aboutsummaryrefslogtreecommitdiff
path: root/src/lib/crypto/krb/dk
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2009-11-28 00:43:34 +0000
committerGreg Hudson <ghudson@mit.edu>2009-11-28 00:43:34 +0000
commit65577cf37ab5831e736dd5db8459c0927cd3e224 (patch)
tree49d60364bcfaa50cd849568b7313d92e1388d28c /src/lib/crypto/krb/dk
parent9fde1f049d4f2205a9cccdc82278d93e6eaad748 (diff)
downloadkrb5-65577cf37ab5831e736dd5db8459c0927cd3e224.zip
krb5-65577cf37ab5831e736dd5db8459c0927cd3e224.tar.gz
krb5-65577cf37ab5831e736dd5db8459c0927cd3e224.tar.bz2
Mark and reindent lib/crypto
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23374 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/krb/dk')
-rw-r--r--src/lib/crypto/krb/dk/checksum.c23
-rw-r--r--src/lib/crypto/krb/dk/derive.c119
-rw-r--r--src/lib/crypto/krb/dk/dk.h87
-rw-r--r--src/lib/crypto/krb/dk/dk_aead.c165
-rw-r--r--src/lib/crypto/krb/dk/dk_decrypt.c87
-rw-r--r--src/lib/crypto/krb/dk/dk_encrypt.c87
-rw-r--r--src/lib/crypto/krb/dk/stringtokey.c19
7 files changed, 297 insertions, 290 deletions
diff --git a/src/lib/crypto/krb/dk/checksum.c b/src/lib/crypto/krb/dk/checksum.c
index 538060d..106bf15 100644
--- a/src/lib/crypto/krb/dk/checksum.c
+++ b/src/lib/crypto/krb/dk/checksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
@@ -33,8 +34,8 @@
krb5_error_code
krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
- krb5_key key, krb5_keyusage usage,
- const krb5_data *input, krb5_data *output)
+ krb5_key key, krb5_keyusage usage,
+ const krb5_data *input, krb5_data *output)
{
const struct krb5_keytypes *ktp;
const struct krb5_enc_provider *enc;
@@ -45,7 +46,7 @@ krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
ktp = find_enctype(key->keyblock.enctype);
if (ktp == NULL)
- return KRB5_BAD_ENCTYPE;
+ return KRB5_BAD_ENCTYPE;
enc = ktp->enc;
/*
@@ -64,7 +65,7 @@ krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
ret = krb5int_derive_key(enc, key, &kc, &datain);
if (ret)
- return ret;
+ return ret;
/* hash the data */
@@ -72,7 +73,7 @@ krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
ret = krb5int_hmac(hash, kc, 1, &datain, output);
if (ret)
- memset(output->data, 0, output->length);
+ memset(output->data, 0, output->length);
krb5_k_free_key(NULL, kc);
return ret;
@@ -80,9 +81,9 @@ krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
krb5_error_code
krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
- krb5_key key, krb5_keyusage usage,
- const krb5_crypto_iov *data, size_t num_data,
- krb5_data *output)
+ krb5_key key, krb5_keyusage usage,
+ const krb5_crypto_iov *data, size_t num_data,
+ krb5_data *output)
{
const struct krb5_keytypes *ktp;
const struct krb5_enc_provider *enc;
@@ -93,7 +94,7 @@ krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
ktp = find_enctype(key->keyblock.enctype);
if (ktp == NULL)
- return KRB5_BAD_ENCTYPE;
+ return KRB5_BAD_ENCTYPE;
enc = ktp->enc;
/*
@@ -112,13 +113,13 @@ krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
ret = krb5int_derive_key(enc, key, &kc, &datain);
if (ret)
- return ret;
+ return ret;
/* Hash the data. */
ret = krb5int_hmac_iov(hash, kc, data, num_data, output);
if (ret)
- memset(output->data, 0, output->length);
+ memset(output->data, 0, output->length);
krb5_k_free_key(NULL, kc);
return ret;
diff --git a/src/lib/crypto/krb/dk/derive.c b/src/lib/crypto/krb/dk/derive.c
index 5019975..c963c39 100644
--- a/src/lib/crypto/krb/dk/derive.c
+++ b/src/lib/crypto/krb/dk/derive.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
@@ -31,17 +32,17 @@ static krb5_key
find_cached_dkey(struct derived_key *list, const krb5_data *constant)
{
for (; list; list = list->next) {
- if (data_eq(list->constant, *constant)) {
- krb5_k_reference_key(NULL, list->dkey);
- return list->dkey;
- }
+ if (data_eq(list->constant, *constant)) {
+ krb5_k_reference_key(NULL, list->dkey);
+ return list->dkey;
+ }
}
return NULL;
}
static krb5_error_code
add_cached_dkey(krb5_key key, const krb5_data *constant,
- const krb5_keyblock *dkeyblock, krb5_key *cached_dkey)
+ const krb5_keyblock *dkeyblock, krb5_key *cached_dkey)
{
krb5_key dkey;
krb5_error_code ret;
@@ -51,13 +52,13 @@ add_cached_dkey(krb5_key key, const krb5_data *constant,
/* Allocate fields for the new entry. */
dkent = malloc(sizeof(*dkent));
if (dkent == NULL)
- goto cleanup;
+ goto cleanup;
data = malloc(constant->length);
if (data == NULL)
- goto cleanup;
