From 505c79ff465e719a5c22d80047a54aee7e3cf4f6 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 27 Sep 2002 04:26:59 +0000 Subject: [PATCH] Fix DES_INT32 definition Intial merge of KfM des library API. Update krb.h to use offsets from krb_err.et constants as error codes. Fix up definitions of KRB4_32, KRB_INT32, KRB_UINT32. ticket: 1189 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14904 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/kerberosIV/ChangeLog | 11 ++ src/include/kerberosIV/des.h | 202 +++++++++++++++++++---------- src/include/kerberosIV/krb.h | 159 +++++++++++++---------- src/lib/crypto/des/ChangeLog | 18 +++ src/lib/crypto/des/afsstring2key.c | 9 +- src/lib/crypto/des/d3_kysched.c | 6 +- src/lib/crypto/des/des_int.h | 43 +----- src/lib/crypto/des/f_cksum.c | 2 +- src/lib/crypto/des/f_sched.c | 2 +- src/lib/crypto/des/key_sched.c | 2 +- src/lib/des425/ChangeLog | 26 ++++ src/lib/des425/cksum.c | 11 +- src/lib/des425/des.c | 19 ++- src/lib/des425/enc_dec.c | 22 +++- src/lib/des425/key_sched.c | 7 + src/lib/des425/new_rnd_key.c | 25 ++++ src/lib/des425/read_passwd.c | 50 ++++--- src/lib/des425/str_to_key.c | 44 ++++++- 18 files changed, 439 insertions(+), 219 deletions(-) diff --git a/src/include/kerberosIV/ChangeLog b/src/include/kerberosIV/ChangeLog index 46ea0826a..b4cd422c1 100644 --- a/src/include/kerberosIV/ChangeLog +++ b/src/include/kerberosIV/ChangeLog @@ -1,3 +1,14 @@ +2002-09-26 Tom Yu + + * des.h: Some initial work for KfM integration. Clean up + DES_INT32 selection. Set up for inclusion by + lib/crypto/des/des_int.h, which will define a special macro to + prevent the krb4-specific stuff from being declared. + + * krb.h: Initial work for KfM integration. Fix up KRB4_32, and + add KRB_INT32, KRB_UINT32. Change all error code macros to be + offsets from krb_err.et symbols. + 2002-09-18 Ken Raeburn * krb.h: Add extern "C" markers in case a C++ compiler is used. diff --git a/src/include/kerberosIV/des.h b/src/include/kerberosIV/des.h index 8ec32da2e..46a4f527d 100644 --- a/src/include/kerberosIV/des.h +++ b/src/include/kerberosIV/des.h @@ -1,8 +1,8 @@ /* * include/kerberosIV/des.h * - * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. + * Copyright 1987, 1988, 1994, 2002 by the Massachusetts Institute of + * Technology. All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -26,10 +26,82 @@ * Include file for the Data Encryption Standard library. */ +#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) + #include + #if TARGET_RT_MAC_CFM + #error "Use KfM 4.0 SDK headers for CFM compilation." + #endif +#endif + +#ifndef KRB5INT_DES_TYPES_DEFINED +#define KRB5INT_DES_TYPES_DEFINED + +#if TARGET_OS_MAC + #if defined(__MWERKS__) + #pragma import on + #pragma enumsalwaysint on + #endif + #pragma options align=mac68k +#endif + +#include + +#if UINT_MAX >= 0xFFFFFFFFUL +#define DES_INT32 int +#define DES_UINT32 unsigned int +#else +#define DES_INT32 long +#define DES_UINT32 unsigned long +#endif + +typedef unsigned char des_cblock[8]; /* crypto-block size */ +/* + * Key schedule. + * + * This used to be + * + * typedef struct des_ks_struct { union { DES_INT32 pad; des_cblock _;} __; } des_key_schedule[16]; + * + * but it would cause trouble if DES_INT32 is ever more than 4 bytes. + * The reason is that all the encryption functions cast it to + * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If + * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the + * caller-allocated des_key_schedule will be overflowed by the key + * scheduling functions. We can't assume that every platform will + * have an exact 32-bit int, and nothing should be looking inside a + * des_key_schedule anyway. + */ +typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16]; + +#if TARGET_OS_MAC + #if defined(__MWERKS__) + #pragma enumsalwaysint reset + #pragma import reset + #endif + #pragma options align=reset +#endif + +#endif /* KRB5INT_DES_TYPES_DEFINED */ + /* only do the whole thing once */ #ifndef DES_DEFS +/* + * lib/crypto/des/des_int.h defines KRB5INT_CRYPTO_DES_INT temporarily + * to avoid including the defintions and declarations below. The + * reason that the crypto library needs to include this file is that + * it needs to have its types aligned with krb4's types. + */ +#ifndef KRB5INT_CRYPTO_DES_INT #define DES_DEFS +#if TARGET_OS_MAC + #if defined(__MWERKS__) + #pragma import on + #pragma enumsalwaysint on + #endif + #pragma options align=mac68k +#endif + #if defined(_WIN32) && !defined(_WINDOWS) #define _WINDOWS #endif @@ -40,9 +112,6 @@ #endif #include #endif -#ifdef __STDC__ -#include -#endif #include /* need FILE for des_cblock_print_file */ /* Windows declarations */ @@ -51,50 +120,6 @@ #define KRB5_CALLCONV_C #endif -#ifndef KRB4_32 -#ifdef SIZEOF_INT -#if SIZEOF_INT >= 4 -#define KRB4_32 int -#else /* !