* Tie in Microsoft rc4 cipher and make it build

* Add hmac-md5-rc4 keyed hash and appropriate glue
* Give keyed hash verify function access to usage argument
* Add simplistic crypto system test  to make check

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13832 dc483132-0cff-0310-8789-dd5450dbe970

6 files changed, 119 insertions, 6 deletions

diff --git a/src/lib/crypto/keyhash_provider/ChangeLog b/src/lib/crypto/keyhash_provider/ChangeLog
index 5ca3844..c52095a 100644
--- a/src/lib/crypto/keyhash_provider/ChangeLog
+++ b/src/lib/crypto/keyhash_provider/ChangeLog
@@ -1,5 +1,13 @@
+2001-10-23  Sam Hartman  <hartmans@mit.edu>
+
+	* k5_md5des.c (k5_md5des_verify): Add usage
+
+	* k5_md4des.c (k5_md4des_verify): Add usage
+
 2001-10-22  Sam Hartman  <hartmans@mit.edu>
 
+	* keyhash_provider.h hmac_md5.c:  Implement Microsoft hmac-md5 keyhash provider
+
 	* t_cksum.c (main):  Include key usage in hash call.
 
 	* k5_md5des.c (k5_md5des_hash): add usage
diff --git a/src/lib/crypto/keyhash_provider/Makefile.in b/src/lib/crypto/keyhash_provider/Makefile.in
index 58792ec..7b75853 100644
--- a/src/lib/crypto/keyhash_provider/Makefile.in
+++ b/src/lib/crypto/keyhash_provider/Makefile.in
@@ -3,7 +3,8 @@ myfulldir=lib/crypto/keyhash_provider
 mydir=keyhash_provider
 BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U)
 LOCALINCLUDES = -I$(srcdir)/../des -I$(srcdir)/../md4 \
-	-I$(srcdir)/../md5
+	-I$(srcdir)/../md5 -I$(srcdir)/../arcfour \
+	-I$(srcdir)/../hash_provider
 
 ##DOS##BUILDTOP = ..\..\..
 ##DOS##PREFIXDIR=keyhash_provider
@@ -15,11 +16,11 @@ PROG_RPATH=$(KRB5_LIBDIR)
 
 RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf
 
-STLIBOBJS= descbc.o k5_md4des.o k5_md5des.o
+STLIBOBJS= descbc.o k5_md4des.o k5_md5des.o hmac_md5.o
 
-OBJS= $(OUTPRE)descbc.$(OBJEXT) $(OUTPRE)k5_md4des.$(OBJEXT) $(OUTPRE)k5_md5des.$(OBJEXT)
+OBJS= $(OUTPRE)descbc.$(OBJEXT) $(OUTPRE)k5_md4des.$(OBJEXT) $(OUTPRE)k5_md5des.$(OBJEXT) $(OUTP)hmac_md5.$(OBJEXT)
 
-SRCS= $(srcdir)/descbc.c $(srcdir)/k5_md4des.c $(srcdir)/k5_md5des.c
+SRCS= $(srcdir)/descbc.c $(srcdir)/k5_md4des.c $(srcdir)/k5_md5des.c $(srcdir)/hmac_md5.c
 
 ##DOS##LIBOBJS = $(OBJS)
 