+ goto cleanup;
ret = krb5_k_create_key(NULL, dkeyblock, &dkey);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* Add the new entry to the list. */
memcpy(data, constant->data, constant->length);
@@ -86,8 +87,8 @@ cleanup:
*/
krb5_error_code
krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
- krb5_key inkey, krb5_keyblock *outkey,
- const krb5_data *in_constant)
+ krb5_key inkey, krb5_keyblock *outkey,
+ const krb5_data *in_constant)
{
size_t blocksize, keybytes, n;
unsigned char *inblockdata = NULL, *outblockdata = NULL, *rawkey = NULL;
@@ -98,19 +99,19 @@ krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
keybytes = enc->keybytes;
if (inkey->keyblock.length != enc->keylength ||
- outkey->length != enc->keylength)
- return KRB5_CRYPTO_INTERNAL;
+ outkey->length != enc->keylength)
+ return KRB5_CRYPTO_INTERNAL;
/* Allocate and set up buffers. */
inblockdata = k5alloc(blocksize, &ret);
if (ret)
- goto cleanup;
+ goto cleanup;
outblockdata = k5alloc(blocksize, &ret);
if (ret)
- goto cleanup;
+ goto cleanup;
rawkey = k5alloc(keybytes, &ret);
if (ret)
- goto cleanup;
+ goto cleanup;
inblock.data = (char *) inblockdata;
inblock.length = blocksize;
@@ -121,28 +122,28 @@ krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
/* Initialize the input block. */
if (in_constant->length == inblock.length) {
- memcpy(inblock.data, in_constant->data, inblock.length);
+ memcpy(inblock.data, in_constant->data, inblock.length);
} else {
- krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
- inblock.length*8, (unsigned char *) inblock.data);
+ krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
+ inblock.length*8, (unsigned char *) inblock.data);
}
/* Loop encrypting the blocks until enough key bytes are generated */
n = 0;
while (n < keybytes) {
- ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
- if (ret)
- goto cleanup;
-
- if ((keybytes - n) <= outblock.length) {
- memcpy(rawkey + n, outblock.data, (keybytes - n));
- break;
- }
-
- memcpy(rawkey+n, outblock.data, outblock.length);
- memcpy(inblock.data, outblock.data, outblock.length);
- n += outblock.length;
+ ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
+ if (ret)
+ goto cleanup;
+
+ if ((keybytes - n) <= outblock.length) {
+ memcpy(rawkey + n, outblock.data, (keybytes - n));
+ break;
+ }
+
+ memcpy(rawkey+n, outblock.data, outblock.length);
+ memcpy(inblock.data, outblock.data, outblock.length);
+ n += outblock.length;
}
/* postprocess the key */
@@ -152,7 +153,7 @@ krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
ret = (*enc->make_key)(&inblock, outkey);
if (ret)
- goto cleanup;
+ goto cleanup;
cleanup:
zapfree(inblockdata, blocksize);
@@ -163,8 +164,8 @@ cleanup:
krb5_error_code
krb5int_derive_key(const struct krb5_enc_provider *enc,
- krb5_key inkey, krb5_key *outkey,
- const krb5_data *in_constant)
+ krb5_key inkey, krb5_key *outkey,
+ const krb5_data *in_constant)
{
krb5_keyblock keyblock;
krb5_error_code ret;
@@ -175,23 +176,23 @@ krb5int_derive_key(const struct krb5_enc_provider *enc,
/* Check for a cached result. */
dkey = find_cached_dkey(inkey->derived, in_constant);
if (dkey != NULL) {
- *outkey = dkey;
- return 0;
+ *outkey = dkey;
+ return 0;
}
/* Derive into a temporary keyblock. */
keyblock.length = enc->keylength;
keyblock.contents = malloc(keyblock.length);
if (keyblock.contents == NULL)
- return ENOMEM;
+ return ENOMEM;
ret = krb5int_derive_keyblock(enc, inkey, &keyblock, in_constant);
if (ret)
- goto cleanup;
+ goto cleanup;
/* Cache the derived key. */
ret = add_cached_dkey(inkey, in_constant, &keyblock, &dkey);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
*outkey = dkey;
@@ -202,8 +203,8 @@ cleanup:
krb5_error_code
krb5int_derive_random(const struct krb5_enc_provider *enc,
- krb5_key inkey, krb5_data *outrnd,
- const krb5_data *in_constant)
+ krb5_key inkey, krb5_data *outrnd,
+ const krb5_data *in_constant)
{
size_t blocksize, keybytes, n;
unsigned char *inblockdata = NULL, *outblockdata = NULL, *rawkey = NULL;
@@ -214,19 +215,19 @@ krb5int_derive_random(const struct krb5_enc_provider *enc,
keybytes = enc->keybytes;
if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes)
- return KRB5_CRYPTO_INTERNAL;
+ return KRB5_CRYPTO_INTERNAL;
/* Allocate and set up buffers. */
inblockdata = k5alloc(blocksize, &ret);
if (ret)
- goto cleanup;
+ goto cleanup;
outblockdata = k5alloc(blocksize, &ret);
if (ret)
