From c6456ae6f71b02f0570b7f25d951103c08de44d3 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Sat, 19 Sep 1998 02:32:21 +0000 Subject: [PATCH] merge of tlyu-3des-k4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10922 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/os/.Sanitize | 39 ---- src/lib/crypto/os/ChangeLog | 204 ----------------- src/lib/crypto/os/Makefile.in | 28 --- src/lib/crypto/os/c_localaddr.c | 348 ---------------------------- src/lib/crypto/os/c_ustime.c | 316 ------------------------- src/lib/crypto/os/rnd_confoun.c | 98 -------- src/lib/crypto/sha/.Sanitize | 42 ---- src/lib/crypto/sha/ChangeLog | 89 -------- src/lib/crypto/sha/Makefile.in | 43 ---- src/lib/crypto/sha/hmac_sha.c | 101 -------- src/lib/crypto/sha/sha_crypto.c | 76 ------- src/lib/crypto/sha/sha_glue.c | 97 -------- src/lib/crypto/sha/shs.c | 392 -------------------------------- src/lib/crypto/sha/shs.h | 59 ----- src/lib/crypto/sha/t_shs.c | 132 ----------- 15 files changed, 2064 deletions(-) delete mode 100644 src/lib/crypto/os/.Sanitize delete mode 100644 src/lib/crypto/os/ChangeLog delete mode 100644 src/lib/crypto/os/Makefile.in delete mode 100644 src/lib/crypto/os/c_localaddr.c delete mode 100644 src/lib/crypto/os/c_ustime.c delete mode 100644 src/lib/crypto/os/rnd_confoun.c delete mode 100644 src/lib/crypto/sha/.Sanitize delete mode 100644 src/lib/crypto/sha/ChangeLog delete mode 100644 src/lib/crypto/sha/Makefile.in delete mode 100644 src/lib/crypto/sha/hmac_sha.c delete mode 100644 src/lib/crypto/sha/sha_crypto.c delete mode 100644 src/lib/crypto/sha/sha_glue.c delete mode 100644 src/lib/crypto/sha/shs.c delete mode 100644 src/lib/crypto/sha/shs.h delete mode 100644 src/lib/crypto/sha/t_shs.c diff --git a/src/lib/crypto/os/.Sanitize b/src/lib/crypto/os/.Sanitize deleted file mode 100644 index 2e24ee69f..000000000 --- a/src/lib/crypto/os/.Sanitize +++ /dev/null @@ -1,39 +0,0 @@ -# Sanitize.in for Kerberos V5 - -# Each directory to survive it's way into a release will need a file -# like this one called "./.Sanitize". All keyword lines must exist, -# and must exist in the order specified by this file. Each directory -# in the tree will be processed, top down, in the following order. - -# Hash started lines like this one are comments and will be deleted -# before anything else is done. Blank lines will also be squashed -# out. - -# The lines between the "Do-first:" line and the "Things-to-keep:" -# line are executed as a /bin/sh shell script before anything else is -# done in this - -Do-first: - -# All files listed between the "Things-to-keep:" line and the -# "Files-to-sed:" line will be kept. All other files will be removed. -# Directories listed in this section will have their own Sanitize -# called. Directories not listed will be removed in their entirety -# with rm -rf. - -Things-to-keep: - -.cvsignore -ChangeLog -Makefile.in -configure -configure.in -c_localaddr.c -c_ustime.c -rnd_confoun.c - -Things-to-lose: - -Do-last: - -# End of file. diff --git a/src/lib/crypto/os/ChangeLog b/src/lib/crypto/os/ChangeLog deleted file mode 100644 index ebcb593a1..000000000 --- a/src/lib/crypto/os/ChangeLog +++ /dev/null @@ -1,204 +0,0 @@ -Wed Feb 18 16:08:30 1998 Tom Yu - - * Makefile.in: Remove trailing slash from thisconfigdir. Fix up - BUILDTOP for new conventions. - -Fri Feb 13 15:20:54 1998 Theodore Ts'o - - * Makefile.in (thisconfigdir), configure.in: Point the - configuration directory at our parent, and remove our - local configure.in - -Mon Feb 2 17:02:29 1998 Theodore Ts'o - - * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile - -Fri Nov 28 21:23:42 1997 Tom Yu - - * configure.in: Add AC_PROG_LN_S to deal with symlinking in - memmove.c. This is a kludge, as we really should have a more sane - way to deal with missing posix functions. - -Thu Sep 25 21:53:11 1997 Tom Yu - - * c_localaddr.c: Replace KRB5_USE_INET with something more sane. - -Tue Aug 12 09:09:14 1997 Ezra Peisach - - * Makefile.in (SRCS): Add $(srcdir) as needed. - -Fri Jul 4 00:13:02 1997 Theodore Y. Ts'o - - * c_localaddr.c (local_addr_fallback_kludge): Added Winsock - kludge for finding your local IP address. May not work - for all stacks, so we use it as a fallback. - -Sat Feb 22 18:54:53 1997 Richard Basch - - * Makefile.in: Use some of the new library list build rules in - win-post.in - -Mon Feb 17 17:24:41 1997 Richard Basch - - * c_ustime.c: Fixed microsecond adjustment code (win32) - -Thu Nov 21 00:58:04 EST 1996 Richard Basch - - * Makefile.in: Win32 build - - * c_ustime.c: The Win32 time calculation is different from DOS' - so the DOS version shouldn't be trying to use the same - part of the ifdef. - - * rnd_confoun.c: Fix function declaration (win32) - -Sun Dec 29 21:54:42 1996 Tom Yu - - * Makefile.in: - * configure.in: Update to use new library building procedure. - -Wed Jun 12 00:12:52 1996 Theodore Ts'o - - * c_ustime.c: Fix WIN32 to be _WIN32 - - * c_localaddr.c: Add #ifdef _WIN32 in places where we had #ifdef _MSDOS - - -Sat Feb 24 00:34:15 1996 Theodore Y. Ts'o - - * c_ustime.c (krb5_crypto_us_timeofday): Add Windows 95/NT time - function. (Does this time function work under Windows? - We'll find out....) - -Thu Feb 15 10:57:27 1996 Ezra Peisach - - * c_localaddr.c: Set magic number in krb5_address. - -Fri Oct 6 22:00:48 1995 Theodore Y. Ts'o - - * Makefile.in: Remove ##DOS!include of config/windows.in. - config/windows.in is now included by wconfig. - -Mon Sep 25 16:49:15 1995 Theodore Y. Ts'o - - * Makefile.in: Removed "foo:: foo-$(WHAT)" lines from the - Makefile. - -Fri Sep 22 12:00:00 1995 James Mattly - - * c_localaddr.c: change close on a socket to closesocket, sockets on - macintosh arn't files - -Wed Sep 13 10:33:53 1995 Keith Vetter (keithv@fusion.com) - - * Makefile.in: PC builds all C files because of function name changes. - * c_localtime.c, c_ustime.c: removed INTERFACE keyword. - -Wed Sep 13 17:32:36 1995 Theodore Y. Ts'o - - * c_localaddr.c (krb5_crypto_os_localaddr): Clear the buffer - before calling the SIOCGIFCONF ioctl. This makes purify - happy. - -Thu Sep 7 12:00:00 1995 James Mattly - - * Renamed ustime.c to c_ustime.c - * Renamed localaddr.c to c_localaddr.c because Mac can't have - two files with the same name. - * Makefile.in, .Sanitize updated for the above change. - -Thu Aug 24 18:40:48 1995 Theodore Y. Ts'o - - * .Sanitize: Update file list - -Sat Jul 29 03:17:21 1995 Tom Yu - - * localaddr.c (krb5_crypto_os_localaddr): Don't bash the return - from SIOCGIFCONF with the output of a SIOCGIFFLAGS. Duh. - -Wed Jul 19 17:17:54 1995 Tom Yu - - * localaddr.c: also add definition of max if it's not there. - - * localaddr.c: fix definition of ifreq_size so it actually works - -Mon Jul 17 16:04:00 1995 Sam Hartman - - * localaddr.c (krb5_crypto_os_localaddr): Deal with variable sized - ifreq structures if sockaddr contains sa_len field. - - * configure.in: Check to see if struct sockaddr has sa_len. - -Thu Jul 6 17:13:11 1995 Tom Yu - - * localaddr.c: migrated from lib/krb5/os - - * ustime.c: migrated from lib/krb5/os; removed context variable - from arglist. - - * Makefile.in: don't copy or remove localaddr.c and ustime.c; - they're local now. - -Fri Jun 9 19:18:41 1995 - - * configure.in: Remove standardized set of autoconf macros, which - are now handled by CONFIG_RULES. - -Thu May 25 22:16:35 1995 Theodore Y. Ts'o (tytso@dcl) - - * configure.in, Makefile.in: Add support for shared libraries. - -Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com) - - * *.