(SIZEOF_INT >= 4) */ -#define KRB4_32 long -#endif /* !(SIZEOF_INT >= 4) */ -#else /* !defined(SIZEOF_INT) */ -#ifdef __STDC__ -#if INT_MAX >= 0x7fffffff -#define KRB4_32 int -#else /* !(INT_MAX >= 0x7ffffff) */ -#define KRB4_32 long -#endif /* !(INT_MAX >= 0x7ffffff) */ -#else /* !defined(__STDC__) */ -#define KRB4_32 long /* worst case */ -#endif /* !defined(__STDC__) */ -#endif /* !defined(SIZEOF_INT) */ -#endif /* !defined(KRB4_32) */ - -/* Key schedule */ -/* Ick. We need this in here unfortunately... */ -#ifndef DES_INT32 -#define DES_INT32 KRB4_32 -#endif - -/* - * - * NOTE WELL: - * - * This section must be kept in sync with lib/crypto/des/des_int.h, - * until we get around to actually combining them at the source level. - * We can't right now, because both the Mac and Windows platforms are - * using their own versions of krb4 des.h, and that's the one that - * would have to have the definitions because we install it under UNIX. - * - */ -#ifndef KRB5INT_DES_TYPES_DEFINED -#define KRB5INT_DES_TYPES_DEFINED -typedef unsigned char des_cblock[8]; /* crypto-block size */ -typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16]; -#endif -/* end sync */ - #define DES_KEY_SZ (sizeof(des_cblock)) #define DES_ENCRYPT 1 #define DES_DECRYPT 0 @@ -119,7 +144,6 @@ typedef struct des_ks_struct bit_64; #define des_cblock_print(x) des_cblock_print_file(x, stdout) - /* * Function Prototypes */ @@ -132,25 +156,24 @@ des_pcbc_encrypt (C_Block *in, C_Block *out, long length, int enc); unsigned long KRB5_CALLCONV -des_quad_cksum (const unsigned char *in, unsigned KRB4_32 *out, +des_quad_cksum (const unsigned char *in, unsigned DES_INT32 *out, long length, int out_count, C_Block *seed); - +/* + * XXX ABI change: used to return void; also, cns/kfm have signed long + * instead of unsigned long length. + */ +unsigned long KRB5_CALLCONV +des_cbc_cksum(const des_cblock *, des_cblock *, unsigned long, + const des_key_schedule, const des_cblock *); int KRB5_CALLCONV des_string_to_key (const char *, C_Block); -/* new */ -#ifdef KRB5_GENERAL__ -/* Why are we using krb5 types as part of this API? */ -void KRB5_CALLCONV -des_cbc_cksum(const krb5_octet *, krb5_octet *, unsigned long, - const des_key_schedule, const krb5_octet *); -int des_cbc_encrypt(krb5_octet *, krb5_octet *, unsigned long, - const des_key_schedule, const krb5_octet *, int); -krb5_error_code des_read_password(des_cblock *, char *, int); -#endif -/* The unsigned long pointers are indicative of the desired alignment; - the values there aren't really treated as long values. */ -int KRB5_CALLCONV des_ecb_encrypt(unsigned long *, unsigned long *, - const des_key_schedule, int); +/* XXX ABI change: used to return krb5_error_code */ +int KRB5_CALLCONV des_read_password(des_cblock *, char *, int); +int KRB5_CALLCONV des_ecb_encrypt(des_cblock *, des_cblock *, + const des_key_schedule, int); +/* XXX kfm/cns have signed long length */ +int des_cbc_encrypt(des_cblock *, des_cblock *, unsigned long, + const des_key_schedule, const des_cblock *, int); void des_fixup_key_parity(des_cblock); int des_check_key_parity(des_cblock); int KRB5_CALLCONV des_new_random_key(des_cblock); @@ -159,4 +182,51 @@ int des_random_key(des_cblock *); int des_is_weak_key(des_cblock); void des_cblock_print_file(des_cblock *, FILE *fp); +#if TARGET_OS_MAC + +/* + * Stuff ported from KfM follows... + */ + +void afs_string_to_key(char *, char *, des_cblock); + +/* + * AFS string2key support; they should be considered internal, but KfM + * exposes them. + */ +char *des_crypt(const char *, const char *); +char *des_fcrypt(const char *, const char *, char *); +int des_set_key(des_cblock *, des_key_schedule); + +/* + * internal used by des_read_password, but kfm exposes it + */ +int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int); + +void des_3cbc_encrypt(des_cblock *, des_cblock *, long, des_key_schedule, des_key_schedule, des_key_schedule, des_cblock *, int); +void des_3ecb_encrypt(des_cblock *, des_cblock *, des_key_schedule, des_key_schedule, des_key_schedule, int); + +/* + * Should be internal to crypto/des/f_sched.c, but KfM exposes it. + */ +int make_key_sched(des_cblock *, des_key_schedule); + +/* + * XXX need to implement the following three: + */ +void des_generate_random_block(des_cblock); +void des_set_random_generator_seed(des_cblock); +void des_set_sequence_number(des_cblock); + +#endif /* TARGET_OS_MAC */ + +#if TARGET_OS_MAC + #if defined(__MWERKS__) + #pragma enumsalwaysint reset + #pragma import reset + #endif + #pragma options align=reset +#endif + +#endif /* KRB5INT_CRYPTO_DES_INT */ #endif /* DES_DEFS */ diff --git a/src/include/kerberosIV/krb.h b/src/include/kerberosIV/krb.h index 8e22835c1..30376bcfd 100644 --- a/src/include/kerberosIV/krb.h +++ b/src/include/kerberosIV/krb.h @@ -33,6 +33,10 @@ /* Need some defs from des.h */ #include +#define KRB4_32 DES_INT32 +#define KRB_INT32 DES_INT32 +#define KRB_UINT32 DES_UINT32 + #ifdef _WINDOWS #include #endif /* _WINDOWS */ @@ -41,22 +45,10 @@ #define MAX_KRB_ERRORS 256 extern const char *const krb_err_txt[MAX_KRB_ERRORS]; -/* These are not defined for at least SunOS 3.3 and Ultrix 2.2 */ -#if defined(ULTRIX022) || (defined(SunOS) && SunOS < 40) -#define FD_ZERO(p) ((p)->fds_bits[0] = 0) -#define FD_SET(n, p) ((p)->fds_bits[0] |= (1 << (n))) -#define FD_ISSET(n, p) ((p)->fds_bits[0] & (1 << (n))) -#endif /* ULTRIX022 || SunOS */ - /* General definitions */ #define KSUCCESS 0 #define KFAILURE 255 -#ifdef NO_UIDGID_T -typedef unsigned short uid_t; -typedef unsigned short gid_t; -#endif /* NO_UIDGID_T */ - /* * Kerberos specific definitions * @@ -92,7 +84,7 @@ typedef unsigned short gid_t; #define MAX_HSTNM 100 #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ -#define DEFAULT_TKT_LIFE 255 /* default lifetime for krb_mk_req */ +#define DEFAULT_TKT_LIFE 120 /* default lifetime for krb_mk_req */ #endif /* Definition of text structure used to pass text around */ @@ -160,6 +152,10 @@ struct credentials { KRB4_32 issue_date; /* The issue time */ char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* Principal's instance */ +#if TARGET_OS_MAC + KRB_UINT32 address; /* Address in ticket */ + KRB_UINT32 stk_type; /* string_to_key function needed */ +#endif }; typedef struct credentials CREDENTIALS; @@ -186,88 +182,89 @@ typedef struct msg_dat MSG_DAT; #define TKT_ROOT "/tmp/tkt" #endif /* PC */ -/* Error codes returned from the KDC */ -#define KDC_OK 0 /* Request OK */ -#define KDC_NAME_EXP 1 /* Principal expired */ -#define KDC_SERVICE_EXP 2 /* Service expired */ -#define KDC_AUTH_EXP 3 /* Auth expired */ -#define KDC_PKT_VER 4 /* Protocol version unknown */ -#define KDC_P_MKEY_VER 5 /* Wrong master key version */ -#define KDC_S_MKEY_VER 6 /* Wrong master key version */ -#define KDC_BYTE_ORDER 7 /* Byte order unknown */ -#define KDC_PR_UNKNOWN 8 /* Principal unknown */ -#define KDC_PR_N_UNIQUE 9 /* Principal not unique */ -#define KDC_NULL_KEY 10 /* Principal has null key */ -#define KDC_GEN_ERR 20 /* Generic error from KDC */ +#include "kerberosIV/krb_err.h" /* XXX FIXME! */ +#define KRB_ET(x) ((KRBET_ ## x) - ERROR_TABLE_BASE_krb) +/* Error codes returned from the KDC */ +#define KDC_OK KRB_ET(KSUCCESS) /* 0 - Request OK */ +#define KDC_NAME_EXP KRB_ET(KDC_NAME_EXP) /* 1 - Principal expired */ +#define KDC_SERVICE_EXP KRB_ET(KDC_SERVICE_EXP) /* 2 - Service expired */ +#define KDC_AUTH_EXP KRB_ET(KDC_AUTH_EXP) /* 3 - Auth expired */ +#define KDC_PKT_VER KRB_ET(KDC_PKT_VER) /* 4 - Prot version unknown */ +#define KDC_P_MKEY_VER KRB_ET(KDC_P_MKEY_VER) /* 5 - Wrong mkey version */ +#define KDC_S_MKEY_VER KRB_ET(KDC_S_MKEY_VER) /* 6 - Wrong mkey version */ +#define KDC_BYTE_ORDER KRB_ET(KDC_BYTE_ORDER) /* 7 - Byte order unknown */ +#define KDC_PR_UNKNOWN KRB_ET(KDC_PR_UNKNOWN) /* 8 - Princ unknown */ +#define KDC_PR_N_UNIQUE KRB_ET(KDC_PR_N_UNIQUE) /* 9 - Princ not unique */ +#define KDC_NULL_KEY KRB_ET(KDC_NULL_KEY) /* 10 - Princ has null key */ +#define KDC_GEN_ERR KRB_ET(KDC_GEN_ERR) /* 20 - Generic err frm KDC */ /* Values returned by get_credentials */ -#define GC_OK 0 /* Retrieve OK */ -#define RET_OK 0 /* Retrieve OK */ -#define GC_TKFIL 21 /* Can't read ticket file */ -#define RET_TKFIL 21 /* Can't read ticket file */ -#define GC_NOTKT 22 /* Can't find ticket or TGT */ -#define RET_NOTKT 22 /* Can't find ticket or TGT */ - +#define