- goto cleanup;
+ goto cleanup;
rawkey = k5alloc(keybytes, &ret);
if (ret)
- goto cleanup;
+ goto cleanup;
inblock.data = (char *) inblockdata;
inblock.length = blocksize;
@@ -236,27 +237,27 @@ krb5int_derive_random(const struct krb5_enc_provider *enc,
/* Initialize the input block. */
if (in_constant->length == inblock.length) {
- memcpy(inblock.data, in_constant->data, inblock.length);
+ memcpy(inblock.data, in_constant->data, inblock.length);
} else {
- krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
- inblock.length*8, (unsigned char *) inblock.data);
+ krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
+ inblock.length*8, (unsigned char *) inblock.data);
}
/* Loop encrypting the blocks until enough key bytes are generated. */
n = 0;
while (n < keybytes) {
- ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
- if (ret)
- goto cleanup;
-
- if ((keybytes - n) <= outblock.length) {
- memcpy(rawkey + n, outblock.data, (keybytes - n));
- break;
- }
-
- memcpy(rawkey+n, outblock.data, outblock.length);
- memcpy(inblock.data, outblock.data, outblock.length);
- n += outblock.length;
+ ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
+ if (ret)
+ goto cleanup;
+
+ if ((keybytes - n) <= outblock.length) {
+ memcpy(rawkey + n, outblock.data, (keybytes - n));
+ break;
+ }
+
+ memcpy(rawkey+n, outblock.data, outblock.length);
+ memcpy(inblock.data, outblock.data, outblock.length);
+ n += outblock.length;
}
/* Postprocess the key. */
diff --git a/src/lib/crypto/krb/dk/dk.h b/src/lib/crypto/krb/dk/dk.h
index 76937da..1ac3fbe 100644
--- a/src/lib/crypto/krb/dk/dk.h
+++ b/src/lib/crypto/krb/dk/dk.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
@@ -28,82 +29,82 @@
void
krb5int_dk_encrypt_length(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- size_t input, size_t *length);
+ const struct krb5_hash_provider *hash,
+ size_t input, size_t *length);
krb5_error_code
krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key, krb5_keyusage usage,
- const krb5_data *ivec,
- const krb5_data *input, krb5_data *output);
+ const struct krb5_hash_provider *hash,
+ krb5_key key, krb5_keyusage usage,
+ const krb5_data *ivec,
+ const krb5_data *input, krb5_data *output);
void
krb5int_aes_encrypt_length(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- size_t input, size_t *length);
+ const struct krb5_hash_provider *hash,
+ size_t input, size_t *length);
krb5_error_code
krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key,
- krb5_keyusage usage,
- const krb5_data *ivec,
- const krb5_data *input,
- krb5_data *output);
+ const struct krb5_hash_provider *hash,
+ krb5_key key,
+ krb5_keyusage usage,
+ const krb5_data *ivec,
+ const krb5_data *input,
+ krb5_data *output);
krb5_error_code
krb5int_dk_decrypt(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key, krb5_keyusage usage,
- const krb5_data *ivec, const krb5_data *input,
- krb5_data *arg_output);
+ const struct krb5_hash_provider *hash,
+ krb5_key key, krb5_keyusage usage,
+ const krb5_data *ivec, const krb5_data *input,
+ krb5_data *arg_output);
krb5_error_code
krb5int_aes_dk_decrypt(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key,
- krb5_keyusage usage,
- const krb5_data *ivec,
- const krb5_data *input,
- krb5_data *arg_output);
+ const struct krb5_hash_provider *hash,
+ krb5_key key,
+ krb5_keyusage usage,
+ const krb5_data *ivec,
+ const krb5_data *input,
+ krb5_data *arg_output);
krb5_error_code
krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
- const krb5_data *string,
- const krb5_data *salt,
- const krb5_data *params,
- krb5_keyblock *key);
+ const krb5_data *string,
+ const krb5_data *salt,
+ const krb5_data *params,
+ krb5_keyblock *key);
krb5_error_code
krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
- krb5_key inkey,
- krb5_keyblock *outkey,
- const krb5_data *in_constant);
+ krb5_key inkey,
+ krb5_keyblock *outkey,
+ const krb5_data *in_constant);
krb5_error_code
krb5int_derive_key(const struct krb5_enc_provider *enc,
- krb5_key inkey,
- krb5_key *outkey,
- const krb5_data *in_constant);
+ krb5_key inkey,
+ krb5_key *outkey,
+ const krb5_data *in_constant);
krb5_error_code
krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
- krb5_key key,
- krb5_keyusage usage,
- const krb5_data *input,
- krb5_data *output);
+ krb5_key key,
+ krb5_keyusage usage,
+ const krb5_data *input,
+ krb5_data *output);
krb5_error_code
krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
- krb5_key key, krb5_keyusage usage,
- const krb5_crypto_iov *data, size_t num_data,
- krb5_data *output);
+ krb5_key key, krb5_keyusage usage,
+ const krb5_crypto_iov *data, size_t num_data,
+ krb5_data *output);
krb5_error_code
krb5int_derive_random(const struct krb5_enc_provider *enc,
- krb5_key inkey, krb5_data *outrnd,
- const krb5_data *in_constant);
+ krb5_key inkey, krb5_data *outrnd,
+ const krb5_data *in_constant);
/* AEAD */
diff --git a/src/lib/crypto/krb/dk/dk_aead.c b/src/lib/crypto/krb/dk/dk_aead.c
index e35ca55..1e13fbc 100644
--- a/src/lib/crypto/krb/dk/dk_aead.c
+++ b/src/lib/crypto/krb/dk/dk_aead.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/crypto/dk/dk_aead.c
*
@@ -35,23 +36,23 @@
static krb5_error_code
krb5int_dk_crypto_length(const struct krb5_aead_provider *aead,
- const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_cryptotype type,
- unsigned int *length)
+ const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ krb5_cryptotype type,
+ unsigned int *length)
{
switch (type) {
case KRB5_CRYPTO_TYPE_HEADER:
case KRB5_CRYPTO_TYPE_PADDING:
- *length = enc->block_size;
- break;
+ *length = enc->block_size;
+ break;
case KRB5_CRYPTO_TYPE_TRAILER:
case KRB5_CRYPTO_TYPE_CHECKSUM:
- *length = hash->hashsize;
- break;
+ *length = hash->hashsize;
+ break;
default:
- assert(0 && "invalid cryptotype passed to krb5int_dk_crypto_length");
- break;
+ assert(0 && "invalid cryptotype passed to krb5int_dk_crypto_length");
+ break;
}
return 0;
@@ -59,13 +60,13 @@ krb5int_dk_crypto_length(const struct krb5_aead_provider *aead,
static krb5_error_code
krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
- const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key,
- krb5_keyusage usage,
- const krb5_data *ivec,
- krb5_crypto_iov *data,
- size_t num_data)
+ const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ krb5_key key,
+ krb5_keyusage usage,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data)
{
krb5_error_code ret;
unsigned char constantdata[K5CLENGTH];
@@ -82,50 +83,50 @@ krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
/* E(Confounder | Plaintext | Pad) | Checksum */
ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
- &blocksize);
+ &blocksize);
if (ret != 0)
- return ret;
+ return ret;
ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
- &hmacsize);
+ &hmacsize);
if (ret != 0)
- return ret;
+ return ret;
for (i = 0; i < num_data; i++) {
- krb5_crypto_iov *iov = &data[i];
+ krb5_crypto_iov *iov = &data[i];
- if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
- plainlen += iov->data.length;
+ if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
+ plainlen += iov->data.length;
}
/* Validate header and trailer lengths. */
header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
if (header == NULL || header->data.length < enc->block_size)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
if (trailer == NULL || trailer->data.length < hmacsize)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
if (blocksize != 0) {
- /* Check that the input data is correctly padded. */
- if (plainlen % blocksize)
- padsize = blocksize - (plainlen % blocksize);
+ /* Check that the input data is correctly padded. */
+ if (plainlen % blocksize)
+ padsize = blocksize - (plainlen % blocksize);
}
padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
if (padsize && (padding == NULL || padding->data.length < padsize))
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
if (padding != NULL) {
- memset(padding->data.data, 0, padsize);
- padding->data.length = padsize;
+ memset(padding->data.data, 0, padsize);
+ padding->data.length = padsize;
}
cksum = k5alloc(hash->hashsize, &ret);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* Derive the keys. */
@@ -138,13 +139,13 @@ krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
ret = krb5int_derive_key(enc, key, &ke, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
d1.data[4] = 0x55;
ret = krb5int_derive_key(enc, key, &ki, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* Generate confounder. */
@@ -152,7 +153,7 @@ krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
ret = krb5_c_random_make_octets(/* XXX */ NULL, &header->data);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* Hash the plaintext. */
d2.length = hash->hashsize;
