen);
/* append length in bits and transform */
for (i = 0, ii = 0; i < 14; i++, ii += 4)
unsigned char digest[16]; /* actual digest after MD5Final call */
} krb5_MD5_CTX;
-extern void krb5_MD5Init(krb5_MD5_CTX *);
-extern void krb5_MD5Update(krb5_MD5_CTX *,const unsigned char *,unsigned int);
-extern void krb5_MD5Final(krb5_MD5_CTX *);
+extern void krb5int_MD5Init(krb5_MD5_CTX *);
+extern void krb5int_MD5Update(krb5_MD5_CTX *,const unsigned char *,unsigned int);
+extern void krb5int_MD5Final(krb5_MD5_CTX *);
#define RSA_MD5_CKSUM_LENGTH 16
#define OLD_RSA_MD5_DES_CKSUM_LENGTH 16
if (debug_hmac)
printd(" hmac input", salt);
- err = krb5_hmac(h, pass, 1, salt, out);
+ err = krb5int_hmac(h, pass, 1, salt, out);
if (err == 0 && debug_hmac)
printd(" hmac output", out);
return err;
#if MD == 4
#define MD_CTX krb5_MD4_CTX
-#define MDInit krb5_MD4Init
-#define MDUpdate krb5_MD4Update
-#define MDFinal krb5_MD4Final
+#define MDInit krb5int_MD4Init
+#define MDUpdate krb5int_MD4Update
+#define MDFinal krb5int_MD4Final
#define HAVE_TEST_SUITE
/* Test suite from RFC 1320 */
#if MD == 5
#define MD_CTX krb5_MD5_CTX
-#define MDInit krb5_MD5Init
-#define MDUpdate krb5_MD5Update
-#define MDFinal krb5_MD5Final
+#define MDInit krb5int_MD5Init
+#define MDUpdate krb5int_MD5Update
+#define MDFinal krb5int_MD5Final
#define HAVE_TEST_SUITE
/* Test suite from RFC 1321 */
for (i = 0; i < ASIZE (tests); i++) {
unsigned char *p = (unsigned char *) tests[i].input;
assert (tests[i].n / 8 <= sizeof (outbuf));
- krb5_nfold (8 * strlen ((char *) p), p, tests[i].n, outbuf);
+ krb5int_nfold (8 * strlen ((char *) p), p, tests[i].n, outbuf);
printf ("%d-fold(\"%s\") =\n", tests[i].n, p);
printf ("%d-fold(", tests[i].n);
printstringhex (p);
abort();
printf("%d-fold(\"kerberos\") =\n\t", nbytes*8);
- krb5_nfold(64, (unsigned char *) "kerberos", 8*nbytes, cipher_text);
+ krb5int_nfold(64, (unsigned char *) "kerberos", 8*nbytes, cipher_text);
for (j=0; j<nbytes; j++)
printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
printf("\n");
printf("\tInput:\t\"%.*s\"\n", (int) strlen((char *) nfold_in[i]),
nfold_in[i]);
printf("\t192-Fold:\t");
- krb5_nfold(strlen((char *) nfold_in[i])*8, nfold_in[i], 24*8,
+ krb5int_nfold(strlen((char *) nfold_in[i])*8, nfold_in[i], 24*8,
cipher_text);
for (j=0; j<24; j++)
printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
printf ("%d-fold(", tests[i].n);
printstringhex (p);
printf (") =\n\t");
- krb5_nfold (8 * strlen (p), p, tests[i].n, outbuf);
+ krb5int_nfold (8 * strlen (p), p, tests[i].n, outbuf);
printhex (tests[i].n / 8U, outbuf);
printf ("\n\n");
}
void DR (krb5_data *out, krb5_keyblock *in, const krb5_data *usage) {
krb5_error_code r;
- r = krb5_derive_random (enc, in, out, usage);
+ r = krb5int_derive_random (enc, in, out, usage);
CHECK;
}
{
size_t i;
- for (i = 0; i < krb5_cksumtypes_length; i++) {
- if (krb5_cksumtypes_list[i].ctype == cksumtype)
+ for (i = 0; i < krb5int_cksumtypes_length; i++) {
+ if (krb5int_cksumtypes_list[i].ctype == cksumtype)
break;
}
- if (i == krb5_cksumtypes_length)
+ if (i == krb5int_cksumtypes_length)
return NULL;
- return &krb5_cksumtypes_list[i];
+ return &krb5int_cksumtypes_list[i];
}
#ifdef DEBUG_IOV
{
unsigned int i;
- for (i=0; i<krb5_cksumtypes_length; i++) {
- if (krb5_cksumtypes_list[i].ctype == cksumtype)
+ for (i=0; i<krb5int_cksumtypes_length; i++) {
+ if (krb5int_cksumtypes_list[i].ctype == cksumtype)
break;
}
- if (i == krb5_cksumtypes_length)
+ if (i == krb5int_cksumtypes_length)
return KRB5_BAD_ENCTYPE;
- if (krb5_cksumtypes_list[i].keyhash)
- *length = krb5_cksumtypes_list[i].keyhash->hashsize;
- else if (krb5_cksumtypes_list[i].trunc_size)
- *length = krb5_cksumtypes_list[i].trunc_size;
+ if (krb5int_cksumtypes_list[i].keyhash)
+ *length = krb5int_cksumtypes_list[i].keyhash->hashsize;
+ else if (krb5int_cksumtypes_list[i].trunc_size)
+ *length = krb5int_cksumtypes_list[i].trunc_size;
else
- *length = krb5_cksumtypes_list[i].hash->hashsize;
+ *length = krb5int_cksumtypes_list[i].hash->hashsize;
return 0;
}
{
unsigned int i;
- for (i = 0; i < krb5_cksumtypes_length; i++) {
- if (krb5_cksumtypes_list[i].ctype == cksumtype) {
- if (strlcpy(buffer, krb5_cksumtypes_list[i].out_string,
+ for (i = 0; i < krb5int_cksumtypes_length; i++) {
+ if (krb5int_cksumtypes_list[i].ctype == cksumtype) {
+ if (strlcpy(buffer, krb5int_cksumtypes_list[i].out_string,
buflen) >= buflen)
return ENOMEM;
return 0;
#include "keyhash_provider.h"
#include "cksumtypes.h"
-const struct krb5_cksumtypes krb5_cksumtypes_list[] = {
+const struct krb5_cksumtypes krb5int_cksumtypes_list[] = {
{ CKSUMTYPE_CRC32, KRB5_CKSUMFLAG_NOT_COLL_PROOF,
"crc32", { 0 }, "CRC-32",
0, NULL,
NULL }
};
-const unsigned int krb5_cksumtypes_length =
- sizeof(krb5_cksumtypes_list) / sizeof(struct krb5_cksumtypes);
+const unsigned int krb5int_cksumtypes_length =
+ sizeof(krb5int_cksumtypes_list) / sizeof(struct krb5_cksumtypes);
#define KRB5_CKSUMFLAG_DERIVE 0x0001
#define KRB5_CKSUMFLAG_NOT_COLL_PROOF 0x0002
-extern const struct krb5_cksumtypes krb5_cksumtypes_list[];
-extern const unsigned int krb5_cksumtypes_length;
+extern const struct krb5_cksumtypes krb5int_cksumtypes_list[];
+extern const unsigned int krb5int_cksumtypes_length;
#endif
{
unsigned int i;
- for (i = 0; i < krb5_cksumtypes_length; i++) {
- if (krb5_cksumtypes_list[i].ctype == ctype)
- return((krb5_cksumtypes_list[i].flags &
+ for (i = 0; i < krb5int_cksumtypes_length; i++) {
+ if (krb5int_cksumtypes_list[i].ctype == ctype)
+ return((krb5int_cksumtypes_list[i].flags &
KRB5_CKSUMFLAG_NOT_COLL_PROOF) ? FALSE : TRUE);
}
/*
* Concatenate the two keys together, and then run them through
* n-fold to reduce them to a length appropriate for the random-to-key
- * operation. Note here that krb5_nfold() takes sizes in bits, hence
+ * operation. Note here that krb5int_nfold() takes sizes in bits, hence
* the multiply by 8.