GC_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */ +#define RET_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */ +#define GC_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */ +#define RET_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */ +#define GC_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */ +#define RET_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */ /* Values returned by mk_ap_req */ -#define MK_AP_OK 0 /* Success */ -#define MK_AP_TGTEXP 26 /* TGT Expired */ +#define MK_AP_OK KRB_ET(KSUCCESS) /* 0 - Success */ +#define MK_AP_TGTEXP KRB_ET(MK_AP_TGTEXP) /* 26 - TGT Expired */ /* Values returned by rd_ap_req */ -#define RD_AP_OK 0 /* Request authentic */ -#define RD_AP_UNDEC 31 /* Can't decode authenticator */ -#define RD_AP_EXP 32 /* Ticket expired */ -#define RD_AP_NYV 33 /* Ticket not yet valid */ -#define RD_AP_REPEAT 34 /* Repeated request */ -#define RD_AP_NOT_US 35 /* The ticket isn't for us */ -#define RD_AP_INCON 36 /* Request is inconsistent */ -#define RD_AP_TIME 37 /* delta_t too big */ -#define RD_AP_BADD 38 /* Incorrect net address */ -#define RD_AP_VERSION 39 /* protocol version mismatch */ -#define RD_AP_MSG_TYPE 40 /* invalid msg type */ -#define RD_AP_MODIFIED 41 /* message stream modified */ -#define RD_AP_ORDER 42 /* message out of order */ -#define RD_AP_UNAUTHOR 43 /* unauthorized request */ +#define RD_AP_OK KRB_ET(KSUCCESS) /* 0 - Request authentic */ +#define RD_AP_UNDEC KRB_ET(RD_AP_UNDEC) /* 31 - Can't decode authent */ +#define RD_AP_EXP KRB_ET(RD_AP_EXP) /* 32 - Ticket expired */ +#define RD_AP_NYV KRB_ET(RD_AP_NYV) /* 33 - Ticket not yet valid */ +#define RD_AP_REPEAT KRB_ET(RD_AP_REPEAT) /* 34 - Repeated request */ +#define RD_AP_NOT_US KRB_ET(RD_AP_NOT_US) /* 35 - Ticket isn't for us */ +#define RD_AP_INCON KRB_ET(RD_AP_INCON) /* 36 - Request inconsistent */ +#define RD_AP_TIME KRB_ET(RD_AP_TIME) /* 37 - delta_t too big */ +#define RD_AP_BADD KRB_ET(RD_AP_BADD) /* 38 - Incorrect net addr */ +#define RD_AP_VERSION KRB_ET(RD_AP_VERSION) /* 39 - prot vers mismatch */ +#define RD_AP_MSG_TYPE KRB_ET(RD_AP_MSG_TYPE) /* 40 - invalid msg type */ +#define RD_AP_MODIFIED KRB_ET(RD_AP_MODIFIED) /* 41 - msg stream modified */ +#define RD_AP_ORDER KRB_ET(RD_AP_ORDER) /* 42 - message out of order */ +#define RD_AP_UNAUTHOR KRB_ET(RD_AP_UNAUTHOR) /* 43 - unauthorized request */ /* Values returned by get_pw_tkt */ -#define GT_PW_OK 0 /* Got password changing tkt */ -#define GT_PW_NULL 51 /* Current PW is null */ -#define GT_PW_BADPW 52 /* Incorrect current password */ -#define GT_PW_PROT 53 /* Protocol Error */ -#define GT_PW_KDCERR 54 /* Error returned by KDC */ -#define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ - +#define GT_PW_OK KRB_ET(KSUCCESS) /* 0 - Got passwd chg tkt */ +#define GT_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */ +#define GT_PW_BADPW KRB_ET(GT_PW_BADPW) /* 52 - Wrong passwd */ +#define GT_PW_PROT KRB_ET(GT_PW_PROT) /* 53 - Protocol Error */ +#define GT_PW_KDCERR KRB_ET(GT_PW_KDCERR) /* 54 - Error ret by KDC */ +#define GT_PW_NULLTKT KRB_ET(GT_PW_NULLTKT) /* 55 - Null tkt ret by KDC */ /* Values returned by send_to_kdc */ -#define SKDC_OK 0 /* Response received */ -#define SKDC_RETRY 56 /* Retry count exceeded */ -#define SKDC_CANT 57 /* Can't send request */ +#define SKDC_OK KRB_ET(KSUCCESS) /* 0 - Response received */ +#define SKDC_RETRY KRB_ET(SKDC_RETRY) /* 56 - Retry count exceeded */ +#define SKDC_CANT KRB_ET(SKDC_CANT) /* 57 - Can't send request */ /* * Values returned by get_intkt * (can also return SKDC_* and KDC errors) */ -#define INTK_OK 0 /* Ticket obtained */ -#define INTK_W_NOTALL 61 /* Not ALL tickets returned */ -#define INTK_BADPW 62 /* Incorrect password */ -#define INTK_PROT 63 /* Protocol Error */ -#define INTK_ERR 70 /* Other error */ +#define INTK_OK KRB_ET(KSUCCESS) /* 0 - Ticket obtained */ +#define INTK_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */ +#define INTK_W_NOTALL KRB_ET(INTK_W_NOTALL) /* 61 - Not ALL tkts retd */ +#define INTK_BADPW KRB_ET(INTK_BADPW) /* 62 - Incorrect password */ +#define INTK_PROT KRB_ET(INTK_PROT) /* 63 - Protocol Error */ +#define INTK_ERR KRB_ET(INTK_ERR) /* 70 - Other error */ /* Values returned by get_adtkt */ -#define AD_OK 0 /* Ticket Obtained */ -#define AD_NOTGT 71 /* Don't have tgt */ +#define AD_OK KRB_ET(KSUCCESS) /* 0 - Ticket Obtained */ +#define AD_NOTGT