@@ -160,14 +161,14 @@ krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
ret = krb5int_hmac_iov(hash, ki, data, num_data, &d2);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* Encrypt the plaintext (header | data | padding) */
assert(enc->encrypt_iov != NULL);
ret = (*enc->encrypt_iov)(ke, ivec, data, num_data); /* updates ivec */
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* Possibly truncate the hash */
assert(hmacsize <= d2.length);
@@ -184,13 +185,13 @@ cleanup:
static krb5_error_code
krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead,
- const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key,
- krb5_keyusage usage,
- const krb5_data *ivec,
- krb5_crypto_iov *data,
- size_t num_data)
+ const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ krb5_key key,
+ krb5_keyusage usage,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data)
{
krb5_error_code ret;
unsigned char constantdata[K5CLENGTH];
@@ -204,53 +205,53 @@ krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead,
unsigned char *cksum = NULL;
if (krb5int_c_locate_iov(data, num_data,
- KRB5_CRYPTO_TYPE_STREAM) != NULL) {
- return krb5int_c_iov_decrypt_stream(aead, enc, hash, key,
- usage, ivec, data, num_data);
+ KRB5_CRYPTO_TYPE_STREAM) != NULL) {
+ return krb5int_c_iov_decrypt_stream(aead, enc, hash, key,
+ usage, ivec, data, num_data);
}
/* E(Confounder | Plaintext | Pad) | Checksum */
ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
- &blocksize);
+ &blocksize);
if (ret != 0)
- return ret;
+ return ret;
ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
- &hmacsize);
+ &hmacsize);
if (ret != 0)
- return ret;
+ return ret;
for (i = 0; i < num_data; i++) {
- const krb5_crypto_iov *iov = &data[i];
+ const krb5_crypto_iov *iov = &data[i];
- if (ENCRYPT_DATA_IOV(iov))
- cipherlen += iov->data.length;
+ if (ENCRYPT_DATA_IOV(iov))
+ cipherlen += iov->data.length;
}
if (blocksize == 0) {
- /* Check for correct input length in CTS mode */
- if (enc->block_size != 0 && cipherlen < enc->block_size)
- return KRB5_BAD_MSIZE;
+ /* Check for correct input length in CTS mode */
+ if (enc->block_size != 0 && cipherlen < enc->block_size)
+ return KRB5_BAD_MSIZE;
} else {
- /* Check that the input data is correctly padded */
- if ((cipherlen % blocksize) != 0)
- return KRB5_BAD_MSIZE;
+ /* Check that the input data is correctly padded */
+ if ((cipherlen % blocksize) != 0)
+ return KRB5_BAD_MSIZE;
}
/* Validate header and trailer lengths */
header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
if (header == NULL || header->data.length != enc->block_size)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
if (trailer == NULL || trailer->data.length != hmacsize)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
cksum = k5alloc(hash->hashsize, &ret);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* Derive the keys. */
@@ -263,20 +264,20 @@ krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead,
ret = krb5int_derive_key(enc, key, &ke, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
d1.data[4] = 0x55;
ret = krb5int_derive_key(enc, key, &ki, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* Decrypt the plaintext (header | data | padding). */
assert(enc->decrypt_iov != NULL);
ret = (*enc->decrypt_iov)(ke, ivec, data, num_data); /* updates ivec */
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* Verify the hash. */
d1.length = hash->hashsize; /* non-truncated length */
@@ -284,12 +285,12 @@ krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead,
ret = krb5int_hmac_iov(hash, ki, data, num_data, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* Compare only the possibly truncated length. */
if (memcmp(cksum, trailer->data.data, hmacsize) != 0) {
- ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- goto cleanup;
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ goto cleanup;
}
cleanup:
@@ -307,25 +308,25 @@ const struct krb5_aead_provider krb5int_aead_dk = {
static krb5_error_code
krb5int_aes_crypto_length(const struct krb5_aead_provider *aead,
- const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_cryptotype type,
- unsigned int *length)
+ const struct krb5_enc_provider *enc,
+ const struct krb5_hash_provider *hash,
+ krb5_cryptotype type,
+ unsigned int *length)
{
switch (type) {
case KRB5_CRYPTO_TYPE_HEADER:
- *length = enc->block_size;
- break;
+ *length = enc->block_size;
+ break;
case KRB5_CRYPTO_TYPE_PADDING:
- *length = 0;
- break;
+ *length = 0;
+ break;
case KRB5_CRYPTO_TYPE_TRAILER:
case KRB5_CRYPTO_TYPE_CHECKSUM:
- *length = 96 / 8;
- break;
+ *length = 96 / 8;
+ break;
default:
- assert(0 && "invalid cryptotype passed to krb5int_aes_crypto_length");
- break;
+ assert(0 && "invalid cryptotype passed to krb5int_aes_crypto_length");
+ break;
}
return 0;
diff --git a/src/lib/crypto/krb/dk/dk_decrypt.c b/src/lib/crypto/krb/dk/dk_decrypt.c
index b080d5f..4ef7e47 100644
--- a/src/lib/crypto/krb/dk/dk_decrypt.c
+++ b/src/lib/crypto/krb/dk/dk_decrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
@@ -31,44 +32,44 @@
static krb5_error_code
krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key,
- krb5_keyusage usage,
- const krb5_data *ivec,
- const krb5_data *input,
- krb5_data *output,
- size_t hmacsize,
- int ivec_mode);
+ const struct krb5_hash_provider *hash,
+ krb5_key key,
+ krb5_keyusage usage,
+ const krb5_data *ivec,
+ const krb5_data *input,
+ krb5_data *output,
+ size_t hmacsize,
+ int ivec_mode);
krb5_error_code
krb5int_dk_decrypt(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key, krb5_keyusage usage,
- const krb5_data *ivec, const krb5_data *input,
- krb5_data *output)
+ const struct krb5_hash_provider *hash,
+ krb5_key key, krb5_keyusage usage,
+ const krb5_data *ivec, const krb5_data *input,
+ krb5_data *output)
{
return krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage,
- ivec, input, output, 0, 0);
+ ivec, input, output, 0, 0);
}
krb5_error_code
krb5int_aes_dk_decrypt(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key, krb5_keyusage usage,
- const krb5_data *ivec, const krb5_data *input,
- krb5_data *output)
+ const struct krb5_hash_provider *hash,
+ krb5_key key, krb5_keyusage usage,
+ const krb5_data *ivec, const krb5_data *input,
+ krb5_data *output)
{
return krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage,
- ivec, input, output, 96 / 8, 1);
+ ivec, input, output, 96 / 8, 1);
}
static krb5_error_code
krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key, krb5_keyusage usage,
- const krb5_data *ivec, const krb5_data *input,
- krb5_data *output, size_t hmacsize,
- int ivec_mode)
+ const struct krb5_hash_provider *hash,
+ krb5_key key, krb5_keyusage usage,
+ const krb5_data *ivec, const krb5_data *input,
+ krb5_data *output, size_t hmacsize,
+ int ivec_mode)
{
krb5_error_code ret;
size_t hashsize, blocksize, enclen, plainlen;
@@ -81,19 +82,19 @@ krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
blocksize = enc->block_size;
if (hmacsize == 0)
- hmacsize = hashsize;
+ hmacsize = hashsize;
else if (hmacsize > hashsize)
- return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ return KRB5KRB_AP_ERR_BAD_INTEGRITY;
enclen = input->length - hmacsize;
/* Allocate and set up ciphertext and to-be-derived keys. */
plaindata = k5alloc(enclen, &ret);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
cksum = k5alloc(hashsize, &ret);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* Derive the keys. */
@@ -106,13 +107,13 @@ krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
ret = krb5int_derive_key(enc, key, &ke, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
d1.data[4] = 0x55;
ret = krb5int_derive_key(enc, key, &ki, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* decrypt the ciphertext */
@@ -124,18 +125,18 @@ krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
ret = (*enc->decrypt)(ke, ivec, &d1, &d2);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
if (ivec != NULL && ivec->length == blocksize) {
- if (ivec_mode == 0)
- cn = (unsigned char *) d1.data + d1.length - blocksize;
- else if (ivec_mode == 1) {
- int nblocks = (d1.length + blocksize - 1) / blocksize;
- cn = (unsigned char *) d1.data + blocksize * (nblocks - 2);
- } else
- abort();
+ if (ivec_mode == 0)
+ cn = (unsigned char *) d1.data + d1.length - blocksize;
+ else if (ivec_mode == 1) {
+ int nblocks = (d1.length + blocksize - 1) / blocksize;
+ cn = (unsigned char *) d1.data + blocksize * (nblocks - 2);
+ } else
+ abort();
} else
- cn = NULL;
+ cn = NULL;
/* Verify the hash. */
@@ -144,11 +145,11 @@ krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
ret = krb5int_hmac(hash, ki, 1, &d2, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
if (memcmp(cksum, input->data+enclen, hmacsize) != 0) {
- ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- goto cleanup;