*/
memcpy(combined, r1, keybytes);
memcpy(combined + keybytes, r2, keybytes);
- krb5_nfold((keybytes * 2) * 8, combined, keybytes * 8, rnd);
+ krb5int_nfold((keybytes * 2) * 8, combined, keybytes * 8, rnd);
/*
* Run the "random" bits through random-to-key to produce a encryption
myalloc = TRUE;
}
- ret = krb5_derive_keyblock(enc, tkey, outkey, &input);
+ ret = krb5int_derive_keyblock(enc, tkey, outkey, &input);
if (ret) {
if (myalloc) {
free(outkey->contents);
if (in_constant->length == inblock.length) {
memcpy(inblock.data, in_constant->data, inblock.length);
} else {
- krb5_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
+ krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
inblock.length*8, (unsigned char *) inblock.data);
}
#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
krb5_error_code
-krb5_dk_make_checksum(const struct krb5_hash_provider *hash,
+krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
const krb5_data *input, krb5_data *output)
{
/*
* key->length will be tested in enc->encrypt.
- * output->length will be tested in krb5_hmac.
+ * output->length will be tested in krb5int_hmac.
*/
/* Derive the key. */
datain.data[4] = (char) 0x99;
- ret = krb5_derive_key(enc, key, &kc, &datain);
+ ret = krb5int_derive_key(enc, key, &kc, &datain);
if (ret)
return ret;
datain = *input;
- ret = krb5_hmac(hash, kc, 1, &datain, output);
+ ret = krb5int_hmac(hash, kc, 1, &datain, output);
if (ret)
memset(output->data, 0, output->length);
/*
* key->length will be tested in enc->encrypt.
- * output->length will be tested in krb5_hmac.
+ * output->length will be tested in krb5int_hmac.
*/
/* Derive the key. */
datain.data[4] = (char) 0x99;
- ret = krb5_derive_key(enc, key, &kc, &datain);
+ ret = krb5int_derive_key(enc, key, &kc, &datain);
if (ret)
return ret;
/*
* Compute a derived key into the keyblock outkey. This variation on
- * krb5_derive_key does not cache the result, as it is only used
+ * krb5int_derive_key does not cache the result, as it is only used
* directly in situations which are not expected to be repeated with
* the same inkey and constant.
*/
krb5_error_code
-krb5_derive_keyblock(const struct krb5_enc_provider *enc,
+krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_keyblock *outkey,
const krb5_data *in_constant)
{
if (in_constant->length == inblock.length) {
memcpy(inblock.data, in_constant->data, inblock.length);
} else {
- krb5_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
+ krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
inblock.length*8, (unsigned char *) inblock.data);
}
}
krb5_error_code
-krb5_derive_key(const struct krb5_enc_provider *enc,
+krb5int_derive_key(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_key *outkey,
const krb5_data *in_constant)
{
keyblock.contents = malloc(keyblock.length);
if (keyblock.contents == NULL)
return ENOMEM;
- ret = krb5_derive_keyblock(enc, inkey, &keyblock, in_constant);
+ ret = krb5int_derive_keyblock(enc, inkey, &keyblock, in_constant);
if (ret)
goto cleanup;
}
krb5_error_code
-krb5_derive_random(const struct krb5_enc_provider *enc,
+krb5int_derive_random(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_data *outrnd,
const krb5_data *in_constant)
{
if (in_constant->length == inblock.length) {
memcpy(inblock.data, in_constant->data, inblock.length);
} else {
- krb5_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
+ krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
inblock.length*8, (unsigned char *) inblock.data);
}
#include "k5-int.h"
-void krb5_dk_encrypt_length(const struct krb5_enc_provider *enc,
+void
+krb5int_dk_encrypt_length(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
size_t input, size_t *length);
-krb5_error_code krb5_dk_encrypt(const struct krb5_enc_provider *enc,
+krb5_error_code
+krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
const krb5_data *ivec,
const krb5_data *input, krb5_data *output);
-void krb5int_aes_encrypt_length(const struct krb5_enc_provider *enc,
+void
+krb5int_aes_encrypt_length(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
size_t input, size_t *length);
-krb5_error_code krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
+krb5_error_code
+krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key,
krb5_keyusage usage,
const krb5_data *input,
krb5_data *output);
-krb5_error_code krb5_dk_decrypt(const struct krb5_enc_provider *enc,
+krb5_error_code
+krb5int_dk_decrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
const krb5_data *ivec, const krb5_data *input,
krb5_data *arg_output);
-krb5_error_code krb5int_aes_dk_decrypt(const struct krb5_enc_provider *enc,
+krb5_error_code
+krb5int_aes_dk_decrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key,
krb5_keyusage usage,
const krb5_data *input,
krb5_data *arg_output);
-krb5_error_code krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
+krb5_error_code
+krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
const krb5_data *string,
const krb5_data *salt,
const krb5_data *params,
krb5_keyblock *key);
-krb5_error_code krb5_derive_keyblock(const struct krb5_enc_provider *enc,
+krb5_error_code
+krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
krb5_key inkey,
krb5_keyblock *outkey,
const krb5_data *in_constant);