diff --git a/src/lib/crypto/keyhash_provider/hmac_md5.c b/src/lib/crypto/keyhash_provider/hmac_md5.c
new file mode 100644
index 0000000..2f406c5
--- /dev/null
+++ b/src/lib/crypto/keyhash_provider/hmac_md5.c
@@ -0,0 +1,102 @@
+/*
+ * lib/crypto/keyhash_provider/hmac_md5.c
+ *
+(I don't know)
+.
+ * Copyright2001 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+* Implementation of the Microsoft hmac-md5 checksum type.
+* Implemented based on draft-brezak-win2k-krb-rc4-hmac-03
+ */
+
+#include "k5-int.h"
+#include "keyhash_provider.h"
+#include "arcfour-int.h"
+#include "rsa-md5.h"
+#include "hash_provider.h"
+
+static void 
+k5_hmac_md5_hash_size (size_t *output) 
+{
+  *output = 16;
+}
+
+static  krb5_error_code
+k5_hmac_md5_hash (const krb5_keyblock *key, krb5_keyusage usage,
+		  const krb5_data *iv,
+		  const krb5_data *input, krb5_data *output)
+{
+  krb5_keyusage ms_usage;
+  krb5_error_code ret;
+  krb5_keyblock ks;
+  krb5_data ds, ks_constant, md5tmp;
+  krb5_MD5_CTX ctx;
+  char t[4];
+  
+
+  ds.length = key->length;
+  ks.length = key->length;
+  ds.data = malloc(ds.length);
+  if (ds.length == NULL)
+    return ENOMEM;
+  ks.contents = (void *) ds.data;
+
+  ks_constant.data = "signaturekey";
+  ks_constant.length = strlen(ks_constant.data)+1; /* Including null*/
+
+  ret = krb5_hmac( &krb5int_hash_md5, key, 1,
+		   &ks_constant, &ds);
+  if (ret)
+    goto cleanup;
+
+  krb5_MD5Init (&ctx);
+  ms_usage = krb5int_arcfour_translate_usage (usage);
+  t[0] = (ms_usage) & 0xff;
+  t[1] = (ms_usage>>8) & 0xff;
+  t[2] = (ms_usage >>16) & 0xff;
+  t[3] = (ms_usage>>24) & 0XFF;
+  krb5_MD5Update (&ctx, (unsigned char * ) &t, 4);
+  krb5_MD5Update (&ctx, (unsigned char *) input-> data,
+		  (unsigned int) input->length );
+  krb5_MD5Final(&ctx);
+  md5tmp.data = (void *) ctx.digest;
+  md5tmp.length = 16;
+  ret = krb5_hmac ( &krb5int_hash_md5, &ks, 1, &md5tmp,
+		    output);
+
+    cleanup:
+  memset(&ctx, 0, sizeof(ctx));
+  memset (ks.contents, 0, ks.length);
+  free (ks.contents);
+  return ret;
+}
+
+		 
+
+const struct krb5_keyhash_provider krb5int_keyhash_hmac_md5 = {
+  k5_hmac_md5_hash_size,
+  k5_hmac_md5_hash,
+  NULL /*checksum  again*/
+};
+
diff --git a/src/lib/crypto/keyhash_provider/k5_md4des.c b/src/lib/crypto/keyhash_provider/k5_md4des.c
index 8e03357..5ff50bf 100644
--- a/src/lib/crypto/keyhash_provider/k5_md4des.c
+++ b/src/lib/crypto/keyhash_provider/k5_md4des.c
@@ -110,7 +110,8 @@ k5_md4des_hash(const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *i
 }
 
 static krb5_error_code
-k5_md4des_verify(const krb5_keyblock *key, const krb5_data *ivec,
+k5_md4des_verify(const krb5_keyblock *key, krb5_keyusage usage,
+		 const krb5_data *ivec,
 		 const krb5_data *input, const krb5_data *hash,
 		 krb5_boolean *valid)
 {
diff --git a/src/lib/crypto/keyhash_provider/k5_md5des.c b/src/lib/crypto/keyhash_provider/k5_md5des.c
index 012bc85..2a2bef3 100644
--- a/src/lib/crypto/keyhash_provider/k5_md5des.c
+++ b/src/lib/crypto/keyhash_provider/k5_md5des.c
@@ -110,7 +110,7 @@ k5_md5des_hash(const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *i
 }
 
 static krb5_error_code
-k5_md5des_verify(const krb5_keyblock *key, const krb5_data *ivec,
+k5_md5des_verify(const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *ivec,
 		 const krb5_data *input, const krb5_data *hash,
 		 krb5_boolean *valid)
 {
diff --git a/src/lib/crypto/keyhash_provider/keyhash_provider.h b/src/lib/crypto/keyhash_provider/keyhash_provider.h
index 1393500..6a96faf 100644
--- a/src/lib/crypto/keyhash_provider/keyhash_provider.h
+++ b/src/lib/crypto/keyhash_provider/keyhash_provider.h
@@ -29,3 +29,4 @@
 extern const struct krb5_keyhash_provider krb5int_keyhash_descbc;
 extern const struct krb5_keyhash_provider krb5int_keyhash_md4des;
 extern const struct krb5_keyhash_provider krb5int_keyhash_md5des;
+extern const struct krb5_keyhash_provider krb5int_keyhash_hmac_md5;