[ch]: removed unneeded INTERFACE from non-api functions. - -Sat Mar 25 15:38:23 1995 Mark Eichin - - * Makefile.in (memmove.c): memmove.c is in krb5/posix, not krb5/os. - -Wed Mar 22 11:44:07 1995 - - * Makefile.in: Use $(SRCTOP) instead of $(srcdir), since Mac's - don't like dealing with $(U)$(U). - -Fri Mar 17 16:21:46 1995 Theodore Y. Ts'o (tytso@dcl) - - * Makefile.in: Fix rules for localdr.c, ustime.c, and memmove.c so - that they reference $(srcdir) where appropriate. - -Thu Mar 16 21:24:43 1995 John Gilmore (gnu at toad.com) - - * Makefile.in (LDFLAGS): Eliminate, comes in from pre.in. - (all-mac): Add. - (localaddr.c, ustime.c, memmove.c): Fix paths to work on Mac. - -Tue Mar 14 17:23:02 1995 Keith Vetter (keithv@fusion.com) - - * Makefile.in: no longer need to bring in ustime and localaddr for - windows since everything's going into one DLL in the end. - -Thu Mar 2 17:56:48 1995 Keith Vetter (keithv@fusion.com) - - * Makefile.in: changed LIBNAME for the PC, and brought in ustime - and localaddr from the krb/os directory. - * rnd_conf.c: added cast to the seed assignment. - -Mon Feb 20 16:25:36 1995 Keith Vetter (keithv@fusion.com) - - * Makfile.in: made to work for the PC - * rnd_confoun.c: added windows INTERFACE keyword - -Wed Jan 25 20:24:35 1995 John Gilmore (gnu at toad.com) - - * rnd_confoun.c: Replace <.../...> includes with "..."s. - -Mon Oct 24 14:58:14 1994 (tytso@rsx-11) - - * configure.in: - * rnd_confoun.c (krb5_random_confounder): Use the srand48/lrand48 - functions if available. - -Fri Oct 14 00:21:05 1994 Theodore Y. Ts'o (tytso@dcl) - - * Makefile.in: Remove symlinked files on make clean. - diff --git a/src/lib/crypto/os/Makefile.in b/src/lib/crypto/os/Makefile.in deleted file mode 100644 index d4c5f4141..000000000 --- a/src/lib/crypto/os/Makefile.in +++ /dev/null @@ -1,28 +0,0 @@ -thisconfigdir=./.. -BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U) -CFLAGS = $(CCOPTS) $(DEFS) - -##DOS##BUILDTOP = ..\..\.. -##DOS##PREFIXDIR=os -##DOS##OBJFILE=..\os.lst -##WIN16##LIBNAME=..\crypto.lib - -STLIBOBJS = rnd_confoun.o c_localaddr.o c_ustime.o @LIBOBJS@ - -COBJS= rnd_confoun.$(OBJEXT) c_localaddr.$(OBJEXT) c_ustime.$(OBJEXT) -OBJS= $(COBJS) $(LIBOBJS) - -SRCS= $(srcdir)/rnd_confoun.c $(srcdir)/c_localaddr.c $(srcdir)/c_ustime.c - -##DOS##LIBOBJS = $(COBJS) - -all-unix:: all-libobjs - -memmove.c: $(SRCTOP)$(S)lib$(S)krb5$(S)posix$(S)memmove.c - -$(LN) $(SRCTOP)$(S)lib$(S)krb5$(S)posix$(S)memmove.c $@ - -memmove.o: memmove.c - -clean-unix:: clean-libobjs -clean:: - $(RM) memmove.c diff --git a/src/lib/crypto/os/c_localaddr.c b/src/lib/crypto/os/c_localaddr.c deleted file mode 100644 index 3b3bcb474..000000000 --- a/src/lib/crypto/os/c_localaddr.c +++ /dev/null @@ -1,348 +0,0 @@ -/* - * lib/crypto/os/c_localaddr.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Return the protocol addresses supported by this host. - * - * XNS support is untested, but "Should just work". - */ - - -#define NEED_SOCKETS -#include "k5-int.h" - -#if !defined(HAVE_MACSOCK_H) && !defined(_MSDOS) && !defined(_WIN32) - -/* needed for solaris, harmless elsewhere... */ -#define BSD_COMP -#include -#include -#include - -/* - * The SIOCGIF* ioctls require a socket. - * It doesn't matter *what* kind of socket they use, but it has to be - * a socket. - * - * Of course, you can't just ask the kernel for a socket of arbitrary - * type; you have to ask for one with a valid type. - * - */ -#ifdef HAVE_NETINET_IN_H - -#include - -#ifndef USE_AF -#define USE_AF AF_INET -#define USE_TYPE SOCK_DGRAM -#define USE_PROTO 0 -#endif - -#endif - -#ifdef KRB5_USE_NS - -#include - -#ifndef USE_AF -#define USE_AF AF_NS -#define USE_TYPE SOCK_DGRAM -#define USE_PROTO 0 /* guess */ -#endif - -#endif -/* - * Add more address families here. - */ - -/* - * BSD 4.4 defines the size of an ifreq to be - * max(sizeof(ifreq), sizeof(ifreq.ifr_name)+ifreq.ifr_addr.sa_len - * However, under earlier systems, sa_len isn't present, so the size is - * just sizeof(struct ifreq) - */ -#ifdef HAVE_SA_LEN -#ifndef max -#define max(a,b) ((a) > (b) ? (a) : (b)) -#endif -#define ifreq_size(i) max(sizeof(struct ifreq),\ - sizeof((i).ifr_name)+(i).ifr_addr.sa_len) -#else -#define ifreq_size(i) sizeof(struct ifreq) -#endif /* HAVE_SA_LEN*/ - - - -extern int errno; - -/* - * Return all the protocol addresses of this host. - * - * We could kludge up something to return all addresses, assuming that - * they're valid kerberos protocol addresses, but we wouldn't know the - * real size of the sockaddr or know which part of it was actually the - * host part. - * - * This uses the SIOCGIFCONF, SIOCGIFFLAGS, and SIOCGIFADDR ioctl's. - */ - -krb5_error_code -krb5_crypto_os_localaddr(addr) - krb5_address ***addr; -{ - struct ifreq *ifr, ifreq; - struct ifconf ifc; - int s, code, n, i; - char buf[1024]; - krb5_address *addr_temp [ 1024/sizeof(struct ifreq) ]; - int n_found; - int mem_err = 0; - - memset(buf, 0, sizeof(buf)); - ifc.ifc_len = sizeof(buf); - ifc.ifc_buf = buf; - - s = socket (USE_AF, USE_TYPE, USE_PROTO); - if (s < 0) - return errno; - - code = ioctl (s, SIOCGIFCONF, (char *)&ifc); - if (code < 0) { - int retval = errno; - closesocket (s); - return retval; - } - n = ifc.ifc_len; - -n_found = 0; - for (i = 0; i < n; i+= ifreq_size(*ifr) ) { - krb5_address *address; - ifr = (struct ifreq *)((caddr_t) ifc.ifc_buf+i); - - strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof (ifreq.ifr_name)); - if (ioctl (s, SIOCGIFFLAGS, (char *)&ifreq) < 0) - continue; - -#ifdef IFF_LOOPBACK - if (ifreq.ifr_flags & IFF_LOOPBACK) - continue; -#endif - - if (!