-krb5_error_code krb5_derive_key(const struct krb5_enc_provider *enc,
+krb5_error_code
+krb5_derive_key(const struct krb5_enc_provider *enc,
krb5_key inkey,
krb5_key *outkey,
const krb5_data *in_constant);
-krb5_error_code krb5_dk_make_checksum(const struct krb5_hash_provider *hash,
+krb5_error_code
+krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
krb5_key key,
krb5_keyusage usage,
const krb5_data *input,
krb5_data *output);
krb5_error_code
-krb5_derive_random(const struct krb5_enc_provider *enc,
+krb5int_derive_random(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_data *outrnd,
const krb5_data *in_constant);
d1.data[4] = 0xAA;
- ret = krb5_derive_key(enc, key, &ke, &d1);
+ ret = krb5int_derive_key(enc, key, &ke, &d1);
if (ret != 0)
goto cleanup;
d1.data[4] = 0x55;
- ret = krb5_derive_key(enc, key, &ki, &d1);
+ ret = krb5int_derive_key(enc, key, &ki, &d1);
if (ret != 0)
goto cleanup;
d1.data[4] = 0xAA;
- ret = krb5_derive_key(enc, key, &ke, &d1);
+ ret = krb5int_derive_key(enc, key, &ke, &d1);
if (ret != 0)
goto cleanup;
d1.data[4] = 0x55;
- ret = krb5_derive_key(enc, key, &ki, &d1);
+ ret = krb5int_derive_key(enc, key, &ki, &d1);
if (ret != 0)
goto cleanup;
int ivec_mode);
krb5_error_code
-krb5_dk_decrypt(const struct krb5_enc_provider *enc,
+krb5int_dk_decrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
const krb5_data *ivec, const krb5_data *input,
d1.data[4] = (char) 0xAA;
- ret = krb5_derive_key(enc, key, &ke, &d1);
+ ret = krb5int_derive_key(enc, key, &ke, &d1);
if (ret != 0)
goto cleanup;
d1.data[4] = 0x55;
- ret = krb5_derive_key(enc, key, &ki, &d1);
+ ret = krb5int_derive_key(enc, key, &ki, &d1);
if (ret != 0)
goto cleanup;
d1.length = hashsize;
d1.data = (char *) cksum;
- ret = krb5_hmac(hash, ki, 1, &d2, &d1);
+ ret = krb5int_hmac(hash, ki, 1, &d2, &d1);
if (ret != 0)
goto cleanup;
*/
void
-krb5_dk_encrypt_length(const struct krb5_enc_provider *enc,
+krb5int_dk_encrypt_length(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
size_t inputlen, size_t *length)
{
}
krb5_error_code
-krb5_dk_encrypt(const struct krb5_enc_provider *enc,
+krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
const krb5_data *ivec, const krb5_data *input,
blocksize = enc->block_size;
plainlen = krb5_roundup(blocksize + input->length, blocksize);
- krb5_dk_encrypt_length(enc, hash, input->length, &enclen);
+ krb5int_dk_encrypt_length(enc, hash, input->length, &enclen);
/* key->length, ivec will be tested in enc->encrypt. */
d1.data[4] = (char) 0xAA;
- ret = krb5_derive_key(enc, key, &ke, &d1);
+ ret = krb5int_derive_key(enc, key, &ke, &d1);
if (ret != 0)
goto cleanup;
d1.data[4] = 0x55;
- ret = krb5_derive_key(enc, key, &ki, &d1);
+ ret = krb5int_derive_key(enc, key, &ki, &d1);
if (ret != 0)
goto cleanup;
output->length = enclen;
- ret = krb5_hmac(hash, ki, 1, &d1, &d2);
+ ret = krb5int_hmac(hash, ki, 1, &d1, &d2);
if (ret != 0) {
memset(d2.data, 0, d2.length);
goto cleanup;
tmp.data = malloc(hashsize);
if (tmp.data == NULL)
return ENOMEM;
- ret = krb5_hmac(hash, ki, num, input, &tmp);
+ ret = krb5int_hmac(hash, ki, num, input, &tmp);
if (ret == 0)
memcpy(output->data, tmp.data, output->length);
memset(tmp.data, 0, hashsize);
d1.data[4] = (char) 0xAA;
- ret = krb5_derive_key(enc, key, &ke, &d1);
+ ret = krb5int_derive_key(enc, key, &ke, &d1);
if (ret != 0)
goto cleanup;
d1.data[4] = 0x55;
- ret = krb5_derive_key(enc, key, &ki, &d1);
+ ret = krb5int_derive_key(enc, key, &ki, &d1);
if (ret != 0)
goto cleanup;
krb5_keyblock foldkeyblock;
krb5_key foldkey = NULL;
- /* keyblock->length is checked by krb5_derive_key. */
+ /* keyblock->length is checked by krb5int_derive_key. */
keybytes = enc->keybytes;
keylength = enc->keylength;
if (salt)
memcpy(concat + string->length, salt->data, salt->length);
- krb5_nfold(concatlen*8, concat, keybytes*8, foldstring);
+ krb5int_nfold(concatlen*8, concat, keybytes*8, foldstring);
indata.length = keybytes;
indata.data = (char *) foldstring;
indata.length = kerberos_len;
indata.data = (char *) kerberos;
- ret = krb5_derive_keyblock(enc, foldkey, keyblock, &indata);
+ ret = krb5int_derive_keyblock(enc, foldkey, keyblock, &indata);
if (ret != 0)
memset(keyblock->contents, 0, keyblock->length);
that the keytypes are all near each other. I'd rather not make
that assumption. */
-const struct krb5_keytypes krb5_enctypes_list[] = {
+const struct krb5_keytypes krb5int_enctypes_list[] = {
{ ENCTYPE_DES_CBC_CRC,
"des-cbc-crc", { 0 }, "DES cbc mode with CRC-32",
&krb5int_enc_des, &krb5int_hash_crc32,
16,
- krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
+ krb5int_old_encrypt_length, krb5int_old_encrypt, krb5int_old_decrypt,
krb5int_des_string_to_key,
krb5int_des_prf,
CKSUMTYPE_RSA_MD5,
"des-cbc-md4", { 0 }, "DES cbc mode with RSA-MD4",
&krb5int_enc_des, &krb5int_hash_md4,
16,
- krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
+ krb5int_old_encrypt_length, krb5int_old_encrypt, krb5int_old_decrypt,
krb5int_des_string_to_key,
krb5int_des_prf,
CKSUMTYPE_RSA_MD4,
"des-cbc-md5", { "des" }, "DES cbc mode with RSA-MD5",
&krb5int_enc_des, &krb5int_hash_md5,
16,
- krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt,
+ krb5int_old_encrypt_length, krb5int_old_encrypt, krb5int_old_decrypt,
krb5int_des_string_to_key,
krb5int_des_prf,
CKSUMTYPE_RSA_MD5,