KRB_ET(AD_NOTGT) /* 71 - Don't have tgt */ /* Error codes returned by ticket file utilities */ -#define NO_TKT_FIL 76 /* No ticket file found */ -#define TKT_FIL_ACC 77 /* Couldn't access tkt file */ -#define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ -#define TKT_FIL_FMT 79 /* Bad ticket file format */ -#define TKT_FIL_INI 80 /* tf_init not called first */ +#define NO_TKT_FIL KRB_ET(NO_TKT_FIL) /* 76 - No ticket file found */ +#define TKT_FIL_ACC KRB_ET(TKT_FIL_ACC) /* 77 - Can't acc tktfile */ +#define TKT_FIL_LCK KRB_ET(TKT_FIL_LCK) /* 78 - Can't lck tkt file */ +#define TKT_FIL_FMT KRB_ET(TKT_FIL_FMT) /* 79 - Bad tkt file format */ +#define TKT_FIL_INI KRB_ET(TKT_FIL_INI) /* 80 - tf_init not called */ /* Error code returned by kparse_name */ -#define KNAME_FMT 81 /* Bad Kerberos name format */ +#define KNAME_FMT KRB_ET(KNAME_FMT) /* 81 - Bad krb name fmt */ /* Error code returned by krb_mk_safe */ #define SAFE_PRIV_ERROR -1 /* syscall error */ @@ -648,6 +645,24 @@ extern int krb_set_key_krb5(krb5_context ctx, krb5_keyblock *key); #endif +#if TARGET_OS_MAC +/* The following functions are not part of the standard Kerberos v4 API. + * They were created for Mac implementation, and used by admin tools + * such as CNS-Config. */ +extern int KRB5_CALLCONV +krb_get_num_cred(void); + +extern int INTERFACE +krb_get_nth_cred(char *, char *, char *, int); + +extern int INTERFACE +krb_delete_cred(char *, char *,char *); + +extern int INTERFACE +dest_all_tkts(void); + +#endif /* TARGET_OS_MAC */ + #ifdef _WINDOWS HINSTANCE get_lib_instance(void); unsigned int krb_get_notification_message(void); diff --git a/src/lib/crypto/des/ChangeLog b/src/lib/crypto/des/ChangeLog index 254324fbc..d1246b641 100644 --- a/src/lib/crypto/des/ChangeLog +++ b/src/lib/crypto/des/ChangeLog @@ -1,3 +1,21 @@ +2002-09-26 Tom Yu + + * afsstring2key.c (krb5_afs_crypt): Leak this function out as as + mit_afs_crypt to allow for des_crypt and des_fcrypt + implementations for the KfM merge. + + * des_int.h: Change DES_INT32 strategy to include kerberosIV/des.h + with a magic macro defined for skipping krb4-specific stuff. Make + renaming of make_key_sched explicit, to avoid conflict with + kerberosIV/des.h. + + * f_sched.c, key_sched.c, d3_kysched.c: Make renaming of + make_key_sched explicit. + + * f_cksum.c (mit_des_cbc_cksum): Return only the rightmost 32 + bits; this should optimize out on any platform where longs are + exactly 32 bits wide. + 2002-08-29 Ken Raeburn * Makefile.in: Revert $(S)=>/ change, for Windows support. diff --git a/src/lib/crypto/des/afsstring2key.c b/src/lib/crypto/des/afsstring2key.c index 8773397f5..0fe65ba01 100644 --- a/src/lib/crypto/des/afsstring2key.c +++ b/src/lib/crypto/des/afsstring2key.c @@ -61,7 +61,8 @@ #include "des_int.h" #include -static char *afs_crypt (char*,char*,char*); +#define afs_crypt mit_afs_crypt +char *afs_crypt (const char *, const char *, char *); #undef min #define min(a,b) ((a)>(b)?(b):(a)) @@ -337,9 +338,9 @@ static const char S[8][64] = { }; -static char *afs_crypt(pw, salt, iobuf) - char *pw; - char *salt; +char *afs_crypt(pw, salt, iobuf) + const char *pw; + const char *salt; char *iobuf; /* must be at least 16 bytes */ { int i, j, c; diff --git a/src/lib/crypto/des/d3_kysched.c b/src/lib/crypto/des/d3_kysched.c index 6d9c27697..2bc93a9a2 100644 --- a/src/lib/crypto/des/d3_kysched.c +++ b/src/lib/crypto/des/d3_kysched.c @@ -28,9 +28,9 @@ mit_des3_key_sched(k,schedule) mit_des3_cblock k; mit_des3_key_schedule schedule; { - make_key_sched(k[0],schedule[0]); - make_key_sched(k[1],schedule[1]); - make_key_sched(k[2],schedule[2]); + mit_des_make_key_sched(k[0],schedule[0]); + mit_des_make_key_sched(k[1],schedule[1]); + mit_des_make_key_sched(k[2],schedule[2]); if (!mit_des_check_key_parity(k[0])) /* bad parity --> return -1 */ return(-1); diff --git a/src/lib/crypto/des/des_int.h b/src/lib/crypto/des/des_int.h index 1b2a35141..25612767e 100644 --- a/src/lib/crypto/des/des_int.h +++ b/src/lib/crypto/des/des_int.h @@ -1,8 +1,8 @@ /* * lib/crypto/des/des_int.h * - * Copyright 1987, 1988, 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. + * Copyright 1987, 1988, 1990, 2002 by the Massachusetts Institute of + * Technology. All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -64,40 +64,10 @@ #ifndef KRB5_MIT_DES__ #define KRB5_MIT_DES__ -#ifndef DES_INT32 -#ifdef SIZEOF_INT -#if SIZEOF_INT >= 4 -#define