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ goto cleanup;
}
/*
@@ -160,14 +161,14 @@ krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
plainlen = enclen - blocksize;
if (output->length < plainlen)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
output->length = plainlen;
memcpy(output->data, d2.data+blocksize, output->length);
if (cn != NULL)
- memcpy(ivec->data, cn, blocksize);
+ memcpy(ivec->data, cn, blocksize);
cleanup:
krb5_k_free_key(NULL, ke);
diff --git a/src/lib/crypto/krb/dk/dk_encrypt.c b/src/lib/crypto/krb/dk/dk_encrypt.c
index e84a092..29699d7 100644
--- a/src/lib/crypto/krb/dk/dk_encrypt.c
+++ b/src/lib/crypto/krb/dk/dk_encrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
@@ -40,8 +41,8 @@
void
krb5int_dk_encrypt_length(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- size_t inputlen, size_t *length)
+ const struct krb5_hash_provider *hash,
+ size_t inputlen, size_t *length)
{
size_t blocksize, hashsize;
@@ -52,10 +53,10 @@ krb5int_dk_encrypt_length(const struct krb5_enc_provider *enc,
krb5_error_code
krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key, krb5_keyusage usage,
- const krb5_data *ivec, const krb5_data *input,
- krb5_data *output)
+ const struct krb5_hash_provider *hash,
+ krb5_key key, krb5_keyusage usage,
+ const krb5_data *ivec, const krb5_data *input,
+ krb5_data *output)
{
size_t blocksize, plainlen, enclen;
krb5_error_code ret;
@@ -73,13 +74,13 @@ krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
/* key->length, ivec will be tested in enc->encrypt. */
if (output->length < enclen)
- return(KRB5_BAD_MSIZE);
+ return(KRB5_BAD_MSIZE);
/* Allocate and set up plaintext and to-be-derived keys. */
plaintext = malloc(plainlen);
if (plaintext == NULL)
- return ENOMEM;
+ return ENOMEM;
/* Derive the keys. */
@@ -92,13 +93,13 @@ krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
ret = krb5int_derive_key(enc, key, &ke, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
d1.data[4] = 0x55;
ret = krb5int_derive_key(enc, key, &ki, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* Put together the plaintext. */
@@ -107,12 +108,12 @@ krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
ret = krb5_c_random_make_octets(/* XXX */ 0, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
memcpy(plaintext + blocksize, input->data, input->length);
memset(plaintext + blocksize + input->length, 0,
- plainlen - (blocksize + input->length));
+ plainlen - (blocksize + input->length));
/* Encrypt the plaintext. */
@@ -124,12 +125,12 @@ krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
ret = (*enc->encrypt)(ke, ivec, &d1, &d2);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
if (ivec != NULL && ivec->length == blocksize)
- cn = d2.data + d2.length - blocksize;
+ cn = d2.data + d2.length - blocksize;
else
- cn = NULL;
+ cn = NULL;
/* Hash the plaintext. */
@@ -140,13 +141,13 @@ krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
ret = krb5int_hmac(hash, ki, 1, &d1, &d2);
if (ret != 0) {
- memset(d2.data, 0, d2.length);
- goto cleanup;
+ memset(d2.data, 0, d2.length);
+ goto cleanup;
}
/* Update ivec. */
if (cn != NULL)
- memcpy(ivec->data, cn, blocksize);
+ memcpy(ivec->data, cn, blocksize);
cleanup:
krb5_k_free_key(NULL, ke);
@@ -159,8 +160,8 @@ cleanup:
with a 96-bit truncated HMAC". */
void
krb5int_aes_encrypt_length(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- size_t inputlen, size_t *length)
+ const struct krb5_hash_provider *hash,
+ size_t inputlen, size_t *length)
{
size_t blocksize, hashsize;
@@ -174,8 +175,8 @@ krb5int_aes_encrypt_length(const struct krb5_enc_provider *enc,
static krb5_error_code
trunc_hmac (const struct krb5_hash_provider *hash,
- krb5_key ki, unsigned int num,
- const krb5_data *input, const krb5_data *output)
+ krb5_key ki, unsigned int num,
+ const krb5_data *input, const krb5_data *output)
{
size_t hashsize;
krb5_data tmp;
@@ -183,14 +184,14 @@ trunc_hmac (const struct krb5_hash_provider *hash,
hashsize = hash->hashsize;
if (hashsize < output->length)
- return KRB5_CRYPTO_INTERNAL;
+ return KRB5_CRYPTO_INTERNAL;
tmp.length = hashsize;
tmp.data = malloc(hashsize);
if (tmp.data == NULL)
- return ENOMEM;
+ return ENOMEM;
ret = krb5int_hmac(hash, ki, num, input, &tmp);
if (ret == 0)
- memcpy(output->data, tmp.data, output->length);
+ memcpy(output->data, tmp.data, output->length);
memset(tmp.data, 0, hashsize);