"des-cbc-raw", { 0 }, "DES cbc mode raw",
&krb5int_enc_des, NULL,
16,
- krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
+ krb5_raw_encrypt_length, krb5int_raw_encrypt, krb5int_raw_decrypt,
krb5int_des_string_to_key,
krb5int_des_prf,
0,
"des3-cbc-raw", { 0 }, "Triple DES cbc mode raw",
&krb5int_enc_des3, NULL,
16,
- krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt,
+ krb5_raw_encrypt_length, krb5int_raw_encrypt, krb5int_raw_decrypt,
krb5int_dk_string_to_key,
NULL, /*PRF*/
0,
"Triple DES cbc mode with HMAC/sha1",
&krb5int_enc_des3, &krb5int_hash_sha1,
16,
- krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
+ krb5int_dk_encrypt_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
krb5int_dk_string_to_key,
krb5int_dk_prf,
CKSUMTYPE_HMAC_SHA1_DES3,
"des-hmac-sha1", { 0 }, "DES with HMAC/sha1",
&krb5int_enc_des, &krb5int_hash_sha1,
8,
- krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
+ krb5int_dk_encrypt_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
krb5int_dk_string_to_key,
NULL, /*PRF*/
0,
&krb5int_enc_arcfour,
&krb5int_hash_md5,
20,
- krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
- krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+ krb5int_arcfour_encrypt_length, krb5int_arcfour_encrypt,
+ krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
krb5int_arcfour_prf, /*PRF*/
CKSUMTYPE_HMAC_MD5_ARCFOUR,
&krb5int_aead_arcfour,
&krb5int_enc_arcfour,
&krb5int_hash_md5,
20,
- krb5_arcfour_encrypt_length, krb5_arcfour_encrypt,
- krb5_arcfour_decrypt, krb5int_arcfour_string_to_key,
+ krb5int_arcfour_encrypt_length, krb5int_arcfour_encrypt,
+ krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
krb5int_arcfour_prf, /*PRF*/
CKSUMTYPE_HMAC_MD5_ARCFOUR,
&krb5int_aead_arcfour,
0 /*flags*/ },
};
-const int krb5_enctypes_length =
- sizeof(krb5_enctypes_list) / sizeof(struct krb5_keytypes);
+const int krb5int_enctypes_length =
+ sizeof(krb5int_enctypes_list) / sizeof(struct krb5_keytypes);
#define ETYPE_WEAK 1
-extern const struct krb5_keytypes krb5_enctypes_list[];
-extern const int krb5_enctypes_length;
+extern const struct krb5_keytypes krb5int_enctypes_list[];
+extern const int krb5int_enctypes_length;
static inline const struct krb5_keytypes *
find_enctype(krb5_enctype enctype)
{
int i;
- for (i = 0; i < krb5_enctypes_length; i++) {
- if (krb5_enctypes_list[i].etype == enctype)
+ for (i = 0; i < krb5int_enctypes_length; i++) {
+ if (krb5int_enctypes_list[i].etype == enctype)
break;
}
- if (i == krb5_enctypes_length)
+ if (i == krb5int_enctypes_length)
return NULL;
- return &krb5_enctypes_list[i];
+ return &krb5int_enctypes_list[i];
}
*cksumtypes = NULL;
nctypes = 0;
- for (i = 0; i < krb5_cksumtypes_length; i++) {
- ct = &krb5_cksumtypes_list[i];
+ for (i = 0; i < krb5int_cksumtypes_length; i++) {
+ ct = &krb5int_cksumtypes_list[i];
if ((ct->keyhash && etype_match(ct->keyed_etype, enctype)) ||
(ct->flags & KRB5_CKSUMFLAG_DERIVE))
nctypes++;
return ENOMEM;
c = 0;
- for (i = 0; i < krb5_cksumtypes_length; i++) {
- ct = &krb5_cksumtypes_list[i];
+ for (i = 0; i < krb5int_cksumtypes_length; i++) {
+ ct = &krb5int_cksumtypes_list[i];
if ((ct->keyhash && etype_match(ct->keyed_etype, enctype)) ||
(ct->flags & KRB5_CKSUMFLAG_DERIVE))
- ctypes[c++] = krb5_cksumtypes_list[i].ctype;
+ ctypes[c++] = krb5int_cksumtypes_list[i].ctype;
}
*count = nctypes;
unsigned int i;
const struct krb5_cksumtypes *ctp;
- for (i = 0; i < krb5_cksumtypes_length; i++) {
- ctp = &krb5_cksumtypes_list[i];
+ for (i = 0; i < krb5int_cksumtypes_length; i++) {
+ ctp = &krb5int_cksumtypes_list[i];
if (ctp->ctype == ctype) {
return (ctp->keyhash != NULL ||
(ctp->flags & KRB5_CKSUMFLAG_DERIVE));
ks_constant.data = "signaturekey";
ks_constant.length = strlen(ks_constant.data)+1; /* Including null*/
- ret = krb5_hmac( &krb5int_hash_md5, key, 1,
+ ret = krb5int_hmac( &krb5int_hash_md5, key, 1,
&ks_constant, &ds);
if (ret)
goto cleanup;
if (ret)
goto cleanup;
- krb5_MD5Init (&ctx);
+ krb5int_MD5Init (&ctx);
ms_usage = krb5int_arcfour_translate_usage (usage);
store_32_le(ms_usage, t);
- krb5_MD5Update (&ctx, (unsigned char * ) &t, 4);
- krb5_MD5Update (&ctx, (unsigned char *) input-> data,
+ krb5int_MD5Update (&ctx, (unsigned char * ) &t, 4);
+ krb5int_MD5Update (&ctx, (unsigned char *) input-> data,
(unsigned int) input->length );
- krb5_MD5Final(&ctx);
+ krb5int_MD5Final(&ctx);
md5tmp.data = (void *) ctx.digest;
md5tmp.length = 16;
- ret = krb5_hmac ( &krb5int_hash_md5, ks, 1, &md5tmp,
+ ret = krb5int_hmac ( &krb5int_hash_md5, ks, 1, &md5tmp,
output);
cleanup:
ks_constant.data = "signaturekey";
ks_constant.length = strlen(ks_constant.data)+1; /* Including null*/
- ret = krb5_hmac( &krb5int_hash_md5, key, 1,
+ ret = krb5int_hmac( &krb5int_hash_md5, key, 1,
&ks_constant, &ds);
if (ret)
goto cleanup;
if (ret)
goto cleanup;
- krb5_MD5Init (&ctx);
+ krb5int_MD5Init (&ctx);
ms_usage = krb5int_arcfour_translate_usage (usage);
store_32_le(ms_usage, t);
- krb5_MD5Update (&ctx, (unsigned char * ) &t, 4);
+ krb5int_MD5Update (&ctx, (unsigned char * ) &t, 4);
for (i = 0; i < num_data; i++) {
const krb5_crypto_iov *iov = &data[i];
if (SIGN_IOV(iov))
- krb5_MD5Update (&ctx, (unsigned char *)iov->data.data,
+ krb5int_MD5Update (&ctx, (unsigned char *)iov->data.data,