DES_INT32 int -#else -#define DES_INT32 long -#endif -#else /* !defined(SIZEOF_INT) */ -#include -#if (UINT_MAX >= 0xffffffff) -#define DES_INT32 int -#else -#define DES_INT32 long -#endif -#endif /* !defined(SIZEOF_INT) */ -#endif /* !defined(DES_INT32) */ +#define KRB5INT_CRYPTO_DES_INT /* skip krb4-specific DES stuff */ +#include "kerberosIV/des.h" /* for des_key_schedule, etc. */ +#undef KRB5INT_CRYPTO_DES_INT /* don't screw other inclusions of des.h */ -/* - * - * NOTE WELL: - * - * This section must be kept in sync with include/kerberosIV/des.h, - * until we get around to actually combining them at the source level. - * We can't right now, because both the Mac and Windows platforms are - * using their own versions of krb4 des.h, and that's the one that - * would have to have the definitions because we install it under UNIX. - * - */ -#ifndef KRB5INT_DES_TYPES_DEFINED -#define KRB5INT_DES_TYPES_DEFINED -typedef unsigned char des_cblock[8]; /* crypto-block size */ -typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16]; -#endif -/* end sync */ typedef des_cblock mit_des_cblock; typedef des_key_schedule mit_des_key_schedule; @@ -217,8 +187,7 @@ krb5_error_code mit_des_combine_subkeys int mit_des_pcbc_encrypt (); /* f_sched.c */ -#define make_key_sched mit_des_make_key_sched -int make_key_sched (mit_des_cblock, mit_des_key_schedule); +int mit_des_make_key_sched(mit_des_cblock, mit_des_key_schedule); /* misc.c */ diff --git a/src/lib/crypto/des/f_cksum.c b/src/lib/crypto/des/f_cksum.c index 87b9c7f4b..8c80751de 100644 --- a/src/lib/crypto/des/f_cksum.c +++ b/src/lib/crypto/des/f_cksum.c @@ -120,5 +120,5 @@ mit_des_cbc_cksum(in, out, length, schedule, ivec) * inconsistantly (with the low order byte of the checksum * not always in the low order byte of the DES_INT32). We won't. */ - return right; + return right & 0xFFFFFFFFUL; } diff --git a/src/lib/crypto/des/f_sched.c b/src/lib/crypto/des/f_sched.c index 6dbde1fcd..a3b1bf0e4 100644 --- a/src/lib/crypto/des/f_sched.c +++ b/src/lib/crypto/des/f_sched.c @@ -220,7 +220,7 @@ static const unsigned DES_INT32 PC2_D[4][64] = { * Permute the key to give us our key schedule. */ int -make_key_sched(key, schedule) +mit_des_make_key_sched(key, schedule) mit_des_cblock key; mit_des_key_schedule schedule; { diff --git a/src/lib/crypto/des/key_sched.c b/src/lib/crypto/des/key_sched.c index c84451dbc..b28c16fae 100644 --- a/src/lib/crypto/des/key_sched.c +++ b/src/lib/crypto/des/key_sched.c @@ -50,7 +50,7 @@ mit_des_key_sched(k,schedule) mit_des_cblock k; mit_des_key_schedule schedule; { - make_key_sched(k,schedule); + mit_des_make_key_sched(k,schedule); if (!mit_des_check_key_parity(k)) /* bad parity --> return -1 */ return(-1); diff --git a/src/lib/des425/ChangeLog b/src/lib/des425/ChangeLog index 92f569f1f..70ee74139 100644 --- a/src/lib/des425/ChangeLog +++ b/src/lib/des425/ChangeLog @@ -1,3 +1,29 @@ +2002-09-26 Tom Yu + + * cksum.c (des_cbc_cksum): Update API for KfM merge. + + * des.c (des_ecb_encrypt): Update API for KfM merge. + (des_3ecb_encrypt): New (emulated) function from KfM. + + * enc_dec.c (des_cbc_encrypt): Update API for KfM merge. + (des_3cbc_encrypt): New (emulated) function from KfM. + + * key_sched.c (make_key_sched): New (emulated) function for KfM. + + * new_rnd_key.c (des_generate_random_block) + (des_set_random_generator_seed, des_set_sequence_number): + New (emulated) functions from KfM. + + * read_passwd.c (des_rd_pwstr_2prompt): Renamed from + des_read_pw_string; also now only returns -1, errno, or 0. + (des_read_pw_string): New (emulated) function from KfM. + (des_read_password): Update API for KfM merge. + + * str_to_key.c (des_string_to_key): Update call to des_cbc_cksum. + (afs_string_to_key): New (emulated) function from KfM. + (des_crypt, des_fcrypt, des_set_key): New (emulated) functions + from KfM, presumed to be internal but exported by KfM anyway. + 2002-08-29 Ken Raeburn * Makefile.in: Revert $(S)=>/ change, for Windows support. diff --git a/src/lib/des425/cksum.c b/src/lib/des425/cksum.c index d2c3f058f..33b5322ac 100644 --- a/src/lib/des425/cksum.c +++ b/src/lib/des425/cksum.c @@ -55,13 +55,14 @@ * multiple of eight bytes. */ -void KRB5_CALLCONV +unsigned long KRB5_CALLCONV des_cbc_cksum(in,out,length,key,iv) - const krb5_octet *in; /* >= length bytes of inputtext */ - krb5_octet *out; /* >= length bytes of outputtext */ + const des_cblock *in; /* >= length