free(tmp.data);
return ret;
@@ -198,10 +199,10 @@ trunc_hmac (const struct krb5_hash_provider *hash,
krb5_error_code
krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
- const struct krb5_hash_provider *hash,
- krb5_key key, krb5_keyusage usage,
- const krb5_data *ivec, const krb5_data *input,
- krb5_data *output)
+ const struct krb5_hash_provider *hash,
+ krb5_key key, krb5_keyusage usage,
+ const krb5_data *ivec, const krb5_data *input,
+ krb5_data *output)
{
size_t blocksize, keybytes, plainlen, enclen;
krb5_error_code ret;
@@ -222,11 +223,11 @@ krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
/* key->length, ivec will be tested in enc->encrypt */
if (output->length < enclen)
- return KRB5_BAD_MSIZE;
+ return KRB5_BAD_MSIZE;
plaintext = malloc(plainlen);
if (plaintext == NULL)
- return ENOMEM;
+ return ENOMEM;
/* Derive the keys. */
@@ -239,13 +240,13 @@ krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
ret = krb5int_derive_key(enc, key, &ke, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
d1.data[4] = 0x55;
ret = krb5int_derive_key(enc, key, &ki, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* put together the plaintext */
@@ -254,13 +255,13 @@ krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
ret = krb5_c_random_make_octets(NULL, &d1);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
memcpy(plaintext + blocksize, input->data, input->length);
/* Ciphertext stealing; there should be no more. */
if (plainlen != blocksize + input->length)
- abort();
+ abort();
/* Encrypt the plaintext. */
@@ -272,32 +273,32 @@ krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
ret = (*enc->encrypt)(ke, ivec, &d1, &d2);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
if (ivec != NULL && ivec->length == blocksize) {
- int nblocks = (d2.length + blocksize - 1) / blocksize;
- cn = d2.data + blocksize * (nblocks - 2);
+ int nblocks = (d2.length + blocksize - 1) / blocksize;
+ cn = d2.data + blocksize * (nblocks - 2);
} else
- cn = NULL;
+ cn = NULL;
/* Hash the plaintext. */
d2.length = enclen - plainlen;
d2.data = output->data+plainlen;
if (d2.length != 96 / 8)
- abort();
+ abort();
ret = trunc_hmac(hash, ki, 1, &d1, &d2);
if (ret != 0) {
- memset(d2.data, 0, d2.length);
- goto cleanup;
+ memset(d2.data, 0, d2.length);
+ goto cleanup;
}
output->length = enclen;
/* Update ivec. */
if (cn != NULL)
- memcpy(ivec->data, cn, blocksize);
+ memcpy(ivec->data, cn, blocksize);
cleanup:
krb5_k_free_key(NULL, ke);
diff --git a/src/lib/crypto/krb/dk/stringtokey.c b/src/lib/crypto/krb/dk/stringtokey.c
index 59404e4..ff436e6 100644
--- a/src/lib/crypto/krb/dk/stringtokey.c
+++ b/src/lib/crypto/krb/dk/stringtokey.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
@@ -31,8 +32,8 @@ static const unsigned char kerberos[] = "kerberos";
krb5_error_code
krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
- const krb5_data *string, const krb5_data *salt,
- const krb5_data *parms, krb5_keyblock *keyblock)
+ const krb5_data *string, const krb5_data *salt,
+ const krb5_data *parms, krb5_keyblock *keyblock)
{
krb5_error_code ret;
size_t keybytes, keylength, concatlen;
@@ -50,19 +51,19 @@ krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
concat = k5alloc(concatlen, &ret);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
foldstring = k5alloc(keybytes, &ret);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
foldkeydata = k5alloc(keylength, &ret);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* construct input string ( = string + salt), fold it, make_key it */
memcpy(concat, string->data, string->length);
if (salt)
- memcpy(concat + string->length, salt->data, salt->length);
+ memcpy(concat + string->length, salt->data, salt->length);
krb5int_nfold(concatlen*8, concat, keybytes*8, foldstring);
@@ -73,11 +74,11 @@ krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
ret = (*enc->make_key)(&indata, &foldkeyblock);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
ret = krb5_k_create_key(NULL, &foldkeyblock, &foldkey);
if (ret != 0)
- goto cleanup;
+ goto cleanup;
/* now derive the key from this one */
@@ -86,7 +87,7 @@ krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
ret = krb5int_derive_keyblock(enc, foldkey, keyblock, &indata);
if (ret != 0)
- memset(keyblock->contents, 0, keyblock->length);
+ memset(keyblock->contents, 0, keyblock->length);
cleanup:
zapfree(concat, concatlen);