(unsigned int)iov->data.length);
}
- krb5_MD5Final(&ctx);
+ krb5int_MD5Final(&ctx);
md5tmp.data = (void *) ctx.digest;
md5tmp.length = 16;
- ret = krb5_hmac ( &krb5int_hash_md5, ks, 1, &md5tmp,
+ ret = krb5int_hmac ( &krb5int_hash_md5, ks, 1, &md5tmp,
output);
cleanup:
#define CONFLENGTH 8
/* Force acceptance of krb5-beta5 md4des checksum for now. */
-#define KRB5_MD4DES_BETA5_COMPAT
+#define KRB5int_MD4DES_BETA5_COMPAT
/* des-cbc(xorkey, conf | rsa-md4(conf | data)) */
/* hash the confounder, then the input data */
- krb5_MD4Init(&ctx);
- krb5_MD4Update(&ctx, conf, CONFLENGTH);
- krb5_MD4Update(&ctx, (unsigned char *) input->data,
+ krb5int_MD4Init(&ctx);
+ krb5int_MD4Update(&ctx, conf, CONFLENGTH);
+ krb5int_MD4Update(&ctx, (unsigned char *) input->data,
(unsigned int) input->length);
- krb5_MD4Final(&ctx);
+ krb5int_MD4Final(&ctx);
/* construct the buffer to be encrypted */
if (key->keyblock.length != 8)
return(KRB5_BAD_KEYSIZE);
if (hash->length != (CONFLENGTH+RSA_MD4_CKSUM_LENGTH)) {
-#ifdef KRB5_MD4DES_BETA5_COMPAT
+#ifdef KRB5int_MD4DES_BETA5_COMPAT
if (hash->length != RSA_MD4_CKSUM_LENGTH)
return(KRB5_CRYPTO_INTERNAL);
else
/* hash the confounder, then the input data */
- krb5_MD4Init(&ctx);
+ krb5int_MD4Init(&ctx);
if (!compathash) {
- krb5_MD4Update(&ctx, plaintext, CONFLENGTH);
+ krb5int_MD4Update(&ctx, plaintext, CONFLENGTH);
}
- krb5_MD4Update(&ctx, (unsigned char *) input->data,
+ krb5int_MD4Update(&ctx, (unsigned char *) input->data,
(unsigned int) input->length);
- krb5_MD4Final(&ctx);
+ krb5int_MD4Final(&ctx);
/* compare the decrypted hash to the computed one */
#define CONFLENGTH 8
/* Force acceptance of krb5-beta5 md5des checksum for now. */
-#define KRB5_MD5DES_BETA5_COMPAT
+#define KRB5int_MD5DES_BETA5_COMPAT
/* des-cbc(xorkey, conf | rsa-md5(conf | data)) */
/* hash the confounder, then the input data */
- krb5_MD5Init(&ctx);
- krb5_MD5Update(&ctx, conf, CONFLENGTH);
- krb5_MD5Update(&ctx, (unsigned char *) input->data,
+ krb5int_MD5Init(&ctx);
+ krb5int_MD5Update(&ctx, conf, CONFLENGTH);
+ krb5int_MD5Update(&ctx, (unsigned char *) input->data,
(unsigned int) input->length);
- krb5_MD5Final(&ctx);
+ krb5int_MD5Final(&ctx);
/* construct the buffer to be encrypted */
return(KRB5_BAD_KEYSIZE);
if (hash->length != (CONFLENGTH+RSA_MD5_CKSUM_LENGTH)) {
-#ifdef KRB5_MD5DES_BETA5_COMPAT
+#ifdef KRB5int_MD5DES_BETA5_COMPAT
if (hash->length != RSA_MD5_CKSUM_LENGTH)
return(KRB5_CRYPTO_INTERNAL);
else
/* hash the confounder, then the input data */
- krb5_MD5Init(&ctx);
+ krb5int_MD5Init(&ctx);
if (!compathash) {
- krb5_MD5Update(&ctx, plaintext, CONFLENGTH);
+ krb5int_MD5Update(&ctx, plaintext, CONFLENGTH);
}
- krb5_MD5Update(&ctx, (unsigned char *) input->data,
+ krb5int_MD5Update(&ctx, (unsigned char *) input->data,
(unsigned) input->length);
- krb5_MD5Final(&ctx);
+ krb5int_MD5Final(&ctx);
/* compare the decrypted hash to the computed one */
unsigned char t[4];
krb5_data ds;
- krb5_MD5Init(&ctx);
+ krb5int_MD5Init(&ctx);
ms_usage = krb5int_arcfour_translate_usage (usage);
store_32_le(ms_usage, t);
- krb5_MD5Update(&ctx, t, sizeof(t));
- krb5_MD5Update(&ctx, (unsigned char *)input->data, input->length);
- krb5_MD5Final(&ctx);
+ krb5int_MD5Update(&ctx, t, sizeof(t));
+ krb5int_MD5Update(&ctx, (unsigned char *)input->data, input->length);
+ krb5int_MD5Final(&ctx);
ds.magic = KV5M_DATA;
ds.length = 16;
ds.data = (char *)ctx.digest;
- return krb5_hmac ( &krb5int_hash_md5, key, 1, &ds, output);
+ return krb5int_hmac ( &krb5int_hash_md5, key, 1, &ds, output);
}
const struct krb5_keyhash_provider krb5int_keyhash_md5_hmac = {
krb5_error_code ret;
size_t cksumlen;
- for (i = 0; i < krb5_cksumtypes_length; i++) {
- if (krb5_cksumtypes_list[i].ctype == cksumtype)
+ for (i = 0; i < krb5int_cksumtypes_length; i++) {
+ if (krb5int_cksumtypes_list[i].ctype == cksumtype)
break;
}
- if (i == krb5_cksumtypes_length)
+ if (i == krb5int_cksumtypes_length)
return KRB5_BAD_ENCTYPE;
- ctp = &krb5_cksumtypes_list[i];
+ ctp = &krb5int_cksumtypes_list[i];
if (ctp->keyhash != NULL)
cksumlen = ctp->keyhash->hashsize;
ret = (*keyhash->hash)(key, usage, 0, input, &data);
}
} else if (ctp->flags & KRB5_CKSUMFLAG_DERIVE) {
- ret = krb5_dk_make_checksum(ctp->hash, key, usage, input, &data);
+ ret = krb5int_dk_make_checksum(ctp->hash, key, usage, input, &data);
} else {
/* No key is used. */
ret = (*ctp->hash->hash)(1, input, &data);
krb5_crypto_iov *checksum;
const struct krb5_cksumtypes *ctp;
- for (i = 0; i < krb5_cksumtypes_length; i++) {
- if (krb5_cksumtypes_list[i].ctype == cksumtype)
+ for (i = 0; i < krb5int_cksumtypes_length; i++) {
+ if (krb5int_cksumtypes_list[i].ctype == cksumtype)
break;
}
- if (i == krb5_cksumtypes_length)
+ if (i == krb5int_cksumtypes_length)
return KRB5_BAD_ENCTYPE;
- ctp = &krb5_cksumtypes_list[i];
+ ctp = &krb5int_cksumtypes_list[i];
if (ctp->keyhash != NULL)
cksum_data.length = ctp->keyhash->hashsize;
if (cksum_data.data == NULL)
return(ENOMEM);
- ret = krb5int_c_make_checksum_iov(&krb5_cksumtypes_list[i],
+ ret = krb5int_c_make_checksum_iov(&krb5int_cksumtypes_list[i],
key, usage, data, num_data,
&cksum_data);
if (ret == 0) {
/* input length is in bits */
void
-krb5_nfold(unsigned int inbits, const unsigned char *in, unsigned int outbits,