bytes of inputtext */ + des_cblock *out; /* >= length bytes of outputtext */ register unsigned long length; /* in bytes */ const mit_des_key_schedule key; /* precomputed key schedule */ - const krb5_octet *iv; /* 8 bytes of ivec */ + const des_cblock *iv; /* 8 bytes of ivec */ { - mit_des_cbc_cksum(in, out, length, key, iv); + return mit_des_cbc_cksum((const krb5_octet *)in, (krb5_octet *)out, + length, key, (krb5_octet *)iv); } diff --git a/src/lib/des425/des.c b/src/lib/des425/des.c index e8132a7a3..df636d238 100644 --- a/src/lib/des425/des.c +++ b/src/lib/des425/des.c @@ -31,14 +31,25 @@ int KRB5_CALLCONV des_ecb_encrypt(clear, cipher, schedule, enc) - unsigned long *clear; - unsigned long *cipher; + des_cblock *clear; + des_cblock *cipher; const mit_des_key_schedule schedule; int enc; /* 0 ==> decrypt, else encrypt */ { static const des_cblock iv; - return (mit_des_cbc_encrypt((const des_cblock *) clear, - (des_cblock *) cipher, + return (mit_des_cbc_encrypt((const des_cblock *)clear, cipher, 8, schedule, iv, enc)); } + +#if TARGET_OS_MAC +void +des_3ecb_encrypt(des_cblock *clear, des_cblock *cipher, + des_key_schedule ks1, des_key_schedule ks2, + des_key_schedule ks3, int enc) +{ + static const des_cblock iv; + + mit_des3_cbc_encrypt((const des_cblock *)clear, cipher, 8, ks1, ks2, ks3, iv, enc); +} +#endif diff --git a/src/lib/des425/enc_dec.c b/src/lib/des425/enc_dec.c index f7e4ac80e..a25b744f6 100644 --- a/src/lib/des425/enc_dec.c +++ b/src/lib/des425/enc_dec.c @@ -32,15 +32,27 @@ int des_cbc_encrypt(in,out,length,key,iv,enc) - krb5_octet *in; /* >= length bytes of input text */ - krb5_octet *out; /* >= length bytes of output text */ + des_cblock *in; /* >= length bytes of input text */ + des_cblock *out; /* >= length bytes of output text */ register unsigned long length; /* in bytes */ const mit_des_key_schedule key; /* precomputed key schedule */ - const krb5_octet *iv; /* 8 bytes of ivec */ + const des_cblock *iv; /* 8 bytes of ivec */ int enc; /* 0 ==> decrypt, else encrypt */ { return (mit_des_cbc_encrypt((const des_cblock *) in, - (des_cblock *) out, - length, key, iv, enc)); + out, length, key, + (const unsigned char *)iv, /* YUCK! */ + enc)); } +#if TARGET_OS_MAC +void des_3cbc_encrypt(des_cblock *in, des_cblock *out, long length, + des_key_schedule ks1, des_key_schedule ks2, + des_key_schedule ks3, des_cblock *iv, int enc) +{ + mit_des3_cbc_encrypt((const des_cblock *)in, out, (unsigned long)length, + ks1, ks2, ks3, + (const unsigned char *)iv, /* YUCK! */ + enc); +} +#endif diff --git a/src/lib/des425/key_sched.c b/src/lib/des425/key_sched.c index 70f61ce5e..0034ff375 100644 --- a/src/lib/des425/key_sched.c +++ b/src/lib/des425/key_sched.c @@ -38,3 +38,10 @@ des_key_sched(k,schedule) { return (mit_des_key_sched(k, schedule)); } + +#if TARGET_OS_MAC +int make_key_sched(des_cblock *k, des_key_schedule schedule) +{ + return mit_des_key_sched((unsigned char *)k, schedule); /* YUCK! */ +} +#endif diff --git a/src/lib/des425/new_rnd_key.c b/src/lib/des425/new_rnd_key.c index 73dd8a243..1f50f9e59 100644 --- a/src/lib/des425/new_rnd_key.c +++ b/src/lib/des425/new_rnd_key.c @@ -54,6 +54,7 @@ #include "des_int.h" #include "des.h" +#include "k5-int.h" void des_init_random_number_generator(key) @@ -93,3 +94,27 @@ des_new_random_key(key) return 0; } + +#if TARGET_OS_MAC + +void des_generate_random_block(des_cblock block) +{ + krb5_data data; + + data.length = sizeof(des_cblock); + data.data = (char *)block; + if (krb5_c_random_make_octets(/* XXX */ 0, &data)) + abort(); /* XXX */ +} + +void des_set_random_generator_seed(des_cblock block) +{ + des_init_random_number_generator(block); /* XXX */ +} + +void des_set_sequence_number(des_cblock block) +{ + des_init_random_number_generator(block); /* XXX */ +} + +#endif diff --git a/src/lib/des425/read_passwd.c b/src/lib/des425/read_passwd.c index 2c77cfdb7..0a56f4822 100644 --- a/src/lib/des425/read_passwd.c +++ b/src/lib/des425/read_passwd.c @@ -45,7 +45,6 @@ static jmp_buf pwd_jump; static krb5_sigtype intr_routine (int); -krb5_error_code des_read_pw_string (char *, int, char *, char *); static krb5_sigtype intr_routine(signo) @@ -55,10 +54,13 @@ intr_routine(signo) /*NOTREACHED*/ } +/* This is re-declared here because des.h might not declare it. */ +int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int); +static int des_rd_pwstr_2prompt(char *, int, char *, char *); /*** Routines ****************************************************** */ -krb5_error_code -des_read_pw_string/*_v4_compat_crock*/(return_pwd, bufsize_in, prompt, prompt2) +static int +des_rd_pwstr_2prompt(return_pwd, bufsize_in, prompt, prompt2) char *return_pwd; int bufsize_in; char *prompt; @@ -68,7 +70,7 @@ des_read_pw_string/*_v4_compat_crock*/(return_pwd, bufsize_in, prompt, prompt2) register char *ptr; int scratchchar; krb5_sigtype (*volatile ointrfunc)(); - krb5_error_code errcode; + int errcode; size_t bufsize = bufsize_in; #ifndef ECHO_PASSWORD struct termios echo_control, save_control; @@ -88,7 +90,7 @@ des_read_pw_string/*_v4_compat_crock*/(return_pwd, bufsize_in, prompt, prompt2) #endif /* ECHO_PASSWORD */ if (setjmp(pwd_jump)) { - errcode = KRB5_LIBOS_PWDINTR; /* we were interrupted... */ + errcode = -1; /* we were interrupted... */ goto cleanup; } /* save intrfunc */ @@ -101,7 +103,7 @@ des_read_pw_string/*_v4_compat_crock*/(return_pwd, bufsize_in, prompt, prompt2) if (fgets(return_pwd, bufsize_in, stdin) == NULL) { (void) putchar('\n'); - errcode = KRB5_LIBOS_CANTREADPWD; + errcode = -1; goto cleanup; } (void) putchar('\n'); @@ -127,7 +129,7 @@ des_read_pw_string/*_v4_compat_crock*/(return_pwd, bufsize_in, prompt, prompt2) (void) memset((char *)readin_string, 0, bufsize); if (fgets((char *)readin_string, bufsize_in, stdin) == NULL) { (void) putchar('\n'); - errcode = KRB5_LIBOS_CANTREADPWD; + errcode = -1; goto cleanup; } (void) putchar('\n'); @@ -141,7 +143,7 @@ des_read_pw_string/*_v4_compat_crock*/(return_pwd, bufsize_in, prompt, prompt2) /* compare */ if (strncmp(return_pwd, (char *)readin_string, bufsize)) { - errcode = KRB5_LIBOS_BADPWDMATCH; + errcode = -1; goto cleanup; } } @@ -164,27 +166,39 @@ cleanup: return errcode; } -krb5_error_code -des_read_password/*_v4_compat_crock*/(k,prompt,verify) +int KRB5_CALLCONV +des_read_password(k,prompt,verify) mit_des_cblock *k; char *prompt; int verify; { - krb5_error_code ok; + int ok; char key_string[BUFSIZ]; + + ok = des_read_pw_string(key_string, sizeof(key_string), prompt, verify); + if (ok == 0) + des_string_to_key(key_string, *k); + + memset(key_string, 0, sizeof (key_string)); + return ok; +} + +int KRB5_CALLCONV +des_read_pw_string(s, max, prompt, verify) + char *s; + int max; + char *prompt; + int verify; +{ + int ok; char prompt2[BUFSIZ]; if (verify) { strcpy(prompt2, "Verifying, please re-enter "); strncat(prompt2, prompt, sizeof(prompt2)-(strlen(prompt2)+1)); + prompt2[sizeof(prompt2)-1] = '\0'; } - ok = des_read_pw_string(key_string, sizeof(key_string), - prompt, verify ? prompt2 : 0); - - if (ok == 0) - des_string_to_key(key_string, *k); - - memset(key_string, 0, sizeof (key_string)); + ok = des_rd_pwstr_2prompt(s, max, prompt, verify ? prompt2 : 0); return ok; } diff --git a/src/lib/des425/str_to_key.c b/src/lib/des425/str_to_key.c index 369b426ee..ccbf80621 100644 --- a/src/lib/des425/str_to_key.c +++ b/src/lib/des425/str_to_key.c @@ -129,8 +129,8 @@ des_string_to_key(str,key) /* Now one-way encrypt it with the folded key */ (void) des_key_sched(key, key_sked); - (void) des_cbc_cksum((const unsigned char *) in_str, key, length, - key_sked, key); + (void) des_cbc_cksum((const des_cblock *)in_str, (des_cblock *)key, + length, key_sked, (const des_cblock *)key); /* erase key_sked */ memset(key_sked, 0,sizeof(key_sked)); @@ -149,3 +149,43 @@ des_string_to_key(str,key) /* return an int, and ANSI compilers */ /* can do dumb things sometimes */ } + +#if TARGET_OS_MAC +char *mit_afs_crypt (const char *, const char *, const char *); + +void afs_string_to_key(char *str, char *cell, des_cblock key) +{ + krb5_data str_data; + krb5_data cell_data; + krb5_keyblock keyblock; + + str_data.data = str; + str_data.length = strlen(str); + cell_data.data = cell; + cell_data.length = strlen(cell); + keyblock.enctype = ENCTYPE_DES_CBC_CRC; + keyblock.length = sizeof(des_cblock); + keyblock.contents = key; + + mit_afs_string_to_key(&keyblock, &str_data, &cell_data); +} + +char *des_crypt(const char *str, const char *salt) +{ + char afs_buf[16]; + + return des_fcrypt(str, salt, afs_buf); +} + +char *des_fcrypt(const char *str, const char *salt, char *buf) +{ + return mit_afs_crypt(str, salt, buf); +} + +/* Is this correct? */ +int des_set_key(des_cblock *key, des_key_schedule schedule) +{ + return make_key_sched(key, schedule); +} + +#endif /* TARGET_OS_MAC */ -- 2.26.2