(ifreq.ifr_flags & IFF_UP)) - /* interface is down; skip */ - continue; - - /* ifr->ifr_addr has what we want! */ - switch (ifr->ifr_addr.sa_family) { -#ifdef HAVE_NETINET_IN_H - case AF_INET: - { - struct sockaddr_in *in = - (struct sockaddr_in *)&ifr->ifr_addr; - - address = (krb5_address *) - malloc (sizeof(krb5_address)); - if (address) { - address->magic = KV5M_ADDRESS; - address->addrtype = ADDRTYPE_INET; - address->length = sizeof(struct in_addr); - address->contents = (unsigned char *)malloc(address->length); - if (!address->contents) { - krb5_xfree(address); - address = 0; - mem_err++; - } else { - memcpy ((char *)address->contents, - (char *)&in->sin_addr, - address->length); - break; - } - } else mem_err++; - } -#endif -#ifdef KRB5_USE_NS - case AF_XNS: - { - struct sockaddr_ns *ns = - (struct sockaddr_ns *)&ifr->ifr_addr; - address = (krb5_address *) - malloc (sizeof (krb5_address) + sizeof (struct ns_addr)); - if (address) { - address->magic = KV5M_ADDRESS; - address->addrtype = ADDRTYPE_XNS; - - /* XXX should we perhaps use ns_host instead? */ - - address->length = sizeof(struct ns_addr); - address->contents = (unsigned char *)malloc(address->length); - if (!address->contents) { - krb5_xfree(address); - address = 0; - mem_err++; - } else { - memcpy ((char *)address->contents, - (char *)&ns->sns_addr, - address->length); - break; - } - } else mem_err++; - break; - } -#endif - /* - * Add more address families here.. - */ - default: - continue; - } - if (address) - addr_temp[n_found++] = address; - address = 0; - } - closesocket(s); - - *addr = (krb5_address **)malloc (sizeof (krb5_address *) * (n_found+1)); - if (*addr == 0) - mem_err++; - - if (mem_err) { - for (i=0; imagic = KV5M_ADDRESS; - (*addr)[0]->addrtype = hostrec->h_addrtype; - (*addr)[0]->length = hostrec->h_length; - (*addr)[0]->contents = (unsigned char *)malloc((*addr)[0]->length); - if (!(*addr)[0]->contents) { - free((*addr)[0]); - free(*addr); - return ENOMEM; - } else { - memcpy ((*addr)[0]->contents, - hostrec->h_addr, - (*addr)[0]->length); - } - /* FIXME, deal with the case where gethostent returns multiple addrs */ - - return(0); -} -#endif diff --git a/src/lib/crypto/os/c_ustime.c b/src/lib/crypto/os/c_ustime.c deleted file mode 100644 index e790acc95..000000000 --- a/src/lib/crypto/os/c_ustime.c +++ /dev/null @@ -1,316 +0,0 @@ -/* - * lib/crypto/os/c_ustime.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb5_mstimeofday for BSD 4.3 - */ - -#define NEED_SOCKETS -#include "k5-int.h" - -#ifdef macintosh - -/* We're a Macintosh -- do Mac time things. */ - -/* - * This code is derived from kerberos/src/lib/des/mac_time.c from - * the Cygnus Support release of Kerberos V4: - * - * mac_time.c - * (Originally time_stuff.c) - * Copyright 1989 by the Massachusetts Institute of Technology. - * Macintosh ooperating system interface for Kerberos. - */ - -#include "AddressXlation.h" /* for ip_addr, for #if 0'd net-time stuff */ - -#include /* Defines MachineLocation, used by getTimeZoneOffset */ -#include /* Defines BitTst(), called by getTimeZoneOffset() */ -#include /* Defines GetDateTime */ - -/* Mac Cincludes */ -#include -#include - -static krb5_int32 last_sec = 0, last_usec = 0; - -/* - * The Unix epoch is 1/1/70, the Mac epoch is 1/1/04. - * - * 70 - 4 = 66 year differential - * - * Thus the offset is: - * - * (66 yrs) * (365 days/yr) * (24 hours/day) * (60 mins/hour) * (60 secs/min) - * plus - * (17 leap days) * (24 hours/day) * (60 mins/hour) * (60 secs/min) - * - * Don't forget the offset from GMT. - */ - -/* returns the offset in hours between the mac local time and the GMT */ -/* unsigned krb5_int32 */ -krb5_int32 -getTimeZoneOffset() -{ - MachineLocation macLocation; - long gmtDelta; - - macLocation.u.gmtDelta=0L; - ReadLocation(&macLocation); - gmtDelta=macLocation.u.gmtDelta & 0x00FFFFFF; - if (BitTst((void *)&gmtDelta,23L)) - gmtDelta |= 0xFF000000; - gmtDelta /= 3600L; - return(gmtDelta); -} - -/* Returns the GMT in seconds (and fake microseconds) using the Unix epoch */ - -krb5_error_code -krb5_crypto_us_timeofday(seconds, microseconds) - krb5_int32 *seconds, *microseconds; -{ - krb5_int32 sec, usec; - time_t the_time; - - GetDateTime (&the_time); - - sec = the_time - - ((66 * 365 * 24 * 60 * 60) + (17 * 24 * 60 * 60) + - (getTimeZoneOffset() * 60 * 60)); - - usec = 0; /* Mac is too slow to count faster than once a second */ - - if ((sec == last_sec) && (usec == last_usec)) { - if (++last_usec >= 1000000) { - last_usec = 0; - last_sec++; - } - sec = last_sec; - usec = last_usec; - } - else { - last_sec = sec; - last_usec = usec; - } - - *seconds = sec; - *microseconds = usec; - - return 0; -} - - -#elif defined(_WIN32) - - /* Microsoft Windows NT and 95 (32bit) */ - /* This one works for WOW (Windows on Windows, ntvdm on Win-NT) */ - -#include -#include -#include - -krb5_error_code -krb5_crypto_us_timeofday(seconds, microseconds) -register krb5_int32 *seconds, *microseconds; -{ - struct _timeb timeptr; - krb5_int32 sec, usec; - static krb5_int32 last_sec = 0; - static krb5_int32 last_usec = 0; - - _ftime(&timeptr); /* Get the current time */ - sec = timeptr.time; - usec = timeptr.millitm * 1000; - - if ((sec == last_sec) && (usec <= last_usec)) { /* Same as last time??? */ - usec = ++last_usec; - if (usec >= 1000000) { - ++sec; - usec = 0; - } - } - last_sec = sec; /* Remember for next time */ - last_usec = usec; - - *seconds = sec; /* Return the values */ - *microseconds = usec; - - return 0; -} - -#elif defined (_MSDOS) - - -/* - * Originally written by John Gilmore, Cygnus Support, May '94. - * Public Domain. - */ - -#include -#include -#include -#include - -/* - * Time handling. Translate Unix time calls into Kerberos internal - * procedure calls. - * - * Due to the fact that DOS time can be unreliable we have reverted - * to using the AT hardware clock and converting it to Unix time. - */ - -static time_t win_gettime (); -static long win_time_get_epoch(); /* Adjust for MSC 7.00 bug */ - -krb5_error_code -krb5_crypto_us_timeofday(seconds, microseconds) -register krb5_int32 *seconds, *microseconds; -{ - krb5_int32 sec, usec; - static krb5_int32 last_sec = 0; - static krb5_int32 last_usec = 0; - - sec = win_gettime (); /* Get the current time */ - usec = 0; /* Can't do microseconds */ - - if (sec == last_sec) { /* Same as last time??? */ - usec = ++last_usec; /* Yep, so do microseconds */ - if (usec >= 1000000) { - ++sec; - usec = 0; - } - } - last_sec = sec; /* Remember for next time */ - last_usec = usec; - - *seconds = sec; /* Return the values */ - *microseconds = usec; - - return 0; -} - - -static time_t -win_gettime () { - struct tm tm; - union _REGS inregs; /* For calling BIOS */ - union _REGS outregs; - struct _timeb now; - time_t time; - long convert; /* MSC 7.00 bug work around */ - - _ftime(&now); /* Daylight savings time */ - - /* Get time from AT hardware clock INT 0x1A, AH=2 */ - memset(&inregs, 0, sizeof(inregs)); - inregs.h.ah = 2; - _int86(0x1a, &inregs, &outregs); - - /* 0x13 = decimal 13, hence the decoding below */ - tm.tm_sec = 10 * ((outregs.h.dh & 0xF0) >> 4) + (outregs.h.dh & 0x0F); - tm.tm_min = 10 * ((outregs.h.cl & 0xF0) >> 4) + (outregs.h.cl & 0x0F); - tm.tm_hour = 10 * ((outregs.h.ch & 0xF0) >> 4) + (outregs.h.ch & 0x0F); - - /* Get date from AT hardware clock INT 0x1A, AH=4 */ - memset(&inregs, 0, sizeof(inregs)); - inregs.h.ah = 4; - _int86(0x1a, &inregs, &outregs); - - tm.tm_mday = 10 * ((outregs.h.dl & 0xF0) >> 4) + (outregs.h.dl & 0x0F); - tm.tm_mon = 10 * ((outregs.h.dh & 0xF0) >> 4) + (outregs.h.dh & 0x0F) - 1; - tm.tm_year = 10 * ((outregs.h.cl & 0xF0) >> 4) + (outregs.h.cl & 0x0F); - tm.tm_year += 100 * ((10 * (outregs.h.ch & 0xF0) >> 4) - + (outregs.h.ch & 0x0F) - 19); - - tm.tm_wday = 0; - tm.tm_yday = 0; - tm.tm_isdst = now.dstflag; - - time = mktime(&tm); - - convert = win_time_get_epoch(); - return time + convert; - -} - - -/* - * This routine figures out the current time epoch and returns the - * conversion factor. It exists because - * Microloss screwed the pooch on the time() and _ftime() calls in - * its release 7.0 libraries. They changed the epoch to Dec 31, 1899! - * Idiots... We try to cope. - */ - -static struct tm jan_1_70 = {0, 0, 0, 1, 0, 70}; -static long epoch = 0; -static int epoch_set = 0; - -long -win_time_get_epoch() -{ - - if (!epoch_set) { - epoch = 0 - mktime (&jan_1_70); /* Seconds til 1970 localtime */ - epoch += _timezone; /* Seconds til 1970 GMT */ - epoch_set = 1; - } - return epoch; -} - - -#else - - -/* We're a Unix machine -- do Unix time things. */ - -extern int errno; - -static struct timeval last_tv = {0, 0}; - -krb5_error_code -krb5_crypto_us_timeofday(seconds, microseconds) - register krb5_int32 *seconds, *microseconds; -{ - struct timeval tv; - - if (gettimeofday(&tv, (struct timezone *)0) == -1) { - /* failed, return errno */ - return (krb5_error_code) errno; - } - if ((tv.tv_sec == last_tv.tv_sec) && (tv.tv_usec == last_tv.tv_usec)) { - if (++last_tv.tv_usec >= 1000000) { - last_tv.tv_usec = 0; - last_tv.tv_sec++; - } - tv = last_tv; - } else - last_tv = tv; - - *seconds = tv.tv_sec; - *microseconds = tv.tv_usec; - return 0; -} - -#endif diff --git a/src/lib/crypto/os/rnd_confoun.c b/src/lib/crypto/os/rnd_confoun.c deleted file mode 100644 index e904cb5c7..000000000 --- a/src/lib/crypto/os/rnd_confoun.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - * lib/crypto/os/rnd_confoun.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb5_random_confounder() - */ - -#include "k5-int.h" - -#ifdef HAVE_SYS_TIME_H -#include -#ifdef TIME_WITH_SYS_TIME -#include -#endif -#else -#include -#endif - -#ifdef HAVE_SRAND48 -#define SRAND srand48 -#define RAND lrand48 -#define RAND_TYPE long -#endif - -#if !defined(RAND_TYPE) && defined(HAVE_SRAND) -#define SRAND srand -#define RAND rand -#define RAND_TYPE int -#endif - -#if !defined(RAND_TYPE) && defined(HAVE_SRANDOM) -#define SRAND srandom -#define RAND random -#define RAND_TYPE long -#endif - -#if !defined(RAND_TYPE) -You need a random number generator! -#endif - -/* - * Generate a random confounder - */ -KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_random_confounder(size, fillin) -size_t size; -krb5_pointer fillin; -{ - static int seeded = 0; - register krb5_octet *real_fill; - RAND_TYPE rval; - - if (!seeded) { - /* time() defined in 4.12.2.4, but returns a time_t, which is an - "arithmetic type" (4.12.1) */ - rval = (RAND_TYPE) time(0); - SRAND(rval); -#ifdef HAVE_GETPID - rval = RAND(); - rval ^= getpid(); - SRAND(rval); -#endif - seeded = 1; - } - - real_fill = (krb5_octet *)fillin; - while (size > 0) { - rval = RAND(); - *real_fill = rval & 0xff; - real_fill++; - size--; - if (size) { - *real_fill = (rval >> 8) & 0xff; - real_fill++; - size--; - } - } - return 0; -} diff --git a/src/lib/crypto/sha/.Sanitize b/src/lib/crypto/sha/.Sanitize deleted file mode 100644 index 886bb2b0a..000000000 --- a/src/lib/crypto/sha/.Sanitize +++ /dev/null @@ -1,42 +0,0 @@ -# Sanitize.in for Kerberos V5 - -# Each directory to survive it's way into a release will need a file -# like this one called "./.Sanitize". All keyword lines must exist, -# and must exist in the order specified by this file. Each directory -# in the tree will be processed, top down, in the following order. - -# Hash started lines like this one are comments and will be deleted -# before anything else is done. Blank lines will also be squashed -# out. - -# The lines between the "Do-first:" line and the "Things-to-keep:" -# line are executed as a /bin/sh shell script before anything else is -# done in this - -Do-first: - -# All files listed between the "Things-to-keep:" line and the -# "Files-to-sed:" line will be kept. All other files will be removed. -# Directories listed in this section will have their own Sanitize -# called. Directories not listed will be removed in their entirety -# with rm -rf. - -Things-to-keep: - -.cvsignore -ChangeLog -Makefile.in -configure -configure.in -sha_crypto.c -sha_glue.c -shs.c -shs.h -hmac_sha.c -t_shs.c - -Things-to-lose: - -Do-last: - -# End of file. diff --git a/src/lib/crypto/sha/ChangeLog b/src/lib/crypto/sha/ChangeLog deleted file mode 100644 index 19abbbf6e..000000000 --- a/src/lib/crypto/sha/ChangeLog +++ /dev/null @@ -1,89 +0,0 @@ -Wed Feb 18 16:09:05 1998 Tom Yu - - * Makefile.in: Remove trailing slash from thisconfigdir. Fix up - BUILDTOP for new conventions. - -Fri Feb 13 15:20:54 1998 Theodore Ts'o - - * Makefile.in (thisconfigdir), configure.in: Point the - configuration directory at our parent, and remove our - local configure.in - -Mon Feb 2 17:02:29 1998 Theodore Ts'o - - * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile - -Tue Oct 28 16:37:18 1997 Tom Yu - - * shs.c, sha_glue.c, hmac_sha.c: Fix to deal with LONG wider than - 32 bits. - - * t_shs.c: Print out the actual and expected values on error. - -Sat Feb 22 18:52:09 1997 Richard Basch - - * Makefile.in: Use some of the new library list build rules in - win-post.in - -Thu Jan 30 21:31:39 1997 Richard Basch - - * sha_crypto.c sha_glue.c: - Declare the functions to take const args where possible - Remove extra includes - - * sha_crypto.c: Function prototypes did not match function names. - -Thu Nov 21 00:58:04 EST 1996 Richard Basch - - * Makefile.in: Win32 build fixed - -Sun Dec 29 21:56:35 1996 Tom Yu - - * Makefile.in: - * configure.in: Update to use new library build procedure. - -Wed Aug 28 17:40:53 1996 Theodore Ts'o - - * shs.c: Only include sys/types.h if present. - - * configure.in: Check for sys/types.h - -Thu Jun 13 10:54:27 1996 Ezra Peisach - - * hmac_sha.c: Include string.h for memcpy prototype - -Sat Jun 8 07:44:35 1996 Ezra Peisach (epeisach@mit.edu) - - * shs.c (longReverse): Test for big vs little endian failed for - little endian machines. - -Thu Jun 6 15:43:26 1996 Theodore Y. Ts'o - - * shs.c (longReverse): Don't use htonl(); it doesn't exist under - Windows. Instead do the test by casting a pointer to an - integer to a char *. - -Mon May 20 17:15:32 1996 Theodore Y. Ts'o - - * t_shs.c (main): Don't do timing tests; it takes too long! - -Tue May 14 17:09:36 1996 Richard Basch - - * .Sanitize: reflect current files - * Makefile.in: added hmac-sha - * hmac_sha.c: implement HMAC-SHA - * sha_crypto.c: use hmac-sha - * sha_glue.c: sanity check the passed in checksum length - * shs.h: replaced sha-des3 with hmac-sha - -Fri May 10 11:19:53 1996 Ezra Peisach - - * shs.c (longReverse): Remove extraneous \. - (expand): Start #define in first column. - -Fri May 10 01:19:18 1996 Richard Basch - - * Makefile.in configure.in t_shs.c sha_glue.c sha_crypto.c shs.c shs.h: - Initial check-in of the functions to support the NIST FIPS 180 - SHA algorithm. Provide interfaces for cksum-sha, cksum-sha-des3. - (enctype-des3-sha is also being defined) diff --git a/src/lib/crypto/sha/Makefile.in b/src/lib/crypto/sha/Makefile.in deleted file mode 100644 index 058ac0db0..000000000 --- a/src/lib/crypto/sha/Makefile.in +++ /dev/null @@ -1,43 +0,0 @@ -thisconfigdir=./.. -BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U) -CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)/../des - -##DOS##BUILDTOP = ..\..\.. -##DOS##PREFIXDIR=sha -##DOS##OBJFILE=..\sha.lst -##WIN16##LIBNAME=..\crypto.lib - -STLIBOBJS=shs.o hmac_sha.o sha_crypto.o sha_glue.o - -OBJS= shs.$(OBJEXT) \ - hmac_sha.$(OBJEXT) \ - sha_crypto.$(OBJEXT) \ - sha_glue.$(OBJEXT) - -SRCS= $(srcdir)/shs.c \ - $(srcdir)/hmac_sha.c \ - $(srcdir)/sha_crypto.c \ - $(srcdir)/sha_glue.c - - -##DOS##LIBOBJS = $(OBJS) - - -all-unix:: all-libobjs - -t_shs: t_shs.o shs.o - $(CC) $(CFLAGS) $(LDFLAGS) -o t_shs t_shs.o shs.o - -t_shs.exe: - $(CC) $(CFLAGS2) -o t_shs.exe t_shs.c shs.c - -check-unix:: t_shs - $(C)t_shs -x - -check-windows:: t_shs$(EXEEXT) - $(C)t_shs$(EXEEXT) -x - -clean:: - $(RM) t_shs$(EXEEXT) t_shs.$(OBJEXT) - -clean-unix:: clean-libobjs diff --git a/src/lib/crypto/sha/hmac_sha.c b/src/lib/crypto/sha/hmac_sha.c deleted file mode 100644 index d57092e69..000000000 --- a/src/lib/crypto/sha/hmac_sha.c +++ /dev/null @@ -1,101 +0,0 @@ -#include -#include "shs.h" - -#define PAD_SZ 64 - - -krb5_error_code -hmac_sha(text, text_len, key, key_len, digest) - krb5_octet * text; /* pointer to data stream */ - int text_len; /* length of data stream */ - krb5_octet * key; /* pointer to authentication key */ - int key_len; /* length of authentication key */ - krb5_octet * digest; /* caller digest to be filled in */ -{ - SHS_INFO context; - krb5_octet k_ipad[PAD_SZ]; /* inner padding - key XORd with ipad */ - krb5_octet k_opad[PAD_SZ]; /* outer padding - key XORd with opad */ - int i; - krb5_octet *cp; - LONG *lp; - - /* sanity check parameters */ - if (!text || !key || !digest) - /* most heinous, probably should log something */ - return EINVAL; - - /* if key is longer than 64 bytes reset it to key=SHA(key) */ - if (key_len > sizeof(k_ipad)) { - shsInit(&context); - shsUpdate(&context, key, key_len); - shsFinal(&context); - - cp = digest; - lp = context.digest; - while (cp < digest + SHS_DIGESTSIZE) { - *cp++ = (*lp >> 24) & 0xff; - *cp++ = (*lp >> 16) & 0xff; - *cp++ = (*lp >> 8) & 0xff; - *cp++ = *lp++ & 0xff; - } - key = digest; - key_len = SHS_DIGESTSIZE; - } - - /* - * the HMAC_SHA transform looks like: - * - * SHA(K XOR opad, SHA(K XOR ipad, text)) - * - * where K is an n byte key - * ipad is the byte 0x36 repeated 64 times - * opad is the byte 0x5c repeated 64 times - * and text is the data being protected - */ - - /* start out by storing key in pads */ - memset(k_ipad, 0x36, sizeof(k_ipad)); - memset(k_opad, 0x5c, sizeof(k_opad)); - - /* XOR key with ipad and opad values */ - for (i = 0; i < key_len; i++) { - k_ipad[i] ^= key[i]; - k_opad[i] ^= key[i]; - } - - /* - * perform inner SHA - */ - shsInit(&context); - shsUpdate(&context, k_ipad, sizeof(k_ipad)); - shsUpdate(&context, text, text_len); - shsFinal(&context); - - cp = digest; - lp = context.digest; - while (cp < digest + SHS_DIGESTSIZE) { - *cp++ = (*lp >> 24) & 0xff; - *cp++ = (*lp >> 16) & 0xff; - *cp++ = (*lp >> 8) & 0xff; - *cp++ = *lp++ & 0xff; - } - - /* - * perform outer SHA - */ - shsInit(&context); - shsUpdate(&context, k_opad, sizeof(k_opad)); - shsUpdate(&context, digest, SHS_DIGESTSIZE); - shsFinal(&context); - - cp = digest; - lp = context.digest; - while (cp < digest + SHS_DIGESTSIZE) { - *cp++ = (*lp >> 24) & 0xff; - *cp++ = (*lp >> 16) & 0xff; - *cp++ = (*lp >> 8) & 0xff; - *cp++ = *lp++ & 0xff; - } - - return 0; -} diff --git a/src/lib/crypto/sha/sha_crypto.c b/src/lib/crypto/sha/sha_crypto.c deleted file mode 100644 index b539b1199..000000000 --- a/src/lib/crypto/sha/sha_crypto.c +++ /dev/null @@ -1,76 +0,0 @@ -#include "shs.h" - -/* Windows needs to these prototypes for the assignment below */ - -static krb5_error_code -krb5_sha_crypto_sum_func - PROTOTYPE((krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length, - krb5_checksum FAR *outcksum)); - -static krb5_error_code -krb5_sha_crypto_verify_func - PROTOTYPE((krb5_const krb5_checksum FAR *cksum, - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length)); - -static krb5_error_code -krb5_sha_crypto_sum_func(in, in_length, seed, seed_length, outcksum) - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; - krb5_checksum FAR *outcksum; -{ - krb5_error_code retval; - - if (outcksum->length < HMAC_SHA_CKSUM_LENGTH) - return KRB5_BAD_MSIZE; - - outcksum->checksum_type = CKSUMTYPE_HMAC_SHA; - outcksum->length = HMAC_SHA_CKSUM_LENGTH; - - retval = hmac_sha(in, in_length, seed, seed_length, outcksum->contents); - return retval; -} - -static krb5_error_code -krb5_sha_crypto_verify_func(cksum, in, in_length, seed, seed_length) - krb5_const krb5_checksum FAR *cksum; - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; -{ - krb5_octet digest[HMAC_SHA_CKSUM_LENGTH]; - krb5_error_code retval; - - if (cksum->checksum_type != CKSUMTYPE_HMAC_SHA) - return KRB5KRB_AP_ERR_INAPP_CKSUM; - if (cksum->length != HMAC_SHA_CKSUM_LENGTH) - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - - retval = hmac_sha(in, in_length, seed, seed_length, digest); - if (retval) goto cleanup; - - if (memcmp((char *)digest, (char *)cksum->contents, cksum->length)) - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - -cleanup: - memset((char *)digest, 0, sizeof(digest)); - return retval; -} - -krb5_checksum_entry hmac_sha_cksumtable_entry = -{ - 0, - krb5_sha_crypto_sum_func, - krb5_sha_crypto_verify_func, - HMAC_SHA_CKSUM_LENGTH, - 1, /* is collision proof */ - 1, /* uses key */ -}; diff --git a/src/lib/crypto/sha/sha_glue.c b/src/lib/crypto/sha/sha_glue.c deleted file mode 100644 index 58a93b723..000000000 --- a/src/lib/crypto/sha/sha_glue.c +++ /dev/null @@ -1,97 +0,0 @@ -#include "shs.h" - -krb5_error_code -krb5_sha_sum_func - PROTOTYPE((krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length, - krb5_checksum