+krb5int_nfold(unsigned int inbits, const unsigned char *in, unsigned int outbits,
unsigned char *out)
{
int a,b,c,lcm;
#include "k5-int.h"
-void krb5_old_encrypt_length
+void krb5int_old_encrypt_length
(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
size_t input, size_t *length);
-krb5_error_code krb5_old_encrypt
+krb5_error_code krb5int_old_encrypt
(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
const krb5_data *ivec, const krb5_data *input,
krb5_data *output);
-krb5_error_code krb5_old_decrypt
+krb5_error_code krb5int_old_decrypt
(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
#include "old.h"
krb5_error_code
-krb5_old_decrypt(const struct krb5_enc_provider *enc,
+krb5int_old_decrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key,
krb5_keyusage usage,
#include "old.h"
void
-krb5_old_encrypt_length(const struct krb5_enc_provider *enc,
+krb5int_old_encrypt_length(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
size_t inputlen,
size_t *length)
}
krb5_error_code
-krb5_old_encrypt(const struct krb5_enc_provider *enc,
+krb5int_old_encrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key,
krb5_keyusage usage,
blocksize = enc->block_size;
hashsize = hash->hashsize;
- krb5_old_encrypt_length(enc, hash, input->length, &enclen);
+ krb5int_old_encrypt_length(enc, hash, input->length, &enclen);
if (output->length < enclen)
return(KRB5_BAD_MSIZE);
return ENOMEM;
hash->hash(1, in, &tmp);
tmp.length = (tmp.length/enc->block_size)*enc->block_size; /*truncate to block size*/
- ret = krb5_derive_key(enc, key, &kp, &prfconst);
+ ret = krb5int_derive_key(enc, key, &kp, &prfconst);
if (ret == 0)
ret = enc->encrypt(kp, NULL, &tmp, out);
krb5_k_free_key(NULL, kp);
krb5_key key, const krb5_data *in, krb5_data *out)
{
assert(out->length == 20);
- return krb5_hmac(&krb5int_hash_sha1, key, 1, in, out);
+ return krb5int_hmac(&krb5int_hash_sha1, key, 1, in, out);
}
const struct krb5_hash_provider *hash,
size_t input, size_t *length);
-krb5_error_code krb5_raw_encrypt
+krb5_error_code krb5int_raw_encrypt
(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
const krb5_data *ivec, const krb5_data *input,
krb5_data *output);
-krb5_error_code krb5_raw_decrypt
+krb5_error_code krb5int_raw_decrypt
(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
#include "raw.h"
krb5_error_code
-krb5_raw_decrypt(const struct krb5_enc_provider *enc,
+krb5int_raw_decrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
const krb5_data *ivec, const krb5_data *input,
}
krb5_error_code
-krb5_raw_encrypt(const struct krb5_enc_provider *enc,
+krb5int_raw_encrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
const krb5_data *ivec, const krb5_data *input,
const char *alias;
const struct krb5_cksumtypes *ctp;
- for (i=0; i<krb5_cksumtypes_length; i++) {
- ctp = &krb5_cksumtypes_list[i];
+ for (i=0; i<krb5int_cksumtypes_length; i++) {
+ ctp = &krb5int_cksumtypes_list[i];
if (strcasecmp(ctp->name, string) == 0) {
*cksumtypep = ctp->ctype;
return 0;
const char *alias;
const struct krb5_keytypes *ktp;
- for (i = 0; i < krb5_enctypes_length; i++) {
- ktp = &krb5_enctypes_list[i];
+ for (i = 0; i < krb5int_enctypes_length; i++) {
+ ktp = &krb5int_enctypes_list[i];
if (strcasecmp(ktp->name, string) == 0) {
*enctypep = ktp->etype;
return 0;
{
unsigned int i;
- for (i = 0; i < krb5_cksumtypes_length; i++) {
- if (krb5_cksumtypes_list[i].ctype == ctype)
+ for (i = 0; i < krb5int_cksumtypes_length; i++) {
+ if (krb5int_cksumtypes_list[i].ctype == ctype)
return TRUE;
}
}
krb5_boolean KRB5_CALLCONV
-krb5_c_weak_enctype(krb5_enctype etype)
+krb5int_c_weak_enctype(krb5_enctype etype)
{
const struct krb5_keytypes *ktp;
krb5_data indata;
krb5_checksum computed;
- for (i=0; i<krb5_cksumtypes_length; i++) {
- if (krb5_cksumtypes_list[i].ctype == cksum->checksum_type)
+ for (i=0; i<krb5int_cksumtypes_length; i++) {
+ if (krb5int_cksumtypes_list[i].ctype == cksum->checksum_type)
break;
}
- if (i == krb5_cksumtypes_length)
+ if (i == krb5int_cksumtypes_length)
return KRB5_BAD_ENCTYPE;
- ctp = &krb5_cksumtypes_list[i];
+ ctp = &krb5int_cksumtypes_list[i];
indata.length = cksum->length;
indata.data = (char *) cksum->contents;
krb5_data computed;
krb5_crypto_iov *checksum;
- for (i = 0; i < krb5_cksumtypes_length; i++) {
- if (krb5_cksumtypes_list[i].ctype == checksum_type)
+ for (i = 0; i < krb5int_cksumtypes_length; i++) {
+ if (krb5int_cksumtypes_list[i].ctype == checksum_type)
break;
}
- if (i == krb5_cksumtypes_length)
+ if (i == krb5int_cksumtypes_length)
return KRB5_BAD_ENCTYPE;
- ctp = &krb5_cksumtypes_list[i];
+ ctp = &krb5int_cksumtypes_list[i];
checksum = krb5int_c_locate_iov((krb5_crypto_iov *)data, num_data,
KRB5_CRYPTO_TYPE_CHECKSUM);
if (computed.data == NULL)
return ENOMEM;
- ret = krb5int_c_make_checksum_iov(&krb5_cksumtypes_list[i], key, usage,
+ ret = krb5int_c_make_checksum_iov(&krb5int_cksumtypes_list[i], key, usage,
data, num_data, &computed);
if (ret) {
free(computed.data);
is_coll_proof_cksum
is_keyed_cksum
-krb5_MD4Final
-krb5_MD4Init
-krb5_MD4Update
-krb5_MD5Final
-krb5_MD5Init
-krb5_MD5Update
-krb5_arcfour_decrypt
-krb5_arcfour_encrypt
-krb5_arcfour_encrypt_length
+krb5int_MD4Final
+krb5int_MD4Init
+krb5int_MD4Update
+krb5int_MD5Final
+krb5int_MD5Init
+krb5int_MD5Update
+krb5int_arcfour_decrypt
+krb5int_arcfour_encrypt
+krb5int_arcfour_encrypt_length
krb5_c_block_size
krb5_c_fx_cf2_simple
krb5_c_checksum_length
krb5_c_valid_enctype
krb5_c_verify_checksum
krb5_c_verify_checksum_iov
-krb5_c_weak_enctype
+krb5int_c_weak_enctype
krb5_calculate_checksum
krb5_checksum_size
krb5_cksumtype_to_string
-krb5_cksumtypes_length
-krb5_cksumtypes_list
+krb5int_cksumtypes_length
+krb5int_cksumtypes_list
krb5_decrypt
krb5_decrypt_data
-krb5_derive_key
-krb5_derive_random
-krb5_dk_decrypt
-krb5_dk_encrypt
-krb5_dk_encrypt_length
-krb5_dk_make_checksum
+krb5int_derive_key
+krb5int_derive_random
+krb5int_dk_decrypt
+krb5int_dk_encrypt
+krb5int_dk_encrypt_length
+krb5int_dk_make_checksum
krb5_eblock_enctype
krb5_encrypt
krb5_encrypt_data
krb5_encrypt_size
krb5_enctype_to_string
-krb5_enctypes_length
-krb5_enctypes_list
+krb5int_enctypes_length
+krb5int_enctypes_list
krb5_finish_key
krb5_finish_random_key
krb5_free_cksumtypes
-krb5_hmac
+krb5int_hmac
krb5_init_random_key
krb5_k_create_key
krb5_k_decrypt
krb5_k_make_checksum_iov
krb5_k_verify_checksum
krb5_k_verify_checksum_iov
-krb5_nfold
-krb5_old_decrypt
-krb5_old_encrypt
-krb5_old_encrypt_length
+krb5int_nfold
+krb5int_old_decrypt
+krb5int_old_encrypt
+krb5int_old_encrypt_length
krb5_process_key
krb5_random_confounder
krb5_random_key
-krb5_raw_decrypt
-krb5_raw_encrypt
+krb5int_raw_decrypt
+krb5int_raw_encrypt
krb5_raw_encrypt_length
krb5_string_to_cksumtype
krb5_string_to_enctype
if (err)
goto cleanup;
- err = krb5_derive_keyblock (enc, tempkey, key, &usage);
+ err = krb5int_derive_keyblock (enc, tempkey, key, &usage);
cleanup:
if (err)
const char *const krb5int_arcfour_l40 = "fortybits";
void
-krb5_arcfour_encrypt_length(const struct krb5_enc_provider *enc,
+krb5int_arcfour_encrypt_length(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
size_t inputlen, size_t *length)
{
/* RFC 4757 */
krb5_error_code
-krb5_arcfour_encrypt(const struct krb5_enc_provider *enc,
+krb5int_arcfour_encrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
const krb5_data *ivec, const krb5_data *input,
salt.length=4;
store_32_le(ms_usage, salt.data);
}
- krb5_hmac(hash, key, 1, &salt, &d1);
+ krb5int_hmac(hash, key, 1, &salt, &d1);
memcpy(k2.contents, k1.contents, k2.length);
/* This is the arcfour-hmac decryption routine */
krb5_error_code
-krb5_arcfour_decrypt(const struct krb5_enc_provider *enc,
+krb5int_arcfour_decrypt(const struct krb5_enc_provider *enc,
const struct krb5_hash_provider *hash,
krb5_key key, krb5_keyusage usage,
const krb5_data *ivec, const krb5_data *input,
salt.length = 4;
store_32_le(ms_usage, salt.data);
}
- ret = krb5_hmac(hash, key, 1, &salt, &d1);
+ ret = krb5int_hmac(hash, key, 1, &salt, &d1);
if (ret)
goto cleanup;
#define ARCFOUR_H
extern void
-krb5_arcfour_encrypt_length(const struct krb5_enc_provider *,
+krb5int_arcfour_encrypt_length(const struct krb5_enc_provider *,
const struct krb5_hash_provider *,
size_t,
size_t *);
-extern
-krb5_error_code krb5_arcfour_encrypt(const struct krb5_enc_provider *,
+extern krb5_error_code
+krb5int_arcfour_encrypt(const struct krb5_enc_provider *,
const struct krb5_hash_provider *,
krb5_key,
krb5_keyusage,
const krb5_data *,
krb5_data *);
-extern
-krb5_error_code krb5_arcfour_decrypt(const struct krb5_enc_provider *,
+extern krb5_error_code
+krb5int_arcfour_decrypt(const struct krb5_enc_provider *,
const struct krb5_hash_provider *,
krb5_key,
krb5_keyusage,
const krb5_data *,
krb5_data *);
-extern krb5_error_code krb5int_arcfour_string_to_key(
+extern krb5_error_code
+krb5int_arcfour_string_to_key(
const struct krb5_enc_provider *,
const krb5_data *,
const krb5_data *,
salt.length = 4;
store_32_le(ms_usage, salt.data);
}
- ret = krb5_hmac(hash, key, 1, &salt, &d1);
+ ret = krb5int_hmac(hash, key, 1, &salt, &d1);
if (ret != 0)
goto cleanup;
salt.length = 4;
store_32_le(ms_usage, (unsigned char *)salt.data);
}
- ret = krb5_hmac(hash, key, 1, &salt, &d1);
+ ret = krb5int_hmac(hash, key, 1, &salt, &d1);
if (ret != 0)
goto cleanup;
return err;
/* the actual MD4 hash of the data */
- krb5_MD4Init(&md4_context);
- krb5_MD4Update(&md4_context, copystr, copystrlen);
- krb5_MD4Final(&md4_context);
+ krb5int_MD4Init(&md4_context);
+ krb5int_MD4Update(&md4_context, copystr, copystrlen);
+ krb5int_MD4Final(&md4_context);
memcpy(key->contents, md4_context.digest, 16);
#if 0
if (output->length != RSA_MD4_CKSUM_LENGTH)
return(KRB5_CRYPTO_INTERNAL);
- krb5_MD4Init(&ctx);
+ krb5int_MD4Init(&ctx);
for (i=0; i<icount; i++)
- krb5_MD4Update(&ctx, (unsigned char *) input[i].data, input[i].length);
- krb5_MD4Final(&ctx);
+ krb5int_MD4Update(&ctx, (unsigned char *) input[i].data, input[i].length);
+ krb5int_MD4Final(&ctx);
memcpy(output->data, ctx.digest, RSA_MD4_CKSUM_LENGTH);
if (output->length != RSA_MD5_CKSUM_LENGTH)
return(KRB5_CRYPTO_INTERNAL);
- krb5_MD5Init(&ctx);
+ krb5int_MD5Init(&ctx);
for (i=0; i<icount; i++)
- krb5_MD5Update(&ctx, (unsigned char *) input[i].data, input[i].length);
- krb5_MD5Final(&ctx);
+ krb5int_MD5Update(&ctx, (unsigned char *) input[i].data, input[i].length);
+ krb5int_MD5Final(&ctx);
memcpy(output->data, ctx.digest, RSA_MD5_CKSUM_LENGTH);
}
krb5_error_code
-krb5_hmac(const struct krb5_hash_provider *hash, krb5_key key,
+krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,