FAR *outcksum)); - -krb5_error_code -krb5_sha_verify_func - PROTOTYPE((krb5_const krb5_checksum FAR *cksum, - krb5_const krb5_pointer in, - krb5_const size_t in_length, - krb5_const krb5_pointer seed, - krb5_const size_t seed_length)); - -krb5_error_code -krb5_sha_sum_func(in, in_length, seed, seed_length, outcksum) - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; - krb5_checksum FAR *outcksum; -{ - krb5_octet *input = (krb5_octet *)in; - krb5_octet *cp; - LONG *lp; - SHS_INFO working; - - if (outcksum->length < SHS_DIGESTSIZE) - return KRB5_BAD_MSIZE; - - shsInit(&working); - shsUpdate(&working, input, in_length); - shsFinal(&working); - - outcksum->checksum_type = CKSUMTYPE_NIST_SHA; - outcksum->length = SHS_DIGESTSIZE; - - cp = outcksum->contents; - lp = working.digest; - while (lp < working.digest + 16) { - *cp++ = (*lp >> 24) & 0xff; - *cp++ = (*lp >> 16) & 0xff; - *cp++ = (*lp >> 8) & 0xff; - *cp++ = (*lp++) & 0xff; - } - memset((char *)&working, 0, sizeof(working)); - return 0; -} - -krb5_error_code -krb5_sha_verify_func(cksum, in, in_length, seed, seed_length) - krb5_const krb5_checksum FAR *cksum; - krb5_const krb5_pointer in; - krb5_const size_t in_length; - krb5_const krb5_pointer seed; - krb5_const size_t seed_length; -{ - krb5_octet *input = (krb5_octet *)in; - SHS_INFO working; - krb5_error_code retval; - int i; - krb5_octet *cp; - - if (cksum->checksum_type != CKSUMTYPE_NIST_SHA) - return KRB5KRB_AP_ERR_INAPP_CKSUM; - if (cksum->length != SHS_DIGESTSIZE) - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - - shsInit(&working); - shsUpdate(&working, input, in_length); - shsFinal(&working); - - retval = 0; - for (i = 0, cp = cksum->contents; i < 5; i++, cp += 4) { - if (working.digest[i] != - (LONG) cp[0] << 24 | (LONG) cp[1] << 16 | - (LONG) cp[2] << 8 | (LONG) cp[3]) { - retval = KRB5KRB_AP_ERR_BAD_INTEGRITY; - break; - } - } - memset((char *) &working, 0, sizeof(working)); - return retval; -} - -krb5_checksum_entry nist_sha_cksumtable_entry = { - 0, - krb5_sha_sum_func, - krb5_sha_verify_func, - SHS_DIGESTSIZE, - 1, /* is collision proof */ - 0, /* doesn't use key */ -}; diff --git a/src/lib/crypto/sha/shs.c b/src/lib/crypto/sha/shs.c deleted file mode 100644 index e18f3af9e..000000000 --- a/src/lib/crypto/sha/shs.c +++ /dev/null @@ -1,392 +0,0 @@ -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#include -#include "shs.h" - -/* The SHS f()-functions. The f1 and f3 functions can be optimized to - save one boolean operation each - thanks to Rich Schroeppel, - rcs@cs.arizona.edu for discovering this */ - -#define f1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) /* Rounds 0-19 */ -#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */ -#define f3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) /* Rounds 40-59 */ -#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */ - -/* The SHS Mysterious Constants */ - -#define K1 0x5A827999L /* Rounds 0-19 */ -#define K2 0x6ED9EBA1L /* Rounds 20-39 */ -#define K3 0x8F1BBCDCL /* Rounds 40-59 */ -#define K4 0xCA62C1D6L /* Rounds 60-79 */ - -/* SHS initial values */ - -#define h0init 0x67452301L -#define h1init 0xEFCDAB89L -#define h2init 0x98BADCFEL -#define h3init 0x10325476L -#define h4init 0xC3D2E1F0L - -/* Note that it may be necessary to add parentheses to these macros if they - are to be called with expressions as arguments */ - -/* 32-bit rotate left - kludged with shifts */ - -#define ROTL(n,X) (((X) << (n)) & 0xffffffff | ((X) >> (32 - n))) - -/* The initial expanding function. The hash function is defined over an - 80-word expanded input array W, where the first 16 are copies of the input - data, and the remaining 64 are defined by - - W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ] - - This implementation generates these values on the fly in a circular - buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this - optimization. - - The updated SHS changes the expanding function by adding a rotate of 1 - bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor - for this information */ - -#ifdef NEW_SHS -#define expand(W,i) ( W[ i & 15 ] = ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \ - W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ))) -#else -#define expand(W,i) ( W[ i & 15 ] ^= W[ (i - 14) & 15 ] ^ \ - W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) -#endif /* NEW_SHS */ - -/* The prototype SHS sub-round. The fundamental sub-round is: - - a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data; - b' = a; - c' = ROTL( 30, b ); - d' = c; - e' = d; - - but this is implemented by unrolling the loop 5 times and renaming the - variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration. - This code is then replicated 20 times for each of the 4 functions, using - the next 20 values from the W[] array each time */ - -#define subRound(a, b, c, d, e, f, k, data) \ - ( e += ROTL( 5, a ) + f( b, c, d ) + k + data, \ - e &= 0xffffffff, b = ROTL( 30, b ) ) - -/* Initialize the SHS values */ - -void shsInit(shsInfo) - SHS_INFO *shsInfo; -{ - /* Set the h-vars to their initial values */ - shsInfo->digest[ 0 ] = h0init; - shsInfo->digest[ 1 ] = h1init; - shsInfo->digest[ 2 ] = h2init; - shsInfo->digest[ 3 ] = h3init; - shsInfo->digest[ 4 ] = h4init; - - /* Initialise bit count */ - shsInfo->countLo = shsInfo->countHi = 0; -} - -/* Perform the SHS transformation. Note that this code, like MD5, seems to - break some optimizing compilers due to the complexity of the expressions - and the size of the basic block. It may be necessary to split it into - sections, e.g. based on the four subrounds - - Note that this corrupts the shsInfo->data area */ - -static void SHSTransform KRB5_PROTOTYPE((LONG *digest, LONG *data)); - -static -void SHSTransform(digest, data) - LONG *digest; - LONG *data; -{ - LONG A, B, C, D, E; /* Local vars */ - LONG eData[ 16 ]; /* Expanded data */ - - /* Set up first buffer and local data buffer */ - A = digest[ 0 ]; - B = digest[ 1 ]; - C = digest[ 2 ]; - D = digest[ 3 ]; - E = digest[ 4 ]; - memcpy(eData, data, sizeof (eData)); - - /* Heavy mangling, in 4 sub-rounds of 20 interations each. */ - subRound( A, B, C, D, E, f1, K1, eData[ 0 ] ); - subRound( E, A, B, C, D, f1, K1, eData[ 1 ] ); - subRound( D, E, A, B, C, f1, K1, eData[ 2 ] ); - subRound( C, D, E, A, B, f1, K1, eData[ 3 ] ); - subRound( B, C, D, E, A, f1, K1, eData[ 4 ] ); - subRound( A, B, C, D, E, f1, K1, eData[ 5 ] ); - subRound( E, A, B, C, D, f1, K1, eData[ 6 ] ); - subRound( D, E, A, B, C, f1, K1, eData[ 7 ] ); - subRound( C, D, E, A, B, f1, K1, eData[ 8 ] ); - subRound( B, C, D, E, A, f1, K1, eData[ 9 ] ); - subRound( A, B, C, D, E, f1, K1, eData[ 10 ] ); - subRound( E, A, B, C, D, f1, K1, eData[ 11 ] ); - subRound( D, E, A, B, C, f1, K1, eData[ 12 ] ); - subRound( C, D, E, A, B, f1, K1, eData[ 13 ] ); - subRound( B, C, D, E, A, f1, K1, eData[ 14 ] ); - subRound( A, B, C, D, E, f1, K1, eData[ 15 ] ); - subRound( E, A, B, C, D, f1, K1, expand( eData, 16 ) ); - subRound( D, E, A, B, C, f1, K1, expand( eData, 17 ) ); - subRound( C, D, E, A, B, f1, K1, expand( eData, 18 ) ); - subRound( B, C, D, E, A, f1, K1, expand( eData, 19 ) ); - - subRound( A, B, C, D, E, f2, K2, expand( eData, 20 ) ); - subRound( E, A, B, C, D, f2, K2, expand( eData, 21 ) ); - subRound( D, E, A, B, C, f2, K2, expand( eData, 22 ) ); - subRound( C, D, E, A, B, f2, K2, expand( eData, 23 ) ); - subRound( B, C, D, E, A, f2, K2, expand( eData, 24 ) ); - subRound( A, B, C, D, E, f2, K2, expand( eData, 25 ) ); - subRound( E, A, B, C, D, f2, K2, expand( eData, 26 ) ); - subRound( D, E, A, B, C, f2, K2, expand( eData, 27 ) ); - subRound( C, D, E, A, B, f2, K2, expand( eData, 28 ) ); - subRound( B, C, D, E, A, f2, K2, expand( eData, 29 ) ); - subRound( A, B, C, D, E, f2, K2, expand( eData, 30 ) ); - subRound( E, A, B, C, D, f2, K2, expand( eData, 31 ) ); - subRound( D, E, A, B, C, f2, K2, expand( eData, 32 ) ); - subRound( C, D, E, A, B, f2, K2, expand( eData, 33 ) ); - subRound( B, C, D, E, A, f2, K2, expand( eData, 34 ) ); - subRound( A, B, C, D, E, f2, K2, expand( eData, 35 ) ); - subRound( E, A, B, C, D, f2, K2, expand( eData, 36 ) ); - subRound( D, E, A, B, C, f2, K2, expand( eData, 37 ) ); - subRound( C, D, E, A, B, f2, K2, expand( eData, 38 ) ); - subRound( B, C, D, E, A, f2, K2, expand( eData, 39 ) ); - - subRound( A, B, C, D, E, f3, K3, expand( eData, 40 ) ); - subRound( E, A, B, C, D, f3, K3, expand( eData, 41 ) ); - subRound( D, E, A, B, C, f3, K3, expand( eData, 42 ) ); - subRound( C, D, E, A, B, f3, K3, expand( eData, 43 ) ); - subRound( B, C, D, E, A, f3, K3, expand( eData, 44 ) ); - subRound( A, B, C, D, E, f3, K3, expand( eData, 45 ) ); - subRound( E, A, B, C, D, f3, K3, expand( eData, 46 ) ); - subRound( D, E, A, B, C, f3, K3, expand( eData, 47 ) ); - subRound( C, D, E, A, B, f3, K3, expand( eData, 48 ) ); - subRound( B, C, D, E, A, f3, K3, expand( eData, 49 ) ); - subRound( A, B, C, D, E, f3, K3, expand( eData, 50 ) ); - subRound( E, A, B, C, D, f3, K3, expand( eData, 51 ) ); - subRound( D, E, A, B, C, f3, K3, expand( eData, 52 ) ); - subRound( C, D, E, A, B, f3, K3, expand( eData, 53 ) ); - subRound( B, C, D, E, A, f3, K3, expand( eData, 54 ) ); - subRound( A, B, C, D, E, f3, K3, expand( eData, 55 ) ); - subRound( E, A, B, C, D, f3, K3, expand( eData, 56 ) ); - subRound( D, E, A, B, C, f3, K3, expand( eData, 57 ) ); - subRound( C, D, E, A, B, f3, K3, expand( eData, 58 ) ); - subRound( B, C, D, E, A, f3, K3, expand( eData, 59 ) ); - - subRound( A, B, C, D, E, f4, K4, expand( eData, 60 ) ); - subRound( E, A, B, C, D, f4, K4, expand( eData, 61 ) ); - subRound( D, E, A, B, C, f4, K4, expand( eData, 62 ) ); - subRound( C, D, E, A, B, f4, K4, expand( eData, 63 ) ); - subRound( B, C, D, E, A, f4, K4, expand( eData, 64 ) ); - subRound( A, B, C, D, E, f4, K4, expand( eData, 65 ) ); - subRound( E, A, B, C, D, f4, K4, expand( eData, 66 ) ); - subRound( D, E, A, B, C, f4, K4, expand( eData, 67 ) ); - subRound( C, D, E, A, B, f4, K4, expand( eData, 68 ) ); - subRound( B, C, D, E, A, f4, K4, expand( eData, 69 ) ); - subRound( A, B, C, D, E, f4, K4, expand( eData, 70 ) ); - subRound( E, A, B, C, D, f4, K4, expand( eData, 71 ) ); - subRound( D, E, A, B, C, f4, K4, expand( eData, 72 ) ); - subRound( C, D, E, A, B, f4, K4, expand( eData, 73 ) ); - subRound( B, C, D, E, A, f4, K4, expand( eData, 74 ) ); - subRound( A, B, C, D, E, f4, K4, expand( eData, 75 ) ); - subRound( E, A, B, C, D, f4, K4, expand( eData, 76 ) ); - subRound( D, E, A, B, C, f4, K4, expand( eData, 77 ) ); - subRound( C, D, E, A, B, f4, K4, expand( eData, 78 ) ); - subRound( B, C, D, E, A, f4, K4, expand( eData, 79 ) ); - - /* Build message digest */ - digest[ 0 ] += A; - digest[ 0 ] &= 0xffffffff; - digest[ 1 ] += B; - digest[ 1 ] &= 0xffffffff; - digest[ 2 ] += C; - digest[ 2 ] &= 0xffffffff; - digest[ 3 ] += D; - digest[ 3 ] &= 0xffffffff; - digest[ 4 ] += E; - digest[ 4 ] &= 0xffffffff; -} - -/* When run on a little-endian CPU we need to perform byte reversal on an - array of longwords. It is possible to make the code endianness- - independant by fiddling around with data at the byte level, but this - makes for very slow code, so we rely on the user to sort out endianness - at compile time */ - -void longReverse( LONG *buffer, int byteCount ) -{ - LONG value; - static int init = 0; - char *cp; - - switch (init) { - case 0: - init=1; - cp = (char *) &init; - if (*cp == 1) { - init=2; - break; - } - init=1; - /* fall through - MSB */ - case 1: - return; - } - - byteCount /= sizeof( LONG ); - while( byteCount-- ) { - value = *buffer; - value = ( ( value & 0xFF00FF00L ) >> 8 ) | - ( ( value & 0x00FF00FFL ) << 8 ); - *buffer++ = ( value << 16 ) | ( value >> 16 ); - } -} - -/* Update SHS for a block of data */ - -void shsUpdate(shsInfo, buffer, count) - SHS_INFO *shsInfo; - BYTE *buffer; - int count; -{ - LONG tmp; - int dataCount, canfill; - LONG *lp; - - /* Update bitcount */ - tmp = shsInfo->countLo; - shsInfo->countLo = tmp + (((LONG) count) << 3 ); - if ((shsInfo->countLo &= 0xffffffff) < tmp) - shsInfo->countHi++; /* Carry from low to high */ - shsInfo->countHi += count >> 29; - - /* Get count of bytes already in data */ - dataCount = (int) (tmp >> 3) & 0x3F; - - /* Handle any leading odd-sized chunks */ - if (dataCount) { - lp = shsInfo->data + dataCount / 4; - canfill = (count >= dataCount); - dataCount = SHS_DATASIZE - dataCount; - - if (dataCount % 4) { - /* Fill out a full 32 bit word first if needed -- this - is not very efficient (computed shift amount), - but it shouldn't happen often. */ - while (dataCount % 4 && count > 0) { - *lp |= (LONG) *buffer++ << ((3 - dataCount++ % 4) * 8); - count--; - } - lp++; - } - while (lp < shsInfo->data + 16) { - *lp = (LONG) *buffer++ << 24; - *lp |= (LONG) *buffer++ << 16; - *lp |= (LONG) *buffer++ << 8; - *lp++ |= (LONG) *buffer++; - if ((count -= 4) < 4 && lp < shsInfo->data + 16) { - *lp = 0; - switch (count % 4) { - case 3: - *lp |= (LONG) buffer[2] << 8; - case 2: - *lp |= (LONG) buffer[1] << 16; - case 1: - *lp |= (LONG) buffer[0] << 24; - } - break; - count = 0; - } - } - if (canfill) { - SHSTransform(shsInfo->digest, shsInfo->data); - } - } - - /* Process data in SHS_DATASIZE chunks */ - while (count >= SHS_DATASIZE) { - lp = shsInfo->data; - while (lp < shsInfo->data + 16) { - *lp = ((LONG) *buffer++) << 24; - *lp |= ((LONG) *buffer++) << 16; - *lp |= ((LONG) *buffer++) << 8; - *lp++ |= (LONG) *buffer++; - } - SHSTransform(shsInfo->digest, shsInfo->data); - count -= SHS_DATASIZE; - } - - if (count > 0) { - lp = shsInfo->data; - while (count > 4) { - *lp = ((LONG) *buffer++) << 24; - *lp |= ((LONG) *buffer++) << 16; - *lp |= ((LONG) *buffer++) << 8; - *lp++ |= (LONG) *buffer++; - count -= 4; - } - *lp = 0; - switch (count % 4) { - case 0: - *lp |= ((LONG) buffer[3]); - case 3: - *lp |= ((LONG) buffer[2]) << 8; - case 2: - *lp |= ((LONG) buffer[1]) << 16; - case 1: - *lp |= ((LONG) buffer[0]) << 24; - } - } -} - -/* Final wrapup - pad to SHS_DATASIZE-byte boundary with the bit pattern - 1 0* (64-bit count of bits processed, MSB-first) */ - -void shsFinal(shsInfo) - SHS_INFO *shsInfo; -{ - int count; - LONG *lp; - BYTE *dataPtr; - - /* Compute number of bytes mod 64 */ - count = (int) shsInfo->countLo; - count = (count >> 3) & 0x3F; - - /* Set the first char of padding to 0x80. This is safe since there is - always at least one byte free */ - lp = shsInfo->data + count / 4; - switch (count % 4) { - case 3: - *lp++ |= (LONG) 0x80; - break; - case 2: - *lp++ |= (LONG) 0x80 << 8; - break; - case 1: - *lp++ |= (LONG) 0x80 << 16; - break; - case 0: - *lp++ = (LONG) 0x80 << 24; - } - - if (lp > shsInfo->data + 14) { - /* Pad out to 64 bytes if not enough room for length words */ - *lp = 0; - SHSTransform(shsInfo->digest, shsInfo->data); - lp = shsInfo->data; - } - /* Pad out to 56 bytes */ - while (lp < shsInfo->data + 14) - *lp++ = 0; - /* Append length in bits and transform */ - *lp++ = shsInfo->countHi; - *lp++ = shsInfo->countLo; - SHSTransform(shsInfo->digest, shsInfo->data); -} diff --git a/src/lib/crypto/sha/shs.h b/src/lib/crypto/sha/shs.h deleted file mode 100644 index 01acddb82..000000000 --- a/src/lib/crypto/sha/shs.h +++ /dev/null @@ -1,59 +0,0 @@ -#ifndef _SHS_DEFINED - -#include - -#define _SHS_DEFINED - -/* Some useful types */ - -typedef krb5_octet BYTE; - -/* Old DOS/Windows compilers are case-insensitive */ -#if !defined(_MSDOS) && !defined(_WIN32) -typedef krb5_ui_4 LONG; -#endif - - -/* Define the following to use the updated SHS implementation */ -#define NEW_SHS /**/ - -/* The SHS block size and message digest sizes, in bytes */ - -#define SHS_DATASIZE 64 -#define SHS_DIGESTSIZE 20 - -/* The structure for storing SHS info */ - -typedef struct { - LONG digest[ 5 ]; /* Message digest */ - LONG countLo, countHi; /* 64-bit bit count */ - LONG data[ 16 ]; /* SHS data buffer */ - } SHS_INFO; - -/* Message digest functions (shs.c) */ -void shsInit - KRB5_PROTOTYPE((SHS_INFO *shsInfo)); -void shsUpdate - KRB5_PROTOTYPE((SHS_INFO *shsInfo, BYTE *buffer, int count)); -void shsFinal - KRB5_PROTOTYPE((SHS_INFO *shsInfo)); - - -/* Keyed Message digest functions (hmac_sha.c) */ -krb5_error_code hmac_sha - KRB5_PROTOTYPE((krb5_octet *text, - int text_len, - krb5_octet *key, - int key_len, - krb5_octet *digest)); - - -#define NIST_SHA_CKSUM_LENGTH SHS_DIGESTSIZE -#define HMAC_SHA_CKSUM_LENGTH SHS_DIGESTSIZE - - -extern krb5_checksum_entry - nist_sha_cksumtable_entry, - hmac_sha_cksumtable_entry; - -#endif /* _SHS_DEFINED */ diff --git a/src/lib/crypto/sha/t_shs.c b/src/lib/crypto/sha/t_shs.c deleted file mode 100644 index da55992ec..000000000 --- a/src/lib/crypto/sha/t_shs.c +++ /dev/null @@ -1,132 +0,0 @@ -/**************************************************************************** -* * -* SHS Test Code * -* * -****************************************************************************/ - -#include -#include -#include -#include "shs.h" - -/* Test the SHS implementation */ - -#ifdef NEW_SHS - -static LONG shsTestResults[][ 5 ] = { - { 0xA9993E36L, 0x4706816AL, 0xBA3E2571L, 0x7850C26CL, 0x9CD0D89DL, }, - { 0x84983E44L, 0x1C3BD26EL, 0xBAAE4AA1L, 0xF95129E5L, 0xE54670F1L, }, - { 0x34AA973CL, 0xD4C4DAA4L, 0xF61EEB2BL, 0xDBAD2731L, 0x6534016FL, } - }; - -#else - -static LONG shsTestResults[][ 5 ] = { - { 0x0164B8A9L, 0x14CD2A5EL, 0x74C4F7FFL, 0x082C4D97L, 0xF1EDF880L }, - { 0xD2516EE1L, 0xACFA5BAFL, 0x33DFC1C4L, 0x71E43844L, 0x9EF134C8L }, - { 0x3232AFFAL, 0x48628A26L, 0x653B5AAAL, 0x44541FD9L, 0x0D690603L } - }; -#endif /* NEW_SHS */ - -static int compareSHSresults(shsInfo, shsTestLevel) -SHS_INFO *shsInfo; -int shsTestLevel; -{ - int i, fail = 0; - - /* Compare the returned digest and required values */ - for( i = 0; i < 5; i++ ) - if( shsInfo->digest[ i ] != shsTestResults[ shsTestLevel ][ i ] ) - fail = 1; - if (fail) { - printf("\nExpected: "); - for (i = 0; i < 5; i++) { - printf("%8.8lx ", shsTestResults[shsTestLevel][i]); - } - printf("\nGot: "); - for (i = 0; i < 5; i++) { - printf("%8.8lx ", shsInfo->digest[i]); - } - printf("\n"); - return( -1 ); - } - return( 0 ); -} - -main() -{ - SHS_INFO shsInfo; - unsigned int i; - time_t secondCount; - BYTE data[ 200 ]; - - /* Make sure we've got the endianness set right. If the machine is - big-endian (up to 64 bits) the following value will be signed, - otherwise it will be unsigned. Unfortunately we can't test for odd - things like middle-endianness without knowing the size of the data - types */ - - /* Test SHS against values given in SHS standards document */ - printf( "Running SHS test 1 ... " ); - shsInit( &shsInfo ); - shsUpdate( &shsInfo, ( BYTE * ) "abc", 3 ); - shsFinal( &shsInfo ); - if( compareSHSresults( &shsInfo, 0 ) == -1 ) - { - putchar( '\n' ); - puts( "SHS test 1 failed" ); - exit( -1 ); - } -#ifdef NEW_SHS - puts( "passed, result= A9993E364706816ABA3E25717850C26C9CD0D89D" ); -#else - puts( "passed, result= 0164B8A914CD2A5E74C4F7FF082C4D97F1EDF880" ); -#endif /* NEW_SHS */ - - printf( "Running SHS test 2 ... " ); - shsInit( &shsInfo ); - shsUpdate( &shsInfo, ( BYTE * ) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56 ); - shsFinal( &shsInfo ); - if( compareSHSresults( &shsInfo, 1 ) == -1 ) - { - putchar( '\n' ); - puts( "SHS test 2 failed" ); - exit( -1 ); - } -#ifdef NEW_SHS - puts( "passed, result= 84983E441C3BD26EBAAE4AA1F95129E5E54670F1" ); -#else - puts( "passed, result= D2516EE1ACFA5BAF33DFC1C471E438449EF134C8" ); -#endif /* NEW_SHS */ - - printf( "Running SHS test 3 ... " ); - shsInit( &shsInfo ); - for( i = 0; i < 15625; i++ ) - shsUpdate( &shsInfo, ( BYTE * ) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 64 ); - shsFinal( &shsInfo ); - if( compareSHSresults( &shsInfo, 2 ) == -1 ) - { - putchar( '\n' ); - puts( "SHS test 3 failed" ); - exit( -1 ); - } -#ifdef NEW_SHS - puts( "passed, result= 34AA973CD4C4DAA4F61EEB2BDBAD27316534016F" ); -#else - puts( "passed, result= 3232AFFA48628A26653B5AAA44541FD90D690603" ); -#endif /* NEW_SHS */ - -#if 0 - printf( "\nTesting speed for 100MB data... " ); - shsInit( &shsInfo ); - secondCount = time( NULL ); - for( i = 0; i < 500000U; i++ ) - shsUpdate( &shsInfo, data, 200 ); - secondCount = time( NULL ) - secondCount; - printf( "done. Time = %ld seconds, %ld kbytes/second.\n", \ - secondCount, 100500L / secondCount ); -#endif - - puts( "\nAll SHS tests passed" ); - exit( 0 ); -} -- 2.26.2