unsigned int icount, const krb5_data *input, krb5_data *output)
{
return krb5int_hmac_keyblock(hash, &key->keyblock, icount, input, output);
#include <openssl/md4.h>
void
-krb5_MD4Init (krb5_MD4_CTX *mdContext)
+krb5int_MD4Init (krb5_MD4_CTX *mdContext)
{
EVP_MD_CTX_init(&mdContext->ossl_md4_ctx );
EVP_DigestInit_ex(&mdContext->ossl_md4_ctx, EVP_md4(), NULL);
}
void
-krb5_MD4Update (krb5_MD4_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
+krb5int_MD4Update (krb5_MD4_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
{
EVP_DigestUpdate(&mdContext->ossl_md4_ctx, inBuf, inLen);
}
void
-krb5_MD4Final (krb5_MD4_CTX *mdContext)
+krb5int_MD4Final (krb5_MD4_CTX *mdContext)
{
EVP_DigestFinal_ex(&mdContext->ossl_md4_ctx, mdContext->digest , NULL);
EVP_MD_CTX_cleanup(&mdContext->ossl_md4_ctx );
unsigned char digest[16]; /* actual digest after MD4Final call */
} krb5_MD4_CTX;
-extern void krb5_MD4Init(krb5_MD4_CTX *);
-extern void krb5_MD4Update(krb5_MD4_CTX *, const unsigned char *, unsigned int);
-extern void krb5_MD4Final(krb5_MD4_CTX *);
+extern void krb5int_MD4Init(krb5_MD4_CTX *);
+extern void krb5int_MD4Update(krb5_MD4_CTX *, const unsigned char *, unsigned int);
+extern void krb5int_MD4Final(krb5_MD4_CTX *);
/*
**********************************************************************
#include <openssl/evp.h>
#include <openssl/md5.h>
-/* The routine krb5_MD5Init initializes the message-digest context
+/* The routine krb5int_MD5Init initializes the message-digest context
mdContext. All fields are set to zero.
*/
void
-krb5_MD5Init (krb5_MD5_CTX *mdContext)
+krb5int_MD5Init (krb5_MD5_CTX *mdContext)
{
EVP_MD_CTX_init(&mdContext->ossl_md5_ctx);
EVP_DigestInit_ex(&mdContext->ossl_md5_ctx, EVP_md5(), NULL);
}
-/* The routine krb5_MD5Update updates the message-digest context to
+/* The routine krb5int_MD5Update updates the message-digest context to
account for the presence of each of the characters inBuf[0..inLen-1]
in the message whose digest is being computed.
*/
void
-krb5_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
+krb5int_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
{
EVP_DigestUpdate(&mdContext->ossl_md5_ctx, inBuf, inLen);
}
-/* The routine krb5_MD5Final terminates the message-digest computation and
+/* The routine krb5int_MD5Final terminates the message-digest computation and
ends with the desired message digest in mdContext->digest[0...15].
*/
void
-krb5_MD5Final (krb5_MD5_CTX *mdContext)
+krb5int_MD5Final (krb5_MD5_CTX *mdContext)
{
EVP_DigestFinal_ex(&mdContext->ossl_md5_ctx, mdContext->digest, NULL);
EVP_MD_CTX_cleanup(&mdContext->ossl_md5_ctx);
unsigned char digest[16]; /* actual digest after MD5Final call */
} krb5_MD5_CTX;
-extern void krb5_MD5Init(krb5_MD5_CTX *);
-extern void krb5_MD5Update(krb5_MD5_CTX *,const unsigned char *,unsigned int);
-extern void krb5_MD5Final(krb5_MD5_CTX *);
+extern void krb5int_MD5Init(krb5_MD5_CTX *);
+extern void krb5int_MD5Update(krb5_MD5_CTX *,const unsigned char *,unsigned int);
+extern void krb5int_MD5Final(krb5_MD5_CTX *);
#define RSA_MD5_CKSUM_LENGTH 16
#define OLD_RSA_MD5_DES_CKSUM_LENGTH 16
input.length = i;
output.data = (void *) usage_key.contents;
output.length = usage_key.length;
- code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider,
+ code = (*kaccess.krb5int_hmac) (kaccess.md5_hash_provider,
longterm_key, 1, &input, &output);
if (code)
goto cleanup_arcfour;
input.data = ( void *) kd_data;
input.length = kd_data_len;
output.data = (void *) seq_enc_key.contents;
- code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider,
+ code = (*kaccess.krb5int_hmac) (kaccess.md5_hash_provider,
&usage_key, 1, &input, &output);
if (code)
goto cleanup_arcfour;
input.length = i;
output.data = (void *) usage_key.contents;
output.length = usage_key.length;
- code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider,
+ code = (*kaccess.krb5int_hmac) (kaccess.md5_hash_provider,
longterm_key, 1, &input, &output);
if (code)
goto cleanup_arcfour;
input.data = ( void *) kd_data;
input.length = kd_data_len;
output.data = (void *) seq_enc_key.contents;
- code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider,
+ code = (*kaccess.krb5int_hmac) (kaccess.md5_hash_provider,
&usage_key, 1, &input, &output);
if (code)
goto cleanup_arcfour;
for (i = 0; etypes[i]; i++) {
if (!krb5_c_valid_enctype(etypes[i]))
return KRB5_PROG_ETYPE_NOSUPP;
- if (!context->allow_weak_crypto && krb5_c_weak_enctype(etypes[i]))
+ if (!context->allow_weak_crypto && krb5int_c_weak_enctype(etypes[i]))
return KRB5_PROG_ETYPE_NOSUPP;
}
unsigned int i;
assert(etype > 0 && etype <= MAX_ENCTYPE);
- if (!allow_weak && krb5_c_weak_enctype(etype))
+ if (!allow_weak && krb5int_c_weak_enctype(etype))
return;
for (i = 0; i < *count; i++) {
if (list[i] == etype) {
krb5int_access internals_temp;
#endif
S (free_addrlist, krb5int_free_addrlist),
- S (krb5_hmac, krb5int_hmac_keyblock),
+ S (krb5int_hmac, krb5int_hmac_keyblock),
S (krb5_auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype),
S (md5_hash_provider, &krb5int_hash_md5),
S (arcfour_enc_provider, &krb5int_enc_arcfour),
exit(1);
}
- krb5_nfold(inlen,instr,outlen,outstr);
+ krb5int_nfold(inlen,instr,outlen,outstr);
printf("%d-fold(",outlen);
for (i=0; i<(inlen/8); i++)